[PATCH] Documentation: Update the behaviour of "kvm-arm.mode"

Mostafa Saleh posted 1 patch 1 month ago
There is a newer version of this series
Documentation/admin-guide/kernel-parameters.txt | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
[PATCH] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Mostafa Saleh 1 month ago
Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
VHE support") modified the behaviour of "kvm-arm.mode=protected" without
the updating the kernel parameters doc.

Update it to match the current implementation.

Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>

Signed-off-by: Mostafa Saleh <smostafa@google.com>
---
 Documentation/admin-guide/kernel-parameters.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index bb48ae24ae69..59a0dd7e2de6 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2723,8 +2723,12 @@
 			nvhe: Standard nVHE-based mode, without support for
 			      protected guests.
 
-			protected: nVHE-based mode with support for guests whose
+			protected: hVHE-based mode with support for guests whose
 				   state is kept private from the host.
+				   In case hVHE is not supported in hardware, it will
+				   boot with protected nVHE.
+				   nVHE protected mode can still be forced on VHE systems
+				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
 
 			nested: VHE-based mode with support for nested
 				virtualization. Requires at least ARMv8.3
-- 
2.47.0.105.g07ac214952-goog
Re: [PATCH] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Marc Zyngier 1 month ago
Hi Mostafa,

On Wed, 23 Oct 2024 18:12:43 +0100,
Mostafa Saleh <smostafa@google.com> wrote:
> 
> Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> the updating the kernel parameters doc.
> 
> Update it to match the current implementation.
> 
> Cc: Will Deacon <will@kernel.org>
> Cc: Marc Zyngier <maz@kernel.org>
> 
> Signed-off-by: Mostafa Saleh <smostafa@google.com>
> ---
>  Documentation/admin-guide/kernel-parameters.txt | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index bb48ae24ae69..59a0dd7e2de6 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2723,8 +2723,12 @@
>  			nvhe: Standard nVHE-based mode, without support for
>  			      protected guests.
>  
> -			protected: nVHE-based mode with support for guests whose
> +			protected: hVHE-based mode with support for guests whose
>  				   state is kept private from the host.
> +				   In case hVHE is not supported in hardware, it will

nit: it is VHE that is supported or not, hVHE is only a SW concept.

> +				   boot with protected nVHE.
> +				   nVHE protected mode can still be forced on VHE systems
> +				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"

This opens another question: none of the arm_sw.*, nor any of the
id_aa64* parameters are described (basically, anything that's in
arch/arm64/kernel/pi/id_override.c). What should we do about these?



>
>  			nested: VHE-based mode with support for nested
>  				virtualization. Requires at least ARMv8.3

Huh, another nit to fix. We only support nested with ARMv8.4 (with
FEAT_NV2), as the ARMv8.3 version (the original FEAT_NV) is too ugly
for words.

Mind addressing this?

Thanks!

	M.

-- 
Without deviation from the norm, progress is not possible.
Re: [PATCH] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Mostafa Saleh 1 month ago
Hi Marc,

On Thu, Oct 24, 2024 at 10:39:45AM +0100, Marc Zyngier wrote:
> Hi Mostafa,
> 
> On Wed, 23 Oct 2024 18:12:43 +0100,
> Mostafa Saleh <smostafa@google.com> wrote:
> > 
> > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> > VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> > the updating the kernel parameters doc.
> > 
> > Update it to match the current implementation.
> > 
> > Cc: Will Deacon <will@kernel.org>
> > Cc: Marc Zyngier <maz@kernel.org>
> > 
> > Signed-off-by: Mostafa Saleh <smostafa@google.com>
> > ---
> >  Documentation/admin-guide/kernel-parameters.txt | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index bb48ae24ae69..59a0dd7e2de6 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -2723,8 +2723,12 @@
> >  			nvhe: Standard nVHE-based mode, without support for
> >  			      protected guests.
> >  
> > -			protected: nVHE-based mode with support for guests whose
> > +			protected: hVHE-based mode with support for guests whose
> >  				   state is kept private from the host.
> > +				   In case hVHE is not supported in hardware, it will
> 
> nit: it is VHE that is supported or not, hVHE is only a SW concept.
> 
> > +				   boot with protected nVHE.
> > +				   nVHE protected mode can still be forced on VHE systems
> > +				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
> 
> This opens another question: none of the arm_sw.*, nor any of the
> id_aa64* parameters are described (basically, anything that's in
> arch/arm64/kernel/pi/id_override.c). What should we do about these?

Yes, I mainly added this, to make it easier if someone wants to boot to
protected nVHE so they don't have to go through the code, but I can
remove it if it's confusing.

> 
> 
> 
> >
> >  			nested: VHE-based mode with support for nested
> >  				virtualization. Requires at least ARMv8.3
> 
> Huh, another nit to fix. We only support nested with ARMv8.4 (with
> FEAT_NV2), as the ARMv8.3 version (the original FEAT_NV) is too ugly
> for words.
> 
> Mind addressing this?

Sure, I will update it in v2.

Thanks,
Mostafa
> 
> Thanks!
> 
> 	M.
> 
> -- 
> Without deviation from the norm, progress is not possible.
Re: [PATCH] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Marc Zyngier 1 month ago
On Thu, 24 Oct 2024 12:32:25 +0100,
Mostafa Saleh <smostafa@google.com> wrote:
> 
> Hi Marc,
> 
> On Thu, Oct 24, 2024 at 10:39:45AM +0100, Marc Zyngier wrote:
> > Hi Mostafa,
> > 
> > On Wed, 23 Oct 2024 18:12:43 +0100,
> > Mostafa Saleh <smostafa@google.com> wrote:
> > > 
> > > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> > > VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> > > the updating the kernel parameters doc.
> > > 
> > > Update it to match the current implementation.
> > > 
> > > Cc: Will Deacon <will@kernel.org>
> > > Cc: Marc Zyngier <maz@kernel.org>
> > > 
> > > Signed-off-by: Mostafa Saleh <smostafa@google.com>
> > > ---
> > >  Documentation/admin-guide/kernel-parameters.txt | 6 +++++-
> > >  1 file changed, 5 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > > index bb48ae24ae69..59a0dd7e2de6 100644
> > > --- a/Documentation/admin-guide/kernel-parameters.txt
> > > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > > @@ -2723,8 +2723,12 @@
> > >  			nvhe: Standard nVHE-based mode, without support for
> > >  			      protected guests.
> > >  
> > > -			protected: nVHE-based mode with support for guests whose
> > > +			protected: hVHE-based mode with support for guests whose
> > >  				   state is kept private from the host.
> > > +				   In case hVHE is not supported in hardware, it will
> > 
> > nit: it is VHE that is supported or not, hVHE is only a SW concept.
> > 
> > > +				   boot with protected nVHE.
> > > +				   nVHE protected mode can still be forced on VHE systems
> > > +				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
> > 
> > This opens another question: none of the arm_sw.*, nor any of the
> > id_aa64* parameters are described (basically, anything that's in
> > arch/arm64/kernel/pi/id_override.c). What should we do about these?
> 
> Yes, I mainly added this, to make it easier if someone wants to boot to
> protected nVHE so they don't have to go through the code, but I can
> remove it if it's confusing.

No, I think it is good to capture that sort of information somewhere,
specially given that it is non-trivial to convince the kernel to do
what you want.

But maybe at some point we should document the rest of the options, as
they keep growing, and people are starting to rely on them for one
thing or the other. Not now though.

> 
> > 
> > 
> > 
> > >
> > >  			nested: VHE-based mode with support for nested
> > >  				virtualization. Requires at least ARMv8.3
> > 
> > Huh, another nit to fix. We only support nested with ARMv8.4 (with
> > FEAT_NV2), as the ARMv8.3 version (the original FEAT_NV) is too ugly
> > for words.
> > 
> > Mind addressing this?
> 
> Sure, I will update it in v2.

Thank you!

	M.

-- 
Without deviation from the norm, progress is not possible.