[PATCH v2] Documentation: Update the behaviour of "kvm-arm.mode"

Mostafa Saleh posted 1 patch 1 month ago
There is a newer version of this series
Documentation/admin-guide/kernel-parameters.txt | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
[PATCH v2] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Mostafa Saleh 1 month ago
Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
VHE support") modified the behaviour of "kvm-arm.mode=protected" without
the updating the kernel parameters doc.

Update it to match the current implementation.

Also, update required architecture version for nested virtualization as
suggested by Marc.

Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>

Signed-off-by: Mostafa Saleh <smostafa@google.com>

---
v2: Update nested value also
---
 Documentation/admin-guide/kernel-parameters.txt | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 1518343bbe22..d5b771e5cb5b 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2740,12 +2740,16 @@
 			nvhe: Standard nVHE-based mode, without support for
 			      protected guests.
 
-			protected: nVHE-based mode with support for guests whose
+			protected: hVHE-based mode with support for guests whose
 				   state is kept private from the host.
+				   In case hVHE is not supported in hardware, it will
+				   boot with protected nVHE.
+				   nVHE protected mode can still be forced on VHE systems
+				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
 
 			nested: VHE-based mode with support for nested
-				virtualization. Requires at least ARMv8.3
-				hardware.
+				virtualization. Requires at least ARMv8.4
+				hardware (with FEAT_NV2).
 
 			Defaults to VHE/nVHE based on hardware support. Setting
 			mode to "protected" will disable kexec and hibernation
-- 
2.47.0.105.g07ac214952-goog
Re: [PATCH v2] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Marc Zyngier 1 month ago
Hi Mostafa,

On Thu, 24 Oct 2024 17:06:14 +0100,
Mostafa Saleh <smostafa@google.com> wrote:
> 
> Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> the updating the kernel parameters doc.
> 
> Update it to match the current implementation.
> 
> Also, update required architecture version for nested virtualization as
> suggested by Marc.
> 
> Cc: Will Deacon <will@kernel.org>
> Cc: Marc Zyngier <maz@kernel.org>
> 
> Signed-off-by: Mostafa Saleh <smostafa@google.com>
> 
> ---
> v2: Update nested value also

Thanks for that. However...

> ---
>  Documentation/admin-guide/kernel-parameters.txt | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 1518343bbe22..d5b771e5cb5b 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2740,12 +2740,16 @@
>  			nvhe: Standard nVHE-based mode, without support for
>  			      protected guests.
>  
> -			protected: nVHE-based mode with support for guests whose
> +			protected: hVHE-based mode with support for guests whose
>  				   state is kept private from the host.
> +				   In case hVHE is not supported in hardware, it will
> +				   boot with protected nVHE.
> +				   nVHE protected mode can still be forced on VHE systems
> +				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"


I probably didn't explain myself very well. I would like to avoid
mentioning hVHE at all, because this is pretty confusing (and really
an implementation detail). Instead, we can talk about VHE/nVHE, which
are real architectural features.

Also, I just realised that we can use your command-line magic for
downgrading from VHE to nVHE in all cases, so I'd be suggesting
something like this:

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 1518343bbe223..2bb19f1331fed 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2740,8 +2740,9 @@
 			nvhe: Standard nVHE-based mode, without support for
 			      protected guests.
 
-			protected: nVHE-based mode with support for guests whose
-				   state is kept private from the host.
+			protected: Mode with support for guests whose state is
+				   kept private from the host, using VHE or
+				   nVHE depending on HW support.
 
 			nested: VHE-based mode with support for nested
 				virtualization. Requires at least ARMv8.3
@@ -2749,8 +2750,11 @@
 
 			Defaults to VHE/nVHE based on hardware support. Setting
 			mode to "protected" will disable kexec and hibernation
-			for the host. "nested" is experimental and should be
-			used with extreme caution.
+			for the host. To force nVHE on VHE hardware, add
+			"arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" to the
+			command-line.
+			"nested" is experimental and should be used with
+			extreme caution.
 
 	kvm-arm.vgic_v3_group0_trap=
 			[KVM,ARM,EARLY] Trap guest accesses to GICv3 group-0


>
>  			nested: VHE-based mode with support for nested
> -				virtualization. Requires at least ARMv8.3
> -				hardware.
> +				virtualization. Requires at least ARMv8.4
> +				hardware (with FEAT_NV2).

That part looks good!

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.
Re: [PATCH v2] Documentation: Update the behaviour of "kvm-arm.mode"
Posted by Mostafa Saleh 1 month ago
On Thu, Oct 24, 2024 at 05:43:49PM +0100, Marc Zyngier wrote:
> Hi Mostafa,
> 
> On Thu, 24 Oct 2024 17:06:14 +0100,
> Mostafa Saleh <smostafa@google.com> wrote:
> > 
> > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> > VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> > the updating the kernel parameters doc.
> > 
> > Update it to match the current implementation.
> > 
> > Also, update required architecture version for nested virtualization as
> > suggested by Marc.
> > 
> > Cc: Will Deacon <will@kernel.org>
> > Cc: Marc Zyngier <maz@kernel.org>
> > 
> > Signed-off-by: Mostafa Saleh <smostafa@google.com>
> > 
> > ---
> > v2: Update nested value also
> 
> Thanks for that. However...
> 
> > ---
> >  Documentation/admin-guide/kernel-parameters.txt | 10 +++++++---
> >  1 file changed, 7 insertions(+), 3 deletions(-)
> > 
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 1518343bbe22..d5b771e5cb5b 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -2740,12 +2740,16 @@
> >  			nvhe: Standard nVHE-based mode, without support for
> >  			      protected guests.
> >  
> > -			protected: nVHE-based mode with support for guests whose
> > +			protected: hVHE-based mode with support for guests whose
> >  				   state is kept private from the host.
> > +				   In case hVHE is not supported in hardware, it will
> > +				   boot with protected nVHE.
> > +				   nVHE protected mode can still be forced on VHE systems
> > +				   using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
> 
> 
> I probably didn't explain myself very well. I would like to avoid
> mentioning hVHE at all, because this is pretty confusing (and really
> an implementation detail). Instead, we can talk about VHE/nVHE, which
> are real architectural features.

Agh, my bad, it makes more sense to talk in terms or architecture.

> 
> Also, I just realised that we can use your command-line magic for
> downgrading from VHE to nVHE in all cases, so I'd be suggesting
> something like this:
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 1518343bbe223..2bb19f1331fed 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2740,8 +2740,9 @@
>  			nvhe: Standard nVHE-based mode, without support for
>  			      protected guests.
>  
> -			protected: nVHE-based mode with support for guests whose
> -				   state is kept private from the host.
> +			protected: Mode with support for guests whose state is
> +				   kept private from the host, using VHE or
> +				   nVHE depending on HW support.
>  
>  			nested: VHE-based mode with support for nested
>  				virtualization. Requires at least ARMv8.3
> @@ -2749,8 +2750,11 @@
>  
>  			Defaults to VHE/nVHE based on hardware support. Setting
>  			mode to "protected" will disable kexec and hibernation
> -			for the host. "nested" is experimental and should be
> -			used with extreme caution.
> +			for the host. To force nVHE on VHE hardware, add
> +			"arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" to the
> +			command-line.
> +			"nested" is experimental and should be used with
> +			extreme caution.
>  
>  	kvm-arm.vgic_v3_group0_trap=
>  			[KVM,ARM,EARLY] Trap guest accesses to GICv3 group-0
> 
> 
> >
> >  			nested: VHE-based mode with support for nested
> > -				virtualization. Requires at least ARMv8.3
> > -				hardware.
> > +				virtualization. Requires at least ARMv8.4
> > +				hardware (with FEAT_NV2).
> 
> That part looks good!
> 
> Thanks,
> 
> 	M.
> 
> -- 
> Without deviation from the norm, progress is not possible.

Thanks,
Mostafa