Documentation/admin-guide/kernel-parameters.txt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
VHE support") modified the behaviour of "kvm-arm.mode=protected" without
the updating the kernel parameters doc.
Update it to match the current implementation.
Also, update required architecture version for nested virtualization as
suggested by Marc.
Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
---
v2: Update nested value also
---
Documentation/admin-guide/kernel-parameters.txt | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 1518343bbe22..d5b771e5cb5b 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2740,12 +2740,16 @@
nvhe: Standard nVHE-based mode, without support for
protected guests.
- protected: nVHE-based mode with support for guests whose
+ protected: hVHE-based mode with support for guests whose
state is kept private from the host.
+ In case hVHE is not supported in hardware, it will
+ boot with protected nVHE.
+ nVHE protected mode can still be forced on VHE systems
+ using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
nested: VHE-based mode with support for nested
- virtualization. Requires at least ARMv8.3
- hardware.
+ virtualization. Requires at least ARMv8.4
+ hardware (with FEAT_NV2).
Defaults to VHE/nVHE based on hardware support. Setting
mode to "protected" will disable kexec and hibernation
--
2.47.0.105.g07ac214952-goog
Hi Mostafa, On Thu, 24 Oct 2024 17:06:14 +0100, Mostafa Saleh <smostafa@google.com> wrote: > > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with > VHE support") modified the behaviour of "kvm-arm.mode=protected" without > the updating the kernel parameters doc. > > Update it to match the current implementation. > > Also, update required architecture version for nested virtualization as > suggested by Marc. > > Cc: Will Deacon <will@kernel.org> > Cc: Marc Zyngier <maz@kernel.org> > > Signed-off-by: Mostafa Saleh <smostafa@google.com> > > --- > v2: Update nested value also Thanks for that. However... > --- > Documentation/admin-guide/kernel-parameters.txt | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 1518343bbe22..d5b771e5cb5b 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -2740,12 +2740,16 @@ > nvhe: Standard nVHE-based mode, without support for > protected guests. > > - protected: nVHE-based mode with support for guests whose > + protected: hVHE-based mode with support for guests whose > state is kept private from the host. > + In case hVHE is not supported in hardware, it will > + boot with protected nVHE. > + nVHE protected mode can still be forced on VHE systems > + using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" I probably didn't explain myself very well. I would like to avoid mentioning hVHE at all, because this is pretty confusing (and really an implementation detail). Instead, we can talk about VHE/nVHE, which are real architectural features. Also, I just realised that we can use your command-line magic for downgrading from VHE to nVHE in all cases, so I'd be suggesting something like this: diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 1518343bbe223..2bb19f1331fed 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2740,8 +2740,9 @@ nvhe: Standard nVHE-based mode, without support for protected guests. - protected: nVHE-based mode with support for guests whose - state is kept private from the host. + protected: Mode with support for guests whose state is + kept private from the host, using VHE or + nVHE depending on HW support. nested: VHE-based mode with support for nested virtualization. Requires at least ARMv8.3 @@ -2749,8 +2750,11 @@ Defaults to VHE/nVHE based on hardware support. Setting mode to "protected" will disable kexec and hibernation - for the host. "nested" is experimental and should be - used with extreme caution. + for the host. To force nVHE on VHE hardware, add + "arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" to the + command-line. + "nested" is experimental and should be used with + extreme caution. kvm-arm.vgic_v3_group0_trap= [KVM,ARM,EARLY] Trap guest accesses to GICv3 group-0 > > nested: VHE-based mode with support for nested > - virtualization. Requires at least ARMv8.3 > - hardware. > + virtualization. Requires at least ARMv8.4 > + hardware (with FEAT_NV2). That part looks good! Thanks, M. -- Without deviation from the norm, progress is not possible.
On Thu, Oct 24, 2024 at 05:43:49PM +0100, Marc Zyngier wrote: > Hi Mostafa, > > On Thu, 24 Oct 2024 17:06:14 +0100, > Mostafa Saleh <smostafa@google.com> wrote: > > > > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with > > VHE support") modified the behaviour of "kvm-arm.mode=protected" without > > the updating the kernel parameters doc. > > > > Update it to match the current implementation. > > > > Also, update required architecture version for nested virtualization as > > suggested by Marc. > > > > Cc: Will Deacon <will@kernel.org> > > Cc: Marc Zyngier <maz@kernel.org> > > > > Signed-off-by: Mostafa Saleh <smostafa@google.com> > > > > --- > > v2: Update nested value also > > Thanks for that. However... > > > --- > > Documentation/admin-guide/kernel-parameters.txt | 10 +++++++--- > > 1 file changed, 7 insertions(+), 3 deletions(-) > > > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > > index 1518343bbe22..d5b771e5cb5b 100644 > > --- a/Documentation/admin-guide/kernel-parameters.txt > > +++ b/Documentation/admin-guide/kernel-parameters.txt > > @@ -2740,12 +2740,16 @@ > > nvhe: Standard nVHE-based mode, without support for > > protected guests. > > > > - protected: nVHE-based mode with support for guests whose > > + protected: hVHE-based mode with support for guests whose > > state is kept private from the host. > > + In case hVHE is not supported in hardware, it will > > + boot with protected nVHE. > > + nVHE protected mode can still be forced on VHE systems > > + using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" > > > I probably didn't explain myself very well. I would like to avoid > mentioning hVHE at all, because this is pretty confusing (and really > an implementation detail). Instead, we can talk about VHE/nVHE, which > are real architectural features. Agh, my bad, it makes more sense to talk in terms or architecture. > > Also, I just realised that we can use your command-line magic for > downgrading from VHE to nVHE in all cases, so I'd be suggesting > something like this: > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 1518343bbe223..2bb19f1331fed 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -2740,8 +2740,9 @@ > nvhe: Standard nVHE-based mode, without support for > protected guests. > > - protected: nVHE-based mode with support for guests whose > - state is kept private from the host. > + protected: Mode with support for guests whose state is > + kept private from the host, using VHE or > + nVHE depending on HW support. > > nested: VHE-based mode with support for nested > virtualization. Requires at least ARMv8.3 > @@ -2749,8 +2750,11 @@ > > Defaults to VHE/nVHE based on hardware support. Setting > mode to "protected" will disable kexec and hibernation > - for the host. "nested" is experimental and should be > - used with extreme caution. > + for the host. To force nVHE on VHE hardware, add > + "arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" to the > + command-line. > + "nested" is experimental and should be used with > + extreme caution. > > kvm-arm.vgic_v3_group0_trap= > [KVM,ARM,EARLY] Trap guest accesses to GICv3 group-0 > > > > > > nested: VHE-based mode with support for nested > > - virtualization. Requires at least ARMv8.3 > > - hardware. > > + virtualization. Requires at least ARMv8.4 > > + hardware (with FEAT_NV2). > > That part looks good! > > Thanks, > > M. > > -- > Without deviation from the norm, progress is not possible. Thanks, Mostafa
© 2016 - 2024 Red Hat, Inc.