[PATCH v4 04/14] KVM: arm64: Use KVM extension checks for allowed protected VM capabilities
Quentin Perret
qperret at google.com
Fri Dec 6 09:10:26 PST 2024
On Monday 02 Dec 2024 at 15:47:31 (+0000), Fuad Tabba wrote:
> diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> index fb733b36c6c1..59ff6aac514c 100644
> --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> @@ -329,34 +329,20 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc
>
> bitmap_zero(allowed_features, KVM_VCPU_MAX_FEATURES);
>
> - /*
> - * For protected VMs, always allow:
> - * - CPU starting in poweroff state
> - * - PSCI v0.2
> - */
> - set_bit(KVM_ARM_VCPU_POWER_OFF, allowed_features);
For my understanding, why do we drop this bit?
> set_bit(KVM_ARM_VCPU_PSCI_0_2, allowed_features);
>
> - /*
> - * Check if remaining features are allowed:
> - * - Performance Monitoring
> - * - Scalable Vectors
> - * - Pointer Authentication
> - */
> - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), PVM_ID_AA64DFR0_ALLOW))
> + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PMU_V3))
> set_bit(KVM_ARM_VCPU_PMU_V3, allowed_features);
>
> - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), PVM_ID_AA64PFR0_ALLOW))
> - set_bit(KVM_ARM_VCPU_SVE, allowed_features);
> -
> - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), PVM_ID_AA64ISAR1_ALLOW) &&
> - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), PVM_ID_AA64ISAR1_ALLOW))
> + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_ADDRESS))
> set_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, allowed_features);
>
> - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI), PVM_ID_AA64ISAR1_ALLOW) &&
> - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA), PVM_ID_AA64ISAR1_ALLOW))
> + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_GENERIC))
> set_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, allowed_features);
>
> + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_SVE))
> + set_bit(KVM_ARM_VCPU_SVE, allowed_features);
> +
> bitmap_and(kvm->arch.vcpu_features, host_kvm->arch.vcpu_features,
> allowed_features, KVM_VCPU_MAX_FEATURES);
> }
> --
> 2.47.0.338.g60cca15819-goog
>
More information about the linux-arm-kernel
mailing list