[PATCH v4 04/14] KVM: arm64: Use KVM extension checks for allowed protected VM capabilities
Fuad Tabba
tabba at google.com
Mon Dec 9 00:14:15 PST 2024
Hi Quentin,
On Fri, 6 Dec 2024 at 17:10, Quentin Perret <qperret at google.com> wrote:
>
> On Monday 02 Dec 2024 at 15:47:31 (+0000), Fuad Tabba wrote:
> > diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > index fb733b36c6c1..59ff6aac514c 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > @@ -329,34 +329,20 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc
> >
> > bitmap_zero(allowed_features, KVM_VCPU_MAX_FEATURES);
> >
> > - /*
> > - * For protected VMs, always allow:
> > - * - CPU starting in poweroff state
> > - * - PSCI v0.2
> > - */
> > - set_bit(KVM_ARM_VCPU_POWER_OFF, allowed_features);
>
> For my understanding, why do we drop this bit?
Since the hypervisor is responsible for the power state of protected
VMs. This should either be a separate patch or I should explain it in
the commit message. Any preference?
Thanks,
/fuad
> > set_bit(KVM_ARM_VCPU_PSCI_0_2, allowed_features);
> >
> > - /*
> > - * Check if remaining features are allowed:
> > - * - Performance Monitoring
> > - * - Scalable Vectors
> > - * - Pointer Authentication
> > - */
> > - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), PVM_ID_AA64DFR0_ALLOW))
> > + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PMU_V3))
> > set_bit(KVM_ARM_VCPU_PMU_V3, allowed_features);
> >
> > - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), PVM_ID_AA64PFR0_ALLOW))
> > - set_bit(KVM_ARM_VCPU_SVE, allowed_features);
> > -
> > - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), PVM_ID_AA64ISAR1_ALLOW) &&
> > - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), PVM_ID_AA64ISAR1_ALLOW))
> > + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_ADDRESS))
> > set_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, allowed_features);
> >
> > - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI), PVM_ID_AA64ISAR1_ALLOW) &&
> > - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA), PVM_ID_AA64ISAR1_ALLOW))
> > + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_GENERIC))
> > set_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, allowed_features);
> >
> > + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_SVE))
> > + set_bit(KVM_ARM_VCPU_SVE, allowed_features);
> > +
> > bitmap_and(kvm->arch.vcpu_features, host_kvm->arch.vcpu_features,
> > allowed_features, KVM_VCPU_MAX_FEATURES);
> > }
> > --
> > 2.47.0.338.g60cca15819-goog
> >
>
More information about the linux-arm-kernel
mailing list