[PATCH v1 1/8] KVM: arm64: Rename pkvm.enabled to pkvm.is_protected

Sat Aug 2 23:10:44 PDT 2025

Hi Fuad,

I am reading some pKVM code and would like to ask for help on some
questions to make sure my understanding is correct:

While looking at the code I don't see pkvm.enabled, or now
pkvm.is_protected really assigned, is pkvm development going to add the
ability to let the user pick whether they want to start a protected VM
(host EL1 can't access VM memory and registers, mostly) or not (like
nVHE mode VMs) in the future?

Also, since when running pKVM (kvm-arm.mode=protected) the user can't
yet choose the VM to be protected or not, the current state is that all
VMs started by pKVM is protected, is that understanding correct?

Sorry if I missed anything.

Thanks,
Wei-Lin Chang

On Tue, Jul 29, 2025 at 01:00:06PM +0100, Fuad Tabba wrote:
> The 'pkvm.enabled' field in struct kvm_protected_vm is confusingly named.
> Its purpose is to indicate whether a VM is a pKVM protected VM, not
> whether the VM itself is enabled or running.
> 
> For a non-protected VM, the VM can be fully active, yet this field would
> be false. This ambiguity can lead to incorrect assumptions about the VM's
> operational state and makes the code harder to reason about.
> 
> Rename the field to 'is_protected' to make it unambiguous that the flag
> tracks the protected status of the VM.
> 
> No functional change intended.
> 
> Signed-off-by: Fuad Tabba <tabba at google.com>
> ---
>  arch/arm64/include/asm/kvm_host.h | 4 ++--
>  arch/arm64/kvm/hyp/nvhe/pkvm.c    | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 3e41a880b062..55dc7cd83e40 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -252,7 +252,7 @@ struct kvm_protected_vm {
>  	pkvm_handle_t handle;
>  	struct kvm_hyp_memcache teardown_mc;
>  	struct kvm_hyp_memcache stage2_teardown_mc;
> -	bool enabled;
> +	bool is_protected;
>  };
>  
>  struct kvm_mpidr_data {
> @@ -1522,7 +1522,7 @@ struct kvm *kvm_arch_alloc_vm(void);
>  
>  #define __KVM_HAVE_ARCH_FLUSH_REMOTE_TLBS_RANGE
>  
> -#define kvm_vm_is_protected(kvm)	(is_protected_kvm_enabled() && (kvm)->arch.pkvm.enabled)
> +#define kvm_vm_is_protected(kvm)	(is_protected_kvm_enabled() && (kvm)->arch.pkvm.is_protected)
>  
>  #define vcpu_is_protected(vcpu)		kvm_vm_is_protected((vcpu)->kvm)
>  
> diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> index 338505cb0171..6198c1d27b5b 100644
> --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> @@ -406,7 +406,7 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
>  	hyp_vm->host_kvm = host_kvm;
>  	hyp_vm->kvm.created_vcpus = nr_vcpus;
>  	hyp_vm->kvm.arch.mmu.vtcr = host_mmu.arch.mmu.vtcr;
> -	hyp_vm->kvm.arch.pkvm.enabled = READ_ONCE(host_kvm->arch.pkvm.enabled);
> +	hyp_vm->kvm.arch.pkvm.is_protected = READ_ONCE(host_kvm->arch.pkvm.is_protected);
>  	hyp_vm->kvm.arch.flags = 0;
>  	pkvm_init_features_from_host(hyp_vm, host_kvm);
>  }
> -- 
> 2.50.1.487.gc89ff58d15-goog
> 