[PATCH v1 1/8] KVM: arm64: Rename pkvm.enabled to pkvm.is_protected

Mon Aug 4 00:00:46 PDT 2025

Hi Wei-Lin,

On Sun, 3 Aug 2025 at 07:09, Wei-Lin Chang <r09922117 at csie.ntu.edu.tw> wrote:
>
> Hi Fuad,
>
> I am reading some pKVM code and would like to ask for help on some
> questions to make sure my understanding is correct:
>
> While looking at the code I don't see pkvm.enabled, or now
> pkvm.is_protected really assigned, is pkvm development going to add the
> ability to let the user pick whether they want to start a protected VM
> (host EL1 can't access VM memory and registers, mostly) or not (like
> nVHE mode VMs) in the future?
>
> Also, since when running pKVM (kvm-arm.mode=protected) the user can't
> yet choose the VM to be protected or not, the current state is that all
> VMs started by pKVM is protected, is that understanding correct?
>
> Sorry if I missed anything.

You're absolutely right. We are in the process of upstreaming pKVM,
especially support for protected VMs. As you've noticed, upstream code
doesn't yet support that. This series is meant to help facilitate
that.

To get an idea of what we hope to upstream, you could have a look at
what we have in Android:

https://android.googlesource.com/kernel/common/+/refs/heads/android16-6.12

What we have in Android is a new VM type, KVM_VM_TYPE_ARM_PROTECTED,
that you would set on VM creation (when running in protected mode) to
designate a VM as protected. That would set is_protected (or enabled)
to true.

I hope this helps.

Cheers,
/fuad

>
> Thanks,
> Wei-Lin Chang
>
> On Tue, Jul 29, 2025 at 01:00:06PM +0100, Fuad Tabba wrote:
> > The 'pkvm.enabled' field in struct kvm_protected_vm is confusingly named.
> > Its purpose is to indicate whether a VM is a pKVM protected VM, not
> > whether the VM itself is enabled or running.
> >
> > For a non-protected VM, the VM can be fully active, yet this field would
> > be false. This ambiguity can lead to incorrect assumptions about the VM's
> > operational state and makes the code harder to reason about.
> >
> > Rename the field to 'is_protected' to make it unambiguous that the flag
> > tracks the protected status of the VM.
> >
> > No functional change intended.
> >
> > Signed-off-by: Fuad Tabba <tabba at google.com>
> > ---
> >  arch/arm64/include/asm/kvm_host.h | 4 ++--
> >  arch/arm64/kvm/hyp/nvhe/pkvm.c    | 2 +-
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > index 3e41a880b062..55dc7cd83e40 100644
> > --- a/arch/arm64/include/asm/kvm_host.h
> > +++ b/arch/arm64/include/asm/kvm_host.h
> > @@ -252,7 +252,7 @@ struct kvm_protected_vm {
> >       pkvm_handle_t handle;
> >       struct kvm_hyp_memcache teardown_mc;
> >       struct kvm_hyp_memcache stage2_teardown_mc;
> > -     bool enabled;
> > +     bool is_protected;
> >  };
> >
> >  struct kvm_mpidr_data {
> > @@ -1522,7 +1522,7 @@ struct kvm *kvm_arch_alloc_vm(void);
> >
> >  #define __KVM_HAVE_ARCH_FLUSH_REMOTE_TLBS_RANGE
> >
> > -#define kvm_vm_is_protected(kvm)     (is_protected_kvm_enabled() && (kvm)->arch.pkvm.enabled)
> > +#define kvm_vm_is_protected(kvm)     (is_protected_kvm_enabled() && (kvm)->arch.pkvm.is_protected)
> >
> >  #define vcpu_is_protected(vcpu)              kvm_vm_is_protected((vcpu)->kvm)
> >
> > diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > index 338505cb0171..6198c1d27b5b 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > @@ -406,7 +406,7 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
> >       hyp_vm->host_kvm = host_kvm;
> >       hyp_vm->kvm.created_vcpus = nr_vcpus;
> >       hyp_vm->kvm.arch.mmu.vtcr = host_mmu.arch.mmu.vtcr;
> > -     hyp_vm->kvm.arch.pkvm.enabled = READ_ONCE(host_kvm->arch.pkvm.enabled);
> > +     hyp_vm->kvm.arch.pkvm.is_protected = READ_ONCE(host_kvm->arch.pkvm.is_protected);
> >       hyp_vm->kvm.arch.flags = 0;
> >       pkvm_init_features_from_host(hyp_vm, host_kvm);
> >  }
> > --
> > 2.50.1.487.gc89ff58d15-goog
> >