[PATCH v3 30/36] KVM: arm64: Allow userspace to create protected VMs when pKVM is enabled
Marc Zyngier
maz at kernel.org
Fri Mar 20 06:22:29 PDT 2026
On Thu, 05 Mar 2026 14:43:43 +0000,
Will Deacon <will at kernel.org> wrote:
>
> Introduce a new VM type for KVM/arm64 to allow userspace to request the
> creation of a "protected VM" when the host has booted with pKVM enabled.
>
> For now, this depends on CONFIG_EXPERT and results in a taint on first
> use as many aspects of a protected VM are not yet protected!
>
> Signed-off-by: Will Deacon <will at kernel.org>
> ---
> arch/arm64/include/asm/kvm_pkvm.h | 2 +-
> arch/arm64/kvm/Kconfig | 10 ++++++++++
> arch/arm64/kvm/arm.c | 8 +++++++-
> arch/arm64/kvm/mmu.c | 3 ---
> arch/arm64/kvm/pkvm.c | 11 ++++++++++-
> include/uapi/linux/kvm.h | 5 +++++
> 6 files changed, 33 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
> index 7041e398fb4c..2954b311128c 100644
> --- a/arch/arm64/include/asm/kvm_pkvm.h
> +++ b/arch/arm64/include/asm/kvm_pkvm.h
> @@ -17,7 +17,7 @@
>
> #define HYP_MEMBLOCK_REGIONS 128
>
> -int pkvm_init_host_vm(struct kvm *kvm);
> +int pkvm_init_host_vm(struct kvm *kvm, unsigned long type);
> int pkvm_create_hyp_vm(struct kvm *kvm);
> bool pkvm_hyp_vm_is_created(struct kvm *kvm);
> void pkvm_destroy_hyp_vm(struct kvm *kvm);
> diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig
> index 7d1f22fd490b..e71f7fb6e89a 100644
> --- a/arch/arm64/kvm/Kconfig
> +++ b/arch/arm64/kvm/Kconfig
> @@ -82,4 +82,14 @@ config PTDUMP_STAGE2_DEBUGFS
>
> If in doubt, say N.
>
> +config PROTECTED_VM_UAPI
> + bool "Expose protected VMs to userspace (experimental)"
> + depends on KVM && EXPERT
> + help
> + Say Y here to enable experimental (i.e. in development)
> + support for creating protected virtual machines using KVM's
> + KVM_CREATE_VM ioctl() when booted with pKVM enabled.
> +
> + Unless you are a KVM developer, say N.
> +
Let me once more express my lack of appetite for config options.
Protected more is already gated by a command-line option, and requires
active buy-in from the user.
Nested support is in the same "not quite finished" state, and yet
isn't hidden behind a configuration symbol.
Taint the kernel if you want, but I'd rather we don't add extra config
options for this. Documenting the "experimental" aspect of upstream
pKVM should be enough.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
More information about the linux-arm-kernel
mailing list