[PATCH v1 1/8] KVM: arm64: Rename pkvm.enabled to pkvm.is_protected

Mon Aug 4 05:20:15 PDT 2025

On Mon, Aug 04, 2025 at 08:00:46AM +0100, Fuad Tabba wrote:
> Hi Wei-Lin,
> 
> On Sun, 3 Aug 2025 at 07:09, Wei-Lin Chang <r09922117 at csie.ntu.edu.tw> wrote:
> >
> > Hi Fuad,
> >
> > I am reading some pKVM code and would like to ask for help on some
> > questions to make sure my understanding is correct:
> >
> > While looking at the code I don't see pkvm.enabled, or now
> > pkvm.is_protected really assigned, is pkvm development going to add the
> > ability to let the user pick whether they want to start a protected VM
> > (host EL1 can't access VM memory and registers, mostly) or not (like
> > nVHE mode VMs) in the future?
> >
> > Also, since when running pKVM (kvm-arm.mode=protected) the user can't
> > yet choose the VM to be protected or not, the current state is that all
> > VMs started by pKVM is protected, is that understanding correct?
> >
> > Sorry if I missed anything.
> 
> You're absolutely right. We are in the process of upstreaming pKVM,
> especially support for protected VMs. As you've noticed, upstream code
> doesn't yet support that. This series is meant to help facilitate
> that.
> 
> To get an idea of what we hope to upstream, you could have a look at
> what we have in Android:
> 
> https://android.googlesource.com/kernel/common/+/refs/heads/android16-6.12
> 
> What we have in Android is a new VM type, KVM_VM_TYPE_ARM_PROTECTED,
> that you would set on VM creation (when running in protected mode) to
> designate a VM as protected. That would set is_protected (or enabled)
> to true.
> 
> I hope this helps.

Got it, thank you so much for the explanation!

Thanks,
Wei-Lin Chang

> 
> Cheers,
> /fuad
> 
> >
> > Thanks,
> > Wei-Lin Chang
> >
> > On Tue, Jul 29, 2025 at 01:00:06PM +0100, Fuad Tabba wrote:
> > > The 'pkvm.enabled' field in struct kvm_protected_vm is confusingly named.
> > > Its purpose is to indicate whether a VM is a pKVM protected VM, not
> > > whether the VM itself is enabled or running.
> > >
> > > For a non-protected VM, the VM can be fully active, yet this field would
> > > be false. This ambiguity can lead to incorrect assumptions about the VM's
> > > operational state and makes the code harder to reason about.
> > >
> > > Rename the field to 'is_protected' to make it unambiguous that the flag
> > > tracks the protected status of the VM.
> > >
> > > No functional change intended.
> > >
> > > Signed-off-by: Fuad Tabba <tabba at google.com>
> > > ---
> > >  arch/arm64/include/asm/kvm_host.h | 4 ++--
> > >  arch/arm64/kvm/hyp/nvhe/pkvm.c    | 2 +-
> > >  2 files changed, 3 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> > > index 3e41a880b062..55dc7cd83e40 100644
> > > --- a/arch/arm64/include/asm/kvm_host.h
> > > +++ b/arch/arm64/include/asm/kvm_host.h
> > > @@ -252,7 +252,7 @@ struct kvm_protected_vm {
> > >       pkvm_handle_t handle;
> > >       struct kvm_hyp_memcache teardown_mc;
> > >       struct kvm_hyp_memcache stage2_teardown_mc;
> > > -     bool enabled;
> > > +     bool is_protected;
> > >  };
> > >
> > >  struct kvm_mpidr_data {
> > > @@ -1522,7 +1522,7 @@ struct kvm *kvm_arch_alloc_vm(void);
> > >
> > >  #define __KVM_HAVE_ARCH_FLUSH_REMOTE_TLBS_RANGE
> > >
> > > -#define kvm_vm_is_protected(kvm)     (is_protected_kvm_enabled() && (kvm)->arch.pkvm.enabled)
> > > +#define kvm_vm_is_protected(kvm)     (is_protected_kvm_enabled() && (kvm)->arch.pkvm.is_protected)
> > >
> > >  #define vcpu_is_protected(vcpu)              kvm_vm_is_protected((vcpu)->kvm)
> > >
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > > index 338505cb0171..6198c1d27b5b 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> > > @@ -406,7 +406,7 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
> > >       hyp_vm->host_kvm = host_kvm;
> > >       hyp_vm->kvm.created_vcpus = nr_vcpus;
> > >       hyp_vm->kvm.arch.mmu.vtcr = host_mmu.arch.mmu.vtcr;
> > > -     hyp_vm->kvm.arch.pkvm.enabled = READ_ONCE(host_kvm->arch.pkvm.enabled);
> > > +     hyp_vm->kvm.arch.pkvm.is_protected = READ_ONCE(host_kvm->arch.pkvm.is_protected);
> > >       hyp_vm->kvm.arch.flags = 0;
> > >       pkvm_init_features_from_host(hyp_vm, host_kvm);
> > >  }
> > > --
> > > 2.50.1.487.gc89ff58d15-goog
> > >