| Message ID | 20211001170553.3062988-1-maz@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] KVM: arm64: Allow KVM to be disabled from the command line | expand |
Reviewed-by: Andrew Scull <ascull@google.com> On Fri, 1 Oct 2021 at 18:06, Marc Zyngier <maz@kernel.org> wrote: > > Although KVM can be compiled out of the kernel, it cannot be disabled > at runtime. Allow this possibility by introducing a new mode that > will prevent KVM from initialising. > > This is useful in the (limited) circumstances where you don't want > KVM to be available (what is wrong with you?), or when you want > to install another hypervisor instead (good luck with that). > > Reviewed-by: David Brazdil <dbrazdil@google.com> > Acked-by: Will Deacon <will@kernel.org> > Acked-by: Suzuki K Poulose <suzuki.poulose@arm.com> > Signed-off-by: Marc Zyngier <maz@kernel.org> > --- > > Notes: > v2: Dropped the id_aa64mmfr1_vh=0 setting so that KVM can be disabled > and yet stay in VHE mode on platforms that require it. > I kept the AB/RB's, but please shout if you disagree! > > Documentation/admin-guide/kernel-parameters.txt | 2 ++ > arch/arm64/include/asm/kvm_host.h | 1 + > arch/arm64/kvm/arm.c | 14 +++++++++++++- > 3 files changed, 16 insertions(+), 1 deletion(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 91ba391f9b32..f268731a3d4d 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -2365,6 +2365,8 @@ > kvm-arm.mode= > [KVM,ARM] Select one of KVM/arm64's modes of operation. > > + none: Forcefully disable KVM. > + > nvhe: Standard nVHE-based mode, without support for > protected guests. > > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h > index f8be56d5342b..019490c67976 100644 > --- a/arch/arm64/include/asm/kvm_host.h > +++ b/arch/arm64/include/asm/kvm_host.h > @@ -58,6 +58,7 @@ > enum kvm_mode { > KVM_MODE_DEFAULT, > KVM_MODE_PROTECTED, > + KVM_MODE_NONE, > }; > enum kvm_mode kvm_get_mode(void); > > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c > index fe102cd2e518..658171231af9 100644 > --- a/arch/arm64/kvm/arm.c > +++ b/arch/arm64/kvm/arm.c > @@ -2064,6 +2064,11 @@ int kvm_arch_init(void *opaque) > return -ENODEV; > } > > + if (kvm_get_mode() == KVM_MODE_NONE) { > + kvm_info("KVM disabled from command line\n"); > + return -ENODEV; > + } > + > in_hyp_mode = is_kernel_in_hyp_mode(); > > if (cpus_have_final_cap(ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE) || > @@ -2137,8 +2142,15 @@ static int __init early_kvm_mode_cfg(char *arg) > return 0; > } > > - if (strcmp(arg, "nvhe") == 0 && !WARN_ON(is_kernel_in_hyp_mode())) > + if (strcmp(arg, "nvhe") == 0 && !WARN_ON(is_kernel_in_hyp_mode())) { > + kvm_mode = KVM_MODE_DEFAULT; > return 0; > + } > + > + if (strcmp(arg, "none") == 0) { > + kvm_mode = KVM_MODE_NONE; > + return 0; > + } > > return -EINVAL; > } > -- > 2.30.2 > > -- > To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe@android.com. >
On Fri, 1 Oct 2021 18:05:53 +0100, Marc Zyngier wrote: > Although KVM can be compiled out of the kernel, it cannot be disabled > at runtime. Allow this possibility by introducing a new mode that > will prevent KVM from initialising. > > This is useful in the (limited) circumstances where you don't want > KVM to be available (what is wrong with you?), or when you want > to install another hypervisor instead (good luck with that). Applied to next, thanks! [1/1] KVM: arm64: Allow KVM to be disabled from the command line commit: b6a68b97af23cc75781bed38221ce73144ac2e39 Cheers, M.
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 91ba391f9b32..f268731a3d4d 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2365,6 +2365,8 @@ kvm-arm.mode= [KVM,ARM] Select one of KVM/arm64's modes of operation. + none: Forcefully disable KVM. + nvhe: Standard nVHE-based mode, without support for protected guests. diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index f8be56d5342b..019490c67976 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -58,6 +58,7 @@ enum kvm_mode { KVM_MODE_DEFAULT, KVM_MODE_PROTECTED, + KVM_MODE_NONE, }; enum kvm_mode kvm_get_mode(void); diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index fe102cd2e518..658171231af9 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -2064,6 +2064,11 @@ int kvm_arch_init(void *opaque) return -ENODEV; } + if (kvm_get_mode() == KVM_MODE_NONE) { + kvm_info("KVM disabled from command line\n"); + return -ENODEV; + } + in_hyp_mode = is_kernel_in_hyp_mode(); if (cpus_have_final_cap(ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE) || @@ -2137,8 +2142,15 @@ static int __init early_kvm_mode_cfg(char *arg) return 0; } - if (strcmp(arg, "nvhe") == 0 && !WARN_ON(is_kernel_in_hyp_mode())) + if (strcmp(arg, "nvhe") == 0 && !WARN_ON(is_kernel_in_hyp_mode())) { + kvm_mode = KVM_MODE_DEFAULT; return 0; + } + + if (strcmp(arg, "none") == 0) { + kvm_mode = KVM_MODE_NONE; + return 0; + } return -EINVAL; }