@@ -74,6 +74,11 @@ void kvm__arch_set_cmdline(char *cmdline, bool video)
void kvm__arch_init(struct kvm *kvm)
{
+ if (kvm->cfg.restricted_mem &&
+ !kvm__supports_extension(kvm, KVM_CAP_PRIVATE_MEM)) {
+ die("Guest restricted memory capability not supported.");
+ }
+
/* Create the virtual GIC. */
if (gic__create(kvm, kvm->cfg.arch.irqchip))
die("Failed to create virtual GIC");
@@ -202,6 +202,8 @@ static int mem_parser(const struct option *opt, const char *arg, int unset)
"Hugetlbfs path"), \
OPT_BOOLEAN('\0', "virtio-legacy", &(cfg)->virtio_legacy, \
"Use legacy virtio transport"), \
+ OPT_BOOLEAN('\0', "restricted_mem", &(cfg)->restricted_mem, \
+ "Use restricted memory for guests"), \
\
OPT_GROUP("Kernel options:"), \
OPT_STRING('k', "kernel", &(cfg)->kernel_filename, "kernel", \
@@ -65,6 +65,7 @@ struct kvm_config {
bool ioport_debug;
bool mmio_debug;
bool virtio_legacy;
+ bool restricted_mem;
};
#endif
Currently this way for testing only. When the option restricted_mem is set, the guest will use the new restricted memory extensions. This is done this way for now to enable testing and debugging. In the future, pKVM will require that all its guest use restricted memory, so instead of a flag, the intention is for the final version of this patch series to rely on KVM_CAP_PRIVATE_MEM and fail if that capability isn't supported. Signed-off-by: Fuad Tabba <tabba@google.com> --- arm/kvm.c | 5 +++++ builtin-run.c | 2 ++ include/kvm/kvm-config.h | 1 + 3 files changed, 8 insertions(+)