| Message ID | 20220902040122.346654-1-quic_eberman@quicinc.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: arm64: Report Protected KVM cap only if KVM is enabled | expand |
On Thu, Sep 01, 2022 at 09:01:22PM -0700, Elliot Berman wrote: > If "kvm-arm.mode=protected" is present on kernel command line, but the > kernel doesn't actually support KVM because it booted from EL1, the > ARM64_KVM_PROTECTED_MODE capability is misleadingly reported as present. > Fix this by adding a check whether we booted from EL2. > > Cc: Will Deacon <will@kernel.org> > Cc: David Brazdil <dbrazdil@google.com> > Cc: Marc Zyngier <maz@kernel.org> > Signed-off-by: Elliot Berman <quic_eberman@quicinc.com> > --- > arch/arm64/kernel/cpufeature.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > index 8d88433de81d..866667be0651 100644 > --- a/arch/arm64/kernel/cpufeature.c > +++ b/arch/arm64/kernel/cpufeature.c > @@ -1974,7 +1974,7 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap) > #ifdef CONFIG_KVM > static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, int __unused) > { > - return kvm_get_mode() == KVM_MODE_PROTECTED; > + return is_hyp_mode_available() && kvm_get_mode() == KVM_MODE_PROTECTED; > } > #endif /* CONFIG_KVM */ Could we not fix this in early_kvm_mode_cfg()?
On 2022-09-09 13:44, Catalin Marinas wrote: > On Thu, Sep 01, 2022 at 09:01:22PM -0700, Elliot Berman wrote: >> If "kvm-arm.mode=protected" is present on kernel command line, but the >> kernel doesn't actually support KVM because it booted from EL1, the >> ARM64_KVM_PROTECTED_MODE capability is misleadingly reported as >> present. >> Fix this by adding a check whether we booted from EL2. >> >> Cc: Will Deacon <will@kernel.org> >> Cc: David Brazdil <dbrazdil@google.com> >> Cc: Marc Zyngier <maz@kernel.org> >> Signed-off-by: Elliot Berman <quic_eberman@quicinc.com> >> --- >> arch/arm64/kernel/cpufeature.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/arm64/kernel/cpufeature.c >> b/arch/arm64/kernel/cpufeature.c >> index 8d88433de81d..866667be0651 100644 >> --- a/arch/arm64/kernel/cpufeature.c >> +++ b/arch/arm64/kernel/cpufeature.c >> @@ -1974,7 +1974,7 @@ static void cpu_enable_mte(struct >> arm64_cpu_capabilities const *cap) >> #ifdef CONFIG_KVM >> static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities >> *entry, int __unused) >> { >> - return kvm_get_mode() == KVM_MODE_PROTECTED; >> + return is_hyp_mode_available() && kvm_get_mode() == >> KVM_MODE_PROTECTED; >> } >> #endif /* CONFIG_KVM */ > > Could we not fix this in early_kvm_mode_cfg()? That's be indeed preferable. Thanks, M.
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 8d88433de81d..866667be0651 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1974,7 +1974,7 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap) #ifdef CONFIG_KVM static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, int __unused) { - return kvm_get_mode() == KVM_MODE_PROTECTED; + return is_hyp_mode_available() && kvm_get_mode() == KVM_MODE_PROTECTED; } #endif /* CONFIG_KVM */
If "kvm-arm.mode=protected" is present on kernel command line, but the kernel doesn't actually support KVM because it booted from EL1, the ARM64_KVM_PROTECTED_MODE capability is misleadingly reported as present. Fix this by adding a check whether we booted from EL2. Cc: Will Deacon <will@kernel.org> Cc: David Brazdil <dbrazdil@google.com> Cc: Marc Zyngier <maz@kernel.org> Signed-off-by: Elliot Berman <quic_eberman@quicinc.com> --- arch/arm64/kernel/cpufeature.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) base-commit: 0982c8d859f8f7022b9fd44d421c7ec721bb41f9