If "kvm-arm.mode=protected" is present on kernel command line, but the
kernel doesn't actually support KVM because it booted from EL1, the
ARM64_KVM_PROTECTED_MODE capability is misleadingly reported as present.
Fix this by adding a check whether we booted from EL2.
Cc: Will Deacon <[email protected]>
Cc: David Brazdil <[email protected]>
Cc: Marc Zyngier <[email protected]>
Signed-off-by: Elliot Berman <[email protected]>
---
arch/arm64/kernel/cpufeature.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 8d88433de81d..866667be0651 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1974,7 +1974,7 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
#ifdef CONFIG_KVM
static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, int __unused)
{
- return kvm_get_mode() == KVM_MODE_PROTECTED;
+ return is_hyp_mode_available() && kvm_get_mode() == KVM_MODE_PROTECTED;
}
#endif /* CONFIG_KVM */
base-commit: 0982c8d859f8f7022b9fd44d421c7ec721bb41f9
--
2.25.1
On Thu, Sep 01, 2022 at 09:01:22PM -0700, Elliot Berman wrote:
> If "kvm-arm.mode=protected" is present on kernel command line, but the
> kernel doesn't actually support KVM because it booted from EL1, the
> ARM64_KVM_PROTECTED_MODE capability is misleadingly reported as present.
> Fix this by adding a check whether we booted from EL2.
>
> Cc: Will Deacon <[email protected]>
> Cc: David Brazdil <[email protected]>
> Cc: Marc Zyngier <[email protected]>
> Signed-off-by: Elliot Berman <[email protected]>
> ---
> arch/arm64/kernel/cpufeature.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 8d88433de81d..866667be0651 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -1974,7 +1974,7 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
> #ifdef CONFIG_KVM
> static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, int __unused)
> {
> - return kvm_get_mode() == KVM_MODE_PROTECTED;
> + return is_hyp_mode_available() && kvm_get_mode() == KVM_MODE_PROTECTED;
> }
> #endif /* CONFIG_KVM */
Could we not fix this in early_kvm_mode_cfg()?
--
Catalin
On 2022-09-09 13:44, Catalin Marinas wrote:
> On Thu, Sep 01, 2022 at 09:01:22PM -0700, Elliot Berman wrote:
>> If "kvm-arm.mode=protected" is present on kernel command line, but the
>> kernel doesn't actually support KVM because it booted from EL1, the
>> ARM64_KVM_PROTECTED_MODE capability is misleadingly reported as
>> present.
>> Fix this by adding a check whether we booted from EL2.
>>
>> Cc: Will Deacon <[email protected]>
>> Cc: David Brazdil <[email protected]>
>> Cc: Marc Zyngier <[email protected]>
>> Signed-off-by: Elliot Berman <[email protected]>
>> ---
>> arch/arm64/kernel/cpufeature.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/kernel/cpufeature.c
>> b/arch/arm64/kernel/cpufeature.c
>> index 8d88433de81d..866667be0651 100644
>> --- a/arch/arm64/kernel/cpufeature.c
>> +++ b/arch/arm64/kernel/cpufeature.c
>> @@ -1974,7 +1974,7 @@ static void cpu_enable_mte(struct
>> arm64_cpu_capabilities const *cap)
>> #ifdef CONFIG_KVM
>> static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities
>> *entry, int __unused)
>> {
>> - return kvm_get_mode() == KVM_MODE_PROTECTED;
>> + return is_hyp_mode_available() && kvm_get_mode() ==
>> KVM_MODE_PROTECTED;
>> }
>> #endif /* CONFIG_KVM */
>
> Could we not fix this in early_kvm_mode_cfg()?
That's be indeed preferable.
Thanks,
M.
--
Jazz is not dead. It just smells funny...