FROMLIST: KVM: arm64: Allow KVM to be disabled from the command line

Although KVM can be compiled out of the kernel, it cannot be disabled at runtime. Allow this possibility by introducing a new mode that will prevent KVM from initialising. This is useful in the (limited) circumstances where you don't want KVM to be available (what is wrong with you?), or when you want to install another hypervisor instead (good luck with that). Bug: 192819132 Test: boot in EL2, pass kvm-arm.mode=none on cmdline Link: https://lore.kernel.org/kvmarm/20210903091652.985836-1-maz@kernel.org/ Signed-off-by: Marc Zyngier <maz@kernel.org> Change-Id: If4d2775b8f1f4119b5f390391f64c65221a17fde
2026-06-07 19:30:30 +09:00 · 2021-09-03 10:16:52 +01:00
parent 30d8af3e1e
commit 5b63fb56a8
4 changed files with 18 additions and 1 deletions
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2302,6 +2302,9 @@
 	kvm-arm.mode=
 			[KVM,ARM] Select one of KVM/arm64's modes of operation.

+			none: Forcefully disable KVM and run in nVHE mode,
+			      preventing KVM from ever initialising.
+
 			nvhe: Standard nVHE-based mode, without support for
 			      protected guests.

--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -59,6 +59,7 @@
 enum kvm_mode {
 	KVM_MODE_DEFAULT,
 	KVM_MODE_PROTECTED,
+	KVM_MODE_NONE,
 };
 enum kvm_mode kvm_get_mode(void);

--- a/arch/arm64/kernel/idreg-override.c
+++ b/arch/arm64/kernel/idreg-override.c
@@ -94,6 +94,7 @@ static const struct {
 	char	alias[FTR_ALIAS_NAME_LEN];
 	char	feature[FTR_ALIAS_OPTION_LEN];
 } aliases[] __initconst = {
+	{ "kvm-arm.mode=none",		"id_aa64mmfr1.vh=0" },
 	{ "kvm-arm.mode=nvhe",		"id_aa64mmfr1.vh=0" },
 	{ "kvm-arm.mode=protected",	"id_aa64mmfr1.vh=0" },
 	{ "arm64.nobti",		"id_aa64pfr1.bt=0" },
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -2046,6 +2046,11 @@ int kvm_arch_init(void *opaque)
 		return -ENODEV;
 	}

+	if (kvm_get_mode() == KVM_MODE_NONE) {
+		kvm_info("KVM disabled from command line\n");
+		return -ENODEV;
+	}
+
 	in_hyp_mode = is_kernel_in_hyp_mode();

 	if (cpus_have_final_cap(ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE) ||
@@ -2119,8 +2124,15 @@ static int __init early_kvm_mode_cfg(char *arg)
 		return 0;
 	}

-	if (strcmp(arg, "nvhe") == 0 && !WARN_ON(is_kernel_in_hyp_mode()))
+	if (strcmp(arg, "nvhe") == 0 && !WARN_ON(is_kernel_in_hyp_mode())) {
+		kvm_mode = KVM_MODE_DEFAULT;
 		return 0;
+	}
+
+	if (strcmp(arg, "none") == 0 && !WARN_ON(is_kernel_in_hyp_mode())) {
+		kvm_mode = KVM_MODE_NONE;
+		return 0;
+	}

 	return -EINVAL;
 }