Re: [PATCH kvmtool 2/3] arm64: Initial nested virt support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Marc,

On Fri, Jun 20, 2025 at 12:52:08PM +0100, Marc Zyngier wrote:
> On Fri, 20 Jun 2025 12:09:38 +0100,
> Alexandru Elisei <alexandru.elisei@xxxxxxx> wrote:
> > 
> > Hi Andre,
> > 
> > Thanks for doing this, it was needed. Haven't given this a proper look (I'm
> > planning to do that though!), but something jumped at me, below.
> > 
> > On Fri, Jun 20, 2025 at 11:44:53AM +0100, Andre Przywara wrote:
> > > The ARMv8.3 architecture update includes support for nested
> > > virtualization. Allow the user to specify "--nested" to start a guest in
> > 
> > './vm help run' shows:
> > 
> > --pmu             Create PMUv3 device
> > --disable-mte     Disable Memory Tagging Extension
> > --no-pvtime       Disable stolen time
> > 
> > Where:
> > 
> > --pmu checks for KVM_CAP_ARM_PMU_V3.
> > --disable-mte is there because MTE is enabled automatically for a guest when
> > KVM_CAP_ARM_MTE is present.
> > --no-pvtime is there because pvtime is enabled automatically; no capability
> > check is needed, but the control group for pvtime is called
> > KVM_ARM_VCPU_PVTIME_CTRL.
> > 
> > What I'm trying to get at is that the name for the kvmtool command line option
> > matches KVM's name for the capability. What do you think about naming the
> > parameter --el2 to match KVM_CAP_ARM_EL2 instead of --nested?
> > 
> >  Also, I seem to remember that the command line option for enabling
> >  KVM_CAP_ARM_EL2_E2H0 in Marc's repo is --e2h0, so having --el2 instead of
> >  --nested looks somewhat more consistent to me.
> > 
> >  Thoughts?
> 
> I think --el2 describes the wrong thing. We don't only expose EL2 to a
> guest, but we also expose FEAT_NV2 by default. So "nested" is IMO
> closer to the effects of the capability. If anything, it is
> KVM_CAP_ARM_EL2 that is badly named (yes, there is some history here,
> but I'm not going to entertain changing the #define after 8 years).
> 
> Similarly, QEMU has "virtualization=on" as an indication that it
> should engage NV, and not "el2=on".
> 
> If you wanted a pure --el2 flag, then it should engage NV just like
                                                         ^^
							 EL2?
> --nested does, but disable FEAT_NV2 in the idregs. This would give you
> EL2 without recursive NV and HCR_EL2.E2H RES1.

That's a very interesting perspective. My comment was from the point of view of
what kvmtool does when the option is present - it sets the *_EL2 VCPU flag, not
what effect the flag has on a virtual machine.

I can see what you're saying, --nested looks fine.

Thanks,
Alex
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux