From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DAAD128A40D; Fri, 20 Jun 2025 11:13:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750417995; cv=none; b=qUcX+YDAvMIixFsT/mSX8b2J/yJKME6qa2zRUbNsxEcb5quDK8j/QBuAC1Mu5gCU3NMd2g3D5wTlz/btNal6E/dRV5PggYBSvIx7qNU0OCIzhqRp6L0R5juQ5j1pKDwi/P13XHJV8n8CbGOgUcQOnqXT10ompySSWY/pqjDlXQI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750417995; c=relaxed/simple; bh=ErTcedXjkMUpCPpdOZLnqSb5fYN4n0bh2a7ddFrfZBQ=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=pixBh9tYjHZVIiSY7+sFvoq9BnVj3H4IMX/lE/xaWdzmPqH9vR0WbWbdy9A0qI+a0brn7lYps7J3Q6wSAldw2OMLXoioceWC7/MQ+j9jCQxts9ZvEzXEd3ZUdUxfcS+BUcSb7D7GOjsV7FLQRXUHcv54OxtLLQhQE10aqPU8H7U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pMastnj+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pMastnj+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6B094C4CEE3; Fri, 20 Jun 2025 11:13:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1750417995; bh=ErTcedXjkMUpCPpdOZLnqSb5fYN4n0bh2a7ddFrfZBQ=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=pMastnj+G0WkUMW+DQ9ufVmL0ThlYGqk0MMgIgaROEad34UvetisFsemW7kQzsb70 h3aIXFb0emEE1DfX8A+ybpHfMF/xu0E1snYX2PoZs1ZywfnhKWbyvkkvcnXaL0DtYB k4QWh/XFHGi1wBfvO5HCdJd8Tn9hR8nkAGGZUILNMWRMv85mlLr4mrCUkOYLck2jL2 azDuKujuhjZIuiVb2Dz/E0n3WzGQ9XGqUFic9c1vbs+6KWVTADSXd07p3Zse4W1M6x Swkcsg5Im/gNPO9yT+AQB+mMpG6IcBnKXhGjg1vRI7IwtJTCgDrgMjWbhl0uvkCM5T hVd4M4yyusZGw== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uSZgH-008XJI-0P; Fri, 20 Jun 2025 12:13:13 +0100 Date: Fri, 20 Jun 2025 12:13:12 +0100 Message-ID: <86ikkqd5tj.wl-maz@kernel.org> From: Marc Zyngier To: Andre Przywara Cc: Will Deacon , Julien Thierry , kvm@vger.kernel.org, kvmarm@lists.linux.dev Subject: Re: [PATCH kvmtool 0/3] arm64: Nested virtualization support In-Reply-To: <20250620104454.1384132-1-andre.przywara@arm.com> References: <20250620104454.1384132-1-andre.przywara@arm.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/30.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: andre.przywara@arm.com, will@kernel.org, julien.thierry.kdev@gmail.com, kvm@vger.kernel.org, kvmarm@lists.linux.dev X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Hi Andre, On Fri, 20 Jun 2025 11:44:51 +0100, Andre Przywara wrote: > > Thanks to the imperturbable efforts from Marc, arm64 support for nested > virtualization has now reached the mainline kernel, which means the > respective kvmtool support should now be ready as well. Thanks for pushing this stuff out. > > Patch 1 updates the kernel headers, to get the new EL2 capability, and > the VGIC device control to setup the maintenance IRQ. > Patch 2 introduces the new "--nested" command line option, to let the > VCPUs start in EL2. To allow KVM guests running in such a guest, we also > need VGIC support, which patch 3 allows by setting the maintenance IRQ. > > Tested on the FVP (with some good deal of patience), and some commercial > (non-fruity) hardware, down to a guest's guest's guest. > > Cheers, > Andre > > P.S.: Marc: I saw the other patches in your kernel.org repo, do we need any > of them - HYP timer IRQ, E2H0, counter offset? Yes, please. They are very much necessary, and should serve as a template for other VMMs (exposing all the interrupts is required, the counter offset is necessary to test things resembling live migration, and the e2h0 selection to run nVHE. You can probably ignore the virtio patch for now, as this needs to be properly debugged, > I guess E2H0 for fruity hardware, what about the others? The other way around. The '--e2h0' option forces the use of HCR_EL2.NV1. Rotten fruits can't use NV1 (they actually can, but the EL2 S1 PTW is fscked, so we hide it from KVM). However, other implementations do have proper NV1 support, and that option is extremely useful to boot a nVHE hypervisor. Thanks, M. -- Without deviation from the norm, progress is not possible.