From: Vincent Donnefort <vdonnefort@google.com>
To: rostedt@goodmis.org, mhiramat@kernel.org,
mathieu.desnoyers@efficios.com,
linux-trace-kernel@vger.kernel.org, maz@kernel.org,
oliver.upton@linux.dev, joey.gouly@arm.com,
suzuki.poulose@arm.com, yuzenghui@huawei.com
Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
jstultz@google.com, qperret@google.com, will@kernel.org,
aneesh.kumar@kernel.org, kernel-team@android.com,
linux-kernel@vger.kernel.org,
Vincent Donnefort <vdonnefort@google.com>,
Kalesh Singh <kaleshsingh@google.com>
Subject: [PATCH v12 19/30] KVM: arm64: Add PKVM_DISABLE_STAGE2_ON_PANIC
Date: Thu, 19 Feb 2026 15:02:56 +0000 [thread overview]
Message-ID: <20260219150307.14538-20-vdonnefort@google.com> (raw)
In-Reply-To: <20260219150307.14538-1-vdonnefort@google.com>
On NVHE_EL2_DEBUG, when using pKVM, the host stage-2 is relaxed to grant
the kernel access to the stacktrace, hypervisor bug table and text to
symbolize addresses. This is unsafe for production. In preparation for
adding more debug options to NVHE_EL2_DEBUG, decouple the stage-2
relaxation into a separate option.
While at it, rename PROTECTED_NVHE_STACKTRACE into PKVM_STACKTRACE,
following the same naming scheme as PKVM_DISABLE_STAGE2_ON_PANIC.
Reviewed-by: Kalesh Singh <kaleshsingh@google.com>
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig
index 4f803fd1c99a..6498dec00fe9 100644
--- a/arch/arm64/kvm/Kconfig
+++ b/arch/arm64/kvm/Kconfig
@@ -43,9 +43,27 @@ menuconfig KVM
If unsure, say N.
+if KVM
+
+config PTDUMP_STAGE2_DEBUGFS
+ bool "Present the stage-2 pagetables to debugfs"
+ depends on DEBUG_KERNEL
+ depends on DEBUG_FS
+ depends on ARCH_HAS_PTDUMP
+ select PTDUMP
+ default n
+ help
+ Say Y here if you want to show the stage-2 kernel pagetables
+ layout in a debugfs file. This information is only useful for kernel developers
+ who are working in architecture specific areas of the kernel.
+ It is probably not a good idea to enable this feature in a production
+ kernel.
+
+ If in doubt, say N.
+
config NVHE_EL2_DEBUG
bool "Debug mode for non-VHE EL2 object"
- depends on KVM
+ default n
help
Say Y here to enable the debug mode for the non-VHE KVM EL2 object.
Failure reports will BUG() in the hypervisor. This is intended for
@@ -53,10 +71,23 @@ config NVHE_EL2_DEBUG
If unsure, say N.
-config PROTECTED_NVHE_STACKTRACE
- bool "Protected KVM hypervisor stacktraces"
- depends on NVHE_EL2_DEBUG
+if NVHE_EL2_DEBUG
+
+config PKVM_DISABLE_STAGE2_ON_PANIC
+ bool "Disable the host stage-2 on panic"
default n
+ help
+ Relax the host stage-2 on hypervisor panic to allow the kernel to
+ unwind and symbolize the hypervisor stacktrace. This however tampers
+ the system security. This is intended for local EL2 hypervisor
+ development.
+
+ If unsure, say N.
+
+config PKVM_STACKTRACE
+ bool "Protected KVM hypervisor stacktraces"
+ depends on PKVM_DISABLE_STAGE2_ON_PANIC
+ default y
help
Say Y here to enable pKVM hypervisor stacktraces on hyp_panic()
@@ -66,21 +97,6 @@ config PROTECTED_NVHE_STACKTRACE
If unsure, or not using protected nVHE (pKVM), say N.
-config PTDUMP_STAGE2_DEBUGFS
- bool "Present the stage-2 pagetables to debugfs"
- depends on KVM
- depends on DEBUG_KERNEL
- depends on DEBUG_FS
- depends on ARCH_HAS_PTDUMP
- select PTDUMP
- default n
- help
- Say Y here if you want to show the stage-2 kernel pagetables
- layout in a debugfs file. This information is only useful for kernel developers
- who are working in architecture specific areas of the kernel.
- It is probably not a good idea to enable this feature in a production
- kernel.
-
- If in doubt, say N.
-
+endif # NVHE_EL2_DEBUG
+endif # KVM
endif # VIRTUALIZATION
diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
index cc7d5d1709cb..54aedf93c78b 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@@ -539,7 +539,7 @@ void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr,
/* All hyp bugs, including warnings, are treated as fatal. */
if (!is_protected_kvm_enabled() ||
- IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {
+ IS_ENABLED(CONFIG_PKVM_DISABLE_STAGE2_ON_PANIC)) {
struct bug_entry *bug = find_bug(elr_in_kimg);
if (bug)
diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S
index eef15b374abb..3092befcd97c 100644
--- a/arch/arm64/kvm/hyp/nvhe/host.S
+++ b/arch/arm64/kvm/hyp/nvhe/host.S
@@ -120,7 +120,7 @@ SYM_FUNC_START(__hyp_do_panic)
mov x29, x0
-#ifdef CONFIG_NVHE_EL2_DEBUG
+#ifdef PKVM_DISABLE_STAGE2_ON_PANIC
/* Ensure host stage-2 is disabled */
mrs x0, hcr_el2
bic x0, x0, #HCR_VM
diff --git a/arch/arm64/kvm/hyp/nvhe/stacktrace.c b/arch/arm64/kvm/hyp/nvhe/stacktrace.c
index 5b6eeab1a774..7c832d60d22b 100644
--- a/arch/arm64/kvm/hyp/nvhe/stacktrace.c
+++ b/arch/arm64/kvm/hyp/nvhe/stacktrace.c
@@ -34,7 +34,7 @@ static void hyp_prepare_backtrace(unsigned long fp, unsigned long pc)
stacktrace_info->pc = pc;
}
-#ifdef CONFIG_PROTECTED_NVHE_STACKTRACE
+#ifdef CONFIG_PKVM_STACKTRACE
#include <asm/stacktrace/nvhe.h>
DEFINE_PER_CPU(unsigned long [NVHE_STACKTRACE_SIZE/sizeof(long)], pkvm_stacktrace);
@@ -134,11 +134,11 @@ static void pkvm_save_backtrace(unsigned long fp, unsigned long pc)
unwind(&state, pkvm_save_backtrace_entry, &idx);
}
-#else /* !CONFIG_PROTECTED_NVHE_STACKTRACE */
+#else /* !CONFIG_PKVM_STACKTRACE */
static void pkvm_save_backtrace(unsigned long fp, unsigned long pc)
{
}
-#endif /* CONFIG_PROTECTED_NVHE_STACKTRACE */
+#endif /* CONFIG_PKVM_STACKTRACE */
/*
* kvm_nvhe_prepare_backtrace - prepare to dump the nVHE backtrace
diff --git a/arch/arm64/kvm/stacktrace.c b/arch/arm64/kvm/stacktrace.c
index af5eec681127..9724c320126b 100644
--- a/arch/arm64/kvm/stacktrace.c
+++ b/arch/arm64/kvm/stacktrace.c
@@ -197,7 +197,7 @@ static void hyp_dump_backtrace(unsigned long hyp_offset)
kvm_nvhe_dump_backtrace_end();
}
-#ifdef CONFIG_PROTECTED_NVHE_STACKTRACE
+#ifdef CONFIG_PKVM_STACKTRACE
DECLARE_KVM_NVHE_PER_CPU(unsigned long [NVHE_STACKTRACE_SIZE/sizeof(long)],
pkvm_stacktrace);
@@ -225,12 +225,12 @@ static void pkvm_dump_backtrace(unsigned long hyp_offset)
kvm_nvhe_dump_backtrace_entry((void *)hyp_offset, stacktrace[i]);
kvm_nvhe_dump_backtrace_end();
}
-#else /* !CONFIG_PROTECTED_NVHE_STACKTRACE */
+#else /* !CONFIG_PKVM_STACKTRACE */
static void pkvm_dump_backtrace(unsigned long hyp_offset)
{
- kvm_err("Cannot dump pKVM nVHE stacktrace: !CONFIG_PROTECTED_NVHE_STACKTRACE\n");
+ kvm_err("Cannot dump pKVM nVHE stacktrace: !CONFIG_PKVM_STACKTRACE\n");
}
-#endif /* CONFIG_PROTECTED_NVHE_STACKTRACE */
+#endif /* CONFIG_PKVM_STACKTRACE */
/*
* kvm_nvhe_dump_backtrace - Dump KVM nVHE hypervisor backtrace.
--
2.53.0.335.g19a08e0c02-goog
next prev parent reply other threads:[~2026-02-19 15:04 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-19 15:02 [PATCH v12 00/30] Tracefs support for pKVM Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 01/30] ring-buffer: Add page statistics to the meta-page Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 02/30] ring-buffer: Store bpage pointers into subbuf_ids Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 03/30] ring-buffer: Introduce ring-buffer remotes Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 04/30] ring-buffer: Add non-consuming read for " Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 05/30] tracing: Introduce trace remotes Vincent Donnefort
2026-02-19 17:55 ` Steven Rostedt
2026-02-19 15:02 ` [PATCH v12 06/30] tracing: Add reset to " Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 07/30] tracing: Add non-consuming read " Vincent Donnefort
2026-02-19 17:55 ` Steven Rostedt
2026-02-19 15:02 ` [PATCH v12 08/30] tracing: Add init callback " Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 09/30] tracing: Add events " Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 10/30] tracing: Add events/ root files " Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 11/30] tracing: Add helpers to create trace remote events Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 12/30] ring-buffer: Export buffer_data_page and macros Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 13/30] tracing: Introduce simple_ring_buffer Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 14/30] tracing: Add a trace remote module for testing Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 15/30] tracing: selftests: Add trace remote tests Vincent Donnefort
2026-02-19 17:56 ` Steven Rostedt
2026-02-19 15:02 ` [PATCH v12 16/30] Documentation: tracing: Add tracing remotes Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 17/30] tracing: load/unload page callbacks for simple_ring_buffer Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 18/30] tracing: Check for undefined symbols in simple_ring_buffer Vincent Donnefort
2026-02-19 15:02 ` Vincent Donnefort [this message]
2026-02-19 15:02 ` [PATCH v12 20/30] KVM: arm64: Add clock support to nVHE/pKVM hyp Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 21/30] KVM: arm64: Initialise hyp_nr_cpus for nVHE hyp Vincent Donnefort
2026-02-19 15:02 ` [PATCH v12 22/30] KVM: arm64: Support unaligned fixmap in the pKVM hyp Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 23/30] KVM: arm64: Add tracing capability for the nVHE/pKVM hyp Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 24/30] KVM: arm64: Add trace remote " Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 25/30] KVM: arm64: Sync boot clock with " Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 26/30] KVM: arm64: Add trace reset to " Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 27/30] KVM: arm64: Add event support to the nVHE/pKVM hyp and trace remote Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 28/30] KVM: arm64: Add hyp_enter/hyp_exit events to nVHE/pKVM hyp Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 29/30] KVM: arm64: Add selftest event support " Vincent Donnefort
2026-02-19 15:03 ` [PATCH v12 30/30] tracing: selftests: Add hypervisor trace remote tests Vincent Donnefort
2026-02-19 18:02 ` [PATCH v12 00/30] Tracefs support for pKVM Steven Rostedt
2026-02-19 19:11 ` Marc Zyngier
2026-03-05 16:17 ` Steven Rostedt
2026-03-05 18:35 ` Vincent Donnefort
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260219150307.14538-20-vdonnefort@google.com \
--to=vdonnefort@google.com \
--cc=aneesh.kumar@kernel.org \
--cc=joey.gouly@arm.com \
--cc=jstultz@google.com \
--cc=kaleshsingh@google.com \
--cc=kernel-team@android.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=maz@kernel.org \
--cc=mhiramat@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=rostedt@goodmis.org \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox