KVM: arm64: Allow userspace to create protected VMs when pKVM is enabled

Introduce a new VM type for KVM/arm64 to allow userspace to request the creation of a "protected VM" when the host has booted with pKVM enabled. For now, this feature results in a taint on first use as many aspects of a protected VM are not yet protected! Tested-by: Fuad Tabba <tabba@google.com> Tested-by: Mostafa Saleh <smostafa@google.com> Signed-off-by: Will Deacon <will@kernel.org> Link: https://patch.msgid.link/20260330144841.26181-32-will@kernel.org Signed-off-by: Marc Zyngier <maz@kernel.org>
author: Will Deacon <will@kernel.org> 2026-03-30 15:48:32 +0100
committer: Marc Zyngier <maz@kernel.org> 2026-03-30 16:58:09 +0100
commit: 8800dbf6614aad1013ea5f348520a2ce5ba4b6c8 (patch)
tree: 8a1e58652a70ffedf4c12e4124a315e638142498 /include/uapi
parent: 246c976c370de9380660e2bb641758dc0aae8c5c (diff)
download: lwn-8800dbf6614aad1013ea5f348520a2ce5ba4b6c8.tar.gz
lwn-8800dbf6614aad1013ea5f348520a2ce5ba4b6c8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 80364d4dbebb..073b2bcaf560 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -703,6 +703,11 @@ struct kvm_enable_cap {
 #define KVM_VM_TYPE_ARM_IPA_SIZE_MASK	0xffULL
 #define KVM_VM_TYPE_ARM_IPA_SIZE(x)		\
 	((x) & KVM_VM_TYPE_ARM_IPA_SIZE_MASK)
+
+#define KVM_VM_TYPE_ARM_PROTECTED	(1UL << 31)
+#define KVM_VM_TYPE_ARM_MASK		(KVM_VM_TYPE_ARM_IPA_SIZE_MASK | \
+					 KVM_VM_TYPE_ARM_PROTECTED)
+
 /*
  * ioctls for /dev/kvm fds:
  */
author	Will Deacon <will@kernel.org>	2026-03-30 15:48:32 +0100
committer	Marc Zyngier <maz@kernel.org>	2026-03-30 16:58:09 +0100
commit	8800dbf6614aad1013ea5f348520a2ce5ba4b6c8 (patch)
tree	8a1e58652a70ffedf4c12e4124a315e638142498 /include/uapi
parent	246c976c370de9380660e2bb641758dc0aae8c5c (diff)
download	lwn-8800dbf6614aad1013ea5f348520a2ce5ba4b6c8.tar.gz lwn-8800dbf6614aad1013ea5f348520a2ce5ba4b6c8.zip