On Mon, Jan 26, 2026 at 2:44 AM Vincent Donnefort <[email protected]> wrote: > > On NVHE_EL2_DEBUG, when using pKVM, the host stage-2 is relaxed to grant > the kernel access to the stacktrace, hypervisor bug table and text to > symbolize addresses. This is unsafe for production. In preparation for > adding more debug options to NVHE_EL2_DEBUG, decouple the stage-2 > relaxation into a separate option. > > While at it, rename PROTECTED_NVHE_STACKTRACE into PKVM_STACKTRACE, > following the same naming scheme as PKVM_DISABLE_STAGE2_ON_PANIC. > > Cc: Kalesh Singh <[email protected]> > Signed-off-by: Vincent Donnefort <[email protected]>
Reviewed-by: Kalesh Singh <[email protected]> Thanks, Kalesh > > diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig > index 4f803fd1c99a..6498dec00fe9 100644 > --- a/arch/arm64/kvm/Kconfig > +++ b/arch/arm64/kvm/Kconfig > @@ -43,9 +43,27 @@ menuconfig KVM > > If unsure, say N. > > +if KVM > + > +config PTDUMP_STAGE2_DEBUGFS > + bool "Present the stage-2 pagetables to debugfs" > + depends on DEBUG_KERNEL > + depends on DEBUG_FS > + depends on ARCH_HAS_PTDUMP > + select PTDUMP > + default n > + help > + Say Y here if you want to show the stage-2 kernel pagetables > + layout in a debugfs file. This information is only useful for > kernel developers > + who are working in architecture specific areas of the kernel. > + It is probably not a good idea to enable this feature in a > production > + kernel. > + > + If in doubt, say N. > + > config NVHE_EL2_DEBUG > bool "Debug mode for non-VHE EL2 object" > - depends on KVM > + default n > help > Say Y here to enable the debug mode for the non-VHE KVM EL2 object. > Failure reports will BUG() in the hypervisor. This is intended for > @@ -53,10 +71,23 @@ config NVHE_EL2_DEBUG > > If unsure, say N. > > -config PROTECTED_NVHE_STACKTRACE > - bool "Protected KVM hypervisor stacktraces" > - depends on NVHE_EL2_DEBUG > +if NVHE_EL2_DEBUG > + > +config PKVM_DISABLE_STAGE2_ON_PANIC > + bool "Disable the host stage-2 on panic" > default n > + help > + Relax the host stage-2 on hypervisor panic to allow the kernel to > + unwind and symbolize the hypervisor stacktrace. This however tampers > + the system security. This is intended for local EL2 hypervisor > + development. > + > + If unsure, say N. > + > +config PKVM_STACKTRACE > + bool "Protected KVM hypervisor stacktraces" > + depends on PKVM_DISABLE_STAGE2_ON_PANIC > + default y > help > Say Y here to enable pKVM hypervisor stacktraces on hyp_panic() > > @@ -66,21 +97,6 @@ config PROTECTED_NVHE_STACKTRACE > > If unsure, or not using protected nVHE (pKVM), say N. > > -config PTDUMP_STAGE2_DEBUGFS > - bool "Present the stage-2 pagetables to debugfs" > - depends on KVM > - depends on DEBUG_KERNEL > - depends on DEBUG_FS > - depends on ARCH_HAS_PTDUMP > - select PTDUMP > - default n > - help > - Say Y here if you want to show the stage-2 kernel pagetables > - layout in a debugfs file. This information is only useful for > kernel developers > - who are working in architecture specific areas of the kernel. > - It is probably not a good idea to enable this feature in a > production > - kernel. > - > - If in doubt, say N. > - > +endif # NVHE_EL2_DEBUG > +endif # KVM > endif # VIRTUALIZATION > diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c > index cc7d5d1709cb..54aedf93c78b 100644 > --- a/arch/arm64/kvm/handle_exit.c > +++ b/arch/arm64/kvm/handle_exit.c > @@ -539,7 +539,7 @@ void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, > u64 spsr, > > /* All hyp bugs, including warnings, are treated as fatal. */ > if (!is_protected_kvm_enabled() || > - IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) { > + IS_ENABLED(CONFIG_PKVM_DISABLE_STAGE2_ON_PANIC)) { > struct bug_entry *bug = find_bug(elr_in_kimg); > > if (bug) > diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S > index eef15b374abb..3092befcd97c 100644 > --- a/arch/arm64/kvm/hyp/nvhe/host.S > +++ b/arch/arm64/kvm/hyp/nvhe/host.S > @@ -120,7 +120,7 @@ SYM_FUNC_START(__hyp_do_panic) > > mov x29, x0 > > -#ifdef CONFIG_NVHE_EL2_DEBUG > +#ifdef PKVM_DISABLE_STAGE2_ON_PANIC > /* Ensure host stage-2 is disabled */ > mrs x0, hcr_el2 > bic x0, x0, #HCR_VM > diff --git a/arch/arm64/kvm/hyp/nvhe/stacktrace.c > b/arch/arm64/kvm/hyp/nvhe/stacktrace.c > index 5b6eeab1a774..7c832d60d22b 100644 > --- a/arch/arm64/kvm/hyp/nvhe/stacktrace.c > +++ b/arch/arm64/kvm/hyp/nvhe/stacktrace.c > @@ -34,7 +34,7 @@ static void hyp_prepare_backtrace(unsigned long fp, > unsigned long pc) > stacktrace_info->pc = pc; > } > > -#ifdef CONFIG_PROTECTED_NVHE_STACKTRACE > +#ifdef CONFIG_PKVM_STACKTRACE > #include <asm/stacktrace/nvhe.h> > > DEFINE_PER_CPU(unsigned long [NVHE_STACKTRACE_SIZE/sizeof(long)], > pkvm_stacktrace); > @@ -134,11 +134,11 @@ static void pkvm_save_backtrace(unsigned long fp, > unsigned long pc) > > unwind(&state, pkvm_save_backtrace_entry, &idx); > } > -#else /* !CONFIG_PROTECTED_NVHE_STACKTRACE */ > +#else /* !CONFIG_PKVM_STACKTRACE */ > static void pkvm_save_backtrace(unsigned long fp, unsigned long pc) > { > } > -#endif /* CONFIG_PROTECTED_NVHE_STACKTRACE */ > +#endif /* CONFIG_PKVM_STACKTRACE */ > > /* > * kvm_nvhe_prepare_backtrace - prepare to dump the nVHE backtrace > diff --git a/arch/arm64/kvm/stacktrace.c b/arch/arm64/kvm/stacktrace.c > index af5eec681127..9724c320126b 100644 > --- a/arch/arm64/kvm/stacktrace.c > +++ b/arch/arm64/kvm/stacktrace.c > @@ -197,7 +197,7 @@ static void hyp_dump_backtrace(unsigned long hyp_offset) > kvm_nvhe_dump_backtrace_end(); > } > > -#ifdef CONFIG_PROTECTED_NVHE_STACKTRACE > +#ifdef CONFIG_PKVM_STACKTRACE > DECLARE_KVM_NVHE_PER_CPU(unsigned long [NVHE_STACKTRACE_SIZE/sizeof(long)], > pkvm_stacktrace); > > @@ -225,12 +225,12 @@ static void pkvm_dump_backtrace(unsigned long > hyp_offset) > kvm_nvhe_dump_backtrace_entry((void *)hyp_offset, > stacktrace[i]); > kvm_nvhe_dump_backtrace_end(); > } > -#else /* !CONFIG_PROTECTED_NVHE_STACKTRACE */ > +#else /* !CONFIG_PKVM_STACKTRACE */ > static void pkvm_dump_backtrace(unsigned long hyp_offset) > { > - kvm_err("Cannot dump pKVM nVHE stacktrace: > !CONFIG_PROTECTED_NVHE_STACKTRACE\n"); > + kvm_err("Cannot dump pKVM nVHE stacktrace: > !CONFIG_PKVM_STACKTRACE\n"); > } > -#endif /* CONFIG_PROTECTED_NVHE_STACKTRACE */ > +#endif /* CONFIG_PKVM_STACKTRACE */ > > /* > * kvm_nvhe_dump_backtrace - Dump KVM nVHE hypervisor backtrace. > -- > 2.52.0.457.g6b5491de43-goog >
