[PATCH 3/3] KVM: SVM: Make module params and other variables read-only after init
From: Sean Christopherson
Date: Wed Nov 09 2022 - 20:30:28 EST
Tag SVM's module params and global variables that are configured under
the svm_init() umbrella as read-only after init. The global knobs should
never change once KVM is fully loaded.
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/svm/svm.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index e96c808fa8d3..f13d96e1dd0c 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -168,70 +168,70 @@ static const struct svm_direct_access_msrs {
* count only mode.
*/
-static unsigned short pause_filter_thresh = KVM_DEFAULT_PLE_GAP;
+static unsigned short pause_filter_thresh __ro_after_init = KVM_DEFAULT_PLE_GAP;
module_param(pause_filter_thresh, ushort, 0444);
-static unsigned short pause_filter_count = KVM_SVM_DEFAULT_PLE_WINDOW;
+static unsigned short pause_filter_count __ro_after_init = KVM_SVM_DEFAULT_PLE_WINDOW;
module_param(pause_filter_count, ushort, 0444);
/* Default doubles per-vcpu window every exit. */
-static unsigned short pause_filter_count_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
+static unsigned short pause_filter_count_grow __ro_after_init = KVM_DEFAULT_PLE_WINDOW_GROW;
module_param(pause_filter_count_grow, ushort, 0444);
/* Default resets per-vcpu window every exit to pause_filter_count. */
-static unsigned short pause_filter_count_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
+static unsigned short pause_filter_count_shrink __ro_after_init = KVM_DEFAULT_PLE_WINDOW_SHRINK;
module_param(pause_filter_count_shrink, ushort, 0444);
/* Default is to compute the maximum so we can never overflow. */
-static unsigned short pause_filter_count_max = KVM_SVM_DEFAULT_PLE_WINDOW_MAX;
+static unsigned short pause_filter_count_max __ro_after_init = KVM_SVM_DEFAULT_PLE_WINDOW_MAX;
module_param(pause_filter_count_max, ushort, 0444);
/*
* Use nested page tables by default. Note, NPT may get forced off by
* svm_hardware_setup() if it's unsupported by hardware or the host kernel.
*/
-bool npt_enabled = true;
+bool npt_enabled __ro_after_init = true;
module_param_named(npt, npt_enabled, bool, 0444);
/* allow nested virtualization in KVM/SVM */
-static int nested = true;
+static int nested __ro_after_init = true;
module_param(nested, int, S_IRUGO);
/* enable/disable Next RIP Save */
-static int nrips = true;
+static int nrips __ro_after_init = true;
module_param(nrips, int, 0444);
/* enable/disable Virtual VMLOAD VMSAVE */
-static int vls = true;
+static int vls __ro_after_init = true;
module_param(vls, int, 0444);
/* enable/disable Virtual GIF */
-int vgif = true;
+int vgif __ro_after_init = true;
module_param(vgif, int, 0444);
/* enable/disable LBR virtualization */
-static int lbrv = true;
+static int lbrv __ro_after_init = true;
module_param(lbrv, int, 0444);
-static int tsc_scaling = true;
+static int tsc_scaling __ro_after_init = true;
module_param(tsc_scaling, int, 0444);
/*
* enable / disable AVIC. Because the defaults differ for APICv
* support between VMX and SVM we cannot use module_param_named.
*/
-static bool avic;
+static bool avic __ro_after_init;
module_param(avic, bool, 0444);
bool __read_mostly dump_invalid_vmcb;
module_param(dump_invalid_vmcb, bool, 0644);
-bool intercept_smi = true;
+bool intercept_smi __ro_after_init = true;
module_param(intercept_smi, bool, 0444);
-static bool svm_gp_erratum_intercept = true;
+static bool svm_gp_erratum_intercept __ro_after_init = true;
static u8 rsm_ins_bytes[] = "\x0f\xaa";
@@ -255,7 +255,7 @@ DEFINE_PER_CPU(struct svm_cpu_data, svm_data);
* RDTSCP and RDPID are not used in the kernel, specifically to allow KVM to
* defer the restoration of TSC_AUX until the CPU returns to userspace.
*/
-static int tsc_aux_uret_slot __read_mostly = -1;
+static int tsc_aux_uret_slot __ro_after_init = -1;
static const u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};
--
2.38.1.431.g37b22c650d-goog