From: Will Deacon <will@kernel.org>
To: kvmarm@lists.linux.dev
Cc: linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>,
Oliver Upton <oupton@kernel.org>, Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Quentin Perret <qperret@google.com>,
Fuad Tabba <tabba@google.com>,
Vincent Donnefort <vdonnefort@google.com>,
Mostafa Saleh <smostafa@google.com>,
Alexandru Elisei <alexandru.elisei@arm.com>
Subject: [PATCH v5 00/38] KVM: arm64: Add support for protected guest memory with pKVM
Date: Mon, 30 Mar 2026 15:48:01 +0100 [thread overview]
Message-ID: <20260330144841.26181-1-will@kernel.org> (raw)
Hi everyone,
As promised on Friday, here's v5 of the pKVM protected memory patches
previously posted here:
v1: https://lore.kernel.org/kvmarm/20260105154939.11041-1-will@kernel.org/
v2: https://lore.kernel.org/kvmarm/20260119124629.2563-1-will@kernel.org/
v3: https://lore.kernel.org/r/20260305144351.17071-1-will@kernel.org
v4: https://lore.kernel.org/r/20260327140039.21228-1-will@kernel.org
This version primarily addresses the comments from Sashiko that I think
are valid:
* Mask out page offset from physical address passed to "force reclaim"
hypercall.
* Check for 'is_dying' in get_pkvm_hyp_vm() to prevent taking a
reference on a VM in the process of being destroyed.
* Take the 'slots_lock' while creating the hyp vm to avoid racing with
check in kvm_arch_prepare_memory_region().
* Keep trying to reclaim pages from a dying guest if we fail part-way
through.
* Fix return value from pkvm_pgtable_stage2_test_clear_young() if it's
unexpectedly called for a pVM.
As before, I've pushed an updated branch with this series:
https://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git/log/?h=kvm/protected-memory
and the kvmtool patches are available at:
https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/?h=pkvm
Cheers,
Will
Cc: Marc Zyngier <maz@kernel.org>
Cc: Oliver Upton <oupton@kernel.org>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Zenghui Yu <yuzenghui@huawei.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Quentin Perret <qperret@google.com>
Cc: Fuad Tabba <tabba@google.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Cc: Mostafa Saleh <smostafa@google.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
--->8
Fuad Tabba (1):
KVM: arm64: Expose self-hosted debug regs as RAZ/WI for protected
guests
Quentin Perret (1):
KVM: arm64: Inject SIGSEGV on illegal accesses
Will Deacon (36):
KVM: arm64: Remove unused PKVM_ID_FFA definition
KVM: arm64: Don't leak stage-2 page-table if VM fails to init under
pKVM
KVM: arm64: Move handle check into pkvm_pgtable_stage2_destroy_range()
KVM: arm64: Rename __pkvm_pgtable_stage2_unmap()
KVM: arm64: Don't advertise unsupported features for protected guests
KVM: arm64: Remove is_protected_kvm_enabled() checks from hypercalls
KVM: arm64: Ignore MMU notifier callbacks for protected VMs
KVM: arm64: Prevent unsupported memslot operations on protected VMs
KVM: arm64: Ignore -EAGAIN when mapping in pages for the pKVM host
KVM: arm64: Split teardown hypercall into two phases
KVM: arm64: Introduce __pkvm_host_donate_guest()
KVM: arm64: Hook up donation hypercall to pkvm_pgtable_stage2_map()
KVM: arm64: Handle aborts from protected VMs
KVM: arm64: Introduce __pkvm_reclaim_dying_guest_page()
KVM: arm64: Hook up reclaim hypercall to pkvm_pgtable_stage2_destroy()
KVM: arm64: Factor out pKVM host exception injection logic
KVM: arm64: Support translation faults in inject_host_exception()
KVM: arm64: Avoid pointless annotation when mapping host-owned pages
KVM: arm64: Generalise kvm_pgtable_stage2_set_owner()
KVM: arm64: Introduce host_stage2_set_owner_metadata_locked()
KVM: arm64: Change 'pkvm_handle_t' to u16
KVM: arm64: Annotate guest donations with handle and gfn in host
stage-2
KVM: arm64: Introduce hypercall to force reclaim of a protected page
KVM: arm64: Reclaim faulting page from pKVM in spurious fault handler
KVM: arm64: Return -EFAULT from VCPU_RUN on access to a poisoned pte
KVM: arm64: Add hvc handler at EL2 for hypercalls from protected VMs
KVM: arm64: Implement the MEM_SHARE hypercall for protected VMs
KVM: arm64: Implement the MEM_UNSHARE hypercall for protected VMs
KVM: arm64: Allow userspace to create protected VMs when pKVM is
enabled
KVM: arm64: Add some initial documentation for pKVM
KVM: arm64: Extend pKVM page ownership selftests to cover guest
donation
KVM: arm64: Register 'selftest_vm' in the VM table
KVM: arm64: Extend pKVM page ownership selftests to cover forced
reclaim
KVM: arm64: Extend pKVM page ownership selftests to cover guest hvcs
KVM: arm64: Rename PKVM_PAGE_STATE_MASK
drivers/virt: pkvm: Add Kconfig dependency on DMA_RESTRICTED_POOL
.../admin-guide/kernel-parameters.txt | 4 +-
Documentation/virt/kvm/arm/index.rst | 1 +
Documentation/virt/kvm/arm/pkvm.rst | 106 ++++
arch/arm64/include/asm/kvm_asm.h | 31 +-
arch/arm64/include/asm/kvm_host.h | 9 +-
arch/arm64/include/asm/kvm_pgtable.h | 45 +-
arch/arm64/include/asm/kvm_pkvm.h | 4 +-
arch/arm64/include/asm/virt.h | 9 +
arch/arm64/kvm/arm.c | 12 +-
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 10 +-
arch/arm64/kvm/hyp/include/nvhe/memory.h | 12 +-
arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 7 +-
.../arm64/kvm/hyp/include/nvhe/trap_handler.h | 2 +
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 184 +++---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 587 ++++++++++++++++--
arch/arm64/kvm/hyp/nvhe/pkvm.c | 232 ++++++-
arch/arm64/kvm/hyp/nvhe/switch.c | 1 +
arch/arm64/kvm/hyp/nvhe/sys_regs.c | 8 +
arch/arm64/kvm/hyp/pgtable.c | 33 +-
arch/arm64/kvm/mmu.c | 114 +++-
arch/arm64/kvm/pkvm.c | 157 ++++-
arch/arm64/mm/fault.c | 33 +-
drivers/virt/coco/pkvm-guest/Kconfig | 2 +-
include/uapi/linux/kvm.h | 5 +
24 files changed, 1380 insertions(+), 228 deletions(-)
create mode 100644 Documentation/virt/kvm/arm/pkvm.rst
--
2.53.0.1018.g2bb0e51243-goog
next reply other threads:[~2026-03-30 14:48 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-30 14:48 Will Deacon [this message]
2026-03-30 14:48 ` [PATCH v5 01/38] KVM: arm64: Remove unused PKVM_ID_FFA definition Will Deacon
2026-03-30 14:48 ` [PATCH v5 02/38] KVM: arm64: Don't leak stage-2 page-table if VM fails to init under pKVM Will Deacon
2026-03-30 14:48 ` [PATCH v5 03/38] KVM: arm64: Move handle check into pkvm_pgtable_stage2_destroy_range() Will Deacon
2026-03-30 14:48 ` [PATCH v5 04/38] KVM: arm64: Rename __pkvm_pgtable_stage2_unmap() Will Deacon
2026-03-30 14:48 ` [PATCH v5 05/38] KVM: arm64: Don't advertise unsupported features for protected guests Will Deacon
2026-03-30 14:48 ` [PATCH v5 06/38] KVM: arm64: Expose self-hosted debug regs as RAZ/WI " Will Deacon
2026-03-30 14:48 ` [PATCH v5 07/38] KVM: arm64: Remove is_protected_kvm_enabled() checks from hypercalls Will Deacon
2026-03-30 14:48 ` [PATCH v5 08/38] KVM: arm64: Ignore MMU notifier callbacks for protected VMs Will Deacon
2026-03-30 14:48 ` [PATCH v5 09/38] KVM: arm64: Prevent unsupported memslot operations on " Will Deacon
2026-03-30 14:48 ` [PATCH v5 10/38] KVM: arm64: Ignore -EAGAIN when mapping in pages for the pKVM host Will Deacon
2026-03-30 14:48 ` [PATCH v5 11/38] KVM: arm64: Split teardown hypercall into two phases Will Deacon
2026-03-31 19:15 ` Mark Brown
2026-03-31 19:24 ` Will Deacon
2026-04-01 13:35 ` Mark Brown
2026-03-30 14:48 ` [PATCH v5 12/38] KVM: arm64: Introduce __pkvm_host_donate_guest() Will Deacon
2026-03-30 14:48 ` [PATCH v5 13/38] KVM: arm64: Hook up donation hypercall to pkvm_pgtable_stage2_map() Will Deacon
2026-03-30 14:48 ` [PATCH v5 14/38] KVM: arm64: Handle aborts from protected VMs Will Deacon
2026-03-30 14:48 ` [PATCH v5 15/38] KVM: arm64: Introduce __pkvm_reclaim_dying_guest_page() Will Deacon
2026-03-30 14:48 ` [PATCH v5 16/38] KVM: arm64: Hook up reclaim hypercall to pkvm_pgtable_stage2_destroy() Will Deacon
2026-03-30 14:48 ` [PATCH v5 17/38] KVM: arm64: Factor out pKVM host exception injection logic Will Deacon
2026-03-30 14:48 ` [PATCH v5 18/38] KVM: arm64: Support translation faults in inject_host_exception() Will Deacon
2026-03-30 14:48 ` [PATCH v5 19/38] KVM: arm64: Inject SIGSEGV on illegal accesses Will Deacon
2026-03-30 14:48 ` [PATCH v5 20/38] KVM: arm64: Avoid pointless annotation when mapping host-owned pages Will Deacon
2026-03-30 14:48 ` [PATCH v5 21/38] KVM: arm64: Generalise kvm_pgtable_stage2_set_owner() Will Deacon
2026-03-30 14:48 ` [PATCH v5 22/38] KVM: arm64: Introduce host_stage2_set_owner_metadata_locked() Will Deacon
2026-03-30 14:48 ` [PATCH v5 23/38] KVM: arm64: Change 'pkvm_handle_t' to u16 Will Deacon
2026-03-30 14:48 ` [PATCH v5 24/38] KVM: arm64: Annotate guest donations with handle and gfn in host stage-2 Will Deacon
2026-03-30 14:48 ` [PATCH v5 25/38] KVM: arm64: Introduce hypercall to force reclaim of a protected page Will Deacon
2026-03-30 14:48 ` [PATCH v5 26/38] KVM: arm64: Reclaim faulting page from pKVM in spurious fault handler Will Deacon
2026-03-30 14:48 ` [PATCH v5 27/38] KVM: arm64: Return -EFAULT from VCPU_RUN on access to a poisoned pte Will Deacon
2026-03-30 14:48 ` [PATCH v5 28/38] KVM: arm64: Add hvc handler at EL2 for hypercalls from protected VMs Will Deacon
2026-03-30 14:48 ` [PATCH v5 29/38] KVM: arm64: Implement the MEM_SHARE hypercall for " Will Deacon
2026-03-30 14:48 ` [PATCH v5 30/38] KVM: arm64: Implement the MEM_UNSHARE " Will Deacon
2026-03-30 14:48 ` [PATCH v5 31/38] KVM: arm64: Allow userspace to create protected VMs when pKVM is enabled Will Deacon
2026-03-30 14:48 ` [PATCH v5 32/38] KVM: arm64: Add some initial documentation for pKVM Will Deacon
2026-03-30 14:48 ` [PATCH v5 33/38] KVM: arm64: Extend pKVM page ownership selftests to cover guest donation Will Deacon
2026-03-30 14:48 ` [PATCH v5 34/38] KVM: arm64: Register 'selftest_vm' in the VM table Will Deacon
2026-03-30 14:48 ` [PATCH v5 35/38] KVM: arm64: Extend pKVM page ownership selftests to cover forced reclaim Will Deacon
2026-03-30 14:48 ` [PATCH v5 36/38] KVM: arm64: Extend pKVM page ownership selftests to cover guest hvcs Will Deacon
2026-03-30 14:48 ` [PATCH v5 37/38] KVM: arm64: Rename PKVM_PAGE_STATE_MASK Will Deacon
2026-03-30 14:48 ` [PATCH v5 38/38] drivers/virt: pkvm: Add Kconfig dependency on DMA_RESTRICTED_POOL Will Deacon
2026-04-01 15:28 ` [PATCH v5 00/38] KVM: arm64: Add support for protected guest memory with pKVM Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260330144841.26181-1-will@kernel.org \
--to=will@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=qperret@google.com \
--cc=smostafa@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vdonnefort@google.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.