From: Will Deacon <will@kernel.org>
To: kvmarm@lists.linux.dev
Cc: linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>,
Oliver Upton <oupton@kernel.org>, Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Quentin Perret <qperret@google.com>,
Fuad Tabba <tabba@google.com>,
Vincent Donnefort <vdonnefort@google.com>,
Mostafa Saleh <smostafa@google.com>,
Alexandru Elisei <alexandru.elisei@arm.com>
Subject: [PATCH v5 13/38] KVM: arm64: Hook up donation hypercall to pkvm_pgtable_stage2_map()
Date: Mon, 30 Mar 2026 15:48:14 +0100 [thread overview]
Message-ID: <20260330144841.26181-14-will@kernel.org> (raw)
In-Reply-To: <20260330144841.26181-1-will@kernel.org>
Mapping pages into a protected guest requires the donation of memory
from the host.
Extend pkvm_pgtable_stage2_map() to issue a donate hypercall when the
target VM is protected. Since the hypercall only handles a single page,
the splitting logic used for the share path is not required.
Tested-by: Fuad Tabba <tabba@google.com>
Tested-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/kvm/pkvm.c | 58 ++++++++++++++++++++++++++++++-------------
1 file changed, 41 insertions(+), 17 deletions(-)
diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c
index ea7f267ee7ad..7d0fe36fd8dc 100644
--- a/arch/arm64/kvm/pkvm.c
+++ b/arch/arm64/kvm/pkvm.c
@@ -379,31 +379,55 @@ int pkvm_pgtable_stage2_map(struct kvm_pgtable *pgt, u64 addr, u64 size,
struct kvm_hyp_memcache *cache = mc;
u64 gfn = addr >> PAGE_SHIFT;
u64 pfn = phys >> PAGE_SHIFT;
+ u64 end = addr + size;
int ret;
- if (size != PAGE_SIZE && size != PMD_SIZE)
- return -EINVAL;
-
lockdep_assert_held_write(&kvm->mmu_lock);
+ mapping = pkvm_mapping_iter_first(&pgt->pkvm_mappings, addr, end - 1);
- /*
- * Calling stage2_map() on top of existing mappings is either happening because of a race
- * with another vCPU, or because we're changing between page and block mappings. As per
- * user_mem_abort(), same-size permission faults are handled in the relax_perms() path.
- */
- mapping = pkvm_mapping_iter_first(&pgt->pkvm_mappings, addr, addr + size - 1);
- if (mapping) {
- if (size == (mapping->nr_pages * PAGE_SIZE))
+ if (kvm_vm_is_protected(kvm)) {
+ /* Protected VMs are mapped using RWX page-granular mappings */
+ if (WARN_ON_ONCE(size != PAGE_SIZE))
+ return -EINVAL;
+
+ if (WARN_ON_ONCE(prot != KVM_PGTABLE_PROT_RWX))
+ return -EINVAL;
+
+ /*
+ * We raced with another vCPU.
+ */
+ if (mapping)
return -EAGAIN;
- /* Remove _any_ pkvm_mapping overlapping with the range, bigger or smaller. */
- ret = __pkvm_pgtable_stage2_unshare(pgt, addr, addr + size);
- if (ret)
- return ret;
- mapping = NULL;
+ ret = kvm_call_hyp_nvhe(__pkvm_host_donate_guest, pfn, gfn);
+ } else {
+ if (WARN_ON_ONCE(size != PAGE_SIZE && size != PMD_SIZE))
+ return -EINVAL;
+
+ /*
+ * We either raced with another vCPU or we're changing between
+ * page and block mappings. As per user_mem_abort(), same-size
+ * permission faults are handled in the relax_perms() path.
+ */
+ if (mapping) {
+ if (size == (mapping->nr_pages * PAGE_SIZE))
+ return -EAGAIN;
+
+ /*
+ * Remove _any_ pkvm_mapping overlapping with the range,
+ * bigger or smaller.
+ */
+ ret = __pkvm_pgtable_stage2_unshare(pgt, addr, end);
+ if (ret)
+ return ret;
+
+ mapping = NULL;
+ }
+
+ ret = kvm_call_hyp_nvhe(__pkvm_host_share_guest, pfn, gfn,
+ size / PAGE_SIZE, prot);
}
- ret = kvm_call_hyp_nvhe(__pkvm_host_share_guest, pfn, gfn, size / PAGE_SIZE, prot);
if (WARN_ON(ret))
return ret;
--
2.53.0.1018.g2bb0e51243-goog
next prev parent reply other threads:[~2026-03-30 14:49 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-30 14:48 [PATCH v5 00/38] KVM: arm64: Add support for protected guest memory with pKVM Will Deacon
2026-03-30 14:48 ` [PATCH v5 01/38] KVM: arm64: Remove unused PKVM_ID_FFA definition Will Deacon
2026-03-30 14:48 ` [PATCH v5 02/38] KVM: arm64: Don't leak stage-2 page-table if VM fails to init under pKVM Will Deacon
2026-03-30 14:48 ` [PATCH v5 03/38] KVM: arm64: Move handle check into pkvm_pgtable_stage2_destroy_range() Will Deacon
2026-03-30 14:48 ` [PATCH v5 04/38] KVM: arm64: Rename __pkvm_pgtable_stage2_unmap() Will Deacon
2026-03-30 14:48 ` [PATCH v5 05/38] KVM: arm64: Don't advertise unsupported features for protected guests Will Deacon
2026-03-30 14:48 ` [PATCH v5 06/38] KVM: arm64: Expose self-hosted debug regs as RAZ/WI " Will Deacon
2026-03-30 14:48 ` [PATCH v5 07/38] KVM: arm64: Remove is_protected_kvm_enabled() checks from hypercalls Will Deacon
2026-03-30 14:48 ` [PATCH v5 08/38] KVM: arm64: Ignore MMU notifier callbacks for protected VMs Will Deacon
2026-03-30 14:48 ` [PATCH v5 09/38] KVM: arm64: Prevent unsupported memslot operations on " Will Deacon
2026-03-30 14:48 ` [PATCH v5 10/38] KVM: arm64: Ignore -EAGAIN when mapping in pages for the pKVM host Will Deacon
2026-03-30 14:48 ` [PATCH v5 11/38] KVM: arm64: Split teardown hypercall into two phases Will Deacon
2026-03-31 19:15 ` Mark Brown
2026-03-31 19:24 ` Will Deacon
2026-04-01 13:35 ` Mark Brown
2026-03-30 14:48 ` [PATCH v5 12/38] KVM: arm64: Introduce __pkvm_host_donate_guest() Will Deacon
2026-03-30 14:48 ` Will Deacon [this message]
2026-03-30 14:48 ` [PATCH v5 14/38] KVM: arm64: Handle aborts from protected VMs Will Deacon
2026-03-30 14:48 ` [PATCH v5 15/38] KVM: arm64: Introduce __pkvm_reclaim_dying_guest_page() Will Deacon
2026-03-30 14:48 ` [PATCH v5 16/38] KVM: arm64: Hook up reclaim hypercall to pkvm_pgtable_stage2_destroy() Will Deacon
2026-03-30 14:48 ` [PATCH v5 17/38] KVM: arm64: Factor out pKVM host exception injection logic Will Deacon
2026-03-30 14:48 ` [PATCH v5 18/38] KVM: arm64: Support translation faults in inject_host_exception() Will Deacon
2026-03-30 14:48 ` [PATCH v5 19/38] KVM: arm64: Inject SIGSEGV on illegal accesses Will Deacon
2026-03-30 14:48 ` [PATCH v5 20/38] KVM: arm64: Avoid pointless annotation when mapping host-owned pages Will Deacon
2026-03-30 14:48 ` [PATCH v5 21/38] KVM: arm64: Generalise kvm_pgtable_stage2_set_owner() Will Deacon
2026-03-30 14:48 ` [PATCH v5 22/38] KVM: arm64: Introduce host_stage2_set_owner_metadata_locked() Will Deacon
2026-03-30 14:48 ` [PATCH v5 23/38] KVM: arm64: Change 'pkvm_handle_t' to u16 Will Deacon
2026-03-30 14:48 ` [PATCH v5 24/38] KVM: arm64: Annotate guest donations with handle and gfn in host stage-2 Will Deacon
2026-03-30 14:48 ` [PATCH v5 25/38] KVM: arm64: Introduce hypercall to force reclaim of a protected page Will Deacon
2026-03-30 14:48 ` [PATCH v5 26/38] KVM: arm64: Reclaim faulting page from pKVM in spurious fault handler Will Deacon
2026-03-30 14:48 ` [PATCH v5 27/38] KVM: arm64: Return -EFAULT from VCPU_RUN on access to a poisoned pte Will Deacon
2026-03-30 14:48 ` [PATCH v5 28/38] KVM: arm64: Add hvc handler at EL2 for hypercalls from protected VMs Will Deacon
2026-03-30 14:48 ` [PATCH v5 29/38] KVM: arm64: Implement the MEM_SHARE hypercall for " Will Deacon
2026-03-30 14:48 ` [PATCH v5 30/38] KVM: arm64: Implement the MEM_UNSHARE " Will Deacon
2026-03-30 14:48 ` [PATCH v5 31/38] KVM: arm64: Allow userspace to create protected VMs when pKVM is enabled Will Deacon
2026-03-30 14:48 ` [PATCH v5 32/38] KVM: arm64: Add some initial documentation for pKVM Will Deacon
2026-03-30 14:48 ` [PATCH v5 33/38] KVM: arm64: Extend pKVM page ownership selftests to cover guest donation Will Deacon
2026-03-30 14:48 ` [PATCH v5 34/38] KVM: arm64: Register 'selftest_vm' in the VM table Will Deacon
2026-03-30 14:48 ` [PATCH v5 35/38] KVM: arm64: Extend pKVM page ownership selftests to cover forced reclaim Will Deacon
2026-03-30 14:48 ` [PATCH v5 36/38] KVM: arm64: Extend pKVM page ownership selftests to cover guest hvcs Will Deacon
2026-03-30 14:48 ` [PATCH v5 37/38] KVM: arm64: Rename PKVM_PAGE_STATE_MASK Will Deacon
2026-03-30 14:48 ` [PATCH v5 38/38] drivers/virt: pkvm: Add Kconfig dependency on DMA_RESTRICTED_POOL Will Deacon
2026-04-01 15:28 ` [PATCH v5 00/38] KVM: arm64: Add support for protected guest memory with pKVM Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260330144841.26181-14-will@kernel.org \
--to=will@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=qperret@google.com \
--cc=smostafa@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vdonnefort@google.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.