From: tabba@google.com
To: Marc Zyngier <maz@kernel.org>, Oliver Upton <oupton@kernel.org>
Cc: Fuad Tabba <tabba@google.com>, Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Quentin Perret <qperret@google.com>,
Vincent Donnefort <vdonnefort@google.com>,
Sebastian Ene <sebastianene@google.com>,
Per Larsen <perlarsen@google.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Joey Gouly <joey.gouly@arm.com>,
Steffen Eiden <seiden@linux.ibm.com>,
Mark Rutland <mark.rutland@arm.com>,
Jonathan Cameron <jonathan.cameron@huawei.com>,
Hyunwoo Kim <imv4bel@gmail.com>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
linux-kernel@vger.kernel.org
Subject: [PATCH v1 03/11] KVM: arm64: Use guard()/scoped_guard() in arm64 KVM EL1 code
Date: Fri, 12 Jun 2026 07:59:17 +0100 [thread overview]
Message-ID: <20260612065925.755562-4-tabba@google.com> (raw)
In-Reply-To: <20260612065925.755562-1-tabba@google.com>
Convert the manual mutex_lock()/spin_lock() pairs in
arch/arm64/kvm/{pkvm,arm,mmu,reset,psci}.c to guard(mutex),
guard(spinlock) and scoped_guard(), dropping unlock-only goto labels in
favour of direct returns. Centralised cleanup gotos that still serve
other resources are preserved.
reset.c uses scoped_guard() rather than guard() so the lock covers only
the small read/update window inside kvm_reset_vcpu(), leaving the rest
of the function outside the critical section.
Signed-off-by: Fuad Tabba <tabba@google.com>
---
arch/arm64/kvm/arm.c | 14 +++-----
arch/arm64/kvm/mmu.c | 80 +++++++++++++++---------------------------
arch/arm64/kvm/pkvm.c | 26 ++++++--------
arch/arm64/kvm/psci.c | 17 ++++-----
arch/arm64/kvm/reset.c | 8 ++---
5 files changed, 53 insertions(+), 92 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 9453321ef8c6..c9f36932c980 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -793,9 +793,7 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
struct kvm_mp_state *mp_state)
{
- int ret = 0;
-
- spin_lock(&vcpu->arch.mp_state_lock);
+ guard(spinlock)(&vcpu->arch.mp_state_lock);
switch (mp_state->mp_state) {
case KVM_MP_STATE_RUNNABLE:
@@ -808,12 +806,10 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
kvm_arm_vcpu_suspend(vcpu);
break;
default:
- ret = -EINVAL;
+ return -EINVAL;
}
- spin_unlock(&vcpu->arch.mp_state_lock);
-
- return ret;
+ return 0;
}
/**
@@ -1726,15 +1722,13 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
/*
* Handle the "start in power-off" case.
*/
- spin_lock(&vcpu->arch.mp_state_lock);
+ guard(spinlock)(&vcpu->arch.mp_state_lock);
if (power_off)
__kvm_arm_vcpu_power_off(vcpu);
else
WRITE_ONCE(vcpu->arch.mp_state.mp_state, KVM_MP_STATE_RUNNABLE);
- spin_unlock(&vcpu->arch.mp_state_lock);
-
return 0;
}
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 4da9281312eb..d18f4ce7ceae 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -391,13 +391,13 @@ static void stage2_flush_vm(struct kvm *kvm)
*/
void __init free_hyp_pgds(void)
{
- mutex_lock(&kvm_hyp_pgd_mutex);
- if (hyp_pgtable) {
- kvm_pgtable_hyp_destroy(hyp_pgtable);
- kfree(hyp_pgtable);
- hyp_pgtable = NULL;
- }
- mutex_unlock(&kvm_hyp_pgd_mutex);
+ guard(mutex)(&kvm_hyp_pgd_mutex);
+ if (!hyp_pgtable)
+ return;
+
+ kvm_pgtable_hyp_destroy(hyp_pgtable);
+ kfree(hyp_pgtable);
+ hyp_pgtable = NULL;
}
static bool kvm_host_owns_hyp_mappings(void)
@@ -424,16 +424,11 @@ static bool kvm_host_owns_hyp_mappings(void)
int __create_hyp_mappings(unsigned long start, unsigned long size,
unsigned long phys, enum kvm_pgtable_prot prot)
{
- int err;
-
if (WARN_ON(!kvm_host_owns_hyp_mappings()))
return -EINVAL;
- mutex_lock(&kvm_hyp_pgd_mutex);
- err = kvm_pgtable_hyp_map(hyp_pgtable, start, size, phys, prot);
- mutex_unlock(&kvm_hyp_pgd_mutex);
-
- return err;
+ guard(mutex)(&kvm_hyp_pgd_mutex);
+ return kvm_pgtable_hyp_map(hyp_pgtable, start, size, phys, prot);
}
static phys_addr_t kvm_kaddr_to_phys(void *kaddr)
@@ -481,56 +476,42 @@ static int share_pfn_hyp(u64 pfn)
{
struct rb_node **node, *parent;
struct hyp_shared_pfn *this;
- int ret = 0;
- mutex_lock(&hyp_shared_pfns_lock);
+ guard(mutex)(&hyp_shared_pfns_lock);
this = find_shared_pfn(pfn, &node, &parent);
if (this) {
this->count++;
- goto unlock;
+ return 0;
}
this = kzalloc_obj(*this);
- if (!this) {
- ret = -ENOMEM;
- goto unlock;
- }
+ if (!this)
+ return -ENOMEM;
this->pfn = pfn;
this->count = 1;
rb_link_node(&this->node, parent, node);
rb_insert_color(&this->node, &hyp_shared_pfns);
- ret = kvm_call_hyp_nvhe(__pkvm_host_share_hyp, pfn);
-unlock:
- mutex_unlock(&hyp_shared_pfns_lock);
-
- return ret;
+ return kvm_call_hyp_nvhe(__pkvm_host_share_hyp, pfn);
}
static int unshare_pfn_hyp(u64 pfn)
{
struct rb_node **node, *parent;
struct hyp_shared_pfn *this;
- int ret = 0;
- mutex_lock(&hyp_shared_pfns_lock);
+ guard(mutex)(&hyp_shared_pfns_lock);
this = find_shared_pfn(pfn, &node, &parent);
- if (WARN_ON(!this)) {
- ret = -ENOENT;
- goto unlock;
- }
+ if (WARN_ON(!this))
+ return -ENOENT;
this->count--;
if (this->count)
- goto unlock;
+ return 0;
rb_erase(&this->node, &hyp_shared_pfns);
kfree(this);
- ret = kvm_call_hyp_nvhe(__pkvm_host_unshare_hyp, pfn);
-unlock:
- mutex_unlock(&hyp_shared_pfns_lock);
-
- return ret;
+ return kvm_call_hyp_nvhe(__pkvm_host_unshare_hyp, pfn);
}
int kvm_share_hyp(void *from, void *to)
@@ -655,7 +636,7 @@ int hyp_alloc_private_va_range(size_t size, unsigned long *haddr)
unsigned long base;
int ret = 0;
- mutex_lock(&kvm_hyp_pgd_mutex);
+ guard(mutex)(&kvm_hyp_pgd_mutex);
/*
* This assumes that we have enough space below the idmap
@@ -670,8 +651,6 @@ int hyp_alloc_private_va_range(size_t size, unsigned long *haddr)
base = io_map_base - size;
ret = __hyp_alloc_private_va_range(base);
- mutex_unlock(&kvm_hyp_pgd_mutex);
-
if (!ret)
*haddr = base;
@@ -714,17 +693,16 @@ int create_hyp_stack(phys_addr_t phys_addr, unsigned long *haddr)
size_t size;
int ret;
- mutex_lock(&kvm_hyp_pgd_mutex);
- /*
- * Efficient stack verification using the NVHE_STACK_SHIFT bit implies
- * an alignment of our allocation on the order of the size.
- */
- size = NVHE_STACK_SIZE * 2;
- base = ALIGN_DOWN(io_map_base - size, size);
+ scoped_guard(mutex, &kvm_hyp_pgd_mutex) {
+ /*
+ * Efficient stack verification using the NVHE_STACK_SHIFT bit implies
+ * an alignment of our allocation on the order of the size.
+ */
+ size = NVHE_STACK_SIZE * 2;
+ base = ALIGN_DOWN(io_map_base - size, size);
- ret = __hyp_alloc_private_va_range(base);
-
- mutex_unlock(&kvm_hyp_pgd_mutex);
+ ret = __hyp_alloc_private_va_range(base);
+ }
if (ret) {
kvm_err("Cannot allocate hyp stack guard page\n");
diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c
index 053e4f733e4b..a39111b70f9f 100644
--- a/arch/arm64/kvm/pkvm.c
+++ b/arch/arm64/kvm/pkvm.c
@@ -190,39 +190,33 @@ bool pkvm_hyp_vm_is_created(struct kvm *kvm)
int pkvm_create_hyp_vm(struct kvm *kvm)
{
- int ret = 0;
-
/*
* Synchronise with kvm_arch_prepare_memory_region(), as we
* prevent memslot modifications on a pVM that has been run.
*/
- mutex_lock(&kvm->slots_lock);
- mutex_lock(&kvm->arch.config_lock);
- if (!pkvm_hyp_vm_is_created(kvm))
- ret = __pkvm_create_hyp_vm(kvm);
- mutex_unlock(&kvm->arch.config_lock);
- mutex_unlock(&kvm->slots_lock);
+ guard(mutex)(&kvm->slots_lock);
+ guard(mutex)(&kvm->arch.config_lock);
- return ret;
+ if (!pkvm_hyp_vm_is_created(kvm))
+ return __pkvm_create_hyp_vm(kvm);
+
+ return 0;
}
int pkvm_create_hyp_vcpu(struct kvm_vcpu *vcpu)
{
- int ret = 0;
+ guard(mutex)(&vcpu->kvm->arch.config_lock);
- mutex_lock(&vcpu->kvm->arch.config_lock);
if (!vcpu_get_flag(vcpu, VCPU_PKVM_FINALIZED))
- ret = __pkvm_create_hyp_vcpu(vcpu);
- mutex_unlock(&vcpu->kvm->arch.config_lock);
+ return __pkvm_create_hyp_vcpu(vcpu);
- return ret;
+ return 0;
}
void pkvm_destroy_hyp_vm(struct kvm *kvm)
{
- mutex_lock(&kvm->arch.config_lock);
+ guard(mutex)(&kvm->arch.config_lock);
__pkvm_destroy_hyp_vm(kvm);
- mutex_unlock(&kvm->arch.config_lock);
}
int pkvm_init_host_vm(struct kvm *kvm, unsigned long type)
diff --git a/arch/arm64/kvm/psci.c b/arch/arm64/kvm/psci.c
index 3b5dbe9a0a0e..e1389c525e9d 100644
--- a/arch/arm64/kvm/psci.c
+++ b/arch/arm64/kvm/psci.c
@@ -62,7 +62,6 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
struct vcpu_reset_state *reset_state;
struct kvm *kvm = source_vcpu->kvm;
struct kvm_vcpu *vcpu = NULL;
- int ret = PSCI_RET_SUCCESS;
unsigned long cpu_id;
cpu_id = smccc_get_arg1(source_vcpu);
@@ -78,14 +77,13 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
if (!vcpu)
return PSCI_RET_INVALID_PARAMS;
- spin_lock(&vcpu->arch.mp_state_lock);
+ guard(spinlock)(&vcpu->arch.mp_state_lock);
+
if (!kvm_arm_vcpu_stopped(vcpu)) {
if (kvm_psci_version(source_vcpu) != KVM_ARM_PSCI_0_1)
- ret = PSCI_RET_ALREADY_ON;
+ return PSCI_RET_ALREADY_ON;
else
- ret = PSCI_RET_INVALID_PARAMS;
-
- goto out_unlock;
+ return PSCI_RET_INVALID_PARAMS;
}
reset_state = &vcpu->arch.reset_state;
@@ -113,9 +111,7 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
WRITE_ONCE(vcpu->arch.mp_state.mp_state, KVM_MP_STATE_RUNNABLE);
kvm_vcpu_wake_up(vcpu);
-out_unlock:
- spin_unlock(&vcpu->arch.mp_state_lock);
- return ret;
+ return PSCI_RET_SUCCESS;
}
static unsigned long kvm_psci_vcpu_affinity_info(struct kvm_vcpu *vcpu)
@@ -176,9 +172,8 @@ static void kvm_prepare_system_event(struct kvm_vcpu *vcpu, u32 type, u64 flags)
* re-initialized.
*/
kvm_for_each_vcpu(i, tmp, vcpu->kvm) {
- spin_lock(&tmp->arch.mp_state_lock);
+ guard(spinlock)(&tmp->arch.mp_state_lock);
WRITE_ONCE(tmp->arch.mp_state.mp_state, KVM_MP_STATE_STOPPED);
- spin_unlock(&tmp->arch.mp_state_lock);
}
kvm_make_all_cpus_request(vcpu->kvm, KVM_REQ_SLEEP);
diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
index b963fd975aac..60969d90bdd3 100644
--- a/arch/arm64/kvm/reset.c
+++ b/arch/arm64/kvm/reset.c
@@ -193,10 +193,10 @@ void kvm_reset_vcpu(struct kvm_vcpu *vcpu)
bool loaded;
u32 pstate;
- spin_lock(&vcpu->arch.mp_state_lock);
- reset_state = vcpu->arch.reset_state;
- vcpu->arch.reset_state.reset = false;
- spin_unlock(&vcpu->arch.mp_state_lock);
+ scoped_guard(spinlock, &vcpu->arch.mp_state_lock) {
+ reset_state = vcpu->arch.reset_state;
+ vcpu->arch.reset_state.reset = false;
+ }
preempt_disable();
loaded = (vcpu->cpu != -1);
--
2.54.0.1136.gdb2ca164c4-goog
next prev parent reply other threads:[~2026-06-12 6:59 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 6:59 [PATCH v1 00/11] KVM: arm64: Rework pKVM vCPU state synchronisation tabba
2026-06-12 6:59 ` [PATCH v1 01/11] KVM: arm64: Add scoped resource management (guard) for hyp_spinlock tabba
2026-06-12 6:59 ` [PATCH v1 02/11] KVM: arm64: Use guard(hyp_spinlock) in pKVM hypervisor code tabba
2026-06-12 6:59 ` tabba [this message]
2026-06-12 6:59 ` [PATCH v1 04/11] KVM: arm64: Extract MPIDR computation into a shared header tabba
2026-06-12 6:59 ` [PATCH v1 05/11] KVM: arm64: Make vcpu_{read,write}_sys_reg available to HYP code tabba
2026-06-12 7:17 ` sashiko-bot
2026-06-12 7:53 ` Fuad Tabba
2026-06-12 6:59 ` [PATCH v1 06/11] KVM: arm64: Factor out reusable vCPU reset helpers tabba
2026-06-12 6:59 ` [PATCH v1 07/11] KVM: arm64: Move PSCI helper functions to a shared header tabba
2026-06-12 6:59 ` [PATCH v1 08/11] KVM: arm64: Add host and hypervisor vCPU lookup primitives tabba
2026-06-12 7:08 ` sashiko-bot
2026-06-12 7:15 ` Fuad Tabba
2026-06-12 6:59 ` [PATCH v1 09/11] KVM: arm64: Minimise EL2's exposure of host VGIC state during world switch tabba
2026-06-12 7:24 ` sashiko-bot
2026-06-12 8:05 ` Fuad Tabba
2026-06-12 8:09 ` Fuad Tabba
2026-06-12 6:59 ` [PATCH v1 10/11] KVM: arm64: Add primitives to flush/sync the VGIC state at EL2 tabba
2026-06-12 7:23 ` sashiko-bot
2026-06-12 8:14 ` Fuad Tabba
2026-06-12 6:59 ` [PATCH v1 11/11] KVM: arm64: Implement lazy vCPU state sync for non-protected guests tabba
2026-06-12 7:19 ` sashiko-bot
2026-06-12 9:51 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260612065925.755562-4-tabba@google.com \
--to=tabba@google.com \
--cc=catalin.marinas@arm.com \
--cc=imv4bel@gmail.com \
--cc=joey.gouly@arm.com \
--cc=jonathan.cameron@huawei.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=perlarsen@google.com \
--cc=qperret@google.com \
--cc=sebastianene@google.com \
--cc=seiden@linux.ibm.com \
--cc=suzuki.poulose@arm.com \
--cc=vdonnefort@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.