Re: [PATCH v6 8/9] KVM: arm64: Check whether a VM IOCTL is allowed in pKVM

[Marc Zyngier <maz@kernel.org>]

On Thu, 15 Jan 2026 16:14:39 +0000,
Fuad Tabba <tabba@google.com> wrote:
> 
> On Thu, 15 Jan 2026 at 16:05, Marc Zyngier <maz@kernel.org> wrote:
> >
> > On Thu, 15 Jan 2026 15:19:48 +0000,
> > Fuad Tabba <tabba@google.com> wrote:
> > >
> > > Hi Marc,
> > >
> > > On Thu, 15 Jan 2026 at 15:03, Marc Zyngier <maz@kernel.org> wrote:
> > > >
> > > > On Thu, 11 Dec 2025 10:47:08 +0000,
> > > > Fuad Tabba <tabba@google.com> wrote:
> > > > >
> > > > > Certain VM IOCTLs are tied to specific VM features. Since pKVM does not
> > > > > support all features, restrict which IOCTLs are allowed depending on
> > > > > whether the associated feature is supported.
> > > > >
> > > > > Use the existing VM capability check as the source of truth to whether
> > > > > an IOCTL is allowed for a particular VM by mapping the IOCTLs with their
> > > > > associated capabilities.
> > > > >
> > > > > Suggested-by: Oliver Upton <oupton@kernel.org>
> > > > > Signed-off-by: Fuad Tabba <tabba@google.com>
> > > > > ---
> > > > >  arch/arm64/include/asm/kvm_pkvm.h | 21 +++++++++++++++++++++
> > > > >  arch/arm64/kvm/arm.c              |  3 +++
> > > > >  2 files changed, 24 insertions(+)
> > > > >
> > > > > diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
> > > > > index 5b564576160d..0fa8c84816fd 100644
> > > > > --- a/arch/arm64/include/asm/kvm_pkvm.h
> > > > > +++ b/arch/arm64/include/asm/kvm_pkvm.h
> > > > > @@ -9,6 +9,7 @@
> > > > >  #include <linux/arm_ffa.h>
> > > > >  #include <linux/memblock.h>
> > > > >  #include <linux/scatterlist.h>
> > > > > +#include <asm/kvm_host.h>
> > > > >  #include <asm/kvm_pgtable.h>
> > > > >
> > > > >  /* Maximum number of VMs that can co-exist under pKVM. */
> > > > > @@ -43,6 +44,7 @@ static inline bool kvm_pkvm_ext_allowed(struct kvm *kvm, long ext)
> > > > >       case KVM_CAP_ARM_SVE:
> > > > >       case KVM_CAP_ARM_PTRAUTH_ADDRESS:
> > > > >       case KVM_CAP_ARM_PTRAUTH_GENERIC:
> > > > > +     case KVM_CAP_ARM_BASIC:
> > > >
> > > > Can we instead rely on an existing VM capability? I'm not overly keen
> > > > exposing something new to userspace (KVM_CAP_ARM_BASIC) for something
> > > > that really is KVM's own internal problems.
> > > >
> > > > Looking at the history, a bunch of things have always been present:
> > > > KVM_CAP_NR_VCPUS, for example. You could even #define
> > > > KVM_CAP_ARM_BASIC to that if you want.
> > >
> > > I wasn't too crazy about that either. I like the idea of defining it
> > > as an alias of KVM_CAP_NR_VCPUS. I'll do that when I respin.
> >
> > I've done something [1]. If that works for you, let me know and I'll
> > just merge that.
> 
> That works for the previous patch (7/9), which is where you've made
> the change. But since the alias is defined in `arm.c` it wouldn't work
> in this patch (8/9), because the function kvm_pkvm_ext_allowed() is
> defined in  `asm/kvm_pkvm.h`.

I dropped it from patch 8/9 for the reason below.

> Defining the alias in `asm/kvm_pkvm.h`
> or in `asm/kvm_host.h` should solve this, since both files are visible
> in arm.c (and in kvm_pkvm.h in both cases).

Nope. The compiler spots that this is the same value twice in the
switch, and compile fails. I only kept it as syntactic sugar in arm.c,
but I could otherwise drop it entirely.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.