From: Mostafa Saleh <smostafa@google.com>
To: Will Deacon <will@kernel.org>
Cc: linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev,
linux-arm-kernel@lists.infradead.org, iommu@lists.linux.dev,
maz@kernel.org, oliver.upton@linux.dev, joey.gouly@arm.com,
suzuki.poulose@arm.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, robin.murphy@arm.com,
jean-philippe@linaro.org, qperret@google.com, tabba@google.com,
jgg@ziepe.ca, mark.rutland@arm.com, praan@google.com
Subject: Re: [PATCH v4 10/28] KVM: arm64: iommu: Shadow host stage-2 page table
Date: Tue, 16 Sep 2025 14:24:46 +0000 [thread overview]
Message-ID: <aMlzLsj5slPQhWEr@google.com> (raw)
In-Reply-To: <aMA8vz0v0Vn-02QP@willie-the-truck>
On Tue, Sep 09, 2025 at 03:42:07PM +0100, Will Deacon wrote:
> On Tue, Aug 19, 2025 at 09:51:38PM +0000, Mostafa Saleh wrote:
> > Create a shadow page table for the IOMMU that shadows the
> > host CPU stage-2 into the IOMMUs to establish DMA isolation.
> >
> > An initial snapshot is created after the driver init, then
> > on every permission change a callback would be called for
> > the IOMMU driver to update the page table.
> >
> > For some cases, an SMMUv3 may be able to share the same page
> > table used with the host CPU stage-2 directly.
> > However, this is too strict and requires changes to the core hypervisor
> > page table code, plus it would require the hypervisor to handle IOMMU
> > page faults. This can be added later as an optimization for SMMUV3.
> >
> > Signed-off-by: Mostafa Saleh <smostafa@google.com>
> > ---
> > arch/arm64/kvm/hyp/include/nvhe/iommu.h | 4 ++
> > arch/arm64/kvm/hyp/nvhe/iommu/iommu.c | 83 ++++++++++++++++++++++++-
> > arch/arm64/kvm/hyp/nvhe/mem_protect.c | 5 ++
> > 3 files changed, 90 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/kvm/hyp/include/nvhe/iommu.h b/arch/arm64/kvm/hyp/include/nvhe/iommu.h
> > index 1ac70cc28a9e..219363045b1c 100644
> > --- a/arch/arm64/kvm/hyp/include/nvhe/iommu.h
> > +++ b/arch/arm64/kvm/hyp/include/nvhe/iommu.h
> > @@ -3,11 +3,15 @@
> > #define __ARM64_KVM_NVHE_IOMMU_H__
> >
> > #include <asm/kvm_host.h>
> > +#include <asm/kvm_pgtable.h>
> >
> > struct kvm_iommu_ops {
> > int (*init)(void);
> > + void (*host_stage2_idmap)(phys_addr_t start, phys_addr_t end, int prot);
> > };
> >
> > int kvm_iommu_init(void);
> >
> > +void kvm_iommu_host_stage2_idmap(phys_addr_t start, phys_addr_t end,
> > + enum kvm_pgtable_prot prot);
> > #endif /* __ARM64_KVM_NVHE_IOMMU_H__ */
> > diff --git a/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c b/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c
> > index a01c036c55be..f7d1c8feb358 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c
> > @@ -4,15 +4,94 @@
> > *
> > * Copyright (C) 2022 Linaro Ltd.
> > */
> > +#include <linux/iommu.h>
> > +
> > #include <nvhe/iommu.h>
> > +#include <nvhe/mem_protect.h>
> > +#include <nvhe/spinlock.h>
> >
> > /* Only one set of ops supported */
> > struct kvm_iommu_ops *kvm_iommu_ops;
> >
> > +/* Protected by host_mmu.lock */
> > +static bool kvm_idmap_initialized;
> > +
> > +static inline int pkvm_to_iommu_prot(enum kvm_pgtable_prot prot)
> > +{
> > + int iommu_prot = 0;
> > +
> > + if (prot & KVM_PGTABLE_PROT_R)
> > + iommu_prot |= IOMMU_READ;
> > + if (prot & KVM_PGTABLE_PROT_W)
> > + iommu_prot |= IOMMU_WRITE;
> > + if (prot == PKVM_HOST_MMIO_PROT)
> > + iommu_prot |= IOMMU_MMIO;
>
> This looks a little odd to me.
>
> On the CPU side, the only different between PKVM_HOST_MEM_PROT and
> PKVM_HOST_MMIO_PROT is that the former has execute permission. Both are
> mapped as cacheable at stage-2 because it's the job of the host to set
> the more restrictive memory type at stage-1.
>
> Carrying that over to the SMMU would suggest that we don't care about
> IOMMU_MMIO at stage-2 at all, so why do we need to set it here?
Unlike the CPU, the host can set the SMMU to bypass, in that case the
hypervisor will attach its stage-2 with no stage-1 configured. So,
stage-2 must have the correct attrs for MMIO.
>
> > + /* We don't understand that, might be dangerous. */
> > + WARN_ON(prot & ~PKVM_HOST_MEM_PROT);
> > + return iommu_prot;
> > +}
> > +
> > +static int __snapshot_host_stage2(const struct kvm_pgtable_visit_ctx *ctx,
> > + enum kvm_pgtable_walk_flags visit)
> > +{
> > + u64 start = ctx->addr;
> > + kvm_pte_t pte = *ctx->ptep;
> > + u32 level = ctx->level;
> > + u64 end = start + kvm_granule_size(level);
> > + int prot = IOMMU_READ | IOMMU_WRITE;
> > +
> > + /* Keep unmapped. */
> > + if (pte && !kvm_pte_valid(pte))
> > + return 0;
> > +
> > + if (kvm_pte_valid(pte))
> > + prot = pkvm_to_iommu_prot(kvm_pgtable_stage2_pte_prot(pte));
> > + else if (!addr_is_memory(start))
> > + prot |= IOMMU_MMIO;
>
> Why do we need to map MMIO regions pro-actively here? I'd have thought
> we could just do:
>
> if (!kvm_pte_valid(pte))
> return 0;
>
> prot = pkvm_to_iommu_prot(kvm_pgtable_stage2_pte_prot(pte);
> kvm_iommu_ops->host_stage2_idmap(start, end, prot);
> return 0;
>
> but I think that IOMMU_MMIO is throwing me again...
We have to map everything pro-actively as we don’t handle page faults
in the SMMUv3 driver.
This would be a future work where the CPU stage-2 page table is shared with
the SMMUv3.
Thanks,
Mostafa
>
> Will
next prev parent reply other threads:[~2025-09-16 14:24 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-19 21:51 [PATCH v4 00/28] KVM: arm64: SMMUv3 driver for pKVM (trap and emulate) Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 01/28] KVM: arm64: Add a new function to donate memory with prot Mostafa Saleh
2025-09-09 13:46 ` Will Deacon
2025-09-14 19:23 ` Pranjal Shrivastava
2025-09-16 11:58 ` Mostafa Saleh
2025-09-16 11:56 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 02/28] KVM: arm64: Donate MMIO to the hypervisor Mostafa Saleh
2025-09-09 14:12 ` Will Deacon
2025-09-16 13:27 ` Mostafa Saleh
2025-09-26 14:33 ` Will Deacon
2025-09-29 10:57 ` Mostafa Saleh
2025-09-14 20:41 ` Pranjal Shrivastava
2025-09-16 13:43 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 03/28] KVM: arm64: pkvm: Add pkvm_time_get() Mostafa Saleh
2025-09-09 14:16 ` Will Deacon
2025-09-09 15:56 ` Marc Zyngier
2025-09-15 11:10 ` Pranjal Shrivastava
2025-09-16 14:04 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 04/28] iommu/io-pgtable-arm: Move selftests to a separate file Mostafa Saleh
2025-09-15 14:37 ` Pranjal Shrivastava
2025-09-16 14:07 ` Mostafa Saleh
2025-09-15 16:45 ` Jason Gunthorpe
2025-09-16 14:09 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 05/28] iommu/io-pgtable-arm: Factor kernel specific code out Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 06/28] iommu/arm-smmu-v3: Split code with hyp Mostafa Saleh
2025-09-09 14:23 ` Will Deacon
2025-09-16 14:10 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 07/28] iommu/arm-smmu-v3: Move TLB range invalidation into a macro Mostafa Saleh
2025-09-09 14:25 ` Will Deacon
2025-08-19 21:51 ` [PATCH v4 08/28] iommu/arm-smmu-v3: Move IDR parsing to common functions Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 09/28] KVM: arm64: iommu: Introduce IOMMU driver infrastructure Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 10/28] KVM: arm64: iommu: Shadow host stage-2 page table Mostafa Saleh
2025-09-09 14:42 ` Will Deacon
2025-09-16 14:24 ` Mostafa Saleh [this message]
2025-09-26 14:42 ` Will Deacon
2025-09-29 11:01 ` Mostafa Saleh
2025-09-30 12:38 ` Jason Gunthorpe
2025-09-30 12:55 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 11/28] KVM: arm64: iommu: Add memory pool Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 12/28] KVM: arm64: iommu: Support DABT for IOMMU Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 13/28] iommu/arm-smmu-v3-kvm: Add SMMUv3 driver Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 14/28] iommu/arm-smmu-v3: Add KVM mode in the driver Mostafa Saleh
2025-09-12 13:52 ` Will Deacon
2025-09-16 14:30 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 15/28] iommu/arm-smmu-v3: Load the driver later in KVM mode Mostafa Saleh
2025-09-12 13:54 ` Will Deacon
2025-09-23 14:35 ` Mostafa Saleh
2025-09-23 17:38 ` Jason Gunthorpe
2025-09-29 11:10 ` Mostafa Saleh
2025-10-02 15:13 ` Jason Gunthorpe
2025-11-05 16:40 ` Mostafa Saleh
2025-11-05 17:12 ` Jason Gunthorpe
2025-11-06 11:06 ` Mostafa Saleh
2025-11-06 13:23 ` Jason Gunthorpe
2025-11-06 16:54 ` Mostafa Saleh
2025-11-06 17:16 ` Jason Gunthorpe
2025-08-19 21:51 ` [PATCH v4 16/28] iommu/arm-smmu-v3-kvm: Create array for hyp SMMUv3 Mostafa Saleh
2025-09-09 18:30 ` Daniel Mentz
2025-09-16 14:35 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 17/28] iommu/arm-smmu-v3-kvm: Take over SMMUs Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 18/28] iommu/arm-smmu-v3-kvm: Probe SMMU HW Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 19/28] iommu/arm-smmu-v3-kvm: Add MMIO emulation Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 20/28] iommu/arm-smmu-v3-kvm: Shadow the command queue Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 21/28] iommu/arm-smmu-v3-kvm: Add CMDQ functions Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 22/28] iommu/arm-smmu-v3-kvm: Emulate CMDQ for host Mostafa Saleh
2025-09-12 14:18 ` Will Deacon
2025-09-15 16:38 ` Jason Gunthorpe
2025-09-16 15:19 ` Mostafa Saleh
2025-09-17 12:36 ` Jason Gunthorpe
2025-09-17 15:01 ` Will Deacon
2025-09-17 15:16 ` Jason Gunthorpe
2025-09-17 15:25 ` Will Deacon
2025-09-17 15:59 ` Jason Gunthorpe
2025-09-18 10:26 ` Will Deacon
2025-09-18 14:36 ` Jason Gunthorpe
2025-09-16 14:50 ` Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 23/28] iommu/arm-smmu-v3-kvm: Shadow stream table Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 24/28] iommu/arm-smmu-v3-kvm: Shadow STEs Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 25/28] iommu/arm-smmu-v3-kvm: Emulate GBPA Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 26/28] iommu/arm-smmu-v3-kvm: Support io-pgtable Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 27/28] iommu/arm-smmu-v3-kvm: Shadow the CPU stage-2 page table Mostafa Saleh
2025-08-19 21:51 ` [PATCH v4 28/28] iommu/arm-smmu-v3-kvm: Enable nesting Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMlzLsj5slPQhWEr@google.com \
--to=smostafa@google.com \
--cc=catalin.marinas@arm.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=jgg@ziepe.ca \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=praan@google.com \
--cc=qperret@google.com \
--cc=robin.murphy@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.