From: Vincent Donnefort <vdonnefort@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: oliver.upton@linux.dev, joey.gouly@arm.com,
suzuki.poulose@arm.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, will@kernel.org, qperret@google.com,
tabba@google.com, linux-arm-kernel@lists.infradead.org,
kvmarm@lists.linux.dev, kernel-team@android.com
Subject: Re: [PATCH] KVM: arm64: Fix ICV_DIR_EL1 trapping detection for pKVM
Date: Mon, 9 Mar 2026 18:07:45 +0000 [thread overview]
Message-ID: <aa8McT6o2_KSXVfz@google.com> (raw)
In-Reply-To: <86h5qo7vr9.wl-maz@kernel.org>
[...]
> > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > index e7790097db93..0432852228f9 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > @@ -463,6 +463,11 @@ static void handle___vgic_v3_get_gic_config(struct kvm_cpu_context *host_ctxt)
> > cpu_reg(host_ctxt, 1) = __vgic_v3_get_gic_config();
> > }
> >
> > +static void handle___vgic_v3_get_ich_vtr_el2(struct kvm_cpu_context *host_ctxt)
> > +{
> > + cpu_reg(host_ctxt, 1) = read_sysreg_s(SYS_ICH_VTR_EL2);
> > +}
> > +
> > static void handle___vgic_v3_init_lrs(struct kvm_cpu_context *host_ctxt)
> > {
> > __vgic_v3_init_lrs();
> > @@ -622,6 +627,7 @@ static const hcall_t host_hcall[] = {
> > HANDLE_FUNC(__kvm_timer_set_cntvoff),
> > HANDLE_FUNC(__vgic_v3_save_aprs),
> > HANDLE_FUNC(__vgic_v3_restore_vmcr_aprs),
> > + HANDLE_FUNC(__vgic_v3_get_ich_vtr_el2),
> > HANDLE_FUNC(__pkvm_reserve_vm),
> > HANDLE_FUNC(__pkvm_unreserve_vm),
> > HANDLE_FUNC(__pkvm_init_vm),
> >
>
> This looks incredibly complicated. Since pKVM forbids late onlining of
> CPUs, you are absolutely sure that you have already seen the CPU being
> hot-plugged on.
>
> So it would make a lot more sense to just return the current value of
> the property you are trying to re-evaluate: you know for sure it
> cannot change under your feet.
>
> I have quickly tested the following hack:
>
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index c31f8e17732a3..947ff71b3b66b 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
> !is_midr_in_range_list(has_vgic_v3))
> return false;
>
> + if (system_capabilities_finalized() && is_protected_kvm_enabled())
> + return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
> +
> if (is_kernel_in_hyp_mode())
> res.a1 = read_sysreg_s(SYS_ICH_VTR_EL2);
> else
>
> which works for me. Could you please give it a go?
That works! I can spin a V2 with that if you want.
>
> Thanks,
>
> M.
>
> --
> Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2026-03-09 18:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 16:04 [PATCH] KVM: arm64: Fix ICV_DIR_EL1 trapping detection for pKVM Vincent Donnefort
2026-03-09 17:33 ` Marc Zyngier
2026-03-09 18:07 ` Vincent Donnefort [this message]
2026-03-10 8:56 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa8McT6o2_KSXVfz@google.com \
--to=vdonnefort@google.com \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=kernel-team@android.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.