From: Vincent Donnefort <vdonnefort@google.com>
To: Fuad Tabba <tabba@google.com>
Cc: Marc Zyngier <maz@kernel.org>, Oliver Upton <oupton@kernel.org>,
kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Joey Gouly <joey.gouly@arm.com>,
Steffen Eiden <seiden@linux.ibm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Quentin Perret <qperret@google.com>,
Sebastian Ene <sebastianene@google.com>,
Hyunwoo Kim <imv4bel@gmail.com>
Subject: Re: [PATCH v2 8/8] KVM: arm64: Implement lazy vCPU state sync for non-protected guests
Date: Mon, 22 Jun 2026 09:49:47 +0100 [thread overview]
Message-ID: <ajj3KzUrZZ1-2UQZ@google.com> (raw)
In-Reply-To: <CA+EHjTz13obYHAZYCW+zpH1RB953FseP9koXydeoLqmn6UONHQ@mail.gmail.com>
[...]
> > > diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
> > > index 54aedf93c78b..8963621bcdd1 100644
> > > --- a/arch/arm64/kvm/handle_exit.c
> > > +++ b/arch/arm64/kvm/handle_exit.c
> > > @@ -422,6 +422,20 @@ static int handle_trap_exceptions(struct kvm_vcpu *vcpu)
> > > {
> > > int handled;
> > >
> > > + /*
> > > + * If we run a non-protected VM when protection is enabled
> > > + * system-wide, resync the state from the hypervisor and mark
> > > + * it as dirty on the host side if it wasn't dirty already
> > > + * (which could happen if preemption has taken place).
> > > + */
> > > + if (is_protected_kvm_enabled() && !kvm_vm_is_protected(vcpu->kvm)) {
> > > + guard(preempt)();
> > > + if (!(vcpu_get_flag(vcpu, PKVM_HOST_STATE_DIRTY))) {
> > > + kvm_call_hyp_nvhe(__pkvm_vcpu_sync_state);
> > > + vcpu_set_flag(vcpu, PKVM_HOST_STATE_DIRTY);
> > > + }
> > > + }
> > > +
> >
> > Could we remove this update here and let handle_exit_early() do the sync
> > regardless of the SError injection? One of the main point of handle_exit_early()
> > is to do things under !prempt().
>
> Agreed on the move: handle_exit_early() is already preempt-off, so the
> guard() goes away. Not on every exit though. handle_exit_early() runs
> on every exit, and sync_hyp_vcpu() only copies PC/PSTATE/fault back
> for a non-protected guest; the GPRs and sysregs cross solely via
> __pkvm_vcpu_sync_state. Syncing unconditionally would pull the full
> context back on plain IRQ exits, which is the copy this patch avoids.
> So I will gate it on trap-or-SError and drop the
> handle_trap_exceptions() block.
>
> >
> >
> > > /*
> > > * See ARM ARM B1.14.1: "Hyp traps on instructions
> > > * that fail their condition code check"
> > > @@ -489,6 +503,22 @@ int handle_exit(struct kvm_vcpu *vcpu, int exception_index)
> > > /* For exit types that need handling before we can be preempted */
> > > void handle_exit_early(struct kvm_vcpu *vcpu, int exception_index)
> > > {
> > > + bool inject_serror = ARM_SERROR_PENDING(exception_index) ||
> > > + ARM_EXCEPTION_CODE(exception_index) == ARM_EXCEPTION_EL1_SERROR;
> > > +
> > > + /*
> > > + * An SError injected below writes the host ctxt; for a non-protected
> > > + * guest, sync from the hyp vCPU and keep it dirty so it isn't dropped.
> > > + */
> > > + if (is_protected_kvm_enabled()) {
> >
> > Should we test !kvm_vm_is_protected(vcpu->kvm) here, as the
> > PKVM_HOST_STATE_DIRTY is only updated for p-guests everywhere else?
>
> Yes. The flag is only ever set for non-protected guests, so clearing it
> for a protected one is a no-op, but gating it matches the invariant.
>
> Both fold into one block in handle_exit_early():
>
> if (is_protected_kvm_enabled() && !kvm_vm_is_protected(vcpu->kvm)) {
> if (inject_serror ||
> ARM_EXCEPTION_CODE(exception_index) == ARM_EXCEPTION_TRAP) {
> kvm_call_hyp_nvhe(__pkvm_vcpu_sync_state);
> vcpu_set_flag(vcpu, PKVM_HOST_STATE_DIRTY);
> } else {
> vcpu_clear_flag(vcpu, PKVM_HOST_STATE_DIRTY);
> }
> }
>
> I will fold this into the next respin.
Ah yes of course, I was hoping we could just have a switch here, just like
handle_exit() does, but that's not possible because of ARM_SERROR_PENDING().
Perhaps it would look cleaner if done in a separate function
handle_exit_pkvm_state()?
>
> Thanks for the reviews!
> /fuad
>
> >
> > > + vcpu_clear_flag(vcpu, PKVM_HOST_STATE_DIRTY);
> > > +
> > > + if (inject_serror && !kvm_vm_is_protected(vcpu->kvm)) {
> > > + kvm_call_hyp_nvhe(__pkvm_vcpu_sync_state);
> > > + vcpu_set_flag(vcpu, PKVM_HOST_STATE_DIRTY);
> > > + }
> > > + }
> > > +
> > > if (ARM_SERROR_PENDING(exception_index)) {
> > > if (this_cpu_has_cap(ARM64_HAS_RAS_EXTN)) {
> > > u64 disr = kvm_vcpu_get_disr(vcpu);
> >
> > [...]
next prev parent reply other threads:[~2026-06-22 8:49 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-19 7:07 [PATCH v2 0/8] KVM: arm64: Rework pKVM vCPU state synchronisation Fuad Tabba
2026-06-19 7:07 ` [PATCH v2 1/8] KVM: arm64: Extract MPIDR computation into a shared header Fuad Tabba
2026-06-19 13:24 ` Vincent Donnefort
2026-06-19 7:07 ` [PATCH v2 2/8] KVM: arm64: Make vcpu_{read,write}_sys_reg available to HYP code Fuad Tabba
2026-06-19 13:26 ` Vincent Donnefort
2026-06-19 7:07 ` [PATCH v2 3/8] KVM: arm64: Factor out reusable vCPU reset helpers Fuad Tabba
2026-06-19 13:29 ` Vincent Donnefort
2026-06-19 7:07 ` [PATCH v2 4/8] KVM: arm64: Move PSCI helper functions to a shared header Fuad Tabba
2026-06-19 13:30 ` Vincent Donnefort
2026-06-19 7:07 ` [PATCH v2 5/8] KVM: arm64: Add host and hypervisor vCPU lookup primitives Fuad Tabba
2026-06-19 13:31 ` Vincent Donnefort
2026-06-19 7:07 ` [PATCH v2 6/8] KVM: arm64: Minimise EL2's exposure of host VGIC state during world switch Fuad Tabba
2026-06-19 7:25 ` sashiko-bot
2026-06-19 7:38 ` Fuad Tabba
2026-06-19 7:07 ` [PATCH v2 7/8] KVM: arm64: Add primitives to flush/sync the VGIC state at EL2 Fuad Tabba
2026-06-19 7:21 ` sashiko-bot
2026-06-19 7:41 ` Marc Zyngier
2026-06-19 7:45 ` Fuad Tabba
2026-06-19 7:07 ` [PATCH v2 8/8] KVM: arm64: Implement lazy vCPU state sync for non-protected guests Fuad Tabba
2026-06-19 7:28 ` sashiko-bot
2026-06-19 7:54 ` Fuad Tabba
2026-06-19 13:12 ` Vincent Donnefort
2026-06-19 16:41 ` Fuad Tabba
2026-06-22 8:49 ` Vincent Donnefort [this message]
2026-06-22 10:14 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajj3KzUrZZ1-2UQZ@google.com \
--to=vdonnefort@google.com \
--cc=catalin.marinas@arm.com \
--cc=imv4bel@gmail.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=qperret@google.com \
--cc=sebastianene@google.com \
--cc=seiden@linux.ibm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.