From: Steven Price <steven.price@arm.com>
To: Marc Zyngier <maz@kernel.org>
Cc: kvm@vger.kernel.org, kvmarm@lists.linux.dev,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Christoffer Dall <christoffer.dall@arm.com>,
Fuad Tabba <tabba@google.com>,
linux-coco@lists.linux.dev,
Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>,
Gavin Shan <gshan@redhat.com>,
Shanker Donthineni <sdonthineni@nvidia.com>,
Alper Gun <alpergun@google.com>,
"Aneesh Kumar K . V" <aneesh.kumar@kernel.org>,
Emi Kisanuki <fj0570is@fujitsu.com>,
Vishal Annapurve <vannapurve@google.com>
Subject: Re: [PATCH v10 05/43] arm64: RME: Check for RME support at KVM init
Date: Wed, 1 Oct 2025 14:20:13 +0100 [thread overview]
Message-ID: <2226e62f-76ca-4467-a8ae-460fd463df0a@arm.com> (raw)
In-Reply-To: <86ms6azxt5.wl-maz@kernel.org>
On 01/10/2025 12:05, Marc Zyngier wrote:
> On Wed, 20 Aug 2025 15:55:25 +0100,
> Steven Price <steven.price@arm.com> wrote:
>>
>> Query the RMI version number and check if it is a compatible version. A
>> static key is also provided to signal that a supported RMM is available.
>>
>> Functions are provided to query if a VM or VCPU is a realm (or rec)
>> which currently will always return false.
>>
>> Later patches make use of struct realm and the states as the ioctls
>> interfaces are added to support realm and REC creation and destruction.
>>
>> Reviewed-by: Gavin Shan <gshan@redhat.com>
>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>> Signed-off-by: Steven Price <steven.price@arm.com>
>> ---
>> Changes since v8:
>> * No need to guard kvm_init_rme() behind 'in_hyp_mode'.
>> Changes since v6:
>> * Improved message for an unsupported RMI ABI version.
>> Changes since v5:
>> * Reword "unsupported" message from "host supports" to "we want" to
>> clarify that 'we' are the 'host'.
>> Changes since v2:
>> * Drop return value from kvm_init_rme(), it was always 0.
>> * Rely on the RMM return value to identify whether the RSI ABI is
>> compatible.
>> ---
>> arch/arm64/include/asm/kvm_emulate.h | 18 +++++++++
>> arch/arm64/include/asm/kvm_host.h | 4 ++
>> arch/arm64/include/asm/kvm_rme.h | 56 ++++++++++++++++++++++++++++
>> arch/arm64/include/asm/virt.h | 1 +
>> arch/arm64/kvm/Makefile | 2 +-
>> arch/arm64/kvm/arm.c | 5 +++
>> arch/arm64/kvm/rme.c | 56 ++++++++++++++++++++++++++++
>> 7 files changed, 141 insertions(+), 1 deletion(-)
>> create mode 100644 arch/arm64/include/asm/kvm_rme.h
>> create mode 100644 arch/arm64/kvm/rme.c
>>
>> diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
>> index fa8a08a1ccd5..ab4093e41c4b 100644
>> --- a/arch/arm64/include/asm/kvm_emulate.h
>> +++ b/arch/arm64/include/asm/kvm_emulate.h
>> @@ -674,4 +674,22 @@ static inline void vcpu_set_hcrx(struct kvm_vcpu *vcpu)
>> vcpu->arch.hcrx_el2 |= HCRX_EL2_SCTLR2En;
>> }
>> }
>> +
>> +static inline bool kvm_is_realm(struct kvm *kvm)
>> +{
>> + if (static_branch_unlikely(&kvm_rme_is_available) && kvm)
>
> Under what circumstances would you call this with a NULL pointer?
kvm_vm_ioctl_check_extension() is the culprit. I guess this could be
handled with an equivalent to kvm_pvm_ext_allowed().
>> + return kvm->arch.is_realm;
>> + return false;
>> +}
>> +
>> +static inline enum realm_state kvm_realm_state(struct kvm *kvm)
>> +{
>> + return READ_ONCE(kvm->arch.realm.state);
>> +}
>> +
>> +static inline bool vcpu_is_rec(struct kvm_vcpu *vcpu)
>> +{
>> + return false;
>> +}
>> +
>> #endif /* __ARM64_KVM_EMULATE_H__ */
>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
>> index 2f2394cce24e..d1511ce26191 100644
>> --- a/arch/arm64/include/asm/kvm_host.h
>> +++ b/arch/arm64/include/asm/kvm_host.h
>> @@ -27,6 +27,7 @@
>> #include <asm/fpsimd.h>
>> #include <asm/kvm.h>
>> #include <asm/kvm_asm.h>
>> +#include <asm/kvm_rme.h>
>> #include <asm/vncr_mapping.h>
>>
>> #define __KVM_HAVE_ARCH_INTC_INITIALIZED
>> @@ -404,6 +405,9 @@ struct kvm_arch {
>> * the associated pKVM instance in the hypervisor.
>> */
>> struct kvm_protected_vm pkvm;
>> +
>> + bool is_realm;
>> + struct realm realm;
>
> Given that pkvm and CCA are pretty much exclusive, I don't think we
> need to store both states separately. Make those a union.
Ack
>> };
>>
>> struct kvm_vcpu_fault_info {
>> diff --git a/arch/arm64/include/asm/kvm_rme.h b/arch/arm64/include/asm/kvm_rme.h
>> new file mode 100644
>> index 000000000000..9c8a0b23e0e4
>> --- /dev/null
>> +++ b/arch/arm64/include/asm/kvm_rme.h
>> @@ -0,0 +1,56 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/*
>> + * Copyright (C) 2023 ARM Ltd.
>> + */
>> +
>> +#ifndef __ASM_KVM_RME_H
>> +#define __ASM_KVM_RME_H
>
> None of that is about RME. This is about CCA, which is purely a SW
> construct, and not a CPU architecture feature.
>
> So 's/rme/cca/' everywhere that describe something that is not a
> direct effect of FEAT_RME being implemented on the CPU, but instead
> something that is CCA-specific.
Ok, it's a lot of churn but you've got a good point.
>> +
>> +/**
>> + * enum realm_state - State of a Realm
>> + */
>> +enum realm_state {
>> + /**
>> + * @REALM_STATE_NONE:
>> + * Realm has not yet been created. rmi_realm_create() may be
>> + * called to create the realm.
>> + */
>> + REALM_STATE_NONE,
>> + /**
>> + * @REALM_STATE_NEW:
>> + * Realm is under construction, not eligible for execution. Pages
>> + * may be populated with rmi_data_create().
>> + */
>> + REALM_STATE_NEW,
>> + /**
>> + * @REALM_STATE_ACTIVE:
>> + * Realm has been created and is eligible for execution with
>> + * rmi_rec_enter(). Pages may no longer be populated with
>> + * rmi_data_create().
>> + */
>> + REALM_STATE_ACTIVE,
>> + /**
>> + * @REALM_STATE_DYING:
>> + * Realm is in the process of being destroyed or has already been
>> + * destroyed.
>> + */
>> + REALM_STATE_DYING,
>> + /**
>> + * @REALM_STATE_DEAD:
>> + * Realm has been destroyed.
>> + */
>> + REALM_STATE_DEAD
>> +};
>> +
>> +/**
>> + * struct realm - Additional per VM data for a Realm
>> + *
>> + * @state: The lifetime state machine for the realm
>> + */
>> +struct realm {
>> + enum realm_state state;
>> +};
>> +
>> +void kvm_init_rme(void);
>> +
>> +#endif /* __ASM_KVM_RME_H */
>> diff --git a/arch/arm64/include/asm/virt.h b/arch/arm64/include/asm/virt.h
>> index aa280f356b96..db73c9bfd8c9 100644
>> --- a/arch/arm64/include/asm/virt.h
>> +++ b/arch/arm64/include/asm/virt.h
>> @@ -82,6 +82,7 @@ void __hyp_reset_vectors(void);
>> bool is_kvm_arm_initialised(void);
>>
>> DECLARE_STATIC_KEY_FALSE(kvm_protected_mode_initialized);
>> +DECLARE_STATIC_KEY_FALSE(kvm_rme_is_available);
>
> Same thing about RME.
>
>>
>> static inline bool is_pkvm_initialized(void)
>> {
>> diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile
>> index 3ebc0570345c..70fa017831b3 100644
>> --- a/arch/arm64/kvm/Makefile
>> +++ b/arch/arm64/kvm/Makefile
>> @@ -16,7 +16,7 @@ CFLAGS_handle_exit.o += -Wno-override-init
>> kvm-y += arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.o \
>> inject_fault.o va_layout.o handle_exit.o config.o \
>> guest.o debug.o reset.o sys_regs.o stacktrace.o \
>> - vgic-sys-reg-v3.o fpsimd.o pkvm.o \
>> + vgic-sys-reg-v3.o fpsimd.o pkvm.o rme.o \
>> arch_timer.o trng.o vmid.o emulate-nested.o nested.o at.o \
>> vgic/vgic.o vgic/vgic-init.o \
>> vgic/vgic-irqfd.o vgic/vgic-v2.o \
>> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
>> index 888f7c7abf54..76177c56f1ef 100644
>> --- a/arch/arm64/kvm/arm.c
>> +++ b/arch/arm64/kvm/arm.c
>> @@ -40,6 +40,7 @@
>> #include <asm/kvm_nested.h>
>> #include <asm/kvm_pkvm.h>
>> #include <asm/kvm_ptrauth.h>
>> +#include <asm/kvm_rme.h>
>> #include <asm/sections.h>
>>
>> #include <kvm/arm_hypercalls.h>
>> @@ -59,6 +60,8 @@ enum kvm_wfx_trap_policy {
>> static enum kvm_wfx_trap_policy kvm_wfi_trap_policy __read_mostly = KVM_WFX_NOTRAP_SINGLE_TASK;
>> static enum kvm_wfx_trap_policy kvm_wfe_trap_policy __read_mostly = KVM_WFX_NOTRAP_SINGLE_TASK;
>>
>> +DEFINE_STATIC_KEY_FALSE(kvm_rme_is_available);
>> +
>> DECLARE_KVM_HYP_PER_CPU(unsigned long, kvm_hyp_vector);
>>
>> DEFINE_PER_CPU(unsigned long, kvm_arm_hyp_stack_base);
>> @@ -2836,6 +2839,8 @@ static __init int kvm_arm_init(void)
>>
>> in_hyp_mode = is_kernel_in_hyp_mode();
>>
>> + kvm_init_rme();
>> +
>> if (cpus_have_final_cap(ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE) ||
>> cpus_have_final_cap(ARM64_WORKAROUND_1508412))
>> kvm_info("Guests without required CPU erratum workarounds can deadlock system!\n" \
>> diff --git a/arch/arm64/kvm/rme.c b/arch/arm64/kvm/rme.c
>> new file mode 100644
>> index 000000000000..67cf2d94cb2d
>> --- /dev/null
>> +++ b/arch/arm64/kvm/rme.c
>> @@ -0,0 +1,56 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + * Copyright (C) 2023 ARM Ltd.
>> + */
>> +
>> +#include <linux/kvm_host.h>
>> +
>> +#include <asm/rmi_cmds.h>
>> +#include <asm/virt.h>
>> +
>> +static int rmi_check_version(void)
>> +{
>> + struct arm_smccc_res res;
>> + unsigned short version_major, version_minor;
>> + unsigned long host_version = RMI_ABI_VERSION(RMI_ABI_MAJOR_VERSION,
>> + RMI_ABI_MINOR_VERSION);
>> +
>> + arm_smccc_1_1_invoke(SMC_RMI_VERSION, host_version, &res);
>
> Shouldn't you first check that RME is actually available, by looking
> at ID_AA64PFR0_EL1.RME?
Well, you made a good point above that this isn't RME, it's CCA. And I
guess there's a possible world where the CCA interface could be
supported with something other than FEAT_RME (FEAT_RME2 maybe?) so I'm
not sure it necessarily a good idea to pin this on a CPU feature bit.
Ultimately what we want to know is whether the firmware thinks it can
supply us with the CCA interface and we don't really care how it
achieves it.
>> +
>> + if (res.a0 == SMCCC_RET_NOT_SUPPORTED)
>> + return -ENXIO;
>> +
>> + version_major = RMI_ABI_VERSION_GET_MAJOR(res.a1);
>> + version_minor = RMI_ABI_VERSION_GET_MINOR(res.a1);
>> +
>> + if (res.a0 != RMI_SUCCESS) {
>> + unsigned short high_version_major, high_version_minor;
>> +
>> + high_version_major = RMI_ABI_VERSION_GET_MAJOR(res.a2);
>> + high_version_minor = RMI_ABI_VERSION_GET_MINOR(res.a2);
>> +
>> + kvm_err("Unsupported RMI ABI (v%d.%d - v%d.%d) we want v%d.%d\n",
>> + version_major, version_minor,
>> + high_version_major, high_version_minor,
>> + RMI_ABI_MAJOR_VERSION,
>> + RMI_ABI_MINOR_VERSION);
>> + return -ENXIO;
>> + }
>> +
>> + kvm_info("RMI ABI version %d.%d\n", version_major, version_minor);
>> +
>> + return 0;
>> +}
>> +
>> +void kvm_init_rme(void)
>> +{
>> + if (PAGE_SIZE != SZ_4K)
>> + /* Only 4k page size on the host is supported */
>> + return;
>
> Move the comment above the check (same thing below).
Ack.
Thanks,
Steve
next prev parent reply other threads:[~2025-10-01 13:20 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-20 14:55 [PATCH v10 00/43] arm64: Support for Arm CCA in KVM Steven Price
2025-08-20 14:55 ` [PATCH v10 01/43] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price
2025-08-20 14:55 ` [PATCH v10 02/43] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price
2025-08-29 11:38 ` Catalin Marinas
2025-09-15 10:55 ` Steven Price
2025-08-20 14:55 ` [PATCH v10 03/43] arm64: RME: Add SMC definitions for calling the RMM Steven Price
2025-10-01 10:05 ` Marc Zyngier
2025-10-01 11:00 ` Steven Price
2025-10-01 11:58 ` Marc Zyngier
2025-10-01 14:05 ` Steven Price
2025-10-08 8:46 ` Suzuki K Poulose
2025-08-20 14:55 ` [PATCH v10 04/43] arm64: RME: Add wrappers for RMI calls Steven Price
2025-08-20 14:55 ` [PATCH v10 05/43] arm64: RME: Check for RME support at KVM init Steven Price
2025-09-03 11:15 ` Gavin Shan
2025-09-15 10:55 ` Steven Price
2025-10-01 11:05 ` Marc Zyngier
2025-10-01 13:20 ` Steven Price [this message]
2025-10-01 13:35 ` Marc Zyngier
2025-10-01 15:34 ` Steven Price
2025-08-20 14:55 ` [PATCH v10 06/43] arm64: RME: Define the user ABI Steven Price
2025-10-01 12:28 ` Marc Zyngier
2025-10-01 14:44 ` Steven Price
2025-10-02 8:46 ` Suzuki K Poulose
2025-08-20 14:55 ` [PATCH v10 07/43] arm64: RME: ioctls to create and configure realms Steven Price
2025-10-01 15:36 ` Marc Zyngier
2025-10-02 9:35 ` Steven Price
2025-08-20 14:55 ` [PATCH v10 08/43] kvm: arm64: Don't expose debug capabilities for realm guests Steven Price
2025-10-01 13:11 ` Marc Zyngier
2025-10-01 15:19 ` Steven Price
2025-08-20 14:55 ` [PATCH v10 09/43] KVM: arm64: Allow passing machine type in KVM creation Steven Price
2025-10-01 13:50 ` Marc Zyngier
2025-10-01 15:54 ` Steven Price
2025-08-20 14:55 ` [PATCH v10 10/43] arm64: RME: RTT tear down Steven Price
2025-08-20 14:55 ` [PATCH v10 11/43] arm64: RME: Allocate/free RECs to match vCPUs Steven Price
2025-08-20 14:55 ` [PATCH v10 12/43] KVM: arm64: vgic: Provide helper for number of list registers Steven Price
2025-08-20 14:55 ` [PATCH v10 13/43] arm64: RME: Support for the VGIC in realms Steven Price
2025-08-20 14:55 ` [PATCH v10 14/43] KVM: arm64: Support timers in realm RECs Steven Price
2025-08-20 14:55 ` [PATCH v10 15/43] arm64: RME: Allow VMM to set RIPAS Steven Price
2025-09-03 23:36 ` Gavin Shan
2025-08-20 14:55 ` [PATCH v10 16/43] arm64: RME: Handle realm enter/exit Steven Price
2025-08-20 14:55 ` [PATCH v10 17/43] arm64: RME: Handle RMI_EXIT_RIPAS_CHANGE Steven Price
2025-08-20 14:55 ` [PATCH v10 18/43] KVM: arm64: Handle realm MMIO emulation Steven Price
2025-08-20 14:55 ` [PATCH v10 19/43] arm64: RME: Allow populating initial contents Steven Price
2025-08-20 14:55 ` [PATCH v10 20/43] arm64: RME: Runtime faulting of memory Steven Price
2025-08-20 14:55 ` [PATCH v10 21/43] KVM: arm64: Handle realm VCPU load Steven Price
2025-08-20 14:55 ` [PATCH v10 22/43] KVM: arm64: Validate register access for a Realm VM Steven Price
2025-08-20 14:55 ` [PATCH v10 23/43] KVM: arm64: Handle Realm PSCI requests Steven Price
2025-08-20 14:55 ` [PATCH v10 24/43] KVM: arm64: WARN on injected undef exceptions Steven Price
2025-08-20 14:55 ` [PATCH v10 25/43] arm64: Don't expose stolen time for realm guests Steven Price
2025-08-20 14:55 ` [PATCH v10 26/43] arm64: RME: allow userspace to inject aborts Steven Price
2025-08-20 14:55 ` [PATCH v10 27/43] arm64: RME: support RSI_HOST_CALL Steven Price
2025-08-20 14:55 ` [PATCH v10 28/43] arm64: RME: Allow checking SVE on VM instance Steven Price
2025-08-20 14:55 ` [PATCH v10 29/43] arm64: RME: Always use 4k pages for realms Steven Price
2025-08-20 14:55 ` [PATCH v10 30/43] arm64: RME: Prevent Device mappings for Realms Steven Price
2025-08-20 14:55 ` [PATCH v10 31/43] arm_pmu: Provide a mechanism for disabling the physical IRQ Steven Price
2025-09-22 0:03 ` Gavin Shan
2025-08-20 14:55 ` [PATCH v10 32/43] arm64: RME: Enable PMU support with a realm guest Steven Price
2025-09-22 0:03 ` Gavin Shan
2025-08-20 14:55 ` [PATCH v10 33/43] arm64: RME: Hide KVM_CAP_READONLY_MEM for realm guests Steven Price
2025-08-20 14:55 ` [PATCH v10 34/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace Steven Price
2025-08-20 14:55 ` [PATCH v10 35/43] arm64: RME: Set breakpoint parameters through SET_ONE_REG Steven Price
2025-08-20 14:55 ` [PATCH v10 36/43] arm64: RME: Initialize PMCR.N with number counter supported by RMM Steven Price
2025-08-20 14:55 ` [PATCH v10 37/43] arm64: RME: Propagate max SVE vector length from RMM Steven Price
2025-08-20 14:55 ` [PATCH v10 38/43] arm64: RME: Configure max SVE vector length for a Realm Steven Price
2025-08-20 14:55 ` [PATCH v10 39/43] arm64: RME: Provide register list for unfinalized RME RECs Steven Price
2025-08-20 14:56 ` [PATCH v10 40/43] arm64: RME: Provide accurate register list Steven Price
2025-08-20 14:56 ` [PATCH v10 41/43] KVM: arm64: Expose support for private memory Steven Price
2025-08-20 14:56 ` [PATCH v10 42/43] KVM: arm64: Expose KVM_ARM_VCPU_REC to user space Steven Price
2025-08-20 14:56 ` [PATCH v10 43/43] KVM: arm64: Allow activating realms Steven Price
2025-09-04 0:46 ` [PATCH v10 00/43] arm64: Support for Arm CCA in KVM Gavin Shan
2025-09-15 10:55 ` Steven Price
2025-09-24 2:34 ` Emi Kisanuki (Fujitsu)
2025-09-26 9:10 ` Steven Price
2025-10-17 14:55 ` [PATCH v11 00/42] " Steven Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2226e62f-76ca-4467-a8ae-460fd463df0a@arm.com \
--to=steven.price@arm.com \
--cc=alexandru.elisei@arm.com \
--cc=alpergun@google.com \
--cc=aneesh.kumar@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@arm.com \
--cc=fj0570is@fujitsu.com \
--cc=gankulkarni@os.amperecomputing.com \
--cc=gshan@redhat.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=sdonthineni@nvidia.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vannapurve@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox