From: Mostafa Saleh <smostafa@google.com>
To: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev,
iommu@lists.linux.dev
Cc: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org,
oliver.upton@linux.dev, joey.gouly@arm.com,
suzuki.poulose@arm.com, yuzenghui@huawei.com, joro@8bytes.org,
jean-philippe@linaro.org, jgg@ziepe.ca, praan@google.com,
danielmentz@google.com, mark.rutland@arm.com,
qperret@google.com, tabba@google.com,
Mostafa Saleh <smostafa@google.com>
Subject: [PATCH v5 08/27] KVM: arm64: iommu: Introduce IOMMU driver infrastructure
Date: Mon, 17 Nov 2025 18:47:55 +0000 [thread overview]
Message-ID: <20251117184815.1027271-9-smostafa@google.com> (raw)
In-Reply-To: <20251117184815.1027271-1-smostafa@google.com>
To establish DMA isolation, KVM needs an IOMMU driver which provide
ops implemented at EL2.
Only one driver can be used and is registered with
kvm_iommu_register_driver() by passing pointer to the ops.
This must be called before module_init() which is the point KVM
initializes.
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
arch/arm64/include/asm/kvm_host.h | 5 +++++
arch/arm64/kvm/Makefile | 2 +-
arch/arm64/kvm/hyp/include/nvhe/iommu.h | 13 +++++++++++++
arch/arm64/kvm/hyp/nvhe/Makefile | 3 ++-
arch/arm64/kvm/hyp/nvhe/iommu/iommu.c | 18 ++++++++++++++++++
arch/arm64/kvm/hyp/nvhe/setup.c | 5 +++++
arch/arm64/kvm/iommu.c | 15 +++++++++++++++
7 files changed, 59 insertions(+), 2 deletions(-)
create mode 100644 arch/arm64/kvm/hyp/include/nvhe/iommu.h
create mode 100644 arch/arm64/kvm/hyp/nvhe/iommu/iommu.c
create mode 100644 arch/arm64/kvm/iommu.c
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 64302c438355..fb2551ba8798 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -1652,4 +1652,9 @@ static __always_inline enum fgt_group_id __fgt_reg_to_group_id(enum vcpu_sysreg
p; \
})
+#ifndef __KVM_NVHE_HYPERVISOR__
+struct kvm_iommu_ops;
+int kvm_iommu_register_driver(struct kvm_iommu_ops *hyp_ops);
+#endif
+
#endif /* __ARM64_KVM_HOST_H__ */
diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile
index 3ebc0570345c..66959c048492 100644
--- a/arch/arm64/kvm/Makefile
+++ b/arch/arm64/kvm/Makefile
@@ -24,7 +24,7 @@ kvm-y += arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.o \
vgic/vgic-mmio.o vgic/vgic-mmio-v2.o \
vgic/vgic-mmio-v3.o vgic/vgic-kvm-device.o \
vgic/vgic-its.o vgic/vgic-debug.o vgic/vgic-v3-nested.o \
- vgic/vgic-v5.o
+ vgic/vgic-v5.o iommu.o
kvm-$(CONFIG_HW_PERF_EVENTS) += pmu-emul.o pmu.o
kvm-$(CONFIG_ARM64_PTR_AUTH) += pauth.o
diff --git a/arch/arm64/kvm/hyp/include/nvhe/iommu.h b/arch/arm64/kvm/hyp/include/nvhe/iommu.h
new file mode 100644
index 000000000000..1ac70cc28a9e
--- /dev/null
+++ b/arch/arm64/kvm/hyp/include/nvhe/iommu.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ARM64_KVM_NVHE_IOMMU_H__
+#define __ARM64_KVM_NVHE_IOMMU_H__
+
+#include <asm/kvm_host.h>
+
+struct kvm_iommu_ops {
+ int (*init)(void);
+};
+
+int kvm_iommu_init(void);
+
+#endif /* __ARM64_KVM_NVHE_IOMMU_H__ */
diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
index a244ec25f8c5..8210788d6f88 100644
--- a/arch/arm64/kvm/hyp/nvhe/Makefile
+++ b/arch/arm64/kvm/hyp/nvhe/Makefile
@@ -24,7 +24,8 @@ CFLAGS_switch.nvhe.o += -Wno-override-init
hyp-obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o \
hyp-main.o hyp-smp.o psci-relay.o early_alloc.o page_alloc.o \
- cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o
+ cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o \
+ iommu/iommu.o
hyp-obj-y += ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../entry.o \
../fpsimd.o ../hyp-entry.o ../exception.o ../pgtable.o
hyp-obj-y += ../../../kernel/smccc-call.o
diff --git a/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c b/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c
new file mode 100644
index 000000000000..a01c036c55be
--- /dev/null
+++ b/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * IOMMU operations for pKVM
+ *
+ * Copyright (C) 2022 Linaro Ltd.
+ */
+#include <nvhe/iommu.h>
+
+/* Only one set of ops supported */
+struct kvm_iommu_ops *kvm_iommu_ops;
+
+int kvm_iommu_init(void)
+{
+ if (!kvm_iommu_ops || !kvm_iommu_ops->init)
+ return -ENODEV;
+
+ return kvm_iommu_ops->init();
+}
diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setup.c
index eff76be89329..de79803e7439 100644
--- a/arch/arm64/kvm/hyp/nvhe/setup.c
+++ b/arch/arm64/kvm/hyp/nvhe/setup.c
@@ -13,6 +13,7 @@
#include <nvhe/early_alloc.h>
#include <nvhe/ffa.h>
#include <nvhe/gfp.h>
+#include <nvhe/iommu.h>
#include <nvhe/memory.h>
#include <nvhe/mem_protect.h>
#include <nvhe/mm.h>
@@ -328,6 +329,10 @@ void __noreturn __pkvm_init_finalise(void)
if (ret)
goto out;
+ ret = kvm_iommu_init();
+ if (ret)
+ goto out;
+
ret = hyp_ffa_init(ffa_proxy_pages);
if (ret)
goto out;
diff --git a/arch/arm64/kvm/iommu.c b/arch/arm64/kvm/iommu.c
new file mode 100644
index 000000000000..c9041dcb6c57
--- /dev/null
+++ b/arch/arm64/kvm/iommu.c
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2025 Google LLC
+ * Author: Mostafa Saleh <smostafa@google.com>
+ */
+
+#include <linux/kvm_host.h>
+
+extern struct kvm_iommu_ops *kvm_nvhe_sym(kvm_iommu_ops);
+
+int kvm_iommu_register_driver(struct kvm_iommu_ops *hyp_ops)
+{
+ kvm_nvhe_sym(kvm_iommu_ops) = hyp_ops;
+ return 0;
+}
--
2.52.0.rc1.455.g30608eb744-goog
next prev parent reply other threads:[~2025-11-17 18:49 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-17 18:47 [PATCH v5 00/27] KVM: arm64: SMMUv3 driver for pKVM (trap and emulate) Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 01/27] KVM: arm64: Add a new function to donate memory with prot Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 02/27] KVM: arm64: Donate MMIO to the hypervisor Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 03/27] KVM: arm64: pkvm: Add pkvm_time_get() Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 04/27] iommu/io-pgtable-arm: Factor kernel specific code out Mostafa Saleh
2025-11-28 16:45 ` Jason Gunthorpe
2025-12-12 15:37 ` Mostafa Saleh
2025-12-16 0:58 ` Jason Gunthorpe
2025-12-16 23:08 ` Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 05/27] iommu/arm-smmu-v3: Split code with hyp Mostafa Saleh
2025-11-28 16:46 ` Jason Gunthorpe
2025-12-12 15:41 ` Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 06/27] iommu/arm-smmu-v3: Move TLB range invalidation into common code Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 07/27] iommu/arm-smmu-v3: Move IDR parsing to common functions Mostafa Saleh
2025-11-28 16:48 ` Jason Gunthorpe
2025-12-12 15:42 ` Mostafa Saleh
2025-12-17 13:59 ` Jason Gunthorpe
2025-11-17 18:47 ` Mostafa Saleh [this message]
2025-11-17 18:47 ` [PATCH v5 09/27] KVM: arm64: iommu: Shadow host stage-2 page table Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 10/27] KVM: arm64: iommu: Add memory pool Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 11/27] KVM: arm64: iommu: Support DABT for IOMMU Mostafa Saleh
2025-11-17 18:47 ` [PATCH v5 12/27] iommu/arm-smmu-v3-kvm: Add SMMUv3 driver Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 13/27] iommu/arm-smmu-v3-kvm: Add the kernel driver Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 14/27] iommu/arm-smmu-v3: Support probing KVM emulated devices Mostafa Saleh
2025-11-28 16:56 ` Jason Gunthorpe
2025-12-12 15:53 ` Mostafa Saleh
2025-12-17 14:00 ` Jason Gunthorpe
2025-11-17 18:48 ` [PATCH v5 15/27] iommu/arm-smmu-v3-kvm: Create array for hyp SMMUv3 Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 16/27] iommu/arm-smmu-v3-kvm: Take over SMMUs Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 17/27] iommu/arm-smmu-v3-kvm: Probe SMMU HW Mostafa Saleh
2025-11-28 17:07 ` Jason Gunthorpe
2025-12-12 16:07 ` Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 18/27] iommu/arm-smmu-v3-kvm: Add MMIO emulation Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 19/27] iommu/arm-smmu-v3-kvm: Shadow the command queue Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 20/27] iommu/arm-smmu-v3-kvm: Add CMDQ functions Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 21/27] iommu/arm-smmu-v3-kvm: Emulate CMDQ for host Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 22/27] iommu/arm-smmu-v3-kvm: Shadow stream table Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 23/27] iommu/arm-smmu-v3-kvm: Shadow STEs Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 24/27] iommu/arm-smmu-v3-kvm: Emulate GBPA Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 25/27] iommu/arm-smmu-v3-kvm: Support io-pgtable Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 26/27] iommu/arm-smmu-v3-kvm: Shadow the CPU stage-2 page table Mostafa Saleh
2025-11-17 18:48 ` [PATCH v5 27/27] iommu/arm-smmu-v3-kvm: Enable nesting Mostafa Saleh
2025-11-28 17:12 ` Jason Gunthorpe
2025-12-12 16:15 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251117184815.1027271-9-smostafa@google.com \
--to=smostafa@google.com \
--cc=catalin.marinas@arm.com \
--cc=danielmentz@google.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=jgg@ziepe.ca \
--cc=joey.gouly@arm.com \
--cc=joro@8bytes.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=praan@google.com \
--cc=qperret@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).