From: Fuad Tabba <tabba@google.com>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org
Cc: maz@kernel.org, oliver.upton@linux.dev, will@kernel.org,
joey.gouly@arm.com, suzuki.poulose@arm.com,
yuzenghui@huawei.com, catalin.marinas@arm.com,
vladimir.murzin@arm.com, tabba@google.com
Subject: [PATCH v6 8/9] KVM: arm64: Check whether a VM IOCTL is allowed in pKVM
Date: Thu, 11 Dec 2025 10:47:08 +0000 [thread overview]
Message-ID: <20251211104710.151771-9-tabba@google.com> (raw)
In-Reply-To: <20251211104710.151771-1-tabba@google.com>
Certain VM IOCTLs are tied to specific VM features. Since pKVM does not
support all features, restrict which IOCTLs are allowed depending on
whether the associated feature is supported.
Use the existing VM capability check as the source of truth to whether
an IOCTL is allowed for a particular VM by mapping the IOCTLs with their
associated capabilities.
Suggested-by: Oliver Upton <oupton@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
---
arch/arm64/include/asm/kvm_pkvm.h | 21 +++++++++++++++++++++
arch/arm64/kvm/arm.c | 3 +++
2 files changed, 24 insertions(+)
diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h
index 5b564576160d..0fa8c84816fd 100644
--- a/arch/arm64/include/asm/kvm_pkvm.h
+++ b/arch/arm64/include/asm/kvm_pkvm.h
@@ -9,6 +9,7 @@
#include <linux/arm_ffa.h>
#include <linux/memblock.h>
#include <linux/scatterlist.h>
+#include <asm/kvm_host.h>
#include <asm/kvm_pgtable.h>
/* Maximum number of VMs that can co-exist under pKVM. */
@@ -43,6 +44,7 @@ static inline bool kvm_pkvm_ext_allowed(struct kvm *kvm, long ext)
case KVM_CAP_ARM_SVE:
case KVM_CAP_ARM_PTRAUTH_ADDRESS:
case KVM_CAP_ARM_PTRAUTH_GENERIC:
+ case KVM_CAP_ARM_BASIC:
return true;
case KVM_CAP_ARM_MTE:
return false;
@@ -51,6 +53,25 @@ static inline bool kvm_pkvm_ext_allowed(struct kvm *kvm, long ext)
}
}
+/*
+ * Check whether the KVM VM IOCTL is allowed in pKVM.
+ *
+ * Certain features are allowed only for non-protected VMs in pKVM, which is why
+ * this takes the VM (kvm) as a parameter.
+ */
+static inline bool kvm_pkvm_ioctl_allowed(struct kvm *kvm, unsigned int ioctl)
+{
+ long ext;
+ int r;
+
+ r = kvm_get_cap_for_kvm_ioctl(ioctl, &ext);
+
+ if (WARN_ON_ONCE(r < 0))
+ return false;
+
+ return kvm_pkvm_ext_allowed(kvm, ext);
+}
+
extern struct memblock_region kvm_nvhe_sym(hyp_memory)[];
extern unsigned int kvm_nvhe_sym(hyp_memblock_nr);
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 1bbba79e2686..d9a8745d0bd6 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1921,6 +1921,9 @@ int kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
void __user *argp = (void __user *)arg;
struct kvm_device_attr attr;
+ if (is_protected_kvm_enabled() && !kvm_pkvm_ioctl_allowed(kvm, ioctl))
+ return -EINVAL;
+
switch (ioctl) {
case KVM_CREATE_IRQCHIP: {
int ret;
--
2.52.0.223.gf5cc29aaa4-goog
next prev parent reply other threads:[~2025-12-11 10:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-11 10:47 [PATCH v6 0/9] KVM: arm64: Fixes for guest CPU feature trapping and enabling Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 1/9] KVM: arm64: Fix Trace Buffer trapping for protected VMs Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 2/9] KVM: arm64: Fix Trace Buffer trap polarity " Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 3/9] KVM: arm64: Fix MTE flag initialization " Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 4/9] KVM: arm64: Introduce helper to calculate fault IPA offset Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 5/9] KVM: arm64: Include VM type when checking VM capabilities in pKVM Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 6/9] KVM: arm64: Do not allow KVM_CAP_ARM_MTE for any guest " Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 7/9] KVM: arm64: Track KVM IOCTLs and their associated KVM caps Fuad Tabba
2025-12-11 10:47 ` Fuad Tabba [this message]
2026-01-15 15:03 ` [PATCH v6 8/9] KVM: arm64: Check whether a VM IOCTL is allowed in pKVM Marc Zyngier
2026-01-15 15:19 ` Fuad Tabba
2026-01-15 16:05 ` Marc Zyngier
2026-01-15 16:14 ` Fuad Tabba
2026-01-15 18:03 ` Marc Zyngier
2026-01-15 19:15 ` Fuad Tabba
2025-12-11 10:47 ` [PATCH v6 9/9] KVM: arm64: Prevent host from managing timer offsets for protected VMs Fuad Tabba
2026-01-15 21:55 ` [PATCH v6 0/9] KVM: arm64: Fixes for guest CPU feature trapping and enabling Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251211104710.151771-9-tabba@google.com \
--to=tabba@google.com \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=vladimir.murzin@arm.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox