From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A4FAACD4F21 for ; Wed, 13 May 2026 13:20:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+qSApgjXDdqkJpxfCd+3jdhDcALikRiIXQVGWxbxfBw=; b=g/UhDJ62eAM/W9X1Q92UdLkarc JR8v1tGsL3uh8e0z/WDISSb5YAqWFDQh/cIHxVQyCqHMvCnOLMlO47nRWQqgHKJUCabGK6BnOWKcV qxmzXalU4aAkxuxcotwt/567b3t59E6VS72DLp0v+bCrn+P7sPAiwdG8/pMAQhM6VTG7MDXNdhPPs 60AGXbbgo29QkLCWIiQUdz+fB4Gi0awWlFk4XcmxAydERzrTcxWK//kWqUKlklzdSuS1YHpuP85YU qv51KSDY5w4RB/cyqTfqFCgoYmfRy0R8pcneoPDUcON6DAVESdwxF2IFhOI5XE1u01O2gW2ScC18V fjdkhT0w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wN9VH-00000002flG-3QrC; Wed, 13 May 2026 13:19:59 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wN9V2-00000002fSJ-2F6O for linux-arm-kernel@lists.infradead.org; Wed, 13 May 2026 13:19:57 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 99C422444; Wed, 13 May 2026 06:19:38 -0700 (PDT) Received: from e122027.arm.com (unknown [10.57.68.187]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D3EF83F836; Wed, 13 May 2026 06:19:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1778678383; bh=xNaWtn8WVTxOvUcxuFEDgDbFnMMoLd5CjZXcFr0CCxk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vZhQcG0ahSzAcJncs+tF0qXpFPLiZbGmJcGhg0QACTEJgcnf9uKL86nFkofqd2Zxk WSqRAPyBrhorIHA05/QW49Zbc7NQPsfoisCr9eRxmK5K/MZaq46T/QUmc8IO2Pmj4X DPv5Wv181FdEQgX+GxWo3aiQEs628GEnAJmUPJds= From: Steven Price To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Suzuki K Poulose , Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev, Ganapatrao Kulkarni , Gavin Shan , Shanker Donthineni , Alper Gun , "Aneesh Kumar K . V" , Emi Kisanuki , Vishal Annapurve , WeiLin.Chang@arm.com, Lorenzo.Pieralisi2@arm.com, Steven Price Subject: [PATCH v14 15/44] kvm: arm64: Don't expose unsupported capabilities for realm guests Date: Wed, 13 May 2026 14:17:23 +0100 Message-ID: <20260513131757.116630-16-steven.price@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260513131757.116630-1-steven.price@arm.com> References: <20260513131757.116630-1-steven.price@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.9.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260513_061944_694755_E7E8F8C5 X-CRM114-Status: GOOD ( 12.85 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Suzuki K Poulose RMM v2.0 provides no mechanism for the host to perform debug operations on the guest. So limit the extensions that are visible to an allowlist so that only those capabilities we can support are advertised. Signed-off-by: Suzuki K Poulose Signed-off-by: Steven Price --- Changes since v13: * Add missing check in kvm_vm_ioctl_enable_cap(). Changes since v10: * Add a kvm_realm_ext_allowed() function which limits which extensions are exposed to an allowlist. This removes the need for special casing various extensions. Changes since v7: * Remove the helper functions and inline the kvm_is_realm() check with a ternary operator. * Rewrite the commit message to explain this patch. --- arch/arm64/kvm/arm.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 18251e561524..c6ebc5913e40 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -133,6 +133,25 @@ int kvm_arch_vcpu_should_kick(struct kvm_vcpu *vcpu) return kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE; } +static bool kvm_realm_ext_allowed(long ext) +{ + switch (ext) { + case KVM_CAP_IRQCHIP: + case KVM_CAP_ARM_PSCI: + case KVM_CAP_ARM_PSCI_0_2: + case KVM_CAP_NR_VCPUS: + case KVM_CAP_MAX_VCPUS: + case KVM_CAP_MAX_VCPU_ID: + case KVM_CAP_MSI_DEVID: + case KVM_CAP_ARM_VM_IPA_SIZE: + case KVM_CAP_ARM_PTRAUTH_ADDRESS: + case KVM_CAP_ARM_PTRAUTH_GENERIC: + case KVM_CAP_ARM_RMI: + return true; + } + return false; +} + int kvm_vm_ioctl_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap) { @@ -144,6 +163,9 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, if (is_protected_kvm_enabled() && !kvm_pkvm_ext_allowed(kvm, cap->cap)) return -EINVAL; + if (kvm && kvm_is_realm(kvm) && !kvm_realm_ext_allowed(cap->cap)) + return -EINVAL; + switch (cap->cap) { case KVM_CAP_ARM_NISV_TO_USER: r = 0; @@ -378,6 +400,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) if (is_protected_kvm_enabled() && !kvm_pkvm_ext_allowed(kvm, ext)) return 0; + if (kvm && kvm_is_realm(kvm) && !kvm_realm_ext_allowed(ext)) + return 0; + switch (ext) { case KVM_CAP_IRQCHIP: r = vgic_present; -- 2.43.0