[PATCH 1/2] KVM: arm64: gic: Enable GICv3 CPUIF trapping on GICv5 hosts if required

[PATCH 1/2] KVM: arm64: gic: Enable GICv3 CPUIF trapping on GICv5 hosts if required

[Sascha Bischoff]

Factor out the enable (and printing of) the GICv3 CPUIF traps from the
main GICv3 probe into a separate function. Call said function from the
GICv5 probe for legacy support, ensuring that any required GICv3 CPUIF
traps on GICv5 hosts will be correctly handled, rather than injecting
an undef into the guest.

Signed-off-by: Sascha Bischoff <sascha.bischoff@arm.com>
---
 arch/arm64/kvm/vgic/vgic-v3.c | 25 +++++++++++++++----------
 arch/arm64/kvm/vgic/vgic-v5.c |  2 ++
 arch/arm64/kvm/vgic/vgic.h    |  1 +
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
index 968aa9d89be63..b06c72cd933de 100644
--- a/arch/arm64/kvm/vgic/vgic-v3.c
+++ b/arch/arm64/kvm/vgic/vgic-v3.c
@@ -879,6 +879,20 @@ void noinstr kvm_compute_ich_hcr_trap_bits(struct alt_instr *alt,
 	*updptr = cpu_to_le32(insn);
 }
 
+void vgic_v3_enable_cpuif_traps(void)
+{
+	u64 traps = vgic_ich_hcr_trap_bits();
+
+	if (traps) {
+		kvm_info("GICv3 sysreg trapping enabled ([%s%s%s%s], reduced performance)\n",
+			 (traps & ICH_HCR_EL2_TALL0) ? "G0" : "",
+			 (traps & ICH_HCR_EL2_TALL1) ? "G1" : "",
+			 (traps & ICH_HCR_EL2_TC)    ? "C"  : "",
+			 (traps & ICH_HCR_EL2_TDIR)  ? "D"  : "");
+		static_branch_enable(&vgic_v3_cpuif_trap);
+	}
+}
+
 /**
  * vgic_v3_probe - probe for a VGICv3 compatible interrupt controller
  * @info:	pointer to the GIC description
@@ -890,7 +904,6 @@ int vgic_v3_probe(const struct gic_kvm_info *info)
 {
 	u64 ich_vtr_el2 = kvm_call_hyp_ret(__vgic_v3_get_gic_config);
 	bool has_v2;
-	u64 traps;
 	int ret;
 
 	has_v2 = ich_vtr_el2 >> 63;
@@ -954,15 +967,7 @@ int vgic_v3_probe(const struct gic_kvm_info *info)
 		kvm_vgic_global_state.ich_vtr_el2 &= ~ICH_VTR_EL2_SEIS;
 	}
 
-	traps = vgic_ich_hcr_trap_bits();
-	if (traps) {
-		kvm_info("GICv3 sysreg trapping enabled ([%s%s%s%s], reduced performance)\n",
-			 (traps & ICH_HCR_EL2_TALL0) ? "G0" : "",
-			 (traps & ICH_HCR_EL2_TALL1) ? "G1" : "",
-			 (traps & ICH_HCR_EL2_TC)    ? "C"  : "",
-			 (traps & ICH_HCR_EL2_TDIR)  ? "D"  : "");
-		static_branch_enable(&vgic_v3_cpuif_trap);
-	}
+	vgic_v3_enable_cpuif_traps();
 
 	kvm_vgic_global_state.vctrl_base = NULL;
 	kvm_vgic_global_state.type = VGIC_V3;
diff --git a/arch/arm64/kvm/vgic/vgic-v5.c b/arch/arm64/kvm/vgic/vgic-v5.c
index 2d3811f4e1174..331651087e2c7 100644
--- a/arch/arm64/kvm/vgic/vgic-v5.c
+++ b/arch/arm64/kvm/vgic/vgic-v5.c
@@ -48,5 +48,7 @@ int vgic_v5_probe(const struct gic_kvm_info *info)
 	static_branch_enable(&kvm_vgic_global_state.gicv3_cpuif);
 	kvm_info("GCIE legacy system register CPU interface\n");
 
+	vgic_v3_enable_cpuif_traps();
+
 	return 0;
 }
diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h
index 5f0fc96b4dc29..c9b3bb07e483c 100644
--- a/arch/arm64/kvm/vgic/vgic.h
+++ b/arch/arm64/kvm/vgic/vgic.h
@@ -324,6 +324,7 @@ void vgic_v3_configure_hcr(struct kvm_vcpu *vcpu, struct ap_list_summary *als);
 void vgic_v3_set_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr);
 void vgic_v3_get_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr);
 void vgic_v3_reset(struct kvm_vcpu *vcpu);
+void vgic_v3_enable_cpuif_traps(void);
 int vgic_v3_probe(const struct gic_kvm_info *info);
 int vgic_v3_map_resources(struct kvm *kvm);
 int vgic_v3_lpi_sync_pending_status(struct kvm *kvm, struct vgic_irq *irq);
-- 
2.34.1

[PATCH 0/2] Enable GICv5 Legacy CPUIF trapping & fix TDIR cap test

[Sascha Bischoff]

These changes address two trapping-related issues when running legacy
(i.e. GICv3) guests on GICv5 hosts.

The first change enables the vgic_v3_cpuif_trap static branch on GICv5
hosts with legacy support, if trapping is required. The missing enable
was caught as part of debugging why UNDEFs were being injected into
guests when the ICH_HCR_EL2.TC bit was set - the expected bahaviour
was that KVM should handle the trapped accesses, with the guest
remaining blissfully unaware.

The second change fixes the specific cause of the TC bit being set in
the first place. The test for the ICH_HCR_EL2_TDIR cap was checking
for GICv3 CPUIF support and returning false prior to checking for
GICv5 Legacy support. The result was that on GICv5 hosts, the test
always returned false, and therefore the TC bit was being set. The
issue is fixed by reordering the checks to check for GICv5 Legacy
support first.

These changes are based against kvmarm/next.

Thanks,
Sascha

Sascha Bischoff (2):
  KVM: arm64: gic: Enable GICv3 CPUIF trapping on GICv5 hosts if
    required
  KVM: arm64: Correct test for ICH_HCR_EL2_TDIR cap for GICv5 hosts

 arch/arm64/kernel/cpufeature.c |  8 ++++----
 arch/arm64/kvm/vgic/vgic-v3.c  | 25 +++++++++++++++----------
 arch/arm64/kvm/vgic/vgic-v5.c  |  2 ++
 arch/arm64/kvm/vgic/vgic.h     |  1 +
 4 files changed, 22 insertions(+), 14 deletions(-)

--
2.34.1

[PATCH 0/2] Enable GICv5 Legacy CPUIF trapping & fix TDIR cap test

[Sascha Bischoff]

These changes address two trapping-related issues when running legacy
(i.e. GICv3) guests on GICv5 hosts.

The first change enables the vgic_v3_cpuif_trap static branch on GICv5
hosts with legacy support, if trapping is required. The missing enable
was caught as part of debugging why UNDEFs were being injected into
guests when the ICH_HCR_EL2.TC bit was set - the expected bahaviour
was that KVM should handle the trapped accesses, with the guest
remaining blissfully unaware.

The second change fixes the specific cause of the TC bit being set in
the first place. The test for the ICH_HCR_EL2_TDIR cap was checking
for GICv3 CPUIF support and returning false prior to checking for
GICv5 Legacy support. The result was that on GICv5 hosts, the test
always returned false, and therefore the TC bit was being set. The
issue is fixed by reordering the checks to check for GICv5 Legacy
support first.

These changes are based against kvmarm/next.

Thanks,
Sascha

Sascha Bischoff (2):
  KVM: arm64: gic: Enable GICv3 CPUIF trapping on GICv5 hosts if
    required
  KVM: arm64: Correct test for ICH_HCR_EL2_TDIR cap for GICv5 hosts

 arch/arm64/kernel/cpufeature.c |  8 ++++----
 arch/arm64/kvm/vgic/vgic-v3.c  | 25 +++++++++++++++----------
 arch/arm64/kvm/vgic/vgic-v5.c  |  2 ++
 arch/arm64/kvm/vgic/vgic.h     |  1 +
 4 files changed, 22 insertions(+), 14 deletions(-)

--
2.34.1

[PATCH 2/2] KVM: arm64: Correct test for ICH_HCR_EL2_TDIR cap for GICv5 hosts

[Sascha Bischoff]

The original order of checks in the ICH_HCR_EL2_TDIR test returned
with false early in the case where the native GICv3 CPUIF was not
present. The result was that on GICv5 hosts with legacy support -
which do not have the GICv3 CPUIF - the test always returned false.

Reshuffle the checks such that support for GICv5 legacy is checked
prior to checking for the native GICv3 CPUIF.

Signed-off-by: Sascha Bischoff <sascha.bischoff@arm.com>
Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
---
 arch/arm64/kernel/cpufeature.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index d34dcc5630865..fb5665c6cea01 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2325,16 +2325,16 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
 
 	BUILD_BUG_ON(ARM64_HAS_ICH_HCR_EL2_TDIR <= ARM64_HAS_GICV3_CPUIF);
 	BUILD_BUG_ON(ARM64_HAS_ICH_HCR_EL2_TDIR <= ARM64_HAS_GICV5_LEGACY);
-	if (!this_cpu_has_cap(ARM64_HAS_GICV3_CPUIF) &&
-	    !is_midr_in_range_list(has_vgic_v3))
-		return false;
-
 	if (!is_hyp_mode_available())
 		return false;
 
 	if (this_cpu_has_cap(ARM64_HAS_GICV5_LEGACY))
 		return true;
 
+	if (!this_cpu_has_cap(ARM64_HAS_GICV3_CPUIF) &&
+	    !is_midr_in_range_list(has_vgic_v3))
+		return false;
+
 	if (is_kernel_in_hyp_mode())
 		res.a1 = read_sysreg_s(SYS_ICH_VTR_EL2);
 	else
-- 
2.34.1

Re: [PATCH 0/2] Enable GICv5 Legacy CPUIF trapping & fix TDIR cap test

[Marc Zyngier]

On Mon, 08 Dec 2025 15:28:22 +0000,
Sascha Bischoff <Sascha.Bischoff@arm.com> wrote:
> 
> These changes address two trapping-related issues when running legacy
> (i.e. GICv3) guests on GICv5 hosts.
> 
> The first change enables the vgic_v3_cpuif_trap static branch on GICv5
> hosts with legacy support, if trapping is required. The missing enable
> was caught as part of debugging why UNDEFs were being injected into
> guests when the ICH_HCR_EL2.TC bit was set - the expected bahaviour
> was that KVM should handle the trapped accesses, with the guest
> remaining blissfully unaware.
> 
> The second change fixes the specific cause of the TC bit being set in
> the first place. The test for the ICH_HCR_EL2_TDIR cap was checking
> for GICv3 CPUIF support and returning false prior to checking for
> GICv5 Legacy support. The result was that on GICv5 hosts, the test
> always returned false, and therefore the TC bit was being set. The
> issue is fixed by reordering the checks to check for GICv5 Legacy
> support first.
> 
> These changes are based against kvmarm/next.
> 
> Thanks,
> Sascha
> 
> Sascha Bischoff (2):
>   KVM: arm64: gic: Enable GICv3 CPUIF trapping on GICv5 hosts if
>     required
>   KVM: arm64: Correct test for ICH_HCR_EL2_TDIR cap for GICv5 hosts
> 
>  arch/arm64/kernel/cpufeature.c |  8 ++++----
>  arch/arm64/kvm/vgic/vgic-v3.c  | 25 +++++++++++++++----------
>  arch/arm64/kvm/vgic/vgic-v5.c  |  2 ++
>  arch/arm64/kvm/vgic/vgic.h     |  1 +
>  4 files changed, 22 insertions(+), 14 deletions(-)

Thanks for the debugging, and putting this together!

Reviewed-by: Marc Zyngier <maz@kernel.org>

	M.

-- 
Without deviation from the norm, progress is not possible.