From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 29D9B349AEC; Wed, 13 May 2026 13:21:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778678504; cv=none; b=m404D2Inz5+0nm/of0hy/5BF6qbk3wSJTwTe6BCz2M6QUUtQC3JN+GL5TMWiCbjC0fFYKR5h6Vz+wSVmvmII5ozBXXAHQGc1EAxqlhIt+XcDE3jB5zr6W/nBQB9cpmXHlTgMGLCnpi3Px9JgwHGrft/++/lNM2PBFgmCroDvDOY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778678504; c=relaxed/simple; bh=ahSr2bArsjLTryRlYgq0r6I21OJ7FScjdi4FRRA9v1U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tToD5T0ggp08T7/+Cb0EGL4dvQQJzULRl5pRY2AWnwG/dBnJ9FFZAme4ywG4MjK1hZ8epL1jAy/1pIywJl/ll1mRzsf0VnYAjjcsIxP3zPnJtElsQd0S62z8QACzD/gKjZXHK2CGE9TIGY4qJpBfIljy0S58ojmfuvVYkhCfYFk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=cgy8ErHk; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="cgy8ErHk" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 47D29302F; Wed, 13 May 2026 06:21:37 -0700 (PDT) Received: from e122027.arm.com (unknown [10.57.68.187]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 077703F836; Wed, 13 May 2026 06:21:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1778678502; bh=ahSr2bArsjLTryRlYgq0r6I21OJ7FScjdi4FRRA9v1U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cgy8ErHk5Cn4+pmGXa1XRHdZm0ISl5zgck1tPNsx81EOxYp5oh36AmQ17ZPvcEcBP AcfgE18VhtJaBeRiktawpEyErUJkRmKNjHaxw4JNpvf19hKfJ70vsZ3EYP60vKTFLa R6kmUCHtqt80X1f2mY8WQEuuMlD+d5V+Agl+qPW4= From: Steven Price To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Steven Price , Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Suzuki K Poulose , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev, Ganapatrao Kulkarni , Gavin Shan , Shanker Donthineni , Alper Gun , "Aneesh Kumar K . V" , Emi Kisanuki , Vishal Annapurve , WeiLin.Chang@arm.com, Lorenzo.Pieralisi2@arm.com Subject: [PATCH v14 37/44] arm64: RMI: Prevent Device mappings for Realms Date: Wed, 13 May 2026 14:17:45 +0100 Message-ID: <20260513131757.116630-38-steven.price@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260513131757.116630-1-steven.price@arm.com> References: <20260513131757.116630-1-steven.price@arm.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Physical device assignment is not yet supported. RMM v2.0 does add the relevant APIs, but device assignment is a big topic so will be handled in a future patch series. For now prevent device mappings when the guest is a realm. Signed-off-by: Steven Price --- Changes from v6: * Fix the check in user_mem_abort() to prevent all pages that are not guest_memfd() from being mapped into the protected half of the IPA. Changes from v5: * Also prevent accesses in user_mem_abort() --- arch/arm64/kvm/mmu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 776ffe56d17e..7678226ffd38 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1230,6 +1230,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa, if (is_protected_kvm_enabled()) return -EPERM; + /* We don't support mapping special pages into a Realm */ + if (kvm_is_realm(kvm)) + return -EPERM; + size += offset_in_page(guest_ipa); guest_ipa &= PAGE_MASK; -- 2.43.0