From: Marc Zyngier <maz@kernel.org>
To: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Steven Price <steven.price@arm.com>,
kvm@vger.kernel.org, kvmarm@lists.linux.dev,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Christoffer Dall <christoffer.dall@arm.com>,
Fuad Tabba <tabba@google.com>,
linux-coco@lists.linux.dev,
Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>,
Gavin Shan <gshan@redhat.com>,
Shanker Donthineni <sdonthineni@nvidia.com>,
Alper Gun <alpergun@google.com>,
"Aneesh Kumar K . V" <aneesh.kumar@kernel.org>,
Emi Kisanuki <fj0570is@fujitsu.com>,
Vishal Annapurve <vannapurve@google.com>
Subject: Re: [PATCH v12 27/46] KVM: arm64: Handle Realm PSCI requests
Date: Tue, 03 Mar 2026 13:04:45 +0000 [thread overview]
Message-ID: <86ikbd83o2.wl-maz@kernel.org> (raw)
In-Reply-To: <ec27e294-0bee-474a-a15b-6be20ee10cd4@arm.com>
On Tue, 03 Mar 2026 09:26:31 +0000,
Suzuki K Poulose <suzuki.poulose@arm.com> wrote:
>
> On 02/03/2026 16:39, Marc Zyngier wrote:
> > On Wed, 17 Dec 2025 10:11:04 +0000,
> > Steven Price <steven.price@arm.com> wrote:
> >>
> >> The RMM needs to be informed of the target REC when a PSCI call is made
> >> with an MPIDR argument. Expose an ioctl to the userspace in case the PSCI
> >> is handled by it.
> >>
> >> Co-developed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >> Signed-off-by: Steven Price <steven.price@arm.com>
> >> Reviewed-by: Gavin Shan <gshan@redhat.com>
> >> ---
> >> Changes since v11:
> >> * RMM->RMI renaming.
> >> Changes since v6:
> >> * Use vcpu_is_rec() rather than kvm_is_realm(vcpu->kvm).
> >> * Minor renaming/formatting fixes.
> >> ---
> >> arch/arm64/include/asm/kvm_rmi.h | 3 +++
> >> arch/arm64/kvm/arm.c | 25 +++++++++++++++++++++++++
> >> arch/arm64/kvm/psci.c | 30 ++++++++++++++++++++++++++++++
> >> arch/arm64/kvm/rmi.c | 14 ++++++++++++++
> >> 4 files changed, 72 insertions(+)
> >>
> >> diff --git a/arch/arm64/include/asm/kvm_rmi.h b/arch/arm64/include/asm/kvm_rmi.h
> >> index bfe6428eaf16..77da297ca09d 100644
> >> --- a/arch/arm64/include/asm/kvm_rmi.h
> >> +++ b/arch/arm64/include/asm/kvm_rmi.h
> >> @@ -118,6 +118,9 @@ int realm_map_non_secure(struct realm *realm,
> >> kvm_pfn_t pfn,
> >> unsigned long size,
> >> struct kvm_mmu_memory_cache *memcache);
> >> +int realm_psci_complete(struct kvm_vcpu *source,
> >> + struct kvm_vcpu *target,
> >> + unsigned long status);
> >> static inline bool kvm_realm_is_private_address(struct realm
> >> *realm,
> >> unsigned long addr)
> >> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> >> index 06070bc47ee3..fb04d032504e 100644
> >> --- a/arch/arm64/kvm/arm.c
> >> +++ b/arch/arm64/kvm/arm.c
> >> @@ -1797,6 +1797,22 @@ static int kvm_arm_vcpu_set_events(struct kvm_vcpu *vcpu,
> >> return __kvm_arm_vcpu_set_events(vcpu, events);
> >> }
> >> +static int kvm_arm_vcpu_rmi_psci_complete(struct kvm_vcpu *vcpu,
> >> + struct kvm_arm_rmi_psci_complete *arg)
> >> +{
> >> + struct kvm_vcpu *target = kvm_mpidr_to_vcpu(vcpu->kvm, arg->target_mpidr);
> >> +
> >> + if (!target)
> >> + return -EINVAL;
> >> +
> >> + /*
> >> + * RMM v1.0 only supports PSCI_RET_SUCCESS or PSCI_RET_DENIED
> >> + * for the status. But, let us leave it to the RMM to filter
> >> + * for making this future proof.
> >> + */
> >> + return realm_psci_complete(vcpu, target, arg->psci_status);
> >> +}
> >> +
> >> long kvm_arch_vcpu_ioctl(struct file *filp,
> >> unsigned int ioctl, unsigned long arg)
> >> {
> >> @@ -1925,6 +1941,15 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
> >> return kvm_arm_vcpu_finalize(vcpu, what);
> >> }
> >> + case KVM_ARM_VCPU_RMI_PSCI_COMPLETE: {
> >> + struct kvm_arm_rmi_psci_complete req;
> >> +
> >> + if (!vcpu_is_rec(vcpu))
> >> + return -EPERM;
> >
> > Same remark as for the other ioctl: EPERM is not quite describing the
> > problem.
> >
> >> + if (copy_from_user(&req, argp, sizeof(req)))
> >> + return -EFAULT;
> >> + return kvm_arm_vcpu_rmi_psci_complete(vcpu, &req);
> >> + }
> >> default:
> >> r = -EINVAL;
> >> }
> >> diff --git a/arch/arm64/kvm/psci.c b/arch/arm64/kvm/psci.c
> >> index 3b5dbe9a0a0e..a68f3c1878a5 100644
> >> --- a/arch/arm64/kvm/psci.c
> >> +++ b/arch/arm64/kvm/psci.c
> >> @@ -103,6 +103,12 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
> >> reset_state->reset = true;
> >> kvm_make_request(KVM_REQ_VCPU_RESET, vcpu);
> >> + /*
> >> + * Make sure we issue PSCI_COMPLETE before the VCPU can be
> >> + * scheduled.
> >> + */
> >> + if (vcpu_is_rec(vcpu))
> >> + realm_psci_complete(source_vcpu, vcpu, PSCI_RET_SUCCESS);
> >>
> >
> > I really think in-kernel PSCI should be for NS VMs only. The whole
> > reason for moving to userspace support was to stop adding features to
> > an already complex infrastructure, and CCA is exactly the sort of
> > things we want userspace to deal with.
>
> Agreed. How would you like us to enforce this ? Should we always exit
> to the VMM, even if it hasn't requested the handling ? (I guess it is
> fine and in the worst case VMM could exit, it being buggy)
My current train of though is that a CCA VM always routes PSCI to
userspace, no configuration needed. That's part of the contract.
Now, I'm pretty sure we should *also* get rid of the ioctl that
establishes the relationship between MPIDR and REC. I can't see why
this can't be done at the point where the vcpu runs for the first
time, just like this is done for the first CPU.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2026-03-03 13:04 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-17 10:10 [PATCH v12 00/46] arm64: Support for Arm CCA in KVM Steven Price
2025-12-17 10:10 ` [PATCH v12 01/46] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price
2025-12-17 10:10 ` [PATCH v12 02/46] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price
2025-12-17 10:10 ` [PATCH v12 03/46] arm64: RMI: Add SMC definitions for calling the RMM Steven Price
2025-12-17 10:10 ` [PATCH v12 04/46] arm64: RMI: Add wrappers for RMI calls Steven Price
2025-12-17 10:10 ` [PATCH v12 05/46] arm64: RMI: Check for RMI support at KVM init Steven Price
2025-12-17 10:10 ` [PATCH v12 06/46] arm64: RMI: Define the user ABI Steven Price
2026-01-23 16:47 ` Suzuki K Poulose
2026-01-26 9:37 ` Steven Price
2026-03-02 14:25 ` Marc Zyngier
2026-03-02 15:23 ` Steven Price
2026-03-02 17:13 ` Suzuki K Poulose
2026-03-03 13:13 ` Marc Zyngier
2026-03-03 14:23 ` Suzuki K Poulose
2026-03-03 14:37 ` Marc Zyngier
2026-03-03 16:02 ` Suzuki K Poulose
2026-03-03 13:11 ` Marc Zyngier
2026-03-04 12:08 ` Steven Price
2026-03-11 19:10 ` Marc Zyngier
2026-03-12 9:28 ` Suzuki K Poulose
2026-03-12 9:39 ` Marc Zyngier
2026-03-12 10:45 ` Steven Price
2025-12-17 10:10 ` [PATCH v12 07/46] arm64: RMI: Basic infrastructure for creating a realm Steven Price
2025-12-17 10:10 ` [PATCH v12 08/46] kvm: arm64: Don't expose unsupported capabilities for realm guests Steven Price
2025-12-17 10:10 ` [PATCH v12 09/46] KVM: arm64: Allow passing machine type in KVM creation Steven Price
2025-12-17 10:10 ` [PATCH v12 10/46] arm64: RMI: RTT tear down Steven Price
2025-12-17 10:10 ` [PATCH v12 11/46] arm64: RMI: Activate realm on first VCPU run Steven Price
2025-12-17 14:29 ` Suzuki K Poulose
2026-03-02 14:40 ` Marc Zyngier
2026-03-02 16:31 ` Steven Price
2025-12-17 10:10 ` [PATCH v12 12/46] arm64: RMI: Allocate/free RECs to match vCPUs Steven Price
2025-12-17 10:10 ` [PATCH v12 13/46] KVM: arm64: vgic: Provide helper for number of list registers Steven Price
2025-12-17 10:10 ` [PATCH v12 14/46] arm64: RMI: Support for the VGIC in realms Steven Price
2025-12-17 10:10 ` [PATCH v12 15/46] KVM: arm64: Support timers in realm RECs Steven Price
2025-12-17 10:10 ` [PATCH v12 16/46] arm64: RMI: Handle realm enter/exit Steven Price
2025-12-17 10:10 ` [PATCH v12 17/46] arm64: RMI: Handle RMI_EXIT_RIPAS_CHANGE Steven Price
2025-12-17 10:10 ` [PATCH v12 18/46] KVM: arm64: Handle realm MMIO emulation Steven Price
2025-12-17 10:10 ` [PATCH v12 19/46] KVM: arm64: Expose support for private memory Steven Price
2025-12-20 13:46 ` kernel test robot
2025-12-20 13:59 ` kernel test robot
2025-12-20 14:18 ` kernel test robot
2025-12-17 10:10 ` [PATCH v12 20/46] arm64: RMI: Allow populating initial contents Steven Price
2025-12-20 14:34 ` kernel test robot
2026-03-02 14:56 ` Marc Zyngier
2026-03-02 16:46 ` Steven Price
2025-12-17 10:10 ` [PATCH v12 21/46] arm64: RMI: Set RIPAS of initial memslots Steven Price
2025-12-17 10:10 ` [PATCH v12 22/46] arm64: RMI: Create the realm descriptor Steven Price
2026-01-23 18:57 ` Alper Gun
2026-01-26 9:50 ` Steven Price
2025-12-17 10:11 ` [PATCH v12 23/46] arm64: RMI: Add a VMID allocator for realms Steven Price
2025-12-17 10:11 ` [PATCH v12 24/46] arm64: RMI: Runtime faulting of memory Steven Price
2025-12-17 10:11 ` [PATCH v12 25/46] KVM: arm64: Handle realm VCPU load Steven Price
2025-12-17 10:11 ` [PATCH v12 26/46] KVM: arm64: Validate register access for a Realm VM Steven Price
2025-12-17 10:11 ` [PATCH v12 27/46] KVM: arm64: Handle Realm PSCI requests Steven Price
2026-03-02 16:39 ` Marc Zyngier
2026-03-03 9:26 ` Suzuki K Poulose
2026-03-03 13:04 ` Marc Zyngier [this message]
2025-12-17 10:11 ` [PATCH v12 28/46] KVM: arm64: WARN on injected undef exceptions Steven Price
2025-12-17 10:11 ` [PATCH v12 29/46] arm64: Don't expose stolen time for realm guests Steven Price
2025-12-17 10:11 ` [PATCH v12 30/46] arm64: RMI: allow userspace to inject aborts Steven Price
2025-12-17 10:11 ` [PATCH v12 31/46] arm64: RMI: support RSI_HOST_CALL Steven Price
2025-12-17 10:11 ` [PATCH v12 32/46] arm64: RMI: Allow checking SVE on VM instance Steven Price
2025-12-17 10:11 ` [PATCH v12 33/46] arm64: RMI: Always use 4k pages for realms Steven Price
2025-12-17 10:11 ` [PATCH v12 34/46] arm64: RMI: Prevent Device mappings for Realms Steven Price
2025-12-17 10:11 ` [PATCH v12 35/46] HACK: Restore per-CPU cpu_armpmu pointer Steven Price
2025-12-17 10:11 ` [PATCH v12 36/46] arm_pmu: Provide a mechanism for disabling the physical IRQ Steven Price
2025-12-17 10:11 ` [PATCH v12 37/46] arm64: RMI: Enable PMU support with a realm guest Steven Price
2025-12-17 10:11 ` [PATCH v12 38/46] arm64: RMI: Propagate number of breakpoints and watchpoints to userspace Steven Price
2025-12-17 10:11 ` [PATCH v12 39/46] arm64: RMI: Set breakpoint parameters through SET_ONE_REG Steven Price
2025-12-17 10:11 ` [PATCH v12 40/46] arm64: RMI: Initialize PMCR.N with number counter supported by RMM Steven Price
2025-12-17 10:11 ` [PATCH v12 41/46] arm64: RMI: Propagate max SVE vector length from RMM Steven Price
2025-12-17 10:11 ` [PATCH v12 42/46] arm64: RMI: Configure max SVE vector length for a Realm Steven Price
2025-12-17 10:11 ` [PATCH v12 43/46] arm64: RMI: Provide register list for unfinalized RMI RECs Steven Price
2025-12-17 10:11 ` [PATCH v12 44/46] arm64: RMI: Provide accurate register list Steven Price
2025-12-17 10:11 ` [PATCH v12 45/46] KVM: arm64: Expose KVM_ARM_VCPU_REC to user space Steven Price
2025-12-17 10:11 ` [PATCH v12 46/46] arm64: RMI: Enable realms to be created Steven Price
2025-12-17 14:55 ` [PATCH v12 00/46] arm64: Support for Arm CCA in KVM Marc Zyngier
2025-12-17 15:28 ` Steven Price
2026-02-12 17:48 ` Mathieu Poirier
2026-02-16 12:33 ` Steven Price
2026-02-16 14:27 ` Steven Price
2026-02-17 17:47 ` Mathieu Poirier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86ikbd83o2.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=alpergun@google.com \
--cc=aneesh.kumar@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@arm.com \
--cc=fj0570is@fujitsu.com \
--cc=gankulkarni@os.amperecomputing.com \
--cc=gshan@redhat.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=sdonthineni@nvidia.com \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vannapurve@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox