* [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
@ 2026-03-10 8:54 Marc Zyngier
2026-03-10 9:17 ` Suzuki K Poulose
2026-03-10 10:17 ` Marc Zyngier
0 siblings, 2 replies; 6+ messages in thread
From: Marc Zyngier @ 2026-03-10 8:54 UTC (permalink / raw)
To: kvmarm, linux-arm-kernel
Cc: Joey Gouly, Suzuki K Poulose, Oliver Upton, Zenghui Yu,
Will Deacon, Catalin Marinas, Quentin Perret, Fuad Tabba,
Vincent Donnefort, stable
Hotplugging a CPU off and back on fails with pKVM, as we try to
probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
by using an EL2 stub helper. However, the stubs are out of reach
once pKVM has deprivileged the kernel. The CPU never boots.
Since pKVM doesn't allow late onlining of CPUs, we can detect
that protected mode is enforced early on, and return the current
state of the capability.
Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
Reported-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
---
arch/arm64/kernel/cpufeature.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index c31f8e17732a3..947ff71b3b66b 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
!is_midr_in_range_list(has_vgic_v3))
return false;
+ if (system_capabilities_finalized() && is_protected_kvm_enabled())
+ return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
+
if (is_kernel_in_hyp_mode())
res.a1 = read_sysreg_s(SYS_ICH_VTR_EL2);
else
--
2.47.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
2026-03-10 8:54 [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug Marc Zyngier
@ 2026-03-10 9:17 ` Suzuki K Poulose
2026-03-10 9:27 ` Vincent Donnefort
2026-03-10 9:43 ` Marc Zyngier
2026-03-10 10:17 ` Marc Zyngier
1 sibling, 2 replies; 6+ messages in thread
From: Suzuki K Poulose @ 2026-03-10 9:17 UTC (permalink / raw)
To: Marc Zyngier, kvmarm, linux-arm-kernel
Cc: Joey Gouly, Oliver Upton, Zenghui Yu, Will Deacon,
Catalin Marinas, Quentin Perret, Fuad Tabba, Vincent Donnefort,
stable
On 10/03/2026 08:54, Marc Zyngier wrote:
> Hotplugging a CPU off and back on fails with pKVM, as we try to
> probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
> by using an EL2 stub helper. However, the stubs are out of reach
> once pKVM has deprivileged the kernel. The CPU never boots.
>
> Since pKVM doesn't allow late onlining of CPUs, we can detect
> that protected mode is enforced early on, and return the current
> state of the capability.
>
> Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
> Reported-by: Vincent Donnefort <vdonnefort@google.com>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> Cc: stable@vger.kernel.org
> ---
> arch/arm64/kernel/cpufeature.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index c31f8e17732a3..947ff71b3b66b 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
> !is_midr_in_range_list(has_vgic_v3))
> return false;
>
> + if (system_capabilities_finalized() && is_protected_kvm_enabled())
> + return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
Is it a worth adding a comment here ? Otherwise this looks very odd -
Returning the system state of a capability for a "hotplugged" CPU.
Otherwise
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> +
> if (is_kernel_in_hyp_mode())
> res.a1 = read_sysreg_s(SYS_ICH_VTR_EL2);
> else
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
2026-03-10 9:17 ` Suzuki K Poulose
@ 2026-03-10 9:27 ` Vincent Donnefort
2026-03-10 9:43 ` Marc Zyngier
1 sibling, 0 replies; 6+ messages in thread
From: Vincent Donnefort @ 2026-03-10 9:27 UTC (permalink / raw)
To: Suzuki K Poulose
Cc: Marc Zyngier, kvmarm, linux-arm-kernel, Joey Gouly, Oliver Upton,
Zenghui Yu, Will Deacon, Catalin Marinas, Quentin Perret,
Fuad Tabba, stable
On Tue, Mar 10, 2026 at 09:17:43AM +0000, Suzuki K Poulose wrote:
> On 10/03/2026 08:54, Marc Zyngier wrote:
> > Hotplugging a CPU off and back on fails with pKVM, as we try to
> > probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
> > by using an EL2 stub helper. However, the stubs are out of reach
> > once pKVM has deprivileged the kernel. The CPU never boots.
> >
> > Since pKVM doesn't allow late onlining of CPUs, we can detect
> > that protected mode is enforced early on, and return the current
> > state of the capability.
> >
> > Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
> > Reported-by: Vincent Donnefort <vdonnefort@google.com>
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > Cc: stable@vger.kernel.org
> > ---
> > arch/arm64/kernel/cpufeature.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index c31f8e17732a3..947ff71b3b66b 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
> > !is_midr_in_range_list(has_vgic_v3))
> > return false;
> > + if (system_capabilities_finalized() && is_protected_kvm_enabled())
> > + return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
>
> Is it a worth adding a comment here ? Otherwise this looks very odd -
> Returning the system state of a capability for a "hotplugged" CPU.
>
> Otherwise
>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Tested-by: Vincent Donnefort <vdonnefort@google.com>
>
>
> > +
> > if (is_kernel_in_hyp_mode())
> > res.a1 = read_sysreg_s(SYS_ICH_VTR_EL2);
> > else
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
2026-03-10 9:17 ` Suzuki K Poulose
2026-03-10 9:27 ` Vincent Donnefort
@ 2026-03-10 9:43 ` Marc Zyngier
2026-03-10 10:13 ` Suzuki K Poulose
1 sibling, 1 reply; 6+ messages in thread
From: Marc Zyngier @ 2026-03-10 9:43 UTC (permalink / raw)
To: Suzuki K Poulose
Cc: kvmarm, linux-arm-kernel, Joey Gouly, Oliver Upton, Zenghui Yu,
Will Deacon, Catalin Marinas, Quentin Perret, Fuad Tabba,
Vincent Donnefort, stable
On Tue, 10 Mar 2026 09:17:43 +0000,
Suzuki K Poulose <suzuki.poulose@arm.com> wrote:
>
> On 10/03/2026 08:54, Marc Zyngier wrote:
> > Hotplugging a CPU off and back on fails with pKVM, as we try to
> > probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
> > by using an EL2 stub helper. However, the stubs are out of reach
> > once pKVM has deprivileged the kernel. The CPU never boots.
> >
> > Since pKVM doesn't allow late onlining of CPUs, we can detect
> > that protected mode is enforced early on, and return the current
> > state of the capability.
> >
> > Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
> > Reported-by: Vincent Donnefort <vdonnefort@google.com>
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > Cc: stable@vger.kernel.org
> > ---
> > arch/arm64/kernel/cpufeature.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index c31f8e17732a3..947ff71b3b66b 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
> > !is_midr_in_range_list(has_vgic_v3))
> > return false;
> > + if (system_capabilities_finalized() &&
> > is_protected_kvm_enabled())
> > + return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
>
> Is it a worth adding a comment here ? Otherwise this looks very odd -
> Returning the system state of a capability for a "hotplugged" CPU.
How about this?
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 947ff71b3b66b..32c2dbcc0c641 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2345,6 +2345,12 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
!is_midr_in_range_list(has_vgic_v3))
return false;
+ /*
+ * pKVM prevents late onlining of CPUs. This means that whatever
+ * state the capability is in after deprivilege cannot be affected
+ * by a new CPU booting -- this is garanteed to be a CPU we have
+ * already seen, and the cap is therefore unchanged.
+ */
if (system_capabilities_finalized() && is_protected_kvm_enabled())
return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
>
> Otherwise
>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Thanks!
M.
--
Without deviation from the norm, progress is not possible.
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
2026-03-10 9:43 ` Marc Zyngier
@ 2026-03-10 10:13 ` Suzuki K Poulose
0 siblings, 0 replies; 6+ messages in thread
From: Suzuki K Poulose @ 2026-03-10 10:13 UTC (permalink / raw)
To: Marc Zyngier
Cc: kvmarm, linux-arm-kernel, Joey Gouly, Oliver Upton, Zenghui Yu,
Will Deacon, Catalin Marinas, Quentin Perret, Fuad Tabba,
Vincent Donnefort, stable
On 10/03/2026 09:43, Marc Zyngier wrote:
> On Tue, 10 Mar 2026 09:17:43 +0000,
> Suzuki K Poulose <suzuki.poulose@arm.com> wrote:
>>
>> On 10/03/2026 08:54, Marc Zyngier wrote:
>>> Hotplugging a CPU off and back on fails with pKVM, as we try to
>>> probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
>>> by using an EL2 stub helper. However, the stubs are out of reach
>>> once pKVM has deprivileged the kernel. The CPU never boots.
>>>
>>> Since pKVM doesn't allow late onlining of CPUs, we can detect
>>> that protected mode is enforced early on, and return the current
>>> state of the capability.
>>>
>>> Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
>>> Reported-by: Vincent Donnefort <vdonnefort@google.com>
>>> Signed-off-by: Marc Zyngier <maz@kernel.org>
>>> Cc: stable@vger.kernel.org
>>> ---
>>> arch/arm64/kernel/cpufeature.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>>> index c31f8e17732a3..947ff71b3b66b 100644
>>> --- a/arch/arm64/kernel/cpufeature.c
>>> +++ b/arch/arm64/kernel/cpufeature.c
>>> @@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
>>> !is_midr_in_range_list(has_vgic_v3))
>>> return false;
>>> + if (system_capabilities_finalized() &&
>>> is_protected_kvm_enabled())
>>> + return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
>>
>> Is it a worth adding a comment here ? Otherwise this looks very odd -
>> Returning the system state of a capability for a "hotplugged" CPU.
>
> How about this?
>
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 947ff71b3b66b..32c2dbcc0c641 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -2345,6 +2345,12 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
> !is_midr_in_range_list(has_vgic_v3))
> return false;
>
> + /*
> + * pKVM prevents late onlining of CPUs. This means that whatever
> + * state the capability is in after deprivilege cannot be affected
> + * by a new CPU booting -- this is garanteed to be a CPU we have
> + * already seen, and the cap is therefore unchanged.
> + */
Thanks, that looks good.
> if (system_capabilities_finalized() && is_protected_kvm_enabled())
> return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
>
>>
>> Otherwise
>>
>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Cheers
Suzuki
>
> Thanks!
>
> M.
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
2026-03-10 8:54 [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug Marc Zyngier
2026-03-10 9:17 ` Suzuki K Poulose
@ 2026-03-10 10:17 ` Marc Zyngier
1 sibling, 0 replies; 6+ messages in thread
From: Marc Zyngier @ 2026-03-10 10:17 UTC (permalink / raw)
To: kvmarm, linux-arm-kernel, Marc Zyngier
Cc: Joey Gouly, Suzuki K Poulose, Oliver Upton, Zenghui Yu,
Will Deacon, Catalin Marinas, Quentin Perret, Fuad Tabba,
Vincent Donnefort, stable
On Tue, 10 Mar 2026 08:54:33 +0000, Marc Zyngier wrote:
> Hotplugging a CPU off and back on fails with pKVM, as we try to
> probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
> by using an EL2 stub helper. However, the stubs are out of reach
> once pKVM has deprivileged the kernel. The CPU never boots.
>
> Since pKVM doesn't allow late onlining of CPUs, we can detect
> that protected mode is enforced early on, and return the current
> state of the capability.
>
> [...]
Applied to fixes, thanks!
[1/1] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug
commit: a79f7b4aeb8e7562cd6dbf9c223e2c2a04b1a85f
Cheers,
M.
--
Without deviation from the norm, progress is not possible.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-03-10 10:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-10 8:54 [PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug Marc Zyngier
2026-03-10 9:17 ` Suzuki K Poulose
2026-03-10 9:27 ` Vincent Donnefort
2026-03-10 9:43 ` Marc Zyngier
2026-03-10 10:13 ` Suzuki K Poulose
2026-03-10 10:17 ` Marc Zyngier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox