From nobody Fri Dec 19 04:53:43 2025
Received: from mail-ed1-f73.google.com (mail-ed1-f73.google.com
 [209.85.208.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 332AC1FF1C8
	for <linux-kernel@vger.kernel.org>; Wed, 18 Dec 2024 19:41:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.208.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1734550900; cv=none;
 b=c/bw0ebppR6UJtItMGqwUkpX1/kSfjm6JUZn5lAay9hMPkFGeCJZvn0V4uK4nrRfh9yeIZj2JgNzznWUiX9xl3VoXtyz/7gmW5VV4hUOpOpN0vrbFxyXttPtVB/RmX2vDfiyxxt6UO4vigqtfZcgGLKMNaEu68zMf3hQJXk3hmI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1734550900; c=relaxed/simple;
	bh=2tobAH5K5EZR3mMhXSKXYYFzfChriI1rgilcYZ+TGx0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=nd/2EkBPcyCec7vXHczBIhltk5zOzU1cY4DFcH3yKUhjObzjbbdQVNeVhG/POohyrLdFZxJ/aHunqEKB3Sck9fnuws03oz0uf/tvtEP+zBhp9OD7llTFRAxGI4KKzcostbQLpt8U+TdKGspw+THEBffzYX1QO0vzM2q8mOj/qSQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--qperret.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=GVeMVOYA; arc=none smtp.client-ip=209.85.208.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--qperret.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="GVeMVOYA"
Received: by mail-ed1-f73.google.com with SMTP id
 4fb4d7f45d1cf-5d124077928so6350a12.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 18 Dec 2024 11:41:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1734550897; x=1735155697;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=hkfvAMeAqasaarDCC25uz9tXymaAjZWepO/HImSI4Yg=;
        b=GVeMVOYAXL2/NIiRbRUkEyfJ1ymJNsHZfzCUa8j9Zcet1E95QlrrY31V8CLTypDuHr
         g2rAHiuVqxhtWHHA8STZvoX6KTOfelQPc+Me3/EXm0Q4k/pcCTXLVdgfmsz6MxqWyfcQ
         KYc3PPtocBxswYwXXELi5kdnf+/nXxKdTFOSDzRyCPc+hzYVJPR85pN+CLwoHjDw5xfM
         0yUUJ857NDYxw16j6CBXPiZe9WVAOAjBx/Ol5vvwErGU9zHE/EV9OwCukfLgRW87B6ql
         RV60x+uhyJMqoC5ZBGquSjmSvGdf/7gR8dFAdYTX3spO2thno0fFgz9okHikoKiKTeZq
         ekJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734550897; x=1735155697;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=hkfvAMeAqasaarDCC25uz9tXymaAjZWepO/HImSI4Yg=;
        b=XijMWX8iZkFHd4wGT0nKVu1j5jNmVKMURySpj7BJnKEK37dUdPpcC9oJmANZ04pQ2O
         SBKY8ppJmvzyhwMj1dCZXR9rXl+BfstgXLUoZCgyl+Fwc9eJ23EIBjJiruTC/Neau9Cc
         O/NUPi7bUPyETyZxmIIxre0ahKo4Sv5iouiDrDwjX8xScVW7iyYaZPLPU8gAdVcD6sx0
         tnSgpc9ZjvtcJ1y0/oVAcPv+2rJMCcfk48e+pXu7n95rlTaGq4dlXpQJnqPL/Oo7RPsp
         BdjH1+NQI+oKS7vCObCch6omPaT4l/9Fp2WpP4XsyL8DPOZontEjw7LTFvc93nVoJwI7
         Ec4Q==
X-Forwarded-Encrypted: i=1;
 AJvYcCV1a6TahprQj03xgHlITYQisSnZ5KkkzXA4jwwl+jPFqke76SlyKg/IWXLT1p3LJHS9/9I0CSg+c1avFdQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YzO0bgfhDn95JfVvMkVvnfJHXuDXKIVIqtX7rvwghL/6QGyEWHX
	EXTMm8dvZu73zzDEi+nYtxtwxP5vh6Hd4Y7FBJuv+xvCnVu79yCOkje8gNGn5oUWJaR4CN7RiJc
	XdwCH8w==
X-Google-Smtp-Source: 
 AGHT+IGSBECViplx1U+nRtyXTDKvrUbyI+0W4ITB//TrX14agtn1suD5UatvN7l8zoDc+3G2GrjvLEAvKgAZ
X-Received: from edb22.prod.google.com ([2002:a05:6402:2396:b0:5d7:f279:523e])
 (user=qperret job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6402:2550:b0:5d2:7270:611f
 with SMTP id 4fb4d7f45d1cf-5d7ee3ff1famr4439977a12.22.1734550897647; Wed, 18
 Dec 2024 11:41:37 -0800 (PST)
Date: Wed, 18 Dec 2024 19:40:57 +0000
In-Reply-To: <20241218194059.3670226-1-qperret@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241218194059.3670226-1-qperret@google.com>
X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog
Message-ID: <20241218194059.3670226-17-qperret@google.com>
Subject: [PATCH v4 16/18] KVM: arm64: Introduce __pkvm_tlb_flush_vmid()
From: Quentin Perret <qperret@google.com>
To: Marc Zyngier <maz@kernel.org>, Oliver Upton <oliver.upton@linux.dev>,
	Joey Gouly <joey.gouly@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>,
	Zenghui Yu <yuzenghui@huawei.com>, Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>
Cc: Fuad Tabba <tabba@google.com>, Vincent Donnefort <vdonnefort@google.com>,
	Sebastian Ene <sebastianene@google.com>,
 linux-arm-kernel@lists.infradead.org,
	kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Introduce a new hypercall to flush the TLBs of non-protected guests. The
host kernel will be responsible for issuing this hypercall after changing
stage-2 permissions using the __pkvm_host_relax_guest_perms() or
__pkvm_host_wrprotect_guest() paths. This is left under the host's
responsibility for performance reasons.

Note however that the TLB maintenance for all *unmap* operations still
remains entirely under the hypervisor's responsibility for security
reasons -- an unmapped page may be donated to another entity, so a stale
TLB entry could be used to leak private data.

Tested-by: Fuad Tabba <tabba@google.com>
Reviewed-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Quentin Perret <qperret@google.com>
---
 arch/arm64/include/asm/kvm_asm.h   |  1 +
 arch/arm64/kvm/hyp/nvhe/hyp-main.c | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/arch/arm64/include/asm/kvm_asm.h b/arch/arm64/include/asm/kvm_=
asm.h
index a3b07db2776c..002088c6e297 100644
--- a/arch/arm64/include/asm/kvm_asm.h
+++ b/arch/arm64/include/asm/kvm_asm.h
@@ -87,6 +87,7 @@ enum __kvm_host_smccc_func {
 	__KVM_HOST_SMCCC_FUNC___pkvm_teardown_vm,
 	__KVM_HOST_SMCCC_FUNC___pkvm_vcpu_load,
 	__KVM_HOST_SMCCC_FUNC___pkvm_vcpu_put,
+	__KVM_HOST_SMCCC_FUNC___pkvm_tlb_flush_vmid,
 };
=20
 #define DECLARE_KVM_VHE_SYM(sym)	extern char sym[]
diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/h=
yp-main.c
index 32c4627b5b5b..130f5f23bcb5 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
@@ -389,6 +389,22 @@ static void handle___kvm_tlb_flush_vmid(struct kvm_cpu=
_context *host_ctxt)
 	__kvm_tlb_flush_vmid(kern_hyp_va(mmu));
 }
=20
+static void handle___pkvm_tlb_flush_vmid(struct kvm_cpu_context *host_ctxt)
+{
+	DECLARE_REG(pkvm_handle_t, handle, host_ctxt, 1);
+	struct pkvm_hyp_vm *hyp_vm;
+
+	if (!is_protected_kvm_enabled())
+		return;
+
+	hyp_vm =3D get_np_pkvm_hyp_vm(handle);
+	if (!hyp_vm)
+		return;
+
+	__kvm_tlb_flush_vmid(&hyp_vm->kvm.arch.mmu);
+	put_pkvm_hyp_vm(hyp_vm);
+}
+
 static void handle___kvm_flush_cpu_context(struct kvm_cpu_context *host_ct=
xt)
 {
 	DECLARE_REG(struct kvm_s2_mmu *, mmu, host_ctxt, 1);
@@ -573,6 +589,7 @@ static const hcall_t host_hcall[] =3D {
 	HANDLE_FUNC(__pkvm_teardown_vm),
 	HANDLE_FUNC(__pkvm_vcpu_load),
 	HANDLE_FUNC(__pkvm_vcpu_put),
+	HANDLE_FUNC(__pkvm_tlb_flush_vmid),
 };
=20
 static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
--=20
2.47.1.613.gc27f4b7a9f-goog