From nobody Mon Oct 6 01:52:06 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 607EF27EC99 for ; Mon, 28 Jul 2025 17:53:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753725229; cv=none; b=uQ6+dhhD5/4w/xDgDfoooKqutVhNeP+qEw1EQT8eRR0RYpaXOIjHkekax7wqWCeEVYdc/iMUlEjutKoUE0KYBKP4IVEHuDQtPPymstuMkraUppsF8ymtxUqLEx25wt/kWnqiUaR6M/0Ozc+OJZSv6Y5VuYHIkSuqO85okMWIXm4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753725229; c=relaxed/simple; bh=HdyHRdiDzzTAH4Vi4L/Afcr/wZ6lexI+3aVpEvHBzPg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=sqEDPwOs4xV6Va0l2PTG4FxN44N0ygyw0PMA5PNxH9sEPbpor7ugCxGFhVqIbM7ysxhjUcQ86gtTKWxSonPVVxpH0o43F+/72F4z6wsHeDMCpLVU/LNDu6ov4fx9aiUFmsew+FTatfSssXd+CfLLx9icB6s/h618WtdDIhytFdE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Z06cAcGg; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Z06cAcGg" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-451ecc3be97so21747475e9.0 for ; Mon, 28 Jul 2025 10:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1753725225; x=1754330025; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=w5NjQFK3LMXVck/2I61WHnYSFTQfZupDj7jJwxA50Fo=; b=Z06cAcGgPsLnEjTNWLgnWZXhHlJPNwnC6w+1rNwvzsBsz8oodDGDmKzr7xSCfTqdyL Uz/iJHhx5qlpyzgF5b5n3IU+dsBYyzPoXwWvWIannVy0HaCZXSsm98UkCZNYRUIT744c m7tCnLDmFJIcg9HbHi6sbXgMZ/YCnVcQmeEUfkbbgG3ETaQhnKeZXpsYU7RnHApNaP5F Z97zMamTT6lj7cwp5GNrmYG4iXyZTOKZccGeKZHdtRp3bf6MitzPEwCtJmOgDIV5ptgw SiPWEinaWXwpaCVyNW1+oNoUYpJI/meLapmmE62lniPpU0oZoqCoEXrnRCe9ljq6wbBl DcPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753725225; x=1754330025; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=w5NjQFK3LMXVck/2I61WHnYSFTQfZupDj7jJwxA50Fo=; b=lVWJ6XAXV1YWG6YMg8j67KYh2y3FSQ+boNFdOPtgeJWfW8KbuY0fECK/XcKJJ/F0Fy 4sn7WW6ZENK2vVd++KwpghqP5YAih1Yz4u8Qi5EDoRXDob/VC95BS0Wd8geUChjUUBZf YYeXViu9zDyAk0i/5WBhBvR9+JpXBQmbtKuIYiNlVYvOQIJIHv47TiiEZ9ler6Ll3i/e i7qGXoQVFAjuPT5TdAdeUZgRVsBHLrnGe4mbZbhyX1ecKjwUj+jyaKbobdNdNubyzOmy 1T0ZmH3FyUDAJtV4e0R2LOkuWDTewQzsQrfkqxt8z0O0rvGEn689Sa5Tnb6SkEhsS62P 9iFw== X-Gm-Message-State: AOJu0Yy4gnko+mtUTvr6zCWNrI2roEJaFdUKBJH08m3Hk7qA1HkKEpHs 9T28ok+PINQrg6BYk5FcLTzlAMMW1r8Qrpk3NkxUMLE8mbx0e4va8Yq0rIFuMx2vo1JzK7/wiJo ddEng5qKToJy9+rUmV9b8elz43U5E1KBFQSalm99CtpCzRqD6YGV4LA+Y6ppqUE2XZRgZxixGKT GGp1bfhAL++V5VAlVekqrFoqGkUra8nj+MMsVNLZD/s/uUG0gKR24O5Yg= X-Google-Smtp-Source: AGHT+IHSNClQJxjKWyMtSeRnDi1Da1nWZxQp6Vl0HzgxR6hexmbhiCv9Lfo4JnhcLL7nQ3Uw/6o6Ifnro2r7Kg== X-Received: from wmsr20.prod.google.com ([2002:a05:600c:8b14:b0:454:d702:f3c2]) (user=smostafa job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4e0a:b0:456:fc1:c26d with SMTP id 5b1f17b1804b1-4587dae0f88mr78273155e9.2.1753725225522; Mon, 28 Jul 2025 10:53:45 -0700 (PDT) Date: Mon, 28 Jul 2025 17:53:02 +0000 In-Reply-To: <20250728175316.3706196-1-smostafa@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250728175316.3706196-1-smostafa@google.com> X-Mailer: git-send-email 2.50.1.552.g942d659e1b-goog Message-ID: <20250728175316.3706196-16-smostafa@google.com> Subject: [PATCH v3 15/29] KVM: arm64: iommu: Shadow host stage-2 page table From: Mostafa Saleh To: linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, iommu@lists.linux.dev Cc: maz@kernel.org, oliver.upton@linux.dev, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, will@kernel.org, robin.murphy@arm.com, jean-philippe@linaro.org, qperret@google.com, tabba@google.com, jgg@ziepe.ca, mark.rutland@arm.com, praan@google.com, Mostafa Saleh Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Create a shadow page table for the IOMMU that shadows the host CPU stage-2 into the IOMMUs to establish DMA isolation. An initial snapshot is created after the driver init, then on every permission change a callback would be called for the IOMMU driver to update the page table. For some cases, an SMMUv3 may be able to share the same page table used with the host CPU stage-2 directly. However, this is too strict and requires changes to the core hypervisor page table code, plus it would require the hypervisor to handle IOMMU page faults. This can be added later as an optimization for SMMUV3. Signed-off-by: Mostafa Saleh --- arch/arm64/kvm/hyp/include/nvhe/iommu.h | 4 ++ arch/arm64/kvm/hyp/nvhe/iommu/iommu.c | 83 ++++++++++++++++++++++++- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 5 ++ 3 files changed, 90 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/include/nvhe/iommu.h b/arch/arm64/kvm/hyp/i= nclude/nvhe/iommu.h index 1ac70cc28a9e..219363045b1c 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/iommu.h +++ b/arch/arm64/kvm/hyp/include/nvhe/iommu.h @@ -3,11 +3,15 @@ #define __ARM64_KVM_NVHE_IOMMU_H__ =20 #include +#include =20 struct kvm_iommu_ops { int (*init)(void); + void (*host_stage2_idmap)(phys_addr_t start, phys_addr_t end, int prot); }; =20 int kvm_iommu_init(void); =20 +void kvm_iommu_host_stage2_idmap(phys_addr_t start, phys_addr_t end, + enum kvm_pgtable_prot prot); #endif /* __ARM64_KVM_NVHE_IOMMU_H__ */ diff --git a/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c b/arch/arm64/kvm/hyp/nvh= e/iommu/iommu.c index a01c036c55be..f7d1c8feb358 100644 --- a/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c +++ b/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c @@ -4,15 +4,94 @@ * * Copyright (C) 2022 Linaro Ltd. */ +#include + #include +#include +#include =20 /* Only one set of ops supported */ struct kvm_iommu_ops *kvm_iommu_ops; =20 +/* Protected by host_mmu.lock */ +static bool kvm_idmap_initialized; + +static inline int pkvm_to_iommu_prot(enum kvm_pgtable_prot prot) +{ + int iommu_prot =3D 0; + + if (prot & KVM_PGTABLE_PROT_R) + iommu_prot |=3D IOMMU_READ; + if (prot & KVM_PGTABLE_PROT_W) + iommu_prot |=3D IOMMU_WRITE; + if (prot =3D=3D PKVM_HOST_MMIO_PROT) + iommu_prot |=3D IOMMU_MMIO; + + /* We don't understand that, might be dangerous. */ + WARN_ON(prot & ~PKVM_HOST_MEM_PROT); + return iommu_prot; +} + +static int __snapshot_host_stage2(const struct kvm_pgtable_visit_ctx *ctx, + enum kvm_pgtable_walk_flags visit) +{ + u64 start =3D ctx->addr; + kvm_pte_t pte =3D *ctx->ptep; + u32 level =3D ctx->level; + u64 end =3D start + kvm_granule_size(level); + int prot =3D IOMMU_READ | IOMMU_WRITE; + + /* Keep unmapped. */ + if (pte && !kvm_pte_valid(pte)) + return 0; + + if (kvm_pte_valid(pte)) + prot =3D pkvm_to_iommu_prot(kvm_pgtable_stage2_pte_prot(pte)); + else if (!addr_is_memory(start)) + prot |=3D IOMMU_MMIO; + + kvm_iommu_ops->host_stage2_idmap(start, end, prot); + return 0; +} + +static int kvm_iommu_snapshot_host_stage2(void) +{ + int ret; + struct kvm_pgtable_walker walker =3D { + .cb =3D __snapshot_host_stage2, + .flags =3D KVM_PGTABLE_WALK_LEAF, + }; + struct kvm_pgtable *pgt =3D &host_mmu.pgt; + + hyp_spin_lock(&host_mmu.lock); + ret =3D kvm_pgtable_walk(pgt, 0, BIT(pgt->ia_bits), &walker); + /* Start receiving calls to host_stage2_idmap. */ + kvm_idmap_initialized =3D !!ret; + hyp_spin_unlock(&host_mmu.lock); + + return ret; +} + int kvm_iommu_init(void) { - if (!kvm_iommu_ops || !kvm_iommu_ops->init) + int ret; + + if (!kvm_iommu_ops || !kvm_iommu_ops->init || + !kvm_iommu_ops->host_stage2_idmap) return -ENODEV; =20 - return kvm_iommu_ops->init(); + ret =3D kvm_iommu_ops->init(); + if (ret) + return ret; + return kvm_iommu_snapshot_host_stage2(); +} + +void kvm_iommu_host_stage2_idmap(phys_addr_t start, phys_addr_t end, + enum kvm_pgtable_prot prot) +{ + hyp_assert_lock_held(&host_mmu.lock); + + if (!kvm_idmap_initialized) + return; + kvm_iommu_ops->host_stage2_idmap(start, end, pkvm_to_iommu_prot(prot)); } diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvh= e/mem_protect.c index c9a15ef6b18d..bce6690f29c0 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -15,6 +15,7 @@ #include =20 #include +#include #include #include #include @@ -529,6 +530,7 @@ static void __host_update_page_state(phys_addr_t addr, = u64 size, enum pkvm_page_ int host_stage2_set_owner_locked(phys_addr_t addr, u64 size, u8 owner_id) { int ret; + enum kvm_pgtable_prot prot; =20 if (!range_is_memory(addr, addr + size)) return -EPERM; @@ -538,6 +540,9 @@ int host_stage2_set_owner_locked(phys_addr_t addr, u64 = size, u8 owner_id) if (ret) return ret; =20 + prot =3D owner_id =3D=3D PKVM_ID_HOST ? PKVM_HOST_MEM_PROT : 0; + kvm_iommu_host_stage2_idmap(addr, addr + size, prot); + /* Don't forget to update the vmemmap tracking for the host */ if (owner_id =3D=3D PKVM_ID_HOST) __host_update_page_state(addr, size, PKVM_PAGE_OWNED); --=20 2.50.1.552.g942d659e1b-goog