From nobody Tue Dec 2 02:59:06 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77153330314 for ; Mon, 17 Nov 2025 18:48:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763405319; cv=none; b=JSpbfLXo1uVj1YhxDGW8eqUtfOwMKcLA7bqHsBKG/BLh2JZE8SuGfWGtIGWH4i+F8O3pfKW0/pNhqB6lKOxzGNOurW9/gA+upZgCOXKidNSFLfROjADjwB/cDZYPy03BGsc1F0RVd+TfSIgMqf0vrL6YJxl6d4B5Fs6grVrEUq8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763405319; c=relaxed/simple; bh=9zeMjcd2L1k8BuaEQ9HDOIEDJgUOeJvw5uMmbl2pBbA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=A6wIoFHIAhvHVMV8cr2yOGWyzMi/iaKz/6Z65Gw2YcAQyOlVM4lsaMNBkbp7tgws5aVPqwYC2EtqPbWJyrqedVZBK7nHSJ0JyJWWHsDc4OP+5zoVHDumBzAMNZwqMjo3JBPwPbLgzUkkywXNBjfMCQEEZhBDeBX7IHAv3WUdZbc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=f07RFCDl; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="f07RFCDl" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-47775585257so37314035e9.1 for ; Mon, 17 Nov 2025 10:48:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1763405314; x=1764010114; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=55AGVVkYakMhSKq7jdoT4Ydc3YlHaQUlYhRGsZGie9E=; b=f07RFCDl5b3GtXGOMUhSdgRSzQYueXgjQ0c85pm2PAmsGpos+9kNNaivxz22OI9eGg WZwWEaLeh0bMQtNtahfwthJ1OdrCFSKjxuvUK+lYWdt1qZL96WCBrE4hajLUnQX4StB0 Cc4BW/MNWX6hlGTnnesCMqIyeZ/ce0bXf5g08O8in5qudmCrOkG4UVb8mgABWDgIWwCq S9SdDYnjdVq+36vm72dVTPBBa3tfjIzOJYUmtMnuQk4YEYTEJVag2SRj/2UqELI3JeTP pLuIPaa588fu6F4+d6UgXv/483kWmD2dejvEsE2bi8H4zKbyDCfIcE43muIu0OAGqq1A I+Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763405314; x=1764010114; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=55AGVVkYakMhSKq7jdoT4Ydc3YlHaQUlYhRGsZGie9E=; b=p0JQA6pig+ydYjRIOPm7o7rHQTSd8+AysAX89qYFPfdjQ+U1ysP46S2o+yFUQ++11C CPrPE3wXaR1YkwWfsUqDebZIOXYL6324+GYcmu9Xf2Gw0FDIudzTEH7fVx+VcACR5lav /hGiljwG42TsLHwJrhmeEvFHel0aCPfC+mp+9UD61+9mBuQx4vpDJaWqU6/rkTpmx01e UUYA2ahB9kW9q8fIxFfu3xzZYbLPQ/NaW2DsVzLuN+4CK0kGBJzYRpOz9zRqKsEhlx0/ UQdikp6eRDTGw64ZCEHSsAsCmTkU3t4nbxCBewoSudi+eHYKpiILQqdD4cEUpJHqzDLV l79Q== X-Forwarded-Encrypted: i=1; AJvYcCXhwFweiLcOr5+ilsr0VMTYjl/Var5pkc/BKGsylkT2zNdJm7XfXvVir6XpvyIZd1jKA2rSPUa0p75AQSo=@vger.kernel.org X-Gm-Message-State: AOJu0YxtYFNSWiWD1692Vs1EflJBx/J7GT2rLNvnjpNovXEdyH8BKObr o2BjRafdQKQgO9QU76alADjs8kh1SWud8BRwU1FMJeeNvW58siOVmK7OwNZ/O1U2HOe0EK6gjlG iQqh4AK80d0yyZA== X-Google-Smtp-Source: AGHT+IETdIxY/B60kJGZ2vxQfTV572Z6M9F03+Q3FJ5EaaTwe2O+lpK+vSDpNGyLrCO0Jqd9FsK+JMhkS2KL/g== X-Received: from wmkz11.prod.google.com ([2002:a7b:c7cb:0:b0:477:98b9:1e26]) (user=smostafa job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:630d:b0:471:1765:839c with SMTP id 5b1f17b1804b1-4778fea2bf7mr111910515e9.20.1763405314472; Mon, 17 Nov 2025 10:48:34 -0800 (PST) Date: Mon, 17 Nov 2025 18:47:55 +0000 In-Reply-To: <20251117184815.1027271-1-smostafa@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251117184815.1027271-1-smostafa@google.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog Message-ID: <20251117184815.1027271-9-smostafa@google.com> Subject: [PATCH v5 08/27] KVM: arm64: iommu: Introduce IOMMU driver infrastructure From: Mostafa Saleh To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev, iommu@lists.linux.dev Cc: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org, oliver.upton@linux.dev, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, joro@8bytes.org, jean-philippe@linaro.org, jgg@ziepe.ca, praan@google.com, danielmentz@google.com, mark.rutland@arm.com, qperret@google.com, tabba@google.com, Mostafa Saleh Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" To establish DMA isolation, KVM needs an IOMMU driver which provide ops implemented at EL2. Only one driver can be used and is registered with kvm_iommu_register_driver() by passing pointer to the ops. This must be called before module_init() which is the point KVM initializes. Signed-off-by: Mostafa Saleh Signed-off-by: Jean-Philippe Brucker --- arch/arm64/include/asm/kvm_host.h | 5 +++++ arch/arm64/kvm/Makefile | 2 +- arch/arm64/kvm/hyp/include/nvhe/iommu.h | 13 +++++++++++++ arch/arm64/kvm/hyp/nvhe/Makefile | 3 ++- arch/arm64/kvm/hyp/nvhe/iommu/iommu.c | 18 ++++++++++++++++++ arch/arm64/kvm/hyp/nvhe/setup.c | 5 +++++ arch/arm64/kvm/iommu.c | 15 +++++++++++++++ 7 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 arch/arm64/kvm/hyp/include/nvhe/iommu.h create mode 100644 arch/arm64/kvm/hyp/nvhe/iommu/iommu.c create mode 100644 arch/arm64/kvm/iommu.c diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm= _host.h index 64302c438355..fb2551ba8798 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1652,4 +1652,9 @@ static __always_inline enum fgt_group_id __fgt_reg_to= _group_id(enum vcpu_sysreg p; \ }) =20 +#ifndef __KVM_NVHE_HYPERVISOR__ +struct kvm_iommu_ops; +int kvm_iommu_register_driver(struct kvm_iommu_ops *hyp_ops); +#endif + #endif /* __ARM64_KVM_HOST_H__ */ diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile index 3ebc0570345c..66959c048492 100644 --- a/arch/arm64/kvm/Makefile +++ b/arch/arm64/kvm/Makefile @@ -24,7 +24,7 @@ kvm-y +=3D arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.= o \ vgic/vgic-mmio.o vgic/vgic-mmio-v2.o \ vgic/vgic-mmio-v3.o vgic/vgic-kvm-device.o \ vgic/vgic-its.o vgic/vgic-debug.o vgic/vgic-v3-nested.o \ - vgic/vgic-v5.o + vgic/vgic-v5.o iommu.o =20 kvm-$(CONFIG_HW_PERF_EVENTS) +=3D pmu-emul.o pmu.o kvm-$(CONFIG_ARM64_PTR_AUTH) +=3D pauth.o diff --git a/arch/arm64/kvm/hyp/include/nvhe/iommu.h b/arch/arm64/kvm/hyp/i= nclude/nvhe/iommu.h new file mode 100644 index 000000000000..1ac70cc28a9e --- /dev/null +++ b/arch/arm64/kvm/hyp/include/nvhe/iommu.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ARM64_KVM_NVHE_IOMMU_H__ +#define __ARM64_KVM_NVHE_IOMMU_H__ + +#include + +struct kvm_iommu_ops { + int (*init)(void); +}; + +int kvm_iommu_init(void); + +#endif /* __ARM64_KVM_NVHE_IOMMU_H__ */ diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Mak= efile index a244ec25f8c5..8210788d6f88 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -24,7 +24,8 @@ CFLAGS_switch.nvhe.o +=3D -Wno-override-init =20 hyp-obj-y :=3D timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o= host.o \ hyp-main.o hyp-smp.o psci-relay.o early_alloc.o page_alloc.o \ - cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o + cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o \ + iommu/iommu.o hyp-obj-y +=3D ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../en= try.o \ ../fpsimd.o ../hyp-entry.o ../exception.o ../pgtable.o hyp-obj-y +=3D ../../../kernel/smccc-call.o diff --git a/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c b/arch/arm64/kvm/hyp/nvh= e/iommu/iommu.c new file mode 100644 index 000000000000..a01c036c55be --- /dev/null +++ b/arch/arm64/kvm/hyp/nvhe/iommu/iommu.c @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * IOMMU operations for pKVM + * + * Copyright (C) 2022 Linaro Ltd. + */ +#include + +/* Only one set of ops supported */ +struct kvm_iommu_ops *kvm_iommu_ops; + +int kvm_iommu_init(void) +{ + if (!kvm_iommu_ops || !kvm_iommu_ops->init) + return -ENODEV; + + return kvm_iommu_ops->init(); +} diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setu= p.c index eff76be89329..de79803e7439 100644 --- a/arch/arm64/kvm/hyp/nvhe/setup.c +++ b/arch/arm64/kvm/hyp/nvhe/setup.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -328,6 +329,10 @@ void __noreturn __pkvm_init_finalise(void) if (ret) goto out; =20 + ret =3D kvm_iommu_init(); + if (ret) + goto out; + ret =3D hyp_ffa_init(ffa_proxy_pages); if (ret) goto out; diff --git a/arch/arm64/kvm/iommu.c b/arch/arm64/kvm/iommu.c new file mode 100644 index 000000000000..c9041dcb6c57 --- /dev/null +++ b/arch/arm64/kvm/iommu.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2025 Google LLC + * Author: Mostafa Saleh + */ + +#include + +extern struct kvm_iommu_ops *kvm_nvhe_sym(kvm_iommu_ops); + +int kvm_iommu_register_driver(struct kvm_iommu_ops *hyp_ops) +{ + kvm_nvhe_sym(kvm_iommu_ops) =3D hyp_ops; + return 0; +} --=20 2.52.0.rc1.455.g30608eb744-goog