From: eillon <yezhenyu2@huawei.com>

Add DBM support to automatically promote write-clean pages to
write-dirty, preventing users from being trapped in EL2 due to
missing write permissions.

Since the DBM attribute was introduced in ARMv8.1 and remains
optional in later architecture revisions, including ARMv9.5.

Support set the DBM attr during user_mem_abort().

Signed-off-by: eillon <yezhenyu2@huawei.com>
Signed-off-by: Tian Zheng <zhengtian10@huawei.com>
---
 arch/arm64/include/asm/kvm_pgtable.h | 4 ++++
 arch/arm64/kvm/hyp/pgtable.c         | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/arch/arm64/include/asm/kvm_pgtable.h b/arch/arm64/include/asm/kvm_pgtable.h
index 2888b5d03757..2fa24953d1a6 100644
--- a/arch/arm64/include/asm/kvm_pgtable.h
+++ b/arch/arm64/include/asm/kvm_pgtable.h
@@ -91,6 +91,8 @@ typedef u64 kvm_pte_t;

 #define KVM_PTE_LEAF_ATTR_HI_S2_XN	BIT(54)

+#define KVM_PTE_LEAF_ATTR_HI_S2_DBM	BIT(51)
+
 #define KVM_PTE_LEAF_ATTR_HI_S1_GP	BIT(50)

 #define KVM_PTE_LEAF_ATTR_S2_PERMS	(KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R | \
@@ -245,6 +247,7 @@ enum kvm_pgtable_stage2_flags {
  * @KVM_PGTABLE_PROT_R:		Read permission.
  * @KVM_PGTABLE_PROT_DEVICE:	Device attributes.
  * @KVM_PGTABLE_PROT_NORMAL_NC:	Normal noncacheable attributes.
+ * @KVM_PGTABLE_PROT_DBM:	Dirty bit management attribute.
  * @KVM_PGTABLE_PROT_SW0:	Software bit 0.
  * @KVM_PGTABLE_PROT_SW1:	Software bit 1.
  * @KVM_PGTABLE_PROT_SW2:	Software bit 2.
@@ -257,6 +260,7 @@ enum kvm_pgtable_prot {

 	KVM_PGTABLE_PROT_DEVICE			= BIT(3),
 	KVM_PGTABLE_PROT_NORMAL_NC		= BIT(4),
+	KVM_PGTABLE_PROT_DBM			= BIT(5),

 	KVM_PGTABLE_PROT_SW0			= BIT(55),
 	KVM_PGTABLE_PROT_SW1			= BIT(56),
diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
index c351b4abd5db..ce41c6924ebe 100644
--- a/arch/arm64/kvm/hyp/pgtable.c
+++ b/arch/arm64/kvm/hyp/pgtable.c
@@ -694,6 +694,9 @@ static int stage2_set_prot_attr(struct kvm_pgtable *pgt, enum kvm_pgtable_prot p
 	if (prot & KVM_PGTABLE_PROT_W)
 		attr |= KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;

+	if (prot & KVM_PGTABLE_PROT_DBM)
+		attr |= KVM_PTE_LEAF_ATTR_HI_S2_DBM;
+
 	if (!kvm_lpa2_is_enabled())
 		attr |= FIELD_PREP(KVM_PTE_LEAF_ATTR_LO_S2_SH, sh);

@@ -1303,6 +1306,9 @@ int kvm_pgtable_stage2_relax_perms(struct kvm_pgtable *pgt, u64 addr,
 	if (prot & KVM_PGTABLE_PROT_W)
 		set |= KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;

+	if (prot & KVM_PGTABLE_PROT_DBM)
+		set |= KVM_PTE_LEAF_ATTR_HI_S2_DBM;
+
 	if (prot & KVM_PGTABLE_PROT_X)
 		clr |= KVM_PTE_LEAF_ATTR_HI_S2_XN;

--
2.33.0

On Fri, Nov 21, 2025 at 05:23:39PM +0800, Tian Zheng wrote:
> From: eillon <yezhenyu2@huawei.com>
> 
> Add DBM support to automatically promote write-clean pages to
> write-dirty, preventing users from being trapped in EL2 due to
> missing write permissions.
> 
> Since the DBM attribute was introduced in ARMv8.1 and remains
> optional in later architecture revisions, including ARMv9.5.
> 
> Support set the DBM attr during user_mem_abort().
> 
> Signed-off-by: eillon <yezhenyu2@huawei.com>
> Signed-off-by: Tian Zheng <zhengtian10@huawei.com>
> ---
>  arch/arm64/include/asm/kvm_pgtable.h | 4 ++++
>  arch/arm64/kvm/hyp/pgtable.c         | 6 ++++++
>  2 files changed, 10 insertions(+)
> 
> diff --git a/arch/arm64/include/asm/kvm_pgtable.h b/arch/arm64/include/asm/kvm_pgtable.h
> index 2888b5d03757..2fa24953d1a6 100644
> --- a/arch/arm64/include/asm/kvm_pgtable.h
> +++ b/arch/arm64/include/asm/kvm_pgtable.h
> @@ -91,6 +91,8 @@ typedef u64 kvm_pte_t;
> 
>  #define KVM_PTE_LEAF_ATTR_HI_S2_XN	BIT(54)
> 
> +#define KVM_PTE_LEAF_ATTR_HI_S2_DBM	BIT(51)
> +
>  #define KVM_PTE_LEAF_ATTR_HI_S1_GP	BIT(50)
> 
>  #define KVM_PTE_LEAF_ATTR_S2_PERMS	(KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R | \
> @@ -245,6 +247,7 @@ enum kvm_pgtable_stage2_flags {
>   * @KVM_PGTABLE_PROT_R:		Read permission.
>   * @KVM_PGTABLE_PROT_DEVICE:	Device attributes.
>   * @KVM_PGTABLE_PROT_NORMAL_NC:	Normal noncacheable attributes.
> + * @KVM_PGTABLE_PROT_DBM:	Dirty bit management attribute.
>   * @KVM_PGTABLE_PROT_SW0:	Software bit 0.
>   * @KVM_PGTABLE_PROT_SW1:	Software bit 1.
>   * @KVM_PGTABLE_PROT_SW2:	Software bit 2.
> @@ -257,6 +260,7 @@ enum kvm_pgtable_prot {
> 
>  	KVM_PGTABLE_PROT_DEVICE			= BIT(3),
>  	KVM_PGTABLE_PROT_NORMAL_NC		= BIT(4),
> +	KVM_PGTABLE_PROT_DBM			= BIT(5),
> 
>  	KVM_PGTABLE_PROT_SW0			= BIT(55),
>  	KVM_PGTABLE_PROT_SW1			= BIT(56),
> diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
> index c351b4abd5db..ce41c6924ebe 100644
> --- a/arch/arm64/kvm/hyp/pgtable.c
> +++ b/arch/arm64/kvm/hyp/pgtable.c
> @@ -694,6 +694,9 @@ static int stage2_set_prot_attr(struct kvm_pgtable *pgt, enum kvm_pgtable_prot p
>  	if (prot & KVM_PGTABLE_PROT_W)
>  		attr |= KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;
> 
> +	if (prot & KVM_PGTABLE_PROT_DBM)
> +		attr |= KVM_PTE_LEAF_ATTR_HI_S2_DBM;
> +
>  	if (!kvm_lpa2_is_enabled())
>  		attr |= FIELD_PREP(KVM_PTE_LEAF_ATTR_LO_S2_SH, sh);
> 
> @@ -1303,6 +1306,9 @@ int kvm_pgtable_stage2_relax_perms(struct kvm_pgtable *pgt, u64 addr,
>  	if (prot & KVM_PGTABLE_PROT_W)
>  		set |= KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;
> 
> +	if (prot & KVM_PGTABLE_PROT_DBM)
> +		set |= KVM_PTE_LEAF_ATTR_HI_S2_DBM;
> +
>  	if (prot & KVM_PGTABLE_PROT_X)
>  		clr |= KVM_PTE_LEAF_ATTR_HI_S2_XN;
> 


Hi Tian,

I was re-reading this series while planning the other feature I am working 
on top of this one.

This patch, IMHO, is unrelated to the HDBSS feature.
I get that HDBSS feature needs this bit being set in the page descriptor
but it was not introduced in this feature.

It was actually introduced in HAFDBS.

So maybe it's worth to split this series in:
- Enable HAFDBS for KVM, and
- Enable HDBSS

I have something here that could serve as a base for that, will clean that 
up and send as an example.

Thanks!
Leo

On Thu, 29 Jan 2026 17:02:41 +0000,
Leonardo Bras <leo.bras@arm.com> wrote:
> 
> On Fri, Nov 21, 2025 at 05:23:39PM +0800, Tian Zheng wrote:
> > From: eillon <yezhenyu2@huawei.com>
> > 
> > Add DBM support to automatically promote write-clean pages to
> > write-dirty, preventing users from being trapped in EL2 due to
> > missing write permissions.
> > 
> > Since the DBM attribute was introduced in ARMv8.1 and remains
> > optional in later architecture revisions, including ARMv9.5.
> > 
> > Support set the DBM attr during user_mem_abort().
> > 
> > Signed-off-by: eillon <yezhenyu2@huawei.com>
> > Signed-off-by: Tian Zheng <zhengtian10@huawei.com>
> > ---
> >  arch/arm64/include/asm/kvm_pgtable.h | 4 ++++
> >  arch/arm64/kvm/hyp/pgtable.c         | 6 ++++++
> >  2 files changed, 10 insertions(+)
> > 
> > diff --git a/arch/arm64/include/asm/kvm_pgtable.h b/arch/arm64/include/asm/kvm_pgtable.h
> > index 2888b5d03757..2fa24953d1a6 100644
> > --- a/arch/arm64/include/asm/kvm_pgtable.h
> > +++ b/arch/arm64/include/asm/kvm_pgtable.h
> > @@ -91,6 +91,8 @@ typedef u64 kvm_pte_t;
> > 
> >  #define KVM_PTE_LEAF_ATTR_HI_S2_XN	BIT(54)
> > 
> > +#define KVM_PTE_LEAF_ATTR_HI_S2_DBM	BIT(51)
> > +
> >  #define KVM_PTE_LEAF_ATTR_HI_S1_GP	BIT(50)
> > 
> >  #define KVM_PTE_LEAF_ATTR_S2_PERMS	(KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R | \
> > @@ -245,6 +247,7 @@ enum kvm_pgtable_stage2_flags {
> >   * @KVM_PGTABLE_PROT_R:		Read permission.
> >   * @KVM_PGTABLE_PROT_DEVICE:	Device attributes.
> >   * @KVM_PGTABLE_PROT_NORMAL_NC:	Normal noncacheable attributes.
> > + * @KVM_PGTABLE_PROT_DBM:	Dirty bit management attribute.
> >   * @KVM_PGTABLE_PROT_SW0:	Software bit 0.
> >   * @KVM_PGTABLE_PROT_SW1:	Software bit 1.
> >   * @KVM_PGTABLE_PROT_SW2:	Software bit 2.
> > @@ -257,6 +260,7 @@ enum kvm_pgtable_prot {
> > 
> >  	KVM_PGTABLE_PROT_DEVICE			= BIT(3),
> >  	KVM_PGTABLE_PROT_NORMAL_NC		= BIT(4),
> > +	KVM_PGTABLE_PROT_DBM			= BIT(5),
> > 
> >  	KVM_PGTABLE_PROT_SW0			= BIT(55),
> >  	KVM_PGTABLE_PROT_SW1			= BIT(56),
> > diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
> > index c351b4abd5db..ce41c6924ebe 100644
> > --- a/arch/arm64/kvm/hyp/pgtable.c
> > +++ b/arch/arm64/kvm/hyp/pgtable.c
> > @@ -694,6 +694,9 @@ static int stage2_set_prot_attr(struct kvm_pgtable *pgt, enum kvm_pgtable_prot p
> >  	if (prot & KVM_PGTABLE_PROT_W)
> >  		attr |= KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;
> > 
> > +	if (prot & KVM_PGTABLE_PROT_DBM)
> > +		attr |= KVM_PTE_LEAF_ATTR_HI_S2_DBM;
> > +
> >  	if (!kvm_lpa2_is_enabled())
> >  		attr |= FIELD_PREP(KVM_PTE_LEAF_ATTR_LO_S2_SH, sh);
> > 
> > @@ -1303,6 +1306,9 @@ int kvm_pgtable_stage2_relax_perms(struct kvm_pgtable *pgt, u64 addr,
> >  	if (prot & KVM_PGTABLE_PROT_W)
> >  		set |= KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;
> > 
> > +	if (prot & KVM_PGTABLE_PROT_DBM)
> > +		set |= KVM_PTE_LEAF_ATTR_HI_S2_DBM;
> > +
> >  	if (prot & KVM_PGTABLE_PROT_X)
> >  		clr |= KVM_PTE_LEAF_ATTR_HI_S2_XN;
> > 
> 
> 
> Hi Tian,
> 
> I was re-reading this series while planning the other feature I am working 
> on top of this one.
> 
> This patch, IMHO, is unrelated to the HDBSS feature.
> I get that HDBSS feature needs this bit being set in the page descriptor
> but it was not introduced in this feature.
> 
> It was actually introduced in HAFDBS.
> 
> So maybe it's worth to split this series in:
> - Enable HAFDBS for KVM, and

TBH, just enabling the dirty bit at S2 is pretty pointless for KVM. It
would require scanning the S2 PTs looking for a dirty bit, and
transfer that to whatever userspace is using, be it dirty bitmap or
ring.

It has been tried before, and it was absolutely disgusting. So let's
not enable this standalone, this is a dead end. It only makes sense
with HDBSS (that's why we have this extension the first place).

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.

On Fri, 21 Nov 2025 09:23:39 +0000,
Tian Zheng <zhengtian10@huawei.com> wrote:
> 
> From: eillon <yezhenyu2@huawei.com>
> 
> Add DBM support to automatically promote write-clean pages to
> write-dirty, preventing users from being trapped in EL2 due to
> missing write permissions.
> 
> Since the DBM attribute was introduced in ARMv8.1 and remains
> optional in later architecture revisions, including ARMv9.5.

What is the relevance of this statement?

> 
> Support set the DBM attr during user_mem_abort().

I don't think this commit message accurately describes what the code
does. This merely adds support to the page table code to set the DBM
bit in the S2 PTE, and nothing else.

	M.

-- 
Without deviation from the norm, progress is not possible.

On 2025/11/22 20:54, Marc Zyngier wrote:
> On Fri, 21 Nov 2025 09:23:39 +0000,
> Tian Zheng <zhengtian10@huawei.com> wrote:
>>
>> From: eillon <yezhenyu2@huawei.com>
>>
>> Add DBM support to automatically promote write-clean pages to
>> write-dirty, preventing users from being trapped in EL2 due to
>> missing write permissions.
>>
>> Since the DBM attribute was introduced in ARMv8.1 and remains
>> optional in later architecture revisions, including ARMv9.5.
> 
> What is the relevance of this statement?
> 
I will remove this statement in v3.
>>
>> Support set the DBM attr during user_mem_abort().
> 
> I don't think this commit message accurately describes what the code
> does. This merely adds support to the page table code to set the DBM
> bit in the S2 PTE, and nothing else.
> 
Yes, this patch only adds support to set the DBM attr in the S2 PTE
during user_mem_abort(), and does not implement automatic promote
write-clean pages to write-dirty.

I will reward commit message of this patch like:

This patch adds support to set the DBM attr in S2 PTE during
user_mem_abort(). As long as add the DBM bit, it enable hardware
automatically promote write-clean pages to write-dirty, preventing
users from being trapped in EL2 due to missing write permissions.

> 	M.
>