[v3] arm_mpam: Add KVM/arm64 and resctrl glue code

[PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Ben Horgan 4 weeks ago

On nVHE systems whether or not MPAM is enabled, EL2 continues to use
partid-0 for hypercalls, even when the host may have configured its kernel
threads to use a different partid. 0 may have been assigned to another
task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
same partid as the kernel thread does on the host.

Signed-off-by: Ben Horgan <ben.horgan@arm.com>
---
Changes since v2:
Use mask
Use read_sysreg_el1 to cope with hvhe
---
 arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
index a7c689152f68..ad99d8a73a9e 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
@@ -635,6 +635,14 @@ static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
 	unsigned long hcall_min = 0;
 	hcall_t hfn;
 
+	if (system_supports_mpam()) {
+		u64 mask = MPAM1_EL1_PARTID_D | MPAM1_EL1_PARTID_I |
+			MPAM1_EL1_PMG_D | MPAM1_EL1_PMG_I;
+
+		write_sysreg_s(read_sysreg_el1(SYS_MPAM1) & mask, SYS_MPAM2_EL2);
+		isb();
+	}
+
 	/*
 	 * If pKVM has been initialised then reject any calls to the
 	 * early "privileged" hypercalls. Note that we cannot reject
-- 
2.43.0

Re: [PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Marc Zyngier 3 weeks, 5 days ago

On Mon, 12 Jan 2026 16:58:40 +0000,
Ben Horgan <ben.horgan@arm.com> wrote:
> 
> On nVHE systems whether or not MPAM is enabled, EL2 continues to use
> partid-0 for hypercalls, even when the host may have configured its kernel
> threads to use a different partid. 0 may have been assigned to another
> task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
> same partid as the kernel thread does on the host.
> 
> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
> ---
> Changes since v2:
> Use mask
> Use read_sysreg_el1 to cope with hvhe
> ---
>  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> index a7c689152f68..ad99d8a73a9e 100644
> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> @@ -635,6 +635,14 @@ static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
>  	unsigned long hcall_min = 0;
>  	hcall_t hfn;
>  
> +	if (system_supports_mpam()) {
> +		u64 mask = MPAM1_EL1_PARTID_D | MPAM1_EL1_PARTID_I |
> +			MPAM1_EL1_PMG_D | MPAM1_EL1_PMG_I;
> +
> +		write_sysreg_s(read_sysreg_el1(SYS_MPAM1) & mask, SYS_MPAM2_EL2);
> +		isb();
> +	}

Is it really OK to not preserve the rest of MPAM2_EL2? This explicitly
clears MPAM2_EL2.MPAMEN, which feels counter-productive.

	M.

-- 
Without deviation from the norm, progress is not possible.

Re: [PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Ben Horgan 3 weeks, 5 days ago

Hi Marc,

On 1/14/26 12:09, Marc Zyngier wrote:
> On Mon, 12 Jan 2026 16:58:40 +0000,
> Ben Horgan <ben.horgan@arm.com> wrote:
>>
>> On nVHE systems whether or not MPAM is enabled, EL2 continues to use
>> partid-0 for hypercalls, even when the host may have configured its kernel
>> threads to use a different partid. 0 may have been assigned to another
>> task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
>> same partid as the kernel thread does on the host.
>>
>> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
>> ---
>> Changes since v2:
>> Use mask
>> Use read_sysreg_el1 to cope with hvhe
>> ---
>>  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 ++++++++
>>  1 file changed, 8 insertions(+)
>>
>> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
>> index a7c689152f68..ad99d8a73a9e 100644
>> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
>> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
>> @@ -635,6 +635,14 @@ static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
>>  	unsigned long hcall_min = 0;
>>  	hcall_t hfn;
>>  
>> +	if (system_supports_mpam()) {
>> +		u64 mask = MPAM1_EL1_PARTID_D | MPAM1_EL1_PARTID_I |
>> +			MPAM1_EL1_PMG_D | MPAM1_EL1_PMG_I;
>> +
>> +		write_sysreg_s(read_sysreg_el1(SYS_MPAM1) & mask, SYS_MPAM2_EL2);
>> +		isb();
>> +	}
> 
> Is it really OK to not preserve the rest of MPAM2_EL2? This explicitly
> clears MPAM2_EL2.MPAMEN, which feels counter-productive.
> 
> 	M.
> 

There are 3 things to consider:
1. traps - these are only relevant when we leave EL2 and are dealt with
in __activate_traps_mpam(). (This also covers EnMPAMSM which is a
not-trap bit.)
2. MPAM2_EL2.MPAMEN - this is read only as long as we have an EL3 and if
we don't have EL3 will be 0 anyway from el2_setup.h and MPAM won't be
considered supported in the kernel.
3. The alternate partid space fields which are kept as zero and relate
to FEAT_RME.

So, safe. Ok with you or would you rather I make it more obviously safe?

Thanks,

Ben

Re: [PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Ben Horgan 3 weeks, 5 days ago

Hi Marc,

On 1/14/26 14:39, Ben Horgan wrote:
> Hi Marc,
> 
> On 1/14/26 12:09, Marc Zyngier wrote:
>> On Mon, 12 Jan 2026 16:58:40 +0000,
>> Ben Horgan <ben.horgan@arm.com> wrote:
>>>
>>> On nVHE systems whether or not MPAM is enabled, EL2 continues to use
>>> partid-0 for hypercalls, even when the host may have configured its kernel
>>> threads to use a different partid. 0 may have been assigned to another
>>> task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
>>> same partid as the kernel thread does on the host.
>>>
>>> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
>>> ---
>>> Changes since v2:
>>> Use mask
>>> Use read_sysreg_el1 to cope with hvhe
>>> ---
>>>  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 ++++++++
>>>  1 file changed, 8 insertions(+)
>>>
>>> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
>>> index a7c689152f68..ad99d8a73a9e 100644
>>> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
>>> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
>>> @@ -635,6 +635,14 @@ static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
>>>  	unsigned long hcall_min = 0;
>>>  	hcall_t hfn;
>>>  
>>> +	if (system_supports_mpam()) {
>>> +		u64 mask = MPAM1_EL1_PARTID_D | MPAM1_EL1_PARTID_I |
>>> +			MPAM1_EL1_PMG_D | MPAM1_EL1_PMG_I;
>>> +
>>> +		write_sysreg_s(read_sysreg_el1(SYS_MPAM1) & mask, SYS_MPAM2_EL2);
>>> +		isb();
>>> +	}
>>
>> Is it really OK to not preserve the rest of MPAM2_EL2? This explicitly
>> clears MPAM2_EL2.MPAMEN, which feels counter-productive.
>>
>> 	M.
>>
> 
> There are 3 things to consider:
> 1. traps - these are only relevant when we leave EL2 and are dealt with
> in __activate_traps_mpam(). (This also covers EnMPAMSM which is a
> not-trap bit.)
> 2. MPAM2_EL2.MPAMEN - this is read only as long as we have an EL3 and if
> we don't have EL3 will be 0 anyway from el2_setup.h and MPAM won't be
> considered supported in the kernel.
> 3. The alternate partid space fields which are kept as zero and relate
> to FEAT_RME.
> 
> So, safe. Ok with you or would you rather I make it more obviously safe?

As discussed offline, to avoid having to reason about MPAM2_EL2.MPAMEN
I'll set this bit to 1 in this write as we are already assuming mpam is
enabled and we want to keep it enabled.

> 
> Thanks,
> 
> Ben
> 
> 

Thanks,

Ben

Re: [PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Marc Zyngier 3 weeks, 5 days ago

On Wed, 14 Jan 2026 16:50:50 +0000,
Ben Horgan <ben.horgan@arm.com> wrote:
> 
> Hi Marc,
> 
> On 1/14/26 14:39, Ben Horgan wrote:
> > Hi Marc,
> > 
> > On 1/14/26 12:09, Marc Zyngier wrote:
> >> On Mon, 12 Jan 2026 16:58:40 +0000,
> >> Ben Horgan <ben.horgan@arm.com> wrote:
> >>>
> >>> On nVHE systems whether or not MPAM is enabled, EL2 continues to use
> >>> partid-0 for hypercalls, even when the host may have configured its kernel
> >>> threads to use a different partid. 0 may have been assigned to another
> >>> task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
> >>> same partid as the kernel thread does on the host.
> >>>
> >>> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
> >>> ---
> >>> Changes since v2:
> >>> Use mask
> >>> Use read_sysreg_el1 to cope with hvhe
> >>> ---
> >>>  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 ++++++++
> >>>  1 file changed, 8 insertions(+)
> >>>
> >>> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> >>> index a7c689152f68..ad99d8a73a9e 100644
> >>> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> >>> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> >>> @@ -635,6 +635,14 @@ static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
> >>>  	unsigned long hcall_min = 0;
> >>>  	hcall_t hfn;
> >>>  
> >>> +	if (system_supports_mpam()) {
> >>> +		u64 mask = MPAM1_EL1_PARTID_D | MPAM1_EL1_PARTID_I |
> >>> +			MPAM1_EL1_PMG_D | MPAM1_EL1_PMG_I;
> >>> +
> >>> +		write_sysreg_s(read_sysreg_el1(SYS_MPAM1) & mask, SYS_MPAM2_EL2);
> >>> +		isb();
> >>> +	}
> >>
> >> Is it really OK to not preserve the rest of MPAM2_EL2? This explicitly
> >> clears MPAM2_EL2.MPAMEN, which feels counter-productive.
> >>
> >> 	M.
> >>
> > 
> > There are 3 things to consider:
> > 1. traps - these are only relevant when we leave EL2 and are dealt with
> > in __activate_traps_mpam(). (This also covers EnMPAMSM which is a
> > not-trap bit.)
> > 2. MPAM2_EL2.MPAMEN - this is read only as long as we have an EL3 and if
> > we don't have EL3 will be 0 anyway from el2_setup.h and MPAM won't be
> > considered supported in the kernel.
> > 3. The alternate partid space fields which are kept as zero and relate
> > to FEAT_RME.
> > 
> > So, safe. Ok with you or would you rather I make it more obviously safe?
> 
> As discussed offline, to avoid having to reason about MPAM2_EL2.MPAMEN
> I'll set this bit to 1 in this write as we are already assuming mpam is
> enabled and we want to keep it enabled.

Sounds good, thanks.

	M.

-- 
Without deviation from the norm, progress is not possible.

Re: [PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Jonathan Cameron 3 weeks, 6 days ago

On Mon, 12 Jan 2026 16:58:40 +0000
Ben Horgan <ben.horgan@arm.com> wrote:

> On nVHE systems whether or not MPAM is enabled, EL2 continues to use
> partid-0 for hypercalls, even when the host may have configured its kernel
> threads to use a different partid. 0 may have been assigned to another
> task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
> same partid as the kernel thread does on the host.
> 
> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
> ---
> Changes since v2:
> Use mask
> Use read_sysreg_el1 to cope with hvhe

nvhe

Re: [PATCH v3 13/47] KVM: arm64: Use kernel-space partid configuration for hypercalls

Posted by Ben Horgan 3 weeks, 6 days ago

Hi Jonathan,

On 1/13/26 14:21, Jonathan Cameron wrote:
> On Mon, 12 Jan 2026 16:58:40 +0000
> Ben Horgan <ben.horgan@arm.com> wrote:
> 
>> On nVHE systems whether or not MPAM is enabled, EL2 continues to use
>> partid-0 for hypercalls, even when the host may have configured its kernel
>> threads to use a different partid. 0 may have been assigned to another
>> task. Copy the EL1 MPAM register to EL2. This ensures hypercalls use the
>> same partid as the kernel thread does on the host.
>>
>> Signed-off-by: Ben Horgan <ben.horgan@arm.com>
> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
>> ---
>> Changes since v2:
>> Use mask
>> Use read_sysreg_el1 to cope with hvhe
> 
> nvhe

In this case, I do mean arm64_sw.hvhe which is the configuration when
kvm-arm.mode=protected. The aliasing of the registers when E2H is set
meant that the read_sysreg_s(SYS_MPAM1_EL1) was actually accessing
SYS_MPAM2_EL2 and so the read and write were for the same value.

Thanks,

Ben