From nobody Thu Apr 9 07:15:58 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44C5D38B143 for ; Tue, 10 Mar 2026 12:49:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773146990; cv=none; b=eBMtXfbTf3ze1ZZLEMreLcpjKZia31b+MiPgccjwhT0WHC1INHKGPhQW178qGi1qEU5CF6YZK4TbE8usXsvdrhwcJY/n/oF/pt6sORmCEq/Zo/8DsfVbmlPRPqZ7sVeicSavaPyLvVNak6Sy054g38U+nJtfjXFArL4kpLwDKuQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773146990; c=relaxed/simple; bh=14KappcwlVf4yuTAUqr072Clw0Dq8rqsTruC9Z7bLgk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eq3AWzWSLwE+nGCCqFog9uVSpUtd0EVRNj7y0WgT0jo5pi3/x9HE3Bzgw3qRDVLKMVIH1t+eXdKHm/vVeoXBOyMVAM5uhQbcppRPE2PlLpWswwuxbOzEK8DRXlmDqFc+rAttK6E4I0JBcKyXpv4qyxtIou6exymxEFdJ968gT0c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XHkA3rf0; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XHkA3rf0" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4853ab1cae0so20355015e9.2 for ; Tue, 10 Mar 2026 05:49:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773146987; x=1773751787; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=l6n5Y9iqY7rq1n5Q/lgdkU3SuBp6Rv+RQlbX0vgQT/A=; b=XHkA3rf0cGVvyL8At2cyLLuLNnBaVw0g7jRTW8JsN6q6xsenkK3sCQMYAZs/OL1+Eg RLCMm6qIpNOs8CNZ6LxPfksD3gawfIKVBVHFRQ2D1DuWeaf8XYwQmcAmv565L2hyUeDT P3El7Hd3wXPRU1+oNqZBvuLpYnRF1Hh714YtKQEUaTPurFC0TKOCW7+8OGNwGOgcvYkB mJSXn3x2YU0dHH/RlnajBR4rqZfhuQX9LtKW+ahn0ckWY3ldJ/c0aKdhc90f6VvX6GMH bTZwTRpGEdFy4SobyjFXnTZ0C8QDSk5DGeesDBevF6Kp/YFk7dBJvTctsNTOLW9qG5nV DxcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773146987; x=1773751787; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=l6n5Y9iqY7rq1n5Q/lgdkU3SuBp6Rv+RQlbX0vgQT/A=; b=mmq+3b3lGLsKbbgfr3qyTq5tpfVrDXLLxZ72xw0hwnWU7f9Q/T5z3ZxK6xqsWSUsvX SWmOo5wVY3g+FVqoxikcERLdFw8svjR8FUQBrjifLkaJomuhyV61reITYTlWHUK/+esM +K65tBBecQF8FpXOkTjlUL4GNXKciYgUnqttsqkJ6EPXtyeiwQj8krhr0+wq+XOcs4L2 BJT/CNwicB1Um+tcig8vTNuWzZV3NdY2fFzq6S/mlv6wGhLCXeg7uNojWOQwAq583qz0 RdXBRUBuFsPYX37DDAs48ueu3KuUBLcUaHciabnyHK7HWUToiMiMsIwoqW/g0ji6EPLN qSYg== X-Forwarded-Encrypted: i=1; AJvYcCVIlFhRGWMwghztEqKHMQHIwFhWRvTJWEp0tnKOUIOCahAh8KbjLV+O0cGCJpWT7qkYQ/Qteu3kbY/A68Y=@vger.kernel.org X-Gm-Message-State: AOJu0YwVdoWUl2654ZXYETDFqx+JTCYjG9hM/UdBET8wHmqbzxxqZ3dr f+I00EZUlJ58eD0/8H7LeEPK2li8EUpBdmwe/lDBk8XsjHoKdSNdV0PHUiS5kI7uqgVbpVUXpuI oIHzHd6L//OpXz1v3KVqHN9lCUtSX4Q== X-Received: from wmby21.prod.google.com ([2002:a05:600c:c055:b0:485:343f:9fb3]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:138a:b0:477:7ae0:cd6e with SMTP id 5b1f17b1804b1-485269196ffmr271672925e9.5.1773146986648; Tue, 10 Mar 2026 05:49:46 -0700 (PDT) Date: Tue, 10 Mar 2026 12:49:23 +0000 In-Reply-To: <20260310124933.830025-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310124933.830025-1-sebastianene@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310124933.830025-5-sebastianene@google.com> Subject: [PATCH 04/14] KVM: arm64: Mediate host access to GIC/ITS MMIO via unmapping From: Sebastian Ene To: alexandru.elisei@arm.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com Cc: catalin.marinas@arm.com, dbrazdil@google.com, joey.gouly@arm.com, kees@kernel.org, mark.rutland@arm.com, maz@kernel.org, oupton@kernel.org, perlarsen@google.com, qperret@google.com, rananta@google.com, sebastianene@google.com, smostafa@google.com, suzuki.poulose@arm.com, tabba@google.com, tglx@kernel.org, vdonnefort@google.com, bgrzesik@google.com, will@kernel.org, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Unmap the ITS MMIO region from the host address space to enforce hypervisor mediation. Identify the ITS base address from the device tree and store it in a protected region. A callback is registered to handle host accesses to this region; currently, the handler simply forwards all MMIO requests to the physical hardware. This provides the infrastructure for future hardware state validation without changing current behavior. Signed-off-by: Sebastian Ene --- arch/arm64/include/asm/kvm_pkvm.h | 2 ++ arch/arm64/kvm/hyp/nvhe/Makefile | 3 ++- arch/arm64/kvm/hyp/nvhe/its_emulate.c | 23 ++++++++++++++++ arch/arm64/kvm/pkvm.c | 38 +++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/kvm/hyp/nvhe/its_emulate.c diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm= _pkvm.h index 5321ced2f50a..ef00c1bf7d00 100644 --- a/arch/arm64/include/asm/kvm_pkvm.h +++ b/arch/arm64/include/asm/kvm_pkvm.h @@ -32,6 +32,8 @@ struct pkvm_protected_reg { =20 extern struct pkvm_protected_reg kvm_nvhe_sym(pkvm_protected_regs)[]; extern unsigned int kvm_nvhe_sym(num_protected_reg); +extern void kvm_nvhe_sym(pkvm_handle_forward_req)(struct pkvm_protected_re= g *region, u64 offset, + bool write, u64 *reg, u8 reg_size); =20 int pkvm_init_host_vm(struct kvm *kvm); int pkvm_create_hyp_vm(struct kvm *kvm); diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Mak= efile index a244ec25f8c5..eb43269fbac2 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -24,7 +24,8 @@ CFLAGS_switch.nvhe.o +=3D -Wno-override-init =20 hyp-obj-y :=3D timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o= host.o \ hyp-main.o hyp-smp.o psci-relay.o early_alloc.o page_alloc.o \ - cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o + cache.o setup.o mm.o mem_protect.o sys_regs.o pkvm.o stacktrace.o ffa.o \ + its_emulate.o hyp-obj-y +=3D ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../en= try.o \ ../fpsimd.o ../hyp-entry.o ../exception.o ../pgtable.o hyp-obj-y +=3D ../../../kernel/smccc-call.o diff --git a/arch/arm64/kvm/hyp/nvhe/its_emulate.c b/arch/arm64/kvm/hyp/nvh= e/its_emulate.c new file mode 100644 index 000000000000..0eecbb011898 --- /dev/null +++ b/arch/arm64/kvm/hyp/nvhe/its_emulate.c @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include + + +void pkvm_handle_forward_req(struct pkvm_protected_reg *region, u64 offset= , bool write, + u64 *reg, u8 reg_size) +{ + void __iomem *addr =3D __hyp_va((region->start_pfn << PAGE_SHIFT) + offse= t); + + if (reg_size =3D=3D sizeof(u32)) { + if (!write) + *reg =3D readl_relaxed(addr); + else + writel_relaxed(*reg, addr); + } else if (reg_size =3D=3D sizeof(u64)) { + if (!write) + *reg =3D readq_relaxed(addr); + else + writeq_relaxed(*reg, addr); + } +} diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c index d7a0f69a9982..a766be6de735 100644 --- a/arch/arm64/kvm/pkvm.c +++ b/arch/arm64/kvm/pkvm.c @@ -11,6 +11,9 @@ #include #include #include +#include +#include +#include =20 #include =20 @@ -18,6 +21,7 @@ =20 DEFINE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); =20 +static struct pkvm_protected_reg *pkvm_protected_regs =3D kvm_nvhe_sym(pkv= m_protected_regs); static struct memblock_region *hyp_memory =3D kvm_nvhe_sym(hyp_memory); static unsigned int *hyp_memblock_nr_ptr =3D &kvm_nvhe_sym(hyp_memblock_nr= ); =20 @@ -39,6 +43,34 @@ static int __init register_memblock_regions(void) return 0; } =20 +static int __init register_protected_regions(void) +{ + int i =3D 0, ret; + struct device_node *np; + struct resource res; + + for_each_compatible_node(np, NULL, "arm,gic-v3-its") { + ret =3D of_address_to_resource(np, i, &res); + if (ret) + return ret; + + if (i >=3D PKVM_PROTECTED_REGS_NUM) + return -ENOMEM; + + if (!PAGE_ALIGNED(res.start) || !PAGE_ALIGNED(resource_size(&res))) + return -EINVAL; + + pkvm_protected_regs[i].start_pfn =3D res.start >> PAGE_SHIFT; + pkvm_protected_regs[i].num_pages =3D resource_size(&res) >> PAGE_SHIFT; + pkvm_protected_regs[i].cb =3D lm_alias(&kvm_nvhe_sym(pkvm_handle_forward= _req)); + i++; + } + + kvm_nvhe_sym(num_protected_reg) =3D i; + + return 0; +} + void __init kvm_hyp_reserve(void) { u64 hyp_mem_pages =3D 0; @@ -57,6 +89,12 @@ void __init kvm_hyp_reserve(void) return; } =20 + ret =3D register_protected_regions(); + if (ret) { + kvm_err("Failed to register protected reg: %d\n", ret); + return; + } + hyp_mem_pages +=3D hyp_s1_pgtable_pages(); hyp_mem_pages +=3D host_s2_pgtable_pages(); hyp_mem_pages +=3D hyp_vm_table_pages(); --=20 2.53.0.473.g4a7958ca14-goog