| Message ID | 20250213161426.102987-11-steven.price@arm.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | arm64: Support for Arm CCA in KVM | expand |
On 2/14/25 2:13 AM, Steven Price wrote: > Previously machine type was used purely for specifying the physical > address size of the guest. Reserve the higher bits to specify an ARM > specific machine type and declare a new type 'KVM_VM_TYPE_ARM_REALM' > used to create a realm guest. > > Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com> > Signed-off-by: Steven Price <steven.price@arm.com> > --- > Changes since v6: > * Make the check for kvm_rme_is_available more visible and report an > error code of -EPERM (instead of -EINVAL) to make it explicit that > the kernel supports RME, but the platform doesn't. > --- > arch/arm64/kvm/arm.c | 15 +++++++++++++++ > arch/arm64/kvm/mmu.c | 3 --- > include/uapi/linux/kvm.h | 19 +++++++++++++++---- > 3 files changed, 30 insertions(+), 7 deletions(-) > Section 4.2 of Documentation/virt/kvm/api.rst needs to be updated. Other than that, it looks good to me: Reviewed-by: Gavin Shan <gshan@redhat.com> > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c > index df6eb5e9ca96..917ee7c674f5 100644 > --- a/arch/arm64/kvm/arm.c > +++ b/arch/arm64/kvm/arm.c > @@ -180,6 +180,21 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) > mutex_unlock(&kvm->lock); > #endif > > + if (type & ~(KVM_VM_TYPE_ARM_MASK | KVM_VM_TYPE_ARM_IPA_SIZE_MASK)) > + return -EINVAL; > + > + switch (type & KVM_VM_TYPE_ARM_MASK) { > + case KVM_VM_TYPE_ARM_NORMAL: > + break; > + case KVM_VM_TYPE_ARM_REALM: > + if (!static_branch_unlikely(&kvm_rme_is_available)) > + return -EPERM; > + kvm->arch.is_realm = true; > + break; > + default: > + return -EINVAL; > + } > + > kvm_init_nested(kvm); > > ret = kvm_share_hyp(kvm, kvm + 1); > diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c > index 8cda128aafef..f8ad8f88bbb8 100644 > --- a/arch/arm64/kvm/mmu.c > +++ b/arch/arm64/kvm/mmu.c > @@ -886,9 +886,6 @@ static int kvm_init_ipa_range(struct kvm *kvm, > if (kvm_is_realm(kvm)) > kvm_ipa_limit = kvm_realm_ipa_limit(); > > - if (type & ~KVM_VM_TYPE_ARM_IPA_SIZE_MASK) > - return -EINVAL; > - > phys_shift = KVM_VM_TYPE_ARM_IPA_SIZE(type); > if (is_protected_kvm_enabled()) { > phys_shift = kvm_ipa_limit; > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index fa8f45029dff..9cabf9b6a9b4 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -644,14 +644,25 @@ struct kvm_enable_cap { > #define KVM_S390_SIE_PAGE_OFFSET 1 > > /* > - * On arm64, machine type can be used to request the physical > - * address size for the VM. Bits[7-0] are reserved for the guest > - * PA size shift (i.e, log2(PA_Size)). For backward compatibility, > - * value 0 implies the default IPA size, 40bits. > + * On arm64, machine type can be used to request both the machine type and > + * the physical address size for the VM. > + * > + * Bits[11-8] are reserved for the ARM specific machine type. > + * > + * Bits[7-0] are reserved for the guest PA size shift (i.e, log2(PA_Size)). > + * For backward compatibility, value 0 implies the default IPA size, 40bits. > */ > +#define KVM_VM_TYPE_ARM_SHIFT 8 > +#define KVM_VM_TYPE_ARM_MASK (0xfULL << KVM_VM_TYPE_ARM_SHIFT) > +#define KVM_VM_TYPE_ARM(_type) \ > + (((_type) << KVM_VM_TYPE_ARM_SHIFT) & KVM_VM_TYPE_ARM_MASK) > +#define KVM_VM_TYPE_ARM_NORMAL KVM_VM_TYPE_ARM(0) > +#define KVM_VM_TYPE_ARM_REALM KVM_VM_TYPE_ARM(1) > + > #define KVM_VM_TYPE_ARM_IPA_SIZE_MASK 0xffULL > #define KVM_VM_TYPE_ARM_IPA_SIZE(x) \ > ((x) & KVM_VM_TYPE_ARM_IPA_SIZE_MASK) > + > /* > * ioctls for /dev/kvm fds: > */ Thanks, Gavin
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index df6eb5e9ca96..917ee7c674f5 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -180,6 +180,21 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) mutex_unlock(&kvm->lock); #endif + if (type & ~(KVM_VM_TYPE_ARM_MASK | KVM_VM_TYPE_ARM_IPA_SIZE_MASK)) + return -EINVAL; + + switch (type & KVM_VM_TYPE_ARM_MASK) { + case KVM_VM_TYPE_ARM_NORMAL: + break; + case KVM_VM_TYPE_ARM_REALM: + if (!static_branch_unlikely(&kvm_rme_is_available)) + return -EPERM; + kvm->arch.is_realm = true; + break; + default: + return -EINVAL; + } + kvm_init_nested(kvm); ret = kvm_share_hyp(kvm, kvm + 1); diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 8cda128aafef..f8ad8f88bbb8 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -886,9 +886,6 @@ static int kvm_init_ipa_range(struct kvm *kvm, if (kvm_is_realm(kvm)) kvm_ipa_limit = kvm_realm_ipa_limit(); - if (type & ~KVM_VM_TYPE_ARM_IPA_SIZE_MASK) - return -EINVAL; - phys_shift = KVM_VM_TYPE_ARM_IPA_SIZE(type); if (is_protected_kvm_enabled()) { phys_shift = kvm_ipa_limit; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index fa8f45029dff..9cabf9b6a9b4 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -644,14 +644,25 @@ struct kvm_enable_cap { #define KVM_S390_SIE_PAGE_OFFSET 1 /* - * On arm64, machine type can be used to request the physical - * address size for the VM. Bits[7-0] are reserved for the guest - * PA size shift (i.e, log2(PA_Size)). For backward compatibility, - * value 0 implies the default IPA size, 40bits. + * On arm64, machine type can be used to request both the machine type and + * the physical address size for the VM. + * + * Bits[11-8] are reserved for the ARM specific machine type. + * + * Bits[7-0] are reserved for the guest PA size shift (i.e, log2(PA_Size)). + * For backward compatibility, value 0 implies the default IPA size, 40bits. */ +#define KVM_VM_TYPE_ARM_SHIFT 8 +#define KVM_VM_TYPE_ARM_MASK (0xfULL << KVM_VM_TYPE_ARM_SHIFT) +#define KVM_VM_TYPE_ARM(_type) \ + (((_type) << KVM_VM_TYPE_ARM_SHIFT) & KVM_VM_TYPE_ARM_MASK) +#define KVM_VM_TYPE_ARM_NORMAL KVM_VM_TYPE_ARM(0) +#define KVM_VM_TYPE_ARM_REALM KVM_VM_TYPE_ARM(1) + #define KVM_VM_TYPE_ARM_IPA_SIZE_MASK 0xffULL #define KVM_VM_TYPE_ARM_IPA_SIZE(x) \ ((x) & KVM_VM_TYPE_ARM_IPA_SIZE_MASK) + /* * ioctls for /dev/kvm fds: */