| Message ID | 20241004152804.72508-32-steven.price@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: Support for Arm CCA in KVM | expand |
On 04/10/2024 16:27, Steven Price wrote: > Physical device assignment is not yet supported by the RMM, so it > doesn't make much sense to allow device mappings within the realm. > Prevent them when the guest is a realm. > > Signed-off-by: Steven Price <steven.price@arm.com> > --- > arch/arm64/kvm/mmu.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c > index 4f0403059c91..602c49eae90d 100644 > --- a/arch/arm64/kvm/mmu.c > +++ b/arch/arm64/kvm/mmu.c > @@ -1142,6 +1142,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa, > if (is_protected_kvm_enabled()) > return -EPERM; > > + /* We don't support mapping special pages into a Realm */ > + if (kvm_is_realm(kvm)) > + return -EINVAL; > + I believe this is not sufficient. This is only called for GICv2 today. But we also need to check in user_mem_abort() and only allow the mapping if it targeting an unprotected IPA. Something like: diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 26d550ad8393..e433bf8376f2 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1710,6 +1710,9 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, if (exec_fault && device) return -ENOEXEC; + if (device && kvm_gpa_from_fault(fault_ipa) != fault_ipa) + return -EINVAL; + /* * Potentially reduce shadow S2 permissions to match the guest's own * S2. For exec faults, we'd only reach this point if the guest Suzuki > size += offset_in_page(guest_ipa); > guest_ipa &= PAGE_MASK; >
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 4f0403059c91..602c49eae90d 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1142,6 +1142,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa, if (is_protected_kvm_enabled()) return -EPERM; + /* We don't support mapping special pages into a Realm */ + if (kvm_is_realm(kvm)) + return -EINVAL; + size += offset_in_page(guest_ipa); guest_ipa &= PAGE_MASK;
Physical device assignment is not yet supported by the RMM, so it doesn't make much sense to allow device mappings within the realm. Prevent them when the guest is a realm. Signed-off-by: Steven Price <steven.price@arm.com> --- arch/arm64/kvm/mmu.c | 4 ++++ 1 file changed, 4 insertions(+)