From: Sascha Bischoff <Sascha.Bischoff@arm•com>
To: "linux-arm-kernel@lists•infradead.org"
<linux-arm-kernel@lists•infradead.org>,
"kvmarm@lists•linux.dev" <kvmarm@lists•linux.dev>,
"kvm@vger•kernel.org" <kvm@vger•kernel.org>
Cc: nd <nd@arm•com>, "maz@kernel•org" <maz@kernel•org>,
"oliver.upton@linux•dev" <oliver.upton@linux•dev>,
Joey Gouly <Joey.Gouly@arm•com>,
Suzuki Poulose <Suzuki.Poulose@arm•com>,
"yuzenghui@huawei•com" <yuzenghui@huawei•com>,
"peter.maydell@linaro•org" <peter.maydell@linaro•org>,
"lpieralisi@kernel•org" <lpieralisi@kernel•org>,
Timothy Hayes <Timothy.Hayes@arm•com>
Subject: [PATCH v2 32/39] KVM: arm64: gic-v5: Mask per-vcpu PPI state in vgic_v5_finalize_ppi_state()
Date: Thu, 21 May 2026 15:00:09 +0000 [thread overview]
Message-ID: <20260521144846.1899475-33-sascha.bischoff@arm.com> (raw)
In-Reply-To: <20260521144846.1899475-1-sascha.bischoff@arm.com>
Only a subset of the possible PPIs are exposed to a guest when running
with a vGICv5. First of all, only the architected PPIs are considered
by KVM. Secondly, only a set of those is exposed to a guest - those
corresponding to devices that KVM emulates (timers, PMU) and the GICv5
SW_PPI.
The finalisation of exposed PPIs happens on first vCPU run as this is
the first time when the full set of exposed devices is known. At this
stage a mask is calculated, and this mask is applied to both hide
non-exposed PPI state from the guest and to reduce overhead when
iterating over the PPIs.
As part of introducing support for userspace accesses to the GICv5
system registers it has become apparent that userspace sets of the
GICv5 PPI registers can result in a mismatch between the state exposed
to the guest and what KVM expects to be exposed. Effectively,
userspace can set the Enable, Active, Pending state of PPIs that KVM
has chosen to hide from a guest.
Under the assumption that on a VM restore userspace will set the PPI
state prior to running the vCPU(s) for the first time, rework
vgic_v5_finalize_ppi_state() to not only calculate the mask of exposed
PPIs, but also to clear any state for the non-exposed PPIs. This
ensures that only the state that KVM intends to expose to the guest is
exposed.
Note: If userspace chooses to set the state of PPI registers after
running a vCPU for the first time, then no masking takes place and
that state is directly exposed to a guest.
Signed-off-by: Sascha Bischoff <sascha.bischoff@arm•com>
---
arch/arm64/kvm/arm.c | 2 +-
arch/arm64/kvm/vgic/vgic-v5.c | 71 +++++++++++++++++++++++++----------
include/kvm/arm_vgic.h | 2 +-
3 files changed, 53 insertions(+), 22 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 34c9950884d5e..2a9cda1972b69 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -958,7 +958,7 @@ int kvm_arch_vcpu_run_pid_change(struct kvm_vcpu *vcpu)
return ret;
}
- ret = vgic_v5_finalize_ppi_state(kvm);
+ ret = vgic_v5_finalize_ppi_state(vcpu);
if (ret)
return ret;
diff --git a/arch/arm64/kvm/vgic/vgic-v5.c b/arch/arm64/kvm/vgic/vgic-v5.c
index 6e2191620e8d7..05fd10030da84 100644
--- a/arch/arm64/kvm/vgic/vgic-v5.c
+++ b/arch/arm64/kvm/vgic/vgic-v5.c
@@ -761,9 +761,10 @@ int vgic_v5_map_resources(struct kvm *kvm)
return 0;
}
-int vgic_v5_finalize_ppi_state(struct kvm *kvm)
+int vgic_v5_finalize_ppi_state(struct kvm_vcpu *vcpu)
{
- struct kvm_vcpu *vcpu0;
+ struct kvm *kvm = vcpu->kvm;
+ struct vgic_v5_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.vgic_v5;
int i;
if (!vgic_is_v5(kvm))
@@ -772,35 +773,65 @@ int vgic_v5_finalize_ppi_state(struct kvm *kvm)
guard(mutex)(&kvm->arch.config_lock);
/*
- * If SW_PPI has been advertised, then we know we already
- * initialised the whole thing, and we can return early. Yes,
- * this is pretty hackish as far as state tracking goes...
+ * Discover the set of PPIs that are exposed to the guest once per VM.
+ * Once known, apply that mask to each VCPU's restored PPI state as the
+ * VCPUs are first run.
*/
- if (test_bit(GICV5_ARCH_PPI_SW_PPI, kvm->arch.vgic.gicv5_vm.vgic_ppi_mask))
- return 0;
-
- /* The PPI state for all VCPUs should be the same. Pick the first. */
- vcpu0 = kvm_get_vcpu(kvm, 0);
+ if (!test_bit(GICV5_ARCH_PPI_SW_PPI, kvm->arch.vgic.gicv5_vm.vgic_ppi_mask)) {
+ bitmap_zero(kvm->arch.vgic.gicv5_vm.vgic_ppi_mask,
+ VGIC_V5_NR_PRIVATE_IRQS);
+ bitmap_zero(kvm->arch.vgic.gicv5_vm.vgic_ppi_hmr,
+ VGIC_V5_NR_PRIVATE_IRQS);
+
+ for_each_set_bit(i, ppi_caps.impl_ppi_mask, VGIC_V5_NR_PRIVATE_IRQS) {
+ const u32 intid = vgic_v5_make_ppi(i);
+ struct vgic_irq *irq;
+
+ irq = vgic_get_vcpu_irq(vcpu, intid);
+
+ /* Expose PPIs with an owner or the SW_PPI, only */
+ scoped_guard(raw_spinlock_irqsave, &irq->irq_lock) {
+ if (irq->owner || i == GICV5_ARCH_PPI_SW_PPI) {
+ __set_bit(i, kvm->arch.vgic.gicv5_vm.vgic_ppi_mask);
+ __assign_bit(i, kvm->arch.vgic.gicv5_vm.vgic_ppi_hmr,
+ irq->config == VGIC_CONFIG_LEVEL);
+ }
+ }
- bitmap_zero(kvm->arch.vgic.gicv5_vm.vgic_ppi_mask, VGIC_V5_NR_PRIVATE_IRQS);
- bitmap_zero(kvm->arch.vgic.gicv5_vm.vgic_ppi_hmr, VGIC_V5_NR_PRIVATE_IRQS);
+ vgic_put_irq(kvm, irq);
+ }
+ }
- for_each_set_bit(i, ppi_caps.impl_ppi_mask, VGIC_V5_NR_PRIVATE_IRQS) {
+ /*
+ * Apply the mask to Enable, Active. Skip pending as that's calculated
+ * on guest entry.
+ */
+ bitmap_and(cpu_if->vgic_ppi_enabler, cpu_if->vgic_ppi_enabler,
+ kvm->arch.vgic.gicv5_vm.vgic_ppi_mask, VGIC_V5_NR_PRIVATE_IRQS);
+ bitmap_and(cpu_if->vgic_ppi_activer, cpu_if->vgic_ppi_activer,
+ kvm->arch.vgic.gicv5_vm.vgic_ppi_mask, VGIC_V5_NR_PRIVATE_IRQS);
+
+ /* Also update the vgic_irqs */
+ for (i = 0; i < VGIC_V5_NR_PRIVATE_IRQS; i++) {
+ bool visible = test_bit(i, kvm->arch.vgic.gicv5_vm.vgic_ppi_mask);
const u32 intid = vgic_v5_make_ppi(i);
struct vgic_irq *irq;
- irq = vgic_get_vcpu_irq(vcpu0, intid);
+ irq = vgic_get_vcpu_irq(vcpu, intid);
- /* Expose PPIs with an owner or the SW_PPI, only */
scoped_guard(raw_spinlock_irqsave, &irq->irq_lock) {
- if (irq->owner || i == GICV5_ARCH_PPI_SW_PPI) {
- __set_bit(i, kvm->arch.vgic.gicv5_vm.vgic_ppi_mask);
- __assign_bit(i, kvm->arch.vgic.gicv5_vm.vgic_ppi_hmr,
- irq->config == VGIC_CONFIG_LEVEL);
+ if (!visible) {
+ irq->enabled = false;
+ irq->active = false;
+ irq->pending_latch = false;
+ irq->line_level = false;
+ } else {
+ irq->enabled = test_bit(i, cpu_if->vgic_ppi_enabler);
+ irq->active = test_bit(i, cpu_if->vgic_ppi_activer);
}
}
- vgic_put_irq(vcpu0->kvm, irq);
+ vgic_put_irq(kvm, irq);
}
return 0;
diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index f9f58ca793707..eb68c96a46ed2 100644
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -783,7 +783,7 @@ int vgic_v4_load(struct kvm_vcpu *vcpu);
void vgic_v4_commit(struct kvm_vcpu *vcpu);
int vgic_v4_put(struct kvm_vcpu *vcpu);
-int vgic_v5_finalize_ppi_state(struct kvm *kvm);
+int vgic_v5_finalize_ppi_state(struct kvm_vcpu *vcpu);
bool vgic_v5_ppi_queue_irq_unlock(struct kvm *kvm, struct vgic_irq *irq,
unsigned long flags);
void vgic_v5_set_ppi_dvi(struct kvm_vcpu *vcpu, struct vgic_irq *irq, bool dvi);
--
2.34.1
next prev parent reply other threads:[~2026-05-21 15:02 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 14:49 [PATCH v2 00/39] KVM: arm64: Add GICv5 IRS support Sascha Bischoff
2026-05-21 14:49 ` [PATCH v2 01/39] irqchip/gic-v5: Allow KVM setup without a maintenance IRQ Sascha Bischoff
2026-05-21 14:49 ` [PATCH v2 02/39] irqchip/gic-v5: Provide OF IRS config frame attrs to KVM Sascha Bischoff
2026-05-21 14:50 ` [PATCH v2 03/39] irqchip/gic-v5: Setup gic_kvm_info on ACPI hosts Sascha Bischoff
2026-05-27 10:51 ` Marc Zyngier
2026-05-29 14:33 ` Sascha Bischoff
2026-05-28 7:14 ` Lorenzo Pieralisi
2026-05-29 14:41 ` Sascha Bischoff
2026-05-21 14:50 ` [PATCH v2 04/39] KVM: arm64: gic-v5: Define remaining IRS MMIO registers Sascha Bischoff
2026-05-21 14:50 ` [PATCH v2 05/39] arm64/sysreg: Add GICv5 GIC VDPEND and VDRCFG encodings Sascha Bischoff
2026-05-21 14:51 ` [PATCH v2 06/39] arm64/sysreg: Update ICC_CR0_EL1 with LINK and LINK_IDLE fields Sascha Bischoff
2026-05-21 14:51 ` [PATCH v2 07/39] KVM: arm64: gic-v5: Extract host IRS caps from IRS config frame Sascha Bischoff
2026-05-21 14:51 ` [PATCH v2 08/39] KVM: arm64: gic-v5: Add VPE doorbell domain Sascha Bischoff
2026-05-21 14:52 ` [PATCH v2 09/39] KVM: arm64: gic-v5: Create & manage VM and VPE tables Sascha Bischoff
2026-05-21 14:52 ` [PATCH v2 10/39] KVM: arm64: gic-v5: Introduce guest IST alloc and management Sascha Bischoff
2026-05-21 14:52 ` [PATCH v2 11/39] KVM: arm64: gic-v5: Implement VMT/vIST IRS MMIO Ops Sascha Bischoff
2026-05-21 14:53 ` [PATCH v2 12/39] KVM: arm64: gic-v5: Keep GICv5 vCPU limit model-specific Sascha Bischoff
2026-05-21 14:53 ` [PATCH v2 13/39] KVM: arm64: gic-v5: Implement VPE IRS MMIO Ops Sascha Bischoff
2026-05-21 14:53 ` [PATCH v2 14/39] KVM: arm64: gic-v5: Set up VMTEs and VPE doorbells Sascha Bischoff
2026-05-21 14:54 ` [PATCH v2 15/39] KVM: arm64: gic-v5: Add resident/non-resident hyp calls Sascha Bischoff
2026-05-21 14:54 ` [PATCH v2 16/39] KVM: arm64: gic-v5: Request doorbells when VPEs enter WFI Sascha Bischoff
2026-05-21 14:54 ` [PATCH v2 17/39] KVM: arm64: gic-v5: Introduce struct vgic_v5_irs and IRS base address Sascha Bischoff
2026-05-21 14:55 ` [PATCH v2 18/39] KVM: arm64: gic-v5: Add IRS IODEV support to MMIO handlers Sascha Bischoff
2026-05-21 14:55 ` [PATCH v2 19/39] KVM: arm64: gic-v5: Add KVM_VGIC_V5_ADDR_TYPE_IRS to UAPI Sascha Bischoff
2026-05-21 14:55 ` [PATCH v2 20/39] KVM: arm64: gic-v5: Add GICv5 IRS IODEV and MMIO emulation Sascha Bischoff
2026-05-21 14:56 ` [PATCH v2 21/39] KVM: arm64: gic-v5: Initialise per-VM IRS state Sascha Bischoff
2026-05-21 14:56 ` [PATCH v2 22/39] KVM: arm64: gic-v5: Register the IRS IODEV Sascha Bischoff
2026-05-21 14:57 ` [PATCH v2 23/39] KVM: arm64: gic-v5: Set IRICHPPIDIS based on IRS enable state Sascha Bischoff
2026-05-21 14:57 ` [PATCH v2 24/39] KVM: arm64: selftests: Update vGICv5 selftest to set IRS address Sascha Bischoff
2026-05-21 14:57 ` [PATCH v2 25/39] KVM: arm64: gic-v5: Introduce SPI AP list Sascha Bischoff
2026-05-21 14:58 ` [PATCH v2 26/39] KVM: arm64: gic-v5: Add GIC VDPEND and GIC VDRCFG hyp calls Sascha Bischoff
2026-05-21 14:58 ` [PATCH v2 27/39] KVM: arm64: gic-v5: Track SPI state for in-flight SPIs Sascha Bischoff
2026-05-21 14:58 ` [PATCH v2 28/39] KVM: arm64: gic: Introduce set_pending_state() to irq_op Sascha Bischoff
2026-05-21 14:59 ` [PATCH v2 29/39] KVM: arm64: gic-v5: Support SPI injection Sascha Bischoff
2026-05-26 13:41 ` Vladimir Murzin
2026-05-28 14:59 ` Sascha Bischoff
2026-05-21 14:59 ` [PATCH v2 30/39] Documentation: KVM: Extend VGICv5 docs for KVM_VGIC_V5_ADDR_TYPE_IRS Sascha Bischoff
2026-05-21 14:59 ` [PATCH v2 31/39] KVM: arm64: gic-v5: Add GICv5 SPI injection to irqfd Sascha Bischoff
2026-06-04 10:51 ` Vladimir Murzin
2026-05-21 15:00 ` Sascha Bischoff [this message]
2026-05-21 15:00 ` [PATCH v2 33/39] KVM: arm64: gic-v5: Add GICv5 EL1 sysreg userspace accessors Sascha Bischoff
2026-05-21 15:00 ` [PATCH v2 34/39] KVM: arm64: gic-v5: Handle userspace accesses to IRS MMIO region Sascha Bischoff
2026-05-21 15:01 ` [PATCH v2 35/39] KVM: arm64: gic-v5: Implement save/restore mechanisms for ISTs Sascha Bischoff
2026-05-21 15:01 ` [PATCH v2 36/39] Documentation: KVM: Document KVM_DEV_ARM_VGIC_GRP_CPU_SYSREGS for VGICv5 Sascha Bischoff
2026-05-21 15:01 ` [PATCH v2 37/39] Documentation: KVM: Add KVM_DEV_ARM_VGIC_GRP_IRS_REGS to VGICv5 docs Sascha Bischoff
2026-05-21 15:02 ` [PATCH v2 38/39] Documentation: KVM: Add docs for KVM_DEV_ARM_VGIC_GRP_IST Sascha Bischoff
2026-05-21 15:02 ` [PATCH v2 39/39] Documentation: KVM: Add the VGICv5 IRS save/restore sequences Sascha Bischoff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521144846.1899475-33-sascha.bischoff@arm.com \
--to=sascha.bischoff@arm$(echo .)com \
--cc=Joey.Gouly@arm$(echo .)com \
--cc=Suzuki.Poulose@arm$(echo .)com \
--cc=Timothy.Hayes@arm$(echo .)com \
--cc=kvm@vger$(echo .)kernel.org \
--cc=kvmarm@lists$(echo .)linux.dev \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=lpieralisi@kernel$(echo .)org \
--cc=maz@kernel$(echo .)org \
--cc=nd@arm$(echo .)com \
--cc=oliver.upton@linux$(echo .)dev \
--cc=peter.maydell@linaro$(echo .)org \
--cc=yuzenghui@huawei$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox