From: Gavin Shan <gshan@redhat•com>
To: Steven Price <steven.price@arm•com>,
kvm@vger•kernel.org, kvmarm@lists•linux.dev
Cc: Catalin Marinas <catalin.marinas@arm•com>,
Marc Zyngier <maz@kernel•org>, Will Deacon <will@kernel•org>,
James Morse <james.morse@arm•com>,
Oliver Upton <oliver.upton@linux•dev>,
Suzuki K Poulose <suzuki.poulose@arm•com>,
Zenghui Yu <yuzenghui@huawei•com>,
linux-arm-kernel@lists•infradead.org,
linux-kernel@vger•kernel.org, Joey Gouly <joey.gouly@arm•com>,
Alexandru Elisei <alexandru.elisei@arm•com>,
Christoffer Dall <christoffer.dall@arm•com>,
Fuad Tabba <tabba@google•com>,
linux-coco@lists•linux.dev,
Ganapatrao Kulkarni <gankulkarni@os•amperecomputing.com>,
Shanker Donthineni <sdonthineni@nvidia•com>,
Alper Gun <alpergun@google•com>,
"Aneesh Kumar K . V" <aneesh.kumar@kernel•org>,
Emi Kisanuki <fj0570is@fujitsu•com>,
Vishal Annapurve <vannapurve@google•com>,
WeiLin.Chang@arm•com, Lorenzo.Pieralisi2@arm•com
Subject: Re: [PATCH v14 28/44] arm64: RMI: Create the realm descriptor
Date: Thu, 28 May 2026 15:51:02 +1000 [thread overview]
Message-ID: <80b6ab2d-1a3e-4c15-b06b-00aaa23fcf74@redhat.com> (raw)
In-Reply-To: <20260513131757.116630-29-steven.price@arm.com>
Hi Steve,
On 5/13/26 11:17 PM, Steven Price wrote:
> Creating a realm involves first creating a realm descriptor (RD). This
> involves passing the configuration information to the RMM. Do this as
> part of realm_ensure_created() so that the realm is created when it is
> first needed.
>
> Signed-off-by: Steven Price <steven.price@arm•com>
> ---
> Changes since v13:
> * The RMM no longer uses AUX granules, so no need to ask it how many it
> needs.
> * Adapted to other changes.
> Changes since v12:
> * Since RMM page size is now equal to the host's page size various
> calculations are simplified.
> * Switch to using range based APIs to delegate/undelegate.
> * VMID handling is now handled entirely by the RMM.
> ---
> arch/arm64/kvm/rmi.c | 88 +++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 86 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/kvm/rmi.c b/arch/arm64/kvm/rmi.c
> index fb96bcaa73ed..cae29fd3353c 100644
> --- a/arch/arm64/kvm/rmi.c
> +++ b/arch/arm64/kvm/rmi.c
> @@ -418,6 +418,77 @@ static void realm_unmap_shared_range(struct kvm *kvm,
> start, end);
> }
>
> +static int realm_create_rd(struct kvm *kvm)
> +{
> + struct realm *realm = &kvm->arch.realm;
> + struct realm_params *params = realm->params;
> + void *rd = NULL;
> + phys_addr_t rd_phys, params_phys;
> + size_t pgd_size = kvm_pgtable_stage2_pgd_size(kvm->arch.mmu.vtcr);
> + int r;
> +
> + realm->ia_bits = VTCR_EL2_IPA(kvm->arch.mmu.vtcr);
> +
> + if (WARN_ON(realm->rd || !realm->params))
> + return -EEXIST;
> +
> + rd = (void *)__get_free_page(GFP_KERNEL_ACCOUNT);
> + if (!rd)
> + return -ENOMEM;
> +
> + rd_phys = virt_to_phys(rd);
> + if (rmi_delegate_page(rd_phys)) {
> + r = -ENXIO;
> + goto free_rd;
> + }
> +
> + if (rmi_delegate_range(kvm->arch.mmu.pgd_phys, pgd_size)) {
> + r = -ENXIO;
> + goto out_undelegate_tables;
> + }
> +
> + params->s2sz = VTCR_EL2_IPA(kvm->arch.mmu.vtcr);
> + params->rtt_level_start = get_start_level(realm);
> + params->rtt_num_start = pgd_size / PAGE_SIZE;
> + params->rtt_base = kvm->arch.mmu.pgd_phys;
> +
> + if (kvm->arch.arm_pmu) {
> + params->pmu_num_ctrs = kvm->arch.nr_pmu_counters;
> + params->flags |= RMI_REALM_PARAM_FLAG_PMU;
> + }
> +
> + if (kvm_lpa2_is_enabled())
> + params->flags |= RMI_REALM_PARAM_FLAG_LPA2;
> +
> + params_phys = virt_to_phys(params);
> +
> + if (rmi_realm_create(rd_phys, params_phys)) {
> + r = -ENXIO;
> + goto out_undelegate_tables;
> + }
> +
> + realm->rd = rd;
> + kvm_set_realm_state(kvm, REALM_STATE_NEW);
> + /* The realm is up, free the parameters. */
> + free_page((unsigned long)realm->params);
> + realm->params = NULL;
> +
> + return 0;
> +
> +out_undelegate_tables:
> + if (WARN_ON(rmi_undelegate_range(kvm->arch.mmu.pgd_phys, pgd_size))) {
> + /* Leak the pages if they cannot be returned */
> + kvm->arch.mmu.pgt = NULL;
> + }
In the latest RMM implementation (topics/rmm-v2.0-poc_2), rmi_delegate_range() works
with the granularity of granule (4KB) and it can fail on any granule. For example,
we have 16x granule as the root RTT and rmi_delegate_range() fails on the first
granule, we're going to undelegate all these 16x granules, which were never delegated
to RMM. It eventually leads to error and memory leakage.
For this, rmi_delegate_range() could be improved to return the number of granules that
have been delegated. The return value can be used by the caller to handle the erroneous
case by passing the correct range to rmi_undelegate_page().
> + if (WARN_ON(rmi_undelegate_page(rd_phys))) {
> + /* Leak the page if it isn't returned */
> + return r;
> + }
> +free_rd:
> + free_page((unsigned long)rd);
> + return r;
> +}
> +
> static void realm_unmap_private_range(struct kvm *kvm,
> unsigned long start,
> unsigned long end,
> @@ -647,8 +718,21 @@ static int realm_init_ipa_state(struct kvm *kvm,
>
> static int realm_ensure_created(struct kvm *kvm)
> {
> - /* Provided in later patch */
> - return -ENXIO;
> + int ret;
> +
> + switch (kvm_realm_state(kvm)) {
> + case REALM_STATE_NONE:
> + break;
> + case REALM_STATE_NEW:
> + return 0;
> + case REALM_STATE_DEAD:
> + return -ENXIO;
> + default:
> + return -EBUSY;
> + }
> +
> + ret = realm_create_rd(kvm);
> + return ret;
> }
>
> static int set_ripas_of_protected_regions(struct kvm *kvm)
Thanks,
Gavin
next prev parent reply other threads:[~2026-05-28 5:51 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 13:17 [PATCH v14 00/44] arm64: Support for Arm CCA in KVM Steven Price
2026-05-13 13:17 ` [PATCH v14 01/44] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price
2026-05-21 10:19 ` Marc Zyngier
2026-05-21 15:11 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 02/44] kvm: arm64: Avoid including linux/kvm_host.h in kvm_pgtable.h Steven Price
2026-05-21 10:26 ` Marc Zyngier
2026-05-21 15:11 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 03/44] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price
2026-05-21 12:25 ` Marc Zyngier
2026-05-21 15:15 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 04/44] arm64: RMI: Add SMC definitions for calling the RMM Steven Price
2026-05-18 7:08 ` Gavin Shan
2026-05-20 16:01 ` Steven Price
2026-05-21 12:40 ` Marc Zyngier
2026-05-21 14:50 ` Suzuki K Poulose
2026-05-21 15:33 ` Steven Price
2026-05-22 9:58 ` Marc Zyngier
2026-06-03 10:15 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 05/44] arm64: RMI: Add wrappers for RMI calls Steven Price
2026-05-19 5:35 ` Aneesh Kumar K.V
2026-05-21 15:44 ` Steven Price
2026-05-21 0:21 ` Gavin Shan
2026-05-21 15:44 ` Steven Price
2026-05-21 12:49 ` Marc Zyngier
2026-05-21 15:44 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 06/44] arm64: RMI: Check for RMI support at init Steven Price
2026-05-21 0:39 ` Gavin Shan
2026-05-21 15:49 ` Steven Price
2026-05-25 6:58 ` Gavin Shan
2026-06-03 10:57 ` Steven Price
2026-05-21 13:02 ` Marc Zyngier
2026-06-03 10:57 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 07/44] arm64: RMI: Configure the RMM with the host's page size Steven Price
2026-05-21 0:51 ` Gavin Shan
2026-05-21 22:36 ` Suzuki K Poulose
2026-05-21 13:30 ` Marc Zyngier
2026-05-21 14:53 ` Suzuki K Poulose
2026-06-03 15:48 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 08/44] arm64: RMI: Ensure that the RMM has GPT entries for memory Steven Price
2026-05-19 5:55 ` Aneesh Kumar K.V
2026-06-03 15:48 ` Steven Price
2026-05-21 0:58 ` Gavin Shan
2026-06-03 15:48 ` Steven Price
2026-05-21 13:47 ` Marc Zyngier
2026-05-21 14:24 ` Marc Zyngier
2026-05-21 15:39 ` Suzuki K Poulose
2026-06-03 15:48 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 09/44] arm64: RMI: Provide functions to delegate/undelegate ranges of memory Steven Price
2026-05-21 13:59 ` Marc Zyngier
2026-05-21 16:01 ` Suzuki K Poulose
2026-05-22 10:02 ` Marc Zyngier
2026-06-04 14:43 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 10/44] arm64: RMI: Add support for SRO Steven Price
2026-05-14 8:01 ` Aneesh Kumar K.V
2026-05-14 9:33 ` Steven Price
2026-05-19 6:02 ` Aneesh Kumar K.V
2026-06-04 15:19 ` Steven Price
2026-05-21 4:38 ` Gavin Shan
2026-06-04 15:19 ` Steven Price
2026-05-21 14:35 ` Marc Zyngier
2026-06-04 15:19 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 11/44] arm64: RMI: Check for RMI support at KVM init Steven Price
2026-05-13 13:17 ` [PATCH v14 12/44] arm64: RMI: Check for LPA2 support Steven Price
2026-05-13 13:17 ` [PATCH v14 13/44] arm64: RMI: Define the user ABI Steven Price
2026-05-26 22:17 ` Wei-Lin Chang
2026-06-04 15:27 ` Steven Price
2026-05-27 15:21 ` Marc Zyngier
2026-06-02 11:15 ` Suzuki K Poulose
2026-06-04 15:27 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 14/44] arm64: RMI: Basic infrastructure for creating a realm Steven Price
2026-05-19 6:31 ` Aneesh Kumar K.V
2026-05-28 7:10 ` Marc Zyngier
2026-06-02 14:49 ` Suzuki K Poulose
2026-06-04 15:55 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 15/44] kvm: arm64: Don't expose unsupported capabilities for realm guests Steven Price
2026-05-13 13:17 ` [PATCH v14 16/44] KVM: arm64: Allow passing machine type in KVM creation Steven Price
2026-05-13 13:17 ` [PATCH v14 17/44] arm64: RMI: RTT tear down Steven Price
2026-05-19 6:54 ` Aneesh Kumar K.V
2026-05-26 22:27 ` Wei-Lin Chang
2026-05-26 22:32 ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 18/44] arm64: RMI: Activate realm on first VCPU run Steven Price
2026-05-13 13:17 ` [PATCH v14 19/44] arm64: RMI: Allocate/free RECs to match vCPUs Steven Price
2026-05-26 22:39 ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 20/44] arm64: RMI: Support for the VGIC in realms Steven Price
2026-05-28 4:07 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 21/44] KVM: arm64: Support timers in realm RECs Steven Price
2026-05-28 4:11 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 22/44] arm64: RMI: Handle realm enter/exit Steven Price
2026-05-28 4:38 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 23/44] arm64: RMI: Handle RMI_EXIT_RIPAS_CHANGE Steven Price
2026-05-19 9:40 ` Aneesh Kumar K.V
2026-05-27 10:52 ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 24/44] KVM: arm64: Handle realm MMIO emulation Steven Price
2026-05-28 5:03 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 25/44] KVM: arm64: Expose support for private memory Steven Price
2026-05-13 13:17 ` [PATCH v14 26/44] arm64: RMI: Allow populating initial contents Steven Price
2026-05-28 5:30 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 27/44] arm64: RMI: Set RIPAS of initial memslots Steven Price
2026-05-19 10:02 ` Aneesh Kumar K.V
2026-05-19 10:13 ` Suzuki K Poulose
2026-05-19 12:55 ` Aneesh Kumar K.V
2026-05-19 13:06 ` Suzuki K Poulose
2026-05-13 13:17 ` [PATCH v14 28/44] arm64: RMI: Create the realm descriptor Steven Price
2026-05-26 22:47 ` Wei-Lin Chang
2026-05-28 5:51 ` Gavin Shan [this message]
2026-05-13 13:17 ` [PATCH v14 29/44] arm64: RMI: Runtime faulting of memory Steven Price
2026-05-13 13:17 ` [PATCH v14 30/44] KVM: arm64: Handle realm VCPU load Steven Price
2026-05-13 13:17 ` [PATCH v14 31/44] KVM: arm64: Validate register access for a Realm VM Steven Price
2026-05-13 13:17 ` [PATCH v14 32/44] KVM: arm64: Handle Realm PSCI requests Steven Price
2026-05-28 6:55 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 33/44] KVM: arm64: WARN on injected undef exceptions Steven Price
2026-05-13 13:17 ` [PATCH v14 34/44] arm64: RMI: allow userspace to inject aborts Steven Price
2026-05-13 13:17 ` [PATCH v14 35/44] arm64: RMI: support RSI_HOST_CALL Steven Price
2026-05-13 13:17 ` [PATCH v14 36/44] arm64: RMI: Allow checking SVE on VM instance Steven Price
2026-05-13 13:17 ` [PATCH v14 37/44] arm64: RMI: Prevent Device mappings for Realms Steven Price
2026-05-19 10:25 ` Aneesh Kumar K.V
2026-05-13 13:17 ` [PATCH v14 38/44] arm64: RMI: Propagate number of breakpoints and watchpoints to userspace Steven Price
2026-05-13 13:17 ` [PATCH v14 39/44] arm64: RMI: Set breakpoint parameters through SET_ONE_REG Steven Price
2026-05-13 13:17 ` [PATCH v14 40/44] arm64: RMI: Propagate max SVE vector length from RMM Steven Price
2026-05-13 13:17 ` [PATCH v14 41/44] arm64: RMI: Configure max SVE vector length for a Realm Steven Price
2026-05-13 13:17 ` [PATCH v14 42/44] arm64: RMI: Provide register list for unfinalized RMI RECs Steven Price
2026-05-13 13:17 ` [PATCH v14 43/44] arm64: RMI: Provide accurate register list Steven Price
2026-05-13 13:17 ` [PATCH v14 44/44] arm64: RMI: Enable realms to be created Steven Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80b6ab2d-1a3e-4c15-b06b-00aaa23fcf74@redhat.com \
--to=gshan@redhat$(echo .)com \
--cc=Lorenzo.Pieralisi2@arm$(echo .)com \
--cc=WeiLin.Chang@arm$(echo .)com \
--cc=alexandru.elisei@arm$(echo .)com \
--cc=alpergun@google$(echo .)com \
--cc=aneesh.kumar@kernel$(echo .)org \
--cc=catalin.marinas@arm$(echo .)com \
--cc=christoffer.dall@arm$(echo .)com \
--cc=fj0570is@fujitsu$(echo .)com \
--cc=gankulkarni@os$(echo .)amperecomputing.com \
--cc=james.morse@arm$(echo .)com \
--cc=joey.gouly@arm$(echo .)com \
--cc=kvm@vger$(echo .)kernel.org \
--cc=kvmarm@lists$(echo .)linux.dev \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=linux-coco@lists$(echo .)linux.dev \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=maz@kernel$(echo .)org \
--cc=oliver.upton@linux$(echo .)dev \
--cc=sdonthineni@nvidia$(echo .)com \
--cc=steven.price@arm$(echo .)com \
--cc=suzuki.poulose@arm$(echo .)com \
--cc=tabba@google$(echo .)com \
--cc=vannapurve@google$(echo .)com \
--cc=will@kernel$(echo .)org \
--cc=yuzenghui@huawei$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox