Commit ca19dd43 authored by Oliver Upton's avatar Oliver Upton
Browse files

Merge branch 'kvm-arm64/pkvm-6.15' into kvmarm/next 



* kvm-arm64/pkvm-6.15:
  : pKVM updates for 6.15
  :
  :  - SecPageTable stats for stage-2 table pages allocated by the protected
  :    hypervisor (Vincent Donnefort)
  :
  :  - HCRX_EL2 trap + vCPU initialization fixes for pKVM (Fuad Tabba)
  KVM: arm64: Create each pKVM hyp vcpu after its corresponding host vcpu
  KVM: arm64: Factor out pKVM hyp vcpu creation to separate function
  KVM: arm64: Initialize HCRX_EL2 traps in pKVM
  KVM: arm64: Factor out setting HCRX_EL2 traps into separate function
  KVM: arm64: Count pKVM stage-2 usage in secondary pagetable stats
  KVM: arm64: Distinct pKVM teardown memcache for stage-2
  KVM: arm64: Add flags to kvm_hyp_memcache

Signed-off-by: default avatarOliver Upton <oliver.upton@linux.dev>
parents 4f2774c5 1eab1154

arch/arm64/include/asm/kvm_emulate.h

+24 −0
Original line number Diff line number Diff line
@@ -662,4 +662,28 @@ static inline bool guest_hyp_sve_traps_enabled(const struct kvm_vcpu *vcpu) 
{

	return __guest_hyp_cptr_xen_trap_enabled(vcpu, ZEN);

}



static inline void vcpu_set_hcrx(struct kvm_vcpu *vcpu)

{

	struct kvm *kvm = vcpu->kvm;



	if (cpus_have_final_cap(ARM64_HAS_HCX)) {

		/*

		 * In general, all HCRX_EL2 bits are gated by a feature.

		 * The only reason we can set SMPME without checking any

		 * feature is that its effects are not directly observable

		 * from the guest.

		 */

		vcpu->arch.hcrx_el2 = HCRX_EL2_SMPME;



		if (kvm_has_feat(kvm, ID_AA64ISAR2_EL1, MOPS, IMP))

			vcpu->arch.hcrx_el2 |= (HCRX_EL2_MSCEn | HCRX_EL2_MCE2);



		if (kvm_has_tcr2(kvm))

			vcpu->arch.hcrx_el2 |= HCRX_EL2_TCR2En;



		if (kvm_has_fpmr(kvm))

			vcpu->arch.hcrx_el2 |= HCRX_EL2_EnFPM;

	}

}

#endif /* __ARM64_KVM_EMULATE_H__ */

arch/arm64/include/asm/kvm_host.h

+6 −0
Original line number Diff line number Diff line
@@ -87,6 +87,9 @@ struct kvm_hyp_memcache { 
	phys_addr_t head;

	unsigned long nr_pages;

	struct pkvm_mapping *mapping; /* only used from EL1 */



#define	HYP_MEMCACHE_ACCOUNT_STAGE2	BIT(1)

	unsigned long flags;

};



static inline void push_hyp_memcache(struct kvm_hyp_memcache *mc,
@@ -247,6 +250,7 @@ typedef unsigned int pkvm_handle_t; 
struct kvm_protected_vm {

	pkvm_handle_t handle;

	struct kvm_hyp_memcache teardown_mc;

	struct kvm_hyp_memcache stage2_teardown_mc;

	bool enabled;

};
@@ -902,6 +906,8 @@ struct kvm_vcpu_arch { 
#define VCPU_INITIALIZED	__vcpu_single_flag(cflags, BIT(0))

/* SVE config completed */

#define VCPU_SVE_FINALIZED	__vcpu_single_flag(cflags, BIT(1))

/* pKVM VCPU setup completed */

#define VCPU_PKVM_FINALIZED	__vcpu_single_flag(cflags, BIT(2))



/* Exception pending */

#define PENDING_EXCEPTION	__vcpu_single_flag(iflags, BIT(0))

arch/arm64/include/asm/kvm_pkvm.h

+1 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ 
int pkvm_init_host_vm(struct kvm *kvm);

int pkvm_create_hyp_vm(struct kvm *kvm);

void pkvm_destroy_hyp_vm(struct kvm *kvm);

int pkvm_create_hyp_vcpu(struct kvm_vcpu *vcpu);



/*

 * This functions as an allow-list of protected VM capabilities.

arch/arm64/kvm/arm.c

+4 −0
Original line number Diff line number Diff line
@@ -866,6 +866,10 @@ int kvm_arch_vcpu_run_pid_change(struct kvm_vcpu *vcpu) 
		ret = pkvm_create_hyp_vm(kvm);

		if (ret)

			return ret;



		ret = pkvm_create_hyp_vcpu(vcpu);

		if (ret)

			return ret;

	}



	mutex_lock(&kvm->arch.config_lock);

arch/arm64/kvm/hyp/include/nvhe/mem_protect.h

+1 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ void handle_host_mem_abort(struct kvm_cpu_context *host_ctxt); 


int hyp_pin_shared_mem(void *from, void *to);

void hyp_unpin_shared_mem(void *from, void *to);

void reclaim_guest_pages(struct pkvm_hyp_vm *vm, struct kvm_hyp_memcache *mc);

void reclaim_pgtable_pages(struct pkvm_hyp_vm *vm, struct kvm_hyp_memcache *mc);

int refill_memcache(struct kvm_hyp_memcache *mc, unsigned long min_pages,

		    struct kvm_hyp_memcache *host_mc);