Re: [PATCH v6 30/43] arm64: rme: Prevent Device mappings for Realms

[PATCH v6 00/43] arm64: Support for Arm CCA in KVM · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 01/43] KVM: Prepare for handling only shared mappings in mmu_notifier events · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 02/43] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 03/43] arm64: RME: Handle Granule Protection Faults (GPFs) · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 03/43] arm64: RME: Handle Granule Protection Faults (GPFs) · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-12-16
[PATCH v6 04/43] arm64: RME: Add SMC definitions for calling the RMM · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 04/43] arm64: RME: Add SMC definitions for calling the RMM · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-12-16
[PATCH v6 05/43] arm64: RME: Add wrappers for RMI calls · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 06/43] arm64: RME: Check for RME support at KVM init · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 06/43] arm64: RME: Check for RME support at KVM init · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-12-19
Re: [PATCH v6 06/43] arm64: RME: Check for RME support at KVM init · Gavin Shan <hidden> · 2025-01-28
Re: [PATCH v6 06/43] arm64: RME: Check for RME support at KVM init · Gavin Shan <hidden> · 2025-01-29
Re: [PATCH v6 06/43] arm64: RME: Check for RME support at KVM init · Steven Price <steven.price@arm.com> · 2025-01-29
[PATCH v6 07/43] arm64: RME: Define the user ABI · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 07/43] arm64: RME: Define the user ABI · Gavin Shan <hidden> · 2025-01-28
Re: [PATCH v6 07/43] arm64: RME: Define the user ABI · Steven Price <steven.price@arm.com> · 2025-01-29
[PATCH v6 08/43] arm64: RME: ioctls to create and configure realms · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 08/43] arm64: RME: ioctls to create and configure realms · Gavin Shan <hidden> · 2025-01-29
Re: [PATCH v6 08/43] arm64: RME: ioctls to create and configure realms · Steven Price <steven.price@arm.com> · 2025-01-30
[PATCH v6 09/43] kvm: arm64: Expose debug HW register numbers for Realm · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 10/43] arm64: kvm: Allow passing machine type in KVM creation · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 10/43] arm64: kvm: Allow passing machine type in KVM creation · Gavin Shan <hidden> · 2025-01-29
Re: [PATCH v6 10/43] arm64: kvm: Allow passing machine type in KVM creation · Steven Price <steven.price@arm.com> · 2025-01-30
[PATCH v6 11/43] arm64: RME: RTT tear down · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 11/43] arm64: RME: RTT tear down · Gavin Shan <hidden> · 2025-01-29
[PATCH v6 12/43] arm64: RME: Allocate/free RECs to match vCPUs · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 12/43] arm64: RME: Allocate/free RECs to match vCPUs · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-12-19
Re: [PATCH v6 12/43] arm64: RME: Allocate/free RECs to match vCPUs · Gavin Shan <hidden> · 2025-01-29
Re: [PATCH v6 12/43] arm64: RME: Allocate/free RECs to match vCPUs · Steven Price <steven.price@arm.com> · 2025-01-30
Re: [PATCH v6 12/43] arm64: RME: Allocate/free RECs to match vCPUs · Suzuki K Poulose <suzuki.poulose@arm.com> · 2025-02-03
Re: [PATCH v6 12/43] arm64: RME: Allocate/free RECs to match vCPUs · Steven Price <steven.price@arm.com> · 2025-02-03
[PATCH v6 13/43] KVM: arm64: vgic: Provide helper for number of list registers · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 14/43] arm64: RME: Support for the VGIC in realms · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 15/43] KVM: arm64: Support timers in realm RECs · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 16/43] arm64: RME: Allow VMM to set RIPAS · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 16/43] arm64: RME: Allow VMM to set RIPAS · Gavin Shan <hidden> · 2025-01-29
Re: [PATCH v6 16/43] arm64: RME: Allow VMM to set RIPAS · Steven Price <steven.price@arm.com> · 2025-01-30
[PATCH v6 17/43] arm64: RME: Handle realm enter/exit · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 17/43] arm64: RME: Handle realm enter/exit · Gavin Shan <hidden> · 2025-01-29
Re: [PATCH v6 17/43] arm64: RME: Handle realm enter/exit · Steven Price <steven.price@arm.com> · 2025-02-03
[PATCH v6 18/43] KVM: arm64: Handle realm MMIO emulation · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 19/43] arm64: RME: Allow populating initial contents · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 19/43] arm64: RME: Allow populating initial contents · Gavin Shan <hidden> · 2025-01-30
Re: [PATCH v6 19/43] arm64: RME: Allow populating initial contents · Steven Price <steven.price@arm.com> · 2025-02-03
[PATCH v6 20/43] arm64: RME: Runtime faulting of memory · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 20/43] arm64: RME: Runtime faulting of memory · Gavin Shan <hidden> · 2025-01-30
Re: [PATCH v6 20/43] arm64: RME: Runtime faulting of memory · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2025-02-06
Re: [PATCH v6 20/43] arm64: RME: Runtime faulting of memory · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 21/43] KVM: arm64: Handle realm VCPU load · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 22/43] KVM: arm64: Validate register access for a Realm VM · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 22/43] KVM: arm64: Validate register access for a Realm VM · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 22/43] KVM: arm64: Validate register access for a Realm VM · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 23/43] KVM: arm64: Handle Realm PSCI requests · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 23/43] KVM: arm64: Handle Realm PSCI requests · Gavin Shan <hidden> · 2025-02-02
[PATCH v6 24/43] KVM: arm64: WARN on injected undef exceptions · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 24/43] KVM: arm64: WARN on injected undef exceptions · Gavin Shan <hidden> · 2025-02-02
[PATCH v6 25/43] arm64: Don't expose stolen time for realm guests · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 25/43] arm64: Don't expose stolen time for realm guests · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 25/43] arm64: Don't expose stolen time for realm guests · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 26/43] arm64: rme: allow userspace to inject aborts · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 27/43] arm64: rme: support RSI_HOST_CALL · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 27/43] arm64: rme: support RSI_HOST_CALL · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 27/43] arm64: rme: support RSI_HOST_CALL · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 28/43] arm64: rme: Allow checking SVE on VM instance · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 28/43] arm64: rme: Allow checking SVE on VM instance · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 28/43] arm64: rme: Allow checking SVE on VM instance · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 29/43] arm64: RME: Always use 4k pages for realms · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 29/43] arm64: RME: Always use 4k pages for realms · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 29/43] arm64: RME: Always use 4k pages for realms · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 30/43] arm64: rme: Prevent Device mappings for Realms · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 30/43] arm64: rme: Prevent Device mappings for Realms · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 30/43] arm64: rme: Prevent Device mappings for Realms · Steven Price <steven.price@arm.com> · 2025-02-07
[PATCH v6 31/43] arm_pmu: Provide a mechanism for disabling the physical IRQ · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 32/43] arm64: rme: Enable PMU support with a realm guest · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 32/43] arm64: rme: Enable PMU support with a realm guest · Joey Gouly <joey.gouly@arm.com> · 2024-12-12
Re: [PATCH v6 32/43] arm64: rme: Enable PMU support with a realm guest · Steven Price <steven.price@arm.com> · 2025-02-10
[PATCH v6 33/43] kvm: rme: Hide KVM_CAP_READONLY_MEM for realm guests · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 34/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 34/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace · Gavin Shan <hidden> · 2025-02-02
Re: [PATCH v6 34/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace · Gavin Shan <hidden> · 2025-02-02
[PATCH v6 35/43] arm64: RME: Set breakpoint parameters through SET_ONE_REG · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 36/43] arm64: RME: Initialize PMCR.N with number counter supported by RMM · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 37/43] arm64: RME: Propagate max SVE vector length from RMM · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 38/43] arm64: RME: Configure max SVE vector length for a Realm · Steven Price <steven.price@arm.com> · 2024-12-12
Re: [PATCH v6 38/43] arm64: RME: Configure max SVE vector length for a Realm · Gavin Shan <hidden> · 2025-02-02
[PATCH v6 39/43] arm64: RME: Provide register list for unfinalized RME RECs · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 40/43] arm64: RME: Provide accurate register list · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 41/43] arm64: kvm: Expose support for private memory · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 42/43] KVM: arm64: Expose KVM_ARM_VCPU_REC to user space · Steven Price <steven.price@arm.com> · 2024-12-12
[PATCH v6 43/43] KVM: arm64: Allow activating realms · Steven Price <steven.price@arm.com> · 2024-12-12

From: Gavin Shan <hidden>
Date: 2025-02-02 07:13:03
Also in: kvm, kvmarm, linux-arm-kernel, lkml

On 12/13/24 1:55 AM, Steven Price wrote:

quoted hunk ↗ jump to hunk

Physical device assignment is not yet supported by the RMM, so it
doesn't make much sense to allow device mappings within the realm.
Prevent them when the guest is a realm.

Signed-off-by: Steven Price <steven.price@arm.com>
---
Changes from v5:
  * Also prevent accesses in user_mem_abort()
---
  arch/arm64/kvm/mmu.c | 12 ++++++++++++
  1 file changed, 12 insertions(+)

diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 9ede143ccef1..cef7c3dcbf99 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c

@@ -1149,6 +1149,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
  	if (is_protected_kvm_enabled())
  		return -EPERM;
  
+	/* We don't support mapping special pages into a Realm */
+	if (kvm_is_realm(kvm))
+		return -EINVAL;
+

		return -EPERM;

quoted hunk ↗ jump to hunk

  	size += offset_in_page(guest_ipa);
  	guest_ipa &= PAGE_MASK;

@@ -1725,6 +1729,14 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
  	if (exec_fault && device)
  		return -ENOEXEC;
  
+	/*
+	 * Don't allow device accesses to protected memory as we don't (yet)
+	 * support protected devices.
+	 */
+	if (device && kvm_is_realm(kvm) &&
+	    kvm_gpa_from_fault(kvm, fault_ipa) == fault_ipa)
+		return -EINVAL;
+

s/kvm_is_realm/vcpu_is_rec

I don't understand the check very well. What I understood is mem_abort() is called
only when kvm_gpa_from_fault(kvm, fault_ipa) != fault_ipa, meaning only the page
faults in the shared address space is handled by mem_abort(). So I guess we perhaps
need something like below.

	if (vcpu_is_rec(vcpu) && device)
		return -EPERM;

kvm_handle_guest_abort
   kvm_slot_can_be_private
     private_memslot_fault	// page fault in the private space is handled here
   io_mem_abort			// MMIO emulation is handled here
   user_mem_abort                // page fault in the shared space is handled here

  	/*
  	 * Potentially reduce shadow S2 permissions to match the guest's own
  	 * S2. For exec faults, we'd only reach this point if the guest

Thanks,
Gavin

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help