lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <yq5ased2twfh.fsf@kernel.org>
Date: Mon, 22 Dec 2025 20:07:06 +0530
From: Aneesh Kumar K.V <aneesh.kumar@...nel.org>
To: Suzuki K Poulose <suzuki.poulose@....com>, linux-kernel@...r.kernel.org,
	iommu@...ts.linux.dev, linux-coco@...ts.linux.dev
Cc: Catalin Marinas <catalin.marinas@....com>, will@...nel.org,
	maz@...nel.org, tglx@...utronix.de, robin.murphy@....com,
	akpm@...ux-foundation.org, jgg@...pe.ca, steven.price@....com
Subject: Re: [PATCH v2 3/4] coco: host: arm64: Handle hostconf RHI calls in
 kernel

Suzuki K Poulose <suzuki.poulose@....com> writes:

> On 21/12/2025 16:09, Aneesh Kumar K.V (Arm) wrote:
>>   - Mark hostconf RHI SMC IDs as handled in the SMCCC filter.
>>   - Return version/features plus PAGE_SIZE alignment for guest queries.
>>   - Drop the 4K page-size guard in RMI init now that realm can query IPA
>>     change alignment size via the hostconf RHI
>> 
>> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@...nel.org>
>> ---
>>   arch/arm64/kvm/hypercalls.c | 23 ++++++++++++++++++++++-
>>   arch/arm64/kvm/rmi.c        |  4 ----
>>   2 files changed, 22 insertions(+), 5 deletions(-)
>> 
>> diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
>> index 70ac7971416c..2861ca9063dd 100644
>> --- a/arch/arm64/kvm/hypercalls.c
>> +++ b/arch/arm64/kvm/hypercalls.c
>> @@ -8,6 +8,7 @@
>>   
>>   #include <kvm/arm_hypercalls.h>
>>   #include <kvm/arm_psci.h>
>> +#include <asm/rhi.h>
>>   
>>   #define KVM_ARM_SMCCC_STD_FEATURES				\
>>   	GENMASK(KVM_REG_ARM_STD_BMAP_BIT_COUNT - 1, 0)
>> @@ -77,6 +78,9 @@ static bool kvm_smccc_default_allowed(u32 func_id)
>>   	 */
>>   	case ARM_SMCCC_VERSION_FUNC_ID:
>>   	case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:
>> +	case RHI_HOSTCONF_VERSION:
>> +	case RHI_HOSTCONF_FEATURES:
>> +	case RHI_HOSTCONF_GET_IPA_CHANGE_ALIGNMENT:
>>   		return true;
>>   	default:
>>   		/* PSCI 0.2 and up is in the 0:0x1f range */
>> @@ -157,7 +161,15 @@ static int kvm_smccc_filter_insert_reserved(struct kvm *kvm)
>>   			       GFP_KERNEL_ACCOUNT);
>>   	if (r)
>>   		goto out_destroy;
>> -
>> +	/*
>> +	 * Don't forward RHI_HOST_CONF related RHI calls
>> +	 */
>> +	r = mtree_insert_range(&kvm->arch.smccc_filter,
>> +			       RHI_HOSTCONF_VERSION, RHI_HOSTCONF_GET_IPA_CHANGE_ALIGNMENT,
>> +			       xa_mk_value(KVM_SMCCC_FILTER_HANDLE),
>> +			       GFP_KERNEL_ACCOUNT);
>
> minor nit: this is needed only for the Realms ?
>


That is the kvm forwarding of the RHI hostcalls to VMM. We are updating
smccc filter that the SMCCC FID range [RHI_HOSTCONF_VERSION, RHI_HOSTCONF_GET_IPA_CHANGE_ALIGNMENT]
will be handled by the kernel. This is needed because it is the kernel
that is dropping the below check in kvm_init_rmi().

 	/* Only 4k page size on the host is supported */
	if (PAGE_SIZE != SZ_4K)
 		return;

We want to make sure RHI support and dropping of the above check happens
in the same patch and is part of the kernel. 

>
>> +	if (r)
>> +		goto out_destroy;
>>   	return 0;
>>   out_destroy:
>>   	mtree_destroy(&kvm->arch.smccc_filter);
>> @@ -376,6 +388,15 @@ int kvm_smccc_call_handler(struct kvm_vcpu *vcpu)
>>   	case ARM_SMCCC_TRNG_RND32:
>>   	case ARM_SMCCC_TRNG_RND64:
>>   		return kvm_trng_call(vcpu);
>> +	case RHI_HOSTCONF_VERSION:
>> +		val[0] = RHI_HOSTCONF_VER_1_0;
>> +		break;
>> +	case RHI_HOSTCONF_FEATURES:
>> +		val[0] = __RHI_HOSTCONF_GET_IPA_CHANGE_ALIGNMENT;
>> +		break;
>> +	case RHI_HOSTCONF_GET_IPA_CHANGE_ALIGNMENT:
>> +		val[0] = PAGE_SIZE;
>> +		break;
>>   	default:
>>   		return kvm_psci_call(vcpu);
>>   	}
>> diff --git a/arch/arm64/kvm/rmi.c b/arch/arm64/kvm/rmi.c
>> index 9957a71d21b1..bd345e051a24 100644
>> --- a/arch/arm64/kvm/rmi.c
>> +++ b/arch/arm64/kvm/rmi.c
>> @@ -1935,10 +1935,6 @@ EXPORT_SYMBOL_GPL(kvm_has_da_feature);
>>   
>>   void kvm_init_rmi(void)
>>   {
>> -	/* Only 4k page size on the host is supported */
>> -	if (PAGE_SIZE != SZ_4K)
>> -		return;
>
> For the record, these patches doesn't necessarily solve the Host support
> fully. The KVM still needs to support splitting pages for RMM's 4K.
>

We already delegate RMM granules and setup stage 2 in rmm with
RMM_PAGE_SIZE. ie, the shared patchset can be used to setup a 64K host
with 4K Realm running on a RMM using 4K RMM granule size.

>
> That said, this can be ignored as we rebase the KVM to only support
> RMM v2.0, where the Host can set the RMM's Stage2 page size.
>
> Suzuki
>

-aneesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ