[PATCH v2 0/1] KVM: arm64: nv: Implement nested stage-2 reverse map

Wei-Lin Chang weilin.chang at arm.com
Sat Apr 11 07:00:23 PDT 2026 

Hi,

Sorry, I missed changing the title to v2.
I'll add this to my checklist before sending next time.

Thanks,
Wei-Lin Chang

On Sat, Apr 11, 2026 at 01:50:23PM +0100, Wei-Lin Chang wrote:
> Hi,
> 
> This is v2 of optimizing the shadow s2 mmu unmapping during MMU
> notifiers. Thanks to Sashiko, who helped point out the many problems [1]
> in v1.
> 
> * Changes from v1 [2]:
> 
>   - Rebased on to a newer kvmarm/next, where user_mem_abort() underwent
>     a significant refactor.
> 
>   - Added a flag VALID_ENTRY (bit 63) to each non-polluted reverse map
>     entry, so that if nested IPA == 0, we still insert a non-zero entry
>     to the maple tree.
> 
>   - Added usage of the maple tree lock while using the tree. Previously
>     I though I could piggyback on kvm->mmu_lock, but this doesn't work
>     for 2 reasons:
>       1. The maple tree advanced API (mas_*) expects the maple tree lock
>          to be held.
>       2. At stage-2 fault time, kvm->mmu_lock is only taken for read.
>          Therefore even if 1. does not matter, parallel accesses to the
>          maple tree could still happen.
> 
>   - Changed from using GFP_KERNEL_ACCOUNT to (GFP_NOWAIT | __GFP_ACCOUNT)
>     in maple tree operations. This is done because GFP_KERNEL_ACCOUNT
>     can sleep, and we are holding kvm->mmu_lock while doing the
>     operations.
> 
>   - Made the code able to tolerate reverse map creation failure. In v1
>     if a maple tree operation fails, the error is reported back to the
>     caller which in the end fails the vCPU run. It shouldn't be this way
>     as the reverse map is an optimization and it shouldn't fail the
>     normal operation as we can fallback to a full unmap.
> 
>   - Added a boolean nested_revmap_broken in struct kvm_s2_mmu. If
>     reverse map creation fails, the reverse map becomes unreliable. Keep
>     this failure information with nested_revmap_broken so that we can
>     fallback when we need to unmap.
> 
>   - Removed patch 2,3,4 for now. After we start using the maple tree
>     lock, and keeping track of the reverse map failure state in
>     nested_revmap_broken, the s2 mmu look up acceleration in v1 patch 2
>     becomes very complicated, as the canonical maple tree used to speed
>     up s2 mmu look up can also encounter allocation failures which we
>     also need to keep track of and fallback. In the mean time the
>     consistency between the trees is not easy to reason about when
>     errors happen. Additionally, the extra lock of the canonical maple
>     tree also needs to be considered and care must be taken to not
>     introduce lock order inversion.
>     Given the above I believe it is best to leave the reverse map
>     improvements out for now, so as to not use too much time thinking
>     about optimization before the initial version of the reverse map is
>     even good.
> 
> Thanks!
> 
> [1]: https://sashiko.dev/#/patchset/20260330100633.2817076-1-weilin.chang%40arm.com
> [2]: https://lore.kernel.org/kvmarm/20260330100633.2817076-1-weilin.chang@arm.com/
> 
> Wei-Lin Chang (1):
>   KVM: arm64: nv: Avoid full shadow s2 unmap
> 
>  arch/arm64/include/asm/kvm_host.h   |   4 +
>  arch/arm64/include/asm/kvm_nested.h |   4 +
>  arch/arm64/kvm/mmu.c                |  30 ++++--
>  arch/arm64/kvm/nested.c             | 147 +++++++++++++++++++++++++++-
>  4 files changed, 177 insertions(+), 8 deletions(-)
> 
> -- 
> 2.43.0
>

More information about the linux-arm-kernel mailing list