[PATCH 19/30] KVM: arm64: Annotate guest donations with handle and gfn in host stage-2
Fuad Tabba
tabba at google.com
Mon Jan 12 01:25:20 PST 2026
On Fri, 9 Jan 2026 at 14:42, Will Deacon <will at kernel.org> wrote:
>
> On Tue, Jan 06, 2026 at 04:01:28PM +0000, Fuad Tabba wrote:
> > On Mon, 5 Jan 2026 at 15:50, Will Deacon <will at kernel.org> wrote:
> > >
> > > Handling host kernel faults arising from accesses to donated guest
> > > memory will require an rmap-like mechanism to identify the guest mapping
> > > of the faulting page.
> > >
> > > Extend the page donation logic to encode the guest handle and gfn
> > > alongside the owner information in the host stage-2 pte.
> > >
> > > Signed-off-by: Will Deacon <will at kernel.org>
> > > ---
> > > arch/arm64/kvm/hyp/nvhe/mem_protect.c | 18 +++++++++++++++++-
> > > 1 file changed, 17 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
> > > index 7d1844e2888d..1a341337b272 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
> > > @@ -1063,6 +1063,19 @@ static void hyp_poison_page(phys_addr_t phys)
> > > hyp_fixmap_unmap();
> > > }
> > >
> > > +#define KVM_HOST_INVALID_PTE_GUEST_HANDLE_MASK GENMASK(15, 0)
> > > +#define KVM_HOST_INVALID_PTE_GUEST_GFN_MASK GENMASK(56, 16)
> > > +static u64 host_stage2_encode_gfn_meta(struct pkvm_hyp_vm *vm, u64 gfn)
> > > +{
> > > + pkvm_handle_t handle = vm->kvm.arch.pkvm.handle;
> > > +
> > > + WARN_ON(!FIELD_FIT(KVM_HOST_INVALID_PTE_GUEST_HANDLE_MASK, handle));
> >
> > Instead of (or in addition to) this check, should we also have a
> > compile time check to ensure that the handle fits? We have
> > KVM_MAX_PVMS and HANDLE_OFFSET, albeit HANDLE_OFFSET, so we can
> > calculate whether it fits.
>
> The problem there is that HANDLE_OFFSET is hidden inside of pkvm.c and I
> really didn't want to expose that in a header as we might as well just
> remove it at that point and allocate from 0.
>
> Maybe we could make pkvm_handle_t a u16 instead and I could assert that
> at compile type?
That works.
Cheers,
/fuad
> Will
More information about the linux-arm-kernel
mailing list