[PATCH] KVM: arm64: pkvm: Don't reprobe for ICH_VTR_EL2.TDS on CPU hotplug

[Vincent Donnefort]

On Tue, Mar 10, 2026 at 09:17:43AM +0000, Suzuki K Poulose wrote:
> On 10/03/2026 08:54, Marc Zyngier wrote:
> > Hotplugging a CPU off and back on fails with pKVM, as we try to
> > probe for ICH_VTR_EL2.TDS. In a non-VHE setup, this is achieved
> > by using an EL2 stub helper. However, the stubs are out of reach
> > once pKVM has deprivileged the kernel. The CPU never boots.
> > 
> > Since pKVM doesn't allow late onlining of CPUs, we can detect
> > that protected mode is enforced early on, and return the current
> > state of the capability.
> > 
> > Fixes: 2a28810cbb8b2 ("KVM: arm64: GICv3: Detect and work around the lack of ICV_DIR_EL1 trapping")
> > Reported-by: Vincent Donnefort <vdonnefort at google.com>
> > Signed-off-by: Marc Zyngier <maz at kernel.org>
> > Cc: stable at vger.kernel.org
> > ---
> >   arch/arm64/kernel/cpufeature.c | 3 +++
> >   1 file changed, 3 insertions(+)
> > 
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index c31f8e17732a3..947ff71b3b66b 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -2345,6 +2345,9 @@ static bool can_trap_icv_dir_el1(const struct arm64_cpu_capabilities *entry,
> >   	    !is_midr_in_range_list(has_vgic_v3))
> >   		return false;
> > +	if (system_capabilities_finalized() && is_protected_kvm_enabled())
> > +		return cpus_have_final_cap(ARM64_HAS_ICH_HCR_EL2_TDIR);
> 
> Is it a worth adding a comment here ? Otherwise this looks very odd -
> Returning the system state of a capability for a "hotplugged" CPU.
> 
> Otherwise
> 
> Reviewed-by: Suzuki K Poulose <suzuki.poulose at arm.com>


Tested-by: Vincent Donnefort <vdonnefort at google.com>

> 
> 
> > +
> >   	if (is_kernel_in_hyp_mode())
> >   		res.a1 = read_sysreg_s(SYS_ICH_VTR_EL2);
> >   	else
>