[PATCH v3 4/5] KVM: arm64: nv: Remove reverse map entries during TLBI handling
Wei-Lin Chang
weilin.chang at arm.com
Sun May 10 07:53:37 PDT 2026
When a guest hypervisor issues a TLBI for a specific IPA range, KVM
unmaps that range from all the effected shadow stage-2s. During this we
get the opportunity to remove the reverse map, and lower the probability
of creating UNKNOWN_IPA reverse map ranges at subsequent stage-2 faults.
However, the TLBI ranges are specified in nested IPA, so in order to
locate the affected ranges in the reverse map maple tree, which is a
mapping from canonical IPA to nested IPA, we can only iterate through
the entire tree and check each entry.
Suggested-by: Marc Zyngier <maz at kernel.org>
Signed-off-by: Wei-Lin Chang <weilin.chang at arm.com>
---
arch/arm64/include/asm/kvm_nested.h | 2 ++
arch/arm64/kvm/nested.c | 38 +++++++++++++++++++++++++++++
arch/arm64/kvm/sys_regs.c | 3 +++
3 files changed, 43 insertions(+)
diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h
index 5cbf78dfc685..b11925826b25 100644
--- a/arch/arm64/include/asm/kvm_nested.h
+++ b/arch/arm64/include/asm/kvm_nested.h
@@ -76,6 +76,8 @@ extern void kvm_s2_mmu_iterate_by_vmid(struct kvm *kvm, u16 vmid,
const union tlbi_info *info,
void (*)(struct kvm_s2_mmu *,
const union tlbi_info *));
+extern void kvm_remove_nested_revmap(struct kvm_s2_mmu *mmu, u64 nested_ipa,
+ size_t size);
extern void kvm_record_nested_revmap(gpa_t gpa, struct kvm_s2_mmu *mmu,
gpa_t fault_ipa, size_t map_size);
extern void kvm_vcpu_load_hw_mmu(struct kvm_vcpu *vcpu);
diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c
index 35b5d5f21a23..96b88d9c0c2a 100644
--- a/arch/arm64/kvm/nested.c
+++ b/arch/arm64/kvm/nested.c
@@ -784,6 +784,44 @@ static struct kvm_s2_mmu *get_s2_mmu_nested(struct kvm_vcpu *vcpu)
return s2_mmu;
}
+void kvm_remove_nested_revmap(struct kvm_s2_mmu *mmu, u64 nested_ipa, size_t size)
+{
+ /*
+ * Iterate through the mt of this mmu, remove all canonical ipa ranges
+ * with !UNKNOWN_IPA that maps to ranges that are strictly within
+ * [addr, addr + size).
+ */
+ struct maple_tree *revmap_mt = &mmu->nested_revmap_mt;
+ void *entry;
+ u64 entry_val, nested_ipa_end = nested_ipa + size;
+ u64 this_nested_ipa, this_nested_ipa_end;
+ size_t revmap_size;
+
+ MA_STATE(mas_rev, revmap_mt, 0, ULONG_MAX);
+
+ mtree_lock(revmap_mt);
+ mas_for_each(&mas_rev, entry, ULONG_MAX) {
+ entry_val = xa_to_value(entry);
+ if (entry_val & UNKNOWN_IPA)
+ continue;
+
+ revmap_size = mas_rev.last - mas_rev.index + 1;
+ this_nested_ipa = entry_val & ADDR_MASK;
+ this_nested_ipa_end = this_nested_ipa + revmap_size;
+
+ if (this_nested_ipa >= nested_ipa &&
+ this_nested_ipa_end <= nested_ipa_end) {
+ /*
+ * As the shadow stage-2 is about to be unmapped
+ * after this function, it doesn't matter whether the
+ * removal of the reverse map failed or not.
+ */
+ mas_store_gfp(&mas_rev, NULL, GFP_NOWAIT | __GFP_ACCOUNT);
+ }
+ }
+ mtree_unlock(revmap_mt);
+}
+
void kvm_record_nested_revmap(gpa_t ipa, struct kvm_s2_mmu *mmu,
gpa_t fault_ipa, size_t map_size)
{
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 6a96cb7ba9a3..a97304680cee 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -4006,6 +4006,7 @@ union tlbi_info {
static void s2_mmu_unmap_range(struct kvm_s2_mmu *mmu,
const union tlbi_info *info)
{
+ kvm_remove_nested_revmap(mmu, info->range.start, info->range.size);
/*
* The unmap operation is allowed to drop the MMU lock and block, which
* means that @mmu could be used for a different context than the one
@@ -4104,6 +4105,8 @@ static void s2_mmu_unmap_ipa(struct kvm_s2_mmu *mmu,
max_size = compute_tlb_inval_range(mmu, info->ipa.addr);
base_addr &= ~(max_size - 1);
+ kvm_remove_nested_revmap(mmu, base_addr, max_size);
+
/*
* See comment in s2_mmu_unmap_range() for why this is allowed to
* reschedule.
--
2.43.0
More information about the linux-arm-kernel
mailing list