[PATCH v14 27/44] arm64: RMI: Set RIPAS of initial memslots

Suzuki K Poulose suzuki.poulose at arm.com
Tue May 19 03:13:55 PDT 2026 

On 19/05/2026 11:02, Aneesh Kumar K.V wrote:
> Steven Price <steven.price at arm.com> writes:
> 
>> The memory which the realm guest accesses must be set to RIPAS_RAM.
>> Iterate over the memslots and set all gmem memslots to RIPAS_RAM.
>>
>> Signed-off-by: Steven Price <steven.price at arm.com>
>> ---
>   
>   ...
>   
>> +static int set_ripas_of_protected_regions(struct kvm *kvm)
>> +{
>> +	struct kvm_memslots *slots;
>> +	struct kvm_memory_slot *memslot;
>> +	int idx, bkt;
>> +	int ret = 0;
>> +
>> +	idx = srcu_read_lock(&kvm->srcu);
>> +
>> +	slots = kvm_memslots(kvm);
>> +	kvm_for_each_memslot(memslot, bkt, slots) {
>> +		if (!kvm_slot_has_gmem(memslot))
>> +			continue;
>> +
>> +		ret = realm_init_ipa_state(kvm, memslot->base_gfn,
>> +					   memslot->npages);
>> +		if (ret)
>> +			break;
>> +	}
>> +	srcu_read_unlock(&kvm->srcu, idx);
>> +
>> +	return ret;
>> +}
>> +
>>   int kvm_arm_rmi_populate(struct kvm *kvm,
>>   			 struct kvm_arm_rmi_populate *args)
>>   {
>> @@ -890,6 +922,10 @@ int kvm_activate_realm(struct kvm *kvm)
>>   			return ret;
>>   	}
>>   
>> +	ret = set_ripas_of_protected_regions(kvm);
>> +	if (ret)
>> +		return ret;
>> +
>>   	ret = rmi_realm_activate(virt_to_phys(realm->rd));
>>   	if (ret)
>>   		return -ENXIO;
> 
> relam guest already does.
> 	for_each_mem_range(i, &start, &end) {
> 		if (rsi_set_memory_range_protected_safe(start, end)) {
> 			panic("Failed to set memory range to protected: %pa-%pa",
> 			      &start, &end);
> 		}
> 	}
> 
> if so why is host required to do this ?

Ideally this should be a call from the VMM (i.e., user). Irrespective of
what the guest does (which the host has no knowledge about), the VMM/
user is better aware of what to do for a given guest. We have done this
implicitly in the KVM as a start, to keep the initial implementation
simple. This could be moved out to the VMM as UABI, if there is
sufficient demand for it.

TL,DR: This should be a host/deployer decision, not the Guest. There
may other guest OS, which do not do RIPAS_RAM early enough.

Suzuki

More information about the linux-arm-kernel mailing list