[PATCH 00/17] KVM: arm64: Introduce pKVM hypervisor heap allocator

Vincent Donnefort vdonnefort at google.com
Wed May 20 08:26:33 PDT 2026 

pKVM historically lacked a dynamic memory allocator: all hypervisor-side
VM and VCPU structures had to be sized on the host, allocated as
contiguous pages and donated to the hypervisor.

This design tightly coupled the hypervisor's memory footprint to
host-side constraints, complicated memory reclaim, and severely
restricted VM scalability.

This patch series introduces a dynamically-mapped custom heap allocator
(hyp_allocator) to the pKVM hypervisor. The initial users are the
pkvm_hyp_vm and pkvm_hyp_vcpu structs, and the hypervisor tracing
metadata.

In the near future, this heap allocator is expected to be leveraged to
support SVE in protected VMs and in the distant future, it will also
support dynamic device assignment.

By moving to a hypervisor-managed dynamic allocator, we also allow
deduplicating the donation/reclaim path of EL2-private structures.

The main building blocks for this series are:

1. pkvm_hyp_req:
----------------
When the hypervisor heap allocator goes out of memory (-ENOMEM), it
suspends the hypercall, embeds a PKVM_HYP_REQ_HYP_ALLOC top-up request
into the SMCCC HVC return registers, and exits back to the host.

This building block will also be useful for the future huge-mapping
support in protected guests, allowing EL2 to raise requests such as
block splitting back to the host.

2. hyp_allocator:
----------------
This heap allocator manages a reserved VA space range, dynamically
mapping and unmapping physical pages on-demand to minimise the pKVM
hypervisor footprint. As memory is reclaimed and relinquished to the
host, unmapped holes are introduced within the VA space. To prevent
orphan mapped regions, neighboring unused chunks cannot be merged if
they are separated by an unmapped region.

The allocator chunk metadata is stored directly into the VA space range.
To minimize metadata overhead, chunks only link to each other via a
relative 32-bit offset.

A simple hardening of the metadata is added via a simple 32-bit hash.

3. shrinker:
------------
As the heap allocator isn't reclaimed actively on VM or tracing
teardown, a shrinker is added to allow the host to reclaim unused memory
from the hypervisor when the host is under heavy memory pressure.

Vincent Donnefort (17):
  KVM: arm64: Add __pkvm_private_range_pa
  KVM: arm64: Add pkvm_remove_mappings
  KVM: arm64: Add __hyp_allocator_map for the pKVM hyp
  KVM: arm64: Add a heap allocator for the pKVM hyp
  KVM: arm64: Allow kvm_hyp_memcache usage outside of stage-2
  KVM: arm64: Add topup interface for the pKVM heap allocator
  KVM: arm64: Add pkvm_hyp_req infrastructure
  KVM: arm64: Handle PKVM_HYP_REQ_HYP_ALLOC request
  KVM: arm64: Add reclaim interface for the pKVM heap alloc
  KVM: arm64: Add selftests for the pKVM heap allocator
  KVM: arm64: Add a shrinker for pKVM
  KVM: arm64: Filter out non-kernel addresses in kern_hyp_va
  KVM: arm64: Move hyp_vm refcount into the structure
  KVM: arm64: Use noclear for PGD in __pkvm_init_vm error path
  KVM: arm64: Alloc pkvm_hyp_vm using pKVM heap allocator
  KVM: arm64: Alloc pkvm_hyp_vcpu using pKVM heap allocator
  KVM: arm64: Alloc simple_buffer_page using pKVM hyp allocator

 arch/arm64/include/asm/kvm_asm.h        |    4 +
 arch/arm64/include/asm/kvm_host.h       |   14 +-
 arch/arm64/include/asm/kvm_mmu.h        |    3 +
 arch/arm64/include/asm/kvm_pkvm.h       |  104 ++
 arch/arm64/kvm/arm.c                    |   24 +
 arch/arm64/kvm/hyp/hyp-constants.c      |    2 -
 arch/arm64/kvm/hyp/include/nvhe/alloc.h |   24 +
 arch/arm64/kvm/hyp/include/nvhe/mm.h    |    3 +
 arch/arm64/kvm/hyp/include/nvhe/pkvm.h  |   19 +-
 arch/arm64/kvm/hyp/nvhe/Makefile        |    2 +-
 arch/arm64/kvm/hyp/nvhe/alloc.c         | 1233 +++++++++++++++++++++++
 arch/arm64/kvm/hyp/nvhe/hyp-main.c      |  123 ++-
 arch/arm64/kvm/hyp/nvhe/mm.c            |   33 +
 arch/arm64/kvm/hyp/nvhe/pkvm.c          |  111 +-
 arch/arm64/kvm/hyp/nvhe/setup.c         |    5 +
 arch/arm64/kvm/hyp/nvhe/trace.c         |   69 +-
 arch/arm64/kvm/hyp_trace.c              |   16 +-
 arch/arm64/kvm/mmu.c                    |    4 +-
 arch/arm64/kvm/pkvm.c                   |  130 ++-
 arch/arm64/kvm/trace_pkvm.h             |   37 +
 20 files changed, 1808 insertions(+), 152 deletions(-)
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/alloc.h
 create mode 100644 arch/arm64/kvm/hyp/nvhe/alloc.c
 create mode 100644 arch/arm64/kvm/trace_pkvm.h


base-commit: 5d6919055dec134de3c40167a490f33c74c12581
-- 
2.54.0.631.ge1b05301d1-goog

More information about the linux-arm-kernel mailing list