[PATCH 36/43] KVM: arm64: gic-v5: Implement save/restore mechanisms for ISTs

Sascha Bischoff Sascha.Bischoff at arm.com
Thu May 21 07:12:10 PDT 2026 

On Fri, 2026-05-01 at 19:54 +0100, Vladimir Murzin wrote:
> Hi Sascha,

Hi Vladimir,

> 
> On 4/27/26 17:18, Sascha Bischoff wrote:
> > + tmp = le64_to_cpu(READ_ONCE(vmte->val[3]));
> > + host_id_bits = FIELD_GET(GICV5_VMTEL2E_IST_ID_BITS, tmp);
> > + host_istsz = FIELD_GET(GICV5_VMTEL2E_IST_ISTSZ, tmp);
> > + host_l2sz = FIELD_GET(GICV5_VMTEL2E_IST_L2SZ, tmp);
> > +
> > + /* We always use a Linear SPI IST on the host */
> > + for (int i = 0; i < BIT(host_id_bits); ++i) {
> 
> IIUC here we iterate over host's SPIs and save them into buffer
> provided
> by the user. One thing I noticed is that if user set number of SPIs
> via
> KVM_DEV_ARM_VGIC_GRP_NR_IRQS bellow 16, say 1 (btw, it seems there is
> no
> way to set SPIs to 0...), it would be rounded up to 16 in 
> kvm_vgic_v5_irs_init(). So from user perspective it needs to save
> just
> single SPI, thus it could provide buffer just for that single entry.
> With such
> setup we can end up corrupting user's memory. We can argue that it is
> user's
> problem... perhaps we need to spell explicitly requirements for the
> buffer or
> provide interface to the user to query required size or respect
> nr_spis set
> by user or some combinations of all :)

I've gone and have tightened the requirements for SPIs (and actually
match what GICv3 does here).

For GICv3, the default number of SPIs is 32, and the smallest number of
IRQs that can be specified via KVM_DEV_ARM_VGIC_GRP_NR_IRQS is 64 (16
SGIs, 16 PPIs, and 32 SPIs) - there's no way to specify 0 SPIs. The
number of SPIs must be a multiple of 32.

I've gone and mimicked this for GICv5. I've removed the ability to set
0 SPIs, making 32 the new minimum. The interface now also mandates that
we need a multiple of 32 SPIs.

Overall this means that the interface works just like the GICv3 one
(except that it doesn't also convey the private IRQs), and that we will
never be at risk of SPI IST alignment issues (which effectively mandate
at least 16 SPIs when no metadata is required). This does, of course,
mean that the SPI IST must ALWAYS be saved/restored, but if anything
that's clearer. Size-wise, it is always 32 if nothing was specified, or
it exactly matches what userspace (successfully) conveyed to KVM.

> 
> Cheers
> Vladimir

Thank you for pointing that out. It was definitely not sane before.

Sascha

More information about the linux-arm-kernel mailing list