[PATCH v4 0/9] KVM: arm64: Reserve pKVM VM handle during initial VM setup

Fuad Tabba tabba at google.com
Tue Sep 9 00:24:27 PDT 2025 

Changes since v3 [1]:
- NOTE: only the last patch (9/9) has changed.
- Fix bug reported by Mark [2]. The existing call to pkvm_init_host_vm()
  wasn't gated by protected mode being enabled, unlike the call to
  pkvm_destroy_hyp_vm(). This imbalance caused failures in non-protected
  mode, especially when creating and destroying multiple VMs. Tested
  with kvm demand_paging_test using nvhe, vhe, and protected.
- Rebase on Linux 6.17-rc5

All VMs in pKVM identified by their handle, a unique per-VM ID. This
handle is shared between the host kernel and the hypvervisor, and used
to track the VM across both.

In pKVM, this handle is allocated when the VM is initialized at the
hypervisor, which is on the first vCPU run. However, the host starts
initializing the VM and setting up its data structures earlier. MMU
notifiers for the VMs are also registered before VM initialization at
the hypervisor, and rely on the handle to identify the VM [3].
Therefore, there is a potential gap between when the VM is (partially)
setup at the host, but still without a valid pKVM handle to identify it
when communicating with the hypervisor.

Additionally, in the future, the host needs to communicate with
TrustZone about the before the VM first run. Therefore, move handle
creation to when the VM is first initialized at the host.

This patch series also takes the oportunity to do some refactoring
(mostly renaming and fixing documentation) of the code. We are in the
process of upstreaming pKVM. Refactoring this code now would generate
less churn than postponing it, as the upstreamed codebase grows.
Moreover, the exsiting names and documentation are at best misleading
(and in cases actually wrong), which could lead to more confusion and
problems reviewing code in the future.

This patch series is divided into two parts:

- Patches 1-5: Renaming, refactoring, and tidying up to lay the
  groundwork for moving handle initialization and to fix existing
  issues.
- Patches 6-9: Decouple handle creation from VM initialization at the
  hypervisor and move the handle creation to VM initialization at the
  host.

Cheers,
/fuad

[1] https://lore.kernel.org/all/20250827101949.4089456-1-tabba@google.com/
[2] https://lore.kernel.org/all/1a248f14-60f2-4f8f-8b4d-3c63e602fd54@sirena.org.uk/
[3] https://lore.kernel.org/all/20250303214947.GA30619@willie-the-truck/

Fuad Tabba (9):
  KVM: arm64: Add build-time check for duplicate DECLARE_REG use
  KVM: arm64: Rename pkvm.enabled to pkvm.is_protected
  KVM: arm64: Rename 'host_kvm' to 'kvm' in pKVM host code
  KVM: arm64: Clarify comments to distinguish pKVM mode from protected
    VMs
  KVM: arm64: Decouple hyp VM creation state from its handle
  KVM: arm64: Separate allocation and insertion of pKVM VM table entries
  KVM: arm64: Consolidate pKVM hypervisor VM initialization logic
  KVM: arm64: Introduce separate hypercalls for pKVM VM reservation and
    initialization
  KVM: arm64: Reserve pKVM handle during pkvm_init_host_vm()

 arch/arm64/include/asm/kvm_asm.h              |   2 +
 arch/arm64/include/asm/kvm_host.h             |   5 +-
 arch/arm64/include/asm/kvm_pkvm.h             |   1 +
 arch/arm64/kvm/arm.c                          |  14 +-
 arch/arm64/kvm/hyp/include/nvhe/pkvm.h        |   4 +-
 .../arm64/kvm/hyp/include/nvhe/trap_handler.h |   3 +-
 arch/arm64/kvm/hyp/nvhe/hyp-main.c            |  14 ++
 arch/arm64/kvm/hyp/nvhe/pkvm.c                | 177 +++++++++++++-----
 arch/arm64/kvm/pkvm.c                         |  76 +++++---
 9 files changed, 221 insertions(+), 75 deletions(-)


base-commit: 76eeb9b8de9880ca38696b2fb56ac45ac0a25c6c
-- 
2.51.0.384.g4c02a37b29-goog

More information about the linux-arm-kernel mailing list