[GIT PULL] KVM/arm64 updates for 7.0
Marc Zyngier
maz at kernel.org
Fri Feb 6 07:33:45 PST 2026
[With the various lists on Cc this time around, apologies for the
noise]
Paolo,
Here's the initial set of updates for 7.0.
This time, the changes are more or less separated in two cagegories:
- a bunch of pKVM fixes, mostly ensuring that features that are not
exposed to guest or host are indeed out of reach
- a lot of rework of the register sanitisation infrastructure,
including new registers being sanitised
The rest is a set of random, low key changes -- details in the tag
below.
Note that this pull request also brings two additional branches to
avoid ugly conflicts:
- the kvmarm-fixes-6.19-1 tag, which made it into Linus' tree after
the base for the kvmarm/next branch was created,
- a shared branch with the arm64 tree (arm64/for-next/cpufeature),
which also touches KVM
Please pull,
M.
The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:
Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git tags/kvmarm-7.0
for you to fetch changes up to 6316366129d2885fae07c2774f4b7ae0a45fb55d:
Merge branch kvm-arm64/misc-6.20 into kvmarm-master/next (2026-02-05 09:17:58 +0000)
----------------------------------------------------------------
KVM/arm64 updates for 7.0
- Add support for FEAT_IDST, allowing ID registers that are not
implemented to be reported as a normal trap rather than as an UNDEF
exception.
- Add sanitisation of the VTCR_EL2 register, fixing a number of
UXN/PXN/XN bugs in the process.
- Full handling of RESx bits, instead of only RES0, and resulting in
SCTLR_EL2 being added to the list of sanitised registers.
- More pKVM fixes for features that are not supposed to be exposed to
guests.
- Make sure that MTE being disabled on the pKVM host doesn't give it
the ability to attack the hypervisor.
- Allow pKVM's host stage-2 mappings to use the Force Write Back
version of the memory attributes by using the "pass-through'
encoding.
- Fix trapping of ICC_DIR_EL1 on GICv5 hosts emulating GICv3 for the
guest.
- Preliminary work for guest GICv5 support.
- A bunch of debugfs fixes, removing pointless custom iterators stored
in guest data structures.
- A small set of FPSIMD cleanups.
- Selftest fixes addressing the incorrect alignment of page
allocation.
- Other assorted low-impact fixes and spelling fixes.
----------------------------------------------------------------
Alexandru Elisei (4):
KVM: arm64: Copy FGT traps to unprotected pKVM VCPU on VCPU load
KVM: arm64: Inject UNDEF for a register trap without accessor
KVM: arm64: Remove extra argument for __pvkm_host_{share,unshare}_hyp()
KVM: arm64: Remove unused parameter in synchronize_vcpu_pstate()
Ben Dooks (1):
KVM: arm64: Fix missing <asm/stackpage/nvhe.h> include
Dongxu Sun (1):
KVM: arm64: Remove unused vcpu_{clear,set}_wfx_traps()
Fuad Tabba (22):
KVM: arm64: selftests: Disable unused TTBR1_EL1 translations
KVM: arm64: selftests: Fix incorrect rounding in page_align()
KVM: riscv: selftests: Fix incorrect rounding in page_align()
KVM: selftests: Move page_align() to shared header
KVM: selftests: Fix typos and stale comments in kvm_util
KVM: arm64: Fix Trace Buffer trapping for protected VMs
KVM: arm64: Fix Trace Buffer trap polarity for protected VMs
KVM: arm64: Fix MTE flag initialization for protected VMs
KVM: arm64: Introduce helper to calculate fault IPA offset
KVM: arm64: Include VM type when checking VM capabilities in pKVM
KVM: arm64: Do not allow KVM_CAP_ARM_MTE for any guest in pKVM
KVM: arm64: Track KVM IOCTLs and their associated KVM caps
KVM: arm64: Check whether a VM IOCTL is allowed in pKVM
KVM: arm64: Prevent host from managing timer offsets for protected VMs
KVM: arm64: Remove dead code resetting HCR_EL2 for pKVM
KVM: arm64: Trap MTE access and discovery when MTE is disabled
KVM: arm64: Inject UNDEF when accessing MTE sysregs with MTE disabled
KVM: arm64: Use kvm_has_mte() in pKVM trap initialization
KVM: arm64: Use standard seq_file iterator for idregs debugfs
KVM: arm64: Reimplement vgic-debug XArray iteration
KVM: arm64: Use standard seq_file iterator for vgic-debug debugfs
KVM: arm64: nv: Avoid NV stage-2 code when NV is not supported
Jinqian Yang (1):
arm64: Add support for TSV110 Spectre-BHB mitigation
Kornel Dulęba (1):
KVM: arm64: Fix error checking for FFA_VERSION
Marc Zyngier (59):
KVM: arm64: Fix EL2 S1 XN handling for hVHE setups
KVM: arm64: Don't blindly set set PSTATE.PAN on guest exit
Merge branch kvmarm-fixes-6.19-1 into kvm-arm64/vtcr
arm64: Convert ID_AA64MMFR0_EL1.TGRAN{4,16,64}_2 to UnsignedEnum
arm64: Convert VTCR_EL2 to sysreg infratructure
KVM: arm64: Account for RES1 bits in DECLARE_FEAT_MAP() and co
KVM: arm64: Convert VTCR_EL2 to config-driven sanitisation
KVM: arm64: Honor UX/PX attributes for EL2 S1 mappings
arm64: Repaint ID_AA64MMFR2_EL1.IDS description
KVM: arm64: Add trap routing for GMID_EL1
KVM: arm64: Add a generic synchronous exception injection primitive
KVM: arm64: Handle FEAT_IDST for sysregs without specific handlers
KVM: arm64: Handle CSSIDR2_EL1 and SMIDR_EL1 in a generic way
KVM: arm64: Force trap of GMID_EL1 when the guest doesn't have MTE
KVM: arm64: pkvm: Add a generic synchronous exception injection primitive
KVM: arm64: pkvm: Report optional ID register traps with a 0x18 syndrome
KVM: arm64: selftests: Add a test for FEAT_IDST
KVM: arm64: Always populate FGT masks at boot time
arm64: Unconditionally enable LSE support
arm64: Unconditionally enable PAN support
KVM: arm64: Add exit to userspace on {LD,ST}64B* outside of memslots
KVM: arm64: Add documentation for KVM_EXIT_ARM_LDST64B
Merge branch arm64/for-next/cpufeature into kvmarm-master/next
Merge branch kvm-arm64/vtcr into kvmarm-master/next
Merge branch kvm-arm64/selftests-6.20 into kvmarm-master/next
Merge branch kvm-arm64/feat_idst into kvmarm-master/next
Merge branch kvm-arm64/pkvm-features-6.20 into kvmarm-master/next
arm64: Add MT_S2{,_FWB}_AS_S1 encodings
KVM: arm64: Add KVM_PGTABLE_S2_AS_S1 flag
KVM: arm64: Switch pKVM host S2 over to KVM_PGTABLE_S2_AS_S1
KVM: arm64: Kill KVM_PGTABLE_S2_NOFWB
KVM: arm64: Simplify PAGE_S2_MEMATTR
arm64: Convert SCTLR_EL2 to sysreg infrastructure
KVM: arm64: Remove duplicate configuration for SCTLR_EL1.{EE,E0E}
KVM: arm64: Introduce standalone FGU computing primitive
KVM: arm64: Introduce data structure tracking both RES0 and RES1 bits
KVM: arm64: Extend unified RESx handling to runtime sanitisation
KVM: arm64: Inherit RESx bits from FGT register descriptors
KVM: arm64: Allow RES1 bits to be inferred from configuration
KVM: arm64: Correctly handle SCTLR_EL1 RES1 bits for unsupported features
KVM: arm64: Convert HCR_EL2.RW to AS_RES1
KVM: arm64: Simplify FIXED_VALUE handling
KVM: arm64: Add REQUIRES_E2H1 constraint as configuration flags
KVM: arm64: Add RES1_WHEN_E2Hx constraints as configuration flags
KVM: arm64: Move RESx into individual register descriptors
KVM: arm64: Simplify handling of HCR_EL2.E2H RESx
KVM: arm64: Get rid of FIXED_VALUE altogether
KVM: arm64: Simplify handling of full register invalid constraint
KVM: arm64: Remove all traces of FEAT_TME
KVM: arm64: Remove all traces of HCR_EL2.MIOCNCE
KVM: arm64: Add sanitisation to SCTLR_EL2
KVM: arm64: Add debugfs file dumping computed RESx values
Merge branch kvm-arm64/pkvm-no-mte into kvmarm-master/next
Merge branch kvm-arm64/fwb-for-all into kvmarm-master/next
Merge branch kvm-arm64/gicv3-tdir-fixes into kvmarm-master/next
Merge branch kvm-arm64/gicv5-prologue into kvmarm-master/next
Merge branch kvm-arm64/debugfs-fixes into kvmarm-master/next
Merge branch kvm-arm64/resx into kvmarm-master/next
Merge branch kvm-arm64/misc-6.20 into kvmarm-master/next
Mark Rutland (3):
KVM: arm64: Fix comment in fpsimd_lazy_switch_to_host()
KVM: arm64: Shuffle KVM_HOST_DATA_FLAG_* indices
KVM: arm64: Remove ISB after writing FPEXC32_EL2
Oliver Upton (1):
KVM: arm64: nv: Respect stage-2 write permssion when setting stage-1 AF
Petteri Kangaslampi (1):
KVM: arm64: Calculate hyp VA size only once
Sascha Bischoff (7):
KVM: arm64: gic: Check for vGICv3 when clearing TWI
KVM: arm64: gic: Enable GICv3 CPUIF trapping on GICv5 hosts if required
KVM: arm64: Correct test for ICH_HCR_EL2_TDIR cap for GICv5 hosts
KVM: arm64: gic-v3: Switch vGIC-v3 to use generated ICH_VMCR_EL2
arm64/sysreg: Drop ICH_HFGRTR_EL2.ICC_HAPR_EL1 and make RES1
KVM: arm64: gic: Set vgic_model before initing private IRQs
irqchip/gic-v5: Check if impl is virt capable
Will Deacon (1):
KVM: arm64: Invert KVM_PGTABLE_WALK_HANDLE_FAULT to fix pKVM walkers
Yicong Yang (4):
KVM: arm64: Handle DABT caused by LS64* instructions on unsupported memory
arm64: Provide basic EL2 setup for FEAT_{LS64, LS64_V} usage at EL0/1
KVM: arm64: Enable FEAT_{LS64, LS64_V} in the supported guest
arm64: Add support for FEAT_{LS64, LS64_V}
Zenghui Yu (Huawei) (3):
KVM: arm64: nv: Return correct RES0 bits for FGT registers
KVM: arm64: nv: Add trap config for DBGWCR<15>_EL1
KVM: arm64: Fix various comments
Documentation/arch/arm64/booting.rst | 12 +
Documentation/arch/arm64/elf_hwcaps.rst | 7 +
Documentation/virt/kvm/api.rst | 43 +-
arch/arm64/Kconfig | 33 --
arch/arm64/include/asm/cpucaps.h | 2 -
arch/arm64/include/asm/el2_setup.h | 13 +-
arch/arm64/include/asm/esr.h | 8 +
arch/arm64/include/asm/hwcap.h | 1 +
arch/arm64/include/asm/insn.h | 23 -
arch/arm64/include/asm/kvm_arm.h | 56 +--
arch/arm64/include/asm/kvm_emulate.h | 24 +-
arch/arm64/include/asm/kvm_host.h | 56 ++-
arch/arm64/include/asm/kvm_mmu.h | 3 +-
arch/arm64/include/asm/kvm_pgtable.h | 15 +-
arch/arm64/include/asm/kvm_pkvm.h | 32 +-
arch/arm64/include/asm/lse.h | 9 -
arch/arm64/include/asm/memory.h | 11 +-
arch/arm64/include/asm/pgtable-prot.h | 4 +-
arch/arm64/include/asm/sysreg.h | 32 +-
arch/arm64/include/asm/uaccess.h | 6 +-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/kernel/cpufeature.c | 42 +-
arch/arm64/kernel/cpuinfo.c | 1 +
arch/arm64/kernel/head.S | 2 +-
arch/arm64/kernel/proton-pack.c | 1 +
arch/arm64/kvm/arch_timer.c | 18 +-
arch/arm64/kvm/arm.c | 64 ++-
arch/arm64/kvm/at.c | 15 +-
arch/arm64/kvm/config.c | 505 +++++++++++++--------
arch/arm64/kvm/emulate-nested.c | 105 +++--
arch/arm64/kvm/hyp/entry.S | 2 +-
arch/arm64/kvm/hyp/include/hyp/switch.h | 8 +-
arch/arm64/kvm/hyp/nvhe/ffa.c | 4 +-
arch/arm64/kvm/hyp/nvhe/hyp-init.S | 5 -
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 70 +++
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 4 +-
arch/arm64/kvm/hyp/nvhe/pkvm.c | 21 +-
arch/arm64/kvm/hyp/nvhe/switch.c | 2 +-
arch/arm64/kvm/hyp/nvhe/sys_regs.c | 39 +-
arch/arm64/kvm/hyp/pgtable.c | 63 ++-
arch/arm64/kvm/hyp/vgic-v2-cpuif-proxy.c | 2 +-
arch/arm64/kvm/hyp/vgic-v3-sr.c | 69 +--
arch/arm64/kvm/hyp/vhe/switch.c | 2 +-
arch/arm64/kvm/hyp/vhe/sysreg-sr.c | 2 +-
arch/arm64/kvm/inject_fault.c | 46 +-
arch/arm64/kvm/mmio.c | 27 +-
arch/arm64/kvm/mmu.c | 58 +--
arch/arm64/kvm/nested.c | 172 +++----
arch/arm64/kvm/sys_regs.c | 127 ++++--
arch/arm64/kvm/sys_regs.h | 10 +
arch/arm64/kvm/va_layout.c | 33 +-
arch/arm64/kvm/vgic/vgic-debug.c | 108 ++---
arch/arm64/kvm/vgic/vgic-init.c | 8 +-
arch/arm64/kvm/vgic/vgic-v3-nested.c | 10 +-
arch/arm64/kvm/vgic/vgic-v3.c | 73 +--
arch/arm64/kvm/vgic/vgic-v5.c | 2 +
arch/arm64/kvm/vgic/vgic.h | 1 +
arch/arm64/lib/insn.c | 2 -
arch/arm64/net/bpf_jit_comp.c | 7 -
arch/arm64/tools/cpucaps | 2 +
arch/arm64/tools/sysreg | 154 ++++++-
drivers/irqchip/irq-gic-v5-irs.c | 2 +
drivers/irqchip/irq-gic-v5.c | 10 +
include/kvm/arm_vgic.h | 4 -
include/linux/irqchip/arm-gic-v5.h | 4 +
include/uapi/linux/kvm.h | 3 +-
tools/arch/arm64/include/asm/sysreg.h | 6 -
tools/perf/Documentation/perf-arm-spe.txt | 1 -
tools/testing/selftests/kvm/Makefile.kvm | 1 +
tools/testing/selftests/kvm/arm64/idreg-idst.c | 117 +++++
tools/testing/selftests/kvm/arm64/set_id_regs.c | 1 -
.../selftests/kvm/include/arm64/processor.h | 4 +
tools/testing/selftests/kvm/include/kvm_util.h | 9 +-
tools/testing/selftests/kvm/lib/arm64/processor.c | 9 +-
tools/testing/selftests/kvm/lib/kvm_util.c | 2 +-
tools/testing/selftests/kvm/lib/riscv/processor.c | 7 +-
76 files changed, 1538 insertions(+), 919 deletions(-)
create mode 100644 tools/testing/selftests/kvm/arm64/idreg-idst.c
More information about the linux-arm-kernel
mailing list