Re: [PATCH v4 43/43] KVM: arm64: Allow activating realms

From: Steven Price
Date: Mon Sep 02 2024 - 06:17:34 EST


On 02/09/2024 06:13, Aneesh Kumar K.V wrote:
> Steven Price <steven.price@xxxxxxx> writes:
>
>> Add the ioctl to activate a realm and set the static branch to enable
>> access to the realm functionality if the RMM is detected.
>>
>> Signed-off-by: Steven Price <steven.price@xxxxxxx>
>> ---
>> arch/arm64/kvm/rme.c | 19 ++++++++++++++++++-
>> 1 file changed, 18 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/kvm/rme.c b/arch/arm64/kvm/rme.c
>> index 9f415411d3b5..1eeef9e15d1c 100644
>> --- a/arch/arm64/kvm/rme.c
>> +++ b/arch/arm64/kvm/rme.c
>> @@ -1194,6 +1194,20 @@ static int kvm_init_ipa_range_realm(struct kvm *kvm,
>> return realm_init_ipa_state(realm, addr, end);
>> }
>>
>> +static int kvm_activate_realm(struct kvm *kvm)
>> +{
>> + struct realm *realm = &kvm->arch.realm;
>> +
>> + if (kvm_realm_state(kvm) != REALM_STATE_NEW)
>> + return -EINVAL;
>> +
>> + if (rmi_realm_activate(virt_to_phys(realm->rd)))
>> + return -ENXIO;
>> +
>> + WRITE_ONCE(realm->state, REALM_STATE_ACTIVE);
>> + return 0;
>> +}
>> +
>> /* Protects access to rme_vmid_bitmap */
>> static DEFINE_SPINLOCK(rme_vmid_lock);
>> static unsigned long *rme_vmid_bitmap;
>> @@ -1343,6 +1357,9 @@ int kvm_realm_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap)
>> r = kvm_populate_realm(kvm, &args);
>> break;
>> }
>> + case KVM_CAP_ARM_RME_ACTIVATE_REALM:
>> + r = kvm_activate_realm(kvm);
>> + break;
>> default:
>> r = -EINVAL;
>> break;
>> @@ -1599,5 +1616,5 @@ void kvm_init_rme(void)
>> if (rme_vmid_init())
>> return;
>>
>> - /* Future patch will enable static branch kvm_rme_is_available */
>> + static_branch_enable(&kvm_rme_is_available);
>>
>
> like rsi_present, we might want to use this outside kvm, ex: for TIO.

I'm struggling to think why rme_is_available would be needed outside KVM
- what is "TIO"?

> Can we move this outside module init so that we can have a helper
> like is_rme_supported()

It's obviously possible, but I'm not sure where in the code it would go
- if there is an actual use case outside of KVM then presumably it would
need to move completely outside of the KVM code.

Can you elaborate on why you think it might be useful?

Steve