Re: [PATCH v13 37/48] arm64: RMI: Prevent Device mappings for Realms
From: Joey Gouly
Date: Thu Mar 19 2026 - 06:27:46 EST
On Wed, Mar 18, 2026 at 03:54:01PM +0000, Steven Price wrote:
> Physical device assignment is not supported by RMM v1.0, so it
But we're targetting 2.0 now!
I guess just change it to something about device support being a later feature.
Thanks,
Joey
> doesn't make much sense to allow device mappings within the realm.
> Prevent them when the guest is a realm.
>
> Signed-off-by: Steven Price <steven.price@xxxxxxx>
> ---
> Changes from v6:
> * Fix the check in user_mem_abort() to prevent all pages that are not
> guest_memfd() from being mapped into the protected half of the IPA.
> Changes from v5:
> * Also prevent accesses in user_mem_abort()
> ---
> arch/arm64/kvm/mmu.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> index ad1300f366df..7d7caab8f573 100644
> --- a/arch/arm64/kvm/mmu.c
> +++ b/arch/arm64/kvm/mmu.c
> @@ -1222,6 +1222,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
> if (is_protected_kvm_enabled())
> return -EPERM;
>
> + /* We don't support mapping special pages into a Realm */
> + if (kvm_is_realm(kvm))
> + return -EPERM;
> +
> size += offset_in_page(guest_ipa);
> guest_ipa &= PAGE_MASK;
>
> @@ -1965,6 +1969,15 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
> return 1;
> }
>
> + /*
> + * For now we shouldn't be hitting protected addresses because they are
> + * handled in private_memslot_fault(). In the future this check may be
> + * relaxed to support e.g. protected devices.
> + */
> + if (vcpu_is_rec(vcpu) &&
> + kvm_gpa_from_fault(kvm, fault_ipa) == fault_ipa)
> + return -EINVAL;
> +
> if (nested)
> adjust_nested_fault_perms(nested, &prot, &writable);
>
> --
> 2.43.0
>
>