Re: [PATCH v13 37/48] arm64: RMI: Prevent Device mappings for Realms

[Wei-Lin Chang]

On Fri, Mar 20, 2026 at 04:45:07PM +0000, Steven Price wrote:
> On 19/03/2026 18:46, Wei-Lin Chang wrote:
> > On Wed, Mar 18, 2026 at 03:54:01PM +0000, Steven Price wrote:
> >> Physical device assignment is not supported by RMM v1.0, so it
> >> doesn't make much sense to allow device mappings within the realm.
> >> Prevent them when the guest is a realm.
> >>
> >> Signed-off-by: Steven Price <steven.price@xxxxxxx>
> >> ---
> >> Changes from v6:
> >>  * Fix the check in user_mem_abort() to prevent all pages that are not
> >>    guest_memfd() from being mapped into the protected half of the IPA.
> >> Changes from v5:
> >>  * Also prevent accesses in user_mem_abort()
> >> ---
> >>  arch/arm64/kvm/mmu.c | 13 +++++++++++++
> >>  1 file changed, 13 insertions(+)
> >>
> >> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> >> index ad1300f366df..7d7caab8f573 100644
> >> --- a/arch/arm64/kvm/mmu.c
> >> +++ b/arch/arm64/kvm/mmu.c
> >> @@ -1222,6 +1222,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
> >>  	if (is_protected_kvm_enabled())
> >>  		return -EPERM;
> >>  
> >> +	/* We don't support mapping special pages into a Realm */
> >> +	if (kvm_is_realm(kvm))
> >> +		return -EPERM;
> >> +
> >>  	size += offset_in_page(guest_ipa);
> >>  	guest_ipa &= PAGE_MASK;
> >>  
> >> @@ -1965,6 +1969,15 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
> >>  		return 1;
> >>  	}
> >>  
> >> +	/*
> >> +	 * For now we shouldn't be hitting protected addresses because they are
> >> +	 * handled in private_memslot_fault(). In the future this check may be
> > 
> > Hi,
> > 
> > What is private_memslot_fault()? I don't see it anywhere in the series &
> > upstream.
> 
> Oh dear, that comment is out of date ;) It's now become gmem_abort()...

Ah no wonder!

Thanks,
Wei-Lin Chang

> 
> >> +	 * relaxed to support e.g. protected devices.
> >> +	 */
> >> +	if (vcpu_is_rec(vcpu) &&
> >> +	    kvm_gpa_from_fault(kvm, fault_ipa) == fault_ipa)
> >> +		return -EINVAL;
> >> +
> > 
> > Additionally, there is a hunk almost identical to this one here in added
> > in patch 27.
> 
> Which is what this chunk says. It appears I screwed up a rebase at some
> point! This whole patch can really be dropped and the
> kvm_phys_addr_ioremap() change moved into another patch.
> 
> Thanks,
> Steve
> 
> > Thanks,
> > Wei-Lin Chang
> > 
> >>  	if (nested)
> >>  		adjust_nested_fault_perms(nested, &prot, &writable);
> >>  
> >> -- 
> >> 2.43.0
> >>
>