On Thu, Aug 28, 2025 at 10:59:41AM +0000, Sascha Bischoff wrote: > Hi all, > > This series enables nested virtualization for GICv3-based VMs on GICv5 > hosts (w/ FEAT_GCIE_LEGACY) in KVM/arm64. In addition, it adds a CPU > capability to track support for FEAT_GCIE_LEGACY across all CPUs. > > The series fixes ICC_SRE_EL2 access handling for GICv5 hosts (to match > the updated bet1+ specification [1]), and extends nested > virtualization support to vGICv3 guests running on compatible GICv5 > systems. With these changes, it becomes possible to run with > kvm-arm.mode=nested, and these changes have been tested with three > levels of nesting on simulated hardware (Arm FVP). > > Previously, the presence of FEAT_GCIE_LEGACY was tracked in the GICv5 > driver via gic_kvm_info, and the probing logic could incorrectly > enable legacy support if the boot CPU exposed the feature while others > did not. This created the risk of mismatched configurations, > particularly when late-onlining CPUs without FEAT_GCIE_LEGACY. > > To address this, the series introduces a proper ARM64_HAS_GICV5_LEGACY > CPU capability, and moves KVM to use cpus_have_final_cap() to ensure > consistent system-wide enablement. With this, late-onlined but > mismatched CPUs are cleanly rejected at bring-up. > > Patch summary > > KVM: arm64: allow ICC_SRE_EL2 accesses on a GICv5 host > Update handling to reflect the corrected GICv5 specification. > > KVM: arm64: Enable nested for GICv5 host with FEAT_GCIE_LEGACY > Allow nested virtualization for vGICv3 guests on GICv5 hosts with > legacy support. > > arm64: cpucaps: Add GICv5 Legacy vCPU interface (GCIE_LEGACY) capability > Introduce a new CPU capability that prevents mismatched > configurations. > > KVM: arm64: Use ARM64_HAS_GICV5_LEGACY for GICv5 probing > Ensure probing is consistent across all CPUs by using cpucaps. > > irqchip/gic-v5: Drop has_gcie_v3_compat from gic_kvm_info > Remove obsolete compatibility flag, as FEAT_GCIE_LEGACY is now a > CPU feature. > > Comments and reviews are very welcome. > > Thanks, > Sascha > > [1] https://developer.arm.com/documentation/aes0070/latest/ > > Sascha Bischoff (5): > KVM: arm64: Allow ICC_SRE_EL2 accesses on a GICv5 host > KVM: arm64: Enable nested for GICv5 host with FEAT_GCIE_LEGACY > arm64: cpucaps: Add GICv5 Legacy vCPU interface (GCIE_LEGACY) > capability > KVM: arm64: Use ARM64_HAS_GICV5_LEGACY for GICv5 probing > irqchip/gic-v5: Drop has_gcie_v3_compat from gic_kvm_info For the series: Reviewed-by: Oliver Upton <oliver.upton@xxxxxxxxx> Thanks, Oliver
