On 8/21/25 12:55 AM, Steven Price wrote:
Each page within the protected region of the realm guest can be marked
as either RAM or EMPTY. Allow the VMM to control this before the guest
has started and provide the equivalent functions to change this (with
the guest's approval) at runtime.
When transitioning from RIPAS RAM (1) to RIPAS EMPTY (0) the memory is
unmapped from the guest and undelegated allowing the memory to be reused
by the host. When transitioning to RIPAS RAM the actual population of
the leaf RTTs is done later on stage 2 fault, however it may be
necessary to allocate additional RTTs to allow the RMM track the RIPAS
for the requested range.
When freeing a block mapping it is necessary to temporarily unfold the
RTT which requires delegating an extra page to the RMM, this page can
then be recovered once the contents of the block mapping have been
freed.
Signed-off-by: Steven Price <steven.price@xxxxxxx>
---
Changes from v9:
* Minor coding style fixes.
Changes from v8:
* Propagate the 'may_block' flag to allow conditional calls to
cond_resched_rwlock_write().
* Introduce alloc_rtt() to wrap alloc_delegated_granule() and
kvm_account_pgtable_pages() and use when allocating RTTs.
* Code reorganisation to allow init_ipa_state and set_ipa_state to
share a common ripas_change() function,
* Other minor changes following review.
Changes from v7:
* Replace use of "only_shared" with the upstream "attr_filter" field
of struct kvm_gfn_range.
* Clean up the logic in alloc_delegated_granule() for when to call
kvm_account_pgtable_pages().
* Rename realm_destroy_protected_granule() to
realm_destroy_private_granule() to match the naming elsewhere. Also
fix the return codes in the function to be descriptive.
* Several other minor changes to names/return codes.
Changes from v6:
* Split the code dealing with the guest triggering a RIPAS change into
a separate patch, so this patch is purely for the VMM setting up the
RIPAS before the guest first runs.
* Drop the useless flags argument from alloc_delegated_granule().
* Account RTTs allocated for a guest using kvm_account_pgtable_pages().
* Deal with the RMM granule size potentially being smaller than the
host's PAGE_SIZE. Although note alloc_delegated_granule() currently
still allocates an entire host page for every RMM granule (so wasting
memory when PAGE_SIZE>4k).
Changes from v5:
* Adapt to rebasing.
* Introduce find_map_level()
* Rename some functions to be clearer.
* Drop the "spare page" functionality.
Changes from v2:
* {alloc,free}_delegated_page() moved from previous patch to this one.
* alloc_delegated_page() now takes a gfp_t flags parameter.
* Fix the reference counting of guestmem pages to avoid leaking memory.
* Several misc code improvements and extra comments.
---
arch/arm64/include/asm/kvm_rme.h | 6 +
arch/arm64/kvm/mmu.c | 8 +-
arch/arm64/kvm/rme.c | 446 +++++++++++++++++++++++++++++++
3 files changed, 457 insertions(+), 3 deletions(-)
Reviewed-by: Gavin Shan <gshan@xxxxxxxxxx>
