mbox series

[v2,0/7] Support for running as a pKVM protected guest

Message ID 20240830130150.8568-1-will@kernel.org (mailing list archive)
Headers show
Series Support for running as a pKVM protected guest | expand

Message

Will Deacon Aug. 30, 2024, 1:01 p.m. UTC 
Hi all,

This is version two of the series previously posted here:

  https://lore.kernel.org/r/20240730151113.1497-1-will@kernel.org

Changes since v1:
  * New patch allocating additional hypercalls for future pKVM usage

It looks like the CCA series is now using some of the pieces here [1],
so it would be great to merge this with an Ack from the kvmarm
maintainers.

Cheers,

Will

[1] https://lore.kernel.org/r/20240819131924.372366-1-steven.price@arm.com

Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: Suzuki Poulose <suzuki.poulose@arm.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: Marc Zyngier <maz@kernel.org>
Cc: linux-coco@lists.linux.dev

--->8

Marc Zyngier (1):
  firmware/smccc: Call arch-specific hook on discovering KVM services

Will Deacon (6):
  drivers/virt: pkvm: Add initial support for running as a protected
    guest
  arm64: mm: Add top-level dispatcher for internal mem_encrypt API
  drivers/virt: pkvm: Hook up mem_encrypt API using pKVM hypercalls
  arm64: mm: Add confidential computing hook to ioremap_prot()
  drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall
  arm64: smccc: Reserve block of KVM "vendor" services for pKVM
    hypercalls

 Documentation/virt/kvm/arm/hypercalls.rst     |  98 ++++++++++++++
 arch/arm/include/asm/hypervisor.h             |   2 +
 arch/arm64/Kconfig                            |   1 +
 arch/arm64/include/asm/hypervisor.h           |  11 ++
 arch/arm64/include/asm/io.h                   |   4 +
 arch/arm64/include/asm/mem_encrypt.h          |  15 +++
 arch/arm64/include/asm/set_memory.h           |   1 +
 arch/arm64/mm/Makefile                        |   2 +-
 arch/arm64/mm/ioremap.c                       |  23 +++-
 arch/arm64/mm/mem_encrypt.c                   |  50 +++++++
 drivers/firmware/smccc/kvm_guest.c            |   2 +
 drivers/virt/coco/Kconfig                     |   2 +
 drivers/virt/coco/Makefile                    |   1 +
 drivers/virt/coco/pkvm-guest/Kconfig          |  10 ++
 drivers/virt/coco/pkvm-guest/Makefile         |   2 +
 drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c | 127 ++++++++++++++++++
 include/linux/arm-smccc.h                     |  88 ++++++++++++
 17 files changed, 437 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm64/include/asm/mem_encrypt.h
 create mode 100644 arch/arm64/mm/mem_encrypt.c
 create mode 100644 drivers/virt/coco/pkvm-guest/Kconfig
 create mode 100644 drivers/virt/coco/pkvm-guest/Makefile
 create mode 100644 drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c

Comments

Marc Zyngier Aug. 30, 2024, 1:42 p.m. UTC | #1 
On Fri, 30 Aug 2024 14:01:43 +0100,
Will Deacon <will@kernel.org> wrote:
> 
> Hi all,
> 
> This is version two of the series previously posted here:
> 
>   https://lore.kernel.org/r/20240730151113.1497-1-will@kernel.org
> 
> Changes since v1:
>   * New patch allocating additional hypercalls for future pKVM usage
> 
> It looks like the CCA series is now using some of the pieces here [1],
> so it would be great to merge this with an Ack from the kvmarm
> maintainers.

For patches 2-7:

Acked-by: Marc Zyngier <maz@kernel.org>

Thanks,

	M.
Steven Price Aug. 30, 2024, 1:52 p.m. UTC | #2 
On 30/08/2024 14:01, Will Deacon wrote:
> Hi all,
> 
> This is version two of the series previously posted here:
> 
>   https://lore.kernel.org/r/20240730151113.1497-1-will@kernel.org
> 
> Changes since v1:
>   * New patch allocating additional hypercalls for future pKVM usage
> 
> It looks like the CCA series is now using some of the pieces here [1],
> so it would be great to merge this with an Ack from the kvmarm
> maintainers.

Indeed, for what it's worth, patches 3 and 5 are both:

Reviewed-by: Steven Price <steven.price@arm.com>

Thanks,
Steve

> Cheers,
> 
> Will
> 
> [1] https://lore.kernel.org/r/20240819131924.372366-1-steven.price@arm.com
> 
> Cc: Sudeep Holla <sudeep.holla@arm.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Lorenzo Pieralisi <lpieralisi@kernel.org>
> Cc: Suzuki Poulose <suzuki.poulose@arm.com>
> Cc: Steven Price <steven.price@arm.com>
> Cc: Oliver Upton <oliver.upton@linux.dev>
> Cc: Marc Zyngier <maz@kernel.org>
> Cc: linux-coco@lists.linux.dev
> 
> --->8
> 
> Marc Zyngier (1):
>   firmware/smccc: Call arch-specific hook on discovering KVM services
> 
> Will Deacon (6):
>   drivers/virt: pkvm: Add initial support for running as a protected
>     guest
>   arm64: mm: Add top-level dispatcher for internal mem_encrypt API
>   drivers/virt: pkvm: Hook up mem_encrypt API using pKVM hypercalls
>   arm64: mm: Add confidential computing hook to ioremap_prot()
>   drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall
>   arm64: smccc: Reserve block of KVM "vendor" services for pKVM
>     hypercalls
> 
>  Documentation/virt/kvm/arm/hypercalls.rst     |  98 ++++++++++++++
>  arch/arm/include/asm/hypervisor.h             |   2 +
>  arch/arm64/Kconfig                            |   1 +
>  arch/arm64/include/asm/hypervisor.h           |  11 ++
>  arch/arm64/include/asm/io.h                   |   4 +
>  arch/arm64/include/asm/mem_encrypt.h          |  15 +++
>  arch/arm64/include/asm/set_memory.h           |   1 +
>  arch/arm64/mm/Makefile                        |   2 +-
>  arch/arm64/mm/ioremap.c                       |  23 +++-
>  arch/arm64/mm/mem_encrypt.c                   |  50 +++++++
>  drivers/firmware/smccc/kvm_guest.c            |   2 +
>  drivers/virt/coco/Kconfig                     |   2 +
>  drivers/virt/coco/Makefile                    |   1 +
>  drivers/virt/coco/pkvm-guest/Kconfig          |  10 ++
>  drivers/virt/coco/pkvm-guest/Makefile         |   2 +
>  drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c | 127 ++++++++++++++++++
>  include/linux/arm-smccc.h                     |  88 ++++++++++++
>  17 files changed, 437 insertions(+), 2 deletions(-)
>  create mode 100644 arch/arm64/include/asm/mem_encrypt.h
>  create mode 100644 arch/arm64/mm/mem_encrypt.c
>  create mode 100644 drivers/virt/coco/pkvm-guest/Kconfig
>  create mode 100644 drivers/virt/coco/pkvm-guest/Makefile
>  create mode 100644 drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c
>
Will Deacon Aug. 30, 2024, 4:12 p.m. UTC | #3 
On Fri, 30 Aug 2024 14:01:43 +0100, Will Deacon wrote:
> This is version two of the series previously posted here:
> 
>   https://lore.kernel.org/r/20240730151113.1497-1-will@kernel.org
> 
> Changes since v1:
>   * New patch allocating additional hypercalls for future pKVM usage
> 
> [...]

Applied to arm64 (for-next/pkvm-guest), thanks!

[1/7] firmware/smccc: Call arch-specific hook on discovering KVM services
      https://git.kernel.org/arm64/c/0ba5b4ba6178
[2/7] drivers/virt: pkvm: Add initial support for running as a protected guest
      https://git.kernel.org/arm64/c/a06c3fad49a5
[3/7] arm64: mm: Add top-level dispatcher for internal mem_encrypt API
      https://git.kernel.org/arm64/c/e7bafbf71777
[4/7] drivers/virt: pkvm: Hook up mem_encrypt API using pKVM hypercalls
      https://git.kernel.org/arm64/c/ebc59b120c58
[5/7] arm64: mm: Add confidential computing hook to ioremap_prot()
      https://git.kernel.org/arm64/c/c86fa3470c10
[6/7] drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall
      https://git.kernel.org/arm64/c/0f1269495800
[7/7] arm64: smccc: Reserve block of KVM "vendor" services for pKVM hypercalls
      https://git.kernel.org/arm64/c/21be9f7110d4

Cheers,