[v5,00/12] GenieZone hypervisor drivers

Message ID	20230727080005.14474-1-yi-de.wu@mediatek.com (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Yi-De Wu <yi-de.wu@mediatek.com> To: Yingshiuan Pan <yingshiuan.pan@mediatek.com>, Ze-Yu Wang <ze-yu.wang@mediatek.com>, Yi-De Wu <yi-de.wu@mediatek.com>, Rob Herring <robh+dt@kernel.org>, Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>, Conor Dooley <conor+dt@kernel.org>, Jonathan Corbet <corbet@lwn.net>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Arnd Bergmann <arnd@arndb.de>, "Matthias Brugger" <matthias.bgg@gmail.com>, AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> CC: <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-doc@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-arch@vger.kernel.org>, <linux-mediatek@lists.infradead.org>, "David Bradil" <dbrazdil@google.com>, Trilok Soni <quic_tsoni@quicinc.com>, "Ivan Tseng" <ivan.tseng@mediatek.com>, Jade Shih <jades.shih@mediatek.com>, "My Chuang" <my.chuang@mediatek.com>, Shawn Hsiao <shawn.hsiao@mediatek.com>, PeiLun Suei <peilun.suei@mediatek.com>, Liju Chen <liju-clr.chen@mediatek.com>, Willix Yeh <chi-shen.yeh@mediatek.com> Subject: [PATCH v5 00/12] GenieZone hypervisor drivers Date: Thu, 27 Jul 2023 15:59:53 +0800 Message-ID: <20230727080005.14474-1-yi-de.wu@mediatek.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	GenieZone hypervisor drivers \| expand [v5,00/12] GenieZone hypervisor drivers [v5,01/12] docs: geniezone: Introduce GenieZone hypervisor [v5,02/12] dt-bindings: hypervisor: Add MediaTek GenieZone hypervisor [v5,03/12] virt: geniezone: Add GenieZone hypervisor support [v5,04/12] virt: geniezone: Add vcpu support [v5,05/12] virt: geniezone: Add irqchip support for virtual interrupt injection [v5,06/12] virt: geniezone: Add irqfd support [v5,07/12] virt: geniezone: Add ioeventfd support [v5,08/12] virt: geniezone: Add memory region support [v5,09/12] virt: geniezone: Add dtb config support [v5,10/12] virt: geniezone: Add virtual timer support [v5,11/12] virt: geniezone: Add guest page fault handler [v5,12/12] virt: geniezone: Add memory pin/unpin support

Message ID

20230727080005.14474-1-yi-de.wu@mediatek.com (mailing list archive)

Headers

From: Yi-De Wu <yi-de.wu@mediatek.com>
To: Yingshiuan Pan <yingshiuan.pan@mediatek.com>, Ze-Yu Wang
	<ze-yu.wang@mediatek.com>, Yi-De Wu <yi-de.wu@mediatek.com>, Rob Herring
	<robh+dt@kernel.org>, Krzysztof Kozlowski
	<krzysztof.kozlowski+dt@linaro.org>, Conor Dooley <conor+dt@kernel.org>,
	Jonathan Corbet <corbet@lwn.net>, Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>, Arnd Bergmann <arnd@arndb.de>, "Matthias
 Brugger" <matthias.bgg@gmail.com>, AngeloGioacchino Del Regno
	<angelogioacchino.delregno@collabora.com>
CC: <devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<linux-doc@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
	<linux-arch@vger.kernel.org>, <linux-mediatek@lists.infradead.org>, "David
 Bradil" <dbrazdil@google.com>, Trilok Soni <quic_tsoni@quicinc.com>, "Ivan
 Tseng" <ivan.tseng@mediatek.com>, Jade Shih <jades.shih@mediatek.com>, "My
 Chuang" <my.chuang@mediatek.com>, Shawn Hsiao <shawn.hsiao@mediatek.com>,
	PeiLun Suei <peilun.suei@mediatek.com>, Liju Chen
	<liju-clr.chen@mediatek.com>, Willix Yeh <chi-shen.yeh@mediatek.com>
Subject: [PATCH v5 00/12] GenieZone hypervisor drivers
Date: Thu, 27 Jul 2023 15:59:53 +0800
Message-ID: <20230727080005.14474-1-yi-de.wu@mediatek.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

GenieZone hypervisor drivers | expand

Message

Yi-De Wu July 27, 2023, 7:59 a.m. UTC

This series is based on linux-next, tag: next-20230726.

GenieZone hypervisor(gzvm) is a type-1 hypervisor that supports various virtual
machine types and provides security features such as TEE-like scenarios and
secure boot. It can create guest VMs for security use cases and has
virtualization capabilities for both platform and interrupt. Although the
hypervisor can be booted independently, it requires the assistance of GenieZone
hypervisor kernel driver(gzvm-ko) to leverage the ability of Linux kernel for
vCPU scheduling, memory management, inter-VM communication and virtio backend
support.

Changes in v5:
- Add dt solution back for device initialization
- Add GZVM_EXIT_GZ reason for gzvm_vcpu_run()
- Add patch for guest page fault handler
- Add patch for supporitng pin/unpin memory
- Remove unused enum members, namely GZVM_FUNC_GET_REGS and GZVM_FUNC_SET_REGS
- Use dev_debug() for debugging when platform device is available, and use
  pr_debug() otherwise
- Response to reviewers and fix bugs accordingly

Changes in v4:
https://lore.kernel.org/lkml/20230609085214.31071-1-yi-de.wu@mediatek.com/
- Add macro to set VM as protected without triggering pvmfw in AVF.
- Add support to pass dtb config to hypervisor.
- Add support for virtual timer.
- Add UAPI to pass memory region metadata to hypervisor.
- Define our own macros for ARM's interrupt number
- Elaborate more on GenieZone hyperivsor in documentation
- Fix coding style.
- Implement our own module for coverting ipa to pa
- Modify the way of initializing device from dt to a more discoverable way
- Move refactoring changes into indepedent patches.

Changes in v3:
https://lore.kernel.org/all/20230512080405.12043-1-yi-de.wu@mediatek.com/
- Refactor: separate arch/arm64/geniezone/gzvm_arch.c into vm.c/vcpu.c/vgic.c
- Remove redundant functions
- Fix reviewer's comments

Changes in v2:
https://lore.kernel.org/all/20230428103622.18291-1-yi-de.wu@mediatek.com/
- Refactor: move to drivers/virt/geniezone
- Refactor: decouple arch-dependent and arch-independent
- Check pending signal before entering guest context
- Fix reviewer's comments

Initial Commit in v1:
https://lore.kernel.org/all/20230413090735.4182-1-yi-de.wu@mediatek.com/

Yi-De Wu (12):
  docs: geniezone: Introduce GenieZone hypervisor
  dt-bindings: hypervisor: Add MediaTek GenieZone hypervisor
  virt: geniezone: Add GenieZone hypervisor support
  virt: geniezone: Add vcpu support
  virt: geniezone: Add irqchip support for virtual interrupt injection
  virt: geniezone: Add irqfd support
  virt: geniezone: Add ioeventfd support
  virt: geniezone: Add memory region support
  virt: geniezone: Add dtb config support
  virt: geniezone: Add virtual timer support
  virt: geniezone: Add guest page fault handler
  virt: geniezone: Add memory pin/unpin support

 .../hypervisor/mediatek,geniezone-hyp.yaml    |  31 +
 Documentation/virt/geniezone/introduction.rst |  86 +++
 Documentation/virt/index.rst                  |   1 +
 MAINTAINERS                                   |  13 +
 arch/arm64/Kbuild                             |   1 +
 arch/arm64/geniezone/Makefile                 |   9 +
 arch/arm64/geniezone/driver.c                 |  26 +
 arch/arm64/geniezone/gzvm_arch_common.h       | 130 ++++
 arch/arm64/geniezone/vcpu.c                   | 155 +++++
 arch/arm64/geniezone/vgic.c                   | 124 ++++
 arch/arm64/geniezone/vm.c                     | 251 ++++++++
 arch/arm64/include/uapi/asm/gzvm_arch.h       |  58 ++
 drivers/virt/Kconfig                          |   2 +
 drivers/virt/geniezone/Kconfig                |  16 +
 drivers/virt/geniezone/Makefile               |  12 +
 drivers/virt/geniezone/gzvm_common.h          |  12 +
 drivers/virt/geniezone/gzvm_exception.c       |  34 ++
 drivers/virt/geniezone/gzvm_hvc.c             |  34 ++
 drivers/virt/geniezone/gzvm_ioeventfd.c       | 273 +++++++++
 drivers/virt/geniezone/gzvm_irqfd.c           | 566 ++++++++++++++++++
 drivers/virt/geniezone/gzvm_main.c            | 154 +++++
 drivers/virt/geniezone/gzvm_mmu.c             | 210 +++++++
 drivers/virt/geniezone/gzvm_vcpu.c            | 280 +++++++++
 drivers/virt/geniezone/gzvm_vm.c              | 488 +++++++++++++++
 include/linux/gzvm_drv.h                      | 185 ++++++
 include/uapi/asm-generic/Kbuild               |   1 +
 include/uapi/asm-generic/gzvm_arch.h          |  13 +
 include/uapi/linux/gzvm.h                     | 362 +++++++++++
 28 files changed, 3527 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/hypervisor/mediatek,geniezone-hyp.yaml
 create mode 100644 Documentation/virt/geniezone/introduction.rst
 create mode 100644 arch/arm64/geniezone/Makefile
 create mode 100644 arch/arm64/geniezone/driver.c
 create mode 100644 arch/arm64/geniezone/gzvm_arch_common.h
 create mode 100644 arch/arm64/geniezone/vcpu.c
 create mode 100644 arch/arm64/geniezone/vgic.c
 create mode 100644 arch/arm64/geniezone/vm.c
 create mode 100644 arch/arm64/include/uapi/asm/gzvm_arch.h
 create mode 100644 drivers/virt/geniezone/Kconfig
 create mode 100644 drivers/virt/geniezone/Makefile
 create mode 100644 drivers/virt/geniezone/gzvm_common.h
 create mode 100644 drivers/virt/geniezone/gzvm_exception.c
 create mode 100644 drivers/virt/geniezone/gzvm_hvc.c
 create mode 100644 drivers/virt/geniezone/gzvm_ioeventfd.c
 create mode 100644 drivers/virt/geniezone/gzvm_irqfd.c
 create mode 100644 drivers/virt/geniezone/gzvm_main.c
 create mode 100644 drivers/virt/geniezone/gzvm_mmu.c
 create mode 100644 drivers/virt/geniezone/gzvm_vcpu.c
 create mode 100644 drivers/virt/geniezone/gzvm_vm.c
 create mode 100644 include/linux/gzvm_drv.h
 create mode 100644 include/uapi/asm-generic/gzvm_arch.h
 create mode 100644 include/uapi/linux/gzvm.h

Comments

Rob Herring (Arm) Aug. 11, 2023, 4:52 p.m. UTC | #1

On Thu, Jul 27, 2023 at 03:59:53PM +0800, Yi-De Wu wrote:
> This series is based on linux-next, tag: next-20230726.
> 
> GenieZone hypervisor(gzvm) is a type-1 hypervisor that supports various virtual
> machine types and provides security features such as TEE-like scenarios and
> secure boot. It can create guest VMs for security use cases and has
> virtualization capabilities for both platform and interrupt. Although the
> hypervisor can be booted independently, it requires the assistance of GenieZone
> hypervisor kernel driver(gzvm-ko) to leverage the ability of Linux kernel for
> vCPU scheduling, memory management, inter-VM communication and virtio backend
> support.
> 
> Changes in v5:
> - Add dt solution back for device initialization

Why? It's a software interface that you define and control. Make that 
interface discoverable.

Rob

Yi-De Wu Aug. 17, 2023, 7:31 a.m. UTC | #2

On Fri, 2023-08-11 at 10:52 -0600, Rob Herring wrote:
>  	 
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
>  On Thu, Jul 27, 2023 at 03:59:53PM +0800, Yi-De Wu wrote:
> > This series is based on linux-next, tag: next-20230726.
> > 
> > GenieZone hypervisor(gzvm) is a type-1 hypervisor that supports
> various virtual
> > machine types and provides security features such as TEE-like
> scenarios and
> > secure boot. It can create guest VMs for security use cases and has
> > virtualization capabilities for both platform and interrupt.
> Although the
> > hypervisor can be booted independently, it requires the assistance
> of GenieZone
> > hypervisor kernel driver(gzvm-ko) to leverage the ability of Linux
> kernel for
> > vCPU scheduling, memory management, inter-VM communication and
> virtio backend
> > support.
> > 
> > Changes in v5:
> > - Add dt solution back for device initialization
> 
> Why? It's a software interface that you define and control. Make
> that 
> interface discoverable.
> 
> Rob

hi Rob,

Let me recap a bit about this as you might not notice our previous
response[1]. In order to discover our GenieZone hypervisor, there were
2 solutions being talked about, namely with dt or without dt.

The reasons we use dt now were listed in some previous mail thread[2].
I'll just copy the statements here for better sync-up.
- Although dt is for hardware, it's difficult to discover a specific
hypervisor without probing on all subsystem and thus pollute all of
other users as a consequence.
- The GenieZone hypervisor could be considered as a vendor model to
assist platform virtualization whose implementation is independent from
Linuxism.

In contrast to the solution with dt, what we were doing was probing via
hypercall to see whether our hypervisor exists.
However, this could raise some concerns about "polluting all systems"
even for those systems without GenieZone hypervisor embedded[3].

We're wondering if there's any specific implementation in mind from
your side that we could initialize our device in a discoverable manners
while not affecting other systems. We'll appreciate for the hint.

Regards,

Reference
1. 
https://lore.kernel.org/all/14c0381be38ea40fcd03104bff32bcaa09b920d3.camel@mediatek.com/
2. 
https://lore.kernel.org/lkml/ea531ba80db67cccb03ea173e714fe868f869e91.camel@mediatek.com/
3. 
https://lore.kernel.org/all/2fe0c7f9-55fc-ae63-3631-8526a0212ccd@linaro.org/

Regards,

Yi-De Wu Aug. 31, 2023, 8:09 a.m. UTC | #3

On Thu, 2023-08-17 at 15:31 +0800, Yi-De Wu wrote:
> On Fri, 2023-08-11 at 10:52 -0600, Rob Herring wrote:
> >  	 
> > External email : Please do not click links or open attachments
> > until
> > you have verified the sender or the content.
> >  On Thu, Jul 27, 2023 at 03:59:53PM +0800, Yi-De Wu wrote:
> > > This series is based on linux-next, tag: next-20230726.
> > > 
> > > GenieZone hypervisor(gzvm) is a type-1 hypervisor that supports
> > 
> > various virtual
> > > machine types and provides security features such as TEE-like
> > 
> > scenarios and
> > > secure boot. It can create guest VMs for security use cases and
> > > has
> > > virtualization capabilities for both platform and interrupt.
> > 
> > Although the
> > > hypervisor can be booted independently, it requires the
> > > assistance
> > 
> > of GenieZone
> > > hypervisor kernel driver(gzvm-ko) to leverage the ability of
> > > Linux
> > 
> > kernel for
> > > vCPU scheduling, memory management, inter-VM communication and
> > 
> > virtio backend
> > > support.
> > > 
> > > Changes in v5:
> > > - Add dt solution back for device initialization
> > 
> > Why? It's a software interface that you define and control. Make
> > that 
> > interface discoverable.
> > 
> > Rob
> 
> hi Rob,
> 
> Let me recap a bit about this as you might not notice our previous
> response[1]. In order to discover our GenieZone hypervisor, there
> were
> 2 solutions being talked about, namely with dt or without dt.
> 
> The reasons we use dt now were listed in some previous mail
> thread[2].
> I'll just copy the statements here for better sync-up.
> - Although dt is for hardware, it's difficult to discover a specific
> hypervisor without probing on all subsystem and thus pollute all of
> other users as a consequence.
> - The GenieZone hypervisor could be considered as a vendor model to
> assist platform virtualization whose implementation is independent
> from
> Linuxism.
> 
> In contrast to the solution with dt, what we were doing was probing
> via
> hypercall to see whether our hypervisor exists.
> However, this could raise some concerns about "polluting all systems"
> even for those systems without GenieZone hypervisor embedded[3].
> 
> We're wondering if there's any specific implementation in mind from
> your side that we could initialize our device in a discoverable
> manners
> while not affecting other systems. We'll appreciate for the hint.
> 
> Regards,
> 
> Reference
> 1. 
> 
https://lore.kernel.org/all/14c0381be38ea40fcd03104bff32bcaa09b920d3.camel@mediatek.com/
> 2. 
> 
https://lore.kernel.org/lkml/ea531ba80db67cccb03ea173e714fe868f869e91.camel@mediatek.com/
> 3. 
> 
https://lore.kernel.org/all/2fe0c7f9-55fc-ae63-3631-8526a0212ccd@linaro.org/
> 
> 
> Regards,

A gentle ping.

We suppose a simple dt would be a consise solution here to initialize
the GenieZone hypervisor. We also found some other software pieces use
dt as well[4]. Perhaps it could be brought into discussion that dt
shall be suitable under our use case.

Reference
4. OP-TEE Trusted OS maintained by Linaro

https://elixir.bootlin.com/linux/v6.1/source/Documentation/devicetree/bindings/arm/firmware/tlm,trusted-foundations.yaml