From patchwork Mon Aug 19 13:19:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Price X-Patchwork-Id: 13768364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C0DB3C5321E for ; Mon, 19 Aug 2024 13:20:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=o5sNtjvDw3Y0o3Dnp2RTG1kfpE2hXLFPipWivCPVYu8=; b=2o4srD75UU1TwM00G52TUuUmer SF7BzA7SNGHEnoNa74GDeneNEVjHOBLGqH7Zn187QDiR4tHioUlf7dS4u7sito0DuvFZtk+IMT8U5 l7+5ucCfCZ/kSF+kattSUCaaRYS3CAvabz4ZZBrVsez2nTOrsuC434xOhDUlaX8OkD76CdqbbkQmr VMavpyOPEGc+fCP189b2dGyrIq3pZCiXvuxKO35FxjiNjjAf2+JKsBHEaZEkzLkWJBBB+66JduS26 YtdtyFIJzOQfNV4AZMy68MiY+a/bYM3I+SNNXfch+oi7fLAUZIWNrv/OYO1ehZ18TL68zHHIpOPYN YTCBxHgQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sg2JB-00000001Yza-1Kux; Mon, 19 Aug 2024 13:20:29 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sg2IR-00000001YjH-3e2R for linux-arm-kernel@lists.infradead.org; Mon, 19 Aug 2024 13:19:45 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4372A339; Mon, 19 Aug 2024 06:20:07 -0700 (PDT) Received: from e122027.arm.com (unknown [10.57.85.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 33A913F73B; Mon, 19 Aug 2024 06:19:37 -0700 (PDT) From: Steven Price To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Steven Price , Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Suzuki K Poulose , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev, Ganapatrao Kulkarni , Gavin Shan , Shanker Donthineni , Alper Gun Subject: [PATCH v5 00/19] arm64: Support for running as a guest in Arm CCA Date: Mon, 19 Aug 2024 14:19:05 +0100 Message-Id: <20240819131924.372366-1-steven.price@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240819_061944_036111_1880DD6A X-CRM114-Status: GOOD ( 25.05 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This series adds support for running Linux in a protected VM under the Arm Confidential Compute Architecture (CCA). This has been updated following the feedback from the v4 posting[1]. Thanks for the feedback! Individual patches have a change log. But things to highlight: * New RMM spec version[2] (v1.0-rel0-rc1). Note that this makes a number of (small) breaking changes so you will need to update the RMM and host too (see below). * 'Borrowed' two commits by Will from the pKVM series which add a dispatcher/hook for mem_encrypt and ioremap. These will hopefully make it easier for CCA to live alongside pKVM. * Reworked the code for handling protected/shared MMIO. The new RMM spec adds a new state (RIPAS_IO - although that may get renamed), which is currently unused, but will be used in a later version to signify that a granule is backed by a protected hardware MMIO region. Using this we can now identify whether the top bit should be set when performing an ioremap (or similar). The ABI to the RMM from a realm (the RSI) is based on the RMM v1.0-rel0-rc1 specification[2]. Future RMM specifications after v1.0 will be backwards compatible so a guest using the v1.0 specification (i.e. this series) will be able to run on future versions of the RMM without modification. This series is based on v6.11-rc1. It is also available as a git repository: https://gitlab.arm.com/linux-arm/linux-cca cca-guest/v5 As mentioned above the new RMM specification means that corresponding changes need to be made in the RMM, at this time these changes are still in review (see 'topics/rmm-1.0-rel0-rc1'). So you'll need to fetch the changes[3] from the gerrit instance until they are pushed to the main branch. It has also been pointed out that some documentation would be a good idea - I'm afraid it hasn't made this version, but I didn't want to hold off posting for any longer. The new version of the RMM also means you'll need to update the host support, a v4 of the host changes will be posted soon, in the mean time the code is available from git here: https://gitlab.arm.com/linux-arm/linux-cca cca-host/v4 [1] https://lore.kernel.org/r/20240701095505.165383-1-steven.price%40arm.com [2] https://developer.arm.com/-/cdn-downloads/permalink/PDF/Architectures/DEN0137_1.0-rel0-rc1_rmm-arch_external.pdf [3] https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/30485 Jean-Philippe Brucker (1): firmware/psci: Add psci_early_test_conduit() Sami Mujawar (1): virt: arm-cca-guest: TSM_REPORT support for realms Steven Price (6): arm64: realm: Query IPA size from the RMM arm64: Make the PHYS_MASK_SHIFT dynamic arm64: Enforce bounce buffers for realm DMA arm64: mm: Avoid TLBI when marking pages as valid irqchip/gic-v3-its: Share ITS tables with a non-trusted hypervisor irqchip/gic-v3-its: Rely on genpool alignment Suzuki K Poulose (9): arm64: rsi: Add RSI definitions arm64: Detect if in a realm and set RIPAS RAM arm64: rsi: Add support for checking whether an MMIO is protected fixmap: Allow architecture overriding set_fixmap_io fixmap: Pass down the full phys address for set_fixmap_io arm64: Override set_fixmap_io arm64: rsi: Map unprotected MMIO as decrypted efi: arm64: Map Device with Prot Shared arm64: Enable memory encrypt for Realms Will Deacon (2): arm64: mm: Add top-level dispatcher for internal mem_encrypt API arm64: mm: Add confidential computing hook to ioremap_prot() arch/arm64/Kconfig | 4 + arch/arm64/include/asm/fixmap.h | 2 + arch/arm64/include/asm/io.h | 12 + arch/arm64/include/asm/mem_encrypt.h | 24 ++ arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 4 + arch/arm64/include/asm/pgtable.h | 10 + arch/arm64/include/asm/rsi.h | 68 ++++++ arch/arm64/include/asm/rsi_cmds.h | 157 +++++++++++++ arch/arm64/include/asm/rsi_smc.h | 189 ++++++++++++++++ arch/arm64/include/asm/set_memory.h | 4 + arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/efi.c | 12 +- arch/arm64/kernel/rsi.c | 149 +++++++++++++ arch/arm64/kernel/setup.c | 8 + arch/arm64/mm/Makefile | 2 +- arch/arm64/mm/init.c | 10 +- arch/arm64/mm/ioremap.c | 23 +- arch/arm64/mm/mem_encrypt.c | 50 +++++ arch/arm64/mm/mmu.c | 17 ++ arch/arm64/mm/pageattr.c | 84 ++++++- drivers/firmware/psci/psci.c | 25 +++ drivers/irqchip/irq-gic-v3-its.c | 142 +++++++++--- drivers/tty/serial/earlycon.c | 2 +- drivers/virt/coco/Kconfig | 2 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/arm-cca-guest/Kconfig | 11 + drivers/virt/coco/arm-cca-guest/Makefile | 2 + .../virt/coco/arm-cca-guest/arm-cca-guest.c | 211 ++++++++++++++++++ include/asm-generic/fixmap.h | 4 +- include/linux/psci.h | 5 + 31 files changed, 1200 insertions(+), 43 deletions(-) create mode 100644 arch/arm64/include/asm/mem_encrypt.h create mode 100644 arch/arm64/include/asm/rsi.h create mode 100644 arch/arm64/include/asm/rsi_cmds.h create mode 100644 arch/arm64/include/asm/rsi_smc.h create mode 100644 arch/arm64/kernel/rsi.c create mode 100644 arch/arm64/mm/mem_encrypt.c create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c