From patchwork Fri Aug 30 13:01:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 13785087 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D0B6FCA0FED for ; Fri, 30 Aug 2024 13:03:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=CG8l0umnqsjywerr7RVIkXjuVSAAfDvPreFmgvhA47o=; b=r+Ov498foeQAw32mS5Yq3Lxu3Z snGRa0TTUSw5gJtOvQQfSKbb8Rmcwlmvx2mn2s93hLVgv8uCzOuAOWcblm+8eUIGgclvEF5vXNvZk rPosU9shsrLwKPcksmTLpUJXN0CR6lSrv7CxONcgYK+LHDgqvJ9cTW+25QY0XmdeM7uuZEU/W65Aa 7MmtK03cTOBJ3bJ16z07fZMEkqnhGfXYy4TCLZiWlMA7zhzRR5vZRbciD0SAEQidcioKjGcKiVntj xmSSABz94b6eX5127Dat8rhT4fDYZ+y43SMPbIEC+9A0vDbcNwoqYg+B3wZ9/GMiE3TuLBB7tKrBf /Bp5OEkw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sk1H9-00000006JpB-0pMK; Fri, 30 Aug 2024 13:02:51 +0000 Received: from nyc.source.kernel.org ([147.75.193.91]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sk1GG-00000006Jct-3MtG for linux-arm-kernel@lists.infradead.org; Fri, 30 Aug 2024 13:01:58 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id D393FA4475A; Fri, 30 Aug 2024 13:01:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92BD1C4CEC2; Fri, 30 Aug 2024 13:01:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1725022915; bh=3Tru4jKUQbVLC3D60kddNg+aeoixf2lyO+9iCXRWS+g=; h=From:To:Cc:Subject:Date:From; b=ZK9k1LlGNQRd22SfJAhrhwSFOm0PTbInSidL3tk/ZCTIMKQoZ1sDZR52ZfVGPZrkK P5TmANTalXS1R9p1AkjJzlCMRhNdauUejueWNKKdRt6jdtDigHFesRtXwLfP+O/qWr 4a+A4UsU7B3s2nOwbX6yGi5Mynp/JqUKjpDBGvCkC6ZTiEy1kHAAP3gKvuuuGFP7Gn O0WvhrhX/JYAsA1QmNrrgylKbakyQKRRYgkhZHaY/oafWt8n++0IXec0wT888AMsJ1 v7mf0cQfj7pHVU+d+yaFeh1FSOKFmPznc7W1Bw/+aUOjZrnPXv5gKK3g8rPr4+Su9j r9LL5/fe6g9VA== From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: Will Deacon , Sudeep Holla , Catalin Marinas , Lorenzo Pieralisi , Suzuki Poulose , Steven Price , Oliver Upton , Marc Zyngier , linux-coco@lists.linux.dev Subject: [PATCH v2 0/7] Support for running as a pKVM protected guest Date: Fri, 30 Aug 2024 14:01:43 +0100 Message-Id: <20240830130150.8568-1-will@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240830_060156_996850_A7F2E5C8 X-CRM114-Status: GOOD ( 14.05 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi all, This is version two of the series previously posted here: https://lore.kernel.org/r/20240730151113.1497-1-will@kernel.org Changes since v1: * New patch allocating additional hypercalls for future pKVM usage It looks like the CCA series is now using some of the pieces here [1], so it would be great to merge this with an Ack from the kvmarm maintainers. Cheers, Will [1] https://lore.kernel.org/r/20240819131924.372366-1-steven.price@arm.com Cc: Sudeep Holla Cc: Catalin Marinas Cc: Lorenzo Pieralisi Cc: Suzuki Poulose Cc: Steven Price Cc: Oliver Upton Cc: Marc Zyngier Cc: linux-coco@lists.linux.dev --->8 Marc Zyngier (1): firmware/smccc: Call arch-specific hook on discovering KVM services Will Deacon (6): drivers/virt: pkvm: Add initial support for running as a protected guest arm64: mm: Add top-level dispatcher for internal mem_encrypt API drivers/virt: pkvm: Hook up mem_encrypt API using pKVM hypercalls arm64: mm: Add confidential computing hook to ioremap_prot() drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall arm64: smccc: Reserve block of KVM "vendor" services for pKVM hypercalls Documentation/virt/kvm/arm/hypercalls.rst | 98 ++++++++++++++ arch/arm/include/asm/hypervisor.h | 2 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/hypervisor.h | 11 ++ arch/arm64/include/asm/io.h | 4 + arch/arm64/include/asm/mem_encrypt.h | 15 +++ arch/arm64/include/asm/set_memory.h | 1 + arch/arm64/mm/Makefile | 2 +- arch/arm64/mm/ioremap.c | 23 +++- arch/arm64/mm/mem_encrypt.c | 50 +++++++ drivers/firmware/smccc/kvm_guest.c | 2 + drivers/virt/coco/Kconfig | 2 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/pkvm-guest/Kconfig | 10 ++ drivers/virt/coco/pkvm-guest/Makefile | 2 + drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c | 127 ++++++++++++++++++ include/linux/arm-smccc.h | 88 ++++++++++++ 17 files changed, 437 insertions(+), 2 deletions(-) create mode 100644 arch/arm64/include/asm/mem_encrypt.h create mode 100644 arch/arm64/mm/mem_encrypt.c create mode 100644 drivers/virt/coco/pkvm-guest/Kconfig create mode 100644 drivers/virt/coco/pkvm-guest/Makefile create mode 100644 drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c Acked-by: Marc Zyngier Reviewed-by: Steven Price