| Message ID | 20230419222350.3604274-1-atishp@rivosinc.com (mailing list archive) |
|---|---|
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id 3A72AC77B73
for <linux-mm@archiver.kernel.org>; Wed, 19 Apr 2023 22:24:06 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id C4E45900003; Wed, 19 Apr 2023 18:24:05 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
id BFE42900002; Wed, 19 Apr 2023 18:24:05 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id AC5F7900003; Wed, 19 Apr 2023 18:24:05 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
[216.40.44.12])
by kanga.kvack.org (Postfix) with ESMTP id A16D0900002
for <linux-mm@kvack.org>; Wed, 19 Apr 2023 18:24:05 -0400 (EDT)
Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1])
by unirelay08.hostedemail.com (Postfix) with ESMTP id 7151314025B
for <linux-mm@kvack.org>; Wed, 19 Apr 2023 22:24:05 +0000 (UTC)
X-FDA: 80699569650.12.58BB73F
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
[209.85.210.179])
by imf19.hostedemail.com (Postfix) with ESMTP id B4FAE1A0006
for <linux-mm@kvack.org>; Wed, 19 Apr 2023 22:24:03 +0000 (UTC)
Authentication-Results: imf19.hostedemail.com;
dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208
header.b=o6BPf3mJ;
spf=pass (imf19.hostedemail.com: domain of atishp@rivosinc.com designates
209.85.210.179 as permitted sender) smtp.mailfrom=atishp@rivosinc.com;
dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=hostedemail.com;
s=arc-20220608; t=1681943043;
h=from:from:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-transfer-encoding:content-transfer-encoding:
in-reply-to:references:dkim-signature;
bh=9TyRM4nmtqohXFcwttydo/M979fjFpXSQwmt1QhEq7M=;
b=KGH7dOkZJRtDvQoC1OJ9LktOhN7HdQknVtaH/FHW6nDXyuMiU+5P9WeZrvqHjF0ALljTZ4
fIdRrpDzRd6/CcMV6O/Q+yMhaWMppxCbxMbjtRQH9rkgQvteQfbtVH/YwxOTd9WKIHeJEO
nCUAKtmin8K8hziAs5jDPcubOOlUd5Y=
ARC-Authentication-Results: i=1;
imf19.hostedemail.com;
dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208
header.b=o6BPf3mJ;
spf=pass (imf19.hostedemail.com: domain of atishp@rivosinc.com designates
209.85.210.179 as permitted sender) smtp.mailfrom=atishp@rivosinc.com;
dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681943043; a=rsa-sha256;
cv=none;
b=deeNfNbh9hr/IzkftHl7WwO63tIfo3FM1yd6Ni4FpwcyWxJa9QF4zdWHwbtQ5soheJ2F4P
N+qW2Ez+OhqYDrdb32IoTOf6IC+0MIr9SNdQqhosleDl00C1hjZP1nq4Y4JG7njRIUCVJ7
vHUxfJjqsvLa40mbUK++BrP8BOqxvFg=
Received: by mail-pf1-f179.google.com with SMTP id
d2e1a72fcca58-63b5465fb99so386728b3a.1
for <linux-mm@kvack.org>; Wed, 19 Apr 2023 15:24:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1681943042;
x=1684535042;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=9TyRM4nmtqohXFcwttydo/M979fjFpXSQwmt1QhEq7M=;
b=o6BPf3mJiKmzHDTQduMjlUPZ224ynCQVPjqAxFiYl/xtjQhTUbKlM14FTeWvmNMg/L
l0DrouIryk3u/EqI3byzcjbrgz+G8kwOXpTd0QZK3d3sEG9AOlbIPNTOq+DH6PD+Epo3
zKe9QwsowdLs42oiVJKkIvYtT/MItZZgmSKR5C8Ea2x67PbxuR6leIH+i/b17jseR8bM
VBwwA8Z195NKwe50pkO3mLwwTJ4OtkL6UCepduj0leLb4C5T7elpUTzmBMMBASJjF094
bjxf9OSnAjUqLeAmsOa6EGQ0N3vUcmm6xctjwRZKzfkPZSzkZvKP3toboLwrlJYiGk9k
5odA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1681943042; x=1684535042;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=9TyRM4nmtqohXFcwttydo/M979fjFpXSQwmt1QhEq7M=;
b=kqCLBSnqh/fTQdvCI/45qNt8Snpqx6PQMJakZ+OCorPI+aDUw26BKeoyNug+AOr/Cb
34ghdHsVSOR/e8cbb4nH3A//rpJPViI3pAqJbxl2IN0YY8ibsqKTGDvpEJAkh8NCUBKR
TIOKk4WTp2IXr9xpurASuZXBJVi2dhGjvPV4UeEt05jTBl3G1hCd7U+P7EwI4y51pfRL
QosYGSFHleBj125FTVaZeRDkTsM0164G7plYoXnArEB3gTZy39RkpiGzZTZ+FmPVkwue
PCKhdiOEtXWg/s2uXtDYEK22d9v70r1e75xus7+rPPlDkMlDuNdNm0HaKrEYjHg8zSQz
AlaQ==
X-Gm-Message-State: AAQBX9eumqPCtJ4hcpGVf2h32+8thnk+4Ai7GGWH36OGUaCKrSiQVq4k
lyYHdSNclAbkTz69VYc8KiJd4g==
X-Google-Smtp-Source:
AKy350Zx1dYLas0QCJpvJzHJgHFaFLbK94X4eX2SqTOZj0B0MjJMPmSVHt7a/giQTdAZWOuX7bdQng==
X-Received: by 2002:a17:902:7244:b0:1a2:37fc:b5e2 with SMTP id
c4-20020a170902724400b001a237fcb5e2mr5966265pll.7.1681943042538;
Wed, 19 Apr 2023 15:24:02 -0700 (PDT)
Received: from atishp.ba.rivosinc.com ([66.220.2.162])
by smtp.gmail.com with ESMTPSA id
e4-20020a170902744400b001a681fb3e77sm11867810plt.44.2023.04.19.15.24.00
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 19 Apr 2023 15:24:02 -0700 (PDT)
From: Atish Patra <atishp@rivosinc.com>
To: linux-kernel@vger.kernel.org
Cc: Atish Patra <atishp@rivosinc.com>,
Alexandre Ghiti <alex@ghiti.fr>,
Andrew Jones <ajones@ventanamicro.com>,
Andrew Morton <akpm@linux-foundation.org>,
Anup Patel <anup@brainfault.org>,
Atish Patra <atishp@atishpatra.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Will Deacon <will@kernel.org>,
Marc Zyngier <maz@kernel.org>,
Sean Christopherson <seanjc@google.com>,
linux-coco@lists.linux.dev,
Dylan Reid <dylan@rivosinc.com>,
abrestic@rivosinc.com,
Samuel Ortiz <sameo@rivosinc.com>,
Jiri Slaby <jirislaby@kernel.org>,
kvm-riscv@lists.infradead.org,
kvm@vger.kernel.org,
linux-mm@kvack.org,
linux-riscv@lists.infradead.org,
Palmer Dabbelt <palmer@dabbelt.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Rajnesh Kanwal <rkanwal@rivosinc.com>,
Uladzislau Rezki <urezki@gmail.com>
Subject: [RFC kvmtool 00/10] RISC-V CoVE support
Date: Wed, 19 Apr 2023 15:23:40 -0700
Message-Id: <20230419222350.3604274-1-atishp@rivosinc.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspam-User:
X-Rspamd-Server: rspam03
X-Stat-Signature: 5o3sjciz58qzpsutm4ojbhiyxkqakqjh
X-Rspamd-Queue-Id: B4FAE1A0006
X-HE-Tag: 1681943043-326453
X-HE-Meta:
U2FsdGVkX19N1QL0+9ZaYrgdzcIUxDyDTDRF8rh0lgkTJRU/Xf3HLW1PyH3aRW53H2aRN0IkFqUOkhgXNVE5vAn7o00+aLjoiRjHHp2U/kXRHoLO5W4NWSa9mofrZyD9sAg8yGRoyItijQJVdKUY2GgUgYR4NGgLSsCNvkBLiho79OaUcKNeIUIs+L4MCtlRNiFiZKjc8iWWmS/NpkXGxreepDVtNu7rmMivNcmbgtId6cd1uwny1z91hyQUOUW0UjLcF/IDW3Wq8UFD3KfTvzI2/TZGmFMJqGdguJZLL9IWpsmRkm/ehaGxi686BwB++S1BerKmvzrqyEMD0jVDMfat/Tz5Fw51zEbGZAKoIflD/sbW6Y4/LK8rdZ4HUsZG1GHUFrYBPrzn+W82fhuiCxMguuSoRDJwUEChh/0afUhVMdFUlv5AGCBCIk+/b+0nGCXGRZmQax7OTrBF/D6iVcYeV8g2oXoCjiIKOJslqykEy/swDPmQnnMp3RDnCZKCMap3k9xDeSVzdTVmcvGPz6bvK/qLnB45LGlkUYDg3SSrKDErJ3SkcZ1Htl/jH8La47pOSOo0MwZUF+unM0x2mt5/wuwvE/MgBQBREsz0QWVgAmy3KhkRKhvE2ZE5uAsZ0B/P4cSmfZKX0bO3viXxsMS9mw2C35Qtn8r3CvMjVcZ4bsNITpbzyrJ5T5cS7vZ9DoQQ2GAccg7f7bXDxf1t4kS+i9nDkivKaHjZowBFfoDd47yy0kTdFcOKaH3DB4o4Li6MQWG1gp2fvhuBdAgdbX7Tlh71IYmOPv4UUdRaL53wH3NJ3U14zBMq7Ipywn4JXHTxewOv8rJQusfJdntTKZBFwa6L8HpI4Cyq0koaa8VAXq8Xd4G79GO2kS7jdgd0AHoQPZwuqFIZXaUBU6rOp3GIK9Y9ZANLhxICorWrWBxFfHrdCJ8EnXJokJvuf6v0X6SLF3VXtNHxdvOFEof
nGvW1iZW
frKWIPVXrTfFHTRXxSZGmHOPU+2AAyv/ERsmic7BnrgKYbNrChP9gevJ3VOJu4vFM7RDos6UeuO0nO53ohtyJyXiAIVpov6hN1xXXSahFdVIjcnFSB+PaiMAKN0rGl6ZDYldI9rR79S4+RmJAobY9TleFe/N4cX/CWwhwukPagvZkllxppOVKkRLiODToO1WkahvqKh87b59wACyug1q/kxqSCGxzo+WmKqyuKnJECxrarcn77khJRIQDgS0VynVNo0/CNmvV29guYYc/MzMEo1/A+i+07idiKOfYUZyRpf1vW8HatUxxINlo+90Ll3/NUWDuwRwr4Tqy0jHXvqLdB25jikuFbw9HQOgKoo1CJcw/WZ969vYfYZ2DPQ3F0f2mh11b4QzE/c4c6cduoeVUUcFUGNNeSmqkxn4KwaXFLdmQMQ/HSwBdqQkV129fYTFaUC9qkchkVqe1L2Sh5YQNMfAHQGAAc6aQl1TA1EHbXthlbjFT9ENas4mDRerqXI2UfAIvP1uaODP+1L0Rx1K95fOWJk6tM2RM/SZxBryoLxNPwgs=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
|
| Series |
RISC-V CoVE support
|
expand
|
This series is an initial version of the support for running confidential VMs on riscv architecture. This is to get feedback on the proposed COVH, COVI and COVG extensions for running Confidential VMs on riscv. The specification is available here [0]. Make sure to build it to get the latest changes as it gets updated from time to time. We have added a new option, `--cove-vm` to the `run` command to mark the VM as a confidential VM. The host including the kernel and kvmtool, must not access any memory allocated to the confidential VM. The TSM is responsible for providing all the required information to handle faults and emulate devices. The series adds support to manage CoVE VMs, which includes: * Configuration * Creation of CoVE VM and VCPUs. * Load initial memory images using measurement ioctls. * Virtio support for CoVE VMs. We don't yet support APLIC and thus no line based interrupts. So we use pci transport for all the virtio devices. As serial and rtc devices are only mmio based so we don't yet support those as well. virtio for the CoVE enforces VIRTIO_F_ACCESS_PLATFORM flag to force SWIOTLB bounce buffers in confidential linux guest. The SWIOTLB buffers are shared with the host using share/unshare calls in COVG extension. Thus host can directly write to those buffers without TSM involvement. This series depends on few RISC-V series which are not yet upstream. * AIA support[1] * SBI DBCN extension[2] It also reuses the arch specific virtio host flag hook from CCA series[4]. The patches are also available here: https://github.com/rivosinc/kvmtool/commits/cove-integration-03072023 The corresponding linux patches are also available here: https://github.com/rivosinc/linux/tree/cove-integration Running a CoVE VM ------------------ Extra options needed: --cove-vm: Launches a confidential VM. --virtio-transport: We don't yet support MMIO devices so we need to force virtio device to use pci transport. $ lkvm run \ --cove-vm \ --virtio-transport=pci \ <normal-VM options> The details instructions can be found at [5] Links ============ [0] CoVE architecture Specification. https://github.com/riscv-non-isa/riscv-ap-tee/blob/main/specification/riscv-aptee-spec.pdf [1] https://github.com/avpatel/kvmtool/tree/riscv_aia_v1 [2] https://github.com/avpatel/kvmtool/tree/riscv_sbi_dbcn_v1 [4] https://lore.kernel.org/lkml/20230127113932.166089-28-suzuki.poulose@arm.com/ [5] https://github.com/rivosinc/cove/wiki/CoVE-KVM-RISCV64-on-QEMU Atish Patra (7): riscv: Add a CoVE VM type. riscv: Define a command line option for CoVE VM riscv: Define a measure region IOCTL riscv: Invoke measure region for VM images riscv: Do not create APLIC for TVMs riscv: Change initrd alignment to a page size riscv: Define riscv specific vm_type function Rajnesh Kanwal (3): riscv: virtio: Enforce VIRTIO_F_ACCESS_PLATFORM feature flag. riscv: Don't emit MMIO devices for CoVE VM. riscv: cove: Don't emit interrupt_map for pci devices in fdt. include/linux/kvm.h | 4 ++ riscv/aia.c | 31 +++++++---- riscv/fdt.c | 38 +++++++------ riscv/include/asm/kvm.h | 6 +++ riscv/include/kvm/kvm-arch.h | 4 +- riscv/include/kvm/kvm-config-arch.h | 4 +- riscv/kvm.c | 51 +++++++++++++++++- riscv/pci.c | 83 +++++++++++++++-------------- 8 files changed, 152 insertions(+), 69 deletions(-) -- 2.25.1