From patchwork Fri Apr 19 15:56:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636546 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7CA54C4345F for ; Fri, 19 Apr 2024 16:03:43 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfH-0001aq-Rf; Fri, 19 Apr 2024 12:00:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00014s-5g for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:54 -0400 Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeT-00015V-EB for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:51 -0400 Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-3481bb34e7dso1224460f8f.3 for ; Fri, 19 Apr 2024 08:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542388; x=1714147188; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3wrHOYCEoMGT4WcYp0zjIsKj2FGGrD9J0aabeQrS3SU=; b=ptfuXNdMrRi0UNqgJyxSssnzUdiC/dHDWTm31CgGmFyrA3/KTj29BbvxCKtwezb/1z xdkc7z8ZKbqpCoRGtF6kmy1je7njuNhfpnW8SJmX9IlhXGiuZVOem07z/WMiIy/TvnuP 8qgFYALI1flpoFNbEXSumBN8O8dik9xm72UIyP9yQPzf0Gu2L8x4u40Iup5vSw87b4jN U9SaGTi8k75+Sr/FXIJ7PdmjOP10JOqc1jmuJFCM/3jxIm3MYdAJhDLgazh6wUwbA6TN uGIe5fdV7O0Oquua7yOnAaAnZWOVamsJHD8mskK8DK2fu10iEG+e1L3Rd6x+h8i06//V xlAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542388; x=1714147188; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3wrHOYCEoMGT4WcYp0zjIsKj2FGGrD9J0aabeQrS3SU=; b=UC9V7qamjAFEWSdFOsIawuBCikTJeBlnuv15xX/nvyJgodQCEd1pJO/RT7PhJuc6iY 6YPFTetQZhcSME3y0vt9ZjdbgAduCCWB5c5NzMpC5MWBvZRIrup+k+y/1eP0I2nney0I LDmAzPneI5lCa2D3Mr/WneOaNCQF+xHJ7P49liWI6FDxOcxRtXgg0ghQt0rmO7jyvcIh 4XlNFaOSCv8ELuR1hRpJ4Sc7KezJCjuucr2TAECjF/PngTaYGLh45p7wMatGW3FruIOL 1kd4oyRTK0WDQ/JkiOcPmyn34at02dnU9vwBgiHFi7Nf3TYJSjPjD+wsXj1cEZ2vrZ2s QR8A== X-Forwarded-Encrypted: i=1; AJvYcCVDcmLEXGpfbVYOp7FXPnGEYSu7SKSrUk8UZ+P0zvfvIMovv+x/ESy6zMicaqqy1UsOhrisPrE0vSKrnB7luh36mqWGotA= X-Gm-Message-State: AOJu0YxNpdZNm8T9oRj7AZmi+UQ4C93c6S6iIe583fpeFvu0ocPgCfFB OlURyfEHtDWv4TCaKoDWplN7jGW27JEvuJpBaHIWj4sQpU//IhIJRYI8gm7E7Z0= X-Google-Smtp-Source: AGHT+IHDcMsXxcAZVeWUKvFqKY0Svioja3hq4fhWiLNT+5ZPHue90fMMx2tRczJ0lS2P7Ol7fEAtGw== X-Received: by 2002:adf:f190:0:b0:33e:a5e1:eccc with SMTP id h16-20020adff190000000b0033ea5e1ecccmr1824323wro.68.1713542387673; Fri, 19 Apr 2024 08:59:47 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:47 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker , Marcelo Tosatti , Nicholas Piggin , Daniel Henrique Barboza , qemu-ppc@nongnu.org, Cornelia Huck Subject: [PATCH v2 01/22] kvm: Merge kvm_check_extension() and kvm_vm_check_extension() Date: Fri, 19 Apr 2024 16:56:49 +0100 Message-ID: <20240419155709.318866-3-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::430; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x430.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The KVM_CHECK_EXTENSION ioctl can be issued either on the global fd (/dev/kvm), or on the VM fd obtained with KVM_CREATE_VM. For most extensions, KVM returns the same value with either method, but for some of them it can refine the returned value depending on the VM type. The KVM documentation [1] advises to use the VM fd: Based on their initialization different VMs may have different capabilities. It is thus encouraged to use the vm ioctl to query for capabilities (available with KVM_CAP_CHECK_EXTENSION_VM on the vm fd) Ongoing work on Arm confidential VMs confirms this, as some capabilities become unavailable to confidential VMs, requiring changes in QEMU to use kvm_vm_check_extension() instead of kvm_check_extension() [2]. Rather than changing each check one by one, change kvm_check_extension() to always issue the ioctl on the VM fd when available, and remove kvm_vm_check_extension(). Fall back to the global fd when the VM check is unavailable: * Ancient kernels do not support KVM_CHECK_EXTENSION on the VM fd, since it was added by commit 92b591a4c46b ("KVM: Allow KVM_CHECK_EXTENSION on the vm fd") in Linux 3.17 [3]. Support for Linux 3.16 ended in June 2020, but there may still be old images around. * A couple of calls must be issued before the VM fd is available, since they determine the VM type: KVM_CAP_MIPS_VZ and KVM_CAP_ARM_VM_IPA_SIZE Does any user actually depend on the check being done on the global fd instead of the VM fd? I surveyed all cases where KVM presently returns different values depending on the query method. Luckily QEMU already calls kvm_vm_check_extension() for most of those. Only three of them are ambiguous, because currently done on the global fd: * KVM_CAP_MAX_VCPUS and KVM_CAP_MAX_VCPU_ID on Arm, changes value if the user requests a vGIC different from the default. But QEMU queries this before vGIC configuration, so the reported value will be the same. * KVM_CAP_SW_TLB on PPC. When issued on the global fd, returns false if the kvm-hv module is loaded; when issued on the VM fd, returns false only if the VM type is HV instead of PR. If this returns false, then QEMU will fail to initialize a BOOKE206 MMU model. So this patch supposedly improves things, as it allows to run this type of vCPU even when both KVM modules are loaded. * KVM_CAP_PPC_SECURE_GUEST. Similarly, doing this check on a VM fd refines the returned value, and ensures that SVM is actually supported. Since QEMU follows the check with kvm_vm_enable_cap(), this patch should only provide better error reporting. [1] https://www.kernel.org/doc/html/latest/virt/kvm/api.html#kvm-check-extension [2] https://lore.kernel.org/kvm/875ybi0ytc.fsf@redhat.com/ [3] https://github.com/torvalds/linux/commit/92b591a4c46b Cc: Marcelo Tosatti Cc: Nicholas Piggin Cc: Daniel Henrique Barboza Cc: qemu-ppc@nongnu.org Suggested-by: Cornelia Huck Signed-off-by: Jean-Philippe Brucker --- v1: https://lore.kernel.org/qemu-devel/20230421163822.839167-1-jean-philippe@linaro.org/ v1->v2: Initialize check_extension_vm using kvm_vm_ioctl() as suggested --- include/sysemu/kvm.h | 2 -- include/sysemu/kvm_int.h | 1 + accel/kvm/kvm-all.c | 34 +++++++++++++++------------------- target/arm/kvm.c | 2 +- target/i386/kvm/kvm.c | 6 +++--- target/ppc/kvm.c | 36 ++++++++++++++++++------------------ 6 files changed, 38 insertions(+), 43 deletions(-) diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index c6f34d4794..df97077434 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -404,8 +404,6 @@ bool kvm_arch_stop_on_emulation_error(CPUState *cpu); int kvm_check_extension(KVMState *s, unsigned int extension); -int kvm_vm_check_extension(KVMState *s, unsigned int extension); - #define kvm_vm_enable_cap(s, capability, cap_flags, ...) \ ({ \ struct kvm_enable_cap cap = { \ diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h index cad763e240..fa4c9aeb96 100644 --- a/include/sysemu/kvm_int.h +++ b/include/sysemu/kvm_int.h @@ -123,6 +123,7 @@ struct KVMState uint16_t xen_gnttab_max_frames; uint16_t xen_evtchn_max_pirq; char *device; + bool check_extension_vm; }; void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml, diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index e08dd04164..3d9fbc8a98 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1128,7 +1128,11 @@ int kvm_check_extension(KVMState *s, unsigned int extension) { int ret; - ret = kvm_ioctl(s, KVM_CHECK_EXTENSION, extension); + if (!s->check_extension_vm) { + ret = kvm_ioctl(s, KVM_CHECK_EXTENSION, extension); + } else { + ret = kvm_vm_ioctl(s, KVM_CHECK_EXTENSION, extension); + } if (ret < 0) { ret = 0; } @@ -1136,19 +1140,6 @@ int kvm_check_extension(KVMState *s, unsigned int extension) return ret; } -int kvm_vm_check_extension(KVMState *s, unsigned int extension) -{ - int ret; - - ret = kvm_vm_ioctl(s, KVM_CHECK_EXTENSION, extension); - if (ret < 0) { - /* VM wide version not implemented, use global one instead */ - ret = kvm_check_extension(s, extension); - } - - return ret; -} - /* * We track the poisoned pages to be able to: * - replace them on VM reset @@ -1515,10 +1506,10 @@ static int kvm_dirty_ring_init(KVMState *s) * Read the max supported pages. Fall back to dirty logging mode * if the dirty ring isn't supported. */ - ret = kvm_vm_check_extension(s, capability); + ret = kvm_check_extension(s, capability); if (ret <= 0) { capability = KVM_CAP_DIRTY_LOG_RING_ACQ_REL; - ret = kvm_vm_check_extension(s, capability); + ret = kvm_check_extension(s, capability); } if (ret <= 0) { @@ -1541,7 +1532,7 @@ static int kvm_dirty_ring_init(KVMState *s) } /* Enable the backup bitmap if it is supported */ - ret = kvm_vm_check_extension(s, KVM_CAP_DIRTY_LOG_RING_WITH_BITMAP); + ret = kvm_check_extension(s, KVM_CAP_DIRTY_LOG_RING_WITH_BITMAP); if (ret > 0) { ret = kvm_vm_enable_cap(s, KVM_CAP_DIRTY_LOG_RING_WITH_BITMAP, 0); if (ret) { @@ -2360,7 +2351,7 @@ static void kvm_irqchip_create(KVMState *s) */ static int kvm_recommended_vcpus(KVMState *s) { - int ret = kvm_vm_check_extension(s, KVM_CAP_NR_VCPUS); + int ret = kvm_check_extension(s, KVM_CAP_NR_VCPUS); return (ret) ? ret : 4; } @@ -2526,6 +2517,11 @@ static int kvm_init(MachineState *ms) s->vmfd = ret; + ret = kvm_vm_ioctl(s, KVM_CHECK_EXTENSION, KVM_CAP_CHECK_EXTENSION_VM); + if (ret > 0) { + s->check_extension_vm = true; + } + /* check the vcpu limits */ soft_vcpus_limit = kvm_recommended_vcpus(s); hard_vcpus_limit = kvm_max_vcpus(s); @@ -2668,7 +2664,7 @@ static int kvm_init(MachineState *ms) memory_listener_register(&kvm_io_listener, &address_space_io); - s->sync_mmu = !!kvm_vm_check_extension(kvm_state, KVM_CAP_SYNC_MMU); + s->sync_mmu = !!kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU); if (!s->sync_mmu) { ret = ram_block_discard_disable(true); assert(!ret); diff --git a/target/arm/kvm.c b/target/arm/kvm.c index ab85d628a8..3371ffa401 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -582,7 +582,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) if (s->kvm_eager_split_size) { uint32_t sizes; - sizes = kvm_vm_check_extension(s, KVM_CAP_ARM_SUPPORTED_BLOCK_SIZES); + sizes = kvm_check_extension(s, KVM_CAP_ARM_SUPPORTED_BLOCK_SIZES); if (!sizes) { s->kvm_eager_split_size = 0; warn_report("Eager Page Split support not available"); diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index e68cbe9293..f16229d0a8 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -163,7 +163,7 @@ static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value); bool kvm_has_smm(void) { - return kvm_vm_check_extension(kvm_state, KVM_CAP_X86_SMM); + return kvm_check_extension(kvm_state, KVM_CAP_X86_SMM); } bool kvm_has_adjust_clock_stable(void) @@ -2697,7 +2697,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) return ret; } } - if (kvm_vm_check_extension(s, KVM_CAP_X86_USER_SPACE_MSR)) { + if (kvm_check_extension(s, KVM_CAP_X86_USER_SPACE_MSR)) { bool r; ret = kvm_vm_enable_cap(s, KVM_CAP_X86_USER_SPACE_MSR, 0, @@ -5236,7 +5236,7 @@ static bool __kvm_enable_sgx_provisioning(KVMState *s) { int fd, ret; - if (!kvm_vm_check_extension(s, KVM_CAP_SGX_ATTRIBUTE)) { + if (!kvm_check_extension(s, KVM_CAP_SGX_ATTRIBUTE)) { return false; } diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index 8231feb2d4..0699030a6f 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -101,7 +101,7 @@ static uint32_t debug_inst_opcode; static bool kvmppc_is_pr(KVMState *ks) { /* Assume KVM-PR if the GET_PVINFO capability is available */ - return kvm_vm_check_extension(ks, KVM_CAP_PPC_GET_PVINFO) != 0; + return kvm_check_extension(ks, KVM_CAP_PPC_GET_PVINFO) != 0; } static int kvm_ppc_register_host_cpu_type(void); @@ -118,11 +118,11 @@ int kvm_arch_init(MachineState *ms, KVMState *s) cap_interrupt_unset = kvm_check_extension(s, KVM_CAP_PPC_UNSET_IRQ); cap_segstate = kvm_check_extension(s, KVM_CAP_PPC_SEGSTATE); cap_booke_sregs = kvm_check_extension(s, KVM_CAP_PPC_BOOKE_SREGS); - cap_ppc_smt_possible = kvm_vm_check_extension(s, KVM_CAP_PPC_SMT_POSSIBLE); + cap_ppc_smt_possible = kvm_check_extension(s, KVM_CAP_PPC_SMT_POSSIBLE); cap_spapr_tce = kvm_check_extension(s, KVM_CAP_SPAPR_TCE); cap_spapr_tce_64 = kvm_check_extension(s, KVM_CAP_SPAPR_TCE_64); cap_spapr_multitce = kvm_check_extension(s, KVM_CAP_SPAPR_MULTITCE); - cap_spapr_vfio = kvm_vm_check_extension(s, KVM_CAP_SPAPR_TCE_VFIO); + cap_spapr_vfio = kvm_check_extension(s, KVM_CAP_SPAPR_TCE_VFIO); cap_one_reg = kvm_check_extension(s, KVM_CAP_ONE_REG); cap_hior = kvm_check_extension(s, KVM_CAP_PPC_HIOR); cap_epr = kvm_check_extension(s, KVM_CAP_PPC_EPR); @@ -131,23 +131,23 @@ int kvm_arch_init(MachineState *ms, KVMState *s) * Note: we don't set cap_papr here, because this capability is * only activated after this by kvmppc_set_papr() */ - cap_htab_fd = kvm_vm_check_extension(s, KVM_CAP_PPC_HTAB_FD); + cap_htab_fd = kvm_check_extension(s, KVM_CAP_PPC_HTAB_FD); cap_fixup_hcalls = kvm_check_extension(s, KVM_CAP_PPC_FIXUP_HCALL); - cap_ppc_smt = kvm_vm_check_extension(s, KVM_CAP_PPC_SMT); - cap_htm = kvm_vm_check_extension(s, KVM_CAP_PPC_HTM); - cap_mmu_radix = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_RADIX); - cap_mmu_hash_v3 = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_HASH_V3); - cap_xive = kvm_vm_check_extension(s, KVM_CAP_PPC_IRQ_XIVE); - cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT); + cap_ppc_smt = kvm_check_extension(s, KVM_CAP_PPC_SMT); + cap_htm = kvm_check_extension(s, KVM_CAP_PPC_HTM); + cap_mmu_radix = kvm_check_extension(s, KVM_CAP_PPC_MMU_RADIX); + cap_mmu_hash_v3 = kvm_check_extension(s, KVM_CAP_PPC_MMU_HASH_V3); + cap_xive = kvm_check_extension(s, KVM_CAP_PPC_IRQ_XIVE); + cap_resize_hpt = kvm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT); kvmppc_get_cpu_characteristics(s); - cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV); + cap_ppc_nested_kvm_hv = kvm_check_extension(s, KVM_CAP_PPC_NESTED_HV); cap_large_decr = kvmppc_get_dec_bits(); - cap_fwnmi = kvm_vm_check_extension(s, KVM_CAP_PPC_FWNMI); + cap_fwnmi = kvm_check_extension(s, KVM_CAP_PPC_FWNMI); /* * Note: setting it to false because there is not such capability * in KVM at this moment. * - * TODO: call kvm_vm_check_extension() with the right capability + * TODO: call kvm_check_extension() with the right capability * after the kernel starts implementing it. */ cap_ppc_pvr_compat = false; @@ -157,8 +157,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s) exit(1); } - cap_rpt_invalidate = kvm_vm_check_extension(s, KVM_CAP_PPC_RPT_INVALIDATE); - cap_ail_mode_3 = kvm_vm_check_extension(s, KVM_CAP_PPC_AIL_MODE_3); + cap_rpt_invalidate = kvm_check_extension(s, KVM_CAP_PPC_RPT_INVALIDATE); + cap_ail_mode_3 = kvm_check_extension(s, KVM_CAP_PPC_AIL_MODE_3); kvm_ppc_register_host_cpu_type(); return 0; @@ -1969,7 +1969,7 @@ static int kvmppc_get_pvinfo(CPUPPCState *env, struct kvm_ppc_pvinfo *pvinfo) { CPUState *cs = env_cpu(env); - if (kvm_vm_check_extension(cs->kvm_state, KVM_CAP_PPC_GET_PVINFO) && + if (kvm_check_extension(cs->kvm_state, KVM_CAP_PPC_GET_PVINFO) && !kvm_vm_ioctl(cs->kvm_state, KVM_PPC_GET_PVINFO, pvinfo)) { return 0; } @@ -2289,7 +2289,7 @@ int kvmppc_reset_htab(int shift_hint) /* Full emulation, tell caller to allocate htab itself */ return 0; } - if (kvm_vm_check_extension(kvm_state, KVM_CAP_PPC_ALLOC_HTAB)) { + if (kvm_check_extension(kvm_state, KVM_CAP_PPC_ALLOC_HTAB)) { int ret; ret = kvm_vm_ioctl(kvm_state, KVM_PPC_ALLOCATE_HTAB, &shift); if (ret == -ENOTTY) { @@ -2474,7 +2474,7 @@ static void kvmppc_get_cpu_characteristics(KVMState *s) cap_ppc_safe_bounds_check = 0; cap_ppc_safe_indirect_branch = 0; - ret = kvm_vm_check_extension(s, KVM_CAP_PPC_GET_CPU_CHAR); + ret = kvm_check_extension(s, KVM_CAP_PPC_GET_CPU_CHAR); if (!ret) { return; } From patchwork Fri Apr 19 15:56:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EE842C04FF6 for ; Fri, 19 Apr 2024 16:01:21 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqed-00018I-98; Fri, 19 Apr 2024 12:00:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqeZ-00014y-Dq for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:55 -0400 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeT-00015a-Q8 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:55 -0400 Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-346406a5fb9so1730783f8f.1 for ; Fri, 19 Apr 2024 08:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542388; x=1714147188; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WHJ237dkf2kJpaGwj/VrUeZKq0pv4D2ZIu3Md4Bu1Kw=; b=MxE4VhEThWb3ZWgTmPeJevq8kyAv0WcF9at0EwO4pUT0Ma39oVXnnhmVczs63+0F0d D3mnkScXR5k1vou/EtboZtWw0eusXjRib2Pcy4or7WLPI+CEgms+3+7h/rVUuXkKAJPS /wc0FiCMXPZJRwfBh6A+EADjmp2qzdGH5qBrJmMhIOQl1OqEVZ8E7v2uAz/zjUWtcl9J sPv4l2C9WY5JFCPrXjNsQNk+kzCBWI6I19aqB3G9rL/Imr1XDtNt1vCn+dJSYDPupA+B IfbgApOuy7jF3TEnKGL0gaH72lMR2WIFrsS8C58uAN9eWib0J8JOGaRcwHTRWN7Wr0uu nc8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542388; x=1714147188; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WHJ237dkf2kJpaGwj/VrUeZKq0pv4D2ZIu3Md4Bu1Kw=; b=jmt5oE3YKCBRjixITM+2vJjW1NzLVsr1N8rQFNX9zLDanZ9GZdWxiuMsgJTbM3RvCr nUMoKpgV1uSMy8cxG/f0s9hQgC3EsoQrRkMXJy3DM4Alm/ydoB2fGkdO9ocytJ5pJ39I yBB3irvpTVW515sorXa9dllZ8a1NtpE0eUQ6v5RGpw1RgOFdyRXa84ZSlkrbe4Tb0w6N KErvBhJEMDu+OUDaAUVaCoRp63SDAy38cHcQ473d5Tlod1wuV+o+fy3bDT7FNjN8w4Sq L3tCZNVW4isMtxHtegaaIqGsTANRygb4vGir7fdRCsGslAZk0zgiTaBvnqzc52KSJMzv n51Q== X-Forwarded-Encrypted: i=1; AJvYcCWToN3S6DVKhm8MCUIz1MmCIAinjStEKwcbbDsPj3Wvo67swuSnwu+R8iqsIwJ77js+l33xKGu8lTLSZIE1+i2Gtgm9uxU= X-Gm-Message-State: AOJu0YwlLtKWBdasjnI+hRpIuG6KgSplB8Q3m6dwhTVyDuRNGN9leflP jU7YcS4RV/uJhCzzgvDpYrulOCTeDBJ9j1Foy2pXYvMIcCRWQ7Mjl6THlSDJGNM= X-Google-Smtp-Source: AGHT+IGlBA950nDjW7CG1uLSn0MBVse+OwbjPv7C46uF3Gal/NNnyKNA4TJwKZ9Al41bcIAubUbBHA== X-Received: by 2002:a05:6000:114f:b0:34a:19d0:d907 with SMTP id d15-20020a056000114f00b0034a19d0d907mr1645758wrx.37.1713542388388; Fri, 19 Apr 2024 08:59:48 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:48 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Eduardo Habkost Subject: [PATCH v2 02/22] target/arm: Add confidential guest support Date: Fri, 19 Apr 2024 16:56:50 +0100 Message-ID: <20240419155709.318866-4-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add a new RmeGuest object, inheriting from ConfidentialGuestSupport, to support the Arm Realm Management Extension (RME). It is instantiated by passing on the command-line: -M virt,confidential-guest-support= -object guest-rme,id=[,options...] This is only the skeleton. Support will be added in following patches. Cc: Eric Blake Cc: Markus Armbruster Cc: Daniel P. BerrangĂ© Cc: Eduardo Habkost Reviewed-by: Philippe Mathieu-DaudĂ© Reviewed-by: Richard Henderson Signed-off-by: Jean-Philippe Brucker Acked-by: Markus Armbruster --- docs/system/confidential-guest-support.rst | 1 + qapi/qom.json | 3 +- target/arm/kvm-rme.c | 46 ++++++++++++++++++++++ target/arm/meson.build | 7 +++- 4 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 target/arm/kvm-rme.c diff --git a/docs/system/confidential-guest-support.rst b/docs/system/confidential-guest-support.rst index 0c490dbda2..acf46d8856 100644 --- a/docs/system/confidential-guest-support.rst +++ b/docs/system/confidential-guest-support.rst @@ -40,5 +40,6 @@ Currently supported confidential guest mechanisms are: * AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`) * POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`) * s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) +* Arm Realm Management Extension (RME) Other mechanisms may be supported in future. diff --git a/qapi/qom.json b/qapi/qom.json index 85e6b4f84a..623ec8071f 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -996,7 +996,8 @@ 'tls-creds-x509', 'tls-cipher-suites', { 'name': 'x-remote-object', 'features': [ 'unstable' ] }, - { 'name': 'x-vfio-user-server', 'features': [ 'unstable' ] } + { 'name': 'x-vfio-user-server', 'features': [ 'unstable' ] }, + 'rme-guest' ] } ## diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c new file mode 100644 index 0000000000..960dd75608 --- /dev/null +++ b/target/arm/kvm-rme.c @@ -0,0 +1,46 @@ +/* + * QEMU Arm RME support + * + * Copyright Linaro 2024 + */ + +#include "qemu/osdep.h" + +#include "exec/confidential-guest-support.h" +#include "hw/boards.h" +#include "hw/core/cpu.h" +#include "kvm_arm.h" +#include "migration/blocker.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "sysemu/kvm.h" +#include "sysemu/runstate.h" + +#define TYPE_RME_GUEST "rme-guest" +OBJECT_DECLARE_SIMPLE_TYPE(RmeGuest, RME_GUEST) + +struct RmeGuest { + ConfidentialGuestSupport parent_obj; +}; + +static void rme_guest_class_init(ObjectClass *oc, void *data) +{ +} + +static const TypeInfo rme_guest_info = { + .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT, + .name = TYPE_RME_GUEST, + .instance_size = sizeof(struct RmeGuest), + .class_init = rme_guest_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void rme_register_types(void) +{ + type_register_static(&rme_guest_info); +} + +type_init(rme_register_types); diff --git a/target/arm/meson.build b/target/arm/meson.build index 2e10464dbb..c610c078f7 100644 --- a/target/arm/meson.build +++ b/target/arm/meson.build @@ -8,7 +8,12 @@ arm_ss.add(files( )) arm_ss.add(zlib) -arm_ss.add(when: 'CONFIG_KVM', if_true: files('hyp_gdbstub.c', 'kvm.c'), if_false: files('kvm-stub.c')) +arm_ss.add(when: 'CONFIG_KVM', + if_true: files( + 'hyp_gdbstub.c', + 'kvm.c', + 'kvm-rme.c'), + if_false: files('kvm-stub.c')) arm_ss.add(when: 'CONFIG_HVF', if_true: files('hyp_gdbstub.c')) arm_ss.add(when: 'TARGET_AARCH64', if_true: files( From patchwork Fri Apr 19 15:56:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F0815C4345F for ; Fri, 19 Apr 2024 16:01:47 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqew-0001LN-E4; Fri, 19 Apr 2024 12:00:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqec-00018G-8n for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00015o-Rf for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:57 -0400 Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-418c2bf2f15so18576065e9.3 for ; Fri, 19 Apr 2024 08:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542389; x=1714147189; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eY2FcYl+CzfFOjoUH17x+b03bQquHC1I7mh3fnkgfD0=; b=zUryZJcycH7tEz1ZQg+5x6rofWajWFuskrjEn7eqjoOYVHBJ28IUVFLH/cLqccAIXq 7RnoOXb4e0IqGwBH8XwpceCoEjC/VrEahUkclsDF4E40D+dS3E8FMuShJnbSoxXYhPcw V2VJs3jKNz0QIl2g8SNxHK77hm0WOLG90cLeO3VyqV8RfM7ilNa+jYnjsoYR8Oeh5Ly8 oHvQoLa1W+ej3pEujhAKf+YtziwdBIuJ66rlgBaI6CBXhxry+wTgjeWSX7mtQ8a3scGE L0o1MmG99BLnzpV3uYgXNn6xIDkUzZkTrb3e6WmVsWCNEYEttz+R4z6dAJzto7vaXKWn KyZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542389; x=1714147189; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eY2FcYl+CzfFOjoUH17x+b03bQquHC1I7mh3fnkgfD0=; b=AecByVZmLsHfQBB55V8SFevLYWGvrVhxZZFL2mUJQayWPVqE+0GE4LbszwnlIbZYmk 4lskIhAdLDatflIz6YmOFErPKZNwIipl7AD+08PJ9F08M7Gixa9cZq1gj3+fsQTUBI/p imSvAe6Ie1qMmFuhDdQbQFjAqITsxzSO52M1bhXGbJzv5Vp5V4MrLf8WMuvEkv+Zkh3v Y8EhVf8Rw/lHcWupTooR97cqUtABPp8pvqhczNhicgBgbvCpeGBQAMaHSTbIjN74rwME BHwO5Xdm7QCGvmu/4a16gzauixsRIU4yQdgixOM3G/FANE+2X0EckTnWAI61V7Tv1jih y5mw== X-Forwarded-Encrypted: i=1; AJvYcCXAtH+cgFkx3AFCODl/flXmxXqOtryGUbhs7MkFCMiti+E2reNxuGHu/oWGDc6T98XjX0sMzTSQNPbwVg5PJ+BWsi1JQQk= X-Gm-Message-State: AOJu0Yz6qudzcgQ5w2VZlJgyuomhTJfVyYeBIBuSJcyS/7A1CMrYbZ5T X+ZtEqzjwXISIzeJZozhYQtwoufiGv7qNuIpbycNEI0sRzlRtGDx0fupX19piT8= X-Google-Smtp-Source: AGHT+IFdTCv/4qF5ef/m8iftnCwZTQyCvMGVBFc9yKiwQrHvinWiSlXgx1RyQkxThnBi6pkIAw+PYg== X-Received: by 2002:adf:fa0e:0:b0:343:3a51:ad65 with SMTP id m14-20020adffa0e000000b003433a51ad65mr1537382wrr.38.1713542388970; Fri, 19 Apr 2024 08:59:48 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:48 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 03/22] target/arm/kvm: Return immediately on error in kvm_arch_init() Date: Fri, 19 Apr 2024 16:56:51 +0100 Message-ID: <20240419155709.318866-5-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::334; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x334.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Returning an error to kvm_init() is fatal anyway, no need to continue the initialization. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/kvm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 3371ffa401..a5673241e5 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -566,7 +566,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) !kvm_check_extension(s, KVM_CAP_ARM_IRQ_LINE_LAYOUT_2)) { error_report("Using more than 256 vcpus requires a host kernel " "with KVM_CAP_ARM_IRQ_LINE_LAYOUT_2"); - ret = -EINVAL; + return -EINVAL; } if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) { @@ -595,6 +595,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) if (ret < 0) { error_report("Enabling of Eager Page Split failed: %s", strerror(-ret)); + return ret; } } } From patchwork Fri Apr 19 15:56:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636547 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3F3E5C04FF6 for ; Fri, 19 Apr 2024 16:03:48 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqex-0001Oo-8y; Fri, 19 Apr 2024 12:00:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqed-0001Ay-Qq for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:01 -0400 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-000160-RQ for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-34665dd7744so1422888f8f.1 for ; Fri, 19 Apr 2024 08:59:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542389; x=1714147189; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fwLE1XkqbTWykZyFGjxxFRV6aZ7S9m/Sx/51Il4WLdA=; b=rUIjr+5yjfYtv+8Gpl+82atXgLO7jI7FFFfE+zYeJMwQYCEfTE7dsHvyUj4t8Ti4BH kI/drmjMnMyvNJqJUiZVNJiA1EKIRTZibxqlaJTC1NyUP/wJBHbnKE+DR+nD3ObqoDOQ fPkUxwohD870k+hs7SnSQ1ZNcpWAELrEtgwyyuBaGhoEc1pHskCm5uTyk2gasI5DBZIr bzm+4I3mEmusJgSMXHvUv4QGe1cvmkYmgcSCfgcZZvM98Z5xlJArFn2T08mgjn8MqXE5 O9tzBCJQFvPzo1EGIRczFmh0VEfa+BLcUf3CePIWrqiEC7FcDvZUk/Po33OLiCgzJ+M3 nnUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542389; x=1714147189; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fwLE1XkqbTWykZyFGjxxFRV6aZ7S9m/Sx/51Il4WLdA=; b=h7NJaN2u2PPpxrOFG6EccC0UiE2g3+R4XtjYPJZW1RUJ9b+gxy9OD9ky+zT2CAQBrP FGIBaJTLPn3/xpzxDaZSR4NNNlzD6vPVPdPv7ciLfebUSYCYAKNvyg/goPmAFuU2E2QE sLLMrw22gLMPh2AwMqQAeXOeoEodmeWHTNeBwX1mbl5xKCd4iTnmj8SAXMhmREm8b6ob FM8X4bQqzmQv6WL+a2ZB4Hx7GG3Szi0VnvXK16/+uCEzjP9XfD6bE6DiHPovKHUwyDLW tXF+Cyb416wenKGHmKV3a46MUWEAj/cdGx+f1LGXDuWckdkj+I61DSmIgzVbhtHI0sSx gFBg== X-Forwarded-Encrypted: i=1; AJvYcCWmbLFo0ANZhKfMEB+85Y5rJUn1Jy1fkaQJh7031bVTjo+57bp7g/c8aZ7Hpt/+8i/PDOch8pVG15dbj6MB76WE0Fic3C0= X-Gm-Message-State: AOJu0YweSWcdxuYhlZ3q6QgD7/vUg500aQChrVEWJ22C8c9PZKi29vMB GV6++fr68jXJVOuQW7LX6TmWTK04zQR6ow9vohTt0kq5wKKVNnlgPHTiK/o8Vn8= X-Google-Smtp-Source: AGHT+IHS0L5Lujp82y+sqaO4BTWg9DjNFxI+SKshLzHu9CH18UI8obwKTQQYCL3Od25ds4fcgbtbBg== X-Received: by 2002:a05:6000:a8c:b0:349:9b7f:8df3 with SMTP id dh12-20020a0560000a8c00b003499b7f8df3mr1687174wrb.40.1713542389606; Fri, 19 Apr 2024 08:59:49 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:49 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 04/22] target/arm/kvm-rme: Initialize realm Date: Fri, 19 Apr 2024 16:56:52 +0100 Message-ID: <20240419155709.318866-6-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The machine code calls kvm_arm_rme_vm_type() to get the VM flag and KVM calls kvm_arm_rme_init() to issue KVM hypercalls: * create the realm descriptor, * load images into Realm RAM (in another patch), * finalize the REC (vCPU) after the registers are reset, * activate the realm at the end, at which point the realm is sealed. Signed-off-by: Jean-Philippe Brucker --- v1->v2: * Use g_assert_not_reached() in stubs * Init from kvm_arch_init() rather than hw/arm/virt * Cache rme_guest --- target/arm/kvm_arm.h | 16 +++++++ target/arm/kvm-rme.c | 101 +++++++++++++++++++++++++++++++++++++++++++ target/arm/kvm.c | 7 ++- 3 files changed, 123 insertions(+), 1 deletion(-) diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index cfaa0d9bc7..8e2d90c265 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -203,6 +203,8 @@ int kvm_arm_vgic_probe(void); void kvm_arm_pmu_init(ARMCPU *cpu); void kvm_arm_pmu_set_irq(ARMCPU *cpu, int irq); +int kvm_arm_vcpu_finalize(ARMCPU *cpu, int feature); + /** * kvm_arm_pvtime_init: * @cpu: ARMCPU @@ -214,6 +216,11 @@ void kvm_arm_pvtime_init(ARMCPU *cpu, uint64_t ipa); int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level); +int kvm_arm_rme_init(MachineState *ms); +int kvm_arm_rme_vm_type(MachineState *ms); + +bool kvm_arm_rme_enabled(void); + #else /* @@ -283,6 +290,15 @@ static inline uint32_t kvm_arm_sve_get_vls(ARMCPU *cpu) g_assert_not_reached(); } +static inline int kvm_arm_rme_init(MachineState *ms) +{ + g_assert_not_reached(); +} + +static inline int kvm_arm_rme_vm_type(MachineState *ms) +{ + g_assert_not_reached(); +} #endif #endif diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index 960dd75608..23ac2d32d4 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -23,14 +23,115 @@ struct RmeGuest { ConfidentialGuestSupport parent_obj; }; +static RmeGuest *rme_guest; + +bool kvm_arm_rme_enabled(void) +{ + return !!rme_guest; +} + +static int rme_create_rd(Error **errp) +{ + int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_RME, 0, + KVM_CAP_ARM_RME_CREATE_RD); + + if (ret) { + error_setg_errno(errp, -ret, "RME: failed to create Realm Descriptor"); + } + return ret; +} + +static void rme_vm_state_change(void *opaque, bool running, RunState state) +{ + int ret; + CPUState *cs; + + if (!running) { + return; + } + + ret = rme_create_rd(&error_abort); + if (ret) { + return; + } + + /* + * Now that do_cpu_reset() initialized the boot PC and + * kvm_cpu_synchronize_post_reset() registered it, we can finalize the REC. + */ + CPU_FOREACH(cs) { + ret = kvm_arm_vcpu_finalize(ARM_CPU(cs), KVM_ARM_VCPU_REC); + if (ret) { + error_report("RME: failed to finalize vCPU: %s", strerror(-ret)); + exit(1); + } + } + + ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_RME, 0, + KVM_CAP_ARM_RME_ACTIVATE_REALM); + if (ret) { + error_report("RME: failed to activate realm: %s", strerror(-ret)); + exit(1); + } +} + +int kvm_arm_rme_init(MachineState *ms) +{ + static Error *rme_mig_blocker; + ConfidentialGuestSupport *cgs = ms->cgs; + + if (!rme_guest) { + return 0; + } + + if (!cgs) { + error_report("missing -machine confidential-guest-support parameter"); + return -EINVAL; + } + + if (!kvm_check_extension(kvm_state, KVM_CAP_ARM_RME)) { + return -ENODEV; + } + + error_setg(&rme_mig_blocker, "RME: migration is not implemented"); + migrate_add_blocker(&rme_mig_blocker, &error_fatal); + + /* + * The realm activation is done last, when the VM starts, after all images + * have been loaded and all vcpus finalized. + */ + qemu_add_vm_change_state_handler(rme_vm_state_change, NULL); + + cgs->ready = true; + return 0; +} + +int kvm_arm_rme_vm_type(MachineState *ms) +{ + if (rme_guest) { + return KVM_VM_TYPE_ARM_REALM; + } + return 0; +} + static void rme_guest_class_init(ObjectClass *oc, void *data) { } +static void rme_guest_instance_init(Object *obj) +{ + if (rme_guest) { + error_report("a single instance of RmeGuest is supported"); + exit(1); + } + rme_guest = RME_GUEST(obj); +} + static const TypeInfo rme_guest_info = { .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT, .name = TYPE_RME_GUEST, .instance_size = sizeof(struct RmeGuest), + .instance_init = rme_guest_instance_init, .class_init = rme_guest_class_init, .interfaces = (InterfaceInfo[]) { { TYPE_USER_CREATABLE }, diff --git a/target/arm/kvm.c b/target/arm/kvm.c index a5673241e5..b00077c1a5 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -93,7 +93,7 @@ static int kvm_arm_vcpu_init(ARMCPU *cpu) * * Returns: 0 if success else < 0 error code */ -static int kvm_arm_vcpu_finalize(ARMCPU *cpu, int feature) +int kvm_arm_vcpu_finalize(ARMCPU *cpu, int feature) { return kvm_vcpu_ioctl(CPU(cpu), KVM_ARM_VCPU_FINALIZE, &feature); } @@ -608,6 +608,11 @@ int kvm_arch_init(MachineState *ms, KVMState *s) hw_breakpoints = g_array_sized_new(true, true, sizeof(HWBreakpoint), max_hw_bps); + ret = kvm_arm_rme_init(ms); + if (ret) { + error_report("Failed to enable RME: %s", strerror(-ret)); + } + return ret; } From patchwork Fri Apr 19 15:56:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BDABCC04FF6 for ; Fri, 19 Apr 2024 16:01:59 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfJ-0001fe-QD; Fri, 19 Apr 2024 12:00:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqec-00018J-Ic for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: from mail-wr1-x436.google.com ([2a00:1450:4864:20::436]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00016C-RV for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:58 -0400 Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-34a3e0b31e6so1235173f8f.1 for ; Fri, 19 Apr 2024 08:59:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542390; x=1714147190; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CRM3PMgf67soEHO0QvvaQBhnswxt2iC+13Xw/Jq7gQ4=; b=JH4yNFKAhI5kc7APS5ixtFXVaBFysa1VbCN0yA7EYams+nU6rgTLNR/SQAUmnk6aEf KShv145l1kgaW6hQVQ9E/XyrbiW+uLeFtDbbT0iwRbCawTVZrdFsM2uCrT8s2pRP+yhU JeqI+ffj+gh6e7Zy6tZl2WDiEtpc0KMzkAiEBW/HLVnm+FIo+Axk8UuO8H4um+aue7kU ivo7pYt6xVpkybSg6FuR3hveyRRkSeBq/971x0ylgisExZyyJYZXaIOX8ow05esYRFWP N1uL6viH495hYylNFZRPk2vaj/FquyChNJdzUSHdYESxVPiWWBf4wMeiDT1QLGSXJOtR 41bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542390; x=1714147190; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CRM3PMgf67soEHO0QvvaQBhnswxt2iC+13Xw/Jq7gQ4=; b=o0F2eLcRcZYD2KA/nqSFjnxOdafqCAQYyhfTKuDgHkUMVsbtrwQs78hGtD+quQt2Oc AN4M50wfbTYqyeIdpdMO4fbIGFk6Z3BNANv0vg1v5miVL/l0Sp2zPaHRkn9y8ex2lHcI cNVZe02ocKgxOa+h5hgLMb1SHN9xsvhAckGDqSHTbLguEjBNKlHK0xm6cr8foAr4EScH jY6fP53OoNManfC9sSBAqeE/GWjzBhSgT+VSqe8VKppW9Yq3lKWPcTv7FlKK9C0u/2lN IKoI3eZn5wZ9FRK4ACdNgbzVcVZQ10lCNEPTLxnP/H0Pv5jp4N4XKSj730pOOV1GfDgE Y08Q== X-Forwarded-Encrypted: i=1; AJvYcCW/v89Aa8oyZFYRfjB0yeuxmPOG5uxgtZrIcLip7ctR8o8FRibseYsqst66KWewjsVqTvXPdRyE3QM4ualAhs2pNzmfisY= X-Gm-Message-State: AOJu0YzzLp5mjTFav/8yAJPllVJ4k5BlAqJzPWh5tocfWDhIc2ACBQv3 cY2cG+0Zb1R/hXo72ROAmKEak/dIJCrMWLnh5F15kCOXq7S5AI8lgA21YES0psc= X-Google-Smtp-Source: AGHT+IGVICopAXm0pEWgBvrgks5IfxQpCLgDaJmm8g+T7HOdc7+HvF5tidjUIpsGKu7caC1zxuWLOg== X-Received: by 2002:adf:ff8a:0:b0:345:5f6a:cbf7 with SMTP id j10-20020adfff8a000000b003455f6acbf7mr1681426wrr.29.1713542390205; Fri, 19 Apr 2024 08:59:50 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:49 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 05/22] hw/arm/virt: Add support for Arm RME Date: Fri, 19 Apr 2024 16:56:53 +0100 Message-ID: <20240419155709.318866-7-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::436; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x436.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org When confidential-guest-support is enabled for the virt machine, call the RME init function, and add the RME flag to the VM type. Signed-off-by: Jean-Philippe Brucker --- v1->v2: * Don't explicitly disable steal_time, it's now done through KVM capabilities * Split patch --- hw/arm/virt.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index a9a913aead..07ad31876e 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -224,6 +224,11 @@ static const int a15irqmap[] = { [VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */ }; +static bool virt_machine_is_confidential(VirtMachineState *vms) +{ + return MACHINE(vms)->cgs; +} + static void create_randomness(MachineState *ms, const char *node) { struct { @@ -2111,10 +2116,11 @@ static void machvirt_init(MachineState *machine) * if the guest has EL2 then we will use SMC as the conduit, * and otherwise we will use HVC (for backwards compatibility and * because if we're using KVM then we must use HVC). + * Realm guests must also use SMC. */ if (vms->secure && firmware_loaded) { vms->psci_conduit = QEMU_PSCI_CONDUIT_DISABLED; - } else if (vms->virt) { + } else if (vms->virt || virt_machine_is_confidential(vms)) { vms->psci_conduit = QEMU_PSCI_CONDUIT_SMC; } else { vms->psci_conduit = QEMU_PSCI_CONDUIT_HVC; @@ -2917,6 +2923,7 @@ static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine, static int virt_kvm_type(MachineState *ms, const char *type_str) { VirtMachineState *vms = VIRT_MACHINE(ms); + int rme_vm_type = kvm_arm_rme_vm_type(ms); int max_vm_pa_size, requested_pa_size; bool fixed_ipa; @@ -2946,7 +2953,11 @@ static int virt_kvm_type(MachineState *ms, const char *type_str) * the implicit legacy 40b IPA setting, in which case the kvm_type * must be 0. */ - return fixed_ipa ? 0 : requested_pa_size; + if (fixed_ipa) { + return 0; + } + + return requested_pa_size | rme_vm_type; } static void virt_machine_class_init(ObjectClass *oc, void *data) From patchwork Fri Apr 19 15:56:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 83DECC4345F for ; Fri, 19 Apr 2024 16:02:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfN-0001ir-KE; Fri, 19 Apr 2024 12:00:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqeb-00017p-VX for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00016I-Ex for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:57 -0400 Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-34782453ffdso2009814f8f.1 for ; Fri, 19 Apr 2024 08:59:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542391; x=1714147191; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kLJn8Et2P7uvb72LPY76EBgdmCDOnIuXR/Ns31Lbr0Y=; b=Hfup9YMO7+EHrw3wBSpoXqVMcDHWa5lMbctw8WZIBNBeaCd+k5NKb+noX9xZAD8Afo WuaJVpsObQvm2hyhwNLEeV4ME2AsLJHKp2OTrtoy/CQllsti4R9UYTaG4Pkc4Ijx3e5V +9rSP5utRl1JYtf3vDftlXD/vna6CzG7U4yImI/kIqUt8VtWOHtH1ILbV4rRTQ6BAIsC Pc8tX+HKvmGWT/8Cz0nTzButfoIORwp0LmAqSlWb4/VPS/X9RsKRwo1IrOWptYkWchQA eUKjO+i3NjKfdVni9F5GRKlsmOIdgarFJPVJ06mRs1m/ylCjE2RSQTaO5XwL/2/qRfnQ A4aA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542391; x=1714147191; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kLJn8Et2P7uvb72LPY76EBgdmCDOnIuXR/Ns31Lbr0Y=; b=o/CkubqAS2zqaY5/g4lmFb8D6O66UIVIif+Mf+uax3C9MhWPfBU8iyZFYk33Ne25lX ZuOBVutwjfIEbEHIBvW87EUa4+8fjJr/tFHWNgW54ImwbpChdc9Dz9WRGNsCvvBGF06z J62SeKIc+kXCUBtS3USip9nsDfuQO8sDcPpGL6Efjjp80h6g/ly5yYdj/6yCAXmFQU6q GYoisrDZEC67Mn5LAmSuxnD3vDmJYfvOYW0J0rzvz2BoCrGbPzfG5s+gPB1+9MTjP0t+ XzHRINo6Na5S0nHaXsbju+K129caBzhoIqFh0trvvU3sk5SQZFiXdvv+nTIlBSg7bqFv 1L1A== X-Forwarded-Encrypted: i=1; AJvYcCU0fy1DHvRgCCiO/xMmkreeNFMq2G0/v5LkhYG3Y2Dsgb7B+IYGUjjvpgY3DozX6obY8XAaXeC2kDFcYVLEZI0NdenTLS4= X-Gm-Message-State: AOJu0YzAcFJouDl1kASslLcKl/rwG7tIwNEoqeEZCvGYDA4Few5KSkm6 0iO3qjDvpWhMfyI6rK7b1OTM4lOS1L9JkEH0oTT47qgzrA5jptS6tqJGHKGRWkQ= X-Google-Smtp-Source: AGHT+IHt5SgdwAwTpK9LHFNiGk1VckoKu45Qk/h6ZktffMVSX/Qpn4+HcqAyA1R8ziHYvXM8oh/21A== X-Received: by 2002:a05:6000:186b:b0:34a:4f1c:3269 with SMTP id d11-20020a056000186b00b0034a4f1c3269mr2602929wri.0.1713542390967; Fri, 19 Apr 2024 08:59:50 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:50 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 06/22] hw/arm/virt: Disable DTB randomness for confidential VMs Date: Fri, 19 Apr 2024 16:56:54 +0100 Message-ID: <20240419155709.318866-8-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::430; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x430.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The dtb-randomness feature, which adds random seeds to the DTB, isn't really compatible with confidential VMs since it randomizes the Realm Initial Measurement. Enabling it is not an error, but it prevents attestation. It also isn't useful to a Realm, which doesn't trust host input. Currently the feature is automatically enabled, unless the user disables it on the command-line. Change it to OnOffAuto, and automatically disable it for confidential VMs, unless the user explicitly enables it. Signed-off-by: Jean-Philippe Brucker --- v1->v2: separate patch, use OnOffAuto --- docs/system/arm/virt.rst | 9 +++++---- include/hw/arm/virt.h | 2 +- hw/arm/virt.c | 41 +++++++++++++++++++++++++--------------- 3 files changed, 32 insertions(+), 20 deletions(-) diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst index 26fcba00b7..e4bbfec662 100644 --- a/docs/system/arm/virt.rst +++ b/docs/system/arm/virt.rst @@ -172,10 +172,11 @@ dtb-randomness rng-seed and kaslr-seed nodes (in both "/chosen" and "/secure-chosen") to use for features like the random number generator and address space randomisation. The default is - ``on``. You will want to disable it if your trusted boot chain - will verify the DTB it is passed, since this option causes the - DTB to be non-deterministic. It would be the responsibility of - the firmware to come up with a seed and pass it on if it wants to. + ``off`` for confidential VMs, and ``on`` otherwise. You will want + to disable it if your trusted boot chain will verify the DTB it is + passed, since this option causes the DTB to be non-deterministic. + It would be the responsibility of the firmware to come up with a + seed and pass it on if it wants to. dtb-kaslr-seed A deprecated synonym for dtb-randomness. diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index bb486d36b1..90a148dac2 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -150,7 +150,7 @@ struct VirtMachineState { bool virt; bool ras; bool mte; - bool dtb_randomness; + OnOffAuto dtb_randomness; OnOffAuto acpi; VirtGICType gic_version; VirtIOMMUType iommu; diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 07ad31876e..f300f100b5 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -259,6 +259,7 @@ static bool ns_el2_virt_timer_present(void) static void create_fdt(VirtMachineState *vms) { + bool dtb_randomness = true; MachineState *ms = MACHINE(vms); int nb_numa_nodes = ms->numa_state->num_nodes; void *fdt = create_device_tree(&vms->fdt_size); @@ -268,6 +269,16 @@ static void create_fdt(VirtMachineState *vms) exit(1); } + /* + * Including random data in the DTB causes random intial measurement on CCA, + * so disable it for confidential VMs. + */ + if (vms->dtb_randomness == ON_OFF_AUTO_OFF || + (vms->dtb_randomness == ON_OFF_AUTO_AUTO && + virt_machine_is_confidential(vms))) { + dtb_randomness = false; + } + ms->fdt = fdt; /* Header */ @@ -278,13 +289,13 @@ static void create_fdt(VirtMachineState *vms) /* /chosen must exist for load_dtb to fill in necessary properties later */ qemu_fdt_add_subnode(fdt, "/chosen"); - if (vms->dtb_randomness) { + if (dtb_randomness) { create_randomness(ms, "/chosen"); } if (vms->secure) { qemu_fdt_add_subnode(fdt, "/secure-chosen"); - if (vms->dtb_randomness) { + if (dtb_randomness) { create_randomness(ms, "/secure-chosen"); } } @@ -2474,18 +2485,21 @@ static void virt_set_its(Object *obj, bool value, Error **errp) vms->its = value; } -static bool virt_get_dtb_randomness(Object *obj, Error **errp) +static void virt_get_dtb_randomness(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) { VirtMachineState *vms = VIRT_MACHINE(obj); + OnOffAuto dtb_randomness = vms->dtb_randomness; - return vms->dtb_randomness; + visit_type_OnOffAuto(v, name, &dtb_randomness, errp); } -static void virt_set_dtb_randomness(Object *obj, bool value, Error **errp) +static void virt_set_dtb_randomness(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) { VirtMachineState *vms = VIRT_MACHINE(obj); - vms->dtb_randomness = value; + visit_type_OnOffAuto(v, name, &vms->dtb_randomness, errp); } static char *virt_get_oem_id(Object *obj, Error **errp) @@ -3123,16 +3137,16 @@ static void virt_machine_class_init(ObjectClass *oc, void *data) "Set on/off to enable/disable " "ITS instantiation"); - object_class_property_add_bool(oc, "dtb-randomness", - virt_get_dtb_randomness, - virt_set_dtb_randomness); + object_class_property_add(oc, "dtb-randomness", "OnOffAuto", + virt_get_dtb_randomness, virt_set_dtb_randomness, + NULL, NULL); object_class_property_set_description(oc, "dtb-randomness", "Set off to disable passing random or " "non-deterministic dtb nodes to guest"); - object_class_property_add_bool(oc, "dtb-kaslr-seed", - virt_get_dtb_randomness, - virt_set_dtb_randomness); + object_class_property_add(oc, "dtb-kaslr-seed", "OnOffAuto", + virt_get_dtb_randomness, virt_set_dtb_randomness, + NULL, NULL); object_class_property_set_description(oc, "dtb-kaslr-seed", "Deprecated synonym of dtb-randomness"); @@ -3203,9 +3217,6 @@ static void virt_instance_init(Object *obj) /* MTE is disabled by default. */ vms->mte = false; - /* Supply kaslr-seed and rng-seed by default */ - vms->dtb_randomness = true; - vms->irqmap = a15irqmap; virt_flash_create(vms); From patchwork Fri Apr 19 15:56:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A738CC4345F for ; Fri, 19 Apr 2024 16:04:11 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfH-0001aR-Ng; Fri, 19 Apr 2024 12:00:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqec-00018L-QE for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: from mail-wr1-x42b.google.com ([2a00:1450:4864:20::42b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00016R-Rf for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:58 -0400 Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-346b09d474dso2032823f8f.2 for ; Fri, 19 Apr 2024 08:59:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542391; x=1714147191; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wGSOG2AohVyB+YklCc4A6nr7dY+0+hbY8R/nFstjWpI=; b=l2+0XBA/G2YDY3NTWoz+FL2Wn3d+k+kuN++ZJqy+mJIbJKNpd8B7vOX6e0SkeQTQEo Ik7J+1/FPJvtVQ0c0NXF8A6vp6OkgzTrj4uH/QjPkSa/iCdHGE96PyK+Q1ANgi7cQdHR ym9U4SG9o+D3ExNx2I4kfEqAe8vqkjeidH7N9G8Ddei5VMQFXW6rwwZ+lkkp2NVVHzzw ap1vMGYq0qjB9ZxGMQjaWNoaQzZzBQokc5u1mh5cKHgsx1SxPtw+QQFmrCwVz6wUMYTQ a0NIsppr5sTFp0rL7v7Q3UEdzxMczQ1HJR2BQ9Ik7DWm+48LwJI0esv9epMkqAfGYtnp ziiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542391; x=1714147191; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wGSOG2AohVyB+YklCc4A6nr7dY+0+hbY8R/nFstjWpI=; b=W2Ikrq6mS3gvKgsIszq7vWGbBqz6L/i3pjXZ5lQV7lfFUp6nK0xRlqp24xPv8DOWYa 3NiG7hCFCzcVYlsvs/NHfjZuQCyvTcpS/2Omb0cfRCpghiERurQXvCPJZBzXl/leMxrp 89P+atbSKiTwM7vvIwP7HNLd8h9bn2EdsLRZqBowEyj5tqyHtacd5KTowElQTGtAFfg0 Vn9GRy6c0X6uNhukQy+T29I7xjMZlpQC8VbRfZwScLEz04D5hGoPuBvi9W86BcRd3e00 fZu1txkNltDft8zMS+iOJPZ1yvAMhSb31q8z5zB8ZRuf5e3dlY5rtPlDh8MrEJoBWvRo Nteg== X-Forwarded-Encrypted: i=1; AJvYcCX1Heqj9JVYh17U5w/2lztWm51tJfOzmPnBXyJzYoc/TFq7nhO95yPjHYBoiy7+hqi9p5rmXcOPJ15NHCv2aw00iSI3aYE= X-Gm-Message-State: AOJu0Yw3D3WGZox7gUnU6ZYfO3Hc8d/SbySK0dKib/swoDL3D3UYPdb3 nGgxl64etStrisjjc173OuRzWUtzTDC0/Lvi1Vzb+U7V0nf4jXMzQ2ZKi8dTbRU= X-Google-Smtp-Source: AGHT+IFXWXZ2doR638dGx4gpYpEI6Czh03A8U4tqNaQVQjbA9rRJGDe2do9bDxtdVxSSCJ0+axOIjQ== X-Received: by 2002:a5d:4f90:0:b0:347:4484:4498 with SMTP id d16-20020a5d4f90000000b0034744844498mr1910461wru.59.1713542391579; Fri, 19 Apr 2024 08:59:51 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:51 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 07/22] hw/arm/virt: Reserve one bit of guest-physical address for RME Date: Fri, 19 Apr 2024 16:56:55 +0100 Message-ID: <20240419155709.318866-9-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42b; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org When RME is enabled, the upper GPA bit is used to distinguish protected from unprotected addresses. Reserve it when setting up the guest memory map. Signed-off-by: Jean-Philippe Brucker --- v1->v2: separate patch --- hw/arm/virt.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index f300f100b5..eca9a96b5a 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -2939,14 +2939,24 @@ static int virt_kvm_type(MachineState *ms, const char *type_str) VirtMachineState *vms = VIRT_MACHINE(ms); int rme_vm_type = kvm_arm_rme_vm_type(ms); int max_vm_pa_size, requested_pa_size; + int rme_reserve_bit = 0; bool fixed_ipa; - max_vm_pa_size = kvm_arm_get_max_vm_ipa_size(ms, &fixed_ipa); + if (rme_vm_type) { + /* + * With RME, the upper GPA bit differentiates Realm from NS memory. + * Reserve the upper bit to ensure that highmem devices will fit. + */ + rme_reserve_bit = 1; + } + + max_vm_pa_size = kvm_arm_get_max_vm_ipa_size(ms, &fixed_ipa) - + rme_reserve_bit; /* we freeze the memory map to compute the highest gpa */ virt_set_memmap(vms, max_vm_pa_size); - requested_pa_size = 64 - clz64(vms->highest_gpa); + requested_pa_size = 64 - clz64(vms->highest_gpa) + rme_reserve_bit; /* * KVM requires the IPA size to be at least 32 bits. From patchwork Fri Apr 19 15:56:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636572 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C6609C4345F for ; Fri, 19 Apr 2024 16:08:56 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqeq-0001KZ-RZ; Fri, 19 Apr 2024 12:00:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqec-00018D-4H for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00016b-RY for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:57 -0400 Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-419d320b8a8so1162785e9.3 for ; Fri, 19 Apr 2024 08:59:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542392; x=1714147192; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EQHElS3YY06JrxJsFkVRbTnlkqXQPEN2MqSOomU202A=; b=uebCtMPY64ObuYJC64zRLxHf0tDf+WRnqHZ6/XxRW7yXOg5nez+RDc685Pu3wrJiaH SpLx4sqe7JlCcmYXiK3ezHfr2tQCRgKOyf0sXXnqZxZFUbmcn6kLfXG+SulDvIf7Oqsr oPCbSt5eNtc+1CzN0mnv2sFBojdRnoySLMUHJ7fVq6bzO6na56JmhFBqFN8MbKOv9HHK +IpsSkwuZaGuRDJnYaHAIIiPRyygIR2qnNZw6/uFgye53jgcKrCpQiCkkT4yFjglPpuq sIeOVModxe0hGr//5NsjeR7LUxmG7/IF6/wqHpHo6urXFZbq3Hj1KoSuKndf+yo4cj6b jVGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542392; x=1714147192; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EQHElS3YY06JrxJsFkVRbTnlkqXQPEN2MqSOomU202A=; b=AieZLTbjGQ4U7HsOclg4nlKjdWt/rk/vcWvgHEJj2oaoheEpfh8veQ2gxbEtZ+XoEj jSv8KjTDalc8BjK3G9MiYxY5J740OgPx17c8DjCGu9+s+gM3r2ZH8Ab5EwzENijDNS9H 4NthGexG65fsUU+aONkJm0Xhx6RFeQIWboCPZrnKDPGbKATXn6T4dpT3m91cQPO0r4B8 p5EarCBn9Yzc5P6Lyjm9/rPB25zNFw+TKOJ2HYq2dfbmUGjy2n7dt5lO1vhWMRx6TX3v WFXJ8Nd2Ji1cKVJlpjgHcvrtXh2z2H3E17Ijk34GEjAH52/tGT29X3oRrIXUxWKEeTHa k7pg== X-Forwarded-Encrypted: i=1; AJvYcCVaJ/odh3EK7AforNhVEiZpeUxxx/dJoo+pldki6JY8ggYrftiBQ5iKIRT6B5ElzS6754ylPmidYGcxQEtF+9LK0C4pG24= X-Gm-Message-State: AOJu0YyKYUA/6dq+u1ZsW3O3rZqj4+0BdS07mV+YBknH+5L+hc5dn9xt 2YDxpU/mpOgzB83xNTJ/aG4pdSti12q8O/C4MLVftiQY2CuMTayKs+YqdVJ2aV48PAZ7bB74rGk P X-Google-Smtp-Source: AGHT+IHmfre/WtSkx5TiRXN2ShYLuSNHji6jc90xBDmEWEXfCMjkEhDoIkS0aPXwd0+4HswaKGSxuA== X-Received: by 2002:adf:e4c6:0:b0:34a:6f8b:1237 with SMTP id v6-20020adfe4c6000000b0034a6f8b1237mr1184972wrm.41.1713542392299; Fri, 19 Apr 2024 08:59:52 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:52 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 08/22] target/arm/kvm: Split kvm_arch_get/put_registers Date: Fri, 19 Apr 2024 16:56:56 +0100 Message-ID: <20240419155709.318866-10-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::336; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x336.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The confidential guest support in KVM limits the number of registers that we can read and write. Split the get/put_registers function to prepare for it. Signed-off-by: Jean-Philippe Brucker --- target/arm/kvm.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/target/arm/kvm.c b/target/arm/kvm.c index b00077c1a5..3504276822 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -2056,7 +2056,7 @@ static int kvm_arch_put_sve(CPUState *cs) return 0; } -int kvm_arch_put_registers(CPUState *cs, int level) +static int kvm_arm_put_core_regs(CPUState *cs, int level) { uint64_t val; uint32_t fpr; @@ -2159,6 +2159,19 @@ int kvm_arch_put_registers(CPUState *cs, int level) return ret; } + return 0; +} + +int kvm_arch_put_registers(CPUState *cs, int level) +{ + int ret; + ARMCPU *cpu = ARM_CPU(cs); + + ret = kvm_arm_put_core_regs(cs, level); + if (ret) { + return ret; + } + write_cpustate_to_list(cpu, true); if (!write_list_to_kvmstate(cpu, level)) { @@ -2240,7 +2253,7 @@ static int kvm_arch_get_sve(CPUState *cs) return 0; } -int kvm_arch_get_registers(CPUState *cs) +static int kvm_arm_get_core_regs(CPUState *cs) { uint64_t val; unsigned int el; @@ -2343,6 +2356,19 @@ int kvm_arch_get_registers(CPUState *cs) } vfp_set_fpcr(env, fpr); + return 0; +} + +int kvm_arch_get_registers(CPUState *cs) +{ + int ret; + ARMCPU *cpu = ARM_CPU(cs); + + ret = kvm_arm_get_core_regs(cs); + if (ret) { + return ret; + } + ret = kvm_get_vcpu_events(cpu); if (ret) { return ret; From patchwork Fri Apr 19 15:56:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A9E2DC04FF6 for ; Fri, 19 Apr 2024 16:02:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfQ-0001mx-TG; Fri, 19 Apr 2024 12:00:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqeg-0001Ek-CV for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:02 -0400 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00016e-RT for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:01 -0400 Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-34a32ba1962so1148552f8f.2 for ; Fri, 19 Apr 2024 08:59:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542393; x=1714147193; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7l7h8u/bxo15dj8FUkHA8n7B20eh8IiyRKSK0v2thnY=; b=dD8qbkxUUVPVlmjyuWo8KvMg+WF5QWoYulRtcCpD8x3a5e1ODOh4/0C/+x/bJnkzyI i7EjPcp8GJKJEUuPgJqiWd3IzvXdgsteFWX/v9EZUiDoQ+tZKYp0rSUU1wvZ/T93kCdE P1jkTh+NTIfb0bu0ieku4PNez0M0FEOvmf2ie3t2FBC3M7Eo/pFUwUZ/qNe++hwe/MYl 7rvhsQ6C0d3X6AL08+tOs3Fc8mHZB+2eB3kfSdsk6d0Sa+scgkyZn4yqesbwIB9jyHAg 5OCBhbXmCCmI0V/xtEsUp7hYw1mVEiAxq8pGtsGuycxrpYV2IbkQ1zDV/oortL3S7AuZ h2ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542393; x=1714147193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7l7h8u/bxo15dj8FUkHA8n7B20eh8IiyRKSK0v2thnY=; b=bmJutcaZB+f6DZdET85Wy7GfKCyEIwjJYJUTys0y/khj1Wfal7zPoRzYxGJNBAKP34 NGgSVHVVpIUYa6d+d7NfBm5/uajCgpo7yLULgm8t5TQMqGrNudn3YuZzCrxArgvCg+Aa Q+zPSpdyD+uqFXL5toxNhZtrJxQrOm3TtJMo+Dkg+KpIZH3zvjxFnn9dg5haxui8Sgqp I4nq3fD8OtBbclCQ56BzOt+wVk8c8mntNgSzM38Rchn/IrG8doIIj3zpkMDhPvzVl90Z +hkCg/2/Kx+dMC5TmFiA7pqJRQXe7m25ZreC1Uj+1L7HuQ6m+A3sgQ2lS7Tn+wBx9cti XsJQ== X-Forwarded-Encrypted: i=1; AJvYcCWfujoUqKgLy/ZmW1tIvtHbKNRuWAmhLyelMSIpWYv5osWayUbLjufEu4kpK5ucTMd2CwFw5hxDQHajJAwjTmvZffnyta4= X-Gm-Message-State: AOJu0Yx77/uZjqy1x/igfAmqKiqt67jMQi6kA6hDZsBbSJw/8m0zXzMK ouUn9bPPoXbNa/VEyYbQbkc4hawdhXy/XpWKt8ZOVLwUD0JtlRQ4Lzpa2XDy6HU= X-Google-Smtp-Source: AGHT+IF860s44i+iY0UVmGVcOh/CDrs78uYJvS8fck2EA3pOZTiNLQ3UAvR3r73qt0LuoujRtxz5RA== X-Received: by 2002:a05:6000:4022:b0:34a:5d59:5501 with SMTP id cp34-20020a056000402200b0034a5d595501mr2062192wrb.4.1713542392891; Fri, 19 Apr 2024 08:59:52 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:52 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 09/22] target/arm/kvm-rme: Initialize vCPU Date: Fri, 19 Apr 2024 16:56:57 +0100 Message-ID: <20240419155709.318866-11-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::435; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x435.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The target code calls kvm_arm_vcpu_init() to mark the vCPU as part of a Realm. For a Realm vCPU, only x0-x7 can be set at runtime. Before boot, the PC can also be set, and is ignored at runtime. KVM also accepts a few system register changes during initial configuration, as returned by KVM_GET_REG_LIST. Signed-off-by: Jean-Philippe Brucker --- v1->v2: only do the GP regs, since they are sync'd explicitly. Other registers use the existing reglist facility. --- target/arm/cpu.h | 3 +++ target/arm/kvm_arm.h | 1 + target/arm/kvm-rme.c | 10 ++++++++ target/arm/kvm.c | 61 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index bc0c84873f..d3ff1b4a31 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -945,6 +945,9 @@ struct ArchCPU { OnOffAuto kvm_steal_time; #endif /* CONFIG_KVM */ + /* Realm Management Extension */ + bool kvm_rme; + /* Uniprocessor system with MP extensions */ bool mp_is_up; diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index 8e2d90c265..47777386b0 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -220,6 +220,7 @@ int kvm_arm_rme_init(MachineState *ms); int kvm_arm_rme_vm_type(MachineState *ms); bool kvm_arm_rme_enabled(void); +int kvm_arm_rme_vcpu_init(CPUState *cs); #else diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index 23ac2d32d4..aa9c3b5551 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -106,6 +106,16 @@ int kvm_arm_rme_init(MachineState *ms) return 0; } +int kvm_arm_rme_vcpu_init(CPUState *cs) +{ + ARMCPU *cpu = ARM_CPU(cs); + + if (rme_guest) { + cpu->kvm_rme = true; + } + return 0; +} + int kvm_arm_rme_vm_type(MachineState *ms) { if (rme_guest) { diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 3504276822..3a2233ec73 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -1920,6 +1920,11 @@ int kvm_arch_init_vcpu(CPUState *cs) return ret; } + ret = kvm_arm_rme_vcpu_init(cs); + if (ret) { + return ret; + } + if (cpu_isar_feature(aa64_sve, cpu)) { ret = kvm_arm_sve_set_vls(cpu); if (ret) { @@ -2056,6 +2061,35 @@ static int kvm_arch_put_sve(CPUState *cs) return 0; } +static int kvm_arm_rme_put_core_regs(CPUState *cs) +{ + int i, ret; + struct kvm_one_reg reg; + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + /* + * The RME ABI only allows us to set 8 GPRs and the PC + */ + for (i = 0; i < 8; i++) { + reg.id = AARCH64_CORE_REG(regs.regs[i]); + reg.addr = (uintptr_t) &env->xregs[i]; + ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®); + if (ret) { + return ret; + } + } + + reg.id = AARCH64_CORE_REG(regs.pc); + reg.addr = (uintptr_t) &env->pc; + ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®); + if (ret) { + return ret; + } + + return 0; +} + static int kvm_arm_put_core_regs(CPUState *cs, int level) { uint64_t val; @@ -2066,6 +2100,10 @@ static int kvm_arm_put_core_regs(CPUState *cs, int level) ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; + if (cpu->kvm_rme) { + return kvm_arm_rme_put_core_regs(cs); + } + /* If we are in AArch32 mode then we need to copy the AArch32 regs to the * AArch64 registers before pushing them out to 64-bit KVM. */ @@ -2253,6 +2291,25 @@ static int kvm_arch_get_sve(CPUState *cs) return 0; } +static int kvm_arm_rme_get_core_regs(CPUState *cs) +{ + int i, ret; + struct kvm_one_reg reg; + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + for (i = 0; i < 8; i++) { + reg.id = AARCH64_CORE_REG(regs.regs[i]); + reg.addr = (uintptr_t) &env->xregs[i]; + ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®); + if (ret) { + return ret; + } + } + + return 0; +} + static int kvm_arm_get_core_regs(CPUState *cs) { uint64_t val; @@ -2263,6 +2320,10 @@ static int kvm_arm_get_core_regs(CPUState *cs) ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; + if (cpu->kvm_rme) { + return kvm_arm_rme_get_core_regs(cs); + } + for (i = 0; i < 31; i++) { ret = kvm_get_one_reg(cs, AARCH64_CORE_REG(regs.regs[i]), &env->xregs[i]); From patchwork Fri Apr 19 15:56:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636540 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 08B77C4345F for ; Fri, 19 Apr 2024 16:02:34 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfP-0001kM-Bp; Fri, 19 Apr 2024 12:00:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqee-0001Be-H1 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:01 -0400 Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeY-00016x-W9 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 11:59:59 -0400 Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-417f5268b12so23476665e9.1 for ; Fri, 19 Apr 2024 08:59:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542393; x=1714147193; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RSfgbPCTP9EyXuV3juP9dkL7EJuQyUK18eBXqNLqpbo=; b=SQkKAnNo6T7f4A8fdejdCV0cnzTGOc55u0SIOm2zprUiRGqXkBoA+AxUpKBWorEOtp DienCbhrcU4IG1uuHaOGqNbt/NgByoRUPPbinsDm/MLCnHJFudci71GvCXFylqzMkMNi yStkjLgDJNTmxO7i9/xz3CUlf4d2oVLKa6wxcWG5CsgQRehT+zkhG6RnkgbomwyaHAU+ M+C8iSGKDQoavfF+OY/v66iMdJ0jTN2QVjlCKTu2UXaRnku/3tgam+EZRqkPid4IxJZH b48odklLFQHXoXGRawRcQEM1hNaUbuYJX0yEMKWjPbjxVtkPO76LKW1xBIiJGaLONvvO aIKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542393; x=1714147193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RSfgbPCTP9EyXuV3juP9dkL7EJuQyUK18eBXqNLqpbo=; b=YAYc2Qh6of15KXq8h7PaDJqs06kC2L/tO7g+A7goG5fCggxKawf4eArFrKvoxAPy+t JmPiwgLRODohqECYQqCRY/DyTMcu5MUHR0PUty5+0rK26UFoYFmZCd48HcJbogDssj2i cERf7hUH1hMFsHXT+VgGkedN2Y0eqVqzKys/lxXKu5F5yapTevn5+G4BU7ZEqirFoVZ/ LFSgEraaU/Nf/aEmmeNNYs2Dnb+0I1ksP6pCwIPsBxTEqzOJll0Vc/sK32lCuJhnOKd1 GmfHLgZBLxa06OkRziaa2bPmgLreI1Y/3xw3hMjDOelIIrlgjoC44pTGTbHwYkmuyRDR aoyw== X-Forwarded-Encrypted: i=1; AJvYcCXVL3lMB6lMnw0q/RFXYPKKEvR7xCz/HeIfi+PNgt9VUXpEjrfthPZHZas7TC7HjOc413AG8G2V4dJB9Og3dCus+unG6J8= X-Gm-Message-State: AOJu0Yylcvnz3P2cqodPZiLzrWddSrdFaJJJLGszGinH8vL7ovFk5nka 9Xm+9jgJS9Ptz7uF30FIgmjXe3+x3FYLJKe5CUSSbOYvVThgWhBwIXUtG2e8R+M= X-Google-Smtp-Source: AGHT+IFeP2EmhMFD2HOBJ3b6ZBLM6/A+kopBfhoJ2HRfD/44Kv6a5uuKskDScPr0n9uZ7+UX02om3w== X-Received: by 2002:a05:6000:10c:b0:34a:4b5b:a3d with SMTP id o12-20020a056000010c00b0034a4b5b0a3dmr2104134wrx.7.1713542393565; Fri, 19 Apr 2024 08:59:53 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:53 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 10/22] target/arm/kvm: Create scratch VM as Realm if necessary Date: Fri, 19 Apr 2024 16:56:58 +0100 Message-ID: <20240419155709.318866-12-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::335; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x335.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Some ID registers have a different value for a Realm VM, for example ID_AA64DFR0_EL1 contains the number of breakpoints/watchpoints implemented by RMM instead of the hardware. Even though RMM is in charge of setting up most Realm registers, KVM still provides GET_ONE_REG interface on a Realm VM to probe the VM's capabilities. KVM only reports the maximum IPA it supports, but RMM may support smaller sizes. If the VM creation fails with the value returned by KVM, then retry with the smaller working address. This needs a better solution. Signed-off-by: Jean-Philippe Brucker --- target/arm/kvm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 3a2233ec73..6d368bf442 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -104,6 +104,7 @@ bool kvm_arm_create_scratch_host_vcpu(const uint32_t *cpus_to_try, { int ret = 0, kvmfd = -1, vmfd = -1, cpufd = -1; int max_vm_pa_size; + int vm_type; kvmfd = qemu_open_old("/dev/kvm", O_RDWR); if (kvmfd < 0) { @@ -113,8 +114,9 @@ bool kvm_arm_create_scratch_host_vcpu(const uint32_t *cpus_to_try, if (max_vm_pa_size < 0) { max_vm_pa_size = 0; } + vm_type = kvm_arm_rme_vm_type(MACHINE(qdev_get_machine())); do { - vmfd = ioctl(kvmfd, KVM_CREATE_VM, max_vm_pa_size); + vmfd = ioctl(kvmfd, KVM_CREATE_VM, max_vm_pa_size | vm_type); } while (vmfd == -1 && errno == EINTR); if (vmfd < 0) { goto err; From patchwork Fri Apr 19 15:56:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636569 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BB520C071FD for ; Fri, 19 Apr 2024 16:08:15 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgR-0002Ky-Vr; Fri, 19 Apr 2024 12:01:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqef-0001Dj-Qf for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:02 -0400 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeZ-00017E-O5 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:01 -0400 Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-34a32ba1962so1148564f8f.2 for ; Fri, 19 Apr 2024 08:59:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542394; x=1714147194; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=blRxAD//qWk7awT/WiqSSIKjaOzzlNxFM9Csitf6cJ0=; b=EXUi66CPIKd4xJAss7y15jFi5UVbWQIRHS4EGuT/yY7V8XIL++i4zPlrgytOg63ajW saccqyxKcK56vWdVi8jCFvCqNRId4/pz6bTJw9kevivzMl5WiJS0u+Rgw2FGEzMPeGNk cp1q5UjYLI9Y1GsX22XbVAp8kqX4hKT1lyaUU+VNW5fE3q9ZVBeG8OliER9PH2+bgm1k 7NDqrTdQNXW2UE1zW99i74cCpA9qY6dEHL6m55D/8T5/Fi28eePEGOldxsMYVHo5exVR 6cXxr0YGcCR63aLiryqdBjiNuyNB8zyThA9ayO9ZAqWZrAH2dGM7Bs2vhMhfjSWHaxiv 2tnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542394; x=1714147194; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=blRxAD//qWk7awT/WiqSSIKjaOzzlNxFM9Csitf6cJ0=; b=KW0g93BmRxPBA2VQ4+cj08nL5DceU3MK4sG6zEYbY7MqN9QzyGjar6sWJxZ3VTmPRR Yvn6fLU5MawdKxEcXwfqsHn942M6zZOU/KVice/TfyagyDe5DdJn3hSubanzUZwwMz77 kCyYJnBtrJDyBvWUHM8IQLngptaGVprkkeF4d+mmOrkRIFgySrWXHb2nA9wsPCRBggqe gB4KeBhJM+uSzpud3SXVqZhwbaIyM3LJEhe0FCxMVnJMcYwEaSjuwbp50JjyH6L/vk9j +WXiHjUCeTMlOba4AsCYxNYsKd9D3hGyr8mi0CLwxoEWaOpadypP55kGVkC9JwbsCVDn xKtg== X-Forwarded-Encrypted: i=1; AJvYcCXtG7yl/E/w+ZFEuGpKdm2TcVPthCtDDEqWX5oMT1pvua5y1KFIWPuSPjT/6yUlOzFbprXIKFYaA3G9vYzl+ImQVqype5c= X-Gm-Message-State: AOJu0Yz3lWGSDpdh5s3cI3GWqlVP1Hw3LOnFxAJ6EOyf83g0QtI2SXLt SH8sOzYFadN5wBf50TIOoGeJG+lt7HRA0ot/ofTZiitv37EKbni41dG+ifA2gNc= X-Google-Smtp-Source: AGHT+IHzG9aZ9yLn4f5iy1UKnAuX/xeyHRxk/T1DgICVc15UBelbDjjnn3z1bs1ndgp8yIOgSrqAjQ== X-Received: by 2002:a5d:4a81:0:b0:343:8d1b:b12d with SMTP id o1-20020a5d4a81000000b003438d1bb12dmr1452401wrq.46.1713542394163; Fri, 19 Apr 2024 08:59:54 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:53 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 11/22] hw/core/loader: Add ROM loader notifier Date: Fri, 19 Apr 2024 16:56:59 +0100 Message-ID: <20240419155709.318866-13-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::429; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x429.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add a function to register a notifier, that is invoked after a ROM gets loaded into guest memory. It will be used by Arm confidential guest support, in order to register all blobs loaded into memory with KVM, so that their content is part of the initial VM measurement and contribute to the guest attestation. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- include/hw/loader.h | 15 +++++++++++++++ hw/core/loader.c | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/include/hw/loader.h b/include/hw/loader.h index 8685e27334..79fab25dd9 100644 --- a/include/hw/loader.h +++ b/include/hw/loader.h @@ -356,6 +356,21 @@ void hmp_info_roms(Monitor *mon, const QDict *qdict); ssize_t rom_add_vga(const char *file); ssize_t rom_add_option(const char *file, int32_t bootindex); +typedef struct RomLoaderNotify { + /* Parameters passed to rom_add_blob() */ + hwaddr addr; + size_t len; + size_t max_len; +} RomLoaderNotify; + +/** + * rom_add_load_notifier - Add a notifier for loaded images + * + * Add a notifier that will be invoked with a RomLoaderNotify structure for each + * blob loaded into guest memory, after the blob is loaded. + */ +void rom_add_load_notifier(Notifier *notifier); + /* This is the usual maximum in uboot, so if a uImage overflows this, it would * overflow on real hardware too. */ #define UBOOT_MAX_GUNZIP_BYTES (64 << 20) diff --git a/hw/core/loader.c b/hw/core/loader.c index b8e52f3fb0..4bd236cf89 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -67,6 +67,8 @@ #include static int roms_loaded; +static NotifierList rom_loader_notifier = + NOTIFIER_LIST_INITIALIZER(rom_loader_notifier); /* return the size or -1 if error */ int64_t get_image_size(const char *filename) @@ -1209,6 +1211,11 @@ MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len, return mr; } +void rom_add_load_notifier(Notifier *notifier) +{ + notifier_list_add(&rom_loader_notifier, notifier); +} + /* This function is specific for elf program because we don't need to allocate * all the rom. We just allocate the first part and the rest is just zeros. This * is why romsize and datasize are different. Also, this function takes its own @@ -1250,6 +1257,7 @@ ssize_t rom_add_option(const char *file, int32_t bootindex) static void rom_reset(void *unused) { Rom *rom; + RomLoaderNotify notify; QTAILQ_FOREACH(rom, &roms, next) { if (rom->fw_file) { @@ -1298,6 +1306,13 @@ static void rom_reset(void *unused) cpu_flush_icache_range(rom->addr, rom->datasize); trace_loader_write_rom(rom->name, rom->addr, rom->datasize, rom->isrom); + + notify = (RomLoaderNotify) { + .addr = rom->addr, + .len = rom->datasize, + .max_len = rom->romsize, + }; + notifier_list_notify(&rom_loader_notifier, ¬ify); } } From patchwork Fri Apr 19 15:57:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636568 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A6A6BC4345F for ; Fri, 19 Apr 2024 16:06:59 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqho-0006Su-7H; Fri, 19 Apr 2024 12:03:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqej-0001Fl-As for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:07 -0400 Received: from mail-lj1-x232.google.com ([2a00:1450:4864:20::232]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqea-000191-M1 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:02 -0400 Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2d715638540so27541081fa.3 for ; Fri, 19 Apr 2024 08:59:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542395; x=1714147195; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0sA7sQRj9S8478926YbMyMtx1fea3V/JVwzEIyV34Xk=; b=gPDsxUPqx3r5SN4DtKYYnvhP5G152iMBeq9ZCh+uPit4buHqfOa0BBj4n66gMM+Iqt v/VZR9T4LHLu7Qqu/ds3VM3+yXSRRhqejsTPxL6xYvGkEypE5Qkm5Q4cawqsX21vCUM8 GNqRHV4FRG2ri2LgH/2SKcG5b2oTtmP0UrOa/Jt9EYfY5g0oNk5q+k9sVvh5gbSY79PO hvpRC4H2Bmc0rMgrHZxsFYjNWmIuQyIGU4FkyVLoFyUFGWNZzNHeBLk4pivO1zd6y9j5 EffBGoeOZj2gh+AmLAvw4KWTCCvPsJvaUTGxDsmRPq4uCtXK6Xu/em98r9ShX9BEb3w5 x/Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542395; x=1714147195; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0sA7sQRj9S8478926YbMyMtx1fea3V/JVwzEIyV34Xk=; b=VHbt4fkBqq5b2PeJQAwa86evoIhmxulfj+hNZKTScPlBJAbCoNmynzStKc9iN/HJbn xifjksEygsiTGtvnnl6mjJxO4xFYc3pYpaLltk+IeCMSFr9daZHQ0JTncVay+Q1DPvjs LZ0+XVRuv568W/SSYtqAeKQ4833tOXj8vYyIxRr4wPcVQtRtTYsQpPho9QHsRF3biqF5 CuJN/3/0uHqm6zIWm0d1cbsk5w1jCv4+nyfw+jTGUE8S2oQofNn5C/+4WBHQJ9LTzCtU YMwIfTyxUztXon66AFpP0A4KKPXHIRFlvBomJQ/zvf/TiPQEu5QF+5ZelL5yktDbHr56 mCzg== X-Forwarded-Encrypted: i=1; AJvYcCXt5tXhld37Kh1jvMC1V5AJlNJrX9lrlGlQmBhgnGNWOwlBUkSuaTpeATokXvXmFEv1dkiHFDCVoPZG2OpNhn/R6t1e11E= X-Gm-Message-State: AOJu0Yz45C0LdJftZrO5lX42fmrYncoXW0vlRrAQJUu16uHjTbvTDepO 0aTXJ7dCP93Pabh7oYOw4JVZhYxVIiGKOueEUI0IFO09fKhmRK+knnJWK7jN1tc= X-Google-Smtp-Source: AGHT+IFfQi+a8Yue9CKu52ltaOyqCZ506+N2z0+WdOQedFIdKEWuv3ocq7AR6ZTSkFjbZvW+CXb+VA== X-Received: by 2002:a2e:855a:0:b0:2da:6f19:d359 with SMTP id u26-20020a2e855a000000b002da6f19d359mr1512569ljj.2.1713542394779; Fri, 19 Apr 2024 08:59:54 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:54 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 12/22] target/arm/kvm-rme: Populate Realm memory Date: Fri, 19 Apr 2024 16:57:00 +0100 Message-ID: <20240419155709.318866-14-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::232; envelope-from=jean-philippe@linaro.org; helo=mail-lj1-x232.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Collect the images copied into guest RAM into a sorted list, and issue POPULATE_REALM KVM ioctls once we've created the Realm Descriptor. The images are part of the Realm Initial Measurement. Signed-off-by: Jean-Philippe Brucker --- v1->v2: Use a ROM loader notifier --- target/arm/kvm-rme.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index aa9c3b5551..bee6694d6d 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -9,9 +9,11 @@ #include "exec/confidential-guest-support.h" #include "hw/boards.h" #include "hw/core/cpu.h" +#include "hw/loader.h" #include "kvm_arm.h" #include "migration/blocker.h" #include "qapi/error.h" +#include "qemu/error-report.h" #include "qom/object_interfaces.h" #include "sysemu/kvm.h" #include "sysemu/runstate.h" @@ -19,10 +21,21 @@ #define TYPE_RME_GUEST "rme-guest" OBJECT_DECLARE_SIMPLE_TYPE(RmeGuest, RME_GUEST) +#define RME_PAGE_SIZE qemu_real_host_page_size() + struct RmeGuest { ConfidentialGuestSupport parent_obj; + Notifier rom_load_notifier; + GSList *ram_regions; }; +typedef struct { + hwaddr base; + hwaddr len; + /* Populate guest RAM with data, or only initialize the IPA range */ + bool populate; +} RmeRamRegion; + static RmeGuest *rme_guest; bool kvm_arm_rme_enabled(void) @@ -41,6 +54,41 @@ static int rme_create_rd(Error **errp) return ret; } +static void rme_populate_realm(gpointer data, gpointer unused) +{ + int ret; + const RmeRamRegion *region = data; + + if (region->populate) { + struct kvm_cap_arm_rme_populate_realm_args populate_args = { + .populate_ipa_base = region->base, + .populate_ipa_size = region->len, + .flags = KVM_ARM_RME_POPULATE_FLAGS_MEASURE, + }; + ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_RME, 0, + KVM_CAP_ARM_RME_POPULATE_REALM, + (intptr_t)&populate_args); + if (ret) { + error_report("RME: failed to populate realm (0x%"HWADDR_PRIx", 0x%"HWADDR_PRIx"): %s", + region->base, region->len, strerror(-ret)); + exit(1); + } + } else { + struct kvm_cap_arm_rme_init_ipa_args init_args = { + .init_ipa_base = region->base, + .init_ipa_size = region->len, + }; + ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_RME, 0, + KVM_CAP_ARM_RME_INIT_IPA_REALM, + (intptr_t)&init_args); + if (ret) { + error_report("RME: failed to initialize GPA range (0x%"HWADDR_PRIx", 0x%"HWADDR_PRIx"): %s", + region->base, region->len, strerror(-ret)); + exit(1); + } + } +} + static void rme_vm_state_change(void *opaque, bool running, RunState state) { int ret; @@ -55,6 +103,9 @@ static void rme_vm_state_change(void *opaque, bool running, RunState state) return; } + g_slist_foreach(rme_guest->ram_regions, rme_populate_realm, NULL); + g_slist_free_full(g_steal_pointer(&rme_guest->ram_regions), g_free); + /* * Now that do_cpu_reset() initialized the boot PC and * kvm_cpu_synchronize_post_reset() registered it, we can finalize the REC. @@ -75,6 +126,49 @@ static void rme_vm_state_change(void *opaque, bool running, RunState state) } } +static gint rme_compare_ram_regions(gconstpointer a, gconstpointer b) +{ + const RmeRamRegion *ra = a; + const RmeRamRegion *rb = b; + + g_assert(ra->base != rb->base); + return ra->base < rb->base ? -1 : 1; +} + +static void rme_add_ram_region(hwaddr base, hwaddr len, bool populate) +{ + RmeRamRegion *region; + + region = g_new0(RmeRamRegion, 1); + region->base = QEMU_ALIGN_DOWN(base, RME_PAGE_SIZE); + region->len = QEMU_ALIGN_UP(len, RME_PAGE_SIZE); + region->populate = populate; + + /* + * The Realm Initial Measurement (RIM) depends on the order in which we + * initialize and populate the RAM regions. To help a verifier + * independently calculate the RIM, sort regions by GPA. + */ + rme_guest->ram_regions = g_slist_insert_sorted(rme_guest->ram_regions, + region, + rme_compare_ram_regions); +} + +static void rme_rom_load_notify(Notifier *notifier, void *data) +{ + RomLoaderNotify *rom = data; + + if (rom->addr == -1) { + /* + * These blobs (ACPI tables) are not loaded into guest RAM at reset. + * Instead the firmware will load them via fw_cfg and measure them + * itself. + */ + return; + } + rme_add_ram_region(rom->addr, rom->max_len, /* populate */ true); +} + int kvm_arm_rme_init(MachineState *ms) { static Error *rme_mig_blocker; @@ -102,6 +196,9 @@ int kvm_arm_rme_init(MachineState *ms) */ qemu_add_vm_change_state_handler(rme_vm_state_change, NULL); + rme_guest->rom_load_notifier.notify = rme_rom_load_notify; + rom_add_load_notifier(&rme_guest->rom_load_notifier); + cgs->ready = true; return 0; } From patchwork Fri Apr 19 15:57:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636538 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D25A2C4345F for ; Fri, 19 Apr 2024 16:02:11 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgY-0002zk-Nf; Fri, 19 Apr 2024 12:01:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqej-0001Fn-Bd for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:07 -0400 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeb-00019N-AH for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:02 -0400 Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-346b09d474dso2032878f8f.2 for ; Fri, 19 Apr 2024 08:59:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542395; x=1714147195; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6nYDbfiehTdxZ4oKQVaAYQN5jvjqz012O7hP4xktYbg=; b=ZjRQcMD3Xx0BKMjZrbWgFtTm0A5ycbuKX+djZhe4EAASdcr0A6pTcZlaZoAQ0iOPTE rSytwbC1zKg0Ii1k1KcVb75dg0A1TdIAvT0+bt40Xcl+qAGGCRWGRFeeHBc6nwy4v+fi KuexClAQ/zo9gAz2JuEA4RN4dcx9mcvEYDgIh7ixyQDh/wfMe/+MW7XUS55q2yoVaYoA KE1KuUnE8Ux0GjjWJpurdYOjBoc70IHCr6wEWtzNBGq9HCJ02cLZ88TVruAgREm7vsH3 TFkCXBzfL03rMPIAtvRyEOz7s6gCPquZ3ZmKx5KLdiXwT7DxlSLc8Ql67aqafEvO4mhY 3GpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542395; x=1714147195; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6nYDbfiehTdxZ4oKQVaAYQN5jvjqz012O7hP4xktYbg=; b=enjKn9yl0G4X9i34j/oulqfm/vYvtdmxJgs+hSpRmPy6vXoeBOLG9m+y49t3Qdb03S Afz6DtLdY96a4QDjdr6ofcEsyAY6LBreIrIYKDD2UQHACnUbMQbtPhvK6xnii8vkCgRh hpmGTiRleSnNmwtoUmhO0CCYbY/8GimNr0dzeyDe8NYsANf4eynjt9wK0c1zmdiu8a8H j1s8dEepF4pg8oV4kZ8UBQJ+lgyK46G0nfkLes9weiHJpprS90ID40nePQ3jpHrZxh8W Xu1CJmRjEzj0rOQuGnpOT1P/zA9TuFH4LOUuzgNNW2yvyeVJVKGJUflLekxC42xSlNv+ bG+A== X-Forwarded-Encrypted: i=1; AJvYcCURIuWTYg1/2xLgApiuuazL/WPtmma+LC9KU/ksASTx5thcfStQXcXkqghY2zBRrC1ckdyZoFlU18KNVIM7bpwxcnesqnQ= X-Gm-Message-State: AOJu0YyTLF+HATMqwFfWeAqt7RAcoDtVgJwd+QCBJw8HWDCLB/oOH9yH xhZ8X4bCZHRTCi/XyL4LO3wy241bqeCSH0viorh5pJpHC2aEaSqVvuPJ/qYJIhY= X-Google-Smtp-Source: AGHT+IENd+TeX2PBr9ChBBd+ruacRcP4c4TYBzXGQ3ipRL9oc1orolv3f+o8CLX8XZE/mgXca1Ufaw== X-Received: by 2002:a5d:6da8:0:b0:343:7032:7283 with SMTP id u8-20020a5d6da8000000b0034370327283mr2695209wrs.8.1713542395421; Fri, 19 Apr 2024 08:59:55 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:55 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidential guests Date: Fri, 19 Apr 2024 16:57:01 +0100 Message-ID: <20240419155709.318866-15-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42d; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Although the BSS section is not currently part of the kernel blob, it needs to be registered as guest RAM for confidential guest support, because the kernel needs to access it before it is able to setup its RAM regions. It would be tempting to simply add the BSS as part of the ROM blob (ie pass kernel_size as max_len argument to rom_add_blob()) and let the ROM loader notifier deal with the full image size generically, but that would add zero-initialization of the BSS region by the loader, which adds a significant overhead. For a 40MB kernel with a 17MB BSS, I measured an average boot time regression of 2.8ms on a fast desktop, 5.7% of the QEMU setup time). On a slower host, the regression could be much larger. Instead, add a special case to initialize the kernel's BSS IPA range. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/kvm_arm.h | 5 +++++ hw/arm/boot.c | 11 +++++++++++ target/arm/kvm-rme.c | 10 ++++++++++ 3 files changed, 26 insertions(+) diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index 47777386b0..4b787dd628 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -218,6 +218,7 @@ int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level); int kvm_arm_rme_init(MachineState *ms); int kvm_arm_rme_vm_type(MachineState *ms); +void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size); bool kvm_arm_rme_enabled(void); int kvm_arm_rme_vcpu_init(CPUState *cs); @@ -243,6 +244,10 @@ static inline bool kvm_arm_sve_supported(void) return false; } +static inline void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size) +{ +} + /* * These functions should never actually be called without KVM support. */ diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 84ea6a807a..9f522e332b 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -26,6 +26,7 @@ #include "qemu/config-file.h" #include "qemu/option.h" #include "qemu/units.h" +#include "kvm_arm.h" /* Kernel boot protocol is specified in the kernel docs * Documentation/arm/Booting and Documentation/arm64/booting.txt @@ -850,6 +851,7 @@ static uint64_t load_aarch64_image(const char *filename, hwaddr mem_base, { hwaddr kernel_load_offset = KERNEL64_LOAD_ADDR; uint64_t kernel_size = 0; + uint64_t page_size; uint8_t *buffer; int size; @@ -916,6 +918,15 @@ static uint64_t load_aarch64_image(const char *filename, hwaddr mem_base, *entry = mem_base + kernel_load_offset; rom_add_blob_fixed_as(filename, buffer, size, *entry, as); + /* + * Register the kernel BSS as realm resource, so the kernel can use it right + * away. Align up to skip the last page, which still contains kernel + * data. + */ + page_size = qemu_real_host_page_size(); + kvm_arm_rme_init_guest_ram(QEMU_ALIGN_UP(*entry + size, page_size), + QEMU_ALIGN_DOWN(kernel_size - size, page_size)); + g_free(buffer); return kernel_size; diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index bee6694d6d..b2ad10ef6d 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -203,6 +203,16 @@ int kvm_arm_rme_init(MachineState *ms) return 0; } +/* + * kvm_arm_rme_init_guest_ram - Initialize a Realm IPA range + */ +void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size) +{ + if (rme_guest) { + rme_add_ram_region(base, size, /* populate */ false); + } +} + int kvm_arm_rme_vcpu_init(CPUState *cs) { ARMCPU *cpu = ARM_CPU(cs); From patchwork Fri Apr 19 15:57:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 55FD1C071FD for ; Fri, 19 Apr 2024 16:02:14 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgW-0002nf-Cz; Fri, 19 Apr 2024 12:01:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqem-0001HM-CR for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:09 -0400 Received: from mail-wr1-x42b.google.com ([2a00:1450:4864:20::42b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeb-00019n-Gs for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:03 -0400 Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-343f62d8124so1671013f8f.2 for ; Fri, 19 Apr 2024 08:59:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542396; x=1714147196; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NGiNId90k9KX3SXTPJi6tPTMfWtWfQF5tgGXpkmGlP0=; b=FrqCxC/NjLQLs/Gbie6xtXVMdAz7dcs83qPHEWSN4OR83iPUZL9ag+YDW+ffW+Dv5I n0XijXanJMjHoA0TaaqbzH3vd1fxZz/Cd7+Gjqbp/LHrIG3epytgYhzyz3JOGKRks+RL 6fnvREsC+FzRpPFG4knSjNgT6mlAWxJ0ZnDhA015tgon8SIvfX11cVJw1WGmripldQwp BVc34e7ERoUd4IygyN3+sZTQPPSVvqC2zsvlaWOrmPHdlgeMdJ58PgyJ6SXvdtddGJfG dHezuNjg+20aFNoPBX8kAb0Jii9zZlno7EVYArvSIbmbmtmikW0wqtXMZiJHFOxtlppQ VVFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542396; x=1714147196; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NGiNId90k9KX3SXTPJi6tPTMfWtWfQF5tgGXpkmGlP0=; b=dPx+JsXuc1KeZhDtpmWX7CtGVQDbucWNfHvYsynGcurKN18NorKPFreziTdG7fyclZ wKrwTlYTSgcVtRodl/5jRLHEYyaUXH5kRqbRQCjVfcuWbO7PvxDktY4eJtoz3FXuww4s nln6Z0FRKXqG858b8rBwnaRh/AK/slawIhme1SnQztIbtG7HuVc9dmDmIEWdlXn5O2ni vNO1ePSg4DfWBIw0hq6C9VSs2HZlYcvmhUmZbgLfb0SWoJZWoHEhDQFD49Sjz8dClwUF KmxyzVySmMtDVuEQg0Pyuws2Qaqlhhx5MXMAGFjwWcLBmm8y+JoiPgnOkCYzQWx4bDyW qCCQ== X-Forwarded-Encrypted: i=1; AJvYcCUjskbTYkf09xQMSWXufyOkroyda7G8XAwPpV4j1pFkV1Y/abQjLxTysN0MDSMC29j6M/aAlM7V3/mTRON7CtHGfRkcWWE= X-Gm-Message-State: AOJu0YzyUXi00NNrtSbSiT1we1f0w6elRHA1DAxPD//SaMq2jVJw48oU 5dTZ5hcNfiR5xslq3NWRyuTB75M8L+mzjytw9pPSnBwxKKqX6+Yf9CfnPSquZbY= X-Google-Smtp-Source: AGHT+IEhdxtppP9kmHLrBdgwLon9GtWvTfBqcoN9AEI8D9tYjvYBXXyC8l70AMes/yWD0DhD/oFlrA== X-Received: by 2002:adf:e68d:0:b0:34a:4eac:2e43 with SMTP id r13-20020adfe68d000000b0034a4eac2e43mr1716233wrm.68.1713542396105; Fri, 19 Apr 2024 08:59:56 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:55 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Eduardo Habkost Subject: [PATCH v2 14/22] target/arm/kvm-rme: Add Realm Personalization Value parameter Date: Fri, 19 Apr 2024 16:57:02 +0100 Message-ID: <20240419155709.318866-16-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42b; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The Realm Personalization Value (RPV) is provided by the user to distinguish Realms that have the same initial measurement. The user provides up to 64 hexadecimal bytes. They are stored into the RPV in the same order, zero-padded on the right. Cc: Eric Blake Cc: Markus Armbruster Cc: Daniel P. BerrangĂ© Cc: Eduardo Habkost Signed-off-by: Jean-Philippe Brucker Acked-by: Markus Armbruster --- v1->v2: Move parsing early, store as-is rather than reverted --- qapi/qom.json | 15 +++++- target/arm/kvm-rme.c | 111 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+), 1 deletion(-) diff --git a/qapi/qom.json b/qapi/qom.json index 623ec8071f..91654aa267 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -931,6 +931,18 @@ 'data': { '*cpu-affinity': ['uint16'], '*node-affinity': ['uint16'] } } +## +# @RmeGuestProperties: +# +# Properties for rme-guest objects. +# +# @personalization-value: Realm personalization value, as a 64-byte hex string +# (default: 0) +# +# Since: FIXME +## +{ 'struct': 'RmeGuestProperties', + 'data': { '*personalization-value': 'str' } } ## # @ObjectType: @@ -1066,7 +1078,8 @@ 'tls-creds-x509': 'TlsCredsX509Properties', 'tls-cipher-suites': 'TlsCredsProperties', 'x-remote-object': 'RemoteObjectProperties', - 'x-vfio-user-server': 'VfioUserServerProperties' + 'x-vfio-user-server': 'VfioUserServerProperties', + 'rme-guest': 'RmeGuestProperties' } } ## diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index b2ad10ef6d..cb5c3f7a22 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -23,10 +23,13 @@ OBJECT_DECLARE_SIMPLE_TYPE(RmeGuest, RME_GUEST) #define RME_PAGE_SIZE qemu_real_host_page_size() +#define RME_MAX_CFG 1 + struct RmeGuest { ConfidentialGuestSupport parent_obj; Notifier rom_load_notifier; GSList *ram_regions; + uint8_t *personalization_value; }; typedef struct { @@ -54,6 +57,48 @@ static int rme_create_rd(Error **errp) return ret; } +static int rme_configure_one(RmeGuest *guest, uint32_t cfg, Error **errp) +{ + int ret; + const char *cfg_str; + struct kvm_cap_arm_rme_config_item args = { + .cfg = cfg, + }; + + switch (cfg) { + case KVM_CAP_ARM_RME_CFG_RPV: + if (!guest->personalization_value) { + return 0; + } + memcpy(args.rpv, guest->personalization_value, KVM_CAP_ARM_RME_RPV_SIZE); + cfg_str = "personalization value"; + break; + default: + g_assert_not_reached(); + } + + ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_RME, 0, + KVM_CAP_ARM_RME_CONFIG_REALM, (intptr_t)&args); + if (ret) { + error_setg_errno(errp, -ret, "RME: failed to configure %s", cfg_str); + } + return ret; +} + +static int rme_configure(void) +{ + int ret; + int cfg; + + for (cfg = 0; cfg < RME_MAX_CFG; cfg++) { + ret = rme_configure_one(rme_guest, cfg, &error_abort); + if (ret) { + return ret; + } + } + return 0; +} + static void rme_populate_realm(gpointer data, gpointer unused) { int ret; @@ -98,6 +143,11 @@ static void rme_vm_state_change(void *opaque, bool running, RunState state) return; } + ret = rme_configure(); + if (ret) { + return; + } + ret = rme_create_rd(&error_abort); if (ret) { return; @@ -231,8 +281,69 @@ int kvm_arm_rme_vm_type(MachineState *ms) return 0; } +static char *rme_get_rpv(Object *obj, Error **errp) +{ + RmeGuest *guest = RME_GUEST(obj); + GString *s; + int i; + + if (!guest->personalization_value) { + return NULL; + } + + s = g_string_sized_new(KVM_CAP_ARM_RME_RPV_SIZE * 2 + 1); + + for (i = 0; i < KVM_CAP_ARM_RME_RPV_SIZE; i++) { + g_string_append_printf(s, "%02x", guest->personalization_value[i]); + } + + return g_string_free(s, /* free_segment */ false); +} + +static void rme_set_rpv(Object *obj, const char *value, Error **errp) +{ + RmeGuest *guest = RME_GUEST(obj); + size_t len = strlen(value); + uint8_t *out; + int i = 1; + int ret; + + g_free(guest->personalization_value); + guest->personalization_value = out = g_malloc0(KVM_CAP_ARM_RME_RPV_SIZE); + + /* Two chars per byte */ + if (len > KVM_CAP_ARM_RME_RPV_SIZE * 2) { + error_setg(errp, "Realm Personalization Value is too large"); + return; + } + + /* First byte may have a single char */ + if (len % 2) { + ret = sscanf(value, "%1hhx", out++); + } else { + ret = sscanf(value, "%2hhx", out++); + i++; + } + if (ret != 1) { + error_setg(errp, "Invalid Realm Personalization Value"); + return; + } + + for (; i < len; i += 2) { + ret = sscanf(value + i, "%2hhx", out++); + if (ret != 1) { + error_setg(errp, "Invalid Realm Personalization Value"); + return; + } + } +} + static void rme_guest_class_init(ObjectClass *oc, void *data) { + object_class_property_add_str(oc, "personalization-value", rme_get_rpv, + rme_set_rpv); + object_class_property_set_description(oc, "personalization-value", + "Realm personalization value (512-bit hexadecimal number)"); } static void rme_guest_instance_init(Object *obj) From patchwork Fri Apr 19 15:57:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636567 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D142BC4345F for ; Fri, 19 Apr 2024 16:06:31 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqiC-0007rk-54; Fri, 19 Apr 2024 12:03:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqem-0001H9-7w for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:09 -0400 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqec-0001A6-D4 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:04 -0400 Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-349c4505058so1530454f8f.3 for ; Fri, 19 Apr 2024 08:59:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542397; x=1714147197; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+TiMKcfhWWVprWCCg72qipd7OlTmHhGexnpkTMCgpYM=; b=ohvELi5kF2Z7//dporjkfMKx3eCNpH+Ju7hR9pSWRsUEMZMnViZLx2Qg0Gzv6DhTOl NwHAiSAiSzG2dO3GiuSLVaiF8gqRRo3FQC3Rq0BJ+tnp0/s8K8/PlUxIOd8wQ1wN9VNT dkm/Xl0rwOpThzIlkDss+bk4d7219VZryM01odhu++5HpZCJB76DHHIkx4I56Nv/Uqep zzsz0J1eolpO38MSbwJXc2q8x4cypfAW916zQeIA0fpMLI9yFFqfXukyC1hSHuX3k3NB blCqMPyjM66BymljfgGYlwMCoaKlpg6U/2Yu/DOmoBU/IKug1/DEp98XcY8qofPW1Be2 YzQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542397; x=1714147197; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+TiMKcfhWWVprWCCg72qipd7OlTmHhGexnpkTMCgpYM=; b=CLEsiwOQ07uOTjaK6pRchtSgpoVy8W406PrNh4wAz2hB8pE+GVwobkqyBEw2b9KVco Djk8vcxdc6cALOs/VdWdZQfw4WS+Ar/ERgNBGKgCG2thd9jI0o2hp+qwt9p68rv/wZuJ mDXGMvt88l99IVEjqsDyMgp/J8ZYGYlAfJnwpu3BXmzFMC2yqxJwF4pH7yjl42coHLNn KED1AIrtrLUkHQ7V2dtZmomoJ3mCiL2zi6KtEKSTqWA3uMT4QY0G/we9aSjhS81eeYHM azwO27vtxbstE809uk8SJCP36du8R8M3aIA75oOaDCehbyKBYC0msCr2O+5ODr68s6Jw aZYQ== X-Forwarded-Encrypted: i=1; AJvYcCVb0TGUAx0ptp+RF9YA4clAZ8JnNkoA9uWqA3cWoce01m1STsrPBQfIBbNk6kQaRcdBr9RVKEBD2rRIDxigujADITs1Fbs= X-Gm-Message-State: AOJu0Yxbzvak+YB5BgLL9JU5uvf5jth9LmbwiEM8es9hLeIgqY0dwEKU HmUrVqTfFGIaG0UTglUWojjm6V633qJZDfQ1CZcDXNDwmPjn5+vsRBcMwxI4XG0= X-Google-Smtp-Source: AGHT+IEwMNMLMdwWzlmJIUijREc2Qf1Prq2dWY2hHTVBkRybeXPJsUyb6aSDemSmIpD+IWAfnVHXvQ== X-Received: by 2002:adf:ce11:0:b0:343:3db9:6602 with SMTP id p17-20020adfce11000000b003433db96602mr1749385wrn.66.1713542396911; Fri, 19 Apr 2024 08:59:56 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:56 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Eduardo Habkost Subject: [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property Date: Fri, 19 Apr 2024 16:57:03 +0100 Message-ID: <20240419155709.318866-17-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org This option selects which measurement algorithm to use for attestation. Supported values are SHA256 and SHA512. Default to SHA512 arbitrarily. SHA512 is generally faster on 64-bit architectures. On a few arm64 CPUs I tested SHA256 is much faster, but that's most likely because they only support acceleration via FEAT_SHA256 (Armv8.0) and not FEAT_SHA512 (Armv8.2). Future CPUs supporting RME are likely to also support FEAT_SHA512. Cc: Eric Blake Cc: Markus Armbruster Cc: Daniel P. BerrangĂ© Cc: Eduardo Habkost Signed-off-by: Jean-Philippe Brucker Acked-by: Markus Armbruster --- v1->v2: use enum, pick default --- qapi/qom.json | 18 +++++++++++++++++- target/arm/kvm-rme.c | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 91654aa267..84dce666b2 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -931,18 +931,34 @@ 'data': { '*cpu-affinity': ['uint16'], '*node-affinity': ['uint16'] } } +## +# @RmeGuestMeasurementAlgo: +# +# @sha256: Use the SHA256 algorithm +# @sha512: Use the SHA512 algorithm +# +# Algorithm to use for realm measurements +# +# Since: FIXME +## +{ 'enum': 'RmeGuestMeasurementAlgo', + 'data': ['sha256', 'sha512'] } + ## # @RmeGuestProperties: # # Properties for rme-guest objects. # +# @measurement-algo: Realm measurement algorithm (default: sha512) +# # @personalization-value: Realm personalization value, as a 64-byte hex string # (default: 0) # # Since: FIXME ## { 'struct': 'RmeGuestProperties', - 'data': { '*personalization-value': 'str' } } + 'data': { '*personalization-value': 'str', + '*measurement-algo': 'RmeGuestMeasurementAlgo' } } ## # @ObjectType: diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index cb5c3f7a22..8f39e54aaa 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -23,13 +23,14 @@ OBJECT_DECLARE_SIMPLE_TYPE(RmeGuest, RME_GUEST) #define RME_PAGE_SIZE qemu_real_host_page_size() -#define RME_MAX_CFG 1 +#define RME_MAX_CFG 2 struct RmeGuest { ConfidentialGuestSupport parent_obj; Notifier rom_load_notifier; GSList *ram_regions; uint8_t *personalization_value; + RmeGuestMeasurementAlgo measurement_algo; }; typedef struct { @@ -73,6 +74,19 @@ static int rme_configure_one(RmeGuest *guest, uint32_t cfg, Error **errp) memcpy(args.rpv, guest->personalization_value, KVM_CAP_ARM_RME_RPV_SIZE); cfg_str = "personalization value"; break; + case KVM_CAP_ARM_RME_CFG_HASH_ALGO: + switch (guest->measurement_algo) { + case RME_GUEST_MEASUREMENT_ALGO_SHA256: + args.hash_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA256; + break; + case RME_GUEST_MEASUREMENT_ALGO_SHA512: + args.hash_algo = KVM_CAP_ARM_RME_MEASUREMENT_ALGO_SHA512; + break; + default: + g_assert_not_reached(); + } + cfg_str = "hash algorithm"; + break; default: g_assert_not_reached(); } @@ -338,12 +352,34 @@ static void rme_set_rpv(Object *obj, const char *value, Error **errp) } } +static int rme_get_measurement_algo(Object *obj, Error **errp) +{ + RmeGuest *guest = RME_GUEST(obj); + + return guest->measurement_algo; +} + +static void rme_set_measurement_algo(Object *obj, int algo, Error **errp) +{ + RmeGuest *guest = RME_GUEST(obj); + + guest->measurement_algo = algo; +} + static void rme_guest_class_init(ObjectClass *oc, void *data) { object_class_property_add_str(oc, "personalization-value", rme_get_rpv, rme_set_rpv); object_class_property_set_description(oc, "personalization-value", "Realm personalization value (512-bit hexadecimal number)"); + + object_class_property_add_enum(oc, "measurement-algo", + "RmeGuestMeasurementAlgo", + &RmeGuestMeasurementAlgo_lookup, + rme_get_measurement_algo, + rme_set_measurement_algo); + object_class_property_set_description(oc, "measurement-algo", + "Realm measurement algorithm ('sha256', 'sha512')"); } static void rme_guest_instance_init(Object *obj) @@ -353,6 +389,7 @@ static void rme_guest_instance_init(Object *obj) exit(1); } rme_guest = RME_GUEST(obj); + rme_guest->measurement_algo = RME_GUEST_MEASUREMENT_ALGO_SHA512; } static const TypeInfo rme_guest_info = { From patchwork Fri Apr 19 15:57:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636570 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 76E5AC04FF6 for ; Fri, 19 Apr 2024 16:08:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgi-0003Zv-1L; Fri, 19 Apr 2024 12:02:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqem-0001HR-FW for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:09 -0400 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqed-0001Ae-Gx for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:05 -0400 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-4155819f710so18449415e9.2 for ; Fri, 19 Apr 2024 08:59:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542397; x=1714147197; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KYvfcDH3KQ6snrWfH/Ek9+OMW5ZpL7gVRfc7ZM2MjAE=; b=Y+ohttYQfHjjJnf/3MSLrEAKf3wSDThY7PDowVpTA4t6Wgi+UoYsnt2CadwweB1jsj FrLRmUIS4UQcth0kp4Yux8Hm1GhVzkrJMvIeSwd6e42D/v1juQ/lrFipNEeyCjjO6CXR sD42VtQZT9Om1wZ2Jrt5zjE/jfz46ZU6X1Fuf96QE+PDcFoj88ijOSfVm0I1UcS2yzSX Z8cFjl0L2Gft0RBpabHG6DLBX35ehtHVxVfSieof6Wlk07IxkSPpQCZH9/pfmWyyy3sC QyholOuwsLjFsSe7TkzkLjIpAnIbzYT4IE55geNiEO6rpuGz6FREOFyro/BbVIv2TXLt J1Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542397; x=1714147197; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KYvfcDH3KQ6snrWfH/Ek9+OMW5ZpL7gVRfc7ZM2MjAE=; b=LN6/11rMDlHVVGwDhk8gBAKGxH7sOETD5PVSuJ3ApsIhCzmn7FK9V38hNdaQcuUVfY EUCLq8fwcpGMtcL5M4rV9UTcY/6vQi0o5FRlaARqgOrtai4/KONFjO4NJZiXiDcl/pPK 92RTrMYQixEb2GZ5sDHglDb6aVFhlQ8s4qwO02QQAC6fN/Os3igG8DKRQQpEL4FF8iBL ryJUVkvqy74tesO1ZjHaMhTNC6Pe3kBw6RTG3FjXBuIwth4ZIxVkQ7PQ1C2FHIc/ltta CpmtUOF7qLwtd309vdQ0ZH81syFus2k2qoqiyy8YJTBIOcWg5LaJpfnL8fYKXHvm6LJH hWAg== X-Forwarded-Encrypted: i=1; AJvYcCWC30Oa6knmYysu5Hyd7jFSFLC5z/Va9TEDcWyAdH+k2tHzcFjidMRUPyrOka1dfDADVnrYnFJVysqEO7w9dzH6toCRulk= X-Gm-Message-State: AOJu0YwEpdJmsOrVcs1O7GTlpfwyEg5gUiGMNH+9a/6S0DTQQDe5tYEK nryft10F2CHykaSmBtIWm82HuU1OajJk5dGO1Wmq7eUXIZzuaupFYIcd/7bDU+8= X-Google-Smtp-Source: AGHT+IHNyNL2Q29+VBI1a+s20xx7GAuvwPFbUqa9vNRiWfqyeebNx8G45kD+mJ1WZo6VGxRdo9wECg== X-Received: by 2002:adf:eb84:0:b0:34a:d5e:afd2 with SMTP id t4-20020adfeb84000000b0034a0d5eafd2mr1598954wrn.4.1713542397562; Fri, 19 Apr 2024 08:59:57 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:57 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 16/22] target/arm/cpu: Set number of breakpoints and watchpoints in KVM Date: Fri, 19 Apr 2024 16:57:04 +0100 Message-ID: <20240419155709.318866-18-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add "num-breakpoints" and "num-watchpoints" CPU parameters to configure the debug features that KVM presents to the guest. The KVM vCPU configuration is modified by calling SET_ONE_REG on the ID register. This is needed for Realm VMs, whose parameters include breakpoints and watchpoints, and influence the Realm Initial Measurement. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/cpu.h | 4 ++ target/arm/kvm_arm.h | 2 + target/arm/arm-qmp-cmds.c | 1 + target/arm/cpu64.c | 77 +++++++++++++++++++++++++++++++++++++++ target/arm/kvm.c | 56 +++++++++++++++++++++++++++- 5 files changed, 139 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index d3ff1b4a31..24080da2b7 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1089,6 +1089,10 @@ struct ArchCPU { /* Generic timer counter frequency, in Hz */ uint64_t gt_cntfrq_hz; + + /* Allows to override the default configuration */ + uint8_t num_bps; + uint8_t num_wps; }; typedef struct ARMCPUInfo { diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index 4b787dd628..b040686eab 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -16,6 +16,8 @@ #define KVM_ARM_VGIC_V2 (1 << 0) #define KVM_ARM_VGIC_V3 (1 << 1) +#define KVM_REG_ARM_ID_AA64DFR0_EL1 ARM64_SYS_REG(3, 0, 0, 5, 0) + /** * kvm_arm_register_device: * @mr: memory region for this device diff --git a/target/arm/arm-qmp-cmds.c b/target/arm/arm-qmp-cmds.c index 3cc8cc738b..0f574bb1dd 100644 --- a/target/arm/arm-qmp-cmds.c +++ b/target/arm/arm-qmp-cmds.c @@ -95,6 +95,7 @@ static const char *cpu_model_advertised_features[] = { "sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048", "kvm-no-adjvtime", "kvm-steal-time", "pauth", "pauth-impdef", "pauth-qarma3", + "num-breakpoints", "num-watchpoints", NULL }; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 985b1efe16..9ca74eb019 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -571,6 +571,82 @@ void aarch64_add_pauth_properties(Object *obj) } } +#if defined(CONFIG_KVM) +static void arm_cpu_get_num_wps(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint8_t val; + ARMCPU *cpu = ARM_CPU(obj); + + val = cpu->num_wps; + if (val == 0) { + val = FIELD_EX64(cpu->isar.id_aa64dfr0, ID_AA64DFR0, WRPS) + 1; + } + + visit_type_uint8(v, name, &val, errp); +} + +static void arm_cpu_set_num_wps(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint8_t val; + ARMCPU *cpu = ARM_CPU(obj); + uint8_t max_wps = FIELD_EX64(cpu->isar.id_aa64dfr0, ID_AA64DFR0, WRPS) + 1; + + if (!visit_type_uint8(v, name, &val, errp)) { + return; + } + + if (val < 2 || val > max_wps) { + error_setg(errp, "invalid number of watchpoints"); + return; + } + + cpu->num_wps = val; +} + +static void arm_cpu_get_num_bps(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint8_t val; + ARMCPU *cpu = ARM_CPU(obj); + + val = cpu->num_bps; + if (val == 0) { + val = FIELD_EX64(cpu->isar.id_aa64dfr0, ID_AA64DFR0, BRPS) + 1; + } + + visit_type_uint8(v, name, &val, errp); +} + +static void arm_cpu_set_num_bps(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint8_t val; + ARMCPU *cpu = ARM_CPU(obj); + uint8_t max_bps = FIELD_EX64(cpu->isar.id_aa64dfr0, ID_AA64DFR0, BRPS) + 1; + + if (!visit_type_uint8(v, name, &val, errp)) { + return; + } + + if (val < 2 || val > max_bps) { + error_setg(errp, "invalid number of breakpoints"); + return; + } + + cpu->num_bps = val; +} + +static void aarch64_add_kvm_writable_properties(Object *obj) +{ + object_property_add(obj, "num-breakpoints", "uint8", arm_cpu_get_num_bps, + arm_cpu_set_num_bps, NULL, NULL); + object_property_add(obj, "num-watchpoints", "uint8", arm_cpu_get_num_wps, + arm_cpu_set_num_wps, NULL, NULL); +} +#endif /* CONFIG_KVM */ + void arm_cpu_lpa2_finalize(ARMCPU *cpu, Error **errp) { uint64_t t; @@ -713,6 +789,7 @@ static void aarch64_host_initfn(Object *obj) if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { aarch64_add_sve_properties(obj); aarch64_add_pauth_properties(obj); + aarch64_add_kvm_writable_properties(obj); } #elif defined(CONFIG_HVF) ARMCPU *cpu = ARM_CPU(obj); diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 6d368bf442..623980a25b 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -318,7 +318,7 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64smfr0, ARM64_SYS_REG(3, 0, 0, 4, 5)); err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64dfr0, - ARM64_SYS_REG(3, 0, 0, 5, 0)); + KVM_REG_ARM_ID_AA64DFR0_EL1); err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64dfr1, ARM64_SYS_REG(3, 0, 0, 5, 1)); err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64isar0, @@ -876,6 +876,54 @@ out: return ret; } +static void kvm_arm_configure_aa64dfr0(ARMCPU *cpu) +{ + int ret; + uint64_t val, newval; + CPUState *cs = CPU(cpu); + + if (!cpu->num_bps && !cpu->num_wps) { + return; + } + + newval = cpu->isar.id_aa64dfr0; + if (cpu->num_bps) { + uint64_t ctx_cmps = FIELD_EX64(newval, ID_AA64DFR0, CTX_CMPS); + + /* CTX_CMPs is never greater than BRPs */ + ctx_cmps = MIN(ctx_cmps, cpu->num_bps - 1); + newval = FIELD_DP64(newval, ID_AA64DFR0, BRPS, cpu->num_bps - 1); + newval = FIELD_DP64(newval, ID_AA64DFR0, CTX_CMPS, ctx_cmps); + } + if (cpu->num_wps) { + newval = FIELD_DP64(newval, ID_AA64DFR0, WRPS, cpu->num_wps - 1); + } + ret = kvm_set_one_reg(cs, KVM_REG_ARM_ID_AA64DFR0_EL1, &newval); + if (ret) { + error_report("Failed to set KVM_REG_ARM_ID_AA64DFR0_EL1"); + return; + } + + /* + * Check if the write succeeded. KVM does offer the writable mask for this + * register, but this way we also check if the value we wrote was sane. + */ + ret = kvm_get_one_reg(cs, KVM_REG_ARM_ID_AA64DFR0_EL1, &val); + if (ret) { + error_report("Failed to get KVM_REG_ARM_ID_AA64DFR0_EL1"); + return; + } + + if (val != newval) { + error_report("Failed to update KVM_REG_ARM_ID_AA64DFR0_EL1"); + } +} + +static void kvm_arm_configure_vcpu_regs(ARMCPU *cpu) +{ + kvm_arm_configure_aa64dfr0(cpu); +} + /** * kvm_arm_cpreg_level: * @regidx: KVM register index @@ -995,6 +1043,12 @@ void kvm_arm_reset_vcpu(ARMCPU *cpu) fprintf(stderr, "kvm_arm_vcpu_init failed: %s\n", strerror(-ret)); abort(); } + + /* + * Before loading the KVM values into CPUState, update the KVM configuration + */ + kvm_arm_configure_vcpu_regs(cpu); + if (!write_kvmstate_to_list(cpu)) { fprintf(stderr, "write_kvmstate_to_list failed\n"); abort(); From patchwork Fri Apr 19 15:57:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636548 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D4544C07C79 for ; Fri, 19 Apr 2024 16:03:49 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgj-0003iF-4q; Fri, 19 Apr 2024 12:02:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqem-0001HT-FZ for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:09 -0400 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqed-0001At-Jm for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:06 -0400 Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-34a3e0b31e6so1235308f8f.1 for ; Fri, 19 Apr 2024 08:59:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542398; x=1714147198; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sdsJt69+Vn2LQu2a//QmjSh4AtFMIlHO+kRO+YRpF0Q=; b=tHnKaGHk/TAzn7mz7wZx1k25nMqVfSLoOhvUQ/b1QS7gs+oIJed4WxFySEEqhTy5/k M9XKFCOEKlr7dUYbyttMfzpR7jz1XFfcx3k2iE8uKwGdfP67oaOv0qnyfRRLUJmvAj2G S1+oMMCWZGBMmr/yaKK2Au6F9ynAWONo6LTRVQgk/b+rbrrmfWPMSxkbZVtBIxlYDcQx /WuXbjsrECHy/aGlvWr7IpFIO6S7jhN1bvveYkt5U1A4XUC0aSUrA8TIZoljLJjL0TcQ oTRK6dVTyKdaYaSw/C+cD6xTaaxb7r8XWtnW7NFdxM2fUWjElO847E0gw3RpHr9RyAvd wTnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542398; x=1714147198; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sdsJt69+Vn2LQu2a//QmjSh4AtFMIlHO+kRO+YRpF0Q=; b=NAhuKfCoR8O7qUej+CLtxO1lJYopXEcrN65AuP3zf4fcv5A38/z8sLmrG27zQ2hBXu dCXPb96m2r9gHG90Rx1A6JzqEGkPZCyhxN7QTC4k4hwOUo1WYiAHO3pNKQP1NHaSpXsa 5e6fCPxyQYj5hSkYcsNHguDyjKgJO7nwUasVOc47icX4q9ccVRS2rGAuBGiLgijvvtKl /d0GIBxYJQjl5M4DClcAzwCW9gJP7xcrXiihdZmmFjvOUBbRF/XZ05e9N0WfguR365h5 Jj2ybY2WdjT+faxLR0nFGBmYymczd/pXSGWkb+Zc/blacH3xDnYjs2hZJ4hQValPlOFJ t9xQ== X-Forwarded-Encrypted: i=1; AJvYcCUCGMhOasjz/JHBHDF3itnqUXg9qK2yyf+wHW4EM30GR1V/kEUB36q4wZxYnAWI6vfs0WMLABdYcPED5rwexSDW05IJbJ0= X-Gm-Message-State: AOJu0YwpY7pAeX8THAw42cBgVTVG5OfSQHJUhz9WUFhPOjEdcot07aFR 8EjsWfr5yzHu6QUAImcma17Q90jOdRbPZHYUOct2e61weYb0nOi3y2tw7jc6L9M= X-Google-Smtp-Source: AGHT+IGNEE/ZTIzfkGoDmlqGbmqGKRHYpsN+u5qQoorOaVeIoEGpyOeiLlHyPQ/djbxbYUKJ99BAEA== X-Received: by 2002:adf:e044:0:b0:34a:cc3:806 with SMTP id w4-20020adfe044000000b0034a0cc30806mr1583821wrh.51.1713542398179; Fri, 19 Apr 2024 08:59:58 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:57 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 17/22] target/arm/cpu: Set number of PMU counters in KVM Date: Fri, 19 Apr 2024 16:57:05 +0100 Message-ID: <20240419155709.318866-19-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::435; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x435.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add a "num-pmu-counters" CPU parameter to configure the number of counters that KVM presents to the guest. This is needed for Realm VMs, whose parameters include the number of PMU counters and influence the Realm Initial Measurement. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/cpu.h | 3 +++ target/arm/kvm_arm.h | 1 + target/arm/arm-qmp-cmds.c | 2 +- target/arm/cpu64.c | 41 +++++++++++++++++++++++++++++++++++++++ target/arm/kvm.c | 34 +++++++++++++++++++++++++++++++- 5 files changed, 79 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 24080da2b7..84f3a67dab 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1093,6 +1093,7 @@ struct ArchCPU { /* Allows to override the default configuration */ uint8_t num_bps; uint8_t num_wps; + int8_t num_pmu_ctrs; }; typedef struct ARMCPUInfo { @@ -2312,6 +2313,8 @@ FIELD(MFAR, FPA, 12, 40) FIELD(MFAR, NSE, 62, 1) FIELD(MFAR, NS, 63, 1) +FIELD(PMCR, N, 11, 5) + QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK); /* If adding a feature bit which corresponds to a Linux ELF diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index b040686eab..62e39e7184 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -17,6 +17,7 @@ #define KVM_ARM_VGIC_V3 (1 << 1) #define KVM_REG_ARM_ID_AA64DFR0_EL1 ARM64_SYS_REG(3, 0, 0, 5, 0) +#define KVM_REG_ARM_PMCR_EL0 ARM64_SYS_REG(3, 3, 9, 12, 0) /** * kvm_arm_register_device: diff --git a/target/arm/arm-qmp-cmds.c b/target/arm/arm-qmp-cmds.c index 0f574bb1dd..985d4270b8 100644 --- a/target/arm/arm-qmp-cmds.c +++ b/target/arm/arm-qmp-cmds.c @@ -95,7 +95,7 @@ static const char *cpu_model_advertised_features[] = { "sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048", "kvm-no-adjvtime", "kvm-steal-time", "pauth", "pauth-impdef", "pauth-qarma3", - "num-breakpoints", "num-watchpoints", + "num-breakpoints", "num-watchpoints", "num-pmu-counters", NULL }; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 9ca74eb019..6c2b922d93 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -638,12 +638,53 @@ static void arm_cpu_set_num_bps(Object *obj, Visitor *v, const char *name, cpu->num_bps = val; } +static void arm_cpu_get_num_pmu_ctrs(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint8_t val; + ARMCPU *cpu = ARM_CPU(obj); + + if (cpu->num_pmu_ctrs == -1) { + val = FIELD_EX64(cpu->isar.reset_pmcr_el0, PMCR, N); + } else { + val = cpu->num_pmu_ctrs; + } + + visit_type_uint8(v, name, &val, errp); +} + +static void arm_cpu_set_num_pmu_ctrs(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + uint8_t val; + ARMCPU *cpu = ARM_CPU(obj); + uint8_t max_ctrs = FIELD_EX64(cpu->isar.reset_pmcr_el0, PMCR, N); + + if (!visit_type_uint8(v, name, &val, errp)) { + return; + } + + if (val > max_ctrs) { + error_setg(errp, "invalid number of PMU counters"); + return; + } + + cpu->num_pmu_ctrs = val; +} + static void aarch64_add_kvm_writable_properties(Object *obj) { + ARMCPU *cpu = ARM_CPU(obj); + object_property_add(obj, "num-breakpoints", "uint8", arm_cpu_get_num_bps, arm_cpu_set_num_bps, NULL, NULL); object_property_add(obj, "num-watchpoints", "uint8", arm_cpu_get_num_wps, arm_cpu_set_num_wps, NULL, NULL); + + cpu->num_pmu_ctrs = -1; + object_property_add(obj, "num-pmu-counters", "uint8", + arm_cpu_get_num_pmu_ctrs, arm_cpu_set_num_pmu_ctrs, + NULL, NULL); } #endif /* CONFIG_KVM */ diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 623980a25b..9855cadb1b 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -418,7 +418,7 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) if (pmu_supported) { /* PMCR_EL0 is only accessible if the vCPU has feature PMU_V3 */ err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0, - ARM64_SYS_REG(3, 3, 9, 12, 0)); + KVM_REG_ARM_PMCR_EL0); } if (sve_supported) { @@ -919,9 +919,41 @@ static void kvm_arm_configure_aa64dfr0(ARMCPU *cpu) } } +static void kvm_arm_configure_pmcr(ARMCPU *cpu) +{ + int ret; + uint64_t val, newval; + CPUState *cs = CPU(cpu); + + if (cpu->num_pmu_ctrs == -1) { + return; + } + + newval = FIELD_DP64(cpu->isar.reset_pmcr_el0, PMCR, N, cpu->num_pmu_ctrs); + ret = kvm_set_one_reg(cs, KVM_REG_ARM_PMCR_EL0, &newval); + if (ret) { + error_report("Failed to set KVM_REG_ARM_PMCR_EL0"); + return; + } + + /* + * Check if the write succeeded, since older versions of KVM ignore it. + */ + ret = kvm_get_one_reg(cs, KVM_REG_ARM_PMCR_EL0, &val); + if (ret) { + error_report("Failed to get KVM_REG_ARM_PMCR_EL0"); + return; + } + + if (val != newval) { + error_report("Failed to update KVM_REG_ARM_PMCR_EL0"); + } +} + static void kvm_arm_configure_vcpu_regs(ARMCPU *cpu) { kvm_arm_configure_aa64dfr0(cpu); + kvm_arm_configure_pmcr(cpu); } /** From patchwork Fri Apr 19 15:57:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636543 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A5028C07C79 for ; Fri, 19 Apr 2024 16:03:02 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgm-00043s-BD; Fri, 19 Apr 2024 12:02:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqem-0001HP-GM for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:09 -0400 Received: from mail-wr1-x436.google.com ([2a00:1450:4864:20::436]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqee-0001B9-BK for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:06 -0400 Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-349545c3eb8so1530773f8f.2 for ; Fri, 19 Apr 2024 08:59:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542399; x=1714147199; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x3JoLPVQQvT5k1rWnbAuPJlJNM/iQBnM7RUlxuCBbcU=; b=QrjAZlgdKTOMz5j+Feqy1hH9c9e28jzzjaedF2IfvpHIBsAm4RhJ4XGfY1GGb5pluJ R8REHxE8cpUt+D51vnCOGU4hfksjYf9bb+BASIVTryz/7SJiT9QvkGm2+qasw5AjveKO 877RXRJ3LwRsZN6zifIq/VkY/AT1PauQsroQpP/firmWmA2Nmhs3lwjgiPBfzOp7TmZB Z9pr7Qodj3I/BBg2te8zUdaCHUihzctWkSOv5bC+6PCJBzCeYv39WZFEvz8WopB+ijM1 EamJ50ryI5+iIJjtgg36m+FvDlKcsm78GyJmE51zFIiW+mjhhuAUWM3XXvPTwwLUD19m Zjhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542399; x=1714147199; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x3JoLPVQQvT5k1rWnbAuPJlJNM/iQBnM7RUlxuCBbcU=; b=vdYdyR4nMIc7WWrItEnsEJJ3mu2tG/SFl8w5vw4v3yfOHvGo6vB0zO/t0lGLFdfayR 9K7CSeCQ4HZMrmXbSzMAl5BkYnGA5vSE6hcPzbFqx/bSX2+uf64jsXRJApU+MDQypgCN jX3CrE4M1kaFek/D+3wB4jmGnkLh10oKJWicefgvZ+fWfND8Xu9ZvEJ5nLvidiAS79EQ K23cnt9pM+oFAflD/AtaXoe76BAv4NfzobWHFlN+8QNgOcrRspO89ozj8EPdLm83eCy1 3o0qgEia8P4rsA20tzW/hOIhpR3PrpwWaivGDKRsWRIrQj/JEaHWIAnFFlSE/jhSve5y 2eTA== X-Forwarded-Encrypted: i=1; AJvYcCU16t6pQhEBzwJc1zxchQ0NyO7K5y1iAghgnlVRNlSj8WkPDvTjThTLp8766C84Vebr6CObAts3fG0gdjMRsYVeJyVPwrg= X-Gm-Message-State: AOJu0YzDUXcvA/WkC52R6vgQhnfcIsclGv67WO1ok4TCF6o4ixSJv/oh TA8k53I/VBG6RR79jZXuLz7rdXmU1BUpkvwRJLOhTg9JI0RnR9zlTvEfNlNBNQc= X-Google-Smtp-Source: AGHT+IHnxptXvLJAPUL2didr1nfepWS4oCESmrqqIlU1k9RReNLLbvyLdOAWHLHwb9pBReExK6Cq2A== X-Received: by 2002:a5d:628c:0:b0:349:cba9:572d with SMTP id k12-20020a5d628c000000b00349cba9572dmr1732749wru.54.1713542398799; Fri, 19 Apr 2024 08:59:58 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:58 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 18/22] target/arm/kvm: Disable Realm reboot Date: Fri, 19 Apr 2024 16:57:06 +0100 Message-ID: <20240419155709.318866-20-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::436; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x436.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org A realm cannot be reset, it must be recreated from scratch. The RMM specification defines states of a Realm as NEW -> ACTIVE -> SYSTEM_OFF, after which the Realm can only be destroyed. A PCSI_SYSTEM_RESET call, which normally reboots the system, puts the Realm in SYSTEM_OFF state. QEMU does not support recreating a VM. Normally, a reboot request by the guest causes all devices to reset, which cannot work for a Realm. Indeed, loading images into Realm memory and changing the PC is only allowed for a Realm in NEW state. Resetting the images for a Realm in SYSTEM_OFF state will cause QEMU to crash with a bus error. Handle reboot requests by the guest more gracefully, by indicating to runstate.c that the vCPUs of a Realm are not resettable, and that QEMU should exit. Reviewed-by: Richard Henderson Signed-off-by: Jean-Philippe Brucker --- target/arm/kvm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 9855cadb1b..60c2ef9388 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -1694,7 +1694,8 @@ int kvm_arch_msi_data_to_gsi(uint32_t data) bool kvm_arch_cpu_check_are_resettable(void) { - return true; + /* A Realm cannot be reset */ + return !kvm_arm_rme_enabled(); } static void kvm_arch_get_eager_split_size(Object *obj, Visitor *v, From patchwork Fri Apr 19 15:57:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636573 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BD7E9C4345F for ; Fri, 19 Apr 2024 16:09:13 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqht-0007C5-Bl; Fri, 19 Apr 2024 12:03:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqem-0001HN-Cp for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:09 -0400 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqef-0001BW-4r for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:07 -0400 Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-34a4772d5easo1176379f8f.0 for ; Fri, 19 Apr 2024 09:00:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542399; x=1714147199; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jIcQyW6KzhNyvwt6+UmGVqg4qIIzzlR1XREhlouJbsQ=; b=aLuni6O2CfN0M94nZsISYxn09Oln0L6lJvO5GmzfUdl/3ZC1tTvB6FTVUEPx6UY7gq XCIGCmelcLCEIDcb7P7VSia5kSFVHBjPTApr0Mg+0VKRgALRUsX1CrM4tZHkXwAU/jbb uzSwDNpU/MzYb/QSjLugeQISkSopeEkWrfWOm47jzDESzSTksa8vad1Wy1muxT6JFzBU TT8SfOPSZmtaT+kT1BeDZvkziB52dmh43nNTA+m9GhSbT/w74gfJNSgvLCJQhweHK4rR UMxqvxZ7LmgJ/xShBAHMBu79FzuokR4bLpKQYFE8WOPmJZf/N+hrzRNKPy41gz3bqxVf eIEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542399; x=1714147199; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jIcQyW6KzhNyvwt6+UmGVqg4qIIzzlR1XREhlouJbsQ=; b=vfDrIbnEuUeMIqran5EWu3fRoMBgF78DxBSNejk5HkkEsz1iI33RehTYeEkqwDiel0 1+gQ3ZaH2MWkZvm/263AUkNQ6wtdmPEDE9R107Cxm78mckTQoKwEynJeYvj6HJEqSPfu 7F3qvVXAMoatP6j2GAfs14a442oMcDcrFBMXVidb5F3hT97DPtaWG2nNhaOAroCnN+Bb Nk8Zz+yfv9dACOi2gcJYuecFbnpB1DVGEDIpefVkpsasew6IyJ5ynPfLX1jwVa9dISNl YMq1hyEt3icRDXnCiGSib9E2TMIlea67riFbN/Xj08U5AYPISAiNLbzD/CL3kFnYnh8j sFfA== X-Forwarded-Encrypted: i=1; AJvYcCXENcc4qkg5riQ39nF6r+6bnwrmpUTqin7J6FoWFUEySR9wHaRrkiOZmnlLyzUgNpFXRyZZdT6z3LxxOVIKGaoGTVvFg/M= X-Gm-Message-State: AOJu0YyMJuUZgdDYc5W8pHuwKZPhT5FKeaONr94IWn88h9kRHkvJMPQD 3JMww1/8D8Qvl68aPM1Kw4yDV7gJc3QwV4axtsyg1bcMPun/AbWr3bO+aWLUq4k= X-Google-Smtp-Source: AGHT+IGhGSM7QgbfXO8OR3slb7jRSos7wMZm9vS1hUM+S6LXvKS+/GJivhp4kH4tzFVyibQMKFVAWw== X-Received: by 2002:a5d:4589:0:b0:34a:5663:40e with SMTP id p9-20020a5d4589000000b0034a5663040emr1679936wrq.9.1713542399398; Fri, 19 Apr 2024 08:59:59 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:59 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 19/22] target/arm/cpu: Inform about reading confidential CPU registers Date: Fri, 19 Apr 2024 16:57:07 +0100 Message-ID: <20240419155709.318866-21-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The host cannot access registers of a Realm. Instead of showing all registers as zero in "info registers", display a message about this restriction. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/cpu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index ab8d007a86..18d1b88e2f 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1070,6 +1070,11 @@ static void aarch64_cpu_dump_state(CPUState *cs, FILE *f, int flags) const char *ns_status; bool sve; + if (cpu->kvm_rme) { + qemu_fprintf(f, "the CPU registers are confidential to the realm\n"); + return; + } + qemu_fprintf(f, " PC=%016" PRIx64 " ", env->pc); for (i = 0; i < 32; i++) { if (i == 31) { From patchwork Fri Apr 19 15:57:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636545 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E14A7C4345F for ; Fri, 19 Apr 2024 16:03:21 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqh6-0004uB-UJ; Fri, 19 Apr 2024 12:02:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqen-0001He-En for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:10 -0400 Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqef-0001Bn-Jp for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:08 -0400 Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-418c2bf2f90so12800835e9.1 for ; Fri, 19 Apr 2024 09:00:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542400; x=1714147200; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FkRIZYSXM60C11pVAmU0c6gDc0GU3jgcOc8qxUScJ1Y=; b=HXm0WKxJZuapCTyseNNu6b/ahE7eAiH7GdiHTSJF/2GE4xjaXSLBdOdJGo63ETPPub Y65256jbNksuCQ0ZJ9bfzTz+/8Azys6k30yWo8jVB1ktL9swCn09SdWII1L5TWqdahb2 R6GXSlK9u2ebQ5WuisTS0ePM98jUvjzVs5Q2IOM9a20YpRR7TdSpfsdfabZNzTNsEk6z 7gpL7R1FvyKE8CmuamlEZRAdKCgHh3IqI/aOqECYSU4NTi6lFeaeSYX1+53MyngClI1D qLHYUCvLePFHcURsYfe3fFbARkYAlwqX6Z6A9V47ITVqs86klM7pdveNT6L4RLqdr3h4 g8+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542400; x=1714147200; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FkRIZYSXM60C11pVAmU0c6gDc0GU3jgcOc8qxUScJ1Y=; b=RKHsHLObMxT0Ib/yVmuJUmkx2cp6JdmShcgLpY+SbyFVK9ift3PgyNTR08GGJuSJaW q83B5Sh21yKbCaC/YhAQBWYp1dX5PeJx8Irs+zkR4y5VESLINfU8fqu7GyuUclCT/n6F JptFSWk09cA6dp4DnRk6jolzQi+oVa9y+dnist2fBvGvpM011Gci5h74YVSEEq+ri4Ip mmM+GR5lTcvFThDgjUUOcVwc7dAp92c7KjXIwlNQ69TVPwI7jIF3XgDXI2rnwaPaKNa5 TvFs2qC3M2pcL6QFZJ/n0Qz6iL2LNfD1dPW9Hi5QQD8NlzO/HJSfsw90OIsWGOhUXE4u dBOA== X-Forwarded-Encrypted: i=1; AJvYcCXs+/k+0zQyeOUZN+2JwobCimt5Ft2Tn1pbcgx1m99ZkKgRsdF19mcjcZKK3xpW8CrMe6E3VMwhsWXSnt9f/Fv+fo4Hir0= X-Gm-Message-State: AOJu0Yzm9cQSZ4W6FbddNRKCO08j1ybul2wC5+66ifWRLAEJ19P46HJi Q3ce1ziDEICtX2Q8Stt6FH9dM+OX20CQnCPSsHNne/TQq/fhdw7Nt2g+MU8Q2Bg= X-Google-Smtp-Source: AGHT+IHAbdi0c326+6wQmTCOWDDeEMqnDrJNMO++dLbiFMIKRETjm2YK89aW5Ik3rFD1vYXenRdRYw== X-Received: by 2002:a05:600c:4c17:b0:418:f6e7:3599 with SMTP id d23-20020a05600c4c1700b00418f6e73599mr3254144wmp.3.1713542399993; Fri, 19 Apr 2024 08:59:59 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:59 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 20/22] target/arm/kvm-rme: Enable guest memfd Date: Fri, 19 Apr 2024 16:57:08 +0100 Message-ID: <20240419155709.318866-22-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32f; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x32f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Request that RAM block uses the KVM guest memfd call to allocate guest memory. With RME, guest memory is not accessible by the host, and using guest memfd ensures that the host kernel is aware of this and doesn't attempt to access guest pages. Done in a separate patch because ms->require_guest_memfd is not yet merged. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/kvm-rme.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index 8f39e54aaa..71cc1d4147 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -263,6 +263,7 @@ int kvm_arm_rme_init(MachineState *ms) rme_guest->rom_load_notifier.notify = rme_rom_load_notify; rom_add_load_notifier(&rme_guest->rom_load_notifier); + ms->require_guest_memfd = true; cgs->ready = true; return 0; } From patchwork Fri Apr 19 15:57:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636544 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8B9ACC071FD for ; Fri, 19 Apr 2024 16:03:02 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgk-0003qx-Vv; Fri, 19 Apr 2024 12:02:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqen-0001Hd-Dw for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:10 -0400 Received: from mail-wr1-x42a.google.com ([2a00:1450:4864:20::42a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeg-0001Bv-9o for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:08 -0400 Received: by mail-wr1-x42a.google.com with SMTP id ffacd0b85a97d-34388753650so1027760f8f.3 for ; Fri, 19 Apr 2024 09:00:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542400; x=1714147200; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8BWAuiO9PeeT7wJXoLX3l8pOkv9yYOvs9jxN8c0Qe4w=; b=ia0anlCwjHODhxg/poAUcqpCB6Ld1f+eUuRpJJuz8zv4m5GUg66XzRiOLRdJXXYlXR y8fceJioz/Dxf31mh8myQeT5iSxmW9vcLp61JdT9L1Ke4VUz8QqiZI8QYA7zblwBhOSK 9baxidZh/r98mDLzNvlAlQ78IYLa9FKULFqfMnqFpGha6CExHm9bY8zzpuw/LhoooOnr 04SJvWpbrRO84LjYTJal/mNtGchuu9R3EpSNWtRUq9QzgC3T95y08dqybyOyiClmk1cB W6zybA0iFJBvLP+J0yquYAEpS9ozhwKxtgAGjHNOQEMM0nowx4g842WX2eP0R97uHPGS sNQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542400; x=1714147200; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8BWAuiO9PeeT7wJXoLX3l8pOkv9yYOvs9jxN8c0Qe4w=; b=GVJ7MyVQfvepsamaBEtF3FtOufbg065NPl9SeQ9t51b/pPNWBrrNly9NIJdYJxUMHw CZkJeMlXX5vMEi5nawZ/ZQ5pYxSkHiENdDeUNcEXxezQWzIElC9CIQTJ9KXixr2cfWrl MoErBfzN9u1JMizRrfJovxv295veATUO7t3k9g1kAyFs5zJzngixmdgeeP2bQZSVvQCY UF7076k61EMB+z2l1MgklNtfyb5vAv8LtvuohN7rBfLYVtD6DklXmUKW6dPVKFKhER9R vtHBTnke+yDDmLEffPlqFTtyjyo98I5kAMTL3OJb3GyPfhM3r7T1NLB2nDBIa4Sg5Z/D /UoQ== X-Forwarded-Encrypted: i=1; AJvYcCUwj2tgRBBH6FsRyCC/9pe+bNhDItxEXC6QKEdA6GO44NPpCMDRAbHhP2f1dOSVpRLcVAZa9dm78NEyQJK7rArjtZ32Hgw= X-Gm-Message-State: AOJu0YyJ0SX063NARDg4fBmduSTB1sEw6b5OpW7k5Ar6XiiHogX+szPJ SZ6IgRLNFpMIsCFWCKvgwEIbN/EDzAVytd2kw52O2xqXMDivYwIS5wH1NGfy6W2XhblUL8yYXM5 y X-Google-Smtp-Source: AGHT+IHL2b232p3lFzAWlqwCwOnXVcHu34vFIkav0qsljUhtn7NkN1WBCwMvjAVu9roxBgpBo+CyLQ== X-Received: by 2002:a5d:69c1:0:b0:343:ef1b:9f69 with SMTP id s1-20020a5d69c1000000b00343ef1b9f69mr1972749wrw.43.1713542400612; Fri, 19 Apr 2024 09:00:00 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.09.00.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 09:00:00 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 21/22] hw/arm/virt: Move virt_flash_create() to machvirt_init() Date: Fri, 19 Apr 2024 16:57:09 +0100 Message-ID: <20240419155709.318866-23-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42a; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org For confidential VMs we'll want to skip flash device creation. Unfortunately, in virt_instance_init() the machine->cgs member has not yet been initialized, so we cannot check whether confidential guest is enabled. Move virt_flash_create() to machvirt_init(), where we can access the machine->cgs member. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- hw/arm/virt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index eca9a96b5a..bed19d0b79 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -2071,6 +2071,8 @@ static void machvirt_init(MachineState *machine) unsigned int smp_cpus = machine->smp.cpus; unsigned int max_cpus = machine->smp.max_cpus; + virt_flash_create(vms); + possible_cpus = mc->possible_cpu_arch_ids(machine); /* @@ -3229,8 +3231,6 @@ static void virt_instance_init(Object *obj) vms->irqmap = a15irqmap; - virt_flash_create(vms); - vms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6); vms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8); } From patchwork Fri Apr 19 15:57:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 13636571 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9CE68C07C79 for ; Fri, 19 Apr 2024 16:08:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqfO-0001jn-JM; Fri, 19 Apr 2024 12:00:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqeo-0001J0-Oz for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:10 -0400 Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqei-0001CN-V5 for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:10 -0400 Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-416a8ec0239so12923445e9.0 for ; Fri, 19 Apr 2024 09:00:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542401; x=1714147201; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O6P7o8S6krw4zIbaWf8/FAfVFQ5WX21YqyvLNU1xBMQ=; b=DXBR25VRIrQ7hjnyIHmY86KioCeemLOrhLpiYHQaMxMo3iNnnNbwYo99UkniBIJgoQ 6BNJYEV8ViDCCuknFdWGtBkDgkKASs7+QcLzIF6rhmzGZk1Gj2bYtTBTdnoycMXDJgWy GdDry5hb+lPgBSc7zmIOsIta5cOxwsVmU6Yi+k8LydmOZedAJUXO7tzvjB1Te6kl52jV LjSqxoI20Ojnn7w0sVYv2s6JK9UOsUc1PyKnb5rrzqT1r6sdeoVI2TouozGbAfbWrKa9 T7r+FSSJ0AouQEvkEDLTF4mtftFMWZktfOJW31c3+zv++uiCAFqz1RVLfrxXGVvPmdy/ qvuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542401; x=1714147201; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O6P7o8S6krw4zIbaWf8/FAfVFQ5WX21YqyvLNU1xBMQ=; b=taECDG5Wlb8+n8nGKzApvVazWrK8rF2bD982VmgM0Z42xrHGxrBV0v7+GA/j773SzV e35g21swNwcUa3qTb7Cqu/IbE31e5BqQLAf8ZnBEilvdXeyd09lWd4991et8ERoN1iBc A5+GbAQ4tPsNk51sw73+x+R4EKb8PQs9vAArbJMmFP3Vtdky0jW1hGUZImbVEIiU2aSU ayhLNcvQ3aoqne2IT4ckh6zyJ57ktWMe1J6oRmSMeYGEJZxRAcsemW/thy48xlNIWyjo UB+cGMjujexKzc8PDUI0JOMSYtWXDzvF9vo9klKYPZSYj4nySOSP+h0iOQ6BI8U8wFR0 nxRg== X-Forwarded-Encrypted: i=1; AJvYcCU4VLNVLgCsCvr/S+xx6TLrEYB6BWa6vJX/WRdtTqDl6SVUn6MDsLcV8lW1WWAs2eGp7BnalwXEUBVkdK24AtjrXmmPWFY= X-Gm-Message-State: AOJu0YzBITX4WsENhiYhfAAn3Iw0h04U7/0SydChBNyJLT00uUYGUHCk qXXJG8Xi4Pm5iio7cgCrwfo9aSljcFZY1EaDndvzYEDDNZIFFQn8XHu4LvpYi9o= X-Google-Smtp-Source: AGHT+IFEr1Eo5za6le6H3Fb4UwnWLTfpVCPtzDo/B+w0JhgSprFb67NzI/c2JAIDkViPEw6yFPK5mA== X-Received: by 2002:a05:600c:4ec8:b0:418:bdcd:e59b with SMTP id g8-20020a05600c4ec800b00418bdcde59bmr4354518wmq.7.1713542401270; Fri, 19 Apr 2024 09:00:01 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.09.00.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 09:00:01 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 22/22] hw/arm/virt: Use RAM instead of flash for confidential guest firmware Date: Fri, 19 Apr 2024 16:57:10 +0100 Message-ID: <20240419155709.318866-24-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32f; envelope-from=jean-philippe@linaro.org; helo=mail-wm1-x32f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The flash device that holds firmware code relies on read-only stage-2 mappings. Read accesses behave as RAM and write accesses as MMIO. Since the RMM does not support read-only mappings we cannot use the flash device as-is. That isn't a problem because the firmware does not want to disclose any information to the host, hence will not store its variables in clear persistent memory. We can therefore replace the flash device with RAM, and load the firmware there. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- include/hw/arm/boot.h | 9 +++++++++ hw/arm/boot.c | 34 ++++++++++++++++++++++++++++++--- hw/arm/virt.c | 44 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 3 deletions(-) diff --git a/include/hw/arm/boot.h b/include/hw/arm/boot.h index 80c492d742..d91cfc6942 100644 --- a/include/hw/arm/boot.h +++ b/include/hw/arm/boot.h @@ -112,6 +112,10 @@ struct arm_boot_info { */ bool firmware_loaded; + /* Used when loading firmware into RAM */ + hwaddr firmware_base; + hwaddr firmware_max_size; + /* Address at which board specific loader/setup code exists. If enabled, * this code-blob will run before anything else. It must return to the * caller via the link register. There is no stack set up. Enabled by @@ -132,6 +136,11 @@ struct arm_boot_info { bool secure_board_setup; arm_endianness endianness; + + /* + * Confidential guest boot loads everything into RAM so it can be measured. + */ + bool confidential; }; /** diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 9f522e332b..26c6334d52 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -1154,7 +1154,31 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu, } } -static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info) +static void arm_setup_confidential_firmware_boot(ARMCPU *cpu, + struct arm_boot_info *info, + const char *firmware_filename) +{ + ssize_t fw_size; + const char *fname; + AddressSpace *as = arm_boot_address_space(cpu, info); + + fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, firmware_filename); + if (!fname) { + error_report("Could not find firmware image '%s'", firmware_filename); + exit(1); + } + + fw_size = load_image_targphys_as(firmware_filename, + info->firmware_base, + info->firmware_max_size, as); + if (fw_size <= 0) { + error_report("could not load firmware '%s'", firmware_filename); + exit(1); + } +} + +static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info, + const char *firmware_filename) { /* Set up for booting firmware (which might load a kernel via fw_cfg) */ @@ -1205,6 +1229,10 @@ static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info) } } + if (info->confidential) { + arm_setup_confidential_firmware_boot(cpu, info, firmware_filename); + } + /* * We will start from address 0 (typically a boot ROM image) in the * same way as hardware. Leave env->boot_info NULL, so that @@ -1243,9 +1271,9 @@ void arm_load_kernel(ARMCPU *cpu, MachineState *ms, struct arm_boot_info *info) info->dtb_filename = ms->dtb; info->dtb_limit = 0; - /* Load the kernel. */ + /* Load the kernel and/or firmware. */ if (!info->kernel_filename || info->firmware_loaded) { - arm_setup_firmware_boot(cpu, info); + arm_setup_firmware_boot(cpu, info, ms->firmware); } else { arm_setup_direct_kernel_boot(cpu, info); } diff --git a/hw/arm/virt.c b/hw/arm/virt.c index bed19d0b79..4a6281fc89 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1178,6 +1178,10 @@ static PFlashCFI01 *virt_flash_create1(VirtMachineState *vms, static void virt_flash_create(VirtMachineState *vms) { + if (virt_machine_is_confidential(vms)) { + return; + } + vms->flash[0] = virt_flash_create1(vms, "virt.flash0", "pflash0"); vms->flash[1] = virt_flash_create1(vms, "virt.flash1", "pflash1"); } @@ -1213,6 +1217,10 @@ static void virt_flash_map(VirtMachineState *vms, hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2; hwaddr flashbase = vms->memmap[VIRT_FLASH].base; + if (virt_machine_is_confidential(vms)) { + return; + } + virt_flash_map1(vms->flash[0], flashbase, flashsize, secure_sysmem); virt_flash_map1(vms->flash[1], flashbase + flashsize, flashsize, @@ -1228,6 +1236,10 @@ static void virt_flash_fdt(VirtMachineState *vms, MachineState *ms = MACHINE(vms); char *nodename; + if (virt_machine_is_confidential(vms)) { + return; + } + if (sysmem == secure_sysmem) { /* Report both flash devices as a single node in the DT */ nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); @@ -1263,6 +1275,26 @@ static void virt_flash_fdt(VirtMachineState *vms, } } +static bool virt_confidential_firmware_init(VirtMachineState *vms, + MemoryRegion *sysmem) +{ + MemoryRegion *fw_ram; + hwaddr fw_base = vms->memmap[VIRT_FLASH].base; + hwaddr fw_size = vms->memmap[VIRT_FLASH].size; + + if (!MACHINE(vms)->firmware) { + return false; + } + + assert(machine_require_guest_memfd(MACHINE(vms))); + + fw_ram = g_new(MemoryRegion, 1); + memory_region_init_ram_guest_memfd(fw_ram, NULL, "fw_ram", fw_size, &error_fatal); + memory_region_add_subregion(sysmem, fw_base, fw_ram); + + return true; +} + static bool virt_firmware_init(VirtMachineState *vms, MemoryRegion *sysmem, MemoryRegion *secure_sysmem) @@ -1271,6 +1303,15 @@ static bool virt_firmware_init(VirtMachineState *vms, const char *bios_name; BlockBackend *pflash_blk0; + /* + * For a confidential VM, the firmware image and any boot information, + * including EFI variables, are stored in RAM in order to be measurable and + * private. Create a RAM region and load the firmware image there. + */ + if (virt_machine_is_confidential(vms)) { + return virt_confidential_firmware_init(vms, sysmem); + } + /* Map legacy -drive if=pflash to machine properties */ for (i = 0; i < ARRAY_SIZE(vms->flash); i++) { pflash_cfi01_legacy_drive(vms->flash[i], @@ -2367,7 +2408,10 @@ static void machvirt_init(MachineState *machine) vms->bootinfo.get_dtb = machvirt_dtb; vms->bootinfo.skip_dtb_autoload = true; vms->bootinfo.firmware_loaded = firmware_loaded; + vms->bootinfo.firmware_base = vms->memmap[VIRT_FLASH].base; + vms->bootinfo.firmware_max_size = vms->memmap[VIRT_FLASH].size; vms->bootinfo.psci_conduit = vms->psci_conduit; + vms->bootinfo.confidential = virt_machine_is_confidential(vms); arm_load_kernel(ARM_CPU(first_cpu), machine, &vms->bootinfo); vms->machine_done.notify = virt_machine_done;