Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp86948lqt; Thu, 18 Apr 2024 09:05:18 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUnT38oB4R5P7fN0caeIqymxmmI7VgnkBOTZ/W1x3hCQ7MxrdYKDJ1jgiI2xIt+KfmX044ubhfjn2U7LM/9OBeHKgOQLRiJfBwrwb/wSQ== X-Google-Smtp-Source: AGHT+IEyMFkcbjlshf7TbK9bTQY0xJR9oAHWPIDRlRtPgFymOSVJRLgakiMT2FkiBdT+QCjFGqTr X-Received: by 2002:a05:6870:ac2c:b0:235:3cf:2e5d with SMTP id kw44-20020a056870ac2c00b0023503cf2e5dmr3933911oab.1.1713456317752; Thu, 18 Apr 2024 09:05:17 -0700 (PDT) Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id j14-20020a056102000e00b00479d5b7fc74si336660vsp.101.2024.04.18.09.05.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 09:05:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-150449-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel+bounces-150449-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150449-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 4FEAA1C20A46 for ; Thu, 18 Apr 2024 16:05:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 38AAE16F912; Thu, 18 Apr 2024 16:04:59 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3A26A16F855; Thu, 18 Apr 2024 16:04:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713456298; cv=none; b=OfkGiqDrXzq0r94APr0O+Ps8EuOHsmVS28fvemQqYlB+qU7sob6mnyfv2DSEUESMDeikG9oOFR/WtRXos5H1GGAshak9l/WFMeoRHfFcYlQSlDM2LwlZxOoV3lo6tU1ojgFvRLTCUr8vxOL8WMSmNXDSXr+MMQ+nb7eHSE7Ins0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713456298; c=relaxed/simple; bh=GbU1JA6YVxb3ig5NRjN18v3UIYgnjfVgvATBleIZOu8=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=QWeLoBa4kafp3iXDYZU31oz/mkPlNuDthgN7uddOOBXvZfEbi1ycmekFrHfy6tgmpvlninE2IpLD5uMgTqz5N7VVYHw2gyn4ocNMuqWRbCDqec/F5rCd97peEN8oVZ5DbeR7jKm8nALpi8/k1tZr6An9j3aftx6mzke0DjYUL+0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7E6C82F; Thu, 18 Apr 2024 09:05:23 -0700 (PDT) Received: from [10.57.84.16] (unknown [10.57.84.16]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 131373F64C; Thu, 18 Apr 2024 09:04:52 -0700 (PDT) Message-ID: <89f94c97-ea8d-47e1-919f-8137b74a8943@arm.com> Date: Thu, 18 Apr 2024 17:04:51 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 09/43] arm64: RME: ioctls to create and configure realms Content-Language: en-GB To: Steven Price , kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev, Ganapatrao Kulkarni , Jean-Philippe Brucker References: <20240412084056.1733704-1-steven.price@arm.com> <20240412084309.1733783-1-steven.price@arm.com> <20240412084309.1733783-10-steven.price@arm.com> From: Suzuki K Poulose In-Reply-To: <20240412084309.1733783-10-steven.price@arm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/04/2024 09:42, Steven Price wrote: > Add the KVM_CAP_ARM_RME_CREATE_FD ioctl to create a realm. This involves > delegating pages to the RMM to hold the Realm Descriptor (RD) and for > the base level of the Realm Translation Tables (RTT). A VMID also need > to be picked, since the RMM has a separate VMID address space a > dedicated allocator is added for this purpose. > > KVM_CAP_ARM_RME_CONFIG_REALM is provided to allow configuring the realm > before it is created. > > Co-developed-by: Suzuki K Poulose > Signed-off-by: Suzuki K Poulose > Signed-off-by: Steven Price > Signed-off-by: Jean-Philippe Brucker > --- > arch/arm64/include/asm/kvm_emulate.h | 5 + > arch/arm64/include/asm/kvm_rme.h | 19 ++ > arch/arm64/kvm/arm.c | 18 ++ > arch/arm64/kvm/mmu.c | 15 +- > arch/arm64/kvm/rme.c | 282 +++++++++++++++++++++++++++ > 5 files changed, 337 insertions(+), 2 deletions(-) > > @@ -1014,6 +1018,13 @@ void kvm_free_stage2_pgd(struct kvm_s2_mmu *mmu) > struct kvm_pgtable *pgt = NULL; > > write_lock(&kvm->mmu_lock); > + if (kvm_is_realm(kvm) && > + (kvm_realm_state(kvm) != REALM_STATE_DEAD && > + kvm_realm_state(kvm) != REALM_STATE_NONE)) { > + /* TODO: teardown rtts */ > + write_unlock(&kvm->mmu_lock); > + return; > + } > pgt = mmu->pgt; > if (pgt) { > mmu->pgd_phys = 0; See my comment below. .. > + > +void kvm_destroy_realm(struct kvm *kvm) > +{ .. > + for (i = 0; i < pgt->pgd_pages; i++) { > + phys_addr_t pgd_phys = kvm->arch.mmu.pgd_phys + i * PAGE_SIZE; > + > + if (WARN_ON(rmi_granule_undelegate(pgd_phys))) > + return; I think we need to either: a. memset() the root RTT pages to 0 here. OR b. for Realms, avoid walking the page table triggered via kvm_pgtable_stage2_destroy()->kvm_pgtable_walk(). Even though the root RTTs are all empty (invalid entries, written using RMM's memory encryption.), the Host might be seeing "garbage" which might look like "valid" entries and thus triggering crashes. I prefer not walking the RTTs for a Realm and thus simply skip the walk. Suzuki > + } > + > + WRITE_ONCE(realm->state, REALM_STATE_DEAD); > + > + kvm_free_stage2_pgd(&kvm->arch.mmu); > +} > + > +int kvm_init_realm_vm(struct kvm *kvm) > +{ > + struct realm_params *params; > + > + params = (struct realm_params *)get_zeroed_page(GFP_KERNEL); > + if (!params) > + return -ENOMEM; > + > + /* Default parameters, not exposed to user space */ > + params->s2sz = VTCR_EL2_IPA(kvm->arch.mmu.vtcr); > + kvm->arch.realm.params = params; > + return 0; > +} > + > int kvm_init_rme(void) > { > + int ret; > + > if (PAGE_SIZE != SZ_4K) > /* Only 4k page size on the host is supported */ > return 0; > @@ -46,6 +321,13 @@ int kvm_init_rme(void) > /* Continue without realm support */ > return 0; > > + if (WARN_ON(rmi_features(0, &rmm_feat_reg0))) > + return 0; > + > + ret = rme_vmid_init(); > + if (ret) > + return ret; > + > /* Future patch will enable static branch kvm_rme_is_available */ > > return 0;