From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 07F8528E8; Fri, 27 Jan 2023 11:40:52 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 85B3D175A; Fri, 27 Jan 2023 03:41:33 -0800 (PST) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 068563F64C; Fri, 27 Jan 2023 03:40:48 -0800 (PST) From: Suzuki K Poulose To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: suzuki.poulose@arm.com, Alexandru Elisei , Andrew Jones , Christoffer Dall , Fuad Tabba , Jean-Philippe Brucker , Joey Gouly , Marc Zyngier , Mark Rutland , Oliver Upton , Paolo Bonzini , Quentin Perret , Steven Price , Thomas Huth , Will Deacon , Zenghui Yu , linux-coco@lists.linux.dev, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [RFC kvmtool 22/31] arm64: Activate realm before the first VCPU is run Date: Fri, 27 Jan 2023 11:39:23 +0000 Message-Id: <20230127113932.166089-23-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230127113932.166089-1-suzuki.poulose@arm.com> References: <20230127112248.136810-1-suzuki.poulose@arm.com> <20230127113932.166089-1-suzuki.poulose@arm.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Alexandru Elisei Before KVM can run a VCPU belong to a realm, the realm be activated. Activating a realm prevents the adding of new object and seals the cryptographic measurement of that realm. The VCPU state is part of the measurement, which means that realm activation must be performed after all VCPUs have been reset. Current RMM implementation can only create RECs in the order of their MPIDRs. VCPUs get assigned MPIDRs by KVM based on their VCPU id. Reset the VCPUs in the order they were created from the main thread instead of doing it from their own thread, which doesn't guarantee any ordering. Signed-off-by: Alexandru Elisei Signed-off-by: Suzuki K Poulose --- arm/aarch64/kvm-cpu.c | 4 ++++ arm/aarch64/realm.c | 35 +++++++++++++++++++++++++++++++ arm/include/arm-common/kvm-arch.h | 1 + 3 files changed, 40 insertions(+) diff --git a/arm/aarch64/kvm-cpu.c b/arm/aarch64/kvm-cpu.c index 24e570c4..32fa7609 100644 --- a/arm/aarch64/kvm-cpu.c +++ b/arm/aarch64/kvm-cpu.c @@ -187,6 +187,10 @@ void kvm_cpu__reset_vcpu(struct kvm_cpu *vcpu) cpu_set_t *affinity; int ret; + /* VCPU reset is done before activating the realm. */ + if (kvm->arch.realm_is_active) + return; + affinity = kvm->arch.vcpu_affinity_cpuset; if (affinity) { ret = sched_setaffinity(0, sizeof(cpu_set_t), affinity); diff --git a/arm/aarch64/realm.c b/arm/aarch64/realm.c index eddccece..808d39c5 100644 --- a/arm/aarch64/realm.c +++ b/arm/aarch64/realm.c @@ -1,4 +1,5 @@ #include "kvm/kvm.h" +#include "kvm/kvm-cpu.h" #include #include @@ -192,3 +193,37 @@ void kvm_arm_realm_populate_dtb(struct kvm *kvm) if (end > start) realm_populate(kvm, start, end - start); } + +static void kvm_arm_realm_activate_realm(struct kvm *kvm) +{ + struct kvm_enable_cap activate_realm = { + .cap = KVM_CAP_ARM_RME, + .args[0] = KVM_CAP_ARM_RME_ACTIVATE_REALM, + }; + + if (ioctl(kvm->vm_fd, KVM_ENABLE_CAP, &activate_realm) < 0) + die_perror("KVM_CAP_ARM_RME(KVM_CAP_ARM_RME_ACTIVATE_REALM)"); + + kvm->arch.realm_is_active = true; +} + +static int kvm_arm_realm_finalize(struct kvm *kvm) +{ + int i; + + if (!kvm->cfg.arch.is_realm) + return 0; + + /* + * VCPU reset must happen before the realm is activated, because their + * state is part of the cryptographic measurement for the realm. + */ + for (i = 0; i < kvm->nrcpus; i++) + kvm_cpu__reset_vcpu(kvm->cpus[i]); + + /* Activate and seal the measurement for the realm. */ + kvm_arm_realm_activate_realm(kvm); + + return 0; +} +last_init(kvm_arm_realm_finalize) diff --git a/arm/include/arm-common/kvm-arch.h b/arm/include/arm-common/kvm-arch.h index b5a4b851..6d48e13c 100644 --- a/arm/include/arm-common/kvm-arch.h +++ b/arm/include/arm-common/kvm-arch.h @@ -116,6 +116,7 @@ struct kvm_arch { cpu_set_t *vcpu_affinity_cpuset; u64 measurement_algo; u64 sve_vq; + bool realm_is_active; }; #endif /* ARM_COMMON__KVM_ARCH_H */ -- 2.34.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CA5F8C38142 for ; Fri, 27 Jan 2023 12:13:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=GZZldezSf9sKIPUYfmjduSLNqJ279La4bxhKPUfBKB0=; b=3PtpsbcKVLAAk/ 2ab4nY6Ht2GD35M4juMfCfw0vfIVm1LH00NNHKkIkC91KHH0PKyizW0YkIh1wIKYWix8sTwwGTetV nbfxDGFTZpq4xOLG/LIKa5awH8qKUJrz7gPI5CcFRHNn3X2WNNO0HCutRl0VMa5rfT7W5WJdyJy5M Dl9OjixK02H3GKIYPBsV9oxwyICQtz+PCelyy9MdvaGE3Aa3aXd2A+0D8RFaKflTShm0wy+KMWNCP 181p0AKhl/TzdUaTbyxYJkNF/ILkJCq4ZmG+IHy5urYQ5e6nw2/jHCoV61mp95PWCXX8J02OK8Ys2 cG6ADtXV9yIVGTQmpD6w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pLNaQ-00ERf1-4k; Fri, 27 Jan 2023 12:12:07 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pLN6C-00EDAb-Cj for linux-arm-kernel@lists.infradead.org; Fri, 27 Jan 2023 11:40:55 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 85B3D175A; Fri, 27 Jan 2023 03:41:33 -0800 (PST) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 068563F64C; Fri, 27 Jan 2023 03:40:48 -0800 (PST) From: Suzuki K Poulose To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: suzuki.poulose@arm.com, Alexandru Elisei , Andrew Jones , Christoffer Dall , Fuad Tabba , Jean-Philippe Brucker , Joey Gouly , Marc Zyngier , Mark Rutland , Oliver Upton , Paolo Bonzini , Quentin Perret , Steven Price , Thomas Huth , Will Deacon , Zenghui Yu , linux-coco@lists.linux.dev, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [RFC kvmtool 22/31] arm64: Activate realm before the first VCPU is run Date: Fri, 27 Jan 2023 11:39:23 +0000 Message-Id: <20230127113932.166089-23-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230127113932.166089-1-suzuki.poulose@arm.com> References: <20230127112248.136810-1-suzuki.poulose@arm.com> <20230127113932.166089-1-suzuki.poulose@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230127_034052_797300_8C0050DC X-CRM114-Status: GOOD ( 18.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Alexandru Elisei Before KVM can run a VCPU belong to a realm, the realm be activated. Activating a realm prevents the adding of new object and seals the cryptographic measurement of that realm. The VCPU state is part of the measurement, which means that realm activation must be performed after all VCPUs have been reset. Current RMM implementation can only create RECs in the order of their MPIDRs. VCPUs get assigned MPIDRs by KVM based on their VCPU id. Reset the VCPUs in the order they were created from the main thread instead of doing it from their own thread, which doesn't guarantee any ordering. Signed-off-by: Alexandru Elisei Signed-off-by: Suzuki K Poulose --- arm/aarch64/kvm-cpu.c | 4 ++++ arm/aarch64/realm.c | 35 +++++++++++++++++++++++++++++++ arm/include/arm-common/kvm-arch.h | 1 + 3 files changed, 40 insertions(+) diff --git a/arm/aarch64/kvm-cpu.c b/arm/aarch64/kvm-cpu.c index 24e570c4..32fa7609 100644 --- a/arm/aarch64/kvm-cpu.c +++ b/arm/aarch64/kvm-cpu.c @@ -187,6 +187,10 @@ void kvm_cpu__reset_vcpu(struct kvm_cpu *vcpu) cpu_set_t *affinity; int ret; + /* VCPU reset is done before activating the realm. */ + if (kvm->arch.realm_is_active) + return; + affinity = kvm->arch.vcpu_affinity_cpuset; if (affinity) { ret = sched_setaffinity(0, sizeof(cpu_set_t), affinity); diff --git a/arm/aarch64/realm.c b/arm/aarch64/realm.c index eddccece..808d39c5 100644 --- a/arm/aarch64/realm.c +++ b/arm/aarch64/realm.c @@ -1,4 +1,5 @@ #include "kvm/kvm.h" +#include "kvm/kvm-cpu.h" #include #include @@ -192,3 +193,37 @@ void kvm_arm_realm_populate_dtb(struct kvm *kvm) if (end > start) realm_populate(kvm, start, end - start); } + +static void kvm_arm_realm_activate_realm(struct kvm *kvm) +{ + struct kvm_enable_cap activate_realm = { + .cap = KVM_CAP_ARM_RME, + .args[0] = KVM_CAP_ARM_RME_ACTIVATE_REALM, + }; + + if (ioctl(kvm->vm_fd, KVM_ENABLE_CAP, &activate_realm) < 0) + die_perror("KVM_CAP_ARM_RME(KVM_CAP_ARM_RME_ACTIVATE_REALM)"); + + kvm->arch.realm_is_active = true; +} + +static int kvm_arm_realm_finalize(struct kvm *kvm) +{ + int i; + + if (!kvm->cfg.arch.is_realm) + return 0; + + /* + * VCPU reset must happen before the realm is activated, because their + * state is part of the cryptographic measurement for the realm. + */ + for (i = 0; i < kvm->nrcpus; i++) + kvm_cpu__reset_vcpu(kvm->cpus[i]); + + /* Activate and seal the measurement for the realm. */ + kvm_arm_realm_activate_realm(kvm); + + return 0; +} +last_init(kvm_arm_realm_finalize) diff --git a/arm/include/arm-common/kvm-arch.h b/arm/include/arm-common/kvm-arch.h index b5a4b851..6d48e13c 100644 --- a/arm/include/arm-common/kvm-arch.h +++ b/arm/include/arm-common/kvm-arch.h @@ -116,6 +116,7 @@ struct kvm_arch { cpu_set_t *vcpu_affinity_cpuset; u64 measurement_algo; u64 sve_vq; + bool realm_is_active; }; #endif /* ARM_COMMON__KVM_ARCH_H */ -- 2.34.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel