From: Steven Price <steven.price@arm.com> To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Steven Price <steven.price@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, Fuad Tabba <tabba@google.com>, linux-coco@lists.linux.dev, Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com> Subject: [PATCH v2 00/14] arm64: Support for running as a guest in Arm CCA Date: Fri, 12 Apr 2024 09:41:59 +0100 [thread overview] Message-ID: <20240412084213.1733764-1-steven.price@arm.com> (raw) In-Reply-To: <20240412084056.1733704-1-steven.price@arm.com> This series adds support for running Linux in a protected VM under the Arm Confidential Compute Architecture (CCA). The purpose of this series is to gather feedback on the proposed changes to the architecture code for CCA. The ABI to the RMM from a realm (the RSI) is based on the final RMM v1.0 (EAC 5) specification[1]. This series is based on v6.9-rc1. It is also available as a git repository: https://gitlab.arm.com/linux-arm/linux-cca cca-guest/v2 Introduction ============ A more general introduction to Arm CCA is available on the Arm website[2], and links to the other components involved are available in the overall cover letter. Arm Confidential Compute Architecture adds two new 'worlds' to the architecture: Root and Realm. A new software component known as the RMM (Realm Management Monitor) runs in Realm EL2 and is trusted by both the Normal World and VMs running within Realms. This enables mutual distrust between the Realm VMs and the Normal World. Virtual machines running within a Realm can decide on a (4k) page-by-page granularity whether to share a page with the (Normal World) host or to keep it private (protected). This protection is provided by the hardware and attempts to access a page which isn't shared by the Normal World will trigger a Granule Protection Fault. Realm VMs can communicate with the RMM via another SMC interface known as RSI (Realm Services Interface). This series adds wrappers for the full set of RSI commands and uses them to manage the Realm IPA State (RIPAS) and to discover the configuration of the realm. The VM running within the Realm needs to ensure that memory that is going to use is marked as 'RIPAS_RAM' (i.e. protected memory accessible only to the guest). This could be provided by the VMM (and subject to measurement to ensure it is setup correctly) or the VM can set it itself. This series includes a patch which will iterate over all described RAM and set the RIPAS. This is a relatively cheap operation, and doesn't require memory donation from the host. Instead, memory can be dynamically provided by the host on fault. An alternative would be to update booting.rst and state this as a requirement, but this would reduce the flexibility of the VMM to manage the available memory to the guest (as the initial RIPAS state is part of the guest's measurement). Within the Realm the most-significant active bit of the IPA is used to select whether the access is to protected memory or to memory shared with the host. This series treats this bit as if it is attribute bit in the page tables and will modify it when sharing/unsharing memory with the host. This top bit usage also necessitates that the IPA width is made more dynamic in the guest. The VMM will choose a width (and therefore which bit controls the shared flag) and the guest must be able to identify this bit to mask it out when necessary. PHYS_MASK_SHIFT/PHYS_MASK are therefore made dynamic. To allow virtio to communicate with the host the shared buffers must be placed in memory which has this top IPA bit set. This is achieved by implementating the set_memory_{encrypted,decrypted} APIs for arm64 and forcing the use of bounce buffers. For now all device access is considered to required the memory to be shared, at this stage there is no support for real devices to be assigned to a realm guest - obviously if device assignment is added this will have to change. Finally the GIC is (largely) emulated by the (untrusted) host. The RMM provides some management (including register save/restore) but the ITS buffers must be placed into shared memory for the host to emulate. There is likely to be future work to harden the GIC driver against a malicious host (along with any other drivers used within a Realm guest). [1] https://developer.arm.com/documentation/den0137/1-0eac5/ [2] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture Sami Mujawar (2): arm64: rsi: Interfaces to query attestation token virt: arm-cca-guest: TSM_REPORT support for realms Steven Price (5): arm64: realm: Query IPA size from the RMM arm64: Mark all I/O as non-secure shared arm64: Make the PHYS_MASK_SHIFT dynamic arm64: Enforce bounce buffers for realm DMA arm64: realm: Support nonsecure ITS emulation shared Suzuki K Poulose (7): arm64: rsi: Add RSI definitions arm64: Detect if in a realm and set RIPAS RAM fixmap: Allow architecture overriding set_fixmap_io arm64: Override set_fixmap_io arm64: Enable memory encrypt for Realms arm64: Force device mappings to be non-secure shared efi: arm64: Map Device with Prot Shared arch/arm64/Kconfig | 3 + arch/arm64/include/asm/fixmap.h | 4 +- arch/arm64/include/asm/io.h | 6 +- arch/arm64/include/asm/kvm_arm.h | 2 +- arch/arm64/include/asm/mem_encrypt.h | 19 ++ arch/arm64/include/asm/pgtable-hwdef.h | 4 +- arch/arm64/include/asm/pgtable-prot.h | 3 + arch/arm64/include/asm/pgtable.h | 7 +- arch/arm64/include/asm/rsi.h | 46 ++++ arch/arm64/include/asm/rsi_cmds.h | 143 ++++++++++++ arch/arm64/include/asm/rsi_smc.h | 136 ++++++++++++ arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/efi.c | 2 +- arch/arm64/kernel/rsi.c | 85 +++++++ arch/arm64/kernel/setup.c | 3 + arch/arm64/mm/init.c | 13 +- arch/arm64/mm/mmu.c | 13 ++ arch/arm64/mm/pageattr.c | 48 +++- drivers/irqchip/irq-gic-v3-its.c | 95 ++++++-- drivers/virt/coco/Kconfig | 2 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/arm-cca-guest/Kconfig | 11 + drivers/virt/coco/arm-cca-guest/Makefile | 2 + .../virt/coco/arm-cca-guest/arm-cca-guest.c | 208 ++++++++++++++++++ include/asm-generic/fixmap.h | 2 + 25 files changed, 822 insertions(+), 39 deletions(-) create mode 100644 arch/arm64/include/asm/mem_encrypt.h create mode 100644 arch/arm64/include/asm/rsi.h create mode 100644 arch/arm64/include/asm/rsi_cmds.h create mode 100644 arch/arm64/include/asm/rsi_smc.h create mode 100644 arch/arm64/kernel/rsi.c create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c -- 2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Steven Price <steven.price@arm.com> To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Steven Price <steven.price@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, Fuad Tabba <tabba@google.com>, linux-coco@lists.linux.dev, Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com> Subject: [PATCH v2 00/14] arm64: Support for running as a guest in Arm CCA Date: Fri, 12 Apr 2024 09:41:59 +0100 [thread overview] Message-ID: <20240412084213.1733764-1-steven.price@arm.com> (raw) In-Reply-To: <20240412084056.1733704-1-steven.price@arm.com> This series adds support for running Linux in a protected VM under the Arm Confidential Compute Architecture (CCA). The purpose of this series is to gather feedback on the proposed changes to the architecture code for CCA. The ABI to the RMM from a realm (the RSI) is based on the final RMM v1.0 (EAC 5) specification[1]. This series is based on v6.9-rc1. It is also available as a git repository: https://gitlab.arm.com/linux-arm/linux-cca cca-guest/v2 Introduction ============ A more general introduction to Arm CCA is available on the Arm website[2], and links to the other components involved are available in the overall cover letter. Arm Confidential Compute Architecture adds two new 'worlds' to the architecture: Root and Realm. A new software component known as the RMM (Realm Management Monitor) runs in Realm EL2 and is trusted by both the Normal World and VMs running within Realms. This enables mutual distrust between the Realm VMs and the Normal World. Virtual machines running within a Realm can decide on a (4k) page-by-page granularity whether to share a page with the (Normal World) host or to keep it private (protected). This protection is provided by the hardware and attempts to access a page which isn't shared by the Normal World will trigger a Granule Protection Fault. Realm VMs can communicate with the RMM via another SMC interface known as RSI (Realm Services Interface). This series adds wrappers for the full set of RSI commands and uses them to manage the Realm IPA State (RIPAS) and to discover the configuration of the realm. The VM running within the Realm needs to ensure that memory that is going to use is marked as 'RIPAS_RAM' (i.e. protected memory accessible only to the guest). This could be provided by the VMM (and subject to measurement to ensure it is setup correctly) or the VM can set it itself. This series includes a patch which will iterate over all described RAM and set the RIPAS. This is a relatively cheap operation, and doesn't require memory donation from the host. Instead, memory can be dynamically provided by the host on fault. An alternative would be to update booting.rst and state this as a requirement, but this would reduce the flexibility of the VMM to manage the available memory to the guest (as the initial RIPAS state is part of the guest's measurement). Within the Realm the most-significant active bit of the IPA is used to select whether the access is to protected memory or to memory shared with the host. This series treats this bit as if it is attribute bit in the page tables and will modify it when sharing/unsharing memory with the host. This top bit usage also necessitates that the IPA width is made more dynamic in the guest. The VMM will choose a width (and therefore which bit controls the shared flag) and the guest must be able to identify this bit to mask it out when necessary. PHYS_MASK_SHIFT/PHYS_MASK are therefore made dynamic. To allow virtio to communicate with the host the shared buffers must be placed in memory which has this top IPA bit set. This is achieved by implementating the set_memory_{encrypted,decrypted} APIs for arm64 and forcing the use of bounce buffers. For now all device access is considered to required the memory to be shared, at this stage there is no support for real devices to be assigned to a realm guest - obviously if device assignment is added this will have to change. Finally the GIC is (largely) emulated by the (untrusted) host. The RMM provides some management (including register save/restore) but the ITS buffers must be placed into shared memory for the host to emulate. There is likely to be future work to harden the GIC driver against a malicious host (along with any other drivers used within a Realm guest). [1] https://developer.arm.com/documentation/den0137/1-0eac5/ [2] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture Sami Mujawar (2): arm64: rsi: Interfaces to query attestation token virt: arm-cca-guest: TSM_REPORT support for realms Steven Price (5): arm64: realm: Query IPA size from the RMM arm64: Mark all I/O as non-secure shared arm64: Make the PHYS_MASK_SHIFT dynamic arm64: Enforce bounce buffers for realm DMA arm64: realm: Support nonsecure ITS emulation shared Suzuki K Poulose (7): arm64: rsi: Add RSI definitions arm64: Detect if in a realm and set RIPAS RAM fixmap: Allow architecture overriding set_fixmap_io arm64: Override set_fixmap_io arm64: Enable memory encrypt for Realms arm64: Force device mappings to be non-secure shared efi: arm64: Map Device with Prot Shared arch/arm64/Kconfig | 3 + arch/arm64/include/asm/fixmap.h | 4 +- arch/arm64/include/asm/io.h | 6 +- arch/arm64/include/asm/kvm_arm.h | 2 +- arch/arm64/include/asm/mem_encrypt.h | 19 ++ arch/arm64/include/asm/pgtable-hwdef.h | 4 +- arch/arm64/include/asm/pgtable-prot.h | 3 + arch/arm64/include/asm/pgtable.h | 7 +- arch/arm64/include/asm/rsi.h | 46 ++++ arch/arm64/include/asm/rsi_cmds.h | 143 ++++++++++++ arch/arm64/include/asm/rsi_smc.h | 136 ++++++++++++ arch/arm64/kernel/Makefile | 3 +- arch/arm64/kernel/efi.c | 2 +- arch/arm64/kernel/rsi.c | 85 +++++++ arch/arm64/kernel/setup.c | 3 + arch/arm64/mm/init.c | 13 +- arch/arm64/mm/mmu.c | 13 ++ arch/arm64/mm/pageattr.c | 48 +++- drivers/irqchip/irq-gic-v3-its.c | 95 ++++++-- drivers/virt/coco/Kconfig | 2 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/arm-cca-guest/Kconfig | 11 + drivers/virt/coco/arm-cca-guest/Makefile | 2 + .../virt/coco/arm-cca-guest/arm-cca-guest.c | 208 ++++++++++++++++++ include/asm-generic/fixmap.h | 2 + 25 files changed, 822 insertions(+), 39 deletions(-) create mode 100644 arch/arm64/include/asm/mem_encrypt.h create mode 100644 arch/arm64/include/asm/rsi.h create mode 100644 arch/arm64/include/asm/rsi_cmds.h create mode 100644 arch/arm64/include/asm/rsi_smc.h create mode 100644 arch/arm64/kernel/rsi.c create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c -- 2.34.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-04-12 8:42 UTC|newest] Thread overview: 264+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-04-12 8:40 [v2] Support for Arm CCA VMs on Linux Steven Price 2024-04-12 8:40 ` Steven Price 2024-04-11 18:54 ` Itaru Kitayama 2024-04-11 18:54 ` Itaru Kitayama 2024-04-15 8:14 ` Steven Price 2024-04-15 8:14 ` Steven Price 2024-04-12 8:41 ` Steven Price [this message] 2024-04-12 8:41 ` [PATCH v2 00/14] arm64: Support for running as a guest in Arm CCA Steven Price 2024-04-12 8:42 ` [PATCH v2 01/14] arm64: rsi: Add RSI definitions Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 02/14] arm64: Detect if in a realm and set RIPAS RAM Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-10 17:35 ` Catalin Marinas 2024-05-10 17:35 ` Catalin Marinas 2024-05-14 10:18 ` Suzuki K Poulose 2024-05-14 10:18 ` Suzuki K Poulose 2024-05-16 14:32 ` Catalin Marinas 2024-05-16 14:32 ` Catalin Marinas 2024-05-15 15:03 ` Steven Price 2024-05-15 15:03 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 03/14] arm64: realm: Query IPA size from the RMM Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 14:03 ` Catalin Marinas 2024-05-13 14:03 ` Catalin Marinas 2024-05-16 15:13 ` Steven Price 2024-05-16 15:13 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 04/14] arm64: Mark all I/O as non-secure shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 05/14] fixmap: Allow architecture overriding set_fixmap_io Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 06/14] arm64: Override set_fixmap_io Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 16:14 ` Catalin Marinas 2024-05-13 16:14 ` Catalin Marinas 2024-05-14 10:21 ` Suzuki K Poulose 2024-05-14 10:21 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 07/14] arm64: Make the PHYS_MASK_SHIFT dynamic Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 16:38 ` Catalin Marinas 2024-05-13 16:38 ` Catalin Marinas 2024-05-16 15:34 ` Steven Price 2024-05-16 15:34 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 08/14] arm64: Enforce bounce buffers for realm DMA Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 16:56 ` Catalin Marinas 2024-05-13 16:56 ` Catalin Marinas 2024-04-12 8:42 ` [PATCH v2 09/14] arm64: Enable memory encrypt for Realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-15 3:13 ` kernel test robot 2024-04-15 3:13 ` kernel test robot 2024-04-25 13:42 ` Suzuki K Poulose 2024-04-25 13:42 ` Suzuki K Poulose 2024-04-25 15:52 ` Steven Price 2024-04-25 15:52 ` Steven Price 2024-04-25 16:29 ` Suzuki K Poulose 2024-04-25 16:29 ` Suzuki K Poulose 2024-04-25 18:16 ` Emanuele Rocca 2024-04-25 18:16 ` Emanuele Rocca 2024-05-14 18:00 ` Catalin Marinas 2024-05-14 18:00 ` Catalin Marinas 2024-05-15 10:47 ` Suzuki K Poulose 2024-05-15 10:47 ` Suzuki K Poulose 2024-05-16 7:48 ` Catalin Marinas 2024-05-16 7:48 ` Catalin Marinas 2024-05-16 9:06 ` Suzuki K Poulose 2024-05-16 9:06 ` Suzuki K Poulose 2024-05-20 16:53 ` Catalin Marinas 2024-05-20 16:53 ` Catalin Marinas 2024-05-20 20:32 ` Michael Kelley 2024-05-20 20:32 ` Michael Kelley 2024-05-21 10:14 ` Catalin Marinas 2024-05-21 10:14 ` Catalin Marinas 2024-05-21 15:58 ` Michael Kelley 2024-05-21 15:58 ` Michael Kelley 2024-04-12 8:42 ` [PATCH v2 10/14] arm64: Force device mappings to be non-secure shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-15 9:01 ` Catalin Marinas 2024-05-15 9:01 ` Catalin Marinas 2024-05-15 11:00 ` Suzuki K Poulose 2024-05-15 11:00 ` Suzuki K Poulose 2024-05-17 9:34 ` Catalin Marinas 2024-05-17 9:34 ` Catalin Marinas 2024-04-12 8:42 ` [PATCH v2 11/14] efi: arm64: Map Device with Prot Shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 12/14] arm64: realm: Support nonsecure ITS emulation shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-15 11:01 ` Catalin Marinas 2024-05-15 11:01 ` Catalin Marinas 2024-05-22 15:52 ` Steven Price 2024-05-22 15:52 ` Steven Price 2024-05-22 17:05 ` Catalin Marinas 2024-05-22 17:05 ` Catalin Marinas 2024-05-23 9:57 ` Steven Price 2024-05-23 9:57 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 13/14] arm64: rsi: Interfaces to query attestation token Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-15 11:10 ` Catalin Marinas 2024-05-15 11:10 ` Catalin Marinas 2024-05-22 15:52 ` Steven Price 2024-05-22 15:52 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 14/14] virt: arm-cca-guest: TSM_REPORT support for realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-24 13:06 ` Thomas Fossati 2024-04-24 13:06 ` Thomas Fossati 2024-04-24 13:27 ` Suzuki K Poulose 2024-04-24 13:27 ` Suzuki K Poulose 2024-04-24 13:19 ` Suzuki K Poulose 2024-04-24 13:19 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 00/43] arm64: Support for Arm CCA in KVM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 01/43] KVM: Prepare for handling only shared mappings in mmu_notifier events Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-25 9:48 ` Fuad Tabba 2024-04-25 9:48 ` Fuad Tabba 2024-04-25 15:58 ` Steven Price 2024-04-25 15:58 ` Steven Price 2024-04-25 22:56 ` Sean Christopherson 2024-04-25 22:56 ` Sean Christopherson 2024-04-12 8:42 ` [PATCH v2 02/43] kvm: arm64: pgtable: Track the number of pages in the entry level Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 03/43] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 04/43] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 11:17 ` Suzuki K Poulose 2024-04-16 11:17 ` Suzuki K Poulose 2024-04-18 13:17 ` Steven Price 2024-04-18 13:17 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 05/43] arm64: RME: Add SMC definitions for calling the RMM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 12:38 ` Suzuki K Poulose 2024-04-16 12:38 ` Suzuki K Poulose 2024-04-18 13:17 ` Steven Price 2024-04-18 13:17 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 06/43] arm64: RME: Add wrappers for RMI calls Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 13:14 ` Suzuki K Poulose 2024-04-16 13:14 ` Suzuki K Poulose 2024-04-19 11:18 ` Steven Price 2024-04-19 11:18 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 07/43] arm64: RME: Check for RME support at KVM init Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 13:30 ` Suzuki K Poulose 2024-04-16 13:30 ` Suzuki K Poulose 2024-04-22 15:39 ` Steven Price 2024-04-22 15:39 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 08/43] arm64: RME: Define the user ABI Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 09/43] arm64: RME: ioctls to create and configure realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 9:51 ` Suzuki K Poulose 2024-04-17 9:51 ` Suzuki K Poulose 2024-04-22 16:33 ` Steven Price 2024-04-22 16:33 ` Steven Price 2024-04-18 16:04 ` Suzuki K Poulose 2024-04-18 16:04 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 10/43] kvm: arm64: Expose debug HW register numbers for Realm Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 11/43] arm64: kvm: Allow passing machine type in KVM creation Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 10:20 ` Suzuki K Poulose 2024-04-17 10:20 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 12/43] arm64: RME: Keep a spare page delegated to the RMM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 10:19 ` Suzuki K Poulose 2024-04-17 10:19 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 13/43] arm64: RME: RTT handling Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 13:37 ` Suzuki K Poulose 2024-04-17 13:37 ` Suzuki K Poulose 2024-04-24 10:59 ` Steven Price 2024-04-24 10:59 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 14/43] arm64: RME: Allocate/free RECs to match vCPUs Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-18 9:23 ` Suzuki K Poulose 2024-04-18 9:23 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 15/43] arm64: RME: Support for the VGIC in realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 16/43] KVM: arm64: Support timers in realm RECs Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-18 9:30 ` Suzuki K Poulose 2024-04-18 9:30 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 17/43] arm64: RME: Allow VMM to set RIPAS Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-19 9:34 ` Suzuki K Poulose 2024-04-19 9:34 ` Suzuki K Poulose 2024-04-19 10:20 ` Suzuki K Poulose 2024-04-19 10:20 ` Suzuki K Poulose 2024-05-01 15:47 ` Steven Price 2024-05-01 15:47 ` Steven Price 2024-05-02 10:16 ` Suzuki K Poulose 2024-05-02 10:16 ` Suzuki K Poulose 2024-04-25 9:53 ` Fuad Tabba 2024-04-25 9:53 ` Fuad Tabba 2024-05-01 14:27 ` Jean-Philippe Brucker 2024-05-01 14:27 ` Jean-Philippe Brucker 2024-05-01 14:56 ` Suzuki K Poulose 2024-05-01 14:56 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 18/43] arm64: RME: Handle realm enter/exit Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-19 13:00 ` Suzuki K Poulose 2024-04-19 13:00 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 19/43] KVM: arm64: Handle realm MMIO emulation Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 20/43] arm64: RME: Allow populating initial contents Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-19 13:17 ` Suzuki K Poulose 2024-04-19 13:17 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 21/43] arm64: RME: Runtime faulting of memory Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-25 10:43 ` Fuad Tabba 2024-04-25 10:43 ` Fuad Tabba 2024-04-12 8:42 ` [PATCH v2 22/43] KVM: arm64: Handle realm VCPU load Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 23/43] KVM: arm64: Validate register access for a Realm VM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 24/43] KVM: arm64: Handle Realm PSCI requests Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 25/43] KVM: arm64: WARN on injected undef exceptions Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 26/43] arm64: Don't expose stolen time for realm guests Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 27/43] arm64: rme: allow userspace to inject aborts Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 28/43] arm64: rme: support RSI_HOST_CALL Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 29/43] arm64: rme: Allow checking SVE on VM instance Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 30/43] arm64: RME: Always use 4k pages for realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 31/43] arm64: rme: Prevent Device mappings for Realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 32/43] arm_pmu: Provide a mechanism for disabling the physical IRQ Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 33/43] arm64: rme: Enable PMU support with a realm guest Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-13 23:44 ` kernel test robot 2024-04-13 23:44 ` kernel test robot 2024-04-18 16:06 ` Suzuki K Poulose 2024-04-18 16:06 ` Suzuki K Poulose 2024-04-12 8:43 ` [PATCH v2 34/43] kvm: rme: Hide KVM_CAP_READONLY_MEM for realm guests Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 35/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 36/43] arm64: RME: Set breakpoint parameters through SET_ONE_REG Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 37/43] arm64: RME: Initialize PMCR.N with number counter supported by RMM Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 38/43] arm64: RME: Propagate max SVE vector length from RMM Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 39/43] arm64: RME: Configure max SVE vector length for a Realm Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 40/43] arm64: RME: Provide register list for unfinalized RME RECs Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 41/43] arm64: RME: Provide accurate register list Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 42/43] arm64: kvm: Expose support for private memory Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-25 14:44 ` Fuad Tabba 2024-04-25 14:44 ` Fuad Tabba 2024-04-12 8:43 ` [PATCH v2 43/43] KVM: arm64: Allow activating realms Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 16:52 ` [v2] Support for Arm CCA VMs on Linux Jean-Philippe Brucker 2024-04-12 16:52 ` Jean-Philippe Brucker
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20240412084213.1733764-1-steven.price@arm.com \ --to=steven.price@arm.com \ --cc=alexandru.elisei@arm.com \ --cc=catalin.marinas@arm.com \ --cc=christoffer.dall@arm.com \ --cc=gankulkarni@os.amperecomputing.com \ --cc=james.morse@arm.com \ --cc=joey.gouly@arm.com \ --cc=kvm@vger.kernel.org \ --cc=kvmarm@lists.linux.dev \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-coco@lists.linux.dev \ --cc=linux-kernel@vger.kernel.org \ --cc=maz@kernel.org \ --cc=oliver.upton@linux.dev \ --cc=suzuki.poulose@arm.com \ --cc=tabba@google.com \ --cc=will@kernel.org \ --cc=yuzenghui@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.