From: Steven Price <steven.price@arm.com> To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Sami Mujawar <sami.mujawar@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, Fuad Tabba <tabba@google.com>, linux-coco@lists.linux.dev, Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>, Steven Price <steven.price@arm.com> Subject: [PATCH v2 14/14] virt: arm-cca-guest: TSM_REPORT support for realms Date: Fri, 12 Apr 2024 09:42:13 +0100 [thread overview] Message-ID: <20240412084213.1733764-15-steven.price@arm.com> (raw) In-Reply-To: <20240412084213.1733764-1-steven.price@arm.com> From: Sami Mujawar <sami.mujawar@arm.com> Introduce an arm-cca-guest driver that registers with the configfs-tsm module to provide user interfaces for retrieving an attestation token. When a new report is requested the arm-cca-guest driver invokes the appropriate RSI interfaces to query an attestation token. The steps to retrieve an attestation token are as follows: 1. Mount the configfs filesystem if not already mounted mount -t configfs none /sys/kernel/config 2. Generate an attestation token report=/sys/kernel/config/tsm/report/report0 mkdir $report dd if=/dev/urandom bs=64 count=1 > $report/inblob hexdump -C $report/outblob rmdir $report Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Steven Price <steven.price@arm.com> --- drivers/virt/coco/Kconfig | 2 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/arm-cca-guest/Kconfig | 11 + drivers/virt/coco/arm-cca-guest/Makefile | 2 + .../virt/coco/arm-cca-guest/arm-cca-guest.c | 208 ++++++++++++++++++ 5 files changed, 224 insertions(+) create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig index 87d142c1f932..4fb69804b622 100644 --- a/drivers/virt/coco/Kconfig +++ b/drivers/virt/coco/Kconfig @@ -12,3 +12,5 @@ source "drivers/virt/coco/efi_secret/Kconfig" source "drivers/virt/coco/sev-guest/Kconfig" source "drivers/virt/coco/tdx-guest/Kconfig" + +source "drivers/virt/coco/arm-cca-guest/Kconfig" diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile index 18c1aba5edb7..a6228a1bf992 100644 --- a/drivers/virt/coco/Makefile +++ b/drivers/virt/coco/Makefile @@ -6,3 +6,4 @@ obj-$(CONFIG_TSM_REPORTS) += tsm.o obj-$(CONFIG_EFI_SECRET) += efi_secret/ obj-$(CONFIG_SEV_GUEST) += sev-guest/ obj-$(CONFIG_INTEL_TDX_GUEST) += tdx-guest/ +obj-$(CONFIG_ARM_CCA_GUEST) += arm-cca-guest/ diff --git a/drivers/virt/coco/arm-cca-guest/Kconfig b/drivers/virt/coco/arm-cca-guest/Kconfig new file mode 100644 index 000000000000..c4039c10dce2 --- /dev/null +++ b/drivers/virt/coco/arm-cca-guest/Kconfig @@ -0,0 +1,11 @@ +config ARM_CCA_GUEST + tristate "Arm CCA Guest driver" + depends on ARM64 + default m + select TSM_REPORTS + help + The driver provides userspace interface to request and + attestation report from the Realm Management Monitor(RMM). + + If you choose 'M' here, this module will be called + realm-guest. diff --git a/drivers/virt/coco/arm-cca-guest/Makefile b/drivers/virt/coco/arm-cca-guest/Makefile new file mode 100644 index 000000000000..69eeba08e98a --- /dev/null +++ b/drivers/virt/coco/arm-cca-guest/Makefile @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +obj-$(CONFIG_ARM_CCA_GUEST) += arm-cca-guest.o diff --git a/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c b/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c new file mode 100644 index 000000000000..2c15ff162da0 --- /dev/null +++ b/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c @@ -0,0 +1,208 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Ltd. + */ + +#include <linux/arm-smccc.h> +#include <linux/cc_platform.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/smp.h> +#include <linux/tsm.h> +#include <linux/types.h> + +#include <asm/rsi.h> + +/** + * struct arm_cca_token_info - a descriptor for the token buffer. + * @granule: PA of the page to which the token will be written + * @offset: Offset within granule to start of buffer in bytes + * @len: Number of bytes of token data that was retrieved + * @result: result of rsi_attestation_token_continue operation + */ +struct arm_cca_token_info { + phys_addr_t granule; + unsigned long offset; + int result; +}; + +/** + * arm_cca_attestation_continue - Retrieve the attestation token data. + * + * @param: pointer to the arm_cca_token_info + * + * Attestation token generation is a long running operation and therefore + * the token data may not be retrieved in a single call. Moreover, the + * token retrieval operation must be requested on the same CPU on which the + * attestation token generation was initialised. + * This helper function is therefore scheduled on the same CPU multiple + * times until the entire token data is retrieved. + */ +static void arm_cca_attestation_continue(void *param) +{ + unsigned long len; + unsigned long size; + struct arm_cca_token_info *info; + + if (!param) + return; + + info = (struct arm_cca_token_info *)param; + + size = GRANULE_SIZE - info->offset; + info->result = rsi_attestation_token_continue(info->granule, + info->offset, size, &len); + info->offset += len; +} + +/** + * arm_cca_report_new - Generate a new attestation token. + * + * @report: pointer to the TSM report context information. + * @data: pointer to the context specific data for this module. + * + * Initialise the attestation token generation using the challenge data + * passed in the TSM decriptor. Allocate memory for the attestation token + * and schedule calls to retrieve the attestation token on the same CPU + * on which the attestation token generation was initialised. + * + * Return: + * * %0 - Attestation token generated successfully. + * * %-EINVAL - A parameter was not valid. + * * %-ENOMEM - Out of memory. + * * %-EFAULT - Failed to get IPA for memory page(s). + * * %A negative status code as returned by smp_call_function_single(). + */ +static int arm_cca_report_new(struct tsm_report *report, void *data) +{ + int ret; + int cpu; + long max_size; + unsigned long token_size; + struct arm_cca_token_info info; + void *buf; + u8 *token __free(kvfree) = NULL; + struct tsm_desc *desc = &report->desc; + + if (!report) + return -EINVAL; + + if (desc->inblob_len < 32 || desc->inblob_len > 64) + return -EINVAL; + + /* + * Get a CPU on which the attestation token generation will be + * scheduled and initialise the attestation token generation. + */ + cpu = get_cpu(); + max_size = rsi_attestation_token_init(desc->inblob, desc->inblob_len); + put_cpu(); + + if (max_size <= 0) + return -EINVAL; + + /* Allocate outblob */ + token = kvzalloc(max_size, GFP_KERNEL); + if (!token) + return -ENOMEM; + + /* + * Since the outblob may not be physically contiguous, use a page + * to bounce the buffer from RMM. + */ + buf = alloc_pages_exact(GRANULE_SIZE, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + /* Get the PA of the memory page(s) that were allocated. */ + info.granule = (unsigned long)virt_to_phys(buf); + + token_size = 0; + /* Loop until the token is ready or there is an error. */ + do { + /* Retrieve one GRANULE_SIZE data per loop iteration. */ + info.offset = 0; + do { + /* + * Schedule a call to retrieve a sub-granule chunk + * of data per loop iteration. + */ + ret = smp_call_function_single(cpu, + arm_cca_attestation_continue, + (void *)&info, true); + if (ret != 0) { + token_size = 0; + goto exit_free_granule_page; + } + + ret = info.result; + } while ((ret == RSI_INCOMPLETE) && + (info.offset < GRANULE_SIZE)); + + /* + * Copy the retrieved token data from the granule + * to the token buffer, ensuring that the RMM doesn't + * overflow the buffer. + */ + if (WARN_ON(token_size + info.offset > max_size)) + break; + memcpy(&token[token_size], buf, info.offset); + token_size += info.offset; + } while (ret == RSI_INCOMPLETE); + + if (ret != RSI_SUCCESS) { + ret = -ENXIO; + token_size = 0; + goto exit_free_granule_page; + } + + report->outblob = no_free_ptr(token); +exit_free_granule_page: + report->outblob_len = token_size; + free_pages_exact(buf, GRANULE_SIZE); + return ret; +} + +static const struct tsm_ops arm_cca_tsm_ops = { + .name = KBUILD_MODNAME, + .report_new = arm_cca_report_new, +}; + +/** + * arm_cca_guest_init - Register with the Trusted Security Module (TSM) + * interface. + * + * Return: + * * %0 - Registered successfully with the TSM interface. + * * %-ENODEV - The execution context is not an Arm Realm. + * * %-EINVAL - A parameter was not valid. + * * %-EBUSY - Already registered. + */ +static int __init arm_cca_guest_init(void) +{ + int ret; + + if (!is_realm_world()) + return -ENODEV; + + ret = tsm_register(&arm_cca_tsm_ops, NULL, &tsm_report_default_type); + if (ret < 0) + pr_err("Failed to register with TSM.\n"); + + return ret; +} +module_init(arm_cca_guest_init); + +/** + * arm_cca_guest_exit - unregister with the Trusted Security Module (TSM) + * interface. + */ +static void __exit arm_cca_guest_exit(void) +{ + tsm_unregister(&arm_cca_tsm_ops); +} +module_exit(arm_cca_guest_exit); + +MODULE_AUTHOR("Sami Mujawar <sami.mujawar@arm.com>"); +MODULE_DESCRIPTION("Arm CCA Guest TSM Driver."); +MODULE_LICENSE("GPL"); -- 2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Steven Price <steven.price@arm.com> To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Sami Mujawar <sami.mujawar@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, Fuad Tabba <tabba@google.com>, linux-coco@lists.linux.dev, Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>, Steven Price <steven.price@arm.com> Subject: [PATCH v2 14/14] virt: arm-cca-guest: TSM_REPORT support for realms Date: Fri, 12 Apr 2024 09:42:13 +0100 [thread overview] Message-ID: <20240412084213.1733764-15-steven.price@arm.com> (raw) In-Reply-To: <20240412084213.1733764-1-steven.price@arm.com> From: Sami Mujawar <sami.mujawar@arm.com> Introduce an arm-cca-guest driver that registers with the configfs-tsm module to provide user interfaces for retrieving an attestation token. When a new report is requested the arm-cca-guest driver invokes the appropriate RSI interfaces to query an attestation token. The steps to retrieve an attestation token are as follows: 1. Mount the configfs filesystem if not already mounted mount -t configfs none /sys/kernel/config 2. Generate an attestation token report=/sys/kernel/config/tsm/report/report0 mkdir $report dd if=/dev/urandom bs=64 count=1 > $report/inblob hexdump -C $report/outblob rmdir $report Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Steven Price <steven.price@arm.com> --- drivers/virt/coco/Kconfig | 2 + drivers/virt/coco/Makefile | 1 + drivers/virt/coco/arm-cca-guest/Kconfig | 11 + drivers/virt/coco/arm-cca-guest/Makefile | 2 + .../virt/coco/arm-cca-guest/arm-cca-guest.c | 208 ++++++++++++++++++ 5 files changed, 224 insertions(+) create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig index 87d142c1f932..4fb69804b622 100644 --- a/drivers/virt/coco/Kconfig +++ b/drivers/virt/coco/Kconfig @@ -12,3 +12,5 @@ source "drivers/virt/coco/efi_secret/Kconfig" source "drivers/virt/coco/sev-guest/Kconfig" source "drivers/virt/coco/tdx-guest/Kconfig" + +source "drivers/virt/coco/arm-cca-guest/Kconfig" diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile index 18c1aba5edb7..a6228a1bf992 100644 --- a/drivers/virt/coco/Makefile +++ b/drivers/virt/coco/Makefile @@ -6,3 +6,4 @@ obj-$(CONFIG_TSM_REPORTS) += tsm.o obj-$(CONFIG_EFI_SECRET) += efi_secret/ obj-$(CONFIG_SEV_GUEST) += sev-guest/ obj-$(CONFIG_INTEL_TDX_GUEST) += tdx-guest/ +obj-$(CONFIG_ARM_CCA_GUEST) += arm-cca-guest/ diff --git a/drivers/virt/coco/arm-cca-guest/Kconfig b/drivers/virt/coco/arm-cca-guest/Kconfig new file mode 100644 index 000000000000..c4039c10dce2 --- /dev/null +++ b/drivers/virt/coco/arm-cca-guest/Kconfig @@ -0,0 +1,11 @@ +config ARM_CCA_GUEST + tristate "Arm CCA Guest driver" + depends on ARM64 + default m + select TSM_REPORTS + help + The driver provides userspace interface to request and + attestation report from the Realm Management Monitor(RMM). + + If you choose 'M' here, this module will be called + realm-guest. diff --git a/drivers/virt/coco/arm-cca-guest/Makefile b/drivers/virt/coco/arm-cca-guest/Makefile new file mode 100644 index 000000000000..69eeba08e98a --- /dev/null +++ b/drivers/virt/coco/arm-cca-guest/Makefile @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +obj-$(CONFIG_ARM_CCA_GUEST) += arm-cca-guest.o diff --git a/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c b/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c new file mode 100644 index 000000000000..2c15ff162da0 --- /dev/null +++ b/drivers/virt/coco/arm-cca-guest/arm-cca-guest.c @@ -0,0 +1,208 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Ltd. + */ + +#include <linux/arm-smccc.h> +#include <linux/cc_platform.h> +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/smp.h> +#include <linux/tsm.h> +#include <linux/types.h> + +#include <asm/rsi.h> + +/** + * struct arm_cca_token_info - a descriptor for the token buffer. + * @granule: PA of the page to which the token will be written + * @offset: Offset within granule to start of buffer in bytes + * @len: Number of bytes of token data that was retrieved + * @result: result of rsi_attestation_token_continue operation + */ +struct arm_cca_token_info { + phys_addr_t granule; + unsigned long offset; + int result; +}; + +/** + * arm_cca_attestation_continue - Retrieve the attestation token data. + * + * @param: pointer to the arm_cca_token_info + * + * Attestation token generation is a long running operation and therefore + * the token data may not be retrieved in a single call. Moreover, the + * token retrieval operation must be requested on the same CPU on which the + * attestation token generation was initialised. + * This helper function is therefore scheduled on the same CPU multiple + * times until the entire token data is retrieved. + */ +static void arm_cca_attestation_continue(void *param) +{ + unsigned long len; + unsigned long size; + struct arm_cca_token_info *info; + + if (!param) + return; + + info = (struct arm_cca_token_info *)param; + + size = GRANULE_SIZE - info->offset; + info->result = rsi_attestation_token_continue(info->granule, + info->offset, size, &len); + info->offset += len; +} + +/** + * arm_cca_report_new - Generate a new attestation token. + * + * @report: pointer to the TSM report context information. + * @data: pointer to the context specific data for this module. + * + * Initialise the attestation token generation using the challenge data + * passed in the TSM decriptor. Allocate memory for the attestation token + * and schedule calls to retrieve the attestation token on the same CPU + * on which the attestation token generation was initialised. + * + * Return: + * * %0 - Attestation token generated successfully. + * * %-EINVAL - A parameter was not valid. + * * %-ENOMEM - Out of memory. + * * %-EFAULT - Failed to get IPA for memory page(s). + * * %A negative status code as returned by smp_call_function_single(). + */ +static int arm_cca_report_new(struct tsm_report *report, void *data) +{ + int ret; + int cpu; + long max_size; + unsigned long token_size; + struct arm_cca_token_info info; + void *buf; + u8 *token __free(kvfree) = NULL; + struct tsm_desc *desc = &report->desc; + + if (!report) + return -EINVAL; + + if (desc->inblob_len < 32 || desc->inblob_len > 64) + return -EINVAL; + + /* + * Get a CPU on which the attestation token generation will be + * scheduled and initialise the attestation token generation. + */ + cpu = get_cpu(); + max_size = rsi_attestation_token_init(desc->inblob, desc->inblob_len); + put_cpu(); + + if (max_size <= 0) + return -EINVAL; + + /* Allocate outblob */ + token = kvzalloc(max_size, GFP_KERNEL); + if (!token) + return -ENOMEM; + + /* + * Since the outblob may not be physically contiguous, use a page + * to bounce the buffer from RMM. + */ + buf = alloc_pages_exact(GRANULE_SIZE, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + /* Get the PA of the memory page(s) that were allocated. */ + info.granule = (unsigned long)virt_to_phys(buf); + + token_size = 0; + /* Loop until the token is ready or there is an error. */ + do { + /* Retrieve one GRANULE_SIZE data per loop iteration. */ + info.offset = 0; + do { + /* + * Schedule a call to retrieve a sub-granule chunk + * of data per loop iteration. + */ + ret = smp_call_function_single(cpu, + arm_cca_attestation_continue, + (void *)&info, true); + if (ret != 0) { + token_size = 0; + goto exit_free_granule_page; + } + + ret = info.result; + } while ((ret == RSI_INCOMPLETE) && + (info.offset < GRANULE_SIZE)); + + /* + * Copy the retrieved token data from the granule + * to the token buffer, ensuring that the RMM doesn't + * overflow the buffer. + */ + if (WARN_ON(token_size + info.offset > max_size)) + break; + memcpy(&token[token_size], buf, info.offset); + token_size += info.offset; + } while (ret == RSI_INCOMPLETE); + + if (ret != RSI_SUCCESS) { + ret = -ENXIO; + token_size = 0; + goto exit_free_granule_page; + } + + report->outblob = no_free_ptr(token); +exit_free_granule_page: + report->outblob_len = token_size; + free_pages_exact(buf, GRANULE_SIZE); + return ret; +} + +static const struct tsm_ops arm_cca_tsm_ops = { + .name = KBUILD_MODNAME, + .report_new = arm_cca_report_new, +}; + +/** + * arm_cca_guest_init - Register with the Trusted Security Module (TSM) + * interface. + * + * Return: + * * %0 - Registered successfully with the TSM interface. + * * %-ENODEV - The execution context is not an Arm Realm. + * * %-EINVAL - A parameter was not valid. + * * %-EBUSY - Already registered. + */ +static int __init arm_cca_guest_init(void) +{ + int ret; + + if (!is_realm_world()) + return -ENODEV; + + ret = tsm_register(&arm_cca_tsm_ops, NULL, &tsm_report_default_type); + if (ret < 0) + pr_err("Failed to register with TSM.\n"); + + return ret; +} +module_init(arm_cca_guest_init); + +/** + * arm_cca_guest_exit - unregister with the Trusted Security Module (TSM) + * interface. + */ +static void __exit arm_cca_guest_exit(void) +{ + tsm_unregister(&arm_cca_tsm_ops); +} +module_exit(arm_cca_guest_exit); + +MODULE_AUTHOR("Sami Mujawar <sami.mujawar@arm.com>"); +MODULE_DESCRIPTION("Arm CCA Guest TSM Driver."); +MODULE_LICENSE("GPL"); -- 2.34.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-04-12 8:42 UTC|newest] Thread overview: 256+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-04-12 8:40 [v2] Support for Arm CCA VMs on Linux Steven Price 2024-04-12 8:40 ` Steven Price 2024-04-11 18:54 ` Itaru Kitayama 2024-04-11 18:54 ` Itaru Kitayama 2024-04-15 8:14 ` Steven Price 2024-04-15 8:14 ` Steven Price 2024-04-12 8:41 ` [PATCH v2 00/14] arm64: Support for running as a guest in Arm CCA Steven Price 2024-04-12 8:41 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 01/14] arm64: rsi: Add RSI definitions Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 02/14] arm64: Detect if in a realm and set RIPAS RAM Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-10 17:35 ` Catalin Marinas 2024-05-10 17:35 ` Catalin Marinas 2024-05-14 10:18 ` Suzuki K Poulose 2024-05-14 10:18 ` Suzuki K Poulose 2024-05-16 14:32 ` Catalin Marinas 2024-05-16 14:32 ` Catalin Marinas 2024-05-15 15:03 ` Steven Price 2024-05-15 15:03 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 03/14] arm64: realm: Query IPA size from the RMM Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 14:03 ` Catalin Marinas 2024-05-13 14:03 ` Catalin Marinas 2024-05-16 15:13 ` Steven Price 2024-05-16 15:13 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 04/14] arm64: Mark all I/O as non-secure shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 05/14] fixmap: Allow architecture overriding set_fixmap_io Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 06/14] arm64: Override set_fixmap_io Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 16:14 ` Catalin Marinas 2024-05-13 16:14 ` Catalin Marinas 2024-05-14 10:21 ` Suzuki K Poulose 2024-05-14 10:21 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 07/14] arm64: Make the PHYS_MASK_SHIFT dynamic Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 16:38 ` Catalin Marinas 2024-05-13 16:38 ` Catalin Marinas 2024-05-16 15:34 ` Steven Price 2024-05-16 15:34 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 08/14] arm64: Enforce bounce buffers for realm DMA Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-13 16:56 ` Catalin Marinas 2024-05-13 16:56 ` Catalin Marinas 2024-04-12 8:42 ` [PATCH v2 09/14] arm64: Enable memory encrypt for Realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-15 3:13 ` kernel test robot 2024-04-15 3:13 ` kernel test robot 2024-04-25 13:42 ` Suzuki K Poulose 2024-04-25 13:42 ` Suzuki K Poulose 2024-04-25 15:52 ` Steven Price 2024-04-25 15:52 ` Steven Price 2024-04-25 16:29 ` Suzuki K Poulose 2024-04-25 16:29 ` Suzuki K Poulose 2024-04-25 18:16 ` Emanuele Rocca 2024-04-25 18:16 ` Emanuele Rocca 2024-05-14 18:00 ` Catalin Marinas 2024-05-14 18:00 ` Catalin Marinas 2024-05-15 10:47 ` Suzuki K Poulose 2024-05-15 10:47 ` Suzuki K Poulose 2024-05-16 7:48 ` Catalin Marinas 2024-05-16 7:48 ` Catalin Marinas 2024-05-16 9:06 ` Suzuki K Poulose 2024-05-16 9:06 ` Suzuki K Poulose 2024-05-20 16:53 ` Catalin Marinas 2024-05-20 16:53 ` Catalin Marinas 2024-05-20 20:32 ` Michael Kelley 2024-05-20 20:32 ` Michael Kelley 2024-05-21 10:14 ` Catalin Marinas 2024-05-21 10:14 ` Catalin Marinas 2024-05-21 15:58 ` Michael Kelley 2024-05-21 15:58 ` Michael Kelley 2024-04-12 8:42 ` [PATCH v2 10/14] arm64: Force device mappings to be non-secure shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-15 9:01 ` Catalin Marinas 2024-05-15 9:01 ` Catalin Marinas 2024-05-15 11:00 ` Suzuki K Poulose 2024-05-15 11:00 ` Suzuki K Poulose 2024-05-17 9:34 ` Catalin Marinas 2024-05-17 9:34 ` Catalin Marinas 2024-04-12 8:42 ` [PATCH v2 11/14] efi: arm64: Map Device with Prot Shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 12/14] arm64: realm: Support nonsecure ITS emulation shared Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-15 11:01 ` Catalin Marinas 2024-05-15 11:01 ` Catalin Marinas 2024-04-12 8:42 ` [PATCH v2 13/14] arm64: rsi: Interfaces to query attestation token Steven Price 2024-04-12 8:42 ` Steven Price 2024-05-15 11:10 ` Catalin Marinas 2024-05-15 11:10 ` Catalin Marinas 2024-04-12 8:42 ` Steven Price [this message] 2024-04-12 8:42 ` [PATCH v2 14/14] virt: arm-cca-guest: TSM_REPORT support for realms Steven Price 2024-04-24 13:06 ` Thomas Fossati 2024-04-24 13:06 ` Thomas Fossati 2024-04-24 13:27 ` Suzuki K Poulose 2024-04-24 13:27 ` Suzuki K Poulose 2024-04-24 13:19 ` Suzuki K Poulose 2024-04-24 13:19 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 00/43] arm64: Support for Arm CCA in KVM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 01/43] KVM: Prepare for handling only shared mappings in mmu_notifier events Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-25 9:48 ` Fuad Tabba 2024-04-25 9:48 ` Fuad Tabba 2024-04-25 15:58 ` Steven Price 2024-04-25 15:58 ` Steven Price 2024-04-25 22:56 ` Sean Christopherson 2024-04-25 22:56 ` Sean Christopherson 2024-04-12 8:42 ` [PATCH v2 02/43] kvm: arm64: pgtable: Track the number of pages in the entry level Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 03/43] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 04/43] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 11:17 ` Suzuki K Poulose 2024-04-16 11:17 ` Suzuki K Poulose 2024-04-18 13:17 ` Steven Price 2024-04-18 13:17 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 05/43] arm64: RME: Add SMC definitions for calling the RMM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 12:38 ` Suzuki K Poulose 2024-04-16 12:38 ` Suzuki K Poulose 2024-04-18 13:17 ` Steven Price 2024-04-18 13:17 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 06/43] arm64: RME: Add wrappers for RMI calls Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 13:14 ` Suzuki K Poulose 2024-04-16 13:14 ` Suzuki K Poulose 2024-04-19 11:18 ` Steven Price 2024-04-19 11:18 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 07/43] arm64: RME: Check for RME support at KVM init Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-16 13:30 ` Suzuki K Poulose 2024-04-16 13:30 ` Suzuki K Poulose 2024-04-22 15:39 ` Steven Price 2024-04-22 15:39 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 08/43] arm64: RME: Define the user ABI Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 09/43] arm64: RME: ioctls to create and configure realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 9:51 ` Suzuki K Poulose 2024-04-17 9:51 ` Suzuki K Poulose 2024-04-22 16:33 ` Steven Price 2024-04-22 16:33 ` Steven Price 2024-04-18 16:04 ` Suzuki K Poulose 2024-04-18 16:04 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 10/43] kvm: arm64: Expose debug HW register numbers for Realm Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 11/43] arm64: kvm: Allow passing machine type in KVM creation Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 10:20 ` Suzuki K Poulose 2024-04-17 10:20 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 12/43] arm64: RME: Keep a spare page delegated to the RMM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 10:19 ` Suzuki K Poulose 2024-04-17 10:19 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 13/43] arm64: RME: RTT handling Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-17 13:37 ` Suzuki K Poulose 2024-04-17 13:37 ` Suzuki K Poulose 2024-04-24 10:59 ` Steven Price 2024-04-24 10:59 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 14/43] arm64: RME: Allocate/free RECs to match vCPUs Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-18 9:23 ` Suzuki K Poulose 2024-04-18 9:23 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 15/43] arm64: RME: Support for the VGIC in realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 16/43] KVM: arm64: Support timers in realm RECs Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-18 9:30 ` Suzuki K Poulose 2024-04-18 9:30 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 17/43] arm64: RME: Allow VMM to set RIPAS Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-19 9:34 ` Suzuki K Poulose 2024-04-19 9:34 ` Suzuki K Poulose 2024-04-19 10:20 ` Suzuki K Poulose 2024-04-19 10:20 ` Suzuki K Poulose 2024-05-01 15:47 ` Steven Price 2024-05-01 15:47 ` Steven Price 2024-05-02 10:16 ` Suzuki K Poulose 2024-05-02 10:16 ` Suzuki K Poulose 2024-04-25 9:53 ` Fuad Tabba 2024-04-25 9:53 ` Fuad Tabba 2024-05-01 14:27 ` Jean-Philippe Brucker 2024-05-01 14:27 ` Jean-Philippe Brucker 2024-05-01 14:56 ` Suzuki K Poulose 2024-05-01 14:56 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 18/43] arm64: RME: Handle realm enter/exit Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-19 13:00 ` Suzuki K Poulose 2024-04-19 13:00 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 19/43] KVM: arm64: Handle realm MMIO emulation Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 20/43] arm64: RME: Allow populating initial contents Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-19 13:17 ` Suzuki K Poulose 2024-04-19 13:17 ` Suzuki K Poulose 2024-04-12 8:42 ` [PATCH v2 21/43] arm64: RME: Runtime faulting of memory Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-25 10:43 ` Fuad Tabba 2024-04-25 10:43 ` Fuad Tabba 2024-04-12 8:42 ` [PATCH v2 22/43] KVM: arm64: Handle realm VCPU load Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 23/43] KVM: arm64: Validate register access for a Realm VM Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 24/43] KVM: arm64: Handle Realm PSCI requests Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 25/43] KVM: arm64: WARN on injected undef exceptions Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 26/43] arm64: Don't expose stolen time for realm guests Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 27/43] arm64: rme: allow userspace to inject aborts Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 28/43] arm64: rme: support RSI_HOST_CALL Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 29/43] arm64: rme: Allow checking SVE on VM instance Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 30/43] arm64: RME: Always use 4k pages for realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 31/43] arm64: rme: Prevent Device mappings for Realms Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 32/43] arm_pmu: Provide a mechanism for disabling the physical IRQ Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-12 8:42 ` [PATCH v2 33/43] arm64: rme: Enable PMU support with a realm guest Steven Price 2024-04-12 8:42 ` Steven Price 2024-04-13 23:44 ` kernel test robot 2024-04-13 23:44 ` kernel test robot 2024-04-18 16:06 ` Suzuki K Poulose 2024-04-18 16:06 ` Suzuki K Poulose 2024-04-12 8:43 ` [PATCH v2 34/43] kvm: rme: Hide KVM_CAP_READONLY_MEM for realm guests Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 35/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 36/43] arm64: RME: Set breakpoint parameters through SET_ONE_REG Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 37/43] arm64: RME: Initialize PMCR.N with number counter supported by RMM Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 38/43] arm64: RME: Propagate max SVE vector length from RMM Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 39/43] arm64: RME: Configure max SVE vector length for a Realm Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 40/43] arm64: RME: Provide register list for unfinalized RME RECs Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 41/43] arm64: RME: Provide accurate register list Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 8:43 ` [PATCH v2 42/43] arm64: kvm: Expose support for private memory Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-25 14:44 ` Fuad Tabba 2024-04-25 14:44 ` Fuad Tabba 2024-04-12 8:43 ` [PATCH v2 43/43] KVM: arm64: Allow activating realms Steven Price 2024-04-12 8:43 ` Steven Price 2024-04-12 16:52 ` [v2] Support for Arm CCA VMs on Linux Jean-Philippe Brucker 2024-04-12 16:52 ` Jean-Philippe Brucker
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20240412084213.1733764-15-steven.price@arm.com \ --to=steven.price@arm.com \ --cc=alexandru.elisei@arm.com \ --cc=catalin.marinas@arm.com \ --cc=christoffer.dall@arm.com \ --cc=gankulkarni@os.amperecomputing.com \ --cc=james.morse@arm.com \ --cc=joey.gouly@arm.com \ --cc=kvm@vger.kernel.org \ --cc=kvmarm@lists.linux.dev \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-coco@lists.linux.dev \ --cc=linux-kernel@vger.kernel.org \ --cc=maz@kernel.org \ --cc=oliver.upton@linux.dev \ --cc=sami.mujawar@arm.com \ --cc=suzuki.poulose@arm.com \ --cc=tabba@google.com \ --cc=will@kernel.org \ --cc=yuzenghui@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.