[kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: kvmarm@lists.linux.dev
Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev,
	linux-arm-kernel@lists.infradead.org, maz@kernel.org,
	alexandru.elisei@arm.com, joey.gouly@arm.com,
	steven.price@arm.com, james.morse@arm.com,
	oliver.upton@linux.dev, yuzenghui@huawei.com,
	andrew.jones@linux.dev, eric.auger@redhat.com,
	Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM
Date: Fri, 12 Apr 2024 11:33:46 +0100	[thread overview]
Message-ID: <20240412103408.2706058-12-suzuki.poulose@arm.com> (raw)
In-Reply-To: <20240412103408.2706058-1-suzuki.poulose@arm.com>

A Realm must ensure that the "RAM" region is set to RIPAS_RAM, before any
access is made. This patch makes sure that all memory blocks are marked as
RIPAS_RAM. Also, before we relocate the "FDT" and "initrd", make sure the
target location is marked too. This happens before we parse the memory blocks.

It is OK to do this operation on a given IPA multiple times. So, we don't
exclude the inital image areas from the "target" list.

Also, this operation doesn't require the host to commit physical memory to back
the IPAs yet. It can be done on demand via fault handling.

Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
 lib/arm/setup.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/arm/setup.c b/lib/arm/setup.c
index ebd6d058..d726c32a 100644
--- a/lib/arm/setup.c
+++ b/lib/arm/setup.c
@@ -184,6 +184,7 @@ static void mem_init(phys_addr_t freemem_start)
 	while (r && r->end != mem.end)
 		r = memregions_find(r->end);
 	assert(r);
+	arm_set_memory_protected_safe(r->start, r->end - r->start);
 
 	/* Ensure our selected freemem range is somewhere in our full range */
 	assert(freemem_start >= mem.start && freemem->end <= mem.end);
@@ -206,7 +207,14 @@ static void freemem_push_fdt(void **freemem, const void *fdt)
 	assert((unsigned long)fdt > (unsigned long)&stacktop);
 
 	fdt_size = fdt_totalsize(fdt);
+
+	/*
+	 * Before we touch the memory @freemem, make sure it
+	 * is set to protected for Realms.
+	 */
+	arm_set_memory_protected_safe((unsigned long)*freemem, fdt_size);
 	ret = fdt_move(fdt, *freemem, fdt_size);
+
 	assert(ret == 0);
 	ret = dt_init(*freemem);
 	assert(ret == 0);
@@ -222,6 +230,7 @@ static void freemem_push_dt_initrd(void **freemem)
 	assert(ret == 0 || ret == -FDT_ERR_NOTFOUND);
 	if (ret == 0) {
 		initrd = *freemem;
+		arm_set_memory_protected_safe((unsigned long)initrd, initrd_size);
 		memmove(initrd, tmp, initrd_size);
 		*freemem += initrd_size;
 	}
-- 
2.34.1

WARNING: multiple messages have this Message-ID (diff)

From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: kvmarm@lists.linux.dev
Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev,
	linux-arm-kernel@lists.infradead.org, maz@kernel.org,
	alexandru.elisei@arm.com, joey.gouly@arm.com,
	steven.price@arm.com, james.morse@arm.com,
	oliver.upton@linux.dev, yuzenghui@huawei.com,
	andrew.jones@linux.dev, eric.auger@redhat.com,
	Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM
Date: Fri, 12 Apr 2024 11:33:46 +0100	[thread overview]
Message-ID: <20240412103408.2706058-12-suzuki.poulose@arm.com> (raw)
In-Reply-To: <20240412103408.2706058-1-suzuki.poulose@arm.com>

A Realm must ensure that the "RAM" region is set to RIPAS_RAM, before any
access is made. This patch makes sure that all memory blocks are marked as
RIPAS_RAM. Also, before we relocate the "FDT" and "initrd", make sure the
target location is marked too. This happens before we parse the memory blocks.

It is OK to do this operation on a given IPA multiple times. So, we don't
exclude the inital image areas from the "target" list.

Also, this operation doesn't require the host to commit physical memory to back
the IPAs yet. It can be done on demand via fault handling.

Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
 lib/arm/setup.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/arm/setup.c b/lib/arm/setup.c
index ebd6d058..d726c32a 100644
--- a/lib/arm/setup.c
+++ b/lib/arm/setup.c
@@ -184,6 +184,7 @@ static void mem_init(phys_addr_t freemem_start)
 	while (r && r->end != mem.end)
 		r = memregions_find(r->end);
 	assert(r);
+	arm_set_memory_protected_safe(r->start, r->end - r->start);
 
 	/* Ensure our selected freemem range is somewhere in our full range */
 	assert(freemem_start >= mem.start && freemem->end <= mem.end);
@@ -206,7 +207,14 @@ static void freemem_push_fdt(void **freemem, const void *fdt)
 	assert((unsigned long)fdt > (unsigned long)&stacktop);
 
 	fdt_size = fdt_totalsize(fdt);
+
+	/*
+	 * Before we touch the memory @freemem, make sure it
+	 * is set to protected for Realms.
+	 */
+	arm_set_memory_protected_safe((unsigned long)*freemem, fdt_size);
 	ret = fdt_move(fdt, *freemem, fdt_size);
+
 	assert(ret == 0);
 	ret = dt_init(*freemem);
 	assert(ret == 0);
@@ -222,6 +230,7 @@ static void freemem_push_dt_initrd(void **freemem)
 	assert(ret == 0 || ret == -FDT_ERR_NOTFOUND);
 	if (ret == 0) {
 		initrd = *freemem;
+		arm_set_memory_protected_safe((unsigned long)initrd, initrd_size);
 		memmove(initrd, tmp, initrd_size);
 		*freemem += initrd_size;
 	}
-- 
2.34.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

next prev parent reply	other threads:[~2024-04-12 10:34 UTC|newest]

Thread overview: 102+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-12 10:33 [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Suzuki K Poulose
2024-04-12 10:33 ` Suzuki K Poulose
2024-04-10 16:17 ` Itaru Kitayama
2024-04-10 16:17   ` Itaru Kitayama
2024-04-15  8:59   ` Suzuki K Poulose
2024-04-15  8:59     ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 01/33] arm: Add necessary header files in asm/pgtable.h Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 02/33] arm: Detect FDT overlap with uninitialised data Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 03/33] arm64: Expand SMCCC arguments and return values Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 04/33] arm: Make physical address mask dynamic Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 05/33] arm64: Introduce NS_SHARED PTE attribute Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 06/33] arm: Move io_init after vm initialization Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 07/33] arm: realm: Add RSI interface header Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 08/33] arm: realm: Make uart available before MMU is enabled Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-22 11:58   ` Alexandru Elisei
2024-04-22 11:58     ` Alexandru Elisei
2024-04-22 12:09     ` Suzuki K Poulose
2024-04-22 12:09       ` Suzuki K Poulose
2024-04-22 12:23       ` Alexandru Elisei
2024-04-22 12:23         ` Alexandru Elisei
2024-04-22 12:36         ` Alexandru Elisei
2024-04-22 12:36           ` Alexandru Elisei
2024-04-22 13:09           ` Suzuki K Poulose
2024-04-22 13:09             ` Suzuki K Poulose
2024-04-22 15:38   ` Alexandru Elisei
2024-04-22 15:38     ` Alexandru Elisei
2024-04-22 16:05     ` Suzuki K Poulose
2024-04-22 16:05       ` Suzuki K Poulose
2024-04-22 16:15       ` Alexandru Elisei
2024-04-22 16:15         ` Alexandru Elisei
2024-04-26 11:15         ` Suzuki K Poulose
2024-04-26 11:15           ` Suzuki K Poulose
2024-04-26 13:51           ` Alexandru Elisei
2024-04-26 13:51             ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 09/33] arm: realm: Realm initialisation Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 10/33] arm: realm: Add support for changing the state of memory Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` Suzuki K Poulose [this message]
2024-04-12 10:33   ` [kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 12/33] arm: realm: Early memory setup Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 13/33] arm: realm: Add RSI version test Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 14/33] arm: selftest: realm: skip pabt test when running in a realm Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-22 15:48   ` Alexandru Elisei
2024-04-22 15:48     ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 15/33] arm: realm: add hvc and RSI_HOST_CALL tests Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 16/33] arm64: add ESR_ELx EC.SVE Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 17/33] arm64: enable SVE at startup Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 18/33] arm: realm: Add test for FPU/SIMD context save/restore Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-05-10 15:28   ` Andrew Jones
2024-05-10 15:28     ` Andrew Jones
2024-05-14 10:27     ` Suzuki K Poulose
2024-05-14 10:27       ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 19/33] arm64: selftest: add realm SVE VL test Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 20/33] arm: realm: Add tests for in realm SEA Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 21/33] lib/alloc_page: Add shared page allocation support Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 22/33] arm: gic-v3-its: Use shared pages wherever needed Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 23/33] arm: realm: Enable memory encryption Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 24/33] qcbor: Add QCBOR as a submodule Suzuki K Poulose
2024-04-12 10:33   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 25/33] arm: Add build steps for QCBOR library Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 26/33] arm: Add a library to verify tokens using the " Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 27/33] arm: realm: add RSI interface for attestation measurements Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 28/33] arm: realm: Add helpers to decode RSI return codes Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 29/33] arm: realm: Add Realm attestation tests Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 30/33] " Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 31/33] arm: realm: Add a test for shared memory Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 32/33] arm: Add memtest support Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 33/33] NOT-FOR-MERGING: add run-realm-tests Suzuki K Poulose
2024-04-12 10:34   ` Suzuki K Poulose
2024-04-16 14:28 ` [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Jean-Philippe Brucker
2024-04-16 14:28   ` Jean-Philippe Brucker
2024-05-10 15:23 ` Andrew Jones
2024-05-10 15:23   ` Andrew Jones

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:ebd6d05 dfblob:ebd6d05 dfblob:d726c32 dfblob:d726c32
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240412103408.2706058-12-suzuki.poulose@arm.com \
    --to=suzuki.poulose@arm.com \
    --cc=alexandru.elisei@arm.com \
    --cc=andrew.jones@linux.dev \
    --cc=eric.auger@redhat.com \
    --cc=james.morse@arm.com \
    --cc=joey.gouly@arm.com \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=maz@kernel.org \
    --cc=oliver.upton@linux.dev \
    --cc=steven.price@arm.com \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.