From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: kvmarm@lists.linux.dev
Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-arm-kernel@lists.infradead.org, maz@kernel.org,
alexandru.elisei@arm.com, joey.gouly@arm.com,
steven.price@arm.com, james.morse@arm.com,
oliver.upton@linux.dev, yuzenghui@huawei.com,
andrew.jones@linux.dev, eric.auger@redhat.com,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>
Subject: [kvm-unit-tests PATCH 12/33] arm: realm: Early memory setup
Date: Fri, 12 Apr 2024 11:33:47 +0100 [thread overview]
Message-ID: <20240412103408.2706058-13-suzuki.poulose@arm.com> (raw)
In-Reply-To: <20240412103408.2706058-1-suzuki.poulose@arm.com>
A Realm must mark areas of memory as RIPAS_RAM before an access is made.
The binary image is loaded by the VMM and thus the area is converted.
However, the file image may not cover tail portion of the "memory" image (e.g,
BSS, stack etc.). Convert the area touched by the early boot code to RAM
before the access is made in early assembly code.
Once, we land in the C code, we take care of converting the entire RAM region
to RIPAS_RAM.
Please note that this operation doesn't require the host to commit memory to
the Realm.
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Co-developed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Co-developed-by: Joey Gouly <joey.gouly@arm.com>
Signed-off-by: Joey Gouly <joey.gouly@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
---
arm/cstart64.S | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
diff --git a/arm/cstart64.S b/arm/cstart64.S
index 734b2286..92631349 100644
--- a/arm/cstart64.S
+++ b/arm/cstart64.S
@@ -14,6 +14,7 @@
#include <asm/pgtable-hwdef.h>
#include <asm/thread_info.h>
#include <asm/sysreg.h>
+#include <asm/smc-rsi.h>
#ifdef CONFIG_EFI
#include "efi/crt0-efi-aarch64.S"
@@ -65,6 +66,11 @@ start:
b 1b
1:
+ /*
+ * For a Realm, before we touch any memory, we must
+ * make sure it is in the RsiRipas == RSI_RAM state.
+ */
+ bl __early_mem_setup
/* zero BSS */
adrp x4, bss
add x4, x4, :lo12:bss
@@ -176,6 +182,94 @@ arm_smccc_hvc:
arm_smccc_smc:
do_smccc_call smc
+__early_mem_setup:
+ /* Preserve x0 - x3 */
+ mov x5, x0
+ mov x6, x1
+ mov x7, x2
+ mov x8, x3
+
+ /*
+ * Check for EL3, otherwise an SMC instruction
+ * will cause an UNDEFINED exception.
+ */
+ mrs x9, ID_AA64PFR0_EL1
+ lsr x9, x9, #12
+ and x9, x9, 0b11
+ cbnz x9, 1f
+ ret
+
+1:
+ /*
+ * Are we a realm? Request the RSI ABI version.
+ * If KVM is catching SMCs, it returns an error in x0 (~0UL)
+ */
+ movz x0, :abs_g2_s:SMC_RSI_ABI_VERSION
+ movk x0, :abs_g1_nc:SMC_RSI_ABI_VERSION
+ movk x0, :abs_g0_nc:SMC_RSI_ABI_VERSION
+ ldr x1, =RSI_ABI_VERSION
+ smc #0
+
+ /*
+ * RMM if present, returns RSI_SUCCESS if the requested
+ * version is compatible. Otherwise returns RSI_ERROR_INPUT,
+ * which is fatal for the Realm.
+ */
+ cmp x0, #RSI_ERROR_INPUT
+ beq halt
+
+ /*
+ * Anything other than RSI_SUCCESS or RSI_ERROR_INPUT
+ * indicates, RMM is not present.
+ */
+ cmp x0, #RSI_SUCCESS
+ bne 3f
+
+ /*
+ * For realms, we must mark area from bss
+ * to the end of stack as memory before it is
+ * accessed, as they are not populated as part
+ * of the initial image. As such we can run
+ * this unconditionally irrespective of whether
+ * we are a normal VM or Realm.
+ */
+ /* x1 = bss */
+ adrp x1, bss
+
+ /* x7 = SMC_RSI_IPA_STATE_SET */
+ movz x7, :abs_g2_s:SMC_RSI_IPA_STATE_SET
+ movk x7, :abs_g1_nc:SMC_RSI_IPA_STATE_SET
+ movk x7, :abs_g0_nc:SMC_RSI_IPA_STATE_SET
+
+ /* x9 = (end of stack) */
+ adrp x9, (stacktop + PAGE_SIZE)
+2:
+ /* x2 = (end of stack) */
+ mov x2, x9
+
+ /* x3 = RIPAS_RAM */
+ mov x3, #1
+ /* x4 = RSI_NO_CHANGE_DESTROYED */
+ mov x4, #RSI_NO_CHANGE_DESTROYED
+
+ /* x0 = SMC_RSI_IPA_STATE_SET */
+ mov x0, x7
+ /* Run the RSI request */
+ smc #0
+
+ /* halt if there is an error */
+ cbnz x0, halt
+
+ /* Check if (next == end of stack) */
+ cmp x1, x9
+ bne 2b
+3:
+ mov x3, x8
+ mov x2, x7
+ mov x1, x6
+ mov x0, x5
+ ret
+
get_mmu_off:
adrp x0, auxinfo
ldr x0, [x0, :lo12:auxinfo + 8]
--
2.34.1
next prev parent reply other threads:[~2024-04-12 10:34 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 10:33 [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Suzuki K Poulose
2024-04-10 16:17 ` Itaru Kitayama
2024-04-15 8:59 ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 01/33] arm: Add necessary header files in asm/pgtable.h Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 02/33] arm: Detect FDT overlap with uninitialised data Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 03/33] arm64: Expand SMCCC arguments and return values Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 04/33] arm: Make physical address mask dynamic Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 05/33] arm64: Introduce NS_SHARED PTE attribute Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 06/33] arm: Move io_init after vm initialization Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 07/33] arm: realm: Add RSI interface header Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 08/33] arm: realm: Make uart available before MMU is enabled Suzuki K Poulose
2024-04-22 11:58 ` Alexandru Elisei
2024-04-22 12:09 ` Suzuki K Poulose
2024-04-22 12:23 ` Alexandru Elisei
2024-04-22 12:36 ` Alexandru Elisei
2024-04-22 13:09 ` Suzuki K Poulose
2024-04-22 15:38 ` Alexandru Elisei
2024-04-22 16:05 ` Suzuki K Poulose
2024-04-22 16:15 ` Alexandru Elisei
2024-04-26 11:15 ` Suzuki K Poulose
2024-04-26 13:51 ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 09/33] arm: realm: Realm initialisation Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 10/33] arm: realm: Add support for changing the state of memory Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM Suzuki K Poulose
2024-04-12 10:33 ` Suzuki K Poulose [this message]
2024-04-12 10:33 ` [kvm-unit-tests PATCH 13/33] arm: realm: Add RSI version test Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 14/33] arm: selftest: realm: skip pabt test when running in a realm Suzuki K Poulose
2024-04-22 15:48 ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 15/33] arm: realm: add hvc and RSI_HOST_CALL tests Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 16/33] arm64: add ESR_ELx EC.SVE Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 17/33] arm64: enable SVE at startup Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 18/33] arm: realm: Add test for FPU/SIMD context save/restore Suzuki K Poulose
2024-05-10 15:28 ` Andrew Jones
2024-05-14 10:27 ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 19/33] arm64: selftest: add realm SVE VL test Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 20/33] arm: realm: Add tests for in realm SEA Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 21/33] lib/alloc_page: Add shared page allocation support Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 22/33] arm: gic-v3-its: Use shared pages wherever needed Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 23/33] arm: realm: Enable memory encryption Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 24/33] qcbor: Add QCBOR as a submodule Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 25/33] arm: Add build steps for QCBOR library Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 26/33] arm: Add a library to verify tokens using the " Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 27/33] arm: realm: add RSI interface for attestation measurements Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 28/33] arm: realm: Add helpers to decode RSI return codes Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 29/33] arm: realm: Add Realm attestation tests Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 30/33] " Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 31/33] arm: realm: Add a test for shared memory Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 32/33] arm: Add memtest support Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 33/33] NOT-FOR-MERGING: add run-realm-tests Suzuki K Poulose
2024-04-16 14:28 ` [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Jean-Philippe Brucker
2024-05-10 15:23 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240412103408.2706058-13-suzuki.poulose@arm.com \
--to=suzuki.poulose@arm.com \
--cc=alexandru.elisei@arm.com \
--cc=andrew.jones@linux.dev \
--cc=eric.auger@redhat.com \
--cc=james.morse@arm.com \
--cc=jean-philippe@linaro.org \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=steven.price@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).