- Jan 25, 2023
-
-
We have everything in place to create a realm, allow the user to do so. Signed-off-by:
Alexandru Elisei <alexandru.elisei@arm.com> Signed-off-by:
Suzuki K Poulose <suzuki.poulose@arm.com>
-
For Realms, inject a synchronous external abort, instead of ignoring unknown MMIO accesses. Signed-off-by:
Joey Gouly <joey.gouly@arm.com> Signed-off-by:
-
Add a hook that allows an architecture to run some code on an unhandled MMIO access. Signed-off-by:
-
Suzuki Poulose authored
For realms, force the F_ACCESS_PLATFORM flag to ensure DMA-APIs are triggered for virtio in Linux Signed-off-by: -
Suzuki Poulose authored
Add callbacks for archs to provide virtio host flags. Signed-off-by: -
Suzuki Poulose authored
Add a wrapper to the vdev->ops->get_host_features() to allow setting platform specific flags outside the device Signed-off-by: -
Suzuki Poulose authored
The Realm's IPA space is divided into 2 halves. Protected (lower half) and Unprotected (upper half). KVM implements aliasing of the IPA, where the unprotected IPA is alias of the corresponding protected ipa. Thus we must double the IPA space required for a given VM. Signed-off-by: -
Don't read the register values for a running realm, because they don't reflect the actual hardware state of a realm. And don't try to read realm memory, because that will promptly lead to kvmtool being killed. Signed-off-by:
-
This lets the VM use the RMM implementation for PSCI. Signed-off-by:
Christoffer Dall <christoffer.dall@arm.com> Signed-off-by:
-
Before KVM can run a VCPU belong to a realm, the realm be activated. Activating a realm prevents the adding of new object and seals the cryptographic measurement of that realm. The VCPU state is part of the measurement, which means that realm activation must be performed after all VCPUs have been reset. Current RMM implementation can only create RECs in the order of their MPIDRs. VCPUs get assigned MPIDRs by KVM based on their VCPU id. Reset the VCPUs in the order they were created from the main thread instead of doing it from their own thread, which doesn't guarantee any ordering. Signed-off-by:
-
Add a last_init macro for constructor functions that will be executed last in the initialization process. Add a symmetrical macro, last_exit, for destructor functions that will be the last to be executed when kvmtool exits. The list priority for the late_{init, exit} macros has been bumped down a spot, but their relative priority remains unchanged, to keep the same size for the init_lists and exit_lists. Signed-off-by: -
In order to run a VCPU belonging to a realm, that VCPU must be in the finalized state. Finalize the CPU after reset, since kvmtool won't be touching the VCPU state afterwards. Signed-off-by:
-
RME doesn't allow setting the PSTATE but resets it to an architectural value, and KVM also does not allow setting this register from user space, so stop trying to do that. Signed-off-by:
-
Populate the realm memory with the initial contents, which include the device tree blob, the kernel image, and initrd, if specified, or the firmware image. Populating an image in the realm involves two steps: a) Mark the IPA area as RAM - INIT_IPA_REALM b) Load the contents into the IPA - POPULATE_REALM Wherever we know the actual size of an image in memory, we make sure the "memory area" is initialised to RAM. e.g., Linux kernel image size from the header which includes the bss etc. The "file size" on disk for the Linux image is much smaller. We mark the region of size Image.header.size as RAM (a), from the kernel load address. And load the Image file into the memory (b) above. At the moment we only detect the Arm64 Linux Image header format. Since we're already touching the code that copies the initrd in guest memory, let's do a bit of cleaning and remove a useless local variable. Signed-off-by:
-
Add the kernel image size to the VM context, as we are going to use it later. This matches what we already do with the initrd. Signed-off-by:
-
Suzuki Poulose authored
Add option to specify SVE vector length for realms. Signed-off-by: -
Suzuki Poulose authored
Add option to specify Realm personalisation value Signed-off-by: -
Suzuki Poulose authored
Realm must be configured before it is created. Add the step to specify the parameters for the Realm. Signed-off-by: -
Add the command line option to specify the algorithm that will be used to create the cryptographic measurement of the realm. Valid options are "sha256" and "sha512". The final measurement will be a hash using the selected algorithm Signed-off-by:
-
Create the Realm Descriptor using the measurement algorithm set with --measurement-algo. Signed-off-by:
-
RMM doesn't yet support paging protected memory pages. Thus the VMM must pin the entire VM memory. Use mlock2 to keep the realm pages pinned in memory once they are faulted in. Use the MLOCK_ONFAULT flag to prevent pre-mapping the pages and maintain some semblance of on demand-paging for a realm VM. Signed-off-by:
-
Set the machine type to realm when creating a VM via the KVM_CREATE_VM ioctl. Signed-off-by:
-
Add the --realm command line option which causes kvmtool to exit with an error if specified, but which will be enabled once realms are fully supported by kvmtool. Signed-off-by:
-
Suzuki Poulose authored
Update the RME specific ABI bits from the kernel headers. Signed-off-by: -
Suzuki Poulose authored
kvmtool enables SVE whenever it is supported by the KVM. However, Realm VMs may want controlled features, which gets measured during the creation. Thus, provide an option to disable the SVE, to preserve the current behavior of SVE on by default. Signed-off-by: -
Suzuki Poulose authored
Similar to PVtime, check the SVE capability on the VM instance to account for the different VM types and the corresponding support. Signed-off-by: -
Suzuki Poulose authored
KVM_CAP_STEAL_TIME can be checked against a VM instance. To allow controlling the feature depending on the VM type, use the cap against the VM. Signed-off-by: -
Commit e6694207 ("kvm tools: Guest kernel compatability") added the functionality that enables devices to print a warning message if the device hasn't been initialized by the time the VM is destroyed. The purpose of these messages is to let the user know if the kernel hasn't been built with the correct Kconfig options to take advantage of the said devices (all using virtio). Since then, kvmtool has evolved and now supports loading different payloads (like firmware images), and having those warnings even when it is entirely intentional for the payload not to touch the devices can be confusing for the user and makes the output unnecessarily verbose in those cases. Add the --nocompat option to disable the warnings; the warnings are still enabled by default. Reported-by:
-
Suzuki Poulose authored
Handle failures in creating the memory maps and back in transitioning the CFI flash. e.g., with MTE enabled, CFI flash emulation breaks with the map operation, silently. And we later hit unhandled aborts in the guest. To avoid such issues, let us make sure we catch the error and handle it right at source. Signed-off-by: -
Suzuki Poulose authored
Ignore missing architectures for header updates, for use with older kernels. Signed-off-by: -
Suzuki Poulose authored
CFI Flash file image cannot be mapped into the memory of the guest if MTE is enabled. Thus disable MTE if flash emulation is requested. Signed-off-by:
-
- Nov 08, 2022
-
-
Anup Patel authored
By default, the KVM RISC-V keeps all extensions available to VCPU enabled and KVMTOOL does not disable any extension. We add --disable-<xyz> command-line options in KVMTOOL RISC-V to allow users explicitly disable certain extension if they don't desire it. Signed-off-by:
Anup Patel <apatel@ventanamicro.com> Link: https://lore.kernel.org/r/20221018140854.69846-7-apatel@ventanamicro.com Signed-off-by:
Will Deacon <will@kernel.org>
-
Andrew Jones authored
When the Zicbom extension is available expose it to the guest. Also provide the guest the size of the cache block through DT. Signed-off-by:
Andrew Jones <ajones@ventanamicro.com> Link: https://lore.kernel.org/r/20221018140854.69846-6-apatel@ventanamicro.com Signed-off-by:
-
Andrew Jones authored
We'll need one of these helpers in the next patch in another file. Let's proactively move them all now, since others may some day also be useful. Signed-off-by:
-
Mayuresh Chitale authored
The zihintpause extension allows software to use the PAUSE instruction to reduce energy consumption while executing spin-wait code sequences. Add the zihintpause extension to the device tree if it is supported by the host. Signed-off-by:
Mayuresh Chitale <mchitale@ventanamicro.com> Link: https://lore.kernel.org/r/20221018140854.69846-4-apatel@ventanamicro.com Signed-off-by:
-
Anup Patel authored
Svinval extension allows the guest OS to perform range based TLB maintenance efficiently. Add the Svinval extensiont to the device tree if it is supported by the host. Signed-off-by:
-
Anup Patel authored
We update all UAPI headers based on Linux-6.1-rc1 so that we can use latest features. Signed-off-by:
-
hbuxiaofei authored
GCC Version: gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1) hw/i8042.c: In function ‘kbd_io’: hw/i8042.c:153:19: error: ‘value’ may be used uninitialized in this function [-Werror=maybe-uninitialized] state.write_cmd = val; ~~~~~~~~~~~~~~~~^~~~~ hw/i8042.c:298:5: note: ‘value’ was declared here u8 value; ^~~~~ cc1: all warnings being treated as errors make: *** [Makefile:508: hw/i8042.o] Error 1 Signed-off-by:hbuxiaofei <hbuxiaofei@gmail.com> Link: https://lore.kernel.org/r/20221102080501.69274-1-hbuxiaofei@gmail.com Signed-off-by:
-
Jean-Philippe Brucker authored
Although the PCI Status register only contains read-only and write-1-to-clear bits, we currently keep anything written there, which can confuse a guest. The problem was highlighted by recent Linux commit 6cd514e58f12 ("PCI: Clear PCI_STATUS when setting up device"), which unconditionally writes 0xffff to the Status register in order to clear pending errors. Then the EDAC driver sees the parity status bits set and attempts to clear them by writing 0xc100, which in turn clears the Capabilities List bit. Later on, when the virtio-pci driver starts probing, it assumes due to missing capabilities that the device is using the legacy transport, and fails to setup the device because of mismatched protocol. Filter writes to the config space, keeping only those to writable fields. Tighten the access size check while we're at it, to prevent overflow. This is only a small step in the right direction, not a foolproof solution, because a guest could still write both Command and Status registers using a single 32-bit write. More work is needed for: * Supporting arbitrary sized writes. * Sanitizing accesses to capabilities, which are device-specific. Also remove the old hack that filtered accesses. It was most likely guarding against ROM BAR writes, which is now handled by the pci_config_writable bitmap. Reported-by:Pierre Gondois <pierre.gondois@arm.com> Tested-by:
Jean-Philippe Brucker <jean-philippe@linaro.org> Link: https://lore.kernel.org/r/20221020173452.203043-1-jean-philippe@linaro.org Signed-off-by:
-
- Oct 04, 2022
-
-
Tu Dinh Ngoc authored
VIRTIO_RING_F_EVENT_IDX is a bit position value, but virtio_init_device_vq populates vq->use_event_idx by ANDing this value directly to vdev->features. Fix the check for this flag in virtio_init_device_vq. Reviewed-by:
Andre Przywara <andre.przywara@arm.com> Signed-off-by:
Tu Dinh Ngoc <dinhngoc.tu@irit.fr> Link: https://lore.kernel.org/r/20220929121858.156-1-dinhngoc.tu@irit.fr Signed-off-by:
-
