From: Steven Price <steven.price@arm.com>
To: kvm@vger.kernel.org, kvmarm@lists.linux.dev
Cc: Steven Price <steven.price@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>,
James Morse <james.morse@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Christoffer Dall <christoffer.dall@arm.com>,
Fuad Tabba <tabba@google.com>,
linux-coco@lists.linux.dev,
Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>,
Gavin Shan <gshan@redhat.com>,
Shanker Donthineni <sdonthineni@nvidia.com>,
Alper Gun <alpergun@google.com>,
"Aneesh Kumar K . V" <aneesh.kumar@kernel.org>
Subject: [PATCH v6 07/11] arm64: Enforce bounce buffers for realm DMA
Date: Fri, 4 Oct 2024 15:43:02 +0100 [thread overview]
Message-ID: <20241004144307.66199-8-steven.price@arm.com> (raw)
In-Reply-To: <20241004144307.66199-1-steven.price@arm.com>
Within a realm guest it's not possible for a device emulated by the VMM
to access arbitrary guest memory. So force the use of bounce buffers to
ensure that the memory the emulated devices are accessing is in memory
which is explicitly shared with the host.
This adds a call to swiotlb_update_mem_attributes() which calls
set_memory_decrypted() to ensure the bounce buffer memory is shared with
the host. For non-realm guests or hosts this is a no-op.
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Co-developed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Steven Price <steven.price@arm.com>
---
v3: Simplify mem_init() by using a 'flags' variable.
---
arch/arm64/kernel/rsi.c | 1 +
arch/arm64/mm/init.c | 10 +++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/rsi.c b/arch/arm64/kernel/rsi.c
index f1add76f89ce..58408f5add49 100644
--- a/arch/arm64/kernel/rsi.c
+++ b/arch/arm64/kernel/rsi.c
@@ -6,6 +6,7 @@
#include <linux/jump_label.h>
#include <linux/memblock.h>
#include <linux/psci.h>
+#include <linux/swiotlb.h>
#include <asm/io.h>
#include <asm/rsi.h>
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index 27a32ff15412..d21f67d67cf5 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -41,6 +41,7 @@
#include <asm/kvm_host.h>
#include <asm/memory.h>
#include <asm/numa.h>
+#include <asm/rsi.h>
#include <asm/sections.h>
#include <asm/setup.h>
#include <linux/sizes.h>
@@ -366,8 +367,14 @@ void __init bootmem_init(void)
*/
void __init mem_init(void)
{
+ unsigned int flags = SWIOTLB_VERBOSE;
bool swiotlb = max_pfn > PFN_DOWN(arm64_dma_phys_limit);
+ if (is_realm_world()) {
+ swiotlb = true;
+ flags |= SWIOTLB_FORCE;
+ }
+
if (IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) && !swiotlb) {
/*
* If no bouncing needed for ZONE_DMA, reduce the swiotlb
@@ -379,7 +386,8 @@ void __init mem_init(void)
swiotlb = true;
}
- swiotlb_init(swiotlb, SWIOTLB_VERBOSE);
+ swiotlb_init(swiotlb, flags);
+ swiotlb_update_mem_attributes();
/* this will put all unused low memory onto the freelists */
memblock_free_all();
--
2.34.1
next prev parent reply other threads:[~2024-10-04 14:43 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-04 14:42 [PATCH v6 00/11] arm64: Support for running as a guest in Arm CCA Steven Price
2024-10-04 14:42 ` [PATCH v6 01/11] arm64: rsi: Add RSI definitions Steven Price
2024-10-07 23:08 ` Gavin Shan
2024-10-11 14:14 ` Steven Price
2024-10-04 14:42 ` [PATCH v6 02/11] arm64: Detect if in a realm and set RIPAS RAM Steven Price
2024-10-04 15:05 ` Steven Price
2024-10-11 13:12 ` Catalin Marinas
2024-10-07 23:31 ` Gavin Shan
2024-10-11 14:14 ` Steven Price
2024-10-04 14:42 ` [PATCH v6 03/11] arm64: realm: Query IPA size from the RMM Steven Price
2024-10-07 23:33 ` Gavin Shan
2024-10-15 3:55 ` Gavin Shan
2024-10-15 9:08 ` Steven Price
2024-10-04 14:42 ` [PATCH v6 04/11] arm64: rsi: Add support for checking whether an MMIO is protected Steven Price
2024-10-08 0:24 ` Gavin Shan
2024-10-11 14:14 ` Steven Price
2024-10-04 14:43 ` [PATCH v6 05/11] arm64: rsi: Map unprotected MMIO as decrypted Steven Price
2024-10-08 0:31 ` Gavin Shan
2024-10-11 13:19 ` Catalin Marinas
2024-10-12 5:22 ` Gavin Shan
2024-10-11 13:20 ` Catalin Marinas
2024-10-04 14:43 ` [PATCH v6 06/11] efi: arm64: Map Device with Prot Shared Steven Price
2024-10-08 0:31 ` Gavin Shan
2024-10-11 13:23 ` Catalin Marinas
2024-10-04 14:43 ` Steven Price [this message]
2024-10-08 2:51 ` [PATCH v6 07/11] arm64: Enforce bounce buffers for realm DMA Gavin Shan
2024-10-04 14:43 ` [PATCH v6 08/11] arm64: mm: Avoid TLBI when marking pages as valid Steven Price
2024-10-08 2:52 ` Gavin Shan
2024-10-15 9:50 ` Suzuki K Poulose
2024-10-04 14:43 ` [PATCH v6 09/11] arm64: Enable memory encrypt for Realms Steven Price
2024-10-08 2:56 ` Gavin Shan
2024-10-04 14:43 ` [PATCH v6 10/11] virt: arm-cca-guest: TSM_REPORT support for realms Steven Price
2024-10-05 15:42 ` kernel test robot
2024-10-08 4:12 ` Gavin Shan
2024-10-11 14:14 ` Steven Price
2024-10-11 16:22 ` Suzuki K Poulose
2024-10-12 6:06 ` Gavin Shan
2024-10-14 8:56 ` Suzuki K Poulose
2024-10-14 14:41 ` Steven Price
2024-10-14 14:46 ` Suzuki K Poulose
2024-10-15 0:01 ` Gavin Shan
2024-10-04 14:43 ` [PATCH v6 11/11] arm64: Document Arm Confidential Compute Steven Price
2024-10-08 4:17 ` Gavin Shan
2024-10-08 11:05 ` Jean-Philippe Brucker
2024-10-11 14:14 ` Steven Price
2024-10-15 9:55 ` Suzuki K Poulose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241004144307.66199-8-steven.price@arm.com \
--to=steven.price@arm.com \
--cc=alexandru.elisei@arm.com \
--cc=alpergun@google.com \
--cc=aneesh.kumar@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@arm.com \
--cc=gankulkarni@os.amperecomputing.com \
--cc=gshan@redhat.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=sdonthineni@nvidia.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox