Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Kohei Enju <enju.kohei@fujitsu.com>
To: Steven Price <steven.price@arm.com>
Cc: kvm@vger.kernel.org, kvmarm@lists.linux.dev,
	 Catalin Marinas <catalin.marinas@arm.com>,
	Marc Zyngier <maz@kernel.org>, Will Deacon <will@kernel.org>,
	 James Morse <james.morse@arm.com>,
	Oliver Upton <oliver.upton@linux.dev>,
	 Suzuki K Poulose <suzuki.poulose@arm.com>,
	Zenghui Yu <yuzenghui@huawei.com>,
	 linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org, Joey Gouly <joey.gouly@arm.com>,
	 Alexandru Elisei <alexandru.elisei@arm.com>,
	Christoffer Dall <christoffer.dall@arm.com>,
	 Fuad Tabba <tabba@google.com>,
	linux-coco@lists.linux.dev,
	 Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>,
	Gavin Shan <gshan@redhat.com>,
	 Shanker Donthineni <sdonthineni@nvidia.com>,
	Alper Gun <alpergun@google.com>,
	 "Aneesh Kumar K . V" <aneesh.kumar@kernel.org>,
	Emi Kisanuki <fj0570is@fujitsu.com>,
	 Vishal Annapurve <vannapurve@google.com>,
	WeiLin.Chang@arm.com, Lorenzo.Pieralisi2@arm.com
Subject: Re: [PATCH v14 00/44] arm64: Support for Arm CCA in KVM
Date: Wed, 1 Jul 2026 11:15:15 +0900	[thread overview]
Message-ID: <akR0eX0nCumIgnlh@FCCLS0092175.localdomain> (raw)
In-Reply-To: <20260513131757.116630-1-steven.price@arm.com>

On 05/13 14:17, Steven Price wrote:
> This series adds support for running protected VMs using KVM under the
> Arm Confidential Compute Architecture (CCA).
> 
> This is rebased on v7.1-rc1, but still targets RMM v2.0-bet1[1].
> 
> The major updates from v13 remain but have been more fully implemented:
> the RMM uses the host's page size, range based RMI APIs mean we don't
> have to break everything down to base page sizes, the GIC state is
> passed via system registers, and the uAPI has been simplified.
> 
> The main changes since v13 are:
> 
>  * The RMI definitions and wrappers have been fully updated for RMM
>    v2.0-bet1. In particular the temporary RMM v1.0 SMC compatibility
>    patch has been dropped.
> 
>  * The PSCI completion ioctl has been removed. RMM v2.0-bet1 still
>    requires the host to provide the target REC for PSCI calls which
>    name another vCPU, but KVM now performs the RMI PSCI completion
>    automatically before entering the REC again. Userspace no longer
>    needs to issue KVM_ARM_VCPU_RMI_PSCI_COMPLETE. A future spec should
>    remove the need for the host to provide the MPIDR mapping.
> 
>  * The generic RMI init, RMM configuration, GPT setup,
>    delegate/undelegate helpers and SRO infrastructure have moved out of
>    KVM into arch/arm64/kernel/rmi.c. RMI is expected to be used by
>    features outside KVM, so this code should be available even when KVM
>    is not built.
> 
>  * RMI_GRANULE_TRACKING_GET has been updated to work on a range, this
>    allows it to work when the region is not aligned to the tracking
>    size. Solves the problem reported by Mathieu[2].
> 
>  * SRO support has been moved earlier in the series and improved. It
>    provides a cleaner way for the host to provide the RMM with the extra
>    memory it requires. However support is still incomplete where the
>    TF-RMM code does not yet implement it. This is noted by FIXMEs in the
>    code.
> 
>  * The ARM VM type encoding has been reworked to coexist with the
>    upstream pKVM KVM_VM_TYPE_ARM_PROTECTED bit.
> 
>  * The private-memory documentation now notes that arm64 uses
>    KVM_CAP_MEMORY_ATTRIBUTES.
> 
>  * PMU support is dropped for now. It will be added later in a separate
>    series. Similarly for selecting the hash algorithm and RPV.

Hi Steven,

Is there any plan to add support for selecting the MEC policy (shared or
private)? We have been working on adding support for this on top of your
series. If this is not already in the works, we may upstream our
implementation later.

Thanks,
Kohei

> 
> There are also the usual rebase updates and smaller fixes, including
> changes to the RMM v2.0-bet1 range APIs, removal of REC auxiliary
> granule handling, fixes to the address range descriptor encoding, and
> cleanups around realm stage-2 teardown.
> 
> Stateful RMI Operations
> -----------------------
> 
> The RMM v2.0 spec introduces Stateful RMI Operations (SROs), which allow
> the RMM to complete an operation over several SMC calls while requesting
> or returning memory to the host. This allows interrupts to be handled in
> the middle of an operation and lets the RMM dynamically allocate memory
> for internal tracking purposes. For example, RMI_REC_CREATE no longer
> needs auxiliary granules to be provided up front, and can instead
> request memory during the operation.
> 
> This series includes the generic SRO infrastructure in
> arch/arm64/kernel/rmi.c and uses it for REC create/destroy. The other
> cases are not yet used by TF-RMM and a future revision will be needed to
> finish those paths in Linux.
> 
> This series is based on v7.1-rc1. It is also available as a git
> repository:
> 
> https://gitlab.arm.com/linux-arm/linux-cca cca-host/v14
> 
> Work in progress changes for kvmtool are available from the git
> repository below:
> 
> https://gitlab.arm.com/linux-arm/kvmtool-cca cca/v12
> 
> The TF-RMM has not yet merged the RMM v2.0 support, so you will need to
> use a branch with RMM v2.0-bet1 support. At the time of writing the
> following branch is being used:
> 
> https://git.trustedfirmware.org/TF-RMM/tf-rmm.git topics/rmm-v2.0-poc_2
> (tested on commit 3340667a291a)
> 
> There is a kvm-unit-test branch which has been updated to support the
> attestation used in RMMv2.0 available here:
> 
> https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca cca/v4
> 
> [1] https://developer.arm.com/documentation/den0137/2-0bet1/
> [2] https://lore.kernel.org/all/acrj-cKphy4hJsEG@p14s/


  parent reply	other threads:[~2026-07-01  2:15 UTC|newest]

Thread overview: 160+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-13 13:17 [PATCH v14 00/44] arm64: Support for Arm CCA in KVM Steven Price
2026-05-13 13:17 ` [PATCH v14 01/44] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price
2026-05-21 10:19   ` Marc Zyngier
2026-05-21 15:11     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 02/44] kvm: arm64: Avoid including linux/kvm_host.h in kvm_pgtable.h Steven Price
2026-05-21 10:26   ` Marc Zyngier
2026-05-21 15:11     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 03/44] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price
2026-05-21 12:25   ` Marc Zyngier
2026-05-21 15:15     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 04/44] arm64: RMI: Add SMC definitions for calling the RMM Steven Price
2026-05-18  7:08   ` Gavin Shan
2026-05-20 16:01     ` Steven Price
2026-05-21 12:40   ` Marc Zyngier
2026-05-21 14:50     ` Suzuki K Poulose
2026-05-21 15:33     ` Steven Price
2026-05-22  9:58       ` Marc Zyngier
2026-06-03 10:15         ` Steven Price
2026-05-13 13:17 ` [PATCH v14 05/44] arm64: RMI: Add wrappers for RMI calls Steven Price
2026-05-19  5:35   ` Aneesh Kumar K.V
2026-05-21 15:44     ` Steven Price
2026-05-21  0:21   ` Gavin Shan
2026-05-21 15:44     ` Steven Price
2026-05-21 12:49   ` Marc Zyngier
2026-05-21 15:44     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 06/44] arm64: RMI: Check for RMI support at init Steven Price
2026-05-21  0:39   ` Gavin Shan
2026-05-21 15:49     ` Steven Price
2026-05-25  6:58       ` Gavin Shan
2026-06-03 10:57         ` Steven Price
2026-05-21 13:02   ` Marc Zyngier
2026-06-03 10:57     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 07/44] arm64: RMI: Configure the RMM with the host's page size Steven Price
2026-05-21  0:51   ` Gavin Shan
2026-05-21 22:36     ` Suzuki K Poulose
2026-05-21 13:30   ` Marc Zyngier
2026-05-21 14:53     ` Suzuki K Poulose
2026-06-03 15:48     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 08/44] arm64: RMI: Ensure that the RMM has GPT entries for memory Steven Price
2026-05-19  5:55   ` Aneesh Kumar K.V
2026-06-03 15:48     ` Steven Price
2026-05-21  0:58   ` Gavin Shan
2026-06-03 15:48     ` Steven Price
2026-05-21 13:47   ` Marc Zyngier
2026-05-21 14:24     ` Marc Zyngier
2026-05-21 15:39     ` Suzuki K Poulose
2026-06-03 15:48       ` Steven Price
2026-05-13 13:17 ` [PATCH v14 09/44] arm64: RMI: Provide functions to delegate/undelegate ranges of memory Steven Price
2026-05-21 13:59   ` Marc Zyngier
2026-05-21 16:01     ` Suzuki K Poulose
2026-05-22 10:02       ` Marc Zyngier
2026-06-04 14:43     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 10/44] arm64: RMI: Add support for SRO Steven Price
2026-05-14  8:01   ` Aneesh Kumar K.V
2026-05-14  9:33     ` Steven Price
2026-05-19  6:02   ` Aneesh Kumar K.V
2026-06-04 15:19     ` Steven Price
2026-05-21  4:38   ` Gavin Shan
2026-06-04 15:19     ` Steven Price
2026-06-12 23:07       ` Dan Williams (nvidia)
2026-06-15 11:45         ` Steven Price
2026-05-21 14:35   ` Marc Zyngier
2026-06-04 15:19     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 11/44] arm64: RMI: Check for RMI support at KVM init Steven Price
2026-05-13 13:17 ` [PATCH v14 12/44] arm64: RMI: Check for LPA2 support Steven Price
2026-05-13 13:17 ` [PATCH v14 13/44] arm64: RMI: Define the user ABI Steven Price
2026-05-26 22:17   ` Wei-Lin Chang
2026-06-04 15:27     ` Steven Price
2026-05-27 15:21   ` Marc Zyngier
2026-06-02 11:15     ` Suzuki K Poulose
2026-06-04 15:27     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 14/44] arm64: RMI: Basic infrastructure for creating a realm Steven Price
2026-05-19  6:31   ` Aneesh Kumar K.V
2026-05-28  7:10   ` Marc Zyngier
2026-06-02 14:49     ` Suzuki K Poulose
2026-06-04 15:55       ` Steven Price
2026-05-13 13:17 ` [PATCH v14 15/44] kvm: arm64: Don't expose unsupported capabilities for realm guests Steven Price
2026-05-13 13:17 ` [PATCH v14 16/44] KVM: arm64: Allow passing machine type in KVM creation Steven Price
2026-05-13 13:17 ` [PATCH v14 17/44] arm64: RMI: RTT tear down Steven Price
2026-05-19  6:54   ` Aneesh Kumar K.V
2026-05-26 22:27   ` Wei-Lin Chang
2026-06-05 15:01     ` Steven Price
2026-05-26 22:32   ` Wei-Lin Chang
2026-06-05 15:01     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 18/44] arm64: RMI: Activate realm on first VCPU run Steven Price
2026-05-13 13:17 ` [PATCH v14 19/44] arm64: RMI: Allocate/free RECs to match vCPUs Steven Price
2026-05-26 22:39   ` Wei-Lin Chang
2026-06-05 15:02     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 20/44] arm64: RMI: Support for the VGIC in realms Steven Price
2026-05-28  4:07   ` Gavin Shan
2026-06-05 15:02     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 21/44] KVM: arm64: Support timers in realm RECs Steven Price
2026-05-28  4:11   ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 22/44] arm64: RMI: Handle realm enter/exit Steven Price
2026-05-28  4:38   ` Gavin Shan
2026-06-05 15:02     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 23/44] arm64: RMI: Handle RMI_EXIT_RIPAS_CHANGE Steven Price
2026-05-19  9:40   ` Aneesh Kumar K.V
2026-06-05 15:02     ` Steven Price
2026-05-27 10:52   ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 24/44] KVM: arm64: Handle realm MMIO emulation Steven Price
2026-05-28  5:03   ` Gavin Shan
2026-06-08  8:49     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 25/44] KVM: arm64: Expose support for private memory Steven Price
2026-05-13 13:17 ` [PATCH v14 26/44] arm64: RMI: Allow populating initial contents Steven Price
2026-05-28  5:30   ` Gavin Shan
2026-06-08  9:36     ` Steven Price
2026-06-08  9:41       ` Suzuki K Poulose
2026-06-08 13:53         ` Steven Price
2026-06-25 16:19           ` Suzuki K Poulose
2026-05-13 13:17 ` [PATCH v14 27/44] arm64: RMI: Set RIPAS of initial memslots Steven Price
2026-05-19 10:02   ` Aneesh Kumar K.V
2026-05-19 10:13     ` Suzuki K Poulose
2026-05-19 12:55       ` Aneesh Kumar K.V
2026-05-19 13:06         ` Suzuki K Poulose
2026-05-13 13:17 ` [PATCH v14 28/44] arm64: RMI: Create the realm descriptor Steven Price
2026-05-26 22:47   ` Wei-Lin Chang
2026-06-08  9:49     ` Steven Price
2026-05-28  5:51   ` Gavin Shan
2026-06-08  9:56     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 29/44] arm64: RMI: Runtime faulting of memory Steven Price
2026-06-05  6:23   ` Gavin Shan
2026-06-05  7:28     ` Lorenzo Pieralisi
2026-06-05  8:11       ` Gavin Shan
2026-06-05 14:35         ` Lorenzo Pieralisi
2026-06-25 13:53           ` Gavin Shan
2026-06-25 15:58             ` Suzuki K Poulose
2026-06-26  7:43               ` Gavin Shan
2026-06-26  8:47                 ` Suzuki K Poulose
2026-06-26  9:04                   ` Suzuki K Poulose
2026-06-26 11:43                   ` Gavin Shan
2026-06-26 16:44                     ` Lorenzo Pieralisi
2026-06-28 10:33                       ` Gavin Shan
2026-07-01 13:58                         ` Lorenzo Pieralisi
2026-06-08  9:30     ` Suzuki K Poulose
2026-06-08 10:56       ` Steven Price
2026-06-08 12:58         ` Suzuki K Poulose
2026-06-05 11:20   ` Gavin Shan
2026-06-08 10:56     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 30/44] KVM: arm64: Handle realm VCPU load Steven Price
2026-05-13 13:17 ` [PATCH v14 31/44] KVM: arm64: Validate register access for a Realm VM Steven Price
2026-05-13 13:17 ` [PATCH v14 32/44] KVM: arm64: Handle Realm PSCI requests Steven Price
2026-05-28  6:55   ` Gavin Shan
2026-06-08 11:15     ` Steven Price
2026-05-13 13:17 ` [PATCH v14 33/44] KVM: arm64: WARN on injected undef exceptions Steven Price
2026-05-13 13:17 ` [PATCH v14 34/44] arm64: RMI: allow userspace to inject aborts Steven Price
2026-05-13 13:17 ` [PATCH v14 35/44] arm64: RMI: support RSI_HOST_CALL Steven Price
2026-05-13 13:17 ` [PATCH v14 36/44] arm64: RMI: Allow checking SVE on VM instance Steven Price
2026-05-13 13:17 ` [PATCH v14 37/44] arm64: RMI: Prevent Device mappings for Realms Steven Price
2026-05-19 10:25   ` Aneesh Kumar K.V
2026-05-13 13:17 ` [PATCH v14 38/44] arm64: RMI: Propagate number of breakpoints and watchpoints to userspace Steven Price
2026-05-13 13:17 ` [PATCH v14 39/44] arm64: RMI: Set breakpoint parameters through SET_ONE_REG Steven Price
2026-05-13 13:17 ` [PATCH v14 40/44] arm64: RMI: Propagate max SVE vector length from RMM Steven Price
2026-05-13 13:17 ` [PATCH v14 41/44] arm64: RMI: Configure max SVE vector length for a Realm Steven Price
2026-05-13 13:17 ` [PATCH v14 42/44] arm64: RMI: Provide register list for unfinalized RMI RECs Steven Price
2026-05-13 13:17 ` [PATCH v14 43/44] arm64: RMI: Provide accurate register list Steven Price
2026-05-13 13:17 ` [PATCH v14 44/44] arm64: RMI: Enable realms to be created Steven Price
2026-07-01  2:15 ` Kohei Enju [this message]
2026-07-01 10:53   ` [PATCH v14 00/44] arm64: Support for Arm CCA in KVM Steven Price
2026-07-02 13:49     ` Kohei Enju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=akR0eX0nCumIgnlh@FCCLS0092175.localdomain \
    --to=enju.kohei@fujitsu.com \
    --cc=Lorenzo.Pieralisi2@arm.com \
    --cc=WeiLin.Chang@arm.com \
    --cc=alexandru.elisei@arm.com \
    --cc=alpergun@google.com \
    --cc=aneesh.kumar@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=christoffer.dall@arm.com \
    --cc=fj0570is@fujitsu.com \
    --cc=gankulkarni@os.amperecomputing.com \
    --cc=gshan@redhat.com \
    --cc=james.morse@arm.com \
    --cc=joey.gouly@arm.com \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=oliver.upton@linux.dev \
    --cc=sdonthineni@nvidia.com \
    --cc=steven.price@arm.com \
    --cc=suzuki.poulose@arm.com \
    --cc=tabba@google.com \
    --cc=vannapurve@google.com \
    --cc=will@kernel.org \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox