[PATCH 0/6] Support for running as a pKVM protected guest

[Will Deacon <will@kernel.org>]

Hi folks,

Since the patches for running as a CCA guest were posted already at [1],
I figured it was worth posting the equivalent pKVM changes needed to run
as a protected guest under an Android host kernel. In particular, I've
tried to structure the code so that the CCA patches can use the same
hooks. I'd welcome feedback from the CCA developers (i.e. Steven and
Suzuki) as to whether this is sufficient.

There are also some pKVM-specific details which are worth discussion:

  * I've kept the code compatible with Android, so these patches allow
    an upstream kernel to run as a protected guest on a production
    (unlocked) Android device. This seemed like a good property for v1,
    but I'm happy to break compatibility if folks prefer a cleaner
    interface (e.g. using consecutive hypercall numbers).

  * I've included only the hypercalls that are necessary for a
    functioning guest. Android has some others, but I'd prefer to land
    the host support upstream before we expose optional interfaces as
    ABI.

  * For now, the stage-2 page size cannot be larger than the guest
    stage-1 page size otherwise the guest will fail to boot.

  * I don't forcefully configure SWIOTLB, as we rely on Restricted DMA
    pools (CONFIG_DMA_RESTRICTED_POOL) for devices that need it.

I also pushed a branch at [2] based on -rc1.

Cheers,

Will

[1] https://lore.kernel.org/r/20240701095505.165383-1-steven.price@arm.com
[2] git://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git kvm/protected-guest

Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: Suzuki Poulose <suzuki.poulose@arm.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: Marc Zyngier <maz@kernel.org>
Cc: linux-coco@lists.linux.dev

--->8

Marc Zyngier (1):
  firmware/smccc: Call arch-specific hook on discovering KVM services

Will Deacon (5):
  drivers/virt: pkvm: Add initial support for running as a protected
    guest
  arm64: mm: Add top-level dispatcher for internal mem_encrypt API
  drivers/virt: pkvm: Hook up mem_encrypt API using pKVM hypercalls
  arm64: mm: Add confidential computing hook to ioremap_prot()
  drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall

 Documentation/virt/kvm/arm/hypercalls.rst     |  98 ++++++++++++++
 arch/arm/include/asm/hypervisor.h             |   2 +
 arch/arm64/Kconfig                            |   1 +
 arch/arm64/include/asm/hypervisor.h           |  11 ++
 arch/arm64/include/asm/io.h                   |   4 +
 arch/arm64/include/asm/mem_encrypt.h          |  15 +++
 arch/arm64/include/asm/set_memory.h           |   1 +
 arch/arm64/mm/Makefile                        |   2 +-
 arch/arm64/mm/ioremap.c                       |  23 +++-
 arch/arm64/mm/mem_encrypt.c                   |  50 +++++++
 drivers/firmware/smccc/kvm_guest.c            |   2 +
 drivers/virt/coco/Kconfig                     |   2 +
 drivers/virt/coco/Makefile                    |   1 +
 drivers/virt/coco/pkvm-guest/Kconfig          |  10 ++
 drivers/virt/coco/pkvm-guest/Makefile         |   2 +
 drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c | 127 ++++++++++++++++++
 include/linux/arm-smccc.h                     |  28 ++++
 17 files changed, 377 insertions(+), 2 deletions(-)
 create mode 100644 arch/arm64/include/asm/mem_encrypt.h
 create mode 100644 arch/arm64/mm/mem_encrypt.c
 create mode 100644 drivers/virt/coco/pkvm-guest/Kconfig
 create mode 100644 drivers/virt/coco/pkvm-guest/Makefile
 create mode 100644 drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c

-- 
2.46.0.rc1.232.g9752f9e123-goog