From patchwork Fri Apr 19 15:57:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 790197 Delivered-To: patch@linaro.org Received: by 2002:adf:e6ca:0:b0:346:15ad:a2a with SMTP id y10csp1149111wrm; Fri, 19 Apr 2024 09:02:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWvqcQJGGEhEcH6IgJgjG1u4gRV2CkPvATYy2BQFHLe/7pPuKuPiZXHXOY0T7iTtvDAIjd1/cyl+fw2ltcEu1/P X-Google-Smtp-Source: AGHT+IFN5gk+2h2s7hlMLXxMt9ce439tOESrIy/NajHc9DNDh1FNQKzj0vkwXTGNfdlSqzlGFwdM X-Received: by 2002:a5d:678e:0:b0:346:b8cf:b620 with SMTP id v14-20020a5d678e000000b00346b8cfb620mr2077682wru.53.1713542531884; Fri, 19 Apr 2024 09:02:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1713542531; cv=none; d=google.com; s=arc-20160816; b=J4eEKIwkAP8z0k42jID+OpJB+1G0fzQnW3Qn0/w0hTEccq7QcU3LVPIhbjHNiSz5n3 07hQiavYSzYWqjqzE1Jsh1cF7lXQfq4V3ctmfHnO/BjICSkbwfPXKc2dJdz3bPo7LKok hvA6wqHyOTcbPGUN/RGWrITf5n/zYQAQ4rpF6wVyFprmJ6/GFhnlZsM+XkPyC2lW5u87 V5FL25o3prrE+KnrnasOqE8X/EpbGHClbRpn6Fw9S9Q+85RwsYU/OCSv6igQXAFkSqQI LHsA6qX7C80v50/gosHDONwKD+DJvjCMD5gQdajdsz+gfYlSHQ83XntOcMrmitqSqDsA 1xdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6nYDbfiehTdxZ4oKQVaAYQN5jvjqz012O7hP4xktYbg=; fh=dVNBjAMb/dFX9qPv+4AMd9R2b30FFNm4W4Hm+cM6PaQ=; b=X3SOaFtLM4hzoSkwZGI9KMTkH4Ys0yHy1cMMSN5rwM/YahEmg1tq8mUXqj/J4h3NuD CaXkTIxHba+qkeTFq/k/94fL3OC2GUxq9+Kmw41wI7wxSFk7BEdKWzl/6P0LQ1XvSj3F juWyALgaQYhJNbVg/szS8jCJZlIrVJNNY2L/i34Svu/EULSRlE51w+Nvo/JCGS9ZP4EC gLy1myhHKoPCJ90Ym8rwzypqZsT+oeAxjnWJnBPyiCDe5uhIexKJEJWvbbz9JyC8cw9B I3mCCLNZpR14qaPtr5yzeTTOZdOPYzJNz28H7HzbUqkrkUwv6QWhyM/ghO44bM+uvVFd vc7g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZjRQcMD3; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id c10-20020a5d4f0a000000b0034361874a0esi2075925wru.493.2024.04.19.09.02.11 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 19 Apr 2024 09:02:11 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZjRQcMD3; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxqgY-0002zk-Nf; Fri, 19 Apr 2024 12:01:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxqej-0001Fn-Bd for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:07 -0400 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxqeb-00019N-AH for qemu-devel@nongnu.org; Fri, 19 Apr 2024 12:00:02 -0400 Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-346b09d474dso2032878f8f.2 for ; Fri, 19 Apr 2024 08:59:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713542395; x=1714147195; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6nYDbfiehTdxZ4oKQVaAYQN5jvjqz012O7hP4xktYbg=; b=ZjRQcMD3Xx0BKMjZrbWgFtTm0A5ycbuKX+djZhe4EAASdcr0A6pTcZlaZoAQ0iOPTE rSytwbC1zKg0Ii1k1KcVb75dg0A1TdIAvT0+bt40Xcl+qAGGCRWGRFeeHBc6nwy4v+fi KuexClAQ/zo9gAz2JuEA4RN4dcx9mcvEYDgIh7ixyQDh/wfMe/+MW7XUS55q2yoVaYoA KE1KuUnE8Ux0GjjWJpurdYOjBoc70IHCr6wEWtzNBGq9HCJ02cLZ88TVruAgREm7vsH3 TFkCXBzfL03rMPIAtvRyEOz7s6gCPquZ3ZmKx5KLdiXwT7DxlSLc8Ql67aqafEvO4mhY 3GpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713542395; x=1714147195; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6nYDbfiehTdxZ4oKQVaAYQN5jvjqz012O7hP4xktYbg=; b=enjKn9yl0G4X9i34j/oulqfm/vYvtdmxJgs+hSpRmPy6vXoeBOLG9m+y49t3Qdb03S Afz6DtLdY96a4QDjdr6ofcEsyAY6LBreIrIYKDD2UQHACnUbMQbtPhvK6xnii8vkCgRh hpmGTiRleSnNmwtoUmhO0CCYbY/8GimNr0dzeyDe8NYsANf4eynjt9wK0c1zmdiu8a8H j1s8dEepF4pg8oV4kZ8UBQJ+lgyK46G0nfkLes9weiHJpprS90ID40nePQ3jpHrZxh8W Xu1CJmRjEzj0rOQuGnpOT1P/zA9TuFH4LOUuzgNNW2yvyeVJVKGJUflLekxC42xSlNv+ bG+A== X-Forwarded-Encrypted: i=1; AJvYcCURIuWTYg1/2xLgApiuuazL/WPtmma+LC9KU/ksASTx5thcfStQXcXkqghY2zBRrC1ckdyZoFlU18KNVIM7bpwxcnesqnQ= X-Gm-Message-State: AOJu0YyTLF+HATMqwFfWeAqt7RAcoDtVgJwd+QCBJw8HWDCLB/oOH9yH xhZ8X4bCZHRTCi/XyL4LO3wy241bqeCSH0viorh5pJpHC2aEaSqVvuPJ/qYJIhY= X-Received: by 2002:a5d:6da8:0:b0:343:7032:7283 with SMTP id u8-20020a5d6da8000000b0034370327283mr2695209wrs.8.1713542395421; Fri, 19 Apr 2024 08:59:55 -0700 (PDT) Received: from localhost.localdomain ([2.221.137.100]) by smtp.gmail.com with ESMTPSA id p13-20020adfe60d000000b00349b73143e7sm4793089wrm.75.2024.04.19.08.59.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 08:59:55 -0700 (PDT) From: Jean-Philippe Brucker To: peter.maydell@linaro.org, richard.henderson@linaro.org Cc: philmd@linaro.org, pbonzini@redhat.com, alex.bennee@linaro.org, qemu-devel@nongnu.org, qemu-arm@nongnu.org, Jean-Philippe Brucker Subject: [PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidential guests Date: Fri, 19 Apr 2024 16:57:01 +0100 Message-ID: <20240419155709.318866-15-jean-philippe@linaro.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240419155709.318866-2-jean-philippe@linaro.org> References: <20240419155709.318866-2-jean-philippe@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42d; envelope-from=jean-philippe@linaro.org; helo=mail-wr1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Although the BSS section is not currently part of the kernel blob, it needs to be registered as guest RAM for confidential guest support, because the kernel needs to access it before it is able to setup its RAM regions. It would be tempting to simply add the BSS as part of the ROM blob (ie pass kernel_size as max_len argument to rom_add_blob()) and let the ROM loader notifier deal with the full image size generically, but that would add zero-initialization of the BSS region by the loader, which adds a significant overhead. For a 40MB kernel with a 17MB BSS, I measured an average boot time regression of 2.8ms on a fast desktop, 5.7% of the QEMU setup time). On a slower host, the regression could be much larger. Instead, add a special case to initialize the kernel's BSS IPA range. Signed-off-by: Jean-Philippe Brucker --- v1->v2: new --- target/arm/kvm_arm.h | 5 +++++ hw/arm/boot.c | 11 +++++++++++ target/arm/kvm-rme.c | 10 ++++++++++ 3 files changed, 26 insertions(+) diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index 47777386b0..4b787dd628 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -218,6 +218,7 @@ int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level); int kvm_arm_rme_init(MachineState *ms); int kvm_arm_rme_vm_type(MachineState *ms); +void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size); bool kvm_arm_rme_enabled(void); int kvm_arm_rme_vcpu_init(CPUState *cs); @@ -243,6 +244,10 @@ static inline bool kvm_arm_sve_supported(void) return false; } +static inline void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size) +{ +} + /* * These functions should never actually be called without KVM support. */ diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 84ea6a807a..9f522e332b 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -26,6 +26,7 @@ #include "qemu/config-file.h" #include "qemu/option.h" #include "qemu/units.h" +#include "kvm_arm.h" /* Kernel boot protocol is specified in the kernel docs * Documentation/arm/Booting and Documentation/arm64/booting.txt @@ -850,6 +851,7 @@ static uint64_t load_aarch64_image(const char *filename, hwaddr mem_base, { hwaddr kernel_load_offset = KERNEL64_LOAD_ADDR; uint64_t kernel_size = 0; + uint64_t page_size; uint8_t *buffer; int size; @@ -916,6 +918,15 @@ static uint64_t load_aarch64_image(const char *filename, hwaddr mem_base, *entry = mem_base + kernel_load_offset; rom_add_blob_fixed_as(filename, buffer, size, *entry, as); + /* + * Register the kernel BSS as realm resource, so the kernel can use it right + * away. Align up to skip the last page, which still contains kernel + * data. + */ + page_size = qemu_real_host_page_size(); + kvm_arm_rme_init_guest_ram(QEMU_ALIGN_UP(*entry + size, page_size), + QEMU_ALIGN_DOWN(kernel_size - size, page_size)); + g_free(buffer); return kernel_size; diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c index bee6694d6d..b2ad10ef6d 100644 --- a/target/arm/kvm-rme.c +++ b/target/arm/kvm-rme.c @@ -203,6 +203,16 @@ int kvm_arm_rme_init(MachineState *ms) return 0; } +/* + * kvm_arm_rme_init_guest_ram - Initialize a Realm IPA range + */ +void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size) +{ + if (rme_guest) { + rme_add_ram_region(base, size, /* populate */ false); + } +} + int kvm_arm_rme_vcpu_init(CPUState *cs) { ARMCPU *cpu = ARM_CPU(cs);