From: Suzuki K Poulose <suzuki.poulose@arm•com>
To: "Aneesh Kumar K.V" <aneesh.kumar@kernel•org>,
Steven Price <steven.price@arm•com>,
kvm@vger•kernel.org, kvmarm@lists•linux.dev
Cc: Catalin Marinas <catalin.marinas@arm•com>,
Marc Zyngier <maz@kernel•org>, Will Deacon <will@kernel•org>,
James Morse <james.morse@arm•com>,
Oliver Upton <oliver.upton@linux•dev>,
Zenghui Yu <yuzenghui@huawei•com>,
linux-arm-kernel@lists•infradead.org,
linux-kernel@vger•kernel.org, Joey Gouly <joey.gouly@arm•com>,
Alexandru Elisei <alexandru.elisei@arm•com>,
Christoffer Dall <christoffer.dall@arm•com>,
Fuad Tabba <tabba@google•com>,
linux-coco@lists•linux.dev,
Ganapatrao Kulkarni <gankulkarni@os•amperecomputing.com>,
Gavin Shan <gshan@redhat•com>,
Shanker Donthineni <sdonthineni@nvidia•com>,
Alper Gun <alpergun@google•com>,
Emi Kisanuki <fj0570is@fujitsu•com>,
Vishal Annapurve <vannapurve@google•com>,
WeiLin.Chang@arm•com, Lorenzo.Pieralisi2@arm•com
Subject: Re: [PATCH v14 27/44] arm64: RMI: Set RIPAS of initial memslots
Date: Tue, 19 May 2026 14:06:11 +0100 [thread overview]
Message-ID: <63bcd82b-4efa-417c-9c36-782c6e13ebb1@arm.com> (raw)
In-Reply-To: <yq5ajyszsgmf.fsf@kernel.org>
On 19/05/2026 13:55, Aneesh Kumar K.V wrote:
> Suzuki K Poulose <suzuki.poulose@arm•com> writes:
>
>> On 19/05/2026 11:02, Aneesh Kumar K.V wrote:
>>> Steven Price <steven.price@arm•com> writes:
>>>
>>>> The memory which the realm guest accesses must be set to RIPAS_RAM.
>>>> Iterate over the memslots and set all gmem memslots to RIPAS_RAM.
>>>>
>>>> Signed-off-by: Steven Price <steven.price@arm•com>
>>>> ---
>>>
>>> ...
>>>
>>>> +static int set_ripas_of_protected_regions(struct kvm *kvm)
>>>> +{
>>>> + struct kvm_memslots *slots;
>>>> + struct kvm_memory_slot *memslot;
>>>> + int idx, bkt;
>>>> + int ret = 0;
>>>> +
>>>> + idx = srcu_read_lock(&kvm->srcu);
>>>> +
>>>> + slots = kvm_memslots(kvm);
>>>> + kvm_for_each_memslot(memslot, bkt, slots) {
>>>> + if (!kvm_slot_has_gmem(memslot))
>>>> + continue;
>>>> +
>>>> + ret = realm_init_ipa_state(kvm, memslot->base_gfn,
>>>> + memslot->npages);
>>>> + if (ret)
>>>> + break;
>>>> + }
>>>> + srcu_read_unlock(&kvm->srcu, idx);
>>>> +
>>>> + return ret;
>>>> +}
>>>> +
>>>> int kvm_arm_rmi_populate(struct kvm *kvm,
>>>> struct kvm_arm_rmi_populate *args)
>>>> {
>>>> @@ -890,6 +922,10 @@ int kvm_activate_realm(struct kvm *kvm)
>>>> return ret;
>>>> }
>>>>
>>>> + ret = set_ripas_of_protected_regions(kvm);
>>>> + if (ret)
>>>> + return ret;
>>>> +
>>>> ret = rmi_realm_activate(virt_to_phys(realm->rd));
>>>> if (ret)
>>>> return -ENXIO;
>>>
>>> relam guest already does.
>>> for_each_mem_range(i, &start, &end) {
>>> if (rsi_set_memory_range_protected_safe(start, end)) {
>>> panic("Failed to set memory range to protected: %pa-%pa",
>>> &start, &end);
>>> }
>>> }
>>>
>>> if so why is host required to do this ?
>>
>> Ideally this should be a call from the VMM (i.e., user). Irrespective of
>> what the guest does (which the host has no knowledge about), the VMM/
>> user is better aware of what to do for a given guest. We have done this
>> implicitly in the KVM as a start, to keep the initial implementation
>> simple. This could be moved out to the VMM as UABI, if there is
>> sufficient demand for it.
>>
>> TL,DR: This should be a host/deployer decision, not the Guest. There
>> may other guest OS, which do not do RIPAS_RAM early enough.
>>
>
> Are we suggesting that when the guest is running out of DRAM initialized
> via rmi_rtt_data_map_init(), it may need to access memory outside that
> range before it gets a chance to set the RIPAS as RAM?
It may. This was one of the review comments we got when we published
the Linux Guest patches. In fact, this is in the Linux booting
requirements. See :
Documentation/arch/arm64/booting.rst: Section 1
>
> Does that mean the guest now has to trust the host for that?
No, this has been the case. We added the code in Linux to convert memory
as a back stop. The worse could happens is Guest crashing, without it
having any secrets receving from the Remote entity.
> rmi_rtt_init_ripas() is not added to the measurement details, right?
It is not (at least for now). It doesn't matter for security much.
Suzuki
>
> -aneesh
next prev parent reply other threads:[~2026-05-19 13:06 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 13:17 [PATCH v14 00/44] arm64: Support for Arm CCA in KVM Steven Price
2026-05-13 13:17 ` [PATCH v14 01/44] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h Steven Price
2026-05-21 10:19 ` Marc Zyngier
2026-05-21 15:11 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 02/44] kvm: arm64: Avoid including linux/kvm_host.h in kvm_pgtable.h Steven Price
2026-05-21 10:26 ` Marc Zyngier
2026-05-21 15:11 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 03/44] arm64: RME: Handle Granule Protection Faults (GPFs) Steven Price
2026-05-21 12:25 ` Marc Zyngier
2026-05-21 15:15 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 04/44] arm64: RMI: Add SMC definitions for calling the RMM Steven Price
2026-05-18 7:08 ` Gavin Shan
2026-05-20 16:01 ` Steven Price
2026-05-21 12:40 ` Marc Zyngier
2026-05-21 14:50 ` Suzuki K Poulose
2026-05-21 15:33 ` Steven Price
2026-05-22 9:58 ` Marc Zyngier
2026-06-03 10:15 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 05/44] arm64: RMI: Add wrappers for RMI calls Steven Price
2026-05-19 5:35 ` Aneesh Kumar K.V
2026-05-21 15:44 ` Steven Price
2026-05-21 0:21 ` Gavin Shan
2026-05-21 15:44 ` Steven Price
2026-05-21 12:49 ` Marc Zyngier
2026-05-21 15:44 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 06/44] arm64: RMI: Check for RMI support at init Steven Price
2026-05-21 0:39 ` Gavin Shan
2026-05-21 15:49 ` Steven Price
2026-05-25 6:58 ` Gavin Shan
2026-06-03 10:57 ` Steven Price
2026-05-21 13:02 ` Marc Zyngier
2026-06-03 10:57 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 07/44] arm64: RMI: Configure the RMM with the host's page size Steven Price
2026-05-21 0:51 ` Gavin Shan
2026-05-21 22:36 ` Suzuki K Poulose
2026-05-21 13:30 ` Marc Zyngier
2026-05-21 14:53 ` Suzuki K Poulose
2026-06-03 15:48 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 08/44] arm64: RMI: Ensure that the RMM has GPT entries for memory Steven Price
2026-05-19 5:55 ` Aneesh Kumar K.V
2026-06-03 15:48 ` Steven Price
2026-05-21 0:58 ` Gavin Shan
2026-06-03 15:48 ` Steven Price
2026-05-21 13:47 ` Marc Zyngier
2026-05-21 14:24 ` Marc Zyngier
2026-05-21 15:39 ` Suzuki K Poulose
2026-06-03 15:48 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 09/44] arm64: RMI: Provide functions to delegate/undelegate ranges of memory Steven Price
2026-05-21 13:59 ` Marc Zyngier
2026-05-21 16:01 ` Suzuki K Poulose
2026-05-22 10:02 ` Marc Zyngier
2026-06-04 14:43 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 10/44] arm64: RMI: Add support for SRO Steven Price
2026-05-14 8:01 ` Aneesh Kumar K.V
2026-05-14 9:33 ` Steven Price
2026-05-19 6:02 ` Aneesh Kumar K.V
2026-06-04 15:19 ` Steven Price
2026-05-21 4:38 ` Gavin Shan
2026-06-04 15:19 ` Steven Price
2026-05-21 14:35 ` Marc Zyngier
2026-06-04 15:19 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 11/44] arm64: RMI: Check for RMI support at KVM init Steven Price
2026-05-13 13:17 ` [PATCH v14 12/44] arm64: RMI: Check for LPA2 support Steven Price
2026-05-13 13:17 ` [PATCH v14 13/44] arm64: RMI: Define the user ABI Steven Price
2026-05-26 22:17 ` Wei-Lin Chang
2026-06-04 15:27 ` Steven Price
2026-05-27 15:21 ` Marc Zyngier
2026-06-02 11:15 ` Suzuki K Poulose
2026-06-04 15:27 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 14/44] arm64: RMI: Basic infrastructure for creating a realm Steven Price
2026-05-19 6:31 ` Aneesh Kumar K.V
2026-05-28 7:10 ` Marc Zyngier
2026-06-02 14:49 ` Suzuki K Poulose
2026-06-04 15:55 ` Steven Price
2026-05-13 13:17 ` [PATCH v14 15/44] kvm: arm64: Don't expose unsupported capabilities for realm guests Steven Price
2026-05-13 13:17 ` [PATCH v14 16/44] KVM: arm64: Allow passing machine type in KVM creation Steven Price
2026-05-13 13:17 ` [PATCH v14 17/44] arm64: RMI: RTT tear down Steven Price
2026-05-19 6:54 ` Aneesh Kumar K.V
2026-05-26 22:27 ` Wei-Lin Chang
2026-05-26 22:32 ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 18/44] arm64: RMI: Activate realm on first VCPU run Steven Price
2026-05-13 13:17 ` [PATCH v14 19/44] arm64: RMI: Allocate/free RECs to match vCPUs Steven Price
2026-05-26 22:39 ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 20/44] arm64: RMI: Support for the VGIC in realms Steven Price
2026-05-28 4:07 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 21/44] KVM: arm64: Support timers in realm RECs Steven Price
2026-05-28 4:11 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 22/44] arm64: RMI: Handle realm enter/exit Steven Price
2026-05-28 4:38 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 23/44] arm64: RMI: Handle RMI_EXIT_RIPAS_CHANGE Steven Price
2026-05-19 9:40 ` Aneesh Kumar K.V
2026-05-27 10:52 ` Wei-Lin Chang
2026-05-13 13:17 ` [PATCH v14 24/44] KVM: arm64: Handle realm MMIO emulation Steven Price
2026-05-28 5:03 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 25/44] KVM: arm64: Expose support for private memory Steven Price
2026-05-13 13:17 ` [PATCH v14 26/44] arm64: RMI: Allow populating initial contents Steven Price
2026-05-28 5:30 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 27/44] arm64: RMI: Set RIPAS of initial memslots Steven Price
2026-05-19 10:02 ` Aneesh Kumar K.V
2026-05-19 10:13 ` Suzuki K Poulose
2026-05-19 12:55 ` Aneesh Kumar K.V
2026-05-19 13:06 ` Suzuki K Poulose [this message]
2026-05-13 13:17 ` [PATCH v14 28/44] arm64: RMI: Create the realm descriptor Steven Price
2026-05-26 22:47 ` Wei-Lin Chang
2026-05-28 5:51 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 29/44] arm64: RMI: Runtime faulting of memory Steven Price
2026-05-13 13:17 ` [PATCH v14 30/44] KVM: arm64: Handle realm VCPU load Steven Price
2026-05-13 13:17 ` [PATCH v14 31/44] KVM: arm64: Validate register access for a Realm VM Steven Price
2026-05-13 13:17 ` [PATCH v14 32/44] KVM: arm64: Handle Realm PSCI requests Steven Price
2026-05-28 6:55 ` Gavin Shan
2026-05-13 13:17 ` [PATCH v14 33/44] KVM: arm64: WARN on injected undef exceptions Steven Price
2026-05-13 13:17 ` [PATCH v14 34/44] arm64: RMI: allow userspace to inject aborts Steven Price
2026-05-13 13:17 ` [PATCH v14 35/44] arm64: RMI: support RSI_HOST_CALL Steven Price
2026-05-13 13:17 ` [PATCH v14 36/44] arm64: RMI: Allow checking SVE on VM instance Steven Price
2026-05-13 13:17 ` [PATCH v14 37/44] arm64: RMI: Prevent Device mappings for Realms Steven Price
2026-05-19 10:25 ` Aneesh Kumar K.V
2026-05-13 13:17 ` [PATCH v14 38/44] arm64: RMI: Propagate number of breakpoints and watchpoints to userspace Steven Price
2026-05-13 13:17 ` [PATCH v14 39/44] arm64: RMI: Set breakpoint parameters through SET_ONE_REG Steven Price
2026-05-13 13:17 ` [PATCH v14 40/44] arm64: RMI: Propagate max SVE vector length from RMM Steven Price
2026-05-13 13:17 ` [PATCH v14 41/44] arm64: RMI: Configure max SVE vector length for a Realm Steven Price
2026-05-13 13:17 ` [PATCH v14 42/44] arm64: RMI: Provide register list for unfinalized RMI RECs Steven Price
2026-05-13 13:17 ` [PATCH v14 43/44] arm64: RMI: Provide accurate register list Steven Price
2026-05-13 13:17 ` [PATCH v14 44/44] arm64: RMI: Enable realms to be created Steven Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=63bcd82b-4efa-417c-9c36-782c6e13ebb1@arm.com \
--to=suzuki.poulose@arm$(echo .)com \
--cc=Lorenzo.Pieralisi2@arm$(echo .)com \
--cc=WeiLin.Chang@arm$(echo .)com \
--cc=alexandru.elisei@arm$(echo .)com \
--cc=alpergun@google$(echo .)com \
--cc=aneesh.kumar@kernel$(echo .)org \
--cc=catalin.marinas@arm$(echo .)com \
--cc=christoffer.dall@arm$(echo .)com \
--cc=fj0570is@fujitsu$(echo .)com \
--cc=gankulkarni@os$(echo .)amperecomputing.com \
--cc=gshan@redhat$(echo .)com \
--cc=james.morse@arm$(echo .)com \
--cc=joey.gouly@arm$(echo .)com \
--cc=kvm@vger$(echo .)kernel.org \
--cc=kvmarm@lists$(echo .)linux.dev \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=linux-coco@lists$(echo .)linux.dev \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=maz@kernel$(echo .)org \
--cc=oliver.upton@linux$(echo .)dev \
--cc=sdonthineni@nvidia$(echo .)com \
--cc=steven.price@arm$(echo .)com \
--cc=tabba@google$(echo .)com \
--cc=vannapurve@google$(echo .)com \
--cc=will@kernel$(echo .)org \
--cc=yuzenghui@huawei$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox