[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidentia
|
From: |
Jean-Philippe Brucker |
|
Subject: |
[PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidential guests |
|
Date: |
Fri, 19 Apr 2024 16:57:01 +0100 |
Although the BSS section is not currently part of the kernel blob, it
needs to be registered as guest RAM for confidential guest support,
because the kernel needs to access it before it is able to setup its RAM
regions.
It would be tempting to simply add the BSS as part of the ROM blob (ie
pass kernel_size as max_len argument to rom_add_blob()) and let the ROM
loader notifier deal with the full image size generically, but that
would add zero-initialization of the BSS region by the loader, which
adds a significant overhead. For a 40MB kernel with a 17MB BSS, I
measured an average boot time regression of 2.8ms on a fast desktop,
5.7% of the QEMU setup time). On a slower host, the regression could be
much larger.
Instead, add a special case to initialize the kernel's BSS IPA range.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
v1->v2: new
---
target/arm/kvm_arm.h | 5 +++++
hw/arm/boot.c | 11 +++++++++++
target/arm/kvm-rme.c | 10 ++++++++++
3 files changed, 26 insertions(+)
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 47777386b0..4b787dd628 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -218,6 +218,7 @@ int kvm_arm_set_irq(int cpu, int irqtype, int irq, int
level);
int kvm_arm_rme_init(MachineState *ms);
int kvm_arm_rme_vm_type(MachineState *ms);
+void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size);
bool kvm_arm_rme_enabled(void);
int kvm_arm_rme_vcpu_init(CPUState *cs);
@@ -243,6 +244,10 @@ static inline bool kvm_arm_sve_supported(void)
return false;
}
+static inline void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size)
+{
+}
+
/*
* These functions should never actually be called without KVM support.
*/
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 84ea6a807a..9f522e332b 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -26,6 +26,7 @@
#include "qemu/config-file.h"
#include "qemu/option.h"
#include "qemu/units.h"
+#include "kvm_arm.h"
/* Kernel boot protocol is specified in the kernel docs
* Documentation/arm/Booting and Documentation/arm64/booting.txt
@@ -850,6 +851,7 @@ static uint64_t load_aarch64_image(const char *filename,
hwaddr mem_base,
{
hwaddr kernel_load_offset = KERNEL64_LOAD_ADDR;
uint64_t kernel_size = 0;
+ uint64_t page_size;
uint8_t *buffer;
int size;
@@ -916,6 +918,15 @@ static uint64_t load_aarch64_image(const char *filename,
hwaddr mem_base,
*entry = mem_base + kernel_load_offset;
rom_add_blob_fixed_as(filename, buffer, size, *entry, as);
+ /*
+ * Register the kernel BSS as realm resource, so the kernel can use it
right
+ * away. Align up to skip the last page, which still contains kernel
+ * data.
+ */
+ page_size = qemu_real_host_page_size();
+ kvm_arm_rme_init_guest_ram(QEMU_ALIGN_UP(*entry + size, page_size),
+ QEMU_ALIGN_DOWN(kernel_size - size, page_size));
+
g_free(buffer);
return kernel_size;
diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c
index bee6694d6d..b2ad10ef6d 100644
--- a/target/arm/kvm-rme.c
+++ b/target/arm/kvm-rme.c
@@ -203,6 +203,16 @@ int kvm_arm_rme_init(MachineState *ms)
return 0;
}
+/*
+ * kvm_arm_rme_init_guest_ram - Initialize a Realm IPA range
+ */
+void kvm_arm_rme_init_guest_ram(hwaddr base, size_t size)
+{
+ if (rme_guest) {
+ rme_add_ram_region(base, size, /* populate */ false);
+ }
+}
+
int kvm_arm_rme_vcpu_init(CPUState *cs)
{
ARMCPU *cpu = ARM_CPU(cs);
--
2.44.0
- [PATCH v2 17/22] target/arm/cpu: Set number of PMU counters in KVM, (continued)
- [PATCH v2 17/22] target/arm/cpu: Set number of PMU counters in KVM, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 18/22] target/arm/kvm: Disable Realm reboot, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 05/22] hw/arm/virt: Add support for Arm RME, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 15/22] target/arm/kvm-rme: Add measurement algorithm property, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 16/22] target/arm/cpu: Set number of breakpoints and watchpoints in KVM, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 04/22] target/arm/kvm-rme: Initialize realm, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 10/22] target/arm/kvm: Create scratch VM as Realm if necessary, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 06/22] hw/arm/virt: Disable DTB randomness for confidential VMs, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 11/22] hw/core/loader: Add ROM loader notifier, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 12/22] target/arm/kvm-rme: Populate Realm memory, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 13/22] hw/arm/boot: Register Linux BSS section for confidential guests,
Jean-Philippe Brucker <=
- [PATCH v2 19/22] target/arm/cpu: Inform about reading confidential CPU registers, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 21/22] hw/arm/virt: Move virt_flash_create() to machvirt_init(), Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 22/22] hw/arm/virt: Use RAM instead of flash for confidential guest firmware, Jean-Philippe Brucker, 2024/04/19
- [PATCH v2 20/22] target/arm/kvm-rme: Enable guest memfd, Jean-Philippe Brucker, 2024/04/19