libkrun icon indicating copy to clipboard operation
libkrun copied to clipboard
verified publisher icon containers

Add support for arm cca

Open MatiasVara opened this issue 1 year ago • 11 comments

This PR aims at adding support to build realm guests. First commit adds support for create_guest_memfd() and set_user_memory_region2(). To do this, the memory_init() is modified by adding a boolean parameter. This is required when building a confidential guest for arm cca and probably also required by other cases. The second commit imports the virtee/cca crate and adds the steps to build a cca guest. The following items should be completed before merge the PR:

  • [x] use populate() only for kernel and initialize() for non-kernel area
  • [x] handle the case in which the guest switch from shared -> private
  • [x] correctly calculation of max_ipa

This has been testing using the v7 series for Linux as a guest and v6 series for KVM on FVP model.

Feedback is welcome.

MatiasVara avatar Jul 29 '24 15:07 MatiasVara

@MatiasVara is this ready for review, or should I wait?

jakecorrenti avatar Jan 09 '25 21:01 jakecorrenti

@jakecorrenti I'm addressing the KVM guest_memfd changes (which @MatiasVara also added in this PR) to my latest SEV-SNP patches. This will probably require a rebase after that. Once that happens, it will likely be ready for a review.

tylerfanelli avatar Jan 09 '25 21:01 tylerfanelli

@jakecorrenti I'm addressing the KVM guest_memfd changes (which @MatiasVara also added in this PR) to my latest SEV-SNP patches. This will probably require a rebase after that. Once that happens, it will likely be ready for a review.

I think the PR is ready to review. The current issue is that it does not work for the latest series for KVM (v6). I am investigating the issue.

MatiasVara avatar Jan 10 '25 09:01 MatiasVara

I just updated the PR with the fix for v6 series. The fix is only to set the KVM_ARM_VCPU_REC feature during the initialization of VCPUs otherwise vcpu_finalize would fail.

MatiasVara avatar Feb 12 '25 10:02 MatiasVara

@jakecorrenti @tylerfanelli @slp Feel free to give a quick look. I am pretty sure there many things to fix.

MatiasVara avatar Feb 12 '25 11:02 MatiasVara

After reviewing the Jake comments I came to the conclusion that this PR should be split otherwise is hard to review:

  1. Add Use create_guest_memfd() and set_user_memory_region2() only when tee is enabled.
  2. Add the handling of KVM_MEMORY_FAULT only for tee, which includes the extra thread for handling shared to private and viceverse.
  3. Tee should be replaced with tee and x86-64 since all tee is for x86-64.
  4. Add CCA support. This shall be added with cca and tee enabled.
  5. Eventually some code will be shared for tee in x86-64 and aarch64 but I can't see it yet.

@jakecorrenti @tylerfanelli @slp WDYT?

MatiasVara avatar Mar 17 '25 13:03 MatiasVara

After reviewing the Jake comments I came to the conclusion that this PR should be split otherwise is hard to review:

0. Add `Use create_guest_memfd() and set_user_memory_region2()` only when `tee` is enabled.

1. Add the handling of `KVM_MEMORY_FAULT` only for `tee`, which includes the extra thread for handling shared to private and viceverse.

2. `Tee` should be replaced with `tee and x86-64` since all `tee` is for `x86-64`.

I don't know if this is idiomatic by any means, and it depends on whether you can have target arch-specific features, but could we have something like tee-x86 and tee? tee-x86 for the x86 specific functionality, and then tee for the shared bits? Would that be cleaner than just writing #[cfg(all(feature = "tee", target_arch = "x86_64"))]? Again, I don't know if that's "proper" Rust or even possible.

3. Add CCA support. This shall be added with `cca and tee` enabled.

4. Eventually some code will be shared for `tee` in `x86-64` and `aarch64` but I can't see it yet.

@jakecorrenti @tylerfanelli @slp WDYT?

Other than my question above, that all sounds good to me.

jakecorrenti avatar Mar 17 '25 21:03 jakecorrenti

After reviewing the Jake comments I came to the conclusion that this PR should be split otherwise is hard to review:

  1. Add Use create_guest_memfd() and set_user_memory_region2() only when tee is enabled.

I don't think set_user_memory_region2 should be tee only, as I believe that on newer kernels, set_user_memory_region is deprecated.

  1. Add the handling of KVM_MEMORY_FAULT only for tee, which includes the extra thread for handling shared to private and viceverse.

I'm addressing that in my SEV-SNP PR currently.

  1. Tee should be replaced with tee and x86-64 since all tee is for x86-64.

Makes sense to me.

  1. Add CCA support. This shall be added with cca and tee enabled.

Do you mean aarch64 and tee?

tylerfanelli avatar Mar 18 '25 00:03 tylerfanelli

After reviewing the Jake comments I came to the conclusion that this PR should be split otherwise is hard to review:

0. Add `Use create_guest_memfd() and set_user_memory_region2()` only when `tee` is enabled.

1. Add the handling of `KVM_MEMORY_FAULT` only for `tee`, which includes the extra thread for handling shared to private and viceverse.

2. `Tee` should be replaced with `tee and x86-64` since all `tee` is for `x86-64`.

I don't know if this is idiomatic by any means, and it depends on whether you can have target arch-specific features, but could we have something like tee-x86 and tee? tee-x86 for the x86 specific functionality, and then tee for the shared bits? Would that be cleaner than just writing #[cfg(all(feature = "tee", target_arch = "x86_64"))]? Again, I don't know if that's "proper" Rust or even possible.

I do not know either. I though that tee and x86 would have code that tdx and snv share, if that exists.

3. Add CCA support. This shall be added with `cca and tee` enabled.

4. Eventually some code will be shared for `tee` in `x86-64` and `aarch64` but I can't see it yet.

@jakecorrenti @tylerfanelli @slp WDYT?

Other than my question above, that all sounds good to me.

MatiasVara avatar Mar 18 '25 10:03 MatiasVara

After reviewing the Jake comments I came to the conclusion that this PR should be split otherwise is hard to review:

  1. Add Use create_guest_memfd() and set_user_memory_region2() only when tee is enabled.

I don't think set_user_memory_region2 should be tee only, as I believe that on newer kernels, set_user_memory_region is deprecated.

That's OK. I could just leave set_user_memory_region2 for the future.

  1. Add the handling of KVM_MEMORY_FAULT only for tee, which includes the extra thread for handling shared to private and viceverse.

I'm addressing that in my SEV-SNP PR currently.

The first two items in my list are for all tee but they were in my PR for almost a year already. In any case, I need to split those chunks from my PR.

  1. Tee should be replaced with tee and x86-64 since all tee is for x86-64.

Makes sense to me.

  1. Add CCA support. This shall be added with cca and tee enabled.

Do you mean aarch64 and tee?

Yes for the moment.

MatiasVara avatar Mar 18 '25 10:03 MatiasVara

After reviewing the Jake comments I came to the conclusion that this PR should be split otherwise is hard to review:

  1. Add Use create_guest_memfd() and set_user_memory_region2() only when tee is enabled.
  2. Add the handling of KVM_MEMORY_FAULT only for tee, which includes the extra thread for handling shared to private and viceverse.
  3. Tee should be replaced with tee and x86-64 since all tee is for x86-64.
  4. Add CCA support. This shall be added with cca and tee enabled.
  5. Eventually some code will be shared for tee in x86-64 and aarch64 but I can't see it yet.

@jakecorrenti @tylerfanelli @slp WDYT?

I just split the PR into a few commits. It is the same code though. The first three commits are independent of cca and should be shared by all tees. Also [Enable tee only in x86-64 shall for all tees since it aims at separating the code for tee and x86 and tee and aach64.

MatiasVara avatar Mar 19 '25 17:03 MatiasVara

I open two PR to update kvm-bindings (see https://github.com/virtee/kvm-bindings/pull/2) and kvm-ioctls (see https://github.com/virtee/kvm-ioctls/pull/4) due to changes upstream (v8).

MatiasVara avatar May 13 '25 15:05 MatiasVara

I've Just rebased the PR and tried it on v8 series.

MatiasVara avatar May 14 '25 09:05 MatiasVara

I just rebased and tested on v8. Also, I am now relying on the rust-vmm/kvm repo.

MatiasVara avatar Jul 24 '25 15:07 MatiasVara

I think the following issues shall be addressed before merging:

  • [x] support for blk
  • [x] Check the EXIT_FAULT
  • [ ] Check FDT hardcoded
  • [x] Try v9 series

MatiasVara avatar Jul 24 '25 15:07 MatiasVara