Re: [RFC kvmtool 18/31] arm64: Populate initial realm contents

From: Suzuki K Poulose
Date: Thu Mar 02 2023 - 09:06:46 EST

Next message: Baolu Lu: "Re: [PATCH 1/4] iommu/vt-d: Implement set device pasid op for default domain"
Previous message: Piotr Sawicki: "Re: [RFC kvmtool 18/31] arm64: Populate initial realm contents"
In reply to: Piotr Sawicki: "Re: [RFC kvmtool 18/31] arm64: Populate initial realm contents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Piotr

On 02/03/2023 14:03, Piotr Sawicki wrote:

Hi,

From: Alexandru Elisei <alexandru.elisei@xxxxxxx>

Populate the realm memory with the initial contents, which include
the device tree blob, the kernel image, and initrd, if specified,
or the firmware image.

Populating an image in the realm involves two steps:
a) Mark the IPA area as RAM - INIT_IPA_REALM
b) Load the contents into the IPA - POPULATE_REALM

Wherever we know the actual size of an image in memory, we make
sure the "memory area" is initialised to RAM.
e.g., Linux kernel image size from the header which includes the bss etc.
The "file size" on disk for the Linux image is much smaller.
We mark the region of size Image.header.size as RAM (a), from the kernel
load address. And load the Image file into the memory (b) above.
At the moment we only detect the Arm64 Linux Image header format.

Since we're already touching the code that copies the
initrd in guest memory, let's do a bit of cleaning and remove a
useless local variable.

Signed-off-by: Alexandru Elisei <alexandru.elisei@xxxxxxx>
[ Make sure the Linux kernel image area is marked as RAM ]
Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>

diff --git a/arm/kvm.c b/arm/kvm.c
index acb627b2..57c5b5f7 100644
--- a/arm/kvm.c
+++ b/arm/kvm.c
@@ -6,6 +6,7 @@
#include "kvm/fdt.h"
#include "arm-common/gic.h"
+#include <asm/realm.h>
#include <sys/resource.h>
@@ -167,6 +168,9 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm, int fd_kernel, int fd_initrd,
pr_debug("Loaded kernel to 0x%llx (%llu bytes)",
kvm->arch.kern_guest_start, kvm->arch.kern_size);

I've noticed that multiple calling of the measurement test from the kvm-unit-tests suite results in different Realm Initial Measurements, although the kernel image is always the same.

After short investigation, I've found that the RIM starts being different while populating the last 4kB chunk of the kernel image.
The issue occurs when the image size is not aligned to the page size (4kB).

After zeroing the unused area of the last chunk, the measurements become repeatable.

That is a good point. We could memset() the remaining bits of the 4K page to 0. I will make this change.

Suzuki

Next message: Baolu Lu: "Re: [PATCH 1/4] iommu/vt-d: Implement set device pasid op for default domain"
Previous message: Piotr Sawicki: "Re: [RFC kvmtool 18/31] arm64: Populate initial realm contents"
In reply to: Piotr Sawicki: "Re: [RFC kvmtool 18/31] arm64: Populate initial realm contents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]