On 06/09/2024 05:32, Gavin Shan wrote:
On 8/19/24 11:19 PM, Steven Price wrote:
From: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
On Arm CCA, with RMM-v1.0, all MMIO regions are shared. However, in
the future, an Arm CCA-v1.0 compliant guest may be run in a lesser
privileged partition in the Realm World (with Arm CCA-v1.1 Planes
feature). In this case, some of the MMIO regions may be emulated
by a higher privileged component in the Realm world, i.e, protected.
Thus the guest must decide today, whether a given MMIO region is shared
vs Protected and create the stage1 mapping accordingly. On Arm CCA, this
detection is based on the "IPA State" (RIPAS == RIPAS_IO). Provide a
helper to run this check on a given range of MMIO.
Also, provide a arm64 helper which may be hooked in by other solutions.
Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
Signed-off-by: Steven Price <steven.price@xxxxxxx>
---
New patch for v5
---
arch/arm64/include/asm/io.h | 8 ++++++++
arch/arm64/include/asm/rsi.h | 3 +++
arch/arm64/include/asm/rsi_cmds.h | 21 +++++++++++++++++++++
arch/arm64/kernel/rsi.c | 26 ++++++++++++++++++++++++++
4 files changed, 58 insertions(+)
diff --git a/arch/arm64/kernel/rsi.c b/arch/arm64/kernel/rsi.c
index e968a5c9929e..381a5b9a5333 100644
--- a/arch/arm64/kernel/rsi.c
+++ b/arch/arm64/kernel/rsi.c
@@ -67,6 +67,32 @@ void __init arm64_rsi_setup_memory(void)
}
}
+bool arm64_rsi_is_protected_mmio(phys_addr_t base, size_t size)
+{
+ enum ripas ripas;
+ phys_addr_t end, top;
+
+ /* Overflow ? */
+ if (WARN_ON(base + size < base))
+ return false;
+
+ end = ALIGN(base + size, RSI_GRANULE_SIZE);
+ base = ALIGN_DOWN(base, RSI_GRANULE_SIZE);
+
+ while (base < end) {
+ if (WARN_ON(rsi_ipa_state_get(base, end, &ripas, &top)))
+ break;
+ if (WARN_ON(top <= base))
+ break;
+ if (ripas != RSI_RIPAS_IO)
+ break;
+ base = top;
+ }
+
+ return (size && base >= end);
+}
I don't understand why @size needs to be checked here. Its initial value
taken from the input parameter should be larger than zero and its value
is never updated in the loop. So I'm understanding @size is always larger
than zero, and the condition would be something like below if I'm correct.
Yes you are correct. I'm not entirely sure why it was written that way.
The only change dropping 'size' as you suggest is that a zero-sized
region is considered protected. But I'd consider it a bug if this is
called with size=0. I'll drop 'size' here.
return (base >= end); /* RSI_RIPAS_IO returned for all
granules */
Another issue is @top is always zero with the latest tf-rmm. More details
are provided below.
That suggests that you are not actually using the 'latest' tf-rmm ;)
(for some definition of 'latest' which might not be obvious!)
From the cover letter:
As mentioned above the new RMM specification means that corresponding
changes need to be made in the RMM, at this time these changes are still
in review (see 'topics/rmm-1.0-rel0-rc1'). So you'll need to fetch the
changes[3] from the gerrit instance until they are pushed to the main
branch.
[3] https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/30485
Sorry, I should probably have made this much more prominent in the cover
letter.
Running something like...
git fetch https://git.trustedfirmware.org/TF-RMM/tf-rmm.git \
refs/changes/85/30485/11
... should get you the latest. Hopefully these changes will get merged
to the main branch soon.