From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818148213449.6862186356286; Thu, 14 May 2026 21:09:08 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309336.1580348 (Exim 4.92) (envelope-from ) id 1wNjqe-0001Nj-Gr; Fri, 15 May 2026 04:08:28 +0000 Received: by outflank-mailman (output) from mailman id 1309336.1580348; Fri, 15 May 2026 04:08:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqe-0001Nc-Dt; Fri, 15 May 2026 04:08:28 +0000 Received: by outflank-mailman (input) for mailman id 1309336; Fri, 15 May 2026 04:08:27 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqc-0001NQ-T6 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:27 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqb-00GbfP-Qc for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:25 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-2eae-0a2a0a5409dd-0a2a4504bda6-32 for ; Fri, 15 May 2026 06:08:24 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-3 for ; Fri, 15 May 2026 06:08:24 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:19 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OJxL/IMpQJmUgRs5VxGI2XICEhI0T5gC1vXu7RVdLRjyOvg3Q1naipgsfgabtHM9Ubh05H06f99AqtlTozYNDO6H80s97StjGz7cXZGRpfFHn1ElYGNoNVUQ5bGeJFEiisXAZZkMcQnv6uX7ohPqNLb6U70k9baqPyCzdgCAX9EXgS30jm5xYheS5Ry24UvZgxQx6/ScXNyRte+7Psih6fLyLhiDYgemdJeCF/KwCFaIwr6N86CaX91MwL92UN0rFZsQ3RdfOjQ0EQ64nxUf8Af/zztrJ7mRjHJtvuMJ9eKqyS65f7v/2gcdlswp8NRp7kJmQI/xdwdk6hWWKlGQVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zRhAUy+m4ZSSA0NruENsBXlnXW5tyOZSqdGUD5wIM0s=; b=EpJZGwSGz6JOqw3WAskam2PoOMh0S4o9azLj8jWg3jRuW/zPR7KKX8VHbSEC9jQkVNOHguOMb/rc32PxvckU7SgTtA5yOJtqoc4UBCkoJU6kqkHzdRMs0hPPpj0a+oi0sAUTV/P+t6om8iiAidnJy7zQUyJcilylvgiZ/iHzy+bosQJRd/aqHBp5MLBTc1nkttoTTwpBNbrYbPDxtYE6asurPzfW+G/dDDnyY3Z9FkG+8a7mrPgj9egtchynQ16sBq1Ar3FRhM87vGAJOtOKvbljhJ4CML6BVKDhL92yCX6/1upFRfMVWkhTYJrvVWa6H+hrkPVPQ26SFm3KAGeYKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zRhAUy+m4ZSSA0NruENsBXlnXW5tyOZSqdGUD5wIM0s=; b=nuV4Os6NjRJN9CESTPR8Andtnci3UYfD0h6cIi7wBNyfMzXeEwO0DCpidsuKhUtgYa/JwQOneFKBa0+1XL6X5VOlTA+zZK57WI2f7gOOUms7C7tm68Fuqy+pf4id2KLGHAnQAKRvRXd1x0G2hnha1L8KF3qcLpA/8vLdjRoZXCQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 01/26] xen/arm/cca: add RMI v2.0 ABI definitions Date: Fri, 15 May 2026 13:07:47 +0900 Message-ID: <20260515040812.983626-2-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0278.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c9::19) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: aaaf22c6-02f3-4dbc-8e00-08deb237990c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|3023799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: CDvH6HKxcW4p9SA4LCABu0v1dAiH/jgC9IM+mY7LlKBUCGsxTOx8fMURl/ppDiL8poSiMMdqwqkMtdQooen6h09CMtLgKEMChCNI5QMgq3wWE6xye2FcXnX4YqZD+sjNy3BlFgU46ur8mEeqbUckzrdxTbl1vqLYo90EpdA0RHjCWch9+vV7OvaKRECeh+pCiQLrj90gODXXnGpqXPrQkVEfiE0EIerTjaEooTNXbZ+u1NJUDwAg9E+JK/sibBzOsSIOjCZp53swQJ/GR1YCNipr9xYeickySCdh8nkyC0PWXmbYPC8bjUq7QubC+khiUpzh9ZPMKcfJOGMBjkaiPHawl471ihWnsg9hBy/ITFN/0DnDp4g2h3oMfR4w+u951aWWeZocq69gjHcHB35/+hxDDM5MhvSqw1b+ope18BpcGUCTQWq+LZOsBceZI4s745e1CLkKAdLEOtHsnBq50v2tpSiY+NWy7GNa5vlxAxNFF+AytaVx0SbTeZ2qR7UqDiIJtPx+XkLncCa3JaUA1g4U5yilTTKGbRHzX5oFiQiLy6hmZAue1dyEKu7Kd7/RzDUFyhU1lFyn6zRTWJv83VZ1XuuikIQqtaw4eQlCbD5kGkmmD+p/dRzt1jK8Ok6H9suJkvK1SJUiNa43l2S7Yh8FjIu1KmH9GSbCCwewMSHzKg8kZIMBhaAsHciwfqA5 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(3023799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?F4Uk3HRBrs89kPJMw1ucVJGpiLhQIu8FXgafrnPGlA6zgVBYrIXIj0BjkHyM?= =?us-ascii?Q?wMYmw+O08osWDQg3rDKmQphNs0tvHBwgHFF2IMPOKq00WBHQPChYi5naUMHh?= =?us-ascii?Q?zOUMPPsVVL/VadTKF2Q3VLVZZXFuK6W+seHy4PEokKtlA1RoP5odeHkDecyZ?= =?us-ascii?Q?cUUKSAZddpkrZlEAmXmqx5IWs2pviYEZADXtXtQzb3yMxLhLdUDSyPdZyagk?= =?us-ascii?Q?1KlGYi7kk5+aAS3D+CYig9rAA+S90up7xKwJUvkVFzsoJIYbyUHl9MQwzcJL?= =?us-ascii?Q?tbCCS2IYL7pE33OULr3XZjv52aJ99XaRqvUElf6pbdlji6GEAhOwhts7F9qJ?= =?us-ascii?Q?a3uBW4EXSc+ARrM1yoBouuNGSDtMc+RpWbiDAF1SbvNXPYAwypBCHfWeqtP0?= =?us-ascii?Q?GbvFMg8neVzg00nl6d5aa9bUqD1jrw15fwB9T8iVuSTSiqcNd0VkzaMfjSLg?= =?us-ascii?Q?qln/lH0O4W7L5jFtj59srCxnyny7eTUVS2Eaq1K31yspPmNmdBDhlN2vAXxI?= =?us-ascii?Q?ZBM897AC+VO/iLZBI6ezR+37NoZg92kFFAGVSM2OuDD1pb/8Q5pQGTGI6z+t?= =?us-ascii?Q?yQ+pDenq9wp5HXcnAiT5Jc2FN6uTliTtBq6NpJN36TTrr+7LxoXt5LlIHMij?= =?us-ascii?Q?5eZRq8/jaUyme5D4lwA21eopCU/8HNqEeZL2CjTVQw/U/QrT4dSsfoSsLpjp?= =?us-ascii?Q?8t/+FKUZgW9xMlk/eRi4C4w36v5slQ9JA1mlMzC4bIdqrnpWvd93H3575xss?= =?us-ascii?Q?gOIRarah30GhLYE1ZjMjukwU4tdQ6PJbw3nznQOdAeZ4+/ZucopGsCXY3Ykj?= =?us-ascii?Q?sPErhRWj6cJWiIALNQEm8unZuzJvPz6rzY6ryothstpvHXxC4G2e1BoLQj6y?= =?us-ascii?Q?XSobeozkxsB8KpbknDaXpv5Z63cTU2bf5KrWej8Wfm2isqlF/ls42QRxSl00?= =?us-ascii?Q?7PCWlgBBAUA0yr/V6G6B9yrXLs7lKIpY+bZZBI+mxYHkvMiWlMTIkHylGSf7?= =?us-ascii?Q?dzlSVRWxSSBHFqSSHrX9/zwDTqMW9cAh13ANXC9z5jxNHUHf7iVvcv3lNUIa?= =?us-ascii?Q?Z/ukZN9zI0r0PWOsaY4uRoJAU4sw6KI5zo7QeXnijuUzMR3ADZcrcMY92gsI?= =?us-ascii?Q?jC8gOK8iqeNzv0sA0vdMMbo1QS3hG0dQEba6oQw5hoq7bvbRncPAMiHSYbHi?= =?us-ascii?Q?ofbamnfmJYRFiNrVFr4G8bjsRdXzNX5QYdLNaDkRHwj8jU6dYpxsJQqghQIN?= =?us-ascii?Q?TpyqYh3ToC+6sA4ovF4Xj3+py+fgo9gtC0XCItlDL0hZ5dicE/d32qRCT4m4?= =?us-ascii?Q?MUJf8OdRzrKHY+QDdGozroAOBHcZLMeJiKHunWtDZvjwbuPj5FlyBimMQhcV?= =?us-ascii?Q?oqQ+W0Nf7tiUeKn4pyEtXWsx3kragq7UnMov29wa0YP8F9+bCmTcqHFcnDl/?= =?us-ascii?Q?re8SYwL/eNvXa5ViVZI+a0ob1RU6+a9ZRFwi+xGcIBUS6HmqyOCvzjat5GYZ?= =?us-ascii?Q?cioa98kONJh0E8Ilj6UDhGW65blhIsdiaMkHjVtVutMZDWmNwPTZQIlY1BOE?= =?us-ascii?Q?hauhJ6StGlw87IHOFP6AMem5F2KMpDCLt/GVqN5LOC2n8OW652vq1qCHcFhH?= =?us-ascii?Q?tp21yC4fXKMESbqOG+ANQWePA9kL5Ixq184/2j554DMdeSOw59/zDoc71dh9?= =?us-ascii?Q?x75TTW8ic9sT49q5D4yArE7bc2fT3xaYHRnC/UdmiM6/X5UBqZTlAWAGGEQv?= =?us-ascii?Q?EuYo1HqNuDXEQviKxU2LR7ZgntV4X5/M2bk93Pq2HpJ7bGx7UyJR?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: aaaf22c6-02f3-4dbc-8e00-08deb237990c X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:19.4652 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: c0zwo4KnvoNu3ZI3OGRLcjuWw3kuT1WDQJYqyygfFCuhX3Zi5687kjxNYHlblNPcRoqYi12+EeuTbPLi0CRN+w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818104-2B3673FF-C2C68BD9/0/0 X-purgate-type: clean X-purgate-size: 21249 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818149512158500 Content-Type: text/plain; charset="utf-8" Define the RMI v2.0 commands and types Xen needs to manage Realm VPEs. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/rmi-abi.h | 433 +++++++++++++++++++++++++++++++++++++ 1 file changed, 433 insertions(+) create mode 100644 xen/arch/arm/cca/rmi-abi.h diff --git a/xen/arch/arm/cca/rmi-abi.h b/xen/arch/arm/cca/rmi-abi.h new file mode 100644 index 000000000000..7afb1ae05bca --- /dev/null +++ b/xen/arch/arm/cca/rmi-abi.h @@ -0,0 +1,433 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * RMI v2.0 ABI definitions used by Xen from DEN0137 2.0-bet1. + */ + +#ifndef ARM_CCA_RMI_ABI_H +#define ARM_CCA_RMI_ABI_H + +#include + +#define ARM_CCA_RMI_ABI_VERSION_MAJOR 2U +#define ARM_CCA_RMI_ABI_VERSION_MINOR 0U +#define ARM_CCA_RMI_ABI_VERSION \ + (((uint32_t)ARM_CCA_RMI_ABI_VERSION_MAJOR << 16) | \ + ARM_CCA_RMI_ABI_VERSION_MINOR) + +#define ARM_CCA_RMI_VERSION_GET_MAJOR(_v) ((_v) >> 16) +#define ARM_CCA_RMI_VERSION_GET_MINOR(_v) ((_v) & 0xffffU) + +#define ARM_CCA_RMI_FID_BASE 0xC4000150U +#define ARM_CCA_RMI_FID(_off) (ARM_CCA_RMI_FID_BASE + (_off)) + +/* DEN0137 2.0-bet1 - B4.5 RMI commands */ +#define ARM_CCA_RMI_VERSION_FID ARM_CCA_RMI_FID(0x0) +#define ARM_CCA_RMI_RTT_DATA_MAP_INIT_FID ARM_CCA_RMI_FID(0x3) +#define ARM_CCA_RMI_REALM_ACTIVATE_FID ARM_CCA_RMI_FID(0x7) +#define ARM_CCA_RMI_REALM_CREATE_FID ARM_CCA_RMI_FID(0x8) +#define ARM_CCA_RMI_REALM_DESTROY_FID ARM_CCA_RMI_FID(0x9) +#define ARM_CCA_RMI_REC_CREATE_FID ARM_CCA_RMI_FID(0xa) +#define ARM_CCA_RMI_REC_DESTROY_FID ARM_CCA_RMI_FID(0xb) +#define ARM_CCA_RMI_REC_ENTER_FID ARM_CCA_RMI_FID(0xc) +#define ARM_CCA_RMI_RTT_CREATE_FID ARM_CCA_RMI_FID(0xd) +#define ARM_CCA_RMI_RTT_DESTROY_FID ARM_CCA_RMI_FID(0xe) +#define ARM_CCA_RMI_RTT_READ_ENTRY_FID ARM_CCA_RMI_FID(0x11) +#define ARM_CCA_RMI_RTT_DEV_VALIDATE_FID ARM_CCA_RMI_FID(0x13) +#define ARM_CCA_RMI_PSCI_COMPLETE_FID ARM_CCA_RMI_FID(0x14) +#define ARM_CCA_RMI_FEATURES_FID ARM_CCA_RMI_FID(0x15) +#define ARM_CCA_RMI_RTT_FOLD_FID ARM_CCA_RMI_FID(0x16) +#define ARM_CCA_RMI_RTT_INIT_RIPAS_FID ARM_CCA_RMI_FID(0x18) +#define ARM_CCA_RMI_RTT_SET_RIPAS_FID ARM_CCA_RMI_FID(0x19) +#define ARM_CCA_RMI_VSMMU_CREATE_FID ARM_CCA_RMI_FID(0x1a) +#define ARM_CCA_RMI_VSMMU_DESTROY_FID ARM_CCA_RMI_FID(0x1b) +#define ARM_CCA_RMI_RMM_CONFIG_SET_FID ARM_CCA_RMI_FID(0x1e) +#define ARM_CCA_RMI_PSMMU_IRQ_NOTIFY_FID ARM_CCA_RMI_FID(0x1f) +#define ARM_CCA_RMI_PDEV_ABORT_FID ARM_CCA_RMI_FID(0x24) +#define ARM_CCA_RMI_PDEV_COMMUNICATE_FID ARM_CCA_RMI_FID(0x25) +#define ARM_CCA_RMI_PDEV_CREATE_FID ARM_CCA_RMI_FID(0x26) +#define ARM_CCA_RMI_PDEV_DESTROY_FID ARM_CCA_RMI_FID(0x27) +#define ARM_CCA_RMI_PDEV_GET_STATE_FID ARM_CCA_RMI_FID(0x28) +#define ARM_CCA_RMI_PDEV_STREAM_KEY_REFRESH_FID ARM_CCA_RMI_FID(0x2a) +#define ARM_CCA_RMI_PDEV_SET_PUBKEY_FID ARM_CCA_RMI_FID(0x2b) +#define ARM_CCA_RMI_PDEV_STOP_FID ARM_CCA_RMI_FID(0x2c) +#define ARM_CCA_RMI_RTT_AUX_CREATE_FID ARM_CCA_RMI_FID(0x2d) +#define ARM_CCA_RMI_RTT_AUX_DESTROY_FID ARM_CCA_RMI_FID(0x2e) +#define ARM_CCA_RMI_RTT_AUX_FOLD_FID ARM_CCA_RMI_FID(0x2f) +#define ARM_CCA_RMI_VDEV_ABORT_FID ARM_CCA_RMI_FID(0x35) +#define ARM_CCA_RMI_VDEV_COMMUNICATE_FID ARM_CCA_RMI_FID(0x36) +#define ARM_CCA_RMI_VDEV_CREATE_FID ARM_CCA_RMI_FID(0x37) +#define ARM_CCA_RMI_VDEV_DESTROY_FID ARM_CCA_RMI_FID(0x38) +#define ARM_CCA_RMI_VDEV_GET_STATE_FID ARM_CCA_RMI_FID(0x39) +#define ARM_CCA_RMI_VDEV_UNLOCK_FID ARM_CCA_RMI_FID(0x3a) +#define ARM_CCA_RMI_RTT_SET_S2AP_FID ARM_CCA_RMI_FID(0x3b) +#define ARM_CCA_RMI_VDEV_COMPLETE_FID ARM_CCA_RMI_FID(0x3e) +#define ARM_CCA_RMI_VDEV_GET_INTERFACE_REPORT_FID ARM_CCA_RMI_FID(0x80) +#define ARM_CCA_RMI_VDEV_GET_MEASUREMENTS_FID ARM_CCA_RMI_FID(0x81) +#define ARM_CCA_RMI_VDEV_LOCK_FID ARM_CCA_RMI_FID(0x82) +#define ARM_CCA_RMI_VDEV_START_FID ARM_CCA_RMI_FID(0x83) +#define ARM_CCA_RMI_VSMMU_EVENT_NOTIFY_FID ARM_CCA_RMI_FID(0x86) +#define ARM_CCA_RMI_PSMMU_ACTIVATE_FID ARM_CCA_RMI_FID(0x87) +#define ARM_CCA_RMI_PSMMU_DEACTIVATE_FID ARM_CCA_RMI_FID(0x88) +#define ARM_CCA_RMI_PSMMU_ST_L2_CREATE_FID ARM_CCA_RMI_FID(0x8b) +#define ARM_CCA_RMI_PSMMU_ST_L2_DESTROY_FID ARM_CCA_RMI_FID(0x8c) +#define ARM_CCA_RMI_DPT_L0_CREATE_FID ARM_CCA_RMI_FID(0x8d) +#define ARM_CCA_RMI_DPT_L0_DESTROY_FID ARM_CCA_RMI_FID(0x8e) +#define ARM_CCA_RMI_DPT_L1_CREATE_FID ARM_CCA_RMI_FID(0x8f) +#define ARM_CCA_RMI_DPT_L1_DESTROY_FID ARM_CCA_RMI_FID(0x90) +#define ARM_CCA_RMI_GRANULE_TRACKING_GET_FID ARM_CCA_RMI_FID(0x91) +#define ARM_CCA_RMI_GRANULE_TRACKING_SET_FID ARM_CCA_RMI_FID(0x93) +#define ARM_CCA_RMI_RMM_CONFIG_GET_FID ARM_CCA_RMI_FID(0x9c) +#define ARM_CCA_RMI_VSMMU_EVENT_COMPLETE_FID ARM_CCA_RMI_FID(0x9e) +#define ARM_CCA_RMI_PSMMU_EVENT_DISCARD_FID ARM_CCA_RMI_FID(0xa0) +#define ARM_CCA_RMI_GRANULE_RANGE_DELEGATE_FID ARM_CCA_RMI_FID(0xa1) +#define ARM_CCA_RMI_GRANULE_RANGE_UNDELEGATE_FID ARM_CCA_RMI_FID(0xa2) +#define ARM_CCA_RMI_GPT_L1_CREATE_FID ARM_CCA_RMI_FID(0xa3) +#define ARM_CCA_RMI_GPT_L1_DESTROY_FID ARM_CCA_RMI_FID(0xa4) +#define ARM_CCA_RMI_RTT_DATA_MAP_FID ARM_CCA_RMI_FID(0xa5) +#define ARM_CCA_RMI_RTT_DATA_UNMAP_FID ARM_CCA_RMI_FID(0xa6) +#define ARM_CCA_RMI_RTT_DEV_MAP_FID ARM_CCA_RMI_FID(0xa7) +#define ARM_CCA_RMI_RTT_DEV_UNMAP_FID ARM_CCA_RMI_FID(0xa8) +#define ARM_CCA_RMI_RTT_ARCH_DEV_MAP_FID ARM_CCA_RMI_FID(0xa9) +#define ARM_CCA_RMI_RTT_ARCH_DEV_UNMAP_FID ARM_CCA_RMI_FID(0xaa) +#define ARM_CCA_RMI_RTT_UNPROT_MAP_FID ARM_CCA_RMI_FID(0xab) +#define ARM_CCA_RMI_RTT_UNPROT_UNMAP_FID ARM_CCA_RMI_FID(0xac) +#define ARM_CCA_RMI_RTT_AUX_PROT_MAP_FID ARM_CCA_RMI_FID(0xad) +#define ARM_CCA_RMI_RTT_AUX_PROT_UNMAP_FID ARM_CCA_RMI_FID(0xae) +#define ARM_CCA_RMI_RTT_AUX_UNPROT_MAP_FID ARM_CCA_RMI_FID(0xaf) +#define ARM_CCA_RMI_RTT_AUX_UNPROT_UNMAP_FID ARM_CCA_RMI_FID(0xb0) +#define ARM_CCA_RMI_REALM_TERMINATE_FID ARM_CCA_RMI_FID(0xb1) +#define ARM_CCA_RMI_RMM_ACTIVATE_FID ARM_CCA_RMI_FID(0xb2) +#define ARM_CCA_RMI_OP_CONTINUE_FID ARM_CCA_RMI_FID(0xb3) +#define ARM_CCA_RMI_PDEV_STREAM_CONNECT_FID ARM_CCA_RMI_FID(0xb4) +#define ARM_CCA_RMI_PDEV_STREAM_DISCONNECT_FID ARM_CCA_RMI_FID(0xb5) +#define ARM_CCA_RMI_PDEV_STREAM_COMPLETE_FID ARM_CCA_RMI_FID(0xb6) +#define ARM_CCA_RMI_PDEV_STREAM_KEY_PURGE_FID ARM_CCA_RMI_FID(0xb7) +#define ARM_CCA_RMI_OP_MEM_DONATE_FID ARM_CCA_RMI_FID(0xb8) +#define ARM_CCA_RMI_OP_MEM_RECLAIM_FID ARM_CCA_RMI_FID(0xb9) +#define ARM_CCA_RMI_OP_CANCEL_FID ARM_CCA_RMI_FID(0xba) +#define ARM_CCA_RMI_VSMMU_FEATURES_FID ARM_CCA_RMI_FID(0xbb) +#define ARM_CCA_RMI_VSMMU_CMD_GET_FID ARM_CCA_RMI_FID(0xbc) +#define ARM_CCA_RMI_VSMMU_CMD_COMPLETE_FID ARM_CCA_RMI_FID(0xbd) + +/* DEN0137 2.0-bet1 - B4.6.1 RmiAddrBlockSize type */ +#define ARM_CCA_RMI_PAGE_L3 0U +#define ARM_CCA_RMI_BLOCK_L2 1U +#define ARM_CCA_RMI_BLOCK_L1 2U +#define ARM_CCA_RMI_BLOCK_L0 3U + +/* DEN0137 2.0-bet1 - B4.6.5 RmiAddrRangeDesc4KB type */ +#define ARM_CCA_RMI_ADDR_DESC_4K_SZ_SHIFT 0U +#define ARM_CCA_RMI_ADDR_DESC_4K_SZ_WIDTH 2U +#define ARM_CCA_RMI_ADDR_DESC_4K_CNT_SHIFT 2U +#define ARM_CCA_RMI_ADDR_DESC_4K_CNT_WIDTH 10U +#define ARM_CCA_RMI_ADDR_DESC_4K_ADDR_SHIFT 12U +#define ARM_CCA_RMI_ADDR_DESC_4K_ADDR_WIDTH 40U +#define ARM_CCA_RMI_ADDR_DESC_4K_ST_SHIFT 63U +#define ARM_CCA_RMI_ADDR_DESC_4K_ST_WIDTH 1U + +/* DEN0137 2.0-bet1 - B4.6.10 RmiContinueBeyond type */ +#define ARM_CCA_RMI_CONTINUE_KEEP_GOING 0U +#define ARM_CCA_RMI_CONTINUE_STOP 1U + +/* DEN0137 2.0-bet1 - B4.6.12 RmiDataFlags type */ +#define ARM_CCA_RMI_DATA_FLAGS_MEASURE_SHIFT 0U +#define ARM_CCA_RMI_DATA_FLAGS_MEASURE_WIDTH 1U + +/* DEN0137 2.0-bet1 - B4.6.13 RmiDataMeasureContent type */ +#define ARM_CCA_RMI_NO_MEASURE_CONTENT 0U +#define ARM_CCA_RMI_MEASURE_CONTENT 1U + +#define ARM_CCA_RMI_DATA_FLAGS_MEASURE_CONTENT \ + (ARM_CCA_RMI_MEASURE_CONTENT << ARM_CCA_RMI_DATA_FLAGS_MEASURE_SHIFT) + +/* DEN0137 2.0-bet1 - B4.6.22 RmiFeature type */ +#define ARM_CCA_RMI_FEATURE_FALSE 0U +#define ARM_CCA_RMI_FEATURE_TRUE 1U + +/* DEN0137 2.0-bet1 - B4.6.23 RmiFeatureRegister0 type */ +#define ARM_CCA_RMI_FEATURE_REGISTER_0_S2SZ_SHIFT 0U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_S2SZ_WIDTH 8U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_LPA2_SHIFT 8U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_LPA2_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_SHIFT 9U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_VL_SHIFT 10U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_VL_WIDTH 4U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_BPS_SHIFT 14U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_BPS_WIDTH 6U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_WPS_SHIFT 20U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_WPS_WIDTH 6U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_SHIFT 26U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_NUM_CTRS_SHIFT 27U +#define ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_NUM_CTRS_WIDTH 5U + +/* DEN0137 2.0-bet1 - B4.6.24 RmiFeatureRegister1 type */ +#define ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_4KB_SHIFT 0U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_4KB_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_16KB_SHIFT 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_16KB_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_64KB_SHIFT 2U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_64KB_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_256_SHIFT 3U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_256_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_384_SHIFT 4U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_384_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_512_SHIFT 5U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_512_WIDTH 1U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_MAX_RECS_ORDER_SHIFT 6U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_MAX_RECS_ORDER_WIDTH 4U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_L0GPTSZ_SHIFT 10U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_L0GPTSZ_WIDTH 4U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_PPS_SHIFT 14U +#define ARM_CCA_RMI_FEATURE_REGISTER_1_PPS_WIDTH 3U + +/* DEN0137 2.0-bet1 - B4.6.27 RmiFeatureRegister4 type */ +#define ARM_CCA_RMI_FEATURE_REGISTER_4_MEC_COUNT_SHIFT 0U +#define ARM_CCA_RMI_FEATURE_REGISTER_4_MEC_COUNT_WIDTH 64U + +/* DEN0137 2.0-bet1 - B4.6.29 RmiGranuleSize type */ +#define ARM_CCA_RMI_GRANULE_SIZE_4KB 0U +#define ARM_CCA_RMI_GRANULE_SIZE_16KB 1U +#define ARM_CCA_RMI_GRANULE_SIZE_64KB 2U + +/* DEN0137 2.0-bet1 - B4.6.30 RmiHashAlgorithm type */ +#define ARM_CCA_RMI_HASH_SHA_256 0U +#define ARM_CCA_RMI_HASH_SHA_512 1U +#define ARM_CCA_RMI_HASH_SHA_384 2U + +/* DEN0137 2.0-bet1 - B4.6.35 RmiMecPolicy type */ +#define ARM_CCA_RMI_MEC_POLICY_SHARED 0U +#define ARM_CCA_RMI_MEC_POLICY_PRIVATE 1U + +/* DEN0137 2.0-bet1 - B4.6.36 RmiMemCategory type */ +#define ARM_CCA_RMI_MEM_CATEGORY_CONVENTIONAL 0U +#define ARM_CCA_RMI_MEM_CATEGORY_DEV_NCOH 1U +#define ARM_CCA_RMI_MEM_CATEGORY_DEV_COH 2U + +/* DEN0137 2.0-bet1 - B4.6.37 RmiOpCanCancel type */ +#define ARM_CCA_RMI_OP_CANNOT_CANCEL 0U +#define ARM_CCA_RMI_OP_CAN_CANCEL 1U + +/* DEN0137 2.0-bet1 - B4.6.38 RmiOpMemContig type */ +#define ARM_CCA_RMI_OP_MEM_NON_CONTIG 0U +#define ARM_CCA_RMI_OP_MEM_CONTIG 1U + +/* DEN0137 2.0-bet1 - B4.6.39 RmiOpMemDonateReq type */ +#define ARM_CCA_RMI_OP_DONATE_BLK_SIZE_SHIFT 0U +#define ARM_CCA_RMI_OP_DONATE_BLK_SIZE_WIDTH 2U +#define ARM_CCA_RMI_OP_DONATE_BLK_COUNT_SHIFT 2U +#define ARM_CCA_RMI_OP_DONATE_BLK_COUNT_WIDTH 14U +#define ARM_CCA_RMI_OP_DONATE_MEM_CONTIG_SHIFT 16U +#define ARM_CCA_RMI_OP_DONATE_MEM_CONTIG_WIDTH 1U +#define ARM_CCA_RMI_OP_DONATE_MEM_STATE_SHIFT 17U +#define ARM_CCA_RMI_OP_DONATE_MEM_STATE_WIDTH 1U + +/* DEN0137 2.0-bet1 - B4.6.40 RmiOpMemReq type */ +#define ARM_CCA_RMI_OP_MEM_REQ_NONE 0U +#define ARM_CCA_RMI_OP_MEM_REQ_DONATE 1U +#define ARM_CCA_RMI_OP_MEM_REQ_RECLAIM 2U + +/* DEN0137 2.0-bet1 - B4.6.41 RmiOpMemState type */ +#define ARM_CCA_RMI_OP_MEM_DELEGATED 0U +#define ARM_CCA_RMI_OP_MEM_UNDELEGATED 1U + +/* DEN0137 2.0-bet1 - B4.6.60 RmiRealmFlags0 type */ +#define ARM_CCA_RMI_REALM_FLAGS0_MEC_POLICY_SHIFT 7U +#define ARM_CCA_RMI_REALM_FLAGS0_MEC_POLICY_WIDTH 2U +#define ARM_CCA_RMI_REALM_FLAGS0_MEC_POLICY(policy) \ + ((uint64_t)(policy) << ARM_CCA_RMI_REALM_FLAGS0_MEC_POLICY_SHIFT) + +/* DEN0137 2.0-bet1 - B4.6.62 RmiRealmParams type */ +#define ARM_CCA_RMI_PARAMS_SIZE 0x1000U +#define ARM_CCA_RMI_RPV_SIZE 64U + +struct arm_cca_rmi_realm_params { + uint64_t flags0; + uint8_t s2sz; + uint8_t __pad0[0x10 - 0x09]; + uint8_t sve_vl; + uint8_t __pad1[0x18 - 0x11]; + uint8_t num_bps; + uint8_t __pad2[0x20 - 0x19]; + uint8_t num_wps; + uint8_t __pad3[0x28 - 0x21]; + uint8_t pmu_num_ctrs; + uint8_t __pad4[0x30 - 0x29]; + uint8_t hash_algo; + uint8_t __pad5[0x38 - 0x31]; + uint64_t num_aux_planes; + uint8_t __pad6[0x400 - 0x40]; + uint8_t rpv[ARM_CCA_RMI_RPV_SIZE]; + uint64_t ats_plane; + uint8_t __pad7[0x808 - 0x448]; + uint64_t rtt_base; + int64_t rtt_level_start; + uint32_t rtt_num_start; + uint8_t __pad8[0x820 - 0x81c]; + uint64_t flags1; + uint8_t __pad9[0xf80 - 0x828]; + uint64_t aux_rtt_base[3]; + uint8_t __pad10[ARM_CCA_RMI_PARAMS_SIZE - 0xf98]; +} __packed; + +/* DEN0137 2.0-bet1 - B4.6.63 RmiRecCreateFlags type */ +#define ARM_CCA_RMI_REC_CREATE_RUNNABLE (1UL << 0) + +/* DEN0137 2.0-bet1 - B4.6.64 RmiRecEnter type */ +#define ARM_CCA_RMI_REC_ENTER_SIZE 0x800U +#define ARM_CCA_RMI_REC_NR_GPRS 31U + +struct arm_cca_rmi_rec_enter { + uint64_t flags; + uint8_t __pad0[0x200 - 0x008]; + uint64_t gprs[ARM_CCA_RMI_REC_NR_GPRS]; + uint8_t __pad1[ARM_CCA_RMI_REC_ENTER_SIZE - + (0x200 + ARM_CCA_RMI_REC_NR_GPRS * 8)]; +} __packed; + +/* DEN0137 2.0-bet1 - B4.6.65 RmiRecEnterFlags type */ +#define ARM_CCA_RMI_REC_ENTER_FLAG_EMUL_MMIO (1UL << 0) +#define ARM_CCA_RMI_REC_ENTER_FLAG_INJECT_SEA (1UL << 1) +#define ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFI (1UL << 2) +#define ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFE (1UL << 3) +#define ARM_CCA_RMI_REC_ENTER_FLAG_RIPAS_RESPONSE (1UL << 4) +#define ARM_CCA_RMI_REC_ENTER_FLAG_S2AP_RESPONSE (1UL << 5) +#define ARM_CCA_RMI_REC_ENTER_FLAG_DEV_MEM_RESPONSE (1UL << 6) +#define ARM_CCA_RMI_REC_ENTER_FLAG_FORCE_P0 (1UL << 7) + +/* DEN0137 2.0-bet1 - B4.6.66 RmiRecExit type */ +#define ARM_CCA_RMI_REC_EXIT_SIZE 0x800U + +struct arm_cca_rmi_rec_exit { + uint8_t exit_reason; + uint8_t __pad0[0x100 - 0x001]; + uint64_t esr; + uint64_t far; + uint64_t hpfar; + uint64_t rtt_tree; + uint8_t __pad1[0x200 - 0x120]; + uint64_t gprs[ARM_CCA_RMI_REC_NR_GPRS]; + uint8_t __pad2[0x400 - (0x200 + ARM_CCA_RMI_REC_NR_GPRS * 8)]; + uint64_t cntp_ctl; + uint64_t cntp_cval; + uint64_t cntv_ctl; + uint64_t cntv_cval; + uint8_t __pad3[0x500 - 0x420]; + uint64_t ripas_base; + uint64_t ripas_top; + uint8_t ripas_value; + uint8_t __pad4[0x520 - 0x511]; + uint64_t s2ap_base; + uint64_t s2ap_top; + uint64_t vdev_id_1; + uint64_t vdev_id_2; + uint64_t dev_mem_base; + uint64_t dev_mem_top; + uint64_t dev_mem_pa; + uint8_t __pad5[0x600 - 0x558]; + uint16_t imm; + uint8_t __pad6[0x608 - 0x602]; + uint64_t plane; + uint8_t __pad7[0x700 - 0x610]; + uint8_t pmu_ovf_status; + uint8_t __pad8[0x710 - 0x701]; + uint64_t vsmmu; + uint8_t __pad9[ARM_CCA_RMI_REC_EXIT_SIZE - 0x718]; +} __packed; + +/* DEN0137 2.0-bet1 - B4.6.67 RmiRecExitReason type */ +#define ARM_CCA_RMI_EXIT_SYNC 0U +#define ARM_CCA_RMI_EXIT_IRQ 1U +#define ARM_CCA_RMI_EXIT_FIQ 2U +#define ARM_CCA_RMI_EXIT_PSCI 3U +#define ARM_CCA_RMI_EXIT_RIPAS_CHANGE 4U +#define ARM_CCA_RMI_EXIT_HOST_CALL 5U +#define ARM_CCA_RMI_EXIT_SERROR 6U +#define ARM_CCA_RMI_EXIT_S2AP_CHANGE 7U +#define ARM_CCA_RMI_EXIT_VDEV_REQUEST 8U +#define ARM_CCA_RMI_EXIT_VDEV_VALIDATE_MAPPING 9U +#define ARM_CCA_RMI_EXIT_VSMMU_COMMAND 10U + +/* DEN0137 2.0-bet1 - B4.6.69 RmiRecParams type */ +#define ARM_CCA_RMI_REC_CREATE_NR_GPRS 8U + +struct arm_cca_rmi_rec_params { + uint64_t flags; + uint8_t __pad0[0x100 - 0x008]; + uint64_t mpidr; + uint8_t __pad1[0x200 - 0x108]; + uint64_t pc; + uint8_t __pad2[0x300 - 0x208]; + uint64_t gprs[ARM_CCA_RMI_REC_CREATE_NR_GPRS]; + uint8_t __pad3[ARM_CCA_RMI_PARAMS_SIZE - + (0x300 + ARM_CCA_RMI_REC_CREATE_NR_GPRS * 8)]; +} __packed; + +/* DEN0137 2.0-bet1 - B4.6.70 RmiRecRun type */ +#define ARM_CCA_RMI_REC_RUN_SIZE 0x1000U + +struct arm_cca_rmi_rec_run { + struct arm_cca_rmi_rec_enter enter; + struct arm_cca_rmi_rec_exit exit; +} __packed; + +/* DEN0137 2.0-bet1 - B4.6.73 RmiResult type */ +#define ARM_CCA_RMI_RESULT_STATUS_SHIFT 0U +#define ARM_CCA_RMI_RESULT_STATUS_WIDTH 8U +#define ARM_CCA_RMI_RESULT_DATA_SHIFT 8U + +/* DEN0137 2.0-bet1 - B4.6.74 RmiResultDataIncomplete type */ +#define ARM_CCA_RMI_RESULT_INCOMPLETE_MEM_SHIFT 0U +#define ARM_CCA_RMI_RESULT_INCOMPLETE_MEM_WIDTH 2U +#define ARM_CCA_RMI_RESULT_INCOMPLETE_CAN_CANCEL_SHIFT 2U +#define ARM_CCA_RMI_RESULT_INCOMPLETE_CAN_CANCEL_WIDTH 1U + +/* DEN0137 2.0-bet1 - B4.6.77 RmiRipas type */ +#define ARM_CCA_RMI_RIPAS_EMPTY 0U +#define ARM_CCA_RMI_RIPAS_RAM 1U +#define ARM_CCA_RMI_RIPAS_DESTROYED 2U +#define ARM_CCA_RMI_RIPAS_DEV 3U + +/* DEN0137 2.0-bet1 - B4.6.78 RmiRmmConfig type */ +#define ARM_CCA_RMI_RMM_CONFIG_SIZE 0x1000U +#define ARM_CCA_RMI_TRACKING_4KB_REGION_1GB 0U + +struct arm_cca_rmi_rmm_config { + uint8_t tracking_region_size; + uint8_t __pad0[0x8 - 0x1]; + uint8_t rmi_granule_size; + uint8_t __pad1[ARM_CCA_RMI_RMM_CONFIG_SIZE - 0x9]; +} __packed; + +/* DEN0137 2.0-bet1 - B4.6.80 RmiRttAddrType type */ +#define ARM_CCA_RMI_ADDR_TYPE_NONE 0U +#define ARM_CCA_RMI_ADDR_TYPE_SINGLE 1U +#define ARM_CCA_RMI_ADDR_TYPE_LIST 2U + +/* DEN0137 2.0-bet1 - B4.6.93 RmiStatusCode type */ +#define ARM_CCA_RMI_SUCCESS 0U +#define ARM_CCA_RMI_ERROR_INPUT 1U +#define ARM_CCA_RMI_ERROR_REALM 2U +#define ARM_CCA_RMI_ERROR_REC 3U +#define ARM_CCA_RMI_ERROR_RTT 4U +#define ARM_CCA_RMI_ERROR_NOT_SUPPORTED 5U +#define ARM_CCA_RMI_ERROR_DEVICE 6U +#define ARM_CCA_RMI_ERROR_RTT_AUX 7U +#define ARM_CCA_RMI_ERROR_PSMMU_ST 8U +#define ARM_CCA_RMI_ERROR_DPT 9U +#define ARM_CCA_RMI_BUSY 10U +#define ARM_CCA_RMI_ERROR_GLOBAL 11U +#define ARM_CCA_RMI_ERROR_TRACKING 12U +#define ARM_CCA_RMI_INCOMPLETE 13U +#define ARM_CCA_RMI_BLOCKED 14U +#define ARM_CCA_RMI_ERROR_GPT 15U +#define ARM_CCA_RMI_ERROR_GRANULE 16U + +/* DEN0137 2.0-bet1 - B4.6.94 RmiTrackingRegionState type */ +#define ARM_CCA_RMI_TRACKING_RESERVED 0U +#define ARM_CCA_RMI_TRACKING_NONE 1U +#define ARM_CCA_RMI_TRACKING_FINE 2U +#define ARM_CCA_RMI_TRACKING_COARSE 3U + +#endif /* ARM_CCA_RMI_ABI_H */ --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818145375842.0087742040176; Thu, 14 May 2026 21:09:05 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309337.1580353 (Exim 4.92) (envelope-from ) id 1wNjqe-0001Qi-QH; Fri, 15 May 2026 04:08:28 +0000 Received: by outflank-mailman (output) from mailman id 1309337.1580353; Fri, 15 May 2026 04:08:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqe-0001QW-Ln; Fri, 15 May 2026 04:08:28 +0000 Received: by outflank-mailman (input) for mailman id 1309337; Fri, 15 May 2026 04:08:28 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqd-0001NR-SY for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:28 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqd-00GbfP-8j for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:27 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-2eae-0a2a0a5409dd-0a2a4504bda6-36 for ; Fri, 15 May 2026 06:08:26 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-4 for ; Fri, 15 May 2026 06:08:26 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:20 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fsBNMxPdzUGbCqyDTUfE0JdM1ndGTEDEJAhNShKaXKWqiWyEzkRN4HarF6XjiFzuv0mDoKty6Aarw8jAdG5HBO76Y+Pow+qBUTzno0yE7JraKuXG/mre4VCu7VpzuIeOejIqFFeS40K8prRER3ha+j3TuSspJ+UQ6YIu85T3YtfZ3NwM0vpJD//oHdtO7qN73lOsUStGtnvEAvMsYV27/JjzNAlKlWfm0KUQrCzLtUFophM2CyhsbeWiz8vdelx4ulIy5ymZaq7V5P4oqPt+zfXcbRfafnqxKBQjitKgwIiW46VYrzVDNHIRpauUphHloZm3xerewlv0K7zD5/SjyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P+LWGLET1pPPxjg9pYTqsoCrj/kofsydU9ywUKvFgV0=; b=WzF2LBA7mlelkQLIqFzGBJkUXWmw0FoRCrijYvapMbsZ5tsY37dBrs0GI7TYZLIaslVib9DO3McvX7UWv8JbFfGKr9I18Uziy/pqIN02iF73pFWbFPCOQGs5rE03ClgQlrII0CUkiD4UM0GrSPHz/PsPEGNWikjG+Dq36ZLD6oXt3kyy5Sp1F/g3Qotb/iigvA8yOmIsB4abBFxfJOqPukGzM/Vd0j1pYyKMbUxUvTYayEomoeEtKBObveIFg4AUCJ8kkHiuGsLwYpr7nboNOCSm7tfwEmLKoLxV7A/9MJREAWsqPss1Q6uTsQVB55hr6tLiWEha9j0cwyBAyTE1ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P+LWGLET1pPPxjg9pYTqsoCrj/kofsydU9ywUKvFgV0=; b=t6ey0ZgpEWUB3nPmyfpP5JY1U8zRruXCdTftNX9JtSUEEuRUgMD0qYo/X9RhyArS0JWevAt4c5R4GY/Se8CuHoSVxeCeDdMwx9LPTo3KHGe0XKMIW+QZJjoJBZXVzl4IEpRg3FOpIpsRw5G+ZvTjObttwTglIm8H29T8kSjY2Jc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 02/26] xen/arm/cca: add RMI v2.0 SMCCC core wrappers Date: Fri, 15 May 2026 13:07:48 +0900 Message-ID: <20260515040812.983626-3-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYWP286CA0022.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:262::8) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: eccc8f08-adf6-4905-2cc4-08deb2379985 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|3023799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: Ktjp5SOA5ZmootcF7MkvC1UkSmJ08GXJujPkRQYVUI1UBOP9WMgrywzdgvKLd/d+BrhBmjkFxL8Gm0/9JTqotZDl/qmp5MDbMqWvfZaBirRo6llDO4epD8aNn7q9EijdJWA+yqoxvdFUfGmbNVHw4eZICxdPO1sM3sQ841+oIjXqw72w1ZCl2z7527aZOE/E69LAKdCHqbeif5zVl72atu1IA0VWWJUWjAzD263ONkkpkj/B5RiI5N+zJRX6G0l6j0CZD7006r00mSZHpWOaKyCvrxGTUrk3Gt0wKnZI7mLIK/fzw8VzUXHyqI147rgWVbNsW4lGjzQbecZOAqlkvf0MA1fVegYJ1jJKPWMZ5FbQboVcfpIWKVEi9o7Z3ndDvo895T8W6ehL9kc2pEKvD70lawXPMG59o3Dt0CApb3gqHmQwfLP8ffxkr4wnN2EsyhrXpmkUskMUXULGyL5aGggxYiRjIpiPkcoxGkGY//WF3zGkx1oY8jWfaAJhvxDj+I1UYhbRq1eSkPUUT878awVSFUT/hs0U7CfkxvhrQezE+QHqcxE3ikArk19iY6aUbPVSLs4itVn7eigqVNDpHakNRqjo2i7AYxUFZWqClektid5FP/y8Gj2rgKbwIKqu3nVGRXukaagpaqnAZD5s9/M7TURi12LssV4YxiDM5I5kejEsijA2eOOtMukIhWeE X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(3023799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?MzikmfylkyWYuwHXBbTVJI3zBFFxCQiuyDHl6jfx5mY6QdNm8JxMaTe5GtPV?= =?us-ascii?Q?0/5Km5GhbfJtfHv8PlvMFa9aGiDxO6FlXWQ9SL+lc+kvVWe7GfdbI3Np/jUz?= =?us-ascii?Q?EqExI0r0Xi+3MJ2TTtddCI3WrWnQZrFb20FXJIF8dGPN6Xo2j0dFyJaQnNLW?= =?us-ascii?Q?4hNwGZX4DUi4uRhZUu2+kkKWo22C+QMlESNNxZD4mzduyJ6Uot8KavOCN6QJ?= =?us-ascii?Q?7S77umBjN3ENMDtAVqmH8pO3R7JzqiYp+D6lCBtxxS6itvLTYEMQuPDDgIcb?= =?us-ascii?Q?6ldMJZodV8CoS3xQejR8sy30K1f2r9WcSXtDdNrd5oT0CtPcJkDrNanBcrEM?= =?us-ascii?Q?PGLv8DjmTbydRA68MIEhghfKm+w2Dq179v/OLHGKxpc/mqnNYHN5bbvx3X4e?= =?us-ascii?Q?A7C4wFWrql/J/PltxIrh1VuvjNE0MQXMDH6Gv33SpeUefxsLx359zLxoCZsb?= =?us-ascii?Q?Ks9LuvJFAZiSjGzOPMMdQrs3g4p/d3kFdJRlcmZAE7wOUkanQXwh5TYKixkE?= =?us-ascii?Q?mMeWEkKdA2cTDUO3RS34N4dT8uVz6+VJTdS+OZIMvbhpQY60Jmz9TaJLOWtv?= =?us-ascii?Q?muZqyqbjQRuLzEgQQYfnZ/vAndNXFMvk4AWI+iRXjl+AXnDRe74zKlhUl4cv?= =?us-ascii?Q?UR1r4tK4IMuUKlwoqgAvB4KxxxBmWdcCVnAyYYhbn2NOAtGt1tQNmQ3zN0kD?= =?us-ascii?Q?Hae0yHFsBUoJcfvonRFLOvPYnW5rRP5mx39yW6LdXmFmCQKBX51wINgaxmfv?= =?us-ascii?Q?2hDdIuS6/a4Wxg+T4xHYiNb6TQnk000cJJL4L5hNu1IV1af9IE1/0PsLdMGF?= =?us-ascii?Q?gOg4HFhkizlJH2UNlnJKv+T6egZBdy954GLHoUGxfz1Bf/oFc1o8Hn+ztIKR?= =?us-ascii?Q?lQ2j1btZ7FRF3mmzaxW874WpyZEr/nDh6+bNfUA1yWtJ6nQtBCnaSJVkV0Th?= =?us-ascii?Q?/bSldMXnjv9JU3VFpp2gPrRe6JeaFEDRH0VTZfnu5QpsnpM2x6oOpb+Rc900?= =?us-ascii?Q?KjL6VXjEF/4/Xn8d3BR7QXKNYFFHVlSuLYFjV+Jox58QJUUjEKPyTaFkVxDj?= =?us-ascii?Q?ysIlCABiciryRG6SVLawAcAjyaFPQwd+pA1zW4lBcnmov5khZZMH0sqqyh9U?= =?us-ascii?Q?qC9qJS3J8KcKiMKExwFLbwag3cIC3t0/jUfbTxBK2Mi+w5XP+RKjdXOXNqMs?= =?us-ascii?Q?cBd/9Xco3CYnU0s0diXNIMIIXnOHYWLU5TNAWC8LBBrplKDgSGBiCXX1rrUG?= =?us-ascii?Q?zoSbg5iDrKUEewuZzViVNN3qRPnwQ6QY7siJIEIFeD0kgleISzqZzqw4M54h?= =?us-ascii?Q?DqexADQ8WA78jpbT0jGAvyP45UVDgUFlxGrFlJ3pPSyNdiSAq4NFZH4sQ72e?= =?us-ascii?Q?YKKe+z5FLzw5QfLtZenO6nLHw7eIoMzPDvZoVhFdmCCUnYTulf/hckYSzhpw?= =?us-ascii?Q?nPevvTS/sbhhww2aFNZoGQEEqWAp2zGgP5mI1ia4UsQBh8AvBAVg+09p2LAo?= =?us-ascii?Q?tUaQ/bBRSvAWIs5xaID+Tto3ZxvrCSo+G2J1EexXvwrcw60FJPnGpAoW+5Tc?= =?us-ascii?Q?RH64qsJAVl0x0aP4owrOMIgrzMaFDv3fPo+sY3ugKNCV2U8YF+HL6DwBtyYa?= =?us-ascii?Q?tD0H3kZ9NufytGRTVJ8MgWhoVlKvDYak52MK30V1KIriracyAbnOywAYEZ49?= =?us-ascii?Q?FxotZkWI50eakz2xQHwpwpHoz0gxYJsL4gQheRs4S6I7HYCIwkBuYDAwEpjx?= =?us-ascii?Q?5JnsR1tDV1/2xD34hqgUgaUeURL+CUUgxDNBAclAX6DFxjF81Xpn?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: eccc8f08-adf6-4905-2cc4-08deb2379985 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:20.2334 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kgc96NLvs5dmVvzHBBLcachmHOSpTKY63oMlbxaSG+/TUpR3Xjt+16jFuykAC9Axj3rcjcL9U3X034acG73OSw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818106-2A5603FF-DB93292C/0/0 X-purgate-type: clean X-purgate-size: 11679 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818145600158500 Content-Type: text/plain; charset="utf-8" Add the common SMC path and the early RMI calls used to probe and configure the RMM. The rest of the series can build on typed helpers rather than spelling out registers each time. Signed-off-by: Koichiro Den --- xen/arch/arm/Kconfig | 14 ++++ xen/arch/arm/Makefile | 1 + xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/rmi.c | 170 ++++++++++++++++++++++++++++++++++++++ xen/arch/arm/cca/rmi.h | 126 ++++++++++++++++++++++++++++ 5 files changed, 312 insertions(+) create mode 100644 xen/arch/arm/cca/Makefile create mode 100644 xen/arch/arm/cca/rmi.c create mode 100644 xen/arch/arm/cca/rmi.h diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index 79622b46a10d..dc99020c96de 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -118,6 +118,20 @@ config ARM_EFI UEFI firmware. A UEFI stub is provided to allow Xen to be booted as an EFI application. =20 +config ARM_CCA + bool "Arm Confidential Compute Architecture support (UNSUPPORTED)" if UNS= UPPORTED + depends on ARM_64 && MMU + default n + help + Build Xen's Arm CCA / RMM support for Arm Realm guests on + Armv9 platforms. + + This enables the NS hypervisor-side Realm creation and execution + paths, including the RMI ABI wrappers, Realm build/finalize + flows and REC run loop. + + This support is experimental. If unsure, say N. + config GICV2 bool "GICv2 driver" default y diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 982c6c396a05..953dcbbe6626 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -8,6 +8,7 @@ ifneq ($(CONFIG_NO_PLAT),y) obj-y +=3D platforms/ endif obj-y +=3D firmware/ +obj-$(CONFIG_ARM_CCA) +=3D cca/ obj-$(CONFIG_TEE) +=3D tee/ obj-$(CONFIG_HAS_VPCI) +=3D vpci.o =20 diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile new file mode 100644 index 000000000000..9c351f901dfd --- /dev/null +++ b/xen/arch/arm/cca/Makefile @@ -0,0 +1 @@ +obj-y +=3D rmi.o diff --git a/xen/arch/arm/cca/rmi.c b/xen/arch/arm/cca/rmi.c new file mode 100644 index 000000000000..d37f1226f834 --- /dev/null +++ b/xen/arch/arm/cca/rmi.c @@ -0,0 +1,170 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Internal Xen RMI command wrappers for DEN0137 2.0-bet1 / RMI v2.0. + */ + +#include + +#include +#include + +#include "rmi.h" + +#define ARM_CCA_RMI_INITIATE_SRO_BUSY_RETRIES 1000000U + +static void arm_cca_rmi_invoke(unsigned long fid, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3, + unsigned long arg4, + struct arm_smccc_res *res) +{ + arm_smccc_1_0_smc(fid, arg0, arg1, arg2, arg3, arg4, 0, 0, res); +} + +static int arm_cca_rmi_initiate_sro(unsigned long fid, + unsigned long arg0, + unsigned long arg1, + unsigned long arg2, + unsigned long arg3, + unsigned long arg4, + struct arm_smccc_res *res) +{ + unsigned int retries =3D 0; + + /* + * Conform to DEN0137 2.0-bet1 B4.3.2.5 Programming model for an SRO: + * retry the initiating command while it returns RMI_BUSY. Once a han= dle + * is returned, progress is driven through RMI_OP_CONTINUE. + * + * Initial RMI_BUSY is expected to be transient. Keep the retry loop + * finite so a broken RMM cannot spin Xen forever. + */ + while ( true ) + { + arm_cca_rmi_invoke(fid, arg0, arg1, arg2, arg3, arg4, res); + + if ( !arm_cca_rmi_status_is(arm_cca_rmi_result(res), + ARM_CCA_RMI_BUSY) ) + return 0; + + if ( retries =3D=3D ARM_CCA_RMI_INITIATE_SRO_BUSY_RETRIES ) + return -EBUSY; + retries++; + + cpu_relax(); + } +} +int arm_cca_rmi_version(unsigned long requested_revision, + unsigned long *revision_lower, + unsigned long *revision_higher) +{ + struct arm_smccc_res res; + int rc; + + arm_cca_rmi_invoke(ARM_CCA_RMI_VERSION_FID, + requested_revision, 0, 0, 0, 0, &res); + + rc =3D arm_cca_rmi_res_to_errno(&res); + + if ( revision_lower !=3D NULL ) + *revision_lower =3D res.a1; + + if ( revision_higher !=3D NULL ) + *revision_higher =3D res.a2; + + return rc; +} + +unsigned long arm_cca_rmi_features(unsigned long index) +{ + struct arm_smccc_res res; + + arm_cca_rmi_invoke(ARM_CCA_RMI_FEATURES_FID, index, 0, 0, 0, 0, &res); + + return arm_cca_rmi_res_to_errno(&res) ? 0 : res.a1; +} + +int arm_cca_rmi_rmm_config_get(paddr_t cfg_ptr, struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_RMM_CONFIG_GET_FID, + cfg_ptr, 0, 0, 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_rmm_config_set(paddr_t cfg_ptr) +{ + struct arm_smccc_res res; + + arm_cca_rmi_invoke(ARM_CCA_RMI_RMM_CONFIG_SET_FID, + cfg_ptr, 0, 0, 0, 0, &res); + + return arm_cca_rmi_res_to_errno(&res); +} + +int arm_cca_rmi_rmm_activate(struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_RMM_ACTIVATE_FID, + 0, 0, 0, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_granule_tracking_get(paddr_t base, paddr_t top, + unsigned long *category, + unsigned long *state, paddr_t *out_to= p) +{ + struct arm_smccc_res res; + int rc; + + arm_cca_rmi_invoke(ARM_CCA_RMI_GRANULE_TRACKING_GET_FID, + base, top, 0, 0, 0, &res); + + rc =3D arm_cca_rmi_res_to_errno(&res); + if ( rc !=3D 0 ) + return rc; + + /* + * Note that X3 is not defined by DEN0137 2.0-bet1 B4.5.10.1.3. The + * tested TF-RMM v2.0 PoC branch, also followed by the KVM host series, + * returns range progress there. + */ + *category =3D res.a1; + *state =3D res.a2; + *out_top =3D res.a3; + + return 0; +} + +int arm_cca_rmi_gpt_l1_create(paddr_t base) +{ + struct arm_smccc_res res; + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_GPT_L1_CREATE_FID, + base, 0, 0, 0, 0, &res); + if ( rc !=3D 0 ) + return rc; + + if ( arm_cca_rmi_is_success(&res) || + arm_cca_rmi_status_is(arm_cca_rmi_result(&res), + ARM_CCA_RMI_ERROR_GPT) ) + return 0; + + /* + * Xen CCA supports immediate GPT L1 creation, or an existing GPT L1 + * reported as RMI_ERROR_GPT. If creation needs a memory-transferring + * SRO, leave CCA unavailable for now. + */ + if ( arm_cca_rmi_status_is(arm_cca_rmi_result(&res), + ARM_CCA_RMI_INCOMPLETE) ) + return -EOPNOTSUPP; + + return arm_cca_rmi_res_to_errno(&res); +} diff --git a/xen/arch/arm/cca/rmi.h b/xen/arch/arm/cca/rmi.h new file mode 100644 index 000000000000..4cd0bc64ccf5 --- /dev/null +++ b/xen/arch/arm/cca/rmi.h @@ -0,0 +1,126 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Internal Xen RMI command API. + * + * This header exposes typed wrappers and helpers for the subset of RMI + * commands used by Xen. Raw ABI constants live in rmi-abi.h. + */ +#ifndef ARM_CCA_RMI_H +#define ARM_CCA_RMI_H + +#include +#include +#include +#include + +#include + +#include "rmi-abi.h" + +static inline uint64_t arm_cca_rmi_field_get(uint64_t value, + unsigned int shift, + unsigned int width) +{ + ASSERT(width !=3D 0 && shift < 64U && width <=3D 64U - shift); + + return (value & GENMASK_ULL(shift + width - 1, shift)) >> shift; +} + +static inline uint64_t arm_cca_rmi_result(const struct arm_smccc_res *res) +{ + return res->a0; +} + +static inline bool arm_cca_rmi_is_success(const struct arm_smccc_res *res) +{ + return arm_cca_rmi_result(res) =3D=3D ARM_CCA_RMI_SUCCESS; +} + +static inline bool arm_cca_rmi_result_is_smccc_unknown(uint64_t result) +{ + return result =3D=3D (uint64_t)ARM_SMCCC_ERR_UNKNOWN_FUNCTION; +} + +static inline unsigned int arm_cca_rmi_status_code(uint64_t result) +{ + return arm_cca_rmi_field_get(result, ARM_CCA_RMI_RESULT_STATUS_SHIFT, + ARM_CCA_RMI_RESULT_STATUS_WIDTH); +} + +static inline uint64_t arm_cca_rmi_result_data(uint64_t result) +{ + return result >> ARM_CCA_RMI_RESULT_DATA_SHIFT; +} + +static inline bool arm_cca_rmi_status_is(uint64_t result, unsigned int sta= tus) +{ + return arm_cca_rmi_status_code(result) =3D=3D status; +} + +static inline bool arm_cca_rmi_status_is_error(uint64_t result) +{ + unsigned int status; + + if ( arm_cca_rmi_result_is_smccc_unknown(result) ) + return false; + + status =3D arm_cca_rmi_status_code(result); + + switch ( status ) + { + case ARM_CCA_RMI_ERROR_INPUT: + case ARM_CCA_RMI_ERROR_REALM: + case ARM_CCA_RMI_ERROR_REC: + case ARM_CCA_RMI_ERROR_RTT: + case ARM_CCA_RMI_ERROR_NOT_SUPPORTED: + case ARM_CCA_RMI_ERROR_DEVICE: + case ARM_CCA_RMI_ERROR_RTT_AUX: + case ARM_CCA_RMI_ERROR_PSMMU_ST: + case ARM_CCA_RMI_ERROR_DPT: + case ARM_CCA_RMI_ERROR_GLOBAL: + case ARM_CCA_RMI_ERROR_TRACKING: + case ARM_CCA_RMI_ERROR_GPT: + case ARM_CCA_RMI_ERROR_GRANULE: + return true; + + default: + return false; + } +} + +static inline int arm_cca_rmi_result_to_errno(uint64_t result) +{ + /* + * SRO progress states are not errno failures. The SRO helpers keep + * inspecting the raw result in X0 through struct arm_smccc_res. + */ + if ( result =3D=3D ARM_CCA_RMI_SUCCESS || + arm_cca_rmi_status_is(result, ARM_CCA_RMI_INCOMPLETE) || + arm_cca_rmi_status_is(result, ARM_CCA_RMI_BUSY) ) + return 0; + + if ( arm_cca_rmi_result_is_smccc_unknown(result) || + arm_cca_rmi_status_is(result, ARM_CCA_RMI_ERROR_NOT_SUPPORTED) ) + return -EOPNOTSUPP; + + return -EIO; +} + +static inline int arm_cca_rmi_res_to_errno(const struct arm_smccc_res *res) +{ + return arm_cca_rmi_result_to_errno(arm_cca_rmi_result(res)); +} +int arm_cca_rmi_version(unsigned long requested_revision, + unsigned long *revision_lower, + unsigned long *revision_higher); +unsigned long arm_cca_rmi_features(unsigned long index); +int arm_cca_rmi_rmm_config_get(paddr_t cfg_ptr, struct arm_smccc_res *res); +int arm_cca_rmi_rmm_config_set(paddr_t cfg_ptr); +int arm_cca_rmi_rmm_activate(struct arm_smccc_res *res); + +int arm_cca_rmi_granule_tracking_get(paddr_t base, paddr_t top, + unsigned long *category, + unsigned long *state, paddr_t *out_to= p); +int arm_cca_rmi_gpt_l1_create(paddr_t base); + +#endif /* ARM_CCA_RMI_H */ --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818137804210.10612470620583; Thu, 14 May 2026 21:08:57 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309338.1580365 (Exim 4.92) (envelope-from ) id 1wNjqg-0001nj-3j; Fri, 15 May 2026 04:08:30 +0000 Received: by outflank-mailman (output) from mailman id 1309338.1580365; Fri, 15 May 2026 04:08:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqf-0001nc-WD; Fri, 15 May 2026 04:08:30 +0000 Received: by outflank-mailman (input) for mailman id 1309338; Fri, 15 May 2026 04:08:29 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqe-0001Qf-Ti for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:29 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqe-00GbfP-9N for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:28 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-2eae-0a2a0a5409dd-0a2a4504bda6-40 for ; Fri, 15 May 2026 06:08:28 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-5 for ; Fri, 15 May 2026 06:08:28 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:21 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mxT8Nm01DxQ+CSw70GAGjBHeQDZxXsxCXvUdjgAcAGQFDrnjRvIPb0v5dR82AbK4mU/ZmxiImCppKI9kVkSdm2au34w1ivelCkTrvbhmPJvBmSU0el0AmtUExCSChoQW5mLQ2B5+r0bPWP1TomeGQ2t7VYQZbnRjZS8S2nTq8tluAhk7TndDOCgFkPm0tNVEbG6yT9Pi4pR1vL1fivWKEPNGC/VcaE3AZou/2LMVGkq/I9aoXGZkZG5vtfzKdnEYVkdepvS8Se+cbZ8ccDhD7ppyQ3dPc/6dgxYpT8SSf+iBhTk+Q/BNwY9Xq4UUUeJTKqenVRfmwLgbPDCA/Px6/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vAyjwFNK4w1A5HZVai7iWdh30Be5cNwrdAR6jGy2XIc=; b=Z50oCDTnpGtzwpC1QfdNgCWghQZ38YhxL632nerZXi5VVrelPgxgue0yYENBy5APj9uU3lh/ogQ+K/wa5i4M5kGFoA0jhUjnw59OJk+SEG1p7cUQXwiW0IswV/Kd5D9c9/0puZoU3aBxfnTZwtXh41+/P8Meuj7V4zULop0WW8J/LAHbpfvxAOiqRnKqdZ+wL+McGJqeYmKw+4Ona4pRdXpgQTavmcYOACt/mVrl69P3wy6hE+p6uyveaVmt9tRB9xe95hsGbcv5Jdw0c9eOyiVitid/JLf/h79cXB+mrsGbsg7iDA8LcsrkQjJhn9bNa2lpYdcWXVOARLL3UjBoBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vAyjwFNK4w1A5HZVai7iWdh30Be5cNwrdAR6jGy2XIc=; b=lY2HshufvoyA1OK7cF1JdeKoRxeUYhIrG8BSA/iLHWDgoSxVG73zKzide+fYPO9chXSAW8+5bzt6fsoJrPSQmUrevt94QUtv1bpD2hHrVuSp7khyzyCna273PKr5QyZNnBYQxyxjHAUbMITlXyB+HuyW3M4VAMJ4nwy3+A263SM= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 03/26] xen/arm/cca: add RMI v2.0 lifecycle wrappers Date: Fri, 15 May 2026 13:07:49 +0900 Message-ID: <20260515040812.983626-4-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TY4P301CA0031.JPNP301.PROD.OUTLOOK.COM (2603:1096:405:2be::17) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 2aef2e53-e2ce-4d94-eb75-08deb23799f6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|3023799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: /rU923jkb4jSayiWGlSsyfPnwdA+OJ7a6TfSsz1vmPLwENGRc10ZuCPj6Qgsn5MRSfivXryT6/kvnIEo+oDeTGKAKVJnfoWxkgn7YdNvzwVYE0wxYCMkgJwlL8C7j7Ekt29qoJu1vonAqW2thxovGJC8tsG8LIX1EWFV0FEp1cLnbXAsKL7S6AxILqTLOmBouLEpMTDZO1YadASo9gLDI31/bDEvUyrOw7vJiXpwC8u6CoyrEBihQqTTts2MI2k6DPmCaS6up3yut0Ebs/iC/cJKgP+tItk1m08gZ+Zs5i6IKdIacRTXvTYORlshNST+pg3e1FEb541PwqTDd3BiQbqKDJmrZInQTM/5IJkMlAA5Cb4bNRif+D7W1DGwVQLiIyulySa0wraJWuN53m/vS6wmVDO1f6wOcPXzSAcGr1xeIHC+kD2KdeOEdd/Th7w7RHp8qZavJ3v/7lSttAB4JS7tqkW3nAAmNECTjkVPInH4z6b7cJP0++qSe6WqNCVvknDhAx38PUR1bps8qioyRuufOwC7p9X1GNLwfVBCCo3Mo/V1zkMsnvvUiXONMV2hSWRThxO0H5+f3BLBo0gol8rJEPG1l5XMMcMurewAvw20DvJ8fdpTWBVgO4+CPENnxJGCa9o2e95cf4hd4mwDua29pWmp8HFPyzef0SA+fXAiORM+2yXIO35VY/jo0iSc X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(3023799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?4/tZAFWLDyojmP1204mU6uTODmN+qgtb/ul3ayL+jyRo9Z/fXvrW6OIjTM7m?= =?us-ascii?Q?miM7GpevQ7hfp8gdIbrtazM6X8BoipajO5KeTMRD1z9/gBx8DeOPyJs6ynZE?= =?us-ascii?Q?addcbDX1NDTo/No5GFzHPv3MBfSX7jKRmaMhnqfIPdBBPtvhSs3XRAWXz1Sw?= =?us-ascii?Q?BVYTe1M2zk/EkD30Bj61GisVp8JfyL7iQyvIc5PoRldkL1Y/UdWzfYckpgTC?= =?us-ascii?Q?O5dFuw2q+eT0LhGTMdr+J+Ujmqa+ooKxOyWiR10XqnWeT7zZxritNHyrTinp?= =?us-ascii?Q?GzBaSI3GbpGq/L39A2vCWpOXJKKYHj1wwAhWENVe+CWYMGKUxwsmfL40ExVf?= =?us-ascii?Q?MX//MrTlrT3i2CaKYXOnW0U7NIqUoO6IFCc/JOL5Mrmz4IyP8Z9xSVnuBvrp?= =?us-ascii?Q?abcss/qt5bAq27jtCsB4U9a7RJXzo/WVIYpg9Do4TlukgI8GZLSqN27ljCku?= =?us-ascii?Q?AGWOohSVdxhimwErHOMHVPO8e4isukk2ZVEefyp+JTs+kKfGHzRzYsdUWiuw?= =?us-ascii?Q?9SgCuidaY5O1nizn66KIuFQaBp1zYkTvOIyEtvlU1GKTYkflyaW7qWCpFNt0?= =?us-ascii?Q?zHNEraM/7g/aD/UvK0mkXO53Y68dTtA/bluCgif31xPQsRjAiqu6OJh++ubG?= =?us-ascii?Q?OR34P0R1jGlb8Rvww/3fNxrh7Uo6lOEJB0VocHC6i44A+PU9PTLr0Yma7eXS?= =?us-ascii?Q?C5YlTmyVn1R/cm4bqkfOf88f9CU5mh6EEW6qbE0PgHeB6P9mn8yyH+4NUxP1?= =?us-ascii?Q?L/lo/2albLDDRPz0M248O8iew/W4oYOa2JO7f+VS05ithh/ZZmCNRjVHMjS2?= =?us-ascii?Q?wj7Drt8XXjtItWtj7tYNW0xCeVVp/dJ67yZagzR4BTdwGUtX8iyLz1j9bghw?= =?us-ascii?Q?yWsyEVnTGTCfuSo5MbTE1825UerfYo+ineUNXe4bPasFIauJUFhptsyqEHe6?= =?us-ascii?Q?PZvp0rWymv4+dayE5DgPYmi3A0ETXjUbfuvMSCjHRSNZYQR1YlmuKPkPNH7M?= =?us-ascii?Q?55qElkxzYKSqfNjDUzGPl/pSpHEaItY+NqUJhYUpBcTLCNA77ziuvN2LHAx/?= =?us-ascii?Q?vfLjO+BKZRSapVJ04Q0JhuXAXobhWxhgjxbxafA+lqQlMEe4cfKDKJ18VcVf?= =?us-ascii?Q?iQvydeleM/SGU+V7IEqfzs4wUbKIm4NplJRgzLuBOsVUMCojT1qca05NaCD8?= =?us-ascii?Q?N5i1DCfQgU/N07FHn6s9X0ROdZ/jLOPHPTHBY4FJ91vFt+xSDBiOKwvrfuJp?= =?us-ascii?Q?Xo/YGmjU9CEtGVJyVCoz2/616l/DEpqL9bsUFl3gTR82V7UZMCNZtjd/oqp2?= =?us-ascii?Q?jf56VRd1whbAEv8a2PCWiCgRs+MHGyFtf5GTvt7ZaSSAPpAB5S/V6UyUSdxr?= =?us-ascii?Q?DscjBLabBx3bD+hRIJEaAxdSJjl4jqq8wspAlgyvmBzh8o+bMg3JTlxDRzn5?= =?us-ascii?Q?uFW+L4YZg6MzYvUhIZgYgwkX6EpKqQ8p+Zl6TiMQ58W2jbmblB8DhYpN1Q69?= =?us-ascii?Q?HGklVIMOvFKa6G01weoFAtALHGCvNAM+/GAXMcjaFA0JR9VRCg5LkKyQ5ZPD?= =?us-ascii?Q?OxNvqj+qmyFvrdmutbBjgNnxIKzy5uav7Umy3d/VnWLfVECcAH3IaqVSfVrB?= =?us-ascii?Q?oa7rE+KOUvPNfP6v/qKZvwfL1KwMlKil5o1xf1Api3xcmcx6w+twn5f/A1Ao?= =?us-ascii?Q?9t/e0qw18YCQkXRAK+srODjPBXCRV19XW5xxfqOPMRHifbq9VNCdWDSPPrnB?= =?us-ascii?Q?sMeRoH5e1S1DYouPamBs0LirbAplUqsbfU8ePk7llSIAhEqYoYZp?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 2aef2e53-e2ce-4d94-eb75-08deb23799f6 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:20.9857 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: n5HtbHoJaFIKAr31MmkGmKotGKQ6LwNrdv9AUIcp/+cxoDIqw6yXkaPf6We3/JiFJ7uH9qk/Im9ISxHjqBwWxw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818108-2A37F3FF-6843D637/0/0 X-purgate-type: clean X-purgate-size: 14387 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818139915158500 Content-Type: text/plain; charset="utf-8" Wrap the Realm, REC, RTT, SRO and PSCI calls used by Xen. Keep the stateful completion rules close to the raw RMI call boundary and avoid code duplication. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/rmi.c | 271 +++++++++++++++++++++++++++++++++++++++++ xen/arch/arm/cca/rmi.h | 88 +++++++++++++ 2 files changed, 359 insertions(+) diff --git a/xen/arch/arm/cca/rmi.c b/xen/arch/arm/cca/rmi.c index d37f1226f834..5661d35e30da 100644 --- a/xen/arch/arm/cca/rmi.c +++ b/xen/arch/arm/cca/rmi.c @@ -56,6 +56,46 @@ static int arm_cca_rmi_initiate_sro(unsigned long fid, cpu_relax(); } } + +static int arm_cca_rmi_complete_no_mem_transfer(struct arm_smccc_res *res) +{ + unsigned long handle; + uint64_t result =3D arm_cca_rmi_result(res); + + if ( !arm_cca_rmi_status_is(result, ARM_CCA_RMI_INCOMPLETE) ) + return arm_cca_rmi_result_to_errno(result); + + /* + * The initiating command returns the SRO handle in X1. Once + * the operation is continued, X1 is not a stable handle output: + * completion returns the initiating command's output registers. + * + * See DEN0137 2.0-bet1 - B4.3.2 and B4.3.2.1 + */ + handle =3D res->a1; + + while ( arm_cca_rmi_status_is(result, ARM_CCA_RMI_INCOMPLETE) || + arm_cca_rmi_status_is(result, ARM_CCA_RMI_BUSY) ) + { + if ( arm_cca_rmi_status_is(result, ARM_CCA_RMI_INCOMPLETE) ) + { + /* + * This helper is only for commands specified as stateful but = not + * memory-transferring. Callers with donate/reclaim flows han= dle SROs + * themselves because they must own the backing-page lifetime. + */ + if ( arm_cca_rmi_sro_mem_req(result) !=3D + ARM_CCA_RMI_OP_MEM_REQ_NONE ) + return -EOPNOTSUPP; + } + + arm_cca_rmi_op_continue(handle, ARM_CCA_RMI_CONTINUE_KEEP_GOING, r= es); + result =3D arm_cca_rmi_result(res); + } + + return arm_cca_rmi_result_to_errno(result); +} + int arm_cca_rmi_version(unsigned long requested_revision, unsigned long *revision_lower, unsigned long *revision_higher) @@ -168,3 +208,234 @@ int arm_cca_rmi_gpt_l1_create(paddr_t base) =20 return arm_cca_rmi_res_to_errno(&res); } + +int arm_cca_rmi_granule_range_delegate(paddr_t base, paddr_t top, + paddr_t *out_top) +{ + struct arm_smccc_res res; + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_GRANULE_RANGE_DELEGATE_FID, + base, top, 0, 0, 0, &res); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_rmi_complete_no_mem_transfer(&res); + if ( rc =3D=3D 0 && out_top !=3D NULL ) + *out_top =3D res.a1; + + return rc; +} + +int arm_cca_rmi_granule_range_undelegate(paddr_t base, paddr_t top, + paddr_t *out_top) +{ + struct arm_smccc_res res; + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_GRANULE_RANGE_UNDELEGATE_F= ID, + base, top, 0, 0, 0, &res); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_rmi_complete_no_mem_transfer(&res); + if ( rc =3D=3D 0 && out_top !=3D NULL ) + *out_top =3D res.a1; + + return rc; +} + +int arm_cca_rmi_realm_create(paddr_t rd, paddr_t params_ptr, + struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_REALM_CREATE_FID, + rd, params_ptr, 0, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_realm_activate(paddr_t rd, struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_REALM_ACTIVATE_FID, rd, 0, 0, 0, 0, res= ); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_realm_terminate(paddr_t rd, struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_REALM_TERMINATE_FID, + rd, 0, 0, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_rmi_res_to_errno(res); + + if ( !arm_cca_rmi_status_is(arm_cca_rmi_result(res), + ARM_CCA_RMI_INCOMPLETE) ) + return rc; + + return arm_cca_rmi_complete_no_mem_transfer(res); +} + +int arm_cca_rmi_realm_destroy(paddr_t rd, struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_REALM_DESTROY_FID, + rd, 0, 0, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_rec_create(paddr_t rd, paddr_t rec, paddr_t params_ptr, + struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_REC_CREATE_FID, + rd, rec, params_ptr, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_rec_destroy(paddr_t rec, struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_REC_DESTROY_FID, + rec, 0, 0, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_rec_enter(paddr_t rec, paddr_t run, struct arm_smccc_res *= res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_REC_ENTER_FID, rec, run, 0, 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_op_continue(unsigned long handle, unsigned long flags, + struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_OP_CONTINUE_FID, + handle, flags, 0, 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_op_cancel(unsigned long handle, struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_OP_CANCEL_FID, handle, 0, 0, 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_op_mem_donate(unsigned long handle, paddr_t list, + unsigned long list_count, + struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_OP_MEM_DONATE_FID, + handle, list, list_count, 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_op_mem_reclaim(unsigned long handle, paddr_t list, + unsigned long list_count, + struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_OP_MEM_RECLAIM_FID, + handle, list, list_count, 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} + +int arm_cca_rmi_rtt_create(paddr_t rd, paddr_t rtt, paddr_t ipa, + unsigned long level, struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_RTT_CREATE_FID, + rd, rtt, ipa, level, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_complete_no_mem_transfer(res); +} + +int arm_cca_rmi_rtt_destroy(paddr_t rd, paddr_t ipa, unsigned long level, + struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_RTT_DESTROY_FID, + rd, ipa, level, 0, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_complete_no_mem_transfer(res); +} + +int arm_cca_rmi_rtt_set_ripas(paddr_t rd, paddr_t rec, paddr_t base, + paddr_t top, struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_RTT_SET_RIPAS_FID, + rd, rec, base, top, 0, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_complete_no_mem_transfer(res); +} + +int arm_cca_rmi_rtt_data_map_init(paddr_t rd, paddr_t data, paddr_t ipa, + paddr_t src, unsigned long flags, + struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_RTT_DATA_MAP_INIT_FID, + rd, data, ipa, src, flags, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_complete_no_mem_transfer(res); +} + +int arm_cca_rmi_rtt_data_unmap(paddr_t rd, paddr_t base, paddr_t top, + unsigned long flags, unsigned long oaddr, + struct arm_smccc_res *res) +{ + int rc; + + rc =3D arm_cca_rmi_initiate_sro(ARM_CCA_RMI_RTT_DATA_UNMAP_FID, + rd, base, top, flags, oaddr, res); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_rmi_complete_no_mem_transfer(res); +} + +int arm_cca_rmi_psci_complete(paddr_t calling_rec, paddr_t target_rec, + int64_t status, struct arm_smccc_res *res) +{ + arm_cca_rmi_invoke(ARM_CCA_RMI_PSCI_COMPLETE_FID, + calling_rec, target_rec, (unsigned long)status, + 0, 0, res); + + return arm_cca_rmi_res_to_errno(res); +} diff --git a/xen/arch/arm/cca/rmi.h b/xen/arch/arm/cca/rmi.h index 4cd0bc64ccf5..589c12b24e79 100644 --- a/xen/arch/arm/cca/rmi.h +++ b/xen/arch/arm/cca/rmi.h @@ -110,6 +110,51 @@ static inline int arm_cca_rmi_res_to_errno(const struc= t arm_smccc_res *res) { return arm_cca_rmi_result_to_errno(arm_cca_rmi_result(res)); } + +static inline unsigned long arm_cca_rmi_sro_mem_req(uint64_t result) +{ + uint64_t incomplete_data =3D arm_cca_rmi_result_data(result); + + return arm_cca_rmi_field_get( + incomplete_data, ARM_CCA_RMI_RESULT_INCOMPLETE_MEM_SHIFT, + ARM_CCA_RMI_RESULT_INCOMPLETE_MEM_WIDTH); +} + +static inline bool arm_cca_rmi_sro_can_cancel(uint64_t result) +{ + uint64_t incomplete_data =3D arm_cca_rmi_result_data(result); + + return arm_cca_rmi_field_get( + incomplete_data, ARM_CCA_RMI_RESULT_INCOMPLETE_CAN_CANCEL_SHIFT, + ARM_CCA_RMI_RESULT_INCOMPLETE_CAN_CANCEL_WIDTH) =3D=3D + ARM_CCA_RMI_OP_CAN_CANCEL; +} + +static inline paddr_t arm_cca_rmi_addr_desc_4k_pa(uint64_t desc) +{ + return arm_cca_rmi_field_get(desc, ARM_CCA_RMI_ADDR_DESC_4K_ADDR_SHIFT, + ARM_CCA_RMI_ADDR_DESC_4K_ADDR_WIDTH) + << PAGE_SHIFT; +} + +static inline unsigned long arm_cca_rmi_addr_desc_4k_size(uint64_t desc) +{ + return arm_cca_rmi_field_get(desc, ARM_CCA_RMI_ADDR_DESC_4K_SZ_SHIFT, + ARM_CCA_RMI_ADDR_DESC_4K_SZ_WIDTH); +} + +static inline unsigned long arm_cca_rmi_addr_desc_4k_count(uint64_t desc) +{ + return arm_cca_rmi_field_get(desc, ARM_CCA_RMI_ADDR_DESC_4K_CNT_SHIFT, + ARM_CCA_RMI_ADDR_DESC_4K_CNT_WIDTH); +} + +static inline unsigned long arm_cca_rmi_addr_desc_4k_state(uint64_t desc) +{ + return arm_cca_rmi_field_get(desc, ARM_CCA_RMI_ADDR_DESC_4K_ST_SHIFT, + ARM_CCA_RMI_ADDR_DESC_4K_ST_WIDTH); +} + int arm_cca_rmi_version(unsigned long requested_revision, unsigned long *revision_lower, unsigned long *revision_higher); @@ -123,4 +168,47 @@ int arm_cca_rmi_granule_tracking_get(paddr_t base, pad= dr_t top, unsigned long *state, paddr_t *out_to= p); int arm_cca_rmi_gpt_l1_create(paddr_t base); =20 +int arm_cca_rmi_granule_range_delegate(paddr_t base, paddr_t top, + paddr_t *out_top); +int arm_cca_rmi_granule_range_undelegate(paddr_t base, paddr_t top, + paddr_t *out_top); + +int arm_cca_rmi_realm_create(paddr_t rd, paddr_t params_ptr, + struct arm_smccc_res *res); +int arm_cca_rmi_realm_activate(paddr_t rd, struct arm_smccc_res *res); +int arm_cca_rmi_realm_terminate(paddr_t rd, struct arm_smccc_res *res); +int arm_cca_rmi_realm_destroy(paddr_t rd, struct arm_smccc_res *res); + +int arm_cca_rmi_rec_create(paddr_t rd, paddr_t rec, paddr_t params_ptr, + struct arm_smccc_res *res); +int arm_cca_rmi_rec_destroy(paddr_t rec, struct arm_smccc_res *res); +int arm_cca_rmi_rec_enter(paddr_t rec, paddr_t run, struct arm_smccc_res *= res); + +int arm_cca_rmi_op_continue(unsigned long handle, unsigned long flags, + struct arm_smccc_res *res); +int arm_cca_rmi_op_cancel(unsigned long handle, struct arm_smccc_res *res); +int arm_cca_rmi_op_mem_donate(unsigned long handle, paddr_t list, + unsigned long list_count, + struct arm_smccc_res *res); +int arm_cca_rmi_op_mem_reclaim(unsigned long handle, paddr_t list, + unsigned long list_count, + struct arm_smccc_res *res); + +int arm_cca_rmi_rtt_create(paddr_t rd, paddr_t rtt, paddr_t ipa, + unsigned long level, struct arm_smccc_res *res); +int arm_cca_rmi_rtt_destroy(paddr_t rd, paddr_t ipa, unsigned long level, + struct arm_smccc_res *res); +int arm_cca_rmi_rtt_set_ripas(paddr_t rd, paddr_t rec, paddr_t base, + paddr_t top, struct arm_smccc_res *res); + +int arm_cca_rmi_rtt_data_map_init(paddr_t rd, paddr_t data, paddr_t ipa, + paddr_t src, unsigned long flags, + struct arm_smccc_res *res); +int arm_cca_rmi_rtt_data_unmap(paddr_t rd, paddr_t base, paddr_t top, + unsigned long flags, unsigned long oaddr, + struct arm_smccc_res *res); + +int arm_cca_rmi_psci_complete(paddr_t calling_rec, paddr_t target_rec, + int64_t status, struct arm_smccc_res *res); + #endif /* ARM_CCA_RMI_H */ --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818146113838.4327066182327; Thu, 14 May 2026 21:09:06 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309340.1580381 (Exim 4.92) (envelope-from ) id 1wNjqh-00024C-VG; Fri, 15 May 2026 04:08:31 +0000 Received: by outflank-mailman (output) from mailman id 1309340.1580381; Fri, 15 May 2026 04:08:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqh-00023W-LV; Fri, 15 May 2026 04:08:31 +0000 Received: by outflank-mailman (input) for mailman id 1309340; Fri, 15 May 2026 04:08:30 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqf-0001nN-Th for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:30 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqf-00GbfP-9l for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:29 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-2eae-0a2a0a5409dd-0a2a4504bda6-42 for ; Fri, 15 May 2026 06:08:29 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-6 for ; Fri, 15 May 2026 06:08:29 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:21 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mTaEbr6yRRq0aXvYCtBaJkIVY2thhsVNnScppWcep2Ie5zC1kfPd8tlk6tGy7CWhO+IhekcDDt8uQAXlrijDTlXfBAn8UUgd5lUhoO12WbRd/GxjBJzrxt7vBBeI2uN7if99lpT3ycYfJSjm2hOZe/GIjDLvS7Ilh9IA7bqbxUJM79xmMfnzpFcXb0SOTZCdQhxup9sDubjwm/GE7kNVHyT+0uD6QRPBkqTw13CNFRbrHa4DSqLJjuXdSp97Ic6SeEr4bCmunjFV3zida/bm/QSHeQOMsB3IVDg8RZRSr/vlI8yGE4Dkq5ZLRmU8t1k7wS8eaJ5SHeBpxaWMon8coA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GHrMD1ZRwMJqiJUr8zXCjReMk57kt2vx8gsp61dgHdY=; b=BMTlo11NVJUJKLoF1fFHOT3BLVHDvz3jz97w0j7z0YCY43sWy5nixffvvuSF+SB7+WXYojmREaiVfkdD61l1RHLiaMK1yCJUwUw4lJEz3Knfpir53zi1+yOTILlwhJYACcSQ6vaa83dFs1/V4HXZkzJWjh4GSHN46DXf26GFAvf5WcsJzh5PKJpDdNkxpeudCCL8yqMua5pi7aYUNUrSvmrqPGPNSXfjDHvhIq5SYcMrSWR1Sl5y9XcQCWAbGa1/FzDVEmQd9FRWMMybrJn2AV+sHvq3EY1X5RtbIO+niEU/LL64RBpEsToBBA78JVJDfXZgrUDW+eBl5ShY5ILaPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GHrMD1ZRwMJqiJUr8zXCjReMk57kt2vx8gsp61dgHdY=; b=YO8H+Lk3yXoDNDOwAngEecsWQQt5tReFNepMSlG24T+naXz9urWWiv77rubuCHdLFDzlyfKx5AfOp+Our6Ncu2lnr985EUpmoJm9fK5qTH6Tx2IMP0y2DQFPl5Yq7IolVdW0h3VR7vJ3f+OuELokQLtvdOuy5OPZ2YybWcofT+I= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 04/26] xen/arm/cca: add Realm domain and vCPU state Date: Fri, 15 May 2026 13:07:50 +0900 Message-ID: <20260515040812.983626-5-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0352.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:7c::19) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 63cdcc5a-39d3-40a8-b9c4-08deb2379a6b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: ZwoBko41sEgLYwrUrKmeEfiYFlxIgyph0mcsCSU6JEuJRI57Bf2AmHyd+NkzxkU/qbzAvY0Q8REFvkQYIBLvhRrsumiz/QPMc5vHVEfgTCEJJWEfvEIwypZKuyGwCns4rCIp+6WQOrTwxxptYN6cvYoN1rnlJVvDk9gq5hbW0Ohb5fjf4P/rUvA4WgPrlvpYzELkwsiJzJYtv6Fa2QnFHPJQOZ219S4HHsxwGgdOWawnKm80SreoBbRCwAHtT7ja6WMRH1plXasL2BJ0W5lCzGEW3Hllz5cfn1GNqqH1XRBObuaqICFtd/fgYxqwkFJsRUPpq22IGHVl5XFVkJ8BxA4nKhIzyfm2nwzrBhIypNIaSs1KMgypdVJM/YMCSMeD5BcNRfQI8lYA3a7qMMSWsEz538opakLw2v6P1DtIDhLGb5IytSKUz1U72CsmbFWvtYo4L5Q5vZCOqEi6s0pwDPnS3Sq1SS4pr9nWsAjmGozKqVLfRIxkGQoIVfX5YkqB25W2SQrWfLo3IPVgut2ukEHuQkdMV3E+KTR2gmLEUXNdPFGTmIBkrMiPKnYpDV3Sk3YyyMH7AuzHwmZ7Ebe2yfa0KnFkD6DEn1T23RU//UXaHFpLu/yvjd+Zh4tN7oEao/bmz23EqjKTnET3YB4hcErcU4z4lBqSIuQLREhyangYt7ShhhlKoZLAIf1wbitx X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?rH48G1WSS7ntts+uU4P35t2pPu2uGKffcwDNg8in9D3Xn/sWMzZwaa0Ufq/7?= =?us-ascii?Q?374LKqjJR/uPgRl6sA94QBBW2Laq89SuLpA57ok78I8mmdVqcF/15wkgnBon?= =?us-ascii?Q?/tQhjGbp/VEAO8CSMqTZ5R/b7JOwUz/00lsFXYIrMtLKSM3InZLGgfdGXFxf?= =?us-ascii?Q?tDcitylIUNvpMoAhauXf2WlK2hTDq25gaqAzc8SeeJnO+TXeOW0EGDgbguRe?= =?us-ascii?Q?yR6K4TjBOWRQJV+6FeMFlPwX8aJ4kk7ZMP30/nymSpePKgMtuqTrf34EQNqt?= =?us-ascii?Q?TyknlgVo/Wji2fSFjiHyW9tbFOcPVuPTkKBl+sYHfdXUUmMJxVPVxYLq4/9Y?= =?us-ascii?Q?DFR+Z3f2lEHuFBv1KXQVP4Tx1SimuJpK4PYbrgY9l3bDNSush8JhkTMF27NN?= =?us-ascii?Q?kf3eiRZU8g1AN9Zwm2PRivqYEiy89iS29RJz8/e8RckvpjnRm8+1WMMTX7BZ?= =?us-ascii?Q?iVv4wOBHH6ON2Brw1CIy+9UiiVN8Z8hP0Yg91vQLt0rCHLYEC815PrYCqH5A?= =?us-ascii?Q?Ny1+WD2ko6FQ5T++gek2iyref+l62Nsi8uYSUyyVVtbBMgT9I6DPDpOrFCtj?= =?us-ascii?Q?7tQlgbDixBW0ywIkfl3WmmxOoipDOJuVWUXYlSaCiruv8WfIa7bwuMUDufqk?= =?us-ascii?Q?pzxoIyNsJ5+6iX04P34Eg+sYz4vnzMcbUVeBKYUEowfMSkW1o5HQKRHsBFkx?= =?us-ascii?Q?54o3jzO4Pq+MMcnJrpXTofkkYAuMosWraxxgUoZmizWlvwmTH4gtDjOLeL8d?= =?us-ascii?Q?GMi8gqbe9IlZWKZMRGkxCCcn7Z/QqTSFEjX2Mx8/UJqHDUE4VlBUvaCDpxbO?= =?us-ascii?Q?Td6Lncb+NuNK17un8BDmQ0ygbISEPllUQHJsY4HVxevIJxjjIqssY9TjCL2u?= =?us-ascii?Q?UCecuttsmBe4hGqK/6uLsmEH+9vO8LMF/+Lkk/a/Yfsgcal5DaaN+opATJvW?= =?us-ascii?Q?hN4Pf5rfynfb/24WbNQOFWyhzW8L5Bvq84/xCZkoHAA/MTiYQm/FOsr092uO?= =?us-ascii?Q?ZaiEJq893izYSp7gZL1DS4Zyb3xrDv68s1JfauPASRew44wk2y3GEE8pCNVf?= =?us-ascii?Q?bzg0WC+St7wjlWB1MznRWwZMl03bPm3gOkDCmJeXnc+5f+JBhQrA2XHzQviA?= =?us-ascii?Q?qH8dCKtNo+2iVvOEljRG2Q9RQ9/O2ER+ZXGlwa+9wuj+Tt15BI9+vQlxGxiC?= =?us-ascii?Q?4sBzypVZ2RY+AV5Ti4Kq+uuBU0xkp6CWnvwZTREu8rzUAZegW4Z5o4mlMNE6?= =?us-ascii?Q?SiELhZpkydBeYYGN9MavW2RNMVANn/C6YFVERXTSWOnYcJXrjRVG17JhOUEP?= =?us-ascii?Q?nY8ClzuIW8cwM01jUB5pSEVLC3Ywj52e75wgz92LuJQJl9awjFcRgJrfWDJu?= =?us-ascii?Q?HtLvPZheW+M8+uKI0t03x2CkNYiDzqLDwye/jXzAR2QXjZs+QaorZxLJDp1y?= =?us-ascii?Q?kd+TiRExB6H/spI9ei0bKFS0txBI+6urOBAZ4k2n0pTwrIHd3vbfz1VhEZjC?= =?us-ascii?Q?6lBeaxXIJ7m8VjZQPNksva8JU2Z1J1LX88ds/TrWnsop5RIOzWmj34XrMiyc?= =?us-ascii?Q?AFBVg2g4Ivp7IWg9HlHcpdgHlyJIBPDpK7TnNvURdHUdgWdowV4vkBGB+++y?= =?us-ascii?Q?TZsmT9IVYHhPkQ/NXp/rxfLT+9qtMClMhYtWzCYKxOTdtNMe5nw9dqLarHyy?= =?us-ascii?Q?9kTVORNn6gRlLlVIuqsT72iTJpLN/YfnvxaQM3cWubvE/qQzq9ZgvO79aNC9?= =?us-ascii?Q?ejLPkquqgtO+UrvGJ7fVfpKWwWSsa+BmgZpJ4OyeaRYfG/fXjALg?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 63cdcc5a-39d3-40a8-b9c4-08deb2379a6b X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:21.7474 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TNRBO4+UpP2KShOZ2d/+cX5cNYJBst/cxA+omQEtPwX0hTNCvUFe7Ej8wCOhreNaCCnEPI6enYJ3Hcj1xVPEuA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818109-413773FF-243BD070/0/0 X-purgate-type: clean X-purgate-size: 6468 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818147747158500 Content-Type: text/plain; charset="utf-8" Add the per-domain and per-vCPU state needed before Realm objects are created: Realm state, RMI feature snapshots, REC bookkeeping and RecRun lifetime. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/state.c | 68 +++++++++++++++++++++++++++++++ xen/arch/arm/domain.c | 14 +++++++ xen/arch/arm/include/asm/cca.h | 42 +++++++++++++++++++ xen/arch/arm/include/asm/domain.h | 16 ++++++++ 5 files changed, 141 insertions(+) create mode 100644 xen/arch/arm/cca/state.c create mode 100644 xen/arch/arm/include/asm/cca.h diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile index 9c351f901dfd..aaa04e3b914b 100644 --- a/xen/arch/arm/cca/Makefile +++ b/xen/arch/arm/cca/Makefile @@ -1 +1,2 @@ obj-y +=3D rmi.o +obj-y +=3D state.o diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c new file mode 100644 index 000000000000..a47d9cd7b6fd --- /dev/null +++ b/xen/arch/arm/cca/state.c @@ -0,0 +1,68 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include + +#include + +#include "rmi.h" + +static void arm_cca_reset_domain_state(struct domain *d) +{ + d->arch.cca.realm_active =3D false; + d->arch.cca.rd =3D INVALID_PADDR; + d->arch.cca.rmi_features0 =3D 0; + d->arch.cca.rmi_features1 =3D 0; +} + +static void arm_cca_reset_vcpu_state(struct vcpu *v) +{ + v->arch.cca.rec =3D INVALID_PADDR; + v->arch.cca.run =3D NULL; + v->arch.cca.run_pa =3D INVALID_PADDR; +} + +void arm_cca_domain_init(struct domain *d) +{ + arm_cca_reset_domain_state(d); +} + +void arm_cca_domain_destroy(struct domain *d) +{ + arm_cca_reset_domain_state(d); +} + +void arm_cca_vcpu_init(struct vcpu *v) +{ + arm_cca_reset_vcpu_state(v); +} + +void arm_cca_vcpu_destroy(struct vcpu *v) +{ + if ( v->arch.cca.run ) + arm_cca_free_rec_run(v->arch.cca.run); + + arm_cca_reset_vcpu_state(v); +} + +void *arm_cca_alloc_rec_run(void) +{ + void *run; + + BUILD_BUG_ON(sizeof(struct arm_cca_rmi_rec_run) !=3D + ARM_CCA_RMI_REC_RUN_SIZE); + + run =3D alloc_xenheap_page(); + if ( run =3D=3D NULL ) + return NULL; + + clear_page(run); + + return run; +} + +void arm_cca_free_rec_run(void *run) +{ + free_xenheap_page(run); +} diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 26380a807cad..4b6115491c59 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -482,6 +482,10 @@ int arch_vcpu_create(struct vcpu *v) v->arch.saved_context.sp =3D (register_t)v->arch.cpu_info; v->arch.saved_context.pc =3D (register_t)continue_new_vcpu; =20 +#ifdef CONFIG_ARM_CCA + arm_cca_vcpu_init(v); +#endif + /* Idle VCPUs don't need the rest of this setup */ if ( is_idle_vcpu(v) ) return rc; @@ -526,6 +530,9 @@ fail: =20 void arch_vcpu_destroy(struct vcpu *v) { +#ifdef CONFIG_ARM_CCA + arm_cca_vcpu_destroy(v); +#endif if ( is_sve_domain(v->domain) ) sve_context_free(v); vcpu_timer_destroy(v); @@ -642,6 +649,10 @@ int arch_domain_create(struct domain *d, =20 BUILD_BUG_ON(GUEST_MAX_VCPUS < MAX_VIRT_CPUS); =20 +#ifdef CONFIG_ARM_CCA + arm_cca_domain_init(d); +#endif + #ifdef CONFIG_IOREQ_SERVER ioreq_domain_init(d); #endif @@ -786,6 +797,9 @@ void arch_domain_destroy(struct domain *d) { resume_ctx_reset(&d->arch.resume_ctx); =20 +#ifdef CONFIG_ARM_CCA + arm_cca_domain_destroy(d); +#endif tee_free_domain_ctx(d); /* IOMMU page table is shared with P2M, always call * iommu_domain_destroy() before p2m_final_teardown(). diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h new file mode 100644 index 000000000000..1be43327119e --- /dev/null +++ b/xen/arch/arm/include/asm/cca.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef ARM_CCA_H +#define ARM_CCA_H + +#include + +/* + * Keep the public ARM CCA arch header independent from the internal RMI A= BI + * definitions that live under arch/arm/cca/. + * + * DEN0137 2.0-bet1 - B3.99 RecAuxCount caps the implementation-defined + * number of REC auxiliary granules. REC_CREATE gets them through SRO + * donation. + */ +#define ARM_CCA_MAX_REC_AUX 16U + +struct domain; +struct vcpu; + +struct arm_cca_domain_state { + bool realm_active; + paddr_t rd; + unsigned long rmi_features0; + unsigned long rmi_features1; +}; + +struct arm_cca_vcpu_state { + paddr_t rec; + void *run; + paddr_t run_pa; +}; + +void arm_cca_domain_init(struct domain *d); +void arm_cca_domain_destroy(struct domain *d); + +void arm_cca_vcpu_init(struct vcpu *v); +void arm_cca_vcpu_destroy(struct vcpu *v); + +void *arm_cca_alloc_rec_run(void); +void arm_cca_free_rec_run(void *run); + +#endif /* ARM_CCA_H */ diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/d= omain.h index 46a5cdc0c800..25230c18d16b 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -3,6 +3,7 @@ =20 #include #include +#include #include #include #include @@ -96,6 +97,9 @@ struct arch_domain /* ARM SCI driver's specific data */ void *sci_data; #endif +#ifdef CONFIG_ARM_CCA + struct arm_cca_domain_state cca; +#endif =20 struct resume_info resume_ctx; } __cacheline_aligned; @@ -207,6 +211,10 @@ struct arch_vcpu /* Timer registers */ register_t cntkctl; =20 +#ifdef CONFIG_ARM_CCA + struct arm_cca_vcpu_state cca; +#endif + struct vtimer phys_timer; struct vtimer virt_timer; bool vtimer_initialized; @@ -224,6 +232,14 @@ struct arch_vcpu void vcpu_show_registers(struct vcpu *v); void vcpu_switch_to_aarch64_mode(struct vcpu *v); =20 +#ifdef CONFIG_ARM_CCA +#define is_domain_realm(d) ((d)->arch.cca.realm_active) +#define is_vcpu_realm(v) is_domain_realm((v)->domain) +#else +#define is_domain_realm(d) ({ (void)(d); false; }) +#define is_vcpu_realm(v) ({ (void)(v); false; }) +#endif + /* * Due to the restriction of GICv3, the number of vCPUs in AFF0 is * limited to 16, thus only the first 4 bits of AFF0 are legal. We will --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818140827864.8001518425637; Thu, 14 May 2026 21:09:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309341.1580386 (Exim 4.92) (envelope-from ) id 1wNjqi-0002D8-AI; Fri, 15 May 2026 04:08:32 +0000 Received: by outflank-mailman (output) from mailman id 1309341.1580386; Fri, 15 May 2026 04:08:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqi-0002CF-6a; Fri, 15 May 2026 04:08:32 +0000 Received: by outflank-mailman (input) for mailman id 1309341; Fri, 15 May 2026 04:08:30 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqg-0001oY-DC for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:30 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqf-00GbfP-PR for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:29 +0200 Received: from [10.42.69.2] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069bea-2eae-0a2a0a5409dd-0a2a4502b15c-48 for ; Fri, 15 May 2026 06:08:29 +0200 Received: from [40.107.74.73] (helo=OS0P286CU010.outbound.protection.outlook.com) by tlsNG-720697.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3a-af86-0a2a45020019-286b4a49ea93-4 for ; Fri, 15 May 2026 06:08:29 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:22 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mtKwuIZPDKs9Nc7vf3KMSPtl+i/TN1cJbJ9RR4x2hRnLhZqU3r0MYSpZXelSshVm5oNGx2lcqAB8+pUqVfVD2I48hE1ct5eK/2OcD4KzOFIji/dflXpu9zUzQFBYUo7EipgVqUY3HILJvVtx1ZKb5hdV6PuZuIEsC0W37KjXkxaxfjcC8Bram4bQMIGZYnAs3Sk6+iDqFFhzaU63JgqynQGVkAuY2GJgTS2eLumEeKLgnb7v1SrbtcCK3Smu7KjZRNnW6c8HTexLAVn1MV2+bQfnvuMy1wLZE9cEPnfrDe994k8tkKUoA/eXMAy6hhjKEMSZRRysqyeMn7GOiFSVeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=je+2e5JLShwscO+d0I1NHDPQJTM0lMJ5BSNSbA846H8=; b=odapd3Be5VkQtBbRH1uwN0il268YOIwXXv1evWs55d2udpriuVqsx2pB2WfSpdh8gFKBUAQ+Y5hqfT6O1DXyVwiKjJNlZ+vETnhk1ujADMbouvgWhPs5ppegHYVMNohvVQNshqz2pI1+PEhuALw2xwjB31+BUkV5O2Abx+P2jgvxn+Ow3ksIetfAro5577HNpYPIuPQC0m+glR1KXQ9uoLDQcZTzRTlnXqVs1OBIDvONWGMJ0r/HIoxM5b8yLvI3imNYRjltq5TnsQIueq5abrKpXu8no37bAicm8vvwm7e9UxHV6/XJ8DBqUITpxetuVyW7dwNPE6oSm5weOPz0vw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=je+2e5JLShwscO+d0I1NHDPQJTM0lMJ5BSNSbA846H8=; b=ZjirFkkQx98rdoyoHp0f1TXHftt87gcG3KYTcEP61fQd2vmJ/dTCo8A81If/K2yshUT+/4YYD6QNQB+6GfBkc1xsl+9PIO0Ui78D3XCxqbIlAA4bMo18FETDWiDWHVidYLizcRYH+77bBvAkfHhmTw9JWsYwfx7W/TBiJovVK1w= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 05/26] xen/arm/cca: track Realm-owned granules Date: Fri, 15 May 2026 13:07:51 +0900 Message-ID: <20260515040812.983626-6-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP301CA0002.JPNP301.PROD.OUTLOOK.COM (2603:1096:400:386::20) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 195e6b72-698f-43dc-46ea-08deb2379ae0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: 2hFHo+3ayg7fpGrZMm0jWxN7Zm35WD0WjW6Cdb2qx6y6Q7uGZVOCBvspdVSOkAjCOw7XmcHKPWmKBte02VClaozk5MuUAw0J5dzrS85nAATMINjdPplDKYuL/hihsgT6mEfzmzCVjXDO1/8PVs0YrvC00J/EDGvIlpEVUeCPbaaGrEq2iznV4YUC/HKwXwelpK3EvKGQ93Go/z79mWvppy84OkeZprGzI5XkFXL++azUM3ABCbFGhsRskZJiQtwD3keb4kz+4lYgk8lctqhWcryhh/SkAdWTqQcohBqT3auO+MUROWKIFAoR1TVEts93GcBa9qDYkzZs6Ei3jkZhHz5ttjz4Wv19n9DEK3GJYjjZK3byaQRoAI2myqxJZTBN0if+ivHZ0SbfwP2z08odWRfNNpVM37LyglMHBbXbINCbPkPySBUwqS+4D8+T3ACOOZmsoi76u8psBIHYxTXioSt6YdKxXi0i6efceWlBp+tH8R8NC+wqF5p0dPTs/dTV1jhEmJmG1L4C8BamxoR2MCiJ53J9v8veKlYxSWpQXWjFJzNVOV8j3b72ew6LvRJALskkCdDHZstLw/DRJL+IVAigarzIW6nHHR3X72/1glVjJzXgvlNERJv4OLu0fyqpY7T19s5X5A/DGoalv9UxFlQQpaAuOYXyTgSFsYLUbkE5aO9iAVVt5x9LfJS+oiNF X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?CFB7Kx1jzuSfLvky5aP3ky6Jos3A39MnUy7FeTnwnRlTHp6bOZe1kFRrcN/+?= =?us-ascii?Q?eh1/cu1EWgp3+u7ECQWEaJH4JJLE896OLSNz8iVa8YnpHo0a/wUnvHk2Rn5P?= =?us-ascii?Q?+4/qC2ATxC8h8WeXFMCALapu4HiYNgKBisY4sKnHp80mFTlR1DkoeGRSvhXK?= =?us-ascii?Q?Pn5jZcEZHLkCgqxZ7wCy9YVKiRjIKb94vyXmZCOVcQMig4pp/MmR4XTPBqNE?= =?us-ascii?Q?lEO3aD36Fqu2OpIFSYmP5LKmH2zAt8Y7yCkC5+b92kqdRRoSw/WgwwgB4PhX?= =?us-ascii?Q?gmtve0U0xvJVRk/D0OXHSffmalfTa8SKRV7BrouobU1lXp9tfahiDlqqKKCi?= =?us-ascii?Q?ZD/r6SIqA5davDU0zMw4Uar4eiC/93qrNEfCDghKnOLTRo8+T7DkC4na9xB3?= =?us-ascii?Q?kVzgAL3e+QHkF8tbTeo3PT0KBv7wbfFKPGHmVL2MNgoDEY011DQ4qgNLJHIg?= =?us-ascii?Q?6UcGbdFMlQcY9rNvKxYAwnGy34dMD2jDetwnjQmssvgPDdaVpCzdGjfaV6NS?= =?us-ascii?Q?Ye/jZ2/HQXqHqTArYVXWnkje5uuZrHsH4cd99iVLF7tl8TabqAHuVfXW/s0g?= =?us-ascii?Q?Rmd2wod6RLy2R0c+ZAtEHEl8JAYbqoO7ag66pj1PFpZdnmUG7ld4RvsxsoJU?= =?us-ascii?Q?V9mwDepUjUkAaq5CUhflV+u1JvUd2fHJMiDXBtD4sNQKN21hXON51d1f12Zi?= =?us-ascii?Q?LTDmfT4b8GBXJi65wEOsGHrO7DLEQsZoUzC/EpIswlwLVUDh6ueBEEZTjtMC?= =?us-ascii?Q?ZyvXzdGysVwHA0QgBQ7P1eCS5BNVhF2evR/qga6XHmgu8W7r4EdGl3vPqzMP?= =?us-ascii?Q?OCMz26SIcUCE5CSXINZ8cW4TWIJ8SpSiNSV2EUDYP1RBsqtwqf1Brod0EmHq?= =?us-ascii?Q?0IfGZF+FAeNM9wcsO2i91kuuypt98+DR9IboIrCAvMvHM7P3+J7M71WKJ2i7?= =?us-ascii?Q?oebUweVruVgcGMaeEvzS1WP++5s2yKXy7xJe2r9UR6nARl98KRDyOoRlBXP0?= =?us-ascii?Q?Fn8ua5B03VIW9NVRBZcjphIISuHnJY6IdqYLV19ZNvxGT/Km+125E071BdTG?= =?us-ascii?Q?H3XSkjFichVOUdyXaJ1aYW2CRKIrDLgiaEgvvcnFgfawFkzD/pYVOZCJcLQ4?= =?us-ascii?Q?y/oJfjSNFfGajpp5zZL00H7MBcpHzKCB/lUDlzU4N+S/oKfSHFj7Ab8nB5qm?= =?us-ascii?Q?8PNakP9AEsxt+sTZ8SScuTXusNVQEyBnutVo20xBMIFusazNnNBG2g9Cvw1I?= =?us-ascii?Q?rtJ5V0V5r+1t+qxbDL2gttM+lVmTqfhWzp8nuERkOQCyiSlfwjKMcHTpY5TP?= =?us-ascii?Q?YY0tsGoYq3fepnP0Ko40kBpwv8dS+lJz2pOmbY+g/TklZ75w7NfFBdmH7Dhn?= =?us-ascii?Q?+LqRtNYDJ4GUiEOuyOGo7mD47dzKtKOk43vO+VDsHrJHgrDVxaIgAvMrkhWk?= =?us-ascii?Q?jP9WX+0C5eBnN80QANHXiyqi52wRDnMBzHT9PJ1kP3yhtle+UywJAToPG6bO?= =?us-ascii?Q?flEW7aMVFaae2Kj8ANQbcsUqUld4lghfs65duSHl+p3nMKXl9+ZQn1i0R0w2?= =?us-ascii?Q?cL0la7sEgRiKB8C5MLhsqm83biMnE1k7GHYBzmI3QzLXtiw4dcMG2iCDVQMR?= =?us-ascii?Q?v5y/pwL1d3BmefNcrUASQciZcrQfhwgXiXdLAX2XL6c/MSEF6NaZfceLZGY4?= =?us-ascii?Q?5f127H6r4lX3fdaxIIWBDlpRRIUToK845t/Lp0q9iLyG4FQIB1icrZ3gEqfI?= =?us-ascii?Q?VIOwiKq1TCPGsgL8UeVYMjxHNoh6dVd8F7QM/V64PgDj+Ty11J9H?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 195e6b72-698f-43dc-46ea-08deb2379ae0 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:22.4995 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5rCZAjq2hWD5AJr7kBSdfXtjpNgGfB1UlAcHYKWBwy0zr5swQeMBHDYsnyYU61n22k3YYKy/1RX5Mz24G4GZbQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-720697/1778818109-81971161-745DA4CC/0/0 X-purgate-type: clean X-purgate-size: 3368 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818141524158500 Content-Type: text/plain; charset="utf-8" Track pages once ownership has moved from Xen to the RMM. Teardown uses these records to hand them back in the right RMI order. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/state.c | 19 ++++++++++++++++ xen/arch/arm/include/asm/cca.h | 40 ++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index a47d9cd7b6fd..66375965a1b4 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -10,17 +10,36 @@ =20 static void arm_cca_reset_domain_state(struct domain *d) { + unsigned int i; + d->arch.cca.realm_active =3D false; d->arch.cca.rd =3D INVALID_PADDR; d->arch.cca.rmi_features0 =3D 0; d->arch.cca.rmi_features1 =3D 0; + d->arch.cca.rd_page =3D NULL; + d->arch.cca.rtt_root_page =3D NULL; + d->arch.cca.nr_realm_sro_pages =3D 0; + d->arch.cca.rtts =3D NULL; + d->arch.cca.nr_rtts =3D 0; + d->arch.cca.data_pages =3D NULL; + d->arch.cca.nr_data_pages =3D 0; + + for ( i =3D 0; i < ARRAY_SIZE(d->arch.cca.realm_sro_pages); ++i ) + d->arch.cca.realm_sro_pages[i] =3D NULL; } =20 static void arm_cca_reset_vcpu_state(struct vcpu *v) { + unsigned int i; + v->arch.cca.rec =3D INVALID_PADDR; v->arch.cca.run =3D NULL; v->arch.cca.run_pa =3D INVALID_PADDR; + v->arch.cca.rec_page =3D NULL; + v->arch.cca.nr_aux =3D 0; + + for ( i =3D 0; i < ARRAY_SIZE(v->arch.cca.aux_pages); ++i ) + v->arch.cca.aux_pages[i] =3D NULL; } =20 void arm_cca_domain_init(struct domain *d) diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index 1be43327119e..6bf644fbcee5 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -14,20 +14,60 @@ */ #define ARM_CCA_MAX_REC_AUX 16U =20 +/* + * Xen implementation cap for pages accepted by one memory-transferring SR= O, + * not an RMI architectural limit. Switch to dynamic tracking if a real R= MM + * needs more. + */ +#define ARM_CCA_MAX_SRO_DONATION_PAGES 64U + struct domain; struct vcpu; +struct page_info; + +struct arm_cca_rtt_record { + paddr_t ipa; + paddr_t pa; + unsigned int level; +}; + +struct arm_cca_data_page_record { + paddr_t ipa; + paddr_t pa; +}; =20 struct arm_cca_domain_state { bool realm_active; paddr_t rd; unsigned long rmi_features0; unsigned long rmi_features1; + + /* + * Host references for granules whose RMM state is no longer represent= ed + * by Xen's page allocator alone. They let relinquish complete the + * reverse DEN0137 2.0-bet1 A2.3.6 transitions before the pages are + * returned to Xen. + */ + struct page_info *rd_page; + struct page_info *rtt_root_page; + struct page_info *realm_sro_pages[ARM_CCA_MAX_SRO_DONATION_PAGES]; + unsigned int nr_realm_sro_pages; + + struct arm_cca_rtt_record *rtts; + unsigned int nr_rtts; + + struct arm_cca_data_page_record *data_pages; + unsigned long nr_data_pages; }; =20 struct arm_cca_vcpu_state { paddr_t rec; void *run; paddr_t run_pa; + + struct page_info *rec_page; + struct page_info *aux_pages[ARM_CCA_MAX_REC_AUX]; + unsigned int nr_aux; }; =20 void arm_cca_domain_init(struct domain *d); --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818152066274.24480274990594; Thu, 14 May 2026 21:09:12 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309343.1580398 (Exim 4.92) (envelope-from ) id 1wNjqj-0002Sb-6H; Fri, 15 May 2026 04:08:33 +0000 Received: by outflank-mailman (output) from mailman id 1309343.1580398; Fri, 15 May 2026 04:08:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqi-0002Qg-V0; Fri, 15 May 2026 04:08:32 +0000 Received: by outflank-mailman (input) for mailman id 1309343; Fri, 15 May 2026 04:08:31 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqh-0001yd-5f for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:31 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqg-00GbfP-Hq for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:30 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-2eae-0a2a0a5409dd-0a2a4504bda6-44 for ; Fri, 15 May 2026 06:08:30 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-7 for ; Fri, 15 May 2026 06:08:30 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:23 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LRKDfWZzRHBANJNy49uEbFMb3rLvwdeb57/irzeo6WdfiA3gxykkTse40rL0mm3XidTwi5cz5AeUFsJ+BhY86kuGX2gXTRa9fkcmzHRC9S+xUuE79DH27T4R3fMsp3EhmX+c6yVs+Y0ZXzivJ5EH1dYP6riRrVSfXnplSwvDPhGPlVMY+r7/70G1KWO38rnwURELXx2UI7x2Jw2F/uIPRtAOgDDXZqsEPjozXvVdr2u0fFXZ86IHfeJ8XKOpLq6sTC/Os4Rypi6b/SS7W0a+5y0+T5oR1LmWX0xqO0EhkImlAj4FEMXxMSVYholWVNmfZsw+CZZ9tGH4HjNCe13LZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ihotna9f+5bqGkkQOWVVME5/dELv08SRAliM5aVHxjs=; b=V7VKBFZ7QWs9lqLvfnNHp58L2+D2Z521RAVHcJ6SX1UQFrPaOLsikmdCtdalTVC7gcvq8F5aC2r4TJq+eKizgEybYlpI+51EW8aZhl5dzRCgdbdAhN2Hdhk74/xgIuyb7JCQnWcgWHYAWWGhQg6ENxj+bXhCt6vpDZE/9h7s4S84n7vbotAEe2bZT0amYEQh03RYe7CiZxWQG4vJI0nI7qFRSwKG+AqXD05NjVuVH2aDoGMArPNWcnJeXObS7opRzTTJ53k8uVpgJFbDkh3F4e4vfI1jsaTiEDgGSBEVXV/bMfwdEmcy1c7qJ6w0CGYJpQd4Ot5/ceHEuLd8xwuNPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ihotna9f+5bqGkkQOWVVME5/dELv08SRAliM5aVHxjs=; b=KNW3CvgfQOw03hq0KYuZMiSXcLlHHlv1aQhLHhjCF0IDJbrWt+ORR/CNqA+LJNJ7JNbcc7wz4ZhQE/y+w/g9vXxoDFsarNar5wVDaEa2dApiUKjmKQV6GNEwTAT9SepGyYDllXTC7mPQT6YpBPYwJSMIl/h0xdrlyerz/YYmW+4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 06/26] xen/arm/cca: add Realm granule helpers Date: Fri, 15 May 2026 13:07:52 +0900 Message-ID: <20260515040812.983626-7-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0351.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:7c::20) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d0cf795-6dfd-449f-4b10-08deb2379b4e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: 4xOloNydJfkoTZbHuGUYSjjx5YR2Y+tlevsyTFdyUb1YpzEVkPjNHvoY0rRnPez2fnFGO5wSuTtQDPOBAMsuzgnQGJ2nVU17gS4YPDrvpApNOT7sYZx0fmNaSOpGrG1sftxySvqlucQP7lxHvT79KY1BwYgoLvz1+amv3QWFa6AST4b42VWN32ulTYk+JsHhVizNc0DEJGF+qIiS7hege9EzLGg9CP6YA/SJ6Ckx/WgiUV9pIkwlRPel+qACm0A4waCcjYNIoE3Xz8nXp32/7E6Ls0TpaXm7SJjKzLMKxak01vqGFndLR6YrE1qEAkL9TOVdG0Uz7qL/SIl9LgEa3KC3hDWOpQLgAfpZcDxeIRyhVXgB3dgC7KgUaLET67UtKTuBdkOT0/jJWLur/dqkGSYFQGjEi29BFRFVfI1H9BCuDl+Kox+DsL8I8BtI8Tv1Oe2vrd00A5ELAqfMKCuhGTvRpxkt3+1kpRROhmQ72N9+2loC2yTPmAt7I1O4RoDUSDkxyIK8GIOAfZ2ASDx8IHcIOkgabInEmpFiDijaG6pzLIMplR/V7OZbNFvpg+3+ZJ3W2Wqc36LKajbXVa4t4NJzlazJVvq7GEtF0GkyFY1pNvGcwxrs8ISIrPzCE+uwEVB4PIGG+z8taB8dQx73j5ojw0tnpXRg0+9A7bO6KELzt1KD7reu7SomCOOi/MGO X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?B/NmlldLWfuemefkQ0J1njZ9YxbgphWW3fwqvgtXV1A2nwrDJGjWn5crCGWA?= =?us-ascii?Q?W5INu6X05W1ZMH9ylng7jh5cT2XAEmL9m1aXbj4eU0szolDrV73JLYAC9mnj?= =?us-ascii?Q?brI7LFFmKDKY7IXaVEH0loCHFkocfBRcukMPMgu40p6couJhWRitlMIp41Mw?= =?us-ascii?Q?85jl2wxGLiJqjILMDV+YFPRlljpe2nnlsUqXD4WaqIJt6sPXa8dIA4bN9DKS?= =?us-ascii?Q?lpdDiJzZtg2VG04F2AA93/uz9HhFfZG/nVGeI8jq0Qe1zEPNImXlmPOVfwYl?= =?us-ascii?Q?j/UIfOqRxYFQtkyXG0aFD8JiNDXyU3+e/R4mAm2cMK3LQBgM4c0jtfEY3QYD?= =?us-ascii?Q?pZLaLI66KJhpzesw9xf/CA7Xzp1A1jw+eTOqMxmmfAKw9dVskPiN96tZt0fR?= =?us-ascii?Q?uip9qx4YyJKtm1Y9WVovW8xzLi42UicVm598TWOpPDFVgJQ62yqGIV2i7BcQ?= =?us-ascii?Q?1uW5SOJ1WWiAPyx+TojqFhDFbsRCPWi+ekV0pbwPKBhRphW5ysJytWnB93xz?= =?us-ascii?Q?mSFQS4FM9vViZND0VE7cKtNzDFK2I0qv5Y3fWusq+eoMBd3cgMLaaK+lSTyy?= =?us-ascii?Q?xPyDBeRWxYgxTB2Er5jC+OLX+nb6WOGNeHMhS7dWWIKFFTbLrfiWBUSW6ePs?= =?us-ascii?Q?boj6O+MztSd4KuChHEBcnitgYJGpbarUpAyes59Zfq1ilkoKqtdRDHlaXv3X?= =?us-ascii?Q?YlNn5HAaQeix28pj3qFGkyiVW5+nvOMomqPhmU3QG7M0cT6kybvnb0sDLfZ/?= =?us-ascii?Q?43wDrFX1K+ez7gq4j5ensaNWS45mCyhXkBo10NIl1nQQjdKipmWQFVgK3YHy?= =?us-ascii?Q?WJ6Lsmlo/3QZjNN8ZjaKQwu0dpYRlAlV1IS9XCTs4q40oj2558dH8nTt7QsB?= =?us-ascii?Q?if0TyjKOOeUxrCb3KDq3ZNjJUjjNlO6ZH1vRkiKlcfU3WHih0WwYzP840K3E?= =?us-ascii?Q?K3RC1hp8xhZl1Jg0WhtL2+08cVch7Bv+7EooCEtjyFjmYyOVB1udrXCy+H3t?= =?us-ascii?Q?gYv09v/6Do6k7z+BIENV04yCt86APrPpXCRY9Qrz/ZtApAX2RztIeWotJabW?= =?us-ascii?Q?eV160IpL63SWfj9bLCOKVwmChj+8CZrl1p+MVFBua9Y7mEHbyHaWORT+LxEL?= =?us-ascii?Q?S0EjnWmJW4YBGUJSigSOG2DZLKcp7qUWGvRhN417x+d7MkC1fQRnaJVdRcbQ?= =?us-ascii?Q?kDdXG7Aa3UKz/452bZxueHjzUpy+A9T+ZghJpcRx2zUgK/HPqQTpn7aUUrKY?= =?us-ascii?Q?vGF6MLQtDgg9ZOc5mv0u6yHg0Wd7l57bP6QY7onQ6zyIO4d5aTFP6nTRkJSL?= =?us-ascii?Q?mhlTMgopau4Ek9iC4vqA0iMUdZ2vrZDyihzY9P6uSqg9+yWNfhOTlZ31xl/F?= =?us-ascii?Q?u/JoAJ69OQ3AF3/8RMPXMdhxf8Sn8tc/NIG3qbmks5N9wb6SPlC0KJSAdgH/?= =?us-ascii?Q?yO1fv+VukYCd3v7lxXsPDBAooTSThaZ5leBlXaHW5jiXNjs4AL42kgI/wVCf?= =?us-ascii?Q?0gKiW7WwXF5es99awA1IZBgrrKw8RrLZ6sQRJT2QSysP9HVKFLYwXM7aTsI8?= =?us-ascii?Q?1ep7fGns8rQU0o0MXnwwR6FttnJdFm8w2NR2i5TFXwPuzMje+AxXOaD1V5dn?= =?us-ascii?Q?DfQiRQt/D+p4u1NgXJALPhP/r4J8IKBE8bTVZajM7V5nELLf4cIwfujW5RAL?= =?us-ascii?Q?VyxdW0Xe8TKjBB+DrEumbYNbmsM1bsmOxxZZALJnQVTIdRZJ+LtROIzEB+Cc?= =?us-ascii?Q?HoxaTx2O1yX8J3gfK8dywucEe3XJaOYN/sjtoMYn1gKixiQ7+SO6?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 4d0cf795-6dfd-449f-4b10-08deb2379b4e X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:23.2284 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eLQcFzsyGfA4ofz/BDkAV+PlLZHi3RxBZO1KWm2KmhM3yKDSXfNg3scZtmjgKr2RgcvHyTv75J5cZRSSLFVHhg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818110-41D7C3FF-ADB2B77D/0/0 X-purgate-type: clean X-purgate-size: 5664 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818153572158500 Content-Type: text/plain; charset="utf-8" Add the memory-tracking preflight and the single-granule delegate helpers. Realm-owned pages have to come from fine, conventional tracking regions. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/granule.c | 150 +++++++++++++++++++++++++++++++++ xen/arch/arm/include/asm/cca.h | 5 ++ 3 files changed, 156 insertions(+) create mode 100644 xen/arch/arm/cca/granule.c diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile index aaa04e3b914b..7f20d43323c3 100644 --- a/xen/arch/arm/cca/Makefile +++ b/xen/arch/arm/cca/Makefile @@ -1,2 +1,3 @@ +obj-y +=3D granule.o obj-y +=3D rmi.o obj-y +=3D state.o diff --git a/xen/arch/arm/cca/granule.c b/xen/arch/arm/cca/granule.c new file mode 100644 index 000000000000..d2be4d240f19 --- /dev/null +++ b/xen/arch/arm/cca/granule.c @@ -0,0 +1,150 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include +#include + +#include + +#include "rmi.h" + +static paddr_t __init arm_cca_l0gpt_size(unsigned long features1) +{ + unsigned long l0gptsz =3D arm_cca_rmi_field_get( + features1, ARM_CCA_RMI_FEATURE_REGISTER_1_L0GPTSZ_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_1_L0GPTSZ_WIDTH); + + return 1ULL << (30 + l0gptsz); +} + +static int __init arm_cca_verify_memory_tracking(paddr_t start, paddr_t en= d) +{ + while ( start < end ) + { + unsigned long category, state; + paddr_t next; + int rc; + + rc =3D arm_cca_rmi_granule_tracking_get(start, end, &category, &st= ate, + &next); + if ( rc !=3D 0 ) + return rc; + + if ( category !=3D ARM_CCA_RMI_MEM_CATEGORY_CONVENTIONAL || + state !=3D ARM_CCA_RMI_TRACKING_FINE || + next <=3D start || next > end ) + { + printk(XENLOG_ERR + "ARM CCA: memory [%#" PRIpaddr ", %#" PRIpaddr + ") is not fine-tracked conventional memory\n", + start, end); + return -EOPNOTSUPP; + } + + start =3D next; + } + + return 0; +} + +static int __init arm_cca_create_gpts(paddr_t start, paddr_t end, + paddr_t l0gpt_size) +{ + paddr_t base =3D ROUNDDOWN(start, l0gpt_size); + paddr_t stop =3D ROUNDUP(end, l0gpt_size); + + while ( base < stop ) + { + int rc =3D arm_cca_rmi_gpt_l1_create(base); + + if ( rc !=3D 0 ) + { + printk(XENLOG_ERR + "ARM CCA: failed to create GPT L1 for %#" PRIpaddr "\n", + base); + return rc; + } + + base +=3D l0gpt_size; + } + + return 0; +} + +int __init arm_cca_prepare_host_memory(unsigned long features1) +{ + const struct membanks *mem =3D bootinfo_get_mem(); + paddr_t l0gpt_size =3D arm_cca_l0gpt_size(features1); + unsigned int i; + int rc; + + for ( i =3D 0; i < mem->nr_banks; i++ ) + { + paddr_t start =3D mem->bank[i].start; + paddr_t end =3D start + mem->bank[i].size; + + rc =3D arm_cca_verify_memory_tracking(start, end); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_create_gpts(start, end, l0gpt_size); + if ( rc !=3D 0 ) + return rc; + } + + return 0; +} + +static int arm_cca_process_granule_range(paddr_t start, paddr_t end, + bool delegate) +{ + paddr_t cur =3D start; + int rc; + + /* + * arm_cca_prepare_host_memory() checks that host DRAM is fine-tracked= and + * has GPT L1 metadata before any Realm-owned granule can be delegated. + */ + if ( start >=3D end || !IS_ALIGNED(start, PAGE_SIZE) || + !IS_ALIGNED(end, PAGE_SIZE) ) + return -EINVAL; + + while ( cur < end ) + { + paddr_t out_top =3D INVALID_PADDR; + + if ( delegate ) + rc =3D arm_cca_rmi_granule_range_delegate(cur, end, &out_top); + else + rc =3D arm_cca_rmi_granule_range_undelegate(cur, end, &out_top= ); + + if ( rc !=3D 0 ) + return rc; + + if ( out_top <=3D cur || out_top > end ) + return -EIO; + + cur =3D out_top; + } + + return 0; +} + +/* DEN0137 2.0-bet1 - D1.1.1 Granule delegation flow. */ +int arm_cca_delegate_granule(paddr_t granule) +{ + if ( !IS_ALIGNED(granule, PAGE_SIZE) ) + return -EINVAL; + + return arm_cca_process_granule_range(granule, granule + PAGE_SIZE, tru= e); +} + +/* DEN0137 2.0-bet1 - D1.1.2 Granule undelegation flow. */ +int arm_cca_undelegate_granule(paddr_t granule) +{ + if ( !IS_ALIGNED(granule, PAGE_SIZE) ) + return -EINVAL; + + return arm_cca_process_granule_range(granule, granule + PAGE_SIZE, fal= se); +} diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index 6bf644fbcee5..c35d51f750a3 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -2,6 +2,7 @@ #ifndef ARM_CCA_H #define ARM_CCA_H =20 +#include #include =20 /* @@ -79,4 +80,8 @@ void arm_cca_vcpu_destroy(struct vcpu *v); void *arm_cca_alloc_rec_run(void); void arm_cca_free_rec_run(void *run); =20 +int arm_cca_delegate_granule(paddr_t granule); +int arm_cca_undelegate_granule(paddr_t granule); +int arm_cca_prepare_host_memory(unsigned long features1) __init; + #endif /* ARM_CCA_H */ --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818151989416.76045335820686; Thu, 14 May 2026 21:09:11 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309345.1580413 (Exim 4.92) (envelope-from ) id 1wNjqk-0002ko-I0; Fri, 15 May 2026 04:08:34 +0000 Received: by outflank-mailman (output) from mailman id 1309345.1580413; Fri, 15 May 2026 04:08:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqk-0002jC-3B; Fri, 15 May 2026 04:08:34 +0000 Received: by outflank-mailman (input) for mailman id 1309345; Fri, 15 May 2026 04:08:31 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqh-00021J-Df for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:31 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqg-00GbfP-Q7 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:30 +0200 Received: from [10.42.69.2] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c3e-2eae-0a2a0a5409dd-0a2a4502c694-0 for ; Fri, 15 May 2026 06:08:30 +0200 Received: from [40.107.74.73] (helo=OS0P286CU010.outbound.protection.outlook.com) by tlsNG-720697.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3a-af86-0a2a45020019-286b4a49ea93-5 for ; Fri, 15 May 2026 06:08:30 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:24 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QDCrjOBeD+nbUqtSUUKMu9l68x2JF7jrM5YO8hH5Am7A/xW/zbyy3TVpPiq6Za/S57zBbhRxkNm3kVwwbPgzLcrnTbapOzV7bHPaEbvD/j7j6ow12ueyC3RJcpf1aCBJLqaIsTEFuZLgozh78XzYxZrh3VsmVNm8jclhFoc5ik8p/hDxWRiHIsfr7m4sdEPKuralTwAHUSTulwJ34osQ2MbdL8R7/IYY0obnSo/YWsu/G140cIsjkfAg5UFZqVMAkAJpQ8lD8HTOheokXhdpdPUVK1KZd/CYXcJopY6Qd63F5tr3LU4fjDcm1oCxC/Y0AashRrC6XoC2EIpRZoUl0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UyVaj4/RdCO+bvx/q4AkK7MGTGIPg9kj2o0tPGAL1DI=; b=hyf6QhfhCW+gdEw+ZDn7DCP9gbwlZ9igPTbtGgiEAhErLHGq9Dwdv3l95FPMZOlHcDxap66Rnp2dYFkHQRvnGa44eSlgYB6NCC4IoVnJceZ3CV/j/A2Glx0Njl58IjtKwXUUwH5w63NRrhnEBf96w9IoKd4gfg9Vcb5cDMB/qpcW6N4/hmBI6PgI2jyHdp5ZogzCHLbkZVwVKHXRl91g/ok3zcthx7WRr7Snz87M3aPBoxyNzWEWhY/kZYFmMWEPzBaUFtqZbzGKV/0B//nMGnn9AzmN3BsZPSsgzgFhICxFC8CZOaH9eTBsEwx3U2DiyelTAnmhY0cq1TEscDobAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UyVaj4/RdCO+bvx/q4AkK7MGTGIPg9kj2o0tPGAL1DI=; b=TeGlu6xgJXlAGw37q/gh6/Yb47b+pCglDnwJj5oHcgD0mRIbbQdECtObqMrsGo6VZWzbCMfd3rt3tkPLIW1RffTU9vxyNHybgJiAcM5DzT1Je1mC4EHmoQnKKpJ2bwLpoltzPoGU2g075LA1nx5XknO5jf2Uq39stb65t6rY8CQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 07/26] xen/arm/cca: initialize the RMM and Realm parameters Date: Fri, 15 May 2026 13:07:53 +0900 Message-ID: <20260515040812.983626-8-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0093.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:2b4::6) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 2e4ce52f-3bfb-4bd1-7471-08deb2379bc5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: UfcFrQvCIVtqCR+pvBa12k3wKUgmP05cV1WxFmxp6NiG2+Ap6xJMIUsD0Z4NzRl2N+nWIkfGF7J/dtUVrZbEjUlq/LE1bJagplHaWyZUOBTYh6KVJ7U8/Y6OZfCxAmAvShgUDlXZswOoBaaVsAa6yZ6lLIY7RDcEG5L3xPp1CcvXu5iPyAn9KyTP6IzJNzqX4rQGKBP01ytnWPVXXlmUcsIdoatmu0UbdTKbZRX/ZazgvvM8bPHcm0b2DV83OjhZhkPiTA2r8ynRlokPlFQWClRBi7pmtDznUrz8KUGVzFU+iIja6TtJszQle/L6tj+l2fzpaXB+qX8oQJLmNNeT6QcQOHkcViVhb6cUkTQg/PChmJAauXulOy59eGRpLMLhH1JS5uTjyxU3bys3zTbLdFt3m37jY1AdsDSkJ4Jg9/YbuTKJ9L0iztUXkzlpvFHgqM3z2Gym7/7heBtGaktple+WyT0OJryVKOqFXvnHOJx1n20grgzcmxK9CVcFOiGIuzsaseU7tIFYMgKgJ2AlbxkvqGwWuDQSHB3X8BGsuX2a8w3nVwmeTwj3P+9xz+60+vTqQ9ISI5WYXGwsVEQCWIa4YUDOjxl0vu79qd+UAJOSazPn4pAmvlMTW1UjJt/Cz++0s9nfasPk5pb4fOBSlPC8ZqYve2OjW4D5pYsVujcXQEahEJ2IUDgipxCQs67q X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?cQt7RaPd4M3lQ4Mx56z5LK79TAAcO6fUrfducgJbOciF0idOdUa13NH3VDE5?= =?us-ascii?Q?ue48/AjZFvRQGzmIFUwBAieabZwra5qUU1l20IDIil4fr6gccS25qx+wmZRm?= =?us-ascii?Q?wU4g3rfcTM3CyFN4VHhC9hAQKC2y4ru4yb60njKF2M/QO8iBfyStjUsR1dIZ?= =?us-ascii?Q?3VBoHKRdHZiPH0k5JivudsIov1Y+qwkz9qj2wyZRjWNgJOJgi72tXC+dRIxc?= =?us-ascii?Q?VY1T4vnu8cA6dhT8/FbvUNTpycpftaky3KULf48DwwuwisiBeuuwjbInrG84?= =?us-ascii?Q?WfIAhJhSJn8VQPUwfw/wLjVBYRQdg5AwhxgU0PduEhz9yJOJ9ccYud5aNRc0?= =?us-ascii?Q?One6qeSkkwxAjy7dcFYiC2UUouCazM1WyDHpeEMhVo8X/gbb3ne6Wm2pqPGU?= =?us-ascii?Q?XVcJUrKlgIBceMUu71XiAmBQRSTbOOQf+PcsGxQaBU5b9yu9Vtks7urPyJMZ?= =?us-ascii?Q?qOVQZJhhbaxLMSxRrSOnBLQ3LSC0Np/23iF6VllAx7Fw+wXq6HlyA75y6UCS?= =?us-ascii?Q?uTQP13dpnC720fSSebshKQmmXSCK3kFL578QboSk8AKJr3UIPxIHJZmyilq6?= =?us-ascii?Q?SZ1XAMR26O+iN5dIXNhpo4vMs3TVOAdPO6E1DlNqBsesuIBYfAXeG4Lu2yQT?= =?us-ascii?Q?oeTVlZxU/gl88CpWZK35V7DKHm17m5Ug42XyzIQnkloLqRJBfazdpv6c0DkG?= =?us-ascii?Q?7AQVB+L/Wk2gPACXNSuWej4h5EWa56zs96MJMmoacJRq5Tiu5FyUQXP9NGzq?= =?us-ascii?Q?Dh2Ru6Sd/8CVmRodhA7PCRyo17jrCi389rWs4BPIYWtNC3FbVzcCywgFkfDi?= =?us-ascii?Q?znSuxJLWUvfapvNdrhjlKW126Z73pYLUz1XjMNqxVUv+Ui58VD4wTYGmYrX8?= =?us-ascii?Q?T911P+wiJ1tX2M0Efa7j9TwgWZxb5goUJOPDmwMojk22R8ZqOaGXgLWbSK4n?= =?us-ascii?Q?Ld3UD+OT4eNnIh48xHoJkGj5S42O1LuUrDLeT5VMOt94eJiMiU7zpRuiNW8X?= =?us-ascii?Q?YnreRnezFUkEyPuhcHs7wfLtXQ74B9IwCq/LJYt4oF/Vmm4bK3kU+H59iwxY?= =?us-ascii?Q?D+VBswi1jg3p+x2anLwFU/BxzrPpqaeDKD4x7ATlyOAxuRyiakn7+zF/vpfL?= =?us-ascii?Q?yhDa9Tit/zVwdwB+DuwJg/0Fenv/hfFookBaK8hOX/c0UJQKLAVap8BQOTsB?= =?us-ascii?Q?uI9twXwqNsRGvmv2XHBaIeWkVl04TpeePkFG0l5kvMG/38URAnQWCEuV1lII?= =?us-ascii?Q?bm1maTCfzM/lKlvqSFZ2hB22/sNY+sHao7AfufTD01r+sKogsZkPbqsnpWtK?= =?us-ascii?Q?MpcLMCjGTQuu4j/k2ebu7RHDxX+eNeaEwpycrZjLSpFcSiLZnF1tU/kHSFax?= =?us-ascii?Q?pCwoY0HmyvIRLgFQMRZtlrHcSLR7A+BaJIXU1xwabM+QCX6rvv7KLp6/KD1D?= =?us-ascii?Q?AlSifyQPJATm/bJniqH0mKHNDEshmxO0DqD59saA5t04TkzgnHMAanmBQh7E?= =?us-ascii?Q?8qLql0GSG+q74aliB8ZC1fK9ofGXCMp3vUc50dM4/VtFZeX/XN7EbfnbYHsC?= =?us-ascii?Q?bz6KZz4LX8YhFj0ulXxr7M3b2G7HG6vsoQDbd3lmMCb62vkrKVQLmWIKk1+H?= =?us-ascii?Q?R61E4QpS5j5Tk+n3knxzD/r7bL1xEFxMPkHebbBteKZ2D3Vk9Jav4mwsXya5?= =?us-ascii?Q?/MKkl6vS8pK8a/hUOmQTOovg9+2wZjzSz6+68MPRyc+ZcDpKZi9bR4Dqt7pX?= =?us-ascii?Q?PCgvYwAyhJ6/zeQsYtWI3vQGPHUbmLzjY067QFuHZUTKVRJq6d13?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 2e4ce52f-3bfb-4bd1-7471-08deb2379bc5 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:24.0101 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jTbCTrrZSlewrpSkN5c4sBxL2P8iQURDNvZOmhDRN819k5yesed0OAc2tKWmv0gFf+YExIvWkMAkXe1GLh6GfA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-720697/1778818110-82B68161-7E941101/0/0 X-purgate-type: clean X-purgate-size: 7408 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818153676158500 Content-Type: text/plain; charset="utf-8" Activate the RMM during Xen init and keep the small Realm/REC parameter initializers with the rest of the CCA code. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/realm.c | 191 +++++++++++++++++++++++++++++++++ xen/arch/arm/include/asm/cca.h | 10 ++ 3 files changed, 202 insertions(+) create mode 100644 xen/arch/arm/cca/realm.c diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile index 7f20d43323c3..57c3986d5de8 100644 --- a/xen/arch/arm/cca/Makefile +++ b/xen/arch/arm/cca/Makefile @@ -1,3 +1,4 @@ obj-y +=3D granule.o +obj-y +=3D realm.o obj-y +=3D rmi.o obj-y +=3D state.o diff --git a/xen/arch/arm/cca/realm.c b/xen/arch/arm/cca/realm.c new file mode 100644 index 000000000000..14aa7bba595f --- /dev/null +++ b/xen/arch/arm/cca/realm.c @@ -0,0 +1,191 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include +#include +#include + +#include + +#include "rmi.h" +#include "sro.h" + +/* + * Pages donated while activating the RMM are owned by the activated RMM u= ntil + * system reset. Keep the host references here to make that lifetime expl= icit. + */ +static struct page_info *arm_cca_rmm_sro_pages[ARM_CCA_MAX_SRO_DONATION_PA= GES]; +static unsigned int arm_cca_nr_rmm_sro_pages; +static struct page_list_head arm_cca_rmm_abandoned_pages =3D + PAGE_LIST_HEAD_INIT(arm_cca_rmm_abandoned_pages); +static bool arm_cca_rmm_available; +static unsigned long arm_cca_rmm_features0; +static unsigned long arm_cca_rmm_features1; + +static int arm_cca_set_rmm_config(struct arm_cca_rmi_rmm_config *cfg) +{ + memset(cfg, 0, ARM_CCA_RMI_RMM_CONFIG_SIZE); + cfg->rmi_granule_size =3D ARM_CCA_RMI_GRANULE_SIZE_4KB; + cfg->tracking_region_size =3D ARM_CCA_RMI_TRACKING_4KB_REGION_1GB; + + return arm_cca_rmi_rmm_config_set(virt_to_maddr(cfg)); +} + +static int arm_cca_activate_rmm(void) +{ + struct arm_cca_rmi_rmm_config *cfg; + struct arm_cca_sro_mem_xfer xfer =3D { + .pages =3D arm_cca_rmm_sro_pages, + .nr_pages =3D &arm_cca_nr_rmm_sro_pages, + .max_pages =3D ARRAY_SIZE(arm_cca_rmm_sro_pages), + .abandoned_pages =3D &arm_cca_rmm_abandoned_pages, + }; + struct arm_smccc_res res; + int rc =3D 0; + + cfg =3D alloc_xenheap_page(); + if ( cfg =3D=3D NULL ) + return -ENOMEM; + + rc =3D arm_cca_set_rmm_config(cfg); + if ( rc =3D=3D 0 ) + { + rc =3D arm_cca_rmi_rmm_activate(&res); + rc =3D arm_cca_sro_complete_mem_transfer(rc, &res, &xfer); + } + + if ( rc !=3D 0 && (arm_cca_nr_rmm_sro_pages !=3D 0 || + !page_list_empty(&arm_cca_rmm_abandoned_pages)) ) + rc =3D -EIO; + + free_xenheap_page(cfg); + + return rc; +} + +static int arm_cca_validate_rmm_config(void) +{ + struct arm_cca_rmi_rmm_config *cfg; + struct arm_smccc_res res; + int rc; + + cfg =3D alloc_xenheap_page(); + if ( cfg =3D=3D NULL ) + return -ENOMEM; + + memset(cfg, 0, ARM_CCA_RMI_RMM_CONFIG_SIZE); + + rc =3D arm_cca_rmi_rmm_config_get(virt_to_maddr(cfg), &res); + if ( rc !=3D 0 ) + { + printk(XENLOG_ERR + "ARM CCA: RMI_RMM_CONFIG_GET failed status=3D%#x data=3D%#l= x\n", + arm_cca_rmi_status_code(arm_cca_rmi_result(&res)), + (unsigned long)arm_cca_rmi_result_data( + arm_cca_rmi_result(&res))); + rc =3D -EOPNOTSUPP; + goto out; + } + + /* + * Xen's current Realm build and teardown paths assume 4KB RMI granules + * and the matching 1GB tracking region. Other active RMM configurati= ons + * are valid RMI, but need explicit Xen support before they can be + * accepted here. + */ + if ( cfg->rmi_granule_size !=3D ARM_CCA_RMI_GRANULE_SIZE_4KB ) + { + printk(XENLOG_ERR + "ARM CCA: requires 4KB RMI granules, but current RMM " + "granule size encoding is %u\n", cfg->rmi_granule_size); + rc =3D -EOPNOTSUPP; + goto out; + } + + if ( cfg->tracking_region_size !=3D ARM_CCA_RMI_TRACKING_4KB_REGION_1G= B ) + { + printk(XENLOG_ERR + "ARM CCA: requires 1GB tracking regions for 4KB RMI " + "granules, but current RMM tracking-region encoding is %u\n= ", + cfg->tracking_region_size); + rc =3D -EOPNOTSUPP; + goto out; + } + + rc =3D 0; + +out: + free_xenheap_page(cfg); + + return rc; +} + +static int __init arm_cca_init_rmi(void) +{ + unsigned long revision_lower; + int rc; + + rc =3D arm_cca_rmi_version(ARM_CCA_RMI_ABI_VERSION, &revision_lower, N= ULL); + if ( rc !=3D 0 || revision_lower !=3D ARM_CCA_RMI_ABI_VERSION ) + return 0; + + arm_cca_rmm_features0 =3D arm_cca_rmi_features(0); + arm_cca_rmm_features1 =3D arm_cca_rmi_features(1); + + rc =3D arm_cca_activate_rmm(); + if ( rc !=3D 0 ) + { + printk(XENLOG_ERR "ARM CCA: RMM activate failed: %d\n", rc); + return 0; + } + + rc =3D arm_cca_validate_rmm_config(); + if ( rc !=3D 0 ) + return 0; + + rc =3D arm_cca_prepare_host_memory(arm_cca_rmm_features1); + if ( rc !=3D 0 ) + { + printk(XENLOG_ERR "ARM CCA: host memory metadata check failed: %d\= n", + rc); + return 0; + } + + arm_cca_rmm_available =3D true; + printk(XENLOG_INFO "ARM CCA: RMI configured\n"); + + return 0; +} +__initcall(arm_cca_init_rmi); + +int arm_cca_probe(struct domain *d) +{ + if ( !arm_cca_rmm_available ) + return -EOPNOTSUPP; + + d->arch.cca.rmi_features0 =3D arm_cca_rmm_features0; + d->arch.cca.rmi_features1 =3D arm_cca_rmm_features1; + + return 0; +} + +void arm_cca_realm_params_init(struct arm_cca_rmi_realm_params *params) +{ + memset(params, 0, sizeof(*params)); +} + +void arm_cca_rec_params_init(struct arm_cca_rmi_rec_params *params, + register_t mpidr, register_t pc, bool runnabl= e) +{ + memset(params, 0, sizeof(*params)); + + params->flags =3D runnable ? ARM_CCA_RMI_REC_CREATE_RUNNABLE : 0; + params->mpidr =3D mpidr; + params->pc =3D pc; +} + +void arm_cca_rec_run_init(struct arm_cca_rmi_rec_run *run) +{ + memset(run, 0, sizeof(*run)); +} diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index c35d51f750a3..80c161078d6c 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -24,6 +24,9 @@ =20 struct domain; struct vcpu; +struct arm_cca_rmi_realm_params; +struct arm_cca_rmi_rec_params; +struct arm_cca_rmi_rec_run; struct page_info; =20 struct arm_cca_rtt_record { @@ -84,4 +87,11 @@ int arm_cca_delegate_granule(paddr_t granule); int arm_cca_undelegate_granule(paddr_t granule); int arm_cca_prepare_host_memory(unsigned long features1) __init; =20 +int arm_cca_probe(struct domain *d); + +void arm_cca_realm_params_init(struct arm_cca_rmi_realm_params *params); +void arm_cca_rec_params_init(struct arm_cca_rmi_rec_params *params, + register_t mpidr, register_t pc, bool runnabl= e); +void arm_cca_rec_run_init(struct arm_cca_rmi_rec_run *run); + #endif /* ARM_CCA_H */ --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818144291858.0675662188215; Thu, 14 May 2026 21:09:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309342.1580392 (Exim 4.92) (envelope-from ) id 1wNjqi-0002JM-Nb; Fri, 15 May 2026 04:08:32 +0000 Received: by outflank-mailman (output) from mailman id 1309342.1580392; Fri, 15 May 2026 04:08:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqi-0002Im-I8; Fri, 15 May 2026 04:08:32 +0000 Received: by outflank-mailman (input) for mailman id 1309342; Fri, 15 May 2026 04:08:30 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqg-0001oS-DD for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:30 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqf-00Bu3E-PF for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:29 +0200 Received: from [10.42.69.3] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-5cb7-0a2a0a5109dd-0a2a45038516-44 for ; Fri, 15 May 2026 06:08:29 +0200 Received: from [52.101.228.127] (helo=OS0P286CU011.outbound.protection.outlook.com) by tlsNG-33051d.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3b-672d-0a2a45030019-3465e47fdc14-3 for ; Fri, 15 May 2026 06:08:29 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB5257.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:163::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:24 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dwrqvmBDAGah25IIMw9ewVC5yN3vBgUvPIkc128r0TalWRUbl9pffDfXsuyCYzfpeX/zqgAQiCbh5mDAsOlp7KHtwlTdvffKiCqa4Y3n7Kp71Au5TctDJRKeVzsE09oSA2JfUvM72gL5wR2onnjms1rDPfym2ASSAZsbj/IjcJPNwI9ki4d9r/Y0DsbItfru3LFHz6n4nw0PUPXvmnKoOWHZv6oLZ4xyH40miA4EJHMt2gs3YE4bn+O1zXpvnhpBq5cI74epN7s3mcbV7lYTiJYhjMT2+A4PGuLqsuNhDEke5ucSIHQM6R8BeEIVt6xtsEy7j2QfmuDuWhIHJhGZPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HYkQKXdORTfgPSnkO/UtbvHd/o4UIhbIJXpGqu2bagU=; b=k/9lMGWoC73rjW6zdGZq+rF/7SvnCHuPibAES6D0nLhI0IDkp7SQw0l2S48qB8vBex7mLXRLUs1VTLE8uGMR2CjXg9Hhpfzo2TqLXSr6tqyXo5wPJl5QXTbKtWre79dRvnzmArc9xfSwoyJ0uuM8vyiMmJY6irKiZTAhCXvhkdiitoIo2ncaXSY5faCPkprr0vqekv0Yzz6MH1zb0J0G+47Q1IDSnKB0QGTIRPU9szlFM11c6fCQ6jGfuNGp+tnx4SUf9536X+HB+A/E2msfJgwpk4HYgh49vEKIh9silqmjQUKsuUx+xMb6nBMxo8QCCtwq+ZNClPIbcj8P2a/N+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HYkQKXdORTfgPSnkO/UtbvHd/o4UIhbIJXpGqu2bagU=; b=ARSnsmLuAV/ruLlL2rdxogWgopJn/nSleD8uS9zYoVz410dzOtqbM0cil0X9+PXrTMCet5mKysZukOaYr18XKyE2dfu7RJPudWr0gcL2BRfDrD4/QRBO/MiJkzgrlNYUSeNoerm+sJ2Fd5LIGHFY3UNiKZCMpwn21ASSF8lhjKA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 08/26] xen/arm/cca: add shared SRO helpers Date: Fri, 15 May 2026 13:07:54 +0900 Message-ID: <20260515040812.983626-9-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCPR01CA0065.jpnprd01.prod.outlook.com (2603:1096:405:2::29) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB5257:EE_ X-MS-Office365-Filtering-Correlation-Id: cf47f41a-6693-4a9c-ecbf-08deb2379c36 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|376014|7416014|366016|56012099003|18002099003|22082099003; X-Microsoft-Antispam-Message-Info: AJmeJMXP0ESfV7X4ZXuVLgXoKJTKYnTOMcHnL/wKvE3h4QdsbOyYd0yFyQj8rdS0Pkj4zTn1yM5au5g/8/Ro5m9pA15NEX6RaDxLl1H1D8ueV8/ouKuLfyD9KXVIm5SYb0CEliI1YHPR9YsFHcrah/m4gBkxAMAxJyLI2ofVnRLvBPORbR0/OlswQGlAzFOjy14srbI6P8wZPm4FX+An2G9zb5N7Lkoe2BO9uiWXpmT0jTJyv8K0PJMUjoeDHtdBBK4YxXTumv4l2zXNdqccu/6IullRaOYvnGBwkrI0rFkst0YjPMF9rlbcCiIKMiR77Qupuelkt5WoTHPb1Y5dQXnM/mqa1d76QWdX7C3Ab3wBaBoWtFlerSZkLcCEXR2lGtIPk4p1cqvWf2smoiM5sccKJ2u/NZqzx+NjhDNMhsI2eTilnfzWQ2IgNznBtiOoy0nRYY/hDUyLf5VsmZYJApw0vi6m/n4D7f9NyMHXRfsLVug//dnqKrAOs6zQyXoL3C3ts0ri9t3ZFuoIV279zc2PQqpJPcF0qH3EA/1yFxmHf//9llPx+I6GjiEbW+9shFcpyqa2TIffzVVTxeFh8FMe1TGALZzXzqTRWZW5JuhU3XJe19jW+jGBpx0oew6x3i0R7Agra/ebt4lGPX0gOZPESEfemIGy1eMOVto4EEG+efNzuf0swZfWKOSYXjD0 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(376014)(7416014)(366016)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?GXuaqB2XzGcEuotCBjsoHPbpxnTn53LrdyjrmuLZ+y4F5gs0Vf5+RJV8y/hD?= =?us-ascii?Q?iAUzDlZdBWIlSCpql3T9KwAPBQpTvyE3EU3h4WJ6Pz+9Ch92BzoUabA7XRn9?= =?us-ascii?Q?BswELgamI/KAQEY2Jp1/0Wiv7kOweqckB/S3DevbMnbjZZ8MXAcuAd4LN+D2?= =?us-ascii?Q?25MTSIdhrcY5q4C1qnZfkhy+a0yPvKsz+6dxxnDW7OeNJ1sid7OoHxmpm0R1?= =?us-ascii?Q?/2kJBK9E3ILtJz4zeTAWrMPlDKVP/xnSKLn1zZvhn6P1cGPkCeATYLkLdnz7?= =?us-ascii?Q?r15i4gs/EUCmBAkqLKj3E67jem3g+zc5A7lYO8QC+tcHiJ+VgQo9Pa2ex04V?= =?us-ascii?Q?hNfI177UNssfA+mBLMG+9Q3yg7sLQR6zG14PP8jaMViuBFuJaIGZJvDbtGI/?= =?us-ascii?Q?PtAJ4E4GySUwYFkNsxrQraJJ/zn3eOTdaZgNLTVhRKnIs9V2QqWZxwKLUl4e?= =?us-ascii?Q?t/qJsEq0YnGCq/m49VGEwOaRkSbyw6DKj0+rTEGNr9LeYxu5AbuEMCe4GhOJ?= =?us-ascii?Q?vvm0GjrimQUFyoVT/GM/2XrYaOcrKv7QFTpO34U1C8n8wJEFcfhn/p5MRhnh?= =?us-ascii?Q?Au+WJCq2zd9J3utd7mjVTqmd5oFHca1bdQUk4Jr9+oSHvSABGi+eLitDXi88?= =?us-ascii?Q?2qUJM9sU8PYIjtCRV4vmF90RynN83OyNuq6zD+vKHSU6CLQIQUBhjPrEZnBQ?= =?us-ascii?Q?cvyyw9GCwbxOebc/hdVwEkRdi5xZQ5j4mOHotUbUxQQ75eWu7vqs7pJxOomv?= =?us-ascii?Q?4P65/kjbPjQydj/QaXHO3bkVdiYCfhkbsEHgTLg2h7nMDGaPxSA3/WfU4KsI?= =?us-ascii?Q?8rVpu7JDlYf/85gsWsHmlEuE+ii1G5cXOXzujmK17CcOiDRlHzZe18yMwxKU?= =?us-ascii?Q?GmfEpyCNKq5idFdfk1iaalBrLimDExMH+Pz8NSNdXIF1en/WYw9inMiKPB0W?= =?us-ascii?Q?Oiktyn3z5h/zWoxQDNLMcjzVhAdg3tC0+ZkeVyB6g5Wc9c7sHGouADWrcyou?= =?us-ascii?Q?udrsdChlypFwIW2nkXkyy2JCb2/AjZG1x+AxOm5cBoVkxBvVSSyfti4C51VG?= =?us-ascii?Q?/RBVs5eAMVuuUe7b2Fp9levddbeP7jK8dBvj1eA/FWqPFfsvFjV9/70yBtTZ?= =?us-ascii?Q?WBQyei/VybRUSVueUPO0r8710vZ/ojiFihyMjYVoTnEV+9HJsBjIfwGxrJ6p?= =?us-ascii?Q?7wImUoOCES/5Dp0OANgEMQRvfI1KvJwH0XA2cQYSLMuAOzGuHPXGZTW2cAX/?= =?us-ascii?Q?D+L88wbLLlJUjBOzaNO5EmFBxUl7Kx1Znj1Pjhpu+KBLSUTcSaXA6txwcOR2?= =?us-ascii?Q?kqZG03HPyfQXOxHHE0emL+Vb2N9MKPMIGKZzaH+cKrVcBPiXrYpgBG4MMP6V?= =?us-ascii?Q?/+bmhhq00lGQJT+aMF2gFoOgeYOAUfpekXBtP2ab9oH2+AoM2PBlNZW0i1Tc?= =?us-ascii?Q?9rsYfFNQJ3YUFSUqxZF7eq1wn7gC3APgk3MqqSVHcHC0ICNt9rVnIDit9M0q?= =?us-ascii?Q?yu4QjLrns37p52m8sniYMHGr0tLiPCf2hvY9+llSY9k0FM+MpYYDXk+QbmC7?= =?us-ascii?Q?LqtFedVc9nN1D248ximfd3zVi/RJOE+d+QhcC/ToprpmI8Sy55PD4+WnHWVT?= =?us-ascii?Q?MMO8SRkw2GJC21q+ZY8G0SAh1xgTdAm3hCNzqSJWYDg3ZRQqitKwqvmFgsEM?= =?us-ascii?Q?bRFnbJ7ltB4vke3qSfwvoszd5Vh1R9be6dcKFbNmytCwtZELxuFIWluRIsTB?= =?us-ascii?Q?b7rE6syq2u5lNA3EM1w7NnD6Rahms8RBd47leh8o0V/N9UuAEEKW?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: cf47f41a-6693-4a9c-ecbf-08deb2379c36 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:24.7598 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tdvj2mhceMc+0+Et9DPNXzp57Qw9xBk3Mf/sADh9u1/a9C6BxuqcigEEw8cxct1J0WIVj7kRkfBFFfxsaiaWtA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB5257 X-purgate-ID: tlsNG-33051d/1778818109-36746938-A2D52CEA/0/0 X-purgate-type: clean X-purgate-size: 16120 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818145491158500 Content-Type: text/plain; charset="utf-8" Add the common loop for memory-transferring Stateful RMI Operations. It keeps donate, reclaim and cancel handling out of each lifecycle caller. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/sro.c | 485 ++++++++++++++++++++++++++++++++++++++ xen/arch/arm/cca/sro.h | 25 ++ 3 files changed, 511 insertions(+) create mode 100644 xen/arch/arm/cca/sro.c create mode 100644 xen/arch/arm/cca/sro.h diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile index 57c3986d5de8..bf6d9b58ebec 100644 --- a/xen/arch/arm/cca/Makefile +++ b/xen/arch/arm/cca/Makefile @@ -1,4 +1,5 @@ obj-y +=3D granule.o obj-y +=3D realm.o obj-y +=3D rmi.o +obj-y +=3D sro.o obj-y +=3D state.o diff --git a/xen/arch/arm/cca/sro.c b/xen/arch/arm/cca/sro.c new file mode 100644 index 000000000000..d17810388398 --- /dev/null +++ b/xen/arch/arm/cca/sro.c @@ -0,0 +1,485 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include +#include + +#include + +#include "rmi.h" +#include "sro.h" + +static struct page_info *arm_cca_sro_alloc_page(void) +{ + struct page_info *pg; + void *va; + + pg =3D alloc_domheap_page(NULL, 0); + if ( !pg ) + return NULL; + + va =3D map_domain_page(page_to_mfn(pg)); + clear_page(va); + unmap_domain_page(va); + + return pg; +} + +static unsigned long arm_cca_sro_donate_req_count(unsigned long req) +{ + return arm_cca_rmi_field_get(req, + ARM_CCA_RMI_OP_DONATE_BLK_COUNT_SHIFT, + ARM_CCA_RMI_OP_DONATE_BLK_COUNT_WIDTH); +} + +static uint64_t arm_cca_sro_addr_desc_4k(paddr_t pa) +{ + return ((uint64_t)ARM_CCA_RMI_PAGE_L3 << + ARM_CCA_RMI_ADDR_DESC_4K_SZ_SHIFT) | + (1ULL << ARM_CCA_RMI_ADDR_DESC_4K_CNT_SHIFT) | + (((uint64_t)pa >> PAGE_SHIFT) << + ARM_CCA_RMI_ADDR_DESC_4K_ADDR_SHIFT) | + ((uint64_t)ARM_CCA_RMI_OP_MEM_DELEGATED << + ARM_CCA_RMI_ADDR_DESC_4K_ST_SHIFT); +} + +static int +arm_cca_sro_free_delegated_pages(const struct arm_cca_sro_mem_xfer *xfer, + struct page_info **pages, + unsigned int nr_pages) +{ + unsigned int i; + int rc =3D 0; + + for ( i =3D 0; i < nr_pages; ++i ) + { + if ( !pages[i] ) + continue; + + if ( arm_cca_undelegate_granule(page_to_maddr(pages[i])) !=3D 0 ) + { + page_list_add_tail(pages[i], xfer->abandoned_pages); + pages[i] =3D NULL; + rc =3D -EIO; + continue; + } + + free_domheap_page(pages[i]); + pages[i] =3D NULL; + } + + return rc; +} + +static int +arm_cca_sro_validate_donate_req(const struct arm_cca_sro_mem_xfer *xfer, + unsigned long req, unsigned long *count) +{ + unsigned long blk_size, contig, state; + + if ( !xfer || !xfer->pages || !xfer->nr_pages || !xfer->max_pages || + !xfer->abandoned_pages ) + return -EOPNOTSUPP; + + blk_size =3D arm_cca_rmi_field_get(req, + ARM_CCA_RMI_OP_DONATE_BLK_SIZE_SHIFT, + ARM_CCA_RMI_OP_DONATE_BLK_SIZE_WIDTH); + contig =3D arm_cca_rmi_field_get(req, + ARM_CCA_RMI_OP_DONATE_MEM_CONTIG_SHIFT, + ARM_CCA_RMI_OP_DONATE_MEM_CONTIG_WIDTH); + state =3D arm_cca_rmi_field_get(req, + ARM_CCA_RMI_OP_DONATE_MEM_STATE_SHIFT, + ARM_CCA_RMI_OP_DONATE_MEM_STATE_WIDTH); + *count =3D arm_cca_sro_donate_req_count(req); + + /* + * Xen donates 4KB, non-contiguous, already-delegated granules here + * because they can be allocated and tracked as individual pages. + */ + if ( blk_size !=3D ARM_CCA_RMI_PAGE_L3 || + contig !=3D ARM_CCA_RMI_OP_MEM_NON_CONTIG || + state !=3D ARM_CCA_RMI_OP_MEM_DELEGATED ) + return -EOPNOTSUPP; + + if ( *count =3D=3D 0 ) + return -EINVAL; + + if ( *xfer->nr_pages > xfer->max_pages || + *count > xfer->max_pages - *xfer->nr_pages ) + return -E2BIG; + + if ( *count > PAGE_SIZE / sizeof(uint64_t) ) + return -E2BIG; + + return 0; +} + +static int arm_cca_sro_donate_pages(unsigned long handle, + unsigned long donate_req, + const struct arm_cca_sro_mem_xfer *xfe= r, + struct arm_smccc_res *res) +{ + struct page_info *list_pg =3D NULL; + struct page_info **pages =3D NULL; + uint64_t *list; + unsigned long count, consumed; + unsigned int i; + int cleanup_rc, rc; + + rc =3D arm_cca_sro_validate_donate_req(xfer, donate_req, &count); + if ( rc !=3D 0 ) + return rc; + + pages =3D xzalloc_array(struct page_info *, count); + if ( !pages ) + return -ENOMEM; + + list_pg =3D arm_cca_sro_alloc_page(); + if ( !list_pg ) + { + rc =3D -ENOMEM; + goto out; + } + + list =3D map_domain_page(page_to_mfn(list_pg)); + + for ( i =3D 0; i < count; ++i ) + { + pages[i] =3D arm_cca_sro_alloc_page(); + if ( !pages[i] ) + { + rc =3D -ENOMEM; + goto out_unmap; + } + + rc =3D arm_cca_delegate_granule(page_to_maddr(pages[i])); + if ( rc !=3D 0 ) + { + free_domheap_page(pages[i]); + pages[i] =3D NULL; + goto out_unmap; + } + + list[i] =3D arm_cca_sro_addr_desc_4k(page_to_maddr(pages[i])); + } + + rc =3D arm_cca_rmi_op_mem_donate(handle, page_to_maddr(list_pg), count= , res); + /* + * donated_count is valid regardless of the RMI status. + * See DEN0137 2.0-bet1 - B4.3.2.2 Donating memory to an SRO + */ + consumed =3D res->a1; + if ( consumed > count ) + { + rc =3D -EIO; + consumed =3D count; + } + + for ( i =3D 0; i < consumed; ++i ) + { + xfer->pages[*xfer->nr_pages] =3D pages[i]; + (*xfer->nr_pages)++; + pages[i] =3D NULL; + } + +out_unmap: + unmap_domain_page(list); + free_domheap_page(list_pg); + +out: + cleanup_rc =3D arm_cca_sro_free_delegated_pages(xfer, pages, count); + if ( cleanup_rc !=3D 0 ) + rc =3D cleanup_rc; + xfree(pages); + + return rc; +} + +static int arm_cca_sro_continue(unsigned long handle, + struct arm_smccc_res *res) +{ + return arm_cca_rmi_op_continue(handle, ARM_CCA_RMI_CONTINUE_KEEP_GOING, + res); +} + +static bool arm_cca_sro_is_pending(const struct arm_smccc_res *res) +{ + uint64_t result =3D arm_cca_rmi_result(res); + + return arm_cca_rmi_status_is(result, ARM_CCA_RMI_INCOMPLETE) || + arm_cca_rmi_status_is(result, ARM_CCA_RMI_BUSY); +} + +static int arm_cca_sro_reclaim_pages(unsigned long handle, + const struct arm_cca_sro_mem_xfer *xf= er, + struct arm_smccc_res *res); + +static int +arm_cca_sro_validate_reclaim_xfer(const struct arm_cca_sro_mem_xfer *xfer) +{ + if ( !xfer || !xfer->pages || !xfer->nr_pages || !xfer->abandoned_page= s ) + return -EOPNOTSUPP; + + if ( *xfer->nr_pages =3D=3D 0 ) + return -EIO; + + return 0; +} + +static int arm_cca_sro_cancel(unsigned long handle, + const struct arm_cca_sro_mem_xfer *xfer, + struct arm_smccc_res *res) +{ + int rc =3D arm_cca_rmi_op_cancel(handle, res); + + if ( rc !=3D 0 && !arm_cca_sro_is_pending(res) ) + return rc; + + while ( arm_cca_sro_is_pending(res) ) + { + unsigned long mem_req; + + if ( arm_cca_rmi_status_is(arm_cca_rmi_result(res), + ARM_CCA_RMI_BUSY) ) + { + rc =3D arm_cca_sro_continue(handle, res); + if ( rc < 0 ) + return rc; + if ( !arm_cca_sro_is_pending(res) ) + return rc; + continue; + } + + mem_req =3D arm_cca_rmi_sro_mem_req(res->a0); + + switch ( mem_req ) + { + case ARM_CCA_RMI_OP_MEM_REQ_RECLAIM: + rc =3D arm_cca_sro_validate_reclaim_xfer(xfer); + if ( rc !=3D 0 ) + return rc; + rc =3D arm_cca_sro_reclaim_pages(handle, xfer, res); + break; + + case ARM_CCA_RMI_OP_MEM_REQ_NONE: + rc =3D arm_cca_sro_continue(handle, res); + if ( rc < 0 ) + return rc; + if ( !arm_cca_sro_is_pending(res) ) + return rc; + break; + + default: + return -EIO; + } + + if ( rc < 0 ) + return rc; + } + + return rc; +} + +int arm_cca_sro_complete_mem_transfer(int rc, struct arm_smccc_res *res, + const struct arm_cca_sro_mem_xfer *x= fer) +{ + unsigned long handle; + bool can_cancel =3D false; + + if ( rc !=3D 0 && !arm_cca_sro_is_pending(res) ) + return rc; + + if ( !arm_cca_rmi_status_is(arm_cca_rmi_result(res), + ARM_CCA_RMI_INCOMPLETE) ) + return rc; + + handle =3D res->a1; + + while ( arm_cca_sro_is_pending(res) ) + { + uint64_t result =3D arm_cca_rmi_result(res); + unsigned long mem_req; + + if ( arm_cca_rmi_status_is(result, ARM_CCA_RMI_BUSY) ) + { + rc =3D arm_cca_sro_continue(handle, res); + } + else + { + can_cancel =3D arm_cca_rmi_sro_can_cancel(result); + mem_req =3D arm_cca_rmi_sro_mem_req(result); + + switch ( mem_req ) + { + case ARM_CCA_RMI_OP_MEM_REQ_DONATE: + rc =3D arm_cca_sro_donate_pages(handle, res->a2, xfer, res= ); + /* + * RMM records a failed donation through the SRO context. = The + * Host must continue the SRO after an RMI_OP_MEM_DONATE e= rror. + * + * See DEN0137 2.0-bet1 - B4.3.2.2 + */ + if ( arm_cca_rmi_status_is_error(arm_cca_rmi_result(res)) ) + rc =3D arm_cca_sro_continue(handle, res); + break; + + case ARM_CCA_RMI_OP_MEM_REQ_RECLAIM: + rc =3D arm_cca_sro_validate_reclaim_xfer(xfer); + if ( rc !=3D 0 ) + break; + + rc =3D arm_cca_sro_reclaim_pages(handle, xfer, res); + break; + + case ARM_CCA_RMI_OP_MEM_REQ_NONE: + rc =3D arm_cca_sro_continue(handle, res); + break; + + default: + rc =3D -EOPNOTSUPP; + break; + } + } + + if ( rc < 0 ) + { + int cancel_rc; + + /* + * A final RMI_ERROR_* already ends the SRO. CANCEL is only f= or + * a still-pending SRO which Xen can no longer drive. + */ + if ( !arm_cca_sro_is_pending(res) ) + break; + + if ( !can_cancel ) + break; + + cancel_rc =3D arm_cca_sro_cancel(handle, xfer, res); + if ( cancel_rc !=3D 0 ) + rc =3D cancel_rc; + break; + } + } + + return rc; +} + +static int +arm_cca_sro_forget_reclaimed_page(const struct arm_cca_sro_mem_xfer *xfer, + paddr_t pa) +{ + struct page_info **pages =3D xfer->pages; + unsigned int *nr_pages =3D xfer->nr_pages; + unsigned int i; + + for ( i =3D 0; i < *nr_pages; ++i ) + { + struct page_info *pg =3D pages[i]; + + if ( !pg || page_to_maddr(pg) !=3D pa ) + continue; + + pages[i] =3D pages[*nr_pages - 1]; + pages[*nr_pages - 1] =3D NULL; + (*nr_pages)--; + + if ( arm_cca_undelegate_granule(pa) !=3D 0 ) + { + /* + * The RMM has returned the page. Keep host undelegation fail= ure + * out of the SRO state machine and retry it from relinquish. + */ + page_list_add_tail(pg, xfer->abandoned_pages); + return 0; + } + + free_domheap_page(pg); + + return 0; + } + + return -ENOENT; +} + +static int +arm_cca_sro_forget_reclaimed_desc(const struct arm_cca_sro_mem_xfer *xfer, + uint64_t desc) +{ + paddr_t pa =3D arm_cca_rmi_addr_desc_4k_pa(desc); + unsigned long count =3D arm_cca_rmi_addr_desc_4k_count(desc); + unsigned long size =3D arm_cca_rmi_addr_desc_4k_size(desc); + unsigned long state =3D arm_cca_rmi_addr_desc_4k_state(desc); + unsigned long i; + + if ( size !=3D ARM_CCA_RMI_PAGE_L3 || + state !=3D ARM_CCA_RMI_OP_MEM_DELEGATED || + count =3D=3D 0 ) + return -EIO; + + for ( i =3D 0; i < count; ++i ) + { + int rc =3D arm_cca_sro_forget_reclaimed_page(xfer, pa); + + if ( rc !=3D 0 ) + return rc; + + pa +=3D PAGE_SIZE; + } + + return 0; +} + +static int arm_cca_sro_reclaim_pages(unsigned long handle, + const struct arm_cca_sro_mem_xfer *xf= er, + struct arm_smccc_res *res) +{ + struct page_info *list_pg; + uint64_t *list; + unsigned long max_descs =3D *xfer->nr_pages; + unsigned long nr_descs =3D 0; + unsigned int i; + int rc; + + list_pg =3D alloc_domheap_page(NULL, 0); + if ( !list_pg ) + return -ENOMEM; + + list =3D map_domain_page(page_to_mfn(list_pg)); + clear_page(list); + + /* + * In the worst case each reclaimed page needs one address-list + * descriptor, so the tracked page count is a sufficient list capacity. + */ + rc =3D arm_cca_rmi_op_mem_reclaim(handle, page_to_maddr(list_pg), max_= descs, + res); + + if ( arm_cca_rmi_status_is(arm_cca_rmi_result(res), + ARM_CCA_RMI_INCOMPLETE) ) + { + nr_descs =3D res->a1; + if ( nr_descs > max_descs ) + { + nr_descs =3D max_descs; + rc =3D -EIO; + } + } + + for ( i =3D 0; i < nr_descs; ++i ) + { + int ret =3D arm_cca_sro_forget_reclaimed_desc(xfer, list[i]); + + if ( ret !=3D 0 ) + { + rc =3D ret; + break; + } + } + + unmap_domain_page(list); + free_domheap_page(list_pg); + + return rc; +} diff --git a/xen/arch/arm/cca/sro.h b/xen/arch/arm/cca/sro.h new file mode 100644 index 000000000000..71d26574fe7e --- /dev/null +++ b/xen/arch/arm/cca/sro.h @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef ARM_CCA_SRO_H +#define ARM_CCA_SRO_H + +struct arm_smccc_res; +struct page_list_head; +struct page_info; + +struct arm_cca_sro_mem_xfer { + /* + * pages tracks pages accepted by the SRO and later returned by reclai= m. + * max_pages is the capacity for accepted donations; zero disables + * donation. abandoned_pages keeps delegated pages which still need + * host-side undelegation retry. + */ + struct page_info **pages; + unsigned int *nr_pages; + unsigned int max_pages; + struct page_list_head *abandoned_pages; +}; + +int arm_cca_sro_complete_mem_transfer(int rc, struct arm_smccc_res *res, + const struct arm_cca_sro_mem_xfer *x= fer); + +#endif /* ARM_CCA_SRO_H */ --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818137784769.4864478171199; Thu, 14 May 2026 21:08:57 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309344.1580407 (Exim 4.92) (envelope-from ) id 1wNjqk-0002hz-3C; Fri, 15 May 2026 04:08:34 +0000 Received: by outflank-mailman (output) from mailman id 1309344.1580407; Fri, 15 May 2026 04:08:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqj-0002gK-Oa; Fri, 15 May 2026 04:08:33 +0000 Received: by outflank-mailman (input) for mailman id 1309344; Fri, 15 May 2026 04:08:31 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqh-00021K-E3 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:31 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqg-00Bu3E-Qp for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:30 +0200 Received: from [10.42.69.3] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c0b-5cb7-0a2a0a5109dd-0a2a45038516-48 for ; Fri, 15 May 2026 06:08:30 +0200 Received: from [52.101.228.127] (helo=OS0P286CU011.outbound.protection.outlook.com) by tlsNG-33051d.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3b-672d-0a2a45030019-3465e47fdc14-4 for ; Fri, 15 May 2026 06:08:30 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB5257.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:163::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:25 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=M+j7WgkLsNNsUQog+JY3HCqRFlPzGEoa0WezZYwDI6uxBVtvu6Fv8K3mrmtZlPSLJ6DPGW9WE74Aq6kRK50IRYU+J0AEy6EOTZBb+KkZpb++g0IzPqEPaJlJ9x+3YxLuW4ptW/KbdwDRgld7nVr743fYeH+XfpWVgq0Deo3O0ehtIyySu0HR0cn8hnXN3K4iWtix0eEWtL3+9QOYqQUjcLU7SQbvlz9lp5sgqzb/lUVN6tqaQEGRRHRfdQJdDKzHzM9mMAEGuC6ZM5L9iNp+Rd4+/iVDPKyCHChcKWY2txrGB9qzS2aHC/FJyswBLAANmVqoXOk2zokaLhT8mcJtAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=clH4lYO5wbmlpaQIs7uoidyKQIOc+adymnvGpmXm3os=; b=kpNicKWiRaUN7GCt9/Qtc8hUoe/br8BZjYpAasP6RzteiVd3vGVUKwquvGgVUbejdf457t5CJVFZyI/jbr7oa4i8TsL16MauDQXHmw17lk7HrW3Zccv1/JyIPDXFT8krc5nfihlpzGpJb58Q7JI82eV/ZJC7+CfLV+/0Kq4UbuFGooQmzufrh6GWIr21ZEe2K2a05UMALGn3a4MOwUzaY3J9yiSEpRQOdeM7Ff6ERfrnpii1F3a0r346Xc73+NjYU6sJ/88CwHK5d8aQABBDcUOijOGRH9EpHXzsA9kBr/X2DQ9x89LRKhIzgkZmJ/d8IIr/PFzI+n2bdbf7+tW8dw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=clH4lYO5wbmlpaQIs7uoidyKQIOc+adymnvGpmXm3os=; b=s5HAR+Knp/HCSk99ksrP5vJ0+5Vx7AiudST8fzgcr4WrCpoytbJt+pn8qJC9XOa8I5CegLnO0FCAJBfy4MOPPz+iErxVRewtXTLmQyQKUCt4hKXtGmqNucDjiLA6h4PcZwFPKrwdZU5d8C7muFY1lg5MUeqT0R8cx+TjBsgyiCw= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 09/26] xen/arm: vpl011: expose VPL011 presence to Arm code Date: Fri, 15 May 2026 13:07:55 +0900 Message-ID: <20260515040812.983626-10-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0083.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:2b3::11) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB5257:EE_ X-MS-Office365-Filtering-Correlation-Id: 5d76a1a3-5e66-4a7c-3e44-08deb2379ca9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|376014|7416014|366016|56012099003|18002099003|22082099003; X-Microsoft-Antispam-Message-Info: 9lTVlJNHahq+ojBEUkiP3eixCr08Kjxvnalzg4IOzf1laArrd1tL14LA3YCW53V6SoPwDIzUrEudAUa4NGPDJDRdQtb/d3id8qRp9dGCTGgMbe/YU7Xi5o9saVs/1NzRktdvgLwWjC9sKN1lJz32cPJbbh4syU2gU4xVLKjx+9NgfByWaMA4czCyqQ6JNy1WCFllbDbtCGtueoLQi6KXap8bsNlifxPXVm4KFfHsit/6URsgU1VL9kcI58HULKOe9/DDs45SnBNwVfAWTw4+j3b6BVY/97RxE//XBiolCJv1XCv+Kh4Y5qNmG935FrXmCgL7D/a10vm1nqKiBrtVqDABLKpBjt7kaWZEhHS83kfX1BxCGB50XIOFMQG+YGX5rkWfoBcpLEmDNHSMc3MLvcG80ft+gsbjwyoLKlU+dq0uaZfWj8J54Pq156ngIqUERILwQkRNZyswk238xUuhRo6tRT7jLNcL/x2XuByPs8ceCgqGuqMRSsBxSrQYTU0qzCygeHC+Sdm/lmPcG+c4ojyzpaclgVtcf+4OksOcfUqQE/9g6Fxwp5bLHIMwmrkAv2sirD6etH0iWM3Sk9uMUCK0sn18LJ/Efb7yqaPMTGHQOJyKaNBxU7+go+8pKlJAX9ft7ZIDgwpblVIwmc+LQjGC4LhXnGUs1K9gmZb7gYiSyHFOn6kyJV8U6c7JBhRX X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(376014)(7416014)(366016)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?XANYrq7gGKUITOc/HNJVNsBIsAoslnE/vpY4+byTyV2+4dgqIQA11sotrQuA?= =?us-ascii?Q?99tO56SISUBbzE6ldT5irUWMsgOqNJYXGlYB4ydwxomgLjlGia4sPBAJ4vST?= =?us-ascii?Q?gp4mWN19gnR9uo4Wmjh4XE5XB2/0POd5vAPG81P2aDsBTjrPygdMfdsRTPg/?= =?us-ascii?Q?lIy8q97haZ5qQxXJctaY52REuvgRKiiBFPxDa0fi8JyWJkmkpBZYzWYrcPDe?= =?us-ascii?Q?yEtPaUkEj98lKjpg8rqfxwtR8M2ZITgp5hocYXLN6D+DMZo6V7UoV7wSPJis?= =?us-ascii?Q?x/GAaP5FF/5BIYgqFLY/6jnvAh6NrnhQYeZ4pG6ZtDhg1Rd3MgYZhQyVtOGW?= =?us-ascii?Q?C0Z/5FmoxHnrUc12INU727cH6HRurFUPuvTZ+TitMpdW9eJm/tzwXv423CkK?= =?us-ascii?Q?8NxeK3vhUzyYuPwxRzvSsvaRJv89nc44nns2uoVQjDF+c4menWs49IqyPTkk?= =?us-ascii?Q?wZQRDUp4rgYfyOQ38rcweWqWz/cpKEnLqRr337boIDK1c/JL940Ct+kqASDl?= =?us-ascii?Q?RZ2do0E/caGIHz4Gpv3Kc95p/klevpYpm0QRwvGAqdbLD/Kjni33leg8Lv/v?= =?us-ascii?Q?vjYak8dCPs0PjVxme9VL5lOuECcXt80cdCwHG+rnSco/iMEsNiwXYpcB1AMO?= =?us-ascii?Q?a12ryuSgzo1v9ls2eaQef0EjzcBSUPkoG4J80B6jGp+BB/of+tfhPynx9I8M?= =?us-ascii?Q?54EhtohzDpIBAMLYSOh457oKL39Mnsn1BUzaeXg2EvisoGFVnXVOCAKREenz?= =?us-ascii?Q?pYFw9Rwi9agiQhPzdJ8gGgMyZj98MB+2ezyb5WJj/WNNJFHTWTJd7v8WdJfP?= =?us-ascii?Q?oU+mosPCbpGBFJGaZ1QMZTpMiZ5ER5DbtLyd0fI1235f0tvcOWMMj11eHlNs?= =?us-ascii?Q?r+8LKAZtYDIMr3qWhXCHJ/NwhcHg3gk8GgMt5LjHqIlqVmgPY3KJVYmeL9+L?= =?us-ascii?Q?IcGhC9fAcqm+LDHetrOOuXDeSKOJC4x79FsDRiRPBP7Gb6E7GS3aW843o8Ye?= =?us-ascii?Q?PV7nIJBY9pOTHPer/IrOh/Q+BujJEqq82+VwYu5b5FpqGN5nxueJfp7fusHs?= =?us-ascii?Q?u8frhcr1xJFNiT7GGy+MdTMQyrcTUeiFQh6WXO5BSfGB+gCH+avT8oc8YrDO?= =?us-ascii?Q?4YmaITjilUs830xfiod9MjH6wc5w784QXGFnJ6ECeQEncyjhFWnKw4lPC834?= =?us-ascii?Q?JLSh1jrSJvWSnQDD4aQORV/QMajbKBB0FczGS32yUDP0xBUgv0NceXc95yBK?= =?us-ascii?Q?DfiA/JSVecZs6pIC80y/4Jpd8LuCFhCjJ3Hx2mUNrn1qdkllTavC+AOgBbPk?= =?us-ascii?Q?3LyPJTqs1fQRJnTAHaTrzbrTzVZSuiS0/8KRpnOdv71PY/xJXegvB1df+ud2?= =?us-ascii?Q?Mt7xgLSAAWDKlDceca+VdWFaWNJMjFsKWPWUvn6NAQd5sJH0io1MNV7C5xcS?= =?us-ascii?Q?2JibveHLfaADE/zv0/oYqJVCFU99kY0LIrHL5HvyGriF5QWTzYHIQQtaUX2L?= =?us-ascii?Q?MgawV8ZO5oqkUwJpVu7G98LACkUE4QfW3XY6lrscLblbkfmbh6gz7XKc1r8I?= =?us-ascii?Q?X59b9Md6xAvPBm8QJB2LNNepkob/heAq7PLqByLko+jW2zKy565ixZHwKtK/?= =?us-ascii?Q?g2pG/37KK9wr1ig5NE3vJiYkeZHbeAO5Jb3c+Mh3SUB5TTANMlinaMui2hkS?= =?us-ascii?Q?6j8/dSpbKLe2cC1fLmAiNaZtlPhCdx2tK4LvK958r1JuO9cjx+G07L80G/Ht?= =?us-ascii?Q?lMB5Onw246/KFWJce6PDGV1uL75ia3zciBHvOSdXH2rchAsejuDd?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 5d76a1a3-5e66-4a7c-3e44-08deb2379ca9 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:25.5007 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: DG9lhykioq/Uui1z0n+ZeTJOlofgVw6SqCpAzVa4TgaBGtiadIWLrWLLBeV7CKq4uUQiT46v+y8a4aKrba2dmw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB5257 X-purgate-ID: tlsNG-33051d/1778818110-38149938-DEAAF145/0/0 X-purgate-type: clean X-purgate-size: 1612 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818139827158500 Content-Type: text/plain; charset="utf-8" Let Arm code ask whether a domain has an SBSA VUART. Realm validation uses this to keep the clear-text debug console behind a Kconfig choice. Signed-off-by: Koichiro Den --- xen/arch/arm/include/asm/vpl011.h | 5 +++++ xen/arch/arm/vpl011.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/xen/arch/arm/include/asm/vpl011.h b/xen/arch/arm/include/asm/v= pl011.h index cc838682815c..35d08556785a 100644 --- a/xen/arch/arm/include/asm/vpl011.h +++ b/xen/arch/arm/include/asm/vpl011.h @@ -69,6 +69,7 @@ struct vpl011_init_info { int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info); void domain_vpl011_deinit(struct domain *d); +bool domain_has_vpl011(const struct domain *d); int vpl011_rx_char_xen(struct domain *d, char c); #else static inline int domain_vpl011_init(struct domain *d, @@ -78,6 +79,10 @@ static inline int domain_vpl011_init(struct domain *d, } =20 static inline void domain_vpl011_deinit(struct domain *d) { } +static inline bool domain_has_vpl011(const struct domain *d) +{ + return false; +} #endif #endif /* _VPL011_H_ */ =20 diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c index d0d17c76b72c..05a03a5ce5d0 100644 --- a/xen/arch/arm/vpl011.c +++ b/xen/arch/arm/vpl011.c @@ -747,6 +747,11 @@ out: return rc; } =20 +bool domain_has_vpl011(const struct domain *d) +{ + return d->arch.vpl011.backend.dom.ring_buf !=3D NULL; +} + void domain_vpl011_deinit(struct domain *d) { struct vpl011 *vpl011 =3D &d->arch.vpl011; --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818312988627.6111775097982; Thu, 14 May 2026 21:11:52 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309420.1580457 (Exim 4.92) (envelope-from ) id 1wNjte-0008TQ-2q; Fri, 15 May 2026 04:11:34 +0000 Received: by outflank-mailman (output) from mailman id 1309420.1580457; Fri, 15 May 2026 04:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtd-0008TJ-VI; Fri, 15 May 2026 04:11:33 +0000 Received: by outflank-mailman (input) for mailman id 1309420; Fri, 15 May 2026 04:11:32 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtc-0008T3-Nb for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:32 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtc-0052Iz-47 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:32 +0200 Received: from [10.42.69.3] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cab-e002-0a2a0a5209dd-0a2a4503c7a4-32 for ; Fri, 15 May 2026 06:11:32 +0200 Received: from [52.101.228.127] (helo=OS0P286CU011.outbound.protection.outlook.com) by tlsNG-33051d.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3b-672d-0a2a45030019-3465e47fdc14-5 for ; Fri, 15 May 2026 06:08:31 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB5257.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:163::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:26 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Xs0ySpsXho/Q/PJkUY8kHQOPF8BiMJOyVyG1On69+0sLGBFGdWPDQDlaF5wp2mr3rulYxR9wP0SfbQRvHLhMcZlyjXF78a4zoXU6WlPKYyBoq9FTuE0irpt36iprv6ZNe26nsfmNzmq/UcU0kZMyayvnixvCmmzpX/GMs9XGLDR90CYd9ac5t++2Gd5e5DLQCO6F6o1jfslEaVOEFYOXCQmH/2cgNZQJ+Xa8VZ3bJ7m0Xpa7M7fHUQW5iQQmClwS7eOvigCW3vAOtgyb9bH/Katua+bo35oJqnG7xXjhqadUHX7UJ4jLsRgkO5FJkqe/iCZY5Zxx128GnX8GLaUTbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iQozeGS6NXue2xy04GwS38eB6n43tpIm85e71KD3+fs=; b=BQw0NCinlv8YvV9NUnVME52qwAL+Us66Bxia60rM2OBPfamYqcTbuczz9XiljOSkAj1Ivq8LFBRNBnZb18b/uBY10JUTpy/NokPp3GAQkCU75ES9bC7f/4fjR0VKiEfZhHoq2Cd6FDF3Ux+DbjHP/lYlKlKjY2qSElN25ctr+rvTKQHfis75QoMZQRFAS/Pfm6JVPVWuhj/NK9g/tPvjj4B7Vx1i2UHGMdOgE+XgCWJbSWwMZf7163f0dQQj02wsuU/N77WUYcYxBHHVjo29Iz2jX1TEno1x6D3D6Zmh7uv1Dg3WcjHQPoSURzx3kZiM4jUzUI0Ut8RXKGu6iwQsew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iQozeGS6NXue2xy04GwS38eB6n43tpIm85e71KD3+fs=; b=M28oMCAlK0o5+PH5XnmMEvKUu95EfDESKwS/S+TehN31E4HYV6T6Eune1mVIguWXXC+lf1GemZ+0UydSBNYLbBdZXUmBXKRCJLgpwwgUHp7yp+zNUGoxgNPx1lhMBSEfYdHvq0B+W2hQfTGct3nlPJjCDOymWG1GFdIupMF+awc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 10/26] xen/arm/cca: add Realm relinquish entry point Date: Fri, 15 May 2026 13:07:56 +0900 Message-ID: <20260515040812.983626-11-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCPR01CA0070.jpnprd01.prod.outlook.com (2603:1096:405:2::34) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB5257:EE_ X-MS-Office365-Filtering-Correlation-Id: e384598f-eddb-4503-84a9-08deb2379d55 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|376014|7416014|366016|56012099003|18002099003|22082099003; X-Microsoft-Antispam-Message-Info: WA4HlbaemzL5K2jLH8XnQivh7FT52NP2WdiNqHSdgeTCw9uYueJGRq2J8gjQIJhXFcXaVtKsejakqG7TxMjOggMwGvpEIyEZtzEpXFHdEUGkOvDMN7S+26il90Ng/qs72h0Z1R9hHHbPpVYKbIPLkqfAA8NmVdbNR9FYo3aO0jA+s/OV8GB6dEn+p1EWE5rQ+M5Dl2a8SwMgjkWp+jQFhdIZJyks11wMbgOQY/SyNF44IVUufPtGgf9+vUp66wTITpHIrOxHniQADc3kzKf+BfdWxfsBfistCNHLkhIC60a4k+K6/J0tb4r3fLqmEv+PsVKMDkoOuzpwt955NK6M/FTbg3wBZE8vQjVbzWf4HjfZEGOoz08gl5mVy+/zD0cpWjZjb7k5iqeJIJlSyHLcGItORcuF04WSu7gDWBQt32Sego6hjJYxoivDTVWmDs3m4oCdzxqh+JqAJRHjDoT2Hp8cI4zUGaaRAbUcjqqh4qLe7/6ffyI1Fo3+8jTEAMZ8G2b/qqznkiueRA+luRkNopg6XH9mvZf7QPCZ8Hr7JpYXzCqwMteSSvZ5w4chk8a6mgul4QY6NtZ2wNa7pZP9fOsC77OfQMMt9/V5sBeQv35Ji1oBb4y94OPGl015HEo3TQndhl0CMECDvi1MRb5+l5gWorRFFHBVRV00e4GAfbAEK90ixFLFA6TvJPNkudmn X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(376014)(7416014)(366016)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?bHDSnIWcw7ASPEAzyqscbjn5EVg/54TM5UVtuBIAW03GMVmwERIyvXwP7piU?= =?us-ascii?Q?j6JAzWy4whmGmeGFVkQc9e6O1I7dHGUIwGAwJFik4+nWXWIfzWBDSCSfgYJL?= =?us-ascii?Q?ioIVSP0IQ6An/KgXZrtnkIEQlXPcAgAScxMJ+7q7kxH/nWe5nKmXMEDrOWGu?= =?us-ascii?Q?SdfISybxvHmL9mogH61/54hYAcPZCOXwWFtzw2gioKUgGb0SHzdcRvyYQa/g?= =?us-ascii?Q?Uneqe2aQSDyeMrI7CJq/DsVoOUaEK+6veDDsUaGmt5yeL54gSnMapzZcBU/k?= =?us-ascii?Q?GTTEXpswTpJjVddlt5VRVa6ipaCH95+OsI8/e2f317NK7F1532Ba3HwunW32?= =?us-ascii?Q?aHo0Zx4NPCn11+MbxksP1ukSpplKHKuIn74d5lYmK+KR0zL+ZVgfXCuM4cgC?= =?us-ascii?Q?ipUWU2cD51ZHVTY5vAw2e2RmkR72p8+1Ufozes4BBaCNH4H8Dx8dkxs3WwV1?= =?us-ascii?Q?+jlZ/2iS/7uVi7J5vF9dy0HGWMsFGn1bWX4ibdPBOU5NIWiSeBph3m10z41G?= =?us-ascii?Q?FQgvTgQ/5Z6fY4Tmi4PNe/gsrFUh/ZwAW7kO64V38RKpfzBjPtF0Oz3b+CqG?= =?us-ascii?Q?N25NwCc+4XUTOfLJxcvBPsHi1wUFb0mXhe1bwITlwoSDxJDCWKQEx4eT8J+z?= =?us-ascii?Q?4gaczxZT6gxeqcYy2zqAn39mYrrMhRlnQAHA6MAHOWHYNuTk5uShrpxgIVHr?= =?us-ascii?Q?JawAfSvDXKbYKcctRtd4cv7p4A+Q7DL4e4loovIqg9KiVK5tx/GKE/sSGMd7?= =?us-ascii?Q?OV0Wj7t/ombXyEQRASKAL6VLyhGtWBU1zRaoJeP2Vf6O5tODtw4JbldoivZx?= =?us-ascii?Q?Voj20htKA9ATURzpAowkmhHN/S64Ae9Eh2zmZB/7aH4AvpNlgEeHpkNTrP3c?= =?us-ascii?Q?bJUJEVxztaLfFbksjM3SWUSOZRolGMPTkt+sdkqMJ79uGV5PrcprA30lGANw?= =?us-ascii?Q?yvkDFy68xhiAmaILUTV+w/zhSzRgFvThwlVeDllujqbbU9wowl2eMAQwcFIt?= =?us-ascii?Q?0Ir2ygv+PmFRS9O0N8lMpbQfayWq19ivpfiD2IvfplPIySgnQIf28ZOGftFV?= =?us-ascii?Q?lxRSV04FfQ7Btqvgb+EMTOpaaEj5Am2l3ZR83ahvQDxjRULk/VXvA9tKlx0Z?= =?us-ascii?Q?YZfPcH4+RqGqJWylPnpJorPB/PkeVT4ojTm0eiBhUcTp0Pz2zuItNi1P0PKe?= =?us-ascii?Q?Q2u3whtPhEi/SDL5GIMzZXCYOZhlY+o6slfHiKy1pa7Z5r77zLBa0h6hbNzl?= =?us-ascii?Q?GEKFSHVEqojslgdaeZgCIJ27bsRm5r7EfsTLxZggVJuxdwaDMv8MkUVRdvUh?= =?us-ascii?Q?hNCO1M8LWhgJ2rhi2QXDe6U91AMxcnwl5OhT82WNpu+DWSNUMcB2CRdWsHyM?= =?us-ascii?Q?UFhSVESjbZw1zl3L4vpPXRmQSAKsLp07Zmvq1LMjPNumahEvOw16C5XFgifT?= =?us-ascii?Q?l9hDvil72kqwptVg231M3qNleyxo+Xhf5cMhxugBeVndNZ1mV7XzpM/j6eRU?= =?us-ascii?Q?ZBs5hR1cXLJVCu3xJ3rM3bqzahA5+1mMGKoP4/Wk+iKrvQImIQtlfExBq7WU?= =?us-ascii?Q?3OSFO4MOsyyXJWv6YpJF+0d8g/7ERzA46xwvpr6nCJX8kzZDgbfVy4/Sc79u?= =?us-ascii?Q?drPGb4Mlr6VXh6XJQ3/qqXwk4cI2bfnTg+NC0nHxnSeRUh7t0LATgy88nQrS?= =?us-ascii?Q?yhmtk/4eR9wxvQwa13ZCeEDnbCoXjQf7M9PCvJjqaWD2GGXjpUPBjs2y4ERA?= =?us-ascii?Q?GA2eNniSroJxBEhhMB0S5cFRkEXaT1eB7jvvtczvwK3C9v/KYbD9?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: e384598f-eddb-4503-84a9-08deb2379d55 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:26.6341 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hc+uDErL99zt12g8UJj0QPunqB19KHTtMV/KGinscfZqqs92msFJTYAYFimQDqNb1x+i/q+Ql67HkUza+pTIlA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB5257 X-purgate-ID: tlsNG-33051d/1778818111-38776938-1E0469A9/0/0 X-purgate-type: clean X-purgate-size: 3313 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818314304158500 Content-Type: text/plain; charset="utf-8" Add a returnable CCA hook to domain_relinquish_resources(). Later patches plug the RMI teardown work into this path. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/state.c | 24 ++++++++++++++++++++++++ xen/arch/arm/domain.c | 8 ++++++++ xen/arch/arm/include/asm/cca.h | 5 +++++ 3 files changed, 37 insertions(+) diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index 66375965a1b4..3646948eb11c 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -19,6 +19,7 @@ static void arm_cca_reset_domain_state(struct domain *d) d->arch.cca.rd_page =3D NULL; d->arch.cca.rtt_root_page =3D NULL; d->arch.cca.nr_realm_sro_pages =3D 0; + INIT_PAGE_LIST_HEAD(&d->arch.cca.abandoned_pages); d->arch.cca.rtts =3D NULL; d->arch.cca.nr_rtts =3D 0; d->arch.cca.data_pages =3D NULL; @@ -52,6 +53,29 @@ void arm_cca_domain_destroy(struct domain *d) arm_cca_reset_domain_state(d); } =20 +static int arm_cca_relinquish_abandoned_pages(struct domain *d) +{ + struct page_info *pg, *tmp; + int rc; + + page_list_for_each_safe( pg, tmp, &d->arch.cca.abandoned_pages ) + { + rc =3D arm_cca_undelegate_granule(page_to_maddr(pg)); + if ( rc !=3D 0 ) + return rc; + + page_list_del(pg, &d->arch.cca.abandoned_pages); + free_domheap_page(pg); + } + + return 0; +} + +int arm_cca_domain_relinquish_resources(struct domain *d) +{ + return arm_cca_relinquish_abandoned_pages(d); +} + void arm_cca_vcpu_init(struct vcpu *v) { arm_cca_reset_vcpu_state(v); diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 4b6115491c59..2d9469f388c6 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -1038,6 +1038,7 @@ enum { PROG_sci, PROG_tee, PROG_xen, + PROG_cca, PROG_page, PROG_mapping, PROG_p2m_root, @@ -1098,6 +1099,13 @@ int domain_relinquish_resources(struct domain *d) if ( ret ) return ret; =20 + PROGRESS(cca): +#ifdef CONFIG_ARM_CCA + ret =3D arm_cca_domain_relinquish_resources(d); + if ( ret ) + return ret; +#endif + PROGRESS(page): ret =3D relinquish_memory(d, &d->page_list); if ( ret ) diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index 80c161078d6c..9b53c80b5bba 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -3,6 +3,7 @@ #define ARM_CCA_H =20 #include +#include #include =20 /* @@ -57,6 +58,9 @@ struct arm_cca_domain_state { struct page_info *realm_sro_pages[ARM_CCA_MAX_SRO_DONATION_PAGES]; unsigned int nr_realm_sro_pages; =20 + /* Delegated pages which still need host-side undelegation retry. */ + struct page_list_head abandoned_pages; + struct arm_cca_rtt_record *rtts; unsigned int nr_rtts; =20 @@ -76,6 +80,7 @@ struct arm_cca_vcpu_state { =20 void arm_cca_domain_init(struct domain *d); void arm_cca_domain_destroy(struct domain *d); +int arm_cca_domain_relinquish_resources(struct domain *d); =20 void arm_cca_vcpu_init(struct vcpu *v); void arm_cca_vcpu_destroy(struct vcpu *v); --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818369541572.0181611964821; Thu, 14 May 2026 21:12:49 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309486.1580528 (Exim 4.92) (envelope-from ) id 1wNjub-0003wA-Qk; Fri, 15 May 2026 04:12:33 +0000 Received: by outflank-mailman (output) from mailman id 1309486.1580528; Fri, 15 May 2026 04:12:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjub-0003w3-Nu; Fri, 15 May 2026 04:12:33 +0000 Received: by outflank-mailman (input) for mailman id 1309486; Fri, 15 May 2026 04:12:32 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjua-0003vI-Ig for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:32 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjuZ-000yVE-VJ for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:31 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d26-bab6-0a2a0a5309dd-0a2a4504b2a4-4 for ; Fri, 15 May 2026 06:12:31 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-8 for ; Fri, 15 May 2026 06:08:31 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:27 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HqMeKL6+t5HTfD1sFnJcQa1xL8qOZZ4tMOVV/GkOhttW0nhD7i6sh2z94Gy9GTuGYTHQkcCCPyECQo/vLDUN2ivUliB56axWIPsPAVL43Az1E6ox5pHVu7hBC58OoUhk3oIuzla6ofmTRxpc5T6JJqYl0i3elVFXebLc/u9cpLPvwMZMZ+Ie1502kfjJjzkQd50GnBI8k9hZ8EHXeqIGIypZJ3QmnIvA4IoAO46HcN0rXSj1DOTpM9EDWQsTs9d/b3g+Y1sGwuDxBPl+HsFZ5BDju+B3QV72AG5vVhjpjShu47PiG8LiZ36MPgiss3BFW+S6UJqtlUiZ7S130uMvQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/bHYT6atPOeZOv2k1L5q3pwz1qEMb9cMvUWztfWVSOo=; b=f6oC0cn/u8yXC7n94q+pGMj7xn5ahLQ9biNhMhxNZArow95r2utq6Ne5iZvRTN7kIItFDK5h/F2bDFTbM5wEgvHXL/fAb/JH52/ILCWzbQh7SzmtSXdGaL0ULUiy0bjXD/ORILAev2K84bAAYd6Jl3DCo/3lOPXHl1fQvJG8XyvdS0EWnYV2OmmxPiyZ0PFSXI3rrWIyfln4XzSJDcRuT+4lr21oF9gyndrYXWJomuhxwPX9fnn3d02sh2UEdzXrFfXXOknRPidfwDJ9QwYrVECv0n5P/Zfini5v0AAlQo1WxQXsU9/V7Kp8LWjG/EFnxeBelZF8aC3nt0PhNWn4aw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/bHYT6atPOeZOv2k1L5q3pwz1qEMb9cMvUWztfWVSOo=; b=hLmhABq9j/HWqdKJEUFbENp19Y+sPhbunK5U33Ao+1C5Oi0yj+GaWe5xgsuMgDpQteuqL0pbq9rCBMVUlo3Ta4VAsl81TXIa7AWDwT/7EUhbflKv4+aC+MnHaLeXETwc4dbVu0oBclUCJiE7wtoxf0xw0dws/3aUpHmmEk493fA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 11/26] xen/arm/cca: terminate and destroy Realms on relinquish Date: Fri, 15 May 2026 13:07:57 +0900 Message-ID: <20260515040812.983626-12-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: a7a94171-427a-45da-6252-08deb2379dce X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: sKcxBNa+IElQZkLoN1w9kxi7M7X+Sm3J/j1xx0ZgnkKIvKBg+cOLFhV3bnjyyemrCaalhWBitQNhfP83JlTqxRNSCjLZiPJT69LpgQ1ZnQmupz0whS5lE6E1BOgS8OkJk0q0JIhmisvlwNKhxcbWmqSVs79u6uwV0618M1WLt+3+FGFeqoYYFMCEO4Gj7UHFJlqDa+11U9/d4GABsANmcKNsPkeV65RmqQqhPyCJ8ZcXcnZdNDo+PlWmCTiu99rp62OUug5a7O2J2l54ZQHsiEoTjJZ9yCjE1TBJ9vvBRNNA+A3F8QZuKWJa41RyiZcsQ/Jo4NKV02gkwCHGka3NBafAdnCBBnu5eaHhjPFQF6/cHyB6ps5aSwwtK42gVReHBXVyphUUAgJmN3soNFDxaw8JDw+TWmaH6+yY1VQXmVxYECTD+HS056RGSxg/bB+xDRX8EgvTIEzvfkgLd69DPXGsMNlf+Qhv7mY6QpaD0ncovvzWqRv15ZRUplkv4OzcvI3EdjbEBF/lNLP98EEcxpI23oto1xKBZm7Vun5l2YJh5CyF3/Jfni492dqrQ6csTi5FoVPV3qeLP0s3sHnzK3IXG3cIcx7PxHQg5qwoPH9dVh8PzenFou8RGav6vtG2t5bwO9BG5B7JIpSXPtGnFTb8pRFcVD7LVDl/4qEku9EEPRvaff3O7LcrfbNa/T7U X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?4aLGh8c08GG9sqvk6nK3dALLX8eAdb6MOjwGMWZ0oxMZZ/oPKXNQ1peVJdSe?= =?us-ascii?Q?t6YbJy2/fschhDfAMzoH6CBbL7X38EKmuJeJI/31iRrKvH0uI8uojMKxfT/2?= =?us-ascii?Q?0E9JnEEZV4Lr3622+fetNOopscTpWscUYAr53qh9eHGNNs04JMDp/XBSYpiC?= =?us-ascii?Q?HsqAhL+2Obf76T8BheF639Ji9Ukq0qf6BAGKE7F0Xpc0kyABIIqA8XdP7wHU?= =?us-ascii?Q?sFBmT3NHAB5DnZN0+lIpAquk+ap1eZUqGdgby9B0HQucQc0NA1LllRnHfxJv?= =?us-ascii?Q?KBCYCjjjWE3eD5AoC1xNRV3/dptR+siBIQl9VNziOoOk8UxEJlw+0dNSeT9I?= =?us-ascii?Q?38QA3hM4CJ/W5dongYNzJ5BEQaqChB4O+QeS01dChd4O2qXmj83eEznwlNlc?= =?us-ascii?Q?XObCzFFCqztencr63dbw7DDxAV6qYasw//PsFKleTeE8OoMvfkXvNqFePC6x?= =?us-ascii?Q?shIps13Q5LaFjYDHkdysfbZaXZArepoXxJ7ZsJqrCIE7ScCbK8PcJqupyDyH?= =?us-ascii?Q?a6LR6p6lkJpZ3dIR0B/YO1AeGDDxX2rzUuMW4dqwnMHXnb5z72DxKdpLimn4?= =?us-ascii?Q?NhhizXqO9Uu2rzzcPiUWlis8zsOASJiN0NZ7d80ttW4B/dIV/IucLDrpCfpD?= =?us-ascii?Q?XDgwFoP84pRUxuRk/mXV6r5kttvNhvHp6k0jC4UBdZ0vyAyOVf/Y75EPQBrK?= =?us-ascii?Q?iCbRlvRG17K4ddjQV5KuFagS0Z6Iqeaf0AvT5nBIhQGmvPHAiMMt06vPbdHg?= =?us-ascii?Q?9Ox3CFh7aPN4vqiCYtHBZreTeWpOzE4M9YpELrB7ja4wd2EH4In6WwO+Bdiy?= =?us-ascii?Q?VoFM0Z+Lo4pFCa4tYtTepd04L300GtQ80/GPJmHhebGT9fGC8osKxajMm0qu?= =?us-ascii?Q?a8d7KksS+SCfkuAVVnEQjIcUR93A3TQuOPhWlE6XxCF5PShgNDt28nUd2Wuh?= =?us-ascii?Q?gVEUsKE2M2JAVVx38fSHeEi2VAKmK/MjllvtrL+OZZWXbq16Il4siRvClbS2?= =?us-ascii?Q?7/5UOTY2Nbv/2ZTPFHUnCyGMYH0n3URIv3WH3gB/RAVUnO4S+jo/iTmZgcfF?= =?us-ascii?Q?OkAuTx8fadtR3bkGNqOQucMfLNrJdWuZ4AbcOOr3IulgNrCT8YBEIbFSV4mw?= =?us-ascii?Q?70ghr7ZmouHWQOfi1Mdusl8yV5YZh91yx6D4fEYbcBV/AmsbdRiUS5ZP7aSh?= =?us-ascii?Q?2S8RkBBAT9w843h493Zm3qHtEOI8c0L3cvw8pa6A1KT+bU9qHLmV0Kiyp7Qx?= =?us-ascii?Q?DH0LtwIa8R9zJ1CtcFc1/aI+etOAegGImxm9woz5fsCWgVo2P3WCWUSkjRcS?= =?us-ascii?Q?c7G9Qu7dPn0oDDbrA55Lo++85KHFuNelBdphuy40MqD7LYdxIKs5I2fEUT+5?= =?us-ascii?Q?0YQhNVbYg284mHzhOVIbzn1Vno1yYrLIeSy1cE7TBPJyNCzTuz77BrBEL4po?= =?us-ascii?Q?d7s+C11rsi++wknhYyHAtyUlUX20mpRw0aryQpfCgCWp77SOb06L556odmqH?= =?us-ascii?Q?ih1IAol7dXSLhX8fl6nV3r1RXYUuvzVEi5+JwKvZ3KHHZ9KFVv2T8zDwKzsr?= =?us-ascii?Q?YzGcatvO+g5HiepOR5+Kta7o9EAcEYKh+DE1yZTNMe0lxWfatIdxZJFyoNrE?= =?us-ascii?Q?9UIX0OOJtqs2duUnYQCHknNQBk6lfmv7cy/zTKITGNGSmvjMbSKdKCUojVk7?= =?us-ascii?Q?m61S+d9zDNpSmwSprJINSZEsJKgBLZvnn/rEz8N2N7/ySZAq5qTDnXYVcBjX?= =?us-ascii?Q?4aBg+p5kRLNxv3LEHADxzJyMvqX3eviyjLKzDGAXYqXGsd0WR1vU?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: a7a94171-427a-45da-6252-08deb2379dce X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:27.4348 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jtQLDF3yIgbqPF/G2Nbpy/4tWTwnS6UOo7oVrDn5Iva/TAdrNjkS59nPAwXKlqpqR34q+HFPWF5o8M8u+TJZmg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818111-297793FF-5BFD5979/0/0 X-purgate-type: clean X-purgate-size: 5190 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818370629158500 Content-Type: text/plain; charset="utf-8" Run Realm termination and destruction from the relinquish path. Keep the metadata until RMM ownership has really ended. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/state.c | 119 ++++++++++++++++++++++++++++++++- xen/arch/arm/include/asm/cca.h | 3 + 2 files changed, 121 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index 3646948eb11c..e58e261265f3 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -3,10 +3,12 @@ #include #include #include +#include =20 #include =20 #include "rmi.h" +#include "sro.h" =20 static void arm_cca_reset_domain_state(struct domain *d) { @@ -24,6 +26,7 @@ static void arm_cca_reset_domain_state(struct domain *d) d->arch.cca.nr_rtts =3D 0; d->arch.cca.data_pages =3D NULL; d->arch.cca.nr_data_pages =3D 0; + d->arch.cca.realm_terminate_done =3D false; =20 for ( i =3D 0; i < ARRAY_SIZE(d->arch.cca.realm_sro_pages); ++i ) d->arch.cca.realm_sro_pages[i] =3D NULL; @@ -48,8 +51,20 @@ void arm_cca_domain_init(struct domain *d) arm_cca_reset_domain_state(d); } =20 +static void arm_cca_domain_free_metadata(struct domain *d) +{ + xfree(d->arch.cca.data_pages); + xfree(d->arch.cca.rtts); +} + +/* + * RMI teardown is returnable and runs from + * arm_cca_domain_relinquish_resources(). The final domain hook only rele= ases + * metadata if an earlier setup path left it behind. + */ void arm_cca_domain_destroy(struct domain *d) { + arm_cca_domain_free_metadata(d); arm_cca_reset_domain_state(d); } =20 @@ -71,9 +86,111 @@ static int arm_cca_relinquish_abandoned_pages(struct do= main *d) return 0; } =20 +static int arm_cca_rmi_realm_destroy_complete(struct domain *d) +{ + struct arm_cca_sro_mem_xfer xfer =3D { + .pages =3D d->arch.cca.realm_sro_pages, + .nr_pages =3D &d->arch.cca.nr_realm_sro_pages, + .abandoned_pages =3D &d->arch.cca.abandoned_pages, + }; + struct arm_smccc_res res; + int rc; + + rc =3D arm_cca_rmi_realm_destroy(d->arch.cca.rd, &res); + rc =3D arm_cca_sro_complete_mem_transfer(rc, &res, &xfer); + if ( rc =3D=3D 0 && d->arch.cca.nr_realm_sro_pages !=3D 0 ) + rc =3D -EIO; + + return rc; +} + +static int arm_cca_terminate_realm(struct domain *d) +{ + struct arm_smccc_res res; + int rc; + + if ( d->arch.cca.rd =3D=3D INVALID_PADDR || d->arch.cca.realm_terminat= e_done ) + return 0; + + /* + * DEN0137 2.0-bet1 - D1.2.5 starts Realm destruction by terminating t= he + * Realm. Remember success because later host-side undelegation may f= ail + * and force a retry. + */ + rc =3D arm_cca_rmi_realm_terminate(d->arch.cca.rd, &res); + if ( rc !=3D 0 ) + return rc; + + d->arch.cca.realm_terminate_done =3D true; + + return 0; +} + +static int arm_cca_destroy_realm(struct domain *d) +{ + int rc; + + if ( d->arch.cca.rd !=3D INVALID_PADDR ) + { + rc =3D arm_cca_rmi_realm_destroy_complete(d); + if ( rc !=3D 0 ) + return rc; + + d->arch.cca.rd =3D INVALID_PADDR; + d->arch.cca.realm_active =3D false; + } + + if ( d->arch.cca.rtt_root_page ) + { + rc =3D arm_cca_undelegate_granule( + page_to_maddr(d->arch.cca.rtt_root_page)); + if ( rc !=3D 0 ) + return rc; + + free_domheap_page(d->arch.cca.rtt_root_page); + d->arch.cca.rtt_root_page =3D NULL; + } + + if ( d->arch.cca.rd_page ) + { + rc =3D arm_cca_undelegate_granule(page_to_maddr(d->arch.cca.rd_pag= e)); + if ( rc !=3D 0 ) + return rc; + + free_domheap_page(d->arch.cca.rd_page); + d->arch.cca.rd_page =3D NULL; + } + + return 0; +} + +/* + * DEN0137 2.0-bet1 - D1.2.5 Realm destruction flow. + * + * RMI teardown runs in the returnable relinquish path so Xen can retry + * incomplete destruction and avoid resource leaks. Realm-associated obje= cts + * can be destroyed in any order. + */ int arm_cca_domain_relinquish_resources(struct domain *d) { - return arm_cca_relinquish_abandoned_pages(d); + int rc; + + rc =3D arm_cca_terminate_realm(d); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_destroy_realm(d); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_relinquish_abandoned_pages(d); + if ( rc !=3D 0 ) + return rc; + + arm_cca_domain_free_metadata(d); + arm_cca_reset_domain_state(d); + + return 0; } =20 void arm_cca_vcpu_init(struct vcpu *v) diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index 9b53c80b5bba..b135dd176751 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -66,6 +66,9 @@ struct arm_cca_domain_state { =20 struct arm_cca_data_page_record *data_pages; unsigned long nr_data_pages; + + /* Realm destruction state for domain_relinquish_resources(). */ + bool realm_terminate_done; }; =20 struct arm_cca_vcpu_state { --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818368326731.0276958475023; Thu, 14 May 2026 21:12:48 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309487.1580538 (Exim 4.92) (envelope-from ) id 1wNjud-0004AU-79; Fri, 15 May 2026 04:12:35 +0000 Received: by outflank-mailman (output) from mailman id 1309487.1580538; Fri, 15 May 2026 04:12:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjud-0004AN-2X; Fri, 15 May 2026 04:12:35 +0000 Received: by outflank-mailman (input) for mailman id 1309487; Fri, 15 May 2026 04:12:32 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjua-0003vL-Qx for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:32 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjua-0052Pz-75 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:32 +0200 Received: from [10.42.69.2] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d2c-e002-0a2a0a5209dd-0a2a4502d878-4 for ; Fri, 15 May 2026 06:12:32 +0200 Received: from [40.107.74.73] (helo=OS0P286CU010.outbound.protection.outlook.com) by tlsNG-720697.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3a-af86-0a2a45020019-286b4a49ea93-6 for ; Fri, 15 May 2026 06:08:31 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:28 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ADdA8lA+st7vdzuVbZ6B8RfzwI9Nj9yXkNnkeUN86DSaagZDbscBYPZ/5CspMyWT4ErNCPCzWMoDKVE3YbsQg921+4A9tKJ1RHwF9dQ3586tjjQvMOV7GYQNc74GEFwed3G7X9hJFyPKewC3yhwDZhXlw1vNjGKgwXct/3sBmhmpT1A5PcUBzG3T22v77tdo187Cq5OGn+ZKLfQkA+oSkr4cQLOmTZL+/CpzpMwMBN8lSeNRpA+wrWuJIP6gWSuldRfBGGdNgZEcwkU3rVXW1UrW1iIpNYF5fPBJJlsyzVkVgK7Lj/ftGIvZqKwYFymZAR4kjyhtJeLqqn0MVaH3TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nR9DiFmmPQZJPSPKu4GBPDG2fdbX8kmCXfKAod/+QeY=; b=VFs3f8WtuM2ad+k1nVQSQ3Vf/SZfhc8W+5Nimc6j+Zya2ZcoHqoE91r0KJ2Y8V9LhUSm8EaTAdJEwtUFUXFLNVhAGR0XMTxZoLgb3MjmkroFXV9YdTQwYgCcYK3PkA91WF/KBq1N0F1Fq/Hh8kQ4uS75dPZMK7hjxaZkXeX+AkURNRGOY11QYxyqTYUlVt0rGdnaypORDrE1NSYuXHCQheJRAmXVr1tYImrXt4TLtKGsrMl7Qsm287kQPE04bQNDw9TBQZUaMWO2nOqFibsJh988Nt7vrqyQx/6cX04CDu9WU5kl12142BEy7FCBF/HCkMM0l44WupByrHpNwmKGaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nR9DiFmmPQZJPSPKu4GBPDG2fdbX8kmCXfKAod/+QeY=; b=gdsMSSanjL4Ds/BIYGQIrS1NdIh8JDpvA2cbut3/EmYFxWjXRZ0JL0u9OFIBtza0eG7BWS6L4IVRh3a+1zWfPK1lItEriIRZ/7kGj1CPySRSFl59E6f0t7rLZv9qijevvEcdMTulehQOtXL5srJf1rvA30JGtVvBHuClSWcFBkg= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 12/26] xen/arm/cca: tear down Realm DATA and RTT granules Date: Fri, 15 May 2026 13:07:58 +0900 Message-ID: <20260515040812.983626-13-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0096.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:2b4::12) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 6b8b003f-a497-497f-e704-08deb2379e40 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: gLs4JSF9KlZ6fGcmNHutlgG8cEnBP7TPg0UPZmVJ1PUPh+oj61GuEhHAHo63Gg2ey5RN7tMf7ZyzftdQuMWrzsDeG50bHjOzUpiaQv3JRNfuJzAHwSj6+h1noQ6ScKX33wT9V/bOpAWQegEsDZwZgXhveFaHQBMW74vVpB/EFN4/g/5aqsH9fDqwtrIVrPMRkr0CJATIQGhCHjchgGW+s0N9uhviauIEyjN+pbHYQqdhUrbdDw5/qBO3IaZGTVGkJcaMCq064bJmcs92dZ93hNbUtebW2XinFdrThER9iSgoBSzQ5VfWCFCaIvt2M2kUUcoRzAVvHlnJvbTe61012z0DcLuVmQ2gKdtNAZIJRFEoCbldlvmiyYakya4p+6M1H4Ug0Q38BKVD7i/4ipCmmhn5zIJTj8WIVIrt/xpaRQZBeWY2FRYnSUtPAcBkDSKJ1kGKt1nbL1SR+WChn8Iz2wbES4tQ6RPfzWFkSLw1v+KyWBxHbL9hcY8zEL6CLPmXr8HNX6f5st2FLpToqiLewkflGj0++BWZ+4d33DGVAacb/fG4420jtkaY0dWY5XNK8QD4qqPUnMIYF1vtC9q1CcDy6MG7l25I58xv1CtG7QAcznnkXPiPQ8MqjO42RM5Tfy9mnJYCN4iyaRzcyQcdmnbztKeQj2fMQ4HRMTqecw0uzj+n7ubsWMcqYSkkTiHh X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lih3DwsJS3IwLNS7F1KI8M70+8B35CleiPsRTz+a/GCojAufujRYe5VaqZBB?= =?us-ascii?Q?2j/qiR7QcIi2ky9ZCMd/pEGkDxGhJp6zDBOxNCU6oT/rACYElarNwUl0XqTT?= =?us-ascii?Q?v++SKuuFDJyrSlX2/XjObpDCUjGTDF+ZUupobe/L8mGIbYlilGrKJRmoeur1?= =?us-ascii?Q?ceAiBpzKslZApn1wQXzyHVevYPXj541XTvAnNO+K92EAVjjVYXRpNE96/S/V?= =?us-ascii?Q?R1siwjMX69M/Skgkh/q7O4qq3dnZQgfg3EQ8zF5FfaI4AEBNLObz/2geZkfi?= =?us-ascii?Q?L1guICqCRq706BKKIdlJWpuW31btNhZxinTGpjdX2s2k8THZGsC8UvncDnDR?= =?us-ascii?Q?5t6fvPgE8mq0fgXQBtk5+kl31d9F1tzG/bqRCsNxR+ZsrM2Nrk8f9P50n+kf?= =?us-ascii?Q?6ngkMHldRUhUzXDzIbjoAW7AGno8/7DRIF4EmvJkRiuPSclBN6W0s+hb3Ugv?= =?us-ascii?Q?95oCBcyNrTQ6BBGwBnZAJjbdcGjeo0UBUJ3+0OUgKk0KLtiPleEkO62cprXS?= =?us-ascii?Q?auvAYGanFrnkmrXLj5WBfznWNaEATOd1X2XZ6HLcMzADA/Z5t5HQAEdFoeca?= =?us-ascii?Q?B+Fx5vSb2uomJnAt53zkLTq+yeI+IAjxuyBoENBsOoRyMlY0mCzzQO5LUK7j?= =?us-ascii?Q?VxaIBAuJuf6xuKMC/Gw8IYj5PL1e/znDQV3kYDXYt8SAN6kfzOKqjX7ww4Ap?= =?us-ascii?Q?Bi+ibK2zSajG+pNBP6sLzwI+XoSKTXcKw61RI3VhxAv5Mt2ZUEApRirZmJVu?= =?us-ascii?Q?Nbzdvo8ioN4aF43XmcoDOokaCp4Ty2+EtbYR7g2FMC5gQ4VIC/ciIKK1attH?= =?us-ascii?Q?MTr4MVhwjWBrHWWSnU5kR8s1SFjSBKjqzswZ0y1CWwqbhx3oPnYBjBl94h8a?= =?us-ascii?Q?p8hhoZELu2UVqkaiuSLWSSovSOIOuPBQD2JsHqSfibtU4fFpvBHlUoVXFydM?= =?us-ascii?Q?dxDsXY49rvn5OtkIZHKBUmsGDcKGW4dLzwobvR1KlM43I2lda3W2kNlCfiEV?= =?us-ascii?Q?gdb7NLdgF6PWK3Uvs9TL9syjWTPisZ7KgPiJr4FhPryXfnOqE2wuwAqqlShf?= =?us-ascii?Q?safzCci+7P07naVBwr94IH5RJIDbVs+Z6xAcboiUEd3FBV+mBOl6Wlaq1zyF?= =?us-ascii?Q?wYLAoDt08NZR+iHtiGEOBZLo+h0loHdsapyWrb42hTr0sLFaGpELf3xHqFqo?= =?us-ascii?Q?QMuAAsSZEcO2mG4ifcTquxqBxhxy4cM1md0Z4CCII0GwXQVidnmbWxnHdZxe?= =?us-ascii?Q?sr6fesXph91gukq6q2i4jSz0N0vPK4e2peMxHNK9bn69fwYlfbbkuI+dkJP8?= =?us-ascii?Q?IHTbrAmSCvfsY8NGrV19LV/G9jt7Hwb3Hku2HIkjsH4AVvSyO3iCbMby6uH7?= =?us-ascii?Q?vQ1oIy7rMbBFn0otYu45r/egAIEMeJyltF5LdgHx+QET+XZy/EFfdrrOlRLg?= =?us-ascii?Q?R8/yeka0O0DOzXN7W+icLvDVSu6zzBGiNRTjLpHI5HuNKEyGmBODvPZTuKC3?= =?us-ascii?Q?pCgwspJvuek6AP/LtlDaWEpEbfw3ON7MyQ9B4CyicEKVRK194O07by/yWqql?= =?us-ascii?Q?TOVg4QyNjFhvdGElECEE9d4p7Om+NoVat3E3+IHFfOxzDdA5MWs/b0jfkA+K?= =?us-ascii?Q?nGDaH2l9cWQER8f+vIKxapaGbxGSmKvXJrWeOcLeKfTJh3CBY0s9djShOrUh?= =?us-ascii?Q?5xXhXZ7b10PhZxED7Cvfwh6CXwdtOmwIvVynSjaEnolLWjbadBvUcHaGMlfL?= =?us-ascii?Q?vl5VqUlaeG5Yj+HjFR4uDkXNiZV+yWkib0v2tZ8O+OQgMaeX7FAI?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 6b8b003f-a497-497f-e704-08deb2379e40 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:28.1878 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4REczytb2XUah3DTTIi+PnbzuhhRK/HSDjXd6NzXqLI47BCOTuSBBsZjFJPBASSPZqDRFwtUVQXaBZZCkQ05cg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-720697/1778818111-8316D161-5CFB326C/0/0 X-purgate-type: clean X-purgate-size: 6505 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818368451158500 Content-Type: text/plain; charset="utf-8" Tear down mapped DATA granules and the RTT hierarchy before returning the backing pages to Xen. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/state.c | 151 +++++++++++++++++++++++++++++++++ xen/arch/arm/include/asm/cca.h | 1 + 2 files changed, 152 insertions(+) diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index e58e261265f3..c85ef56a1297 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -1,15 +1,19 @@ /* SPDX-License-Identifier: GPL-2.0-only */ =20 +#include #include #include #include #include =20 #include +#include =20 #include "rmi.h" #include "sro.h" =20 +#define ARM_CCA_RTT_DATA_UNMAP_BATCH 1024UL + static void arm_cca_reset_domain_state(struct domain *d) { unsigned int i; @@ -26,6 +30,7 @@ static void arm_cca_reset_domain_state(struct domain *d) d->arch.cca.nr_rtts =3D 0; d->arch.cca.data_pages =3D NULL; d->arch.cca.nr_data_pages =3D 0; + d->arch.cca.relinquish_data_idx =3D 0; d->arch.cca.realm_terminate_done =3D false; =20 for ( i =3D 0; i < ARRAY_SIZE(d->arch.cca.realm_sro_pages); ++i ) @@ -51,6 +56,37 @@ void arm_cca_domain_init(struct domain *d) arm_cca_reset_domain_state(d); } =20 +static int +arm_cca_rtt_data_unmap_4k(paddr_t rd, + const struct arm_cca_data_page_record *rec) +{ + struct arm_smccc_res res; + paddr_t top =3D rec->ipa + PAGE_SIZE; + uint64_t desc; + int rc; + + /* + * DEN0137 2.0-bet1 marks SINGLE oaddr as SBZ, and TF-RMM does not use= it, + * so keep X5 zero here. + */ + rc =3D arm_cca_rmi_rtt_data_unmap(rd, rec->ipa, top, + ARM_CCA_RMI_ADDR_TYPE_SINGLE, 0, &res); + if ( rc !=3D 0 ) + return rc; + + desc =3D res.a2; + + if ( res.a1 !=3D top || + arm_cca_rmi_addr_desc_4k_pa(desc) !=3D rec->pa || + arm_cca_rmi_addr_desc_4k_size(desc) !=3D ARM_CCA_RMI_PAGE_L3 || + arm_cca_rmi_addr_desc_4k_count(desc) !=3D 1 || + arm_cca_rmi_addr_desc_4k_state(desc) !=3D + ARM_CCA_RMI_OP_MEM_DELEGATED ) + return -EIO; + + return 0; +} + static void arm_cca_domain_free_metadata(struct domain *d) { xfree(d->arch.cca.data_pages); @@ -104,6 +140,68 @@ static int arm_cca_rmi_realm_destroy_complete(struct d= omain *d) return rc; } =20 +static int arm_cca_teardown_data_pages(struct domain *d) +{ + unsigned long i; + int rc; + + if ( !d->arch.cca.data_pages ) + return 0; + + for ( i =3D d->arch.cca.relinquish_data_idx; + i < d->arch.cca.nr_data_pages; ++i ) + { + struct arm_cca_data_page_record *rec =3D &d->arch.cca.data_pages[i= ]; + + if ( rec->pa =3D=3D INVALID_PADDR ) + continue; + + if ( rec->ipa !=3D INVALID_PADDR ) + { + if ( d->arch.cca.rd =3D=3D INVALID_PADDR ) + return -EIO; + + rc =3D arm_cca_rtt_data_unmap_4k(d->arch.cca.rd, rec); + if ( rc !=3D 0 ) + { + d->arch.cca.relinquish_data_idx =3D i; + return rc; + } + + /* + * The RTTE no longer owns this DATA granule. Keep rec->pa so= a + * later retry can finish the host-side undelegation. + */ + rec->ipa =3D INVALID_PADDR; + } + + rc =3D arm_cca_undelegate_granule(rec->pa); + if ( rc !=3D 0 ) + { + d->arch.cca.relinquish_data_idx =3D i; + return rc; + } + + /* + * The page remains owned by the domain and on d->page_list so the + * generic relinquish path can free it later. + */ + rec->pa =3D INVALID_PADDR; + + if ( ((i + 1) % ARM_CCA_RTT_DATA_UNMAP_BATCH) =3D=3D 0 && + hypercall_preempt_check() ) + { + d->arch.cca.relinquish_data_idx =3D i + 1; + return -ERESTART; + } + } + + d->arch.cca.nr_data_pages =3D 0; + d->arch.cca.relinquish_data_idx =3D 0; + + return 0; +} + static int arm_cca_terminate_realm(struct domain *d) { struct arm_smccc_res res; @@ -126,6 +224,51 @@ static int arm_cca_terminate_realm(struct domain *d) return 0; } =20 +static int arm_cca_teardown_rtts(struct domain *d) +{ + struct arm_smccc_res res; + int rc; + + while ( d->arch.cca.nr_rtts !=3D 0 ) + { + struct arm_cca_rtt_record *rec =3D + &d->arch.cca.rtts[d->arch.cca.nr_rtts - 1]; + + if ( rec->pa =3D=3D INVALID_PADDR ) + { + d->arch.cca.nr_rtts--; + continue; + } + + if ( rec->ipa !=3D INVALID_PADDR ) + { + if ( d->arch.cca.rd =3D=3D INVALID_PADDR ) + return -EIO; + + rc =3D arm_cca_rmi_rtt_destroy(d->arch.cca.rd, rec->ipa, + rec->level, &res); + if ( rc !=3D 0 ) + return rc; + + /* + * The RMM object is gone. Keep rec->pa so a later retry can + * finish the host-side undelegation. + */ + rec->ipa =3D INVALID_PADDR; + } + + rc =3D arm_cca_undelegate_granule(rec->pa); + if ( rc !=3D 0 ) + return rc; + + free_domheap_page(maddr_to_page(rec->pa)); + rec->pa =3D INVALID_PADDR; + d->arch.cca.nr_rtts--; + } + + return 0; +} + static int arm_cca_destroy_realm(struct domain *d) { int rc; @@ -179,6 +322,14 @@ int arm_cca_domain_relinquish_resources(struct domain = *d) if ( rc !=3D 0 ) return rc; =20 + rc =3D arm_cca_teardown_data_pages(d); + if ( rc !=3D 0 ) + return rc; + + rc =3D arm_cca_teardown_rtts(d); + if ( rc !=3D 0 ) + return rc; + rc =3D arm_cca_destroy_realm(d); if ( rc !=3D 0 ) return rc; diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index b135dd176751..d69e95a10010 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -68,6 +68,7 @@ struct arm_cca_domain_state { unsigned long nr_data_pages; =20 /* Realm destruction state for domain_relinquish_resources(). */ + unsigned long relinquish_data_idx; bool realm_terminate_done; }; =20 --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818374558996.5141787684312; Thu, 14 May 2026 21:12:54 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309488.1580543 (Exim 4.92) (envelope-from ) id 1wNjud-0004DW-GF; Fri, 15 May 2026 04:12:35 +0000 Received: by outflank-mailman (output) from mailman id 1309488.1580543; Fri, 15 May 2026 04:12:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjud-0004DG-A7; Fri, 15 May 2026 04:12:35 +0000 Received: by outflank-mailman (input) for mailman id 1309488; Fri, 15 May 2026 04:12:33 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjub-0003vu-IH for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:33 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjua-000yVE-Ul for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:32 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d26-bab6-0a2a0a5309dd-0a2a4504b2a4-6 for ; Fri, 15 May 2026 06:12:32 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-9 for ; Fri, 15 May 2026 06:08:32 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:29 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IXjTWfZR+3kWly/5vOglg3MtVqix3dpi2eQw9ah7we8HlVQth7Xk+L8xkCNEi29EsQ7UBg7uTqCJt05gV6mlRcEnM4NhtbTyqod6iY+Oi9eR8zLL5AERzfXj2XCwtAz3s3dILLePV/OZEKgrNH3EDeS1a5dYtwCNId6QqjJ1Q8f0JmWSOIwzzjL1w7iRz2vpGZofgnGxfKfX9c5lJIXPdoPplNVOuTgZvNJf/NVGEytqlxm45IyOpfdLsIpe1FFHldRGfBlLNrdGazqzIUtOF3eZovvCrH7Auuy0cztcOhqJuW7fRw/zBT/GI9cx09x4TcA8WGh7fXxlreFGbKJASQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u3FWv0GhzR6Z08YwvEAu3rWkS08OimUL4UXo8Xw0smY=; b=GI1JsAnORKFapx3wQt4vFhLnrC9C04au+YIaXMiz49egE0CXAkzbVl8arOAiMiwpu/c/O1xuQrmI/I5wN+mD/IO4NOYPeL9EIwzEL7mFrkdU0qbTmS7girWrh7vbuGKnXZQhX6jjSwZG0rOYYqpaMTTuK2HENuXVznNdGC1Y5btIGU2848fKmfN8ZIAANH5/KyWnsBUyLzqpi5Qpta459duVfA8C/Pcpe1RzoPDZgZ/zXSy1S20cb0544/afEnk3AO/ZV5hBSuGVbj1qaTdFzw4OWFaCMvT63hapgZlpsICWDvp75c7yyIDFEL/dKeF5MT9TUwHDNOVDYY1YZ1nkmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u3FWv0GhzR6Z08YwvEAu3rWkS08OimUL4UXo8Xw0smY=; b=EVdBhsnLh8sWAEI128zfUS0PEhAKbwuLjAK8hZK6q7Rrtwxm3lMxfrFRrjYvdCO46Ew2qXBNuwoZlwTzLRwQIS5myx0Bqb0QwnL7Ezh2Mp/KQfWVHFjmHn5FXIydZ4XohKwJ4rhe8+zF26mM8O4VTe9tCjhB3r0//I090w5uHsA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 13/26] xen/arm/cca: destroy RECs during Realm relinquish Date: Fri, 15 May 2026 13:07:59 +0900 Message-ID: <20260515040812.983626-14-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCPR01CA0066.jpnprd01.prod.outlook.com (2603:1096:405:2::30) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 5e3134ae-414d-4cb7-8b08-08deb2379eb2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: ZbIuGgSzAP8xk/gIBp71eHploo10DeHDf7sMinyg3HS6zWii518J5F9LAu3n0dH4ELAHSRuW+oM2jkfNl+g9KoMlTNQiYGuabCjoSwZvVu19q/KcK7Mbb5KOvDRmA+z9xgTLbdujrwtOjZ63Ekd8ViL1kkUfL7zAJvea2wdkxdXS4gQ+OazatjCG1tsLHxZkVT1kOq7vdgujjht1PQqA77cjSVE2Y6JhznPCxO65t4U8/gFkbTY26s7hVbmnC609hVkImQQa4Hx9l0zfTDxUAX3QDwvHuZ3decxnplDUHvl9UoSiSFLNBpe5d618+EHhUyglmgwVe0bOU70TH2Wfs92Iu8PgYGqfjELE+jXwmIMhR+NC3lGpNsUWZjos7fAL8FPwGNx1He01XLwchnOdMHLBloCUd6r5usOrR4nsyE6teKHGcq8s1k6dQ0JcJKJnWtIvn3ZWzHe+4Cb3VejZhIfGJ0ZSQVwWFR8LymKfWyNTMcY4o//c3c8pL0YSLSlYfPD2VRRBjPXGMJKMo4pXCeRqrsN4km56QEseUj7TSd63Be3gi/ZL45698ezPrUTq2pp4jHj08JCOu8EuiSx8czQx/pLIYf2eGjVuPtTXDgfW0WJvz3WM4jBrU50rpjvQMg08JWUTTNO9ab9DhnyvuXbMsWYkkflPqN/I3AXa4d15LaN9XCPNPunAR9YkwZtN X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?rzFfkBtTiACIx5FNERO7+qcdGAQF/nexYtYrwA0XoEDt+s++ZvpxMmT/F6TO?= =?us-ascii?Q?ddaTm7Lond+JFPLgb+4zbCG0Ax0aVoZbfP5j6RFDAfFYT/noqA1KeVE8upZ8?= =?us-ascii?Q?gG3xO0QuNxmulWQZ3N8oRV5+t4DG3lE2EuBVevvvvZkb0/Rst2KUhQ3fPBRC?= =?us-ascii?Q?HuLyPS4q7ZvVX0ySM9hQv2mJAc3AAaUssKwFy6Frln7S51GTd1a9JzVvykic?= =?us-ascii?Q?poOKxOzZrzFiCanPbACv0X3MNhKi8zsjLGaWnBLo1ha2yasMdqgiZcSIaDrj?= =?us-ascii?Q?fqysX5MSpiZkj/1FS5zpHsQuxT6iS17xC7eELmf/YD69vOLc2rLj+EWyWLyR?= =?us-ascii?Q?h7IVwe9YEnEfJDtKbcrbJmTnetMa3ufXu1xk5nBr/a6q+wB5fB7DAGuV0C3n?= =?us-ascii?Q?hto5IlRbqSkAfii+cQ4/elC7VyjhDzCsEHU2iUbNJJtQFKIP6ddSEjLXh2c1?= =?us-ascii?Q?SIYDtmLRU0uZHRQ6m9o9pusJmpRyedjJMbCYK++c2RDleYQOB74woBfmMZzv?= =?us-ascii?Q?QUC7AmZdOovb5/xfytT8JdNsuz4c+68bSC585GmSEaGzbbp6f8NSxQ3KaI+9?= =?us-ascii?Q?MOix1hbL0huAIsQjVUouVqte4lZr35envA3bDgpCTubEhWlL3cP2mmvtTJ4x?= =?us-ascii?Q?GsNhV7qSxSC7mD2P1RH80ONhigw3ZTX3D6ss52CweHS8kXMAWWQE4eU8uyCB?= =?us-ascii?Q?5Nberif62uKDjUdlfH0tZPcEG8VpAsv8VVGRfHkc8FKMNEzF4ig0nB1yXDFU?= =?us-ascii?Q?pOaqK8kbMsIcPv6hufwMHrHNSpICU3SN3p2UVPmODZBSHrovdTMcwAl/Rcmo?= =?us-ascii?Q?VpLxQuQeXzbHrdMX2jPKgB4237MBbKfbNsXYlv1ysLaoSpjpQKA15qZxLSfM?= =?us-ascii?Q?ElME+VXp8JnpyMoRhDIqxkBWESJcoATT8YM1Zw1DzZc3+2bpwHjEou00IAym?= =?us-ascii?Q?YGa6viBElVTJ05RtSRv8B2Ms0ra2AXs4uhdPA9Qb38sccS9aVH72F8POlM4O?= =?us-ascii?Q?v0F2QFq8YxFOHvLSkRylXfmfzxslV4e6Nzi+yuj+1xyehb/T50B4u9xzG4BW?= =?us-ascii?Q?wbtpsCbxnamF9HqMK0RzP7BucSkThn326lSG4p4VqI+s5Aubjnyi8SitSAHF?= =?us-ascii?Q?2qQ2eq296VggSIJbRsKYfXntWSWenaNXA5TXfeHs0+EssfoGi0W4gI+I0BRr?= =?us-ascii?Q?BQqMS5RzO0b5FPWVlp404MErNQEn7/f32xtLgCVI7aHXbbJoo4L3DS7eQoLW?= =?us-ascii?Q?lJ1mkWrirMEQqdLQrdyIaPPDzRvXt1CuRpW7e4H0uhnl3pNjImP+mLwW3Hjy?= =?us-ascii?Q?Lf7JINDFs3X8sbMUcJTG2DwbLNhxah+bdqkBekZ7BvgA6+QxhcjP4A2pijQp?= =?us-ascii?Q?85ZegI7sT3lchbW+1fUOkKsQmivk0iUiQReuJey04FoWxvSWToEO1/NPLY5l?= =?us-ascii?Q?AvzyYef10YaYbUv0fQR8GNBLFTrQ34eZJBzS1eK3+OAXRYaD6f7AbRKLvv5i?= =?us-ascii?Q?hM0V5+pC3Gv+jgfYEJH0D46RnayROaTV+nh8J3iyw86YbH/eleYTf+9mrG/I?= =?us-ascii?Q?+U/+s2R4xIpQC2XFaYXsv1prIC2K002f9CSJu2SXJZi0B5UZIUko+She+xbd?= =?us-ascii?Q?IwX4tHLZEeWjjeshwLl4EuQbxR6WryR1frN9q7TTfYp1RaHxlzxqkkUlUW9T?= =?us-ascii?Q?2ASVhtH8Zx4vkp8t3VKyaAAKwQ2C1g1Xg7c4YLj65kIz1zc6OcFI+Kg2GY5x?= =?us-ascii?Q?b9fA9rSMC5r7Q9WCyocDl2h3U8jsZcMM4/rVMSMylC919yn0jwbL?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 5e3134ae-414d-4cb7-8b08-08deb2379eb2 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:28.9253 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: X4IWjT81l1Glcn1oU+UaHW8xEXpsZQ2qS2jVoLP8JygD1f2lrE0k70DsElq/0sAOOQkmxi8KkTfz1J64MdIryw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818112-4014E3FF-E7C63A26/0/0 X-purgate-type: clean X-purgate-size: 3000 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818376526158500 Content-Type: text/plain; charset="utf-8" Destroy each REC, reclaim its auxiliary pages through SRO, then release the REC granule after the RMM has returned it. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/state.c | 81 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index c85ef56a1297..72dbb83841d7 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -122,6 +122,22 @@ static int arm_cca_relinquish_abandoned_pages(struct d= omain *d) return 0; } =20 +static int arm_cca_rmi_rec_destroy_complete(struct vcpu *v) +{ + struct arm_cca_sro_mem_xfer xfer =3D { + .pages =3D v->arch.cca.aux_pages, + .nr_pages =3D &v->arch.cca.nr_aux, + .abandoned_pages =3D &v->domain->arch.cca.abandoned_pages, + }; + struct arm_smccc_res res; + int rc; + + rc =3D arm_cca_rmi_rec_destroy(v->arch.cca.rec, &res); + rc =3D arm_cca_sro_complete_mem_transfer(rc, &res, &xfer); + + return rc; +} + static int arm_cca_rmi_realm_destroy_complete(struct domain *d) { struct arm_cca_sro_mem_xfer xfer =3D { @@ -269,6 +285,67 @@ static int arm_cca_teardown_rtts(struct domain *d) return 0; } =20 +static int arm_cca_vcpu_free_rec_page(struct vcpu *v) +{ + int rc; + + if ( !v->arch.cca.rec_page ) + return 0; + + rc =3D arm_cca_undelegate_granule(page_to_maddr(v->arch.cca.rec_page)); + if ( rc !=3D 0 ) + return rc; + + free_domheap_page(v->arch.cca.rec_page); + v->arch.cca.rec_page =3D NULL; + + return 0; +} + +static int arm_cca_vcpu_relinquish_resources(struct vcpu *v) +{ + int rc; + + if ( v->arch.cca.rec !=3D INVALID_PADDR ) + { + rc =3D arm_cca_rmi_rec_destroy_complete(v); + if ( rc !=3D 0 ) + return rc; + + v->arch.cca.rec =3D INVALID_PADDR; + } + + /* + * arm_cca_sro_complete_mem_transfer() consumes REC_DESTROY reclaim + * requests. Remaining REC auxiliary pages would mean Xen cannot prove + * that the granules have been returned by the RMM. + */ + if ( v->arch.cca.nr_aux !=3D 0 ) + return -EIO; + + return arm_cca_vcpu_free_rec_page(v); +} + +static int arm_cca_teardown_recs(struct domain *d) +{ + unsigned int i; + int rc; + + for ( i =3D 0; i < d->max_vcpus; ++i ) + { + struct vcpu *v =3D d->vcpu[i]; + + if ( v =3D=3D NULL ) + continue; + + rc =3D arm_cca_vcpu_relinquish_resources(v); + if ( rc !=3D 0 ) + return rc; + } + + return 0; +} + static int arm_cca_destroy_realm(struct domain *d) { int rc; @@ -330,6 +407,10 @@ int arm_cca_domain_relinquish_resources(struct domain = *d) if ( rc !=3D 0 ) return rc; =20 + rc =3D arm_cca_teardown_recs(d); + if ( rc !=3D 0 ) + return rc; + rc =3D arm_cca_destroy_realm(d); if ( rc !=3D 0 ) return rc; --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818305839876.3752370514485; Thu, 14 May 2026 21:11:45 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309421.1580465 (Exim 4.92) (envelope-from ) id 1wNjtf-0000FZ-90; Fri, 15 May 2026 04:11:35 +0000 Received: by outflank-mailman (output) from mailman id 1309421.1580465; Fri, 15 May 2026 04:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtf-0000FM-5T; Fri, 15 May 2026 04:11:35 +0000 Received: by outflank-mailman (input) for mailman id 1309421; Fri, 15 May 2026 04:11:34 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtd-0008TI-UM for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:34 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtd-007AXG-AM for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:33 +0200 Received: from [10.42.69.2] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-5cb7-0a2a0a5109dd-0a2a450291b6-14 for ; Fri, 15 May 2026 06:11:33 +0200 Received: from [40.107.74.73] (helo=OS0P286CU010.outbound.protection.outlook.com) by tlsNG-720697.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c3a-af86-0a2a45020019-286b4a49ea93-7 for ; Fri, 15 May 2026 06:08:32 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:29 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Vzp0DKcA1h0AGCQoph9JD1OGGeJohyGDop9/XptVxLEtF9MtJeztTMNgc78XH64CgSHd6QwjoWlYdzfuTAXt5ygb+Y7Zn5dkDsHQbud9hp6gHRycqpfHnhU92r8abLgSqmfx5G5JJ3cuYfPhjk1zUc1/sxe2J4pJ0U0+Q3Hv0BSLOMZMEQ7OYs5LHrYPTwbemlCi2AF25J5A/vLT/w5zx+ZxBES4wGx7r7eJJ6oXWhR9TaEs4yqiK8GtNebb8c5pVYbeBBijQDRhTZJyH4z8g8h0VAOg4oQX4c7UzC+WGaajOjyiIUG7hcO4w/3FJqO6vPw1teiFEzMd1buk0c9zyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K4GVaM6Ba/cf6m/qACnohRbb9uPse9KRbMYMMHWB/6M=; b=OB18H0zIh8mTGRWoi5E35Tj6w32vtVqmsCoyEaq5WWko8EumtMKq2p+SLDO5XDsz99bX21EzMCplZKU2JssBngRkQ5Fv0gxpKFwLtPRzEp2Q2D/YAmnJlA27BMLnokZWXQIYE2wkjq9ghjVMDvY2GNpwlk3kEjxp1xUm2JTnaTInqepB6ZO44CiaYB2/p7Xmn0q2KbcqvfJzKxJXwIL3M3PXpZrBFAXyClOElOvvziMgiOiw2dTSA4Fa3gOigWiyrAwyYE5SFIRTB9sczgAwXObGvnii3w6izCAFW6WtKGM1vX+Zb10CSmxAVKFrl4QqGl3CjCbAlBOXVsYRrf1O/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K4GVaM6Ba/cf6m/qACnohRbb9uPse9KRbMYMMHWB/6M=; b=FU8zoInqj974caCRTisQEA3Bygdx6b2i7111pWBHoFnHlU5F5q2l1bdjvoaToXyQvlrdwfYLCgVe7RRVqvvcPjYnwps1E2sO/7QqXq81BGetOyMpU0xgdTwbgLdT3+Rl/OwDq0Axq3WmQxwACjY8AG0WapiO7NbwOsCLYcvwF9g= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 14/26] xen/arm/cca: validate Realm construction inputs Date: Fri, 15 May 2026 13:08:00 +0900 Message-ID: <20260515040812.983626-15-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TY6P286CA0015.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b9::12) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 5ab2625d-3e26-4aad-b152-08deb2379f25 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: aihSdoJdb3v91Qyr/Y1S1HMn4l8pCP5kPB4BtPyIqrbpLLLOizR59eKjmsV9A9NGlChig78LtQzc2HrY38zQ4PFSkJuzL3QOaAB7prSMrS+KrtAGM5Y5/YVyuXfNrysr9lA2cBL68KqCd7C4z10XrL11xynhrb3PHcdM1IqkKeIa7h9rc5ScWU4QM4ZSeGIhoLiONvORVDIYRMxo+U1z1rOfy/BGIPsShnJFeWnCoapq/g1Wo2kq3uviPejQvb4ehFNiWkN9iUDi0BkauC4GC+Y7CXKTakkxXQ5W9WAHMrM1KxGj4z44u/Nb/tbNxDVIdGJW0COixymXWvJqUNFQlClkPK7pXn26037GHylItmKFv39o1HFYLpZKpmE+vu1V8pEnFh2LuMGnPzY1pf/Uqu/3EasB5nTqXN6Nk5JHyICxV+kHfwfr6zgRXrnJBT8xwToJ1I22/hHwIz+AoGMzjmX1n/PPdekrWYRNoJBF+8zXk13xLDcFrzFlMFARVUBzSwtd+tH20lCfX9Rfh3OC5X2948t1+YBU/IhBQxXNsAuzg8/NfjfvmJiZAzWbBHr9UvA4Murix9MKKtM4hbZSx9LOwFkLr3LAzuiHpFzr5zyejBfU+ROtf0YyzAVN8LpHi3e1FvBKzDpCMMgD2B9KC19ezAGjJaEroS88j7TNNmrXnQ4Yl3dhEbbFMqhs1Jn1 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Uh9OEppHmW7KV3wU6PlB2OasRrFxf34qvVqTbP2VYThslsIJP2wlHUdyuiw4?= =?us-ascii?Q?bJPdZJ+9QZqlGQfcBcw1IybyOt/7L1A+dfte9KZnvHQHfzZh5nl0+3nhElaG?= =?us-ascii?Q?fTzAG/rwDITYE8TlTRNgtyAfKqyAeLchra7dpu+MTD33wyWZ5Njl9iLkC6Og?= =?us-ascii?Q?RaxtkGOcZte4Zmx7w8tXtAtCkMaVuB1eyK6CHFgajyvXs4xf8Meaes3H9ICx?= =?us-ascii?Q?OozjIjW2ukmRz8g6OvmSbxcXcmfSVBv137VvYUTz/8Gb4miu4Wj254esHThU?= =?us-ascii?Q?8w6Uu11GU2I91kMwFd+YxM0h1NGnLrn8z15JzuqbllW/Bu3nGY18n7dsVzS0?= =?us-ascii?Q?tyCPB3hku2MzTWU/BfjFfsqUzAAzyQrd6yF65E6dGXArJsmVzd7k2lfAKNW+?= =?us-ascii?Q?DeO+vvSaMBfevUNYN+/C1czewvAtJCI/FGXYgQYNiG41LncZp0iLD//lHoe8?= =?us-ascii?Q?LFx6l/Uzon0HyxRh+3kIU6sTS5rszGCzpJXt7AD5uuiA6832RRM9T4FMk5L1?= =?us-ascii?Q?I8H4EMupfmkSFTGAQ5HAxDO/ismAKcA/oH+SpYhVFt2R0H/ngfgiE3pc0UO1?= =?us-ascii?Q?Vb3bPJkWRoGqMbTaR47vD2gz8IOkPwubrJNYyRhS6EVTDB2hCotsALU+cma5?= =?us-ascii?Q?4bT3htG6US/jztIQLFaCgu/VeMf7knGXYJPygPAWf+5hpGXMbaECYrwMLt3w?= =?us-ascii?Q?loGsCHVvzQbZs41+HrA0k4XFMOVeYXymD16efJ+OBeahvObqkjizA2tjHZwb?= =?us-ascii?Q?gd3DGQKfx5BtpwkFAhjlnbHjMIzPC+H+MiWVGMw01rFNJLXf8Yrru8ET7n9K?= =?us-ascii?Q?/IphHFYF1yELmNRGXZBiHbmr3gTdQfJL+6T/cXxF9W9XxEkP2J/IV2PAiF44?= =?us-ascii?Q?7gl5zWdfXlhO5hxPnLLpWNKZrA50jYCxT5vIP8AlQFooj5bAO4IQ4u1/yvpn?= =?us-ascii?Q?d2QpiC+mHlqi5v95dmW+XwXBrgg1vI5fak9oznjcdGKY10fInYMCCmqxVmPk?= =?us-ascii?Q?aAr8IJmsNnnDAOmS4tbc3KGJK3CApt9bXXCpg66M/OfqHAI2yFUSGxrMFqWR?= =?us-ascii?Q?nHCJe3/87VZ6yIgbU0Yyx/1+RVOv2yPe+AIIjScHAbBxRxzZb1BMyFcyPRqV?= =?us-ascii?Q?EXVZUg+bGUpCInaFjSsz37MfLeqtli7bXrvNCO7Lv2lJKoMAaZ0dzij1KcEZ?= =?us-ascii?Q?G/e8eIHEoTlv3djETxFZ2+ifQiz40ftewYputlk3VARZa7ZwmD5gpvEar7jo?= =?us-ascii?Q?NZxnHR1jtKjFwcOhf8fBMGdV0WMkvAevKZI8Ti4oulDjs5Yb0My/MjZ/1xGB?= =?us-ascii?Q?Nukq/7SZz8Fl/STDr4le67JCuuhHSy+avy3SK4g5oaFF0TOV9USVen3tGrEf?= =?us-ascii?Q?87kF8deA6y3WvHSj5Ck4ebV0SXaiUKnsHQDsvo2nJxC8EqusgkNwzGCOOMsz?= =?us-ascii?Q?RPKA2J06jcF47zP8T6O/qXxyRGymBXbTMjXuFJm+gyZDPIHSMUo0WY+ILSQe?= =?us-ascii?Q?BnFbzMmP4DMYhO6b4YJ4l5JpyHaCJ+oQlV0lWIHquTUCs+rKyQr6qoqaPVR1?= =?us-ascii?Q?/cHEdd8oY3FX+12WUJXNccr0l1K43sgFhu1ohZWNkUdrKvLieSBA15Ty0uY3?= =?us-ascii?Q?VUMArqTU59a62sgodrK5adwfGY/rvce7jilVFFBNEX4O8agpXY5wm1TUDkr7?= =?us-ascii?Q?u2nbXM4DsYvkjQ4/Pppr2PI/sMhjUWna4nW3GGp9GixXjaEX9osp87zlKzwi?= =?us-ascii?Q?HB8C5JYpU/gUHsIzhz85KkdgJlO01VjoGV9eQjuFltjC3Kh1V4BH?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 5ab2625d-3e26-4aad-b152-08deb2379f25 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:29.6865 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mCFhhMx0nBjgUIFtyN61KX/ZkYDJVqjGJTOJE6Iy881LAEkF6bvI9CokLXxuo4XUQk7ll4S02YcmlWDobZSatQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-720697/1778818113-A8145161-891DA07A/0/0 X-purgate-type: clean X-purgate-size: 13840 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818306517158500 Content-Type: text/plain; charset="utf-8" Check the domain shape, RAM layout and RMM feature set before starting a Realm build. The domctl range is treated as the protected Realm RAM. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/build.c | 411 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 411 insertions(+) create mode 100644 xen/arch/arm/cca/build.c diff --git a/xen/arch/arm/cca/build.c b/xen/arch/arm/cca/build.c new file mode 100644 index 000000000000..f333813e10a0 --- /dev/null +++ b/xen/arch/arm/cca/build.c @@ -0,0 +1,411 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "rmi.h" +#include "sro.h" + +/* + * Xen CCA currently accepts only 4KB RMI granules. With 512 entries per = RTT, + * the table spans here are 512GB, 1GB, and 2MB respectively. + */ +#define ARM_CCA_L0_TABLE_SPAN GB(512) +#define ARM_CCA_L1_TABLE_SPAN GB(1) +#define ARM_CCA_L2_TABLE_SPAN SZ_2M +#define ARM_CCA_REALM_MAX_PAGES (GUEST_RAM0_SIZE >> PAGE_SHIFT) +#define ARM_CCA_BUILD_PREEMPT_TABLES 64U +#define ARM_CCA_BUILD_FORCE_PREEMPT_TABLES 256U +#define ARM_CCA_BUILD_PREEMPT_PAGES 1024UL +#define ARM_CCA_BUILD_FORCE_PREEMPT_PAGES 4096UL +#define ARM_CCA_REALM_MAX_IPA_BITS_WITHOUT_LPA2 48U + +static struct page_info *arm_cca_alloc_host_page(void) +{ + struct page_info *pg; + void *va; + + pg =3D alloc_domheap_page(NULL, 0); + if ( !pg ) + return NULL; + + va =3D map_domain_page(page_to_mfn(pg)); + clear_page(va); + unmap_domain_page(va); + + return pg; +} + +static unsigned int arm_cca_feature_field(unsigned long features, + unsigned int shift, + unsigned int width) +{ + return arm_cca_rmi_field_get(features, shift, width); +} + +static bool arm_cca_feature_is_true(unsigned long features, unsigned int s= hift) +{ + return arm_cca_feature_field(features, shift, 1U) =3D=3D + ARM_CCA_RMI_FEATURE_TRUE; +} + +static int arm_cca_build_record_rmi_failure(uint64_t *rmi_result, int rc, + const struct arm_smccc_res *re= s) +{ + uint64_t result =3D arm_cca_rmi_result(res); + + if ( rc !=3D 0 && rmi_result && + (arm_cca_rmi_status_is_error(result) || + arm_cca_rmi_result_is_smccc_unknown(result)) ) + *rmi_result =3D result; + + return rc; +} + +static bool arm_cca_undelegate_build_page(struct domain *d, + struct page_info *pg) +{ + paddr_t pa =3D page_to_maddr(pg); + int rc =3D arm_cca_undelegate_granule(pa); + + if ( rc !=3D 0 ) + { + /* No successful undelegation means no RMM wipe guarantee. */ + printk(XENLOG_ERR + "%pd: ARM CCA: failed to undelegate abandoned granule %#" + PRIpaddr "\n", + d, pa); + return false; + } + + return true; +} + +/* + * Return true when the caller can forget pg. A false return means + * undelegation failed, so the caller must keep the page tracked. + */ +static bool arm_cca_free_build_page(struct domain *d, struct page_info *pg, + bool delegated) +{ + if ( !pg ) + return true; + + if ( delegated && !arm_cca_undelegate_build_page(d, pg) ) + return false; + + free_domheap_page(pg); + + return true; +} + +static void arm_cca_free_or_abandon_build_page(struct domain *d, + struct page_info *pg, + bool delegated) +{ + if ( !arm_cca_free_build_page(d, pg, delegated) ) + page_list_add_tail(pg, &d->arch.cca.abandoned_pages); +} + +static bool arm_cca_gfn_range_contains(gfn_t base, gfn_t end, + gfn_t start, gfn_t next) +{ + return gfn_x(base) <=3D gfn_x(start) && gfn_x(next) <=3D gfn_x(end); +} + +static bool arm_cca_gfn_range_overlaps(gfn_t base, gfn_t end, + gfn_t start, gfn_t next) +{ + return gfn_x(start) < gfn_x(end) && gfn_x(base) < gfn_x(next); +} + +/* + * Initial Realm support has no separate private/shared memory metadata. + * Treat the domctl range as the whole protected Realm RAM contract: every + * mapped entry in the range must be writable RAM, and no other valid guest + * mapping may remain outside it apart from Arm magic pages, which are not + * exposed through the Realm device tree. + * + * p2m_get_entry() can return block mappings, so reject entries which only + * partly overlap the Realm RAM range. Otherwise one p2m block could make + * memory outside the measured/protected range guest-visible. + */ +static int arm_cca_validate_ram_layout(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages) +{ + struct p2m_domain *p2m =3D p2m_get_hostp2m(d); + gfn_t end_gfn =3D gfn_add(base_gfn, nr_pages); + gfn_t magic_base =3D _gfn(GUEST_MAGIC_BASE >> PAGE_SHIFT); + gfn_t magic_end =3D _gfn((GUEST_MAGIC_BASE + GUEST_MAGIC_SIZE) >> + PAGE_SHIFT); + gfn_t gfn, end; + int rc =3D 0; + + p2m_read_lock(p2m); + + gfn =3D p2m->lowest_mapped_gfn; + end =3D gfn_add(p2m->max_mapped_gfn, 1); + + while ( gfn_x(gfn) < gfn_x(end) ) + { + unsigned int order; + p2m_type_t t; + bool valid; + mfn_t mfn =3D p2m_get_entry(p2m, gfn, &t, NULL, &order, &valid); + gfn_t next =3D gfn_next_boundary(gfn, order); + + if ( arm_cca_gfn_range_overlaps(base_gfn, end_gfn, gfn, next) ) + { + if ( !valid || mfn_eq(mfn, INVALID_MFN) || + t !=3D p2m_ram_rw || + !arm_cca_gfn_range_contains(base_gfn, end_gfn, gfn, next)= ) + { + rc =3D -EINVAL; + break; + } + } + else if ( valid && !mfn_eq(mfn, INVALID_MFN) && + !arm_cca_gfn_range_contains(magic_base, magic_end, gfn, + next) ) + { + rc =3D -EINVAL; + break; + } + + gfn =3D next; + } + + p2m_read_unlock(p2m); + + return rc; +} + +static int arm_cca_validate_domain(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages) +{ + unsigned int i; + int rc; + + if ( is_hardware_domain(d) ) + return -EOPNOTSUPP; + + if ( !is_hvm_domain(d) ) + return -EOPNOTSUPP; + + if ( is_32bit_domain(d) ) + return -EOPNOTSUPP; + + if ( d->max_vcpus =3D=3D 0 || d->vcpu[0] =3D=3D NULL ) + return -EOPNOTSUPP; + + for ( i =3D 1; i < d->max_vcpus; ++i ) + if ( d->vcpu[i] =3D=3D NULL ) + return -EOPNOTSUPP; + + if ( d->arch.vgic.version !=3D GIC_V3 ) + return -EOPNOTSUPP; + + if ( d->creation_finished ) + return -EPERM; + + if ( is_domain_realm(d) ) + return -EEXIST; + + if ( domain_has_vpl011(d) && + !IS_ENABLED(CONFIG_ARM_CCA_REALM_DEBUG_VUART) ) + { + printk(XENLOG_G_ERR + "ARM CCA: Realm VUART debug console is disabled for %pd\n", + d); + return -EOPNOTSUPP; + } + + if ( gfn_x(base_gfn) !=3D (GUEST_RAM_BASE >> PAGE_SHIFT) ) + return -EOPNOTSUPP; + + if ( nr_pages =3D=3D 0 || nr_pages > ARM_CCA_REALM_MAX_PAGES ) + return -EINVAL; + + /* + * domain_tot_pages() also includes Arm magic pages outside guest RAM,= so + * it is only a sanity upper bound for the protected RAM range. + */ + if ( nr_pages > domain_tot_pages(d) ) + return -EINVAL; + + rc =3D arm_cca_validate_ram_layout(d, base_gfn, nr_pages); + if ( rc !=3D 0 ) + return rc; + + return 0; +} + +static int arm_cca_validate_realm_features0(struct domain *d) +{ + unsigned long features0 =3D d->arch.cca.rmi_features0; + unsigned int max_ipa_bits; + unsigned int num_bps, num_wps; + + max_ipa_bits =3D arm_cca_feature_field( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_S2SZ_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_S2SZ_WIDTH); + if ( p2m_ipa_bits > max_ipa_bits ) + { + printk(XENLOG_G_ERR + "ARM CCA: %pd requires %u-bit IPA, RMM supports %u-bit IPA\= n", + d, p2m_ipa_bits, max_ipa_bits); + return -EOPNOTSUPP; + } + + /* + * Xen CCA currently leaves RmiRealmParams::flags0.lpa2, sve, and pmu + * clear. Reject configurations that would need those Realm features + * instead of silently creating a Realm with different behavior. + */ + if ( p2m_ipa_bits > ARM_CCA_REALM_MAX_IPA_BITS_WITHOUT_LPA2 ) + { + if ( !arm_cca_feature_is_true( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_LPA2_SHIFT) ) + printk(XENLOG_G_ERR + "ARM CCA: %pd requires LPA2 for %u-bit IPA, " + "but RMM does not report LPA2 support\n", + d, p2m_ipa_bits); + else + printk(XENLOG_G_ERR + "ARM CCA: %pd requires LPA2 for %u-bit IPA, " + "but Xen CCA does not enable Realm LPA2 yet\n", + d, p2m_ipa_bits); + return -EOPNOTSUPP; + } + + if ( is_sve_domain(d) ) + { + if ( !arm_cca_feature_is_true( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_SHIFT) ) + printk(XENLOG_G_ERR + "ARM CCA: %pd requests SVE, " + "but RMM does not report SVE support\n", + d); + else + { + unsigned int max_sve_vl =3D arm_cca_feature_field( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_VL_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_SVE_VL_WIDTH); + + printk(XENLOG_G_ERR + "ARM CCA: %pd requests SVE; RMM supports %u-bit VL, " + "but Xen CCA does not enable Realm SVE yet\n", + d, (max_sve_vl + 1U) * SVE_VL_MULTIPLE_VAL); + } + return -EOPNOTSUPP; + } + + num_bps =3D arm_cca_feature_field( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_BPS_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_BPS_WIDTH); + if ( num_bps =3D=3D 0 ) + { + printk(XENLOG_G_ERR + "ARM CCA: %pd RMM reports reserved NUM_BPS value 0\n", d); + return -EOPNOTSUPP; + } + + num_wps =3D arm_cca_feature_field( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_WPS_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_WPS_WIDTH); + if ( num_wps =3D=3D 0 ) + { + printk(XENLOG_G_ERR + "ARM CCA: %pd RMM reports reserved NUM_WPS value 0\n", d); + return -EOPNOTSUPP; + } + + if ( d->options & XEN_DOMCTL_CDF_vpmu ) + { + if ( !arm_cca_feature_is_true( + features0, ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_SHIFT) ) + printk(XENLOG_G_ERR + "ARM CCA: %pd requests PMU, " + "but RMM does not report PMU support\n", + d); + else + { + unsigned int num_ctrs =3D arm_cca_feature_field( + features0, + ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_NUM_CTRS_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_PMU_NUM_CTRS_WIDTH); + + printk(XENLOG_G_ERR + "ARM CCA: %pd requests PMU; RMM supports %u counters, " + "but Xen CCA does not enable Realm PMU yet\n", + d, num_ctrs); + } + return -EOPNOTSUPP; + } + + return 0; +} + +static int arm_cca_validate_realm_features1(struct domain *d) +{ + unsigned long features1 =3D d->arch.cca.rmi_features1; + unsigned int max_recs_order, max_recs; + + if ( !arm_cca_feature_is_true( + features1, + ARM_CCA_RMI_FEATURE_REGISTER_1_RMI_GRAN_SZ_4KB_SHIFT) ) + { + printk(XENLOG_G_ERR + "ARM CCA: %pd requires 4KB RMI granules, " + "but RMM does not report 4KB RMI granule support\n", + d); + return -EOPNOTSUPP; + } + + if ( !arm_cca_feature_is_true( + features1, ARM_CCA_RMI_FEATURE_REGISTER_1_HASH_SHA_256_SHIFT)= ) + { + printk(XENLOG_G_ERR + "ARM CCA: %pd requires SHA-256 Realm measurements, " + "but RMM does not report SHA-256 support\n", + d); + return -EOPNOTSUPP; + } + + max_recs_order =3D arm_cca_feature_field( + features1, ARM_CCA_RMI_FEATURE_REGISTER_1_MAX_RECS_ORDER_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_1_MAX_RECS_ORDER_WIDTH); + max_recs =3D (1U << max_recs_order) - 1U; + if ( d->max_vcpus > max_recs ) + { + printk(XENLOG_G_ERR + "ARM CCA: %pd requires %u RECs, RMM supports %u RECs\n", + d, d->max_vcpus, max_recs); + return -EOPNOTSUPP; + } + + return 0; +} + +static int arm_cca_validate_realm_features(struct domain *d) +{ + int rc; + + rc =3D arm_cca_validate_realm_features0(d); + if ( rc !=3D 0 ) + return rc; + + return arm_cca_validate_realm_features1(d); +} --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818374373892.49440458792; Thu, 14 May 2026 21:12:54 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309489.1580555 (Exim 4.92) (envelope-from ) id 1wNjue-0004cK-O5; Fri, 15 May 2026 04:12:36 +0000 Received: by outflank-mailman (output) from mailman id 1309489.1580555; Fri, 15 May 2026 04:12:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjue-0004bq-Kp; Fri, 15 May 2026 04:12:36 +0000 Received: by outflank-mailman (input) for mailman id 1309489; Fri, 15 May 2026 04:12:35 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjuc-00048s-Rp for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:34 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjuc-000yVE-84 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:34 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d26-bab6-0a2a0a5309dd-0a2a4504b2a4-8 for ; Fri, 15 May 2026 06:12:34 +0200 Received: from [52.101.125.129] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c35-1dec-0a2a45040019-34657d8136d2-10 for ; Fri, 15 May 2026 06:08:33 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:30 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jp+/O/GeQwJmOb7MFT9Ek25aZ7U4EoVMvKSVMZq10HtD+NcaUo7+kcbVRPi0jFXqQV12YIjtR975uXDySqNnb5oM9WfVGH7CqbZv5dO8O2+SXIyOmd77dD2vx8QdFTzGUOr9ADCbwhY3SzFH091ARmHHcFaepMXU8ofWkbm0dEArwjPM486vI4KArCNV7AHfmsvICQEkBjHr9MXKnvYPQNVBlARsGqYst+HCspE5mhy6101a8h5K3yaRvDlNjzAiUuoqpo05g5IeCKgcE4xMd7TcaGXG/1gZSMjvU1aAKy1AluN2kYAQKlU77toOLehL3uzi8BRdbLvLB7MFtkRL6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FZtK/SKYZCbPqZPdtBWTxkdfuoOJCT3QfZZUH1rHysw=; b=mUx+ftlah+frn9InSWv9C5utTgOaDEm+tKlekXtfxjhqO93nwvlMZE2m4IuGxJsuItZ0wHRJ/zFIQ7+rN624iGd/SUN0XWJrFis4/X84f7awXuSpi7wZQRoSJx7RFq4kCt1CzDooYPRu+TjvPfd8cgy6cBUknZwumajbRVvuA7hiRbrA0pA9iWqrlIy0ERZDfyWVYCunDOK0GO1KpVI+zZ+dKR/64hliLs4wbA7xAmhwX15IX5K5Ue3paPymLbFMa8vIhvab7nuaYS34zplZZih7A9CkFfx0isoFUNQmEBn12ugFDd+TFPJrbNEyGnuqx7RixxqW37eLTg7XHlVnqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FZtK/SKYZCbPqZPdtBWTxkdfuoOJCT3QfZZUH1rHysw=; b=UhbZxC/gWhgIyo3DfTpD1u2lNu48sr5kql55ojsI76V/I8DxlIKaCBZvUN2XXSc0vcbAXWpcGFqbkuz2TvK48af4bQ4J02mfJH/vQHXvXWPFSeI/OFkP06Evg2KIYKYuD4KR3hXLPu5vWB1xmvD0w00B/7xBlC/zSy3TLK8cMAs= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 15/26] xen/arm/cca: create Realm descriptors Date: Fri, 15 May 2026 13:08:01 +0900 Message-ID: <20260515040812.983626-16-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP301CA0001.JPNP301.PROD.OUTLOOK.COM (2603:1096:400:386::19) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 09dd67a0-dcf9-4135-92d8-08deb2379f98 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|3023799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: V3xS5r1JAE/Ukme4iMo8UCnJR4zgZO4VdeUsjcCTpTbzLeXQDbKgUCF/fJ8ZrDy/q410Tud5x9ZZbT1+pln3ODwrf1JzkoVZggYXwxQkl6y4aq2TOZJ1qEeft8odO0nood9sEsdcnVU9hFfIU1sUUn+1TCDpx80LiNlPBZNfBxkbH+QEQdfO3XOeA5BCUqfZ4XbDR6XPHzUDVnFB0NdZhy4zF1ZPiQX4qNwb8PDwsHPQRegDuXXFlIaEaRcDadeE1sbfaRqbsWBm599Xxvr8salvzDRS+Std6Nv/6VGWv+u9CIlcLTj7bbIiSSmpOa52BiTQMu39AhHkxM/Y0PBJDUNf0sxi5il7mvDW3x71b9s+CRbAZvehR/XTGg2L6O7J1WpMoO8l8Mlu4v1ieomqWczBsoErr8/nulMCIbrAD+9spfm6VSmA9w3GPLZ30jMrV4BS6Xc45eV5fEt99o/h56FaBHOpF+A14IrgJ6aZ1QUg7BXhw1mJvdM2Y4GuhV23vGfeG0mktknt9m2Dbf1XpsT2jvWG9PZHQK7pyowWLxoRDYTpUsDj6zPNPaZkZw2StBfdqbREBl9LmC7PSw9tme/3P6p6jAYAZ9BSh7i/NQQpjqs6QIo4VyzgqicfSApRPfXTstqFZxNue4mDheLINeWqXPcoD28lR4eiuqVqKZKtOEvgfkfAhnfftyp+PTtn X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(3023799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?eDjwDLLTvKIR8XhvAV+DclLr/BeAZDcWMeJFHHwoUtYtAjCk4GX5f77z6WhI?= =?us-ascii?Q?CpCDhsxp5WGQutpFLqfKzGr74LA01/R+3uWUVoE4/ZdWlKMdOyWISGVcToGf?= =?us-ascii?Q?uWTGinbZXE58MuTflyUPUxJzbKLs1E4GGJLRuLoddEFFsFWvPaoKUyyLIuQm?= =?us-ascii?Q?3TqSDImcuoIX4oJKj+soY0fGS6xu68T/OQUBwJfUGPeE8EmksIdhmNtdpwzD?= =?us-ascii?Q?uGgB+Z3bui7T0ybWHdploeIKCySmjk//2mLD0wA5vYDrWZNv6HTVDPpx8s1r?= =?us-ascii?Q?RDdoEMt7VsBpso2bwaapYcTLuNquF2KFiQM3lg12c/aNwKQdTU3ImWu460Q7?= =?us-ascii?Q?r9liNgURVuVmq2ZLrj1WrjfeFKhIzUV/O/FLoK9djr1i4ly++WuUZk+Xj8Nx?= =?us-ascii?Q?BBy5kpMALJB9Gnszu/VT9B/+eTozQgF6nG+gEl1ygZc5QxR2U+P0ZkuEQ7fl?= =?us-ascii?Q?0IvxjnHA4GDxrMetutXm2OLOUFWPv/4SWwrbvpeXSz4NgwDyqZXmenwdeIq3?= =?us-ascii?Q?dzfd+LpLbSwZYsYnr8VacM8LB44TUnzpU3txCOaWigNlNtJpj0Mf4XmgUPei?= =?us-ascii?Q?sBqnObF+sSNBTrei2CLXAmLCUBhzVWM/FGG8L08iaWSJbvPqyQgzb+S1gQey?= =?us-ascii?Q?6WPu/CYVcqX9UgtZwGZrOJiDGDnPBLA0aY6DnVKi4zdgSkRiEDHEmyArM8d6?= =?us-ascii?Q?M3JpJosBFABXs8mzVQpsq578uX/JOx293wo7dhp3PWbJE27/9m071kL/Sdz3?= =?us-ascii?Q?8vPTXE5A0bg0roq6o/K8YP2cpiARZm+QMIKfL8AneafGVt2dVquNlDGXwCPV?= =?us-ascii?Q?1RFBghTZw78Ql04KfigeD5Ln49qUxul89VLNskFlwlVQyXoXwEZ6LkyuU/P8?= =?us-ascii?Q?nk9k6lLFkhJnHQe1Fxly6sAutrj4e+qYRRTfVv2NjkhF9xCLq5vSm/GkodK7?= =?us-ascii?Q?/Q7SoG1RIrRslImrjm79NmOluezM6MYzUfzcUlCl+Ijqli7BER7V9EGT8363?= =?us-ascii?Q?0Q+Dz0Lzc5Ra25PuELuNzbJ6o8ovXTyO+7MH0tYVnkU9bx6S9TbezfB4ib2F?= =?us-ascii?Q?Zql1+st9YUp9gzqEmGvf3Aye/I2DrOH0FAo9xVt74U4IenL5/PKaRlWOXgQN?= =?us-ascii?Q?qJdS+rUMQ/bzglMzvk+B89W3d+2Nbq0HTE0yxGbv55ozff4Zq5LzQkiTsDsu?= =?us-ascii?Q?UCQrufhlltdqdoEHxImTtCfqb61Mt7USDUGzAuRfEfPGfuDLBztYhl84Lcck?= =?us-ascii?Q?S3uSQGDsZUiFvuPwa4O+A3NyZFzhYz+joM1Di68vDS9ZwxLP8jP2rYfSySfw?= =?us-ascii?Q?kJbJ+GCPonrjHkNqDpjCjnrGQUxohxq+6rGmV3tZlkOWOPAo0FRpYSLpVjHP?= =?us-ascii?Q?UVZbidyWhMvcp5SyKFdcq+LKIPfysRHTfvgh1g9Cuixw9bmLtojpkG7c0IVG?= =?us-ascii?Q?+BVryQKLKcw5x/GgUn+jFtkfNA67fcGt0zGLiCISgudIYKK4kdP9YfwFBxd0?= =?us-ascii?Q?baviNSKdeS0jtFKXH1DgWSkdlfzi7brg7nPzpGpHkI4NTurr7GBrUZeJT2wl?= =?us-ascii?Q?gsNSuZDak2zN96F9jxVb8qkuE9ng9gzg6U7IPwcEif9UVZtZ0LjatVRnOP4G?= =?us-ascii?Q?fEJC0pXyGaOnoKVUMvCnnh/ca4vHrWFFEeHicLXfzu2WgK9+ZqwvRSApYBsu?= =?us-ascii?Q?t3q4sbiPQyOH7uOjcDzSUcyCaBh0V3RkDyTVyWvNJi30jocKfOkJBU0+EU4B?= =?us-ascii?Q?LPC8jLfPxc1vYpB08lb62ik4eatQqDT83p9Kttg/9GNdHcjlTW6g?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 09dd67a0-dcf9-4135-92d8-08deb2379f98 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:30.4211 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /Mw9cYarOAX5YnMziMUm21rytVTJVpUe3WJZpdDJOtphFD/zVfmyMwYzePzJAMG6N5zj8CbgnP/jiV3CcqWVSQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818113-2AD643FF-CE381AFF/0/0 X-purgate-type: clean X-purgate-size: 4417 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818374516158500 Content-Type: text/plain; charset="utf-8" Create the RD, root RTT and Realm parameter block for RMI_REALM_CREATE. Record the delegated pages straight away so abort cleanup can find them. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/build.c | 116 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) diff --git a/xen/arch/arm/cca/build.c b/xen/arch/arm/cca/build.c index f333813e10a0..66d9c88da161 100644 --- a/xen/arch/arm/cca/build.c +++ b/xen/arch/arm/cca/build.c @@ -409,3 +409,119 @@ static int arm_cca_validate_realm_features(struct dom= ain *d) =20 return arm_cca_validate_realm_features1(d); } + +static int arm_cca_rmi_realm_create_complete(struct domain *d, paddr_t rd, + paddr_t params, + uint64_t *rmi_result) +{ + struct arm_cca_sro_mem_xfer xfer =3D { + .pages =3D d->arch.cca.realm_sro_pages, + .nr_pages =3D &d->arch.cca.nr_realm_sro_pages, + .max_pages =3D ARRAY_SIZE(d->arch.cca.realm_sro_pages), + .abandoned_pages =3D &d->arch.cca.abandoned_pages, + }; + struct arm_smccc_res res; + int rc; + + rc =3D arm_cca_rmi_realm_create(rd, params, &res); + rc =3D arm_cca_sro_complete_mem_transfer(rc, &res, &xfer); + rc =3D arm_cca_build_record_rmi_failure(rmi_result, rc, &res); + + if ( rc !=3D 0 && d->arch.cca.nr_realm_sro_pages !=3D 0 ) + d->arch.cca.build_unrecoverable =3D true; + + return rc; +} + +/* DEN0137 2.0-bet1 - D1.2.1 Realm creation flow. */ +static int arm_cca_create_realm(struct domain *d, uint64_t *rmi_result) +{ + struct arm_cca_rmi_realm_params *params; + struct page_info *params_pg =3D NULL; + struct page_info *rd_pg =3D NULL; + struct page_info *rtt_root_pg =3D NULL; + bool rd_delegated =3D false, rtt_root_delegated =3D false; + void *va; + int rc =3D -ENOMEM; + + rc =3D arm_cca_validate_realm_features(d); + if ( rc !=3D 0 ) + return rc; + + rd_pg =3D arm_cca_alloc_host_page(); + if ( !rd_pg ) + goto out; + + rtt_root_pg =3D arm_cca_alloc_host_page(); + if ( !rtt_root_pg ) + goto out; + + params_pg =3D arm_cca_alloc_host_page(); + if ( !params_pg ) + goto out; + + rc =3D arm_cca_delegate_granule(page_to_maddr(rd_pg)); + if ( rc !=3D 0 ) + goto out; + rd_delegated =3D true; + d->arch.cca.rd_page =3D rd_pg; + + rc =3D arm_cca_delegate_granule(page_to_maddr(rtt_root_pg)); + if ( rc !=3D 0 ) + goto out; + rtt_root_delegated =3D true; + d->arch.cca.rtt_root_page =3D rtt_root_pg; + + va =3D map_domain_page(page_to_mfn(params_pg)); + params =3D va; + arm_cca_realm_params_init(params); + /* + * Initial Xen CCA supports only shared MEC Realms. Set the policy + * explicitly even though RMI_MEC_POLICY_SHARED is encoded as zero. + */ + params->flags0 =3D ARM_CCA_RMI_REALM_FLAGS0_MEC_POLICY( + ARM_CCA_RMI_MEC_POLICY_SHARED); + params->s2sz =3D p2m_ipa_bits; + params->hash_algo =3D ARM_CCA_RMI_HASH_SHA_256; + params->num_bps =3D arm_cca_feature_field( + d->arch.cca.rmi_features0, + ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_BPS_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_BPS_WIDTH); + params->num_wps =3D arm_cca_feature_field( + d->arch.cca.rmi_features0, + ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_WPS_SHIFT, + ARM_CCA_RMI_FEATURE_REGISTER_0_NUM_WPS_WIDTH); + params->sve_vl =3D 0; + params->rtt_base =3D page_to_maddr(rtt_root_pg); + params->rtt_level_start =3D 0; + params->rtt_num_start =3D 1; + unmap_domain_page(va); + + d->arch.cca.rd =3D page_to_maddr(rd_pg); + + rc =3D arm_cca_rmi_realm_create_complete(d, d->arch.cca.rd, + page_to_maddr(params_pg), + rmi_result); + if ( rc !=3D 0 ) + goto out; + + rc =3D 0; + +out: + if ( params_pg ) + free_domheap_page(params_pg); + + if ( rc !=3D 0 ) + { + if ( arm_cca_free_build_page(d, rtt_root_pg, rtt_root_delegated) ) + d->arch.cca.rtt_root_page =3D NULL; + + if ( arm_cca_free_build_page(d, rd_pg, rd_delegated) ) + { + d->arch.cca.rd =3D INVALID_PADDR; + d->arch.cca.rd_page =3D NULL; + } + } + + return rc; +} --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17788183806451014.7648086692913; Thu, 14 May 2026 21:13:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309490.1580565 (Exim 4.92) (envelope-from ) id 1wNjuj-0004zS-AM; Fri, 15 May 2026 04:12:41 +0000 Received: by outflank-mailman (output) from mailman id 1309490.1580565; Fri, 15 May 2026 04:12:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjuj-0004zF-4r; Fri, 15 May 2026 04:12:41 +0000 Received: by outflank-mailman (input) for mailman id 1309490; Fri, 15 May 2026 04:12:39 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjuh-0004u5-Do for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:39 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjug-000yVE-QE for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:38 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d26-bab6-0a2a0a5309dd-0a2a4504b2a4-12 for ; Fri, 15 May 2026 06:12:38 +0200 Received: from [40.107.74.93] (helo=OS0P286CU010.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c44-1dec-0a2a45040019-286b4a5dedd0-3 for ; Fri, 15 May 2026 06:08:38 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:31 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YBlYFF/JZ3pryGAABICzL5fnic9gYzEsoLzvyN/B0CC0PabfIElJGTkPaC6gcRk9LF8nwWXR6xgRObWXQKNfKO3jpHJLmo3/9cMFH+w0AuAZK6ftPXB6iWta1p8Y5qPfPp/11UoJHUD7nTmx6ALY4ZbIBjEEBhdgQaNT99pl5smmwscyLMwR7+YyNx0unOaYPQgpnvLL3dootiAPUG5r/Inr8Fpw6Y/C44pc3q8np/OsB7LxdCqt9oFCSTkQSi7ZjdRxH4EOOF6qXs4L05nSk8fuL6j+nQwxIpfQii5t0NrwTcZRWf7rLUD6LDF93dxE2BoXe+hne6AfON231oVclA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ic4DMqcnpHbXQ4IcgQkHlB6E0zWUFBVW3mjpWAW49LI=; b=WjuP+IuMrr7obYTiBrVCamPq/XI3vTNvDz2ICaQHTRujqjA7BgcW4n4o3Fvq+6z3EvFMBMTfn/xHla3jc8mqh9aBPIpqjsdaWv0UPgt64lLNiraHPYoPvteiLrnVX5SAxF9oMBNl30Qo3zEL4yxgPwLjyDp2INHN7F4dSLoER9wb5mxgul3epCyKMPTRr8kERYfu/TpEBN1hKlHszpS/HHjTX6vdvxqAEU+yWw61E+EcKffrbFgkJDLpHch+CP0aeWTWndzrHKqxGE6yNrLXJ0iIt9KD+UHEoKebKw5KK8Vt/jhVPZ5zlbgpO4w9nx32rF+zLWn0+6gob6t0h2TRJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ic4DMqcnpHbXQ4IcgQkHlB6E0zWUFBVW3mjpWAW49LI=; b=ASmV9ZixM6nhrnDZqYV8GgLVxQyBzGZGViORUYbW1OZf8jgixlHpRIBDDzLKCTH1gb6cguqxNLdwGJqsjm3rZnn06QAwiUqQURO6ThJEvX+QocGBghtKBjBXcLqXXSKyZwADcjwOp4PMDMuNlubT2ARVkjfYcklXRdfNTnsuY3M= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 16/26] xen/arm/cca: build Realm RTTs Date: Fri, 15 May 2026 13:08:02 +0900 Message-ID: <20260515040812.983626-17-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TY4P286CA0069.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:371::11) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: 050a3046-af8b-4c3d-25ef-08deb237a00e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: 6PMNdPElGGfEcYqItk2aYTGz+S8bTo6L6/C3BV52RlG9U4lNWAUdad/T/a96tQpdf1bfZF9147g23ACYQhQZ5DZejgDCA8jJL47KwOBqdsKWFt9hmQ4I8Ihf8msgvVZe5ZuJkYf29qCEGtp6YBP0gX4PC421tRL1RWQuA4e8f9AsfIuB6VT7Pm4POud++XEa6axzG409juIP292a7D2Cg3l51WWL1e1a8FZkoz3GKtDi7eSUXtC1uxt2qvhmCPNaZwHWK4Y5+k4YtH9t//dWxMG+rJfYF5JwyEfcCdkwpGRJfLO2g8GEy/lYDj+Vw84ml+KQXvUTYH2AHBecnC7n7YxO5MakudWO+7hMICBOyYaK4EVQABuaX6f3zkBzrp1KyuuIQ6rlpiL98yCTpPsgYIecKZC0sJY8D0OpAhFCuqyQRTq/2OFwBoW6peBoyx0JHMHIzm5/Dqatz0SjB4UcRsrLEr85JvRHwddeyYOx/UVctROcq3jVo0z4qv08kM8rKv80MP+I2hGCy0wc26b0N0QO3vnzucKfpehr7WqNBMDkE9pqvQGTmB5bRFi5XgFN1MWspj4XeQix2WVL8juWvy3n1yYiofhkEATmVPqdEwhYff4nC/dCyzkO7+eu/I5P+9eMnc/2ht24V2bHegRtD4RTsy56GzRhoZBXhUFaZPhuIU9DZY966Dv+3sph6Ql1 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?ZONyaHKDlQnmMBpAm1Lh/I1MF8+uiPWHtDHNfW8mFklLgRX3SLgglkbhdrR1?= =?us-ascii?Q?O8UyOxEjMBYym2E8qMDarjvaUc8/8Aba11qfWDJBi7tInZEZr2+dfwSXO+Dn?= =?us-ascii?Q?e8Per0I7kgyXSEf0sAwnj5FbOPMoDvbn/UGxWsAA6svVbDtRGxnfZuN6CEaH?= =?us-ascii?Q?5mC89X2SwtrTlZFP88DIZ2vSvsMGIHHNuY+wWpZ1yaG8rPTRO/mAjRLdxqFy?= =?us-ascii?Q?IV5HA5LRwA/tYO3Bz9PKQ7DeiYnqLCzU9Vk3rMvE+4jXi+Ukut04/n3GBBaL?= =?us-ascii?Q?f7kSxuL3X5OIgatlgR9Gkc40qZk67oJg3DcDfCMyDj64BdGTudvbXsofKRQH?= =?us-ascii?Q?4NpCkuwFpQ+ra4pBwIoni6I0nNthfgLcHfE/ZTi4hiUapoZ5aGj35yXEGjAj?= =?us-ascii?Q?mW6gUrJUKYK2F7CWSIA0VRiJdlLlqBn3rsRMr7X3Gfc0qhZwsiSEea+uMjEG?= =?us-ascii?Q?CQn17xO9bOcoPPDx7/rQFPavT/Qz9aj/jrZsHms8SYw+Zg32HKbh0bK6SJgc?= =?us-ascii?Q?qdOqCvAQdwoQXQ7Eh9FBuHPMhQZIQJY4OowpQkyQzgCRvl4HvwnPgxgJ8sBD?= =?us-ascii?Q?3DRyIV40QrSPIK6Wof5+E1O+sEdaqgHrC5rRJKQ96Z57YOBcaaQcsrwyvsQI?= =?us-ascii?Q?IlUKqQ7s1LMpLocl2tPGdJh/Q9RR/mTBwZ7k+9wSNwBV/rWya/V4aPIgC3Co?= =?us-ascii?Q?YsLw4nG6cSgR2zN3t2HScBCsd2KQ+2upM+yfkmyoXuXYJxkAH7llBL42iNqQ?= =?us-ascii?Q?AA/Vw3nAawA5V7xqEgAEX8dn7jKUhP9dPzshjZUjdlBsReg09E3opYCvEtN0?= =?us-ascii?Q?W6GTOFUsy8xYIDPJQA6eUTJKiOIf96/wAnHdNsqFUpyvHbmgQQOlWk3loUiZ?= =?us-ascii?Q?p9VVI41udheHWL87UYmm2xjsr+L89xPqLrojV1QeoRNU9VuW6JEUG0+MtIW9?= =?us-ascii?Q?ff4iXoc8OZCM+7Ee0KB1oESoDUk8XE+cww09J5/w6SKx3Fm6jqHg75yBo/b8?= =?us-ascii?Q?KQxYNuK7t/vAoW/I1mA9UnsfasqaceCvAekObTkORRobCKxPZjhyU3cmA+Ff?= =?us-ascii?Q?x0c/A51LZNdB53KtmeQpC7f7KwdHpO4vutGbvNlFwFA5cazJX12TPOJs7qn8?= =?us-ascii?Q?RQxAx/x7EE3L5yzpqqunZcHgGmbrRR9P7SVpaOCErRHn7xfSmh+fFqiFj8RT?= =?us-ascii?Q?vmgh1GblIBL/sW/K4OZGvj3wGtb0MLWzP7LBqzLBuZKvFUTR9+mgYd7WcBE8?= =?us-ascii?Q?ZK2DiyNIACDOsIBouVFFIItsFtnyyPwjz94UqGJyURJJ54UfgZDTCimBbkXM?= =?us-ascii?Q?idrdY9g9HgyGjS/NLoLUzfYfXxuxIB57pDsD1I6/0VsWjPxOOcRzT9ZiIc3/?= =?us-ascii?Q?lZxsecUX7/Yq9XXAcxJwRmdMBmJe2kOghupsa01KScVxK2YEWYX+1xLqta/5?= =?us-ascii?Q?7vLtqcw/RNRtQkSErMaW8X9vp7TJM+dyhj6QDmarW41cQ+HeisVbHgSmHY7g?= =?us-ascii?Q?7vK0TduhPClYB/RfgZVeEcBThODuTcLjfNYI0UVaXL5tlHVYZ+VNK8/XDmoF?= =?us-ascii?Q?/2o+D4IrI5H5TD82nQgtgxuj3K3S0iHumxpPVSTwEMcNEx7LuIs/aXz/BK33?= =?us-ascii?Q?pGumLvVq82X4I5SEhc+Kgv4N1GhR1OrrdFT/dj+rzz+vp+ZZNyLZ3wM5G+gd?= =?us-ascii?Q?Rj7E5ya55r2/jLHJDa1nWrDUNpMnTtoVdZd42eQxXio8Rx6EKo5PRT6ouzIO?= =?us-ascii?Q?qa1XvcJbqPB6G3b7TkgfSNkYWk0JQnpEKf4tsvldX+XSUvZaoD8G?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 050a3046-af8b-4c3d-25ef-08deb237a00e X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:31.1941 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zwlBgvM6pBArqAOHDB0n2NDG9C0CXT8mQaKwlnvt4A4Xw3pIFQkvnYwUKVN758GZs5PQHe4ObrWDbyPU7hWWyQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818118-4237F3FF-11C8E8B2/0/0 X-purgate-type: clean X-purgate-size: 4565 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818382587158500 Content-Type: text/plain; charset="utf-8" Build the initial RTT tree in restartable chunks, recording each table so Realm destruction can walk the reverse path later. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/build.c | 139 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) diff --git a/xen/arch/arm/cca/build.c b/xen/arch/arm/cca/build.c index 66d9c88da161..10f61b5038ef 100644 --- a/xen/arch/arm/cca/build.c +++ b/xen/arch/arm/cca/build.c @@ -525,3 +525,142 @@ out: =20 return rc; } + +static int arm_cca_create_rtt_table(struct domain *d, paddr_t ipa, + unsigned int level, + uint64_t *rmi_result) +{ + struct page_info *pg; + struct arm_smccc_res res; + int rc; + unsigned int idx =3D d->arch.cca.nr_rtts; + + pg =3D arm_cca_alloc_host_page(); + if ( !pg ) + return -ENOMEM; + + rc =3D arm_cca_delegate_granule(page_to_maddr(pg)); + if ( rc !=3D 0 ) + goto err_free_page; + + rc =3D arm_cca_rmi_rtt_create(d->arch.cca.rd, page_to_maddr(pg), ipa, + level, &res); + rc =3D arm_cca_build_record_rmi_failure(rmi_result, rc, &res); + if ( rc !=3D 0 ) + goto err_undelegate; + + d->arch.cca.rtts[idx].ipa =3D ipa; + d->arch.cca.rtts[idx].pa =3D page_to_maddr(pg); + d->arch.cca.rtts[idx].level =3D level; + d->arch.cca.nr_rtts++; + + return 0; + +err_undelegate: + arm_cca_free_or_abandon_build_page(d, pg, true); + return rc; +err_free_page: + free_domheap_page(pg); + return rc; +} + +static paddr_t arm_cca_rtt_span(unsigned int level) +{ + switch ( level ) + { + case 1: + return ARM_CCA_L0_TABLE_SPAN; + case 2: + return ARM_CCA_L1_TABLE_SPAN; + case 3: + return ARM_CCA_L2_TABLE_SPAN; + default: + return 0; + } +} + +static paddr_t arm_cca_rtt_start(paddr_t base, unsigned int level) +{ + return ROUNDDOWN(base, arm_cca_rtt_span(level)); +} + +static unsigned int arm_cca_count_rtt_tables(paddr_t base, paddr_t end) +{ + unsigned int level, nr_tables =3D 0; + + for ( level =3D 1; level <=3D 3; level++ ) + { + paddr_t span =3D arm_cca_rtt_span(level); + + nr_tables +=3D (unsigned int)((ROUNDUP(end, span) - + ROUNDDOWN(base, span)) / span); + } + + return nr_tables; +} + +static bool arm_cca_build_should_preempt(unsigned long work, + unsigned long soft_limit, + unsigned long hard_limit) +{ + if ( work < soft_limit ) + return false; + + return hypercall_preempt_check() || work >=3D hard_limit; +} + +/* + * DEN0137 2.0-bet1 - D1.2.2 Realm Translation Table creation flow. + */ +static int arm_cca_build_rtts(struct domain *d, paddr_t base, + unsigned long nr_pages, + uint64_t *rmi_result) +{ + paddr_t end =3D base + nr_pages * PAGE_SIZE; + unsigned long work =3D 0; + int rc; + + if ( !d->arch.cca.rtts ) + { + unsigned int nr_tables =3D arm_cca_count_rtt_tables(base, end); + + d->arch.cca.rtts =3D xzalloc_array(struct arm_cca_rtt_record, nr_t= ables); + if ( !d->arch.cca.rtts ) + return -ENOMEM; + + d->arch.cca.build_rtt_level =3D 1; + d->arch.cca.build_next_ipa =3D arm_cca_rtt_start(base, 1); + } + + while ( d->arch.cca.build_rtt_level <=3D 3 ) + { + unsigned int level =3D d->arch.cca.build_rtt_level; + paddr_t span =3D arm_cca_rtt_span(level); + paddr_t ipa =3D d->arch.cca.build_next_ipa; + + if ( ipa >=3D end ) + { + level++; + d->arch.cca.build_rtt_level =3D level; + if ( level <=3D 3 ) + d->arch.cca.build_next_ipa =3D arm_cca_rtt_start(base, lev= el); + continue; + } + + rc =3D arm_cca_create_rtt_table(d, ipa, level, rmi_result); + if ( rc !=3D 0 ) + return rc; + + d->arch.cca.build_next_ipa =3D ipa + span; + + if ( arm_cca_build_should_preempt(++work, + ARM_CCA_BUILD_PREEMPT_TABLES, + ARM_CCA_BUILD_FORCE_PREEMPT_TABL= ES) ) + return -ERESTART; + } + + d->arch.cca.build_next_ipa =3D INVALID_PADDR; + d->arch.cca.build_rtt_level =3D 0; + + return 0; +} --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818378212692.7686552883308; Thu, 14 May 2026 21:12:58 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309492.1580570 (Exim 4.92) (envelope-from ) id 1wNjuj-00053N-NW; Fri, 15 May 2026 04:12:41 +0000 Received: by outflank-mailman (output) from mailman id 1309492.1580570; Fri, 15 May 2026 04:12:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjuj-00052z-GI; Fri, 15 May 2026 04:12:41 +0000 Received: by outflank-mailman (input) for mailman id 1309492; Fri, 15 May 2026 04:12:40 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjui-0004xX-Mx for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:40 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjui-000yVE-38 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:40 +0200 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d26-bab6-0a2a0a5309dd-0a2a4504b2a4-14 for ; Fri, 15 May 2026 06:12:40 +0200 Received: from [40.107.74.93] (helo=OS0P286CU010.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c44-1dec-0a2a45040019-286b4a5dedd0-4 for ; Fri, 15 May 2026 06:08:39 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYYP286MB3981.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:156::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.18; Fri, 15 May 2026 04:08:34 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EaMLNYa3RCkFZn9Ou4MuWZ+BQTd/LdhEIwfzfGqgN7UErUp8lTxNkvaWhju0Xt6Uli6fnfLkGGSKT2FHTdc2TdOlfwJK/IKiDnMzjH6ZRluf7ySroD5LfIE9zoazbLZWp3Wku3Tk8yOxI47yDFB5i4NI21efzHz9DD0HsZ+vTek+wE6nsdujp63chsFClXviI3y9Uscn/9Td68YsDzAhOhycqumaspe5+BqUimkkkmWDQdaHZF/gwwQrKATl7QBSoeCjsMKDPtHulpQL37mHhrbfvCo/4feGOditlqmRXel3WUtRNKc8zE6SpEBqxAimTqvakmzNEexRNfoAjRHOnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GEdXsCdriXn7T5hiFjbS6jzjWemTNnbeU0cz8lWbPus=; b=PrDcd/wYAL0OdhAwxUSTkPisMnEu/FSLf150+HLudg2uwI8a9hPlLfcqoeVqJkZekGRwHQjM81/hTeBkY5QutHkZ5gnl1VWb0adoJVlgLRF5drH5keN2amwF6FUMqqdcRjnqXW8/BtDWnuwaGxerCXA+RsTfuD4btZij7iuuvBG37TdelvJSwyBO+HnO/ChMTW5mMID7Fsivl+FELVA+z1GSIcZhlTZHYrlzakSOts1vl+MHIzHnHGgJAeBdIcxet0HSgLz95ermsOqu6iCpWoqRzQ++RBWofU0hvWDnXA3ULKZE/FcaTzFIEnqzuray3eDwGmIfnJcuhKb5v31bMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GEdXsCdriXn7T5hiFjbS6jzjWemTNnbeU0cz8lWbPus=; b=QR0/ATtgGo8OYIdmXHLZdPhHEHQY9X6s6MnP1LAyHZTlZutJNZDyIUO69VKuU0kcJ95eqKK6+eBK8JODa7XYHoWcq9LAKW4XgrSWpJgYI2vixzdYi2F/kS6RV/xhY2FLAogSeiXvHiNZRH8qTymX282mwr+WRm5+nD5aHNcF3fc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 17/26] xen/arm/cca: populate Realm DATA granules Date: Fri, 15 May 2026 13:08:03 +0900 Message-ID: <20260515040812.983626-18-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0214.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::10) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYYP286MB3981:EE_ X-MS-Office365-Filtering-Correlation-Id: e605dfe3-f4a1-45dc-bca5-08deb237a07a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|10070799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: Bj2zXttabehEEd/UdabDsCpV2yv5f/IEvr1gxNje3iBuAL68C8lwVfj3B2hxvBysQPnPHXTVf19owy66K/A+HlJJhwxNBkBLme2t4lyzOnErs2kv4KEkH4TneUglebPLPVfguP2WdjCrZ+J78Hj0PvkB9lZmBy/qytngxvRaiqgRJZ2fj+xRz3+9JaE4Iohndmil5Mut2T4SDNengq6ex5BxoZSubTF7cpr0MkyoZsl3BfADa5k5GyuXPQjYyHR8N+OTYTz6LHrJOpf/OY99+r6l0Sir1AzZ2KKjKofGyjBhaMfa6NMEvF6JnBrDgttOCA6vX4IKeX+EGWxsPVEj6iA21/akOn5uFOWrMSyH4QQYjLZID3HueaYRPdFQLYPupI8h9cvENh28bSgcDgJ+rbvwQGgshZ+aOKtoIb2rBPuAP6cAAuO+9kkZy40dhkYyGgaCZ12U8/MY/XQudO2qqNK639cP5krLfEl5rmKfRoFKYJg//d2O5uNEkMNU/6oTmsyJ70l7FotsWgMiJQd/remU/UP4Iu9DJnrw6m2uYVbjs+Xci9RCajlQmQ7zHifI4Ef3fFCqMyuTMtdCv8c2G+Sg8Le1TtMwD1RJmXujsGDkrYDtmlowDqfFm3QhQku70lZu3iZrsjoek2gNFUu1PezVqwZz8I/8sLRuU8/6yc6aFMpPs9OL47H9iYSh7Thp X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(10070799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?SyVUP4/IPCsdCMd15WMwfOp+ZtHVhAQytaLtho/vz5+nIYaOQNkjPHQrv4Of?= =?us-ascii?Q?v0/zSaGiK5PGt4aS8bnSVVF6MSH8yXbiLpquigqbfqAateOcHPAdIrp1lvC/?= =?us-ascii?Q?mtwu3yb8q1eE89tfvdhLIyXfITDubbj82JumzIAves/82FA+LXBmSp27s519?= =?us-ascii?Q?yWobfVVkgirMHB8GllXo6n7HWIXK+IVkwfSz4sUdI0AVDnuifejq5wa6fSEs?= =?us-ascii?Q?fVT8cf65f4GK5CHTpYzr890ntSb5p4EPCa5MqBSQwN+R11OAPuaqHf1UiQCZ?= =?us-ascii?Q?+Pi0fCmrLLknY5xtMmA1dG9YXu19jqTWEPiAnDXEZpsLbmWfcKYt6qgV6b+j?= =?us-ascii?Q?gx1mH7C879caBF5t/t3XdtBf7fi35PPR6e6M8yZalex3k7Kx08yFFBIIhMZV?= =?us-ascii?Q?yBYaMBu4QDomoPjBczDmv5SxEIy0TxuxCGkbUmOZJP2N4ZZuWj88tPIsykyg?= =?us-ascii?Q?6n2BmINIvlKzqhxCyDognHuf5794WLM/vkr7vG3r6fcU5Y2wE3pG/dUfcVho?= =?us-ascii?Q?TnAyfd19+duh9oU0/BOIRugklyOt+SZto/Hi8w7nX7RXdrqSbim2YNkuEdSk?= =?us-ascii?Q?zDK4GLJQB1AZk44wPNXsd+OkAKqagsQp45XOEHbt4ouGORwmQN/j7X3PQviL?= =?us-ascii?Q?UG3mz9Zf+9WLTK7ilu2nQQX1YLMN5u0EDES+KEkze0FYQ12slkDdkMXIrb1z?= =?us-ascii?Q?sOpuP1Hr17QbKgkvfJUayZBu7lUeALMcZXCwzRKP0JN/FEe6Nyb75LS3dF4e?= =?us-ascii?Q?hKSn+R3TuWifrLxNSNjXuEudXe5I7X8Z+BNhPYoRWmjZV6gBBoinmFxQ8ZNG?= =?us-ascii?Q?4u+s8/oeJKseAQqjs8zrDtNeD4d0q3jYVrzVbIEHAqKIrq6tXGEGOtEkFWHf?= =?us-ascii?Q?Aej7217mVbeZ+gefweaXv5Sa03P8vgiTxTRZWcJuUPBxDURWigptznPr/LLv?= =?us-ascii?Q?z7/yRNjX4UG+ng6+OZ3taV5wt3lj5ilYvuMluOTuIb3j4DcWSyCknn1GIgos?= =?us-ascii?Q?0NShI8peRT9eFMmHohjF/awqcp7MDzBvvIXUyJcdeDWff2P6P/3tkr8vzT6g?= =?us-ascii?Q?/b4a0D8PGmiDi1EH3koJBm/z8KsaY5BOpFdKFSbONy8QZUQLG8Tvy8mlUlYe?= =?us-ascii?Q?OP8yWFwk7KrUoNAXBIwXUlcC6EHnFl4giGAkvQAN2/WlImLj0FVdtIhfdozy?= =?us-ascii?Q?R0pY1H0fBJSlLosYAqnd8a1Nus4JhPU9NPgBL8EGOKQMjh32qf0yZU53P7lI?= =?us-ascii?Q?hsKzPjZ+bOw5PjxtAHu7XdHYba1BBLUpXqLHlwOSB3D3VUrq5zFDKg5MN33A?= =?us-ascii?Q?JwEqL8ZjHaP7y4G+6PZYICzUuKZFngzacECOpt0jhUPiIW5PZt5qhMyOL8Gv?= =?us-ascii?Q?GnnAh5C9Q1N8DpVZTZuu3LNUtNBunY4GolGAafy5/By9Ui2JdguoEiLOaPuo?= =?us-ascii?Q?w1moMOQ/LQ3R3a0z22IAANsne+oHA3bQ1D9UFagHBQzRqjzdgYQhO6kL6W8Q?= =?us-ascii?Q?6Ybiw7UCH1QQQTyDBiGMB/eQ84vW3VeMyMkfRTykE8aRR+sR0M430N01aG5c?= =?us-ascii?Q?IjJsMj6vePhV7SSCuASprQL6A4Rp9Ic95y0rzXiE4fCY9Nn9ya9cQL5Vjx9v?= =?us-ascii?Q?TLvAFaKNJxBECFHcTjdhyDkamgpGz3f7fzXkyrGhR5MWmakhdotAMsvqT8xQ?= =?us-ascii?Q?nqjBnS+/w0EljZvloWtETG67KqWQTpQtAtpNNp/7UMNGGzoXUVUYmDHNKC8Z?= =?us-ascii?Q?AvH4BpNWuCHmNsgtXImB/1ahSVk3lxfAlNpu7f7nMilRl5ebT7fe?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: e605dfe3-f4a1-45dc-bca5-08deb237a07a X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:31.9085 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HaKEkwrk4Xet+1ljFxLabMxIlJE/N1cJDZ2cB3DgbkKRId1rSH76Md0Y/lv1A+DkSq99284reELpOB3EtR2B4A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB3981 X-purgate-ID: tlsNG-ebf023/1778818119-435683FF-6B50311F/13/0 X-purgate-type: clean X-purgate-size: 4337 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818378591158500 Content-Type: text/plain; charset="utf-8" Move initial guest RAM out of the p2m, delegate it, and map it into the Realm with measurement enabled. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/build.c | 124 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/xen/arch/arm/cca/build.c b/xen/arch/arm/cca/build.c index 10f61b5038ef..8e607e97b99c 100644 --- a/xen/arch/arm/cca/build.c +++ b/xen/arch/arm/cca/build.c @@ -664,3 +664,127 @@ static int arm_cca_build_rtts(struct domain *d, paddr= _t base, =20 return 0; } + +/* + * DEN0137 2.0-bet1 - D1.2.3 Initialize memory of New Realm flow. + */ +static int arm_cca_create_data_pages(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages, + uint64_t *rmi_result) +{ + struct page_info *scratch_pg; + void *scratch; + unsigned long i, work =3D 0; + int rc =3D 0; + + if ( !d->arch.cca.data_pages ) + { + d->arch.cca.data_pages =3D xzalloc_array(struct arm_cca_data_page_= record, + nr_pages); + if ( !d->arch.cca.data_pages ) + return -ENOMEM; + } + + scratch_pg =3D arm_cca_alloc_host_page(); + if ( !scratch_pg ) + return -ENOMEM; + + scratch =3D map_domain_page(page_to_mfn(scratch_pg)); + + for ( i =3D d->arch.cca.nr_data_pages; i < nr_pages; ++i ) + { + paddr_t ipa =3D gfn_to_gaddr(gfn_add(base_gfn, i)); + struct page_info *page; + p2m_type_t p2mt; + mfn_t mfn; + void *src; + struct arm_smccc_res res; + bool removed =3D false, delegated =3D false; + + page =3D get_page_from_gfn(d, gfn_x(gfn_add(base_gfn, i)), &p2mt, + P2M_ALLOC); + if ( !page ) + { + rc =3D -ENOENT; + break; + } + + if ( p2mt !=3D p2m_ram_rw ) + { + put_page(page); + rc =3D -EINVAL; + break; + } + + mfn =3D page_to_mfn(page); + src =3D map_domain_page(mfn); + memcpy(scratch, src, PAGE_SIZE); + unmap_domain_page(src); + + rc =3D guest_physmap_remove_page(d, gfn_add(base_gfn, i), mfn, 0); + if ( rc !=3D 0 ) + { + put_page(page); + break; + } + removed =3D true; + d->arch.cca.build_unrecoverable =3D true; + + rc =3D arm_cca_delegate_granule(page_to_maddr(page)); + if ( rc !=3D 0 ) + goto err_page; + delegated =3D true; + + /* + * TODO: If plain RAM should be left out of RIM, have the toolstack + * pass explicit measured ranges (kernel, initrd, DTB, etc.) and u= se + * DATA_MAP outside those ranges. Do not infer this from page cont= ents. + */ + rc =3D arm_cca_rmi_rtt_data_map_init( + d->arch.cca.rd, page_to_maddr(page), ipa, + page_to_maddr(scratch_pg), + ARM_CCA_RMI_DATA_FLAGS_MEASURE_CONTENT, &res); + rc =3D arm_cca_build_record_rmi_failure(rmi_result, rc, &res); + if ( rc !=3D 0 ) + goto err_page; + + d->arch.cca.data_pages[i].ipa =3D ipa; + d->arch.cca.data_pages[i].pa =3D mfn_to_maddr(mfn); + d->arch.cca.nr_data_pages++; + + put_page(page); + + if ( arm_cca_build_should_preempt(++work, + ARM_CCA_BUILD_PREEMPT_PAGES, + ARM_CCA_BUILD_FORCE_PREEMPT_PAGE= S) ) + { + rc =3D -ERESTART; + break; + } + + continue; + +err_page: + if ( delegated ) + { + if ( arm_cca_undelegate_build_page(d, page) ) + delegated =3D false; + else + { + d->arch.cca.data_pages[i].ipa =3D INVALID_PADDR; + d->arch.cca.data_pages[i].pa =3D page_to_maddr(page); + d->arch.cca.nr_data_pages++; + } + } + + put_page(page); + if ( removed && !delegated ) + free_domheap_page(page); + break; + } + + unmap_domain_page(scratch); + free_domheap_page(scratch_pg); + + return rc; +} --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 177881814867985.16948762752713; Thu, 14 May 2026 21:09:08 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309356.1580438 (Exim 4.92) (envelope-from ) id 1wNjqy-0004N1-2N; Fri, 15 May 2026 04:08:48 +0000 Received: by outflank-mailman (output) from mailman id 1309356.1580438; Fri, 15 May 2026 04:08:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqx-0004MU-SP; Fri, 15 May 2026 04:08:47 +0000 Received: by outflank-mailman (input) for mailman id 1309356; Fri, 15 May 2026 04:08:46 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqw-0004BB-Gt for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:46 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqv-0051ua-Td for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:45 +0200 Received: from [10.42.69.12] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c36-bab6-0a2a0a5309dd-0a2a450c90bc-14 for ; Fri, 15 May 2026 06:08:45 +0200 Received: from [52.101.228.84] (helo=OS0P286CU011.outbound.protection.outlook.com) by tlsNG-d25034.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c4b-62f1-0a2a450c0019-3465e45466d0-3 for ; Fri, 15 May 2026 06:08:45 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:35 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=arrFO6a2sjzq/3ApCdKsYNAQyoNnWnEDCNbpZPW7MwZTmuB+TIWfpAtskWAJT0cFbiq4eTuRuGbVRplyuU8JFqD9a9FaXqUFn6AJNb+WGSOnTzAONlx+wCXA/kde7frUyxSbVT6wFiKBogR+rJt2YYPuYJH2ItwAy/7wHJx4FuSZ/OpFxCtybYLrdF+f3pfI9uypYvoYVQ2nQIAEyJDYZpRsYxkhtnMNg6ZrQnVU+PUGg78mXvw1S2DQ7+VL+3zHVYJjyrF12YyF2wRWhWeGt1nYzOCKRsyC/UAFjnBFS87LH16Lczu42+BVj8JBVoHaYZMQJhFCtfEvS83rYhhi0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DiTfP5ChOZW8sjqcWWmT0T9qF7NP3o4lD8/7QRCmBhE=; b=CjnNAGqTHYoAbp1Xe64vovWBsdR0EY58EwBsuMQNcshiah8wBa9/vhUNjaFE6RMwIDzXsZG+aLraYVOlPCBNiuSNarQtOERkgoXhpx1pNIxYmEAs+JYErPPHWNOGQkU5E2omK0JvWMf0XfMv/hLW/U5C3yD75xcgDr6/Xf0+SnLvUFwM9cuJHEWuuyyjjK2STsE8V9ZROq1RSVTf2Iu4CMFiBmjETQhtERONrj7Lx/8t/POAlJRqm/pLJjl2r2lxHpBgpZRU3XV3hAdi6I4D28J9s+ge/ELHMrmuTfuo8d1nuHLNzqFwn5ycuhjXkYXQjkcoWrYaQjiZY5vFtNZiew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DiTfP5ChOZW8sjqcWWmT0T9qF7NP3o4lD8/7QRCmBhE=; b=OU8p56epggxR3lOdRHCHF9J2jpw97Vb+Eb5pywnrAtbdGMaP13EpZlEEmgjhEGMwYwRA+dGhPhBbDpuoq/zmPmnlCoYgMUWmsCGvDFOFKHU2zqsT7J6xAUoHjUq4VEbmZt9Hntos7L2SWThCP1aJhIOuRHECiH0FcUaxz4MmdRI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 18/26] xen/arm/cca: create RECs and activate Realms Date: Fri, 15 May 2026 13:08:04 +0900 Message-ID: <20260515040812.983626-19-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCPR01CA0207.jpnprd01.prod.outlook.com (2603:1096:405:7a::8) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: fb795c32-8e36-470c-25b1-08deb237a0f2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: u7BvWJ4Xum8DAsKkj2EhOWUimA2PvaUXZ/mihCxXPz6O3MGU28JAI22PMl9z9REpqTBkD8NIhqyKzI18H5x5vJgv9k+s1W54SYUAgMA/G4fslBR4/LEuczWBK24e9m4gxjom/BQua4Pprwdm02ailsBEBR1d1Nn3okyZ04LK1Im3VGAh/aDve9rqhTysArYSxb5oqGsv5ueAAAXIRKliDFvkyPRvbzd6B6rCqGF962Lpf85exNd+2mgEeAFkZb49sKXyq0hbWatLNmaU7coqvePS/dSkN1o8O3Y1SlQrpbyBFHhNnIJ0b+dgjyyohPO2V2d8bwG7uiC7vfKXIoiya2sWvgrC3EaD4F/FtkUrq3yz9y2CY2Z0ucXUmxOTsz10JtSc/V6JrbLzGsjADmEfTX2Ub9+XQd5EVtVRWGP8Rf7tnE4EMHQ8hZo8uvjzFdB1X5LkyDJ5Y2Yq1b/S2MKcmogbD0eipp6VwP5Ft3xwOv6VzxPmV+97ewF7Tr5ZEtNQmmy7LK+MF6BtvfjPP2ayGKJukqj5zgT18kXPdn2nAelINIxqnV7Yz1+dTZolQ1Z20JjpIfQe4CzLccn+w+swNhWhNOVPIgXgpozOG7djZH+90jdooOfVDEqzx3nKlG7Bx/sfJRAfYyksXX1xSnzUtJhAUbjrXSrtf9HxYEq4jyjAgwYrdcXCozVcalHTM00V X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?nI6bvk9tLDVNkqMhy0HhrNlnaKdZzQbiBTU9Hy1FyD20e8C2kmeUi8G2tJDh?= =?us-ascii?Q?qdJWDj3LGF4ny/BfWG5SMRRoObC9t/lkh6oiDnOrtnhtAEuAnUXiGxwYe1zi?= =?us-ascii?Q?VixVjxxGZRmRZtXGuCQaZGiosTjVUuuAUSTO6BZ8h7PKGonIj3tCEHIwbKS8?= =?us-ascii?Q?bCTsWNqTSdnEIw6Vn4CJG6E+xKrOJFp1PdpGLpWsZVPNlCU0vpk37noR9K8t?= =?us-ascii?Q?pewT2oI3M3IkTWwRkre4bPXhkrTrV18nK7h69ZVKXV5hUxqgnajxhnffiqND?= =?us-ascii?Q?vDmGh6mH6kE2UX7jrpsAVxDrXcalvA0tqZlqXr7a8Vj0Ypc915EHt5mDJ2pp?= =?us-ascii?Q?ey0vME6/X02PrYHCGrXusMTSvev5n8IPK03rJO5NMInnEoXn+ltm3MbSpGeU?= =?us-ascii?Q?c3ByP2W7AaX27ovnsCucYBKQSPnXRlKUfPZPtKD8XAWg5ZGEtPTMgxenNA+Y?= =?us-ascii?Q?y/25Ss44hNo1xxl61ela5NfXlP+dvYHq2iliWEgn6NTrv3CUrukf8CrYAjQE?= =?us-ascii?Q?nNgGLGZIbdx36HuQ8HKt9butCDcu9wgx7gP7je+zlUGrQrS72kQZx8S/fyuI?= =?us-ascii?Q?eI3lhtUsqlkinoYr/4+5i15WSiHY+BUcf5Y5zt63XdA6C5zRCburkfOZrSUY?= =?us-ascii?Q?4so5xyxd2OZYjyX1EEd3lfbzOwyoSivUHYWwqeN3pHvnacvcWCccz2zplXQI?= =?us-ascii?Q?J6oZf7U1WMtCEtAWsp7W/S0BvYsW0MHvVFJUyuDIT6QQP3xLfI452XgCL8sD?= =?us-ascii?Q?tlozVIscK9ge4FgJOvDcZi7JQNnuZa1y+vFdtyHlf83pPRkxXB9gD4I0vlsB?= =?us-ascii?Q?WJ/4WFvL/HV/xvDw1/LjfVs5199JecMh3BjyRMw89dCoAV8hQwkbFTT8ufPO?= =?us-ascii?Q?Sg70vqq1PGbAx1hDLu7xksGKu1ObIdiu1BOJdgJboPaOrESbQ2gukqsjVVtK?= =?us-ascii?Q?TYehlUmdYFAQm6R4516vIiJ9uvmjcoO1B8QeO+EAvjmuD0g/CWat7cCV6ruc?= =?us-ascii?Q?IBePCdBYlnDmqHP8o+Ue63pFXGvNUdgZsScRK6ZLhxrifvwhqTxgnzso6hE/?= =?us-ascii?Q?1BNEZ//0Y7H7qq89MtCKu19aaSYBWkFLSi74nej8rjZyYwxo4niil498LeLI?= =?us-ascii?Q?4prKz+CZENkNDpkdtZVQNc1f8ET5pIB9Tirq49vhb2fO6wTng6JfrRPpcGor?= =?us-ascii?Q?h5yMC0a22wKDT2VqW80o1uEwPdH7GJJHUVZGtgJSSMeasPhBUIZxF6sN+cr7?= =?us-ascii?Q?lOGBxhOSONIkjORaLr7YVkum7+1dOKqzhO0uhyr+JR/za+oR95fKZhXbYDbg?= =?us-ascii?Q?NaME434TDhz0WqdWBxUi79bDiQqxXJjk8iF1eXyNYou76qe8Wn4brv6xq84g?= =?us-ascii?Q?BBcKx+mt3j3NVdh/RnCh+k6qnyzxeh3a3z4tehTlGzMiupUrhlskw43Y5ehV?= =?us-ascii?Q?382JzTQGocwj3kdo2fs+dJTKtW1rSbYxJ/a2XR/nDih0Ctfty4Vo3ghYuyVF?= =?us-ascii?Q?dShHG5+1BZ6pojjZFIKY0O72IKBODWXfrkPpVEFvus/f4UJ60JZS50wyDnNS?= =?us-ascii?Q?2k8Yn497mYSSI323+VOvgmubbLo2KBFfqa1VbuGs5FrUH41uZzRfMWaqs0ck?= =?us-ascii?Q?fSj4146h6pwCBgvqWSlUFX670sIAfN9BfDa3jGD5w+wSeIgLBK024LrMLRuQ?= =?us-ascii?Q?1HUkx26q5TRf6ebj+c84O4SFAa1TOY9gJa0OTuqueLUnd5E8pspvrFM3grfJ?= =?us-ascii?Q?4csUPIhSLEuQmjPCHVWToGqPaf/RFw4JZnUoqH7S0inp6zRv6mmx?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: fb795c32-8e36-470c-25b1-08deb237a0f2 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:32.6936 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zyQwljqCxvJtSjUcUkD7Y7JW7k74wXQFr8l4xs7a/waImBRF6pysRyedWtULpXhNQkITK+7vPdcCrQsnZ6C6hg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-d25034/1778818125-F5784CF5-C1540339/0/0 X-purgate-type: clean X-purgate-size: 14710 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818149649158500 Content-Type: text/plain; charset="utf-8" Finish the restartable build path with REC creation and Realm activation. Keep enough state to continue after preemption or abort cleanly. Signed-off-by: Koichiro Den --- xen/arch/arm/Kconfig | 11 ++ xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/build.c | 333 +++++++++++++++++++++++++++++++++ xen/arch/arm/cca/state.c | 7 + xen/arch/arm/include/asm/cca.h | 26 +++ 5 files changed, 378 insertions(+) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index dc99020c96de..3635a79af272 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -132,6 +132,17 @@ config ARM_CCA =20 This support is experimental. If unsure, say N. =20 +config ARM_CCA_REALM_DEBUG_VUART + bool "Debug VUART console for Arm Realm guests" + depends on ARM_CCA && SBSA_VUART_CONSOLE + help + Allow Arm CCA Realm guests to use the emulated SBSA UART console. + + The VUART is a host-visible clear-text debug channel. It is useful + for Realm debug access while there is no better guest access + path, but confidentiality-oriented configurations should disable it + and rely on attested in-Realm services instead. + config GICV2 bool "GICv2 driver" default y diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile index bf6d9b58ebec..0e66280012b7 100644 --- a/xen/arch/arm/cca/Makefile +++ b/xen/arch/arm/cca/Makefile @@ -3,3 +3,4 @@ obj-y +=3D realm.o obj-y +=3D rmi.o obj-y +=3D sro.o obj-y +=3D state.o +obj-y +=3D build.o diff --git a/xen/arch/arm/cca/build.c b/xen/arch/arm/cca/build.c index 8e607e97b99c..29eb0c6057b0 100644 --- a/xen/arch/arm/cca/build.c +++ b/xen/arch/arm/cca/build.c @@ -788,3 +788,336 @@ err_page: =20 return rc; } + +static void arm_cca_adopt_rec_aux_pages(struct vcpu *v, + struct page_info **pending_aux, + unsigned int *nr_pending_aux) +{ + unsigned int i; + + for ( i =3D 0; i < *nr_pending_aux; ++i ) + { + ASSERT(v->arch.cca.nr_aux < ARRAY_SIZE(v->arch.cca.aux_pages)); + v->arch.cca.aux_pages[v->arch.cca.nr_aux++] =3D pending_aux[i]; + pending_aux[i] =3D NULL; + } + + *nr_pending_aux =3D 0; +} + +static int arm_cca_rmi_rec_create_complete(struct domain *d, struct vcpu *= v, + paddr_t rec, paddr_t params, + uint64_t *rmi_result) +{ + struct page_info *pending_aux[ARM_CCA_MAX_REC_AUX] =3D { NULL }; + unsigned int nr_pending_aux =3D 0; + struct arm_cca_sro_mem_xfer xfer =3D { + .pages =3D pending_aux, + .nr_pages =3D &nr_pending_aux, + .abandoned_pages =3D &d->arch.cca.abandoned_pages, + }; + struct arm_smccc_res res; + int rc; + + if ( v->arch.cca.nr_aux > ARRAY_SIZE(v->arch.cca.aux_pages) ) + return -EIO; + + xfer.max_pages =3D ARRAY_SIZE(v->arch.cca.aux_pages) - v->arch.cca.nr_= aux; + + rc =3D arm_cca_rmi_rec_create(d->arch.cca.rd, rec, params, &res); + rc =3D arm_cca_sro_complete_mem_transfer(rc, &res, &xfer); + rc =3D arm_cca_build_record_rmi_failure(rmi_result, rc, &res); + + if ( rc !=3D 0 && nr_pending_aux !=3D 0 ) + { + /* + * Accepted REC auxiliary pages are returned only when the SRO rep= orts + * RMI_OP_MEM_REQ_RECLAIM. If it ends before then, Xen has no sep= arate + * reclaim operation for them. + */ + d->arch.cca.build_unrecoverable =3D true; + } + + if ( nr_pending_aux !=3D 0 ) + arm_cca_adopt_rec_aux_pages(v, pending_aux, &nr_pending_aux); + + return rc; +} + +static int arm_cca_create_rec(struct domain *d, struct vcpu *v, bool runna= ble, + uint64_t *rmi_result) +{ + struct cpu_user_regs *regs; + struct arm_cca_rmi_rec_params *params; + struct page_info *rec_pg =3D NULL; + struct page_info *params_pg =3D NULL; + bool rec_delegated =3D false, run_created =3D false; + void *va; + int rc =3D -ENOMEM; + + rec_pg =3D arm_cca_alloc_host_page(); + if ( !rec_pg ) + goto out; + + params_pg =3D arm_cca_alloc_host_page(); + if ( !params_pg ) + goto out; + + if ( !v->arch.cca.run ) + { + v->arch.cca.run =3D arm_cca_alloc_rec_run(); + if ( !v->arch.cca.run ) + goto out; + v->arch.cca.run_pa =3D virt_to_maddr(v->arch.cca.run); + run_created =3D true; + } + + rc =3D arm_cca_delegate_granule(page_to_maddr(rec_pg)); + if ( rc !=3D 0 ) + goto out; + rec_delegated =3D true; + + va =3D map_domain_page(page_to_mfn(params_pg)); + params =3D va; + regs =3D &v->arch.cpu_info->guest_cpu_user_regs; + + /* + * REC_CREATE takes an RmiRecMpidr affinity value, not a full MPIDR_EL= 1. + * DEN0137 2.0-bet1 - B4.6.68 RmiRecMpidr type. + */ + arm_cca_rec_params_init(params, vcpuid_to_vaffinity(v->vcpu_id), + regs->pc, runnable); + params->gprs[0] =3D regs->x0; + params->gprs[1] =3D regs->x1; + params->gprs[2] =3D regs->x2; + params->gprs[3] =3D regs->x3; + + unmap_domain_page(va); + + rc =3D arm_cca_rmi_rec_create_complete(d, v, page_to_maddr(rec_pg), + page_to_maddr(params_pg), + rmi_result); + if ( rc !=3D 0 ) + goto out; + + arm_cca_rec_run_init(v->arch.cca.run); + + v->arch.cca.rec_page =3D rec_pg; + v->arch.cca.rec =3D page_to_maddr(rec_pg); + rc =3D 0; + +out: + if ( params_pg ) + free_domheap_page(params_pg); + + if ( rc !=3D 0 && rec_pg ) + arm_cca_free_or_abandon_build_page(d, rec_pg, rec_delegated); + + if ( rc !=3D 0 && run_created ) + { + arm_cca_free_rec_run(v->arch.cca.run); + v->arch.cca.run =3D NULL; + v->arch.cca.run_pa =3D INVALID_PADDR; + } + + return rc; +} + +/* DEN0137 2.0-bet1 - D1.2.4 REC creation flow. */ +static int arm_cca_create_recs(struct domain *d, uint64_t *rmi_result) +{ + unsigned int i; + int rc; + + for ( i =3D 0; i < d->max_vcpus; ++i ) + { + struct vcpu *v =3D d->vcpu[i]; + + ASSERT(v); + + rc =3D arm_cca_create_rec(d, v, i =3D=3D 0, rmi_result); + if ( rc !=3D 0 ) + return rc; + + } + + return 0; +} + +static void arm_cca_build_state_clear(struct domain *d) +{ + d->arch.cca.build_phase =3D ARM_CCA_BUILD_NONE; + d->arch.cca.build_unrecoverable =3D false; + d->arch.cca.build_abort_rmi_result =3D 0; + d->arch.cca.build_base_gfn =3D INVALID_GFN; + d->arch.cca.build_nr_pages =3D 0; + d->arch.cca.build_next_ipa =3D INVALID_PADDR; + d->arch.cca.build_rtt_level =3D 0; +} + +static void arm_cca_build_state_start(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages) +{ + d->arch.cca.build_phase =3D ARM_CCA_BUILD_VALIDATE; + d->arch.cca.build_unrecoverable =3D false; + d->arch.cca.build_abort_rmi_result =3D 0; + d->arch.cca.build_base_gfn =3D base_gfn; + d->arch.cca.build_nr_pages =3D nr_pages; + d->arch.cca.build_next_ipa =3D INVALID_PADDR; + d->arch.cca.build_rtt_level =3D 0; +} + +static int arm_cca_build_state_check(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages) +{ + if ( d->arch.cca.build_phase =3D=3D ARM_CCA_BUILD_NONE ) + { + arm_cca_build_state_start(d, base_gfn, nr_pages); + return 0; + } + + if ( !gfn_eq(d->arch.cca.build_base_gfn, base_gfn) || + d->arch.cca.build_nr_pages !=3D nr_pages ) + return -EBUSY; + + return 0; +} + +static int arm_cca_domain_finalize_abort(struct domain *d) +{ + unsigned int i; + bool fatal =3D d->arch.cca.build_unrecoverable; + int rc; + + rc =3D arm_cca_domain_relinquish_resources(d); + if ( rc !=3D 0 ) + { + if ( rc =3D=3D -ERESTART ) + return rc; + + return -EIO; + } + + for ( i =3D 0; i < d->max_vcpus; ++i ) + { + struct vcpu *v =3D d->vcpu[i]; + + if ( v =3D=3D NULL ) + continue; + + arm_cca_vcpu_destroy(v); + arm_cca_vcpu_init(v); + } + + return fatal ? -EIO : 0; +} + +int arm_cca_domain_finalize(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages, + uint64_t *rmi_result) +{ + paddr_t base =3D gfn_to_gaddr(base_gfn); + struct arm_smccc_res res; + uint64_t abort_rmi_result; + int abort_rc, rc; + + if ( rmi_result ) + *rmi_result =3D 0; + + rc =3D arm_cca_build_state_check(d, base_gfn, nr_pages); + if ( rc !=3D 0 ) + return rc; + + for ( ;; ) + { + switch ( d->arch.cca.build_phase ) + { + case ARM_CCA_BUILD_VALIDATE: + rc =3D arm_cca_validate_domain(d, base_gfn, nr_pages); + if ( rc !=3D 0 ) + { + arm_cca_build_state_clear(d); + return rc; + } + rc =3D arm_cca_probe(d); + if ( rc !=3D 0 ) + { + arm_cca_build_state_clear(d); + return rc; + } + d->arch.cca.build_phase =3D ARM_CCA_BUILD_CREATE_REALM; + fallthrough; + + case ARM_CCA_BUILD_CREATE_REALM: + rc =3D arm_cca_create_realm(d, rmi_result); + if ( rc !=3D 0 ) + goto err; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_BUILD_RTTS; + fallthrough; + + case ARM_CCA_BUILD_BUILD_RTTS: + rc =3D arm_cca_build_rtts(d, base, nr_pages, rmi_result); + if ( rc =3D=3D -ERESTART ) + return rc; + if ( rc !=3D 0 ) + goto err; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_CREATE_DATA; + fallthrough; + + case ARM_CCA_BUILD_CREATE_DATA: + rc =3D arm_cca_create_data_pages(d, base_gfn, nr_pages, rmi_re= sult); + if ( rc =3D=3D -ERESTART ) + return rc; + if ( rc !=3D 0 ) + goto err; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_CREATE_REC; + fallthrough; + + case ARM_CCA_BUILD_CREATE_REC: + rc =3D arm_cca_create_recs(d, rmi_result); + if ( rc !=3D 0 ) + goto err; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_ACTIVATE; + fallthrough; + + case ARM_CCA_BUILD_ACTIVATE: + rc =3D arm_cca_rmi_realm_activate(d->arch.cca.rd, &res); + rc =3D arm_cca_build_record_rmi_failure(rmi_result, rc, &res); + if ( rc !=3D 0 ) + goto err; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_BIND; + fallthrough; + + case ARM_CCA_BUILD_BIND: + d->arch.cca.realm_active =3D true; + arm_cca_build_state_clear(d); + return 0; + + case ARM_CCA_BUILD_ABORT: + abort_rmi_result =3D d->arch.cca.build_abort_rmi_result; + rc =3D arm_cca_domain_finalize_abort(d); + if ( rc =3D=3D -ERESTART ) + return rc; + /* The original build error is gone after a continuation. */ + if ( rc =3D=3D 0 ) + rc =3D -EIO; + if ( rc =3D=3D -EIO && rmi_result ) + *rmi_result =3D abort_rmi_result; + return rc; + + default: + rc =3D -EINVAL; + goto err; + } + } + +err: + d->arch.cca.build_abort_rmi_result =3D rmi_result ? *rmi_result : 0; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_ABORT; + + abort_rc =3D arm_cca_domain_finalize_abort(d); + if ( abort_rc =3D=3D -ERESTART ) + return abort_rc; + + return abort_rc ?: rc; +} diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index 72dbb83841d7..d85a20a9e7d2 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -32,6 +32,13 @@ static void arm_cca_reset_domain_state(struct domain *d) d->arch.cca.nr_data_pages =3D 0; d->arch.cca.relinquish_data_idx =3D 0; d->arch.cca.realm_terminate_done =3D false; + d->arch.cca.build_phase =3D ARM_CCA_BUILD_NONE; + d->arch.cca.build_unrecoverable =3D false; + d->arch.cca.build_abort_rmi_result =3D 0; + d->arch.cca.build_base_gfn =3D INVALID_GFN; + d->arch.cca.build_nr_pages =3D 0; + d->arch.cca.build_next_ipa =3D INVALID_PADDR; + d->arch.cca.build_rtt_level =3D 0; =20 for ( i =3D 0; i < ARRAY_SIZE(d->arch.cca.realm_sro_pages); ++i ) d->arch.cca.realm_sro_pages[i] =3D NULL; diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index d69e95a10010..5e6b11a3693d 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -2,6 +2,7 @@ #ifndef ARM_CCA_H #define ARM_CCA_H =20 +#include #include #include #include @@ -41,6 +42,18 @@ struct arm_cca_data_page_record { paddr_t pa; }; =20 +enum arm_cca_build_phase { + ARM_CCA_BUILD_NONE, + ARM_CCA_BUILD_VALIDATE, + ARM_CCA_BUILD_CREATE_REALM, + ARM_CCA_BUILD_BUILD_RTTS, + ARM_CCA_BUILD_CREATE_DATA, + ARM_CCA_BUILD_CREATE_REC, + ARM_CCA_BUILD_ACTIVATE, + ARM_CCA_BUILD_BIND, + ARM_CCA_BUILD_ABORT, +}; + struct arm_cca_domain_state { bool realm_active; paddr_t rd; @@ -70,6 +83,15 @@ struct arm_cca_domain_state { /* Realm destruction state for domain_relinquish_resources(). */ unsigned long relinquish_data_idx; bool realm_terminate_done; + + /* Continuable Realm construction state for XEN_DOMCTL_arm_cca_op. */ + enum arm_cca_build_phase build_phase; + bool build_unrecoverable; + uint64_t build_abort_rmi_result; + gfn_t build_base_gfn; + unsigned long build_nr_pages; + paddr_t build_next_ipa; + unsigned int build_rtt_level; }; =20 struct arm_cca_vcpu_state { @@ -85,8 +107,12 @@ struct arm_cca_vcpu_state { void arm_cca_domain_init(struct domain *d); void arm_cca_domain_destroy(struct domain *d); int arm_cca_domain_relinquish_resources(struct domain *d); +int arm_cca_domain_finalize(struct domain *d, gfn_t base_gfn, + unsigned long nr_pages, + uint64_t *rmi_result); =20 void arm_cca_vcpu_init(struct vcpu *v); +void noreturn arm_cca_vcpu_run(struct vcpu *v); void arm_cca_vcpu_destroy(struct vcpu *v); =20 void *arm_cca_alloc_rec_run(void); --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818323757189.4052217333017; Thu, 14 May 2026 21:12:03 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309423.1580474 (Exim 4.92) (envelope-from ) id 1wNjtp-0000cr-Kz; Fri, 15 May 2026 04:11:45 +0000 Received: by outflank-mailman (output) from mailman id 1309423.1580474; Fri, 15 May 2026 04:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtp-0000ck-II; Fri, 15 May 2026 04:11:45 +0000 Received: by outflank-mailman (input) for mailman id 1309423; Fri, 15 May 2026 04:11:43 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtn-0000aU-EI for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:43 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtm-0052Iz-Qq for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:42 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-e002-0a2a0a5209dd-0a2a4505a2ee-12 for ; Fri, 15 May 2026 06:11:42 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-4 for ; Fri, 15 May 2026 06:08:42 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:37 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=I+Mwv9doEpL2dG4jZioqU2Kknggnd98GpjjzPGosMa2iRRSIp6O/nfW0SyX1YVmZ5bVDOxQrL6auDQDck15aeaymVVih2OZH0UpegmKXsSo1Q16LjKwR8nMg3vNTMkH/62VALPW4e6tpbkqzDRWEGckPJr36d9WiIbus+TZ34z1wsztEUBKMv0+z9WGAxikikzD+WFC7odBPh9wT7Kc+kep3K8aXT7rFVaP1dKLo2E6zNmBjwEqxusqN1FBTCOzUNfPQ9DdLTtNOL6cN5hJTnG6CXdj1o1hOQ0DmR0b96e2K2smWXb9UfsQ9xK6HYPCYQWucLaUISw3ExLj6CTQQ6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0GEQq9mUrsUO2xmFWtA16fpenonSWpgtrYzSVQj3dvs=; b=Q5s2yI/O1dtr+dmoLh13LvNx5cH63OY4ijrIl6nw7vFPLyLa9c8ToSyyeL+uoQdFPwU6sDj+hC+FjWppeNX+mErOPTrtkJPbRSQW76a2b+bG9guohPOsxjRR99TERYSucUp1zlDgUitCgmsMegTD2gy+CCQnhSiCYzRoq0f5O38mQ6R+t5Q5aFr0W157+GgmDOAYMPzVI/B8xn6QyilAOfKoXAbA5F20Wb5V94bZ1I8DIz4W2iAc9TQ0BV1EVzmMAlm9p0hA/RmRuly402F20go1Bzrh65IY4ikDTsODxuy28xVGxCh6KohNVn2k+cVybBNqQV4yQB4oo8sJBlWthg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0GEQq9mUrsUO2xmFWtA16fpenonSWpgtrYzSVQj3dvs=; b=RyEXpRN6OGjpLer46tyyDBhwLNmLMLbql9h3MIev/DmRhiuOOAFcX4gjsbXBvBgrSQCidx0WgvJxeWzEDfrlgX+Ljpli6fMm5sRl6+7S624Ha28MNiuNuOy/sb+wMMVJwLy8WKTxgjnw7GjbV+GVNukR7U0nMDltN2hqWRbLF44= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 19/26] xen/arm: io: add register-backed MMIO emulation helpers Date: Fri, 15 May 2026 13:08:05 +0900 Message-ID: <20260515040812.983626-20-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYXPR01CA0066.jpnprd01.prod.outlook.com (2603:1096:403:a::36) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: e7b2df52-2116-46b7-47cf-08deb237a16b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|3023799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: U6VlV6gaUUfaFI/K38P8Q6Hk6DXv19NQxfciuaNyiSVmmkDP55JiTinpy1unUtgqIc5jMOxDxSaXST9+O1wmei5UluCUisXXAry5Uv05ltp6INJ/pCEI2IEF7uvPCTsnJ/3pW+C5tQkzf9IN/swiEckqisKgZm5tG2kEqATSyNLXnQiyJRmY8UuJDekFkWzjvMBENBKDdYyPn01v0vg6U5gQgkBLqkeMaOpbg7cqLUMBpEQL/QCi5MykHz0b6+T0mmHMg/7r0a+FSQzs3nKa7/LWyRMXDe0CU8z628rZQk9IrUSatm3yAPctr8XylnsBnl/f5pjpBAi78HXKWdlwZ8bQqvB4us49hZhkNPPP6Mo3yOnaGzJ3zmZP2ikPcJyid/DL3EqswIv/oVuR8YgFGQsFNKl9J10niu/I1ft8q55a7t4kKmXpFdBZS9S8rRieX2zVtbwmfcrHOB2QxS8FSKdCSmmkF0Tp9whvNBiIIKziuwyoZhH1/jgLNO88jnTCXvj+qs3/2BndH8nd2K6EFttzH+dAhpltLoBCtfzDAiNtzkxqqB3xc1UHBXahfkQ2vJgCFZYa1EGxMJxjL8aMv8hByZ+aKeCiyVhkl3RLV+snHlxqBMGRBPGR8kjKEXQ0sKCVkcurqvyMEOrgO+7jIYhmdN3nj2jeswoYsyDXmopHqDNJvSu9lbaW2Cr6W5Km X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(3023799003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1TmzJpbSXKjXTSC1euq3fKDSjNjFiE5+1oHbFYwBkUmWEVChL4zbTi2qzGjj?= =?us-ascii?Q?LbEtSSHiS/uGghDQ1R8v8PiV4uAl52fvzGtlDOPKwX5LwpI+SdNy5SsaTsJe?= =?us-ascii?Q?eGFXzd9MGV5W22RAeWguEdz3Kofaf5Dr1NurRho8Ag1UesFO3wizzppFjOkr?= =?us-ascii?Q?mEcztkSwzlH9Gst7IAscjZvKGRKrat/fy1EgEArMc0gId8t23q4oHmIbtIKA?= =?us-ascii?Q?mhuEo6CO2CqaDKB16jRdRqYN66mrSom0YMBRY6N/NOGLNy1do55IIvfnlMNQ?= =?us-ascii?Q?fiMRCBuHGgplKrFmMgvdbiAgDf4y86TZeHmtbE0QcoalAS6t/9CR9V7NFhs2?= =?us-ascii?Q?l4Pk5n/QGQ76RXKe5BaSpYkjh/v1y6Ji9DPNCCE0oUnSPCutuuIEmghdjclo?= =?us-ascii?Q?TuRJvaevy/gIj2UP+mydXKiXsSn/yenKmK2s4oaEDGesWH9EwoJvwJCUF6NR?= =?us-ascii?Q?Y62hZKEue61y38nzzizqu/ct0wYiXRhM08Hgzzd8QjF98NXx8sqW5/HOkaOY?= =?us-ascii?Q?hII6i5q68MWjXoGOfazvkH3gXNX+qSWDeuIUoRm17jlWCON298wuTXbNjZvg?= =?us-ascii?Q?0vg4kocY4XKhtiAUMCFgfoZhaP8xjSC8YFZ18T4KgivTIPzMX+XhLFOMI2lE?= =?us-ascii?Q?EjWQtBYydDVIMb2a9yeZaU1oX45KUG+JYw4eZAoqCr/y2wBiZ7A7OERYUZ5H?= =?us-ascii?Q?yEB/ddC/DDSrgzMZkdqgrRPHV4Aw5namRSpmTciWdIVfePBO4b3XLBKwHxSs?= =?us-ascii?Q?xRa9kOpZxhCdATcMMXA04OWEQQ7+cAEXCH+IJ9n0mUiCRiFWqCNXKRuRQfSC?= =?us-ascii?Q?iP2965Pii0Aj63CuBsLS04o6SSlIvY6+ZeiWALVZTFqigaa5qSMjp8HIcTtm?= =?us-ascii?Q?ADIy32Bj9IMQTocHB/yPZWGuQeoTNvKLtBZe+EwLv0tdjHO5L7BUddXwMbf8?= =?us-ascii?Q?5S3duTHG04GeWaLg3NHmTVwVC8tKTyAwzLSrSzR1lYL92KYJNPBVTGdqKE1j?= =?us-ascii?Q?FPGxOnBm3tVhWyPu9T/4Pka7l3vXBtb3AVq1TBNLXlIL3oXThbmFCwPEbxSS?= =?us-ascii?Q?FHgqlMMLOHzZ+yYuTlbcqa7xivCqivMTjHwfgNUp8TOOzFaemlhZL7L9O8av?= =?us-ascii?Q?SL0WXjhGRLxlOV0RVriHhy5Nv42W/+xpQuDARMcnxrdwcEs2gVE7aA7qtX2i?= =?us-ascii?Q?XggeGia70bvB/F9z5b2qUeSvRXJMyB2QAod9iV3QGUt5wNy6EilrOa2+66T1?= =?us-ascii?Q?eV307le+48yue/0754eO8letHWAOXxN9NyThlq2bFuAYrfXM8dNjCPZ0nELO?= =?us-ascii?Q?Qz4Q5udw52kNT8cIyeYs04je0ARpT+tMdZYN0BZQ3zcaC3bUcDqJl1KzE3ab?= =?us-ascii?Q?dZgQr5iOYVLhZOABicGwpuquTZCAd8K85y3HhcvK48aewXxowz1Q3wGCmZTZ?= =?us-ascii?Q?tDqNB7bIe0GlXBdipqsJb/y1s+wWnogKKEGcuB4fj8zNj5/vpZGMXjtPtcM+?= =?us-ascii?Q?196Erg1KBOZbftqXPewyNIZTcmNjf8DvmKVZf8LYiYMuH4wDXr8/nwoqgdDX?= =?us-ascii?Q?1JxWrPM2s1b/tny0RwdPsGWN3P0ICmSLOHMHwY7DKi4uIXHvRtoRLBtmmEd/?= =?us-ascii?Q?Z0tyAl7GHdfLhWQWRFj2mrRtoLruPyqGnq7ngM4HHBtu8QGrQ7KYbsLLlmf/?= =?us-ascii?Q?0BBpPP06UtzbyArFRY6tRIA0lPXRhGtAVqatH2Lk0T3FI5YKW6AkD9wt8O7b?= =?us-ascii?Q?puTOoYoj5cn2X1zj9UP57WWmHNMRdp6n6foyw4FU+i6unmiAF7Cq?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: e7b2df52-2116-46b7-47cf-08deb237a16b X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:33.4860 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fWJX4PNgNnE8pIFC2EfpPAEqrDSr5j/1uJl6p+6iMhtMBr9RaIllisFo+4Kkx+r7hxxb5bfwzio9e8Clq8qm+A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818122-E1B9E443-EA4EBE55/0/0 X-purgate-type: clean X-purgate-size: 7058 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818324644158500 Content-Type: text/plain; charset="utf-8" Allow the Arm MMIO emulator to use a caller-provided register backend. Realm exits carry GPR state in RecRun, not in guest_cpu_user_regs(). Signed-off-by: Koichiro Den --- xen/arch/arm/include/asm/mmio.h | 11 ++++ xen/arch/arm/io.c | 99 +++++++++++++++++++++++++-------- 2 files changed, 88 insertions(+), 22 deletions(-) diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmi= o.h index b22cfdac5be9..b8a640dc6ee7 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -62,6 +62,14 @@ typedef int (*mmio_read_t)(struct vcpu *v, mmio_info_t *= info, typedef int (*mmio_write_t)(struct vcpu *v, mmio_info_t *info, register_t r, void *priv); =20 +typedef register_t (*mmio_reg_read_t)(void *ctxt, int reg); +typedef void (*mmio_reg_write_t)(void *ctxt, int reg, register_t value); + +struct mmio_regops { + mmio_reg_read_t read; + mmio_reg_write_t write; +}; + struct mmio_handler_ops { mmio_read_t read; mmio_write_t write; @@ -83,6 +91,9 @@ struct vmmio { =20 enum io_state try_handle_mmio(struct cpu_user_regs *regs, mmio_info_t *info); +enum io_state try_handle_mmio_regops(struct vcpu *v, mmio_info_t *info, + const struct mmio_regops *regops, + void *ctxt); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 9707cadcf80e..9ce9fe1c1528 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -47,12 +47,36 @@ static const struct mmio_handler unmapped_handler =3D { .ops =3D &unmapped_ops }; =20 +struct mmio_guest_regs { + struct cpu_user_regs *regs; +}; + +static register_t mmio_guest_read_reg(void *ctxt, int reg) +{ + struct mmio_guest_regs *guest =3D ctxt; + + return get_user_reg(guest->regs, reg); +} + +static void mmio_guest_write_reg(void *ctxt, int reg, register_t value) +{ + struct mmio_guest_regs *guest =3D ctxt; + + set_user_reg(guest->regs, reg, value); +} + +static const struct mmio_regops mmio_guest_regops =3D { + .read =3D mmio_guest_read_reg, + .write =3D mmio_guest_write_reg, +}; + static enum io_state handle_read(const struct mmio_handler *handler, struct vcpu *v, - mmio_info_t *info) + mmio_info_t *info, + const struct mmio_regops *regops, + void *ctxt) { const struct hsr_dabt dabt =3D info->dabt; - struct cpu_user_regs *regs =3D guest_cpu_user_regs(); /* * Initialize to zero to avoid leaking data if there is an * implementation error in the emulation (such as not correctly @@ -66,22 +90,24 @@ static enum io_state handle_read(const struct mmio_hand= ler *handler, ASSERT((r & ~GENMASK((1U << info->dabt.size) * 8 - 1, 0)) =3D=3D 0); =20 r =3D sign_extend(dabt, r); - - set_user_reg(regs, dabt.reg, r); + regops->write(ctxt, dabt.reg, r); =20 return IO_HANDLED; } =20 static enum io_state handle_write(const struct mmio_handler *handler, struct vcpu *v, - mmio_info_t *info) + mmio_info_t *info, + const struct mmio_regops *regops, + void *ctxt) { const struct hsr_dabt dabt =3D info->dabt; - struct cpu_user_regs *regs =3D guest_cpu_user_regs(); + register_t value; int ret; =20 - ret =3D handler->ops->write(v, info, get_user_reg(regs, dabt.reg), - handler->priv); + value =3D regops->read(ctxt, dabt.reg); + ret =3D handler->ops->write(v, info, value, handler->priv); + return ret ? IO_HANDLED : IO_ABORT; } =20 @@ -183,10 +209,13 @@ void try_decode_instruction(const struct cpu_user_reg= s *regs, } } =20 -enum io_state try_handle_mmio(struct cpu_user_regs *regs, - mmio_info_t *info) +static enum io_state __try_handle_mmio(struct vcpu *v, + struct cpu_user_regs *regs, + mmio_info_t *info, + const struct mmio_regops *regops, + void *ctxt, + bool allow_ioreq) { - struct vcpu *v =3D current; const struct mmio_handler *handler =3D NULL; int rc; =20 @@ -202,17 +231,22 @@ enum io_state try_handle_mmio(struct cpu_user_regs *r= egs, if ( !handler ) { bool trap_unmapped =3D v->domain->options & - XEN_DOMCTL_CDF_trap_unmapped_acce= sses; - rc =3D try_fwd_ioserv(regs, v, info); - if ( rc =3D=3D IO_HANDLED ) - return handle_ioserv(regs, v); - else if ( rc =3D=3D IO_UNHANDLED && !trap_unmapped ) + XEN_DOMCTL_CDF_trap_unmapped_accesses; + + if ( allow_ioreq ) { - /* Fallback to the unmapped handler. */ - handler =3D &unmapped_handler; - } else { - return rc; + rc =3D try_fwd_ioserv(regs, v, info); + if ( rc =3D=3D IO_HANDLED ) + return handle_ioserv(regs, v); + else if ( rc !=3D IO_UNHANDLED ) + return rc; } + + if ( trap_unmapped ) + return IO_UNHANDLED; + + /* Fallback to the unmapped handler. */ + handler =3D &unmapped_handler; } =20 /* @@ -228,9 +262,30 @@ enum io_state try_handle_mmio(struct cpu_user_regs *re= gs, * instruction on the emulated MMIO region. */ if ( info->dabt.write ) - return handle_write(handler, v, info); + return handle_write(handler, v, info, regops, ctxt); else - return handle_read(handler, v, info); + return handle_read(handler, v, info, regops, ctxt); +} + +enum io_state try_handle_mmio(struct cpu_user_regs *regs, + mmio_info_t *info) +{ + struct mmio_guest_regs guest =3D { .regs =3D regs }; + + return __try_handle_mmio(current, regs, info, &mmio_guest_regops, + &guest, true); +} + +enum io_state try_handle_mmio_regops(struct vcpu *v, mmio_info_t *info, + const struct mmio_regops *regops, + void *ctxt) +{ + ASSERT(v !=3D NULL); + ASSERT(regops !=3D NULL); + ASSERT(regops->read !=3D NULL); + ASSERT(regops->write !=3D NULL); + + return __try_handle_mmio(v, NULL, info, regops, ctxt, false); } =20 void register_mmio_handler(struct domain *d, --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818315665272.2796627227916; Thu, 14 May 2026 21:11:55 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309425.1580478 (Exim 4.92) (envelope-from ) id 1wNjtq-0000gK-1U; Fri, 15 May 2026 04:11:46 +0000 Received: by outflank-mailman (output) from mailman id 1309425.1580478; Fri, 15 May 2026 04:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtp-0000ev-PH; Fri, 15 May 2026 04:11:45 +0000 Received: by outflank-mailman (input) for mailman id 1309425; Fri, 15 May 2026 04:11:44 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjto-0000bb-HW for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:44 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtn-0052Iz-Tf for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:43 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-e002-0a2a0a5209dd-0a2a4505a2ee-14 for ; Fri, 15 May 2026 06:11:43 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-5 for ; Fri, 15 May 2026 06:08:43 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:37 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hV4TBptnBiCzJUrB1fasuOyHhNIyKBFECzOs3LNB0wFiW83XcDCSzT4FenO4ApQgPjxlHHsyPrA7AXHcRNwn7vmmmemqTbLdl1vS2uFfWMWWxDyOz3QGWgQ58u6BuwRDzhwvg4XiN9B+t10uSvZwepClL3aiwrkMg4i+DqH2c0jjt0X1xOUVV5YHfpJ3u3rNG3NpiTdayCTpJi15VuuEqEPwHHYAL7lApsUOVaKZqz0ltWiVz1JtroLU2tAYgqUlchb3Sua2ec5I1XHW3NH7WXERS+ggRI7skkn8+ftMPNT2t/aay+Z7iJw78yP0EL8q06h9hp3oJdvs0h4TEAeLMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QH/Emp4HZ6BP+ThWjVFWJsY+2Jm00dCee5sOCsxZDxM=; b=HoV2KraGX6XYkEKsbMqp+9uJKfijW0pJ/eoAo+uRT44e1xjXwrTu+u/Yo3iLbz2IrohXV1mZiBUaO1x8CHrr663nyca1EE3jF16HdX5R+4uCyrC1P/tjMuwVDzxd4rlK1XLr6MArtvZtqqiLHYowIzQN23mLt2EBTKf8Z8XFkg6mnwNyoV4zDSazKkChxoAzP6tyBREilkQUc2IXyIMD+SCXGNzqQQtBRk5gVCjOeoAd0BgKn2PpGpcMwcFyWIyUOLTh0Oly8RL/d1v8If0B/hfAGsT5sf4KCJAmX/w11vYNL5AqpATNHTXXxN+DFKfuNd2ZOWfTneCZ967mGGFfsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QH/Emp4HZ6BP+ThWjVFWJsY+2Jm00dCee5sOCsxZDxM=; b=Y2XVeinyCusV5avue0SdEG1urTExWQef7YGcvZb5eUaip9mQ0YCGoCkrNgBf9rPXqHYG/MRfGbgR2RB8rR0H/g/eX73ttDrCErBarxNlNaF7oGaldrVuDeqdITRW4isLZii/ETAOLato+A/XrdohoZNxcGCwt9VNwwKKUu1HyMU= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 20/26] xen/arm: vgic-v3: expose SGI emulation for Realm exits Date: Fri, 15 May 2026 13:08:06 +0900 Message-ID: <20260515040812.983626-21-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYWPR01CA0029.jpnprd01.prod.outlook.com (2603:1096:400:aa::16) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: 0293b620-bc8c-45d9-6c2d-08deb237a1e9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: GAG8KGIGJTpDEnRNnRRgv00XBAmHdt5mVEPR2gaRvwmsHsDM6cmYNihfDLRasOV6yZEPrSQZTHCwHR1m3dwHI54LKIHSBV7KSldfc5on3+lABBQaM6Zgb0QK0qDYlCYXu3+r/CXW+gwhw6wBpAvYLVs5oi2hJOwB9lHFAp6garf5iOpI/kDOu9A4s07eys5+fOpYO1541mI82AWcYRf2fR9l5PVEQpQ80fvtgC5K1DYOyGnGeYztGJ5jf3PbBqyn1jJd98xMf3GnYbKMK8ZTzPGuMcls6E1O7wkMnu17AI4FDVRJKOqmGRwzjzGiPiZ4gX5ZPtyShvL9SsgJhfPpZ7ZbaEWUlZqFK0rG6SHwjYm8FBAPTM8ocKPQDaCDsbCP0uVudXr2NfaekJj7txu/u44m+kXqyfIUibjiVqXabge+Gj0I1JcweTZCVLtRn8y5OOn/QsSovSIi81fivypQXhLbzUrSg4Xu8bS+9nvKnOdZseTHiM8uno5JjDeocBlT+69aaJZuqBC+EWwsj1EmsC67Dl4eulnNm/nVVlJjDPT4T2P7i03NLN5ZuMmHXN+MY1vGRSM/LlpuDgePbZmOBW5rHZHw20cB2qIXXkv8QS8X09ExeT1DPs4m6+MhfHUS/Rt5mDMOd7o/N5ltt5+AjsdQa5s43YymE+mRrqLWxFtM2u2wjbnhgLFYPVmczjUQ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?YXFwR5PEeoZfAv3EoWrcsQ2z46kyMl4LsAe95MkinpryzD1WbkjmCsjGPXQm?= =?us-ascii?Q?STIklTx/YG52vKLoP6affWjqylA6XU6JhUnTXVaGb9aFi3DJF4Wo+k0tXEaE?= =?us-ascii?Q?Eaj0NZqVMrwsXP0yJe7uVKbOZT1+EDoS2qgNlNJGpY6RJpNXxWoOSTj0VS9l?= =?us-ascii?Q?VrFPQVjJ2Xu1rZuKhOQ6556Q87tZwMDOu8syAti29lt5vLJvkhiFJ6kGyLf8?= =?us-ascii?Q?A7pnIzKO2Wyx0SujNS7jKkhDLdjUSY2lB0QEpVhNeM2J339cJJPp1vbnKFl2?= =?us-ascii?Q?E599D16m7aW/9pwt0++d5c3/p1G7LKhXTFJ0BMh48yZ6qG8FHSqmRf8+hRDv?= =?us-ascii?Q?hRGnTxwdIucf4VSbQZfp3jwkMhXd9S5BqUPhswx/uAIVxKR31n+v05ChnIKz?= =?us-ascii?Q?MDsMveFuYmNTicABKCZc1FzH/W7zooL+lADiWa23fmRv/OrkJumgo2CskxpA?= =?us-ascii?Q?UKVOPVQ+gJee0WXv9xzszPSQY7RoOn3Sk4IDX93jwsOyHB9ze+PQTfSH6OHj?= =?us-ascii?Q?pW3ANlAWCNsNX+nvaUKLITWuEABxVUNGGHrhW/2/0sIoYDdfa4wfR1nDxUC9?= =?us-ascii?Q?PNrXCiuqk/5z3xWdjWS7Uv9hUjlBLvlFEIXQH2DGJfso2jNO8rPiTT9GtBCw?= =?us-ascii?Q?47BxHwbk7AeTLpsuy0REu9SkRdQ0w5zxKjIFERA5r6FprfE2VCCPGe7vlYZH?= =?us-ascii?Q?CGm8VWlf2ZR7rNuRsFDSFIn2crtOK3Fs6vcjnaJTlnANINaZHeQtk2fzchsy?= =?us-ascii?Q?kBFf8RYTcgpgCrggeE7NOY9fBinM2uZHvWWRBGOdBH3PvkhlKSbzTD4QdrxE?= =?us-ascii?Q?C2Qq5ww37R6BzhdngZHKgrWNtczSK5gCQEd+yXeNgEvYJx7AhfoDmGT7Zk7J?= =?us-ascii?Q?+fF2dh8fnvtAgMWFrMOftnAfwvURKzMXCDWGnGeJRHtKN6RBg0Rfgz80L7p9?= =?us-ascii?Q?sBLoH5VgayyMx0AUzyZAHsKmOVAq69DEDhuB2R1ew1qBnMyS8CJhsTrqsbcy?= =?us-ascii?Q?O8lAiYD+sxvqNxAQzareKiEcOnSofmogPAdpzuKrPNF9wPnM4mqLXHTMWpAj?= =?us-ascii?Q?xiNrZt+c+yXF0n9M9kShjGY0XWE/JXwuaEEDdto+8lsBYdbTHSVnaqXgkFYl?= =?us-ascii?Q?t8mJ/0120CvPFtRA0aB4H6wykpcu4Ecme0nzIdFYKVaLjO8mT8/KIhX2FOrO?= =?us-ascii?Q?awOZnp02HomWyQbzpWDL5HoZyPTq3a/ntGwkicV1Ao2tCjre8KhZdQJKOz9v?= =?us-ascii?Q?Rt5yzVDRSWLbeG+el97/XkCzarIqcPvh4Pj0au2GhlZkwz8P+oy7i2vDIZZx?= =?us-ascii?Q?wZBtmqYBXQCoM6Kn5+cf53rjjhMTpe2eoSo4PKDYAWcf8GZuUnn9kLD90Ryi?= =?us-ascii?Q?MOOGaAIF/yKaefEgEoPlJJHZcaPjmjdcXkHtSQT9dlSGIiSEH4L1obyWrFYM?= =?us-ascii?Q?/2LmfWzdmkzlW14DAm8jYz+ZSeic0FzQOoyhoemsmBGpAx1O7V3BgRWRL6d/?= =?us-ascii?Q?59u+rpAj1Zype6oUUluID5aLucBRoz138aTRfFDFs2VwTAZLlMAJ/Evz284d?= =?us-ascii?Q?TFBruFIp62bFKVWh17gouqk22XOCjmCLP2T6tVcVwUXpP6ceR2sNJiCrf+q3?= =?us-ascii?Q?eCmvz2Dhh82Bmn7xHODa4d0xqEjC+ziD73og+VGVJ/rAIsL8Nkt3BKKpKylv?= =?us-ascii?Q?yjp+7OSZbdakvU6ldW7f/4Ux327VvNH2PCFPEH+cCR/aXT0p2AHEK9StwCf0?= =?us-ascii?Q?R533yNbAR0tX2OAGw4VcGyAu6av1l2ti2zaR6Oxp9Ob2/+QFXQrm?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 0293b620-bc8c-45d9-6c2d-08deb237a1e9 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:34.3280 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oEfr0lw8U6q+m9vAAVT0iGQRXgZ7UAxpfZi8MPghvTY01Xm1d38JWzKXpjutDsvzd5jNjJ60SIJfzuJe0IAKsA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818123-D3563443-3D2CE936/0/0 X-purgate-type: clean X-purgate-size: 2012 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818316273158500 Content-Type: text/plain; charset="utf-8" Expose the GICv3 SGI decoder so Realm sysreg exits can reuse Xen's normal ICC_SGI1R_EL1 handling. Signed-off-by: Koichiro Den --- xen/arch/arm/include/asm/vgic.h | 10 ++++++++++ xen/arch/arm/vgic-v3.c | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/include/asm/vgic.h b/xen/arch/arm/include/asm/vgi= c.h index 6f9ab1c98c1c..93f5e3ba40fc 100644 --- a/xen/arch/arm/include/asm/vgic.h +++ b/xen/arch/arm/include/asm/vgic.h @@ -336,6 +336,9 @@ extern void vgic_set_irqs_pending(struct vcpu *v, uint3= 2_t r, extern void register_vgic_ops(struct domain *d, const struct vgic_ops *ops= ); int vgic_v2_init(struct domain *d, unsigned int *mmio_count); int vgic_v3_init(struct domain *d, unsigned int *mmio_count); +#ifdef CONFIG_GICV3 +bool vgic_v3_to_sgi(struct vcpu *v, uint64_t sgir); +#endif =20 extern bool vgic_to_sgi(struct vcpu *v, register_t sgir, enum gic_sgi_mode irqmode, int virq, @@ -346,6 +349,13 @@ extern void vgic_check_inflight_irqs_pending(struct vc= pu *v, =20 #endif /* !CONFIG_NEW_VGIC */ =20 +#if defined(CONFIG_NEW_VGIC) || !defined(CONFIG_GICV3) +static inline bool vgic_v3_to_sgi(struct vcpu *v, uint64_t sgir) +{ + return false; +} +#endif + /*** Common VGIC functions used by Xen arch code ****/ =20 /* diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 77517c303061..9cb1495bba97 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -1600,13 +1600,15 @@ write_reserved: return 1; } =20 -static bool vgic_v3_to_sgi(struct vcpu *v, uint64_t sgir) +bool vgic_v3_to_sgi(struct vcpu *v, uint64_t sgir) { int virq; int irqmode; enum gic_sgi_mode sgi_mode; struct sgi_target target; =20 + ASSERT(v =3D=3D current); + sgi_target_init(&target); irqmode =3D (sgir >> ICH_SGI_IRQMODE_SHIFT) & ICH_SGI_IRQMODE_MASK; virq =3D (sgir >> ICH_SGI_IRQ_SHIFT ) & ICH_SGI_IRQ_MASK; --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818387802256.1636824866538; Thu, 14 May 2026 21:13:07 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309494.1580582 (Exim 4.92) (envelope-from ) id 1wNjum-0005X5-1p; Fri, 15 May 2026 04:12:44 +0000 Received: by outflank-mailman (output) from mailman id 1309494.1580582; Fri, 15 May 2026 04:12:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjul-0005We-Tb; Fri, 15 May 2026 04:12:43 +0000 Received: by outflank-mailman (input) for mailman id 1309494; Fri, 15 May 2026 04:12:42 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjuk-0005Ho-Hl for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:12:42 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjuj-0052Pz-U0 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:12:41 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069d1c-e002-0a2a0a5209dd-0a2a4505c714-18 for ; Fri, 15 May 2026 06:12:41 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-3 for ; Fri, 15 May 2026 06:08:41 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:37 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HA06MtBcnpkwE0Cqf2kjqUkO/DvAm2x3nhmIe+AMCI0v7Thz8LUADuRv7z18pWHuPDXsEHFXs2gQDKAERXCDlq/GGvKA7PRxdp3h8s5/fpJioH6T7twL5T/r5f6lIgedMUAypzLnzl3YZCEV4SSGlNZS+w2C0FHLkExE6W5HQdOaIcITegPYtoSOs/HlNH+7HJfY3NO61YPIxyWKDoxOMAscww6+czkY4KGrniIsXhwgZw9Mfju5mR//vOzShUFv7G+f6flkvLPGi6q/CHZhw1qZmGlFBUCMmlGxzlq6VpjgQzu0eW+KJjBk5YXnlkbReJaOydTgGAJ2cFGdHBYvXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S1HxX8zYRrTCNBvxhpZ+y28N68FN7W38vZ7TVisM/bg=; b=BfnGHp5+NGIW/3h41SWaBuhVNDgsWFtVh0q6uE0C7iZJyYekKPMTFUANsCO8H3LozPN6kZwcQhYgT/wV1mM1mg4rgw90xzja1IL10UcDCSjmTImQf0qSrw3EV5dSpbPa+18Bg9lRUhpO36bFjrFnFE8L2n9hWHkhZKQhZzTO3h6PCR8/smRZkWDMRS5VRZCpvg7xg4j68c4K4KdB9l+UuTDVPOir87tsvYpp4lGkk5hrwgZu/JckICeCnwjv8SpYnAaZGjQi0wfgRxyVp+2PvnXzWmNeVNlUY+8qYoCjZBfd14EQDt3HeASCYC6twyY66yc6ls92eZhUTFmcOGMc+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1HxX8zYRrTCNBvxhpZ+y28N68FN7W38vZ7TVisM/bg=; b=eVwsUKKXGQdWMYenem0IMSMvCQvBmh1ubaNwo67gQuPnuax6gSDRdxWJnhrRaGlSvSnR9i4lA65u324G/MBo1sUs2hDZkGuSvJ88OEVtrYd26uCQwDl8D54UVXd6JPItRdfL/lu/BRoh1q41zTsWBwoUHw80GTJENu0+IPcPnEg= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 21/26] xen/arm/cca: add Realm vCPU timer state Date: Fri, 15 May 2026 13:08:07 +0900 Message-ID: <20260515040812.983626-22-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0199.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:385::17) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: b07babc4-817c-4a47-4075-08deb237a25e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: gCxWD0qqo83L5Ufb2aAHhhXJw0kiaYADHGww+IabmlnXTxhy3aVL4CQ1WY6Cr+sj4MpjQc+1zB0bC4cneapY/64uqg053ohGQppVd6n5Fvh/Wk3dRIP//CZNnyyAxHH/k6YEStx77USHkrzjkX1AmGeDQQoNbySs1inVMZOe34GxkCQL87JXqnobZVt+uVBDHiI8q+XZiEziRvWehquITQBVXxuF3KPy1t0azSJ+G+y6JP3WKYVAqs5SDiJ95VM8D+7Bt1XDfu93jY69B15pb6lDnQbAY8hVbdLOMEAIkpNVESfQ+aplFegzQ4AqGNbiFBURZFnHox/dc5qIG4wFTv5A/2yZUneAdKm4gja68Sedmb305RKKSiwWJej/PrdryjxH+sHlMnNPjDODbc4V11B3X7ZgDTGFFJY1eeZecemg6BUbVutnE0SnK4B4REWsXY6tOPrXmgyHTWh0Mg8a384VRf8krMNkJb5l5qc880uAp8C9n77+QiGLi2KHmkHE8Q4S3O6rDn6x5p4krd8xjPZUSbbl22R/8IJd+sxzqMzMygnCYix8ScznIGSGutnatvUpfQHNv0IUWJcKxyRbtZVIgi68Z1jchW/WblCQJZ+4UBZbj5vtEEIb3gNksx7AONj+mp+97ZPpywhiM5tC3lbNUaBXDC1FB1r9X85UHKM9HDR/EKH+UevJ9sMwxjcZ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?DugzqyTVf8ARuSvcvzjrMgw+T33dx7qJzt6Py7SMbbXBVcGPYG7J1mmBiueh?= =?us-ascii?Q?kE0n6wvB0h8rjri8V5oo1mWrlVy0nrGtC6079oXB9pGVZO/LLayYAU1YGazM?= =?us-ascii?Q?2FCmOKe825TelE4eBMRJTFGB5EynNpbmD8VZgV4JQpZgzdp6gQLBn0a1wdPQ?= =?us-ascii?Q?SoqO1tkIWTj8gmjxSxucQyrissJOSGzzh+Be3G3kFp0GmJiu+O2aFvmiIm3m?= =?us-ascii?Q?LRz1CqzX+lZW0rfGX2PVBwJPekiGix/amiMyOBKxxAUZb2LdXgPe4MacQBnp?= =?us-ascii?Q?Gisq2GElWWhB/iWaXbAlnOajn4gQeuyr9qA987u7llHxHF62nISVRYuy6Z2+?= =?us-ascii?Q?ga7e31eqUjl3yQ4Zo1qSKRdKfaUOt4oGV0P436+G8gjPiDXnjUNzW9JLoLDE?= =?us-ascii?Q?NhI3mG+apc0XTR45ZxAunGwnJcfh1VScnJ7noEyl07M93i7zM37zcSZc3+IG?= =?us-ascii?Q?mQCltgINoOUEfAi6mfUDjLH3YV1/aHd7u2th5C6qie/52k6eXst7CkOxUa6f?= =?us-ascii?Q?T3MdB7hsDYJ2ZZ3pGzAIIvE0JpqqmvjTbgvQjTgGCZZPegIjqwYvhz8PKMVm?= =?us-ascii?Q?wOykq/l085MHCJOZiolfXVS8iL5bZg3vZuIgpXovk+J4Of5jJtgoKrh5/34+?= =?us-ascii?Q?VkLMxnvNbiD/vXvg86qIetvPMFifewHlx8PKVRr0kI/2C2H/qXU0ABXQvWQm?= =?us-ascii?Q?hAkrpFwbD91NNI88N7qraL94A+9fzVm1P4xqu5D3/eHS8JLmyCz9hjOxbdmh?= =?us-ascii?Q?fymhNEh1p22FzNH512olapgXUVzXcSmeqg6UJ3lahlx5OcujPl9Wi0oC6ZJB?= =?us-ascii?Q?n67NZ4Pu3uDfwDA7CpI9ceJNpf5zs52aed76JFo/BxANoI9v24kYhzVUHlWY?= =?us-ascii?Q?bx+7qv6qz8b2SBCYOUW74wnJIcGi9omen8oBhylZiLGVjbgorH+dd5o5HkX/?= =?us-ascii?Q?ff4YhJYbuhtF99OOS8/OdHf5evHgJbv9cdzCDxwlZqVjP7xdx4XVH3wmScER?= =?us-ascii?Q?B1czQQJvQrnVQYScy96AZ9ulhSFKt5ucZdNlqlomswrL/tzF02hOWzJil1gR?= =?us-ascii?Q?IBVr9CbA9BeV+C+5woub5Y1RZOy7759ezzlSzoxv8aRUDUHPtXdhma/ySb7D?= =?us-ascii?Q?WilmIFHIZ0FLcP4JG02woNoVu4EtMODglYDP0gZOx4r+BAnDArAbvONeAHQy?= =?us-ascii?Q?4gCBg1348h3Nx9Dk0iTx1ImT8+zk1zwBrHf14fI/Qz5swCzM/EZenlqTTK4c?= =?us-ascii?Q?6l6uQ0VzYfanHqClLYukmyE5yUpKBoZrdFKsqCbYi3nrO5CaDmfW4JI2UJnX?= =?us-ascii?Q?peHbY9lbuDtxz8OXrkTJnmwCgL8UQwyyO8wetf3C6QMJQKbXhqKsLI37zO6S?= =?us-ascii?Q?VbehUiTpwCvS/Ylhaeetg4H8Z7ODMEsRCDaIE3o6sSy6L2R1/Df5lN3+s1cr?= =?us-ascii?Q?JReMLNsPr1kXEWua9tOIAm2YBj8XJz/f21z+YU+veMYeAvSP9XjJw5C98xyQ?= =?us-ascii?Q?ltNdF3P0HsYPNVyuG6vjtdqDwmiavcP3J09m1fMCNyhg0CZZw2u++s/exxBf?= =?us-ascii?Q?I69NYU3RxZ/lVybZ0Rjl1uFViVdU+ylAzc7jagpoKRBrwebHiMznM2jDQfDV?= =?us-ascii?Q?lT1pS6daKOUPWPqYBCkrU7YN+yKwCOIVVAotGO2yv+Nhvk9VTHB8cmcCQ9FG?= =?us-ascii?Q?0QGivBQnbN8mG4iTtsemrvpyIoBp1jdve68r1C62BFD5UPAKH7qtv9rxG+ww?= =?us-ascii?Q?w8FPe2Vha960e+u84OdBwJRO4nd641ZumldBejPATExUMG1n/8Uc?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: b07babc4-817c-4a47-4075-08deb237a25e X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:35.0998 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7KsTTGNOggb+QQLG0E6/tx8aQQkyD5iaqdN++L8oieSOfwqg32OC6OhPjrJ1vN85owwjO3/9B9rfTLTPw3YMVA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818121-D8979443-C291BDD8/13/0 X-purgate-type: clean X-purgate-size: 7100 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818388665158500 Content-Type: text/plain; charset="utf-8" Keep Realm timer state separate from the normal guest timer registers. The RMM reports timer snapshots on REC exit. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/Makefile | 1 + xen/arch/arm/cca/build.c | 10 +++- xen/arch/arm/cca/rec.c | 90 ++++++++++++++++++++++++++++++++++ xen/arch/arm/cca/state.c | 3 ++ xen/arch/arm/domain.c | 6 ++- xen/arch/arm/include/asm/cca.h | 5 ++ 6 files changed, 112 insertions(+), 3 deletions(-) create mode 100644 xen/arch/arm/cca/rec.c diff --git a/xen/arch/arm/cca/Makefile b/xen/arch/arm/cca/Makefile index 0e66280012b7..b473132c1a67 100644 --- a/xen/arch/arm/cca/Makefile +++ b/xen/arch/arm/cca/Makefile @@ -4,3 +4,4 @@ obj-y +=3D rmi.o obj-y +=3D sro.o obj-y +=3D state.o obj-y +=3D build.o +obj-y +=3D rec.o diff --git a/xen/arch/arm/cca/build.c b/xen/arch/arm/cca/build.c index 29eb0c6057b0..18e825eec83a 100644 --- a/xen/arch/arm/cca/build.c +++ b/xen/arch/arm/cca/build.c @@ -851,7 +851,7 @@ static int arm_cca_create_rec(struct domain *d, struct = vcpu *v, bool runnable, struct arm_cca_rmi_rec_params *params; struct page_info *rec_pg =3D NULL; struct page_info *params_pg =3D NULL; - bool rec_delegated =3D false, run_created =3D false; + bool rec_delegated =3D false, run_created =3D false, timers_created = =3D false; void *va; int rc =3D -ENOMEM; =20 @@ -872,6 +872,11 @@ static int arm_cca_create_rec(struct domain *d, struct= vcpu *v, bool runnable, run_created =3D true; } =20 + rc =3D arm_cca_vcpu_timer_init(v); + if ( rc !=3D 0 ) + goto out; + timers_created =3D true; + rc =3D arm_cca_delegate_granule(page_to_maddr(rec_pg)); if ( rc !=3D 0 ) goto out; @@ -913,6 +918,9 @@ out: if ( rc !=3D 0 && rec_pg ) arm_cca_free_or_abandon_build_page(d, rec_pg, rec_delegated); =20 + if ( rc !=3D 0 && timers_created ) + arm_cca_vcpu_timer_destroy(v); + if ( rc !=3D 0 && run_created ) { arm_cca_free_rec_run(v->arch.cca.run); diff --git a/xen/arch/arm/cca/rec.c b/xen/arch/arm/cca/rec.c new file mode 100644 index 000000000000..8314a7a45d95 --- /dev/null +++ b/xen/arch/arm/cca/rec.c @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include +#include + +#include +#include +#include + +struct arm_cca_timer { + struct vcpu *v; + unsigned int irq; + struct timer timer; + register_t ctl; + uint64_t cval; +}; + +struct arm_cca_vcpu_timers { + struct arm_cca_timer phys; + struct arm_cca_timer virt; + struct timer wfx; +}; + +static void arm_cca_timer_update_irq(struct arm_cca_timer *timer) +{ + register_t ctl =3D timer->ctl; + bool level; + + ctl &=3D (CNTx_CTL_ENABLE | CNTx_CTL_PENDING | CNTx_CTL_MASK); + level =3D (ctl =3D=3D (CNTx_CTL_ENABLE | CNTx_CTL_PENDING)); + + vgic_inject_irq(timer->v->domain, timer->v, timer->irq, level); +} + +static void arm_cca_timer_expired(void *data) +{ + struct arm_cca_timer *timer =3D data; + + timer->ctl |=3D CNTx_CTL_PENDING; + arm_cca_timer_update_irq(timer); +} + +static void arm_cca_wfx_timer_expired(void *data) +{ + vcpu_unblock(data); +} + +static void arm_cca_timer_init(struct vcpu *v, struct arm_cca_timer *timer, + unsigned int irq) +{ + init_timer(&timer->timer, arm_cca_timer_expired, timer, v->processor); + timer->v =3D v; + timer->irq =3D irq; + timer->ctl =3D 0; + timer->cval =3D 0; +} + +int arm_cca_vcpu_timer_init(struct vcpu *v) +{ + struct arm_cca_vcpu_timers *timers; + + ASSERT(!v->arch.cca.timers); + + timers =3D xzalloc(struct arm_cca_vcpu_timers); + if ( !timers ) + return -ENOMEM; + + v->arch.cca.timers =3D timers; + + arm_cca_timer_init(v, &timers->phys, GUEST_TIMER_PHYS_NS_PPI); + arm_cca_timer_init(v, &timers->virt, GUEST_TIMER_VIRT_PPI); + init_timer(&timers->wfx, arm_cca_wfx_timer_expired, v, v->processor); + + return 0; +} + +void arm_cca_vcpu_timer_destroy(struct vcpu *v) +{ + struct arm_cca_vcpu_timers *timers =3D v->arch.cca.timers; + + if ( !timers ) + return; + + kill_timer(&timers->phys.timer); + kill_timer(&timers->virt.timer); + kill_timer(&timers->wfx); + XFREE(v->arch.cca.timers); +} diff --git a/xen/arch/arm/cca/state.c b/xen/arch/arm/cca/state.c index d85a20a9e7d2..03e0d1d2382b 100644 --- a/xen/arch/arm/cca/state.c +++ b/xen/arch/arm/cca/state.c @@ -51,6 +51,7 @@ static void arm_cca_reset_vcpu_state(struct vcpu *v) v->arch.cca.rec =3D INVALID_PADDR; v->arch.cca.run =3D NULL; v->arch.cca.run_pa =3D INVALID_PADDR; + v->arch.cca.timers =3D NULL; v->arch.cca.rec_page =3D NULL; v->arch.cca.nr_aux =3D 0; =20 @@ -439,6 +440,8 @@ void arm_cca_vcpu_init(struct vcpu *v) =20 void arm_cca_vcpu_destroy(struct vcpu *v) { + arm_cca_vcpu_timer_destroy(v); + if ( v->arch.cca.run ) arm_cca_free_rec_run(v->arch.cca.run); =20 diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 2d9469f388c6..d2ee90248a44 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -113,7 +113,8 @@ static void ctxt_switch_from(struct vcpu *p) =20 /* Arch timer */ p->arch.cntkctl =3D READ_SYSREG(CNTKCTL_EL1); - virt_timer_save(p); + if ( !is_vcpu_realm(p) ) + virt_timer_save(p); =20 #ifdef CONFIG_ARM_32 p->arch.joscr =3D READ_CP32(JOSCR); @@ -265,7 +266,8 @@ static void ctxt_switch_to(struct vcpu *n) /* This is could trigger an hardware interrupt from the virtual * timer. The interrupt needs to be injected into the guest. */ WRITE_SYSREG(n->arch.cntkctl, CNTKCTL_EL1); - virt_timer_restore(n); + if ( !is_vcpu_realm(n) ) + virt_timer_restore(n); =20 WRITE_SYSREG(n->arch.mdcr_el2, MDCR_EL2); } diff --git a/xen/arch/arm/include/asm/cca.h b/xen/arch/arm/include/asm/cca.h index 5e6b11a3693d..323988b379ba 100644 --- a/xen/arch/arm/include/asm/cca.h +++ b/xen/arch/arm/include/asm/cca.h @@ -29,6 +29,7 @@ struct vcpu; struct arm_cca_rmi_realm_params; struct arm_cca_rmi_rec_params; struct arm_cca_rmi_rec_run; +struct arm_cca_vcpu_timers; struct page_info; =20 struct arm_cca_rtt_record { @@ -99,6 +100,8 @@ struct arm_cca_vcpu_state { void *run; paddr_t run_pa; =20 + struct arm_cca_vcpu_timers *timers; + struct page_info *rec_page; struct page_info *aux_pages[ARM_CCA_MAX_REC_AUX]; unsigned int nr_aux; @@ -114,6 +117,8 @@ int arm_cca_domain_finalize(struct domain *d, gfn_t bas= e_gfn, void arm_cca_vcpu_init(struct vcpu *v); void noreturn arm_cca_vcpu_run(struct vcpu *v); void arm_cca_vcpu_destroy(struct vcpu *v); +int arm_cca_vcpu_timer_init(struct vcpu *v); +void arm_cca_vcpu_timer_destroy(struct vcpu *v); =20 void *arm_cca_alloc_rec_run(void); void arm_cca_free_rec_run(void *run); --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 177881832723113.773188541497916; Thu, 14 May 2026 21:12:07 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309427.1580492 (Exim 4.92) (envelope-from ) id 1wNjtr-000137-8w; Fri, 15 May 2026 04:11:47 +0000 Received: by outflank-mailman (output) from mailman id 1309427.1580492; Fri, 15 May 2026 04:11:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtr-00012Z-1K; Fri, 15 May 2026 04:11:47 +0000 Received: by outflank-mailman (input) for mailman id 1309427; Fri, 15 May 2026 04:11:46 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtp-0000cR-HX for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:45 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjto-0052Iz-To for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:44 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-e002-0a2a0a5209dd-0a2a4505a2ee-16 for ; Fri, 15 May 2026 06:11:44 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-6 for ; Fri, 15 May 2026 06:08:44 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:38 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=efameixzV3YdFN2nHjhRRAOH5H4xfgb4WQ2AoAJyKC8q+1m3ptBVkOzjD03zgtJznD7jKMZ9yaVgnaaBbN4ah9KUqWIgnojfG+y/KkxmRbIYy5Q6rOFhcU+rjNI4qipvdq3CxKJZHEFFt6CzaSWwXKzUAXwQxz9wjh5qlD4o7tGKf9VnemBU+XkpTjqWOutxJBTM3QIVhXH+b0UfxpQT6PCKdA/Zg1rbA1EdlfOQlsQMR8JFEZ/TTSBuvkY1ovIynAFzaerlsxV1p+HAJwCX19TK/vwaeQehie4dHTNbNn6/7svmn1Ha0SyUawXsOpYG+L9eQiwNRlfXuU824v0FJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WZt2u209lxJwRTGsQreVWEB2rCTZ+thSoguR7zx4+Mw=; b=jXRttVjpvxTyf219O4xrYBUfZ8lHl3Fx/rPnFhwDV1E9lEWfPp2jvwGX5JYmDiZoHQesjUtSl9O+Ebq1HUTot+BI5fPeBrPhZEuytmtrW3lzUhIgfAQEcY1k3SLngQuqswdZdMr56+ql2/0dLvE+Lc04GYcM9/z8ncrTBw9U9kGTyrvJ9c/gd3/0TCVk5v5YgsyLsMzwLc4rjF+yCiWdfDlF6J1MJzt1nftVA1hROjKw/1yirbNWPh6nQaO8YbqEFR5ivpN2qpETEeP4C6Gk85LyPUXrUdZmjsE0Lu2E1/0Mc37XuPk5f219xoxdywhGacPqqrfNiPnaSATcINYN+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WZt2u209lxJwRTGsQreVWEB2rCTZ+thSoguR7zx4+Mw=; b=ZFCmTGG3gO6wGvuT9WMaeIGF9mjaYPRDTeMxxg04l1qk2i7qD6fQ9BBgMnGcsEgu9oCWoHDrE65jBemd4ZoxP2mYIkfwhq7Xkj5d5a4kQ7JO8iCwOd9nbO+1zhmXkloYmeRxqsrQQ1pxRrkpqNF4tiDCEwmbLmcTpXGJBGJoGaA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 22/26] xen/arm/cca: add Realm REC enter path Date: Fri, 15 May 2026 13:08:08 +0900 Message-ID: <20260515040812.983626-23-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0236.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c7::12) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: 29718a0d-624e-42b4-f1dd-08deb237a2d1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|3023799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: bopRT44LQqsNg23U5FdXaQZRE3fQ0y9lcr4G8M9Qo5yMUreTLmRDGEkISUkEh759PBRplMBq50aSkaH9fmI/kn1qZnG9ZM6yX2Fy/cs7a/4qPWUOdBdQUJzxWvFj76Gw9ijiKTYAh+bFa3SVxm8J8qegxdRcR32Ejkc5l/6VRLS1cIimru19K7vr+TGGonvCFtgmdvfbQ6J1Ys2dthrRKpuQ35i5i74ZpqsRDNpsr+JeU4lyIc63PQ5M0L/ZYUkvtJvqwvaecfBSaSl9z9QUJUuAtlsOyMOo0+PY9+mQjwOIjpW4NBODBOn77WtuoTIN+vujcJZE7N43oGHdUGYCcf02Fd3+Vur3ekhV+ZXHuDNyZ3k1sJjhmehnl4mhHDS4oKXFBUOMr6fd3U+pCyFXmOMSJU7S2cd0kHDoKq3ldllT8igJu0W7rayErXG8mXW2KCVe2TyB3tA5WcQmfVr/HfYQkw7I0vnoaHbblZsXsvXex5HS9ASEb2PcJRzUTH4OUYbsoNEv9Ipe8J3Z+t4rCAqXaHvwkIuexyTeWMlafxb8JuxuVEyabsSpXTyfwnZvjhYETNnPBxuMBRh3s+g155FgGgp+shRshOOIYrajQ3bdEZA5wNtcY6kEqZ13VS31gouvm+C7FVib9VZW4e0PCIj6F0iHaXF5VuY7I0EdndVCnGTaFCVIRzPBAEwoVzRf X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(3023799003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?9ckVzyc2dNMCdWnehXYETIQ4hV0gd8waLorXzy0YL2tzZH1Zz0VI4CJgEtu2?= =?us-ascii?Q?CJ3lLUaakIcSvgMw7UA3Ld8nERzeU6UQF9ywQiy5Zpn8rVsCcrZIcQFN7BSO?= =?us-ascii?Q?qhxq9avg3XG9RvxzQQkF8KmzH9vYcAt2k4ytB+5rf1JOLzBrnIo877Vvwy3I?= =?us-ascii?Q?X+NM5zceFXXip8Qz6bX4WRl2/fr+qqJpvimF+/eHLK3GKBj6lrQiqJy4o0oW?= =?us-ascii?Q?zVqjCMEaKIOK13KXecuCgAHTkiP04YAw9IgZ4cnhW09FET7CEVCqcjSMwXzG?= =?us-ascii?Q?orzsZUkSC7nF89ecMkNPqAOIIIXr7dXaGvSsZI/km+H98DN8dfcCx1EZdV8g?= =?us-ascii?Q?uMg/IuC38T24si1mBAGVJ1Rb75Ip2lF19ZYvY5xaZpYdjMWBNOmT0J1Gnx2H?= =?us-ascii?Q?jlNxE10gDSQtCjiZUN5urjkbOsmeBUrfcNeN60q8Aqxhu2QZ39R210DrkeT3?= =?us-ascii?Q?fpA/inI4dgvltDmf+C/3vbPmayBHGUJ+MZD0G9q19oLNVA0huBx3XOKR0qto?= =?us-ascii?Q?UGZ67OHe98FhllWHXRUFBDsYtdCFJdaXiTZZdw4pISFn2utyqROYBmkRL3yI?= =?us-ascii?Q?WAzauwzDukKFONcXkPVaGlvCKGVyGxbrMOxD5kOC6B0zKrteSpUiBg+R3dyA?= =?us-ascii?Q?XsYT8lCn4dDa36omsVvZue/j5+kYSUxl+rmLZuk06tgaz8J2bBY96ztN1w0P?= =?us-ascii?Q?4Ju1GoLvo7vkwyDuTceGK4NVIMc/+FAJrIky8rsG3UYs5WohOeZTcj8Oi+H+?= =?us-ascii?Q?RAKR4E/WqMTiWMlIUohpCB1WJ7LrTw2o2gEgUvIKRWL5e+qOgRRhKL0Akl5h?= =?us-ascii?Q?Tg+HlyiyGO5c2UxMQjL3UGTkZUkdwA1N5KLU2ecjltua9AwyOsH8zRAnFx9A?= =?us-ascii?Q?2+v3bc+3rbqcr8myh818C13tE+B+zUfICbOJlspRddbbNUYlNTZVYJlS7dBA?= =?us-ascii?Q?LuBn0FYZy/RAYSEUOcUI9C+ViikaipaDF4jgYTsWuU8H2stR2G31dFZABont?= =?us-ascii?Q?QroMwpMd5KypvzfZjHCoE+IYHDNClVJA1B8K4+3JBYi8afNc0zRRP15qb+ZG?= =?us-ascii?Q?sT0IVDQ8MRVvGMiQYHNfpZUDzN8sG3e6ej1Pibzz2mL4oD8pD7Uqy2saPEOy?= =?us-ascii?Q?w9VVBGQIAUDRC7HxabVCnklVz4mWgc5DeoeHEYcNdaCgyzczzSTCTfg40yuZ?= =?us-ascii?Q?LCBrE89vSssGLXwWRSW+zTdFHD8lFCsd/fqrVFZVGhvCFcgtsRLMW6PaueBO?= =?us-ascii?Q?X0sPFHqzvxfthdAwPHB/8J7QwIj6KsBnBhB6ry/PtcZ71daZYH7VG5RwtMGW?= =?us-ascii?Q?x03fjlxAW24/MmCADhzQZV+hHsz8Q7NSI9Akl7Ph7tjOdraJihjGyvKyzbcX?= =?us-ascii?Q?6P8kLgta4qcOBH3cGfeI1pg1FRStMCnuWIbC6Dsx0TqI6owkAHh0sA+1ojFj?= =?us-ascii?Q?TKzJfUmBxSl1bg+JjLqfLvAap70nqS+Vpzd6MIXRF/HX6KshgWgLwc4oku/M?= =?us-ascii?Q?6KW9GR8j01xR3EbSLe3rWCwppG+3GGS9FEDvramNmMf7PhV7VRMuSCORoCuP?= =?us-ascii?Q?H5E8okzNPr/nzGskMVbOD5CaeOYLxkO/rkvuLjici6SBarSVSRLTOxJd4HrS?= =?us-ascii?Q?ADbPhvRE2CvdD9mHyGWKm/Q3AaZK6gZjBmjDlA8HWAjzFIY+AqowCwJ5GpuB?= =?us-ascii?Q?P8RttjDNBkLGTpm9Z18p8ppDBcwtEmYi53/eVCjnTqbwkUOtVwZk6+2CuKqx?= =?us-ascii?Q?cc2F+i/8+fTjvIis4HVp+v2uAhB+FX2+n00Z7h0YR/yjcwW8kdHD?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 29718a0d-624e-42b4-f1dd-08deb237a2d1 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:35.8483 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fKmsCdjKJ8vpx90DBOIOfW/OxaAq3UQvlUw2NLGvjh6rHLTKZIyrdWhNugOgiihwwfqFGLUjPgn2q8Qxv135Uw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818124-E0C65443-40950EE5/0/0 X-purgate-type: clean X-purgate-size: 25164 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818328415158500 Content-Type: text/plain; charset="utf-8" Add the RMI_REC_ENTER loop for Realm vCPUs. Handle host events, vGIC/timer sync, WFI/WFE, MMIO and PSCI exits. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/rec.c | 672 +++++++++++++++++++++++++++ xen/arch/arm/domain.c | 4 + xen/arch/arm/include/asm/arm64/hsr.h | 1 + xen/arch/arm/include/asm/hsr.h | 4 + 4 files changed, 681 insertions(+) diff --git a/xen/arch/arm/cca/rec.c b/xen/arch/arm/cca/rec.c index 8314a7a45d95..efff7fa48745 100644 --- a/xen/arch/arm/cca/rec.c +++ b/xen/arch/arm/cca/rec.c @@ -1,14 +1,56 @@ /* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Dedicated Realm REC execution path for Xen/Arm. + * + * Key points: + * - The Realm executes under RMM. When it accesses emulated devices, the = RMM + * causes a REC exit and provides ESR/FAR/HPFAR plus exit metadata in th= e REC + * exit buffer. With RMI v2.0, vGIC LR state is exchanged through the re= al + * ICH registers rather than REC run-buffer fields (unlike RMI v1.x). + * - Xen bridges such exits into the existing Arm MMIO emulation backend + * (try_handle_mmio_regops), which already services vGIC and other emula= ted + * devices for non-Realm guests. The emulation reads the guest GPRs and = may + * return a value to the guest. We propagate that value back to the RMM = on + * the next REC enter using the RMI REC_ENTER flags/gpr0 contract. + * - Around REC enter/exit, Xen synchronizes the vGIC directly with the ICH + * registers and feeds the REC exit timer snapshot into Realm-specific + * timer state. + */ =20 +#include +#include #include #include +#include #include #include =20 #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include #include =20 +#include + +#include "rmi.h" + +struct arm_cca_mmio_ctxt { + const struct arm_cca_rmi_rec_exit *exit; + register_t result; +}; + struct arm_cca_timer { struct vcpu *v; unsigned int irq; @@ -23,6 +65,13 @@ struct arm_cca_vcpu_timers { struct timer wfx; }; =20 +/* + * Keep Realm guests on the GICv3 sysreg CPU interface. This vGIC path has= no + * IRQ/FIQ bypass, so ICC_SRE_EL1 is exposed as a fixed SRE|DFB|DIB value. + */ +#define ARM_CCA_ICC_SRE_EL1_VALUE \ + (GICC_SRE_EL2_SRE | GICC_SRE_EL2_DFB | GICC_SRE_EL2_DIB) + static void arm_cca_timer_update_irq(struct arm_cca_timer *timer) { register_t ctl =3D timer->ctl; @@ -88,3 +137,626 @@ void arm_cca_vcpu_timer_destroy(struct vcpu *v) kill_timer(&timers->wfx); XFREE(v->arch.cca.timers); } + +static void arm_cca_timer_program(struct arm_cca_timer *timer) +{ + s_time_t expires; + + migrate_timer(&timer->timer, timer->v->processor); + + if ( timer->ctl & CNTx_CTL_ENABLE ) + { + expires =3D (timer->cval > boot_count) + ? ticks_to_ns(timer->cval - boot_count) + : 0; + set_timer(&timer->timer, expires); + } + else + stop_timer(&timer->timer); +} + +static void arm_cca_timer_sync(struct arm_cca_timer *timer, + register_t ctl, uint64_t cval) +{ + timer->ctl =3D ctl; + timer->cval =3D cval; + + arm_cca_timer_program(timer); + arm_cca_timer_update_irq(timer); +} + +static register_t arm_cca_mmio_read_reg(void *ctxt, int reg) +{ + struct arm_cca_mmio_ctxt *mmio =3D ctxt; + + /* + * This callback is used only when Xen's MMIO core emulates a write and + * asks for the store data. For a Realm emulatable Data Abort, the RM= M ABI + * does not provide a full guest GPR file indexed by ESR_EL2.ISS.SRT. + * Instead, the write data is provided in run.exit.gprs[0]. + * + * For an emulated read, arm_cca_mmio_write_reg() below captures the v= alue + * produced by the device model and arm_cca_set_mmio_result() returns = it to + * the RMM in run.enter.gprs[0]. The RMM then writes it back to the + * faulting guest register selected by ESR_EL2.ISS.SRT. + */ + return mmio->exit->gprs[0]; +} + +static void arm_cca_mmio_write_reg(void *ctxt, int reg, register_t value) +{ + struct arm_cca_mmio_ctxt *mmio =3D ctxt; + + mmio->result =3D value; +} + +static const struct mmio_regops arm_cca_mmio_regops =3D { + .read =3D arm_cca_mmio_read_reg, + .write =3D arm_cca_mmio_write_reg, +}; + +static void check_for_pcpu_work(void) +{ + ASSERT(!local_irq_is_enabled()); + + while ( softirq_pending(smp_processor_id()) ) + { + local_irq_enable(); + do_softirq(); + local_irq_disable(); + } +} + +static void arm_cca_service_host_events(void) +{ + ASSERT(!local_irq_is_enabled()); + + local_irq_enable(); + local_irq_disable(); + check_for_pcpu_work(); +} + +static void arm_cca_check_for_vcpu_work(struct vcpu *v) +{ + if ( likely(!v->arch.need_flush_to_ram) ) + return; + + check_for_pcpu_work(); + + local_irq_enable(); + p2m_flush_vm(v); + local_irq_disable(); +} + +static void noreturn arm_cca_wait_forever(struct vcpu *v) +{ + for ( ; ; ) + { + /* Scheduler helpers expect local IRQs enabled when taking locks */ + local_irq_enable(); + vcpu_block(); + local_irq_disable(); + arm_cca_service_host_events(); + } +} + +static void arm_cca_wait_until_online(struct vcpu *v) +{ + while ( test_bit(_VPF_down, &v->pause_flags) ) + { + /* Scheduler helpers expect local IRQs enabled when taking locks */ + local_irq_enable(); + vcpu_block(); + local_irq_disable(); + arm_cca_service_host_events(); + } +} + +static bool arm_cca_wfxt_expired(register_t timeout) +{ + return (int64_t)(get_cycles() - timeout) >=3D 0; +} + +static void arm_cca_wait_until_wfxt_timeout(struct vcpu *v, + register_t timeout) +{ + s_time_t expires; + + ASSERT(!local_irq_is_enabled()); + + if ( arm_cca_wfxt_expired(timeout) ) + return; + + expires =3D (timeout > boot_count) ? ticks_to_ns(timeout - boot_count)= : 0; + + set_bit(_VPF_blocked, &v->pause_flags); + smp_mb__after_atomic(); + + arch_vcpu_block(v); + + if ( local_events_need_delivery_nomask() || arm_cca_wfxt_expired(timeo= ut) ) + { + clear_bit(_VPF_blocked, &v->pause_flags); + return; + } + + migrate_timer(&v->arch.cca.timers->wfx, v->processor); + set_timer(&v->arch.cca.timers->wfx, expires); + + raise_softirq(SCHEDULE_SOFTIRQ); + + /* Let the scheduler softirq run while the WFxT timer can unblock us. = */ + local_irq_enable(); + local_irq_disable(); + + stop_timer(&v->arch.cca.timers->wfx); + arm_cca_service_host_events(); +} + +static void noreturn arm_cca_domain_crash(struct vcpu *v) +{ + domain_crash(v->domain); + arm_cca_wait_forever(v); +} + +/* DEN0137 2.0-bet1 - D1.6.1 Interrupt flow. */ +static void arm_cca_prepare_rec_enter(struct arm_cca_rmi_rec_run *run, + unsigned long entry_flags, + const register_t *entry_gprs) +{ + register_t hcr; + + memset(&run->enter, 0, sizeof(run->enter)); + run->enter.flags =3D entry_flags; + memcpy(run->enter.gprs, entry_gprs, sizeof(run->enter.gprs)); + + /* + * RMI v2.0 removes the run-buffer GIC fields. The RMM validates and + * consumes the real ICH_LR_EL2 state left by the Host, so flush Xe= n's + * vGIC model directly into hardware before REC_ENTER. + */ + vgic_sync_to_lrs(); + + /* + * DEN0137 A6.1 requires ICH_HCR_EL2.En to be clear on REC exit. Re-en= able + * the virtual CPU interface for the next Realm entry while preserving= the + * rest of the GIC CPU interface state carried in ICH_HCR_EL2. + */ + hcr =3D READ_SYSREG(ICH_HCR_EL2); + WRITE_SYSREG(hcr | GICH_HCR_EN, ICH_HCR_EL2); + isb(); +} + +/* DEN0137 2.0-bet1 - D1.6.1 Interrupt flow. */ +static void arm_cca_sync_vgic_exit(struct vcpu *v) +{ + /* + * In RMI v2.0 the RMM leaves the GIC owner Plane state in the hardware + * ICH registers on REC exit. Consume it directly through Xen's generic + * vGIC LR sync path. + */ + isb(); + vgic_sync_from_lrs(v); +} + +/* + * DEN0137 2.0-bet1 - D1.6.2 Timer interrupt delivery flow. + * Keep the REC exit timer snapshot in Realm-specific state. The normal + * v->arch.{phys,virt}_timer state is tied to non-Realm EL1 context switch + * save/restore and must not be overwritten with RMM-owned timer state. + */ +static void arm_cca_sync_rec_exit(struct vcpu *v, + const struct arm_cca_rmi_rec_exit *exit) +{ + arm_cca_sync_vgic_exit(v); + arm_cca_timer_sync(&v->arch.cca.timers->phys, + exit->cntp_ctl, exit->cntp_cval); + arm_cca_timer_sync(&v->arch.cca.timers->virt, + exit->cntv_ctl, exit->cntv_cval); +} + +static paddr_t arm_cca_mmio_lookup_gpa(paddr_t ipa) +{ + /* + * Realm creation currently sets RmiRealmParams::s2sz to p2m_ipa_bits. + * Use the Realm's own s2sz here if that becomes per-domain later. + */ + unsigned int ipa_bits =3D p2m_ipa_bits; + paddr_t mask; + paddr_t prot_bit; + + if ( ipa_bits =3D=3D 0 || ipa_bits > sizeof(paddr_t) * 8 ) + return ipa; + + mask =3D GENMASK_ULL(ipa_bits - 1, 0); + + ipa &=3D mask; + + /* + * DEN0137 2.0-bet1 - A5.2.1 Realm IPA space and D2.1 Realm shared + * memory protocol description. + * + * RMM reports the IPA which caused the REC exit. In Realm IPA + * space, bit[s2sz - 1] is the protection attribute; if it is set, + * the access is to the Unprotected alias. Xen's MMIO handlers are + * registered against the ordinary guest physical address, so use the + * lower alias as the lookup key rather than retrying after failure. + */ + prot_bit =3D (paddr_t)1 << (ipa_bits - 1); + if ( ipa & prot_bit ) + { + ipa &=3D ~prot_bit; + } + + return ipa; +} + +static void arm_cca_set_mmio_result(unsigned long *entry_flags, + register_t *entry_gprs, + register_t value) +{ + *entry_flags |=3D ARM_CCA_RMI_REC_ENTER_FLAG_EMUL_MMIO; + entry_gprs[0] =3D value; +} + +static void arm_cca_request_sea(unsigned long *entry_flags, + register_t *entry_gprs) +{ + *entry_flags |=3D ARM_CCA_RMI_REC_ENTER_FLAG_INJECT_SEA; + entry_gprs[0] =3D 0; +} + +static bool +arm_cca_rec_enter_failed_after_shutdown(const struct vcpu *v, + const struct arm_smccc_res *res) +{ + return v->domain->is_shutting_down && + arm_cca_rmi_status_is(arm_cca_rmi_result(res), + ARM_CCA_RMI_ERROR_REALM); +} + +/* DEN0137 2.0-bet1 - D1.3.4 MMIO emulation flow. */ +static void arm_cca_handle_mmio(struct vcpu *v, + const struct arm_cca_rmi_rec_exit *exit, + unsigned long *entry_flags, + register_t *entry_gprs) +{ + union hsr hsr =3D { .bits =3D exit->esr }; + paddr_t raw_gpa =3D ((paddr_t)(exit->hpfar & HPFAR_MASK) << (12 - 4)) | + (exit->far & ~PAGE_MASK); + mmio_info_t info =3D { + .dabt =3D hsr.dabt, + .gpa =3D raw_gpa, + }; + struct arm_cca_mmio_ctxt ctxt =3D { + .exit =3D exit, + .result =3D 0, + }; + enum io_state state; + + if ( !hsr.dabt.valid ) + { + gprintk(XENLOG_INFO, + "ARM CCA: MMIO abort without valid syndrome esr=3D%#lx far= =3D%#llx hpfar=3D%#llx\n", + exit->esr, + (unsigned long long)exit->far, + (unsigned long long)exit->hpfar); + arm_cca_request_sea(entry_flags, entry_gprs); + return; + } + + info.dabt_instr.state =3D INSTR_VALID; + info.gpa =3D arm_cca_mmio_lookup_gpa(raw_gpa); + + state =3D try_handle_mmio_regops(v, &info, &arm_cca_mmio_regops, &ctxt= ); + + if ( state =3D=3D IO_HANDLED ) + { + arm_cca_set_mmio_result(entry_flags, entry_gprs, ctxt.result); + } + else + { + gprintk(XENLOG_INFO, + "ARM CCA: MMIO emulation failed state=3D%d raw_gpa=3D%#llx= gpa=3D%#llx esr=3D%#lx\n", + state, + (unsigned long long)raw_gpa, + (unsigned long long)info.gpa, + exit->esr); + arm_cca_request_sea(entry_flags, entry_gprs); + } +} + +/* + * DEN0137 2.0-bet1 - D1.4.1 PSCI_CPU_ON flow. + * Xen reuses the same completion hook for related PSCI exits. + */ +static void +arm_cca_handle_psci_complete(struct vcpu *v, + const struct arm_cca_rmi_rec_exit *exit) +{ + unsigned int target =3D vaffinity_to_vcpuid(exit->gprs[1]); + struct vcpu *target_vcpu; + struct arm_smccc_res res; + bool wake =3D false; + int rc; + + if ( target >=3D v->domain->max_vcpus ) + { + gprintk(XENLOG_ERR, "ARM CCA: invalid PSCI target vCPU %u\n", + target); + arm_cca_domain_crash(v); + } + + target_vcpu =3D v->domain->vcpu[target]; + if ( target_vcpu =3D=3D NULL || target_vcpu->arch.cca.rec =3D=3D INVAL= ID_PADDR ) + { + gprintk(XENLOG_ERR, + "ARM CCA: missing target REC for PSCI target vCPU %u\n", + target); + arm_cca_domain_crash(v); + } + + rc =3D arm_cca_rmi_psci_complete(v->arch.cca.rec, target_vcpu->arch.cc= a.rec, + PSCI_SUCCESS, &res); + if ( rc !=3D 0 ) + { + gprintk(XENLOG_ERR, + "ARM CCA: RMI_PSCI_COMPLETE failed status=3D%#x data=3D%#l= x\n", + arm_cca_rmi_status_code(arm_cca_rmi_result(&res)), + (unsigned long)arm_cca_rmi_result_data( + arm_cca_rmi_result(&res))); + arm_cca_domain_crash(v); + } + + if ( exit->gprs[0] =3D=3D PSCI_0_2_FN32_CPU_ON || + exit->gprs[0] =3D=3D PSCI_0_2_FN64_CPU_ON ) + { + wake =3D test_and_clear_bit(_VPF_down, &target_vcpu->pause_flags); + if ( wake ) + vcpu_wake(target_vcpu); + } +} + +static void arm_cca_handle_psci_exit(struct vcpu *v, + const struct arm_cca_rmi_rec_exit *ex= it) +{ + switch ( exit->gprs[0] ) + { + case PSCI_0_2_FN32_CPU_SUSPEND: + case PSCI_0_2_FN64_CPU_SUSPEND: + /* Scheduler helpers expect local IRQs enabled when taking locks */ + local_irq_enable(); + vcpu_block_unless_event_pending(v); + local_irq_disable(); + arm_cca_service_host_events(); + break; + + case PSCI_0_2_FN32_CPU_OFF: + if ( !test_and_set_bit(_VPF_down, &v->pause_flags) ) + vcpu_sleep_nosync(v); + arm_cca_wait_until_online(v); + break; + + case PSCI_0_2_FN32_CPU_ON: + case PSCI_0_2_FN64_CPU_ON: + case PSCI_0_2_FN32_AFFINITY_INFO: + case PSCI_0_2_FN64_AFFINITY_INFO: + arm_cca_handle_psci_complete(v, exit); + break; + + case PSCI_0_2_FN32_SYSTEM_OFF: + domain_shutdown(v->domain, SHUTDOWN_poweroff); + arm_cca_wait_forever(v); + + case PSCI_0_2_FN32_SYSTEM_RESET: + domain_shutdown(v->domain, SHUTDOWN_reboot); + arm_cca_wait_forever(v); + + default: + gprintk(XENLOG_ERR, + "ARM CCA: unsupported PSCI exit fid=3D%#lx\n", + exit->gprs[0]); + arm_cca_domain_crash(v); + } +} + + +/* + * DEN0137 2.0-bet1 - D1.3.3 REC exit due to Data Abort fault flow. + */ +static void arm_cca_handle_sync_exit(struct vcpu *v, + const struct arm_cca_rmi_rec_exit *ex= it, + unsigned long *entry_flags, + register_t *entry_gprs) +{ + union hsr hsr =3D { .bits =3D exit->esr }; + + switch ( hsr.ec ) + { + case HSR_EC_WFI_WFE: + /* + * DEN0137 2.0-bet1 - A4.3.4.1 REC exit due to WFI or WFE. + * WFET/WFIT exits provide the timeout value in rec_exit.gprs[0]. + * Treat a non-zero timeout as authoritative because the same sect= ion + * only guarantees ESR.ISS.TI for this exit class. + */ + if ( (hsr.bits & HSR_WFI_WFE_WFXT) || exit->gprs[0] ) + { + arm_cca_wait_until_wfxt_timeout(v, exit->gprs[0]); + break; + } + + /* Scheduler helpers expect local IRQs enabled when taking locks */ + local_irq_enable(); + if ( hsr.bits & HSR_WFI_WFE_WFE ) + vcpu_yield(); + else + vcpu_block_unless_event_pending(v); + + local_irq_disable(); + arm_cca_service_host_events(); + break; + + case HSR_EC_DATA_ABORT_LOWER_EL: + /* vGIC MMIO paths expect local IRQs enabled for spin_lock_irq */ + local_irq_enable(); + arm_cca_handle_mmio(v, exit, entry_flags, entry_gprs); + local_irq_disable(); + break; + + default: + gprintk(XENLOG_ERR, + "ARM CCA: unsupported REC sync exit ec=3D%#x esr=3D%#lx\n", + hsr.ec, exit->esr); + arm_cca_domain_crash(v); + } +} + +/* DEN0137 2.0-bet1 - D1.3.1 Realm entry and exit flow. */ +void noreturn arm_cca_vcpu_run(struct vcpu *v) +{ + struct arm_cca_rmi_rec_run *run; + struct arm_smccc_res res; + unsigned long entry_flags; + register_t entry_gprs[ARM_CCA_RMI_REC_NR_GPRS]; + int rc; + + ASSERT(v =3D=3D current); + ASSERT(!is_idle_vcpu(v)); + + if ( !is_vcpu_realm(v) ) + { + gprintk(XENLOG_ERR, + "ARM CCA: entered Realm run loop for non-Realm vCPU\n"); + arm_cca_domain_crash(v); + } + + if ( v->domain->arch.vgic.version !=3D GIC_V3 ) + { + gprintk(XENLOG_ERR, + "ARM CCA: only GICv3 Realms are supported\n"); + arm_cca_domain_crash(v); + } + + if ( v->arch.cca.run =3D=3D NULL || v->arch.cca.timers =3D=3D NULL || + v->arch.cca.run_pa =3D=3D INVALID_PADDR ) + { + gprintk(XENLOG_ERR, + "ARM CCA: REC runtime state is not bound\n"); + arm_cca_domain_crash(v); + } + + if ( v->arch.cca.rec =3D=3D INVALID_PADDR ) + { + gprintk(XENLOG_ERR, "ARM CCA: REC is not bound\n"); + arm_cca_domain_crash(v); + } + + run =3D v->arch.cca.run; + entry_flags =3D ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFI | + ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFE; + memset(entry_gprs, 0, sizeof(entry_gprs)); + + local_irq_disable(); + for ( ; ; ) + { + arm_cca_check_for_vcpu_work(v); + arm_cca_service_host_events(); + + arm_cca_prepare_rec_enter(run, entry_flags, entry_gprs); + entry_flags =3D ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFI | + ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFE; + memset(entry_gprs, 0, sizeof(entry_gprs)); + rc =3D arm_cca_rmi_rec_enter(v->arch.cca.rec, v->arch.cca.run_pa, = &res); + if ( rc !=3D 0 ) + { + if ( arm_cca_rec_enter_failed_after_shutdown(v, &res) ) + { + gprintk(XENLOG_INFO, + "ARM CCA: Realm domain is shutting down; " + "stopping vCPU\n"); + arm_cca_wait_forever(v); + } + + gprintk(XENLOG_ERR, + "ARM CCA: RMI_REC_ENTER failed status=3D%#x data=3D%#l= x\n", + arm_cca_rmi_status_code(arm_cca_rmi_result(&res)), + (unsigned long)arm_cca_rmi_result_data( + arm_cca_rmi_result(&res))); + arm_cca_domain_crash(v); + } + + arm_cca_sync_rec_exit(v, &run->exit); + + switch ( run->exit.exit_reason ) + { + case ARM_CCA_RMI_EXIT_IRQ: + case ARM_CCA_RMI_EXIT_FIQ: + arm_cca_service_host_events(); + break; + + case ARM_CCA_RMI_EXIT_PSCI: + arm_cca_handle_psci_exit(v, &run->exit); + break; + + case ARM_CCA_RMI_EXIT_RIPAS_CHANGE: + gprintk(XENLOG_ERR, + "ARM CCA: RIPAS change exits are unsupported\n"); + arm_cca_domain_crash(v); + + case ARM_CCA_RMI_EXIT_SYNC: + arm_cca_handle_sync_exit(v, &run->exit, &entry_flags, + entry_gprs); + break; + + case ARM_CCA_RMI_EXIT_HOST_CALL: + gprintk(XENLOG_ERR, + "ARM CCA: Host call exits are unsupported (imm=3D%#x)\= n", + (unsigned int)run->exit.imm); + arm_cca_domain_crash(v); + + case ARM_CCA_RMI_EXIT_SERROR: + gprintk(XENLOG_ERR, + "ARM CCA: SError exit from Realm REC\n"); + arm_cca_domain_crash(v); + + case ARM_CCA_RMI_EXIT_S2AP_CHANGE: + gprintk(XENLOG_ERR, + "ARM CCA: S2AP change exits are unsupported " + "range=3D%#lx-%#lx\n", + (unsigned long)run->exit.s2ap_base, + (unsigned long)run->exit.s2ap_top); + arm_cca_domain_crash(v); + + case ARM_CCA_RMI_EXIT_VDEV_REQUEST: + gprintk(XENLOG_ERR, + "ARM CCA: VDEV request exits are unsupported " + "id=3D%#lx:%#lx\n", + (unsigned long)run->exit.vdev_id_1, + (unsigned long)run->exit.vdev_id_2); + arm_cca_domain_crash(v); + + case ARM_CCA_RMI_EXIT_VDEV_VALIDATE_MAPPING: + gprintk(XENLOG_ERR, + "ARM CCA: VDEV mapping validation exits are unsupporte= d " + "range=3D%#lx-%#lx pa=3D%#lx\n", + (unsigned long)run->exit.dev_mem_base, + (unsigned long)run->exit.dev_mem_top, + (unsigned long)run->exit.dev_mem_pa); + arm_cca_domain_crash(v); + + case ARM_CCA_RMI_EXIT_VSMMU_COMMAND: + gprintk(XENLOG_ERR, + "ARM CCA: VSMMU command exits are unsupported " + "vsmmu=3D%#lx\n", + (unsigned long)run->exit.vsmmu); + arm_cca_domain_crash(v); + + default: + gprintk(XENLOG_ERR, + "ARM CCA: unknown REC exit reason %#x\n", + (unsigned int)run->exit.exit_reason); + arm_cca_domain_crash(v); + } + } +} diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index d2ee90248a44..c8330e7c969c 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -302,6 +302,10 @@ static void noreturn continue_new_vcpu(struct vcpu *pr= ev) =20 if ( is_idle_vcpu(current) ) reset_stack_and_jump(idle_loop); +#ifdef CONFIG_ARM_CCA + else if ( is_vcpu_realm(current) ) + arm_cca_vcpu_run(current); +#endif else if ( is_32bit_domain(current->domain) ) /* check_wakeup_from_wait(); */ reset_stack_and_jump(return_to_new_vcpu32); diff --git a/xen/arch/arm/include/asm/arm64/hsr.h b/xen/arch/arm/include/as= m/arm64/hsr.h index 1495ccddeab6..7cdddd6ae903 100644 --- a/xen/arch/arm/include/asm/arm64/hsr.h +++ b/xen/arch/arm/include/asm/arm64/hsr.h @@ -86,6 +86,7 @@ #define HSR_SYSREG_PMINTENCLR_EL1 HSR_SYSREG(3,0,c9,c14,2) #define HSR_SYSREG_MAIR_EL1 HSR_SYSREG(3,0,c10,c2,0) #define HSR_SYSREG_AMAIR_EL1 HSR_SYSREG(3,0,c10,c3,0) +#define HSR_SYSREG_ICC_DIR_EL1 HSR_SYSREG(3,0,c12,c11,1) #define HSR_SYSREG_ICC_SGI1R_EL1 HSR_SYSREG(3,0,c12,c11,5) #define HSR_SYSREG_ICC_ASGI1R_EL1 HSR_SYSREG(3,1,c12,c11,6) #define HSR_SYSREG_ICC_SGI0R_EL1 HSR_SYSREG(3,2,c12,c11,7) diff --git a/xen/arch/arm/include/asm/hsr.h b/xen/arch/arm/include/asm/hsr.h index 9b91b28c48e3..29a91bf866f1 100644 --- a/xen/arch/arm/include/asm/hsr.h +++ b/xen/arch/arm/include/asm/hsr.h @@ -168,6 +168,10 @@ union hsr { #endif }; =20 +/* HSR.EC =3D=3D HSR_EC_WFI_WFE */ +#define HSR_WFI_WFE_WFE (_AC(1, UL) << 0) +#define HSR_WFI_WFE_WFXT (_AC(1, UL) << 1) + /* HSR.EC =3D=3D HSR_CP{15,14,10}_32 */ #define HSR_CP32_OP2_MASK (0x000e0000) #define HSR_CP32_OP2_SHIFT (17) --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818327850829.2033499375692; Thu, 14 May 2026 21:12:07 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309429.1580501 (Exim 4.92) (envelope-from ) id 1wNjts-0001Mb-Ma; Fri, 15 May 2026 04:11:48 +0000 Received: by outflank-mailman (output) from mailman id 1309429.1580501; Fri, 15 May 2026 04:11:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjts-0001MN-IW; Fri, 15 May 2026 04:11:48 +0000 Received: by outflank-mailman (input) for mailman id 1309429; Fri, 15 May 2026 04:11:47 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtq-0000ts-Qa for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:47 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtq-0052Iz-6g for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:46 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-e002-0a2a0a5209dd-0a2a4505a2ee-20 for ; Fri, 15 May 2026 06:11:46 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-7 for ; Fri, 15 May 2026 06:08:45 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:38 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KHS27FapKNanGflrIFw/hM2kwNkQX/WePq3xlEM6xUNYPVEYtmx9BWO1Z6lo57SRVOTwKuWv/ZAJVGpMYzH/t45gcDmFMPL1TpT2xoz3DMHu0x4mJ25XYlLDKFkJ2k/pQfa7vfCntNIiyNowixl92fsBWYKmN/RVp5nEVX9ukyEYCxAd6vtJRwOOq2LhVMVcC4+is4oVh7CikZ9lWQMnKq0BINvo4jlkHpm0fg7JFXCeTT/ELG9LUT2CbPQtXyK32qdst02MDTmNjd1lSMdfBxhjdxGAoDxCMDE6HHyVHjLxUlzHs+p7zQnHi81MjMV7GtcnDF1bsUi9BOaLbfAQ3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S5/dP4DpjlJzyHFiGX9Dvr0WUYwSm5khsV8ePzx5S4I=; b=nmXuiUvdJ3Flt5/DT6NdKZ+A+dIDNxEmujoQV8WKWtYx4BU9X0SopJBgOr89fzHVPDAntfmSiHlnT5nNK9HD+Wo5R6ApOLUPQgydzW3Pk+PUOJLgFoAg+ql2VKFFV/QiRIE+9exzqW6+o1Amef6g/89ktFiso/zxjbRclDSaWmrp3j3d5Z7+47wE4jB2+xjJzpSfyy9KkwEl6z4piJ+lSnpUgxXV5ZxmSeUEW86aQo/AKW+hqbVmFoSH/tpQDmIlsKZ+sQSa7nWmyirpwD/16aEcN78nFBhjt50hbZxk27oXHF10mSh5ZD3Ll3j5bmFQsoxxOrJ36ZbftXFsESRIJQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S5/dP4DpjlJzyHFiGX9Dvr0WUYwSm5khsV8ePzx5S4I=; b=AlLdhX9vH/fpSFPgkhutEVZ8Y9i1S8sgzNpwya8a17SF/zHYi+guBKZwnQgUpjXj9nV4xtDq0y6W6pZL1alGZ2TY1MCNZk8pYARm2aEG0mTq0yoxcYcq0mtnpvRyWQYHsmwRvWXJHs278ob3NWrPu8CMST2cNsstFRC7qtG3Sx0= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 23/26] xen/arm/cca: handle Realm RIPAS and GIC sysreg exits Date: Fri, 15 May 2026 13:08:09 +0900 Message-ID: <20260515040812.983626-24-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYWPR01CA0023.jpnprd01.prod.outlook.com (2603:1096:400:aa::10) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: b2261427-5b75-45f1-8765-08deb237a34a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|3023799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: kKzqrQuiXntSMHlRULX9ohEW5gS0/Yqvl12mkFR5/s5V91S7VGC2Ugpvvm+28UOmz173JNZntmzvE2QrEQ98cFiFcgna7kdSPM6YGUjnM0xqi5R3CJcKFyBtN0dV/Dp4rNQGAyILXwz39mttyy4kRZNRDRl5dPBfuO9ry3oPw2b8vDktHYdrPtrzCO9bQyze7x0fyuOY48fD6gH8IpC/bZ0KYm2lnB6VMGwQw+gYs5Da12RgptpUYVoa+bppGLhDoKRI8FDD4wdL9HFMOf+LfiExyknbCwjI6vOd75gnZd7OAcEVLqItd1aucq9rGQmxYiGtlqtL2r+Y4cGKjTbojMJPfoCoXD1I2ejNvYrq6wajjGcw/OICmMB3/25tCN3pLWnOJHE4SKTAcvXTK5+EGHEhC5xkG2m/l+w6cVEtM6omKR+qxY7pCKmI2GdtIweaq5JQTX8depB5LgP1hAOtFQ1/rKiHIdPc0WCfi6DaRQhdu6X0eCFYt7UxkYZFboWRfloJVpqkJWvsP9+WFtpXHx3+i/TFPHaaGDjqM96It9gkK8IkNkN+22er7pC0MIK07epxjkP3SH/V6XvC8gvnKFlGq6CkaJwNbLvnFKHf32JbXfOZHm9QOEa91x/WzDxYpv1o/mpbtqCFeD/5IicP3A8+mmQViDwgj4SIUJIVQXgWfYs2ixTVA0rvacfxJs8H X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(3023799003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VbuRPicApTONRsXcvX3RJSw3ENkg2rRzKwgFu1fF4LoJR2fppAUKOM7U7A0r?= =?us-ascii?Q?S0AYWytJbMnedlp1I82OgsXd/442UGX1d+XAppmJRviyWefISlyRlO3DE5gE?= =?us-ascii?Q?VDmLOL8BVofqAKwM7hgjr8xYA+Oauayh8GGATNOLygs7WdH5AJagpPU9xJyo?= =?us-ascii?Q?qhVCnnnYK2sXaxsIjgCzgM9g00rIvsZjxzLKxVdhTBEY/CKVHx1Z7L3gfCNh?= =?us-ascii?Q?GPgQGKmLiaEWUr/muYaBJwIVmIX0AmsWub+6n2WfTg1bwvKEhm2evOLowgRo?= =?us-ascii?Q?ZXabVQ3gteTRZjUTRLrahwtfjLrRh6aObwlcQQ+4fc2l4u3b3P+Zjy4PQpob?= =?us-ascii?Q?ZQeAf2zqBxX1qSjjuiwNaohbl+UEp/17x1QATLQsDWYwHS1s0343y/s5V/E6?= =?us-ascii?Q?b+R/AKmikRes3Lp6JPp/hC7dx1DgGwPEOOW3w0E6Eas95jKZO7Q3SO0jAZjy?= =?us-ascii?Q?r1AR6KO5XT5s8QBCT+YqZfjVVF7uJ3z9t7MSx+itNd3jkowFE25G+kPoeIum?= =?us-ascii?Q?gO/mQh+MShOBJG3zOzpxztCwTc/OOVqZPWzS8Fo++oPAYjPZZCw17Cf1lLz/?= =?us-ascii?Q?RZrJ4Wq+09xsJwoFxdC0qXe5gQ/4sz6NfKXdI51CI0NaCUmPRNhNUNu9cp3y?= =?us-ascii?Q?bNFGOsvMnsbJER2r8nyf6cYvQaL/T7CG7xHIfxg2vwbcw6TIZY5Hprk6vI3G?= =?us-ascii?Q?4/kteMa2wTuNrM1wlpDD0Cr0qyOzEiOPDErMimEoU1TYWZPSB6HIxFdbll+d?= =?us-ascii?Q?waHzDEcogydr84G3GFDkh7mi5im+5wu5zg/vZT+7oyC4wwIzDKfdc83UrmRx?= =?us-ascii?Q?Txhj73/VEKWkGS9+dXWf0YzFZCyrOZHvPgrC8y2iwMbJN0dC8+hdrk2943jL?= =?us-ascii?Q?66r43zkJ2TZnAXzAXVhf0D4tSwy4hXmeTrhCMkKlf4UqXA9vlsXzERhMcuGD?= =?us-ascii?Q?/IZxSy5HFAwIakNy+lFY1XsL84vHiL5Uu0siSPFMBBivLKz7I8PIl/Ny1lJf?= =?us-ascii?Q?TY5T8f+4Hk/jM5i4sH1jaiutGB+TbpCzYbKL9iZ5MIH+ETXW3TTU2niJfTR8?= =?us-ascii?Q?4D8DycSuLq9SFPxoKxb/TwIhkiubjHPHs802jk7UXHLtkP/VlNQ2kMWuAOP9?= =?us-ascii?Q?8R+8zlgYEuPFsOSxUPfYlurx5I0O/8yI6VnC3KPYAjjTerBlUG3NjVpr+vWf?= =?us-ascii?Q?XqLmfGrg6K9be2YNuIQwQhThHwzR7/dww8B9T0R3ZmX8Xjp+/xCjXGGIKrcY?= =?us-ascii?Q?60Q2JdIElYxvwBQJUmSTLRhKqlMyoyl6dS5QgkuyXf28nJeEBkaV1bB2K/wc?= =?us-ascii?Q?q6Y+uwr52N8irgjEswNgauOrng1MRSUuwZqMzzWmsu0wkvGvFGY8ZYmWL493?= =?us-ascii?Q?vhVK8UtVhgZuGp7a1lbdfX08YQc44mnbxSmF84DsnBKJvfheNI+mF0Pe6Ea4?= =?us-ascii?Q?j6OQjoe/wJkKKGpfMe4YDH9xxseXmWjU0bb6KO/kpkHsgExEDiuidguczV/U?= =?us-ascii?Q?5NakORDdk53Mse2lrymUuLOv5M2BBhEuizJp9vLHKs73N5T+uZuBPPU0SGw2?= =?us-ascii?Q?xBv28DDlWyWdXsMwJkkSwTjZRdnivqh0U9U/Igz5SQvte3yhcqSqH75U33fo?= =?us-ascii?Q?w4bNstqzPnMeysI29FMdopxvpIpvYSuPZU65ugq7hwAKNsd8gurInXocvL1u?= =?us-ascii?Q?9vHOCNhWsRKcCLjmyAbz+KmqG4LitEgPFYhNu3SzG88s/LCOZyGqbfR+5Ncf?= =?us-ascii?Q?9NijOhNZva6Js6YzUepFAdeMcDSUoF5ncLezfuw3TzXxE2q7q+Z5?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: b2261427-5b75-45f1-8765-08deb237a34a X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:36.6233 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: e5RGytGlFMehnYhjDNOxuxmCZ5zeP8ruGMsKRE+DMT8JhHp6cziGk1VpWXXPtMO3sNBDKNpJMVQrTEUtxtaAAQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818125-DB961443-325CF7CC/0/0 X-purgate-type: clean X-purgate-size: 9354 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818328423158500 Content-Type: text/plain; charset="utf-8" Handle RIPAS changes and selected GICv3 sysreg exits. RIPAS work runs before the next REC entry, and sysreg transfers use ESR_EL2.ISS.Rt. Signed-off-by: Koichiro Den --- xen/arch/arm/cca/rec.c | 209 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 206 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cca/rec.c b/xen/arch/arm/cca/rec.c index efff7fa48745..7959fb767e11 100644 --- a/xen/arch/arm/cca/rec.c +++ b/xen/arch/arm/cca/rec.c @@ -399,6 +399,66 @@ static void arm_cca_set_mmio_result(unsigned long *ent= ry_flags, entry_gprs[0] =3D value; } =20 +static register_t +arm_cca_rec_exit_gpr(const struct arm_cca_rmi_rec_exit *exit, + unsigned int reg) +{ + return reg < ARM_CCA_RMI_REC_NR_GPRS ? exit->gprs[reg] : 0; +} + +static void arm_cca_rec_enter_set_gpr(register_t *entry_gprs, + unsigned int reg, + register_t value) +{ + if ( reg < ARM_CCA_RMI_REC_NR_GPRS ) + entry_gprs[reg] =3D value; +} + +static bool arm_cca_vgic_emulate_sgi1r(struct vcpu *v, register_t sgir) +{ + return vgic_v3_to_sgi(v, sgir); +} + +static bool arm_cca_vgic_emulate_dir(struct vcpu *v, register_t dir) +{ + unsigned int virq =3D dir & GICC_IAR_INTID_MASK; + struct gic_lr lr; + unsigned int i; + + /* + * RMM may exit to Xen for Realm ICC_DIR_EL1 accesses. Handle the + * deactivation locally when Xen can find a matching software LR. + * DEN0137 2.0-bet1 - A6.1 Realm interrupts. + */ + if ( virq >=3D vgic_num_irqs(v->domain) ) + return true; + + for ( i =3D 0; i < gic_get_nr_lrs(); i++ ) + { + gic_hw_ops->read_lr(i, &lr); + + if ( lr.virq !=3D virq || !lr.active ) + continue; + + if ( lr.hw_status ) + { + gprintk(XENLOG_ERR, + "ARM CCA: ICC_DIR_EL1 on hw-backed vIRQ %u is unsuppor= ted\n", + virq); + return false; + } + + lr.active =3D false; + gic_hw_ops->write_lr(i, &lr); + isb(); + vgic_sync_from_lrs(v); + + return true; + } + + return true; +} + static void arm_cca_request_sea(unsigned long *entry_flags, register_t *entry_gprs) { @@ -560,6 +620,87 @@ static void arm_cca_handle_psci_exit(struct vcpu *v, } } =20 +/* + * DEN0137 2.0-bet1 - D1.5.3 RIPAS change flow. + * RIPAS_EMPTY and RIPAS_RAM changes are applied with RMI_RTT_SET_RIPAS. + * RIPAS_DEV requires VDEV mapping validation support, while RIPAS_DESTROY= ED + * is not a Realm-requested target state. + */ +static void +arm_cca_handle_ripas_change(struct vcpu *v, + const struct arm_cca_rmi_rec_exit *exit, + unsigned long *entry_flags) +{ + struct arm_smccc_res res; + paddr_t base =3D exit->ripas_base; + paddr_t top =3D exit->ripas_top; + int rc; + + if ( v->domain->arch.cca.rd =3D=3D INVALID_PADDR ) + { + gprintk(XENLOG_ERR, + "ARM CCA: missing RD for RIPAS completion\n"); + arm_cca_domain_crash(v); + } + + switch ( exit->ripas_value ) + { + case ARM_CCA_RMI_RIPAS_EMPTY: + case ARM_CCA_RMI_RIPAS_RAM: + break; + + default: + gprintk(XENLOG_ERR, + "ARM CCA: unsupported RIPAS change value=3D%u " + "range=3D%#lx-%#lx\n", + (unsigned int)exit->ripas_value, + (unsigned long)base, (unsigned long)top); + arm_cca_domain_crash(v); + } + + /* + * Note that RMI_RTT_SET_RIPAS uses the pending request recorded in the + * REC, so the Host does not pass the target RIPAS value explicitly he= re. + * + * Xen accepts the request while progress is possible. If a RIPAS_RAM + * request reaches a point the RMM cannot change, report Host rejectio= n on + * the next REC_ENTER so the Realm sees the normal RSI response. + */ + while ( base < top ) + { + rc =3D arm_cca_rmi_rtt_set_ripas(v->domain->arch.cca.rd, + v->arch.cca.rec, + base, top, &res); + if ( rc !=3D 0 ) + { + if ( exit->ripas_value =3D=3D ARM_CCA_RMI_RIPAS_RAM && + arm_cca_rmi_status_is(arm_cca_rmi_result(&res), + ARM_CCA_RMI_ERROR_RTT) ) + { + /* The RIPAS response flag value 1 means Host reject. */ + *entry_flags |=3D ARM_CCA_RMI_REC_ENTER_FLAG_RIPAS_RESPONS= E; + return; + } + + gprintk(XENLOG_ERR, + "ARM CCA: RMI_RTT_SET_RIPAS failed status=3D%#x data= =3D%#lx\n", + arm_cca_rmi_status_code(arm_cca_rmi_result(&res)), + (unsigned long)arm_cca_rmi_result_data( + arm_cca_rmi_result(&res))); + arm_cca_domain_crash(v); + } + + if ( res.a1 <=3D base || res.a1 > top ) + { + gprintk(XENLOG_ERR, + "ARM CCA: invalid RIPAS progress %#lx -> %#lx (top %#l= x)\n", + (unsigned long)base, res.a1, (unsigned long)top); + arm_cca_domain_crash(v); + } + + base =3D res.a1; + } +} =20 /* * DEN0137 2.0-bet1 - D1.3.3 REC exit due to Data Abort fault flow. @@ -573,6 +714,55 @@ static void arm_cca_handle_sync_exit(struct vcpu *v, =20 switch ( hsr.ec ) { + case HSR_EC_SYSREG: + { + unsigned int rt =3D hsr.sysreg.reg; + register_t val =3D arm_cca_rec_exit_gpr(exit, rt); + + /* + * Realm guests use the GICv3 sysreg CPU interface: + * - Linux expects ICC_SRE_EL1.SRE to read as enabled. + * - SGI generation and explicit deactivate stay in Xen's vGIC pat= h. + * + * DEN0137 2.0-bet1 A6.1 makes ICC_* traps System register exits, + * but A4.3.4.4 only guarantees ESR. Use the Rt encoded in ESR_EL= 2.ISS + * for the transfer GPR. Current TF-RMM clears Rt for these exits, + * making this equivalent to its gprs[0] convention. + */ + switch ( hsr.bits & HSR_SYSREG_REGS_MASK ) + { + case HSR_SYSREG_ICC_SRE_EL1: + arm_cca_rec_enter_set_gpr(entry_gprs, rt, + ARM_CCA_ICC_SRE_EL1_VALUE); + break; + case HSR_SYSREG_ICC_DIR_EL1: + if ( hsr.sysreg.read || + !arm_cca_vgic_emulate_dir(v, val) ) + { + gprintk(XENLOG_ERR, + "ARM CCA: unsupported ICC_DIR_EL1 access read=3D%u= val=3D%#lx\n", + hsr.sysreg.read, val); + arm_cca_domain_crash(v); + } + break; + case HSR_SYSREG_ICC_SGI1R_EL1: + if ( hsr.sysreg.read || + !arm_cca_vgic_emulate_sgi1r(v, val) ) + { + gprintk(XENLOG_ERR, + "ARM CCA: unsupported ICC_SGI1R_EL1 access read=3D= %u val=3D%#lx\n", + hsr.sysreg.read, val); + arm_cca_domain_crash(v); + } + break; + default: + gprintk(XENLOG_ERR, + "ARM CCA: unsupported SYSREG ec=3D%#x sysreg=3D%#lx\n", + hsr.ec, (unsigned long)(hsr.bits & HSR_SYSREG_REGS_MAS= K)); + arm_cca_domain_crash(v); + } + break; + } case HSR_EC_WFI_WFE: /* * DEN0137 2.0-bet1 - A4.3.4.1 REC exit due to WFI or WFE. @@ -619,6 +809,7 @@ void noreturn arm_cca_vcpu_run(struct vcpu *v) struct arm_smccc_res res; unsigned long entry_flags; register_t entry_gprs[ARM_CCA_RMI_REC_NR_GPRS]; + bool pending_ripas =3D false; int rc; =20 ASSERT(v =3D=3D current); @@ -663,6 +854,19 @@ void noreturn arm_cca_vcpu_run(struct vcpu *v) arm_cca_check_for_vcpu_work(v); arm_cca_service_host_events(); =20 + /* + * RMI_RTT_SET_RIPAS can cover a large range. The REC exit buffer + * remains valid until the next REC_ENTER, so complete the request + * here with IRQs enabled rather than in the exit dispatch path. + */ + if ( pending_ripas ) + { + local_irq_enable(); + arm_cca_handle_ripas_change(v, &run->exit, &entry_flags); + local_irq_disable(); + pending_ripas =3D false; + } + arm_cca_prepare_rec_enter(run, entry_flags, entry_gprs); entry_flags =3D ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFI | ARM_CCA_RMI_REC_ENTER_FLAG_TRAP_WFE; @@ -700,9 +904,8 @@ void noreturn arm_cca_vcpu_run(struct vcpu *v) break; =20 case ARM_CCA_RMI_EXIT_RIPAS_CHANGE: - gprintk(XENLOG_ERR, - "ARM CCA: RIPAS change exits are unsupported\n"); - arm_cca_domain_crash(v); + pending_ripas =3D true; + break; =20 case ARM_CCA_RMI_EXIT_SYNC: arm_cca_handle_sync_exit(v, &run->exit, &entry_flags, --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818153040351.78175766766356; Thu, 14 May 2026 21:09:13 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309359.1580447 (Exim 4.92) (envelope-from ) id 1wNjqz-0004i7-GC; Fri, 15 May 2026 04:08:49 +0000 Received: by outflank-mailman (output) from mailman id 1309359.1580447; Fri, 15 May 2026 04:08:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqz-0004h0-5V; Fri, 15 May 2026 04:08:49 +0000 Received: by outflank-mailman (input) for mailman id 1309359; Fri, 15 May 2026 04:08:47 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjqx-0004Hz-Ic for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:08:47 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjqw-0051ua-V3 for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:08:46 +0200 Received: from [10.42.69.12] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069c36-bab6-0a2a0a5309dd-0a2a450c90bc-16 for ; Fri, 15 May 2026 06:08:46 +0200 Received: from [52.101.228.84] (helo=OS0P286CU011.outbound.protection.outlook.com) by tlsNG-d25034.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c4b-62f1-0a2a450c0019-3465e45466d0-4 for ; Fri, 15 May 2026 06:08:46 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:38 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CL7k9eAPnqhprtJL9gq5e6Uvy1RbIs0+K4ile2ZQU/gp19XQxVncZNG0Zvaog81fp/26iu51TNwGeWK6WjLPRlkWoq1WeVv7xM0CW27CI2tFEdRi+18Y8C8DKJ1GuKjsaOqoD2+KeVHd0mHl4AUiPr5SPY+cG4PDxIkj3qYgBs/WXYZR2YCOJTRp5Fgt8WMDCb2GQqMH2s+ftUZwOoybquSWEOcnZUwAwjEaqT8gOFK1T227mnLotM9sACIffpaZzaJoDA+GRYZ85NQtTng+r32GpOhRufUGmB34YErV/fbaHRATFG6wCPFy2z7PDnAoWEIiFtSzCeK3MBc9QpogIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j+krazXWRn2IuLifiPb7Tk1sDo3QwLMY07VSIfj1R9Q=; b=JLf/JE1AvzGG77CrgGrsAcnKvu/5rl5t7Dox0sd3K0A3AGhdJmn8Q4MH6idQDO4uuK1mU2DlPCJmnY4YMzc9euGhVFm4K6C5nchPOd+Ud9wU5J/N0rKmPRws9P6Un+lKcZ8kJiuHCInDEzH7rbEdurk/6xmihINLkcEMBWBgHRCr6VJ33KDh3haqXklaWVm408zfZg39q8rjvnWoC3nteTPO9EWPgen34TpirXfFIvEVYOS+j7LzcIfHE0m/iT05RlX3pIpH67F64QVXDakpjb+YEpuga+Ykk1nySmoM+vz2ReJwJ/ooqmf1J/LbWeiVVRQ3Y92RK0oTB987GV7R/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j+krazXWRn2IuLifiPb7Tk1sDo3QwLMY07VSIfj1R9Q=; b=MPyNR1bU7ii98HiiopIPDw1iBTNpNIDdn2KSbNyhCczDdz+Pk5z+S/ZNh3pr3iAHJHtmEBuZAqpFHetM2DMeIy4oDeG5d/FXoBoHbyeEHYjICYDrfD9j3tJW/kyIoHJhXSjhs2i4VltMZkF4/XHyARm2iS0UyZHyNxvTWSnbMW4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 24/26] xen/arm, tools: add domctl for Realm finalization Date: Fri, 15 May 2026 13:08:10 +0900 Message-ID: <20260515040812.983626-25-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYCP286CA0208.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:385::18) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: ca413a0f-f277-485f-1923-08deb237a3bd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: WjI/btMcqFI0QZ2fBdJ37mLXCzdesxaTukRozNf6fW3C7Jv6PWYPrna+RiuwA67yMwdzUOgpklLV0n38DogTCIsEOzoZP1mBguUy4fP/t0A6PoAMLwmRGvVF1MAVb+O0hD1bIFn0pL9/mimfZh/xNWo8DGySx/2VG/needNjvFLFWtHbOEtBa7pYM3CQS/m/Y0ttwFbU8dgz0WJ+xEBo+1osAfYhxEoXXpNp035ISkLjxEAKdH4lFw2cGbAgWIz4lRh4ohVv1v3qrrWnRd29h7vjQidWmsGCP5KOxXix76CC1FDdh/Cfh++PvxmmFkMLFvnLto1OU7nrBMpyBLdNXdPZNAY2Bwh09G7VP+a/WH6rD0xB7aYulIC+R/G5aefRk5lvyZd8K5Xsq6bKjlC81vvSetYGP+25T8RRk/W8ywis/qHQTNLQ/73u0q/M9mCX9Oi1n46u4E35aEtrQ0sXmDP/0Ft8O/NwZci58CufHfGS9g9LBZyD3uOgE86V5Wxjv8MzT0MPWDesKCp/0ip4SVcdIhpB0C+ZcH3p8Le1cz7y0BRLYCPtB6p3cPo9ybxqBSbTDPYHMcGqr3dMxjVkIOCPsoCXkCpDJep0XvwMAHvgz8qTIVd3iNzEn6DYBS9JfDnI2swEGNzOqKcCxrj99aGHbw/43XWaQAXxj88kytlk3fQTFu6+fVBuwNpfYEr+ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?U+XofrQgZd0H5H47ZXWh21gtZoDVSe0ShuWC+pi9zFAohvZtQYe86iNuWIHi?= =?us-ascii?Q?QLiomfJkri71vUMivTAXZNHImCLsySaXkNBDmHhHbF1s0V7CoamaCZjajr7l?= =?us-ascii?Q?Q2VYMfTBKXIMuWqX3nHvCfzRAt4bROoS9nEOrWVKkfP/u3+31VJgIR4twOro?= =?us-ascii?Q?X0XFtjM1Ld6J+QcEnT8JEZQEb9f+cdv5fCUfKGYLXoXZQzkbBW8hrNr0PvPk?= =?us-ascii?Q?GVttty0OEf9O7Agq7TInHgRV7mBBrd71QhgtUYqFheMmuOSzcIdgDLsgwRyF?= =?us-ascii?Q?1xbG8JLACQNiq5oPtOXsQzzYQNsuuH83o4aiCTN96+86zqCk2Suz2uivBXdP?= =?us-ascii?Q?ZIJ7seVEa5z56CoBC6c53FsQQNlF3q5EU92aCAIl9wcu+VQzPgfakvoF5iwh?= =?us-ascii?Q?Nly0gGe/Adh7SAW/Mi3juTsHVfVMUMKqujvT53+9kS+CsrvufChPR4hle7zX?= =?us-ascii?Q?MPtxgPQRjcIUVqnEXrwNkpH++LstlKgw6dvjtgHOaH+FoeXTYOYjsW8+BMhH?= =?us-ascii?Q?TIPSxRvDrq8RhU0Akp715XlxV29BPdFY+lWwx0HugjSz1rSrC+w2/mg8IzUW?= =?us-ascii?Q?gNbgfiQGOwNM7L2v8XMCJcG8w98XJk6wfIRBhb1LdLQo7u0Z2dsKPB7cmTzK?= =?us-ascii?Q?aMNMP2K+kOMzzEFYcQEbWke5+rDl8goFJ+zMXm528Ee25lsBZkkPGTIVaJ+6?= =?us-ascii?Q?6MGqYIKJWVLhXaM9XJz3JQeh/BHgk9UafSGNP9pTzK66+zR7rSgHrTFrSUdO?= =?us-ascii?Q?/WjzkxOhmwQenVDtVy0OnaCmgMjOrXYwvgidDhYdx+dFdvbQhkR/oHfbTG0m?= =?us-ascii?Q?kzZdGFWSvSXlcqkzLxfPreUWoSn9FQ3kQyxZo8xb31/4NkmviSBHJn/Vq+T1?= =?us-ascii?Q?UuhQOOVD+P6JaMFFOgPvC4vQro3twGQFkaT2i9WYJhu+3VyVfvWmEldlD7nC?= =?us-ascii?Q?r4XxALkGiVxPGVpeacLxGBHUPDp2wxjuoGJYBG7Mf3yuK/r6j/aHylUbmqFQ?= =?us-ascii?Q?J9sZqUEQW9PN9oM/LqWAgmNxnDjSxg76rqF9IOircVJdnsAuxCjCd6+MVAFK?= =?us-ascii?Q?pujxmYdlfHnsBSL0LBRFClkvbbz/zCENYJ+q3fPM6lCs/0AlNVrNTyLneRX7?= =?us-ascii?Q?Ld1Mx6T1WQ4ZRh3TAhHe3CzXaTY6DV82R7RJN5sYQ8/FY6M/nfDeONNPc0gX?= =?us-ascii?Q?3cZndHYSwEFu79UEZqVTn8gHvCCmKX5wfAanCMS0V5M8Ew1sxdglXVQTufqR?= =?us-ascii?Q?Eot9e0GzW60BuNgTgBtW4OMIN2xnqYc/2SJDP9rmK2N46czVfxZezU8GL7nw?= =?us-ascii?Q?CA89c31yPhbGjOeUZwRK3r0bDdp2y8z5AoD64IuHBaypSz8ixJZ9wP1Dd07d?= =?us-ascii?Q?qWp5NDfe5NJTzkdx0LFJyc0+YBhqLomOZEURK/HYooBWJHdL3BDBDhO9Bj/w?= =?us-ascii?Q?8GkTw/bMODv2aCErysakD4U4goG9j50Lo5FDl8DUGk9RS6SWb1Y5R41F1Nzl?= =?us-ascii?Q?WkCpBmZYH0X+VscaowAljBzQ3IxmI9kpfsRiznIOZs7we67wIBL9+7gP2AnU?= =?us-ascii?Q?bquK087LCw0orDNMYfZSEXSaiN+BP6vwrOsRcri/xL7s8lg23dy/yAZu65T6?= =?us-ascii?Q?CLifDfqIwRglVoXPnn/M+gug2hCGrHq3catl39M5p8J/TmCIcMTZX2BZBhnD?= =?us-ascii?Q?DdGfgVyjrHZuQFPtM0YQG+bTzwYpeLCPKYtHSe1aVWqr51YpeTJemlBKvsUI?= =?us-ascii?Q?5PGtgSt98FdYw2oXemy/TV7AsdGeMZVRiWeUW5wr+oQN+mzNyTVd?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: ca413a0f-f277-485f-1923-08deb237a3bd X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:37.3843 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CkEcoTcGI3uIg/Nj9WvUHfWEoISyR2xVINWWy+kZ2XKXN25J6kT4nA4hykN53YoJG1/+INXPZ3S3BMTACgE3XQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-d25034/1778818126-F487BCF5-411EC66D/0/0 X-purgate-type: clean X-purgate-size: 8872 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818153695158500 Content-Type: text/plain; charset="utf-8" Add the domctl, libxc wrapper and XSM permission used by libxl to turn a paused Arm guest into a Realm. RMI failures are reported back as-is. Signed-off-by: Koichiro Den --- tools/flask/policy/modules/xen.if | 1 + tools/include/xenctrl.h | 12 ++++++ tools/libs/ctrl/xc_domain.c | 37 ++++++++++++++++++ xen/arch/arm/domctl.c | 60 +++++++++++++++++++++++++++++ xen/include/public/domctl.h | 12 ++++++ xen/xsm/flask/hooks.c | 3 ++ xen/xsm/flask/policy/access_vectors | 2 + 7 files changed, 127 insertions(+) diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules= /xen.if index ef7d8f438c65..5eb2d98341e9 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -98,6 +98,7 @@ define(`create_domain_common', ` vuart_op set_llc_colors get_domain_state + arm_cca_op }; allow $1 $2:security check_context; allow $1 $2:shadow enable; diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index d5dbf69c8968..149e15f7c531 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -808,6 +808,18 @@ int xc_dom_vuart_init(xc_interface *xch, xen_pfn_t gfn, evtchn_port_t *evtchn); =20 +/* + * Finalize a paused ARM domain as a Realm backed by RMM. The toolstack is + * expected to have already built a normal ARM guest image in the domain R= AM. + * + * Returns 0 on success, or -1 with errno set. If Xen receives an RMI error + * result from RMM, libxc logs the raw RMI result and reports EPROTO. + */ +int xc_arm_cca_init_realm(xc_interface *xch, + uint32_t domid, + xen_pfn_t base_gfn, + uint64_t nr_pages); + /** * This function returns information about the XSAVE state of a particular * vcpu of a domain. If extstate->size and extstate->xfeature_mask are 0, diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c index 01c0669c8863..3cb8da9cc07d 100644 --- a/tools/libs/ctrl/xc_domain.c +++ b/tools/libs/ctrl/xc_domain.c @@ -345,6 +345,43 @@ int xc_dom_vuart_init(xc_interface *xch, return rc; } =20 +int xc_arm_cca_init_realm(xc_interface *xch, + uint32_t domid, + xen_pfn_t base_gfn, + uint64_t nr_pages) +{ + struct xen_domctl domctl =3D {}; + int rc; + + memset(&domctl, 0, sizeof(domctl)); + + domctl.cmd =3D XEN_DOMCTL_arm_cca_op; + domctl.domain =3D domid; + domctl.u.arm_cca_op.cmd =3D XEN_DOMCTL_ARM_CCA_OP_INIT_REALM; + domctl.u.arm_cca_op.flags =3D 0; + domctl.u.arm_cca_op.base_gfn =3D base_gfn; + domctl.u.arm_cca_op.nr_pages =3D nr_pages; + + rc =3D do_domctl(xch, &domctl); + if ( rc < 0 ) + { + if ( domctl.u.arm_cca_op.rmi_result ) + { + xc_report_error(xch, XC_INTERNAL_ERROR, + "xc_arm_cca_init_realm failed with raw RMI " + "result 0x%llx", + (unsigned long long) + domctl.u.arm_cca_op.rmi_result); + errno =3D EPROTO; + return -1; + } + + return rc; + } + + return rc; +} + int xc_domain_getinfo_single(xc_interface *xch, uint32_t domid, xc_domaininfo_t *info) diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c index ad914c915f81..36461eeda633 100644 --- a/xen/arch/arm/domctl.c +++ b/xen/arch/arm/domctl.c @@ -16,6 +16,7 @@ #include #include #include +#include =20 void arch_get_domain_info(const struct domain *d, struct xen_domctl_getdomaininfo *info) @@ -49,6 +50,42 @@ static int handle_vuart_init(struct domain *d, return rc; } =20 +static int handle_arm_cca_init_realm(struct domain *d, + struct xen_domctl_arm_cca_op *cca_op) +{ +#ifdef CONFIG_ARM_CCA + uint64_t rmi_result =3D 0; + int rc; +#endif + + if ( cca_op->flags ) + return -EINVAL; + + cca_op->rmi_result =3D 0; + +#ifdef CONFIG_ARM_CCA + rc =3D arm_cca_domain_finalize(d, _gfn(cca_op->base_gfn), + cca_op->nr_pages, &rmi_result); + + /* + * Once Realm data conversion starts, the original guest RAM image can= no + * longer be trusted after a failed finalization attempt. + */ + if ( rc =3D=3D -EIO ) + domain_shutdown(d, SHUTDOWN_crash); + + if ( rc =3D=3D -EIO && rmi_result ) + { + cca_op->rmi_result =3D rmi_result; + return rc; + } + + return rc; +#else + return -EOPNOTSUPP; +#endif +} + long arch_do_domctl(struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { @@ -177,6 +214,29 @@ long arch_do_domctl(struct xen_domctl *domctl, struct = domain *d, =20 return rc; } + case XEN_DOMCTL_arm_cca_op: + { + struct xen_domctl_arm_cca_op *cca_op =3D &domctl->u.arm_cca_op; + + switch ( cca_op->cmd ) + { + case XEN_DOMCTL_ARM_CCA_OP_INIT_REALM: + { + long rc =3D handle_arm_cca_init_realm(d, cca_op); + + if ( rc =3D=3D -ERESTART ) + rc =3D hypercall_create_continuation(__HYPERVISOR_domctl, + "h", u_domctl); + else if ( rc =3D=3D -EIO && cca_op->rmi_result && + copy_to_guest(u_domctl, domctl, 1) ) + rc =3D -EFAULT; + + return rc; + } + default: + return -EINVAL; + } + } case XEN_DOMCTL_dt_overlay: return dt_overlay_domctl(d, &domctl->u.dt_overlay); default: diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index 8f6708c0a7cd..2562647d93d3 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -1201,6 +1201,16 @@ struct xen_domctl_vuart_op { */ }; =20 +/* XEN_DOMCTL_arm_cca_op */ +struct xen_domctl_arm_cca_op { +#define XEN_DOMCTL_ARM_CCA_OP_INIT_REALM 0 + uint32_t cmd; /* IN - XEN_DOMCTL_ARM_CCA_OP_* */ + uint32_t flags; /* IN - reserved, must be zero */ + uint64_aligned_t base_gfn; /* IN - first guest RAM gfn to protec= t */ + uint64_aligned_t nr_pages; /* IN - number of 4K pages to protect= */ + uint64_aligned_t rmi_result; /* OUT - raw RMI result on -EIO */ +}; + /* XEN_DOMCTL_vmtrace_op: Perform VM tracing operations. */ struct xen_domctl_vmtrace_op { uint32_t cmd; /* IN */ @@ -1368,6 +1378,7 @@ struct xen_domctl { #define XEN_DOMCTL_gsi_permission 88 #define XEN_DOMCTL_set_llc_colors 89 #define XEN_DOMCTL_get_domain_state 90 /* stable interface */ +#define XEN_DOMCTL_arm_cca_op 91 #define XEN_DOMCTL_gdbsx_guestmemio 1000 #define XEN_DOMCTL_gdbsx_pausevcpu 1001 #define XEN_DOMCTL_gdbsx_unpausevcpu 1002 @@ -1429,6 +1440,7 @@ struct xen_domctl { struct xen_domctl_monitor_op monitor_op; struct xen_domctl_psr_alloc psr_alloc; struct xen_domctl_vuart_op vuart_op; + struct xen_domctl_arm_cca_op arm_cca_op; struct xen_domctl_vmtrace_op vmtrace_op; struct xen_domctl_paging_mempool paging_mempool; #if defined(__arm__) || defined(__aarch64__) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 28522dcbd271..f95552992a26 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -805,6 +805,9 @@ static int cf_check flask_domctl(struct domain *d, unsi= gned int cmd, case XEN_DOMCTL_vuart_op: return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VUART_OP); =20 + case XEN_DOMCTL_arm_cca_op: + return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__ARM_CCA_OP); + case XEN_DOMCTL_get_cpu_policy: return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GET_CPU_POLI= CY); =20 diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/acc= ess_vectors index bbb9c117ec4a..dee895bef673 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -253,6 +253,8 @@ class domain2 set_llc_colors # XEN_DOMCTL_get_domain_state get_domain_state +# XEN_DOMCTL_arm_cca_op + arm_cca_op } =20 # Similar to class domain, but primarily contains domctls related to HVM d= omains --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818329728552.2614613077886; Thu, 14 May 2026 21:12:09 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309435.1580518 (Exim 4.92) (envelope-from ) id 1wNjtw-0001z3-G3; Fri, 15 May 2026 04:11:52 +0000 Received: by outflank-mailman (output) from mailman id 1309435.1580518; Fri, 15 May 2026 04:11:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtw-0001yr-CC; Fri, 15 May 2026 04:11:52 +0000 Received: by outflank-mailman (input) for mailman id 1309435; Fri, 15 May 2026 04:11:50 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtu-0001he-Ft for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:50 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtt-0052Iz-SF for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:49 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-e002-0a2a0a5209dd-0a2a4505a2ee-26 for ; Fri, 15 May 2026 06:11:49 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-9 for ; Fri, 15 May 2026 06:08:49 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:38 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bkv1vfI5O59KWDyXSA5ViGCg2IXxkdwp7owGBtNvMwvokpEomtjQnXw+JxUN9uamIOV1l+YqoK059pLHKbU69Sm7OI4vFocvHSFWQl0MjctEz+sJ8VQqn8aqIuxFFI44khV3vFW/25kexn/xCFrN5dR7nSe0P9ElRbqK0zEh8efvOkpON6K7QjDwW5bXZcKv2M3YHVDYQ3F4tk18r5Xq9e9075efGYRILKJA5RABY80xqnZk5cieAF0DyMJNP5SAeQSFv2IdK1FgXv/1+v3CwAP8TMuBR4Cu3x/qSpPvf7AfhKClFbbpj7CTCUezZeEDhZ6lvUUuIpLiJte0Gv2Aew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uUEonI82EmDhnjoUm3kfT18UbhTpOT2nksAcbviCf7Q=; b=aQET2pp3uemV1zGmgN4xkf4vVcB/GNIMFESSnVQ8oH1oTOSRsEZRP1PeMnPxwpwiR6uELxY2BvUfpv6jClZDrkl0ib0mXvcEKQ8KlB3jeuUVCRzZ8b5RjjsR50mLWX68mNxU//yEBmSOS67B7lsST8ufDnl4R4AfhpzVSq92Jsw3eI94/imqCtgL5GjbVWHFJxB6tQ0FCQLvCV+ZwS36q14U/yZ55qQ5brpVpTCIYipVJXFRxYViZ30XHdSRZz7r0IXFAmCNz051pPJCkUSiXwc3gB6U8A7fYvad0o+ZNR+lwLDTx59pujoTW34Nnz1adi2WdMTh3e0Nry76tv4Gog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uUEonI82EmDhnjoUm3kfT18UbhTpOT2nksAcbviCf7Q=; b=t2jBLsht4aP6S3U9ddLn94eyqQhRlH5Y92wfAh7Wb/+CCPHJ8Jo+9eRNMdIYVykhJY5dDigF+GdemaHqSa+z24WBWG9DMIh8llGVyTJjNNEQ3zc3yqtTPLzj5DnEwMlnTVyWHudmU1xXVdGn7Mby809KLOsflwoJ4OY+FwxDlCI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 25/26] libxl/arm: add and validate Realm guest support Date: Fri, 15 May 2026 13:08:11 +0900 Message-ID: <20260515040812.983626-26-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYWPR01CA0030.jpnprd01.prod.outlook.com (2603:1096:400:aa::17) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: 951d4835-653b-4b40-954d-08deb237a440 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: xyVH9c1JnYSO8Iq457ifJbqmB9wu/Ow82h3fCkxDUhQnx4XaNu3xFC4EEMars0sNMlB43ljs72aEdjhwPxbug3tWPjGyRFXdyRqe0sjQ29jEJuGVm4tu7tpEkz+cpDFVpQdGYC8iqrKbWu/nnGB+S6NsTkXJdUbf8rKFFatwedSZE1P8UsL0dKgTIia3UFZvWHVDFGmurZiloztiHsOuwrLgv2lMaH/EnH8Ganne9SOYxYXj1nhaFHykPGT4svG8JZuMZSif6qGI4RvSDntiyPGgE+hMUqMDUbsRodSeyrODa+I8mRslMVCkv/sA86gN5zqphHwvUnSbIiJxX/tx4/HT51mhW7gVXQqIyZYgJ5WGKBywqlbbz5byuj9hhrv4nK4/bS8pewT3a4r0aOrMO5wkoITfXWucX6WS5iQmGagv+xlYl9LgbOsyjoSoKW/KRDYS6iyb27efNEW3amzlcLC1ga0MYWjy+dOQZJR73/AnqxEAQttJxph6mzfNkXdcxduMOfYoHN4w29XKH0JOI2+vAubexFAevdqnktXkMvjTbMkXtBcNgzbZalAlKoVgjfrKiBJo0IvzWg34AA2iZ09tRitBplvr9nK41D18YWnbQV81+/MUX48PvDsGtk/a1WOGANskXdAUcxdjajYvrVna3kbzvq2HdX2kfoNt1ebkG+/2nF7Y0FKH6gLD3TrXDgc5o6fCptQ/MTGqoBFFBQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?a6M73JlCkqorr190fg7qoJy+9ouidG5qvLfQPRyF5ABjhap60jc3Arq0/CWP?= =?us-ascii?Q?UrYdtt9w0FTcYmcrWNkRARFdUdwEFTiWr2ADpvE+Lo4t06zkGOOGLR1WLUy3?= =?us-ascii?Q?IQPESn5Eco4/pRk1/bX97eZgRq9kToO0OcNpl6EUFzJxBQ3fwZOauHrcj3y7?= =?us-ascii?Q?nxtG/r2tJQCxqVUCxrO1/MF+AXEMX36Zb3heHDVjrWepxXIrJtENnnQg/hzS?= =?us-ascii?Q?MByWTPw7AJmB2by4XE2whrB2oFOyfjdJKpTRRHjZZEA99zvi7dx1CV169Iwq?= =?us-ascii?Q?Gs6AJBWs+on45cis5xc/eKuHgzLvxomxkfZsjtpmYzc4QeHMPzvk9iM37pYX?= =?us-ascii?Q?/iD6Nrnc+CHGynNcIfKP8kSMTOT3144hE2/crTgEoDP733k/1yN/kbDIlX/y?= =?us-ascii?Q?wL+YP297NsQZ8Os+lfmlAYM9hsdKgAM4wBKXxOISfpKTOBpbRZaDoK3QGz8Z?= =?us-ascii?Q?0kSGMDWVKgqAYrgL/8ulLhIr9MELZgmLu/I4id6vNrTJ4Tuo6FGIU/tp6kEy?= =?us-ascii?Q?Q74GUWQKcJJpnsmNytT0Mbr7JnTGVo5s6PnR9NNDUeHdMTLh6CWr8HY4Ba1c?= =?us-ascii?Q?aliJSOhFL8vM2QMyw5J2E2duG8Fr4f6jzKErlDqFvJGksKAuwnUmfu+cuGv2?= =?us-ascii?Q?OLmRVJorPd5/YtLSef/aGbT5YpY4LiCGHyAe/r5HZ1qqkFaWawtPs8oh+wk1?= =?us-ascii?Q?CAbJDzeQ6v7CnFQri2W5qvBgTBaFG0RCBTZWWO/bSKToFZQBqjSXRzdohTTs?= =?us-ascii?Q?WH5G8AE4HI1mWSrIVgV5QiZZzuhJ096WsTEMbMBo7Phn3YDIdTWQ3ispyrQ7?= =?us-ascii?Q?6W4kmsQM7jHAkSFSeSvTieXbFc4Vrcl4shRYJnQS5wPj5CiaoivhS3qRpP0k?= =?us-ascii?Q?r5uNWDKCZbw9UL2Hsxnogxz+mhFuuh7THicgDZXGWTI9auSqiAGu2FePtKpv?= =?us-ascii?Q?o8tH1v/UXhsYMdVh7Din7wb7Gzjc8AmA+Pdl7R+ESlb938Ri3VpBE3cNMY1T?= =?us-ascii?Q?yfZ+qOwGB1S1LZaOwyheJrxyWZZuTQGm3VeCEvfRKJMWrQ2Ti5u1IIoj3QCd?= =?us-ascii?Q?YueuJdm5zfMrGauuMohAEzEc/oHsffOmWJGqy0v1D6HFyWQwdlGQtQ/IKlQP?= =?us-ascii?Q?vDjFQwIafO85OOUXRrrhKmEkJJakvJiSLvxjVsb5IRP4NexG/e0siXfZPKi4?= =?us-ascii?Q?aeekDWTdF1V93/DjP0jA8i5oIjfP3G51X/ZpHcL/sM6DV/+295IQXnN36N9Z?= =?us-ascii?Q?ougokPWCLr34n6/CC9jsV0RoGJ8aCEA7gGgoog//v2yOi9+FCK/clAgHgDZr?= =?us-ascii?Q?YXUpGDbyx28V+Af8wD0hOyXQANvaxMOxLFy2lmrR9cfBopqV4OnLX4P1jA6x?= =?us-ascii?Q?EQaBsc5KFun1OPuPhDtzse/LArGgh25DS7C+uFSJQuk5Ln/YTDS9+MHa/D3Z?= =?us-ascii?Q?f+cU8qch5JOHqnHMLomhXvPejyQcNKXcLo7p49SxScoI8QwETxTlMnkKENKM?= =?us-ascii?Q?qZDNsj+xPoSTAC/T2tiXgnIXWQg4sVFx1vi116SqLu7gKLxXHDk4WqnYVmbf?= =?us-ascii?Q?jh7M2veGWuXMpTlJwlm/WHLjtx81bralKirigGtAbQ+KcUJ6rLE5lQK9AidA?= =?us-ascii?Q?psPZ6PhWA+iCgT4wfzapu3q7I+tXM6xiO+T7jkFbMgf4YB4+4t+paceczkSS?= =?us-ascii?Q?2PSRkamP03m6pDmN/RpXf4RK2hr+q/mRInv+W7sZ0IwACWOK6viy9YUCQynW?= =?us-ascii?Q?6t5fWfowutGYqabdPalgqwwZWSgw5kG0RcMmW/exEdK/S7BvLFNz?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 951d4835-653b-4b40-954d-08deb237a440 X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:38.2658 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5b2FR7uXDT2eB2WNVwsnnYxYGQxWxOEYCngAVlM2urrUSxeM/QOoDpk2dhgnOj/49/5dGmkuzqetReOd6nfnJg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818129-E2997443-C02D1EAF/0/0 X-purgate-type: clean X-purgate-size: 12215 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818330428158500 Content-Type: text/plain; charset="utf-8" Add realm=3Dtrue for Arm guests, reject unsupported combinations, and call the CCA finalization domctl after the guest is built. Signed-off-by: Koichiro Den --- docs/man/xl.cfg.5.pod.in | 46 +++++++++- tools/include/libxl.h | 5 ++ tools/libs/light/libxl_arm.c | 140 ++++++++++++++++++++++++++----- tools/libs/light/libxl_create.c | 2 + tools/libs/light/libxl_types.idl | 1 + tools/xl/xl_parse.c | 2 + 6 files changed, 173 insertions(+), 23 deletions(-) diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index 2f77016ecfae..7ca7dba4d29d 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -1704,6 +1704,47 @@ i.e. enable grants if backend-domid !=3D 0. =20 =3Dback =20 +=3Ditem B + +B Create the guest as an Arm CCA Realm guest. + +Realm guests use the Arm PVH guest model and currently support only a +minimal configuration: + +=3Dover 4 + +=3Ditem * + +type=3DEpvhE + +=3Ditem * + +guest RAM fully contained within the first guest RAM bank + +=3Ditem * + +GICv3 only + +=3Ditem * + +Xen-generated device tree only + +=3Ditem * + +no passthrough, no virtio, no Xen grant or IOMMU exposure to the guest, +and no ACPI + +=3Dback + +When B, Realm DTBs set the PSCI method to B<"smc">. They do +not expose the Xen hypervisor node because this series does not provide +Xen PV interfaces for Realm guests. + +Realm guests may use B only when Xen was built with +B. This is a host-visible clear-text +debug console for Realm debug access, not a confidentiality-oriented guest +access path. + =3Ditem B =20 B Set TEE type for the guest. TEE is a Trusted Execution @@ -3096,6 +3137,10 @@ vuart =3D "sbsa_uart" =20 Currently, only the "sbsa_uart" model is supported for ARM. =20 +For Realm guests, B is supported with the same device +model only when B. The guest kernel = should +use C. + =3Dback =20 =3Dover 4 @@ -3249,4 +3294,3 @@ documentation. Patches to improve incomplete items (o= r any other item) are gratefully received on the xen-devel@lists.xenproject.org mailing list. Please see L for information on how to submit a patch to Xen. - diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 7c098edab663..9b9398401029 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -293,6 +293,11 @@ */ #define LIBXL_HAVE_BUILDINFO_ARM_GIC_VERSION 1 =20 +/* + * libxl_domain_build_info has the realm field. + */ +#define LIBXL_HAVE_BUILDINFO_ARM_REALM 1 + /* * libxl_domain_build_info has the arch_arm.tee field. */ diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c index 7e9f8a1bc366..fa13703bb98b 100644 --- a/tools/libs/light/libxl_arm.c +++ b/tools/libs/light/libxl_arm.c @@ -80,6 +80,70 @@ static const char *gicv_to_string(libxl_gic_version gic_= version) } } =20 +static bool arm_guest_is_realm(const libxl_domain_build_info *info) +{ + return libxl_defbool_val(info->realm); +} + +static int arm_realm_reject(libxl__gc *gc, const char *what) +{ + LOG(ERROR, "Realm guests do not support %s", what); + return ERROR_INVAL; +} + +static int arm_realm_check_config(libxl__gc *gc, + const libxl_domain_config *d_config) +{ + const libxl_domain_build_info *const info =3D &d_config->b_info; + const uint64_t bank0_memkb =3D GUEST_RAM0_SIZE >> 10; + + if ( !arm_guest_is_realm(info) ) + return 0; + + if ( info->type !=3D LIBXL_DOMAIN_TYPE_PVH ) + return arm_realm_reject(gc, "non-PVH build types"); + + if ( info->target_memkb > bank0_memkb || info->max_memkb > bank0_memkb= ) + return arm_realm_reject(gc, "guest RAM beyond the first RAM bank"); + + if ( info->device_tree ) + return arm_realm_reject(gc, "partial device trees"); + + if ( libxl_defbool_val(info->acpi) ) + return arm_realm_reject(gc, "ACPI"); + + if ( info->arch_arm.gic_version !=3D LIBXL_GIC_VERSION_V3 ) + return arm_realm_reject(gc, "non-GICv3 interrupt controllers"); + + if ( info->tee !=3D LIBXL_TEE_TYPE_NONE ) + return arm_realm_reject(gc, "TEE/FF-A plumbing"); + + if ( info->num_irqs || info->num_iomem ) + return arm_realm_reject(gc, "IRQ/IOMEM passthrough"); + + if ( info->num_vnuma_nodes ) + return arm_realm_reject(gc, "vNUMA"); + + if ( d_config->c_info.passthrough !=3D LIBXL_PASSTHROUGH_DISABLED ) + return arm_realm_reject(gc, "passthrough mode"); + + if ( d_config->num_pcidevs || d_config->num_dtdevs ) + return arm_realm_reject(gc, "passthrough devices"); + + if ( d_config->num_disks || d_config->num_nics || + d_config->num_virtios || d_config->num_vkbs || + d_config->num_p9s || d_config->num_pvcallsifs ) + return arm_realm_reject(gc, "frontend/backend devices"); + + if ( d_config->num_vtpms || d_config->num_vfbs || + d_config->num_vdispls || d_config->num_vsnds || + d_config->num_channels || d_config->num_usbctrls || + d_config->num_usbdevs ) + return arm_realm_reject(gc, "auxiliary frontend devices"); + + return 0; +} + int libxl__arch_domain_prepare_config(libxl__gc *gc, libxl_domain_config *d_config, struct xen_domctl_createdomain *conf= ig) @@ -92,6 +156,10 @@ int libxl__arch_domain_prepare_config(libxl__gc *gc, uint32_t virtio_mmio_irq =3D GUEST_VIRTIO_MMIO_SPI_FIRST; int rc; =20 + rc =3D arm_realm_check_config(gc, d_config); + if ( rc ) + return rc; + /* * If pl011 vuart is enabled then increment the nr_spis to allow alloc= ation * of SPI VIRQ for pl011. @@ -617,7 +685,7 @@ static int make_cpus_node(libxl__gc *gc, void *fdt, int= nr_cpus, return 0; } =20 -static int make_psci_node(libxl__gc *gc, void *fdt) +static int make_psci_node(libxl__gc *gc, void *fdt, bool realm) { int res; =20 @@ -628,7 +696,7 @@ static int make_psci_node(libxl__gc *gc, void *fdt) "arm,psci-0.2", "arm,psci"); if (res) return res; =20 - res =3D fdt_property_string(fdt, "method", "hvc"); + res =3D fdt_property_string(fdt, "method", realm ? "smc" : "hvc"); if (res) return res; =20 res =3D fdt_property_cell(fdt, "cpu_off", PSCI_cpu_off); @@ -1363,7 +1431,7 @@ next_resize: FDT( make_root_properties(gc, vers, fdt) ); FDT( make_chosen_node(gc, fdt, !!dom->modules[0].blob, state, info= ) ); FDT( make_cpus_node(gc, fdt, info->max_vcpus, ainfo) ); - FDT( make_psci_node(gc, fdt) ); + FDT( make_psci_node(gc, fdt, arm_guest_is_realm(info)) ); =20 FDT( make_memory_nodes(gc, fdt, dom) ); =20 @@ -1384,7 +1452,13 @@ next_resize: } =20 FDT( make_timer_node(gc, fdt, ainfo, state->clock_frequency) ); - FDT( make_hypervisor_node(gc, fdt, vers) ); + /* + * Common domain creation may still allocate grant-table resources, + * but this is the guest-visible path to them. Realm guests + * deliberately omit Xen PV interfaces, including grant-table spac= e. + */ + if (!arm_guest_is_realm(info)) + FDT( make_hypervisor_node(gc, fdt, vers) ); =20 if (info->arch_arm.vuart =3D=3D LIBXL_VUART_TYPE_SBSA_UART) FDT( make_vpl011_uart_node(gc, fdt, ainfo, dom) ); @@ -1427,7 +1501,7 @@ next_resize: * The iommu node should be created only once for all virtio-mmio * devices. */ - if (iommu_needed) + if (iommu_needed && !arm_guest_is_realm(info)) FDT( make_xen_iommu_node(gc, fdt) ); =20 if (pfdt) @@ -1559,6 +1633,9 @@ static int finalize_hypervisor_node(libxl__gc *gc, libxl_dominfo info; int offset, rc; =20 + if ( arm_guest_is_realm(b_info) ) + return 0; + offset =3D fdt_path_offset(fdt, "/hypervisor"); if (offset < 0) return offset; @@ -1732,31 +1809,50 @@ int libxl__arch_domain_finalise_hw_description(libx= l__gc *gc, return 0; } =20 +static int arm_realm_finalize_guest(libxl__gc *gc, struct xc_dom_image *do= m) +{ + int rc; + + if (dom->rambank_size[1] !=3D 0) { + LOG(ERROR, "Realm guests must fit entirely within the first RAM ba= nk"); + return ERROR_INVAL; + } + + rc =3D xc_arm_cca_init_realm(CTX->xch, dom->guest_domid, + GUEST_RAM_BASE >> XC_PAGE_SHIFT, + dom->rambank_size[0]); + if (rc < 0) { + LOGE(ERROR, "xc_arm_cca_init_realm failed"); + return ERROR_FAIL; + } + + return 0; +} + int libxl__arch_build_dom_finish(libxl__gc *gc, libxl_domain_build_info *info, struct xc_dom_image *dom, libxl__domain_build_state *state) { - int rc =3D 0, ret; - - if (info->arch_arm.vuart !=3D LIBXL_VUART_TYPE_SBSA_UART) { - rc =3D 0; - goto out; + int ret; + + if (info->arch_arm.vuart =3D=3D LIBXL_VUART_TYPE_SBSA_UART) { + ret =3D xc_dom_vuart_init(CTX->xch, + XEN_DOMCTL_VUART_TYPE_VPL011, + dom->guest_domid, + dom->console_domid, + dom->vuart_gfn, + &state->vuart_port); + if (ret < 0) { + LOG(ERROR, "xc_dom_vuart_init failed\n"); + return ERROR_FAIL; + } } =20 - ret =3D xc_dom_vuart_init(CTX->xch, - XEN_DOMCTL_VUART_TYPE_VPL011, - dom->guest_domid, - dom->console_domid, - dom->vuart_gfn, - &state->vuart_port); - if (ret < 0) { - rc =3D ERROR_FAIL; - LOG(ERROR, "xc_dom_vuart_init failed\n"); - } + if (arm_guest_is_realm(info)) + return arm_realm_finalize_guest(gc, dom); =20 -out: - return rc; + return 0; } =20 int libxl__arch_vnuma_build_vmemrange(libxl__gc *gc, diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_creat= e.c index bfc9149096a3..1401697ab1d4 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -407,6 +407,8 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, libxl_defbool_setdefault(&b_info->nested_hvm, false); } =20 + libxl_defbool_setdefault(&b_info->realm, false); + if (b_info->max_grant_version =3D=3D LIBXL_MAX_GRANT_DEFAULT) { if (info.cap_gnttab_v2) b_info->max_grant_version =3D 2; diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_type= s.idl index a7893460f013..d2fa3535ab18 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -657,6 +657,7 @@ libxl_domain_build_info =3D Struct("domain_build_info",[ ("apic", libxl_defbool), ("dm_restrict", libxl_defbool), ("tee", libxl_tee_type), + ("realm", libxl_defbool), ("u", KeyedUnion(None, libxl_domain_type, "type", [("hvm", Struct(None, [("firmware", string), ("bios", libxl_bios_typ= e), diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 48c72dce9c6d..742c203a0326 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -3058,6 +3058,8 @@ skip_usbdev: } } =20 + xlu_cfg_get_defbool(config, "realm", &b_info->realm, 0); + if (!xlu_cfg_get_string (config, "sve", &buf, 1)) { e =3D libxl_sve_type_from_string(buf, &b_info->arch_arm.sve_vl); if (e) { --=20 2.51.0 From nobody Sat May 30 11:16:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=fail (Bad Signature); dmarc=pass(p=none dis=none) header.from=valinux.co.jp Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1778818328525137.14474968285174; Thu, 14 May 2026 21:12:08 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1309432.1580510 (Exim 4.92) (envelope-from ) id 1wNjtt-0001c4-VT; Fri, 15 May 2026 04:11:49 +0000 Received: by outflank-mailman (output) from mailman id 1309432.1580510; Fri, 15 May 2026 04:11:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtt-0001bm-Qd; Fri, 15 May 2026 04:11:49 +0000 Received: by outflank-mailman (input) for mailman id 1309432; Fri, 15 May 2026 04:11:47 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wNjtr-0001A8-Pz for xen-devel@lists.xenproject.org; Fri, 15 May 2026 04:11:47 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wNjtr-0052Iz-6G for xen-devel@lists.xenproject.org; Fri, 15 May 2026 06:11:47 +0200 Received: from [10.42.69.5] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a069cda-e002-0a2a0a5209dd-0a2a4505a2ee-22 for ; Fri, 15 May 2026 06:11:47 +0200 Received: from [52.101.125.85] (helo=TYVP286CU001.outbound.protection.outlook.com) by tlsNG-c201ff.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 6a069c47-aaa8-0a2a45050019-34657d55753b-8 for ; Fri, 15 May 2026 06:08:46 +0200 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) by TYCP286MB3682.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9913.12; Fri, 15 May 2026 04:08:39 +0000 Received: from TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32]) by TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM ([fe80::2305:327c:28ec:9b32%5]) with mapi id 15.20.9846.025; Fri, 15 May 2026 04:08:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=valinux.co.jp header.i="@valinux.co.jp" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=csRRytBgoUiTNTiGYAWfRvR038K87mpAVDc1ToAnhFL/4PRstmBF1oSwr0rGUBDgj+5kQ2t+sOliElPlg2B31xfhU6ZUKFmoexColqKyfnYZorqK1mcSccwUSgyfAKl/jCrsBAXsDwGNYIodOGsUh6co3RLZoDfdCibJ2c5KiDkUK97bihHGWn9lMVTCKKAN1JHXHXbzF5rc8smiTXf32CeVjBpsVhNBrlwF3wUrc/mG3n5dw1d7d3aqsfDXV4XgU0uWuXIxcsjUf4by4UQXMd7xCGRmRbuwLyCdr4wINvaPyR12G3cEIGc53LqhR7xmPC1SqadM+HDVEg1jF4MhlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RPhd/zOT+Y6mzSTQOAaKE/lOmvaSbNYRD4sELEkar04=; b=GoLx3Bim8gBqVZhpHe2XXSE0zlTspOgiBoYZLXy9RKB0AHUaKCf1p8pLZZAxhy0IvelX7it+wYabXB9fufRGic8avukbSn+x/RZ7D1T3e5y9O6Arl7QaS2dovdGpQVpLKvnifioKt0zib+VTsP3t3LSjJpN9MxLNC72VZLhBug4C5do3jbKkd03qRqqf+Q9bEJcwG3sIMhPlvVzDZIb9OwXT3HEQfh5+YmzEcIfcDXAKw6dzfVZw4BvW7pTBkLTZW7Y98gbne0PXclN2g9XQIW4cAoIc117blM9+cXWwrt9QqNZ+jrEZMhyPeuDNJzWH30VSbIB76q1Q1qq5bKYyxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=valinux.co.jp; dmarc=pass action=none header.from=valinux.co.jp; dkim=pass header.d=valinux.co.jp; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valinux.co.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RPhd/zOT+Y6mzSTQOAaKE/lOmvaSbNYRD4sELEkar04=; b=jA92sWMZwZvPzmmMQvhDvVPHZ491YctGlVZNjZFPsR1LkZtbHrE/zuDCQcx5p/8HGPhok4X9/ZG01WROQVQHjh6j6gbsBNISSnILdLo5IsRn70hXiwtFB+0tC5Dm0sGjj7kgkf3BN1+u1Thp/vH0MeJ2rdUjG30uIcsPEAF1g0U= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=valinux.co.jp; From: Koichiro Den To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , "Daniel P. Smith" , Juergen Gross , Bertrand Marquis , Volodymyr Babchuk Subject: [RFC PATCH v1 26/26] docs: arm: add an Arm CCA Realm guest guide Date: Fri, 15 May 2026 13:08:12 +0900 Message-ID: <20260515040812.983626-27-den@valinux.co.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260515040812.983626-1-den@valinux.co.jp> References: <20260515040812.983626-1-den@valinux.co.jp> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: TYWPR01CA0022.jpnprd01.prod.outlook.com (2603:1096:400:aa::9) To TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:38f::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TY7P286MB7722:EE_|TYCP286MB3682:EE_ X-MS-Office365-Filtering-Correlation-Id: 4f853f27-7630-47c1-8aaa-08deb237a4bf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|366016|376014|7416014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: iG8bhiNBf3L8V91D6ZjRADtT05IP3NeIAIxnrwgEgThks037t9/K0NWSIvIkwYIMdxKUPblV+RCYcjUqDXW/mS6Br0Sn0JiKr5gdNjLTvrrhz+smyV/xkIlsl66IE42sanTvwQQ1pDFisboRRm63GmT6cRWpsj8PC5q0V+c3APTsxp8lVB6gGtOnyY5b0aAxqA46Zf2HjYkYu3M8NupKk0GiEmglngnuD8Y33RiaVT7mEl0ZNKVP0zyOGcpWDryKIaS3wIAasHCbBT76As4QowBy7f1D/DDoX82xlLF6hejB1QRvEOp5bNUHMYB7ljCdb+ZCFo1ue0B45ZMN82WC0+C3rW1S0FBB2Yt6bt+CGnIlHq/veZB0/wo38LoB4m6sczAjxFrzP6CwKHfOfyeOW1wPwgdg3dULR5mUBgwI9jhWRxRUEmMS+9gv5o5BmU9CDGzSkhTH03mDjFXW4OU+KLMhX1N4kyqgoStDU5EnSgGTzOJi2BcEXcfPXFyRKgOzb9bBlnjoH85LK7lolFD0x7N94N9d6zWwzKzFkmXVslXSNG/iSFxFhmag8Lzqeq/yIhlCX3+lVphHahYOY9Nw22yRheDrcxGEChEKsDCiWzQLpO1hV1ICvILnVmfCMNwwMTJCF12s104tg4kr00N488GaHn8B34+fG98W2l7oERB25v9uvHHKcKi2IPCLFVzv X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(366016)(376014)(7416014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?+cJcZPgjEmq59e9SLGOzXici+gJsDcvJRdrWGxJt6Qd31+BTNcKaVRuolP7D?= =?us-ascii?Q?Ndw7DdpT5auWAD7MBEjttse3rEqyDkA31DhHuX6qKvU7/uFsv66u70SgTXxA?= =?us-ascii?Q?Avn47i01nOsWEB2k9zdRaJCpBa/LVQRVDZp7ixtnsvuJzwJmBe9G3W/cPwZk?= =?us-ascii?Q?zPJes4mSvKnm09u0qr5mg4vOaXAdfVv9MVeA7eJbxC8pyPoEzQYFADw7edTi?= =?us-ascii?Q?MgXksWbbmGNFPbCEYIjSmfOd8sPWbAK53hqvkimj1cEeDGxTJPUHnjr80e/k?= =?us-ascii?Q?R2wxBsUUlCsMlRIQjdBuNcRpqqLzcduAm8oyOrawJaabpNecwLlzIMjJd+aR?= =?us-ascii?Q?/YNz9LF3oiJjLTqmVUutYOnTQZYQ6vcCLvFSvit3c6VJ3FaiuZvJFvlv4fQB?= =?us-ascii?Q?1useXdN6P1I+SGUNXlCs/r0KXVl8SGFlPWdh6lXJV1EJsnVp0biTg/lbbTH6?= =?us-ascii?Q?PTMkp/Q9u6LLWmOEfiU1KhoAUPuZa5bECGkwi3+V1szxf7frKR5TnIoPu3ig?= =?us-ascii?Q?IugdqaG5GfUV1FnKPG3EKBDXTGeiAuI9mAesXazQthnqhISj/VV5H5X8NJFj?= =?us-ascii?Q?oe0u4fhiM7mFsbGr/HyJi+XP9wNXWOC2+pgs/3gGbBqp7G8aVfwj/mgJWhsT?= =?us-ascii?Q?XsV4WO3T9kn4dClRdJCcjqlXxcRyhLVsJvNKaqWHSzrhunJJmO2XSS2SaDb4?= =?us-ascii?Q?6XNPrzRTwvTJAQ/aPiJ1SQpOeSOoaPhYtZ/P8lVpdIC3qvQQl/V1aXmF7XuI?= =?us-ascii?Q?BznPcOR9Sq4BzRKmEAO+oAWgTdH78Gx2pKXlbRb7FbQpqXpBhFHHEPEtCvZ7?= =?us-ascii?Q?UeQVXo2f7t99JOX+JbI6g0yTkcaUiBH9Y6WxgdheJyIlu/WIXK5ErCqTavg5?= =?us-ascii?Q?3dJCYvdktLYagDJFjBKrt4mEWMsH9nVB3GeEeBMnSbkM9ZUKQJ+ODY29Po2A?= =?us-ascii?Q?K6f9oVq/sBcC1zr0PZQCC5hu1HT9QXadn3DwNwVCkuS76C2PST5c75TR9jN2?= =?us-ascii?Q?hMt7lrBuRRpadZWJAzy9p76icSdu4c9kUXKFpWN+kVtvjncBsnKJ9pUJ9Zgm?= =?us-ascii?Q?FyFArrCVacA7iS31fnWH2av7Y50GmQSs6PePfeB+Txyc6N7ipKBPcGk48EX9?= =?us-ascii?Q?oNr1hz4CKghCFCt9U4eIxrWI14v0pTuo5SI9X4JlCr0E5f3YN2z4Qr/KF5/L?= =?us-ascii?Q?ZSef8o6TTHYCSHcw/jsBKF9OaCAa29DDEHi2xCj757ySUlp9f7ezJzivdsCC?= =?us-ascii?Q?jJ6GZK0glNoPHaPF8+WRj9nazDn/7PjEyqOAMz94UGG3QH5GR1KNfevKcWqj?= =?us-ascii?Q?f9BLtwZpVlrrgKRc/SEpsno3SolOoo5RV+0XZ9wf4VZea53CMJEffPfNcgq+?= =?us-ascii?Q?b+oaYAxS/2P5DZJb29ZzQ9kSiGfi6M9KG9zfKsbYo80m5WRnY0PshHJauFXI?= =?us-ascii?Q?YpQmTcI3qpHh4B1YcFgi/C4l1J3bA/KxeA3Pzpq/Y1oO+pWBUl8Eyj99A84t?= =?us-ascii?Q?JRib/ResCZa1UjaODlrqrSpApLUN4FP/x4e8xNXA//XIsckBqe8E7DQfSI1C?= =?us-ascii?Q?m5bJ+3XgYVdTiG75b7dzT9z+A5nl78UbJYhl/mDUSiR6YgOrNJfKu8PG7xGJ?= =?us-ascii?Q?LzB6/05j0zcJUz59qaJ8WSKAi6/opkljyuJHpJIdAZEGbKFu0XwO2zUr47Tf?= =?us-ascii?Q?Y3+K9Ht1V8cRhw57NRCqSgRRMRlvdcjXTrnDkKOg2gxKJmOB+eMbz9ngYm7m?= =?us-ascii?Q?EOkCtAR68DoVEgdOv86he2kkunFAKhbBW+RlrWXpheRSQIoeIXap?= X-OriginatorOrg: valinux.co.jp X-MS-Exchange-CrossTenant-Network-Message-Id: 4f853f27-7630-47c1-8aaa-08deb237a4bf X-MS-Exchange-CrossTenant-AuthSource: TY7P286MB7722.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2026 04:08:39.0799 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 7a57bee8-f73d-4c5f-a4f7-d72c91c8c111 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Dl9+tJWufWZGF17Cg5QgYTJS8Us9TpfUQYut/AxzExUGFiCwHRlgcdZumL7OfD5i4IugtkhIS3zXtrzGt4Fm7A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3682 X-purgate-ID: tlsNG-c201ff/1778818126-DAD6F443-8A34C642/0/0 X-purgate-type: clean X-purgate-size: 4119 X-ZohoMail-DKIM: pass (identity @valinux.co.jp) X-ZM-MESSAGEID: 1778818330370158500 Content-Type: text/plain; charset="utf-8" Document the Realm guest model, the current build/runtime flow, and the limits deliberately left outside this implementation. Signed-off-by: Koichiro Den --- docs/hypervisor-guide/arm/cca-realm.rst | 83 +++++++++++++++++++++++++ docs/hypervisor-guide/arm/index.rst | 1 + 2 files changed, 84 insertions(+) create mode 100644 docs/hypervisor-guide/arm/cca-realm.rst diff --git a/docs/hypervisor-guide/arm/cca-realm.rst b/docs/hypervisor-guid= e/arm/cca-realm.rst new file mode 100644 index 000000000000..9a0a63220bfb --- /dev/null +++ b/docs/hypervisor-guide/arm/cca-realm.rst @@ -0,0 +1,83 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Arm CCA Realm support +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Overview +=3D=3D=3D=3D=3D=3D=3D=3D + +Xen can create Arm CCA Realm guests and run their vCPUs with +``RMI_REC_ENTER``. + +The initial support implements the DEN0137 2.0-bet1 Realm lifecycle: Xen +creates the RD and RTTs, initializes RIPAS, populates measured DATA granul= es, +creates RECs, and activates the Realm. + +Guest creation model +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Realm guest creation is exposed through ``libxl`` with ``realm=3Dtrue``. + +Realm guests are currently restricted to: + +* 64-bit Arm PVH +* GICv3 +* a Xen-generated device tree +* guest RAM fully contained within the first guest RAM bank + +When ``realm=3Dtrue`` is selected, Realm DTBs set the PSCI method to ``"sm= c"`` +and do not include the Xen hypervisor node, because Xen PV interfaces are = not +exposed to Realm guests. The only supported virtual console is +``vuart=3D"sbsa_uart"``. + +This VUART is a host-visible clear-text debug channel. It is accepted only= when +``CONFIG_ARM_CCA_REALM_DEBUG_VUART=3Dy`` and is not suitable for +confidentiality-oriented Realm deployments. + +Runtime model +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Each Realm vCPU has a REC and a ``RecRun`` buffer shared between Xen and t= he +RMM in non-secure memory. Xen enters the Realm with ``RMI_REC_ENTER``. On +return, the RMM provides an ``RmiRecExit`` describing why the REC stopped. + +Before handling an exit, Xen synchronizes the Realm-side vGIC and timer st= ate +needed by the host model. The current path handles the exits needed by this +series: host interrupt returns, emulatable MMIO, a small GICv3 sysreg subs= et, +``WFI/WFE``, PSCI, and RIPAS changes. Other exits are treated as unsupport= ed. + +Current implementation notes +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D + +* Initial Realm RAM population currently measures all populated DATA + granules. There is no separate interface for passing measured ranges + from the toolstack. + +* Xen tracks up to 64 accepted donation pages for one memory-transferring + SRO. This is a Xen implementation cap, not an RMI limit. + +* Xen checks that host RAM is fine-tracked conventional memory and ensures + GPT L1s exist before it creates Realms. + +Known limitations +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The initial support is small in scope. + +* No Dom0less Realm launch at Xen boot +* No Xen PV, grant-table based, or virtio device exposure to Realm guests +* No passthrough or Realm device assignment, including VDEV/VSMMU handling +* No ACPI support +* No Multi-Plane Realms or S2AP change exits +* No Realm LPA2, SVE, or PMU support +* Fixed Live Firmware Activation policy, ``RMI_LFA_DISALLOW`` +* Shared MEC policy only +* Fixed zero Realm Personalization Value +* No non-4KB RMI granule or non-1GB tracking-region configuration support +* No Realm shared-memory mappings via + ``RMI_RTT_UNPROT_MAP`` / ``RMI_RTT_UNPROT_UNMAP`` +* No ``RMI_EXIT_HOST_CALL`` handling +* No hardware-backed vIRQ deactivation in the ``ICC_DIR_EL1`` emulation pa= th + +This document should be updated as the Xen/Arm Realm feature set expands. diff --git a/docs/hypervisor-guide/arm/index.rst b/docs/hypervisor-guide/ar= m/index.rst index 7aae4a0a0301..feac2b4230c3 100644 --- a/docs/hypervisor-guide/arm/index.rst +++ b/docs/hypervisor-guide/arm/index.rst @@ -6,4 +6,5 @@ ARM .. toctree:: :maxdepth: 2 =20 + cca-realm firmware/arm-scmi --=20 2.51.0