[RFC kvmtool 18/31] arm64: Populate initial realm contents
Suzuki K Poulose
suzuki.poulose at arm.com
Thu Mar 2 06:06:37 PST 2023
Hi Piotr
On 02/03/2023 14:03, Piotr Sawicki wrote:
> Hi,
>
>> From: Alexandru Elisei <alexandru.elisei at arm.com>
>>
>> Populate the realm memory with the initial contents, which include
>> the device tree blob, the kernel image, and initrd, if specified,
>> or the firmware image.
>>
>> Populating an image in the realm involves two steps:
>> a) Mark the IPA area as RAM - INIT_IPA_REALM
>> b) Load the contents into the IPA - POPULATE_REALM
>>
>> Wherever we know the actual size of an image in memory, we make
>> sure the "memory area" is initialised to RAM.
>> e.g., Linux kernel image size from the header which includes the bss etc.
>> The "file size" on disk for the Linux image is much smaller.
>> We mark the region of size Image.header.size as RAM (a), from the kernel
>> load address. And load the Image file into the memory (b) above.
>> At the moment we only detect the Arm64 Linux Image header format.
>>
>> Since we're already touching the code that copies the
>> initrd in guest memory, let's do a bit of cleaning and remove a
>> useless local variable.
>>
>> Signed-off-by: Alexandru Elisei <alexandru.elisei at arm.com>
>> [ Make sure the Linux kernel image area is marked as RAM ]
>> Signed-off-by: Suzuki K Poulose <suzuki.poulose at arm.com>
>> diff --git a/arm/kvm.c b/arm/kvm.c
>> index acb627b2..57c5b5f7 100644
>> --- a/arm/kvm.c
>> +++ b/arm/kvm.c
>> @@ -6,6 +6,7 @@
>> #include "kvm/fdt.h"
>> #include "arm-common/gic.h"
>> +#include <asm/realm.h>
>> #include <sys/resource.h>
>> @@ -167,6 +168,9 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm,
>> int fd_kernel, int fd_initrd,
>> pr_debug("Loaded kernel to 0x%llx (%llu bytes)",
>> kvm->arch.kern_guest_start, kvm->arch.kern_size);
>
>
> I've noticed that multiple calling of the measurement test from the
> kvm-unit-tests suite results in different Realm Initial Measurements,
> although the kernel image is always the same.
>
> After short investigation, I've found that the RIM starts being
> different while populating the last 4kB chunk of the kernel image.
> The issue occurs when the image size is not aligned to the page size (4kB).
>
> After zeroing the unused area of the last chunk, the measurements become
> repeatable.
>
That is a good point. We could memset() the remaining bits of the 4K
page to 0. I will make this change.
Suzuki
More information about the linux-arm-kernel
mailing list