[PATCH OLK-6.6 00/26] arm64: Support for running as guest in Arm CCA

20 Jun 2025

      This series adds support for running Linux in a protected VM under the
Arm Confidential Compute Architecture (CCA).

To support CCA guest, we do things as follow:
1. Revert some virtcca patches to reduce conflicts
2. Backport pkvm guest series patches to support memory encrypt api.
3. Backport virt coco to support tsm report
4. Backport CCA guest patches
5. Backport jump label patches to fix data abort when adding modules
6. Add log to notify rodata=full
7. Recover virtcca

Cai Xinchen (2):
  Revert "virtcca feature : disable swiotlb for passthrough device"
  Revert "gicv3: add lpi support for cvm guest"

Dan Williams (3):
  virt: coco: Add a coco/Makefile and coco/Kconfig
  configfs-tsm: Introduce a shared ABI for attestation reports
  mm/slab: Add __free() support for kvfree

Helge Deller (1):
  parisc: Delay write-protection until mark_rodata_ro() call

Peter Zijlstra (1):
  jump_label,module: Don't alloc static_key_mod for __ro_after_init keys

Sami Mujawar (1):
  virt: arm-cca-guest: TSM_REPORT support for realms

Steven Price (7):
  arm64: realm: Query IPA size from the RMM
  arm64: Enforce bounce buffers for realm DMA
  arm64: mm: Avoid TLBI when marking pages as valid
  arm64: Document Arm Confidential Compute
  irqchip/gic-v3-its: Share ITS tables with a non-trusted hypervisor
  irqchip/gic-v3-its: Fix over allocation in itt_alloc_pool()
  irqchip/gic-v3-its: Rely on genpool alignment

Suzuki K Poulose (7):
  arm64: rsi: Add RSI definitions
  arm64: Detect if in a realm and set RIPAS RAM
  arm64: rsi: Add support for checking whether an MMIO is protected
  arm64: rsi: Map unprotected MMIO as decrypted
  efi: arm64: Map Device with Prot Shared
  arm64: Enable memory encrypt for Realms
  arm64: realm: ioremap: Allow mapping memory as encrypted

Will Deacon (2):
  arm64: mm: Add top-level dispatcher for internal mem_encrypt API
  arm64: mm: Add confidential computing hook to ioremap_prot()

Yiwei Zhuang (1):
  rme: make sure realm guest map memory in page granularity

yxk (1):
  gicv3: add lpi support for virtcca cvm guest

 Documentation/ABI/testing/configfs-tsm        |  82 ++++
 Documentation/arch/arm64/arm-cca.rst          |  69 +++
 Documentation/arch/arm64/booting.rst          |   3 +
 Documentation/arch/arm64/index.rst            |   1 +
 MAINTAINERS                                   |   8 +
 arch/arm64/Kconfig                            |   4 +
 arch/arm64/include/asm/io.h                   |  12 +
 arch/arm64/include/asm/mem_encrypt.h          |  24 +
 arch/arm64/include/asm/pgtable-prot.h         |   4 +
 arch/arm64/include/asm/pgtable.h              |   5 +
 arch/arm64/include/asm/rsi.h                  |  68 +++
 arch/arm64/include/asm/rsi_cmds.h             | 160 +++++++
 arch/arm64/include/asm/rsi_smc.h              | 193 ++++++++
 arch/arm64/include/asm/set_memory.h           |   4 +
 arch/arm64/include/asm/virtcca_cvm_guest.h    |   8 +
 arch/arm64/kernel/Makefile                    |   2 +-
 arch/arm64/kernel/efi.c                       |  12 +-
 arch/arm64/kernel/rsi.c                       | 165 +++++++
 arch/arm64/kernel/setup.c                     |   3 +
 arch/arm64/kernel/virtcca_cvm_guest.c         |  24 +
 arch/arm64/mm/Makefile                        |   2 +-
 arch/arm64/mm/init.c                          |  10 +-
 arch/arm64/mm/ioremap.c                       |  23 +-
 arch/arm64/mm/mem_encrypt.c                   |  50 +++
 arch/arm64/mm/pageattr.c                      |  98 +++-
 arch/parisc/mm/init.c                         |  16 +-
 drivers/irqchip/irq-gic-v3-its.c              | 329 +++++---------
 drivers/virt/Kconfig                          |   8 +-
 drivers/virt/Makefile                         |   5 +-
 drivers/virt/coco/Kconfig                     |  18 +
 drivers/virt/coco/Makefile                    |  10 +
 drivers/virt/coco/arm-cca-guest/Kconfig       |  11 +
 drivers/virt/coco/arm-cca-guest/Makefile      |   2 +
 .../virt/coco/arm-cca-guest/arm-cca-guest.c   | 224 +++++++++
 drivers/virt/coco/tsm.c                       | 425 ++++++++++++++++++
 include/asm-generic/sections.h                |   5 +
 include/linux/jump_label.h                    |   3 +
 include/linux/slab.h                          |   2 +
 include/linux/tsm.h                           |  69 +++
 include/linux/virtcca_cvm_domain.h            |  10 +
 init/main.c                                   |   1 +
 kernel/jump_label.c                           |  53 +++
 42 files changed, 1990 insertions(+), 235 deletions(-)
 create mode 100644 Documentation/ABI/testing/configfs-tsm
 create mode 100644 Documentation/arch/arm64/arm-cca.rst
 create mode 100644 arch/arm64/include/asm/mem_encrypt.h
 create mode 100644 arch/arm64/include/asm/rsi.h
 create mode 100644 arch/arm64/include/asm/rsi_cmds.h
 create mode 100644 arch/arm64/include/asm/rsi_smc.h
 create mode 100644 arch/arm64/kernel/rsi.c
 create mode 100644 arch/arm64/mm/mem_encrypt.c
 create mode 100644 drivers/virt/coco/Kconfig
 create mode 100644 drivers/virt/coco/Makefile
 create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig
 create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile
 create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c
 create mode 100644 drivers/virt/coco/tsm.c
 create mode 100644 include/linux/tsm.h

-- 
2.18.0.huawei.25