Commit a06c3fad authored by Will Deacon's avatar Will Deacon
Browse files

drivers/virt: pkvm: Add initial support for running as a protected guest 



Implement a pKVM protected guest driver to probe the presence of pKVM
and determine the memory protection granule using the HYP_MEMINFO
hypercall.

Acked-by: default avatarMarc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20240830130150.8568-3-will@kernel.org


Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent 0ba5b4ba

Documentation/virt/kvm/arm/hypercalls.rst

+22 −0
Original line number Diff line number Diff line
@@ -44,3 +44,25 @@ Provides a discovery mechanism for other KVM/arm64 hypercalls. 
----------------------------------------



See ptp_kvm.rst



``ARM_SMCCC_KVM_FUNC_HYP_MEMINFO``

----------------------------------



Query the memory protection parameters for a pKVM protected virtual machine.



+---------------------+-------------------------------------------------------------+

| Presence:           | Optional; pKVM protected guests only.                       |

+---------------------+-------------------------------------------------------------+

| Calling convention: | HVC64                                                       |

+---------------------+----------+--------------------------------------------------+

| Function ID:        | (uint32) | 0xC6000002                                       |

+---------------------+----------+----+---------------------------------------------+

| Arguments:          | (uint64) | R1 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R2 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R3 | Reserved / Must be zero                     |

+---------------------+----------+----+---------------------------------------------+

| Return Values:      | (int64)  | R0 | ``INVALID_PARAMETER (-3)`` on error, else   |

|                     |          |    | memory protection granule in bytes          |

+---------------------+----------+----+---------------------------------------------+

arch/arm64/include/asm/hypervisor.h

+7 −0
Original line number Diff line number Diff line
@@ -7,8 +7,15 @@ 
void kvm_init_hyp_services(void);

bool kvm_arm_hyp_service_available(u32 func_id);



#ifdef CONFIG_ARM_PKVM_GUEST

void pkvm_init_hyp_services(void);

#else

static inline void pkvm_init_hyp_services(void) { };

#endif



static inline void kvm_arch_init_hyp_services(void)

{

	pkvm_init_hyp_services();

};



#endif

drivers/virt/coco/Kconfig

+2 −0
Original line number Diff line number Diff line
@@ -9,6 +9,8 @@ config TSM_REPORTS 


source "drivers/virt/coco/efi_secret/Kconfig"



source "drivers/virt/coco/pkvm-guest/Kconfig"



source "drivers/virt/coco/sev-guest/Kconfig"



source "drivers/virt/coco/tdx-guest/Kconfig"

drivers/virt/coco/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -4,5 +4,6 @@ 
#

obj-$(CONFIG_TSM_REPORTS)	+= tsm.o

obj-$(CONFIG_EFI_SECRET)	+= efi_secret/

obj-$(CONFIG_ARM_PKVM_GUEST)	+= pkvm-guest/

obj-$(CONFIG_SEV_GUEST)		+= sev-guest/

obj-$(CONFIG_INTEL_TDX_GUEST)	+= tdx-guest/

drivers/virt/coco/pkvm-guest/Kconfig

0 → 100644
+10 −0
Original line number Diff line number Diff line 
config ARM_PKVM_GUEST

	bool "Arm pKVM protected guest driver"

	depends on ARM64

	help

	  Protected guests running under the pKVM hypervisor on arm64

	  are isolated from the host and must issue hypercalls to enable

	  interaction with virtual devices. This driver implements

	  support for probing and issuing these hypercalls.



	  If unsure, say 'N'.