Commit 3175e051 authored by Will Deacon's avatar Will Deacon
Browse files

Merge branch 'for-next/pkvm-guest' into for-next/core 

* for-next/pkvm-guest:
  arm64: smccc: Reserve block of KVM "vendor" services for pKVM hypercalls
  drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall
  arm64: mm: Add confidential computing hook to ioremap_prot()
  drivers/virt: pkvm: Hook up mem_encrypt API using pKVM hypercalls
  arm64: mm: Add top-level dispatcher for internal mem_encrypt API
  drivers/virt: pkvm: Add initial support for running as a protected guest
  firmware/smccc: Call arch-specific hook on discovering KVM services
parents 119e3eef 21be9f71

Documentation/virt/kvm/arm/hypercalls.rst

+98 −0
Original line number Diff line number Diff line
@@ -44,3 +44,101 @@ Provides a discovery mechanism for other KVM/arm64 hypercalls. 
----------------------------------------



See ptp_kvm.rst



``ARM_SMCCC_KVM_FUNC_HYP_MEMINFO``

----------------------------------



Query the memory protection parameters for a pKVM protected virtual machine.



+---------------------+-------------------------------------------------------------+

| Presence:           | Optional; pKVM protected guests only.                       |

+---------------------+-------------------------------------------------------------+

| Calling convention: | HVC64                                                       |

+---------------------+----------+--------------------------------------------------+

| Function ID:        | (uint32) | 0xC6000002                                       |

+---------------------+----------+----+---------------------------------------------+

| Arguments:          | (uint64) | R1 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R2 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R3 | Reserved / Must be zero                     |

+---------------------+----------+----+---------------------------------------------+

| Return Values:      | (int64)  | R0 | ``INVALID_PARAMETER (-3)`` on error, else   |

|                     |          |    | memory protection granule in bytes          |

+---------------------+----------+----+---------------------------------------------+



``ARM_SMCCC_KVM_FUNC_MEM_SHARE``

--------------------------------



Share a region of memory with the KVM host, granting it read, write and execute

permissions. The size of the region is equal to the memory protection granule

advertised by ``ARM_SMCCC_KVM_FUNC_HYP_MEMINFO``.



+---------------------+-------------------------------------------------------------+

| Presence:           | Optional; pKVM protected guests only.                       |

+---------------------+-------------------------------------------------------------+

| Calling convention: | HVC64                                                       |

+---------------------+----------+--------------------------------------------------+

| Function ID:        | (uint32) | 0xC6000003                                       |

+---------------------+----------+----+---------------------------------------------+

| Arguments:          | (uint64) | R1 | Base IPA of memory region to share          |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R2 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R3 | Reserved / Must be zero                     |

+---------------------+----------+----+---------------------------------------------+

| Return Values:      | (int64)  | R0 | ``SUCCESS (0)``                             |

|                     |          |    +---------------------------------------------+

|                     |          |    | ``INVALID_PARAMETER (-3)``                  |

+---------------------+----------+----+---------------------------------------------+



``ARM_SMCCC_KVM_FUNC_MEM_UNSHARE``

----------------------------------



Revoke access permission from the KVM host to a memory region previously shared

with ``ARM_SMCCC_KVM_FUNC_MEM_SHARE``. The size of the region is equal to the

memory protection granule advertised by ``ARM_SMCCC_KVM_FUNC_HYP_MEMINFO``.



+---------------------+-------------------------------------------------------------+

| Presence:           | Optional; pKVM protected guests only.                       |

+---------------------+-------------------------------------------------------------+

| Calling convention: | HVC64                                                       |

+---------------------+----------+--------------------------------------------------+

| Function ID:        | (uint32) | 0xC6000004                                       |

+---------------------+----------+----+---------------------------------------------+

| Arguments:          | (uint64) | R1 | Base IPA of memory region to unshare        |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R2 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R3 | Reserved / Must be zero                     |

+---------------------+----------+----+---------------------------------------------+

| Return Values:      | (int64)  | R0 | ``SUCCESS (0)``                             |

|                     |          |    +---------------------------------------------+

|                     |          |    | ``INVALID_PARAMETER (-3)``                  |

+---------------------+----------+----+---------------------------------------------+



``ARM_SMCCC_KVM_FUNC_MMIO_GUARD``

----------------------------------



Request that a given memory region is handled as MMIO by the hypervisor,

allowing accesses to this region to be emulated by the KVM host. The size of the

region is equal to the memory protection granule advertised by

``ARM_SMCCC_KVM_FUNC_HYP_MEMINFO``.



+---------------------+-------------------------------------------------------------+

| Presence:           | Optional; pKVM protected guests only.                       |

+---------------------+-------------------------------------------------------------+

| Calling convention: | HVC64                                                       |

+---------------------+----------+--------------------------------------------------+

| Function ID:        | (uint32) | 0xC6000007                                       |

+---------------------+----------+----+---------------------------------------------+

| Arguments:          | (uint64) | R1 | Base IPA of MMIO memory region              |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R2 | Reserved / Must be zero                     |

|                     +----------+----+---------------------------------------------+

|                     | (uint64) | R3 | Reserved / Must be zero                     |

+---------------------+----------+----+---------------------------------------------+

| Return Values:      | (int64)  | R0 | ``SUCCESS (0)``                             |

|                     |          |    +---------------------------------------------+

|                     |          |    | ``INVALID_PARAMETER (-3)``                  |

+---------------------+----------+----+---------------------------------------------+

arch/arm/include/asm/hypervisor.h

+2 −0
Original line number Diff line number Diff line
@@ -7,4 +7,6 @@ 
void kvm_init_hyp_services(void);

bool kvm_arm_hyp_service_available(u32 func_id);



static inline void kvm_arch_init_hyp_services(void) { };



#endif

arch/arm64/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ config ARM64 
	select ARCH_HAS_KERNEL_FPU_SUPPORT if KERNEL_MODE_NEON

	select ARCH_HAS_KEEPINITRD

	select ARCH_HAS_MEMBARRIER_SYNC_CORE

	select ARCH_HAS_MEM_ENCRYPT

	select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS

	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE

	select ARCH_HAS_PTE_DEVMAP

arch/arm64/include/asm/hypervisor.h

+11 −0
Original line number Diff line number Diff line
@@ -7,4 +7,15 @@ 
void kvm_init_hyp_services(void);

bool kvm_arm_hyp_service_available(u32 func_id);



#ifdef CONFIG_ARM_PKVM_GUEST

void pkvm_init_hyp_services(void);

#else

static inline void pkvm_init_hyp_services(void) { };

#endif



static inline void kvm_arch_init_hyp_services(void)

{

	pkvm_init_hyp_services();

};



#endif

arch/arm64/include/asm/io.h

+4 −0
Original line number Diff line number Diff line
@@ -271,6 +271,10 @@ __iowrite64_copy(void __iomem *to, const void *from, size_t count) 
 * I/O memory mapping functions.

 */



typedef int (*ioremap_prot_hook_t)(phys_addr_t phys_addr, size_t size,

				   pgprot_t *prot);

int arm64_ioremap_prot_hook_register(const ioremap_prot_hook_t hook);



#define ioremap_prot ioremap_prot



#define _PAGE_IOREMAP PROT_DEVICE_nGnRE