[pvmfw] Extract a library to support various hypervisor backends
This cl extracts a library libhyp from pvmfw to support
various hypervisor backends including kvm.
Bug: 272226230
Test: m pvmfw_img
Change-Id: I5307cb5d6cccc7a01af6bc9c46ae7111c0d51e93
diff --git a/libs/hyp/Android.bp b/libs/hyp/Android.bp
new file mode 100644
index 0000000..bc66190
--- /dev/null
+++ b/libs/hyp/Android.bp
@@ -0,0 +1,18 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_library_rlib {
+ name: "libhyp",
+ crate_name: "hyp",
+ srcs: ["src/lib.rs"],
+ prefer_rlib: true,
+ rustlibs: [
+ "libsmccc",
+ ],
+ no_stdlibs: true,
+ stdlibs: [
+ "libcore.rust_sysroot",
+ ],
+ apex_available: ["com.android.virt"],
+}
diff --git a/libs/hyp/src/hypervisor/kvm.rs b/libs/hyp/src/hypervisor/kvm.rs
new file mode 100644
index 0000000..a34acc8
--- /dev/null
+++ b/libs/hyp/src/hypervisor/kvm.rs
@@ -0,0 +1,95 @@
+// Copyright 2022, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Wrappers around calls to the KVM hypervisor.
+
+use smccc::{checked_hvc64, checked_hvc64_expect_zero, Error, Result};
+
+const ARM_SMCCC_KVM_FUNC_HYP_MEMINFO: u32 = 0xc6000002;
+const ARM_SMCCC_KVM_FUNC_MEM_SHARE: u32 = 0xc6000003;
+const ARM_SMCCC_KVM_FUNC_MEM_UNSHARE: u32 = 0xc6000004;
+
+const VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID: u32 = 0xc6000005;
+const VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID: u32 = 0xc6000006;
+const VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID: u32 = 0xc6000007;
+const VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID: u32 = 0xc6000008;
+
+/// Queries the memory protection parameters for a protected virtual machine.
+///
+/// Returns the memory protection granule size in bytes.
+pub(super) fn hyp_meminfo() -> Result<u64> {
+ let args = [0u64; 17];
+ checked_hvc64(ARM_SMCCC_KVM_FUNC_HYP_MEMINFO, args)
+}
+
+/// Shares a region of memory with the KVM host, granting it read, write and execute permissions.
+/// The size of the region is equal to the memory protection granule returned by [`hyp_meminfo`].
+pub(super) fn mem_share(base_ipa: u64) -> Result<()> {
+ let mut args = [0u64; 17];
+ args[0] = base_ipa;
+
+ checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_SHARE, args)
+}
+
+/// Revokes access permission from the KVM host to a memory region previously shared with
+/// [`mem_share`]. The size of the region is equal to the memory protection granule returned by
+/// [`hyp_meminfo`].
+pub(super) fn mem_unshare(base_ipa: u64) -> Result<()> {
+ let mut args = [0u64; 17];
+ args[0] = base_ipa;
+
+ checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_UNSHARE, args)
+}
+
+pub(super) fn mmio_guard_info() -> Result<u64> {
+ let args = [0u64; 17];
+
+ checked_hvc64(VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID, args)
+}
+
+pub(super) fn mmio_guard_enroll() -> Result<()> {
+ let args = [0u64; 17];
+
+ checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID, args)
+}
+
+pub(super) fn mmio_guard_map(ipa: u64) -> Result<()> {
+ let mut args = [0u64; 17];
+ args[0] = ipa;
+
+ // TODO(b/277859415): pKVM returns a i32 instead of a i64 in T.
+ // Drop this hack once T reaches EoL.
+ let is_i32_error_code = |n| u32::try_from(n).ok().filter(|v| (*v as i32) < 0).is_some();
+ match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID, args) {
+ Err(Error::Unexpected(e)) if is_i32_error_code(e) => match e as u32 as i32 {
+ -1 => Err(Error::NotSupported),
+ -2 => Err(Error::NotRequired),
+ -3 => Err(Error::InvalidParameter),
+ ret => Err(Error::Unknown(ret as i64)),
+ },
+ res => res,
+ }
+}
+
+pub(super) fn mmio_guard_unmap(ipa: u64) -> Result<()> {
+ let mut args = [0u64; 17];
+ args[0] = ipa;
+
+ // TODO(b/277860860): pKVM returns NOT_SUPPORTED for SUCCESS in T.
+ // Drop this hack once T reaches EoL.
+ match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID, args) {
+ Err(Error::NotSupported) | Ok(_) => Ok(()),
+ x => x,
+ }
+}
diff --git a/libs/hyp/src/hypervisor/mod.rs b/libs/hyp/src/hypervisor/mod.rs
new file mode 100644
index 0000000..5807698
--- /dev/null
+++ b/libs/hyp/src/hypervisor/mod.rs
@@ -0,0 +1,53 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Wrappers around hypervisor back-ends.
+
+mod kvm;
+
+/// Queries the memory protection parameters for a protected virtual machine.
+///
+/// Returns the memory protection granule size in bytes.
+pub fn hyp_meminfo() -> smccc::Result<u64> {
+ kvm::hyp_meminfo()
+}
+
+/// Shares a region of memory with the host, granting it read, write and execute permissions.
+/// The size of the region is equal to the memory protection granule returned by [`hyp_meminfo`].
+pub fn mem_share(base_ipa: u64) -> smccc::Result<()> {
+ kvm::mem_share(base_ipa)
+}
+
+/// Revokes access permission from the host to a memory region previously shared with
+/// [`mem_share`]. The size of the region is equal to the memory protection granule returned by
+/// [`hyp_meminfo`].
+pub fn mem_unshare(base_ipa: u64) -> smccc::Result<()> {
+ kvm::mem_unshare(base_ipa)
+}
+
+pub(crate) fn mmio_guard_info() -> smccc::Result<u64> {
+ kvm::mmio_guard_info()
+}
+
+pub(crate) fn mmio_guard_enroll() -> smccc::Result<()> {
+ kvm::mmio_guard_enroll()
+}
+
+pub(crate) fn mmio_guard_map(ipa: u64) -> smccc::Result<()> {
+ kvm::mmio_guard_map(ipa)
+}
+
+pub(crate) fn mmio_guard_unmap(ipa: u64) -> smccc::Result<()> {
+ kvm::mmio_guard_unmap(ipa)
+}
diff --git a/libs/hyp/src/lib.rs b/libs/hyp/src/lib.rs
new file mode 100644
index 0000000..f0f0631
--- /dev/null
+++ b/libs/hyp/src/lib.rs
@@ -0,0 +1,23 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This library provides wrappers around various hypervisor backends.
+
+#![no_std]
+
+mod hypervisor;
+mod util;
+
+pub use hypervisor::{hyp_meminfo, mem_share, mem_unshare};
+pub mod mmio_guard;
diff --git a/pvmfw/src/mmio_guard.rs b/libs/hyp/src/mmio_guard.rs
similarity index 79%
rename from pvmfw/src/mmio_guard.rs
rename to libs/hyp/src/mmio_guard.rs
index 95a1b7f..512eb88 100644
--- a/pvmfw/src/mmio_guard.rs
+++ b/libs/hyp/src/mmio_guard.rs
@@ -14,10 +14,11 @@
//! Safe MMIO_GUARD support.
-use crate::helpers;
use crate::hypervisor::{mmio_guard_enroll, mmio_guard_info, mmio_guard_map, mmio_guard_unmap};
+use crate::util::{page_address, SIZE_4KB};
use core::{fmt, result};
+/// MMIO guard error.
#[derive(Debug, Clone)]
pub enum Error {
/// Failed the necessary MMIO_GUARD_ENROLL call.
@@ -32,8 +33,6 @@
UnsupportedGranule(usize),
}
-type Result<T> = result::Result<T, Error>;
-
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self {
@@ -46,19 +45,25 @@
}
}
+/// Result type with mmio_guard::Error.
+pub type Result<T> = result::Result<T, Error>;
+
+/// Initializes the hypervisor by enrolling a MMIO guard and checking the memory granule size.
pub fn init() -> Result<()> {
mmio_guard_enroll().map_err(Error::EnrollFailed)?;
let mmio_granule = mmio_guard_info().map_err(Error::InfoFailed)? as usize;
- if mmio_granule != helpers::SIZE_4KB {
+ if mmio_granule != SIZE_4KB {
return Err(Error::UnsupportedGranule(mmio_granule));
}
Ok(())
}
+/// Maps a memory address to the hypervisor MMIO guard.
pub fn map(addr: usize) -> Result<()> {
- mmio_guard_map(helpers::page_4kb_of(addr) as u64).map_err(Error::MapFailed)
+ mmio_guard_map(page_address(addr)).map_err(Error::MapFailed)
}
+/// Unmaps a memory address from the hypervisor MMIO guard.
pub fn unmap(addr: usize) -> Result<()> {
- mmio_guard_unmap(helpers::page_4kb_of(addr) as u64).map_err(Error::UnmapFailed)
+ mmio_guard_unmap(page_address(addr)).map_err(Error::UnmapFailed)
}
diff --git a/libs/hyp/src/util.rs b/libs/hyp/src/util.rs
new file mode 100644
index 0000000..56f94fd
--- /dev/null
+++ b/libs/hyp/src/util.rs
@@ -0,0 +1,22 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Utility functions.
+
+pub(crate) const SIZE_4KB: usize = 4 << 10;
+
+/// Computes the low memory page address of the 4KiB page containing a given address.
+pub(crate) fn page_address(addr: usize) -> u64 {
+ (addr & !(SIZE_4KB - 1)).try_into().unwrap()
+}
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index a446c90..41abb91 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -17,6 +17,7 @@
"libbuddy_system_allocator",
"libdiced_open_dice_nostd",
"libfdtpci",
+ "libhyp",
"liblibfdt",
"liblog_rust_nostd",
"libonce_cell_nostd",
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 00f0e9b..e0af856 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -20,12 +20,12 @@
use crate::heap;
use crate::helpers;
use crate::memory::MemoryTracker;
-use crate::mmio_guard;
use crate::mmu;
use crate::rand;
use core::arch::asm;
use core::num::NonZeroUsize;
use core::slice;
+use hyp::mmio_guard;
use log::debug;
use log::error;
use log::info;
diff --git a/pvmfw/src/hvc.rs b/pvmfw/src/hvc.rs
index f44e26e..6c5017f 100644
--- a/pvmfw/src/hvc.rs
+++ b/pvmfw/src/hvc.rs
@@ -16,9 +16,7 @@
pub mod trng;
-use log::info;
-use smccc::{self, checked_hvc64, checked_hvc64_expect_zero};
-
+// TODO(b/272226230): Move all the trng functions to trng module
const ARM_SMCCC_TRNG_VERSION: u32 = 0x8400_0050;
#[allow(dead_code)]
const ARM_SMCCC_TRNG_FEATURES: u32 = 0x8400_0051;
@@ -27,85 +25,6 @@
#[allow(dead_code)]
const ARM_SMCCC_TRNG_RND32: u32 = 0x8400_0053;
const ARM_SMCCC_TRNG_RND64: u32 = 0xc400_0053;
-const ARM_SMCCC_KVM_FUNC_HYP_MEMINFO: u32 = 0xc6000002;
-const ARM_SMCCC_KVM_FUNC_MEM_SHARE: u32 = 0xc6000003;
-const ARM_SMCCC_KVM_FUNC_MEM_UNSHARE: u32 = 0xc6000004;
-const VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID: u32 = 0xc6000005;
-const VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID: u32 = 0xc6000006;
-const VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID: u32 = 0xc6000007;
-const VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID: u32 = 0xc6000008;
-
-/// Queries the memory protection parameters for a protected virtual machine.
-///
-/// Returns the memory protection granule size in bytes.
-pub fn kvm_hyp_meminfo() -> smccc::Result<u64> {
- let args = [0u64; 17];
- checked_hvc64(ARM_SMCCC_KVM_FUNC_HYP_MEMINFO, args)
-}
-
-/// Shares a region of memory with the KVM host, granting it read, write and execute permissions.
-/// The size of the region is equal to the memory protection granule returned by [`hyp_meminfo`].
-pub fn kvm_mem_share(base_ipa: u64) -> smccc::Result<()> {
- let mut args = [0u64; 17];
- args[0] = base_ipa;
-
- checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_SHARE, args)
-}
-
-/// Revokes access permission from the KVM host to a memory region previously shared with
-/// [`mem_share`]. The size of the region is equal to the memory protection granule returned by
-/// [`hyp_meminfo`].
-pub fn kvm_mem_unshare(base_ipa: u64) -> smccc::Result<()> {
- let mut args = [0u64; 17];
- args[0] = base_ipa;
-
- checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_UNSHARE, args)
-}
-
-pub fn kvm_mmio_guard_info() -> smccc::Result<u64> {
- let args = [0u64; 17];
-
- checked_hvc64(VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID, args)
-}
-
-pub fn kvm_mmio_guard_enroll() -> smccc::Result<()> {
- let args = [0u64; 17];
-
- checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID, args)
-}
-
-pub fn kvm_mmio_guard_map(ipa: u64) -> smccc::Result<()> {
- let mut args = [0u64; 17];
- args[0] = ipa;
-
- // TODO(b/277859415): pKVM returns a i32 instead of a i64 in T.
- // Drop this hack once T reaches EoL.
- let is_i32_error_code = |n| u32::try_from(n).ok().filter(|v| (*v as i32) < 0).is_some();
- match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID, args) {
- Err(smccc::Error::Unexpected(e)) if is_i32_error_code(e) => {
- info!("Handled a pKVM bug by interpreting the MMIO_GUARD_MAP return value as i32");
- match e as u32 as i32 {
- -1 => Err(smccc::Error::NotSupported),
- -2 => Err(smccc::Error::NotRequired),
- -3 => Err(smccc::Error::InvalidParameter),
- ret => Err(smccc::Error::Unknown(ret as i64)),
- }
- }
- res => res,
- }
-}
-
-pub fn kvm_mmio_guard_unmap(ipa: u64) -> smccc::Result<()> {
- let mut args = [0u64; 17];
- args[0] = ipa;
-
- // TODO(b/277860860): pKVM returns NOT_SUPPORTED for SUCCESS in T.
- // Drop this hack once T reaches EoL.
- match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID, args) {
- Err(smccc::Error::NotSupported) | Ok(_) => Ok(()),
- x => x,
- }
-}
/// Returns the (major, minor) version tuple, as defined by the SMCCC TRNG.
pub fn trng_version() -> trng::Result<(u16, u16)> {
diff --git a/pvmfw/src/hypervisor.rs b/pvmfw/src/hypervisor.rs
deleted file mode 100644
index 22609c5..0000000
--- a/pvmfw/src/hypervisor.rs
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright 2023, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Wrappers around hypervisor back-ends.
-
-use crate::hvc;
-
-pub fn hyp_meminfo() -> smccc::Result<u64> {
- hvc::kvm_hyp_meminfo()
-}
-
-pub fn mem_share(base_ipa: u64) -> smccc::Result<()> {
- hvc::kvm_mem_share(base_ipa)
-}
-
-pub fn mem_unshare(base_ipa: u64) -> smccc::Result<()> {
- hvc::kvm_mem_unshare(base_ipa)
-}
-
-pub fn mmio_guard_info() -> smccc::Result<u64> {
- hvc::kvm_mmio_guard_info()
-}
-
-pub fn mmio_guard_enroll() -> smccc::Result<()> {
- hvc::kvm_mmio_guard_enroll()
-}
-
-pub fn mmio_guard_map(ipa: u64) -> smccc::Result<()> {
- hvc::kvm_mmio_guard_map(ipa)
-}
-
-pub fn mmio_guard_unmap(ipa: u64) -> smccc::Result<()> {
- hvc::kvm_mmio_guard_unmap(ipa)
-}
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index fd6054f..662d705 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -29,10 +29,8 @@
mod heap;
mod helpers;
mod hvc;
-mod hypervisor;
mod instance;
mod memory;
-mod mmio_guard;
mod mmu;
mod rand;
mod virtio;
diff --git a/pvmfw/src/memory.rs b/pvmfw/src/memory.rs
index d26a4ba..fde3f9b 100644
--- a/pvmfw/src/memory.rs
+++ b/pvmfw/src/memory.rs
@@ -17,8 +17,6 @@
#![deny(unsafe_op_in_unsafe_fn)]
use crate::helpers::{self, align_down, align_up, page_4kb_of, SIZE_4KB};
-use crate::hypervisor::{hyp_meminfo, mem_share, mem_unshare};
-use crate::mmio_guard;
use crate::mmu;
use alloc::alloc::alloc_zeroed;
use alloc::alloc::dealloc;
@@ -31,6 +29,7 @@
use core::ops::Range;
use core::ptr::NonNull;
use core::result;
+use hyp::{hyp_meminfo, mem_share, mem_unshare, mmio_guard};
use log::error;
use tinyvec::ArrayVec;