[hypervisor] Add mmio_guard_init() to Hypervisor trait
Since MMIO guard is currently KVM specific, we can move the details
to hypervisor/kvm.rs. This makes it easier to extend the Hypervisor
trait for the hypervisors that do not support MMIO guard.
Bug: 272226230
Test: atest rialto_test && m pvmfw_img
Change-Id: Ib313130946f7f27968fca79c7954a27bc283d0b5
diff --git a/libs/hyp/src/error.rs b/libs/hyp/src/error.rs
new file mode 100644
index 0000000..20a0cff
--- /dev/null
+++ b/libs/hyp/src/error.rs
@@ -0,0 +1,45 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Error and Result types for hypervisor.
+
+use core::{fmt, result};
+
+/// Result type with hypervisor error.
+pub type Result<T> = result::Result<T, Error>;
+
+/// Hypervisor error.
+#[derive(Debug, Clone)]
+pub enum Error {
+ /// MMIO guard is not supported.
+ MmioGuardNotsupported,
+ /// Failed to invoke a certain HVC function.
+ HvcError(smccc::Error, u32),
+ /// The MMIO_GUARD granule used by the hypervisor is not supported.
+ UnsupportedMmioGuardGranule(usize),
+}
+
+impl fmt::Display for Error {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ match self {
+ Self::MmioGuardNotsupported => write!(f, "MMIO guard is not supported"),
+ Self::HvcError(e, function_id) => {
+ write!(f, "Failed to invoke the HVC function with function ID {function_id}: {e}")
+ }
+ Self::UnsupportedMmioGuardGranule(g) => {
+ write!(f, "Unsupported MMIO guard granule: {g}")
+ }
+ }
+ }
+}
diff --git a/libs/hyp/src/hypervisor/common.rs b/libs/hyp/src/hypervisor/common.rs
index d1439db..550fb2e 100644
--- a/libs/hyp/src/hypervisor/common.rs
+++ b/libs/hyp/src/hypervisor/common.rs
@@ -14,23 +14,20 @@
//! This module regroups some common traits shared by all the hypervisors.
-use smccc::Result;
+use crate::error::Result;
/// Trait for the hypervisor.
pub trait Hypervisor {
- /// Returns MMIO guard granule size in bytes.
- fn mmio_guard_granule(&self) -> Result<usize>;
-
- /// Registers to use MMIO guard APIs.
+ /// Initializes the hypervisor by enrolling a MMIO guard and checking the memory granule size.
/// By enrolling, all MMIO will be blocked unless allow-listed with `mmio_guard_map`.
/// Protected VMs are auto-enrolled.
- fn mmio_guard_enroll(&self) -> Result<()>;
+ fn mmio_guard_init(&self) -> Result<()>;
/// Maps a memory address to the hypervisor MMIO guard.
- fn mmio_guard_map(&self, ipa: u64) -> Result<()>;
+ fn mmio_guard_map(&self, addr: usize) -> Result<()>;
/// Unmaps a memory address from the hypervisor MMIO guard.
- fn mmio_guard_unmap(&self, ipa: u64) -> Result<()>;
+ fn mmio_guard_unmap(&self, addr: usize) -> Result<()>;
/// Shares a region of memory with host, granting it read, write and execute permissions.
/// The size of the region is equal to the memory protection granule returned by
diff --git a/libs/hyp/src/hypervisor/kvm.rs b/libs/hyp/src/hypervisor/kvm.rs
index cac9ba2..615c75a 100644
--- a/libs/hyp/src/hypervisor/kvm.rs
+++ b/libs/hyp/src/hypervisor/kvm.rs
@@ -15,7 +15,8 @@
//! Wrappers around calls to the KVM hypervisor.
use super::common::Hypervisor;
-use smccc::{checked_hvc64, checked_hvc64_expect_zero, Error, Result};
+use crate::error::{Error, Result};
+use crate::util::{page_address, SIZE_4KB};
const ARM_SMCCC_KVM_FUNC_HYP_MEMINFO: u32 = 0xc6000002;
const ARM_SMCCC_KVM_FUNC_MEM_SHARE: u32 = 0xc6000003;
@@ -29,46 +30,43 @@
pub(super) struct KvmHypervisor;
impl Hypervisor for KvmHypervisor {
- fn mmio_guard_granule(&self) -> Result<usize> {
- let args = [0u64; 17];
-
- let granule = checked_hvc64(VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID, args)?;
- Ok(granule.try_into().unwrap())
+ fn mmio_guard_init(&self) -> Result<()> {
+ mmio_guard_enroll()?;
+ let mmio_granule = mmio_guard_granule()?;
+ if mmio_granule != SIZE_4KB {
+ return Err(Error::UnsupportedMmioGuardGranule(mmio_granule));
+ }
+ Ok(())
}
- fn mmio_guard_enroll(&self) -> Result<()> {
- let args = [0u64; 17];
-
- checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID, args)
- }
-
- fn mmio_guard_map(&self, ipa: u64) -> Result<()> {
+ fn mmio_guard_map(&self, addr: usize) -> Result<()> {
let mut args = [0u64; 17];
- args[0] = ipa;
+ args[0] = page_address(addr);
// TODO(b/277859415): pKVM returns a i32 instead of a i64 in T.
// Drop this hack once T reaches EoL.
let is_i32_error_code = |n| u32::try_from(n).ok().filter(|v| (*v as i32) < 0).is_some();
- match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID, args) {
- Err(Error::Unexpected(e)) if is_i32_error_code(e) => match e as u32 as i32 {
- -1 => Err(Error::NotSupported),
- -2 => Err(Error::NotRequired),
- -3 => Err(Error::InvalidParameter),
- ret => Err(Error::Unknown(ret as i64)),
+ match smccc::checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID, args) {
+ Err(smccc::Error::Unexpected(e)) if is_i32_error_code(e) => match e as u32 as i32 {
+ -1 => Err(smccc::Error::NotSupported),
+ -2 => Err(smccc::Error::NotRequired),
+ -3 => Err(smccc::Error::InvalidParameter),
+ ret => Err(smccc::Error::Unknown(ret as i64)),
},
res => res,
}
+ .map_err(|e| Error::HvcError(e, VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID))
}
- fn mmio_guard_unmap(&self, ipa: u64) -> Result<()> {
+ fn mmio_guard_unmap(&self, addr: usize) -> Result<()> {
let mut args = [0u64; 17];
- args[0] = ipa;
+ args[0] = page_address(addr);
// TODO(b/277860860): pKVM returns NOT_SUPPORTED for SUCCESS in T.
// Drop this hack once T reaches EoL.
- match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID, args) {
- Err(Error::NotSupported) | Ok(_) => Ok(()),
- x => x,
+ match smccc::checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID, args) {
+ Err(smccc::Error::NotSupported) | Ok(_) => Ok(()),
+ Err(e) => Err(Error::HvcError(e, VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID)),
}
}
@@ -92,3 +90,27 @@
Ok(granule.try_into().unwrap())
}
}
+
+fn mmio_guard_granule() -> Result<usize> {
+ let args = [0u64; 17];
+
+ let granule = checked_hvc64(VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID, args)?;
+ Ok(granule.try_into().unwrap())
+}
+
+fn mmio_guard_enroll() -> Result<()> {
+ let args = [0u64; 17];
+ match smccc::checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID, args) {
+ Ok(_) => Ok(()),
+ Err(smccc::Error::NotSupported) => Err(Error::MmioGuardNotsupported),
+ Err(e) => Err(Error::HvcError(e, VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID)),
+ }
+}
+
+fn checked_hvc64_expect_zero(function: u32, args: [u64; 17]) -> Result<()> {
+ smccc::checked_hvc64_expect_zero(function, args).map_err(|e| Error::HvcError(e, function))
+}
+
+fn checked_hvc64(function: u32, args: [u64; 17]) -> Result<u64> {
+ smccc::checked_hvc64(function, args).map_err(|e| Error::HvcError(e, function))
+}
diff --git a/libs/hyp/src/lib.rs b/libs/hyp/src/lib.rs
index 676af1d..66c78f4 100644
--- a/libs/hyp/src/lib.rs
+++ b/libs/hyp/src/lib.rs
@@ -16,8 +16,9 @@
#![no_std]
+mod error;
mod hypervisor;
mod util;
+pub use error::{Error, Result};
pub use hypervisor::{get_hypervisor, Hypervisor};
-pub mod mmio_guard;
diff --git a/libs/hyp/src/mmio_guard.rs b/libs/hyp/src/mmio_guard.rs
deleted file mode 100644
index 84dac64..0000000
--- a/libs/hyp/src/mmio_guard.rs
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright 2022, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Safe MMIO_GUARD support.
-
-use crate::hypervisor::get_hypervisor;
-use crate::util::{page_address, SIZE_4KB};
-use core::{fmt, result};
-
-/// MMIO guard error.
-#[derive(Debug, Clone)]
-pub enum Error {
- /// Failed the necessary MMIO_GUARD_ENROLL call.
- EnrollFailed(smccc::Error),
- /// Failed to obtain the MMIO_GUARD granule size.
- GranuleQueryFailed(smccc::Error),
- /// Failed to MMIO_GUARD_MAP a page.
- MapFailed(smccc::Error),
- /// Failed to MMIO_GUARD_UNMAP a page.
- UnmapFailed(smccc::Error),
- /// The MMIO_GUARD granule used by the hypervisor is not supported.
- UnsupportedGranule(usize),
-}
-
-impl fmt::Display for Error {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- match self {
- Self::EnrollFailed(e) => write!(f, "Failed to enroll into MMIO_GUARD: {e}"),
- Self::GranuleQueryFailed(e) => write!(f, "Failed to get the MMIO_GUARD granule: {e}"),
- Self::MapFailed(e) => write!(f, "Failed to MMIO_GUARD map: {e}"),
- Self::UnmapFailed(e) => write!(f, "Failed to MMIO_GUARD unmap: {e}"),
- Self::UnsupportedGranule(g) => write!(f, "Unsupported MMIO_GUARD granule: {g}"),
- }
- }
-}
-
-/// Result type with mmio_guard::Error.
-pub type Result<T> = result::Result<T, Error>;
-
-/// Initializes the hypervisor by enrolling a MMIO guard and checking the memory granule size.
-pub fn init() -> Result<()> {
- let hyp = get_hypervisor();
- hyp.mmio_guard_enroll().map_err(Error::EnrollFailed)?;
- let mmio_granule = hyp.mmio_guard_granule().map_err(Error::GranuleQueryFailed)?;
- if mmio_granule != SIZE_4KB {
- return Err(Error::UnsupportedGranule(mmio_granule));
- }
- Ok(())
-}
-
-/// Maps a memory address to the hypervisor MMIO guard.
-pub fn map(addr: usize) -> Result<()> {
- get_hypervisor().mmio_guard_map(page_address(addr)).map_err(Error::MapFailed)
-}
-
-/// Unmaps a memory address from the hypervisor MMIO guard.
-pub fn unmap(addr: usize) -> Result<()> {
- get_hypervisor().mmio_guard_unmap(page_address(addr)).map_err(Error::UnmapFailed)
-}
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index e0af856..1309d73 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -25,7 +25,7 @@
use core::arch::asm;
use core::num::NonZeroUsize;
use core::slice;
-use hyp::mmio_guard;
+use hyp::get_hypervisor;
use log::debug;
use log::error;
use log::info;
@@ -172,12 +172,12 @@
// Use debug!() to avoid printing to the UART if we failed to configure it as only local
// builds that have tweaked the logger::init() call will actually attempt to log the message.
- mmio_guard::init().map_err(|e| {
+ get_hypervisor().mmio_guard_init().map_err(|e| {
debug!("{e}");
RebootReason::InternalError
})?;
- mmio_guard::map(console::BASE_ADDRESS).map_err(|e| {
+ get_hypervisor().mmio_guard_map(console::BASE_ADDRESS).map_err(|e| {
debug!("Failed to configure the UART: {e}");
RebootReason::InternalError
})?;
@@ -236,7 +236,7 @@
error!("Failed to unshare MMIO ranges: {e}");
RebootReason::InternalError
})?;
- mmio_guard::unmap(console::BASE_ADDRESS).map_err(|e| {
+ get_hypervisor().mmio_guard_unmap(console::BASE_ADDRESS).map_err(|e| {
error!("Failed to unshare the UART: {e}");
RebootReason::InternalError
})?;
diff --git a/pvmfw/src/memory.rs b/pvmfw/src/memory.rs
index 3f44f8a..2d5eb5c 100644
--- a/pvmfw/src/memory.rs
+++ b/pvmfw/src/memory.rs
@@ -29,7 +29,7 @@
use core::ops::Range;
use core::ptr::NonNull;
use core::result;
-use hyp::{get_hypervisor, mmio_guard};
+use hyp::get_hypervisor;
use log::error;
use tinyvec::ArrayVec;
@@ -102,8 +102,8 @@
Overlaps,
/// Region couldn't be mapped.
FailedToMap,
- /// Error from an MMIO guard call.
- MmioGuard(mmio_guard::Error),
+ /// Error from the interaction with the hypervisor.
+ Hypervisor(hyp::Error),
}
impl fmt::Display for MemoryTrackerError {
@@ -116,14 +116,14 @@
Self::OutOfRange => write!(f, "Region is out of the tracked memory address space"),
Self::Overlaps => write!(f, "New region overlaps with tracked regions"),
Self::FailedToMap => write!(f, "Failed to map the new region"),
- Self::MmioGuard(e) => e.fmt(f),
+ Self::Hypervisor(e) => e.fmt(f),
}
}
}
-impl From<mmio_guard::Error> for MemoryTrackerError {
- fn from(e: mmio_guard::Error) -> Self {
- Self::MmioGuard(e)
+impl From<hyp::Error> for MemoryTrackerError {
+ fn from(e: hyp::Error) -> Self {
+ Self::Hypervisor(e)
}
}
@@ -213,7 +213,7 @@
})?;
for page_base in page_iterator(&range) {
- mmio_guard::map(page_base)?;
+ get_hypervisor().mmio_guard_map(page_base)?;
}
if self.mmio_regions.try_push(range).is_some() {
@@ -253,7 +253,7 @@
pub fn mmio_unmap_all(&self) -> Result<()> {
for region in &self.mmio_regions {
for page_base in page_iterator(region) {
- mmio_guard::unmap(page_base)?;
+ get_hypervisor().mmio_guard_unmap(page_base)?;
}
}
@@ -278,7 +278,7 @@
/// Gives the KVM host read, write and execute permissions on the given memory range. If the range
/// is not aligned with the memory protection granule then it will be extended on either end to
/// align.
-fn share_range(range: &MemoryRange, granule: usize) -> smccc::Result<()> {
+fn share_range(range: &MemoryRange, granule: usize) -> hyp::Result<()> {
for base in (align_down(range.start, granule)
.expect("Memory protection granule was not a power of two")..range.end)
.step_by(granule)
@@ -291,7 +291,7 @@
/// Removes permission from the KVM host to access the given memory range which was previously
/// shared. If the range is not aligned with the memory protection granule then it will be extended
/// on either end to align.
-fn unshare_range(range: &MemoryRange, granule: usize) -> smccc::Result<()> {
+fn unshare_range(range: &MemoryRange, granule: usize) -> hyp::Result<()> {
for base in (align_down(range.start, granule)
.expect("Memory protection granule was not a power of two")..range.end)
.step_by(granule)
@@ -305,7 +305,7 @@
/// with the host. Returns a pointer to the buffer.
///
/// It will be aligned to the memory sharing granule size supported by the hypervisor.
-pub fn alloc_shared(size: usize) -> smccc::Result<NonNull<u8>> {
+pub fn alloc_shared(size: usize) -> hyp::Result<NonNull<u8>> {
let layout = shared_buffer_layout(size)?;
let granule = layout.align();
@@ -333,7 +333,7 @@
///
/// The memory must have been allocated by `alloc_shared` with the same size, and not yet
/// deallocated.
-pub unsafe fn dealloc_shared(vaddr: NonNull<u8>, size: usize) -> smccc::Result<()> {
+pub unsafe fn dealloc_shared(vaddr: NonNull<u8>, size: usize) -> hyp::Result<()> {
let layout = shared_buffer_layout(size)?;
let granule = layout.align();
@@ -352,7 +352,7 @@
/// It will be aligned to the memory sharing granule size supported by the hypervisor.
///
/// Panics if `size` is 0.
-fn shared_buffer_layout(size: usize) -> smccc::Result<Layout> {
+fn shared_buffer_layout(size: usize) -> hyp::Result<Layout> {
assert_ne!(size, 0);
let granule = get_hypervisor().memory_protection_granule()?;
let allocated_size =
diff --git a/rialto/Android.bp b/rialto/Android.bp
index 5034bf4..cf81563 100644
--- a/rialto/Android.bp
+++ b/rialto/Android.bp
@@ -13,7 +13,6 @@
"libbuddy_system_allocator",
"libhyp",
"liblog_rust_nostd",
- "libsmccc",
"libvmbase",
],
apex_available: ["com.android.virt"],
diff --git a/rialto/src/error.rs b/rialto/src/error.rs
index 8f34676..754e554 100644
--- a/rialto/src/error.rs
+++ b/rialto/src/error.rs
@@ -16,14 +16,14 @@
use aarch64_paging::MapError;
use core::{fmt, result};
-use hyp::mmio_guard::Error as MmioError;
+use hyp::Error as HypervisorError;
pub type Result<T> = result::Result<T, Error>;
#[derive(Clone, Debug)]
pub enum Error {
- /// MMIO guard failed.
- MmioGuard(MmioError),
+ /// Hypervisor error.
+ Hypervisor(HypervisorError),
/// Failed when attempting to map some range in the page table.
PageTableMapping(MapError),
/// Failed to initialize the logger.
@@ -33,7 +33,7 @@
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self {
- Self::MmioGuard(e) => write!(f, "MMIO guard failed: {e}."),
+ Self::Hypervisor(e) => write!(f, "MMIO guard failed: {e}."),
Self::PageTableMapping(e) => {
write!(f, "Failed when attempting to map some range in the page table: {e}.")
}
@@ -42,9 +42,9 @@
}
}
-impl From<MmioError> for Error {
- fn from(e: MmioError) -> Self {
- Self::MmioGuard(e)
+impl From<HypervisorError> for Error {
+ fn from(e: HypervisorError) -> Self {
+ Self::Hypervisor(e)
}
}
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index 76f5495..99e07b6 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -28,7 +28,7 @@
paging::{Attributes, MemoryRegion},
};
use buddy_system_allocator::LockedHeap;
-use hyp::mmio_guard;
+use hyp::get_hypervisor;
use log::{debug, error, info};
use vmbase::{main, power::reboot};
@@ -109,11 +109,11 @@
}
fn try_init_logger() -> Result<()> {
- match mmio_guard::init() {
+ match get_hypervisor().mmio_guard_init() {
// pKVM blocks MMIO by default, we need to enable MMIO guard to support logging.
- Ok(()) => mmio_guard::map(vmbase::console::BASE_ADDRESS)?,
+ Ok(()) => get_hypervisor().mmio_guard_map(vmbase::console::BASE_ADDRESS)?,
// MMIO guard enroll is not supported in unprotected VM.
- Err(mmio_guard::Error::EnrollFailed(smccc::Error::NotSupported)) => {}
+ Err(hyp::Error::MmioGuardNotsupported) => {}
Err(e) => return Err(e.into()),
};
vmbase::logger::init(log::LevelFilter::Debug).map_err(|_| Error::LoggerInit)