hyp: Refactor HypervisorCap to harden backends
The Hypervisor trait previously required backends to implement all of
its functions, even when they related to features that their underlying
hypervisor did not implement. To deal with this, capabilities were
introduced so that client code would conditionally call those functions
based on the availability of the feature (discovered through the
capabilities). This resulted in useless boiler-plate code in the
backends (either using unimplemented()! or returning placeholders to
please the caller) and a high risk of making use of unavailable features
in hypervisor-agnostic client code.
Instead, rework Hypervisor as an Inlineable Dyn Extension Trait [1],
making it programmatically impossible to call a function for a feature
that the running hypervisor doesn't provide. This also removes the need
for any boilerplate code in the backends.
Introduce the accessors get_mmio_guard() and get_mem_sharer().
No functional change intended.
[1]: https://github.com/daniel5151/inlinable-dyn-extension-traits/blob/master/writeup.md
Test: atest DebugPolicyHostTests#testNoAdbInDebugPolicy_withDebugLevelNone_boots
Test: atest rialto_test vmbase_example.integration_test
Change-Id: I6404fa141f53d074c9529403c4606ab90867cf6c
diff --git a/libs/hyp/Android.bp b/libs/hyp/Android.bp
index 1bb8722..8baf9dd 100644
--- a/libs/hyp/Android.bp
+++ b/libs/hyp/Android.bp
@@ -8,7 +8,6 @@
srcs: ["src/lib.rs"],
prefer_rlib: true,
rustlibs: [
- "libbitflags",
"libonce_cell_nostd",
"libsmccc",
"libuuid_nostd",
diff --git a/libs/hyp/src/hypervisor/common.rs b/libs/hyp/src/hypervisor/common.rs
index 0982183..7c030a1 100644
--- a/libs/hyp/src/hypervisor/common.rs
+++ b/libs/hyp/src/hypervisor/common.rs
@@ -16,49 +16,49 @@
use crate::error::Result;
use crate::util::SIZE_4KB;
-use bitflags::bitflags;
/// Expected MMIO guard granule size, validated during MMIO guard initialization.
pub const MMIO_GUARD_GRANULE_SIZE: usize = SIZE_4KB;
-bitflags! {
- /// Capabilities that Hypervisor backends can declare support for.
- pub struct HypervisorCap: u32 {
- /// Capability for guest to share its memory with host at runtime.
- const DYNAMIC_MEM_SHARE = 0b1;
- /// The hypervisor expects MMIO ranges to be "mapped" by the guest before being accessed.
- const MMIO_GUARD = 0b10;
+/// Trait for the hypervisor.
+pub trait Hypervisor {
+ /// Returns the hypervisor's MMIO_GUARD implementation, if any.
+ fn as_mmio_guard(&self) -> Option<&dyn MmioGuardedHypervisor> {
+ None
+ }
+
+ /// Returns the hypervisor's dynamic memory sharing implementation, if any.
+ fn as_mem_sharer(&self) -> Option<&dyn MemSharingHypervisor> {
+ None
}
}
-/// Trait for the hypervisor.
-pub trait Hypervisor {
+pub trait MmioGuardedHypervisor {
/// Initializes the hypervisor by enrolling a MMIO guard and checking the memory granule size.
/// By enrolling, all MMIO will be blocked unless allow-listed with `mmio_guard_map`.
/// Protected VMs are auto-enrolled.
- fn mmio_guard_init(&self) -> Result<()>;
+ fn init(&self) -> Result<()>;
/// Maps a page containing the given memory address to the hypervisor MMIO guard.
/// The page size corresponds to the MMIO guard granule size.
- fn mmio_guard_map(&self, addr: usize) -> Result<()>;
+ fn map(&self, addr: usize) -> Result<()>;
/// Unmaps a page containing the given memory address from the hypervisor MMIO guard.
/// The page size corresponds to the MMIO guard granule size.
- fn mmio_guard_unmap(&self, addr: usize) -> Result<()>;
+ fn unmap(&self, addr: usize) -> Result<()>;
+}
+pub trait MemSharingHypervisor {
/// Shares a region of memory with host, granting it read, write and execute permissions.
/// The size of the region is equal to the memory protection granule returned by
/// [`hyp_meminfo`].
- fn mem_share(&self, base_ipa: u64) -> Result<()>;
+ fn share(&self, base_ipa: u64) -> Result<()>;
/// Revokes access permission from host to a memory region previously shared with
/// [`mem_share`]. The size of the region is equal to the memory protection granule returned by
/// [`hyp_meminfo`].
- fn mem_unshare(&self, base_ipa: u64) -> Result<()>;
+ fn unshare(&self, base_ipa: u64) -> Result<()>;
/// Returns the memory protection granule size in bytes.
- fn memory_protection_granule(&self) -> Result<usize>;
-
- /// Check if required capabilities are supported.
- fn has_cap(&self, cap: HypervisorCap) -> bool;
+ fn granule(&self) -> Result<usize>;
}
diff --git a/libs/hyp/src/hypervisor/geniezone.rs b/libs/hyp/src/hypervisor/geniezone.rs
index c69c258..24eb89e 100644
--- a/libs/hyp/src/hypervisor/geniezone.rs
+++ b/libs/hyp/src/hypervisor/geniezone.rs
@@ -14,7 +14,9 @@
//! Wrappers around calls to the GenieZone hypervisor.
-use super::common::{Hypervisor, HypervisorCap, MMIO_GUARD_GRANULE_SIZE};
+use super::common::{
+ Hypervisor, MemSharingHypervisor, MmioGuardedHypervisor, MMIO_GUARD_GRANULE_SIZE,
+};
use crate::error::{Error, Result};
use crate::util::page_address;
use core::fmt::{self, Display, Formatter};
@@ -40,8 +42,6 @@
// and share the same identification along with guest VMs.
// The previous uuid was removed due to duplication elsewhere.
pub const UUID: Uuid = uuid!("7e134ed0-3b82-488d-8cee-69c19211dbe7");
- const CAPABILITIES: HypervisorCap =
- HypervisorCap::DYNAMIC_MEM_SHARE.union(HypervisorCap::MMIO_GUARD);
}
/// Error from a GenieZone HVC call.
@@ -86,7 +86,17 @@
}
impl Hypervisor for GeniezoneHypervisor {
- fn mmio_guard_init(&self) -> Result<()> {
+ fn as_mmio_guard(&self) -> Option<&dyn MmioGuardedHypervisor> {
+ Some(self)
+ }
+
+ fn as_mem_sharer(&self) -> Option<&dyn MemSharingHypervisor> {
+ Some(self)
+ }
+}
+
+impl MmioGuardedHypervisor for GeniezoneHypervisor {
+ fn init(&self) -> Result<()> {
mmio_guard_enroll()?;
let mmio_granule = mmio_guard_granule()?;
if mmio_granule != MMIO_GUARD_GRANULE_SIZE {
@@ -95,43 +105,41 @@
Ok(())
}
- fn mmio_guard_map(&self, addr: usize) -> Result<()> {
+ fn map(&self, addr: usize) -> Result<()> {
let mut args = [0u64; 17];
args[0] = page_address(addr);
checked_hvc64_expect_zero(VENDOR_HYP_GZVM_MMIO_GUARD_MAP_FUNC_ID, args)
}
- fn mmio_guard_unmap(&self, addr: usize) -> Result<()> {
+ fn unmap(&self, addr: usize) -> Result<()> {
let mut args = [0u64; 17];
args[0] = page_address(addr);
checked_hvc64_expect_zero(VENDOR_HYP_GZVM_MMIO_GUARD_UNMAP_FUNC_ID, args)
}
+}
- fn mem_share(&self, base_ipa: u64) -> Result<()> {
+impl MemSharingHypervisor for GeniezoneHypervisor {
+ fn share(&self, base_ipa: u64) -> Result<()> {
let mut args = [0u64; 17];
args[0] = base_ipa;
checked_hvc64_expect_zero(ARM_SMCCC_GZVM_FUNC_MEM_SHARE, args)
}
- fn mem_unshare(&self, base_ipa: u64) -> Result<()> {
+ fn unshare(&self, base_ipa: u64) -> Result<()> {
let mut args = [0u64; 17];
args[0] = base_ipa;
checked_hvc64_expect_zero(ARM_SMCCC_GZVM_FUNC_MEM_UNSHARE, args)
}
- fn memory_protection_granule(&self) -> Result<usize> {
+ fn granule(&self) -> Result<usize> {
let args = [0u64; 17];
let granule = checked_hvc64(ARM_SMCCC_GZVM_FUNC_HYP_MEMINFO, args)?;
Ok(granule.try_into().unwrap())
}
-
- fn has_cap(&self, cap: HypervisorCap) -> bool {
- Self::CAPABILITIES.contains(cap)
- }
}
fn mmio_guard_granule() -> Result<usize> {
diff --git a/libs/hyp/src/hypervisor/gunyah.rs b/libs/hyp/src/hypervisor/gunyah.rs
index 252430f..45c01bf 100644
--- a/libs/hyp/src/hypervisor/gunyah.rs
+++ b/libs/hyp/src/hypervisor/gunyah.rs
@@ -1,5 +1,4 @@
-use super::common::{Hypervisor, HypervisorCap, MMIO_GUARD_GRANULE_SIZE};
-use crate::error::Result;
+use super::common::Hypervisor;
use uuid::{uuid, Uuid};
pub(super) struct GunyahHypervisor;
@@ -8,32 +7,4 @@
pub const UUID: Uuid = uuid!("c1d58fcd-a453-5fdb-9265-ce36673d5f14");
}
-impl Hypervisor for GunyahHypervisor {
- fn mmio_guard_init(&self) -> Result<()> {
- Ok(())
- }
-
- fn mmio_guard_map(&self, _addr: usize) -> Result<()> {
- Ok(())
- }
-
- fn mmio_guard_unmap(&self, _addr: usize) -> Result<()> {
- Ok(())
- }
-
- fn mem_share(&self, _base_ipa: u64) -> Result<()> {
- unimplemented!();
- }
-
- fn mem_unshare(&self, _base_ipa: u64) -> Result<()> {
- unimplemented!();
- }
-
- fn memory_protection_granule(&self) -> Result<usize> {
- Ok(MMIO_GUARD_GRANULE_SIZE)
- }
-
- fn has_cap(&self, _cap: HypervisorCap) -> bool {
- false
- }
-}
+impl Hypervisor for GunyahHypervisor {}
diff --git a/libs/hyp/src/hypervisor/kvm.rs b/libs/hyp/src/hypervisor/kvm.rs
index 4243b5a..ab0aa6c 100644
--- a/libs/hyp/src/hypervisor/kvm.rs
+++ b/libs/hyp/src/hypervisor/kvm.rs
@@ -14,7 +14,9 @@
//! Wrappers around calls to the KVM hypervisor.
-use super::common::{Hypervisor, HypervisorCap, MMIO_GUARD_GRANULE_SIZE};
+use super::common::{
+ Hypervisor, MemSharingHypervisor, MmioGuardedHypervisor, MMIO_GUARD_GRANULE_SIZE,
+};
use crate::error::{Error, Result};
use crate::util::page_address;
use core::fmt::{self, Display, Formatter};
@@ -76,12 +78,20 @@
// Based on ARM_SMCCC_VENDOR_HYP_UID_KVM_REG values listed in Linux kernel source:
// https://github.com/torvalds/linux/blob/master/include/linux/arm-smccc.h
pub(super) const UUID: Uuid = uuid!("28b46fb6-2ec5-11e9-a9ca-4b564d003a74");
- const CAPABILITIES: HypervisorCap =
- HypervisorCap::DYNAMIC_MEM_SHARE.union(HypervisorCap::MMIO_GUARD);
}
impl Hypervisor for KvmHypervisor {
- fn mmio_guard_init(&self) -> Result<()> {
+ fn as_mmio_guard(&self) -> Option<&dyn MmioGuardedHypervisor> {
+ Some(self)
+ }
+
+ fn as_mem_sharer(&self) -> Option<&dyn MemSharingHypervisor> {
+ Some(self)
+ }
+}
+
+impl MmioGuardedHypervisor for KvmHypervisor {
+ fn init(&self) -> Result<()> {
mmio_guard_enroll()?;
let mmio_granule = mmio_guard_granule()?;
if mmio_granule != MMIO_GUARD_GRANULE_SIZE {
@@ -90,7 +100,7 @@
Ok(())
}
- fn mmio_guard_map(&self, addr: usize) -> Result<()> {
+ fn map(&self, addr: usize) -> Result<()> {
let mut args = [0u64; 17];
args[0] = page_address(addr);
@@ -100,7 +110,7 @@
.map_err(|e| Error::KvmError(e, VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID))
}
- fn mmio_guard_unmap(&self, addr: usize) -> Result<()> {
+ fn unmap(&self, addr: usize) -> Result<()> {
let mut args = [0u64; 17];
args[0] = page_address(addr);
@@ -111,30 +121,28 @@
Err(e) => Err(Error::KvmError(e, VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID)),
}
}
+}
- fn mem_share(&self, base_ipa: u64) -> Result<()> {
+impl MemSharingHypervisor for KvmHypervisor {
+ fn share(&self, base_ipa: u64) -> Result<()> {
let mut args = [0u64; 17];
args[0] = base_ipa;
checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_SHARE, args)
}
- fn mem_unshare(&self, base_ipa: u64) -> Result<()> {
+ fn unshare(&self, base_ipa: u64) -> Result<()> {
let mut args = [0u64; 17];
args[0] = base_ipa;
checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_UNSHARE, args)
}
- fn memory_protection_granule(&self) -> Result<usize> {
+ fn granule(&self) -> Result<usize> {
let args = [0u64; 17];
let granule = checked_hvc64(ARM_SMCCC_KVM_FUNC_HYP_MEMINFO, args)?;
Ok(granule.try_into().unwrap())
}
-
- fn has_cap(&self, cap: HypervisorCap) -> bool {
- Self::CAPABILITIES.contains(cap)
- }
}
fn mmio_guard_granule() -> Result<usize> {
diff --git a/libs/hyp/src/hypervisor/mod.rs b/libs/hyp/src/hypervisor/mod.rs
index 93d53fe..2c82fc1 100644
--- a/libs/hyp/src/hypervisor/mod.rs
+++ b/libs/hyp/src/hypervisor/mod.rs
@@ -23,9 +23,8 @@
use crate::error::{Error, Result};
use alloc::boxed::Box;
-pub use common::Hypervisor;
-pub use common::HypervisorCap;
-pub use common::MMIO_GUARD_GRANULE_SIZE;
+use common::Hypervisor;
+pub use common::{MemSharingHypervisor, MmioGuardedHypervisor, MMIO_GUARD_GRANULE_SIZE};
pub use geniezone::GeniezoneError;
use geniezone::GeniezoneHypervisor;
use gunyah::GunyahHypervisor;
@@ -95,8 +94,18 @@
}
/// Gets the hypervisor singleton.
-pub fn get_hypervisor() -> &'static dyn Hypervisor {
+fn get_hypervisor() -> &'static dyn Hypervisor {
static HYPERVISOR: OnceBox<HypervisorBackend> = OnceBox::new();
HYPERVISOR.get_or_init(|| Box::new(detect_hypervisor())).get_hypervisor()
}
+
+/// Gets the MMIO_GUARD hypervisor singleton, if any.
+pub fn get_mmio_guard() -> Option<&'static dyn MmioGuardedHypervisor> {
+ get_hypervisor().as_mmio_guard()
+}
+
+/// Gets the dynamic memory sharing hypervisor singleton, if any.
+pub fn get_mem_sharer() -> Option<&'static dyn MemSharingHypervisor> {
+ get_hypervisor().as_mem_sharer()
+}
diff --git a/libs/hyp/src/lib.rs b/libs/hyp/src/lib.rs
index 3b3b30a..486a181 100644
--- a/libs/hyp/src/lib.rs
+++ b/libs/hyp/src/lib.rs
@@ -21,8 +21,6 @@
mod util;
pub use error::{Error, Result};
-pub use hypervisor::{
- get_hypervisor, Hypervisor, HypervisorCap, KvmError, MMIO_GUARD_GRANULE_SIZE,
-};
+pub use hypervisor::{get_mem_sharer, get_mmio_guard, KvmError, MMIO_GUARD_GRANULE_SIZE};
use hypervisor::GeniezoneError;