| Andrew Walbran | ba47d1d | 2022-12-14 15:21:44 +0000 | [diff] [blame] | 1 | // Copyright 2022, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | //! Wrappers around calls to the hypervisor. |
| 16 | |
| Pierre-Clément Tosi | a59103d | 2023-02-02 14:46:55 +0000 | [diff] [blame^] | 17 | pub mod trng; |
| 18 | |
| Andrew Walbran | ba47d1d | 2022-12-14 15:21:44 +0000 | [diff] [blame] | 19 | use crate::smccc::{self, checked_hvc64, checked_hvc64_expect_zero}; |
| 20 | use log::info; |
| 21 | |
| Pierre-Clément Tosi | a59103d | 2023-02-02 14:46:55 +0000 | [diff] [blame^] | 22 | const ARM_SMCCC_TRNG_VERSION: u32 = 0x8400_0050; |
| 23 | #[allow(dead_code)] |
| 24 | const ARM_SMCCC_TRNG_FEATURES: u32 = 0x8400_0051; |
| 25 | #[allow(dead_code)] |
| 26 | const ARM_SMCCC_TRNG_GET_UUID: u32 = 0x8400_0052; |
| 27 | #[allow(dead_code)] |
| 28 | const ARM_SMCCC_TRNG_RND32: u32 = 0x8400_0053; |
| 29 | const ARM_SMCCC_TRNG_RND64: u32 = 0xc400_0053; |
| Andrew Walbran | 41ebe93 | 2022-12-14 15:22:30 +0000 | [diff] [blame] | 30 | const ARM_SMCCC_KVM_FUNC_HYP_MEMINFO: u32 = 0xc6000002; |
| 31 | const ARM_SMCCC_KVM_FUNC_MEM_SHARE: u32 = 0xc6000003; |
| 32 | const ARM_SMCCC_KVM_FUNC_MEM_UNSHARE: u32 = 0xc6000004; |
| Andrew Walbran | ba47d1d | 2022-12-14 15:21:44 +0000 | [diff] [blame] | 33 | const VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID: u32 = 0xc6000005; |
| 34 | const VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID: u32 = 0xc6000006; |
| 35 | const VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID: u32 = 0xc6000007; |
| 36 | const VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID: u32 = 0xc6000008; |
| 37 | |
| Andrew Walbran | 41ebe93 | 2022-12-14 15:22:30 +0000 | [diff] [blame] | 38 | /// Queries the memory protection parameters for a protected virtual machine. |
| 39 | /// |
| 40 | /// Returns the memory protection granule size in bytes. |
| 41 | pub fn hyp_meminfo() -> smccc::Result<u64> { |
| 42 | let args = [0u64; 17]; |
| 43 | checked_hvc64(ARM_SMCCC_KVM_FUNC_HYP_MEMINFO, args) |
| 44 | } |
| 45 | |
| 46 | /// Shares a region of memory with the KVM host, granting it read, write and execute permissions. |
| 47 | /// The size of the region is equal to the memory protection granule returned by [`hyp_meminfo`]. |
| 48 | pub fn mem_share(base_ipa: u64) -> smccc::Result<()> { |
| 49 | let mut args = [0u64; 17]; |
| 50 | args[0] = base_ipa; |
| 51 | |
| 52 | checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_SHARE, args) |
| 53 | } |
| 54 | |
| 55 | /// Revokes access permission from the KVM host to a memory region previously shared with |
| 56 | /// [`mem_share`]. The size of the region is equal to the memory protection granule returned by |
| 57 | /// [`hyp_meminfo`]. |
| 58 | pub fn mem_unshare(base_ipa: u64) -> smccc::Result<()> { |
| 59 | let mut args = [0u64; 17]; |
| 60 | args[0] = base_ipa; |
| 61 | |
| 62 | checked_hvc64_expect_zero(ARM_SMCCC_KVM_FUNC_MEM_UNSHARE, args) |
| 63 | } |
| 64 | |
| Andrew Walbran | ba47d1d | 2022-12-14 15:21:44 +0000 | [diff] [blame] | 65 | pub fn mmio_guard_info() -> smccc::Result<u64> { |
| 66 | let args = [0u64; 17]; |
| 67 | |
| 68 | checked_hvc64(VENDOR_HYP_KVM_MMIO_GUARD_INFO_FUNC_ID, args) |
| 69 | } |
| 70 | |
| 71 | pub fn mmio_guard_enroll() -> smccc::Result<()> { |
| 72 | let args = [0u64; 17]; |
| 73 | |
| 74 | checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_ENROLL_FUNC_ID, args) |
| 75 | } |
| 76 | |
| 77 | pub fn mmio_guard_map(ipa: u64) -> smccc::Result<()> { |
| 78 | let mut args = [0u64; 17]; |
| 79 | args[0] = ipa; |
| 80 | |
| 81 | // TODO(b/253586500): pKVM currently returns a i32 instead of a i64. |
| 82 | let is_i32_error_code = |n| u32::try_from(n).ok().filter(|v| (*v as i32) < 0).is_some(); |
| 83 | match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID, args) { |
| 84 | Err(smccc::Error::Unexpected(e)) if is_i32_error_code(e) => { |
| 85 | info!("Handled a pKVM bug by interpreting the MMIO_GUARD_MAP return value as i32"); |
| 86 | match e as u32 as i32 { |
| 87 | -1 => Err(smccc::Error::NotSupported), |
| 88 | -2 => Err(smccc::Error::NotRequired), |
| 89 | -3 => Err(smccc::Error::InvalidParameter), |
| 90 | ret => Err(smccc::Error::Unknown(ret as i64)), |
| 91 | } |
| 92 | } |
| 93 | res => res, |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | pub fn mmio_guard_unmap(ipa: u64) -> smccc::Result<()> { |
| 98 | let mut args = [0u64; 17]; |
| 99 | args[0] = ipa; |
| 100 | |
| 101 | // TODO(b/251426790): pKVM currently returns NOT_SUPPORTED for SUCCESS. |
| 102 | match checked_hvc64_expect_zero(VENDOR_HYP_KVM_MMIO_GUARD_UNMAP_FUNC_ID, args) { |
| 103 | Err(smccc::Error::NotSupported) | Ok(_) => Ok(()), |
| 104 | x => x, |
| 105 | } |
| 106 | } |
| Pierre-Clément Tosi | a59103d | 2023-02-02 14:46:55 +0000 | [diff] [blame^] | 107 | |
| 108 | /// Returns the (major, minor) version tuple, as defined by the SMCCC TRNG. |
| 109 | pub fn trng_version() -> trng::Result<(u16, u16)> { |
| 110 | let args = [0u64; 17]; |
| 111 | |
| 112 | let version = trng::hvc64(ARM_SMCCC_TRNG_VERSION, args)?[0]; |
| 113 | Ok(((version >> 16) as u16, version as u16)) |
| 114 | } |
| 115 | |
| 116 | pub type TrngRng64Entropy = (u64, u64, u64); |
| 117 | |
| 118 | pub fn trng_rnd64(nbits: u64) -> trng::Result<TrngRng64Entropy> { |
| 119 | let mut args = [0u64; 17]; |
| 120 | args[0] = nbits; |
| 121 | |
| 122 | let regs = trng::hvc64_expect_zero(ARM_SMCCC_TRNG_RND64, args)?; |
| 123 | |
| 124 | Ok((regs[1], regs[2], regs[3])) |
| 125 | } |