1 // Copyright 2023, The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 //! This module regroups some common traits shared by all the hypervisors. 16 17 use crate::error::Result; 18 use bitflags::bitflags; 19 20 bitflags! { 21 /// Capabilities that Hypervisor backends can declare support for. 22 pub struct HypervisorCap: u32 { 23 /// Capability for guest to share its memory with host at runtime. 24 const DYNAMIC_MEM_SHARE = 0b1; 25 } 26 } 27 28 /// Trait for the hypervisor. 29 pub trait Hypervisor { 30 /// Initializes the hypervisor by enrolling a MMIO guard and checking the memory granule size. 31 /// By enrolling, all MMIO will be blocked unless allow-listed with `mmio_guard_map`. 32 /// Protected VMs are auto-enrolled. mmio_guard_init(&self) -> Result<()>33 fn mmio_guard_init(&self) -> Result<()>; 34 35 /// Maps a page containing the given memory address to the hypervisor MMIO guard. 36 /// The page size corresponds to the MMIO guard granule size. mmio_guard_map(&self, addr: usize) -> Result<()>37 fn mmio_guard_map(&self, addr: usize) -> Result<()>; 38 39 /// Unmaps a page containing the given memory address from the hypervisor MMIO guard. 40 /// The page size corresponds to the MMIO guard granule size. mmio_guard_unmap(&self, addr: usize) -> Result<()>41 fn mmio_guard_unmap(&self, addr: usize) -> Result<()>; 42 43 /// Shares a region of memory with host, granting it read, write and execute permissions. 44 /// The size of the region is equal to the memory protection granule returned by 45 /// [`hyp_meminfo`]. mem_share(&self, base_ipa: u64) -> Result<()>46 fn mem_share(&self, base_ipa: u64) -> Result<()>; 47 48 /// Revokes access permission from host to a memory region previously shared with 49 /// [`mem_share`]. The size of the region is equal to the memory protection granule returned by 50 /// [`hyp_meminfo`]. mem_unshare(&self, base_ipa: u64) -> Result<()>51 fn mem_unshare(&self, base_ipa: u64) -> Result<()>; 52 53 /// Returns the memory protection granule size in bytes. memory_protection_granule(&self) -> Result<usize>54 fn memory_protection_granule(&self) -> Result<usize>; 55 56 /// Check if required capabilities are supported. has_cap(&self, cap: HypervisorCap) -> bool57 fn has_cap(&self, cap: HypervisorCap) -> bool; 58 } 59