• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.. SPDX-License-Identifier: GPL-2.0
2
3==============
4KVM MMIO guard
5==============
6
7KVM implements device emulation by handling translation faults to any
8IPA range that is not contained in a memory slot. Such a translation
9fault is in most cases passed on to userspace (or in rare cases to the
10host kernel) with the address, size and possibly data of the access
11for emulation.
12
13Should the guest exit with an address that is not one that corresponds
14to an emulatable device, userspace may take measures that are not the
15most graceful as far as the guest is concerned (such as terminating it
16or delivering a fatal exception).
17
18There is also an element of trust: by forwarding the request to
19userspace, the kernel assumes that the guest trusts userspace to do
20the right thing.
21
22The KVM MMIO guard offers a way to mitigate this last point: a guest
23can request that only certain regions of the IPA space are valid as
24MMIO. Only these regions will be handled as an MMIO, and any other
25will result in an exception being delivered to the guest.
26
27This relies on a set of hypercalls defined in the KVM-specific range,
28using the HVC64 calling convention.
29
30* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_INFO
31
32    ==============    ========    ================================
33    Function ID:      (uint32)    0xC6000002
34    Arguments:        none
35    Return Values:    (int64)     NOT_SUPPORTED(-1) on error, or
36                      (uint64)    Protection Granule (PG) size in
37                                  bytes (r0)
38    ==============    ========    ================================
39
40* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_ENROLL
41
42    ==============    ========    ==============================
43    Function ID:      (uint32)    0xC6000003
44    Arguments:        none
45    Return Values:    (int64)     NOT_SUPPORTED(-1) on error, or
46                                  RET_SUCCESS(0) (r0)
47    ==============    ========    ==============================
48
49* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_MAP
50
51    ==============    ========    ====================================
52    Function ID:      (uint32)    0xC6000004
53    Arguments:        (uint64)    The base of the PG-sized IPA range
54                                  that is allowed to be accessed as
55                                  MMIO. Must be aligned to the PG size
56                                  (r1)
57                      (uint64)    Index in the MAIR_EL1 register
58		                  providing the memory attribute that
59				  is used by the guest (r2)
60    Return Values:    (int64)     NOT_SUPPORTED(-1) on error, or
61                                  RET_SUCCESS(0) (r0)
62    ==============    ========    ====================================
63
64* ARM_SMCCC_KVM_FUNC_MMIO_GUARD_UNMAP
65
66    ==============    ========    ======================================
67    Function ID:      (uint32)    0xC6000005
68    Arguments:        (uint64)    PG-sized IPA range aligned to the PG
69                                  size which has been previously mapped.
70                                  Must be aligned to the PG size and
71                                  have been previously mapped (r1)
72    Return Values:    (int64)     NOT_SUPPORTED(-1) on error, or
73                                  RET_SUCCESS(0) (r0)
74    ==============    ========    ======================================
75