1f1ced23aSRaghavendra Rao Ananta.. SPDX-License-Identifier: GPL-2.0 2f1ced23aSRaghavendra Rao Ananta 3*fa246c68SRaghavendra Rao Ananta======================= 4*fa246c68SRaghavendra Rao AnantaARM Hypercall Interface 5*fa246c68SRaghavendra Rao Ananta======================= 6f1ced23aSRaghavendra Rao Ananta 7*fa246c68SRaghavendra Rao AnantaKVM handles the hypercall services as requested by the guests. New hypercall 8*fa246c68SRaghavendra Rao Anantaservices are regularly made available by the ARM specification or by KVM (as 9*fa246c68SRaghavendra Rao Anantavendor services) if they make sense from a virtualization point of view. 10f1ced23aSRaghavendra Rao Ananta 11*fa246c68SRaghavendra Rao AnantaThis means that a guest booted on two different versions of KVM can observe 12*fa246c68SRaghavendra Rao Anantatwo different "firmware" revisions. This could cause issues if a given guest 13*fa246c68SRaghavendra Rao Anantais tied to a particular version of a hypercall service, or if a migration 14*fa246c68SRaghavendra Rao Anantacauses a different version to be exposed out of the blue to an unsuspecting 15*fa246c68SRaghavendra Rao Anantaguest. 16f1ced23aSRaghavendra Rao Ananta 17f1ced23aSRaghavendra Rao AnantaIn order to remedy this situation, KVM exposes a set of "firmware 18f1ced23aSRaghavendra Rao Anantapseudo-registers" that can be manipulated using the GET/SET_ONE_REG 19f1ced23aSRaghavendra Rao Anantainterface. These registers can be saved/restored by userspace, and set 20*fa246c68SRaghavendra Rao Anantato a convenient value as required. 21f1ced23aSRaghavendra Rao Ananta 22*fa246c68SRaghavendra Rao AnantaThe following registers are defined: 23f1ced23aSRaghavendra Rao Ananta 24f1ced23aSRaghavendra Rao Ananta* KVM_REG_ARM_PSCI_VERSION: 25f1ced23aSRaghavendra Rao Ananta 26*fa246c68SRaghavendra Rao Ananta KVM implements the PSCI (Power State Coordination Interface) 27*fa246c68SRaghavendra Rao Ananta specification in order to provide services such as CPU on/off, reset 28*fa246c68SRaghavendra Rao Ananta and power-off to the guest. 29*fa246c68SRaghavendra Rao Ananta 30f1ced23aSRaghavendra Rao Ananta - Only valid if the vcpu has the KVM_ARM_VCPU_PSCI_0_2 feature set 31f1ced23aSRaghavendra Rao Ananta (and thus has already been initialized) 32f1ced23aSRaghavendra Rao Ananta - Returns the current PSCI version on GET_ONE_REG (defaulting to the 33f1ced23aSRaghavendra Rao Ananta highest PSCI version implemented by KVM and compatible with v0.2) 34f1ced23aSRaghavendra Rao Ananta - Allows any PSCI version implemented by KVM and compatible with 35f1ced23aSRaghavendra Rao Ananta v0.2 to be set with SET_ONE_REG 36f1ced23aSRaghavendra Rao Ananta - Affects the whole VM (even if the register view is per-vcpu) 37f1ced23aSRaghavendra Rao Ananta 38f1ced23aSRaghavendra Rao Ananta* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1: 39f1ced23aSRaghavendra Rao Ananta Holds the state of the firmware support to mitigate CVE-2017-5715, as 40f1ced23aSRaghavendra Rao Ananta offered by KVM to the guest via a HVC call. The workaround is described 41f1ced23aSRaghavendra Rao Ananta under SMCCC_ARCH_WORKAROUND_1 in [1]. 42f1ced23aSRaghavendra Rao Ananta 43f1ced23aSRaghavendra Rao Ananta Accepted values are: 44f1ced23aSRaghavendra Rao Ananta 45f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL: 46f1ced23aSRaghavendra Rao Ananta KVM does not offer 47f1ced23aSRaghavendra Rao Ananta firmware support for the workaround. The mitigation status for the 48f1ced23aSRaghavendra Rao Ananta guest is unknown. 49f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_AVAIL: 50f1ced23aSRaghavendra Rao Ananta The workaround HVC call is 51f1ced23aSRaghavendra Rao Ananta available to the guest and required for the mitigation. 52f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_REQUIRED: 53f1ced23aSRaghavendra Rao Ananta The workaround HVC call 54f1ced23aSRaghavendra Rao Ananta is available to the guest, but it is not needed on this VCPU. 55f1ced23aSRaghavendra Rao Ananta 56f1ced23aSRaghavendra Rao Ananta* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2: 57f1ced23aSRaghavendra Rao Ananta Holds the state of the firmware support to mitigate CVE-2018-3639, as 58f1ced23aSRaghavendra Rao Ananta offered by KVM to the guest via a HVC call. The workaround is described 59f1ced23aSRaghavendra Rao Ananta under SMCCC_ARCH_WORKAROUND_2 in [1]_. 60f1ced23aSRaghavendra Rao Ananta 61f1ced23aSRaghavendra Rao Ananta Accepted values are: 62f1ced23aSRaghavendra Rao Ananta 63f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL: 64f1ced23aSRaghavendra Rao Ananta A workaround is not 65f1ced23aSRaghavendra Rao Ananta available. KVM does not offer firmware support for the workaround. 66f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_UNKNOWN: 67f1ced23aSRaghavendra Rao Ananta The workaround state is 68f1ced23aSRaghavendra Rao Ananta unknown. KVM does not offer firmware support for the workaround. 69f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL: 70f1ced23aSRaghavendra Rao Ananta The workaround is available, 71f1ced23aSRaghavendra Rao Ananta and can be disabled by a vCPU. If 72f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED is set, it is active for 73f1ced23aSRaghavendra Rao Ananta this vCPU. 74f1ced23aSRaghavendra Rao Ananta KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED: 75f1ced23aSRaghavendra Rao Ananta The workaround is always active on this vCPU or it is not needed. 76f1ced23aSRaghavendra Rao Ananta 77*fa246c68SRaghavendra Rao Ananta 78*fa246c68SRaghavendra Rao AnantaBitmap Feature Firmware Registers 79*fa246c68SRaghavendra Rao Ananta--------------------------------- 80*fa246c68SRaghavendra Rao Ananta 81*fa246c68SRaghavendra Rao AnantaContrary to the above registers, the following registers exposes the 82*fa246c68SRaghavendra Rao Anantahypercall services in the form of a feature-bitmap to the userspace. This 83*fa246c68SRaghavendra Rao Anantabitmap is translated to the services that are available to the guest. 84*fa246c68SRaghavendra Rao AnantaThere is a register defined per service call owner and can be accessed via 85*fa246c68SRaghavendra Rao AnantaGET/SET_ONE_REG interface. 86*fa246c68SRaghavendra Rao Ananta 87*fa246c68SRaghavendra Rao AnantaBy default, these registers are set with the upper limit of the features 88*fa246c68SRaghavendra Rao Anantathat are supported. This way userspace can discover all the usable 89*fa246c68SRaghavendra Rao Anantahypercall services via GET_ONE_REG. The user-space can write-back the 90*fa246c68SRaghavendra Rao Anantadesired bitmap back via SET_ONE_REG. The features for the registers that 91*fa246c68SRaghavendra Rao Anantaare untouched, probably because userspace isn't aware of them, will be 92*fa246c68SRaghavendra Rao Anantaexposed as is to the guest. 93*fa246c68SRaghavendra Rao Ananta 94*fa246c68SRaghavendra Rao AnantaNote that KVM will not allow the userspace to configure the registers 95*fa246c68SRaghavendra Rao Anantaanymore once any of the vCPUs has run at least once. Instead, it will 96*fa246c68SRaghavendra Rao Anantareturn a -EBUSY. 97*fa246c68SRaghavendra Rao Ananta 98*fa246c68SRaghavendra Rao AnantaThe pseudo-firmware bitmap register are as follows: 99*fa246c68SRaghavendra Rao Ananta 100*fa246c68SRaghavendra Rao Ananta* KVM_REG_ARM_STD_BMAP: 101*fa246c68SRaghavendra Rao Ananta Controls the bitmap of the ARM Standard Secure Service Calls. 102*fa246c68SRaghavendra Rao Ananta 103*fa246c68SRaghavendra Rao Ananta The following bits are accepted: 104*fa246c68SRaghavendra Rao Ananta 105*fa246c68SRaghavendra Rao Ananta Bit-0: KVM_REG_ARM_STD_BIT_TRNG_V1_0: 106*fa246c68SRaghavendra Rao Ananta The bit represents the services offered under v1.0 of ARM True Random 107*fa246c68SRaghavendra Rao Ananta Number Generator (TRNG) specification, ARM DEN0098. 108*fa246c68SRaghavendra Rao Ananta 109*fa246c68SRaghavendra Rao Ananta* KVM_REG_ARM_STD_HYP_BMAP: 110*fa246c68SRaghavendra Rao Ananta Controls the bitmap of the ARM Standard Hypervisor Service Calls. 111*fa246c68SRaghavendra Rao Ananta 112*fa246c68SRaghavendra Rao Ananta The following bits are accepted: 113*fa246c68SRaghavendra Rao Ananta 114*fa246c68SRaghavendra Rao Ananta Bit-0: KVM_REG_ARM_STD_HYP_BIT_PV_TIME: 115*fa246c68SRaghavendra Rao Ananta The bit represents the Paravirtualized Time service as represented by 116*fa246c68SRaghavendra Rao Ananta ARM DEN0057A. 117*fa246c68SRaghavendra Rao Ananta 118*fa246c68SRaghavendra Rao Ananta* KVM_REG_ARM_VENDOR_HYP_BMAP: 119*fa246c68SRaghavendra Rao Ananta Controls the bitmap of the Vendor specific Hypervisor Service Calls. 120*fa246c68SRaghavendra Rao Ananta 121*fa246c68SRaghavendra Rao Ananta The following bits are accepted: 122*fa246c68SRaghavendra Rao Ananta 123*fa246c68SRaghavendra Rao Ananta Bit-0: KVM_REG_ARM_VENDOR_HYP_BIT_FUNC_FEAT 124*fa246c68SRaghavendra Rao Ananta The bit represents the ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID 125*fa246c68SRaghavendra Rao Ananta and ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID function-ids. 126*fa246c68SRaghavendra Rao Ananta 127*fa246c68SRaghavendra Rao Ananta Bit-1: KVM_REG_ARM_VENDOR_HYP_BIT_PTP: 128*fa246c68SRaghavendra Rao Ananta The bit represents the Precision Time Protocol KVM service. 129*fa246c68SRaghavendra Rao Ananta 130*fa246c68SRaghavendra Rao AnantaErrors: 131*fa246c68SRaghavendra Rao Ananta 132*fa246c68SRaghavendra Rao Ananta ======= ============================================================= 133*fa246c68SRaghavendra Rao Ananta -ENOENT Unknown register accessed. 134*fa246c68SRaghavendra Rao Ananta -EBUSY Attempt a 'write' to the register after the VM has started. 135*fa246c68SRaghavendra Rao Ananta -EINVAL Invalid bitmap written to the register. 136*fa246c68SRaghavendra Rao Ananta ======= ============================================================= 137*fa246c68SRaghavendra Rao Ananta 138f1ced23aSRaghavendra Rao Ananta.. [1] https://developer.arm.com/-/media/developer/pdf/ARM_DEN_0070A_Firmware_interfaces_for_mitigating_CVE-2017-5715.pdf 139