mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1117 lines
34 KiB
1117 lines
34 KiB
.. SPDX-License-Identifier: GPL-2.0 |
|
.. _ultravisor: |
|
|
|
============================ |
|
Protected Execution Facility |
|
============================ |
|
|
|
.. contents:: |
|
:depth: 3 |
|
|
|
Introduction |
|
############ |
|
|
|
Protected Execution Facility (PEF) is an architectural change for |
|
POWER 9 that enables Secure Virtual Machines (SVMs). DD2.3 chips |
|
(PVR=0x004e1203) or greater will be PEF-capable. A new ISA release |
|
will include the PEF RFC02487 changes. |
|
|
|
When enabled, PEF adds a new higher privileged mode, called Ultravisor |
|
mode, to POWER architecture. Along with the new mode there is new |
|
firmware called the Protected Execution Ultravisor (or Ultravisor |
|
for short). Ultravisor mode is the highest privileged mode in POWER |
|
architecture. |
|
|
|
+------------------+ |
|
| Privilege States | |
|
+==================+ |
|
| Problem | |
|
+------------------+ |
|
| Supervisor | |
|
+------------------+ |
|
| Hypervisor | |
|
+------------------+ |
|
| Ultravisor | |
|
+------------------+ |
|
|
|
PEF protects SVMs from the hypervisor, privileged users, and other |
|
VMs in the system. SVMs are protected while at rest and can only be |
|
executed by an authorized machine. All virtual machines utilize |
|
hypervisor services. The Ultravisor filters calls between the SVMs |
|
and the hypervisor to assure that information does not accidentally |
|
leak. All hypercalls except H_RANDOM are reflected to the hypervisor. |
|
H_RANDOM is not reflected to prevent the hypervisor from influencing |
|
random values in the SVM. |
|
|
|
To support this there is a refactoring of the ownership of resources |
|
in the CPU. Some of the resources which were previously hypervisor |
|
privileged are now ultravisor privileged. |
|
|
|
Hardware |
|
======== |
|
|
|
The hardware changes include the following: |
|
|
|
* There is a new bit in the MSR that determines whether the current |
|
process is running in secure mode, MSR(S) bit 41. MSR(S)=1, process |
|
is in secure mode, MSR(s)=0 process is in normal mode. |
|
|
|
* The MSR(S) bit can only be set by the Ultravisor. |
|
|
|
* HRFID cannot be used to set the MSR(S) bit. If the hypervisor needs |
|
to return to a SVM it must use an ultracall. It can determine if |
|
the VM it is returning to is secure. |
|
|
|
* There is a new Ultravisor privileged register, SMFCTRL, which has an |
|
enable/disable bit SMFCTRL(E). |
|
|
|
* The privilege of a process is now determined by three MSR bits, |
|
MSR(S, HV, PR). In each of the tables below the modes are listed |
|
from least privilege to highest privilege. The higher privilege |
|
modes can access all the resources of the lower privilege modes. |
|
|
|
**Secure Mode MSR Settings** |
|
|
|
+---+---+---+---------------+ |
|
| S | HV| PR|Privilege | |
|
+===+===+===+===============+ |
|
| 1 | 0 | 1 | Problem | |
|
+---+---+---+---------------+ |
|
| 1 | 0 | 0 | Privileged(OS)| |
|
+---+---+---+---------------+ |
|
| 1 | 1 | 0 | Ultravisor | |
|
+---+---+---+---------------+ |
|
| 1 | 1 | 1 | Reserved | |
|
+---+---+---+---------------+ |
|
|
|
**Normal Mode MSR Settings** |
|
|
|
+---+---+---+---------------+ |
|
| S | HV| PR|Privilege | |
|
+===+===+===+===============+ |
|
| 0 | 0 | 1 | Problem | |
|
+---+---+---+---------------+ |
|
| 0 | 0 | 0 | Privileged(OS)| |
|
+---+---+---+---------------+ |
|
| 0 | 1 | 0 | Hypervisor | |
|
+---+---+---+---------------+ |
|
| 0 | 1 | 1 | Problem (Host)| |
|
+---+---+---+---------------+ |
|
|
|
* Memory is partitioned into secure and normal memory. Only processes |
|
that are running in secure mode can access secure memory. |
|
|
|
* The hardware does not allow anything that is not running secure to |
|
access secure memory. This means that the Hypervisor cannot access |
|
the memory of the SVM without using an ultracall (asking the |
|
Ultravisor). The Ultravisor will only allow the hypervisor to see |
|
the SVM memory encrypted. |
|
|
|
* I/O systems are not allowed to directly address secure memory. This |
|
limits the SVMs to virtual I/O only. |
|
|
|
* The architecture allows the SVM to share pages of memory with the |
|
hypervisor that are not protected with encryption. However, this |
|
sharing must be initiated by the SVM. |
|
|
|
* When a process is running in secure mode all hypercalls |
|
(syscall lev=1) go to the Ultravisor. |
|
|
|
* When a process is in secure mode all interrupts go to the |
|
Ultravisor. |
|
|
|
* The following resources have become Ultravisor privileged and |
|
require an Ultravisor interface to manipulate: |
|
|
|
* Processor configurations registers (SCOMs). |
|
|
|
* Stop state information. |
|
|
|
* The debug registers CIABR, DAWR, and DAWRX when SMFCTRL(D) is set. |
|
If SMFCTRL(D) is not set they do not work in secure mode. When set, |
|
reading and writing requires an Ultravisor call, otherwise that |
|
will cause a Hypervisor Emulation Assistance interrupt. |
|
|
|
* PTCR and partition table entries (partition table is in secure |
|
memory). An attempt to write to PTCR will cause a Hypervisor |
|
Emulation Assitance interrupt. |
|
|
|
* LDBAR (LD Base Address Register) and IMC (In-Memory Collection) |
|
non-architected registers. An attempt to write to them will cause a |
|
Hypervisor Emulation Assistance interrupt. |
|
|
|
* Paging for an SVM, sharing of memory with Hypervisor for an SVM. |
|
(Including Virtual Processor Area (VPA) and virtual I/O). |
|
|
|
|
|
Software/Microcode |
|
================== |
|
|
|
The software changes include: |
|
|
|
* SVMs are created from normal VM using (open source) tooling supplied |
|
by IBM. |
|
|
|
* All SVMs start as normal VMs and utilize an ultracall, UV_ESM |
|
(Enter Secure Mode), to make the transition. |
|
|
|
* When the UV_ESM ultracall is made the Ultravisor copies the VM into |
|
secure memory, decrypts the verification information, and checks the |
|
integrity of the SVM. If the integrity check passes the Ultravisor |
|
passes control in secure mode. |
|
|
|
* The verification information includes the pass phrase for the |
|
encrypted disk associated with the SVM. This pass phrase is given |
|
to the SVM when requested. |
|
|
|
* The Ultravisor is not involved in protecting the encrypted disk of |
|
the SVM while at rest. |
|
|
|
* For external interrupts the Ultravisor saves the state of the SVM, |
|
and reflects the interrupt to the hypervisor for processing. |
|
For hypercalls, the Ultravisor inserts neutral state into all |
|
registers not needed for the hypercall then reflects the call to |
|
the hypervisor for processing. The H_RANDOM hypercall is performed |
|
by the Ultravisor and not reflected. |
|
|
|
* For virtual I/O to work bounce buffering must be done. |
|
|
|
* The Ultravisor uses AES (IAPM) for protection of SVM memory. IAPM |
|
is a mode of AES that provides integrity and secrecy concurrently. |
|
|
|
* The movement of data between normal and secure pages is coordinated |
|
with the Ultravisor by a new HMM plug-in in the Hypervisor. |
|
|
|
The Ultravisor offers new services to the hypervisor and SVMs. These |
|
are accessed through ultracalls. |
|
|
|
Terminology |
|
=========== |
|
|
|
* Hypercalls: special system calls used to request services from |
|
Hypervisor. |
|
|
|
* Normal memory: Memory that is accessible to Hypervisor. |
|
|
|
* Normal page: Page backed by normal memory and available to |
|
Hypervisor. |
|
|
|
* Shared page: A page backed by normal memory and available to both |
|
the Hypervisor/QEMU and the SVM (i.e page has mappings in SVM and |
|
Hypervisor/QEMU). |
|
|
|
* Secure memory: Memory that is accessible only to Ultravisor and |
|
SVMs. |
|
|
|
* Secure page: Page backed by secure memory and only available to |
|
Ultravisor and SVM. |
|
|
|
* SVM: Secure Virtual Machine. |
|
|
|
* Ultracalls: special system calls used to request services from |
|
Ultravisor. |
|
|
|
|
|
Ultravisor calls API |
|
#################### |
|
|
|
This section describes Ultravisor calls (ultracalls) needed to |
|
support Secure Virtual Machines (SVM)s and Paravirtualized KVM. The |
|
ultracalls allow the SVMs and Hypervisor to request services from the |
|
Ultravisor such as accessing a register or memory region that can only |
|
be accessed when running in Ultravisor-privileged mode. |
|
|
|
The specific service needed from an ultracall is specified in register |
|
R3 (the first parameter to the ultracall). Other parameters to the |
|
ultracall, if any, are specified in registers R4 through R12. |
|
|
|
Return value of all ultracalls is in register R3. Other output values |
|
from the ultracall, if any, are returned in registers R4 through R12. |
|
The only exception to this register usage is the ``UV_RETURN`` |
|
ultracall described below. |
|
|
|
Each ultracall returns specific error codes, applicable in the context |
|
of the ultracall. However, like with the PowerPC Architecture Platform |
|
Reference (PAPR), if no specific error code is defined for a |
|
particular situation, then the ultracall will fallback to an erroneous |
|
parameter-position based code. i.e U_PARAMETER, U_P2, U_P3 etc |
|
depending on the ultracall parameter that may have caused the error. |
|
|
|
Some ultracalls involve transferring a page of data between Ultravisor |
|
and Hypervisor. Secure pages that are transferred from secure memory |
|
to normal memory may be encrypted using dynamically generated keys. |
|
When the secure pages are transferred back to secure memory, they may |
|
be decrypted using the same dynamically generated keys. Generation and |
|
management of these keys will be covered in a separate document. |
|
|
|
For now this only covers ultracalls currently implemented and being |
|
used by Hypervisor and SVMs but others can be added here when it |
|
makes sense. |
|
|
|
The full specification for all hypercalls/ultracalls will eventually |
|
be made available in the public/OpenPower version of the PAPR |
|
specification. |
|
|
|
.. note:: |
|
|
|
If PEF is not enabled, the ultracalls will be redirected to the |
|
Hypervisor which must handle/fail the calls. |
|
|
|
Ultracalls used by Hypervisor |
|
============================= |
|
|
|
This section describes the virtual memory management ultracalls used |
|
by the Hypervisor to manage SVMs. |
|
|
|
UV_PAGE_OUT |
|
----------- |
|
|
|
Encrypt and move the contents of a page from secure memory to normal |
|
memory. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_PAGE_OUT, |
|
uint16_t lpid, /* LPAR ID */ |
|
uint64_t dest_ra, /* real address of destination page */ |
|
uint64_t src_gpa, /* source guest-physical-address */ |
|
uint8_t flags, /* flags */ |
|
uint64_t order) /* page size order */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_P2 if ``dest_ra`` is invalid. |
|
* U_P3 if the ``src_gpa`` address is invalid. |
|
* U_P4 if any bit in the ``flags`` is unrecognized |
|
* U_P5 if the ``order`` parameter is unsupported. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_BUSY if page cannot be currently paged-out. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Encrypt the contents of a secure-page and make it available to |
|
Hypervisor in a normal page. |
|
|
|
By default, the source page is unmapped from the SVM's partition- |
|
scoped page table. But the Hypervisor can provide a hint to the |
|
Ultravisor to retain the page mapping by setting the ``UV_SNAPSHOT`` |
|
flag in ``flags`` parameter. |
|
|
|
If the source page is already a shared page the call returns |
|
U_SUCCESS, without doing anything. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. QEMU attempts to access an address belonging to the SVM but the |
|
page frame for that address is not mapped into QEMU's address |
|
space. In this case, the Hypervisor will allocate a page frame, |
|
map it into QEMU's address space and issue the ``UV_PAGE_OUT`` |
|
call to retrieve the encrypted contents of the page. |
|
|
|
#. When Ultravisor runs low on secure memory and it needs to page-out |
|
an LRU page. In this case, Ultravisor will issue the |
|
``H_SVM_PAGE_OUT`` hypercall to the Hypervisor. The Hypervisor will |
|
then allocate a normal page and issue the ``UV_PAGE_OUT`` ultracall |
|
and the Ultravisor will encrypt and move the contents of the secure |
|
page into the normal page. |
|
|
|
#. When Hypervisor accesses SVM data, the Hypervisor requests the |
|
Ultravisor to transfer the corresponding page into a insecure page, |
|
which the Hypervisor can access. The data in the normal page will |
|
be encrypted though. |
|
|
|
UV_PAGE_IN |
|
---------- |
|
|
|
Move the contents of a page from normal memory to secure memory. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_PAGE_IN, |
|
uint16_t lpid, /* the LPAR ID */ |
|
uint64_t src_ra, /* source real address of page */ |
|
uint64_t dest_gpa, /* destination guest physical address */ |
|
uint64_t flags, /* flags */ |
|
uint64_t order) /* page size order */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_BUSY if page cannot be currently paged-in. |
|
* U_FUNCTION if functionality is not supported |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_P2 if ``src_ra`` is invalid. |
|
* U_P3 if the ``dest_gpa`` address is invalid. |
|
* U_P4 if any bit in the ``flags`` is unrecognized |
|
* U_P5 if the ``order`` parameter is unsupported. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Move the contents of the page identified by ``src_ra`` from normal |
|
memory to secure memory and map it to the guest physical address |
|
``dest_gpa``. |
|
|
|
If `dest_gpa` refers to a shared address, map the page into the |
|
partition-scoped page-table of the SVM. If `dest_gpa` is not shared, |
|
copy the contents of the page into the corresponding secure page. |
|
Depending on the context, decrypt the page before being copied. |
|
|
|
The caller provides the attributes of the page through the ``flags`` |
|
parameter. Valid values for ``flags`` are: |
|
|
|
* CACHE_INHIBITED |
|
* CACHE_ENABLED |
|
* WRITE_PROTECTION |
|
|
|
The Hypervisor must pin the page in memory before making |
|
``UV_PAGE_IN`` ultracall. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. When a normal VM switches to secure mode, all its pages residing |
|
in normal memory, are moved into secure memory. |
|
|
|
#. When an SVM requests to share a page with Hypervisor the Hypervisor |
|
allocates a page and informs the Ultravisor. |
|
|
|
#. When an SVM accesses a secure page that has been paged-out, |
|
Ultravisor invokes the Hypervisor to locate the page. After |
|
locating the page, the Hypervisor uses UV_PAGE_IN to make the |
|
page available to Ultravisor. |
|
|
|
UV_PAGE_INVAL |
|
------------- |
|
|
|
Invalidate the Ultravisor mapping of a page. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_PAGE_INVAL, |
|
uint16_t lpid, /* the LPAR ID */ |
|
uint64_t guest_pa, /* destination guest-physical-address */ |
|
uint64_t order) /* page size order */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_P2 if ``guest_pa`` is invalid (or corresponds to a secure |
|
page mapping). |
|
* U_P3 if the ``order`` is invalid. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_BUSY if page cannot be currently invalidated. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
This ultracall informs Ultravisor that the page mapping in Hypervisor |
|
corresponding to the given guest physical address has been invalidated |
|
and that the Ultravisor should not access the page. If the specified |
|
``guest_pa`` corresponds to a secure page, Ultravisor will ignore the |
|
attempt to invalidate the page and return U_P2. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. When a shared page is unmapped from the QEMU's page table, possibly |
|
because it is paged-out to disk, Ultravisor needs to know that the |
|
page should not be accessed from its side too. |
|
|
|
|
|
UV_WRITE_PATE |
|
------------- |
|
|
|
Validate and write the partition table entry (PATE) for a given |
|
partition. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_WRITE_PATE, |
|
uint32_t lpid, /* the LPAR ID */ |
|
uint64_t dw0 /* the first double word to write */ |
|
uint64_t dw1) /* the second double word to write */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_BUSY if PATE cannot be currently written to. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_P2 if ``dw0`` is invalid. |
|
* U_P3 if the ``dw1`` address is invalid. |
|
* U_PERMISSION if the Hypervisor is attempting to change the PATE |
|
of a secure virtual machine or if called from a |
|
context other than Hypervisor. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Validate and write a LPID and its partition-table-entry for the given |
|
LPID. If the LPID is already allocated and initialized, this call |
|
results in changing the partition table entry. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. The Partition table resides in Secure memory and its entries, |
|
called PATE (Partition Table Entries), point to the partition- |
|
scoped page tables for the Hypervisor as well as each of the |
|
virtual machines (both secure and normal). The Hypervisor |
|
operates in partition 0 and its partition-scoped page tables |
|
reside in normal memory. |
|
|
|
#. This ultracall allows the Hypervisor to register the partition- |
|
scoped and process-scoped page table entries for the Hypervisor |
|
and other partitions (virtual machines) with the Ultravisor. |
|
|
|
#. If the value of the PATE for an existing partition (VM) changes, |
|
the TLB cache for the partition is flushed. |
|
|
|
#. The Hypervisor is responsible for allocating LPID. The LPID and |
|
its PATE entry are registered together. The Hypervisor manages |
|
the PATE entries for a normal VM and can change the PATE entry |
|
anytime. Ultravisor manages the PATE entries for an SVM and |
|
Hypervisor is not allowed to modify them. |
|
|
|
UV_RETURN |
|
--------- |
|
|
|
Return control from the Hypervisor back to the Ultravisor after |
|
processing an hypercall or interrupt that was forwarded (aka |
|
*reflected*) to the Hypervisor. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_RETURN) |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
This call never returns to Hypervisor on success. It returns |
|
U_INVALID if ultracall is not made from a Hypervisor context. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
When an SVM makes an hypercall or incurs some other exception, the |
|
Ultravisor usually forwards (aka *reflects*) the exceptions to the |
|
Hypervisor. After processing the exception, Hypervisor uses the |
|
``UV_RETURN`` ultracall to return control back to the SVM. |
|
|
|
The expected register state on entry to this ultracall is: |
|
|
|
* Non-volatile registers are restored to their original values. |
|
* If returning from an hypercall, register R0 contains the return |
|
value (**unlike other ultracalls**) and, registers R4 through R12 |
|
contain any output values of the hypercall. |
|
* R3 contains the ultracall number, i.e UV_RETURN. |
|
* If returning with a synthesized interrupt, R2 contains the |
|
synthesized interrupt number. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. Ultravisor relies on the Hypervisor to provide several services to |
|
the SVM such as processing hypercall and other exceptions. After |
|
processing the exception, Hypervisor uses UV_RETURN to return |
|
control back to the Ultravisor. |
|
|
|
#. Hypervisor has to use this ultracall to return control to the SVM. |
|
|
|
|
|
UV_REGISTER_MEM_SLOT |
|
-------------------- |
|
|
|
Register an SVM address-range with specified properties. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_REGISTER_MEM_SLOT, |
|
uint64_t lpid, /* LPAR ID of the SVM */ |
|
uint64_t start_gpa, /* start guest physical address */ |
|
uint64_t size, /* size of address range in bytes */ |
|
uint64_t flags /* reserved for future expansion */ |
|
uint16_t slotid) /* slot identifier */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_P2 if ``start_gpa`` is invalid. |
|
* U_P3 if ``size`` is invalid. |
|
* U_P4 if any bit in the ``flags`` is unrecognized. |
|
* U_P5 if the ``slotid`` parameter is unsupported. |
|
* U_PERMISSION if called from context other than Hypervisor. |
|
* U_FUNCTION if functionality is not supported. |
|
|
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Register a memory range for an SVM. The memory range starts at the |
|
guest physical address ``start_gpa`` and is ``size`` bytes long. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
|
|
#. When a virtual machine goes secure, all the memory slots managed by |
|
the Hypervisor move into secure memory. The Hypervisor iterates |
|
through each of memory slots, and registers the slot with |
|
Ultravisor. Hypervisor may discard some slots such as those used |
|
for firmware (SLOF). |
|
|
|
#. When new memory is hot-plugged, a new memory slot gets registered. |
|
|
|
|
|
UV_UNREGISTER_MEM_SLOT |
|
---------------------- |
|
|
|
Unregister an SVM address-range that was previously registered using |
|
UV_REGISTER_MEM_SLOT. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_UNREGISTER_MEM_SLOT, |
|
uint64_t lpid, /* LPAR ID of the SVM */ |
|
uint64_t slotid) /* reservation slotid */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_P2 if ``slotid`` is invalid. |
|
* U_PERMISSION if called from context other than Hypervisor. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Release the memory slot identified by ``slotid`` and free any |
|
resources allocated towards the reservation. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. Memory hot-remove. |
|
|
|
|
|
UV_SVM_TERMINATE |
|
---------------- |
|
|
|
Terminate an SVM and release its resources. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_SVM_TERMINATE, |
|
uint64_t lpid, /* LPAR ID of the SVM */) |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_PARAMETER if ``lpid`` is invalid. |
|
* U_INVALID if VM is not secure. |
|
* U_PERMISSION if not called from a Hypervisor context. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Terminate an SVM and release all its resources. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. Called by Hypervisor when terminating an SVM. |
|
|
|
|
|
Ultracalls used by SVM |
|
====================== |
|
|
|
UV_SHARE_PAGE |
|
------------- |
|
|
|
Share a set of guest physical pages with the Hypervisor. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_SHARE_PAGE, |
|
uint64_t gfn, /* guest page frame number */ |
|
uint64_t num) /* number of pages of size PAGE_SIZE */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_INVALID if the VM is not secure. |
|
* U_PARAMETER if ``gfn`` is invalid. |
|
* U_P2 if ``num`` is invalid. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Share the ``num`` pages starting at guest physical frame number ``gfn`` |
|
with the Hypervisor. Assume page size is PAGE_SIZE bytes. Zero the |
|
pages before returning. |
|
|
|
If the address is already backed by a secure page, unmap the page and |
|
back it with an insecure page, with the help of the Hypervisor. If it |
|
is not backed by any page yet, mark the PTE as insecure and back it |
|
with an insecure page when the address is accessed. If it is already |
|
backed by an insecure page, zero the page and return. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. The Hypervisor cannot access the SVM pages since they are backed by |
|
secure pages. Hence an SVM must explicitly request Ultravisor for |
|
pages it can share with Hypervisor. |
|
|
|
#. Shared pages are needed to support virtio and Virtual Processor Area |
|
(VPA) in SVMs. |
|
|
|
|
|
UV_UNSHARE_PAGE |
|
--------------- |
|
|
|
Restore a shared SVM page to its initial state. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_UNSHARE_PAGE, |
|
uint64_t gfn, /* guest page frame number */ |
|
uint73 num) /* number of pages of size PAGE_SIZE*/ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_INVALID if VM is not secure. |
|
* U_PARAMETER if ``gfn`` is invalid. |
|
* U_P2 if ``num`` is invalid. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Stop sharing ``num`` pages starting at ``gfn`` with the Hypervisor. |
|
Assume that the page size is PAGE_SIZE. Zero the pages before |
|
returning. |
|
|
|
If the address is already backed by an insecure page, unmap the page |
|
and back it with a secure page. Inform the Hypervisor to release |
|
reference to its shared page. If the address is not backed by a page |
|
yet, mark the PTE as secure and back it with a secure page when that |
|
address is accessed. If it is already backed by an secure page zero |
|
the page and return. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. The SVM may decide to unshare a page from the Hypervisor. |
|
|
|
|
|
UV_UNSHARE_ALL_PAGES |
|
-------------------- |
|
|
|
Unshare all pages the SVM has shared with Hypervisor. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_UNSHARE_ALL_PAGES) |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success. |
|
* U_FUNCTION if functionality is not supported. |
|
* U_INVAL if VM is not secure. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Unshare all shared pages from the Hypervisor. All unshared pages are |
|
zeroed on return. Only pages explicitly shared by the SVM with the |
|
Hypervisor (using UV_SHARE_PAGE ultracall) are unshared. Ultravisor |
|
may internally share some pages with the Hypervisor without explicit |
|
request from the SVM. These pages will not be unshared by this |
|
ultracall. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. This call is needed when ``kexec`` is used to boot a different |
|
kernel. It may also be needed during SVM reset. |
|
|
|
UV_ESM |
|
------ |
|
|
|
Secure the virtual machine (*enter secure mode*). |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t ultracall(const uint64_t UV_ESM, |
|
uint64_t esm_blob_addr, /* location of the ESM blob */ |
|
unint64_t fdt) /* Flattened device tree */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* U_SUCCESS on success (including if VM is already secure). |
|
* U_FUNCTION if functionality is not supported. |
|
* U_INVALID if VM is not secure. |
|
* U_PARAMETER if ``esm_blob_addr`` is invalid. |
|
* U_P2 if ``fdt`` is invalid. |
|
* U_PERMISSION if any integrity checks fail. |
|
* U_RETRY insufficient memory to create SVM. |
|
* U_NO_KEY symmetric key unavailable. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Secure the virtual machine. On successful completion, return |
|
control to the virtual machine at the address specified in the |
|
ESM blob. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. A normal virtual machine can choose to switch to a secure mode. |
|
|
|
Hypervisor Calls API |
|
#################### |
|
|
|
This document describes the Hypervisor calls (hypercalls) that are |
|
needed to support the Ultravisor. Hypercalls are services provided by |
|
the Hypervisor to virtual machines and Ultravisor. |
|
|
|
Register usage for these hypercalls is identical to that of the other |
|
hypercalls defined in the Power Architecture Platform Reference (PAPR) |
|
document. i.e on input, register R3 identifies the specific service |
|
that is being requested and registers R4 through R11 contain |
|
additional parameters to the hypercall, if any. On output, register |
|
R3 contains the return value and registers R4 through R9 contain any |
|
other output values from the hypercall. |
|
|
|
This document only covers hypercalls currently implemented/planned |
|
for Ultravisor usage but others can be added here when it makes sense. |
|
|
|
The full specification for all hypercalls/ultracalls will eventually |
|
be made available in the public/OpenPower version of the PAPR |
|
specification. |
|
|
|
Hypervisor calls to support Ultravisor |
|
====================================== |
|
|
|
Following are the set of hypercalls needed to support Ultravisor. |
|
|
|
H_SVM_INIT_START |
|
---------------- |
|
|
|
Begin the process of converting a normal virtual machine into an SVM. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t hypercall(const uint64_t H_SVM_INIT_START) |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* H_SUCCESS on success. |
|
* H_STATE if the VM is not in a position to switch to secure. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Initiate the process of securing a virtual machine. This involves |
|
coordinating with the Ultravisor, using ultracalls, to allocate |
|
resources in the Ultravisor for the new SVM, transferring the VM's |
|
pages from normal to secure memory etc. When the process is |
|
completed, Ultravisor issues the H_SVM_INIT_DONE hypercall. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. Ultravisor uses this hypercall to inform Hypervisor that a VM |
|
has initiated the process of switching to secure mode. |
|
|
|
|
|
H_SVM_INIT_DONE |
|
--------------- |
|
|
|
Complete the process of securing an SVM. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t hypercall(const uint64_t H_SVM_INIT_DONE) |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* H_SUCCESS on success. |
|
* H_UNSUPPORTED if called from the wrong context (e.g. |
|
from an SVM or before an H_SVM_INIT_START |
|
hypercall). |
|
* H_STATE if the hypervisor could not successfully |
|
transition the VM to Secure VM. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Complete the process of securing a virtual machine. This call must |
|
be made after a prior call to ``H_SVM_INIT_START`` hypercall. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
On successfully securing a virtual machine, the Ultravisor informs |
|
Hypervisor about it. Hypervisor can use this call to finish setting |
|
up its internal state for this virtual machine. |
|
|
|
|
|
H_SVM_INIT_ABORT |
|
---------------- |
|
|
|
Abort the process of securing an SVM. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t hypercall(const uint64_t H_SVM_INIT_ABORT) |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* H_PARAMETER on successfully cleaning up the state, |
|
Hypervisor will return this value to the |
|
**guest**, to indicate that the underlying |
|
UV_ESM ultracall failed. |
|
|
|
* H_STATE if called after a VM has gone secure (i.e |
|
H_SVM_INIT_DONE hypercall was successful). |
|
|
|
* H_UNSUPPORTED if called from a wrong context (e.g. from a |
|
normal VM). |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Abort the process of securing a virtual machine. This call must |
|
be made after a prior call to ``H_SVM_INIT_START`` hypercall and |
|
before a call to ``H_SVM_INIT_DONE``. |
|
|
|
On entry into this hypercall the non-volatile GPRs and FPRs are |
|
expected to contain the values they had at the time the VM issued |
|
the UV_ESM ultracall. Further ``SRR0`` is expected to contain the |
|
address of the instruction after the ``UV_ESM`` ultracall and ``SRR1`` |
|
the MSR value with which to return to the VM. |
|
|
|
This hypercall will cleanup any partial state that was established for |
|
the VM since the prior ``H_SVM_INIT_START`` hypercall, including paging |
|
out pages that were paged-into secure memory, and issue the |
|
``UV_SVM_TERMINATE`` ultracall to terminate the VM. |
|
|
|
After the partial state is cleaned up, control returns to the VM |
|
(**not Ultravisor**), at the address specified in ``SRR0`` with the |
|
MSR values set to the value in ``SRR1``. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
If after a successful call to ``H_SVM_INIT_START``, the Ultravisor |
|
encounters an error while securing a virtual machine, either due |
|
to lack of resources or because the VM's security information could |
|
not be validated, Ultravisor informs the Hypervisor about it. |
|
Hypervisor should use this call to clean up any internal state for |
|
this virtual machine and return to the VM. |
|
|
|
H_SVM_PAGE_IN |
|
------------- |
|
|
|
Move the contents of a page from normal memory to secure memory. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t hypercall(const uint64_t H_SVM_PAGE_IN, |
|
uint64_t guest_pa, /* guest-physical-address */ |
|
uint64_t flags, /* flags */ |
|
uint64_t order) /* page size order */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* H_SUCCESS on success. |
|
* H_PARAMETER if ``guest_pa`` is invalid. |
|
* H_P2 if ``flags`` is invalid. |
|
* H_P3 if ``order`` of page is invalid. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Retrieve the content of the page, belonging to the VM at the specified |
|
guest physical address. |
|
|
|
Only valid value(s) in ``flags`` are: |
|
|
|
* H_PAGE_IN_SHARED which indicates that the page is to be shared |
|
with the Ultravisor. |
|
|
|
* H_PAGE_IN_NONSHARED indicates that the UV is not anymore |
|
interested in the page. Applicable if the page is a shared page. |
|
|
|
The ``order`` parameter must correspond to the configured page size. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. When a normal VM becomes a secure VM (using the UV_ESM ultracall), |
|
the Ultravisor uses this hypercall to move contents of each page of |
|
the VM from normal memory to secure memory. |
|
|
|
#. Ultravisor uses this hypercall to ask Hypervisor to provide a page |
|
in normal memory that can be shared between the SVM and Hypervisor. |
|
|
|
#. Ultravisor uses this hypercall to page-in a paged-out page. This |
|
can happen when the SVM touches a paged-out page. |
|
|
|
#. If SVM wants to disable sharing of pages with Hypervisor, it can |
|
inform Ultravisor to do so. Ultravisor will then use this hypercall |
|
and inform Hypervisor that it has released access to the normal |
|
page. |
|
|
|
H_SVM_PAGE_OUT |
|
--------------- |
|
|
|
Move the contents of the page to normal memory. |
|
|
|
Syntax |
|
~~~~~~ |
|
|
|
.. code-block:: c |
|
|
|
uint64_t hypercall(const uint64_t H_SVM_PAGE_OUT, |
|
uint64_t guest_pa, /* guest-physical-address */ |
|
uint64_t flags, /* flags (currently none) */ |
|
uint64_t order) /* page size order */ |
|
|
|
Return values |
|
~~~~~~~~~~~~~ |
|
|
|
One of the following values: |
|
|
|
* H_SUCCESS on success. |
|
* H_PARAMETER if ``guest_pa`` is invalid. |
|
* H_P2 if ``flags`` is invalid. |
|
* H_P3 if ``order`` is invalid. |
|
|
|
Description |
|
~~~~~~~~~~~ |
|
|
|
Move the contents of the page identified by ``guest_pa`` to normal |
|
memory. |
|
|
|
Currently ``flags`` is unused and must be set to 0. The ``order`` |
|
parameter must correspond to the configured page size. |
|
|
|
Use cases |
|
~~~~~~~~~ |
|
|
|
#. If Ultravisor is running low on secure pages, it can move the |
|
contents of some secure pages, into normal pages using this |
|
hypercall. The content will be encrypted. |
|
|
|
References |
|
########## |
|
|
|
- `Supporting Protected Computing on IBM Power Architecture <https://developer.ibm.com/articles/l-support-protected-computing/>`_
|
|
|