ARM Hypercall Interface

KVM handles the hypercall services as requested by the guests. New hypercall services are regularly made available by the ARM specification or by KVM (as vendor services) if they make sense from a virtualization point of view.

This means that a guest booted on two different versions of KVM can observe two different “firmware” revisions. This could cause issues if a given guest is tied to a particular version of a hypercall service, or if a migration causes a different version to be exposed out of the blue to an unsuspecting guest.

In order to remedy this situation, KVM exposes a set of “firmware pseudo-registers” that can be manipulated using the GET/SET_ONE_REG interface. These registers can be saved/restored by userspace, and set to a convenient value as required.

The following registers are defined:

  • KVM_REG_ARM_PSCI_VERSION:

    KVM implements the PSCI (Power State Coordination Interface) specification in order to provide services such as CPU on/off, reset and power-off to the guest.

    • Only valid if the vcpu has the KVM_ARM_VCPU_PSCI_0_2 feature set (and thus has already been initialized)

    • Returns the current PSCI version on GET_ONE_REG (defaulting to the highest PSCI version implemented by KVM and compatible with v0.2)

    • Allows any PSCI version implemented by KVM and compatible with v0.2 to be set with SET_ONE_REG

    • Affects the whole VM (even if the register view is per-vcpu)

  • KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1:

    Holds the state of the firmware support to mitigate CVE-2017-5715, as offered by KVM to the guest via a HVC call. The workaround is described under SMCCC_ARCH_WORKAROUND_1 in [1].

    Accepted values are:

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL:

    KVM does not offer firmware support for the workaround. The mitigation status for the guest is unknown.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_AVAIL:

    The workaround HVC call is available to the guest and required for the mitigation.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_REQUIRED:

    The workaround HVC call is available to the guest, but it is not needed on this VCPU.

  • KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:

    Holds the state of the firmware support to mitigate CVE-2018-3639, as offered by KVM to the guest via a HVC call. The workaround is described under SMCCC_ARCH_WORKAROUND_2 in [1].

    Accepted values are:

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL:

    A workaround is not available. KVM does not offer firmware support for the workaround.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_UNKNOWN:

    The workaround state is unknown. KVM does not offer firmware support for the workaround.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL:

    The workaround is available, and can be disabled by a vCPU. If KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED is set, it is active for this vCPU.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED:

    The workaround is always active on this vCPU or it is not needed.

Bitmap Feature Firmware Registers

Contrary to the above registers, the following registers exposes the hypercall services in the form of a feature-bitmap to the userspace. This bitmap is translated to the services that are available to the guest. There is a register defined per service call owner and can be accessed via GET/SET_ONE_REG interface.

By default, these registers are set with the upper limit of the features that are supported. This way userspace can discover all the usable hypercall services via GET_ONE_REG. The user-space can write-back the desired bitmap back via SET_ONE_REG. The features for the registers that are untouched, probably because userspace isn’t aware of them, will be exposed as is to the guest.

Note that KVM will not allow the userspace to configure the registers anymore once any of the vCPUs has run at least once. Instead, it will return a -EBUSY.

The pseudo-firmware bitmap register are as follows:

  • KVM_REG_ARM_STD_BMAP:

    Controls the bitmap of the ARM Standard Secure Service Calls.

    The following bits are accepted:

    Bit-0: KVM_REG_ARM_STD_BIT_TRNG_V1_0:

    The bit represents the services offered under v1.0 of ARM True Random Number Generator (TRNG) specification, ARM DEN0098.

  • KVM_REG_ARM_STD_HYP_BMAP:

    Controls the bitmap of the ARM Standard Hypervisor Service Calls.

    The following bits are accepted:

    Bit-0: KVM_REG_ARM_STD_HYP_BIT_PV_TIME:

    The bit represents the Paravirtualized Time service as represented by ARM DEN0057A.

  • KVM_REG_ARM_VENDOR_HYP_BMAP:

    Controls the bitmap of the Vendor specific Hypervisor Service Calls.

    The following bits are accepted:

    Bit-0: KVM_REG_ARM_VENDOR_HYP_BIT_FUNC_FEAT

    The bit represents the ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID and ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID function-ids.

    Bit-1: KVM_REG_ARM_VENDOR_HYP_BIT_PTP:

    The bit represents the Precision Time Protocol KVM service.

Errors:

-ENOENT

Unknown register accessed.

-EBUSY

Attempt a ‘write’ to the register after the VM has started.

-EINVAL

Invalid bitmap written to the register.