@@ -87,6 +87,13 @@ typedef u64 kvm_pte_t;
*/
#define KVM_INVALID_PTE_LOCKED BIT(10)
+/* This corresponds to page-table locking order */
+enum pkvm_component_id {
+ PKVM_ID_HOST,
+ PKVM_ID_HYP,
+ PKVM_ID_FFA,
+};
+
static inline bool kvm_pte_valid(kvm_pte_t pte)
{
return pte & KVM_PTE_VALID;
@@ -230,6 +237,25 @@ enum kvm_pgtable_prot {
KVM_PGTABLE_PROT_SW3 = BIT(58),
};
+/*
+ * SW bits 0-1 are reserved to track the memory ownership state of each page:
+ * 00: The page is owned exclusively by the page-table owner.
+ * 01: The page is owned by the page-table owner, but is shared
+ * with another entity.
+ * 10: The page is shared with, but not owned by the page-table owner.
+ * 11: Reserved for future use (lending).
+ */
+enum pkvm_page_state {
+ PKVM_PAGE_OWNED = 0ULL,
+ PKVM_PAGE_SHARED_OWNED = KVM_PGTABLE_PROT_SW0,
+ PKVM_PAGE_SHARED_BORROWED = KVM_PGTABLE_PROT_SW1,
+ __PKVM_PAGE_RESERVED = KVM_PGTABLE_PROT_SW0 |
+ KVM_PGTABLE_PROT_SW1,
+
+ /* Meta-states which aren't encoded directly in the PTE's SW bits */
+ PKVM_NOPAGE,
+};
+
#define KVM_PGTABLE_PROT_RW (KVM_PGTABLE_PROT_R | KVM_PGTABLE_PROT_W)
#define KVM_PGTABLE_PROT_RWX (KVM_PGTABLE_PROT_RW | KVM_PGTABLE_PROT_X)
@@ -14,25 +14,6 @@
#include <nvhe/pkvm.h>
#include <nvhe/spinlock.h>
-/*
- * SW bits 0-1 are reserved to track the memory ownership state of each page:
- * 00: The page is owned exclusively by the page-table owner.
- * 01: The page is owned by the page-table owner, but is shared
- * with another entity.
- * 10: The page is shared with, but not owned by the page-table owner.
- * 11: Reserved for future use (lending).
- */
-enum pkvm_page_state {
- PKVM_PAGE_OWNED = 0ULL,
- PKVM_PAGE_SHARED_OWNED = KVM_PGTABLE_PROT_SW0,
- PKVM_PAGE_SHARED_BORROWED = KVM_PGTABLE_PROT_SW1,
- __PKVM_PAGE_RESERVED = KVM_PGTABLE_PROT_SW0 |
- KVM_PGTABLE_PROT_SW1,
-
- /* Meta-states which aren't encoded directly in the PTE's SW bits */
- PKVM_NOPAGE,
-};
-
#define PKVM_PAGE_STATE_PROT_MASK (KVM_PGTABLE_PROT_SW0 | KVM_PGTABLE_PROT_SW1)
static inline enum kvm_pgtable_prot pkvm_mkstate(enum kvm_pgtable_prot prot,
enum pkvm_page_state state)
@@ -53,13 +34,6 @@ struct host_mmu {
};
extern struct host_mmu host_mmu;
-/* This corresponds to page-table locking order */
-enum pkvm_component_id {
- PKVM_ID_HOST,
- PKVM_ID_HYP,
- PKVM_ID_FFA,
-};
-
extern unsigned long hyp_nr_cpus;
int __pkvm_prot_finalize(void);
@@ -52,6 +52,11 @@ static bool is_fwb_enabled(const struct pg_state *m)
return fwb_enabled;
}
+static bool is_pkvm_enabled(const struct pg_state *m)
+{
+ return is_protected_kvm_enabled();
+}
+
static const struct prot_bits stage2_pte_bits[] = {
{
.mask = PTE_VALID,
@@ -113,22 +118,56 @@ static const struct prot_bits stage2_pte_bits[] = {
.val = PTE_S2_MEMATTR(MT_S2_FWB_NORMAL) | PTE_VALID,
.set = "MEM/NORMAL FWB",
.feature_on = is_fwb_enabled,
+ }, {
+ .mask = KVM_INVALID_PTE_OWNER_MASK | PTE_VALID,
+ .val = FIELD_PREP_CONST(KVM_INVALID_PTE_OWNER_MASK,
+ PKVM_ID_HYP),
+ .set = "HYP",
+ }, {
+ .mask = KVM_INVALID_PTE_OWNER_MASK | PTE_VALID,
+ .val = FIELD_PREP_CONST(KVM_INVALID_PTE_OWNER_MASK,
+ PKVM_ID_FFA),
+ .set = "FF-A",
+ }, {
+ .mask = __PKVM_PAGE_RESERVED | PTE_VALID,
+ .val = PKVM_PAGE_OWNED | PTE_VALID,
+ .set = "PKVM_PAGE_OWNED",
+ .feature_on = is_pkvm_enabled,
+ }, {
+ .mask = __PKVM_PAGE_RESERVED | PTE_VALID,
+ .val = PKVM_PAGE_SHARED_OWNED | PTE_VALID,
+ .set = "PKVM_PAGE_SHARED_OWNED",
+ .feature_on = is_pkvm_enabled,
+ }, {
+ .mask = __PKVM_PAGE_RESERVED | PTE_VALID,
+ .val = PKVM_PAGE_SHARED_BORROWED | PTE_VALID,
+ .set = "PKVM_PAGE_SHARED_BORROWED",
+ .feature_on = is_pkvm_enabled,
+ }, {
+ .mask = PKVM_NOPAGE | PTE_VALID,
+ .val = PKVM_NOPAGE,
+ .set = "PKVM_NOPAGE",
+ .feature_on = is_pkvm_enabled,
}, {
.mask = KVM_PGTABLE_PROT_SW0,
.val = KVM_PGTABLE_PROT_SW0,
- .set = "SW0", /* PKVM_PAGE_SHARED_OWNED */
+ .set = "SW0",
+ .feature_off = is_pkvm_enabled,
}, {
- .mask = KVM_PGTABLE_PROT_SW1,
+ .mask = KVM_PGTABLE_PROT_SW1,
.val = KVM_PGTABLE_PROT_SW1,
- .set = "SW1", /* PKVM_PAGE_SHARED_BORROWED */
+ .set = "SW1",
+ .feature_off = is_pkvm_enabled,
}, {
- .mask = KVM_PGTABLE_PROT_SW2,
+ .mask = KVM_PGTABLE_PROT_SW2,
.val = KVM_PGTABLE_PROT_SW2,
.set = "SW2",
+ .feature_off = is_pkvm_enabled,
}, {
.mask = KVM_PGTABLE_PROT_SW3,
.val = KVM_PGTABLE_PROT_SW3,
.set = "SW3",
+ .feature_off = is_pkvm_enabled,
},
};