ANDROID: pkvm: x86: Add pkvm guest share memory support
Since primary VM can't access memmory used by protected VM, the virtio backend in primary VM can't work. The protected VM explicitly share the memory which used by virtio device to primary VM, it makes virtio backend in primary VM work as normal. The explicit memory sharing is done through a guest hypercall in the protected VM. It reuses the framework of memory encryption, which forces the protected VM to use bounce buffer as DMA buffer, and forces such DMA buffer to be shared with primary VM. Also, this patch makes pkvm as a new cc_platform, which makes it integrited into the coco subsystem, and can easily to reuse the framework of memory encryption. TODO: this patch also make DMA buffer of a pass-thru device in protected VM be shared to primary VM, this shall be avoid. Bug: 395299836 Test: Boot, verify cpus are de-privileged and run a minimal protected vm. Change-Id: Id47c25dd2b958e3da7fdadb651bad40a91c19cb4 Signed-off-by:Shaoqin Huang <shaoqin.huang@intel.com> Reviewed-by:
Jason Chen CJ <jason.cj.chen@intel.com> Signed-off-by:
Vineeth Pillai <vineethrp@google.com>
Loading
Please sign in to comment