Implement support for HVF Nested Virtualization #288
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
slp
commented
Mar 26, 2025
slp
commented
|
This depends on #280, creating this as a draft until it's merged. |
PSCI supports both hvc and smc as conduits. So far, we were only supporting the first. Add support for the latter too. Signed-off-by: Sergio Lopez <[email protected]>
PSCI can use both hvc and smc as conduits. Both are supported on macOS, but only the latter works on both EL1 and EL2 modes, so use it by default. Signed-off-by: Sergio Lopez <[email protected]>
So far we only supported ICC sysregs, but for enabling EL2 we also need to support non-ICC sysregs. Generalize sysreg management. Signed-off-by: Sergio Lopez <[email protected]>
Apple introduced Nested Virt (EL2) support in macOS Sequoia, available on Apple Silicon devices based on M3 and later SoCs. This commit introduces the infrastructure to enable Nested Virt on libkrun. The biggest change is setting up the vCPU reset registers to values that are acceptable in EL2 according. This isn't easy since HVF doesn't document its expectations, but the current implementation allows the guest to boot in EL2 and run a nested guest. Instead of linking directly against the new functions, we're using libloader again to find the new symbols, to avoid breaking the binaries in Sonoma. Signed-off-by: Sergio Lopez <[email protected]>
After introducing Nested Virt (EL2) support on macOS, let's add a new API to enable library users to request its enablement. Signed-off-by: Sergio Lopez <[email protected]>
Add the flag "-n" to request the enablement of nested virtualization. Signed-off-by: Sergio Lopez <[email protected]>
Update KRUN_EFI binary built from github.com/slp/edk2:13e8adac8a83141b51375c799996946082e1eb43 This version includes a patch to build with strict alignment, which we need to when starting the vCPUs in EL2 as required when enabling Nested Virtualization. Signed-off-by: Sergio Lopez <[email protected]>
slp
requested review from
jakecorrenti,
MatiasVara,
mtjhrc and
tylerfanelli
as code owners
|
Rebased, working and ready to be reviewed! |
jakecorrenti
reviewed
Apr 2, 2025
tylerfanelli
approved these changes
Apr 2, 2025
| libloading::Library::new( | ||
| "/System/Library/Frameworks/Hypervisor.framework/Versions/A/Hypervisor", | ||
| ) | ||
| .unwrap() |
There was a problem hiding this comment.
Does it make sense to fail gracefully here in the case that the Hypervisor library is either unavailable or of a different version?
There was a problem hiding this comment.
That'd be an ABI break on the macOS side, it's ~ the equivalent of .so versions on Linux
There was a problem hiding this comment.
Well, in the unlikely case Apple stops shipping version 'A' of Hypervisor.framework, we can't do much other than printing a different error message. ;-P
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.