arm64: random: use hyp entropy under pkvm

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

1 files changed, 17 insertions, 0 deletions

diff --git a/arch/arm64/include/asm/archrandom.h b/arch/arm64/include/asm/archrandom.h
index 09e43272ccb0a..7fdd39004ac75 100644
--- a/arch/arm64/include/asm/archrandom.h
+++ b/arch/arm64/include/asm/archrandom.h
@@ -6,8 +6,10 @@
 
 #include <linux/arm-smccc.h>
 #include <linux/bug.h>
+#include <linux/jump_label.h>
 #include <linux/kernel.h>
 #include <asm/cpufeature.h>
+#include <asm/virt.h>
 
 #define ARM_SMCCC_TRNG_MIN_VERSION	0x10000UL
 
@@ -52,10 +54,25 @@ static inline bool __must_check arch_get_random_int(unsigned int *v)
 	return false;
 }
 
+// TODO define this in a header without getting into #include hell
+#define PKVM_get_entropy						\
+        ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,                         \
+                           ARM_SMCCC_SMC_64,                            \
+                           ARM_SMCCC_OWNER_VENDOR_HYP,                  \
+                           21)
+
 static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
 {
 	struct arm_smccc_res res;
 
+	if (static_branch_likely(&kvm_protected_mode_initialized)) {
+		arm_smccc_1_1_hvc(PKVM_get_entropy, 64, &res);
+		if ((int)res.a0 >= 0) {
+			*v = res.a3;
+			return true;
+		}
+	}
+
 	/*
 	 * We prefer the SMCCC call, since its semantics (return actual
 	 * hardware backed entropy) is closer to the idea behind this