projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f937001) | patch
KVM: arm64: Restrict EL2 stage-1 changes in protected mode
authorQuentin Perret <qperret@google.com>
Mon, 9 Aug 2021 15:24:47 +0000 (16:24 +0100)
committerMarc Zyngier <maz@kernel.org>
Wed, 11 Aug 2021 10:39:52 +0000 (11:39 +0100)
commit66c57edd3bc79e3527daaae8123f72ecd1e3fa25
tree1643a55ee0aeee2d0a2de38ced7792db0d2a66c1tree | snapshot
parentf9370010e92638f66473baf342e19de940403362commit | diff
KVM: arm64: Restrict EL2 stage-1 changes in protected mode

The host kernel is currently able to change EL2 stage-1 mappings without
restrictions thanks to the __pkvm_create_mappings() hypercall. But in a
world where the host is no longer part of the TCB, this clearly poses a
problem.

To fix this, introduce a new hypercall to allow the host to share a
physical memory page with the hypervisor, and remove the
__pkvm_create_mappings() variant. The new hypercall implements
ownership and permission checks before allowing the sharing operation,
and it annotates the shared page in the hypervisor stage-1 and host
stage-2 page-tables.

Signed-off-by: Quentin Perret <qperret@google.com>
Reviewed-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210809152448.1810400-21-qperret@google.com
arch/arm64/include/asm/kvm_asm.h diff | blob | history
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h diff | blob | history
arch/arm64/kvm/hyp/nvhe/hyp-main.c diff | blob | history
arch/arm64/kvm/hyp/nvhe/mem_protect.c diff | blob | history
arch/arm64/kvm/mmu.c diff | blob | history
MicroBlaze GIT Repository