git.maquefel.me Git - linux.git/commit

author	Quentin Perret <qperret@google.com>
	Thu, 10 Nov 2022 19:02:54 +0000 (19:02 +0000)
committer	Marc Zyngier <maz@kernel.org>
	Fri, 11 Nov 2022 17:19:35 +0000 (17:19 +0000)
commit	fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79
tree	529006eec25af79e441fe48185b068e7714416bb	tree \| snapshot
parent	f41dff4efb918db68923a826e966ca62c7c8e929	commit \| diff

KVM: arm64: Unmap 'kvm_arm_hyp_percpu_base' from the host

When pKVM is enabled, the hypervisor at EL2 does not trust the host at
EL1 and must therefore prevent it from having unrestricted access to
internal hypervisor state.

The 'kvm_arm_hyp_percpu_base' array holds the offsets for hypervisor
per-cpu allocations, so move this this into the nVHE code where it
cannot be modified by the untrusted host at EL1.

Tested-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20221110190259.26861-22-will@kernel.org

arch/arm64/include/asm/kvm_asm.h		diff \| blob \| history
arch/arm64/kernel/image-vars.h		diff \| blob \| history
arch/arm64/kvm/arm.c		diff \| blob \| history
arch/arm64/kvm/hyp/nvhe/hyp-smp.c		diff \| blob \| history