git.baikalelectronics.ru Git - kernel.git/commit

author	Will Deacon <will@kernel.org>
	Fri, 8 Oct 2021 13:58:39 +0000 (14:58 +0100)
committer	Marc Zyngier <maz@kernel.org>
	Mon, 11 Oct 2021 08:07:29 +0000 (09:07 +0100)
commit	6cf9ceb6db0b4566ebc53cb1a70491efc27f75ac
tree	9235e4f01dd66c8959d657d5c366d9f866bb5440	tree \| snapshot
parent	c6ee7de37baf4097971268b42d612aabd4d66d48	commit \| diff

KVM: arm64: Disable privileged hypercalls after pKVM finalisation

After pKVM has been 'finalised' using the __pkvm_prot_finalize hypercall,
the calling CPU will have a Stage-2 translation enabled to prevent access
to memory pages owned by EL2.

Although this forms a significant part of the process to deprivilege the
host kernel, we also need to ensure that the hypercall interface is
reduced so that the EL2 code cannot, for example, be re-initialised using
a new set of vectors.

Re-order the hypercalls so that only a suffix remains available after
finalisation of pKVM.

Cc: Marc Zyngier <maz@kernel.org>
Cc: Quentin Perret <qperret@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211008135839.1193-7-will@kernel.org

arch/arm64/include/asm/kvm_asm.h		diff \| blob \| history
arch/arm64/kvm/hyp/nvhe/hyp-main.c		diff \| blob \| history