git.baikalelectronics.ru Git - kernel.git/commit

author	Will Deacon <will@kernel.org>
	Fri, 8 Oct 2021 13:58:35 +0000 (14:58 +0100)
committer	Marc Zyngier <maz@kernel.org>
	Mon, 11 Oct 2021 08:07:28 +0000 (09:07 +0100)
commit	caf97713dbd3073177a9fd9697808321105fafd1
tree	7f69c5a15c91555b754b7afecfcfa9f8c0e21f4a	tree \| snapshot
parent	5c3cce9c3edb3d5703a1f3b3da9e14a289aca451	commit \| diff

arm64: Prevent kexec and hibernation if is_protected_kvm_enabled()

When pKVM is enabled, the hypervisor code at EL2 and its data structures
are inaccessible to the host kernel and cannot be torn down or replaced
as this would defeat the integrity properies which pKVM aims to provide.
Furthermore, the ABI between the host and EL2 is flexible and private to
whatever the current implementation of KVM requires and so booting a new
kernel with an old EL2 component is very likely to end in disaster.

In preparation for uninstalling the hyp stub calls which are relied upon
to reset EL2, disable kexec and hibernation in the host when protected
KVM is enabled.

Cc: Marc Zyngier <maz@kernel.org>
Cc: Quentin Perret <qperret@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211008135839.1193-3-will@kernel.org