On Wed, Mar 10, 2021 at 05:57:51PM +0000, Quentin Perret wrote: > When KVM runs in nVHE protected mode, use the host stage 2 to unmap the > hypervisor sections by marking them as owned by the hypervisor itself. > The long-term goal is to ensure the EL2 code can remain robust > regardless of the host's state, so this starts by making sure the host > cannot e.g. write to the .hyp sections directly. > > Signed-off-by: Quentin Perret <qperret@xxxxxxxxxx> > --- > arch/arm64/include/asm/kvm_asm.h | 1 + > arch/arm64/kvm/arm.c | 46 +++++++++++++++++++ > arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 + > arch/arm64/kvm/hyp/nvhe/hyp-main.c | 9 ++++ > arch/arm64/kvm/hyp/nvhe/mem_protect.c | 33 +++++++++++++ > 5 files changed, 91 insertions(+) Acked-by: Will Deacon <will@xxxxxxxxxx> Will _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
