Hi folks, This series restricts the hypercalls available to the KVM host on arm64 when pKVM is enabled so that it is not possible for the host to use them to replace the EL2 component with something else. This occurs in two stages: when switching to the pKVM vectors, the stub hypercalls are removed and then later when pKVM is finalised, the pKVM init hypercalls are removed. There are still a few dubious calls remaining in terms of protecting the guest (e.g. __kvm_adjust_pc) but these will be dealt with later when we have more VM state at EL2 to play with. Patches based on -rc2. Feedback welcome. Cheers, Will Cc: Marc Zyngier <maz@xxxxxxxxxx> Cc: Quentin Perret <qperret@xxxxxxxxxx> Cc: Catalin Marinas <catalin.marinas@xxxxxxx> Cc: Alexandru Elisei <alexandru.elisei@xxxxxxx> Cc: Suzuki K Poulose <suzuki.poulose@xxxxxxx> Cc: kvmarm@xxxxxxxxxxxxxxxxxxxxx --->8 Will Deacon (5): arm64: Prevent kexec and hibernation if is_protected_kvm_enabled() KVM: arm64: Reject stub hypercalls after pKVM has been initialised KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall KVM: arm64: Prevent re-finalisation of pKVM for a given CPU KVM: arm64: Disable privileged hypercalls after pKVM finalisation arch/arm64/include/asm/kvm_asm.h | 43 ++++++++++--------- arch/arm64/kernel/smp.c | 3 +- arch/arm64/kvm/arm.c | 61 ++++++++++++++++++--------- arch/arm64/kvm/hyp/nvhe/host.S | 26 ++++++++---- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 26 +++++++----- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 3 ++ 6 files changed, 103 insertions(+), 59 deletions(-) -- 2.33.0.464.g1972c5931b-goog _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
