On Thu, Sep 23, 2021 at 12:22:56PM +0100, Will Deacon wrote:
> After pKVM has been 'finalised' using the __pkvm_prot_finalize hypercall,
> the calling CPU will have a Stage-2 translation enabled to prevent access
> to memory pages owned by EL2.
>
> Although this forms a significant part of the process to deprivilege the
> host kernel, we also need to ensure that the hypercall interface is
> reduced so that the EL2 code cannot, for example, be re-initialised using
> a new set of vectors.
>
> Re-order the hypercalls so that only a suffix remains available after
> finalisation of pKVM.
>
> Cc: Marc Zyngier <maz@xxxxxxxxxx>
> Cc: Quentin Perret <qperret@xxxxxxxxxx>
> Signed-off-by: Will Deacon <will@xxxxxxxxxx>
> ---
> arch/arm64/include/asm/kvm_asm.h | 43 ++++++++++++++++--------------
> arch/arm64/kvm/hyp/nvhe/hyp-main.c | 26 +++++++++++-------
> 2 files changed, 39 insertions(+), 30 deletions(-)
[...]
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> index 2da6aa8da868..4120e34288e1 100644
> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> @@ -165,36 +165,42 @@ typedef void (*hcall_t)(struct kvm_cpu_context *);
> #define HANDLE_FUNC(x) [__KVM_HOST_SMCCC_FUNC_##x] = (hcall_t)handle_##x
>
> static const hcall_t host_hcall[] = {
> - HANDLE_FUNC(__kvm_vcpu_run),
> + /* ___kvm_hyp_init */
> + HANDLE_FUNC(__kvm_get_mdcr_el2),
> + HANDLE_FUNC(__pkvm_init),
> + HANDLE_FUNC(__pkvm_create_private_mapping),
> + HANDLE_FUNC(__pkvm_cpu_set_vector),
> + HANDLE_FUNC(__kvm_enable_ssbs),
> + HANDLE_FUNC(__vgic_v3_init_lrs),
> + HANDLE_FUNC(__pkvm_prot_finalize),
> +
> + HANDLE_FUNC(__pkvm_host_share_hyp),
> HANDLE_FUNC(__kvm_adjust_pc),
> + HANDLE_FUNC(__kvm_vcpu_run),
> HANDLE_FUNC(__kvm_flush_vm_context),
> HANDLE_FUNC(__kvm_tlb_flush_vmid_ipa),
> HANDLE_FUNC(__kvm_tlb_flush_vmid),
> HANDLE_FUNC(__kvm_flush_cpu_context),
> HANDLE_FUNC(__kvm_timer_set_cntvoff),
> - HANDLE_FUNC(__kvm_enable_ssbs),
> HANDLE_FUNC(__vgic_v3_get_gic_config),
> HANDLE_FUNC(__vgic_v3_read_vmcr),
> HANDLE_FUNC(__vgic_v3_write_vmcr),
> - HANDLE_FUNC(__vgic_v3_init_lrs),
> - HANDLE_FUNC(__kvm_get_mdcr_el2),
> HANDLE_FUNC(__vgic_v3_save_aprs),
> HANDLE_FUNC(__vgic_v3_restore_aprs),
> - HANDLE_FUNC(__pkvm_init),
> - HANDLE_FUNC(__pkvm_cpu_set_vector),
> - HANDLE_FUNC(__pkvm_host_share_hyp),
> - HANDLE_FUNC(__pkvm_create_private_mapping),
> - HANDLE_FUNC(__pkvm_prot_finalize),
Not that it makes any functional difference, but I was trying to keep this
in numerical order and evidently didn't manage it after renumbering
__vgic_v3_get_gic_config. Will fix for v2.
Will
_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
