summaryrefslogtreecommitdiffstats
path: root/arch/arm64/kernel
diff options
context:
space:
mode:
authorQuentin Perret <qperret@google.com>2022-11-10 20:02:54 +0100
committerMarc Zyngier <maz@kernel.org>2022-11-11 18:19:35 +0100
commitfe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79 (patch)
tree529006eec25af79e441fe48185b068e7714416bb /arch/arm64/kernel
parentKVM: arm64: Return guest memory from EL2 via dedicated teardown memcache (diff)
downloadlinux-fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79.tar.xz
linux-fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79.zip
KVM: arm64: Unmap 'kvm_arm_hyp_percpu_base' from the host
When pKVM is enabled, the hypervisor at EL2 does not trust the host at EL1 and must therefore prevent it from having unrestricted access to internal hypervisor state. The 'kvm_arm_hyp_percpu_base' array holds the offsets for hypervisor per-cpu allocations, so move this this into the nVHE code where it cannot be modified by the untrusted host at EL1. Tested-by: Vincent Donnefort <vdonnefort@google.com> Signed-off-by: Quentin Perret <qperret@google.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20221110190259.26861-22-will@kernel.org
Diffstat (limited to 'arch/arm64/kernel')
-rw-r--r--arch/arm64/kernel/image-vars.h3
1 files changed, 0 insertions, 3 deletions
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index 7f4e43bfaade..ae8f37f4aa8c 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -89,9 +89,6 @@ KVM_NVHE_ALIAS(gic_nonsecure_priorities);
KVM_NVHE_ALIAS(__start___kvm_ex_table);
KVM_NVHE_ALIAS(__stop___kvm_ex_table);
-/* Array containing bases of nVHE per-CPU memory regions. */
-KVM_NVHE_ALIAS(kvm_arm_hyp_percpu_base);
-
/* PMU available static key */
#ifdef CONFIG_HW_PERF_EVENTS
KVM_NVHE_ALIAS(kvm_arm_pmu_available);