diff options
author | Quentin Perret <qperret@google.com> | 2022-11-10 20:02:54 +0100 |
---|---|---|
committer | Marc Zyngier <maz@kernel.org> | 2022-11-11 18:19:35 +0100 |
commit | fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79 (patch) | |
tree | 529006eec25af79e441fe48185b068e7714416bb /arch/arm64/kernel | |
parent | KVM: arm64: Return guest memory from EL2 via dedicated teardown memcache (diff) | |
download | linux-fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79.tar.xz linux-fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79.zip |
KVM: arm64: Unmap 'kvm_arm_hyp_percpu_base' from the host
When pKVM is enabled, the hypervisor at EL2 does not trust the host at
EL1 and must therefore prevent it from having unrestricted access to
internal hypervisor state.
The 'kvm_arm_hyp_percpu_base' array holds the offsets for hypervisor
per-cpu allocations, so move this this into the nVHE code where it
cannot be modified by the untrusted host at EL1.
Tested-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20221110190259.26861-22-will@kernel.org
Diffstat (limited to 'arch/arm64/kernel')
-rw-r--r-- | arch/arm64/kernel/image-vars.h | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h index 7f4e43bfaade..ae8f37f4aa8c 100644 --- a/arch/arm64/kernel/image-vars.h +++ b/arch/arm64/kernel/image-vars.h @@ -89,9 +89,6 @@ KVM_NVHE_ALIAS(gic_nonsecure_priorities); KVM_NVHE_ALIAS(__start___kvm_ex_table); KVM_NVHE_ALIAS(__stop___kvm_ex_table); -/* Array containing bases of nVHE per-CPU memory regions. */ -KVM_NVHE_ALIAS(kvm_arm_hyp_percpu_base); - /* PMU available static key */ #ifdef CONFIG_HW_PERF_EVENTS KVM_NVHE_ALIAS(kvm_arm_pmu_available); |