[v3,0/6] KVM: arm64: Restrict host hypercalls when pKVM is enabled

Message ID	20211008135839.1193-1-will@kernel.org (mailing list archive)
Headers	show Return-Path: <SRS0=fGbl=O4=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7540A60FD8 From: Will Deacon <will@kernel.org> To: linux-arm-kernel@lists.infradead.org Cc: Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>, Quentin Perret <qperret@google.com>, Catalin Marinas <catalin.marinas@arm.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Mark Rutland <mark.rutland@arm.com>, kvmarm@lists.cs.columbia.edu Subject: [PATCH v3 0/6] KVM: arm64: Restrict host hypercalls when pKVM is enabled Date: Fri, 8 Oct 2021 14:58:33 +0100 Message-Id: <20211008135839.1193-1-will@kernel.org> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	KVM: arm64: Restrict host hypercalls when pKVM is enabled \| expand [v3,0/6] KVM: arm64: Restrict host hypercalls when pKVM is enabled [v3,1/6] KVM: arm64: Turn __KVM_HOST_SMCCC_FUNC_* into an enum (mostly) [v3,2/6] arm64: Prevent kexec and hibernation if is_protected_kvm_enabled() [v3,3/6] KVM: arm64: Reject stub hypercalls after pKVM has been initialised [v3,4/6] KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall [v3,5/6] KVM: arm64: Prevent re-finalisation of pKVM for a given CPU [v3,6/6] KVM: arm64: Disable privileged hypercalls after pKVM finalisation

Message ID

20211008135839.1193-1-will@kernel.org (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7540A60FD8
From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>,
 Quentin Perret <qperret@google.com>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Alexandru Elisei <alexandru.elisei@arm.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Mark Rutland <mark.rutland@arm.com>, kvmarm@lists.cs.columbia.edu
Subject: [PATCH v3 0/6] KVM: arm64: Restrict host hypercalls when pKVM is
 enabled
Date: Fri,  8 Oct 2021 14:58:33 +0100
Message-Id: <20211008135839.1193-1-will@kernel.org>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

KVM: arm64: Restrict host hypercalls when pKVM is enabled | expand

Message

Will Deacon Oct. 8, 2021, 1:58 p.m. UTC

Hi again folks,

This is version three of the patches I previously posted here:

  v1: https://lore.kernel.org/r/20210923112256.15767-1-will@kernel.org
  v2: https://lore.kernel.org/r/20211005113721.29441-1-will@kernel.org

Changes since v3 are:

  - Included proposed cleanup (using an enum) from Marc
  - Rebased onto -rc4

Cheers,

Will

Cc: Marc Zyngier <maz@kernel.org>
Cc: Quentin Perret <qperret@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: kvmarm@lists.cs.columbia.edu

--->8

Marc Zyngier (1):
  KVM: arm64: Turn __KVM_HOST_SMCCC_FUNC_* into an enum (mostly)

Will Deacon (5):
  arm64: Prevent kexec and hibernation if is_protected_kvm_enabled()
  KVM: arm64: Reject stub hypercalls after pKVM has been initialised
  KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall
  KVM: arm64: Prevent re-finalisation of pKVM for a given CPU
  KVM: arm64: Disable privileged hypercalls after pKVM finalisation

 arch/arm64/include/asm/kvm_asm.h      | 47 ++++++++++++---------
 arch/arm64/kernel/smp.c               |  3 +-
 arch/arm64/kvm/arm.c                  | 61 ++++++++++++++++++---------
 arch/arm64/kvm/hyp/nvhe/host.S        | 26 ++++++++----
 arch/arm64/kvm/hyp/nvhe/hyp-main.c    | 37 +++++++++++-----
 arch/arm64/kvm/hyp/nvhe/mem_protect.c |  3 ++
 6 files changed, 117 insertions(+), 60 deletions(-)

Comments

Marc Zyngier Oct. 11, 2021, 8:23 a.m. UTC | #1

On Fri, 8 Oct 2021 14:58:33 +0100, Will Deacon wrote:
> This is version three of the patches I previously posted here:
> 
>   v1: https://lore.kernel.org/r/20210923112256.15767-1-will@kernel.org
>   v2: https://lore.kernel.org/r/20211005113721.29441-1-will@kernel.org
> 
> Changes since v3 are:
> 
> [...]

Applied to next, thanks!

[1/6] KVM: arm64: Turn __KVM_HOST_SMCCC_FUNC_* into an enum (mostly)
      commit: a78738ed1d9bf40d09109599b884508c69d188b8
[2/6] arm64: Prevent kexec and hibernation if is_protected_kvm_enabled()
      commit: 8f4566f18db5d1257fc2d5442e16274424a529c1
[3/6] KVM: arm64: Reject stub hypercalls after pKVM has been initialised
      commit: 8579a185bacaa64c65e43e251ceede2f7600f7e2
[4/6] KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall
      commit: 2f2e1a5069679491d18cf9021da19b40c56a17f3
[5/6] KVM: arm64: Prevent re-finalisation of pKVM for a given CPU
      commit: 07036cffe17ec07e8fb630d86f8ea21832d9e57d
[6/6] KVM: arm64: Disable privileged hypercalls after pKVM finalisation
      commit: 057bed206f70d624c2eacb43ec56551950a26832

Cheers,

	M.