From patchwork Thu Sep 23 11:22:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 12512425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFB24C433F5 for ; Thu, 23 Sep 2021 11:25:25 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8126061107 for ; Thu, 23 Sep 2021 11:25:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8126061107 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=grfs9RL245ofplHfiyVX+2b7oPV371e0moL+6cxd2Ro=; b=HTqKgpBpv8FMRM 3HlPtSsP+LnQ/JO7kVfyfskuyzfqCBK05NgI+POcEUbk4vt5xdrUQbPIpRfkiRFFZMEef8PdiGKWz TiV7tEikMJDYGqTKEp98Xp4H8FKiF6AAIC/h9HopI6Dhx8Dz+AZHo1MrJvRGSdRvko+PjklkylxVp z4kj0Ym3+uFii/OW8pmtm1XzLQgfpugT0QSnWMPPzPPuUaIJ4evwae1uzE5j6kQix/yDqWDdPMb68 +MG5jxUf+8q3B8h6FKBQ8wZbejB4bY2jx0/Q7jb1FbHg79AkURG66193I3FFaY1p2ishMrcWunMms F2V0q/Zv06NEjyLB/8gg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mTMov-00B4pX-BT; Thu, 23 Sep 2021 11:23:17 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mTMoi-00B4mK-MQ for linux-arm-kernel@lists.infradead.org; Thu, 23 Sep 2021 11:23:06 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0B855611B0; Thu, 23 Sep 2021 11:23:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1632396184; bh=9V6D01rnhhu/XVUyi+hFbDZbhJ0tu8PwpuRqUVWmUbk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EUArm6thYy22n/hiDJOWbwy+k/vvSIYESSWeMzpw8oXHTN3jgmC3ELFh+Vix2NuX4 xzIJ/Tz+yhSa6aDPRLc0Cx7j26c0BSkTAxLwairyJOR5AcuR4zfji+YiMJs/sQRiMK kffRQRqRPcpL1GkIv4fR0/k9RPRAvSFS0Aa/F4UBsaq3WM36LoZmcwdYR/w4ulueR5 Opx0Zmr0K7nR+Gy56KtALZVbSB3frUtBUanV1lsMslv3QMW5ZRzCF/v1CpVMTzel1m 8tejstLQW7YsYlENUPXaHbWjL6zvbS6C+UDaexUdYnJQKPKFQ8sQ9z54H+8FLx7Pw+ 275YAW0PuT3Lg== From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: Will Deacon , Marc Zyngier , Quentin Perret , Catalin Marinas , Alexandru Elisei , Suzuki K Poulose , kvmarm@lists.cs.columbia.edu Subject: [PATCH 1/5] arm64: Prevent kexec and hibernation if is_protected_kvm_enabled() Date: Thu, 23 Sep 2021 12:22:52 +0100 Message-Id: <20210923112256.15767-2-will@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210923112256.15767-1-will@kernel.org> References: <20210923112256.15767-1-will@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210923_042304_814988_13FF29AC X-CRM114-Status: GOOD ( 12.11 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When pKVM is enabled, the hypervisor code at EL2 and its data structures are inaccessible to the host kernel and cannot be torn down or replaced as this would defeat the integrity properies which pKVM aims to provide. Furthermore, the ABI between the host and EL2 is flexible and private to whatever the current implementation of KVM requires and so booting a new kernel with an old EL2 component is very likely to end in disaster. In preparation for uninstalling the hyp stub calls which are relied upon to reset EL2, disable kexec and hibernation in the host when protected KVM is enabled. Cc: Marc Zyngier Cc: Quentin Perret Signed-off-by: Will Deacon --- arch/arm64/kernel/smp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c index 6f6ff072acbd..44369b99a57e 100644 --- a/arch/arm64/kernel/smp.c +++ b/arch/arm64/kernel/smp.c @@ -1128,5 +1128,6 @@ bool cpus_are_stuck_in_kernel(void) { bool smp_spin_tables = (num_possible_cpus() > 1 && !have_cpu_die()); - return !!cpus_stuck_in_kernel || smp_spin_tables; + return !!cpus_stuck_in_kernel || smp_spin_tables || + is_protected_kvm_enabled(); }