KVM: arm64: Unmap 'kvm_arm_hyp_percpu_base' from the host

When pKVM is enabled, the hypervisor at EL2 does not trust the host at EL1 and must therefore prevent it from having unrestricted access to internal hypervisor state. The 'kvm_arm_hyp_percpu_base' array holds the offsets for hypervisor per-cpu allocations, so move this this into the nVHE code where it cannot be modified by the untrusted host at EL1. Tested-by: Vincent Donnefort <vdonnefort@google.com> Signed-off-by: Quentin Perret <qperret@google.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20221110190259.26861-22-will@kernel.org
author: Quentin Perret <qperret@google.com> 2022-11-10 19:02:54 +0000
committer: Marc Zyngier <maz@kernel.org> 2022-11-11 17:19:35 +0000
commit: fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79 (patch)
tree: 529006eec25af79e441fe48185b068e7714416bb /arch/arm64/kvm/hyp/nvhe
parent: f41dff4efb918db68923a826e966ca62c7c8e929 (diff)
download: linux-fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-smp.c b/arch/arm64/kvm/hyp/nvhe/hyp-smp.c
index 9f54833af400..04d194583f1e 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-smp.c
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-smp.c
@@ -23,6 +23,8 @@ u64 cpu_logical_map(unsigned int cpu)
 	return hyp_cpu_logical_map[cpu];
 }
 
+unsigned long __ro_after_init kvm_arm_hyp_percpu_base[NR_CPUS];
+
 unsigned long __hyp_per_cpu_offset(unsigned int cpu)
 {
 	unsigned long *cpu_base_array;
author	Quentin Perret <qperret@google.com>	2022-11-10 19:02:54 +0000
committer	Marc Zyngier <maz@kernel.org>	2022-11-11 17:19:35 +0000
commit	fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79 (patch)
tree	529006eec25af79e441fe48185b068e7714416bb /arch/arm64/kvm/hyp/nvhe
parent	f41dff4efb918db68923a826e966ca62c7c8e929 (diff)
download	linux-fe41a7f8c0ee3ee2f682f8c28c7e1c5ff2be8a79.tar.bz2