From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79BEFC433EF for ; Tue, 5 Oct 2021 11:40:17 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4853F610A2 for ; Tue, 5 Oct 2021 11:40:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4853F610A2 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=AApnFCUuXK6mH6o+MqpCkwfgbkBfyuOabN8QactCzZ4=; b=oYsQNZFSyqes05 3QTLRF0FxiQGjeOpmbggYSmApBnPAot3mT5YBiJ97A2UGXR+w7eikLmLCre7nUGYwjjbMptnquJEL 92lwmrYnBNRBHWbLCuymqIc/wB95chdYhCdyGoCpVFjbpoKiG9fqDz7+61VOaI+KwTI4rB+FWq1sk 5ppb0lhylIrB70djnBGB3u0BtEQTs/bDEGRjUfJVbL4h2DV5Wc7Fgk0DV7GXC/wFsWjvmfyljOzAN Z6j7CaF0wUcxHZizOrlQjLrv2w3evsQ8lCiooWOhS6X+uY25HpI3vf/gks+8jdUxRry5uDk3OmWyZ VgWQQYRqePahs6xTaRtQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mXild-00A9vS-PU; Tue, 05 Oct 2021 11:37:53 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mXilO-00A9ph-5R for linux-arm-kernel@lists.infradead.org; Tue, 05 Oct 2021 11:37:39 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 579CD613AC; Tue, 5 Oct 2021 11:37:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1633433857; bh=YDg8wjlM3PEKxET6Y7NSL5dzz3DAKCknRgdO4XsRQio=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AbrYFeAXygGZtwMc6B3g1VaSM5p6goSJPJ0eK5rzK65BPP1ot7ZIl3F10e5v5s7be Wq0K+Cp4IMM4Uqo4PG9M1DuBUi9/D8yKZ0oj/Dudx+f3w0px00b9+N6mEx5M+ycwsH swEhyftNSFWivF6YJNNGCOlF1Xi6HGTOeB03uPvk4I61XSluwvcSEZ+Xpo4KU8k1aD g3R2/DlRhyVQJwtbUCvampB/WN/LAcoodh99bswkhd9Vis+IviuO/Xo+DVcRJasKtC aDsYr8hVU1YH702uo2CKSj8T4cbMUscBKAGNMG05pNWstv/IKI+jK4QpRdE9/07Mhd TlExoMjOiJoVg== From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: Will Deacon , Marc Zyngier , Quentin Perret , Catalin Marinas , Alexandru Elisei , Suzuki K Poulose , Mark Rutland , kvmarm@lists.cs.columbia.edu Subject: [PATCH v2 1/5] arm64: Prevent kexec and hibernation if is_protected_kvm_enabled() Date: Tue, 5 Oct 2021 12:37:17 +0100 Message-Id: <20211005113721.29441-2-will@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20211005113721.29441-1-will@kernel.org> References: <20211005113721.29441-1-will@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211005_043738_241248_8135F04F X-CRM114-Status: GOOD ( 12.55 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When pKVM is enabled, the hypervisor code at EL2 and its data structures are inaccessible to the host kernel and cannot be torn down or replaced as this would defeat the integrity properies which pKVM aims to provide. Furthermore, the ABI between the host and EL2 is flexible and private to whatever the current implementation of KVM requires and so booting a new kernel with an old EL2 component is very likely to end in disaster. In preparation for uninstalling the hyp stub calls which are relied upon to reset EL2, disable kexec and hibernation in the host when protected KVM is enabled. Cc: Marc Zyngier Cc: Quentin Perret Signed-off-by: Will Deacon --- arch/arm64/kernel/smp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c index 6f6ff072acbd..44369b99a57e 100644 --- a/arch/arm64/kernel/smp.c +++ b/arch/arm64/kernel/smp.c @@ -1128,5 +1128,6 @@ bool cpus_are_stuck_in_kernel(void) { bool smp_spin_tables = (num_possible_cpus() > 1 && !have_cpu_die()); - return !!cpus_stuck_in_kernel || smp_spin_tables; + return !!cpus_stuck_in_kernel || smp_spin_tables || + is_protected_kvm_enabled(); } -- 2.33.0.800.g4c38ced690-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel