From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80C39C433EF for ; Thu, 23 Sep 2021 12:33:01 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4BCED60FE6 for ; Thu, 23 Sep 2021 12:33:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4BCED60FE6 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Subject:Cc:To:From:Message-ID:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JeulF+pZ93LUPkLV6lzydQ2K58RmcO+tWfqEmVa71tI=; b=F5FSqAZpXK4DSq je+KCRDVsQDNKL6toZCzWDapbj9wwFdSjpo8zfOlCHE8ZyLwzIkhYIrcLeVwctEeJcqRYogdEDN+4 OaX2A1l6i8/WjfreQXKm6iFLy0ER8Ea/pn8ESR8LTBNRg+UKDXgwacS3emYJ8Q0x0tUsHbbG5UFNd V6ZhOx6kL3jDDmlR8ztLcFe/Dudi9VRsGcAuxEtIrTvEl+cRFxzzoP1tTJMfJZKGf+EqcXDPmnExP YsTsaARPEy3ITPD1KN0XbcXSd2ghgKwsKRRBnikOPByKYBgDyc/1kmaKEACEebbul3Yy0/p0XQX2i ZARoTntPObNQCPMOGKLQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mTNro-00BOff-Bg; Thu, 23 Sep 2021 12:30:20 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mTNiu-00BKK1-6C for linux-arm-kernel@lists.infradead.org; Thu, 23 Sep 2021 12:21:09 +0000 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BACBC610A0; Thu, 23 Sep 2021 12:21:07 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mTNir-00CWmx-HF; Thu, 23 Sep 2021 13:21:05 +0100 Date: Thu, 23 Sep 2021 13:21:05 +0100 Message-ID: <871r5fv5xq.wl-maz@kernel.org> From: Marc Zyngier To: Will Deacon Cc: linux-arm-kernel@lists.infradead.org, Quentin Perret , Catalin Marinas , Alexandru Elisei , Suzuki K Poulose , kvmarm@lists.cs.columbia.edu Subject: Re: [PATCH 0/5] KVM: arm64: Restrict host hypercalls when pKVM is enabled In-Reply-To: <20210923112256.15767-1-will@kernel.org> References: <20210923112256.15767-1-will@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: will@kernel.org, linux-arm-kernel@lists.infradead.org, qperret@google.com, catalin.marinas@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, kvmarm@lists.cs.columbia.edu X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210923_052108_306018_F806EB34 X-CRM114-Status: GOOD ( 19.17 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 23 Sep 2021 12:22:51 +0100, Will Deacon wrote: > > Hi folks, > > This series restricts the hypercalls available to the KVM host on arm64 > when pKVM is enabled so that it is not possible for the host to use them > to replace the EL2 component with something else. > > This occurs in two stages: when switching to the pKVM vectors, the stub > hypercalls are removed and then later when pKVM is finalised, the pKVM > init hypercalls are removed. > > There are still a few dubious calls remaining in terms of protecting the > guest (e.g. __kvm_adjust_pc) but these will be dealt with later when we > have more VM state at EL2 to play with. Yup. This particular one should have an equivalent at EL2 and pending exceptions committed to the state before exiting to EL1. M. -- Without deviation from the norm, progress is not possible. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel