KVM: arm64: Block unsafe FF-A calls from the host - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Will Deacon <will@kernel.org>	2023-05-23 13:18:18 +0300
committer	Oliver Upton <oliver.upton@linux.dev>	2023-06-02 00:34:50 +0300
commit	048be5fea43deef7e96c0de5ba05515c5cbe28cb (patch)
tree	9b4d1befafcc2610814bf3a3f55538dd36ea72ad /arch/arm64/kvm/trace_arm.h
parent	f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6 (diff)
download	linux-048be5fea43deef7e96c0de5ba05515c5cbe28cb.tar.xz

KVM: arm64: Block unsafe FF-A calls from the host

When KVM is initialised in protected mode, we must take care to filter certain FFA calls from the host kernel so that the integrity of guest and hypervisor memory is maintained and is not made available to the secure world. As a first step, intercept and block all memory-related FF-A SMC calls from the host to EL3 and don't advertise any FF-A features. This puts the framework in place for handling them properly. Co-developed-by: Andrew Walbran <qwandor@google.com> Signed-off-by: Andrew Walbran <qwandor@google.com> Signed-off-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20230523101828.7328-2-will@kernel.org Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

Diffstat (limited to 'arch/arm64/kvm/trace_arm.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: