review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Will Deacon <will@kernel.org>
	Tue, 23 May 2023 10:18:18 +0000 (11:18 +0100)
committer	Oliver Upton <oliver.upton@linux.dev>
	Thu, 1 Jun 2023 21:34:50 +0000 (21:34 +0000)
commit	048be5fea43deef7e96c0de5ba05515c5cbe28cb
tree	9b4d1befafcc2610814bf3a3f55538dd36ea72ad	tree \| snapshot
parent	f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6	commit \| diff

KVM: arm64: Block unsafe FF-A calls from the host

When KVM is initialised in protected mode, we must take care to filter
certain FFA calls from the host kernel so that the integrity of guest
and hypervisor memory is maintained and is not made available to the
secure world.

As a first step, intercept and block all memory-related FF-A SMC calls
from the host to EL3 and don't advertise any FF-A features. This puts
the framework in place for handling them properly.

Co-developed-by: Andrew Walbran <qwandor@google.com>
Signed-off-by: Andrew Walbran <qwandor@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20230523101828.7328-2-will@kernel.org
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

arch/arm64/kvm/hyp/include/nvhe/ffa.h	[new file with mode: 0644]	blob
arch/arm64/kvm/hyp/nvhe/Makefile		diff \| blob \| history
arch/arm64/kvm/hyp/nvhe/ffa.c	[new file with mode: 0644]	blob
arch/arm64/kvm/hyp/nvhe/hyp-main.c		diff \| blob \| history