From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marc Zyngier Subject: Re: [PATCH 17/21] arm64: KVM: Map the kernel RO section into HYP Date: Mon, 16 Nov 2015 14:43:26 +0000 Message-ID: <5649EB8E.2030305@arm.com> References: <1447679519-17888-1-git-send-email-marc.zyngier@arm.com> <1447679519-17888-18-git-send-email-marc.zyngier@arm.com> <20151116142728.GJ20696@leverpostej> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: Christoffer Dall , Catalin Marinas , kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, ard.biesheuvel@linaro.org To: Mark Rutland Return-path: Received: from foss.arm.com ([217.140.101.70]:50330 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751361AbbKPOn3 (ORCPT ); Mon, 16 Nov 2015 09:43:29 -0500 In-Reply-To: <20151116142728.GJ20696@leverpostej> Sender: kvm-owner@vger.kernel.org List-ID: On 16/11/15 14:27, Mark Rutland wrote: > On Mon, Nov 16, 2015 at 01:11:55PM +0000, Marc Zyngier wrote: >> In order to run C code in HYP, we must make sure that the kernel's >> RO section in mapped into HYP (otherwise things break badly). > > Somewhat tangential, but do we have any strong guarantees that the hyp > text is otherwise safe in its address space which differs from that of > the kernel proper? > > i.e. do we need something like we did for the EFI stub in commit > e8f3010f7326c003 ("arm64/efi: isolate EFI stub from the kernel proper")? Probably. That will make things more difficult for VHE, where there are function calls between the kernel and the "hypervisor" (kvm_call_hyp() and panic() are the most obvious ones). I'll have a look, thanks for the pointer. M. -- Jazz is not dead. It just smells funny... From mboxrd@z Thu Jan 1 00:00:00 1970 From: marc.zyngier@arm.com (Marc Zyngier) Date: Mon, 16 Nov 2015 14:43:26 +0000 Subject: [PATCH 17/21] arm64: KVM: Map the kernel RO section into HYP In-Reply-To: <20151116142728.GJ20696@leverpostej> References: <1447679519-17888-1-git-send-email-marc.zyngier@arm.com> <1447679519-17888-18-git-send-email-marc.zyngier@arm.com> <20151116142728.GJ20696@leverpostej> Message-ID: <5649EB8E.2030305@arm.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On 16/11/15 14:27, Mark Rutland wrote: > On Mon, Nov 16, 2015 at 01:11:55PM +0000, Marc Zyngier wrote: >> In order to run C code in HYP, we must make sure that the kernel's >> RO section in mapped into HYP (otherwise things break badly). > > Somewhat tangential, but do we have any strong guarantees that the hyp > text is otherwise safe in its address space which differs from that of > the kernel proper? > > i.e. do we need something like we did for the EFI stub in commit > e8f3010f7326c003 ("arm64/efi: isolate EFI stub from the kernel proper")? Probably. That will make things more difficult for VHE, where there are function calls between the kernel and the "hypervisor" (kvm_call_hyp() and panic() are the most obvious ones). I'll have a look, thanks for the pointer. M. -- Jazz is not dead. It just smells funny...