Skip to content

Commit 9253699

Browse files
Fuad TabbaMarc Zyngier
Fuad Tabba
authored and
Marc Zyngier
committed
KVM: arm64: Restrict supported capabilities for protected VMs
For practical reasons as well as security related ones, not all capabilities are supported for protected VMs in pKVM. Add a function that restricts the capabilities for protected VMs. This behaves as an allow-list to ensure that future capabilities are checked for compatibility and security before being allowed for protected VMs. Signed-off-by: Fuad Tabba <[email protected]> Acked-by: Oliver Upton <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Marc Zyngier <[email protected]>
1 parent 97a3dee commit 9253699

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

arch/arm64/kvm/arm.c

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,31 @@ int kvm_arch_vcpu_should_kick(struct kvm_vcpu *vcpu)
6969
return kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE;
7070
}
7171

72+
/*
73+
* This functions as an allow-list of protected VM capabilities.
74+
* Features not explicitly allowed by this function are denied.
75+
*/
76+
static bool pkvm_ext_allowed(struct kvm *kvm, long ext)
77+
{
78+
switch (ext) {
79+
case KVM_CAP_IRQCHIP:
80+
case KVM_CAP_ARM_PSCI:
81+
case KVM_CAP_ARM_PSCI_0_2:
82+
case KVM_CAP_NR_VCPUS:
83+
case KVM_CAP_MAX_VCPUS:
84+
case KVM_CAP_MAX_VCPU_ID:
85+
case KVM_CAP_MSI_DEVID:
86+
case KVM_CAP_ARM_VM_IPA_SIZE:
87+
case KVM_CAP_ARM_PMU_V3:
88+
case KVM_CAP_ARM_SVE:
89+
case KVM_CAP_ARM_PTRAUTH_ADDRESS:
90+
case KVM_CAP_ARM_PTRAUTH_GENERIC:
91+
return true;
92+
default:
93+
return false;
94+
}
95+
}
96+
7297
int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
7398
struct kvm_enable_cap *cap)
7499
{
@@ -77,6 +102,9 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
77102
if (cap->flags)
78103
return -EINVAL;
79104

105+
if (kvm_vm_is_protected(kvm) && !pkvm_ext_allowed(kvm, cap->cap))
106+
return -EINVAL;
107+
80108
switch (cap->cap) {
81109
case KVM_CAP_ARM_NISV_TO_USER:
82110
r = 0;
@@ -215,6 +243,10 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
215243
int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
216244
{
217245
int r;
246+
247+
if (kvm && kvm_vm_is_protected(kvm) && !pkvm_ext_allowed(kvm, ext))
248+
return 0;
249+
218250
switch (ext) {
219251
case KVM_CAP_IRQCHIP:
220252
r = vgic_present;

0 commit comments

Comments
 (0)