| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230127113932.166089-10-suzuki.poulose@arm.com>
Date: Fri, 27 Jan 2023 11:39:10 +0000
From: Suzuki K Poulose <suzuki.poulose@....com>
To: kvm@...r.kernel.org, kvmarm@...ts.linux.dev
Cc: suzuki.poulose@....com,
Alexandru Elisei <alexandru.elisei@....com>,
Andrew Jones <andrew.jones@...ux.dev>,
Christoffer Dall <christoffer.dall@....com>,
Fuad Tabba <tabba@...gle.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Joey Gouly <Joey.Gouly@....com>, Marc Zyngier <maz@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Oliver Upton <oliver.upton@...ux.dev>,
Paolo Bonzini <pbonzini@...hat.com>,
Quentin Perret <qperret@...gle.com>,
Steven Price <steven.price@....com>,
Thomas Huth <thuth@...hat.com>, Will Deacon <will@...nel.org>,
Zenghui Yu <yuzenghui@...wei.com>, linux-coco@...ts.linux.dev,
kvmarm@...ts.cs.columbia.edu, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: [RFC kvmtool 09/31] arm64: Add --realm command line option
From: Alexandru Elisei <alexandru.elisei@....com>
Add the --realm command line option which causes kvmtool to exit with an
error if specified, but which will be enabled once realms are fully
supported by kvmtool.
Signed-off-by: Alexandru Elisei <alexandru.elisei@....com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com>
---
arm/aarch64/include/kvm/kvm-config-arch.h | 5 ++++-
arm/aarch64/kvm.c | 20 ++++++++++++++++++--
arm/include/arm-common/kvm-config-arch.h | 1 +
3 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h
index b055fef4..d2df850a 100644
--- a/arm/aarch64/include/kvm/kvm-config-arch.h
+++ b/arm/aarch64/include/kvm/kvm-config-arch.h
@@ -21,7 +21,10 @@ int vcpu_affinity_parser(const struct option *opt, const char *arg, int unset);
OPT_BOOLEAN('\0', "no-pvtime", &(cfg)->no_pvtime, "Disable" \
" stolen time"), \
OPT_BOOLEAN('\0', "disable-sve", &(cfg)->disable_sve, \
- "Disable SVE"),
+ "Disable SVE"), \
+ OPT_BOOLEAN('\0', "realm", &(cfg)->is_realm, \
+ "Create VM running in a realm using Arm RME"),
+
#include "arm-common/kvm-config-arch.h"
#endif /* KVM__KVM_CONFIG_ARCH_H */
diff --git a/arm/aarch64/kvm.c b/arm/aarch64/kvm.c
index 5a53badb..25be2f2d 100644
--- a/arm/aarch64/kvm.c
+++ b/arm/aarch64/kvm.c
@@ -38,9 +38,8 @@ int vcpu_affinity_parser(const struct option *opt, const char *arg, int unset)
return 0;
}
-void kvm__arch_validate_cfg(struct kvm *kvm)
+static void validate_mem_cfg(struct kvm *kvm)
{
-
if (kvm->cfg.ram_addr < ARM_MEMORY_AREA) {
die("RAM address is below the I/O region ending at %luGB",
ARM_MEMORY_AREA >> 30);
@@ -52,6 +51,23 @@ void kvm__arch_validate_cfg(struct kvm *kvm)
}
}
+static void validate_realm_cfg(struct kvm *kvm)
+{
+ if (!kvm->cfg.arch.is_realm)
+ return;
+
+ if (kvm->cfg.arch.aarch32_guest)
+ die("Realms supported only for 64bit guests");
+
+ die("Realms not supported");
+}
+
+void kvm__arch_validate_cfg(struct kvm *kvm)
+{
+ validate_mem_cfg(kvm);
+ validate_realm_cfg(kvm);
+}
+
u64 kvm__arch_default_ram_address(void)
{
return ARM_MEMORY_AREA;
diff --git a/arm/include/arm-common/kvm-config-arch.h b/arm/include/arm-common/kvm-config-arch.h
index 6599305b..5eb791da 100644
--- a/arm/include/arm-common/kvm-config-arch.h
+++ b/arm/include/arm-common/kvm-config-arch.h
@@ -11,6 +11,7 @@ struct kvm_config_arch {
bool aarch32_guest;
bool has_pmuv3;
bool mte_disabled;
+ bool is_realm;
u64 kaslr_seed;
enum irqchip_type irqchip;
u64 fw_addr;
--
2.34.1
Powered by blists - more mailing lists