moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: KVM: arm64: relay entropy requests from protected guests directly to secure

Browse Source 
As pKVM does not trust the host, it should not be involved in the
handling of, or be able to observe the response to entropy requests
issues by protected guests.

When an SMC-based implementation of the ARM SMCCC TRNG interface is
present, pass any HVC-based requests directly on to the secure firmware.

Co-developed-by: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Bug: 209580772
Change-Id: Ica492ce49fd059a62ecc31bb7ac13c9adb773a08
Signed-off-by: Will Deacon <willdeacon@google.com>
This commit is contained in:
Will Deacon
2022-01-05 14:10:54 +00:00
committed by Treehugger Robot
parent cfbff2d199
commit 61365541c6
3 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
arch/arm64/include/asm/kvm_hyp.h
View File

@@ -129,5 +129,6 @@ extern u64 kvm_nvhe_sym(id_aa64mmfr2_el1_sys_val);
extern unsigned long kvm_nvhe_sym(__icache_flags); extern unsigned long kvm_nvhe_sym(__icache_flags);
extern unsigned int kvm_nvhe_sym(kvm_arm_vmid_bits); extern unsigned int kvm_nvhe_sym(kvm_arm_vmid_bits);
extern bool kvm_nvhe_sym(smccc_trng_available);
#endif /* __ARM64_KVM_HYP_H__ */ #endif /* __ARM64_KVM_HYP_H__ */

1
arch/arm64/kvm/arm.c
View File

@@ -2012,6 +2012,7 @@ static void kvm_hyp_init_symbols(void)
kvm_nvhe_sym(id_aa64mmfr2_el1_sys_val) = read_sanitised_ftr_reg(SYS_ID_AA64MMFR2_EL1); kvm_nvhe_sym(id_aa64mmfr2_el1_sys_val) = read_sanitised_ftr_reg(SYS_ID_AA64MMFR2_EL1);
kvm_nvhe_sym(__icache_flags) = __icache_flags; kvm_nvhe_sym(__icache_flags) = __icache_flags;
kvm_nvhe_sym(kvm_arm_vmid_bits) = kvm_arm_vmid_bits; kvm_nvhe_sym(kvm_arm_vmid_bits) = kvm_arm_vmid_bits;
kvm_nvhe_sym(smccc_trng_available) = smccc_trng_available;
} }
static int kvm_hyp_init_protection(u32 hyp_va_bits) static int kvm_hyp_init_protection(u32 hyp_va_bits)

34
arch/arm64/kvm/hyp/nvhe/pkvm.c
View File

@@ -1277,6 +1277,35 @@ out_guest_err:
return true; return true;
} }
bool smccc_trng_available;
static bool pkvm_forward_trng(struct kvm_vcpu *vcpu)
{
u32 fn = smccc_get_function(vcpu);
struct arm_smccc_res res;
unsigned long arg1 = 0;
/*
* Forward TRNG calls to EL3, as we can't trust the host to handle
* these for us.
*/
switch (fn) {
case ARM_SMCCC_TRNG_FEATURES:
case ARM_SMCCC_TRNG_RND32:
case ARM_SMCCC_TRNG_RND64:
arg1 = smccc_get_arg1(vcpu);
fallthrough;
case ARM_SMCCC_TRNG_VERSION:
case ARM_SMCCC_TRNG_GET_UUID:
arm_smccc_1_1_smc(fn, arg1, &res);
smccc_set_retval(vcpu, res.a0, res.a1, res.a2, res.a3);
memzero_explicit(&res, sizeof(res));
break;
}
return true;
}
/* /*
* Handler for protected VM HVC calls. * Handler for protected VM HVC calls.
* *
@@ -1321,6 +1350,11 @@ bool kvm_handle_pvm_hvc64(struct kvm_vcpu *vcpu, u64 *exit_code)
return pkvm_memshare_call(hyp_vcpu, exit_code); return pkvm_memshare_call(hyp_vcpu, exit_code);
case ARM_SMCCC_VENDOR_HYP_KVM_MEM_UNSHARE_FUNC_ID: case ARM_SMCCC_VENDOR_HYP_KVM_MEM_UNSHARE_FUNC_ID:
return pkvm_memunshare_call(hyp_vcpu); return pkvm_memunshare_call(hyp_vcpu);
case ARM_SMCCC_TRNG_VERSION ... ARM_SMCCC_TRNG_RND32:
case ARM_SMCCC_TRNG_RND64:
if (smccc_trng_available)
return pkvm_forward_trng(vcpu);
break;
default: default:
return pkvm_handle_psci(hyp_vcpu); return pkvm_handle_psci(hyp_vcpu);
} }