[PATCH v8 22/43] KVM: arm64: Validate register access for a Realm VM
Gavin Shan
gshan at redhat.com
Wed Apr 30 19:54:59 PDT 2025
On 4/16/25 11:41 PM, Steven Price wrote:
> The RMM only allows setting the GPRS (x0-x30) and PC for a realm
> guest. Check this in kvm_arm_set_reg() so that the VMM can receive a
> suitable error return if other registers are written to.
>
> The RMM makes similar restrictions for reading of the guest's registers
> (this is *confidential* compute after all), however we don't impose the
> restriction here. This allows the VMM to read (stale) values from the
> registers which might be useful to read back the initial values even if
> the RMM doesn't provide the latest version. For migration of a realm VM,
> a new interface will be needed so that the VMM can receive an
> (encrypted) blob of the VM's state.
>
> Signed-off-by: Steven Price <steven.price at arm.com>
> ---
> Changes since v5:
> * Upper GPRS can be set as part of a HOST_CALL return, so fix up the
> test to allow them.
> ---
> arch/arm64/kvm/guest.c | 40 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 40 insertions(+)
>
Reviewed-by: Gavin Shan <gshan at redhat.com>
More information about the linux-arm-kernel
mailing list