From 2aca919c877d0247f68f01cd9af6defb75d2abe9 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Thu, 10 Mar 2022 12:26:18 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Avoid exposing shadow table internals outside of pkvm.c There's no reason to make the internal shadow table data directly accessible outside of pkvm.c, so make it all static and provide an initialisation function to install the initial pages. Bug: 216808671 Signed-off-by: Will Deacon Change-Id: Idc0908796ebbd2b620494f5d4d6b6055455c8013 --- arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 3 +-- arch/arm64/kvm/hyp/nvhe/pkvm.c | 14 ++++++++++---- arch/arm64/kvm/hyp/nvhe/setup.c | 7 +++++-- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h index e4983f5cbd0f..80ecc831fc31 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h +++ b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h @@ -60,11 +60,10 @@ static inline bool vcpu_is_protected(struct kvm_vcpu *vcpu) return vcpu->arch.pkvm.shadow_vm->arch.pkvm.enabled; } -extern struct kvm_shadow_vm **shadow_table; - extern phys_addr_t pvmfw_base; extern phys_addr_t pvmfw_size; +void hyp_shadow_table_init(void *tbl); int __pkvm_init_shadow(struct kvm *kvm, void *shadow_va, size_t size, void *pgd); int __pkvm_teardown_shadow(int shadow_handle); struct kvm_vcpu *get_shadow_vcpu(int shadow_handle, unsigned int vcpu_idx); diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 8bd9c525f201..5b0a0e9d9c32 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -230,19 +230,25 @@ extern unsigned long hyp_nr_cpus; * Protects writes to shadow_table, num_shadow_entries, and next_shadow_alloc, * as well as reads and writes to last_shadow_vcpu_lookup. */ -DEFINE_HYP_SPINLOCK(shadow_lock); +static DEFINE_HYP_SPINLOCK(shadow_lock); /* * The table of shadow entries for protected VMs in hyp. * Allocated at hyp initialization and setup. */ -struct kvm_shadow_vm **shadow_table; +static struct kvm_shadow_vm **shadow_table; /* Current number of vms in the shadow table. */ -int num_shadow_entries; +static int num_shadow_entries; /* The next entry index to try to allocate from. */ -int next_shadow_alloc; +static int next_shadow_alloc; + +void hyp_shadow_table_init(void *tbl) +{ + WARN_ON(shadow_table); + shadow_table = tbl; +} /* * Return the shadow vm corresponding to the handle. diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setup.c index 4fa7ed90c9cc..18638652f06d 100644 --- a/arch/arm64/kvm/hyp/nvhe/setup.c +++ b/arch/arm64/kvm/hyp/nvhe/setup.c @@ -29,6 +29,7 @@ phys_addr_t pvmfw_size; (unsigned long)__per_cpu_start) static void *vmemmap_base; +static void *shadow_table_base; static void *hyp_pgt_base; static void *host_s2_pgt_base; static void *ffa_proxy_pages; @@ -47,8 +48,8 @@ static int divide_memory_pool(void *virt, unsigned long size) return -ENOMEM; nr_pages = hyp_shadow_table_pages(sizeof(struct kvm_shadow_vm)); - shadow_table = hyp_early_alloc_contig(nr_pages); - if (!shadow_table) + shadow_table_base = hyp_early_alloc_contig(nr_pages); + if (!shadow_table_base) return -ENOMEM; nr_pages = hyp_s1_pgtable_pages(); @@ -323,6 +324,8 @@ void __noreturn __pkvm_init_finalise(void) ret = hyp_ffa_init(ffa_proxy_pages); if (ret) goto out; + + hyp_shadow_table_init(shadow_table_base); out: /* * We tail-called to here from handle___pkvm_init() and will not return,