On Sat, 24 Dec 2022 at 13:19, Marc Zyngier wrote:
>
> On Thu, 22 Dec 2022 13:01:55 +,
> Ard Biesheuvel wrote:
> >
> > On Tue, 20 Dec 2022 at 21:09, Marc Zyngier wrote:
> > >
> > > A recent development on the EFI front has resulted in guests having
> > > their page tables baked in the firmwar
On Thu, 22 Dec 2022 13:01:55 +,
Ard Biesheuvel wrote:
>
> On Tue, 20 Dec 2022 at 21:09, Marc Zyngier wrote:
> >
> > A recent development on the EFI front has resulted in guests having
> > their page tables baked in the firmware binary, and mapped into
> > the IPA space as part as a read-only
On Tue, 20 Dec 2022 at 21:09, Marc Zyngier wrote:
>
> A recent development on the EFI front has resulted in guests having
> their page tables baked in the firmware binary, and mapped into
> the IPA space as part as a read-only memslot.
>
> Not only this is legitimate, but it also results in added
On Wed, Dec 21, 2022 at 05:53:58PM +, Marc Zyngier wrote:
> On Wed, 21 Dec 2022 16:50:30 +,
> Oliver Upton wrote:
> >
> > On Wed, Dec 21, 2022 at 09:35:06AM +, Marc Zyngier wrote:
> >
> > [...]
> >
> > > > > + if (kvm_vcpu_abt_iss1tw(vcpu)) {
> > > > > + /*
> > > > >
On Wed, 21 Dec 2022 16:50:30 +,
Oliver Upton wrote:
>
> On Wed, Dec 21, 2022 at 09:35:06AM +, Marc Zyngier wrote:
>
> [...]
>
> > > > + if (kvm_vcpu_abt_iss1tw(vcpu)) {
> > > > + /*
> > > > +* Only a permission fault on a S1PTW should be
> > > > +
On Wed, Dec 21, 2022 at 09:35:06AM +, Marc Zyngier wrote:
[...]
> > > + if (kvm_vcpu_abt_iss1tw(vcpu)) {
> > > + /*
> > > + * Only a permission fault on a S1PTW should be
> > > + * considered as a write. Otherwise, page tables baked
> > > + * in a read-only
On Tue, 20 Dec 2022 21:47:36 +,
Oliver Upton wrote:
>
> Hi Marc,
>
> On Tue, Dec 20, 2022 at 08:09:21PM +, Marc Zyngier wrote:
> > A recent development on the EFI front has resulted in guests having
> > their page tables baked in the firmware binary, and mapped into
> > the IPA space as
Hi Marc,
On Tue, Dec 20, 2022 at 08:09:21PM +, Marc Zyngier wrote:
> A recent development on the EFI front has resulted in guests having
> their page tables baked in the firmware binary, and mapped into
> the IPA space as part as a read-only memslot.
as part of a
> Not only this is legitimat
A recent development on the EFI front has resulted in guests having
their page tables baked in the firmware binary, and mapped into
the IPA space as part as a read-only memslot.
Not only this is legitimate, but it also results in added security,
so thumbs up. However, this clashes mildly with our
