On Thursday 23 Sep 2021 at 12:22:55 (+0100), Will Deacon wrote: > __pkvm_prot_finalize() completes the deprivilege of the host when pKVM > is in use by installing a stage-2 translation table for the calling CPU. > > Issuing the hypercall multiple times for a given CPU makes little sense, > but in such a case just return early with -EPERM rather than go through > the whole page-table dance again. > > Cc: Marc Zyngier <maz@xxxxxxxxxx> > Cc: Quentin Perret <qperret@xxxxxxxxxx> > Signed-off-by: Will Deacon <will@xxxxxxxxxx> > --- > arch/arm64/kvm/hyp/nvhe/mem_protect.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c > index bacd493a4eac..cafe17e5fa8f 100644 > --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c > +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c > @@ -123,6 +123,9 @@ int __pkvm_prot_finalize(void) > struct kvm_s2_mmu *mmu = &host_kvm.arch.mmu; > struct kvm_nvhe_init_params *params = this_cpu_ptr(&kvm_init_params); > > + if (params->hcr_el2 & HCR_VM) > + return -EPERM; And you check this rather than the static key because we flip it upfront I guess. Makes sense to me, but maybe a little comment would be useful :) In any case: Reviewed-by: Quentin Perret <qperret@xxxxxxxxxx> Thanks, Quentin _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
