On Sunday 15 May 2022 at 12:10:20 (+0100), Marc Zyngier wrote: > Can we simplify the condition? ARM64_SPECTRE_V3A is only set when > !VHE, and we already bail in kvm_patch_vector_branch() if we see > VHE+V3A, because the combination makes no sense at all. I think this > can be rewritten as: > > if (kvm_system_needs_idmapped_vectors() && > !is_protected_lvm_enabled()) > > Thoughts? Yup I think this works as both CPUs that are vulnerable to V3A aren't VHE-capable. But if we ever get a VHE-capable CPU that's vulnerable I think the next call to create_hyp_exec_mappings() will BUG(). Perhaps the alternative would be to have has_spectre_v3a() say no in VHE to be on the safe side? That is, prevent the cap from being set to begin with. Cheers, Quentin _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
