On Wed, Nov 24 2021 at 16:19, isaku yamahata wrote:
>
> static int kvm_vcpu_ioctl_smi(struct kvm_vcpu *vcpu)
> {
> + /* TODO: use more precise flag */
Why is this still a todo and not implemented properly from the very beginning?
And then you have this:
> + if (vcpu->arch.guest_state_protected)
> + return -EINVAL;
...
> + /* TODO: use more precise flag */
> + if (vcpu->arch.guest_state_protected)
> + return -EINVAL;
and a gazillion of other places. That's beyond lame.
The obvious place to do such a decision is kvm_arch_vcpu_ioctl(), no?
kvm_arch_vcpu_ioctl(.., unsigneg int ioctl, ...)
if (vcpu->arch.guest_state_protected) {
if (!(test_bit(_IOC_NR(ioctl), vcpu->ioctl_allowed))
return -EINVAL;
}
is way too simple and obvious, right?
Even if you want more fine grained control, then having an array of
flags per ioctl number is way better than sprinkling this protected muck
conditions all over the place.
Thanks,
tglx
