From: Marc Zyngier <maz@xxxxxxxxxx> Instead of sharing memory with protected guests, which still leaves the host with r/w access, donate the underlying pages so that they are unmapped from the host stage-2. Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx> --- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c index c1939dd2294f..e987f34641dd 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c @@ -465,7 +465,10 @@ static void handle___pkvm_host_map_guest(struct kvm_cpu_context *host_ctxt) if (ret) goto out; - ret = __pkvm_host_share_guest(pfn, gfn, shadow_vcpu); + if (shadow_state_is_protected(shadow_state)) + ret = __pkvm_host_donate_guest(pfn, gfn, shadow_vcpu); + else + ret = __pkvm_host_share_guest(pfn, gfn, shadow_vcpu); out: cpu_reg(host_ctxt, 1) = ret; } -- 2.36.1.124.g0e6072fb45-goog