On Wed, 20 Sep 2023 20:50:33 +0100, Oliver Upton <oliver.upton@xxxxxxxxx> wrote: > > It would appear that userspace can select the NV feature flag regardless > of whether the system actually supports the feature. Obviously a nested > guest isn't getting far in this situation; let's reject the flag > instead. The current code is definitely odd. We rely on vcpu_has_nv() to return false, meaning that we go all the way and initialise it as an EL1-only guest. Duh. Well-behaved userspace would check the KVM_CAP_ARM_EL2 capability, which isn't upstream yet... :-( Thanks for fixing this. I'll review the series as a whole. M. -- Without deviation from the norm, progress is not possible.
