| Message ID | 20210923112256.15767-5-will@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: arm64: Restrict host hypercalls when pKVM is enabled | expand |
On Thursday 23 Sep 2021 at 12:22:55 (+0100), Will Deacon wrote: > __pkvm_prot_finalize() completes the deprivilege of the host when pKVM > is in use by installing a stage-2 translation table for the calling CPU. > > Issuing the hypercall multiple times for a given CPU makes little sense, > but in such a case just return early with -EPERM rather than go through > the whole page-table dance again. > > Cc: Marc Zyngier <maz@kernel.org> > Cc: Quentin Perret <qperret@google.com> > Signed-off-by: Will Deacon <will@kernel.org> > --- > arch/arm64/kvm/hyp/nvhe/mem_protect.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c > index bacd493a4eac..cafe17e5fa8f 100644 > --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c > +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c > @@ -123,6 +123,9 @@ int __pkvm_prot_finalize(void) > struct kvm_s2_mmu *mmu = &host_kvm.arch.mmu; > struct kvm_nvhe_init_params *params = this_cpu_ptr(&kvm_init_params); > > + if (params->hcr_el2 & HCR_VM) > + return -EPERM; And you check this rather than the static key because we flip it upfront I guess. Makes sense to me, but maybe a little comment would be useful :) In any case: Reviewed-by: Quentin Perret <qperret@google.com> Thanks, Quentin
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index bacd493a4eac..cafe17e5fa8f 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -123,6 +123,9 @@ int __pkvm_prot_finalize(void) struct kvm_s2_mmu *mmu = &host_kvm.arch.mmu; struct kvm_nvhe_init_params *params = this_cpu_ptr(&kvm_init_params); + if (params->hcr_el2 & HCR_VM) + return -EPERM; + params->vttbr = kvm_get_vttbr(mmu); params->vtcr = host_kvm.arch.vtcr; params->hcr_el2 |= HCR_VM;
__pkvm_prot_finalize() completes the deprivilege of the host when pKVM is in use by installing a stage-2 translation table for the calling CPU. Issuing the hypercall multiple times for a given CPU makes little sense, but in such a case just return early with -EPERM rather than go through the whole page-table dance again. Cc: Marc Zyngier <maz@kernel.org> Cc: Quentin Perret <qperret@google.com> Signed-off-by: Will Deacon <will@kernel.org> --- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 3 +++ 1 file changed, 3 insertions(+)