diff options
author | Will Deacon <[email protected]> | 2021-10-08 14:58:38 +0100 |
---|---|---|
committer | Marc Zyngier <[email protected]> | 2021-10-11 09:07:29 +0100 |
commit | 07036cffe17ec07e8fb630d86f8ea21832d9e57d (patch) | |
tree | 52041c29e0e97601bae479d68c19dc2783ae30cc | |
parent | 2f2e1a5069679491d18cf9021da19b40c56a17f3 (diff) |
KVM: arm64: Prevent re-finalisation of pKVM for a given CPU
__pkvm_prot_finalize() completes the deprivilege of the host when pKVM
is in use by installing a stage-2 translation table for the calling CPU.
Issuing the hypercall multiple times for a given CPU makes little sense,
but in such a case just return early with -EPERM rather than go through
the whole page-table dance again.
Cc: Marc Zyngier <[email protected]>
Cc: Quentin Perret <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Marc Zyngier <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
-rw-r--r-- | arch/arm64/kvm/hyp/nvhe/mem_protect.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index bacd493a4eac..cafe17e5fa8f 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -123,6 +123,9 @@ int __pkvm_prot_finalize(void) struct kvm_s2_mmu *mmu = &host_kvm.arch.mmu; struct kvm_nvhe_init_params *params = this_cpu_ptr(&kvm_init_params); + if (params->hcr_el2 & HCR_VM) + return -EPERM; + params->vttbr = kvm_get_vttbr(mmu); params->vtcr = host_kvm.arch.vtcr; params->hcr_el2 |= HCR_VM; |