Google Git
Sign in
android-kvm / linux / 0c09fe0847ee842c8a0b421b23569e190e9ceff9^! / .
commit0c09fe0847ee842c8a0b421b23569e190e9ceff9[log] [tgz]
authorQuentin Perret <qperret@google.com>Tue Oct 05 12:01:58 2021 +0100
committerWill Deacon <will@kernel.org>Wed Dec 01 15:48:19 2021 +0000
tree4dfef8e2b62583b89dcfaa4c602748e0a327a024
parentf77790f03a60adbcfe5fdd9052f773442b56a423 [diff]
KVM: arm64: Disable GICv2 support in protected mode

GICv2 requires having device mappings in guests, which breaks the
current ownership model in protected mode -- only memory can be donated
and/or shared with protected guests. While it would be desirable to
support sharing or donating devices to guests in protected mode, this
will require more work, so let's make the current assumption obvious
until then.

Signed-off-by: Quentin Perret <qperret@google.com>

diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 326cdfe..9fe5566 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c

@@ -407,6 +407,9 @@
 	unsigned long addr;
 	int ret;
 
+	if (WARN_ON(is_protected_kvm_enabled()))
+		return -EPERM;
+
 	*kaddr = ioremap(phys_addr, size);
 	if (!*kaddr)
 		return -ENOMEM;
@@ -650,6 +653,9 @@
 				     KVM_PGTABLE_PROT_R |
 				     (writable ? KVM_PGTABLE_PROT_W : 0);
 
+	if (WARN_ON(is_protected_kvm_enabled()))
+		return -EPERM;
+
 	size += offset_in_page(guest_ipa);
 	guest_ipa &= PAGE_MASK;
 

diff --git a/arch/arm64/kvm/vgic/vgic-v2.c b/arch/arm64/kvm/vgic/vgic-v2.c
index 95a18ce..8e337a0 100644
--- a/arch/arm64/kvm/vgic/vgic-v2.c
+++ b/arch/arm64/kvm/vgic/vgic-v2.c

@@ -345,6 +345,11 @@
 	int ret;
 	u32 vtr;
 
+	if (is_protected_kvm_enabled()) {
+		kvm_err("GICv2 not supported in protected mode\n");
+		return -ENXIO;
+	}
+
 	if (!info->vctrl.start) {
 		kvm_err("GICH not present in the firmware table\n");
 		return -ENXIO;