[PATCH 10/30] KVM: arm64: Introduce __pkvm_host_donate_guest()
Will Deacon
will at kernel.org
Fri Jan 9 06:30:47 PST 2026
On Tue, Jan 06, 2026 at 02:48:00PM +0000, Quentin Perret wrote:
> On Monday 05 Jan 2026 at 15:49:18 (+0000), Will Deacon wrote:
> > +static void handle___pkvm_host_donate_guest(struct kvm_cpu_context *host_ctxt)
> > +{
> > + DECLARE_REG(u64, pfn, host_ctxt, 1);
> > + DECLARE_REG(u64, gfn, host_ctxt, 2);
> > + struct pkvm_hyp_vcpu *hyp_vcpu;
> > + int ret = -EINVAL;
> > +
> > + hyp_vcpu = pkvm_get_loaded_hyp_vcpu();
> > + if (!hyp_vcpu)
>
> I guess we should check this is a protected VM here, else a malicious
> host could donate pages to an np-guest. I didn't try to think through
> the implications, perhaps it's fine, but it feels unecessary so I'd say
> let's be restrictive here.
It's definitely harmless to add the check, but it's also hard to justify
in my opinion. Can you think of anything that can actually go wrong it
a malicious host donates memory to a non-protected guest? Generally,
I think the fewer places where we have to distinguish between a
protected and a non-protected guest in the hypervisor, the better.
Will
More information about the linux-arm-kernel
mailing list