KVM: arm64: Don't unnecessarily map host kernel sections at EL2 (169cd0f8) · Commits · EulixOS / Software / Kernel

arch/arm64/kernel/image-vars.h

+0 −6

Original line number	Diff line number	Diff line
		@@ -102,12 +102,6 @@ KVM_NVHE_ALIAS_HYP(__memcpy, __pi_memcpy);
		KVM_NVHE_ALIAS_HYP(__memset, __pi_memset);
		#endif

		/* Kernel memory sections */
		KVM_NVHE_ALIAS(__start_rodata);
		KVM_NVHE_ALIAS(__end_rodata);
		KVM_NVHE_ALIAS(__bss_start);
		KVM_NVHE_ALIAS(__bss_stop);

		/* Hyp memory sections */
		KVM_NVHE_ALIAS(__hyp_idmap_text_start);
		KVM_NVHE_ALIAS(__hyp_idmap_text_end);

+3 −11

Original line number	Diff line number	Diff line
		@@ -144,23 +144,15 @@ static int recreate_hyp_mappings(phys_addr_t phys, unsigned long size,
		}

		/*
		* Map the host's .bss and .rodata sections RO in the hypervisor, but
		* transfer the ownership from the host to the hypervisor itself to
		* make sure it can't be donated or shared with another entity.
		* Map the host sections RO in the hypervisor, but transfer the
		* ownership from the host to the hypervisor itself to make sure they
		* can't be donated or shared with another entity.
		*
		* The ownership transition requires matching changes in the host
		* stage-2. This will be done later (see finalize_host_mappings()) once
		* the hyp_vmemmap is addressable.
		*/
		prot = pkvm_mkstate(PAGE_HYP_RO, PKVM_PAGE_SHARED_OWNED);
		ret = pkvm_create_mappings(__start_rodata, __end_rodata, prot);
		if (ret)
		return ret;

		ret = pkvm_create_mappings(__hyp_bss_end, __bss_stop, prot);
		if (ret)
		return ret;

		ret = pkvm_create_mappings(&kvm_vgic_global_state,
		&kvm_vgic_global_state + 1, prot);
		if (ret)