diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 805aeae46fc8..2860b2443177 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -163,7 +163,6 @@ struct kvm_pinned_page { struct kvm_protected_vm { bool enabled; int shadow_handle; - struct mutex shadow_lock; struct kvm_hyp_memcache teardown_mc; struct list_head pinned_pages; }; diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h index f96f8fa7059e..efb54331fd6f 100644 --- a/arch/arm64/include/asm/kvm_pkvm.h +++ b/arch/arm64/include/asm/kvm_pkvm.h @@ -16,8 +16,6 @@ #define HYP_MEMBLOCK_REGIONS 128 -int create_el2_shadow(struct kvm *kvm); - /* * Definitions for features to be allowed or restricted for guest virtual * machines, depending on the mode KVM is running in and on the type of guest diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 3023571dd863..0bcecb2bafad 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -777,9 +777,6 @@ int kvm_arch_vcpu_run_pid_change(struct kvm_vcpu *vcpu) static_branch_inc(&userspace_irqchip_in_use); } - if (is_protected_kvm_enabled()) - ret = create_el2_shadow(kvm); - return ret; } diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c index cf5913c87828..50a00a1e03d7 100644 --- a/arch/arm64/kvm/pkvm.c +++ b/arch/arm64/kvm/pkvm.c @@ -115,13 +115,16 @@ static void update_vcpu_state(struct kvm_vcpu *vcpu, int shadow_handle) * * Return 0 on success, negative error code on failure. */ -static int __create_el2_shadow(struct kvm *kvm) +static int create_el2_shadow(struct kvm *kvm) { size_t pgd_sz, shadow_sz; void *pgd, *shadow_addr; int shadow_handle; int ret, i; + if (kvm->arch.pkvm.shadow_handle) + return -EEXIST; + if (kvm->created_vcpus < 1) return -EINVAL; @@ -168,14 +171,20 @@ free_pgd: return ret; } -int create_el2_shadow(struct kvm *kvm) +int pkvm_init_el2_context(struct kvm *kvm) { int ret = 0; - mutex_lock(&kvm->arch.pkvm.shadow_lock); - if (!kvm->arch.pkvm.shadow_handle) - ret = __create_el2_shadow(kvm); - mutex_unlock(&kvm->arch.pkvm.shadow_lock); + mutex_lock(&kvm->lock); + ret = create_el2_shadow(kvm); + mutex_unlock(&kvm->lock); - return ret; + if (ret < 0) { + kvm_err("Creating shadow structures for protected VM failed: %d\n", + ret); + return ret; + } + + kvm_pr_unimpl("Stage-2 protection is a work-in-progress: civilization phase III\n"); + return 0; }