KVM: arm64: nv: Respect stage-2 write permssion when setting stage-1 AF

author Oliver Upton <oupton@kernel.org>

Thu, 8 Jan 2026 20:42:30 +0000 (12:42 -0800)

committer Oliver Upton <oupton@kernel.org>

Fri, 9 Jan 2026 23:40:34 +0000 (15:40 -0800)
author Oliver Upton <oupton@kernel.org>
Thu, 8 Jan 2026 20:42:30 +0000 (12:42 -0800)
committer Oliver Upton <oupton@kernel.org>
Fri, 9 Jan 2026 23:40:34 +0000 (15:40 -0800)
diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c

index 53bf70126f81dda8eb1e06f6228e3be7f3794d13..808d26bed1824adfe8bd9d835e6b2a3f49637921 100644 (file)
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@@ -403,6 +403,7 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi,
                    struct s1_walk_result *wr, u64 va)
  {
         u64 va_top, va_bottom, baddr, desc, new_desc, ipa;
+       struct kvm_s2_trans s2_trans = {};
         int level, stride, ret;
  
         level = wi->sl;
@@ -420,8 +421,6 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi,
                 ipa = baddr | index;
  
                 if (wi->s2) {
-                       struct kvm_s2_trans s2_trans = {};
-
                         ret = kvm_walk_nested_s2(vcpu, ipa, &s2_trans);
                         if (ret) {
                                 fail_s1_walk(wr,
@@ -515,6 +514,11 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi,
                 new_desc |= PTE_AF;
  
         if (new_desc != desc) {
+               if (wi->s2 && !kvm_s2_trans_writable(&s2_trans)) {
+                       fail_s1_walk(wr, ESR_ELx_FSC_PERM_L(level), true);
+                       return -EPERM;
+               }
+
                 ret = kvm_swap_s1_desc(vcpu, ipa, desc, new_desc, wi);
                 if (ret)
                         return ret;
author	Oliver Upton <oupton@kernel.org>
	Thu, 8 Jan 2026 20:42:30 +0000 (12:42 -0800)
committer	Oliver Upton <oupton@kernel.org>
	Fri, 9 Jan 2026 23:40:34 +0000 (15:40 -0800)