| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Jan 2023 11:39:08 +0000
From: Suzuki K Poulose <suzuki.poulose@....com>
To: kvm@...r.kernel.org, kvmarm@...ts.linux.dev
Cc: suzuki.poulose@....com,
Alexandru Elisei <alexandru.elisei@....com>,
Andrew Jones <andrew.jones@...ux.dev>,
Christoffer Dall <christoffer.dall@....com>,
Fuad Tabba <tabba@...gle.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Joey Gouly <Joey.Gouly@....com>, Marc Zyngier <maz@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Oliver Upton <oliver.upton@...ux.dev>,
Paolo Bonzini <pbonzini@...hat.com>,
Quentin Perret <qperret@...gle.com>,
Steven Price <steven.price@....com>,
Thomas Huth <thuth@...hat.com>, Will Deacon <will@...nel.org>,
Zenghui Yu <yuzenghui@...wei.com>, linux-coco@...ts.linux.dev,
kvmarm@...ts.cs.columbia.edu, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: [RFC kvmtool 07/31] arm64: Add option to disable SVE
kvmtool enables SVE whenever it is supported by the KVM.
However, Realm VMs may want controlled features, which gets
measured during the creation. Thus, provide an option to disable
the SVE, to preserve the current behavior of SVE on by default.
Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com>
---
arm/aarch64/include/kvm/kvm-config-arch.h | 4 +++-
arm/aarch64/kvm-cpu.c | 8 +++++---
arm/include/arm-common/kvm-config-arch.h | 1 +
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h
index eae8080d..b055fef4 100644
--- a/arm/aarch64/include/kvm/kvm-config-arch.h
+++ b/arm/aarch64/include/kvm/kvm-config-arch.h
@@ -19,7 +19,9 @@ int vcpu_affinity_parser(const struct option *opt, const char *arg, int unset);
"Specify random seed for Kernel Address Space " \
"Layout Randomization (KASLR)"), \
OPT_BOOLEAN('\0', "no-pvtime", &(cfg)->no_pvtime, "Disable" \
- " stolen time"),
+ " stolen time"), \
+ OPT_BOOLEAN('\0', "disable-sve", &(cfg)->disable_sve, \
+ "Disable SVE"),
#include "arm-common/kvm-config-arch.h"
#endif /* KVM__KVM_CONFIG_ARCH_H */
diff --git a/arm/aarch64/kvm-cpu.c b/arm/aarch64/kvm-cpu.c
index da809806..e7649239 100644
--- a/arm/aarch64/kvm-cpu.c
+++ b/arm/aarch64/kvm-cpu.c
@@ -149,8 +149,9 @@ void kvm_cpu__select_features(struct kvm *kvm, struct kvm_vcpu_init *init)
init->features[0] |= 1UL << KVM_ARM_VCPU_PTRAUTH_GENERIC;
}
- /* Enable SVE if available */
- if (kvm__supports_vm_extension(kvm, KVM_CAP_ARM_SVE))
+ /* If SVE is not disabled explicitly, enable if available */
+ if (!kvm->cfg.arch.disable_sve &&
+ kvm__supports_vm_extension(kvm, KVM_CAP_ARM_SVE))
init->features[0] |= 1UL << KVM_ARM_VCPU_SVE;
}
@@ -158,7 +159,8 @@ int kvm_cpu__configure_features(struct kvm_cpu *vcpu)
{
struct kvm *kvm = vcpu->kvm;
- if (kvm__supports_vm_extension(kvm, KVM_CAP_ARM_SVE)) {
+ if (!kvm->cfg.arch.disable_sve &&
+ kvm__supports_vm_extension(kvm, KVM_CAP_ARM_SVE)) {
int feature = KVM_ARM_VCPU_SVE;
if (ioctl(vcpu->vcpu_fd, KVM_ARM_VCPU_FINALIZE, &feature)) {
diff --git a/arm/include/arm-common/kvm-config-arch.h b/arm/include/arm-common/kvm-config-arch.h
index 9949bfe4..6599305b 100644
--- a/arm/include/arm-common/kvm-config-arch.h
+++ b/arm/include/arm-common/kvm-config-arch.h
@@ -15,6 +15,7 @@ struct kvm_config_arch {
enum irqchip_type irqchip;
u64 fw_addr;
bool no_pvtime;
+ bool disable_sve;
};
int irqchip_parser(const struct option *opt, const char *arg, int unset);
--
2.34.1
Powered by blists - more mailing lists