| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Jun 2024 19:47:01 +0100
From: Mark Brown <broonie@...nel.org>
To: Marc Zyngier <maz@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>,
James Morse <james.morse@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>,
Fuad Tabba <tabba@...gle.com>
Cc: linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
linux-kernel@...r.kernel.org, Mark Brown <broonie@...nel.org>
Subject: [PATCH] KVM: arm64: Fix confusion in documentation for pKVM SME
assert
As raised in the review comments for the original patch the assert and
comment added in afb91f5f8ad7 ("KVM: arm64: Ensure that SME controls are
disabled in protected mode") are bogus. The comments says that we check
that we do not have SME enabled for a pKVM guest but the assert actually
checks to see if the host has anything set in SVCR which is unrelated to
the guest features or state, regardless of if those guests are protected
or not.
What I believe the check is actually intended to validate is that we do
not enter the pKVM hypervisor with SME enabled since the pKVM hypervisor
does not yet understand SME and is therefore unable to save or restore
host state with SME enabled, indeed attempting to save SVE state would
fault if streaming mode is enabled on a system without FA64 due to FFR.
Update the comment to reflect this.
Fixes: afb91f5f8ad7 ("KVM: arm64: Ensure that SME controls are disabled in protected mode")
Signed-off-by: Mark Brown <broonie@...nel.org>
---
arch/arm64/kvm/fpsimd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kvm/fpsimd.c b/arch/arm64/kvm/fpsimd.c
index 521b32868d0d..f720ba47b85c 100644
--- a/arch/arm64/kvm/fpsimd.c
+++ b/arch/arm64/kvm/fpsimd.c
@@ -92,8 +92,9 @@ void kvm_arch_vcpu_load_fp(struct kvm_vcpu *vcpu)
}
/*
- * If normal guests gain SME support, maintain this behavior for pKVM
- * guests, which don't support SME.
+ * The pKVM hypervisor does not yet understand how to save or
+ * restore SME state for the host so double check that if we
+ * are running with pKVM we have disabled SME.
*/
WARN_ON(is_protected_kvm_enabled() && system_supports_sme() &&
read_sysreg_s(SYS_SVCR));
---
base-commit: afb91f5f8ad7af172d993a34fde1947892408f53
change-id: 20240604-kvm-arm64-sme-assert-5ad755d4e8a6
Best regards,
--
Mark Brown <broonie@...nel.org>
Powered by blists - more mailing lists