| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250416134208.383984-26-steven.price@arm.com> Date: Wed, 16 Apr 2025 14:41:47 +0100 From: Steven Price <steven.price@....com> To: kvm@...r.kernel.org, kvmarm@...ts.linux.dev Cc: Steven Price <steven.price@....com>, Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>, James Morse <james.morse@....com>, Oliver Upton <oliver.upton@...ux.dev>, Suzuki K Poulose <suzuki.poulose@....com>, Zenghui Yu <yuzenghui@...wei.com>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Joey Gouly <joey.gouly@....com>, Alexandru Elisei <alexandru.elisei@....com>, Christoffer Dall <christoffer.dall@....com>, Fuad Tabba <tabba@...gle.com>, linux-coco@...ts.linux.dev, Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>, Gavin Shan <gshan@...hat.com>, Shanker Donthineni <sdonthineni@...dia.com>, Alper Gun <alpergun@...gle.com>, "Aneesh Kumar K . V" <aneesh.kumar@...nel.org> Subject: [PATCH v8 25/43] arm64: Don't expose stolen time for realm guests It doesn't make much sense as a realm guest wouldn't want to trust the host. It will also need some extra work to ensure that KVM will only attempt to write into a shared memory region. So for now just disable it. Reviewed-by: Suzuki K Poulose <suzuki.poulose@....com> Reviewed-by: Gavin Shan <gshan@...hat.com> Signed-off-by: Steven Price <steven.price@....com> --- Changes since v7: * Update the documentation to add a note about stolen time being unavailable in a realm. --- Documentation/virt/kvm/api.rst | 3 +++ arch/arm64/kvm/arm.c | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 54ae0b98030e..f91b35128748 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8684,6 +8684,9 @@ is supported, than the other should as well and vice versa. For arm64 see Documentation/virt/kvm/devices/vcpu.rst "KVM_ARM_VCPU_PVTIME_CTRL". For x86 see Documentation/virt/kvm/x86/msr.rst "MSR_KVM_STEAL_TIME". +Note that steal time accounting is not available when a guest is running +within a Arm CCA realm (machine type KVM_VM_TYPE_ARM_REALM). + 8.25 KVM_CAP_S390_DIAG318 ------------------------- diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index cacdc10d2a6b..97c5efbe47a6 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -396,7 +396,10 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) r = system_supports_mte(); break; case KVM_CAP_STEAL_TIME: - r = kvm_arm_pvtime_supported(); + if (kvm_is_realm(kvm)) + r = 0; + else + r = kvm_arm_pvtime_supported(); break; case KVM_CAP_ARM_EL1_32BIT: r = cpus_have_final_cap(ARM64_HAS_32BIT_EL1); -- 2.43.0
Powered by blists - more mailing lists