[PATCH v1 2/2] KVM: arm: Refuse to enable KVM on systems with FEAT_SME but not FEAT_FGT

[Mark Brown]

The architecture requires that any system which implements SME also has
fine grained traps since SME is a v9.2 feature, meaning that v8.7 must be
implemented, and FGT is mandatory from v8.6. Virtualisation support for
SME relies on fine grained traps to control access to SMPRI_EL1 and in
nVHE mode to TPIDR2_EL0, without traps SMPRI_EL1.Priority and TPIDR2_EL0
can be used as side channels even if SME support is not exposed to the
guest.

Reported-by: Vincent Donnefort <vdonnefort at google.com>
Signed-off-by: Mark Brown <broonie at kernel.org>
---
 arch/arm64/kvm/arm.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 94d33e296e10..4662407ee789 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -2183,6 +2183,21 @@ int kvm_arch_init(void *opaque)
 		return -ENODEV;
 	}
 
+	/*
+	 * SME without fine grained traps is an architecturally
+	 * invalid configuration since SME is a v9.2 feature and FGT
+	 * is required from v8.6 but virtual platforms have been
+	 * encountered which don't respect this. Without FGT we can't
+	 * trap access to TPIDR2_EL0 in nVHE mode or SMPRI_EL1 in any
+	 * mode, making this conditional in the code would lead to
+	 * side channels on these out of spec systems.
+	 */
+	if (cpus_have_final_cap(ARM64_SME) &&
+	    !cpus_have_final_cap(ARM64_HAS_FGT)) {
+		kvm_err("KVM disabled since system has SME without FGT\n");
+		return -ENODEV;
+	}
+
 	if (kvm_get_mode() == KVM_MODE_NONE) {
 		kvm_info("KVM disabled from command line\n");
 		return -ENODEV;
-- 
2.30.2