[PATCH v1 0/2] KVM: arm: Refuse to enable KVM on systems with SME but not FGT
Catalin Marinas
catalin.marinas at arm.com
Sun Oct 30 10:44:39 PDT 2022
On Sat, Oct 29, 2022 at 12:46:43PM +0100, Marc Zyngier wrote:
> On Thu, 27 Oct 2022 21:52:44 +0100,
> Mark Brown <broonie at kernel.org> wrote:
> >
> > The architecture requires that any system which implements SME also has
> > fine grained traps since SME is a v9.2 feature, meaning that v8.7 must be
> > implemented, and FGT is mandatory from v8.6. SME relies on fine grained
> > traps to control access to SMPRI_EL1 and in nVHE mode to TPIDR2_EL0,
> > without traps SMPRI_EL1.Priority and TPIDR2_EL0 can be used as side
> > channels.
> >
> > This series adds support for detecting FGT and refuses to allow KVM to
> > be used in architecturally invalid configurations which have SME but not
> > FGT, without detection the issue presents as faults due to EL2
> > attempting to access the FGT registers which isn't obvious to users.
> > Currently fine grained traps are only used in nVHE but but a series
> > "arm64/sme: Fix SMPRI_EL1 traps for KVM guests" sent along with this
> > will add usage for VHE mode too making the issue more pressing.
>
> I think this goes the wrong way around. SME without FGT is invalid,
> and yet you keep SME around and device to kill virtualisation support.
>
> I'd rather it is SME that gets disabled when the kernel boots at EL2.
I agree, I rather we did it the other way around.
--
Catalin
More information about the linux-arm-kernel
mailing list