[PATCH v1 0/7] KVM: arm64: Fix handling of host fpsimd/sve state in protected mode
Fuad Tabba
tabba at google.com
Tue May 21 05:27:55 PDT 2024
Hi Oliver,
On Mon, May 20, 2024 at 9:53 PM Oliver Upton <oliver.upton at linux.dev> wrote:
>
> Hey Fuad,
>
> On Mon, May 20, 2024 at 06:57:36PM +0100, Fuad Tabba wrote:
> > Hi Oliver,
> >
> > On Mon, May 20, 2024 at 6:37 PM Oliver Upton <oliver.upton at linux.dev> wrote:
> > >
> > > On Mon, May 20, 2024 at 09:11:13AM +0100, Marc Zyngier wrote:
> > > > On Mon, 20 May 2024 08:35:47 +0100, Fuad Tabba <tabba at google.com> wrote:
> > > > > The reason for that is that in pKVM we want to avoid leaking any
> > > > > information about protected VM activity to the host, including whether
> > > > > the VM might have performed fpsimd/sve operations. Therefore, we need
> > > > > to ensure that the host SVE state looks the same after a protected
> > > > > guest has run as it did before a protected guest has run.
> > >
> > > Wouldn't it be equally valid to just zero the state that will not be
> > > preserved regardless of whether or not the guest used fpsimd/sve?
> >
> > Yes it would. I think I did mention that as an option.
>
> Apologies, I probably missed it earlier on then.
>
> > However, that would need to be done at every protected guest exit, whereas
> > restoring the host SVE state only needs to be done if the guest has used
> > fpsimd/sve.
>
> Indeed, what I was _hoping_ is that implementations do a decent job of
> handling a zeroing idiom for SVE and avoid needing to fetch a bunch of
> state out of memory.
>
> > I think the code for the latter (i.e., zeroing out), would be simpler.
> > I'm happy to do it that way if you and the others think it's better.
>
> Right, I have no fundamental objections to fully managing the host SVE
> state in EL2. Strong preference for something simple + correct in the
> interim. Anyway, thanks for suffering through my whining and hopefully
> we can land a fix soon :)
Thanks for your review and comments, which are very helpful as always.
I'll respin this within the next couple of days.
Cheers,
/fuad
> --
> Best,
> Oliver
More information about the linux-arm-kernel
mailing list