[PATCH v1 2/8] KVM: arm64: Trap access to ALLINT if FEAT_NMI not supported by the guest
Fuad Tabba
tabba at google.com
Tue Nov 4 04:59:00 PST 2025
Access to ALLINT is part of FEAT_NMI. If a guest does not support this
feature, any access to this register must be trapped to the hypervisor
(EL2).
KVM didn't configure this trap, potentially allowing a guest to toggle
all interrupt mask when it doesn't support FEAT_NMI. Fix this by
checking if the guest has FEAT_NMI support.
Signed-off-by: Fuad Tabba <tabba at google.com>
---
arch/arm64/include/asm/kvm_emulate.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
index 0f8311263edf..3fc62808c548 100644
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -688,6 +688,9 @@ static inline void vcpu_set_hcrx(struct kvm_vcpu *vcpu)
else
vcpu->arch.hcrx_el2 |= HCRX_EL2_MCE2;
+ if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, NMI, IMP))
+ vcpu->arch.hcrx_el2 |= HCRX_EL2_TALLINT;
+
if (kvm_has_tcr2(kvm))
vcpu->arch.hcrx_el2 |= HCRX_EL2_TCR2En;
--
2.51.2.997.g839fc31de9-goog
More information about the linux-arm-kernel
mailing list