[PATCH v1 0/7] KVM: arm64: Fix handling of host fpsimd/sve state in protected mode
Fuad Tabba
tabba at google.com
Mon May 20 00:35:47 PDT 2024
Hi Oliver and Mark,
On Fri, May 17, 2024 at 7:19 PM Mark Brown <broonie at kernel.org> wrote:
>
> On Fri, May 17, 2024 at 05:30:54PM +0000, Oliver Upton wrote:
>
> > Hmm... Is there any reason why we need to be concerned about preserving
> > host SVE state?
>
> > The syscall ABI has it that only the first 128 bits of the vector
> > registers are preserved by the kernel, and I see no reason why we
> > couldn't apply a similar restriction to KVM_RUN HVCs into EL2. We'd need
> > to eagerly flush the vector registers on entry to avoid disclosing guest
> > usage of SVE.
>
> > What you have is certainly correct, I just wonder if we're going out of
> > our way to save/restore 0's for larger VLs.
>
> Not just larger VLs, there's also the P registers even for 128 bit SVE.
>
> I think it'd be sensible to discard. A big part of why the host ABI is
> like that is that the AAPCS makes the SVE specific state caller
> preserved on function calls, with syscalls mirroring that. This means
> that even if the kernel is using FP the HVC would need to be inline in a
> function using SVE in order to get any state that needs to be preserved
> in there, or there'd need to be some other non-AAPCS thing going on. We
> already ensure that any EL0 state is saved prior to trying to run a VM,
> I've not checked the interaction with pKVM here but if there's any
> issues I'd hope it's not too difficult to close them.
The reason for that is that in pKVM we want to avoid leaking any
information about protected VM activity to the host, including whether
the VM might have performed fpsimd/sve operations. Therefore, we need
to ensure that the host SVE state looks the same after a protected
guest has run as it did before a protected guest has run.
It would be correct to only save/restore the host's fpsimd state
(i.e., first 128 bits of the vector registers), which is what KVM does
in other modes. However, unless we always zero out the rest of the
state, regardless whether the protected guest has used fpsimd/sve,
then the host would be able to find out that the guest has in fact
performed fpsimd/sve operations.
This isn't necessary for non-protected VMs, but Marc thought that for
now it would be better to simplify things and have pKVM behave the
same way for both protected and non-protected VMs. As a future
optimization for non-protected VMs, we could have them behave as VMs
in other modes.
Thanks,
/fuad
More information about the linux-arm-kernel
mailing list