[PATCH v1 0/3] KVM: arm64: Fix guest feature sanitization and pKVM state synchronization
Fuad Tabba
tabba at google.com
Thu Feb 12 01:02:49 PST 2026
This series addresses state management and feature synchronization
vulnerabilities in both standard KVM and pKVM implementations on arm64.
The primary focus is ensuring that the hypervisor correctly handles
architectural extensions during context switches to prevent state
corruption.
The series is structured as follows:
* Patch 1: Addresses an issue in KVM/arm64 in general where FEAT_S1POE
is exposed to guests based solely on hardware capability. If the host
kernel is built without CONFIG_ARM64_POE, it will not context-switch
POR_EL1. Masking the S1POE bit in ID_AA64MMFR3_EL1 when
system_supports_poe() is false prevents state corruption.
* Patch 2: Fixes a bug in pKVM non-protected guest initialization.
Previously, pkvm_init_features_from_host() copied the initialized flag
without copying the actual id_regs array. This caused EL2 feature
checks (such as ctxt_has_tcrx()) to silently fail, breaking the
save/restore logic for system registers like TCR2_EL1, PIR_EL1, and
POR_EL1 during world switches. The fix initializes the ID registers.
* Patch 3: Removes a redundant kern_hyp_va() macro invocation in
unpin_host_sve_state(). The sve_state pointer is already initialized
as a hypervisor virtual address. While idempotent, the macro is
unnecessary here.
Based on Linux 6.19.
Cheers,
/fuad
Cc: stable at vger.kernel.org
Fuad Tabba (3):
KVM: arm64: Hide S1POE from guests when not supported by the host
KVM: arm64: Fix ID register initialization for non-protected pKVM
guests
KVM: arm64: Remove redundant kern_hyp_va() in unpin_host_sve_state()
arch/arm64/include/asm/kvm_host.h | 3 ++-
arch/arm64/kvm/hyp/nvhe/pkvm.c | 39 ++++++++++++++++++++++++++++---
arch/arm64/kvm/sys_regs.c | 3 +++
3 files changed, 41 insertions(+), 4 deletions(-)
base-commit: 05f7e89ab9731565d8a62e3b5d1ec206485eeb0b
--
2.53.0.239.g8d8fc8a987-goog
More information about the linux-arm-kernel
mailing list