[PATCH v2 0/4] KVM: arm64: Fix guest feature sanitization and pKVM state synchronization
Fuad Tabba
tabba at google.com
Fri Feb 13 06:38:11 PST 2026
This series addresses state management and feature synchronization
vulnerabilities in both standard KVM and pKVM implementations on arm64.
The primary focus is ensuring that the hypervisor correctly handles
architectural extensions during context switches to prevent state
corruption.
Changes since v1 [1]:
- Moved optimising away S1POE handling when not supported by host to a
separate patch.
- Fixed clearing, checking and setting KVM_ARCH_FLAG_ID_REGS_INITIALIZED
[1] https://lore.kernel.org/all/20260212090252.158689-1-tabba@google.com/
Based on Linux 6.19.
Cheers,
/fuad
Cc: stable at vger.kernel.org
Fuad Tabba (4):
KVM: arm64: Hide S1POE from guests when not supported by the host
KVM: arm64: Optimise away S1POE handling when not supported by host
KVM: arm64: Fix ID register initialization for non-protected pKVM
guests
KVM: arm64: Remove redundant kern_hyp_va() in unpin_host_sve_state()
arch/arm64/include/asm/kvm_host.h | 3 ++-
arch/arm64/kvm/hyp/nvhe/pkvm.c | 37 ++++++++++++++++++++++++++++---
arch/arm64/kvm/sys_regs.c | 3 +++
3 files changed, 39 insertions(+), 4 deletions(-)
base-commit: 05f7e89ab9731565d8a62e3b5d1ec206485eeb0b
--
2.53.0.273.g2a3d683680-goog
More information about the linux-arm-kernel
mailing list