[PATCH 0/9] arm64: Fully disable configured-out features
Marc Zyngier
maz at kernel.org
Thu Feb 19 11:55:23 PST 2026
Fuad recently reported [1] that when support for FEAT_S1POE is
disabled, but that the HW supports it, the sanitised idreg still show
the value the HW expose, even if this is hidden from userspace. This
ended up advertising S1POE to guests, without the state being
correctly switched. Huhum.
We have a point-fix for this, but it would be good to address the
whole class of similar issues which affect PAuth, SVE, SME, GCS, MTE
and BTI, on top of S1POE. Not we currently leak state S1POE-style, but
we're just pretty lucky. Hence this.
This series tries to align the behaviour of a config option being not
selected with that of the corresponding runtime option (arm64.noFEAT),
with the exception of BTI (but I'm not married with that particular
aspect).
There is a lot more that could be done (Mark has a lot of ideas on
that front), but I wanted to get this out and get the discussion
going.
Another thing is that the proliferation of config options is getting
in the way of maintainability, and at some point, we'll have to pick
our battles. I appreciate that some embedded uses rely on "tinyfying"
the kernel, but maybe we should think of introducing something less
granular, and have KVM to select that (the argument being that if you
want the smallest possible kernel, you don't want anything virt).
Anyway, 'nuf ranting. Patches on top of 6.19.
[1] https://lore.kernel.org/all/20260213143815.1732675-2-tabba@google.com
Marc Zyngier (9):
arm64: Add logic to fully remove features from sanitised id registers
arm64: Convert CONFIG_ARM64_PTR_AUTH to FTR_CONFIG()
arm64: Convert CONFIG_ARM64_SVE to FTR_CONFIG()
arm64: Convert CONFIG_ARM64_SME to FTR_CONFIG()
arm64: Convert CONFIG_ARM64_GCS to FTR_CONFIG()
arm64: Convert CONFIG_ARM64_MTE to FTR_CONFIG()
arm64: Convert CONFIG_ARM64_POE to FTR_CONFIG()
arm64: Convert CONFIG_ARM64_BTI to FTR_CONFIG()
arm64: Remove FTR_VISIBLE_IF_IS_ENABLED()
arch/arm64/include/asm/cpufeature.h | 13 ++--
arch/arm64/kernel/cpufeature.c | 117 +++++++++++++++-------------
2 files changed, 72 insertions(+), 58 deletions(-)
--
2.47.3
More information about the linux-arm-kernel
mailing list