diff options
| author | Fuad Tabba <tabba@google.com> | 2024-06-03 14:28:51 +0200 |
|---|---|---|
| committer | Marc Zyngier <maz@kernel.org> | 2024-06-04 16:06:33 +0200 |
| commit | afb91f5f8ad7af172d993a34fde1947892408f53 (patch) | |
| tree | deeee773464a6957b597dc5abe111564ba476746 /arch/arm64/kvm/fpsimd.c | |
| parent | KVM: arm64: Refactor CPACR trap bit setting/clearing to use ELx format (diff) | |
| download | linux-afb91f5f8ad7af172d993a34fde1947892408f53.tar.xz linux-afb91f5f8ad7af172d993a34fde1947892408f53.zip | |
KVM: arm64: Ensure that SME controls are disabled in protected mode
KVM (and pKVM) do not support SME guests. Therefore KVM ensures
that the host's SME state is flushed and that SME controls for
enabling access to ZA storage and for streaming are disabled.
pKVM needs to protect against a buggy/malicious host. Ensure that
it wouldn't run a guest when protected mode is enabled should any
of the SME controls be enabled.
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20240603122852.3923848-10-tabba@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>
Diffstat (limited to 'arch/arm64/kvm/fpsimd.c')
| -rw-r--r-- | arch/arm64/kvm/fpsimd.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/arm64/kvm/fpsimd.c b/arch/arm64/kvm/fpsimd.c index eb21f29d91fc..521b32868d0d 100644 --- a/arch/arm64/kvm/fpsimd.c +++ b/arch/arm64/kvm/fpsimd.c @@ -90,6 +90,13 @@ void kvm_arch_vcpu_load_fp(struct kvm_vcpu *vcpu) fpsimd_save_and_flush_cpu_state(); } } + + /* + * If normal guests gain SME support, maintain this behavior for pKVM + * guests, which don't support SME. + */ + WARN_ON(is_protected_kvm_enabled() && system_supports_sme() && + read_sysreg_s(SYS_SVCR)); } /* |