On Mon, 30 May 2022 15:41:54 +0100, Mark Brown broonie@kernel.org wrote:
[1 <text/plain; us-ascii (quoted-printable)>] On Sat, May 28, 2022 at 12:38:11PM +0100, Marc Zyngier wrote:
On each vcpu load, we set the KVM_ARM64_HOST_SVE_ENABLED flag if SVE is enabled for EL0 on the host. This is used to restore the correct state on vpcu put.
However, it appears that nothing ever clears this flag. Once set, it will stick until the vcpu is destroyed, which has the potential to spuriously enable SVE for userspace.
Oh dear.
Reviewed-by: Mark Brown broonie@kernel.org
We probably never saw the issue because no VMM uses SVE, but that's still pretty bad. Unconditionally clearing the flag on vcpu load addresses the issue.
Unless I'm missing something since we currently always disable SVE on syscall even if the VMM were using SVE for some reason (SVE memcpy()?) we should already have disabled SVE for EL0 in sve_user_discard() during kernel entry so EL0 access to SVE should be disabled in the system register by the time we get here.
Indeed. And this begs the question: what is this code actually doing? Is there any way we can end-up running a guest with any valid host SVE state?
I remember being >this< close to removing that code some time ago, and only stopped because I vaguely remembered Dave Martin convincing me at some point that it was necessary. I'm unable to piece the argument together again though.
M.