[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] xen/arm64: Hide FEAT_SME
- To: Julien Grall <julien@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Ayan Kumar Halder <ayankuma@xxxxxxx>
- Date: Thu, 15 Aug 2024 09:58:11 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FFnrv9fbL7ZUs+Z2t4Wb/IGZdm7n0CDTN16K0+B4ekk=; b=Bxay4vmD46PW/pp/KSYN6eDcS+Hqv/eHF5fwc4yJmkpdao8WReUVFB7gkD/bNfYlyuZmJZ85OkSPmgTpTB/Xe7uVlI7abZxPHR5Lw9oIgeoOQzLeaHLJhuTdocyTbiEL8frBqkQT8HxvyOl+fDhdAFtknDr24agw7ZoCBnmNbsWM71vfkKo02trL4But+8874yQf/8Yiti5BUeZf2HeXWt5BEUX3uYto+FCgxUW8UBF/qIVtn/ax9lEL/mnMjZ3C8+bj3jPzmR2aVyVEO9mICBTurAHK5Bi0QbERg/9mY4mHtz+8EvFmS6FOSoX5penaMbXQZEOsM0Wr9hcYzdblOw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IKeMgatSC2yVxZEKfZ4ZoQHDe5R5ulLNJ+9iFFHY7xKRMosBMjxcbY7p5OLp8V4FPUFojqXCu/9GpeR5hWyeKMoZP31x10TCQ6JzIXT06bbw+FNxpLCBiSTuCBNKzhY3WjtnZOkfzvVV3zHOIuCeB8HKqau5gp0R7F3b0ZbKrKdF3OiLju6UKgHJE44QIWwMAm80Yiz9QPUkdvZjfzlqcaOejy7vVum1WruHqWb+HVKz5azyD72zhjrDLSiz3vKryoptp3xcHHF2+/vJQp3mk6ZOQdbmHGVpqRFl33ERdFk1jZVrZXuon6jmmTv+5vJoiuGa2KfhYZ5VUmuwRzbWRg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Delivery-date: Thu, 15 Aug 2024 08:58:26 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Julien,
On 14/08/2024 22:00, Julien Grall wrote:
CAUTION: This message has originated from an External Source. Please use proper
judgment and caution when opening attachments, clicking links, or responding to
this email.
Newer hardware may support FEAT_SME. Xen doesn't have any knowledge but
it will still expose the feature to the VM. If the OS is trying to use
SME, then it will crash.
Solve by hiding FEAT_SME.
Signed-off-by: Julien Grall <julien@xxxxxxx>
---
The current approach used to create the domain cpuinfo is to hide
(i.e. a denylist) what we know Xen is not supporting. The drawback
with this approach is for newly introduced feature, Xen will expose it
by default.
If a kernel is trying to use it then it will crash. I can't really
make my mind whether it would be better to expose only what we support
(i.e. use an allowlist).
AFAICT, there is no security concerns with the current approach because
ID_* registers are not a way to tell the kernel which features are
supported. A guest kernel could still try to access the new registers.
So the most annoying bits is that booting Xen on a new HW may lead to
an OS crashing.
---
xen/arch/arm/cpufeature.c | 3 +++
xen/arch/arm/include/asm/cpufeature.h | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c
index ef77473bf8e3..b45dbe3c668d 100644
--- a/xen/arch/arm/cpufeature.c
+++ b/xen/arch/arm/cpufeature.c
@@ -208,6 +208,9 @@ static int __init create_domain_cpuinfo(void)
domain_cpuinfo.pfr64.sve = 0;
domain_cpuinfo.zfr64.bits[0] = 0;
+ /* Hide SMT support as Xen does not support it */
+ domain_cpuinfo.pfr64.sme = 0;
Instead of this, can we do the following :-
domain_cpuinfo.pfr64.res1 = 0;
This would imply that SME, RNDR_trap, CSV2_frac, NMI, etc are not supported.
If later Xen decides to support any of these, then they can be selectively
turned on for a domain in do_sysreg() (Similar to SVE).
- Ayan
|
