From: Oliver Upton <oliver.upton@linux.dev>
To: Fuad Tabba <tabba@google.com>
Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
maz@kernel.org, will@kernel.org, qperret@google.com,
seanjc@google.com, alexandru.elisei@arm.com,
catalin.marinas@arm.com, philmd@linaro.org, james.morse@arm.com,
suzuki.poulose@arm.com, mark.rutland@arm.com, broonie@kernel.org,
joey.gouly@arm.com, rananta@google.com, yuzenghui@huawei.com
Subject: Re: [PATCH v1 0/7] KVM: arm64: Fix handling of host fpsimd/sve state in protected mode
Date: Fri, 17 May 2024 17:30:54 +0000 [thread overview]
Message-ID: <ZkeUTix0Ojn5eHKP@linux.dev> (raw)
In-Reply-To: <20240517131814.719933-1-tabba@google.com>
Hi Fuad,
On Fri, May 17, 2024 at 02:18:07PM +0100, Fuad Tabba wrote:
> With the KVM host data rework [1], handling of fpsimd and sve
> state in protected mode is done at hyp. For protected VMs, we
> don't want to leak any guest state to the host, including whether
> a guest has used fpsimd/sve.
>
> To complete the work started with the host data rework, in
> regards to protected mode, ensure that the host's fpsimd context
> and its sve context are restored on guest exit, since the rework
> has hidden the fpsimd/sve state from the host.
>
> This patch series eagerly restores the host fpsimd/sve state on
> guest exit when running in protected mode, which happens only if
> the guest has used fpsimd/sve. This means that the saving of the
> state is lazy, similar to the behavior of KVM in other modes, but
> the restoration of the host state is eager.
Hmm... Is there any reason why we need to be concerned about preserving
host SVE state?
The syscall ABI has it that only the first 128 bits of the vector
registers are preserved by the kernel, and I see no reason why we
couldn't apply a similar restriction to KVM_RUN HVCs into EL2. We'd need
to eagerly flush the vector registers on entry to avoid disclosing guest
usage of SVE.
What you have is certainly correct, I just wonder if we're going out of
our way to save/restore 0's for larger VLs.
--
Thanks,
Oliver
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-05-17 17:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 13:18 [PATCH v1 0/7] KVM: arm64: Fix handling of host fpsimd/sve state in protected mode Fuad Tabba
2024-05-17 13:18 ` [PATCH v1 1/7] KVM: arm64: Reintroduce __sve_save_state Fuad Tabba
2024-05-17 13:18 ` [PATCH v1 2/7] KVM: arm64: Specialize deactivate fpsimd/sve traps on guest trap Fuad Tabba
2024-05-17 13:18 ` [PATCH v1 3/7] KVM: arm64: Specialize handling of host fpsimd state on trap Fuad Tabba
2024-05-17 13:18 ` [PATCH v1 4/7] KVM: arm64: Store the maximum sve vector length at hyp Fuad Tabba
2024-05-17 13:18 ` [PATCH v1 5/7] KVM: arm64: Allocate memory at hyp for host sve state in pKVM Fuad Tabba
2024-05-17 13:18 ` [PATCH v1 6/7] KVM: arm64: Eagerly restore host fpsimd/sve " Fuad Tabba
2024-05-17 17:09 ` Oliver Upton
2024-05-20 7:37 ` Fuad Tabba
2024-05-20 8:05 ` Marc Zyngier
2024-05-20 8:53 ` Fuad Tabba
2024-05-20 17:08 ` Oliver Upton
2024-05-17 13:18 ` [PATCH v1 7/7] KVM: arm64: Consolidate initializing the host data's fpsimd_state/sve " Fuad Tabba
2024-05-17 17:30 ` Oliver Upton [this message]
2024-05-17 18:19 ` [PATCH v1 0/7] KVM: arm64: Fix handling of host fpsimd/sve state in protected mode Mark Brown
2024-05-20 7:35 ` Fuad Tabba
2024-05-20 8:11 ` Marc Zyngier
2024-05-20 17:37 ` Oliver Upton
2024-05-20 17:53 ` Mark Brown
2024-05-20 17:59 ` Fuad Tabba
2024-05-20 17:57 ` Fuad Tabba
2024-05-20 20:53 ` Oliver Upton
2024-05-21 12:27 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZkeUTix0Ojn5eHKP@linux.dev \
--to=oliver.upton@linux.dev \
--cc=alexandru.elisei@arm.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=philmd@linaro.org \
--cc=qperret@google.com \
--cc=rananta@google.com \
--cc=seanjc@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).