Commit 21d29cd8 authored by Marc Zyngier's avatar Marc Zyngier Committed by Oliver Upton
Browse files

KVM: arm64: nv: Sanitise ICH_HCR_EL2 accesses 



As ICH_HCR_EL2 is a VNCR accessor when runnintg NV, add some
sanitising to what gets written. Crucially, mark TDIR as RES0
if the HW doesn't support it (unlikely, but hey...), as well
as anything GICv4 related, since we only expose a GICv3 to the
uest.

Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20250225172930.1850838-8-maz@kernel.org


Signed-off-by: default avatarOliver Upton <oliver.upton@linux.dev>
parent 96c2f033

arch/arm64/kvm/nested.c

+9 −0
Original line number Diff line number Diff line
@@ -1290,6 +1290,15 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) 
		res0 |= GENMASK(11, 8);

	set_sysreg_masks(kvm, CNTHCTL_EL2, res0, res1);



	/* ICH_HCR_EL2 */

	res0 = ICH_HCR_EL2_RES0;

	res1 = ICH_HCR_EL2_RES1;

	if (!(kvm_vgic_global_state.ich_vtr_el2 & ICH_VTR_EL2_TDS))

		res0 |= ICH_HCR_EL2_TDIR;

	/* No GICv4 is presented to the guest */

	res0 |= ICH_HCR_EL2_DVIM | ICH_HCR_EL2_vSGIEOICount;

	set_sysreg_masks(kvm, ICH_HCR_EL2, res0, res1);



out:

	for (enum vcpu_sysreg sr = __SANITISED_REG_START__; sr < NR_SYS_REGS; sr++)

		(void)__vcpu_sys_reg(vcpu, sr);