KVM: arm64: Prevent NV feature flag on systems w/o nested virt

oupton · oupton · commit 12405b09926f · 2023-09-21T18:13:29.000Z
It would appear that userspace can select the NV feature flag regardless of whether the system actually supports the feature. Obviously a nested guest isn't getting far in this situation; let's reject the flag instead. Link: https://lore.kernel.org/r/20230920195036.1169791-6-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
@@ -1208,6 +1208,9 @@ static unsigned long system_supported_vcpu_features(void)
 		clear_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features);
 	}
 
+	if (!cpus_have_final_cap(ARM64_HAS_NESTED_VIRT))
+		clear_bit(KVM_ARM_VCPU_HAS_EL2, &features);
+
 	return features;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1208,6 +1208,9 @@ static unsigned long system_supported_vcpu_features(void)`
`1208`	`1208`	`clear_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features);`
`1209`	`1209`	`}`
`1210`	`1210`
	`1211`	`+ if (!cpus_have_final_cap(ARM64_HAS_NESTED_VIRT))`
	`1212`	`+ clear_bit(KVM_ARM_VCPU_HAS_EL2, &features);`
	`1213`	`+`
`1211`	`1214`	`return features;`
`1212`	`1215`	`}`
`1213`	`1216`