KVM: arm64: Ignore HCR_EL2.FIEN set by L1 guest's EL2

Marc Zyngier · oupton · commit 9049fb1227a2 · 2025-08-21T16:28:46.000-07:00
An EL2 guest can set HCR_EL2.FIEN, which gives access to the RASv1p1 fault injection mechanism. This would allow an EL1 guest to inject error records into the system, which does sound like a terrible idea. Prevent this situation by added FIEN to the list of bits we silently exclude from being inserted into the host configuration. Signed-off-by: Marc Zyngier <maz@kernel.org> Reviewed-by: Joey Gouly <joey.gouly@arm.com> Link: https://lore.kernel.org/r/20250817202158.395078-4-maz@kernel.org Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
diff --git a/arch/arm64/kvm/hyp/vhe/switch.c b/arch/arm64/kvm/hyp/vhe/switch.c
@@ -43,8 +43,11 @@ DEFINE_PER_CPU(unsigned long, kvm_hyp_vector);
  *
  * - API/APK: they are already accounted for by vcpu_load(), and can
  *   only take effect across a load/put cycle (such as ERET)
+ *
+ * - FIEN: no way we let a guest have access to the RAS "Common Fault
+ *   Injection" thing, whatever that does
  */
-#define NV_HCR_GUEST_EXCLUDE	(HCR_TGE | HCR_API | HCR_APK)
+#define NV_HCR_GUEST_EXCLUDE	(HCR_TGE | HCR_API | HCR_APK | HCR_FIEN)
 
 static u64 __compute_hcr(struct kvm_vcpu *vcpu)
 {

Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,11 @@ DEFINE_PER_CPU(unsigned long, kvm_hyp_vector);`
`43`	`43`	`*`
`44`	`44`	`* - API/APK: they are already accounted for by vcpu_load(), and can`
`45`	`45`	`* only take effect across a load/put cycle (such as ERET)`
	`46`	`+ *`
	`47`	`+ * - FIEN: no way we let a guest have access to the RAS "Common Fault`
	`48`	`+ * Injection" thing, whatever that does`
`46`	`49`	`*/`
`47`		`-#define NV_HCR_GUEST_EXCLUDE (HCR_TGE \| HCR_API \| HCR_APK)`
	`50`	`+#define NV_HCR_GUEST_EXCLUDE (HCR_TGE \| HCR_API \| HCR_APK \| HCR_FIEN)`
`48`	`51`
`49`	`52`	`static u64 __compute_hcr(struct kvm_vcpu *vcpu)`
`50`	`53`	`{`