This series addresses a couple of issues with how KVM exposes SMC64 calls to its guest. It is currently possible for an AArch32 guest to discover the SMC64 SYSTEM_RESET2 function (via PSCI_1_0_FN_PSCI_FEATURES) and even make a call to it. SMCCC does not allow for 64 bit calls to be made from a 32 bit state. Patch 1 cleans up the way we filter SMC64 calls in PSCI. Using a switch with case statements for each possibly-filtered function is asking for trouble. Instead, pivot off of the bit that indicates the desired calling convention. This plugs the PSCI_FEATURES hole for SYSTEM_RESET2. Patch 2 adds a check to the PSCI v1.x call handler in KVM, bailing out early if the guest is not allowed to use a particular function. This closes the door on calls to 64-bit SYSTEM_RESET2 from AArch32. Lastly, patch 3 is a nit to remove a superfluous check in the hopes of avoiding trouble the next time we raise KVM's PSCI version. Applies on top of kvmarm/next at commit: 21ea45784275 ("KVM: arm64: fix typos in comments") v1: http://lore.kernel.org/r/20220318193831.482349-1-oupton@xxxxxxxxxx v1 -> v2: - Collect Acks and Reviews (Reiji, Will) - Hoist SMC64 filtering all the way up to kvm_psci_call() (Reiji) Oliver Upton (3): KVM: arm64: Generally disallow SMC64 for AArch32 guests KVM: arm64: Actually prevent SMC64 SYSTEM_RESET2 from AArch32 KVM: arm64: Drop unneeded minor version check from PSCI v1.x handler arch/arm64/kvm/psci.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) -- 2.35.1.894.gb6a874cedc-goog _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm