Hi Marc, On 13/10/2020 11:32, Marc Zyngier wrote: > On 2020-10-12 16:32, James Morse wrote: >> On 09/10/2020 13:48, Qais Yousef wrote: >>> On 10/09/20 13:34, Marc Zyngier wrote: >>>> You can try setting vcpu->arch.target to -1, which is already caught by >>>> kvm_vcpu_initialized() right at the top of this function. This will >> >>>> prevent any reentry unless the VMM issues a KVM_ARM_VCPU_INIT ioctl. >> >> This doesn't reset SPSR, so this lets the VMM restart the guest with a >> bad value. > > That's not my reading of the code. Without a valid target, you cannot enter > the guest (kvm_vcpu_initialized() prevents you to do so). To set the target, > you need to issue a KVM_ARM_VCPU_INIT ioctl, which eventually calls > kvm_reset_vcpu(), which does set PSTATE to something legal. aha! So it does, this is what I was missing. > Or do you mean the guest's SPSR_EL1? Why would that matter? > >> I think we should make it impossible to return to aarch32 from EL2 on >> these systems. > > And I'm saying that the above fulfills that requirement. Am I missing > something obvious? Nope, I was. I agree the check on entry from user-space isn't needed. Thanks, James
