On 12/12/2024 09:57, Marc Zyngier wrote: > Hi Ryan, > > On Thu, 12 Dec 2024 09:23:20 +0000, > Ryan Roberts <ryan.roberts@xxxxxxx> wrote: >> >> Hi Marc, >> >> I believe the intent of this patch is to protect the host/KVM against a guest >> that is using BBML2. The host/KVM always assumes BBML0 and therefore doesn't do >> any operations that are allowed by the arch to cause a conflict abort. Therefore >> the host doesn't need to handle it. But a guest could be taking advantage of >> BBML2 and therefore it's architiecturally possible for a conflict abort to be >> raised to EL2. I think today that would take down the host? >> >> So really I think this could be considered a stand-alone KVM >> hardening improvement? > > I'm not disputing the need for a TLB Conflict abort handler. It will > be a good addition once we agree on what needs to be done. OK great, glad we are on the same page. I'll leave Miko to work through the details. > >>> However, it doesn't seem to me that the host is equipped to deal with >>> this sort of exception for itself. Shouldn't you start with that? >> >> If the host isn't doing any BBML2 operations it doesn't need to handle it, I >> don't think? Obviously that changes later in the series and Miko is adding the >> required handling to the host. > > Yes, and that's what I overlooked yesterday, and I replied to that > change this morning. > > Thanks, > > M. >
