Hi Joey, On Fri, 24 Nov 2023 16:34:45 +0000, Joey Gouly <joey.gouly@xxxxxxx> wrote: > > Hello everyone, > > This series implements the Permission Overlay Extension introduced in 2022 > VMSA enhancements [1]. It is based on v6.7-rc2. > > Changes since v2[2]: > # Added ptrace support and selftest > # Add missing POR_EL0 initialisation in fork/clone > # Rebase onto v6.7-rc2 > # Add r-bs > > The Permission Overlay Extension allows to constrain permissions on memory > regions. This can be used from userspace (EL0) without a system call or TLB > invalidation. I have given this series a few more thoughts, and came to the conclusion that is it still incomplete on the KVM front: * FEAT_S1POE often comes together with FEAT_S2POE. For obvious reasons, we cannot afford to let the guest play with S2POR_EL1, nor do we want to advertise FEAT_S2POE to the guest. You will need to add some additional FGT for this, and mask out FEAT_S2POE from the guest's view of the ID registers. * letting the guest play with POE comes with some interesting strings attached: a guest that has started on a POE-enabled host cannot be migrated to one that doesn't have POE. which means that the POE registers should only be visible to the host userspace if enabled in the guest's ID registers, and thus only context-switched in these conditions. They should otherwise UNDEF. Thanks, M. -- Without deviation from the norm, progress is not possible.