From: Fuad Tabba <tabba@google.com>
To: Marc Zyngier <maz@kernel.org>, Oliver Upton <oupton@kernel.org>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
linux-kernel@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Joey Gouly <joey.gouly@arm.com>,
Steffen Eiden <seiden@linux.ibm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Vincent Donnefort <vdonnefort@google.com>,
Sascha Bischoff <Sascha.Bischoff@arm.com>,
tabba@google.com
Subject: [PATCH 0/7] KVM: arm64: Fix missing ESR_ELx.IL in syndrome injection
Date: Sun, 14 Jun 2026 17:33:29 +0100 [thread overview]
Message-ID: <20260614163336.3490925-1-tabba@google.com> (raw)
Hi folks,
After sashiko caught the missing IL bug [1], I did an audit of all ESR
syndrome construction sites in KVM/arm64 as Marc suggested. This series
is the result of that audit.
The ARM architecture mandates ESR_ELx.IL=1 for several exception
classes regardless of instruction length: EC=Unknown, Instruction
Aborts, Data Aborts with ISV=0, and SError. For FPAC (EC=0x1C), IL
reflects instruction length, but FPAC can only be generated by A64
instructions, so IL must also be 1.
Patch 1 is the bug sashiko found: inject_undef64() in the pKVM hyp (EL2)
path never set IL.
Patch 2 makes the same fix to inject_undef64() in the normal host path,
where IL was derived from the triggering trap's instruction length. No
instruction that reaches undef injection has a 16-bit encoding, so patch
2 has no functional change today.
Patch 3 makes the matching fix to inject_abt64(). Unlike undef injection,
abort injection is reachable from a 16-bit T32 instruction (a 32-bit EL0
task under an AArch64 EL1 guest), so the old code there injects an abort
with IL=0.
Patch 4 fixes the FPAC syndrome constructed during nested ERET
emulation, which did not set IL.
Patches 5-6 fix SError injection in the emulated and nested paths,
neither of which set IL.
Patch 7 fixes a fake ESR used to exit to the host. The host does not
read IL there, so it is not guest-visible.
Based on Linux 7.1-rc7
Cheers,
/fuad
[1] https://lore.kernel.org/all/87pl1t8q24.wl-maz@kernel.org/
Fuad Tabba (7):
KVM: arm64: Set ESR_ELx.IL for injected undefined exceptions at EL2
KVM: arm64: Unconditionally set IL for injected undefined exceptions
KVM: arm64: Unconditionally set IL for injected abort exceptions
KVM: arm64: Set IL for injected FPAC exceptions during ERET emulation
KVM: arm64: Set IL for emulated SError injection
KVM: arm64: Set IL for nested SError injection
KVM: arm64: Set IL in fake ESR for pKVM memory sharing exit
arch/arm64/kvm/emulate-nested.c | 4 ++--
arch/arm64/kvm/hyp/nvhe/pkvm.c | 3 ++-
arch/arm64/kvm/hyp/nvhe/sys_regs.c | 2 +-
arch/arm64/kvm/inject_fault.c | 18 +++++-------------
4 files changed, 10 insertions(+), 17 deletions(-)
--
2.54.0.1136.gdb2ca164c4-goog
next reply other threads:[~2026-06-14 16:33 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-14 16:33 Fuad Tabba [this message]
2026-06-14 16:33 ` [PATCH 1/7] KVM: arm64: Set ESR_ELx.IL for injected undefined exceptions at EL2 Fuad Tabba
2026-06-14 16:33 ` [PATCH 2/7] KVM: arm64: Unconditionally set IL for injected undefined exceptions Fuad Tabba
2026-06-14 16:33 ` [PATCH 3/7] KVM: arm64: Unconditionally set IL for injected abort exceptions Fuad Tabba
2026-06-14 16:33 ` [PATCH 4/7] KVM: arm64: Set IL for injected FPAC exceptions during ERET emulation Fuad Tabba
2026-06-14 16:45 ` sashiko-bot
2026-06-15 12:42 ` Fuad Tabba
2026-06-14 16:33 ` [PATCH 5/7] KVM: arm64: Set IL for emulated SError injection Fuad Tabba
2026-06-14 16:46 ` sashiko-bot
2026-06-15 12:48 ` Fuad Tabba
2026-06-14 16:33 ` [PATCH 6/7] KVM: arm64: Set IL for nested " Fuad Tabba
2026-06-14 16:44 ` sashiko-bot
2026-06-15 4:46 ` Oliver Upton
2026-06-15 13:12 ` Fuad Tabba
2026-06-14 16:33 ` [PATCH 7/7] KVM: arm64: Set IL in fake ESR for pKVM memory sharing exit Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260614163336.3490925-1-tabba@google.com \
--to=tabba@google.com \
--cc=Sascha.Bischoff@arm.com \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=seiden@linux.ibm.com \
--cc=suzuki.poulose@arm.com \
--cc=vdonnefort@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.