From: sashiko-bot@kernel.org
To: "Fuad Tabba" <tabba@google.com>
Cc: "Marc Zyngier" <maz@kernel.org>,
"Oliver Upton" <oupton@kernel.org>,
kvmarm@lists.linux.dev
Subject: Re: [PATCH v2 3/7] KVM: arm64: Unconditionally set IL for injected abort exceptions
Date: Thu, 18 Jun 2026 12:29:21 +0000 [thread overview]
Message-ID: <20260618122921.F224E1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260618121643.4105064-4-tabba@google.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Unconditional IL=1 in inject_abt64() creates invalid ESR state for Address Size faults.
--
commit 5d93cc0ddb43cdfa88e555d446e07e55b7334637
Author: Fuad Tabba <tabba@google.com>
KVM: arm64: Unconditionally set IL for injected abort exceptions
This commit unconditionally sets the ESR_ELx_IL bit to 1 for injected
aborts, assuming the FSC is always EXTABT or SEA_TTW.
> diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
> index 9dfae1bcdf992..444d219b02174 100644
> --- a/arch/arm64/kvm/inject_fault.c
> +++ b/arch/arm64/kvm/inject_fault.c
[ ... ]
> @@ -138,11 +138,10 @@ static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr
> pend_sync_exception(vcpu);
>
> /*
> - * Build an {i,d}abort, depending on the level and the
> - * instruction set. Report an external synchronous abort.
> + * Build an {i,d}abort, depending on the level.
> + * Report an external synchronous abort.
> */
> - if (kvm_vcpu_trap_il_is32bit(vcpu))
> - esr |= ESR_ELx_IL;
> + esr |= ESR_ELx_IL;
[Severity: High]
Does this unconditional setting of IL=1 cause an architecturally invalid
syndrome for Address Size faults?
If a guest executing in AArch32 EL0 issues a 16-bit instruction (such as a
16-bit LDR) that triggers a Stage-2 Address Size fault, the IL bit should
accurately reflect the size of the trapped instruction (0 for 16-bit).
Looking at kvm_inject_size_fault(), it injects the abort by calling
inject_abt64() via the __kvm_inject_sea() call chain, and then modifies the
FSC to 0 (Address Size Fault):
arch/arm64/kvm/inject_fault.c:kvm_inject_size_fault() {
...
/* inject_abt64() forces IL=1 earlier in the call chain */
...
esr &= ~GENMASK_ULL(5, 0);
vcpu_write_sys_reg(vcpu, esr, exception_esr_elx(vcpu));
...
}
Will KVM now inject the Address Size fault with IL=1 instead of IL=0,
potentially causing the guest OS exception handler to incorrectly advance
the Program Counter by 4 bytes instead of 2 during fault unwinding?
>
> /*
> * Here, the guest runs in AArch64 mode when in EL1. If we get
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260618121643.4105064-1-tabba@google.com?part=3
next prev parent reply other threads:[~2026-06-18 12:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-18 12:16 [PATCH v2 0/7] KVM: arm64: Fix missing ESR_ELx.IL in syndrome injection Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 1/7] KVM: arm64: Set ESR_ELx.IL for injected undefined exceptions at EL2 Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 2/7] KVM: arm64: Unconditionally set IL for injected undefined exceptions Fuad Tabba
2026-06-18 12:30 ` sashiko-bot
2026-06-18 14:41 ` Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 3/7] KVM: arm64: Unconditionally set IL for injected abort exceptions Fuad Tabba
2026-06-18 12:29 ` sashiko-bot [this message]
2026-06-18 14:47 ` Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 4/7] KVM: arm64: Set IL for injected FPAC exceptions during ERET emulation Fuad Tabba
2026-06-18 12:28 ` sashiko-bot
2026-06-18 12:39 ` Fuad Tabba
2026-06-18 12:48 ` Marc Zyngier
2026-06-18 14:24 ` Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 5/7] KVM: arm64: Set IL for emulated SError injection Fuad Tabba
2026-06-18 12:32 ` sashiko-bot
2026-06-18 15:03 ` Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 6/7] KVM: arm64: Set IL for nested " Fuad Tabba
2026-06-18 12:33 ` sashiko-bot
2026-06-18 15:06 ` Fuad Tabba
2026-06-18 12:16 ` [PATCH v2 7/7] KVM: arm64: Set IL in fake ESR for pKVM memory sharing exit Fuad Tabba
2026-06-18 15:47 ` [PATCH v2 0/7] KVM: arm64: Fix missing ESR_ELx.IL in syndrome injection Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260618122921.F224E1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=tabba@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.