From: Oliver Upton <oupton@kernel.org>
To: kvmarm@lists.linux.dev
Cc: Marc Zyngier <maz@kernel.org>, Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Wei-Lin Chang <weilin.chang@arm.com>,
Steffen Eiden <seiden@linux.ibm.com>,
Oliver Upton <oupton@kernel.org>
Subject: [PATCH 02/22] KVM: arm64: nv: Consolidate computation of stage-2 permissions
Date: Tue, 23 Jun 2026 11:41:41 -0700 [thread overview]
Message-ID: <20260623184201.1518871-3-oupton@kernel.org> (raw)
In-Reply-To: <20260623184201.1518871-1-oupton@kernel.org>
Computing the output permissions from a translation requires
contextualization, as fields in the descriptors may change depending on
the MMU context. Centralize the computation of stage-2 permissions
within the table walk rather as opposed to inspecting the descriptor in
the case of pX and uX permissions.
Signed-off-by: Oliver Upton <oupton@kernel.org>
---
arch/arm64/include/asm/kvm_nested.h | 42 ++++++++--------------------
arch/arm64/include/asm/kvm_pgtable.h | 5 ++--
arch/arm64/kvm/nested.c | 33 ++++++++++++++++++++--
3 files changed, 45 insertions(+), 35 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h
index cbdaaa2a2903..aa27f12cf2d4 100644
--- a/arch/arm64/include/asm/kvm_nested.h
+++ b/arch/arm64/include/asm/kvm_nested.h
@@ -87,13 +87,15 @@ extern void kvm_nested_sync_hwstate(struct kvm_vcpu *vcpu);
extern void kvm_nested_setup_mdcr_el2(struct kvm_vcpu *vcpu);
struct kvm_s2_trans {
- phys_addr_t output;
- unsigned long block_size;
- bool writable;
- bool readable;
- int level;
- u32 esr;
- u64 desc;
+ u64 desc;
+ phys_addr_t output;
+ unsigned long block_size;
+ int level;
+ u32 esr;
+ bool writable;
+ bool readable;
+ bool px;
+ bool ux;
};
static inline phys_addr_t kvm_s2_trans_output(struct kvm_s2_trans *trans)
@@ -129,34 +131,12 @@ static inline bool kvm_has_xnx(struct kvm *kvm)
static inline bool kvm_s2_trans_exec_el0(struct kvm *kvm, struct kvm_s2_trans *trans)
{
- u8 xn = FIELD_GET(KVM_PTE_LEAF_ATTR_HI_S2_XN, trans->desc);
-
- if (!kvm_has_xnx(kvm))
- xn &= FIELD_PREP(KVM_PTE_LEAF_ATTR_HI_S2_XN, 0b10);
-
- switch (xn) {
- case 0b00:
- case 0b01:
- return true;
- default:
- return false;
- }
+ return trans->ux;
}
static inline bool kvm_s2_trans_exec_el1(struct kvm *kvm, struct kvm_s2_trans *trans)
{
- u8 xn = FIELD_GET(KVM_PTE_LEAF_ATTR_HI_S2_XN, trans->desc);
-
- if (!kvm_has_xnx(kvm))
- xn &= FIELD_PREP(KVM_PTE_LEAF_ATTR_HI_S2_XN, 0b10);
-
- switch (xn) {
- case 0b00:
- case 0b11:
- return true;
- default:
- return false;
- }
+ return trans->px;
}
extern int kvm_walk_nested_s2(struct kvm_vcpu *vcpu, phys_addr_t gipa,
diff --git a/arch/arm64/include/asm/kvm_pgtable.h b/arch/arm64/include/asm/kvm_pgtable.h
index 41a8687938eb..22aeb2ed18d1 100644
--- a/arch/arm64/include/asm/kvm_pgtable.h
+++ b/arch/arm64/include/asm/kvm_pgtable.h
@@ -79,6 +79,8 @@ typedef u64 kvm_pte_t;
#define KVM_PTE_LEAF_ATTR_LO_S2_MEMATTR GENMASK(5, 2)
#define KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R BIT(6)
#define KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W BIT(7)
+#define KVM_PTE_LEAF_ATTR_LO_S2_S2AP (KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R | \
+ KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W)
#define KVM_PTE_LEAF_ATTR_LO_S2_SH GENMASK(9, 8)
#define KVM_PTE_LEAF_ATTR_LO_S2_SH_IS 3
#define KVM_PTE_LEAF_ATTR_LO_S2_AF BIT(10)
@@ -95,8 +97,7 @@ typedef u64 kvm_pte_t;
#define KVM_PTE_LEAF_ATTR_HI_S1_GP BIT(50)
-#define KVM_PTE_LEAF_ATTR_S2_PERMS (KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R | \
- KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W | \
+#define KVM_PTE_LEAF_ATTR_S2_PERMS (KVM_PTE_LEAF_ATTR_LO_S2_S2AP | \
KVM_PTE_LEAF_ATTR_HI_S2_XN)
/* pKVM invalid pte encodings */
diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c
index 9e60c7c822ae..c9300703bd0d 100644
--- a/arch/arm64/kvm/nested.c
+++ b/arch/arm64/kvm/nested.c
@@ -241,6 +241,36 @@ static int swap_guest_s2_desc(struct kvm_vcpu *vcpu, phys_addr_t pa, u64 old, u6
return __kvm_at_swap_desc(vcpu->kvm, pa, old, new);
}
+static void compute_s2_permissions(struct kvm_vcpu *vcpu, struct s2_walk_info *wi,
+ struct s2_walk_step *ws, struct kvm_s2_trans *trans)
+{
+ u8 s2ap = FIELD_GET(KVM_PTE_LEAF_ATTR_LO_S2_S2AP, ws->desc);
+ u8 xn = FIELD_GET(KVM_PTE_LEAF_ATTR_HI_S2_XN, ws->desc);
+
+ if (!kvm_has_xnx(vcpu->kvm))
+ xn &= 0b10;
+
+ switch (xn) {
+ case 0b00:
+ trans->px = trans->ux = true;
+ break;
+ case 0b01:
+ trans->px = false;
+ trans->ux = true;
+ break;
+ case 0b10:
+ trans->px = trans->ux = false;
+ break;
+ case 0b11:
+ trans->px = true;
+ trans->ux = false;
+ break;
+ }
+
+ trans->readable = s2ap & BIT(0);
+ trans->writable = s2ap & BIT(1);
+}
+
/*
* This is essentially a C-version of the pseudo code from the ARM ARM
* AArch64.TranslationTableWalk function. I strongly recommend looking at
@@ -382,8 +412,7 @@ static int walk_nested_s2_pgd(struct kvm_vcpu *vcpu, phys_addr_t ipa,
out->output = (ws.desc & GENMASK_ULL(47, addr_bottom)) |
(ipa & GENMASK_ULL(addr_bottom - 1, 0));
out->block_size = 1UL << ((3 - ws.level) * stride + wi->pgshift);
- out->readable = ws.desc & KVM_PTE_LEAF_ATTR_LO_S2_S2AP_R;
- out->writable = ws.desc & KVM_PTE_LEAF_ATTR_LO_S2_S2AP_W;
+ compute_s2_permissions(vcpu, wi, &ws, out);
out->level = ws.level;
out->desc = ws.desc;
return 0;
--
2.47.3
next prev parent reply other threads:[~2026-06-23 18:42 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 18:41 [PATCH 00/22] KVM: arm64: nv: Implement FEAT_HAFDBS, FEAT_HAFT Oliver Upton
2026-06-23 18:41 ` [PATCH 01/22] KVM: arm64: nv: Introduce struct for stage-2 walk step Oliver Upton
2026-06-23 18:41 ` Oliver Upton [this message]
2026-06-23 18:57 ` [PATCH 02/22] KVM: arm64: nv: Consolidate computation of stage-2 permissions sashiko-bot
2026-06-23 18:41 ` [PATCH 03/22] KVM: arm64: nv: Get rid of kvm_s2_trans*() accessors Oliver Upton
2026-06-23 18:41 ` [PATCH 04/22] KVM: arm64: nv: Only shadow writable-dirty guest descs as writable Oliver Upton
2026-06-23 18:58 ` sashiko-bot
2026-06-23 20:05 ` Oliver Upton
2026-06-23 18:41 ` [PATCH 05/22] KVM: arm64: nv: Pass an access descriptor for stage-2 walks Oliver Upton
2026-06-23 19:06 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 06/22] KVM: arm64: nv: Use a helper for stage-2 descriptor updates Oliver Upton
2026-06-23 18:41 ` [PATCH 07/22] KVM: arm64: nv: Set dirty state at stage-2 Oliver Upton
2026-06-23 19:03 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 08/22] KVM: arm64: nv: Treat DBM as writable " Oliver Upton
2026-06-23 18:55 ` sashiko-bot
2026-06-23 20:08 ` Oliver Upton
2026-06-23 18:41 ` [PATCH 09/22] KVM: arm64: Compute S1 permissions as part of s1_walk() Oliver Upton
2026-06-23 18:41 ` [PATCH 10/22] KVM: arm64: Plumb through access descriptor for stage-1 Oliver Upton
2026-06-23 18:41 ` [PATCH 11/22] KVM: arm64: Use a struct for stage-1 walk context Oliver Upton
2026-06-23 18:41 ` [PATCH 12/22] KVM: arm64: Create helper for stage-1 descriptor updates Oliver Upton
2026-06-23 18:55 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 13/22] KVM: arm64: Set dirty state at stage-1 Oliver Upton
2026-06-23 18:54 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 14/22] KVM: arm64: Grant write permission when DBM is set at S1 Oliver Upton
2026-06-23 18:57 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 15/22] KVM: arm64: Don't update descriptors for "non-arch" access Oliver Upton
2026-06-23 18:41 ` [PATCH 16/22] KVM: arm64: nv: Expose FEAT_HAFDBS Oliver Upton
2026-06-23 19:01 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 17/22] KVM: arm64: Set Access flag on table descriptors at stage-1 Oliver Upton
2026-06-23 20:56 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 18/22] KVM: arm64: nv: Set access flag on table descriptors at stage-2 Oliver Upton
2026-06-23 19:05 ` sashiko-bot
2026-06-23 20:14 ` Oliver Upton
2026-06-23 18:41 ` [PATCH 19/22] KVM: arm64: nv: Expose FEAT_HAFT Oliver Upton
2026-06-23 19:05 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 20/22] KVM: arm64: selftests: Only test AF behavior for emulated AT insns Oliver Upton
2026-06-23 18:42 ` [PATCH 21/22] KVM: arm64: selftests: Test AT emulation for FEAT_HAFT Oliver Upton
2026-06-23 19:05 ` sashiko-bot
2026-06-23 20:17 ` Oliver Upton
2026-06-23 18:42 ` [PATCH 22/22] HACK: KVM: arm64: nv: Set the dirty state for CMOs that fetch for write Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623184201.1518871-3-oupton@kernel.org \
--to=oupton@kernel.org \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=seiden@linux.ibm.com \
--cc=suzuki.poulose@arm.com \
--cc=weilin.chang@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.