From: sashiko-bot@kernel.org
To: "Fuad Tabba" <fuad.tabba@linux.dev>
Cc: kvmarm@lists.linux.dev, "Oliver Upton" <oupton@kernel.org>,
"Marc Zyngier" <maz@kernel.org>
Subject: Re: [PATCH v2 2/2] KVM: arm64: selftests: Add MMIO sign-extending load test
Date: Thu, 25 Jun 2026 14:57:02 +0000 [thread overview]
Message-ID: <20260625145703.460B41F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260625144807.2603272-3-fuad.tabba@linux.dev>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Guest EL1 will crash with an Instruction Abort because the `el0_be_loads` assembly block shares a page with EL1 test code and is marked as EL0-accessible.
--
commit 60c24b3648e8f92661ec2d484d27ac4580cad60a
Author: Fuad Tabba <fuad.tabba@linux.dev>
KVM: arm64: selftests: Add MMIO sign-extending load test
Adds a test for sign-extending MMIO loads (LDRSB, LDRSH, LDRSW) into Xt
and Wt destinations, with and without the sign bit set. The host supplies
the MMIO data and checks the guest register holds the sign-extended value.
> diff --git a/tools/testing/selftests/kvm/arm64/mmio_sign_ext.c b/tools/testing/selftests/kvm/arm64/mmio_sign_ext.c
> new file mode 100644
> index 0000000000000..06708ab6db8c0
> --- /dev/null
> +++ b/tools/testing/selftests/kvm/arm64/mmio_sign_ext.c
[ ... ]
> +extern char el0_be_loads[], el0_be_loads_end[];
> +asm(
> +" .pushsection .text, \"ax\"\n"
> +" .global el0_be_loads\n"
> +"el0_be_loads:\n"
[Severity: Medium]
Will this crash guest EL1 with an Instruction Abort?
The el0_be_loads assembly block lacks page alignment directives, placing it
adjacent to EL1 executable code in the same page of the .text section.
When make_el0_accessible() is called in main():
make_el0_accessible(vm, (uint64_t)el0_be_loads,
el0_be_loads_end - el0_be_loads);
It makes the shared page EL0-accessible by setting PTE_USER. This
inadvertently makes the EL1 guest_code on the same page EL0-accessible. In
the ARMv8 EL1&0 translation regime, an instruction fetch by EL1 from an
EL0-accessible memory page unconditionally generates a Permission Fault.
> +" ldrsb x19, [x0]\n"
> +" ldrsb x20, [x0]\n"
> +" ldrsb w21, [x0]\n"
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260625144807.2603272-1-fuad.tabba@linux.dev?part=2
next prev parent reply other threads:[~2026-06-25 14:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-25 14:48 [PATCH v2 0/2] KVM: arm64: Fix and test MMIO sign-extending loads Fuad Tabba
2026-06-25 14:48 ` [PATCH v2 1/2] KVM: arm64: Fix sign-extension of MMIO loads Fuad Tabba
2026-06-25 14:48 ` [PATCH v2 2/2] KVM: arm64: selftests: Add MMIO sign-extending load test Fuad Tabba
2026-06-25 14:57 ` sashiko-bot [this message]
2026-06-25 16:14 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260625145703.460B41F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=fuad.tabba@linux.dev \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.