Re: [PATCH] KVM: arm64: Implement KVM_TRANSLATE ioctl for arm64

[Marc Zyngier <maz@kernel.org>]

On Tue, 23 Sep 2025 09:29:55 +0100,
Priscilla Lam <prl@amazon.com> wrote:
> 
> Hi Oliver and Marc,
> 
> Thanks for the detailed feedback.
> 
> > But at the end of the day, what do you need KVM_TRANSLATE for? This
> > interface is an absolute turd that is unable to represent the bare
> > minimum of the architecture (writable by whom? physical address in
> > which translation regime? what about S2 translations?), and is better
> > left in the "utter brain fart" category.
> 
> Regarding motivation, this patch is intended to give a userspace vmm
> the ability to handle non-ISV guest faults. The Arm Arm (DDI 0487L.b,
> section B3.13.6) notes that for load/store pair faults, the syndrome
> may not provide the specifics of the access that faulted. In those
> cases, the vmm must manually decode the instruction to emulate it. The
> introduction of KVM_CAP_ARM_NISV_TO_USER
> (https://lore.kernel.org/kvm/20191120164236.29359-2-maz@kernel.org/)
> seems to have anticipated that flow by allowing exits to userspace on
> trapped NISV instructions. What is still missing is a reliable way for
> userspace to query VA->IPA translations in order to complete emulation.

A guest doing this is a sure indication that it is completely broken,
and will fail on actual HW, because it clearly ignores small
insignificant details such as *ordering*.

My other question still remains: why can't you perform this page table
walk in userspace? It is actually much safer to do so because you can
stop other vcpus while inspecting the PTs, and avoid a vcpu playing
tricks behind your back -- something the in-kernel PTW doesn't try to
avoid.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.