From: Marc Zyngier <maz@kernel.org>
To: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: oliver.upton@linux.dev, joey.gouly@arm.com, yuzenghui@huawei.com,
suzuki.poulose@arm.com, linux-arm-kernel@lists.infradead.org,
kvmarm@lists.linux.dev
Subject: Re: [PATCH 0/4] KVM: arm64: nv: HAF fixes
Date: Mon, 01 Dec 2025 09:19:17 +0000 [thread overview]
Message-ID: <86qztepnje.wl-maz@kernel.org> (raw)
In-Reply-To: <87a503fyw2.wl-maz@kernel.org>
On Sun, 30 Nov 2025 13:11:57 +0000,
Marc Zyngier <maz@kernel.org> wrote:
>
> On Fri, 28 Nov 2025 10:09:42 +0000,
> Alexandru Elisei <alexandru.elisei@arm.com> wrote:
> >
> > Based on kvmarm's next branch.
> >
> > HAF support for the software translation table walker was merged while I
> > was in the process of reading the patches, so instead of comments I have
> > these few fixes.
> >
> > One thing I didn't touch is this sequence in hyp_set_prot_attr():
> >
> > if (prot & KVM_PGTABLE_PROT_X) {
> > /* don't set the XN bit */
> > } else {
> > attr |= KVM_PTE_LEAF_ATTR_HI_S1_XN;
> > }
> >
> > If the caller is executing in nVHE mode, the translation regime is EL2,
> > which has only PrivExecute permission. Since KVM_PGTABLE_PROT_X is now the
> > union of PrivExecute and UnprivExecute, if the caller requests only the
> > UnprivExecute permission, but no PrivExecute permission, the function does
> > not return an error code and sets the PrivExecute permission.
>
> I don't think this is a huge problem *right now*, as long as we don't
> have anything that looks like "hvhe hypervisor userspace" (yes, I
> proposed that a while ago, and haven't completely dropped the
> idea). But at the same time, the page-table code should probably be
> built to the architecture and not to the use cases.
>
> But it also outlines a rather bad bug in the hVHE case, where we set
> the UXN bit instead of the PXN bit...
>
> What I have in mind is something like this, untested. Thoughts?
>
> M.
>
> diff --git a/arch/arm64/include/asm/kvm_pgtable.h b/arch/arm64/include/asm/kvm_pgtable.h
> index d57c12f074a40..48305118ba3c5 100644
> --- a/arch/arm64/include/asm/kvm_pgtable.h
> +++ b/arch/arm64/include/asm/kvm_pgtable.h
> @@ -88,6 +88,8 @@ typedef u64 kvm_pte_t;
> #define KVM_PTE_LEAF_ATTR_HI_SW GENMASK(58, 55)
>
> #define KVM_PTE_LEAF_ATTR_HI_S1_XN BIT(54)
> +#define KVM_PTE_LEAF_ATTR_HI_S1_UXN BIT(54)
> +#define KVM_PTE_LEAF_ATTR_HI_S1_PXN BIT(53)
>
> #define KVM_PTE_LEAF_ATTR_HI_S2_XN GENMASK(54, 53)
>
> diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
> index e0bd6a0172729..cbf9b6b58e284 100644
> --- a/arch/arm64/kvm/hyp/pgtable.c
> +++ b/arch/arm64/kvm/hyp/pgtable.c
> @@ -330,6 +330,11 @@ struct hyp_map_data {
> kvm_pte_t attr;
> };
>
> +static bool el2_nvhe(void)
> +{
> + return !has_vhe() && !cpus_have_final_cap(ARM64_KVM_PROTECTED_MODE);
Obviously, this should read ARM64_KVM_HVHE, not PROTECTED_MODE...
M.
--
Without deviation from the norm, progress is not possible.
prev parent reply other threads:[~2025-12-01 9:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-28 10:09 [PATCH 0/4] KVM: arm64: nv: HAF fixes Alexandru Elisei
2025-11-28 10:09 ` [PATCH 1/4] KVM: arm64: Document KVM_PGTABLE_PROT_{UX,PX} Alexandru Elisei
2025-11-28 10:09 ` [PATCH 2/4] KVM: arm64: at: Use correct HA bit in TCR_EL2 when regime is EL2 Alexandru Elisei
2025-11-28 10:09 ` [PATCH 3/4] KVM: arm64: nv: Don't mask VTCR_EL2.HA if FEAT_HAFDBS is present Alexandru Elisei
2025-11-28 15:46 ` Marc Zyngier
2025-11-28 18:48 ` Oliver Upton
2025-11-29 11:35 ` Marc Zyngier
2025-11-28 10:09 ` [PATCH 4/4] KVM: arm64: at: Update AF on software walk only if VM has FEAT_HAFDBS Alexandru Elisei
2025-11-28 15:51 ` Marc Zyngier
2025-11-28 18:51 ` [PATCH 0/4] KVM: arm64: nv: HAF fixes Oliver Upton
2025-11-30 13:11 ` Marc Zyngier
2025-12-01 9:19 ` Marc Zyngier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86qztepnje.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.