From: Marc Zyngier <maz@kernel.org>
To: Gyujeong Jin <wlsrbwjd7232@gmail.com>
Cc: oliver.upton@linux.dev, joey.gouly@arm.com,
suzuki.poulose@arm.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, will@kernel.org, kvmarm@lists.linux.dev,
linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, gyutrange <wlsrbwjd643@naver.com>,
stable@vger.kernel.org, DongHa Lee <gap-dev@example.com>,
Daehyeon Ko <4ncient@example.com>,
Geonha Lee <leegn4a@example.com>,
Hyungyu Oh <dqpc_lover@example.com>,
Jaewon Yang <r4mbb1@example.com>
Subject: Re: [PATCH] KVM: arm64: nested: Fix VA sign extension in VNCR/TLBI paths
Date: Mon, 01 Sep 2025 15:26:06 +0100 [thread overview]
Message-ID: <86wm6ickqp.wl-maz@kernel.org> (raw)
In-Reply-To: <20250901141551.57981-1-wlsrbwjd7232@gmail.com>
On Mon, 01 Sep 2025 15:15:51 +0100,
Gyujeong Jin <wlsrbwjd7232@gmail.com> wrote:
>
> From: gyutrange <wlsrbwjd643@naver.com>
>
> VNCR/TLBI VA reconstruction currently uses bit 48 as the sign bit,
> but for 48-bit virtual addresses the correct sign bit is bit 47.
No, that's not the case. Bit 55 is used at all times to determine
which half of the address space a VA gets resolved from.
> Using 48 can mis-canonicalize addresses in the negative half and may
> cause missed invalidations.
>
> Although VNCR_EL2 encodes other architectural fields (RESS, BADDR;
> see Arm ARM D24.2.206), sign_extend64() interprets its second argument
> as the index of the sign bit. Passing 48 prevents propagation of the
> canonical sign bit for 48-bit VAs.
>
> Impact:
> - Incorrect canonicalization of VAs with bit47=1
No. We are not trying to make the VA canonical.
> - Potential stale VNCR pseudo-TLB entries after TLBI or MMU notifier
No. The pseudo TLB is never created the first place.
> - Possible incorrect translation/permissions or DoS when combined
> with other issues
Please explain, as "other issues" is not a valid argument.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2025-09-01 14:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-01 14:15 [PATCH] KVM: arm64: nested: Fix VA sign extension in VNCR/TLBI paths Gyujeong Jin
2025-09-01 14:26 ` Marc Zyngier [this message]
2025-09-01 20:03 ` Greg KH
2025-09-01 20:04 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2025-09-01 12:45 Gyujeong Jin
2025-09-01 13:28 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86wm6ickqp.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=4ncient@example.com \
--cc=catalin.marinas@arm.com \
--cc=dqpc_lover@example.com \
--cc=gap-dev@example.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=leegn4a@example.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=r4mbb1@example.com \
--cc=stable@vger.kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=wlsrbwjd643@naver.com \
--cc=wlsrbwjd7232@gmail.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.