From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C29D3890E7; Thu, 2 Jul 2026 20:02:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783022529; cv=none; b=QV0cM/sEcy+MdsBYkBoRDncV8zZnqG0Cf6KqnA7quglVD8gVbesIXicp5RCLbmCt+AajTWcagrwG8eCspByU7xlaFhpuKzq+y40DfvFc1dGEtnkjmlRL5LFZAREOha6JNi/WfvUI3hPt4XKQoB6waiTlQVn6ewHHCDVgLwF2fR0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783022529; c=relaxed/simple; bh=NMtx1JDe/uoQByEGku9I/NGARnxasGKXWW3OjvoVlRM=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=Pu9RbSVUdDc2yKB08oGVOdDJew0SGJZxdqVd0UhMqQ7YNOkIF1s4nXntjgbOieOSWtwL0vUBiscM6h5kMF17Gc5DnfvV5KTWlepWme5GUVFFqpYNy2XjdoBaXwji/DkeDZsIdEoP+OUZrOLvuADzt7yRHbN099aS4VZY+9mL7PI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iBJtLa9l; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iBJtLa9l" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 813431F000E9; Thu, 2 Jul 2026 20:02:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1783022526; bh=wuNccrweE1OgyLfC5/hMVOIjVaxZ778ZW9vyVVpXunk=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=iBJtLa9lIbsHSMyghdQnl+Mslv4yGdvvxJyEUQZpZGPxFMGdYd87K2d5/6ZlQ55dU upWa8JqQr+7A5j3VdQI2x1oqrghV8Bzh2mQzAuDK8q+hY2fHuXg6NhX3PQXu5L5vCl bpSdaMcIP5taqQ2weOsE0YGf2MGpU4EW5Zmiv7DQjmFVQix+j8OD45G5d7JncKC7JK KOunvJVflAiiDXJyDikCtCXvPxQKPl9dfyZwbNX4URkssUdktDgw3pyoWHqj31BHTW zA6Ur8YXohKQL3jLuamfWlr240g3koF6pZs/EVmRvsHLyl5ncsezY7oqZRtgLeVBES cYXIV0hMG/bhA== Received: from sofa.misterjones.org ([185.219.108.64] helo=lobster-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wfNbo-00000000txy-3Nlp; Thu, 02 Jul 2026 20:02:04 +0000 Date: Thu, 02 Jul 2026 21:03:53 +0100 Message-ID: <87pl156tw6.wl-maz@kernel.org> From: Marc Zyngier To: sashiko-reviews@lists.linux.dev Cc: "Oliver Upton" , kvmarm@lists.linux.dev, kvm@vger.kernel.org Subject: Re: [PATCH 26/28] KVM: arm64: Add FEAT_NV3 detection In-Reply-To: <20260702163950.81D301F00A3A@smtp.kernel.org> References: <20260702160248.1377250-1-maz@kernel.org> <20260702160248.1377250-27-maz@kernel.org> <20260702163950.81D301F00A3A@smtp.kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/30.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: sashiko-reviews@lists.linux.dev, oupton@kernel.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Thu, 02 Jul 2026 17:39:50 +0100, sashiko-bot@kernel.org wrote: > > Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider: > - [High] Writes to the SYS_NVHCR_EL2 control system register are not followed by an immediate isb(). > - [High] Writes to CNTKCTL_EL1 and CNTHCTL_EL2 control registers using sysreg_clear_set() lack an immediate isb(). > -- > > commit b72de4ae5666d0aaa35b94915af5eab1152df83b > Author: Marc Zyngier > KVM: arm64: Add FEAT_NV3 detection > > This commit adds the detection code for FEAT_NV3 to the cpufeature > capabilities. This engages the FEAT_NV3 fast-path when the hardware > supports it. > > > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > > index c9c124b0ccc8e..6ae1c816e2010 100644 > > --- a/arch/arm64/kernel/cpufeature.c > > +++ b/arch/arm64/kernel/cpufeature.c > > @@ -2627,6 +2627,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { > > .matches = has_cpuid_feature, > > ARM64_CPUID_FIELDS(ID_AA64MMFR4_EL1, NV_frac, NV2P1) > > }, > > [Severity: High] > Could the system operate under a stale configuration when updating timer > control registers based on the ARM64_HAS_NV2P1 capability? > > In arch/arm64/kvm/arch_timer.c:timer_set_traps(), the control registers > are modified without an immediate isb() following the update: > > arch/arm64/kvm/arch_timer.c:timer_set_traps() > if (!cpus_have_final_cap(ARM64_HAS_NV2P1)) > sysreg_clear_set(cnthctl_el2, clr, set); > else > sysreg_clear_set(cntkctl_el1, clr, set); > > The sysreg_clear_set() macro expands to a read-modify-write sequence that > does not include an isb() as the very next instruction. Is an explicit > barrier required here to prevent undefined pipeline state? No. And "undefined pipeline state" means fsck all. > > > + { > > + .desc = "FEAT_NV3", > > + .capability = ARM64_HAS_NV3, > > + .type = ARM64_CPUCAP_SYSTEM_FEATURE, > > + .matches = has_cpuid_feature, > > + ARM64_CPUID_FIELDS(ID_AA64MMFR4_EL1, NV_frac, NV3) > > + }, > > [Severity: High] > Does enabling the ARM64_HAS_NV3 capability expose missing synchronization > when writing the SYS_NVHCR_EL2 control register? > > Looking at __compute_hcr() in arch/arm64/kvm/hyp/vhe/switch.c, the guest > view is published to SYS_NVHCR_EL2 without an immediate isb(): > > arch/arm64/kvm/hyp/vhe/switch.c:__compute_hcr() > if (cpus_have_final_cap(ARM64_HAS_NV3) && vcpu_el2_e2h_is_set(vcpu)) > write_sysreg_s(__vcpu_sys_reg(vcpu, HCR_EL2), SYS_NVHCR_EL2); > else > __vcpu_assign_sys_reg(vcpu, NVHCR_EL2, __vcpu_sys_reg(vcpu, HCR_EL2)); > > Similarly, the L2 view of HCR_EL2 is restored without an immediate isb() > before returning: ERET in the guest is a CSE. The end. M. -- Jazz isn't dead. It just smells funny.