From: Marc Zyngier <maz@kernel.org>
To: Fuad Tabba <tabba@google.com>
Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>,
Vincent Donnefort <vdonnefort@google.com>,
Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oupton@kernel.org>,
Zenghui Yu <yuzenghui@huawei.com>
Subject: Re: [PATCH] KVM: arm64: pkvm: Adopt MARKER() to define host hypercall ranges
Date: Wed, 15 Apr 2026 14:18:05 +0100 [thread overview]
Message-ID: <86bjfk2whe.wl-maz@kernel.org> (raw)
In-Reply-To: <CA+EHjTxWAFKHqBUOCVkkqtzTKrMSU8HQDwoLMqD2HQPga7y_-w@mail.gmail.com>
On Wed, 15 Apr 2026 10:56:17 +0100,
Fuad Tabba <tabba@google.com> wrote:
>
> Hi Marc,
>
> On Tue, 14 Apr 2026 at 17:05, Marc Zyngier <maz@kernel.org> wrote:
> >
> > The EL2 code defines ranges of host hypercalls that are either
> > enabled at boot-time only, used by [nh]VHE KVM, or reserved to pKVM.
> >
> > The way these ranges are delineated is error prone, as the enum symbols
> > defining the limits are expressed in terms of actual function symbols.
> > This means that should a new function be added, special care must be
> > taken to also update the limit symbol.
> >
> > Improve this by reusing the mechanism introduced for the vcpu_sysreg
> > enum, which uses a MARKER() macro and some extra trickery to make
> > the limit symbol standalone. Crucially, the limit symbol has the
> > same value as the *following* symbol.
> >
> > The handle_host_hcall() function is then updated to make use of
> > the new limit definitions and get rid of the brittle default
> > upper limit. This allows for some more strict checks at build
> > time, and the removal of an comparison at run time.
>
> This is pretty neat. There is still the issue of a hole, i.e., adding
> an enum in the middle but forgetting to add a function, but that is
> caught in handle_host_hcall(). I can't think of an easy way to catch
> that though (xarray that initializes both?)
Yeah, there isn't a simple way to do that at compile-time,
unfortunately.
One thing that could be done is to have a blanket initialisation with
an illegal value, override all the entries you want, and then check at
KVM init time for the presence of the canary value. If you find it,
abort the KVM initialisation.
With that, you can drop the NULL test on the handling path.
> >
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
>
> Tested-by: Fuad Tabba <tabba@google.com>
> Reviewed-by: Fuad Tabba <tabba@google.com>
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2026-04-15 13:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 16:05 [PATCH] KVM: arm64: pkvm: Adopt MARKER() to define host hypercall ranges Marc Zyngier
2026-04-15 9:56 ` Fuad Tabba
2026-04-15 13:18 ` Marc Zyngier [this message]
2026-04-17 14:23 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86bjfk2whe.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oupton@kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vdonnefort@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox