[PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0

public inbox for linux-arm-kernel@lists.infradead.org
 help / color / mirror / Atom feed

* [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
@ 2026-03-24 13:57 Sebastian Ene
  2026-03-24 14:06 ` Vincent Donnefort
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: Sebastian Ene @ 2026-03-24 13:57 UTC (permalink / raw)
  To: kvmarm, linux-arm-kernel, linux-kernel, android-kvm
  Cc: catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	sebastianene, suzuki.poulose, tabba, vdonnefort, will, yuzenghui

The ARM Service Calling Convention (SMCCC) specifies that the function
identifier and parameters should be passed in registers, leaving the
16-bit immediate field of the SMC instruction un-handled.
Currently, our pKVM handler ignores the immediate value, which could lead
to non-compliant software relying on implementation-defined behavior.
Enforce the host kernel running under pKVM to use an immediate value
of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
instruction exception back to the caller.

Signed-off-by: Sebastian Ene <sebastianene@google.com>
---
 arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
index e7790097db93..ff6a90a4a4c7 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
@@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
 void handle_trap(struct kvm_cpu_context *host_ctxt)
 {
 	u64 esr = read_sysreg_el2(SYS_ESR);
+	u16 imm16;
 
 	switch (ESR_ELx_EC(esr)) {
 	case ESR_ELx_EC_HVC64:
 		handle_host_hcall(host_ctxt);
 		break;
 	case ESR_ELx_EC_SMC64:
-		handle_host_smc(host_ctxt);
+		imm16 = esr & U16_MAX;
+		if (!imm16)
+			handle_host_smc(host_ctxt);
+		else
+			inject_undef64();
 		break;
 	case ESR_ELx_EC_IABT_LOW:
 	case ESR_ELx_EC_DABT_LOW:
-- 
2.53.0.983.g0bb29b3bc5-goog



^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 13:57 [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0 Sebastian Ene
@ 2026-03-24 14:06 ` Vincent Donnefort
  2026-03-24 14:09   ` Vincent Donnefort
  2026-03-24 14:41   ` Sebastian Ene
  2026-03-24 14:43 ` Marc Zyngier
  2026-03-24 15:13 ` Fuad Tabba
  2 siblings, 2 replies; 10+ messages in thread
From: Vincent Donnefort @ 2026-03-24 14:06 UTC (permalink / raw)
  To: Sebastian Ene
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, tabba, will, yuzenghui

On Tue, Mar 24, 2026 at 01:57:28PM +0000, Sebastian Ene wrote:
> The ARM Service Calling Convention (SMCCC) specifies that the function
> identifier and parameters should be passed in registers, leaving the
> 16-bit immediate field of the SMC instruction un-handled.
> Currently, our pKVM handler ignores the immediate value, which could lead
> to non-compliant software relying on implementation-defined behavior.
> Enforce the host kernel running under pKVM to use an immediate value
> of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> instruction exception back to the caller.
> 
> Signed-off-by: Sebastian Ene <sebastianene@google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> index e7790097db93..ff6a90a4a4c7 100644
> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
>  void handle_trap(struct kvm_cpu_context *host_ctxt)
>  {
>  	u64 esr = read_sysreg_el2(SYS_ESR);
> +	u16 imm16;
>  
>  	switch (ESR_ELx_EC(esr)) {
>  	case ESR_ELx_EC_HVC64:
>  		handle_host_hcall(host_ctxt);
>  		break;
>  	case ESR_ELx_EC_SMC64:
> -		handle_host_smc(host_ctxt);
> +		imm16 = esr & U16_MAX;
> +		if (!imm16)

if (ESR_ELx_xVC_IMM_MASK(esr)) ?

Also, I can't find void inject_undef64(void); I think you need a vcpu for that?

> +			handle_host_smc(host_ctxt);
> +		else
> +			inject_undef64();
>  		break;
>  	case ESR_ELx_EC_IABT_LOW:
>  	case ESR_ELx_EC_DABT_LOW:
> -- 
> 2.53.0.983.g0bb29b3bc5-goog
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 14:06 ` Vincent Donnefort
@ 2026-03-24 14:09   ` Vincent Donnefort
  2026-03-24 14:18     ` Vincent Donnefort
  2026-03-24 14:41   ` Sebastian Ene
  1 sibling, 1 reply; 10+ messages in thread
From: Vincent Donnefort @ 2026-03-24 14:09 UTC (permalink / raw)
  To: Sebastian Ene
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, tabba, will, yuzenghui

On Tue, Mar 24, 2026 at 02:06:40PM +0000, Vincent Donnefort wrote:
> On Tue, Mar 24, 2026 at 01:57:28PM +0000, Sebastian Ene wrote:
> > The ARM Service Calling Convention (SMCCC) specifies that the function
> > identifier and parameters should be passed in registers, leaving the
> > 16-bit immediate field of the SMC instruction un-handled.
> > Currently, our pKVM handler ignores the immediate value, which could lead
> > to non-compliant software relying on implementation-defined behavior.
> > Enforce the host kernel running under pKVM to use an immediate value
> > of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> > instruction exception back to the caller.
> > 
> > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > ---
> >  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> > 
> > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > index e7790097db93..ff6a90a4a4c7 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
> >  void handle_trap(struct kvm_cpu_context *host_ctxt)
> >  {
> >  	u64 esr = read_sysreg_el2(SYS_ESR);
> > +	u16 imm16;
> >  
> >  	switch (ESR_ELx_EC(esr)) {
> >  	case ESR_ELx_EC_HVC64:
> >  		handle_host_hcall(host_ctxt);
> >  		break;
> >  	case ESR_ELx_EC_SMC64:
> > -		handle_host_smc(host_ctxt);
> > +		imm16 = esr & U16_MAX;
> > +		if (!imm16)
> 
> if (ESR_ELx_xVC_IMM_MASK(esr)) ?
> 
> Also, I can't find void inject_undef64(void); I think you need a vcpu for that?

Ah my bad, handle_host_mte() introduced it!

> 
> > +			handle_host_smc(host_ctxt);
> > +		else
> > +			inject_undef64();
> >  		break;
> >  	case ESR_ELx_EC_IABT_LOW:
> >  	case ESR_ELx_EC_DABT_LOW:
> > -- 
> > 2.53.0.983.g0bb29b3bc5-goog
> > 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 14:09   ` Vincent Donnefort
@ 2026-03-24 14:18     ` Vincent Donnefort
  2026-03-24 15:05       ` Sebastian Ene
  0 siblings, 1 reply; 10+ messages in thread
From: Vincent Donnefort @ 2026-03-24 14:18 UTC (permalink / raw)
  To: Sebastian Ene
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, tabba, will, yuzenghui

On Tue, Mar 24, 2026 at 02:09:50PM +0000, Vincent Donnefort wrote:
> On Tue, Mar 24, 2026 at 02:06:40PM +0000, Vincent Donnefort wrote:
> > On Tue, Mar 24, 2026 at 01:57:28PM +0000, Sebastian Ene wrote:
> > > The ARM Service Calling Convention (SMCCC) specifies that the function
> > > identifier and parameters should be passed in registers, leaving the
> > > 16-bit immediate field of the SMC instruction un-handled.
> > > Currently, our pKVM handler ignores the immediate value, which could lead
> > > to non-compliant software relying on implementation-defined behavior.
> > > Enforce the host kernel running under pKVM to use an immediate value
> > > of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> > > instruction exception back to the caller.
> > > 
> > > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > > ---
> > >  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
> > >  1 file changed, 6 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > > index e7790097db93..ff6a90a4a4c7 100644
> > > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > > @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
> > >  void handle_trap(struct kvm_cpu_context *host_ctxt)
> > >  {
> > >  	u64 esr = read_sysreg_el2(SYS_ESR);
> > > +	u16 imm16;
> > >  
> > >  	switch (ESR_ELx_EC(esr)) {
> > >  	case ESR_ELx_EC_HVC64:
> > >  		handle_host_hcall(host_ctxt);
> > >  		break;
> > >  	case ESR_ELx_EC_SMC64:
> > > -		handle_host_smc(host_ctxt);
> > > +		imm16 = esr & U16_MAX;
> > > +		if (!imm16)
> > 
> > if (ESR_ELx_xVC_IMM_MASK(esr)) ?
> > 
> > Also, I can't find void inject_undef64(void); I think you need a vcpu for that?
> 
> Ah my bad, handle_host_mte() introduced it!
> 
> > 
> > > +			handle_host_smc(host_ctxt);
> > > +		else
> > > +			inject_undef64();

Could it be better to return SMCCC_RET_NOT_SUPPORTED?

> > >  		break;
> > >  	case ESR_ELx_EC_IABT_LOW:
> > >  	case ESR_ELx_EC_DABT_LOW:
> > > -- 
> > > 2.53.0.983.g0bb29b3bc5-goog
> > > 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 14:18     ` Vincent Donnefort
@ 2026-03-24 15:05       ` Sebastian Ene
  0 siblings, 0 replies; 10+ messages in thread
From: Sebastian Ene @ 2026-03-24 15:05 UTC (permalink / raw)
  To: Vincent Donnefort
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, tabba, will, yuzenghui

On Tue, Mar 24, 2026 at 02:18:04PM +0000, Vincent Donnefort wrote:
> On Tue, Mar 24, 2026 at 02:09:50PM +0000, Vincent Donnefort wrote:
> > On Tue, Mar 24, 2026 at 02:06:40PM +0000, Vincent Donnefort wrote:
> > > On Tue, Mar 24, 2026 at 01:57:28PM +0000, Sebastian Ene wrote:
> > > > The ARM Service Calling Convention (SMCCC) specifies that the function
> > > > identifier and parameters should be passed in registers, leaving the
> > > > 16-bit immediate field of the SMC instruction un-handled.
> > > > Currently, our pKVM handler ignores the immediate value, which could lead
> > > > to non-compliant software relying on implementation-defined behavior.
> > > > Enforce the host kernel running under pKVM to use an immediate value
> > > > of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> > > > instruction exception back to the caller.
> > > > 
> > > > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > > > ---
> > > >  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
> > > >  1 file changed, 6 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > > > index e7790097db93..ff6a90a4a4c7 100644
> > > > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > > > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > > > @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
> > > >  void handle_trap(struct kvm_cpu_context *host_ctxt)
> > > >  {
> > > >  	u64 esr = read_sysreg_el2(SYS_ESR);
> > > > +	u16 imm16;
> > > >  
> > > >  	switch (ESR_ELx_EC(esr)) {
> > > >  	case ESR_ELx_EC_HVC64:
> > > >  		handle_host_hcall(host_ctxt);
> > > >  		break;
> > > >  	case ESR_ELx_EC_SMC64:
> > > > -		handle_host_smc(host_ctxt);
> > > > +		imm16 = esr & U16_MAX;
> > > > +		if (!imm16)
> > > 
> > > if (ESR_ELx_xVC_IMM_MASK(esr)) ?
> > > 
> > > Also, I can't find void inject_undef64(void); I think you need a vcpu for that?
> > 
> > Ah my bad, handle_host_mte() introduced it!
> > 
> > > 
> > > > +			handle_host_smc(host_ctxt);
> > > > +		else
> > > > +			inject_undef64();
> 
> Could it be better to return SMCCC_RET_NOT_SUPPORTED?

Right, I will do that since it seems this is the correct approach.

> 
> > > >  		break;
> > > >  	case ESR_ELx_EC_IABT_LOW:
> > > >  	case ESR_ELx_EC_DABT_LOW:
> > > > -- 
> > > > 2.53.0.983.g0bb29b3bc5-goog
> > > > 

Thanks,
Sebastian



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 14:06 ` Vincent Donnefort
  2026-03-24 14:09   ` Vincent Donnefort
@ 2026-03-24 14:41   ` Sebastian Ene
  1 sibling, 0 replies; 10+ messages in thread
From: Sebastian Ene @ 2026-03-24 14:41 UTC (permalink / raw)
  To: Vincent Donnefort
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, tabba, will, yuzenghui

On Tue, Mar 24, 2026 at 02:06:40PM +0000, Vincent Donnefort wrote:
> On Tue, Mar 24, 2026 at 01:57:28PM +0000, Sebastian Ene wrote:
> > The ARM Service Calling Convention (SMCCC) specifies that the function
> > identifier and parameters should be passed in registers, leaving the
> > 16-bit immediate field of the SMC instruction un-handled.
> > Currently, our pKVM handler ignores the immediate value, which could lead
> > to non-compliant software relying on implementation-defined behavior.
> > Enforce the host kernel running under pKVM to use an immediate value
> > of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> > instruction exception back to the caller.
> > 
> > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > ---
> >  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> > 
> > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > index e7790097db93..ff6a90a4a4c7 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
> >  void handle_trap(struct kvm_cpu_context *host_ctxt)
> >  {
> >  	u64 esr = read_sysreg_el2(SYS_ESR);
> > +	u16 imm16;
> >  
> >  	switch (ESR_ELx_EC(esr)) {
> >  	case ESR_ELx_EC_HVC64:
> >  		handle_host_hcall(host_ctxt);
> >  		break;
> >  	case ESR_ELx_EC_SMC64:
> > -		handle_host_smc(host_ctxt);
> > +		imm16 = esr & U16_MAX;
> > +		if (!imm16)
> 

Hi Vincent,

> if (ESR_ELx_xVC_IMM_MASK(esr)) ?

Yes we can use this instead.

> 
> Also, I can't find void inject_undef64(void); I think you need a vcpu for that?
> 

Right, there is one version that does that.

> > +			handle_host_smc(host_ctxt);
> > +		else
> > +			inject_undef64();
> >  		break;
> >  	case ESR_ELx_EC_IABT_LOW:
> >  	case ESR_ELx_EC_DABT_LOW:
> > -- 
> > 2.53.0.983.g0bb29b3bc5-goog
> > 

Thanks,
Sebastian


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 13:57 [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0 Sebastian Ene
  2026-03-24 14:06 ` Vincent Donnefort
@ 2026-03-24 14:43 ` Marc Zyngier
  2026-03-24 15:04   ` Sebastian Ene
  2026-03-24 15:13 ` Fuad Tabba
  2 siblings, 1 reply; 10+ messages in thread
From: Marc Zyngier @ 2026-03-24 14:43 UTC (permalink / raw)
  To: Sebastian Ene
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, oupton, suzuki.poulose,
	tabba, vdonnefort, will, yuzenghui

On Tue, 24 Mar 2026 13:57:28 +0000,
Sebastian Ene <sebastianene@google.com> wrote:
> 
> The ARM Service Calling Convention (SMCCC) specifies that the function
> identifier and parameters should be passed in registers, leaving the
> 16-bit immediate field of the SMC instruction un-handled.
> Currently, our pKVM handler ignores the immediate value, which could lead
> to non-compliant software relying on implementation-defined behavior.
> Enforce the host kernel running under pKVM to use an immediate value
> of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> instruction exception back to the caller.

No, that's completely wrong. SMC never UNDEFs, unless EL3 isn't
implemented. You can't just decide to generate an UNDEF because you
don't like the immediate.

All you are allowed to do is to return an error code.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 14:43 ` Marc Zyngier
@ 2026-03-24 15:04   ` Sebastian Ene
  0 siblings, 0 replies; 10+ messages in thread
From: Sebastian Ene @ 2026-03-24 15:04 UTC (permalink / raw)
  To: Marc Zyngier
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, oupton, suzuki.poulose,
	tabba, vdonnefort, will, yuzenghui

On Tue, Mar 24, 2026 at 02:43:27PM +0000, Marc Zyngier wrote:
> On Tue, 24 Mar 2026 13:57:28 +0000,
> Sebastian Ene <sebastianene@google.com> wrote:
> > 
> > The ARM Service Calling Convention (SMCCC) specifies that the function
> > identifier and parameters should be passed in registers, leaving the
> > 16-bit immediate field of the SMC instruction un-handled.
> > Currently, our pKVM handler ignores the immediate value, which could lead
> > to non-compliant software relying on implementation-defined behavior.
> > Enforce the host kernel running under pKVM to use an immediate value
> > of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> > instruction exception back to the caller.

Hi Marc,

> 
> No, that's completely wrong. SMC never UNDEFs, unless EL3 isn't
> implemented. You can't just decide to generate an UNDEF because you
> don't like the immediate.
> 
> All you are allowed to do is to return an error code.

Thanks for letting me know, I will update the patch to do this.

> 
> Thanks,
> 
> 	M.
> 

Cheers,
Sebastian

> -- 
> Without deviation from the norm, progress is not possible.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 13:57 [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0 Sebastian Ene
  2026-03-24 14:06 ` Vincent Donnefort
  2026-03-24 14:43 ` Marc Zyngier
@ 2026-03-24 15:13 ` Fuad Tabba
  2026-03-25 10:01   ` Sebastian Ene
  2 siblings, 1 reply; 10+ messages in thread
From: Fuad Tabba @ 2026-03-24 15:13 UTC (permalink / raw)
  To: Sebastian Ene
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, vdonnefort, will, yuzenghui

Hi Seb,

On Tue, 24 Mar 2026 at 13:57, Sebastian Ene <sebastianene@google.com> wrote:
>
> The ARM Service Calling Convention (SMCCC) specifies that the function
> identifier and parameters should be passed in registers, leaving the
> 16-bit immediate field of the SMC instruction un-handled.
> Currently, our pKVM handler ignores the immediate value, which could lead
> to non-compliant software relying on implementation-defined behavior.
> Enforce the host kernel running under pKVM to use an immediate value
> of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> instruction exception back to the caller.
>
> Signed-off-by: Sebastian Ene <sebastianene@google.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> index e7790097db93..ff6a90a4a4c7 100644
> --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
>  void handle_trap(struct kvm_cpu_context *host_ctxt)
>  {
>         u64 esr = read_sysreg_el2(SYS_ESR);
> +       u16 imm16;
>
>         switch (ESR_ELx_EC(esr)) {
>         case ESR_ELx_EC_HVC64:
>                 handle_host_hcall(host_ctxt);
>                 break;
>         case ESR_ELx_EC_SMC64:
> -               handle_host_smc(host_ctxt);
> +               imm16 = esr & U16_MAX;
> +               if (!imm16)

Do we need to introduce a new variable for this? This isn't easier to read than:
+               if (!(esr & U16_MAX))

Also, we have a mask for this: ESR_ELx_xVC_IMM_MASK , please use that instead

Cheers,
/fuad



> +                       handle_host_smc(host_ctxt);
> +               else
> +                       inject_undef64();
>                 break;
>         case ESR_ELx_EC_IABT_LOW:
>         case ESR_ELx_EC_DABT_LOW:
> --
> 2.53.0.983.g0bb29b3bc5-goog
>


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0
  2026-03-24 15:13 ` Fuad Tabba
@ 2026-03-25 10:01   ` Sebastian Ene
  0 siblings, 0 replies; 10+ messages in thread
From: Sebastian Ene @ 2026-03-25 10:01 UTC (permalink / raw)
  To: Fuad Tabba
  Cc: kvmarm, linux-arm-kernel, linux-kernel, android-kvm,
	catalin.marinas, joey.gouly, mark.rutland, maz, oupton,
	suzuki.poulose, vdonnefort, will, yuzenghui

On Tue, Mar 24, 2026 at 03:13:51PM +0000, Fuad Tabba wrote:

Hi Fuad,

> Hi Seb,
> 
> On Tue, 24 Mar 2026 at 13:57, Sebastian Ene <sebastianene@google.com> wrote:
> >
> > The ARM Service Calling Convention (SMCCC) specifies that the function
> > identifier and parameters should be passed in registers, leaving the
> > 16-bit immediate field of the SMC instruction un-handled.
> > Currently, our pKVM handler ignores the immediate value, which could lead
> > to non-compliant software relying on implementation-defined behavior.
> > Enforce the host kernel running under pKVM to use an immediate value
> > of 0 by decoding the ISS from the ESR_EL2 and inject an undefined
> > instruction exception back to the caller.
> >
> > Signed-off-by: Sebastian Ene <sebastianene@google.com>
> > ---
> >  arch/arm64/kvm/hyp/nvhe/hyp-main.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > index e7790097db93..ff6a90a4a4c7 100644
> > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> > @@ -756,13 +756,18 @@ static bool handle_host_mte(u64 esr)
> >  void handle_trap(struct kvm_cpu_context *host_ctxt)
> >  {
> >         u64 esr = read_sysreg_el2(SYS_ESR);
> > +       u16 imm16;
> >
> >         switch (ESR_ELx_EC(esr)) {
> >         case ESR_ELx_EC_HVC64:
> >                 handle_host_hcall(host_ctxt);
> >                 break;
> >         case ESR_ELx_EC_SMC64:
> > -               handle_host_smc(host_ctxt);
> > +               imm16 = esr & U16_MAX;
> > +               if (!imm16)
> 
> Do we need to introduce a new variable for this? This isn't easier to read than:
> +               if (!(esr & U16_MAX))
> 
> Also, we have a mask for this: ESR_ELx_xVC_IMM_MASK , please use that instead


I will drop that variable and use the ESR_ELx_xVC_IMM_MASK as you pointed out.

> 
> Cheers,
> /fuad
> 
> 
> 
> > +                       handle_host_smc(host_ctxt);
> > +               else
> > +                       inject_undef64();
> >                 break;
> >         case ESR_ELx_EC_IABT_LOW:
> >         case ESR_ELx_EC_DABT_LOW:
> > --
> > 2.53.0.983.g0bb29b3bc5-goog
> >

Thanks,
Sebastian


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2026-03-25 10:01 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-24 13:57 [PATCH] KVM: arm64: Inject UNDEF when host is executing an smc with imm16 != 0 Sebastian Ene
2026-03-24 14:06 ` Vincent Donnefort
2026-03-24 14:09   ` Vincent Donnefort
2026-03-24 14:18     ` Vincent Donnefort
2026-03-24 15:05       ` Sebastian Ene
2026-03-24 14:41   ` Sebastian Ene
2026-03-24 14:43 ` Marc Zyngier
2026-03-24 15:04   ` Sebastian Ene
2026-03-24 15:13 ` Fuad Tabba
2026-03-25 10:01   ` Sebastian Ene

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox