From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF0963D891A for ; Wed, 25 Mar 2026 13:15:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774444508; cv=none; b=n0oaIvgwU6ryuNbE/b/SNd0UkOx8hp3mcLZ/ETp5w+mmR78jIWygwiQ0w70nZ25QKcsqGwA5h/bN8LCIo9R6EjGLSpMXp0auLlnksPoqF6lAHTz+YhAJe2uKp8XNps8fmxW4qHwdBWxQejXA3zUBoj7wrCewzEVIMs1RFxd6eMM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774444508; c=relaxed/simple; bh=pDs4rtEJ9z76dFAJhmmNFOtAXbxIxQwbcLbJvXoX10o=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=nMsIr6/tAn+fuY09eZerz3Mc9Ir4c4VBzGElC8Cuh6f/+RwRRIMPBQTpWDkfFiP1WkHzK0GjtXkiTJxbqNsaOosbEFIoEzU/1MRiJPvcg3SoaZkcKPY15+eQ4DeLUZ2eLWGJeNlrg+subxbqu+c+QCOHegiNWseinlCKO3AW5JE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TRJWFBGZ; arc=none smtp.client-ip=209.85.128.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TRJWFBGZ" Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-48569636800so69935e9.0 for ; Wed, 25 Mar 2026 06:15:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1774444505; x=1775049305; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=fr/xJXr+pWIqYUCMaECKCggQV4ePG6j5BQohThHEf40=; b=TRJWFBGZ/TIA3aQc9xbGorHDF9EmLsGwxa9IPtScIhtD7DBroKYcA0184F1+27jsRN WcYhJ4VhYCuXEiVrcMuMFNI9fMqjDVgloujG2WOroTd8zZ1n3An39/X0ILOzkJhntLk8 b56vuTqms6PjxRhkrDxY/s1MZGCMkI21dIXRXbmj8qna7OKVeKS8GWbOu+goG7HLvU1p pvM3jnZWVdv3iHXzVj6G97H1Dmx3MDkwqFGUtuug8ZOHEBVI5fbS6ZTkLdcnn5oUcm0t kMyEHJbFaFjf0tD3xHsIwViDZ4fkFCWrSFpROSiFUmRXz7sgo6S8PPt/Uj9TskHpXWcB yzTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774444505; x=1775049305; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fr/xJXr+pWIqYUCMaECKCggQV4ePG6j5BQohThHEf40=; b=d54aQqbr1HjgDWjk6hdJhzlq1zLM0eb+YpcOjAAMAt8VHnO8z3BgBbqxcmOyY8tl38 +JA/vmOxcJ/LIx/HTIPzRXVkS9gr+Q1UvZtuJWRiwmVr/HrO6BW787wNlhJic/gMGMVF /pqDH09uD3Alm1X4d1t+tjWh1XDr+QaUVXr822GFrpRWIRtKBR+F1OjOmPie3Iz/wvqU oxFIg2REeuUF9oucBvToPavJyXHB/DekX8ahKaEaxbYSNE43wROlfpuGqaWx3h3kUDwH GDbZoIQGClTBI68kfHKO1T8H6IWAUJkQy5NKOtC62NF06ZOqjnSF6xWn373mNo55NgDJ 1HlA== X-Forwarded-Encrypted: i=1; AJvYcCXNTONzTw8dXqnMh6a3lk+ux+8qYuJU/TK64f/H0zK1vASAw0geJFWbU6pOB3U43F+DRo7bsX2BXKh7dzw=@vger.kernel.org X-Gm-Message-State: AOJu0YzlonLs7/YREh8Fn6iJnokMOugHj972wwfXI47O+C/2/ah7Pnwj 8romf7cdOLnTQlvelnee73+j4x4oWYDQkw/eq8rinrLXGWI2m3FMPTN9Zl6/H8kxMw== X-Gm-Gg: ATEYQzxTBupwxWX51VmTNmHJmE4RM/qQCRiXBispT+TA51fpxDnbUPHT6Ir2WkHiLEH hmVAV4MFDu+vuNOYwCmLk9HYiT5iFff+EcmwedNQIFpo0BF3sf8GhRHE8hc20oN1YGuqthvBUz2 FhvfNtfJ1nIL+2jMFTwJFQtcEXftn/vCJ2vVc9VIxvWhiK65CCIeZu5ionnPHBfTRwzWPGXi3Qu s2OqWbP/NpeWGBnLi2dhRIwoXClyhUzY6igJhqf4tladdbDGMsjrs1bzRhEF04xqJBnbYbmZQW1 z5I2QhO5riUYXMPeX6EzHqC2jMS9S96mLDGSyiYiDq5ka1V+4RrAHZVsqwiwcPsNCW2l/eqQI1A hd+ln2uORNrVPZa53TQ2haTEZ/elYRlFGA9idZm1aj50lZVnuk3ZGTT2cGfTYy1ZoFu8bXk79bB pw6PzYqhENyoa1UWvLJ+m9bthid6pd2TbzabO1El9RAKsxh5f2H66RVcxZAGkV1jOjn8c= X-Received: by 2002:a05:600c:2d43:b0:483:6a76:11a6 with SMTP id 5b1f17b1804b1-4871787d9e2mr493345e9.5.1774444504645; Wed, 25 Mar 2026 06:15:04 -0700 (PDT) Received: from google.com (209.13.205.35.bc.googleusercontent.com. [35.205.13.209]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-487116ee514sm157350785e9.13.2026.03.25.06.15.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Mar 2026 06:15:04 -0700 (PDT) Date: Wed, 25 Mar 2026 13:15:00 +0000 From: Sebastian Ene To: Marc Zyngier Cc: Vincent Donnefort , kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com, catalin.marinas@arm.com, joey.gouly@arm.com, mark.rutland@arm.com, oupton@kernel.org, suzuki.poulose@arm.com, tabba@google.com, will@kernel.org, yuzenghui@huawei.com Subject: Re: [PATCH v2] KVM: arm64: Prevent the host from using an smc with imm16 != 0 Message-ID: References: <20260325113138.4171430-1-sebastianene@google.com> <86ldfg3ze2.wl-maz@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86ldfg3ze2.wl-maz@kernel.org> On Wed, Mar 25, 2026 at 11:46:29AM +0000, Marc Zyngier wrote: > On Wed, 25 Mar 2026 11:35:18 +0000, > Vincent Donnefort wrote: > > > > On Wed, Mar 25, 2026 at 11:31:38AM +0000, Sebastian Ene wrote: > > > The ARM Service Calling Convention (SMCCC) specifies that the function > > > identifier and parameters should be passed in registers, leaving the > > > 16-bit immediate field of the SMC instruction un-handled. > > > Currently, our pKVM handler ignores the immediate value, which could lead > > > to non-compliant software relying on implementation-defined behavior. > > > Enforce the host kernel running under pKVM to use an immediate value > > > of 0 by decoding the ISS from the ESR_EL2 and return a not supported > > > error code back to the caller. > > > > > > Signed-off-by: Sebastian Ene > > > --- > > > v1 -> v2: > > > > > > - Dropped injecting an UNDEF and return an error instead > > > (SMCCC_RET_NOT_SUPPORTED) > > > - Used the mask ESR_ELx_xVC_IMM_MASK instead of masking with U16_MAX > > > - Updated the title of the commit message from: > > > "[PATCH] KVM: arm64: Inject UNDEF when host is executing an > > > smc with imm16 != 0 > > > > > --- > > > arch/arm64/kvm/hyp/nvhe/hyp-main.c | 6 ++++++ > > > 1 file changed, 6 insertions(+) > > > > > > diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c > > > index e7790097db93..4ffe30fd8707 100644 > > > --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c > > > +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c > > > @@ -762,6 +762,12 @@ void handle_trap(struct kvm_cpu_context *host_ctxt) > > > handle_host_hcall(host_ctxt); > > > break; > > > case ESR_ELx_EC_SMC64: > > > + if (ESR_ELx_xVC_IMM_MASK & esr) { > > > + cpu_reg(host_ctxt, 0) = SMCCC_RET_NOT_SUPPORTED; > > > + kvm_skip_host_instr(); > > > + break; > > > + } > > > + > > > > I wonder if it isn't better to move that into handle_host_smc() as this is part > > of how we handle the SMC after all? (and it calls that kvm_skip_host_instr() > > already) > > Yes, that'd be vastly better. > good, I will update the patch to do this. > It also begs the question: if you don't want to handle SMCs with a > non-zero immediate, why is it OK to do it for HVCs? I talked a bit with Will about this before writing it. My understanding is that we don't have to do it for HVCs because the interface with the hypervisor is controlled by us whereas with non-standard SMCs we need at least to tell the host that we are not handling non-zero imm16. > > Thanks, > > M. > > -- > Without deviation from the norm, progress is not possible. Thanks, Sebastian