[PATCH v2 1/6] KVM: arm64: Fix EL2 S1 XN handling for hVHE setups
Marc Zyngier
maz at kernel.org
Fri Dec 19 06:13:39 PST 2025
On Fri, 19 Dec 2025 13:38:50 +0000,
Leonardo Bras <leo.bras at arm.com> wrote:
>
> On Wed, Dec 10, 2025 at 05:30:19PM +0000, Marc Zyngier wrote:
> > The current XN implementation is tied to the EL2 translation regime,
> > and fall flat on its face with the EL2&0 one that is used for hVHE,
> > as the permission bit for privileged execution is a different one.
> >
> > Fixes: 6537565fd9b7f ("KVM: arm64: Adjust EL2 stage-1 leaf AP bits when ARM64_KVM_HVHE is set")
> > Signed-off-by: Marc Zyngier <maz at kernel.org>
> > ---
> > arch/arm64/include/asm/kvm_pgtable.h | 10 +++++++++-
> > 1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm64/include/asm/kvm_pgtable.h b/arch/arm64/include/asm/kvm_pgtable.h
> > index fc02de43c68dd..be68b89692065 100644
> > --- a/arch/arm64/include/asm/kvm_pgtable.h
> > +++ b/arch/arm64/include/asm/kvm_pgtable.h
> > @@ -87,7 +87,15 @@ typedef u64 kvm_pte_t;
> >
> > #define KVM_PTE_LEAF_ATTR_HI_SW GENMASK(58, 55)
> >
> > -#define KVM_PTE_LEAF_ATTR_HI_S1_XN BIT(54)
> > +#define __KVM_PTE_LEAF_ATTR_HI_S1_XN BIT(54)
> > +#define __KVM_PTE_LEAF_ATTR_HI_S1_UXN BIT(54)
> > +#define __KVM_PTE_LEAF_ATTR_HI_S1_PXN BIT(53)
> > +
> > +#define KVM_PTE_LEAF_ATTR_HI_S1_XN \
> > + ({ cpus_have_final_cap(ARM64_KVM_HVHE) ? \
> > + (__KVM_PTE_LEAF_ATTR_HI_S1_UXN | \
> > + __KVM_PTE_LEAF_ATTR_HI_S1_PXN) : \
> > + __KVM_PTE_LEAF_ATTR_HI_S1_XN; })
> >
> > #define KVM_PTE_LEAF_ATTR_HI_S2_XN GENMASK(54, 53)
> >
> > --
> > 2.47.3
> >
>
> Cool,
> Is this according to the following in Arm ARM?
>
> Figure D8-16
> Stage 1 attribute fields in VMSAv8-64 Block and Page descriptors
In M.a (or M.a.a, as it is now called), this is all part of
I_GLMLD. But R_JJNHR is a much more interesting source of information,
as it clearly outlines in which conditions XN, UXN and PXN are all
sharing the same two bits in funky ways...
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
More information about the linux-arm-kernel
mailing list