[PATCH v2 3/6] KVM: arm64: Allow userspace to inject external instruction aborts
Jiaqi Yan
jiaqiyan at google.com
Sat Jul 12 19:42:15 PDT 2025
On Sat, Jul 12, 2025 at 12:47 PM Oliver Upton <oliver.upton at linux.dev> wrote:
>
> On Fri, Jul 11, 2025 at 04:58:57PM -0700, Jiaqi Yan wrote:
> > On Fri, Jul 11, 2025 at 12:42 PM Oliver Upton <oliver.upton at linux.dev> wrote:
> > >
> > > On Wed, Jun 04, 2025 at 05:08:58AM +0000, Jiaqi Yan wrote:
> > > > From: Raghavendra Rao Ananta <rananta at google.com>
> > > >
> > > > When KVM returns to userspace for KVM_EXIT_ARM_SEA, the userspace is
> > > > encouraged to inject the abort into the guest via KVM_SET_VCPU_EVENTS.
> > > >
> > > > KVM_SET_VCPU_EVENTS currently only allows injecting external data aborts.
> > > > However, the synchronous external abort that caused KVM_EXIT_ARM_SEA
> > > > is possible to be an instruction abort. Userspace is already able to
> > > > tell if an abort is due to data or instruction via kvm_run.arm_sea.esr,
> > > > by checking its Exception Class value.
> > > >
> > > > Extend the KVM_SET_VCPU_EVENTS ioctl to allow injecting instruction
> > > > abort into the guest.
> > > >
> > > > Signed-off-by: Raghavendra Rao Ananta <rananta at google.com>
> > > > Signed-off-by: Jiaqi Yan <jiaqiyan at google.com>
> > >
> > > Hmm. Since we expose an ESR value to userspace I get the feeling that we
> > > should allow the user to supply an ISS for the external abort, similar
> > > to what we already do for SErrors.
> >
> > Oh, I will create something in v3, by extending kvm_vcpu_events to
> > something like:
> >
> > struct {
> > __u8 serror_pending;
> > __u8 serror_has_esr;
> > __u8 ext_dabt_pending;
> > __u8 ext_iabt_pending;
> > __u8 ext_abt_has_esr; // <= new
> > /* Align it to 8 bytes */
> > __u8 pad[3];
> > union {
> > __u64 serror_esr;
> > __u64 ext_abt_esr; // <= new
>
> This doesn't work. The ABI allows userspace to pend both an SError and
> SEA, so we can't use the same storage for the ESR.
You are right, the implementation (__kvm_arm_vcpu_set_events) indeed
continues to inject SError after injecting SEA.
Then we may have to extend the size of exception and meanwhile reduce
the size of reserved, because I believe we want to place ext_abt_esr
into kvm_vcpu_events.exception. Something like:
struct kvm_vcpu_events {
struct {
__u8 serror_pending;
__u8 serror_has_esr;
__u8 ext_dabt_pending;
__u8 ext_iabt_pending;
__u8 ext_abt_has_esr;
__u8 pad[3];
__u64 serror_esr;
__u64 ext_abt_esr; // <= +64 bits
} exception;
__u32 reserved[10]; // <= -64 bits
};
The offset to kvm_vcpu_events .reserved changes; I don' think
userspace will read/write reserved (so its offset is probably not very
important?), but theoretically this is an ABI break.
Another safer but not very readable way is to add at the end:
struct kvm_vcpu_events {
struct {
__u8 serror_pending;
__u8 serror_has_esr;
__u8 ext_dabt_pending;
__u8 ext_iabt_pending;
__u8 ext_abt_has_esr;
__u8 pad[3];
__u64 serror_esr;
} exception;
__u32 reserved[10]; // <= -64 bits
__u64 ext_abt_esr; // <= +64 bits
};
Any better suggestions?
>
> > };
> > } exception;
> >
> > One question about the naming since we cannot change it once
> > committed. Taking the existing SError injection as example, although
> > the name in kvm_vcpu_events is serror_has_esr, it is essentially just
> > the ISS fields of the ESR (which is also written in virt/kvm/api.rst).
> > Why named after "esr" instead of "iss"? The only reason I can think of
> > is, KVM wants to leave the room to accept more fields than ISS from
> > userspace. Does this reason apply to external aborts? Asking in case
> > if "iss" is a better name in kvm_vcpu_events, maybe for external
> > aborts, we should use ext_abt_has_iss?
>
> We will probably need to include more ESR fields in the future, like
> ESR_ELx.ISS2. So let's just keep the existing naming if that's OK with
> you.
Ack to "esr", thanks Oliver!
>
> Thanks,
> Oliver
More information about the linux-arm-kernel
mailing list