[PATCH 05/20] KVM: arm64: Extend unified RESx handling to runtime sanitisation
Fuad Tabba
tabba at google.com
Mon Jan 26 11:15:00 PST 2026
Hi Marc,
On Mon, 26 Jan 2026 at 12:17, Marc Zyngier <maz at kernel.org> wrote:
>
> Add a new helper to retrieve the RESx values for a given system
> register, and use it for the runtime sanitisation.
>
> This results in slightly better code generation for a fairly hot
> path in the hypervisor.
>
> Signed-off-by: Marc Zyngier <maz at kernel.org>
> ---
> arch/arm64/include/asm/kvm_host.h | 13 +++++++++++++
> arch/arm64/kvm/emulate-nested.c | 10 +---------
> arch/arm64/kvm/nested.c | 13 ++++---------
> 3 files changed, 18 insertions(+), 18 deletions(-)
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index a7e4cd8ebf56f..9dca94e4361f0 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -635,6 +635,19 @@ struct kvm_sysreg_masks {
> struct resx mask[NR_SYS_REGS - __SANITISED_REG_START__];
> };
>
> +#define kvm_get_sysreg_resx(k, sr) \
> + ({ \
> + struct kvm_sysreg_masks *__masks; \
> + struct resx __resx = {}; \
> + \
> + __masks = (k)->arch.sysreg_masks; \
> + if (likely(__masks && \
> + sr >= __SANITISED_REG_START__ && \
> + sr < NR_SYS_REGS)) \
> + __resx = __masks->mask[sr - __SANITISED_REG_START__]; \
> + __resx; \
> + })
> +
This now covers all registers that need to be sanitized, not just
VNCR-backed ones now.
nit: wouldn't it be better to capture sr in a local variable rather
than reuse it? It is an enum, but it would make checkpatch feel
slightly better :)
Reviewed-by: Fuad Tabba <tabba at google.com>
Cheers,
/fuad
> #define kvm_set_sysreg_resx(k, sr, resx) \
> do { \
> (k)->arch.sysreg_masks->mask[sr - __SANITISED_REG_START__] = resx; \
> diff --git a/arch/arm64/kvm/emulate-nested.c b/arch/arm64/kvm/emulate-nested.c
> index 774cfbf5b43ba..43334cd2db9e5 100644
> --- a/arch/arm64/kvm/emulate-nested.c
> +++ b/arch/arm64/kvm/emulate-nested.c
> @@ -2427,15 +2427,7 @@ static enum trap_behaviour compute_trap_behaviour(struct kvm_vcpu *vcpu,
>
> static u64 kvm_get_sysreg_res0(struct kvm *kvm, enum vcpu_sysreg sr)
> {
> - struct kvm_sysreg_masks *masks;
> -
> - /* Only handle the VNCR-backed regs for now */
> - if (sr < __VNCR_START__)
> - return 0;
> -
> - masks = kvm->arch.sysreg_masks;
> -
> - return masks->mask[sr - __SANITISED_REG_START__].res0;
> + return kvm_get_sysreg_resx(kvm, sr).res0;
> }
>
> static bool check_fgt_bit(struct kvm_vcpu *vcpu, enum vcpu_sysreg sr,
> diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c
> index c5a45bc62153e..75a23f1c56d13 100644
> --- a/arch/arm64/kvm/nested.c
> +++ b/arch/arm64/kvm/nested.c
> @@ -1669,16 +1669,11 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val)
> u64 kvm_vcpu_apply_reg_masks(const struct kvm_vcpu *vcpu,
> enum vcpu_sysreg sr, u64 v)
> {
> - struct kvm_sysreg_masks *masks;
> -
> - masks = vcpu->kvm->arch.sysreg_masks;
> -
> - if (masks) {
> - sr -= __SANITISED_REG_START__;
> + struct resx resx;
>
> - v &= ~masks->mask[sr].res0;
> - v |= masks->mask[sr].res1;
> - }
> + resx = kvm_get_sysreg_resx(vcpu->kvm, sr);
> + v &= ~resx.res0;
> + v |= resx.res1;
>
> return v;
> }
> --
> 2.47.3
>
More information about the linux-arm-kernel
mailing list