On Fri, 4 Oct 2024 at 16:53, Oliver Upton <oliver.upton@xxxxxxxxx> wrote: > > On Fri, Oct 04, 2024 at 01:10:48PM +0100, Peter Maydell wrote: > > On Fri, 4 Oct 2024 at 12:51, Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote: > > > > Strictly speaking this is a missing feature in KVM (in an > > > > ideal world it would let you do MMIO with any instruction > > > > that you could use on real hardware). > > > > > > I assume that's because KVM doesn't want to handle interruptions > > > in the middle of such "composite" instructions? > > > > It's because with the ISV=1 information in the ESR_EL2, > > KVM has everything it needs to emulate the load/store: > > it has the affected register number, the data width, etc. When > > ISV is 0, simulating the load/store would require KVM > > to load the actual instruction word, decode it to figure > > out what kind of load/store it was, and then emulate > > its behaviour. The instruction decode would be complicated > > and if done in the kernel would increase the attack surface > > exposed to the guest. > > On top of that, the only way to 'safely' fetch the instruction would be > to pause all vCPUs in the VM to prevent the guest from remapping the > address space behind either KVM or the VMM's back. Do we actually care about that, though? If the guest does that isn't it equivalent to a hardware CPU happening to fetch the insn just-after a remapping rather than just-before? If you decode the insn and it's not a store you could just restart the guest... thanks -- PMM
