On Fri, Oct 04, 2024 at 04:57:56PM +0100, Peter Maydell wrote: > On Fri, 4 Oct 2024 at 16:53, Oliver Upton <oliver.upton@xxxxxxxxx> wrote: > > > > On Fri, Oct 04, 2024 at 01:10:48PM +0100, Peter Maydell wrote: > > > On Fri, 4 Oct 2024 at 12:51, Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote: > > > > > Strictly speaking this is a missing feature in KVM (in an > > > > > ideal world it would let you do MMIO with any instruction > > > > > that you could use on real hardware). > > > > > > > > I assume that's because KVM doesn't want to handle interruptions > > > > in the middle of such "composite" instructions? > > > > > > It's because with the ISV=1 information in the ESR_EL2, > > > KVM has everything it needs to emulate the load/store: > > > it has the affected register number, the data width, etc. When > > > ISV is 0, simulating the load/store would require KVM > > > to load the actual instruction word, decode it to figure > > > out what kind of load/store it was, and then emulate > > > its behaviour. The instruction decode would be complicated > > > and if done in the kernel would increase the attack surface > > > exposed to the guest. > > > > On top of that, the only way to 'safely' fetch the instruction would be > > to pause all vCPUs in the VM to prevent the guest from remapping the > > address space behind either KVM or the VMM's back. > > Do we actually care about that, though? Judging from the fact that our existing MMIO flows have a similar "bug", I'd say no. I was just being pedantic about how annoying it'd be to do this faithfully, including the VA -> IPA translation. > If the guest does > that isn't it equivalent to a hardware CPU happening to > fetch the insn just-after a remapping rather than just-before? > If you decode the insn and it's not a store you could just > restart the guest... Definitely, you'd need to restart any time the instruction doesn't line up with the ESR. The pedantic thing I was thinking about was if the instruction bytes remain the same but marked as non-executable: T1 T2 == == readl(addr); < MMIO data abort > insn = fetch(readl); set_nx(readl); tlbi(readl); dsb(ish); emulate(insn); -- Thanks, Oliver
