Re: [PATCH v2] KVM: arm64: Prevent the host from using an smc with imm16 != 0
From: Marc Zyngier
Date: Wed Mar 25 2026 - 10:42:11 EST
On Wed, 25 Mar 2026 13:28:05 +0000,
Mark Rutland <mark.rutland@xxxxxxx> wrote:
>
> On Wed, Mar 25, 2026 at 11:31:38AM +0000, Sebastian Ene wrote:
> > The ARM Service Calling Convention (SMCCC) specifies that the function
> > identifier and parameters should be passed in registers, leaving the
> > 16-bit immediate field of the SMC instruction un-handled.
>
> That's not quite right; the SMCCC spec says callers must use immediate
> 0.
>
> See https://developer.arm.com/documentation/den0028/h/ section 2.10
> ("SME and HVC immediate value"), which says:
>
> | • For all compliant calls, an SMC or HVC immediate value of zero must be
> | used.
> | • Nonzero immediate values in SMC instructions are reserved.
> | • Nonzero immediate values in HVC instructions are designated for use by
> | hypervisor vendors.
>
> > Currently, our pKVM handler ignores the immediate value, which could lead
> > to non-compliant software relying on implementation-defined behavior.
> > Enforce the host kernel running under pKVM to use an immediate value
> > of 0 by decoding the ISS from the ESR_EL2 and return a not supported
> > error code back to the caller.
>
> From my PoV, it'd be fine to turn a non-zero immediate into an UNDEF:
I disagree. If SMC can be handled at all, then it cannot UNDEF based
on the immediate -- the is no provision for that in the architecture.
If it can UNDEF, then it must UNDEF always (as if SCR_EL3.SMD == 1).
Thanks,
M.
--
Without deviation from the norm, progress is not possible.