Thanks ALOK, for pointing out the typos! Queued the fixes to V2 while
awaiting for reviews on other patches.

On Wed, May 7, 2025 at 12:25 PM ALOK TIWARI <alok.a.tiw...@oracle.com> wrote:
>
> ...
> > +Inject SError
> > +~~~~~~~~~~~~~
> > +
> >   Set the pending SError exception state for this VCPU. It is not possible 
> > to
> >   'cancel' an Serror that has been made pending.
> >
> > -If the guest performed an access to I/O memory which could not be handled 
> > by
> > -userspace, for example because of missing instruction syndrome decode
> > -information or because there is no device mapped at the accessed IPA, then
> > -userspace can ask the kernel to inject an external abort using the address
> > -from the exiting fault on the VCPU. It is a programming error to set
> > -ext_dabt_pending after an exit which was not either KVM_EXIT_MMIO or
> > -KVM_EXIT_ARM_NISV. This feature is only available if the system supports
> > -KVM_CAP_ARM_INJECT_EXT_DABT. This is a helper which provides commonality in
> > -how userspace reports accesses for the above cases to guests, across 
> > different
> > -userspace implementations. Nevertheless, userspace can still emulate all 
> > Arm
> > -exceptions by manipulating individual registers using the KVM_SET_ONE_REG 
> > API.
> > +Inject SEA (synchronous external abort)
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > +
> > +- If the guest performed an access to I/O memory which could not be 
> > handled by
> > +  userspace, for example because of missing instruction syndrome decode
> > +  information or because there is no device mapped at the accessed IPA.
> > +
> > +- If the guest consumed an uncorrected memory error, and RAS extension in 
> > the
> > +  Trusted Firmware choose to notify PE with SEA, KVM has to handle it when
> > +  host APEI is unable to claim the SEA. For the following types of faults,
> > +  if userspace enabled KVM_CAP_ARM_SEA_TO_USER, KVM returns to userspace 
> > with
> > +  KVM_EXIT_ARM_SEA:
> > +
> > +  - Synchronous external abort, not on translation table walk or hardware
> > +    update of translation table.
> > +
> > +  - Synchronous external abort on translation table walk or hardware 
> > update of
> > +    translation table, including all levels.
> > +
> > +  - Synchronous parity or ECC error on memory access, not on translation 
> > table
> > +    walk.
> > +
> > +  - Synchronous parity or ECC error on memory access on translation table 
> > walk
> > +    or hardware update of translation table, including all levels.
> > +
> > +For the cases above, userspace can ask the kernel to replay either an 
> > external
> > +data abort (by setting ext_dabt_pending) or an external instruciton abort
>
> typo instruciton -> instruction
>
> > +(by setting ext_iabt_pending) into the faulting VCPU. KVM will use the 
> > address
> > +from the exiting fault on the VCPU. Setting both ext_dabt_pending and
> > +ext_iabt_pending at the same time will return -EINVAL.
> > +
> > +It is a programming error to set ext_dabt_pending or ext_iabt_pending 
> > after an
> > +exit which was not KVM_EXIT_MMIO, KVM_EXIT_ARM_NISV or KVM_EXIT_ARM_SEA.
> > +Injecting SEA for data and instruction abort is only available if KVM 
> > supports
> > +KVM_CAP_ARM_INJECT_EXT_DABT and KVM_CAP_ARM_INJECT_EXT_IABT respectively.
> > +
> > +This is a helper which provides commonality in how userspace reports 
> > accesses
> > +for the above cases to guests, across different userspace implementations.
> > +Nevertheless, userspace can still emulate all Arm exceptions by 
> > manipulating
> > +individual registers using the KVM_SET_ONE_REG API.
> >
> >   See KVM_GET_VCPU_EVENTS for the data structure.
> >
> > @@ -7151,6 +7184,55 @@ The valid value for 'flags' is:
> >     - KVM_NOTIFY_CONTEXT_INVALID -- the VM context is corrupted and not 
> > valid
> >       in VMCS. It would run into unknown result if resume the target VM.
> >
> > +::
> > +
> > +    /* KVM_EXIT_ARM_SEA */
> > +    struct {
> > +      __u64 esr;
> > +  #define KVM_EXIT_ARM_SEA_FLAG_GVA_VALID   (1ULL << 0)
> > +  #define KVM_EXIT_ARM_SEA_FLAG_GPA_VALID   (1ULL << 1)
> > +      __u64 flags;
> > +      __u64 gva;
> > +         __u64 gpa;
> > +    } arm_sea;
> > +
> > +Used on arm64 systems. When the VM capability KVM_CAP_ARM_SEA_TO_USER is
> > +enabled, a VM exit is generated if guest caused a synchronous external 
> > abort
> > +(SEA) and the host APEI fails to handle the SEA.
> > +
> > +Historically KVM handles SEA by first delegating the SEA to host APEI as 
> > there
> > +is high chance that the SEA is caused by consuming uncorrected memory 
> > error.
> > +However, not all platforms support SEA handling in APEI, and KVM's fallback
> > +handling is to inject an async SError into the guest, which usually panics
> > +guest kernel unpleasantly. As an alternative, userspace can participate 
> > into
> > +the SEA handling by enabling KVM_CAP_ARM_SEA_TO_USER at VM creation, after
> > +querying the capability. Once enabled, when KVM has to handle the guest
> > +caused SEA, it returns to userspace with KVM_EXIT_ARM_SEA, with details
> > +about the SEA available in 'arm_sea'.
> > +
> > +The 'esr' filed holds the value of the exception syndrome register (ESR) 
> > while
>
> 'esr' filed holds -> 'esr' field hold
>
> > +KVM taking the SEA, which tells userspace the character of the current SEA,
> > +such as its Exception Class, Synchronous Error Type, Fault Specific Code 
> > and
> > +so on. For more details on ESR, check the Arm Architecture Registers
> > +documentation.
> > +
> > +The 'flags' field indicates if the faulting addresses are available while
> > +taking the SEA:
> > +
> > +  - KVM_EXIT_ARM_SEA_FLAG_GVA_VALID -- the faulting guest virtual address
> > +    is valid and userspace can get its value in the 'gva' field.
>
> the 'gpa' filed -> the 'gpa' field.
>
> > +  - KVM_EXIT_ARM_SEA_FLAG_GPA_VALID -- the faulting guest physical address
> > +    is valid and userspace can get its value in the 'gpa' filed.
> > +
> > +Userspace needs to take actions to handle guest SEA synchronously, namely 
> > in
> > +the same thread that runs KVM_RUN and receives KVM_EXIT_ARM_SEA. One of the
> > +encouraged approaches is to utilize the KVM_SET_VCPU_EVENTS to inject the 
> > SEA
> > +to the faulting VCPU. This way, the guest has the opportunity to keep 
> > running
> > +and limit the blast radius of the SEA to the particular guest application 
> > that
> > +caused the SEA. If the Exception Class indicated by 'esr' field in 
> > 'arm_sea'
> > +is data abort, userspace should inject data abort. If the Exception Class 
> > is
> > +instruction abort, userspace should inject instruction abort.
>
>
> Thanks,
> Alok

Reply via email to