On Mon, 01 Sep 2025 15:15:51 +0100, Gyujeong Jin wlsrbwjd7232@gmail.com wrote:
From: gyutrange wlsrbwjd643@naver.com
VNCR/TLBI VA reconstruction currently uses bit 48 as the sign bit, but for 48-bit virtual addresses the correct sign bit is bit 47.
No, that's not the case. Bit 55 is used at all times to determine which half of the address space a VA gets resolved from.
Using 48 can mis-canonicalize addresses in the negative half and may cause missed invalidations.
Although VNCR_EL2 encodes other architectural fields (RESS, BADDR; see Arm ARM D24.2.206), sign_extend64() interprets its second argument as the index of the sign bit. Passing 48 prevents propagation of the canonical sign bit for 48-bit VAs.
Impact:
- Incorrect canonicalization of VAs with bit47=1
No. We are not trying to make the VA canonical.
- Potential stale VNCR pseudo-TLB entries after TLBI or MMU notifier
No. The pseudo TLB is never created the first place.
- Possible incorrect translation/permissions or DoS when combined with other issues
Please explain, as "other issues" is not a valid argument.
Thanks,
M.