From patchwork Thu Aug 10 11:30:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Morse X-Patchwork-Id: 9893311 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 65B0C603F2 for ; Thu, 10 Aug 2017 11:32:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 597FF28AEB for ; Thu, 10 Aug 2017 11:32:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4EA1D28AED; Thu, 10 Aug 2017 11:32:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CB36E28AF4 for ; Thu, 10 Aug 2017 11:32:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=fPrIxsAwjKVpOyhiwk6He3kJ8l9pTzQhltuv9pgSwE4=; b=fEt UpUL0OF1TeFPBvmEEwGdu+FyQJIfvsDM1HP549E7N3rTm/S4XVkWSiJd9oL9mNu0IwLp8lTWZr7Yv HOg0GXpHxfc5Vd7yvwTU/cHXXfh2bWy7lWyIX3p9Plfwud0rz+n6Gzag2xArWxi/k0qHcn3tayZbU 6xLda1ZuqxcZW42o10rK7hx/b/OscEDPyfgjjoWbncoDPBSsC6Z8c/umC1DldtLc3mpK2Qd4R9zb6 EhEjG+rsmFlNKxmTat8Nf6dehKRQBB2EUT2j5tUQ/7mfsQsh6vD2+KSkWxa//znbeRwrNZue9jLtT 2MfEb12ZLmu+sgIMo6dxLGWKFwCn/xw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dflhA-0000oG-0J; Thu, 10 Aug 2017 11:32:08 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dflh6-0000ko-Oa for linux-arm-kernel@lists.infradead.org; Thu, 10 Aug 2017 11:32:06 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0759180D; Thu, 10 Aug 2017 04:31:43 -0700 (PDT) Received: from melchizedek.cambridge.arm.com (melchizedek.cambridge.arm.com [10.1.207.55]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id ECFEB3F540; Thu, 10 Aug 2017 04:31:41 -0700 (PDT) From: James Morse To: kvmarm@lists.cs.columbia.edu Subject: [PATCH] KVM: arm64: stop propagating DAIF flags between kernel and VHE's world switch Date: Thu, 10 Aug 2017 12:30:21 +0100 Message-Id: <20170810113021.1110-1-james.morse@arm.com> X-Mailer: git-send-email 2.13.3 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170810_043204_816672_04A20A33 X-CRM114-Status: GOOD ( 12.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marc Zyngier , James Morse , Christoffer Dall , linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP KVM calls __kvm_vcpu_run() in a loop with interrupts masked for the duration of the call. On a non-vhe system we HVC to EL2 and the host DAIF flags are save/restored via the SPSR. On a system with vhe, we branch to the EL2 code because the kernel also runs at EL2. This means the other kernel DAIF flags propagate into KVMs EL2 code. The same happens in reverse, we take an exception to exit the guest and all the flags are masked. __guest_exit() unmasks SError, and we return with these flags through world switch and back into the host kernel. KVM unmasks interrupts as part of its __kvm_vcpu_run(), but debug exceptions remain disabled due to the guest exit exception, (as does SError: today this is the only time SError is unmasked in the kernel). The flags stay in this state until we return to userspace. We have a __vhe_hyp_call() function that does the isb that we implicitly have on non-vhe systems, add the DAIF save/restore here, instead of in __sysreg_{save,restore}_host_state() which would require an extra isb() between the hosts VBAR_EL1 being restored and DAIF being restored. Signed-off-by: James Morse --- I don't like the host DAIF context being stored on the stack instead of kvm_host_cpu_state, but this should only be a problem for returns that don't go through __vhe_hyp_call(). That should just be hyp_panic() where we want to change DAIF anyway. If you want a fixes tag for this, I think its: Fixes: b81125c791a2 ("arm64: KVM: VHE: Patch out use of HVC") While this won't conflict with v3 of the RAS+IESB series, it will depend on this patches behaviour: Without this patch you will have SError unmasked on host->guest world switch, a v8.2 RAS error arriving during this window will HYP panic, but this is already the case today for guest->host. arch/arm64/kvm/hyp/hyp-entry.S | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S index 5170ce1021da..5eaa336e5dd9 100644 --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -42,6 +42,11 @@ .endm ENTRY(__vhe_hyp_call) + /* HVC->ERET implicitly save/restore DAIF, we do it manually here. */ + mrs x9, daif + str x9, [sp, #-16]! + msr daifset, #0xf + do_el2_call /* * We used to rely on having an exception return to get @@ -50,6 +55,14 @@ ENTRY(__vhe_hyp_call) * before returning to the rest of the kernel. */ isb + + /* + * World-switch changes VBAR_EL1, we can only restore DAIF after + * the hosts value has been synchronised by the above isb. + */ + ldr x9, [sp], #16 + msr daif, x9 + ret ENDPROC(__vhe_hyp_call)