From patchwork Tue Nov 23 21:01:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12693505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 515E4C433F5 for ; Tue, 23 Nov 2021 21:03:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=aeMW5Qn8MMCLDjyLswNQuYOu3DPpgdsteLlwR9s2EOI=; b=K4pVXJDUBQ9DpXQ40oFotrPyoJ ncDMG5U9yLQ4JUHWJMvnzzsReDvhmJ2IElxACYBB8ynKrZqqF5ihC15nibJwt3LaFN9hpZs8V03xe alV2bLU6egHTSkf8lrU//RqY0E7EhF7HMqehxcB7HGhcpDLsMT0rbzUjnlG2hVkYdsmJ+TvvwxFJB J8B6Y1TFHmw5dkC7Ey+lnr6rYQV08d4qb/Ef5RcBbCFxxUkpb21aT0rCsUivqZdTAAuVQhxEmgaYo ieoSsZbTP86/tSW86fyp1L3A108k4abXl8rGX4hBRG2GHtI254Mz/sAkTysJKqeMnYC36y2577ETS Y2ybbnvg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mpcvi-003Stq-3l; Tue, 23 Nov 2021 21:02:18 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mpcun-003Sjc-0F for linux-arm-kernel@lists.infradead.org; Tue, 23 Nov 2021 21:01:22 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id g25-20020a25b119000000b005c5e52a0574so656166ybj.5 for ; Tue, 23 Nov 2021 13:01:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ByP/I/N2qYqIP4+oWxcahvl0Co8ItsSKbQVT3k4Rcn4=; b=W7bbxxvsbd9U3ljuITR9++6jknbKsC92W11PsOKC0/tGu/UsrByddL9EQ+5Bhh5W9Q KlZj9qc4Nd+z7U/9T4RqKH+AMDMZK0wnVYSo9y0urh+qzL5Dopuw/CKOttoSfGt8QALX Fi516X28Kq79dT4ygbGadRLXMjcV1QRXWfB0qbjA3t6Q0RPNwR53ZMrsfDbhlnMStNxm GULkiuwhesEqjEqt/PJceU8wJaQ/u2oQS8bveS769DCn2JowQKKIuvfQY3XJTNM9OgiC 0JYqLN16Wgu40uUcoiyPAn1rTuAxp7lowRAyAjtOCwLF4D5QA4X7SQfHuXqutA2GUNoY iXMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ByP/I/N2qYqIP4+oWxcahvl0Co8ItsSKbQVT3k4Rcn4=; b=P+S776mEm1LOSsDQOHYSi5ODxqD+btd/G3NYCahx6eDsS9Wt3uKs7L12NC3iTrOXsz yJNZR6BPV3EBxgtQkld8NAWPwVuR8qvAqHzqrmufMBTCYLf9LkEc1GjEQszeJ1tS0RnF xALVPoKnn5CG/3zXvYgjDPLIzFE1o4TLMVJsj4LM/8o2vRpldbWbv4UlSZ14gJOKIlAJ 4Rb1M0Z04+No2IVRTY/hZs834WJsWR4LIgycikok7l24nF48rJyTehzSIgFgUcAQC6l2 yC9W+p44JXZVGikx7hSdi+Ej+zoSL3U/VT2M4s3YsyZAUVrkOcyiC+YIql9pyvqr7nVI 8/Xg== X-Gm-Message-State: AOAM531Tz3mcshH3ayvF5G4fWlMc0J1NRdbUvuclf0+EPj6fls3W0jYx pQRy/8nILxnzUBNflby5dghEj4GBYd0= X-Google-Smtp-Source: ABdhPJzT8/fpf0OeUjKwQSdIU9dd+uNdcajbMkZ9EYM7lHyXy/n3vbwioTrguxRlVGlBfdAjqYGQ0sxxmTQ= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a25:c6cd:: with SMTP id k196mr9724031ybf.411.1637701279952; Tue, 23 Nov 2021 13:01:19 -0800 (PST) Date: Tue, 23 Nov 2021 21:01:07 +0000 In-Reply-To: <20211123210109.1605642-1-oupton@google.com> Message-Id: <20211123210109.1605642-5-oupton@google.com> Mime-Version: 1.0 References: <20211123210109.1605642-1-oupton@google.com> X-Mailer: git-send-email 2.34.0.rc2.393.gf8c9666880-goog Subject: [PATCH v3 4/6] KVM: arm64: Emulate the OS Lock From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , linux-arm-kernel@lists.infradead.org, Andrew Jones , Peter Shier , Ricardo Koller , Reiji Watanabe , Oliver Upton X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211123_130121_081040_1B73A2A1 X-CRM114-Status: GOOD ( 19.80 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The OS lock blocks all debug exceptions at every EL. To date, KVM has not implemented the OS lock for its guests, despite the fact that it is mandatory per the architecture. Simple context switching between the guest and host is not appropriate, as its effects are not constrained to the guest context. Emulate the OS Lock by clearing MDE and SS in MDSCR_EL1, thereby blocking all but software breakpoint instructions. To handle breakpoint instructions, trap debug exceptions to EL2 and skip the instruction. Signed-off-by: Oliver Upton --- arch/arm64/include/asm/kvm_host.h | 4 ++++ arch/arm64/kvm/debug.c | 27 +++++++++++++++++++++++---- arch/arm64/kvm/sys_regs.c | 6 +++--- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 53fc8a6eaf1c..e5a06ff1cba6 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -726,6 +726,10 @@ void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu); void kvm_arm_setup_debug(struct kvm_vcpu *vcpu); void kvm_arm_clear_debug(struct kvm_vcpu *vcpu); void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu); + +#define kvm_vcpu_os_lock_enabled(vcpu) \ + (!!(__vcpu_sys_reg(vcpu, OSLSR_EL1) & SYS_OSLSR_OSLK)) + int kvm_arm_vcpu_arch_set_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr); int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu, diff --git a/arch/arm64/kvm/debug.c b/arch/arm64/kvm/debug.c index db9361338b2a..7835c76347ce 100644 --- a/arch/arm64/kvm/debug.c +++ b/arch/arm64/kvm/debug.c @@ -53,6 +53,14 @@ static void restore_guest_debug_regs(struct kvm_vcpu *vcpu) vcpu_read_sys_reg(vcpu, MDSCR_EL1)); } +/* + * Returns true if the host needs to use the debug registers. + */ +static inline bool host_using_debug_regs(struct kvm_vcpu *vcpu) +{ + return vcpu->guest_debug || kvm_vcpu_os_lock_enabled(vcpu); +} + /** * kvm_arm_init_debug - grab what we need for debug * @@ -105,9 +113,11 @@ static void kvm_arm_setup_mdcr_el2(struct kvm_vcpu *vcpu) * - Userspace is using the hardware to debug the guest * (KVM_GUESTDBG_USE_HW is set). * - The guest is not using debug (KVM_ARM64_DEBUG_DIRTY is clear). + * - The guest has enabled the OS Lock (debug exceptions are blocked). */ if ((vcpu->guest_debug & KVM_GUESTDBG_USE_HW) || - !(vcpu->arch.flags & KVM_ARM64_DEBUG_DIRTY)) + !(vcpu->arch.flags & KVM_ARM64_DEBUG_DIRTY) || + kvm_vcpu_os_lock_enabled(vcpu)) vcpu->arch.mdcr_el2 |= MDCR_EL2_TDA; trace_kvm_arm_set_dreg32("MDCR_EL2", vcpu->arch.mdcr_el2); @@ -160,8 +170,10 @@ void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) kvm_arm_setup_mdcr_el2(vcpu); - /* Is Guest debugging in effect? */ - if (vcpu->guest_debug) { + /* + * Check if we need to use the debug registers. + */ + if (host_using_debug_regs(vcpu)) { /* Save guest debug state */ save_guest_debug_regs(vcpu); @@ -223,6 +235,10 @@ void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) trace_kvm_arm_set_regset("WAPTS", get_num_wrps(), &vcpu->arch.debug_ptr->dbg_wcr[0], &vcpu->arch.debug_ptr->dbg_wvr[0]); + } else if (kvm_vcpu_os_lock_enabled(vcpu)) { + mdscr = vcpu_read_sys_reg(vcpu, MDSCR_EL1); + mdscr &= ~DBG_MDSCR_MDE; + vcpu_write_sys_reg(vcpu, mdscr, MDSCR_EL1); } } @@ -244,7 +260,10 @@ void kvm_arm_clear_debug(struct kvm_vcpu *vcpu) { trace_kvm_arm_clear_debug(vcpu->guest_debug); - if (vcpu->guest_debug) { + /* + * Restore the guest's debug registers if we were using them. + */ + if (host_using_debug_regs(vcpu)) { restore_guest_debug_regs(vcpu); /* diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 5dbdb45d6d44..1346906f5c46 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1453,9 +1453,9 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, * Debug handling: We do trap most, if not all debug related system * registers. The implementation is good enough to ensure that a guest * can use these with minimal performance degradation. The drawback is - * that we don't implement any of the external debug, none of the - * OSlock protocol. This should be revisited if we ever encounter a - * more demanding guest... + * that we don't implement any of the external debug architecture. + * This should be revisited if we ever encounter a more demanding + * guest... */ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_DC_ISW), access_dcsw },