From patchwork Wed Aug 18 20:21:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12445283 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52AE9C4320A for ; Wed, 18 Aug 2021 20:21:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 347D4610FA for ; Wed, 18 Aug 2021 20:21:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233634AbhHRUWN (ORCPT ); Wed, 18 Aug 2021 16:22:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233554AbhHRUWM (ORCPT ); Wed, 18 Aug 2021 16:22:12 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0FB6C061764 for ; Wed, 18 Aug 2021 13:21:37 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id gw9-20020a0562140f0900b0035decb1dfecso3026944qvb.5 for ; Wed, 18 Aug 2021 13:21:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=RsQw2+A6Y7v0C6V3YM0HBQbdtVAQ2NdDTbPPjc85eBM=; b=TUbYJCoU5mNFScZR1T6MWKR0qv9dR3+Cv2+4X3Nd2cRi6UXDkt3rmAzI5bXsjMFaJL m5vg09zXuY0c78nd4U+tpJCriXknDWGd4FvJS8NFNr98PaxCHdv+1kTEoNMslSqHD1QX JhwYhXysgKmydSBaQyFEC7qT3ySd7zOu4z5eOPGPqaS7VhNC0tkragx/ABg5fiKeCi80 sQcXm5docwNzGfUGGprbBLbDQyodr0we9559CqUJzDqklmyPaN+L8UlJwUdvrPottnyX BmCka7tnuCU5RBTeksUAa+Nfz3dAQ+GP+JsWK9IL0FEkkIWK1TutAIlsADq48osIleFW ND+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=RsQw2+A6Y7v0C6V3YM0HBQbdtVAQ2NdDTbPPjc85eBM=; b=iYNJmpgPuH3QnkxwsNPXPcwoeE8XRObEEzQGIRFPsMB+/zv08WThmB0vLlDLedUyH9 94GDMsPntH+UYxvxtLCPsezDdCl/PFo0kvrztEt4pwL90A9nx16oAnyCuavqX14JUiOk 2D8I44PRZaZBILDLZ+RaOinj8MUpOgjdRE4qBe8yDevurA18Y2lN4iwzR00/YZLxIVVv ZLExBBBrH4Jg0pzTSIxjEyxKyELMiEINBfqR/DLiupJLg/moZy8RmUsRnWoCZ7CUxA00 G8KB/9tFswWrmbhAmThXFMe11JG0T9NkihBfMS/u7g9rlxiecW0pEvpG9L30ZeXR+VnQ Ay/Q== X-Gm-Message-State: AOAM533fn84EfioCrZIQW8zQbk2IEyKjW9sr+B+roE14JF+FWIl/NzHx oV2cg9ypsTd9I9t9igHCWpSaz/2IlGTCumz0cG+R0wJZBVjf3YdkH10U67WHRKCyJg+90p6/PUC 4gVddrjOPjLYWzxbOndb3JOBKOA2LF3VOYKVAuHEyCswYsahXjDNAkKMSjg== X-Google-Smtp-Source: ABdhPJz4xN3hybVA6/XryTpEYGPYLhn3XqACAJim9UMbamFc5G7dYZ5hZazqjOJDpZO5CPCkmrtHSgv7QNg= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a0c:be85:: with SMTP id n5mr10684618qvi.59.1629318096780; Wed, 18 Aug 2021 13:21:36 -0700 (PDT) Date: Wed, 18 Aug 2021 20:21:30 +0000 In-Reply-To: <20210818202133.1106786-1-oupton@google.com> Message-Id: <20210818202133.1106786-2-oupton@google.com> Mime-Version: 1.0 References: <20210818202133.1106786-1-oupton@google.com> X-Mailer: git-send-email 2.33.0.rc1.237.g0d66db33f3-goog Subject: [PATCH v2 1/4] KVM: arm64: Fix read-side race on updates to vcpu reset state From: Oliver Upton To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Marc Zyngier , Peter Shier , Ricardo Koller , Jing Zhang , Raghavendra Rao Anata , James Morse , Alexandru Elisei , Suzuki K Poulose , Andrew Jones , Oliver Upton Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org KVM correctly serializes writes to a vCPU's reset state, however since we do not take the KVM lock on the read side it is entirely possible to read state from two different reset requests. Cure the race for now by taking the KVM lock when reading the reset_state structure. Fixes: 358b28f09f0a ("arm/arm64: KVM: Allow a VCPU to fully reset itself") Signed-off-by: Oliver Upton --- arch/arm64/kvm/reset.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c index cba7872d69a8..d862441b03b1 100644 --- a/arch/arm64/kvm/reset.c +++ b/arch/arm64/kvm/reset.c @@ -210,10 +210,16 @@ static bool vcpu_allowed_register_width(struct kvm_vcpu *vcpu) */ int kvm_reset_vcpu(struct kvm_vcpu *vcpu) { + struct vcpu_reset_state reset_state; int ret; bool loaded; u32 pstate; + mutex_lock(&vcpu->kvm->lock); + reset_state = vcpu->arch.reset_state; + WRITE_ONCE(vcpu->arch.reset_state.reset, false); + mutex_unlock(&vcpu->kvm->lock); + /* Reset PMU outside of the non-preemptible section */ kvm_pmu_vcpu_reset(vcpu); @@ -276,8 +282,8 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu) * Additional reset state handling that PSCI may have imposed on us. * Must be done after all the sys_reg reset. */ - if (vcpu->arch.reset_state.reset) { - unsigned long target_pc = vcpu->arch.reset_state.pc; + if (reset_state.reset) { + unsigned long target_pc = reset_state.pc; /* Gracefully handle Thumb2 entry point */ if (vcpu_mode_is_32bit(vcpu) && (target_pc & 1)) { @@ -286,13 +292,11 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu) } /* Propagate caller endianness */ - if (vcpu->arch.reset_state.be) + if (reset_state.be) kvm_vcpu_set_be(vcpu); *vcpu_pc(vcpu) = target_pc; - vcpu_set_reg(vcpu, 0, vcpu->arch.reset_state.r0); - - vcpu->arch.reset_state.reset = false; + vcpu_set_reg(vcpu, 0, reset_state.r0); } /* Reset timer */ From patchwork Wed Aug 18 20:21:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12445285 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51B41C4338F for ; Wed, 18 Aug 2021 20:21:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3C6D4610FE for ; Wed, 18 Aug 2021 20:21:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233681AbhHRUWO (ORCPT ); Wed, 18 Aug 2021 16:22:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233554AbhHRUWN (ORCPT ); Wed, 18 Aug 2021 16:22:13 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F645C061764 for ; Wed, 18 Aug 2021 13:21:38 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id 21-20020a370815000000b003d5a81a4d12so2618097qki.3 for ; Wed, 18 Aug 2021 13:21:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=kvKtrAMG5/B2xy9v8H2FiPsJUDywEb7U/VFv10BGAsU=; b=S/1pSOiATU/vW+PQwJSN5RtYqU/6D2RUGu3fWtiYYp8duK0t1St5G0FSkM8hD38t5A f9fDCXnfnp8xGPLkX17IQ7ZC8VDhmEsePO90TD5QigC63rzKCk95I1PRIT42jJLHKaGR iJc+FrUNTpB+Be0WDgVkn+ZZaB2Dwau03J8XcJR7+L3T9VP9NDePahgbyTVe2Ks06hsT LLOo+ALm+OJ1oqMXsD323LdSWFT74NExX6nzIzE4uW6ZrzHTf1B0m6X/YvqsGALCbZ+9 TRl170pakEEhRXhxkNKgGD1iD92gWK77v/cc5TDq0PFlExib1e2yIitemSbHTxLPXlGF iTQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=kvKtrAMG5/B2xy9v8H2FiPsJUDywEb7U/VFv10BGAsU=; b=Qu4GLH9q2fHudw4v8Sv3Ac4XZrX4ZI+QF1jcMmneVizC0Egh99eNRdyIIT9eWy92Ki pJX6osddepTjqOG+p0p3RV+WPxC/JOBXfYUaSRBirfb0b9EjaHadg5nGlqQK4ObG8OdZ zbQfaXyO2eqw/sNU9UM9/GktmYAAD3ZtS2iOan2+lh6n2ufcHcZ9Oo8a48GZTdYCVNMi DFDMLWcS+4a6el0og/JnCB5PLQcPYq/JNItl/ThasNXpTQnUFXFKWj2hDPzecdWAsaaL XwDXVq58koHVXZjIEnotbehY/31fSbCtiRxsKpCv3fKa/riAwS83HNtqphuhnzMirCi1 LCDw== X-Gm-Message-State: AOAM530b5hKrooI1OrIW4pF7TI6x40Q7mN3SqKXjsB7xFs+Kr4JEqKjz Oj1HucEy/wWMWvnKwaE+SRhk2IEPR8UsNMg1QsDi2s7mQtMiAyl8dotWS7f/U+DmF0XKOvE2bp5 2gL0td+3lsmAk0VsiLm63TNjquaULKTvrZUzS645qk+yZVFw8wwg8kMi9Ig== X-Google-Smtp-Source: ABdhPJzeVUqlbjJkSBQ4IlhwKRJxJl7Np7SGxoszuSv8QX+fTbAJgDGS9IB+KhTQDNDEuqystjSZo6XwBgs= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a05:6214:621:: with SMTP id a1mr11008909qvx.12.1629318097796; Wed, 18 Aug 2021 13:21:37 -0700 (PDT) Date: Wed, 18 Aug 2021 20:21:31 +0000 In-Reply-To: <20210818202133.1106786-1-oupton@google.com> Message-Id: <20210818202133.1106786-3-oupton@google.com> Mime-Version: 1.0 References: <20210818202133.1106786-1-oupton@google.com> X-Mailer: git-send-email 2.33.0.rc1.237.g0d66db33f3-goog Subject: [PATCH v2 2/4] KVM: arm64: Handle PSCI resets before userspace touches vCPU state From: Oliver Upton To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Marc Zyngier , Peter Shier , Ricardo Koller , Jing Zhang , Raghavendra Rao Anata , James Morse , Alexandru Elisei , Suzuki K Poulose , Andrew Jones , Oliver Upton Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org The CPU_ON PSCI call takes a payload that KVM uses to configure a destination vCPU to run. This payload is non-architectural state and not exposed through any existing UAPI. Effectively, we have a race between CPU_ON and userspace saving/restoring a guest: if the target vCPU isn't ran again before the VMM saves its state, the requested PC and context ID are lost. When restored, the target vCPU will be runnable and start executing at its old PC. We can avoid this race by making sure the reset payload is serviced before userspace can access a vCPU's state. Fixes: 358b28f09f0a ("arm/arm64: KVM: Allow a VCPU to fully reset itself") Signed-off-by: Oliver Upton --- arch/arm64/kvm/arm.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 0ca72f5cda41..a9763db0d27b 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -1219,6 +1219,14 @@ long kvm_arch_vcpu_ioctl(struct file *filp, if (copy_from_user(®, argp, sizeof(reg))) break; + /* + * We could owe a reset due to PSCI. Handle the pending reset + * here to ensure userspace register accesses are ordered after + * the reset. + */ + if (kvm_check_request(KVM_REQ_VCPU_RESET, vcpu)) + kvm_reset_vcpu(vcpu); + if (ioctl == KVM_SET_ONE_REG) r = kvm_arm_set_reg(vcpu, ®); else From patchwork Wed Aug 18 20:21:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12445287 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40665C432BE for ; Wed, 18 Aug 2021 20:21:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2A153610FF for ; Wed, 18 Aug 2021 20:21:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233797AbhHRUWP (ORCPT ); Wed, 18 Aug 2021 16:22:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233682AbhHRUWO (ORCPT ); Wed, 18 Aug 2021 16:22:14 -0400 Received: from mail-oi1-x249.google.com (mail-oi1-x249.google.com [IPv6:2607:f8b0:4864:20::249]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89782C061764 for ; Wed, 18 Aug 2021 13:21:39 -0700 (PDT) Received: by mail-oi1-x249.google.com with SMTP id w16-20020a0568081410b029025c350a89fdso1532818oiv.11 for ; Wed, 18 Aug 2021 13:21:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=hGb/ueygkMqaGjl0KMNjqvYzUKfaiFfnTNnmRtH2qjE=; b=LMeoFdjwl26WEwUvEYAKf71IpNGuy6iROwQXK5jLYTWCnMpoiWtHFZSjponxOa6Jw7 pdxO8BC3LMXSQzkbUTfwccwO0/+FgxPcG39ivpgk/pj1qpS5fIO7wjCGve6hHpYVTny0 1FNpIMRXx670vuJqd0l8WttCjI3rYAJQkmLNNvxUfB+bp3WFH3TvZjzlr+4dPD+rqNvQ Vny4af7srvH9a0H85EYncnqO32HOBqRrtbO4TUv4p+j8osuOEcfDsrfuJZM1sae1KUr4 6bJm0fySxvg8Oz2KY+PYPDCaoLObDg1WyHigH7e0RB034hG3CUv4UOIck2WDYRaaLHTx ecxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=hGb/ueygkMqaGjl0KMNjqvYzUKfaiFfnTNnmRtH2qjE=; b=Icof2eW8T5eDeXhdtmHmyedcpYG9uVhXvYJESqPjj5/UzP7kEc7fiewijuWzvfJ4NT jhx8r/I+U4Psc1XSQOsYaq3Mp0Wa6P9jdWjkAc4pjELRl+K7o/72trje4zLixcdPTTGP Yuf1vQFypERIV8/7h6d7xCPB/w3VMEb/LhHYicU3t43bpxeNM1Ntx5rKcDIPmRB3otQT W9Z4adNsHlCEp2RIBBtVq5EenUek9QwP91o9z/bLme8qrNN86ESy6okAa6cAj20SyJeF sBzpVL8RL+FBVUgRH+yEGLtzYD5/7C2H91oSmiV5tmEEUNFI98KOHrYXjgiiRL5p9/rL sAeQ== X-Gm-Message-State: AOAM530rbE/q7IYuwzVYZ6GPyMs+eJ99lTECuksziAliLte0IbzNNQjv Djbu4wzx09z7iTneBeyeHX6xsbIB1A9GAbR4qpydQ3qEw19KwHGOTw3HyhnMfvXP2W2ieQluCP0 RhzmMSHvxJyWIIQbZ9eH5jT6JqodEB8MYm0ZtTxuMFeahFqTCH/vW6dysDQ== X-Google-Smtp-Source: ABdhPJxONHASSnzgn61nsjiHmFL+Yo64sPq7kL1PbwlMuzfrSrfWcFwbsKgj4L0YFIAJ0trU0iitWSJV4pU= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:aca:de54:: with SMTP id v81mr65294oig.40.1629318098693; Wed, 18 Aug 2021 13:21:38 -0700 (PDT) Date: Wed, 18 Aug 2021 20:21:32 +0000 In-Reply-To: <20210818202133.1106786-1-oupton@google.com> Message-Id: <20210818202133.1106786-4-oupton@google.com> Mime-Version: 1.0 References: <20210818202133.1106786-1-oupton@google.com> X-Mailer: git-send-email 2.33.0.rc1.237.g0d66db33f3-goog Subject: [PATCH v2 3/4] KVM: arm64: Enforce reserved bits for PSCI target affinities From: Oliver Upton To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Marc Zyngier , Peter Shier , Ricardo Koller , Jing Zhang , Raghavendra Rao Anata , James Morse , Alexandru Elisei , Suzuki K Poulose , Andrew Jones , Oliver Upton Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org According to the PSCI specification, ARM DEN 0022D, 5.1.4 "CPU_ON", the CPU_ON function takes a target_cpu argument that is bit-compatible with the affinity fields in MPIDR_EL1. All other bits in the argument are RES0. Note that the same constraints apply to the target_affinity argument for the AFFINITY_INFO call. Enforce the spec by returning INVALID_PARAMS if a guest incorrectly sets a RES0 bit. Signed-off-by: Oliver Upton --- arch/arm64/kvm/psci.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/psci.c b/arch/arm64/kvm/psci.c index db4056ecccfd..74c47d420253 100644 --- a/arch/arm64/kvm/psci.c +++ b/arch/arm64/kvm/psci.c @@ -59,6 +59,12 @@ static void kvm_psci_vcpu_off(struct kvm_vcpu *vcpu) kvm_vcpu_kick(vcpu); } +static inline bool kvm_psci_valid_affinity(struct kvm_vcpu *vcpu, + unsigned long affinity) +{ + return !(affinity & ~MPIDR_HWID_BITMASK); +} + static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu) { struct vcpu_reset_state *reset_state; @@ -66,9 +72,9 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu) struct kvm_vcpu *vcpu = NULL; unsigned long cpu_id; - cpu_id = smccc_get_arg1(source_vcpu) & MPIDR_HWID_BITMASK; - if (vcpu_mode_is_32bit(source_vcpu)) - cpu_id &= ~((u32) 0); + cpu_id = smccc_get_arg1(source_vcpu); + if (!kvm_psci_valid_affinity(source_vcpu, cpu_id)) + return PSCI_RET_INVALID_PARAMS; vcpu = kvm_mpidr_to_vcpu(kvm, cpu_id); @@ -126,6 +132,9 @@ static unsigned long kvm_psci_vcpu_affinity_info(struct kvm_vcpu *vcpu) target_affinity = smccc_get_arg1(vcpu); lowest_affinity_level = smccc_get_arg2(vcpu); + if (!kvm_psci_valid_affinity(vcpu, target_affinity)) + return PSCI_RET_INVALID_PARAMS; + /* Determine target affinity mask */ target_affinity_mask = psci_affinity_mask(lowest_affinity_level); if (!target_affinity_mask) From patchwork Wed Aug 18 20:21:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12445289 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6A2FC4338F for ; Wed, 18 Aug 2021 20:21:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9E47660ED3 for ; Wed, 18 Aug 2021 20:21:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233833AbhHRUWQ (ORCPT ); Wed, 18 Aug 2021 16:22:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233682AbhHRUWP (ORCPT ); Wed, 18 Aug 2021 16:22:15 -0400 Received: from mail-io1-xd4a.google.com (mail-io1-xd4a.google.com [IPv6:2607:f8b0:4864:20::d4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0E99C061764 for ; Wed, 18 Aug 2021 13:21:40 -0700 (PDT) Received: by mail-io1-xd4a.google.com with SMTP id k21-20020a5e93150000b02905b30d664397so1927294iom.0 for ; Wed, 18 Aug 2021 13:21:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=yAtZtpeE6rXx+fuJoapWocNkmFQzDonUY35/KDI+IeY=; b=ukh2RD/BqyAU1d74OgmsRHjzX4dQVXV1GIVny8z/opUmJkGoCQ/baXzWOQljwKEOTb 5ddhuBSix/6R092GSSnXFbderKVgnVxTCPDY3KYc5QZqttwKL6vjv0i7RK8O3JGT4dfi 7irNwrj0kpxnn9/kqFtij4Nhx8U4tp2agScQ8QRcGIK2dUaUm8nOSoQa8RyJCad1PmZi 0JFbI6UCd69QZh07OetfzMgHSXui+I4Qo/gULNtjX4fdDdc3Mo25mLubw5GlhEfZjJde jzeMkxU8bNbLZ6MXCKP3h5sVQuxfx8vKQj6tTKbvFar9IvV60AJ3eRVE71QkvjN+M5Qa Uo6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=yAtZtpeE6rXx+fuJoapWocNkmFQzDonUY35/KDI+IeY=; b=l1HORsLLVtGxALZyOQrokkjbKykxA/O+1WuMiG0+n0iXwuMtk8GR4Ad3k8hOLlXd4A wuhc7KXBjpgP7FCvNh0wW+mRgqcWcixlje3XquTl4lO8R615D4I13kJwwCGKj0v/x/FZ yD4goHZ904Rsturo8ginJsCLhqaqyv0E2lTPAntElYtXQ3lyxMg9Iy+I8YhO4TmYj+kD 6A9vdeeLnbfRwVztguQ1imcLmKAWi/K93tmjFthRuVxI7A2ZWUuuJ6pXVbbBKVrQiLIz M77CBo0WdFJRvltSnLBnEVgZHJoFSlMock0U/hP0p2YgjoRHO0+36SSUDHCQ70RZ+SLv LrLQ== X-Gm-Message-State: AOAM531U0legifUIROXtIrDnvimrL3E8GPgmlZzsjUQHTbgD3r9cCEIE 8CuNzp87vH9LEXo7FSv1SBf6wsk6Cn6YsbzlwrSNPwoXJOCSxegDKEPNCpwXTdaokr1AygkvnON lC2MNz51lUxV3Qcv35BnrKDWjHJoeLD7xsvzJOd7wWo5N2JXMgAML9wx3xQ== X-Google-Smtp-Source: ABdhPJx8L5x+5ANU3cfMuUU/WOy3ghT1hZAvB2jAQ+JGEZsTwEMjLQGWVLtPcPNJTc+zHhaeV0CsGw50XNM= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a92:d10d:: with SMTP id a13mr7518827ilb.87.1629318099945; Wed, 18 Aug 2021 13:21:39 -0700 (PDT) Date: Wed, 18 Aug 2021 20:21:33 +0000 In-Reply-To: <20210818202133.1106786-1-oupton@google.com> Message-Id: <20210818202133.1106786-5-oupton@google.com> Mime-Version: 1.0 References: <20210818202133.1106786-1-oupton@google.com> X-Mailer: git-send-email 2.33.0.rc1.237.g0d66db33f3-goog Subject: [PATCH v2 4/4] selftests: KVM: Introduce psci_cpu_on_test From: Oliver Upton To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Marc Zyngier , Peter Shier , Ricardo Koller , Jing Zhang , Raghavendra Rao Anata , James Morse , Alexandru Elisei , Suzuki K Poulose , Andrew Jones , Oliver Upton Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Introduce a test for aarch64 that ensures CPU resets induced by PSCI are reflected in the target vCPU's state, even if the target is never run again. This is a regression test for a race between vCPU migration and PSCI. Reviewed-by: Andrew Jones Signed-off-by: Oliver Upton --- tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/aarch64/psci_cpu_on_test.c | 121 ++++++++++++++++++ .../selftests/kvm/include/aarch64/processor.h | 3 + 4 files changed, 126 insertions(+) create mode 100644 tools/testing/selftests/kvm/aarch64/psci_cpu_on_test.c diff --git a/tools/testing/selftests/kvm/.gitignore b/tools/testing/selftests/kvm/.gitignore index 0709af0144c8..98053d3afbda 100644 --- a/tools/testing/selftests/kvm/.gitignore +++ b/tools/testing/selftests/kvm/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only /aarch64/debug-exceptions /aarch64/get-reg-list +/aarch64/psci_cpu_on_test /aarch64/vgic_init /s390x/memop /s390x/resets diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 5832f510a16c..5d05801ab816 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -86,6 +86,7 @@ TEST_GEN_PROGS_x86_64 += kvm_binary_stats_test TEST_GEN_PROGS_aarch64 += aarch64/debug-exceptions TEST_GEN_PROGS_aarch64 += aarch64/get-reg-list +TEST_GEN_PROGS_aarch64 += aarch64/psci_cpu_on_test TEST_GEN_PROGS_aarch64 += aarch64/vgic_init TEST_GEN_PROGS_aarch64 += demand_paging_test TEST_GEN_PROGS_aarch64 += dirty_log_test diff --git a/tools/testing/selftests/kvm/aarch64/psci_cpu_on_test.c b/tools/testing/selftests/kvm/aarch64/psci_cpu_on_test.c new file mode 100644 index 000000000000..018c269990e1 --- /dev/null +++ b/tools/testing/selftests/kvm/aarch64/psci_cpu_on_test.c @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * psci_cpu_on_test - Test that the observable state of a vCPU targeted by the + * CPU_ON PSCI call matches what the caller requested. + * + * Copyright (c) 2021 Google LLC. + * + * This is a regression test for a race between KVM servicing the PSCI call and + * userspace reading the vCPUs registers. + */ + +#define _GNU_SOURCE + +#include + +#include "kvm_util.h" +#include "processor.h" +#include "test_util.h" + +#define VCPU_ID_SOURCE 0 +#define VCPU_ID_TARGET 1 + +#define CPU_ON_ENTRY_ADDR 0xfeedf00dul +#define CPU_ON_CONTEXT_ID 0xdeadc0deul + +static uint64_t psci_cpu_on(uint64_t target_cpu, uint64_t entry_addr, + uint64_t context_id) +{ + register uint64_t x0 asm("x0") = PSCI_0_2_FN64_CPU_ON; + register uint64_t x1 asm("x1") = target_cpu; + register uint64_t x2 asm("x2") = entry_addr; + register uint64_t x3 asm("x3") = context_id; + + asm("hvc #0" + : "=r"(x0) + : "r"(x0), "r"(x1), "r"(x2), "r"(x3) + : "memory"); + + return x0; +} + +static uint64_t psci_affinity_info(uint64_t target_affinity, + uint64_t lowest_affinity_level) +{ + register uint64_t x0 asm("x0") = PSCI_0_2_FN64_AFFINITY_INFO; + register uint64_t x1 asm("x1") = target_affinity; + register uint64_t x2 asm("x2") = lowest_affinity_level; + + asm("hvc #0" + : "=r"(x0) + : "r"(x0), "r"(x1), "r"(x2) + : "memory"); + + return x0; +} + +static void guest_main(uint64_t target_cpu) +{ + GUEST_ASSERT(!psci_cpu_on(target_cpu, CPU_ON_ENTRY_ADDR, CPU_ON_CONTEXT_ID)); + uint64_t target_state; + + do { + target_state = psci_affinity_info(target_cpu, 0); + + GUEST_ASSERT((target_state == PSCI_0_2_AFFINITY_LEVEL_ON) || + (target_state == PSCI_0_2_AFFINITY_LEVEL_OFF)); + } while (target_state != PSCI_0_2_AFFINITY_LEVEL_ON); + + GUEST_DONE(); +} + +int main(void) +{ + uint64_t target_mpidr, obs_pc, obs_x0; + struct kvm_vcpu_init init; + struct kvm_vm *vm; + struct ucall uc; + + vm = vm_create(VM_MODE_DEFAULT, DEFAULT_GUEST_PHY_PAGES, O_RDWR); + kvm_vm_elf_load(vm, program_invocation_name); + ucall_init(vm, NULL); + + vm_ioctl(vm, KVM_ARM_PREFERRED_TARGET, &init); + init.features[0] |= (1 << KVM_ARM_VCPU_PSCI_0_2); + + aarch64_vcpu_add_default(vm, VCPU_ID_SOURCE, &init, guest_main); + + /* + * make sure the target is already off when executing the test. + */ + init.features[0] |= (1 << KVM_ARM_VCPU_POWER_OFF); + aarch64_vcpu_add_default(vm, VCPU_ID_TARGET, &init, guest_main); + + get_reg(vm, VCPU_ID_TARGET, ARM64_SYS_REG(MPIDR_EL1), &target_mpidr); + vcpu_args_set(vm, VCPU_ID_SOURCE, 1, target_mpidr & MPIDR_HWID_BITMASK); + vcpu_run(vm, VCPU_ID_SOURCE); + + switch (get_ucall(vm, VCPU_ID_SOURCE, &uc)) { + case UCALL_DONE: + break; + case UCALL_ABORT: + TEST_FAIL("%s at %s:%ld", (const char *)uc.args[0], __FILE__, + uc.args[1]); + break; + default: + TEST_FAIL("Unhandled ucall: %lu", uc.cmd); + } + + get_reg(vm, VCPU_ID_TARGET, ARM64_CORE_REG(regs.pc), &obs_pc); + get_reg(vm, VCPU_ID_TARGET, ARM64_CORE_REG(regs.regs[0]), &obs_x0); + + TEST_ASSERT(obs_pc == CPU_ON_ENTRY_ADDR, + "unexpected target cpu pc: %lx (expected: %lx)", + obs_pc, CPU_ON_ENTRY_ADDR); + TEST_ASSERT(obs_x0 == CPU_ON_CONTEXT_ID, + "unexpected target context id: %lx (expected: %lx)", + obs_x0, CPU_ON_CONTEXT_ID); + + kvm_vm_free(vm); + return 0; +} diff --git a/tools/testing/selftests/kvm/include/aarch64/processor.h b/tools/testing/selftests/kvm/include/aarch64/processor.h index 27dc5c2e56b9..c0273aefa63d 100644 --- a/tools/testing/selftests/kvm/include/aarch64/processor.h +++ b/tools/testing/selftests/kvm/include/aarch64/processor.h @@ -17,6 +17,7 @@ #define CPACR_EL1 3, 0, 1, 0, 2 #define TCR_EL1 3, 0, 2, 0, 2 #define MAIR_EL1 3, 0, 10, 2, 0 +#define MPIDR_EL1 3, 0, 0, 0, 5 #define TTBR0_EL1 3, 0, 2, 0, 0 #define SCTLR_EL1 3, 0, 1, 0, 0 #define VBAR_EL1 3, 0, 12, 0, 0 @@ -40,6 +41,8 @@ (0xfful << (4 * 8)) | \ (0xbbul << (5 * 8))) +#define MPIDR_HWID_BITMASK (0xff00fffffful) + static inline void get_reg(struct kvm_vm *vm, uint32_t vcpuid, uint64_t id, uint64_t *addr) { struct kvm_one_reg reg;