From: Quentin Perret <qperret@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: catalin.marinas@arm.com, james.morse@arm.com,
julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com,
android-kvm@google.com, seanjc@google.com, mate.toth-pal@arm.com,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, kernel-team@android.com,
kvmarm@lists.cs.columbia.edu, tabba@google.com, ardb@kernel.org,
mark.rutland@arm.com, dbrazdil@google.com
Subject: Re: [PATCH 2/3] KVM: arm64: Generate final CTR_EL0 value when running in Protected mode
Date: Mon, 22 Mar 2021 17:40:40 +0000 [thread overview]
Message-ID: <YFjWmHerKk7+9d7N@google.com> (raw)
In-Reply-To: <20210322164828.800662-3-maz@kernel.org>
Hey Marc,
On Monday 22 Mar 2021 at 16:48:27 (+0000), Marc Zyngier wrote:
> In protected mode, late CPUs are not allowed to boot (enforced by
> the PSCI relay). We can thus specialise the read_ctr macro to
> always return a pre-computed, sanitised value.
>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/include/asm/assembler.h | 9 +++++++++
> arch/arm64/kernel/image-vars.h | 1 +
> arch/arm64/kvm/va_layout.c | 7 +++++++
> 3 files changed, 17 insertions(+)
>
> diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
> index fb651c1f26e9..1a4cee7eb3c9 100644
> --- a/arch/arm64/include/asm/assembler.h
> +++ b/arch/arm64/include/asm/assembler.h
> @@ -270,12 +270,21 @@ alternative_endif
> * provide the system wide safe value from arm64_ftr_reg_ctrel0.sys_val
> */
> .macro read_ctr, reg
> +#ifndef __KVM_NVHE_HYPERVISOR__
> alternative_if_not ARM64_MISMATCHED_CACHE_TYPE
> mrs \reg, ctr_el0 // read CTR
> nop
> alternative_else
> ldr_l \reg, arm64_ftr_reg_ctrel0 + ARM64_FTR_SYSVAL
> alternative_endif
> +#else
> +alternative_cb kvm_compute_final_ctr_el0
> + movz \reg, #0
> + movk \reg, #0, lsl #16
> + movk \reg, #0, lsl #32
> + movk \reg, #0, lsl #48
> +alternative_cb_end
> +#endif
> .endm
So, FWIW, if we wanted to make _this_ macro BUG in non-protected mode
(and drop patch 01), I think we could do something like:
alternative_cb kvm_compute_final_ctr_el0
movz \reg, #0
ASM_BUG()
nop
nop
alternative_cb_end
and then make kvm_compute_final_ctr_el0() check that we're in protected
mode before patching. That would be marginally better as that would
cover _all_ users of read_ctr and not just __flush_dcache_area, but that
first movz is a bit yuck (but necessary to keep generate_mov_q() happy I
think?), so I'll leave the decision to you.
No objection from me for the current implementation, and if you decide to
go with it:
Reviewed-by: Quentin Perret <qperret@google.com>
Thanks,
Quentin
WARNING: multiple messages have this Message-ID (diff)
From: Quentin Perret <qperret@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: android-kvm@google.com, catalin.marinas@arm.com,
mate.toth-pal@arm.com, tabba@google.com,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, seanjc@google.com,
kernel-team@android.com, kvmarm@lists.cs.columbia.edu
Subject: Re: [PATCH 2/3] KVM: arm64: Generate final CTR_EL0 value when running in Protected mode
Date: Mon, 22 Mar 2021 17:40:40 +0000 [thread overview]
Message-ID: <YFjWmHerKk7+9d7N@google.com> (raw)
In-Reply-To: <20210322164828.800662-3-maz@kernel.org>
Hey Marc,
On Monday 22 Mar 2021 at 16:48:27 (+0000), Marc Zyngier wrote:
> In protected mode, late CPUs are not allowed to boot (enforced by
> the PSCI relay). We can thus specialise the read_ctr macro to
> always return a pre-computed, sanitised value.
>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/include/asm/assembler.h | 9 +++++++++
> arch/arm64/kernel/image-vars.h | 1 +
> arch/arm64/kvm/va_layout.c | 7 +++++++
> 3 files changed, 17 insertions(+)
>
> diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
> index fb651c1f26e9..1a4cee7eb3c9 100644
> --- a/arch/arm64/include/asm/assembler.h
> +++ b/arch/arm64/include/asm/assembler.h
> @@ -270,12 +270,21 @@ alternative_endif
> * provide the system wide safe value from arm64_ftr_reg_ctrel0.sys_val
> */
> .macro read_ctr, reg
> +#ifndef __KVM_NVHE_HYPERVISOR__
> alternative_if_not ARM64_MISMATCHED_CACHE_TYPE
> mrs \reg, ctr_el0 // read CTR
> nop
> alternative_else
> ldr_l \reg, arm64_ftr_reg_ctrel0 + ARM64_FTR_SYSVAL
> alternative_endif
> +#else
> +alternative_cb kvm_compute_final_ctr_el0
> + movz \reg, #0
> + movk \reg, #0, lsl #16
> + movk \reg, #0, lsl #32
> + movk \reg, #0, lsl #48
> +alternative_cb_end
> +#endif
> .endm
So, FWIW, if we wanted to make _this_ macro BUG in non-protected mode
(and drop patch 01), I think we could do something like:
alternative_cb kvm_compute_final_ctr_el0
movz \reg, #0
ASM_BUG()
nop
nop
alternative_cb_end
and then make kvm_compute_final_ctr_el0() check that we're in protected
mode before patching. That would be marginally better as that would
cover _all_ users of read_ctr and not just __flush_dcache_area, but that
first movz is a bit yuck (but necessary to keep generate_mov_q() happy I
think?), so I'll leave the decision to you.
No objection from me for the current implementation, and if you decide to
go with it:
Reviewed-by: Quentin Perret <qperret@google.com>
Thanks,
Quentin
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Quentin Perret <qperret@google.com>
To: Marc Zyngier <maz@kernel.org>
Cc: catalin.marinas@arm.com, james.morse@arm.com,
julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com,
android-kvm@google.com, seanjc@google.com, mate.toth-pal@arm.com,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, kernel-team@android.com,
kvmarm@lists.cs.columbia.edu, tabba@google.com, ardb@kernel.org,
mark.rutland@arm.com, dbrazdil@google.com
Subject: Re: [PATCH 2/3] KVM: arm64: Generate final CTR_EL0 value when running in Protected mode
Date: Mon, 22 Mar 2021 17:40:40 +0000 [thread overview]
Message-ID: <YFjWmHerKk7+9d7N@google.com> (raw)
In-Reply-To: <20210322164828.800662-3-maz@kernel.org>
Hey Marc,
On Monday 22 Mar 2021 at 16:48:27 (+0000), Marc Zyngier wrote:
> In protected mode, late CPUs are not allowed to boot (enforced by
> the PSCI relay). We can thus specialise the read_ctr macro to
> always return a pre-computed, sanitised value.
>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/include/asm/assembler.h | 9 +++++++++
> arch/arm64/kernel/image-vars.h | 1 +
> arch/arm64/kvm/va_layout.c | 7 +++++++
> 3 files changed, 17 insertions(+)
>
> diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
> index fb651c1f26e9..1a4cee7eb3c9 100644
> --- a/arch/arm64/include/asm/assembler.h
> +++ b/arch/arm64/include/asm/assembler.h
> @@ -270,12 +270,21 @@ alternative_endif
> * provide the system wide safe value from arm64_ftr_reg_ctrel0.sys_val
> */
> .macro read_ctr, reg
> +#ifndef __KVM_NVHE_HYPERVISOR__
> alternative_if_not ARM64_MISMATCHED_CACHE_TYPE
> mrs \reg, ctr_el0 // read CTR
> nop
> alternative_else
> ldr_l \reg, arm64_ftr_reg_ctrel0 + ARM64_FTR_SYSVAL
> alternative_endif
> +#else
> +alternative_cb kvm_compute_final_ctr_el0
> + movz \reg, #0
> + movk \reg, #0, lsl #16
> + movk \reg, #0, lsl #32
> + movk \reg, #0, lsl #48
> +alternative_cb_end
> +#endif
> .endm
So, FWIW, if we wanted to make _this_ macro BUG in non-protected mode
(and drop patch 01), I think we could do something like:
alternative_cb kvm_compute_final_ctr_el0
movz \reg, #0
ASM_BUG()
nop
nop
alternative_cb_end
and then make kvm_compute_final_ctr_el0() check that we're in protected
mode before patching. That would be marginally better as that would
cover _all_ users of read_ctr and not just __flush_dcache_area, but that
first movz is a bit yuck (but necessary to keep generate_mov_q() happy I
think?), so I'll leave the decision to you.
No objection from me for the current implementation, and if you decide to
go with it:
Reviewed-by: Quentin Perret <qperret@google.com>
Thanks,
Quentin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-22 17:41 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-22 16:48 [PATCH 0/3] KVM:arm64: Proposed host stage-2 improvements Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 16:48 ` [PATCH 1/3] KVM: arm64: Constraint KVM's own __flush_dcache_area to protectected mode Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 16:48 ` [PATCH 2/3] KVM: arm64: Generate final CTR_EL0 value when running in Protected mode Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 17:40 ` Quentin Perret [this message]
2021-03-22 17:40 ` Quentin Perret
2021-03-22 17:40 ` Quentin Perret
2021-03-22 18:37 ` Marc Zyngier
2021-03-22 18:37 ` Marc Zyngier
2021-03-22 18:37 ` Marc Zyngier
2021-03-23 9:47 ` Quentin Perret
2021-03-23 9:47 ` Quentin Perret
2021-03-23 9:47 ` Quentin Perret
2021-03-22 16:48 ` [PATCH 3/3] KVM: arm64: Drop the CPU_FTR_REG_HYP_COPY infrastructure Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
2021-03-22 16:48 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFjWmHerKk7+9d7N@google.com \
--to=qperret@google.com \
--cc=android-kvm@google.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dbrazdil@google.com \
--cc=james.morse@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kernel-team@android.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mate.toth-pal@arm.com \
--cc=maz@kernel.org \
--cc=seanjc@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.