* [PATCH v6 0/2] target/arm: kvm: Support for KVM DABT with no valid ISS
@ 2020-06-25 22:03 ` Beata Michalska
0 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-25 22:03 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
Some of the ARMv7 & ARMv8 load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate the instruction which is one of the
(many) reasons why KVM will not even try to do so.
So far, if a guest made an attempt to access memory outside the memory slot,
KVM reported vague ENOSYS. As a result QEMU exited with no useful information
being provided or even a clue on what has just happened.
ARM KVM introduced support for notifying of an attempt to execute
an instruction that resulted in dabt with no valid ISS decoding info.
This still leaves QEMU to handle the case, but at least now it gives more
control and a start point for more meaningful handling of such cases.
This patchset relies on KVM to insert the external data abort into the guest.
----------------------
v6:
- replacing calling kvm_put_vcpu_events with an actual ioctl call
- making the handler function static
v5:
- Drop syncing vcpu regs in favour of calling kvm_put_vcpu_events directly
- Fix decoding DFSC for LPAE case
- Add/clarify comments
- Switch to reporting error case failure when enabling the cap
v4:
- Removing one of the patches as it is being picked-up separately
target/arm: kvm: Inject events at the last stage of sync
- Moving handling KVM issue to a separate patch
- Minor changes wrt the review comments
v3:
- Fix setting KVM cap per vm not per vcpu
- Simplifying the handler to bare minimum with no default logging to address
the potential risk of overflooding the host (adding support for rate
limiting the logs turned out to be bit too invasive to justify the little
add-on value from logs in this particular case)
- Adding handling KVM bug (for small range of affected kernels):
little bit of trade-off between what's reasonable and what's effective:
aborting qemu when running on buggy host kernel
v2:
- Improving/re-phrasing messaging
- Dropping messing around with forced sync (@see [PATCH v2 1/2])
and PC alignment
Beata Michalska (2):
target/arm: kvm: Handle DABT with no valid ISS
target/arm: kvm: Handle misconfigured dabt injection
target/arm/cpu.h | 2 ++
target/arm/kvm.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++-
target/arm/kvm32.c | 34 ++++++++++++++++++++
target/arm/kvm64.c | 49 +++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 10 ++++++
5 files changed, 181 insertions(+), 1 deletion(-)
--
2.7.4
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v6 0/2] target/arm: kvm: Support for KVM DABT with no valid ISS
@ 2020-06-25 22:03 ` Beata Michalska
0 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-25 22:03 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
Some of the ARMv7 & ARMv8 load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate the instruction which is one of the
(many) reasons why KVM will not even try to do so.
So far, if a guest made an attempt to access memory outside the memory slot,
KVM reported vague ENOSYS. As a result QEMU exited with no useful information
being provided or even a clue on what has just happened.
ARM KVM introduced support for notifying of an attempt to execute
an instruction that resulted in dabt with no valid ISS decoding info.
This still leaves QEMU to handle the case, but at least now it gives more
control and a start point for more meaningful handling of such cases.
This patchset relies on KVM to insert the external data abort into the guest.
----------------------
v6:
- replacing calling kvm_put_vcpu_events with an actual ioctl call
- making the handler function static
v5:
- Drop syncing vcpu regs in favour of calling kvm_put_vcpu_events directly
- Fix decoding DFSC for LPAE case
- Add/clarify comments
- Switch to reporting error case failure when enabling the cap
v4:
- Removing one of the patches as it is being picked-up separately
target/arm: kvm: Inject events at the last stage of sync
- Moving handling KVM issue to a separate patch
- Minor changes wrt the review comments
v3:
- Fix setting KVM cap per vm not per vcpu
- Simplifying the handler to bare minimum with no default logging to address
the potential risk of overflooding the host (adding support for rate
limiting the logs turned out to be bit too invasive to justify the little
add-on value from logs in this particular case)
- Adding handling KVM bug (for small range of affected kernels):
little bit of trade-off between what's reasonable and what's effective:
aborting qemu when running on buggy host kernel
v2:
- Improving/re-phrasing messaging
- Dropping messing around with forced sync (@see [PATCH v2 1/2])
and PC alignment
Beata Michalska (2):
target/arm: kvm: Handle DABT with no valid ISS
target/arm: kvm: Handle misconfigured dabt injection
target/arm/cpu.h | 2 ++
target/arm/kvm.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++-
target/arm/kvm32.c | 34 ++++++++++++++++++++
target/arm/kvm64.c | 49 +++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 10 ++++++
5 files changed, 181 insertions(+), 1 deletion(-)
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-06-25 22:03 ` Beata Michalska
@ 2020-06-25 22:03 ` Beata Michalska
-1 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-25 22:03 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.
Add support for handling those by requesting KVM to inject external
dabt into the quest.
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/kvm.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 58 insertions(+), 1 deletion(-)
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index eef3bbd..265c4b8 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
static bool cap_has_mp_state;
static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt;
static ARMHostCPUFeatures arm_host_cpu_features;
@@ -245,6 +246,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
ret = -EINVAL;
}
+ if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
+ if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+ error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
+ } else {
+ /* Set status for supporting the external dabt injection */
+ cap_has_inject_ext_dabt = kvm_check_extension(s,
+ KVM_CAP_ARM_INJECT_EXT_DABT);
+ }
+ }
+
return ret;
}
@@ -810,6 +821,47 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
}
}
+/**
+ * kvm_arm_handle_dabt_nisv:
+ * @cs: CPUState
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
+ * ISV bit set to '0b0' -> no valid instruction syndrome
+ * @fault_ipa: faulting address for the synchronous data abort
+ *
+ * Returns: 0 if the exception has been handled, < 0 otherwise
+ */
+static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+ uint64_t fault_ipa)
+{
+ /*
+ * Request KVM to inject the external data abort into the guest
+ */
+ if (cap_has_inject_ext_dabt) {
+ struct kvm_vcpu_events events;
+ /*
+ * KVM_CAP_ARM_INJECT_EXT_DABT support implies one for
+ * KVM_CAP_VCPU_EVENTS
+ */
+ memset(&events, 0, sizeof(events));
+ /*
+ * Skipping all the overhead of syncing vcpu regs back and forth
+ * and messing around with the vcpu_dirty flag to avoid
+ * overwriting changes done by KVM : directly calling
+ * the associated ioctl with the status set for external data abort,
+ * which, in turn, will be directly delivered to the affected vcpu.
+ */
+ events.exception.ext_dabt_pending = 1;
+
+ return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+ } else {
+ error_report("Data abort exception triggered by guest memory access "
+ "at physical address: 0x" TARGET_FMT_lx,
+ (target_ulong)fault_ipa);
+ error_printf("KVM unable to emulate faulting instruction.\n");
+ }
+ return -1;
+}
+
int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
{
int ret = 0;
@@ -820,7 +872,12 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
ret = EXCP_DEBUG;
} /* otherwise return to guest */
break;
- default:
+ case KVM_EXIT_ARM_NISV:
+ /* External DABT with no valid iss to decode */
+ ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
+ run->arm_nisv.fault_ipa);
+ break;
+ default:
qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
__func__, run->exit_reason);
break;
--
2.7.4
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-06-25 22:03 ` Beata Michalska
0 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-25 22:03 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.
Add support for handling those by requesting KVM to inject external
dabt into the quest.
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/kvm.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 58 insertions(+), 1 deletion(-)
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index eef3bbd..265c4b8 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
static bool cap_has_mp_state;
static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt;
static ARMHostCPUFeatures arm_host_cpu_features;
@@ -245,6 +246,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
ret = -EINVAL;
}
+ if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
+ if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+ error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
+ } else {
+ /* Set status for supporting the external dabt injection */
+ cap_has_inject_ext_dabt = kvm_check_extension(s,
+ KVM_CAP_ARM_INJECT_EXT_DABT);
+ }
+ }
+
return ret;
}
@@ -810,6 +821,47 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
}
}
+/**
+ * kvm_arm_handle_dabt_nisv:
+ * @cs: CPUState
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
+ * ISV bit set to '0b0' -> no valid instruction syndrome
+ * @fault_ipa: faulting address for the synchronous data abort
+ *
+ * Returns: 0 if the exception has been handled, < 0 otherwise
+ */
+static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+ uint64_t fault_ipa)
+{
+ /*
+ * Request KVM to inject the external data abort into the guest
+ */
+ if (cap_has_inject_ext_dabt) {
+ struct kvm_vcpu_events events;
+ /*
+ * KVM_CAP_ARM_INJECT_EXT_DABT support implies one for
+ * KVM_CAP_VCPU_EVENTS
+ */
+ memset(&events, 0, sizeof(events));
+ /*
+ * Skipping all the overhead of syncing vcpu regs back and forth
+ * and messing around with the vcpu_dirty flag to avoid
+ * overwriting changes done by KVM : directly calling
+ * the associated ioctl with the status set for external data abort,
+ * which, in turn, will be directly delivered to the affected vcpu.
+ */
+ events.exception.ext_dabt_pending = 1;
+
+ return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+ } else {
+ error_report("Data abort exception triggered by guest memory access "
+ "at physical address: 0x" TARGET_FMT_lx,
+ (target_ulong)fault_ipa);
+ error_printf("KVM unable to emulate faulting instruction.\n");
+ }
+ return -1;
+}
+
int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
{
int ret = 0;
@@ -820,7 +872,12 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
ret = EXCP_DEBUG;
} /* otherwise return to guest */
break;
- default:
+ case KVM_EXIT_ARM_NISV:
+ /* External DABT with no valid iss to decode */
+ ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
+ run->arm_nisv.fault_ipa);
+ break;
+ default:
qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
__func__, run->exit_reason);
break;
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v6 2/2] target/arm: kvm: Handle misconfigured dabt injection
2020-06-25 22:03 ` Beata Michalska
@ 2020-06-25 22:03 ` Beata Michalska
-1 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-25 22:03 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.
Add support for handling that case.
[
Fixed-by: 018f22f95e8a
('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
Fixed-by: 21aecdbd7f3a
('KVM: arm: Make inject_abt32() inject an external abort instead')
]
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/cpu.h | 2 ++
target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
target/arm/kvm32.c | 34 ++++++++++++++++++++++++++++++++++
target/arm/kvm64.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 10 ++++++++++
5 files changed, 124 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 677584e..ed0ff09 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -570,6 +570,8 @@ typedef struct CPUARMState {
uint64_t esr;
} serror;
+ uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
+
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
uint32_t irq_line_state;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 265c4b8..85a09ea 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -749,6 +749,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+
+ if (unlikely(env->ext_dabt_raised)) {
+ /*
+ * Verifying that the ext DABT has been properly injected,
+ * otherwise risking indefinitely re-running the faulting instruction
+ * Covering a very narrow case for kernels 5.5..5.5.4
+ * when injected abort was misconfigured to be
+ * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
+ */
+ if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
+ unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
+
+ error_report("Data abort exception with no valid ISS generated by "
+ "guest memory access. KVM unable to emulate faulting "
+ "instruction. Failed to inject an external data abort "
+ "into the guest.");
+ abort();
+ }
+ /* Clear the status */
+ env->ext_dabt_raised = 0;
+ }
}
MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
@@ -833,6 +856,8 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
uint64_t fault_ipa)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
/*
* Request KVM to inject the external data abort into the guest
*/
@@ -852,7 +877,10 @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
*/
events.exception.ext_dabt_pending = 1;
- return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+ if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
+ env->ext_dabt_raised = 1;
+ return 0;
+ }
} else {
error_report("Data abort exception triggered by guest memory access "
"at physical address: 0x" TARGET_FMT_lx,
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 7b3a19e..0af46b4 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -559,3 +559,37 @@ void kvm_arm_pmu_init(CPUState *cs)
{
qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
}
+
+#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
+/*
+ *DFSR:
+ * TTBCR.EAE == 0
+ * FS[4] - DFSR[10]
+ * FS[3:0] - DFSR[3:0]
+ * TTBCR.EAE == 1
+ * FS, bits [5:0]
+ */
+#define DFSR_FSC(lpae, v) \
+ ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
+
+#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint32_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ uint32_t ttbcr;
+ int lpae = 0;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
+ }
+ /* The verification is based on FS filed of the DFSR reg only*/
+ return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
+ }
+ return false;
+}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index f09ed9f..88cf10c 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -1497,3 +1497,52 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
return false;
}
+
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
+
+/*
+ * ESR_EL1
+ * ISS encoding
+ * AARCH64: DFSC, bits [5:0]
+ * AARCH32:
+ * TTBCR.EAE == 0
+ * FS[4] - DFSR[10]
+ * FS[3:0] - DFSR[3:0]
+ * TTBCR.EAE == 1
+ * FS, bits [5:0]
+ */
+#define ESR_DFSC(aarch64, lpae, v) \
+ ((aarch64 || (lpae)) ? ((v) & 0x3F) \
+ : (((v) >> 6) | ((v) & 0x1F)))
+
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
+ ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint64_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
+ int lpae = 0;
+
+ if (!aarch64_mode) {
+ uint64_t ttbcr;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE)
+ && (ttbcr & TTBCR_EAE);
+ }
+ }
+ /*
+ * The verification here is based on the DFSC bits
+ * of the ESR_EL1 reg only
+ */
+ return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
+ ESR_DFSC_EXTABT(aarch64_mode, lpae));
+ }
+ return false;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 48bf5e1..471ddd1 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -453,6 +453,16 @@ struct kvm_guest_debug_arch;
void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
/**
+ * kvm_arm_verify_ext_dabt_pending:
+ * @cs: CPUState
+ *
+ * Verify the fault status code wrt the Ext DABT injection
+ *
+ * Returns: true if the fault status code is as expected, false otherwise
+ */
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
+
+/**
* its_class_name:
*
* Return the ITS class name to use depending on whether KVM acceleration
--
2.7.4
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v6 2/2] target/arm: kvm: Handle misconfigured dabt injection
@ 2020-06-25 22:03 ` Beata Michalska
0 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-25 22:03 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.
Add support for handling that case.
[
Fixed-by: 018f22f95e8a
('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
Fixed-by: 21aecdbd7f3a
('KVM: arm: Make inject_abt32() inject an external abort instead')
]
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/cpu.h | 2 ++
target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
target/arm/kvm32.c | 34 ++++++++++++++++++++++++++++++++++
target/arm/kvm64.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 10 ++++++++++
5 files changed, 124 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 677584e..ed0ff09 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -570,6 +570,8 @@ typedef struct CPUARMState {
uint64_t esr;
} serror;
+ uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
+
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
uint32_t irq_line_state;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 265c4b8..85a09ea 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -749,6 +749,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+
+ if (unlikely(env->ext_dabt_raised)) {
+ /*
+ * Verifying that the ext DABT has been properly injected,
+ * otherwise risking indefinitely re-running the faulting instruction
+ * Covering a very narrow case for kernels 5.5..5.5.4
+ * when injected abort was misconfigured to be
+ * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
+ */
+ if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
+ unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
+
+ error_report("Data abort exception with no valid ISS generated by "
+ "guest memory access. KVM unable to emulate faulting "
+ "instruction. Failed to inject an external data abort "
+ "into the guest.");
+ abort();
+ }
+ /* Clear the status */
+ env->ext_dabt_raised = 0;
+ }
}
MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
@@ -833,6 +856,8 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
uint64_t fault_ipa)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
/*
* Request KVM to inject the external data abort into the guest
*/
@@ -852,7 +877,10 @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
*/
events.exception.ext_dabt_pending = 1;
- return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+ if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
+ env->ext_dabt_raised = 1;
+ return 0;
+ }
} else {
error_report("Data abort exception triggered by guest memory access "
"at physical address: 0x" TARGET_FMT_lx,
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 7b3a19e..0af46b4 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -559,3 +559,37 @@ void kvm_arm_pmu_init(CPUState *cs)
{
qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
}
+
+#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
+/*
+ *DFSR:
+ * TTBCR.EAE == 0
+ * FS[4] - DFSR[10]
+ * FS[3:0] - DFSR[3:0]
+ * TTBCR.EAE == 1
+ * FS, bits [5:0]
+ */
+#define DFSR_FSC(lpae, v) \
+ ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
+
+#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint32_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ uint32_t ttbcr;
+ int lpae = 0;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
+ }
+ /* The verification is based on FS filed of the DFSR reg only*/
+ return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
+ }
+ return false;
+}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index f09ed9f..88cf10c 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -1497,3 +1497,52 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
return false;
}
+
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
+
+/*
+ * ESR_EL1
+ * ISS encoding
+ * AARCH64: DFSC, bits [5:0]
+ * AARCH32:
+ * TTBCR.EAE == 0
+ * FS[4] - DFSR[10]
+ * FS[3:0] - DFSR[3:0]
+ * TTBCR.EAE == 1
+ * FS, bits [5:0]
+ */
+#define ESR_DFSC(aarch64, lpae, v) \
+ ((aarch64 || (lpae)) ? ((v) & 0x3F) \
+ : (((v) >> 6) | ((v) & 0x1F)))
+
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
+ ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint64_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
+ int lpae = 0;
+
+ if (!aarch64_mode) {
+ uint64_t ttbcr;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE)
+ && (ttbcr & TTBCR_EAE);
+ }
+ }
+ /*
+ * The verification here is based on the DFSC bits
+ * of the ESR_EL1 reg only
+ */
+ return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
+ ESR_DFSC_EXTABT(aarch64_mode, lpae));
+ }
+ return false;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 48bf5e1..471ddd1 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -453,6 +453,16 @@ struct kvm_guest_debug_arch;
void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
/**
+ * kvm_arm_verify_ext_dabt_pending:
+ * @cs: CPUState
+ *
+ * Verify the fault status code wrt the Ext DABT injection
+ *
+ * Returns: true if the fault status code is as expected, false otherwise
+ */
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
+
+/**
* its_class_name:
*
* Return the ITS class name to use depending on whether KVM acceleration
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-06-25 22:03 ` Beata Michalska
@ 2020-06-26 9:00 ` Andrew Jones
-1 siblings, 0 replies; 14+ messages in thread
From: Andrew Jones @ 2020-06-26 9:00 UTC (permalink / raw)
To: Beata Michalska
Cc: peter.maydell, qemu-devel, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
On Thu, Jun 25, 2020 at 11:03:35PM +0100, Beata Michalska wrote:
> On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> exception with no valid ISS info to be decoded. The lack of decode info
> makes it at least tricky to emulate those instruction which is one of the
> (many) reasons why KVM will not even try to do so.
>
> Add support for handling those by requesting KVM to inject external
> dabt into the quest.
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/kvm.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 58 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index eef3bbd..265c4b8 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
>
> static bool cap_has_mp_state;
> static bool cap_has_inject_serror_esr;
> +static bool cap_has_inject_ext_dabt;
>
> static ARMHostCPUFeatures arm_host_cpu_features;
>
> @@ -245,6 +246,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> ret = -EINVAL;
> }
>
> + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
> + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
> + error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
> + } else {
> + /* Set status for supporting the external dabt injection */
> + cap_has_inject_ext_dabt = kvm_check_extension(s,
> + KVM_CAP_ARM_INJECT_EXT_DABT);
> + }
> + }
> +
> return ret;
> }
>
> @@ -810,6 +821,47 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
> }
> }
>
> +/**
> + * kvm_arm_handle_dabt_nisv:
> + * @cs: CPUState
> + * @esr_iss: ISS encoding (limited) for the exception from Data Abort
> + * ISV bit set to '0b0' -> no valid instruction syndrome
> + * @fault_ipa: faulting address for the synchronous data abort
> + *
> + * Returns: 0 if the exception has been handled, < 0 otherwise
> + */
> +static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> + uint64_t fault_ipa)
> +{
> + /*
> + * Request KVM to inject the external data abort into the guest
> + */
> + if (cap_has_inject_ext_dabt) {
> + struct kvm_vcpu_events events;
> + /*
> + * KVM_CAP_ARM_INJECT_EXT_DABT support implies one for
> + * KVM_CAP_VCPU_EVENTS
KVM_CAP_ARM_INJECT_EXT_DABT implies KVM_CAP_VCPU_EVENTS
And this comment should probably come just before the
KVM_SET_VCPU_EVENTS ioctl.
> + */
> + memset(&events, 0, sizeof(events));
nit: How about using '= {0}' when declaring the variable, rather than this
memset?
> + /*
> + * Skipping all the overhead of syncing vcpu regs back and forth
> + * and messing around with the vcpu_dirty flag to avoid
> + * overwriting changes done by KVM : directly calling
> + * the associated ioctl with the status set for external data abort,
> + * which, in turn, will be directly delivered to the affected vcpu.
The external data abort event will be handled immediately by KVM and does
not need any other CPU state. This means we can skip CPU synchronization
and set this event, but only this event, here.
> + */
> + events.exception.ext_dabt_pending = 1;
> +
> + return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
> + } else {
> + error_report("Data abort exception triggered by guest memory access "
> + "at physical address: 0x" TARGET_FMT_lx,
> + (target_ulong)fault_ipa);
> + error_printf("KVM unable to emulate faulting instruction.\n");
> + }
> + return -1;
> +}
> +
> int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> {
> int ret = 0;
> @@ -820,7 +872,12 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> ret = EXCP_DEBUG;
> } /* otherwise return to guest */
> break;
> - default:
> + case KVM_EXIT_ARM_NISV:
> + /* External DABT with no valid iss to decode */
> + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
> + run->arm_nisv.fault_ipa);
> + break;
> + default:
> qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
> __func__, run->exit_reason);
> break;
> --
> 2.7.4
>
>
Besides the suggested comment changes and the memset nit
Reviewed-by: Andrew Jones <drjones@redhat.com>
Thanks,
drew
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-06-26 9:00 ` Andrew Jones
0 siblings, 0 replies; 14+ messages in thread
From: Andrew Jones @ 2020-06-26 9:00 UTC (permalink / raw)
To: Beata Michalska; +Cc: qemu-devel, qemu-arm, pbonzini, kvmarm
On Thu, Jun 25, 2020 at 11:03:35PM +0100, Beata Michalska wrote:
> On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> exception with no valid ISS info to be decoded. The lack of decode info
> makes it at least tricky to emulate those instruction which is one of the
> (many) reasons why KVM will not even try to do so.
>
> Add support for handling those by requesting KVM to inject external
> dabt into the quest.
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/kvm.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 58 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index eef3bbd..265c4b8 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
>
> static bool cap_has_mp_state;
> static bool cap_has_inject_serror_esr;
> +static bool cap_has_inject_ext_dabt;
>
> static ARMHostCPUFeatures arm_host_cpu_features;
>
> @@ -245,6 +246,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> ret = -EINVAL;
> }
>
> + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
> + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
> + error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
> + } else {
> + /* Set status for supporting the external dabt injection */
> + cap_has_inject_ext_dabt = kvm_check_extension(s,
> + KVM_CAP_ARM_INJECT_EXT_DABT);
> + }
> + }
> +
> return ret;
> }
>
> @@ -810,6 +821,47 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
> }
> }
>
> +/**
> + * kvm_arm_handle_dabt_nisv:
> + * @cs: CPUState
> + * @esr_iss: ISS encoding (limited) for the exception from Data Abort
> + * ISV bit set to '0b0' -> no valid instruction syndrome
> + * @fault_ipa: faulting address for the synchronous data abort
> + *
> + * Returns: 0 if the exception has been handled, < 0 otherwise
> + */
> +static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> + uint64_t fault_ipa)
> +{
> + /*
> + * Request KVM to inject the external data abort into the guest
> + */
> + if (cap_has_inject_ext_dabt) {
> + struct kvm_vcpu_events events;
> + /*
> + * KVM_CAP_ARM_INJECT_EXT_DABT support implies one for
> + * KVM_CAP_VCPU_EVENTS
KVM_CAP_ARM_INJECT_EXT_DABT implies KVM_CAP_VCPU_EVENTS
And this comment should probably come just before the
KVM_SET_VCPU_EVENTS ioctl.
> + */
> + memset(&events, 0, sizeof(events));
nit: How about using '= {0}' when declaring the variable, rather than this
memset?
> + /*
> + * Skipping all the overhead of syncing vcpu regs back and forth
> + * and messing around with the vcpu_dirty flag to avoid
> + * overwriting changes done by KVM : directly calling
> + * the associated ioctl with the status set for external data abort,
> + * which, in turn, will be directly delivered to the affected vcpu.
The external data abort event will be handled immediately by KVM and does
not need any other CPU state. This means we can skip CPU synchronization
and set this event, but only this event, here.
> + */
> + events.exception.ext_dabt_pending = 1;
> +
> + return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
> + } else {
> + error_report("Data abort exception triggered by guest memory access "
> + "at physical address: 0x" TARGET_FMT_lx,
> + (target_ulong)fault_ipa);
> + error_printf("KVM unable to emulate faulting instruction.\n");
> + }
> + return -1;
> +}
> +
> int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> {
> int ret = 0;
> @@ -820,7 +872,12 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> ret = EXCP_DEBUG;
> } /* otherwise return to guest */
> break;
> - default:
> + case KVM_EXIT_ARM_NISV:
> + /* External DABT with no valid iss to decode */
> + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
> + run->arm_nisv.fault_ipa);
> + break;
> + default:
> qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
> __func__, run->exit_reason);
> break;
> --
> 2.7.4
>
>
Besides the suggested comment changes and the memset nit
Reviewed-by: Andrew Jones <drjones@redhat.com>
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 2/2] target/arm: kvm: Handle misconfigured dabt injection
2020-06-25 22:03 ` Beata Michalska
@ 2020-06-26 9:12 ` Andrew Jones
-1 siblings, 0 replies; 14+ messages in thread
From: Andrew Jones @ 2020-06-26 9:12 UTC (permalink / raw)
To: Beata Michalska
Cc: peter.maydell, qemu-devel, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
On Thu, Jun 25, 2020 at 11:03:36PM +0100, Beata Michalska wrote:
> Injecting external data abort through KVM might trigger
> an issue on kernels that do not get updated to include the KVM fix.
> For those and aarch32 guests, the injected abort gets misconfigured
> to be an implementation defined exception. This leads to the guest
> repeatedly re-running the faulting instruction.
>
> Add support for handling that case.
>
> [
> Fixed-by: 018f22f95e8a
> ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> Fixed-by: 21aecdbd7f3a
> ('KVM: arm: Make inject_abt32() inject an external abort instead')
> ]
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 2 ++
> target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
> target/arm/kvm32.c | 34 ++++++++++++++++++++++++++++++++++
> target/arm/kvm64.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 10 ++++++++++
> 5 files changed, 124 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 677584e..ed0ff09 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -570,6 +570,8 @@ typedef struct CPUARMState {
> uint64_t esr;
> } serror;
>
> + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
> +
> /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> uint32_t irq_line_state;
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index 265c4b8..85a09ea 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -749,6 +749,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
>
> void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
> {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> +
> + if (unlikely(env->ext_dabt_raised)) {
> + /*
> + * Verifying that the ext DABT has been properly injected,
> + * otherwise risking indefinitely re-running the faulting instruction
> + * Covering a very narrow case for kernels 5.5..5.5.4
> + * when injected abort was misconfigured to be
> + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
> + */
> + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
> + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
> +
> + error_report("Data abort exception with no valid ISS generated by "
> + "guest memory access. KVM unable to emulate faulting "
> + "instruction. Failed to inject an external data abort "
> + "into the guest.");
> + abort();
> + }
> + /* Clear the status */
> + env->ext_dabt_raised = 0;
> + }
> }
>
> MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
> @@ -833,6 +856,8 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
> static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> uint64_t fault_ipa)
> {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> /*
> * Request KVM to inject the external data abort into the guest
> */
> @@ -852,7 +877,10 @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> */
> events.exception.ext_dabt_pending = 1;
>
> - return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
> + if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
> + env->ext_dabt_raised = 1;
> + return 0;
> + }
> } else {
> error_report("Data abort exception triggered by guest memory access "
> "at physical address: 0x" TARGET_FMT_lx,
> diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
> index 7b3a19e..0af46b4 100644
> --- a/target/arm/kvm32.c
> +++ b/target/arm/kvm32.c
> @@ -559,3 +559,37 @@ void kvm_arm_pmu_init(CPUState *cs)
> {
> qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
> }
> +
> +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
> +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
> +/*
> + *DFSR:
> + * TTBCR.EAE == 0
> + * FS[4] - DFSR[10]
> + * FS[3:0] - DFSR[3:0]
> + * TTBCR.EAE == 1
> + * FS, bits [5:0]
> + */
> +#define DFSR_FSC(lpae, v) \
> + ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
> +
> +#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint32_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + uint32_t ttbcr;
> + int lpae = 0;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
> + }
> + /* The verification is based on FS filed of the DFSR reg only*/
> + return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
> + }
> + return false;
> +}
> diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
> index f09ed9f..88cf10c 100644
> --- a/target/arm/kvm64.c
> +++ b/target/arm/kvm64.c
> @@ -1497,3 +1497,52 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
>
> return false;
> }
> +
> +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
> +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
> +
> +/*
> + * ESR_EL1
> + * ISS encoding
> + * AARCH64: DFSC, bits [5:0]
> + * AARCH32:
> + * TTBCR.EAE == 0
> + * FS[4] - DFSR[10]
> + * FS[3:0] - DFSR[3:0]
> + * TTBCR.EAE == 1
> + * FS, bits [5:0]
> + */
> +#define ESR_DFSC(aarch64, lpae, v) \
> + ((aarch64 || (lpae)) ? ((v) & 0x3F) \
> + : (((v) >> 6) | ((v) & 0x1F)))
> +
> +#define ESR_DFSC_EXTABT(aarch64, lpae) \
> + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint64_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
> + int lpae = 0;
> +
> + if (!aarch64_mode) {
> + uint64_t ttbcr;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE)
> + && (ttbcr & TTBCR_EAE);
> + }
> + }
> + /*
> + * The verification here is based on the DFSC bits
> + * of the ESR_EL1 reg only
> + */
> + return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
> + ESR_DFSC_EXTABT(aarch64_mode, lpae));
> + }
> + return false;
> +}
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index 48bf5e1..471ddd1 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -453,6 +453,16 @@ struct kvm_guest_debug_arch;
> void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
>
> /**
> + * kvm_arm_verify_ext_dabt_pending:
> + * @cs: CPUState
> + *
> + * Verify the fault status code wrt the Ext DABT injection
> + *
> + * Returns: true if the fault status code is as expected, false otherwise
> + */
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
> +
> +/**
> * its_class_name:
> *
> * Return the ITS class name to use depending on whether KVM acceleration
> --
> 2.7.4
>
>
I didn't try to review kvm_arm_verify_ext_dabt_pending() to be sure it's
doing what it says it's doing, but the approach to the code looks good to
me, so
Acked-by: Andrew Jones <drjones@redhat.com>
Thanks,
drew
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 2/2] target/arm: kvm: Handle misconfigured dabt injection
@ 2020-06-26 9:12 ` Andrew Jones
0 siblings, 0 replies; 14+ messages in thread
From: Andrew Jones @ 2020-06-26 9:12 UTC (permalink / raw)
To: Beata Michalska; +Cc: qemu-devel, qemu-arm, pbonzini, kvmarm
On Thu, Jun 25, 2020 at 11:03:36PM +0100, Beata Michalska wrote:
> Injecting external data abort through KVM might trigger
> an issue on kernels that do not get updated to include the KVM fix.
> For those and aarch32 guests, the injected abort gets misconfigured
> to be an implementation defined exception. This leads to the guest
> repeatedly re-running the faulting instruction.
>
> Add support for handling that case.
>
> [
> Fixed-by: 018f22f95e8a
> ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> Fixed-by: 21aecdbd7f3a
> ('KVM: arm: Make inject_abt32() inject an external abort instead')
> ]
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 2 ++
> target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
> target/arm/kvm32.c | 34 ++++++++++++++++++++++++++++++++++
> target/arm/kvm64.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 10 ++++++++++
> 5 files changed, 124 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 677584e..ed0ff09 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -570,6 +570,8 @@ typedef struct CPUARMState {
> uint64_t esr;
> } serror;
>
> + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
> +
> /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> uint32_t irq_line_state;
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index 265c4b8..85a09ea 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -749,6 +749,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
>
> void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
> {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> +
> + if (unlikely(env->ext_dabt_raised)) {
> + /*
> + * Verifying that the ext DABT has been properly injected,
> + * otherwise risking indefinitely re-running the faulting instruction
> + * Covering a very narrow case for kernels 5.5..5.5.4
> + * when injected abort was misconfigured to be
> + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
> + */
> + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
> + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
> +
> + error_report("Data abort exception with no valid ISS generated by "
> + "guest memory access. KVM unable to emulate faulting "
> + "instruction. Failed to inject an external data abort "
> + "into the guest.");
> + abort();
> + }
> + /* Clear the status */
> + env->ext_dabt_raised = 0;
> + }
> }
>
> MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
> @@ -833,6 +856,8 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
> static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> uint64_t fault_ipa)
> {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> /*
> * Request KVM to inject the external data abort into the guest
> */
> @@ -852,7 +877,10 @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> */
> events.exception.ext_dabt_pending = 1;
>
> - return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
> + if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
> + env->ext_dabt_raised = 1;
> + return 0;
> + }
> } else {
> error_report("Data abort exception triggered by guest memory access "
> "at physical address: 0x" TARGET_FMT_lx,
> diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
> index 7b3a19e..0af46b4 100644
> --- a/target/arm/kvm32.c
> +++ b/target/arm/kvm32.c
> @@ -559,3 +559,37 @@ void kvm_arm_pmu_init(CPUState *cs)
> {
> qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
> }
> +
> +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
> +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
> +/*
> + *DFSR:
> + * TTBCR.EAE == 0
> + * FS[4] - DFSR[10]
> + * FS[3:0] - DFSR[3:0]
> + * TTBCR.EAE == 1
> + * FS, bits [5:0]
> + */
> +#define DFSR_FSC(lpae, v) \
> + ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
> +
> +#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint32_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + uint32_t ttbcr;
> + int lpae = 0;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
> + }
> + /* The verification is based on FS filed of the DFSR reg only*/
> + return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
> + }
> + return false;
> +}
> diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
> index f09ed9f..88cf10c 100644
> --- a/target/arm/kvm64.c
> +++ b/target/arm/kvm64.c
> @@ -1497,3 +1497,52 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
>
> return false;
> }
> +
> +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
> +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
> +
> +/*
> + * ESR_EL1
> + * ISS encoding
> + * AARCH64: DFSC, bits [5:0]
> + * AARCH32:
> + * TTBCR.EAE == 0
> + * FS[4] - DFSR[10]
> + * FS[3:0] - DFSR[3:0]
> + * TTBCR.EAE == 1
> + * FS, bits [5:0]
> + */
> +#define ESR_DFSC(aarch64, lpae, v) \
> + ((aarch64 || (lpae)) ? ((v) & 0x3F) \
> + : (((v) >> 6) | ((v) & 0x1F)))
> +
> +#define ESR_DFSC_EXTABT(aarch64, lpae) \
> + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint64_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
> + int lpae = 0;
> +
> + if (!aarch64_mode) {
> + uint64_t ttbcr;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE)
> + && (ttbcr & TTBCR_EAE);
> + }
> + }
> + /*
> + * The verification here is based on the DFSC bits
> + * of the ESR_EL1 reg only
> + */
> + return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
> + ESR_DFSC_EXTABT(aarch64_mode, lpae));
> + }
> + return false;
> +}
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index 48bf5e1..471ddd1 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -453,6 +453,16 @@ struct kvm_guest_debug_arch;
> void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
>
> /**
> + * kvm_arm_verify_ext_dabt_pending:
> + * @cs: CPUState
> + *
> + * Verify the fault status code wrt the Ext DABT injection
> + *
> + * Returns: true if the fault status code is as expected, false otherwise
> + */
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
> +
> +/**
> * its_class_name:
> *
> * Return the ITS class name to use depending on whether KVM acceleration
> --
> 2.7.4
>
>
I didn't try to review kvm_arm_verify_ext_dabt_pending() to be sure it's
doing what it says it's doing, but the approach to the code looks good to
me, so
Acked-by: Andrew Jones <drjones@redhat.com>
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-06-26 9:00 ` Andrew Jones
@ 2020-06-26 12:59 ` Peter Maydell
-1 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2020-06-26 12:59 UTC (permalink / raw)
To: Andrew Jones
Cc: Beata Michalska, Christoffer Dall, QEMU Developers, qemu-arm,
Paolo Bonzini, kvmarm
On Fri, 26 Jun 2020 at 10:01, Andrew Jones <drjones@redhat.com> wrote:
> nit: How about using '= {0}' when declaring the variable, rather than this
> memset?
We prefer "= {}" -- although "= {0}" is the C standard approved
version, some compiler versions produce spurious warnings for
it in some situations. (cf commit 039d4e3df0049bdd8f9).
thanks
-- PMM
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-06-26 12:59 ` Peter Maydell
0 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2020-06-26 12:59 UTC (permalink / raw)
To: Andrew Jones; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
On Fri, 26 Jun 2020 at 10:01, Andrew Jones <drjones@redhat.com> wrote:
> nit: How about using '= {0}' when declaring the variable, rather than this
> memset?
We prefer "= {}" -- although "= {0}" is the C standard approved
version, some compiler versions produce spurious warnings for
it in some situations. (cf commit 039d4e3df0049bdd8f9).
thanks
-- PMM
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-06-26 12:59 ` Peter Maydell
@ 2020-06-27 15:29 ` Beata Michalska
-1 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-27 15:29 UTC (permalink / raw)
To: Peter Maydell, Andrew Jones
Cc: Paolo Bonzini, qemu-arm, kvmarm, QEMU Developers, Christoffer Dall
Hi Peter,
Hi Andrew
Thanks for quick review.
I have pushed the updated version.
BR
Beata
On Fri, 26 Jun 2020 at 13:59, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Fri, 26 Jun 2020 at 10:01, Andrew Jones <drjones@redhat.com> wrote:
> > nit: How about using '= {0}' when declaring the variable, rather than this
> > memset?
>
> We prefer "= {}" -- although "= {0}" is the C standard approved
> version, some compiler versions produce spurious warnings for
> it in some situations. (cf commit 039d4e3df0049bdd8f9).
>
> thanks
> -- PMM
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-06-27 15:29 ` Beata Michalska
0 siblings, 0 replies; 14+ messages in thread
From: Beata Michalska @ 2020-06-27 15:29 UTC (permalink / raw)
To: Peter Maydell, Andrew Jones
Cc: Paolo Bonzini, qemu-arm, kvmarm, QEMU Developers
Hi Peter,
Hi Andrew
Thanks for quick review.
I have pushed the updated version.
BR
Beata
On Fri, 26 Jun 2020 at 13:59, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Fri, 26 Jun 2020 at 10:01, Andrew Jones <drjones@redhat.com> wrote:
> > nit: How about using '= {0}' when declaring the variable, rather than this
> > memset?
>
> We prefer "= {}" -- although "= {0}" is the C standard approved
> version, some compiler versions produce spurious warnings for
> it in some situations. (cf commit 039d4e3df0049bdd8f9).
>
> thanks
> -- PMM
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-06-27 15:30 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-25 22:03 [PATCH v6 0/2] target/arm: kvm: Support for KVM DABT with no valid ISS Beata Michalska
2020-06-25 22:03 ` Beata Michalska
2020-06-25 22:03 ` [PATCH v6 1/2] target/arm: kvm: Handle " Beata Michalska
2020-06-25 22:03 ` Beata Michalska
2020-06-26 9:00 ` Andrew Jones
2020-06-26 9:00 ` Andrew Jones
2020-06-26 12:59 ` Peter Maydell
2020-06-26 12:59 ` Peter Maydell
2020-06-27 15:29 ` Beata Michalska
2020-06-27 15:29 ` Beata Michalska
2020-06-25 22:03 ` [PATCH v6 2/2] target/arm: kvm: Handle misconfigured dabt injection Beata Michalska
2020-06-25 22:03 ` Beata Michalska
2020-06-26 9:12 ` Andrew Jones
2020-06-26 9:12 ` Andrew Jones
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.