* [PATCH] KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
@ 2018-09-13 5:33 ` Michael Neuling
0 siblings, 0 replies; 6+ messages in thread
From: Michael Neuling @ 2018-09-13 5:33 UTC (permalink / raw)
To: mpe; +Cc: linuxppc-dev, kvm-ppc, paulus, sjitindarsingh, mikey
When we come into the softpatch handler (0x1500), we use r11 to store
the HSRR0 for later use by the denorm handler.
We also use the softpatch handler for the TM workarounds for
POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
to the vcpu assuming it's still what we got from userspace.
This causes r11 to be corrupted in the VCPU and hence when we restore
the guest, we get a corrupted r11. We've seen this when running TM
tests inside guests on P9.
This fixes the problem by only touching r11 in the denorm case.
Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9")
Cc: <stable@vger.kernel.org> # 4.17+
Test-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
---
arch/powerpc/kernel/exceptions-64s.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
index ea04dfb8c0..2d8fc8c9da 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1314,9 +1314,7 @@ EXC_REAL_BEGIN(denorm_exception_hv, 0x1500, 0x100)
#ifdef CONFIG_PPC_DENORMALISATION
mfspr r10,SPRN_HSRR1
- mfspr r11,SPRN_HSRR0 /* save HSRR0 */
andis. r10,r10,(HSRR1_DENORM)@h /* denorm? */
- addi r11,r11,-4 /* HSRR0 is next instruction */
bne+ denorm_assist
#endif
@@ -1382,6 +1380,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
*/
XVCPSGNDP32(32)
denorm_done:
+ mfspr r11,SPRN_HSRR0
+ subi r11,r11,4
mtspr SPRN_HSRR0,r11
mtcrf 0x80,r9
ld r9,PACA_EXGEN+EX_R9(r13)
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
@ 2018-09-13 5:33 ` Michael Neuling
0 siblings, 0 replies; 6+ messages in thread
From: Michael Neuling @ 2018-09-13 5:33 UTC (permalink / raw)
To: mpe; +Cc: linuxppc-dev, kvm-ppc, paulus, sjitindarsingh, mikey
When we come into the softpatch handler (0x1500), we use r11 to store
the HSRR0 for later use by the denorm handler.
We also use the softpatch handler for the TM workarounds for
POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
to the vcpu assuming it's still what we got from userspace.
This causes r11 to be corrupted in the VCPU and hence when we restore
the guest, we get a corrupted r11. We've seen this when running TM
tests inside guests on P9.
This fixes the problem by only touching r11 in the denorm case.
Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9")
Cc: <stable@vger.kernel.org> # 4.17+
Test-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
---
arch/powerpc/kernel/exceptions-64s.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
index ea04dfb8c0..2d8fc8c9da 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1314,9 +1314,7 @@ EXC_REAL_BEGIN(denorm_exception_hv, 0x1500, 0x100)
#ifdef CONFIG_PPC_DENORMALISATION
mfspr r10,SPRN_HSRR1
- mfspr r11,SPRN_HSRR0 /* save HSRR0 */
andis. r10,r10,(HSRR1_DENORM)@h /* denorm? */
- addi r11,r11,-4 /* HSRR0 is next instruction */
bne+ denorm_assist
#endif
@@ -1382,6 +1380,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
*/
XVCPSGNDP32(32)
denorm_done:
+ mfspr r11,SPRN_HSRR0
+ subi r11,r11,4
mtspr SPRN_HSRR0,r11
mtcrf 0x80,r9
ld r9,PACA_EXGEN+EX_R9(r13)
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
[not found] <20180914165657.GB6306@MiWiFi-R3L-srv>
@ 2018-09-14 17:16 ` sathnaga
0 siblings, 0 replies; 6+ messages in thread
From: sathnaga @ 2018-09-14 17:04 UTC (permalink / raw)
To: mikey, linuxppc-dev; +Cc: mpe, kvm-ppc, paulus, sjitindarsingh, mikey
On 2018-09-14 22:26, sathnaga@linux.vnet.ibm.com wrote:
> Date: Thu, 13 Sep 2018 15:33:47 +1000
> From: Michael Neuling <mikey@neuling.org>
> To: mpe@ellerman.id.au
> Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org,
> paulus@ozlabs.org, sjitindarsingh@gmail.com, mikey@neuling.org
> Subject: KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM
> workarounds
>
> When we come into the softpatch handler (0x1500), we use r11 to store
> the HSRR0 for later use by the denorm handler.
>
> We also use the softpatch handler for the TM workarounds for
> POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
> to the vcpu assuming it's still what we got from userspace.
>
> This causes r11 to be corrupted in the VCPU and hence when we restore
> the guest, we get a corrupted r11. We've seen this when running TM
> tests inside guests on P9.
>
> This fixes the problem by only touching r11 in the denorm case.
>
> Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional
> memory bugs in POWER9")
> Cc: <stable@vger.kernel.org> # 4.17+
> Test-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
> Signed-off-by: Michael Neuling <mikey@neuling.org>
> ---
> arch/powerpc/kernel/exceptions-64s.S | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Test details:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1792501
Regards,
-Satheesh.
> diff --git a/arch/powerpc/kernel/exceptions-64s.S
> b/arch/powerpc/kernel/exceptions-64s.S
> index ea04dfb8c0..2d8fc8c9da 100644
> --- a/arch/powerpc/kernel/exceptions-64s.S
> +++ b/arch/powerpc/kernel/exceptions-64s.S
> @@ -1314,9 +1314,7 @@ EXC_REAL_BEGIN(denorm_exception_hv, 0x1500,
> 0x100)
>
> #ifdef CONFIG_PPC_DENORMALISATION
> mfspr r10,SPRN_HSRR1
> - mfspr r11,SPRN_HSRR0 /* save HSRR0 */
> andis. r10,r10,(HSRR1_DENORM)@h /* denorm? */
> - addi r11,r11,-4 /* HSRR0 is next instruction */
> bne+ denorm_assist
> #endif
>
> @@ -1382,6 +1380,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
> */
> XVCPSGNDP32(32)
> denorm_done:
> + mfspr r11,SPRN_HSRR0
> + subi r11,r11,4
> mtspr SPRN_HSRR0,r11
> mtcrf 0x80,r9
> ld r9,PACA_EXGEN+EX_R9(r13)
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
@ 2018-09-14 17:16 ` sathnaga
0 siblings, 0 replies; 6+ messages in thread
From: sathnaga @ 2018-09-14 17:16 UTC (permalink / raw)
To: mikey, linuxppc-dev; +Cc: mpe, kvm-ppc, paulus, sjitindarsingh
On 2018-09-14 22:26, sathnaga@linux.vnet.ibm.com wrote:
> Date: Thu, 13 Sep 2018 15:33:47 +1000
> From: Michael Neuling <mikey@neuling.org>
> To: mpe@ellerman.id.au
> Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org,
> paulus@ozlabs.org, sjitindarsingh@gmail.com, mikey@neuling.org
> Subject: KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM
> workarounds
>
> When we come into the softpatch handler (0x1500), we use r11 to store
> the HSRR0 for later use by the denorm handler.
>
> We also use the softpatch handler for the TM workarounds for
> POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
> to the vcpu assuming it's still what we got from userspace.
>
> This causes r11 to be corrupted in the VCPU and hence when we restore
> the guest, we get a corrupted r11. We've seen this when running TM
> tests inside guests on P9.
>
> This fixes the problem by only touching r11 in the denorm case.
>
> Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional
> memory bugs in POWER9")
> Cc: <stable@vger.kernel.org> # 4.17+
> Test-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
> Signed-off-by: Michael Neuling <mikey@neuling.org>
> ---
> arch/powerpc/kernel/exceptions-64s.S | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Test details:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1792501
Regards,
-Satheesh.
> diff --git a/arch/powerpc/kernel/exceptions-64s.S
> b/arch/powerpc/kernel/exceptions-64s.S
> index ea04dfb8c0..2d8fc8c9da 100644
> --- a/arch/powerpc/kernel/exceptions-64s.S
> +++ b/arch/powerpc/kernel/exceptions-64s.S
> @@ -1314,9 +1314,7 @@ EXC_REAL_BEGIN(denorm_exception_hv, 0x1500,
> 0x100)
>
> #ifdef CONFIG_PPC_DENORMALISATION
> mfspr r10,SPRN_HSRR1
> - mfspr r11,SPRN_HSRR0 /* save HSRR0 */
> andis. r10,r10,(HSRR1_DENORM)@h /* denorm? */
> - addi r11,r11,-4 /* HSRR0 is next instruction */
> bne+ denorm_assist
> #endif
>
> @@ -1382,6 +1380,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
> */
> XVCPSGNDP32(32)
> denorm_done:
> + mfspr r11,SPRN_HSRR0
> + subi r11,r11,4
> mtspr SPRN_HSRR0,r11
> mtcrf 0x80,r9
> ld r9,PACA_EXGEN+EX_R9(r13)
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
2018-09-13 5:33 ` Michael Neuling
@ 2018-09-21 11:59 ` Michael Ellerman
-1 siblings, 0 replies; 6+ messages in thread
From: Michael Ellerman @ 2018-09-21 11:59 UTC (permalink / raw)
To: Michael Neuling; +Cc: mikey, linuxppc-dev, sjitindarsingh, kvm-ppc
On Thu, 2018-09-13 at 05:33:47 UTC, Michael Neuling wrote:
> When we come into the softpatch handler (0x1500), we use r11 to store
> the HSRR0 for later use by the denorm handler.
>
> We also use the softpatch handler for the TM workarounds for
> POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
> to the vcpu assuming it's still what we got from userspace.
>
> This causes r11 to be corrupted in the VCPU and hence when we restore
> the guest, we get a corrupted r11. We've seen this when running TM
> tests inside guests on P9.
>
> This fixes the problem by only touching r11 in the denorm case.
>
> Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9")
> Cc: <stable@vger.kernel.org> # 4.17+
> Test-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
> Signed-off-by: Michael Neuling <mikey@neuling.org>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/f14040bca89258b8a1c71e2112e430
cheers
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
@ 2018-09-21 11:59 ` Michael Ellerman
0 siblings, 0 replies; 6+ messages in thread
From: Michael Ellerman @ 2018-09-21 11:59 UTC (permalink / raw)
To: Michael Neuling; +Cc: mikey, linuxppc-dev, sjitindarsingh, kvm-ppc
On Thu, 2018-09-13 at 05:33:47 UTC, Michael Neuling wrote:
> When we come into the softpatch handler (0x1500), we use r11 to store
> the HSRR0 for later use by the denorm handler.
>
> We also use the softpatch handler for the TM workarounds for
> POWER9. Unfortunately, in kvmppc_interrupt_hv we later store r11 out
> to the vcpu assuming it's still what we got from userspace.
>
> This causes r11 to be corrupted in the VCPU and hence when we restore
> the guest, we get a corrupted r11. We've seen this when running TM
> tests inside guests on P9.
>
> This fixes the problem by only touching r11 in the denorm case.
>
> Fixes: 4bb3c7a020 ("KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9")
> Cc: <stable@vger.kernel.org> # 4.17+
> Test-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Reviewed-by: Paul Mackerras <paulus@ozlabs.org>
> Signed-off-by: Michael Neuling <mikey@neuling.org>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/f14040bca89258b8a1c71e2112e430
cheers
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-09-21 11:59 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-13 5:33 [PATCH] KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Michael Neuling
2018-09-13 5:33 ` Michael Neuling
2018-09-21 11:59 ` Michael Ellerman
2018-09-21 11:59 ` Michael Ellerman
[not found] <20180914165657.GB6306@MiWiFi-R3L-srv>
2018-09-14 17:04 ` sathnaga
2018-09-14 17:16 ` sathnaga
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.