From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87AE4C433E2 for ; Mon, 7 Sep 2020 13:24:31 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id E092D215A4 for ; Mon, 7 Sep 2020 13:24:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="rqOQ9SD+" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E092D215A4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvmarm-bounces@lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 43F044B330; Mon, 7 Sep 2020 09:24:30 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@kernel.org Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSYCk4d4hXwB; Mon, 7 Sep 2020 09:24:28 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 92EE94B2A2; Mon, 7 Sep 2020 09:24:28 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id C95174B2A2 for ; Mon, 7 Sep 2020 09:24:26 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcj1JDM-iahc for ; Mon, 7 Sep 2020 09:24:23 -0400 (EDT) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 32A7B4B295 for ; Mon, 7 Sep 2020 09:24:23 -0400 (EDT) Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0AA13207C3; Mon, 7 Sep 2020 13:24:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599485062; bh=0GS6YxNobX4MqotVfC6v3KooyYsW+CylM+R1+qil1ws=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=rqOQ9SD+g8abDisblNv0IeB/fi6j/UsjCU7QJGKagFYon5Jy11P4Ln+311J79VrPM krw20FZQXbf+7DNVYtWPKowub9xvouoWiDHEZrnkTIz1ZEebG6zhmoz568AdR1MxTf mw+V3bIwBETzIhB3+gRWKDCexfGC/PkiNTzeaR48= Received: from 78.163-31-62.static.virginmediabusiness.co.uk ([62.31.163.78] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kFH88-009lu3-2u; Mon, 07 Sep 2020 14:24:20 +0100 Date: Mon, 07 Sep 2020 14:24:19 +0100 Message-ID: <87tuw9lny4.wl-maz@kernel.org> From: Marc Zyngier To: Andrew Scull Subject: Re: [PATCH v3 13/18] KVM: arm64: nVHE: Handle hyp panics In-Reply-To: <20200903135307.251331-14-ascull@google.com> References: <20200903135307.251331-1-ascull@google.com> <20200903135307.251331-14-ascull@google.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 EasyPG/1.0.0 Emacs/26.3 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 62.31.163.78 X-SA-Exim-Rcpt-To: ascull@google.com, kvmarm@lists.cs.columbia.edu, james.morse@arm.com, suzuki.poulose@arm.com, julien.thierry.kdev@gmail.com, will@kernel.org, catalin.marinas@arm.com, kernel-team@android.com, sudeep.holla@arm.com, linux-arm-kernel@lists.infradead.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Cc: kernel-team@android.com, catalin.marinas@arm.com, linux-arm-kernel@lists.infradead.org, Sudeep Holla , will@kernel.org, kvmarm@lists.cs.columbia.edu X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu On Thu, 03 Sep 2020 14:53:02 +0100, Andrew Scull wrote: > > Restore the host context when panicking from hyp to give the best chance > of the panic being clean. > > The host requires that registers be preserved such as x18 for the shadow > callstack. If the panic is caused by an exception from EL1, the host > context is still valid so the panic can return straight back to the > host. If the panic comes from EL2 then it's most likely that the hyp > context is active and the host context needs to be restored. > > There are windows before and after the host context is saved and > restored that restoration is attempted incorrectly and the panic won't > be clean. > > Signed-off-by: Andrew Scull > --- > arch/arm64/include/asm/kvm_hyp.h | 2 +- > arch/arm64/kvm/hyp/nvhe/host.S | 79 +++++++++++++++++++++++--------- > arch/arm64/kvm/hyp/nvhe/switch.c | 18 ++------ > 3 files changed, 63 insertions(+), 36 deletions(-) > > diff --git a/arch/arm64/include/asm/kvm_hyp.h b/arch/arm64/include/asm/kvm_hyp.h > index 0b525e05e5bf..6b664de5ec1f 100644 > --- a/arch/arm64/include/asm/kvm_hyp.h > +++ b/arch/arm64/include/asm/kvm_hyp.h > @@ -94,7 +94,7 @@ u64 __guest_enter(struct kvm_vcpu *vcpu); > > void __noreturn hyp_panic(void); > #ifdef __KVM_NVHE_HYPERVISOR__ > -void __noreturn __hyp_do_panic(unsigned long, ...); > +void __noreturn __hyp_do_panic(bool restore_host, u64 spsr, u64 elr, u64 par); > #endif > > #endif /* __ARM64_KVM_HYP_H__ */ > diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S > index 1062547853db..40620c1c87b8 100644 > --- a/arch/arm64/kvm/hyp/nvhe/host.S > +++ b/arch/arm64/kvm/hyp/nvhe/host.S > @@ -47,6 +47,7 @@ SYM_FUNC_START(__host_exit) > ldp x2, x3, [x29, #CPU_XREG_OFFSET(2)] > ldp x4, x5, [x29, #CPU_XREG_OFFSET(4)] > ldp x6, x7, [x29, #CPU_XREG_OFFSET(6)] > +__host_enter_for_panic: This definitely deserves a comment as to *why* we need to skip the first 8 registers. > ldp x8, x9, [x29, #CPU_XREG_OFFSET(8)] > ldp x10, x11, [x29, #CPU_XREG_OFFSET(10)] > ldp x12, x13, [x29, #CPU_XREG_OFFSET(12)] > @@ -57,30 +58,49 @@ SYM_FUNC_START(__host_exit) > restore_callee_saved_regs x29 > > /* Do not touch any register after this! */ > +__host_enter_without_restoring: > eret > sb > SYM_FUNC_END(__host_exit) > > +/* > + * void __noreturn __hyp_do_panic(bool restore_host, u64 spsr, u64 elr, u64 par); > + */ > SYM_FUNC_START(__hyp_do_panic) > + /* Load the format arguments into x1-7 */ > + mov x6, x3 > + get_vcpu_ptr x7, x3 > + mov x7, xzr Is that the vcpu pointer you are zeroing, right after obtaining it? > + > + mrs x3, esr_el2 > + mrs x4, far_el2 > + mrs x5, hpfar_el2 > + > + /* Prepare and exit to the host's panic funciton. */ > mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\ > PSR_MODE_EL1h) > msr spsr_el2, lr > ldr lr, =panic > msr elr_el2, lr > - eret > - sb > + > + /* > + * Set the panic format string and enter the host, conditionally > + * restoring the host context. > + */ > + cmp x0, xzr > + ldr x0, =__hyp_panic_string > + b.eq __host_enter_without_restoring > + b __host_enter_for_panic > SYM_FUNC_END(__hyp_do_panic) > > .macro valid_host_el1_sync_vect > .align 7 > stp x0, x1, [sp, #-16]! > - > mrs x0, esr_el2 > lsr x0, x0, #ESR_ELx_EC_SHIFT > cmp x0, #ESR_ELx_EC_HVC64 > - b.ne hyp_panic > - > ldp x0, x1, [sp], #16 > + b.ne __host_exit > > /* Check for a stub HVC call */ > cmp x0, #HVC_STUB_HCALL_NR > @@ -102,16 +122,31 @@ SYM_FUNC_END(__hyp_do_panic) > br x5 > .endm > > -.macro invalid_host_vect > +.macro invalid_host_el2_vect > .align 7 > /* If a guest is loaded, panic out of it. */ > stp x0, x1, [sp, #-16]! > get_loaded_vcpu x0, x1 > cbnz x0, __guest_exit_panic > add sp, sp, #16 > + > + /* > + * The panic may not be clean if the exception is taken before the host > + * context has been saved by __host_exit or after the hyp context has > + * been partially clobbered by __host_enter. > + */ > b hyp_panic > .endm > > +.macro invalid_host_el1_vect > + .align 7 > + mov x0, xzr /* restore_host = false */ > + mrs x1, spsr_el2 > + mrs x2, elr_el2 > + mrs x3, par_el1 > + b __hyp_do_panic > +.endm > + > /* > * The host vector does not use an ESB instruction in order to avoid consuming > * SErrors that should only be consumed by the host. Guest entry is deferred by > @@ -123,23 +158,23 @@ SYM_FUNC_END(__hyp_do_panic) > */ > .align 11 > SYM_CODE_START(__kvm_hyp_host_vector) > - invalid_host_vect // Synchronous EL2t > - invalid_host_vect // IRQ EL2t > - invalid_host_vect // FIQ EL2t > - invalid_host_vect // Error EL2t > + invalid_host_el2_vect // Synchronous EL2t > + invalid_host_el2_vect // IRQ EL2t > + invalid_host_el2_vect // FIQ EL2t > + invalid_host_el2_vect // Error EL2t > > - invalid_host_vect // Synchronous EL2h > - invalid_host_vect // IRQ EL2h > - invalid_host_vect // FIQ EL2h > - invalid_host_vect // Error EL2h > + invalid_host_el2_vect // Synchronous EL2h > + invalid_host_el2_vect // IRQ EL2h > + invalid_host_el2_vect // FIQ EL2h > + invalid_host_el2_vect // Error EL2h > > valid_host_el1_sync_vect // Synchronous 64-bit EL1 > - invalid_host_vect // IRQ 64-bit EL1 > - invalid_host_vect // FIQ 64-bit EL1 > - invalid_host_vect // Error 64-bit EL1 > - > - invalid_host_vect // Synchronous 32-bit EL1 > - invalid_host_vect // IRQ 32-bit EL1 > - invalid_host_vect // FIQ 32-bit EL1 > - invalid_host_vect // Error 32-bit EL1 > + invalid_host_el1_vect // IRQ 64-bit EL1 > + invalid_host_el1_vect // FIQ 64-bit EL1 > + invalid_host_el1_vect // Error 64-bit EL1 > + > + invalid_host_el1_vect // Synchronous 32-bit EL1 > + invalid_host_el1_vect // IRQ 32-bit EL1 > + invalid_host_el1_vect // FIQ 32-bit EL1 > + invalid_host_el1_vect // Error 32-bit EL1 > SYM_CODE_END(__kvm_hyp_host_vector) > diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c > index 72d3e0119299..b4f6ae1d579a 100644 > --- a/arch/arm64/kvm/hyp/nvhe/switch.c > +++ b/arch/arm64/kvm/hyp/nvhe/switch.c > @@ -242,6 +242,8 @@ int __kvm_vcpu_run(struct kvm_vcpu *vcpu) > if (system_uses_irq_prio_masking()) > gic_write_pmr(GIC_PRIO_IRQOFF); > > + host_ctxt->__hyp_running_vcpu = NULL; > + > return exit_code; > } > > @@ -253,26 +255,16 @@ void __noreturn hyp_panic(void) > struct kvm_cpu_context *host_ctxt = > &__hyp_this_cpu_ptr(kvm_host_data)->host_ctxt; > struct kvm_vcpu *vcpu = host_ctxt->__hyp_running_vcpu; > - unsigned long str_va; > + bool restore_host = true; > > - if (read_sysreg(vttbr_el2)) { > + if (vcpu) { > __timer_disable_traps(vcpu); > __deactivate_traps(vcpu); > __load_host_stage2(); > __sysreg_restore_state_nvhe(host_ctxt); > } > > - /* > - * Force the panic string to be loaded from the literal pool, > - * making sure it is a kernel address and not a PC-relative > - * reference. > - */ > - asm volatile("ldr %0, =%1" : "=r" (str_va) : "S" (__hyp_panic_string)); > - > - __hyp_do_panic(str_va, > - spsr, elr, > - read_sysreg(esr_el2), read_sysreg_el2(SYS_FAR), > - read_sysreg(hpfar_el2), par, vcpu); > + __hyp_do_panic(restore_host, spsr, elr, par); > unreachable(); > } > > -- > 2.28.0.402.g5ffc5be6b7-goog > > Thanks, M. -- Without deviation from the norm, progress is not possible. _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62471C433E2 for ; Mon, 7 Sep 2020 13:25:53 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 03F4C207C3 for ; Mon, 7 Sep 2020 13:25:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qGNTa9vX"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="rqOQ9SD+" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 03F4C207C3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Subject:To:From: Message-ID:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=lcNhWMEOQ8bNoviDheQRS6eXHsH96D6zyZHxmidxS4Q=; b=qGNTa9vX4p353cNK3cZgG0Iy7 oEhlusy4o3Kf0Y3vRHD9Bw5nlOKK7qsJQ2bZvKheeUEk9TQtzGxtYub8R09FQg/BnQrFDieRoaPzW bFyeb6laM8Z0AWd7D/qcBydSqpMluL2/2AAdpxudE4/RnQnT3Hc8q0GPWoQdxMUDD2h+V1nQHJODy qRv3sQrSH8imk8E/4IVgOzcNhKFbNOM0aPDvt1NakyOcA3xwUHkO8rf5VsOoZmxPeQm8CB+eWTXoP iwU79/4T/OBgInMnwm0aRuU49yiijUqajvVgGoOocZ8oS097+Yb9YWK0zh24eTwaJMe7FFzJsgrpr MA6rXs9bA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kFH8D-0000rq-Tj; Mon, 07 Sep 2020 13:24:26 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kFH8B-0000rP-DM for linux-arm-kernel@lists.infradead.org; Mon, 07 Sep 2020 13:24:24 +0000 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0AA13207C3; Mon, 7 Sep 2020 13:24:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599485062; bh=0GS6YxNobX4MqotVfC6v3KooyYsW+CylM+R1+qil1ws=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=rqOQ9SD+g8abDisblNv0IeB/fi6j/UsjCU7QJGKagFYon5Jy11P4Ln+311J79VrPM krw20FZQXbf+7DNVYtWPKowub9xvouoWiDHEZrnkTIz1ZEebG6zhmoz568AdR1MxTf mw+V3bIwBETzIhB3+gRWKDCexfGC/PkiNTzeaR48= Received: from 78.163-31-62.static.virginmediabusiness.co.uk ([62.31.163.78] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kFH88-009lu3-2u; Mon, 07 Sep 2020 14:24:20 +0100 Date: Mon, 07 Sep 2020 14:24:19 +0100 Message-ID: <87tuw9lny4.wl-maz@kernel.org> From: Marc Zyngier To: Andrew Scull Subject: Re: [PATCH v3 13/18] KVM: arm64: nVHE: Handle hyp panics In-Reply-To: <20200903135307.251331-14-ascull@google.com> References: <20200903135307.251331-1-ascull@google.com> <20200903135307.251331-14-ascull@google.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 EasyPG/1.0.0 Emacs/26.3 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 62.31.163.78 X-SA-Exim-Rcpt-To: ascull@google.com, kvmarm@lists.cs.columbia.edu, james.morse@arm.com, suzuki.poulose@arm.com, julien.thierry.kdev@gmail.com, will@kernel.org, catalin.marinas@arm.com, kernel-team@android.com, sudeep.holla@arm.com, linux-arm-kernel@lists.infradead.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200907_092423_896683_852CE931 X-CRM114-Status: GOOD ( 34.97 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kernel-team@android.com, suzuki.poulose@arm.com, catalin.marinas@arm.com, james.morse@arm.com, linux-arm-kernel@lists.infradead.org, Sudeep Holla , will@kernel.org, kvmarm@lists.cs.columbia.edu, julien.thierry.kdev@gmail.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 03 Sep 2020 14:53:02 +0100, Andrew Scull wrote: > > Restore the host context when panicking from hyp to give the best chance > of the panic being clean. > > The host requires that registers be preserved such as x18 for the shadow > callstack. If the panic is caused by an exception from EL1, the host > context is still valid so the panic can return straight back to the > host. If the panic comes from EL2 then it's most likely that the hyp > context is active and the host context needs to be restored. > > There are windows before and after the host context is saved and > restored that restoration is attempted incorrectly and the panic won't > be clean. > > Signed-off-by: Andrew Scull > --- > arch/arm64/include/asm/kvm_hyp.h | 2 +- > arch/arm64/kvm/hyp/nvhe/host.S | 79 +++++++++++++++++++++++--------- > arch/arm64/kvm/hyp/nvhe/switch.c | 18 ++------ > 3 files changed, 63 insertions(+), 36 deletions(-) > > diff --git a/arch/arm64/include/asm/kvm_hyp.h b/arch/arm64/include/asm/kvm_hyp.h > index 0b525e05e5bf..6b664de5ec1f 100644 > --- a/arch/arm64/include/asm/kvm_hyp.h > +++ b/arch/arm64/include/asm/kvm_hyp.h > @@ -94,7 +94,7 @@ u64 __guest_enter(struct kvm_vcpu *vcpu); > > void __noreturn hyp_panic(void); > #ifdef __KVM_NVHE_HYPERVISOR__ > -void __noreturn __hyp_do_panic(unsigned long, ...); > +void __noreturn __hyp_do_panic(bool restore_host, u64 spsr, u64 elr, u64 par); > #endif > > #endif /* __ARM64_KVM_HYP_H__ */ > diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S > index 1062547853db..40620c1c87b8 100644 > --- a/arch/arm64/kvm/hyp/nvhe/host.S > +++ b/arch/arm64/kvm/hyp/nvhe/host.S > @@ -47,6 +47,7 @@ SYM_FUNC_START(__host_exit) > ldp x2, x3, [x29, #CPU_XREG_OFFSET(2)] > ldp x4, x5, [x29, #CPU_XREG_OFFSET(4)] > ldp x6, x7, [x29, #CPU_XREG_OFFSET(6)] > +__host_enter_for_panic: This definitely deserves a comment as to *why* we need to skip the first 8 registers. > ldp x8, x9, [x29, #CPU_XREG_OFFSET(8)] > ldp x10, x11, [x29, #CPU_XREG_OFFSET(10)] > ldp x12, x13, [x29, #CPU_XREG_OFFSET(12)] > @@ -57,30 +58,49 @@ SYM_FUNC_START(__host_exit) > restore_callee_saved_regs x29 > > /* Do not touch any register after this! */ > +__host_enter_without_restoring: > eret > sb > SYM_FUNC_END(__host_exit) > > +/* > + * void __noreturn __hyp_do_panic(bool restore_host, u64 spsr, u64 elr, u64 par); > + */ > SYM_FUNC_START(__hyp_do_panic) > + /* Load the format arguments into x1-7 */ > + mov x6, x3 > + get_vcpu_ptr x7, x3 > + mov x7, xzr Is that the vcpu pointer you are zeroing, right after obtaining it? > + > + mrs x3, esr_el2 > + mrs x4, far_el2 > + mrs x5, hpfar_el2 > + > + /* Prepare and exit to the host's panic funciton. */ > mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\ > PSR_MODE_EL1h) > msr spsr_el2, lr > ldr lr, =panic > msr elr_el2, lr > - eret > - sb > + > + /* > + * Set the panic format string and enter the host, conditionally > + * restoring the host context. > + */ > + cmp x0, xzr > + ldr x0, =__hyp_panic_string > + b.eq __host_enter_without_restoring > + b __host_enter_for_panic > SYM_FUNC_END(__hyp_do_panic) > > .macro valid_host_el1_sync_vect > .align 7 > stp x0, x1, [sp, #-16]! > - > mrs x0, esr_el2 > lsr x0, x0, #ESR_ELx_EC_SHIFT > cmp x0, #ESR_ELx_EC_HVC64 > - b.ne hyp_panic > - > ldp x0, x1, [sp], #16 > + b.ne __host_exit > > /* Check for a stub HVC call */ > cmp x0, #HVC_STUB_HCALL_NR > @@ -102,16 +122,31 @@ SYM_FUNC_END(__hyp_do_panic) > br x5 > .endm > > -.macro invalid_host_vect > +.macro invalid_host_el2_vect > .align 7 > /* If a guest is loaded, panic out of it. */ > stp x0, x1, [sp, #-16]! > get_loaded_vcpu x0, x1 > cbnz x0, __guest_exit_panic > add sp, sp, #16 > + > + /* > + * The panic may not be clean if the exception is taken before the host > + * context has been saved by __host_exit or after the hyp context has > + * been partially clobbered by __host_enter. > + */ > b hyp_panic > .endm > > +.macro invalid_host_el1_vect > + .align 7 > + mov x0, xzr /* restore_host = false */ > + mrs x1, spsr_el2 > + mrs x2, elr_el2 > + mrs x3, par_el1 > + b __hyp_do_panic > +.endm > + > /* > * The host vector does not use an ESB instruction in order to avoid consuming > * SErrors that should only be consumed by the host. Guest entry is deferred by > @@ -123,23 +158,23 @@ SYM_FUNC_END(__hyp_do_panic) > */ > .align 11 > SYM_CODE_START(__kvm_hyp_host_vector) > - invalid_host_vect // Synchronous EL2t > - invalid_host_vect // IRQ EL2t > - invalid_host_vect // FIQ EL2t > - invalid_host_vect // Error EL2t > + invalid_host_el2_vect // Synchronous EL2t > + invalid_host_el2_vect // IRQ EL2t > + invalid_host_el2_vect // FIQ EL2t > + invalid_host_el2_vect // Error EL2t > > - invalid_host_vect // Synchronous EL2h > - invalid_host_vect // IRQ EL2h > - invalid_host_vect // FIQ EL2h > - invalid_host_vect // Error EL2h > + invalid_host_el2_vect // Synchronous EL2h > + invalid_host_el2_vect // IRQ EL2h > + invalid_host_el2_vect // FIQ EL2h > + invalid_host_el2_vect // Error EL2h > > valid_host_el1_sync_vect // Synchronous 64-bit EL1 > - invalid_host_vect // IRQ 64-bit EL1 > - invalid_host_vect // FIQ 64-bit EL1 > - invalid_host_vect // Error 64-bit EL1 > - > - invalid_host_vect // Synchronous 32-bit EL1 > - invalid_host_vect // IRQ 32-bit EL1 > - invalid_host_vect // FIQ 32-bit EL1 > - invalid_host_vect // Error 32-bit EL1 > + invalid_host_el1_vect // IRQ 64-bit EL1 > + invalid_host_el1_vect // FIQ 64-bit EL1 > + invalid_host_el1_vect // Error 64-bit EL1 > + > + invalid_host_el1_vect // Synchronous 32-bit EL1 > + invalid_host_el1_vect // IRQ 32-bit EL1 > + invalid_host_el1_vect // FIQ 32-bit EL1 > + invalid_host_el1_vect // Error 32-bit EL1 > SYM_CODE_END(__kvm_hyp_host_vector) > diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c > index 72d3e0119299..b4f6ae1d579a 100644 > --- a/arch/arm64/kvm/hyp/nvhe/switch.c > +++ b/arch/arm64/kvm/hyp/nvhe/switch.c > @@ -242,6 +242,8 @@ int __kvm_vcpu_run(struct kvm_vcpu *vcpu) > if (system_uses_irq_prio_masking()) > gic_write_pmr(GIC_PRIO_IRQOFF); > > + host_ctxt->__hyp_running_vcpu = NULL; > + > return exit_code; > } > > @@ -253,26 +255,16 @@ void __noreturn hyp_panic(void) > struct kvm_cpu_context *host_ctxt = > &__hyp_this_cpu_ptr(kvm_host_data)->host_ctxt; > struct kvm_vcpu *vcpu = host_ctxt->__hyp_running_vcpu; > - unsigned long str_va; > + bool restore_host = true; > > - if (read_sysreg(vttbr_el2)) { > + if (vcpu) { > __timer_disable_traps(vcpu); > __deactivate_traps(vcpu); > __load_host_stage2(); > __sysreg_restore_state_nvhe(host_ctxt); > } > > - /* > - * Force the panic string to be loaded from the literal pool, > - * making sure it is a kernel address and not a PC-relative > - * reference. > - */ > - asm volatile("ldr %0, =%1" : "=r" (str_va) : "S" (__hyp_panic_string)); > - > - __hyp_do_panic(str_va, > - spsr, elr, > - read_sysreg(esr_el2), read_sysreg_el2(SYS_FAR), > - read_sysreg(hpfar_el2), par, vcpu); > + __hyp_do_panic(restore_host, spsr, elr, par); > unreachable(); > } > > -- > 2.28.0.402.g5ffc5be6b7-goog > > Thanks, M. -- Without deviation from the norm, progress is not possible. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel