* [PATCH v4 0/2] target/arm: kvm: Support for KVM DABT with no valid ISS
@ 2020-03-23 11:32 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-23 11:32 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
Some of the ARMv7 & ARMv8 load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate the instruction which is one of the
(many) reasons why KVM will not even try to do so.
So far, if a guest made an attempt to access memory outside the memory slot,
KVM reported vague ENOSYS. As a result QEMU exited with no useful information
being provided or even a clue on what has just happened.
ARM KVM introduced support for notifying of an attempt to execute
an instruction that resulted in dabt with no valid ISS decoding info.
This still leaves QEMU to handle the case, but at least now it gives more
control and a start point for more meaningful handling of such cases.
This patchset relies on KVM to insert the external data abort into the guest.
v4:
- Removing one of the patches as it is being picked-up separately
target/arm: kvm: Inject events at the last stage of sync
- Moving handling KVM issue to a separate patch
- Minor changes wrt the review comments
v3:
- Fix setting KVM cap per vm not per vcpu
- Simplifying the handler to bare minimum with no default logging to address
the potential risk of overflooding the host (adding support for rate
limiting the logs turned out to be bit too invasive to justify the little
add-on value from logs in this particular case)
- Adding handling KVM bug (for small range of affected kernels):
little bit of trade-off between what's reasonable and what's effective:
aborting qemu when running on buggy host kernel
v2:
- Improving/re-phrasing messaging
- Dropping messing around with forced sync (@see [PATCH v2 1/2])
and PC alignment
Beata Michalska (2):
target/arm: kvm: Handle DABT with no valid ISS
target/arm: kvm: Handle potential issue with dabt injection
target/arm/cpu.h | 3 ++
target/arm/kvm.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/kvm32.c | 25 ++++++++++++++++
target/arm/kvm64.c | 34 ++++++++++++++++++++++
target/arm/kvm_arm.h | 21 ++++++++++++++
5 files changed, 165 insertions(+)
--
2.7.4
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH v4 0/2] target/arm: kvm: Support for KVM DABT with no valid ISS
@ 2020-03-23 11:32 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-23 11:32 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
Some of the ARMv7 & ARMv8 load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate the instruction which is one of the
(many) reasons why KVM will not even try to do so.
So far, if a guest made an attempt to access memory outside the memory slot,
KVM reported vague ENOSYS. As a result QEMU exited with no useful information
being provided or even a clue on what has just happened.
ARM KVM introduced support for notifying of an attempt to execute
an instruction that resulted in dabt with no valid ISS decoding info.
This still leaves QEMU to handle the case, but at least now it gives more
control and a start point for more meaningful handling of such cases.
This patchset relies on KVM to insert the external data abort into the guest.
v4:
- Removing one of the patches as it is being picked-up separately
target/arm: kvm: Inject events at the last stage of sync
- Moving handling KVM issue to a separate patch
- Minor changes wrt the review comments
v3:
- Fix setting KVM cap per vm not per vcpu
- Simplifying the handler to bare minimum with no default logging to address
the potential risk of overflooding the host (adding support for rate
limiting the logs turned out to be bit too invasive to justify the little
add-on value from logs in this particular case)
- Adding handling KVM bug (for small range of affected kernels):
little bit of trade-off between what's reasonable and what's effective:
aborting qemu when running on buggy host kernel
v2:
- Improving/re-phrasing messaging
- Dropping messing around with forced sync (@see [PATCH v2 1/2])
and PC alignment
Beata Michalska (2):
target/arm: kvm: Handle DABT with no valid ISS
target/arm: kvm: Handle potential issue with dabt injection
target/arm/cpu.h | 3 ++
target/arm/kvm.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/kvm32.c | 25 ++++++++++++++++
target/arm/kvm64.c | 34 ++++++++++++++++++++++
target/arm/kvm_arm.h | 21 ++++++++++++++
5 files changed, 165 insertions(+)
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-03-23 11:32 ` Beata Michalska
@ 2020-03-23 11:32 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-23 11:32 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.
Add support for handling those by requesting KVM to inject external
dabt into the quest.
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/cpu.h | 2 ++
target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 11 +++++++++++
3 files changed, 67 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4ffd991..4f834c1 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -560,6 +560,8 @@ typedef struct CPUARMState {
uint64_t esr;
} serror;
+ uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
+
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
uint32_t irq_line_state;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 85860e6..c088589 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
static bool cap_has_mp_state;
static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt;
static ARMHostCPUFeatures arm_host_cpu_features;
@@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
ret = -EINVAL;
}
+ if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
+ if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+ warn_report("Failed to enable DABT NISV cap");
+ } else {
+ /* Set status for supporting the external dabt injection */
+ cap_has_inject_ext_dabt = kvm_check_extension(s,
+ KVM_CAP_ARM_INJECT_EXT_DABT);
+ }
+ }
+
return ret;
}
@@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
events.exception.serror_esr = env->serror.esr;
}
+ if (cap_has_inject_ext_dabt) {
+ events.exception.ext_dabt_pending = env->ext_dabt_pending;
+ }
+
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
if (ret) {
error_report("failed to put vcpu events");
+ } else {
+ /* Clear instantly if the call was successful */
+ env->ext_dabt_pending = 0;
}
return ret;
@@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
ret = EXCP_DEBUG;
} /* otherwise return to guest */
break;
+ case KVM_EXIT_ARM_NISV:
+ /* External DABT with no valid iss to decode */
+ ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
+ run->arm_nisv.fault_ipa);
+ break;
default:
qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
__func__, run->exit_reason);
@@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
{
return (data - 32) & 0xffff;
}
+
+int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+ uint64_t fault_ipa)
+{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+
+ /*
+ * ISS [23:14] is invalid so there is a limited info
+ * on what has just happened so the only *useful* thing that can
+ * be retrieved from ISS is WnR & DFSC (though in some cases WnR
+ * might be less of a value as well)
+ */
+
+ /*
+ * Set pending ext dabt and trigger SET_EVENTS so that
+ * KVM can inject the abort
+ */
+ if (cap_has_inject_ext_dabt) {
+ kvm_cpu_synchronize_state(cs);
+ env->ext_dabt_pending = 1;
+ } else {
+ error_report("Data abort exception triggered by guest memory access "
+ "at physical address: 0x" TARGET_FMT_lx,
+ (target_ulong)fault_ipa);
+ error_printf("KVM unable to emulate faulting instruction.\n");
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index ae9e075..39472d5 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -450,6 +450,17 @@ struct kvm_guest_debug_arch;
void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
/**
+ * kvm_arm_handle_dabt_nisv:
+ * @cs: CPUState
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
+ * ISV bit set to '0b0' -> no valid instruction syndrome
+ * @fault_ipa: faulting address for the synch data abort
+ *
+ * Returns: 0 if the exception has been handled, < 0 otherwise
+ */
+int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+ uint64_t fault_ipa);
+/**
* its_class_name:
*
* Return the ITS class name to use depending on whether KVM acceleration
--
2.7.4
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-03-23 11:32 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-23 11:32 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.
Add support for handling those by requesting KVM to inject external
dabt into the quest.
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/cpu.h | 2 ++
target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 11 +++++++++++
3 files changed, 67 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4ffd991..4f834c1 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -560,6 +560,8 @@ typedef struct CPUARMState {
uint64_t esr;
} serror;
+ uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
+
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
uint32_t irq_line_state;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 85860e6..c088589 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
static bool cap_has_mp_state;
static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt;
static ARMHostCPUFeatures arm_host_cpu_features;
@@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
ret = -EINVAL;
}
+ if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
+ if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+ warn_report("Failed to enable DABT NISV cap");
+ } else {
+ /* Set status for supporting the external dabt injection */
+ cap_has_inject_ext_dabt = kvm_check_extension(s,
+ KVM_CAP_ARM_INJECT_EXT_DABT);
+ }
+ }
+
return ret;
}
@@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
events.exception.serror_esr = env->serror.esr;
}
+ if (cap_has_inject_ext_dabt) {
+ events.exception.ext_dabt_pending = env->ext_dabt_pending;
+ }
+
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
if (ret) {
error_report("failed to put vcpu events");
+ } else {
+ /* Clear instantly if the call was successful */
+ env->ext_dabt_pending = 0;
}
return ret;
@@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
ret = EXCP_DEBUG;
} /* otherwise return to guest */
break;
+ case KVM_EXIT_ARM_NISV:
+ /* External DABT with no valid iss to decode */
+ ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
+ run->arm_nisv.fault_ipa);
+ break;
default:
qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
__func__, run->exit_reason);
@@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
{
return (data - 32) & 0xffff;
}
+
+int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+ uint64_t fault_ipa)
+{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+
+ /*
+ * ISS [23:14] is invalid so there is a limited info
+ * on what has just happened so the only *useful* thing that can
+ * be retrieved from ISS is WnR & DFSC (though in some cases WnR
+ * might be less of a value as well)
+ */
+
+ /*
+ * Set pending ext dabt and trigger SET_EVENTS so that
+ * KVM can inject the abort
+ */
+ if (cap_has_inject_ext_dabt) {
+ kvm_cpu_synchronize_state(cs);
+ env->ext_dabt_pending = 1;
+ } else {
+ error_report("Data abort exception triggered by guest memory access "
+ "at physical address: 0x" TARGET_FMT_lx,
+ (target_ulong)fault_ipa);
+ error_printf("KVM unable to emulate faulting instruction.\n");
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index ae9e075..39472d5 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -450,6 +450,17 @@ struct kvm_guest_debug_arch;
void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
/**
+ * kvm_arm_handle_dabt_nisv:
+ * @cs: CPUState
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
+ * ISV bit set to '0b0' -> no valid instruction syndrome
+ * @fault_ipa: faulting address for the synch data abort
+ *
+ * Returns: 0 if the exception has been handled, < 0 otherwise
+ */
+int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+ uint64_t fault_ipa);
+/**
* its_class_name:
*
* Return the ITS class name to use depending on whether KVM acceleration
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-03-23 11:32 ` Beata Michalska
@ 2020-03-23 11:32 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-23 11:32 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.
Add support for handling that case.
[
Fixed-by: 018f22f95e8a
('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
Fixed-by: 21aecdbd7f3a
('KVM: arm: Make inject_abt32() inject an external abort instead')
]
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/cpu.h | 1 +
target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
target/arm/kvm32.c | 25 +++++++++++++++++++++++++
target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 10 ++++++++++
5 files changed, 99 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4f834c1..868afc6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -561,6 +561,7 @@ typedef struct CPUARMState {
} serror;
uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
+ uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
uint32_t irq_line_state;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index c088589..58ad734 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
if (ret) {
error_report("failed to put vcpu events");
- } else {
+ } else if (env->ext_dabt_pending) {
+ /*
+ * Mark that the external DABT has been injected,
+ * if one has been requested
+ */
+ env->ext_dabt_raised = env->ext_dabt_pending;
/* Clear instantly if the call was successful */
env->ext_dabt_pending = 0;
}
@@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+
+ if (unlikely(env->ext_dabt_raised)) {
+ /*
+ * Verifying that the ext DABT has been properly injected,
+ * otherwise risking indefinitely re-running the faulting instruction
+ * Covering a very narrow case for kernels 5.5..5.5.4
+ * when injected abort was misconfigured to be
+ * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
+ */
+ if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
+ unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
+
+ error_report("Data abort exception with no valid ISS generated by "
+ "guest memory access. KVM unable to emulate faulting "
+ "instruction. Failed to inject an external data abort "
+ "into the guest.");
+ abort();
+ }
+ /* Clear the status */
+ env->ext_dabt_raised = 0;
+ }
}
MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index f271181..86c4fe7 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)
{
qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
}
+
+#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
+
+#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)
+#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint32_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ uint32_t ttbcr;
+ int lpae = 0;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
+ }
+ return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));
+ }
+ return false;
+}
+
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index be5b31c..18594e9 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
return false;
}
+
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
+
+#define ESR_DFSC(aarch64, v) \
+ ((aarch64) ? ((v) & 0x3F) \
+ : (((v) >> 6 | (v)) & 0x1F))
+
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
+ ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint64_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
+ int lpae = 0;
+
+ if (!aarch64_mode) {
+ uint64_t ttbcr;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE)
+ && (ttbcr & TTBCR_EAE);
+ }
+ }
+ return !(ESR_DFSC(aarch64_mode, dfsr_val) !=
+ ESR_DFSC_EXTABT(aarch64_mode, lpae));
+ }
+ return false;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 39472d5..f2dc6a2 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
uint64_t fault_ipa);
/**
+ * kvm_arm_verify_ext_dabt_pending:
+ * @cs: CPUState
+ *
+ * Verify the fault status code wrt the Ext DABT injection
+ *
+ * Returns: true if the fault status code is as expected, false otherwise
+ */
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
+
+/**
* its_class_name:
*
* Return the ITS class name to use depending on whether KVM acceleration
--
2.7.4
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-03-23 11:32 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-23 11:32 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.
Add support for handling that case.
[
Fixed-by: 018f22f95e8a
('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
Fixed-by: 21aecdbd7f3a
('KVM: arm: Make inject_abt32() inject an external abort instead')
]
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
target/arm/cpu.h | 1 +
target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
target/arm/kvm32.c | 25 +++++++++++++++++++++++++
target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++
target/arm/kvm_arm.h | 10 ++++++++++
5 files changed, 99 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4f834c1..868afc6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -561,6 +561,7 @@ typedef struct CPUARMState {
} serror;
uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
+ uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
uint32_t irq_line_state;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index c088589..58ad734 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
if (ret) {
error_report("failed to put vcpu events");
- } else {
+ } else if (env->ext_dabt_pending) {
+ /*
+ * Mark that the external DABT has been injected,
+ * if one has been requested
+ */
+ env->ext_dabt_raised = env->ext_dabt_pending;
/* Clear instantly if the call was successful */
env->ext_dabt_pending = 0;
}
@@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
{
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+
+ if (unlikely(env->ext_dabt_raised)) {
+ /*
+ * Verifying that the ext DABT has been properly injected,
+ * otherwise risking indefinitely re-running the faulting instruction
+ * Covering a very narrow case for kernels 5.5..5.5.4
+ * when injected abort was misconfigured to be
+ * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
+ */
+ if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
+ unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
+
+ error_report("Data abort exception with no valid ISS generated by "
+ "guest memory access. KVM unable to emulate faulting "
+ "instruction. Failed to inject an external data abort "
+ "into the guest.");
+ abort();
+ }
+ /* Clear the status */
+ env->ext_dabt_raised = 0;
+ }
}
MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index f271181..86c4fe7 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)
{
qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
}
+
+#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
+
+#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)
+#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint32_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ uint32_t ttbcr;
+ int lpae = 0;
+
+ if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
+ }
+ return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));
+ }
+ return false;
+}
+
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index be5b31c..18594e9 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
return false;
}
+
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
+
+#define ESR_DFSC(aarch64, v) \
+ ((aarch64) ? ((v) & 0x3F) \
+ : (((v) >> 6 | (v)) & 0x1F))
+
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
+ ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+ uint64_t dfsr_val;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
+ ARMCPU *cpu = ARM_CPU(cs);
+ CPUARMState *env = &cpu->env;
+ int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
+ int lpae = 0;
+
+ if (!aarch64_mode) {
+ uint64_t ttbcr;
+
+ if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
+ lpae = arm_feature(env, ARM_FEATURE_LPAE)
+ && (ttbcr & TTBCR_EAE);
+ }
+ }
+ return !(ESR_DFSC(aarch64_mode, dfsr_val) !=
+ ESR_DFSC_EXTABT(aarch64_mode, lpae));
+ }
+ return false;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 39472d5..f2dc6a2 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
uint64_t fault_ipa);
/**
+ * kvm_arm_verify_ext_dabt_pending:
+ * @cs: CPUState
+ *
+ * Verify the fault status code wrt the Ext DABT injection
+ *
+ * Returns: true if the fault status code is as expected, false otherwise
+ */
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
+
+/**
* its_class_name:
*
* Return the ITS class name to use depending on whether KVM acceleration
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-03-23 11:32 ` Beata Michalska
@ 2020-03-23 12:44 ` Andrew Jones
-1 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-03-23 12:44 UTC (permalink / raw)
To: Beata Michalska
Cc: peter.maydell, Christoffer.Dall, qemu-devel, qemu-arm, pbonzini, kvmarm
On Mon, Mar 23, 2020 at 11:32:26AM +0000, Beata Michalska wrote:
> On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> exception with no valid ISS info to be decoded. The lack of decode info
> makes it at least tricky to emulate those instruction which is one of the
> (many) reasons why KVM will not even try to do so.
>
> Add support for handling those by requesting KVM to inject external
> dabt into the quest.
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 2 ++
> target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 11 +++++++++++
> 3 files changed, 67 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4ffd991..4f834c1 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> uint64_t esr;
> } serror;
>
> + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> +
> /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> uint32_t irq_line_state;
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index 85860e6..c088589 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
>
> static bool cap_has_mp_state;
> static bool cap_has_inject_serror_esr;
> +static bool cap_has_inject_ext_dabt;
>
> static ARMHostCPUFeatures arm_host_cpu_features;
>
> @@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> ret = -EINVAL;
> }
>
> + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
> + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
> + warn_report("Failed to enable DABT NISV cap");
Shouldn't this be an error? If KVM says it has KVM_CAP_ARM_NISV_TO_USER,
then I think it should always work to enable it, unless userspace passes
the wrong flags. Currently flags must be zero, but if they were to change
then we'll need to add the flags to vmstate and fail migration when they
aren't compatible, and I guess that failure would occur here.
> + } else {
> + /* Set status for supporting the external dabt injection */
> + cap_has_inject_ext_dabt = kvm_check_extension(s,
> + KVM_CAP_ARM_INJECT_EXT_DABT);
> + }
> + }
> +
> return ret;
> }
>
> @@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> events.exception.serror_esr = env->serror.esr;
> }
>
> + if (cap_has_inject_ext_dabt) {
> + events.exception.ext_dabt_pending = env->ext_dabt_pending;
> + }
> +
> ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> if (ret) {
> error_report("failed to put vcpu events");
> + } else {
> + /* Clear instantly if the call was successful */
> + env->ext_dabt_pending = 0;
> }
>
> return ret;
> @@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> ret = EXCP_DEBUG;
> } /* otherwise return to guest */
> break;
> + case KVM_EXIT_ARM_NISV:
> + /* External DABT with no valid iss to decode */
> + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
> + run->arm_nisv.fault_ipa);
> + break;
> default:
> qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
> __func__, run->exit_reason);
> @@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
> {
> return (data - 32) & 0xffff;
> }
> +
> +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> + uint64_t fault_ipa)
> +{
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> +
> + /*
> + * ISS [23:14] is invalid so there is a limited info
> + * on what has just happened so the only *useful* thing that can
> + * be retrieved from ISS is WnR & DFSC (though in some cases WnR
> + * might be less of a value as well)
> + */
> +
> + /*
> + * Set pending ext dabt and trigger SET_EVENTS so that
> + * KVM can inject the abort
> + */
> + if (cap_has_inject_ext_dabt) {
> + kvm_cpu_synchronize_state(cs);
I guess this is just an expensive 'vcpu_dirty=true', which the comment
above justifies, but not super clearly. Can you try to clarify the
comment some more? I also wonder if we shouldn't add a KVM function
that just marks a vcpu dirty, rather than fetching all registers.
> + env->ext_dabt_pending = 1;
> + } else {
> + error_report("Data abort exception triggered by guest memory access "
> + "at physical address: 0x" TARGET_FMT_lx,
> + (target_ulong)fault_ipa);
> + error_printf("KVM unable to emulate faulting instruction.\n");
> + return -1;
> + }
> +
> + return 0;
> +}
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index ae9e075..39472d5 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -450,6 +450,17 @@ struct kvm_guest_debug_arch;
> void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
>
> /**
> + * kvm_arm_handle_dabt_nisv:
> + * @cs: CPUState
> + * @esr_iss: ISS encoding (limited) for the exception from Data Abort
> + * ISV bit set to '0b0' -> no valid instruction syndrome
> + * @fault_ipa: faulting address for the synch data abort
> + *
> + * Returns: 0 if the exception has been handled, < 0 otherwise
> + */
> +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> + uint64_t fault_ipa);
> +/**
> * its_class_name:
> *
> * Return the ITS class name to use depending on whether KVM acceleration
> --
> 2.7.4
>
Thanks,
drew
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-03-23 12:44 ` Andrew Jones
0 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-03-23 12:44 UTC (permalink / raw)
To: Beata Michalska; +Cc: qemu-devel, qemu-arm, pbonzini, kvmarm
On Mon, Mar 23, 2020 at 11:32:26AM +0000, Beata Michalska wrote:
> On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> exception with no valid ISS info to be decoded. The lack of decode info
> makes it at least tricky to emulate those instruction which is one of the
> (many) reasons why KVM will not even try to do so.
>
> Add support for handling those by requesting KVM to inject external
> dabt into the quest.
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 2 ++
> target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 11 +++++++++++
> 3 files changed, 67 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4ffd991..4f834c1 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> uint64_t esr;
> } serror;
>
> + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> +
> /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> uint32_t irq_line_state;
>
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index 85860e6..c088589 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
>
> static bool cap_has_mp_state;
> static bool cap_has_inject_serror_esr;
> +static bool cap_has_inject_ext_dabt;
>
> static ARMHostCPUFeatures arm_host_cpu_features;
>
> @@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> ret = -EINVAL;
> }
>
> + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
> + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
> + warn_report("Failed to enable DABT NISV cap");
Shouldn't this be an error? If KVM says it has KVM_CAP_ARM_NISV_TO_USER,
then I think it should always work to enable it, unless userspace passes
the wrong flags. Currently flags must be zero, but if they were to change
then we'll need to add the flags to vmstate and fail migration when they
aren't compatible, and I guess that failure would occur here.
> + } else {
> + /* Set status for supporting the external dabt injection */
> + cap_has_inject_ext_dabt = kvm_check_extension(s,
> + KVM_CAP_ARM_INJECT_EXT_DABT);
> + }
> + }
> +
> return ret;
> }
>
> @@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> events.exception.serror_esr = env->serror.esr;
> }
>
> + if (cap_has_inject_ext_dabt) {
> + events.exception.ext_dabt_pending = env->ext_dabt_pending;
> + }
> +
> ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> if (ret) {
> error_report("failed to put vcpu events");
> + } else {
> + /* Clear instantly if the call was successful */
> + env->ext_dabt_pending = 0;
> }
>
> return ret;
> @@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> ret = EXCP_DEBUG;
> } /* otherwise return to guest */
> break;
> + case KVM_EXIT_ARM_NISV:
> + /* External DABT with no valid iss to decode */
> + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
> + run->arm_nisv.fault_ipa);
> + break;
> default:
> qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
> __func__, run->exit_reason);
> @@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
> {
> return (data - 32) & 0xffff;
> }
> +
> +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> + uint64_t fault_ipa)
> +{
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> +
> + /*
> + * ISS [23:14] is invalid so there is a limited info
> + * on what has just happened so the only *useful* thing that can
> + * be retrieved from ISS is WnR & DFSC (though in some cases WnR
> + * might be less of a value as well)
> + */
> +
> + /*
> + * Set pending ext dabt and trigger SET_EVENTS so that
> + * KVM can inject the abort
> + */
> + if (cap_has_inject_ext_dabt) {
> + kvm_cpu_synchronize_state(cs);
I guess this is just an expensive 'vcpu_dirty=true', which the comment
above justifies, but not super clearly. Can you try to clarify the
comment some more? I also wonder if we shouldn't add a KVM function
that just marks a vcpu dirty, rather than fetching all registers.
> + env->ext_dabt_pending = 1;
> + } else {
> + error_report("Data abort exception triggered by guest memory access "
> + "at physical address: 0x" TARGET_FMT_lx,
> + (target_ulong)fault_ipa);
> + error_printf("KVM unable to emulate faulting instruction.\n");
> + return -1;
> + }
> +
> + return 0;
> +}
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index ae9e075..39472d5 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -450,6 +450,17 @@ struct kvm_guest_debug_arch;
> void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
>
> /**
> + * kvm_arm_handle_dabt_nisv:
> + * @cs: CPUState
> + * @esr_iss: ISS encoding (limited) for the exception from Data Abort
> + * ISV bit set to '0b0' -> no valid instruction syndrome
> + * @fault_ipa: faulting address for the synch data abort
> + *
> + * Returns: 0 if the exception has been handled, < 0 otherwise
> + */
> +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> + uint64_t fault_ipa);
> +/**
> * its_class_name:
> *
> * Return the ITS class name to use depending on whether KVM acceleration
> --
> 2.7.4
>
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-03-23 11:32 ` Beata Michalska
@ 2020-03-23 18:44 ` Richard Henderson
-1 siblings, 0 replies; 36+ messages in thread
From: Richard Henderson @ 2020-03-23 18:44 UTC (permalink / raw)
To: Beata Michalska, qemu-devel
Cc: peter.maydell, drjones, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
On 3/23/20 4:32 AM, Beata Michalska wrote:
> uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
Is there a reason these are uint8_t and not bool?
r~
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-03-23 18:44 ` Richard Henderson
0 siblings, 0 replies; 36+ messages in thread
From: Richard Henderson @ 2020-03-23 18:44 UTC (permalink / raw)
To: Beata Michalska, qemu-devel; +Cc: qemu-arm, pbonzini, kvmarm
On 3/23/20 4:32 AM, Beata Michalska wrote:
> uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
Is there a reason these are uint8_t and not bool?
r~
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-03-23 12:44 ` Andrew Jones
@ 2020-03-25 15:15 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-25 15:15 UTC (permalink / raw)
To: Andrew Jones
Cc: Peter Maydell, Christoffer Dall, QEMU Developers, qemu-arm,
Paolo Bonzini, kvmarm
Hi,
On Mon, 23 Mar 2020 at 12:44, Andrew Jones <drjones@redhat.com> wrote:
>
> On Mon, Mar 23, 2020 at 11:32:26AM +0000, Beata Michalska wrote:
> > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > exception with no valid ISS info to be decoded. The lack of decode info
> > makes it at least tricky to emulate those instruction which is one of the
> > (many) reasons why KVM will not even try to do so.
> >
> > Add support for handling those by requesting KVM to inject external
> > dabt into the quest.
> >
> > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > ---
> > target/arm/cpu.h | 2 ++
> > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > target/arm/kvm_arm.h | 11 +++++++++++
> > 3 files changed, 67 insertions(+)
> >
> > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > index 4ffd991..4f834c1 100644
> > --- a/target/arm/cpu.h
> > +++ b/target/arm/cpu.h
> > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > uint64_t esr;
> > } serror;
> >
> > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> > +
> > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> > uint32_t irq_line_state;
> >
> > diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> > index 85860e6..c088589 100644
> > --- a/target/arm/kvm.c
> > +++ b/target/arm/kvm.c
> > @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
> >
> > static bool cap_has_mp_state;
> > static bool cap_has_inject_serror_esr;
> > +static bool cap_has_inject_ext_dabt;
> >
> > static ARMHostCPUFeatures arm_host_cpu_features;
> >
> > @@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> > ret = -EINVAL;
> > }
> >
> > + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
> > + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
> > + warn_report("Failed to enable DABT NISV cap");
>
> Shouldn't this be an error? If KVM says it has KVM_CAP_ARM_NISV_TO_USER,
> then I think it should always work to enable it, unless userspace passes
> the wrong flags. Currently flags must be zero, but if they were to change
> then we'll need to add the flags to vmstate and fail migration when they
> aren't compatible, and I guess that failure would occur here.
>
That's a fair point. From the kernel point of view this one is pretty
straightforward,
so it should not fail. I haven't used the error here as the lack of
this cap is not really
critical for guest but indeed it might be worth to have it here .
> > + } else {
> > + /* Set status for supporting the external dabt injection */
> > + cap_has_inject_ext_dabt = kvm_check_extension(s,
> > + KVM_CAP_ARM_INJECT_EXT_DABT);
> > + }
> > + }
> > +
> > return ret;
> > }
> >
> > @@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> > events.exception.serror_esr = env->serror.esr;
> > }
> >
> > + if (cap_has_inject_ext_dabt) {
> > + events.exception.ext_dabt_pending = env->ext_dabt_pending;
> > + }
> > +
> > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> > if (ret) {
> > error_report("failed to put vcpu events");
> > + } else {
> > + /* Clear instantly if the call was successful */
> > + env->ext_dabt_pending = 0;
> > }
> >
> > return ret;
> > @@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> > ret = EXCP_DEBUG;
> > } /* otherwise return to guest */
> > break;
> > + case KVM_EXIT_ARM_NISV:
> > + /* External DABT with no valid iss to decode */
> > + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
> > + run->arm_nisv.fault_ipa);
> > + break;
> > default:
> > qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
> > __func__, run->exit_reason);
> > @@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
> > {
> > return (data - 32) & 0xffff;
> > }
> > +
> > +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> > + uint64_t fault_ipa)
> > +{
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > +
> > + /*
> > + * ISS [23:14] is invalid so there is a limited info
> > + * on what has just happened so the only *useful* thing that can
> > + * be retrieved from ISS is WnR & DFSC (though in some cases WnR
> > + * might be less of a value as well)
> > + */
> > +
> > + /*
> > + * Set pending ext dabt and trigger SET_EVENTS so that
> > + * KVM can inject the abort
> > + */
> > + if (cap_has_inject_ext_dabt) {
> > + kvm_cpu_synchronize_state(cs);
>
> I guess this is just an expensive 'vcpu_dirty=true', which the comment
> above justifies, but not super clearly. Can you try to clarify the
> comment some more? I also wonder if we shouldn't add a KVM function
> that just marks a vcpu dirty, rather than fetching all registers.
>
I can definitely adjust the comments here to explain the case more
clearly. And I would definitely vote for moving the flag
setting/clearing outside the
sync so that it can be triggered separately without involving all the series
of potentially unnecessary ioctls. WIll draft that in the next iteration.
Thanks
Beata
> > + env->ext_dabt_pending = 1;
> > + } else {
> > + error_report("Data abort exception triggered by guest memory access "
> > + "at physical address: 0x" TARGET_FMT_lx,
> > + (target_ulong)fault_ipa);
> > + error_printf("KVM unable to emulate faulting instruction.\n");
> > + return -1;
> > + }
> > +
> > + return 0;
> > +}
> > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> > index ae9e075..39472d5 100644
> > --- a/target/arm/kvm_arm.h
> > +++ b/target/arm/kvm_arm.h
> > @@ -450,6 +450,17 @@ struct kvm_guest_debug_arch;
> > void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
> >
> > /**
> > + * kvm_arm_handle_dabt_nisv:
> > + * @cs: CPUState
> > + * @esr_iss: ISS encoding (limited) for the exception from Data Abort
> > + * ISV bit set to '0b0' -> no valid instruction syndrome
> > + * @fault_ipa: faulting address for the synch data abort
> > + *
> > + * Returns: 0 if the exception has been handled, < 0 otherwise
> > + */
> > +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> > + uint64_t fault_ipa);
> > +/**
> > * its_class_name:
> > *
> > * Return the ITS class name to use depending on whether KVM acceleration
> > --
> > 2.7.4
> >
>
> Thanks,
> drew
>
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-03-25 15:15 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-25 15:15 UTC (permalink / raw)
To: Andrew Jones; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
Hi,
On Mon, 23 Mar 2020 at 12:44, Andrew Jones <drjones@redhat.com> wrote:
>
> On Mon, Mar 23, 2020 at 11:32:26AM +0000, Beata Michalska wrote:
> > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > exception with no valid ISS info to be decoded. The lack of decode info
> > makes it at least tricky to emulate those instruction which is one of the
> > (many) reasons why KVM will not even try to do so.
> >
> > Add support for handling those by requesting KVM to inject external
> > dabt into the quest.
> >
> > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > ---
> > target/arm/cpu.h | 2 ++
> > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > target/arm/kvm_arm.h | 11 +++++++++++
> > 3 files changed, 67 insertions(+)
> >
> > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > index 4ffd991..4f834c1 100644
> > --- a/target/arm/cpu.h
> > +++ b/target/arm/cpu.h
> > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > uint64_t esr;
> > } serror;
> >
> > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> > +
> > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> > uint32_t irq_line_state;
> >
> > diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> > index 85860e6..c088589 100644
> > --- a/target/arm/kvm.c
> > +++ b/target/arm/kvm.c
> > @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
> >
> > static bool cap_has_mp_state;
> > static bool cap_has_inject_serror_esr;
> > +static bool cap_has_inject_ext_dabt;
> >
> > static ARMHostCPUFeatures arm_host_cpu_features;
> >
> > @@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
> > ret = -EINVAL;
> > }
> >
> > + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
> > + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
> > + warn_report("Failed to enable DABT NISV cap");
>
> Shouldn't this be an error? If KVM says it has KVM_CAP_ARM_NISV_TO_USER,
> then I think it should always work to enable it, unless userspace passes
> the wrong flags. Currently flags must be zero, but if they were to change
> then we'll need to add the flags to vmstate and fail migration when they
> aren't compatible, and I guess that failure would occur here.
>
That's a fair point. From the kernel point of view this one is pretty
straightforward,
so it should not fail. I haven't used the error here as the lack of
this cap is not really
critical for guest but indeed it might be worth to have it here .
> > + } else {
> > + /* Set status for supporting the external dabt injection */
> > + cap_has_inject_ext_dabt = kvm_check_extension(s,
> > + KVM_CAP_ARM_INJECT_EXT_DABT);
> > + }
> > + }
> > +
> > return ret;
> > }
> >
> > @@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> > events.exception.serror_esr = env->serror.esr;
> > }
> >
> > + if (cap_has_inject_ext_dabt) {
> > + events.exception.ext_dabt_pending = env->ext_dabt_pending;
> > + }
> > +
> > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> > if (ret) {
> > error_report("failed to put vcpu events");
> > + } else {
> > + /* Clear instantly if the call was successful */
> > + env->ext_dabt_pending = 0;
> > }
> >
> > return ret;
> > @@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
> > ret = EXCP_DEBUG;
> > } /* otherwise return to guest */
> > break;
> > + case KVM_EXIT_ARM_NISV:
> > + /* External DABT with no valid iss to decode */
> > + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
> > + run->arm_nisv.fault_ipa);
> > + break;
> > default:
> > qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
> > __func__, run->exit_reason);
> > @@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
> > {
> > return (data - 32) & 0xffff;
> > }
> > +
> > +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> > + uint64_t fault_ipa)
> > +{
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > +
> > + /*
> > + * ISS [23:14] is invalid so there is a limited info
> > + * on what has just happened so the only *useful* thing that can
> > + * be retrieved from ISS is WnR & DFSC (though in some cases WnR
> > + * might be less of a value as well)
> > + */
> > +
> > + /*
> > + * Set pending ext dabt and trigger SET_EVENTS so that
> > + * KVM can inject the abort
> > + */
> > + if (cap_has_inject_ext_dabt) {
> > + kvm_cpu_synchronize_state(cs);
>
> I guess this is just an expensive 'vcpu_dirty=true', which the comment
> above justifies, but not super clearly. Can you try to clarify the
> comment some more? I also wonder if we shouldn't add a KVM function
> that just marks a vcpu dirty, rather than fetching all registers.
>
I can definitely adjust the comments here to explain the case more
clearly. And I would definitely vote for moving the flag
setting/clearing outside the
sync so that it can be triggered separately without involving all the series
of potentially unnecessary ioctls. WIll draft that in the next iteration.
Thanks
Beata
> > + env->ext_dabt_pending = 1;
> > + } else {
> > + error_report("Data abort exception triggered by guest memory access "
> > + "at physical address: 0x" TARGET_FMT_lx,
> > + (target_ulong)fault_ipa);
> > + error_printf("KVM unable to emulate faulting instruction.\n");
> > + return -1;
> > + }
> > +
> > + return 0;
> > +}
> > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> > index ae9e075..39472d5 100644
> > --- a/target/arm/kvm_arm.h
> > +++ b/target/arm/kvm_arm.h
> > @@ -450,6 +450,17 @@ struct kvm_guest_debug_arch;
> > void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
> >
> > /**
> > + * kvm_arm_handle_dabt_nisv:
> > + * @cs: CPUState
> > + * @esr_iss: ISS encoding (limited) for the exception from Data Abort
> > + * ISV bit set to '0b0' -> no valid instruction syndrome
> > + * @fault_ipa: faulting address for the synch data abort
> > + *
> > + * Returns: 0 if the exception has been handled, < 0 otherwise
> > + */
> > +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> > + uint64_t fault_ipa);
> > +/**
> > * its_class_name:
> > *
> > * Return the ITS class name to use depending on whether KVM acceleration
> > --
> > 2.7.4
> >
>
> Thanks,
> drew
>
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-03-23 18:44 ` Richard Henderson
@ 2020-03-25 15:16 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-25 15:16 UTC (permalink / raw)
To: Richard Henderson
Cc: Peter Maydell, Andrew Jones, QEMU Developers, Christoffer Dall,
qemu-arm, Paolo Bonzini, kvmarm
On Mon, 23 Mar 2020 at 18:44, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 3/23/20 4:32 AM, Beata Michalska wrote:
> > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
>
> Is there a reason these are uint8_t and not bool?
>
>
The ext_dabt_pending is reflecting the KVM type.
The ext_dabt_raised is following that one.
BR
Beata
> r~
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-03-25 15:16 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-03-25 15:16 UTC (permalink / raw)
To: Richard Henderson; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
On Mon, 23 Mar 2020 at 18:44, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 3/23/20 4:32 AM, Beata Michalska wrote:
> > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
>
> Is there a reason these are uint8_t and not bool?
>
>
The ext_dabt_pending is reflecting the KVM type.
The ext_dabt_raised is following that one.
BR
Beata
> r~
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-03-23 11:32 ` Beata Michalska
@ 2020-04-03 8:44 ` Andrew Jones
-1 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-04-03 8:44 UTC (permalink / raw)
To: Beata Michalska
Cc: peter.maydell, qemu-devel, Christoffer.Dall, qemu-arm, pbonzini, kvmarm
On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> Injecting external data abort through KVM might trigger
> an issue on kernels that do not get updated to include the KVM fix.
> For those and aarch32 guests, the injected abort gets misconfigured
> to be an implementation defined exception. This leads to the guest
> repeatedly re-running the faulting instruction.
>
> Add support for handling that case.
> [
> Fixed-by: 018f22f95e8a
> ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> Fixed-by: 21aecdbd7f3a
> ('KVM: arm: Make inject_abt32() inject an external abort instead')
> ]
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 1 +
> target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
> target/arm/kvm32.c | 25 +++++++++++++++++++++++++
> target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 10 ++++++++++
> 5 files changed, 99 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4f834c1..868afc6 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -561,6 +561,7 @@ typedef struct CPUARMState {
> } serror;
>
> uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
>
> /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> uint32_t irq_line_state;
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index c088589..58ad734 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> if (ret) {
> error_report("failed to put vcpu events");
> - } else {
> + } else if (env->ext_dabt_pending) {
> + /*
> + * Mark that the external DABT has been injected,
> + * if one has been requested
> + */
> + env->ext_dabt_raised = env->ext_dabt_pending;
> /* Clear instantly if the call was successful */
> env->ext_dabt_pending = 0;
> }
> @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
>
> void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
> {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> +
> + if (unlikely(env->ext_dabt_raised)) {
> + /*
> + * Verifying that the ext DABT has been properly injected,
> + * otherwise risking indefinitely re-running the faulting instruction
> + * Covering a very narrow case for kernels 5.5..5.5.4
> + * when injected abort was misconfigured to be
> + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
> + */
> + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
> + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
> +
> + error_report("Data abort exception with no valid ISS generated by "
> + "guest memory access. KVM unable to emulate faulting "
> + "instruction. Failed to inject an external data abort "
> + "into the guest.");
> + abort();
> + }
> + /* Clear the status */
> + env->ext_dabt_raised = 0;
> + }
> }
>
> MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
> diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
> index f271181..86c4fe7 100644
> --- a/target/arm/kvm32.c
> +++ b/target/arm/kvm32.c
> @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)
> {
> qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
> }
> +
> +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
> +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
> +
> +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)
> +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08
We should put () around the whole ?: expression when it's in a macro
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint32_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + uint32_t ttbcr;
> + int lpae = 0;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
> + }
> + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));
!(a != b) is a convoluted way to write a == b
> + }
> + return false;
> +}
> +
> diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
> index be5b31c..18594e9 100644
> --- a/target/arm/kvm64.c
> +++ b/target/arm/kvm64.c
> @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
>
> return false;
> }
> +
> +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
> +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
> +
> +#define ESR_DFSC(aarch64, v) \
> + ((aarch64) ? ((v) & 0x3F) \
> + : (((v) >> 6 | (v)) & 0x1F))
> +
> +#define ESR_DFSC_EXTABT(aarch64, lpae) \
> + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint64_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
> + int lpae = 0;
> +
> + if (!aarch64_mode) {
> + uint64_t ttbcr;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE)
> + && (ttbcr & TTBCR_EAE);
> + }
> + }
> + return !(ESR_DFSC(aarch64_mode, dfsr_val) !=
> + ESR_DFSC_EXTABT(aarch64_mode, lpae));
a == b, please
> + }
> + return false;
> +}
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index 39472d5..f2dc6a2 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
> int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> uint64_t fault_ipa);
> /**
> + * kvm_arm_verify_ext_dabt_pending:
> + * @cs: CPUState
> + *
> + * Verify the fault status code wrt the Ext DABT injection
> + *
> + * Returns: true if the fault status code is as expected, false otherwise
> + */
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
> +
> +/**
> * its_class_name:
> *
> * Return the ITS class name to use depending on whether KVM acceleration
> --
> 2.7.4
>
>
I'll leave the decision to take this KVM bug workaround patch at all to Peter,
and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending
is doing what it claims it's doing, so I'm reluctant to give an r-b on
this patch. But, as far as the code goes, besides the comments above, it
looks fine to me.
Thanks,
drew
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-04-03 8:44 ` Andrew Jones
0 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-04-03 8:44 UTC (permalink / raw)
To: Beata Michalska; +Cc: qemu-devel, qemu-arm, pbonzini, kvmarm
On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> Injecting external data abort through KVM might trigger
> an issue on kernels that do not get updated to include the KVM fix.
> For those and aarch32 guests, the injected abort gets misconfigured
> to be an implementation defined exception. This leads to the guest
> repeatedly re-running the faulting instruction.
>
> Add support for handling that case.
> [
> Fixed-by: 018f22f95e8a
> ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> Fixed-by: 21aecdbd7f3a
> ('KVM: arm: Make inject_abt32() inject an external abort instead')
> ]
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 1 +
> target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
> target/arm/kvm32.c | 25 +++++++++++++++++++++++++
> target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 10 ++++++++++
> 5 files changed, 99 insertions(+), 1 deletion(-)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4f834c1..868afc6 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -561,6 +561,7 @@ typedef struct CPUARMState {
> } serror;
>
> uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
>
> /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> uint32_t irq_line_state;
> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> index c088589..58ad734 100644
> --- a/target/arm/kvm.c
> +++ b/target/arm/kvm.c
> @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> if (ret) {
> error_report("failed to put vcpu events");
> - } else {
> + } else if (env->ext_dabt_pending) {
> + /*
> + * Mark that the external DABT has been injected,
> + * if one has been requested
> + */
> + env->ext_dabt_raised = env->ext_dabt_pending;
> /* Clear instantly if the call was successful */
> env->ext_dabt_pending = 0;
> }
> @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
>
> void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
> {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> +
> + if (unlikely(env->ext_dabt_raised)) {
> + /*
> + * Verifying that the ext DABT has been properly injected,
> + * otherwise risking indefinitely re-running the faulting instruction
> + * Covering a very narrow case for kernels 5.5..5.5.4
> + * when injected abort was misconfigured to be
> + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
> + */
> + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
> + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
> +
> + error_report("Data abort exception with no valid ISS generated by "
> + "guest memory access. KVM unable to emulate faulting "
> + "instruction. Failed to inject an external data abort "
> + "into the guest.");
> + abort();
> + }
> + /* Clear the status */
> + env->ext_dabt_raised = 0;
> + }
> }
>
> MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
> diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
> index f271181..86c4fe7 100644
> --- a/target/arm/kvm32.c
> +++ b/target/arm/kvm32.c
> @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)
> {
> qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
> }
> +
> +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
> +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
> +
> +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)
> +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08
We should put () around the whole ?: expression when it's in a macro
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint32_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + uint32_t ttbcr;
> + int lpae = 0;
> +
> + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
> + }
> + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));
!(a != b) is a convoluted way to write a == b
> + }
> + return false;
> +}
> +
> diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
> index be5b31c..18594e9 100644
> --- a/target/arm/kvm64.c
> +++ b/target/arm/kvm64.c
> @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
>
> return false;
> }
> +
> +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
> +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
> +
> +#define ESR_DFSC(aarch64, v) \
> + ((aarch64) ? ((v) & 0x3F) \
> + : (((v) >> 6 | (v)) & 0x1F))
> +
> +#define ESR_DFSC_EXTABT(aarch64, lpae) \
> + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
> +
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> +{
> + uint64_t dfsr_val;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
> + ARMCPU *cpu = ARM_CPU(cs);
> + CPUARMState *env = &cpu->env;
> + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
> + int lpae = 0;
> +
> + if (!aarch64_mode) {
> + uint64_t ttbcr;
> +
> + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
> + lpae = arm_feature(env, ARM_FEATURE_LPAE)
> + && (ttbcr & TTBCR_EAE);
> + }
> + }
> + return !(ESR_DFSC(aarch64_mode, dfsr_val) !=
> + ESR_DFSC_EXTABT(aarch64_mode, lpae));
a == b, please
> + }
> + return false;
> +}
> diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> index 39472d5..f2dc6a2 100644
> --- a/target/arm/kvm_arm.h
> +++ b/target/arm/kvm_arm.h
> @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
> int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> uint64_t fault_ipa);
> /**
> + * kvm_arm_verify_ext_dabt_pending:
> + * @cs: CPUState
> + *
> + * Verify the fault status code wrt the Ext DABT injection
> + *
> + * Returns: true if the fault status code is as expected, false otherwise
> + */
> +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
> +
> +/**
> * its_class_name:
> *
> * Return the ITS class name to use depending on whether KVM acceleration
> --
> 2.7.4
>
>
I'll leave the decision to take this KVM bug workaround patch at all to Peter,
and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending
is doing what it claims it's doing, so I'm reluctant to give an r-b on
this patch. But, as far as the code goes, besides the comments above, it
looks fine to me.
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-04-03 8:44 ` Andrew Jones
@ 2020-04-07 11:24 ` Peter Maydell
-1 siblings, 0 replies; 36+ messages in thread
From: Peter Maydell @ 2020-04-07 11:24 UTC (permalink / raw)
To: Andrew Jones
Cc: Beata Michalska, Christoffer Dall, QEMU Developers, qemu-arm,
Paolo Bonzini, kvmarm
On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote:
>
> On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> > Injecting external data abort through KVM might trigger
> > an issue on kernels that do not get updated to include the KVM fix.
> > For those and aarch32 guests, the injected abort gets misconfigured
> > to be an implementation defined exception. This leads to the guest
> > repeatedly re-running the faulting instruction.
> >
> > Add support for handling that case.
> > [
> > Fixed-by: 018f22f95e8a
> > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> > Fixed-by: 21aecdbd7f3a
> > ('KVM: arm: Make inject_abt32() inject an external abort instead')
> > ]
> >
> I'll leave the decision to take this KVM bug workaround patch at all to Peter,
> and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending
> is doing what it claims it's doing, so I'm reluctant to give an r-b on
> this patch. But, as far as the code goes, besides the comments above, it
> looks fine to me.
I think that having the workaround for the broken kernels is
reasonable (in fact it might have been my suggestion).
thanks
-- PMM
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-04-07 11:24 ` Peter Maydell
0 siblings, 0 replies; 36+ messages in thread
From: Peter Maydell @ 2020-04-07 11:24 UTC (permalink / raw)
To: Andrew Jones; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote:
>
> On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> > Injecting external data abort through KVM might trigger
> > an issue on kernels that do not get updated to include the KVM fix.
> > For those and aarch32 guests, the injected abort gets misconfigured
> > to be an implementation defined exception. This leads to the guest
> > repeatedly re-running the faulting instruction.
> >
> > Add support for handling that case.
> > [
> > Fixed-by: 018f22f95e8a
> > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> > Fixed-by: 21aecdbd7f3a
> > ('KVM: arm: Make inject_abt32() inject an external abort instead')
> > ]
> >
> I'll leave the decision to take this KVM bug workaround patch at all to Peter,
> and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending
> is doing what it claims it's doing, so I'm reluctant to give an r-b on
> this patch. But, as far as the code goes, besides the comments above, it
> looks fine to me.
I think that having the workaround for the broken kernels is
reasonable (in fact it might have been my suggestion).
thanks
-- PMM
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-04-03 8:44 ` Andrew Jones
@ 2020-04-07 11:31 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-04-07 11:31 UTC (permalink / raw)
To: Andrew Jones
Cc: Peter Maydell, QEMU Developers, Christoffer Dall, qemu-arm,
Paolo Bonzini, kvmarm
[-- Attachment #1: Type: text/plain, Size: 7540 bytes --]
On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote:
>
> On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> > Injecting external data abort through KVM might trigger
> > an issue on kernels that do not get updated to include the KVM fix.
> > For those and aarch32 guests, the injected abort gets misconfigured
> > to be an implementation defined exception. This leads to the guest
> > repeatedly re-running the faulting instruction.
> >
> > Add support for handling that case.
> > [
> > Fixed-by: 018f22f95e8a
> > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> > Fixed-by: 21aecdbd7f3a
> > ('KVM: arm: Make inject_abt32() inject an external abort instead')
> > ]
> >
> > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > ---
> > target/arm/cpu.h | 1 +
> > target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
> > target/arm/kvm32.c | 25 +++++++++++++++++++++++++
> > target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++
> > target/arm/kvm_arm.h | 10 ++++++++++
> > 5 files changed, 99 insertions(+), 1 deletion(-)
> >
> > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > index 4f834c1..868afc6 100644
> > --- a/target/arm/cpu.h
> > +++ b/target/arm/cpu.h
> > @@ -561,6 +561,7 @@ typedef struct CPUARMState {
> > } serror;
> >
> > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext
DABT */
> >
> > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> > uint32_t irq_line_state;
> > diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> > index c088589..58ad734 100644
> > --- a/target/arm/kvm.c
> > +++ b/target/arm/kvm.c
> > @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> > if (ret) {
> > error_report("failed to put vcpu events");
> > - } else {
> > + } else if (env->ext_dabt_pending) {
> > + /*
> > + * Mark that the external DABT has been injected,
> > + * if one has been requested
> > + */
> > + env->ext_dabt_raised = env->ext_dabt_pending;
> > /* Clear instantly if the call was successful */
> > env->ext_dabt_pending = 0;
> > }
> > @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
> >
> > void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
> > {
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > +
> > + if (unlikely(env->ext_dabt_raised)) {
> > + /*
> > + * Verifying that the ext DABT has been properly injected,
> > + * otherwise risking indefinitely re-running the faulting
instruction
> > + * Covering a very narrow case for kernels 5.5..5.5.4
> > + * when injected abort was misconfigured to be
> > + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
> > + */
> > + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
> > + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
> > +
> > + error_report("Data abort exception with no valid ISS
generated by "
> > + "guest memory access. KVM unable to emulate
faulting "
> > + "instruction. Failed to inject an external data
abort "
> > + "into the guest.");
> > + abort();
> > + }
> > + /* Clear the status */
> > + env->ext_dabt_raised = 0;
> > + }
> > }
> >
> > MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
> > diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
> > index f271181..86c4fe7 100644
> > --- a/target/arm/kvm32.c
> > +++ b/target/arm/kvm32.c
> > @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)
> > {
> > qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
> > }
> > +
> > +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
> > +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
> > +
> > +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)
> > +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08
>
> We should put () around the whole ?: expression when it's in a macro
>
> > +
> > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> > +{
> > + uint32_t dfsr_val;
> > +
> > + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > + uint32_t ttbcr;
> > + int lpae = 0;
> > +
> > + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
> > + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr &
TTBCR_EAE);
> > + }
> > + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));
>
> !(a != b) is a convoluted way to write a == b
>
> > + }
> > + return false;
> > +}
> > +
> > diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
> > index be5b31c..18594e9 100644
> > --- a/target/arm/kvm64.c
> > +++ b/target/arm/kvm64.c
> > @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct
kvm_debug_exit_arch *debug_exit)
> >
> > return false;
> > }
> > +
> > +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
> > +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
> > +
> > +#define ESR_DFSC(aarch64, v) \
> > + ((aarch64) ? ((v) & 0x3F) \
> > + : (((v) >> 6 | (v)) & 0x1F))
> > +
> > +#define ESR_DFSC_EXTABT(aarch64, lpae) \
> > + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
> > +
> > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> > +{
> > + uint64_t dfsr_val;
> > +
> > + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
> > + int lpae = 0;
> > +
> > + if (!aarch64_mode) {
> > + uint64_t ttbcr;
> > +
> > + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
> > + lpae = arm_feature(env, ARM_FEATURE_LPAE)
> > + && (ttbcr & TTBCR_EAE);
> > + }
> > + }
> > + return !(ESR_DFSC(aarch64_mode, dfsr_val) !=
> > + ESR_DFSC_EXTABT(aarch64_mode, lpae));
>
> a == b, please
>
> > + }
> > + return false;
> > +}
> > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> > index 39472d5..f2dc6a2 100644
> > --- a/target/arm/kvm_arm.h
> > +++ b/target/arm/kvm_arm.h
> > @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct
kvm_guest_debug_arch *ptr);
> > int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> > uint64_t fault_ipa);
> > /**
> > + * kvm_arm_verify_ext_dabt_pending:
> > + * @cs: CPUState
> > + *
> > + * Verify the fault status code wrt the Ext DABT injection
> > + *
> > + * Returns: true if the fault status code is as expected, false
otherwise
> > + */
> > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
> > +
> > +/**
> > * its_class_name:
> > *
> > * Return the ITS class name to use depending on whether KVM
acceleration
> > --
> > 2.7.4
> >
> >
>
> I'll leave the decision to take this KVM bug workaround patch at all to
Peter,
> and I didn't actually review whether or not
kvm_arm_verify_ext_dabt_pending
> is doing what it claims it's doing, so I'm reluctant to give an r-b on
> this patch. But, as far as the code goes, besides the comments above, it
> looks fine to me.
>
Thanks for the feedback.
Will apply the changes for the next version.
BR
Beata
> Thanks,
> drew
>
[-- Attachment #2: Type: text/html, Size: 10522 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-04-07 11:31 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-04-07 11:31 UTC (permalink / raw)
To: Andrew Jones; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
[-- Attachment #1.1: Type: text/plain, Size: 7540 bytes --]
On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote:
>
> On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> > Injecting external data abort through KVM might trigger
> > an issue on kernels that do not get updated to include the KVM fix.
> > For those and aarch32 guests, the injected abort gets misconfigured
> > to be an implementation defined exception. This leads to the guest
> > repeatedly re-running the faulting instruction.
> >
> > Add support for handling that case.
> > [
> > Fixed-by: 018f22f95e8a
> > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> > Fixed-by: 21aecdbd7f3a
> > ('KVM: arm: Make inject_abt32() inject an external abort instead')
> > ]
> >
> > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > ---
> > target/arm/cpu.h | 1 +
> > target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-
> > target/arm/kvm32.c | 25 +++++++++++++++++++++++++
> > target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++
> > target/arm/kvm_arm.h | 10 ++++++++++
> > 5 files changed, 99 insertions(+), 1 deletion(-)
> >
> > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > index 4f834c1..868afc6 100644
> > --- a/target/arm/cpu.h
> > +++ b/target/arm/cpu.h
> > @@ -561,6 +561,7 @@ typedef struct CPUARMState {
> > } serror;
> >
> > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext
DABT */
> >
> > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
> > uint32_t irq_line_state;
> > diff --git a/target/arm/kvm.c b/target/arm/kvm.c
> > index c088589..58ad734 100644
> > --- a/target/arm/kvm.c
> > +++ b/target/arm/kvm.c
> > @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)
> > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
> > if (ret) {
> > error_report("failed to put vcpu events");
> > - } else {
> > + } else if (env->ext_dabt_pending) {
> > + /*
> > + * Mark that the external DABT has been injected,
> > + * if one has been requested
> > + */
> > + env->ext_dabt_raised = env->ext_dabt_pending;
> > /* Clear instantly if the call was successful */
> > env->ext_dabt_pending = 0;
> > }
> > @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
> >
> > void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
> > {
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > +
> > + if (unlikely(env->ext_dabt_raised)) {
> > + /*
> > + * Verifying that the ext DABT has been properly injected,
> > + * otherwise risking indefinitely re-running the faulting
instruction
> > + * Covering a very narrow case for kernels 5.5..5.5.4
> > + * when injected abort was misconfigured to be
> > + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
> > + */
> > + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
> > + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
> > +
> > + error_report("Data abort exception with no valid ISS
generated by "
> > + "guest memory access. KVM unable to emulate
faulting "
> > + "instruction. Failed to inject an external data
abort "
> > + "into the guest.");
> > + abort();
> > + }
> > + /* Clear the status */
> > + env->ext_dabt_raised = 0;
> > + }
> > }
> >
> > MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
> > diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
> > index f271181..86c4fe7 100644
> > --- a/target/arm/kvm32.c
> > +++ b/target/arm/kvm32.c
> > @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)
> > {
> > qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
> > }
> > +
> > +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
> > +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
> > +
> > +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)
> > +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08
>
> We should put () around the whole ?: expression when it's in a macro
>
> > +
> > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> > +{
> > + uint32_t dfsr_val;
> > +
> > + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > + uint32_t ttbcr;
> > + int lpae = 0;
> > +
> > + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
> > + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr &
TTBCR_EAE);
> > + }
> > + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));
>
> !(a != b) is a convoluted way to write a == b
>
> > + }
> > + return false;
> > +}
> > +
> > diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
> > index be5b31c..18594e9 100644
> > --- a/target/arm/kvm64.c
> > +++ b/target/arm/kvm64.c
> > @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct
kvm_debug_exit_arch *debug_exit)
> >
> > return false;
> > }
> > +
> > +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
> > +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
> > +
> > +#define ESR_DFSC(aarch64, v) \
> > + ((aarch64) ? ((v) & 0x3F) \
> > + : (((v) >> 6 | (v)) & 0x1F))
> > +
> > +#define ESR_DFSC_EXTABT(aarch64, lpae) \
> > + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
> > +
> > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
> > +{
> > + uint64_t dfsr_val;
> > +
> > + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
> > + ARMCPU *cpu = ARM_CPU(cs);
> > + CPUARMState *env = &cpu->env;
> > + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
> > + int lpae = 0;
> > +
> > + if (!aarch64_mode) {
> > + uint64_t ttbcr;
> > +
> > + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
> > + lpae = arm_feature(env, ARM_FEATURE_LPAE)
> > + && (ttbcr & TTBCR_EAE);
> > + }
> > + }
> > + return !(ESR_DFSC(aarch64_mode, dfsr_val) !=
> > + ESR_DFSC_EXTABT(aarch64_mode, lpae));
>
> a == b, please
>
> > + }
> > + return false;
> > +}
> > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
> > index 39472d5..f2dc6a2 100644
> > --- a/target/arm/kvm_arm.h
> > +++ b/target/arm/kvm_arm.h
> > @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct
kvm_guest_debug_arch *ptr);
> > int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
> > uint64_t fault_ipa);
> > /**
> > + * kvm_arm_verify_ext_dabt_pending:
> > + * @cs: CPUState
> > + *
> > + * Verify the fault status code wrt the Ext DABT injection
> > + *
> > + * Returns: true if the fault status code is as expected, false
otherwise
> > + */
> > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
> > +
> > +/**
> > * its_class_name:
> > *
> > * Return the ITS class name to use depending on whether KVM
acceleration
> > --
> > 2.7.4
> >
> >
>
> I'll leave the decision to take this KVM bug workaround patch at all to
Peter,
> and I didn't actually review whether or not
kvm_arm_verify_ext_dabt_pending
> is doing what it claims it's doing, so I'm reluctant to give an r-b on
> this patch. But, as far as the code goes, besides the comments above, it
> looks fine to me.
>
Thanks for the feedback.
Will apply the changes for the next version.
BR
Beata
> Thanks,
> drew
>
[-- Attachment #1.2: Type: text/html, Size: 10522 bytes --]
[-- Attachment #2: Type: text/plain, Size: 151 bytes --]
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
2020-04-07 11:24 ` Peter Maydell
@ 2020-04-07 11:32 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-04-07 11:32 UTC (permalink / raw)
To: Peter Maydell
Cc: Andrew Jones, Christoffer Dall, QEMU Developers, qemu-arm,
Paolo Bonzini, kvmarm
[-- Attachment #1: Type: text/plain, Size: 1442 bytes --]
On Tue, 7 Apr 2020 at 12:24, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote:
> >
> > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> > > Injecting external data abort through KVM might trigger
> > > an issue on kernels that do not get updated to include the KVM fix.
> > > For those and aarch32 guests, the injected abort gets misconfigured
> > > to be an implementation defined exception. This leads to the guest
> > > repeatedly re-running the faulting instruction.
> > >
> > > Add support for handling that case.
> > > [
> > > Fixed-by: 018f22f95e8a
> > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> > > Fixed-by: 21aecdbd7f3a
> > > ('KVM: arm: Make inject_abt32() inject an external abort
instead')
> > > ]
> > >
>
> > I'll leave the decision to take this KVM bug workaround patch at all to
Peter,
> > and I didn't actually review whether or not
kvm_arm_verify_ext_dabt_pending
> > is doing what it claims it's doing, so I'm reluctant to give an r-b on
> > this patch. But, as far as the code goes, besides the comments above, it
> > looks fine to me.
>
> I think that having the workaround for the broken kernels is
> reasonable (in fact it might have been my suggestion).
>
I will update the current version to cover the review feedback
and resend the patches soon.
Thanks a lot!
BR
Beata
> thanks
> -- PMM
[-- Attachment #2: Type: text/html, Size: 2042 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection
@ 2020-04-07 11:32 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-04-07 11:32 UTC (permalink / raw)
To: Peter Maydell; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
[-- Attachment #1.1: Type: text/plain, Size: 1442 bytes --]
On Tue, 7 Apr 2020 at 12:24, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote:
> >
> > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:
> > > Injecting external data abort through KVM might trigger
> > > an issue on kernels that do not get updated to include the KVM fix.
> > > For those and aarch32 guests, the injected abort gets misconfigured
> > > to be an implementation defined exception. This leads to the guest
> > > repeatedly re-running the faulting instruction.
> > >
> > > Add support for handling that case.
> > > [
> > > Fixed-by: 018f22f95e8a
> > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
> > > Fixed-by: 21aecdbd7f3a
> > > ('KVM: arm: Make inject_abt32() inject an external abort
instead')
> > > ]
> > >
>
> > I'll leave the decision to take this KVM bug workaround patch at all to
Peter,
> > and I didn't actually review whether or not
kvm_arm_verify_ext_dabt_pending
> > is doing what it claims it's doing, so I'm reluctant to give an r-b on
> > this patch. But, as far as the code goes, besides the comments above, it
> > looks fine to me.
>
> I think that having the workaround for the broken kernels is
> reasonable (in fact it might have been my suggestion).
>
I will update the current version to cover the review feedback
and resend the patches soon.
Thanks a lot!
BR
Beata
> thanks
> -- PMM
[-- Attachment #1.2: Type: text/html, Size: 2042 bytes --]
[-- Attachment #2: Type: text/plain, Size: 151 bytes --]
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-03-23 11:32 ` Beata Michalska
@ 2020-04-17 10:39 ` Peter Maydell
-1 siblings, 0 replies; 36+ messages in thread
From: Peter Maydell @ 2020-04-17 10:39 UTC (permalink / raw)
To: Beata Michalska
Cc: Andrew Jones, QEMU Developers, Christoffer Dall, qemu-arm,
Paolo Bonzini, kvmarm
On Mon, 23 Mar 2020 at 11:32, Beata Michalska
<beata.michalska@linaro.org> wrote:
>
> On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> exception with no valid ISS info to be decoded. The lack of decode info
> makes it at least tricky to emulate those instruction which is one of the
> (many) reasons why KVM will not even try to do so.
>
> Add support for handling those by requesting KVM to inject external
> dabt into the quest.
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 2 ++
> target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 11 +++++++++++
> 3 files changed, 67 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4ffd991..4f834c1 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> uint64_t esr;
> } serror;
>
> + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
I was trying to work out whether we need to migrate this state,
and I'm not sure. Andrew, do you know? I think this comes down
to "at what points in QEMU's kvm run loop can migration kick in",
and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
go round the loop and KVM_RUN again without ever checking
to see if we should do a migration ?
thanks
-- PMM
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-17 10:39 ` Peter Maydell
0 siblings, 0 replies; 36+ messages in thread
From: Peter Maydell @ 2020-04-17 10:39 UTC (permalink / raw)
To: Beata Michalska; +Cc: QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
On Mon, 23 Mar 2020 at 11:32, Beata Michalska
<beata.michalska@linaro.org> wrote:
>
> On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> exception with no valid ISS info to be decoded. The lack of decode info
> makes it at least tricky to emulate those instruction which is one of the
> (many) reasons why KVM will not even try to do so.
>
> Add support for handling those by requesting KVM to inject external
> dabt into the quest.
>
> Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> ---
> target/arm/cpu.h | 2 ++
> target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/kvm_arm.h | 11 +++++++++++
> 3 files changed, 67 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 4ffd991..4f834c1 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> uint64_t esr;
> } serror;
>
> + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
I was trying to work out whether we need to migrate this state,
and I'm not sure. Andrew, do you know? I think this comes down
to "at what points in QEMU's kvm run loop can migration kick in",
and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
go round the loop and KVM_RUN again without ever checking
to see if we should do a migration ?
thanks
-- PMM
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-04-17 10:39 ` Peter Maydell
@ 2020-04-17 13:10 ` Andrew Jones
-1 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-04-17 13:10 UTC (permalink / raw)
To: Peter Maydell
Cc: Beata Michalska, quintela, Christoffer Dall, QEMU Developers,
qemu-arm, Paolo Bonzini, kvmarm, dgilbert
On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> On Mon, 23 Mar 2020 at 11:32, Beata Michalska
> <beata.michalska@linaro.org> wrote:
> >
> > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > exception with no valid ISS info to be decoded. The lack of decode info
> > makes it at least tricky to emulate those instruction which is one of the
> > (many) reasons why KVM will not even try to do so.
> >
> > Add support for handling those by requesting KVM to inject external
> > dabt into the quest.
> >
> > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > ---
> > target/arm/cpu.h | 2 ++
> > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > target/arm/kvm_arm.h | 11 +++++++++++
> > 3 files changed, 67 insertions(+)
> >
> > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > index 4ffd991..4f834c1 100644
> > --- a/target/arm/cpu.h
> > +++ b/target/arm/cpu.h
> > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > uint64_t esr;
> > } serror;
> >
> > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
>
> I was trying to work out whether we need to migrate this state,
> and I'm not sure. Andrew, do you know? I think this comes down
> to "at what points in QEMU's kvm run loop can migration kick in",
> and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> go round the loop and KVM_RUN again without ever checking
> to see if we should do a migration ?
>
I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
but afaict there's no way to break out of the KVM_RUN loop after a
successful (ret=0) call to kvm_arch_handle_exit() until after the next
KVM_RUN ioctl. This is because even if migration kicks the vcpus between
kvm_arch_handle_exit() and the next run, the signal won't do anything
other than prepare the vcpu for an immediate exit.
Thanks,
drew
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-17 13:10 ` Andrew Jones
0 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-04-17 13:10 UTC (permalink / raw)
To: Peter Maydell
Cc: quintela, QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm, dgilbert
On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> On Mon, 23 Mar 2020 at 11:32, Beata Michalska
> <beata.michalska@linaro.org> wrote:
> >
> > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > exception with no valid ISS info to be decoded. The lack of decode info
> > makes it at least tricky to emulate those instruction which is one of the
> > (many) reasons why KVM will not even try to do so.
> >
> > Add support for handling those by requesting KVM to inject external
> > dabt into the quest.
> >
> > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > ---
> > target/arm/cpu.h | 2 ++
> > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > target/arm/kvm_arm.h | 11 +++++++++++
> > 3 files changed, 67 insertions(+)
> >
> > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > index 4ffd991..4f834c1 100644
> > --- a/target/arm/cpu.h
> > +++ b/target/arm/cpu.h
> > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > uint64_t esr;
> > } serror;
> >
> > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
>
> I was trying to work out whether we need to migrate this state,
> and I'm not sure. Andrew, do you know? I think this comes down
> to "at what points in QEMU's kvm run loop can migration kick in",
> and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> go round the loop and KVM_RUN again without ever checking
> to see if we should do a migration ?
>
I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
but afaict there's no way to break out of the KVM_RUN loop after a
successful (ret=0) call to kvm_arch_handle_exit() until after the next
KVM_RUN ioctl. This is because even if migration kicks the vcpus between
kvm_arch_handle_exit() and the next run, the signal won't do anything
other than prepare the vcpu for an immediate exit.
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-04-17 13:10 ` Andrew Jones
@ 2020-04-18 22:56 ` Beata Michalska
-1 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-04-18 22:56 UTC (permalink / raw)
To: Andrew Jones
Cc: Peter Maydell, Juan Quintela, QEMU Developers, Christoffer Dall,
qemu-arm, Paolo Bonzini, kvmarm, Dr. David Alan Gilbert
On Fri, 17 Apr 2020 at 14:10, Andrew Jones <drjones@redhat.com> wrote:
>
> On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> > On Mon, 23 Mar 2020 at 11:32, Beata Michalska
> > <beata.michalska@linaro.org> wrote:
> > >
> > > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > > exception with no valid ISS info to be decoded. The lack of decode info
> > > makes it at least tricky to emulate those instruction which is one of the
> > > (many) reasons why KVM will not even try to do so.
> > >
> > > Add support for handling those by requesting KVM to inject external
> > > dabt into the quest.
> > >
> > > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > > ---
> > > target/arm/cpu.h | 2 ++
> > > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > > target/arm/kvm_arm.h | 11 +++++++++++
> > > 3 files changed, 67 insertions(+)
> > >
> > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > > index 4ffd991..4f834c1 100644
> > > --- a/target/arm/cpu.h
> > > +++ b/target/arm/cpu.h
> > > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > > uint64_t esr;
> > > } serror;
> > >
> > > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> >
> > I was trying to work out whether we need to migrate this state,
> > and I'm not sure. Andrew, do you know? I think this comes down
> > to "at what points in QEMU's kvm run loop can migration kick in",
> > and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> > go round the loop and KVM_RUN again without ever checking
> > to see if we should do a migration ?
> >
>
> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> but afaict there's no way to break out of the KVM_RUN loop after a
> successful (ret=0) call to kvm_arch_handle_exit() until after the next
> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> kvm_arch_handle_exit() and the next run, the signal won't do anything
> other than prepare the vcpu for an immediate exit.
>
I am definitely not an expert on that one, but if I got things right,
by the time the 'exit_request' gets verified , the external abort
should already be set up , the pending status cleared (through
KVM_SET_VCPU_EVENTS)
and the reg content verified (kvm_arch_pre_run), as all of it is being
triggered
prior to checking the exit request. So this should not need a
dedicated migration state.
I will hold on with sending the new version though to get the confirmation
whether that is the case.
Thanks,
BR
Beata
>
> Thanks,
> drew
>
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-18 22:56 ` Beata Michalska
0 siblings, 0 replies; 36+ messages in thread
From: Beata Michalska @ 2020-04-18 22:56 UTC (permalink / raw)
To: Andrew Jones
Cc: Juan Quintela, QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm,
Dr. David Alan Gilbert
On Fri, 17 Apr 2020 at 14:10, Andrew Jones <drjones@redhat.com> wrote:
>
> On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> > On Mon, 23 Mar 2020 at 11:32, Beata Michalska
> > <beata.michalska@linaro.org> wrote:
> > >
> > > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > > exception with no valid ISS info to be decoded. The lack of decode info
> > > makes it at least tricky to emulate those instruction which is one of the
> > > (many) reasons why KVM will not even try to do so.
> > >
> > > Add support for handling those by requesting KVM to inject external
> > > dabt into the quest.
> > >
> > > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > > ---
> > > target/arm/cpu.h | 2 ++
> > > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > > target/arm/kvm_arm.h | 11 +++++++++++
> > > 3 files changed, 67 insertions(+)
> > >
> > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > > index 4ffd991..4f834c1 100644
> > > --- a/target/arm/cpu.h
> > > +++ b/target/arm/cpu.h
> > > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > > uint64_t esr;
> > > } serror;
> > >
> > > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> >
> > I was trying to work out whether we need to migrate this state,
> > and I'm not sure. Andrew, do you know? I think this comes down
> > to "at what points in QEMU's kvm run loop can migration kick in",
> > and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> > go round the loop and KVM_RUN again without ever checking
> > to see if we should do a migration ?
> >
>
> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> but afaict there's no way to break out of the KVM_RUN loop after a
> successful (ret=0) call to kvm_arch_handle_exit() until after the next
> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> kvm_arch_handle_exit() and the next run, the signal won't do anything
> other than prepare the vcpu for an immediate exit.
>
I am definitely not an expert on that one, but if I got things right,
by the time the 'exit_request' gets verified , the external abort
should already be set up , the pending status cleared (through
KVM_SET_VCPU_EVENTS)
and the reg content verified (kvm_arch_pre_run), as all of it is being
triggered
prior to checking the exit request. So this should not need a
dedicated migration state.
I will hold on with sending the new version though to get the confirmation
whether that is the case.
Thanks,
BR
Beata
>
> Thanks,
> drew
>
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-04-17 13:10 ` Andrew Jones
@ 2020-04-24 12:16 ` Dr. David Alan Gilbert
-1 siblings, 0 replies; 36+ messages in thread
From: Dr. David Alan Gilbert @ 2020-04-24 12:16 UTC (permalink / raw)
To: Andrew Jones
Cc: Peter Maydell, Beata Michalska, quintela, Christoffer Dall,
QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
* Andrew Jones (drjones@redhat.com) wrote:
> On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> > On Mon, 23 Mar 2020 at 11:32, Beata Michalska
> > <beata.michalska@linaro.org> wrote:
> > >
> > > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > > exception with no valid ISS info to be decoded. The lack of decode info
> > > makes it at least tricky to emulate those instruction which is one of the
> > > (many) reasons why KVM will not even try to do so.
> > >
> > > Add support for handling those by requesting KVM to inject external
> > > dabt into the quest.
> > >
> > > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > > ---
> > > target/arm/cpu.h | 2 ++
> > > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > > target/arm/kvm_arm.h | 11 +++++++++++
> > > 3 files changed, 67 insertions(+)
> > >
> > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > > index 4ffd991..4f834c1 100644
> > > --- a/target/arm/cpu.h
> > > +++ b/target/arm/cpu.h
> > > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > > uint64_t esr;
> > > } serror;
> > >
> > > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> >
> > I was trying to work out whether we need to migrate this state,
> > and I'm not sure. Andrew, do you know? I think this comes down
> > to "at what points in QEMU's kvm run loop can migration kick in",
> > and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> > go round the loop and KVM_RUN again without ever checking
> > to see if we should do a migration ?
> >
>
> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> but afaict there's no way to break out of the KVM_RUN loop after a
> successful (ret=0) call to kvm_arch_handle_exit() until after the next
> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> kvm_arch_handle_exit() and the next run, the signal won't do anything
> other than prepare the vcpu for an immediate exit.
This is a level I've not looked at I'm afraid.
However, the point at which we're saving the vCPU state is when the
vCPUs are stopped; so as long as your state that you save is everything
you need to restart and you migrate that then you should be OK; but in
the end fromt he migration point of view we just stop the VM and ask for
each devices state.
Dave
> Thanks,
> drew
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-24 12:16 ` Dr. David Alan Gilbert
0 siblings, 0 replies; 36+ messages in thread
From: Dr. David Alan Gilbert @ 2020-04-24 12:16 UTC (permalink / raw)
To: Andrew Jones; +Cc: quintela, QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
* Andrew Jones (drjones@redhat.com) wrote:
> On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> > On Mon, 23 Mar 2020 at 11:32, Beata Michalska
> > <beata.michalska@linaro.org> wrote:
> > >
> > > On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
> > > exception with no valid ISS info to be decoded. The lack of decode info
> > > makes it at least tricky to emulate those instruction which is one of the
> > > (many) reasons why KVM will not even try to do so.
> > >
> > > Add support for handling those by requesting KVM to inject external
> > > dabt into the quest.
> > >
> > > Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
> > > ---
> > > target/arm/cpu.h | 2 ++
> > > target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> > > target/arm/kvm_arm.h | 11 +++++++++++
> > > 3 files changed, 67 insertions(+)
> > >
> > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> > > index 4ffd991..4f834c1 100644
> > > --- a/target/arm/cpu.h
> > > +++ b/target/arm/cpu.h
> > > @@ -560,6 +560,8 @@ typedef struct CPUARMState {
> > > uint64_t esr;
> > > } serror;
> > >
> > > + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */
> >
> > I was trying to work out whether we need to migrate this state,
> > and I'm not sure. Andrew, do you know? I think this comes down
> > to "at what points in QEMU's kvm run loop can migration kick in",
> > and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> > go round the loop and KVM_RUN again without ever checking
> > to see if we should do a migration ?
> >
>
> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> but afaict there's no way to break out of the KVM_RUN loop after a
> successful (ret=0) call to kvm_arch_handle_exit() until after the next
> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> kvm_arch_handle_exit() and the next run, the signal won't do anything
> other than prepare the vcpu for an immediate exit.
This is a level I've not looked at I'm afraid.
However, the point at which we're saving the vCPU state is when the
vCPUs are stopped; so as long as your state that you save is everything
you need to restart and you migrate that then you should be OK; but in
the end fromt he migration point of view we just stop the VM and ask for
each devices state.
Dave
> Thanks,
> drew
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-04-24 12:16 ` Dr. David Alan Gilbert
@ 2020-04-24 12:51 ` Peter Maydell
-1 siblings, 0 replies; 36+ messages in thread
From: Peter Maydell @ 2020-04-24 12:51 UTC (permalink / raw)
To: Dr. David Alan Gilbert
Cc: Andrew Jones, Beata Michalska, Juan Quintela, QEMU Developers,
Christoffer Dall, qemu-arm, Paolo Bonzini, kvmarm
On Fri, 24 Apr 2020 at 13:17, Dr. David Alan Gilbert
<dgilbert@redhat.com> wrote:
>
> * Andrew Jones (drjones@redhat.com) wrote:
> > On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> > > I was trying to work out whether we need to migrate this state,
> > > and I'm not sure. Andrew, do you know? I think this comes down
> > > to "at what points in QEMU's kvm run loop can migration kick in",
> > > and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> > > go round the loop and KVM_RUN again without ever checking
> > > to see if we should do a migration ?
> > >
> >
> > I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> > but afaict there's no way to break out of the KVM_RUN loop after a
> > successful (ret=0) call to kvm_arch_handle_exit() until after the next
> > KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> > kvm_arch_handle_exit() and the next run, the signal won't do anything
> > other than prepare the vcpu for an immediate exit.
>
> This is a level I've not looked at I'm afraid.
> However, the point at which we're saving the vCPU state is when the
> vCPUs are stopped; so as long as your state that you save is everything
> you need to restart and you migrate that then you should be OK; but in
> the end fromt he migration point of view we just stop the VM and ask for
> each devices state.
Yeah, but I think the question is "at what point in the main loop
do we check 'is the VM stopping'". It sounds from what Andrew
says that the answer is that it can't happen at this point in
time, though.
thanks
-- PMM
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-24 12:51 ` Peter Maydell
0 siblings, 0 replies; 36+ messages in thread
From: Peter Maydell @ 2020-04-24 12:51 UTC (permalink / raw)
To: Dr. David Alan Gilbert
Cc: Juan Quintela, QEMU Developers, qemu-arm, Paolo Bonzini, kvmarm
On Fri, 24 Apr 2020 at 13:17, Dr. David Alan Gilbert
<dgilbert@redhat.com> wrote:
>
> * Andrew Jones (drjones@redhat.com) wrote:
> > On Fri, Apr 17, 2020 at 11:39:25AM +0100, Peter Maydell wrote:
> > > I was trying to work out whether we need to migrate this state,
> > > and I'm not sure. Andrew, do you know? I think this comes down
> > > to "at what points in QEMU's kvm run loop can migration kick in",
> > > and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> > > go round the loop and KVM_RUN again without ever checking
> > > to see if we should do a migration ?
> > >
> >
> > I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> > but afaict there's no way to break out of the KVM_RUN loop after a
> > successful (ret=0) call to kvm_arch_handle_exit() until after the next
> > KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> > kvm_arch_handle_exit() and the next run, the signal won't do anything
> > other than prepare the vcpu for an immediate exit.
>
> This is a level I've not looked at I'm afraid.
> However, the point at which we're saving the vCPU state is when the
> vCPUs are stopped; so as long as your state that you save is everything
> you need to restart and you migrate that then you should be OK; but in
> the end fromt he migration point of view we just stop the VM and ask for
> each devices state.
Yeah, but I think the question is "at what point in the main loop
do we check 'is the VM stopping'". It sounds from what Andrew
says that the answer is that it can't happen at this point in
time, though.
thanks
-- PMM
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-04-24 12:16 ` Dr. David Alan Gilbert
@ 2020-04-25 9:24 ` Paolo Bonzini
-1 siblings, 0 replies; 36+ messages in thread
From: Paolo Bonzini @ 2020-04-25 9:24 UTC (permalink / raw)
To: Dr. David Alan Gilbert, Andrew Jones
Cc: Peter Maydell, Beata Michalska, quintela, Christoffer Dall,
QEMU Developers, qemu-arm, kvmarm
On 24/04/20 14:16, Dr. David Alan Gilbert wrote:
>>> I was trying to work out whether we need to migrate this state,
>>> and I'm not sure. Andrew, do you know? I think this comes down
>>> to "at what points in QEMU's kvm run loop can migration kick in",
>>> and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
>>> go round the loop and KVM_RUN again without ever checking
>>> to see if we should do a migration ?
>>>
>> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
>> but afaict there's no way to break out of the KVM_RUN loop after a
>> successful (ret=0) call to kvm_arch_handle_exit() until after the next
>> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
>> kvm_arch_handle_exit() and the next run, the signal won't do anything
>> other than prepare the vcpu for an immediate exit.
As far as QEMU is concerned, this should be enough for Beata's patch to
be safe. If the signal causes KVM to exit before KVM_EXIT_ARM_NISV,
it's of course okay. If you get a KVM_EXIT_ARM_NISV, however, KVM_RUN
will exit with return code 0 and kvm_cpu_exec will:
- set env->ext_dabt_pending
- go round the loop again
- notice cpu->exit_request and schedule an immediate exit
- call kvm_arch_put_registers
- call KVM_RUN again, which will exit with -EINTR
- exit the loop and allow migration to proceed
However, I'm not sure that it's a good idea to
+ /* Clear instantly if the call was successful */
+ env->ext_dabt_pending = 0;
Rather, this should be done by the next kvm_arch_get_registers when it
calls KVM_GET_VCPU_EVENTS. It's also possible to add an assertion in
kvm_get_vcpu_events that it you always get zero, to justify that the
field is not migrated.
Thanks,
Paolo
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-25 9:24 ` Paolo Bonzini
0 siblings, 0 replies; 36+ messages in thread
From: Paolo Bonzini @ 2020-04-25 9:24 UTC (permalink / raw)
To: Dr. David Alan Gilbert, Andrew Jones
Cc: quintela, QEMU Developers, qemu-arm, kvmarm
On 24/04/20 14:16, Dr. David Alan Gilbert wrote:
>>> I was trying to work out whether we need to migrate this state,
>>> and I'm not sure. Andrew, do you know? I think this comes down
>>> to "at what points in QEMU's kvm run loop can migration kick in",
>>> and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
>>> go round the loop and KVM_RUN again without ever checking
>>> to see if we should do a migration ?
>>>
>> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
>> but afaict there's no way to break out of the KVM_RUN loop after a
>> successful (ret=0) call to kvm_arch_handle_exit() until after the next
>> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
>> kvm_arch_handle_exit() and the next run, the signal won't do anything
>> other than prepare the vcpu for an immediate exit.
As far as QEMU is concerned, this should be enough for Beata's patch to
be safe. If the signal causes KVM to exit before KVM_EXIT_ARM_NISV,
it's of course okay. If you get a KVM_EXIT_ARM_NISV, however, KVM_RUN
will exit with return code 0 and kvm_cpu_exec will:
- set env->ext_dabt_pending
- go round the loop again
- notice cpu->exit_request and schedule an immediate exit
- call kvm_arch_put_registers
- call KVM_RUN again, which will exit with -EINTR
- exit the loop and allow migration to proceed
However, I'm not sure that it's a good idea to
+ /* Clear instantly if the call was successful */
+ env->ext_dabt_pending = 0;
Rather, this should be done by the next kvm_arch_get_registers when it
calls KVM_GET_VCPU_EVENTS. It's also possible to add an assertion in
kvm_get_vcpu_events that it you always get zero, to justify that the
field is not migrated.
Thanks,
Paolo
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
2020-04-25 9:24 ` Paolo Bonzini
@ 2020-04-27 6:18 ` Andrew Jones
-1 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-04-27 6:18 UTC (permalink / raw)
To: Paolo Bonzini
Cc: Peter Maydell, Beata Michalska, quintela, Christoffer Dall,
QEMU Developers, qemu-arm, kvmarm, Dr. David Alan Gilbert
On Sat, Apr 25, 2020 at 11:24:14AM +0200, Paolo Bonzini wrote:
> On 24/04/20 14:16, Dr. David Alan Gilbert wrote:
> >>> I was trying to work out whether we need to migrate this state,
> >>> and I'm not sure. Andrew, do you know? I think this comes down
> >>> to "at what points in QEMU's kvm run loop can migration kick in",
> >>> and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> >>> go round the loop and KVM_RUN again without ever checking
> >>> to see if we should do a migration ?
> >>>
> >> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> >> but afaict there's no way to break out of the KVM_RUN loop after a
> >> successful (ret=0) call to kvm_arch_handle_exit() until after the next
> >> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> >> kvm_arch_handle_exit() and the next run, the signal won't do anything
> >> other than prepare the vcpu for an immediate exit.
>
> As far as QEMU is concerned, this should be enough for Beata's patch to
> be safe. If the signal causes KVM to exit before KVM_EXIT_ARM_NISV,
> it's of course okay. If you get a KVM_EXIT_ARM_NISV, however, KVM_RUN
> will exit with return code 0 and kvm_cpu_exec will:
>
> - set env->ext_dabt_pending
>
> - go round the loop again
>
> - notice cpu->exit_request and schedule an immediate exit
>
> - call kvm_arch_put_registers
>
> - call KVM_RUN again, which will exit with -EINTR
>
> - exit the loop and allow migration to proceed
This was my understanding as well. Thanks for the confirmation.
>
> However, I'm not sure that it's a good idea to
>
> + /* Clear instantly if the call was successful */
> + env->ext_dabt_pending = 0;
>
> Rather, this should be done by the next kvm_arch_get_registers when it
> calls KVM_GET_VCPU_EVENTS. It's also possible to add an assertion in
> kvm_get_vcpu_events that it you always get zero, to justify that the
> field is not migrated.
I like the idea of a balanced API; keeping the 'set' abort pending
until the next 'get', but this event doesn't work that way.
Documentation/virt/kvm/api.rst states:
It is not possible to read back a pending external abort (injected via
KVM_SET_VCPU_EVENTS or otherwise) because such an exception is always
delivered directly to the virtual CPU).
I think clearing the userspace copy instantly after a successful
KVM_SET_VCPU_EVENTS implements that correctly.
Thanks,
drew
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS
@ 2020-04-27 6:18 ` Andrew Jones
0 siblings, 0 replies; 36+ messages in thread
From: Andrew Jones @ 2020-04-27 6:18 UTC (permalink / raw)
To: Paolo Bonzini
Cc: quintela, QEMU Developers, qemu-arm, kvmarm, Dr. David Alan Gilbert
On Sat, Apr 25, 2020 at 11:24:14AM +0200, Paolo Bonzini wrote:
> On 24/04/20 14:16, Dr. David Alan Gilbert wrote:
> >>> I was trying to work out whether we need to migrate this state,
> >>> and I'm not sure. Andrew, do you know? I think this comes down
> >>> to "at what points in QEMU's kvm run loop can migration kick in",
> >>> and specifically if we get a KVM_EXIT_ARM_NISV do we definitely
> >>> go round the loop and KVM_RUN again without ever checking
> >>> to see if we should do a migration ?
> >>>
> >> I'd prefer a migration expert confirm this, so I've CC'ed David and Juan,
> >> but afaict there's no way to break out of the KVM_RUN loop after a
> >> successful (ret=0) call to kvm_arch_handle_exit() until after the next
> >> KVM_RUN ioctl. This is because even if migration kicks the vcpus between
> >> kvm_arch_handle_exit() and the next run, the signal won't do anything
> >> other than prepare the vcpu for an immediate exit.
>
> As far as QEMU is concerned, this should be enough for Beata's patch to
> be safe. If the signal causes KVM to exit before KVM_EXIT_ARM_NISV,
> it's of course okay. If you get a KVM_EXIT_ARM_NISV, however, KVM_RUN
> will exit with return code 0 and kvm_cpu_exec will:
>
> - set env->ext_dabt_pending
>
> - go round the loop again
>
> - notice cpu->exit_request and schedule an immediate exit
>
> - call kvm_arch_put_registers
>
> - call KVM_RUN again, which will exit with -EINTR
>
> - exit the loop and allow migration to proceed
This was my understanding as well. Thanks for the confirmation.
>
> However, I'm not sure that it's a good idea to
>
> + /* Clear instantly if the call was successful */
> + env->ext_dabt_pending = 0;
>
> Rather, this should be done by the next kvm_arch_get_registers when it
> calls KVM_GET_VCPU_EVENTS. It's also possible to add an assertion in
> kvm_get_vcpu_events that it you always get zero, to justify that the
> field is not migrated.
I like the idea of a balanced API; keeping the 'set' abort pending
until the next 'get', but this event doesn't work that way.
Documentation/virt/kvm/api.rst states:
It is not possible to read back a pending external abort (injected via
KVM_SET_VCPU_EVENTS or otherwise) because such an exception is always
delivered directly to the virtual CPU).
I think clearing the userspace copy instantly after a successful
KVM_SET_VCPU_EVENTS implements that correctly.
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
^ permalink raw reply [flat|nested] 36+ messages in thread
end of thread, other threads:[~2020-04-27 6:19 UTC | newest]
Thread overview: 36+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-23 11:32 [PATCH v4 0/2] target/arm: kvm: Support for KVM DABT with no valid ISS Beata Michalska
2020-03-23 11:32 ` Beata Michalska
2020-03-23 11:32 ` [PATCH v4 1/2] target/arm: kvm: Handle " Beata Michalska
2020-03-23 11:32 ` Beata Michalska
2020-03-23 12:44 ` Andrew Jones
2020-03-23 12:44 ` Andrew Jones
2020-03-25 15:15 ` Beata Michalska
2020-03-25 15:15 ` Beata Michalska
2020-04-17 10:39 ` Peter Maydell
2020-04-17 10:39 ` Peter Maydell
2020-04-17 13:10 ` Andrew Jones
2020-04-17 13:10 ` Andrew Jones
2020-04-18 22:56 ` Beata Michalska
2020-04-18 22:56 ` Beata Michalska
2020-04-24 12:16 ` Dr. David Alan Gilbert
2020-04-24 12:16 ` Dr. David Alan Gilbert
2020-04-24 12:51 ` Peter Maydell
2020-04-24 12:51 ` Peter Maydell
2020-04-25 9:24 ` Paolo Bonzini
2020-04-25 9:24 ` Paolo Bonzini
2020-04-27 6:18 ` Andrew Jones
2020-04-27 6:18 ` Andrew Jones
2020-03-23 11:32 ` [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection Beata Michalska
2020-03-23 11:32 ` Beata Michalska
2020-03-23 18:44 ` Richard Henderson
2020-03-23 18:44 ` Richard Henderson
2020-03-25 15:16 ` Beata Michalska
2020-03-25 15:16 ` Beata Michalska
2020-04-03 8:44 ` Andrew Jones
2020-04-03 8:44 ` Andrew Jones
2020-04-07 11:24 ` Peter Maydell
2020-04-07 11:24 ` Peter Maydell
2020-04-07 11:32 ` Beata Michalska
2020-04-07 11:32 ` Beata Michalska
2020-04-07 11:31 ` Beata Michalska
2020-04-07 11:31 ` Beata Michalska
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.