From: Andrew Jones <drjones@redhat.com>
To: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: kvm@vger.kernel.org, maz@kernel.org, andre.przywara@arm.com,
pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu
Subject: Re: [kvm-unit-tests RFC PATCH 02/16] arm/arm64: psci: Don't run C code without stack or vectors
Date: Wed, 28 Aug 2019 16:45:22 +0200 [thread overview]
Message-ID: <20190828144522.qkmckjcmrdayfq7r@kamzik.brq.redhat.com> (raw)
In-Reply-To: <1566999511-24916-3-git-send-email-alexandru.elisei@arm.com>
On Wed, Aug 28, 2019 at 02:38:17PM +0100, Alexandru Elisei wrote:
> The psci test performs a series of CPU_ON/CPU_OFF cycles for CPU 1. This is
> done by setting the entry point for the CPU_ON call to the physical address
> of the C function cpu_psci_cpu_die.
>
> The compiler is well within its rights to use the stack when generating
> code for cpu_psci_cpu_die. However, because no stack initialization has
> been done, the stack pointer is zero, as set by KVM when creating the VCPU.
> This causes a data abort without a change in exception level. The VBAR_EL1
> register is also zero (the KVM reset value for VBAR_EL1), the MMU is off,
> and we end up trying to fetch instructions from address 0x200.
>
> At this point, a stage 2 instruction abort is generated which is taken to
> KVM. KVM interprets this as an instruction fetch from an I/O region, and
> injects a prefetch abort into the guest. Prefetch abort is a synchronous
> exception, and on guest return the VCPU PC will be set to VBAR_EL1 + 0x200,
> which is... 0x200. The VCPU ends up in an infinite loop causing a prefetch
> abort while fetching the instruction to service the said abort.
>
> cpu_psci_cpu_die is basically a wrapper over the HVC instruction, so
> provide an assembly implementation for the function which will serve as the
> entry point for CPU_ON.
>
> Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
> ---
> arm/cstart.S | 7 +++++++
> arm/cstart64.S | 7 +++++++
> arm/psci.c | 5 +++--
> 3 files changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/arm/cstart.S b/arm/cstart.S
> index 114726feab82..5d4fe4b1570b 100644
> --- a/arm/cstart.S
> +++ b/arm/cstart.S
> @@ -7,6 +7,7 @@
> */
> #define __ASSEMBLY__
> #include <auxinfo.h>
> +#include <linux/psci.h>
> #include <asm/thread_info.h>
> #include <asm/asm-offsets.h>
> #include <asm/ptrace.h>
> @@ -138,6 +139,12 @@ secondary_entry:
> blx r0
> b do_idle
>
> +.global asm_cpu_psci_cpu_die
> +asm_cpu_psci_cpu_die:
> + ldr r0, =PSCI_0_2_FN_CPU_OFF
> + hvc #0
> + b halt
Shouldn't we load PSCI_POWER_STATE_TYPE_POWER_DOWN into r1 and
zero out r2 and r3, as cpu_psci_cpu_die() does? And maybe we
should just do a 'b .' here instead of 'b halt' in order to
avoid confusion as to how we ended up in halt(), if the psci
invocation were to ever fail.
> +
> .globl halt
> halt:
> 1: wfi
> diff --git a/arm/cstart64.S b/arm/cstart64.S
> index b0e8baa1a23a..20f832fd57f7 100644
> --- a/arm/cstart64.S
> +++ b/arm/cstart64.S
> @@ -7,6 +7,7 @@
> */
> #define __ASSEMBLY__
> #include <auxinfo.h>
> +#include <linux/psci.h>
> #include <asm/asm-offsets.h>
> #include <asm/ptrace.h>
> #include <asm/processor.h>
> @@ -128,6 +129,12 @@ secondary_entry:
> blr x0
> b do_idle
>
> +.globl asm_cpu_psci_cpu_die
> +asm_cpu_psci_cpu_die:
> + ldr x0, =PSCI_0_2_FN_CPU_OFF
> + hvc #0
> + b halt
Same as above
> +
> .globl halt
> halt:
> 1: wfi
> diff --git a/arm/psci.c b/arm/psci.c
> index 5cb4d5c7c233..0440c4cdbc59 100644
> --- a/arm/psci.c
> +++ b/arm/psci.c
> @@ -72,6 +72,7 @@ static int cpu_on_ret[NR_CPUS];
> static cpumask_t cpu_on_ready, cpu_on_done;
> static volatile int cpu_on_start;
>
> +extern void asm_cpu_psci_cpu_die(void);
> static void cpu_on_secondary_entry(void)
> {
> int cpu = smp_processor_id();
> @@ -79,7 +80,7 @@ static void cpu_on_secondary_entry(void)
> cpumask_set_cpu(cpu, &cpu_on_ready);
> while (!cpu_on_start)
> cpu_relax();
> - cpu_on_ret[cpu] = psci_cpu_on(cpus[1], __pa(cpu_psci_cpu_die));
> + cpu_on_ret[cpu] = psci_cpu_on(cpus[1], __pa(asm_cpu_psci_cpu_die));
> cpumask_set_cpu(cpu, &cpu_on_done);
> }
>
> @@ -104,7 +105,7 @@ static bool psci_cpu_on_test(void)
> cpu_on_start = 1;
> smp_mb();
>
> - cpu_on_ret[0] = psci_cpu_on(cpus[1], __pa(cpu_psci_cpu_die));
> + cpu_on_ret[0] = psci_cpu_on(cpus[1], __pa(asm_cpu_psci_cpu_die));
> cpumask_set_cpu(0, &cpu_on_done);
>
> while (!cpumask_full(&cpu_on_done))
> --
> 2.7.4
>
Thanks,
drew
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2019-08-28 14:45 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-28 13:38 [kvm-unit-tests RFC PATCH 00/16] arm64: Run at EL2 Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 01/16] arm: selftest.c: Remove redundant check for Exception Level Alexandru Elisei
2019-08-28 14:32 ` Andrew Jones
2019-08-28 15:39 ` Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 02/16] arm/arm64: psci: Don't run C code without stack or vectors Alexandru Elisei
2019-08-28 14:45 ` Andrew Jones [this message]
2019-08-28 15:14 ` Alexandru Elisei
2019-09-02 14:55 ` Alexandru Elisei
2019-09-03 6:37 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 03/16] lib: arm/arm64: Add missing include for alloc_page.h in pgtable.h Alexandru Elisei
2019-08-28 14:47 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 04/16] arm/arm64: selftest: Add prefetch abort test Alexandru Elisei
2019-08-28 14:09 ` Mark Rutland
2019-08-29 8:18 ` Alexandru Elisei
2019-08-29 10:19 ` Mark Rutland
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 05/16] arm64: timer: Write to ICENABLER to disable timer IRQ Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 06/16] arm64: timer: EOIR the interrupt after masking the timer Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 07/16] arm64: timer: Test behavior when timer disabled or masked Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 08/16] lib: arm/arm64: Refuse to disable the MMU with non-identity stack pointer Alexandru Elisei
2019-08-28 14:55 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 09/16] lib: arm/arm64: Invalidate TLB before enabling MMU Alexandru Elisei
2019-08-28 14:59 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 10/16] lib: Add UL and ULL definitions to linux/const.h Alexandru Elisei
2019-08-28 15:10 ` Andrew Jones
2019-08-28 15:46 ` Alexandru Elisei
2019-08-28 16:19 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 11/16] lib: arm64: Run existing tests at EL2 Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 12/16] arm64: timer: Add test for EL2 timers Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 13/16] arm64: selftest: Add basic test for EL2 Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 14/16] lib: arm64: Add support for disabling and re-enabling VHE Alexandru Elisei
2019-08-28 14:19 ` Mark Rutland
2019-08-29 8:36 ` Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 15/16] arm64: selftest: Expand EL2 test to disable and re-enable VHE Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 16/16] arm64: timer: Run tests with VHE disabled Alexandru Elisei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190828144522.qkmckjcmrdayfq7r@kamzik.brq.redhat.com \
--to=drjones@redhat.com \
--cc=alexandru.elisei@arm.com \
--cc=andre.przywara@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=maz@kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).