From: Anup Patel <anup.patel@wdc.com>
To: Palmer Dabbelt <palmer@dabbelt.com>,
Palmer Dabbelt <palmerdabbelt@google.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Atish Patra <atish.patra@wdc.com>,
Anup Patel <anup@brainfault.org>,
kvm@vger.kernel.org, kvm-riscv@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
Anup Patel <anup.patel@wdc.com>,
Ian Huang <ihuang@ventanamicro.com>
Subject: [PATCH 3/3] RISC-V: KVM: Fix GPA passed to __kvm_riscv_hfence_gvma_xyz() functions
Date: Tue, 26 Oct 2021 22:31:36 +0530 [thread overview]
Message-ID: <20211026170136.2147619-4-anup.patel@wdc.com> (raw)
In-Reply-To: <20211026170136.2147619-1-anup.patel@wdc.com>
The parameter passed to HFENCE.GVMA instruction in rs1 register
is guest physical address right shifted by 2 (i.e. divided by 4).
Unfortunately, we overlooked the semantics of rs1 registers for
HFENCE.GVMA instruction and never right shifted guest physical
address by 2. This issue did not manifest for hypervisors till
now because:
1) Currently, only __kvm_riscv_hfence_gvma_all() and SBI
HFENCE calls are used to invalidate TLB.
2) All H-extension implementations (such as QEMU, Spike,
Rocket Core FPGA, etc) that we tried till now were
conservatively flushing everything upon any HFENCE.GVMA
instruction.
This patch fixes GPA passed to __kvm_riscv_hfence_gvma_vmid_gpa()
and __kvm_riscv_hfence_gvma_gpa() functions.
Fixes: fd7bb4a251df ("RISC-V: KVM: Implement VMID allocator")
Reported-by: Ian Huang <ihuang@ventanamicro.com>
Signed-off-by: Anup Patel <anup.patel@wdc.com>
---
arch/riscv/include/asm/kvm_host.h | 5 +++--
arch/riscv/kvm/tlb.S | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
index d27878d6adf9..25ba21f98504 100644
--- a/arch/riscv/include/asm/kvm_host.h
+++ b/arch/riscv/include/asm/kvm_host.h
@@ -214,9 +214,10 @@ static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {}
#define KVM_ARCH_WANT_MMU_NOTIFIER
-void __kvm_riscv_hfence_gvma_vmid_gpa(unsigned long gpa, unsigned long vmid);
+void __kvm_riscv_hfence_gvma_vmid_gpa(unsigned long gpa_divby_4,
+ unsigned long vmid);
void __kvm_riscv_hfence_gvma_vmid(unsigned long vmid);
-void __kvm_riscv_hfence_gvma_gpa(unsigned long gpa);
+void __kvm_riscv_hfence_gvma_gpa(unsigned long gpa_divby_4);
void __kvm_riscv_hfence_gvma_all(void);
int kvm_riscv_stage2_map(struct kvm_vcpu *vcpu,
diff --git a/arch/riscv/kvm/tlb.S b/arch/riscv/kvm/tlb.S
index c858570f0856..899f75d60bad 100644
--- a/arch/riscv/kvm/tlb.S
+++ b/arch/riscv/kvm/tlb.S
@@ -31,7 +31,7 @@
ENTRY(__kvm_riscv_hfence_gvma_vmid_gpa)
/*
- * rs1 = a0 (GPA)
+ * rs1 = a0 (GPA >> 2)
* rs2 = a1 (VMID)
* HFENCE.GVMA a0, a1
* 0110001 01011 01010 000 00000 1110011
@@ -53,7 +53,7 @@ ENDPROC(__kvm_riscv_hfence_gvma_vmid)
ENTRY(__kvm_riscv_hfence_gvma_gpa)
/*
- * rs1 = a0 (GPA)
+ * rs1 = a0 (GPA >> 2)
* rs2 = zero
* HFENCE.GVMA a0
* 0110001 00000 01010 000 00000 1110011
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Anup Patel <anup.patel@wdc.com>
To: Palmer Dabbelt <palmer@dabbelt.com>,
Palmer Dabbelt <palmerdabbelt@google.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Atish Patra <atish.patra@wdc.com>,
Anup Patel <anup@brainfault.org>,
kvm@vger.kernel.org, kvm-riscv@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
Anup Patel <anup.patel@wdc.com>,
Ian Huang <ihuang@ventanamicro.com>
Subject: [PATCH 3/3] RISC-V: KVM: Fix GPA passed to __kvm_riscv_hfence_gvma_xyz() functions
Date: Tue, 26 Oct 2021 22:31:36 +0530 [thread overview]
Message-ID: <20211026170136.2147619-4-anup.patel@wdc.com> (raw)
In-Reply-To: <20211026170136.2147619-1-anup.patel@wdc.com>
The parameter passed to HFENCE.GVMA instruction in rs1 register
is guest physical address right shifted by 2 (i.e. divided by 4).
Unfortunately, we overlooked the semantics of rs1 registers for
HFENCE.GVMA instruction and never right shifted guest physical
address by 2. This issue did not manifest for hypervisors till
now because:
1) Currently, only __kvm_riscv_hfence_gvma_all() and SBI
HFENCE calls are used to invalidate TLB.
2) All H-extension implementations (such as QEMU, Spike,
Rocket Core FPGA, etc) that we tried till now were
conservatively flushing everything upon any HFENCE.GVMA
instruction.
This patch fixes GPA passed to __kvm_riscv_hfence_gvma_vmid_gpa()
and __kvm_riscv_hfence_gvma_gpa() functions.
Fixes: fd7bb4a251df ("RISC-V: KVM: Implement VMID allocator")
Reported-by: Ian Huang <ihuang@ventanamicro.com>
Signed-off-by: Anup Patel <anup.patel@wdc.com>
---
arch/riscv/include/asm/kvm_host.h | 5 +++--
arch/riscv/kvm/tlb.S | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h
index d27878d6adf9..25ba21f98504 100644
--- a/arch/riscv/include/asm/kvm_host.h
+++ b/arch/riscv/include/asm/kvm_host.h
@@ -214,9 +214,10 @@ static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {}
#define KVM_ARCH_WANT_MMU_NOTIFIER
-void __kvm_riscv_hfence_gvma_vmid_gpa(unsigned long gpa, unsigned long vmid);
+void __kvm_riscv_hfence_gvma_vmid_gpa(unsigned long gpa_divby_4,
+ unsigned long vmid);
void __kvm_riscv_hfence_gvma_vmid(unsigned long vmid);
-void __kvm_riscv_hfence_gvma_gpa(unsigned long gpa);
+void __kvm_riscv_hfence_gvma_gpa(unsigned long gpa_divby_4);
void __kvm_riscv_hfence_gvma_all(void);
int kvm_riscv_stage2_map(struct kvm_vcpu *vcpu,
diff --git a/arch/riscv/kvm/tlb.S b/arch/riscv/kvm/tlb.S
index c858570f0856..899f75d60bad 100644
--- a/arch/riscv/kvm/tlb.S
+++ b/arch/riscv/kvm/tlb.S
@@ -31,7 +31,7 @@
ENTRY(__kvm_riscv_hfence_gvma_vmid_gpa)
/*
- * rs1 = a0 (GPA)
+ * rs1 = a0 (GPA >> 2)
* rs2 = a1 (VMID)
* HFENCE.GVMA a0, a1
* 0110001 01011 01010 000 00000 1110011
@@ -53,7 +53,7 @@ ENDPROC(__kvm_riscv_hfence_gvma_vmid)
ENTRY(__kvm_riscv_hfence_gvma_gpa)
/*
- * rs1 = a0 (GPA)
+ * rs1 = a0 (GPA >> 2)
* rs2 = zero
* HFENCE.GVMA a0
* 0110001 00000 01010 000 00000 1110011
--
2.25.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2021-10-26 17:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-26 17:01 [PATCH 0/3] RISC-V: KVM: Few assorted changes Anup Patel
2021-10-26 17:01 ` Anup Patel
2021-10-26 17:01 ` [PATCH 1/3] RISC-V: Enable KVM in RV64 and RV32 defconfigs as a module Anup Patel
2021-10-26 17:01 ` Anup Patel
2021-10-27 22:12 ` Palmer Dabbelt
2021-10-27 22:12 ` Palmer Dabbelt
2021-10-27 23:01 ` Paolo Bonzini
2021-10-27 23:01 ` Paolo Bonzini
2021-10-28 15:37 ` Anup Patel
2021-10-28 15:37 ` Anup Patel
2021-10-26 17:01 ` [PATCH 2/3] RISC-V: KVM: Factor-out FP virtualization into separate sources Anup Patel
2021-10-26 17:01 ` Anup Patel
2021-10-26 17:01 ` Anup Patel [this message]
2021-10-26 17:01 ` [PATCH 3/3] RISC-V: KVM: Fix GPA passed to __kvm_riscv_hfence_gvma_xyz() functions Anup Patel
2021-10-28 14:07 ` [PATCH 0/3] RISC-V: KVM: Few assorted changes Paolo Bonzini
2021-10-28 14:07 ` Paolo Bonzini
2021-10-28 15:05 ` Palmer Dabbelt
2021-10-28 15:05 ` Palmer Dabbelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211026170136.2147619-4-anup.patel@wdc.com \
--to=anup.patel@wdc.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=atish.patra@wdc.com \
--cc=ihuang@ventanamicro.com \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=palmerdabbelt@google.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.