2015-08-07 16:09:25

by Eric Auger

[permalink] [raw]
Subject: [PATCH v2 0/4] KVM: arm/arm64: guest synchronous halt/resume

This series introduces the capability to synchronously exit the guest
and prevent it from being re-entered. This modality will be used by
IRQ forwarding series when changing the state of the IRQ.

Former pause flag used when starting the vcpu in KVM_ARM_VCPU_POWER_OFF
state, in PSCI calls and in KVM_SET_MP_STATE ioctl is renamed into
power_off. A new pause flag is introduced. Both now are checked in
kvm_arch_vcpu_runnable and in the VCPU_RUN critical section, before
entering the vcpu.

Best Regards

Eric

History:

v1 -> v2:
- check pause, power_off and in kvm_arch_vcpu_runnable
- check power_off in vcpu_run critcal section before guest entry
- correct compil issue in first patch reported by Andrew
- rename vcpu_pause into vcpu_sleep

RFC -> PATCH v1:
- originally part of [RFC 00/17] ARM IRQ forward control based on IRQ
bypass manager (https://lkml.org/lkml/2015/7/2/268) and isolated in
this series.
- added __maybe_unused following Marc's advice


Eric Auger (4):
KVM: arm/arm64: rename pause into power_off
KVM: arm/arm64: check power_off in kvm_arch_vcpu_runnable
KVM: arm/arm64: check power_off in critical section before VCPU run
KVM: arm/arm64: implement kvm_arm_[halt,resume]_guest

arch/arm/include/asm/kvm_host.h | 5 +++-
arch/arm/kvm/arm.c | 53 ++++++++++++++++++++++++++++++---------
arch/arm/kvm/psci.c | 10 ++++----
arch/arm64/include/asm/kvm_host.h | 3 +++
4 files changed, 53 insertions(+), 18 deletions(-)

--
1.9.1


2015-08-07 16:10:37

by Eric Auger

[permalink] [raw]
Subject: [PATCH v2 1/4] KVM: arm/arm64: rename pause into power_off

The kvm_vcpu_arch pause field is renamed into power_off to prepare
for the introduction of a new pause field. Also vcpu_pause is renamed
into vcpu_sleep since we will sleep until both power_off and pause are
false.

Signed-off-by: Eric Auger <[email protected]>

---

v1 -> v2:
- rename pause in kvm_arch_vcpu_ioctl_[set,get]_mpstate
- rename vcpu_pause into vcpu_sleep
---
arch/arm/include/asm/kvm_host.h | 4 ++--
arch/arm/kvm/arm.c | 20 ++++++++++----------
arch/arm/kvm/psci.c | 10 +++++-----
arch/arm64/include/asm/kvm_host.h | 4 ++--
4 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
index e896d2c..304004d 100644
--- a/arch/arm/include/asm/kvm_host.h
+++ b/arch/arm/include/asm/kvm_host.h
@@ -129,8 +129,8 @@ struct kvm_vcpu_arch {
* here.
*/

- /* Don't run the guest on this vcpu */
- bool pause;
+ /* vcpu power-off state */
+ bool power_off;

/* IO related fields */
struct kvm_decode mmio_decode;
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index b598aa4..3ac6b4c 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -313,7 +313,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
struct kvm_mp_state *mp_state)
{
- if (vcpu->arch.pause)
+ if (vcpu->arch.power_off)
mp_state->mp_state = KVM_MP_STATE_STOPPED;
else
mp_state->mp_state = KVM_MP_STATE_RUNNABLE;
@@ -326,10 +326,10 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
{
switch (mp_state->mp_state) {
case KVM_MP_STATE_RUNNABLE:
- vcpu->arch.pause = false;
+ vcpu->arch.power_off = false;
break;
case KVM_MP_STATE_STOPPED:
- vcpu->arch.pause = true;
+ vcpu->arch.power_off = true;
break;
default:
return -EINVAL;
@@ -473,11 +473,11 @@ bool kvm_arch_intc_initialized(struct kvm *kvm)
return vgic_initialized(kvm);
}

-static void vcpu_pause(struct kvm_vcpu *vcpu)
+static void vcpu_sleep(struct kvm_vcpu *vcpu)
{
wait_queue_head_t *wq = kvm_arch_vcpu_wq(vcpu);

- wait_event_interruptible(*wq, !vcpu->arch.pause);
+ wait_event_interruptible(*wq, !vcpu->arch.power_off);
}

static int kvm_vcpu_initialized(struct kvm_vcpu *vcpu)
@@ -527,8 +527,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)

update_vttbr(vcpu->kvm);

- if (vcpu->arch.pause)
- vcpu_pause(vcpu);
+ if (vcpu->arch.power_off)
+ vcpu_sleep(vcpu);

/*
* Disarming the background timer must be done in a
@@ -766,12 +766,12 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
vcpu_reset_hcr(vcpu);

/*
- * Handle the "start in power-off" case by marking the VCPU as paused.
+ * Handle the "start in power-off" case.
*/
if (test_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features))
- vcpu->arch.pause = true;
+ vcpu->arch.power_off = true;
else
- vcpu->arch.pause = false;
+ vcpu->arch.power_off = false;

return 0;
}
diff --git a/arch/arm/kvm/psci.c b/arch/arm/kvm/psci.c
index 4b94b51..134971a 100644
--- a/arch/arm/kvm/psci.c
+++ b/arch/arm/kvm/psci.c
@@ -63,7 +63,7 @@ static unsigned long kvm_psci_vcpu_suspend(struct kvm_vcpu *vcpu)

static void kvm_psci_vcpu_off(struct kvm_vcpu *vcpu)
{
- vcpu->arch.pause = true;
+ vcpu->arch.power_off = true;
}

static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
@@ -87,7 +87,7 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
*/
if (!vcpu)
return PSCI_RET_INVALID_PARAMS;
- if (!vcpu->arch.pause) {
+ if (!vcpu->arch.power_off) {
if (kvm_psci_version(source_vcpu) != KVM_ARM_PSCI_0_1)
return PSCI_RET_ALREADY_ON;
else
@@ -115,7 +115,7 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
* the general puspose registers are undefined upon CPU_ON.
*/
*vcpu_reg(vcpu, 0) = context_id;
- vcpu->arch.pause = false;
+ vcpu->arch.power_off = false;
smp_mb(); /* Make sure the above is visible */

wq = kvm_arch_vcpu_wq(vcpu);
@@ -152,7 +152,7 @@ static unsigned long kvm_psci_vcpu_affinity_info(struct kvm_vcpu *vcpu)
kvm_for_each_vcpu(i, tmp, kvm) {
mpidr = kvm_vcpu_get_mpidr_aff(tmp);
if (((mpidr & target_affinity_mask) == target_affinity) &&
- !tmp->arch.pause) {
+ !tmp->arch.power_off) {
return PSCI_0_2_AFFINITY_LEVEL_ON;
}
}
@@ -175,7 +175,7 @@ static void kvm_prepare_system_event(struct kvm_vcpu *vcpu, u32 type)
* re-initialized.
*/
kvm_for_each_vcpu(i, tmp, vcpu->kvm) {
- tmp->arch.pause = true;
+ tmp->arch.power_off = true;
kvm_vcpu_kick(tmp);
}

diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 2709db2..009da6b 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -122,8 +122,8 @@ struct kvm_vcpu_arch {
* here.
*/

- /* Don't run the guest */
- bool pause;
+ /* vcpu power-off state */
+ bool power_off;

/* IO related fields */
struct kvm_decode mmio_decode;
--
1.9.1

2015-08-07 16:10:34

by Eric Auger

[permalink] [raw]
Subject: [PATCH v2 2/4] KVM: arm/arm64: check power_off in kvm_arch_vcpu_runnable

kvm_arch_vcpu_runnable now also checks whether the power_off
flag is set.

Signed-off-by: Eric Auger <[email protected]>
---
arch/arm/kvm/arm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 3ac6b4c..4f50be3 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -347,7 +347,8 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
*/
int kvm_arch_vcpu_runnable(struct kvm_vcpu *v)
{
- return !!v->arch.irq_lines || kvm_vgic_vcpu_pending_irq(v);
+ return ((!!v->arch.irq_lines || kvm_vgic_vcpu_pending_irq(v))
+ && !v->arch.power_off);
}

/* Just ensure a guest exit from a particular CPU */
--
1.9.1

2015-08-07 16:09:29

by Eric Auger

[permalink] [raw]
Subject: [PATCH v2 3/4] KVM: arm/arm64: check power_off in critical section before VCPU run

In case KVM_SET_MP_STATE ioctl is called just after we executed the
vcpu_sleep check, we can enter the guest although KVM_MP_STATE_STOPPED
is set. Let's check the power_off state in the critical section,
just before entering the guest.

Signed-off-by: Eric Auger <[email protected]>
Reported-by: Christoffer Dall <[email protected]>
---
arch/arm/kvm/arm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index 4f50be3..cc404a8 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -555,7 +555,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
run->exit_reason = KVM_EXIT_INTR;
}

- if (ret <= 0 || need_new_vmid_gen(vcpu->kvm)) {
+ if (ret <= 0 || need_new_vmid_gen(vcpu->kvm) ||
+ vcpu->arch.power_off) {
local_irq_enable();
kvm_vgic_sync_hwstate(vcpu);
preempt_enable();
--
1.9.1

2015-08-07 16:09:51

by Eric Auger

[permalink] [raw]
Subject: [PATCH v2 4/4] KVM: arm/arm64: implement kvm_arm_[halt,resume]_guest

We introduce kvm_arm_halt_guest and resume functions. They
will be used for IRQ forward state change.

Halt is synchronous and prevents the guest from being re-entered.
We use the same mechanism put in place for PSCI former pause,
now renamed power_off. A new flag is introduced in arch vcpu state,
pause, only meant to be used by those functions.

Signed-off-by: Eric Auger <[email protected]>

---
v1 -> v2:
- check pause in kvm_arch_vcpu_runnable
- we cannot use kvm_vcpu_block since this latter would exit on
IRQ/FIQ and this is not what we want
---
arch/arm/include/asm/kvm_host.h | 3 +++
arch/arm/kvm/arm.c | 35 +++++++++++++++++++++++++++++++----
arch/arm64/include/asm/kvm_host.h | 3 +++
3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
index 304004d..dac85f6 100644
--- a/arch/arm/include/asm/kvm_host.h
+++ b/arch/arm/include/asm/kvm_host.h
@@ -132,6 +132,9 @@ struct kvm_vcpu_arch {
/* vcpu power-off state */
bool power_off;

+ /* Exit and don't run the guest (internal implementation need) */
+ bool pause;
+
/* IO related fields */
struct kvm_decode mmio_decode;

diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index cc404a8..0529b38 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -348,7 +348,7 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
int kvm_arch_vcpu_runnable(struct kvm_vcpu *v)
{
return ((!!v->arch.irq_lines || kvm_vgic_vcpu_pending_irq(v))
- && !v->arch.power_off);
+ && !v->arch.power_off && !v->arch.pause);
}

/* Just ensure a guest exit from a particular CPU */
@@ -474,11 +474,38 @@ bool kvm_arch_intc_initialized(struct kvm *kvm)
return vgic_initialized(kvm);
}

+static void kvm_arm_halt_guest(struct kvm *kvm) __maybe_unused;
+static void kvm_arm_resume_guest(struct kvm *kvm) __maybe_unused;
+
+static void kvm_arm_halt_guest(struct kvm *kvm)
+{
+ int i;
+ struct kvm_vcpu *vcpu;
+
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ vcpu->arch.pause = true;
+ force_vm_exit(cpu_all_mask);
+}
+
+static void kvm_arm_resume_guest(struct kvm *kvm)
+{
+ int i;
+ struct kvm_vcpu *vcpu;
+
+ kvm_for_each_vcpu(i, vcpu, kvm) {
+ wait_queue_head_t *wq = kvm_arch_vcpu_wq(vcpu);
+
+ vcpu->arch.pause = false;
+ wake_up_interruptible(wq);
+ }
+}
+
static void vcpu_sleep(struct kvm_vcpu *vcpu)
{
wait_queue_head_t *wq = kvm_arch_vcpu_wq(vcpu);

- wait_event_interruptible(*wq, !vcpu->arch.power_off);
+ wait_event_interruptible(*wq, ((!vcpu->arch.power_off) &&
+ (!vcpu->arch.pause)));
}

static int kvm_vcpu_initialized(struct kvm_vcpu *vcpu)
@@ -528,7 +555,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)

update_vttbr(vcpu->kvm);

- if (vcpu->arch.power_off)
+ if (vcpu->arch.power_off || vcpu->arch.pause)
vcpu_sleep(vcpu);

/*
@@ -556,7 +583,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
}

if (ret <= 0 || need_new_vmid_gen(vcpu->kvm) ||
- vcpu->arch.power_off) {
+ vcpu->arch.power_off || vcpu->arch.pause) {
local_irq_enable();
kvm_vgic_sync_hwstate(vcpu);
preempt_enable();
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 009da6b..69e3785 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -125,6 +125,9 @@ struct kvm_vcpu_arch {
/* vcpu power-off state */
bool power_off;

+ /* Don't run the guest */
+ bool pause;
+
/* IO related fields */
struct kvm_decode mmio_decode;

--
1.9.1

2015-08-31 10:11:06

by Christoffer Dall

[permalink] [raw]
Subject: Re: [PATCH v2 3/4] KVM: arm/arm64: check power_off in critical section before VCPU run

On Fri, Aug 07, 2015 at 06:08:32PM +0200, Eric Auger wrote:
> In case KVM_SET_MP_STATE ioctl is called just after we executed the
> vcpu_sleep check, we can enter the guest although KVM_MP_STATE_STOPPED
> is set. Let's check the power_off state in the critical section,
> just before entering the guest.

I don't think this can happen from the KVM_SET_MP_STATE, because that is
a vcpu ioctl and would therefore require userspace sets this before even
entering the run loop in the kernel, but it could happen at the PSCI
system event preparation.

>
> Signed-off-by: Eric Auger <[email protected]>
> Reported-by: Christoffer Dall <[email protected]>
> ---
> arch/arm/kvm/arm.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
> index 4f50be3..cc404a8 100644
> --- a/arch/arm/kvm/arm.c
> +++ b/arch/arm/kvm/arm.c
> @@ -555,7 +555,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> run->exit_reason = KVM_EXIT_INTR;
> }
>
> - if (ret <= 0 || need_new_vmid_gen(vcpu->kvm)) {
> + if (ret <= 0 || need_new_vmid_gen(vcpu->kvm) ||
> + vcpu->arch.power_off) {
> local_irq_enable();
> kvm_vgic_sync_hwstate(vcpu);
> preempt_enable();
> --
> 1.9.1
>

2015-08-31 10:42:14

by Christoffer Dall

[permalink] [raw]
Subject: Re: [PATCH v2 4/4] KVM: arm/arm64: implement kvm_arm_[halt,resume]_guest

On Fri, Aug 07, 2015 at 06:08:33PM +0200, Eric Auger wrote:
> We introduce kvm_arm_halt_guest and resume functions. They
> will be used for IRQ forward state change.
>
> Halt is synchronous and prevents the guest from being re-entered.
> We use the same mechanism put in place for PSCI former pause,
> now renamed power_off. A new flag is introduced in arch vcpu state,
> pause, only meant to be used by those functions.
>
> Signed-off-by: Eric Auger <[email protected]>
>
> ---
> v1 -> v2:
> - check pause in kvm_arch_vcpu_runnable
> - we cannot use kvm_vcpu_block since this latter would exit on
> IRQ/FIQ and this is not what we want
> ---
> arch/arm/include/asm/kvm_host.h | 3 +++
> arch/arm/kvm/arm.c | 35 +++++++++++++++++++++++++++++++----
> arch/arm64/include/asm/kvm_host.h | 3 +++
> 3 files changed, 37 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index 304004d..dac85f6 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -132,6 +132,9 @@ struct kvm_vcpu_arch {
> /* vcpu power-off state */
> bool power_off;
>
> + /* Exit and don't run the guest (internal implementation need) */

Why exit? I think it's slightly more correct to just say.
"Don't run the guest (internal implementation need)"

> + bool pause;
> +
> /* IO related fields */
> struct kvm_decode mmio_decode;
>
> diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
> index cc404a8..0529b38 100644
> --- a/arch/arm/kvm/arm.c
> +++ b/arch/arm/kvm/arm.c
> @@ -348,7 +348,7 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
> int kvm_arch_vcpu_runnable(struct kvm_vcpu *v)
> {
> return ((!!v->arch.irq_lines || kvm_vgic_vcpu_pending_irq(v))
> - && !v->arch.power_off);
> + && !v->arch.power_off && !v->arch.pause);
> }
>
> /* Just ensure a guest exit from a particular CPU */
> @@ -474,11 +474,38 @@ bool kvm_arch_intc_initialized(struct kvm *kvm)
> return vgic_initialized(kvm);
> }
>
> +static void kvm_arm_halt_guest(struct kvm *kvm) __maybe_unused;
> +static void kvm_arm_resume_guest(struct kvm *kvm) __maybe_unused;
> +
> +static void kvm_arm_halt_guest(struct kvm *kvm)
> +{
> + int i;
> + struct kvm_vcpu *vcpu;
> +
> + kvm_for_each_vcpu(i, vcpu, kvm)
> + vcpu->arch.pause = true;
> + force_vm_exit(cpu_all_mask);
> +}
> +
> +static void kvm_arm_resume_guest(struct kvm *kvm)
> +{
> + int i;
> + struct kvm_vcpu *vcpu;
> +
> + kvm_for_each_vcpu(i, vcpu, kvm) {
> + wait_queue_head_t *wq = kvm_arch_vcpu_wq(vcpu);
> +
> + vcpu->arch.pause = false;
> + wake_up_interruptible(wq);
> + }
> +}
> +
> static void vcpu_sleep(struct kvm_vcpu *vcpu)
> {
> wait_queue_head_t *wq = kvm_arch_vcpu_wq(vcpu);
>
> - wait_event_interruptible(*wq, !vcpu->arch.power_off);
> + wait_event_interruptible(*wq, ((!vcpu->arch.power_off) &&
> + (!vcpu->arch.pause)));
> }
>
> static int kvm_vcpu_initialized(struct kvm_vcpu *vcpu)
> @@ -528,7 +555,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
>
> update_vttbr(vcpu->kvm);
>
> - if (vcpu->arch.power_off)
> + if (vcpu->arch.power_off || vcpu->arch.pause)
> vcpu_sleep(vcpu);
>
> /*
> @@ -556,7 +583,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run)
> }
>
> if (ret <= 0 || need_new_vmid_gen(vcpu->kvm) ||
> - vcpu->arch.power_off) {
> + vcpu->arch.power_off || vcpu->arch.pause) {
> local_irq_enable();
> kvm_vgic_sync_hwstate(vcpu);
> preempt_enable();
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 009da6b..69e3785 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -125,6 +125,9 @@ struct kvm_vcpu_arch {
> /* vcpu power-off state */
> bool power_off;
>
> + /* Don't run the guest */

Can we have the same comment on the arm and arm64 version?

> + bool pause;
> +
> /* IO related fields */
> struct kvm_decode mmio_decode;
>
> --
> 1.9.1
>

Besides these commenting nits, I think this looks reasonable overall.

Reviewed-by: Christoffer Dall <[email protected]>

On the series.