Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1356135pxk; Fri, 4 Sep 2020 07:29:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz9vKCJ7U7VS8iGiUf1Q/VRTbJmekdnjDMsQMlysWpxksnqfl25uFYmgQTE7W1hQd4LMUqe X-Received: by 2002:a17:906:bb06:: with SMTP id jz6mr8053492ejb.248.1599229756033; Fri, 04 Sep 2020 07:29:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599229756; cv=none; d=google.com; s=arc-20160816; b=Y/Vo7+fuAm8+JG9wQDhW3ONcBBnwB7heMSO+F5rN6nCgdFTCwB0Gk0PrhZPTKryAlJ F1Yt0CJcco6gTXeTaxqasglH+HYEAN6s9L1ppInHWShf2QDDLxPC3MhidfM28GyG1loW zDWka/eZQYWR2uNrDCU8K/aH1xXseSAJe1nRrWq4GKtmIvR8k9ZD2mAEiKeJ67YDSjot NP4xGClw9lL4bcolcEivvNeYk1I7D53KpfOPXb+bzUlcKdOKqTEecpEz5hPASOMkW6y9 QaV1FXSEbkt8xUlgDFS/M6bmfX3MRRWAd2bx6Dak+1QP1KB/X5MRW38ioUA+lu3MOWt5 JIsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=36k+0Z5jqds88otx8VyauNWJNoPEgd7pL38dap35Mkw=; b=PDvtwMfdPNekGBOB+bBD8VeKle2K2RrQ4OoNy4cAL6NGfVXlgw5SgWBaoiOWAMHTpv biT1mlwsuMb02p67LG294rEDvmE9d0t5foWIgq5d/JI6HpJ0J+8ysoPGwqmqdg8tO7aQ Aqn0Ev8FBBNA/2xlP76ydVsXiyGlQZvhIB44ADuitTzRngY9KKDe7k767t1J3dsd+h2m 4bZMH6Qi0s/LFh+b8N1OFRfGNkSgGYZNJ2+QdWXRPUL0iHcWgiV7iSU0f9LheiHR/Lwz ZFOfWI56fhRsiYt8R2LjBLx+DGzfm96J1mwiV6l6w9DCl1Gd85WDKnq9yEeb0IBmt5Zl tpdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NLWBs8jE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s14si4246523ejx.304.2020.09.04.07.28.52; Fri, 04 Sep 2020 07:29:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NLWBs8jE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730570AbgIDO2T (ORCPT + 99 others); Fri, 4 Sep 2020 10:28:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:36826 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730421AbgIDNdF (ORCPT ); Fri, 4 Sep 2020 09:33:05 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B163D20829; Fri, 4 Sep 2020 13:30:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599226208; bh=nPIkQCIpdQuilOuyc8TCuW2XR1An6Zqilkaa95FySd8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NLWBs8jEakRLmD1AELqP611UetpanlkQqCvPBugaSP7V5Xd6lIH5tSO3oNkxAp6+U SxshheQ06eTHuumijFP9ZssHQMg+GrnjeQNSVWutP0jL+VL9kpzv0DoeybAfK5PZIu naROiViFVnSz0+Gbx57XVKFH+bA1UQPe9XC5Kuxk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, James Morse , Marc Zyngier , Catalin Marinas , Andre Przywara Subject: [PATCH 5.4 07/16] KVM: arm64: Survive synchronous exceptions caused by AT instructions Date: Fri, 4 Sep 2020 15:30:00 +0200 Message-Id: <20200904120257.560300344@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200904120257.203708503@linuxfoundation.org> References: <20200904120257.203708503@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: James Morse commit 88a84ccccb3966bcc3f309cdb76092a9892c0260 upstream. KVM doesn't expect any synchronous exceptions when executing, any such exception leads to a panic(). AT instructions access the guest page tables, and can cause a synchronous external abort to be taken. The arm-arm is unclear on what should happen if the guest has configured the hardware update of the access-flag, and a memory type in TCR_EL1 that does not support atomic operations. B2.2.6 "Possible implementation restrictions on using atomic instructions" from DDI0487F.a lists synchronous external abort as a possible behaviour of atomic instructions that target memory that isn't writeback cacheable, but the page table walker may behave differently. Make KVM robust to synchronous exceptions caused by AT instructions. Add a get_user() style helper for AT instructions that returns -EFAULT if an exception was generated. While KVM's version of the exception table mixes synchronous and asynchronous exceptions, only one of these can occur at each location. Re-enter the guest when the AT instructions take an exception on the assumption the guest will take the same exception. This isn't guaranteed to make forward progress, as the AT instructions may always walk the page tables, but guest execution may use the translation cached in the TLB. This isn't a problem, as since commit 5dcd0fdbb492 ("KVM: arm64: Defer guest entry when an asynchronous exception is pending"), KVM will return to the host to process IRQs allowing the rest of the system to keep running. Cc: stable@vger.kernel.org # Reviewed-by: Marc Zyngier Signed-off-by: Catalin Marinas Signed-off-by: Andre Przywara Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/kvm_asm.h | 28 ++++++++++++++++++++++++++++ arch/arm64/kvm/hyp/hyp-entry.S | 14 ++++++++++---- arch/arm64/kvm/hyp/switch.c | 8 ++++---- 3 files changed, 42 insertions(+), 8 deletions(-) --- a/arch/arm64/include/asm/kvm_asm.h +++ b/arch/arm64/include/asm/kvm_asm.h @@ -88,6 +88,34 @@ extern u32 __kvm_get_mdcr_el2(void); *__hyp_this_cpu_ptr(sym); \ }) +#define __KVM_EXTABLE(from, to) \ + " .pushsection __kvm_ex_table, \"a\"\n" \ + " .align 3\n" \ + " .long (" #from " - .), (" #to " - .)\n" \ + " .popsection\n" + + +#define __kvm_at(at_op, addr) \ +( { \ + int __kvm_at_err = 0; \ + u64 spsr, elr; \ + asm volatile( \ + " mrs %1, spsr_el2\n" \ + " mrs %2, elr_el2\n" \ + "1: at "at_op", %3\n" \ + " isb\n" \ + " b 9f\n" \ + "2: msr spsr_el2, %1\n" \ + " msr elr_el2, %2\n" \ + " mov %w0, %4\n" \ + "9:\n" \ + __KVM_EXTABLE(1b, 2b) \ + : "+r" (__kvm_at_err), "=&r" (spsr), "=&r" (elr) \ + : "r" (addr), "i" (-EFAULT)); \ + __kvm_at_err; \ +} ) + + #else /* __ASSEMBLY__ */ .macro hyp_adr_this_cpu reg, sym, tmp --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -166,13 +166,19 @@ el1_error: b __guest_exit el2_sync: - /* Check for illegal exception return, otherwise panic */ + /* Check for illegal exception return */ mrs x0, spsr_el2 + tbnz x0, #20, 1f - /* if this was something else, then panic! */ - tst x0, #PSR_IL_BIT - b.eq __hyp_panic + save_caller_saved_regs_vect + stp x29, x30, [sp, #-16]! + bl kvm_unexpected_el2_exception + ldp x29, x30, [sp], #16 + restore_caller_saved_regs_vect + eret + +1: /* Let's attempt a recovery from the illegal exception return */ get_vcpu_ptr x1, x0 mov x0, #ARM_EXCEPTION_IL --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -261,10 +261,10 @@ static bool __hyp_text __translate_far_t * saved the guest context yet, and we may return early... */ par = read_sysreg(par_el1); - asm volatile("at s1e1r, %0" : : "r" (far)); - isb(); - - tmp = read_sysreg(par_el1); + if (!__kvm_at("s1e1r", far)) + tmp = read_sysreg(par_el1); + else + tmp = SYS_PAR_EL1_F; /* back to the guest */ write_sysreg(par, par_el1); if (unlikely(tmp & SYS_PAR_EL1_F))