Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3136146pxb; Mon, 9 Nov 2020 03:40:55 -0800 (PST) X-Google-Smtp-Source: ABdhPJwIcPqPIAFaLFgopB10bYuDrQGTV1LKrk9HwjSsTccW3rwCvsAKvz+IKrnq7ZidX3wZCWGc X-Received: by 2002:a17:906:4807:: with SMTP id w7mr14271286ejq.306.1604922055095; Mon, 09 Nov 2020 03:40:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604922055; cv=none; d=google.com; s=arc-20160816; b=oxlrUfb/1lNmmknUeTebY4crtucQgFdLXUU3Y5I/F4Wf68VaxaX9U0eJ0raaxfwZRj 0ihe28e9ufIFcguwY0jkJE5hI7h7DTlLVRPA3Ovfuznr7R2cmqfNEIFga7ThLSwqnU44 TqUC4/fWfRGHa7OX78RWGSgzJbFQUrPVSq484VOpETiZvVsoB7T1TgbUqc+lnicLWJqc kAW+siulKTDYP/Wr4yCRQFR9Cdaz/cwqDhKMRYTaVL87DDUWDereJFzjTiWDVR/F1Vbb QD454k9nIfClhklixWJFb3APg7uKnYjfEsT5ZbUuFldMRhVAAgfDnIqYYCZF8yFycnqw aobw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TSwlUknyxMEI+6/IdIE7BFo27ktFepUyPMrayg9jAhU=; b=xhmsnZPcIN5gSq+YKSurq85zFbXz8peJeX/vHdEBhM3yfRXegLjERi9dquPiC8cmwD cMz1WYFixRUR9PaCjEQvLnz5YX9nA+eYPZJUTVJ4q4Bl4lQ5mqv0Cz0hAqGNXP6MoZJk DcO2PmJA5kbvrf/6+54sYR3XHLQOtK2l6xGre288cDFUBEuDx17myXlo+6BW2KUwr8d0 HEYA867BqpcaEx1q22tCBXb/8K0BkaQohIl5uTRwfwJ/ZF+14ubHjJalB0axy7avMhj+ 3lBmEtsbgJdy5I1tRQyc8pk3qSbBRmSTiHJOy32VpCFfPQQX85NYhoJA+m9E5dkKWYWo 5obw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iAn2GzCf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i26si6576005edb.556.2020.11.09.03.40.31; Mon, 09 Nov 2020 03:40:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iAn2GzCf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729320AbgKILgN (ORCPT + 99 others); Mon, 9 Nov 2020 06:36:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729776AbgKILda (ORCPT ); Mon, 9 Nov 2020 06:33:30 -0500 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FA39C0613CF for ; Mon, 9 Nov 2020 03:33:30 -0800 (PST) Received: by mail-wr1-x432.google.com with SMTP id d12so6789332wrr.13 for ; Mon, 09 Nov 2020 03:33:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TSwlUknyxMEI+6/IdIE7BFo27ktFepUyPMrayg9jAhU=; b=iAn2GzCfxNArh5CKayH8Vx8icaJ2i4fbykQO1kjXT9qJmzxGyHErFl5pAdrOwyItSF n61YAtEdFpK5GaHftfHCQeRp6ATxUD5xTKpJupnh7JfzXWnKshJWUdT6f7nOvBuZeX6g SGTh0c59Oy/Ar+Y5/KK20aP3f4pCWGqiLNdyaUMbq443GYcVvqwIsQ966yMSdc2E8cID 3Mp9gTu52MoliwQgaKBilPbbycLyb+QisomKBY6VpW2r03L+l2WHjFsB8xxFhUSYzL8X A+z31ZTD4ZKDaaSAqD/uCOOH17EhMAWrV29kZe3P9LTQG8LRF2/gL4x0aWTjBkB3TWgg CJFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TSwlUknyxMEI+6/IdIE7BFo27ktFepUyPMrayg9jAhU=; b=Knn23CZ+nW7ijqdJ1F+zrH7OOLEozmTf1XeflunN66R4LfVHtgj1BLSoox56NuYGx8 5ZDi8DkiA6rFLvSGRG7LIcua+AdQJ3Vs5n7/R4cho3SpDGeB9fpJQpeP5qSsmxcDgRhw oMUaS6UXkwbM6ZfwW3AjA0i+tKauGKT6HQyHEml2rod9zY0AEpbI9y9eOJQOtrixVWwD LPybOxJAvtS68OUsLZfuD/UvdECOpvabNj5iQga23g2b+rxilAhz3ly5PtRaZ2q2leig WK/VmMOaodp4onOlBPmHJJgWYjMIo75BLeAtvQxRxltd/o8DVBPL3O580DDdE2Bg/Efn iXVg== X-Gm-Message-State: AOAM532iqWNQMG3WkSTAxe8XRP2OhlroxHt/ezvW4bo0M6SAxPNV+I3y txlOBG56FNbnw8tHFMjbXqAyl19H6IP0y6+I X-Received: by 2002:a5d:6ca6:: with SMTP id a6mr17360696wra.348.1604921608925; Mon, 09 Nov 2020 03:33:28 -0800 (PST) Received: from localhost ([2a01:4b00:8523:2d03:209d:10b7:c480:3e1f]) by smtp.gmail.com with ESMTPSA id z19sm12507964wmk.12.2020.11.09.03.33.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 09 Nov 2020 03:33:28 -0800 (PST) From: David Brazdil To: kvmarm@lists.cs.columbia.edu Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Marc Zyngier , James Morse , Julien Thierry , Suzuki K Poulose , Catalin Marinas , Will Deacon , Dennis Zhou , Tejun Heo , Christoph Lameter , Mark Rutland , Lorenzo Pieralisi , Quentin Perret , Andrew Scull , Andrew Walbran , kernel-team@android.com, David Brazdil Subject: [PATCH v1 24/24] kvm: arm64: Fix EL2 mode availability checks Date: Mon, 9 Nov 2020 11:32:33 +0000 Message-Id: <20201109113233.9012-25-dbrazdil@google.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201109113233.9012-1-dbrazdil@google.com> References: <20201109113233.9012-1-dbrazdil@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org With protected nVHE hyp code interception host's PSCI CPU_ON/OFF/SUSPEND SMCs, from the host's perspective new CPUs start booting in EL1 while previously they would have booted in EL2. The kernel logic which keeps track of the mode CPUs were booted in needs to be adjusted to account for this fact. Add a static key enabled if KVM protected nVHE initialization is successful. When the key is enabled, is_hyp_mode_available continues to report `true` because its users either treat it a check whether KVM will be / has been initialized, or whether stub HVCs can be made (eg. hibernate). is_hyp_mode_mismatched is changed to report `false` when the key is enabled. That's because all cores' modes matched at the point of KVM init and KVM will not allow cores not present at init to boot. That said, the function is never used after KVM is initialized. Signed-off-by: David Brazdil --- arch/arm64/include/asm/virt.h | 17 +++++++++++++++++ arch/arm64/kvm/arm.c | 9 ++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/virt.h b/arch/arm64/include/asm/virt.h index 2c3124512c00..8159d6010f4b 100644 --- a/arch/arm64/include/asm/virt.h +++ b/arch/arm64/include/asm/virt.h @@ -66,10 +66,19 @@ void __hyp_set_vectors(phys_addr_t phys_vector_base); void __hyp_reset_vectors(void); DECLARE_STATIC_KEY_FALSE(kvm_protected_mode); +DECLARE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); /* Reports the availability of HYP mode */ static inline bool is_hyp_mode_available(void) { + /* + * If KVM protected mode is initialized, all CPUs must have been booted + * in EL2. Avoid checking __boot_cpu_mode as CPUs now come up in EL1. + */ + if (IS_ENABLED(CONFIG_KVM) && + static_branch_likely(&kvm_protected_mode_initialized)) + return true; + return (__boot_cpu_mode[0] == BOOT_CPU_MODE_EL2 && __boot_cpu_mode[1] == BOOT_CPU_MODE_EL2); } @@ -77,6 +86,14 @@ static inline bool is_hyp_mode_available(void) /* Check if the bootloader has booted CPUs in different modes */ static inline bool is_hyp_mode_mismatched(void) { + /* + * If KVM protected mode is initialized, all CPUs must have been booted + * in EL2. Avoid checking __boot_cpu_mode as CPUs now come up in EL1. + */ + if (IS_ENABLED(CONFIG_KVM) && + static_branch_likely(&kvm_protected_mode_initialized)) + return false; + return __boot_cpu_mode[0] != __boot_cpu_mode[1]; } diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index c09b95cfa00a..9a2329c92a01 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -48,6 +48,7 @@ __asm__(".arch_extension virt"); #endif DEFINE_STATIC_KEY_FALSE(kvm_protected_mode); +DEFINE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); DECLARE_KVM_HYP_PER_CPU(unsigned long, kvm_hyp_vector); @@ -1838,12 +1839,14 @@ int kvm_arch_init(void *opaque) if (err) goto out_hyp; - if (is_kvm_protected_mode()) + if (is_kvm_protected_mode()) { + static_branch_enable(&kvm_protected_mode_initialized); kvm_info("Protected nVHE mode initialized successfully\n"); - else if (in_hyp_mode) + } else if (in_hyp_mode) { kvm_info("VHE mode initialized successfully\n"); - else + } else { kvm_info("Hyp mode initialized successfully\n"); + } return 0; -- 2.29.2.222.g5d2a92d10f8-goog