Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3426251pxb; Mon, 16 Nov 2020 14:32:25 -0800 (PST) X-Google-Smtp-Source: ABdhPJz1wduBPoKmXpW0Om7TR5sRHo0+d81rCFyxp9mJFVes4LfA3w1B45WbOoLW6DFee7Mu9kdR X-Received: by 2002:a17:906:400c:: with SMTP id v12mr17452495ejj.387.1605565945039; Mon, 16 Nov 2020 14:32:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605565944; cv=none; d=google.com; s=arc-20160816; b=lJU8g/YCzm4w5BYT0IwPZg48HsYDl9ZwYcdsnkChR1S3i51FyQy6NTlNMjvnv0EXOV KY2S3NyS7virieakGOKuf77Mp+QDu+0V5EuzOGc0tf73K+Y4ZkVDv4QdjMBtR0wW55pj X7syHJhuhURCjfqCDVLLHwV9cWmufFdvapgWzp9Z+M6ZfvYFt0hIGjl/5QtnDkiDtNuA fPpQp/rUrkdYMRS46nxNfBiah6H8/5Q7kDVM3mW2vxFfasKj10m74jUUVkQsb1ZN0Bla ZQnzVMyti7KG3RHawXGdCUz6fLomc75f6Q6Mxr1PxpIDN5GNLYIRk5anOgpfUlkG9aWQ JaHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=atsDjx/TzGfxVZgd6hTk0EAv0F2OT5jr+J2cgmZ2xFY=; b=ULXF9b07xmb3EWCe2O+EEBX7Ij065pPluUkluPTHAhlcc+ABKBOU103cDn2IJ8azrh DbR0eaqXU+ZsEjqnxTM6qi2hOB7HiD9yrkgPxn+ZJM2y46S8clhd23CPkY2eFNHD2GRH teuT3SQs/CM8N+/9taBVg8NfD/AxGkUKGyqwLrdgbW60QdWyJPKZ+VDEwAKZNep9jaHA 4kUTczH+4ReALGviYyh4IUNOP/cx0uaX7pqLDwCIy8AWxMUPZNIcBdZZT4AqGParA1p1 J+Alq8yFdjGcZpvS6mOfUrxoFNeO6sIZzdaXyyYF5uYGYz2DyNHActzUrJpz+qmNZan7 e1iQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=h35rLEUq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y11si12264086ejl.86.2020.11.16.14.32.01; Mon, 16 Nov 2020 14:32:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=h35rLEUq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388067AbgKPUo2 (ORCPT + 99 others); Mon, 16 Nov 2020 15:44:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388008AbgKPUoQ (ORCPT ); Mon, 16 Nov 2020 15:44:16 -0500 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AC12C0613CF for ; Mon, 16 Nov 2020 12:44:15 -0800 (PST) Received: by mail-wm1-x342.google.com with SMTP id h2so612147wmm.0 for ; Mon, 16 Nov 2020 12:44:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=atsDjx/TzGfxVZgd6hTk0EAv0F2OT5jr+J2cgmZ2xFY=; b=h35rLEUqBFivWJURPalCErJ0No6DR5+PK0ffG8XVdL6zUlUrYdObTEz/xhcUIbbXvN bT16OoQVKSz1vAepCnSmD13fwkILI+1lAnLYb7aVBFpGbWcDM2Q7aiqidsAFZOjRQaZg Me0EqWX07U8NpONGPrFDoZIvHZ31g16eI++TBHHLBM2kraF7Zqe7anwhiHlv3eW1u3l9 kLTMw7nFFrPSkjnJ6Y0Li30dnpw/zkH4N1CU7n7h5DWJ/k/pmQOoMJiOnliC/ltLfvBQ btiN0VcHK9tInQa6ELnxeP1Um1+hErUSvgPBa0GS7icfaYlQ3UNsD4HSaSGcFpn7avLz UDiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=atsDjx/TzGfxVZgd6hTk0EAv0F2OT5jr+J2cgmZ2xFY=; b=SCSj5XRQNjp1zqqXaRyRZMxBZiEF7dHoD7KN9C1UAd5axIs3hbOJTvKr2ZySwxr+db VY0Cc+pUop7XbpX3ypMuRvtCEpVwSYwia7Bm1Ev4WPv2VISVM29Ptmeddse2si1rq0ZQ C6WxQZ8NvgTrmwJ86v+HP/LDFD8kVzdbQAsVR2XEXoHpRxjjBe3O5Noxa9XdXkVEok9n LoJkZrFn6Gs24BA2/gKBZbihp/rpfTHZetAeRo9W+JOLEWC5sQcXaL8WlQUhaSYpemn5 K+UsdlOOClPDlW6W5As8WFiNOcGk+2gn5hQfgBKnTMYFmNjxtXLBkI4+pimZbFqL1KUe pM0w== X-Gm-Message-State: AOAM532q7i1Dmevptl3B6scMdDrfqm3rz3H9sCMTfsIR6TGe5MDkL7C8 tYa2STiJe39n4ovLzZcAIk6+aQ== X-Received: by 2002:a7b:c1ce:: with SMTP id a14mr663097wmj.169.1605559453768; Mon, 16 Nov 2020 12:44:13 -0800 (PST) Received: from localhost ([2a01:4b00:8523:2d03:bc40:bd71:373a:1b33]) by smtp.gmail.com with ESMTPSA id 90sm3958005wrl.60.2020.11.16.12.44.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Nov 2020 12:44:12 -0800 (PST) From: David Brazdil To: kvmarm@lists.cs.columbia.edu Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Marc Zyngier , James Morse , Julien Thierry , Suzuki K Poulose , Catalin Marinas , Will Deacon , Dennis Zhou , Tejun Heo , Christoph Lameter , Mark Rutland , Lorenzo Pieralisi , Quentin Perret , Andrew Scull , Andrew Walbran , kernel-team@android.com, David Brazdil Subject: [PATCH v2 24/24] kvm: arm64: Fix EL2 mode availability checks Date: Mon, 16 Nov 2020 20:43:18 +0000 Message-Id: <20201116204318.63987-25-dbrazdil@google.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201116204318.63987-1-dbrazdil@google.com> References: <20201116204318.63987-1-dbrazdil@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org With protected nVHE hyp code interception host's PSCI CPU_ON/SUSPEND SMCs, the host starts seeing new CPUs boot in EL1 instead of EL2. The kernel logic that keeps track of the boot mode needs to be adjusted. Add a static key enabled if KVM protected nVHE initialization is successful. When the key is enabled, is_hyp_mode_available continues to report `true` because its users either treat it as a check whether KVM will be / was initialized, or whether stub HVCs can be made (eg. hibernate). is_hyp_mode_mismatched is changed to report `false` when the key is enabled. That's because all cores' modes matched at the point of KVM init and KVM will not allow cores not present at init to boot. That said, the function is never used after KVM is initialized. Signed-off-by: David Brazdil --- arch/arm64/include/asm/virt.h | 18 ++++++++++++++++++ arch/arm64/kvm/arm.c | 10 +++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/virt.h b/arch/arm64/include/asm/virt.h index 2fde1186b962..f7cf3f0e5297 100644 --- a/arch/arm64/include/asm/virt.h +++ b/arch/arm64/include/asm/virt.h @@ -65,9 +65,19 @@ extern u32 __boot_cpu_mode[2]; void __hyp_set_vectors(phys_addr_t phys_vector_base); void __hyp_reset_vectors(void); +DECLARE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); + /* Reports the availability of HYP mode */ static inline bool is_hyp_mode_available(void) { + /* + * If KVM protected mode is initialized, all CPUs must have been booted + * in EL2. Avoid checking __boot_cpu_mode as CPUs now come up in EL1. + */ + if (IS_ENABLED(CONFIG_KVM) && + static_branch_likely(&kvm_protected_mode_initialized)) + return true; + return (__boot_cpu_mode[0] == BOOT_CPU_MODE_EL2 && __boot_cpu_mode[1] == BOOT_CPU_MODE_EL2); } @@ -75,6 +85,14 @@ static inline bool is_hyp_mode_available(void) /* Check if the bootloader has booted CPUs in different modes */ static inline bool is_hyp_mode_mismatched(void) { + /* + * If KVM protected mode is initialized, all CPUs must have been booted + * in EL2. Avoid checking __boot_cpu_mode as CPUs now come up in EL1. + */ + if (IS_ENABLED(CONFIG_KVM) && + static_branch_likely(&kvm_protected_mode_initialized)) + return false; + return __boot_cpu_mode[0] != __boot_cpu_mode[1]; } diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 45bc7a6b9e0b..b86d0b38f30b 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -47,6 +47,8 @@ __asm__(".arch_extension virt"); #endif +DEFINE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); + DECLARE_KVM_HYP_PER_CPU(unsigned long, kvm_hyp_vector); static DEFINE_PER_CPU(unsigned long, kvm_arm_hyp_stack_page); @@ -1837,12 +1839,14 @@ int kvm_arch_init(void *opaque) if (err) goto out_hyp; - if (is_protected_kvm_enabled()) + if (is_protected_kvm_enabled()) { + static_branch_enable(&kvm_protected_mode_initialized); kvm_info("Protected nVHE mode initialized successfully\n"); - else if (in_hyp_mode) + } else if (in_hyp_mode) { kvm_info("VHE mode initialized successfully\n"); - else + } else { kvm_info("Hyp mode initialized successfully\n"); + } return 0; -- 2.29.2.299.gdc1121823c-goog