Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2305715pxu; Mon, 7 Dec 2020 03:11:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJyaFNAfqbhBiuLzEZZAHQXoaIUVjwgMSqHCAx1k/X7VSe+Aw32aG3djnoylxTK6rQamvbHp X-Received: by 2002:a17:906:3102:: with SMTP id 2mr18561533ejx.135.1607339464536; Mon, 07 Dec 2020 03:11:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607339464; cv=none; d=google.com; s=arc-20160816; b=g3VdLbanwpGk4gmKIjtk0PdcX1Ti2YoqRXnCYyBhm9S7fpW2Pm2ujgdUP+yvUKFDRd dsCg2MdR7ALwX8nJAdMAtvvg//GGn7hrNzRupWowx7X3z+9bwyp/4BggNvNM2DoyQjf6 fFKgyGf1WpTuTHEYSo4fUNHgpd1iW3Ot17GO8OCCy3XBEo/KJ1xaJ1bcEmtkymAkMwDw F8+ZRP4xIviNNWFWLCcdNuSB6hzik9LLEbcGTbFGDntW4UC8svxUK8XClqiQCFP5hJLc 5ZyFOJuwnIh6XKtB5rm05bhYOy8vlznxinn8575lZN872hmWiVoCbE8jp5MLf5JoYzch YEpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=/oepA7IsfjbrqGn4UPpdEhZ6gz8spPiHiztY9G9fG9Q=; b=pZ29VTs8mOmhGExASwDlMLmZOrubnebkgUs0W6y7bIjuqe53uZ/l/yk0nkNL55mjx1 TElsLMLnomiPV8aME++BlZ67rajg/j/0Qb9pEuuHSzF2Z5x+z/PVZCX1WDE4swt+BgHG OOhRa7jDDzlvWpvtIClh0BR/DY1+Fn1bFkiHAe2ttMAD75ywtnzYRcLsqGkLfluleZUK 0Mw9JKno2ck817ntn5dsX1Z+58QZoOhANPd7DCdZAZXR9mwClwuX6eVaZpUtecKqae2a QbLVi/aMOBGUwg6VcdYiEVZqbhf9TlBRvnzJ7fz/GKOf0LZksYzUL3upQQ6XPQa6Rexr 5OPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cx12si8914020edb.194.2020.12.07.03.10.41; Mon, 07 Dec 2020 03:11:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726524AbgLGLGn (ORCPT + 99 others); Mon, 7 Dec 2020 06:06:43 -0500 Received: from foss.arm.com ([217.140.110.172]:47258 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726244AbgLGLGn (ORCPT ); Mon, 7 Dec 2020 06:06:43 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 861F21042; Mon, 7 Dec 2020 03:05:57 -0800 (PST) Received: from C02TD0UTHF1T.local (unknown [10.57.27.106]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A111C3F66B; Mon, 7 Dec 2020 03:05:54 -0800 (PST) Date: Mon, 7 Dec 2020 11:05:45 +0000 From: Mark Rutland To: Will Deacon Cc: Quentin Perret , "moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)" , "open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE" , kernel-team@android.com, Android KVM , Catalin Marinas , open list , Rob Herring , Fuad Tabba , Marc Zyngier , Frank Rowand , "open list:KERNEL VIRTUAL MACHINE FOR ARM64 (KVM/arm64)" Subject: Re: [RFC PATCH 16/27] KVM: arm64: Prepare Hyp memory protection Message-ID: <20201207110528.GA18365@C02TD0UTHF1T.local> References: <20201117181607.1761516-1-qperret@google.com> <20201117181607.1761516-17-qperret@google.com> <20201207102002.GA3825@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201207102002.GA3825@willie-the-truck> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 07, 2020 at 10:20:03AM +0000, Will Deacon wrote: > On Fri, Dec 04, 2020 at 06:01:52PM +0000, Quentin Perret wrote: > > On Thursday 03 Dec 2020 at 12:57:33 (+0000), Fuad Tabba wrote: > > > > > > +SYM_FUNC_START(__kvm_init_switch_pgd) > > > > + /* Turn the MMU off */ > > > > + pre_disable_mmu_workaround > > > > + mrs x2, sctlr_el2 > > > > + bic x3, x2, #SCTLR_ELx_M > > > > + msr sctlr_el2, x3 > > > > + isb > > > > + > > > > + tlbi alle2 > > > > + > > > > + /* Install the new pgtables */ > > > > + ldr x3, [x0, #NVHE_INIT_PGD_PA] > > > > + phys_to_ttbr x4, x3 > > > > +alternative_if ARM64_HAS_CNP > > > > + orr x4, x4, #TTBR_CNP_BIT > > > > +alternative_else_nop_endif > > > > + msr ttbr0_el2, x4 > > > > + > > > > + /* Set the new stack pointer */ > > > > + ldr x0, [x0, #NVHE_INIT_STACK_HYP_VA] > > > > + mov sp, x0 > > > > + > > > > + /* And turn the MMU back on! */ > > > > + dsb nsh > > > > + isb > > > > + msr sctlr_el2, x2 > > > > + isb > > > > + ret x1 > > > > +SYM_FUNC_END(__kvm_init_switch_pgd) > > > > + > > > > > > Should the instruction cache be flushed here (ic iallu), to discard > > > speculatively fetched instructions? > > > > Hmm, Will? Thoughts? > > The I-cache is physically tagged, so not sure what invalidation would > achieve here. Fuad -- what do you think could go wrong specifically? While the MMU is off, instruction fetches can be made from the PoC rather than the PoU, so where instructions have been modified/copied and not cleaned to the PoC, it's possible to fetch stale copies into the I-caches. The physical tag doesn't prevent that. In the regular CPU boot paths, __enabble_mmu() has an IC IALLU after enabling the MMU to ensure that we get rid of anything stale (e.g. so secondaries don't miss ftrace patching, which is only cleaned to the PoU). That might not be a problem here, if things are suitably padded and never dynamically patched, but if so it's probably worth a comment. Fuad, is that the sort of thing you were considering, or did you have additional concerns? Thanks, Mark.