Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2310250pxu; Mon, 7 Dec 2020 03:19:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJw7QaQbhX2MmPQtEejeHUyyUVaqdPtHrqJMiYE4sKLzdBNlVxESrFRTVGdwpK47cUfQegSi X-Received: by 2002:a17:906:7fcf:: with SMTP id r15mr5496599ejs.79.1607339970917; Mon, 07 Dec 2020 03:19:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607339970; cv=none; d=google.com; s=arc-20160816; b=DT6IfWfjsz9hzWAHukzLeMKG36xNnCEJ9Zl+OzOMBZrWC8J3jyaF6u9frgEOQumDB4 abtoLDnc07DeVHHKBc3r0cejJ1+80ReAR+2lNdV/usjWmJW95DAUD1jAzI6wjtXW0Hin FN8lplJzx875mlWGX7u4IOYWDCsrI2mFQmTA2jeiZFD8riCDXypkkDokwIwGQnIx2Sde cuI5LqtAd598Q3pxHxEQpoZxUgLyLz40g8SSgw0Kqg1/yaEnP/Poj6CAL5MR45wQBSxX 9HmC8Vn3n6Jny1lq0JHhhJ+Wy8FJ+GiMGxRSSnxRPZKRm810VJf48OWFjDd+RwJk+LZ4 EO1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=CDa/bzky3vYFC4xxSuOCp3ghimMh4GECLA5nY8N/fUQ=; b=vzrIf1AVOQri+OwAqpWFt7uxlp4o5Lr5Du2Z1ejYgi3hvX8XxDuGZE+xgJ2dX3DOfv SvhyeMK/f/bc3W4Em12uLHonOp41JQ89/3uooiqZ3Cn/XurHjXUwrdUneRJY7sABnpg3 MtCxO5uFv3JEdHeG1yCzUK33zydTn1qM07sOF7QriRm/sHR6YCb1tqXXzSwkHHck1KbD RHkaCtN2lDE8Sb4ZdPXh6Onl1o7XcqcmL17S6jRVcLWQ4eN6vGPNMSYD7vnlXz0VLY9o Dm+rCq6xMHISoEhbRceZQZweswlzF0T8sJiRLAYN0pOGSbWSlbszd92pnKLZciScd6Pp +wCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hx+OgTRg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 1si8050794edv.426.2020.12.07.03.19.07; Mon, 07 Dec 2020 03:19:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hx+OgTRg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726515AbgLGLPj (ORCPT + 99 others); Mon, 7 Dec 2020 06:15:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726198AbgLGLPi (ORCPT ); Mon, 7 Dec 2020 06:15:38 -0500 Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77338C0613D2 for ; Mon, 7 Dec 2020 03:14:58 -0800 (PST) Received: by mail-ot1-x342.google.com with SMTP id 11so12080308oty.9 for ; Mon, 07 Dec 2020 03:14:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CDa/bzky3vYFC4xxSuOCp3ghimMh4GECLA5nY8N/fUQ=; b=hx+OgTRg5lMLP/kziSxsNaPlM9h2bc2RfQU1/rtzHESa+ND7aVRNCI71QM0YImfqD0 Yo7+sxC3NskWKOJ5qtEaRy2IkavFgsVP3/elyHZ54eLjZ8ivjJEFr9e1y4ZbnrR+PluY jU+fxcy5C4KfEcCdZ4ldf+gfP4A4lNdwAGts4GanpY6rH8TLvlhbeziXFP3AURCQkk6o qxxaLHefzbURt+R16gnQNPuw2WmUkWUwSLLEjU11anroQQoRnhfat/5vzTKg/ecIuDIk tbkw0HoB/eycgrorYAdbZg16XToNfwuGPO3grCwFsE3nEnA1CrxjrY9Y+OcPpzc2fxh+ R36Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CDa/bzky3vYFC4xxSuOCp3ghimMh4GECLA5nY8N/fUQ=; b=mAt4x0ECPNQvTUVLZSWBX0lMnPUUhpO2ZWCsG/PwuwehfAYxIU4Ud1YjXncd4bhQf6 6DzWApk19Zv11mywtGFDBy51G4DRDp6/am+/sjdO4b6fck+0KFQkHM7rfsA0qRbnhcEe xe1zfLf1+JBsf1atKbiuzUVYYXOdjdDg4CJXcJJyHH9Ud0SkTO8fzxxn7uAtvIa3rRDa yV+34ol59KmcHjpcwHXZ6l+jJGTXHFhTGcj0OO0D+aTD1Y2s3tYYND270jbHGOB1uwNZ uK96Mz6CBo0U0JTyZtUZHdBc8chEi+GyPfBjI1IyraW0dfdyHcd4W3O2w0ZdOLsoPnSF WYrg== X-Gm-Message-State: AOAM531kdEbyQAVyIqWmZldBxZxiDY2dNIDVSvJDeqMSpxQmBcGvSNBc RpN+dG9FmLKNMn2v2OS284zTE/knwCADNL9vSUfr+g== X-Received: by 2002:a05:6830:117:: with SMTP id i23mr12717618otp.365.1607339697581; Mon, 07 Dec 2020 03:14:57 -0800 (PST) MIME-Version: 1.0 References: <20201117181607.1761516-1-qperret@google.com> <20201117181607.1761516-17-qperret@google.com> <20201207102002.GA3825@willie-the-truck> <20201207110528.GA18365@C02TD0UTHF1T.local> In-Reply-To: <20201207110528.GA18365@C02TD0UTHF1T.local> From: Fuad Tabba Date: Mon, 7 Dec 2020 11:14:21 +0000 Message-ID: Subject: Re: [RFC PATCH 16/27] KVM: arm64: Prepare Hyp memory protection To: Mark Rutland Cc: Will Deacon , Quentin Perret , "moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)" , "open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE" , kernel-team@android.com, Android KVM , Catalin Marinas , open list , Rob Herring , Marc Zyngier , Frank Rowand , "open list:KERNEL VIRTUAL MACHINE FOR ARM64 (KVM/arm64)" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 7, 2020 at 11:05 AM Mark Rutland wrote: > > On Mon, Dec 07, 2020 at 10:20:03AM +0000, Will Deacon wrote: > > On Fri, Dec 04, 2020 at 06:01:52PM +0000, Quentin Perret wrote: > > > On Thursday 03 Dec 2020 at 12:57:33 (+0000), Fuad Tabba wrote: > > > > > > > > +SYM_FUNC_START(__kvm_init_switch_pgd) > > > > > + /* Turn the MMU off */ > > > > > + pre_disable_mmu_workaround > > > > > + mrs x2, sctlr_el2 > > > > > + bic x3, x2, #SCTLR_ELx_M > > > > > + msr sctlr_el2, x3 > > > > > + isb > > > > > + > > > > > + tlbi alle2 > > > > > + > > > > > + /* Install the new pgtables */ > > > > > + ldr x3, [x0, #NVHE_INIT_PGD_PA] > > > > > + phys_to_ttbr x4, x3 > > > > > +alternative_if ARM64_HAS_CNP > > > > > + orr x4, x4, #TTBR_CNP_BIT > > > > > +alternative_else_nop_endif > > > > > + msr ttbr0_el2, x4 > > > > > + > > > > > + /* Set the new stack pointer */ > > > > > + ldr x0, [x0, #NVHE_INIT_STACK_HYP_VA] > > > > > + mov sp, x0 > > > > > + > > > > > + /* And turn the MMU back on! */ > > > > > + dsb nsh > > > > > + isb > > > > > + msr sctlr_el2, x2 > > > > > + isb > > > > > + ret x1 > > > > > +SYM_FUNC_END(__kvm_init_switch_pgd) > > > > > + > > > > > > > > Should the instruction cache be flushed here (ic iallu), to discard > > > > speculatively fetched instructions? > > > > > > Hmm, Will? Thoughts? > > > > The I-cache is physically tagged, so not sure what invalidation would > > achieve here. Fuad -- what do you think could go wrong specifically? > > While the MMU is off, instruction fetches can be made from the PoC > rather than the PoU, so where instructions have been modified/copied and > not cleaned to the PoC, it's possible to fetch stale copies into the > I-caches. The physical tag doesn't prevent that. > > In the regular CPU boot paths, __enabble_mmu() has an IC IALLU after > enabling the MMU to ensure that we get rid of anything stale (e.g. so > secondaries don't miss ftrace patching, which is only cleaned to the > PoU). > > That might not be a problem here, if things are suitably padded and > never dynamically patched, but if so it's probably worth a comment. > > Fuad, is that the sort of thing you were considering, or did you have > additional concerns? No other concerns. Thanks Mark. /fuad