Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp2535995iob; Sun, 15 May 2022 23:33:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCXXXlJWB8uXbwGtQldIkN+NCcj5/czN0vWedwP+B6zJKNkFuTtY6iX/ATy6Mxe+wyuMXi X-Received: by 2002:a5d:47a7:0:b0:20c:5b3e:ff7 with SMTP id 7-20020a5d47a7000000b0020c5b3e0ff7mr13682830wrb.362.1652682827756; Sun, 15 May 2022 23:33:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652682827; cv=none; d=google.com; s=arc-20160816; b=eDX0pUKc7enKsPafHzv7e5MJrLIWv9F8iSF9FPmwWjCnVKl+cLOIqw7HvKMJjcRsub bte0Ig6Sty5mpL6UINC22xCDU4a3A4nYWT9Qk5kgMS/9HZobyfM8QyIk4Mskyb9Qcjwg uWVZ3ADp2XT7L1CAV28Lj1fIAcXpZK/eVI2452PKJAkEJK3wEDeko97e53BcbO1+9kYW usm4m6j0zHNxs3GGIoZUeXatHtGiB0bas+w4o+DA4cfVyJ/ouf1DTuxl2wQBdBEhvVQ0 KAl05aiC8tGDVR+gmWersyLNRqWIIAxfKK2XlEsc9/D3lM8yxwxCxel5t4jmbF7BxLL5 mKUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:in-reply-to :subject:cc:to:from:message-id:date:dkim-signature; bh=VHBnus2SBr5MULiYYk+2SlfNhjn02mAgm4DVcAwt6gs=; b=Cle3vSl3cvwKF4OrZbPfiYDqtSqj3jhqRp5RLCIQ1pmRUAFbIGHe24Qkm/jTV9QRsr 8DKEcOEPhjNKJu/CN0qEvouJB1xcAkHiU7KSNutyJsh6u/3hdrdUM0DRpV4dAdfLjH1W +DKpd2248Ln/A0CVvXrdop3ZInAQ0EaGeyk11d1Gg3wghzHa8v639luFgWzAEcLiuJ4c TLjtYsLn3K4CR8pRsgLIP7p2VpWJ499Wl/QslbmwFI3zYQ8QJo7pJ219enG3SR0ZS2k4 FPIaTh0wckXoro5Je83SojzsjIP1HTcdQyKu2lA/De5Mqe7emolYfOj2kzXWE+0WJAWq 73hQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g5SbddoS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g9-20020a5d64e9000000b0020cdfe239d3si9725695wri.581.2022.05.15.23.33.22; Sun, 15 May 2022 23:33:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g5SbddoS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236497AbiEOLK2 (ORCPT + 99 others); Sun, 15 May 2022 07:10:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236491AbiEOLKZ (ORCPT ); Sun, 15 May 2022 07:10:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 727D52B1A8 for ; Sun, 15 May 2022 04:10:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1175860F4C for ; Sun, 15 May 2022 11:10:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6FDB5C385B8; Sun, 15 May 2022 11:10:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1652613023; bh=Gd6CxhhQA+J6DDYWjHtSX7GWX+S+94nD0R96QSRYaAE=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=g5SbddoS4M/ze5TTryBJTUWICz/d4a/TFbo0VqwMBdC2BNWUF5g6sdJwSsL3hXnj/ jSYb3DlROc8QZ3FKIhXLCtQZwr6aX6SbK30Zlw16pkVfDmZO5D1iDylZZp7IiRyDgX ZpuIOYsWb0KHRNM364aUhjW8YMBd4UD1r0S27OtThr/TXmcjvVmL8vK+poR2kr3aXP BVrqnrJmkiifOnlk0uQpMwlByScCUpUJGtlvxX3p1QI9HPC7KFQ1+F55Wo7kH3Blm2 QXEfBJxjqCuBwPvTwCc+VmkJcOW5ZOU+m6+hocPiNzkMUU0WiSWqeKVfXYQrfOYwab vJ7rOgD5c13Tg== Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nqC8i-00BPt3-Re; Sun, 15 May 2022 12:10:20 +0100 Date: Sun, 15 May 2022 12:10:20 +0100 Message-ID: <87sfpb59wj.wl-maz@kernel.org> From: Marc Zyngier To: Quentin Perret Cc: James Morse , Alexandru Elisei , Suzuki K Poulose , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kernel-team@android.com Subject: Re: [PATCH] KVM: arm64: Don't hypercall before EL2 init In-Reply-To: <20220513092607.35233-1-qperret@google.com> References: <20220513092607.35233-1-qperret@google.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: qperret@google.com, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kernel-team@android.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 13 May 2022 10:26:07 +0100, Quentin Perret wrote: > > Will reported the following splat when running with Protected KVM > enabled: > > [ 2.427181] ------------[ cut here ]------------ > [ 2.427668] WARNING: CPU: 3 PID: 1 at arch/arm64/kvm/mmu.c:489 __create_hyp_private_mapping+0x118/0x1ac > [ 2.428424] Modules linked in: > [ 2.429040] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.18.0-rc2-00084-g8635adc4efc7 #1 > [ 2.429589] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 > [ 2.430286] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > [ 2.430734] pc : __create_hyp_private_mapping+0x118/0x1ac > [ 2.431091] lr : create_hyp_exec_mappings+0x40/0x80 > [ 2.431377] sp : ffff80000803baf0 > [ 2.431597] x29: ffff80000803bb00 x28: 0000000000000000 x27: 0000000000000000 > [ 2.432156] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 > [ 2.432561] x23: ffffcd96c343b000 x22: 0000000000000000 x21: ffff80000803bb40 > [ 2.433004] x20: 0000000000000004 x19: 0000000000001800 x18: 0000000000000000 > [ 2.433343] x17: 0003e68cf7efdd70 x16: 0000000000000004 x15: fffffc81f602a2c8 > [ 2.434053] x14: ffffdf8380000000 x13: ffffcd9573200000 x12: ffffcd96c343b000 > [ 2.434401] x11: 0000000000000004 x10: ffffcd96c1738000 x9 : 0000000000000004 > [ 2.434812] x8 : ffff80000803bb40 x7 : 7f7f7f7f7f7f7f7f x6 : 544f422effff306b > [ 2.435136] x5 : 000000008020001e x4 : ffff207d80a88c00 x3 : 0000000000000005 > [ 2.435480] x2 : 0000000000001800 x1 : 000000014f4ab800 x0 : 000000000badca11 > [ 2.436149] Call trace: > [ 2.436600] __create_hyp_private_mapping+0x118/0x1ac > [ 2.437576] create_hyp_exec_mappings+0x40/0x80 > [ 2.438180] kvm_init_vector_slots+0x180/0x194 > [ 2.458941] kvm_arch_init+0x80/0x274 > [ 2.459220] kvm_init+0x48/0x354 > [ 2.459416] arm_init+0x20/0x2c > [ 2.459601] do_one_initcall+0xbc/0x238 > [ 2.459809] do_initcall_level+0x94/0xb4 > [ 2.460043] do_initcalls+0x54/0x94 > [ 2.460228] do_basic_setup+0x1c/0x28 > [ 2.460407] kernel_init_freeable+0x110/0x178 > [ 2.460610] kernel_init+0x20/0x1a0 > [ 2.460817] ret_from_fork+0x10/0x20 > [ 2.461274] ---[ end trace 0000000000000000 ]--- > > Indeed, the Protected KVM mode promotes __create_hyp_private_mapping() > to a hypercall as EL1 no longer has access to the hypervisor's stage-1 > page-table. However, the call from kvm_init_vector_slots() happens after > pKVM has been initialized on the primary CPU, but before it has been > initialized on secondaries. As such, if the KVM initcall procedure is > migrated from one CPU to another in this window, the hypercall may end up > running on a CPU for which EL2 has not been initialized. > > Fortunately, the pKVM hypervisor doesn't rely on the host to re-map the > vectors in the private range, so the hypercall in question is in fact > superfluous. Skip it when pKVM is enabled. > > Reported-by: Will Deacon > Signed-off-by: Quentin Perret > --- > arch/arm64/kvm/arm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c > index 523bc934fe2f..7347c133efc4 100644 > --- a/arch/arm64/kvm/arm.c > +++ b/arch/arm64/kvm/arm.c > @@ -1436,7 +1436,7 @@ static int kvm_init_vector_slots(void) > base = kern_hyp_va(kvm_ksym_ref(__bp_harden_hyp_vecs)); > kvm_init_vector_slot(base, HYP_VECTOR_SPECTRE_DIRECT); > > - if (kvm_system_needs_idmapped_vectors() && !has_vhe()) { > + if (kvm_system_needs_idmapped_vectors() && !has_vhe() && !is_protected_kvm_enabled()) { > err = create_hyp_exec_mappings(__pa_symbol(__bp_harden_hyp_vecs), > __BP_HARDEN_HYP_VECS_SZ, &base); > if (err) Can we simplify the condition? ARM64_SPECTRE_V3A is only set when !VHE, and we already bail in kvm_patch_vector_branch() if we see VHE+V3A, because the combination makes no sense at all. I think this can be rewritten as: if (kvm_system_needs_idmapped_vectors() && !is_protected_lvm_enabled()) Thoughts? M. -- Without deviation from the norm, progress is not possible.