Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp1158327rwe; Thu, 25 Aug 2022 17:10:17 -0700 (PDT) X-Google-Smtp-Source: AA6agR4ZCBvdpZuaCLMC1PtxOJjrb6CmFPct2tjQldpzYsfsPFQJnNzNPRrp4CobDu1rg5Hr/VqX X-Received: by 2002:a65:6290:0:b0:422:4a8f:c687 with SMTP id f16-20020a656290000000b004224a8fc687mr1221909pgv.57.1661472617409; Thu, 25 Aug 2022 17:10:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661472617; cv=none; d=google.com; s=arc-20160816; b=gbBFRz7auxbdivM3Ecr21ati4Dtj9p8VEjr7Kc7Y8dE9D9dPgv5M0e9jb615yJqjj5 ERU1AJOuN9+pgsf6YsceuOOJZhPdRkUwPhEgXgA6j4Je/j8hJO5SK1VBEFTEBcjjWHmF 1oYRxNaSSZahgiZqcjDgqi5hs8ywDxsZLY6TBlIat5FZInkBYvWhpi5afmMNyTQ8TSaN 2qwWgRt4TzE55HFBQa7BtjNjDlMqetIA0xTi5ii0Eg81PaxltKA59jyTE3os25IZtzUE 0IIfOSN+ZjAWqsv6d7fmcS95tkUhdyH4Z0KXqL/ltkQbxuEqd1VikDiTwxyUDNPp9KDF XhAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=gMN8DAWXzBJk9iSBUfW/QyFFZWZuY8KBpYav4gTwpSU=; b=0hHyk8oajwCWw21KG2scMAB8HKH7utu+ad8a5NuttlZ8GnMm501xzUWeYhE48Nyfj3 eBpMu7aTSoEXdjsnhCSpjkIvI8oQUPXflle3NYYEpJFLQDD8zr3XKhtmyVO85FxZ35if 7pYY5c0bbcR9cZd494JmW7pXhmuDyfMohD7EAR8CeCa38nVrNeH3V9a5fWrTtIBDZOT0 XkWNl5cQa4RHB6PfW9igscM6gsvx67xQ+inRHLk26CLl41JLmypcz8m+cSVTlvhcjrKO LQLXOVfkhhzmv5BqVXc70nJj9V6JzqpZBmnAlpSCpQgqmth+6XY+ZL3E2ObciWf5srUX Tuhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="k/VnPS3A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e4-20020a170902ef4400b0016caa701d5bsi275180plx.487.2022.08.25.17.10.06; Thu, 25 Aug 2022 17:10:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="k/VnPS3A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244546AbiHYX0B (ORCPT + 99 others); Thu, 25 Aug 2022 19:26:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244336AbiHYXZf (ORCPT ); Thu, 25 Aug 2022 19:25:35 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E02BD57552 for ; Thu, 25 Aug 2022 16:25:33 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id e9-20020aa78249000000b00537a62a6175so1052991pfn.20 for ; Thu, 25 Aug 2022 16:25:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc; bh=gMN8DAWXzBJk9iSBUfW/QyFFZWZuY8KBpYav4gTwpSU=; b=k/VnPS3Avcyf8y12Dai2ATcxUmpDEFAlHtqHWSKGhxjT4Vhlo5GsmzjzRovXIQoToK /cVnaYr1ykESlLVNNK+t2ufwentaza0JW4BtboHI9Qw5XauRoBxkJ/LyoQWOKOFiEGSS n2G3NVh/e1Mqwx+mvIROA5QEpmujoLPwX5icVZ2O/E1FhBbbE5MyCHYy3lBaAPoGMPyB Fbql0NmIiOpXf61dCJzjhY8uPTCZSQNe9T+DA4FM9plfxEWLbxHR+3oVvrcvveq/goce vvXk5VPAuVoOQ8+nMdblfbru4J2Ipl2Jcjxwm/E9+nZvI14q8jW5EE1Fu7yGL6JMksCY 94aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=gMN8DAWXzBJk9iSBUfW/QyFFZWZuY8KBpYav4gTwpSU=; b=GjEAcTvbuO7BVqZabrnsF4Vsy8REW85Jy5ooGYVOwj3WWhk9WEXAy/x1NE9gJxblFp DoilY9c/b7TXDLIkAHcaDAEKcbVmnaIzFbDFmvtIpYasjtOHCYeTYkyqdcikNpKP18rV ynE8AHMrhrcrn4VHRsciSaN4OT5l6YHe48xt8smDmMRkZZNN36FJ+FDJ358sA1OTxeXI rBkT9G6SlzoGhXoG8ih0zGoelMMINg/kqLIerQJW5mRY/UD4mtvG02oYXJdWDaFR3TkU zM54M7y8vQd00IHwJP6Lv55/SFgf9zONUbyYKb5q4QdpVxstBltWxsSh8hf2Ofbda1Bh nuEQ== X-Gm-Message-State: ACgBeo1HwDQ0w+ouLj/h42TJjThk+dZJ8gthjRX7xUy3Eo+Z4gkmeEYT 2JaxadMgsRiRLQwP7Bqjp9zPX9B9Yqw= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:10ca:b0:536:ec31:827c with SMTP id d10-20020a056a0010ca00b00536ec31827cmr1221322pfu.67.1661469933060; Thu, 25 Aug 2022 16:25:33 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 25 Aug 2022 23:25:20 +0000 In-Reply-To: <20220825232522.3997340-1-seanjc@google.com> Mime-Version: 1.0 References: <20220825232522.3997340-1-seanjc@google.com> X-Mailer: git-send-email 2.37.2.672.g94769d06f0-goog Message-ID: <20220825232522.3997340-6-seanjc@google.com> Subject: [PATCH v5 5/7] KVM: selftests: Make arm64's MMIO ucall multi-VM friendly From: Sean Christopherson To: Paolo Bonzini , Marc Zyngier , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Nathan Chancellor , Nick Desaulniers Cc: James Morse , Alexandru Elisei , Suzuki K Poulose , Oliver Upton , Atish Patra , David Hildenbrand , Tom Rix , kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Colton Lewis , Peter Gonda , Andrew Jones , Sean Christopherson Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Fix a mostly-theoretical bug where ARM's ucall MMIO setup could result in different VMs stomping on each other by cloberring the global pointer. Fix the most obvious issue by saving the MMIO gpa into the VM. A more subtle bug is that creating VMs in parallel (on multiple tasks) could result in a VM using the wrong address. Synchronizing a global to a guest effectively snapshots the value on a per-VM basis, i.e. the "global" is already prepped to work with multiple VMs, but setting the global in the host is not thread-safe. To fix that bug, add write_guest_global() to allow stuffing a VM's copy of a "global" without modifying the host value. Signed-off-by: Sean Christopherson --- .../selftests/kvm/include/kvm_util_base.h | 15 +++++++++++++++ .../testing/selftests/kvm/lib/aarch64/ucall.c | 19 ++++++++++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h index 24fde97f6121..59d52b58a1a6 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -16,6 +16,7 @@ #include #include "linux/rbtree.h" +#include #include @@ -81,6 +82,7 @@ struct kvm_vm { struct sparsebit *vpages_mapped; bool has_irqchip; bool pgd_created; + vm_paddr_t ucall_mmio_addr; vm_paddr_t pgd; vm_vaddr_t gdt; vm_vaddr_t tss; @@ -714,6 +716,19 @@ kvm_userspace_memory_region_find(struct kvm_vm *vm, uint64_t start, memcpy(&(g), _p, sizeof(g)); \ }) +/* + * Write a global value, but only in the VM's (guest's) domain. Primarily used + * for "globals" that hold per-VM values (VMs always duplicate code and global + * data into their own region of physical memory), but can be used anytime it's + * undesirable to change the host's copy of the global. + */ +#define write_guest_global(vm, g, val) ({ \ + typeof(g) *_p = addr_gva2hva(vm, (vm_vaddr_t)&(g)); \ + typeof(g) _val = val; \ + \ + memcpy(_p, &(_val), sizeof(g)); \ +}) + void assert_on_unhandled_exception(struct kvm_vcpu *vcpu); void vcpu_arch_dump(FILE *stream, struct kvm_vcpu *vcpu, diff --git a/tools/testing/selftests/kvm/lib/aarch64/ucall.c b/tools/testing/selftests/kvm/lib/aarch64/ucall.c index f02ae27c3e43..1c38bd260f90 100644 --- a/tools/testing/selftests/kvm/lib/aarch64/ucall.c +++ b/tools/testing/selftests/kvm/lib/aarch64/ucall.c @@ -6,20 +6,29 @@ */ #include "kvm_util.h" +/* + * ucall_exit_mmio_addr holds per-VM values (global data is duplicated by each + * VM), it must not be accessed from host code. + */ static vm_vaddr_t *ucall_exit_mmio_addr; +static void ucall_set_mmio_addr(struct kvm_vm *vm, vm_paddr_t mmio_gpa) +{ + vm->ucall_mmio_addr = mmio_gpa; + + write_guest_global(vm, ucall_exit_mmio_addr, (vm_vaddr_t *)mmio_gpa); +} + void ucall_arch_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa) { virt_pg_map(vm, mmio_gpa, mmio_gpa); - ucall_exit_mmio_addr = (vm_vaddr_t *)mmio_gpa; - sync_global_to_guest(vm, ucall_exit_mmio_addr); + ucall_set_mmio_addr(vm, mmio_gpa); } void ucall_arch_uninit(struct kvm_vm *vm) { - ucall_exit_mmio_addr = 0; - sync_global_to_guest(vm, ucall_exit_mmio_addr); + ucall_set_mmio_addr(vm, (vm_paddr_t)NULL); } void ucall_arch_do_ucall(vm_vaddr_t uc) @@ -32,7 +41,7 @@ void *ucall_arch_get_ucall(struct kvm_vcpu *vcpu) struct kvm_run *run = vcpu->run; if (run->exit_reason == KVM_EXIT_MMIO && - run->mmio.phys_addr == (uint64_t)ucall_exit_mmio_addr) { + run->mmio.phys_addr == vcpu->vm->ucall_mmio_addr) { vm_vaddr_t gva; TEST_ASSERT(run->mmio.is_write && run->mmio.len == 8, -- 2.37.2.672.g94769d06f0-goog