Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp5977786rwl; Wed, 22 Mar 2023 05:05:36 -0700 (PDT) X-Google-Smtp-Source: AK7set//b+GCS1jHGnO9/A2c4jGuseiYVdxzAmh4u0gOg7BTbjdgu3ogwAkZ6ty83z5z7Mw3nL9g X-Received: by 2002:a05:6a20:ce15:b0:da:35d1:c474 with SMTP id ic21-20020a056a20ce1500b000da35d1c474mr4475139pzb.62.1679486736128; Wed, 22 Mar 2023 05:05:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679486736; cv=none; d=google.com; s=arc-20160816; b=pr2q10mmfzl9LKI72FlR5srfjKkgnzIOfZD5HyeEvAgtDY6HJUg8Dkt1iDuP6Yg27b vAWRPTI6mbXjDSs+My8b3jyptkycPLV5HkaokE4BfFKs2bOTLpk6veY9r+PAA4J7FQUo 8cwbWDe0E3PqXxPDHQlOTns3ZqHWiESK9/bYpJQLW/1LDEwaK2caYCbvH6QoQQHD/Vba QzPyx2H6KBO8vJxQB/6D3xnLw2RoJlvoURh2yQVb9Kl8Z0BBprmilDwHg4vDro6LDCvg 6WGziPi0q0e8+LqhnMO79I9OvZUGrpmVIfGDQt3Q3fMxGz82fGqKfpQHxgWWcaWWHsmP a1CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=OjfA+PztC1azyGuMvg9WfyL1y1Tg4qWkWiudpRsndoQ=; b=ZhrKDOlsOeswN7c+AD2RRqMaFKX207Ss/hfDG6JfKX14YeAfQogsjScYQZbBDJKcJQ SPVhgHRQMJunELCjug8lma9HbEl1R0HT4dPmZXbSO/bv8dRuzPsHmZdQGQ4OgsPuei7H mvlleRCugo9OxSIMzfd0Kr4jLlblFAq7VsuVRLmNG/8YAk5Aeq2F2HjdI9Dv/6+aXVnX QS0mNUyyPUIScVIPZq7VRN23QYaimJbZF/od5W7jkDn/JLx1Brwi9tu0vEBhzDTLGydL dhiDUyfDxuDLjWZ/NAOXWuIC1YgoTkQJf2jwGV1pAuc80ujy5vWSqGaa+7QzZJouH/AE J6RQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a191-20020a6390c8000000b00502f1a79abbsi15755192pge.619.2023.03.22.05.05.10; Wed, 22 Mar 2023 05:05:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230046AbjCVLv0 (ORCPT + 99 others); Wed, 22 Mar 2023 07:51:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229476AbjCVLvZ (ORCPT ); Wed, 22 Mar 2023 07:51:25 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1A6D2E6; Wed, 22 Mar 2023 04:51:24 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D06524B3; Wed, 22 Mar 2023 04:52:07 -0700 (PDT) Received: from [10.57.53.137] (unknown [10.57.53.137]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B2E553F67D; Wed, 22 Mar 2023 04:51:20 -0700 (PDT) Message-ID: <2a944bb7-23d0-7b49-90c2-5bcf8da694b0@arm.com> Date: Wed, 22 Mar 2023 11:51:18 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [RFC PATCH 15/28] KVM: arm64: Handle realm MMIO emulation Content-Language: en-GB To: Zhi Wang Cc: kvm@vger.kernel.org, kvmarm@lists.linux.dev, Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Suzuki K Poulose , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev References: <20230127112248.136810-1-suzuki.poulose@arm.com> <20230127112932.38045-1-steven.price@arm.com> <20230127112932.38045-16-steven.price@arm.com> <20230306173751.000026d4@gmail.com> <20230314174436.0000584d@gmail.com> From: Steven Price In-Reply-To: <20230314174436.0000584d@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.3 required=5.0 tests=NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14/03/2023 15:44, Zhi Wang wrote: > On Fri, 10 Mar 2023 15:47:14 +0000 > Steven Price wrote: > >> On 06/03/2023 15:37, Zhi Wang wrote: >>> On Fri, 27 Jan 2023 11:29:19 +0000 >>> Steven Price wrote: >>> >>>> MMIO emulation for a realm cannot be done directly with the VM's >>>> registers as they are protected from the host. However the RMM interface >>>> provides a structure member for providing the read/written value and >>> >>> More details would be better for helping the review. I can only see the >>> emulated mmio value from the device model (kvmtool or kvm_io_bus) is put into >>> the GPRS[0] of the RecEntry object. But the rest of the flow is missing. >> >> The commit message is out of date (sorry about that). A previous version >> of the spec had a dedicated member for the read/write value, but this >> was changed to just use GPRS[0] as you've spotted. I'll update the text. >> >>> I guess RMM copies the value in the RecEntry.GPRS[0] to the target GPR in the >>> guest context in RMI_REC_ENTER when seeing RMI_EMULATED_MMIO. This is for >>> the guest MMIO read path. >> >> Yes, when entering the guest after an (emulatable) read data abort the >> value in GPRS[0] is loaded from the RecEntry structure into the >> appropriate register for the guest. >> >>> How about the MMIO write path? I don't see where the RecExit.GPRS[0] is loaded >>> to a varible and returned to the userspace. >> > > ----- >> The RMM will populate GPRS[0] with the written value in this case (even >> if another register was actually used in the instruction). We then >> transfer that to the usual VCPU structure so that the normal fault >> handling logic works. >> > ----- > > Are these in this patch or another patch? The RMM (not included in this particular series[1]) sets the first element of the 'GPRS' array which is in memory shared with the host. The Linux half to populate the vcpu structure is in the previous patch: +static int rec_exit_sync_dabt(struct kvm_vcpu *vcpu) +{ + struct rec *rec = &vcpu->arch.rec; + + if (kvm_vcpu_dabt_iswrite(vcpu) && kvm_vcpu_dabt_isvalid(vcpu)) + vcpu_set_reg(vcpu, kvm_vcpu_dabt_get_rd(vcpu), + rec->run->exit.gprs[0]); + + return kvm_handle_guest_abort(vcpu); +} I guess it might make sense to pull the 'if' statement out of the previous patch and into this one to keep all the MMIO code together. Steve [1] This Linux code is written against the RMM specification and in theory could work with any RMM implementation. But the TF RMM is open source, so I can point you at the assignment in the latest commit here: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/runtime/core/exit.c?id=d294b1b05e8d234d32684a982552aa2a17fb9157#n264 >>>> we can transfer this to the appropriate VCPU's register entry and then >>>> depend on the generic MMIO handling code in KVM. >>>> >>>> Signed-off-by: Steven Price >>>> --- >>>> arch/arm64/kvm/mmio.c | 7 +++++++ >>>> 1 file changed, 7 insertions(+) >>>> >>>> diff --git a/arch/arm64/kvm/mmio.c b/arch/arm64/kvm/mmio.c >>>> index 3dd38a151d2a..c4879fa3a8d3 100644 >>>> --- a/arch/arm64/kvm/mmio.c >>>> +++ b/arch/arm64/kvm/mmio.c >>>> @@ -6,6 +6,7 @@ >>>> >>>> #include >>>> #include >>>> +#include >>>> #include >>>> >>>> #include "trace.h" >>>> @@ -109,6 +110,9 @@ int kvm_handle_mmio_return(struct kvm_vcpu *vcpu) >>>> &data); >>>> data = vcpu_data_host_to_guest(vcpu, data, len); >>>> vcpu_set_reg(vcpu, kvm_vcpu_dabt_get_rd(vcpu), data); >>>> + >>>> + if (vcpu_is_rec(vcpu)) >>>> + vcpu->arch.rec.run->entry.gprs[0] = data; >>> >>> I think the guest context is maintained by RMM (while KVM can only touch >>> Rec{Entry, Exit} object) so that guest context in the legacy VHE mode is >>> unused. >>> >>> If yes, I guess here is should be: >>> >>> if (unlikely(vcpu_is_rec(vcpu))) >>> vcpu->arch.rec.run->entry.gprs[0] = data; >>> else >>> vcpu_set_reg(vcpu, kvm_vcpu_dabt_get_rd(vcpu), data); >> >> Correct. Although there's no harm in updating with vcpu_set_reg(). But >> I'll make the change because it's clearer. >> >>>> } >>>> >>>> /* >>>> @@ -179,6 +183,9 @@ int io_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa) >>>> run->mmio.len = len; >>>> vcpu->mmio_needed = 1; >>>> >>>> + if (vcpu_is_rec(vcpu)) >>>> + vcpu->arch.rec.run->entry.flags |= RMI_EMULATED_MMIO; >>>> + >>> >>> Wouldn't it be better to set this in the kvm_handle_mmio_return where the MMIO >>> read emulation has been surely successful? >> >> Yes, that makes sense - I'll move this. >> >> Thanks, >> >> Steve >> >>>> if (!ret) { >>>> /* We handled the access successfully in the kernel. */ >>>> if (!is_write) >>> >> >