| Message ID | 20200323113227.3169-3-beata.michalska@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | target/arm: kvm: Support for KVM DABT with no valid ISS | expand |
On 3/23/20 4:32 AM, Beata Michalska wrote: > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */ Is there a reason these are uint8_t and not bool? r~
On Mon, 23 Mar 2020 at 18:44, Richard Henderson <richard.henderson@linaro.org> wrote: > > On 3/23/20 4:32 AM, Beata Michalska wrote: > > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ > > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */ > > Is there a reason these are uint8_t and not bool? > > The ext_dabt_pending is reflecting the KVM type. The ext_dabt_raised is following that one. BR Beata > r~
On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote: > Injecting external data abort through KVM might trigger > an issue on kernels that do not get updated to include the KVM fix. > For those and aarch32 guests, the injected abort gets misconfigured > to be an implementation defined exception. This leads to the guest > repeatedly re-running the faulting instruction. > > Add support for handling that case. > [ > Fixed-by: 018f22f95e8a > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') > Fixed-by: 21aecdbd7f3a > ('KVM: arm: Make inject_abt32() inject an external abort instead') > ] > > Signed-off-by: Beata Michalska <beata.michalska@linaro.org> > --- > target/arm/cpu.h | 1 + > target/arm/kvm.c | 30 +++++++++++++++++++++++++++++- > target/arm/kvm32.c | 25 +++++++++++++++++++++++++ > target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++ > target/arm/kvm_arm.h | 10 ++++++++++ > 5 files changed, 99 insertions(+), 1 deletion(-) > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h > index 4f834c1..868afc6 100644 > --- a/target/arm/cpu.h > +++ b/target/arm/cpu.h > @@ -561,6 +561,7 @@ typedef struct CPUARMState { > } serror; > > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */ > > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */ > uint32_t irq_line_state; > diff --git a/target/arm/kvm.c b/target/arm/kvm.c > index c088589..58ad734 100644 > --- a/target/arm/kvm.c > +++ b/target/arm/kvm.c > @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu) > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events); > if (ret) { > error_report("failed to put vcpu events"); > - } else { > + } else if (env->ext_dabt_pending) { > + /* > + * Mark that the external DABT has been injected, > + * if one has been requested > + */ > + env->ext_dabt_raised = env->ext_dabt_pending; > /* Clear instantly if the call was successful */ > env->ext_dabt_pending = 0; > } > @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu) > > void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run) > { > + ARMCPU *cpu = ARM_CPU(cs); > + CPUARMState *env = &cpu->env; > + > + if (unlikely(env->ext_dabt_raised)) { > + /* > + * Verifying that the ext DABT has been properly injected, > + * otherwise risking indefinitely re-running the faulting instruction > + * Covering a very narrow case for kernels 5.5..5.5.4 > + * when injected abort was misconfigured to be > + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1) > + */ > + if (!arm_feature(env, ARM_FEATURE_AARCH64) && > + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) { > + > + error_report("Data abort exception with no valid ISS generated by " > + "guest memory access. KVM unable to emulate faulting " > + "instruction. Failed to inject an external data abort " > + "into the guest."); > + abort(); > + } > + /* Clear the status */ > + env->ext_dabt_raised = 0; > + } > } > > MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run) > diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c > index f271181..86c4fe7 100644 > --- a/target/arm/kvm32.c > +++ b/target/arm/kvm32.c > @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs) > { > qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__); > } > + > +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0) > +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2) > + > +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F) > +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08 We should put () around the whole ?: expression when it's in a macro > + > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) > +{ > + uint32_t dfsr_val; > + > + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) { > + ARMCPU *cpu = ARM_CPU(cs); > + CPUARMState *env = &cpu->env; > + uint32_t ttbcr; > + int lpae = 0; > + > + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) { > + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE); > + } > + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae)); !(a != b) is a convoluted way to write a == b > + } > + return false; > +} > + > diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c > index be5b31c..18594e9 100644 > --- a/target/arm/kvm64.c > +++ b/target/arm/kvm64.c > @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit) > > return false; > } > + > +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0) > +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2) > + > +#define ESR_DFSC(aarch64, v) \ > + ((aarch64) ? ((v) & 0x3F) \ > + : (((v) >> 6 | (v)) & 0x1F)) > + > +#define ESR_DFSC_EXTABT(aarch64, lpae) \ > + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8) > + > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) > +{ > + uint64_t dfsr_val; > + > + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) { > + ARMCPU *cpu = ARM_CPU(cs); > + CPUARMState *env = &cpu->env; > + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64); > + int lpae = 0; > + > + if (!aarch64_mode) { > + uint64_t ttbcr; > + > + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) { > + lpae = arm_feature(env, ARM_FEATURE_LPAE) > + && (ttbcr & TTBCR_EAE); > + } > + } > + return !(ESR_DFSC(aarch64_mode, dfsr_val) != > + ESR_DFSC_EXTABT(aarch64_mode, lpae)); a == b, please > + } > + return false; > +} > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h > index 39472d5..f2dc6a2 100644 > --- a/target/arm/kvm_arm.h > +++ b/target/arm/kvm_arm.h > @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr); > int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss, > uint64_t fault_ipa); > /** > + * kvm_arm_verify_ext_dabt_pending: > + * @cs: CPUState > + * > + * Verify the fault status code wrt the Ext DABT injection > + * > + * Returns: true if the fault status code is as expected, false otherwise > + */ > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs); > + > +/** > * its_class_name: > * > * Return the ITS class name to use depending on whether KVM acceleration > -- > 2.7.4 > > I'll leave the decision to take this KVM bug workaround patch at all to Peter, and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending is doing what it claims it's doing, so I'm reluctant to give an r-b on this patch. But, as far as the code goes, besides the comments above, it looks fine to me. Thanks, drew
On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote: > > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote: > > Injecting external data abort through KVM might trigger > > an issue on kernels that do not get updated to include the KVM fix. > > For those and aarch32 guests, the injected abort gets misconfigured > > to be an implementation defined exception. This leads to the guest > > repeatedly re-running the faulting instruction. > > > > Add support for handling that case. > > [ > > Fixed-by: 018f22f95e8a > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') > > Fixed-by: 21aecdbd7f3a > > ('KVM: arm: Make inject_abt32() inject an external abort instead') > > ] > > > I'll leave the decision to take this KVM bug workaround patch at all to Peter, > and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending > is doing what it claims it's doing, so I'm reluctant to give an r-b on > this patch. But, as far as the code goes, besides the comments above, it > looks fine to me. I think that having the workaround for the broken kernels is reasonable (in fact it might have been my suggestion). thanks -- PMM
On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote: > > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote: > > Injecting external data abort through KVM might trigger > > an issue on kernels that do not get updated to include the KVM fix. > > For those and aarch32 guests, the injected abort gets misconfigured > > to be an implementation defined exception. This leads to the guest > > repeatedly re-running the faulting instruction. > > > > Add support for handling that case. > > [ > > Fixed-by: 018f22f95e8a > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') > > Fixed-by: 21aecdbd7f3a > > ('KVM: arm: Make inject_abt32() inject an external abort instead') > > ] > > > > Signed-off-by: Beata Michalska <beata.michalska@linaro.org> > > --- > > target/arm/cpu.h | 1 + > > target/arm/kvm.c | 30 +++++++++++++++++++++++++++++- > > target/arm/kvm32.c | 25 +++++++++++++++++++++++++ > > target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++ > > target/arm/kvm_arm.h | 10 ++++++++++ > > 5 files changed, 99 insertions(+), 1 deletion(-) > > > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h > > index 4f834c1..868afc6 100644 > > --- a/target/arm/cpu.h > > +++ b/target/arm/cpu.h > > @@ -561,6 +561,7 @@ typedef struct CPUARMState { > > } serror; > > > > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ > > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */ > > > > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */ > > uint32_t irq_line_state; > > diff --git a/target/arm/kvm.c b/target/arm/kvm.c > > index c088589..58ad734 100644 > > --- a/target/arm/kvm.c > > +++ b/target/arm/kvm.c > > @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu) > > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events); > > if (ret) { > > error_report("failed to put vcpu events"); > > - } else { > > + } else if (env->ext_dabt_pending) { > > + /* > > + * Mark that the external DABT has been injected, > > + * if one has been requested > > + */ > > + env->ext_dabt_raised = env->ext_dabt_pending; > > /* Clear instantly if the call was successful */ > > env->ext_dabt_pending = 0; > > } > > @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu) > > > > void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run) > > { > > + ARMCPU *cpu = ARM_CPU(cs); > > + CPUARMState *env = &cpu->env; > > + > > + if (unlikely(env->ext_dabt_raised)) { > > + /* > > + * Verifying that the ext DABT has been properly injected, > > + * otherwise risking indefinitely re-running the faulting instruction > > + * Covering a very narrow case for kernels 5.5..5.5.4 > > + * when injected abort was misconfigured to be > > + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1) > > + */ > > + if (!arm_feature(env, ARM_FEATURE_AARCH64) && > > + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) { > > + > > + error_report("Data abort exception with no valid ISS generated by " > > + "guest memory access. KVM unable to emulate faulting " > > + "instruction. Failed to inject an external data abort " > > + "into the guest."); > > + abort(); > > + } > > + /* Clear the status */ > > + env->ext_dabt_raised = 0; > > + } > > } > > > > MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run) > > diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c > > index f271181..86c4fe7 100644 > > --- a/target/arm/kvm32.c > > +++ b/target/arm/kvm32.c > > @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs) > > { > > qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__); > > } > > + > > +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0) > > +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2) > > + > > +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F) > > +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08 > > We should put () around the whole ?: expression when it's in a macro > > > + > > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) > > +{ > > + uint32_t dfsr_val; > > + > > + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) { > > + ARMCPU *cpu = ARM_CPU(cs); > > + CPUARMState *env = &cpu->env; > > + uint32_t ttbcr; > > + int lpae = 0; > > + > > + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) { > > + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE); > > + } > > + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae)); > > !(a != b) is a convoluted way to write a == b > > > + } > > + return false; > > +} > > + > > diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c > > index be5b31c..18594e9 100644 > > --- a/target/arm/kvm64.c > > +++ b/target/arm/kvm64.c > > @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit) > > > > return false; > > } > > + > > +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0) > > +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2) > > + > > +#define ESR_DFSC(aarch64, v) \ > > + ((aarch64) ? ((v) & 0x3F) \ > > + : (((v) >> 6 | (v)) & 0x1F)) > > + > > +#define ESR_DFSC_EXTABT(aarch64, lpae) \ > > + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8) > > + > > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) > > +{ > > + uint64_t dfsr_val; > > + > > + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) { > > + ARMCPU *cpu = ARM_CPU(cs); > > + CPUARMState *env = &cpu->env; > > + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64); > > + int lpae = 0; > > + > > + if (!aarch64_mode) { > > + uint64_t ttbcr; > > + > > + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) { > > + lpae = arm_feature(env, ARM_FEATURE_LPAE) > > + && (ttbcr & TTBCR_EAE); > > + } > > + } > > + return !(ESR_DFSC(aarch64_mode, dfsr_val) != > > + ESR_DFSC_EXTABT(aarch64_mode, lpae)); > > a == b, please > > > + } > > + return false; > > +} > > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h > > index 39472d5..f2dc6a2 100644 > > --- a/target/arm/kvm_arm.h > > +++ b/target/arm/kvm_arm.h > > @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr); > > int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss, > > uint64_t fault_ipa); > > /** > > + * kvm_arm_verify_ext_dabt_pending: > > + * @cs: CPUState > > + * > > + * Verify the fault status code wrt the Ext DABT injection > > + * > > + * Returns: true if the fault status code is as expected, false otherwise > > + */ > > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs); > > + > > +/** > > * its_class_name: > > * > > * Return the ITS class name to use depending on whether KVM acceleration > > -- > > 2.7.4 > > > > > > I'll leave the decision to take this KVM bug workaround patch at all to Peter, > and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending > is doing what it claims it's doing, so I'm reluctant to give an r-b on > this patch. But, as far as the code goes, besides the comments above, it > looks fine to me. > Thanks for the feedback. Will apply the changes for the next version. BR Beata > Thanks, > drew > <div><br> <br> On Fri, 3 Apr 2020 at 09:44, Andrew Jones <<a href="mailto:drjones@redhat.com" target="_blank">drjones@redhat.com</a>> wrote:<br> ><br></div><div> > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:<br> > > Injecting external data abort through KVM might trigger<br> > > an issue on kernels that do not get updated to include the KVM fix.<br> > > For those and aarch32 guests, the injected abort gets misconfigured<br> > > to be an implementation defined exception. This leads to the guest<br> > > repeatedly re-running the faulting instruction.<br> > ><br> > > Add support for handling that case.<br> > > [<br> > > Fixed-by: 018f22f95e8a<br> > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')<br> > > Fixed-by: 21aecdbd7f3a<br> > > ('KVM: arm: Make inject_abt32() inject an external abort instead')<br> > > ]<br> > ><br> > > Signed-off-by: Beata Michalska <<a href="mailto:beata.michalska@linaro.org" target="_blank">beata.michalska@linaro.org</a>><br> > > ---<br> > > target/arm/cpu.h | 1 +<br> > > target/arm/kvm.c | 30 +++++++++++++++++++++++++++++-<br> > > target/arm/kvm32.c | 25 +++++++++++++++++++++++++<br> > > target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++<br> > > target/arm/kvm_arm.h | 10 ++++++++++<br> > > 5 files changed, 99 insertions(+), 1 deletion(-)<br> > ><br> > > diff --git a/target/arm/cpu.h b/target/arm/cpu.h<br> > > index 4f834c1..868afc6 100644<br> > > --- a/target/arm/cpu.h<br> > > +++ b/target/arm/cpu.h<br> > > @@ -561,6 +561,7 @@ typedef struct CPUARMState {<br> > > } serror;<br> > ><br> > > uint8_t ext_dabt_pending; /* Request for injecting ext DABT */<br> > > + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */<br> > ><br> > > /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */<br> > > uint32_t irq_line_state;<br> > > diff --git a/target/arm/kvm.c b/target/arm/kvm.c<br> > > index c088589..58ad734 100644<br> > > --- a/target/arm/kvm.c<br> > > +++ b/target/arm/kvm.c<br> > > @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu)<br> > > ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);<br> > > if (ret) {<br> > > error_report("failed to put vcpu events");<br> > > - } else {<br> > > + } else if (env->ext_dabt_pending) {<br> > > + /*<br> > > + * Mark that the external DABT has been injected,<br> > > + * if one has been requested<br> > > + */<br> > > + env->ext_dabt_raised = env->ext_dabt_pending;<br> > > /* Clear instantly if the call was successful */<br> > > env->ext_dabt_pending = 0;<br> > > }<br> > > @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)<br> > ><br> > > void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)<br> > > {<br> > > + ARMCPU *cpu = ARM_CPU(cs);<br> > > + CPUARMState *env = &cpu->env;<br> > > +<br> > > + if (unlikely(env->ext_dabt_raised)) {<br> > > + /*<br> > > + * Verifying that the ext DABT has been properly injected,<br> > > + * otherwise risking indefinitely re-running the faulting instruction<br> > > + * Covering a very narrow case for kernels 5.5..5.5.4<br> > > + * when injected abort was misconfigured to be<br> > > + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)<br> > > + */<br> > > + if (!arm_feature(env, ARM_FEATURE_AARCH64) &&<br> > > + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {<br> > > +<br> > > + error_report("Data abort exception with no valid ISS generated by "<br> > > + "guest memory access. KVM unable to emulate faulting "<br> > > + "instruction. Failed to inject an external data abort "<br> > > + "into the guest.");<br> > > + abort();<br> > > + }<br> > > + /* Clear the status */<br> > > + env->ext_dabt_raised = 0;<br> > > + }<br> > > }<br> > ><br> > > MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)<br> > > diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c<br> > > index f271181..86c4fe7 100644<br> > > --- a/target/arm/kvm32.c<br> > > +++ b/target/arm/kvm32.c<br> > > @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs)<br> > > {<br> > > qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);<br> > > }<br> > > +<br> > > +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)<br> > > +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)<br> > > +<br> > > +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F)<br> > > +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08<br> ><br> > We should put () around the whole ?: expression when it's in a macro<br> ><br> > > +<br> > > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)<br> > > +{<br> > > + uint32_t dfsr_val;<br> > > +<br> > > + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {<br> > > + ARMCPU *cpu = ARM_CPU(cs);<br> > > + CPUARMState *env = &cpu->env;<br> > > + uint32_t ttbcr;<br> > > + int lpae = 0;<br> > > +<br> > > + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {<br> > > + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);<br> > > + }<br> > > + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae));<br> ><br> > !(a != b) is a convoluted way to write a == b<br> ><br> > > + }<br> > > + return false;<br> > > +}<br> > > +<br> > > diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c<br> > > index be5b31c..18594e9 100644<br> > > --- a/target/arm/kvm64.c<br> > > +++ b/target/arm/kvm64.c<br> > > @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)<br> > ><br> > > return false;<br> > > }<br> > > +<br> > > +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)<br> > > +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)<br> > > +<br> > > +#define ESR_DFSC(aarch64, v) \<br> > > + ((aarch64) ? ((v) & 0x3F) \<br> > > + : (((v) >> 6 | (v)) & 0x1F))<br> > > +<br> > > +#define ESR_DFSC_EXTABT(aarch64, lpae) \<br> > > + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)<br> > > +<br> > > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)<br> > > +{<br> > > + uint64_t dfsr_val;<br> > > +<br> > > + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {<br> > > + ARMCPU *cpu = ARM_CPU(cs);<br> > > + CPUARMState *env = &cpu->env;<br> > > + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);<br> > > + int lpae = 0;<br> > > +<br> > > + if (!aarch64_mode) {<br> > > + uint64_t ttbcr;<br> > > +<br> > > + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {<br> > > + lpae = arm_feature(env, ARM_FEATURE_LPAE)<br> > > + && (ttbcr & TTBCR_EAE);<br> > > + }<br> > > + }<br> > > + return !(ESR_DFSC(aarch64_mode, dfsr_val) !=<br> > > + ESR_DFSC_EXTABT(aarch64_mode, lpae));<br> ><br> > a == b, please<br> ><br> > > + }<br> > > + return false;<br> > > +}<br> > > diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h<br> > > index 39472d5..f2dc6a2 100644<br> > > --- a/target/arm/kvm_arm.h<br> > > +++ b/target/arm/kvm_arm.h<br> > > @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);<br> > > int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,<br> > > uint64_t fault_ipa);<br> > > /**<br> > > + * kvm_arm_verify_ext_dabt_pending:<br> > > + * @cs: CPUState<br> > > + *<br> > > + * Verify the fault status code wrt the Ext DABT injection<br> > > + *<br> > > + * Returns: true if the fault status code is as expected, false otherwise<br> > > + */<br> > > +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);<br> > > +<br> > > +/**<br> > > * its_class_name:<br> > > *<br> > > * Return the ITS class name to use depending on whether KVM acceleration<br> > > --<br> > > 2.7.4<br> > ><br> > ><br> ><br> > I'll leave the decision to take this KVM bug workaround patch at all to Peter,<br> > and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending<br> > is doing what it claims it's doing, so I'm reluctant to give an r-b on<br> > this patch. But, as far as the code goes, besides the comments above, it<br> > looks fine to me.<br> ><br></div><div> Thanks for the feedback.<br> Will apply the changes for the next version.<br> <br> BR<br> Beata<br> > Thanks,<br> > drew<br> ><br> </div>
On Tue, 7 Apr 2020 at 12:24, Peter Maydell <peter.maydell@linaro.org> wrote: > > On Fri, 3 Apr 2020 at 09:44, Andrew Jones <drjones@redhat.com> wrote: > > > > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote: > > > Injecting external data abort through KVM might trigger > > > an issue on kernels that do not get updated to include the KVM fix. > > > For those and aarch32 guests, the injected abort gets misconfigured > > > to be an implementation defined exception. This leads to the guest > > > repeatedly re-running the faulting instruction. > > > > > > Add support for handling that case. > > > [ > > > Fixed-by: 018f22f95e8a > > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') > > > Fixed-by: 21aecdbd7f3a > > > ('KVM: arm: Make inject_abt32() inject an external abort instead') > > > ] > > > > > > I'll leave the decision to take this KVM bug workaround patch at all to Peter, > > and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending > > is doing what it claims it's doing, so I'm reluctant to give an r-b on > > this patch. But, as far as the code goes, besides the comments above, it > > looks fine to me. > > I think that having the workaround for the broken kernels is > reasonable (in fact it might have been my suggestion). > I will update the current version to cover the review feedback and resend the patches soon. Thanks a lot! BR Beata > thanks > -- PMM <div><br> <br> On Tue, 7 Apr 2020 at 12:24, Peter Maydell <<a href="mailto:peter.maydell@linaro.org" target="_blank">peter.maydell@linaro.org</a>> wrote:<br> ><br> > On Fri, 3 Apr 2020 at 09:44, Andrew Jones <<a href="mailto:drjones@redhat.com" target="_blank">drjones@redhat.com</a>> wrote:<br> > ><br> > > On Mon, Mar 23, 2020 at 11:32:27AM +0000, Beata Michalska wrote:<br> > > > Injecting external data abort through KVM might trigger<br> > > > an issue on kernels that do not get updated to include the KVM fix.<br> > > > For those and aarch32 guests, the injected abort gets misconfigured<br> > > > to be an implementation defined exception. This leads to the guest<br> > > > repeatedly re-running the faulting instruction.<br> > > ><br> > > > Add support for handling that case.<br> > > > [<br> > > > Fixed-by: 018f22f95e8a<br> > > > ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')<br> > > > Fixed-by: 21aecdbd7f3a<br> > > > ('KVM: arm: Make inject_abt32() inject an external abort instead')<br> > > > ]<br> > > ><br> ><br> > > I'll leave the decision to take this KVM bug workaround patch at all to Peter,<br> > > and I didn't actually review whether or not kvm_arm_verify_ext_dabt_pending<br> > > is doing what it claims it's doing, so I'm reluctant to give an r-b on<br> > > this patch. But, as far as the code goes, besides the comments above, it<br> > > looks fine to me.<br> ><br> > I think that having the workaround for the broken kernels is<br> > reasonable (in fact it might have been my suggestion).<br> ><br> <br></div><div> I will update the current version to cover the review feedback<br> and resend the patches soon.<br> <br> Thanks a lot!<br> <br> BR<br> Beata<br> > thanks<br> > -- PMM<br> </div>
diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 4f834c1..868afc6 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -561,6 +561,7 @@ typedef struct CPUARMState { } serror; uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */ /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */ uint32_t irq_line_state; diff --git a/target/arm/kvm.c b/target/arm/kvm.c index c088589..58ad734 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu) ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events); if (ret) { error_report("failed to put vcpu events"); - } else { + } else if (env->ext_dabt_pending) { + /* + * Mark that the external DABT has been injected, + * if one has been requested + */ + env->ext_dabt_raised = env->ext_dabt_pending; /* Clear instantly if the call was successful */ env->ext_dabt_pending = 0; } @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu) void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run) { + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + if (unlikely(env->ext_dabt_raised)) { + /* + * Verifying that the ext DABT has been properly injected, + * otherwise risking indefinitely re-running the faulting instruction + * Covering a very narrow case for kernels 5.5..5.5.4 + * when injected abort was misconfigured to be + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1) + */ + if (!arm_feature(env, ARM_FEATURE_AARCH64) && + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) { + + error_report("Data abort exception with no valid ISS generated by " + "guest memory access. KVM unable to emulate faulting " + "instruction. Failed to inject an external data abort " + "into the guest."); + abort(); + } + /* Clear the status */ + env->ext_dabt_raised = 0; + } } MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run) diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c index f271181..86c4fe7 100644 --- a/target/arm/kvm32.c +++ b/target/arm/kvm32.c @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs) { qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__); } + +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0) +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2) + +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F) +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08 + +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) +{ + uint32_t dfsr_val; + + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) { + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + uint32_t ttbcr; + int lpae = 0; + + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) { + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE); + } + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae)); + } + return false; +} + diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index be5b31c..18594e9 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit) return false; } + +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0) +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2) + +#define ESR_DFSC(aarch64, v) \ + ((aarch64) ? ((v) & 0x3F) \ + : (((v) >> 6 | (v)) & 0x1F)) + +#define ESR_DFSC_EXTABT(aarch64, lpae) \ + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8) + +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) +{ + uint64_t dfsr_val; + + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) { + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64); + int lpae = 0; + + if (!aarch64_mode) { + uint64_t ttbcr; + + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) { + lpae = arm_feature(env, ARM_FEATURE_LPAE) + && (ttbcr & TTBCR_EAE); + } + } + return !(ESR_DFSC(aarch64_mode, dfsr_val) != + ESR_DFSC_EXTABT(aarch64_mode, lpae)); + } + return false; +} diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index 39472d5..f2dc6a2 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr); int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss, uint64_t fault_ipa); /** + * kvm_arm_verify_ext_dabt_pending: + * @cs: CPUState + * + * Verify the fault status code wrt the Ext DABT injection + * + * Returns: true if the fault status code is as expected, false otherwise + */ +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs); + +/** * its_class_name: * * Return the ITS class name to use depending on whether KVM acceleration
Injecting external data abort through KVM might trigger an issue on kernels that do not get updated to include the KVM fix. For those and aarch32 guests, the injected abort gets misconfigured to be an implementation defined exception. This leads to the guest repeatedly re-running the faulting instruction. Add support for handling that case. [ Fixed-by: 018f22f95e8a ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') Fixed-by: 21aecdbd7f3a ('KVM: arm: Make inject_abt32() inject an external abort instead') ] Signed-off-by: Beata Michalska <beata.michalska@linaro.org> --- target/arm/cpu.h | 1 + target/arm/kvm.c | 30 +++++++++++++++++++++++++++++- target/arm/kvm32.c | 25 +++++++++++++++++++++++++ target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++ target/arm/kvm_arm.h | 10 ++++++++++ 5 files changed, 99 insertions(+), 1 deletion(-) -- 2.7.4