From patchwork Mon Mar 23 11:32:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Beata Michalska X-Patchwork-Id: 184733 Delivered-To: patch@linaro.org Received: by 2002:a92:1f12:0:0:0:0:0 with SMTP id i18csp3974680ile; Mon, 23 Mar 2020 04:33:18 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsgjSpaEpl1lP8Cuj2kHtcw4N7ufmJwgZafeDUVeHbLHbXzphZl3auzI16Youv8OEz1ns9g X-Received: by 2002:aed:2535:: with SMTP id v50mr21002289qtc.354.1584963198593; Mon, 23 Mar 2020 04:33:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584963198; cv=none; d=google.com; s=arc-20160816; b=jFOoeetWlgjjjQy0/lpup34cIsTgyWL3UfPzUvc7sKSt9+x9HtnjEH0wLmnX3822Kw Alpac3s9y7majVcm0v9xkY8rmmknmHevcrN0/Upu6nOOThfrtC0i2KyZkswxXeM8CDOb JQhq8WPfScSe0ucFZTFJdpb2TjZTCSwdzs8QO+dEh3ZmU4tyBBFJ+hPnQ1sIdcI6r3vw P+Wzv7FH/3a85c5qe3lvtIVhrDF/am3qPEnhxe2D4zlKF1DBFhVyj1RBKDPeWW2tvRyK 5fKtCuoe3FBW2rtPzwCFd+VhEZN3wHQM3aL6asxvDBQeV7JrHJtATonj28EE3nCAlPue aoZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:to:from:dkim-signature; bh=scdgVshz7sU0Fzpv5iTWYPRCzh314P+7l5wAJHlPMsk=; b=Kgn4wZGbDtXSMOqKucpap5CR4SBXzmRxJHbFgV7q1ynQkzEA/RjY1BmevAfb5uFpPT EHT6UBDzTMg8o32Fy4Q4hEeyGjiz43U/58aHgOUH6forGUWlAXwPETZF4s1eNGpq+v2b tMPPrsywPrRoG4bR3wq+kgtQ4Lm+0hLslOAX4+Ta+6jTpe0X02YevNg9o2SOy9R2tBag iFXK0+9vtXnArVE2mBPV7r8jferEwxOLT2dpGTcpi9ie9+KI4MjqN/bYj+eM7O0Pqk8X QlriAD3BWYbH37qRfsdqTYwQTaWf2NBwCiIhG8APbdQ3PI7cLpf74Bv2MVITDsY12+Kc RkXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b="JLvAr/BL"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id p12si8525249qtj.116.2020.03.23.04.33.18 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 23 Mar 2020 04:33:18 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b="JLvAr/BL"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:60544 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jGLKY-0001vv-0t for patch@linaro.org; Mon, 23 Mar 2020 07:33:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43021) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jGLK4-0001RY-MO for qemu-devel@nongnu.org; Mon, 23 Mar 2020 07:32:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jGLK3-0006wf-7S for qemu-devel@nongnu.org; Mon, 23 Mar 2020 07:32:48 -0400 Received: from mail-wm1-x344.google.com ([2a00:1450:4864:20::344]:51229) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jGLK3-0006vp-0C for qemu-devel@nongnu.org; Mon, 23 Mar 2020 07:32:47 -0400 Received: by mail-wm1-x344.google.com with SMTP id c187so14236016wme.1 for ; Mon, 23 Mar 2020 04:32:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=scdgVshz7sU0Fzpv5iTWYPRCzh314P+7l5wAJHlPMsk=; b=JLvAr/BLfGkIUYDk0CdrGwqORp808GVmj/9LS6QzDIqOCdntGOzADShWL7NqnBoHmE y9D0qohsyh6Lh+QOYcEnJP3JfSmaRTaN3SaQKQ8JC/gzGza3aRvQFHayw+VQFVUNG8Be DEA2UA5WtVgEpMM8/pbvYq7H6tbTUwceliW4g4yGuPWddc/m1NfJ+GR8ih8Nl+Ff044y d1SANkvsxWEmBCPwcKwe4BFeDppIKLTOkzKtFtOvibWEscR7KVZmBNCuIfci0XYwK+9A WP32f6nfoIvNoxsxfhdYSqelcnl9nPhH/cHbCUPNCn2vLRCMdvRREZQF5JcW6FvhhVUa 071Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=scdgVshz7sU0Fzpv5iTWYPRCzh314P+7l5wAJHlPMsk=; b=D3jLwVTk3WcivgIypD1Hl/+gcctliOC8FEoSSFzUl5dcsjPUZTwirZ3otIfyn0AnHn Wk5SAB84i3u4JD0joDsJyzVV/4mfd+QNQVCQQSe8KhdfTRDbT+RQpUGfLyp62tFK6aP3 EAGVsAp25ZgAZZDk4mYj9LBdNmCrZscVIC109nhHlaMDdVlZNDQ41ZL/eo/pKpV3z2lu VOd8evWFSC+3pz167xx2CFLik3qRwh8JAZLtnS2MFqecIZKB358PCJ4Hz4ontTNWwNyo xh3i3aRJaZ5p9uzq03cU9u8POvmNG52gzf42u8J8SqYIefVNPppQRX2TtNjcbybaVOHw gRxA== X-Gm-Message-State: ANhLgQ3uBhqd0drusuopd/1gXuDEs+FVrmS4KDpjVyA+TV/HzUcJga1c oASA+NEmq5qVmk6kJmnXp6s1H2COko2C9g== X-Received: by 2002:a05:600c:1405:: with SMTP id g5mr12270544wmi.90.1584963165596; Mon, 23 Mar 2020 04:32:45 -0700 (PDT) Received: from moi-limbo-9350.home (host86-177-220-180.range86-177.btcentralplus.com. [86.177.220.180]) by smtp.gmail.com with ESMTPSA id 98sm23288473wrk.52.2020.03.23.04.32.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Mar 2020 04:32:45 -0700 (PDT) From: Beata Michalska To: qemu-devel@nongnu.org Subject: [PATCH v4 1/2] target/arm: kvm: Handle DABT with no valid ISS Date: Mon, 23 Mar 2020 11:32:26 +0000 Message-Id: <20200323113227.3169-2-beata.michalska@linaro.org> In-Reply-To: <20200323113227.3169-1-beata.michalska@linaro.org> References: <20200323113227.3169-1-beata.michalska@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::344 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, drjones@redhat.com, Christoffer.Dall@arm.com, qemu-arm@nongnu.org, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" On ARMv7 & ARMv8 some load/store instructions might trigger a data abort exception with no valid ISS info to be decoded. The lack of decode info makes it at least tricky to emulate those instruction which is one of the (many) reasons why KVM will not even try to do so. Add support for handling those by requesting KVM to inject external dabt into the quest. Signed-off-by: Beata Michalska --- target/arm/cpu.h | 2 ++ target/arm/kvm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ target/arm/kvm_arm.h | 11 +++++++++++ 3 files changed, 67 insertions(+) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 4ffd991..4f834c1 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -560,6 +560,8 @@ typedef struct CPUARMState { uint64_t esr; } serror; + uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ + /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */ uint32_t irq_line_state; diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 85860e6..c088589 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = { static bool cap_has_mp_state; static bool cap_has_inject_serror_esr; +static bool cap_has_inject_ext_dabt; static ARMHostCPUFeatures arm_host_cpu_features; @@ -244,6 +245,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s) ret = -EINVAL; } + if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) { + if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) { + warn_report("Failed to enable DABT NISV cap"); + } else { + /* Set status for supporting the external dabt injection */ + cap_has_inject_ext_dabt = kvm_check_extension(s, + KVM_CAP_ARM_INJECT_EXT_DABT); + } + } + return ret; } @@ -703,9 +714,16 @@ int kvm_put_vcpu_events(ARMCPU *cpu) events.exception.serror_esr = env->serror.esr; } + if (cap_has_inject_ext_dabt) { + events.exception.ext_dabt_pending = env->ext_dabt_pending; + } + ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events); if (ret) { error_report("failed to put vcpu events"); + } else { + /* Clear instantly if the call was successful */ + env->ext_dabt_pending = 0; } return ret; @@ -819,6 +837,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) ret = EXCP_DEBUG; } /* otherwise return to guest */ break; + case KVM_EXIT_ARM_NISV: + /* External DABT with no valid iss to decode */ + ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss, + run->arm_nisv.fault_ipa); + break; default: qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n", __func__, run->exit_reason); @@ -953,3 +976,34 @@ int kvm_arch_msi_data_to_gsi(uint32_t data) { return (data - 32) & 0xffff; } + +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss, + uint64_t fault_ipa) +{ + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + /* + * ISS [23:14] is invalid so there is a limited info + * on what has just happened so the only *useful* thing that can + * be retrieved from ISS is WnR & DFSC (though in some cases WnR + * might be less of a value as well) + */ + + /* + * Set pending ext dabt and trigger SET_EVENTS so that + * KVM can inject the abort + */ + if (cap_has_inject_ext_dabt) { + kvm_cpu_synchronize_state(cs); + env->ext_dabt_pending = 1; + } else { + error_report("Data abort exception triggered by guest memory access " + "at physical address: 0x" TARGET_FMT_lx, + (target_ulong)fault_ipa); + error_printf("KVM unable to emulate faulting instruction.\n"); + return -1; + } + + return 0; +} diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index ae9e075..39472d5 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -450,6 +450,17 @@ struct kvm_guest_debug_arch; void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr); /** + * kvm_arm_handle_dabt_nisv: + * @cs: CPUState + * @esr_iss: ISS encoding (limited) for the exception from Data Abort + * ISV bit set to '0b0' -> no valid instruction syndrome + * @fault_ipa: faulting address for the synch data abort + * + * Returns: 0 if the exception has been handled, < 0 otherwise + */ +int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss, + uint64_t fault_ipa); +/** * its_class_name: * * Return the ITS class name to use depending on whether KVM acceleration From patchwork Mon Mar 23 11:32:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Beata Michalska X-Patchwork-Id: 184732 Delivered-To: patch@linaro.org Received: by 2002:a92:1f12:0:0:0:0:0 with SMTP id i18csp3974512ile; Mon, 23 Mar 2020 04:33:09 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuvPjJ5OhHXFPzrMrqwSj6/18emP9rudSYOll4utMZMKGi/k/i+nK6/U3w00+oALMpoK0YR X-Received: by 2002:a0c:fd6b:: with SMTP id k11mr19094194qvs.99.1584963189055; Mon, 23 Mar 2020 04:33:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584963189; cv=none; d=google.com; s=arc-20160816; b=TCUPq6+mkw5rom5F3PCbDK8JseZs++8itOD3NDUqOUUCvHv5JrjIVagVBX6/KZxm8t l6VhdeJ1FT7bWrv+tMvIFAuxvlVh1alOSX94IkvtWMxoqaxg5hHJJBn/3zR8ccjeew8X fBEQm4V81ADz2Q3b0bP80PulxqiSSd8SZ5waviHy1pirkgFNeCIdon2YxccVjtetW06u xhYXHJ4WOuGzA9PVBDFlZZohvTOiSjrZApJ95fawCns930lE5WV60hk1wtSAshDLWmX2 /uakefXA+wqACrnwDnWsjqOlVzExexU+EUqbl1/jTmowL7wUrJ1mFRr54PzYsUFYDohy cppA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:to:from:dkim-signature; bh=GaQ4g7QDEtdpn1PcCIastdRRg2zyGK27S8LR99mMZas=; b=KSOC5ZWUNZk/zNcfGOArLeRuKaAk6kLlXXXLM6u6tP4i+GeNX12RRMwRYloFfw/P/c yJqfOMUod0K2aKTya3LFwE8exdezvwuZ5jNpAx2YbhajzNmoat5pt0c4KIQQr7S+UB8h n7PAqQyBtfKQHyQfXH+/4H8T9gU/LEezXzoI2eovU1G10pYaFl2YRPOYR8t3k+OI7dCR 89fsFrxyss3qxy6iIBCRToURp4aq1acs+zmLYqZUvmh8TnrVm29Z8JqcUIcV6jJitusD PEPqt46mrEg3aN2evzfQe+/cj0BTROp4wIxQQGEkDXYXHKf4KGBpyvj53apz6cA+n5Nw AKeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=pp5Wxvr4; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id t129si8400520qke.87.2020.03.23.04.33.08 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 23 Mar 2020 04:33:09 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=pp5Wxvr4; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:60534 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jGLKO-0001am-GV for patch@linaro.org; Mon, 23 Mar 2020 07:33:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43058) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jGLK7-0001W0-HR for qemu-devel@nongnu.org; Mon, 23 Mar 2020 07:32:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jGLK5-0006xk-NQ for qemu-devel@nongnu.org; Mon, 23 Mar 2020 07:32:51 -0400 Received: from mail-wr1-x444.google.com ([2a00:1450:4864:20::444]:40899) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jGLK5-0006xO-Gz for qemu-devel@nongnu.org; Mon, 23 Mar 2020 07:32:49 -0400 Received: by mail-wr1-x444.google.com with SMTP id f3so16577494wrw.7 for ; Mon, 23 Mar 2020 04:32:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GaQ4g7QDEtdpn1PcCIastdRRg2zyGK27S8LR99mMZas=; b=pp5Wxvr4Du/WTB/gu8fud7xlb9//dvkQWp56p0gUIaU5tZLc8OcBvoOQZW2tT618lJ VYTZUsBnWGv2YeqaOBHyh7+diBDCDd/DrDaRXWZu+XRDRpY/ALv9XhMzxY8DFwmwNyRj 3Dx0FxRVGn3K6aGDjGViEaeAge2/JyCvMyZ2uPpXiVn9RysWkSSvtescOI38GR+1sFnm BgSotaIfWdIuFSd5YRdKr1LcB1VKVzAoBwGYhvv7ucGwZEliPojAKD/coHiEEHyqIzB9 XYTjxg2VMK0cr/JObPhajaaP9R+HlR9eXbllhI+wrVb8kC953+FPM4LNxwLNzOQmUwq7 /Wxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GaQ4g7QDEtdpn1PcCIastdRRg2zyGK27S8LR99mMZas=; b=FSzmrfsGy+ocwlwN5YEcvVuYqCmi4fvuQPv3SEUGJVTAL+wVWJ90IROIZUIIhA8HGb ttiT43RqmY0r5U8ID7KYRsVv05Q1rSvsBAm5fY+Pq4FAW+MqQgsmZnietA1p0kbpOwCo /BERoAF8/aqalhGW3D6NLTBtKBFJ6szRBk/i+OUvhiFBioCZwe880D96fR8O4s8c5keJ /d78oS1SoEK4Nn+XbAUiN1vAyE1+bIyPgSYts//YKyXMfDnf9d4fgwKjy326fqTn74N9 TGXEcKdwe5Q7yO4QfbKF9AvqH86IYzS+Iz5oKz+P3++K1/tlG19OksWlEgty3+/wTu3e 6CNQ== X-Gm-Message-State: ANhLgQ17o50ldI4sOQgKK5Z6ZPwAIQPkLMU3juBNbrvNUDEL8+gWvqRd 5DBsI1IhMqAd7dChMMG4u32zxYkqdrj02A== X-Received: by 2002:adf:b60d:: with SMTP id f13mr1183897wre.12.1584963168016; Mon, 23 Mar 2020 04:32:48 -0700 (PDT) Received: from moi-limbo-9350.home (host86-177-220-180.range86-177.btcentralplus.com. [86.177.220.180]) by smtp.gmail.com with ESMTPSA id 98sm23288473wrk.52.2020.03.23.04.32.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Mar 2020 04:32:47 -0700 (PDT) From: Beata Michalska To: qemu-devel@nongnu.org Subject: [PATCH v4 2/2] target/arm: kvm: Handle potential issue with dabt injection Date: Mon, 23 Mar 2020 11:32:27 +0000 Message-Id: <20200323113227.3169-3-beata.michalska@linaro.org> In-Reply-To: <20200323113227.3169-1-beata.michalska@linaro.org> References: <20200323113227.3169-1-beata.michalska@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::444 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, drjones@redhat.com, Christoffer.Dall@arm.com, qemu-arm@nongnu.org, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" Injecting external data abort through KVM might trigger an issue on kernels that do not get updated to include the KVM fix. For those and aarch32 guests, the injected abort gets misconfigured to be an implementation defined exception. This leads to the guest repeatedly re-running the faulting instruction. Add support for handling that case. [ Fixed-by: 018f22f95e8a ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') Fixed-by: 21aecdbd7f3a ('KVM: arm: Make inject_abt32() inject an external abort instead') ] Signed-off-by: Beata Michalska --- target/arm/cpu.h | 1 + target/arm/kvm.c | 30 +++++++++++++++++++++++++++++- target/arm/kvm32.c | 25 +++++++++++++++++++++++++ target/arm/kvm64.c | 34 ++++++++++++++++++++++++++++++++++ target/arm/kvm_arm.h | 10 ++++++++++ 5 files changed, 99 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 4f834c1..868afc6 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -561,6 +561,7 @@ typedef struct CPUARMState { } serror; uint8_t ext_dabt_pending; /* Request for injecting ext DABT */ + uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */ /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */ uint32_t irq_line_state; diff --git a/target/arm/kvm.c b/target/arm/kvm.c index c088589..58ad734 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -721,7 +721,12 @@ int kvm_put_vcpu_events(ARMCPU *cpu) ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events); if (ret) { error_report("failed to put vcpu events"); - } else { + } else if (env->ext_dabt_pending) { + /* + * Mark that the external DABT has been injected, + * if one has been requested + */ + env->ext_dabt_raised = env->ext_dabt_pending; /* Clear instantly if the call was successful */ env->ext_dabt_pending = 0; } @@ -755,6 +760,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu) void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run) { + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + if (unlikely(env->ext_dabt_raised)) { + /* + * Verifying that the ext DABT has been properly injected, + * otherwise risking indefinitely re-running the faulting instruction + * Covering a very narrow case for kernels 5.5..5.5.4 + * when injected abort was misconfigured to be + * an IMPLEMENTATION DEFINED exception (for 32-bit EL1) + */ + if (!arm_feature(env, ARM_FEATURE_AARCH64) && + unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) { + + error_report("Data abort exception with no valid ISS generated by " + "guest memory access. KVM unable to emulate faulting " + "instruction. Failed to inject an external data abort " + "into the guest."); + abort(); + } + /* Clear the status */ + env->ext_dabt_raised = 0; + } } MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run) diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c index f271181..86c4fe7 100644 --- a/target/arm/kvm32.c +++ b/target/arm/kvm32.c @@ -564,3 +564,28 @@ void kvm_arm_pmu_init(CPUState *cs) { qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__); } + +#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0) +#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2) + +#define DFSR_FSC(v) (((v) >> 6 | (v)) & 0x1F) +#define DFSC_EXTABT(lpae) (lpae) ? 0x10 : 0x08 + +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) +{ + uint32_t dfsr_val; + + if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) { + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + uint32_t ttbcr; + int lpae = 0; + + if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) { + lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE); + } + return !(DFSR_FSC(dfsr_val) != DFSC_EXTABT(lpae)); + } + return false; +} + diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index be5b31c..18594e9 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -1430,3 +1430,37 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit) return false; } + +#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0) +#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2) + +#define ESR_DFSC(aarch64, v) \ + ((aarch64) ? ((v) & 0x3F) \ + : (((v) >> 6 | (v)) & 0x1F)) + +#define ESR_DFSC_EXTABT(aarch64, lpae) \ + ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8) + +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs) +{ + uint64_t dfsr_val; + + if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) { + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64); + int lpae = 0; + + if (!aarch64_mode) { + uint64_t ttbcr; + + if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) { + lpae = arm_feature(env, ARM_FEATURE_LPAE) + && (ttbcr & TTBCR_EAE); + } + } + return !(ESR_DFSC(aarch64_mode, dfsr_val) != + ESR_DFSC_EXTABT(aarch64_mode, lpae)); + } + return false; +} diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index 39472d5..f2dc6a2 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -461,6 +461,16 @@ void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr); int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss, uint64_t fault_ipa); /** + * kvm_arm_verify_ext_dabt_pending: + * @cs: CPUState + * + * Verify the fault status code wrt the Ext DABT injection + * + * Returns: true if the fault status code is as expected, false otherwise + */ +bool kvm_arm_verify_ext_dabt_pending(CPUState *cs); + +/** * its_class_name: * * Return the ITS class name to use depending on whether KVM acceleration