From patchwork Mon Jun 29 11:41:09 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Beata Michalska <beata.michalska@linaro.org>
X-Patchwork-Id: 191992
Delivered-To: patch@linaro.org
Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2808480ilg;
 Mon, 29 Jun 2020 04:43:55 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzZn4KxnC26bRNc4dT7J0aYtRQpUy97x4K93U6YlOLY32SRvpnX/jnGZw/TZqnc2CMqyJNc
X-Received: by 2002:a25:cb4c:: with SMTP id
 b73mr27909299ybg.477.1593431034962; 
 Mon, 29 Jun 2020 04:43:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593431034; cv=none;
 d=google.com; s=arc-20160816;
 b=k3mCZiQo3T80qjOv5gsxd1NDgUlVpv2+paqSYIWSpMJx8PfLUklnB4Uw02Qg27LWnp
 zOLi4B10J5BE5/nA0LFv7jyEtRAhd77YiuFgXPSI4S5bzV8NhSWloZWZHIaZKempJFcw
 Ar7G90Lu7ip3sZLuWtu+K9FCzVcbfviLFPqB3qc5uXaAoi1Jl48isTGqtoqdsEt0TbSO
 IIrOc6FnJEkW/aAAw/kDTgWQCj2yq9gAdSa2Kt/2c8RX7Qk7KAXA06a+DA8PfMIAHngk
 7UZJEf+RukxPpNbd+ecdIai2WtD6COx4lBprByOs3+66Em/9rnMP3vEosJ/0V7pH/H4K
 1s0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:to:from:dkim-signature;
 bh=+N/Jb/9fABxRBXbzXUyw1dPFqrsVkXAj2MZB4cZU2HI=;
 b=cbVohYTNqqmkHN1WGGTeTPNhjyXlJNPPwItWGfzZ36wwHVBI4HP7ebxFfjNl9FMAxI
 /Ib23ADzGfvrJoCmNqukLkPSDox0wQPvcBHK/IAH+MRw41TJYha0B9V/1tyZHhwGLfC6
 Q31L5JuppMwZG8ewQwzvuyK3ooVLvXA6WchQPd6EDQ2DMw82ZSfosJ3W/aKr4Bxpybl9
 n9+pUO11OZhWBgfS6OLL8CtAAWL47EhWR4sViMJfw3J7ymFfUVBxdBoSyl+qIDOva3ea
 OHCO+CnWmA/uCRp8VZs2oSDIJ/IiKXsd+YEx0d/7sl0EodH0MbLSMMMIXq0kmpz954bo
 ll5Q==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=OTm0pmvu;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d69si32193630ybh.331.2020.06.29.04.43.54 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 29 Jun 2020 04:43:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=OTm0pmvu;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:43742 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1jpsCY-0001WH-G5
 for patch@linaro.org; Mon, 29 Jun 2020 07:43:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53218)
 by lists.gnu.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1jpsAc-0007yH-Sl
 for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:41:54 -0400
Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:33161)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1jpsAa-0005JL-8X
 for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:41:54 -0400
Received: by mail-wr1-x441.google.com with SMTP id f18so8152720wrs.0
 for <qemu-devel@nongnu.org>; Mon, 29 Jun 2020 04:41:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=+N/Jb/9fABxRBXbzXUyw1dPFqrsVkXAj2MZB4cZU2HI=;
 b=OTm0pmvuCO+k/dWFItxv7oFeb72xGsREPC8+WSPUi1wupSW69mGYtJM38gdow8pyVH
 4C055COveRzzQF0C631MmxFd2HewCMXZ9/ay/inkWxRCR2FNnePUObpww5vMuA5cVgOQ
 8P6qrE4+7WC3+gVaM4DoLimE5iKH8a9Yp5RV0lrh92hOf5nzat57vd77GHrTffY/KS+Z
 xf4P1ejqJnnEqSDSoR4BDeX9tw7yEKVsv/zX+MGXR0GxBjzJrSMS/pMUda3xyonKcvwA
 z7PAqBcjON87cqFD0QRsOW3S5PP+6r7B3g/DWm114sY0otVkyt9Bl4d+qaPxALBMG9pi
 BjRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=+N/Jb/9fABxRBXbzXUyw1dPFqrsVkXAj2MZB4cZU2HI=;
 b=l5LceTMsl+JlUBIL8uoXuJMuUSvwToh7s6bZafpEu+eANkKGbo4qYKUaJk72xPWu72
 UtJM6LihELsy21Qn5fR+PF17G7cbVamiyXoQ2cgZZQPhUL3Wm2obUPZZObEDn2EXCXDo
 wYKUJB6k9+TcAMmN2yTKWLCx5YSYh1mwJWucpXQrj+tTrKxY/XXZtL7LlvX/ifo3raOg
 LR8GOfGU9OwQhyOA3ueasQ2GcsgGvNtJ7FI1SDk2H++sETnrcdbJ+8LUO+AJVFD9iDwZ
 RjtiYWvcD2pzdZ3yN95sU9kSiLWtswQpXC5o+yI6/wZkdf6CZGoROHVJkcC28KY8CfCC
 TF/g==
X-Gm-Message-State: AOAM530b+r+8kRVuIa4lobyMfsg+6LAXQW54IPipl9j9ZO7qrIu4rs0z
 tgQM3pnhxRVl3zLSZvtf3vSEDKIDJE4Twg==
X-Received: by 2002:a5d:6990:: with SMTP id g16mr8587737wru.131.1593430910515; 
 Mon, 29 Jun 2020 04:41:50 -0700 (PDT)
Received: from moi-limbo-9350.home
 (host86-139-146-71.range86-139.btcentralplus.com. [86.139.146.71])
 by smtp.gmail.com with ESMTPSA id
 c2sm49486357wrv.47.2020.06.29.04.41.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 29 Jun 2020 04:41:50 -0700 (PDT)
From: Beata Michalska <beata.michalska@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v9 1/2] target/arm: kvm: Handle DABT with no valid ISS
Date: Mon, 29 Jun 2020 12:41:09 +0100
Message-Id: <20200629114110.30723-2-beata.michalska@linaro.org>
In-Reply-To: <20200629114110.30723-1-beata.michalska@linaro.org>
References: <20200629114110.30723-1-beata.michalska@linaro.org>
Received-SPF: pass client-ip=2a00:1450:4864:20::441;
 envelope-from=beata.michalska@linaro.org;
 helo=mail-wr1-x441.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, drjones@redhat.com, Christoffer.Dall@arm.com, 
 qemu-arm@nongnu.org, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.

Add support for handling those by requesting KVM to inject external
dabt into the quest.

Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
---
 target/arm/kvm.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

-- 
2.7.4

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index eef3bbd..545d2ba 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 
 static bool cap_has_mp_state;
 static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt;
 
 static ARMHostCPUFeatures arm_host_cpu_features;
 
@@ -245,6 +246,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
         ret = -EINVAL;
     }
 
+    if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
+        if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+            error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
+        } else {
+            /* Set status for supporting the external dabt injection */
+            cap_has_inject_ext_dabt = kvm_check_extension(s,
+                                    KVM_CAP_ARM_INJECT_EXT_DABT);
+        }
+    }
+
     return ret;
 }
 
@@ -810,6 +821,42 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
     }
 }
 
+/**
+ * kvm_arm_handle_dabt_nisv:
+ * @cs: CPUState
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
+ *           ISV bit set to '0b0' -> no valid instruction syndrome
+ * @fault_ipa: faulting address for the synchronous data abort
+ *
+ * Returns: 0 if the exception has been handled, < 0 otherwise
+ */
+static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+                                    uint64_t fault_ipa)
+{
+    /*
+     * Request KVM to inject the external data abort into the guest
+     */
+    if (cap_has_inject_ext_dabt) {
+        struct kvm_vcpu_events events = { };
+        /*
+         * The external data abort event will be handled immediately by KVM
+         * using the address fault that triggered the exit on given VCPU.
+         * Requesting injection of the external data abort does not rely
+         * on any other VCPU state. Therefore, in this particular case, the VCPU
+         * synchronization can be exceptionally skipped.
+         */
+        events.exception.ext_dabt_pending = 1;
+        /* KVM_CAP_ARM_INJECT_EXT_DABT implies KVM_CAP_VCPU_EVENTS */
+        return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+    } else {
+        error_report("Data abort exception triggered by guest memory access "
+                     "at physical address: 0x"  TARGET_FMT_lx,
+                     (target_ulong)fault_ipa);
+        error_printf("KVM unable to emulate faulting instruction.\n");
+    }
+    return -1;
+}
+
 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
 {
     int ret = 0;
@@ -820,6 +867,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
             ret = EXCP_DEBUG;
         } /* otherwise return to guest */
         break;
+    case KVM_EXIT_ARM_NISV:
+        /* External DABT with no valid iss to decode */
+        ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
+                                       run->arm_nisv.fault_ipa);
+        break;
     default:
         qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
                       __func__, run->exit_reason);

From patchwork Mon Jun 29 11:41:10 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Beata Michalska <beata.michalska@linaro.org>
X-Patchwork-Id: 191991
Delivered-To: patch@linaro.org
Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp2807624ilg;
 Mon, 29 Jun 2020 04:42:37 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw7hCVFjcw4KOxj3X4l/QCMvOfAIzSSDkubIVMzjjCPMPq0niss1I9I+jLwd0sTt0IU37dg
X-Received: by 2002:a25:9909:: with SMTP id z9mr24686519ybn.174.1593430957825; 
 Mon, 29 Jun 2020 04:42:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593430957; cv=none;
 d=google.com; s=arc-20160816;
 b=KgpgQKmIAbWA1oQENmOJ+EP5K204fIXPkejz8VAC2KloxwLu+48DfoU9hA0Vzam/9z
 DdJ1I0SaDYfdaJ/susTcwK4cf5MqrCFcQCsCfXzKAzFTZawO08rDoH5C+EF5gicRQV0c
 EKF+Igdcj9a2ZKd3F2wt0eaWepANOJ0MZxmpWygDAZdQmxanDQ6mLbCGCemQDkNdN5M8
 8cddGtXCP9pC8tipd9oJMmAI7XhvFf9dF7Vd3bDLj2l9EYeSXn3+xhqK6ZROe0XIQa5c
 nvCjcM/KbNgSdvzRYC+RSmcvM8ZLs6w3eB2JQ+Fnvm80IcIBmdJLVmClGUKk3q+JS+rC
 dYow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:to:from:dkim-signature;
 bh=CpJVMKujpf1bwPJQRhxOFxuwnII8DRhX/r1WrrvSY3Q=;
 b=HjJNoZImpycQr2MK2RmIeLlfPoCCY6VBx1co0lyLH2HZciBi7Vv3lx0+BJZkqgehf3
 JhFz1s9qXOVyoLtG5Z6c+xm+H3X+nS1J4ciY4sj1BXHZSttJ4Dr1eFszvEiBnpANSW7K
 3v341FyS/yaBnBH1nAHUEqKExto+vnp0SR7XTQA9OVyj8MV++a0jnaBKdBSG1fTS4t48
 yk5+C9Fgc0tSCW7o/Z+1qmoJ5PnKBwktHATCwZPzBnT8k/tsam35iM2PjegHrJxPkVPm
 KqnKkyqXbBnEkOG6MaQ3ir141LCS7afUK4jU5dwCgjxQeHi481KZaYsIEAccmXpMoUTf
 9xsQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=SZnZJRa0;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 n10si28720594ybc.15.2020.06.29.04.42.37 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 29 Jun 2020 04:42:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=SZnZJRa0;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:40630 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1jpsBJ-0000Bo-8w
 for patch@linaro.org; Mon, 29 Jun 2020 07:42:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53246)
 by lists.gnu.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1jpsAg-00086W-AK
 for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:41:58 -0400
Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]:51840)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1jpsAe-0005Ki-Gs
 for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:41:57 -0400
Received: by mail-wm1-x343.google.com with SMTP id 22so15060364wmg.1
 for <qemu-devel@nongnu.org>; Mon, 29 Jun 2020 04:41:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=CpJVMKujpf1bwPJQRhxOFxuwnII8DRhX/r1WrrvSY3Q=;
 b=SZnZJRa0+YD59ZxkC60+VuLLZBnmDiISn5LpCBs+C3QHLPMwLxjooBlw6/OrTJ0n3h
 YrRRObHCKiSbnTTszzB/DuGnNAnQpDacs+RTZSXCOImbFDQ7UZTqO6xTlhB3OrPofCRq
 sVsZKthZfrGkrCCCWnAfLK3iX2D8MkkNHtMY1esky+40zL7/czfwQaHuW61ziheCvPF6
 cGQPAtv4q0+mWmC5feVaoVyf2JoHp+0PC6fSwfnwOqUeArOx6lUrG8/FJGds8ZKO3/6G
 5P7UWneIZBxiDl+LRKtcWbawcu9bf8zgMyElaRUqbUGXBQEHoxY8qtv0ie1f3uMUig9m
 UeKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=CpJVMKujpf1bwPJQRhxOFxuwnII8DRhX/r1WrrvSY3Q=;
 b=Ootl4OVreRcRTBMyyzxhFfcogKBUAdYqgIRn4BWdAWAnx9bXNMnLRSIpFOmXZKd5bi
 w9c1K+O8/CttDknoer5QmIxh5Ah0NLv7M1j2X/Dxu5LTWhQ8dY1swcw/TYIlOLXho/mI
 ILmPgkxtaPeNW2b0cS1gyWYMhBjqqiVJfCgaAXi3MfSzUrySHAnGzYIMxh3oKYARm8Td
 BBY3P8Z7p8ike0nnvPieRgNtTtd1OzfZ1eovLnKkaKgGd2k0D6GTRCw6uaFI///Wg4x0
 z7idMtbg0OdoLNc2SZwR8SUkQwi5C18CxCzQ4/yXVlaO5a6RXRj71LEACR3U01kNUZaJ
 HYng==
X-Gm-Message-State: AOAM533sNLJj6MLJKdlq7iHN5PVdSb+weygpq7YWbdWQHYxyULkqO//r
 l0F4WbY/8thRWThz515KLL5D83Of2p1CVw==
X-Received: by 2002:a7b:c18f:: with SMTP id y15mr16620956wmi.85.1593430914844; 
 Mon, 29 Jun 2020 04:41:54 -0700 (PDT)
Received: from moi-limbo-9350.home
 (host86-139-146-71.range86-139.btcentralplus.com. [86.139.146.71])
 by smtp.gmail.com with ESMTPSA id
 c2sm49486357wrv.47.2020.06.29.04.41.54
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 29 Jun 2020 04:41:54 -0700 (PDT)
From: Beata Michalska <beata.michalska@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v9 2/2] target/arm: kvm: Handle misconfigured dabt injection
Date: Mon, 29 Jun 2020 12:41:10 +0100
Message-Id: <20200629114110.30723-3-beata.michalska@linaro.org>
In-Reply-To: <20200629114110.30723-1-beata.michalska@linaro.org>
References: <20200629114110.30723-1-beata.michalska@linaro.org>
Received-SPF: pass client-ip=2a00:1450:4864:20::343;
 envelope-from=beata.michalska@linaro.org;
 helo=mail-wm1-x343.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, drjones@redhat.com, Christoffer.Dall@arm.com, 
 qemu-arm@nongnu.org, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.

Add support for handling that case.

[
  Fixed-by: 018f22f95e8a
	('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
  Fixed-by: 21aecdbd7f3a
	('KVM: arm: Make inject_abt32() inject an external abort instead')
]

Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
Acked-by: Andrew Jones <drjones@redhat.com>
---
 target/arm/cpu.h     |  2 ++
 target/arm/kvm.c     | 30 +++++++++++++++++++++++++++++-
 target/arm/kvm32.c   | 34 ++++++++++++++++++++++++++++++++++
 target/arm/kvm64.c   | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 target/arm/kvm_arm.h | 10 ++++++++++
 5 files changed, 124 insertions(+), 1 deletion(-)

-- 
2.7.4

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 677584e..ed0ff09 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -570,6 +570,8 @@ typedef struct CPUARMState {
         uint64_t esr;
     } serror;
 
+    uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
+
     /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
     uint32_t irq_line_state;
 
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 545d2ba..603d431 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -749,6 +749,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
 
 void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
 {
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
+
+    if (unlikely(env->ext_dabt_raised)) {
+        /*
+         * Verifying that the ext DABT has been properly injected,
+         * otherwise risking indefinitely re-running the faulting instruction
+         * Covering a very narrow case for kernels 5.5..5.5.4
+         * when injected abort was misconfigured to be
+         * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
+         */
+        if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
+            unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
+
+            error_report("Data abort exception with no valid ISS generated by "
+                   "guest memory access. KVM unable to emulate faulting "
+                   "instruction. Failed to inject an external data abort "
+                   "into the guest.");
+            abort();
+       }
+       /* Clear the status */
+       env->ext_dabt_raised = 0;
+    }
 }
 
 MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
@@ -833,6 +856,8 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
 static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
                                     uint64_t fault_ipa)
 {
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
     /*
      * Request KVM to inject the external data abort into the guest
      */
@@ -847,7 +872,10 @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
          */
         events.exception.ext_dabt_pending = 1;
         /* KVM_CAP_ARM_INJECT_EXT_DABT implies KVM_CAP_VCPU_EVENTS */
-        return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+        if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
+            env->ext_dabt_raised = 1;
+            return 0;
+        }
     } else {
         error_report("Data abort exception triggered by guest memory access "
                      "at physical address: 0x"  TARGET_FMT_lx,
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 7b3a19e..0af46b4 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -559,3 +559,37 @@ void kvm_arm_pmu_init(CPUState *cs)
 {
     qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
 }
+
+#define ARM_REG_DFSR  ARM_CP15_REG32(0, 5, 0, 0)
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
+/*
+ *DFSR:
+ *      TTBCR.EAE == 0
+ *          FS[4]   - DFSR[10]
+ *          FS[3:0] - DFSR[3:0]
+ *      TTBCR.EAE == 1
+ *          FS, bits [5:0]
+ */
+#define DFSR_FSC(lpae, v) \
+    ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
+
+#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+    uint32_t dfsr_val;
+
+    if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
+        ARMCPU *cpu = ARM_CPU(cs);
+        CPUARMState *env = &cpu->env;
+        uint32_t ttbcr;
+        int lpae = 0;
+
+        if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
+            lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
+        }
+        /* The verification is based on FS filed of the DFSR reg only*/
+        return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
+    }
+    return false;
+}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index f09ed9f..88cf10c 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -1497,3 +1497,52 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
 
     return false;
 }
+
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
+
+/*
+ * ESR_EL1
+ * ISS encoding
+ * AARCH64: DFSC,   bits [5:0]
+ * AARCH32:
+ *      TTBCR.EAE == 0
+ *          FS[4]   - DFSR[10]
+ *          FS[3:0] - DFSR[3:0]
+ *      TTBCR.EAE == 1
+ *          FS, bits [5:0]
+ */
+#define ESR_DFSC(aarch64, lpae, v)        \
+    ((aarch64 || (lpae)) ? ((v) & 0x3F)   \
+               : (((v) >> 6) | ((v) & 0x1F)))
+
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
+    ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+    uint64_t dfsr_val;
+
+    if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
+        ARMCPU *cpu = ARM_CPU(cs);
+        CPUARMState *env = &cpu->env;
+        int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
+        int lpae = 0;
+
+        if (!aarch64_mode) {
+            uint64_t ttbcr;
+
+            if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
+                lpae = arm_feature(env, ARM_FEATURE_LPAE)
+                        && (ttbcr & TTBCR_EAE);
+            }
+        }
+        /*
+         * The verification here is based on the DFSC bits
+         * of the ESR_EL1 reg only
+         */
+         return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
+                ESR_DFSC_EXTABT(aarch64_mode, lpae));
+    }
+    return false;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 48bf5e1..471ddd1 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -453,6 +453,16 @@ struct kvm_guest_debug_arch;
 void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
 
 /**
+ * kvm_arm_verify_ext_dabt_pending:
+ * @cs: CPUState
+ *
+ * Verify the fault status code wrt the Ext DABT injection
+ *
+ * Returns: true if the fault status code is as expected, false otherwise
+ */
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
+
+/**
  * its_class_name:
  *
  * Return the ITS class name to use depending on whether KVM acceleration