From patchwork Thu Sep 26 18:38:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 174509 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2438608ill; Thu, 26 Sep 2019 11:39:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqyo4/Ky3IQ8nwTAgNO5N/lco6sZ1NunV/txnlOP9Hi3YnK1WSVog4hpjiw3pIg1oLpAPPyH X-Received: by 2002:a92:1ddd:: with SMTP id g90mr4165597ile.235.1569523199119; Thu, 26 Sep 2019 11:39:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569523199; cv=none; d=google.com; s=arc-20160816; b=FlrhwUX3rsmKkXKm50pRe2MAnfcQIXWmdtYaxXMvGKu/eBoeSo9dNrcILKkxtEtpNa TwQqjYgxS7RVeMkGZP5PHcrPwT2sRzN38MZiUtXCGdVPC1xCnYLkjsdHkRRNp2K4zonz rJj6NdIv3TCOPZm/+mXJm9qQzBliYXAG7yY6gu2OYN8FfgnPdFsUhXdOh4vnFabNXUrc /yfIt+zUW+9Nl7QWtfgTCk3qnUldRNwhQqjZwfl9y999AqkYvSO2ftNtfOdpdcvJmIYm Rjk0BLdDJsjWG5Yf79y32NRWrEWyWbWMDn1MxY9tMKK4nMWRSKPngqDW1pYSszeHGHSw zEIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from; bh=3jI7bDrhfgIXnb+tp9qRcjmlC5K4DHknW47hlKOjGgM=; b=ZdN7lW9v9Xf4tGpK3xHucOyotMGd+dBzI82k++bxxWDTNbXdlWNWVAeW0FiiBvjUxh UAXe4tgNmzZams5lEuxKVTQ40mb/4Fc3/3DRgfc36wnhuPevoXGTCpEYbckEz0WNXCy4 m25WmJZ828ep19SRJv9WiAlZzJWkl7AQZDI5s2WlHyale552jyGNuTnNfanTxgwQRERX R1pgj97nCgzK7rE94qh0cN5RRnDlFEjceK07omCpaYQ+fqX41G9drL9VbQlTxvgXW6R0 5UZoAoLmDp7cp0NdkvSYZsQqiWhKj9LiEsNSQRXm56jn27A/8HJ33/ILXrjwCbb8/2Q2 FaXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id r62si193634ill.74.2019.09.26.11.39.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 26 Sep 2019 11:39:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDYey-0002WA-OA; Thu, 26 Sep 2019 18:38:36 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDYex-0002VO-R0 for xen-devel@lists.xenproject.org; Thu, 26 Sep 2019 18:38:35 +0000 X-Inumbo-ID: d2557d98-e08c-11e9-b588-bc764e2007e4 Received: from foss.arm.com (unknown [217.140.110.172]) by localhost (Halon) with ESMTP id d2557d98-e08c-11e9-b588-bc764e2007e4; Thu, 26 Sep 2019 18:38:24 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E54BF1596; Thu, 26 Sep 2019 11:38:23 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2499B3F67D; Thu, 26 Sep 2019 11:38:23 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Thu, 26 Sep 2019 19:38:08 +0100 Message-Id: <20190926183808.11630-11-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190926183808.11630-1-julien.grall@arm.com> References: <20190926183808.11630-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH RFC for-4.13 10/10] xen/arm64: entry: Ensure the guest state is synced when receiving a vSError X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Julien Grall , Stefano Stabellini , Volodymyr Babchuk , andrii.anisov@gmail.com MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" At the moment, when a SError is received while checking for a pending one, we will skip the handling the initial exception. This includes call to exit_from_guest{, _noirq} that is used to synchronize part of the guest state with the internal representation. However, we still call leave_hypervisor_tail() which is used for preempting the guest and synchronizing back part of the guest state. exit_from_guest{, _noirq} works in pair with leave_hypervisor_tail(), so skipping if former may result to a loss of some part of guest state. An example is the new vGIC which will save the state of the LRS on exit from the guest and rewrite all of them on entry to the guest. For now, calling leave_hypervisor_tail() is not necessary when injecting a vSError to the guest. But as the path is spread accross multiple file, it is hard to enforce that for the future (someone we may want to crash the domain). Therefore it is best to call exit_from_guest{, _noirq} in the vSError path as well. Note that the return value of check_pending_vserror is now set in x19 instead of x0. This is because we want to keep the value across call to C-function and x0, unlike x19, will not be saved by the callee. Signed-off-by: Julien Grall --- I am not aware of any issues other than with the new vGIC. But I haven't looked hard enough so I think it would be worth to try to fix it for Xen 4.13. --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 91cf6ee6f4..f5350247e1 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -168,11 +168,13 @@ /* * The vSError will be checked while SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT * is not set. If a vSError took place, the initial exception will be - * skipped. Exit ASAP + * skipped. + * + * However, we still need to call exit_from_guest{,_noirq} as the + * return path to the guest may rely on state saved by them. */ alternative_if SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT bl check_pending_vserror - cbnz x0, 1f alternative_else_nop_endif mov x0, sp @@ -180,6 +182,11 @@ msr daifclr, \iflags mov x0, sp bl enter_hypervisor_from_guest + + alternative_if SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT + cbnz x19, 1f + alternative_else_nop_endif + mov x0, sp bl do_trap_\trap 1: @@ -383,9 +390,9 @@ return_from_trap: /* * This function is used to check pending virtual SError in the gap of * EL1 -> EL2 world switch. - * The x0 register will be used to indicate the results of detection. - * x0 -- Non-zero indicates a pending virtual SError took place. - * x0 -- Zero indicates no pending virtual SError took place. + * The register x19 will be used to indicate the results of detection. + * x19 -- Non-zero indicates a pending virtual SError took place. + * x19 -- Zero indicates no pending virtual SError took place. */ check_pending_vserror: /* @@ -432,9 +439,9 @@ abort_guest_exit_end: /* * Not equal, the pending SError exception took place, set - * x0 to non-zero. + * x19 to non-zero. */ - cset x0, ne + cset x19, ne ret