From patchwork Thu Jun 25 22:03:35 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Beata Michalska <beata.michalska@linaro.org>
X-Patchwork-Id: 191748
Delivered-To: patch@linaro.org
Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp1221743ilg;
 Thu, 25 Jun 2020 15:05:00 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyixmtjIuehaKjbuVxsJOP4+ZW/EL2oeM8f6BTfsfeP9rQ0CLCbjt7LYkqrd4sPo+8obsrX
X-Received: by 2002:ac8:4746:: with SMTP id k6mr34659960qtp.234.1593122699898; 
 Thu, 25 Jun 2020 15:04:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593122699; cv=none;
 d=google.com; s=arc-20160816;
 b=xquYq3mbWtiJwEuNXzEabnTFLm6oxxglNYX8xUDroMeIQTUClzjcJTOG/k80+SqtUr
 aU59a/ml3YCBBY5id7KEe2i9kiu+kCEYnouru/iXtBCV+5nLzCMVDkaEbzr3QtwDlQro
 vr/POdyr3KtRI9mWs3pRRSb4bOZOFX8rGE+ZVDoHVoBf73t62J7yOScy3k3ipP5fTmaW
 vF20c3s98Y3lAIukHAczu1JKKD+xzpWiv2omOmw/7CUugPOjOY11fx94+kiMM1i/ERzh
 B0nOKBHxeqj6s4V6wCg6x7Wr/NMoZ33dnw0sXNCg7ai9YQmYpgf5GZoTL5xzoe63i+xq
 TO8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:to:from:dkim-signature;
 bh=xqBewfs0yRv9zowM52KWK7aVpkH8u64GAFft74ama6k=;
 b=v2drYaCQ0kApZxv/DoQulOui/l14KVCUj1Q8nONKu5lIhwoUHyY096Oj4vGB5arTKo
 5M2yunytuH6aI6fSywYhE3rWwUxhgKKd5wcm7/AFcjphZ/l5UiRSCWRiR1kb3Fo6VF7c
 iUf2V254am+a7q/WYz300YC+cCbeZgAVFY0/7jMgSvwzTUP18mbkYX37SzdXV9NW4/aC
 9wDXFgiKxqFGpdEuDV7k7QviymM5uytL4h/wsGCCM5e4+vXmMt84jkgBgmuIx7uRnKpZ
 xR55fxeFiT9bWHXJ/Xf+kDip1V36uB0cgGZ5b536JJLW4WJpueewEQuKsDOv7iTLKmjy
 /t9A==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=aHuGizhF;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 l88si1070630qte.13.2020.06.25.15.04.59 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 25 Jun 2020 15:04:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=aHuGizhF;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:55998 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1joZzP-0001v9-4g
 for patch@linaro.org; Thu, 25 Jun 2020 18:04:59 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60158)
 by lists.gnu.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1joZz7-0001tw-2o
 for qemu-devel@nongnu.org; Thu, 25 Jun 2020 18:04:41 -0400
Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:46010)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1joZz5-0001S2-5L
 for qemu-devel@nongnu.org; Thu, 25 Jun 2020 18:04:40 -0400
Received: by mail-wr1-x441.google.com with SMTP id s10so7420630wrw.12
 for <qemu-devel@nongnu.org>; Thu, 25 Jun 2020 15:04:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=xqBewfs0yRv9zowM52KWK7aVpkH8u64GAFft74ama6k=;
 b=aHuGizhFNXvtoOoOQkhV6AY8qTFn6eHcgpzse6Ey3DG4fVDY4YHsUhbRNJDLGMUG4G
 Jz1jOZEfCL3OmxRG/jbiRZlQGJ8rqoGfCQR/REdsdHzhW48Y6QGpXesRCZQvK8SxPDXb
 1jwpNlvba2smvhXI5ELEjVCadeLLvt1UTAwSrLe3TVkT9If0Q/7YM1vgkyZt/qb2JN++
 dVQXZnE8f0flPgJt/p4VtlWnkhtilQQ+mkEWoWaZ45Q5oRz7TZvSwaaIywHHAXJ0+fhi
 D9XjzNY7/aIwJH61OL9Hx2f+P/sEPssAJsb+O6FFbCVrEQtRwdHB0UFntkbd85Qb8LFS
 JnRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=xqBewfs0yRv9zowM52KWK7aVpkH8u64GAFft74ama6k=;
 b=QcNdAPY3uqsSAvKlVb5WDRJgBix2c58FvvUha3ZAHJehRuF7mHmgpTaseQ3eqZ9ZEi
 HsMvSiweD0I6XDpYEDF5mvGlSemMdWoJiGlISsyyR8xMNYfIDcQUNqpYN0CcEgxoptZO
 f98oZamHyvdrSuGW6JBTDuAlHvipHbMYW9P/jzqUMdra1oe3/ovfiqJHWljOSvmzzx+t
 5lDrTPWCKM4JcbGke9l2Edi0kxC23tHWTHFe0vQG0o1QyTQlMu1Yc72QqjtolfuBD+q6
 tFI0x2kj2dGpvGJ4gFpZAQWY1mH3kQNclw+t4tITU1mUiUxLDm3lseTkF3xV7Qme6KTA
 OR2Q==
X-Gm-Message-State: AOAM532AFTIeqoY/A4WYYz6WFl9kHpNFgMPmtTlAtGbCrLqlqb5iy9Dl
 G+Azdcpo2OhfB6fn04z9AfCOh12mferFKw==
X-Received: by 2002:a5d:4649:: with SMTP id j9mr335102wrs.270.1593122677110; 
 Thu, 25 Jun 2020 15:04:37 -0700 (PDT)
Received: from moi-limbo-9350.home
 (host86-139-146-71.range86-139.btcentralplus.com. [86.139.146.71])
 by smtp.gmail.com with ESMTPSA id
 l190sm13939277wml.12.2020.06.25.15.04.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 25 Jun 2020 15:04:36 -0700 (PDT)
From: Beata Michalska <beata.michalska@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v6 1/2] target/arm: kvm: Handle DABT with no valid ISS
Date: Thu, 25 Jun 2020 23:03:35 +0100
Message-Id: <20200625220336.10186-2-beata.michalska@linaro.org>
In-Reply-To: <20200625220336.10186-1-beata.michalska@linaro.org>
References: <20200625220336.10186-1-beata.michalska@linaro.org>
Received-SPF: pass client-ip=2a00:1450:4864:20::441;
 envelope-from=beata.michalska@linaro.org;
 helo=mail-wr1-x441.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, drjones@redhat.com, Christoffer.Dall@arm.com, 
 qemu-arm@nongnu.org, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.

Add support for handling those by requesting KVM to inject external
dabt into the quest.

Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
 target/arm/kvm.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 58 insertions(+), 1 deletion(-)

-- 
2.7.4
Reviewed-by: Andrew Jones <drjones@redhat.com>

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index eef3bbd..265c4b8 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -39,6 +39,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 
 static bool cap_has_mp_state;
 static bool cap_has_inject_serror_esr;
+static bool cap_has_inject_ext_dabt;
 
 static ARMHostCPUFeatures arm_host_cpu_features;
 
@@ -245,6 +246,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
         ret = -EINVAL;
     }
 
+    if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
+        if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
+            error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
+        } else {
+            /* Set status for supporting the external dabt injection */
+            cap_has_inject_ext_dabt = kvm_check_extension(s,
+                                    KVM_CAP_ARM_INJECT_EXT_DABT);
+        }
+    }
+
     return ret;
 }
 
@@ -810,6 +821,47 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
     }
 }
 
+/**
+ * kvm_arm_handle_dabt_nisv:
+ * @cs: CPUState
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
+ *           ISV bit set to '0b0' -> no valid instruction syndrome
+ * @fault_ipa: faulting address for the synchronous data abort
+ *
+ * Returns: 0 if the exception has been handled, < 0 otherwise
+ */
+static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
+                             uint64_t fault_ipa)
+{
+    /*
+     * Request KVM to inject the external data abort into the guest
+     */
+    if (cap_has_inject_ext_dabt) {
+        struct kvm_vcpu_events events;
+        /*
+         * KVM_CAP_ARM_INJECT_EXT_DABT support implies one for
+         * KVM_CAP_VCPU_EVENTS
+         */
+        memset(&events, 0, sizeof(events));
+        /*
+         * Skipping all the overhead of syncing vcpu regs back and forth
+         * and messing around with the vcpu_dirty flag to avoid
+         * overwriting changes done by KVM : directly calling
+         * the associated ioctl with the status set for external data abort,
+         * which, in turn, will be directly delivered to the affected vcpu.
+         */
+        events.exception.ext_dabt_pending = 1;
+
+        return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+    } else {
+        error_report("Data abort exception triggered by guest memory access "
+                     "at physical address: 0x"  TARGET_FMT_lx,
+                     (target_ulong)fault_ipa);
+        error_printf("KVM unable to emulate faulting instruction.\n");
+    }
+    return -1;
+}
+
 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
 {
     int ret = 0;
@@ -820,7 +872,12 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
             ret = EXCP_DEBUG;
         } /* otherwise return to guest */
         break;
-    default:
+    case KVM_EXIT_ARM_NISV:
+        /* External DABT with no valid iss to decode */
+        ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
+                                       run->arm_nisv.fault_ipa);
+        break;
+     default:
         qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
                       __func__, run->exit_reason);
         break;

From patchwork Thu Jun 25 22:03:36 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Beata Michalska <beata.michalska@linaro.org>
X-Patchwork-Id: 191749
Delivered-To: patch@linaro.org
Received: by 2002:a54:3249:0:0:0:0:0 with SMTP id g9csp1671097ecs;
 Thu, 25 Jun 2020 15:05:26 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxc67uJnWZwOuExMlhuVBeTQxrQLL0wciw3/x3xx8SDcoEyZiLaHboqbTy9ZyoDb0Mm5lK+
X-Received: by 2002:ac8:891:: with SMTP id v17mr34811868qth.114.1593122726450; 
 Thu, 25 Jun 2020 15:05:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593122726; cv=none;
 d=google.com; s=arc-20160816;
 b=tNcY9/cuS/A6aBV3xT7oymNIIDy0lrREsDdx4FTk+wHVUmA3cu0t0J+SpphbaAD5Tc
 d3ERKrvIbpqDZk37SvFkx8QqtSiFZ53n0uiec/id/5+agJILAfjRUQD4ds0PiqyO71/G
 fpJpVxBsQogvKe0RGysAJBjztwBzl85xfLwXKeVMai+5mf6NeQ3l8ovYtnwkbaBNFDlQ
 CaE81ijhSRcmoWq1Rzr7kunKEgbnIWfP1MDDi/ErEJWRBoW/p4tg8VEjCkKO3c68FsLy
 qefaiYHVAkVUJ4YRh84tR1su6PjN/VU1t8nsl6wE4Y9PCTebpneH7KaLTykCuRhqs2Qt
 aPeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:to:from:dkim-signature;
 bh=3EUYQpC70D9Loz0SWVXQKzo9Z+PggfBQJAuynLuJD3w=;
 b=cKxyVViPFkFENzF6mhOz1xJb4gQ1YQiSxTvdHFdA7xMokUAzDbmToZgvIs0frOkqXF
 aqwkHX/Eqmd7ugFqOSkhwg+jytam3s5JJLdx8phbVPcEbIzfhHmMLb3SlJT3gZidokth
 XHsYQx+fE3rwWJn0oV+GJfho3VsIKNrArbRix2e30o2K2YePN9z2z0nEFVtHOFghfmUk
 zlRNqPFZKD63ldGAdPkDayANlf3M3PAPAYSeYIs7ek/fbpFFuSL6OSbBXYJcZL380lUR
 qlc3txg1lvQEd8h16QWQHPSNyPWCDpZhXYIHL1ljcBVB2CWQ6B3JV/YKU1PFS/BeQJYl
 wukA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=mGh0MsJ7;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 w11si14070552qka.86.2020.06.25.15.05.26 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 25 Jun 2020 15:05:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=mGh0MsJ7;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:57186 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1joZzp-0002PG-O4
 for patch@linaro.org; Thu, 25 Jun 2020 18:05:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60240)
 by lists.gnu.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1joZzH-00020V-4J
 for qemu-devel@nongnu.org; Thu, 25 Jun 2020 18:04:51 -0400
Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:34173)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <beata.michalska@linaro.org>)
 id 1joZzE-0001TE-OI
 for qemu-devel@nongnu.org; Thu, 25 Jun 2020 18:04:50 -0400
Received: by mail-wr1-x441.google.com with SMTP id f7so4466542wrw.1
 for <qemu-devel@nongnu.org>; Thu, 25 Jun 2020 15:04:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=3EUYQpC70D9Loz0SWVXQKzo9Z+PggfBQJAuynLuJD3w=;
 b=mGh0MsJ71Je829bnOR/C1wiyL1nvX4y+aI7pdrMZ3tFvAuEbOxG0bTLehQ1BEv90Jo
 GWc/+1L/I0jl3UZzipYUJfnmrAtMSkrKBSF1F436K75o6AENCeNQts7EaLosNBRDtwzV
 rXhVKAVpFKgcXjRE//X9OaNDSlIlWHa5wRoPXUVoP/jLIc4SGyrqLAIsqDzx7zWJYFi6
 I/s2M2d5RYMsJyXkQUEYrEfExvArVjO4lrqDzF2D9BpU54s5B4EWRQTU8bX6sDz0yAj2
 vzTZUHmPMV9AN3cJHgHsfhNDQlZQcIzzKgTmUcam73W+c4N4jdOq6erv884BKESUgvnP
 o8OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=3EUYQpC70D9Loz0SWVXQKzo9Z+PggfBQJAuynLuJD3w=;
 b=YbzuPtpTLvbPOeAjaFZb2l6DMl8qE6Et7LKXU+qTbRPAOBXKLttRjHAnmgtaaihtid
 +xXpz+0rWt5bXNplq3iQAOnQKY18Y5kCvpTCIQhdOfNuA2EZDoznrY69jtG7/tYhVuJl
 rooPvqXLSVGBBT5erDyaxkD+0bXW6r0NRhl4nf1sZp45c4+VCSHU76BU3zIoB44n5Myz
 PgbWpbj+twJTz4fpM5RyvWGuTf1xI8rBYZf3ub8AG2+iQohDC6nOb01Uqmk9Ur+7JQ4w
 R3b4ZUNdZ5MPnn94oJ0Fna+37vi5k5BRX9l1gxUkkKwcvOKFsINMY7yE+3RLDZwqiwBT
 mMlg==
X-Gm-Message-State: AOAM532OnpWVPUcRwhV0964kzAtqS6RWmw/MsM41mQx0XUpRwuYjMZu9
 txdwPMjoPLjZFWqE6o6uwh+uIrwsw4Pm9A==
X-Received: by 2002:adf:e7c8:: with SMTP id e8mr369120wrn.20.1593122687020; 
 Thu, 25 Jun 2020 15:04:47 -0700 (PDT)
Received: from moi-limbo-9350.home
 (host86-139-146-71.range86-139.btcentralplus.com. [86.139.146.71])
 by smtp.gmail.com with ESMTPSA id
 l190sm13939277wml.12.2020.06.25.15.04.45
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 25 Jun 2020 15:04:46 -0700 (PDT)
From: Beata Michalska <beata.michalska@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v6 2/2] target/arm: kvm: Handle misconfigured dabt injection
Date: Thu, 25 Jun 2020 23:03:36 +0100
Message-Id: <20200625220336.10186-3-beata.michalska@linaro.org>
In-Reply-To: <20200625220336.10186-1-beata.michalska@linaro.org>
References: <20200625220336.10186-1-beata.michalska@linaro.org>
Received-SPF: pass client-ip=2a00:1450:4864:20::441;
 envelope-from=beata.michalska@linaro.org;
 helo=mail-wr1-x441.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, drjones@redhat.com, Christoffer.Dall@arm.com, 
 qemu-arm@nongnu.org, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.

Add support for handling that case.

[
  Fixed-by: 018f22f95e8a
	('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
  Fixed-by: 21aecdbd7f3a
	('KVM: arm: Make inject_abt32() inject an external abort instead')
]

Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
---
 target/arm/cpu.h     |  2 ++
 target/arm/kvm.c     | 30 +++++++++++++++++++++++++++++-
 target/arm/kvm32.c   | 34 ++++++++++++++++++++++++++++++++++
 target/arm/kvm64.c   | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 target/arm/kvm_arm.h | 10 ++++++++++
 5 files changed, 124 insertions(+), 1 deletion(-)

-- 
2.7.4
Acked-by: Andrew Jones <drjones@redhat.com>

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 677584e..ed0ff09 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -570,6 +570,8 @@ typedef struct CPUARMState {
         uint64_t esr;
     } serror;
 
+    uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
+
     /* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
     uint32_t irq_line_state;
 
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 265c4b8..85a09ea 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -749,6 +749,29 @@ int kvm_get_vcpu_events(ARMCPU *cpu)
 
 void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
 {
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
+
+    if (unlikely(env->ext_dabt_raised)) {
+        /*
+         * Verifying that the ext DABT has been properly injected,
+         * otherwise risking indefinitely re-running the faulting instruction
+         * Covering a very narrow case for kernels 5.5..5.5.4
+         * when injected abort was misconfigured to be
+         * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
+         */
+        if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
+            unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
+
+            error_report("Data abort exception with no valid ISS generated by "
+                   "guest memory access. KVM unable to emulate faulting "
+                   "instruction. Failed to inject an external data abort "
+                   "into the guest.");
+            abort();
+       }
+       /* Clear the status */
+       env->ext_dabt_raised = 0;
+    }
 }
 
 MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
@@ -833,6 +856,8 @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
 static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
                              uint64_t fault_ipa)
 {
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
     /*
      * Request KVM to inject the external data abort into the guest
      */
@@ -852,7 +877,10 @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
          */
         events.exception.ext_dabt_pending = 1;
 
-        return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
+        if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
+            env->ext_dabt_raised = 1;
+            return 0;
+        }
     } else {
         error_report("Data abort exception triggered by guest memory access "
                      "at physical address: 0x"  TARGET_FMT_lx,
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 7b3a19e..0af46b4 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -559,3 +559,37 @@ void kvm_arm_pmu_init(CPUState *cs)
 {
     qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
 }
+
+#define ARM_REG_DFSR  ARM_CP15_REG32(0, 5, 0, 0)
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
+/*
+ *DFSR:
+ *      TTBCR.EAE == 0
+ *          FS[4]   - DFSR[10]
+ *          FS[3:0] - DFSR[3:0]
+ *      TTBCR.EAE == 1
+ *          FS, bits [5:0]
+ */
+#define DFSR_FSC(lpae, v) \
+    ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
+
+#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+    uint32_t dfsr_val;
+
+    if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
+        ARMCPU *cpu = ARM_CPU(cs);
+        CPUARMState *env = &cpu->env;
+        uint32_t ttbcr;
+        int lpae = 0;
+
+        if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
+            lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
+        }
+        /* The verification is based on FS filed of the DFSR reg only*/
+        return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
+    }
+    return false;
+}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index f09ed9f..88cf10c 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -1497,3 +1497,52 @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
 
     return false;
 }
+
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
+
+/*
+ * ESR_EL1
+ * ISS encoding
+ * AARCH64: DFSC,   bits [5:0]
+ * AARCH32:
+ *      TTBCR.EAE == 0
+ *          FS[4]   - DFSR[10]
+ *          FS[3:0] - DFSR[3:0]
+ *      TTBCR.EAE == 1
+ *          FS, bits [5:0]
+ */
+#define ESR_DFSC(aarch64, lpae, v)        \
+    ((aarch64 || (lpae)) ? ((v) & 0x3F)   \
+               : (((v) >> 6) | ((v) & 0x1F)))
+
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
+    ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
+
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
+{
+    uint64_t dfsr_val;
+
+    if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
+        ARMCPU *cpu = ARM_CPU(cs);
+        CPUARMState *env = &cpu->env;
+        int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
+        int lpae = 0;
+
+        if (!aarch64_mode) {
+            uint64_t ttbcr;
+
+            if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
+                lpae = arm_feature(env, ARM_FEATURE_LPAE)
+                        && (ttbcr & TTBCR_EAE);
+            }
+        }
+        /*
+         * The verification here is based on the DFSC bits
+         * of the ESR_EL1 reg only
+         */
+         return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
+                ESR_DFSC_EXTABT(aarch64_mode, lpae));
+    }
+    return false;
+}
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 48bf5e1..471ddd1 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -453,6 +453,16 @@ struct kvm_guest_debug_arch;
 void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
 
 /**
+ * kvm_arm_verify_ext_dabt_pending:
+ * @cs: CPUState
+ *
+ * Verify the fault status code wrt the Ext DABT injection
+ *
+ * Returns: true if the fault status code is as expected, false otherwise
+ */
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
+
+/**
  * its_class_name:
  *
  * Return the ITS class name to use depending on whether KVM acceleration