From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
To: "Michael Neuling" <mikey@neuling.org>,
"Cédric Le Goater" <clg@kaod.org>,
mpe@ellerman.id.au
Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org,
Suraj Jitindar Singh <surajjs@au1.ibm.com>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: Fix r3 corruption in h_set_dabr()
Date: Thu, 13 Jun 2019 00:39:45 +0000 [thread overview]
Message-ID: <1560386385.1924.2.camel@gmail.com> (raw)
In-Reply-To: <605bc6844ebb0ce2bf9dea906b707359500ceb4f.camel@neuling.org>
On Thu, 2019-06-13 at 10:16 +1000, Michael Neuling wrote:
> On Wed, 2019-06-12 at 09:43 +0200, Cédric Le Goater wrote:
> > On 12/06/2019 09:22, Michael Neuling wrote:
> > > In commit c1fe190c0672 ("powerpc: Add force enable of DAWR on P9
> > > option") I screwed up some assembler and corrupted a pointer in
> > > r3. This resulted in crashes like the below from Cédric:
> > >
> > > [ 44.374746] BUG: Kernel NULL pointer dereference at
> > > 0x000013bf
> > > [ 44.374848] Faulting instruction address: 0xc00000000010b044
> > > [ 44.374906] Oops: Kernel access of bad area, sig: 11 [#1]
> > > [ 44.374951] LE PAGE_SIZEdK MMU=Radix MMU=Hash SMP
> > > NR_CPUS 48 NUMA pSeries
> > > [ 44.375018] Modules linked in: vhost_net vhost tap
> > > xt_CHECKSUM iptable_mangle xt_MASQUERADE iptable_nat nf_nat
> > > xt_conntrack nf_conntrack nf_defrag_ipv6 libcrc32c nf_defrag_ipv4
> > > ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter
> > > ebtables ip6table_filter ip6_tables iptable_filter bpfilter
> > > vmx_crypto crct10dif_vpmsum crc32c_vpmsum kvm_hv kvm sch_fq_codel
> > > ip_tables x_tables autofs4 virtio_net net_failover virtio_scsi
> > > failover
> > > [ 44.375401] CPU: 8 PID: 1771 Comm: qemu-system-ppc Kdump:
> > > loaded Not tainted 5.2.0-rc4+ #3
> > > [ 44.375500] NIP: c00000000010b044 LR: c0080000089dacf4 CTR:
> > > c00000000010aff4
> > > [ 44.375604] REGS: c00000179b397710 TRAP: 0300 Not
> > > tainted (5.2.0-rc4+)
> > > [ 44.375691] MSR: 800000000280b033
> > > <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 42244842 XER: 00000000
> > > [ 44.375815] CFAR: c00000000010aff8 DAR: 00000000000013bf
> > > DSISR: 42000000 IRQMASK: 0
> > > [ 44.375815] GPR00: c0080000089dd6bc c00000179b3979a0
> > > c008000008a04300 ffffffffffffffff
> > > [ 44.375815] GPR04: 0000000000000000 0000000000000003
> > > 000000002444b05d c0000017f11c45d0
> > > [ 44.375815] GPR08: 078000003e018dfe 0000000000000028
> > > 0000000000000001 0000000000000075
> > > [ 44.375815] GPR12: c00000000010aff4 c000000007ff6300
> > > 0000000000000000 0000000000000000
> > > [ 44.375815] GPR16: 0000000000000000 c0000017f11d0000
> > > 00000000ffffffff c0000017f11ca7a8
> > > [ 44.375815] GPR20: c0000017f11c42ec ffffffffffffffff
> > > 0000000000000000 000000000000000a
> > > [ 44.375815] GPR24: fffffffffffffffc 0000000000000000
> > > c0000017f11c0000 c000000001a77ed8
> > > [ 44.375815] GPR28: c00000179af70000 fffffffffffffffc
> > > c0080000089ff170 c00000179ae88540
> > > [ 44.376673] NIP [c00000000010b044]
> > > kvmppc_h_set_dabr+0x50/0x68
> > > [ 44.376754] LR [c0080000089dacf4]
> > > kvmppc_pseries_do_hcall+0xa3c/0xeb0 [kvm_hv]
> > > [ 44.376849] Call Trace:
> > > [ 44.376886] [c00000179b3979a0] [c0000017f11c0000]
> > > 0xc0000017f11c0000 (unreliable)
> > > [ 44.376982] [c00000179b397a10] [c0080000089dd6bc]
> > > kvmppc_vcpu_run_hv+0x694/0xec0 [kvm_hv]
> > > [ 44.377084] [c00000179b397ae0] [c0080000093f8bcc]
> > > kvmppc_vcpu_run+0x34/0x48 [kvm]
> > > [ 44.377185] [c00000179b397b00] [c0080000093f522c]
> > > kvm_arch_vcpu_ioctl_run+0x2f4/0x400 [kvm]
> > > [ 44.377286] [c00000179b397b90] [c0080000093e3618]
> > > kvm_vcpu_ioctl+0x460/0x850 [kvm]
> > > [ 44.377384] [c00000179b397d00] [c0000000004ba6c4]
> > > do_vfs_ioctl+0xe4/0xb40
> > > [ 44.377464] [c00000179b397db0] [c0000000004bb1e4]
> > > ksys_ioctl+0xc4/0x110
> > > [ 44.377547] [c00000179b397e00] [c0000000004bb258]
> > > sys_ioctl+0x28/0x80
> > > [ 44.377628] [c00000179b397e20] [c00000000000b888]
> > > system_call+0x5c/0x70
> > > [ 44.377712] Instruction dump:
> > > [ 44.377765] 4082fff4 4c00012c 38600000 4e800020 e96280c0
> > > 896b0000 2c2b0000 3860ffff
> > > [ 44.377862] 4d820020 50852e74 508516f6 78840724 <f88313c0>
> > > f8a313c8 7c942ba6 7cbc2ba6
> > >
> > > This fixes the problem by only changing r3 when we are returning
> > > immediately.
> > >
> > > Signed-off-by: Michael Neuling <mikey@neuling.org>
> > > Reported-by: Cédric Le Goater <clg@kaod.org>
> >
> > On nested, I still see :
> >
> > [ 94.609274] Oops: Exception in kernel mode, sig: 4 [#1]
> > [ 94.609432] LE PAGE_SIZEdK MMU=Radix MMU=Hash SMP NR_CPUS 48
> > NUMA pSeries
> > [ 94.609596] Modules linked in: vhost_net vhost tap xt_CHECKSUM
> > iptable_mangle xt_MASQUERADE iptable_nat nf_nat xt_conntrack
> > nf_conntrack nf_defrag_ipv6 libcrc32c nf_defrag_ipv4 ipt_REJECT
> > nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables
> > ip6table_filter ip6_tables iptable_filter bpfilter vmx_crypto
> > kvm_hv crct10dif_vpmsum crc32c_vpmsum kvm sch_fq_codel ip_tables
> > x_tables autofs4 virtio_net virtio_scsi net_failover failover
> > [ 94.610179] CPU: 12 PID: 2026 Comm: qemu-system-ppc Kdump:
> > loaded Not tainted 5.2.0-rc4+ #6
> > [ 94.610290] NIP: c00000000010b050 LR: c008000008bbacf4 CTR:
> > c00000000010aff4
> > [ 94.610400] REGS: c0000017913d7710 TRAP: 0700 Not
> > tainted (5.2.0-rc4+)
> > [ 94.610493] MSR: 800000000284b033
> > <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 42224842 XER: 00000000
> > [ 94.610671] CFAR: c00000000010b030 IRQMASK: 0
> > [ 94.610671] GPR00: c008000008bbd6bc c0000017913d79a0
> > c008000008be4300 c000001791376220
> > [ 94.610671] GPR04: 0000000000000000 0000000000000003
> > 00000000f679892e c0000017911045d0
> > [ 94.610671] GPR08: 078000003e018dfe 0000000000000028
> > 0000000000000001 0000000000000075
> > [ 94.610671] GPR12: c00000000010aff4 c000000007ff1300
> > 0000000000000000 0000000000000000
> > [ 94.610671] GPR16: 0000000000000000 c000001791110000
> > 00000000ffffffff c00000179110a7a8
> > [ 94.610671] GPR20: c0000017911042ec ffffffffffffffff
> > 0000000000000000 000000000000000a
> > [ 94.610671] GPR24: fffffffffffffffc 0000000000000000
> > c000001791100000 c000000001a77ed8
> > [ 94.610671] GPR28: c0000017925d0000 fffffffffffffffc
> > c008000008bdf170 c000001791376220
> > [ 94.611818] NIP [c00000000010b050] kvmppc_h_set_dabr+0x5c/0x6c
> > [ 94.611932] LR [c008000008bbacf4]
> > kvmppc_pseries_do_hcall+0xa3c/0xeb0 [kvm_hv]
> > [ 94.612064] Call Trace:
> > [ 94.612115] [c0000017913d79a0] [c000001791100000]
> > 0xc000001791100000 (unreliable)
> > [ 94.612252] [c0000017913d7a10] [c008000008bbd6bc]
> > kvmppc_vcpu_run_hv+0x694/0xec0 [kvm_hv]
> > [ 94.612394] [c0000017913d7ae0] [c0080000091e8bcc]
> > kvmppc_vcpu_run+0x34/0x48 [kvm]
> > [ 94.612536] [c0000017913d7b00] [c0080000091e522c]
> > kvm_arch_vcpu_ioctl_run+0x2f4/0x400 [kvm]
> > [ 94.612674] [c0000017913d7b90] [c0080000091d3618]
> > kvm_vcpu_ioctl+0x460/0x850 [kvm]
> > [ 94.612821] [c0000017913d7d00] [c0000000004ba6d4]
> > do_vfs_ioctl+0xe4/0xb40
> > [ 94.612935] [c0000017913d7db0] [c0000000004bb1f4]
> > ksys_ioctl+0xc4/0x110
> > [ 94.613051] [c0000017913d7e00] [c0000000004bb268]
> > sys_ioctl+0x28/0x80
> > [ 94.613160] [c0000017913d7e20] [c00000000000b888]
> > system_call+0x5c/0x70
> > [ 94.613267] Instruction dump:
> > [ 94.613335] 4e800020 e96280c0 896b0000 2c2b0000 4082000c
> > 3860ffff 4e800020 50852e74
> > [ 94.613470] 508516f6 78840724 f88313c0 f8a313c8 <7c942ba6>
> > 7cbc2ba6 38600000 4e800020
> >
> >
> > Here is the asm dump:
> >
> >
> > 3:
> > /* Emulate H_SET_DABR/X on P8 for the sake of compat mode
> > guests */
> > rlwimi r5, r4, 5, DAWRX_DR | DAWRX_DW
> > c00000000010b03c: 74 2e 85 50 rlwimi r5,r4,5,25,26
> > rlwimi r5, r4, 2, DAWRX_WT
> > c00000000010b040: f6 16 85 50 rlwimi r5,r4,2,27,27
> > clrrdi r4, r4, 3
> > c00000000010b044: 24 07 84 78 rldicr r4,r4,0,60
> > std r4, VCPU_DAWR(r3)
> > c00000000010b048: c0 13 83 f8 std r4,5056(r3)
> > std r5, VCPU_DAWRX(r3)
> > c00000000010b04c: c8 13 a3 f8 std r5,5064(r3)
> > mtspr SPRN_DAWR, r4
> > c00000000010b050: a6 2b 94 7c mtspr 180,r4
> > mtspr SPRN_DAWRX, r5
> > c00000000010b054: a6 2b bc 7c mtspr 188,r5
> > li r3, 0
> > c00000000010b058: 00 00 60 38 li r3,0
> > blr
> > c00000000010b05c: 20 00 80 4e blr
>
> It's the `mtspr SPRN_DAWR, r4` as you're HV=0. I'm not sure how
> nested works
> in that regard. Is the level above suppose to trap and emulate
> that?
>
Yeah so as a nested hypervisor we need to avoid that call to mtspr
SPRN_DAWR since it's HV privileged and we run with HV = 0.
The fix will be to check kvmhv_on_pseries() before doing the write. In
fact we should avoid the write any time we call the function from _not_
real mode.
I'll submit a fix for the KVM side. Doesn't look like this is anything
to do with Mikey's patch, was always broken as far as I can tell.
> I'm surprised that's changed by this patch.
>
> Mikey
>
>
> >
> > C.
> >
> >
> > > --
> > > mpe: This is for 5.2 fixes
> > > ---
> > > arch/powerpc/kvm/book3s_hv_rmhandlers.S | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > index 139027c62d..f781ee1458 100644
> > > --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > @@ -2519,8 +2519,10 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
> > > LOAD_REG_ADDR(r11, dawr_force_enable)
> > > lbz r11, 0(r11)
> > > cmpdi r11, 0
> > > + bne 3f
> > > li r3, H_HARDWARE
> > > - beqlr
> > > + blr
> > > +3:
> > > /* Emulate H_SET_DABR/X on P8 for the sake of compat
> > > mode guests */
> > > rlwimi r5, r4, 5, DAWRX_DR | DAWRX_DW
> > > rlwimi r5, r4, 2, DAWRX_WT
> > >
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
To: "Michael Neuling" <mikey@neuling.org>,
"Cédric Le Goater" <clg@kaod.org>,
mpe@ellerman.id.au
Cc: linuxppc-dev@lists.ozlabs.org, kvm-ppc@vger.kernel.org,
Suraj Jitindar Singh <surajjs@au1.ibm.com>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: Fix r3 corruption in h_set_dabr()
Date: Wed, 12 Jun 2019 17:39:45 -0700 [thread overview]
Message-ID: <1560386385.1924.2.camel@gmail.com> (raw)
In-Reply-To: <605bc6844ebb0ce2bf9dea906b707359500ceb4f.camel@neuling.org>
On Thu, 2019-06-13 at 10:16 +1000, Michael Neuling wrote:
> On Wed, 2019-06-12 at 09:43 +0200, Cédric Le Goater wrote:
> > On 12/06/2019 09:22, Michael Neuling wrote:
> > > In commit c1fe190c0672 ("powerpc: Add force enable of DAWR on P9
> > > option") I screwed up some assembler and corrupted a pointer in
> > > r3. This resulted in crashes like the below from Cédric:
> > >
> > > [ 44.374746] BUG: Kernel NULL pointer dereference at
> > > 0x000013bf
> > > [ 44.374848] Faulting instruction address: 0xc00000000010b044
> > > [ 44.374906] Oops: Kernel access of bad area, sig: 11 [#1]
> > > [ 44.374951] LE PAGE_SIZE=64K MMU=Radix MMU=Hash SMP
> > > NR_CPUS=2048 NUMA pSeries
> > > [ 44.375018] Modules linked in: vhost_net vhost tap
> > > xt_CHECKSUM iptable_mangle xt_MASQUERADE iptable_nat nf_nat
> > > xt_conntrack nf_conntrack nf_defrag_ipv6 libcrc32c nf_defrag_ipv4
> > > ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter
> > > ebtables ip6table_filter ip6_tables iptable_filter bpfilter
> > > vmx_crypto crct10dif_vpmsum crc32c_vpmsum kvm_hv kvm sch_fq_codel
> > > ip_tables x_tables autofs4 virtio_net net_failover virtio_scsi
> > > failover
> > > [ 44.375401] CPU: 8 PID: 1771 Comm: qemu-system-ppc Kdump:
> > > loaded Not tainted 5.2.0-rc4+ #3
> > > [ 44.375500] NIP: c00000000010b044 LR: c0080000089dacf4 CTR:
> > > c00000000010aff4
> > > [ 44.375604] REGS: c00000179b397710 TRAP: 0300 Not
> > > tainted (5.2.0-rc4+)
> > > [ 44.375691] MSR: 800000000280b033
> > > <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 42244842 XER: 00000000
> > > [ 44.375815] CFAR: c00000000010aff8 DAR: 00000000000013bf
> > > DSISR: 42000000 IRQMASK: 0
> > > [ 44.375815] GPR00: c0080000089dd6bc c00000179b3979a0
> > > c008000008a04300 ffffffffffffffff
> > > [ 44.375815] GPR04: 0000000000000000 0000000000000003
> > > 000000002444b05d c0000017f11c45d0
> > > [ 44.375815] GPR08: 078000003e018dfe 0000000000000028
> > > 0000000000000001 0000000000000075
> > > [ 44.375815] GPR12: c00000000010aff4 c000000007ff6300
> > > 0000000000000000 0000000000000000
> > > [ 44.375815] GPR16: 0000000000000000 c0000017f11d0000
> > > 00000000ffffffff c0000017f11ca7a8
> > > [ 44.375815] GPR20: c0000017f11c42ec ffffffffffffffff
> > > 0000000000000000 000000000000000a
> > > [ 44.375815] GPR24: fffffffffffffffc 0000000000000000
> > > c0000017f11c0000 c000000001a77ed8
> > > [ 44.375815] GPR28: c00000179af70000 fffffffffffffffc
> > > c0080000089ff170 c00000179ae88540
> > > [ 44.376673] NIP [c00000000010b044]
> > > kvmppc_h_set_dabr+0x50/0x68
> > > [ 44.376754] LR [c0080000089dacf4]
> > > kvmppc_pseries_do_hcall+0xa3c/0xeb0 [kvm_hv]
> > > [ 44.376849] Call Trace:
> > > [ 44.376886] [c00000179b3979a0] [c0000017f11c0000]
> > > 0xc0000017f11c0000 (unreliable)
> > > [ 44.376982] [c00000179b397a10] [c0080000089dd6bc]
> > > kvmppc_vcpu_run_hv+0x694/0xec0 [kvm_hv]
> > > [ 44.377084] [c00000179b397ae0] [c0080000093f8bcc]
> > > kvmppc_vcpu_run+0x34/0x48 [kvm]
> > > [ 44.377185] [c00000179b397b00] [c0080000093f522c]
> > > kvm_arch_vcpu_ioctl_run+0x2f4/0x400 [kvm]
> > > [ 44.377286] [c00000179b397b90] [c0080000093e3618]
> > > kvm_vcpu_ioctl+0x460/0x850 [kvm]
> > > [ 44.377384] [c00000179b397d00] [c0000000004ba6c4]
> > > do_vfs_ioctl+0xe4/0xb40
> > > [ 44.377464] [c00000179b397db0] [c0000000004bb1e4]
> > > ksys_ioctl+0xc4/0x110
> > > [ 44.377547] [c00000179b397e00] [c0000000004bb258]
> > > sys_ioctl+0x28/0x80
> > > [ 44.377628] [c00000179b397e20] [c00000000000b888]
> > > system_call+0x5c/0x70
> > > [ 44.377712] Instruction dump:
> > > [ 44.377765] 4082fff4 4c00012c 38600000 4e800020 e96280c0
> > > 896b0000 2c2b0000 3860ffff
> > > [ 44.377862] 4d820020 50852e74 508516f6 78840724 <f88313c0>
> > > f8a313c8 7c942ba6 7cbc2ba6
> > >
> > > This fixes the problem by only changing r3 when we are returning
> > > immediately.
> > >
> > > Signed-off-by: Michael Neuling <mikey@neuling.org>
> > > Reported-by: Cédric Le Goater <clg@kaod.org>
> >
> > On nested, I still see :
> >
> > [ 94.609274] Oops: Exception in kernel mode, sig: 4 [#1]
> > [ 94.609432] LE PAGE_SIZE=64K MMU=Radix MMU=Hash SMP NR_CPUS=2048
> > NUMA pSeries
> > [ 94.609596] Modules linked in: vhost_net vhost tap xt_CHECKSUM
> > iptable_mangle xt_MASQUERADE iptable_nat nf_nat xt_conntrack
> > nf_conntrack nf_defrag_ipv6 libcrc32c nf_defrag_ipv4 ipt_REJECT
> > nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables
> > ip6table_filter ip6_tables iptable_filter bpfilter vmx_crypto
> > kvm_hv crct10dif_vpmsum crc32c_vpmsum kvm sch_fq_codel ip_tables
> > x_tables autofs4 virtio_net virtio_scsi net_failover failover
> > [ 94.610179] CPU: 12 PID: 2026 Comm: qemu-system-ppc Kdump:
> > loaded Not tainted 5.2.0-rc4+ #6
> > [ 94.610290] NIP: c00000000010b050 LR: c008000008bbacf4 CTR:
> > c00000000010aff4
> > [ 94.610400] REGS: c0000017913d7710 TRAP: 0700 Not
> > tainted (5.2.0-rc4+)
> > [ 94.610493] MSR: 800000000284b033
> > <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 42224842 XER: 00000000
> > [ 94.610671] CFAR: c00000000010b030 IRQMASK: 0
> > [ 94.610671] GPR00: c008000008bbd6bc c0000017913d79a0
> > c008000008be4300 c000001791376220
> > [ 94.610671] GPR04: 0000000000000000 0000000000000003
> > 00000000f679892e c0000017911045d0
> > [ 94.610671] GPR08: 078000003e018dfe 0000000000000028
> > 0000000000000001 0000000000000075
> > [ 94.610671] GPR12: c00000000010aff4 c000000007ff1300
> > 0000000000000000 0000000000000000
> > [ 94.610671] GPR16: 0000000000000000 c000001791110000
> > 00000000ffffffff c00000179110a7a8
> > [ 94.610671] GPR20: c0000017911042ec ffffffffffffffff
> > 0000000000000000 000000000000000a
> > [ 94.610671] GPR24: fffffffffffffffc 0000000000000000
> > c000001791100000 c000000001a77ed8
> > [ 94.610671] GPR28: c0000017925d0000 fffffffffffffffc
> > c008000008bdf170 c000001791376220
> > [ 94.611818] NIP [c00000000010b050] kvmppc_h_set_dabr+0x5c/0x6c
> > [ 94.611932] LR [c008000008bbacf4]
> > kvmppc_pseries_do_hcall+0xa3c/0xeb0 [kvm_hv]
> > [ 94.612064] Call Trace:
> > [ 94.612115] [c0000017913d79a0] [c000001791100000]
> > 0xc000001791100000 (unreliable)
> > [ 94.612252] [c0000017913d7a10] [c008000008bbd6bc]
> > kvmppc_vcpu_run_hv+0x694/0xec0 [kvm_hv]
> > [ 94.612394] [c0000017913d7ae0] [c0080000091e8bcc]
> > kvmppc_vcpu_run+0x34/0x48 [kvm]
> > [ 94.612536] [c0000017913d7b00] [c0080000091e522c]
> > kvm_arch_vcpu_ioctl_run+0x2f4/0x400 [kvm]
> > [ 94.612674] [c0000017913d7b90] [c0080000091d3618]
> > kvm_vcpu_ioctl+0x460/0x850 [kvm]
> > [ 94.612821] [c0000017913d7d00] [c0000000004ba6d4]
> > do_vfs_ioctl+0xe4/0xb40
> > [ 94.612935] [c0000017913d7db0] [c0000000004bb1f4]
> > ksys_ioctl+0xc4/0x110
> > [ 94.613051] [c0000017913d7e00] [c0000000004bb268]
> > sys_ioctl+0x28/0x80
> > [ 94.613160] [c0000017913d7e20] [c00000000000b888]
> > system_call+0x5c/0x70
> > [ 94.613267] Instruction dump:
> > [ 94.613335] 4e800020 e96280c0 896b0000 2c2b0000 4082000c
> > 3860ffff 4e800020 50852e74
> > [ 94.613470] 508516f6 78840724 f88313c0 f8a313c8 <7c942ba6>
> > 7cbc2ba6 38600000 4e800020
> >
> >
> > Here is the asm dump:
> >
> >
> > 3:
> > /* Emulate H_SET_DABR/X on P8 for the sake of compat mode
> > guests */
> > rlwimi r5, r4, 5, DAWRX_DR | DAWRX_DW
> > c00000000010b03c: 74 2e 85 50 rlwimi r5,r4,5,25,26
> > rlwimi r5, r4, 2, DAWRX_WT
> > c00000000010b040: f6 16 85 50 rlwimi r5,r4,2,27,27
> > clrrdi r4, r4, 3
> > c00000000010b044: 24 07 84 78 rldicr r4,r4,0,60
> > std r4, VCPU_DAWR(r3)
> > c00000000010b048: c0 13 83 f8 std r4,5056(r3)
> > std r5, VCPU_DAWRX(r3)
> > c00000000010b04c: c8 13 a3 f8 std r5,5064(r3)
> > mtspr SPRN_DAWR, r4
> > c00000000010b050: a6 2b 94 7c mtspr 180,r4
> > mtspr SPRN_DAWRX, r5
> > c00000000010b054: a6 2b bc 7c mtspr 188,r5
> > li r3, 0
> > c00000000010b058: 00 00 60 38 li r3,0
> > blr
> > c00000000010b05c: 20 00 80 4e blr
>
> It's the `mtspr SPRN_DAWR, r4` as you're HV=0. I'm not sure how
> nested works
> in that regard. Is the level above suppose to trap and emulate
> that?
>
Yeah so as a nested hypervisor we need to avoid that call to mtspr
SPRN_DAWR since it's HV privileged and we run with HV = 0.
The fix will be to check kvmhv_on_pseries() before doing the write. In
fact we should avoid the write any time we call the function from _not_
real mode.
I'll submit a fix for the KVM side. Doesn't look like this is anything
to do with Mikey's patch, was always broken as far as I can tell.
> I'm surprised that's changed by this patch.
>
> Mikey
>
>
> >
> > C.
> >
> >
> > > --
> > > mpe: This is for 5.2 fixes
> > > ---
> > > arch/powerpc/kvm/book3s_hv_rmhandlers.S | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > index 139027c62d..f781ee1458 100644
> > > --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
> > > @@ -2519,8 +2519,10 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
> > > LOAD_REG_ADDR(r11, dawr_force_enable)
> > > lbz r11, 0(r11)
> > > cmpdi r11, 0
> > > + bne 3f
> > > li r3, H_HARDWARE
> > > - beqlr
> > > + blr
> > > +3:
> > > /* Emulate H_SET_DABR/X on P8 for the sake of compat
> > > mode guests */
> > > rlwimi r5, r4, 5, DAWRX_DR | DAWRX_DW
> > > rlwimi r5, r4, 2, DAWRX_WT
> > >
>
>
next prev parent reply other threads:[~2019-06-13 0:39 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-12 7:22 [PATCH] KVM: PPC: Book3S HV: Fix r3 corruption in h_set_dabr() Michael Neuling
2019-06-12 7:22 ` Michael Neuling
2019-06-12 7:42 ` Christophe Leroy
2019-06-12 7:42 ` Christophe Leroy
2019-06-12 9:23 ` Paul Mackerras
2019-06-12 9:23 ` Paul Mackerras
2019-06-12 9:28 ` Christophe Leroy
2019-06-12 9:28 ` Christophe Leroy
2019-06-12 7:43 ` Cédric Le Goater
2019-06-12 7:43 ` Cédric Le Goater
2019-06-13 0:16 ` Michael Neuling
2019-06-13 0:16 ` Michael Neuling
2019-06-13 0:39 ` Suraj Jitindar Singh [this message]
2019-06-13 0:39 ` Suraj Jitindar Singh
2019-06-13 1:50 ` Michael Neuling
2019-06-13 1:50 ` Michael Neuling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1560386385.1924.2.camel@gmail.com \
--to=sjitindarsingh@gmail.com \
--cc=clg@kaod.org \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mikey@neuling.org \
--cc=mpe@ellerman.id.au \
--cc=surajjs@au1.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.