From: David Gibson <david@gibson.dropbear.id.au>
To: Greg Kurz <groug@kaod.org>
Cc: kvm-ppc@vger.kernel.org, Paul Mackerras <paulus@samba.org>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
linuxppc-dev@lists.ozlabs.org, qemu-ppc@nongnu.org
Subject: Re: [PATCH] KVM: PPC: Book3S PR: only call slbmte for valid SLB entries
Date: Tue, 26 Sep 2017 03:56:38 +0000 [thread overview]
Message-ID: <20170926035638.GI12504@umbus> (raw)
In-Reply-To: <150607286967.26027.12529646475118424696.stgit@bahia.lan>
[-- Attachment #1: Type: text/plain, Size: 2219 bytes --]
On Fri, Sep 22, 2017 at 11:34:29AM +0200, Greg Kurz wrote:
> Userland passes an array of 64 SLB descriptors to KVM_SET_SREGS,
> some of which are valid (ie, SLB_ESID_V is set) and the rest are
> likely all-zeroes (with QEMU at least).
>
> Each of them is then passed to kvmppc_mmu_book3s_64_slbmte(), which
> assumes to find the SLB index in the 3 lower bits of its rb argument.
> When passed zeroed arguments, it happily overwrites the 0th SLB entry
> with zeroes. This is exactly what happens while doing live migration
> with QEMU when the destination pushes the incoming SLB descriptors to
> KVM PR. When reloading the SLBs at the next synchronization, QEMU first
> clears its SLB array and only restore valid ones, but the 0th one is
> now gone and we cannot access the corresponding memory anymore:
>
> (qemu) x/x $pc
> c0000000000b742c: Cannot access memory
>
> To avoid this, let's filter out non-valid SLB entries, like we
> already do for Book3S HV.
>
> Signed-off-by: Greg Kurz <groug@kaod.org>
This seems like a good idea, but to make it fully correct, don't we
also need to fully flush the SLB before inserting the new entries.
> ---
> arch/powerpc/kvm/book3s_pr.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
> index 3beb4ff469d1..cb6894e55f97 100644
> --- a/arch/powerpc/kvm/book3s_pr.c
> +++ b/arch/powerpc/kvm/book3s_pr.c
> @@ -1328,8 +1328,10 @@ static int kvm_arch_vcpu_ioctl_set_sregs_pr(struct kvm_vcpu *vcpu,
> vcpu3s->sdr1 = sregs->u.s.sdr1;
> if (vcpu->arch.hflags & BOOK3S_HFLAG_SLB) {
> for (i = 0; i < 64; i++) {
> - vcpu->arch.mmu.slbmte(vcpu, sregs->u.s.ppc64.slb[i].slbv,
> - sregs->u.s.ppc64.slb[i].slbe);
> + u64 rb = sregs->u.s.ppc64.slb[i].slbe;
> + u64 rs = sregs->u.s.ppc64.slb[i].slbv;
> + if (rb & SLB_ESID_V)
> + vcpu->arch.mmu.slbmte(vcpu, rs, rb);
> }
> } else {
> for (i = 0; i < 16; i++) {
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: David Gibson <david@gibson.dropbear.id.au>
To: Greg Kurz <groug@kaod.org>
Cc: kvm-ppc@vger.kernel.org, Paul Mackerras <paulus@samba.org>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
linuxppc-dev@lists.ozlabs.org, qemu-ppc@nongnu.org
Subject: Re: [PATCH] KVM: PPC: Book3S PR: only call slbmte for valid SLB entries
Date: Tue, 26 Sep 2017 13:56:38 +1000 [thread overview]
Message-ID: <20170926035638.GI12504@umbus> (raw)
In-Reply-To: <150607286967.26027.12529646475118424696.stgit@bahia.lan>
[-- Attachment #1: Type: text/plain, Size: 2219 bytes --]
On Fri, Sep 22, 2017 at 11:34:29AM +0200, Greg Kurz wrote:
> Userland passes an array of 64 SLB descriptors to KVM_SET_SREGS,
> some of which are valid (ie, SLB_ESID_V is set) and the rest are
> likely all-zeroes (with QEMU at least).
>
> Each of them is then passed to kvmppc_mmu_book3s_64_slbmte(), which
> assumes to find the SLB index in the 3 lower bits of its rb argument.
> When passed zeroed arguments, it happily overwrites the 0th SLB entry
> with zeroes. This is exactly what happens while doing live migration
> with QEMU when the destination pushes the incoming SLB descriptors to
> KVM PR. When reloading the SLBs at the next synchronization, QEMU first
> clears its SLB array and only restore valid ones, but the 0th one is
> now gone and we cannot access the corresponding memory anymore:
>
> (qemu) x/x $pc
> c0000000000b742c: Cannot access memory
>
> To avoid this, let's filter out non-valid SLB entries, like we
> already do for Book3S HV.
>
> Signed-off-by: Greg Kurz <groug@kaod.org>
This seems like a good idea, but to make it fully correct, don't we
also need to fully flush the SLB before inserting the new entries.
> ---
> arch/powerpc/kvm/book3s_pr.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
> index 3beb4ff469d1..cb6894e55f97 100644
> --- a/arch/powerpc/kvm/book3s_pr.c
> +++ b/arch/powerpc/kvm/book3s_pr.c
> @@ -1328,8 +1328,10 @@ static int kvm_arch_vcpu_ioctl_set_sregs_pr(struct kvm_vcpu *vcpu,
> vcpu3s->sdr1 = sregs->u.s.sdr1;
> if (vcpu->arch.hflags & BOOK3S_HFLAG_SLB) {
> for (i = 0; i < 64; i++) {
> - vcpu->arch.mmu.slbmte(vcpu, sregs->u.s.ppc64.slb[i].slbv,
> - sregs->u.s.ppc64.slb[i].slbe);
> + u64 rb = sregs->u.s.ppc64.slb[i].slbe;
> + u64 rs = sregs->u.s.ppc64.slb[i].slbv;
> + if (rb & SLB_ESID_V)
> + vcpu->arch.mmu.slbmte(vcpu, rs, rb);
> }
> } else {
> for (i = 0; i < 16; i++) {
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2017-09-26 3:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-22 9:34 [PATCH] KVM: PPC: Book3S PR: only call slbmte for valid SLB entries Greg Kurz
2017-09-22 9:34 ` Greg Kurz
2017-09-26 3:56 ` David Gibson [this message]
2017-09-26 3:56 ` David Gibson
2017-09-26 5:24 ` Michael Ellerman
2017-09-26 5:24 ` Michael Ellerman
2017-09-26 11:34 ` Paul Mackerras
2017-09-26 11:34 ` Paul Mackerras
2017-09-27 3:25 ` Michael Ellerman
2017-09-27 3:25 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170926035638.GI12504@umbus \
--to=david@gibson.dropbear.id.au \
--cc=aik@ozlabs.ru \
--cc=groug@kaod.org \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.