* [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation
@ 2024-05-02 18:00 ` Marc Zyngier
0 siblings, 0 replies; 6+ messages in thread
From: Marc Zyngier @ 2024-05-02 18:00 UTC (permalink / raw)
To: kvmarm, kvm, linux-arm-kernel
Cc: James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu
When taking a trap for an SMC instruction on the host, we must
stau true to the letter of the architecture and perform all the
actions that the CPU would otherwise do. Among those are clearing
the BTYPE and SS bits.
Just do that.
Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2")
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
index 4fdfeabefeb4..b1afb7b59a31 100644
--- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
+++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
@@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu)
*/
static inline void kvm_skip_host_instr(void)
{
+ u64 spsr = read_sysreg_el2(SYS_SPSR);
+
write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR);
+
+ spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS);
+
+ write_sysreg_el2(spsr, SYS_SPSR);
}
#endif
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation @ 2024-05-02 18:00 ` Marc Zyngier 0 siblings, 0 replies; 6+ messages in thread From: Marc Zyngier @ 2024-05-02 18:00 UTC (permalink / raw) To: kvmarm, kvm, linux-arm-kernel Cc: James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu When taking a trap for an SMC instruction on the host, we must stau true to the letter of the architecture and perform all the actions that the CPU would otherwise do. Among those are clearing the BTYPE and SS bits. Just do that. Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2") Signed-off-by: Marc Zyngier <maz@kernel.org> --- arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h index 4fdfeabefeb4..b1afb7b59a31 100644 --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu) */ static inline void kvm_skip_host_instr(void) { + u64 spsr = read_sysreg_el2(SYS_SPSR); + write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR); + + spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS); + + write_sysreg_el2(spsr, SYS_SPSR); } #endif -- 2.39.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation 2024-05-02 18:00 ` Marc Zyngier @ 2024-05-07 14:57 ` Will Deacon -1 siblings, 0 replies; 6+ messages in thread From: Will Deacon @ 2024-05-07 14:57 UTC (permalink / raw) To: Marc Zyngier Cc: kvmarm, kvm, linux-arm-kernel, James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu On Thu, May 02, 2024 at 07:00:20PM +0100, Marc Zyngier wrote: > When taking a trap for an SMC instruction on the host, we must > stau true to the letter of the architecture and perform all the typo: stay > actions that the CPU would otherwise do. Among those are clearing > the BTYPE and SS bits. > > Just do that. > > Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2") > Signed-off-by: Marc Zyngier <maz@kernel.org> > --- > arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > index 4fdfeabefeb4..b1afb7b59a31 100644 > --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu) > */ > static inline void kvm_skip_host_instr(void) > { > + u64 spsr = read_sysreg_el2(SYS_SPSR); > + > write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR); > + > + spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS); > + > + write_sysreg_el2(spsr, SYS_SPSR); The handling of SS looks correct to me, but I think the BTYPE manipulation could do with a little more commentary as it looks quite subtle when the SMC is in a guarded page. Am I right in thinking: * If the SMC is in a guarded page, the Branch Target exception is higher priority (12) than the trap to EL2 and so the host will handle it. * Therefore if a trapping SMC is in a guarded page, BTYPE must be zero and we don't have to worry about injecting a Branch Target exception. * Otherwise, if the SMC is in a non-guarded page, we should clear it to 0 per the architecture (R_YWFHD). ? Having said that, I can't actually find the priority of an SMC trapped to EL2 by HCR_EL2.TSC in the Arm ARM. Trapped HVCs are priority 15 and SMCs trapped to EL3 are priority 23. Will ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation @ 2024-05-07 14:57 ` Will Deacon 0 siblings, 0 replies; 6+ messages in thread From: Will Deacon @ 2024-05-07 14:57 UTC (permalink / raw) To: Marc Zyngier Cc: kvmarm, kvm, linux-arm-kernel, James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu On Thu, May 02, 2024 at 07:00:20PM +0100, Marc Zyngier wrote: > When taking a trap for an SMC instruction on the host, we must > stau true to the letter of the architecture and perform all the typo: stay > actions that the CPU would otherwise do. Among those are clearing > the BTYPE and SS bits. > > Just do that. > > Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2") > Signed-off-by: Marc Zyngier <maz@kernel.org> > --- > arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > index 4fdfeabefeb4..b1afb7b59a31 100644 > --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu) > */ > static inline void kvm_skip_host_instr(void) > { > + u64 spsr = read_sysreg_el2(SYS_SPSR); > + > write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR); > + > + spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS); > + > + write_sysreg_el2(spsr, SYS_SPSR); The handling of SS looks correct to me, but I think the BTYPE manipulation could do with a little more commentary as it looks quite subtle when the SMC is in a guarded page. Am I right in thinking: * If the SMC is in a guarded page, the Branch Target exception is higher priority (12) than the trap to EL2 and so the host will handle it. * Therefore if a trapping SMC is in a guarded page, BTYPE must be zero and we don't have to worry about injecting a Branch Target exception. * Otherwise, if the SMC is in a non-guarded page, we should clear it to 0 per the architecture (R_YWFHD). ? Having said that, I can't actually find the priority of an SMC trapped to EL2 by HCR_EL2.TSC in the Arm ARM. Trapped HVCs are priority 15 and SMCs trapped to EL3 are priority 23. Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation 2024-05-07 14:57 ` Will Deacon @ 2024-05-08 6:04 ` Marc Zyngier -1 siblings, 0 replies; 6+ messages in thread From: Marc Zyngier @ 2024-05-08 6:04 UTC (permalink / raw) To: Will Deacon Cc: kvmarm, kvm, linux-arm-kernel, James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu On Tue, 07 May 2024 15:57:34 +0100, Will Deacon <will@kernel.org> wrote: > > On Thu, May 02, 2024 at 07:00:20PM +0100, Marc Zyngier wrote: > > When taking a trap for an SMC instruction on the host, we must > > stau true to the letter of the architecture and perform all the > > typo: stay > > > actions that the CPU would otherwise do. Among those are clearing > > the BTYPE and SS bits. > > > > Just do that. > > > > Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2") > > Signed-off-by: Marc Zyngier <maz@kernel.org> > > --- > > arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > > index 4fdfeabefeb4..b1afb7b59a31 100644 > > --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > > +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > > @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu) > > */ > > static inline void kvm_skip_host_instr(void) > > { > > + u64 spsr = read_sysreg_el2(SYS_SPSR); > > + > > write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR); > > + > > + spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS); > > + > > + write_sysreg_el2(spsr, SYS_SPSR); > > The handling of SS looks correct to me, but I think the BTYPE > manipulation could do with a little more commentary as it looks quite > subtle when the SMC is in a guarded page. Am I right in thinking: > > * If the SMC is in a guarded page, the Branch Target exception is > higher priority (12) than the trap to EL2 and so the host will > handle it. > > * Therefore if a trapping SMC is in a guarded page, BTYPE must be > zero and we don't have to worry about injecting a Branch Target > exception. > > * Otherwise, if the SMC is in a non-guarded page, we should clear it > to 0 per the architecture (R_YWFHD). > > ? This is all correct. If we get to emulate the SMC by trapping to EL2, it is that the instruction already satisfied the more basic execution requirements such as having an acceptable BTYPE at that PC. If that's OK with you, I'll nick that write-up and stick it into the next revision of the patch. > Having said that, I can't actually find the priority of an SMC trapped > to EL2 by HCR_EL2.TSC in the Arm ARM. Trapped HVCs are priority 15 and > SMCs trapped to EL3 are priority 23. My understanding is that this falls into the catch-all priority 22 of R_ZFGJP ("Other than an exception defined by priorities 4-21 inclusive, any exception that is the result of a configurable access to instructions, where the exception is taken to EL2."). Thanks, M. -- Without deviation from the norm, progress is not possible. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation @ 2024-05-08 6:04 ` Marc Zyngier 0 siblings, 0 replies; 6+ messages in thread From: Marc Zyngier @ 2024-05-08 6:04 UTC (permalink / raw) To: Will Deacon Cc: kvmarm, kvm, linux-arm-kernel, James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu On Tue, 07 May 2024 15:57:34 +0100, Will Deacon <will@kernel.org> wrote: > > On Thu, May 02, 2024 at 07:00:20PM +0100, Marc Zyngier wrote: > > When taking a trap for an SMC instruction on the host, we must > > stau true to the letter of the architecture and perform all the > > typo: stay > > > actions that the CPU would otherwise do. Among those are clearing > > the BTYPE and SS bits. > > > > Just do that. > > > > Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2") > > Signed-off-by: Marc Zyngier <maz@kernel.org> > > --- > > arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > > index 4fdfeabefeb4..b1afb7b59a31 100644 > > --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > > +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h > > @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu) > > */ > > static inline void kvm_skip_host_instr(void) > > { > > + u64 spsr = read_sysreg_el2(SYS_SPSR); > > + > > write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR); > > + > > + spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS); > > + > > + write_sysreg_el2(spsr, SYS_SPSR); > > The handling of SS looks correct to me, but I think the BTYPE > manipulation could do with a little more commentary as it looks quite > subtle when the SMC is in a guarded page. Am I right in thinking: > > * If the SMC is in a guarded page, the Branch Target exception is > higher priority (12) than the trap to EL2 and so the host will > handle it. > > * Therefore if a trapping SMC is in a guarded page, BTYPE must be > zero and we don't have to worry about injecting a Branch Target > exception. > > * Otherwise, if the SMC is in a non-guarded page, we should clear it > to 0 per the architecture (R_YWFHD). > > ? This is all correct. If we get to emulate the SMC by trapping to EL2, it is that the instruction already satisfied the more basic execution requirements such as having an acceptable BTYPE at that PC. If that's OK with you, I'll nick that write-up and stick it into the next revision of the patch. > Having said that, I can't actually find the priority of an SMC trapped > to EL2 by HCR_EL2.TSC in the Arm ARM. Trapped HVCs are priority 15 and > SMCs trapped to EL3 are priority 23. My understanding is that this falls into the catch-all priority 22 of R_ZFGJP ("Other than an exception defined by priorities 4-21 inclusive, any exception that is the result of a configurable access to instructions, where the exception is taken to EL2."). Thanks, M. -- Without deviation from the norm, progress is not possible. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-05-08 6:05 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-05-02 18:00 [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation Marc Zyngier 2024-05-02 18:00 ` Marc Zyngier 2024-05-07 14:57 ` Will Deacon 2024-05-07 14:57 ` Will Deacon 2024-05-08 6:04 ` Marc Zyngier 2024-05-08 6:04 ` Marc Zyngier
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.