From: Marc Zyngier <maz@kernel.org>
To: Andrew Scull <ascull@google.com>
Cc: kernel-team@android.com, catalin.marinas@arm.com,
linux-arm-kernel@lists.infradead.org,
Sudeep Holla <sudeep.holla@arm.com>,
will@kernel.org, kvmarm@lists.cs.columbia.edu
Subject: Re: [PATCH v4 12/19] KVM: arm64: nVHE: Switch to hyp context for EL2
Date: Wed, 16 Sep 2020 14:14:58 +0100 [thread overview]
Message-ID: <87imcdrhgt.wl-maz@kernel.org> (raw)
In-Reply-To: <20200915104643.2543892-13-ascull@google.com>
Hi Andrew,
A few very minor comments below, which we can sort in a subsequent
patch:
On Tue, 15 Sep 2020 11:46:36 +0100,
Andrew Scull <ascull@google.com> wrote:
>
> Save and restore the host context when switching to and from hyp. This
> gives hyp its own context that the host will not see as a step towards a
> full trust boundary between the two.
>
> SP_EL0 and pointer authentication keys are currently shared between the
> host and hyp so don't need to be switched yet.
>
> Signed-off-by: Andrew Scull <ascull@google.com>
> ---
> arch/arm64/kvm/hyp/include/hyp/switch.h | 2 +
> arch/arm64/kvm/hyp/nvhe/Makefile | 2 +-
> arch/arm64/kvm/hyp/nvhe/host.S | 68 ++++++++++++++++++-------
> arch/arm64/kvm/hyp/nvhe/hyp-main.c | 36 +++++++++++++
> 4 files changed, 89 insertions(+), 19 deletions(-)
> create mode 100644 arch/arm64/kvm/hyp/nvhe/hyp-main.c
>
> diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h
> index 821721b78ad9..4536b50ddc06 100644
> --- a/arch/arm64/kvm/hyp/include/hyp/switch.h
> +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
> @@ -372,6 +372,8 @@ static inline bool esr_is_ptrauth_trap(u32 esr)
> ctxt_sys_reg(ctxt, key ## KEYHI_EL1) = __val; \
> } while(0)
>
> +DECLARE_PER_CPU(struct kvm_cpu_context, kvm_hyp_ctxt);
> +
Why do we need this declaration? Isn't the one from patch 8 enough? Or
is it just a spurious addition (things seem to compile fine without it).
> static inline bool __hyp_handle_ptrauth(struct kvm_vcpu *vcpu)
> {
> struct kvm_cpu_context *ctxt;
> diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
> index ddf98eb07b9d..46c89e8c30bc 100644
> --- a/arch/arm64/kvm/hyp/nvhe/Makefile
> +++ b/arch/arm64/kvm/hyp/nvhe/Makefile
> @@ -6,7 +6,7 @@
> asflags-y := -D__KVM_NVHE_HYPERVISOR__
> ccflags-y := -D__KVM_NVHE_HYPERVISOR__
>
> -obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o
> +obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o hyp-main.o
> obj-y += ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../entry.o \
> ../fpsimd.o ../hyp-entry.o
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S
> index 9ab7814e6114..d26e41773dc4 100644
> --- a/arch/arm64/kvm/hyp/nvhe/host.S
> +++ b/arch/arm64/kvm/hyp/nvhe/host.S
> @@ -12,6 +12,55 @@
>
> .text
>
> +SYM_FUNC_START(__host_exit)
> + stp x0, x1, [sp, #-16]!
> +
> + get_host_ctxt x0, x1
> +
> + ALTERNATIVE(nop, SET_PSTATE_PAN(1), ARM64_HAS_PAN, CONFIG_ARM64_PAN)
> +
It isn't obvious to me why we mess with PAN here. nVHE doesn't have an
EL0, and the spec says that PAN only exists at EL2 when HCR_EL2.E2H==1.
> + /* Store the host regs x2 and x3 */
> + stp x2, x3, [x0, #CPU_XREG_OFFSET(2)]
> +
> + /* Retrieve the host regs x0-x1 from the stack */
> + ldp x2, x3, [sp], #16 // x0, x1
> +
> + /* Store the host regs x0-x1 and x4-x17 */
> + stp x2, x3, [x0, #CPU_XREG_OFFSET(0)]
> + stp x4, x5, [x0, #CPU_XREG_OFFSET(4)]
> + stp x6, x7, [x0, #CPU_XREG_OFFSET(6)]
> + stp x8, x9, [x0, #CPU_XREG_OFFSET(8)]
> + stp x10, x11, [x0, #CPU_XREG_OFFSET(10)]
> + stp x12, x13, [x0, #CPU_XREG_OFFSET(12)]
> + stp x14, x15, [x0, #CPU_XREG_OFFSET(14)]
> + stp x16, x17, [x0, #CPU_XREG_OFFSET(16)]
> +
> + /* Store the host regs x18-x29, lr */
> + save_callee_saved_regs x0
> +
> + /* Save the host context pointer in x29 across the function call */
> + mov x29, x0
> + bl handle_trap
> +
> + /* Restore host regs x0-x17 */
> + ldp x0, x1, [x29, #CPU_XREG_OFFSET(0)]
> + ldp x2, x3, [x29, #CPU_XREG_OFFSET(2)]
> + ldp x4, x5, [x29, #CPU_XREG_OFFSET(4)]
> + ldp x6, x7, [x29, #CPU_XREG_OFFSET(6)]
> + ldp x8, x9, [x29, #CPU_XREG_OFFSET(8)]
> + ldp x10, x11, [x29, #CPU_XREG_OFFSET(10)]
> + ldp x12, x13, [x29, #CPU_XREG_OFFSET(12)]
> + ldp x14, x15, [x29, #CPU_XREG_OFFSET(14)]
> + ldp x16, x17, [x29, #CPU_XREG_OFFSET(16)]
> +
> + /* Restore host regs x18-x29, lr */
> + restore_callee_saved_regs x29
> +
> + /* Do not touch any register after this! */
> + eret
> + sb
> +SYM_FUNC_END(__host_exit)
> +
> SYM_FUNC_START(__hyp_do_panic)
> mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\
> PSR_MODE_EL1h)
> @@ -34,7 +83,7 @@ SYM_FUNC_END(__hyp_do_panic)
>
> /* Check for a stub HVC call */
> cmp x0, #HVC_STUB_HCALL_NR
> - b.hs 1f
> + b.hs __host_exit
>
> /*
> * Compute the idmap address of __kvm_handle_stub_hvc and
> @@ -50,23 +99,6 @@ SYM_FUNC_END(__hyp_do_panic)
> /* x5 = __pa(x5) */
> sub x5, x5, x6
> br x5
> -
> -1:
> - /*
> - * Shuffle the parameters before calling the function
> - * pointed to in x0. Assumes parameters in x[1,2,3].
> - */
> - kern_hyp_va x0
> - str lr, [sp, #-16]!
> - mov lr, x0
> - mov x0, x1
> - mov x1, x2
> - mov x2, x3
> - blr lr
> - ldr lr, [sp], #16
> -
> - eret
> - sb
> .L__vect_end\@:
> .if ((.L__vect_end\@ - .L__vect_start\@) > 0x80)
> .error "host_el1_sync_vect larger than vector entry"
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> new file mode 100644
> index 000000000000..570c3896f42e
> --- /dev/null
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> @@ -0,0 +1,36 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2020 - Google Inc
> + * Author: Andrew Scull <ascull@google.com>
> + */
> +
> +#include <hyp/switch.h>
> +
> +#include <asm/kvm_asm.h>
> +#include <asm/kvm_emulate.h>
> +#include <asm/kvm_host.h>
> +#include <asm/kvm_hyp.h>
> +#include <asm/kvm_mmu.h>
> +
> +typedef unsigned long (*hypcall_fn_t)
> + (unsigned long, unsigned long, unsigned long);
> +
> +void handle_trap(struct kvm_cpu_context *host_ctxt)
This probably needs to have the asmlinkage attribute, although I'm not
sure we use it for anything on arm64 just yet.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: Andrew Scull <ascull@google.com>
Cc: kernel-team@android.com, suzuki.poulose@arm.com,
catalin.marinas@arm.com, james.morse@arm.com,
linux-arm-kernel@lists.infradead.org,
Sudeep Holla <sudeep.holla@arm.com>,
will@kernel.org, kvmarm@lists.cs.columbia.edu,
julien.thierry.kdev@gmail.com
Subject: Re: [PATCH v4 12/19] KVM: arm64: nVHE: Switch to hyp context for EL2
Date: Wed, 16 Sep 2020 14:14:58 +0100 [thread overview]
Message-ID: <87imcdrhgt.wl-maz@kernel.org> (raw)
In-Reply-To: <20200915104643.2543892-13-ascull@google.com>
Hi Andrew,
A few very minor comments below, which we can sort in a subsequent
patch:
On Tue, 15 Sep 2020 11:46:36 +0100,
Andrew Scull <ascull@google.com> wrote:
>
> Save and restore the host context when switching to and from hyp. This
> gives hyp its own context that the host will not see as a step towards a
> full trust boundary between the two.
>
> SP_EL0 and pointer authentication keys are currently shared between the
> host and hyp so don't need to be switched yet.
>
> Signed-off-by: Andrew Scull <ascull@google.com>
> ---
> arch/arm64/kvm/hyp/include/hyp/switch.h | 2 +
> arch/arm64/kvm/hyp/nvhe/Makefile | 2 +-
> arch/arm64/kvm/hyp/nvhe/host.S | 68 ++++++++++++++++++-------
> arch/arm64/kvm/hyp/nvhe/hyp-main.c | 36 +++++++++++++
> 4 files changed, 89 insertions(+), 19 deletions(-)
> create mode 100644 arch/arm64/kvm/hyp/nvhe/hyp-main.c
>
> diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h
> index 821721b78ad9..4536b50ddc06 100644
> --- a/arch/arm64/kvm/hyp/include/hyp/switch.h
> +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
> @@ -372,6 +372,8 @@ static inline bool esr_is_ptrauth_trap(u32 esr)
> ctxt_sys_reg(ctxt, key ## KEYHI_EL1) = __val; \
> } while(0)
>
> +DECLARE_PER_CPU(struct kvm_cpu_context, kvm_hyp_ctxt);
> +
Why do we need this declaration? Isn't the one from patch 8 enough? Or
is it just a spurious addition (things seem to compile fine without it).
> static inline bool __hyp_handle_ptrauth(struct kvm_vcpu *vcpu)
> {
> struct kvm_cpu_context *ctxt;
> diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
> index ddf98eb07b9d..46c89e8c30bc 100644
> --- a/arch/arm64/kvm/hyp/nvhe/Makefile
> +++ b/arch/arm64/kvm/hyp/nvhe/Makefile
> @@ -6,7 +6,7 @@
> asflags-y := -D__KVM_NVHE_HYPERVISOR__
> ccflags-y := -D__KVM_NVHE_HYPERVISOR__
>
> -obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o
> +obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o hyp-main.o
> obj-y += ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../entry.o \
> ../fpsimd.o ../hyp-entry.o
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S
> index 9ab7814e6114..d26e41773dc4 100644
> --- a/arch/arm64/kvm/hyp/nvhe/host.S
> +++ b/arch/arm64/kvm/hyp/nvhe/host.S
> @@ -12,6 +12,55 @@
>
> .text
>
> +SYM_FUNC_START(__host_exit)
> + stp x0, x1, [sp, #-16]!
> +
> + get_host_ctxt x0, x1
> +
> + ALTERNATIVE(nop, SET_PSTATE_PAN(1), ARM64_HAS_PAN, CONFIG_ARM64_PAN)
> +
It isn't obvious to me why we mess with PAN here. nVHE doesn't have an
EL0, and the spec says that PAN only exists at EL2 when HCR_EL2.E2H==1.
> + /* Store the host regs x2 and x3 */
> + stp x2, x3, [x0, #CPU_XREG_OFFSET(2)]
> +
> + /* Retrieve the host regs x0-x1 from the stack */
> + ldp x2, x3, [sp], #16 // x0, x1
> +
> + /* Store the host regs x0-x1 and x4-x17 */
> + stp x2, x3, [x0, #CPU_XREG_OFFSET(0)]
> + stp x4, x5, [x0, #CPU_XREG_OFFSET(4)]
> + stp x6, x7, [x0, #CPU_XREG_OFFSET(6)]
> + stp x8, x9, [x0, #CPU_XREG_OFFSET(8)]
> + stp x10, x11, [x0, #CPU_XREG_OFFSET(10)]
> + stp x12, x13, [x0, #CPU_XREG_OFFSET(12)]
> + stp x14, x15, [x0, #CPU_XREG_OFFSET(14)]
> + stp x16, x17, [x0, #CPU_XREG_OFFSET(16)]
> +
> + /* Store the host regs x18-x29, lr */
> + save_callee_saved_regs x0
> +
> + /* Save the host context pointer in x29 across the function call */
> + mov x29, x0
> + bl handle_trap
> +
> + /* Restore host regs x0-x17 */
> + ldp x0, x1, [x29, #CPU_XREG_OFFSET(0)]
> + ldp x2, x3, [x29, #CPU_XREG_OFFSET(2)]
> + ldp x4, x5, [x29, #CPU_XREG_OFFSET(4)]
> + ldp x6, x7, [x29, #CPU_XREG_OFFSET(6)]
> + ldp x8, x9, [x29, #CPU_XREG_OFFSET(8)]
> + ldp x10, x11, [x29, #CPU_XREG_OFFSET(10)]
> + ldp x12, x13, [x29, #CPU_XREG_OFFSET(12)]
> + ldp x14, x15, [x29, #CPU_XREG_OFFSET(14)]
> + ldp x16, x17, [x29, #CPU_XREG_OFFSET(16)]
> +
> + /* Restore host regs x18-x29, lr */
> + restore_callee_saved_regs x29
> +
> + /* Do not touch any register after this! */
> + eret
> + sb
> +SYM_FUNC_END(__host_exit)
> +
> SYM_FUNC_START(__hyp_do_panic)
> mov lr, #(PSR_F_BIT | PSR_I_BIT | PSR_A_BIT | PSR_D_BIT |\
> PSR_MODE_EL1h)
> @@ -34,7 +83,7 @@ SYM_FUNC_END(__hyp_do_panic)
>
> /* Check for a stub HVC call */
> cmp x0, #HVC_STUB_HCALL_NR
> - b.hs 1f
> + b.hs __host_exit
>
> /*
> * Compute the idmap address of __kvm_handle_stub_hvc and
> @@ -50,23 +99,6 @@ SYM_FUNC_END(__hyp_do_panic)
> /* x5 = __pa(x5) */
> sub x5, x5, x6
> br x5
> -
> -1:
> - /*
> - * Shuffle the parameters before calling the function
> - * pointed to in x0. Assumes parameters in x[1,2,3].
> - */
> - kern_hyp_va x0
> - str lr, [sp, #-16]!
> - mov lr, x0
> - mov x0, x1
> - mov x1, x2
> - mov x2, x3
> - blr lr
> - ldr lr, [sp], #16
> -
> - eret
> - sb
> .L__vect_end\@:
> .if ((.L__vect_end\@ - .L__vect_start\@) > 0x80)
> .error "host_el1_sync_vect larger than vector entry"
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> new file mode 100644
> index 000000000000..570c3896f42e
> --- /dev/null
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
> @@ -0,0 +1,36 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2020 - Google Inc
> + * Author: Andrew Scull <ascull@google.com>
> + */
> +
> +#include <hyp/switch.h>
> +
> +#include <asm/kvm_asm.h>
> +#include <asm/kvm_emulate.h>
> +#include <asm/kvm_host.h>
> +#include <asm/kvm_hyp.h>
> +#include <asm/kvm_mmu.h>
> +
> +typedef unsigned long (*hypcall_fn_t)
> + (unsigned long, unsigned long, unsigned long);
> +
> +void handle_trap(struct kvm_cpu_context *host_ctxt)
This probably needs to have the asmlinkage attribute, although I'm not
sure we use it for anything on arm64 just yet.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-09-16 13:15 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 10:46 [PATCH v4 00/19] Introduce separate nVHE hyp context Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 01/19] KVM: arm64: Remove __activate_vm wrapper Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 02/19] KVM: arm64: Remove hyp_panic arguments Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 03/19] KVM: arm64: Remove kvm_host_data_t typedef Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 04/19] KVM: arm64: Choose hyp symbol based on context Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 05/19] KVM: arm64: Save chosen hyp vector to a percpu variable Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 06/19] KVM: arm64: nVHE: Use separate vector for the host Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 07/19] KVM: arm64: nVHE: Don't consume host SErrors with ESB Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 08/19] KVM: arm64: Introduce hyp context Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 09/19] KVM: arm64: Update context references from host to hyp Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 10/19] KVM: arm64: Restore hyp when panicking in guest context Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-16 11:20 ` Marc Zyngier
2020-09-16 11:20 ` Marc Zyngier
2020-09-15 10:46 ` [PATCH v4 11/19] KVM: arm64: Share context save and restore macros Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 12/19] KVM: arm64: nVHE: Switch to hyp context for EL2 Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-16 13:14 ` Marc Zyngier [this message]
2020-09-16 13:14 ` Marc Zyngier
2020-09-15 10:46 ` [PATCH v4 13/19] KVM: arm64: nVHE: Handle hyp panics Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 14/19] KVM: arm64: nVHE: Pass pointers consistently to hyp-init Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 15/19] smccc: Define vendor hyp owned service call region Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 16/19] smccc: Use separate variables for args and results Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 17/19] KVM: arm64: nVHE: Migrate hyp interface to SMCCC Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 18/19] KVM: arm64: nVHE: Migrate hyp-init " Andrew Scull
2020-09-15 10:46 ` Andrew Scull
2020-09-15 10:46 ` [PATCH v4 19/19] KVM: arm64: nVHE: Fix pointers during SMCCC convertion Andrew Scull
2020-09-15 10:46 ` Andrew Scull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imcdrhgt.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=ascull@google.com \
--cc=catalin.marinas@arm.com \
--cc=kernel-team@android.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=sudeep.holla@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.