From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvm@vger.kernel.org, Will Deacon <will@kernel.org>,
kvmarm@lists.linux.dev, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1
Date: Tue, 11 Oct 2022 11:48:39 -0700 [thread overview]
Message-ID: <Y0W6hxc68wi4FO/o@google.com> (raw)
In-Reply-To: <20221011165400.1241729-1-maz@kernel.org>
On Tue, Oct 11, 2022 at 05:54:00PM +0100, Marc Zyngier wrote:
> The kernel has an awfully complicated boot sequence in order to cope
> with the various EL2 configurations, including those that "enhanced"
> the architecture. We go from EL2 to EL1, then back to EL2, staying
> at EL2 if VHE capable and otherwise go back to EL1.
>
> Here's a paracetamol tablet for you.
Heh, still have a bit of a headache from this :)
I'm having a hard time following where we skip the EL2 promotion based
on __boot_cpu_mode.
On the cpu_resume() path it looks like we take the return of
init_kernel_el() and pass that along to finalise_el2(). As we are in EL1
at this point, it seems like we'd go init_kernel_el() -> init_el1().
What am I missing?
--
Thanks,
Oliver
> The cpu_resume path follows the same logic, because coming up with
> two versions of a square wheel is hard.
>
> However, things aren't this straightforward with pKVM, as the host
> resume path is always proxied by the hypervisor, which means that
> the kernel is always entered at EL1. Which contradicts what the
> __boot_cpu_mode[] array contains (it obviously says EL2).
>
> This thus triggers a HVC call from EL1 to EL2 in a vain attempt
> to upgrade from EL1 to EL2 VHE, which we are, funnily enough,
> reluctant to grant to the host kernel. This is also completely
> unexpected, and puzzles your average EL2 hacker.
>
> Address it by fixing up the boot mode at the point the host gets
> deprivileged. is_hyp_mode_available() and co already have a static
> branch to deal with this, making it pretty safe.
>
> Reported-by: Vincent Donnefort <vdonnefort@google.com>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/kvm/arm.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> index b6c9bfa8492f..cf075c9b9ab1 100644
> --- a/arch/arm64/kvm/arm.c
> +++ b/arch/arm64/kvm/arm.c
> @@ -2107,6 +2107,17 @@ static int pkvm_drop_host_privileges(void)
> * once the host stage 2 is installed.
> */
> static_branch_enable(&kvm_protected_mode_initialized);
> +
> + /*
> + * Fixup the boot mode so that we don't take spurious round
> + * trips via EL2 on cpu_resume. Flush to the PoC for a good
> + * measure, so that it can be observed by a CPU coming out of
> + * suspend with the MMU off.
> + */
> + __boot_cpu_mode[0] = __boot_cpu_mode[1] = BOOT_CPU_MODE_EL1;
> + dcache_clean_poc((unsigned long)__boot_cpu_mode,
> + (unsigned long)(__boot_cpu_mode + 2));
> +
> on_each_cpu(_kvm_host_prot_finalize, &ret, 1);
> return ret;
> }
> --
> 2.34.1
>
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Quentin Perret <qperret@google.com>,
Will Deacon <will@kernel.org>,
Vincent Donnefort <vdonnefort@google.com>
Subject: Re: [PATCH] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1
Date: Tue, 11 Oct 2022 11:48:39 -0700 [thread overview]
Message-ID: <Y0W6hxc68wi4FO/o@google.com> (raw)
Message-ID: <20221011184839.2XtoXiCWMOkhTsveN8YrZ93rXPy5dsphIp5Y7ylttGM@z> (raw)
In-Reply-To: <20221011165400.1241729-1-maz@kernel.org>
On Tue, Oct 11, 2022 at 05:54:00PM +0100, Marc Zyngier wrote:
> The kernel has an awfully complicated boot sequence in order to cope
> with the various EL2 configurations, including those that "enhanced"
> the architecture. We go from EL2 to EL1, then back to EL2, staying
> at EL2 if VHE capable and otherwise go back to EL1.
>
> Here's a paracetamol tablet for you.
Heh, still have a bit of a headache from this :)
I'm having a hard time following where we skip the EL2 promotion based
on __boot_cpu_mode.
On the cpu_resume() path it looks like we take the return of
init_kernel_el() and pass that along to finalise_el2(). As we are in EL1
at this point, it seems like we'd go init_kernel_el() -> init_el1().
What am I missing?
--
Thanks,
Oliver
> The cpu_resume path follows the same logic, because coming up with
> two versions of a square wheel is hard.
>
> However, things aren't this straightforward with pKVM, as the host
> resume path is always proxied by the hypervisor, which means that
> the kernel is always entered at EL1. Which contradicts what the
> __boot_cpu_mode[] array contains (it obviously says EL2).
>
> This thus triggers a HVC call from EL1 to EL2 in a vain attempt
> to upgrade from EL1 to EL2 VHE, which we are, funnily enough,
> reluctant to grant to the host kernel. This is also completely
> unexpected, and puzzles your average EL2 hacker.
>
> Address it by fixing up the boot mode at the point the host gets
> deprivileged. is_hyp_mode_available() and co already have a static
> branch to deal with this, making it pretty safe.
>
> Reported-by: Vincent Donnefort <vdonnefort@google.com>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/kvm/arm.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> index b6c9bfa8492f..cf075c9b9ab1 100644
> --- a/arch/arm64/kvm/arm.c
> +++ b/arch/arm64/kvm/arm.c
> @@ -2107,6 +2107,17 @@ static int pkvm_drop_host_privileges(void)
> * once the host stage 2 is installed.
> */
> static_branch_enable(&kvm_protected_mode_initialized);
> +
> + /*
> + * Fixup the boot mode so that we don't take spurious round
> + * trips via EL2 on cpu_resume. Flush to the PoC for a good
> + * measure, so that it can be observed by a CPU coming out of
> + * suspend with the MMU off.
> + */
> + __boot_cpu_mode[0] = __boot_cpu_mode[1] = BOOT_CPU_MODE_EL1;
> + dcache_clean_poc((unsigned long)__boot_cpu_mode,
> + (unsigned long)(__boot_cpu_mode + 2));
> +
> on_each_cpu(_kvm_host_prot_finalize, &ret, 1);
> return ret;
> }
> --
> 2.34.1
>
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.cs.columbia.edu, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Quentin Perret <qperret@google.com>,
Will Deacon <will@kernel.org>,
Vincent Donnefort <vdonnefort@google.com>
Subject: Re: [PATCH] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1
Date: Tue, 11 Oct 2022 11:48:39 -0700 [thread overview]
Message-ID: <Y0W6hxc68wi4FO/o@google.com> (raw)
In-Reply-To: <20221011165400.1241729-1-maz@kernel.org>
On Tue, Oct 11, 2022 at 05:54:00PM +0100, Marc Zyngier wrote:
> The kernel has an awfully complicated boot sequence in order to cope
> with the various EL2 configurations, including those that "enhanced"
> the architecture. We go from EL2 to EL1, then back to EL2, staying
> at EL2 if VHE capable and otherwise go back to EL1.
>
> Here's a paracetamol tablet for you.
Heh, still have a bit of a headache from this :)
I'm having a hard time following where we skip the EL2 promotion based
on __boot_cpu_mode.
On the cpu_resume() path it looks like we take the return of
init_kernel_el() and pass that along to finalise_el2(). As we are in EL1
at this point, it seems like we'd go init_kernel_el() -> init_el1().
What am I missing?
--
Thanks,
Oliver
> The cpu_resume path follows the same logic, because coming up with
> two versions of a square wheel is hard.
>
> However, things aren't this straightforward with pKVM, as the host
> resume path is always proxied by the hypervisor, which means that
> the kernel is always entered at EL1. Which contradicts what the
> __boot_cpu_mode[] array contains (it obviously says EL2).
>
> This thus triggers a HVC call from EL1 to EL2 in a vain attempt
> to upgrade from EL1 to EL2 VHE, which we are, funnily enough,
> reluctant to grant to the host kernel. This is also completely
> unexpected, and puzzles your average EL2 hacker.
>
> Address it by fixing up the boot mode at the point the host gets
> deprivileged. is_hyp_mode_available() and co already have a static
> branch to deal with this, making it pretty safe.
>
> Reported-by: Vincent Donnefort <vdonnefort@google.com>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/kvm/arm.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> index b6c9bfa8492f..cf075c9b9ab1 100644
> --- a/arch/arm64/kvm/arm.c
> +++ b/arch/arm64/kvm/arm.c
> @@ -2107,6 +2107,17 @@ static int pkvm_drop_host_privileges(void)
> * once the host stage 2 is installed.
> */
> static_branch_enable(&kvm_protected_mode_initialized);
> +
> + /*
> + * Fixup the boot mode so that we don't take spurious round
> + * trips via EL2 on cpu_resume. Flush to the PoC for a good
> + * measure, so that it can be observed by a CPU coming out of
> + * suspend with the MMU off.
> + */
> + __boot_cpu_mode[0] = __boot_cpu_mode[1] = BOOT_CPU_MODE_EL1;
> + dcache_clean_poc((unsigned long)__boot_cpu_mode,
> + (unsigned long)(__boot_cpu_mode + 2));
> +
> on_each_cpu(_kvm_host_prot_finalize, &ret, 1);
> return ret;
> }
> --
> 2.34.1
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-10-11 18:48 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-11 16:54 [PATCH] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1 Marc Zyngier
2022-10-11 16:54 ` Marc Zyngier
2022-10-11 16:54 ` Marc Zyngier
2022-10-11 18:48 ` Oliver Upton [this message]
2022-10-11 18:48 ` Oliver Upton
2022-10-11 18:48 ` Oliver Upton
2022-10-11 20:58 ` Marc Zyngier
2022-10-11 20:58 ` Marc Zyngier
2022-10-11 20:58 ` Marc Zyngier
2022-10-13 13:33 ` Vincent Donnefort
2022-10-13 13:33 ` Vincent Donnefort
2022-10-13 13:33 ` Vincent Donnefort
-- strict thread matches above, loose matches on Subject: below --
2022-11-08 10:01 Vincent Donnefort
2022-11-28 16:21 ` Vincent Donnefort
2022-11-28 17:19 ` Greg KH
2022-11-28 17:24 ` Vincent Donnefort
2022-11-28 18:01 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y0W6hxc68wi4FO/o@google.com \
--to=oliver.upton@linux.dev \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.