From: Mostafa Saleh <smostafa@google.com>
To: Sudeep Holla <sudeep.holla@arm.com>
Cc: maz@kernel.org, oliver.upton@linux.dev,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
linux-kernel@vger.kernel.org, tabba@google.com,
qperret@google.com, will@kernel.org, catalin.marinas@arm.com,
yuzenghui@huawei.com, suzuki.poulose@arm.com,
james.morse@arm.com, bgardon@google.com, gshan@redhat.com
Subject: Re: [PATCH v3] KVM: arm64: Use BTI for nvhe
Date: Tue, 4 Jul 2023 14:18:09 +0000 [thread overview]
Message-ID: <ZKQqIYRrckLlXqkx@google.com> (raw)
In-Reply-To: <20230704134136.a5znw4jupt5yp5kg@bogus>
Hi Sudeep,
On Tue, Jul 04, 2023 at 02:41:36PM +0100, Sudeep Holla wrote:
> On Tue, May 30, 2023 at 03:08:45PM +0000, Mostafa Saleh wrote:
> > CONFIG_ARM64_BTI_KERNEL compiles the kernel to support ARMv8.5-BTI.
> > However, the nvhe code doesn't make use of it as it doesn't map any
> > pages with Guarded Page(GP) bit.
> >
> > kvm pgtable code is modified to map executable pages with GP bit
> > if BTI is enabled for the kernel.
> >
> > At hyp init, SCTLR_EL2.BT is set to 1 to match EL1 configuration
> > (SCTLR_EL1.BT1) set in bti_enable().
> >
> > One difference between kernel and nvhe code, is that the kernel maps
> > .text with GP while nvhe maps all the executable pages, this makes
> > nvhe code need to deal with special initialization code coming from
> > other executable sections (.idmap.text).
> > For this we need to add bti instruction at the beginning of
> > __kvm_handle_stub_hvc as it can be called by __host_hvc through
> > branch instruction(br) and unlike SYM_FUNC_START, SYM_CODE_START
> > doesn’t add bti instruction at the beginning, and it can’t be modified
> > to add it as it is used with vector tables.
> > Another solution which is more intrusive is to convert
> > __kvm_handle_stub_hvc to a function and inject “bti jc” instead of
> > “bti c” in SYM_FUNC_START
> >
>
> I was chasing a bug in linux-next yesterday with protected nVHE(pKVM) and
> cpuidle enabled. The system fails to boot. I just bisected the issue to this
> patch and also saw this patch landed in the linus tree yesterday/today.
One of the challenges of BTI is that we need to add explicit BTI instructions
for assembly code. I checked the code to make sure that nothing was missing,
but maybe this is not the case.
Can you please share more about the issue (is ESR a Branch Target Exception,
call stack...) if possible.
Also, is this with CONFIG_ARM_PSCI_CPUIDLE?
> Not sure if this is something to do with the fact that pKVM skips to
> __kvm_handle_stub_hvc in __host_hvc.
__kvm_handle_stub_hvc is called from __host_hvc with "br x5"
That's why "bti j" was added at the beginning of __kvm_handle_stub_hvc,
so this should be fine.
> Let me know if you want be to try something.
>
> --
> Regards,
> Sudeep
Thanks,
Mostafa
WARNING: multiple messages have this Message-ID (diff)
From: Mostafa Saleh <smostafa@google.com>
To: Sudeep Holla <sudeep.holla@arm.com>
Cc: maz@kernel.org, oliver.upton@linux.dev,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
linux-kernel@vger.kernel.org, tabba@google.com,
qperret@google.com, will@kernel.org, catalin.marinas@arm.com,
yuzenghui@huawei.com, suzuki.poulose@arm.com,
james.morse@arm.com, bgardon@google.com, gshan@redhat.com
Subject: Re: [PATCH v3] KVM: arm64: Use BTI for nvhe
Date: Tue, 4 Jul 2023 14:18:09 +0000 [thread overview]
Message-ID: <ZKQqIYRrckLlXqkx@google.com> (raw)
In-Reply-To: <20230704134136.a5znw4jupt5yp5kg@bogus>
Hi Sudeep,
On Tue, Jul 04, 2023 at 02:41:36PM +0100, Sudeep Holla wrote:
> On Tue, May 30, 2023 at 03:08:45PM +0000, Mostafa Saleh wrote:
> > CONFIG_ARM64_BTI_KERNEL compiles the kernel to support ARMv8.5-BTI.
> > However, the nvhe code doesn't make use of it as it doesn't map any
> > pages with Guarded Page(GP) bit.
> >
> > kvm pgtable code is modified to map executable pages with GP bit
> > if BTI is enabled for the kernel.
> >
> > At hyp init, SCTLR_EL2.BT is set to 1 to match EL1 configuration
> > (SCTLR_EL1.BT1) set in bti_enable().
> >
> > One difference between kernel and nvhe code, is that the kernel maps
> > .text with GP while nvhe maps all the executable pages, this makes
> > nvhe code need to deal with special initialization code coming from
> > other executable sections (.idmap.text).
> > For this we need to add bti instruction at the beginning of
> > __kvm_handle_stub_hvc as it can be called by __host_hvc through
> > branch instruction(br) and unlike SYM_FUNC_START, SYM_CODE_START
> > doesn’t add bti instruction at the beginning, and it can’t be modified
> > to add it as it is used with vector tables.
> > Another solution which is more intrusive is to convert
> > __kvm_handle_stub_hvc to a function and inject “bti jc” instead of
> > “bti c” in SYM_FUNC_START
> >
>
> I was chasing a bug in linux-next yesterday with protected nVHE(pKVM) and
> cpuidle enabled. The system fails to boot. I just bisected the issue to this
> patch and also saw this patch landed in the linus tree yesterday/today.
One of the challenges of BTI is that we need to add explicit BTI instructions
for assembly code. I checked the code to make sure that nothing was missing,
but maybe this is not the case.
Can you please share more about the issue (is ESR a Branch Target Exception,
call stack...) if possible.
Also, is this with CONFIG_ARM_PSCI_CPUIDLE?
> Not sure if this is something to do with the fact that pKVM skips to
> __kvm_handle_stub_hvc in __host_hvc.
__kvm_handle_stub_hvc is called from __host_hvc with "br x5"
That's why "bti j" was added at the beginning of __kvm_handle_stub_hvc,
so this should be fine.
> Let me know if you want be to try something.
>
> --
> Regards,
> Sudeep
Thanks,
Mostafa
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-07-04 14:18 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 15:08 [PATCH v3] KVM: arm64: Use BTI for nvhe Mostafa Saleh
2023-05-30 15:08 ` Mostafa Saleh
2023-05-30 18:01 ` Oliver Upton
2023-05-30 18:01 ` Oliver Upton
2023-07-04 13:41 ` Sudeep Holla
2023-07-04 13:41 ` Sudeep Holla
2023-07-04 14:18 ` Mostafa Saleh [this message]
2023-07-04 14:18 ` Mostafa Saleh
2023-07-04 14:33 ` Sudeep Holla
2023-07-04 14:33 ` Sudeep Holla
2023-07-04 16:27 ` Mostafa Saleh
2023-07-04 16:27 ` Mostafa Saleh
2023-07-04 19:25 ` Sudeep Holla
2023-07-04 19:25 ` Sudeep Holla
2023-07-05 15:56 ` Mostafa Saleh
2023-07-05 15:56 ` Mostafa Saleh
2023-07-06 12:49 ` Mostafa Saleh
2023-07-06 12:49 ` Mostafa Saleh
2023-07-06 14:27 ` Marc Zyngier
2023-07-06 14:27 ` Marc Zyngier
2023-07-06 15:23 ` Mostafa Saleh
2023-07-06 15:23 ` Mostafa Saleh
2023-07-12 10:34 ` Linux regression tracking (Thorsten Leemhuis)
2023-07-12 10:34 ` Linux regression tracking (Thorsten Leemhuis)
2023-07-12 10:44 ` Marc Zyngier
2023-07-12 10:44 ` Marc Zyngier
2023-07-12 10:52 ` Linux regression tracking (Thorsten Leemhuis)
2023-07-12 10:52 ` Linux regression tracking (Thorsten Leemhuis)
2023-07-12 11:01 ` Marc Zyngier
2023-07-12 11:01 ` Marc Zyngier
2023-07-12 11:16 ` Linux regression tracking (Thorsten Leemhuis)
2023-07-12 11:16 ` Linux regression tracking (Thorsten Leemhuis)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZKQqIYRrckLlXqkx@google.com \
--to=smostafa@google.com \
--cc=bgardon@google.com \
--cc=catalin.marinas@arm.com \
--cc=gshan@redhat.com \
--cc=james.morse@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=sudeep.holla@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.