From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 21/21] arm64: Panic when VHE and non VHE CPUs coexist
Date: Wed, 3 Feb 2016 09:49:13 +0100 [thread overview]
Message-ID: <20160203084913.GA13974@cbox> (raw)
In-Reply-To: <56B0CBF4.9030507@arm.com>
On Tue, Feb 02, 2016 at 03:32:04PM +0000, Marc Zyngier wrote:
> On 01/02/16 15:36, Christoffer Dall wrote:
> > On Mon, Jan 25, 2016 at 03:53:55PM +0000, Marc Zyngier wrote:
> >> Having both VHE and non-VHE capable CPUs in the same system
> >> is likely to be a recipe for disaster.
> >>
> >> If the boot CPU has VHE, but a secondary is not, we won't be
> >> able to downgrade and run the kernel at EL1. Add CPU hotplug
> >> to the mix, and this produces a terrifying mess.
> >>
> >> Let's solve the problem once and for all. If you mix VHE and
> >> non-VHE CPUs in the same system, you deserve to loose, and this
> >> patch makes sure you don't get a chance.
> >>
> >> This is implemented by storing the kernel execution level in
> >> a global variable. Secondaries will park themselves in a
> >> WFI loop if they observe a mismatch. Also, the primary CPU
> >> will detect that the secondary CPU has died on a mismatched
> >> execution level. Panic will follow.
> >>
> >> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> >> ---
> >> arch/arm64/include/asm/virt.h | 17 +++++++++++++++++
> >> arch/arm64/kernel/head.S | 19 +++++++++++++++++++
> >> arch/arm64/kernel/smp.c | 3 +++
> >> 3 files changed, 39 insertions(+)
> >>
> >> diff --git a/arch/arm64/include/asm/virt.h b/arch/arm64/include/asm/virt.h
> >> index 9f22dd6..f81a345 100644
> >> --- a/arch/arm64/include/asm/virt.h
> >> +++ b/arch/arm64/include/asm/virt.h
> >> @@ -36,6 +36,11 @@
> >> */
> >> extern u32 __boot_cpu_mode[2];
> >>
> >> +/*
> >> + * __run_cpu_mode records the mode the boot CPU uses for the kernel.
> >> + */
> >> +extern u32 __run_cpu_mode[2];
> >> +
> >> void __hyp_set_vectors(phys_addr_t phys_vector_base);
> >> phys_addr_t __hyp_get_vectors(void);
> >>
> >> @@ -60,6 +65,18 @@ static inline bool is_kernel_in_hyp_mode(void)
> >> return el == CurrentEL_EL2;
> >> }
> >>
> >> +static inline bool is_kernel_mode_mismatched(void)
> >> +{
> >> + /*
> >> + * A mismatched CPU will have written its own CurrentEL in
> >> + * __run_cpu_mode[1] (initially set to zero) after failing to
> >> + * match the value in __run_cpu_mode[0]. Thus, a non-zero
> >> + * value in __run_cpu_mode[1] is enough to detect the
> >> + * pathological case.
> >> + */
> >> + return !!ACCESS_ONCE(__run_cpu_mode[1]);
> >> +}
> >> +
> >> /* The section containing the hypervisor text */
> >> extern char __hyp_text_start[];
> >> extern char __hyp_text_end[];
> >> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
> >> index 2a7134c..bc44cf8 100644
> >> --- a/arch/arm64/kernel/head.S
> >> +++ b/arch/arm64/kernel/head.S
> >> @@ -577,7 +577,23 @@ ENTRY(set_cpu_boot_mode_flag)
> >> 1: str w20, [x1] // This CPU has booted in EL1
> >> dmb sy
> >> dc ivac, x1 // Invalidate potentially stale cache line
> >> + adr_l x1, __run_cpu_mode
> >> + ldr w0, [x1]
> >> + mrs x20, CurrentEL
> >> + cbz x0, skip_el_check
> >> + cmp x0, x20
> >> + bne mismatched_el
> >
> > can't you do a ret here instead of writing the same value and flushing
> > caches etc.?
>
> Yes, good point.
>
> >
> >> +skip_el_check: // Only the first CPU gets to set the rule
> >> + str w20, [x1]
> >> + dmb sy
> >> + dc ivac, x1 // Invalidate potentially stale cache line
> >> ret
> >> +mismatched_el:
> >> + str w20, [x1, #4]
> >> + dmb sy
> >> + dc ivac, x1 // Invalidate potentially stale cache line
> >> +1: wfi
> >
> > I'm no expert on SMP bringup, but doesn't this prevent the CPU from
> > signaling completion and thus you'll never actually reach the checking
> > code in __cpu_up?
>
> Indeed, and that's the whole point. The primary CPU will notice that the
> secondary CPU has failed to boot (timeout), and will find the reason in
> __run_cpu_mode.
>
That wasn't exactly my point. If I understand correctly and __cpu_up is
the primary CPU executing a function to bring up a secondary core, then
it will wait for the cpu_running completion which should be signalled by
the secondary core, but because the secondary core never makes any
progress it will timeout the wait for completion and you will see that
error "..failed to come online" instead of the "incompatible execution
level".
(This is based on my reading of the code as the completion is signalled
in secondary_start_kernl which happens after this stuff above in
head.S).
-Christoffer
next prev parent reply other threads:[~2016-02-03 8:49 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-25 15:53 [PATCH v2 00/21] arm64: Virtualization Host Extension support Marc Zyngier
2016-01-25 15:53 ` [PATCH v2 01/21] arm/arm64: Add new is_kernel_in_hyp_mode predicate Marc Zyngier
2016-02-01 13:59 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 02/21] arm64: Allow the arch timer to use the HYP timer Marc Zyngier
2016-02-01 12:29 ` Christoffer Dall
2016-02-01 13:42 ` Marc Zyngier
2016-02-01 15:37 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 03/21] arm64: Add ARM64_HAS_VIRT_HOST_EXTN feature Marc Zyngier
2016-02-01 13:59 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 04/21] arm64: KVM: Skip HYP setup when already running in HYP Marc Zyngier
2016-02-01 13:59 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 05/21] arm64: KVM: VHE: Turn VTCR_EL2 setup into a reusable macro Marc Zyngier
2016-02-01 13:13 ` Christoffer Dall
2016-02-01 14:21 ` Marc Zyngier
2016-02-01 15:38 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 06/21] arm64: KVM: VHE: Patch out use of HVC Marc Zyngier
2016-02-01 13:16 ` Christoffer Dall
2016-02-01 13:34 ` Marc Zyngier
2016-02-01 15:36 ` Catalin Marinas
2016-02-01 16:20 ` Marc Zyngier
2016-02-01 17:08 ` Ard Biesheuvel
2016-02-01 17:28 ` Marc Zyngier
2016-02-02 15:42 ` Christoffer Dall
2016-02-01 15:39 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 07/21] arm64: KVM: VHE: Patch out kern_hyp_va Marc Zyngier
2016-02-01 13:20 ` Christoffer Dall
2016-02-01 13:38 ` Marc Zyngier
2016-02-01 15:40 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 08/21] arm64: KVM: VHE: Introduce unified system register accessors Marc Zyngier
2016-02-01 13:47 ` Christoffer Dall
2016-02-01 14:04 ` Marc Zyngier
2016-02-01 15:43 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 09/21] arm64: KVM: VHE: Differenciate host/guest sysreg save/restore Marc Zyngier
2016-02-01 13:59 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 10/21] arm64: KVM: VHE: Split save/restore of sysregs shared between EL1 and EL2 Marc Zyngier
2016-02-01 13:54 ` Christoffer Dall
2016-02-02 9:46 ` Marc Zyngier
2016-02-02 15:46 ` Christoffer Dall
2016-02-02 16:19 ` Marc Zyngier
2016-02-02 20:07 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 11/21] arm64: KVM: VHE: Use unified system register accessors Marc Zyngier
2016-02-01 13:59 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 12/21] arm64: KVM: VHE: Enable minimal sysreg save/restore Marc Zyngier
2016-02-01 14:02 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 13/21] arm64: KVM: VHE: Make __fpsimd_enabled VHE aware Marc Zyngier
2016-02-01 14:17 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 14/21] arm64: KVM: VHE: Implement VHE activate/deactivate_traps Marc Zyngier
2016-02-01 14:20 ` Christoffer Dall
2016-02-02 11:27 ` Marc Zyngier
2016-01-25 15:53 ` [PATCH v2 15/21] arm64: KVM: VHE: Use unified sysreg accessors for timer Marc Zyngier
2016-02-01 14:23 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 16/21] arm64: KVM: VHE: Add fpsimd enabling on guest access Marc Zyngier
2016-02-01 14:24 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 17/21] arm64: KVM: VHE: Add alternative panic handling Marc Zyngier
2016-02-01 14:26 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 18/21] arm64: KVM: Introduce hyp_alternate_value helper Marc Zyngier
2016-02-01 14:41 ` Christoffer Dall
2016-02-02 13:42 ` Marc Zyngier
2016-02-02 15:47 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 19/21] arm64: KVM: Move most of the fault decoding to C Marc Zyngier
2016-02-01 15:21 ` Christoffer Dall
2016-02-02 14:24 ` Marc Zyngier
2016-02-02 15:50 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 20/21] arm64: VHE: Add support for running Linux in EL2 mode Marc Zyngier
2016-01-26 14:04 ` Suzuki K. Poulose
2016-01-26 14:30 ` Suzuki K. Poulose
2016-02-01 15:26 ` Christoffer Dall
2016-01-25 15:53 ` [PATCH v2 21/21] arm64: Panic when VHE and non VHE CPUs coexist Marc Zyngier
2016-01-26 14:25 ` Suzuki K. Poulose
2016-01-26 14:34 ` Marc Zyngier
2016-02-01 15:36 ` Christoffer Dall
2016-02-02 15:32 ` Marc Zyngier
2016-02-03 8:49 ` Christoffer Dall [this message]
2016-02-03 17:45 ` Marc Zyngier
2016-02-03 19:12 ` Christoffer Dall
2016-01-25 16:15 ` [PATCH v2 00/21] arm64: Virtualization Host Extension support Arnd Bergmann
2016-01-25 16:23 ` Marc Zyngier
2016-01-25 16:26 ` Arnd Bergmann
2016-01-25 16:26 ` Will Deacon
2016-01-25 16:37 ` Marc Zyngier
2016-01-25 16:44 ` Will Deacon
2016-01-25 19:16 ` Marc Zyngier
2016-02-01 16:25 ` Christoffer Dall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160203084913.GA13974@cbox \
--to=christoffer.dall@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).