From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5CA2DC433F5 for ; Sun, 21 Nov 2021 19:36:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Subject:Cc:To:From:Message-ID:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=LU4cg0sgT1W+ARv/dhJP4rQxtm6XCXnIjcWtmBvcEvQ=; b=1JSajPOS5OXXju hcuR/540FisBrSgg4urBcYMmol/PdeDw4z4XPe/Sp9VDkerJ7ClnRe+auZFJph7wzSyQ+XqHQWz6q h+n9Q6jY6lWnBdic0GWzMDfTFovH5hVnTxG9NLK0aItLIutBO+hxi/Et+8TP+QDxvJGymxsRrDYfP i2alniqn76oD5uT/e31rmasEfcK2tKAiwnLLoyepkVntiBBiLHIXO9Ebm8vRw2pcpfHgd8ept+gds PJMBMcKG0srRhDzew4Myo4fwopjBA8PiQ3yUEINGY0PudQHHx9URyCjbu1/Az9jK890POF3oDUgbA sFfIbayrW4EEGhYzn4CA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1moscS-00EFK2-M8; Sun, 21 Nov 2021 19:35:20 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1moscO-00EFJg-85 for linux-arm-kernel@lists.infradead.org; Sun, 21 Nov 2021 19:35:17 +0000 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7DDD2600CC; Sun, 21 Nov 2021 19:35:15 +0000 (UTC) Received: from 82-132-235-208.dab.02.net ([82.132.235.208] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1moscK-006vZC-SX; Sun, 21 Nov 2021 19:35:13 +0000 Date: Sun, 21 Nov 2021 19:35:13 +0000 Message-ID: <87bl2ds3ny.wl-maz@kernel.org> From: Marc Zyngier To: Alexandru Elisei Cc: james.morse@arm.com, suzuki.poulose@arm.com, will@kernel.org, mark.rutland@arm.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, peter.maydell@linaro.org Subject: Re: [PATCH 4/4] KVM: arm64: Refuse to run VCPU if the PMU doesn't match the physical CPU In-Reply-To: <20211115165041.194884-5-alexandru.elisei@arm.com> References: <20211115165041.194884-1-alexandru.elisei@arm.com> <20211115165041.194884-5-alexandru.elisei@arm.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 82.132.235.208 X-SA-Exim-Rcpt-To: alexandru.elisei@arm.com, james.morse@arm.com, suzuki.poulose@arm.com, will@kernel.org, mark.rutland@arm.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, peter.maydell@linaro.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211121_113516_381224_ADBE74E0 X-CRM114-Status: GOOD ( 42.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, 15 Nov 2021 16:50:41 +0000, Alexandru Elisei wrote: > > Userspace can assign a PMU to a VCPU with the KVM_ARM_VCPU_PMU_V3_SET_PMU > device ioctl. If the VCPU is scheduled on a physical CPU which has a > different PMU, the perf events needed to emulate a guest PMU won't be > scheduled in and the guest performance counters will stop counting. Treat > it as an userspace error and refuse to run the VCPU in this situation. > > The VCPU is flagged as being scheduled on the wrong CPU in vcpu_load(), but > the flag is cleared when the KVM_RUN enters the non-preemptible section > instead of in vcpu_put(); this has been done on purpose so the error > condition is communicated as soon as possible to userspace, otherwise > vcpu_load() on the wrong CPU followed by a vcpu_put() could clear the flag. Can we make this something orthogonal to the PMU, and get userspace to pick an affinity mask independently of instantiating a PMU? I can imagine this would also be useful for SPE on asymmetric systems. > Suggested-by: Marc Zyngier > Signed-off-by: Alexandru Elisei > --- > Documentation/virt/kvm/api.rst | 5 +++-- > Documentation/virt/kvm/devices/vcpu.rst | 3 ++- > arch/arm64/include/asm/kvm_host.h | 3 +++ > arch/arm64/kvm/arm.c | 15 +++++++++++++++ > arch/arm64/kvm/pmu-emul.c | 1 + > 5 files changed, 24 insertions(+), 3 deletions(-) > > diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst > index aeeb071c7688..5bbad8318ea5 100644 > --- a/Documentation/virt/kvm/api.rst > +++ b/Documentation/virt/kvm/api.rst > @@ -396,8 +396,9 @@ Errors: > > ======= ============================================================== > EINTR an unmasked signal is pending > - ENOEXEC the vcpu hasn't been initialized or the guest tried to execute > - instructions from device memory (arm64) > + ENOEXEC the vcpu hasn't been initialized, the guest tried to execute > + instructions from device memory (arm64) or the vcpu PMU is > + different from the physical cpu PMU (arm64). > ENOSYS data abort outside memslots with no syndrome info and > KVM_CAP_ARM_NISV_TO_USER not enabled (arm64) > EPERM SVE feature set but not finalized (arm64) > diff --git a/Documentation/virt/kvm/devices/vcpu.rst b/Documentation/virt/kvm/devices/vcpu.rst > index 59ac382af59a..ca0da34da889 100644 > --- a/Documentation/virt/kvm/devices/vcpu.rst > +++ b/Documentation/virt/kvm/devices/vcpu.rst > @@ -128,7 +128,8 @@ systems where there are at least two PMUs on the system. > > Note that KVM will not make any attempts to run the VCPU on the physical CPUs > associated with the PMU specified by this attribute. This is entirely left to > -userspace. > +userspace. However, if the VCPU is scheduled on a CPU which has a different PMU, > +then KVM_RUN will return with the error code ENOEXEC. > > 2. GROUP: KVM_ARM_VCPU_TIMER_CTRL > ================================= > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h > index 2a5f7f38006f..ae2083b41d8a 100644 > --- a/arch/arm64/include/asm/kvm_host.h > +++ b/arch/arm64/include/asm/kvm_host.h > @@ -385,6 +385,9 @@ struct kvm_vcpu_arch { > u64 last_steal; > gpa_t base; > } steal; > + > + cpumask_var_t supported_cpus; > + bool cpu_not_supported; Can this just be made a vcpu flag instead? > }; > > /* Pointer to the vcpu's SVE FFR for sve_{save,load}_state() */ > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c > index 2f03cbfefe67..5dbfd18c4e37 100644 > --- a/arch/arm64/kvm/arm.c > +++ b/arch/arm64/kvm/arm.c > @@ -320,6 +320,9 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) > > vcpu->arch.mmu_page_cache.gfp_zero = __GFP_ZERO; > > + if (!zalloc_cpumask_var(&vcpu->arch.supported_cpus, GFP_KERNEL)) > + return -ENOMEM; > + > /* Set up the timer */ > kvm_timer_vcpu_init(vcpu); > > @@ -347,6 +350,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) > if (vcpu->arch.has_run_once && unlikely(!irqchip_in_kernel(vcpu->kvm))) > static_branch_dec(&userspace_irqchip_in_use); > > + free_cpumask_var(vcpu->arch.supported_cpus); > kvm_mmu_free_memory_cache(&vcpu->arch.mmu_page_cache); > kvm_timer_vcpu_terminate(vcpu); > kvm_pmu_vcpu_destroy(vcpu); > @@ -425,6 +429,10 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) > if (vcpu_has_ptrauth(vcpu)) > vcpu_ptrauth_disable(vcpu); > kvm_arch_vcpu_load_debug_state_flags(vcpu); > + > + if (!cpumask_empty(vcpu->arch.supported_cpus) && How about initialising the cpumask to cpu_possible_mask, avoiding the cpumask_empty check? > + !cpumask_test_cpu(smp_processor_id(), vcpu->arch.supported_cpus)) > + vcpu->arch.cpu_not_supported = true; I have the feeling this would actually better be implemented as a request, but there may be some surgery required for this. > } > > void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) > @@ -815,6 +823,13 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) > */ > preempt_disable(); > > + if (unlikely(vcpu->arch.cpu_not_supported)) { > + vcpu->arch.cpu_not_supported = false; > + ret = -ENOEXEC; > + preempt_enable(); How about populating run->fail_entry with some information? I bet this would be useful, if only as a debugging tool. > + continue; > + } > + > kvm_pmu_flush_hwstate(vcpu); > > local_irq_disable(); > diff --git a/arch/arm64/kvm/pmu-emul.c b/arch/arm64/kvm/pmu-emul.c > index 53cedeb5dbf6..957a6d0cfa56 100644 > --- a/arch/arm64/kvm/pmu-emul.c > +++ b/arch/arm64/kvm/pmu-emul.c > @@ -951,6 +951,7 @@ static int kvm_arm_pmu_v3_set_pmu(struct kvm_vcpu *vcpu, int pmu_id) > arm_pmu = entry->arm_pmu; > if (arm_pmu->pmu.type == pmu_id) { > kvm_pmu->arm_pmu = arm_pmu; > + cpumask_copy(vcpu->arch.supported_cpus, &arm_pmu->supported_cpus); > return 0; > } > } Thanks, M. -- Without deviation from the norm, progress is not possible. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel