linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation
@ 2024-05-02 18:00 Marc Zyngier
  2024-05-07 14:57 ` Will Deacon
  0 siblings, 1 reply; 3+ messages in thread
From: Marc Zyngier @ 2024-05-02 18:00 UTC (permalink / raw)
  To: kvmarm, kvm, linux-arm-kernel
  Cc: James Morse, Suzuki K Poulose, Oliver Upton, Zenghui Yu

When taking a trap for an SMC instruction on the host, we must
stau true to the letter of the architecture and perform all the
actions that the CPU would otherwise do. Among those are clearing
the BTYPE and SS bits.

Just do that.

Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2")
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
 arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
index 4fdfeabefeb4..b1afb7b59a31 100644
--- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
+++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
@@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu)
  */
 static inline void kvm_skip_host_instr(void)
 {
+	u64 spsr = read_sysreg_el2(SYS_SPSR);
+
 	write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR);
+
+	spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS);
+
+	write_sysreg_el2(spsr, SYS_SPSR);
 }
 
 #endif
-- 
2.39.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation
  2024-05-02 18:00 [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation Marc Zyngier
@ 2024-05-07 14:57 ` Will Deacon
  2024-05-08  6:04   ` Marc Zyngier
  0 siblings, 1 reply; 3+ messages in thread
From: Will Deacon @ 2024-05-07 14:57 UTC (permalink / raw)
  To: Marc Zyngier
  Cc: kvmarm, kvm, linux-arm-kernel, James Morse, Suzuki K Poulose,
	Oliver Upton, Zenghui Yu

On Thu, May 02, 2024 at 07:00:20PM +0100, Marc Zyngier wrote:
> When taking a trap for an SMC instruction on the host, we must
> stau true to the letter of the architecture and perform all the

typo: stay

> actions that the CPU would otherwise do. Among those are clearing
> the BTYPE and SS bits.
> 
> Just do that.
> 
> Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2")
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
>  arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
> index 4fdfeabefeb4..b1afb7b59a31 100644
> --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
> +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
> @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu)
>   */
>  static inline void kvm_skip_host_instr(void)
>  {
> +	u64 spsr = read_sysreg_el2(SYS_SPSR);
> +
>  	write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR);
> +
> +	spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS);
> +
> +	write_sysreg_el2(spsr, SYS_SPSR);

The handling of SS looks correct to me, but I think the BTYPE
manipulation could do with a little more commentary as it looks quite
subtle when the SMC is in a guarded page. Am I right in thinking:

   * If the SMC is in a guarded page, the Branch Target exception is
     higher priority (12) than the trap to EL2 and so the host will
     handle it.

   * Therefore if a trapping SMC is in a guarded page, BTYPE must be
     zero and we don't have to worry about injecting a Branch Target
     exception.

   * Otherwise, if the SMC is in a non-guarded page, we should clear it
     to 0 per the architecture (R_YWFHD).

?

Having said that, I can't actually find the priority of an SMC trapped
to EL2 by HCR_EL2.TSC in the Arm ARM. Trapped HVCs are priority 15 and
SMCs trapped to EL3 are priority 23.

Will

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation
  2024-05-07 14:57 ` Will Deacon
@ 2024-05-08  6:04   ` Marc Zyngier
  0 siblings, 0 replies; 3+ messages in thread
From: Marc Zyngier @ 2024-05-08  6:04 UTC (permalink / raw)
  To: Will Deacon
  Cc: kvmarm, kvm, linux-arm-kernel, James Morse, Suzuki K Poulose,
	Oliver Upton, Zenghui Yu

On Tue, 07 May 2024 15:57:34 +0100,
Will Deacon <will@kernel.org> wrote:
> 
> On Thu, May 02, 2024 at 07:00:20PM +0100, Marc Zyngier wrote:
> > When taking a trap for an SMC instruction on the host, we must
> > stau true to the letter of the architecture and perform all the
> 
> typo: stay
> 
> > actions that the CPU would otherwise do. Among those are clearing
> > the BTYPE and SS bits.
> > 
> > Just do that.
> > 
> > Fixes: a805e1fb3099 ("KVM: arm64: Add SMC handler in nVHE EL2")
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> >  arch/arm64/kvm/hyp/include/hyp/adjust_pc.h | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
> > index 4fdfeabefeb4..b1afb7b59a31 100644
> > --- a/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
> > +++ b/arch/arm64/kvm/hyp/include/hyp/adjust_pc.h
> > @@ -47,7 +47,13 @@ static inline void __kvm_skip_instr(struct kvm_vcpu *vcpu)
> >   */
> >  static inline void kvm_skip_host_instr(void)
> >  {
> > +	u64 spsr = read_sysreg_el2(SYS_SPSR);
> > +
> >  	write_sysreg_el2(read_sysreg_el2(SYS_ELR) + 4, SYS_ELR);
> > +
> > +	spsr &= ~(PSR_BTYPE_MASK | DBG_SPSR_SS);
> > +
> > +	write_sysreg_el2(spsr, SYS_SPSR);
> 
> The handling of SS looks correct to me, but I think the BTYPE
> manipulation could do with a little more commentary as it looks quite
> subtle when the SMC is in a guarded page. Am I right in thinking:
> 
>    * If the SMC is in a guarded page, the Branch Target exception is
>      higher priority (12) than the trap to EL2 and so the host will
>      handle it.
> 
>    * Therefore if a trapping SMC is in a guarded page, BTYPE must be
>      zero and we don't have to worry about injecting a Branch Target
>      exception.
> 
>    * Otherwise, if the SMC is in a non-guarded page, we should clear it
>      to 0 per the architecture (R_YWFHD).
> 
> ?

This is all correct. If we get to emulate the SMC by trapping to EL2,
it is that the instruction already satisfied the more basic execution
requirements such as having an acceptable BTYPE at that PC.

If that's OK with you, I'll nick that write-up and stick it into the
next revision of the patch.

> Having said that, I can't actually find the priority of an SMC trapped
> to EL2 by HCR_EL2.TSC in the Arm ARM. Trapped HVCs are priority 15 and
> SMCs trapped to EL3 are priority 23.

My understanding is that this falls into the catch-all priority 22 of
R_ZFGJP ("Other than an exception defined by priorities 4-21
inclusive, any exception that is the result of a configurable access
to instructions, where the exception is taken to EL2.").

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-05-08  6:05 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-02 18:00 [PATCH] KVM: arm64: Correct BTYPE/SS in host SMC emulation Marc Zyngier
2024-05-07 14:57 ` Will Deacon
2024-05-08  6:04   ` Marc Zyngier

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).