From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D86FC433E0 for ; Mon, 8 Mar 2021 13:40:43 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CCF966513A for ; Mon, 8 Mar 2021 13:40:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CCF966513A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Jf0BB75xfp6obPtYb/NyvU1mMepjlxEogr5r7+a9HWA=; b=GJNXRuNr/+BoSqefeDMwV7Ceq RVJJWUrbYWTUVFcTgeUn105PLjYrX2/tKHX6hJDv1VXe1Y97Vml80q1ywtc1LwSGgjhr+3ztIiAcc RJsNB2t+RKxcSPtUDQgYukhS4Omhh0wgG6v49Xq9oqfcMRTow7tViX8vsmiKSmERpGT/f7Pcf9g1m 0BcEfkRx4V+7OFVvJY+KBG0QKg/c/8FjN+E+6aZosJ1Q6yveTHQ4t9d6TyI+BhKZfyWsWgocY8N65 hi77U6lOd6vtLxDz41n7FZ+dbOCcIzcnkbD7ozeGYxRqHrQC+n9910D4p8Dg6haYwweOWUBcie19H k7mkPDyfQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lJG62-00HW4o-Nx; Mon, 08 Mar 2021 13:38:55 +0000 Received: from mail-wm1-x332.google.com ([2a00:1450:4864:20::332]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lJG5L-00HVtb-3d for linux-arm-kernel@lists.infradead.org; Mon, 08 Mar 2021 13:38:16 +0000 Received: by mail-wm1-x332.google.com with SMTP id c76-20020a1c9a4f0000b029010c94499aedso3818360wme.0 for ; Mon, 08 Mar 2021 05:38:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=PFBRtObdnApUzRvAuScTx2Kw0ULloMz5ElbqpQCVZ4E=; b=DlzGUTmvsB+sDC4hIi5gNvd6CbNk1Tz0/nBGg/8SbC9YimO5Z2Ao2m8EqeETEhTmXH gg+bIb953rzFbi0I9YjzrON8nRevQLzIIXHIY/U/AJqjF9kTvmKnuxwuYP8I3NECMxGR z6/82TezvDq1Q8Jl48hOqizM545OfysJc0nESM3s9mnWvUtMu1HITc9HAcFu9oiJAotR F/w3ueSVFouExv1E7EOGc9FkpX5HY0bZm2Thd14AVt36z4UwYHBYGV1QiJP1Dx3RUsx/ 1UVl+XdfNd9IiYbGp5p8mmvGj/ozNnOuee7lP3M9mD6k1Boi2AtckS0mhwbZ/0MmakvB 1SFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=PFBRtObdnApUzRvAuScTx2Kw0ULloMz5ElbqpQCVZ4E=; b=QpFTuPp623yauFVdmwlFoaJmKPWD6Tt4V+EMfar3eSnf0U+RDiB31fOdp/XFC/k2Yp RFCc39i9323YfnVPgLDMA9hmN3Tur8GkfznS2rn69rZbmwhEvoeywiBFlgsw+2H9YaRL jU8olQH9PpphCpAm/Bh0vDTtqCA8qo/lRHlV2rRSqAAxKHjqRQHFzBAPJ6UlzdCF2KmO c1kVNU9B2D2uZwAiqaJCuKJyZbYAr/RWC463//IlY6wZmhHpe19ZonGSSGtaeyl8FRKj QU19+r6GpruFZiGixxxpBQIx8gmX+s6/M/u51j2F2QdN2jly7jl/hDscJXtc+PMihqiI YsbQ== X-Gm-Message-State: AOAM5320f/r5W1y/0r65ObaXPq4XX62r47f3jFhL0xsH492NDKAMm8Hq RL2dk9B6zE9huCW99s8ccpEjAw== X-Google-Smtp-Source: ABdhPJxdMgJt1UHBWtl36bgUKr2lFU/ztPx2Xm8qGG8vibyqeSTLpcrl/63fHe5uBl7JNr0lG8I+yg== X-Received: by 2002:a1c:7905:: with SMTP id l5mr22576268wme.181.1615210690018; Mon, 08 Mar 2021 05:38:10 -0800 (PST) Received: from google.com (230.69.233.35.bc.googleusercontent.com. [35.233.69.230]) by smtp.gmail.com with ESMTPSA id a5sm18572985wrs.35.2021.03.08.05.38.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Mar 2021 05:38:09 -0800 (PST) Date: Mon, 8 Mar 2021 13:38:07 +0000 From: Quentin Perret To: Will Deacon Cc: catalin.marinas@arm.com, maz@kernel.org, james.morse@arm.com, julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com, android-kvm@google.com, linux-kernel@vger.kernel.org, kernel-team@android.com, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, tabba@google.com, mark.rutland@arm.com, dbrazdil@google.com, mate.toth-pal@arm.com, seanjc@google.com, robh+dt@kernel.org Subject: Re: [PATCH v3 29/32] KVM: arm64: Wrap the host with a stage 2 Message-ID: References: <20210302150002.3685113-1-qperret@google.com> <20210302150002.3685113-30-qperret@google.com> <20210305192905.GE23633@willie-the-truck> <20210308124606.GA25879@willie-the-truck> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210308124606.GA25879@willie-the-truck> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210308_133811_939782_2783FDBC X-CRM114-Status: GOOD ( 43.97 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Monday 08 Mar 2021 at 12:46:07 (+0000), Will Deacon wrote: > __load_stage2() _only_ has the ISB if ARM64_WORKAROUND_SPECULATIVE_AT is > present, whereas I think you need one unconditionall here so that the > system register write has taken effect before the TLB invalidation. > > It's similar to the comment at the end of __tlb_switch_to_guest(). > > Having said that, I do worry that ARM64_WORKAROUND_SPECULATIVE_AT probably > needs a closer look in the world of pKVM, since it currently special-cases > the host. Yes, I see that now. I'll start looking into this. > > > > + __tlbi(vmalls12e1is); > > > > + dsb(ish); > > > > > > Given that the TLB is invalidated on the boot path, please can you add > > > a comment here about the stale entries which you need to invalidate? > > > > Sure -- that is for HCR bits cached in TLBs for VMID 0. Thinking about > > it I could probably reduce the tlbi scope as well. > > > > > Also, does this need to be inner-shareable? I thought this function ran on > > > each CPU. > > > > Hmm, correct, nsh should do. > > Cool, then you can do that for both the TLBI and the DSB instructions (and > please add a comment that the invalidation is due to the HCR bits). Sure. > > > > +static void host_stage2_unmap_dev_all(void) > > > > +{ > > > > + struct kvm_pgtable *pgt = &host_kvm.pgt; > > > > + struct memblock_region *reg; > > > > + u64 addr = 0; > > > > + int i; > > > > + > > > > + /* Unmap all non-memory regions to recycle the pages */ > > > > + for (i = 0; i < hyp_memblock_nr; i++, addr = reg->base + reg->size) { > > > > + reg = &hyp_memory[i]; > > > > + kvm_pgtable_stage2_unmap(pgt, addr, reg->base - addr); > > > > + } > > > > + kvm_pgtable_stage2_unmap(pgt, addr, ULONG_MAX); > > > > > > Is this just going to return -ERANGE? > > > > Hrmpf, yes, that wants BIT(pgt->ia_bits) I think. And that wants testing > > as well, clearly. > > Agreed, maybe it's worth checking the return value. Ack, and hyp_panic if != 0, but that is probably preferable anyway. > > > > +static int host_stage2_idmap(u64 addr) > > > > +{ > > > > + enum kvm_pgtable_prot prot = KVM_PGTABLE_PROT_R | KVM_PGTABLE_PROT_W; > > > > + struct kvm_mem_range range; > > > > + bool is_memory = find_mem_range(addr, &range); > > > > + struct hyp_pool *pool = is_memory ? &host_s2_mem : &host_s2_dev; > > > > + int ret; > > > > + > > > > + if (is_memory) > > > > + prot |= KVM_PGTABLE_PROT_X; > > > > + > > > > + hyp_spin_lock(&host_kvm.lock); > > > > + ret = kvm_pgtable_stage2_idmap_greedy(&host_kvm.pgt, addr, prot, > > > > + &range, pool); > > > > + if (is_memory || ret != -ENOMEM) > > > > + goto unlock; > > > > + host_stage2_unmap_dev_all(); > > > > + ret = kvm_pgtable_stage2_idmap_greedy(&host_kvm.pgt, addr, prot, > > > > + &range, pool); > > > > > > I find this _really_ hard to reason about, as range is passed by reference > > > and we don't reset it after the first call returns -ENOMEM for an MMIO > > > mapping. Maybe some commentary on why it's still valid here? > > > > Sure, I'll add something. FWIW, that is intended -- -ENOMEM can only be > > caused by the call to kvm_pgtable_stage2_map() which leaves the range > > untouched. So, as long as we don't release the lock, the range returned > > by the first call to kvm_pgtable_stage2_idmap_greedy() should still be > > valid. I suppose I could call kvm_pgtable_stage2_map() directly the > > second time to make it obvious but I thought this would expose the > > internal of kvm_pgtable_stage2_idmap_greedy() a little bit too much. > > I can see it both ways, but updating the kerneldoc for > kvm_pgtable_stage2_idmap_greedy() to state in which cases the range is > updated and how would be helpful. It just says "negative error code on > failure" at the moment. Alternatively I could expose the 'reduce' path (maybe with another name e.g. stage2_find_compatible_range() or so) and remove the kvm_pgtable_stage2_idmap_greedy() wrapper. So it'd be the caller's responsibility to not release the lock in between stage2_find_compatible_range() and kvm_pgtable_stage2_map() for instance, but that sounds reasonable to me. And that would make it explicit it's the _map() path that failed with -ENOMEM, and that the range can be re-used the second time. Thoughts? Thanks, Quentin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel