From patchwork Mon Jan 17 14:24:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1580797 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=jnzYvZoM; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JcvLP2PNnz9s9c for ; Tue, 18 Jan 2022 01:24:45 +1100 (AEDT) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4JcvLN6mcBz30MC for ; Tue, 18 Jan 2022 01:24:44 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=jnzYvZoM; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::52a; helo=mail-pg1-x52a.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=jnzYvZoM; dkim-atps=neutral Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4JcvL91NVzz2yN3 for ; Tue, 18 Jan 2022 01:24:31 +1100 (AEDT) Received: by mail-pg1-x52a.google.com with SMTP id 133so6709617pgb.0 for ; Mon, 17 Jan 2022 06:24:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=y9C7t1xNtINtph1aAC9wIr8lleaPpcggyvhTav+JFy8=; b=jnzYvZoM1Lc0olVNrk7qq5I4S9oX13vhLImy/VeXYHv6XWtO5sgdbOgYLMrwvzWSbK lzqmHR5qDwjCmIhFA627PXXbeQaBYO8XmClFkB8uXQ7yJes+tvebE0RMoltt0AlYRXUp smouwoSdQ7CbJ93dn3xiVYKznPeWT9WeULlh4xLZJ51fP5M5CGTLGeNBjNWroGLY0n/p l+266h67+M1i3KkS2S4t2OFehBsEV7hKbLFeNSo7NwLRQmBI+ymdLJAkJADPLjpRTYJk ZygOLnzojPbCFGU27cuJQftNGTObRbcEpEsfB8TZ4R7d4NymN5IWXqbbwPUJikO2ewTH ZkzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=y9C7t1xNtINtph1aAC9wIr8lleaPpcggyvhTav+JFy8=; b=bxnUbEtMHbnylzp4/qsRAB0brCTEuj/18XXNN/4GEEMhMbwttPxi8HDi8ZIGRVJ0r4 GzePP8W1TBTEGDt2ZFKBM9dBlj6TFjZnit4WFx1yXAynQKCWoHmwMTSZaunzxFZ5MCKj AWNdtWmSP8iObx7wR4dqk9lYLn9WYxcbQzfnhZkmaYNQW45tk2QmLfys6iCKNsvzImNy 2dhmZNzcn6Ndu9xyyk58JFCZvSSqA85VhS7YnfieS6Xd+qucNq1R76o3ynvA/RTTjcVs 0PJHTA2rAj0xcmEd8g9levZYBKMoehiNk568+OuGFkAQF688UI3cE/+5WGVV+mTo+rau hNrg== X-Gm-Message-State: AOAM533VTLyn0ZFxcPV+yY3iCob9t9K09uDzOzSnIFMn3XIjy1zdID6u a+XHZdl+HtM3NFy0rGzgMvOY6MVgasQ= X-Google-Smtp-Source: ABdhPJyVdUXqsXyVy0EHW5jY1aKoYRCTDR/2tRbtQ6v0KpxUmCN+UDeWo/g5+UVcG4QpeXyXv3a4lA== X-Received: by 2002:a05:6a00:26c5:b0:4bd:4ad6:9c71 with SMTP id p5-20020a056a0026c500b004bd4ad69c71mr21196807pfw.45.1642429468745; Mon, 17 Jan 2022 06:24:28 -0800 (PST) Received: from bobo.ozlabs.ibm.com (124-171-74-95.tpgi.com.au. [124.171.74.95]) by smtp.gmail.com with ESMTPSA id ga1sm7086325pjb.24.2022.01.17.06.24.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jan 2022 06:24:28 -0800 (PST) From: Nicholas Piggin To: linuxppc-dev@lists.ozlabs.org Subject: [RFC PATCH 1/3] powerpc/64s: Fix system call emulation Date: Tue, 18 Jan 2022 00:24:21 +1000 Message-Id: <20220117142423.3038570-1-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9dric_Le_Goater?= , Nicholas Piggin Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Interrupt return code expects the returned-to irq state to be reconciled with the returned-to MSR[EE] state. That is, if local irqs are enabled then MSR[EE] must be set, and if MSR[EE] is not set then local irqs must be disabled. System call emulation (both sc and scv 0) does not get this right, it tries to return to a context with MSR[EE]=0 and local irqs enabled. This confuses interrupt return and triggers a warning and probably worse. Fix this by returning to the system call entry points with MSR[EE]=0 and local irqs disabled. Add a case to deal with this kind of entry in the system call handler. The difficulty is that the interrupt return changes from user-mode to kernel mode, so it does not restore everything to the way it would look when coming from userspace (e.g., CPU accounting, kuap, the pkey regs, etc). XXX: I don't know if this is quite the best problem. System call emulation is much more complicated than it looks due to this return-to-kernel problem. Even now the patch relies on SOFTE being set in the stack by the interrupt return reading back the same way by the system call handler that creates a new stack at the same position (this is how it determines it was an emulated syscall). Not only that but suspect the IAMR is not being restored correctly here and the correct user value on the stack gets clobbered. Better option might be to have per-thread data that sets an emulated syscall required flag and saves certain things like iamr. Or possibly just bite the bullet and create new entry points for syscall emulation. --- arch/powerpc/kernel/interrupt.c | 35 ++++++++++++++++++++---------- arch/powerpc/kernel/interrupt_64.S | 10 --------- arch/powerpc/lib/sstep.c | 9 +++++--- 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/arch/powerpc/kernel/interrupt.c b/arch/powerpc/kernel/interrupt.c index 7cd6ce3ec423..e73ad5842cb0 100644 --- a/arch/powerpc/kernel/interrupt.c +++ b/arch/powerpc/kernel/interrupt.c @@ -81,10 +81,31 @@ notrace long system_call_exception(long r3, long r4, long r5, { syscall_fn f; - kuap_lock(); - regs->orig_gpr3 = r3; + if (IS_ENABLED(CONFIG_PPC64) && + unlikely(arch_irq_disabled_regs(regs))) { + irq_soft_mask_regs_set_state(regs, IRQS_ENABLED); + /* + * The first stack frame entry will have IRQS_ENABLED except + * in the case of syscall emulation, where the syscall entry + * code is returned-to with MSR[EE] disabled, which requires + * regs->softe is IRQS_DISABLED to avoid triggering the + * interrupt return code warning for returning to local irqs + * enabled but MSR[EE]=0. Not a big deal to re-set it here. + */ +#ifdef CONFIG_PPC_BOOK3S_64 + set_kuap(AMR_KUAP_BLOCKED); +#endif + if (trap_is_scv(regs)) + local_paca->irq_happened |= PACA_IRQ_HARD_DIS; + /* XXX: pkey save? Did we save the wrong values in stack + * from userspace now? */ + goto skip_user_entry; + } + + kuap_lock(); + if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG)) BUG_ON(irq_soft_mask_return() != IRQS_ALL_DISABLED); @@ -95,7 +116,6 @@ notrace long system_call_exception(long r3, long r4, long r5, BUG_ON(regs_is_unrecoverable(regs)); BUG_ON(!(regs->msr & MSR_PR)); - BUG_ON(arch_irq_disabled_regs(regs)); #ifdef CONFIG_PPC_PKEY if (mmu_has_feature(MMU_FTR_PKEY)) { @@ -129,14 +149,7 @@ notrace long system_call_exception(long r3, long r4, long r5, account_stolen_time(); - /* - * This is not required for the syscall exit path, but makes the - * stack frame look nicer. If this was initialised in the first stack - * frame, or if the unwinder was taught the first stack frame always - * returns to user with IRQS_ENABLED, this store could be avoided! - */ - irq_soft_mask_regs_set_state(regs, IRQS_ENABLED); - +skip_user_entry: /* * If system call is called with TM active, set _TIF_RESTOREALL to * prevent RFSCV being used to return to userspace, because POWER9 diff --git a/arch/powerpc/kernel/interrupt_64.S b/arch/powerpc/kernel/interrupt_64.S index 7bab2d7de372..6471034c7909 100644 --- a/arch/powerpc/kernel/interrupt_64.S +++ b/arch/powerpc/kernel/interrupt_64.S @@ -219,16 +219,6 @@ system_call_vectored common 0x3000 */ system_call_vectored sigill 0x7ff0 - -/* - * Entered via kernel return set up by kernel/sstep.c, must match entry regs - */ - .globl system_call_vectored_emulate -system_call_vectored_emulate: -_ASM_NOKPROBE_SYMBOL(system_call_vectored_emulate) - li r10,IRQS_ALL_DISABLED - stb r10,PACAIRQSOFTMASK(r13) - b system_call_vectored_common #endif /* CONFIG_PPC_BOOK3S */ .balign IFETCH_ALIGN_BYTES diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c index a94b0cd0bdc5..62d3fd925dde 100644 --- a/arch/powerpc/lib/sstep.c +++ b/arch/powerpc/lib/sstep.c @@ -16,7 +16,7 @@ #include extern char system_call_common[]; -extern char system_call_vectored_emulate[]; +extern char system_call_vectored_common[]; #ifdef CONFIG_PPC64 /* Bits in SRR1 that are copied from MSR */ @@ -3667,6 +3667,8 @@ int emulate_step(struct pt_regs *regs, ppc_inst_t instr) regs->gpr[11] = regs->nip + 4; regs->gpr[12] = regs->msr & MSR_MASK; regs->gpr[13] = (unsigned long) get_paca(); + // Return code needs regs->softe to match regs->msr & MSR_EE + regs->softe = IRQS_ALL_DISABLED; regs_set_return_ip(regs, (unsigned long) &system_call_common); regs_set_return_msr(regs, MSR_KERNEL); return 1; @@ -3674,11 +3676,12 @@ int emulate_step(struct pt_regs *regs, ppc_inst_t instr) #ifdef CONFIG_PPC_BOOK3S_64 case SYSCALL_VECTORED_0: /* scv 0 */ regs->gpr[9] = regs->gpr[13]; - regs->gpr[10] = MSR_KERNEL; regs->gpr[11] = regs->nip + 4; regs->gpr[12] = regs->msr & MSR_MASK; regs->gpr[13] = (unsigned long) get_paca(); - regs_set_return_ip(regs, (unsigned long) &system_call_vectored_emulate); + // Return code needs regs->softe to match regs->msr & MSR_EE + regs->softe = IRQS_ALL_DISABLED; + regs_set_return_ip(regs, (unsigned long) &system_call_vectored_common); regs_set_return_msr(regs, MSR_KERNEL); return 1; #endif From patchwork Mon Jan 17 14:24:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1580799 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=ZVJkIVvI; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JcvM54zjFz9s9c for ; Tue, 18 Jan 2022 01:25:21 +1100 (AEDT) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4JcvM53qv7z3bbT for ; Tue, 18 Jan 2022 01:25:21 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=ZVJkIVvI; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::62f; helo=mail-pl1-x62f.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=ZVJkIVvI; dkim-atps=neutral Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4JcvL922Xjz2yNC for ; Tue, 18 Jan 2022 01:24:33 +1100 (AEDT) Received: by mail-pl1-x62f.google.com with SMTP id f13so11133372plg.0 for ; Mon, 17 Jan 2022 06:24:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QRHifGif16JCCn49dyCq0MN5RzFNhrY4jExwm5tX9WA=; b=ZVJkIVvIPoUp8LobQC5cwKovXemN7W7J94T9aNdkZx811kiaEkaMGPaGRTEk0+4OD7 bKtHEkQiC/kMdiJCy6xG5fknQPTByoE3XgqcaeypMaKsDpgpbbEpfud+SsRrxzUDtnoK e6o6xE9tqOqNKjEVl8T9cdyfe4TG1ULsLPjMw4o0CcaERQ45AFO8U3yN8iKJdaKJ9cy/ ZtlAW7BOnjyrc8Z9jNPeOCkyBPDeE/tUQX/Nkd/CD9OiXCwx73ycgFSiW6v+nIrb4xjH 45pVGYVOZhkWeUqOAMfvckT2l0Kj5MBxE5SIl7FO7eAeFUxvEM/8SV8uPKO8CyRvAst3 NrtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QRHifGif16JCCn49dyCq0MN5RzFNhrY4jExwm5tX9WA=; b=YzuiAPo5oH89EKmigqCv8JRRYIcBncacVKeWPQIrydA8TYKaNwpTzVMEz7eaAOI30Z WnNBVPpBwfK0yff5A+BdTCsbZJ2b/af1/0i9qf8Q0fdTkBE4ooJUMG9cFV0dHbm4Q1Q+ bzOFTzFlLSd9hgSvZGgPYPHPuQNqtWVYlQIRMP8ptGXeMdWKHHD7+6kR7rgpz5LvO/kW D8fwNNHElYtMgPX2ZaPfpW+ZFx9LGf/n3ZiP7TAaX1bSe9gvtxr3XXa44ME2+cUKoGZE 3OiN2lwQ4iQjf7air03o9/F7RvuPjiCTg8jricTxLjd5iXM0o7oMSgHdBmpPtXcE30YT wT7w== X-Gm-Message-State: AOAM531pQlYzczpJ9MTGKCH/f3vXkl1rvY8JpDVNm0lXuEjYA/dJPvfv r3LkvS1ic318uORW46QnkiqZ32l/2pM= X-Google-Smtp-Source: ABdhPJynQnv3DvgIBTWaO4IJOIg4SRbHW1xyDao7+njE3LxWMDDbYsEpIBU4Pq4Zw5dSH63dziYohQ== X-Received: by 2002:a17:90b:3504:: with SMTP id ls4mr10528896pjb.132.1642429470922; Mon, 17 Jan 2022 06:24:30 -0800 (PST) Received: from bobo.ozlabs.ibm.com (124-171-74-95.tpgi.com.au. [124.171.74.95]) by smtp.gmail.com with ESMTPSA id ga1sm7086325pjb.24.2022.01.17.06.24.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jan 2022 06:24:30 -0800 (PST) From: Nicholas Piggin To: linuxppc-dev@lists.ozlabs.org Subject: [RFC PATCH 2/3] powerpc/64s: Emulate scv syscalls if facility unavailable and PR KVM is possible Date: Tue, 18 Jan 2022 00:24:22 +1000 Message-Id: <20220117142423.3038570-2-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20220117142423.3038570-1-npiggin@gmail.com> References: <20220117142423.3038570-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9dric_Le_Goater?= , Nicholas Piggin Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" The SCV facility will be disabled at runtime in the host by PR KVM by the next change, emulate it in the facility unavailable handler. Signed-off-by: Nicholas Piggin --- arch/powerpc/kernel/traps.c | 45 +++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 11741703d26e..6e4eaa6bf58d 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -58,6 +58,7 @@ #include #include #include +#include #include #include #include @@ -1778,6 +1779,49 @@ DEFINE_INTERRUPT_HANDLER(facility_unavailable_exception) return; } + if (status == FSCR_SCV_LG) { + u32 lev; + ppc_inst_t instr; + + /* If we didn't advertise the feature to userspace, SIGILL */ + if (!(cur_cpu_spec->cpu_user_features2 & PPC_FEATURE2_SCV)) + goto out_msg; + + /* + * PR KVM disables the FSCR[SCV] facility even if the rest of + * the kernel and userspace thought SCV was enabled. THis + * causes scv instructions executed by both the host and the + * guest to come here, in their respective kernels. + * + * If radix is enabled then PR KVM can not be in use and can + * not be our hypervisor, so treat this as a normal illegal + * instruction. If we are hash guest or host, we might need + * to emulate a legitimate scv interrupt here. + */ + if (radix_enabled()) + goto out_msg; + + /* + * User is making SCV call with SCV disabled. Emulate it. + */ + if (get_user_instr(instr, (void __user *)regs->nip)) { + pr_err("Failed to fetch the user instruction\n"); + return; + } + + instword = ppc_inst_val(instr); + if (WARN_ON_ONCE((instword & 0xfffff01f) != 0x44000001)) + goto out; + + lev = (instword >> 5) & 0x7f; + if (lev == 0) { + if (emulate_step(regs, instr) > 0) + return; + else + pr_err_ratelimited("Failed to emulate SCV\n"); + } + } + if (status == FSCR_TM_LG) { /* * If we're here then the hardware is TM aware because it @@ -1799,6 +1843,7 @@ DEFINE_INTERRUPT_HANDLER(facility_unavailable_exception) return; } +out_msg: pr_err_ratelimited("%sFacility '%s' unavailable (%d), exception at 0x%lx, MSR=%lx\n", hv ? "Hypervisor " : "", facility, status, regs->nip, regs->msr); From patchwork Mon Jan 17 14:24:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicholas Piggin X-Patchwork-Id: 1580801 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=eC+zw/s9; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JcvMq2j4cz9t56 for ; Tue, 18 Jan 2022 01:25:59 +1100 (AEDT) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4JcvMp12Dgz30M9 for ; Tue, 18 Jan 2022 01:25:58 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=eC+zw/s9; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::536; helo=mail-pg1-x536.google.com; envelope-from=npiggin@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=eC+zw/s9; dkim-atps=neutral Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4JcvLF2Qm1z30KW for ; Tue, 18 Jan 2022 01:24:37 +1100 (AEDT) Received: by mail-pg1-x536.google.com with SMTP id 8so11017410pgc.10 for ; Mon, 17 Jan 2022 06:24:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JQsgfs5w/k3SeQSpNOnvXICVwIbKtUGAhPYtHv9h4Uk=; b=eC+zw/s9kL+MX7EUMrS2nnjQ5+YbKSBfBE22uXTvYg653zDavSxeIpyLi3lBP++62d ZEzeKH9eKYUgiQZd8ro4trdjx8cJjwSbBdn0jI0hr5XFQzMbQg5Oo8UXsn42Xx5lJh+q NlCrdivJ0xby5/AMTjf6b9FwJORxRWJmZUnwXg2offcQKII4ppCWW0mkpvLVCp7d5sfI J3bBsKyVc7Jg0eVuRRMLrS7ephE3t42J4Ubx4QMs5cWGMrYS06/virlk6KKtZdQUZKcI 23QSUl+gTb6ZtphSRnC4Cpklsy8Zup45aWeWdDIL4bU2RBiGJSXuZlT6AkT9h++DLUn1 KyHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JQsgfs5w/k3SeQSpNOnvXICVwIbKtUGAhPYtHv9h4Uk=; b=1cH1cGwfmdo6JV3byNvuhnJFjkbWleDDi58H9UhTrxP6wrZhYIpieNaRdT8x5GAi5p 0gV1kofgnczuQtiE78Tth4fWK6ADu+ylNkvaoKNh4ZMGWZXQQ9uUpS5xp4ljqlCTZUGv F4WOpHImWAulaCduu+UvwL5kJ5tpwFWjsJGFq70Bnl2JdUKP8VFd4j4w/XQmoSE7DFRg XIxl6o3I/GKYgqxGLAyiZLLWd+jud1STgo40XBB2F2iTRiNr/4PI39NIrenm41QxbDVw WkIM32sSBh3HXP/TeAQ4djU5Zy89yVXUZG5IndXTOqzdz7HLEqkRIzmYWRlK38XhdXvV Qt9Q== X-Gm-Message-State: AOAM531ZlcsPzezffCejEdDgoblha3Qx0PaOBoaaaMi8UyDzfYrCjUPH /ofR1GXm4iHRdkG6hQ1fdw1Wn/HpGSE= X-Google-Smtp-Source: ABdhPJwuo/rleqA/Az9dszlKGLw7ytMaEvlkwG4ecTYO6dHWjJ8rCYMKc4ZLelFylbBkz8lugLlYDw== X-Received: by 2002:a63:587:: with SMTP id 129mr11976298pgf.378.1642429475106; Mon, 17 Jan 2022 06:24:35 -0800 (PST) Received: from bobo.ozlabs.ibm.com (124-171-74-95.tpgi.com.au. [124.171.74.95]) by smtp.gmail.com with ESMTPSA id ga1sm7086325pjb.24.2022.01.17.06.24.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jan 2022 06:24:34 -0800 (PST) From: Nicholas Piggin To: linuxppc-dev@lists.ozlabs.org Subject: [RFC PATCH 3/3] KVM: PPC: Book3S PR: Disable SCV when running AIL is disabled Date: Tue, 18 Jan 2022 00:24:23 +1000 Message-Id: <20220117142423.3038570-3-npiggin@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20220117142423.3038570-1-npiggin@gmail.com> References: <20220117142423.3038570-1-npiggin@gmail.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9dric_Le_Goater?= , Nicholas Piggin Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" PR KVM does not support running with AIL enabled, and SCV does is not supported with AIL disabled. When PR KVM disables AIL on a system that has SCV enabled, the guest can crash the host if it executes scv, or the host can crash itself if another CPU executes scv while AIL is disabled (e.g., in the pseries case). Fix this by disabling the SCV facility when PR KVM disables AIL. The facility unavailable handler will emulate it. Alternatives considered and rejected: - SCV support can not be disabled by PR KVM after boot, because it is advertised to userspace with HWCAP. - AIL can not be disabled on a per-CPU basis. At least when running on pseries it is a per-LPAR setting. - Support for real-mode SCV vectors will not be added because they are at 0x17000 so making such a large fixed head space causes immediate value limits to be exceeded, requiring a lot rework and more code. - Disabling SCV for any PR KVM possible kernel will cause a slowdown when not using PR KVM. - A boot time option to disable SCV to use PR KVM is user-hostile. --- This is not well tested at the moment, and PR KVM would need to emulate scv for the guest for a complete implementation. At least it should prevent host crashes. arch/powerpc/kernel/exceptions-64s.S | 5 +++ arch/powerpc/kvm/book3s_hv_p9_entry.c | 14 ++++++-- arch/powerpc/kvm/book3s_pr.c | 52 ++++++++++++++++++++++----- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S index 55caeee37c08..9985d061f9bf 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -809,6 +809,11 @@ __start_interrupts: * - MSR_EE|MSR_RI is clear (no reentrant exceptions) * - Standard kernel environment is set up (stack, paca, etc) * + * KVM: + * These interrupts do not elevate HV 0->1, so HV is not involved. PR disables + * the FSCR[SCV] facility before running the guest so scv becomes a program + * interrupt and where it can be emulated by the OS. + * * Call convention: * * syscall register convention is in Documentation/powerpc/syscall64-abi.rst diff --git a/arch/powerpc/kvm/book3s_hv_p9_entry.c b/arch/powerpc/kvm/book3s_hv_p9_entry.c index a28e5b3daabd..611dd34cf708 100644 --- a/arch/powerpc/kvm/book3s_hv_p9_entry.c +++ b/arch/powerpc/kvm/book3s_hv_p9_entry.c @@ -373,6 +373,12 @@ void save_p9_host_os_sprs(struct p9_host_os_sprs *host_os_sprs) } EXPORT_SYMBOL_GPL(save_p9_host_os_sprs); +#ifdef CONFIG_KVM_BOOK3S_PR_POSSIBLE +bool pr_kvm_disabled_reloc_exc(void); +#else +static inline bool pr_kvm_disabled_reloc_exc(void) { return false; } +#endif + /* vcpu guest regs must already be saved */ void restore_p9_host_os_sprs(struct kvm_vcpu *vcpu, struct p9_host_os_sprs *host_os_sprs) @@ -395,8 +401,12 @@ void restore_p9_host_os_sprs(struct kvm_vcpu *vcpu, mtspr(SPRN_UAMOR, 0); if (host_os_sprs->amr != vcpu->arch.amr) mtspr(SPRN_AMR, host_os_sprs->amr); - if (current->thread.fscr != vcpu->arch.fscr) - mtspr(SPRN_FSCR, current->thread.fscr); + if (current->thread.fscr != vcpu->arch.fscr) { + if (pr_kvm_disabled_reloc_exc()) + mtspr(SPRN_FSCR, current->thread.fscr & ~FSCR_SCV); + else + mtspr(SPRN_FSCR, current->thread.fscr); + } if (current->thread.dscr != vcpu->arch.dscr) mtspr(SPRN_DSCR, current->thread.dscr); if (vcpu->arch.pspb != 0) diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c index 6bc9425acb32..d608afb3376b 100644 --- a/arch/powerpc/kvm/book3s_pr.c +++ b/arch/powerpc/kvm/book3s_pr.c @@ -140,9 +140,12 @@ static void kvmppc_core_vcpu_load_pr(struct kvm_vcpu *vcpu, int cpu) #endif /* Disable AIL if supported */ - if (cpu_has_feature(CPU_FTR_HVMODE) && - cpu_has_feature(CPU_FTR_ARCH_207S)) - mtspr(SPRN_LPCR, mfspr(SPRN_LPCR) & ~LPCR_AIL); + if (cpu_has_feature(CPU_FTR_HVMODE)) { + if (cpu_has_feature(CPU_FTR_ARCH_207S)) + mtspr(SPRN_LPCR, mfspr(SPRN_LPCR) & ~LPCR_AIL); + if (cpu_has_feature(CPU_FTR_ARCH_300) && (current->thread.fscr & FSCR_SCV)) + mtspr(SPRN_FSCR, mfspr(SPRN_FSCR) & ~FSCR_SCV); + } vcpu->cpu = smp_processor_id(); #ifdef CONFIG_PPC_BOOK3S_32 @@ -175,9 +178,12 @@ static void kvmppc_core_vcpu_put_pr(struct kvm_vcpu *vcpu) kvmppc_save_tm_pr(vcpu); /* Enable AIL if supported */ - if (cpu_has_feature(CPU_FTR_HVMODE) && - cpu_has_feature(CPU_FTR_ARCH_207S)) - mtspr(SPRN_LPCR, mfspr(SPRN_LPCR) | LPCR_AIL_3); + if (cpu_has_feature(CPU_FTR_HVMODE)) { + if (cpu_has_feature(CPU_FTR_ARCH_207S)) + mtspr(SPRN_LPCR, mfspr(SPRN_LPCR) | LPCR_AIL_3); + if (cpu_has_feature(CPU_FTR_ARCH_300) && (current->thread.fscr & FSCR_SCV)) + mtspr(SPRN_FSCR, mfspr(SPRN_FSCR) | FSCR_SCV); + } vcpu->cpu = -1; } @@ -1037,6 +1043,8 @@ static int kvmppc_handle_fac(struct kvm_vcpu *vcpu, ulong fac) void kvmppc_set_fscr(struct kvm_vcpu *vcpu, u64 fscr) { + if (fscr & FSCR_SCV) + fscr &= ~FSCR_SCV; /* SCV must not be enabled */ if ((vcpu->arch.fscr & FSCR_TAR) && !(fscr & FSCR_TAR)) { /* TAR got dropped, drop it in shadow too */ kvmppc_giveup_fac(vcpu, FSCR_TAR_LG); @@ -1990,6 +1998,21 @@ static int kvm_vm_ioctl_get_smmu_info_pr(struct kvm *kvm, static unsigned int kvm_global_user_count = 0; static DEFINE_SPINLOCK(kvm_global_user_count_lock); +bool pr_kvm_disabled_reloc_exc(void) +{ + return kvm_global_user_count != 0; +} + +static void disable_scv(void *dummy) +{ + mtspr(SPRN_FSCR, mfspr(SPRN_FSCR) & ~FSCR_SCV); +} + +static void enable_scv(void *dummy) +{ + mtspr(SPRN_FSCR, mfspr(SPRN_FSCR) | FSCR_SCV); +} + static int kvmppc_core_init_vm_pr(struct kvm *kvm) { mutex_init(&kvm->arch.hpt_mutex); @@ -2001,8 +2024,17 @@ static int kvmppc_core_init_vm_pr(struct kvm *kvm) if (firmware_has_feature(FW_FEATURE_SET_MODE)) { spin_lock(&kvm_global_user_count_lock); - if (++kvm_global_user_count == 1) + if (++kvm_global_user_count == 1) { + /* + * FSCR isn't context switched except for KVM HV + * entry/exit, so only have to care to keep that + * part up to date. + */ + if (cpu_has_feature(CPU_FTR_ARCH_300) && (current->thread.fscr & FSCR_SCV)) + smp_call_function(disable_scv, NULL, 0); + /* SCV must be disabled first */ pseries_disable_reloc_on_exc(); + } spin_unlock(&kvm_global_user_count_lock); } return 0; @@ -2017,8 +2049,12 @@ static void kvmppc_core_destroy_vm_pr(struct kvm *kvm) if (firmware_has_feature(FW_FEATURE_SET_MODE)) { spin_lock(&kvm_global_user_count_lock); BUG_ON(kvm_global_user_count == 0); - if (--kvm_global_user_count == 0) + if (--kvm_global_user_count == 0) { pseries_enable_reloc_on_exc(); + /* reloc must be enabled irst */ + if (cpu_has_feature(CPU_FTR_ARCH_300) && (current->thread.fscr & FSCR_SCV)) + smp_call_function(enable_scv, NULL, 0); + } spin_unlock(&kvm_global_user_count_lock); } }