On 10/06/2019 17:24, James Morse wrote: > SError that occur during world-switch's entry to the guest will be > accounted to the guest, as the exception is masked until we enter the > guest... but we want to attribute the SError as precisely as possible. > > Reading DISR_EL1 before guest entry requires free registers, and using > ESB+DISR_EL1 to consume and read back the ESR would leave KVM holding > a host SError... We would rather leave the SError pending and let the > host take it once we exit world-switch. To do this, we need to defer > guest-entry if an SError is pending. > > Read the ISR to see if SError (or an IRQ) is pending. If so fake an > exit. Place this check between __guest_enter()'s save of the host > registers, and restore of the guest's. SError that occur between > here and the ERET into the guest must have affected the guest's > registers, which we can naturally attribute to the guest. > > The DSB is needed to ensure any previous writes have been done before > we read ISR_EL1. On systems without the v8.2 RAS extensions this > doesn't give us anything as we can't contain errors, and the ESR bits > to describe the severity are all implementation-defined. Replace > this with a nop for these systems. > > Signed-off-by: James Morse <james.morse@xxxxxxx> > --- > Changes since v1: > * Squashed later dsb/nop patch in here > > arch/arm64/kvm/hyp/entry.S | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S > index 7863ec5266e2..a5a4254314a1 100644 > --- a/arch/arm64/kvm/hyp/entry.S > +++ b/arch/arm64/kvm/hyp/entry.S > @@ -17,6 +17,7 @@ > > #include <linux/linkage.h> > > +#include <asm/alternative.h> > #include <asm/asm-offsets.h> > #include <asm/assembler.h> > #include <asm/fpsimdmacros.h> > @@ -63,6 +64,19 @@ ENTRY(__guest_enter) > // Store the host regs > save_callee_saved_regs x1 > > + // Now the host state is stored if we have a pending RAS SError it must > + // affect the host. If any asyncronous exception is pending we defer nit: asynchronous > + // the guest entry. The DSB isn't necessary before v8.2 as any SError > + // would be fatal. > +alternative_if ARM64_HAS_RAS_EXTN > + dsb nshst > +alternative_else_nop_endif > + mrs x1, isr_el1 I guess this suffers from the same issue as in your other patch (the MSR can complete before the completion of the DSB). > + cbz x1, 1f > + mov x0, #ARM_EXCEPTION_IRQ > + ret > + > +1: > add x18, x0, #VCPU_CONTEXT > > // Macro ptrauth_switch_to_guest format: > Thanks, M. -- Jazz is not dead. It just smells funny... _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
