Hi Marc, Christoffer, On 10/12/2018 10:46, Marc Zyngier wrote: > On 10/12/2018 10:19, Christoffer Dall wrote: >> On Thu, Dec 06, 2018 at 05:31:25PM +0000, Marc Zyngier wrote: >>> In order to avoid TLB corruption whilst invalidating TLBs on CPUs >>> affected by erratum 1165522, we need to prevent S1 page tables >>> from being usable. >>> >>> For this, we set the EL1 S1 MMU on, and also disable the page table >>> walker (by setting the TCR_EL1.EPD* bits to 1). >>> >>> This ensures that once we switch to the EL1/EL0 translation regime, >>> speculated AT instructions won't be able to parse the page tables. >>> @@ -64,11 +93,18 @@ static void __hyp_text __tlb_switch_to_host_vhe(struct kvm *kvm, >>> write_sysreg(0, vttbr_el2); >>> write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2); >>> isb(); >>> - local_irq_restore(flags); >>> + >>> + if (cpus_have_const_cap(ARM64_WORKAROUND_1165522)) { >>> + /* Restore the guest's registers to what they were */ >> >> host's ? > > Hum... Yes, silly thinko. I thought these were the guests registers because they are EL1 registers and this is a VHE-only path. 'interrupted guest' was how I read this. This stuff can get called if memory is allocated for guest-A while a vcpu is loaded, and reclaims memory from guest-B causing an mmu-notifier call for stage2. This is why we have to put guest-A's registers back as we weren't pre-empted, and we expect EL1 to be untouched. I agree they could belong to no-guest if a vcpu isn't loaded at all... is host the term used here? Thanks, James