From patchwork Mon Nov 16 20:43:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Brazdil X-Patchwork-Id: 11910967 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 166F7C388F9 for ; Mon, 16 Nov 2020 22:29:58 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8AAD122447 for ; Mon, 16 Nov 2020 22:29:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="MXt5NYeq"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="h35rLEUq" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8AAD122447 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=qVduwdqNyV1rJKL62Pq3j5664zVP0GYjQ44YXBLVDoo=; b=MXt5NYeqfha1e93lyAhfXz6ED QwhxsPpGJJ+6hGbGbMqCAO6haXQp48EO743GuBtXldPxrYSoSshe4L3D00IXBOCYtjoXp9babODHq dUWMvK9dLzhurJHuGNpt1fHXYRMsHjNjJRV2UAfZJTYJFnhf3Iwri/ocbHv1HGH9s8Nst9IC3EkmM +o4IMEFDoWPGWeY7Cbl0aNULTrPfisFV9NRa/K28FhFklNdISlkv7xZxluo3JIuRv9vjE9sCMZStw FWNZKOP4F/Ulm5Ky54J6pCJO2EgJsox4MPkVLDR5leSxtxoDofNRZvcB7Z740SfZCXSLIqZGetZgo p2n8hj7/g==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kelRo-0002B1-Se; Mon, 16 Nov 2020 20:50:01 +0000 Received: from mail-wm1-x344.google.com ([2a00:1450:4864:20::344]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kelMF-0007up-Ls for linux-arm-kernel@lists.infradead.org; Mon, 16 Nov 2020 20:44:17 +0000 Received: by mail-wm1-x344.google.com with SMTP id 19so608704wmf.1 for ; Mon, 16 Nov 2020 12:44:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=atsDjx/TzGfxVZgd6hTk0EAv0F2OT5jr+J2cgmZ2xFY=; b=h35rLEUqBFivWJURPalCErJ0No6DR5+PK0ffG8XVdL6zUlUrYdObTEz/xhcUIbbXvN bT16OoQVKSz1vAepCnSmD13fwkILI+1lAnLYb7aVBFpGbWcDM2Q7aiqidsAFZOjRQaZg Me0EqWX07U8NpONGPrFDoZIvHZ31g16eI++TBHHLBM2kraF7Zqe7anwhiHlv3eW1u3l9 kLTMw7nFFrPSkjnJ6Y0Li30dnpw/zkH4N1CU7n7h5DWJ/k/pmQOoMJiOnliC/ltLfvBQ btiN0VcHK9tInQa6ELnxeP1Um1+hErUSvgPBa0GS7icfaYlQ3UNsD4HSaSGcFpn7avLz UDiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=atsDjx/TzGfxVZgd6hTk0EAv0F2OT5jr+J2cgmZ2xFY=; b=RCdIBttoAiRCWH2hEDDd0fFbX+052JmmekPqEWY/9gesLkrihXjjR6treoTWZDN1HS s+4xdkuKOZqdotxFH9qeVa9rdUgTiUN+Gs1PwaB+QYTXSeBoDzA7Bp6uDRSl7l5sYD1c SGEsiqACnuCS/LzDzLWUbSzVPoaSnbDsGLzweMWgHnYJBw3tBuW6FIXiQW5CodCTieZc Q5r5z1sYnH/WktpzRPiv/pIo3CJ0KXzA87BSldx8LJHldhjr02r2huAyVGbCnMke7G+A QhGe7eGgCRwfny0iUnXIwv0dKuuEEnagQpn9ksabL5GuS9uQl4r6n12XECdTowHe0Bp0 hRcA== X-Gm-Message-State: AOAM531u+d98JrnEtNlSKpxum2UDQTtk+gFqHQc/rvGGFiUFluQtVGrL SSq3dokehNo5WMz7LXzG1YBxbUZFwhkNLnYHA1k= X-Google-Smtp-Source: ABdhPJwozD4XyGSV4KXI+UXJz9WG5MB6TEAe9AMEW6YkhUBIyX0FL3Gr3dxN7wPhJJG4wCepksmk0w== X-Received: by 2002:a7b:c1ce:: with SMTP id a14mr663097wmj.169.1605559453768; Mon, 16 Nov 2020 12:44:13 -0800 (PST) Received: from localhost ([2a01:4b00:8523:2d03:bc40:bd71:373a:1b33]) by smtp.gmail.com with ESMTPSA id 90sm3958005wrl.60.2020.11.16.12.44.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Nov 2020 12:44:12 -0800 (PST) From: David Brazdil To: kvmarm@lists.cs.columbia.edu Subject: [PATCH v2 24/24] kvm: arm64: Fix EL2 mode availability checks Date: Mon, 16 Nov 2020 20:43:18 +0000 Message-Id: <20201116204318.63987-25-dbrazdil@google.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201116204318.63987-1-dbrazdil@google.com> References: <20201116204318.63987-1-dbrazdil@google.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201116_154415_895037_97C485B2 X-CRM114-Status: GOOD ( 19.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , kernel-team@android.com, Lorenzo Pieralisi , Andrew Walbran , Suzuki K Poulose , Marc Zyngier , Quentin Perret , linux-kernel@vger.kernel.org, James Morse , linux-arm-kernel@lists.infradead.org, Catalin Marinas , Tejun Heo , Dennis Zhou , Christoph Lameter , David Brazdil , Will Deacon , Julien Thierry , Andrew Scull Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With protected nVHE hyp code interception host's PSCI CPU_ON/SUSPEND SMCs, the host starts seeing new CPUs boot in EL1 instead of EL2. The kernel logic that keeps track of the boot mode needs to be adjusted. Add a static key enabled if KVM protected nVHE initialization is successful. When the key is enabled, is_hyp_mode_available continues to report `true` because its users either treat it as a check whether KVM will be / was initialized, or whether stub HVCs can be made (eg. hibernate). is_hyp_mode_mismatched is changed to report `false` when the key is enabled. That's because all cores' modes matched at the point of KVM init and KVM will not allow cores not present at init to boot. That said, the function is never used after KVM is initialized. Signed-off-by: David Brazdil --- arch/arm64/include/asm/virt.h | 18 ++++++++++++++++++ arch/arm64/kvm/arm.c | 10 +++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/virt.h b/arch/arm64/include/asm/virt.h index 2fde1186b962..f7cf3f0e5297 100644 --- a/arch/arm64/include/asm/virt.h +++ b/arch/arm64/include/asm/virt.h @@ -65,9 +65,19 @@ extern u32 __boot_cpu_mode[2]; void __hyp_set_vectors(phys_addr_t phys_vector_base); void __hyp_reset_vectors(void); +DECLARE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); + /* Reports the availability of HYP mode */ static inline bool is_hyp_mode_available(void) { + /* + * If KVM protected mode is initialized, all CPUs must have been booted + * in EL2. Avoid checking __boot_cpu_mode as CPUs now come up in EL1. + */ + if (IS_ENABLED(CONFIG_KVM) && + static_branch_likely(&kvm_protected_mode_initialized)) + return true; + return (__boot_cpu_mode[0] == BOOT_CPU_MODE_EL2 && __boot_cpu_mode[1] == BOOT_CPU_MODE_EL2); } @@ -75,6 +85,14 @@ static inline bool is_hyp_mode_available(void) /* Check if the bootloader has booted CPUs in different modes */ static inline bool is_hyp_mode_mismatched(void) { + /* + * If KVM protected mode is initialized, all CPUs must have been booted + * in EL2. Avoid checking __boot_cpu_mode as CPUs now come up in EL1. + */ + if (IS_ENABLED(CONFIG_KVM) && + static_branch_likely(&kvm_protected_mode_initialized)) + return false; + return __boot_cpu_mode[0] != __boot_cpu_mode[1]; } diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 45bc7a6b9e0b..b86d0b38f30b 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -47,6 +47,8 @@ __asm__(".arch_extension virt"); #endif +DEFINE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); + DECLARE_KVM_HYP_PER_CPU(unsigned long, kvm_hyp_vector); static DEFINE_PER_CPU(unsigned long, kvm_arm_hyp_stack_page); @@ -1837,12 +1839,14 @@ int kvm_arch_init(void *opaque) if (err) goto out_hyp; - if (is_protected_kvm_enabled()) + if (is_protected_kvm_enabled()) { + static_branch_enable(&kvm_protected_mode_initialized); kvm_info("Protected nVHE mode initialized successfully\n"); - else if (in_hyp_mode) + } else if (in_hyp_mode) { kvm_info("VHE mode initialized successfully\n"); - else + } else { kvm_info("Hyp mode initialized successfully\n"); + } return 0;