2019-06-03 07:44:50 +02:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
2012-12-10 16:40:41 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2012,2013 - ARM Ltd
|
|
|
|
* Author: Marc Zyngier <marc.zyngier@arm.com>
|
|
|
|
*
|
|
|
|
* Derived from arch/arm/kvm/handle_exit.c:
|
|
|
|
* Copyright (C) 2012 - Virtual Open Systems and Columbia University
|
|
|
|
* Author: Christoffer Dall <c.dall@virtualopensystems.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/kvm.h>
|
|
|
|
#include <linux/kvm_host.h>
|
2014-11-24 13:59:30 +00:00
|
|
|
|
|
|
|
#include <asm/esr.h>
|
KVM: arm64: Handle RAS SErrors from EL2 on guest exit
We expect to have firmware-first handling of RAS SErrors, with errors
notified via an APEI method. For systems without firmware-first, add
some minimal handling to KVM.
There are two ways KVM can take an SError due to a guest, either may be a
RAS error: we exit the guest due to an SError routed to EL2 by HCR_EL2.AMO,
or we take an SError from EL2 when we unmask PSTATE.A from __guest_exit.
The current SError from EL2 code unmasks SError and tries to fence any
pending SError into a single instruction window. It then leaves SError
unmasked.
With the v8.2 RAS Extensions we may take an SError for a 'corrected'
error, but KVM is only able to handle SError from EL2 if they occur
during this single instruction window...
The RAS Extensions give us a new instruction to synchronise and
consume SErrors. The RAS Extensions document (ARM DDI0587),
'2.4.1 ESB and Unrecoverable errors' describes ESB as synchronising
SError interrupts generated by 'instructions, translation table walks,
hardware updates to the translation tables, and instruction fetches on
the same PE'. This makes ESB equivalent to KVMs existing
'dsb, mrs-daifclr, isb' sequence.
Use the alternatives to synchronise and consume any SError using ESB
instead of unmasking and taking the SError. Set ARM_EXIT_WITH_SERROR_BIT
in the exit_code so that we can restart the vcpu if it turns out this
SError has no impact on the vcpu.
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-01-15 19:39:05 +00:00
|
|
|
#include <asm/exception.h>
|
2015-10-25 19:57:11 +00:00
|
|
|
#include <asm/kvm_asm.h>
|
2014-11-24 13:59:30 +00:00
|
|
|
#include <asm/kvm_emulate.h>
|
2012-12-10 16:40:41 +00:00
|
|
|
#include <asm/kvm_mmu.h>
|
2017-11-23 12:11:33 +00:00
|
|
|
#include <asm/debug-monitors.h>
|
2022-07-26 00:37:44 -07:00
|
|
|
#include <asm/stacktrace/nvhe.h>
|
2018-01-15 19:39:04 +00:00
|
|
|
#include <asm/traps.h>
|
2012-12-10 16:40:41 +00:00
|
|
|
|
2019-10-21 16:28:15 +01:00
|
|
|
#include <kvm/arm_hypercalls.h>
|
|
|
|
|
2015-01-12 11:53:36 -05:00
|
|
|
#define CREATE_TRACE_POINTS
|
2020-05-13 11:40:34 +01:00
|
|
|
#include "trace_handle_exit.h"
|
2015-01-12 11:53:36 -05:00
|
|
|
|
2020-06-23 21:14:15 +08:00
|
|
|
typedef int (*exit_handle_fn)(struct kvm_vcpu *);
|
2012-12-10 16:40:41 +00:00
|
|
|
|
2022-04-25 12:44:43 +01:00
|
|
|
static void kvm_handle_guest_serror(struct kvm_vcpu *vcpu, u64 esr)
|
2018-01-15 19:39:04 +00:00
|
|
|
{
|
|
|
|
if (!arm64_is_ras_serror(esr) || arm64_is_fatal_ras_serror(NULL, esr))
|
|
|
|
kvm_inject_vabt(vcpu);
|
|
|
|
}
|
|
|
|
|
2020-06-23 21:14:15 +08:00
|
|
|
static int handle_hvc(struct kvm_vcpu *vcpu)
|
2012-12-10 16:40:41 +00:00
|
|
|
{
|
2014-04-29 11:24:18 +05:30
|
|
|
int ret;
|
|
|
|
|
2015-12-04 15:03:14 +03:00
|
|
|
trace_kvm_hvc_arm64(*vcpu_pc(vcpu), vcpu_get_reg(vcpu, 0),
|
2015-01-12 11:53:36 -05:00
|
|
|
kvm_vcpu_hvc_get_imm(vcpu));
|
2015-11-26 10:09:43 +00:00
|
|
|
vcpu->stat.hvc_exit_stat++;
|
2015-01-12 11:53:36 -05:00
|
|
|
|
2018-02-06 17:56:12 +00:00
|
|
|
ret = kvm_hvc_call_handler(vcpu);
|
2014-04-29 11:24:18 +05:30
|
|
|
if (ret < 0) {
|
2018-02-06 17:56:05 +00:00
|
|
|
vcpu_set_reg(vcpu, 0, ~0UL);
|
2012-12-12 18:52:05 +00:00
|
|
|
return 1;
|
2014-04-29 11:24:18 +05:30
|
|
|
}
|
2012-12-12 18:52:05 +00:00
|
|
|
|
2014-04-29 11:24:18 +05:30
|
|
|
return ret;
|
2012-12-10 16:40:41 +00:00
|
|
|
}
|
|
|
|
|
2020-06-23 21:14:15 +08:00
|
|
|
static int handle_smc(struct kvm_vcpu *vcpu)
|
2012-12-10 16:40:41 +00:00
|
|
|
{
|
2018-02-06 17:56:07 +00:00
|
|
|
/*
|
|
|
|
* "If an SMC instruction executed at Non-secure EL1 is
|
|
|
|
* trapped to EL2 because HCR_EL2.TSC is 1, the exception is a
|
|
|
|
* Trap exception, not a Secure Monitor Call exception [...]"
|
|
|
|
*
|
|
|
|
* We need to advance the PC after the trap, as it would
|
|
|
|
* otherwise return to the same address...
|
|
|
|
*/
|
2018-02-06 17:56:05 +00:00
|
|
|
vcpu_set_reg(vcpu, 0, ~0UL);
|
2020-10-14 09:29:27 +01:00
|
|
|
kvm_incr_pc(vcpu);
|
2012-12-10 16:40:41 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-11-08 13:56:21 +00:00
|
|
|
/*
|
|
|
|
* Guest access to FP/ASIMD registers are routed to this handler only
|
|
|
|
* when the system doesn't support FP/ASIMD.
|
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
static int handle_no_fpsimd(struct kvm_vcpu *vcpu)
|
2016-11-08 13:56:21 +00:00
|
|
|
{
|
|
|
|
kvm_inject_undefined(vcpu);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2012-12-10 16:40:41 +00:00
|
|
|
/**
|
2013-08-02 11:41:13 +01:00
|
|
|
* kvm_handle_wfx - handle a wait-for-interrupts or wait-for-event
|
|
|
|
* instruction executed by a guest
|
|
|
|
*
|
2012-12-10 16:40:41 +00:00
|
|
|
* @vcpu: the vcpu pointer
|
|
|
|
*
|
2022-04-19 19:27:51 +01:00
|
|
|
* WFE[T]: Yield the CPU and come back to this vcpu when the scheduler
|
2013-08-02 11:41:13 +01:00
|
|
|
* decides to.
|
2021-10-08 19:12:06 -07:00
|
|
|
* WFI: Simply call kvm_vcpu_halt(), which will halt execution of
|
2012-12-10 16:40:41 +00:00
|
|
|
* world-switches and schedule other host processes until there is an
|
|
|
|
* incoming IRQ or FIQ to the VM.
|
2022-04-19 19:27:50 +01:00
|
|
|
* WFIT: Same as WFI, with a timed wakeup implemented as a background timer
|
2022-04-19 19:27:51 +01:00
|
|
|
*
|
|
|
|
* WF{I,E}T can immediately return if the deadline has already expired.
|
2012-12-10 16:40:41 +00:00
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
static int kvm_handle_wfx(struct kvm_vcpu *vcpu)
|
2012-12-10 16:40:41 +00:00
|
|
|
{
|
2022-04-19 19:27:50 +01:00
|
|
|
u64 esr = kvm_vcpu_get_esr(vcpu);
|
|
|
|
|
|
|
|
if (esr & ESR_ELx_WFx_ISS_WFE) {
|
2015-01-12 11:53:36 -05:00
|
|
|
trace_kvm_wfx_arm64(*vcpu_pc(vcpu), true);
|
2015-11-26 10:09:43 +00:00
|
|
|
vcpu->stat.wfe_exit_stat++;
|
2015-01-12 11:53:36 -05:00
|
|
|
} else {
|
|
|
|
trace_kvm_wfx_arm64(*vcpu_pc(vcpu), false);
|
2015-11-26 10:09:43 +00:00
|
|
|
vcpu->stat.wfi_exit_stat++;
|
2015-01-12 11:53:36 -05:00
|
|
|
}
|
2013-08-02 11:41:13 +01:00
|
|
|
|
2022-04-19 19:27:51 +01:00
|
|
|
if (esr & ESR_ELx_WFx_ISS_WFxT) {
|
|
|
|
if (esr & ESR_ELx_WFx_ISS_RV) {
|
|
|
|
u64 val, now;
|
|
|
|
|
|
|
|
now = kvm_arm_timer_get_reg(vcpu, KVM_REG_ARM_TIMER_CNT);
|
|
|
|
val = vcpu_get_reg(vcpu, kvm_vcpu_sys_get_rt(vcpu));
|
|
|
|
|
|
|
|
if (now >= val)
|
|
|
|
goto out;
|
|
|
|
} else {
|
|
|
|
/* Treat WFxT as WFx if RN is invalid */
|
|
|
|
esr &= ~ESR_ELx_WFx_ISS_WFxT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (esr & ESR_ELx_WFx_ISS_WFE) {
|
|
|
|
kvm_vcpu_on_spin(vcpu, vcpu_mode_priv(vcpu));
|
|
|
|
} else {
|
|
|
|
if (esr & ESR_ELx_WFx_ISS_WFxT)
|
2022-05-28 12:38:22 +01:00
|
|
|
vcpu_set_flag(vcpu, IN_WFIT);
|
2022-04-19 19:27:51 +01:00
|
|
|
|
KVM: arm64: Move vGIC v4 handling for WFI out arch callback hook
Move the put and reload of the vGIC out of the block/unblock callbacks
and into a dedicated WFI helper. Functionally, this is nearly a nop as
the block hook is called at the very beginning of kvm_vcpu_block(), and
the only code in kvm_vcpu_block() after the unblock hook is to update the
halt-polling controls, i.e. can only affect the next WFI.
Back when the arch (un)blocking hooks were added by commits 3217f7c25bca
("KVM: Add kvm_arch_vcpu_{un}blocking callbacks) and d35268da6687
("arm/arm64: KVM: arch_timer: Only schedule soft timer on vcpu_block"),
the hooks were invoked only when KVM was about to "block", i.e. schedule
out the vCPU. The use case at the time was to schedule a timer in the
host based on the earliest timer in the guest in order to wake the
blocking vCPU when the emulated guest timer fired. Commit accb99bcd0ca
("KVM: arm/arm64: Simplify bg_timer programming") reworked the timer
logic to be even more precise, by waiting until the vCPU was actually
scheduled out, and so move the timer logic from the (un)blocking hooks to
vcpu_load/put.
In the meantime, the hooks gained usage for enabling vGIC v4 doorbells in
commit df9ba95993b9 ("KVM: arm/arm64: GICv4: Use the doorbell interrupt
as an unblocking source"), and added related logic for the VMCR in commit
5eeaf10eec39 ("KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block").
Finally, commit 07ab0f8d9a12 ("KVM: Call kvm_arch_vcpu_blocking early
into the blocking sequence") hoisted the (un)blocking hooks so that they
wrapped KVM's halt-polling logic in addition to the core "block" logic.
In other words, the original need for arch hooks to take action _only_
in the block path is long since gone.
Cc: Oliver Upton <oupton@google.com>
Cc: Marc Zyngier <maz@kernel.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20211009021236.4122790-11-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-10-08 19:12:03 -07:00
|
|
|
kvm_vcpu_wfi(vcpu);
|
2015-01-12 11:53:36 -05:00
|
|
|
}
|
2022-04-19 19:27:51 +01:00
|
|
|
out:
|
2020-10-14 09:29:27 +01:00
|
|
|
kvm_incr_pc(vcpu);
|
2014-08-26 14:33:02 +02:00
|
|
|
|
2012-12-10 16:40:41 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2015-07-07 17:29:57 +01:00
|
|
|
/**
|
|
|
|
* kvm_handle_guest_debug - handle a debug exception instruction
|
|
|
|
*
|
|
|
|
* @vcpu: the vcpu pointer
|
|
|
|
*
|
|
|
|
* We route all debug exceptions through the same handler. If both the
|
|
|
|
* guest and host are using the same debug facilities it will be up to
|
|
|
|
* userspace to re-inject the correct exception for guest delivery.
|
|
|
|
*
|
2021-08-23 22:39:40 +00:00
|
|
|
* @return: 0 (while setting vcpu->run->exit_reason)
|
2015-07-07 17:29:57 +01:00
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
static int kvm_handle_guest_debug(struct kvm_vcpu *vcpu)
|
2015-07-07 17:29:57 +01:00
|
|
|
{
|
2020-06-23 21:14:15 +08:00
|
|
|
struct kvm_run *run = vcpu->run;
|
2022-04-25 12:44:43 +01:00
|
|
|
u64 esr = kvm_vcpu_get_esr(vcpu);
|
2015-07-07 17:29:57 +01:00
|
|
|
|
|
|
|
run->exit_reason = KVM_EXIT_DEBUG;
|
2022-04-25 12:44:43 +01:00
|
|
|
run->debug.arch.hsr = lower_32_bits(esr);
|
KVM: arm64: uapi: Add kvm_debug_exit_arch.hsr_high
When userspace is debugging a VM, the kvm_debug_exit_arch part of the
kvm_run struct contains arm64 specific debug information: the ESR_EL2
value, encoded in the field "hsr", and the address of the instruction
that caused the exception, encoded in the field "far".
Linux has moved to treating ESR_EL2 as a 64-bit register, but unfortunately
kvm_debug_exit_arch.hsr cannot be changed because that would change the
memory layout of the struct on big endian machines:
Current layout: | Layout with "hsr" extended to 64 bits:
|
offset 0: ESR_EL2[31:0] (hsr) | offset 0: ESR_EL2[61:32] (hsr[61:32])
offset 4: padding | offset 4: ESR_EL2[31:0] (hsr[31:0])
offset 8: FAR_EL2[61:0] (far) | offset 8: FAR_EL2[61:0] (far)
which breaks existing code.
The padding is inserted by the compiler because the "far" field must be
aligned to 8 bytes (each field must be naturally aligned - aapcs64 [1],
page 18), and the struct itself must be aligned to 8 bytes (the struct must
be aligned to the maximum alignment of its fields - aapcs64, page 18),
which means that "hsr" must be aligned to 8 bytes as it is the first field
in the struct.
To avoid changing the struct size and layout for the existing fields, add a
new field, "hsr_high", which replaces the existing padding. "hsr_high" will
be used to hold the ESR_EL2[61:32] bits of the register. The memory layout,
both on big and little endian machine, becomes:
offset 0: ESR_EL2[31:0] (hsr)
offset 4: ESR_EL2[61:32] (hsr_high)
offset 8: FAR_EL2[61:0] (far)
The padding that the compiler inserts for the current struct layout is
unitialized. To prevent an updated userspace running on an old kernel
mistaking the padding for a valid "hsr_high" value, add a new flag,
KVM_DEBUG_ARCH_HSR_HIGH_VALID, to kvm_run->flags to let userspace know that
"hsr_high" holds a valid ESR_EL2[61:32] value.
[1] https://github.com/ARM-software/abi-aa/releases/download/2021Q3/aapcs64.pdf
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220425114444.368693-6-alexandru.elisei@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2022-04-25 12:44:44 +01:00
|
|
|
run->debug.arch.hsr_high = upper_32_bits(esr);
|
|
|
|
run->flags = KVM_DEBUG_ARCH_HSR_HIGH_VALID;
|
2015-07-07 17:29:57 +01:00
|
|
|
|
2021-08-23 22:39:40 +00:00
|
|
|
if (ESR_ELx_EC(esr) == ESR_ELx_EC_WATCHPT_LOW)
|
2015-07-07 17:30:02 +01:00
|
|
|
run->debug.arch.far = vcpu->arch.fault.far_el2;
|
2015-07-07 17:29:57 +01:00
|
|
|
|
2021-08-23 22:39:40 +00:00
|
|
|
return 0;
|
2015-07-07 17:29:57 +01:00
|
|
|
}
|
|
|
|
|
2020-06-23 21:14:15 +08:00
|
|
|
static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu)
|
2017-02-20 12:30:12 +00:00
|
|
|
{
|
2022-04-25 12:44:43 +01:00
|
|
|
u64 esr = kvm_vcpu_get_esr(vcpu);
|
2017-02-20 12:30:12 +00:00
|
|
|
|
2022-04-25 12:44:43 +01:00
|
|
|
kvm_pr_unimpl("Unknown exception class: esr: %#016llx -- %s\n",
|
2020-06-30 11:57:05 +10:00
|
|
|
esr, esr_get_class_string(esr));
|
2017-02-20 12:30:12 +00:00
|
|
|
|
|
|
|
kvm_inject_undefined(vcpu);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2021-10-25 17:32:32 +01:00
|
|
|
/*
|
|
|
|
* Guest access to SVE registers should be routed to this handler only
|
|
|
|
* when the system doesn't support SVE.
|
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
static int handle_sve(struct kvm_vcpu *vcpu)
|
2017-10-31 15:51:17 +00:00
|
|
|
{
|
|
|
|
kvm_inject_undefined(vcpu);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-12-07 18:39:22 +00:00
|
|
|
/*
|
|
|
|
* Guest usage of a ptrauth instruction (which the guest EL1 did not turn into
|
2020-06-04 11:14:00 +01:00
|
|
|
* a NOP). If we get here, it is that we didn't fixup ptrauth on exit, and all
|
|
|
|
* that we can do is give the guest an UNDEF.
|
2018-12-07 18:39:22 +00:00
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
static int kvm_handle_ptrauth(struct kvm_vcpu *vcpu)
|
2018-12-07 18:39:22 +00:00
|
|
|
{
|
2020-06-04 11:14:00 +01:00
|
|
|
kvm_inject_undefined(vcpu);
|
2018-12-07 18:39:22 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2012-12-10 16:40:41 +00:00
|
|
|
static exit_handle_fn arm_exit_handlers[] = {
|
2017-02-20 12:30:12 +00:00
|
|
|
[0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec,
|
2014-11-24 13:59:30 +00:00
|
|
|
[ESR_ELx_EC_WFx] = kvm_handle_wfx,
|
|
|
|
[ESR_ELx_EC_CP15_32] = kvm_handle_cp15_32,
|
|
|
|
[ESR_ELx_EC_CP15_64] = kvm_handle_cp15_64,
|
|
|
|
[ESR_ELx_EC_CP14_MR] = kvm_handle_cp14_32,
|
|
|
|
[ESR_ELx_EC_CP14_LS] = kvm_handle_cp14_load_store,
|
2022-05-03 06:02:02 +00:00
|
|
|
[ESR_ELx_EC_CP10_ID] = kvm_handle_cp10_id,
|
2014-11-24 13:59:30 +00:00
|
|
|
[ESR_ELx_EC_CP14_64] = kvm_handle_cp14_64,
|
|
|
|
[ESR_ELx_EC_HVC32] = handle_hvc,
|
|
|
|
[ESR_ELx_EC_SMC32] = handle_smc,
|
|
|
|
[ESR_ELx_EC_HVC64] = handle_hvc,
|
|
|
|
[ESR_ELx_EC_SMC64] = handle_smc,
|
|
|
|
[ESR_ELx_EC_SYS64] = kvm_handle_sys_reg,
|
2017-10-31 15:51:17 +00:00
|
|
|
[ESR_ELx_EC_SVE] = handle_sve,
|
2014-11-24 13:59:30 +00:00
|
|
|
[ESR_ELx_EC_IABT_LOW] = kvm_handle_guest_abort,
|
|
|
|
[ESR_ELx_EC_DABT_LOW] = kvm_handle_guest_abort,
|
2015-07-07 17:29:58 +01:00
|
|
|
[ESR_ELx_EC_SOFTSTP_LOW]= kvm_handle_guest_debug,
|
2015-07-07 17:30:02 +01:00
|
|
|
[ESR_ELx_EC_WATCHPT_LOW]= kvm_handle_guest_debug,
|
|
|
|
[ESR_ELx_EC_BREAKPT_LOW]= kvm_handle_guest_debug,
|
2015-07-07 17:29:57 +01:00
|
|
|
[ESR_ELx_EC_BKPT32] = kvm_handle_guest_debug,
|
|
|
|
[ESR_ELx_EC_BRK64] = kvm_handle_guest_debug,
|
2016-11-08 13:56:21 +00:00
|
|
|
[ESR_ELx_EC_FP_ASIMD] = handle_no_fpsimd,
|
2018-12-07 18:39:22 +00:00
|
|
|
[ESR_ELx_EC_PAC] = kvm_handle_ptrauth,
|
2012-12-10 16:40:41 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static exit_handle_fn kvm_get_exit_handler(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
2022-04-25 12:44:43 +01:00
|
|
|
u64 esr = kvm_vcpu_get_esr(vcpu);
|
2020-06-30 11:57:05 +10:00
|
|
|
u8 esr_ec = ESR_ELx_EC(esr);
|
2012-12-10 16:40:41 +00:00
|
|
|
|
2020-06-30 11:57:05 +10:00
|
|
|
return arm_exit_handlers[esr_ec];
|
2012-12-10 16:40:41 +00:00
|
|
|
}
|
|
|
|
|
2017-11-16 15:39:20 +00:00
|
|
|
/*
|
|
|
|
* We may be single-stepping an emulated instruction. If the emulation
|
|
|
|
* has been completed in the kernel, we can return to userspace with a
|
|
|
|
* KVM_EXIT_DEBUG, otherwise userspace needs to complete its
|
|
|
|
* emulation first.
|
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
static int handle_trap_exceptions(struct kvm_vcpu *vcpu)
|
2017-11-16 15:39:20 +00:00
|
|
|
{
|
|
|
|
int handled;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See ARM ARM B1.14.1: "Hyp traps on instructions
|
|
|
|
* that fail their condition code check"
|
|
|
|
*/
|
|
|
|
if (!kvm_condition_valid(vcpu)) {
|
2020-10-14 09:29:27 +01:00
|
|
|
kvm_incr_pc(vcpu);
|
2017-11-16 15:39:20 +00:00
|
|
|
handled = 1;
|
|
|
|
} else {
|
|
|
|
exit_handle_fn exit_handler;
|
|
|
|
|
|
|
|
exit_handler = kvm_get_exit_handler(vcpu);
|
2020-06-23 21:14:15 +08:00
|
|
|
handled = exit_handler(vcpu);
|
2017-11-16 15:39:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return handled;
|
|
|
|
}
|
|
|
|
|
2012-12-10 16:40:41 +00:00
|
|
|
/*
|
|
|
|
* Return > 0 to return to guest, < 0 on error, 0 (and set exit_reason) on
|
|
|
|
* proper exit to userspace.
|
|
|
|
*/
|
2020-06-23 21:14:15 +08:00
|
|
|
int handle_exit(struct kvm_vcpu *vcpu, int exception_index)
|
2012-12-10 16:40:41 +00:00
|
|
|
{
|
2020-06-23 21:14:15 +08:00
|
|
|
struct kvm_run *run = vcpu->run;
|
|
|
|
|
2022-01-27 12:20:51 +00:00
|
|
|
if (ARM_SERROR_PENDING(exception_index)) {
|
|
|
|
/*
|
|
|
|
* The SError is handled by handle_exit_early(). If the guest
|
|
|
|
* survives it will re-execute the original instruction.
|
|
|
|
*/
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-09-06 14:02:06 +01:00
|
|
|
exception_index = ARM_EXCEPTION_CODE(exception_index);
|
|
|
|
|
2012-12-10 16:40:41 +00:00
|
|
|
switch (exception_index) {
|
|
|
|
case ARM_EXCEPTION_IRQ:
|
|
|
|
return 1;
|
2016-09-06 14:02:03 +01:00
|
|
|
case ARM_EXCEPTION_EL1_SERROR:
|
2018-11-09 15:07:11 +00:00
|
|
|
return 1;
|
2012-12-10 16:40:41 +00:00
|
|
|
case ARM_EXCEPTION_TRAP:
|
2020-06-23 21:14:15 +08:00
|
|
|
return handle_trap_exceptions(vcpu);
|
2016-04-27 17:47:04 +01:00
|
|
|
case ARM_EXCEPTION_HYP_GONE:
|
|
|
|
/*
|
|
|
|
* EL2 has been reset to the hyp-stub. This happens when a guest
|
2022-03-18 11:37:19 +01:00
|
|
|
* is pre-emptied by kvm_reboot()'s shutdown call.
|
2016-04-27 17:47:04 +01:00
|
|
|
*/
|
|
|
|
run->exit_reason = KVM_EXIT_FAIL_ENTRY;
|
|
|
|
return 0;
|
2018-10-17 20:21:16 +02:00
|
|
|
case ARM_EXCEPTION_IL:
|
|
|
|
/*
|
|
|
|
* We attempted an illegal exception return. Guest state must
|
|
|
|
* have been corrupted somehow. Give up.
|
|
|
|
*/
|
|
|
|
run->exit_reason = KVM_EXIT_FAIL_ENTRY;
|
|
|
|
return -EINVAL;
|
2012-12-10 16:40:41 +00:00
|
|
|
default:
|
|
|
|
kvm_pr_unimpl("Unsupported exception type: %d",
|
|
|
|
exception_index);
|
|
|
|
run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
2018-01-15 19:39:04 +00:00
|
|
|
|
|
|
|
/* For exit types that need handling before we can be preempted */
|
2020-06-23 21:14:15 +08:00
|
|
|
void handle_exit_early(struct kvm_vcpu *vcpu, int exception_index)
|
2018-01-15 19:39:04 +00:00
|
|
|
{
|
KVM: arm64: Handle RAS SErrors from EL2 on guest exit
We expect to have firmware-first handling of RAS SErrors, with errors
notified via an APEI method. For systems without firmware-first, add
some minimal handling to KVM.
There are two ways KVM can take an SError due to a guest, either may be a
RAS error: we exit the guest due to an SError routed to EL2 by HCR_EL2.AMO,
or we take an SError from EL2 when we unmask PSTATE.A from __guest_exit.
The current SError from EL2 code unmasks SError and tries to fence any
pending SError into a single instruction window. It then leaves SError
unmasked.
With the v8.2 RAS Extensions we may take an SError for a 'corrected'
error, but KVM is only able to handle SError from EL2 if they occur
during this single instruction window...
The RAS Extensions give us a new instruction to synchronise and
consume SErrors. The RAS Extensions document (ARM DDI0587),
'2.4.1 ESB and Unrecoverable errors' describes ESB as synchronising
SError interrupts generated by 'instructions, translation table walks,
hardware updates to the translation tables, and instruction fetches on
the same PE'. This makes ESB equivalent to KVMs existing
'dsb, mrs-daifclr, isb' sequence.
Use the alternatives to synchronise and consume any SError using ESB
instead of unmasking and taking the SError. Set ARM_EXIT_WITH_SERROR_BIT
in the exit_code so that we can restart the vcpu if it turns out this
SError has no impact on the vcpu.
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-01-15 19:39:05 +00:00
|
|
|
if (ARM_SERROR_PENDING(exception_index)) {
|
|
|
|
if (this_cpu_has_cap(ARM64_HAS_RAS_EXTN)) {
|
|
|
|
u64 disr = kvm_vcpu_get_disr(vcpu);
|
|
|
|
|
|
|
|
kvm_handle_guest_serror(vcpu, disr_to_esr(disr));
|
|
|
|
} else {
|
|
|
|
kvm_inject_vabt(vcpu);
|
|
|
|
}
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-01-15 19:39:04 +00:00
|
|
|
exception_index = ARM_EXCEPTION_CODE(exception_index);
|
|
|
|
|
|
|
|
if (exception_index == ARM_EXCEPTION_EL1_SERROR)
|
2020-06-30 11:57:05 +10:00
|
|
|
kvm_handle_guest_serror(vcpu, kvm_vcpu_get_esr(vcpu));
|
2018-01-15 19:39:04 +00:00
|
|
|
}
|
2021-03-18 14:33:11 +00:00
|
|
|
|
2021-08-13 14:03:36 +01:00
|
|
|
void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr,
|
|
|
|
u64 elr_virt, u64 elr_phys,
|
2021-03-18 14:33:11 +00:00
|
|
|
u64 par, uintptr_t vcpu,
|
|
|
|
u64 far, u64 hpfar) {
|
2021-08-13 14:03:36 +01:00
|
|
|
u64 elr_in_kimg = __phys_to_kimg(elr_phys);
|
|
|
|
u64 hyp_offset = elr_in_kimg - kaslr_offset() - elr_virt;
|
2021-03-18 14:33:11 +00:00
|
|
|
u64 mode = spsr & PSR_MODE_MASK;
|
2022-04-20 14:42:57 -07:00
|
|
|
u64 panic_addr = elr_virt + hyp_offset;
|
2021-03-18 14:33:11 +00:00
|
|
|
|
|
|
|
if (mode != PSR_MODE_EL2t && mode != PSR_MODE_EL2h) {
|
|
|
|
kvm_err("Invalid host exception to nVHE hyp!\n");
|
|
|
|
} else if (ESR_ELx_EC(esr) == ESR_ELx_EC_BRK64 &&
|
|
|
|
(esr & ESR_ELx_BRK64_ISS_COMMENT_MASK) == BUG_BRK_IMM) {
|
|
|
|
const char *file = NULL;
|
|
|
|
unsigned int line = 0;
|
|
|
|
|
|
|
|
/* All hyp bugs, including warnings, are treated as fatal. */
|
2021-08-13 14:03:36 +01:00
|
|
|
if (!is_protected_kvm_enabled() ||
|
|
|
|
IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {
|
|
|
|
struct bug_entry *bug = find_bug(elr_in_kimg);
|
|
|
|
|
|
|
|
if (bug)
|
|
|
|
bug_get_file_line(bug, &file, &line);
|
|
|
|
}
|
2021-03-18 14:33:11 +00:00
|
|
|
|
|
|
|
if (file)
|
|
|
|
kvm_err("nVHE hyp BUG at: %s:%u!\n", file, line);
|
|
|
|
else
|
2022-04-20 14:42:57 -07:00
|
|
|
kvm_err("nVHE hyp BUG at: [<%016llx>] %pB!\n", panic_addr,
|
2022-07-15 16:58:24 -07:00
|
|
|
(void *)(panic_addr + kaslr_offset()));
|
2021-03-18 14:33:11 +00:00
|
|
|
} else {
|
2022-04-20 14:42:57 -07:00
|
|
|
kvm_err("nVHE hyp panic at: [<%016llx>] %pB!\n", panic_addr,
|
2022-07-15 16:58:24 -07:00
|
|
|
(void *)(panic_addr + kaslr_offset()));
|
2021-03-18 14:33:11 +00:00
|
|
|
}
|
|
|
|
|
2022-07-26 00:37:44 -07:00
|
|
|
/* Dump the nVHE hypervisor backtrace */
|
|
|
|
kvm_nvhe_dump_backtrace(hyp_offset);
|
|
|
|
|
2021-03-18 14:33:11 +00:00
|
|
|
/*
|
|
|
|
* Hyp has panicked and we're going to handle that by panicking the
|
|
|
|
* kernel. The kernel offset will be revealed in the panic so we're
|
|
|
|
* also safe to reveal the hyp offset as a debugging aid for translating
|
|
|
|
* hyp VAs to vmlinux addresses.
|
|
|
|
*/
|
|
|
|
kvm_err("Hyp Offset: 0x%llx\n", hyp_offset);
|
|
|
|
|
2022-04-25 12:44:43 +01:00
|
|
|
panic("HYP panic:\nPS:%08llx PC:%016llx ESR:%016llx\nFAR:%016llx HPFAR:%016llx PAR:%016llx\nVCPU:%016lx\n",
|
2021-08-13 14:03:36 +01:00
|
|
|
spsr, elr_virt, esr, far, hpfar, par, vcpu);
|
2021-03-18 14:33:11 +00:00
|
|
|
}
|