Re: [PATCH v3 16/32] KVM: arm64: Elevate hypervisor mappings creation at EL2

From: Quentin Perret
Date: Fri Mar 05 2021 - 04:15:50 EST

Next message: Robert Foss: "Re: [PATCH v4 1/2] dt-bindings: display: bridge: Add Chipone ICN6211 bindings"
Previous message: David Laight: "RE: A note on the 5.12-rc1 tag"
In reply to: Will Deacon: "Re: [PATCH v3 16/32] KVM: arm64: Elevate hypervisor mappings creation at EL2"
Next in thread: Quentin Perret: "[PATCH v3 13/32] KVM: arm64: Enable access to sanitized CPU features at EL2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 04 Mar 2021 at 19:25:41 (+0000), Will Deacon wrote:
> > +static int do_pkvm_init(u32 hyp_va_bits)
> > +{
> > + void *per_cpu_base = kvm_ksym_ref(kvm_arm_hyp_percpu_base);
> > + int ret;
> > +
> > + preempt_disable();
> > + hyp_install_host_vector();
>
> It's a shame we need this both here _and_ on the reinit path, but it looks
> like it's necessary.

Right and I want this before the KVM vectors are installed on secondary
CPUs, to make sure they get the new pgtable from the start. Otherwise
I'd need to do the same dance on all of them to go a switch TTBR0_EL2
and such.

> > + ret = kvm_call_hyp_nvhe(__pkvm_init, hyp_mem_base, hyp_mem_size,
> > + num_possible_cpus(), kern_hyp_va(per_cpu_base),
> > + hyp_va_bits);
> > + preempt_enable();
> > +
> > + return ret;
> > +}
>
> [...]
>
> > /**
> > * Inits Hyp-mode on all online CPUs
> > */
> > static int init_hyp_mode(void)
> > {
> > + u32 hyp_va_bits;
> > int cpu;
> > - int err = 0;
> > + int err = -ENOMEM;
> > +
> > + /*
> > + * The protected Hyp-mode cannot be initialized if the memory pool
> > + * allocation has failed.
> > + */
> > + if (is_protected_kvm_enabled() && !hyp_mem_base)
> > + return err;
>
> This skips the error message you get on the out_err path.

Ack, I'll fix.

> > diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> > index 4d41d7838d53..9d331bf262d2 100644
> > --- a/arch/arm64/kvm/mmu.c
> > +++ b/arch/arm64/kvm/mmu.c
> > @@ -221,15 +221,39 @@ void free_hyp_pgds(void)
> > if (hyp_pgtable) {
> > kvm_pgtable_hyp_destroy(hyp_pgtable);
> > kfree(hyp_pgtable);
> > + hyp_pgtable = NULL;
> > }
> > mutex_unlock(&kvm_hyp_pgd_mutex);
> > }
> >
> > +static bool kvm_host_owns_hyp_mappings(void)
> > +{
> > + if (static_branch_likely(&kvm_protected_mode_initialized))
> > + return false;
> > +
> > + /*
> > + * This can happen at boot time when __create_hyp_mappings() is called
> > + * after the hyp protection has been enabled, but the static key has
> > + * not been flipped yet.
> > + */
> > + if (!hyp_pgtable && is_protected_kvm_enabled())
> > + return false;
> > +
> > + WARN_ON(!hyp_pgtable);
> > +
> > + return true;
>
> return !(WARN_ON(!hyp_pgtable) && is_protected_kvm_enabled());

Wouldn't this WARN when I have !hyp_pgtable && is_protected_kvm_enabled()
but the static key is still off (which can happen, sadly, as per the
comment above)?

Thanks,
Quentin

Next message: Robert Foss: "Re: [PATCH v4 1/2] dt-bindings: display: bridge: Add Chipone ICN6211 bindings"
Previous message: David Laight: "RE: A note on the 5.12-rc1 tag"
In reply to: Will Deacon: "Re: [PATCH v3 16/32] KVM: arm64: Elevate hypervisor mappings creation at EL2"
Next in thread: Quentin Perret: "[PATCH v3 13/32] KVM: arm64: Enable access to sanitized CPU features at EL2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]