From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F262D1E535 for ; Mon, 15 Apr 2024 15:59:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713196750; cv=none; b=DAZyar4zIfXL2JzdCxfYnnIlHc5BfSnb7lg6A3JSVaPuXXBIYEi7oxpOeQU06Hv4Pf6rx74KnkRKKkHbNs3NIKmHqX/RkhQLVNLY/WGgPJI5foz7SOCba64Yvpr3UGBBVTuC2+FCJk2DCZ+BM2+Nhuq21ixFNppEP1O/SPy8BN4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713196750; c=relaxed/simple; bh=7gtI375sSAmCbiaxVNHjhd6JNklbmk3aRgBlLC6Aiwo=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=QJPwIyI1h7yqoHzT2hvOM5CXbz0465k30blIYB9wkE3FgnobmN6Gdmx67C+tg9TsrERtkVqO8ZOn4kwi4j2qGyu6svy/l1brXZeXH3kgqj3APtrTCaX0/mylk9DsHDhvg1zfccpneeGFJV1zEZo98XvoVdAnTyNjQVxtBAwY8aQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lbOSH3A+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lbOSH3A+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73ACDC113CC; Mon, 15 Apr 2024 15:59:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713196749; bh=7gtI375sSAmCbiaxVNHjhd6JNklbmk3aRgBlLC6Aiwo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=lbOSH3A+2/gv8xFX5vcnZ+PwL7iJCfVMKN16muspYlmTlEV2f+fwDj4HLzcxIIgRr kr9C07fb4jNWcOIqWRHOvDA610hFCoaj6S3jBtWAeL08jswsF5T2vEA2lhvT0ySUH1 tw0XzQm481Rhe9y7x8cMulLhGvshLpLbcMRiL8CApcprIL9HC8Y0BZ0pa/NzLaVJTy puAwWeaI1iAuUHxCFnjwERQW8dD5xaz5daAQKFyVECH//E/gCRLVeq2wpEyVzqwKvz iRQ0cJMZRZbJ98poFiI8s4D0rISfhLi7AFC5QXFCBYtwgzsbK6vcYuPm6c2h/uOdjp Bor7dT1UwTlTA== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rwOjb-004guF-7i; Mon, 15 Apr 2024 16:59:07 +0100 Date: Mon, 15 Apr 2024 16:59:06 +0100 Message-ID: <865xwisjlh.wl-maz@kernel.org> From: Marc Zyngier To: Fuad Tabba Cc: kvmarm@lists.linux.dev, will@kernel.org, qperret@google.com, seanjc@google.com, alexandru.elisei@arm.com, catalin.marinas@arm.com, philmd@linaro.org, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, mark.rutland@arm.com, broonie@kernel.org, joey.gouly@arm.com, rananta@google.com Subject: Re: [PATCH v1 07/44] KVM: arm64: Support TLB invalidation in guest context In-Reply-To: References: <20240327173531.1379685-1-tabba@google.com> <20240327173531.1379685-8-tabba@google.com> <867cgysvqq.wl-maz@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.2 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: kvmarm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: tabba@google.com, kvmarm@lists.linux.dev, will@kernel.org, qperret@google.com, seanjc@google.com, alexandru.elisei@arm.com, catalin.marinas@arm.com, philmd@linaro.org, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, mark.rutland@arm.com, broonie@kernel.org, joey.gouly@arm.com, rananta@google.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Mon, 15 Apr 2024 16:02:02 +0100, Fuad Tabba wrote: >=20 > Hi Marc, >=20 > On Mon, Apr 15, 2024 at 12:36=E2=80=AFPM Marc Zyngier wr= ote: > > > > On Wed, 27 Mar 2024 17:34:54 +0000, > > Fuad Tabba wrote: > > > > > > From: Will Deacon > > > > > > Typically, TLB invalidation of guest stage-2 mappings using nVHE is > > > performed by a hypercall originating from the host. For the invalidat= ion > > > instruction to be effective, therefore, __tlb_switch_to_{guest,host}() > > > swizzle the active stage-2 context around the TLBI instruction. > > > > > > With guest-to-host memory sharing and unsharing hypercalls > > > originating from the guest under pKVM, there is need to support > > > both guest and host VMID invalidations issued from guest context. > > > > > > Replace the __tlb_switch_to_{guest,host}() functions with a more gene= ral > > > {enter,exit}_vmid_context() implementation which supports being invok= ed > > > from guest context and acts as a no-op if the target context matches = the > > > running context. > > > > > > Signed-off-by: Will Deacon > > > Signed-off-by: Fuad Tabba > > > --- > > > arch/arm64/kvm/hyp/nvhe/tlb.c | 114 +++++++++++++++++++++++++++-----= -- > > > 1 file changed, 90 insertions(+), 24 deletions(-) > > > > > > diff --git a/arch/arm64/kvm/hyp/nvhe/tlb.c b/arch/arm64/kvm/hyp/nvhe/= tlb.c > > > index a60fb13e2192..05a66b2ed76d 100644 > > > --- a/arch/arm64/kvm/hyp/nvhe/tlb.c > > > +++ b/arch/arm64/kvm/hyp/nvhe/tlb.c > > > @@ -11,13 +11,23 @@ > > > #include > > > > > > struct tlb_inv_context { > > > - u64 tcr; > > > + struct kvm_s2_mmu *mmu; > > > + u64 tcr; > > > + u64 sctlr; > > > }; > > > > > > -static void __tlb_switch_to_guest(struct kvm_s2_mmu *mmu, > > > - struct tlb_inv_context *cxt, > > > - bool nsh) > > > +static void enter_vmid_context(struct kvm_s2_mmu *mmu, > > > + struct tlb_inv_context *cxt, > > > + bool nsh) > > > { > > > + struct kvm_s2_mmu *host_s2_mmu =3D &host_mmu.arch.mmu; > > > + struct kvm_cpu_context *host_ctxt; > > > + struct kvm_vcpu *vcpu; > > > + > > > + host_ctxt =3D &this_cpu_ptr(&kvm_host_data)->host_ctxt; > > > + vcpu =3D host_ctxt->__hyp_running_vcpu; > > > + cxt->mmu =3D NULL; > > > + > > > /* > > > * We have two requirements: > > > * > > > @@ -40,20 +50,52 @@ static void __tlb_switch_to_guest(struct kvm_s2_m= mu *mmu, > > > else > > > dsb(ish); > > > > > > + /* > > > + * If we're already in the desired context, then there's nothing > > > + * to do. > > > + */ > > > + if (vcpu) { > > > + /* We're in guest context */ > > > + if (mmu =3D=3D vcpu->arch.hw_mmu || WARN_ON(mmu !=3D ho= st_s2_mmu)) > > > + return; > > > > I'm a bit concerned about this one, not so much for what it does, but > > because it outlines an inconsistency we have. > > > > Under memory pressure, we can end-up unmapping a page via the MMU > > notifiers, and will provide a s2_mmu context for the TLBI. This can > > happen while *another* context is loaded (a vcpu from a different VM) > > and that vcpu faults. > > > > You'd end up with a scenario very similar to the one I debugged here: > > > > https://lore.kernel.org/kvmarm/86y1gfn67v.wl-maz@kernel.org > > > > Now, this doesn't break here because __hyp_running_vcpu is set to NULL > > on each exit from the HYP code. But that only happens on nVHE, and not > > on VHE, which bizarrely only sets this on entry and leaves a dangling > > pointer... > > > > I think we need to clarify how and when this pointer is considered > > valid. >=20 > Right. I'll add the patch to fix the dangling pointer in VHE. Should > I add a comment about the validity of the pointer where it's defined > as well? Don't bother with the VHE bit, I'm already on it (moving it all the way to load/put for consistency), and I'm currently testing the hack. But adding a comment explaining that this plays the role of kvm_get_current_vcpu() and that it is only valid from within __kvm_vcpu_run() would be great. Thanks, M. --=20 Without deviation from the norm, progress is not possible.