From patchwork Tue Feb 18 15:27:26 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marc Zyngier <marc.zyngier@arm.com>
X-Patchwork-Id: 24909
Return-Path: <patchwork-forward+bncBCPZR5X4TYBBBCVOR2MAKGQEC6SVNYI@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-pb0-f71.google.com (mail-pb0-f71.google.com
 [209.85.160.71])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id E0A43203BE
 for <linaro@patches.linaro.org>; Tue, 18 Feb 2014 17:23:23 +0000 (UTC)
Received: by mail-pb0-f71.google.com with SMTP id jt11sf39349417pbb.6
 for <linaro@patches.linaro.org>; Tue, 18 Feb 2014 09:23:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id
 :in-reply-to:references:cc:precedence:list-id:list-unsubscribe
 :list-archive:list-post:list-help:list-subscribe:mime-version:sender
 :errors-to:x-original-sender:x-original-authentication-results
 :mailing-list:content-type:content-transfer-encoding;
 bh=7r6BOGzUXf8bYeNVR8cgr7gW1YKFEh26W+X9uo3948c=;
 b=cyw75F1JHGt1N8yaISwXTlcQkpX7h0uIV8IxmybusKOST+lrFI337GDqIADd4tYD6r
 OH4lDUeDt9UGoUkr9xkqFdYak52wA+i9yZ/J7JDNSaK4VXKzxHTWpfLqLfzLTx3GELMm
 T7H5/t6GZE8UBCtcAa/v+pMVXkI43Rmp8wpcoX0mnJcaPa1cCun6RRxeM+nPT0TEbW00
 CLvys8SMnKDNah3baQdlbkuYKYtePRaWyPh/YLWzAag6EwMq1gonqw88CXUg2DPflrFa
 bzcAsRMoel1XWSWlqgvCX26hdz0ZoQMSQ5ELfuwy4SqNXd4kdGZf/2P0/km7T1zKtk2s
 e8nA==
X-Gm-Message-State: ALoCoQkWkDIc/xFVBvjUKKAu366s6RoJLxuPwIkiDTrUKrmYGcO9iWpt0YDqSiG/CMN7FQtqk66b
X-Received: by 10.66.141.135 with SMTP id ro7mr6002430pab.28.1392744202889; 
 Tue, 18 Feb 2014 09:23:22 -0800 (PST)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.31.139 with SMTP id f11ls1394918qgf.71.gmail; Tue, 18 Feb
 2014 09:23:22 -0800 (PST)
X-Received: by 10.52.63.233 with SMTP id j9mr41366vds.69.1392744202731;
 Tue, 18 Feb 2014 09:23:22 -0800 (PST)
Received: from mail-vc0-f177.google.com (mail-vc0-f177.google.com
 [209.85.220.177]) by mx.google.com with ESMTPS id
 dq2si5676656veb.145.2014.02.18.09.23.22
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 18 Feb 2014 09:23:22 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.220.177 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.220.177; 
Received: by mail-vc0-f177.google.com with SMTP id if11so13223101vcb.36
 for <patchwork-forward@linaro.org>;
 Tue, 18 Feb 2014 09:23:22 -0800 (PST)
X-Received: by 10.221.29.137 with SMTP id ry9mr22093545vcb.6.1392744202614; 
 Tue, 18 Feb 2014 09:23:22 -0800 (PST)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.174.196 with SMTP id u4csp233447vcz;
 Tue, 18 Feb 2014 09:23:22 -0800 (PST)
X-Received: by 10.180.11.233 with SMTP id t9mr19050286wib.1.1392744201432;
 Tue, 18 Feb 2014 09:23:21 -0800 (PST)
Received: from casper.infradead.org (casper.infradead.org. [2001:770:15f::2])
 by mx.google.com with ESMTPS id
 dr11si12908479wid.3.2014.02.18.09.23.21 for <patch@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 18 Feb 2014 09:23:21 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:770:15f::2 as permitted sender)
 client-ip=2001:770:15f::2; 
Received: from merlin.infradead.org ([2001:4978:20e::2])
 by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WFmdg-00070G-Ci; Tue, 18 Feb 2014 15:31:17 +0000
Received: from localhost ([::1] helo=merlin.infradead.org)
 by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WFmce-0001Yp-UI; Tue, 18 Feb 2014 15:30:12 +0000
Received: from fw-tnat.austin.arm.com ([217.140.110.23]
 helo=collaborate-mta1.arm.com)
 by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WFmaw-0001M7-RJ for linux-arm-kernel@lists.infradead.org;
 Tue, 18 Feb 2014 15:28:33 +0000
Received: from e102391-lin.cambridge.arm.com (e102391-lin.cambridge.arm.com
 [10.1.209.166])
 by collaborate-mta1.arm.com (Postfix) with ESMTP id B95EC1401C6;
 Tue, 18 Feb 2014 09:27:38 -0600 (CST)
From: Marc Zyngier <marc.zyngier@arm.com>
To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org
Subject: [PATCH v4 05/12] arm64: KVM: flush VM pages before letting the guest
 enable caches
Date: Tue, 18 Feb 2014 15:27:26 +0000
Message-Id: <1392737253-10480-6-git-send-email-marc.zyngier@arm.com>
X-Mailer: git-send-email 1.8.3.4
In-Reply-To: <1392737253-10480-1-git-send-email-marc.zyngier@arm.com>
References: <1392737253-10480-1-git-send-email-marc.zyngier@arm.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20140218_102827_073522_B0313E64
X-CRM114-Status: GOOD (  13.85  )
X-Spam-Score: -2.5 (--)
X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary:
 Content analysis details:   (-2.5 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay
 domain
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
Cc: Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@linaro.org>
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: marc.zyngier@arm.com
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.220.177 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

When the guest runs with caches disabled (like in an early boot
sequence, for example), all the writes are diectly going to RAM,
bypassing the caches altogether.

Once the MMU and caches are enabled, whatever sits in the cache
becomes suddenly visible, which isn't what the guest expects.

A way to avoid this potential disaster is to invalidate the cache
when the MMU is being turned on. For this, we hook into the SCTLR_EL1
trapping code, and scan the stage-2 page tables, invalidating the
pages/sections that have already been mapped in.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
---
 arch/arm/include/asm/kvm_mmu.h   |  2 +
 arch/arm/kvm/mmu.c               | 93 ++++++++++++++++++++++++++++++++++++++++
 arch/arm64/include/asm/kvm_mmu.h |  1 +
 arch/arm64/kvm/sys_regs.c        |  5 ++-
 4 files changed, 100 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index 88bba33..e2a8df4 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -154,6 +154,8 @@ static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
 
 #define kvm_flush_dcache_to_poc(a,l)	__cpuc_flush_dcache_area((a), (l))
 
+void stage2_flush_vm(struct kvm *kvm);
+
 #endif	/* !__ASSEMBLY__ */
 
 #endif /* __ARM_KVM_MMU_H__ */
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 7f84116..209f20f 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -187,6 +187,99 @@ static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
 	}
 }
 
+static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
+			      phys_addr_t addr, phys_addr_t end)
+{
+	pte_t *pte;
+
+	pte = pte_offset_kernel(pmd, addr);
+	do {
+		if (!pte_none(*pte)) {
+			hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
+			kvm_flush_dcache_to_poc((void*)hva, PAGE_SIZE);
+		}
+	} while (pte++, addr += PAGE_SIZE, addr != end);
+}
+
+static void stage2_flush_pmds(struct kvm *kvm, pud_t *pud,
+			      phys_addr_t addr, phys_addr_t end)
+{
+	pmd_t *pmd;
+	phys_addr_t next;
+
+	pmd = pmd_offset(pud, addr);
+	do {
+		next = kvm_pmd_addr_end(addr, end);
+		if (!pmd_none(*pmd)) {
+			if (kvm_pmd_huge(*pmd)) {
+				hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
+				kvm_flush_dcache_to_poc((void*)hva, PMD_SIZE);
+			} else {
+				stage2_flush_ptes(kvm, pmd, addr, next);
+			}
+		}
+	} while (pmd++, addr = next, addr != end);
+}
+
+static void stage2_flush_puds(struct kvm *kvm, pgd_t *pgd,
+			      phys_addr_t addr, phys_addr_t end)
+{
+	pud_t *pud;
+	phys_addr_t next;
+
+	pud = pud_offset(pgd, addr);
+	do {
+		next = kvm_pud_addr_end(addr, end);
+		if (!pud_none(*pud)) {
+			if (pud_huge(*pud)) {
+				hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
+				kvm_flush_dcache_to_poc((void*)hva, PUD_SIZE);
+			} else {
+				stage2_flush_pmds(kvm, pud, addr, next);
+			}
+		}
+	} while (pud++, addr = next, addr != end);
+}
+
+static void stage2_flush_memslot(struct kvm *kvm,
+				 struct kvm_memory_slot *memslot)
+{
+	phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
+	phys_addr_t end = addr + PAGE_SIZE * memslot->npages;
+	phys_addr_t next;
+	pgd_t *pgd;
+
+	pgd = kvm->arch.pgd + pgd_index(addr);
+	do {
+		next = kvm_pgd_addr_end(addr, end);
+		stage2_flush_puds(kvm, pgd, addr, next);
+	} while (pgd++, addr = next, addr != end);
+}
+
+/**
+ * stage2_flush_vm - Invalidate cache for pages mapped in stage 2
+ * @kvm: The struct kvm pointer
+ *
+ * Go through the stage 2 page tables and invalidate any cache lines
+ * backing memory already mapped to the VM.
+ */
+void stage2_flush_vm(struct kvm *kvm)
+{
+	struct kvm_memslots *slots;
+	struct kvm_memory_slot *memslot;
+	int idx;
+
+	idx = srcu_read_lock(&kvm->srcu);
+	spin_lock(&kvm->mmu_lock);
+
+	slots = kvm_memslots(kvm);
+	kvm_for_each_memslot(memslot, slots)
+		stage2_flush_memslot(kvm, memslot);
+
+	spin_unlock(&kvm->mmu_lock);
+	srcu_read_unlock(&kvm->srcu, idx);
+}
+
 /**
  * free_boot_hyp_pgd - free HYP boot page tables
  *
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 19cb328..da0ee56 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -148,6 +148,7 @@ static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
 	}
 }
 
+void stage2_flush_vm(struct kvm *kvm);
 
 #endif /* __ASSEMBLY__ */
 #endif /* __ARM64_KVM_MMU_H__ */
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 2097e5e..0324458 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -27,6 +27,7 @@
 #include <asm/kvm_host.h>
 #include <asm/kvm_emulate.h>
 #include <asm/kvm_coproc.h>
+#include <asm/kvm_mmu.h>
 #include <asm/cacheflush.h>
 #include <asm/cputype.h>
 #include <trace/events/kvm.h>
@@ -154,8 +155,10 @@ static bool access_sctlr(struct kvm_vcpu *vcpu,
 {
 	access_vm_reg(vcpu, p, r);
 
-	if (vcpu_has_cache_enabled(vcpu))	/* MMU+Caches enabled? */
+	if (vcpu_has_cache_enabled(vcpu)) {	/* MMU+Caches enabled? */
 		vcpu->arch.hcr_el2 &= ~HCR_TVM;
+		stage2_flush_vm(vcpu->kvm);
+	}
 
 	return true;
 }