From patchwork Mon May  4 01:25:26 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Shannon Zhao <shannon.zhao@linaro.org>
X-Patchwork-Id: 47938
Return-Path: <patchwork-forward+bncBCOL5N4BVYCBBR4WTOVAKGQENCPZEWY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f200.google.com (mail-wi0-f200.google.com
 [209.85.212.200])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 1453D20553
 for <linaro@patches.linaro.org>; Mon,  4 May 2015 01:28:40 +0000 (UTC)
Received: by wixv7 with SMTP id v7sf30654504wix.0
 for <linaro@patches.linaro.org>; Sun, 03 May 2015 18:28:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=hged+iANJr+YghP7hj750IKuFzgEsb4MVXL8aorAzRA=;
 b=ZUWkf1qnEBgpK8okJG0IWkdF2I0x3RO47tg/nrsr3/INnKswHJbPqGrW38ti3Kmqe3
 BhMNVMFqeMb1Zw8p1DsKqgzs1zil4prM9EkNfadfzkn144ynSJXrXKupvGzpN+z0FzIh
 BDy8XEzjvw1W1x3LmHzGJBV6hzX25/hXMRrpRFj1Hu6gHyuiJPTu3YQVJ6ztiDTLNqjB
 B1d8OkzuwAJwfeiT5rdjKCB9J6f5ndOssbZL/R/02mJdQPv9vL5jTH8Tt/2NnSdPnsqz
 y1vB0mfq0Hmdtz0Ze+4MYf0GB8tdxzjlJFohleRfLAip37GQiZW+2ia6Y32M4plMXS7W
 4sKQ==
X-Gm-Message-State: ALoCoQnYxZ8H5BgUVVzn1+TXN07h44WCIt/lx6K3cTHXxKUp4EHI0/0BNdh9iS5ND99ei0KpQqgq
X-Received: by 10.194.47.179 with SMTP id e19mr16904972wjn.4.1430702919332; 
 Sun, 03 May 2015 18:28:39 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.27.194 with SMTP id v2ls788734lag.59.gmail; Sun, 03 May
 2015 18:28:39 -0700 (PDT)
X-Received: by 10.152.23.66 with SMTP id k2mr17433370laf.89.1430702919029;
 Sun, 03 May 2015 18:28:39 -0700 (PDT)
Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com.
 [209.85.217.182]) by mx.google.com with ESMTPS id
 yg6si9041943lbb.137.2015.05.03.18.28.38
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 03 May 2015 18:28:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.182 as permitted sender) client-ip=209.85.217.182; 
Received: by lbbqq2 with SMTP id qq2so95369909lbb.3
 for <patchwork-forward@linaro.org>;
 Sun, 03 May 2015 18:28:38 -0700 (PDT)
X-Received: by 10.112.140.231 with SMTP id rj7mr17203891lbb.76.1430702918884; 
 Sun, 03 May 2015 18:28:38 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.67.65 with SMTP id l1csp1406234lbt;
 Sun, 3 May 2015 18:28:37 -0700 (PDT)
X-Received: by 10.66.177.238 with SMTP id ct14mr37972884pac.121.1430702916076; 
 Sun, 03 May 2015 18:28:36 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 es7si17680936pbd.123.2015.05.03.18.28.35; 
 Sun, 03 May 2015 18:28:36 -0700 (PDT)
Received-SPF: none (google.com: stable-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1751834AbbEDB2e (ORCPT <rfc822;shannon.zhao@linaro.org>
 + 2 others); Sun, 3 May 2015 21:28:34 -0400
Received: from mail-pa0-f43.google.com ([209.85.220.43]:35561 "EHLO
 mail-pa0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1751718AbbEDB2e (ORCPT
 <rfc822;stable@vger.kernel.org>); Sun, 3 May 2015 21:28:34 -0400
Received: by pabtp1 with SMTP id tp1so147377484pab.2
 for <stable@vger.kernel.org>; Sun, 03 May 2015 18:28:33 -0700 (PDT)
X-Received: by 10.66.142.137 with SMTP id rw9mr37930077pab.56.1430702913516; 
 Sun, 03 May 2015 18:28:33 -0700 (PDT)
Received: from localhost ([180.150.153.1]) by mx.google.com with ESMTPSA id
 l5sm10989856pbq.15.2015.05.03.18.28.31
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Sun, 03 May 2015 18:28:32 -0700 (PDT)
From: shannon.zhao@linaro.org
To: stable@vger.kernel.org
Cc: sasha.levin@oracle.com, christoffer.dall@linaro.org,
 shannon.zhao@linaro.org, Marc Zyngier <marc.zyngier@arm.com>,
 =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
Subject: [PATCH for 3.18.y stable 22/22] arm/arm64: KVM: Keep elrsr/aisr in
 sync with software model
Date: Mon,  4 May 2015 09:25:26 +0800
Message-Id: <1430702726-2056-23-git-send-email-shannon.zhao@linaro.org>
X-Mailer: git-send-email 1.9.5.msysgit.1
In-Reply-To: <1430702726-2056-1-git-send-email-shannon.zhao@linaro.org>
References: <1430702726-2056-1-git-send-email-shannon.zhao@linaro.org>
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: stable@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: shannon.zhao@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.182 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

From: Christoffer Dall <christoffer.dall@linaro.org>

commit ae705930fca6322600690df9dc1c7d0516145a93 upstream.

There is an interesting bug in the vgic code, which manifests itself
when the KVM run loop has a signal pending or needs a vmid generation
rollover after having disabled interrupts but before actually switching
to the guest.

In this case, we flush the vgic as usual, but we sync back the vgic
state and exit to userspace before entering the guest.  The consequence
is that we will be syncing the list registers back to the software model
using the GICH_ELRSR and GICH_EISR from the last execution of the guest,
potentially overwriting a list register containing an interrupt.

This showed up during migration testing where we would capture a state
where the VM has masked the arch timer but there were no interrupts,
resulting in a hung test.

Cc: Marc Zyngier <marc.zyngier@arm.com>
Reported-by: Alex Bennee <alex.bennee@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
---
 include/kvm/arm_vgic.h |  1 +
 virt/kvm/arm/vgic-v2.c |  8 ++++++++
 virt/kvm/arm/vgic-v3.c |  8 ++++++++
 virt/kvm/arm/vgic.c    | 16 ++++++++++++++++
 4 files changed, 33 insertions(+)

diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index fe9783b..3f73f6c 100644
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -113,6 +113,7 @@ struct vgic_ops {
 	void	(*sync_lr_elrsr)(struct kvm_vcpu *, int, struct vgic_lr);
 	u64	(*get_elrsr)(const struct kvm_vcpu *vcpu);
 	u64	(*get_eisr)(const struct kvm_vcpu *vcpu);
+	void	(*clear_eisr)(struct kvm_vcpu *vcpu);
 	u32	(*get_interrupt_status)(const struct kvm_vcpu *vcpu);
 	void	(*enable_underflow)(struct kvm_vcpu *vcpu);
 	void	(*disable_underflow)(struct kvm_vcpu *vcpu);
diff --git a/virt/kvm/arm/vgic-v2.c b/virt/kvm/arm/vgic-v2.c
index 2935405..b9d48e8 100644
--- a/virt/kvm/arm/vgic-v2.c
+++ b/virt/kvm/arm/vgic-v2.c
@@ -72,6 +72,8 @@ static void vgic_v2_sync_lr_elrsr(struct kvm_vcpu *vcpu, int lr,
 {
 	if (!(lr_desc.state & LR_STATE_MASK))
 		vcpu->arch.vgic_cpu.vgic_v2.vgic_elrsr |= (1ULL << lr);
+	else
+		vcpu->arch.vgic_cpu.vgic_v2.vgic_elrsr &= ~(1ULL << lr);
 }
 
 static u64 vgic_v2_get_elrsr(const struct kvm_vcpu *vcpu)
@@ -84,6 +86,11 @@ static u64 vgic_v2_get_eisr(const struct kvm_vcpu *vcpu)
 	return vcpu->arch.vgic_cpu.vgic_v2.vgic_eisr;
 }
 
+static void vgic_v2_clear_eisr(struct kvm_vcpu *vcpu)
+{
+	vcpu->arch.vgic_cpu.vgic_v2.vgic_eisr = 0;
+}
+
 static u32 vgic_v2_get_interrupt_status(const struct kvm_vcpu *vcpu)
 {
 	u32 misr = vcpu->arch.vgic_cpu.vgic_v2.vgic_misr;
@@ -148,6 +155,7 @@ static const struct vgic_ops vgic_v2_ops = {
 	.sync_lr_elrsr		= vgic_v2_sync_lr_elrsr,
 	.get_elrsr		= vgic_v2_get_elrsr,
 	.get_eisr		= vgic_v2_get_eisr,
+	.clear_eisr		= vgic_v2_clear_eisr,
 	.get_interrupt_status	= vgic_v2_get_interrupt_status,
 	.enable_underflow	= vgic_v2_enable_underflow,
 	.disable_underflow	= vgic_v2_disable_underflow,
diff --git a/virt/kvm/arm/vgic-v3.c b/virt/kvm/arm/vgic-v3.c
index 1c2c8ee..58b8af0 100644
--- a/virt/kvm/arm/vgic-v3.c
+++ b/virt/kvm/arm/vgic-v3.c
@@ -86,6 +86,8 @@ static void vgic_v3_sync_lr_elrsr(struct kvm_vcpu *vcpu, int lr,
 {
 	if (!(lr_desc.state & LR_STATE_MASK))
 		vcpu->arch.vgic_cpu.vgic_v3.vgic_elrsr |= (1U << lr);
+	else
+		vcpu->arch.vgic_cpu.vgic_v3.vgic_elrsr &= ~(1U << lr);
 }
 
 static u64 vgic_v3_get_elrsr(const struct kvm_vcpu *vcpu)
@@ -98,6 +100,11 @@ static u64 vgic_v3_get_eisr(const struct kvm_vcpu *vcpu)
 	return vcpu->arch.vgic_cpu.vgic_v3.vgic_eisr;
 }
 
+static void vgic_v3_clear_eisr(struct kvm_vcpu *vcpu)
+{
+	vcpu->arch.vgic_cpu.vgic_v3.vgic_eisr = 0;
+}
+
 static u32 vgic_v3_get_interrupt_status(const struct kvm_vcpu *vcpu)
 {
 	u32 misr = vcpu->arch.vgic_cpu.vgic_v3.vgic_misr;
@@ -162,6 +169,7 @@ static const struct vgic_ops vgic_v3_ops = {
 	.sync_lr_elrsr		= vgic_v3_sync_lr_elrsr,
 	.get_elrsr		= vgic_v3_get_elrsr,
 	.get_eisr		= vgic_v3_get_eisr,
+	.clear_eisr		= vgic_v3_clear_eisr,
 	.get_interrupt_status	= vgic_v3_get_interrupt_status,
 	.enable_underflow	= vgic_v3_enable_underflow,
 	.disable_underflow	= vgic_v3_disable_underflow,
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index fc82307..28347fc 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -1219,6 +1219,11 @@ static inline u64 vgic_get_eisr(struct kvm_vcpu *vcpu)
 	return vgic_ops->get_eisr(vcpu);
 }
 
+static inline void vgic_clear_eisr(struct kvm_vcpu *vcpu)
+{
+	vgic_ops->clear_eisr(vcpu);
+}
+
 static inline u32 vgic_get_interrupt_status(struct kvm_vcpu *vcpu)
 {
 	return vgic_ops->get_interrupt_status(vcpu);
@@ -1258,6 +1263,7 @@ static void vgic_retire_lr(int lr_nr, int irq, struct kvm_vcpu *vcpu)
 	vgic_set_lr(vcpu, lr_nr, vlr);
 	clear_bit(lr_nr, vgic_cpu->lr_used);
 	vgic_cpu->vgic_irq_lr_map[irq] = LR_EMPTY;
+	vgic_sync_lr_elrsr(vcpu, lr_nr, vlr);
 }
 
 /*
@@ -1313,6 +1319,7 @@ static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
 			BUG_ON(!test_bit(lr, vgic_cpu->lr_used));
 			vlr.state |= LR_STATE_PENDING;
 			vgic_set_lr(vcpu, lr, vlr);
+			vgic_sync_lr_elrsr(vcpu, lr, vlr);
 			return true;
 		}
 	}
@@ -1334,6 +1341,7 @@ static bool vgic_queue_irq(struct kvm_vcpu *vcpu, u8 sgi_source_id, int irq)
 		vlr.state |= LR_EOI_INT;
 
 	vgic_set_lr(vcpu, lr, vlr);
+	vgic_sync_lr_elrsr(vcpu, lr, vlr);
 
 	return true;
 }
@@ -1502,6 +1510,14 @@ static bool vgic_process_maintenance(struct kvm_vcpu *vcpu)
 	if (status & INT_STATUS_UNDERFLOW)
 		vgic_disable_underflow(vcpu);
 
+	/*
+	 * In the next iterations of the vcpu loop, if we sync the vgic state
+	 * after flushing it, but before entering the guest (this happens for
+	 * pending signals and vmid rollovers), then make sure we don't pick
+	 * up any old maintenance interrupts here.
+	 */
+	vgic_clear_eisr(vcpu);
+
 	return level_pending;
 }