KVM: arm64: nvhe: Synchronise with page table walker on vcpu run

Marc Zyngier · Marc Zyngier · commit 55b5bac15939 · 2023-04-13T08:38:53.000+01:00
When taking an exception between the EL1&amp;0 translation regime and
the EL2 translation regime, the page table walker is allowed to
complete the walks started from EL0 or EL1 while running at EL2.

It means that altering the system registers that define the EL1&amp;0
translation regime is fraught with danger *unless* we wait for
the completion of such walk with a DSB (R_LFHQG and subsequent
statements in the ARM ARM). We already did the right thing for
other external agents (SPE, TRBE), but not the PTW.

Rework the existing SPE/TRBE synchronisation to include the PTW,
and add the missing DSB on guest exit.

Signed-off-by: Marc Zyngier &lt;maz@kernel.org&gt;
Reviewed-by: Oliver Upton &lt;oliver.upton@linux.dev&gt;
diff --git a/arch/arm64/kvm/hyp/nvhe/debug-sr.c b/arch/arm64/kvm/hyp/nvhe/debug-sr.c
@@ -37,7 +37,6 @@ static void __debug_save_spe(u64 *pmscr_el1)
 
 	/* Now drain all buffered data to memory */
 	psb_csync();
-	dsb(nsh);
 }
 
 static void __debug_restore_spe(u64 pmscr_el1)
@@ -69,7 +68,6 @@ static void __debug_save_trace(u64 *trfcr_el1)
 	isb();
 	/* Drain the trace buffer to memory */
 	tsb_csync();
-	dsb(nsh);
 }
 
 static void __debug_restore_trace(u64 trfcr_el1)
diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c
@@ -272,6 +272,17 @@ int __kvm_vcpu_run(struct kvm_vcpu *vcpu)
 	 */
 	__debug_save_host_buffers_nvhe(vcpu);
 
+	/*
+	 * We're about to restore some new MMU state. Make sure
+	 * ongoing page-table walks that have started before we
+	 * trapped to EL2 have completed. This also synchronises the
+	 * above disabling of SPE and TRBE.
+	 *
+	 * See DDI0487I.a D8.1.5 "Out-of-context translation regimes",
+	 * rule R_LFHQG and subsequent information statements.
+	 */
+	dsb(nsh);
+
 	__kvm_adjust_pc(vcpu);
 
 	/*
@@ -306,6 +317,13 @@ int __kvm_vcpu_run(struct kvm_vcpu *vcpu)
 	__timer_disable_traps(vcpu);
 	__hyp_vgic_save_state(vcpu);
 
+	/*
+	 * Same thing as before the guest run: we're about to switch
+	 * the MMU context, so let's make sure we don't have any
+	 * ongoing EL1&0 translations.
+	 */
+	dsb(nsh);
+
 	__deactivate_traps(vcpu);
 	__load_host_stage2();
 

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,6 @@ static void __debug_save_spe(u64 *pmscr_el1)`
`37`	`37`
`38`	`38`	`/* Now drain all buffered data to memory */`
`39`	`39`	`psb_csync();`
`40`		`- dsb(nsh);`
`41`	`40`	`}`
`42`	`41`
`43`	`42`	`static void __debug_restore_spe(u64 pmscr_el1)`
`@@ -69,7 +68,6 @@ static void __debug_save_trace(u64 *trfcr_el1)`
`69`	`68`	`isb();`
`70`	`69`	`/* Drain the trace buffer to memory */`
`71`	`70`	`tsb_csync();`
`72`		`- dsb(nsh);`
`73`	`71`	`}`
`74`	`72`
`75`	`73`	`static void __debug_restore_trace(u64 trfcr_el1)`