| 1 | Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code. | 1 | Hi; this pull request has a couple of fixes for bugs in |
|---|---|---|---|
| 2 | the Arm page-table-walk code, which arrived in the last | ||
| 3 | day or so. | ||
| 2 | 4 | ||
| 5 | I'm sending this out now in the hope it might just sneak | ||
| 6 | in before rc2 gets tagged, so the fixes can get more | ||
| 7 | testing time before the 7.2 release; but if they don't | ||
| 8 | make it then this should go into rc3. | ||
| 9 | |||
| 10 | thanks | ||
| 3 | -- PMM | 11 | -- PMM |
| 4 | 12 | ||
| 5 | The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236: | 13 | The following changes since commit 6d71357a3b651ec9db126e4862b77e13165427f5: |
| 6 | 14 | ||
| 7 | Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700) | 15 | rtl8139: honor large send MSS value (2022-11-21 09:28:43 -0500) |
| 8 | 16 | ||
| 9 | are available in the Git repository at: | 17 | are available in the Git repository at: |
| 10 | 18 | ||
| 11 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801 | 19 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221122 |
| 12 | 20 | ||
| 13 | for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc: | 21 | for you to fetch changes up to 15f8f4671afd22491ce99d28a296514717fead4f: |
| 14 | 22 | ||
| 15 | target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100) | 23 | target/arm: Use signed quantity to represent VMSAv8-64 translation level (2022-11-22 16:10:25 +0000) |
| 16 | 24 | ||
| 17 | ---------------------------------------------------------------- | 25 | ---------------------------------------------------------------- |
| 18 | target-arm queue: | 26 | target-arm: |
| 19 | * Fix KVM SVE ID register probe code | 27 | * Fix broken 5-level pagetable handling |
| 28 | * Fix debug accesses when EL2 is present | ||
| 20 | 29 | ||
| 21 | ---------------------------------------------------------------- | 30 | ---------------------------------------------------------------- |
| 22 | Richard Henderson (3): | 31 | Ard Biesheuvel (1): |
| 23 | target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features | 32 | target/arm: Use signed quantity to represent VMSAv8-64 translation level |
| 24 | target/arm: Set KVM_ARM_VCPU_SVE while probing the host | ||
| 25 | target/arm: Move sve probe inside kvm >= 4.15 branch | ||
| 26 | 33 | ||
| 27 | target/arm/kvm64.c | 45 ++++++++++++++++++++++----------------------- | 34 | Peter Maydell (1): |
| 28 | 1 file changed, 22 insertions(+), 23 deletions(-) | 35 | target/arm: Don't do two-stage lookup if stage 2 is disabled |
| 36 | |||
| 37 | target/arm/ptw.c | 11 ++++++----- | ||
| 38 | 1 file changed, 6 insertions(+), 5 deletions(-) | diff view generated by jsdifflib |
Deleted patch | |||
|---|---|---|---|
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | ||
| 2 | 1 | ||
| 3 | Indication for support for SVE will not depend on whether we | ||
| 4 | perform the query on the main kvm_state or the temp vcpu. | ||
| 5 | |||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 7 | Message-id: 20220726045828.53697-2-richard.henderson@linaro.org | ||
| 8 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/kvm64.c | 2 +- | ||
| 12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 13 | |||
| 14 | diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c | ||
| 15 | index XXXXXXX..XXXXXXX 100644 | ||
| 16 | --- a/target/arm/kvm64.c | ||
| 17 | +++ b/target/arm/kvm64.c | ||
| 18 | @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) | ||
| 19 | } | ||
| 20 | } | ||
| 21 | |||
| 22 | - sve_supported = ioctl(fdarray[0], KVM_CHECK_EXTENSION, KVM_CAP_ARM_SVE) > 0; | ||
| 23 | + sve_supported = kvm_arm_sve_supported(); | ||
| 24 | |||
| 25 | /* Add feature bits that can't appear until after VCPU init. */ | ||
| 26 | if (sve_supported) { | ||
| 27 | -- | ||
| 28 | 2.25.1 | diff view generated by jsdifflib |
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | 1 | In get_phys_addr_with_struct(), we call get_phys_addr_twostage() if |
|---|---|---|---|
| 2 | the CPU supports EL2. However, we don't check here that stage 2 is | ||
| 3 | actually enabled. Instead we only check that inside | ||
| 4 | get_phys_addr_twostage() to skip stage 2 translation. This means | ||
| 5 | that even if stage 2 is disabled we still tell the stage 1 lookup to | ||
| 6 | do its page table walks via stage 2. | ||
| 2 | 7 | ||
| 3 | The test for the IF block indicates no ID registers are exposed, much | 8 | This works by luck for normal CPU accesses, but it breaks for debug |
| 4 | less host support for SVE. Move the SVE probe into the ELSE block. | 9 | accesses, which are used by the disassembler and also by semihosting |
| 10 | file reads and writes, because the debug case takes a different code | ||
| 11 | path inside S1_ptw_translate(). | ||
| 5 | 12 | ||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | 13 | This means that setups that use semihosting for file loads are broken |
| 7 | Message-id: 20220726045828.53697-4-richard.henderson@linaro.org | 14 | (a regression since 7.1, introduced in recent ptw refactoring), and |
| 8 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | 15 | that sometimes disassembly in debug logs reports "unable to read |
| 16 | memory" rather than showing the guest insns. | ||
| 17 | |||
| 18 | Fix the bug by hoisting the "is stage 2 enabled?" check up to | ||
| 19 | get_phys_addr_with_struct(), so that we handle S2 disabled the same | ||
| 20 | way we do the "no EL2" case, with a simple single stage lookup. | ||
| 21 | |||
| 22 | Reported-by: Jens Wiklander <jens.wiklander@linaro.org> | ||
| 23 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 24 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 25 | Message-id: 20221121212404.1450382-1-peter.maydell@linaro.org | ||
| 10 | --- | 26 | --- |
| 11 | target/arm/kvm64.c | 22 +++++++++++----------- | 27 | target/arm/ptw.c | 7 ++++--- |
| 12 | 1 file changed, 11 insertions(+), 11 deletions(-) | 28 | 1 file changed, 4 insertions(+), 3 deletions(-) |
| 13 | 29 | ||
| 14 | diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c | 30 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 15 | index XXXXXXX..XXXXXXX 100644 | 31 | index XXXXXXX..XXXXXXX 100644 |
| 16 | --- a/target/arm/kvm64.c | 32 | --- a/target/arm/ptw.c |
| 17 | +++ b/target/arm/kvm64.c | 33 | +++ b/target/arm/ptw.c |
| 18 | @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) | 34 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, |
| 19 | err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0, | 35 | |
| 20 | ARM64_SYS_REG(3, 3, 9, 12, 0)); | 36 | ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi); |
| 37 | |||
| 38 | - /* If S1 fails or S2 is disabled, return early. */ | ||
| 39 | - if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) { | ||
| 40 | + /* If S1 fails, return early. */ | ||
| 41 | + if (ret) { | ||
| 42 | return ret; | ||
| 43 | } | ||
| 44 | |||
| 45 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw, | ||
| 46 | * Otherwise, a stage1+stage2 translation is just stage 1. | ||
| 47 | */ | ||
| 48 | ptw->in_mmu_idx = mmu_idx = s1_mmu_idx; | ||
| 49 | - if (arm_feature(env, ARM_FEATURE_EL2)) { | ||
| 50 | + if (arm_feature(env, ARM_FEATURE_EL2) && | ||
| 51 | + !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) { | ||
| 52 | return get_phys_addr_twostage(env, ptw, address, access_type, | ||
| 53 | result, fi); | ||
| 21 | } | 54 | } |
| 22 | - } | ||
| 23 | |||
| 24 | - if (sve_supported) { | ||
| 25 | - /* | ||
| 26 | - * There is a range of kernels between kernel commit 73433762fcae | ||
| 27 | - * and f81cb2c3ad41 which have a bug where the kernel doesn't expose | ||
| 28 | - * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled | ||
| 29 | - * SVE support, which resulted in an error rather than RAZ. | ||
| 30 | - * So only read the register if we set KVM_ARM_VCPU_SVE above. | ||
| 31 | - */ | ||
| 32 | - err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0, | ||
| 33 | - ARM64_SYS_REG(3, 0, 0, 4, 4)); | ||
| 34 | + if (sve_supported) { | ||
| 35 | + /* | ||
| 36 | + * There is a range of kernels between kernel commit 73433762fcae | ||
| 37 | + * and f81cb2c3ad41 which have a bug where the kernel doesn't | ||
| 38 | + * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has | ||
| 39 | + * enabled SVE support, which resulted in an error rather than RAZ. | ||
| 40 | + * So only read the register if we set KVM_ARM_VCPU_SVE above. | ||
| 41 | + */ | ||
| 42 | + err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0, | ||
| 43 | + ARM64_SYS_REG(3, 0, 0, 4, 4)); | ||
| 44 | + } | ||
| 45 | } | ||
| 46 | |||
| 47 | kvm_arm_destroy_scratch_host_vcpu(fdarray); | ||
| 48 | -- | 55 | -- |
| 49 | 2.25.1 | 56 | 2.25.1 | diff view generated by jsdifflib |
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | 1 | From: Ard Biesheuvel <ardb@kernel.org> |
|---|---|---|---|
| 2 | 2 | ||
| 3 | Because we weren't setting this flag, our probe of ID_AA64ZFR0 | 3 | The LPA2 extension implements 52-bit virtual addressing for 4k and 16k |
| 4 | was always returning zero. This also obviates the adjustment | 4 | translation granules, and for the former, this means an additional level |
| 5 | of ID_AA64PFR0, which had sanitized the SVE field. | 5 | of translation is needed. This means we start counting at -1 instead of |
| 6 | 0 when doing a walk, and so 'level' is now a signed quantity, and should | ||
| 7 | be typed as such. So turn it from uint32_t into int32_t. | ||
| 6 | 8 | ||
| 7 | The effects of the bug are not visible, because the only thing that | 9 | This avoids a level of -1 getting misinterpreted as being >= 3, and |
| 8 | ID_AA64ZFR0 is used for within qemu at present is tcg translation. | 10 | terminating a page table walk prematurely with a bogus output address. |
| 9 | The other tests for SVE within KVM are via ID_AA64PFR0.SVE. | ||
| 10 | 11 | ||
| 11 | Reported-by: Zenghui Yu <yuzenghui@huawei.com> | 12 | Cc: Peter Maydell <peter.maydell@linaro.org> |
| 12 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | 13 | Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> |
| 13 | Message-id: 20220726045828.53697-3-richard.henderson@linaro.org | 14 | Cc: Richard Henderson <richard.henderson@linaro.org> |
| 15 | Signed-off-by: Ard Biesheuvel <ardb@kernel.org> | ||
| 14 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | 16 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> |
| 15 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 17 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 16 | --- | 18 | --- |
| 17 | target/arm/kvm64.c | 27 +++++++++++++-------------- | 19 | target/arm/ptw.c | 4 ++-- |
| 18 | 1 file changed, 13 insertions(+), 14 deletions(-) | 20 | 1 file changed, 2 insertions(+), 2 deletions(-) |
| 19 | 21 | ||
| 20 | diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c | 22 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 21 | index XXXXXXX..XXXXXXX 100644 | 23 | index XXXXXXX..XXXXXXX 100644 |
| 22 | --- a/target/arm/kvm64.c | 24 | --- a/target/arm/ptw.c |
| 23 | +++ b/target/arm/kvm64.c | 25 | +++ b/target/arm/ptw.c |
| 24 | @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) | 26 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, |
| 25 | bool sve_supported; | 27 | ARMCPU *cpu = env_archcpu(env); |
| 26 | bool pmu_supported = false; | 28 | ARMMMUIdx mmu_idx = ptw->in_mmu_idx; |
| 27 | uint64_t features = 0; | 29 | bool is_secure = ptw->in_secure; |
| 28 | - uint64_t t; | 30 | - uint32_t level; |
| 29 | int err; | 31 | + int32_t level; |
| 30 | 32 | ARMVAParameters param; | |
| 31 | /* Old kernels may not know about the PREFERRED_TARGET ioctl: however | 33 | uint64_t ttbr; |
| 32 | @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) | 34 | hwaddr descaddr, indexmask, indexmask_grainsize; |
| 33 | struct kvm_vcpu_init init = { .target = -1, }; | 35 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, |
| 34 | |||
| 35 | /* | ||
| 36 | - * Ask for Pointer Authentication if supported. We can't play the | ||
| 37 | - * SVE trick of synthesising the ID reg as KVM won't tell us | ||
| 38 | - * whether we have the architected or IMPDEF version of PAuth, so | ||
| 39 | - * we have to use the actual ID regs. | ||
| 40 | + * Ask for SVE if supported, so that we can query ID_AA64ZFR0, | ||
| 41 | + * which is otherwise RAZ. | ||
| 42 | + */ | ||
| 43 | + sve_supported = kvm_arm_sve_supported(); | ||
| 44 | + if (sve_supported) { | ||
| 45 | + init.features[0] |= 1 << KVM_ARM_VCPU_SVE; | ||
| 46 | + } | ||
| 47 | + | ||
| 48 | + /* | ||
| 49 | + * Ask for Pointer Authentication if supported, so that we get | ||
| 50 | + * the unsanitized field values for AA64ISAR1_EL1. | ||
| 51 | */ | ||
| 52 | if (kvm_arm_pauth_supported()) { | ||
| 53 | init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS | | ||
| 54 | @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) | ||
| 55 | } | ||
| 56 | } | ||
| 57 | |||
| 58 | - sve_supported = kvm_arm_sve_supported(); | ||
| 59 | - | ||
| 60 | - /* Add feature bits that can't appear until after VCPU init. */ | ||
| 61 | if (sve_supported) { | ||
| 62 | - t = ahcf->isar.id_aa64pfr0; | ||
| 63 | - t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1); | ||
| 64 | - ahcf->isar.id_aa64pfr0 = t; | ||
| 65 | - | ||
| 66 | /* | ||
| 67 | * There is a range of kernels between kernel commit 73433762fcae | ||
| 68 | * and f81cb2c3ad41 which have a bug where the kernel doesn't expose | ||
| 69 | * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled | ||
| 70 | - * SVE support, so we only read it here, rather than together with all | ||
| 71 | - * the other ID registers earlier. | ||
| 72 | + * SVE support, which resulted in an error rather than RAZ. | ||
| 73 | + * So only read the register if we set KVM_ARM_VCPU_SVE above. | ||
| 74 | */ | 36 | */ |
| 75 | err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0, | 37 | uint32_t sl0 = extract32(tcr, 6, 2); |
| 76 | ARM64_SYS_REG(3, 0, 0, 4, 4)); | 38 | uint32_t sl2 = extract64(tcr, 33, 1); |
| 39 | - uint32_t startlevel; | ||
| 40 | + int32_t startlevel; | ||
| 41 | bool ok; | ||
| 42 | |||
| 43 | /* SL2 is RES0 unless DS=1 & 4kb granule. */ | ||
| 77 | -- | 44 | -- |
| 78 | 2.25.1 | 45 | 2.25.1 |
| 46 | |||
| 47 | diff view generated by jsdifflib |