• James Morse's avatar
    KVM: arm64: Survive synchronous exceptions caused by AT instructions · 88a84ccc
    James Morse authored
    KVM doesn't expect any synchronous exceptions when executing, any such
    exception leads to a panic(). AT instructions access the guest page
    tables, and can cause a synchronous external abort to be taken.
    
    The arm-arm is unclear on what should happen if the guest has configured
    the hardware update of the access-flag, and a memory type in TCR_EL1 that
    does not support atomic operations. B2.2.6 "Possible implementation
    restrictions on using atomic instructions" from DDI0487F.a lists
    synchronous external abort as a possible behaviour of atomic instructions
    that target memory that isn't writeback cacheable, but the page table
    walker may behave differently.
    
    Make KVM robust to synchronous exceptions caused by AT instructions.
    Add a get_user() style helper for AT instructions that returns -EFAULT
    if an exception was generated.
    
    While KVM's version of the exception table mixes synchronous and
    asynchronous exceptions, only one of these can occur at each location.
    
    Re-enter the guest when the AT instructions take an exception on the
    assumption the guest will take the same exception. This isn't guaranteed
    to make forward progress, as the AT instructions may always walk the page
    tables, but guest execution may use the translation cached in the TLB.
    
    This isn't a problem, as since commit 5dcd0fdb ("KVM: arm64: Defer guest
    entry when an asynchronous exception is pending"), KVM will return to the
    host to process IRQs allowing the rest of the system to keep running.
    
    Cc: stable@vger.kernel.org # <v5.3: 5dcd0fdb
    
     ("KVM: arm64: Defer guest entry when an asynchronous exception is pending")
    Signed-off-by: default avatarJames Morse <james.morse@arm.com>
    Reviewed-by: default avatarMarc Zyngier <maz@kernel.org>
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    88a84ccc
switch.h 13.8 KB