On 28.06.2013, at 11:20, Mihai Caraman wrote:

lwepx faults needs to be handled by KVM and this implies additional =

code

in DO_KVM macro to identify the source of the exception originated =

from

host context. This requires to check the Exception Syndrome Register
(ESR[EPID]) and External PID Load Context Register (EPLC[EGS]) for =

DTB_MISS,

DSI and LRAT exceptions which is too intrusive for the host.
=20
Get rid of lwepx and acquire last instuction in kvmppc_handle_exit() =

by

searching for the physical address and kmap it. This fixes an infinite =

loop

caused by lwepx's data TLB miss handled in the host and the TODO for =

TLB

eviction and execute-but-not-read entries.
=20
Signed-off-by: Mihai Caraman <redacted>
---
Resend this pacth for Alex G. he was unsubscribed from kvm-ppc mailist
for a while.
=20
arch/powerpc/include/asm/mmu-book3e.h |    6 ++-
arch/powerpc/kvm/booke.c              |    6 +++
arch/powerpc/kvm/booke.h              |    2 +
arch/powerpc/kvm/bookehv_interrupts.S |   32 ++-------------
arch/powerpc/kvm/e500.c               |    4 ++
arch/powerpc/kvm/e500mc.c             |   69 =

+++++++++++++++++++++++++++++++++

b/arch/powerpc/include/asm/mmu-book3e.h

MAS0_TLBSEL_MASK)

+#define MAS0_GET_TLBSEL(mas0)	(((mas0) & MAS0_TLBSEL_MASK) >> =

MAS0_TLBSEL_SHIFT)

#define MAS0_ESEL_MASK		0x0FFF0000
#define MAS0_ESEL_SHIFT		16
#define MAS0_ESEL(x)		(((x) << MAS0_ESEL_SHIFT) & =

MAS0_ESEL_MASK)

MAS1_TSIZE_MASK)

+#define MAS1_GET_TSIZE(mas1)	(((mas1) & MAS1_TSIZE_MASK) >> =

MAS1_TSIZE_SHIFT)

struct kvm_vcpu *vcpu,

	/* update before a new last_exit_type is rewritten */
	kvmppc_update_timing_stats(vcpu);
=20
+	/*
+	 * The exception type can change at this point, such as if the =

TLB entry

*exit_nr);

b/arch/powerpc/kvm/bookehv_interrupts.S

PR-mode

-	 * booke doesn't handle it either.  Since Linux doesn't use
-	 * broadcast tlbivax anymore, the only way this should happen is
-	 * if the guest maps its memory execute-but-not-read, or if we
-	 * somehow take a TLB miss in the middle of this entry code and
-	 * evict the relevant entry.  On e500mc, all kernel lowmem is
-	 * bolted into TLB1 large page mappings, and we don't use
-	 * broadcast invalidates, so we should not take a TLB miss here.
-	 *
-	 * Later we'll need to deal with faults here.  Disallowing guest
-	 * mappings that are execute-but-not-read could be an option on
-	 * e500mc, but not on chips with an LRAT if it is used.
+	 * We don't use external PID support. lwepx faults would need to =

be

+	 * handled by KVM and this implies aditional code in DO_KVM (for
+	 * DTB_MISS, DSI and LRAT) to check ESR[EPID] and EPLC[EGS] =

which

+	 * is too intrusive for the host. Get last instuction in
+	 * kvmppc_handle_exit().
	 */
-
-	mfspr	r3, SPRN_EPLC	/* will already have correct ELPID and =

EGS */

id,

	return r;
}
=20
+void kvmppc_prepare_for_emulation(struct kvm_vcpu *vcpu, unsigned int =

*exit_nr)

+{
+}
+
struct kvm_vcpu *kvmppc_core_vcpu_create(struct kvm *kvm, unsigned int =

id)

id,

	return r;
}
=20
+void kvmppc_prepare_for_emulation(struct kvm_vcpu *vcpu, unsigned int =

*exit_nr)

+{
+	gva_t geaddr;
+	hpa_t addr;
+	u64 mas7_mas3;
+	hva_t eaddr;
+	u32 mas1, mas3;
+	struct page *page;
+	unsigned int addr_space, psize_shift;
+	bool pr;
+
+	if ((*exit_nr !=3D BOOKE_INTERRUPT_DATA_STORAGE) &&
+	    (*exit_nr !=3D BOOKE_INTERRUPT_DTLB_MISS) &&
+	    (*exit_nr !=3D BOOKE_INTERRUPT_HV_PRIV))
+		return;
+
+	/* Search guest translation to find the real addressss */
+	geaddr =3D vcpu->arch.pc;
+	addr_space =3D (vcpu->arch.shared->msr & MSR_IS) >> MSR_IR_LG;
+	mtspr(SPRN_MAS6, (vcpu->arch.pid << MAS6_SPID_SHIFT) | =

addr_space);

+	mtspr(SPRN_MAS5, MAS5_SGS | vcpu->kvm->arch.lpid);
+	isync();
+	asm volatile("tlbsx 0, %[geaddr]\n" : : [geaddr] "r" (geaddr));
+	mtspr(SPRN_MAS5, 0);
+	mtspr(SPRN_MAS8, 0);=09
+
+	mas1 =3D mfspr(SPRN_MAS1);
+	if (!(mas1 & MAS1_VALID)) {
+		/*
+	 	 * There is no translation for the emulated instruction.
+		 * Simulate an instruction TLB miss. This should force =

the host

+		 * or ultimately the guest to add the translation and =

then

+		 * reexecute the instruction.
+		 */
+		*exit_nr =3D BOOKE_INTERRUPT_ITLB_MISS;
+		return;
+	}
+
+	mas3 =3D mfspr(SPRN_MAS3);
+	pr =3D vcpu->arch.shared->msr & MSR_PR;
+	if ((pr && (!(mas3 & MAS3_UX))) || ((!pr) && (!(mas3 & =

MAS3_SX)))) {

+	 	/*
+		 * Another thread may rewrite the TLB entry in parallel, =

don't

+		 * execute from the address if the execute permission is =

not set

+		 */
+		vcpu->arch.fault_esr =3D 0;
+		*exit_nr =3D BOOKE_INTERRUPT_INST_STORAGE;
+		return;
+	}
+
+	/* Get page size */
+	if (MAS0_GET_TLBSEL(mfspr(SPRN_MAS0)) =3D=3D 0)
+		psize_shift =3D PAGE_SHIFT;
+	else
+		psize_shift =3D MAS1_GET_TSIZE(mas1) + 10;
+
+	mas7_mas3 =3D (((u64) mfspr(SPRN_MAS7)) << 32) |
+		    mfspr(SPRN_MAS3);
+	addr =3D (mas7_mas3 & (~0ULL << psize_shift)) |
+	       (geaddr & ((1ULL << psize_shift) - 1ULL));
+
+	/* Map a page and get guest's instruction */
+	page =3D pfn_to_page(addr >> PAGE_SHIFT);

While looking at this I just realized that you're missing a check here. =
What if our IP is in some PCI BAR? Or can't we execute from those?


Alex

+	eaddr =3D (unsigned long)kmap_atomic(page);
+	eaddr |=3D addr & ~PAGE_MASK;
+	vcpu->arch.last_inst =3D *(u32 *)eaddr;
+	kunmap_atomic((u32 *)eaddr);
+}
+
struct kvm_vcpu *kvmppc_core_vcpu_create(struct kvm *kvm, unsigned int =

id)

{
	struct kvmppc_vcpu_e500 *vcpu_e500;
--=20
1.7.4.1
=20
=20
--
To unsubscribe from this list: send the line "unsubscribe kvm-ppc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html