[RFC PATCH] powerpc/pseries/svm: capture instruction faulting on MMIO access, in sprg0 register
Ram Pai
linuxram at us.ibm.com
Wed Jul 22 17:45:21 AEST 2020
On Wed, Jul 22, 2020 at 12:42:05AM -0700, Ram Pai wrote:
> On Wed, Jul 22, 2020 at 03:02:32PM +1000, Paul Mackerras wrote:
> > On Thu, Jul 16, 2020 at 01:32:13AM -0700, Ram Pai wrote:
> > > An instruction accessing a mmio address, generates a HDSI fault. This fault is
> > > appropriately handled by the Hypervisor. However in the case of secureVMs, the
> > > fault is delivered to the ultravisor.
> > >
> > > Unfortunately the Ultravisor has no correct-way to fetch the faulting
> > > instruction. The PEF architecture does not allow Ultravisor to enable MMU
> > > translation. Walking the two level page table to read the instruction can race
> > > with other vcpus modifying the SVM's process scoped page table.
> > >
> > > This problem can be correctly solved with some help from the kernel.
> > >
> > > Capture the faulting instruction in SPRG0 register, before executing the
> > > faulting instruction. This enables the ultravisor to easily procure the
> > > faulting instruction and emulate it.
> >
> > Just a comment on the approach of putting the instruction in SPRG0:
> > these I/O accessors can be used in interrupt routines, which means
> > that if these accessors are ever used with interrupts enabled, there
> > is the possibility of an external interrupt occurring between the
> > instruction that sets SPRG0 and the load/store instruction that
> > faults. If the handler for that interrupt itself does an I/O access,
> > it will overwrite SPRG0, corrupting the value set by the interrupted
> > code.
>
> Acutally my proposed code restores the value of SPRG0 before returning back to
> the interrupted instruction. So here is the sequence. I think it works.
>
> (1) store sprg0 in register Rx (lets say srpg0 had 0xc. Rx now contains 0xc)
>
> (2) save faulting instruction address in sprg0 (lets say the value is 0xa.
> sprg0 will contain 0xa).
Small correction. sprg0 does not store the address of the faulting
instruction. It stores the isntruction itself. Regardless, the code
should work, I think.
RP
More information about the Linuxppc-dev
mailing list