arm: Allow system registers for KVM guests to be changed by QEMU code

At the moment the Arm implementations of kvm_arch_{get,put}_registers()
don't support having QEMU change the values of system registers
(aka coprocessor registers for AArch32). This is because although
kvm_arch_get_registers() calls write_list_to_cpustate() to
update the CPU state struct fields (so QEMU code can read the
values in the usual way), kvm_arch_put_registers() does not
call write_cpustate_to_list(), meaning that any changes to
the CPU state struct fields will not be passed back to KVM.

The rationale for this design is documented in a comment in the
AArch32 kvm_arch_put_registers() -- writing the values in the
cpregs list into the CPU state struct is "lossy" because the
write of a register might not succeed, and so if we blindly
copy the CPU state values back again we will incorrectly
change register values for the guest. The assumption was that
no QEMU code would need to write to the registers.

However, when we implemented debug support for KVM guests, we
broke that assumption: the code to handle "set the guest up
to take a breakpoint exception" does so by updating various
guest registers including ESR_EL1.

Support this by making kvm_arch_put_registers() synchronize
CPU state back into the list. We sync only those registers
where the initial write succeeds, which should be sufficient.

This commit is the same as commit 823e1b3818 which we
had to revert in commit 942f99c825, except that the bug
which was preventing EDK2 guest firmware running has been fixed:
kvm_arm_reset_vcpu() now calls write_list_to_cpustate().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
This commit is contained in:
Peter Maydell 2019-05-07 12:55:02 +01:00
parent ff3dcf28c0
commit b698e4eef5
6 changed files with 46 additions and 22 deletions

View File

@ -2610,18 +2610,25 @@ bool write_list_to_cpustate(ARMCPU *cpu);
/** /**
* write_cpustate_to_list: * write_cpustate_to_list:
* @cpu: ARMCPU * @cpu: ARMCPU
* @kvm_sync: true if this is for syncing back to KVM
* *
* For each register listed in the ARMCPU cpreg_indexes list, write * For each register listed in the ARMCPU cpreg_indexes list, write
* its value from the ARMCPUState structure into the cpreg_values list. * its value from the ARMCPUState structure into the cpreg_values list.
* This is used to copy info from TCG's working data structures into * This is used to copy info from TCG's working data structures into
* KVM or for outbound migration. * KVM or for outbound migration.
* *
* @kvm_sync is true if we are doing this in order to sync the
* register state back to KVM. In this case we will only update
* values in the list if the previous list->cpustate sync actually
* successfully wrote the CPU state. Otherwise we will keep the value
* that is in the list.
*
* Returns: true if all register values were read correctly, * Returns: true if all register values were read correctly,
* false if some register was unknown or could not be read. * false if some register was unknown or could not be read.
* Note that we do not stop early on failure -- we will attempt * Note that we do not stop early on failure -- we will attempt
* reading all registers in the list. * reading all registers in the list.
*/ */
bool write_cpustate_to_list(ARMCPU *cpu); bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
#define ARM_CPUID_TI915T 0x54029152 #define ARM_CPUID_TI915T 0x54029152
#define ARM_CPUID_TI925T 0x54029252 #define ARM_CPUID_TI925T 0x54029252

View File

@ -266,7 +266,7 @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
return true; return true;
} }
bool write_cpustate_to_list(ARMCPU *cpu) bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)
{ {
/* Write the coprocessor state from cpu->env to the (index,value) list. */ /* Write the coprocessor state from cpu->env to the (index,value) list. */
int i; int i;
@ -275,6 +275,7 @@ bool write_cpustate_to_list(ARMCPU *cpu)
for (i = 0; i < cpu->cpreg_array_len; i++) { for (i = 0; i < cpu->cpreg_array_len; i++) {
uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]); uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
const ARMCPRegInfo *ri; const ARMCPRegInfo *ri;
uint64_t newval;
ri = get_arm_cp_reginfo(cpu->cp_regs, regidx); ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
if (!ri) { if (!ri) {
@ -284,7 +285,29 @@ bool write_cpustate_to_list(ARMCPU *cpu)
if (ri->type & ARM_CP_NO_RAW) { if (ri->type & ARM_CP_NO_RAW) {
continue; continue;
} }
cpu->cpreg_values[i] = read_raw_cp_reg(&cpu->env, ri);
newval = read_raw_cp_reg(&cpu->env, ri);
if (kvm_sync) {
/*
* Only sync if the previous list->cpustate sync succeeded.
* Rather than tracking the success/failure state for every
* item in the list, we just recheck "does the raw write we must
* have made in write_list_to_cpustate() read back OK" here.
*/
uint64_t oldval = cpu->cpreg_values[i];
if (oldval == newval) {
continue;
}
write_raw_cp_reg(&cpu->env, ri, oldval);
if (read_raw_cp_reg(&cpu->env, ri) != oldval) {
continue;
}
write_raw_cp_reg(&cpu->env, ri, newval);
}
cpu->cpreg_values[i] = newval;
} }
return ok; return ok;
} }

View File

@ -497,6 +497,14 @@ void kvm_arm_reset_vcpu(ARMCPU *cpu)
fprintf(stderr, "write_kvmstate_to_list failed\n"); fprintf(stderr, "write_kvmstate_to_list failed\n");
abort(); abort();
} }
/*
* Sync the reset values also into the CPUState. This is necessary
* because the next thing we do will be a kvm_arch_put_registers()
* which will update the list values from the CPUState before copying
* the list values back to KVM. It's OK to ignore failure returns here
* for the same reason we do so in kvm_arch_get_registers().
*/
write_list_to_cpustate(cpu);
} }
/* /*

View File

@ -384,24 +384,8 @@ int kvm_arch_put_registers(CPUState *cs, int level)
return ret; return ret;
} }
/* Note that we do not call write_cpustate_to_list() write_cpustate_to_list(cpu, true);
* here, so we are only writing the tuple list back to
* KVM. This is safe because nothing can change the
* CPUARMState cp15 fields (in particular gdb accesses cannot)
* and so there are no changes to sync. In fact syncing would
* be wrong at this point: for a constant register where TCG and
* KVM disagree about its value, the preceding write_list_to_cpustate()
* would not have had any effect on the CPUARMState value (since the
* register is read-only), and a write_cpustate_to_list() here would
* then try to write the TCG value back into KVM -- this would either
* fail or incorrectly change the value the guest sees.
*
* If we ever want to allow the user to modify cp15 registers via
* the gdb stub, we would need to be more clever here (for instance
* tracking the set of registers kvm_arch_get_registers() successfully
* managed to update the CPUARMState with, and only allowing those
* to be written back up into the kernel).
*/
if (!write_list_to_kvmstate(cpu, level)) { if (!write_list_to_kvmstate(cpu, level)) {
return EINVAL; return EINVAL;
} }

View File

@ -838,6 +838,8 @@ int kvm_arch_put_registers(CPUState *cs, int level)
return ret; return ret;
} }
write_cpustate_to_list(cpu, true);
if (!write_list_to_kvmstate(cpu, level)) { if (!write_list_to_kvmstate(cpu, level)) {
return EINVAL; return EINVAL;
} }

View File

@ -646,7 +646,7 @@ static int cpu_pre_save(void *opaque)
abort(); abort();
} }
} else { } else {
if (!write_cpustate_to_list(cpu)) { if (!write_cpustate_to_list(cpu, false)) {
/* This should never fail. */ /* This should never fail. */
abort(); abort();
} }