vector controlled async exception

Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>

Author: Lai Jiangshan

Documentation/virt/kvm/x86/pvm-spec.rst

@@ -245,8 +245,10 @@ PVCS::event_flags
   due to the interrupt-enable flag being cleared in supervisor mode.
 |   The guest is responsible for issuing a hypercall PVM_HC_IRQ_WIN when
     the guest sees this bit after setting the PVCS::event_flags.IF.
-    The hypervisor clears this bit in handling
-    PVM_HC_IRQ_WIN/IRQ_HLT/EVENT_RETURN_USER/EVENT_RETURN_HYPERVISOR.
+    This bit might be left over without actual pending interrupt in some
+    cases, which is harmless.  The hypervisor clears this bit in handling
+    PVM_HC_IRQ_WIN/IRQ_HLT/EVENT_RETURN_SUPERVISOR when interrupt is
+    enabled.
 
 Other bits are reserved (Software should set them to zero).
 

arch/x86/entry/entry_64_pvm.S

@@ -11,7 +11,7 @@
 .macro PUSH_IRET_FRAME_FROM_PVCS user:req
 	.if \user == 1
 		movl	PER_CPU_VAR(pvm_vcpu_struct + PVCS_user_ss), %ecx
-		andq	$0xff, %rcx
+		andl	$0xFFFF, %ecx
 		pushq	%rcx				/* pt_regs->ss */
 	.else
 		pushq	$__KERNEL_DS
@@ -23,7 +23,7 @@
 
 	.if \user == 1
 		movl	PER_CPU_VAR(pvm_vcpu_struct + PVCS_user_cs), %ecx
-		andq	$0xff, %rcx
+		andl	$0xFFFF, %ecx
 		pushq	%rcx				/* pt_regs->cs */
 	.else
 		pushq	$__KERNEL_CS
@@ -36,19 +36,41 @@
 	movq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_r11), %r11
 .endm
 
-.macro pvm_enable_events
-	orq	$PVM_EVENT_FLAGS_EF, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_flags)
-	btq	$PVM_EVENT_FLAGS_EP_BIT, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_flags)
-	jnc	.L_no_event_pending_\@
-	pushq	%rax
-	movq	$PVM_HC_EVENT_WIN, %rax
-	call	pvm_hypercall
-	popq	%rax
-.L_no_event_pending_\@:
+.macro PUSH_REGS_AND_HANDLE_EVENT handler:req
+	/* Invalidate orig_ax so that syscall_get_nr() works correctly */
+	pushq	$-1
+	PUSH_AND_CLEAR_REGS
+
+	movw	PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_errcode), %dx
+	xorl	%esi,  %esi
+	// get all async exceptions and put PVCS with non-contended xchg
+	xchgw	%si, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_vector)
+	movq	%rsp, %rdi	/* %rdi -> pt_regs */
+	call	\handler
 .endm
 
-.macro pvm_disable_events
-	btrq	$PVM_EVENT_FLAGS_EF_BIT, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_flags)
+.macro POP_REGS_AND_LOAD_IRET_FRAME_INTO_PVCS
+	POP_REGS
+
+	// get PVCS before access to it
+	btsw	$PVM_PVCS_EVENT_VECTOR_STD_BIT, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_vector)
+
+	// Copy %rcx, %r11 to the PVM CPU structure
+	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rcx)
+	movq	%r11, PER_CPU_VAR(pvm_vcpu_struct + PVCS_r11)
+
+	// Copy the IRET frame to the PVM CPU structure
+	// PVCS_user_cs/ss are ignored for ERETS, load them anyway
+	movq	1*8(%rsp), %rcx		/* RIP */
+	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rip)
+	movq	2*8(%rsp), %rcx		/* CS */
+	movw	%cx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_user_cs)
+	movq	3*8(%rsp), %rcx		/* RFLAGS */
+	movl	%ecx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_eflags)
+	movq	4*8(%rsp), %rcx		/* RSP */
+	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rsp)
+	movq	5*8(%rsp), %rcx		/* SS */
+	movw	%cx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_user_ss)
 .endm
 
 .code64
@@ -60,8 +82,14 @@ SYM_CODE_START(entry_SYSCALL_64_pvm)
 
 	PUSH_IRET_FRAME_FROM_PVCS user=1
 
-	pvm_enable_events
+	btrw	$PVM_PVCS_EVENT_VECTOR_STD_BIT, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_vector)
+	cmpw	$0, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_vector)
+	jz	entry_SYSCALL_64_after_hwframe
 
+.L_async_exception:
+	PUSH_REGS_AND_HANDLE_EVENT handler=pvm_event
+	POP_REGS
+	addq	$8, %rsp
 	jmp	entry_SYSCALL_64_after_hwframe
 SYM_CODE_END(entry_SYSCALL_64_pvm)
 
@@ -97,7 +125,7 @@ SYM_FUNC_START(pvm_irq_enable)
 	RET
 .L_maybe_interrupt_pending:
 	/* handle pending IRQ */
-	movq	$PVM_HC_EVENT_WIN, %rax
+	movq	$PVM_HC_IRQ_WIN, %rax
 	jmp	pvm_hypercall
 SYM_FUNC_END(pvm_irq_enable)
 .popsection
@@ -112,35 +140,10 @@ SYM_CODE_START(pvm_user_event_entry)
 	ENDBR
 
 	PUSH_IRET_FRAME_FROM_PVCS user=1
-	/* pt_regs->orig_ax: errcode and vector */
-	pushq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_errcode)
-
-	pvm_enable_events
-
-	PUSH_AND_CLEAR_REGS
-	movq	%rsp, %rdi	/* %rdi -> pt_regs */
-	call	pvm_event
+	PUSH_REGS_AND_HANDLE_EVENT handler=pvm_event
 
 SYM_INNER_LABEL(pvm_restore_regs_and_return_to_usermode, SYM_L_GLOBAL)
-	POP_REGS
-
-	pvm_disable_events
-
-	/* Copy %rcx, %r11 to the PVM CPU structure. */
-	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rcx)
-	movq	%r11, PER_CPU_VAR(pvm_vcpu_struct + PVCS_r11)
-
-	/* Copy the IRET frame to the PVM CPU structure. */
-	movq	1*8(%rsp), %rcx		/* RIP */
-	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rip)
-	movq	2*8(%rsp), %rcx		/* CS */
-	movw	%cx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_user_cs)
-	movq	3*8(%rsp), %rcx		/* RFLAGS */
-	movl	%ecx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_eflags)
-	movq	4*8(%rsp), %rcx		/* RSP */
-	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rsp)
-	movq	5*8(%rsp), %rcx		/* SS */
-	movw	%cx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_user_ss)
+	POP_REGS_AND_LOAD_IRET_FRAME_INTO_PVCS
 
 	/*
 	 * We are on the trampoline stack.  All regs are live.
@@ -172,34 +175,26 @@ SYM_CODE_START(pvm_kernel_event_entry)
 	/* TODO: check stack overflow */
 
 	PUSH_IRET_FRAME_FROM_PVCS user=0
-	/* pt_regs->orig_ax: errcode and vector */
-	pushq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_errcode)
-
-	pvm_enable_events
-
-	PUSH_AND_CLEAR_REGS
-	movq	%rsp, %rdi	/* %rdi -> pt_regs */
-	call	pvm_event
-
-SYM_INNER_LABEL(pvm_restore_regs_and_return_to_kernel, SYM_L_GLOBAL)
-	POP_REGS
-
-	pvm_disable_events
-
-	/* Copy %rcx, %r11 to the PVM CPU structure. */
-	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rcx)
-	movq	%r11, PER_CPU_VAR(pvm_vcpu_struct + PVCS_r11)
-
-	/* Copy the IRET frame to the PVM CPU structure. */
-	movq	1*8(%rsp), %rcx		/* RIP */
-	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rip)
-	movq	3*8(%rsp), %rcx		/* RFLAGS */
-	movl	%ecx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_eflags)
-	movq	4*8(%rsp), %rcx		/* RSP */
-	movq	%rcx, PER_CPU_VAR(pvm_vcpu_struct + PVCS_rsp)
+	PUSH_REGS_AND_HANDLE_EVENT handler=pvm_event
+	POP_REGS_AND_LOAD_IRET_FRAME_INTO_PVCS
 
-	addq	$6*8, %rsp
+	addq	$(6*8+16), %rsp
 SYM_INNER_LABEL(pvm_rets_rip, SYM_L_GLOBAL)
 	ANNOTATE_NOENDBR
 	syscall
 SYM_CODE_END(pvm_kernel_event_entry)
+
+.pushsection .head.text, "ax"
+SYM_CODE_START_NOALIGN(pvm_early_kernel_event_entry)
+	UNWIND_HINT_ENTRY
+	ENDBR
+
+	incl	early_recursion_flag(%rip)
+	PUSH_IRET_FRAME_FROM_PVCS user=0
+	PUSH_REGS_AND_HANDLE_EVENT handler=pvm_early_event
+	POP_REGS_AND_LOAD_IRET_FRAME_INTO_PVCS
+	decl	early_recursion_flag(%rip)
+	addq	$6*8, %rsp
+	jmp	pvm_rets_rip
+SYM_CODE_END(pvm_early_kernel_event_entry)
+.popsection

arch/x86/include/uapi/asm/pvm_para.h

@@ -47,7 +47,7 @@
 #define PVM_HC_SPECIAL_MAX		(PVM_HC_SPECIAL_BASE+PVM_HC_SPECIAL_MAX_NR)
 
 #define PVM_HC_LOAD_PGTBL		(PVM_HC_SPECIAL_BASE+0)
-#define PVM_HC_EVENT_WIN		(PVM_HC_SPECIAL_BASE+1)
+#define PVM_HC_IRQ_WIN			(PVM_HC_SPECIAL_BASE+1)
 #define PVM_HC_IRQ_HALT			(PVM_HC_SPECIAL_BASE+2)
 #define PVM_HC_TLB_FLUSH		(PVM_HC_SPECIAL_BASE+3)
 #define PVM_HC_TLB_FLUSH_CURRENT	(PVM_HC_SPECIAL_BASE+4)
@@ -58,17 +58,6 @@
 #define PVM_HC_LOAD_TLS			(PVM_HC_SPECIAL_BASE+9)
 
 /*
- * PVM_EVENT_FLAGS_EF
- *	- Event enable flag. The flag is set to respond to events;
- *	  and cleared to inhibit events. When the hypervisor try to inject
- *	  an event except for NMI with PVM_EVENT_FLAGS_EF cleared, it will
- *	  morph it to triple-fault.
- *
- * PVM_EVENT_FLAGS_EP
- *	- Event pending flag. The hypervisor sets it if it fails to inject
- *	  an event (NMI) to the VCPU due to the event-enable flag being
- *	  cleared in supervisor mode.
- *
  * PVM_EVENT_FLAGS_IF
  *	- Interrupt enable flag. The flag is set to respond to maskable
  *	  external interrupts; and cleared to inhibit maskable external
@@ -79,15 +68,49 @@
  *	  a maskable event to the VCPU due to the interrupt-enable flag being
  *	  cleared in supervisor mode.
  */
-#define PVM_EVENT_FLAGS_EF_BIT		0
-#define PVM_EVENT_FLAGS_EF		_BITUL(PVM_EVENT_FLAGS_EF_BIT)
-#define PVM_EVENT_FLAGS_EP_BIT		1
-#define PVM_EVENT_FLAGS_EP		_BITUL(PVM_EVENT_FLAGS_EP_BIT)
 #define PVM_EVENT_FLAGS_IP_BIT		8
 #define PVM_EVENT_FLAGS_IP		_BITUL(PVM_EVENT_FLAGS_IP_BIT)
 #define PVM_EVENT_FLAGS_IF_BIT		9
 #define PVM_EVENT_FLAGS_IF		_BITUL(PVM_EVENT_FLAGS_IF_BIT)
 
+/*
+ * Bits for event_vector.
+ *
+ * The lowest 8-bit is the vector number for non async-exception vector events.
+ *
+ * The highest 8-bit is defined as following.  When the highest 8-bit is
+ * non-zero in supervisor mode, only async-exception can be delivered without
+ * jumping to the entry point.  The guest supervisor should check any pending
+ * NMI/MCE when handling any events.  The hypervisor will also check it
+ * for pending NMI/MCE in handling ERETU/ERETS.  Trying to deliver a non
+ * async-exception when the highest 8-bit is non-zero in supervisor mode
+ * will make it morphed into a triple-fault.
+ *
+ * The supervisor code should clear the highest 8-bit and get all the
+ * delivered events from event_vector in a appropriate way.
+ *
+ * PVM_PVCS_EVENT_VECTOR_STD:
+ *	- The supervisor software should set this bit before access to PVCS
+ *	  for ERETU/ERETS.  The event_vector remains to be this value during
+ *	  user mode and upon delivering a SYSCALL event from user mode.
+ *	  Since async-exception can be dilivered and access to PVCS any time,
+ *	  so it is required for protecting the fields related to supervisor
+ *	  event delivering.
+ *	- When a non async-exception is delivered, this bit is set and the
+ *	  lowest 8-bit is the vector number.
+ *
+ * PVM_PVCS_EVENT_VECTOR_NMI
+ * PVM_PVCS_EVENT_VECTOR_MCE
+ *	- An NMI or MCE is being delivered (or along with other events) or
+ *	  pending (during the period the supervisor is about to ERETU/ERETS)
+ */
+#define PVM_PVCS_EVENT_VECTOR_STD_BIT		8
+#define PVM_PVCS_EVENT_VECTOR_STD		_BITUL(PVM_PVCS_EVENT_VECTOR_STD_BIT)
+#define PVM_PVCS_EVENT_VECTOR_NMI_BIT		9
+#define PVM_PVCS_EVENT_VECTOR_NMI		_BITUL(PVM_PVCS_EVENT_VECTOR_NMI_BIT)
+#define PVM_PVCS_EVENT_VECTOR_MCE_BIT		10
+#define PVM_PVCS_EVENT_VECTOR_MCE		_BITUL(PVM_PVCS_EVENT_VECTOR_MCE_BIT)
+
 #define PVM_LOAD_PGTBL_FLAGS_TLB	_BITUL(0)
 #define PVM_LOAD_PGTBL_FLAGS_LA57	_BITUL(1)
 
@@ -105,17 +128,14 @@ struct pvm_vcpu_struct {
 	 * bit 9 being valid. The other bits are reserved.
 	 */
 	u64 event_flags;
-	u32 event_errcode;
-	u32 event_vector;
 	u64 cr2;
-	u64 reserved0[5];
+	u64 reserved0[6];
 
-	/*
-	 * For the event from supervisor mode with vector >=32, only eflags,
-	 * rip, rsp, rcx and r11 are saved, and others keep untouched.
-	 */
+	// For ERETS and the event from supervisor mode, user_cs, user_ss
+	// user_gsbase, and pkru are ignored and kept untouched.
 	u16 user_cs, user_ss;
-	u32 reserved1;
+	u16 event_errcode;
+	u16 event_vector;
 	u64 reserved2;
 	u64 user_gsbase;
 	u32 eflags;

arch/x86/kernel/asm-offsets_64.c

@@ -80,6 +80,7 @@ int main(void)
 #define ENTRY(entry) OFFSET(PVCS_ ## entry, pvm_vcpu_struct, entry)
 	ENTRY(event_flags);
 	ENTRY(event_errcode);
+	ENTRY(event_vector);
 	ENTRY(user_cs);
 	ENTRY(user_ss);
 	ENTRY(user_gsbase);

arch/x86/kernel/head_64.S

@@ -633,37 +633,6 @@ SYM_CODE_START_NOALIGN(vc_no_ghcb)
 SYM_CODE_END(vc_no_ghcb)
 #endif
 
-#ifdef CONFIG_PVM_GUEST
-#include <asm/pvm_para.h>
-
-	.align 256
-SYM_CODE_START_NOALIGN(pvm_early_kernel_event_entry)
-	UNWIND_HINT_ENTRY
-	ENDBR
-
-	incl	early_recursion_flag(%rip)
-
-	pushq	$__KERNEL_DS
-	pushq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_rsp) /* pt_regs->sp */
-	movl	PER_CPU_VAR(pvm_vcpu_struct + PVCS_eflags), %ecx
-	pushq	%rcx					/* pt_regs->flags */
-	pushq	$__KERNEL_CS
-	pushq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_rip) /* pt_regs->ip */
-	movq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_rcx), %rcx
-	movq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_r11), %r11
-	pushq	PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_errcode)
-
-	orq	$PVM_EVENT_FLAGS_EF, PER_CPU_VAR(pvm_vcpu_struct + PVCS_event_flags)
-
-	PUSH_AND_CLEAR_REGS
-	movq	%rsp, %rdi	/* %rdi -> pt_regs */
-	call	pvm_early_event
-
-	decl	early_recursion_flag(%rip)
-	jmp	pvm_restore_regs_and_return_to_kernel
-SYM_CODE_END(pvm_early_kernel_event_entry)
-#endif
-
 #define SYM_DATA_START_PAGE_ALIGNED(name)			\
 	SYM_START(name, SYM_L_GLOBAL, .balign PAGE_SIZE)