KVM: MIPS: Precalculate MMIO load resume PC

The advancing of the PC when completing an MMIO load is done before re-entering the guest, i.e. before restoring the guest ASID. However if the load is in a branch delay slot it may need to access guest code to read the prior branch instruction. This isn't safe in TLB mapped code at the moment, nor in the future when we'll access unmapped guest segments using direct user accessors too, as it could read the branch from host user memory instead. Therefore calculate the resume PC in advance while we're still in the right context and save it in the new vcpu->arch.io_pc (replacing the no longer needed vcpu->arch.pending_load_cause), and restore it on MMIO completion. Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.") Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Radim Krčmář <rkrcmar@redhat.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Cc: <stable@vger.kernel.org> # 3.10.x- Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: James Hogan <james.hogan@imgtec.com> 2016-10-25 11:11:12 -0400
committer: Paolo Bonzini <pbonzini@redhat.com> 2016-10-26 07:43:55 -0400
commit: e1e575f6b026734be3b1f075e780e91ab08ca541 (patch)
tree: c104b417fdee65ed848470a75cc459532df9cf98 /arch/mips/kvm/emulate.c
parent: ede5f3e7b54a4347be4d8525269eae50902bd7cd (diff)
1 files changed, 15 insertions, 9 deletions
diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
index c45ef0f13dfa..aa0937423e28 100644
--- a/arch/mips/kvm/emulate.c
+++ b/arch/mips/kvm/emulate.c
@@ -1528,13 +1528,25 @@ enum emulation_result kvm_mips_emulate_load(union mips_instruction inst,
                                            struct kvm_vcpu *vcpu)
 {
        enum emulation_result er = EMULATE_DO_MMIO;
+        unsigned long curr_pc;
        u32 op, rt;
        u32 bytes;
        rt = inst.i_format.rt;
        op = inst.i_format.opcode;
-        vcpu->arch.pending_load_cause = cause;
+        /*
+         * Find the resume PC now while we have safe and easy access to the
+         * prior branch instruction, and save it for
+         * kvm_mips_complete_mmio_load() to restore later.
+         */
+        curr_pc = vcpu->arch.pc;
+        er = update_pc(vcpu, cause);
+        if (er == EMULATE_FAIL)
+                return er;
+        vcpu->arch.io_pc = vcpu->arch.pc;
+        vcpu->arch.pc = curr_pc;
        vcpu->arch.io_gpr = rt;
        switch (op) {
@@ -2494,9 +2506,8 @@ enum emulation_result kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu,
                goto done;
        }
-        er = update_pc(vcpu, vcpu->arch.pending_load_cause);
+        /* Restore saved resume PC */
-        if (er == EMULATE_FAIL)
+        vcpu->arch.pc = vcpu->arch.io_pc;
-                return er;
        switch (run->mmio.len) {
        case 4:
@@ -2518,11 +2529,6 @@ enum emulation_result kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu,
                break;
        }
-        if (vcpu->arch.pending_load_cause & CAUSEF_BD)
-                kvm_debug("[%#lx] Completing %d byte BD Load to gpr %d (0x%08lx) type %d\n",
-                          vcpu->arch.pc, run->mmio.len, vcpu->arch.io_gpr, *gpr,
-                          vcpu->mmio_needed);
 done:
        return er;
 }
author	James Hogan <james.hogan@imgtec.com>	2016-10-25 11:11:12 -0400
committer	Paolo Bonzini <pbonzini@redhat.com>	2016-10-26 07:43:55 -0400
commit	e1e575f6b026734be3b1f075e780e91ab08ca541 (patch)
tree	c104b417fdee65ed848470a75cc459532df9cf98 /arch/mips/kvm/emulate.c
parent	ede5f3e7b54a4347be4d8525269eae50902bd7cd (diff)