kvm/arm64: queue DABT (Data Abort) to force Sentry returning to the host

SError-s are blocked in the kernel context (A-bit in PSTATE).

Fixes #6629

PiperOrigin-RevId: 754196342

Author: avagin

pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go

@@ -111,6 +111,14 @@ func bluepillSigBus(c *vCPU) {
 		},
 	}
 
+	if !c.switchingToUser.Load() {
+		// In the kernel mode (Sentry), Serrors are masked.
+		// DABT (Data Abort) will force the Sentry returns back
+		// to the host.
+		bluepillExtDabt(c)
+		return
+	}
+
 	// Host must support ARM64_HAS_RAS_EXTN.
 	if errno := hostsyscall.RawSyscallErrno( // escapes: no.
 		unix.SYS_IOCTL,

pkg/sentry/platform/kvm/kvm_safecopy_test.go

@@ -12,11 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// FIXME(gvisor.dev/issue/6629): These tests don't pass on ARM64.
-//
-//go:build amd64
-// +build amd64
-
 package kvm
 
 import (

pkg/sentry/platform/kvm/machine_arm64.go

@@ -23,6 +23,7 @@ import (
 
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/atomicbitops"
 	"gvisor.dev/gvisor/pkg/hostarch"
 	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/ring0"
@@ -35,6 +36,11 @@ type vCPUArchState struct {
 	//
 	// This starts above fixedKernelPCID.
 	PCIDs *pagetables.PCIDs
+
+	// switchingToUser indicates whether the vCPU is in the process of
+	// switching to user mode. It is set before the SwitchToUser call
+	// and unset after.
+	switchingToUser atomicbitops.Bool
 }
 
 const (

pkg/sentry/platform/kvm/machine_arm64_unsafe.go

@@ -214,8 +214,8 @@ func (c *vCPU) getTSC() error {
 	reg.addr = uint64(reflect.ValueOf(&data).Pointer())
 	reg.id = _KVM_ARM64_REGS_TIMER_CNT
 
-	if err := c.getOneRegister(&reg); err != nil {
-		return err
+	if errno := c.getOneRegister(&reg); errno != 0 {
+		return fmt.Errorf("error getting KVM_ARM64_REGS_TIMER_CNT: %w", errno)
 	}
 
 	return nil
@@ -265,6 +265,7 @@ func (c *vCPU) loadSegments(tid uint64) {
 	c.tid.Store(tid)
 }
 
+//go:nosplit
 func (c *vCPU) setOneRegister(reg *kvmOneReg) error {
 	if errno := hostsyscall.RawSyscallErrno(
 		unix.SYS_IOCTL,
@@ -276,15 +277,13 @@ func (c *vCPU) setOneRegister(reg *kvmOneReg) error {
 	return nil
 }
 
-func (c *vCPU) getOneRegister(reg *kvmOneReg) error {
-	if errno := hostsyscall.RawSyscallErrno(
+//go:nosplit
+func (c *vCPU) getOneRegister(reg *kvmOneReg) unix.Errno {
+	return hostsyscall.RawSyscallErrno(
 		unix.SYS_IOCTL,
 		uintptr(c.fd),
 		_KVM_GET_ONE_REG,
-		uintptr(unsafe.Pointer(reg))); errno != 0 {
-		return fmt.Errorf("error getting one register: %v", errno)
-	}
-	return nil
+		uintptr(unsafe.Pointer(reg)))
 }
 
 // SwitchToUser unpacks architectural-details.
@@ -317,11 +316,15 @@ func (c *vCPU) SwitchToUser(switchOpts ring0.SwitchOpts, info *linux.SignalInfo)
 	appRegs := switchOpts.Registers
 	c.SetAppAddr(ring0.KernelStartAddress | uintptr(unsafe.Pointer(appRegs)))
 
+	c.switchingToUser.Store(true)
+
 	entersyscall()
 	bluepill(c)
 	vector = c.CPU.SwitchToUser(switchOpts)
 	exitsyscall()
 
+	c.switchingToUser.Store(false)
+
 	switch vector {
 	case ring0.Syscall:
 		// Fast path: system call executed.