| blob | 728d2c1b488a8135be08610c4b02cc7448e64515 |
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Kernel-based Virtual Machine driver for Linux
4 *
5 * This module enables kernel and guest-mode vCPU access to guest physical
6 * memory with suitable invalidation mechanisms.
7 *
8 * Copyright © 2021 Amazon.com, Inc. or its affiliates.
9 *
10 * Authors:
11 * David Woodhouse <dwmw2@infradead.org>
12 */
14 #include <linux/kvm_host.h>
15 #include <linux/kvm.h>
16 #include <linux/highmem.h>
17 #include <linux/module.h>
18 #include <linux/errno.h>
22 /*
23 * MMU notifier 'invalidate_range_start' hook.
24 */
27 {
34 /* Only a single page so no need to care about length */
39 /*
40 * There is a small window here where the cache could
41 * be modified, and invalidation would no longer be
42 * necessary. Hence check again whether invalidation
43 * is still necessary once the write lock has been
44 * acquired.
45 */
53 }
56 }
58 }
62 {
66 /*
67 * The cached access must fit within a single page. The 'len' argument
68 * to activate() and refresh() exists only to enforce that.
69 */
71 }
74 {
80 /*
81 * If the page was cached from a memslot, make sure the memslots have
82 * not been re-configured.
83 */
97 }
100 {
104 #ifdef CONFIG_HAS_IOMEM
106 #else
108 #endif
109 }
112 {
113 /* Unmap the old pfn/page if it was mapped before. */
120 }
122 #ifdef CONFIG_HAS_IOMEM
124 #endif
125 }
128 {
129 /*
130 * mn_active_invalidate_count acts for all intents and purposes
131 * like mmu_invalidate_in_progress here; but the latter cannot
132 * be used here because the invalidation of caches in the
133 * mmu_notifier event occurs _before_ mmu_invalidate_in_progress
134 * is elevated.
135 *
136 * Note, it does not matter that mn_active_invalidate_count
137 * is not protected by gpc->lock. It is guaranteed to
138 * be elevated before the mmu_notifier acquires gpc->lock, and
139 * isn't dropped until after mmu_invalidate_seq is updated.
140 */
144 /*
145 * Ensure mn_active_invalidate_count is read before
146 * mmu_invalidate_seq. This pairs with the smp_wmb() in
147 * mmu_notifier_invalidate_range_end() to guarantee either the
148 * old (non-zero) value of mn_active_invalidate_count or the
149 * new (incremented) value of mmu_invalidate_seq is observed.
150 */
153 }
156 {
157 /* Note, the new page offset may be different than the old! */
170 };
176 /*
177 * Invalidate the cache prior to dropping gpc->lock, the gpa=>uhva
178 * assets have already been updated and so a concurrent check() from a
179 * different task may not fail the gpa/uhva/generation checks.
180 */
189 /*
190 * If the previous iteration "failed" due to an mmu_notifier
191 * event, release the pfn and unmap the kernel virtual address
192 * from the previous attempt. Unmapping might sleep, so this
193 * needs to be done after dropping the lock. Opportunistically
194 * check for resched while the lock isn't held.
195 */
197 /*
198 * Keep the mapping if the previous iteration reused
199 * the existing mapping and didn't create a new one.
200 */
207 }
213 /*
214 * Obtain a new kernel mapping if KVM itself will access the
215 * pfn. Note, kmap() and memremap() can both sleep, so this
216 * too must be done outside of gpc->lock!
217 */
220 else
226 }
230 /*
231 * Other tasks must wait for _this_ refresh to complete before
232 * attempting to refresh.
233 */
241 /*
242 * Put the reference to the _new_ page. The page is now tracked by the
243 * cache and can be safely migrated, swapped, etc... as the cache will
244 * invalidate any mappings in response to relevant mmu_notifier events.
245 */
250 out_error:
254 }
257 {
261 kvm_pfn_t old_pfn;
266 /* Either gpa or uhva must be valid, but not both */
277 }
309 }
311 /*
312 * Even if the GPA and/or the memslot generation changed, the
313 * HVA may still be the same.
314 */
319 }
320 }
322 /* Note: the offset must be correct before calling hva_to_pfn_retry() */
325 /*
326 * If the userspace HVA changed or the PFN was already invalid,
327 * drop the lock and do the HVA to PFN lookup again.
328 */
332 /*
333 * If the HVA→PFN mapping was already valid, don't unmap it.
334 * But do update gpc->khva because the offset within the page
335 * may have changed.
336 */
340 }
342 out:
343 /*
344 * Invalidate the cache and purge the pfn/khva if the refresh failed.
345 * Some/all of the uhva, gpa, and memslot generation info may still be
346 * valid, leave it as is.
347 */
352 }
354 /* Detect a pfn change before dropping the lock! */
357 out_unlock:
364 }
367 {
375 /*
376 * If the GPA is valid then ignore the HVA, as a cache can be GPA-based
377 * or HVA-based, not both. For GPA-based caches, the HVA will be
378 * recomputed during refresh if necessary.
379 */
383 }
386 {
395 }
399 {
415 /*
416 * Activate the cache after adding it to the list, a concurrent
417 * refresh must not establish a mapping until the cache is
418 * reachable by mmu_notifier events.
419 */
423 }
425 }
428 {
429 /*
430 * Explicitly disallow INVALID_GPA so that the magic value can be used
431 * by KVM to differentiate between GPA-based and HVA-based caches.
432 */
437 }
440 {
445 }
448 {
450 kvm_pfn_t old_pfn;
456 /*
457 * Deactivate the cache before removing it from the list, KVM
458 * must stall mmu_notifier events until all users go away, i.e.
459 * until gpc->lock is dropped and refresh is guaranteed to fail.
460 */
465 /*
466 * Leave the GPA => uHVA cache intact, it's protected by the
467 * memslot generation. The PFN lookup needs to be redone every
468 * time as mmu_notifier protection is lost when the cache is
469 * removed from the VM's gpc_list.
470 */
483 }
484 }