search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'sched-urgent-2020-12-27' of git://git.kernel.org/pub/scm/linux/kernel...
[linux/fpc-iii.git] / arch / arm64 / kvm / mmu.c
blob7d2257cc543874deb4e605e5b45e25db0e2e5542
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2012 - Virtual Open Systems and Columbia University
4 * Author: Christoffer Dall <c.dall@virtualopensystems.com>
5 */
6
7 #include <linux/mman.h>
8 #include <linux/kvm_host.h>
9 #include <linux/io.h>
10 #include <linux/hugetlb.h>
11 #include <linux/sched/signal.h>
12 #include <trace/events/kvm.h>
13 #include <asm/pgalloc.h>
14 #include <asm/cacheflush.h>
15 #include <asm/kvm_arm.h>
16 #include <asm/kvm_mmu.h>
17 #include <asm/kvm_pgtable.h>
18 #include <asm/kvm_ras.h>
19 #include <asm/kvm_asm.h>
20 #include <asm/kvm_emulate.h>
21 #include <asm/virt.h>
22
23 #include "trace.h"
24
25 static struct kvm_pgtable *hyp_pgtable;
26 static DEFINE_MUTEX(kvm_hyp_pgd_mutex);
27
28 static unsigned long hyp_idmap_start;
29 static unsigned long hyp_idmap_end;
30 static phys_addr_t hyp_idmap_vector;
31
32 static unsigned long io_map_base;
33
34
35 /*
36 * Release kvm_mmu_lock periodically if the memory region is large. Otherwise,
37 * we may see kernel panics with CONFIG_DETECT_HUNG_TASK,
38 * CONFIG_LOCKUP_DETECTOR, CONFIG_LOCKDEP. Additionally, holding the lock too
39 * long will also starve other vCPUs. We have to also make sure that the page
40 * tables are not freed while we released the lock.
41 */
42 static int stage2_apply_range(struct kvm *kvm, phys_addr_t addr,
43 phys_addr_t end,
44 int (*fn)(struct kvm_pgtable *, u64, u64),
45 bool resched)
46 {
47 int ret;
48 u64 next;
49
50 do {
51 struct kvm_pgtable *pgt = kvm->arch.mmu.pgt;
52 if (!pgt)
53 return -EINVAL;
54
55 next = stage2_pgd_addr_end(kvm, addr, end);
56 ret = fn(pgt, addr, next - addr);
57 if (ret)
58 break;
59
60 if (resched && next != end)
61 cond_resched_lock(&kvm->mmu_lock);
62 } while (addr = next, addr != end);
63
64 return ret;
65 }
66
67 #define stage2_apply_range_resched(kvm, addr, end, fn) \
68 stage2_apply_range(kvm, addr, end, fn, true)
69
70 static bool memslot_is_logging(struct kvm_memory_slot *memslot)
71 {
72 return memslot->dirty_bitmap && !(memslot->flags & KVM_MEM_READONLY);
73 }
74
75 /**
76 * kvm_flush_remote_tlbs() - flush all VM TLB entries for v7/8
77 * @kvm: pointer to kvm structure.
78 *
79 * Interface to HYP function to flush all VM TLB entries
80 */
81 void kvm_flush_remote_tlbs(struct kvm *kvm)
82 {
83 kvm_call_hyp(__kvm_tlb_flush_vmid, &kvm->arch.mmu);
84 }
85
86 static bool kvm_is_device_pfn(unsigned long pfn)
87 {
88 return !pfn_valid(pfn);
89 }
90
91 /*
92 * Unmapping vs dcache management:
93 *
94 * If a guest maps certain memory pages as uncached, all writes will
95 * bypass the data cache and go directly to RAM. However, the CPUs
96 * can still speculate reads (not writes) and fill cache lines with
97 * data.
98 *
99 * Those cache lines will be *clean* cache lines though, so a
100 * clean+invalidate operation is equivalent to an invalidate
101 * operation, because no cache lines are marked dirty.
102 *
103 * Those clean cache lines could be filled prior to an uncached write
104 * by the guest, and the cache coherent IO subsystem would therefore
105 * end up writing old data to disk.
106 *
107 * This is why right after unmapping a page/section and invalidating
108 * the corresponding TLBs, we flush to make sure the IO subsystem will
109 * never hit in the cache.
110 *
111 * This is all avoided on systems that have ARM64_HAS_STAGE2_FWB, as
112 * we then fully enforce cacheability of RAM, no matter what the guest
113 * does.
114 */
115 /**
116 * unmap_stage2_range -- Clear stage2 page table entries to unmap a range
117 * @mmu: The KVM stage-2 MMU pointer
118 * @start: The intermediate physical base address of the range to unmap
119 * @size: The size of the area to unmap
120 * @may_block: Whether or not we are permitted to block
121 *
122 * Clear a range of stage-2 mappings, lowering the various ref-counts. Must
123 * be called while holding mmu_lock (unless for freeing the stage2 pgd before
124 * destroying the VM), otherwise another faulting VCPU may come in and mess
125 * with things behind our backs.
126 */
127 static void __unmap_stage2_range(struct kvm_s2_mmu *mmu, phys_addr_t start, u64 size,
128 bool may_block)
129 {
130 struct kvm *kvm = mmu->kvm;
131 phys_addr_t end = start + size;
132
133 assert_spin_locked(&kvm->mmu_lock);
134 WARN_ON(size & ~PAGE_MASK);
135 WARN_ON(stage2_apply_range(kvm, start, end, kvm_pgtable_stage2_unmap,
136 may_block));
137 }
138
139 static void unmap_stage2_range(struct kvm_s2_mmu *mmu, phys_addr_t start, u64 size)
140 {
141 __unmap_stage2_range(mmu, start, size, true);
142 }
143
144 static void stage2_flush_memslot(struct kvm *kvm,
145 struct kvm_memory_slot *memslot)
146 {
147 phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
148 phys_addr_t end = addr + PAGE_SIZE * memslot->npages;
149
150 stage2_apply_range_resched(kvm, addr, end, kvm_pgtable_stage2_flush);
151 }
152
153 /**
154 * stage2_flush_vm - Invalidate cache for pages mapped in stage 2
155 * @kvm: The struct kvm pointer
156 *
157 * Go through the stage 2 page tables and invalidate any cache lines
158 * backing memory already mapped to the VM.
159 */
160 static void stage2_flush_vm(struct kvm *kvm)
161 {
162 struct kvm_memslots *slots;
163 struct kvm_memory_slot *memslot;
164 int idx;
165
166 idx = srcu_read_lock(&kvm->srcu);
167 spin_lock(&kvm->mmu_lock);
168
169 slots = kvm_memslots(kvm);
170 kvm_for_each_memslot(memslot, slots)
171 stage2_flush_memslot(kvm, memslot);
172
173 spin_unlock(&kvm->mmu_lock);
174 srcu_read_unlock(&kvm->srcu, idx);
175 }
176
177 /**
178 * free_hyp_pgds - free Hyp-mode page tables
179 */
180 void free_hyp_pgds(void)
181 {
182 mutex_lock(&kvm_hyp_pgd_mutex);
183 if (hyp_pgtable) {
184 kvm_pgtable_hyp_destroy(hyp_pgtable);
185 kfree(hyp_pgtable);
186 }
187 mutex_unlock(&kvm_hyp_pgd_mutex);
188 }
189
190 static int __create_hyp_mappings(unsigned long start, unsigned long size,
191 unsigned long phys, enum kvm_pgtable_prot prot)
192 {
193 int err;
194
195 mutex_lock(&kvm_hyp_pgd_mutex);
196 err = kvm_pgtable_hyp_map(hyp_pgtable, start, size, phys, prot);
197 mutex_unlock(&kvm_hyp_pgd_mutex);
198
199 return err;
200 }
201
202 static phys_addr_t kvm_kaddr_to_phys(void *kaddr)
203 {
204 if (!is_vmalloc_addr(kaddr)) {
205 BUG_ON(!virt_addr_valid(kaddr));
206 return __pa(kaddr);
207 } else {
208 return page_to_phys(vmalloc_to_page(kaddr)) +
209 offset_in_page(kaddr);
210 }
211 }
212
213 /**
214 * create_hyp_mappings - duplicate a kernel virtual address range in Hyp mode
215 * @from: The virtual kernel start address of the range
216 * @to: The virtual kernel end address of the range (exclusive)
217 * @prot: The protection to be applied to this range
218 *
219 * The same virtual address as the kernel virtual address is also used
220 * in Hyp-mode mapping (modulo HYP_PAGE_OFFSET) to the same underlying
221 * physical pages.
222 */
223 int create_hyp_mappings(void *from, void *to, enum kvm_pgtable_prot prot)
224 {
225 phys_addr_t phys_addr;
226 unsigned long virt_addr;
227 unsigned long start = kern_hyp_va((unsigned long)from);
228 unsigned long end = kern_hyp_va((unsigned long)to);
229
230 if (is_kernel_in_hyp_mode())
231 return 0;
232
233 start = start & PAGE_MASK;
234 end = PAGE_ALIGN(end);
235
236 for (virt_addr = start; virt_addr < end; virt_addr += PAGE_SIZE) {
237 int err;
238
239 phys_addr = kvm_kaddr_to_phys(from + virt_addr - start);
240 err = __create_hyp_mappings(virt_addr, PAGE_SIZE, phys_addr,
241 prot);
242 if (err)
243 return err;
244 }
245
246 return 0;
247 }
248
249 static int __create_hyp_private_mapping(phys_addr_t phys_addr, size_t size,
250 unsigned long *haddr,
251 enum kvm_pgtable_prot prot)
252 {
253 unsigned long base;
254 int ret = 0;
255
256 mutex_lock(&kvm_hyp_pgd_mutex);
257
258 /*
259 * This assumes that we have enough space below the idmap
260 * page to allocate our VAs. If not, the check below will
261 * kick. A potential alternative would be to detect that
262 * overflow and switch to an allocation above the idmap.
263 *
264 * The allocated size is always a multiple of PAGE_SIZE.
265 */
266 size = PAGE_ALIGN(size + offset_in_page(phys_addr));
267 base = io_map_base - size;
268
269 /*
270 * Verify that BIT(VA_BITS - 1) hasn't been flipped by
271 * allocating the new area, as it would indicate we've
272 * overflowed the idmap/IO address range.
273 */
274 if ((base ^ io_map_base) & BIT(VA_BITS - 1))
275 ret = -ENOMEM;
276 else
277 io_map_base = base;
278
279 mutex_unlock(&kvm_hyp_pgd_mutex);
280
281 if (ret)
282 goto out;
283
284 ret = __create_hyp_mappings(base, size, phys_addr, prot);
285 if (ret)
286 goto out;
287
288 *haddr = base + offset_in_page(phys_addr);
289 out:
290 return ret;
291 }
292
293 /**
294 * create_hyp_io_mappings - Map IO into both kernel and HYP
295 * @phys_addr: The physical start address which gets mapped
296 * @size: Size of the region being mapped
297 * @kaddr: Kernel VA for this mapping
298 * @haddr: HYP VA for this mapping
299 */
300 int create_hyp_io_mappings(phys_addr_t phys_addr, size_t size,
301 void __iomem **kaddr,
302 void __iomem **haddr)
303 {
304 unsigned long addr;
305 int ret;
306
307 *kaddr = ioremap(phys_addr, size);
308 if (!*kaddr)
309 return -ENOMEM;
310
311 if (is_kernel_in_hyp_mode()) {
312 *haddr = *kaddr;
313 return 0;
314 }
315
316 ret = __create_hyp_private_mapping(phys_addr, size,
317 &addr, PAGE_HYP_DEVICE);
318 if (ret) {
319 iounmap(*kaddr);
320 *kaddr = NULL;
321 *haddr = NULL;
322 return ret;
323 }
324
325 *haddr = (void __iomem *)addr;
326 return 0;
327 }
328
329 /**
330 * create_hyp_exec_mappings - Map an executable range into HYP
331 * @phys_addr: The physical start address which gets mapped
332 * @size: Size of the region being mapped
333 * @haddr: HYP VA for this mapping
334 */
335 int create_hyp_exec_mappings(phys_addr_t phys_addr, size_t size,
336 void **haddr)
337 {
338 unsigned long addr;
339 int ret;
340
341 BUG_ON(is_kernel_in_hyp_mode());
342
343 ret = __create_hyp_private_mapping(phys_addr, size,
344 &addr, PAGE_HYP_EXEC);
345 if (ret) {
346 *haddr = NULL;
347 return ret;
348 }
349
350 *haddr = (void *)addr;
351 return 0;
352 }
353
354 /**
355 * kvm_init_stage2_mmu - Initialise a S2 MMU strucrure
356 * @kvm: The pointer to the KVM structure
357 * @mmu: The pointer to the s2 MMU structure
358 *
359 * Allocates only the stage-2 HW PGD level table(s).
360 * Note we don't need locking here as this is only called when the VM is
361 * created, which can only be done once.
362 */
363 int kvm_init_stage2_mmu(struct kvm *kvm, struct kvm_s2_mmu *mmu)
364 {
365 int cpu, err;
366 struct kvm_pgtable *pgt;
367
368 if (mmu->pgt != NULL) {
369 kvm_err("kvm_arch already initialized?\n");
370 return -EINVAL;
371 }
372
373 pgt = kzalloc(sizeof(*pgt), GFP_KERNEL);
374 if (!pgt)
375 return -ENOMEM;
376
377 err = kvm_pgtable_stage2_init(pgt, kvm);
378 if (err)
379 goto out_free_pgtable;
380
381 mmu->last_vcpu_ran = alloc_percpu(typeof(*mmu->last_vcpu_ran));
382 if (!mmu->last_vcpu_ran) {
383 err = -ENOMEM;
384 goto out_destroy_pgtable;
385 }
386
387 for_each_possible_cpu(cpu)
388 *per_cpu_ptr(mmu->last_vcpu_ran, cpu) = -1;
389
390 mmu->kvm = kvm;
391 mmu->pgt = pgt;
392 mmu->pgd_phys = __pa(pgt->pgd);
393 mmu->vmid.vmid_gen = 0;
394 return 0;
395
396 out_destroy_pgtable:
397 kvm_pgtable_stage2_destroy(pgt);
398 out_free_pgtable:
399 kfree(pgt);
400 return err;
401 }
402
403 static void stage2_unmap_memslot(struct kvm *kvm,
404 struct kvm_memory_slot *memslot)
405 {
406 hva_t hva = memslot->userspace_addr;
407 phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
408 phys_addr_t size = PAGE_SIZE * memslot->npages;
409 hva_t reg_end = hva + size;
410
411 /*
412 * A memory region could potentially cover multiple VMAs, and any holes
413 * between them, so iterate over all of them to find out if we should
414 * unmap any of them.
415 *
416 * +--------------------------------------------+
417 * +---------------+----------------+ +----------------+
418 * | : VMA 1 | VMA 2 | | VMA 3 : |
419 * +---------------+----------------+ +----------------+
420 * | memory region |
421 * +--------------------------------------------+
422 */
423 do {
424 struct vm_area_struct *vma = find_vma(current->mm, hva);
425 hva_t vm_start, vm_end;
426
427 if (!vma || vma->vm_start >= reg_end)
428 break;
429
430 /*
431 * Take the intersection of this VMA with the memory region
432 */
433 vm_start = max(hva, vma->vm_start);
434 vm_end = min(reg_end, vma->vm_end);
435
436 if (!(vma->vm_flags & VM_PFNMAP)) {
437 gpa_t gpa = addr + (vm_start - memslot->userspace_addr);
438 unmap_stage2_range(&kvm->arch.mmu, gpa, vm_end - vm_start);
439 }
440 hva = vm_end;
441 } while (hva < reg_end);
442 }
443
444 /**
445 * stage2_unmap_vm - Unmap Stage-2 RAM mappings
446 * @kvm: The struct kvm pointer
447 *
448 * Go through the memregions and unmap any regular RAM
449 * backing memory already mapped to the VM.
450 */
451 void stage2_unmap_vm(struct kvm *kvm)
452 {
453 struct kvm_memslots *slots;
454 struct kvm_memory_slot *memslot;
455 int idx;
456
457 idx = srcu_read_lock(&kvm->srcu);
458 mmap_read_lock(current->mm);
459 spin_lock(&kvm->mmu_lock);
460
461 slots = kvm_memslots(kvm);
462 kvm_for_each_memslot(memslot, slots)
463 stage2_unmap_memslot(kvm, memslot);
464
465 spin_unlock(&kvm->mmu_lock);
466 mmap_read_unlock(current->mm);
467 srcu_read_unlock(&kvm->srcu, idx);
468 }
469
470 void kvm_free_stage2_pgd(struct kvm_s2_mmu *mmu)
471 {
472 struct kvm *kvm = mmu->kvm;
473 struct kvm_pgtable *pgt = NULL;
474
475 spin_lock(&kvm->mmu_lock);
476 pgt = mmu->pgt;
477 if (pgt) {
478 mmu->pgd_phys = 0;
479 mmu->pgt = NULL;
480 free_percpu(mmu->last_vcpu_ran);
481 }
482 spin_unlock(&kvm->mmu_lock);
483
484 if (pgt) {
485 kvm_pgtable_stage2_destroy(pgt);
486 kfree(pgt);
487 }
488 }
489
490 /**
491 * kvm_phys_addr_ioremap - map a device range to guest IPA
492 *
493 * @kvm: The KVM pointer
494 * @guest_ipa: The IPA at which to insert the mapping
495 * @pa: The physical address of the device
496 * @size: The size of the mapping
497 * @writable: Whether or not to create a writable mapping
498 */
499 int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
500 phys_addr_t pa, unsigned long size, bool writable)
501 {
502 phys_addr_t addr;
503 int ret = 0;
504 struct kvm_mmu_memory_cache cache = { 0, __GFP_ZERO, NULL, };
505 struct kvm_pgtable *pgt = kvm->arch.mmu.pgt;
506 enum kvm_pgtable_prot prot = KVM_PGTABLE_PROT_DEVICE |
507 KVM_PGTABLE_PROT_R |
508 (writable ? KVM_PGTABLE_PROT_W : 0);
509
510 size += offset_in_page(guest_ipa);
511 guest_ipa &= PAGE_MASK;
512
513 for (addr = guest_ipa; addr < guest_ipa + size; addr += PAGE_SIZE) {
514 ret = kvm_mmu_topup_memory_cache(&cache,
515 kvm_mmu_cache_min_pages(kvm));
516 if (ret)
517 break;
518
519 spin_lock(&kvm->mmu_lock);
520 ret = kvm_pgtable_stage2_map(pgt, addr, PAGE_SIZE, pa, prot,
521 &cache);
522 spin_unlock(&kvm->mmu_lock);
523 if (ret)
524 break;
525
526 pa += PAGE_SIZE;
527 }
528
529 kvm_mmu_free_memory_cache(&cache);
530 return ret;
531 }
532
533 /**
534 * stage2_wp_range() - write protect stage2 memory region range
535 * @mmu: The KVM stage-2 MMU pointer
536 * @addr: Start address of range
537 * @end: End address of range
538 */
539 static void stage2_wp_range(struct kvm_s2_mmu *mmu, phys_addr_t addr, phys_addr_t end)
540 {
541 struct kvm *kvm = mmu->kvm;
542 stage2_apply_range_resched(kvm, addr, end, kvm_pgtable_stage2_wrprotect);
543 }
544
545 /**
546 * kvm_mmu_wp_memory_region() - write protect stage 2 entries for memory slot
547 * @kvm: The KVM pointer
548 * @slot: The memory slot to write protect
549 *
550 * Called to start logging dirty pages after memory region
551 * KVM_MEM_LOG_DIRTY_PAGES operation is called. After this function returns
552 * all present PUD, PMD and PTEs are write protected in the memory region.
553 * Afterwards read of dirty page log can be called.
554 *
555 * Acquires kvm_mmu_lock. Called with kvm->slots_lock mutex acquired,
556 * serializing operations for VM memory regions.
557 */
558 void kvm_mmu_wp_memory_region(struct kvm *kvm, int slot)
559 {
560 struct kvm_memslots *slots = kvm_memslots(kvm);
561 struct kvm_memory_slot *memslot = id_to_memslot(slots, slot);
562 phys_addr_t start, end;
563
564 if (WARN_ON_ONCE(!memslot))
565 return;
566
567 start = memslot->base_gfn << PAGE_SHIFT;
568 end = (memslot->base_gfn + memslot->npages) << PAGE_SHIFT;
569
570 spin_lock(&kvm->mmu_lock);
571 stage2_wp_range(&kvm->arch.mmu, start, end);
572 spin_unlock(&kvm->mmu_lock);
573 kvm_flush_remote_tlbs(kvm);
574 }
575
576 /**
577 * kvm_mmu_write_protect_pt_masked() - write protect dirty pages
578 * @kvm: The KVM pointer
579 * @slot: The memory slot associated with mask
580 * @gfn_offset: The gfn offset in memory slot
581 * @mask: The mask of dirty pages at offset 'gfn_offset' in this memory
582 * slot to be write protected
583 *
584 * Walks bits set in mask write protects the associated pte's. Caller must
585 * acquire kvm_mmu_lock.
586 */
587 static void kvm_mmu_write_protect_pt_masked(struct kvm *kvm,
588 struct kvm_memory_slot *slot,
589 gfn_t gfn_offset, unsigned long mask)
590 {
591 phys_addr_t base_gfn = slot->base_gfn + gfn_offset;
592 phys_addr_t start = (base_gfn + __ffs(mask)) << PAGE_SHIFT;
593 phys_addr_t end = (base_gfn + __fls(mask) + 1) << PAGE_SHIFT;
594
595 stage2_wp_range(&kvm->arch.mmu, start, end);
596 }
597
598 /*
599 * kvm_arch_mmu_enable_log_dirty_pt_masked - enable dirty logging for selected
600 * dirty pages.
601 *
602 * It calls kvm_mmu_write_protect_pt_masked to write protect selected pages to
603 * enable dirty logging for them.
604 */
605 void kvm_arch_mmu_enable_log_dirty_pt_masked(struct kvm *kvm,
606 struct kvm_memory_slot *slot,
607 gfn_t gfn_offset, unsigned long mask)
608 {
609 kvm_mmu_write_protect_pt_masked(kvm, slot, gfn_offset, mask);
610 }
611
612 static void clean_dcache_guest_page(kvm_pfn_t pfn, unsigned long size)
613 {
614 __clean_dcache_guest_page(pfn, size);
615 }
616
617 static void invalidate_icache_guest_page(kvm_pfn_t pfn, unsigned long size)
618 {
619 __invalidate_icache_guest_page(pfn, size);
620 }
621
622 static void kvm_send_hwpoison_signal(unsigned long address, short lsb)
623 {
624 send_sig_mceerr(BUS_MCEERR_AR, (void __user *)address, lsb, current);
625 }
626
627 static bool fault_supports_stage2_huge_mapping(struct kvm_memory_slot *memslot,
628 unsigned long hva,
629 unsigned long map_size)
630 {
631 gpa_t gpa_start;
632 hva_t uaddr_start, uaddr_end;
633 size_t size;
634
635 /* The memslot and the VMA are guaranteed to be aligned to PAGE_SIZE */
636 if (map_size == PAGE_SIZE)
637 return true;
638
639 size = memslot->npages * PAGE_SIZE;
640
641 gpa_start = memslot->base_gfn << PAGE_SHIFT;
642
643 uaddr_start = memslot->userspace_addr;
644 uaddr_end = uaddr_start + size;
645
646 /*
647 * Pages belonging to memslots that don't have the same alignment
648 * within a PMD/PUD for userspace and IPA cannot be mapped with stage-2
649 * PMD/PUD entries, because we'll end up mapping the wrong pages.
650 *
651 * Consider a layout like the following:
652 *
653 * memslot->userspace_addr:
654 * +-----+--------------------+--------------------+---+
655 * |abcde|fgh Stage-1 block | Stage-1 block tv|xyz|
656 * +-----+--------------------+--------------------+---+
657 *
658 * memslot->base_gfn << PAGE_SHIFT:
659 * +---+--------------------+--------------------+-----+
660 * |abc|def Stage-2 block | Stage-2 block |tvxyz|
661 * +---+--------------------+--------------------+-----+
662 *
663 * If we create those stage-2 blocks, we'll end up with this incorrect
664 * mapping:
665 * d -> f
666 * e -> g
667 * f -> h
668 */
669 if ((gpa_start & (map_size - 1)) != (uaddr_start & (map_size - 1)))
670 return false;
671
672 /*
673 * Next, let's make sure we're not trying to map anything not covered
674 * by the memslot. This means we have to prohibit block size mappings
675 * for the beginning and end of a non-block aligned and non-block sized
676 * memory slot (illustrated by the head and tail parts of the
677 * userspace view above containing pages 'abcde' and 'xyz',
678 * respectively).
679 *
680 * Note that it doesn't matter if we do the check using the
681 * userspace_addr or the base_gfn, as both are equally aligned (per
682 * the check above) and equally sized.
683 */
684 return (hva & ~(map_size - 1)) >= uaddr_start &&
685 (hva & ~(map_size - 1)) + map_size <= uaddr_end;
686 }
687
688 /*
689 * Check if the given hva is backed by a transparent huge page (THP) and
690 * whether it can be mapped using block mapping in stage2. If so, adjust
691 * the stage2 PFN and IPA accordingly. Only PMD_SIZE THPs are currently
692 * supported. This will need to be updated to support other THP sizes.
693 *
694 * Returns the size of the mapping.
695 */
696 static unsigned long
697 transparent_hugepage_adjust(struct kvm_memory_slot *memslot,
698 unsigned long hva, kvm_pfn_t *pfnp,
699 phys_addr_t *ipap)
700 {
701 kvm_pfn_t pfn = *pfnp;
702
703 /*
704 * Make sure the adjustment is done only for THP pages. Also make
705 * sure that the HVA and IPA are sufficiently aligned and that the
706 * block map is contained within the memslot.
707 */
708 if (kvm_is_transparent_hugepage(pfn) &&
709 fault_supports_stage2_huge_mapping(memslot, hva, PMD_SIZE)) {
710 /*
711 * The address we faulted on is backed by a transparent huge
712 * page. However, because we map the compound huge page and
713 * not the individual tail page, we need to transfer the
714 * refcount to the head page. We have to be careful that the
715 * THP doesn't start to split while we are adjusting the
716 * refcounts.
717 *
718 * We are sure this doesn't happen, because mmu_notifier_retry
719 * was successful and we are holding the mmu_lock, so if this
720 * THP is trying to split, it will be blocked in the mmu
721 * notifier before touching any of the pages, specifically
722 * before being able to call __split_huge_page_refcount().
723 *
724 * We can therefore safely transfer the refcount from PG_tail
725 * to PG_head and switch the pfn from a tail page to the head
726 * page accordingly.
727 */
728 *ipap &= PMD_MASK;
729 kvm_release_pfn_clean(pfn);
730 pfn &= ~(PTRS_PER_PMD - 1);
731 kvm_get_pfn(pfn);
732 *pfnp = pfn;
733
734 return PMD_SIZE;
735 }
736
737 /* Use page mapping if we cannot use block mapping. */
738 return PAGE_SIZE;
739 }
740
741 static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
742 struct kvm_memory_slot *memslot, unsigned long hva,
743 unsigned long fault_status)
744 {
745 int ret = 0;
746 bool write_fault, writable, force_pte = false;
747 bool exec_fault;
748 bool device = false;
749 unsigned long mmu_seq;
750 struct kvm *kvm = vcpu->kvm;
751 struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache;
752 struct vm_area_struct *vma;
753 short vma_shift;
754 gfn_t gfn;
755 kvm_pfn_t pfn;
756 bool logging_active = memslot_is_logging(memslot);
757 unsigned long fault_level = kvm_vcpu_trap_get_fault_level(vcpu);
758 unsigned long vma_pagesize, fault_granule;
759 enum kvm_pgtable_prot prot = KVM_PGTABLE_PROT_R;
760 struct kvm_pgtable *pgt;
761
762 fault_granule = 1UL << ARM64_HW_PGTABLE_LEVEL_SHIFT(fault_level);
763 write_fault = kvm_is_write_fault(vcpu);
764 exec_fault = kvm_vcpu_trap_is_exec_fault(vcpu);
765 VM_BUG_ON(write_fault && exec_fault);
766
767 if (fault_status == FSC_PERM && !write_fault && !exec_fault) {
768 kvm_err("Unexpected L2 read permission error\n");
769 return -EFAULT;
770 }
771
772 /* Let's check if we will get back a huge page backed by hugetlbfs */
773 mmap_read_lock(current->mm);
774 vma = find_vma_intersection(current->mm, hva, hva + 1);
775 if (unlikely(!vma)) {
776 kvm_err("Failed to find VMA for hva 0x%lx\n", hva);
777 mmap_read_unlock(current->mm);
778 return -EFAULT;
779 }
780
781 if (is_vm_hugetlb_page(vma))
782 vma_shift = huge_page_shift(hstate_vma(vma));
783 else
784 vma_shift = PAGE_SHIFT;
785
786 if (logging_active ||
787 (vma->vm_flags & VM_PFNMAP)) {
788 force_pte = true;
789 vma_shift = PAGE_SHIFT;
790 }
791
792 switch (vma_shift) {
793 #ifndef __PAGETABLE_PMD_FOLDED
794 case PUD_SHIFT:
795 if (fault_supports_stage2_huge_mapping(memslot, hva, PUD_SIZE))
796 break;
797 fallthrough;
798 #endif
799 case CONT_PMD_SHIFT:
800 vma_shift = PMD_SHIFT;
801 fallthrough;
802 case PMD_SHIFT:
803 if (fault_supports_stage2_huge_mapping(memslot, hva, PMD_SIZE))
804 break;
805 fallthrough;
806 case CONT_PTE_SHIFT:
807 vma_shift = PAGE_SHIFT;
808 force_pte = true;
809 fallthrough;
810 case PAGE_SHIFT:
811 break;
812 default:
813 WARN_ONCE(1, "Unknown vma_shift %d", vma_shift);
814 }
815
816 vma_pagesize = 1UL << vma_shift;
817 if (vma_pagesize == PMD_SIZE || vma_pagesize == PUD_SIZE)
818 fault_ipa &= ~(vma_pagesize - 1);
819
820 gfn = fault_ipa >> PAGE_SHIFT;
821 mmap_read_unlock(current->mm);
822
823 /*
824 * Permission faults just need to update the existing leaf entry,
825 * and so normally don't require allocations from the memcache. The
826 * only exception to this is when dirty logging is enabled at runtime
827 * and a write fault needs to collapse a block entry into a table.
828 */
829 if (fault_status != FSC_PERM || (logging_active && write_fault)) {
830 ret = kvm_mmu_topup_memory_cache(memcache,
831 kvm_mmu_cache_min_pages(kvm));
832 if (ret)
833 return ret;
834 }
835
836 mmu_seq = vcpu->kvm->mmu_notifier_seq;
837 /*
838 * Ensure the read of mmu_notifier_seq happens before we call
839 * gfn_to_pfn_prot (which calls get_user_pages), so that we don't risk
840 * the page we just got a reference to gets unmapped before we have a
841 * chance to grab the mmu_lock, which ensure that if the page gets
842 * unmapped afterwards, the call to kvm_unmap_hva will take it away
843 * from us again properly. This smp_rmb() interacts with the smp_wmb()
844 * in kvm_mmu_notifier_invalidate_<page|range_end>.
845 */
846 smp_rmb();
847
848 pfn = gfn_to_pfn_prot(kvm, gfn, write_fault, &writable);
849 if (pfn == KVM_PFN_ERR_HWPOISON) {
850 kvm_send_hwpoison_signal(hva, vma_shift);
851 return 0;
852 }
853 if (is_error_noslot_pfn(pfn))
854 return -EFAULT;
855
856 if (kvm_is_device_pfn(pfn)) {
857 device = true;
858 force_pte = true;
859 } else if (logging_active && !write_fault) {
860 /*
861 * Only actually map the page as writable if this was a write
862 * fault.
863 */
864 writable = false;
865 }
866
867 if (exec_fault && device)
868 return -ENOEXEC;
869
870 spin_lock(&kvm->mmu_lock);
871 pgt = vcpu->arch.hw_mmu->pgt;
872 if (mmu_notifier_retry(kvm, mmu_seq))
873 goto out_unlock;
874
875 /*
876 * If we are not forced to use page mapping, check if we are
877 * backed by a THP and thus use block mapping if possible.
878 */
879 if (vma_pagesize == PAGE_SIZE && !force_pte)
880 vma_pagesize = transparent_hugepage_adjust(memslot, hva,
881 &pfn, &fault_ipa);
882 if (writable) {
883 prot |= KVM_PGTABLE_PROT_W;
884 kvm_set_pfn_dirty(pfn);
885 mark_page_dirty(kvm, gfn);
886 }
887
888 if (fault_status != FSC_PERM && !device)
889 clean_dcache_guest_page(pfn, vma_pagesize);
890
891 if (exec_fault) {
892 prot |= KVM_PGTABLE_PROT_X;
893 invalidate_icache_guest_page(pfn, vma_pagesize);
894 }
895
896 if (device)
897 prot |= KVM_PGTABLE_PROT_DEVICE;
898 else if (cpus_have_const_cap(ARM64_HAS_CACHE_DIC))
899 prot |= KVM_PGTABLE_PROT_X;
900
901 /*
902 * Under the premise of getting a FSC_PERM fault, we just need to relax
903 * permissions only if vma_pagesize equals fault_granule. Otherwise,
904 * kvm_pgtable_stage2_map() should be called to change block size.
905 */
906 if (fault_status == FSC_PERM && vma_pagesize == fault_granule) {
907 ret = kvm_pgtable_stage2_relax_perms(pgt, fault_ipa, prot);
908 } else {
909 ret = kvm_pgtable_stage2_map(pgt, fault_ipa, vma_pagesize,
910 __pfn_to_phys(pfn), prot,
911 memcache);
912 }
913
914 out_unlock:
915 spin_unlock(&kvm->mmu_lock);
916 kvm_set_pfn_accessed(pfn);
917 kvm_release_pfn_clean(pfn);
918 return ret;
919 }
920
921 /* Resolve the access fault by making the page young again. */
922 static void handle_access_fault(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa)
923 {
924 pte_t pte;
925 kvm_pte_t kpte;
926 struct kvm_s2_mmu *mmu;
927
928 trace_kvm_access_fault(fault_ipa);
929
930 spin_lock(&vcpu->kvm->mmu_lock);
931 mmu = vcpu->arch.hw_mmu;
932 kpte = kvm_pgtable_stage2_mkyoung(mmu->pgt, fault_ipa);
933 spin_unlock(&vcpu->kvm->mmu_lock);
934
935 pte = __pte(kpte);
936 if (pte_valid(pte))
937 kvm_set_pfn_accessed(pte_pfn(pte));
938 }
939
940 /**
941 * kvm_handle_guest_abort - handles all 2nd stage aborts
942 * @vcpu: the VCPU pointer
943 *
944 * Any abort that gets to the host is almost guaranteed to be caused by a
945 * missing second stage translation table entry, which can mean that either the
946 * guest simply needs more memory and we must allocate an appropriate page or it
947 * can mean that the guest tried to access I/O memory, which is emulated by user
948 * space. The distinction is based on the IPA causing the fault and whether this
949 * memory region has been registered as standard RAM by user space.
950 */
951 int kvm_handle_guest_abort(struct kvm_vcpu *vcpu)
952 {
953 unsigned long fault_status;
954 phys_addr_t fault_ipa;
955 struct kvm_memory_slot *memslot;
956 unsigned long hva;
957 bool is_iabt, write_fault, writable;
958 gfn_t gfn;
959 int ret, idx;
960
961 fault_status = kvm_vcpu_trap_get_fault_type(vcpu);
962
963 fault_ipa = kvm_vcpu_get_fault_ipa(vcpu);
964 is_iabt = kvm_vcpu_trap_is_iabt(vcpu);
965
966 /* Synchronous External Abort? */
967 if (kvm_vcpu_abt_issea(vcpu)) {
968 /*
969 * For RAS the host kernel may handle this abort.
970 * There is no need to pass the error into the guest.
971 */
972 if (kvm_handle_guest_sea(fault_ipa, kvm_vcpu_get_esr(vcpu)))
973 kvm_inject_vabt(vcpu);
974
975 return 1;
976 }
977
978 trace_kvm_guest_fault(*vcpu_pc(vcpu), kvm_vcpu_get_esr(vcpu),
979 kvm_vcpu_get_hfar(vcpu), fault_ipa);
980
981 /* Check the stage-2 fault is trans. fault or write fault */
982 if (fault_status != FSC_FAULT && fault_status != FSC_PERM &&
983 fault_status != FSC_ACCESS) {
984 kvm_err("Unsupported FSC: EC=%#x xFSC=%#lx ESR_EL2=%#lx\n",
985 kvm_vcpu_trap_get_class(vcpu),
986 (unsigned long)kvm_vcpu_trap_get_fault(vcpu),
987 (unsigned long)kvm_vcpu_get_esr(vcpu));
988 return -EFAULT;
989 }
990
991 idx = srcu_read_lock(&vcpu->kvm->srcu);
992
993 gfn = fault_ipa >> PAGE_SHIFT;
994 memslot = gfn_to_memslot(vcpu->kvm, gfn);
995 hva = gfn_to_hva_memslot_prot(memslot, gfn, &writable);
996 write_fault = kvm_is_write_fault(vcpu);
997 if (kvm_is_error_hva(hva) || (write_fault && !writable)) {
998 /*
999 * The guest has put either its instructions or its page-tables
1000 * somewhere it shouldn't have. Userspace won't be able to do
1001 * anything about this (there's no syndrome for a start), so
1002 * re-inject the abort back into the guest.
1003 */
1004 if (is_iabt) {
1005 ret = -ENOEXEC;
1006 goto out;
1007 }
1008
1009 if (kvm_vcpu_abt_iss1tw(vcpu)) {
1010 kvm_inject_dabt(vcpu, kvm_vcpu_get_hfar(vcpu));
1011 ret = 1;
1012 goto out_unlock;
1013 }
1014
1015 /*
1016 * Check for a cache maintenance operation. Since we
1017 * ended-up here, we know it is outside of any memory
1018 * slot. But we can't find out if that is for a device,
1019 * or if the guest is just being stupid. The only thing
1020 * we know for sure is that this range cannot be cached.
1021 *
1022 * So let's assume that the guest is just being
1023 * cautious, and skip the instruction.
1024 */
1025 if (kvm_is_error_hva(hva) && kvm_vcpu_dabt_is_cm(vcpu)) {
1026 kvm_incr_pc(vcpu);
1027 ret = 1;
1028 goto out_unlock;
1029 }
1030
1031 /*
1032 * The IPA is reported as [MAX:12], so we need to
1033 * complement it with the bottom 12 bits from the
1034 * faulting VA. This is always 12 bits, irrespective
1035 * of the page size.
1036 */
1037 fault_ipa |= kvm_vcpu_get_hfar(vcpu) & ((1 << 12) - 1);
1038 ret = io_mem_abort(vcpu, fault_ipa);
1039 goto out_unlock;
1040 }
1041
1042 /* Userspace should not be able to register out-of-bounds IPAs */
1043 VM_BUG_ON(fault_ipa >= kvm_phys_size(vcpu->kvm));
1044
1045 if (fault_status == FSC_ACCESS) {
1046 handle_access_fault(vcpu, fault_ipa);
1047 ret = 1;
1048 goto out_unlock;
1049 }
1050
1051 ret = user_mem_abort(vcpu, fault_ipa, memslot, hva, fault_status);
1052 if (ret == 0)
1053 ret = 1;
1054 out:
1055 if (ret == -ENOEXEC) {
1056 kvm_inject_pabt(vcpu, kvm_vcpu_get_hfar(vcpu));
1057 ret = 1;
1058 }
1059 out_unlock:
1060 srcu_read_unlock(&vcpu->kvm->srcu, idx);
1061 return ret;
1062 }
1063
1064 static int handle_hva_to_gpa(struct kvm *kvm,
1065 unsigned long start,
1066 unsigned long end,
1067 int (*handler)(struct kvm *kvm,
1068 gpa_t gpa, u64 size,
1069 void *data),
1070 void *data)
1071 {
1072 struct kvm_memslots *slots;
1073 struct kvm_memory_slot *memslot;
1074 int ret = 0;
1075
1076 slots = kvm_memslots(kvm);
1077
1078 /* we only care about the pages that the guest sees */
1079 kvm_for_each_memslot(memslot, slots) {
1080 unsigned long hva_start, hva_end;
1081 gfn_t gpa;
1082
1083 hva_start = max(start, memslot->userspace_addr);
1084 hva_end = min(end, memslot->userspace_addr +
1085 (memslot->npages << PAGE_SHIFT));
1086 if (hva_start >= hva_end)
1087 continue;
1088
1089 gpa = hva_to_gfn_memslot(hva_start, memslot) << PAGE_SHIFT;
1090 ret |= handler(kvm, gpa, (u64)(hva_end - hva_start), data);
1091 }
1092
1093 return ret;
1094 }
1095
1096 static int kvm_unmap_hva_handler(struct kvm *kvm, gpa_t gpa, u64 size, void *data)
1097 {
1098 unsigned flags = *(unsigned *)data;
1099 bool may_block = flags & MMU_NOTIFIER_RANGE_BLOCKABLE;
1100
1101 __unmap_stage2_range(&kvm->arch.mmu, gpa, size, may_block);
1102 return 0;
1103 }
1104
1105 int kvm_unmap_hva_range(struct kvm *kvm,
1106 unsigned long start, unsigned long end, unsigned flags)
1107 {
1108 if (!kvm->arch.mmu.pgt)
1109 return 0;
1110
1111 trace_kvm_unmap_hva_range(start, end);
1112 handle_hva_to_gpa(kvm, start, end, &kvm_unmap_hva_handler, &flags);
1113 return 0;
1114 }
1115
1116 static int kvm_set_spte_handler(struct kvm *kvm, gpa_t gpa, u64 size, void *data)
1117 {
1118 kvm_pfn_t *pfn = (kvm_pfn_t *)data;
1119
1120 WARN_ON(size != PAGE_SIZE);
1121
1122 /*
1123 * The MMU notifiers will have unmapped a huge PMD before calling
1124 * ->change_pte() (which in turn calls kvm_set_spte_hva()) and
1125 * therefore we never need to clear out a huge PMD through this
1126 * calling path and a memcache is not required.
1127 */
1128 kvm_pgtable_stage2_map(kvm->arch.mmu.pgt, gpa, PAGE_SIZE,
1129 __pfn_to_phys(*pfn), KVM_PGTABLE_PROT_R, NULL);
1130 return 0;
1131 }
1132
1133 int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte)
1134 {
1135 unsigned long end = hva + PAGE_SIZE;
1136 kvm_pfn_t pfn = pte_pfn(pte);
1137
1138 if (!kvm->arch.mmu.pgt)
1139 return 0;
1140
1141 trace_kvm_set_spte_hva(hva);
1142
1143 /*
1144 * We've moved a page around, probably through CoW, so let's treat it
1145 * just like a translation fault and clean the cache to the PoC.
1146 */
1147 clean_dcache_guest_page(pfn, PAGE_SIZE);
1148 handle_hva_to_gpa(kvm, hva, end, &kvm_set_spte_handler, &pfn);
1149 return 0;
1150 }
1151
1152 static int kvm_age_hva_handler(struct kvm *kvm, gpa_t gpa, u64 size, void *data)
1153 {
1154 pte_t pte;
1155 kvm_pte_t kpte;
1156
1157 WARN_ON(size != PAGE_SIZE && size != PMD_SIZE && size != PUD_SIZE);
1158 kpte = kvm_pgtable_stage2_mkold(kvm->arch.mmu.pgt, gpa);
1159 pte = __pte(kpte);
1160 return pte_valid(pte) && pte_young(pte);
1161 }
1162
1163 static int kvm_test_age_hva_handler(struct kvm *kvm, gpa_t gpa, u64 size, void *data)
1164 {
1165 WARN_ON(size != PAGE_SIZE && size != PMD_SIZE && size != PUD_SIZE);
1166 return kvm_pgtable_stage2_is_young(kvm->arch.mmu.pgt, gpa);
1167 }
1168
1169 int kvm_age_hva(struct kvm *kvm, unsigned long start, unsigned long end)
1170 {
1171 if (!kvm->arch.mmu.pgt)
1172 return 0;
1173 trace_kvm_age_hva(start, end);
1174 return handle_hva_to_gpa(kvm, start, end, kvm_age_hva_handler, NULL);
1175 }
1176
1177 int kvm_test_age_hva(struct kvm *kvm, unsigned long hva)
1178 {
1179 if (!kvm->arch.mmu.pgt)
1180 return 0;
1181 trace_kvm_test_age_hva(hva);
1182 return handle_hva_to_gpa(kvm, hva, hva + PAGE_SIZE,
1183 kvm_test_age_hva_handler, NULL);
1184 }
1185
1186 phys_addr_t kvm_mmu_get_httbr(void)
1187 {
1188 return __pa(hyp_pgtable->pgd);
1189 }
1190
1191 phys_addr_t kvm_get_idmap_vector(void)
1192 {
1193 return hyp_idmap_vector;
1194 }
1195
1196 static int kvm_map_idmap_text(void)
1197 {
1198 unsigned long size = hyp_idmap_end - hyp_idmap_start;
1199 int err = __create_hyp_mappings(hyp_idmap_start, size, hyp_idmap_start,
1200 PAGE_HYP_EXEC);
1201 if (err)
1202 kvm_err("Failed to idmap %lx-%lx\n",
1203 hyp_idmap_start, hyp_idmap_end);
1204
1205 return err;
1206 }
1207
1208 int kvm_mmu_init(void)
1209 {
1210 int err;
1211 u32 hyp_va_bits;
1212
1213 hyp_idmap_start = __pa_symbol(__hyp_idmap_text_start);
1214 hyp_idmap_start = ALIGN_DOWN(hyp_idmap_start, PAGE_SIZE);
1215 hyp_idmap_end = __pa_symbol(__hyp_idmap_text_end);
1216 hyp_idmap_end = ALIGN(hyp_idmap_end, PAGE_SIZE);
1217 hyp_idmap_vector = __pa_symbol(__kvm_hyp_init);
1218
1219 /*
1220 * We rely on the linker script to ensure at build time that the HYP
1221 * init code does not cross a page boundary.
1222 */
1223 BUG_ON((hyp_idmap_start ^ (hyp_idmap_end - 1)) & PAGE_MASK);
1224
1225 hyp_va_bits = 64 - ((idmap_t0sz & TCR_T0SZ_MASK) >> TCR_T0SZ_OFFSET);
1226 kvm_debug("Using %u-bit virtual addresses at EL2\n", hyp_va_bits);
1227 kvm_debug("IDMAP page: %lx\n", hyp_idmap_start);
1228 kvm_debug("HYP VA range: %lx:%lx\n",
1229 kern_hyp_va(PAGE_OFFSET),
1230 kern_hyp_va((unsigned long)high_memory - 1));
1231
1232 if (hyp_idmap_start >= kern_hyp_va(PAGE_OFFSET) &&
1233 hyp_idmap_start < kern_hyp_va((unsigned long)high_memory - 1) &&
1234 hyp_idmap_start != (unsigned long)__hyp_idmap_text_start) {
1235 /*
1236 * The idmap page is intersecting with the VA space,
1237 * it is not safe to continue further.
1238 */
1239 kvm_err("IDMAP intersecting with HYP VA, unable to continue\n");
1240 err = -EINVAL;
1241 goto out;
1242 }
1243
1244 hyp_pgtable = kzalloc(sizeof(*hyp_pgtable), GFP_KERNEL);
1245 if (!hyp_pgtable) {
1246 kvm_err("Hyp mode page-table not allocated\n");
1247 err = -ENOMEM;
1248 goto out;
1249 }
1250
1251 err = kvm_pgtable_hyp_init(hyp_pgtable, hyp_va_bits);
1252 if (err)
1253 goto out_free_pgtable;
1254
1255 err = kvm_map_idmap_text();
1256 if (err)
1257 goto out_destroy_pgtable;
1258
1259 io_map_base = hyp_idmap_start;
1260 return 0;
1261
1262 out_destroy_pgtable:
1263 kvm_pgtable_hyp_destroy(hyp_pgtable);
1264 out_free_pgtable:
1265 kfree(hyp_pgtable);
1266 hyp_pgtable = NULL;
1267 out:
1268 return err;
1269 }
1270
1271 void kvm_arch_commit_memory_region(struct kvm *kvm,
1272 const struct kvm_userspace_memory_region *mem,
1273 struct kvm_memory_slot *old,
1274 const struct kvm_memory_slot *new,
1275 enum kvm_mr_change change)
1276 {
1277 /*
1278 * At this point memslot has been committed and there is an
1279 * allocated dirty_bitmap[], dirty pages will be tracked while the
1280 * memory slot is write protected.
1281 */
1282 if (change != KVM_MR_DELETE && mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
1283 /*
1284 * If we're with initial-all-set, we don't need to write
1285 * protect any pages because they're all reported as dirty.
1286 * Huge pages and normal pages will be write protect gradually.
1287 */
1288 if (!kvm_dirty_log_manual_protect_and_init_set(kvm)) {
1289 kvm_mmu_wp_memory_region(kvm, mem->slot);
1290 }
1291 }
1292 }
1293
1294 int kvm_arch_prepare_memory_region(struct kvm *kvm,
1295 struct kvm_memory_slot *memslot,
1296 const struct kvm_userspace_memory_region *mem,
1297 enum kvm_mr_change change)
1298 {
1299 hva_t hva = mem->userspace_addr;
1300 hva_t reg_end = hva + mem->memory_size;
1301 bool writable = !(mem->flags & KVM_MEM_READONLY);
1302 int ret = 0;
1303
1304 if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&
1305 change != KVM_MR_FLAGS_ONLY)
1306 return 0;
1307
1308 /*
1309 * Prevent userspace from creating a memory region outside of the IPA
1310 * space addressable by the KVM guest IPA space.
1311 */
1312 if (memslot->base_gfn + memslot->npages >=
1313 (kvm_phys_size(kvm) >> PAGE_SHIFT))
1314 return -EFAULT;
1315
1316 mmap_read_lock(current->mm);
1317 /*
1318 * A memory region could potentially cover multiple VMAs, and any holes
1319 * between them, so iterate over all of them to find out if we can map
1320 * any of them right now.
1321 *
1322 * +--------------------------------------------+
1323 * +---------------+----------------+ +----------------+
1324 * | : VMA 1 | VMA 2 | | VMA 3 : |
1325 * +---------------+----------------+ +----------------+
1326 * | memory region |
1327 * +--------------------------------------------+
1328 */
1329 do {
1330 struct vm_area_struct *vma = find_vma(current->mm, hva);
1331 hva_t vm_start, vm_end;
1332
1333 if (!vma || vma->vm_start >= reg_end)
1334 break;
1335
1336 /*
1337 * Take the intersection of this VMA with the memory region
1338 */
1339 vm_start = max(hva, vma->vm_start);
1340 vm_end = min(reg_end, vma->vm_end);
1341
1342 if (vma->vm_flags & VM_PFNMAP) {
1343 gpa_t gpa = mem->guest_phys_addr +
1344 (vm_start - mem->userspace_addr);
1345 phys_addr_t pa;
1346
1347 pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
1348 pa += vm_start - vma->vm_start;
1349
1350 /* IO region dirty page logging not allowed */
1351 if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) {
1352 ret = -EINVAL;
1353 goto out;
1354 }
1355
1356 ret = kvm_phys_addr_ioremap(kvm, gpa, pa,
1357 vm_end - vm_start,
1358 writable);
1359 if (ret)
1360 break;
1361 }
1362 hva = vm_end;
1363 } while (hva < reg_end);
1364
1365 if (change == KVM_MR_FLAGS_ONLY)
1366 goto out;
1367
1368 spin_lock(&kvm->mmu_lock);
1369 if (ret)
1370 unmap_stage2_range(&kvm->arch.mmu, mem->guest_phys_addr, mem->memory_size);
1371 else if (!cpus_have_final_cap(ARM64_HAS_STAGE2_FWB))
1372 stage2_flush_memslot(kvm, memslot);
1373 spin_unlock(&kvm->mmu_lock);
1374 out:
1375 mmap_read_unlock(current->mm);
1376 return ret;
1377 }
1378
1379 void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot)
1380 {
1381 }
1382
1383 void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen)
1384 {
1385 }
1386
1387 void kvm_arch_flush_shadow_all(struct kvm *kvm)
1388 {
1389 kvm_free_stage2_pgd(&kvm->arch.mmu);
1390 }
1391
1392 void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
1393 struct kvm_memory_slot *slot)
1394 {
1395 gpa_t gpa = slot->base_gfn << PAGE_SHIFT;
1396 phys_addr_t size = slot->npages << PAGE_SHIFT;
1397
1398 spin_lock(&kvm->mmu_lock);
1399 unmap_stage2_range(&kvm->arch.mmu, gpa, size);
1400 spin_unlock(&kvm->mmu_lock);
1401 }
1402
1403 /*
1404 * See note at ARMv7 ARM B1.14.4 (TL;DR: S/W ops are not easily virtualized).
1405 *
1406 * Main problems:
1407 * - S/W ops are local to a CPU (not broadcast)
1408 * - We have line migration behind our back (speculation)
1409 * - System caches don't support S/W at all (damn!)
1410 *
1411 * In the face of the above, the best we can do is to try and convert
1412 * S/W ops to VA ops. Because the guest is not allowed to infer the
1413 * S/W to PA mapping, it can only use S/W to nuke the whole cache,
1414 * which is a rather good thing for us.
1415 *
1416 * Also, it is only used when turning caches on/off ("The expected
1417 * usage of the cache maintenance instructions that operate by set/way
1418 * is associated with the cache maintenance instructions associated
1419 * with the powerdown and powerup of caches, if this is required by
1420 * the implementation.").
1421 *
1422 * We use the following policy:
1423 *
1424 * - If we trap a S/W operation, we enable VM trapping to detect
1425 * caches being turned on/off, and do a full clean.
1426 *
1427 * - We flush the caches on both caches being turned on and off.
1428 *
1429 * - Once the caches are enabled, we stop trapping VM ops.
1430 */
1431 void kvm_set_way_flush(struct kvm_vcpu *vcpu)
1432 {
1433 unsigned long hcr = *vcpu_hcr(vcpu);
1434
1435 /*
1436 * If this is the first time we do a S/W operation
1437 * (i.e. HCR_TVM not set) flush the whole memory, and set the
1438 * VM trapping.
1439 *
1440 * Otherwise, rely on the VM trapping to wait for the MMU +
1441 * Caches to be turned off. At that point, we'll be able to
1442 * clean the caches again.
1443 */
1444 if (!(hcr & HCR_TVM)) {
1445 trace_kvm_set_way_flush(*vcpu_pc(vcpu),
1446 vcpu_has_cache_enabled(vcpu));
1447 stage2_flush_vm(vcpu->kvm);
1448 *vcpu_hcr(vcpu) = hcr | HCR_TVM;
1449 }
1450 }
1451
1452 void kvm_toggle_cache(struct kvm_vcpu *vcpu, bool was_enabled)
1453 {
1454 bool now_enabled = vcpu_has_cache_enabled(vcpu);
1455
1456 /*
1457 * If switching the MMU+caches on, need to invalidate the caches.
1458 * If switching it off, need to clean the caches.
1459 * Clean + invalidate does the trick always.
1460 */
1461 if (now_enabled != was_enabled)
1462 stage2_flush_vm(vcpu->kvm);
1463
1464 /* Caches are now on, stop trapping VM ops (until a S/W op) */
1465 if (now_enabled)
1466 *vcpu_hcr(vcpu) &= ~HCR_TVM;
1467
1468 trace_kvm_toggle_cache(*vcpu_pc(vcpu), was_enabled, now_enabled);
1469 }
Linux with added FPC-III support