2015-10-21 16:57:10 +08:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2015 - ARM Ltd
|
|
|
|
* Author: Marc Zyngier <marc.zyngier@arm.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
2015-10-28 23:06:47 +08:00
|
|
|
#include <linux/types.h>
|
2016-09-12 22:49:15 +08:00
|
|
|
#include <linux/jump_label.h>
|
2018-01-04 00:38:37 +08:00
|
|
|
#include <uapi/linux/psci.h>
|
2016-09-12 22:49:15 +08:00
|
|
|
|
2018-02-07 01:56:13 +08:00
|
|
|
#include <kvm/arm_psci.h>
|
|
|
|
|
2015-01-29 23:47:55 +08:00
|
|
|
#include <asm/kvm_asm.h>
|
arm64: KVM: vgic-v2: Add the GICV emulation infrastructure
In order to efficiently perform the GICV access on behalf of the
guest, we need to be able to avoid going back all the way to
the host kernel.
For this, we introduce a new hook in the world switch code,
conveniently placed just after populating the fault info.
At that point, we only have saved/restored the GP registers,
and we can quickly perform all the required checks (data abort,
translation fault, valid faulting syndrome, not an external
abort, not a PTW).
Coming back from the emulation code, we need to skip the emulated
instruction. This involves an additional bit of save/restore in
order to be able to access the guest's PC (and possibly CPSR if
this is a 32bit guest).
At this stage, no emulation code is provided.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2016-09-06 16:28:45 +08:00
|
|
|
#include <asm/kvm_emulate.h>
|
2016-01-28 21:44:07 +08:00
|
|
|
#include <asm/kvm_hyp.h>
|
2017-10-24 00:11:14 +08:00
|
|
|
#include <asm/kvm_mmu.h>
|
2016-11-08 21:56:21 +08:00
|
|
|
#include <asm/fpsimd.h>
|
2017-11-23 20:11:34 +08:00
|
|
|
#include <asm/debug-monitors.h>
|
2015-10-21 16:57:10 +08:00
|
|
|
|
2015-10-28 22:15:45 +08:00
|
|
|
static bool __hyp_text __fpsimd_enabled_nvhe(void)
|
|
|
|
{
|
|
|
|
return !(read_sysreg(cptr_el2) & CPTR_EL2_TFP);
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool __hyp_text __fpsimd_enabled_vhe(void)
|
|
|
|
{
|
|
|
|
return !!(read_sysreg(cpacr_el1) & CPACR_EL1_FPEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
static hyp_alternate_select(__fpsimd_is_enabled,
|
|
|
|
__fpsimd_enabled_nvhe, __fpsimd_enabled_vhe,
|
|
|
|
ARM64_HAS_VIRT_HOST_EXTN);
|
|
|
|
|
|
|
|
bool __hyp_text __fpsimd_enabled(void)
|
|
|
|
{
|
|
|
|
return __fpsimd_is_enabled()();
|
|
|
|
}
|
|
|
|
|
2015-01-29 23:47:55 +08:00
|
|
|
static void __hyp_text __activate_traps_vhe(void)
|
|
|
|
{
|
|
|
|
u64 val;
|
|
|
|
|
|
|
|
val = read_sysreg(cpacr_el1);
|
|
|
|
val |= CPACR_EL1_TTA;
|
arm64/sve: KVM: Prevent guests from using SVE
Until KVM has full SVE support, guests must not be allowed to
execute SVE instructions.
This patch enables the necessary traps, and also ensures that the
traps are disabled again on exit from the guest so that the host
can still use SVE if it wants to.
On guest exit, high bits of the SVE Zn registers may have been
clobbered as a side-effect the execution of FPSIMD instructions in
the guest. The existing KVM host FPSIMD restore code is not
sufficient to restore these bits, so this patch explicitly marks
the CPU as not containing cached vector state for any task, thus
forcing a reload on the next return to userspace. This is an
interim measure, in advance of adding full SVE awareness to KVM.
This marking of cached vector state in the CPU as invalid is done
using __this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due
to the repeated use of this rather obscure operation, it makes
sense to factor it out as a separate helper with a clearer name.
This patch factors it out as fpsimd_flush_cpu_state(), and ports
all callers to use it.
As a side effect of this refactoring, a this_cpu_write() in
fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
should be fine, since cpu_pm_enter() is supposed to be called only
with interrupts disabled.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-10-31 23:51:16 +08:00
|
|
|
val &= ~(CPACR_EL1_FPEN | CPACR_EL1_ZEN);
|
2015-01-29 23:47:55 +08:00
|
|
|
write_sysreg(val, cpacr_el1);
|
|
|
|
|
2018-01-04 00:38:35 +08:00
|
|
|
write_sysreg(kvm_get_hyp_vector(), vbar_el1);
|
2015-01-29 23:47:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void __hyp_text __activate_traps_nvhe(void)
|
|
|
|
{
|
|
|
|
u64 val;
|
|
|
|
|
|
|
|
val = CPTR_EL2_DEFAULT;
|
arm64/sve: KVM: Prevent guests from using SVE
Until KVM has full SVE support, guests must not be allowed to
execute SVE instructions.
This patch enables the necessary traps, and also ensures that the
traps are disabled again on exit from the guest so that the host
can still use SVE if it wants to.
On guest exit, high bits of the SVE Zn registers may have been
clobbered as a side-effect the execution of FPSIMD instructions in
the guest. The existing KVM host FPSIMD restore code is not
sufficient to restore these bits, so this patch explicitly marks
the CPU as not containing cached vector state for any task, thus
forcing a reload on the next return to userspace. This is an
interim measure, in advance of adding full SVE awareness to KVM.
This marking of cached vector state in the CPU as invalid is done
using __this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due
to the repeated use of this rather obscure operation, it makes
sense to factor it out as a separate helper with a clearer name.
This patch factors it out as fpsimd_flush_cpu_state(), and ports
all callers to use it.
As a side effect of this refactoring, a this_cpu_write() in
fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
should be fine, since cpu_pm_enter() is supposed to be called only
with interrupts disabled.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-10-31 23:51:16 +08:00
|
|
|
val |= CPTR_EL2_TTA | CPTR_EL2_TFP | CPTR_EL2_TZ;
|
2015-01-29 23:47:55 +08:00
|
|
|
write_sysreg(val, cptr_el2);
|
|
|
|
}
|
|
|
|
|
|
|
|
static hyp_alternate_select(__activate_traps_arch,
|
|
|
|
__activate_traps_nvhe, __activate_traps_vhe,
|
|
|
|
ARM64_HAS_VIRT_HOST_EXTN);
|
|
|
|
|
2015-10-21 16:57:10 +08:00
|
|
|
static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
|
|
|
u64 val;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We are about to set CPTR_EL2.TFP to trap all floating point
|
|
|
|
* register accesses to EL2, however, the ARM ARM clearly states that
|
|
|
|
* traps are only taken to EL2 if the operation would not otherwise
|
|
|
|
* trap to EL1. Therefore, always make sure that for 32-bit guests,
|
|
|
|
* we set FPEXC.EN to prevent traps to EL1, when setting the TFP bit.
|
2016-11-08 21:56:21 +08:00
|
|
|
* If FP/ASIMD is not implemented, FPEXC is UNDEFINED and any access to
|
|
|
|
* it will cause an exception.
|
2015-10-21 16:57:10 +08:00
|
|
|
*/
|
|
|
|
val = vcpu->arch.hcr_el2;
|
arm64: KVM: Hide unsupported AArch64 CPU features from guests
Currently, a guest kernel sees the true CPU feature registers
(ID_*_EL1) when it reads them using MRS instructions. This means
that the guest may observe features that are present in the
hardware but the host doesn't understand or doesn't provide support
for. A guest may legimitately try to use such a feature as per the
architecture, but use of the feature may trap instead of working
normally, triggering undef injection into the guest.
This is not a problem for the host, but the guest may go wrong when
running on newer hardware than the host knows about.
This patch hides from guest VMs any AArch64-specific CPU features
that the host doesn't support, by exposing to the guest the
sanitised versions of the registers computed by the cpufeatures
framework, instead of the true hardware registers. To achieve
this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
code is added to KVM to report the sanitised versions of the
affected registers in response to MRS and register reads from
userspace.
The affected registers are removed from invariant_sys_regs[] (since
the invariant_sys_regs handling is no longer quite correct for
them) and added to sys_reg_desgs[], with appropriate access(),
get_user() and set_user() methods. No runtime vcpu storage is
allocated for the registers: instead, they are read on demand from
the cpufeatures framework. This may need modification in the
future if there is a need for userspace to customise the features
visible to the guest.
Attempts by userspace to write the registers are handled similarly
to the current invariant_sys_regs handling: writes are permitted,
but only if they don't attempt to change the value. This is
sufficient to support VM snapshot/restore from userspace.
Because of the additional registers, restoring a VM on an older
kernel may not work unless userspace knows how to handle the extra
VM registers exposed to the KVM user ABI by this patch.
Under the principle of least damage, this patch makes no attempt to
handle any of the other registers currently in
invariant_sys_regs[], or to emulate registers for AArch32: however,
these could be handled in a similar way in future, as necessary.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-10-31 23:50:56 +08:00
|
|
|
|
2016-11-08 21:56:21 +08:00
|
|
|
if (!(val & HCR_RW) && system_supports_fpsimd()) {
|
2015-10-21 16:57:10 +08:00
|
|
|
write_sysreg(1 << 30, fpexc32_el2);
|
|
|
|
isb();
|
|
|
|
}
|
|
|
|
write_sysreg(val, hcr_el2);
|
arm64: KVM: Hide unsupported AArch64 CPU features from guests
Currently, a guest kernel sees the true CPU feature registers
(ID_*_EL1) when it reads them using MRS instructions. This means
that the guest may observe features that are present in the
hardware but the host doesn't understand or doesn't provide support
for. A guest may legimitately try to use such a feature as per the
architecture, but use of the feature may trap instead of working
normally, triggering undef injection into the guest.
This is not a problem for the host, but the guest may go wrong when
running on newer hardware than the host knows about.
This patch hides from guest VMs any AArch64-specific CPU features
that the host doesn't support, by exposing to the guest the
sanitised versions of the registers computed by the cpufeatures
framework, instead of the true hardware registers. To achieve
this, HCR_EL2.TID3 is now set for AArch64 guests, and emulation
code is added to KVM to report the sanitised versions of the
affected registers in response to MRS and register reads from
userspace.
The affected registers are removed from invariant_sys_regs[] (since
the invariant_sys_regs handling is no longer quite correct for
them) and added to sys_reg_desgs[], with appropriate access(),
get_user() and set_user() methods. No runtime vcpu storage is
allocated for the registers: instead, they are read on demand from
the cpufeatures framework. This may need modification in the
future if there is a need for userspace to customise the features
visible to the guest.
Attempts by userspace to write the registers are handled similarly
to the current invariant_sys_regs handling: writes are permitted,
but only if they don't attempt to change the value. This is
sufficient to support VM snapshot/restore from userspace.
Because of the additional registers, restoring a VM on an older
kernel may not work unless userspace knows how to handle the extra
VM registers exposed to the KVM user ABI by this patch.
Under the principle of least damage, this patch makes no attempt to
handle any of the other registers currently in
invariant_sys_regs[], or to emulate registers for AArch32: however,
these could be handled in a similar way in future, as necessary.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-10-31 23:50:56 +08:00
|
|
|
|
2018-01-16 03:39:01 +08:00
|
|
|
if (cpus_have_const_cap(ARM64_HAS_RAS_EXTN) && (val & HCR_VSE))
|
|
|
|
write_sysreg_s(vcpu->arch.vsesr_el2, SYS_VSESR_EL2);
|
|
|
|
|
2015-10-21 16:57:10 +08:00
|
|
|
/* Trap on AArch32 cp15 c15 accesses (EL1 or EL0) */
|
|
|
|
write_sysreg(1 << 15, hstr_el2);
|
2016-12-06 22:34:22 +08:00
|
|
|
/*
|
|
|
|
* Make sure we trap PMU access from EL0 to EL2. Also sanitize
|
|
|
|
* PMSELR_EL0 to make sure it never contains the cycle
|
|
|
|
* counter, which could make a PMXEVCNTR_EL0 access UNDEF at
|
|
|
|
* EL1 instead of being trapped to EL2.
|
|
|
|
*/
|
|
|
|
write_sysreg(0, pmselr_el0);
|
2015-09-08 15:15:56 +08:00
|
|
|
write_sysreg(ARMV8_PMU_USERENR_MASK, pmuserenr_el0);
|
2015-01-29 23:47:55 +08:00
|
|
|
write_sysreg(vcpu->arch.mdcr_el2, mdcr_el2);
|
|
|
|
__activate_traps_arch()();
|
|
|
|
}
|
2016-01-20 00:20:18 +08:00
|
|
|
|
2015-01-29 23:47:55 +08:00
|
|
|
static void __hyp_text __deactivate_traps_vhe(void)
|
|
|
|
{
|
|
|
|
extern char vectors[]; /* kernel exception vectors */
|
2016-09-22 18:35:43 +08:00
|
|
|
u64 mdcr_el2 = read_sysreg(mdcr_el2);
|
2016-01-20 00:20:18 +08:00
|
|
|
|
2016-09-22 18:35:43 +08:00
|
|
|
mdcr_el2 &= MDCR_EL2_HPMN_MASK |
|
|
|
|
MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT |
|
|
|
|
MDCR_EL2_TPMS;
|
|
|
|
|
|
|
|
write_sysreg(mdcr_el2, mdcr_el2);
|
2015-01-29 23:47:55 +08:00
|
|
|
write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2);
|
arm64/sve: KVM: Prevent guests from using SVE
Until KVM has full SVE support, guests must not be allowed to
execute SVE instructions.
This patch enables the necessary traps, and also ensures that the
traps are disabled again on exit from the guest so that the host
can still use SVE if it wants to.
On guest exit, high bits of the SVE Zn registers may have been
clobbered as a side-effect the execution of FPSIMD instructions in
the guest. The existing KVM host FPSIMD restore code is not
sufficient to restore these bits, so this patch explicitly marks
the CPU as not containing cached vector state for any task, thus
forcing a reload on the next return to userspace. This is an
interim measure, in advance of adding full SVE awareness to KVM.
This marking of cached vector state in the CPU as invalid is done
using __this_cpu_write(fpsimd_last_state, NULL) in fpsimd.c. Due
to the repeated use of this rather obscure operation, it makes
sense to factor it out as a separate helper with a clearer name.
This patch factors it out as fpsimd_flush_cpu_state(), and ports
all callers to use it.
As a side effect of this refactoring, a this_cpu_write() in
fpsimd_cpu_pm_notifier() is changed to __this_cpu_write(). This
should be fine, since cpu_pm_enter() is supposed to be called only
with interrupts disabled.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-10-31 23:51:16 +08:00
|
|
|
write_sysreg(CPACR_EL1_DEFAULT, cpacr_el1);
|
2015-01-29 23:47:55 +08:00
|
|
|
write_sysreg(vectors, vbar_el1);
|
2015-10-21 16:57:10 +08:00
|
|
|
}
|
|
|
|
|
2015-01-29 23:47:55 +08:00
|
|
|
static void __hyp_text __deactivate_traps_nvhe(void)
|
2015-10-21 16:57:10 +08:00
|
|
|
{
|
2016-09-22 18:35:43 +08:00
|
|
|
u64 mdcr_el2 = read_sysreg(mdcr_el2);
|
|
|
|
|
|
|
|
mdcr_el2 &= MDCR_EL2_HPMN_MASK;
|
|
|
|
mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT;
|
|
|
|
|
|
|
|
write_sysreg(mdcr_el2, mdcr_el2);
|
2015-10-21 16:57:10 +08:00
|
|
|
write_sysreg(HCR_RW, hcr_el2);
|
2015-01-29 23:47:55 +08:00
|
|
|
write_sysreg(CPTR_EL2_DEFAULT, cptr_el2);
|
|
|
|
}
|
|
|
|
|
|
|
|
static hyp_alternate_select(__deactivate_traps_arch,
|
|
|
|
__deactivate_traps_nvhe, __deactivate_traps_vhe,
|
|
|
|
ARM64_HAS_VIRT_HOST_EXTN);
|
|
|
|
|
|
|
|
static void __hyp_text __deactivate_traps(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
2016-09-06 21:02:00 +08:00
|
|
|
/*
|
|
|
|
* If we pended a virtual abort, preserve it until it gets
|
|
|
|
* cleared. See D1.14.3 (Virtual Interrupts) for details, but
|
|
|
|
* the crucial bit is "On taking a vSError interrupt,
|
|
|
|
* HCR_EL2.VSE is cleared to 0."
|
|
|
|
*/
|
|
|
|
if (vcpu->arch.hcr_el2 & HCR_VSE)
|
|
|
|
vcpu->arch.hcr_el2 = read_sysreg(hcr_el2);
|
|
|
|
|
2015-01-29 23:47:55 +08:00
|
|
|
__deactivate_traps_arch()();
|
2015-10-21 16:57:10 +08:00
|
|
|
write_sysreg(0, hstr_el2);
|
2015-09-08 15:15:56 +08:00
|
|
|
write_sysreg(0, pmuserenr_el0);
|
2015-10-21 16:57:10 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void __hyp_text __activate_vm(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
|
|
|
struct kvm *kvm = kern_hyp_va(vcpu->kvm);
|
|
|
|
write_sysreg(kvm->arch.vttbr, vttbr_el2);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __hyp_text __deactivate_vm(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
|
|
|
write_sysreg(0, vttbr_el2);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __hyp_text __vgic_save_state(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
2016-09-12 22:49:15 +08:00
|
|
|
if (static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif))
|
|
|
|
__vgic_v3_save_state(vcpu);
|
|
|
|
else
|
|
|
|
__vgic_v2_save_state(vcpu);
|
|
|
|
|
2015-10-21 16:57:10 +08:00
|
|
|
write_sysreg(read_sysreg(hcr_el2) & ~HCR_INT_OVERRIDE, hcr_el2);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __hyp_text __vgic_restore_state(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
|
|
|
u64 val;
|
|
|
|
|
|
|
|
val = read_sysreg(hcr_el2);
|
|
|
|
val |= HCR_INT_OVERRIDE;
|
|
|
|
val |= vcpu->arch.irq_lines;
|
|
|
|
write_sysreg(val, hcr_el2);
|
|
|
|
|
2016-09-12 22:49:15 +08:00
|
|
|
if (static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif))
|
|
|
|
__vgic_v3_restore_state(vcpu);
|
|
|
|
else
|
|
|
|
__vgic_v2_restore_state(vcpu);
|
2015-10-21 16:57:10 +08:00
|
|
|
}
|
|
|
|
|
2015-10-28 23:06:47 +08:00
|
|
|
static bool __hyp_text __true_value(void)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool __hyp_text __false_value(void)
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static hyp_alternate_select(__check_arm_834220,
|
|
|
|
__false_value, __true_value,
|
|
|
|
ARM64_WORKAROUND_834220);
|
|
|
|
|
|
|
|
static bool __hyp_text __translate_far_to_hpfar(u64 far, u64 *hpfar)
|
|
|
|
{
|
|
|
|
u64 par, tmp;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Resolve the IPA the hard way using the guest VA.
|
|
|
|
*
|
|
|
|
* Stage-1 translation already validated the memory access
|
|
|
|
* rights. As such, we can use the EL1 translation regime, and
|
|
|
|
* don't have to distinguish between EL0 and EL1 access.
|
|
|
|
*
|
|
|
|
* We do need to save/restore PAR_EL1 though, as we haven't
|
|
|
|
* saved the guest context yet, and we may return early...
|
|
|
|
*/
|
|
|
|
par = read_sysreg(par_el1);
|
|
|
|
asm volatile("at s1e1r, %0" : : "r" (far));
|
|
|
|
isb();
|
|
|
|
|
|
|
|
tmp = read_sysreg(par_el1);
|
|
|
|
write_sysreg(par, par_el1);
|
|
|
|
|
|
|
|
if (unlikely(tmp & 1))
|
|
|
|
return false; /* Translation failed, back to guest */
|
|
|
|
|
|
|
|
/* Convert PAR to HPFAR format */
|
|
|
|
*hpfar = ((tmp >> 12) & ((1UL << 36) - 1)) << 4;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool __hyp_text __populate_fault_info(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
2018-01-16 03:39:03 +08:00
|
|
|
u8 ec;
|
|
|
|
u64 esr;
|
2015-10-28 23:06:47 +08:00
|
|
|
u64 hpfar, far;
|
|
|
|
|
2018-01-16 03:39:03 +08:00
|
|
|
esr = vcpu->arch.fault.esr_el2;
|
|
|
|
ec = ESR_ELx_EC(esr);
|
2015-10-28 23:06:47 +08:00
|
|
|
|
|
|
|
if (ec != ESR_ELx_EC_DABT_LOW && ec != ESR_ELx_EC_IABT_LOW)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
far = read_sysreg_el2(far);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The HPFAR can be invalid if the stage 2 fault did not
|
|
|
|
* happen during a stage 1 page table walk (the ESR_EL2.S1PTW
|
|
|
|
* bit is clear) and one of the two following cases are true:
|
|
|
|
* 1. The fault was due to a permission fault
|
|
|
|
* 2. The processor carries errata 834220
|
|
|
|
*
|
|
|
|
* Therefore, for all non S1PTW faults where we either have a
|
|
|
|
* permission fault or the errata workaround is enabled, we
|
|
|
|
* resolve the IPA using the AT instruction.
|
|
|
|
*/
|
|
|
|
if (!(esr & ESR_ELx_S1PTW) &&
|
|
|
|
(__check_arm_834220()() || (esr & ESR_ELx_FSC_TYPE) == FSC_PERM)) {
|
|
|
|
if (!__translate_far_to_hpfar(far, &hpfar))
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
hpfar = read_sysreg(hpfar_el2);
|
|
|
|
}
|
|
|
|
|
|
|
|
vcpu->arch.fault.far_el2 = far;
|
|
|
|
vcpu->arch.fault.hpfar_el2 = hpfar;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-11-23 20:11:34 +08:00
|
|
|
/* Skip an instruction which has been emulated. Returns true if
|
|
|
|
* execution can continue or false if we need to exit hyp mode because
|
|
|
|
* single-step was in effect.
|
|
|
|
*/
|
|
|
|
static bool __hyp_text __skip_instr(struct kvm_vcpu *vcpu)
|
arm64: KVM: vgic-v2: Add the GICV emulation infrastructure
In order to efficiently perform the GICV access on behalf of the
guest, we need to be able to avoid going back all the way to
the host kernel.
For this, we introduce a new hook in the world switch code,
conveniently placed just after populating the fault info.
At that point, we only have saved/restored the GP registers,
and we can quickly perform all the required checks (data abort,
translation fault, valid faulting syndrome, not an external
abort, not a PTW).
Coming back from the emulation code, we need to skip the emulated
instruction. This involves an additional bit of save/restore in
order to be able to access the guest's PC (and possibly CPSR if
this is a 32bit guest).
At this stage, no emulation code is provided.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2016-09-06 16:28:45 +08:00
|
|
|
{
|
|
|
|
*vcpu_pc(vcpu) = read_sysreg_el2(elr);
|
|
|
|
|
|
|
|
if (vcpu_mode_is_32bit(vcpu)) {
|
|
|
|
vcpu->arch.ctxt.gp_regs.regs.pstate = read_sysreg_el2(spsr);
|
|
|
|
kvm_skip_instr32(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));
|
|
|
|
write_sysreg_el2(vcpu->arch.ctxt.gp_regs.regs.pstate, spsr);
|
|
|
|
} else {
|
|
|
|
*vcpu_pc(vcpu) += 4;
|
|
|
|
}
|
|
|
|
|
|
|
|
write_sysreg_el2(*vcpu_pc(vcpu), elr);
|
2017-11-23 20:11:34 +08:00
|
|
|
|
|
|
|
if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) {
|
|
|
|
vcpu->arch.fault.esr_el2 =
|
|
|
|
(ESR_ELx_EC_SOFTSTP_LOW << ESR_ELx_EC_SHIFT) | 0x22;
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
return true;
|
|
|
|
}
|
arm64: KVM: vgic-v2: Add the GICV emulation infrastructure
In order to efficiently perform the GICV access on behalf of the
guest, we need to be able to avoid going back all the way to
the host kernel.
For this, we introduce a new hook in the world switch code,
conveniently placed just after populating the fault info.
At that point, we only have saved/restored the GP registers,
and we can quickly perform all the required checks (data abort,
translation fault, valid faulting syndrome, not an external
abort, not a PTW).
Coming back from the emulation code, we need to skip the emulated
instruction. This involves an additional bit of save/restore in
order to be able to access the guest's PC (and possibly CPSR if
this is a 32bit guest).
At this stage, no emulation code is provided.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2016-09-06 16:28:45 +08:00
|
|
|
}
|
|
|
|
|
2016-09-01 19:16:03 +08:00
|
|
|
int __hyp_text __kvm_vcpu_run(struct kvm_vcpu *vcpu)
|
2015-10-21 16:57:10 +08:00
|
|
|
{
|
|
|
|
struct kvm_cpu_context *host_ctxt;
|
|
|
|
struct kvm_cpu_context *guest_ctxt;
|
2015-10-26 16:34:09 +08:00
|
|
|
bool fp_enabled;
|
2015-10-21 16:57:10 +08:00
|
|
|
u64 exit_code;
|
|
|
|
|
|
|
|
vcpu = kern_hyp_va(vcpu);
|
|
|
|
|
|
|
|
host_ctxt = kern_hyp_va(vcpu->arch.host_cpu_context);
|
2018-01-08 23:38:05 +08:00
|
|
|
host_ctxt->__hyp_running_vcpu = vcpu;
|
2015-10-21 16:57:10 +08:00
|
|
|
guest_ctxt = &vcpu->arch.ctxt;
|
|
|
|
|
2015-10-28 20:17:35 +08:00
|
|
|
__sysreg_save_host_state(host_ctxt);
|
2015-10-21 16:57:10 +08:00
|
|
|
__debug_cond_save_host_state(vcpu);
|
|
|
|
|
|
|
|
__activate_traps(vcpu);
|
|
|
|
__activate_vm(vcpu);
|
|
|
|
|
|
|
|
__vgic_restore_state(vcpu);
|
2017-01-04 23:10:28 +08:00
|
|
|
__timer_enable_traps(vcpu);
|
2015-10-21 16:57:10 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We must restore the 32-bit state before the sysregs, thanks
|
2016-08-16 22:03:01 +08:00
|
|
|
* to erratum #852523 (Cortex-A57) or #853709 (Cortex-A72).
|
2015-10-21 16:57:10 +08:00
|
|
|
*/
|
|
|
|
__sysreg32_restore_state(vcpu);
|
2015-10-28 20:17:35 +08:00
|
|
|
__sysreg_restore_guest_state(guest_ctxt);
|
2015-10-21 16:57:10 +08:00
|
|
|
__debug_restore_state(vcpu, kern_hyp_va(vcpu->arch.debug_ptr), guest_ctxt);
|
|
|
|
|
|
|
|
/* Jump in the fire! */
|
2015-10-28 23:06:47 +08:00
|
|
|
again:
|
2015-10-21 16:57:10 +08:00
|
|
|
exit_code = __guest_enter(vcpu, host_ctxt);
|
|
|
|
/* And we're baaack! */
|
|
|
|
|
2018-01-16 03:39:03 +08:00
|
|
|
if (ARM_EXCEPTION_CODE(exit_code) != ARM_EXCEPTION_IRQ)
|
|
|
|
vcpu->arch.fault.esr_el2 = read_sysreg_el2(esr);
|
2016-09-06 21:02:07 +08:00
|
|
|
/*
|
|
|
|
* We're using the raw exception code in order to only process
|
|
|
|
* the trap if no SError is pending. We will come back to the
|
|
|
|
* same PC once the SError has been injected, and replay the
|
|
|
|
* trapping instruction.
|
|
|
|
*/
|
2015-10-28 23:06:47 +08:00
|
|
|
if (exit_code == ARM_EXCEPTION_TRAP && !__populate_fault_info(vcpu))
|
|
|
|
goto again;
|
|
|
|
|
arm64: KVM: vgic-v2: Add the GICV emulation infrastructure
In order to efficiently perform the GICV access on behalf of the
guest, we need to be able to avoid going back all the way to
the host kernel.
For this, we introduce a new hook in the world switch code,
conveniently placed just after populating the fault info.
At that point, we only have saved/restored the GP registers,
and we can quickly perform all the required checks (data abort,
translation fault, valid faulting syndrome, not an external
abort, not a PTW).
Coming back from the emulation code, we need to skip the emulated
instruction. This involves an additional bit of save/restore in
order to be able to access the guest's PC (and possibly CPSR if
this is a 32bit guest).
At this stage, no emulation code is provided.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2016-09-06 16:28:45 +08:00
|
|
|
if (static_branch_unlikely(&vgic_v2_cpuif_trap) &&
|
|
|
|
exit_code == ARM_EXCEPTION_TRAP) {
|
|
|
|
bool valid;
|
|
|
|
|
|
|
|
valid = kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_DABT_LOW &&
|
|
|
|
kvm_vcpu_trap_get_fault_type(vcpu) == FSC_FAULT &&
|
|
|
|
kvm_vcpu_dabt_isvalid(vcpu) &&
|
|
|
|
!kvm_vcpu_dabt_isextabt(vcpu) &&
|
|
|
|
!kvm_vcpu_dabt_iss1tw(vcpu);
|
|
|
|
|
2016-09-06 21:02:17 +08:00
|
|
|
if (valid) {
|
|
|
|
int ret = __vgic_v2_perform_cpuif_access(vcpu);
|
|
|
|
|
|
|
|
if (ret == 1) {
|
2017-11-23 20:11:34 +08:00
|
|
|
if (__skip_instr(vcpu))
|
|
|
|
goto again;
|
|
|
|
else
|
|
|
|
exit_code = ARM_EXCEPTION_TRAP;
|
2016-09-06 21:02:17 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ret == -1) {
|
2017-11-23 20:11:34 +08:00
|
|
|
/* Promote an illegal access to an
|
|
|
|
* SError. If we would be returning
|
|
|
|
* due to single-step clear the SS
|
|
|
|
* bit so handle_exit knows what to
|
|
|
|
* do after dealing with the error.
|
|
|
|
*/
|
|
|
|
if (!__skip_instr(vcpu))
|
|
|
|
*vcpu_cpsr(vcpu) &= ~DBG_SPSR_SS;
|
2016-09-06 21:02:17 +08:00
|
|
|
exit_code = ARM_EXCEPTION_EL1_SERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* 0 falls through to be handler out of EL2 */
|
arm64: KVM: vgic-v2: Add the GICV emulation infrastructure
In order to efficiently perform the GICV access on behalf of the
guest, we need to be able to avoid going back all the way to
the host kernel.
For this, we introduce a new hook in the world switch code,
conveniently placed just after populating the fault info.
At that point, we only have saved/restored the GP registers,
and we can quickly perform all the required checks (data abort,
translation fault, valid faulting syndrome, not an external
abort, not a PTW).
Coming back from the emulation code, we need to skip the emulated
instruction. This involves an additional bit of save/restore in
order to be able to access the guest's PC (and possibly CPSR if
this is a 32bit guest).
At this stage, no emulation code is provided.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2016-09-06 16:28:45 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-09 19:49:33 +08:00
|
|
|
if (static_branch_unlikely(&vgic_v3_cpuif_trap) &&
|
|
|
|
exit_code == ARM_EXCEPTION_TRAP &&
|
|
|
|
(kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_SYS64 ||
|
|
|
|
kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_CP15_32)) {
|
|
|
|
int ret = __vgic_v3_perform_cpuif_access(vcpu);
|
|
|
|
|
|
|
|
if (ret == 1) {
|
2017-11-23 20:11:34 +08:00
|
|
|
if (__skip_instr(vcpu))
|
|
|
|
goto again;
|
|
|
|
else
|
|
|
|
exit_code = ARM_EXCEPTION_TRAP;
|
2017-06-09 19:49:33 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* 0 falls through to be handled out of EL2 */
|
|
|
|
}
|
|
|
|
|
2018-01-06 04:28:59 +08:00
|
|
|
if (cpus_have_const_cap(ARM64_HARDEN_BP_POST_GUEST_EXIT)) {
|
|
|
|
u32 midr = read_cpuid_id();
|
|
|
|
|
|
|
|
/* Apply BTAC predictors mitigation to all Falkor chips */
|
2018-02-12 09:16:15 +08:00
|
|
|
if (((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR) ||
|
|
|
|
((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1)) {
|
2018-01-06 04:28:59 +08:00
|
|
|
__qcom_hyp_sanitize_btac_predictors();
|
2018-02-12 09:16:15 +08:00
|
|
|
}
|
2018-01-06 04:28:59 +08:00
|
|
|
}
|
|
|
|
|
2015-10-26 16:34:09 +08:00
|
|
|
fp_enabled = __fpsimd_enabled();
|
|
|
|
|
2015-10-28 20:17:35 +08:00
|
|
|
__sysreg_save_guest_state(guest_ctxt);
|
2015-10-21 16:57:10 +08:00
|
|
|
__sysreg32_save_state(vcpu);
|
2017-01-04 23:10:28 +08:00
|
|
|
__timer_disable_traps(vcpu);
|
2015-10-21 16:57:10 +08:00
|
|
|
__vgic_save_state(vcpu);
|
|
|
|
|
|
|
|
__deactivate_traps(vcpu);
|
|
|
|
__deactivate_vm(vcpu);
|
|
|
|
|
2015-10-28 20:17:35 +08:00
|
|
|
__sysreg_restore_host_state(host_ctxt);
|
2015-10-21 16:57:10 +08:00
|
|
|
|
2015-10-26 16:34:09 +08:00
|
|
|
if (fp_enabled) {
|
|
|
|
__fpsimd_save_state(&guest_ctxt->gp_regs.fp_regs);
|
|
|
|
__fpsimd_restore_state(&host_ctxt->gp_regs.fp_regs);
|
|
|
|
}
|
|
|
|
|
2015-10-21 16:57:10 +08:00
|
|
|
__debug_save_state(vcpu, kern_hyp_va(vcpu->arch.debug_ptr), guest_ctxt);
|
2016-09-22 18:35:43 +08:00
|
|
|
/*
|
|
|
|
* This must come after restoring the host sysregs, since a non-VHE
|
|
|
|
* system may enable SPE here and make use of the TTBRs.
|
|
|
|
*/
|
2015-10-21 16:57:10 +08:00
|
|
|
__debug_cond_restore_host_state(vcpu);
|
|
|
|
|
|
|
|
return exit_code;
|
|
|
|
}
|
2015-10-25 23:21:52 +08:00
|
|
|
|
|
|
|
static const char __hyp_panic_string[] = "HYP panic:\nPS:%08llx PC:%016llx ESR:%08llx\nFAR:%016llx HPFAR:%016llx PAR:%016llx\nVCPU:%p\n";
|
|
|
|
|
2018-01-08 23:38:05 +08:00
|
|
|
static void __hyp_text __hyp_call_panic_nvhe(u64 spsr, u64 elr, u64 par,
|
|
|
|
struct kvm_vcpu *vcpu)
|
2015-10-25 23:21:52 +08:00
|
|
|
{
|
2016-07-01 01:40:35 +08:00
|
|
|
unsigned long str_va;
|
2015-11-17 22:07:45 +08:00
|
|
|
|
2016-07-01 01:40:35 +08:00
|
|
|
/*
|
|
|
|
* Force the panic string to be loaded from the literal pool,
|
|
|
|
* making sure it is a kernel address and not a PC-relative
|
|
|
|
* reference.
|
|
|
|
*/
|
|
|
|
asm volatile("ldr %0, =__hyp_panic_string" : "=r" (str_va));
|
|
|
|
|
|
|
|
__hyp_do_panic(str_va,
|
2015-11-17 22:07:45 +08:00
|
|
|
spsr, elr,
|
|
|
|
read_sysreg(esr_el2), read_sysreg_el2(far),
|
2018-01-08 23:38:05 +08:00
|
|
|
read_sysreg(hpfar_el2), par, vcpu);
|
2015-11-17 22:07:45 +08:00
|
|
|
}
|
|
|
|
|
2018-01-08 23:38:05 +08:00
|
|
|
static void __hyp_text __hyp_call_panic_vhe(u64 spsr, u64 elr, u64 par,
|
|
|
|
struct kvm_vcpu *vcpu)
|
2015-11-17 22:07:45 +08:00
|
|
|
{
|
|
|
|
panic(__hyp_panic_string,
|
|
|
|
spsr, elr,
|
|
|
|
read_sysreg_el2(esr), read_sysreg_el2(far),
|
2018-01-08 23:38:05 +08:00
|
|
|
read_sysreg(hpfar_el2), par, vcpu);
|
2015-11-17 22:07:45 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static hyp_alternate_select(__hyp_call_panic,
|
|
|
|
__hyp_call_panic_nvhe, __hyp_call_panic_vhe,
|
|
|
|
ARM64_HAS_VIRT_HOST_EXTN);
|
|
|
|
|
2017-10-08 23:01:56 +08:00
|
|
|
void __hyp_text __noreturn hyp_panic(struct kvm_cpu_context *host_ctxt)
|
2015-11-17 22:07:45 +08:00
|
|
|
{
|
2018-01-08 23:38:05 +08:00
|
|
|
struct kvm_vcpu *vcpu = NULL;
|
|
|
|
|
2015-11-17 22:07:45 +08:00
|
|
|
u64 spsr = read_sysreg_el2(spsr);
|
|
|
|
u64 elr = read_sysreg_el2(elr);
|
2015-10-25 23:21:52 +08:00
|
|
|
u64 par = read_sysreg(par_el1);
|
|
|
|
|
|
|
|
if (read_sysreg(vttbr_el2)) {
|
2018-01-08 23:38:05 +08:00
|
|
|
vcpu = host_ctxt->__hyp_running_vcpu;
|
2017-01-04 23:10:28 +08:00
|
|
|
__timer_disable_traps(vcpu);
|
2015-10-25 23:21:52 +08:00
|
|
|
__deactivate_traps(vcpu);
|
|
|
|
__deactivate_vm(vcpu);
|
2015-10-28 20:17:35 +08:00
|
|
|
__sysreg_restore_host_state(host_ctxt);
|
2015-10-25 23:21:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Call panic for real */
|
2018-01-08 23:38:05 +08:00
|
|
|
__hyp_call_panic()(spsr, elr, par, vcpu);
|
2015-10-25 23:21:52 +08:00
|
|
|
|
|
|
|
unreachable();
|
|
|
|
}
|