2 * Copyright (C) 2012 - Virtual Open Systems and Columbia University
3 * Author: Christoffer Dall <c.dall@virtualopensystems.com>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License, version 2, as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19 #include <linux/mman.h>
20 #include <linux/kvm_host.h>
22 #include <linux/hugetlb.h>
23 #include <trace/events/kvm.h>
24 #include <asm/pgalloc.h>
25 #include <asm/cacheflush.h>
26 #include <asm/kvm_arm.h>
27 #include <asm/kvm_mmu.h>
28 #include <asm/kvm_mmio.h>
29 #include <asm/kvm_asm.h>
30 #include <asm/kvm_emulate.h>
34 extern char __hyp_idmap_text_start[], __hyp_idmap_text_end[];
36 static pgd_t *boot_hyp_pgd;
37 static pgd_t *hyp_pgd;
38 static DEFINE_MUTEX(kvm_hyp_pgd_mutex);
40 static void *init_bounce_page;
41 static unsigned long hyp_idmap_start;
42 static unsigned long hyp_idmap_end;
43 static phys_addr_t hyp_idmap_vector;
45 #define hyp_pgd_order get_order(PTRS_PER_PGD * sizeof(pgd_t))
47 #define kvm_pmd_huge(_x) (pmd_huge(_x) || pmd_trans_huge(_x))
49 static void kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa)
52 * This function also gets called when dealing with HYP page
53 * tables. As HYP doesn't have an associated struct kvm (and
54 * the HYP page tables are fairly static), we don't do
58 kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, kvm, ipa);
61 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
66 BUG_ON(max > KVM_NR_MEM_OBJS);
67 if (cache->nobjs >= min)
69 while (cache->nobjs < max) {
70 page = (void *)__get_free_page(PGALLOC_GFP);
73 cache->objects[cache->nobjs++] = page;
78 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
81 free_page((unsigned long)mc->objects[--mc->nobjs]);
84 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
88 BUG_ON(!mc || !mc->nobjs);
89 p = mc->objects[--mc->nobjs];
93 static void clear_pgd_entry(struct kvm *kvm, pgd_t *pgd, phys_addr_t addr)
95 pud_t *pud_table __maybe_unused = pud_offset(pgd, 0);
97 kvm_tlb_flush_vmid_ipa(kvm, addr);
98 pud_free(NULL, pud_table);
99 put_page(virt_to_page(pgd));
102 static void clear_pud_entry(struct kvm *kvm, pud_t *pud, phys_addr_t addr)
104 pmd_t *pmd_table = pmd_offset(pud, 0);
105 VM_BUG_ON(pud_huge(*pud));
107 kvm_tlb_flush_vmid_ipa(kvm, addr);
108 pmd_free(NULL, pmd_table);
109 put_page(virt_to_page(pud));
112 static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr)
114 pte_t *pte_table = pte_offset_kernel(pmd, 0);
115 VM_BUG_ON(kvm_pmd_huge(*pmd));
117 kvm_tlb_flush_vmid_ipa(kvm, addr);
118 pte_free_kernel(NULL, pte_table);
119 put_page(virt_to_page(pmd));
122 static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
123 phys_addr_t addr, phys_addr_t end)
125 phys_addr_t start_addr = addr;
126 pte_t *pte, *start_pte;
128 start_pte = pte = pte_offset_kernel(pmd, addr);
130 if (!pte_none(*pte)) {
131 kvm_set_pte(pte, __pte(0));
132 put_page(virt_to_page(pte));
133 kvm_tlb_flush_vmid_ipa(kvm, addr);
135 } while (pte++, addr += PAGE_SIZE, addr != end);
137 if (kvm_pte_table_empty(kvm, start_pte))
138 clear_pmd_entry(kvm, pmd, start_addr);
141 static void unmap_pmds(struct kvm *kvm, pud_t *pud,
142 phys_addr_t addr, phys_addr_t end)
144 phys_addr_t next, start_addr = addr;
145 pmd_t *pmd, *start_pmd;
147 start_pmd = pmd = pmd_offset(pud, addr);
149 next = kvm_pmd_addr_end(addr, end);
150 if (!pmd_none(*pmd)) {
151 if (kvm_pmd_huge(*pmd)) {
153 kvm_tlb_flush_vmid_ipa(kvm, addr);
154 put_page(virt_to_page(pmd));
156 unmap_ptes(kvm, pmd, addr, next);
159 } while (pmd++, addr = next, addr != end);
161 if (kvm_pmd_table_empty(kvm, start_pmd))
162 clear_pud_entry(kvm, pud, start_addr);
165 static void unmap_puds(struct kvm *kvm, pgd_t *pgd,
166 phys_addr_t addr, phys_addr_t end)
168 phys_addr_t next, start_addr = addr;
169 pud_t *pud, *start_pud;
171 start_pud = pud = pud_offset(pgd, addr);
173 next = kvm_pud_addr_end(addr, end);
174 if (!pud_none(*pud)) {
175 if (pud_huge(*pud)) {
177 kvm_tlb_flush_vmid_ipa(kvm, addr);
178 put_page(virt_to_page(pud));
180 unmap_pmds(kvm, pud, addr, next);
183 } while (pud++, addr = next, addr != end);
185 if (kvm_pud_table_empty(kvm, start_pud))
186 clear_pgd_entry(kvm, pgd, start_addr);
190 static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
191 phys_addr_t start, u64 size)
194 phys_addr_t addr = start, end = start + size;
197 pgd = pgdp + pgd_index(addr);
199 next = kvm_pgd_addr_end(addr, end);
201 unmap_puds(kvm, pgd, addr, next);
202 } while (pgd++, addr = next, addr != end);
205 static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
206 phys_addr_t addr, phys_addr_t end)
210 pte = pte_offset_kernel(pmd, addr);
212 if (!pte_none(*pte)) {
213 hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
214 kvm_flush_dcache_to_poc((void*)hva, PAGE_SIZE);
216 } while (pte++, addr += PAGE_SIZE, addr != end);
219 static void stage2_flush_pmds(struct kvm *kvm, pud_t *pud,
220 phys_addr_t addr, phys_addr_t end)
225 pmd = pmd_offset(pud, addr);
227 next = kvm_pmd_addr_end(addr, end);
228 if (!pmd_none(*pmd)) {
229 if (kvm_pmd_huge(*pmd)) {
230 hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
231 kvm_flush_dcache_to_poc((void*)hva, PMD_SIZE);
233 stage2_flush_ptes(kvm, pmd, addr, next);
236 } while (pmd++, addr = next, addr != end);
239 static void stage2_flush_puds(struct kvm *kvm, pgd_t *pgd,
240 phys_addr_t addr, phys_addr_t end)
245 pud = pud_offset(pgd, addr);
247 next = kvm_pud_addr_end(addr, end);
248 if (!pud_none(*pud)) {
249 if (pud_huge(*pud)) {
250 hva_t hva = gfn_to_hva(kvm, addr >> PAGE_SHIFT);
251 kvm_flush_dcache_to_poc((void*)hva, PUD_SIZE);
253 stage2_flush_pmds(kvm, pud, addr, next);
256 } while (pud++, addr = next, addr != end);
259 static void stage2_flush_memslot(struct kvm *kvm,
260 struct kvm_memory_slot *memslot)
262 phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
263 phys_addr_t end = addr + PAGE_SIZE * memslot->npages;
267 pgd = kvm->arch.pgd + pgd_index(addr);
269 next = kvm_pgd_addr_end(addr, end);
270 stage2_flush_puds(kvm, pgd, addr, next);
271 } while (pgd++, addr = next, addr != end);
275 * stage2_flush_vm - Invalidate cache for pages mapped in stage 2
276 * @kvm: The struct kvm pointer
278 * Go through the stage 2 page tables and invalidate any cache lines
279 * backing memory already mapped to the VM.
281 void stage2_flush_vm(struct kvm *kvm)
283 struct kvm_memslots *slots;
284 struct kvm_memory_slot *memslot;
287 idx = srcu_read_lock(&kvm->srcu);
288 spin_lock(&kvm->mmu_lock);
290 slots = kvm_memslots(kvm);
291 kvm_for_each_memslot(memslot, slots)
292 stage2_flush_memslot(kvm, memslot);
294 spin_unlock(&kvm->mmu_lock);
295 srcu_read_unlock(&kvm->srcu, idx);
299 * free_boot_hyp_pgd - free HYP boot page tables
301 * Free the HYP boot page tables. The bounce page is also freed.
303 void free_boot_hyp_pgd(void)
305 mutex_lock(&kvm_hyp_pgd_mutex);
308 unmap_range(NULL, boot_hyp_pgd, hyp_idmap_start, PAGE_SIZE);
309 unmap_range(NULL, boot_hyp_pgd, TRAMPOLINE_VA, PAGE_SIZE);
310 free_pages((unsigned long)boot_hyp_pgd, hyp_pgd_order);
315 unmap_range(NULL, hyp_pgd, TRAMPOLINE_VA, PAGE_SIZE);
317 free_page((unsigned long)init_bounce_page);
318 init_bounce_page = NULL;
320 mutex_unlock(&kvm_hyp_pgd_mutex);
324 * free_hyp_pgds - free Hyp-mode page tables
326 * Assumes hyp_pgd is a page table used strictly in Hyp-mode and
327 * therefore contains either mappings in the kernel memory area (above
328 * PAGE_OFFSET), or device mappings in the vmalloc range (from
329 * VMALLOC_START to VMALLOC_END).
331 * boot_hyp_pgd should only map two pages for the init code.
333 void free_hyp_pgds(void)
339 mutex_lock(&kvm_hyp_pgd_mutex);
342 for (addr = PAGE_OFFSET; virt_addr_valid(addr); addr += PGDIR_SIZE)
343 unmap_range(NULL, hyp_pgd, KERN_TO_HYP(addr), PGDIR_SIZE);
344 for (addr = VMALLOC_START; is_vmalloc_addr((void*)addr); addr += PGDIR_SIZE)
345 unmap_range(NULL, hyp_pgd, KERN_TO_HYP(addr), PGDIR_SIZE);
347 free_pages((unsigned long)hyp_pgd, hyp_pgd_order);
351 mutex_unlock(&kvm_hyp_pgd_mutex);
354 static void create_hyp_pte_mappings(pmd_t *pmd, unsigned long start,
355 unsigned long end, unsigned long pfn,
363 pte = pte_offset_kernel(pmd, addr);
364 kvm_set_pte(pte, pfn_pte(pfn, prot));
365 get_page(virt_to_page(pte));
366 kvm_flush_dcache_to_poc(pte, sizeof(*pte));
368 } while (addr += PAGE_SIZE, addr != end);
371 static int create_hyp_pmd_mappings(pud_t *pud, unsigned long start,
372 unsigned long end, unsigned long pfn,
377 unsigned long addr, next;
381 pmd = pmd_offset(pud, addr);
383 BUG_ON(pmd_sect(*pmd));
385 if (pmd_none(*pmd)) {
386 pte = pte_alloc_one_kernel(NULL, addr);
388 kvm_err("Cannot allocate Hyp pte\n");
391 pmd_populate_kernel(NULL, pmd, pte);
392 get_page(virt_to_page(pmd));
393 kvm_flush_dcache_to_poc(pmd, sizeof(*pmd));
396 next = pmd_addr_end(addr, end);
398 create_hyp_pte_mappings(pmd, addr, next, pfn, prot);
399 pfn += (next - addr) >> PAGE_SHIFT;
400 } while (addr = next, addr != end);
405 static int create_hyp_pud_mappings(pgd_t *pgd, unsigned long start,
406 unsigned long end, unsigned long pfn,
411 unsigned long addr, next;
416 pud = pud_offset(pgd, addr);
418 if (pud_none_or_clear_bad(pud)) {
419 pmd = pmd_alloc_one(NULL, addr);
421 kvm_err("Cannot allocate Hyp pmd\n");
424 pud_populate(NULL, pud, pmd);
425 get_page(virt_to_page(pud));
426 kvm_flush_dcache_to_poc(pud, sizeof(*pud));
429 next = pud_addr_end(addr, end);
430 ret = create_hyp_pmd_mappings(pud, addr, next, pfn, prot);
433 pfn += (next - addr) >> PAGE_SHIFT;
434 } while (addr = next, addr != end);
439 static int __create_hyp_mappings(pgd_t *pgdp,
440 unsigned long start, unsigned long end,
441 unsigned long pfn, pgprot_t prot)
445 unsigned long addr, next;
448 mutex_lock(&kvm_hyp_pgd_mutex);
449 addr = start & PAGE_MASK;
450 end = PAGE_ALIGN(end);
452 pgd = pgdp + pgd_index(addr);
454 if (pgd_none(*pgd)) {
455 pud = pud_alloc_one(NULL, addr);
457 kvm_err("Cannot allocate Hyp pud\n");
461 pgd_populate(NULL, pgd, pud);
462 get_page(virt_to_page(pgd));
463 kvm_flush_dcache_to_poc(pgd, sizeof(*pgd));
466 next = pgd_addr_end(addr, end);
467 err = create_hyp_pud_mappings(pgd, addr, next, pfn, prot);
470 pfn += (next - addr) >> PAGE_SHIFT;
471 } while (addr = next, addr != end);
473 mutex_unlock(&kvm_hyp_pgd_mutex);
477 static phys_addr_t kvm_kaddr_to_phys(void *kaddr)
479 if (!is_vmalloc_addr(kaddr)) {
480 BUG_ON(!virt_addr_valid(kaddr));
483 return page_to_phys(vmalloc_to_page(kaddr)) +
484 offset_in_page(kaddr);
489 * create_hyp_mappings - duplicate a kernel virtual address range in Hyp mode
490 * @from: The virtual kernel start address of the range
491 * @to: The virtual kernel end address of the range (exclusive)
493 * The same virtual address as the kernel virtual address is also used
494 * in Hyp-mode mapping (modulo HYP_PAGE_OFFSET) to the same underlying
497 int create_hyp_mappings(void *from, void *to)
499 phys_addr_t phys_addr;
500 unsigned long virt_addr;
501 unsigned long start = KERN_TO_HYP((unsigned long)from);
502 unsigned long end = KERN_TO_HYP((unsigned long)to);
504 start = start & PAGE_MASK;
505 end = PAGE_ALIGN(end);
507 for (virt_addr = start; virt_addr < end; virt_addr += PAGE_SIZE) {
510 phys_addr = kvm_kaddr_to_phys(from + virt_addr - start);
511 err = __create_hyp_mappings(hyp_pgd, virt_addr,
512 virt_addr + PAGE_SIZE,
513 __phys_to_pfn(phys_addr),
523 * create_hyp_io_mappings - duplicate a kernel IO mapping into Hyp mode
524 * @from: The kernel start VA of the range
525 * @to: The kernel end VA of the range (exclusive)
526 * @phys_addr: The physical start address which gets mapped
528 * The resulting HYP VA is the same as the kernel VA, modulo
531 int create_hyp_io_mappings(void *from, void *to, phys_addr_t phys_addr)
533 unsigned long start = KERN_TO_HYP((unsigned long)from);
534 unsigned long end = KERN_TO_HYP((unsigned long)to);
536 /* Check for a valid kernel IO mapping */
537 if (!is_vmalloc_addr(from) || !is_vmalloc_addr(to - 1))
540 return __create_hyp_mappings(hyp_pgd, start, end,
541 __phys_to_pfn(phys_addr), PAGE_HYP_DEVICE);
545 * kvm_alloc_stage2_pgd - allocate level-1 table for stage-2 translation.
546 * @kvm: The KVM struct pointer for the VM.
548 * Allocates the 1st level table only of size defined by S2_PGD_ORDER (can
549 * support either full 40-bit input addresses or limited to 32-bit input
550 * addresses). Clears the allocated pages.
552 * Note we don't need locking here as this is only called when the VM is
553 * created, which can only be done once.
555 int kvm_alloc_stage2_pgd(struct kvm *kvm)
560 if (kvm->arch.pgd != NULL) {
561 kvm_err("kvm_arch already initialized?\n");
565 if (KVM_PREALLOC_LEVEL > 0) {
567 * Allocate fake pgd for the page table manipulation macros to
568 * work. This is not used by the hardware and we have no
569 * alignment requirement for this allocation.
571 pgd = (pgd_t *)kmalloc(PTRS_PER_S2_PGD * sizeof(pgd_t),
572 GFP_KERNEL | __GFP_ZERO);
575 * Allocate actual first-level Stage-2 page table used by the
576 * hardware for Stage-2 page table walks.
578 pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, S2_PGD_ORDER);
584 ret = kvm_prealloc_hwpgd(kvm, pgd);
592 if (KVM_PREALLOC_LEVEL > 0)
595 free_pages((unsigned long)pgd, S2_PGD_ORDER);
600 * unmap_stage2_range -- Clear stage2 page table entries to unmap a range
601 * @kvm: The VM pointer
602 * @start: The intermediate physical base address of the range to unmap
603 * @size: The size of the area to unmap
605 * Clear a range of stage-2 mappings, lowering the various ref-counts. Must
606 * be called while holding mmu_lock (unless for freeing the stage2 pgd before
607 * destroying the VM), otherwise another faulting VCPU may come in and mess
608 * with things behind our backs.
610 static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size)
612 unmap_range(kvm, kvm->arch.pgd, start, size);
615 static void stage2_unmap_memslot(struct kvm *kvm,
616 struct kvm_memory_slot *memslot)
618 hva_t hva = memslot->userspace_addr;
619 phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
620 phys_addr_t size = PAGE_SIZE * memslot->npages;
621 hva_t reg_end = hva + size;
624 * A memory region could potentially cover multiple VMAs, and any holes
625 * between them, so iterate over all of them to find out if we should
628 * +--------------------------------------------+
629 * +---------------+----------------+ +----------------+
630 * | : VMA 1 | VMA 2 | | VMA 3 : |
631 * +---------------+----------------+ +----------------+
633 * +--------------------------------------------+
636 struct vm_area_struct *vma = find_vma(current->mm, hva);
637 hva_t vm_start, vm_end;
639 if (!vma || vma->vm_start >= reg_end)
643 * Take the intersection of this VMA with the memory region
645 vm_start = max(hva, vma->vm_start);
646 vm_end = min(reg_end, vma->vm_end);
648 if (!(vma->vm_flags & VM_PFNMAP)) {
649 gpa_t gpa = addr + (vm_start - memslot->userspace_addr);
650 unmap_stage2_range(kvm, gpa, vm_end - vm_start);
653 } while (hva < reg_end);
657 * stage2_unmap_vm - Unmap Stage-2 RAM mappings
658 * @kvm: The struct kvm pointer
660 * Go through the memregions and unmap any reguler RAM
661 * backing memory already mapped to the VM.
663 void stage2_unmap_vm(struct kvm *kvm)
665 struct kvm_memslots *slots;
666 struct kvm_memory_slot *memslot;
669 idx = srcu_read_lock(&kvm->srcu);
670 spin_lock(&kvm->mmu_lock);
672 slots = kvm_memslots(kvm);
673 kvm_for_each_memslot(memslot, slots)
674 stage2_unmap_memslot(kvm, memslot);
676 spin_unlock(&kvm->mmu_lock);
677 srcu_read_unlock(&kvm->srcu, idx);
681 * kvm_free_stage2_pgd - free all stage-2 tables
682 * @kvm: The KVM struct pointer for the VM.
684 * Walks the level-1 page table pointed to by kvm->arch.pgd and frees all
685 * underlying level-2 and level-3 tables before freeing the actual level-1 table
686 * and setting the struct pointer to NULL.
688 * Note we don't need locking here as this is only called when the VM is
689 * destroyed, which can only be done once.
691 void kvm_free_stage2_pgd(struct kvm *kvm)
693 if (kvm->arch.pgd == NULL)
696 unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE);
698 if (KVM_PREALLOC_LEVEL > 0)
699 kfree(kvm->arch.pgd);
701 free_pages((unsigned long)kvm->arch.pgd, S2_PGD_ORDER);
702 kvm->arch.pgd = NULL;
705 static pud_t *stage2_get_pud(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
711 pgd = kvm->arch.pgd + pgd_index(addr);
712 if (WARN_ON(pgd_none(*pgd))) {
715 pud = mmu_memory_cache_alloc(cache);
716 pgd_populate(NULL, pgd, pud);
717 get_page(virt_to_page(pgd));
720 return pud_offset(pgd, addr);
723 static pmd_t *stage2_get_pmd(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
729 pud = stage2_get_pud(kvm, cache, addr);
730 if (pud_none(*pud)) {
733 pmd = mmu_memory_cache_alloc(cache);
734 pud_populate(NULL, pud, pmd);
735 get_page(virt_to_page(pud));
738 return pmd_offset(pud, addr);
741 static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache
742 *cache, phys_addr_t addr, const pmd_t *new_pmd)
746 pmd = stage2_get_pmd(kvm, cache, addr);
750 * Mapping in huge pages should only happen through a fault. If a
751 * page is merged into a transparent huge page, the individual
752 * subpages of that huge page should be unmapped through MMU
753 * notifiers before we get here.
755 * Merging of CompoundPages is not supported; they should become
756 * splitting first, unmapped, merged, and mapped back in on-demand.
758 VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd));
761 kvm_set_pmd(pmd, *new_pmd);
762 if (pmd_present(old_pmd))
763 kvm_tlb_flush_vmid_ipa(kvm, addr);
765 get_page(virt_to_page(pmd));
769 static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
770 phys_addr_t addr, const pte_t *new_pte, bool iomap)
775 /* Create stage-2 page table mapping - Levels 0 and 1 */
776 pmd = stage2_get_pmd(kvm, cache, addr);
779 * Ignore calls from kvm_set_spte_hva for unallocated
785 /* Create stage-2 page mappings - Level 2 */
786 if (pmd_none(*pmd)) {
788 return 0; /* ignore calls from kvm_set_spte_hva */
789 pte = mmu_memory_cache_alloc(cache);
791 pmd_populate_kernel(NULL, pmd, pte);
792 get_page(virt_to_page(pmd));
795 pte = pte_offset_kernel(pmd, addr);
797 if (iomap && pte_present(*pte))
800 /* Create 2nd stage page table mapping - Level 3 */
802 kvm_set_pte(pte, *new_pte);
803 if (pte_present(old_pte))
804 kvm_tlb_flush_vmid_ipa(kvm, addr);
806 get_page(virt_to_page(pte));
812 * kvm_phys_addr_ioremap - map a device range to guest IPA
814 * @kvm: The KVM pointer
815 * @guest_ipa: The IPA at which to insert the mapping
816 * @pa: The physical address of the device
817 * @size: The size of the mapping
819 int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
820 phys_addr_t pa, unsigned long size, bool writable)
822 phys_addr_t addr, end;
825 struct kvm_mmu_memory_cache cache = { 0, };
827 end = (guest_ipa + size + PAGE_SIZE - 1) & PAGE_MASK;
828 pfn = __phys_to_pfn(pa);
830 for (addr = guest_ipa; addr < end; addr += PAGE_SIZE) {
831 pte_t pte = pfn_pte(pfn, PAGE_S2_DEVICE);
834 kvm_set_s2pte_writable(&pte);
836 ret = mmu_topup_memory_cache(&cache, KVM_MMU_CACHE_MIN_PAGES,
840 spin_lock(&kvm->mmu_lock);
841 ret = stage2_set_pte(kvm, &cache, addr, &pte, true);
842 spin_unlock(&kvm->mmu_lock);
850 mmu_free_memory_cache(&cache);
854 static bool transparent_hugepage_adjust(pfn_t *pfnp, phys_addr_t *ipap)
857 gfn_t gfn = *ipap >> PAGE_SHIFT;
859 if (PageTransCompound(pfn_to_page(pfn))) {
862 * The address we faulted on is backed by a transparent huge
863 * page. However, because we map the compound huge page and
864 * not the individual tail page, we need to transfer the
865 * refcount to the head page. We have to be careful that the
866 * THP doesn't start to split while we are adjusting the
869 * We are sure this doesn't happen, because mmu_notifier_retry
870 * was successful and we are holding the mmu_lock, so if this
871 * THP is trying to split, it will be blocked in the mmu
872 * notifier before touching any of the pages, specifically
873 * before being able to call __split_huge_page_refcount().
875 * We can therefore safely transfer the refcount from PG_tail
876 * to PG_head and switch the pfn from a tail page to the head
879 mask = PTRS_PER_PMD - 1;
880 VM_BUG_ON((gfn & mask) != (pfn & mask));
883 kvm_release_pfn_clean(pfn);
895 static bool kvm_is_write_fault(struct kvm_vcpu *vcpu)
897 if (kvm_vcpu_trap_is_iabt(vcpu))
900 return kvm_vcpu_dabt_iswrite(vcpu);
903 static bool kvm_is_device_pfn(unsigned long pfn)
905 return !pfn_valid(pfn);
908 static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
909 struct kvm_memory_slot *memslot, unsigned long hva,
910 unsigned long fault_status)
913 bool write_fault, writable, hugetlb = false, force_pte = false;
914 unsigned long mmu_seq;
915 gfn_t gfn = fault_ipa >> PAGE_SHIFT;
916 struct kvm *kvm = vcpu->kvm;
917 struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache;
918 struct vm_area_struct *vma;
920 pgprot_t mem_type = PAGE_S2;
921 bool fault_ipa_uncached;
923 write_fault = kvm_is_write_fault(vcpu);
924 if (fault_status == FSC_PERM && !write_fault) {
925 kvm_err("Unexpected L2 read permission error\n");
929 /* Let's check if we will get back a huge page backed by hugetlbfs */
930 down_read(¤t->mm->mmap_sem);
931 vma = find_vma_intersection(current->mm, hva, hva + 1);
932 if (unlikely(!vma)) {
933 kvm_err("Failed to find VMA for hva 0x%lx\n", hva);
934 up_read(¤t->mm->mmap_sem);
938 if (is_vm_hugetlb_page(vma)) {
940 gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;
943 * Pages belonging to memslots that don't have the same
944 * alignment for userspace and IPA cannot be mapped using
945 * block descriptors even if the pages belong to a THP for
946 * the process, because the stage-2 block descriptor will
947 * cover more than a single THP and we loose atomicity for
948 * unmapping, updates, and splits of the THP or other pages
949 * in the stage-2 block range.
951 if ((memslot->userspace_addr & ~PMD_MASK) !=
952 ((memslot->base_gfn << PAGE_SHIFT) & ~PMD_MASK))
955 up_read(¤t->mm->mmap_sem);
957 /* We need minimum second+third level pages */
958 ret = mmu_topup_memory_cache(memcache, KVM_MMU_CACHE_MIN_PAGES,
963 mmu_seq = vcpu->kvm->mmu_notifier_seq;
965 * Ensure the read of mmu_notifier_seq happens before we call
966 * gfn_to_pfn_prot (which calls get_user_pages), so that we don't risk
967 * the page we just got a reference to gets unmapped before we have a
968 * chance to grab the mmu_lock, which ensure that if the page gets
969 * unmapped afterwards, the call to kvm_unmap_hva will take it away
970 * from us again properly. This smp_rmb() interacts with the smp_wmb()
971 * in kvm_mmu_notifier_invalidate_<page|range_end>.
975 pfn = gfn_to_pfn_prot(kvm, gfn, write_fault, &writable);
976 if (is_error_pfn(pfn))
979 if (kvm_is_device_pfn(pfn))
980 mem_type = PAGE_S2_DEVICE;
982 spin_lock(&kvm->mmu_lock);
983 if (mmu_notifier_retry(kvm, mmu_seq))
985 if (!hugetlb && !force_pte)
986 hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa);
988 fault_ipa_uncached = memslot->flags & KVM_MEMSLOT_INCOHERENT;
991 pmd_t new_pmd = pfn_pmd(pfn, mem_type);
992 new_pmd = pmd_mkhuge(new_pmd);
994 kvm_set_s2pmd_writable(&new_pmd);
995 kvm_set_pfn_dirty(pfn);
997 coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE,
999 ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd);
1001 pte_t new_pte = pfn_pte(pfn, mem_type);
1003 kvm_set_s2pte_writable(&new_pte);
1004 kvm_set_pfn_dirty(pfn);
1006 coherent_cache_guest_page(vcpu, hva, PAGE_SIZE,
1007 fault_ipa_uncached);
1008 ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
1009 pgprot_val(mem_type) == pgprot_val(PAGE_S2_DEVICE));
1014 spin_unlock(&kvm->mmu_lock);
1015 kvm_release_pfn_clean(pfn);
1020 * kvm_handle_guest_abort - handles all 2nd stage aborts
1021 * @vcpu: the VCPU pointer
1022 * @run: the kvm_run structure
1024 * Any abort that gets to the host is almost guaranteed to be caused by a
1025 * missing second stage translation table entry, which can mean that either the
1026 * guest simply needs more memory and we must allocate an appropriate page or it
1027 * can mean that the guest tried to access I/O memory, which is emulated by user
1028 * space. The distinction is based on the IPA causing the fault and whether this
1029 * memory region has been registered as standard RAM by user space.
1031 int kvm_handle_guest_abort(struct kvm_vcpu *vcpu, struct kvm_run *run)
1033 unsigned long fault_status;
1034 phys_addr_t fault_ipa;
1035 struct kvm_memory_slot *memslot;
1037 bool is_iabt, write_fault, writable;
1041 is_iabt = kvm_vcpu_trap_is_iabt(vcpu);
1042 fault_ipa = kvm_vcpu_get_fault_ipa(vcpu);
1044 trace_kvm_guest_fault(*vcpu_pc(vcpu), kvm_vcpu_get_hsr(vcpu),
1045 kvm_vcpu_get_hfar(vcpu), fault_ipa);
1047 /* Check the stage-2 fault is trans. fault or write fault */
1048 fault_status = kvm_vcpu_trap_get_fault_type(vcpu);
1049 if (fault_status != FSC_FAULT && fault_status != FSC_PERM) {
1050 kvm_err("Unsupported FSC: EC=%#x xFSC=%#lx ESR_EL2=%#lx\n",
1051 kvm_vcpu_trap_get_class(vcpu),
1052 (unsigned long)kvm_vcpu_trap_get_fault(vcpu),
1053 (unsigned long)kvm_vcpu_get_hsr(vcpu));
1057 idx = srcu_read_lock(&vcpu->kvm->srcu);
1059 gfn = fault_ipa >> PAGE_SHIFT;
1060 memslot = gfn_to_memslot(vcpu->kvm, gfn);
1061 hva = gfn_to_hva_memslot_prot(memslot, gfn, &writable);
1062 write_fault = kvm_is_write_fault(vcpu);
1063 if (kvm_is_error_hva(hva) || (write_fault && !writable)) {
1065 /* Prefetch Abort on I/O address */
1066 kvm_inject_pabt(vcpu, kvm_vcpu_get_hfar(vcpu));
1072 * The IPA is reported as [MAX:12], so we need to
1073 * complement it with the bottom 12 bits from the
1074 * faulting VA. This is always 12 bits, irrespective
1077 fault_ipa |= kvm_vcpu_get_hfar(vcpu) & ((1 << 12) - 1);
1078 ret = io_mem_abort(vcpu, run, fault_ipa);
1082 /* Userspace should not be able to register out-of-bounds IPAs */
1083 VM_BUG_ON(fault_ipa >= KVM_PHYS_SIZE);
1085 ret = user_mem_abort(vcpu, fault_ipa, memslot, hva, fault_status);
1089 srcu_read_unlock(&vcpu->kvm->srcu, idx);
1093 static void handle_hva_to_gpa(struct kvm *kvm,
1094 unsigned long start,
1096 void (*handler)(struct kvm *kvm,
1097 gpa_t gpa, void *data),
1100 struct kvm_memslots *slots;
1101 struct kvm_memory_slot *memslot;
1103 slots = kvm_memslots(kvm);
1105 /* we only care about the pages that the guest sees */
1106 kvm_for_each_memslot(memslot, slots) {
1107 unsigned long hva_start, hva_end;
1110 hva_start = max(start, memslot->userspace_addr);
1111 hva_end = min(end, memslot->userspace_addr +
1112 (memslot->npages << PAGE_SHIFT));
1113 if (hva_start >= hva_end)
1117 * {gfn(page) | page intersects with [hva_start, hva_end)} =
1118 * {gfn_start, gfn_start+1, ..., gfn_end-1}.
1120 gfn = hva_to_gfn_memslot(hva_start, memslot);
1121 gfn_end = hva_to_gfn_memslot(hva_end + PAGE_SIZE - 1, memslot);
1123 for (; gfn < gfn_end; ++gfn) {
1124 gpa_t gpa = gfn << PAGE_SHIFT;
1125 handler(kvm, gpa, data);
1130 static void kvm_unmap_hva_handler(struct kvm *kvm, gpa_t gpa, void *data)
1132 unmap_stage2_range(kvm, gpa, PAGE_SIZE);
1135 int kvm_unmap_hva(struct kvm *kvm, unsigned long hva)
1137 unsigned long end = hva + PAGE_SIZE;
1142 trace_kvm_unmap_hva(hva);
1143 handle_hva_to_gpa(kvm, hva, end, &kvm_unmap_hva_handler, NULL);
1147 int kvm_unmap_hva_range(struct kvm *kvm,
1148 unsigned long start, unsigned long end)
1153 trace_kvm_unmap_hva_range(start, end);
1154 handle_hva_to_gpa(kvm, start, end, &kvm_unmap_hva_handler, NULL);
1158 static void kvm_set_spte_handler(struct kvm *kvm, gpa_t gpa, void *data)
1160 pte_t *pte = (pte_t *)data;
1162 stage2_set_pte(kvm, NULL, gpa, pte, false);
1166 void kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte)
1168 unsigned long end = hva + PAGE_SIZE;
1174 trace_kvm_set_spte_hva(hva);
1175 stage2_pte = pfn_pte(pte_pfn(pte), PAGE_S2);
1176 handle_hva_to_gpa(kvm, hva, end, &kvm_set_spte_handler, &stage2_pte);
1179 void kvm_mmu_free_memory_caches(struct kvm_vcpu *vcpu)
1181 mmu_free_memory_cache(&vcpu->arch.mmu_page_cache);
1184 phys_addr_t kvm_mmu_get_httbr(void)
1186 return virt_to_phys(hyp_pgd);
1189 phys_addr_t kvm_mmu_get_boot_httbr(void)
1191 return virt_to_phys(boot_hyp_pgd);
1194 phys_addr_t kvm_get_idmap_vector(void)
1196 return hyp_idmap_vector;
1199 int kvm_mmu_init(void)
1203 hyp_idmap_start = kvm_virt_to_phys(__hyp_idmap_text_start);
1204 hyp_idmap_end = kvm_virt_to_phys(__hyp_idmap_text_end);
1205 hyp_idmap_vector = kvm_virt_to_phys(__kvm_hyp_init);
1207 if ((hyp_idmap_start ^ hyp_idmap_end) & PAGE_MASK) {
1209 * Our init code is crossing a page boundary. Allocate
1210 * a bounce page, copy the code over and use that.
1212 size_t len = __hyp_idmap_text_end - __hyp_idmap_text_start;
1213 phys_addr_t phys_base;
1215 init_bounce_page = (void *)__get_free_page(GFP_KERNEL);
1216 if (!init_bounce_page) {
1217 kvm_err("Couldn't allocate HYP init bounce page\n");
1222 memcpy(init_bounce_page, __hyp_idmap_text_start, len);
1224 * Warning: the code we just copied to the bounce page
1225 * must be flushed to the point of coherency.
1226 * Otherwise, the data may be sitting in L2, and HYP
1227 * mode won't be able to observe it as it runs with
1228 * caches off at that point.
1230 kvm_flush_dcache_to_poc(init_bounce_page, len);
1232 phys_base = kvm_virt_to_phys(init_bounce_page);
1233 hyp_idmap_vector += phys_base - hyp_idmap_start;
1234 hyp_idmap_start = phys_base;
1235 hyp_idmap_end = phys_base + len;
1237 kvm_info("Using HYP init bounce page @%lx\n",
1238 (unsigned long)phys_base);
1241 hyp_pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, hyp_pgd_order);
1242 boot_hyp_pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, hyp_pgd_order);
1244 if (!hyp_pgd || !boot_hyp_pgd) {
1245 kvm_err("Hyp mode PGD not allocated\n");
1250 /* Create the idmap in the boot page tables */
1251 err = __create_hyp_mappings(boot_hyp_pgd,
1252 hyp_idmap_start, hyp_idmap_end,
1253 __phys_to_pfn(hyp_idmap_start),
1257 kvm_err("Failed to idmap %lx-%lx\n",
1258 hyp_idmap_start, hyp_idmap_end);
1262 /* Map the very same page at the trampoline VA */
1263 err = __create_hyp_mappings(boot_hyp_pgd,
1264 TRAMPOLINE_VA, TRAMPOLINE_VA + PAGE_SIZE,
1265 __phys_to_pfn(hyp_idmap_start),
1268 kvm_err("Failed to map trampoline @%lx into boot HYP pgd\n",
1273 /* Map the same page again into the runtime page tables */
1274 err = __create_hyp_mappings(hyp_pgd,
1275 TRAMPOLINE_VA, TRAMPOLINE_VA + PAGE_SIZE,
1276 __phys_to_pfn(hyp_idmap_start),
1279 kvm_err("Failed to map trampoline @%lx into runtime HYP pgd\n",
1290 void kvm_arch_commit_memory_region(struct kvm *kvm,
1291 struct kvm_userspace_memory_region *mem,
1292 const struct kvm_memory_slot *old,
1293 enum kvm_mr_change change)
1297 int kvm_arch_prepare_memory_region(struct kvm *kvm,
1298 struct kvm_memory_slot *memslot,
1299 struct kvm_userspace_memory_region *mem,
1300 enum kvm_mr_change change)
1302 hva_t hva = mem->userspace_addr;
1303 hva_t reg_end = hva + mem->memory_size;
1304 bool writable = !(mem->flags & KVM_MEM_READONLY);
1307 if (change != KVM_MR_CREATE && change != KVM_MR_MOVE)
1311 * Prevent userspace from creating a memory region outside of the IPA
1312 * space addressable by the KVM guest IPA space.
1314 if (memslot->base_gfn + memslot->npages >=
1315 (KVM_PHYS_SIZE >> PAGE_SHIFT))
1319 * A memory region could potentially cover multiple VMAs, and any holes
1320 * between them, so iterate over all of them to find out if we can map
1321 * any of them right now.
1323 * +--------------------------------------------+
1324 * +---------------+----------------+ +----------------+
1325 * | : VMA 1 | VMA 2 | | VMA 3 : |
1326 * +---------------+----------------+ +----------------+
1328 * +--------------------------------------------+
1331 struct vm_area_struct *vma = find_vma(current->mm, hva);
1332 hva_t vm_start, vm_end;
1334 if (!vma || vma->vm_start >= reg_end)
1338 * Mapping a read-only VMA is only allowed if the
1339 * memory region is configured as read-only.
1341 if (writable && !(vma->vm_flags & VM_WRITE)) {
1347 * Take the intersection of this VMA with the memory region
1349 vm_start = max(hva, vma->vm_start);
1350 vm_end = min(reg_end, vma->vm_end);
1352 if (vma->vm_flags & VM_PFNMAP) {
1353 gpa_t gpa = mem->guest_phys_addr +
1354 (vm_start - mem->userspace_addr);
1355 phys_addr_t pa = (vma->vm_pgoff << PAGE_SHIFT) +
1356 vm_start - vma->vm_start;
1358 ret = kvm_phys_addr_ioremap(kvm, gpa, pa,
1365 } while (hva < reg_end);
1367 spin_lock(&kvm->mmu_lock);
1369 unmap_stage2_range(kvm, mem->guest_phys_addr, mem->memory_size);
1371 stage2_flush_memslot(kvm, memslot);
1372 spin_unlock(&kvm->mmu_lock);
1376 void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
1377 struct kvm_memory_slot *dont)
1381 int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot,
1382 unsigned long npages)
1385 * Readonly memslots are not incoherent with the caches by definition,
1386 * but in practice, they are used mostly to emulate ROMs or NOR flashes
1387 * that the guest may consider devices and hence map as uncached.
1388 * To prevent incoherency issues in these cases, tag all readonly
1389 * regions as incoherent.
1391 if (slot->flags & KVM_MEM_READONLY)
1392 slot->flags |= KVM_MEMSLOT_INCOHERENT;
1396 void kvm_arch_memslots_updated(struct kvm *kvm)
1400 void kvm_arch_flush_shadow_all(struct kvm *kvm)
1404 void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
1405 struct kvm_memory_slot *slot)
1407 gpa_t gpa = slot->base_gfn << PAGE_SHIFT;
1408 phys_addr_t size = slot->npages << PAGE_SHIFT;
1410 spin_lock(&kvm->mmu_lock);
1411 unmap_stage2_range(kvm, gpa, size);
1412 spin_unlock(&kvm->mmu_lock);
projects / cascardo / linux.git / blob