1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * handling privileged instructions
4 *
5 * Copyright IBM Corp. 2008, 2020
6 *
7 * Author(s): Carsten Otte <cotte@de.ibm.com>
8 * Christian Borntraeger <borntraeger@de.ibm.com>
9 */
10
11 #include <linux/kvm.h>
12 #include <linux/gfp.h>
13 #include <linux/errno.h>
14 #include <linux/compat.h>
15 #include <linux/mm_types.h>
16 #include <linux/pgtable.h>
17
18 #include <asm/asm-offsets.h>
19 #include <asm/facility.h>
20 #include <asm/current.h>
21 #include <asm/debug.h>
22 #include <asm/ebcdic.h>
23 #include <asm/sysinfo.h>
24 #include <asm/page-states.h>
25 #include <asm/gmap.h>
26 #include <asm/io.h>
27 #include <asm/ptrace.h>
28 #include <asm/sclp.h>
29 #include <asm/ap.h>
30 #include "gaccess.h"
31 #include "kvm-s390.h"
32 #include "trace.h"
33
handle_ri(struct kvm_vcpu * vcpu)34 static int handle_ri(struct kvm_vcpu *vcpu)
35 {
36 vcpu->stat.instruction_ri++;
37
38 if (test_kvm_facility(vcpu->kvm, 64)) {
39 VCPU_EVENT(vcpu, 3, "%s", "ENABLE: RI (lazy)");
40 vcpu->arch.sie_block->ecb3 |= ECB3_RI;
41 kvm_s390_retry_instr(vcpu);
42 return 0;
43 } else
44 return kvm_s390_inject_program_int(vcpu, PGM_OPERATION);
45 }
46
kvm_s390_handle_aa(struct kvm_vcpu * vcpu)47 int kvm_s390_handle_aa(struct kvm_vcpu *vcpu)
48 {
49 if ((vcpu->arch.sie_block->ipa & 0xf) <= 4)
50 return handle_ri(vcpu);
51 else
52 return -EOPNOTSUPP;
53 }
54
handle_gs(struct kvm_vcpu * vcpu)55 static int handle_gs(struct kvm_vcpu *vcpu)
56 {
57 vcpu->stat.instruction_gs++;
58
59 if (test_kvm_facility(vcpu->kvm, 133)) {
60 VCPU_EVENT(vcpu, 3, "%s", "ENABLE: GS (lazy)");
61 preempt_disable();
62 __ctl_set_bit(2, 4);
63 current->thread.gs_cb = (struct gs_cb *)&vcpu->run->s.regs.gscb;
64 restore_gs_cb(current->thread.gs_cb);
65 preempt_enable();
66 vcpu->arch.sie_block->ecb |= ECB_GS;
67 vcpu->arch.sie_block->ecd |= ECD_HOSTREGMGMT;
68 vcpu->arch.gs_enabled = 1;
69 kvm_s390_retry_instr(vcpu);
70 return 0;
71 } else
72 return kvm_s390_inject_program_int(vcpu, PGM_OPERATION);
73 }
74
kvm_s390_handle_e3(struct kvm_vcpu * vcpu)75 int kvm_s390_handle_e3(struct kvm_vcpu *vcpu)
76 {
77 int code = vcpu->arch.sie_block->ipb & 0xff;
78
79 if (code == 0x49 || code == 0x4d)
80 return handle_gs(vcpu);
81 else
82 return -EOPNOTSUPP;
83 }
84 /* Handle SCK (SET CLOCK) interception */
handle_set_clock(struct kvm_vcpu * vcpu)85 static int handle_set_clock(struct kvm_vcpu *vcpu)
86 {
87 struct kvm_s390_vm_tod_clock gtod = { 0 };
88 int rc;
89 u8 ar;
90 u64 op2;
91
92 vcpu->stat.instruction_sck++;
93
94 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
95 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
96
97 op2 = kvm_s390_get_base_disp_s(vcpu, &ar);
98 if (op2 & 7) /* Operand must be on a doubleword boundary */
99 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
100 rc = read_guest(vcpu, op2, ar, >od.tod, sizeof(gtod.tod));
101 if (rc)
102 return kvm_s390_inject_prog_cond(vcpu, rc);
103
104 VCPU_EVENT(vcpu, 3, "SCK: setting guest TOD to 0x%llx", gtod.tod);
105 /*
106 * To set the TOD clock the kvm lock must be taken, but the vcpu lock
107 * is already held in handle_set_clock. The usual lock order is the
108 * opposite. As SCK is deprecated and should not be used in several
109 * cases, for example when the multiple epoch facility or TOD clock
110 * steering facility is installed (see Principles of Operation), a
111 * slow path can be used. If the lock can not be taken via try_lock,
112 * the instruction will be retried via -EAGAIN at a later point in
113 * time.
114 */
115 if (!kvm_s390_try_set_tod_clock(vcpu->kvm, >od)) {
116 kvm_s390_retry_instr(vcpu);
117 return -EAGAIN;
118 }
119
120 kvm_s390_set_psw_cc(vcpu, 0);
121 return 0;
122 }
123
handle_set_prefix(struct kvm_vcpu * vcpu)124 static int handle_set_prefix(struct kvm_vcpu *vcpu)
125 {
126 u64 operand2;
127 u32 address;
128 int rc;
129 u8 ar;
130
131 vcpu->stat.instruction_spx++;
132
133 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
134 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
135
136 operand2 = kvm_s390_get_base_disp_s(vcpu, &ar);
137
138 /* must be word boundary */
139 if (operand2 & 3)
140 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
141
142 /* get the value */
143 rc = read_guest(vcpu, operand2, ar, &address, sizeof(address));
144 if (rc)
145 return kvm_s390_inject_prog_cond(vcpu, rc);
146
147 address &= 0x7fffe000u;
148
149 /*
150 * Make sure the new value is valid memory. We only need to check the
151 * first page, since address is 8k aligned and memory pieces are always
152 * at least 1MB aligned and have at least a size of 1MB.
153 */
154 if (kvm_is_error_gpa(vcpu->kvm, address))
155 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
156
157 kvm_s390_set_prefix(vcpu, address);
158 trace_kvm_s390_handle_prefix(vcpu, 1, address);
159 return 0;
160 }
161
handle_store_prefix(struct kvm_vcpu * vcpu)162 static int handle_store_prefix(struct kvm_vcpu *vcpu)
163 {
164 u64 operand2;
165 u32 address;
166 int rc;
167 u8 ar;
168
169 vcpu->stat.instruction_stpx++;
170
171 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
172 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
173
174 operand2 = kvm_s390_get_base_disp_s(vcpu, &ar);
175
176 /* must be word boundary */
177 if (operand2 & 3)
178 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
179
180 address = kvm_s390_get_prefix(vcpu);
181
182 /* get the value */
183 rc = write_guest(vcpu, operand2, ar, &address, sizeof(address));
184 if (rc)
185 return kvm_s390_inject_prog_cond(vcpu, rc);
186
187 VCPU_EVENT(vcpu, 3, "STPX: storing prefix 0x%x into 0x%llx", address, operand2);
188 trace_kvm_s390_handle_prefix(vcpu, 0, address);
189 return 0;
190 }
191
handle_store_cpu_address(struct kvm_vcpu * vcpu)192 static int handle_store_cpu_address(struct kvm_vcpu *vcpu)
193 {
194 u16 vcpu_id = vcpu->vcpu_id;
195 u64 ga;
196 int rc;
197 u8 ar;
198
199 vcpu->stat.instruction_stap++;
200
201 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
202 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
203
204 ga = kvm_s390_get_base_disp_s(vcpu, &ar);
205
206 if (ga & 1)
207 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
208
209 rc = write_guest(vcpu, ga, ar, &vcpu_id, sizeof(vcpu_id));
210 if (rc)
211 return kvm_s390_inject_prog_cond(vcpu, rc);
212
213 VCPU_EVENT(vcpu, 3, "STAP: storing cpu address (%u) to 0x%llx", vcpu_id, ga);
214 trace_kvm_s390_handle_stap(vcpu, ga);
215 return 0;
216 }
217
kvm_s390_skey_check_enable(struct kvm_vcpu * vcpu)218 int kvm_s390_skey_check_enable(struct kvm_vcpu *vcpu)
219 {
220 int rc;
221
222 trace_kvm_s390_skey_related_inst(vcpu);
223 /* Already enabled? */
224 if (vcpu->arch.skey_enabled)
225 return 0;
226
227 rc = s390_enable_skey();
228 VCPU_EVENT(vcpu, 3, "enabling storage keys for guest: %d", rc);
229 if (rc)
230 return rc;
231
232 if (kvm_s390_test_cpuflags(vcpu, CPUSTAT_KSS))
233 kvm_s390_clear_cpuflags(vcpu, CPUSTAT_KSS);
234 if (!vcpu->kvm->arch.use_skf)
235 vcpu->arch.sie_block->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
236 else
237 vcpu->arch.sie_block->ictl &= ~(ICTL_ISKE | ICTL_SSKE | ICTL_RRBE);
238 vcpu->arch.skey_enabled = true;
239 return 0;
240 }
241
try_handle_skey(struct kvm_vcpu * vcpu)242 static int try_handle_skey(struct kvm_vcpu *vcpu)
243 {
244 int rc;
245
246 rc = kvm_s390_skey_check_enable(vcpu);
247 if (rc)
248 return rc;
249 if (vcpu->kvm->arch.use_skf) {
250 /* with storage-key facility, SIE interprets it for us */
251 kvm_s390_retry_instr(vcpu);
252 VCPU_EVENT(vcpu, 4, "%s", "retrying storage key operation");
253 return -EAGAIN;
254 }
255 return 0;
256 }
257
handle_iske(struct kvm_vcpu * vcpu)258 static int handle_iske(struct kvm_vcpu *vcpu)
259 {
260 unsigned long gaddr, vmaddr;
261 unsigned char key;
262 int reg1, reg2;
263 bool unlocked;
264 int rc;
265
266 vcpu->stat.instruction_iske++;
267
268 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
269 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
270
271 rc = try_handle_skey(vcpu);
272 if (rc)
273 return rc != -EAGAIN ? rc : 0;
274
275 kvm_s390_get_regs_rre(vcpu, ®1, ®2);
276
277 gaddr = vcpu->run->s.regs.gprs[reg2] & PAGE_MASK;
278 gaddr = kvm_s390_logical_to_effective(vcpu, gaddr);
279 gaddr = kvm_s390_real_to_abs(vcpu, gaddr);
280 vmaddr = gfn_to_hva(vcpu->kvm, gpa_to_gfn(gaddr));
281 if (kvm_is_error_hva(vmaddr))
282 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
283 retry:
284 unlocked = false;
285 mmap_read_lock(current->mm);
286 rc = get_guest_storage_key(current->mm, vmaddr, &key);
287
288 if (rc) {
289 rc = fixup_user_fault(current->mm, vmaddr,
290 FAULT_FLAG_WRITE, &unlocked);
291 if (!rc) {
292 mmap_read_unlock(current->mm);
293 goto retry;
294 }
295 }
296 mmap_read_unlock(current->mm);
297 if (rc == -EFAULT)
298 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
299 if (rc < 0)
300 return rc;
301 vcpu->run->s.regs.gprs[reg1] &= ~0xff;
302 vcpu->run->s.regs.gprs[reg1] |= key;
303 return 0;
304 }
305
handle_rrbe(struct kvm_vcpu * vcpu)306 static int handle_rrbe(struct kvm_vcpu *vcpu)
307 {
308 unsigned long vmaddr, gaddr;
309 int reg1, reg2;
310 bool unlocked;
311 int rc;
312
313 vcpu->stat.instruction_rrbe++;
314
315 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
316 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
317
318 rc = try_handle_skey(vcpu);
319 if (rc)
320 return rc != -EAGAIN ? rc : 0;
321
322 kvm_s390_get_regs_rre(vcpu, ®1, ®2);
323
324 gaddr = vcpu->run->s.regs.gprs[reg2] & PAGE_MASK;
325 gaddr = kvm_s390_logical_to_effective(vcpu, gaddr);
326 gaddr = kvm_s390_real_to_abs(vcpu, gaddr);
327 vmaddr = gfn_to_hva(vcpu->kvm, gpa_to_gfn(gaddr));
328 if (kvm_is_error_hva(vmaddr))
329 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
330 retry:
331 unlocked = false;
332 mmap_read_lock(current->mm);
333 rc = reset_guest_reference_bit(current->mm, vmaddr);
334 if (rc < 0) {
335 rc = fixup_user_fault(current->mm, vmaddr,
336 FAULT_FLAG_WRITE, &unlocked);
337 if (!rc) {
338 mmap_read_unlock(current->mm);
339 goto retry;
340 }
341 }
342 mmap_read_unlock(current->mm);
343 if (rc == -EFAULT)
344 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
345 if (rc < 0)
346 return rc;
347 kvm_s390_set_psw_cc(vcpu, rc);
348 return 0;
349 }
350
351 #define SSKE_NQ 0x8
352 #define SSKE_MR 0x4
353 #define SSKE_MC 0x2
354 #define SSKE_MB 0x1
handle_sske(struct kvm_vcpu * vcpu)355 static int handle_sske(struct kvm_vcpu *vcpu)
356 {
357 unsigned char m3 = vcpu->arch.sie_block->ipb >> 28;
358 unsigned long start, end;
359 unsigned char key, oldkey;
360 int reg1, reg2;
361 bool unlocked;
362 int rc;
363
364 vcpu->stat.instruction_sske++;
365
366 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
367 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
368
369 rc = try_handle_skey(vcpu);
370 if (rc)
371 return rc != -EAGAIN ? rc : 0;
372
373 if (!test_kvm_facility(vcpu->kvm, 8))
374 m3 &= ~SSKE_MB;
375 if (!test_kvm_facility(vcpu->kvm, 10))
376 m3 &= ~(SSKE_MC | SSKE_MR);
377 if (!test_kvm_facility(vcpu->kvm, 14))
378 m3 &= ~SSKE_NQ;
379
380 kvm_s390_get_regs_rre(vcpu, ®1, ®2);
381
382 key = vcpu->run->s.regs.gprs[reg1] & 0xfe;
383 start = vcpu->run->s.regs.gprs[reg2] & PAGE_MASK;
384 start = kvm_s390_logical_to_effective(vcpu, start);
385 if (m3 & SSKE_MB) {
386 /* start already designates an absolute address */
387 end = (start + _SEGMENT_SIZE) & ~(_SEGMENT_SIZE - 1);
388 } else {
389 start = kvm_s390_real_to_abs(vcpu, start);
390 end = start + PAGE_SIZE;
391 }
392
393 while (start != end) {
394 unsigned long vmaddr = gfn_to_hva(vcpu->kvm, gpa_to_gfn(start));
395 unlocked = false;
396
397 if (kvm_is_error_hva(vmaddr))
398 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
399
400 mmap_read_lock(current->mm);
401 rc = cond_set_guest_storage_key(current->mm, vmaddr, key, &oldkey,
402 m3 & SSKE_NQ, m3 & SSKE_MR,
403 m3 & SSKE_MC);
404
405 if (rc < 0) {
406 rc = fixup_user_fault(current->mm, vmaddr,
407 FAULT_FLAG_WRITE, &unlocked);
408 rc = !rc ? -EAGAIN : rc;
409 }
410 mmap_read_unlock(current->mm);
411 if (rc == -EFAULT)
412 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
413 if (rc == -EAGAIN)
414 continue;
415 if (rc < 0)
416 return rc;
417 start += PAGE_SIZE;
418 }
419
420 if (m3 & (SSKE_MC | SSKE_MR)) {
421 if (m3 & SSKE_MB) {
422 /* skey in reg1 is unpredictable */
423 kvm_s390_set_psw_cc(vcpu, 3);
424 } else {
425 kvm_s390_set_psw_cc(vcpu, rc);
426 vcpu->run->s.regs.gprs[reg1] &= ~0xff00UL;
427 vcpu->run->s.regs.gprs[reg1] |= (u64) oldkey << 8;
428 }
429 }
430 if (m3 & SSKE_MB) {
431 if (psw_bits(vcpu->arch.sie_block->gpsw).eaba == PSW_BITS_AMODE_64BIT)
432 vcpu->run->s.regs.gprs[reg2] &= ~PAGE_MASK;
433 else
434 vcpu->run->s.regs.gprs[reg2] &= ~0xfffff000UL;
435 end = kvm_s390_logical_to_effective(vcpu, end);
436 vcpu->run->s.regs.gprs[reg2] |= end;
437 }
438 return 0;
439 }
440
handle_ipte_interlock(struct kvm_vcpu * vcpu)441 static int handle_ipte_interlock(struct kvm_vcpu *vcpu)
442 {
443 vcpu->stat.instruction_ipte_interlock++;
444 if (psw_bits(vcpu->arch.sie_block->gpsw).pstate)
445 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
446 wait_event(vcpu->kvm->arch.ipte_wq, !ipte_lock_held(vcpu));
447 kvm_s390_retry_instr(vcpu);
448 VCPU_EVENT(vcpu, 4, "%s", "retrying ipte interlock operation");
449 return 0;
450 }
451
handle_test_block(struct kvm_vcpu * vcpu)452 static int handle_test_block(struct kvm_vcpu *vcpu)
453 {
454 gpa_t addr;
455 int reg2;
456
457 vcpu->stat.instruction_tb++;
458
459 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
460 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
461
462 kvm_s390_get_regs_rre(vcpu, NULL, ®2);
463 addr = vcpu->run->s.regs.gprs[reg2] & PAGE_MASK;
464 addr = kvm_s390_logical_to_effective(vcpu, addr);
465 if (kvm_s390_check_low_addr_prot_real(vcpu, addr))
466 return kvm_s390_inject_prog_irq(vcpu, &vcpu->arch.pgm);
467 addr = kvm_s390_real_to_abs(vcpu, addr);
468
469 if (kvm_is_error_gpa(vcpu->kvm, addr))
470 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
471 /*
472 * We don't expect errors on modern systems, and do not care
473 * about storage keys (yet), so let's just clear the page.
474 */
475 if (kvm_clear_guest(vcpu->kvm, addr, PAGE_SIZE))
476 return -EFAULT;
477 kvm_s390_set_psw_cc(vcpu, 0);
478 vcpu->run->s.regs.gprs[0] = 0;
479 return 0;
480 }
481
handle_tpi(struct kvm_vcpu * vcpu)482 static int handle_tpi(struct kvm_vcpu *vcpu)
483 {
484 struct kvm_s390_interrupt_info *inti;
485 unsigned long len;
486 u32 tpi_data[3];
487 int rc;
488 u64 addr;
489 u8 ar;
490
491 vcpu->stat.instruction_tpi++;
492
493 addr = kvm_s390_get_base_disp_s(vcpu, &ar);
494 if (addr & 3)
495 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
496
497 inti = kvm_s390_get_io_int(vcpu->kvm, vcpu->arch.sie_block->gcr[6], 0);
498 if (!inti) {
499 kvm_s390_set_psw_cc(vcpu, 0);
500 return 0;
501 }
502
503 tpi_data[0] = inti->io.subchannel_id << 16 | inti->io.subchannel_nr;
504 tpi_data[1] = inti->io.io_int_parm;
505 tpi_data[2] = inti->io.io_int_word;
506 if (addr) {
507 /*
508 * Store the two-word I/O interruption code into the
509 * provided area.
510 */
511 len = sizeof(tpi_data) - 4;
512 rc = write_guest(vcpu, addr, ar, &tpi_data, len);
513 if (rc) {
514 rc = kvm_s390_inject_prog_cond(vcpu, rc);
515 goto reinject_interrupt;
516 }
517 } else {
518 /*
519 * Store the three-word I/O interruption code into
520 * the appropriate lowcore area.
521 */
522 len = sizeof(tpi_data);
523 if (write_guest_lc(vcpu, __LC_SUBCHANNEL_ID, &tpi_data, len)) {
524 /* failed writes to the low core are not recoverable */
525 rc = -EFAULT;
526 goto reinject_interrupt;
527 }
528 }
529
530 /* irq was successfully handed to the guest */
531 kfree(inti);
532 kvm_s390_set_psw_cc(vcpu, 1);
533 return 0;
534 reinject_interrupt:
535 /*
536 * If we encounter a problem storing the interruption code, the
537 * instruction is suppressed from the guest's view: reinject the
538 * interrupt.
539 */
540 if (kvm_s390_reinject_io_int(vcpu->kvm, inti)) {
541 kfree(inti);
542 rc = -EFAULT;
543 }
544 /* don't set the cc, a pgm irq was injected or we drop to user space */
545 return rc ? -EFAULT : 0;
546 }
547
handle_tsch(struct kvm_vcpu * vcpu)548 static int handle_tsch(struct kvm_vcpu *vcpu)
549 {
550 struct kvm_s390_interrupt_info *inti = NULL;
551 const u64 isc_mask = 0xffUL << 24; /* all iscs set */
552
553 vcpu->stat.instruction_tsch++;
554
555 /* a valid schid has at least one bit set */
556 if (vcpu->run->s.regs.gprs[1])
557 inti = kvm_s390_get_io_int(vcpu->kvm, isc_mask,
558 vcpu->run->s.regs.gprs[1]);
559
560 /*
561 * Prepare exit to userspace.
562 * We indicate whether we dequeued a pending I/O interrupt
563 * so that userspace can re-inject it if the instruction gets
564 * a program check. While this may re-order the pending I/O
565 * interrupts, this is no problem since the priority is kept
566 * intact.
567 */
568 vcpu->run->exit_reason = KVM_EXIT_S390_TSCH;
569 vcpu->run->s390_tsch.dequeued = !!inti;
570 if (inti) {
571 vcpu->run->s390_tsch.subchannel_id = inti->io.subchannel_id;
572 vcpu->run->s390_tsch.subchannel_nr = inti->io.subchannel_nr;
573 vcpu->run->s390_tsch.io_int_parm = inti->io.io_int_parm;
574 vcpu->run->s390_tsch.io_int_word = inti->io.io_int_word;
575 }
576 vcpu->run->s390_tsch.ipb = vcpu->arch.sie_block->ipb;
577 kfree(inti);
578 return -EREMOTE;
579 }
580
handle_io_inst(struct kvm_vcpu * vcpu)581 static int handle_io_inst(struct kvm_vcpu *vcpu)
582 {
583 VCPU_EVENT(vcpu, 4, "%s", "I/O instruction");
584
585 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
586 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
587
588 if (vcpu->kvm->arch.css_support) {
589 /*
590 * Most I/O instructions will be handled by userspace.
591 * Exceptions are tpi and the interrupt portion of tsch.
592 */
593 if (vcpu->arch.sie_block->ipa == 0xb236)
594 return handle_tpi(vcpu);
595 if (vcpu->arch.sie_block->ipa == 0xb235)
596 return handle_tsch(vcpu);
597 /* Handle in userspace. */
598 vcpu->stat.instruction_io_other++;
599 return -EOPNOTSUPP;
600 } else {
601 /*
602 * Set condition code 3 to stop the guest from issuing channel
603 * I/O instructions.
604 */
605 kvm_s390_set_psw_cc(vcpu, 3);
606 return 0;
607 }
608 }
609
610 /*
611 * handle_pqap: Handling pqap interception
612 * @vcpu: the vcpu having issue the pqap instruction
613 *
614 * We now support PQAP/AQIC instructions and we need to correctly
615 * answer the guest even if no dedicated driver's hook is available.
616 *
617 * The intercepting code calls a dedicated callback for this instruction
618 * if a driver did register one in the CRYPTO satellite of the
619 * SIE block.
620 *
621 * If no callback is available, the queues are not available, return this
622 * response code to the caller and set CC to 3.
623 * Else return the response code returned by the callback.
624 */
handle_pqap(struct kvm_vcpu * vcpu)625 static int handle_pqap(struct kvm_vcpu *vcpu)
626 {
627 struct ap_queue_status status = {};
628 unsigned long reg0;
629 int ret;
630 uint8_t fc;
631
632 /* Verify that the AP instruction are available */
633 if (!ap_instructions_available())
634 return -EOPNOTSUPP;
635 /* Verify that the guest is allowed to use AP instructions */
636 if (!(vcpu->arch.sie_block->eca & ECA_APIE))
637 return -EOPNOTSUPP;
638 /*
639 * The only possibly intercepted functions when AP instructions are
640 * available for the guest are AQIC and TAPQ with the t bit set
641 * since we do not set IC.3 (FIII) we currently will only intercept
642 * the AQIC function code.
643 * Note: running nested under z/VM can result in intercepts for other
644 * function codes, e.g. PQAP(QCI). We do not support this and bail out.
645 */
646 reg0 = vcpu->run->s.regs.gprs[0];
647 fc = (reg0 >> 24) & 0xff;
648 if (fc != 0x03)
649 return -EOPNOTSUPP;
650
651 /* PQAP instruction is allowed for guest kernel only */
652 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
653 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
654
655 /* Common PQAP instruction specification exceptions */
656 /* bits 41-47 must all be zeros */
657 if (reg0 & 0x007f0000UL)
658 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
659 /* APFT not install and T bit set */
660 if (!test_kvm_facility(vcpu->kvm, 15) && (reg0 & 0x00800000UL))
661 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
662 /* APXA not installed and APID greater 64 or APQI greater 16 */
663 if (!(vcpu->kvm->arch.crypto.crycbd & 0x02) && (reg0 & 0x0000c0f0UL))
664 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
665
666 /* AQIC function code specific exception */
667 /* facility 65 not present for AQIC function code */
668 if (!test_kvm_facility(vcpu->kvm, 65))
669 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
670
671 /*
672 * Verify that the hook callback is registered, lock the owner
673 * and call the hook.
674 */
675 if (vcpu->kvm->arch.crypto.pqap_hook) {
676 if (!try_module_get(vcpu->kvm->arch.crypto.pqap_hook->owner))
677 return -EOPNOTSUPP;
678 ret = vcpu->kvm->arch.crypto.pqap_hook->hook(vcpu);
679 module_put(vcpu->kvm->arch.crypto.pqap_hook->owner);
680 if (!ret && vcpu->run->s.regs.gprs[1] & 0x00ff0000)
681 kvm_s390_set_psw_cc(vcpu, 3);
682 return ret;
683 }
684 /*
685 * A vfio_driver must register a hook.
686 * No hook means no driver to enable the SIE CRYCB and no queues.
687 * We send this response to the guest.
688 */
689 status.response_code = 0x01;
690 memcpy(&vcpu->run->s.regs.gprs[1], &status, sizeof(status));
691 kvm_s390_set_psw_cc(vcpu, 3);
692 return 0;
693 }
694
handle_stfl(struct kvm_vcpu * vcpu)695 static int handle_stfl(struct kvm_vcpu *vcpu)
696 {
697 int rc;
698 unsigned int fac;
699
700 vcpu->stat.instruction_stfl++;
701
702 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
703 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
704
705 /*
706 * We need to shift the lower 32 facility bits (bit 0-31) from a u64
707 * into a u32 memory representation. They will remain bits 0-31.
708 */
709 fac = *vcpu->kvm->arch.model.fac_list >> 32;
710 rc = write_guest_lc(vcpu, offsetof(struct lowcore, stfl_fac_list),
711 &fac, sizeof(fac));
712 if (rc)
713 return rc;
714 VCPU_EVENT(vcpu, 3, "STFL: store facility list 0x%x", fac);
715 trace_kvm_s390_handle_stfl(vcpu, fac);
716 return 0;
717 }
718
719 #define PSW_MASK_ADDR_MODE (PSW_MASK_EA | PSW_MASK_BA)
720 #define PSW_MASK_UNASSIGNED 0xb80800fe7fffffffUL
721 #define PSW_ADDR_24 0x0000000000ffffffUL
722 #define PSW_ADDR_31 0x000000007fffffffUL
723
is_valid_psw(psw_t * psw)724 int is_valid_psw(psw_t *psw)
725 {
726 if (psw->mask & PSW_MASK_UNASSIGNED)
727 return 0;
728 if ((psw->mask & PSW_MASK_ADDR_MODE) == PSW_MASK_BA) {
729 if (psw->addr & ~PSW_ADDR_31)
730 return 0;
731 }
732 if (!(psw->mask & PSW_MASK_ADDR_MODE) && (psw->addr & ~PSW_ADDR_24))
733 return 0;
734 if ((psw->mask & PSW_MASK_ADDR_MODE) == PSW_MASK_EA)
735 return 0;
736 if (psw->addr & 1)
737 return 0;
738 return 1;
739 }
740
kvm_s390_handle_lpsw(struct kvm_vcpu * vcpu)741 int kvm_s390_handle_lpsw(struct kvm_vcpu *vcpu)
742 {
743 psw_t *gpsw = &vcpu->arch.sie_block->gpsw;
744 psw_compat_t new_psw;
745 u64 addr;
746 int rc;
747 u8 ar;
748
749 vcpu->stat.instruction_lpsw++;
750
751 if (gpsw->mask & PSW_MASK_PSTATE)
752 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
753
754 addr = kvm_s390_get_base_disp_s(vcpu, &ar);
755 if (addr & 7)
756 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
757
758 rc = read_guest(vcpu, addr, ar, &new_psw, sizeof(new_psw));
759 if (rc)
760 return kvm_s390_inject_prog_cond(vcpu, rc);
761 if (!(new_psw.mask & PSW32_MASK_BASE))
762 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
763 gpsw->mask = (new_psw.mask & ~PSW32_MASK_BASE) << 32;
764 gpsw->mask |= new_psw.addr & PSW32_ADDR_AMODE;
765 gpsw->addr = new_psw.addr & ~PSW32_ADDR_AMODE;
766 if (!is_valid_psw(gpsw))
767 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
768 return 0;
769 }
770
handle_lpswe(struct kvm_vcpu * vcpu)771 static int handle_lpswe(struct kvm_vcpu *vcpu)
772 {
773 psw_t new_psw;
774 u64 addr;
775 int rc;
776 u8 ar;
777
778 vcpu->stat.instruction_lpswe++;
779
780 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
781 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
782
783 addr = kvm_s390_get_base_disp_s(vcpu, &ar);
784 if (addr & 7)
785 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
786 rc = read_guest(vcpu, addr, ar, &new_psw, sizeof(new_psw));
787 if (rc)
788 return kvm_s390_inject_prog_cond(vcpu, rc);
789 vcpu->arch.sie_block->gpsw = new_psw;
790 if (!is_valid_psw(&vcpu->arch.sie_block->gpsw))
791 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
792 return 0;
793 }
794
handle_stidp(struct kvm_vcpu * vcpu)795 static int handle_stidp(struct kvm_vcpu *vcpu)
796 {
797 u64 stidp_data = vcpu->kvm->arch.model.cpuid;
798 u64 operand2;
799 int rc;
800 u8 ar;
801
802 vcpu->stat.instruction_stidp++;
803
804 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
805 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
806
807 operand2 = kvm_s390_get_base_disp_s(vcpu, &ar);
808
809 if (operand2 & 7)
810 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
811
812 rc = write_guest(vcpu, operand2, ar, &stidp_data, sizeof(stidp_data));
813 if (rc)
814 return kvm_s390_inject_prog_cond(vcpu, rc);
815
816 VCPU_EVENT(vcpu, 3, "STIDP: store cpu id 0x%llx", stidp_data);
817 return 0;
818 }
819
handle_stsi_3_2_2(struct kvm_vcpu * vcpu,struct sysinfo_3_2_2 * mem)820 static void handle_stsi_3_2_2(struct kvm_vcpu *vcpu, struct sysinfo_3_2_2 *mem)
821 {
822 int cpus = 0;
823 int n;
824
825 cpus = atomic_read(&vcpu->kvm->online_vcpus);
826
827 /* deal with other level 3 hypervisors */
828 if (stsi(mem, 3, 2, 2))
829 mem->count = 0;
830 if (mem->count < 8)
831 mem->count++;
832 for (n = mem->count - 1; n > 0 ; n--)
833 memcpy(&mem->vm[n], &mem->vm[n - 1], sizeof(mem->vm[0]));
834
835 memset(&mem->vm[0], 0, sizeof(mem->vm[0]));
836 mem->vm[0].cpus_total = cpus;
837 mem->vm[0].cpus_configured = cpus;
838 mem->vm[0].cpus_standby = 0;
839 mem->vm[0].cpus_reserved = 0;
840 mem->vm[0].caf = 1000;
841 memcpy(mem->vm[0].name, "KVMguest", 8);
842 ASCEBC(mem->vm[0].name, 8);
843 memcpy(mem->vm[0].cpi, "KVM/Linux ", 16);
844 ASCEBC(mem->vm[0].cpi, 16);
845 }
846
insert_stsi_usr_data(struct kvm_vcpu * vcpu,u64 addr,u8 ar,u8 fc,u8 sel1,u16 sel2)847 static void insert_stsi_usr_data(struct kvm_vcpu *vcpu, u64 addr, u8 ar,
848 u8 fc, u8 sel1, u16 sel2)
849 {
850 vcpu->run->exit_reason = KVM_EXIT_S390_STSI;
851 vcpu->run->s390_stsi.addr = addr;
852 vcpu->run->s390_stsi.ar = ar;
853 vcpu->run->s390_stsi.fc = fc;
854 vcpu->run->s390_stsi.sel1 = sel1;
855 vcpu->run->s390_stsi.sel2 = sel2;
856 }
857
handle_stsi(struct kvm_vcpu * vcpu)858 static int handle_stsi(struct kvm_vcpu *vcpu)
859 {
860 int fc = (vcpu->run->s.regs.gprs[0] & 0xf0000000) >> 28;
861 int sel1 = vcpu->run->s.regs.gprs[0] & 0xff;
862 int sel2 = vcpu->run->s.regs.gprs[1] & 0xffff;
863 unsigned long mem = 0;
864 u64 operand2;
865 int rc = 0;
866 u8 ar;
867
868 vcpu->stat.instruction_stsi++;
869 VCPU_EVENT(vcpu, 3, "STSI: fc: %u sel1: %u sel2: %u", fc, sel1, sel2);
870
871 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
872 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
873
874 if (fc > 3) {
875 kvm_s390_set_psw_cc(vcpu, 3);
876 return 0;
877 }
878
879 if (vcpu->run->s.regs.gprs[0] & 0x0fffff00
880 || vcpu->run->s.regs.gprs[1] & 0xffff0000)
881 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
882
883 if (fc == 0) {
884 vcpu->run->s.regs.gprs[0] = 3 << 28;
885 kvm_s390_set_psw_cc(vcpu, 0);
886 return 0;
887 }
888
889 operand2 = kvm_s390_get_base_disp_s(vcpu, &ar);
890
891 if (!kvm_s390_pv_cpu_is_protected(vcpu) && (operand2 & 0xfff))
892 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
893
894 switch (fc) {
895 case 1: /* same handling for 1 and 2 */
896 case 2:
897 mem = get_zeroed_page(GFP_KERNEL);
898 if (!mem)
899 goto out_no_data;
900 if (stsi((void *) mem, fc, sel1, sel2))
901 goto out_no_data;
902 break;
903 case 3:
904 if (sel1 != 2 || sel2 != 2)
905 goto out_no_data;
906 mem = get_zeroed_page(GFP_KERNEL);
907 if (!mem)
908 goto out_no_data;
909 handle_stsi_3_2_2(vcpu, (void *) mem);
910 break;
911 }
912 if (kvm_s390_pv_cpu_is_protected(vcpu)) {
913 memcpy((void *)sida_origin(vcpu->arch.sie_block), (void *)mem,
914 PAGE_SIZE);
915 rc = 0;
916 } else {
917 rc = write_guest(vcpu, operand2, ar, (void *)mem, PAGE_SIZE);
918 }
919 if (rc) {
920 rc = kvm_s390_inject_prog_cond(vcpu, rc);
921 goto out;
922 }
923 if (vcpu->kvm->arch.user_stsi) {
924 insert_stsi_usr_data(vcpu, operand2, ar, fc, sel1, sel2);
925 rc = -EREMOTE;
926 }
927 trace_kvm_s390_handle_stsi(vcpu, fc, sel1, sel2, operand2);
928 free_page(mem);
929 kvm_s390_set_psw_cc(vcpu, 0);
930 vcpu->run->s.regs.gprs[0] = 0;
931 return rc;
932 out_no_data:
933 kvm_s390_set_psw_cc(vcpu, 3);
934 out:
935 free_page(mem);
936 return rc;
937 }
938
kvm_s390_handle_b2(struct kvm_vcpu * vcpu)939 int kvm_s390_handle_b2(struct kvm_vcpu *vcpu)
940 {
941 switch (vcpu->arch.sie_block->ipa & 0x00ff) {
942 case 0x02:
943 return handle_stidp(vcpu);
944 case 0x04:
945 return handle_set_clock(vcpu);
946 case 0x10:
947 return handle_set_prefix(vcpu);
948 case 0x11:
949 return handle_store_prefix(vcpu);
950 case 0x12:
951 return handle_store_cpu_address(vcpu);
952 case 0x14:
953 return kvm_s390_handle_vsie(vcpu);
954 case 0x21:
955 case 0x50:
956 return handle_ipte_interlock(vcpu);
957 case 0x29:
958 return handle_iske(vcpu);
959 case 0x2a:
960 return handle_rrbe(vcpu);
961 case 0x2b:
962 return handle_sske(vcpu);
963 case 0x2c:
964 return handle_test_block(vcpu);
965 case 0x30:
966 case 0x31:
967 case 0x32:
968 case 0x33:
969 case 0x34:
970 case 0x35:
971 case 0x36:
972 case 0x37:
973 case 0x38:
974 case 0x39:
975 case 0x3a:
976 case 0x3b:
977 case 0x3c:
978 case 0x5f:
979 case 0x74:
980 case 0x76:
981 return handle_io_inst(vcpu);
982 case 0x56:
983 return handle_sthyi(vcpu);
984 case 0x7d:
985 return handle_stsi(vcpu);
986 case 0xaf:
987 return handle_pqap(vcpu);
988 case 0xb1:
989 return handle_stfl(vcpu);
990 case 0xb2:
991 return handle_lpswe(vcpu);
992 default:
993 return -EOPNOTSUPP;
994 }
995 }
996
handle_epsw(struct kvm_vcpu * vcpu)997 static int handle_epsw(struct kvm_vcpu *vcpu)
998 {
999 int reg1, reg2;
1000
1001 vcpu->stat.instruction_epsw++;
1002
1003 kvm_s390_get_regs_rre(vcpu, ®1, ®2);
1004
1005 /* This basically extracts the mask half of the psw. */
1006 vcpu->run->s.regs.gprs[reg1] &= 0xffffffff00000000UL;
1007 vcpu->run->s.regs.gprs[reg1] |= vcpu->arch.sie_block->gpsw.mask >> 32;
1008 if (reg2) {
1009 vcpu->run->s.regs.gprs[reg2] &= 0xffffffff00000000UL;
1010 vcpu->run->s.regs.gprs[reg2] |=
1011 vcpu->arch.sie_block->gpsw.mask & 0x00000000ffffffffUL;
1012 }
1013 return 0;
1014 }
1015
1016 #define PFMF_RESERVED 0xfffc0101UL
1017 #define PFMF_SK 0x00020000UL
1018 #define PFMF_CF 0x00010000UL
1019 #define PFMF_UI 0x00008000UL
1020 #define PFMF_FSC 0x00007000UL
1021 #define PFMF_NQ 0x00000800UL
1022 #define PFMF_MR 0x00000400UL
1023 #define PFMF_MC 0x00000200UL
1024 #define PFMF_KEY 0x000000feUL
1025
handle_pfmf(struct kvm_vcpu * vcpu)1026 static int handle_pfmf(struct kvm_vcpu *vcpu)
1027 {
1028 bool mr = false, mc = false, nq;
1029 int reg1, reg2;
1030 unsigned long start, end;
1031 unsigned char key;
1032
1033 vcpu->stat.instruction_pfmf++;
1034
1035 kvm_s390_get_regs_rre(vcpu, ®1, ®2);
1036
1037 if (!test_kvm_facility(vcpu->kvm, 8))
1038 return kvm_s390_inject_program_int(vcpu, PGM_OPERATION);
1039
1040 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1041 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1042
1043 if (vcpu->run->s.regs.gprs[reg1] & PFMF_RESERVED)
1044 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1045
1046 /* Only provide non-quiescing support if enabled for the guest */
1047 if (vcpu->run->s.regs.gprs[reg1] & PFMF_NQ &&
1048 !test_kvm_facility(vcpu->kvm, 14))
1049 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1050
1051 /* Only provide conditional-SSKE support if enabled for the guest */
1052 if (vcpu->run->s.regs.gprs[reg1] & PFMF_SK &&
1053 test_kvm_facility(vcpu->kvm, 10)) {
1054 mr = vcpu->run->s.regs.gprs[reg1] & PFMF_MR;
1055 mc = vcpu->run->s.regs.gprs[reg1] & PFMF_MC;
1056 }
1057
1058 nq = vcpu->run->s.regs.gprs[reg1] & PFMF_NQ;
1059 key = vcpu->run->s.regs.gprs[reg1] & PFMF_KEY;
1060 start = vcpu->run->s.regs.gprs[reg2] & PAGE_MASK;
1061 start = kvm_s390_logical_to_effective(vcpu, start);
1062
1063 if (vcpu->run->s.regs.gprs[reg1] & PFMF_CF) {
1064 if (kvm_s390_check_low_addr_prot_real(vcpu, start))
1065 return kvm_s390_inject_prog_irq(vcpu, &vcpu->arch.pgm);
1066 }
1067
1068 switch (vcpu->run->s.regs.gprs[reg1] & PFMF_FSC) {
1069 case 0x00000000:
1070 /* only 4k frames specify a real address */
1071 start = kvm_s390_real_to_abs(vcpu, start);
1072 end = (start + PAGE_SIZE) & ~(PAGE_SIZE - 1);
1073 break;
1074 case 0x00001000:
1075 end = (start + _SEGMENT_SIZE) & ~(_SEGMENT_SIZE - 1);
1076 break;
1077 case 0x00002000:
1078 /* only support 2G frame size if EDAT2 is available and we are
1079 not in 24-bit addressing mode */
1080 if (!test_kvm_facility(vcpu->kvm, 78) ||
1081 psw_bits(vcpu->arch.sie_block->gpsw).eaba == PSW_BITS_AMODE_24BIT)
1082 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1083 end = (start + _REGION3_SIZE) & ~(_REGION3_SIZE - 1);
1084 break;
1085 default:
1086 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1087 }
1088
1089 while (start != end) {
1090 unsigned long vmaddr;
1091 bool unlocked = false;
1092
1093 /* Translate guest address to host address */
1094 vmaddr = gfn_to_hva(vcpu->kvm, gpa_to_gfn(start));
1095 if (kvm_is_error_hva(vmaddr))
1096 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
1097
1098 if (vcpu->run->s.regs.gprs[reg1] & PFMF_CF) {
1099 if (kvm_clear_guest(vcpu->kvm, start, PAGE_SIZE))
1100 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
1101 }
1102
1103 if (vcpu->run->s.regs.gprs[reg1] & PFMF_SK) {
1104 int rc = kvm_s390_skey_check_enable(vcpu);
1105
1106 if (rc)
1107 return rc;
1108 mmap_read_lock(current->mm);
1109 rc = cond_set_guest_storage_key(current->mm, vmaddr,
1110 key, NULL, nq, mr, mc);
1111 if (rc < 0) {
1112 rc = fixup_user_fault(current->mm, vmaddr,
1113 FAULT_FLAG_WRITE, &unlocked);
1114 rc = !rc ? -EAGAIN : rc;
1115 }
1116 mmap_read_unlock(current->mm);
1117 if (rc == -EFAULT)
1118 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
1119 if (rc == -EAGAIN)
1120 continue;
1121 if (rc < 0)
1122 return rc;
1123 }
1124 start += PAGE_SIZE;
1125 }
1126 if (vcpu->run->s.regs.gprs[reg1] & PFMF_FSC) {
1127 if (psw_bits(vcpu->arch.sie_block->gpsw).eaba == PSW_BITS_AMODE_64BIT) {
1128 vcpu->run->s.regs.gprs[reg2] = end;
1129 } else {
1130 vcpu->run->s.regs.gprs[reg2] &= ~0xffffffffUL;
1131 end = kvm_s390_logical_to_effective(vcpu, end);
1132 vcpu->run->s.regs.gprs[reg2] |= end;
1133 }
1134 }
1135 return 0;
1136 }
1137
1138 /*
1139 * Must be called with relevant read locks held (kvm->mm->mmap_lock, kvm->srcu)
1140 */
__do_essa(struct kvm_vcpu * vcpu,const int orc)1141 static inline int __do_essa(struct kvm_vcpu *vcpu, const int orc)
1142 {
1143 int r1, r2, nappended, entries;
1144 unsigned long gfn, hva, res, pgstev, ptev;
1145 unsigned long *cbrlo;
1146
1147 /*
1148 * We don't need to set SD.FPF.SK to 1 here, because if we have a
1149 * machine check here we either handle it or crash
1150 */
1151
1152 kvm_s390_get_regs_rre(vcpu, &r1, &r2);
1153 gfn = vcpu->run->s.regs.gprs[r2] >> PAGE_SHIFT;
1154 hva = gfn_to_hva(vcpu->kvm, gfn);
1155 entries = (vcpu->arch.sie_block->cbrlo & ~PAGE_MASK) >> 3;
1156
1157 if (kvm_is_error_hva(hva))
1158 return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
1159
1160 nappended = pgste_perform_essa(vcpu->kvm->mm, hva, orc, &ptev, &pgstev);
1161 if (nappended < 0) {
1162 res = orc ? 0x10 : 0;
1163 vcpu->run->s.regs.gprs[r1] = res; /* Exception Indication */
1164 return 0;
1165 }
1166 res = (pgstev & _PGSTE_GPS_USAGE_MASK) >> 22;
1167 /*
1168 * Set the block-content state part of the result. 0 means resident, so
1169 * nothing to do if the page is valid. 2 is for preserved pages
1170 * (non-present and non-zero), and 3 for zero pages (non-present and
1171 * zero).
1172 */
1173 if (ptev & _PAGE_INVALID) {
1174 res |= 2;
1175 if (pgstev & _PGSTE_GPS_ZERO)
1176 res |= 1;
1177 }
1178 if (pgstev & _PGSTE_GPS_NODAT)
1179 res |= 0x20;
1180 vcpu->run->s.regs.gprs[r1] = res;
1181 /*
1182 * It is possible that all the normal 511 slots were full, in which case
1183 * we will now write in the 512th slot, which is reserved for host use.
1184 * In both cases we let the normal essa handling code process all the
1185 * slots, including the reserved one, if needed.
1186 */
1187 if (nappended > 0) {
1188 cbrlo = phys_to_virt(vcpu->arch.sie_block->cbrlo & PAGE_MASK);
1189 cbrlo[entries] = gfn << PAGE_SHIFT;
1190 }
1191
1192 if (orc) {
1193 struct kvm_memory_slot *ms = gfn_to_memslot(vcpu->kvm, gfn);
1194
1195 /* Increment only if we are really flipping the bit */
1196 if (ms && !test_and_set_bit(gfn - ms->base_gfn, kvm_second_dirty_bitmap(ms)))
1197 atomic64_inc(&vcpu->kvm->arch.cmma_dirty_pages);
1198 }
1199
1200 return nappended;
1201 }
1202
handle_essa(struct kvm_vcpu * vcpu)1203 static int handle_essa(struct kvm_vcpu *vcpu)
1204 {
1205 /* entries expected to be 1FF */
1206 int entries = (vcpu->arch.sie_block->cbrlo & ~PAGE_MASK) >> 3;
1207 unsigned long *cbrlo;
1208 struct gmap *gmap;
1209 int i, orc;
1210
1211 VCPU_EVENT(vcpu, 4, "ESSA: release %d pages", entries);
1212 gmap = vcpu->arch.gmap;
1213 vcpu->stat.instruction_essa++;
1214 if (!vcpu->kvm->arch.use_cmma)
1215 return kvm_s390_inject_program_int(vcpu, PGM_OPERATION);
1216
1217 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1218 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1219 /* Check for invalid operation request code */
1220 orc = (vcpu->arch.sie_block->ipb & 0xf0000000) >> 28;
1221 /* ORCs 0-6 are always valid */
1222 if (orc > (test_kvm_facility(vcpu->kvm, 147) ? ESSA_SET_STABLE_NODAT
1223 : ESSA_SET_STABLE_IF_RESIDENT))
1224 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1225
1226 if (!vcpu->kvm->arch.migration_mode) {
1227 /*
1228 * CMMA is enabled in the KVM settings, but is disabled in
1229 * the SIE block and in the mm_context, and we are not doing
1230 * a migration. Enable CMMA in the mm_context.
1231 * Since we need to take a write lock to write to the context
1232 * to avoid races with storage keys handling, we check if the
1233 * value really needs to be written to; if the value is
1234 * already correct, we do nothing and avoid the lock.
1235 */
1236 if (vcpu->kvm->mm->context.uses_cmm == 0) {
1237 mmap_write_lock(vcpu->kvm->mm);
1238 vcpu->kvm->mm->context.uses_cmm = 1;
1239 mmap_write_unlock(vcpu->kvm->mm);
1240 }
1241 /*
1242 * If we are here, we are supposed to have CMMA enabled in
1243 * the SIE block. Enabling CMMA works on a per-CPU basis,
1244 * while the context use_cmma flag is per process.
1245 * It's possible that the context flag is enabled and the
1246 * SIE flag is not, so we set the flag always; if it was
1247 * already set, nothing changes, otherwise we enable it
1248 * on this CPU too.
1249 */
1250 vcpu->arch.sie_block->ecb2 |= ECB2_CMMA;
1251 /* Retry the ESSA instruction */
1252 kvm_s390_retry_instr(vcpu);
1253 } else {
1254 int srcu_idx;
1255
1256 mmap_read_lock(vcpu->kvm->mm);
1257 srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
1258 i = __do_essa(vcpu, orc);
1259 srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
1260 mmap_read_unlock(vcpu->kvm->mm);
1261 if (i < 0)
1262 return i;
1263 /* Account for the possible extra cbrl entry */
1264 entries += i;
1265 }
1266 vcpu->arch.sie_block->cbrlo &= PAGE_MASK; /* reset nceo */
1267 cbrlo = phys_to_virt(vcpu->arch.sie_block->cbrlo);
1268 mmap_read_lock(gmap->mm);
1269 for (i = 0; i < entries; ++i)
1270 __gmap_zap(gmap, cbrlo[i]);
1271 mmap_read_unlock(gmap->mm);
1272 return 0;
1273 }
1274
kvm_s390_handle_b9(struct kvm_vcpu * vcpu)1275 int kvm_s390_handle_b9(struct kvm_vcpu *vcpu)
1276 {
1277 switch (vcpu->arch.sie_block->ipa & 0x00ff) {
1278 case 0x8a:
1279 case 0x8e:
1280 case 0x8f:
1281 return handle_ipte_interlock(vcpu);
1282 case 0x8d:
1283 return handle_epsw(vcpu);
1284 case 0xab:
1285 return handle_essa(vcpu);
1286 case 0xaf:
1287 return handle_pfmf(vcpu);
1288 default:
1289 return -EOPNOTSUPP;
1290 }
1291 }
1292
kvm_s390_handle_lctl(struct kvm_vcpu * vcpu)1293 int kvm_s390_handle_lctl(struct kvm_vcpu *vcpu)
1294 {
1295 int reg1 = (vcpu->arch.sie_block->ipa & 0x00f0) >> 4;
1296 int reg3 = vcpu->arch.sie_block->ipa & 0x000f;
1297 int reg, rc, nr_regs;
1298 u32 ctl_array[16];
1299 u64 ga;
1300 u8 ar;
1301
1302 vcpu->stat.instruction_lctl++;
1303
1304 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1305 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1306
1307 ga = kvm_s390_get_base_disp_rs(vcpu, &ar);
1308
1309 if (ga & 3)
1310 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1311
1312 VCPU_EVENT(vcpu, 4, "LCTL: r1:%d, r3:%d, addr: 0x%llx", reg1, reg3, ga);
1313 trace_kvm_s390_handle_lctl(vcpu, 0, reg1, reg3, ga);
1314
1315 nr_regs = ((reg3 - reg1) & 0xf) + 1;
1316 rc = read_guest(vcpu, ga, ar, ctl_array, nr_regs * sizeof(u32));
1317 if (rc)
1318 return kvm_s390_inject_prog_cond(vcpu, rc);
1319 reg = reg1;
1320 nr_regs = 0;
1321 do {
1322 vcpu->arch.sie_block->gcr[reg] &= 0xffffffff00000000ul;
1323 vcpu->arch.sie_block->gcr[reg] |= ctl_array[nr_regs++];
1324 if (reg == reg3)
1325 break;
1326 reg = (reg + 1) % 16;
1327 } while (1);
1328 kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
1329 return 0;
1330 }
1331
kvm_s390_handle_stctl(struct kvm_vcpu * vcpu)1332 int kvm_s390_handle_stctl(struct kvm_vcpu *vcpu)
1333 {
1334 int reg1 = (vcpu->arch.sie_block->ipa & 0x00f0) >> 4;
1335 int reg3 = vcpu->arch.sie_block->ipa & 0x000f;
1336 int reg, rc, nr_regs;
1337 u32 ctl_array[16];
1338 u64 ga;
1339 u8 ar;
1340
1341 vcpu->stat.instruction_stctl++;
1342
1343 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1344 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1345
1346 ga = kvm_s390_get_base_disp_rs(vcpu, &ar);
1347
1348 if (ga & 3)
1349 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1350
1351 VCPU_EVENT(vcpu, 4, "STCTL r1:%d, r3:%d, addr: 0x%llx", reg1, reg3, ga);
1352 trace_kvm_s390_handle_stctl(vcpu, 0, reg1, reg3, ga);
1353
1354 reg = reg1;
1355 nr_regs = 0;
1356 do {
1357 ctl_array[nr_regs++] = vcpu->arch.sie_block->gcr[reg];
1358 if (reg == reg3)
1359 break;
1360 reg = (reg + 1) % 16;
1361 } while (1);
1362 rc = write_guest(vcpu, ga, ar, ctl_array, nr_regs * sizeof(u32));
1363 return rc ? kvm_s390_inject_prog_cond(vcpu, rc) : 0;
1364 }
1365
handle_lctlg(struct kvm_vcpu * vcpu)1366 static int handle_lctlg(struct kvm_vcpu *vcpu)
1367 {
1368 int reg1 = (vcpu->arch.sie_block->ipa & 0x00f0) >> 4;
1369 int reg3 = vcpu->arch.sie_block->ipa & 0x000f;
1370 int reg, rc, nr_regs;
1371 u64 ctl_array[16];
1372 u64 ga;
1373 u8 ar;
1374
1375 vcpu->stat.instruction_lctlg++;
1376
1377 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1378 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1379
1380 ga = kvm_s390_get_base_disp_rsy(vcpu, &ar);
1381
1382 if (ga & 7)
1383 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1384
1385 VCPU_EVENT(vcpu, 4, "LCTLG: r1:%d, r3:%d, addr: 0x%llx", reg1, reg3, ga);
1386 trace_kvm_s390_handle_lctl(vcpu, 1, reg1, reg3, ga);
1387
1388 nr_regs = ((reg3 - reg1) & 0xf) + 1;
1389 rc = read_guest(vcpu, ga, ar, ctl_array, nr_regs * sizeof(u64));
1390 if (rc)
1391 return kvm_s390_inject_prog_cond(vcpu, rc);
1392 reg = reg1;
1393 nr_regs = 0;
1394 do {
1395 vcpu->arch.sie_block->gcr[reg] = ctl_array[nr_regs++];
1396 if (reg == reg3)
1397 break;
1398 reg = (reg + 1) % 16;
1399 } while (1);
1400 kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
1401 return 0;
1402 }
1403
handle_stctg(struct kvm_vcpu * vcpu)1404 static int handle_stctg(struct kvm_vcpu *vcpu)
1405 {
1406 int reg1 = (vcpu->arch.sie_block->ipa & 0x00f0) >> 4;
1407 int reg3 = vcpu->arch.sie_block->ipa & 0x000f;
1408 int reg, rc, nr_regs;
1409 u64 ctl_array[16];
1410 u64 ga;
1411 u8 ar;
1412
1413 vcpu->stat.instruction_stctg++;
1414
1415 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1416 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1417
1418 ga = kvm_s390_get_base_disp_rsy(vcpu, &ar);
1419
1420 if (ga & 7)
1421 return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
1422
1423 VCPU_EVENT(vcpu, 4, "STCTG r1:%d, r3:%d, addr: 0x%llx", reg1, reg3, ga);
1424 trace_kvm_s390_handle_stctl(vcpu, 1, reg1, reg3, ga);
1425
1426 reg = reg1;
1427 nr_regs = 0;
1428 do {
1429 ctl_array[nr_regs++] = vcpu->arch.sie_block->gcr[reg];
1430 if (reg == reg3)
1431 break;
1432 reg = (reg + 1) % 16;
1433 } while (1);
1434 rc = write_guest(vcpu, ga, ar, ctl_array, nr_regs * sizeof(u64));
1435 return rc ? kvm_s390_inject_prog_cond(vcpu, rc) : 0;
1436 }
1437
kvm_s390_handle_eb(struct kvm_vcpu * vcpu)1438 int kvm_s390_handle_eb(struct kvm_vcpu *vcpu)
1439 {
1440 switch (vcpu->arch.sie_block->ipb & 0x000000ff) {
1441 case 0x25:
1442 return handle_stctg(vcpu);
1443 case 0x2f:
1444 return handle_lctlg(vcpu);
1445 case 0x60:
1446 case 0x61:
1447 case 0x62:
1448 return handle_ri(vcpu);
1449 default:
1450 return -EOPNOTSUPP;
1451 }
1452 }
1453
handle_tprot(struct kvm_vcpu * vcpu)1454 static int handle_tprot(struct kvm_vcpu *vcpu)
1455 {
1456 u64 address1, address2;
1457 unsigned long hva, gpa;
1458 int ret = 0, cc = 0;
1459 bool writable;
1460 u8 ar;
1461
1462 vcpu->stat.instruction_tprot++;
1463
1464 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1465 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1466
1467 kvm_s390_get_base_disp_sse(vcpu, &address1, &address2, &ar, NULL);
1468
1469 /* we only handle the Linux memory detection case:
1470 * access key == 0
1471 * everything else goes to userspace. */
1472 if (address2 & 0xf0)
1473 return -EOPNOTSUPP;
1474 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_DAT)
1475 ipte_lock(vcpu);
1476 ret = guest_translate_address(vcpu, address1, ar, &gpa, GACC_STORE);
1477 if (ret == PGM_PROTECTION) {
1478 /* Write protected? Try again with read-only... */
1479 cc = 1;
1480 ret = guest_translate_address(vcpu, address1, ar, &gpa,
1481 GACC_FETCH);
1482 }
1483 if (ret) {
1484 if (ret == PGM_ADDRESSING || ret == PGM_TRANSLATION_SPEC) {
1485 ret = kvm_s390_inject_program_int(vcpu, ret);
1486 } else if (ret > 0) {
1487 /* Translation not available */
1488 kvm_s390_set_psw_cc(vcpu, 3);
1489 ret = 0;
1490 }
1491 goto out_unlock;
1492 }
1493
1494 hva = gfn_to_hva_prot(vcpu->kvm, gpa_to_gfn(gpa), &writable);
1495 if (kvm_is_error_hva(hva)) {
1496 ret = kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
1497 } else {
1498 if (!writable)
1499 cc = 1; /* Write not permitted ==> read-only */
1500 kvm_s390_set_psw_cc(vcpu, cc);
1501 /* Note: CC2 only occurs for storage keys (not supported yet) */
1502 }
1503 out_unlock:
1504 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_DAT)
1505 ipte_unlock(vcpu);
1506 return ret;
1507 }
1508
kvm_s390_handle_e5(struct kvm_vcpu * vcpu)1509 int kvm_s390_handle_e5(struct kvm_vcpu *vcpu)
1510 {
1511 switch (vcpu->arch.sie_block->ipa & 0x00ff) {
1512 case 0x01:
1513 return handle_tprot(vcpu);
1514 default:
1515 return -EOPNOTSUPP;
1516 }
1517 }
1518
handle_sckpf(struct kvm_vcpu * vcpu)1519 static int handle_sckpf(struct kvm_vcpu *vcpu)
1520 {
1521 u32 value;
1522
1523 vcpu->stat.instruction_sckpf++;
1524
1525 if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
1526 return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
1527
1528 if (vcpu->run->s.regs.gprs[0] & 0x00000000ffff0000)
1529 return kvm_s390_inject_program_int(vcpu,
1530 PGM_SPECIFICATION);
1531
1532 value = vcpu->run->s.regs.gprs[0] & 0x000000000000ffff;
1533 vcpu->arch.sie_block->todpr = value;
1534
1535 return 0;
1536 }
1537
handle_ptff(struct kvm_vcpu * vcpu)1538 static int handle_ptff(struct kvm_vcpu *vcpu)
1539 {
1540 vcpu->stat.instruction_ptff++;
1541
1542 /* we don't emulate any control instructions yet */
1543 kvm_s390_set_psw_cc(vcpu, 3);
1544 return 0;
1545 }
1546
kvm_s390_handle_01(struct kvm_vcpu * vcpu)1547 int kvm_s390_handle_01(struct kvm_vcpu *vcpu)
1548 {
1549 switch (vcpu->arch.sie_block->ipa & 0x00ff) {
1550 case 0x04:
1551 return handle_ptff(vcpu);
1552 case 0x07:
1553 return handle_sckpf(vcpu);
1554 default:
1555 return -EOPNOTSUPP;
1556 }
1557 }
1558