1 // SPDX-License-Identifier: GPL-2.0
2
3 #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
4 #include <linux/memblock.h>
5 #endif
6 #include <linux/cpu.h>
7 #include <linux/kexec.h>
8 #include <linux/slab.h>
9
10 #include <xen/xen.h>
11 #include <xen/features.h>
12 #include <xen/page.h>
13
14 #include <asm/xen/hypercall.h>
15 #include <asm/xen/hypervisor.h>
16 #include <asm/cpu.h>
17 #include <asm/e820/api.h>
18
19 #include "xen-ops.h"
20 #include "smp.h"
21 #include "pmu.h"
22
23 EXPORT_SYMBOL_GPL(hypercall_page);
24
25 /*
26 * Pointer to the xen_vcpu_info structure or
27 * &HYPERVISOR_shared_info->vcpu_info[cpu]. See xen_hvm_init_shared_info
28 * and xen_vcpu_setup for details. By default it points to share_info->vcpu_info
29 * but if the hypervisor supports VCPUOP_register_vcpu_info then it can point
30 * to xen_vcpu_info. The pointer is used in __xen_evtchn_do_upcall to
31 * acknowledge pending events.
32 * Also more subtly it is used by the patched version of irq enable/disable
33 * e.g. xen_irq_enable_direct and xen_iret in PV mode.
34 *
35 * The desire to be able to do those mask/unmask operations as a single
36 * instruction by using the per-cpu offset held in %gs is the real reason
37 * vcpu info is in a per-cpu pointer and the original reason for this
38 * hypercall.
39 *
40 */
41 DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu);
42
43 /*
44 * Per CPU pages used if hypervisor supports VCPUOP_register_vcpu_info
45 * hypercall. This can be used both in PV and PVHVM mode. The structure
46 * overrides the default per_cpu(xen_vcpu, cpu) value.
47 */
48 DEFINE_PER_CPU(struct vcpu_info, xen_vcpu_info);
49
50 /* Linux <-> Xen vCPU id mapping */
51 DEFINE_PER_CPU(uint32_t, xen_vcpu_id);
52 EXPORT_PER_CPU_SYMBOL(xen_vcpu_id);
53
54 unsigned long *machine_to_phys_mapping = (void *)MACH2PHYS_VIRT_START;
55 EXPORT_SYMBOL(machine_to_phys_mapping);
56 unsigned long machine_to_phys_nr;
57 EXPORT_SYMBOL(machine_to_phys_nr);
58
59 struct start_info *xen_start_info;
60 EXPORT_SYMBOL_GPL(xen_start_info);
61
62 struct shared_info xen_dummy_shared_info;
63
64 __read_mostly int xen_have_vector_callback;
65 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
66
67 /*
68 * NB: These need to live in .data or alike because they're used by
69 * xen_prepare_pvh() which runs before clearing the bss.
70 */
71 enum xen_domain_type __ro_after_init xen_domain_type = XEN_NATIVE;
72 EXPORT_SYMBOL_GPL(xen_domain_type);
73 uint32_t xen_start_flags __section(".data") = 0;
74 EXPORT_SYMBOL(xen_start_flags);
75
76 /*
77 * Point at some empty memory to start with. We map the real shared_info
78 * page as soon as fixmap is up and running.
79 */
80 struct shared_info *HYPERVISOR_shared_info = &xen_dummy_shared_info;
81
82 /*
83 * Flag to determine whether vcpu info placement is available on all
84 * VCPUs. We assume it is to start with, and then set it to zero on
85 * the first failure. This is because it can succeed on some VCPUs
86 * and not others, since it can involve hypervisor memory allocation,
87 * or because the guest failed to guarantee all the appropriate
88 * constraints on all VCPUs (ie buffer can't cross a page boundary).
89 *
90 * Note that any particular CPU may be using a placed vcpu structure,
91 * but we can only optimise if the all are.
92 *
93 * 0: not available, 1: available
94 */
95 int xen_have_vcpu_info_placement = 1;
96
xen_cpu_up_online(unsigned int cpu)97 static int xen_cpu_up_online(unsigned int cpu)
98 {
99 xen_init_lock_cpu(cpu);
100 return 0;
101 }
102
xen_cpuhp_setup(int (* cpu_up_prepare_cb)(unsigned int),int (* cpu_dead_cb)(unsigned int))103 int xen_cpuhp_setup(int (*cpu_up_prepare_cb)(unsigned int),
104 int (*cpu_dead_cb)(unsigned int))
105 {
106 int rc;
107
108 rc = cpuhp_setup_state_nocalls(CPUHP_XEN_PREPARE,
109 "x86/xen/guest:prepare",
110 cpu_up_prepare_cb, cpu_dead_cb);
111 if (rc >= 0) {
112 rc = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN,
113 "x86/xen/guest:online",
114 xen_cpu_up_online, NULL);
115 if (rc < 0)
116 cpuhp_remove_state_nocalls(CPUHP_XEN_PREPARE);
117 }
118
119 return rc >= 0 ? 0 : rc;
120 }
121
xen_vcpu_setup_restore(int cpu)122 static int xen_vcpu_setup_restore(int cpu)
123 {
124 int rc = 0;
125
126 /* Any per_cpu(xen_vcpu) is stale, so reset it */
127 xen_vcpu_info_reset(cpu);
128
129 /*
130 * For PVH and PVHVM, setup online VCPUs only. The rest will
131 * be handled by hotplug.
132 */
133 if (xen_pv_domain() ||
134 (xen_hvm_domain() && cpu_online(cpu))) {
135 rc = xen_vcpu_setup(cpu);
136 }
137
138 return rc;
139 }
140
141 /*
142 * On restore, set the vcpu placement up again.
143 * If it fails, then we're in a bad state, since
144 * we can't back out from using it...
145 */
xen_vcpu_restore(void)146 void xen_vcpu_restore(void)
147 {
148 int cpu, rc;
149
150 for_each_possible_cpu(cpu) {
151 bool other_cpu = (cpu != smp_processor_id());
152 bool is_up;
153
154 if (xen_vcpu_nr(cpu) == XEN_VCPU_ID_INVALID)
155 continue;
156
157 /* Only Xen 4.5 and higher support this. */
158 is_up = HYPERVISOR_vcpu_op(VCPUOP_is_up,
159 xen_vcpu_nr(cpu), NULL) > 0;
160
161 if (other_cpu && is_up &&
162 HYPERVISOR_vcpu_op(VCPUOP_down, xen_vcpu_nr(cpu), NULL))
163 BUG();
164
165 if (xen_pv_domain() || xen_feature(XENFEAT_hvm_safe_pvclock))
166 xen_setup_runstate_info(cpu);
167
168 rc = xen_vcpu_setup_restore(cpu);
169 if (rc)
170 pr_emerg_once("vcpu restore failed for cpu=%d err=%d. "
171 "System will hang.\n", cpu, rc);
172 /*
173 * In case xen_vcpu_setup_restore() fails, do not bring up the
174 * VCPU. This helps us avoid the resulting OOPS when the VCPU
175 * accesses pvclock_vcpu_time via xen_vcpu (which is NULL.)
176 * Note that this does not improve the situation much -- now the
177 * VM hangs instead of OOPSing -- with the VCPUs that did not
178 * fail, spinning in stop_machine(), waiting for the failed
179 * VCPUs to come up.
180 */
181 if (other_cpu && is_up && (rc == 0) &&
182 HYPERVISOR_vcpu_op(VCPUOP_up, xen_vcpu_nr(cpu), NULL))
183 BUG();
184 }
185 }
186
xen_vcpu_info_reset(int cpu)187 void xen_vcpu_info_reset(int cpu)
188 {
189 if (xen_vcpu_nr(cpu) < MAX_VIRT_CPUS) {
190 per_cpu(xen_vcpu, cpu) =
191 &HYPERVISOR_shared_info->vcpu_info[xen_vcpu_nr(cpu)];
192 } else {
193 /* Set to NULL so that if somebody accesses it we get an OOPS */
194 per_cpu(xen_vcpu, cpu) = NULL;
195 }
196 }
197
xen_vcpu_setup(int cpu)198 int xen_vcpu_setup(int cpu)
199 {
200 struct vcpu_register_vcpu_info info;
201 int err;
202 struct vcpu_info *vcpup;
203
204 BUG_ON(HYPERVISOR_shared_info == &xen_dummy_shared_info);
205
206 /*
207 * This path is called on PVHVM at bootup (xen_hvm_smp_prepare_boot_cpu)
208 * and at restore (xen_vcpu_restore). Also called for hotplugged
209 * VCPUs (cpu_init -> xen_hvm_cpu_prepare_hvm).
210 * However, the hypercall can only be done once (see below) so if a VCPU
211 * is offlined and comes back online then let's not redo the hypercall.
212 *
213 * For PV it is called during restore (xen_vcpu_restore) and bootup
214 * (xen_setup_vcpu_info_placement). The hotplug mechanism does not
215 * use this function.
216 */
217 if (xen_hvm_domain()) {
218 if (per_cpu(xen_vcpu, cpu) == &per_cpu(xen_vcpu_info, cpu))
219 return 0;
220 }
221
222 if (xen_have_vcpu_info_placement) {
223 vcpup = &per_cpu(xen_vcpu_info, cpu);
224 info.mfn = arbitrary_virt_to_mfn(vcpup);
225 info.offset = offset_in_page(vcpup);
226
227 /*
228 * Check to see if the hypervisor will put the vcpu_info
229 * structure where we want it, which allows direct access via
230 * a percpu-variable.
231 * N.B. This hypercall can _only_ be called once per CPU.
232 * Subsequent calls will error out with -EINVAL. This is due to
233 * the fact that hypervisor has no unregister variant and this
234 * hypercall does not allow to over-write info.mfn and
235 * info.offset.
236 */
237 err = HYPERVISOR_vcpu_op(VCPUOP_register_vcpu_info,
238 xen_vcpu_nr(cpu), &info);
239
240 if (err) {
241 pr_warn_once("register_vcpu_info failed: cpu=%d err=%d\n",
242 cpu, err);
243 xen_have_vcpu_info_placement = 0;
244 } else {
245 /*
246 * This cpu is using the registered vcpu info, even if
247 * later ones fail to.
248 */
249 per_cpu(xen_vcpu, cpu) = vcpup;
250 }
251 }
252
253 if (!xen_have_vcpu_info_placement)
254 xen_vcpu_info_reset(cpu);
255
256 return ((per_cpu(xen_vcpu, cpu) == NULL) ? -ENODEV : 0);
257 }
258
xen_reboot(int reason)259 void xen_reboot(int reason)
260 {
261 struct sched_shutdown r = { .reason = reason };
262 int cpu;
263
264 for_each_online_cpu(cpu)
265 xen_pmu_finish(cpu);
266
267 if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
268 BUG();
269 }
270
271 static int reboot_reason = SHUTDOWN_reboot;
272 static bool xen_legacy_crash;
xen_emergency_restart(void)273 void xen_emergency_restart(void)
274 {
275 xen_reboot(reboot_reason);
276 }
277
278 static int
xen_panic_event(struct notifier_block * this,unsigned long event,void * ptr)279 xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr)
280 {
281 if (!kexec_crash_loaded()) {
282 if (xen_legacy_crash)
283 xen_reboot(SHUTDOWN_crash);
284
285 reboot_reason = SHUTDOWN_crash;
286
287 /*
288 * If panic_timeout==0 then we are supposed to wait forever.
289 * However, to preserve original dom0 behavior we have to drop
290 * into hypervisor. (domU behavior is controlled by its
291 * config file)
292 */
293 if (panic_timeout == 0)
294 panic_timeout = -1;
295 }
296 return NOTIFY_DONE;
297 }
298
parse_xen_legacy_crash(char * arg)299 static int __init parse_xen_legacy_crash(char *arg)
300 {
301 xen_legacy_crash = true;
302 return 0;
303 }
304 early_param("xen_legacy_crash", parse_xen_legacy_crash);
305
306 static struct notifier_block xen_panic_block = {
307 .notifier_call = xen_panic_event,
308 .priority = INT_MIN
309 };
310
xen_panic_handler_init(void)311 int xen_panic_handler_init(void)
312 {
313 atomic_notifier_chain_register(&panic_notifier_list, &xen_panic_block);
314 return 0;
315 }
316
xen_pin_vcpu(int cpu)317 void xen_pin_vcpu(int cpu)
318 {
319 static bool disable_pinning;
320 struct sched_pin_override pin_override;
321 int ret;
322
323 if (disable_pinning)
324 return;
325
326 pin_override.pcpu = cpu;
327 ret = HYPERVISOR_sched_op(SCHEDOP_pin_override, &pin_override);
328
329 /* Ignore errors when removing override. */
330 if (cpu < 0)
331 return;
332
333 switch (ret) {
334 case -ENOSYS:
335 pr_warn("Unable to pin on physical cpu %d. In case of problems consider vcpu pinning.\n",
336 cpu);
337 disable_pinning = true;
338 break;
339 case -EPERM:
340 WARN(1, "Trying to pin vcpu without having privilege to do so\n");
341 disable_pinning = true;
342 break;
343 case -EINVAL:
344 case -EBUSY:
345 pr_warn("Physical cpu %d not available for pinning. Check Xen cpu configuration.\n",
346 cpu);
347 break;
348 case 0:
349 break;
350 default:
351 WARN(1, "rc %d while trying to pin vcpu\n", ret);
352 disable_pinning = true;
353 }
354 }
355
356 #ifdef CONFIG_HOTPLUG_CPU
xen_arch_register_cpu(int num)357 void xen_arch_register_cpu(int num)
358 {
359 arch_register_cpu(num);
360 }
361 EXPORT_SYMBOL(xen_arch_register_cpu);
362
xen_arch_unregister_cpu(int num)363 void xen_arch_unregister_cpu(int num)
364 {
365 arch_unregister_cpu(num);
366 }
367 EXPORT_SYMBOL(xen_arch_unregister_cpu);
368 #endif
369