1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2020 - Google Inc
4 * Author: Andrew Scull <ascull@google.com>
5 */
6
7 #include <kvm/arm_hypercalls.h>
8
9 #include <hyp/adjust_pc.h>
10
11 #include <asm/pgtable-types.h>
12 #include <asm/kvm_asm.h>
13 #include <asm/kvm_emulate.h>
14 #include <asm/kvm_host.h>
15 #include <asm/kvm_hyp.h>
16 #include <asm/kvm_mmu.h>
17
18 #include <nvhe/ffa.h>
19 #include <nvhe/iommu.h>
20 #include <nvhe/mem_protect.h>
21 #include <nvhe/mm.h>
22 #include <nvhe/pkvm.h>
23 #include <nvhe/trap_handler.h>
24
25 #include <linux/irqchip/arm-gic-v3.h>
26 #include <uapi/linux/psci.h>
27
28 #include "../../sys_regs.h"
29
30 struct pkvm_loaded_state {
31 /* loaded vcpu is HYP VA */
32 struct kvm_vcpu *vcpu;
33 bool is_protected;
34
35 /*
36 * Host FPSIMD state. Written to when the guest accesses its
37 * own FPSIMD state, and read when the guest state is live and
38 * that it needs to be switched back to the host.
39 *
40 * Only valid when the KVM_ARM64_FP_ENABLED flag is set in the
41 * shadow structure.
42 */
43 struct user_fpsimd_state host_fpsimd_state;
44 };
45
46 static DEFINE_PER_CPU(struct pkvm_loaded_state, loaded_state);
47
48 DEFINE_PER_CPU(struct kvm_nvhe_init_params, kvm_init_params);
49
50 void __kvm_hyp_host_forward_smc(struct kvm_cpu_context *host_ctxt);
51
52 typedef void (*shadow_entry_exit_handler_fn)(struct kvm_vcpu *, struct kvm_vcpu *);
53
handle_pvm_entry_wfx(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)54 static void handle_pvm_entry_wfx(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
55 {
56 shadow_vcpu->arch.flags |= host_vcpu->arch.flags & KVM_ARM64_INCREMENT_PC;
57 }
58
pkvm_refill_memcache(struct kvm_vcpu * shadow_vcpu,struct kvm_vcpu * host_vcpu)59 static int pkvm_refill_memcache(struct kvm_vcpu *shadow_vcpu,
60 struct kvm_vcpu *host_vcpu)
61 {
62 u64 nr_pages;
63
64 nr_pages = VTCR_EL2_LVLS(shadow_vcpu->arch.pkvm.shadow_vm->arch.vtcr) - 1;
65 return refill_memcache(&shadow_vcpu->arch.pkvm_memcache, nr_pages,
66 &host_vcpu->arch.pkvm_memcache);
67 }
68
handle_pvm_entry_psci(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)69 static void handle_pvm_entry_psci(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
70 {
71 u32 psci_fn = smccc_get_function(shadow_vcpu);
72 u64 ret = vcpu_get_reg(host_vcpu, 0);
73
74 switch (psci_fn) {
75 case PSCI_0_2_FN_CPU_ON:
76 case PSCI_0_2_FN64_CPU_ON:
77 /*
78 * Check whether the cpu_on request to the host was successful.
79 * If not, reset the vcpu state from ON_PENDING to OFF.
80 * This could happen if this vcpu attempted to turn on the other
81 * vcpu while the other one is in the process of turning itself
82 * off.
83 */
84 if (ret != PSCI_RET_SUCCESS) {
85 struct kvm_shadow_vm *vm = shadow_vcpu->arch.pkvm.shadow_vm;
86 unsigned long cpu_id = smccc_get_arg1(shadow_vcpu);
87 struct kvm_vcpu *vcpu = pvm_mpidr_to_vcpu(vm, cpu_id);
88
89 if (vcpu && READ_ONCE(vcpu->arch.pkvm.power_state) == PSCI_0_2_AFFINITY_LEVEL_ON_PENDING)
90 WRITE_ONCE(vcpu->arch.pkvm.power_state, PSCI_0_2_AFFINITY_LEVEL_OFF);
91
92 ret = PSCI_RET_INTERNAL_FAILURE;
93 }
94 break;
95 default:
96 break;
97 }
98
99 vcpu_set_reg(shadow_vcpu, 0, ret);
100 }
101
handle_pvm_entry_hvc64(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)102 static void handle_pvm_entry_hvc64(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
103 {
104 u32 fn = smccc_get_function(shadow_vcpu);
105
106 switch (fn) {
107 case ARM_SMCCC_VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID:
108 pkvm_refill_memcache(shadow_vcpu, host_vcpu);
109 break;
110 case ARM_SMCCC_VENDOR_HYP_KVM_MEM_SHARE_FUNC_ID:
111 fallthrough;
112 case ARM_SMCCC_VENDOR_HYP_KVM_MEM_UNSHARE_FUNC_ID:
113 vcpu_set_reg(shadow_vcpu, 0, SMCCC_RET_SUCCESS);
114 break;
115 default:
116 handle_pvm_entry_psci(host_vcpu, shadow_vcpu);
117 break;
118 }
119 }
120
handle_pvm_entry_sys64(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)121 static void handle_pvm_entry_sys64(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
122 {
123 unsigned long host_flags;
124
125 host_flags = READ_ONCE(host_vcpu->arch.flags);
126
127 /* Exceptions have priority on anything else */
128 if (host_flags & KVM_ARM64_PENDING_EXCEPTION) {
129 /* Exceptions caused by this should be undef exceptions. */
130 u32 esr = (ESR_ELx_EC_UNKNOWN << ESR_ELx_EC_SHIFT);
131
132 __vcpu_sys_reg(shadow_vcpu, ESR_EL1) = esr;
133 shadow_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION |
134 KVM_ARM64_EXCEPT_MASK);
135 shadow_vcpu->arch.flags |= (KVM_ARM64_PENDING_EXCEPTION |
136 KVM_ARM64_EXCEPT_AA64_ELx_SYNC |
137 KVM_ARM64_EXCEPT_AA64_EL1);
138
139 return;
140 }
141
142
143 if (host_flags & KVM_ARM64_INCREMENT_PC) {
144 shadow_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION |
145 KVM_ARM64_EXCEPT_MASK);
146 shadow_vcpu->arch.flags |= KVM_ARM64_INCREMENT_PC;
147 }
148
149 if (!esr_sys64_to_params(shadow_vcpu->arch.fault.esr_el2).is_write) {
150 /* r0 as transfer register between the guest and the host. */
151 u64 rt_val = vcpu_get_reg(host_vcpu, 0);
152 int rt = kvm_vcpu_sys_get_rt(shadow_vcpu);
153
154 vcpu_set_reg(shadow_vcpu, rt, rt_val);
155 }
156 }
157
handle_pvm_entry_iabt(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)158 static void handle_pvm_entry_iabt(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
159 {
160 unsigned long cpsr = *vcpu_cpsr(shadow_vcpu);
161 unsigned long host_flags;
162 u32 esr = ESR_ELx_IL;
163
164 host_flags = READ_ONCE(host_vcpu->arch.flags);
165
166 if (!(host_flags & KVM_ARM64_PENDING_EXCEPTION))
167 return;
168
169 /*
170 * If the host wants to inject an exception, get syndrom and
171 * fault address.
172 */
173 if ((cpsr & PSR_MODE_MASK) == PSR_MODE_EL0t)
174 esr |= (ESR_ELx_EC_IABT_LOW << ESR_ELx_EC_SHIFT);
175 else
176 esr |= (ESR_ELx_EC_IABT_CUR << ESR_ELx_EC_SHIFT);
177
178 esr |= ESR_ELx_FSC_EXTABT;
179
180 __vcpu_sys_reg(shadow_vcpu, ESR_EL1) = esr;
181 __vcpu_sys_reg(shadow_vcpu, FAR_EL1) = kvm_vcpu_get_hfar(shadow_vcpu);
182
183 /* Tell the run loop that we want to inject something */
184 shadow_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION |
185 KVM_ARM64_EXCEPT_MASK);
186 shadow_vcpu->arch.flags |= (KVM_ARM64_PENDING_EXCEPTION |
187 KVM_ARM64_EXCEPT_AA64_ELx_SYNC |
188 KVM_ARM64_EXCEPT_AA64_EL1);
189 }
190
handle_pvm_entry_dabt(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)191 static void handle_pvm_entry_dabt(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
192 {
193 unsigned long host_flags;
194 bool rd_update;
195
196 host_flags = READ_ONCE(host_vcpu->arch.flags);
197
198 /* Exceptions have priority over anything else */
199 if (host_flags & KVM_ARM64_PENDING_EXCEPTION) {
200 unsigned long cpsr = *vcpu_cpsr(shadow_vcpu);
201 u32 esr = ESR_ELx_IL;
202
203 if ((cpsr & PSR_MODE_MASK) == PSR_MODE_EL0t)
204 esr |= (ESR_ELx_EC_DABT_LOW << ESR_ELx_EC_SHIFT);
205 else
206 esr |= (ESR_ELx_EC_DABT_CUR << ESR_ELx_EC_SHIFT);
207
208 esr |= ESR_ELx_FSC_EXTABT;
209
210 __vcpu_sys_reg(shadow_vcpu, ESR_EL1) = esr;
211 __vcpu_sys_reg(shadow_vcpu, FAR_EL1) = kvm_vcpu_get_hfar(shadow_vcpu);
212 /* Tell the run loop that we want to inject something */
213 shadow_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION |
214 KVM_ARM64_EXCEPT_MASK);
215 shadow_vcpu->arch.flags |= (KVM_ARM64_PENDING_EXCEPTION |
216 KVM_ARM64_EXCEPT_AA64_ELx_SYNC |
217 KVM_ARM64_EXCEPT_AA64_EL1);
218
219 /* Cancel potential in-flight MMIO */
220 shadow_vcpu->mmio_needed = false;
221 return;
222 }
223
224 /* Handle PC increment on MMIO */
225 if ((host_flags & KVM_ARM64_INCREMENT_PC) && shadow_vcpu->mmio_needed) {
226 shadow_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION |
227 KVM_ARM64_EXCEPT_MASK);
228 shadow_vcpu->arch.flags |= KVM_ARM64_INCREMENT_PC;
229 }
230
231 /* If we were doing an MMIO read access, update the register*/
232 rd_update = (shadow_vcpu->mmio_needed &&
233 (host_flags & KVM_ARM64_INCREMENT_PC));
234 rd_update &= !kvm_vcpu_dabt_iswrite(shadow_vcpu);
235
236 if (rd_update) {
237 /* r0 as transfer register between the guest and the host. */
238 u64 rd_val = vcpu_get_reg(host_vcpu, 0);
239 int rd = kvm_vcpu_dabt_get_rd(shadow_vcpu);
240
241 vcpu_set_reg(shadow_vcpu, rd, rd_val);
242 }
243
244 shadow_vcpu->mmio_needed = false;
245 }
246
handle_pvm_exit_wfx(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)247 static void handle_pvm_exit_wfx(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
248 {
249 host_vcpu->arch.ctxt.regs.pstate = shadow_vcpu->arch.ctxt.regs.pstate &
250 PSR_MODE_MASK;
251 host_vcpu->arch.fault.esr_el2 = shadow_vcpu->arch.fault.esr_el2;
252 }
253
handle_pvm_exit_sys64(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)254 static void handle_pvm_exit_sys64(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
255 {
256 u32 esr_el2 = shadow_vcpu->arch.fault.esr_el2;
257
258 /* r0 as transfer register between the guest and the host. */
259 WRITE_ONCE(host_vcpu->arch.fault.esr_el2,
260 esr_el2 & ~ESR_ELx_SYS64_ISS_RT_MASK);
261
262 /* The mode is required for the host to emulate some sysregs */
263 WRITE_ONCE(host_vcpu->arch.ctxt.regs.pstate,
264 shadow_vcpu->arch.ctxt.regs.pstate & PSR_MODE_MASK);
265
266 if (esr_sys64_to_params(esr_el2).is_write) {
267 int rt = kvm_vcpu_sys_get_rt(shadow_vcpu);
268 u64 rt_val = vcpu_get_reg(shadow_vcpu, rt);
269
270 vcpu_set_reg(host_vcpu, 0, rt_val);
271 }
272 }
273
handle_pvm_exit_hvc64(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)274 static void handle_pvm_exit_hvc64(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
275 {
276 int n, i;
277
278 switch (smccc_get_function(shadow_vcpu)) {
279 /*
280 * CPU_ON takes 3 arguments, however, to wake up the target vcpu the
281 * host only needs to know the target's cpu_id, which is passed as the
282 * first argument. The processing of the reset state is done at hyp.
283 */
284 case PSCI_0_2_FN_CPU_ON:
285 case PSCI_0_2_FN64_CPU_ON:
286 n = 2;
287 break;
288
289 case PSCI_0_2_FN_CPU_OFF:
290 case PSCI_0_2_FN_SYSTEM_OFF:
291 case PSCI_0_2_FN_SYSTEM_RESET:
292 case PSCI_0_2_FN_CPU_SUSPEND:
293 case PSCI_0_2_FN64_CPU_SUSPEND:
294 n = 1;
295 break;
296
297 case ARM_SMCCC_VENDOR_HYP_KVM_MEM_SHARE_FUNC_ID:
298 fallthrough;
299 case ARM_SMCCC_VENDOR_HYP_KVM_MEM_UNSHARE_FUNC_ID:
300 n = 4;
301 break;
302
303 case PSCI_1_1_FN_SYSTEM_RESET2:
304 case PSCI_1_1_FN64_SYSTEM_RESET2:
305 case ARM_SMCCC_VENDOR_HYP_KVM_MMIO_GUARD_MAP_FUNC_ID:
306 n = 3;
307 break;
308
309 /*
310 * The rest are either blocked or handled by HYP, so we should
311 * really never be here.
312 */
313 default:
314 BUG();
315 }
316
317 host_vcpu->arch.fault.esr_el2 = shadow_vcpu->arch.fault.esr_el2;
318
319 /* Pass the hvc function id (r0) as well as any potential arguments. */
320 for (i = 0; i < n; i++)
321 vcpu_set_reg(host_vcpu, i, vcpu_get_reg(shadow_vcpu, i));
322 }
323
handle_pvm_exit_iabt(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)324 static void handle_pvm_exit_iabt(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
325 {
326 WRITE_ONCE(host_vcpu->arch.fault.esr_el2,
327 shadow_vcpu->arch.fault.esr_el2);
328 WRITE_ONCE(host_vcpu->arch.fault.hpfar_el2,
329 shadow_vcpu->arch.fault.hpfar_el2);
330 }
331
handle_pvm_exit_dabt(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)332 static void handle_pvm_exit_dabt(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
333 {
334 shadow_vcpu->mmio_needed = __pkvm_check_ioguard_page(shadow_vcpu);
335
336 if (shadow_vcpu->mmio_needed) {
337 /* r0 as transfer register between the guest and the host. */
338 WRITE_ONCE(host_vcpu->arch.fault.esr_el2,
339 shadow_vcpu->arch.fault.esr_el2 & ~ESR_ELx_SRT_MASK);
340
341 if (kvm_vcpu_dabt_iswrite(shadow_vcpu)) {
342 int rt = kvm_vcpu_dabt_get_rd(shadow_vcpu);
343 u64 rt_val = vcpu_get_reg(shadow_vcpu, rt);
344
345 vcpu_set_reg(host_vcpu, 0, rt_val);
346 }
347 } else {
348 WRITE_ONCE(host_vcpu->arch.fault.esr_el2,
349 shadow_vcpu->arch.fault.esr_el2 & ~ESR_ELx_ISV);
350 }
351
352 WRITE_ONCE(host_vcpu->arch.ctxt.regs.pstate,
353 shadow_vcpu->arch.ctxt.regs.pstate & PSR_MODE_MASK);
354 WRITE_ONCE(host_vcpu->arch.fault.far_el2,
355 shadow_vcpu->arch.fault.far_el2 & FAR_MASK);
356 WRITE_ONCE(host_vcpu->arch.fault.hpfar_el2,
357 shadow_vcpu->arch.fault.hpfar_el2);
358 WRITE_ONCE(__vcpu_sys_reg(host_vcpu, SCTLR_EL1),
359 __vcpu_sys_reg(shadow_vcpu, SCTLR_EL1) & (SCTLR_ELx_EE | SCTLR_EL1_E0E));
360 }
361
handle_vm_entry_generic(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)362 static void handle_vm_entry_generic(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
363 {
364 unsigned long host_flags = READ_ONCE(host_vcpu->arch.flags);
365
366 shadow_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION |
367 KVM_ARM64_EXCEPT_MASK);
368
369 if (host_flags & KVM_ARM64_PENDING_EXCEPTION) {
370 shadow_vcpu->arch.flags |= KVM_ARM64_PENDING_EXCEPTION;
371 shadow_vcpu->arch.flags |= host_flags & KVM_ARM64_EXCEPT_MASK;
372 } else if (host_flags & KVM_ARM64_INCREMENT_PC) {
373 shadow_vcpu->arch.flags |= KVM_ARM64_INCREMENT_PC;
374 }
375 }
376
handle_vm_exit_generic(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)377 static void handle_vm_exit_generic(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
378 {
379 host_vcpu->arch.fault.esr_el2 = shadow_vcpu->arch.fault.esr_el2;
380 }
381
handle_vm_exit_abt(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)382 static void handle_vm_exit_abt(struct kvm_vcpu *host_vcpu, struct kvm_vcpu *shadow_vcpu)
383 {
384 host_vcpu->arch.fault = shadow_vcpu->arch.fault;
385 }
386
387 static const shadow_entry_exit_handler_fn entry_pvm_shadow_handlers[] = {
388 [0 ... ESR_ELx_EC_MAX] = NULL,
389 [ESR_ELx_EC_WFx] = handle_pvm_entry_wfx,
390 [ESR_ELx_EC_HVC64] = handle_pvm_entry_hvc64,
391 [ESR_ELx_EC_SYS64] = handle_pvm_entry_sys64,
392 [ESR_ELx_EC_IABT_LOW] = handle_pvm_entry_iabt,
393 [ESR_ELx_EC_DABT_LOW] = handle_pvm_entry_dabt,
394 };
395
396 static const shadow_entry_exit_handler_fn exit_pvm_shadow_handlers[] = {
397 [0 ... ESR_ELx_EC_MAX] = NULL,
398 [ESR_ELx_EC_WFx] = handle_pvm_exit_wfx,
399 [ESR_ELx_EC_HVC64] = handle_pvm_exit_hvc64,
400 [ESR_ELx_EC_SYS64] = handle_pvm_exit_sys64,
401 [ESR_ELx_EC_IABT_LOW] = handle_pvm_exit_iabt,
402 [ESR_ELx_EC_DABT_LOW] = handle_pvm_exit_dabt,
403 };
404
405 static const shadow_entry_exit_handler_fn entry_vm_shadow_handlers[] = {
406 [0 ... ESR_ELx_EC_MAX] = handle_vm_entry_generic,
407 };
408
409 static const shadow_entry_exit_handler_fn exit_vm_shadow_handlers[] = {
410 [0 ... ESR_ELx_EC_MAX] = handle_vm_exit_generic,
411 [ESR_ELx_EC_IABT_LOW] = handle_vm_exit_abt,
412 [ESR_ELx_EC_DABT_LOW] = handle_vm_exit_abt,
413 };
414
flush_vgic_state(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)415 static void flush_vgic_state(struct kvm_vcpu *host_vcpu,
416 struct kvm_vcpu *shadow_vcpu)
417 {
418 struct vgic_v3_cpu_if *host_cpu_if, *shadow_cpu_if;
419 unsigned int used_lrs, max_lrs, i;
420
421 host_cpu_if = &host_vcpu->arch.vgic_cpu.vgic_v3;
422 shadow_cpu_if = &shadow_vcpu->arch.vgic_cpu.vgic_v3;
423
424 max_lrs = (read_gicreg(ICH_VTR_EL2) & 0xf) + 1;
425 used_lrs = READ_ONCE(host_cpu_if->used_lrs);
426 used_lrs = min(used_lrs, max_lrs);
427
428 shadow_cpu_if->vgic_hcr = host_cpu_if->vgic_hcr;
429 /* Should be a one-off */
430 shadow_cpu_if->vgic_sre = (ICC_SRE_EL1_DIB |
431 ICC_SRE_EL1_DFB |
432 ICC_SRE_EL1_SRE);
433 shadow_cpu_if->used_lrs = used_lrs;
434
435 for (i = 0; i < used_lrs; i++)
436 shadow_cpu_if->vgic_lr[i] = host_cpu_if->vgic_lr[i];
437 }
438
sync_vgic_state(struct kvm_vcpu * host_vcpu,struct kvm_vcpu * shadow_vcpu)439 static void sync_vgic_state(struct kvm_vcpu *host_vcpu,
440 struct kvm_vcpu *shadow_vcpu)
441 {
442 struct vgic_v3_cpu_if *host_cpu_if, *shadow_cpu_if;
443 unsigned int i;
444
445 host_cpu_if = &host_vcpu->arch.vgic_cpu.vgic_v3;
446 shadow_cpu_if = &shadow_vcpu->arch.vgic_cpu.vgic_v3;
447
448 host_cpu_if->vgic_hcr = shadow_cpu_if->vgic_hcr;
449
450 for (i = 0; i < shadow_cpu_if->used_lrs; i++)
451 host_cpu_if->vgic_lr[i] = shadow_cpu_if->vgic_lr[i];
452 }
453
flush_timer_state(struct pkvm_loaded_state * state)454 static void flush_timer_state(struct pkvm_loaded_state *state)
455 {
456 struct kvm_vcpu *shadow_vcpu = state->vcpu;
457
458 if (!state->is_protected)
459 return;
460
461 /*
462 * A shadow vcpu has no offset, and sees vtime == ptime. The
463 * ptimer is fully emulated by EL1 and cannot be trusted.
464 */
465 write_sysreg(0, cntvoff_el2);
466 isb();
467 write_sysreg_el0(__vcpu_sys_reg(shadow_vcpu, CNTV_CVAL_EL0), SYS_CNTV_CVAL);
468 write_sysreg_el0(__vcpu_sys_reg(shadow_vcpu, CNTV_CTL_EL0), SYS_CNTV_CTL);
469 }
470
sync_timer_state(struct pkvm_loaded_state * state)471 static void sync_timer_state(struct pkvm_loaded_state *state)
472 {
473 struct kvm_vcpu *shadow_vcpu = state->vcpu;
474
475 if (!state->is_protected)
476 return;
477
478 /*
479 * Preserve the vtimer state so that it is always correct,
480 * even if the host tries to make a mess.
481 */
482 __vcpu_sys_reg(shadow_vcpu, CNTV_CVAL_EL0) = read_sysreg_el0(SYS_CNTV_CVAL);
483 __vcpu_sys_reg(shadow_vcpu, CNTV_CTL_EL0) = read_sysreg_el0(SYS_CNTV_CTL);
484 }
485
__copy_vcpu_state(const struct kvm_vcpu * from_vcpu,struct kvm_vcpu * to_vcpu)486 static void __copy_vcpu_state(const struct kvm_vcpu *from_vcpu,
487 struct kvm_vcpu *to_vcpu)
488 {
489 int i;
490
491 to_vcpu->arch.ctxt.regs = from_vcpu->arch.ctxt.regs;
492 to_vcpu->arch.ctxt.spsr_abt = from_vcpu->arch.ctxt.spsr_abt;
493 to_vcpu->arch.ctxt.spsr_und = from_vcpu->arch.ctxt.spsr_und;
494 to_vcpu->arch.ctxt.spsr_irq = from_vcpu->arch.ctxt.spsr_irq;
495 to_vcpu->arch.ctxt.spsr_fiq = from_vcpu->arch.ctxt.spsr_fiq;
496
497 /*
498 * Copy the sysregs, but don't mess with the timer state which
499 * is directly handled by EL1 and is expected to be preserved.
500 */
501 for (i = 1; i < NR_SYS_REGS; i++) {
502 if (i >= CNTVOFF_EL2 && i <= CNTP_CTL_EL0)
503 continue;
504 to_vcpu->arch.ctxt.sys_regs[i] = from_vcpu->arch.ctxt.sys_regs[i];
505 }
506 }
507
__sync_vcpu_state(struct kvm_vcpu * shadow_vcpu)508 static void __sync_vcpu_state(struct kvm_vcpu *shadow_vcpu)
509 {
510 struct kvm_vcpu *host_vcpu = shadow_vcpu->arch.pkvm.host_vcpu;
511
512 __copy_vcpu_state(shadow_vcpu, host_vcpu);
513 }
514
__flush_vcpu_state(struct kvm_vcpu * shadow_vcpu)515 static void __flush_vcpu_state(struct kvm_vcpu *shadow_vcpu)
516 {
517 struct kvm_vcpu *host_vcpu = shadow_vcpu->arch.pkvm.host_vcpu;
518
519 __copy_vcpu_state(host_vcpu, shadow_vcpu);
520 }
521
flush_shadow_state(struct pkvm_loaded_state * state)522 static void flush_shadow_state(struct pkvm_loaded_state *state)
523 {
524 struct kvm_vcpu *shadow_vcpu = state->vcpu;
525 struct kvm_vcpu *host_vcpu = shadow_vcpu->arch.pkvm.host_vcpu;
526 u8 esr_ec;
527 shadow_entry_exit_handler_fn ec_handler;
528
529 if (READ_ONCE(shadow_vcpu->arch.pkvm.power_state) == PSCI_0_2_AFFINITY_LEVEL_ON_PENDING)
530 pkvm_reset_vcpu(shadow_vcpu);
531
532 /*
533 * If we deal with a non-protected guest and that the state is
534 * dirty (from a host perspective), copy the state back into
535 * the shadow.
536 */
537 if (!state->is_protected) {
538 if (READ_ONCE(host_vcpu->arch.flags) & KVM_ARM64_PKVM_STATE_DIRTY)
539 __flush_vcpu_state(shadow_vcpu);
540
541 state->vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS & ~(HCR_RW | HCR_TWI | HCR_TWE);
542 state->vcpu->arch.hcr_el2 |= host_vcpu->arch.hcr_el2;
543 }
544
545 flush_vgic_state(host_vcpu, shadow_vcpu);
546 flush_timer_state(state);
547
548 switch (ARM_EXCEPTION_CODE(shadow_vcpu->arch.pkvm.exit_code)) {
549 case ARM_EXCEPTION_IRQ:
550 case ARM_EXCEPTION_EL1_SERROR:
551 case ARM_EXCEPTION_IL:
552 break;
553 case ARM_EXCEPTION_TRAP:
554 esr_ec = ESR_ELx_EC(kvm_vcpu_get_esr(shadow_vcpu));
555 if (state->is_protected)
556 ec_handler = entry_pvm_shadow_handlers[esr_ec];
557 else
558 ec_handler = entry_vm_shadow_handlers[esr_ec];
559
560 if (ec_handler)
561 ec_handler(host_vcpu, shadow_vcpu);
562
563 break;
564 default:
565 BUG();
566 }
567
568 shadow_vcpu->arch.pkvm.exit_code = 0;
569 }
570
sync_shadow_state(struct pkvm_loaded_state * state,u32 exit_reason)571 static void sync_shadow_state(struct pkvm_loaded_state *state, u32 exit_reason)
572 {
573 struct kvm_vcpu *shadow_vcpu = state->vcpu;
574 struct kvm_vcpu *host_vcpu = shadow_vcpu->arch.pkvm.host_vcpu;
575 u8 esr_ec;
576 shadow_entry_exit_handler_fn ec_handler;
577
578 /*
579 * Don't sync the vcpu GPR/sysreg state after a run. Instead,
580 * leave it in the shadow until someone actually requires it.
581 */
582 sync_vgic_state(host_vcpu, shadow_vcpu);
583 sync_timer_state(state);
584
585 switch (ARM_EXCEPTION_CODE(exit_reason)) {
586 case ARM_EXCEPTION_IRQ:
587 break;
588 case ARM_EXCEPTION_TRAP:
589 esr_ec = ESR_ELx_EC(kvm_vcpu_get_esr(shadow_vcpu));
590 if (state->is_protected)
591 ec_handler = exit_pvm_shadow_handlers[esr_ec];
592 else
593 ec_handler = exit_vm_shadow_handlers[esr_ec];
594
595 if (ec_handler)
596 ec_handler(host_vcpu, shadow_vcpu);
597
598 break;
599 case ARM_EXCEPTION_EL1_SERROR:
600 case ARM_EXCEPTION_IL:
601 break;
602 default:
603 BUG();
604 }
605
606 host_vcpu->arch.flags &= ~(KVM_ARM64_PENDING_EXCEPTION | KVM_ARM64_INCREMENT_PC);
607 shadow_vcpu->arch.pkvm.exit_code = exit_reason;
608 }
609
fpsimd_host_restore(void)610 static void fpsimd_host_restore(void)
611 {
612 sysreg_clear_set(cptr_el2, CPTR_EL2_TZ | CPTR_EL2_TFP, 0);
613 isb();
614
615 if (unlikely(is_protected_kvm_enabled())) {
616 struct pkvm_loaded_state *state = this_cpu_ptr(&loaded_state);
617
618 __fpsimd_save_state(&state->vcpu->arch.ctxt.fp_regs);
619 __fpsimd_restore_state(&state->host_fpsimd_state);
620
621 state->vcpu->arch.flags &= ~KVM_ARM64_FP_ENABLED;
622 state->vcpu->arch.flags |= KVM_ARM64_FP_HOST;
623 }
624
625 if (system_supports_sve())
626 sve_cond_update_zcr_vq(ZCR_ELx_LEN_MASK, SYS_ZCR_EL2);
627 }
628
handle___pkvm_vcpu_load(struct kvm_cpu_context * host_ctxt)629 static void handle___pkvm_vcpu_load(struct kvm_cpu_context *host_ctxt)
630 {
631 DECLARE_REG(int, shadow_handle, host_ctxt, 1);
632 DECLARE_REG(int, vcpu_idx, host_ctxt, 2);
633 DECLARE_REG(u64, hcr_el2, host_ctxt, 3);
634 struct pkvm_loaded_state *state;
635
636 /* Why did you bother? */
637 if (!is_protected_kvm_enabled())
638 return;
639
640 state = this_cpu_ptr(&loaded_state);
641
642 /* Nice try */
643 if (state->vcpu)
644 return;
645
646 state->vcpu = get_shadow_vcpu(shadow_handle, vcpu_idx);
647
648 if (!state->vcpu)
649 return;
650
651 state->is_protected = state->vcpu->arch.pkvm.shadow_vm->arch.pkvm.enabled;
652
653 state->vcpu->arch.host_fpsimd_state = &state->host_fpsimd_state;
654 state->vcpu->arch.flags |= KVM_ARM64_FP_HOST;
655
656 if (state->is_protected) {
657 /* Propagate WFx trapping flags, trap ptrauth */
658 state->vcpu->arch.hcr_el2 &= ~(HCR_TWE | HCR_TWI |
659 HCR_API | HCR_APK);
660 state->vcpu->arch.hcr_el2 |= hcr_el2 & (HCR_TWE | HCR_TWI);
661 }
662 }
663
handle___pkvm_vcpu_put(struct kvm_cpu_context * host_ctxt)664 static void handle___pkvm_vcpu_put(struct kvm_cpu_context *host_ctxt)
665 {
666 if (unlikely(is_protected_kvm_enabled())) {
667 struct pkvm_loaded_state *state = this_cpu_ptr(&loaded_state);
668
669 if (state->vcpu) {
670 struct kvm_vcpu *host_vcpu = state->vcpu->arch.pkvm.host_vcpu;
671
672 if (state->vcpu->arch.flags & KVM_ARM64_FP_ENABLED)
673 fpsimd_host_restore();
674
675 if (!state->is_protected &&
676 !(READ_ONCE(host_vcpu->arch.flags) & KVM_ARM64_PKVM_STATE_DIRTY))
677 __sync_vcpu_state(state->vcpu);
678
679 put_shadow_vcpu(state->vcpu);
680
681 /* "It's over and done with..." */
682 state->vcpu = NULL;
683 }
684 }
685 }
686
handle___pkvm_vcpu_sync_state(struct kvm_cpu_context * host_ctxt)687 static void handle___pkvm_vcpu_sync_state(struct kvm_cpu_context *host_ctxt)
688 {
689 if (unlikely(is_protected_kvm_enabled())) {
690 struct pkvm_loaded_state *state = this_cpu_ptr(&loaded_state);
691
692 if (!state->vcpu || state->is_protected)
693 return;
694
695 __sync_vcpu_state(state->vcpu);
696 }
697 }
698
__get_current_vcpu(struct kvm_vcpu * vcpu,struct pkvm_loaded_state ** state)699 static struct kvm_vcpu *__get_current_vcpu(struct kvm_vcpu *vcpu,
700 struct pkvm_loaded_state **state)
701 {
702 struct pkvm_loaded_state *sstate = NULL;
703
704 vcpu = kern_hyp_va(vcpu);
705
706 if (unlikely(is_protected_kvm_enabled())) {
707 sstate = this_cpu_ptr(&loaded_state);
708
709 if (!sstate || vcpu != sstate->vcpu->arch.pkvm.host_vcpu) {
710 sstate = NULL;
711 vcpu = NULL;
712 }
713 }
714
715 *state = sstate;
716 return vcpu;
717 }
718
719 #define get_current_vcpu(ctxt, regnr, statepp) \
720 ({ \
721 DECLARE_REG(struct kvm_vcpu *, __vcpu, ctxt, regnr); \
722 __get_current_vcpu(__vcpu, statepp); \
723 })
724
725 #define get_current_vcpu_from_cpu_if(ctxt, regnr, statepp) \
726 ({ \
727 DECLARE_REG(struct vgic_v3_cpu_if *, cif, ctxt, regnr); \
728 struct kvm_vcpu *__vcpu; \
729 __vcpu = container_of(cif, \
730 struct kvm_vcpu, \
731 arch.vgic_cpu.vgic_v3); \
732 \
733 __get_current_vcpu(__vcpu, statepp); \
734 })
735
handle___kvm_vcpu_run(struct kvm_cpu_context * host_ctxt)736 static void handle___kvm_vcpu_run(struct kvm_cpu_context *host_ctxt)
737 {
738 struct pkvm_loaded_state *shadow_state;
739 struct kvm_vcpu *vcpu;
740 int ret;
741
742 vcpu = get_current_vcpu(host_ctxt, 1, &shadow_state);
743 if (!vcpu) {
744 cpu_reg(host_ctxt, 1) = -EINVAL;
745 return;
746 }
747
748 if (unlikely(shadow_state)) {
749 flush_shadow_state(shadow_state);
750
751 ret = __kvm_vcpu_run(shadow_state->vcpu);
752
753 sync_shadow_state(shadow_state, ret);
754
755 if (shadow_state->vcpu->arch.flags & KVM_ARM64_FP_ENABLED) {
756 /*
757 * The guest has used the FP, trap all accesses
758 * from the host (both FP and SVE).
759 */
760 u64 reg = CPTR_EL2_TFP;
761 if (system_supports_sve())
762 reg |= CPTR_EL2_TZ;
763
764 sysreg_clear_set(cptr_el2, 0, reg);
765 }
766 } else {
767 ret = __kvm_vcpu_run(vcpu);
768 }
769
770 cpu_reg(host_ctxt, 1) = ret;
771 }
772
handle___pkvm_host_donate_guest(struct kvm_cpu_context * host_ctxt)773 static void handle___pkvm_host_donate_guest(struct kvm_cpu_context *host_ctxt)
774 {
775 DECLARE_REG(u64, pfn, host_ctxt, 1);
776 DECLARE_REG(u64, gfn, host_ctxt, 2);
777 struct kvm_vcpu *host_vcpu;
778 struct pkvm_loaded_state *state;
779 int ret = -EINVAL;
780
781 if (!is_protected_kvm_enabled())
782 goto out;
783
784 state = this_cpu_ptr(&loaded_state);
785 if (!state->vcpu)
786 goto out;
787
788 host_vcpu = state->vcpu->arch.pkvm.host_vcpu;
789
790 /* Topup shadow memcache with the host's */
791 ret = pkvm_refill_memcache(state->vcpu, host_vcpu);
792 if (!ret) {
793 if (state->is_protected)
794 ret = __pkvm_host_donate_guest(pfn, gfn, state->vcpu);
795 else
796 ret = __pkvm_host_share_guest(pfn, gfn, state->vcpu);
797 }
798 out:
799 cpu_reg(host_ctxt, 1) = ret;
800 }
801
handle___kvm_adjust_pc(struct kvm_cpu_context * host_ctxt)802 static void handle___kvm_adjust_pc(struct kvm_cpu_context *host_ctxt)
803 {
804 struct pkvm_loaded_state *shadow_state;
805 struct kvm_vcpu *vcpu;
806
807 vcpu = get_current_vcpu(host_ctxt, 1, &shadow_state);
808 if (!vcpu)
809 return;
810
811 if (shadow_state) {
812 /* This only applies to non-protected VMs */
813 if (shadow_state->is_protected)
814 return;
815
816 vcpu = shadow_state->vcpu;
817 }
818
819 __kvm_adjust_pc(vcpu);
820 }
821
handle___kvm_flush_vm_context(struct kvm_cpu_context * host_ctxt)822 static void handle___kvm_flush_vm_context(struct kvm_cpu_context *host_ctxt)
823 {
824 __kvm_flush_vm_context();
825 }
826
handle___kvm_tlb_flush_vmid_ipa(struct kvm_cpu_context * host_ctxt)827 static void handle___kvm_tlb_flush_vmid_ipa(struct kvm_cpu_context *host_ctxt)
828 {
829 DECLARE_REG(struct kvm_s2_mmu *, mmu, host_ctxt, 1);
830 DECLARE_REG(phys_addr_t, ipa, host_ctxt, 2);
831 DECLARE_REG(int, level, host_ctxt, 3);
832
833 __kvm_tlb_flush_vmid_ipa(kern_hyp_va(mmu), ipa, level);
834 }
835
handle___kvm_tlb_flush_vmid(struct kvm_cpu_context * host_ctxt)836 static void handle___kvm_tlb_flush_vmid(struct kvm_cpu_context *host_ctxt)
837 {
838 DECLARE_REG(struct kvm_s2_mmu *, mmu, host_ctxt, 1);
839
840 __kvm_tlb_flush_vmid(kern_hyp_va(mmu));
841 }
842
handle___kvm_flush_cpu_context(struct kvm_cpu_context * host_ctxt)843 static void handle___kvm_flush_cpu_context(struct kvm_cpu_context *host_ctxt)
844 {
845 DECLARE_REG(struct kvm_s2_mmu *, mmu, host_ctxt, 1);
846
847 __kvm_flush_cpu_context(kern_hyp_va(mmu));
848 }
849
handle___kvm_timer_set_cntvoff(struct kvm_cpu_context * host_ctxt)850 static void handle___kvm_timer_set_cntvoff(struct kvm_cpu_context *host_ctxt)
851 {
852 __kvm_timer_set_cntvoff(cpu_reg(host_ctxt, 1));
853 }
854
handle___kvm_enable_ssbs(struct kvm_cpu_context * host_ctxt)855 static void handle___kvm_enable_ssbs(struct kvm_cpu_context *host_ctxt)
856 {
857 u64 tmp;
858
859 tmp = read_sysreg_el2(SYS_SCTLR);
860 tmp |= SCTLR_ELx_DSSBS;
861 write_sysreg_el2(tmp, SYS_SCTLR);
862 }
863
handle___vgic_v3_get_gic_config(struct kvm_cpu_context * host_ctxt)864 static void handle___vgic_v3_get_gic_config(struct kvm_cpu_context *host_ctxt)
865 {
866 cpu_reg(host_ctxt, 1) = __vgic_v3_get_gic_config();
867 }
868
handle___vgic_v3_init_lrs(struct kvm_cpu_context * host_ctxt)869 static void handle___vgic_v3_init_lrs(struct kvm_cpu_context *host_ctxt)
870 {
871 __vgic_v3_init_lrs();
872 }
873
handle___kvm_get_mdcr_el2(struct kvm_cpu_context * host_ctxt)874 static void handle___kvm_get_mdcr_el2(struct kvm_cpu_context *host_ctxt)
875 {
876 cpu_reg(host_ctxt, 1) = __kvm_get_mdcr_el2();
877 }
878
handle___vgic_v3_save_vmcr_aprs(struct kvm_cpu_context * host_ctxt)879 static void handle___vgic_v3_save_vmcr_aprs(struct kvm_cpu_context *host_ctxt)
880 {
881 struct pkvm_loaded_state *shadow_state;
882 struct kvm_vcpu *vcpu;
883
884 vcpu = get_current_vcpu_from_cpu_if(host_ctxt, 1, &shadow_state);
885 if (!vcpu)
886 return;
887
888 if (shadow_state) {
889 struct vgic_v3_cpu_if *shadow_cpu_if, *cpu_if;
890 int i;
891
892 shadow_cpu_if = &shadow_state->vcpu->arch.vgic_cpu.vgic_v3;
893 __vgic_v3_save_vmcr_aprs(shadow_cpu_if);
894
895 cpu_if = &vcpu->arch.vgic_cpu.vgic_v3;
896
897 cpu_if->vgic_vmcr = shadow_cpu_if->vgic_vmcr;
898 for (i = 0; i < ARRAY_SIZE(cpu_if->vgic_ap0r); i++) {
899 cpu_if->vgic_ap0r[i] = shadow_cpu_if->vgic_ap0r[i];
900 cpu_if->vgic_ap1r[i] = shadow_cpu_if->vgic_ap1r[i];
901 }
902 } else {
903 __vgic_v3_save_vmcr_aprs(&vcpu->arch.vgic_cpu.vgic_v3);
904 }
905 }
906
handle___vgic_v3_restore_vmcr_aprs(struct kvm_cpu_context * host_ctxt)907 static void handle___vgic_v3_restore_vmcr_aprs(struct kvm_cpu_context *host_ctxt)
908 {
909 struct pkvm_loaded_state *shadow_state;
910 struct kvm_vcpu *vcpu;
911
912 vcpu = get_current_vcpu_from_cpu_if(host_ctxt, 1, &shadow_state);
913 if (!vcpu)
914 return;
915
916 if (shadow_state) {
917 struct vgic_v3_cpu_if *shadow_cpu_if, *cpu_if;
918 int i;
919
920 shadow_cpu_if = &shadow_state->vcpu->arch.vgic_cpu.vgic_v3;
921 cpu_if = &vcpu->arch.vgic_cpu.vgic_v3;
922
923 shadow_cpu_if->vgic_vmcr = cpu_if->vgic_vmcr;
924 /* Should be a one-off */
925 shadow_cpu_if->vgic_sre = (ICC_SRE_EL1_DIB |
926 ICC_SRE_EL1_DFB |
927 ICC_SRE_EL1_SRE);
928 for (i = 0; i < ARRAY_SIZE(cpu_if->vgic_ap0r); i++) {
929 shadow_cpu_if->vgic_ap0r[i] = cpu_if->vgic_ap0r[i];
930 shadow_cpu_if->vgic_ap1r[i] = cpu_if->vgic_ap1r[i];
931 }
932
933 __vgic_v3_restore_vmcr_aprs(shadow_cpu_if);
934 } else {
935 __vgic_v3_restore_vmcr_aprs(&vcpu->arch.vgic_cpu.vgic_v3);
936 }
937 }
938
handle___pkvm_init(struct kvm_cpu_context * host_ctxt)939 static void handle___pkvm_init(struct kvm_cpu_context *host_ctxt)
940 {
941 DECLARE_REG(phys_addr_t, phys, host_ctxt, 1);
942 DECLARE_REG(unsigned long, size, host_ctxt, 2);
943 DECLARE_REG(unsigned long, nr_cpus, host_ctxt, 3);
944 DECLARE_REG(unsigned long *, per_cpu_base, host_ctxt, 4);
945 DECLARE_REG(u32, hyp_va_bits, host_ctxt, 5);
946
947 /*
948 * __pkvm_init() will return only if an error occurred, otherwise it
949 * will tail-call in __pkvm_init_finalise() which will have to deal
950 * with the host context directly.
951 */
952 cpu_reg(host_ctxt, 1) = __pkvm_init(phys, size, nr_cpus, per_cpu_base,
953 hyp_va_bits);
954 }
955
handle___pkvm_cpu_set_vector(struct kvm_cpu_context * host_ctxt)956 static void handle___pkvm_cpu_set_vector(struct kvm_cpu_context *host_ctxt)
957 {
958 DECLARE_REG(enum arm64_hyp_spectre_vector, slot, host_ctxt, 1);
959
960 cpu_reg(host_ctxt, 1) = pkvm_cpu_set_vector(slot);
961 }
962
handle___pkvm_host_share_hyp(struct kvm_cpu_context * host_ctxt)963 static void handle___pkvm_host_share_hyp(struct kvm_cpu_context *host_ctxt)
964 {
965 DECLARE_REG(u64, pfn, host_ctxt, 1);
966
967 cpu_reg(host_ctxt, 1) = __pkvm_host_share_hyp(pfn);
968 }
969
handle___pkvm_host_unshare_hyp(struct kvm_cpu_context * host_ctxt)970 static void handle___pkvm_host_unshare_hyp(struct kvm_cpu_context *host_ctxt)
971 {
972 DECLARE_REG(u64, pfn, host_ctxt, 1);
973
974 cpu_reg(host_ctxt, 1) = __pkvm_host_unshare_hyp(pfn);
975 }
976
handle___pkvm_host_reclaim_page(struct kvm_cpu_context * host_ctxt)977 static void handle___pkvm_host_reclaim_page(struct kvm_cpu_context *host_ctxt)
978 {
979 DECLARE_REG(u64, pfn, host_ctxt, 1);
980
981 cpu_reg(host_ctxt, 1) = __pkvm_host_reclaim_page(pfn);
982 }
983
handle___pkvm_create_private_mapping(struct kvm_cpu_context * host_ctxt)984 static void handle___pkvm_create_private_mapping(struct kvm_cpu_context *host_ctxt)
985 {
986 DECLARE_REG(phys_addr_t, phys, host_ctxt, 1);
987 DECLARE_REG(size_t, size, host_ctxt, 2);
988 DECLARE_REG(enum kvm_pgtable_prot, prot, host_ctxt, 3);
989
990 cpu_reg(host_ctxt, 1) = __pkvm_create_private_mapping(phys, size, prot);
991 }
992
handle___pkvm_prot_finalize(struct kvm_cpu_context * host_ctxt)993 static void handle___pkvm_prot_finalize(struct kvm_cpu_context *host_ctxt)
994 {
995 cpu_reg(host_ctxt, 1) = __pkvm_prot_finalize();
996 }
997
handle___pkvm_init_shadow(struct kvm_cpu_context * host_ctxt)998 static void handle___pkvm_init_shadow(struct kvm_cpu_context *host_ctxt)
999 {
1000 DECLARE_REG(struct kvm *, host_kvm, host_ctxt, 1);
1001 DECLARE_REG(void *, host_shadow_va, host_ctxt, 2);
1002 DECLARE_REG(size_t, shadow_size, host_ctxt, 3);
1003 DECLARE_REG(void *, pgd, host_ctxt, 4);
1004
1005 cpu_reg(host_ctxt, 1) = __pkvm_init_shadow(host_kvm, host_shadow_va,
1006 shadow_size, pgd);
1007 }
1008
handle___pkvm_init_shadow_vcpu(struct kvm_cpu_context * host_ctxt)1009 static void handle___pkvm_init_shadow_vcpu(struct kvm_cpu_context *host_ctxt)
1010 {
1011 DECLARE_REG(unsigned int, shadow_handle, host_ctxt, 1);
1012 DECLARE_REG(struct kvm_vcpu *, host_vcpu, host_ctxt, 2);
1013 DECLARE_REG(void *, shadow_vcpu_hva, host_ctxt, 3);
1014
1015 cpu_reg(host_ctxt, 1) = __pkvm_init_shadow_vcpu(shadow_handle,
1016 host_vcpu,
1017 shadow_vcpu_hva);
1018 }
1019
handle___pkvm_teardown_shadow(struct kvm_cpu_context * host_ctxt)1020 static void handle___pkvm_teardown_shadow(struct kvm_cpu_context *host_ctxt)
1021 {
1022 DECLARE_REG(int, shadow_handle, host_ctxt, 1);
1023
1024 cpu_reg(host_ctxt, 1) = __pkvm_teardown_shadow(shadow_handle);
1025 }
1026
handle___pkvm_iommu_driver_init(struct kvm_cpu_context * host_ctxt)1027 static void handle___pkvm_iommu_driver_init(struct kvm_cpu_context *host_ctxt)
1028 {
1029 DECLARE_REG(enum pkvm_iommu_driver_id, id, host_ctxt, 1);
1030 DECLARE_REG(void *, data, host_ctxt, 2);
1031 DECLARE_REG(size_t, size, host_ctxt, 3);
1032
1033 cpu_reg(host_ctxt, 1) = __pkvm_iommu_driver_init(id, data, size);
1034 }
1035
handle___pkvm_iommu_register(struct kvm_cpu_context * host_ctxt)1036 static void handle___pkvm_iommu_register(struct kvm_cpu_context *host_ctxt)
1037 {
1038 DECLARE_REG(unsigned long, dev_id, host_ctxt, 1);
1039 DECLARE_REG(enum pkvm_iommu_driver_id, drv_id, host_ctxt, 2);
1040 DECLARE_REG(phys_addr_t, dev_pa, host_ctxt, 3);
1041 DECLARE_REG(size_t, dev_size, host_ctxt, 4);
1042 DECLARE_REG(unsigned long, parent_id, host_ctxt, 5);
1043 DECLARE_REG(void *, mem, host_ctxt, 6);
1044 DECLARE_REG(size_t, mem_size, host_ctxt, 7);
1045
1046 cpu_reg(host_ctxt, 1) = __pkvm_iommu_register(dev_id, drv_id, dev_pa,
1047 dev_size, parent_id,
1048 mem, mem_size);
1049 }
1050
handle___pkvm_iommu_pm_notify(struct kvm_cpu_context * host_ctxt)1051 static void handle___pkvm_iommu_pm_notify(struct kvm_cpu_context *host_ctxt)
1052 {
1053 DECLARE_REG(unsigned long, dev_id, host_ctxt, 1);
1054 DECLARE_REG(enum pkvm_iommu_pm_event, event, host_ctxt, 2);
1055
1056 cpu_reg(host_ctxt, 1) = __pkvm_iommu_pm_notify(dev_id, event);
1057 }
1058
handle___pkvm_iommu_finalize(struct kvm_cpu_context * host_ctxt)1059 static void handle___pkvm_iommu_finalize(struct kvm_cpu_context *host_ctxt)
1060 {
1061 cpu_reg(host_ctxt, 1) = __pkvm_iommu_finalize();
1062 }
1063
1064 typedef void (*hcall_t)(struct kvm_cpu_context *);
1065
1066 #define HANDLE_FUNC(x) [__KVM_HOST_SMCCC_FUNC_##x] = (hcall_t)handle_##x
1067
1068 static const hcall_t host_hcall[] = {
1069 /* ___kvm_hyp_init */
1070 HANDLE_FUNC(__kvm_get_mdcr_el2),
1071 HANDLE_FUNC(__pkvm_init),
1072 HANDLE_FUNC(__pkvm_create_private_mapping),
1073 HANDLE_FUNC(__pkvm_cpu_set_vector),
1074 HANDLE_FUNC(__kvm_enable_ssbs),
1075 HANDLE_FUNC(__vgic_v3_init_lrs),
1076 HANDLE_FUNC(__vgic_v3_get_gic_config),
1077 HANDLE_FUNC(__kvm_flush_vm_context),
1078 HANDLE_FUNC(__kvm_tlb_flush_vmid_ipa),
1079 HANDLE_FUNC(__kvm_tlb_flush_vmid),
1080 HANDLE_FUNC(__kvm_flush_cpu_context),
1081 HANDLE_FUNC(__pkvm_prot_finalize),
1082
1083 HANDLE_FUNC(__pkvm_host_share_hyp),
1084 HANDLE_FUNC(__pkvm_host_unshare_hyp),
1085 HANDLE_FUNC(__pkvm_host_reclaim_page),
1086 HANDLE_FUNC(__pkvm_host_donate_guest),
1087 HANDLE_FUNC(__kvm_adjust_pc),
1088 HANDLE_FUNC(__kvm_vcpu_run),
1089 HANDLE_FUNC(__kvm_timer_set_cntvoff),
1090 HANDLE_FUNC(__vgic_v3_save_vmcr_aprs),
1091 HANDLE_FUNC(__vgic_v3_restore_vmcr_aprs),
1092 HANDLE_FUNC(__pkvm_init_shadow),
1093 HANDLE_FUNC(__pkvm_init_shadow_vcpu),
1094 HANDLE_FUNC(__pkvm_teardown_shadow),
1095 HANDLE_FUNC(__pkvm_vcpu_load),
1096 HANDLE_FUNC(__pkvm_vcpu_put),
1097 HANDLE_FUNC(__pkvm_vcpu_sync_state),
1098 HANDLE_FUNC(__pkvm_iommu_driver_init),
1099 HANDLE_FUNC(__pkvm_iommu_register),
1100 HANDLE_FUNC(__pkvm_iommu_pm_notify),
1101 HANDLE_FUNC(__pkvm_iommu_finalize),
1102 };
1103
handle_host_hcall(struct kvm_cpu_context * host_ctxt)1104 static void handle_host_hcall(struct kvm_cpu_context *host_ctxt)
1105 {
1106 DECLARE_REG(unsigned long, id, host_ctxt, 0);
1107 unsigned long hcall_min = 0;
1108 hcall_t hfn;
1109
1110 /*
1111 * If pKVM has been initialised then reject any calls to the
1112 * early "privileged" hypercalls. Note that we cannot reject
1113 * calls to __pkvm_prot_finalize for two reasons: (1) The static
1114 * key used to determine initialisation must be toggled prior to
1115 * finalisation and (2) finalisation is performed on a per-CPU
1116 * basis. This is all fine, however, since __pkvm_prot_finalize
1117 * returns -EPERM after the first call for a given CPU.
1118 */
1119 if (static_branch_unlikely(&kvm_protected_mode_initialized))
1120 hcall_min = __KVM_HOST_SMCCC_FUNC___pkvm_prot_finalize;
1121
1122 id -= KVM_HOST_SMCCC_ID(0);
1123
1124 if (unlikely(id < hcall_min || id >= ARRAY_SIZE(host_hcall)))
1125 goto inval;
1126
1127 hfn = host_hcall[id];
1128 if (unlikely(!hfn))
1129 goto inval;
1130
1131 cpu_reg(host_ctxt, 0) = SMCCC_RET_SUCCESS;
1132 hfn(host_ctxt);
1133
1134 return;
1135 inval:
1136 cpu_reg(host_ctxt, 0) = SMCCC_RET_NOT_SUPPORTED;
1137 }
1138
default_host_smc_handler(struct kvm_cpu_context * host_ctxt)1139 static void default_host_smc_handler(struct kvm_cpu_context *host_ctxt)
1140 {
1141 __kvm_hyp_host_forward_smc(host_ctxt);
1142 }
1143
handle_host_smc(struct kvm_cpu_context * host_ctxt)1144 static void handle_host_smc(struct kvm_cpu_context *host_ctxt)
1145 {
1146 bool handled;
1147
1148 handled = kvm_host_psci_handler(host_ctxt);
1149 if (!handled)
1150 handled = kvm_host_ffa_handler(host_ctxt);
1151 if (!handled)
1152 default_host_smc_handler(host_ctxt);
1153
1154 /* SMC was trapped, move ELR past the current PC. */
1155 kvm_skip_host_instr();
1156 }
1157
handle_trap(struct kvm_cpu_context * host_ctxt)1158 void handle_trap(struct kvm_cpu_context *host_ctxt)
1159 {
1160 u64 esr = read_sysreg_el2(SYS_ESR);
1161
1162 switch (ESR_ELx_EC(esr)) {
1163 case ESR_ELx_EC_HVC64:
1164 handle_host_hcall(host_ctxt);
1165 break;
1166 case ESR_ELx_EC_SMC64:
1167 handle_host_smc(host_ctxt);
1168 break;
1169 case ESR_ELx_EC_FP_ASIMD:
1170 case ESR_ELx_EC_SVE:
1171 fpsimd_host_restore();
1172 break;
1173 case ESR_ELx_EC_IABT_LOW:
1174 case ESR_ELx_EC_DABT_LOW:
1175 handle_host_mem_abort(host_ctxt);
1176 break;
1177 default:
1178 BUG();
1179 }
1180 }
1181