[v2,52/94] KVM: arm64: nv: Nested GICv3 Support

Message ID	20200211174938.27809-53-maz@kernel.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=UyAS=37=vger.kernel.org=kvm-owner@kernel.org> From: Marc Zyngier <maz@kernel.org> To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org Cc: Andre Przywara <andre.przywara@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, Dave Martin <Dave.Martin@arm.com>, Jintack Lim <jintack@cs.columbia.edu>, Alexandru Elisei <alexandru.elisei@arm.com>, James Morse <james.morse@arm.com>, Julien Thierry <julien.thierry.kdev@gmail.com>, Suzuki K Poulose <suzuki.poulose@arm.com> Subject: [PATCH v2 52/94] KVM: arm64: nv: Nested GICv3 Support Date: Tue, 11 Feb 2020 17:48:56 +0000 Message-Id: <20200211174938.27809-53-maz@kernel.org> In-Reply-To: <20200211174938.27809-1-maz@kernel.org> References: <20200211174938.27809-1-maz@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	KVM: arm64: ARMv8.3/8.4 Nested Virtualization support \| expand [v2,00/94] KVM: arm64: ARMv8.3/8.4 Nested Virtualization support [v2,01/94] KVM: arm64: Move __load_guest_stage2 to kvm_mmu.h [v2,02/94] arm64: Add ARM64_HAS_NESTED_VIRT cpufeature [v2,03/94] KVM: arm64: nv: Introduce nested virtualization VCPU feature [v2,04/94] KVM: arm64: nv: Reset VCPU to EL2 registers if VCPU nested virt is set [v2,05/94] KVM: arm64: nv: Allow userspace to set PSR_MODE_EL2x [v2,06/94] KVM: arm64: nv: Add EL2 system registers to vcpu context [v2,07/94] KVM: arm64: nv: Reset VMPIDR_EL2 and VPIDR_EL2 to sane values [v2,08/94] KVM: arm64: nv: Add nested virt VCPU primitives for vEL2 VCPU state [v2,09/94] KVM: arm64: nv: Support virtual EL2 exceptions [v2,10/94] KVM: arm64: nv: Inject HVC exceptions to the virtual EL2 [v2,11/94] KVM: arm64: nv: Handle trapped ERET from virtual EL2 [v2,12/94] KVM: arm64: nv: Add EL2->EL1 translation helpers [v2,13/94] KVM: arm64: nv: Refactor vcpu_{read,write}_sys_reg [v2,14/94] KVM: arm64: nv: Handle virtual EL2 registers in vcpu_read/write_sys_reg() [v2,15/94] KVM: arm64: nv: Handle SPSR_EL2 specially [v2,16/94] KVM: arm64: nv: Handle HCR_EL2.E2H specially [v2,17/94] KVM: arm64: nv: Save/Restore vEL2 sysregs [v2,18/94] KVM: arm64: nv: Emulate PSTATE.M for a guest hypervisor [v2,19/94] KVM: arm64: nv: Trap EL1 VM register accesses in virtual EL2 [v2,20/94] KVM: arm64: nv: Trap SPSR_EL1, ELR_EL1 and VBAR_EL1 from virtual EL2 [v2,21/94] KVM: arm64: nv: Trap CPACR_EL1 access in virtual EL2 [v2,22/94] KVM: arm64: nv: Handle PSCI call via smc from the guest [v2,23/94] KVM: arm64: nv: Respect virtual HCR_EL2.TWX setting [v2,24/94] KVM: arm64: nv: Respect virtual CPTR_EL2.{TFP,FPEN} settings [v2,25/94] KVM: arm64: nv: Respect the virtual HCR_EL2.NV bit setting [v2,26/94] KVM: arm64: nv: Respect virtual HCR_EL2.TVM and TRVM settings [v2,27/94] KVM: arm64: nv: Respect the virtual HCR_EL2.NV1 bit setting [v2,28/94] KVM: arm64: nv: Emulate EL12 register accesses from the virtual EL2 [v2,29/94] KVM: arm64: nv: Forward debug traps to the nested guest [v2,30/94] KVM: arm64: nv: Configure HCR_EL2 for nested virtualization [v2,31/94] KVM: arm64: nv: Only toggle cache for virtual EL2 when SCTLR_EL2 changes [v2,32/94] KVM: arm64: nv: Filter out unsupported features from ID regs [v2,33/94] KVM: arm64: nv: Hide RAS from nested guests [v2,34/94] KVM: arm64: nv: Use ARMv8.5-GTG to advertise supported Stage-2 page sizes [v2,35/94] KVM: arm64: Check advertised Stage-2 page size capability [v2,36/94] KVM: arm/arm64: nv: Factor out stage 2 page table data from struct kvm [v2,37/94] KVM: arm64: nv: Support multiple nested Stage-2 mmu structures [v2,38/94] KVM: arm64: nv: Implement nested Stage-2 page table walk logic [v2,39/94] KVM: arm64: nv: Handle shadow stage 2 page faults [v2,40/94] KVM: arm64: nv: Unmap/flush shadow stage 2 page tables [v2,41/94] KVM: arm64: nv: Move last_vcpu_ran to be per s2 mmu [v2,42/94] KVM: arm64: nv: Introduce sys_reg_desc.forward_trap [v2,43/94] KVM: arm64: nv: Set a handler for the system instruction traps [v2,44/94] KVM: arm64: nv: Trap and emulate AT instructions from virtual EL2 [v2,45/94] KVM: arm64: nv: Trap and emulate TLBI instructions from virtual EL2 [v2,46/94] KVM: arm64: nv: Fold guest's HCR_EL2 configuration into the host's [v2,47/94] KVM: arm64: nv: Handle traps for timer _EL02 and _EL2 sysregs accessors [v2,48/94] KVM: arm64: nv: arch_timer: Support hyp timer emulation [v2,49/94] KVM: arm64: nv: Propagate CNTVOFF_EL2 to the virtual EL1 timer [v2,50/94] KVM: arm64: nv: Load timer before the GIC [v2,51/94] KVM: arm64: nv: vgic-v3: Take cpu_if pointer directly instead of vcpu [v2,52/94] KVM: arm64: nv: Nested GICv3 Support [v2,53/94] KVM: arm64: nv: vgic: Emulate the HW bit in software [v2,54/94] KVM: arm64: nv: vgic: Allow userland to set VGIC maintenance IRQ [v2,55/94] KVM: arm64: nv: Implement maintenance interrupt forwarding [v2,56/94] KVM: arm64: nv: Add nested GICv3 tracepoints [v2,57/94] arm64: KVM: nv: Add handling of EL2-specific timer registers [v2,58/94] arm64: KVM: nv: Honor SCTLR_EL2.SPAN on entering vEL2 [v2,59/94] arm64: KVM: nv: Handle SCTLR_EL2 RES0/RES1 bits [v2,60/94] arm64: KVM: nv: Restrict S2 RD/WR permissions to match the guest's [v2,61/94] arm64: KVM: nv: Allow userspace to request KVM_ARM_VCPU_NESTED_VIRT [v2,62/94] arm64: Detect the ARMv8.4 TTL feature [v2,63/94] arm64: KVM: nv: Add handling of ARMv8.4-TTL TLB invalidation [v2,64/94] arm64: KVM: nv: Invalidate TLBs based on shadow S2 TTL-like information [v2,65/94] arm64: KVM: nv: Tag shadow S2 entries with nested level [v2,66/94] arm64: Add SW reserved PTE/PMD bits [v2,67/94] arm64: Add level-hinted TLB invalidation helper [v2,68/94] arm64: KVM: Add a level hint to __kvm_tlb_flush_vmid_ipa [v2,69/94] arm64: KVM: Use TTL hint in when invalidating stage-2 translations [v2,70/94] arm64: KVM: nv: Add include containing the VNCR_EL2 offsets [v2,71/94] KVM: arm64: Introduce accessor for ctxt->sys_reg [v2,72/94] KVM: arm64: sysreg: Use ctxt_sys_reg() instead of raw sys_regs access [v2,73/94] KVM: arm64: sve: Use __vcpu_sys_reg() instead of raw sys_regs access [v2,74/94] KVM: arm64: pauth: Use ctxt_sys_reg() instead of raw sys_regs access [v2,75/94] KVM: arm64: debug: Use ctxt_sys_reg() instead of raw sys_regs access [v2,76/94] KVM: arm64: Add missing reset handlers for PMU emulation [v2,77/94] KVM: arm64: nv: Move sysreg reset check to boot time [v2,78/94] KVM: arm64: Map VNCR-capable registers to a separate page [v2,79/94] KVM: arm64: nv: Move nested vgic state into the sysreg file [v2,80/94] KVM: arm64: Use accessors for timer ctl/cval/offset [v2,81/94] KVM: arm64: Add VNCR-capable timer accessors for arm64 [v2,82/94] KVM: arm64: Make struct kvm_regs userspace-only [v2,83/94] KVM: arm64: VNCR-ize ELR_EL1 [v2,84/94] KVM: arm64: VNCR-ize SP_EL1 [v2,85/94] KVM: arm64: Disintegrate SPSR array [v2,86/94] KVM: arm64: aarch32: Use __vcpu_sys_reg() instead of raw sys_regs access [v2,87/94] KVM: arm64: VNCR-ize SPSR_EL1 [v2,88/94] KVM: arm64: Add ARMv8.4 Enhanced Nested Virt cpufeature [v2,89/94] KVM: arm64: nv: Synchronize PSTATE early on exit [v2,90/94] KVM: arm64: nv: Sync nested timer state with ARMv8.4 [v2,91/94] KVM: arm64: nv: Allocate VNCR page when required [v2,92/94] KVM: arm64: nv: Enable ARMv8.4-NV support [v2,93/94] KVM: arm64: nv: Fast-track 'InHost' exception returns [v2,94/94] KVM: arm64: nv: Fast-track EL1 TLBIs for VHE guests

diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h index bc94dcc83ffa..60d851f75830 100644 --- a/arch/arm/include/asm/kvm_emulate.h +++ b/arch/arm/include/asm/kvm_emulate.h @@ -370,5 +370,6 @@ static inline unsigned long vcpu_data_host_to_guest(struct kvm_vcpu *vcpu, static inline void vcpu_ptrauth_setup_lazy(struct kvm_vcpu *vcpu) {} static inline bool is_hyp_ctxt(struct kvm_vcpu *vcpu) { return false; } +static inline int kvm_inject_nested_irq(struct kvm_vcpu *vcpu) { BUG(); } #endif /* __ARM_KVM_EMULATE_H__ */ diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h index cb5e9b37a87a..c398f1ce117a 100644 --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -34,11 +34,12 @@ #define KVM_MAX_VCPUS VGIC_V2_MAX_CPUS #endif +/* KVM_REQ_GUEST_HYP_IRQ_PENDING is actually unused */ #define KVM_REQ_SLEEP \ KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) -#define KVM_REQ_IRQ_PENDING KVM_ARCH_REQ(1) -#define KVM_REQ_VCPU_RESET KVM_ARCH_REQ(2) -#define KVM_REQ_RECORD_STEAL KVM_ARCH_REQ(3) +#define KVM_REQ_IRQ_PENDING KVM_ARCH_REQ(1) +#define KVM_REQ_VCPU_RESET KVM_ARCH_REQ(2) +#define KVM_REQ_RECORD_STEAL KVM_ARCH_REQ(3) DECLARE_STATIC_KEY_FALSE(userspace_irqchip_in_use); diff --git a/arch/arm/include/asm/kvm_nested.h b/arch/arm/include/asm/kvm_nested.h index 124ff6445f8f..2b89e6fa7323 100644 --- a/arch/arm/include/asm/kvm_nested.h +++ b/arch/arm/include/asm/kvm_nested.h @@ -5,5 +5,6 @@ #include <linux/kvm_host.h> static inline bool nested_virt_in_use(const struct kvm_vcpu *vcpu) { return false; } +static inline void check_nested_vcpu_requests(struct kvm_vcpu *vcpu) {} #endif /* __ARM_KVM_NESTED_H */ diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index e35165de51a2..c578ab9b4a02 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -41,9 +41,10 @@ #define KVM_REQ_SLEEP \ KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) -#define KVM_REQ_IRQ_PENDING KVM_ARCH_REQ(1) -#define KVM_REQ_VCPU_RESET KVM_ARCH_REQ(2) -#define KVM_REQ_RECORD_STEAL KVM_ARCH_REQ(3) +#define KVM_REQ_IRQ_PENDING KVM_ARCH_REQ(1) +#define KVM_REQ_VCPU_RESET KVM_ARCH_REQ(2) +#define KVM_REQ_RECORD_STEAL KVM_ARCH_REQ(3) +#define KVM_REQ_GUEST_HYP_IRQ_PENDING KVM_ARCH_REQ(4) DECLARE_STATIC_KEY_FALSE(userspace_irqchip_in_use); diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h index 147943d876ef..45c013c0c856 100644 --- a/arch/arm64/include/asm/kvm_nested.h +++ b/arch/arm64/include/asm/kvm_nested.h @@ -16,6 +16,7 @@ extern void kvm_init_nested_s2_mmu(struct kvm_s2_mmu *mmu); extern struct kvm_s2_mmu *lookup_s2_mmu(struct kvm *kvm, u64 vttbr, u64 hcr); extern void kvm_vcpu_load_hw_mmu(struct kvm_vcpu *vcpu); extern void kvm_vcpu_put_hw_mmu(struct kvm_vcpu *vcpu); +extern void check_nested_vcpu_requests(struct kvm_vcpu *vcpu); struct kvm_s2_trans { phys_addr_t output; diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile index 5bd4775b44bc..4521fdfacef0 100644 --- a/arch/arm64/kvm/Makefile +++ b/arch/arm64/kvm/Makefile @@ -40,3 +40,4 @@ kvm-$(CONFIG_KVM_ARM_PMU) += $(KVM)/arm/pmu.o kvm-$(CONFIG_KVM_ARM_HOST) += nested.o kvm-$(CONFIG_KVM_ARM_HOST) += emulate-nested.o +kvm-$(CONFIG_KVM_ARM_HOST) += $(KVM)/arm/vgic/vgic-v3-nested.o diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index d20f9982ffea..0ab08ee59110 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -580,6 +580,22 @@ void kvm_arch_flush_shadow_all(struct kvm *kvm) kvm_free_stage2_pgd(&kvm->arch.mmu); } +bool vgic_state_is_nested(struct kvm_vcpu *vcpu) +{ + bool imo = __vcpu_sys_reg(vcpu, HCR_EL2) & HCR_IMO; + bool fmo = __vcpu_sys_reg(vcpu, HCR_EL2) & HCR_FMO; + + WARN_ONCE(imo != fmo, "Separate virtual IRQ/FIQ settings not supported\n"); + + return nested_virt_in_use(vcpu) && imo && fmo && !is_hyp_ctxt(vcpu); +} + +void check_nested_vcpu_requests(struct kvm_vcpu *vcpu) +{ + if (kvm_check_request(KVM_REQ_GUEST_HYP_IRQ_PENDING, vcpu)) + kvm_inject_nested_irq(vcpu); +} + #define FEATURE(x) (GENMASK_ULL(x##_SHIFT + 3, x##_SHIFT)) /* diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 7e2553480721..c1e856cb84f1 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -15,6 +15,8 @@ #include <linux/printk.h> #include <linux/uaccess.h> +#include <linux/irqchip/arm-gic-v3.h> + #include <asm/cacheflush.h> #include <asm/cputype.h> #include <asm/debug-monitors.h> @@ -521,6 +523,18 @@ static bool access_vm_reg(struct kvm_vcpu *vcpu, return true; } +/* + * The architecture says that non-secure write accesses to this register from + * EL1 are trapped to EL2, if either: + * - HCR_EL2.FMO==1, or + * - HCR_EL2.IMO==1 + */ +static bool sgi_traps_to_vel2(struct kvm_vcpu *vcpu) +{ + return !vcpu_mode_el2(vcpu) && + !!(__vcpu_sys_reg(vcpu, HCR_EL2) & (HCR_IMO | HCR_FMO)); +} + /* * Trap handler for the GICv3 SGI generation system register. * Forward the request to the VGIC emulation. @@ -536,6 +550,11 @@ static bool access_gic_sgi(struct kvm_vcpu *vcpu, if (!p->is_write) return read_from_write_only(vcpu, p, r); + if (sgi_traps_to_vel2(vcpu)) { + kvm_inject_nested_sync(vcpu, kvm_vcpu_get_hsr(vcpu)); + return false; + } + /* * In a system where GICD_CTLR.DS=1, a ICC_SGI0R_EL1 access generates * Group0 SGIs only, while ICC_SGI1R_EL1 can generate either group, @@ -579,7 +598,13 @@ static bool access_gic_sre(struct kvm_vcpu *vcpu, if (p->is_write) return ignore_write(vcpu, p); - p->regval = vcpu->arch.vgic_cpu.vgic_v3.vgic_sre; + if (p->Op1 == 4) { /* ICC_SRE_EL2 */ + p->regval = (ICC_SRE_EL2_ENABLE | ICC_SRE_EL2_SRE | + ICC_SRE_EL1_DIB | ICC_SRE_EL1_DFB); + } else { /* ICC_SRE_EL1 */ + p->regval = vcpu->arch.vgic_cpu.vgic_v3.vgic_sre; + } + return true; } @@ -1747,6 +1772,122 @@ static bool access_spsr_el2(struct kvm_vcpu *vcpu, return true; } +static bool access_gic_apr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.nested_vgic_v3; + u32 index, *base; + + index = r->Op2; + if (r->CRm == 8) + base = cpu_if->vgic_ap0r; + else + base = cpu_if->vgic_ap1r; + + if (p->is_write) + base[index] = p->regval; + else + p->regval = base[index]; + + return true; +} + +static bool access_gic_hcr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.nested_vgic_v3; + + if (p->is_write) + cpu_if->vgic_hcr = p->regval; + else + p->regval = cpu_if->vgic_hcr; + + return true; +} + +static bool access_gic_vtr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + if (p->is_write) + return write_to_read_only(vcpu, p, r); + + p->regval = kvm_vgic_global_state.ich_vtr_el2; + + return true; +} + +static bool access_gic_misr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + if (p->is_write) + return write_to_read_only(vcpu, p, r); + + p->regval = vgic_v3_get_misr(vcpu); + + return true; +} + +static bool access_gic_eisr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + if (p->is_write) + return write_to_read_only(vcpu, p, r); + + p->regval = vgic_v3_get_eisr(vcpu); + + return true; +} + +static bool access_gic_elrsr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + if (p->is_write) + return write_to_read_only(vcpu, p, r); + + p->regval = vgic_v3_get_elrsr(vcpu); + + return true; +} + +static bool access_gic_vmcr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.nested_vgic_v3; + + if (p->is_write) + cpu_if->vgic_vmcr = p->regval; + else + p->regval = cpu_if->vgic_vmcr; + + return true; +} + +static bool access_gic_lr(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.nested_vgic_v3; + u32 index; + + index = p->Op2; + if (p->CRm == 13) + index += 8; + + if (p->is_write) + cpu_if->vgic_lr[index] = p->regval; + else + p->regval = cpu_if->vgic_lr[index]; + + return true; +} + /* * Architected system registers. * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2 @@ -2077,6 +2218,41 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_RMR_EL2), access_wi, reset_val, RMR_EL2, 1 }, { SYS_DESC(SYS_VDISR_EL2), trap_undef }, + { SYS_DESC(SYS_ICH_AP0R0_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP0R1_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP0R2_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP0R3_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP1R0_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP1R1_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP1R2_EL2), access_gic_apr }, + { SYS_DESC(SYS_ICH_AP1R3_EL2), access_gic_apr }, + + { SYS_DESC(SYS_ICC_SRE_EL2), access_gic_sre }, + + { SYS_DESC(SYS_ICH_HCR_EL2), access_gic_hcr }, + { SYS_DESC(SYS_ICH_VTR_EL2), access_gic_vtr }, + { SYS_DESC(SYS_ICH_MISR_EL2), access_gic_misr }, + { SYS_DESC(SYS_ICH_EISR_EL2), access_gic_eisr }, + { SYS_DESC(SYS_ICH_ELRSR_EL2), access_gic_elrsr }, + { SYS_DESC(SYS_ICH_VMCR_EL2), access_gic_vmcr }, + + { SYS_DESC(SYS_ICH_LR0_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR1_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR2_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR3_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR4_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR5_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR6_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR7_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR8_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR9_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR10_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR11_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR12_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR13_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR14_EL2), access_gic_lr }, + { SYS_DESC(SYS_ICH_LR15_EL2), access_gic_lr }, + { SYS_DESC(SYS_CONTEXTIDR_EL2), access_rw, reset_val, CONTEXTIDR_EL2, 0 }, { SYS_DESC(SYS_TPIDR_EL2), access_rw, reset_val, TPIDR_EL2, 0 }, diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h index f89b81327bb0..61e8d5cb852b 100644 --- a/include/kvm/arm_vgic.h +++ b/include/kvm/arm_vgic.h @@ -302,6 +302,15 @@ struct vgic_cpu { struct vgic_irq private_irqs[VGIC_NR_PRIVATE_IRQS]; + /* CPU vif control registers for the virtual GICH interface */ + struct vgic_v3_cpu_if nested_vgic_v3; + + /* + * The shadow vif control register loaded to the hardware when + * running a nested L2 guest with the virtual IMO/FMO bit set. + */ + struct vgic_v3_cpu_if shadow_vgic_v3; + raw_spinlock_t ap_list_lock; /* Protects the ap_list */ /* @@ -358,6 +367,13 @@ void kvm_vgic_load(struct kvm_vcpu *vcpu); void kvm_vgic_put(struct kvm_vcpu *vcpu); void kvm_vgic_vmcr_sync(struct kvm_vcpu *vcpu); +void vgic_v3_load_nested(struct kvm_vcpu *vcpu); +void vgic_v3_put_nested(struct kvm_vcpu *vcpu); +void vgic_v3_handle_nested_maint_irq(struct kvm_vcpu *vcpu); +u16 vgic_v3_get_eisr(struct kvm_vcpu *vcpu); +u16 vgic_v3_get_elrsr(struct kvm_vcpu *vcpu); +u64 vgic_v3_get_misr(struct kvm_vcpu *vcpu); + #define irqchip_in_kernel(k) (!!((k)->arch.vgic.in_kernel)) #define vgic_initialized(k) ((k)->arch.vgic.initialized) #define vgic_ready(k) ((k)->arch.vgic.ready) @@ -401,4 +417,6 @@ int kvm_vgic_v4_unset_forwarding(struct kvm *kvm, int irq, int vgic_v4_load(struct kvm_vcpu *vcpu); int vgic_v4_put(struct kvm_vcpu *vcpu, bool need_db); +bool vgic_state_is_nested(struct kvm_vcpu *vcpu); + #endif /* __KVM_ARM_VGIC_H */ diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c index 14c2d94c367e..fa73b7a464f1 100644 --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -620,6 +620,8 @@ static void check_vcpu_requests(struct kvm_vcpu *vcpu) if (kvm_check_request(KVM_REQ_RECORD_STEAL, vcpu)) kvm_update_stolen_time(vcpu); + + check_nested_vcpu_requests(vcpu); } } @@ -666,9 +668,16 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run) */ cond_resched(); - update_vmid(&vcpu->arch.hw_mmu->vmid); - + /* + * A nested exeption triggered by a vcpu request (such + * as an interrupt injected in a guest hypervisor) can + * change the currently used VMID (by switching to a + * different translation regime. It is thus necesary + * to update the VMID *after* all requests have been + * processed. + */ check_vcpu_requests(vcpu); + update_vmid(&vcpu->arch.hw_mmu->vmid); /* * Preparing the interrupts to be injected also diff --git a/virt/kvm/arm/vgic/vgic-v3-nested.c b/virt/kvm/arm/vgic/vgic-v3-nested.c new file mode 100644 index 000000000000..bfe0ccde514f --- /dev/null +++ b/virt/kvm/arm/vgic/vgic-v3-nested.c @@ -0,0 +1,178 @@ +#include <linux/cpu.h> +#include <linux/kvm.h> +#include <linux/kvm_host.h> +#include <linux/interrupt.h> +#include <linux/io.h> +#include <linux/uaccess.h> + +#include <linux/irqchip/arm-gic-v3.h> + +#include <asm/kvm_emulate.h> +#include <asm/kvm_arm.h> +#include <kvm/arm_vgic.h> + +#include "vgic.h" + +static inline struct vgic_v3_cpu_if *vcpu_nested_if(struct kvm_vcpu *vcpu) +{ + return &vcpu->arch.vgic_cpu.nested_vgic_v3; +} + +static inline struct vgic_v3_cpu_if *vcpu_shadow_if(struct kvm_vcpu *vcpu) +{ + return &vcpu->arch.vgic_cpu.shadow_vgic_v3; +} + +static inline bool lr_triggers_eoi(u64 lr) +{ + return !(lr & (ICH_LR_STATE | ICH_LR_HW)) && (lr & ICH_LR_EOI); +} + +u16 vgic_v3_get_eisr(struct kvm_vcpu *vcpu) +{ + struct vgic_v3_cpu_if *cpu_if = vcpu_nested_if(vcpu); + u16 reg = 0; + int i; + + for (i = 0; i < kvm_vgic_global_state.nr_lr; i++) { + if (lr_triggers_eoi(cpu_if->vgic_lr[i])) + reg |= BIT(i); + } + + return reg; +} + +u16 vgic_v3_get_elrsr(struct kvm_vcpu *vcpu) +{ + struct vgic_v3_cpu_if *cpu_if = vcpu_nested_if(vcpu); + u16 reg = 0; + int i; + + for (i = 0; i < kvm_vgic_global_state.nr_lr; i++) { + if (!(cpu_if->vgic_lr[i] & ICH_LR_STATE)) + reg |= BIT(i); + } + + return reg; +} + +u64 vgic_v3_get_misr(struct kvm_vcpu *vcpu) +{ + struct vgic_v3_cpu_if *cpu_if = vcpu_nested_if(vcpu); + int nr_lr = kvm_vgic_global_state.nr_lr; + u64 reg = 0; + + if (vgic_v3_get_eisr(vcpu)) + reg |= ICH_MISR_EOI; + + if (cpu_if->vgic_hcr & ICH_HCR_UIE) { + int used_lrs; + + used_lrs = nr_lr - hweight16(vgic_v3_get_elrsr(vcpu)); + if (used_lrs <= 1) + reg |= ICH_MISR_U; + } + + /* TODO: Support remaining bits in this register */ + return reg; +} + +/* + * For LRs which have HW bit set such as timer interrupts, we modify them to + * have the host hardware interrupt number instead of the virtual one programmed + * by the guest hypervisor. + */ +static void vgic_v3_create_shadow_lr(struct kvm_vcpu *vcpu) +{ + struct vgic_v3_cpu_if *cpu_if = vcpu_nested_if(vcpu); + struct vgic_v3_cpu_if *s_cpu_if = vcpu_shadow_if(vcpu); + struct vgic_irq *irq; + int i, used_lrs = 0; + + for (i = 0; i < kvm_vgic_global_state.nr_lr; i++) { + u64 lr = cpu_if->vgic_lr[i]; + int l1_irq; + + if (!(lr & ICH_LR_HW)) + goto next; + + /* We have the HW bit set */ + l1_irq = (lr & ICH_LR_PHYS_ID_MASK) >> ICH_LR_PHYS_ID_SHIFT; + irq = vgic_get_irq(vcpu->kvm, vcpu, l1_irq); + + if (!irq || !irq->hw) { + /* There was no real mapping, so nuke the HW bit */ + lr &= ~ICH_LR_HW; + if (irq) + vgic_put_irq(vcpu->kvm, irq); + goto next; + } + + /* Translate the virtual mapping to the real one */ + lr &= ~ICH_LR_EOI; /* Why? */ + lr &= ~ICH_LR_PHYS_ID_MASK; + lr |= (u64)irq->hwintid << ICH_LR_PHYS_ID_SHIFT; + vgic_put_irq(vcpu->kvm, irq); + +next: + s_cpu_if->vgic_lr[i] = lr; + used_lrs = i + 1; + } + + s_cpu_if->used_lrs = used_lrs; +} + +/* + * Change the shadow HWIRQ field back to the virtual value before copying over + * the entire shadow struct to the nested state. + */ +static void vgic_v3_fixup_shadow_lr_state(struct kvm_vcpu *vcpu) +{ + struct vgic_v3_cpu_if *cpu_if = vcpu_nested_if(vcpu); + struct vgic_v3_cpu_if *s_cpu_if = vcpu_shadow_if(vcpu); + int lr; + + for (lr = 0; lr < kvm_vgic_global_state.nr_lr; lr++) { + s_cpu_if->vgic_lr[lr] &= ~ICH_LR_PHYS_ID_MASK; + s_cpu_if->vgic_lr[lr] |= cpu_if->vgic_lr[lr] & ICH_LR_PHYS_ID_MASK; + } +} + +void vgic_v3_load_nested(struct kvm_vcpu *vcpu) +{ + struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; + + vgic_cpu->shadow_vgic_v3 = vgic_cpu->nested_vgic_v3; + vgic_v3_create_shadow_lr(vcpu); + __vgic_v3_restore_state(vcpu_shadow_if(vcpu)); +} + +void vgic_v3_put_nested(struct kvm_vcpu *vcpu) +{ + struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; + + __vgic_v3_save_state(vcpu_shadow_if(vcpu)); + + /* + * Translate the shadow state HW fields back to the virtual ones + * before copying the shadow struct back to the nested one. + */ + vgic_v3_fixup_shadow_lr_state(vcpu); + vgic_cpu->nested_vgic_v3 = vgic_cpu->shadow_vgic_v3; +} + +void vgic_v3_handle_nested_maint_irq(struct kvm_vcpu *vcpu) +{ + struct vgic_v3_cpu_if *cpu_if = vcpu_nested_if(vcpu); + + /* + * If we exit a nested VM with a pending maintenance interrupt from the + * GIC, then we need to forward this to the guest hypervisor so that it + * can re-sync the appropriate LRs and sample level triggered interrupts + * again. + */ + if (vgic_state_is_nested(vcpu) && + (cpu_if->vgic_hcr & ICH_HCR_EN) && + vgic_v3_get_misr(vcpu)) + kvm_inject_nested_irq(vcpu); +} diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c index a8732afb37e5..bca20528d5d1 100644 --- a/virt/kvm/arm/vgic/vgic-v3.c +++ b/virt/kvm/arm/vgic/vgic-v3.c @@ -6,6 +6,7 @@ #include <kvm/arm_vgic.h> #include <asm/kvm_hyp.h> #include <asm/kvm_mmu.h> +#include <asm/kvm_nested.h> #include <asm/kvm_asm.h> #include "vgic.h" @@ -289,6 +290,12 @@ void vgic_v3_enable(struct kvm_vcpu *vcpu) vgic_v3->vgic_sre = (ICC_SRE_EL1_DIB | ICC_SRE_EL1_DFB | ICC_SRE_EL1_SRE); + /* + * If nesting is allowed, force GICv3 onto the nested + * guests as well. + */ + if (nested_virt_in_use(vcpu)) + vcpu->arch.vgic_cpu.nested_vgic_v3.vgic_sre = vgic_v3->vgic_sre; vcpu->arch.vgic_cpu.pendbaser = INITIAL_PENDBASER_VALUE; } else { vgic_v3->vgic_sre = 0; @@ -652,6 +659,13 @@ void vgic_v3_load(struct kvm_vcpu *vcpu) { struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.vgic_v3; + /* + * vgic_v3_load_nested only affects the LRs in the shadow + * state, so it is fine to pass the nested state around. + */ + if (vgic_state_is_nested(vcpu)) + cpu_if = &vcpu->arch.vgic_cpu.nested_vgic_v3; + /* * If dealing with a GICv2 emulation on GICv3, VMCR_EL2.VFIQen * is dependent on ICC_SRE_EL1.SRE, and we have to perform the @@ -665,6 +679,9 @@ void vgic_v3_load(struct kvm_vcpu *vcpu) if (has_vhe()) __vgic_v3_activate_traps(cpu_if); + if (vgic_state_is_nested(vcpu)) + vgic_v3_load_nested(vcpu); + WARN_ON(vgic_v4_load(vcpu)); } @@ -672,6 +689,9 @@ void vgic_v3_vmcr_sync(struct kvm_vcpu *vcpu) { struct vgic_v3_cpu_if *cpu_if = &vcpu->arch.vgic_cpu.vgic_v3; + if (vgic_state_is_nested(vcpu)) + cpu_if = &vcpu->arch.vgic_cpu.shadow_vgic_v3; + if (likely(cpu_if->vgic_sre)) cpu_if->vgic_vmcr = kvm_call_hyp_ret(__vgic_v3_read_vmcr); } @@ -684,8 +704,19 @@ void vgic_v3_put(struct kvm_vcpu *vcpu) vgic_v3_vmcr_sync(vcpu); + if (vgic_state_is_nested(vcpu)) + cpu_if = &vcpu->arch.vgic_cpu.shadow_vgic_v3; + kvm_call_hyp(__vgic_v3_save_aprs, kern_hyp_va(cpu_if)); if (has_vhe()) __vgic_v3_deactivate_traps(cpu_if); + + if (vgic_state_is_nested(vcpu)) + vgic_v3_put_nested(vcpu); } + +__weak void vgic_v3_sync_nested(struct kvm_vcpu *vcpu) {} +__weak void vgic_v3_handle_nested_maint_irq(struct kvm_vcpu *vcpu) {} +__weak void vgic_v3_load_nested(struct kvm_vcpu *vcpu) {} +__weak void vgic_v3_put_nested(struct kvm_vcpu *vcpu) {} diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c index a2428b42f7e2..7be3b05dcd8d 100644 --- a/virt/kvm/arm/vgic/vgic.c +++ b/virt/kvm/arm/vgic/vgic.c @@ -876,6 +876,10 @@ void kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu) { int used_lrs; + /* If nesting, this is a load/put affair, not flush/sync. */ + if (vgic_state_is_nested(vcpu)) + return; + /* An empty ap_list_head implies used_lrs == 0 */ if (list_empty(&vcpu->arch.vgic_cpu.ap_list_head)) return; @@ -920,6 +924,29 @@ void kvm_vgic_flush_hwstate(struct kvm_vcpu *vcpu) !vgic_supports_direct_msis(vcpu->kvm)) return; + /* + * If in a nested state, we must return early. Two possibilities: + * + * - If we have any pending IRQ for the guest and the guest + * expects IRQs to be handled in its virtual EL2 mode (the + * virtual IMO bit is set) and it is not already running in + * virtual EL2 mode, then we have to emulate an IRQ + * exception to virtual EL2. + * + * We do that by placing a request to ourselves which will + * abort the entry procedure and inject the exception at the + * beginning of the run loop. + * + * - Otherwise, do exactly *NOTHING*. The guest state is + * already loaded, and we can carry on with running it. + */ + if (vgic_state_is_nested(vcpu)) { + if (kvm_vgic_vcpu_pending_irq(vcpu)) + kvm_make_request(KVM_REQ_GUEST_HYP_IRQ_PENDING, vcpu); + + return; + } + DEBUG_SPINLOCK_BUG_ON(!irqs_disabled()); if (!list_empty(&vcpu->arch.vgic_cpu.ap_list_head)) { @@ -1033,3 +1060,8 @@ bool kvm_vgic_map_is_active(struct kvm_vcpu *vcpu, unsigned int vintid) return map_is_active; } + +__weak bool vgic_state_is_nested(struct kvm_vcpu *vcpu) +{ + return false; +}

[v2,52/94] KVM: arm64: nv: Nested GICv3 Support

Commit Message

Patch