1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2015, 2016 ARM Ltd. 4 */ 5 6 #include <linux/interrupt.h> 7 #include <linux/irq.h> 8 #include <linux/kvm.h> 9 #include <linux/kvm_host.h> 10 #include <linux/list_sort.h> 11 #include <linux/nospec.h> 12 13 #include <asm/kvm_hyp.h> 14 15 #include "vgic.h" 16 17 #define CREATE_TRACE_POINTS 18 #include "trace.h" 19 20 struct vgic_global kvm_vgic_global_state __ro_after_init = { 21 .gicv3_cpuif = STATIC_KEY_FALSE_INIT, 22 }; 23 24 /* 25 * Locking order is always: 26 * kvm->lock (mutex) 27 * vcpu->mutex (mutex) 28 * kvm->arch.config_lock (mutex) 29 * its->cmd_lock (mutex) 30 * its->its_lock (mutex) 31 * vgic_cpu->ap_list_lock must be taken with IRQs disabled 32 * kvm->lpi_list_lock must be taken with IRQs disabled 33 * vgic_irq->irq_lock must be taken with IRQs disabled 34 * 35 * As the ap_list_lock might be taken from the timer interrupt handler, 36 * we have to disable IRQs before taking this lock and everything lower 37 * than it. 38 * 39 * If you need to take multiple locks, always take the upper lock first, 40 * then the lower ones, e.g. first take the its_lock, then the irq_lock. 41 * If you are already holding a lock and need to take a higher one, you 42 * have to drop the lower ranking lock first and re-acquire it after having 43 * taken the upper one. 44 * 45 * When taking more than one ap_list_lock at the same time, always take the 46 * lowest numbered VCPU's ap_list_lock first, so: 47 * vcpuX->vcpu_id < vcpuY->vcpu_id: 48 * raw_spin_lock(vcpuX->arch.vgic_cpu.ap_list_lock); 49 * raw_spin_lock(vcpuY->arch.vgic_cpu.ap_list_lock); 50 * 51 * Since the VGIC must support injecting virtual interrupts from ISRs, we have 52 * to use the raw_spin_lock_irqsave/raw_spin_unlock_irqrestore versions of outer 53 * spinlocks for any lock that may be taken while injecting an interrupt. 54 */ 55 56 /* 57 * Iterate over the VM's list of mapped LPIs to find the one with a 58 * matching interrupt ID and return a reference to the IRQ structure. 59 */ 60 static struct vgic_irq *vgic_get_lpi(struct kvm *kvm, u32 intid) 61 { 62 struct vgic_dist *dist = &kvm->arch.vgic; 63 struct vgic_irq *irq = NULL; 64 unsigned long flags; 65 66 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags); 67 68 list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) { 69 if (irq->intid != intid) 70 continue; 71 72 /* 73 * This increases the refcount, the caller is expected to 74 * call vgic_put_irq() later once it's finished with the IRQ. 75 */ 76 vgic_get_irq_kref(irq); 77 goto out_unlock; 78 } 79 irq = NULL; 80 81 out_unlock: 82 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags); 83 84 return irq; 85 } 86 87 /* 88 * This looks up the virtual interrupt ID to get the corresponding 89 * struct vgic_irq. It also increases the refcount, so any caller is expected 90 * to call vgic_put_irq() once it's finished with this IRQ. 91 */ 92 struct vgic_irq *vgic_get_irq(struct kvm *kvm, struct kvm_vcpu *vcpu, 93 u32 intid) 94 { 95 /* SGIs and PPIs */ 96 if (intid <= VGIC_MAX_PRIVATE) { 97 intid = array_index_nospec(intid, VGIC_MAX_PRIVATE + 1); 98 return &vcpu->arch.vgic_cpu.private_irqs[intid]; 99 } 100 101 /* SPIs */ 102 if (intid < (kvm->arch.vgic.nr_spis + VGIC_NR_PRIVATE_IRQS)) { 103 intid = array_index_nospec(intid, kvm->arch.vgic.nr_spis + VGIC_NR_PRIVATE_IRQS); 104 return &kvm->arch.vgic.spis[intid - VGIC_NR_PRIVATE_IRQS]; 105 } 106 107 /* LPIs */ 108 if (intid >= VGIC_MIN_LPI) 109 return vgic_get_lpi(kvm, intid); 110 111 return NULL; 112 } 113 114 /* 115 * We can't do anything in here, because we lack the kvm pointer to 116 * lock and remove the item from the lpi_list. So we keep this function 117 * empty and use the return value of kref_put() to trigger the freeing. 118 */ 119 static void vgic_irq_release(struct kref *ref) 120 { 121 } 122 123 /* 124 * Drop the refcount on the LPI. Must be called with lpi_list_lock held. 125 */ 126 void __vgic_put_lpi_locked(struct kvm *kvm, struct vgic_irq *irq) 127 { 128 struct vgic_dist *dist = &kvm->arch.vgic; 129 130 if (!kref_put(&irq->refcount, vgic_irq_release)) 131 return; 132 133 list_del(&irq->lpi_list); 134 dist->lpi_list_count--; 135 136 kfree(irq); 137 } 138 139 void vgic_put_irq(struct kvm *kvm, struct vgic_irq *irq) 140 { 141 struct vgic_dist *dist = &kvm->arch.vgic; 142 unsigned long flags; 143 144 if (irq->intid < VGIC_MIN_LPI) 145 return; 146 147 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags); 148 __vgic_put_lpi_locked(kvm, irq); 149 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags); 150 } 151 152 void vgic_flush_pending_lpis(struct kvm_vcpu *vcpu) 153 { 154 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 155 struct vgic_irq *irq, *tmp; 156 unsigned long flags; 157 158 raw_spin_lock_irqsave(&vgic_cpu->ap_list_lock, flags); 159 160 list_for_each_entry_safe(irq, tmp, &vgic_cpu->ap_list_head, ap_list) { 161 if (irq->intid >= VGIC_MIN_LPI) { 162 raw_spin_lock(&irq->irq_lock); 163 list_del(&irq->ap_list); 164 irq->vcpu = NULL; 165 raw_spin_unlock(&irq->irq_lock); 166 vgic_put_irq(vcpu->kvm, irq); 167 } 168 } 169 170 raw_spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags); 171 } 172 173 void vgic_irq_set_phys_pending(struct vgic_irq *irq, bool pending) 174 { 175 WARN_ON(irq_set_irqchip_state(irq->host_irq, 176 IRQCHIP_STATE_PENDING, 177 pending)); 178 } 179 180 bool vgic_get_phys_line_level(struct vgic_irq *irq) 181 { 182 bool line_level; 183 184 BUG_ON(!irq->hw); 185 186 if (irq->ops && irq->ops->get_input_level) 187 return irq->ops->get_input_level(irq->intid); 188 189 WARN_ON(irq_get_irqchip_state(irq->host_irq, 190 IRQCHIP_STATE_PENDING, 191 &line_level)); 192 return line_level; 193 } 194 195 /* Set/Clear the physical active state */ 196 void vgic_irq_set_phys_active(struct vgic_irq *irq, bool active) 197 { 198 199 BUG_ON(!irq->hw); 200 WARN_ON(irq_set_irqchip_state(irq->host_irq, 201 IRQCHIP_STATE_ACTIVE, 202 active)); 203 } 204 205 /** 206 * kvm_vgic_target_oracle - compute the target vcpu for an irq 207 * 208 * @irq: The irq to route. Must be already locked. 209 * 210 * Based on the current state of the interrupt (enabled, pending, 211 * active, vcpu and target_vcpu), compute the next vcpu this should be 212 * given to. Return NULL if this shouldn't be injected at all. 213 * 214 * Requires the IRQ lock to be held. 215 */ 216 static struct kvm_vcpu *vgic_target_oracle(struct vgic_irq *irq) 217 { 218 lockdep_assert_held(&irq->irq_lock); 219 220 /* If the interrupt is active, it must stay on the current vcpu */ 221 if (irq->active) 222 return irq->vcpu ? : irq->target_vcpu; 223 224 /* 225 * If the IRQ is not active but enabled and pending, we should direct 226 * it to its configured target VCPU. 227 * If the distributor is disabled, pending interrupts shouldn't be 228 * forwarded. 229 */ 230 if (irq->enabled && irq_is_pending(irq)) { 231 if (unlikely(irq->target_vcpu && 232 !irq->target_vcpu->kvm->arch.vgic.enabled)) 233 return NULL; 234 235 return irq->target_vcpu; 236 } 237 238 /* If neither active nor pending and enabled, then this IRQ should not 239 * be queued to any VCPU. 240 */ 241 return NULL; 242 } 243 244 /* 245 * The order of items in the ap_lists defines how we'll pack things in LRs as 246 * well, the first items in the list being the first things populated in the 247 * LRs. 248 * 249 * A hard rule is that active interrupts can never be pushed out of the LRs 250 * (and therefore take priority) since we cannot reliably trap on deactivation 251 * of IRQs and therefore they have to be present in the LRs. 252 * 253 * Otherwise things should be sorted by the priority field and the GIC 254 * hardware support will take care of preemption of priority groups etc. 255 * 256 * Return negative if "a" sorts before "b", 0 to preserve order, and positive 257 * to sort "b" before "a". 258 */ 259 static int vgic_irq_cmp(void *priv, const struct list_head *a, 260 const struct list_head *b) 261 { 262 struct vgic_irq *irqa = container_of(a, struct vgic_irq, ap_list); 263 struct vgic_irq *irqb = container_of(b, struct vgic_irq, ap_list); 264 bool penda, pendb; 265 int ret; 266 267 /* 268 * list_sort may call this function with the same element when 269 * the list is fairly long. 270 */ 271 if (unlikely(irqa == irqb)) 272 return 0; 273 274 raw_spin_lock(&irqa->irq_lock); 275 raw_spin_lock_nested(&irqb->irq_lock, SINGLE_DEPTH_NESTING); 276 277 if (irqa->active || irqb->active) { 278 ret = (int)irqb->active - (int)irqa->active; 279 goto out; 280 } 281 282 penda = irqa->enabled && irq_is_pending(irqa); 283 pendb = irqb->enabled && irq_is_pending(irqb); 284 285 if (!penda || !pendb) { 286 ret = (int)pendb - (int)penda; 287 goto out; 288 } 289 290 /* Both pending and enabled, sort by priority */ 291 ret = irqa->priority - irqb->priority; 292 out: 293 raw_spin_unlock(&irqb->irq_lock); 294 raw_spin_unlock(&irqa->irq_lock); 295 return ret; 296 } 297 298 /* Must be called with the ap_list_lock held */ 299 static void vgic_sort_ap_list(struct kvm_vcpu *vcpu) 300 { 301 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 302 303 lockdep_assert_held(&vgic_cpu->ap_list_lock); 304 305 list_sort(NULL, &vgic_cpu->ap_list_head, vgic_irq_cmp); 306 } 307 308 /* 309 * Only valid injection if changing level for level-triggered IRQs or for a 310 * rising edge, and in-kernel connected IRQ lines can only be controlled by 311 * their owner. 312 */ 313 static bool vgic_validate_injection(struct vgic_irq *irq, bool level, void *owner) 314 { 315 if (irq->owner != owner) 316 return false; 317 318 switch (irq->config) { 319 case VGIC_CONFIG_LEVEL: 320 return irq->line_level != level; 321 case VGIC_CONFIG_EDGE: 322 return level; 323 } 324 325 return false; 326 } 327 328 /* 329 * Check whether an IRQ needs to (and can) be queued to a VCPU's ap list. 330 * Do the queuing if necessary, taking the right locks in the right order. 331 * Returns true when the IRQ was queued, false otherwise. 332 * 333 * Needs to be entered with the IRQ lock already held, but will return 334 * with all locks dropped. 335 */ 336 bool vgic_queue_irq_unlock(struct kvm *kvm, struct vgic_irq *irq, 337 unsigned long flags) 338 { 339 struct kvm_vcpu *vcpu; 340 341 lockdep_assert_held(&irq->irq_lock); 342 343 retry: 344 vcpu = vgic_target_oracle(irq); 345 if (irq->vcpu || !vcpu) { 346 /* 347 * If this IRQ is already on a VCPU's ap_list, then it 348 * cannot be moved or modified and there is no more work for 349 * us to do. 350 * 351 * Otherwise, if the irq is not pending and enabled, it does 352 * not need to be inserted into an ap_list and there is also 353 * no more work for us to do. 354 */ 355 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 356 357 /* 358 * We have to kick the VCPU here, because we could be 359 * queueing an edge-triggered interrupt for which we 360 * get no EOI maintenance interrupt. In that case, 361 * while the IRQ is already on the VCPU's AP list, the 362 * VCPU could have EOI'ed the original interrupt and 363 * won't see this one until it exits for some other 364 * reason. 365 */ 366 if (vcpu) { 367 kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); 368 kvm_vcpu_kick(vcpu); 369 } 370 return false; 371 } 372 373 /* 374 * We must unlock the irq lock to take the ap_list_lock where 375 * we are going to insert this new pending interrupt. 376 */ 377 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 378 379 /* someone can do stuff here, which we re-check below */ 380 381 raw_spin_lock_irqsave(&vcpu->arch.vgic_cpu.ap_list_lock, flags); 382 raw_spin_lock(&irq->irq_lock); 383 384 /* 385 * Did something change behind our backs? 386 * 387 * There are two cases: 388 * 1) The irq lost its pending state or was disabled behind our 389 * backs and/or it was queued to another VCPU's ap_list. 390 * 2) Someone changed the affinity on this irq behind our 391 * backs and we are now holding the wrong ap_list_lock. 392 * 393 * In both cases, drop the locks and retry. 394 */ 395 396 if (unlikely(irq->vcpu || vcpu != vgic_target_oracle(irq))) { 397 raw_spin_unlock(&irq->irq_lock); 398 raw_spin_unlock_irqrestore(&vcpu->arch.vgic_cpu.ap_list_lock, 399 flags); 400 401 raw_spin_lock_irqsave(&irq->irq_lock, flags); 402 goto retry; 403 } 404 405 /* 406 * Grab a reference to the irq to reflect the fact that it is 407 * now in the ap_list. 408 */ 409 vgic_get_irq_kref(irq); 410 list_add_tail(&irq->ap_list, &vcpu->arch.vgic_cpu.ap_list_head); 411 irq->vcpu = vcpu; 412 413 raw_spin_unlock(&irq->irq_lock); 414 raw_spin_unlock_irqrestore(&vcpu->arch.vgic_cpu.ap_list_lock, flags); 415 416 kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); 417 kvm_vcpu_kick(vcpu); 418 419 return true; 420 } 421 422 /** 423 * kvm_vgic_inject_irq - Inject an IRQ from a device to the vgic 424 * @kvm: The VM structure pointer 425 * @vcpu: The CPU for PPIs or NULL for global interrupts 426 * @intid: The INTID to inject a new state to. 427 * @level: Edge-triggered: true: to trigger the interrupt 428 * false: to ignore the call 429 * Level-sensitive true: raise the input signal 430 * false: lower the input signal 431 * @owner: The opaque pointer to the owner of the IRQ being raised to verify 432 * that the caller is allowed to inject this IRQ. Userspace 433 * injections will have owner == NULL. 434 * 435 * The VGIC is not concerned with devices being active-LOW or active-HIGH for 436 * level-sensitive interrupts. You can think of the level parameter as 1 437 * being HIGH and 0 being LOW and all devices being active-HIGH. 438 */ 439 int kvm_vgic_inject_irq(struct kvm *kvm, struct kvm_vcpu *vcpu, 440 unsigned int intid, bool level, void *owner) 441 { 442 struct vgic_irq *irq; 443 unsigned long flags; 444 int ret; 445 446 ret = vgic_lazy_init(kvm); 447 if (ret) 448 return ret; 449 450 if (!vcpu && intid < VGIC_NR_PRIVATE_IRQS) 451 return -EINVAL; 452 453 trace_vgic_update_irq_pending(vcpu ? vcpu->vcpu_idx : 0, intid, level); 454 455 irq = vgic_get_irq(kvm, vcpu, intid); 456 if (!irq) 457 return -EINVAL; 458 459 raw_spin_lock_irqsave(&irq->irq_lock, flags); 460 461 if (!vgic_validate_injection(irq, level, owner)) { 462 /* Nothing to see here, move along... */ 463 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 464 vgic_put_irq(kvm, irq); 465 return 0; 466 } 467 468 if (irq->config == VGIC_CONFIG_LEVEL) 469 irq->line_level = level; 470 else 471 irq->pending_latch = true; 472 473 vgic_queue_irq_unlock(kvm, irq, flags); 474 vgic_put_irq(kvm, irq); 475 476 return 0; 477 } 478 479 /* @irq->irq_lock must be held */ 480 static int kvm_vgic_map_irq(struct kvm_vcpu *vcpu, struct vgic_irq *irq, 481 unsigned int host_irq, 482 struct irq_ops *ops) 483 { 484 struct irq_desc *desc; 485 struct irq_data *data; 486 487 /* 488 * Find the physical IRQ number corresponding to @host_irq 489 */ 490 desc = irq_to_desc(host_irq); 491 if (!desc) { 492 kvm_err("%s: no interrupt descriptor\n", __func__); 493 return -EINVAL; 494 } 495 data = irq_desc_get_irq_data(desc); 496 while (data->parent_data) 497 data = data->parent_data; 498 499 irq->hw = true; 500 irq->host_irq = host_irq; 501 irq->hwintid = data->hwirq; 502 irq->ops = ops; 503 return 0; 504 } 505 506 /* @irq->irq_lock must be held */ 507 static inline void kvm_vgic_unmap_irq(struct vgic_irq *irq) 508 { 509 irq->hw = false; 510 irq->hwintid = 0; 511 irq->ops = NULL; 512 } 513 514 int kvm_vgic_map_phys_irq(struct kvm_vcpu *vcpu, unsigned int host_irq, 515 u32 vintid, struct irq_ops *ops) 516 { 517 struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, vintid); 518 unsigned long flags; 519 int ret; 520 521 BUG_ON(!irq); 522 523 raw_spin_lock_irqsave(&irq->irq_lock, flags); 524 ret = kvm_vgic_map_irq(vcpu, irq, host_irq, ops); 525 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 526 vgic_put_irq(vcpu->kvm, irq); 527 528 return ret; 529 } 530 531 /** 532 * kvm_vgic_reset_mapped_irq - Reset a mapped IRQ 533 * @vcpu: The VCPU pointer 534 * @vintid: The INTID of the interrupt 535 * 536 * Reset the active and pending states of a mapped interrupt. Kernel 537 * subsystems injecting mapped interrupts should reset their interrupt lines 538 * when we are doing a reset of the VM. 539 */ 540 void kvm_vgic_reset_mapped_irq(struct kvm_vcpu *vcpu, u32 vintid) 541 { 542 struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, vintid); 543 unsigned long flags; 544 545 if (!irq->hw) 546 goto out; 547 548 raw_spin_lock_irqsave(&irq->irq_lock, flags); 549 irq->active = false; 550 irq->pending_latch = false; 551 irq->line_level = false; 552 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 553 out: 554 vgic_put_irq(vcpu->kvm, irq); 555 } 556 557 int kvm_vgic_unmap_phys_irq(struct kvm_vcpu *vcpu, unsigned int vintid) 558 { 559 struct vgic_irq *irq; 560 unsigned long flags; 561 562 if (!vgic_initialized(vcpu->kvm)) 563 return -EAGAIN; 564 565 irq = vgic_get_irq(vcpu->kvm, vcpu, vintid); 566 BUG_ON(!irq); 567 568 raw_spin_lock_irqsave(&irq->irq_lock, flags); 569 kvm_vgic_unmap_irq(irq); 570 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 571 vgic_put_irq(vcpu->kvm, irq); 572 573 return 0; 574 } 575 576 int kvm_vgic_get_map(struct kvm_vcpu *vcpu, unsigned int vintid) 577 { 578 struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, vintid); 579 unsigned long flags; 580 int ret = -1; 581 582 raw_spin_lock_irqsave(&irq->irq_lock, flags); 583 if (irq->hw) 584 ret = irq->hwintid; 585 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 586 587 vgic_put_irq(vcpu->kvm, irq); 588 return ret; 589 } 590 591 /** 592 * kvm_vgic_set_owner - Set the owner of an interrupt for a VM 593 * 594 * @vcpu: Pointer to the VCPU (used for PPIs) 595 * @intid: The virtual INTID identifying the interrupt (PPI or SPI) 596 * @owner: Opaque pointer to the owner 597 * 598 * Returns 0 if intid is not already used by another in-kernel device and the 599 * owner is set, otherwise returns an error code. 600 */ 601 int kvm_vgic_set_owner(struct kvm_vcpu *vcpu, unsigned int intid, void *owner) 602 { 603 struct vgic_irq *irq; 604 unsigned long flags; 605 int ret = 0; 606 607 if (!vgic_initialized(vcpu->kvm)) 608 return -EAGAIN; 609 610 /* SGIs and LPIs cannot be wired up to any device */ 611 if (!irq_is_ppi(intid) && !vgic_valid_spi(vcpu->kvm, intid)) 612 return -EINVAL; 613 614 irq = vgic_get_irq(vcpu->kvm, vcpu, intid); 615 raw_spin_lock_irqsave(&irq->irq_lock, flags); 616 if (irq->owner && irq->owner != owner) 617 ret = -EEXIST; 618 else 619 irq->owner = owner; 620 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 621 622 return ret; 623 } 624 625 /** 626 * vgic_prune_ap_list - Remove non-relevant interrupts from the list 627 * 628 * @vcpu: The VCPU pointer 629 * 630 * Go over the list of "interesting" interrupts, and prune those that we 631 * won't have to consider in the near future. 632 */ 633 static void vgic_prune_ap_list(struct kvm_vcpu *vcpu) 634 { 635 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 636 struct vgic_irq *irq, *tmp; 637 638 DEBUG_SPINLOCK_BUG_ON(!irqs_disabled()); 639 640 retry: 641 raw_spin_lock(&vgic_cpu->ap_list_lock); 642 643 list_for_each_entry_safe(irq, tmp, &vgic_cpu->ap_list_head, ap_list) { 644 struct kvm_vcpu *target_vcpu, *vcpuA, *vcpuB; 645 bool target_vcpu_needs_kick = false; 646 647 raw_spin_lock(&irq->irq_lock); 648 649 BUG_ON(vcpu != irq->vcpu); 650 651 target_vcpu = vgic_target_oracle(irq); 652 653 if (!target_vcpu) { 654 /* 655 * We don't need to process this interrupt any 656 * further, move it off the list. 657 */ 658 list_del(&irq->ap_list); 659 irq->vcpu = NULL; 660 raw_spin_unlock(&irq->irq_lock); 661 662 /* 663 * This vgic_put_irq call matches the 664 * vgic_get_irq_kref in vgic_queue_irq_unlock, 665 * where we added the LPI to the ap_list. As 666 * we remove the irq from the list, we drop 667 * also drop the refcount. 668 */ 669 vgic_put_irq(vcpu->kvm, irq); 670 continue; 671 } 672 673 if (target_vcpu == vcpu) { 674 /* We're on the right CPU */ 675 raw_spin_unlock(&irq->irq_lock); 676 continue; 677 } 678 679 /* This interrupt looks like it has to be migrated. */ 680 681 raw_spin_unlock(&irq->irq_lock); 682 raw_spin_unlock(&vgic_cpu->ap_list_lock); 683 684 /* 685 * Ensure locking order by always locking the smallest 686 * ID first. 687 */ 688 if (vcpu->vcpu_id < target_vcpu->vcpu_id) { 689 vcpuA = vcpu; 690 vcpuB = target_vcpu; 691 } else { 692 vcpuA = target_vcpu; 693 vcpuB = vcpu; 694 } 695 696 raw_spin_lock(&vcpuA->arch.vgic_cpu.ap_list_lock); 697 raw_spin_lock_nested(&vcpuB->arch.vgic_cpu.ap_list_lock, 698 SINGLE_DEPTH_NESTING); 699 raw_spin_lock(&irq->irq_lock); 700 701 /* 702 * If the affinity has been preserved, move the 703 * interrupt around. Otherwise, it means things have 704 * changed while the interrupt was unlocked, and we 705 * need to replay this. 706 * 707 * In all cases, we cannot trust the list not to have 708 * changed, so we restart from the beginning. 709 */ 710 if (target_vcpu == vgic_target_oracle(irq)) { 711 struct vgic_cpu *new_cpu = &target_vcpu->arch.vgic_cpu; 712 713 list_del(&irq->ap_list); 714 irq->vcpu = target_vcpu; 715 list_add_tail(&irq->ap_list, &new_cpu->ap_list_head); 716 target_vcpu_needs_kick = true; 717 } 718 719 raw_spin_unlock(&irq->irq_lock); 720 raw_spin_unlock(&vcpuB->arch.vgic_cpu.ap_list_lock); 721 raw_spin_unlock(&vcpuA->arch.vgic_cpu.ap_list_lock); 722 723 if (target_vcpu_needs_kick) { 724 kvm_make_request(KVM_REQ_IRQ_PENDING, target_vcpu); 725 kvm_vcpu_kick(target_vcpu); 726 } 727 728 goto retry; 729 } 730 731 raw_spin_unlock(&vgic_cpu->ap_list_lock); 732 } 733 734 static inline void vgic_fold_lr_state(struct kvm_vcpu *vcpu) 735 { 736 if (kvm_vgic_global_state.type == VGIC_V2) 737 vgic_v2_fold_lr_state(vcpu); 738 else 739 vgic_v3_fold_lr_state(vcpu); 740 } 741 742 /* Requires the irq_lock to be held. */ 743 static inline void vgic_populate_lr(struct kvm_vcpu *vcpu, 744 struct vgic_irq *irq, int lr) 745 { 746 lockdep_assert_held(&irq->irq_lock); 747 748 if (kvm_vgic_global_state.type == VGIC_V2) 749 vgic_v2_populate_lr(vcpu, irq, lr); 750 else 751 vgic_v3_populate_lr(vcpu, irq, lr); 752 } 753 754 static inline void vgic_clear_lr(struct kvm_vcpu *vcpu, int lr) 755 { 756 if (kvm_vgic_global_state.type == VGIC_V2) 757 vgic_v2_clear_lr(vcpu, lr); 758 else 759 vgic_v3_clear_lr(vcpu, lr); 760 } 761 762 static inline void vgic_set_underflow(struct kvm_vcpu *vcpu) 763 { 764 if (kvm_vgic_global_state.type == VGIC_V2) 765 vgic_v2_set_underflow(vcpu); 766 else 767 vgic_v3_set_underflow(vcpu); 768 } 769 770 /* Requires the ap_list_lock to be held. */ 771 static int compute_ap_list_depth(struct kvm_vcpu *vcpu, 772 bool *multi_sgi) 773 { 774 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 775 struct vgic_irq *irq; 776 int count = 0; 777 778 *multi_sgi = false; 779 780 lockdep_assert_held(&vgic_cpu->ap_list_lock); 781 782 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { 783 int w; 784 785 raw_spin_lock(&irq->irq_lock); 786 /* GICv2 SGIs can count for more than one... */ 787 w = vgic_irq_get_lr_count(irq); 788 raw_spin_unlock(&irq->irq_lock); 789 790 count += w; 791 *multi_sgi |= (w > 1); 792 } 793 return count; 794 } 795 796 /* Requires the VCPU's ap_list_lock to be held. */ 797 static void vgic_flush_lr_state(struct kvm_vcpu *vcpu) 798 { 799 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 800 struct vgic_irq *irq; 801 int count; 802 bool multi_sgi; 803 u8 prio = 0xff; 804 int i = 0; 805 806 lockdep_assert_held(&vgic_cpu->ap_list_lock); 807 808 count = compute_ap_list_depth(vcpu, &multi_sgi); 809 if (count > kvm_vgic_global_state.nr_lr || multi_sgi) 810 vgic_sort_ap_list(vcpu); 811 812 count = 0; 813 814 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { 815 raw_spin_lock(&irq->irq_lock); 816 817 /* 818 * If we have multi-SGIs in the pipeline, we need to 819 * guarantee that they are all seen before any IRQ of 820 * lower priority. In that case, we need to filter out 821 * these interrupts by exiting early. This is easy as 822 * the AP list has been sorted already. 823 */ 824 if (multi_sgi && irq->priority > prio) { 825 _raw_spin_unlock(&irq->irq_lock); 826 break; 827 } 828 829 if (likely(vgic_target_oracle(irq) == vcpu)) { 830 vgic_populate_lr(vcpu, irq, count++); 831 832 if (irq->source) 833 prio = irq->priority; 834 } 835 836 raw_spin_unlock(&irq->irq_lock); 837 838 if (count == kvm_vgic_global_state.nr_lr) { 839 if (!list_is_last(&irq->ap_list, 840 &vgic_cpu->ap_list_head)) 841 vgic_set_underflow(vcpu); 842 break; 843 } 844 } 845 846 /* Nuke remaining LRs */ 847 for (i = count ; i < kvm_vgic_global_state.nr_lr; i++) 848 vgic_clear_lr(vcpu, i); 849 850 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 851 vcpu->arch.vgic_cpu.vgic_v2.used_lrs = count; 852 else 853 vcpu->arch.vgic_cpu.vgic_v3.used_lrs = count; 854 } 855 856 static inline bool can_access_vgic_from_kernel(void) 857 { 858 /* 859 * GICv2 can always be accessed from the kernel because it is 860 * memory-mapped, and VHE systems can access GICv3 EL2 system 861 * registers. 862 */ 863 return !static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif) || has_vhe(); 864 } 865 866 static inline void vgic_save_state(struct kvm_vcpu *vcpu) 867 { 868 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 869 vgic_v2_save_state(vcpu); 870 else 871 __vgic_v3_save_state(&vcpu->arch.vgic_cpu.vgic_v3); 872 } 873 874 /* Sync back the hardware VGIC state into our emulation after a guest's run. */ 875 void kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu) 876 { 877 int used_lrs; 878 879 /* An empty ap_list_head implies used_lrs == 0 */ 880 if (list_empty(&vcpu->arch.vgic_cpu.ap_list_head)) 881 return; 882 883 if (can_access_vgic_from_kernel()) 884 vgic_save_state(vcpu); 885 886 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 887 used_lrs = vcpu->arch.vgic_cpu.vgic_v2.used_lrs; 888 else 889 used_lrs = vcpu->arch.vgic_cpu.vgic_v3.used_lrs; 890 891 if (used_lrs) 892 vgic_fold_lr_state(vcpu); 893 vgic_prune_ap_list(vcpu); 894 } 895 896 static inline void vgic_restore_state(struct kvm_vcpu *vcpu) 897 { 898 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 899 vgic_v2_restore_state(vcpu); 900 else 901 __vgic_v3_restore_state(&vcpu->arch.vgic_cpu.vgic_v3); 902 } 903 904 /* Flush our emulation state into the GIC hardware before entering the guest. */ 905 void kvm_vgic_flush_hwstate(struct kvm_vcpu *vcpu) 906 { 907 /* 908 * If there are no virtual interrupts active or pending for this 909 * VCPU, then there is no work to do and we can bail out without 910 * taking any lock. There is a potential race with someone injecting 911 * interrupts to the VCPU, but it is a benign race as the VCPU will 912 * either observe the new interrupt before or after doing this check, 913 * and introducing additional synchronization mechanism doesn't change 914 * this. 915 * 916 * Note that we still need to go through the whole thing if anything 917 * can be directly injected (GICv4). 918 */ 919 if (list_empty(&vcpu->arch.vgic_cpu.ap_list_head) && 920 !vgic_supports_direct_msis(vcpu->kvm)) 921 return; 922 923 DEBUG_SPINLOCK_BUG_ON(!irqs_disabled()); 924 925 if (!list_empty(&vcpu->arch.vgic_cpu.ap_list_head)) { 926 raw_spin_lock(&vcpu->arch.vgic_cpu.ap_list_lock); 927 vgic_flush_lr_state(vcpu); 928 raw_spin_unlock(&vcpu->arch.vgic_cpu.ap_list_lock); 929 } 930 931 if (can_access_vgic_from_kernel()) 932 vgic_restore_state(vcpu); 933 934 if (vgic_supports_direct_msis(vcpu->kvm)) 935 vgic_v4_commit(vcpu); 936 } 937 938 void kvm_vgic_load(struct kvm_vcpu *vcpu) 939 { 940 if (unlikely(!vgic_initialized(vcpu->kvm))) 941 return; 942 943 if (kvm_vgic_global_state.type == VGIC_V2) 944 vgic_v2_load(vcpu); 945 else 946 vgic_v3_load(vcpu); 947 } 948 949 void kvm_vgic_put(struct kvm_vcpu *vcpu) 950 { 951 if (unlikely(!vgic_initialized(vcpu->kvm))) 952 return; 953 954 if (kvm_vgic_global_state.type == VGIC_V2) 955 vgic_v2_put(vcpu); 956 else 957 vgic_v3_put(vcpu); 958 } 959 960 void kvm_vgic_vmcr_sync(struct kvm_vcpu *vcpu) 961 { 962 if (unlikely(!irqchip_in_kernel(vcpu->kvm))) 963 return; 964 965 if (kvm_vgic_global_state.type == VGIC_V2) 966 vgic_v2_vmcr_sync(vcpu); 967 else 968 vgic_v3_vmcr_sync(vcpu); 969 } 970 971 int kvm_vgic_vcpu_pending_irq(struct kvm_vcpu *vcpu) 972 { 973 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 974 struct vgic_irq *irq; 975 bool pending = false; 976 unsigned long flags; 977 struct vgic_vmcr vmcr; 978 979 if (!vcpu->kvm->arch.vgic.enabled) 980 return false; 981 982 if (vcpu->arch.vgic_cpu.vgic_v3.its_vpe.pending_last) 983 return true; 984 985 vgic_get_vmcr(vcpu, &vmcr); 986 987 raw_spin_lock_irqsave(&vgic_cpu->ap_list_lock, flags); 988 989 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { 990 raw_spin_lock(&irq->irq_lock); 991 pending = irq_is_pending(irq) && irq->enabled && 992 !irq->active && 993 irq->priority < vmcr.pmr; 994 raw_spin_unlock(&irq->irq_lock); 995 996 if (pending) 997 break; 998 } 999 1000 raw_spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags); 1001 1002 return pending; 1003 } 1004 1005 void vgic_kick_vcpus(struct kvm *kvm) 1006 { 1007 struct kvm_vcpu *vcpu; 1008 unsigned long c; 1009 1010 /* 1011 * We've injected an interrupt, time to find out who deserves 1012 * a good kick... 1013 */ 1014 kvm_for_each_vcpu(c, vcpu, kvm) { 1015 if (kvm_vgic_vcpu_pending_irq(vcpu)) { 1016 kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); 1017 kvm_vcpu_kick(vcpu); 1018 } 1019 } 1020 } 1021 1022 bool kvm_vgic_map_is_active(struct kvm_vcpu *vcpu, unsigned int vintid) 1023 { 1024 struct vgic_irq *irq; 1025 bool map_is_active; 1026 unsigned long flags; 1027 1028 if (!vgic_initialized(vcpu->kvm)) 1029 return false; 1030 1031 irq = vgic_get_irq(vcpu->kvm, vcpu, vintid); 1032 raw_spin_lock_irqsave(&irq->irq_lock, flags); 1033 map_is_active = irq->hw && irq->active; 1034 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 1035 vgic_put_irq(vcpu->kvm, irq); 1036 1037 return map_is_active; 1038 } 1039 1040 /* 1041 * Level-triggered mapped IRQs are special because we only observe rising 1042 * edges as input to the VGIC. 1043 * 1044 * If the guest never acked the interrupt we have to sample the physical 1045 * line and set the line level, because the device state could have changed 1046 * or we simply need to process the still pending interrupt later. 1047 * 1048 * We could also have entered the guest with the interrupt active+pending. 1049 * On the next exit, we need to re-evaluate the pending state, as it could 1050 * otherwise result in a spurious interrupt by injecting a now potentially 1051 * stale pending state. 1052 * 1053 * If this causes us to lower the level, we have to also clear the physical 1054 * active state, since we will otherwise never be told when the interrupt 1055 * becomes asserted again. 1056 * 1057 * Another case is when the interrupt requires a helping hand on 1058 * deactivation (no HW deactivation, for example). 1059 */ 1060 void vgic_irq_handle_resampling(struct vgic_irq *irq, 1061 bool lr_deactivated, bool lr_pending) 1062 { 1063 if (vgic_irq_is_mapped_level(irq)) { 1064 bool resample = false; 1065 1066 if (unlikely(vgic_irq_needs_resampling(irq))) { 1067 resample = !(irq->active || irq->pending_latch); 1068 } else if (lr_pending || (lr_deactivated && irq->line_level)) { 1069 irq->line_level = vgic_get_phys_line_level(irq); 1070 resample = !irq->line_level; 1071 } 1072 1073 if (resample) 1074 vgic_irq_set_phys_active(irq, false); 1075 } 1076 } 1077