1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2015, 2016 ARM Ltd. 4 */ 5 6 #include <linux/interrupt.h> 7 #include <linux/irq.h> 8 #include <linux/kvm.h> 9 #include <linux/kvm_host.h> 10 #include <linux/list_sort.h> 11 #include <linux/nospec.h> 12 13 #include <asm/kvm_hyp.h> 14 15 #include "vgic.h" 16 17 #define CREATE_TRACE_POINTS 18 #include "trace.h" 19 20 struct vgic_global kvm_vgic_global_state __ro_after_init = { 21 .gicv3_cpuif = STATIC_KEY_FALSE_INIT, 22 }; 23 24 /* 25 * Locking order is always: 26 * kvm->lock (mutex) 27 * vcpu->mutex (mutex) 28 * kvm->arch.config_lock (mutex) 29 * its->cmd_lock (mutex) 30 * its->its_lock (mutex) 31 * vgic_cpu->ap_list_lock must be taken with IRQs disabled 32 * vgic_dist->lpi_xa.xa_lock must be taken with IRQs disabled 33 * vgic_irq->irq_lock must be taken with IRQs disabled 34 * 35 * As the ap_list_lock might be taken from the timer interrupt handler, 36 * we have to disable IRQs before taking this lock and everything lower 37 * than it. 38 * 39 * The config_lock has additional ordering requirements: 40 * kvm->slots_lock 41 * kvm->srcu 42 * kvm->arch.config_lock 43 * 44 * If you need to take multiple locks, always take the upper lock first, 45 * then the lower ones, e.g. first take the its_lock, then the irq_lock. 46 * If you are already holding a lock and need to take a higher one, you 47 * have to drop the lower ranking lock first and re-acquire it after having 48 * taken the upper one. 49 * 50 * When taking more than one ap_list_lock at the same time, always take the 51 * lowest numbered VCPU's ap_list_lock first, so: 52 * vcpuX->vcpu_id < vcpuY->vcpu_id: 53 * raw_spin_lock(vcpuX->arch.vgic_cpu.ap_list_lock); 54 * raw_spin_lock(vcpuY->arch.vgic_cpu.ap_list_lock); 55 * 56 * Since the VGIC must support injecting virtual interrupts from ISRs, we have 57 * to use the raw_spin_lock_irqsave/raw_spin_unlock_irqrestore versions of outer 58 * spinlocks for any lock that may be taken while injecting an interrupt. 59 */ 60 61 /* 62 * Index the VM's xarray of mapped LPIs and return a reference to the IRQ 63 * structure. The caller is expected to call vgic_put_irq() later once it's 64 * finished with the IRQ. 65 */ 66 static struct vgic_irq *vgic_get_lpi(struct kvm *kvm, u32 intid) 67 { 68 struct vgic_dist *dist = &kvm->arch.vgic; 69 struct vgic_irq *irq = NULL; 70 71 rcu_read_lock(); 72 73 irq = xa_load(&dist->lpi_xa, intid); 74 if (!vgic_try_get_irq_kref(irq)) 75 irq = NULL; 76 77 rcu_read_unlock(); 78 79 return irq; 80 } 81 82 /* 83 * This looks up the virtual interrupt ID to get the corresponding 84 * struct vgic_irq. It also increases the refcount, so any caller is expected 85 * to call vgic_put_irq() once it's finished with this IRQ. 86 */ 87 struct vgic_irq *vgic_get_irq(struct kvm *kvm, u32 intid) 88 { 89 /* SPIs */ 90 if (intid >= VGIC_NR_PRIVATE_IRQS && 91 intid < (kvm->arch.vgic.nr_spis + VGIC_NR_PRIVATE_IRQS)) { 92 intid = array_index_nospec(intid, kvm->arch.vgic.nr_spis + VGIC_NR_PRIVATE_IRQS); 93 return &kvm->arch.vgic.spis[intid - VGIC_NR_PRIVATE_IRQS]; 94 } 95 96 /* LPIs */ 97 if (intid >= VGIC_MIN_LPI) 98 return vgic_get_lpi(kvm, intid); 99 100 return NULL; 101 } 102 103 struct vgic_irq *vgic_get_vcpu_irq(struct kvm_vcpu *vcpu, u32 intid) 104 { 105 if (WARN_ON(!vcpu)) 106 return NULL; 107 108 /* SGIs and PPIs */ 109 if (intid < VGIC_NR_PRIVATE_IRQS) { 110 intid = array_index_nospec(intid, VGIC_NR_PRIVATE_IRQS); 111 return &vcpu->arch.vgic_cpu.private_irqs[intid]; 112 } 113 114 return vgic_get_irq(vcpu->kvm, intid); 115 } 116 117 /* 118 * We can't do anything in here, because we lack the kvm pointer to 119 * lock and remove the item from the lpi_list. So we keep this function 120 * empty and use the return value of kref_put() to trigger the freeing. 121 */ 122 static void vgic_irq_release(struct kref *ref) 123 { 124 } 125 126 void vgic_put_irq(struct kvm *kvm, struct vgic_irq *irq) 127 { 128 struct vgic_dist *dist = &kvm->arch.vgic; 129 unsigned long flags; 130 131 if (irq->intid < VGIC_MIN_LPI) 132 return; 133 134 if (!kref_put(&irq->refcount, vgic_irq_release)) 135 return; 136 137 xa_lock_irqsave(&dist->lpi_xa, flags); 138 __xa_erase(&dist->lpi_xa, irq->intid); 139 xa_unlock_irqrestore(&dist->lpi_xa, flags); 140 141 kfree_rcu(irq, rcu); 142 } 143 144 void vgic_flush_pending_lpis(struct kvm_vcpu *vcpu) 145 { 146 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 147 struct vgic_irq *irq, *tmp; 148 unsigned long flags; 149 150 raw_spin_lock_irqsave(&vgic_cpu->ap_list_lock, flags); 151 152 list_for_each_entry_safe(irq, tmp, &vgic_cpu->ap_list_head, ap_list) { 153 if (irq->intid >= VGIC_MIN_LPI) { 154 raw_spin_lock(&irq->irq_lock); 155 list_del(&irq->ap_list); 156 irq->vcpu = NULL; 157 raw_spin_unlock(&irq->irq_lock); 158 vgic_put_irq(vcpu->kvm, irq); 159 } 160 } 161 162 raw_spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags); 163 } 164 165 void vgic_irq_set_phys_pending(struct vgic_irq *irq, bool pending) 166 { 167 WARN_ON(irq_set_irqchip_state(irq->host_irq, 168 IRQCHIP_STATE_PENDING, 169 pending)); 170 } 171 172 bool vgic_get_phys_line_level(struct vgic_irq *irq) 173 { 174 bool line_level; 175 176 BUG_ON(!irq->hw); 177 178 if (irq->ops && irq->ops->get_input_level) 179 return irq->ops->get_input_level(irq->intid); 180 181 WARN_ON(irq_get_irqchip_state(irq->host_irq, 182 IRQCHIP_STATE_PENDING, 183 &line_level)); 184 return line_level; 185 } 186 187 /* Set/Clear the physical active state */ 188 void vgic_irq_set_phys_active(struct vgic_irq *irq, bool active) 189 { 190 191 BUG_ON(!irq->hw); 192 WARN_ON(irq_set_irqchip_state(irq->host_irq, 193 IRQCHIP_STATE_ACTIVE, 194 active)); 195 } 196 197 /** 198 * vgic_target_oracle - compute the target vcpu for an irq 199 * 200 * @irq: The irq to route. Must be already locked. 201 * 202 * Based on the current state of the interrupt (enabled, pending, 203 * active, vcpu and target_vcpu), compute the next vcpu this should be 204 * given to. Return NULL if this shouldn't be injected at all. 205 * 206 * Requires the IRQ lock to be held. 207 */ 208 static struct kvm_vcpu *vgic_target_oracle(struct vgic_irq *irq) 209 { 210 lockdep_assert_held(&irq->irq_lock); 211 212 /* If the interrupt is active, it must stay on the current vcpu */ 213 if (irq->active) 214 return irq->vcpu ? : irq->target_vcpu; 215 216 /* 217 * If the IRQ is not active but enabled and pending, we should direct 218 * it to its configured target VCPU. 219 * If the distributor is disabled, pending interrupts shouldn't be 220 * forwarded. 221 */ 222 if (irq->enabled && irq_is_pending(irq)) { 223 if (unlikely(irq->target_vcpu && 224 !irq->target_vcpu->kvm->arch.vgic.enabled)) 225 return NULL; 226 227 return irq->target_vcpu; 228 } 229 230 /* If neither active nor pending and enabled, then this IRQ should not 231 * be queued to any VCPU. 232 */ 233 return NULL; 234 } 235 236 /* 237 * The order of items in the ap_lists defines how we'll pack things in LRs as 238 * well, the first items in the list being the first things populated in the 239 * LRs. 240 * 241 * A hard rule is that active interrupts can never be pushed out of the LRs 242 * (and therefore take priority) since we cannot reliably trap on deactivation 243 * of IRQs and therefore they have to be present in the LRs. 244 * 245 * Otherwise things should be sorted by the priority field and the GIC 246 * hardware support will take care of preemption of priority groups etc. 247 * 248 * Return negative if "a" sorts before "b", 0 to preserve order, and positive 249 * to sort "b" before "a". 250 */ 251 static int vgic_irq_cmp(void *priv, const struct list_head *a, 252 const struct list_head *b) 253 { 254 struct vgic_irq *irqa = container_of(a, struct vgic_irq, ap_list); 255 struct vgic_irq *irqb = container_of(b, struct vgic_irq, ap_list); 256 bool penda, pendb; 257 int ret; 258 259 /* 260 * list_sort may call this function with the same element when 261 * the list is fairly long. 262 */ 263 if (unlikely(irqa == irqb)) 264 return 0; 265 266 raw_spin_lock(&irqa->irq_lock); 267 raw_spin_lock_nested(&irqb->irq_lock, SINGLE_DEPTH_NESTING); 268 269 if (irqa->active || irqb->active) { 270 ret = (int)irqb->active - (int)irqa->active; 271 goto out; 272 } 273 274 penda = irqa->enabled && irq_is_pending(irqa); 275 pendb = irqb->enabled && irq_is_pending(irqb); 276 277 if (!penda || !pendb) { 278 ret = (int)pendb - (int)penda; 279 goto out; 280 } 281 282 /* Both pending and enabled, sort by priority */ 283 ret = irqa->priority - irqb->priority; 284 out: 285 raw_spin_unlock(&irqb->irq_lock); 286 raw_spin_unlock(&irqa->irq_lock); 287 return ret; 288 } 289 290 /* Must be called with the ap_list_lock held */ 291 static void vgic_sort_ap_list(struct kvm_vcpu *vcpu) 292 { 293 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 294 295 lockdep_assert_held(&vgic_cpu->ap_list_lock); 296 297 list_sort(NULL, &vgic_cpu->ap_list_head, vgic_irq_cmp); 298 } 299 300 /* 301 * Only valid injection if changing level for level-triggered IRQs or for a 302 * rising edge, and in-kernel connected IRQ lines can only be controlled by 303 * their owner. 304 */ 305 static bool vgic_validate_injection(struct vgic_irq *irq, bool level, void *owner) 306 { 307 if (irq->owner != owner) 308 return false; 309 310 switch (irq->config) { 311 case VGIC_CONFIG_LEVEL: 312 return irq->line_level != level; 313 case VGIC_CONFIG_EDGE: 314 return level; 315 } 316 317 return false; 318 } 319 320 /* 321 * Check whether an IRQ needs to (and can) be queued to a VCPU's ap list. 322 * Do the queuing if necessary, taking the right locks in the right order. 323 * Returns true when the IRQ was queued, false otherwise. 324 * 325 * Needs to be entered with the IRQ lock already held, but will return 326 * with all locks dropped. 327 */ 328 bool vgic_queue_irq_unlock(struct kvm *kvm, struct vgic_irq *irq, 329 unsigned long flags) __releases(&irq->irq_lock) 330 { 331 struct kvm_vcpu *vcpu; 332 333 lockdep_assert_held(&irq->irq_lock); 334 335 retry: 336 vcpu = vgic_target_oracle(irq); 337 if (irq->vcpu || !vcpu) { 338 /* 339 * If this IRQ is already on a VCPU's ap_list, then it 340 * cannot be moved or modified and there is no more work for 341 * us to do. 342 * 343 * Otherwise, if the irq is not pending and enabled, it does 344 * not need to be inserted into an ap_list and there is also 345 * no more work for us to do. 346 */ 347 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 348 349 /* 350 * We have to kick the VCPU here, because we could be 351 * queueing an edge-triggered interrupt for which we 352 * get no EOI maintenance interrupt. In that case, 353 * while the IRQ is already on the VCPU's AP list, the 354 * VCPU could have EOI'ed the original interrupt and 355 * won't see this one until it exits for some other 356 * reason. 357 */ 358 if (vcpu) { 359 kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); 360 kvm_vcpu_kick(vcpu); 361 } 362 return false; 363 } 364 365 /* 366 * We must unlock the irq lock to take the ap_list_lock where 367 * we are going to insert this new pending interrupt. 368 */ 369 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 370 371 /* someone can do stuff here, which we re-check below */ 372 373 raw_spin_lock_irqsave(&vcpu->arch.vgic_cpu.ap_list_lock, flags); 374 raw_spin_lock(&irq->irq_lock); 375 376 /* 377 * Did something change behind our backs? 378 * 379 * There are two cases: 380 * 1) The irq lost its pending state or was disabled behind our 381 * backs and/or it was queued to another VCPU's ap_list. 382 * 2) Someone changed the affinity on this irq behind our 383 * backs and we are now holding the wrong ap_list_lock. 384 * 385 * In both cases, drop the locks and retry. 386 */ 387 388 if (unlikely(irq->vcpu || vcpu != vgic_target_oracle(irq))) { 389 raw_spin_unlock(&irq->irq_lock); 390 raw_spin_unlock_irqrestore(&vcpu->arch.vgic_cpu.ap_list_lock, 391 flags); 392 393 raw_spin_lock_irqsave(&irq->irq_lock, flags); 394 goto retry; 395 } 396 397 /* 398 * Grab a reference to the irq to reflect the fact that it is 399 * now in the ap_list. This is safe as the caller must already hold a 400 * reference on the irq. 401 */ 402 vgic_get_irq_kref(irq); 403 list_add_tail(&irq->ap_list, &vcpu->arch.vgic_cpu.ap_list_head); 404 irq->vcpu = vcpu; 405 406 raw_spin_unlock(&irq->irq_lock); 407 raw_spin_unlock_irqrestore(&vcpu->arch.vgic_cpu.ap_list_lock, flags); 408 409 kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); 410 kvm_vcpu_kick(vcpu); 411 412 return true; 413 } 414 415 /** 416 * kvm_vgic_inject_irq - Inject an IRQ from a device to the vgic 417 * @kvm: The VM structure pointer 418 * @vcpu: The CPU for PPIs or NULL for global interrupts 419 * @intid: The INTID to inject a new state to. 420 * @level: Edge-triggered: true: to trigger the interrupt 421 * false: to ignore the call 422 * Level-sensitive true: raise the input signal 423 * false: lower the input signal 424 * @owner: The opaque pointer to the owner of the IRQ being raised to verify 425 * that the caller is allowed to inject this IRQ. Userspace 426 * injections will have owner == NULL. 427 * 428 * The VGIC is not concerned with devices being active-LOW or active-HIGH for 429 * level-sensitive interrupts. You can think of the level parameter as 1 430 * being HIGH and 0 being LOW and all devices being active-HIGH. 431 */ 432 int kvm_vgic_inject_irq(struct kvm *kvm, struct kvm_vcpu *vcpu, 433 unsigned int intid, bool level, void *owner) 434 { 435 struct vgic_irq *irq; 436 unsigned long flags; 437 int ret; 438 439 ret = vgic_lazy_init(kvm); 440 if (ret) 441 return ret; 442 443 if (!vcpu && intid < VGIC_NR_PRIVATE_IRQS) 444 return -EINVAL; 445 446 trace_vgic_update_irq_pending(vcpu ? vcpu->vcpu_idx : 0, intid, level); 447 448 if (intid < VGIC_NR_PRIVATE_IRQS) 449 irq = vgic_get_vcpu_irq(vcpu, intid); 450 else 451 irq = vgic_get_irq(kvm, intid); 452 if (!irq) 453 return -EINVAL; 454 455 raw_spin_lock_irqsave(&irq->irq_lock, flags); 456 457 if (!vgic_validate_injection(irq, level, owner)) { 458 /* Nothing to see here, move along... */ 459 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 460 vgic_put_irq(kvm, irq); 461 return 0; 462 } 463 464 if (irq->config == VGIC_CONFIG_LEVEL) 465 irq->line_level = level; 466 else 467 irq->pending_latch = true; 468 469 vgic_queue_irq_unlock(kvm, irq, flags); 470 vgic_put_irq(kvm, irq); 471 472 return 0; 473 } 474 475 /* @irq->irq_lock must be held */ 476 static int kvm_vgic_map_irq(struct kvm_vcpu *vcpu, struct vgic_irq *irq, 477 unsigned int host_irq, 478 struct irq_ops *ops) 479 { 480 struct irq_desc *desc; 481 struct irq_data *data; 482 483 /* 484 * Find the physical IRQ number corresponding to @host_irq 485 */ 486 desc = irq_to_desc(host_irq); 487 if (!desc) { 488 kvm_err("%s: no interrupt descriptor\n", __func__); 489 return -EINVAL; 490 } 491 data = irq_desc_get_irq_data(desc); 492 while (data->parent_data) 493 data = data->parent_data; 494 495 irq->hw = true; 496 irq->host_irq = host_irq; 497 irq->hwintid = data->hwirq; 498 irq->ops = ops; 499 return 0; 500 } 501 502 /* @irq->irq_lock must be held */ 503 static inline void kvm_vgic_unmap_irq(struct vgic_irq *irq) 504 { 505 irq->hw = false; 506 irq->hwintid = 0; 507 irq->ops = NULL; 508 } 509 510 int kvm_vgic_map_phys_irq(struct kvm_vcpu *vcpu, unsigned int host_irq, 511 u32 vintid, struct irq_ops *ops) 512 { 513 struct vgic_irq *irq = vgic_get_vcpu_irq(vcpu, vintid); 514 unsigned long flags; 515 int ret; 516 517 BUG_ON(!irq); 518 519 raw_spin_lock_irqsave(&irq->irq_lock, flags); 520 ret = kvm_vgic_map_irq(vcpu, irq, host_irq, ops); 521 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 522 vgic_put_irq(vcpu->kvm, irq); 523 524 return ret; 525 } 526 527 /** 528 * kvm_vgic_reset_mapped_irq - Reset a mapped IRQ 529 * @vcpu: The VCPU pointer 530 * @vintid: The INTID of the interrupt 531 * 532 * Reset the active and pending states of a mapped interrupt. Kernel 533 * subsystems injecting mapped interrupts should reset their interrupt lines 534 * when we are doing a reset of the VM. 535 */ 536 void kvm_vgic_reset_mapped_irq(struct kvm_vcpu *vcpu, u32 vintid) 537 { 538 struct vgic_irq *irq = vgic_get_vcpu_irq(vcpu, vintid); 539 unsigned long flags; 540 541 if (!irq->hw) 542 goto out; 543 544 raw_spin_lock_irqsave(&irq->irq_lock, flags); 545 irq->active = false; 546 irq->pending_latch = false; 547 irq->line_level = false; 548 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 549 out: 550 vgic_put_irq(vcpu->kvm, irq); 551 } 552 553 int kvm_vgic_unmap_phys_irq(struct kvm_vcpu *vcpu, unsigned int vintid) 554 { 555 struct vgic_irq *irq; 556 unsigned long flags; 557 558 if (!vgic_initialized(vcpu->kvm)) 559 return -EAGAIN; 560 561 irq = vgic_get_vcpu_irq(vcpu, vintid); 562 BUG_ON(!irq); 563 564 raw_spin_lock_irqsave(&irq->irq_lock, flags); 565 kvm_vgic_unmap_irq(irq); 566 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 567 vgic_put_irq(vcpu->kvm, irq); 568 569 return 0; 570 } 571 572 int kvm_vgic_get_map(struct kvm_vcpu *vcpu, unsigned int vintid) 573 { 574 struct vgic_irq *irq = vgic_get_vcpu_irq(vcpu, vintid); 575 unsigned long flags; 576 int ret = -1; 577 578 raw_spin_lock_irqsave(&irq->irq_lock, flags); 579 if (irq->hw) 580 ret = irq->hwintid; 581 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 582 583 vgic_put_irq(vcpu->kvm, irq); 584 return ret; 585 } 586 587 /** 588 * kvm_vgic_set_owner - Set the owner of an interrupt for a VM 589 * 590 * @vcpu: Pointer to the VCPU (used for PPIs) 591 * @intid: The virtual INTID identifying the interrupt (PPI or SPI) 592 * @owner: Opaque pointer to the owner 593 * 594 * Returns 0 if intid is not already used by another in-kernel device and the 595 * owner is set, otherwise returns an error code. 596 */ 597 int kvm_vgic_set_owner(struct kvm_vcpu *vcpu, unsigned int intid, void *owner) 598 { 599 struct vgic_irq *irq; 600 unsigned long flags; 601 int ret = 0; 602 603 if (!vgic_initialized(vcpu->kvm)) 604 return -EAGAIN; 605 606 /* SGIs and LPIs cannot be wired up to any device */ 607 if (!irq_is_ppi(intid) && !vgic_valid_spi(vcpu->kvm, intid)) 608 return -EINVAL; 609 610 irq = vgic_get_vcpu_irq(vcpu, intid); 611 raw_spin_lock_irqsave(&irq->irq_lock, flags); 612 if (irq->owner && irq->owner != owner) 613 ret = -EEXIST; 614 else 615 irq->owner = owner; 616 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 617 618 return ret; 619 } 620 621 /** 622 * vgic_prune_ap_list - Remove non-relevant interrupts from the list 623 * 624 * @vcpu: The VCPU pointer 625 * 626 * Go over the list of "interesting" interrupts, and prune those that we 627 * won't have to consider in the near future. 628 */ 629 static void vgic_prune_ap_list(struct kvm_vcpu *vcpu) 630 { 631 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 632 struct vgic_irq *irq, *tmp; 633 634 DEBUG_SPINLOCK_BUG_ON(!irqs_disabled()); 635 636 retry: 637 raw_spin_lock(&vgic_cpu->ap_list_lock); 638 639 list_for_each_entry_safe(irq, tmp, &vgic_cpu->ap_list_head, ap_list) { 640 struct kvm_vcpu *target_vcpu, *vcpuA, *vcpuB; 641 bool target_vcpu_needs_kick = false; 642 643 raw_spin_lock(&irq->irq_lock); 644 645 BUG_ON(vcpu != irq->vcpu); 646 647 target_vcpu = vgic_target_oracle(irq); 648 649 if (!target_vcpu) { 650 /* 651 * We don't need to process this interrupt any 652 * further, move it off the list. 653 */ 654 list_del(&irq->ap_list); 655 irq->vcpu = NULL; 656 raw_spin_unlock(&irq->irq_lock); 657 658 /* 659 * This vgic_put_irq call matches the 660 * vgic_get_irq_kref in vgic_queue_irq_unlock, 661 * where we added the LPI to the ap_list. As 662 * we remove the irq from the list, we drop 663 * also drop the refcount. 664 */ 665 vgic_put_irq(vcpu->kvm, irq); 666 continue; 667 } 668 669 if (target_vcpu == vcpu) { 670 /* We're on the right CPU */ 671 raw_spin_unlock(&irq->irq_lock); 672 continue; 673 } 674 675 /* This interrupt looks like it has to be migrated. */ 676 677 raw_spin_unlock(&irq->irq_lock); 678 raw_spin_unlock(&vgic_cpu->ap_list_lock); 679 680 /* 681 * Ensure locking order by always locking the smallest 682 * ID first. 683 */ 684 if (vcpu->vcpu_id < target_vcpu->vcpu_id) { 685 vcpuA = vcpu; 686 vcpuB = target_vcpu; 687 } else { 688 vcpuA = target_vcpu; 689 vcpuB = vcpu; 690 } 691 692 raw_spin_lock(&vcpuA->arch.vgic_cpu.ap_list_lock); 693 raw_spin_lock_nested(&vcpuB->arch.vgic_cpu.ap_list_lock, 694 SINGLE_DEPTH_NESTING); 695 raw_spin_lock(&irq->irq_lock); 696 697 /* 698 * If the affinity has been preserved, move the 699 * interrupt around. Otherwise, it means things have 700 * changed while the interrupt was unlocked, and we 701 * need to replay this. 702 * 703 * In all cases, we cannot trust the list not to have 704 * changed, so we restart from the beginning. 705 */ 706 if (target_vcpu == vgic_target_oracle(irq)) { 707 struct vgic_cpu *new_cpu = &target_vcpu->arch.vgic_cpu; 708 709 list_del(&irq->ap_list); 710 irq->vcpu = target_vcpu; 711 list_add_tail(&irq->ap_list, &new_cpu->ap_list_head); 712 target_vcpu_needs_kick = true; 713 } 714 715 raw_spin_unlock(&irq->irq_lock); 716 raw_spin_unlock(&vcpuB->arch.vgic_cpu.ap_list_lock); 717 raw_spin_unlock(&vcpuA->arch.vgic_cpu.ap_list_lock); 718 719 if (target_vcpu_needs_kick) { 720 kvm_make_request(KVM_REQ_IRQ_PENDING, target_vcpu); 721 kvm_vcpu_kick(target_vcpu); 722 } 723 724 goto retry; 725 } 726 727 raw_spin_unlock(&vgic_cpu->ap_list_lock); 728 } 729 730 static inline void vgic_fold_lr_state(struct kvm_vcpu *vcpu) 731 { 732 if (kvm_vgic_global_state.type == VGIC_V2) 733 vgic_v2_fold_lr_state(vcpu); 734 else 735 vgic_v3_fold_lr_state(vcpu); 736 } 737 738 /* Requires the irq_lock to be held. */ 739 static inline void vgic_populate_lr(struct kvm_vcpu *vcpu, 740 struct vgic_irq *irq, int lr) 741 { 742 lockdep_assert_held(&irq->irq_lock); 743 744 if (kvm_vgic_global_state.type == VGIC_V2) 745 vgic_v2_populate_lr(vcpu, irq, lr); 746 else 747 vgic_v3_populate_lr(vcpu, irq, lr); 748 } 749 750 static inline void vgic_clear_lr(struct kvm_vcpu *vcpu, int lr) 751 { 752 if (kvm_vgic_global_state.type == VGIC_V2) 753 vgic_v2_clear_lr(vcpu, lr); 754 else 755 vgic_v3_clear_lr(vcpu, lr); 756 } 757 758 static inline void vgic_set_underflow(struct kvm_vcpu *vcpu) 759 { 760 if (kvm_vgic_global_state.type == VGIC_V2) 761 vgic_v2_set_underflow(vcpu); 762 else 763 vgic_v3_set_underflow(vcpu); 764 } 765 766 /* Requires the ap_list_lock to be held. */ 767 static int compute_ap_list_depth(struct kvm_vcpu *vcpu, 768 bool *multi_sgi) 769 { 770 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 771 struct vgic_irq *irq; 772 int count = 0; 773 774 *multi_sgi = false; 775 776 lockdep_assert_held(&vgic_cpu->ap_list_lock); 777 778 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { 779 int w; 780 781 raw_spin_lock(&irq->irq_lock); 782 /* GICv2 SGIs can count for more than one... */ 783 w = vgic_irq_get_lr_count(irq); 784 raw_spin_unlock(&irq->irq_lock); 785 786 count += w; 787 *multi_sgi |= (w > 1); 788 } 789 return count; 790 } 791 792 /* Requires the VCPU's ap_list_lock to be held. */ 793 static void vgic_flush_lr_state(struct kvm_vcpu *vcpu) 794 { 795 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 796 struct vgic_irq *irq; 797 int count; 798 bool multi_sgi; 799 u8 prio = 0xff; 800 int i = 0; 801 802 lockdep_assert_held(&vgic_cpu->ap_list_lock); 803 804 count = compute_ap_list_depth(vcpu, &multi_sgi); 805 if (count > kvm_vgic_global_state.nr_lr || multi_sgi) 806 vgic_sort_ap_list(vcpu); 807 808 count = 0; 809 810 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { 811 raw_spin_lock(&irq->irq_lock); 812 813 /* 814 * If we have multi-SGIs in the pipeline, we need to 815 * guarantee that they are all seen before any IRQ of 816 * lower priority. In that case, we need to filter out 817 * these interrupts by exiting early. This is easy as 818 * the AP list has been sorted already. 819 */ 820 if (multi_sgi && irq->priority > prio) { 821 _raw_spin_unlock(&irq->irq_lock); 822 break; 823 } 824 825 if (likely(vgic_target_oracle(irq) == vcpu)) { 826 vgic_populate_lr(vcpu, irq, count++); 827 828 if (irq->source) 829 prio = irq->priority; 830 } 831 832 raw_spin_unlock(&irq->irq_lock); 833 834 if (count == kvm_vgic_global_state.nr_lr) { 835 if (!list_is_last(&irq->ap_list, 836 &vgic_cpu->ap_list_head)) 837 vgic_set_underflow(vcpu); 838 break; 839 } 840 } 841 842 /* Nuke remaining LRs */ 843 for (i = count ; i < kvm_vgic_global_state.nr_lr; i++) 844 vgic_clear_lr(vcpu, i); 845 846 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 847 vcpu->arch.vgic_cpu.vgic_v2.used_lrs = count; 848 else 849 vcpu->arch.vgic_cpu.vgic_v3.used_lrs = count; 850 } 851 852 static inline bool can_access_vgic_from_kernel(void) 853 { 854 /* 855 * GICv2 can always be accessed from the kernel because it is 856 * memory-mapped, and VHE systems can access GICv3 EL2 system 857 * registers. 858 */ 859 return !static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif) || has_vhe(); 860 } 861 862 static inline void vgic_save_state(struct kvm_vcpu *vcpu) 863 { 864 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 865 vgic_v2_save_state(vcpu); 866 else 867 __vgic_v3_save_state(&vcpu->arch.vgic_cpu.vgic_v3); 868 } 869 870 /* Sync back the hardware VGIC state into our emulation after a guest's run. */ 871 void kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu) 872 { 873 int used_lrs; 874 875 /* An empty ap_list_head implies used_lrs == 0 */ 876 if (list_empty(&vcpu->arch.vgic_cpu.ap_list_head)) 877 return; 878 879 if (can_access_vgic_from_kernel()) 880 vgic_save_state(vcpu); 881 882 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 883 used_lrs = vcpu->arch.vgic_cpu.vgic_v2.used_lrs; 884 else 885 used_lrs = vcpu->arch.vgic_cpu.vgic_v3.used_lrs; 886 887 if (used_lrs) 888 vgic_fold_lr_state(vcpu); 889 vgic_prune_ap_list(vcpu); 890 } 891 892 static inline void vgic_restore_state(struct kvm_vcpu *vcpu) 893 { 894 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 895 vgic_v2_restore_state(vcpu); 896 else 897 __vgic_v3_restore_state(&vcpu->arch.vgic_cpu.vgic_v3); 898 } 899 900 /* Flush our emulation state into the GIC hardware before entering the guest. */ 901 void kvm_vgic_flush_hwstate(struct kvm_vcpu *vcpu) 902 { 903 /* 904 * If there are no virtual interrupts active or pending for this 905 * VCPU, then there is no work to do and we can bail out without 906 * taking any lock. There is a potential race with someone injecting 907 * interrupts to the VCPU, but it is a benign race as the VCPU will 908 * either observe the new interrupt before or after doing this check, 909 * and introducing additional synchronization mechanism doesn't change 910 * this. 911 * 912 * Note that we still need to go through the whole thing if anything 913 * can be directly injected (GICv4). 914 */ 915 if (list_empty(&vcpu->arch.vgic_cpu.ap_list_head) && 916 !vgic_supports_direct_msis(vcpu->kvm)) 917 return; 918 919 DEBUG_SPINLOCK_BUG_ON(!irqs_disabled()); 920 921 if (!list_empty(&vcpu->arch.vgic_cpu.ap_list_head)) { 922 raw_spin_lock(&vcpu->arch.vgic_cpu.ap_list_lock); 923 vgic_flush_lr_state(vcpu); 924 raw_spin_unlock(&vcpu->arch.vgic_cpu.ap_list_lock); 925 } 926 927 if (can_access_vgic_from_kernel()) 928 vgic_restore_state(vcpu); 929 930 if (vgic_supports_direct_msis(vcpu->kvm)) 931 vgic_v4_commit(vcpu); 932 } 933 934 void kvm_vgic_load(struct kvm_vcpu *vcpu) 935 { 936 if (unlikely(!irqchip_in_kernel(vcpu->kvm) || !vgic_initialized(vcpu->kvm))) { 937 if (has_vhe() && static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 938 __vgic_v3_activate_traps(&vcpu->arch.vgic_cpu.vgic_v3); 939 return; 940 } 941 942 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 943 vgic_v2_load(vcpu); 944 else 945 vgic_v3_load(vcpu); 946 } 947 948 void kvm_vgic_put(struct kvm_vcpu *vcpu) 949 { 950 if (unlikely(!irqchip_in_kernel(vcpu->kvm) || !vgic_initialized(vcpu->kvm))) { 951 if (has_vhe() && static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 952 __vgic_v3_deactivate_traps(&vcpu->arch.vgic_cpu.vgic_v3); 953 return; 954 } 955 956 if (!static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif)) 957 vgic_v2_put(vcpu); 958 else 959 vgic_v3_put(vcpu); 960 } 961 962 int kvm_vgic_vcpu_pending_irq(struct kvm_vcpu *vcpu) 963 { 964 struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; 965 struct vgic_irq *irq; 966 bool pending = false; 967 unsigned long flags; 968 struct vgic_vmcr vmcr; 969 970 if (!vcpu->kvm->arch.vgic.enabled) 971 return false; 972 973 if (vcpu->arch.vgic_cpu.vgic_v3.its_vpe.pending_last) 974 return true; 975 976 vgic_get_vmcr(vcpu, &vmcr); 977 978 raw_spin_lock_irqsave(&vgic_cpu->ap_list_lock, flags); 979 980 list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { 981 raw_spin_lock(&irq->irq_lock); 982 pending = irq_is_pending(irq) && irq->enabled && 983 !irq->active && 984 irq->priority < vmcr.pmr; 985 raw_spin_unlock(&irq->irq_lock); 986 987 if (pending) 988 break; 989 } 990 991 raw_spin_unlock_irqrestore(&vgic_cpu->ap_list_lock, flags); 992 993 return pending; 994 } 995 996 void vgic_kick_vcpus(struct kvm *kvm) 997 { 998 struct kvm_vcpu *vcpu; 999 unsigned long c; 1000 1001 /* 1002 * We've injected an interrupt, time to find out who deserves 1003 * a good kick... 1004 */ 1005 kvm_for_each_vcpu(c, vcpu, kvm) { 1006 if (kvm_vgic_vcpu_pending_irq(vcpu)) { 1007 kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); 1008 kvm_vcpu_kick(vcpu); 1009 } 1010 } 1011 } 1012 1013 bool kvm_vgic_map_is_active(struct kvm_vcpu *vcpu, unsigned int vintid) 1014 { 1015 struct vgic_irq *irq; 1016 bool map_is_active; 1017 unsigned long flags; 1018 1019 if (!vgic_initialized(vcpu->kvm)) 1020 return false; 1021 1022 irq = vgic_get_vcpu_irq(vcpu, vintid); 1023 raw_spin_lock_irqsave(&irq->irq_lock, flags); 1024 map_is_active = irq->hw && irq->active; 1025 raw_spin_unlock_irqrestore(&irq->irq_lock, flags); 1026 vgic_put_irq(vcpu->kvm, irq); 1027 1028 return map_is_active; 1029 } 1030 1031 /* 1032 * Level-triggered mapped IRQs are special because we only observe rising 1033 * edges as input to the VGIC. 1034 * 1035 * If the guest never acked the interrupt we have to sample the physical 1036 * line and set the line level, because the device state could have changed 1037 * or we simply need to process the still pending interrupt later. 1038 * 1039 * We could also have entered the guest with the interrupt active+pending. 1040 * On the next exit, we need to re-evaluate the pending state, as it could 1041 * otherwise result in a spurious interrupt by injecting a now potentially 1042 * stale pending state. 1043 * 1044 * If this causes us to lower the level, we have to also clear the physical 1045 * active state, since we will otherwise never be told when the interrupt 1046 * becomes asserted again. 1047 * 1048 * Another case is when the interrupt requires a helping hand on 1049 * deactivation (no HW deactivation, for example). 1050 */ 1051 void vgic_irq_handle_resampling(struct vgic_irq *irq, 1052 bool lr_deactivated, bool lr_pending) 1053 { 1054 if (vgic_irq_is_mapped_level(irq)) { 1055 bool resample = false; 1056 1057 if (unlikely(vgic_irq_needs_resampling(irq))) { 1058 resample = !(irq->active || irq->pending_latch); 1059 } else if (lr_pending || (lr_deactivated && irq->line_level)) { 1060 irq->line_level = vgic_get_phys_line_level(irq); 1061 resample = !irq->line_level; 1062 } 1063 1064 if (resample) 1065 vgic_irq_set_phys_active(irq, false); 1066 } 1067 } 1068