xref: /linux/drivers/hv/hv.c (revision 086c6cbcc563c81d55257f9b27e14faf1d0963d3)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (c) 2009, Microsoft Corporation.
4  *
5  * Authors:
6  *   Haiyang Zhang <haiyangz@microsoft.com>
7  *   Hank Janssen  <hjanssen@microsoft.com>
8  */
9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10 
11 #include <linux/io.h>
12 #include <linux/kernel.h>
13 #include <linux/mm.h>
14 #include <linux/slab.h>
15 #include <linux/vmalloc.h>
16 #include <linux/hyperv.h>
17 #include <linux/random.h>
18 #include <linux/clockchips.h>
19 #include <linux/delay.h>
20 #include <linux/interrupt.h>
21 #include <clocksource/hyperv_timer.h>
22 #include <asm/mshyperv.h>
23 #include <linux/set_memory.h>
24 #include "hyperv_vmbus.h"
25 
26 /* The one and only */
27 struct hv_context hv_context;
28 
29 /*
30  * hv_init - Main initialization routine.
31  *
32  * This routine must be called before any other routines in here are called
33  */
34 int hv_init(void)
35 {
36 	hv_context.cpu_context = alloc_percpu(struct hv_per_cpu_context);
37 	if (!hv_context.cpu_context)
38 		return -ENOMEM;
39 	return 0;
40 }
41 
42 /*
43  * hv_post_message - Post a message using the hypervisor message IPC.
44  *
45  * This involves a hypercall.
46  */
47 int hv_post_message(union hv_connection_id connection_id,
48 		  enum hv_message_type message_type,
49 		  void *payload, size_t payload_size)
50 {
51 	struct hv_input_post_message *aligned_msg;
52 	unsigned long flags;
53 	u64 status;
54 
55 	if (payload_size > HV_MESSAGE_PAYLOAD_BYTE_COUNT)
56 		return -EMSGSIZE;
57 
58 	local_irq_save(flags);
59 
60 	/*
61 	 * A TDX VM with the paravisor must use the decrypted post_msg_page: see
62 	 * the comment in struct hv_per_cpu_context. A SNP VM with the paravisor
63 	 * can use the encrypted hyperv_pcpu_input_arg because it copies the
64 	 * input into the GHCB page, which has been decrypted by the paravisor.
65 	 */
66 	if (hv_isolation_type_tdx() && ms_hyperv.paravisor_present)
67 		aligned_msg = this_cpu_ptr(hv_context.cpu_context)->post_msg_page;
68 	else
69 		aligned_msg = *this_cpu_ptr(hyperv_pcpu_input_arg);
70 
71 	aligned_msg->connectionid = connection_id;
72 	aligned_msg->reserved = 0;
73 	aligned_msg->message_type = message_type;
74 	aligned_msg->payload_size = payload_size;
75 	memcpy((void *)aligned_msg->payload, payload, payload_size);
76 
77 	if (ms_hyperv.paravisor_present) {
78 		if (hv_isolation_type_tdx())
79 			status = hv_tdx_hypercall(HVCALL_POST_MESSAGE,
80 						  virt_to_phys(aligned_msg), 0);
81 		else if (hv_isolation_type_snp())
82 			status = hv_ghcb_hypercall(HVCALL_POST_MESSAGE,
83 						   aligned_msg, NULL,
84 						   sizeof(*aligned_msg));
85 		else
86 			status = HV_STATUS_INVALID_PARAMETER;
87 	} else {
88 		status = hv_do_hypercall(HVCALL_POST_MESSAGE,
89 				aligned_msg, NULL);
90 	}
91 
92 	local_irq_restore(flags);
93 
94 	return hv_result(status);
95 }
96 
97 int hv_synic_alloc(void)
98 {
99 	int cpu, ret = -ENOMEM;
100 	struct hv_per_cpu_context *hv_cpu;
101 
102 	/*
103 	 * First, zero all per-cpu memory areas so hv_synic_free() can
104 	 * detect what memory has been allocated and cleanup properly
105 	 * after any failures.
106 	 */
107 	for_each_present_cpu(cpu) {
108 		hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu);
109 		memset(hv_cpu, 0, sizeof(*hv_cpu));
110 	}
111 
112 	hv_context.hv_numa_map = kcalloc(nr_node_ids, sizeof(struct cpumask),
113 					 GFP_KERNEL);
114 	if (hv_context.hv_numa_map == NULL) {
115 		pr_err("Unable to allocate NUMA map\n");
116 		goto err;
117 	}
118 
119 	for_each_present_cpu(cpu) {
120 		hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu);
121 
122 		tasklet_init(&hv_cpu->msg_dpc,
123 			     vmbus_on_msg_dpc, (unsigned long) hv_cpu);
124 
125 		if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) {
126 			hv_cpu->post_msg_page = (void *)get_zeroed_page(GFP_ATOMIC);
127 			if (hv_cpu->post_msg_page == NULL) {
128 				pr_err("Unable to allocate post msg page\n");
129 				goto err;
130 			}
131 
132 			ret = set_memory_decrypted((unsigned long)hv_cpu->post_msg_page, 1);
133 			if (ret) {
134 				pr_err("Failed to decrypt post msg page: %d\n", ret);
135 				/* Just leak the page, as it's unsafe to free the page. */
136 				hv_cpu->post_msg_page = NULL;
137 				goto err;
138 			}
139 
140 			memset(hv_cpu->post_msg_page, 0, PAGE_SIZE);
141 		}
142 
143 		/*
144 		 * Synic message and event pages are allocated by paravisor.
145 		 * Skip these pages allocation here.
146 		 */
147 		if (!ms_hyperv.paravisor_present && !hv_root_partition) {
148 			hv_cpu->synic_message_page =
149 				(void *)get_zeroed_page(GFP_ATOMIC);
150 			if (hv_cpu->synic_message_page == NULL) {
151 				pr_err("Unable to allocate SYNIC message page\n");
152 				goto err;
153 			}
154 
155 			hv_cpu->synic_event_page =
156 				(void *)get_zeroed_page(GFP_ATOMIC);
157 			if (hv_cpu->synic_event_page == NULL) {
158 				pr_err("Unable to allocate SYNIC event page\n");
159 
160 				free_page((unsigned long)hv_cpu->synic_message_page);
161 				hv_cpu->synic_message_page = NULL;
162 				goto err;
163 			}
164 		}
165 
166 		if (!ms_hyperv.paravisor_present &&
167 		    (hv_isolation_type_snp() || hv_isolation_type_tdx())) {
168 			ret = set_memory_decrypted((unsigned long)
169 				hv_cpu->synic_message_page, 1);
170 			if (ret) {
171 				pr_err("Failed to decrypt SYNIC msg page: %d\n", ret);
172 				hv_cpu->synic_message_page = NULL;
173 
174 				/*
175 				 * Free the event page here so that hv_synic_free()
176 				 * won't later try to re-encrypt it.
177 				 */
178 				free_page((unsigned long)hv_cpu->synic_event_page);
179 				hv_cpu->synic_event_page = NULL;
180 				goto err;
181 			}
182 
183 			ret = set_memory_decrypted((unsigned long)
184 				hv_cpu->synic_event_page, 1);
185 			if (ret) {
186 				pr_err("Failed to decrypt SYNIC event page: %d\n", ret);
187 				hv_cpu->synic_event_page = NULL;
188 				goto err;
189 			}
190 
191 			memset(hv_cpu->synic_message_page, 0, PAGE_SIZE);
192 			memset(hv_cpu->synic_event_page, 0, PAGE_SIZE);
193 		}
194 	}
195 
196 	return 0;
197 
198 err:
199 	/*
200 	 * Any memory allocations that succeeded will be freed when
201 	 * the caller cleans up by calling hv_synic_free()
202 	 */
203 	return ret;
204 }
205 
206 
207 void hv_synic_free(void)
208 {
209 	int cpu, ret;
210 
211 	for_each_present_cpu(cpu) {
212 		struct hv_per_cpu_context *hv_cpu
213 			= per_cpu_ptr(hv_context.cpu_context, cpu);
214 
215 		/* It's better to leak the page if the encryption fails. */
216 		if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) {
217 			if (hv_cpu->post_msg_page) {
218 				ret = set_memory_encrypted((unsigned long)
219 					hv_cpu->post_msg_page, 1);
220 				if (ret) {
221 					pr_err("Failed to encrypt post msg page: %d\n", ret);
222 					hv_cpu->post_msg_page = NULL;
223 				}
224 			}
225 		}
226 
227 		if (!ms_hyperv.paravisor_present &&
228 		    (hv_isolation_type_snp() || hv_isolation_type_tdx())) {
229 			if (hv_cpu->synic_message_page) {
230 				ret = set_memory_encrypted((unsigned long)
231 					hv_cpu->synic_message_page, 1);
232 				if (ret) {
233 					pr_err("Failed to encrypt SYNIC msg page: %d\n", ret);
234 					hv_cpu->synic_message_page = NULL;
235 				}
236 			}
237 
238 			if (hv_cpu->synic_event_page) {
239 				ret = set_memory_encrypted((unsigned long)
240 					hv_cpu->synic_event_page, 1);
241 				if (ret) {
242 					pr_err("Failed to encrypt SYNIC event page: %d\n", ret);
243 					hv_cpu->synic_event_page = NULL;
244 				}
245 			}
246 		}
247 
248 		free_page((unsigned long)hv_cpu->post_msg_page);
249 		free_page((unsigned long)hv_cpu->synic_event_page);
250 		free_page((unsigned long)hv_cpu->synic_message_page);
251 	}
252 
253 	kfree(hv_context.hv_numa_map);
254 }
255 
256 /*
257  * hv_synic_init - Initialize the Synthetic Interrupt Controller.
258  *
259  * If it is already initialized by another entity (ie x2v shim), we need to
260  * retrieve the initialized message and event pages.  Otherwise, we create and
261  * initialize the message and event pages.
262  */
263 void hv_synic_enable_regs(unsigned int cpu)
264 {
265 	struct hv_per_cpu_context *hv_cpu
266 		= per_cpu_ptr(hv_context.cpu_context, cpu);
267 	union hv_synic_simp simp;
268 	union hv_synic_siefp siefp;
269 	union hv_synic_sint shared_sint;
270 	union hv_synic_scontrol sctrl;
271 
272 	/* Setup the Synic's message page */
273 	simp.as_uint64 = hv_get_msr(HV_MSR_SIMP);
274 	simp.simp_enabled = 1;
275 
276 	if (ms_hyperv.paravisor_present || hv_root_partition) {
277 		/* Mask out vTOM bit. ioremap_cache() maps decrypted */
278 		u64 base = (simp.base_simp_gpa << HV_HYP_PAGE_SHIFT) &
279 				~ms_hyperv.shared_gpa_boundary;
280 		hv_cpu->synic_message_page
281 			= (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE);
282 		if (!hv_cpu->synic_message_page)
283 			pr_err("Fail to map synic message page.\n");
284 	} else {
285 		simp.base_simp_gpa = virt_to_phys(hv_cpu->synic_message_page)
286 			>> HV_HYP_PAGE_SHIFT;
287 	}
288 
289 	hv_set_msr(HV_MSR_SIMP, simp.as_uint64);
290 
291 	/* Setup the Synic's event page */
292 	siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP);
293 	siefp.siefp_enabled = 1;
294 
295 	if (ms_hyperv.paravisor_present || hv_root_partition) {
296 		/* Mask out vTOM bit. ioremap_cache() maps decrypted */
297 		u64 base = (siefp.base_siefp_gpa << HV_HYP_PAGE_SHIFT) &
298 				~ms_hyperv.shared_gpa_boundary;
299 		hv_cpu->synic_event_page
300 			= (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE);
301 		if (!hv_cpu->synic_event_page)
302 			pr_err("Fail to map synic event page.\n");
303 	} else {
304 		siefp.base_siefp_gpa = virt_to_phys(hv_cpu->synic_event_page)
305 			>> HV_HYP_PAGE_SHIFT;
306 	}
307 
308 	hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64);
309 
310 	/* Setup the shared SINT. */
311 	if (vmbus_irq != -1)
312 		enable_percpu_irq(vmbus_irq, 0);
313 	shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT);
314 
315 	shared_sint.vector = vmbus_interrupt;
316 	shared_sint.masked = false;
317 
318 	/*
319 	 * On architectures where Hyper-V doesn't support AEOI (e.g., ARM64),
320 	 * it doesn't provide a recommendation flag and AEOI must be disabled.
321 	 */
322 #ifdef HV_DEPRECATING_AEOI_RECOMMENDED
323 	shared_sint.auto_eoi =
324 			!(ms_hyperv.hints & HV_DEPRECATING_AEOI_RECOMMENDED);
325 #else
326 	shared_sint.auto_eoi = 0;
327 #endif
328 	hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64);
329 
330 	/* Enable the global synic bit */
331 	sctrl.as_uint64 = hv_get_msr(HV_MSR_SCONTROL);
332 	sctrl.enable = 1;
333 
334 	hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64);
335 }
336 
337 int hv_synic_init(unsigned int cpu)
338 {
339 	hv_synic_enable_regs(cpu);
340 
341 	hv_stimer_legacy_init(cpu, VMBUS_MESSAGE_SINT);
342 
343 	return 0;
344 }
345 
346 /*
347  * hv_synic_cleanup - Cleanup routine for hv_synic_init().
348  */
349 void hv_synic_disable_regs(unsigned int cpu)
350 {
351 	struct hv_per_cpu_context *hv_cpu
352 		= per_cpu_ptr(hv_context.cpu_context, cpu);
353 	union hv_synic_sint shared_sint;
354 	union hv_synic_simp simp;
355 	union hv_synic_siefp siefp;
356 	union hv_synic_scontrol sctrl;
357 
358 	shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT);
359 
360 	shared_sint.masked = 1;
361 
362 	/* Need to correctly cleanup in the case of SMP!!! */
363 	/* Disable the interrupt */
364 	hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64);
365 
366 	simp.as_uint64 = hv_get_msr(HV_MSR_SIMP);
367 	/*
368 	 * In Isolation VM, sim and sief pages are allocated by
369 	 * paravisor. These pages also will be used by kdump
370 	 * kernel. So just reset enable bit here and keep page
371 	 * addresses.
372 	 */
373 	simp.simp_enabled = 0;
374 	if (ms_hyperv.paravisor_present || hv_root_partition) {
375 		iounmap(hv_cpu->synic_message_page);
376 		hv_cpu->synic_message_page = NULL;
377 	} else {
378 		simp.base_simp_gpa = 0;
379 	}
380 
381 	hv_set_msr(HV_MSR_SIMP, simp.as_uint64);
382 
383 	siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP);
384 	siefp.siefp_enabled = 0;
385 
386 	if (ms_hyperv.paravisor_present || hv_root_partition) {
387 		iounmap(hv_cpu->synic_event_page);
388 		hv_cpu->synic_event_page = NULL;
389 	} else {
390 		siefp.base_siefp_gpa = 0;
391 	}
392 
393 	hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64);
394 
395 	/* Disable the global synic bit */
396 	sctrl.as_uint64 = hv_get_msr(HV_MSR_SCONTROL);
397 	sctrl.enable = 0;
398 	hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64);
399 
400 	if (vmbus_irq != -1)
401 		disable_percpu_irq(vmbus_irq);
402 }
403 
404 #define HV_MAX_TRIES 3
405 /*
406  * Scan the event flags page of 'this' CPU looking for any bit that is set.  If we find one
407  * bit set, then wait for a few milliseconds.  Repeat these steps for a maximum of 3 times.
408  * Return 'true', if there is still any set bit after this operation; 'false', otherwise.
409  *
410  * If a bit is set, that means there is a pending channel interrupt.  The expectation is
411  * that the normal interrupt handling mechanism will find and process the channel interrupt
412  * "very soon", and in the process clear the bit.
413  */
414 static bool hv_synic_event_pending(void)
415 {
416 	struct hv_per_cpu_context *hv_cpu = this_cpu_ptr(hv_context.cpu_context);
417 	union hv_synic_event_flags *event =
418 		(union hv_synic_event_flags *)hv_cpu->synic_event_page + VMBUS_MESSAGE_SINT;
419 	unsigned long *recv_int_page = event->flags; /* assumes VMBus version >= VERSION_WIN8 */
420 	bool pending;
421 	u32 relid;
422 	int tries = 0;
423 
424 retry:
425 	pending = false;
426 	for_each_set_bit(relid, recv_int_page, HV_EVENT_FLAGS_COUNT) {
427 		/* Special case - VMBus channel protocol messages */
428 		if (relid == 0)
429 			continue;
430 		pending = true;
431 		break;
432 	}
433 	if (pending && tries++ < HV_MAX_TRIES) {
434 		usleep_range(10000, 20000);
435 		goto retry;
436 	}
437 	return pending;
438 }
439 
440 int hv_synic_cleanup(unsigned int cpu)
441 {
442 	struct vmbus_channel *channel, *sc;
443 	bool channel_found = false;
444 
445 	if (vmbus_connection.conn_state != CONNECTED)
446 		goto always_cleanup;
447 
448 	/*
449 	 * Hyper-V does not provide a way to change the connect CPU once
450 	 * it is set; we must prevent the connect CPU from going offline
451 	 * while the VM is running normally. But in the panic or kexec()
452 	 * path where the vmbus is already disconnected, the CPU must be
453 	 * allowed to shut down.
454 	 */
455 	if (cpu == VMBUS_CONNECT_CPU)
456 		return -EBUSY;
457 
458 	/*
459 	 * Search for channels which are bound to the CPU we're about to
460 	 * cleanup.  In case we find one and vmbus is still connected, we
461 	 * fail; this will effectively prevent CPU offlining.
462 	 *
463 	 * TODO: Re-bind the channels to different CPUs.
464 	 */
465 	mutex_lock(&vmbus_connection.channel_mutex);
466 	list_for_each_entry(channel, &vmbus_connection.chn_list, listentry) {
467 		if (channel->target_cpu == cpu) {
468 			channel_found = true;
469 			break;
470 		}
471 		list_for_each_entry(sc, &channel->sc_list, sc_list) {
472 			if (sc->target_cpu == cpu) {
473 				channel_found = true;
474 				break;
475 			}
476 		}
477 		if (channel_found)
478 			break;
479 	}
480 	mutex_unlock(&vmbus_connection.channel_mutex);
481 
482 	if (channel_found)
483 		return -EBUSY;
484 
485 	/*
486 	 * channel_found == false means that any channels that were previously
487 	 * assigned to the CPU have been reassigned elsewhere with a call of
488 	 * vmbus_send_modifychannel().  Scan the event flags page looking for
489 	 * bits that are set and waiting with a timeout for vmbus_chan_sched()
490 	 * to process such bits.  If bits are still set after this operation
491 	 * and VMBus is connected, fail the CPU offlining operation.
492 	 */
493 	if (vmbus_proto_version >= VERSION_WIN10_V4_1 && hv_synic_event_pending())
494 		return -EBUSY;
495 
496 always_cleanup:
497 	hv_stimer_legacy_cleanup(cpu);
498 
499 	hv_synic_disable_regs(cpu);
500 
501 	return 0;
502 }
503