1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2009, Microsoft Corporation. 4 * 5 * Authors: 6 * Haiyang Zhang <haiyangz@microsoft.com> 7 * Hank Janssen <hjanssen@microsoft.com> 8 */ 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/io.h> 12 #include <linux/kernel.h> 13 #include <linux/mm.h> 14 #include <linux/slab.h> 15 #include <linux/vmalloc.h> 16 #include <linux/hyperv.h> 17 #include <linux/random.h> 18 #include <linux/clockchips.h> 19 #include <linux/delay.h> 20 #include <linux/interrupt.h> 21 #include <clocksource/hyperv_timer.h> 22 #include <asm/mshyperv.h> 23 #include <linux/set_memory.h> 24 #include "hyperv_vmbus.h" 25 26 /* The one and only */ 27 struct hv_context hv_context; 28 29 /* 30 * hv_init - Main initialization routine. 31 * 32 * This routine must be called before any other routines in here are called 33 */ 34 int hv_init(void) 35 { 36 hv_context.cpu_context = alloc_percpu(struct hv_per_cpu_context); 37 if (!hv_context.cpu_context) 38 return -ENOMEM; 39 return 0; 40 } 41 42 /* 43 * hv_post_message - Post a message using the hypervisor message IPC. 44 * 45 * This involves a hypercall. 46 */ 47 int hv_post_message(union hv_connection_id connection_id, 48 enum hv_message_type message_type, 49 void *payload, size_t payload_size) 50 { 51 struct hv_input_post_message *aligned_msg; 52 unsigned long flags; 53 u64 status; 54 55 if (payload_size > HV_MESSAGE_PAYLOAD_BYTE_COUNT) 56 return -EMSGSIZE; 57 58 local_irq_save(flags); 59 60 /* 61 * A TDX VM with the paravisor must use the decrypted post_msg_page: see 62 * the comment in struct hv_per_cpu_context. A SNP VM with the paravisor 63 * can use the encrypted hyperv_pcpu_input_arg because it copies the 64 * input into the GHCB page, which has been decrypted by the paravisor. 65 */ 66 if (hv_isolation_type_tdx() && ms_hyperv.paravisor_present) 67 aligned_msg = this_cpu_ptr(hv_context.cpu_context)->post_msg_page; 68 else 69 aligned_msg = *this_cpu_ptr(hyperv_pcpu_input_arg); 70 71 aligned_msg->connectionid = connection_id; 72 aligned_msg->reserved = 0; 73 aligned_msg->message_type = message_type; 74 aligned_msg->payload_size = payload_size; 75 memcpy((void *)aligned_msg->payload, payload, payload_size); 76 77 if (ms_hyperv.paravisor_present) { 78 if (hv_isolation_type_tdx()) 79 status = hv_tdx_hypercall(HVCALL_POST_MESSAGE, 80 virt_to_phys(aligned_msg), 0); 81 else if (hv_isolation_type_snp()) 82 status = hv_ghcb_hypercall(HVCALL_POST_MESSAGE, 83 aligned_msg, NULL, 84 sizeof(*aligned_msg)); 85 else 86 status = HV_STATUS_INVALID_PARAMETER; 87 } else { 88 status = hv_do_hypercall(HVCALL_POST_MESSAGE, 89 aligned_msg, NULL); 90 } 91 92 local_irq_restore(flags); 93 94 return hv_result(status); 95 } 96 97 int hv_synic_alloc(void) 98 { 99 int cpu, ret = -ENOMEM; 100 struct hv_per_cpu_context *hv_cpu; 101 102 /* 103 * First, zero all per-cpu memory areas so hv_synic_free() can 104 * detect what memory has been allocated and cleanup properly 105 * after any failures. 106 */ 107 for_each_present_cpu(cpu) { 108 hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); 109 memset(hv_cpu, 0, sizeof(*hv_cpu)); 110 } 111 112 hv_context.hv_numa_map = kcalloc(nr_node_ids, sizeof(struct cpumask), 113 GFP_KERNEL); 114 if (!hv_context.hv_numa_map) { 115 pr_err("Unable to allocate NUMA map\n"); 116 goto err; 117 } 118 119 for_each_present_cpu(cpu) { 120 hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); 121 122 tasklet_init(&hv_cpu->msg_dpc, 123 vmbus_on_msg_dpc, (unsigned long)hv_cpu); 124 125 if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) { 126 hv_cpu->post_msg_page = (void *)get_zeroed_page(GFP_ATOMIC); 127 if (!hv_cpu->post_msg_page) { 128 pr_err("Unable to allocate post msg page\n"); 129 goto err; 130 } 131 132 ret = set_memory_decrypted((unsigned long)hv_cpu->post_msg_page, 1); 133 if (ret) { 134 pr_err("Failed to decrypt post msg page: %d\n", ret); 135 /* Just leak the page, as it's unsafe to free the page. */ 136 hv_cpu->post_msg_page = NULL; 137 goto err; 138 } 139 140 memset(hv_cpu->post_msg_page, 0, PAGE_SIZE); 141 } 142 143 /* 144 * Synic message and event pages are allocated by paravisor. 145 * Skip these pages allocation here. 146 */ 147 if (!ms_hyperv.paravisor_present && !hv_root_partition()) { 148 hv_cpu->synic_message_page = 149 (void *)get_zeroed_page(GFP_ATOMIC); 150 if (!hv_cpu->synic_message_page) { 151 pr_err("Unable to allocate SYNIC message page\n"); 152 goto err; 153 } 154 155 hv_cpu->synic_event_page = 156 (void *)get_zeroed_page(GFP_ATOMIC); 157 if (!hv_cpu->synic_event_page) { 158 pr_err("Unable to allocate SYNIC event page\n"); 159 160 free_page((unsigned long)hv_cpu->synic_message_page); 161 hv_cpu->synic_message_page = NULL; 162 goto err; 163 } 164 } 165 166 if (!ms_hyperv.paravisor_present && 167 (hv_isolation_type_snp() || hv_isolation_type_tdx())) { 168 ret = set_memory_decrypted((unsigned long) 169 hv_cpu->synic_message_page, 1); 170 if (ret) { 171 pr_err("Failed to decrypt SYNIC msg page: %d\n", ret); 172 hv_cpu->synic_message_page = NULL; 173 174 /* 175 * Free the event page here so that hv_synic_free() 176 * won't later try to re-encrypt it. 177 */ 178 free_page((unsigned long)hv_cpu->synic_event_page); 179 hv_cpu->synic_event_page = NULL; 180 goto err; 181 } 182 183 ret = set_memory_decrypted((unsigned long) 184 hv_cpu->synic_event_page, 1); 185 if (ret) { 186 pr_err("Failed to decrypt SYNIC event page: %d\n", ret); 187 hv_cpu->synic_event_page = NULL; 188 goto err; 189 } 190 191 memset(hv_cpu->synic_message_page, 0, PAGE_SIZE); 192 memset(hv_cpu->synic_event_page, 0, PAGE_SIZE); 193 } 194 } 195 196 return 0; 197 198 err: 199 /* 200 * Any memory allocations that succeeded will be freed when 201 * the caller cleans up by calling hv_synic_free() 202 */ 203 return ret; 204 } 205 206 void hv_synic_free(void) 207 { 208 int cpu, ret; 209 210 for_each_present_cpu(cpu) { 211 struct hv_per_cpu_context *hv_cpu = 212 per_cpu_ptr(hv_context.cpu_context, cpu); 213 214 /* It's better to leak the page if the encryption fails. */ 215 if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) { 216 if (hv_cpu->post_msg_page) { 217 ret = set_memory_encrypted((unsigned long) 218 hv_cpu->post_msg_page, 1); 219 if (ret) { 220 pr_err("Failed to encrypt post msg page: %d\n", ret); 221 hv_cpu->post_msg_page = NULL; 222 } 223 } 224 } 225 226 if (!ms_hyperv.paravisor_present && 227 (hv_isolation_type_snp() || hv_isolation_type_tdx())) { 228 if (hv_cpu->synic_message_page) { 229 ret = set_memory_encrypted((unsigned long) 230 hv_cpu->synic_message_page, 1); 231 if (ret) { 232 pr_err("Failed to encrypt SYNIC msg page: %d\n", ret); 233 hv_cpu->synic_message_page = NULL; 234 } 235 } 236 237 if (hv_cpu->synic_event_page) { 238 ret = set_memory_encrypted((unsigned long) 239 hv_cpu->synic_event_page, 1); 240 if (ret) { 241 pr_err("Failed to encrypt SYNIC event page: %d\n", ret); 242 hv_cpu->synic_event_page = NULL; 243 } 244 } 245 } 246 247 free_page((unsigned long)hv_cpu->post_msg_page); 248 free_page((unsigned long)hv_cpu->synic_event_page); 249 free_page((unsigned long)hv_cpu->synic_message_page); 250 } 251 252 kfree(hv_context.hv_numa_map); 253 } 254 255 /* 256 * hv_synic_init - Initialize the Synthetic Interrupt Controller. 257 * 258 * If it is already initialized by another entity (ie x2v shim), we need to 259 * retrieve the initialized message and event pages. Otherwise, we create and 260 * initialize the message and event pages. 261 */ 262 void hv_synic_enable_regs(unsigned int cpu) 263 { 264 struct hv_per_cpu_context *hv_cpu = 265 per_cpu_ptr(hv_context.cpu_context, cpu); 266 union hv_synic_simp simp; 267 union hv_synic_siefp siefp; 268 union hv_synic_sint shared_sint; 269 union hv_synic_scontrol sctrl; 270 271 /* Setup the Synic's message page */ 272 simp.as_uint64 = hv_get_msr(HV_MSR_SIMP); 273 simp.simp_enabled = 1; 274 275 if (ms_hyperv.paravisor_present || hv_root_partition()) { 276 /* Mask out vTOM bit. ioremap_cache() maps decrypted */ 277 u64 base = (simp.base_simp_gpa << HV_HYP_PAGE_SHIFT) & 278 ~ms_hyperv.shared_gpa_boundary; 279 hv_cpu->synic_message_page = 280 (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE); 281 if (!hv_cpu->synic_message_page) 282 pr_err("Fail to map synic message page.\n"); 283 } else { 284 simp.base_simp_gpa = virt_to_phys(hv_cpu->synic_message_page) 285 >> HV_HYP_PAGE_SHIFT; 286 } 287 288 hv_set_msr(HV_MSR_SIMP, simp.as_uint64); 289 290 /* Setup the Synic's event page */ 291 siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP); 292 siefp.siefp_enabled = 1; 293 294 if (ms_hyperv.paravisor_present || hv_root_partition()) { 295 /* Mask out vTOM bit. ioremap_cache() maps decrypted */ 296 u64 base = (siefp.base_siefp_gpa << HV_HYP_PAGE_SHIFT) & 297 ~ms_hyperv.shared_gpa_boundary; 298 hv_cpu->synic_event_page = 299 (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE); 300 if (!hv_cpu->synic_event_page) 301 pr_err("Fail to map synic event page.\n"); 302 } else { 303 siefp.base_siefp_gpa = virt_to_phys(hv_cpu->synic_event_page) 304 >> HV_HYP_PAGE_SHIFT; 305 } 306 307 hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64); 308 309 /* Setup the shared SINT. */ 310 if (vmbus_irq != -1) 311 enable_percpu_irq(vmbus_irq, 0); 312 shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT); 313 314 shared_sint.vector = vmbus_interrupt; 315 shared_sint.masked = false; 316 shared_sint.auto_eoi = hv_recommend_using_aeoi(); 317 hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64); 318 319 /* Enable the global synic bit */ 320 sctrl.as_uint64 = hv_get_msr(HV_MSR_SCONTROL); 321 sctrl.enable = 1; 322 323 hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64); 324 } 325 326 int hv_synic_init(unsigned int cpu) 327 { 328 hv_synic_enable_regs(cpu); 329 330 hv_stimer_legacy_init(cpu, VMBUS_MESSAGE_SINT); 331 332 return 0; 333 } 334 335 void hv_synic_disable_regs(unsigned int cpu) 336 { 337 struct hv_per_cpu_context *hv_cpu = 338 per_cpu_ptr(hv_context.cpu_context, cpu); 339 union hv_synic_sint shared_sint; 340 union hv_synic_simp simp; 341 union hv_synic_siefp siefp; 342 union hv_synic_scontrol sctrl; 343 344 shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT); 345 346 shared_sint.masked = 1; 347 348 /* Need to correctly cleanup in the case of SMP!!! */ 349 /* Disable the interrupt */ 350 hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64); 351 352 simp.as_uint64 = hv_get_msr(HV_MSR_SIMP); 353 /* 354 * In Isolation VM, sim and sief pages are allocated by 355 * paravisor. These pages also will be used by kdump 356 * kernel. So just reset enable bit here and keep page 357 * addresses. 358 */ 359 simp.simp_enabled = 0; 360 if (ms_hyperv.paravisor_present || hv_root_partition()) { 361 iounmap(hv_cpu->synic_message_page); 362 hv_cpu->synic_message_page = NULL; 363 } else { 364 simp.base_simp_gpa = 0; 365 } 366 367 hv_set_msr(HV_MSR_SIMP, simp.as_uint64); 368 369 siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP); 370 siefp.siefp_enabled = 0; 371 372 if (ms_hyperv.paravisor_present || hv_root_partition()) { 373 iounmap(hv_cpu->synic_event_page); 374 hv_cpu->synic_event_page = NULL; 375 } else { 376 siefp.base_siefp_gpa = 0; 377 } 378 379 hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64); 380 381 /* Disable the global synic bit */ 382 sctrl.as_uint64 = hv_get_msr(HV_MSR_SCONTROL); 383 sctrl.enable = 0; 384 hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64); 385 386 if (vmbus_irq != -1) 387 disable_percpu_irq(vmbus_irq); 388 } 389 390 #define HV_MAX_TRIES 3 391 /* 392 * Scan the event flags page of 'this' CPU looking for any bit that is set. If we find one 393 * bit set, then wait for a few milliseconds. Repeat these steps for a maximum of 3 times. 394 * Return 'true', if there is still any set bit after this operation; 'false', otherwise. 395 * 396 * If a bit is set, that means there is a pending channel interrupt. The expectation is 397 * that the normal interrupt handling mechanism will find and process the channel interrupt 398 * "very soon", and in the process clear the bit. 399 */ 400 static bool hv_synic_event_pending(void) 401 { 402 struct hv_per_cpu_context *hv_cpu = this_cpu_ptr(hv_context.cpu_context); 403 union hv_synic_event_flags *event = 404 (union hv_synic_event_flags *)hv_cpu->synic_event_page + VMBUS_MESSAGE_SINT; 405 unsigned long *recv_int_page = event->flags; /* assumes VMBus version >= VERSION_WIN8 */ 406 bool pending; 407 u32 relid; 408 int tries = 0; 409 410 retry: 411 pending = false; 412 for_each_set_bit(relid, recv_int_page, HV_EVENT_FLAGS_COUNT) { 413 /* Special case - VMBus channel protocol messages */ 414 if (relid == 0) 415 continue; 416 pending = true; 417 break; 418 } 419 if (pending && tries++ < HV_MAX_TRIES) { 420 usleep_range(10000, 20000); 421 goto retry; 422 } 423 return pending; 424 } 425 426 static int hv_pick_new_cpu(struct vmbus_channel *channel) 427 { 428 int ret = -EBUSY; 429 int start; 430 int cpu; 431 432 lockdep_assert_cpus_held(); 433 lockdep_assert_held(&vmbus_connection.channel_mutex); 434 435 /* 436 * We can't assume that the relevant interrupts will be sent before 437 * the cpu is offlined on older versions of hyperv. 438 */ 439 if (vmbus_proto_version < VERSION_WIN10_V5_3) 440 return -EBUSY; 441 442 start = get_random_u32_below(nr_cpu_ids); 443 444 for_each_cpu_wrap(cpu, cpu_online_mask, start) { 445 if (channel->target_cpu == cpu || 446 channel->target_cpu == VMBUS_CONNECT_CPU) 447 continue; 448 449 ret = vmbus_channel_set_cpu(channel, cpu); 450 if (!ret) 451 break; 452 } 453 454 if (ret) 455 ret = vmbus_channel_set_cpu(channel, VMBUS_CONNECT_CPU); 456 457 return ret; 458 } 459 460 /* 461 * hv_synic_cleanup - Cleanup routine for hv_synic_init(). 462 */ 463 int hv_synic_cleanup(unsigned int cpu) 464 { 465 struct vmbus_channel *channel, *sc; 466 int ret = 0; 467 468 if (vmbus_connection.conn_state != CONNECTED) 469 goto always_cleanup; 470 471 /* 472 * Hyper-V does not provide a way to change the connect CPU once 473 * it is set; we must prevent the connect CPU from going offline 474 * while the VM is running normally. But in the panic or kexec() 475 * path where the vmbus is already disconnected, the CPU must be 476 * allowed to shut down. 477 */ 478 if (cpu == VMBUS_CONNECT_CPU) 479 return -EBUSY; 480 481 /* 482 * Search for channels which are bound to the CPU we're about to 483 * cleanup. 484 */ 485 mutex_lock(&vmbus_connection.channel_mutex); 486 list_for_each_entry(channel, &vmbus_connection.chn_list, listentry) { 487 if (channel->target_cpu == cpu) { 488 ret = hv_pick_new_cpu(channel); 489 if (ret) { 490 mutex_unlock(&vmbus_connection.channel_mutex); 491 return ret; 492 } 493 } 494 list_for_each_entry(sc, &channel->sc_list, sc_list) { 495 if (sc->target_cpu == cpu) { 496 ret = hv_pick_new_cpu(sc); 497 if (ret) { 498 mutex_unlock(&vmbus_connection.channel_mutex); 499 return ret; 500 } 501 } 502 } 503 } 504 mutex_unlock(&vmbus_connection.channel_mutex); 505 506 /* 507 * Scan the event flags page looking for bits that are set and waiting 508 * with a timeout for vmbus_chan_sched() to process such bits. If bits 509 * are still set after this operation and VMBus is connected, fail the 510 * CPU offlining operation. 511 */ 512 if (vmbus_proto_version >= VERSION_WIN10_V4_1 && hv_synic_event_pending()) 513 return -EBUSY; 514 515 always_cleanup: 516 hv_stimer_legacy_cleanup(cpu); 517 518 hv_synic_disable_regs(cpu); 519 520 return ret; 521 } 522