1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2009, Microsoft Corporation. 4 * 5 * Authors: 6 * Haiyang Zhang <haiyangz@microsoft.com> 7 * Hank Janssen <hjanssen@microsoft.com> 8 */ 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/io.h> 12 #include <linux/kernel.h> 13 #include <linux/mm.h> 14 #include <linux/slab.h> 15 #include <linux/vmalloc.h> 16 #include <linux/hyperv.h> 17 #include <linux/random.h> 18 #include <linux/clockchips.h> 19 #include <linux/delay.h> 20 #include <linux/interrupt.h> 21 #include <clocksource/hyperv_timer.h> 22 #include <asm/mshyperv.h> 23 #include <linux/set_memory.h> 24 #include "hyperv_vmbus.h" 25 26 /* The one and only */ 27 struct hv_context hv_context; 28 29 /* 30 * hv_init - Main initialization routine. 31 * 32 * This routine must be called before any other routines in here are called 33 */ 34 int hv_init(void) 35 { 36 hv_context.cpu_context = alloc_percpu(struct hv_per_cpu_context); 37 if (!hv_context.cpu_context) 38 return -ENOMEM; 39 return 0; 40 } 41 42 /* 43 * hv_post_message - Post a message using the hypervisor message IPC. 44 * 45 * This involves a hypercall. 46 */ 47 int hv_post_message(union hv_connection_id connection_id, 48 enum hv_message_type message_type, 49 void *payload, size_t payload_size) 50 { 51 struct hv_input_post_message *aligned_msg; 52 unsigned long flags; 53 u64 status; 54 55 if (payload_size > HV_MESSAGE_PAYLOAD_BYTE_COUNT) 56 return -EMSGSIZE; 57 58 local_irq_save(flags); 59 60 /* 61 * A TDX VM with the paravisor must use the decrypted post_msg_page: see 62 * the comment in struct hv_per_cpu_context. A SNP VM with the paravisor 63 * can use the encrypted hyperv_pcpu_input_arg because it copies the 64 * input into the GHCB page, which has been decrypted by the paravisor. 65 */ 66 if (hv_isolation_type_tdx() && ms_hyperv.paravisor_present) 67 aligned_msg = this_cpu_ptr(hv_context.cpu_context)->post_msg_page; 68 else 69 aligned_msg = *this_cpu_ptr(hyperv_pcpu_input_arg); 70 71 aligned_msg->connectionid = connection_id; 72 aligned_msg->reserved = 0; 73 aligned_msg->message_type = message_type; 74 aligned_msg->payload_size = payload_size; 75 memcpy((void *)aligned_msg->payload, payload, payload_size); 76 77 if (ms_hyperv.paravisor_present) { 78 if (hv_isolation_type_tdx()) 79 status = hv_tdx_hypercall(HVCALL_POST_MESSAGE, 80 virt_to_phys(aligned_msg), 0); 81 else if (hv_isolation_type_snp()) 82 status = hv_ghcb_hypercall(HVCALL_POST_MESSAGE, 83 aligned_msg, NULL, 84 sizeof(*aligned_msg)); 85 else 86 status = HV_STATUS_INVALID_PARAMETER; 87 } else { 88 status = hv_do_hypercall(HVCALL_POST_MESSAGE, 89 aligned_msg, NULL); 90 } 91 92 local_irq_restore(flags); 93 94 return hv_result(status); 95 } 96 97 int hv_synic_alloc(void) 98 { 99 int cpu, ret = -ENOMEM; 100 struct hv_per_cpu_context *hv_cpu; 101 102 /* 103 * First, zero all per-cpu memory areas so hv_synic_free() can 104 * detect what memory has been allocated and cleanup properly 105 * after any failures. 106 */ 107 for_each_present_cpu(cpu) { 108 hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); 109 memset(hv_cpu, 0, sizeof(*hv_cpu)); 110 } 111 112 hv_context.hv_numa_map = kcalloc(nr_node_ids, sizeof(struct cpumask), 113 GFP_KERNEL); 114 if (hv_context.hv_numa_map == NULL) { 115 pr_err("Unable to allocate NUMA map\n"); 116 goto err; 117 } 118 119 for_each_present_cpu(cpu) { 120 hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); 121 122 tasklet_init(&hv_cpu->msg_dpc, 123 vmbus_on_msg_dpc, (unsigned long) hv_cpu); 124 125 if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) { 126 hv_cpu->post_msg_page = (void *)get_zeroed_page(GFP_ATOMIC); 127 if (hv_cpu->post_msg_page == NULL) { 128 pr_err("Unable to allocate post msg page\n"); 129 goto err; 130 } 131 132 ret = set_memory_decrypted((unsigned long)hv_cpu->post_msg_page, 1); 133 if (ret) { 134 pr_err("Failed to decrypt post msg page: %d\n", ret); 135 /* Just leak the page, as it's unsafe to free the page. */ 136 hv_cpu->post_msg_page = NULL; 137 goto err; 138 } 139 140 memset(hv_cpu->post_msg_page, 0, PAGE_SIZE); 141 } 142 143 /* 144 * Synic message and event pages are allocated by paravisor. 145 * Skip these pages allocation here. 146 */ 147 if (!ms_hyperv.paravisor_present && !hv_root_partition) { 148 hv_cpu->synic_message_page = 149 (void *)get_zeroed_page(GFP_ATOMIC); 150 if (hv_cpu->synic_message_page == NULL) { 151 pr_err("Unable to allocate SYNIC message page\n"); 152 goto err; 153 } 154 155 hv_cpu->synic_event_page = 156 (void *)get_zeroed_page(GFP_ATOMIC); 157 if (hv_cpu->synic_event_page == NULL) { 158 pr_err("Unable to allocate SYNIC event page\n"); 159 160 free_page((unsigned long)hv_cpu->synic_message_page); 161 hv_cpu->synic_message_page = NULL; 162 goto err; 163 } 164 } 165 166 if (!ms_hyperv.paravisor_present && 167 (hv_isolation_type_snp() || hv_isolation_type_tdx())) { 168 ret = set_memory_decrypted((unsigned long) 169 hv_cpu->synic_message_page, 1); 170 if (ret) { 171 pr_err("Failed to decrypt SYNIC msg page: %d\n", ret); 172 hv_cpu->synic_message_page = NULL; 173 174 /* 175 * Free the event page here so that hv_synic_free() 176 * won't later try to re-encrypt it. 177 */ 178 free_page((unsigned long)hv_cpu->synic_event_page); 179 hv_cpu->synic_event_page = NULL; 180 goto err; 181 } 182 183 ret = set_memory_decrypted((unsigned long) 184 hv_cpu->synic_event_page, 1); 185 if (ret) { 186 pr_err("Failed to decrypt SYNIC event page: %d\n", ret); 187 hv_cpu->synic_event_page = NULL; 188 goto err; 189 } 190 191 memset(hv_cpu->synic_message_page, 0, PAGE_SIZE); 192 memset(hv_cpu->synic_event_page, 0, PAGE_SIZE); 193 } 194 } 195 196 return 0; 197 198 err: 199 /* 200 * Any memory allocations that succeeded will be freed when 201 * the caller cleans up by calling hv_synic_free() 202 */ 203 return ret; 204 } 205 206 207 void hv_synic_free(void) 208 { 209 int cpu, ret; 210 211 for_each_present_cpu(cpu) { 212 struct hv_per_cpu_context *hv_cpu 213 = per_cpu_ptr(hv_context.cpu_context, cpu); 214 215 /* It's better to leak the page if the encryption fails. */ 216 if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) { 217 if (hv_cpu->post_msg_page) { 218 ret = set_memory_encrypted((unsigned long) 219 hv_cpu->post_msg_page, 1); 220 if (ret) { 221 pr_err("Failed to encrypt post msg page: %d\n", ret); 222 hv_cpu->post_msg_page = NULL; 223 } 224 } 225 } 226 227 if (!ms_hyperv.paravisor_present && 228 (hv_isolation_type_snp() || hv_isolation_type_tdx())) { 229 if (hv_cpu->synic_message_page) { 230 ret = set_memory_encrypted((unsigned long) 231 hv_cpu->synic_message_page, 1); 232 if (ret) { 233 pr_err("Failed to encrypt SYNIC msg page: %d\n", ret); 234 hv_cpu->synic_message_page = NULL; 235 } 236 } 237 238 if (hv_cpu->synic_event_page) { 239 ret = set_memory_encrypted((unsigned long) 240 hv_cpu->synic_event_page, 1); 241 if (ret) { 242 pr_err("Failed to encrypt SYNIC event page: %d\n", ret); 243 hv_cpu->synic_event_page = NULL; 244 } 245 } 246 } 247 248 free_page((unsigned long)hv_cpu->post_msg_page); 249 free_page((unsigned long)hv_cpu->synic_event_page); 250 free_page((unsigned long)hv_cpu->synic_message_page); 251 } 252 253 kfree(hv_context.hv_numa_map); 254 } 255 256 /* 257 * hv_synic_init - Initialize the Synthetic Interrupt Controller. 258 * 259 * If it is already initialized by another entity (ie x2v shim), we need to 260 * retrieve the initialized message and event pages. Otherwise, we create and 261 * initialize the message and event pages. 262 */ 263 void hv_synic_enable_regs(unsigned int cpu) 264 { 265 struct hv_per_cpu_context *hv_cpu 266 = per_cpu_ptr(hv_context.cpu_context, cpu); 267 union hv_synic_simp simp; 268 union hv_synic_siefp siefp; 269 union hv_synic_sint shared_sint; 270 union hv_synic_scontrol sctrl; 271 272 /* Setup the Synic's message page */ 273 simp.as_uint64 = hv_get_msr(HV_MSR_SIMP); 274 simp.simp_enabled = 1; 275 276 if (ms_hyperv.paravisor_present || hv_root_partition) { 277 /* Mask out vTOM bit. ioremap_cache() maps decrypted */ 278 u64 base = (simp.base_simp_gpa << HV_HYP_PAGE_SHIFT) & 279 ~ms_hyperv.shared_gpa_boundary; 280 hv_cpu->synic_message_page 281 = (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE); 282 if (!hv_cpu->synic_message_page) 283 pr_err("Fail to map synic message page.\n"); 284 } else { 285 simp.base_simp_gpa = virt_to_phys(hv_cpu->synic_message_page) 286 >> HV_HYP_PAGE_SHIFT; 287 } 288 289 hv_set_msr(HV_MSR_SIMP, simp.as_uint64); 290 291 /* Setup the Synic's event page */ 292 siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP); 293 siefp.siefp_enabled = 1; 294 295 if (ms_hyperv.paravisor_present || hv_root_partition) { 296 /* Mask out vTOM bit. ioremap_cache() maps decrypted */ 297 u64 base = (siefp.base_siefp_gpa << HV_HYP_PAGE_SHIFT) & 298 ~ms_hyperv.shared_gpa_boundary; 299 hv_cpu->synic_event_page 300 = (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE); 301 if (!hv_cpu->synic_event_page) 302 pr_err("Fail to map synic event page.\n"); 303 } else { 304 siefp.base_siefp_gpa = virt_to_phys(hv_cpu->synic_event_page) 305 >> HV_HYP_PAGE_SHIFT; 306 } 307 308 hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64); 309 310 /* Setup the shared SINT. */ 311 if (vmbus_irq != -1) 312 enable_percpu_irq(vmbus_irq, 0); 313 shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT); 314 315 shared_sint.vector = vmbus_interrupt; 316 shared_sint.masked = false; 317 318 /* 319 * On architectures where Hyper-V doesn't support AEOI (e.g., ARM64), 320 * it doesn't provide a recommendation flag and AEOI must be disabled. 321 */ 322 #ifdef HV_DEPRECATING_AEOI_RECOMMENDED 323 shared_sint.auto_eoi = 324 !(ms_hyperv.hints & HV_DEPRECATING_AEOI_RECOMMENDED); 325 #else 326 shared_sint.auto_eoi = 0; 327 #endif 328 hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64); 329 330 /* Enable the global synic bit */ 331 sctrl.as_uint64 = hv_get_msr(HV_MSR_SCONTROL); 332 sctrl.enable = 1; 333 334 hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64); 335 } 336 337 int hv_synic_init(unsigned int cpu) 338 { 339 hv_synic_enable_regs(cpu); 340 341 hv_stimer_legacy_init(cpu, VMBUS_MESSAGE_SINT); 342 343 return 0; 344 } 345 346 /* 347 * hv_synic_cleanup - Cleanup routine for hv_synic_init(). 348 */ 349 void hv_synic_disable_regs(unsigned int cpu) 350 { 351 struct hv_per_cpu_context *hv_cpu 352 = per_cpu_ptr(hv_context.cpu_context, cpu); 353 union hv_synic_sint shared_sint; 354 union hv_synic_simp simp; 355 union hv_synic_siefp siefp; 356 union hv_synic_scontrol sctrl; 357 358 shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT); 359 360 shared_sint.masked = 1; 361 362 /* Need to correctly cleanup in the case of SMP!!! */ 363 /* Disable the interrupt */ 364 hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64); 365 366 simp.as_uint64 = hv_get_msr(HV_MSR_SIMP); 367 /* 368 * In Isolation VM, sim and sief pages are allocated by 369 * paravisor. These pages also will be used by kdump 370 * kernel. So just reset enable bit here and keep page 371 * addresses. 372 */ 373 simp.simp_enabled = 0; 374 if (ms_hyperv.paravisor_present || hv_root_partition) { 375 iounmap(hv_cpu->synic_message_page); 376 hv_cpu->synic_message_page = NULL; 377 } else { 378 simp.base_simp_gpa = 0; 379 } 380 381 hv_set_msr(HV_MSR_SIMP, simp.as_uint64); 382 383 siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP); 384 siefp.siefp_enabled = 0; 385 386 if (ms_hyperv.paravisor_present || hv_root_partition) { 387 iounmap(hv_cpu->synic_event_page); 388 hv_cpu->synic_event_page = NULL; 389 } else { 390 siefp.base_siefp_gpa = 0; 391 } 392 393 hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64); 394 395 /* Disable the global synic bit */ 396 sctrl.as_uint64 = hv_get_msr(HV_MSR_SCONTROL); 397 sctrl.enable = 0; 398 hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64); 399 400 if (vmbus_irq != -1) 401 disable_percpu_irq(vmbus_irq); 402 } 403 404 #define HV_MAX_TRIES 3 405 /* 406 * Scan the event flags page of 'this' CPU looking for any bit that is set. If we find one 407 * bit set, then wait for a few milliseconds. Repeat these steps for a maximum of 3 times. 408 * Return 'true', if there is still any set bit after this operation; 'false', otherwise. 409 * 410 * If a bit is set, that means there is a pending channel interrupt. The expectation is 411 * that the normal interrupt handling mechanism will find and process the channel interrupt 412 * "very soon", and in the process clear the bit. 413 */ 414 static bool hv_synic_event_pending(void) 415 { 416 struct hv_per_cpu_context *hv_cpu = this_cpu_ptr(hv_context.cpu_context); 417 union hv_synic_event_flags *event = 418 (union hv_synic_event_flags *)hv_cpu->synic_event_page + VMBUS_MESSAGE_SINT; 419 unsigned long *recv_int_page = event->flags; /* assumes VMBus version >= VERSION_WIN8 */ 420 bool pending; 421 u32 relid; 422 int tries = 0; 423 424 retry: 425 pending = false; 426 for_each_set_bit(relid, recv_int_page, HV_EVENT_FLAGS_COUNT) { 427 /* Special case - VMBus channel protocol messages */ 428 if (relid == 0) 429 continue; 430 pending = true; 431 break; 432 } 433 if (pending && tries++ < HV_MAX_TRIES) { 434 usleep_range(10000, 20000); 435 goto retry; 436 } 437 return pending; 438 } 439 440 int hv_synic_cleanup(unsigned int cpu) 441 { 442 struct vmbus_channel *channel, *sc; 443 bool channel_found = false; 444 445 if (vmbus_connection.conn_state != CONNECTED) 446 goto always_cleanup; 447 448 /* 449 * Hyper-V does not provide a way to change the connect CPU once 450 * it is set; we must prevent the connect CPU from going offline 451 * while the VM is running normally. But in the panic or kexec() 452 * path where the vmbus is already disconnected, the CPU must be 453 * allowed to shut down. 454 */ 455 if (cpu == VMBUS_CONNECT_CPU) 456 return -EBUSY; 457 458 /* 459 * Search for channels which are bound to the CPU we're about to 460 * cleanup. In case we find one and vmbus is still connected, we 461 * fail; this will effectively prevent CPU offlining. 462 * 463 * TODO: Re-bind the channels to different CPUs. 464 */ 465 mutex_lock(&vmbus_connection.channel_mutex); 466 list_for_each_entry(channel, &vmbus_connection.chn_list, listentry) { 467 if (channel->target_cpu == cpu) { 468 channel_found = true; 469 break; 470 } 471 list_for_each_entry(sc, &channel->sc_list, sc_list) { 472 if (sc->target_cpu == cpu) { 473 channel_found = true; 474 break; 475 } 476 } 477 if (channel_found) 478 break; 479 } 480 mutex_unlock(&vmbus_connection.channel_mutex); 481 482 if (channel_found) 483 return -EBUSY; 484 485 /* 486 * channel_found == false means that any channels that were previously 487 * assigned to the CPU have been reassigned elsewhere with a call of 488 * vmbus_send_modifychannel(). Scan the event flags page looking for 489 * bits that are set and waiting with a timeout for vmbus_chan_sched() 490 * to process such bits. If bits are still set after this operation 491 * and VMBus is connected, fail the CPU offlining operation. 492 */ 493 if (vmbus_proto_version >= VERSION_WIN10_V4_1 && hv_synic_event_pending()) 494 return -EBUSY; 495 496 always_cleanup: 497 hv_stimer_legacy_cleanup(cpu); 498 499 hv_synic_disable_regs(cpu); 500 501 return 0; 502 } 503