1 // SPDX-License-Identifier: GPL-2.0 2 3 /* 4 * Architecture neutral utility routines for interacting with 5 * Hyper-V. This file is specifically for code that must be 6 * built-in to the kernel image when CONFIG_HYPERV is set 7 * (vs. being in a module) because it is called from architecture 8 * specific code under arch/. 9 * 10 * Copyright (C) 2021, Microsoft, Inc. 11 * 12 * Author : Michael Kelley <mikelley@microsoft.com> 13 */ 14 15 #include <linux/types.h> 16 #include <linux/acpi.h> 17 #include <linux/export.h> 18 #include <linux/bitfield.h> 19 #include <linux/cpumask.h> 20 #include <linux/sched/task_stack.h> 21 #include <linux/panic_notifier.h> 22 #include <linux/ptrace.h> 23 #include <linux/kdebug.h> 24 #include <linux/kmsg_dump.h> 25 #include <linux/slab.h> 26 #include <linux/dma-map-ops.h> 27 #include <linux/set_memory.h> 28 #include <asm/hyperv-tlfs.h> 29 #include <asm/mshyperv.h> 30 31 /* 32 * hv_root_partition, ms_hyperv and hv_nested are defined here with other 33 * Hyper-V specific globals so they are shared across all architectures and are 34 * built only when CONFIG_HYPERV is defined. But on x86, 35 * ms_hyperv_init_platform() is built even when CONFIG_HYPERV is not 36 * defined, and it uses these three variables. So mark them as __weak 37 * here, allowing for an overriding definition in the module containing 38 * ms_hyperv_init_platform(). 39 */ 40 bool __weak hv_root_partition; 41 EXPORT_SYMBOL_GPL(hv_root_partition); 42 43 bool __weak hv_nested; 44 EXPORT_SYMBOL_GPL(hv_nested); 45 46 struct ms_hyperv_info __weak ms_hyperv; 47 EXPORT_SYMBOL_GPL(ms_hyperv); 48 49 u32 *hv_vp_index; 50 EXPORT_SYMBOL_GPL(hv_vp_index); 51 52 u32 hv_max_vp_index; 53 EXPORT_SYMBOL_GPL(hv_max_vp_index); 54 55 void * __percpu *hyperv_pcpu_input_arg; 56 EXPORT_SYMBOL_GPL(hyperv_pcpu_input_arg); 57 58 void * __percpu *hyperv_pcpu_output_arg; 59 EXPORT_SYMBOL_GPL(hyperv_pcpu_output_arg); 60 61 static void hv_kmsg_dump_unregister(void); 62 63 static struct ctl_table_header *hv_ctl_table_hdr; 64 65 /* 66 * Hyper-V specific initialization and shutdown code that is 67 * common across all architectures. Called from architecture 68 * specific initialization functions. 69 */ 70 71 void __init hv_common_free(void) 72 { 73 unregister_sysctl_table(hv_ctl_table_hdr); 74 hv_ctl_table_hdr = NULL; 75 76 if (ms_hyperv.misc_features & HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE) 77 hv_kmsg_dump_unregister(); 78 79 kfree(hv_vp_index); 80 hv_vp_index = NULL; 81 82 free_percpu(hyperv_pcpu_output_arg); 83 hyperv_pcpu_output_arg = NULL; 84 85 free_percpu(hyperv_pcpu_input_arg); 86 hyperv_pcpu_input_arg = NULL; 87 } 88 89 /* 90 * Functions for allocating and freeing memory with size and 91 * alignment HV_HYP_PAGE_SIZE. These functions are needed because 92 * the guest page size may not be the same as the Hyper-V page 93 * size. We depend upon kmalloc() aligning power-of-two size 94 * allocations to the allocation size boundary, so that the 95 * allocated memory appears to Hyper-V as a page of the size 96 * it expects. 97 */ 98 99 void *hv_alloc_hyperv_page(void) 100 { 101 BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE); 102 103 if (PAGE_SIZE == HV_HYP_PAGE_SIZE) 104 return (void *)__get_free_page(GFP_KERNEL); 105 else 106 return kmalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL); 107 } 108 EXPORT_SYMBOL_GPL(hv_alloc_hyperv_page); 109 110 void *hv_alloc_hyperv_zeroed_page(void) 111 { 112 if (PAGE_SIZE == HV_HYP_PAGE_SIZE) 113 return (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); 114 else 115 return kzalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL); 116 } 117 EXPORT_SYMBOL_GPL(hv_alloc_hyperv_zeroed_page); 118 119 void hv_free_hyperv_page(void *addr) 120 { 121 if (PAGE_SIZE == HV_HYP_PAGE_SIZE) 122 free_page((unsigned long)addr); 123 else 124 kfree(addr); 125 } 126 EXPORT_SYMBOL_GPL(hv_free_hyperv_page); 127 128 static void *hv_panic_page; 129 130 /* 131 * Boolean to control whether to report panic messages over Hyper-V. 132 * 133 * It can be set via /proc/sys/kernel/hyperv_record_panic_msg 134 */ 135 static int sysctl_record_panic_msg = 1; 136 137 /* 138 * sysctl option to allow the user to control whether kmsg data should be 139 * reported to Hyper-V on panic. 140 */ 141 static struct ctl_table hv_ctl_table[] = { 142 { 143 .procname = "hyperv_record_panic_msg", 144 .data = &sysctl_record_panic_msg, 145 .maxlen = sizeof(int), 146 .mode = 0644, 147 .proc_handler = proc_dointvec_minmax, 148 .extra1 = SYSCTL_ZERO, 149 .extra2 = SYSCTL_ONE 150 }, 151 }; 152 153 static int hv_die_panic_notify_crash(struct notifier_block *self, 154 unsigned long val, void *args); 155 156 static struct notifier_block hyperv_die_report_block = { 157 .notifier_call = hv_die_panic_notify_crash, 158 }; 159 160 static struct notifier_block hyperv_panic_report_block = { 161 .notifier_call = hv_die_panic_notify_crash, 162 }; 163 164 /* 165 * The following callback works both as die and panic notifier; its 166 * goal is to provide panic information to the hypervisor unless the 167 * kmsg dumper is used [see hv_kmsg_dump()], which provides more 168 * information but isn't always available. 169 * 170 * Notice that both the panic/die report notifiers are registered only 171 * if we have the capability HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE set. 172 */ 173 static int hv_die_panic_notify_crash(struct notifier_block *self, 174 unsigned long val, void *args) 175 { 176 struct pt_regs *regs; 177 bool is_die; 178 179 /* Don't notify Hyper-V unless we have a die oops event or panic. */ 180 if (self == &hyperv_panic_report_block) { 181 is_die = false; 182 regs = current_pt_regs(); 183 } else { /* die event */ 184 if (val != DIE_OOPS) 185 return NOTIFY_DONE; 186 187 is_die = true; 188 regs = ((struct die_args *)args)->regs; 189 } 190 191 /* 192 * Hyper-V should be notified only once about a panic/die. If we will 193 * be calling hv_kmsg_dump() later with kmsg data, don't do the 194 * notification here. 195 */ 196 if (!sysctl_record_panic_msg || !hv_panic_page) 197 hyperv_report_panic(regs, val, is_die); 198 199 return NOTIFY_DONE; 200 } 201 202 /* 203 * Callback from kmsg_dump. Grab as much as possible from the end of the kmsg 204 * buffer and call into Hyper-V to transfer the data. 205 */ 206 static void hv_kmsg_dump(struct kmsg_dumper *dumper, 207 enum kmsg_dump_reason reason) 208 { 209 struct kmsg_dump_iter iter; 210 size_t bytes_written; 211 212 /* We are only interested in panics. */ 213 if (reason != KMSG_DUMP_PANIC || !sysctl_record_panic_msg) 214 return; 215 216 /* 217 * Write dump contents to the page. No need to synchronize; panic should 218 * be single-threaded. 219 */ 220 kmsg_dump_rewind(&iter); 221 kmsg_dump_get_buffer(&iter, false, hv_panic_page, HV_HYP_PAGE_SIZE, 222 &bytes_written); 223 if (!bytes_written) 224 return; 225 /* 226 * P3 to contain the physical address of the panic page & P4 to 227 * contain the size of the panic data in that page. Rest of the 228 * registers are no-op when the NOTIFY_MSG flag is set. 229 */ 230 hv_set_register(HV_REGISTER_CRASH_P0, 0); 231 hv_set_register(HV_REGISTER_CRASH_P1, 0); 232 hv_set_register(HV_REGISTER_CRASH_P2, 0); 233 hv_set_register(HV_REGISTER_CRASH_P3, virt_to_phys(hv_panic_page)); 234 hv_set_register(HV_REGISTER_CRASH_P4, bytes_written); 235 236 /* 237 * Let Hyper-V know there is crash data available along with 238 * the panic message. 239 */ 240 hv_set_register(HV_REGISTER_CRASH_CTL, 241 (HV_CRASH_CTL_CRASH_NOTIFY | 242 HV_CRASH_CTL_CRASH_NOTIFY_MSG)); 243 } 244 245 static struct kmsg_dumper hv_kmsg_dumper = { 246 .dump = hv_kmsg_dump, 247 }; 248 249 static void hv_kmsg_dump_unregister(void) 250 { 251 kmsg_dump_unregister(&hv_kmsg_dumper); 252 unregister_die_notifier(&hyperv_die_report_block); 253 atomic_notifier_chain_unregister(&panic_notifier_list, 254 &hyperv_panic_report_block); 255 256 hv_free_hyperv_page(hv_panic_page); 257 hv_panic_page = NULL; 258 } 259 260 static void hv_kmsg_dump_register(void) 261 { 262 int ret; 263 264 hv_panic_page = hv_alloc_hyperv_zeroed_page(); 265 if (!hv_panic_page) { 266 pr_err("Hyper-V: panic message page memory allocation failed\n"); 267 return; 268 } 269 270 ret = kmsg_dump_register(&hv_kmsg_dumper); 271 if (ret) { 272 pr_err("Hyper-V: kmsg dump register error 0x%x\n", ret); 273 hv_free_hyperv_page(hv_panic_page); 274 hv_panic_page = NULL; 275 } 276 } 277 278 int __init hv_common_init(void) 279 { 280 int i; 281 282 if (hv_is_isolation_supported()) 283 sysctl_record_panic_msg = 0; 284 285 /* 286 * Hyper-V expects to get crash register data or kmsg when 287 * crash enlightment is available and system crashes. Set 288 * crash_kexec_post_notifiers to be true to make sure that 289 * calling crash enlightment interface before running kdump 290 * kernel. 291 */ 292 if (ms_hyperv.misc_features & HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE) { 293 u64 hyperv_crash_ctl; 294 295 crash_kexec_post_notifiers = true; 296 pr_info("Hyper-V: enabling crash_kexec_post_notifiers\n"); 297 298 /* 299 * Panic message recording (sysctl_record_panic_msg) 300 * is enabled by default in non-isolated guests and 301 * disabled by default in isolated guests; the panic 302 * message recording won't be available in isolated 303 * guests should the following registration fail. 304 */ 305 hv_ctl_table_hdr = register_sysctl("kernel", hv_ctl_table); 306 if (!hv_ctl_table_hdr) 307 pr_err("Hyper-V: sysctl table register error"); 308 309 /* 310 * Register for panic kmsg callback only if the right 311 * capability is supported by the hypervisor. 312 */ 313 hyperv_crash_ctl = hv_get_register(HV_REGISTER_CRASH_CTL); 314 if (hyperv_crash_ctl & HV_CRASH_CTL_CRASH_NOTIFY_MSG) 315 hv_kmsg_dump_register(); 316 317 register_die_notifier(&hyperv_die_report_block); 318 atomic_notifier_chain_register(&panic_notifier_list, 319 &hyperv_panic_report_block); 320 } 321 322 /* 323 * Allocate the per-CPU state for the hypercall input arg. 324 * If this allocation fails, we will not be able to setup 325 * (per-CPU) hypercall input page and thus this failure is 326 * fatal on Hyper-V. 327 */ 328 hyperv_pcpu_input_arg = alloc_percpu(void *); 329 BUG_ON(!hyperv_pcpu_input_arg); 330 331 /* Allocate the per-CPU state for output arg for root */ 332 if (hv_root_partition) { 333 hyperv_pcpu_output_arg = alloc_percpu(void *); 334 BUG_ON(!hyperv_pcpu_output_arg); 335 } 336 337 hv_vp_index = kmalloc_array(num_possible_cpus(), sizeof(*hv_vp_index), 338 GFP_KERNEL); 339 if (!hv_vp_index) { 340 hv_common_free(); 341 return -ENOMEM; 342 } 343 344 for (i = 0; i < num_possible_cpus(); i++) 345 hv_vp_index[i] = VP_INVAL; 346 347 return 0; 348 } 349 350 /* 351 * Hyper-V specific initialization and die code for 352 * individual CPUs that is common across all architectures. 353 * Called by the CPU hotplug mechanism. 354 */ 355 356 int hv_common_cpu_init(unsigned int cpu) 357 { 358 void **inputarg, **outputarg; 359 u64 msr_vp_index; 360 gfp_t flags; 361 int pgcount = hv_root_partition ? 2 : 1; 362 void *mem; 363 int ret; 364 365 /* hv_cpu_init() can be called with IRQs disabled from hv_resume() */ 366 flags = irqs_disabled() ? GFP_ATOMIC : GFP_KERNEL; 367 368 inputarg = (void **)this_cpu_ptr(hyperv_pcpu_input_arg); 369 370 /* 371 * hyperv_pcpu_input_arg and hyperv_pcpu_output_arg memory is already 372 * allocated if this CPU was previously online and then taken offline 373 */ 374 if (!*inputarg) { 375 mem = kmalloc(pgcount * HV_HYP_PAGE_SIZE, flags); 376 if (!mem) 377 return -ENOMEM; 378 379 if (hv_root_partition) { 380 outputarg = (void **)this_cpu_ptr(hyperv_pcpu_output_arg); 381 *outputarg = (char *)mem + HV_HYP_PAGE_SIZE; 382 } 383 384 if (!ms_hyperv.paravisor_present && 385 (hv_isolation_type_snp() || hv_isolation_type_tdx())) { 386 ret = set_memory_decrypted((unsigned long)mem, pgcount); 387 if (ret) { 388 /* It may be unsafe to free 'mem' */ 389 return ret; 390 } 391 392 memset(mem, 0x00, pgcount * HV_HYP_PAGE_SIZE); 393 } 394 395 /* 396 * In a fully enlightened TDX/SNP VM with more than 64 VPs, if 397 * hyperv_pcpu_input_arg is not NULL, set_memory_decrypted() -> 398 * ... -> cpa_flush()-> ... -> __send_ipi_mask_ex() tries to 399 * use hyperv_pcpu_input_arg as the hypercall input page, which 400 * must be a decrypted page in such a VM, but the page is still 401 * encrypted before set_memory_decrypted() returns. Fix this by 402 * setting *inputarg after the above set_memory_decrypted(): if 403 * hyperv_pcpu_input_arg is NULL, __send_ipi_mask_ex() returns 404 * HV_STATUS_INVALID_PARAMETER immediately, and the function 405 * hv_send_ipi_mask() falls back to orig_apic.send_IPI_mask(), 406 * which may be slightly slower than the hypercall, but still 407 * works correctly in such a VM. 408 */ 409 *inputarg = mem; 410 } 411 412 msr_vp_index = hv_get_register(HV_REGISTER_VP_INDEX); 413 414 hv_vp_index[cpu] = msr_vp_index; 415 416 if (msr_vp_index > hv_max_vp_index) 417 hv_max_vp_index = msr_vp_index; 418 419 return 0; 420 } 421 422 int hv_common_cpu_die(unsigned int cpu) 423 { 424 /* 425 * The hyperv_pcpu_input_arg and hyperv_pcpu_output_arg memory 426 * is not freed when the CPU goes offline as the hyperv_pcpu_input_arg 427 * may be used by the Hyper-V vPCI driver in reassigning interrupts 428 * as part of the offlining process. The interrupt reassignment 429 * happens *after* the CPUHP_AP_HYPERV_ONLINE state has run and 430 * called this function. 431 * 432 * If a previously offlined CPU is brought back online again, the 433 * originally allocated memory is reused in hv_common_cpu_init(). 434 */ 435 436 return 0; 437 } 438 439 /* Bit mask of the extended capability to query: see HV_EXT_CAPABILITY_xxx */ 440 bool hv_query_ext_cap(u64 cap_query) 441 { 442 /* 443 * The address of the 'hv_extended_cap' variable will be used as an 444 * output parameter to the hypercall below and so it should be 445 * compatible with 'virt_to_phys'. Which means, it's address should be 446 * directly mapped. Use 'static' to keep it compatible; stack variables 447 * can be virtually mapped, making them incompatible with 448 * 'virt_to_phys'. 449 * Hypercall input/output addresses should also be 8-byte aligned. 450 */ 451 static u64 hv_extended_cap __aligned(8); 452 static bool hv_extended_cap_queried; 453 u64 status; 454 455 /* 456 * Querying extended capabilities is an extended hypercall. Check if the 457 * partition supports extended hypercall, first. 458 */ 459 if (!(ms_hyperv.priv_high & HV_ENABLE_EXTENDED_HYPERCALLS)) 460 return false; 461 462 /* Extended capabilities do not change at runtime. */ 463 if (hv_extended_cap_queried) 464 return hv_extended_cap & cap_query; 465 466 status = hv_do_hypercall(HV_EXT_CALL_QUERY_CAPABILITIES, NULL, 467 &hv_extended_cap); 468 469 /* 470 * The query extended capabilities hypercall should not fail under 471 * any normal circumstances. Avoid repeatedly making the hypercall, on 472 * error. 473 */ 474 hv_extended_cap_queried = true; 475 if (!hv_result_success(status)) { 476 pr_err("Hyper-V: Extended query capabilities hypercall failed 0x%llx\n", 477 status); 478 return false; 479 } 480 481 return hv_extended_cap & cap_query; 482 } 483 EXPORT_SYMBOL_GPL(hv_query_ext_cap); 484 485 void hv_setup_dma_ops(struct device *dev, bool coherent) 486 { 487 /* 488 * Hyper-V does not offer a vIOMMU in the guest 489 * VM, so pass 0/NULL for the IOMMU settings 490 */ 491 arch_setup_dma_ops(dev, 0, 0, NULL, coherent); 492 } 493 EXPORT_SYMBOL_GPL(hv_setup_dma_ops); 494 495 bool hv_is_hibernation_supported(void) 496 { 497 return !hv_root_partition && acpi_sleep_state_supported(ACPI_STATE_S4); 498 } 499 EXPORT_SYMBOL_GPL(hv_is_hibernation_supported); 500 501 /* 502 * Default function to read the Hyper-V reference counter, independent 503 * of whether Hyper-V enlightened clocks/timers are being used. But on 504 * architectures where it is used, Hyper-V enlightenment code in 505 * hyperv_timer.c may override this function. 506 */ 507 static u64 __hv_read_ref_counter(void) 508 { 509 return hv_get_register(HV_REGISTER_TIME_REF_COUNT); 510 } 511 512 u64 (*hv_read_reference_counter)(void) = __hv_read_ref_counter; 513 EXPORT_SYMBOL_GPL(hv_read_reference_counter); 514 515 /* These __weak functions provide default "no-op" behavior and 516 * may be overridden by architecture specific versions. Architectures 517 * for which the default "no-op" behavior is sufficient can leave 518 * them unimplemented and not be cluttered with a bunch of stub 519 * functions in arch-specific code. 520 */ 521 522 bool __weak hv_is_isolation_supported(void) 523 { 524 return false; 525 } 526 EXPORT_SYMBOL_GPL(hv_is_isolation_supported); 527 528 bool __weak hv_isolation_type_snp(void) 529 { 530 return false; 531 } 532 EXPORT_SYMBOL_GPL(hv_isolation_type_snp); 533 534 bool __weak hv_isolation_type_tdx(void) 535 { 536 return false; 537 } 538 EXPORT_SYMBOL_GPL(hv_isolation_type_tdx); 539 540 void __weak hv_setup_vmbus_handler(void (*handler)(void)) 541 { 542 } 543 EXPORT_SYMBOL_GPL(hv_setup_vmbus_handler); 544 545 void __weak hv_remove_vmbus_handler(void) 546 { 547 } 548 EXPORT_SYMBOL_GPL(hv_remove_vmbus_handler); 549 550 void __weak hv_setup_kexec_handler(void (*handler)(void)) 551 { 552 } 553 EXPORT_SYMBOL_GPL(hv_setup_kexec_handler); 554 555 void __weak hv_remove_kexec_handler(void) 556 { 557 } 558 EXPORT_SYMBOL_GPL(hv_remove_kexec_handler); 559 560 void __weak hv_setup_crash_handler(void (*handler)(struct pt_regs *regs)) 561 { 562 } 563 EXPORT_SYMBOL_GPL(hv_setup_crash_handler); 564 565 void __weak hv_remove_crash_handler(void) 566 { 567 } 568 EXPORT_SYMBOL_GPL(hv_remove_crash_handler); 569 570 void __weak hyperv_cleanup(void) 571 { 572 } 573 EXPORT_SYMBOL_GPL(hyperv_cleanup); 574 575 u64 __weak hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_size) 576 { 577 return HV_STATUS_INVALID_PARAMETER; 578 } 579 EXPORT_SYMBOL_GPL(hv_ghcb_hypercall); 580 581 u64 __weak hv_tdx_hypercall(u64 control, u64 param1, u64 param2) 582 { 583 return HV_STATUS_INVALID_PARAMETER; 584 } 585 EXPORT_SYMBOL_GPL(hv_tdx_hypercall); 586