1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 2015,2016 ARM Ltd.
6 * Author: Andre Przywara <andre.przywara@arm.com>
10 #include <linux/kvm.h>
11 #include <linux/kvm_host.h>
12 #include <linux/interrupt.h>
13 #include <linux/list.h>
14 #include <linux/uaccess.h>
15 #include <linux/list_sort.h>
17 #include <linux/irqchip/arm-gic-v3.h>
19 #include <asm/kvm_emulate.h>
20 #include <asm/kvm_arm.h>
21 #include <asm/kvm_mmu.h>
24 #include "vgic-mmio.h"
26 static int vgic_its_save_tables_v0(struct vgic_its *its);
27 static int vgic_its_restore_tables_v0(struct vgic_its *its);
28 static int vgic_its_commit_v0(struct vgic_its *its);
29 static int update_lpi_config(struct kvm *kvm, struct vgic_irq *irq,
30 struct kvm_vcpu *filter_vcpu, bool needs_inv);
33 * Creates a new (reference to a) struct vgic_irq for a given LPI.
34 * If this LPI is already mapped on another ITS, we increase its refcount
35 * and return a pointer to the existing structure.
36 * If this is a "new" LPI, we allocate and initialize a new struct vgic_irq.
37 * This function returns a pointer to the _unlocked_ structure.
39 static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid,
40 struct kvm_vcpu *vcpu)
42 struct vgic_dist *dist = &kvm->arch.vgic;
43 struct vgic_irq *irq = vgic_get_irq(kvm, NULL, intid), *oldirq;
47 /* In this case there is no put, since we keep the reference. */
51 irq = kzalloc(sizeof(struct vgic_irq), GFP_KERNEL_ACCOUNT);
53 return ERR_PTR(-ENOMEM);
55 INIT_LIST_HEAD(&irq->lpi_list);
56 INIT_LIST_HEAD(&irq->ap_list);
57 raw_spin_lock_init(&irq->irq_lock);
59 irq->config = VGIC_CONFIG_EDGE;
60 kref_init(&irq->refcount);
62 irq->target_vcpu = vcpu;
65 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags);
68 * There could be a race with another vgic_add_lpi(), so we need to
69 * check that we don't add a second list entry with the same LPI.
71 list_for_each_entry(oldirq, &dist->lpi_list_head, lpi_list) {
72 if (oldirq->intid != intid)
75 /* Someone was faster with adding this LPI, lets use that. */
80 * This increases the refcount, the caller is expected to
81 * call vgic_put_irq() on the returned pointer once it's
82 * finished with the IRQ.
84 vgic_get_irq_kref(irq);
89 list_add_tail(&irq->lpi_list, &dist->lpi_list_head);
90 dist->lpi_list_count++;
93 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags);
96 * We "cache" the configuration table entries in our struct vgic_irq's.
97 * However we only have those structs for mapped IRQs, so we read in
98 * the respective config data from memory here upon mapping the LPI.
100 * Should any of these fail, behave as if we couldn't create the LPI
101 * by dropping the refcount and returning the error.
103 ret = update_lpi_config(kvm, irq, NULL, false);
105 vgic_put_irq(kvm, irq);
109 ret = vgic_v3_lpi_sync_pending_status(kvm, irq);
111 vgic_put_irq(kvm, irq);
119 struct list_head dev_list;
121 /* the head for the list of ITTEs */
122 struct list_head itt_head;
123 u32 num_eventid_bits;
128 #define COLLECTION_NOT_MAPPED ((u32)~0)
130 struct its_collection {
131 struct list_head coll_list;
137 #define its_is_collection_mapped(coll) ((coll) && \
138 ((coll)->target_addr != COLLECTION_NOT_MAPPED))
141 struct list_head ite_list;
143 struct vgic_irq *irq;
144 struct its_collection *collection;
148 struct vgic_translation_cache_entry {
149 struct list_head entry;
153 struct vgic_irq *irq;
157 * struct vgic_its_abi - ITS abi ops and settings
158 * @cte_esz: collection table entry size
159 * @dte_esz: device table entry size
160 * @ite_esz: interrupt translation table entry size
161 * @save tables: save the ITS tables into guest RAM
162 * @restore_tables: restore the ITS internal structs from tables
163 * stored in guest RAM
164 * @commit: initialize the registers which expose the ABI settings,
165 * especially the entry sizes
167 struct vgic_its_abi {
171 int (*save_tables)(struct vgic_its *its);
172 int (*restore_tables)(struct vgic_its *its);
173 int (*commit)(struct vgic_its *its);
177 #define ESZ_MAX ABI_0_ESZ
179 static const struct vgic_its_abi its_table_abi_versions[] = {
181 .cte_esz = ABI_0_ESZ,
182 .dte_esz = ABI_0_ESZ,
183 .ite_esz = ABI_0_ESZ,
184 .save_tables = vgic_its_save_tables_v0,
185 .restore_tables = vgic_its_restore_tables_v0,
186 .commit = vgic_its_commit_v0,
190 #define NR_ITS_ABIS ARRAY_SIZE(its_table_abi_versions)
192 inline const struct vgic_its_abi *vgic_its_get_abi(struct vgic_its *its)
194 return &its_table_abi_versions[its->abi_rev];
197 static int vgic_its_set_abi(struct vgic_its *its, u32 rev)
199 const struct vgic_its_abi *abi;
202 abi = vgic_its_get_abi(its);
203 return abi->commit(its);
207 * Find and returns a device in the device table for an ITS.
208 * Must be called with the its_lock mutex held.
210 static struct its_device *find_its_device(struct vgic_its *its, u32 device_id)
212 struct its_device *device;
214 list_for_each_entry(device, &its->device_list, dev_list)
215 if (device_id == device->device_id)
222 * Find and returns an interrupt translation table entry (ITTE) for a given
223 * Device ID/Event ID pair on an ITS.
224 * Must be called with the its_lock mutex held.
226 static struct its_ite *find_ite(struct vgic_its *its, u32 device_id,
229 struct its_device *device;
232 device = find_its_device(its, device_id);
236 list_for_each_entry(ite, &device->itt_head, ite_list)
237 if (ite->event_id == event_id)
243 /* To be used as an iterator this macro misses the enclosing parentheses */
244 #define for_each_lpi_its(dev, ite, its) \
245 list_for_each_entry(dev, &(its)->device_list, dev_list) \
246 list_for_each_entry(ite, &(dev)->itt_head, ite_list)
248 #define GIC_LPI_OFFSET 8192
250 #define VITS_TYPER_IDBITS 16
251 #define VITS_TYPER_DEVBITS 16
252 #define VITS_DTE_MAX_DEVID_OFFSET (BIT(14) - 1)
253 #define VITS_ITE_MAX_EVENTID_OFFSET (BIT(16) - 1)
256 * Finds and returns a collection in the ITS collection table.
257 * Must be called with the its_lock mutex held.
259 static struct its_collection *find_collection(struct vgic_its *its, int coll_id)
261 struct its_collection *collection;
263 list_for_each_entry(collection, &its->collection_list, coll_list) {
264 if (coll_id == collection->collection_id)
271 #define LPI_PROP_ENABLE_BIT(p) ((p) & LPI_PROP_ENABLED)
272 #define LPI_PROP_PRIORITY(p) ((p) & 0xfc)
275 * Reads the configuration data for a given LPI from guest memory and
276 * updates the fields in struct vgic_irq.
277 * If filter_vcpu is not NULL, applies only if the IRQ is targeting this
278 * VCPU. Unconditionally applies if filter_vcpu is NULL.
280 static int update_lpi_config(struct kvm *kvm, struct vgic_irq *irq,
281 struct kvm_vcpu *filter_vcpu, bool needs_inv)
283 u64 propbase = GICR_PROPBASER_ADDRESS(kvm->arch.vgic.propbaser);
288 ret = kvm_read_guest_lock(kvm, propbase + irq->intid - GIC_LPI_OFFSET,
294 raw_spin_lock_irqsave(&irq->irq_lock, flags);
296 if (!filter_vcpu || filter_vcpu == irq->target_vcpu) {
297 irq->priority = LPI_PROP_PRIORITY(prop);
298 irq->enabled = LPI_PROP_ENABLE_BIT(prop);
301 vgic_queue_irq_unlock(kvm, irq, flags);
306 raw_spin_unlock_irqrestore(&irq->irq_lock, flags);
309 return its_prop_update_vlpi(irq->host_irq, prop, needs_inv);
315 * Create a snapshot of the current LPIs targeting @vcpu, so that we can
316 * enumerate those LPIs without holding any lock.
317 * Returns their number and puts the kmalloc'ed array into intid_ptr.
319 int vgic_copy_lpi_list(struct kvm *kvm, struct kvm_vcpu *vcpu, u32 **intid_ptr)
321 struct vgic_dist *dist = &kvm->arch.vgic;
322 struct vgic_irq *irq;
325 int irq_count, i = 0;
328 * There is an obvious race between allocating the array and LPIs
329 * being mapped/unmapped. If we ended up here as a result of a
330 * command, we're safe (locks are held, preventing another
331 * command). If coming from another path (such as enabling LPIs),
332 * we must be careful not to overrun the array.
334 irq_count = READ_ONCE(dist->lpi_list_count);
335 intids = kmalloc_array(irq_count, sizeof(intids[0]), GFP_KERNEL_ACCOUNT);
339 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags);
340 list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) {
343 /* We don't need to "get" the IRQ, as we hold the list lock. */
344 if (vcpu && irq->target_vcpu != vcpu)
346 intids[i++] = irq->intid;
348 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags);
354 static int update_affinity(struct vgic_irq *irq, struct kvm_vcpu *vcpu)
359 raw_spin_lock_irqsave(&irq->irq_lock, flags);
360 irq->target_vcpu = vcpu;
361 raw_spin_unlock_irqrestore(&irq->irq_lock, flags);
364 struct its_vlpi_map map;
366 ret = its_get_vlpi(irq->host_irq, &map);
371 atomic_dec(&map.vpe->vlpi_count);
372 map.vpe = &vcpu->arch.vgic_cpu.vgic_v3.its_vpe;
373 atomic_inc(&map.vpe->vlpi_count);
375 ret = its_map_vlpi(irq->host_irq, &map);
381 static struct kvm_vcpu *collection_to_vcpu(struct kvm *kvm,
382 struct its_collection *col)
384 return kvm_get_vcpu_by_id(kvm, col->target_addr);
388 * Promotes the ITS view of affinity of an ITTE (which redistributor this LPI
389 * is targeting) to the VGIC's view, which deals with target VCPUs.
390 * Needs to be called whenever either the collection for a LPIs has
391 * changed or the collection itself got retargeted.
393 static void update_affinity_ite(struct kvm *kvm, struct its_ite *ite)
395 struct kvm_vcpu *vcpu;
397 if (!its_is_collection_mapped(ite->collection))
400 vcpu = collection_to_vcpu(kvm, ite->collection);
401 update_affinity(ite->irq, vcpu);
405 * Updates the target VCPU for every LPI targeting this collection.
406 * Must be called with the its_lock mutex held.
408 static void update_affinity_collection(struct kvm *kvm, struct vgic_its *its,
409 struct its_collection *coll)
411 struct its_device *device;
414 for_each_lpi_its(device, ite, its) {
415 if (ite->collection != coll)
418 update_affinity_ite(kvm, ite);
422 static u32 max_lpis_propbaser(u64 propbaser)
424 int nr_idbits = (propbaser & 0x1f) + 1;
426 return 1U << min(nr_idbits, INTERRUPT_ID_BITS_ITS);
430 * Sync the pending table pending bit of LPIs targeting @vcpu
431 * with our own data structures. This relies on the LPI being
434 static int its_sync_lpi_pending_table(struct kvm_vcpu *vcpu)
436 gpa_t pendbase = GICR_PENDBASER_ADDRESS(vcpu->arch.vgic_cpu.pendbaser);
437 struct vgic_irq *irq;
438 int last_byte_offset = -1;
445 nr_irqs = vgic_copy_lpi_list(vcpu->kvm, vcpu, &intids);
449 for (i = 0; i < nr_irqs; i++) {
450 int byte_offset, bit_nr;
452 byte_offset = intids[i] / BITS_PER_BYTE;
453 bit_nr = intids[i] % BITS_PER_BYTE;
456 * For contiguously allocated LPIs chances are we just read
457 * this very same byte in the last iteration. Reuse that.
459 if (byte_offset != last_byte_offset) {
460 ret = kvm_read_guest_lock(vcpu->kvm,
461 pendbase + byte_offset,
467 last_byte_offset = byte_offset;
470 irq = vgic_get_irq(vcpu->kvm, NULL, intids[i]);
471 raw_spin_lock_irqsave(&irq->irq_lock, flags);
472 irq->pending_latch = pendmask & (1U << bit_nr);
473 vgic_queue_irq_unlock(vcpu->kvm, irq, flags);
474 vgic_put_irq(vcpu->kvm, irq);
482 static unsigned long vgic_mmio_read_its_typer(struct kvm *kvm,
483 struct vgic_its *its,
484 gpa_t addr, unsigned int len)
486 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
487 u64 reg = GITS_TYPER_PLPIS;
490 * We use linear CPU numbers for redistributor addressing,
491 * so GITS_TYPER.PTA is 0.
492 * Also we force all PROPBASER registers to be the same, so
493 * CommonLPIAff is 0 as well.
494 * To avoid memory waste in the guest, we keep the number of IDBits and
495 * DevBits low - as least for the time being.
497 reg |= GIC_ENCODE_SZ(VITS_TYPER_DEVBITS, 5) << GITS_TYPER_DEVBITS_SHIFT;
498 reg |= GIC_ENCODE_SZ(VITS_TYPER_IDBITS, 5) << GITS_TYPER_IDBITS_SHIFT;
499 reg |= GIC_ENCODE_SZ(abi->ite_esz, 4) << GITS_TYPER_ITT_ENTRY_SIZE_SHIFT;
501 return extract_bytes(reg, addr & 7, len);
504 static unsigned long vgic_mmio_read_its_iidr(struct kvm *kvm,
505 struct vgic_its *its,
506 gpa_t addr, unsigned int len)
510 val = (its->abi_rev << GITS_IIDR_REV_SHIFT) & GITS_IIDR_REV_MASK;
511 val |= (PRODUCT_ID_KVM << GITS_IIDR_PRODUCTID_SHIFT) | IMPLEMENTER_ARM;
515 static int vgic_mmio_uaccess_write_its_iidr(struct kvm *kvm,
516 struct vgic_its *its,
517 gpa_t addr, unsigned int len,
520 u32 rev = GITS_IIDR_REV(val);
522 if (rev >= NR_ITS_ABIS)
524 return vgic_its_set_abi(its, rev);
527 static unsigned long vgic_mmio_read_its_idregs(struct kvm *kvm,
528 struct vgic_its *its,
529 gpa_t addr, unsigned int len)
531 switch (addr & 0xffff) {
533 return 0x92; /* part number, bits[7:0] */
535 return 0xb4; /* part number, bits[11:8] */
537 return GIC_PIDR2_ARCH_GICv3 | 0x0b;
539 return 0x40; /* This is a 64K software visible page */
540 /* The following are the ID registers for (any) GIC. */
554 static struct vgic_irq *__vgic_its_check_cache(struct vgic_dist *dist,
556 u32 devid, u32 eventid)
558 struct vgic_translation_cache_entry *cte;
560 list_for_each_entry(cte, &dist->lpi_translation_cache, entry) {
562 * If we hit a NULL entry, there is nothing after this
568 if (cte->db != db || cte->devid != devid ||
569 cte->eventid != eventid)
573 * Move this entry to the head, as it is the most
576 if (!list_is_first(&cte->entry, &dist->lpi_translation_cache))
577 list_move(&cte->entry, &dist->lpi_translation_cache);
585 static struct vgic_irq *vgic_its_check_cache(struct kvm *kvm, phys_addr_t db,
586 u32 devid, u32 eventid)
588 struct vgic_dist *dist = &kvm->arch.vgic;
589 struct vgic_irq *irq;
592 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags);
594 irq = __vgic_its_check_cache(dist, db, devid, eventid);
596 vgic_get_irq_kref(irq);
598 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags);
603 static void vgic_its_cache_translation(struct kvm *kvm, struct vgic_its *its,
604 u32 devid, u32 eventid,
605 struct vgic_irq *irq)
607 struct vgic_dist *dist = &kvm->arch.vgic;
608 struct vgic_translation_cache_entry *cte;
612 /* Do not cache a directly injected interrupt */
616 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags);
618 if (unlikely(list_empty(&dist->lpi_translation_cache)))
622 * We could have raced with another CPU caching the same
623 * translation behind our back, so let's check it is not in
626 db = its->vgic_its_base + GITS_TRANSLATER;
627 if (__vgic_its_check_cache(dist, db, devid, eventid))
630 /* Always reuse the last entry (LRU policy) */
631 cte = list_last_entry(&dist->lpi_translation_cache,
632 typeof(*cte), entry);
635 * Caching the translation implies having an extra reference
636 * to the interrupt, so drop the potential reference on what
637 * was in the cache, and increment it on the new interrupt.
640 __vgic_put_lpi_locked(kvm, cte->irq);
642 vgic_get_irq_kref(irq);
646 cte->eventid = eventid;
649 /* Move the new translation to the head of the list */
650 list_move(&cte->entry, &dist->lpi_translation_cache);
653 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags);
656 void vgic_its_invalidate_cache(struct kvm *kvm)
658 struct vgic_dist *dist = &kvm->arch.vgic;
659 struct vgic_translation_cache_entry *cte;
662 raw_spin_lock_irqsave(&dist->lpi_list_lock, flags);
664 list_for_each_entry(cte, &dist->lpi_translation_cache, entry) {
666 * If we hit a NULL entry, there is nothing after this
672 __vgic_put_lpi_locked(kvm, cte->irq);
676 raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags);
679 int vgic_its_resolve_lpi(struct kvm *kvm, struct vgic_its *its,
680 u32 devid, u32 eventid, struct vgic_irq **irq)
682 struct kvm_vcpu *vcpu;
688 ite = find_ite(its, devid, eventid);
689 if (!ite || !its_is_collection_mapped(ite->collection))
690 return E_ITS_INT_UNMAPPED_INTERRUPT;
692 vcpu = collection_to_vcpu(kvm, ite->collection);
694 return E_ITS_INT_UNMAPPED_INTERRUPT;
696 if (!vgic_lpis_enabled(vcpu))
699 vgic_its_cache_translation(kvm, its, devid, eventid, ite->irq);
705 struct vgic_its *vgic_msi_to_its(struct kvm *kvm, struct kvm_msi *msi)
708 struct kvm_io_device *kvm_io_dev;
709 struct vgic_io_device *iodev;
711 if (!vgic_has_its(kvm))
712 return ERR_PTR(-ENODEV);
714 if (!(msi->flags & KVM_MSI_VALID_DEVID))
715 return ERR_PTR(-EINVAL);
717 address = (u64)msi->address_hi << 32 | msi->address_lo;
719 kvm_io_dev = kvm_io_bus_get_dev(kvm, KVM_MMIO_BUS, address);
721 return ERR_PTR(-EINVAL);
723 if (kvm_io_dev->ops != &kvm_io_gic_ops)
724 return ERR_PTR(-EINVAL);
726 iodev = container_of(kvm_io_dev, struct vgic_io_device, dev);
727 if (iodev->iodev_type != IODEV_ITS)
728 return ERR_PTR(-EINVAL);
734 * Find the target VCPU and the LPI number for a given devid/eventid pair
735 * and make this IRQ pending, possibly injecting it.
736 * Must be called with the its_lock mutex held.
737 * Returns 0 on success, a positive error value for any ITS mapping
738 * related errors and negative error values for generic errors.
740 static int vgic_its_trigger_msi(struct kvm *kvm, struct vgic_its *its,
741 u32 devid, u32 eventid)
743 struct vgic_irq *irq = NULL;
747 err = vgic_its_resolve_lpi(kvm, its, devid, eventid, &irq);
752 return irq_set_irqchip_state(irq->host_irq,
753 IRQCHIP_STATE_PENDING, true);
755 raw_spin_lock_irqsave(&irq->irq_lock, flags);
756 irq->pending_latch = true;
757 vgic_queue_irq_unlock(kvm, irq, flags);
762 int vgic_its_inject_cached_translation(struct kvm *kvm, struct kvm_msi *msi)
764 struct vgic_irq *irq;
768 db = (u64)msi->address_hi << 32 | msi->address_lo;
769 irq = vgic_its_check_cache(kvm, db, msi->devid, msi->data);
773 raw_spin_lock_irqsave(&irq->irq_lock, flags);
774 irq->pending_latch = true;
775 vgic_queue_irq_unlock(kvm, irq, flags);
776 vgic_put_irq(kvm, irq);
782 * Queries the KVM IO bus framework to get the ITS pointer from the given
784 * We then call vgic_its_trigger_msi() with the decoded data.
785 * According to the KVM_SIGNAL_MSI API description returns 1 on success.
787 int vgic_its_inject_msi(struct kvm *kvm, struct kvm_msi *msi)
789 struct vgic_its *its;
792 if (!vgic_its_inject_cached_translation(kvm, msi))
795 its = vgic_msi_to_its(kvm, msi);
799 mutex_lock(&its->its_lock);
800 ret = vgic_its_trigger_msi(kvm, its, msi->devid, msi->data);
801 mutex_unlock(&its->its_lock);
807 * KVM_SIGNAL_MSI demands a return value > 0 for success and 0
808 * if the guest has blocked the MSI. So we map any LPI mapping
809 * related error to that.
817 /* Requires the its_lock to be held. */
818 static void its_free_ite(struct kvm *kvm, struct its_ite *ite)
820 list_del(&ite->ite_list);
822 /* This put matches the get in vgic_add_lpi. */
825 WARN_ON(its_unmap_vlpi(ite->irq->host_irq));
827 vgic_put_irq(kvm, ite->irq);
833 static u64 its_cmd_mask_field(u64 *its_cmd, int word, int shift, int size)
835 return (le64_to_cpu(its_cmd[word]) >> shift) & (BIT_ULL(size) - 1);
838 #define its_cmd_get_command(cmd) its_cmd_mask_field(cmd, 0, 0, 8)
839 #define its_cmd_get_deviceid(cmd) its_cmd_mask_field(cmd, 0, 32, 32)
840 #define its_cmd_get_size(cmd) (its_cmd_mask_field(cmd, 1, 0, 5) + 1)
841 #define its_cmd_get_id(cmd) its_cmd_mask_field(cmd, 1, 0, 32)
842 #define its_cmd_get_physical_id(cmd) its_cmd_mask_field(cmd, 1, 32, 32)
843 #define its_cmd_get_collection(cmd) its_cmd_mask_field(cmd, 2, 0, 16)
844 #define its_cmd_get_ittaddr(cmd) (its_cmd_mask_field(cmd, 2, 8, 44) << 8)
845 #define its_cmd_get_target_addr(cmd) its_cmd_mask_field(cmd, 2, 16, 32)
846 #define its_cmd_get_validbit(cmd) its_cmd_mask_field(cmd, 2, 63, 1)
849 * The DISCARD command frees an Interrupt Translation Table Entry (ITTE).
850 * Must be called with the its_lock mutex held.
852 static int vgic_its_cmd_handle_discard(struct kvm *kvm, struct vgic_its *its,
855 u32 device_id = its_cmd_get_deviceid(its_cmd);
856 u32 event_id = its_cmd_get_id(its_cmd);
859 ite = find_ite(its, device_id, event_id);
860 if (ite && its_is_collection_mapped(ite->collection)) {
862 * Though the spec talks about removing the pending state, we
863 * don't bother here since we clear the ITTE anyway and the
864 * pending state is a property of the ITTE struct.
866 vgic_its_invalidate_cache(kvm);
868 its_free_ite(kvm, ite);
872 return E_ITS_DISCARD_UNMAPPED_INTERRUPT;
876 * The MOVI command moves an ITTE to a different collection.
877 * Must be called with the its_lock mutex held.
879 static int vgic_its_cmd_handle_movi(struct kvm *kvm, struct vgic_its *its,
882 u32 device_id = its_cmd_get_deviceid(its_cmd);
883 u32 event_id = its_cmd_get_id(its_cmd);
884 u32 coll_id = its_cmd_get_collection(its_cmd);
885 struct kvm_vcpu *vcpu;
887 struct its_collection *collection;
889 ite = find_ite(its, device_id, event_id);
891 return E_ITS_MOVI_UNMAPPED_INTERRUPT;
893 if (!its_is_collection_mapped(ite->collection))
894 return E_ITS_MOVI_UNMAPPED_COLLECTION;
896 collection = find_collection(its, coll_id);
897 if (!its_is_collection_mapped(collection))
898 return E_ITS_MOVI_UNMAPPED_COLLECTION;
900 ite->collection = collection;
901 vcpu = collection_to_vcpu(kvm, collection);
903 vgic_its_invalidate_cache(kvm);
905 return update_affinity(ite->irq, vcpu);
908 static bool __is_visible_gfn_locked(struct vgic_its *its, gpa_t gpa)
910 gfn_t gfn = gpa >> PAGE_SHIFT;
914 idx = srcu_read_lock(&its->dev->kvm->srcu);
915 ret = kvm_is_visible_gfn(its->dev->kvm, gfn);
916 srcu_read_unlock(&its->dev->kvm->srcu, idx);
921 * Check whether an ID can be stored into the corresponding guest table.
922 * For a direct table this is pretty easy, but gets a bit nasty for
923 * indirect tables. We check whether the resulting guest physical address
924 * is actually valid (covered by a memslot and guest accessible).
925 * For this we have to read the respective first level entry.
927 static bool vgic_its_check_id(struct vgic_its *its, u64 baser, u32 id,
930 int l1_tbl_size = GITS_BASER_NR_PAGES(baser) * SZ_64K;
931 u64 indirect_ptr, type = GITS_BASER_TYPE(baser);
932 phys_addr_t base = GITS_BASER_ADDR_48_to_52(baser);
933 int esz = GITS_BASER_ENTRY_SIZE(baser);
937 case GITS_BASER_TYPE_DEVICE:
938 if (id >= BIT_ULL(VITS_TYPER_DEVBITS))
941 case GITS_BASER_TYPE_COLLECTION:
942 /* as GITS_TYPER.CIL == 0, ITS supports 16-bit collection ID */
943 if (id >= BIT_ULL(16))
950 if (!(baser & GITS_BASER_INDIRECT)) {
953 if (id >= (l1_tbl_size / esz))
956 addr = base + id * esz;
961 return __is_visible_gfn_locked(its, addr);
964 /* calculate and check the index into the 1st level */
965 index = id / (SZ_64K / esz);
966 if (index >= (l1_tbl_size / sizeof(u64)))
969 /* Each 1st level entry is represented by a 64-bit value. */
970 if (kvm_read_guest_lock(its->dev->kvm,
971 base + index * sizeof(indirect_ptr),
972 &indirect_ptr, sizeof(indirect_ptr)))
975 indirect_ptr = le64_to_cpu(indirect_ptr);
977 /* check the valid bit of the first level entry */
978 if (!(indirect_ptr & BIT_ULL(63)))
981 /* Mask the guest physical address and calculate the frame number. */
982 indirect_ptr &= GENMASK_ULL(51, 16);
984 /* Find the address of the actual entry */
985 index = id % (SZ_64K / esz);
986 indirect_ptr += index * esz;
989 *eaddr = indirect_ptr;
991 return __is_visible_gfn_locked(its, indirect_ptr);
995 * Check whether an event ID can be stored in the corresponding Interrupt
996 * Translation Table, which starts at device->itt_addr.
998 static bool vgic_its_check_event_id(struct vgic_its *its, struct its_device *device,
1001 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
1002 int ite_esz = abi->ite_esz;
1005 /* max table size is: BIT_ULL(device->num_eventid_bits) * ite_esz */
1006 if (event_id >= BIT_ULL(device->num_eventid_bits))
1009 gpa = device->itt_addr + event_id * ite_esz;
1010 return __is_visible_gfn_locked(its, gpa);
1014 * Add a new collection into the ITS collection table.
1015 * Returns 0 on success, and a negative error value for generic errors.
1017 static int vgic_its_alloc_collection(struct vgic_its *its,
1018 struct its_collection **colp,
1021 struct its_collection *collection;
1023 collection = kzalloc(sizeof(*collection), GFP_KERNEL_ACCOUNT);
1027 collection->collection_id = coll_id;
1028 collection->target_addr = COLLECTION_NOT_MAPPED;
1030 list_add_tail(&collection->coll_list, &its->collection_list);
1036 static void vgic_its_free_collection(struct vgic_its *its, u32 coll_id)
1038 struct its_collection *collection;
1039 struct its_device *device;
1040 struct its_ite *ite;
1043 * Clearing the mapping for that collection ID removes the
1044 * entry from the list. If there wasn't any before, we can
1047 collection = find_collection(its, coll_id);
1051 for_each_lpi_its(device, ite, its)
1052 if (ite->collection &&
1053 ite->collection->collection_id == coll_id)
1054 ite->collection = NULL;
1056 list_del(&collection->coll_list);
1060 /* Must be called with its_lock mutex held */
1061 static struct its_ite *vgic_its_alloc_ite(struct its_device *device,
1062 struct its_collection *collection,
1065 struct its_ite *ite;
1067 ite = kzalloc(sizeof(*ite), GFP_KERNEL_ACCOUNT);
1069 return ERR_PTR(-ENOMEM);
1071 ite->event_id = event_id;
1072 ite->collection = collection;
1074 list_add_tail(&ite->ite_list, &device->itt_head);
1079 * The MAPTI and MAPI commands map LPIs to ITTEs.
1080 * Must be called with its_lock mutex held.
1082 static int vgic_its_cmd_handle_mapi(struct kvm *kvm, struct vgic_its *its,
1085 u32 device_id = its_cmd_get_deviceid(its_cmd);
1086 u32 event_id = its_cmd_get_id(its_cmd);
1087 u32 coll_id = its_cmd_get_collection(its_cmd);
1088 struct its_ite *ite;
1089 struct kvm_vcpu *vcpu = NULL;
1090 struct its_device *device;
1091 struct its_collection *collection, *new_coll = NULL;
1092 struct vgic_irq *irq;
1095 device = find_its_device(its, device_id);
1097 return E_ITS_MAPTI_UNMAPPED_DEVICE;
1099 if (!vgic_its_check_event_id(its, device, event_id))
1100 return E_ITS_MAPTI_ID_OOR;
1102 if (its_cmd_get_command(its_cmd) == GITS_CMD_MAPTI)
1103 lpi_nr = its_cmd_get_physical_id(its_cmd);
1106 if (lpi_nr < GIC_LPI_OFFSET ||
1107 lpi_nr >= max_lpis_propbaser(kvm->arch.vgic.propbaser))
1108 return E_ITS_MAPTI_PHYSICALID_OOR;
1110 /* If there is an existing mapping, behavior is UNPREDICTABLE. */
1111 if (find_ite(its, device_id, event_id))
1114 collection = find_collection(its, coll_id);
1118 if (!vgic_its_check_id(its, its->baser_coll_table, coll_id, NULL))
1119 return E_ITS_MAPC_COLLECTION_OOR;
1121 ret = vgic_its_alloc_collection(its, &collection, coll_id);
1124 new_coll = collection;
1127 ite = vgic_its_alloc_ite(device, collection, event_id);
1130 vgic_its_free_collection(its, coll_id);
1131 return PTR_ERR(ite);
1134 if (its_is_collection_mapped(collection))
1135 vcpu = collection_to_vcpu(kvm, collection);
1137 irq = vgic_add_lpi(kvm, lpi_nr, vcpu);
1140 vgic_its_free_collection(its, coll_id);
1141 its_free_ite(kvm, ite);
1142 return PTR_ERR(irq);
1149 /* Requires the its_lock to be held. */
1150 static void vgic_its_free_device(struct kvm *kvm, struct its_device *device)
1152 struct its_ite *ite, *temp;
1155 * The spec says that unmapping a device with still valid
1156 * ITTEs associated is UNPREDICTABLE. We remove all ITTEs,
1157 * since we cannot leave the memory unreferenced.
1159 list_for_each_entry_safe(ite, temp, &device->itt_head, ite_list)
1160 its_free_ite(kvm, ite);
1162 vgic_its_invalidate_cache(kvm);
1164 list_del(&device->dev_list);
1168 /* its lock must be held */
1169 static void vgic_its_free_device_list(struct kvm *kvm, struct vgic_its *its)
1171 struct its_device *cur, *temp;
1173 list_for_each_entry_safe(cur, temp, &its->device_list, dev_list)
1174 vgic_its_free_device(kvm, cur);
1177 /* its lock must be held */
1178 static void vgic_its_free_collection_list(struct kvm *kvm, struct vgic_its *its)
1180 struct its_collection *cur, *temp;
1182 list_for_each_entry_safe(cur, temp, &its->collection_list, coll_list)
1183 vgic_its_free_collection(its, cur->collection_id);
1186 /* Must be called with its_lock mutex held */
1187 static struct its_device *vgic_its_alloc_device(struct vgic_its *its,
1188 u32 device_id, gpa_t itt_addr,
1189 u8 num_eventid_bits)
1191 struct its_device *device;
1193 device = kzalloc(sizeof(*device), GFP_KERNEL_ACCOUNT);
1195 return ERR_PTR(-ENOMEM);
1197 device->device_id = device_id;
1198 device->itt_addr = itt_addr;
1199 device->num_eventid_bits = num_eventid_bits;
1200 INIT_LIST_HEAD(&device->itt_head);
1202 list_add_tail(&device->dev_list, &its->device_list);
1207 * MAPD maps or unmaps a device ID to Interrupt Translation Tables (ITTs).
1208 * Must be called with the its_lock mutex held.
1210 static int vgic_its_cmd_handle_mapd(struct kvm *kvm, struct vgic_its *its,
1213 u32 device_id = its_cmd_get_deviceid(its_cmd);
1214 bool valid = its_cmd_get_validbit(its_cmd);
1215 u8 num_eventid_bits = its_cmd_get_size(its_cmd);
1216 gpa_t itt_addr = its_cmd_get_ittaddr(its_cmd);
1217 struct its_device *device;
1219 if (!vgic_its_check_id(its, its->baser_device_table, device_id, NULL))
1220 return E_ITS_MAPD_DEVICE_OOR;
1222 if (valid && num_eventid_bits > VITS_TYPER_IDBITS)
1223 return E_ITS_MAPD_ITTSIZE_OOR;
1225 device = find_its_device(its, device_id);
1228 * The spec says that calling MAPD on an already mapped device
1229 * invalidates all cached data for this device. We implement this
1230 * by removing the mapping and re-establishing it.
1233 vgic_its_free_device(kvm, device);
1236 * The spec does not say whether unmapping a not-mapped device
1237 * is an error, so we are done in any case.
1242 device = vgic_its_alloc_device(its, device_id, itt_addr,
1245 return PTR_ERR_OR_ZERO(device);
1249 * The MAPC command maps collection IDs to redistributors.
1250 * Must be called with the its_lock mutex held.
1252 static int vgic_its_cmd_handle_mapc(struct kvm *kvm, struct vgic_its *its,
1256 struct its_collection *collection;
1259 valid = its_cmd_get_validbit(its_cmd);
1260 coll_id = its_cmd_get_collection(its_cmd);
1263 vgic_its_free_collection(its, coll_id);
1264 vgic_its_invalidate_cache(kvm);
1266 struct kvm_vcpu *vcpu;
1268 vcpu = kvm_get_vcpu_by_id(kvm, its_cmd_get_target_addr(its_cmd));
1270 return E_ITS_MAPC_PROCNUM_OOR;
1272 collection = find_collection(its, coll_id);
1277 if (!vgic_its_check_id(its, its->baser_coll_table,
1279 return E_ITS_MAPC_COLLECTION_OOR;
1281 ret = vgic_its_alloc_collection(its, &collection,
1285 collection->target_addr = vcpu->vcpu_id;
1287 collection->target_addr = vcpu->vcpu_id;
1288 update_affinity_collection(kvm, its, collection);
1296 * The CLEAR command removes the pending state for a particular LPI.
1297 * Must be called with the its_lock mutex held.
1299 static int vgic_its_cmd_handle_clear(struct kvm *kvm, struct vgic_its *its,
1302 u32 device_id = its_cmd_get_deviceid(its_cmd);
1303 u32 event_id = its_cmd_get_id(its_cmd);
1304 struct its_ite *ite;
1307 ite = find_ite(its, device_id, event_id);
1309 return E_ITS_CLEAR_UNMAPPED_INTERRUPT;
1311 ite->irq->pending_latch = false;
1314 return irq_set_irqchip_state(ite->irq->host_irq,
1315 IRQCHIP_STATE_PENDING, false);
1320 int vgic_its_inv_lpi(struct kvm *kvm, struct vgic_irq *irq)
1322 return update_lpi_config(kvm, irq, NULL, true);
1326 * The INV command syncs the configuration bits from the memory table.
1327 * Must be called with the its_lock mutex held.
1329 static int vgic_its_cmd_handle_inv(struct kvm *kvm, struct vgic_its *its,
1332 u32 device_id = its_cmd_get_deviceid(its_cmd);
1333 u32 event_id = its_cmd_get_id(its_cmd);
1334 struct its_ite *ite;
1337 ite = find_ite(its, device_id, event_id);
1339 return E_ITS_INV_UNMAPPED_INTERRUPT;
1341 return vgic_its_inv_lpi(kvm, ite->irq);
1345 * vgic_its_invall - invalidate all LPIs targetting a given vcpu
1346 * @vcpu: the vcpu for which the RD is targetted by an invalidation
1348 * Contrary to the INVALL command, this targets a RD instead of a
1349 * collection, and we don't need to hold the its_lock, since no ITS is
1352 int vgic_its_invall(struct kvm_vcpu *vcpu)
1354 struct kvm *kvm = vcpu->kvm;
1355 int irq_count, i = 0;
1358 irq_count = vgic_copy_lpi_list(kvm, vcpu, &intids);
1362 for (i = 0; i < irq_count; i++) {
1363 struct vgic_irq *irq = vgic_get_irq(kvm, NULL, intids[i]);
1366 update_lpi_config(kvm, irq, vcpu, false);
1367 vgic_put_irq(kvm, irq);
1372 if (vcpu->arch.vgic_cpu.vgic_v3.its_vpe.its_vm)
1373 its_invall_vpe(&vcpu->arch.vgic_cpu.vgic_v3.its_vpe);
1379 * The INVALL command requests flushing of all IRQ data in this collection.
1380 * Find the VCPU mapped to that collection, then iterate over the VM's list
1381 * of mapped LPIs and update the configuration for each IRQ which targets
1382 * the specified vcpu. The configuration will be read from the in-memory
1383 * configuration table.
1384 * Must be called with the its_lock mutex held.
1386 static int vgic_its_cmd_handle_invall(struct kvm *kvm, struct vgic_its *its,
1389 u32 coll_id = its_cmd_get_collection(its_cmd);
1390 struct its_collection *collection;
1391 struct kvm_vcpu *vcpu;
1393 collection = find_collection(its, coll_id);
1394 if (!its_is_collection_mapped(collection))
1395 return E_ITS_INVALL_UNMAPPED_COLLECTION;
1397 vcpu = collection_to_vcpu(kvm, collection);
1398 vgic_its_invall(vcpu);
1404 * The MOVALL command moves the pending state of all IRQs targeting one
1405 * redistributor to another. We don't hold the pending state in the VCPUs,
1406 * but in the IRQs instead, so there is really not much to do for us here.
1407 * However the spec says that no IRQ must target the old redistributor
1408 * afterwards, so we make sure that no LPI is using the associated target_vcpu.
1409 * This command affects all LPIs in the system that target that redistributor.
1411 static int vgic_its_cmd_handle_movall(struct kvm *kvm, struct vgic_its *its,
1414 struct kvm_vcpu *vcpu1, *vcpu2;
1415 struct vgic_irq *irq;
1419 /* We advertise GITS_TYPER.PTA==0, making the address the vcpu ID */
1420 vcpu1 = kvm_get_vcpu_by_id(kvm, its_cmd_get_target_addr(its_cmd));
1421 vcpu2 = kvm_get_vcpu_by_id(kvm, its_cmd_mask_field(its_cmd, 3, 16, 32));
1423 if (!vcpu1 || !vcpu2)
1424 return E_ITS_MOVALL_PROCNUM_OOR;
1429 irq_count = vgic_copy_lpi_list(kvm, vcpu1, &intids);
1433 for (i = 0; i < irq_count; i++) {
1434 irq = vgic_get_irq(kvm, NULL, intids[i]);
1436 update_affinity(irq, vcpu2);
1438 vgic_put_irq(kvm, irq);
1441 vgic_its_invalidate_cache(kvm);
1448 * The INT command injects the LPI associated with that DevID/EvID pair.
1449 * Must be called with the its_lock mutex held.
1451 static int vgic_its_cmd_handle_int(struct kvm *kvm, struct vgic_its *its,
1454 u32 msi_data = its_cmd_get_id(its_cmd);
1455 u64 msi_devid = its_cmd_get_deviceid(its_cmd);
1457 return vgic_its_trigger_msi(kvm, its, msi_devid, msi_data);
1461 * This function is called with the its_cmd lock held, but the ITS data
1462 * structure lock dropped.
1464 static int vgic_its_handle_command(struct kvm *kvm, struct vgic_its *its,
1469 mutex_lock(&its->its_lock);
1470 switch (its_cmd_get_command(its_cmd)) {
1472 ret = vgic_its_cmd_handle_mapd(kvm, its, its_cmd);
1475 ret = vgic_its_cmd_handle_mapc(kvm, its, its_cmd);
1478 ret = vgic_its_cmd_handle_mapi(kvm, its, its_cmd);
1480 case GITS_CMD_MAPTI:
1481 ret = vgic_its_cmd_handle_mapi(kvm, its, its_cmd);
1484 ret = vgic_its_cmd_handle_movi(kvm, its, its_cmd);
1486 case GITS_CMD_DISCARD:
1487 ret = vgic_its_cmd_handle_discard(kvm, its, its_cmd);
1489 case GITS_CMD_CLEAR:
1490 ret = vgic_its_cmd_handle_clear(kvm, its, its_cmd);
1492 case GITS_CMD_MOVALL:
1493 ret = vgic_its_cmd_handle_movall(kvm, its, its_cmd);
1496 ret = vgic_its_cmd_handle_int(kvm, its, its_cmd);
1499 ret = vgic_its_cmd_handle_inv(kvm, its, its_cmd);
1501 case GITS_CMD_INVALL:
1502 ret = vgic_its_cmd_handle_invall(kvm, its, its_cmd);
1505 /* we ignore this command: we are in sync all of the time */
1509 mutex_unlock(&its->its_lock);
1514 static u64 vgic_sanitise_its_baser(u64 reg)
1516 reg = vgic_sanitise_field(reg, GITS_BASER_SHAREABILITY_MASK,
1517 GITS_BASER_SHAREABILITY_SHIFT,
1518 vgic_sanitise_shareability);
1519 reg = vgic_sanitise_field(reg, GITS_BASER_INNER_CACHEABILITY_MASK,
1520 GITS_BASER_INNER_CACHEABILITY_SHIFT,
1521 vgic_sanitise_inner_cacheability);
1522 reg = vgic_sanitise_field(reg, GITS_BASER_OUTER_CACHEABILITY_MASK,
1523 GITS_BASER_OUTER_CACHEABILITY_SHIFT,
1524 vgic_sanitise_outer_cacheability);
1526 /* We support only one (ITS) page size: 64K */
1527 reg = (reg & ~GITS_BASER_PAGE_SIZE_MASK) | GITS_BASER_PAGE_SIZE_64K;
1532 static u64 vgic_sanitise_its_cbaser(u64 reg)
1534 reg = vgic_sanitise_field(reg, GITS_CBASER_SHAREABILITY_MASK,
1535 GITS_CBASER_SHAREABILITY_SHIFT,
1536 vgic_sanitise_shareability);
1537 reg = vgic_sanitise_field(reg, GITS_CBASER_INNER_CACHEABILITY_MASK,
1538 GITS_CBASER_INNER_CACHEABILITY_SHIFT,
1539 vgic_sanitise_inner_cacheability);
1540 reg = vgic_sanitise_field(reg, GITS_CBASER_OUTER_CACHEABILITY_MASK,
1541 GITS_CBASER_OUTER_CACHEABILITY_SHIFT,
1542 vgic_sanitise_outer_cacheability);
1544 /* Sanitise the physical address to be 64k aligned. */
1545 reg &= ~GENMASK_ULL(15, 12);
1550 static unsigned long vgic_mmio_read_its_cbaser(struct kvm *kvm,
1551 struct vgic_its *its,
1552 gpa_t addr, unsigned int len)
1554 return extract_bytes(its->cbaser, addr & 7, len);
1557 static void vgic_mmio_write_its_cbaser(struct kvm *kvm, struct vgic_its *its,
1558 gpa_t addr, unsigned int len,
1561 /* When GITS_CTLR.Enable is 1, this register is RO. */
1565 mutex_lock(&its->cmd_lock);
1566 its->cbaser = update_64bit_reg(its->cbaser, addr & 7, len, val);
1567 its->cbaser = vgic_sanitise_its_cbaser(its->cbaser);
1570 * CWRITER is architecturally UNKNOWN on reset, but we need to reset
1571 * it to CREADR to make sure we start with an empty command buffer.
1573 its->cwriter = its->creadr;
1574 mutex_unlock(&its->cmd_lock);
1577 #define ITS_CMD_BUFFER_SIZE(baser) ((((baser) & 0xff) + 1) << 12)
1578 #define ITS_CMD_SIZE 32
1579 #define ITS_CMD_OFFSET(reg) ((reg) & GENMASK(19, 5))
1581 /* Must be called with the cmd_lock held. */
1582 static void vgic_its_process_commands(struct kvm *kvm, struct vgic_its *its)
1587 /* Commands are only processed when the ITS is enabled. */
1591 cbaser = GITS_CBASER_ADDRESS(its->cbaser);
1593 while (its->cwriter != its->creadr) {
1594 int ret = kvm_read_guest_lock(kvm, cbaser + its->creadr,
1595 cmd_buf, ITS_CMD_SIZE);
1597 * If kvm_read_guest() fails, this could be due to the guest
1598 * programming a bogus value in CBASER or something else going
1599 * wrong from which we cannot easily recover.
1600 * According to section 6.3.2 in the GICv3 spec we can just
1601 * ignore that command then.
1604 vgic_its_handle_command(kvm, its, cmd_buf);
1606 its->creadr += ITS_CMD_SIZE;
1607 if (its->creadr == ITS_CMD_BUFFER_SIZE(its->cbaser))
1613 * By writing to CWRITER the guest announces new commands to be processed.
1614 * To avoid any races in the first place, we take the its_cmd lock, which
1615 * protects our ring buffer variables, so that there is only one user
1616 * per ITS handling commands at a given time.
1618 static void vgic_mmio_write_its_cwriter(struct kvm *kvm, struct vgic_its *its,
1619 gpa_t addr, unsigned int len,
1627 mutex_lock(&its->cmd_lock);
1629 reg = update_64bit_reg(its->cwriter, addr & 7, len, val);
1630 reg = ITS_CMD_OFFSET(reg);
1631 if (reg >= ITS_CMD_BUFFER_SIZE(its->cbaser)) {
1632 mutex_unlock(&its->cmd_lock);
1637 vgic_its_process_commands(kvm, its);
1639 mutex_unlock(&its->cmd_lock);
1642 static unsigned long vgic_mmio_read_its_cwriter(struct kvm *kvm,
1643 struct vgic_its *its,
1644 gpa_t addr, unsigned int len)
1646 return extract_bytes(its->cwriter, addr & 0x7, len);
1649 static unsigned long vgic_mmio_read_its_creadr(struct kvm *kvm,
1650 struct vgic_its *its,
1651 gpa_t addr, unsigned int len)
1653 return extract_bytes(its->creadr, addr & 0x7, len);
1656 static int vgic_mmio_uaccess_write_its_creadr(struct kvm *kvm,
1657 struct vgic_its *its,
1658 gpa_t addr, unsigned int len,
1664 mutex_lock(&its->cmd_lock);
1671 cmd_offset = ITS_CMD_OFFSET(val);
1672 if (cmd_offset >= ITS_CMD_BUFFER_SIZE(its->cbaser)) {
1677 its->creadr = cmd_offset;
1679 mutex_unlock(&its->cmd_lock);
1683 #define BASER_INDEX(addr) (((addr) / sizeof(u64)) & 0x7)
1684 static unsigned long vgic_mmio_read_its_baser(struct kvm *kvm,
1685 struct vgic_its *its,
1686 gpa_t addr, unsigned int len)
1690 switch (BASER_INDEX(addr)) {
1692 reg = its->baser_device_table;
1695 reg = its->baser_coll_table;
1702 return extract_bytes(reg, addr & 7, len);
1705 #define GITS_BASER_RO_MASK (GENMASK_ULL(52, 48) | GENMASK_ULL(58, 56))
1706 static void vgic_mmio_write_its_baser(struct kvm *kvm,
1707 struct vgic_its *its,
1708 gpa_t addr, unsigned int len,
1711 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
1712 u64 entry_size, table_type;
1713 u64 reg, *regptr, clearbits = 0;
1715 /* When GITS_CTLR.Enable is 1, we ignore write accesses. */
1719 switch (BASER_INDEX(addr)) {
1721 regptr = &its->baser_device_table;
1722 entry_size = abi->dte_esz;
1723 table_type = GITS_BASER_TYPE_DEVICE;
1726 regptr = &its->baser_coll_table;
1727 entry_size = abi->cte_esz;
1728 table_type = GITS_BASER_TYPE_COLLECTION;
1729 clearbits = GITS_BASER_INDIRECT;
1735 reg = update_64bit_reg(*regptr, addr & 7, len, val);
1736 reg &= ~GITS_BASER_RO_MASK;
1739 reg |= (entry_size - 1) << GITS_BASER_ENTRY_SIZE_SHIFT;
1740 reg |= table_type << GITS_BASER_TYPE_SHIFT;
1741 reg = vgic_sanitise_its_baser(reg);
1745 if (!(reg & GITS_BASER_VALID)) {
1746 /* Take the its_lock to prevent a race with a save/restore */
1747 mutex_lock(&its->its_lock);
1748 switch (table_type) {
1749 case GITS_BASER_TYPE_DEVICE:
1750 vgic_its_free_device_list(kvm, its);
1752 case GITS_BASER_TYPE_COLLECTION:
1753 vgic_its_free_collection_list(kvm, its);
1756 mutex_unlock(&its->its_lock);
1760 static unsigned long vgic_mmio_read_its_ctlr(struct kvm *vcpu,
1761 struct vgic_its *its,
1762 gpa_t addr, unsigned int len)
1766 mutex_lock(&its->cmd_lock);
1767 if (its->creadr == its->cwriter)
1768 reg |= GITS_CTLR_QUIESCENT;
1770 reg |= GITS_CTLR_ENABLE;
1771 mutex_unlock(&its->cmd_lock);
1776 static void vgic_mmio_write_its_ctlr(struct kvm *kvm, struct vgic_its *its,
1777 gpa_t addr, unsigned int len,
1780 mutex_lock(&its->cmd_lock);
1783 * It is UNPREDICTABLE to enable the ITS if any of the CBASER or
1784 * device/collection BASER are invalid
1786 if (!its->enabled && (val & GITS_CTLR_ENABLE) &&
1787 (!(its->baser_device_table & GITS_BASER_VALID) ||
1788 !(its->baser_coll_table & GITS_BASER_VALID) ||
1789 !(its->cbaser & GITS_CBASER_VALID)))
1792 its->enabled = !!(val & GITS_CTLR_ENABLE);
1794 vgic_its_invalidate_cache(kvm);
1797 * Try to process any pending commands. This function bails out early
1798 * if the ITS is disabled or no commands have been queued.
1800 vgic_its_process_commands(kvm, its);
1803 mutex_unlock(&its->cmd_lock);
1806 #define REGISTER_ITS_DESC(off, rd, wr, length, acc) \
1808 .reg_offset = off, \
1810 .access_flags = acc, \
1815 #define REGISTER_ITS_DESC_UACCESS(off, rd, wr, uwr, length, acc)\
1817 .reg_offset = off, \
1819 .access_flags = acc, \
1822 .uaccess_its_write = uwr, \
1825 static void its_mmio_write_wi(struct kvm *kvm, struct vgic_its *its,
1826 gpa_t addr, unsigned int len, unsigned long val)
1831 static struct vgic_register_region its_registers[] = {
1832 REGISTER_ITS_DESC(GITS_CTLR,
1833 vgic_mmio_read_its_ctlr, vgic_mmio_write_its_ctlr, 4,
1835 REGISTER_ITS_DESC_UACCESS(GITS_IIDR,
1836 vgic_mmio_read_its_iidr, its_mmio_write_wi,
1837 vgic_mmio_uaccess_write_its_iidr, 4,
1839 REGISTER_ITS_DESC(GITS_TYPER,
1840 vgic_mmio_read_its_typer, its_mmio_write_wi, 8,
1841 VGIC_ACCESS_64bit | VGIC_ACCESS_32bit),
1842 REGISTER_ITS_DESC(GITS_CBASER,
1843 vgic_mmio_read_its_cbaser, vgic_mmio_write_its_cbaser, 8,
1844 VGIC_ACCESS_64bit | VGIC_ACCESS_32bit),
1845 REGISTER_ITS_DESC(GITS_CWRITER,
1846 vgic_mmio_read_its_cwriter, vgic_mmio_write_its_cwriter, 8,
1847 VGIC_ACCESS_64bit | VGIC_ACCESS_32bit),
1848 REGISTER_ITS_DESC_UACCESS(GITS_CREADR,
1849 vgic_mmio_read_its_creadr, its_mmio_write_wi,
1850 vgic_mmio_uaccess_write_its_creadr, 8,
1851 VGIC_ACCESS_64bit | VGIC_ACCESS_32bit),
1852 REGISTER_ITS_DESC(GITS_BASER,
1853 vgic_mmio_read_its_baser, vgic_mmio_write_its_baser, 0x40,
1854 VGIC_ACCESS_64bit | VGIC_ACCESS_32bit),
1855 REGISTER_ITS_DESC(GITS_IDREGS_BASE,
1856 vgic_mmio_read_its_idregs, its_mmio_write_wi, 0x30,
1860 /* This is called on setting the LPI enable bit in the redistributor. */
1861 void vgic_enable_lpis(struct kvm_vcpu *vcpu)
1863 if (!(vcpu->arch.vgic_cpu.pendbaser & GICR_PENDBASER_PTZ))
1864 its_sync_lpi_pending_table(vcpu);
1867 static int vgic_register_its_iodev(struct kvm *kvm, struct vgic_its *its,
1870 struct vgic_io_device *iodev = &its->iodev;
1873 mutex_lock(&kvm->slots_lock);
1874 if (!IS_VGIC_ADDR_UNDEF(its->vgic_its_base)) {
1879 its->vgic_its_base = addr;
1880 iodev->regions = its_registers;
1881 iodev->nr_regions = ARRAY_SIZE(its_registers);
1882 kvm_iodevice_init(&iodev->dev, &kvm_io_gic_ops);
1884 iodev->base_addr = its->vgic_its_base;
1885 iodev->iodev_type = IODEV_ITS;
1887 ret = kvm_io_bus_register_dev(kvm, KVM_MMIO_BUS, iodev->base_addr,
1888 KVM_VGIC_V3_ITS_SIZE, &iodev->dev);
1890 mutex_unlock(&kvm->slots_lock);
1895 /* Default is 16 cached LPIs per vcpu */
1896 #define LPI_DEFAULT_PCPU_CACHE_SIZE 16
1898 void vgic_lpi_translation_cache_init(struct kvm *kvm)
1900 struct vgic_dist *dist = &kvm->arch.vgic;
1904 if (!list_empty(&dist->lpi_translation_cache))
1907 sz = atomic_read(&kvm->online_vcpus) * LPI_DEFAULT_PCPU_CACHE_SIZE;
1909 for (i = 0; i < sz; i++) {
1910 struct vgic_translation_cache_entry *cte;
1912 /* An allocation failure is not fatal */
1913 cte = kzalloc(sizeof(*cte), GFP_KERNEL_ACCOUNT);
1917 INIT_LIST_HEAD(&cte->entry);
1918 list_add(&cte->entry, &dist->lpi_translation_cache);
1922 void vgic_lpi_translation_cache_destroy(struct kvm *kvm)
1924 struct vgic_dist *dist = &kvm->arch.vgic;
1925 struct vgic_translation_cache_entry *cte, *tmp;
1927 vgic_its_invalidate_cache(kvm);
1929 list_for_each_entry_safe(cte, tmp,
1930 &dist->lpi_translation_cache, entry) {
1931 list_del(&cte->entry);
1936 #define INITIAL_BASER_VALUE \
1937 (GIC_BASER_CACHEABILITY(GITS_BASER, INNER, RaWb) | \
1938 GIC_BASER_CACHEABILITY(GITS_BASER, OUTER, SameAsInner) | \
1939 GIC_BASER_SHAREABILITY(GITS_BASER, InnerShareable) | \
1940 GITS_BASER_PAGE_SIZE_64K)
1942 #define INITIAL_PROPBASER_VALUE \
1943 (GIC_BASER_CACHEABILITY(GICR_PROPBASER, INNER, RaWb) | \
1944 GIC_BASER_CACHEABILITY(GICR_PROPBASER, OUTER, SameAsInner) | \
1945 GIC_BASER_SHAREABILITY(GICR_PROPBASER, InnerShareable))
1947 static int vgic_its_create(struct kvm_device *dev, u32 type)
1950 struct vgic_its *its;
1952 if (type != KVM_DEV_TYPE_ARM_VGIC_ITS)
1955 its = kzalloc(sizeof(struct vgic_its), GFP_KERNEL_ACCOUNT);
1959 mutex_lock(&dev->kvm->arch.config_lock);
1961 if (vgic_initialized(dev->kvm)) {
1962 ret = vgic_v4_init(dev->kvm);
1964 mutex_unlock(&dev->kvm->arch.config_lock);
1969 vgic_lpi_translation_cache_init(dev->kvm);
1972 mutex_init(&its->its_lock);
1973 mutex_init(&its->cmd_lock);
1975 /* Yep, even more trickery for lock ordering... */
1976 #ifdef CONFIG_LOCKDEP
1977 mutex_lock(&its->cmd_lock);
1978 mutex_lock(&its->its_lock);
1979 mutex_unlock(&its->its_lock);
1980 mutex_unlock(&its->cmd_lock);
1983 its->vgic_its_base = VGIC_ADDR_UNDEF;
1985 INIT_LIST_HEAD(&its->device_list);
1986 INIT_LIST_HEAD(&its->collection_list);
1988 dev->kvm->arch.vgic.msis_require_devid = true;
1989 dev->kvm->arch.vgic.has_its = true;
1990 its->enabled = false;
1993 its->baser_device_table = INITIAL_BASER_VALUE |
1994 ((u64)GITS_BASER_TYPE_DEVICE << GITS_BASER_TYPE_SHIFT);
1995 its->baser_coll_table = INITIAL_BASER_VALUE |
1996 ((u64)GITS_BASER_TYPE_COLLECTION << GITS_BASER_TYPE_SHIFT);
1997 dev->kvm->arch.vgic.propbaser = INITIAL_PROPBASER_VALUE;
2001 ret = vgic_its_set_abi(its, NR_ITS_ABIS - 1);
2003 mutex_unlock(&dev->kvm->arch.config_lock);
2008 static void vgic_its_destroy(struct kvm_device *kvm_dev)
2010 struct kvm *kvm = kvm_dev->kvm;
2011 struct vgic_its *its = kvm_dev->private;
2013 mutex_lock(&its->its_lock);
2015 vgic_its_free_device_list(kvm, its);
2016 vgic_its_free_collection_list(kvm, its);
2018 mutex_unlock(&its->its_lock);
2020 kfree(kvm_dev);/* alloc by kvm_ioctl_create_device, free by .destroy */
2023 static int vgic_its_has_attr_regs(struct kvm_device *dev,
2024 struct kvm_device_attr *attr)
2026 const struct vgic_register_region *region;
2027 gpa_t offset = attr->attr;
2030 align = (offset < GITS_TYPER) || (offset >= GITS_PIDR4) ? 0x3 : 0x7;
2035 region = vgic_find_mmio_region(its_registers,
2036 ARRAY_SIZE(its_registers),
2044 static int vgic_its_attr_regs_access(struct kvm_device *dev,
2045 struct kvm_device_attr *attr,
2046 u64 *reg, bool is_write)
2048 const struct vgic_register_region *region;
2049 struct vgic_its *its;
2055 offset = attr->attr;
2058 * Although the spec supports upper/lower 32-bit accesses to
2059 * 64-bit ITS registers, the userspace ABI requires 64-bit
2060 * accesses to all 64-bit wide registers. We therefore only
2061 * support 32-bit accesses to GITS_CTLR, GITS_IIDR and GITS ID
2064 if ((offset < GITS_TYPER) || (offset >= GITS_PIDR4))
2072 mutex_lock(&dev->kvm->lock);
2074 if (!lock_all_vcpus(dev->kvm)) {
2075 mutex_unlock(&dev->kvm->lock);
2079 mutex_lock(&dev->kvm->arch.config_lock);
2081 if (IS_VGIC_ADDR_UNDEF(its->vgic_its_base)) {
2086 region = vgic_find_mmio_region(its_registers,
2087 ARRAY_SIZE(its_registers),
2094 addr = its->vgic_its_base + offset;
2096 len = region->access_flags & VGIC_ACCESS_64bit ? 8 : 4;
2099 if (region->uaccess_its_write)
2100 ret = region->uaccess_its_write(dev->kvm, its, addr,
2103 region->its_write(dev->kvm, its, addr, len, *reg);
2105 *reg = region->its_read(dev->kvm, its, addr, len);
2108 mutex_unlock(&dev->kvm->arch.config_lock);
2109 unlock_all_vcpus(dev->kvm);
2110 mutex_unlock(&dev->kvm->lock);
2114 static u32 compute_next_devid_offset(struct list_head *h,
2115 struct its_device *dev)
2117 struct its_device *next;
2120 if (list_is_last(&dev->dev_list, h))
2122 next = list_next_entry(dev, dev_list);
2123 next_offset = next->device_id - dev->device_id;
2125 return min_t(u32, next_offset, VITS_DTE_MAX_DEVID_OFFSET);
2128 static u32 compute_next_eventid_offset(struct list_head *h, struct its_ite *ite)
2130 struct its_ite *next;
2133 if (list_is_last(&ite->ite_list, h))
2135 next = list_next_entry(ite, ite_list);
2136 next_offset = next->event_id - ite->event_id;
2138 return min_t(u32, next_offset, VITS_ITE_MAX_EVENTID_OFFSET);
2142 * entry_fn_t - Callback called on a table entry restore path
2144 * @id: id of the entry
2145 * @entry: pointer to the entry
2146 * @opaque: pointer to an opaque data
2148 * Return: < 0 on error, 0 if last element was identified, id offset to next
2151 typedef int (*entry_fn_t)(struct vgic_its *its, u32 id, void *entry,
2155 * scan_its_table - Scan a contiguous table in guest RAM and applies a function
2159 * @base: base gpa of the table
2160 * @size: size of the table in bytes
2161 * @esz: entry size in bytes
2162 * @start_id: the ID of the first entry in the table
2163 * (non zero for 2d level tables)
2164 * @fn: function to apply on each entry
2166 * Return: < 0 on error, 0 if last element was identified, 1 otherwise
2167 * (the last element may not be found on second level tables)
2169 static int scan_its_table(struct vgic_its *its, gpa_t base, int size, u32 esz,
2170 int start_id, entry_fn_t fn, void *opaque)
2172 struct kvm *kvm = its->dev->kvm;
2173 unsigned long len = size;
2176 char entry[ESZ_MAX];
2179 memset(entry, 0, esz);
2185 ret = kvm_read_guest_lock(kvm, gpa, entry, esz);
2189 next_offset = fn(its, id, entry, opaque);
2190 if (next_offset <= 0)
2193 byte_offset = next_offset * esz;
2194 if (byte_offset >= len)
2205 * vgic_its_save_ite - Save an interrupt translation entry at @gpa
2207 static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev,
2208 struct its_ite *ite, gpa_t gpa, int ite_esz)
2210 struct kvm *kvm = its->dev->kvm;
2214 next_offset = compute_next_eventid_offset(&dev->itt_head, ite);
2215 val = ((u64)next_offset << KVM_ITS_ITE_NEXT_SHIFT) |
2216 ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) |
2217 ite->collection->collection_id;
2218 val = cpu_to_le64(val);
2219 return vgic_write_guest_lock(kvm, gpa, &val, ite_esz);
2223 * vgic_its_restore_ite - restore an interrupt translation entry
2224 * @event_id: id used for indexing
2225 * @ptr: pointer to the ITE entry
2226 * @opaque: pointer to the its_device
2228 static int vgic_its_restore_ite(struct vgic_its *its, u32 event_id,
2229 void *ptr, void *opaque)
2231 struct its_device *dev = opaque;
2232 struct its_collection *collection;
2233 struct kvm *kvm = its->dev->kvm;
2234 struct kvm_vcpu *vcpu = NULL;
2236 u64 *p = (u64 *)ptr;
2237 struct vgic_irq *irq;
2238 u32 coll_id, lpi_id;
2239 struct its_ite *ite;
2244 val = le64_to_cpu(val);
2246 coll_id = val & KVM_ITS_ITE_ICID_MASK;
2247 lpi_id = (val & KVM_ITS_ITE_PINTID_MASK) >> KVM_ITS_ITE_PINTID_SHIFT;
2250 return 1; /* invalid entry, no choice but to scan next entry */
2252 if (lpi_id < VGIC_MIN_LPI)
2255 offset = val >> KVM_ITS_ITE_NEXT_SHIFT;
2256 if (event_id + offset >= BIT_ULL(dev->num_eventid_bits))
2259 collection = find_collection(its, coll_id);
2263 if (!vgic_its_check_event_id(its, dev, event_id))
2266 ite = vgic_its_alloc_ite(dev, collection, event_id);
2268 return PTR_ERR(ite);
2270 if (its_is_collection_mapped(collection))
2271 vcpu = kvm_get_vcpu_by_id(kvm, collection->target_addr);
2273 irq = vgic_add_lpi(kvm, lpi_id, vcpu);
2275 its_free_ite(kvm, ite);
2276 return PTR_ERR(irq);
2283 static int vgic_its_ite_cmp(void *priv, const struct list_head *a,
2284 const struct list_head *b)
2286 struct its_ite *itea = container_of(a, struct its_ite, ite_list);
2287 struct its_ite *iteb = container_of(b, struct its_ite, ite_list);
2289 if (itea->event_id < iteb->event_id)
2295 static int vgic_its_save_itt(struct vgic_its *its, struct its_device *device)
2297 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2298 gpa_t base = device->itt_addr;
2299 struct its_ite *ite;
2301 int ite_esz = abi->ite_esz;
2303 list_sort(NULL, &device->itt_head, vgic_its_ite_cmp);
2305 list_for_each_entry(ite, &device->itt_head, ite_list) {
2306 gpa_t gpa = base + ite->event_id * ite_esz;
2309 * If an LPI carries the HW bit, this means that this
2310 * interrupt is controlled by GICv4, and we do not
2311 * have direct access to that state without GICv4.1.
2312 * Let's simply fail the save operation...
2314 if (ite->irq->hw && !kvm_vgic_global_state.has_gicv4_1)
2317 ret = vgic_its_save_ite(its, device, ite, gpa, ite_esz);
2325 * vgic_its_restore_itt - restore the ITT of a device
2328 * @dev: device handle
2330 * Return 0 on success, < 0 on error
2332 static int vgic_its_restore_itt(struct vgic_its *its, struct its_device *dev)
2334 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2335 gpa_t base = dev->itt_addr;
2337 int ite_esz = abi->ite_esz;
2338 size_t max_size = BIT_ULL(dev->num_eventid_bits) * ite_esz;
2340 ret = scan_its_table(its, base, max_size, ite_esz, 0,
2341 vgic_its_restore_ite, dev);
2343 /* scan_its_table returns +1 if all ITEs are invalid */
2351 * vgic_its_save_dte - Save a device table entry at a given GPA
2357 static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev,
2358 gpa_t ptr, int dte_esz)
2360 struct kvm *kvm = its->dev->kvm;
2361 u64 val, itt_addr_field;
2364 itt_addr_field = dev->itt_addr >> 8;
2365 next_offset = compute_next_devid_offset(&its->device_list, dev);
2366 val = (1ULL << KVM_ITS_DTE_VALID_SHIFT |
2367 ((u64)next_offset << KVM_ITS_DTE_NEXT_SHIFT) |
2368 (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) |
2369 (dev->num_eventid_bits - 1));
2370 val = cpu_to_le64(val);
2371 return vgic_write_guest_lock(kvm, ptr, &val, dte_esz);
2375 * vgic_its_restore_dte - restore a device table entry
2378 * @id: device id the DTE corresponds to
2379 * @ptr: kernel VA where the 8 byte DTE is located
2382 * Return: < 0 on error, 0 if the dte is the last one, id offset to the
2383 * next dte otherwise
2385 static int vgic_its_restore_dte(struct vgic_its *its, u32 id,
2386 void *ptr, void *opaque)
2388 struct its_device *dev;
2389 u64 baser = its->baser_device_table;
2391 u8 num_eventid_bits;
2392 u64 entry = *(u64 *)ptr;
2397 entry = le64_to_cpu(entry);
2399 valid = entry >> KVM_ITS_DTE_VALID_SHIFT;
2400 num_eventid_bits = (entry & KVM_ITS_DTE_SIZE_MASK) + 1;
2401 itt_addr = ((entry & KVM_ITS_DTE_ITTADDR_MASK)
2402 >> KVM_ITS_DTE_ITTADDR_SHIFT) << 8;
2407 /* dte entry is valid */
2408 offset = (entry & KVM_ITS_DTE_NEXT_MASK) >> KVM_ITS_DTE_NEXT_SHIFT;
2410 if (!vgic_its_check_id(its, baser, id, NULL))
2413 dev = vgic_its_alloc_device(its, id, itt_addr, num_eventid_bits);
2415 return PTR_ERR(dev);
2417 ret = vgic_its_restore_itt(its, dev);
2419 vgic_its_free_device(its->dev->kvm, dev);
2426 static int vgic_its_device_cmp(void *priv, const struct list_head *a,
2427 const struct list_head *b)
2429 struct its_device *deva = container_of(a, struct its_device, dev_list);
2430 struct its_device *devb = container_of(b, struct its_device, dev_list);
2432 if (deva->device_id < devb->device_id)
2439 * vgic_its_save_device_tables - Save the device table and all ITT
2442 * L1/L2 handling is hidden by vgic_its_check_id() helper which directly
2443 * returns the GPA of the device entry
2445 static int vgic_its_save_device_tables(struct vgic_its *its)
2447 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2448 u64 baser = its->baser_device_table;
2449 struct its_device *dev;
2450 int dte_esz = abi->dte_esz;
2452 if (!(baser & GITS_BASER_VALID))
2455 list_sort(NULL, &its->device_list, vgic_its_device_cmp);
2457 list_for_each_entry(dev, &its->device_list, dev_list) {
2461 if (!vgic_its_check_id(its, baser,
2462 dev->device_id, &eaddr))
2465 ret = vgic_its_save_itt(its, dev);
2469 ret = vgic_its_save_dte(its, dev, eaddr, dte_esz);
2477 * handle_l1_dte - callback used for L1 device table entries (2 stage case)
2480 * @id: index of the entry in the L1 table
2484 * L1 table entries are scanned by steps of 1 entry
2485 * Return < 0 if error, 0 if last dte was found when scanning the L2
2486 * table, +1 otherwise (meaning next L1 entry must be scanned)
2488 static int handle_l1_dte(struct vgic_its *its, u32 id, void *addr,
2491 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2492 int l2_start_id = id * (SZ_64K / abi->dte_esz);
2493 u64 entry = *(u64 *)addr;
2494 int dte_esz = abi->dte_esz;
2498 entry = le64_to_cpu(entry);
2500 if (!(entry & KVM_ITS_L1E_VALID_MASK))
2503 gpa = entry & KVM_ITS_L1E_ADDR_MASK;
2505 ret = scan_its_table(its, gpa, SZ_64K, dte_esz,
2506 l2_start_id, vgic_its_restore_dte, NULL);
2512 * vgic_its_restore_device_tables - Restore the device table and all ITT
2513 * from guest RAM to internal data structs
2515 static int vgic_its_restore_device_tables(struct vgic_its *its)
2517 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2518 u64 baser = its->baser_device_table;
2520 int l1_tbl_size = GITS_BASER_NR_PAGES(baser) * SZ_64K;
2523 if (!(baser & GITS_BASER_VALID))
2526 l1_gpa = GITS_BASER_ADDR_48_to_52(baser);
2528 if (baser & GITS_BASER_INDIRECT) {
2529 l1_esz = GITS_LVL1_ENTRY_SIZE;
2530 ret = scan_its_table(its, l1_gpa, l1_tbl_size, l1_esz, 0,
2531 handle_l1_dte, NULL);
2533 l1_esz = abi->dte_esz;
2534 ret = scan_its_table(its, l1_gpa, l1_tbl_size, l1_esz, 0,
2535 vgic_its_restore_dte, NULL);
2538 /* scan_its_table returns +1 if all entries are invalid */
2543 vgic_its_free_device_list(its->dev->kvm, its);
2548 static int vgic_its_save_cte(struct vgic_its *its,
2549 struct its_collection *collection,
2554 val = (1ULL << KVM_ITS_CTE_VALID_SHIFT |
2555 ((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) |
2556 collection->collection_id);
2557 val = cpu_to_le64(val);
2558 return vgic_write_guest_lock(its->dev->kvm, gpa, &val, esz);
2562 * Restore a collection entry into the ITS collection table.
2563 * Return +1 on success, 0 if the entry was invalid (which should be
2564 * interpreted as end-of-table), and a negative error value for generic errors.
2566 static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz)
2568 struct its_collection *collection;
2569 struct kvm *kvm = its->dev->kvm;
2570 u32 target_addr, coll_id;
2574 BUG_ON(esz > sizeof(val));
2575 ret = kvm_read_guest_lock(kvm, gpa, &val, esz);
2578 val = le64_to_cpu(val);
2579 if (!(val & KVM_ITS_CTE_VALID_MASK))
2582 target_addr = (u32)(val >> KVM_ITS_CTE_RDBASE_SHIFT);
2583 coll_id = val & KVM_ITS_CTE_ICID_MASK;
2585 if (target_addr != COLLECTION_NOT_MAPPED &&
2586 !kvm_get_vcpu_by_id(kvm, target_addr))
2589 collection = find_collection(its, coll_id);
2593 if (!vgic_its_check_id(its, its->baser_coll_table, coll_id, NULL))
2596 ret = vgic_its_alloc_collection(its, &collection, coll_id);
2599 collection->target_addr = target_addr;
2604 * vgic_its_save_collection_table - Save the collection table into
2607 static int vgic_its_save_collection_table(struct vgic_its *its)
2609 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2610 u64 baser = its->baser_coll_table;
2611 gpa_t gpa = GITS_BASER_ADDR_48_to_52(baser);
2612 struct its_collection *collection;
2614 size_t max_size, filled = 0;
2615 int ret, cte_esz = abi->cte_esz;
2617 if (!(baser & GITS_BASER_VALID))
2620 max_size = GITS_BASER_NR_PAGES(baser) * SZ_64K;
2622 list_for_each_entry(collection, &its->collection_list, coll_list) {
2623 ret = vgic_its_save_cte(its, collection, gpa, cte_esz);
2630 if (filled == max_size)
2634 * table is not fully filled, add a last dummy element
2635 * with valid bit unset
2638 BUG_ON(cte_esz > sizeof(val));
2639 ret = vgic_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz);
2644 * vgic_its_restore_collection_table - reads the collection table
2645 * in guest memory and restores the ITS internal state. Requires the
2646 * BASER registers to be restored before.
2648 static int vgic_its_restore_collection_table(struct vgic_its *its)
2650 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2651 u64 baser = its->baser_coll_table;
2652 int cte_esz = abi->cte_esz;
2653 size_t max_size, read = 0;
2657 if (!(baser & GITS_BASER_VALID))
2660 gpa = GITS_BASER_ADDR_48_to_52(baser);
2662 max_size = GITS_BASER_NR_PAGES(baser) * SZ_64K;
2664 while (read < max_size) {
2665 ret = vgic_its_restore_cte(its, gpa, cte_esz);
2676 vgic_its_free_collection_list(its->dev->kvm, its);
2682 * vgic_its_save_tables_v0 - Save the ITS tables into guest ARM
2683 * according to v0 ABI
2685 static int vgic_its_save_tables_v0(struct vgic_its *its)
2689 ret = vgic_its_save_device_tables(its);
2693 return vgic_its_save_collection_table(its);
2697 * vgic_its_restore_tables_v0 - Restore the ITS tables from guest RAM
2698 * to internal data structs according to V0 ABI
2701 static int vgic_its_restore_tables_v0(struct vgic_its *its)
2705 ret = vgic_its_restore_collection_table(its);
2709 ret = vgic_its_restore_device_tables(its);
2711 vgic_its_free_collection_list(its->dev->kvm, its);
2715 static int vgic_its_commit_v0(struct vgic_its *its)
2717 const struct vgic_its_abi *abi;
2719 abi = vgic_its_get_abi(its);
2720 its->baser_coll_table &= ~GITS_BASER_ENTRY_SIZE_MASK;
2721 its->baser_device_table &= ~GITS_BASER_ENTRY_SIZE_MASK;
2723 its->baser_coll_table |= (GIC_ENCODE_SZ(abi->cte_esz, 5)
2724 << GITS_BASER_ENTRY_SIZE_SHIFT);
2726 its->baser_device_table |= (GIC_ENCODE_SZ(abi->dte_esz, 5)
2727 << GITS_BASER_ENTRY_SIZE_SHIFT);
2731 static void vgic_its_reset(struct kvm *kvm, struct vgic_its *its)
2733 /* We need to keep the ABI specific field values */
2734 its->baser_coll_table &= ~GITS_BASER_VALID;
2735 its->baser_device_table &= ~GITS_BASER_VALID;
2740 vgic_its_free_device_list(kvm, its);
2741 vgic_its_free_collection_list(kvm, its);
2744 static int vgic_its_has_attr(struct kvm_device *dev,
2745 struct kvm_device_attr *attr)
2747 switch (attr->group) {
2748 case KVM_DEV_ARM_VGIC_GRP_ADDR:
2749 switch (attr->attr) {
2750 case KVM_VGIC_ITS_ADDR_TYPE:
2754 case KVM_DEV_ARM_VGIC_GRP_CTRL:
2755 switch (attr->attr) {
2756 case KVM_DEV_ARM_VGIC_CTRL_INIT:
2758 case KVM_DEV_ARM_ITS_CTRL_RESET:
2760 case KVM_DEV_ARM_ITS_SAVE_TABLES:
2762 case KVM_DEV_ARM_ITS_RESTORE_TABLES:
2766 case KVM_DEV_ARM_VGIC_GRP_ITS_REGS:
2767 return vgic_its_has_attr_regs(dev, attr);
2772 static int vgic_its_ctrl(struct kvm *kvm, struct vgic_its *its, u64 attr)
2774 const struct vgic_its_abi *abi = vgic_its_get_abi(its);
2777 if (attr == KVM_DEV_ARM_VGIC_CTRL_INIT) /* Nothing to do */
2780 mutex_lock(&kvm->lock);
2782 if (!lock_all_vcpus(kvm)) {
2783 mutex_unlock(&kvm->lock);
2787 mutex_lock(&kvm->arch.config_lock);
2788 mutex_lock(&its->its_lock);
2791 case KVM_DEV_ARM_ITS_CTRL_RESET:
2792 vgic_its_reset(kvm, its);
2794 case KVM_DEV_ARM_ITS_SAVE_TABLES:
2795 ret = abi->save_tables(its);
2797 case KVM_DEV_ARM_ITS_RESTORE_TABLES:
2798 ret = abi->restore_tables(its);
2802 mutex_unlock(&its->its_lock);
2803 mutex_unlock(&kvm->arch.config_lock);
2804 unlock_all_vcpus(kvm);
2805 mutex_unlock(&kvm->lock);
2810 * kvm_arch_allow_write_without_running_vcpu - allow writing guest memory
2811 * without the running VCPU when dirty ring is enabled.
2813 * The running VCPU is required to track dirty guest pages when dirty ring
2814 * is enabled. Otherwise, the backup bitmap should be used to track the
2815 * dirty guest pages. When vgic/its tables are being saved, the backup
2816 * bitmap is used to track the dirty guest pages due to the missed running
2817 * VCPU in the period.
2819 bool kvm_arch_allow_write_without_running_vcpu(struct kvm *kvm)
2821 struct vgic_dist *dist = &kvm->arch.vgic;
2823 return dist->table_write_in_progress;
2826 static int vgic_its_set_attr(struct kvm_device *dev,
2827 struct kvm_device_attr *attr)
2829 struct vgic_its *its = dev->private;
2832 switch (attr->group) {
2833 case KVM_DEV_ARM_VGIC_GRP_ADDR: {
2834 u64 __user *uaddr = (u64 __user *)(long)attr->addr;
2835 unsigned long type = (unsigned long)attr->attr;
2838 if (type != KVM_VGIC_ITS_ADDR_TYPE)
2841 if (copy_from_user(&addr, uaddr, sizeof(addr)))
2844 ret = vgic_check_iorange(dev->kvm, its->vgic_its_base,
2845 addr, SZ_64K, KVM_VGIC_V3_ITS_SIZE);
2849 return vgic_register_its_iodev(dev->kvm, its, addr);
2851 case KVM_DEV_ARM_VGIC_GRP_CTRL:
2852 return vgic_its_ctrl(dev->kvm, its, attr->attr);
2853 case KVM_DEV_ARM_VGIC_GRP_ITS_REGS: {
2854 u64 __user *uaddr = (u64 __user *)(long)attr->addr;
2857 if (get_user(reg, uaddr))
2860 return vgic_its_attr_regs_access(dev, attr, ®, true);
2866 static int vgic_its_get_attr(struct kvm_device *dev,
2867 struct kvm_device_attr *attr)
2869 switch (attr->group) {
2870 case KVM_DEV_ARM_VGIC_GRP_ADDR: {
2871 struct vgic_its *its = dev->private;
2872 u64 addr = its->vgic_its_base;
2873 u64 __user *uaddr = (u64 __user *)(long)attr->addr;
2874 unsigned long type = (unsigned long)attr->attr;
2876 if (type != KVM_VGIC_ITS_ADDR_TYPE)
2879 if (copy_to_user(uaddr, &addr, sizeof(addr)))
2883 case KVM_DEV_ARM_VGIC_GRP_ITS_REGS: {
2884 u64 __user *uaddr = (u64 __user *)(long)attr->addr;
2888 ret = vgic_its_attr_regs_access(dev, attr, ®, false);
2891 return put_user(reg, uaddr);
2900 static struct kvm_device_ops kvm_arm_vgic_its_ops = {
2901 .name = "kvm-arm-vgic-its",
2902 .create = vgic_its_create,
2903 .destroy = vgic_its_destroy,
2904 .set_attr = vgic_its_set_attr,
2905 .get_attr = vgic_its_get_attr,
2906 .has_attr = vgic_its_has_attr,
2909 int kvm_vgic_register_its_device(void)
2911 return kvm_register_device_ops(&kvm_arm_vgic_its_ops,
2912 KVM_DEV_TYPE_ARM_VGIC_ITS);
projects / linux-2.6-block.git / blob