GitHub/exynos8895/android_kernel_samsung_universal8895.git
9 years agoKVM: move APIC types to arch/x86/
Paolo Bonzini [Wed, 17 Dec 2014 17:17:20 +0000 (18:17 +0100)]
KVM: move APIC types to arch/x86/

They are not used anymore by IA64, move them away.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoMerge tag 'kvm-arm-for-3.19-take2' of git://git.kernel.org/pub/scm/linux/kernel/git...
Paolo Bonzini [Mon, 15 Dec 2014 12:06:40 +0000 (13:06 +0100)]
Merge tag 'kvm-arm-for-3.19-take2' of git://git./linux/kernel/git/kvmarm/kvmarm into HEAD

Second round of changes for KVM for arm/arm64 for v3.19; fixes reboot
problems, clarifies VCPU init, and fixes a regression concerning the
VGIC init flow.

Conflicts:
arch/ia64/kvm/kvm-ia64.c [deleted in HEAD and modified in kvmarm]

9 years agoarm/arm64: KVM: Require in-kernel vgic for the arch timers
Christoffer Dall [Fri, 12 Dec 2014 20:19:23 +0000 (21:19 +0100)]
arm/arm64: KVM: Require in-kernel vgic for the arch timers

It is curently possible to run a VM with architected timers support
without creating an in-kernel VGIC, which will result in interrupts from
the virtual timer going nowhere.

To address this issue, move the architected timers initialization to the
time when we run a VCPU for the first time, and then only initialize
(and enable) the architected timers if we have a properly created and
initialized in-kernel VGIC.

When injecting interrupts from the virtual timer to the vgic, the
current setup should ensure that this never calls an on-demand init of
the VGIC, which is the only call path that could return an error from
kvm_vgic_inject_irq(), so capture the return value and raise a warning
if there's an error there.

We also change the kvm_timer_init() function from returning an int to be
a void function, since the function always succeeds.

Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs
Christoffer Dall [Tue, 9 Dec 2014 13:35:33 +0000 (14:35 +0100)]
arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs

Userspace assumes that it can wire up IRQ injections after having
created all VCPUs and after having created the VGIC, but potentially
before starting the first VCPU.  This can currently lead to lost IRQs
because the state of that IRQ injection is not stored anywhere and we
don't return an error to userspace.

We haven't seen this problem manifest itself yet, presumably because
guests reset the devices on boot, but this could cause issues with
migration and other non-standard startup configurations.

Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized
Christoffer Dall [Tue, 9 Dec 2014 13:33:45 +0000 (14:33 +0100)]
arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized

When the vgic initializes its internal state it does so based on the
number of VCPUs available at the time.  If we allow KVM to create more
VCPUs after the VGIC has been initialized, we are likely to error out in
unfortunate ways later, perform buffer overflows etc.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Add (new) vgic_initialized macro
Christoffer Dall [Tue, 9 Dec 2014 13:30:36 +0000 (14:30 +0100)]
arm/arm64: KVM: Add (new) vgic_initialized macro

Some code paths will need to check to see if the internal state of the
vgic has been initialized (such as when creating new VCPUs), so
introduce such a macro that checks the nr_cpus field which is set when
the vgic has been initialized.

Also set nr_cpus = 0 in kvm_vgic_destroy, because the error path in
vgic_init() will call this function, and code should never errornously
assume the vgic to be properly initialized after an error.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Rename vgic_initialized to vgic_ready
Christoffer Dall [Tue, 9 Dec 2014 13:28:09 +0000 (14:28 +0100)]
arm/arm64: KVM: Rename vgic_initialized to vgic_ready

The vgic_initialized() macro currently returns the state of the
vgic->ready flag, which indicates if the vgic is ready to be used when
running a VM, not specifically if its internal state has been
initialized.

Rename the macro accordingly in preparation for a more nuanced
initialization flow.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: vgic: move reset initialization into vgic_init_maps()
Peter Maydell [Thu, 4 Dec 2014 15:02:24 +0000 (15:02 +0000)]
arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps()

VGIC initialization currently happens in three phases:
 (1) kvm_vgic_create() (triggered by userspace GIC creation)
 (2) vgic_init_maps() (triggered by userspace GIC register read/write
     requests, or from kvm_vgic_init() if not already run)
 (3) kvm_vgic_init() (triggered by first VM run)

We were doing initialization of some state to correspond with the
state of a freshly-reset GIC in kvm_vgic_init(); this is too late,
since it will overwrite changes made by userspace using the
register access APIs before the VM is run. Move this initialization
earlier, into the vgic_init_maps() phase.

This fixes a bug where QEMU could successfully restore a saved
VM state snapshot into a VM that had already been run, but could
not restore it "from cold" using the -loadvm command line option
(the symptoms being that the restored VM would run but interrupts
were ignored).

Finally rename vgic_init_maps to vgic_init and renamed kvm_vgic_init to
kvm_vgic_map_resources.

  [ This patch is originally written by Peter Maydell, but I have
    modified it somewhat heavily, renaming various bits and moving code
    around.  If something is broken, I am to be blamed. - Christoffer ]

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Introduce stage2_unmap_vm
Christoffer Dall [Thu, 27 Nov 2014 09:35:03 +0000 (10:35 +0100)]
arm/arm64: KVM: Introduce stage2_unmap_vm

Introduce a new function to unmap user RAM regions in the stage2 page
tables.  This is needed on reboot (or when the guest turns off the MMU)
to ensure we fault in pages again and make the dcache, RAM, and icache
coherent.

Using unmap_stage2_range for the whole guest physical range does not
work, because that unmaps IO regions (such as the GIC) which will not be
recreated or in the best case faulted in on a page-by-page basis.

Call this function on secondary and subsequent calls to the
KVM_ARM_VCPU_INIT ioctl so that a reset VCPU will detect the guest
Stage-1 MMU is off when faulting in pages and make the caches coherent.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot
Christoffer Dall [Thu, 16 Oct 2014 15:00:18 +0000 (17:00 +0200)]
arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot

When a vcpu calls SYSTEM_OFF or SYSTEM_RESET with PSCI v0.2, the vcpus
should really be turned off for the VM adhering to the suggestions in
the PSCI spec, and it's the sane thing to do.

Also, clarify the behavior and expectations for exits to user space with
the KVM_EXIT_SYSTEM_EVENT case.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Clarify KVM_ARM_VCPU_INIT ABI
Christoffer Dall [Thu, 16 Oct 2014 14:40:53 +0000 (16:40 +0200)]
arm/arm64: KVM: Clarify KVM_ARM_VCPU_INIT ABI

It is not clear that this ioctl can be called multiple times for a given
vcpu.  Userspace already does this, so clarify the ABI.

Also specify that userspace is expected to always make secondary and
subsequent calls to the ioctl with the same parameters for the VCPU as
the initial call (which userspace also already does).

Add code to check that userspace doesn't violate that ABI in the future,
and move the kvm_vcpu_set_target() function which is currently
duplicated between the 32-bit and 64-bit versions in guest.c to a common
static function in arm.c, shared between both architectures.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu
Christoffer Dall [Thu, 16 Oct 2014 15:21:16 +0000 (17:21 +0200)]
arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu

When userspace resets the vcpu using KVM_ARM_VCPU_INIT, we should also
reset the HCR, because we now modify the HCR dynamically to
enable/disable trapping of guest accesses to the VM registers.

This is crucial for reboot of VMs working since otherwise we will not be
doing the necessary cache maintenance operations when faulting in pages
with the guest MMU off.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option
Christoffer Dall [Thu, 16 Oct 2014 14:14:43 +0000 (16:14 +0200)]
arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option

The implementation of KVM_ARM_VCPU_INIT is currently not doing what
userspace expects, namely making sure that a vcpu which may have been
turned off using PSCI is returned to its initial state, which would be
powered on if userspace does not set the KVM_ARM_VCPU_POWER_OFF flag.

Implement the expected functionality and clarify the ABI.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoarm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag
Christoffer Dall [Tue, 2 Dec 2014 14:27:51 +0000 (15:27 +0100)]
arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag

If a VCPU was originally started with power off (typically to be brought
up by PSCI in SMP configurations), there is no need to clear the
POWER_OFF flag in the kernel, as this flag is only tested during the
init ioctl itself.

Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
9 years agoKVM: x86: em_ret_far overrides cpl
Nadav Amit [Thu, 11 Dec 2014 11:27:14 +0000 (12:27 +0100)]
KVM: x86: em_ret_far overrides cpl

commit d50eaa18039b ("KVM: x86: Perform limit checks when assigning EIP")
mistakenly used zero as cpl on em_ret_far. Use the actual one.

Fixes: d50eaa18039b8b848c2285478d0775335ad5e930
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: nVMX: Disable unrestricted mode if ept=0
Bandan Das [Sat, 6 Dec 2014 15:02:16 +0000 (20:32 +0530)]
KVM: nVMX: Disable unrestricted mode if ept=0

If L0 has disabled EPT, don't advertise unrestricted
mode at all since it depends on EPT to run real mode code.

Fixes: 92fbc7b195b824e201d9f06f2b93105f72384d65
Cc: stable@vger.kernel.org
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Emulate should check #UD before #GP
Nadav Amit [Wed, 10 Dec 2014 09:19:04 +0000 (11:19 +0200)]
KVM: x86: Emulate should check #UD before #GP

Intel SDM table 6-2 ("Priority Among Simultaneous Exceptions and Interrupts")
shows that faults from decoding the next instruction got higher priority than
general protection.  Moving the protected-mode check before the CPL check to
avoid wrong exception on vm86 mode.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Do not push eflags.vm on pushf
Nadav Amit [Wed, 10 Dec 2014 09:19:03 +0000 (11:19 +0200)]
KVM: x86: Do not push eflags.vm on pushf

The pushf instruction does not push eflags.VM, so emulation should not do so as
well.  Although eflags.RF should not be pushed as well, it is already cleared
by the time pushf is executed.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Remove prefix flag when GP macro is used
Nadav Amit [Sun, 7 Dec 2014 09:49:42 +0000 (11:49 +0200)]
KVM: x86: Remove prefix flag when GP macro is used

The macro GP already sets the flag Prefix. Remove the redundant flag for
0f_38_f0 and 0f_38_f1 opcodes.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agox86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
Andy Lutomirski [Sat, 6 Dec 2014 03:03:28 +0000 (19:03 -0800)]
x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit

paravirt_enabled has the following effects:

 - Disables the F00F bug workaround warning.  There is no F00F bug
   workaround any more because Linux's standard IDT handling already
   works around the F00F bug, but the warning still exists.  This
   is only cosmetic, and, in any event, there is no such thing as
   KVM on a CPU with the F00F bug.

 - Disables 32-bit APM BIOS detection.  On a KVM paravirt system,
   there should be no APM BIOS anyway.

 - Disables tboot.  I think that the tboot code should check the
   CPUID hypervisor bit directly if it matters.

 - paravirt_enabled disables espfix32.  espfix32 should *not* be
   disabled under KVM paravirt.

The last point is the purpose of this patch.  It fixes a leak of the
high 16 bits of the kernel stack address on 32-bit KVM paravirt
guests.  Fixes CVE-2014-8134.

Cc: stable@vger.kernel.org
Suggested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: cpuid: recompute CPUID 0xD.0:EBX,ECX
Radim Krčmář [Thu, 4 Dec 2014 17:30:41 +0000 (18:30 +0100)]
KVM: cpuid: recompute CPUID 0xD.0:EBX,ECX

We reused host EBX and ECX, but KVM might not support all features;
emulated XSAVE size should be smaller.

EBX depends on unknown XCR0, so we default to ECX.

SDM CPUID (EAX = 0DH, ECX = 0):
 EBX Bits 31-00: Maximum size (bytes, from the beginning of the
     XSAVE/XRSTOR save area) required by enabled features in XCR0. May
     be different than ECX if some features at the end of the XSAVE save
     area are not enabled.

 ECX Bit 31-00: Maximum size (bytes, from the beginning of the
     XSAVE/XRSTOR save area) of the XSAVE/XRSTOR save area required by
     all supported features in the processor, i.e all the valid bit
     fields in XCR0.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Tested-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: vmx: add nested virtualization support for xsaves
Wanpeng Li [Thu, 4 Dec 2014 11:11:07 +0000 (19:11 +0800)]
kvm: vmx: add nested virtualization support for xsaves

Add nested virtualization support for xsaves.

Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: vmx: add MSR logic for XSAVES
Wanpeng Li [Tue, 2 Dec 2014 11:14:59 +0000 (19:14 +0800)]
kvm: vmx: add MSR logic for XSAVES

Add logic to get/set the XSS model-specific register.

Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: handle XSAVES vmcs and vmexit
Wanpeng Li [Tue, 2 Dec 2014 11:14:58 +0000 (19:14 +0800)]
kvm: x86: handle XSAVES vmcs and vmexit

Initialize the XSS exit bitmap.  It is zero so there should be no XSAVES
or XRSTORS exits.

Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: cpuid: mask more bits in leaf 0xd and subleaves
Paolo Bonzini [Thu, 4 Dec 2014 14:11:11 +0000 (15:11 +0100)]
KVM: cpuid: mask more bits in leaf 0xd and subleaves

- EAX=0Dh, ECX=1: output registers EBX/ECX/EDX are reserved.

- EAX=0Dh, ECX>1: output register ECX bit 0 is clear for all the CPUID
leaves we support, because variable "supported" comes from XCR0 and not
XSS.  Bits above 0 are reserved, so ECX is overall zero.  Output register
EDX is reserved.

Source: Intel Architecture Instruction Set Extensions Programming
Reference, ref. number 319433-022

Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Tested-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: cpuid: set CPUID(EAX=0xd,ECX=1).EBX correctly
Paolo Bonzini [Wed, 3 Dec 2014 13:38:01 +0000 (14:38 +0100)]
KVM: cpuid: set CPUID(EAX=0xd,ECX=1).EBX correctly

This is the size of the XSAVES area.  This starts providing guest support
for XSAVES (with no support yet for supervisor states, i.e. XSS == 0
always in guests for now).

Wanpeng Li suggested testing XSAVEC as well as XSAVES, since in practice
no real processor exists that only has one of them, and there is no
other way for userspace programs to compute the area of the XSAVEC
save area.  CPUID(EAX=0xd,ECX=1).EBX provides an upper bound.

Suggested-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Tested-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: Add kvm_x86_ops hook that enables XSAVES for guest
Wanpeng Li [Tue, 2 Dec 2014 11:21:30 +0000 (19:21 +0800)]
kvm: x86: Add kvm_x86_ops hook that enables XSAVES for guest

Expose the XSAVES feature to the guest if the kvm_x86_ops say it is
available.

Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: use F() macro throughout cpuid.c
Paolo Bonzini [Wed, 3 Dec 2014 13:34:47 +0000 (14:34 +0100)]
KVM: x86: use F() macro throughout cpuid.c

For code that deals with cpuid, this makes things a bit more readable.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: support XSAVES usage in the host
Paolo Bonzini [Fri, 21 Nov 2014 18:05:07 +0000 (19:05 +0100)]
KVM: x86: support XSAVES usage in the host

Userspace is expecting non-compacted format for KVM_GET_XSAVE, but
struct xsave_struct might be using the compacted format.  Convert
in order to preserve userspace ABI.

Likewise, userspace is passing non-compacted format for KVM_SET_XSAVE
but the kernel will pass it to XRSTORS, and we need to convert back.

Fixes: f31a9f7c71691569359fa7fb8b0acaa44bce0324
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: stable@vger.kernel.org
Cc: H. Peter Anvin <hpa@linux.intel.com>
Tested-by: Nadav Amit <namit@cs.technion.ac.il>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agox86: export get_xsave_addr
Paolo Bonzini [Mon, 24 Nov 2014 09:57:42 +0000 (10:57 +0100)]
x86: export get_xsave_addr

get_xsave_addr is the API to access XSAVE states, and KVM would
like to use it.  Export it.

Cc: stable@vger.kernel.org
Cc: x86@kernel.org
Cc: H. Peter Anvin <hpa@linux.intel.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoMerge tag 'kvm-s390-next-20141204' of git://git.kernel.org/pub/scm/linux/kernel/git...
Paolo Bonzini [Fri, 5 Dec 2014 12:55:40 +0000 (13:55 +0100)]
Merge tag 'kvm-s390-next-20141204' of git://git./linux/kernel/git/kvms390/linux into HEAD

KVM: s390: Fixups for kvm/next (3.19)

Here we have two fixups of the latest interrupt rework and
one architectural fixup.

9 years agoKVM: s390: clean up return code handling in irq delivery code
Jens Freimann [Mon, 1 Dec 2014 16:05:39 +0000 (17:05 +0100)]
KVM: s390: clean up return code handling in irq delivery code

Instead of returning a possibly random or'ed together value, let's
always return -EFAULT if rc is set.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: use atomic bitops to access pending_irqs bitmap
Jens Freimann [Mon, 1 Dec 2014 15:43:40 +0000 (16:43 +0100)]
KVM: s390: use atomic bitops to access pending_irqs bitmap

Currently we use a mixture of atomic/non-atomic bitops
and the local_int spin lock to protect the pending_irqs bitmap
and interrupt payload data.

We need to use atomic bitops for the pending_irqs bitmap everywhere
and in addition acquire the local_int lock where interrupt data needs
to be protected.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: some ext irqs have to clear the ext cpu addr
David Hildenbrand [Mon, 1 Dec 2014 11:02:44 +0000 (12:02 +0100)]
KVM: s390: some ext irqs have to clear the ext cpu addr

The cpu address of a source cpu (responsible for an external irq) is only to
be stored if bit 6 of the ext irq code is set.

If bit 6 is not set, it is to be zeroed out.

The special external irq code used for virtio and pfault uses the cpu addr as a
parameter field. As bit 6 is set, this implementation is correct.

Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: track pid for VCPU only on KVM_RUN ioctl
Christian Borntraeger [Tue, 5 Aug 2014 14:44:14 +0000 (16:44 +0200)]
KVM: track pid for VCPU only on KVM_RUN ioctl

We currently track the pid of the task that runs the VCPU in vcpu_load.
If a yield to that VCPU is triggered while the PID of the wrong thread
is active, the wrong thread might receive a yield, but this will most
likely not help the executing thread at all.  Instead, if we only track
the pid on the KVM_RUN ioctl, there are two possibilities:

1) the thread that did a non-KVM_RUN ioctl is holding a mutex that
the VCPU thread is waiting for.  In this case, the VCPU thread is not
runnable, but we also do not do a wrong yield.

2) the thread that did a non-KVM_RUN ioctl is sleeping, or doing
something that does not block the VCPU thread.  In this case, the
VCPU thread can receive the directed yield correctly.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Rik van Riel <riel@redhat.com>
CC: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
CC: Michael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: don't check for PF_VCPU when yielding
David Hildenbrand [Tue, 25 Nov 2014 16:04:08 +0000 (17:04 +0100)]
KVM: don't check for PF_VCPU when yielding

kvm_enter_guest() has to be called with preemption disabled and will
set PF_VCPU.  Current code takes PF_VCPU as a hint that the VCPU thread
is running and therefore needs no yield.

However, the check on PF_VCPU is wrong on s390, where preemption has
to stay enabled in order to correctly process page faults.  Thus,
s390 reenables preemption and starts to execute the guest.  The thread
might be scheduled out between kvm_enter_guest() and kvm_exit_guest(),
resulting in PF_VCPU being set but not being run.  When this happens,
the opportunity for directed yield is missed.

However, this check is done already in kvm_vcpu_on_spin before calling
kvm_vcpu_yield_loop:

        if (!ACCESS_ONCE(vcpu->preempted))
                continue;

so the check on PF_VCPU is superfluous in general, and this patch
removes it.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: optimize GFN to memslot lookup with large slots amount
Igor Mammedov [Mon, 1 Dec 2014 17:29:27 +0000 (17:29 +0000)]
kvm: optimize GFN to memslot lookup with large slots amount

Current linear search doesn't scale well when
large amount of memslots is used and looked up slot
is not in the beginning memslots array.
Taking in account that memslots don't overlap, it's
possible to switch sorting order of memslots array from
'npages' to 'base_gfn' and use binary search for
memslot lookup by GFN.

As result of switching to binary search lookup times
are reduced with large amount of memslots.

Following is a table of search_memslot() cycles
during WS2008R2 guest boot.

                         boot,          boot + ~10 min
                         mostly same    of using it,
                         slot lookup    randomized lookup
                max      average        average
                cycles   cycles         cycles

13 slots      : 1450       28           30

13 slots      : 1400       30           40
binary search

117 slots     : 13000      30           460

117 slots     : 2000       35           180
binary search

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: change memslot sorting rule from size to GFN
Igor Mammedov [Mon, 1 Dec 2014 17:29:26 +0000 (17:29 +0000)]
kvm: change memslot sorting rule from size to GFN

it will allow to use binary search for GFN -> memslot
lookups, reducing lookup cost with large slots amount.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: search_memslots: add simple LRU memslot caching
Igor Mammedov [Mon, 1 Dec 2014 17:29:25 +0000 (17:29 +0000)]
kvm: search_memslots: add simple LRU memslot caching

In typical guest boot workload only 2-3 memslots are used
extensively, and at that it's mostly the same memslot
lookup operation.

Adding LRU cache improves average lookup time from
46 to 28 cycles (~40%) for this workload.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: update_memslots: drop not needed check for the same slot
Igor Mammedov [Mon, 1 Dec 2014 17:29:24 +0000 (17:29 +0000)]
kvm: update_memslots: drop not needed check for the same slot

UP/DOWN shift loops will shift array in needed
direction and stop at place where new slot should
be placed regardless of old slot size.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: update_memslots: drop not needed check for the same number of pages
Igor Mammedov [Mon, 1 Dec 2014 17:29:23 +0000 (17:29 +0000)]
kvm: update_memslots: drop not needed check for the same number of pages

if number of pages haven't changed sorting algorithm
will do nothing, so there is no need to do extra check
to avoid entering sorting logic.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: allow 256 logical x2APICs again
Radim Krčmář [Thu, 27 Nov 2014 19:03:13 +0000 (20:03 +0100)]
KVM: x86: allow 256 logical x2APICs again

While fixing an x2apic bug,
 17d68b7 KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
we've made only one cluster available.  This means that the amount of
logically addressible x2APICs was reduced to 16 and VCPUs kept
overwriting themselves in that region, so even the first cluster wasn't
set up correctly.

This patch extends x2APIC support back to the logical_map's limit, and
keeps the CVE fixed as messages for non-present APICs are dropped.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: check bounds of APIC maps
Radim Krčmář [Thu, 27 Nov 2014 22:30:19 +0000 (23:30 +0100)]
KVM: x86: check bounds of APIC maps

They can't be violated now, but play it safe for the future.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: fix APIC physical destination wrapping
Radim Krčmář [Thu, 27 Nov 2014 19:03:12 +0000 (20:03 +0100)]
KVM: x86: fix APIC physical destination wrapping

x2apic allows destinations > 0xff and we don't want them delivered to
lower APICs.  They are correctly handled by doing nothing.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: deliver phys lowest-prio
Radim Krčmář [Thu, 27 Nov 2014 19:03:11 +0000 (20:03 +0100)]
KVM: x86: deliver phys lowest-prio

Physical mode can't address more than one APIC, but lowest-prio is
allowed, so we just reuse our paths.

SDM 10.6.2.1 Physical Destination:
  Also, for any non-broadcast IPI or I/O subsystem initiated interrupt
  with lowest priority delivery mode, software must ensure that APICs
  defined in the interrupt address are present and enabled to receive
  interrupts.

We could warn on top of that.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: don't retry hopeless APIC delivery
Radim Krčmář [Thu, 27 Nov 2014 19:03:14 +0000 (20:03 +0100)]
KVM: x86: don't retry hopeless APIC delivery

False from kvm_irq_delivery_to_apic_fast() means that we don't handle it
in the fast path, but we still return false in cases that were perfectly
handled, fix that.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: use MSR_ICR instead of a number
Radim Krčmář [Wed, 26 Nov 2014 16:07:05 +0000 (17:07 +0100)]
KVM: x86: use MSR_ICR instead of a number

0x830 MSR is 0x300 xAPIC MMIO, which is MSR_ICR.

Signed-off-by: Radim KrÄ\8dmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Fix reserved x2apic registers
Nadav Amit [Wed, 26 Nov 2014 15:56:25 +0000 (17:56 +0200)]
KVM: x86: Fix reserved x2apic registers

x2APIC has no registers for DFR and ICR2 (see Intel SDM 10.12.1.2 "x2APIC
Register Address Space"). KVM needs to cause #GP on such accesses.

Fix it (DFR and ICR2 on read, ICR2 on write, DFR already handled on writes).

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Generate #UD when memory operand is required
Nadav Amit [Wed, 26 Nov 2014 13:47:18 +0000 (15:47 +0200)]
KVM: x86: Generate #UD when memory operand is required

Certain x86 instructions that use modrm operands only allow memory operand
(i.e., mod012), and cause a #UD exception otherwise. KVM ignores this fact.
Currently, the instructions that are such and are emulated by KVM are MOVBE,
MOVNTPS, MOVNTPD and MOVNTI.  MOVBE is the most blunt example, since it may be
emulated by the host regardless of MMIO.

The fix introduces a new group for handling such instructions, marking mod3 as
illegal instruction.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoMerge tag 'kvm-s390-next-20141128' of git://git.kernel.org/pub/scm/linux/kernel/git...
Paolo Bonzini [Wed, 3 Dec 2014 14:20:11 +0000 (15:20 +0100)]
Merge tag 'kvm-s390-next-20141128' of git://git./linux/kernel/git/kvms390/linux into HEAD

KVM: s390: Several fixes,cleanups and reworks

Here is a bunch of fixes that deal mostly with architectural compliance:
- interrupt priorities
- interrupt handling
- intruction exit handling

We also provide a helper function for getting the guest visible storage key.

9 years agoKVM: s390: allow injecting all kinds of machine checks
Jens Freimann [Wed, 13 Aug 2014 08:09:04 +0000 (10:09 +0200)]
KVM: s390: allow injecting all kinds of machine checks

Allow to specify CR14, logout area, external damage code
and failed storage address.

Since more then one machine check can be indicated to the guest at
a time we need to combine all indication bits with already pending
requests.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: handle pending local interrupts via bitmap
Jens Freimann [Tue, 29 Jul 2014 13:11:49 +0000 (15:11 +0200)]
KVM: s390: handle pending local interrupts via bitmap

This patch adapts handling of local interrupts to be more compliant with
the z/Architecture Principles of Operation and introduces a data
structure
which allows more efficient handling of interrupts.

* get rid of li->active flag, use bitmap instead
* Keep interrupts in a bitmap instead of a list
* Deliver interrupts in the order of their priority as defined in the
  PoP
* Use a second bitmap for sigp emergency requests, as a CPU can have
  one request pending from every other CPU in the system.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: add bitmap for handling cpu-local interrupts
Jens Freimann [Mon, 29 Jul 2013 18:54:15 +0000 (20:54 +0200)]
KVM: s390: add bitmap for handling cpu-local interrupts

Adds a bitmap to the vcpu structure which is used to keep track
of local pending interrupts. Also add enum with all interrupt
types sorted in order of priority (highest to lowest)

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: refactor interrupt delivery code
Jens Freimann [Tue, 29 Jul 2014 11:45:21 +0000 (13:45 +0200)]
KVM: s390: refactor interrupt delivery code

Move delivery code for cpu-local interrupt from the huge do_deliver_interrupt()
to smaller functions which handle one type of interrupt.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: add defines for virtio and pfault interrupt code
Jens Freimann [Mon, 10 Nov 2014 16:20:07 +0000 (17:20 +0100)]
KVM: s390: add defines for virtio and pfault interrupt code

Get rid of open coded value for virtio and pfault completion interrupts.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: external param not valid for cpu timer and ckc
David Hildenbrand [Fri, 7 Nov 2014 13:35:55 +0000 (14:35 +0100)]
KVM: s390: external param not valid for cpu timer and ckc

The 32bit external interrupt parameter is only valid for timing-alert and
service-signal interrupts.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: refactor interrupt injection code
Jens Freimann [Mon, 28 Jul 2014 13:37:58 +0000 (15:37 +0200)]
KVM: s390: refactor interrupt injection code

In preparation for the rework of the local interrupt injection code,
factor out injection routines from kvm_s390_inject_vcpu().

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: S390: Create helper function get_guest_storage_key
Jason J. Herne [Tue, 23 Sep 2014 13:18:57 +0000 (09:18 -0400)]
KVM: S390: Create helper function get_guest_storage_key

Define get_guest_storage_key which can be used to get the value of a guest
storage key. This compliments the functionality provided by the helper function
set_guest_storage_key. Both functions are needed for live migration of s390
guests that use storage keys.

Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: trigger the right CPU exit for floating interrupts
Christian Borntraeger [Fri, 21 Nov 2014 08:38:12 +0000 (09:38 +0100)]
KVM: s390: trigger the right CPU exit for floating interrupts

When injecting a floating interrupt and no CPU is idle we
kick one CPU to do an external exit. In case of I/O we
should trigger an I/O exit instead. This does not matter
for Linux guests as external and I/O interrupts are
enabled/disabled at the same time, but play safe anyway.

The same holds true for machine checks. Since there is no
special exit, just reuse the generic stop exit. The injection
code inside the VCPU loop will recheck anyway and rearm the
proper exits (e.g. control registers) if necessary.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
9 years agoKVM: s390: Fix rewinding of the PSW pointing to an EXECUTE instruction
Thomas Huth [Wed, 12 Nov 2014 16:13:29 +0000 (17:13 +0100)]
KVM: s390: Fix rewinding of the PSW pointing to an EXECUTE instruction

A couple of our interception handlers rewind the PSW to the beginning
of the instruction to run the intercepted instruction again during the
next SIE entry. This normally works fine, but there is also the
possibility that the instruction did not get run directly but via an
EXECUTE instruction.
In this case, the PSW does not point to the instruction that caused the
interception, but to the EXECUTE instruction! So we've got to rewind the
PSW to the beginning of the EXECUTE instruction instead.
This is now accomplished with a new helper function kvm_s390_rewind_psw().

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoKVM: s390: Small fixes for the PFMF handler
Thomas Huth [Mon, 10 Nov 2014 14:59:32 +0000 (15:59 +0100)]
KVM: s390: Small fixes for the PFMF handler

This patch includes two small fixes for the PFMF handler: First, the
start address for PFMF has to be masked according to the current
addressing mode, which is now done with kvm_s390_logical_to_effective().
Second, the protection exceptions have a lower priority than the
specification exceptions, so the check for low-address protection
has to be moved after the last spot where we inject a specification
exception.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
9 years agoarm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all
Shannon Zhao [Wed, 19 Nov 2014 10:11:25 +0000 (10:11 +0000)]
arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all

When call kvm_vgic_inject_irq to inject interrupt, we can known which
vcpu the interrupt for by the irq_num and the cpuid. So we should just
kick this vcpu to avoid iterating through all.

Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agoarm/arm64: vgic: Remove unreachable irq_clear_pending
Christoffer Dall [Mon, 24 Nov 2014 09:41:56 +0000 (10:41 +0100)]
arm/arm64: vgic: Remove unreachable irq_clear_pending

When 'injecting' an edge-triggered interrupt with a falling edge we
shouldn't clear the pending state on the distributor.  In fact, we
don't, because the check in vgic_validate_injection would prevent us
from ever reaching this bit of code.

Remove the unreachable snippet.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agoarm/arm64: KVM: avoid unnecessary guest register mangling on MMIO read
Andre Przywara [Thu, 6 Nov 2014 12:11:45 +0000 (12:11 +0000)]
arm/arm64: KVM: avoid unnecessary guest register mangling on MMIO read

Currently we mangle the endianness of the guest's register even on an
MMIO _read_, where it is completely useless, because we will not use
the value of that register.
Rework the io_mem_abort() function to clearly separate between reads
and writes and only do the endianness mangling on MMIO writes.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agoarm, arm64: KVM: handle potential incoherency of readonly memslots
Ard Biesheuvel [Mon, 17 Nov 2014 14:58:53 +0000 (14:58 +0000)]
arm, arm64: KVM: handle potential incoherency of readonly memslots

Readonly memslots are often used to implement emulation of ROMs and
NOR flashes, in which case the guest may legally map these regions as
uncached.
To deal with the incoherency associated with uncached guest mappings,
treat all readonly memslots as incoherent, and ensure that pages that
belong to regions tagged as such are flushed to DRAM before being passed
to the guest.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agoarm, arm64: KVM: allow forced dcache flush on page faults
Laszlo Ersek [Mon, 17 Nov 2014 14:58:52 +0000 (14:58 +0000)]
arm, arm64: KVM: allow forced dcache flush on page faults

To allow handling of incoherent memslots in a subsequent patch, this
patch adds a paramater 'ipa_uncached' to cache_coherent_guest_page()
so that we can instruct it to flush the page's contents to DRAM even
if the guest has caching globally enabled.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agokvm: add a memslot flag for incoherent memory regions
Ard Biesheuvel [Mon, 17 Nov 2014 14:58:51 +0000 (14:58 +0000)]
kvm: add a memslot flag for incoherent memory regions

Memory regions may be incoherent with the caches, typically when the
guest has mapped a host system RAM backed memory region as uncached.
Add a flag KVM_MEMSLOT_INCOHERENT so that we can tag these memslots
and handle them appropriately when mapping them.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agokvm: fix kvm_is_mmio_pfn() and rename to kvm_is_reserved_pfn()
Ard Biesheuvel [Mon, 10 Nov 2014 08:33:56 +0000 (08:33 +0000)]
kvm: fix kvm_is_mmio_pfn() and rename to kvm_is_reserved_pfn()

This reverts commit 85c8555ff0 ("KVM: check for !is_zero_pfn() in
kvm_is_mmio_pfn()") and renames the function to kvm_is_reserved_pfn.

The problem being addressed by the patch above was that some ARM code
based the memory mapping attributes of a pfn on the return value of
kvm_is_mmio_pfn(), whose name indeed suggests that such pfns should
be mapped as device memory.

However, kvm_is_mmio_pfn() doesn't do quite what it says on the tin,
and the existing non-ARM users were already using it in a way which
suggests that its name should probably have been 'kvm_is_reserved_pfn'
from the beginning, e.g., whether or not to call get_page/put_page on
it etc. This means that returning false for the zero page is a mistake
and the patch above should be reverted.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agoarm/arm64: kvm: drop inappropriate use of kvm_is_mmio_pfn()
Ard Biesheuvel [Mon, 10 Nov 2014 08:33:55 +0000 (08:33 +0000)]
arm/arm64: kvm: drop inappropriate use of kvm_is_mmio_pfn()

Instead of using kvm_is_mmio_pfn() to decide whether a host region
should be stage 2 mapped with device attributes, add a new static
function kvm_is_device_pfn() that disregards RAM pages with the
reserved bit set, as those should usually not be mapped as device
memory.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agoKVM: ARM: VGIC: Optimize the vGIC vgic_update_irq_pending function.
wanghaibin [Mon, 17 Nov 2014 09:27:37 +0000 (09:27 +0000)]
KVM: ARM: VGIC: Optimize the vGIC vgic_update_irq_pending function.

When vgic_update_irq_pending with level-sensitive false, it is need to
deactivates an interrupt, and, it can go to out directly.
Here return a false value, because it will be not need to kick.

Signed-off-by: wanghaibin <wanghaibin.wang@huawei.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
9 years agokvm: x86: avoid warning about potential shift wrapping bug
Paolo Bonzini [Mon, 24 Nov 2014 13:35:24 +0000 (14:35 +0100)]
kvm: x86: avoid warning about potential shift wrapping bug

cs.base is declared as a __u64 variable and vector is a u32 so this
causes a static checker warning.  The user indeed can set "sipi_vector"
to any u32 value in kvm_vcpu_ioctl_x86_set_vcpu_events(), but the
value should really have 8-bit precision only.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: move device assignment out of kvm_host.h
Paolo Bonzini [Mon, 24 Nov 2014 14:27:17 +0000 (15:27 +0100)]
KVM: x86: move device assignment out of kvm_host.h

Create a new header, and hide the device assignment functions there.
Move struct kvm_assigned_dev_kernel to assigned-dev.c by modifying
arch/x86/kvm/iommu.c to take a PCI device struct.

Based on a patch by Radim Krcmar <rkrcmark@redhat.com>.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: mask out XSAVES
Paolo Bonzini [Fri, 21 Nov 2014 17:13:26 +0000 (18:13 +0100)]
kvm: x86: mask out XSAVES

This feature is not supported inside KVM guests yet, because we do not emulate
MSR_IA32_XSS.  Mask it out.

Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: move assigned-dev.c and iommu.c to arch/x86/
Radim Krčmář [Fri, 21 Nov 2014 21:21:50 +0000 (22:21 +0100)]
kvm: x86: move assigned-dev.c and iommu.c to arch/x86/

Now that ia64 is gone, we can hide deprecated device assignment in x86.

Notable changes:
 - kvm_vm_ioctl_assigned_device() was moved to x86/kvm_arch_vm_ioctl()

The easy parts were removed from generic kvm code, remaining
 - kvm_iommu_(un)map_pages() would require new code to be moved
 - struct kvm_assigned_dev_kernel depends on struct kvm_irq_ack_notifier

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: remove IA64 ioctls
Radim Krčmář [Thu, 20 Nov 2014 13:43:18 +0000 (14:43 +0100)]
kvm: remove IA64 ioctls

KVM ia64 is no longer present so new applications shouldn't use them.
The main problem is that they most likely didn't work even before,
because of a conflict in the #defines:

  #define KVM_SET_GUEST_DEBUG       _IOW(KVMIO,  0x9b, struct kvm_guest_debug)
  #define KVM_IA64_VCPU_SET_STACK   _IOW(KVMIO,  0x9b, void *)

The argument to KVM_SET_GUEST_DEBUG is:

  struct kvm_guest_debug {
   __u32 control;
   __u32 pad;
   struct kvm_guest_debug_arch arch;
  };

  struct kvm_guest_debug_arch {
  };

meaning that sizeof(struct kvm_guest_debug) == sizeof(void *) == 8
and KVM_SET_GUEST_DEBUG == KVM_IA64_VCPU_SET_STACK.

KVM_SET_GUEST_DEBUG is handled in virt/kvm/kvm_main.c before even calling
kvm_arch_vcpu_ioctl (which would have handled KVM_IA64_VCPU_SET_STACK),
so KVM_IA64_VCPU_SET_STACK would just return -EINVAL.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: remove CONFIG_X86 #ifdefs from files formerly shared with ia64
Radim Krcmar [Fri, 21 Nov 2014 17:06:19 +0000 (18:06 +0100)]
kvm: remove CONFIG_X86 #ifdefs from files formerly shared with ia64

Signed-off-by: Radim Krcmar <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: move ioapic.c and irq_comm.c back to arch/x86/
Paolo Bonzini [Thu, 20 Nov 2014 12:45:31 +0000 (13:45 +0100)]
kvm: x86: move ioapic.c and irq_comm.c back to arch/x86/

ia64 does not need them anymore.  Ack notifiers become x86-specific
too.

Suggested-by: Gleb Natapov <gleb@kernel.org>
Reviewed-by: Radim Krcmar <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: Documentation: remove ia64
Tiejun Chen [Thu, 20 Nov 2014 10:07:18 +0000 (11:07 +0100)]
kvm: Documentation: remove ia64

kvm/ia64 is gone, clean up Documentation too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: ia64: remove
Paolo Bonzini [Wed, 19 Nov 2014 15:22:52 +0000 (16:22 +0100)]
KVM: ia64: remove

KVM for ia64 has been marked as broken not just once, but twice even,
and the last patch from the maintainer is now roughly 5 years old.
Time for it to rest in peace.

Acked-by: Gleb Natapov <gleb@kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Remove FIXMEs in emulate.c
Nicholas Krause [Wed, 19 Nov 2014 12:48:18 +0000 (07:48 -0500)]
KVM: x86: Remove FIXMEs in emulate.c

Remove FIXME comments about needing fault addresses to be returned.  These
are propaagated from walk_addr_generic to gva_to_gpa and from there to
ops->read_std and ops->write_std.

Signed-off-by: Nicholas Krause <xerofoify@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: emulator: remove duplicated limit check
Paolo Bonzini [Wed, 19 Nov 2014 17:33:38 +0000 (18:33 +0100)]
KVM: emulator: remove duplicated limit check

The check on the higher limit of the segment, and the check on the
maximum accessible size, is the same for both expand-up and
expand-down segments.  Only the computation of "lim" varies.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: emulator: remove code duplication in register_address{,_increment}
Paolo Bonzini [Wed, 19 Nov 2014 17:25:08 +0000 (18:25 +0100)]
KVM: emulator: remove code duplication in register_address{,_increment}

register_address has been a duplicate of address_mask ever since the
ancestor of __linearize was born in 90de84f50b42 (KVM: x86 emulator:
preserve an operand's segment identity, 2010-11-17).

However, we can put it to a better use by including the call to reg_read
in register_address.  Similarly, the call to reg_rmw can be moved to
register_address_increment.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Move __linearize masking of la into switch
Nadav Amit [Wed, 19 Nov 2014 15:43:13 +0000 (17:43 +0200)]
KVM: x86: Move __linearize masking of la into switch

In __linearize there is check of the condition whether to check if masking of
the linear address is needed.  It occurs immediately after switch that
evaluates the same condition.  Merge them.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Non-canonical access using SS should cause #SS
Nadav Amit [Wed, 19 Nov 2014 15:43:12 +0000 (17:43 +0200)]
KVM: x86: Non-canonical access using SS should cause #SS

When SS is used using a non-canonical address, an #SS exception is generated on
real hardware.  KVM emulator causes a #GP instead. Fix it to behave as real x86
CPU.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Perform limit checks when assigning EIP
Nadav Amit [Wed, 19 Nov 2014 15:43:11 +0000 (17:43 +0200)]
KVM: x86: Perform limit checks when assigning EIP

If branch (e.g., jmp, ret) causes limit violations, since the target IP >
limit, the #GP exception occurs before the branch.  In other words, the RIP
pushed on the stack should be that of the branch and not that of the target.

To do so, we can call __linearize, with new EIP, which also saves us the code
which performs the canonical address checks. On the case of assigning an EIP >=
2^32 (when switching cs.l), we also safe, as __linearize will check the new EIP
does not exceed the limit and would trigger #GP(0) otherwise.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Emulator performs privilege checks on __linearize
Nadav Amit [Wed, 19 Nov 2014 15:43:10 +0000 (17:43 +0200)]
KVM: x86: Emulator performs privilege checks on __linearize

When segment is accessed, real hardware does not perform any privilege level
checks.  In contrast, KVM emulator does. This causes some discrepencies from
real hardware. For instance, reading from readable code segment may fail due to
incorrect segment checks. In addition, it introduces unnecassary overhead.

To reference Intel SDM 5.5 ("Privilege Levels"): "Privilege levels are checked
when the segment selector of a segment descriptor is loaded into a segment
register." The SDM never mentions privilege level checks during memory access,
except for loading far pointers in section 5.10 ("Pointer Validation"). Those
are actually segment selector loads and are emulated in the similarily (i.e.,
regardless to __linearize checks).

This behavior was also checked using sysexit. A data-segment whose DPL=0 was
loaded, and after sysexit (CPL=3) it is still accessible.

Therefore, all the privilege level checks in __linearize are removed.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Stack size is overridden by __linearize
Nadav Amit [Wed, 19 Nov 2014 15:43:09 +0000 (17:43 +0200)]
KVM: x86: Stack size is overridden by __linearize

When performing segmented-read/write in the emulator for stack operations, it
ignores the stack size, and uses the ad_bytes as indication for the pointer
size. As a result, a wrong address may be accessed.

To fix this behavior, we can remove the masking of address in __linearize and
perform it beforehand.  It is already done for the operands (so currently it is
inefficiently done twice). It is missing in two cases:
1. When using rip_relative
2. On fetch_bit_operand that changes the address.

This patch masks the address on these two occassions, and removes the masking
from __linearize.

Note that it does not mask EIP during fetch. In protected/legacy mode code
fetch when RIP >= 2^32 should result in #GP and not wrap-around. Since we make
limit checks within __linearize, this is the expected behavior.

Partial revert of commit 518547b32ab4 (KVM: x86: Emulator does not
calculate address correctly, 2014-09-30).

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Revert NoBigReal patch in the emulator
Nadav Amit [Wed, 19 Nov 2014 15:43:08 +0000 (17:43 +0200)]
KVM: x86: Revert NoBigReal patch in the emulator

Commit 10e38fc7cab6 ("KVM: x86: Emulator flag for instruction that only support
16-bit addresses in real mode") introduced NoBigReal for instructions such as
MONITOR. Apparetnly, the Intel SDM description that led to this patch is
misleading.  Since no instruction is using NoBigReal, it is safe to remove it,
we fully understand what the SDM means.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: vmx: remove MMIO_MAX_GEN
Tiejun Chen [Tue, 18 Nov 2014 09:14:38 +0000 (17:14 +0800)]
kvm: x86: vmx: remove MMIO_MAX_GEN

MMIO_MAX_GEN is the same as MMIO_GEN_MASK.  Use only one.

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: vmx: cleanup handle_ept_violation
Tiejun Chen [Tue, 18 Nov 2014 09:12:56 +0000 (17:12 +0800)]
kvm: x86: vmx: cleanup handle_ept_violation

Instead, just use PFERR_{FETCH, PRESENT, WRITE}_MASK
inside handle_ept_violation() for slightly better code.

Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Fix lost interrupt on irr_pending race
Nadav Amit [Sun, 16 Nov 2014 21:49:07 +0000 (23:49 +0200)]
KVM: x86: Fix lost interrupt on irr_pending race

apic_find_highest_irr assumes irr_pending is set if any vector in APIC_IRR is
set.  If this assumption is broken and apicv is disabled, the injection of
interrupts may be deferred until another interrupt is delivered to the guest.
Ultimately, if no other interrupt should be injected to that vCPU, the pending
interrupt may be lost.

commit 56cc2406d68c ("KVM: nVMX: fix "acknowledge interrupt on exit" when APICv
is in use") changed the behavior of apic_clear_irr so irr_pending is cleared
after setting APIC_IRR vector. After this commit, if apic_set_irr and
apic_clear_irr run simultaneously, a race may occur, resulting in APIC_IRR
vector set, and irr_pending cleared. In the following example, assume a single
vector is set in IRR prior to calling apic_clear_irr:

apic_set_irr apic_clear_irr
------------ --------------
apic->irr_pending = true;
apic_clear_vector(...);
vec = apic_search_irr(apic);
// => vec == -1
apic_set_vector(...);
apic->irr_pending = (vec != -1);
// => apic->irr_pending == false

Nonetheless, it appears the race might even occur prior to this commit:

apic_set_irr apic_clear_irr
------------ --------------
apic->irr_pending = true;
apic->irr_pending = false;
apic_clear_vector(...);
if (apic_search_irr(apic) != -1)
apic->irr_pending = true;
// => apic->irr_pending == false
apic_set_vector(...);

Fixing this issue by:
1. Restoring the previous behavior of apic_clear_irr: clear irr_pending, call
   apic_clear_vector, and then if APIC_IRR is non-zero, set irr_pending.
2. On apic_set_irr: first call apic_set_vector, then set irr_pending.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: compute correct map even if all APICs are software disabled
Paolo Bonzini [Thu, 6 Nov 2014 09:51:45 +0000 (10:51 +0100)]
KVM: compute correct map even if all APICs are software disabled

Logical destination mode can be used to send NMI IPIs even when all
APICs are software disabled, so if all APICs are software disabled we
should still look at the DFRs.

So the DFRs should all be the same, even if some or all APICs are
software disabled.  However, the SDM does not say this, so tweak
the logic as follows:

- if one APIC is enabled and has LDR != 0, use that one to build the map.
This picks the right DFR in case an OS is only setting it for the
software-enabled APICs, or in case an OS is using logical addressing
on some APICs while leaving the rest in reset state (using LDR was
suggested by Radim).

- if all APICs are disabled, pick a random one to build the map.
We use the last one with LDR != 0 for simplicity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoKVM: x86: Software disabled APIC should still deliver NMIs
Nadav Amit [Sun, 2 Nov 2014 09:54:54 +0000 (11:54 +0200)]
KVM: x86: Software disabled APIC should still deliver NMIs

Currently, the APIC logical map does not consider VCPUs whose local-apic is
software-disabled.  However, NMIs, INIT, etc. should still be delivered to such
VCPUs. Therefore, the APIC mode should first be determined, and then the map,
considering all VCPUs should be constructed.

To address this issue, first find the APIC mode, and only then construct the
logical map.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: simplify update_memslots invocation
Paolo Bonzini [Fri, 14 Nov 2014 09:55:31 +0000 (10:55 +0100)]
kvm: simplify update_memslots invocation

The update_memslots invocation is only needed in one case.  Make
the code clearer by moving it to __kvm_set_memory_region, and
removing the wrapper around insert_memslot.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: commonize allocation of the new memory slots
Paolo Bonzini [Fri, 14 Nov 2014 09:46:45 +0000 (10:46 +0100)]
kvm: commonize allocation of the new memory slots

The two kmemdup invocations can be unified.  I find that the new
placement of the comment makes it easier to see what happens.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: memslots: track id_to_index changes during the insertion sort
Paolo Bonzini [Fri, 14 Nov 2014 09:22:07 +0000 (10:22 +0100)]
kvm: memslots: track id_to_index changes during the insertion sort

This completes the optimization from the previous patch, by
removing the KVM_MEM_SLOTS_NUM-iteration loop from insert_memslot.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: memslots: replace heap sort with an insertion sort pass
Igor Mammedov [Thu, 13 Nov 2014 23:00:13 +0000 (23:00 +0000)]
kvm: memslots: replace heap sort with an insertion sort pass

memslots is a sorted array.  When a slot is changed, heapsort (lib/sort.c)
would take O(n log n) time to update it; an optimized insertion sort will
only cost O(n) on an array with just one item out of order.

Replace sort() with a custom sort that takes advantage of memslots usage
pattern and the known position of the changed slot.

performance change of 128 memslots insertions with gradually increasing
size (the worst case):

      heap sort   custom sort
max:  249747      2500 cycles

with custom sort alg taking ~98% less then original
update time.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: x86: increase user memory slots to 509
Igor Mammedov [Thu, 6 Nov 2014 15:52:47 +0000 (15:52 +0000)]
kvm: x86: increase user memory slots to 509

With the 3 private slots, this gives us 512 slots total.
Motivation for this is in addition to assigned devices
support more memory hotplug slots, where 1 slot is
used by a hotplugged memory stick.
It will allow to support upto 256 hotplug memory
slots and leave 253 slots for assigned devices and
other devices that use them.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agokvm: svm: move WARN_ON in svm_adjust_tsc_offset
Chris J Arges [Thu, 13 Nov 2014 03:00:39 +0000 (21:00 -0600)]
kvm: svm: move WARN_ON in svm_adjust_tsc_offset

When running the tsc_adjust kvm-unit-test on an AMD processor with the
IA32_TSC_ADJUST feature enabled, the WARN_ON in svm_adjust_tsc_offset can be
triggered. This WARN_ON checks for a negative adjustment in case __scale_tsc
is called; however it may trigger unnecessary warnings.

This patch moves the WARN_ON to trigger only if __scale_tsc will actually be
called from svm_adjust_tsc_offset. In addition make adj in kvm_set_msr_common
s64 since this can have signed values.

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agox86, kvm, vmx: Don't set LOAD_IA32_EFER when host and guest match
Andy Lutomirski [Mon, 10 Nov 2014 19:19:15 +0000 (11:19 -0800)]
x86, kvm, vmx: Don't set LOAD_IA32_EFER when host and guest match

There's nothing to switch if the host and guest values are the same.
I am unable to find evidence that this makes any difference
whatsoever.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
[I could see a difference on Nehalem.  From 5 runs:

 userspace exit, guest!=host   12200 11772 12130 12164 12327
 userspace exit, guest=host    11983 11780 11920 11919 12040
 lightweight exit, guest!=host  3214  3220  3238  3218  3337
 lightweight exit, guest=host   3178  3193  3193  3187  3220

 This passes the t-test with 99% confidence for userspace exit,
 98.5% confidence for lightweight exit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>