GitHub/moto-9609/android_kernel_motorola_exynos9610.git
8 years agotools: Add kvm_stat vm monitor script
Janosch Frank [Wed, 18 May 2016 11:26:21 +0000 (13:26 +0200)]
tools: Add kvm_stat vm monitor script

This tool displays kvm vm exit statistics to ease vm monitoring. It
takes its data from the kvm debugfs files or the vm tracepoints and
outputs them as a curses ui or simple text.

It was moved from qemu, as it is dependent on the kernel whereas qemu
works with a large number of kernel versions, some of which may break
the script.

Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agokvm:vmx: more complete state update on APICv on/off
Roman Kagan [Wed, 18 May 2016 14:48:20 +0000 (17:48 +0300)]
kvm:vmx: more complete state update on APICv on/off

The function to update APICv on/off state (in particular, to deactivate
it when enabling Hyper-V SynIC) is incomplete: it doesn't adjust
APICv-related fields among secondary processor-based VM-execution
controls.  As a result, Windows 2012 guests get stuck when SynIC-based
auto-EOI interrupt intersected with e.g. an IPI in the guest.

In addition, the MSR intercept bitmap isn't updated every time "virtualize
x2APIC mode" is toggled.  This path can only be triggered by a malicious
guest, because Windows didn't use x2APIC but rather their own synthetic
APIC access MSRs; however a guest running in a SynIC-enabled VM could
switch to x2APIC and thus obtain direct access to host APIC MSRs
(CVE-2016-4440).

The patch fixes those omissions.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Reported-by: Steve Rutherford <srutherford@google.com>
Reported-by: Yang Zhang <yang.zhang.wz@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: SVM: Add more SVM_EXIT_REASONS
Jan Kiszka [Mon, 23 May 2016 06:43:31 +0000 (08:43 +0200)]
KVM: SVM: Add more SVM_EXIT_REASONS

Useful when tracing nested setups where the guest may trigger more than
the host usually does. But even some typical host exits were missing.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: Unify traced vector format
Jan Kiszka [Mon, 23 May 2016 06:43:33 +0000 (08:43 +0200)]
KVM: Unify traced vector format

Specifically the change from hex to decimal helps correlating events.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: bitwise vs logical op typo
Dan Carpenter [Mon, 23 May 2016 10:20:10 +0000 (13:20 +0300)]
svm: bitwise vs logical op typo

These were supposed to be a bitwise operation but there is a typo.
The result is mostly harmless, but sparse correctly complains.

Fixes: 44a95dae1d22 ('KVM: x86: Detect and Initialize AVIC support')
Fixes: 18f40c53e10f ('svm: Add VMEXIT handlers for AVIC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMerge tag 'kvm-arm-for-4-7-take2' of git://git.kernel.org/pub/scm/linux/kernel/git...
Paolo Bonzini [Tue, 24 May 2016 10:10:51 +0000 (12:10 +0200)]
Merge tag 'kvm-arm-for-4-7-take2' of git://git./linux/kernel/git/kvmarm/kvmarm into kvm-next

KVM/ARM Changes for v4.7 take 2

"The GIC is dead; Long live the GIC"

This set of changes include the new vgic, which is a reimplementation of
our horribly broken legacy vgic implementation.  The two implementations
will live side-by-side (with the new being the configured default) for
one kernel release and then we'll remove it.

Also fixes a non-critical issue with virtual abort injection to guests.

8 years agoKVM: arm/arm64: vgic-new: Synchronize changes to active state
Christoffer Dall [Fri, 20 May 2016 13:25:28 +0000 (15:25 +0200)]
KVM: arm/arm64: vgic-new: Synchronize changes to active state

When modifying the active state of an interrupt via the MMIO interface,
we should ensure that the write has the intended effect.

If a guest sets an interrupt to active, but that interrupt is already
flushed into a list register on a running VCPU, then that VCPU will
write the active state back into the struct vgic_irq upon returning from
the guest and syncing its state.  This is a non-benign race, because the
guest can observe that an interrupt is not active, and it can have a
reasonable expectations that other VCPUs will not ack any IRQs, and then
set the state to active, and expect it to stay that way.  Currently we
are not honoring this case.

Thefore, change both the SACTIVE and CACTIVE mmio handlers to stop the
world, change the irq state, potentially queue the irq if we're setting
it to active, and then continue.

We take this chance to slightly optimize these functions by not stopping
the world when touching private interrupts where there is inherently no
possible race.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: enable build
Andre Przywara [Wed, 16 Mar 2016 15:06:41 +0000 (15:06 +0000)]
KVM: arm/arm64: vgic-new: enable build

Now that the new VGIC implementation has reached feature parity with
the old one, add the new files to the build system and add a Kconfig
option to switch between the two versions.
We set the default to the new version to get maximum test coverage,
in case people experience problems they can switch back to the old
behaviour if needed.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: implement mapped IRQ handling
Andre Przywara [Tue, 22 Dec 2015 00:52:33 +0000 (00:52 +0000)]
KVM: arm/arm64: vgic-new: implement mapped IRQ handling

We now store the mapped hardware IRQ number in our struct, so we
don't need the irq_phys_map for the new VGIC.
Implement the hardware IRQ mapping on top of the reworked arch
timer interface.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Wire up irqfd injection
Andre Przywara [Fri, 25 Mar 2016 00:04:53 +0000 (00:04 +0000)]
KVM: arm/arm64: vgic-new: Wire up irqfd injection

Connect to the new VGIC to the irqfd framework, so that we can
inject IRQs.
GSI routing and MSI routing is not yet implemented.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add vgic_v2/v3_enable
Eric Auger [Wed, 2 Dec 2015 09:30:13 +0000 (10:30 +0100)]
KVM: arm/arm64: vgic-new: Add vgic_v2/v3_enable

Enable the VGIC operation by properly initialising the registers
in the hypervisor GIC interface.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_init: implement map_resources
Eric Auger [Mon, 21 Dec 2015 14:04:42 +0000 (15:04 +0100)]
KVM: arm/arm64: vgic-new: vgic_init: implement map_resources

map_resources is the last initialization step. It is executed on
first VCPU run. At that stage the code checks that userspace has provided
the base addresses for the relevant VGIC regions, which depend on the
type of VGIC that is exposed to the guest.  Also we check if the two
regions overlap.
If the checks succeeded, we register the respective register frames with
the kvm_io_bus framework.

If we emulate a GICv2, the function also forces vgic_init execution if
it has not been executed yet. Also we map the virtual GIC CPU interface
onto the guest's CPU interface.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_init: implement vgic_init
Eric Auger [Mon, 21 Dec 2015 17:09:38 +0000 (18:09 +0100)]
KVM: arm/arm64: vgic-new: vgic_init: implement vgic_init

This patch allocates and initializes the data structures used
to model the vgic distributor and virtual cpu interfaces. At that
stage the number of IRQs and number of virtual CPUs is frozen.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_init: implement vgic_create
Eric Auger [Mon, 21 Dec 2015 13:50:50 +0000 (14:50 +0100)]
KVM: arm/arm64: vgic-new: vgic_init: implement vgic_create

This patch implements the vgic_creation function which is
called on CREATE_IRQCHIP VM IOCTL (v2 only) or KVM_CREATE_DEVICE

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_init: implement kvm_vgic_hyp_init
Eric Auger [Tue, 1 Dec 2015 14:02:35 +0000 (15:02 +0100)]
KVM: arm/arm64: vgic-new: vgic_init: implement kvm_vgic_hyp_init

Implements kvm_vgic_hyp_init and vgic_probe function.
This uses the new firmware independent VGIC probing to support both ACPI
and DT based systems (code from Marc Zyngier).

The vgic_global struct is enriched with new fields populated
by those functions.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add userland GIC CPU interface access
Andre Przywara [Thu, 3 Dec 2015 11:48:42 +0000 (11:48 +0000)]
KVM: arm/arm64: vgic-new: Add userland GIC CPU interface access

Using the VMCR accessors we provide access to GIC CPU interface state
to userland by wiring it up to the existing userland interface.
[Marc: move and make VMCR accessors static, streamline MMIO handlers]

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICH_VMCR accessors
Andre Przywara [Thu, 3 Dec 2015 11:47:37 +0000 (11:47 +0000)]
KVM: arm/arm64: vgic-new: Add GICH_VMCR accessors

Since the GIC CPU interface is always virtualized by the hardware,
we don't have CPU interface state information readily available in our
emulation if userland wants to save or restore it.
Fortunately the GIC hypervisor interface provides the VMCR register to
access the required virtual CPU interface bits.
Provide wrappers for GICv2 and GICv3 hosts to have access to this
register.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers
Andre Przywara [Tue, 1 Dec 2015 22:36:37 +0000 (22:36 +0000)]
KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers

Userland may want to save and restore the state of the in-kernel VGIC,
so we provide the code which takes a userland request and translate
that into calls to our MMIO framework.

From Christoffer:
When accessing the VGIC state from userspace we really don't want a VCPU
to be messing with the state at the same time, and the API specifies
that we should return -EBUSY if any VCPUs are running.
Check and prevent VCPUs from running by grabbing their mutexes, one by
one, and error out if we fail.
(Note: This could potentially be simplified to just do a simple check
and see if any VCPUs are running, and return -EBUSY then, without
enforcing the locking throughout the duration of the uaccess, if we
think that taking/releasing all these mutexes for every single GIC
register access is too heavyweight.)

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Export register access interface
Christoffer Dall [Sun, 24 Apr 2016 23:11:37 +0000 (01:11 +0200)]
KVM: arm/arm64: vgic-new: Export register access interface

Userland can access the emulated GIC to save and restore its state
for initialization or migration purposes.
The kvm_io_bus API requires an absolute gpa, which does not fit the
KVM_DEV_ARM_VGIC_GRP_DIST_REGS user API, that only provides relative
offsets. So we provide a wrapper to plug into our MMIO framework and
find the respective register handler.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: vgic-new: vgic_kvm_device: access to VGIC registers
Eric Auger [Mon, 21 Dec 2015 16:34:52 +0000 (17:34 +0100)]
KVM: arm/arm64: vgic-new: vgic_kvm_device: access to VGIC registers

This patch implements the switches for KVM_DEV_ARM_VGIC_GRP_DIST_REGS
and KVM_DEV_ARM_VGIC_GRP_CPU_REGS API which allows the userspace to
access VGIC registers.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_kvm_device: KVM_DEV_ARM_VGIC_GRP_ADDR
Eric Auger [Mon, 21 Dec 2015 16:27:39 +0000 (17:27 +0100)]
KVM: arm/arm64: vgic-new: vgic_kvm_device: KVM_DEV_ARM_VGIC_GRP_ADDR

This patch implements the KVM_DEV_ARM_VGIC_GRP_ADDR group which
enables to set the base address of GIC regions as seen by the guest.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_kvm_device: implement kvm_vgic_addr
Eric Auger [Mon, 21 Dec 2015 15:36:04 +0000 (16:36 +0100)]
KVM: arm/arm64: vgic-new: vgic_kvm_device: implement kvm_vgic_addr

kvm_vgic_addr is used by the userspace to set the base address of
the following register regions, as seen by the guest:
- distributor(v2 and v3),
- re-distributors (v3),
- CPU interface (v2).

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_kvm_device: KVM_DEV_ARM_VGIC_GRP_CTRL
Eric Auger [Mon, 21 Dec 2015 16:22:05 +0000 (17:22 +0100)]
KVM: arm/arm64: vgic-new: vgic_kvm_device: KVM_DEV_ARM_VGIC_GRP_CTRL

This patch implements the KVM_DEV_ARM_VGIC_GRP_CTRL group API
featuring KVM_DEV_ARM_VGIC_CTRL_INIT attribute. The vgic_init
function is not yet implemented though.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_kvm_device: KVM_DEV_ARM_VGIC_GRP_NR_IRQS
Eric Auger [Mon, 21 Dec 2015 15:33:22 +0000 (16:33 +0100)]
KVM: arm/arm64: vgic-new: vgic_kvm_device: KVM_DEV_ARM_VGIC_GRP_NR_IRQS

This patch implements the KVM_DEV_ARM_VGIC_GRP_NR_IRQS group. This
modality is supported by both VGIC V2 and V3 KVM device as will be
other groups, hence the introduction of common helpers.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: vgic_kvm_device: KVM device ops registration
Eric Auger [Mon, 30 Nov 2015 13:01:58 +0000 (14:01 +0100)]
KVM: arm/arm64: vgic-new: vgic_kvm_device: KVM device ops registration

This patch introduces the skeleton for the KVM device operations
associated to KVM_DEV_TYPE_ARM_VGIC_V2 and KVM_DEV_TYPE_ARM_VGIC_V3.

At that stage kvm_vgic_create is stubbed.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 SGI system register trap handler
Andre Przywara [Tue, 26 Jan 2016 15:31:15 +0000 (15:31 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 SGI system register trap handler

In contrast to GICv2 SGIs in a GICv3 implementation are not triggered
by a MMIO write, but with a system register write. KVM knows about
that register already, we just need to implement the handler and wire
it up to the core KVM/ARM code.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 IROUTER register handlers
Andre Przywara [Mon, 25 Jan 2016 16:45:37 +0000 (16:45 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 IROUTER register handlers

Since GICv3 supports much more than the 8 CPUs the GICv2 ITARGETSR
register can handle, the new IROUTER register covers the whole range
of possible target (V)CPUs by using the same MPIDR that the cores
report themselves.
In addition to translating this MPIDR into a vcpu pointer we store
the originally written value as well. The architecture allows to
write any values into the register, which must be read back as written.

Since we don't support affinity level 3, we don't need to take care
about the upper word of this 64-bit register, which simplifies the
handling a bit.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 IDREGS register handler
Andre Przywara [Fri, 22 Jan 2016 18:18:52 +0000 (18:18 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 IDREGS register handler

We implement the only one ID register that is required by the
architecture, also this is the one that Linux actually checks.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 redistributor IIDR and TYPER handler
Andre Przywara [Wed, 27 Jan 2016 14:54:46 +0000 (14:54 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 redistributor IIDR and TYPER handler

The redistributor TYPER tells the OS about the associated MPIDR,
also the LAST bit is crucial to determine the number of redistributors.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 CTLR, IIDR, TYPER handlers
Andre Przywara [Wed, 27 Jan 2016 14:54:30 +0000 (14:54 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 CTLR, IIDR, TYPER handlers

As in the GICv2 emulation we handle those three registers in one
function.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 MMIO handling framework
Andre Przywara [Tue, 1 Dec 2015 14:34:34 +0000 (14:34 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 MMIO handling framework

Create a new file called vgic-mmio-v3.c and describe the GICv3
distributor and redistributor registers there.
This adds a special macro to deal with the split of SGI/PPI in the
redistributor and SPIs in the distributor, which allows us to reuse
the existing GICv2 handlers for those registers which are compatible.
Also we provide a function to deal with the registration of the two
separate redistributor frames per VCPU.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add SGIPENDR register handlers
Andre Przywara [Wed, 9 Dec 2015 16:21:37 +0000 (16:21 +0000)]
KVM: arm/arm64: vgic-new: Add SGIPENDR register handlers

As this register is v2 specific, its implementation lives entirely
in vgic-mmio-v2.c.
This register allows setting the source mask of an IPI.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add SGIR register handler
Andre Przywara [Tue, 1 Dec 2015 12:42:05 +0000 (12:42 +0000)]
KVM: arm/arm64: vgic-new: Add SGIR register handler

Triggering an IPI via this register is v2 specific, so the
implementation lives entirely in vgic-mmio-v2.c.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add TARGET registers handlers
Andre Przywara [Tue, 1 Dec 2015 12:41:55 +0000 (12:41 +0000)]
KVM: arm/arm64: vgic-new: Add TARGET registers handlers

The target register handlers are v2 emulation specific, so their
implementation lives entirely in vgic-mmio-v2.c.
We copy the old VGIC behaviour of assigning an IRQ to the first VCPU
set in the target mask instead of making it possibly pending on
multiple VCPUs.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add CONFIG registers handlers
Andre Przywara [Tue, 1 Dec 2015 12:41:31 +0000 (12:41 +0000)]
KVM: arm/arm64: vgic-new: Add CONFIG registers handlers

The config register handlers are shared between the v2 and v3
emulation, so their implementation goes into vgic-mmio.c, to be
easily referenced from the v3 emulation as well later.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: vgic-new: Add PRIORITY registers handlers
Andre Przywara [Tue, 1 Dec 2015 14:34:02 +0000 (14:34 +0000)]
KVM: arm/arm64: vgic-new: Add PRIORITY registers handlers

The priority register handlers are shared between the v2 and v3
emulation, so their implementation goes into vgic-mmio.c, to be
easily referenced from the v3 emulation as well later.
There is a corner case when we change the priority of a pending
interrupt which we don't handle at the moment.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add ACTIVE registers handlers
Andre Przywara [Tue, 1 Dec 2015 12:40:58 +0000 (12:40 +0000)]
KVM: arm/arm64: vgic-new: Add ACTIVE registers handlers

The active register handlers are shared between the v2 and v3
emulation, so their implementation goes into vgic-mmio.c, to be
easily referenced from the v3 emulation as well later.
Since activation/deactivation of an interrupt may happen entirely
in the guest without it ever exiting, we need some extra logic to
properly track the active state.
For clearing the active state, we basically have to halt the guest to
make sure this is properly propagated into the respective VCPUs.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: vgic-new: Add PENDING registers handlers
Andre Przywara [Tue, 1 Dec 2015 14:33:41 +0000 (14:33 +0000)]
KVM: arm/arm64: vgic-new: Add PENDING registers handlers

The pending register handlers are shared between the v2 and v3
emulation, so their implementation goes into vgic-mmio.c, to be easily
referenced from the v3 emulation as well later.
For level triggered interrupts the real line level is unaffected by
this write, so we keep this state separate and combine it with the
device's level to get the actual pending state.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add ENABLE registers handlers
Andre Przywara [Tue, 1 Dec 2015 14:33:05 +0000 (14:33 +0000)]
KVM: arm/arm64: vgic-new: Add ENABLE registers handlers

As the enable register handlers are shared between the v2 and v3
emulation, their implementation goes into vgic-mmio.c, to be easily
referenced from the v3 emulation as well later.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add CTLR, TYPER and IIDR handlers
Marc Zyngier [Tue, 26 Apr 2016 10:06:47 +0000 (11:06 +0100)]
KVM: arm/arm64: vgic-new: Add CTLR, TYPER and IIDR handlers

Those three registers are v2 emulation specific, so their implementation
lives entirely in vgic-mmio-v2.c. Also they are handled in one function,
as their implementation is pretty simple.
When the guest enables the distributor, we kick all VCPUs to get
potentially pending interrupts serviced.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv2 MMIO handling framework
Andre Przywara [Tue, 26 Apr 2016 20:32:49 +0000 (21:32 +0100)]
KVM: arm/arm64: vgic-new: Add GICv2 MMIO handling framework

Create vgic-mmio-v2.c to describe GICv2 emulation specific handlers
using the initializer macros provided by the VGIC MMIO framework.
Provide a function to register the GICv2 distributor registers to
the kvm_io_bus framework.
The actual handler functions are still stubs in this patch.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add MMIO handling framework
Marc Zyngier [Tue, 26 Apr 2016 10:06:12 +0000 (11:06 +0100)]
KVM: arm/arm64: vgic-new: Add MMIO handling framework

Add an MMIO handling framework to the VGIC emulation:
Each register is described by its offset, size (or number of bits per
IRQ, if applicable) and the read/write handler functions. We provide
initialization macros to describe each GIC register later easily.

Separate dispatch functions for read and write accesses are connected
to the kvm_io_bus framework and binary-search for the responsible
register handler based on the offset address within the region.
We convert the incoming data (referenced by a pointer) to the host's
endianess and use pass-by-value to hand the data over to the actual
handler functions.

The register handler prototype and the endianess conversion are
courtesy of Christoffer Dall.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Implement kvm_vgic_vcpu_pending_irq
Eric Auger [Mon, 7 Dec 2015 15:30:38 +0000 (15:30 +0000)]
KVM: arm/arm64: vgic-new: Implement kvm_vgic_vcpu_pending_irq

Tell KVM whether a particular VCPU has an IRQ that needs handling
in the guest. This is used to decide whether a VCPU is runnable.

Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
8 years agoKVM: arm/arm64: vgic-new: Add GICv3 world switch backend
Marc Zyngier [Mon, 30 Nov 2015 13:09:53 +0000 (13:09 +0000)]
KVM: arm/arm64: vgic-new: Add GICv3 world switch backend

As the GICv3 virtual interface registers differ from their GICv2
siblings, we need different handlers for processing maintenance
interrupts and reading/writing to the LRs.
Implement the respective handler functions and connect them to
existing code to be called if the host is using a GICv3.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add GICv2 world switch backend
Marc Zyngier [Thu, 26 Nov 2015 17:19:25 +0000 (17:19 +0000)]
KVM: arm/arm64: vgic-new: Add GICv2 world switch backend

Processing maintenance interrupts and accessing the list registers
are dependent on the host's GIC version.
Introduce vgic-v2.c to contain GICv2 specific functions.
Implement the GICv2 specific code for syncing the emulation state
into the VGIC registers.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add IRQ sync/flush framework
Marc Zyngier [Thu, 26 Nov 2015 17:19:25 +0000 (17:19 +0000)]
KVM: arm/arm64: vgic-new: Add IRQ sync/flush framework

Implement the framework for syncing IRQs between our emulation and
the list registers, which represent the guest's view of IRQs.
This is done in kvm_vgic_flush_hwstate and kvm_vgic_sync_hwstate,
which gets called on guest entry and exit.
The code talking to the actual GICv2/v3 hardware is added in the
following patches.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic-new: Add IRQ sorting
Christoffer Dall [Wed, 25 Nov 2015 18:02:16 +0000 (10:02 -0800)]
KVM: arm/arm64: vgic-new: Add IRQ sorting

Adds the sorting function to cover the case where you have more IRQs
to consider than you have LRs. We now consider priorities.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
8 years agoKVM: arm/arm64: vgic-new: Implement virtual IRQ injection
Christoffer Dall [Wed, 25 Nov 2015 18:02:16 +0000 (10:02 -0800)]
KVM: arm/arm64: vgic-new: Implement virtual IRQ injection

Provide a vgic_queue_irq_unlock() function which decides whether a
given IRQ needs to be queued to a VCPU's ap_list.
This should be called whenever an IRQ becomes pending or enabled,
either as a result of userspace injection, from in-kernel emulated
devices like the architected timer or from MMIO accesses to the
distributor emulation.
Also provides the necessary functions to allow userland to inject an
IRQ to a guest.
Since this is the first code that starts using our locking mechanism, we
add some (hopefully) clear documentation of our locking strategy and
requirements along with this patch.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: vgic-new: Add acccessor to new struct vgic_irq instance
Christoffer Dall [Tue, 24 Nov 2015 15:51:12 +0000 (16:51 +0100)]
KVM: arm/arm64: vgic-new: Add acccessor to new struct vgic_irq instance

The new VGIC implementation centers around a struct vgic_irq instance
per virtual IRQ.
Provide a function to retrieve the right instance for a given IRQ
number and (in case of private interrupts) the right VCPU.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
8 years agoKVM: arm/arm64: vgic-new: Add data structure definitions
Christoffer Dall [Mon, 23 Nov 2015 15:20:05 +0000 (07:20 -0800)]
KVM: arm/arm64: vgic-new: Add data structure definitions

Add a new header file for the new and improved GIC implementation.
The big change is that we now have a struct vgic_irq per IRQ instead
of spreading all the information over various bitmaps.

We include this new header conditionally from within the old header
file for the time being to avoid touching all the users.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
8 years agoKVM: arm/arm64: move GICv2 emulation defines into arm-gic-v3.h
Andre Przywara [Wed, 4 May 2016 13:35:48 +0000 (14:35 +0100)]
KVM: arm/arm64: move GICv2 emulation defines into arm-gic-v3.h

As (some) GICv3 hosts can emulate a GICv2, some GICv2 specific masks
for the list register definition also apply to GICv3 LRs.
At the moment we have those definitions in the KVM VGICv3
implementation, so let's move them into the GICv3 header file to
have them automatically defined.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
8 years agoKVM: arm/arm64: Provide functionality to pause and resume a guest
Christoffer Dall [Wed, 27 Apr 2016 09:28:00 +0000 (10:28 +0100)]
KVM: arm/arm64: Provide functionality to pause and resume a guest

For some rare corner cases in our VGIC emulation later we have to stop
the guest to make sure the VGIC state is consistent.
Provide the necessary framework to pause and resume a guest.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: pmu: abstract access to number of SPIs
Andre Przywara [Mon, 7 Mar 2016 10:32:29 +0000 (17:32 +0700)]
KVM: arm/arm64: pmu: abstract access to number of SPIs

Currently the PMU uses a member of the struct vgic_dist directly,
which not only breaks abstraction, but will fail with the new VGIC.
Abstract this access in the VGIC header file and refactor the validity
check in the PMU code.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: Export mmio_read/write_bus
Christoffer Dall [Sun, 24 Apr 2016 19:41:36 +0000 (21:41 +0200)]
KVM: arm/arm64: Export mmio_read/write_bus

Rename mmio_{read,write}_bus to kvm_mmio_{read,write}_bus and export
them out of mmio.c.
This will be needed later for the new VGIC implementation.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: Fix MMIO emulation data handling
Christoffer Dall [Tue, 29 Mar 2016 12:29:28 +0000 (14:29 +0200)]
KVM: arm/arm64: Fix MMIO emulation data handling

When the kernel was handling a guest MMIO read access internally, we
need to copy the emulation result into the run->mmio structure in order
for the kvm_handle_mmio_return() function to pick it up and inject the
result back into the guest.

Currently the only user of kvm_io_bus for ARM is the VGIC, which did
this copying itself, so this was not causing issues so far.

But with the upcoming new vgic implementation we need this done
properly.

Update the kvm_handle_mmio_return description and cleanup the code to
only perform a single copying when needed.

Code and commit message inspired by Andre Przywara.

Reported-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: Get rid of vgic_cpu->nr_lr
Christoffer Dall [Wed, 6 Apr 2016 12:48:53 +0000 (14:48 +0200)]
KVM: arm/arm64: Get rid of vgic_cpu->nr_lr

The number of list registers is a property of the underlying system, not
of emulated VGIC CPU interface.

As we are about to move this variable to global state in the new vgic
for clarity, move it from the legacy implementation as well to make the
merge of the new code easier.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: Move timer IRQ map to latest possible time
Christoffer Dall [Wed, 18 May 2016 15:26:00 +0000 (16:26 +0100)]
KVM: arm/arm64: Move timer IRQ map to latest possible time

We are about to modify the VGIC to allocate all data structures
dynamically and store mapped IRQ information on a per-IRQ struct, which
is indeed allocated dynamically at init time.

Therefore, we cannot record the mapped IRQ info from the timer at timer
reset time like it's done now, because VCPU reset happens before timer
init.

A possible later time to do this is on the first run of a per VCPU, it
just requires us to move the enable state to be a per-VCPU state and do
the lookup of the physical IRQ number when we are about to run the VCPU.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
8 years agoKVM: arm/arm64: vgic: Remove irq_phys_map from interface
Andre Przywara [Wed, 13 Apr 2016 10:49:07 +0000 (11:49 +0100)]
KVM: arm/arm64: vgic: Remove irq_phys_map from interface

Now that the virtual arch timer does not care about the irq_phys_map
anymore, let's rework kvm_vgic_map_phys_irq() to return an error
value instead. Any reference to that mapping can later be done by
passing the correct combination of VCPU and virtual IRQ number.
This makes the irq_phys_map handling completely private to the
VGIC code.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: arch_timer: Remove irq_phys_map
Andre Przywara [Wed, 13 Apr 2016 10:03:02 +0000 (11:03 +0100)]
KVM: arm/arm64: arch_timer: Remove irq_phys_map

Now that the interface between the arch timer and the VGIC does not
require passing the irq_phys_map entry pointer anymore, let's remove
it from the virtual arch timer and use the virtual IRQ number instead
directly.
The remaining pointer returned by kvm_vgic_map_phys_irq() will be
removed in the following patch.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: Remove the IRQ field from struct irq_phys_map
Christoffer Dall [Sat, 4 Jun 2016 14:41:00 +0000 (15:41 +0100)]
KVM: arm/arm64: Remove the IRQ field from struct irq_phys_map

The communication of a Linux IRQ number from outside the VGIC to the
vgic was a leftover from the day when the vgic code cared about how a
particular device injects virtual interrupts mapped to a physical
interrupt.

We can safely remove this notion, leaving all physical IRQ handling to
be done in the device driver (the arch timer in this case), which makes
room for a saner API for the new VGIC.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
8 years agoKVM: arm/arm64: vgic: avoid map in kvm_vgic_unmap_phys_irq()
Andre Przywara [Wed, 13 Apr 2016 09:04:06 +0000 (10:04 +0100)]
KVM: arm/arm64: vgic: avoid map in kvm_vgic_unmap_phys_irq()

kvm_vgic_unmap_phys_irq() only needs the virtual IRQ number, so let's
just pass that between the arch timer and the VGIC to get rid of
the irq_phys_map pointer.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic: avoid map in kvm_vgic_map_is_active()
Andre Przywara [Wed, 13 Apr 2016 09:03:49 +0000 (10:03 +0100)]
KVM: arm/arm64: vgic: avoid map in kvm_vgic_map_is_active()

For getting the active state of a mapped IRQ, we actually only need
the virtual IRQ number, not the pointer to the mapping entry.
Pass the virtual IRQ number from the arch timer to the VGIC directly.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic: avoid map in kvm_vgic_inject_mapped_irq()
Andre Przywara [Wed, 13 Apr 2016 08:48:02 +0000 (09:48 +0100)]
KVM: arm/arm64: vgic: avoid map in kvm_vgic_inject_mapped_irq()

When we want to inject a hardware mapped IRQ into a guest, we actually
only need the virtual IRQ number from the irq_phys_map.
So let's pass this number directly from the arch timer to the VGIC
to avoid using the map as a parameter.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: arm/arm64: vgic: streamline vgic_update_irq_pending() interface
Andre Przywara [Wed, 13 Apr 2016 08:43:59 +0000 (09:43 +0100)]
KVM: arm/arm64: vgic: streamline vgic_update_irq_pending() interface

We actually don't use the irq_phys_map parameter in
vgic_update_irq_pending(), so let's just remove it.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agokvm: arm64: Fix EC field in inject_abt64
Matt Evans [Mon, 16 May 2016 12:54:56 +0000 (13:54 +0100)]
kvm: arm64: Fix EC field in inject_abt64

The EC field of the constructed ESR is conditionally modified by ORing in
ESR_ELx_EC_DABT_LOW for a data abort.  However, ESR_ELx_EC_SHIFT is missing
from this condition.

Signed-off-by: Matt Evans <matt.evans@arm.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
8 years agoKVM: MTRR: remove MSR 0x2f8
Andy Honig [Tue, 17 May 2016 15:41:47 +0000 (17:41 +0200)]
KVM: MTRR: remove MSR 0x2f8

MSR 0x2f8 accessed the 124th Variable Range MTRR ever since MTRR support
was introduced by 9ba075a664df ("KVM: MTRR support").

0x2f8 became harmful when 910a6aae4e2e ("KVM: MTRR: exactly define the
size of variable MTRRs") shrinked the array of VR MTRRs from 256 to 8,
which made access to index 124 out of bounds.  The surrounding code only
WARNs in this situation, thus the guest gained a limited read/write
access to struct kvm_arch_vcpu.

0x2f8 is not a valid VR MTRR MSR, because KVM has/advertises only 16 VR
MTRR MSRs, 0x200-0x20f.  Every VR MTRR is set up using two MSRs, 0x2f8
was treated as a PHYSBASE and 0x2f9 would be its PHYSMASK, but 0x2f9 was
not implemented in KVM, therefore 0x2f8 could never do anything useful
and getting rid of it is safe.

This fixes CVE-2016-3713.

Fixes: 910a6aae4e2e ("KVM: MTRR: exactly define the size of variable MTRRs")
Cc: stable@vger.kernel.org
Reported-by: David Matlack <dmatlack@google.com>
Signed-off-by: Andy Honig <ahonig@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: make hwapic_isr_update and hwapic_irr_update look the same
Paolo Bonzini [Tue, 10 May 2016 15:01:23 +0000 (17:01 +0200)]
KVM: x86: make hwapic_isr_update and hwapic_irr_update look the same

Neither APICv nor AVIC actually need the first argument of
hwapic_isr_update, but the vCPU makes more sense than passing the
pointer to the whole virtual machine!  In fact in the APICv case it's
just happening that the vCPU is used implicitly, through the loaded VMCS.

The second argument instead is named differently, make it consistent.

Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: Manage vcpu load/unload when enable AVIC
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:52 +0000 (14:09 -0500)]
svm: Manage vcpu load/unload when enable AVIC

When a vcpu is loaded/unloaded to a physical core, we need to update
host physical APIC ID information in the Physical APIC-ID table
accordingly.

Also, when vCPU is blocking/un-blocking (due to halt instruction),
we need to make sure that the is-running bit in set accordingly in the
physical APIC-ID table.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
[Return void from new functions, add WARN_ON when they returned negative
 errno; split load and put into separate function as they have almost
 nothing in common. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: Do not intercept CR8 when enable AVIC
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:51 +0000 (14:09 -0500)]
svm: Do not intercept CR8 when enable AVIC

When enable AVIC:
    * Do not intercept CR8 since this should be handled by AVIC HW.
    * Also, we don't need to sync cr8/V_TPR and APIC backing page.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
[Rename svm_in_nested_interrupt_shadow to svm_nested_virtualize_tpr. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: Do not expose x2APIC when enable AVIC
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:50 +0000 (14:09 -0500)]
svm: Do not expose x2APIC when enable AVIC

Since AVIC only virtualizes xAPIC hardware for the guest, this patch
disable x2APIC support in guest CPUID.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: Introducing kvm_x86_ops.apicv_post_state_restore
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:49 +0000 (14:09 -0500)]
KVM: x86: Introducing kvm_x86_ops.apicv_post_state_restore

Adding kvm_x86_ops hooks to allow APICv to do post state restore.
This is required to support VM save and restore feature.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: Add VMEXIT handlers for AVIC
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:48 +0000 (14:09 -0500)]
svm: Add VMEXIT handlers for AVIC

This patch introduces VMEXIT handlers, avic_incomplete_ipi_interception()
and avic_unaccelerated_access_interception() along with two trace points
(trace_kvm_avic_incomplete_ipi and trace_kvm_avic_unaccelerated_access).

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: Add interrupt injection via AVIC
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:47 +0000 (14:09 -0500)]
svm: Add interrupt injection via AVIC

This patch introduces a new mechanism to inject interrupt using AVIC.
Since VINTR is not supported when enable AVIC, we need to inject
interrupt via APIC backing page instead.

This patch also adds support for AVIC doorbell, which is used by
KVM to signal a running vcpu to check IRR for injected interrupts.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: Detect and Initialize AVIC support
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:46 +0000 (14:09 -0500)]
KVM: x86: Detect and Initialize AVIC support

This patch introduces AVIC-related data structure, and AVIC
initialization code.

There are three main data structures for AVIC:
    * Virtual APIC (vAPIC) backing page (per-VCPU)
    * Physical APIC ID table (per-VM)
    * Logical APIC ID table (per-VM)

Currently, AVIC is disabled by default. Users can manually
enable AVIC via kernel boot option kvm-amd.avic=1 or during
kvm-amd module loading with parameter avic=1.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
[Avoid extra indentation (Boris). - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agosvm: Introduce new AVIC VMCB registers
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:45 +0000 (14:09 -0500)]
svm: Introduce new AVIC VMCB registers

Introduce new AVIC VMCB registers.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: split kvm_vcpu_wake_up from kvm_vcpu_kick
Radim Krčmář [Wed, 4 May 2016 19:09:44 +0000 (14:09 -0500)]
KVM: split kvm_vcpu_wake_up from kvm_vcpu_kick

AVIC has a use for kvm_vcpu_wake_up.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: Introducing kvm_x86_ops VCPU blocking/unblocking hooks
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:43 +0000 (14:09 -0500)]
KVM: x86: Introducing kvm_x86_ops VCPU blocking/unblocking hooks

Adding new function pointer in struct kvm_x86_ops, and calling them
from the kvm_arch_vcpu[blocking/unblocking].

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:42 +0000 (14:09 -0500)]
KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks

Adding function pointers in struct kvm_x86_ops for processor-specific
layer to provide hooks for when KVM initialize and destroy VM.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: Rename kvm_apic_get_reg to kvm_lapic_get_reg
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:41 +0000 (14:09 -0500)]
KVM: x86: Rename kvm_apic_get_reg to kvm_lapic_get_reg

Rename kvm_apic_get_reg to kvm_lapic_get_reg to be consistent with
the existing kvm_lapic_set_reg counterpart.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: x86: Misc LAPIC changes to expose helper functions
Suravee Suthikulpanit [Wed, 4 May 2016 19:09:40 +0000 (14:09 -0500)]
KVM: x86: Misc LAPIC changes to expose helper functions

Exporting LAPIC utility functions and macros for re-use in SVM code.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: shrink halt polling even more for invalid wakeups
Christian Borntraeger [Tue, 17 May 2016 08:49:22 +0000 (10:49 +0200)]
KVM: shrink halt polling even more for invalid wakeups

commit 3491caf2755e ("KVM: halt_polling: provide a way to qualify
 wakeups during poll") added more aggressive shrinking of the
polling interval if the wakeup did not match some criteria. This
still allows to keep polling enabled if the polling time was
smaller that the current max poll time (block_ns <= vcpu->halt_poll_ns).
Performance measurement shows that even more aggressive shrinking
(shrink polling on any invalid wakeup) reduces absolute and relative
(to the workload) CPU usage even further.

Cc: David Matlack <dmatlack@google.com>
Cc: Wanpeng Li <kernellwp@gmail.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: s390: set halt polling to 80 microseconds
Christian Borntraeger [Fri, 13 May 2016 10:16:36 +0000 (12:16 +0200)]
KVM: s390: set halt polling to 80 microseconds

on s390 we disabled the halt polling with commit 920552b213e3
("KVM: disable halt_poll_ns as default for s390x"), as floating
interrupts would let all CPUs have a successful poll, resulting
in much higher CPU usage (on otherwise idle systems).

With the improved selection of polls we can now retry halt polling.
Performance measurements with different choices like 25,50,80,100,200
microseconds showed that 80 microseconds seems to improve several cases
without increasing the CPU costs too much. Higher values would improve
the performance even more but increased the cpu time as well.
So let's start small and use this value of 80 microseconds on s390 until
we have a better understanding of cost/benefit of higher values.

Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: halt_polling: provide a way to qualify wakeups during poll
Christian Borntraeger [Fri, 13 May 2016 10:16:35 +0000 (12:16 +0200)]
KVM: halt_polling: provide a way to qualify wakeups during poll

Some wakeups should not be considered a sucessful poll. For example on
s390 I/O interrupts are usually floating, which means that _ALL_ CPUs
would be considered runnable - letting all vCPUs poll all the time for
transactional like workload, even if one vCPU would be enough.
This can result in huge CPU usage for large guests.
This patch lets architectures provide a way to qualify wakeups if they
should be considered a good/bad wakeups in regard to polls.

For s390 the implementation will fence of halt polling for anything but
known good, single vCPU events. The s390 implementation for floating
interrupts does a wakeup for one vCPU, but the interrupt will be delivered
by whatever CPU checks first for a pending interrupt. We prefer the
woken up CPU by marking the poll of this CPU as "good" poll.
This code will also mark several other wakeup reasons like IPI or
expired timers as "good". This will of course also mark some events as
not sucessful. As  KVM on z runs always as a 2nd level hypervisor,
we prefer to not poll, unless we are really sure, though.

This patch successfully limits the CPU usage for cases like uperf 1byte
transactional ping pong workload or wakeup heavy workload like OLTP
while still providing a proper speedup.

This also introduced a new vcpu stat "halt_poll_no_tuning" that marks
wakeups that are considered not good for polling.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Radim Krčmář <rkrcmar@redhat.com> (for an earlier version)
Cc: David Matlack <dmatlack@google.com>
Cc: Wanpeng Li <kernellwp@gmail.com>
[Rename config symbol. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMerge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus...
Paolo Bonzini [Fri, 13 May 2016 09:48:22 +0000 (11:48 +0200)]
Merge branch 'kvm-ppc-next' of git://git./linux/kernel/git/paulus/powerpc into HEAD

8 years agoKVM: PPC: Book3S HV: Re-enable XICS fast path for irqfd-generated interrupts
Paul Mackerras [Wed, 4 May 2016 11:07:52 +0000 (21:07 +1000)]
KVM: PPC: Book3S HV: Re-enable XICS fast path for irqfd-generated interrupts

Commit c9a5eccac1ab ("kvm/eventfd: add arch-specific set_irq",
2015-10-16) added the possibility for architecture-specific code
to handle the generation of virtual interrupts in atomic context
where possible, without having to schedule a work function.

Since we can easily generate virtual interrupts on XICS without
having to do anything worse than take a spinlock, we define a
kvm_arch_set_irq_inatomic() for XICS.  We also remove kvm_set_msi()
since it is not used any more.

The one slightly tricky thing is that with the new interface, we
don't get told whether the interrupt is an MSI (or other edge
sensitive interrupt) vs. level-sensitive.  The difference as far
as interrupt generation is concerned is that for LSIs we have to
set the asserted flag so it will continue to fire until it is
explicitly cleared.

In fact the XICS code gets told which interrupts are LSIs by userspace
when it configures the interrupt via the KVM_DEV_XICS_GRP_SOURCES
attribute group on the XICS device.  To store this information, we add
a new "lsi" field to struct ics_irq_state.  With that we can also do a
better job of returning accurate values when reading the attribute
group.

Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agokvm: Conditionally register IRQ bypass consumer
Alex Williamson [Thu, 5 May 2016 17:58:35 +0000 (11:58 -0600)]
kvm: Conditionally register IRQ bypass consumer

If we don't support a mechanism for bypassing IRQs, don't register as
a consumer.  This eliminates meaningless dev_info()s when the connect
fails between producer and consumer, such as on AMD systems where
kvm_x86_ops->update_pi_irte is not implemented

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoirqbypass: Disallow NULL token
Alex Williamson [Thu, 5 May 2016 17:58:29 +0000 (11:58 -0600)]
irqbypass: Disallow NULL token

A NULL token is meaningless and can only lead to unintended problems.
Error on registration with a NULL token, ignore de-registrations with
a NULL token.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agokvm: introduce KVM_MAX_VCPU_ID
Greg Kurz [Mon, 9 May 2016 16:13:37 +0000 (18:13 +0200)]
kvm: introduce KVM_MAX_VCPU_ID

The KVM_MAX_VCPUS define provides the maximum number of vCPUs per guest, and
also the upper limit for vCPU ids. This is okay for all archs except PowerPC
which can have higher ids, depending on the cpu/core/thread topology. In the
worst case (single threaded guest, host with 8 threads per core), it limits
the maximum number of vCPUS to KVM_MAX_VCPUS / 8.

This patch separates the vCPU numbering from the total number of vCPUs, with
the introduction of KVM_MAX_VCPU_ID, as the maximal valid value for vCPU ids
plus one.

The corresponding KVM_CAP_MAX_VCPU_ID allows userspace to validate vCPU ids
before passing them to KVM_CREATE_VCPU.

This patch only implements KVM_MAX_VCPU_ID with a specific value for PowerPC.
Other archs continue to return KVM_MAX_VCPUS instead.

Suggested-by: Radim Krcmar <rkrcmar@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoKVM: remove NULL return path for vcpu ids >= KVM_MAX_VCPUS
Greg Kurz [Mon, 9 May 2016 16:11:54 +0000 (18:11 +0200)]
KVM: remove NULL return path for vcpu ids >= KVM_MAX_VCPUS

Commit c896939f7cff ("KVM: use heuristic for fast VCPU lookup by id") added
a return path that prevents vcpu ids to exceed KVM_MAX_VCPUS. This is a
problem for powerpc where vcpu ids can grow up to 8*KVM_MAX_VCPUS.

This patch simply reverses the logic so that we only try fast path if the
vcpu id can be tried as an index in kvm->vcpus[]. The slow path is not
affected by the change.

Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMerge tag 'kvm-arm-for-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm...
Paolo Bonzini [Wed, 11 May 2016 20:37:37 +0000 (22:37 +0200)]
Merge tag 'kvm-arm-for-4.7' of git://git./linux/kernel/git/kvmarm/kvmarm into HEAD

KVM/ARM Changes for Linux v4.7

Reworks our stage 2 page table handling to have page table manipulation
macros separate from those of the host systems as the underlying
hardware page tables can be configured to be noticably different in
layout from the stage 1 page tables used by the host.

Adds 16K page size support based on the above.

Adds a generic firmware probing layer for the timer and GIC so that KVM
initializes using the same logic based on both ACPI and FDT.

Finally adds support for hardware updating of the access flag.

8 years agoKVM: PPC: Book3S HV: Fix build error in book3s_hv.c
Gavin Shan [Wed, 11 May 2016 01:15:55 +0000 (11:15 +1000)]
KVM: PPC: Book3S HV: Fix build error in book3s_hv.c

When CONFIG_KVM_XICS is enabled, CPU_UP_PREPARE and other macros for
CPU states in linux/cpu.h are needed by arch/powerpc/kvm/book3s_hv.c.
Otherwise, build error as below is seen:

   gwshan@gwshan:~/sandbox/l$ make arch/powerpc/kvm/book3s_hv.o
    :
   CC      arch/powerpc/kvm/book3s_hv.o
   arch/powerpc/kvm/book3s_hv.c: In function ‘kvmppc_cpu_notify’:
   arch/powerpc/kvm/book3s_hv.c:3072:7: error: ‘CPU_UP_PREPARE’ \
   undeclared (first use in this function)

This fixes the issue introduced by commit <6f3bb80944> ("KVM: PPC:
Book3S HV: kvmppc_host_rm_ops - handle offlining CPUs").

Fixes: 6f3bb8094414
Cc: stable@vger.kernel.org # v4.6
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agoKVM: PPC: Fix emulated MMIO sign-extension
Paul Mackerras [Thu, 5 May 2016 06:17:10 +0000 (16:17 +1000)]
KVM: PPC: Fix emulated MMIO sign-extension

When the guest does a sign-extending load instruction (such as lha
or lwa) to an emulated MMIO location, it results in a call to
kvmppc_handle_loads() in the host.  That function sets the
vcpu->arch.mmio_sign_extend flag and calls kvmppc_handle_load()
to do the rest of the work.  However, kvmppc_handle_load() sets
the mmio_sign_extend flag to 0 unconditionally, so the sign
extension never gets done.

To fix this, we rename kvmppc_handle_load to __kvmppc_handle_load
and add an explicit parameter to indicate whether sign extension
is required.  kvmppc_handle_load() and kvmppc_handle_loads() then
become 1-line functions that just call __kvmppc_handle_load()
with the extra parameter.

Reported-by: Bin Lu <lblulb@linux.vnet.ibm.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agoKVM: PPC: Fix debug macros
Alexey Kardashevskiy [Fri, 29 Apr 2016 04:57:23 +0000 (14:57 +1000)]
KVM: PPC: Fix debug macros

When XICS_DBG is enabled, gcc produces format errors. This fixes
formats to match passed values types.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agoKVM: PPC: Book3S PR: Manage single-step mode
Laurent Vivier [Fri, 8 Apr 2016 16:05:00 +0000 (18:05 +0200)]
KVM: PPC: Book3S PR: Manage single-step mode

Until now, when we connect gdb to the QEMU gdb-server, the
single-step mode is not managed.

This patch adds this, only for kvm-pr:

If KVM_GUESTDBG_SINGLESTEP is set, we enable single-step trace bit in the
MSR (MSR_SE) just before the __kvmppc_vcpu_run(), and disable it just after.
In kvmppc_handle_exit_pr, instead of routing the interrupt to
the guest, we return to host, with KVM_EXIT_DEBUG reason.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agoMerge tag 'kvm-s390-next-4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git...
Paolo Bonzini [Tue, 10 May 2016 14:37:38 +0000 (16:37 +0200)]
Merge tag 'kvm-s390-next-4.7-2' of git://git./linux/kernel/git/kvms390/linux into HEAD

KVM: s390: features and fixes for 4.7 part2

- Use hardware provided information about facility bits that do not
  need any hypervisor activitiy
- Add missing documentation for KVM_CAP_S390_RI
- Some updates/fixes for handling cpu models and facilities

8 years agoMIPS: KVM: Add missing disable FPU hazard barriers
James Hogan [Fri, 22 Apr 2016 09:38:49 +0000 (10:38 +0100)]
MIPS: KVM: Add missing disable FPU hazard barriers

Add the necessary hazard barriers after disabling the FPU in
kvm_lose_fpu(), just to be safe.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄ\8dmář" <rkrcmar@redhat.com>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMIPS: KVM: Fix preemption warning reading FPU capability
James Hogan [Fri, 22 Apr 2016 09:38:48 +0000 (10:38 +0100)]
MIPS: KVM: Fix preemption warning reading FPU capability

Reading the KVM_CAP_MIPS_FPU capability returns cpu_has_fpu, however
this uses smp_processor_id() to read the current CPU capabilities (since
some old MIPS systems could have FPUs present on only a subset of CPUs).

We don't support any such systems, so work around the warning by using
raw_cpu_has_fpu instead.

We should probably instead claim not to support FPU at all if any one
CPU is lacking an FPU, but this should do for now.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄ\8dmář" <rkrcmar@redhat.com>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMIPS: KVM: Fix preemptable kvm_mips_get_*_asid() calls
James Hogan [Fri, 22 Apr 2016 09:38:47 +0000 (10:38 +0100)]
MIPS: KVM: Fix preemptable kvm_mips_get_*_asid() calls

There are a couple of places in KVM fault handling code which implicitly
use smp_processor_id() via kvm_mips_get_kernel_asid() and
kvm_mips_get_user_asid() from preemptable context. This is unsafe as a
preemption could cause the guest kernel ASID to be changed, resulting in
a host TLB entry being written with the wrong ASID.

Fix by disabling preemption around the kvm_mips_get_*_asid() call and
the corresponding kvm_mips_host_tlb_write().

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄ\8dmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMIPS: KVM: Fix timer IRQ race when writing CP0_Compare
James Hogan [Fri, 22 Apr 2016 09:38:46 +0000 (10:38 +0100)]
MIPS: KVM: Fix timer IRQ race when writing CP0_Compare

Writing CP0_Compare clears the timer interrupt pending bit
(CP0_Cause.TI), but this wasn't being done atomically. If a timer
interrupt raced with the write of the guest CP0_Compare, the timer
interrupt could end up being pending even though the new CP0_Compare is
nowhere near CP0_Count.

We were already updating the hrtimer expiry with
kvm_mips_update_hrtimer(), which used both kvm_mips_freeze_hrtimer() and
kvm_mips_resume_hrtimer(). Close the race window by expanding out
kvm_mips_update_hrtimer(), and clearing CP0_Cause.TI and setting
CP0_Compare between the freeze and resume. Since the pending timer
interrupt should not be cleared when CP0_Compare is written via the KVM
user API, an ack argument is added to distinguish the source of the
write.

Fixes: e30492bbe95a ("MIPS: KVM: Rewrite count/compare timer emulation")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄ\8dmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.16.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMIPS: KVM: Fix timer IRQ race when freezing timer
James Hogan [Fri, 22 Apr 2016 09:38:45 +0000 (10:38 +0100)]
MIPS: KVM: Fix timer IRQ race when freezing timer

There's a particularly narrow and subtle race condition when the
software emulated guest timer is frozen which can allow a guest timer
interrupt to be missed.

This happens due to the hrtimer expiry being inexact, so very
occasionally the freeze time will be after the moment when the emulated
CP0_Count transitions to the same value as CP0_Compare (so an IRQ should
be generated), but before the moment when the hrtimer is due to expire
(so no IRQ is generated). The IRQ won't be generated when the timer is
resumed either, since the resume CP0_Count will already match CP0_Compare.

With VZ guests in particular this is far more likely to happen, since
the soft timer may be frozen frequently in order to restore the timer
state to the hardware guest timer. This happens after 5-10 hours of
guest soak testing, resulting in an overflow in guest kernel timekeeping
calculations, hanging the guest. A more focussed test case to
intentionally hit the race (with the help of a new hypcall to cause the
timer state to migrated between hardware & software) hits the condition
fairly reliably within around 30 seconds.

Instead of relying purely on the inexact hrtimer expiry to determine
whether an IRQ should be generated, read the guest CP0_Compare and
directly check whether the freeze time is before or after it. Only if
CP0_Count is on or after CP0_Compare do we check the hrtimer expiry to
determine whether the last IRQ has already been generated (which will
have pushed back the expiry by one timer period).

Fixes: e30492bbe95a ("MIPS: KVM: Rewrite count/compare timer emulation")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄ\8dmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.16.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>