1 // SPDX-License-Identifier: GPL-2.0
2
3 #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
4 #include <linux/memblock.h>
5 #endif
6 #include <linux/cpu.h>
7 #include <linux/kexec.h>
8 #include <linux/slab.h>
9
10 #include <xen/xen.h>
11 #include <xen/features.h>
12 #include <xen/page.h>
13
14 #include <asm/xen/hypercall.h>
15 #include <asm/xen/hypervisor.h>
16 #include <asm/cpu.h>
17 #include <asm/e820/api.h>
18
19 #include "xen-ops.h"
20 #include "smp.h"
21 #include "pmu.h"
22
23 EXPORT_SYMBOL_GPL(hypercall_page);
24
25 /*
26 * Pointer to the xen_vcpu_info structure or
27 * &HYPERVISOR_shared_info->vcpu_info[cpu]. See xen_hvm_init_shared_info
28 * and xen_vcpu_setup for details. By default it points to share_info->vcpu_info
29 * but if the hypervisor supports VCPUOP_register_vcpu_info then it can point
30 * to xen_vcpu_info. The pointer is used in __xen_evtchn_do_upcall to
31 * acknowledge pending events.
32 * Also more subtly it is used by the patched version of irq enable/disable
33 * e.g. xen_irq_enable_direct and xen_iret in PV mode.
34 *
35 * The desire to be able to do those mask/unmask operations as a single
36 * instruction by using the per-cpu offset held in %gs is the real reason
37 * vcpu info is in a per-cpu pointer and the original reason for this
38 * hypercall.
39 *
40 */
41 DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu);
42
43 /*
44 * Per CPU pages used if hypervisor supports VCPUOP_register_vcpu_info
45 * hypercall. This can be used both in PV and PVHVM mode. The structure
46 * overrides the default per_cpu(xen_vcpu, cpu) value.
47 */
48 DEFINE_PER_CPU(struct vcpu_info, xen_vcpu_info);
49
50 /* Linux <-> Xen vCPU id mapping */
51 DEFINE_PER_CPU(uint32_t, xen_vcpu_id);
52 EXPORT_PER_CPU_SYMBOL(xen_vcpu_id);
53
54 enum xen_domain_type xen_domain_type = XEN_NATIVE;
55 EXPORT_SYMBOL_GPL(xen_domain_type);
56
57 unsigned long *machine_to_phys_mapping = (void *)MACH2PHYS_VIRT_START;
58 EXPORT_SYMBOL(machine_to_phys_mapping);
59 unsigned long machine_to_phys_nr;
60 EXPORT_SYMBOL(machine_to_phys_nr);
61
62 struct start_info *xen_start_info;
63 EXPORT_SYMBOL_GPL(xen_start_info);
64
65 struct shared_info xen_dummy_shared_info;
66
67 __read_mostly int xen_have_vector_callback;
68 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
69
70 /*
71 * NB: needs to live in .data because it's used by xen_prepare_pvh which runs
72 * before clearing the bss.
73 */
74 uint32_t xen_start_flags __section(".data") = 0;
75 EXPORT_SYMBOL(xen_start_flags);
76
77 /*
78 * Point at some empty memory to start with. We map the real shared_info
79 * page as soon as fixmap is up and running.
80 */
81 struct shared_info *HYPERVISOR_shared_info = &xen_dummy_shared_info;
82
83 /*
84 * Flag to determine whether vcpu info placement is available on all
85 * VCPUs. We assume it is to start with, and then set it to zero on
86 * the first failure. This is because it can succeed on some VCPUs
87 * and not others, since it can involve hypervisor memory allocation,
88 * or because the guest failed to guarantee all the appropriate
89 * constraints on all VCPUs (ie buffer can't cross a page boundary).
90 *
91 * Note that any particular CPU may be using a placed vcpu structure,
92 * but we can only optimise if the all are.
93 *
94 * 0: not available, 1: available
95 */
96 int xen_have_vcpu_info_placement = 1;
97
xen_cpu_up_online(unsigned int cpu)98 static int xen_cpu_up_online(unsigned int cpu)
99 {
100 xen_init_lock_cpu(cpu);
101 return 0;
102 }
103
xen_cpuhp_setup(int (* cpu_up_prepare_cb)(unsigned int),int (* cpu_dead_cb)(unsigned int))104 int xen_cpuhp_setup(int (*cpu_up_prepare_cb)(unsigned int),
105 int (*cpu_dead_cb)(unsigned int))
106 {
107 int rc;
108
109 rc = cpuhp_setup_state_nocalls(CPUHP_XEN_PREPARE,
110 "x86/xen/guest:prepare",
111 cpu_up_prepare_cb, cpu_dead_cb);
112 if (rc >= 0) {
113 rc = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN,
114 "x86/xen/guest:online",
115 xen_cpu_up_online, NULL);
116 if (rc < 0)
117 cpuhp_remove_state_nocalls(CPUHP_XEN_PREPARE);
118 }
119
120 return rc >= 0 ? 0 : rc;
121 }
122
xen_vcpu_setup_restore(int cpu)123 static int xen_vcpu_setup_restore(int cpu)
124 {
125 int rc = 0;
126
127 /* Any per_cpu(xen_vcpu) is stale, so reset it */
128 xen_vcpu_info_reset(cpu);
129
130 /*
131 * For PVH and PVHVM, setup online VCPUs only. The rest will
132 * be handled by hotplug.
133 */
134 if (xen_pv_domain() ||
135 (xen_hvm_domain() && cpu_online(cpu))) {
136 rc = xen_vcpu_setup(cpu);
137 }
138
139 return rc;
140 }
141
142 /*
143 * On restore, set the vcpu placement up again.
144 * If it fails, then we're in a bad state, since
145 * we can't back out from using it...
146 */
xen_vcpu_restore(void)147 void xen_vcpu_restore(void)
148 {
149 int cpu, rc;
150
151 for_each_possible_cpu(cpu) {
152 bool other_cpu = (cpu != smp_processor_id());
153 bool is_up;
154
155 if (xen_vcpu_nr(cpu) == XEN_VCPU_ID_INVALID)
156 continue;
157
158 /* Only Xen 4.5 and higher support this. */
159 is_up = HYPERVISOR_vcpu_op(VCPUOP_is_up,
160 xen_vcpu_nr(cpu), NULL) > 0;
161
162 if (other_cpu && is_up &&
163 HYPERVISOR_vcpu_op(VCPUOP_down, xen_vcpu_nr(cpu), NULL))
164 BUG();
165
166 if (xen_pv_domain() || xen_feature(XENFEAT_hvm_safe_pvclock))
167 xen_setup_runstate_info(cpu);
168
169 rc = xen_vcpu_setup_restore(cpu);
170 if (rc)
171 pr_emerg_once("vcpu restore failed for cpu=%d err=%d. "
172 "System will hang.\n", cpu, rc);
173 /*
174 * In case xen_vcpu_setup_restore() fails, do not bring up the
175 * VCPU. This helps us avoid the resulting OOPS when the VCPU
176 * accesses pvclock_vcpu_time via xen_vcpu (which is NULL.)
177 * Note that this does not improve the situation much -- now the
178 * VM hangs instead of OOPSing -- with the VCPUs that did not
179 * fail, spinning in stop_machine(), waiting for the failed
180 * VCPUs to come up.
181 */
182 if (other_cpu && is_up && (rc == 0) &&
183 HYPERVISOR_vcpu_op(VCPUOP_up, xen_vcpu_nr(cpu), NULL))
184 BUG();
185 }
186 }
187
xen_vcpu_info_reset(int cpu)188 void xen_vcpu_info_reset(int cpu)
189 {
190 if (xen_vcpu_nr(cpu) < MAX_VIRT_CPUS) {
191 per_cpu(xen_vcpu, cpu) =
192 &HYPERVISOR_shared_info->vcpu_info[xen_vcpu_nr(cpu)];
193 } else {
194 /* Set to NULL so that if somebody accesses it we get an OOPS */
195 per_cpu(xen_vcpu, cpu) = NULL;
196 }
197 }
198
xen_vcpu_setup(int cpu)199 int xen_vcpu_setup(int cpu)
200 {
201 struct vcpu_register_vcpu_info info;
202 int err;
203 struct vcpu_info *vcpup;
204
205 BUG_ON(HYPERVISOR_shared_info == &xen_dummy_shared_info);
206
207 /*
208 * This path is called on PVHVM at bootup (xen_hvm_smp_prepare_boot_cpu)
209 * and at restore (xen_vcpu_restore). Also called for hotplugged
210 * VCPUs (cpu_init -> xen_hvm_cpu_prepare_hvm).
211 * However, the hypercall can only be done once (see below) so if a VCPU
212 * is offlined and comes back online then let's not redo the hypercall.
213 *
214 * For PV it is called during restore (xen_vcpu_restore) and bootup
215 * (xen_setup_vcpu_info_placement). The hotplug mechanism does not
216 * use this function.
217 */
218 if (xen_hvm_domain()) {
219 if (per_cpu(xen_vcpu, cpu) == &per_cpu(xen_vcpu_info, cpu))
220 return 0;
221 }
222
223 if (xen_have_vcpu_info_placement) {
224 vcpup = &per_cpu(xen_vcpu_info, cpu);
225 info.mfn = arbitrary_virt_to_mfn(vcpup);
226 info.offset = offset_in_page(vcpup);
227
228 /*
229 * Check to see if the hypervisor will put the vcpu_info
230 * structure where we want it, which allows direct access via
231 * a percpu-variable.
232 * N.B. This hypercall can _only_ be called once per CPU.
233 * Subsequent calls will error out with -EINVAL. This is due to
234 * the fact that hypervisor has no unregister variant and this
235 * hypercall does not allow to over-write info.mfn and
236 * info.offset.
237 */
238 err = HYPERVISOR_vcpu_op(VCPUOP_register_vcpu_info,
239 xen_vcpu_nr(cpu), &info);
240
241 if (err) {
242 pr_warn_once("register_vcpu_info failed: cpu=%d err=%d\n",
243 cpu, err);
244 xen_have_vcpu_info_placement = 0;
245 } else {
246 /*
247 * This cpu is using the registered vcpu info, even if
248 * later ones fail to.
249 */
250 per_cpu(xen_vcpu, cpu) = vcpup;
251 }
252 }
253
254 if (!xen_have_vcpu_info_placement)
255 xen_vcpu_info_reset(cpu);
256
257 return ((per_cpu(xen_vcpu, cpu) == NULL) ? -ENODEV : 0);
258 }
259
xen_reboot(int reason)260 void xen_reboot(int reason)
261 {
262 struct sched_shutdown r = { .reason = reason };
263 int cpu;
264
265 for_each_online_cpu(cpu)
266 xen_pmu_finish(cpu);
267
268 if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
269 BUG();
270 }
271
272 static int reboot_reason = SHUTDOWN_reboot;
273 static bool xen_legacy_crash;
xen_emergency_restart(void)274 void xen_emergency_restart(void)
275 {
276 xen_reboot(reboot_reason);
277 }
278
279 static int
xen_panic_event(struct notifier_block * this,unsigned long event,void * ptr)280 xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr)
281 {
282 if (!kexec_crash_loaded()) {
283 if (xen_legacy_crash)
284 xen_reboot(SHUTDOWN_crash);
285
286 reboot_reason = SHUTDOWN_crash;
287
288 /*
289 * If panic_timeout==0 then we are supposed to wait forever.
290 * However, to preserve original dom0 behavior we have to drop
291 * into hypervisor. (domU behavior is controlled by its
292 * config file)
293 */
294 if (panic_timeout == 0)
295 panic_timeout = -1;
296 }
297 return NOTIFY_DONE;
298 }
299
parse_xen_legacy_crash(char * arg)300 static int __init parse_xen_legacy_crash(char *arg)
301 {
302 xen_legacy_crash = true;
303 return 0;
304 }
305 early_param("xen_legacy_crash", parse_xen_legacy_crash);
306
307 static struct notifier_block xen_panic_block = {
308 .notifier_call = xen_panic_event,
309 .priority = INT_MIN
310 };
311
xen_panic_handler_init(void)312 int xen_panic_handler_init(void)
313 {
314 atomic_notifier_chain_register(&panic_notifier_list, &xen_panic_block);
315 return 0;
316 }
317
xen_pin_vcpu(int cpu)318 void xen_pin_vcpu(int cpu)
319 {
320 static bool disable_pinning;
321 struct sched_pin_override pin_override;
322 int ret;
323
324 if (disable_pinning)
325 return;
326
327 pin_override.pcpu = cpu;
328 ret = HYPERVISOR_sched_op(SCHEDOP_pin_override, &pin_override);
329
330 /* Ignore errors when removing override. */
331 if (cpu < 0)
332 return;
333
334 switch (ret) {
335 case -ENOSYS:
336 pr_warn("Unable to pin on physical cpu %d. In case of problems consider vcpu pinning.\n",
337 cpu);
338 disable_pinning = true;
339 break;
340 case -EPERM:
341 WARN(1, "Trying to pin vcpu without having privilege to do so\n");
342 disable_pinning = true;
343 break;
344 case -EINVAL:
345 case -EBUSY:
346 pr_warn("Physical cpu %d not available for pinning. Check Xen cpu configuration.\n",
347 cpu);
348 break;
349 case 0:
350 break;
351 default:
352 WARN(1, "rc %d while trying to pin vcpu\n", ret);
353 disable_pinning = true;
354 }
355 }
356
357 #ifdef CONFIG_HOTPLUG_CPU
xen_arch_register_cpu(int num)358 void xen_arch_register_cpu(int num)
359 {
360 arch_register_cpu(num);
361 }
362 EXPORT_SYMBOL(xen_arch_register_cpu);
363
xen_arch_unregister_cpu(int num)364 void xen_arch_unregister_cpu(int num)
365 {
366 arch_unregister_cpu(num);
367 }
368 EXPORT_SYMBOL(xen_arch_unregister_cpu);
369 #endif
370