1 // SPDX-License-Identifier: GPL-2.0
2 
3 #ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
4 #include <linux/memblock.h>
5 #endif
6 #include <linux/cpu.h>
7 #include <linux/kexec.h>
8 #include <linux/slab.h>
9 
10 #include <xen/xen.h>
11 #include <xen/features.h>
12 #include <xen/page.h>
13 
14 #include <asm/xen/hypercall.h>
15 #include <asm/xen/hypervisor.h>
16 #include <asm/cpu.h>
17 #include <asm/e820/api.h>
18 
19 #include "xen-ops.h"
20 #include "smp.h"
21 #include "pmu.h"
22 
23 EXPORT_SYMBOL_GPL(hypercall_page);
24 
25 /*
26  * Pointer to the xen_vcpu_info structure or
27  * &HYPERVISOR_shared_info->vcpu_info[cpu]. See xen_hvm_init_shared_info
28  * and xen_vcpu_setup for details. By default it points to share_info->vcpu_info
29  * but if the hypervisor supports VCPUOP_register_vcpu_info then it can point
30  * to xen_vcpu_info. The pointer is used in __xen_evtchn_do_upcall to
31  * acknowledge pending events.
32  * Also more subtly it is used by the patched version of irq enable/disable
33  * e.g. xen_irq_enable_direct and xen_iret in PV mode.
34  *
35  * The desire to be able to do those mask/unmask operations as a single
36  * instruction by using the per-cpu offset held in %gs is the real reason
37  * vcpu info is in a per-cpu pointer and the original reason for this
38  * hypercall.
39  *
40  */
41 DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu);
42 
43 /*
44  * Per CPU pages used if hypervisor supports VCPUOP_register_vcpu_info
45  * hypercall. This can be used both in PV and PVHVM mode. The structure
46  * overrides the default per_cpu(xen_vcpu, cpu) value.
47  */
48 DEFINE_PER_CPU(struct vcpu_info, xen_vcpu_info);
49 
50 /* Linux <-> Xen vCPU id mapping */
51 DEFINE_PER_CPU(uint32_t, xen_vcpu_id);
52 EXPORT_PER_CPU_SYMBOL(xen_vcpu_id);
53 
54 enum xen_domain_type xen_domain_type = XEN_NATIVE;
55 EXPORT_SYMBOL_GPL(xen_domain_type);
56 
57 unsigned long *machine_to_phys_mapping = (void *)MACH2PHYS_VIRT_START;
58 EXPORT_SYMBOL(machine_to_phys_mapping);
59 unsigned long  machine_to_phys_nr;
60 EXPORT_SYMBOL(machine_to_phys_nr);
61 
62 struct start_info *xen_start_info;
63 EXPORT_SYMBOL_GPL(xen_start_info);
64 
65 struct shared_info xen_dummy_shared_info;
66 
67 __read_mostly int xen_have_vector_callback;
68 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
69 
70 /*
71  * NB: needs to live in .data because it's used by xen_prepare_pvh which runs
72  * before clearing the bss.
73  */
74 uint32_t xen_start_flags __section(".data") = 0;
75 EXPORT_SYMBOL(xen_start_flags);
76 
77 /*
78  * Point at some empty memory to start with. We map the real shared_info
79  * page as soon as fixmap is up and running.
80  */
81 struct shared_info *HYPERVISOR_shared_info = &xen_dummy_shared_info;
82 
83 /*
84  * Flag to determine whether vcpu info placement is available on all
85  * VCPUs.  We assume it is to start with, and then set it to zero on
86  * the first failure.  This is because it can succeed on some VCPUs
87  * and not others, since it can involve hypervisor memory allocation,
88  * or because the guest failed to guarantee all the appropriate
89  * constraints on all VCPUs (ie buffer can't cross a page boundary).
90  *
91  * Note that any particular CPU may be using a placed vcpu structure,
92  * but we can only optimise if the all are.
93  *
94  * 0: not available, 1: available
95  */
96 int xen_have_vcpu_info_placement = 1;
97 
xen_cpu_up_online(unsigned int cpu)98 static int xen_cpu_up_online(unsigned int cpu)
99 {
100 	xen_init_lock_cpu(cpu);
101 	return 0;
102 }
103 
xen_cpuhp_setup(int (* cpu_up_prepare_cb)(unsigned int),int (* cpu_dead_cb)(unsigned int))104 int xen_cpuhp_setup(int (*cpu_up_prepare_cb)(unsigned int),
105 		    int (*cpu_dead_cb)(unsigned int))
106 {
107 	int rc;
108 
109 	rc = cpuhp_setup_state_nocalls(CPUHP_XEN_PREPARE,
110 				       "x86/xen/guest:prepare",
111 				       cpu_up_prepare_cb, cpu_dead_cb);
112 	if (rc >= 0) {
113 		rc = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN,
114 					       "x86/xen/guest:online",
115 					       xen_cpu_up_online, NULL);
116 		if (rc < 0)
117 			cpuhp_remove_state_nocalls(CPUHP_XEN_PREPARE);
118 	}
119 
120 	return rc >= 0 ? 0 : rc;
121 }
122 
xen_vcpu_setup_restore(int cpu)123 static int xen_vcpu_setup_restore(int cpu)
124 {
125 	int rc = 0;
126 
127 	/* Any per_cpu(xen_vcpu) is stale, so reset it */
128 	xen_vcpu_info_reset(cpu);
129 
130 	/*
131 	 * For PVH and PVHVM, setup online VCPUs only. The rest will
132 	 * be handled by hotplug.
133 	 */
134 	if (xen_pv_domain() ||
135 	    (xen_hvm_domain() && cpu_online(cpu))) {
136 		rc = xen_vcpu_setup(cpu);
137 	}
138 
139 	return rc;
140 }
141 
142 /*
143  * On restore, set the vcpu placement up again.
144  * If it fails, then we're in a bad state, since
145  * we can't back out from using it...
146  */
xen_vcpu_restore(void)147 void xen_vcpu_restore(void)
148 {
149 	int cpu, rc;
150 
151 	for_each_possible_cpu(cpu) {
152 		bool other_cpu = (cpu != smp_processor_id());
153 		bool is_up;
154 
155 		if (xen_vcpu_nr(cpu) == XEN_VCPU_ID_INVALID)
156 			continue;
157 
158 		/* Only Xen 4.5 and higher support this. */
159 		is_up = HYPERVISOR_vcpu_op(VCPUOP_is_up,
160 					   xen_vcpu_nr(cpu), NULL) > 0;
161 
162 		if (other_cpu && is_up &&
163 		    HYPERVISOR_vcpu_op(VCPUOP_down, xen_vcpu_nr(cpu), NULL))
164 			BUG();
165 
166 		if (xen_pv_domain() || xen_feature(XENFEAT_hvm_safe_pvclock))
167 			xen_setup_runstate_info(cpu);
168 
169 		rc = xen_vcpu_setup_restore(cpu);
170 		if (rc)
171 			pr_emerg_once("vcpu restore failed for cpu=%d err=%d. "
172 					"System will hang.\n", cpu, rc);
173 		/*
174 		 * In case xen_vcpu_setup_restore() fails, do not bring up the
175 		 * VCPU. This helps us avoid the resulting OOPS when the VCPU
176 		 * accesses pvclock_vcpu_time via xen_vcpu (which is NULL.)
177 		 * Note that this does not improve the situation much -- now the
178 		 * VM hangs instead of OOPSing -- with the VCPUs that did not
179 		 * fail, spinning in stop_machine(), waiting for the failed
180 		 * VCPUs to come up.
181 		 */
182 		if (other_cpu && is_up && (rc == 0) &&
183 		    HYPERVISOR_vcpu_op(VCPUOP_up, xen_vcpu_nr(cpu), NULL))
184 			BUG();
185 	}
186 }
187 
xen_vcpu_info_reset(int cpu)188 void xen_vcpu_info_reset(int cpu)
189 {
190 	if (xen_vcpu_nr(cpu) < MAX_VIRT_CPUS) {
191 		per_cpu(xen_vcpu, cpu) =
192 			&HYPERVISOR_shared_info->vcpu_info[xen_vcpu_nr(cpu)];
193 	} else {
194 		/* Set to NULL so that if somebody accesses it we get an OOPS */
195 		per_cpu(xen_vcpu, cpu) = NULL;
196 	}
197 }
198 
xen_vcpu_setup(int cpu)199 int xen_vcpu_setup(int cpu)
200 {
201 	struct vcpu_register_vcpu_info info;
202 	int err;
203 	struct vcpu_info *vcpup;
204 
205 	BUG_ON(HYPERVISOR_shared_info == &xen_dummy_shared_info);
206 
207 	/*
208 	 * This path is called on PVHVM at bootup (xen_hvm_smp_prepare_boot_cpu)
209 	 * and at restore (xen_vcpu_restore). Also called for hotplugged
210 	 * VCPUs (cpu_init -> xen_hvm_cpu_prepare_hvm).
211 	 * However, the hypercall can only be done once (see below) so if a VCPU
212 	 * is offlined and comes back online then let's not redo the hypercall.
213 	 *
214 	 * For PV it is called during restore (xen_vcpu_restore) and bootup
215 	 * (xen_setup_vcpu_info_placement). The hotplug mechanism does not
216 	 * use this function.
217 	 */
218 	if (xen_hvm_domain()) {
219 		if (per_cpu(xen_vcpu, cpu) == &per_cpu(xen_vcpu_info, cpu))
220 			return 0;
221 	}
222 
223 	if (xen_have_vcpu_info_placement) {
224 		vcpup = &per_cpu(xen_vcpu_info, cpu);
225 		info.mfn = arbitrary_virt_to_mfn(vcpup);
226 		info.offset = offset_in_page(vcpup);
227 
228 		/*
229 		 * Check to see if the hypervisor will put the vcpu_info
230 		 * structure where we want it, which allows direct access via
231 		 * a percpu-variable.
232 		 * N.B. This hypercall can _only_ be called once per CPU.
233 		 * Subsequent calls will error out with -EINVAL. This is due to
234 		 * the fact that hypervisor has no unregister variant and this
235 		 * hypercall does not allow to over-write info.mfn and
236 		 * info.offset.
237 		 */
238 		err = HYPERVISOR_vcpu_op(VCPUOP_register_vcpu_info,
239 					 xen_vcpu_nr(cpu), &info);
240 
241 		if (err) {
242 			pr_warn_once("register_vcpu_info failed: cpu=%d err=%d\n",
243 				     cpu, err);
244 			xen_have_vcpu_info_placement = 0;
245 		} else {
246 			/*
247 			 * This cpu is using the registered vcpu info, even if
248 			 * later ones fail to.
249 			 */
250 			per_cpu(xen_vcpu, cpu) = vcpup;
251 		}
252 	}
253 
254 	if (!xen_have_vcpu_info_placement)
255 		xen_vcpu_info_reset(cpu);
256 
257 	return ((per_cpu(xen_vcpu, cpu) == NULL) ? -ENODEV : 0);
258 }
259 
xen_reboot(int reason)260 void xen_reboot(int reason)
261 {
262 	struct sched_shutdown r = { .reason = reason };
263 	int cpu;
264 
265 	for_each_online_cpu(cpu)
266 		xen_pmu_finish(cpu);
267 
268 	if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
269 		BUG();
270 }
271 
272 static int reboot_reason = SHUTDOWN_reboot;
273 static bool xen_legacy_crash;
xen_emergency_restart(void)274 void xen_emergency_restart(void)
275 {
276 	xen_reboot(reboot_reason);
277 }
278 
279 static int
xen_panic_event(struct notifier_block * this,unsigned long event,void * ptr)280 xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr)
281 {
282 	if (!kexec_crash_loaded()) {
283 		if (xen_legacy_crash)
284 			xen_reboot(SHUTDOWN_crash);
285 
286 		reboot_reason = SHUTDOWN_crash;
287 
288 		/*
289 		 * If panic_timeout==0 then we are supposed to wait forever.
290 		 * However, to preserve original dom0 behavior we have to drop
291 		 * into hypervisor. (domU behavior is controlled by its
292 		 * config file)
293 		 */
294 		if (panic_timeout == 0)
295 			panic_timeout = -1;
296 	}
297 	return NOTIFY_DONE;
298 }
299 
parse_xen_legacy_crash(char * arg)300 static int __init parse_xen_legacy_crash(char *arg)
301 {
302 	xen_legacy_crash = true;
303 	return 0;
304 }
305 early_param("xen_legacy_crash", parse_xen_legacy_crash);
306 
307 static struct notifier_block xen_panic_block = {
308 	.notifier_call = xen_panic_event,
309 	.priority = INT_MIN
310 };
311 
xen_panic_handler_init(void)312 int xen_panic_handler_init(void)
313 {
314 	atomic_notifier_chain_register(&panic_notifier_list, &xen_panic_block);
315 	return 0;
316 }
317 
xen_pin_vcpu(int cpu)318 void xen_pin_vcpu(int cpu)
319 {
320 	static bool disable_pinning;
321 	struct sched_pin_override pin_override;
322 	int ret;
323 
324 	if (disable_pinning)
325 		return;
326 
327 	pin_override.pcpu = cpu;
328 	ret = HYPERVISOR_sched_op(SCHEDOP_pin_override, &pin_override);
329 
330 	/* Ignore errors when removing override. */
331 	if (cpu < 0)
332 		return;
333 
334 	switch (ret) {
335 	case -ENOSYS:
336 		pr_warn("Unable to pin on physical cpu %d. In case of problems consider vcpu pinning.\n",
337 			cpu);
338 		disable_pinning = true;
339 		break;
340 	case -EPERM:
341 		WARN(1, "Trying to pin vcpu without having privilege to do so\n");
342 		disable_pinning = true;
343 		break;
344 	case -EINVAL:
345 	case -EBUSY:
346 		pr_warn("Physical cpu %d not available for pinning. Check Xen cpu configuration.\n",
347 			cpu);
348 		break;
349 	case 0:
350 		break;
351 	default:
352 		WARN(1, "rc %d while trying to pin vcpu\n", ret);
353 		disable_pinning = true;
354 	}
355 }
356 
357 #ifdef CONFIG_HOTPLUG_CPU
xen_arch_register_cpu(int num)358 void xen_arch_register_cpu(int num)
359 {
360 	arch_register_cpu(num);
361 }
362 EXPORT_SYMBOL(xen_arch_register_cpu);
363 
xen_arch_unregister_cpu(int num)364 void xen_arch_unregister_cpu(int num)
365 {
366 	arch_unregister_cpu(num);
367 }
368 EXPORT_SYMBOL(xen_arch_unregister_cpu);
369 #endif
370