1 // SPDX-License-Identifier: GPL-2.0
2
3 #include <linux/console.h>
4 #include <linux/cpu.h>
5 #include <linux/instrumentation.h>
6 #include <linux/kexec.h>
7 #include <linux/memblock.h>
8 #include <linux/slab.h>
9 #include <linux/panic_notifier.h>
10
11 #include <xen/xen.h>
12 #include <xen/features.h>
13 #include <xen/interface/sched.h>
14 #include <xen/interface/version.h>
15 #include <xen/page.h>
16
17 #include <asm/xen/hypercall.h>
18 #include <asm/xen/hypervisor.h>
19 #include <asm/cpu.h>
20 #include <asm/e820/api.h>
21 #include <asm/setup.h>
22
23 #include "xen-ops.h"
24
25 DEFINE_STATIC_CALL(xen_hypercall, xen_hypercall_hvm);
26 EXPORT_STATIC_CALL_TRAMP(xen_hypercall);
27
28 /*
29 * Pointer to the xen_vcpu_info structure or
30 * &HYPERVISOR_shared_info->vcpu_info[cpu]. See xen_hvm_init_shared_info
31 * and xen_vcpu_setup for details. By default it points to share_info->vcpu_info
32 * but during boot it is switched to point to xen_vcpu_info.
33 * The pointer is used in xen_evtchn_do_upcall to acknowledge pending events.
34 * Make sure that xen_vcpu_info doesn't cross a page boundary by making it
35 * cache-line aligned (the struct is guaranteed to have a size of 64 bytes,
36 * which matches the cache line size of 64-bit x86 processors).
37 */
38 DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu);
39 DEFINE_PER_CPU_ALIGNED(struct vcpu_info, xen_vcpu_info);
40
41 /* Linux <-> Xen vCPU id mapping */
42 DEFINE_PER_CPU(uint32_t, xen_vcpu_id);
43 EXPORT_PER_CPU_SYMBOL(xen_vcpu_id);
44
45 unsigned long *machine_to_phys_mapping = (void *)MACH2PHYS_VIRT_START;
46 EXPORT_SYMBOL(machine_to_phys_mapping);
47 unsigned long machine_to_phys_nr;
48 EXPORT_SYMBOL(machine_to_phys_nr);
49
50 struct start_info *xen_start_info;
51 EXPORT_SYMBOL_GPL(xen_start_info);
52
53 struct shared_info xen_dummy_shared_info;
54
55 __read_mostly bool xen_have_vector_callback = true;
56 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
57
58 /*
59 * NB: These need to live in .data or alike because they're used by
60 * xen_prepare_pvh() which runs before clearing the bss.
61 */
62 enum xen_domain_type __ro_after_init xen_domain_type = XEN_NATIVE;
63 EXPORT_SYMBOL_GPL(xen_domain_type);
64 uint32_t __ro_after_init xen_start_flags;
65 EXPORT_SYMBOL(xen_start_flags);
66
67 /*
68 * Point at some empty memory to start with. We map the real shared_info
69 * page as soon as fixmap is up and running.
70 */
71 struct shared_info *HYPERVISOR_shared_info = &xen_dummy_shared_info;
72
73 /* Number of pages released from the initial allocation. */
74 unsigned long xen_released_pages;
75
xen_get_vendor(void)76 static __ref void xen_get_vendor(void)
77 {
78 init_cpu_devs();
79 cpu_detect(&boot_cpu_data);
80 get_cpu_vendor(&boot_cpu_data);
81 }
82
xen_hypercall_setfunc(void)83 void xen_hypercall_setfunc(void)
84 {
85 if (static_call_query(xen_hypercall) != xen_hypercall_hvm)
86 return;
87
88 if ((boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
89 boot_cpu_data.x86_vendor == X86_VENDOR_HYGON))
90 static_call_update(xen_hypercall, xen_hypercall_amd);
91 else
92 static_call_update(xen_hypercall, xen_hypercall_intel);
93 }
94
95 /*
96 * Evaluate processor vendor in order to select the correct hypercall
97 * function for HVM/PVH guests.
98 * Might be called very early in boot before vendor has been set by
99 * early_cpu_init().
100 */
__xen_hypercall_setfunc(void)101 noinstr void *__xen_hypercall_setfunc(void)
102 {
103 void (*func)(void);
104
105 /*
106 * Xen is supported only on CPUs with CPUID, so testing for
107 * X86_FEATURE_CPUID is a test for early_cpu_init() having been
108 * run.
109 *
110 * Note that __xen_hypercall_setfunc() is noinstr only due to a nasty
111 * dependency chain: it is being called via the xen_hypercall static
112 * call when running as a PVH or HVM guest. Hypercalls need to be
113 * noinstr due to PV guests using hypercalls in noinstr code. So we
114 * can safely tag the function body as "instrumentation ok", since
115 * the PV guest requirement is not of interest here (xen_get_vendor()
116 * calls noinstr functions, and static_call_update_early() might do
117 * so, too).
118 */
119 instrumentation_begin();
120
121 if (!boot_cpu_has(X86_FEATURE_CPUID))
122 xen_get_vendor();
123
124 if ((boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
125 boot_cpu_data.x86_vendor == X86_VENDOR_HYGON))
126 func = xen_hypercall_amd;
127 else
128 func = xen_hypercall_intel;
129
130 static_call_update_early(xen_hypercall, func);
131
132 instrumentation_end();
133
134 return func;
135 }
136
xen_cpu_up_online(unsigned int cpu)137 static int xen_cpu_up_online(unsigned int cpu)
138 {
139 xen_init_lock_cpu(cpu);
140 return 0;
141 }
142
xen_cpuhp_setup(int (* cpu_up_prepare_cb)(unsigned int),int (* cpu_dead_cb)(unsigned int))143 int xen_cpuhp_setup(int (*cpu_up_prepare_cb)(unsigned int),
144 int (*cpu_dead_cb)(unsigned int))
145 {
146 int rc;
147
148 rc = cpuhp_setup_state_nocalls(CPUHP_XEN_PREPARE,
149 "x86/xen/guest:prepare",
150 cpu_up_prepare_cb, cpu_dead_cb);
151 if (rc >= 0) {
152 rc = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN,
153 "x86/xen/guest:online",
154 xen_cpu_up_online, NULL);
155 if (rc < 0)
156 cpuhp_remove_state_nocalls(CPUHP_XEN_PREPARE);
157 }
158
159 return rc >= 0 ? 0 : rc;
160 }
161
xen_vcpu_setup_restore(int cpu)162 static void xen_vcpu_setup_restore(int cpu)
163 {
164 /* Any per_cpu(xen_vcpu) is stale, so reset it */
165 xen_vcpu_info_reset(cpu);
166
167 /*
168 * For PVH and PVHVM, setup online VCPUs only. The rest will
169 * be handled by hotplug.
170 */
171 if (xen_pv_domain() ||
172 (xen_hvm_domain() && cpu_online(cpu)))
173 xen_vcpu_setup(cpu);
174 }
175
176 /*
177 * On restore, set the vcpu placement up again.
178 * If it fails, then we're in a bad state, since
179 * we can't back out from using it...
180 */
xen_vcpu_restore(void)181 void xen_vcpu_restore(void)
182 {
183 int cpu;
184
185 for_each_possible_cpu(cpu) {
186 bool other_cpu = (cpu != smp_processor_id());
187 bool is_up;
188
189 if (xen_vcpu_nr(cpu) == XEN_VCPU_ID_INVALID)
190 continue;
191
192 /* Only Xen 4.5 and higher support this. */
193 is_up = HYPERVISOR_vcpu_op(VCPUOP_is_up,
194 xen_vcpu_nr(cpu), NULL) > 0;
195
196 if (other_cpu && is_up &&
197 HYPERVISOR_vcpu_op(VCPUOP_down, xen_vcpu_nr(cpu), NULL))
198 BUG();
199
200 if (xen_pv_domain() || xen_feature(XENFEAT_hvm_safe_pvclock))
201 xen_setup_runstate_info(cpu);
202
203 xen_vcpu_setup_restore(cpu);
204
205 if (other_cpu && is_up &&
206 HYPERVISOR_vcpu_op(VCPUOP_up, xen_vcpu_nr(cpu), NULL))
207 BUG();
208 }
209 }
210
xen_vcpu_info_reset(int cpu)211 void xen_vcpu_info_reset(int cpu)
212 {
213 if (xen_vcpu_nr(cpu) < MAX_VIRT_CPUS) {
214 per_cpu(xen_vcpu, cpu) =
215 &HYPERVISOR_shared_info->vcpu_info[xen_vcpu_nr(cpu)];
216 } else {
217 /* Set to NULL so that if somebody accesses it we get an OOPS */
218 per_cpu(xen_vcpu, cpu) = NULL;
219 }
220 }
221
xen_vcpu_setup(int cpu)222 void xen_vcpu_setup(int cpu)
223 {
224 struct vcpu_register_vcpu_info info;
225 int err;
226 struct vcpu_info *vcpup;
227
228 BUILD_BUG_ON(sizeof(*vcpup) > SMP_CACHE_BYTES);
229 BUG_ON(HYPERVISOR_shared_info == &xen_dummy_shared_info);
230
231 /*
232 * This path is called on PVHVM at bootup (xen_hvm_smp_prepare_boot_cpu)
233 * and at restore (xen_vcpu_restore). Also called for hotplugged
234 * VCPUs (cpu_init -> xen_hvm_cpu_prepare_hvm).
235 * However, the hypercall can only be done once (see below) so if a VCPU
236 * is offlined and comes back online then let's not redo the hypercall.
237 *
238 * For PV it is called during restore (xen_vcpu_restore) and bootup
239 * (xen_setup_vcpu_info_placement). The hotplug mechanism does not
240 * use this function.
241 */
242 if (xen_hvm_domain()) {
243 if (per_cpu(xen_vcpu, cpu) == &per_cpu(xen_vcpu_info, cpu))
244 return;
245 }
246
247 vcpup = &per_cpu(xen_vcpu_info, cpu);
248 info.mfn = arbitrary_virt_to_mfn(vcpup);
249 info.offset = offset_in_page(vcpup);
250
251 /*
252 * N.B. This hypercall can _only_ be called once per CPU.
253 * Subsequent calls will error out with -EINVAL. This is due to
254 * the fact that hypervisor has no unregister variant and this
255 * hypercall does not allow to over-write info.mfn and
256 * info.offset.
257 */
258 err = HYPERVISOR_vcpu_op(VCPUOP_register_vcpu_info, xen_vcpu_nr(cpu),
259 &info);
260 if (err)
261 panic("register_vcpu_info failed: cpu=%d err=%d\n", cpu, err);
262
263 per_cpu(xen_vcpu, cpu) = vcpup;
264 }
265
xen_banner(void)266 void __init xen_banner(void)
267 {
268 unsigned version = HYPERVISOR_xen_version(XENVER_version, NULL);
269 struct xen_extraversion extra;
270
271 HYPERVISOR_xen_version(XENVER_extraversion, &extra);
272
273 pr_info("Booting kernel on %s\n", pv_info.name);
274 pr_info("Xen version: %u.%u%s%s\n",
275 version >> 16, version & 0xffff, extra.extraversion,
276 xen_feature(XENFEAT_mmu_pt_update_preserve_ad)
277 ? " (preserve-AD)" : "");
278 }
279
280 /* Check if running on Xen version (major, minor) or later */
xen_running_on_version_or_later(unsigned int major,unsigned int minor)281 bool xen_running_on_version_or_later(unsigned int major, unsigned int minor)
282 {
283 unsigned int version;
284
285 if (!xen_domain())
286 return false;
287
288 version = HYPERVISOR_xen_version(XENVER_version, NULL);
289 if ((((version >> 16) == major) && ((version & 0xffff) >= minor)) ||
290 ((version >> 16) > major))
291 return true;
292 return false;
293 }
294
xen_add_preferred_consoles(void)295 void __init xen_add_preferred_consoles(void)
296 {
297 add_preferred_console("xenboot", 0, NULL);
298 if (!boot_params.screen_info.orig_video_isVGA)
299 add_preferred_console("tty", 0, NULL);
300 add_preferred_console("hvc", 0, NULL);
301 if (boot_params.screen_info.orig_video_isVGA)
302 add_preferred_console("tty", 0, NULL);
303 }
304
xen_reboot(int reason)305 void xen_reboot(int reason)
306 {
307 struct sched_shutdown r = { .reason = reason };
308 int cpu;
309
310 for_each_online_cpu(cpu)
311 xen_pmu_finish(cpu);
312
313 if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
314 BUG();
315 }
316
317 static int reboot_reason = SHUTDOWN_reboot;
318 static bool xen_legacy_crash;
xen_emergency_restart(void)319 void xen_emergency_restart(void)
320 {
321 xen_reboot(reboot_reason);
322 }
323
324 static int
xen_panic_event(struct notifier_block * this,unsigned long event,void * ptr)325 xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr)
326 {
327 if (!kexec_crash_loaded()) {
328 if (xen_legacy_crash)
329 xen_reboot(SHUTDOWN_crash);
330
331 reboot_reason = SHUTDOWN_crash;
332
333 /*
334 * If panic_timeout==0 then we are supposed to wait forever.
335 * However, to preserve original dom0 behavior we have to drop
336 * into hypervisor. (domU behavior is controlled by its
337 * config file)
338 */
339 if (panic_timeout == 0)
340 panic_timeout = -1;
341 }
342 return NOTIFY_DONE;
343 }
344
parse_xen_legacy_crash(char * arg)345 static int __init parse_xen_legacy_crash(char *arg)
346 {
347 xen_legacy_crash = true;
348 return 0;
349 }
350 early_param("xen_legacy_crash", parse_xen_legacy_crash);
351
352 static struct notifier_block xen_panic_block = {
353 .notifier_call = xen_panic_event,
354 .priority = INT_MIN
355 };
356
xen_panic_handler_init(void)357 int xen_panic_handler_init(void)
358 {
359 atomic_notifier_chain_register(&panic_notifier_list, &xen_panic_block);
360 return 0;
361 }
362
xen_pin_vcpu(int cpu)363 void xen_pin_vcpu(int cpu)
364 {
365 static bool disable_pinning;
366 struct sched_pin_override pin_override;
367 int ret;
368
369 if (disable_pinning)
370 return;
371
372 pin_override.pcpu = cpu;
373 ret = HYPERVISOR_sched_op(SCHEDOP_pin_override, &pin_override);
374
375 /* Ignore errors when removing override. */
376 if (cpu < 0)
377 return;
378
379 switch (ret) {
380 case -ENOSYS:
381 pr_warn("Unable to pin on physical cpu %d. In case of problems consider vcpu pinning.\n",
382 cpu);
383 disable_pinning = true;
384 break;
385 case -EPERM:
386 WARN(1, "Trying to pin vcpu without having privilege to do so\n");
387 disable_pinning = true;
388 break;
389 case -EINVAL:
390 case -EBUSY:
391 pr_warn("Physical cpu %d not available for pinning. Check Xen cpu configuration.\n",
392 cpu);
393 break;
394 case 0:
395 break;
396 default:
397 WARN(1, "rc %d while trying to pin vcpu\n", ret);
398 disable_pinning = true;
399 }
400 }
401
402 #ifdef CONFIG_HOTPLUG_CPU
xen_arch_register_cpu(int num)403 void xen_arch_register_cpu(int num)
404 {
405 arch_register_cpu(num);
406 }
407 EXPORT_SYMBOL(xen_arch_register_cpu);
408
xen_arch_unregister_cpu(int num)409 void xen_arch_unregister_cpu(int num)
410 {
411 arch_unregister_cpu(num);
412 }
413 EXPORT_SYMBOL(xen_arch_unregister_cpu);
414 #endif
415
416 /* Amount of extra memory space we add to the e820 ranges */
417 struct xen_memory_region xen_extra_mem[XEN_EXTRA_MEM_MAX_REGIONS] __initdata;
418
xen_add_extra_mem(unsigned long start_pfn,unsigned long n_pfns)419 void __init xen_add_extra_mem(unsigned long start_pfn, unsigned long n_pfns)
420 {
421 unsigned int i;
422
423 /*
424 * No need to check for zero size, should happen rarely and will only
425 * write a new entry regarded to be unused due to zero size.
426 */
427 for (i = 0; i < XEN_EXTRA_MEM_MAX_REGIONS; i++) {
428 /* Add new region. */
429 if (xen_extra_mem[i].n_pfns == 0) {
430 xen_extra_mem[i].start_pfn = start_pfn;
431 xen_extra_mem[i].n_pfns = n_pfns;
432 break;
433 }
434 /* Append to existing region. */
435 if (xen_extra_mem[i].start_pfn + xen_extra_mem[i].n_pfns ==
436 start_pfn) {
437 xen_extra_mem[i].n_pfns += n_pfns;
438 break;
439 }
440 }
441 if (i == XEN_EXTRA_MEM_MAX_REGIONS)
442 printk(KERN_WARNING "Warning: not enough extra memory regions\n");
443
444 memblock_reserve(PFN_PHYS(start_pfn), PFN_PHYS(n_pfns));
445 }
446
447 #ifdef CONFIG_XEN_UNPOPULATED_ALLOC
arch_xen_unpopulated_init(struct resource ** res)448 int __init arch_xen_unpopulated_init(struct resource **res)
449 {
450 unsigned int i;
451
452 if (!xen_domain())
453 return -ENODEV;
454
455 /* Must be set strictly before calling xen_free_unpopulated_pages(). */
456 *res = &iomem_resource;
457
458 /*
459 * Initialize with pages from the extra memory regions (see
460 * arch/x86/xen/setup.c).
461 */
462 for (i = 0; i < XEN_EXTRA_MEM_MAX_REGIONS; i++) {
463 unsigned int j;
464
465 for (j = 0; j < xen_extra_mem[i].n_pfns; j++) {
466 struct page *pg =
467 pfn_to_page(xen_extra_mem[i].start_pfn + j);
468
469 xen_free_unpopulated_pages(1, &pg);
470 }
471
472 /*
473 * Account for the region being in the physmap but unpopulated.
474 * The value in xen_released_pages is used by the balloon
475 * driver to know how much of the physmap is unpopulated and
476 * set an accurate initial memory target.
477 */
478 xen_released_pages += xen_extra_mem[i].n_pfns;
479 /* Zero so region is not also added to the balloon driver. */
480 xen_extra_mem[i].n_pfns = 0;
481 }
482
483 return 0;
484 }
485 #endif
486