From patchwork Wed Apr 5 23:19:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andre Przywara X-Patchwork-Id: 9665911 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7FF8C60352 for ; Wed, 5 Apr 2017 23:23:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 71B652816B for ; Wed, 5 Apr 2017 23:23:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6670228584; Wed, 5 Apr 2017 23:23:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B38F12816B for ; Wed, 5 Apr 2017 23:23:20 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cvuEZ-0004m6-7c; Wed, 05 Apr 2017 23:21:03 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cvuEX-0004bz-K8 for xen-devel@lists.xenproject.org; Wed, 05 Apr 2017 23:21:01 +0000 Received: from [193.109.254.147] by server-2.bemta-6.messagelabs.com id 60/B2-19731-DDB75E85; Wed, 05 Apr 2017 23:21:01 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrCLMWRWlGSWpSXmKPExsVysyfVTfdO9dM IgwNzlS2+b5nM5MDocfjDFZYAxijWzLyk/IoE1oz/c06xFmwIrfja/oC9gfG/XRcjJ4eQwCZG iU/Nyl2MXED2XkaJtlOdTCAJNgFdiR03XzOD2CICoRJzfj4Csjk4mAUqJboX8YOEhYHCB65+A ytnEVCVOPRhJTuIzSvgLrFpwwJGkHIJATmJK/8SQMKcQOGXrcdYINa6SVybOJVlAiP3AkaGVY waxalFZalFukaGeklFmekZJbmJmTm6hgZmermpxcWJ6ak5iUnFesn5uZsYgb5lAIIdjH+WBRx ilORgUhLlVfB5EiHEl5SfUpmRWJwRX1Sak1p8iFGGg0NJgndb1dMIIcGi1PTUirTMHGCQwaQl OHiURHitQNK8xQWJucWZ6RCpU4yKUuK8m0ASAiCJjNI8uDZYYF9ilJUS5mUEOkSIpyC1KDezB FX+FaM4B6OSMO8UkCk8mXklcNNfAS1mAlr85M5DkMUliQgpqQbGY0rst5r2R076c4aPe67Cvb h17xMtLj25X8/Vyvb833EBZ9aJstoT5na+T2U8umBhU8TT5crdj9KTXddN79jxONIxui6g669 HVGnlat1pi70mbb/KZeD3+rKEVd+jeUaZz+9uKtn9SPKEodndq0c+mvvujDhdsWVxf+W0m6zP Vh1jv/C0LL2TWYmlOCPRUIu5qDgRAHV9Wj9nAgAA X-Env-Sender: andre.przywara@arm.com X-Msg-Ref: server-6.tower-27.messagelabs.com!1491434459!96087064!1 X-Originating-IP: [217.140.101.70] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.12; banners=-,-,- X-VirusChecked: Checked Received: (qmail 7608 invoked from network); 5 Apr 2017 23:21:00 -0000 Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70) by server-6.tower-27.messagelabs.com with SMTP; 5 Apr 2017 23:21:00 -0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B36AA344; Wed, 5 Apr 2017 16:20:59 -0700 (PDT) Received: from slackpad.lan (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 6F8733F4FF; Wed, 5 Apr 2017 16:20:58 -0700 (PDT) From: Andre Przywara To: Stefano Stabellini , Julien Grall Date: Thu, 6 Apr 2017 00:19:07 +0100 Message-Id: <1491434362-30310-16-git-send-email-andre.przywara@arm.com> X-Mailer: git-send-email 2.8.2 In-Reply-To: <1491434362-30310-1-git-send-email-andre.przywara@arm.com> References: <1491434362-30310-1-git-send-email-andre.przywara@arm.com> Cc: xen-devel@lists.xenproject.org, Shanker Donthineni , Vijay Kilari Subject: [Xen-devel] [PATCH v5 15/30] ARM: vGICv3: handle virtual LPI pending and property tables X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Allow a guest to provide the address and size for the memory regions it has reserved for the GICv3 pending and property tables. We sanitise the various fields of the respective redistributor registers and map those pages into Xen's address space to have easy access. This introduces a function to read and write from and to guest memory, to be later able to access the tables located there. This vgic_access_guest_memory() function has been written by Vijaya Kumar as part of an earlier series. Signed-off-by: Andre Przywara --- xen/arch/arm/vgic-v3.c | 152 ++++++++++++++++++++++++++++++++++++++----- xen/arch/arm/vgic.c | 39 +++++++++++ xen/include/asm-arm/domain.h | 6 +- xen/include/asm-arm/vgic.h | 3 + 4 files changed, 182 insertions(+), 18 deletions(-) diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 2a14305..0623803 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -19,12 +19,14 @@ */ #include +#include #include #include #include #include #include #include +#include #include #include #include @@ -228,12 +230,21 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info, goto read_reserved; case VREG64(GICR_PROPBASER): - /* LPI's not implemented */ - goto read_as_zero_64; + if ( !vgic_reg64_check_access(dabt) ) goto bad_width; + + spin_lock(&v->arch.vgic.lock); + *r = vgic_reg64_extract(v->domain->arch.vgic.rdist_propbase, info); + spin_unlock(&v->arch.vgic.lock); + return 1; case VREG64(GICR_PENDBASER): - /* LPI's not implemented */ - goto read_as_zero_64; + if ( !vgic_reg64_check_access(dabt) ) goto bad_width; + + spin_lock(&v->arch.vgic.lock); + *r = vgic_reg64_extract(v->arch.vgic.rdist_pendbase, info); + *r &= ~GICR_PENDBASER_PTZ; /* WO, reads as 0 */ + spin_unlock(&v->arch.vgic.lock); + return 1; case 0x0080: goto read_reserved; @@ -301,11 +312,6 @@ bad_width: domain_crash_synchronous(); return 0; -read_as_zero_64: - if ( !vgic_reg64_check_access(dabt) ) goto bad_width; - *r = 0; - return 1; - read_as_zero_32: if ( dabt.size != DABT_WORD ) goto bad_width; *r = 0; @@ -330,11 +336,95 @@ read_unknown: return 1; } +static uint64_t vgic_sanitise_field(uint64_t reg, uint64_t field_mask, + int field_shift, + uint64_t (*sanitise_fn)(uint64_t)) +{ + uint64_t field = (reg & field_mask) >> field_shift; + + field = sanitise_fn(field) << field_shift; + + return (reg & ~field_mask) | field; +} + +/* We want to avoid outer shareable. */ +static uint64_t vgic_sanitise_shareability(uint64_t field) +{ + switch ( field ) + { + case GIC_BASER_OuterShareable: + return GIC_BASER_InnerShareable; + default: + return field; + } +} + +/* Avoid any inner non-cacheable mapping. */ +static uint64_t vgic_sanitise_inner_cacheability(uint64_t field) +{ + switch ( field ) + { + case GIC_BASER_CACHE_nCnB: + case GIC_BASER_CACHE_nC: + return GIC_BASER_CACHE_RaWb; + default: + return field; + } +} + +/* Non-cacheable or same-as-inner are OK. */ +static uint64_t vgic_sanitise_outer_cacheability(uint64_t field) +{ + switch ( field ) + { + case GIC_BASER_CACHE_SameAsInner: + case GIC_BASER_CACHE_nC: + return field; + default: + return GIC_BASER_CACHE_nC; + } +} + +static uint64_t sanitize_propbaser(uint64_t reg) +{ + reg = vgic_sanitise_field(reg, GICR_PROPBASER_SHAREABILITY_MASK, + GICR_PROPBASER_SHAREABILITY_SHIFT, + vgic_sanitise_shareability); + reg = vgic_sanitise_field(reg, GICR_PROPBASER_INNER_CACHEABILITY_MASK, + GICR_PROPBASER_INNER_CACHEABILITY_SHIFT, + vgic_sanitise_inner_cacheability); + reg = vgic_sanitise_field(reg, GICR_PROPBASER_OUTER_CACHEABILITY_MASK, + GICR_PROPBASER_OUTER_CACHEABILITY_SHIFT, + vgic_sanitise_outer_cacheability); + + reg &= ~GICR_PROPBASER_RES0_MASK; + + return reg; +} + +static uint64_t sanitize_pendbaser(uint64_t reg) +{ + reg = vgic_sanitise_field(reg, GICR_PENDBASER_SHAREABILITY_MASK, + GICR_PENDBASER_SHAREABILITY_SHIFT, + vgic_sanitise_shareability); + reg = vgic_sanitise_field(reg, GICR_PENDBASER_INNER_CACHEABILITY_MASK, + GICR_PENDBASER_INNER_CACHEABILITY_SHIFT, + vgic_sanitise_inner_cacheability); + reg = vgic_sanitise_field(reg, GICR_PENDBASER_OUTER_CACHEABILITY_MASK, + GICR_PENDBASER_OUTER_CACHEABILITY_SHIFT, + vgic_sanitise_outer_cacheability); + + reg &= ~GICR_PENDBASER_RES0_MASK; + + return reg; +} + static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info, uint32_t gicr_reg, register_t r) { struct hsr_dabt dabt = info->dabt; + uint64_t reg; switch ( gicr_reg ) { @@ -365,36 +455,64 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info, goto write_impl_defined; case VREG64(GICR_SETLPIR): - /* LPI is not implemented */ + /* LPIs without an ITS are not implemented */ goto write_ignore_64; case VREG64(GICR_CLRLPIR): - /* LPI is not implemented */ + /* LPIs without an ITS are not implemented */ goto write_ignore_64; case 0x0050: goto write_reserved; case VREG64(GICR_PROPBASER): - /* LPI is not implemented */ - goto write_ignore_64; + if ( !vgic_reg64_check_access(dabt) ) goto bad_width; + + spin_lock(&v->arch.vgic.lock); + + /* Writing PROPBASER with LPIs enabled is UNPREDICTABLE. */ + if ( !(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED) ) + { + reg = v->domain->arch.vgic.rdist_propbase; + vgic_reg64_update(®, r, info); + reg = sanitize_propbaser(reg); + v->domain->arch.vgic.rdist_propbase = reg; + } + + spin_unlock(&v->arch.vgic.lock); + + return 1; case VREG64(GICR_PENDBASER): - /* LPI is not implemented */ - goto write_ignore_64; + if ( !vgic_reg64_check_access(dabt) ) goto bad_width; + + spin_lock(&v->arch.vgic.lock); + + /* Writing PENDBASER with LPIs enabled is UNPREDICTABLE. */ + if ( !(v->arch.vgic.flags & VGIC_V3_LPIS_ENABLED) ) + { + reg = v->arch.vgic.rdist_pendbase; + vgic_reg64_update(®, r, info); + reg = sanitize_pendbaser(reg); + v->arch.vgic.rdist_pendbase = reg; + } + + spin_unlock(&v->arch.vgic.lock); + + return 1; case 0x0080: goto write_reserved; case VREG64(GICR_INVLPIR): - /* LPI is not implemented */ + /* LPIs without an ITS are not implemented */ goto write_ignore_64; case 0x00A8: goto write_reserved; case VREG64(GICR_INVALLR): - /* LPI is not implemented */ + /* LPIs without an ITS are not implemented */ goto write_ignore_64; case 0x00B8: diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c index cd9a2a5..9b0dc3d 100644 --- a/xen/arch/arm/vgic.c +++ b/xen/arch/arm/vgic.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -589,6 +590,44 @@ void vgic_free_virq(struct domain *d, unsigned int virq) clear_bit(virq, d->arch.vgic.allocated_irqs); } +int vgic_access_guest_memory(struct domain *d, paddr_t gpa, void *addr, + uint32_t size, bool_t is_write) +{ + struct page_info *page; + uint64_t offset; + p2m_type_t p2mt; + void *p; + + page = get_page_from_gfn(d, paddr_to_pfn(gpa), &p2mt, P2M_ALLOC); + if ( !page ) + { + printk(XENLOG_G_ERR "d%d: vITS: Failed to get table entry\n", + d->domain_id); + return -EINVAL; + } + + if ( !p2m_is_ram(p2mt) ) + { + put_page(page); + printk(XENLOG_G_ERR "d%d: vITS: with wrong attributes\n", d->domain_id); + return -EINVAL; + } + + p = __map_domain_page(page); + /* Offset within the mapped page */ + offset = gpa & ~PAGE_MASK; + + if ( is_write ) + memcpy(p + offset, addr, size); + else + memcpy(addr, p + offset, size); + + unmap_domain_page(p); + put_page(page); + + return 0; +} + /* * Local variables: * mode: C diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h index 6ee7538..f993292 100644 --- a/xen/include/asm-arm/domain.h +++ b/xen/include/asm-arm/domain.h @@ -109,6 +109,8 @@ struct arch_domain } *rdist_regions; int nr_regions; /* Number of rdist regions */ uint32_t rdist_stride; /* Re-Distributor stride */ + unsigned long long int nr_lpis; + uint64_t rdist_propbase; struct rb_root its_devices; /* Devices mapped to an ITS */ spinlock_t its_devices_lock; /* Protects the its_devices tree */ struct radix_tree_root pend_lpi_tree; /* Stores struct pending_irq's */ @@ -256,7 +258,9 @@ struct arch_vcpu /* GICv3: redistributor base and flags for this vCPU */ paddr_t rdist_base; -#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */ + uint64_t rdist_pendbase; +#define VGIC_V3_RDIST_LAST (1 << 0) /* last vCPU of the rdist */ +#define VGIC_V3_LPIS_ENABLED (1 << 1) uint8_t flags; } vgic; diff --git a/xen/include/asm-arm/vgic.h b/xen/include/asm-arm/vgic.h index 08d6294..2371960 100644 --- a/xen/include/asm-arm/vgic.h +++ b/xen/include/asm-arm/vgic.h @@ -314,6 +314,9 @@ extern void register_vgic_ops(struct domain *d, const struct vgic_ops *ops); int vgic_v2_init(struct domain *d, int *mmio_count); int vgic_v3_init(struct domain *d, int *mmio_count); +int vgic_access_guest_memory(struct domain *d, paddr_t gpa, void *addr, + uint32_t size, bool_t is_write); + extern int domain_vgic_register(struct domain *d, int *mmio_count); extern int vcpu_vgic_free(struct vcpu *v); extern bool vgic_to_sgi(struct vcpu *v, register_t sgir,