1 // SPDX-License-Identifier: GPL-2.0-only
3 * Kernel-based Virtual Machine driver for Linux
5 * This module enables machines with Intel VT-x extensions to run virtual
6 * machines without emulation or binary translation.
8 * Copyright (C) 2006 Qumranet, Inc.
9 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
12 * Avi Kivity <avi@qumranet.com>
13 * Yaniv Kamay <yaniv@qumranet.com>
16 #include <kvm/iodev.h>
18 #include <linux/kvm_host.h>
19 #include <linux/kvm.h>
20 #include <linux/module.h>
21 #include <linux/errno.h>
22 #include <linux/percpu.h>
24 #include <linux/miscdevice.h>
25 #include <linux/vmalloc.h>
26 #include <linux/reboot.h>
27 #include <linux/debugfs.h>
28 #include <linux/highmem.h>
29 #include <linux/file.h>
30 #include <linux/syscore_ops.h>
31 #include <linux/cpu.h>
32 #include <linux/sched/signal.h>
33 #include <linux/sched/mm.h>
34 #include <linux/sched/stat.h>
35 #include <linux/cpumask.h>
36 #include <linux/smp.h>
37 #include <linux/anon_inodes.h>
38 #include <linux/profile.h>
39 #include <linux/kvm_para.h>
40 #include <linux/pagemap.h>
41 #include <linux/mman.h>
42 #include <linux/swap.h>
43 #include <linux/bitops.h>
44 #include <linux/spinlock.h>
45 #include <linux/compat.h>
46 #include <linux/srcu.h>
47 #include <linux/hugetlb.h>
48 #include <linux/slab.h>
49 #include <linux/sort.h>
50 #include <linux/bsearch.h>
52 #include <linux/lockdep.h>
53 #include <linux/kthread.h>
54 #include <linux/suspend.h>
56 #include <asm/processor.h>
57 #include <asm/ioctl.h>
58 #include <linux/uaccess.h>
60 #include "coalesced_mmio.h"
65 #define CREATE_TRACE_POINTS
66 #include <trace/events/kvm.h>
68 #include <linux/kvm_dirty_ring.h>
70 /* Worst case buffer size needed for holding an integer. */
71 #define ITOA_MAX_LEN 12
73 MODULE_AUTHOR("Qumranet");
74 MODULE_LICENSE("GPL");
76 /* Architectures should define their poll value according to the halt latency */
77 unsigned int halt_poll_ns = KVM_HALT_POLL_NS_DEFAULT;
78 module_param(halt_poll_ns, uint, 0644);
79 EXPORT_SYMBOL_GPL(halt_poll_ns);
81 /* Default doubles per-vcpu halt_poll_ns. */
82 unsigned int halt_poll_ns_grow = 2;
83 module_param(halt_poll_ns_grow, uint, 0644);
84 EXPORT_SYMBOL_GPL(halt_poll_ns_grow);
86 /* The start value to grow halt_poll_ns from */
87 unsigned int halt_poll_ns_grow_start = 10000; /* 10us */
88 module_param(halt_poll_ns_grow_start, uint, 0644);
89 EXPORT_SYMBOL_GPL(halt_poll_ns_grow_start);
91 /* Default resets per-vcpu halt_poll_ns . */
92 unsigned int halt_poll_ns_shrink;
93 module_param(halt_poll_ns_shrink, uint, 0644);
94 EXPORT_SYMBOL_GPL(halt_poll_ns_shrink);
99 * kvm->lock --> kvm->slots_lock --> kvm->irq_lock
102 DEFINE_MUTEX(kvm_lock);
103 static DEFINE_RAW_SPINLOCK(kvm_count_lock);
106 static cpumask_var_t cpus_hardware_enabled;
107 static int kvm_usage_count;
108 static atomic_t hardware_enable_failed;
110 static struct kmem_cache *kvm_vcpu_cache;
112 static __read_mostly struct preempt_ops kvm_preempt_ops;
113 static DEFINE_PER_CPU(struct kvm_vcpu *, kvm_running_vcpu);
115 struct dentry *kvm_debugfs_dir;
116 EXPORT_SYMBOL_GPL(kvm_debugfs_dir);
118 static const struct file_operations stat_fops_per_vm;
120 static long kvm_vcpu_ioctl(struct file *file, unsigned int ioctl,
122 #ifdef CONFIG_KVM_COMPAT
123 static long kvm_vcpu_compat_ioctl(struct file *file, unsigned int ioctl,
125 #define KVM_COMPAT(c) .compat_ioctl = (c)
128 * For architectures that don't implement a compat infrastructure,
129 * adopt a double line of defense:
130 * - Prevent a compat task from opening /dev/kvm
131 * - If the open has been done by a 64bit task, and the KVM fd
132 * passed to a compat task, let the ioctls fail.
134 static long kvm_no_compat_ioctl(struct file *file, unsigned int ioctl,
135 unsigned long arg) { return -EINVAL; }
137 static int kvm_no_compat_open(struct inode *inode, struct file *file)
139 return is_compat_task() ? -ENODEV : 0;
141 #define KVM_COMPAT(c) .compat_ioctl = kvm_no_compat_ioctl, \
142 .open = kvm_no_compat_open
144 static int hardware_enable_all(void);
145 static void hardware_disable_all(void);
147 static void kvm_io_bus_destroy(struct kvm_io_bus *bus);
149 __visible bool kvm_rebooting;
150 EXPORT_SYMBOL_GPL(kvm_rebooting);
152 #define KVM_EVENT_CREATE_VM 0
153 #define KVM_EVENT_DESTROY_VM 1
154 static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm);
155 static unsigned long long kvm_createvm_count;
156 static unsigned long long kvm_active_vms;
158 static DEFINE_PER_CPU(cpumask_var_t, cpu_kick_mask);
160 __weak void kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
161 unsigned long start, unsigned long end)
165 bool kvm_is_zone_device_pfn(kvm_pfn_t pfn)
168 * The metadata used by is_zone_device_page() to determine whether or
169 * not a page is ZONE_DEVICE is guaranteed to be valid if and only if
170 * the device has been pinned, e.g. by get_user_pages(). WARN if the
171 * page_count() is zero to help detect bad usage of this helper.
173 if (!pfn_valid(pfn) || WARN_ON_ONCE(!page_count(pfn_to_page(pfn))))
176 return is_zone_device_page(pfn_to_page(pfn));
179 bool kvm_is_reserved_pfn(kvm_pfn_t pfn)
182 * ZONE_DEVICE pages currently set PG_reserved, but from a refcounting
183 * perspective they are "normal" pages, albeit with slightly different
187 return PageReserved(pfn_to_page(pfn)) &&
189 !kvm_is_zone_device_pfn(pfn);
195 * Switches to specified vcpu, until a matching vcpu_put()
197 void vcpu_load(struct kvm_vcpu *vcpu)
201 __this_cpu_write(kvm_running_vcpu, vcpu);
202 preempt_notifier_register(&vcpu->preempt_notifier);
203 kvm_arch_vcpu_load(vcpu, cpu);
206 EXPORT_SYMBOL_GPL(vcpu_load);
208 void vcpu_put(struct kvm_vcpu *vcpu)
211 kvm_arch_vcpu_put(vcpu);
212 preempt_notifier_unregister(&vcpu->preempt_notifier);
213 __this_cpu_write(kvm_running_vcpu, NULL);
216 EXPORT_SYMBOL_GPL(vcpu_put);
218 /* TODO: merge with kvm_arch_vcpu_should_kick */
219 static bool kvm_request_needs_ipi(struct kvm_vcpu *vcpu, unsigned req)
221 int mode = kvm_vcpu_exiting_guest_mode(vcpu);
224 * We need to wait for the VCPU to reenable interrupts and get out of
225 * READING_SHADOW_PAGE_TABLES mode.
227 if (req & KVM_REQUEST_WAIT)
228 return mode != OUTSIDE_GUEST_MODE;
231 * Need to kick a running VCPU, but otherwise there is nothing to do.
233 return mode == IN_GUEST_MODE;
236 static void ack_flush(void *_completed)
240 static inline bool kvm_kick_many_cpus(struct cpumask *cpus, bool wait)
242 if (cpumask_empty(cpus))
245 smp_call_function_many(cpus, ack_flush, NULL, wait);
249 static void kvm_make_vcpu_request(struct kvm *kvm, struct kvm_vcpu *vcpu,
250 unsigned int req, struct cpumask *tmp,
255 kvm_make_request(req, vcpu);
257 if (!(req & KVM_REQUEST_NO_WAKEUP) && kvm_vcpu_wake_up(vcpu))
261 * Note, the vCPU could get migrated to a different pCPU at any point
262 * after kvm_request_needs_ipi(), which could result in sending an IPI
263 * to the previous pCPU. But, that's OK because the purpose of the IPI
264 * is to ensure the vCPU returns to OUTSIDE_GUEST_MODE, which is
265 * satisfied if the vCPU migrates. Entering READING_SHADOW_PAGE_TABLES
266 * after this point is also OK, as the requirement is only that KVM wait
267 * for vCPUs that were reading SPTEs _before_ any changes were
268 * finalized. See kvm_vcpu_kick() for more details on handling requests.
270 if (kvm_request_needs_ipi(vcpu, req)) {
271 cpu = READ_ONCE(vcpu->cpu);
272 if (cpu != -1 && cpu != current_cpu)
273 __cpumask_set_cpu(cpu, tmp);
277 bool kvm_make_vcpus_request_mask(struct kvm *kvm, unsigned int req,
278 unsigned long *vcpu_bitmap)
280 struct kvm_vcpu *vcpu;
281 struct cpumask *cpus;
287 cpus = this_cpu_cpumask_var_ptr(cpu_kick_mask);
290 for_each_set_bit(i, vcpu_bitmap, KVM_MAX_VCPUS) {
291 vcpu = kvm_get_vcpu(kvm, i);
294 kvm_make_vcpu_request(kvm, vcpu, req, cpus, me);
297 called = kvm_kick_many_cpus(cpus, !!(req & KVM_REQUEST_WAIT));
303 bool kvm_make_all_cpus_request_except(struct kvm *kvm, unsigned int req,
304 struct kvm_vcpu *except)
306 struct kvm_vcpu *vcpu;
307 struct cpumask *cpus;
314 cpus = this_cpu_cpumask_var_ptr(cpu_kick_mask);
317 kvm_for_each_vcpu(i, vcpu, kvm) {
320 kvm_make_vcpu_request(kvm, vcpu, req, cpus, me);
323 called = kvm_kick_many_cpus(cpus, !!(req & KVM_REQUEST_WAIT));
329 bool kvm_make_all_cpus_request(struct kvm *kvm, unsigned int req)
331 return kvm_make_all_cpus_request_except(kvm, req, NULL);
333 EXPORT_SYMBOL_GPL(kvm_make_all_cpus_request);
335 #ifndef CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL
336 void kvm_flush_remote_tlbs(struct kvm *kvm)
338 ++kvm->stat.generic.remote_tlb_flush_requests;
341 * We want to publish modifications to the page tables before reading
342 * mode. Pairs with a memory barrier in arch-specific code.
343 * - x86: smp_mb__after_srcu_read_unlock in vcpu_enter_guest
344 * and smp_mb in walk_shadow_page_lockless_begin/end.
345 * - powerpc: smp_mb in kvmppc_prepare_to_enter.
347 * There is already an smp_mb__after_atomic() before
348 * kvm_make_all_cpus_request() reads vcpu->mode. We reuse that
351 if (!kvm_arch_flush_remote_tlb(kvm)
352 || kvm_make_all_cpus_request(kvm, KVM_REQ_TLB_FLUSH))
353 ++kvm->stat.generic.remote_tlb_flush;
355 EXPORT_SYMBOL_GPL(kvm_flush_remote_tlbs);
358 void kvm_reload_remote_mmus(struct kvm *kvm)
360 kvm_make_all_cpus_request(kvm, KVM_REQ_MMU_RELOAD);
363 #ifdef KVM_ARCH_NR_OBJS_PER_MEMORY_CACHE
364 static inline void *mmu_memory_cache_alloc_obj(struct kvm_mmu_memory_cache *mc,
367 gfp_flags |= mc->gfp_zero;
370 return kmem_cache_alloc(mc->kmem_cache, gfp_flags);
372 return (void *)__get_free_page(gfp_flags);
375 int kvm_mmu_topup_memory_cache(struct kvm_mmu_memory_cache *mc, int min)
379 if (mc->nobjs >= min)
381 while (mc->nobjs < ARRAY_SIZE(mc->objects)) {
382 obj = mmu_memory_cache_alloc_obj(mc, GFP_KERNEL_ACCOUNT);
384 return mc->nobjs >= min ? 0 : -ENOMEM;
385 mc->objects[mc->nobjs++] = obj;
390 int kvm_mmu_memory_cache_nr_free_objects(struct kvm_mmu_memory_cache *mc)
395 void kvm_mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
399 kmem_cache_free(mc->kmem_cache, mc->objects[--mc->nobjs]);
401 free_page((unsigned long)mc->objects[--mc->nobjs]);
405 void *kvm_mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
409 if (WARN_ON(!mc->nobjs))
410 p = mmu_memory_cache_alloc_obj(mc, GFP_ATOMIC | __GFP_ACCOUNT);
412 p = mc->objects[--mc->nobjs];
418 static void kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
420 mutex_init(&vcpu->mutex);
425 rcuwait_init(&vcpu->wait);
426 kvm_async_pf_vcpu_init(vcpu);
429 INIT_LIST_HEAD(&vcpu->blocked_vcpu_list);
431 kvm_vcpu_set_in_spin_loop(vcpu, false);
432 kvm_vcpu_set_dy_eligible(vcpu, false);
433 vcpu->preempted = false;
435 preempt_notifier_init(&vcpu->preempt_notifier, &kvm_preempt_ops);
436 vcpu->last_used_slot = 0;
439 static void kvm_vcpu_destroy(struct kvm_vcpu *vcpu)
441 kvm_dirty_ring_free(&vcpu->dirty_ring);
442 kvm_arch_vcpu_destroy(vcpu);
445 * No need for rcu_read_lock as VCPU_RUN is the only place that changes
446 * the vcpu->pid pointer, and at destruction time all file descriptors
449 put_pid(rcu_dereference_protected(vcpu->pid, 1));
451 free_page((unsigned long)vcpu->run);
452 kmem_cache_free(kvm_vcpu_cache, vcpu);
455 void kvm_destroy_vcpus(struct kvm *kvm)
458 struct kvm_vcpu *vcpu;
460 kvm_for_each_vcpu(i, vcpu, kvm) {
461 kvm_vcpu_destroy(vcpu);
462 xa_erase(&kvm->vcpu_array, i);
465 atomic_set(&kvm->online_vcpus, 0);
467 EXPORT_SYMBOL_GPL(kvm_destroy_vcpus);
469 #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
470 static inline struct kvm *mmu_notifier_to_kvm(struct mmu_notifier *mn)
472 return container_of(mn, struct kvm, mmu_notifier);
475 static void kvm_mmu_notifier_invalidate_range(struct mmu_notifier *mn,
476 struct mm_struct *mm,
477 unsigned long start, unsigned long end)
479 struct kvm *kvm = mmu_notifier_to_kvm(mn);
482 idx = srcu_read_lock(&kvm->srcu);
483 kvm_arch_mmu_notifier_invalidate_range(kvm, start, end);
484 srcu_read_unlock(&kvm->srcu, idx);
487 typedef bool (*hva_handler_t)(struct kvm *kvm, struct kvm_gfn_range *range);
489 typedef void (*on_lock_fn_t)(struct kvm *kvm, unsigned long start,
492 struct kvm_hva_range {
496 hva_handler_t handler;
497 on_lock_fn_t on_lock;
503 * Use a dedicated stub instead of NULL to indicate that there is no callback
504 * function/handler. The compiler technically can't guarantee that a real
505 * function will have a non-zero address, and so it will generate code to
506 * check for !NULL, whereas comparing against a stub will be elided at compile
507 * time (unless the compiler is getting long in the tooth, e.g. gcc 4.9).
509 static void kvm_null_fn(void)
513 #define IS_KVM_NULL_FN(fn) ((fn) == (void *)kvm_null_fn)
515 static __always_inline int __kvm_handle_hva_range(struct kvm *kvm,
516 const struct kvm_hva_range *range)
518 bool ret = false, locked = false;
519 struct kvm_gfn_range gfn_range;
520 struct kvm_memory_slot *slot;
521 struct kvm_memslots *slots;
524 /* A null handler is allowed if and only if on_lock() is provided. */
525 if (WARN_ON_ONCE(IS_KVM_NULL_FN(range->on_lock) &&
526 IS_KVM_NULL_FN(range->handler)))
529 idx = srcu_read_lock(&kvm->srcu);
531 for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
532 slots = __kvm_memslots(kvm, i);
533 kvm_for_each_memslot(slot, slots) {
534 unsigned long hva_start, hva_end;
536 hva_start = max(range->start, slot->userspace_addr);
537 hva_end = min(range->end, slot->userspace_addr +
538 (slot->npages << PAGE_SHIFT));
539 if (hva_start >= hva_end)
543 * To optimize for the likely case where the address
544 * range is covered by zero or one memslots, don't
545 * bother making these conditional (to avoid writes on
546 * the second or later invocation of the handler).
548 gfn_range.pte = range->pte;
549 gfn_range.may_block = range->may_block;
552 * {gfn(page) | page intersects with [hva_start, hva_end)} =
553 * {gfn_start, gfn_start+1, ..., gfn_end-1}.
555 gfn_range.start = hva_to_gfn_memslot(hva_start, slot);
556 gfn_range.end = hva_to_gfn_memslot(hva_end + PAGE_SIZE - 1, slot);
557 gfn_range.slot = slot;
562 if (!IS_KVM_NULL_FN(range->on_lock))
563 range->on_lock(kvm, range->start, range->end);
564 if (IS_KVM_NULL_FN(range->handler))
567 ret |= range->handler(kvm, &gfn_range);
571 if (range->flush_on_ret && ret)
572 kvm_flush_remote_tlbs(kvm);
577 srcu_read_unlock(&kvm->srcu, idx);
579 /* The notifiers are averse to booleans. :-( */
583 static __always_inline int kvm_handle_hva_range(struct mmu_notifier *mn,
587 hva_handler_t handler)
589 struct kvm *kvm = mmu_notifier_to_kvm(mn);
590 const struct kvm_hva_range range = {
595 .on_lock = (void *)kvm_null_fn,
596 .flush_on_ret = true,
600 return __kvm_handle_hva_range(kvm, &range);
603 static __always_inline int kvm_handle_hva_range_no_flush(struct mmu_notifier *mn,
606 hva_handler_t handler)
608 struct kvm *kvm = mmu_notifier_to_kvm(mn);
609 const struct kvm_hva_range range = {
614 .on_lock = (void *)kvm_null_fn,
615 .flush_on_ret = false,
619 return __kvm_handle_hva_range(kvm, &range);
621 static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
622 struct mm_struct *mm,
623 unsigned long address,
626 struct kvm *kvm = mmu_notifier_to_kvm(mn);
628 trace_kvm_set_spte_hva(address);
631 * .change_pte() must be surrounded by .invalidate_range_{start,end}().
632 * If mmu_notifier_count is zero, then no in-progress invalidations,
633 * including this one, found a relevant memslot at start(); rechecking
634 * memslots here is unnecessary. Note, a false positive (count elevated
635 * by a different invalidation) is sub-optimal but functionally ok.
637 WARN_ON_ONCE(!READ_ONCE(kvm->mn_active_invalidate_count));
638 if (!READ_ONCE(kvm->mmu_notifier_count))
641 kvm_handle_hva_range(mn, address, address + 1, pte, kvm_set_spte_gfn);
644 void kvm_inc_notifier_count(struct kvm *kvm, unsigned long start,
648 * The count increase must become visible at unlock time as no
649 * spte can be established without taking the mmu_lock and
650 * count is also read inside the mmu_lock critical section.
652 kvm->mmu_notifier_count++;
653 if (likely(kvm->mmu_notifier_count == 1)) {
654 kvm->mmu_notifier_range_start = start;
655 kvm->mmu_notifier_range_end = end;
658 * Fully tracking multiple concurrent ranges has dimishing
659 * returns. Keep things simple and just find the minimal range
660 * which includes the current and new ranges. As there won't be
661 * enough information to subtract a range after its invalidate
662 * completes, any ranges invalidated concurrently will
663 * accumulate and persist until all outstanding invalidates
666 kvm->mmu_notifier_range_start =
667 min(kvm->mmu_notifier_range_start, start);
668 kvm->mmu_notifier_range_end =
669 max(kvm->mmu_notifier_range_end, end);
673 static int kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn,
674 const struct mmu_notifier_range *range)
676 struct kvm *kvm = mmu_notifier_to_kvm(mn);
677 const struct kvm_hva_range hva_range = {
678 .start = range->start,
681 .handler = kvm_unmap_gfn_range,
682 .on_lock = kvm_inc_notifier_count,
683 .flush_on_ret = true,
684 .may_block = mmu_notifier_range_blockable(range),
687 trace_kvm_unmap_hva_range(range->start, range->end);
690 * Prevent memslot modification between range_start() and range_end()
691 * so that conditionally locking provides the same result in both
692 * functions. Without that guarantee, the mmu_notifier_count
693 * adjustments will be imbalanced.
695 * Pairs with the decrement in range_end().
697 spin_lock(&kvm->mn_invalidate_lock);
698 kvm->mn_active_invalidate_count++;
699 spin_unlock(&kvm->mn_invalidate_lock);
701 __kvm_handle_hva_range(kvm, &hva_range);
706 void kvm_dec_notifier_count(struct kvm *kvm, unsigned long start,
710 * This sequence increase will notify the kvm page fault that
711 * the page that is going to be mapped in the spte could have
714 kvm->mmu_notifier_seq++;
717 * The above sequence increase must be visible before the
718 * below count decrease, which is ensured by the smp_wmb above
719 * in conjunction with the smp_rmb in mmu_notifier_retry().
721 kvm->mmu_notifier_count--;
724 static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn,
725 const struct mmu_notifier_range *range)
727 struct kvm *kvm = mmu_notifier_to_kvm(mn);
728 const struct kvm_hva_range hva_range = {
729 .start = range->start,
732 .handler = (void *)kvm_null_fn,
733 .on_lock = kvm_dec_notifier_count,
734 .flush_on_ret = false,
735 .may_block = mmu_notifier_range_blockable(range),
739 __kvm_handle_hva_range(kvm, &hva_range);
741 /* Pairs with the increment in range_start(). */
742 spin_lock(&kvm->mn_invalidate_lock);
743 wake = (--kvm->mn_active_invalidate_count == 0);
744 spin_unlock(&kvm->mn_invalidate_lock);
747 * There can only be one waiter, since the wait happens under
751 rcuwait_wake_up(&kvm->mn_memslots_update_rcuwait);
753 BUG_ON(kvm->mmu_notifier_count < 0);
756 static int kvm_mmu_notifier_clear_flush_young(struct mmu_notifier *mn,
757 struct mm_struct *mm,
761 trace_kvm_age_hva(start, end);
763 return kvm_handle_hva_range(mn, start, end, __pte(0), kvm_age_gfn);
766 static int kvm_mmu_notifier_clear_young(struct mmu_notifier *mn,
767 struct mm_struct *mm,
771 trace_kvm_age_hva(start, end);
774 * Even though we do not flush TLB, this will still adversely
775 * affect performance on pre-Haswell Intel EPT, where there is
776 * no EPT Access Bit to clear so that we have to tear down EPT
777 * tables instead. If we find this unacceptable, we can always
778 * add a parameter to kvm_age_hva so that it effectively doesn't
779 * do anything on clear_young.
781 * Also note that currently we never issue secondary TLB flushes
782 * from clear_young, leaving this job up to the regular system
783 * cadence. If we find this inaccurate, we might come up with a
784 * more sophisticated heuristic later.
786 return kvm_handle_hva_range_no_flush(mn, start, end, kvm_age_gfn);
789 static int kvm_mmu_notifier_test_young(struct mmu_notifier *mn,
790 struct mm_struct *mm,
791 unsigned long address)
793 trace_kvm_test_age_hva(address);
795 return kvm_handle_hva_range_no_flush(mn, address, address + 1,
799 static void kvm_mmu_notifier_release(struct mmu_notifier *mn,
800 struct mm_struct *mm)
802 struct kvm *kvm = mmu_notifier_to_kvm(mn);
805 idx = srcu_read_lock(&kvm->srcu);
806 kvm_arch_flush_shadow_all(kvm);
807 srcu_read_unlock(&kvm->srcu, idx);
810 static const struct mmu_notifier_ops kvm_mmu_notifier_ops = {
811 .invalidate_range = kvm_mmu_notifier_invalidate_range,
812 .invalidate_range_start = kvm_mmu_notifier_invalidate_range_start,
813 .invalidate_range_end = kvm_mmu_notifier_invalidate_range_end,
814 .clear_flush_young = kvm_mmu_notifier_clear_flush_young,
815 .clear_young = kvm_mmu_notifier_clear_young,
816 .test_young = kvm_mmu_notifier_test_young,
817 .change_pte = kvm_mmu_notifier_change_pte,
818 .release = kvm_mmu_notifier_release,
821 static int kvm_init_mmu_notifier(struct kvm *kvm)
823 kvm->mmu_notifier.ops = &kvm_mmu_notifier_ops;
824 return mmu_notifier_register(&kvm->mmu_notifier, current->mm);
827 #else /* !(CONFIG_MMU_NOTIFIER && KVM_ARCH_WANT_MMU_NOTIFIER) */
829 static int kvm_init_mmu_notifier(struct kvm *kvm)
834 #endif /* CONFIG_MMU_NOTIFIER && KVM_ARCH_WANT_MMU_NOTIFIER */
836 #ifdef CONFIG_HAVE_KVM_PM_NOTIFIER
837 static int kvm_pm_notifier_call(struct notifier_block *bl,
841 struct kvm *kvm = container_of(bl, struct kvm, pm_notifier);
843 return kvm_arch_pm_notifier(kvm, state);
846 static void kvm_init_pm_notifier(struct kvm *kvm)
848 kvm->pm_notifier.notifier_call = kvm_pm_notifier_call;
849 /* Suspend KVM before we suspend ftrace, RCU, etc. */
850 kvm->pm_notifier.priority = INT_MAX;
851 register_pm_notifier(&kvm->pm_notifier);
854 static void kvm_destroy_pm_notifier(struct kvm *kvm)
856 unregister_pm_notifier(&kvm->pm_notifier);
858 #else /* !CONFIG_HAVE_KVM_PM_NOTIFIER */
859 static void kvm_init_pm_notifier(struct kvm *kvm)
863 static void kvm_destroy_pm_notifier(struct kvm *kvm)
866 #endif /* CONFIG_HAVE_KVM_PM_NOTIFIER */
868 static struct kvm_memslots *kvm_alloc_memslots(void)
871 struct kvm_memslots *slots;
873 slots = kvzalloc(sizeof(struct kvm_memslots), GFP_KERNEL_ACCOUNT);
877 for (i = 0; i < KVM_MEM_SLOTS_NUM; i++)
878 slots->id_to_index[i] = -1;
883 static void kvm_destroy_dirty_bitmap(struct kvm_memory_slot *memslot)
885 if (!memslot->dirty_bitmap)
888 kvfree(memslot->dirty_bitmap);
889 memslot->dirty_bitmap = NULL;
892 static void kvm_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot)
894 kvm_destroy_dirty_bitmap(slot);
896 kvm_arch_free_memslot(kvm, slot);
902 static void kvm_free_memslots(struct kvm *kvm, struct kvm_memslots *slots)
904 struct kvm_memory_slot *memslot;
909 kvm_for_each_memslot(memslot, slots)
910 kvm_free_memslot(kvm, memslot);
915 static umode_t kvm_stats_debugfs_mode(const struct _kvm_stats_desc *pdesc)
917 switch (pdesc->desc.flags & KVM_STATS_TYPE_MASK) {
918 case KVM_STATS_TYPE_INSTANT:
920 case KVM_STATS_TYPE_CUMULATIVE:
921 case KVM_STATS_TYPE_PEAK:
928 static void kvm_destroy_vm_debugfs(struct kvm *kvm)
931 int kvm_debugfs_num_entries = kvm_vm_stats_header.num_desc +
932 kvm_vcpu_stats_header.num_desc;
934 if (!kvm->debugfs_dentry)
937 debugfs_remove_recursive(kvm->debugfs_dentry);
939 if (kvm->debugfs_stat_data) {
940 for (i = 0; i < kvm_debugfs_num_entries; i++)
941 kfree(kvm->debugfs_stat_data[i]);
942 kfree(kvm->debugfs_stat_data);
946 static int kvm_create_vm_debugfs(struct kvm *kvm, int fd)
948 static DEFINE_MUTEX(kvm_debugfs_lock);
950 char dir_name[ITOA_MAX_LEN * 2];
951 struct kvm_stat_data *stat_data;
952 const struct _kvm_stats_desc *pdesc;
954 int kvm_debugfs_num_entries = kvm_vm_stats_header.num_desc +
955 kvm_vcpu_stats_header.num_desc;
957 if (!debugfs_initialized())
960 snprintf(dir_name, sizeof(dir_name), "%d-%d", task_pid_nr(current), fd);
961 mutex_lock(&kvm_debugfs_lock);
962 dent = debugfs_lookup(dir_name, kvm_debugfs_dir);
964 pr_warn_ratelimited("KVM: debugfs: duplicate directory %s\n", dir_name);
966 mutex_unlock(&kvm_debugfs_lock);
969 dent = debugfs_create_dir(dir_name, kvm_debugfs_dir);
970 mutex_unlock(&kvm_debugfs_lock);
974 kvm->debugfs_dentry = dent;
975 kvm->debugfs_stat_data = kcalloc(kvm_debugfs_num_entries,
976 sizeof(*kvm->debugfs_stat_data),
978 if (!kvm->debugfs_stat_data)
981 for (i = 0; i < kvm_vm_stats_header.num_desc; ++i) {
982 pdesc = &kvm_vm_stats_desc[i];
983 stat_data = kzalloc(sizeof(*stat_data), GFP_KERNEL_ACCOUNT);
987 stat_data->kvm = kvm;
988 stat_data->desc = pdesc;
989 stat_data->kind = KVM_STAT_VM;
990 kvm->debugfs_stat_data[i] = stat_data;
991 debugfs_create_file(pdesc->name, kvm_stats_debugfs_mode(pdesc),
992 kvm->debugfs_dentry, stat_data,
996 for (i = 0; i < kvm_vcpu_stats_header.num_desc; ++i) {
997 pdesc = &kvm_vcpu_stats_desc[i];
998 stat_data = kzalloc(sizeof(*stat_data), GFP_KERNEL_ACCOUNT);
1002 stat_data->kvm = kvm;
1003 stat_data->desc = pdesc;
1004 stat_data->kind = KVM_STAT_VCPU;
1005 kvm->debugfs_stat_data[i + kvm_vm_stats_header.num_desc] = stat_data;
1006 debugfs_create_file(pdesc->name, kvm_stats_debugfs_mode(pdesc),
1007 kvm->debugfs_dentry, stat_data,
1011 ret = kvm_arch_create_vm_debugfs(kvm);
1013 kvm_destroy_vm_debugfs(kvm);
1021 * Called after the VM is otherwise initialized, but just before adding it to
1024 int __weak kvm_arch_post_init_vm(struct kvm *kvm)
1030 * Called just after removing the VM from the vm_list, but before doing any
1031 * other destruction.
1033 void __weak kvm_arch_pre_destroy_vm(struct kvm *kvm)
1038 * Called after per-vm debugfs created. When called kvm->debugfs_dentry should
1039 * be setup already, so we can create arch-specific debugfs entries under it.
1040 * Cleanup should be automatic done in kvm_destroy_vm_debugfs() recursively, so
1041 * a per-arch destroy interface is not needed.
1043 int __weak kvm_arch_create_vm_debugfs(struct kvm *kvm)
1048 static struct kvm *kvm_create_vm(unsigned long type)
1050 struct kvm *kvm = kvm_arch_alloc_vm();
1055 return ERR_PTR(-ENOMEM);
1057 KVM_MMU_LOCK_INIT(kvm);
1058 mmgrab(current->mm);
1059 kvm->mm = current->mm;
1060 kvm_eventfd_init(kvm);
1061 mutex_init(&kvm->lock);
1062 mutex_init(&kvm->irq_lock);
1063 mutex_init(&kvm->slots_lock);
1064 mutex_init(&kvm->slots_arch_lock);
1065 spin_lock_init(&kvm->mn_invalidate_lock);
1066 rcuwait_init(&kvm->mn_memslots_update_rcuwait);
1067 xa_init(&kvm->vcpu_array);
1069 INIT_LIST_HEAD(&kvm->devices);
1071 BUILD_BUG_ON(KVM_MEM_SLOTS_NUM > SHRT_MAX);
1073 if (init_srcu_struct(&kvm->srcu))
1074 goto out_err_no_srcu;
1075 if (init_srcu_struct(&kvm->irq_srcu))
1076 goto out_err_no_irq_srcu;
1078 refcount_set(&kvm->users_count, 1);
1079 for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
1080 struct kvm_memslots *slots = kvm_alloc_memslots();
1083 goto out_err_no_arch_destroy_vm;
1084 /* Generations must be different for each address space. */
1085 slots->generation = i;
1086 rcu_assign_pointer(kvm->memslots[i], slots);
1089 for (i = 0; i < KVM_NR_BUSES; i++) {
1090 rcu_assign_pointer(kvm->buses[i],
1091 kzalloc(sizeof(struct kvm_io_bus), GFP_KERNEL_ACCOUNT));
1093 goto out_err_no_arch_destroy_vm;
1096 kvm->max_halt_poll_ns = halt_poll_ns;
1098 r = kvm_arch_init_vm(kvm, type);
1100 goto out_err_no_arch_destroy_vm;
1102 r = hardware_enable_all();
1104 goto out_err_no_disable;
1106 #ifdef CONFIG_HAVE_KVM_IRQFD
1107 INIT_HLIST_HEAD(&kvm->irq_ack_notifier_list);
1110 r = kvm_init_mmu_notifier(kvm);
1112 goto out_err_no_mmu_notifier;
1114 r = kvm_arch_post_init_vm(kvm);
1118 mutex_lock(&kvm_lock);
1119 list_add(&kvm->vm_list, &vm_list);
1120 mutex_unlock(&kvm_lock);
1122 preempt_notifier_inc();
1123 kvm_init_pm_notifier(kvm);
1128 #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
1129 if (kvm->mmu_notifier.ops)
1130 mmu_notifier_unregister(&kvm->mmu_notifier, current->mm);
1132 out_err_no_mmu_notifier:
1133 hardware_disable_all();
1135 kvm_arch_destroy_vm(kvm);
1136 out_err_no_arch_destroy_vm:
1137 WARN_ON_ONCE(!refcount_dec_and_test(&kvm->users_count));
1138 for (i = 0; i < KVM_NR_BUSES; i++)
1139 kfree(kvm_get_bus(kvm, i));
1140 for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
1141 kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
1142 cleanup_srcu_struct(&kvm->irq_srcu);
1143 out_err_no_irq_srcu:
1144 cleanup_srcu_struct(&kvm->srcu);
1146 kvm_arch_free_vm(kvm);
1147 mmdrop(current->mm);
1151 static void kvm_destroy_devices(struct kvm *kvm)
1153 struct kvm_device *dev, *tmp;
1156 * We do not need to take the kvm->lock here, because nobody else
1157 * has a reference to the struct kvm at this point and therefore
1158 * cannot access the devices list anyhow.
1160 list_for_each_entry_safe(dev, tmp, &kvm->devices, vm_node) {
1161 list_del(&dev->vm_node);
1162 dev->ops->destroy(dev);
1166 static void kvm_destroy_vm(struct kvm *kvm)
1169 struct mm_struct *mm = kvm->mm;
1171 kvm_destroy_pm_notifier(kvm);
1172 kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm);
1173 kvm_destroy_vm_debugfs(kvm);
1174 kvm_arch_sync_events(kvm);
1175 mutex_lock(&kvm_lock);
1176 list_del(&kvm->vm_list);
1177 mutex_unlock(&kvm_lock);
1178 kvm_arch_pre_destroy_vm(kvm);
1180 kvm_free_irq_routing(kvm);
1181 for (i = 0; i < KVM_NR_BUSES; i++) {
1182 struct kvm_io_bus *bus = kvm_get_bus(kvm, i);
1185 kvm_io_bus_destroy(bus);
1186 kvm->buses[i] = NULL;
1188 kvm_coalesced_mmio_free(kvm);
1189 #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
1190 mmu_notifier_unregister(&kvm->mmu_notifier, kvm->mm);
1192 * At this point, pending calls to invalidate_range_start()
1193 * have completed but no more MMU notifiers will run, so
1194 * mn_active_invalidate_count may remain unbalanced.
1195 * No threads can be waiting in install_new_memslots as the
1196 * last reference on KVM has been dropped, but freeing
1197 * memslots would deadlock without this manual intervention.
1199 WARN_ON(rcuwait_active(&kvm->mn_memslots_update_rcuwait));
1200 kvm->mn_active_invalidate_count = 0;
1202 kvm_arch_flush_shadow_all(kvm);
1204 kvm_arch_destroy_vm(kvm);
1205 kvm_destroy_devices(kvm);
1206 for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
1207 kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
1208 cleanup_srcu_struct(&kvm->irq_srcu);
1209 cleanup_srcu_struct(&kvm->srcu);
1210 kvm_arch_free_vm(kvm);
1211 preempt_notifier_dec();
1212 hardware_disable_all();
1216 void kvm_get_kvm(struct kvm *kvm)
1218 refcount_inc(&kvm->users_count);
1220 EXPORT_SYMBOL_GPL(kvm_get_kvm);
1223 * Make sure the vm is not during destruction, which is a safe version of
1224 * kvm_get_kvm(). Return true if kvm referenced successfully, false otherwise.
1226 bool kvm_get_kvm_safe(struct kvm *kvm)
1228 return refcount_inc_not_zero(&kvm->users_count);
1230 EXPORT_SYMBOL_GPL(kvm_get_kvm_safe);
1232 void kvm_put_kvm(struct kvm *kvm)
1234 if (refcount_dec_and_test(&kvm->users_count))
1235 kvm_destroy_vm(kvm);
1237 EXPORT_SYMBOL_GPL(kvm_put_kvm);
1240 * Used to put a reference that was taken on behalf of an object associated
1241 * with a user-visible file descriptor, e.g. a vcpu or device, if installation
1242 * of the new file descriptor fails and the reference cannot be transferred to
1243 * its final owner. In such cases, the caller is still actively using @kvm and
1244 * will fail miserably if the refcount unexpectedly hits zero.
1246 void kvm_put_kvm_no_destroy(struct kvm *kvm)
1248 WARN_ON(refcount_dec_and_test(&kvm->users_count));
1250 EXPORT_SYMBOL_GPL(kvm_put_kvm_no_destroy);
1252 static int kvm_vm_release(struct inode *inode, struct file *filp)
1254 struct kvm *kvm = filp->private_data;
1256 kvm_irqfd_release(kvm);
1263 * Allocation size is twice as large as the actual dirty bitmap size.
1264 * See kvm_vm_ioctl_get_dirty_log() why this is needed.
1266 static int kvm_alloc_dirty_bitmap(struct kvm_memory_slot *memslot)
1268 unsigned long dirty_bytes = 2 * kvm_dirty_bitmap_bytes(memslot);
1270 memslot->dirty_bitmap = kvzalloc(dirty_bytes, GFP_KERNEL_ACCOUNT);
1271 if (!memslot->dirty_bitmap)
1278 * Delete a memslot by decrementing the number of used slots and shifting all
1279 * other entries in the array forward one spot.
1281 static inline void kvm_memslot_delete(struct kvm_memslots *slots,
1282 struct kvm_memory_slot *memslot)
1284 struct kvm_memory_slot *mslots = slots->memslots;
1287 if (WARN_ON(slots->id_to_index[memslot->id] == -1))
1290 slots->used_slots--;
1292 if (atomic_read(&slots->last_used_slot) >= slots->used_slots)
1293 atomic_set(&slots->last_used_slot, 0);
1295 for (i = slots->id_to_index[memslot->id]; i < slots->used_slots; i++) {
1296 mslots[i] = mslots[i + 1];
1297 slots->id_to_index[mslots[i].id] = i;
1299 mslots[i] = *memslot;
1300 slots->id_to_index[memslot->id] = -1;
1304 * "Insert" a new memslot by incrementing the number of used slots. Returns
1305 * the new slot's initial index into the memslots array.
1307 static inline int kvm_memslot_insert_back(struct kvm_memslots *slots)
1309 return slots->used_slots++;
1313 * Move a changed memslot backwards in the array by shifting existing slots
1314 * with a higher GFN toward the front of the array. Note, the changed memslot
1315 * itself is not preserved in the array, i.e. not swapped at this time, only
1316 * its new index into the array is tracked. Returns the changed memslot's
1317 * current index into the memslots array.
1319 static inline int kvm_memslot_move_backward(struct kvm_memslots *slots,
1320 struct kvm_memory_slot *memslot)
1322 struct kvm_memory_slot *mslots = slots->memslots;
1325 if (WARN_ON_ONCE(slots->id_to_index[memslot->id] == -1) ||
1326 WARN_ON_ONCE(!slots->used_slots))
1330 * Move the target memslot backward in the array by shifting existing
1331 * memslots with a higher GFN (than the target memslot) towards the
1332 * front of the array.
1334 for (i = slots->id_to_index[memslot->id]; i < slots->used_slots - 1; i++) {
1335 if (memslot->base_gfn > mslots[i + 1].base_gfn)
1338 WARN_ON_ONCE(memslot->base_gfn == mslots[i + 1].base_gfn);
1340 /* Shift the next memslot forward one and update its index. */
1341 mslots[i] = mslots[i + 1];
1342 slots->id_to_index[mslots[i].id] = i;
1348 * Move a changed memslot forwards in the array by shifting existing slots with
1349 * a lower GFN toward the back of the array. Note, the changed memslot itself
1350 * is not preserved in the array, i.e. not swapped at this time, only its new
1351 * index into the array is tracked. Returns the changed memslot's final index
1352 * into the memslots array.
1354 static inline int kvm_memslot_move_forward(struct kvm_memslots *slots,
1355 struct kvm_memory_slot *memslot,
1358 struct kvm_memory_slot *mslots = slots->memslots;
1361 for (i = start; i > 0; i--) {
1362 if (memslot->base_gfn < mslots[i - 1].base_gfn)
1365 WARN_ON_ONCE(memslot->base_gfn == mslots[i - 1].base_gfn);
1367 /* Shift the next memslot back one and update its index. */
1368 mslots[i] = mslots[i - 1];
1369 slots->id_to_index[mslots[i].id] = i;
1375 * Re-sort memslots based on their GFN to account for an added, deleted, or
1376 * moved memslot. Sorting memslots by GFN allows using a binary search during
1379 * IMPORTANT: Slots are sorted from highest GFN to lowest GFN! I.e. the entry
1380 * at memslots[0] has the highest GFN.
1382 * The sorting algorithm takes advantage of having initially sorted memslots
1383 * and knowing the position of the changed memslot. Sorting is also optimized
1384 * by not swapping the updated memslot and instead only shifting other memslots
1385 * and tracking the new index for the update memslot. Only once its final
1386 * index is known is the updated memslot copied into its position in the array.
1388 * - When deleting a memslot, the deleted memslot simply needs to be moved to
1389 * the end of the array.
1391 * - When creating a memslot, the algorithm "inserts" the new memslot at the
1392 * end of the array and then it forward to its correct location.
1394 * - When moving a memslot, the algorithm first moves the updated memslot
1395 * backward to handle the scenario where the memslot's GFN was changed to a
1396 * lower value. update_memslots() then falls through and runs the same flow
1397 * as creating a memslot to move the memslot forward to handle the scenario
1398 * where its GFN was changed to a higher value.
1400 * Note, slots are sorted from highest->lowest instead of lowest->highest for
1401 * historical reasons. Originally, invalid memslots where denoted by having
1402 * GFN=0, thus sorting from highest->lowest naturally sorted invalid memslots
1403 * to the end of the array. The current algorithm uses dedicated logic to
1404 * delete a memslot and thus does not rely on invalid memslots having GFN=0.
1406 * The other historical motiviation for highest->lowest was to improve the
1407 * performance of memslot lookup. KVM originally used a linear search starting
1408 * at memslots[0]. On x86, the largest memslot usually has one of the highest,
1409 * if not *the* highest, GFN, as the bulk of the guest's RAM is located in a
1410 * single memslot above the 4gb boundary. As the largest memslot is also the
1411 * most likely to be referenced, sorting it to the front of the array was
1412 * advantageous. The current binary search starts from the middle of the array
1413 * and uses an LRU pointer to improve performance for all memslots and GFNs.
1415 static void update_memslots(struct kvm_memslots *slots,
1416 struct kvm_memory_slot *memslot,
1417 enum kvm_mr_change change)
1421 if (change == KVM_MR_DELETE) {
1422 kvm_memslot_delete(slots, memslot);
1424 if (change == KVM_MR_CREATE)
1425 i = kvm_memslot_insert_back(slots);
1427 i = kvm_memslot_move_backward(slots, memslot);
1428 i = kvm_memslot_move_forward(slots, memslot, i);
1431 * Copy the memslot to its new position in memslots and update
1432 * its index accordingly.
1434 slots->memslots[i] = *memslot;
1435 slots->id_to_index[memslot->id] = i;
1439 static int check_memory_region_flags(const struct kvm_userspace_memory_region *mem)
1441 u32 valid_flags = KVM_MEM_LOG_DIRTY_PAGES;
1443 #ifdef __KVM_HAVE_READONLY_MEM
1444 valid_flags |= KVM_MEM_READONLY;
1447 if (mem->flags & ~valid_flags)
1453 static struct kvm_memslots *install_new_memslots(struct kvm *kvm,
1454 int as_id, struct kvm_memslots *slots)
1456 struct kvm_memslots *old_memslots = __kvm_memslots(kvm, as_id);
1457 u64 gen = old_memslots->generation;
1459 WARN_ON(gen & KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS);
1460 slots->generation = gen | KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS;
1463 * Do not store the new memslots while there are invalidations in
1464 * progress, otherwise the locking in invalidate_range_start and
1465 * invalidate_range_end will be unbalanced.
1467 spin_lock(&kvm->mn_invalidate_lock);
1468 prepare_to_rcuwait(&kvm->mn_memslots_update_rcuwait);
1469 while (kvm->mn_active_invalidate_count) {
1470 set_current_state(TASK_UNINTERRUPTIBLE);
1471 spin_unlock(&kvm->mn_invalidate_lock);
1473 spin_lock(&kvm->mn_invalidate_lock);
1475 finish_rcuwait(&kvm->mn_memslots_update_rcuwait);
1476 rcu_assign_pointer(kvm->memslots[as_id], slots);
1477 spin_unlock(&kvm->mn_invalidate_lock);
1480 * Acquired in kvm_set_memslot. Must be released before synchronize
1481 * SRCU below in order to avoid deadlock with another thread
1482 * acquiring the slots_arch_lock in an srcu critical section.
1484 mutex_unlock(&kvm->slots_arch_lock);
1486 synchronize_srcu_expedited(&kvm->srcu);
1489 * Increment the new memslot generation a second time, dropping the
1490 * update in-progress flag and incrementing the generation based on
1491 * the number of address spaces. This provides a unique and easily
1492 * identifiable generation number while the memslots are in flux.
1494 gen = slots->generation & ~KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS;
1497 * Generations must be unique even across address spaces. We do not need
1498 * a global counter for that, instead the generation space is evenly split
1499 * across address spaces. For example, with two address spaces, address
1500 * space 0 will use generations 0, 2, 4, ... while address space 1 will
1501 * use generations 1, 3, 5, ...
1503 gen += KVM_ADDRESS_SPACE_NUM;
1505 kvm_arch_memslots_updated(kvm, gen);
1507 slots->generation = gen;
1509 return old_memslots;
1512 static size_t kvm_memslots_size(int slots)
1514 return sizeof(struct kvm_memslots) +
1515 (sizeof(struct kvm_memory_slot) * slots);
1519 * Note, at a minimum, the current number of used slots must be allocated, even
1520 * when deleting a memslot, as we need a complete duplicate of the memslots for
1521 * use when invalidating a memslot prior to deleting/moving the memslot.
1523 static struct kvm_memslots *kvm_dup_memslots(struct kvm_memslots *old,
1524 enum kvm_mr_change change)
1526 struct kvm_memslots *slots;
1529 if (change == KVM_MR_CREATE)
1530 new_size = kvm_memslots_size(old->used_slots + 1);
1532 new_size = kvm_memslots_size(old->used_slots);
1534 slots = kvzalloc(new_size, GFP_KERNEL_ACCOUNT);
1536 memcpy(slots, old, kvm_memslots_size(old->used_slots));
1541 static void kvm_copy_memslots_arch(struct kvm_memslots *to,
1542 struct kvm_memslots *from)
1546 WARN_ON_ONCE(to->used_slots != from->used_slots);
1548 for (i = 0; i < from->used_slots; i++)
1549 to->memslots[i].arch = from->memslots[i].arch;
1552 static int kvm_prepare_memory_region(struct kvm *kvm,
1553 const struct kvm_memory_slot *old,
1554 struct kvm_memory_slot *new,
1555 enum kvm_mr_change change)
1560 * If dirty logging is disabled, nullify the bitmap; the old bitmap
1561 * will be freed on "commit". If logging is enabled in both old and
1562 * new, reuse the existing bitmap. If logging is enabled only in the
1563 * new and KVM isn't using a ring buffer, allocate and initialize a
1566 if (!(new->flags & KVM_MEM_LOG_DIRTY_PAGES))
1567 new->dirty_bitmap = NULL;
1568 else if (old->dirty_bitmap)
1569 new->dirty_bitmap = old->dirty_bitmap;
1570 else if (!kvm->dirty_ring_size) {
1571 r = kvm_alloc_dirty_bitmap(new);
1575 if (kvm_dirty_log_manual_protect_and_init_set(kvm))
1576 bitmap_set(new->dirty_bitmap, 0, new->npages);
1579 r = kvm_arch_prepare_memory_region(kvm, old, new, change);
1581 /* Free the bitmap on failure if it was allocated above. */
1582 if (r && new->dirty_bitmap && !old->dirty_bitmap)
1583 kvm_destroy_dirty_bitmap(new);
1588 static void kvm_commit_memory_region(struct kvm *kvm,
1589 struct kvm_memory_slot *old,
1590 const struct kvm_memory_slot *new,
1591 enum kvm_mr_change change)
1594 * Update the total number of memslot pages before calling the arch
1595 * hook so that architectures can consume the result directly.
1597 if (change == KVM_MR_DELETE)
1598 kvm->nr_memslot_pages -= old->npages;
1599 else if (change == KVM_MR_CREATE)
1600 kvm->nr_memslot_pages += new->npages;
1602 kvm_arch_commit_memory_region(kvm, old, new, change);
1605 * Free the old memslot's metadata. On DELETE, free the whole thing,
1606 * otherwise free the dirty bitmap as needed (the below effectively
1607 * checks both the flags and whether a ring buffer is being used).
1609 if (change == KVM_MR_DELETE)
1610 kvm_free_memslot(kvm, old);
1611 else if (old->dirty_bitmap && !new->dirty_bitmap)
1612 kvm_destroy_dirty_bitmap(old);
1615 static int kvm_set_memslot(struct kvm *kvm,
1616 struct kvm_memory_slot *new,
1617 enum kvm_mr_change change)
1619 struct kvm_memory_slot *slot, old;
1620 struct kvm_memslots *slots;
1624 * Released in install_new_memslots.
1626 * Must be held from before the current memslots are copied until
1627 * after the new memslots are installed with rcu_assign_pointer,
1628 * then released before the synchronize srcu in install_new_memslots.
1630 * When modifying memslots outside of the slots_lock, must be held
1631 * before reading the pointer to the current memslots until after all
1632 * changes to those memslots are complete.
1634 * These rules ensure that installing new memslots does not lose
1635 * changes made to the previous memslots.
1637 mutex_lock(&kvm->slots_arch_lock);
1639 slots = kvm_dup_memslots(__kvm_memslots(kvm, new->as_id), change);
1641 mutex_unlock(&kvm->slots_arch_lock);
1645 if (change == KVM_MR_DELETE || change == KVM_MR_MOVE) {
1647 * Note, the INVALID flag needs to be in the appropriate entry
1648 * in the freshly allocated memslots, not in @old or @new.
1650 slot = id_to_memslot(slots, new->id);
1651 slot->flags |= KVM_MEMSLOT_INVALID;
1654 * We can re-use the old memslots, the only difference from the
1655 * newly installed memslots is the invalid flag, which will get
1656 * dropped by update_memslots anyway. We'll also revert to the
1657 * old memslots if preparing the new memory region fails.
1659 slots = install_new_memslots(kvm, new->as_id, slots);
1661 /* From this point no new shadow pages pointing to a deleted,
1662 * or moved, memslot will be created.
1664 * validation of sp->gfn happens in:
1665 * - gfn_to_hva (kvm_read_guest, gfn_to_pfn)
1666 * - kvm_is_visible_gfn (mmu_check_root)
1668 kvm_arch_flush_shadow_memslot(kvm, slot);
1670 /* Released in install_new_memslots. */
1671 mutex_lock(&kvm->slots_arch_lock);
1674 * The arch-specific fields of the now-active memslots could
1675 * have been modified between releasing slots_arch_lock in
1676 * install_new_memslots and re-acquiring slots_arch_lock above.
1677 * Copy them to the inactive memslots. Arch code is required
1678 * to retrieve memslots *after* acquiring slots_arch_lock, thus
1679 * the active memslots are guaranteed to be fresh.
1681 kvm_copy_memslots_arch(slots, __kvm_memslots(kvm, new->as_id));
1685 * Make a full copy of the old memslot, the pointer will become stale
1686 * when the memslots are re-sorted by update_memslots(), and the old
1687 * memslot needs to be referenced after calling update_memslots(), e.g.
1688 * to free its resources and for arch specific behavior. This needs to
1689 * happen *after* (re)acquiring slots_arch_lock.
1691 slot = id_to_memslot(slots, new->id);
1695 WARN_ON_ONCE(change != KVM_MR_CREATE);
1696 memset(&old, 0, sizeof(old));
1698 old.as_id = new->as_id;
1701 r = kvm_prepare_memory_region(kvm, &old, new, change);
1705 update_memslots(slots, new, change);
1706 slots = install_new_memslots(kvm, new->as_id, slots);
1708 kvm_commit_memory_region(kvm, &old, new, change);
1714 if (change == KVM_MR_DELETE || change == KVM_MR_MOVE)
1715 slots = install_new_memslots(kvm, new->as_id, slots);
1717 mutex_unlock(&kvm->slots_arch_lock);
1723 * Allocate some memory and give it an address in the guest physical address
1726 * Discontiguous memory is allowed, mostly for framebuffers.
1728 * Must be called holding kvm->slots_lock for write.
1730 int __kvm_set_memory_region(struct kvm *kvm,
1731 const struct kvm_userspace_memory_region *mem)
1733 struct kvm_memory_slot old, new;
1734 struct kvm_memory_slot *tmp;
1735 enum kvm_mr_change change;
1739 r = check_memory_region_flags(mem);
1743 as_id = mem->slot >> 16;
1744 id = (u16)mem->slot;
1746 /* General sanity checks */
1747 if ((mem->memory_size & (PAGE_SIZE - 1)) ||
1748 (mem->memory_size != (unsigned long)mem->memory_size))
1750 if (mem->guest_phys_addr & (PAGE_SIZE - 1))
1752 /* We can read the guest memory with __xxx_user() later on. */
1753 if ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
1754 (mem->userspace_addr != untagged_addr(mem->userspace_addr)) ||
1755 !access_ok((void __user *)(unsigned long)mem->userspace_addr,
1758 if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_MEM_SLOTS_NUM)
1760 if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr)
1764 * Make a full copy of the old memslot, the pointer will become stale
1765 * when the memslots are re-sorted by update_memslots(), and the old
1766 * memslot needs to be referenced after calling update_memslots(), e.g.
1767 * to free its resources and for arch specific behavior.
1769 tmp = id_to_memslot(__kvm_memslots(kvm, as_id), id);
1774 memset(&old, 0, sizeof(old));
1778 if (!mem->memory_size) {
1782 if (WARN_ON_ONCE(kvm->nr_memslot_pages < old.npages))
1785 memset(&new, 0, sizeof(new));
1789 return kvm_set_memslot(kvm, &new, KVM_MR_DELETE);
1794 new.base_gfn = mem->guest_phys_addr >> PAGE_SHIFT;
1795 new.npages = mem->memory_size >> PAGE_SHIFT;
1796 new.flags = mem->flags;
1797 new.userspace_addr = mem->userspace_addr;
1799 if (new.npages > KVM_MEM_MAX_NR_PAGES)
1803 change = KVM_MR_CREATE;
1806 * To simplify KVM internals, the total number of pages across
1807 * all memslots must fit in an unsigned long.
1809 if ((kvm->nr_memslot_pages + new.npages) < kvm->nr_memslot_pages)
1811 } else { /* Modify an existing slot. */
1812 if ((new.userspace_addr != old.userspace_addr) ||
1813 (new.npages != old.npages) ||
1814 ((new.flags ^ old.flags) & KVM_MEM_READONLY))
1817 if (new.base_gfn != old.base_gfn)
1818 change = KVM_MR_MOVE;
1819 else if (new.flags != old.flags)
1820 change = KVM_MR_FLAGS_ONLY;
1821 else /* Nothing to change. */
1825 if ((change == KVM_MR_CREATE) || (change == KVM_MR_MOVE)) {
1826 /* Check for overlaps */
1827 kvm_for_each_memslot(tmp, __kvm_memslots(kvm, as_id)) {
1830 if (!((new.base_gfn + new.npages <= tmp->base_gfn) ||
1831 (new.base_gfn >= tmp->base_gfn + tmp->npages)))
1836 return kvm_set_memslot(kvm, &new, change);
1838 EXPORT_SYMBOL_GPL(__kvm_set_memory_region);
1840 int kvm_set_memory_region(struct kvm *kvm,
1841 const struct kvm_userspace_memory_region *mem)
1845 mutex_lock(&kvm->slots_lock);
1846 r = __kvm_set_memory_region(kvm, mem);
1847 mutex_unlock(&kvm->slots_lock);
1850 EXPORT_SYMBOL_GPL(kvm_set_memory_region);
1852 static int kvm_vm_ioctl_set_memory_region(struct kvm *kvm,
1853 struct kvm_userspace_memory_region *mem)
1855 if ((u16)mem->slot >= KVM_USER_MEM_SLOTS)
1858 return kvm_set_memory_region(kvm, mem);
1861 #ifndef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
1863 * kvm_get_dirty_log - get a snapshot of dirty pages
1864 * @kvm: pointer to kvm instance
1865 * @log: slot id and address to which we copy the log
1866 * @is_dirty: set to '1' if any dirty pages were found
1867 * @memslot: set to the associated memslot, always valid on success
1869 int kvm_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log,
1870 int *is_dirty, struct kvm_memory_slot **memslot)
1872 struct kvm_memslots *slots;
1875 unsigned long any = 0;
1877 /* Dirty ring tracking is exclusive to dirty log tracking */
1878 if (kvm->dirty_ring_size)
1884 as_id = log->slot >> 16;
1885 id = (u16)log->slot;
1886 if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_USER_MEM_SLOTS)
1889 slots = __kvm_memslots(kvm, as_id);
1890 *memslot = id_to_memslot(slots, id);
1891 if (!(*memslot) || !(*memslot)->dirty_bitmap)
1894 kvm_arch_sync_dirty_log(kvm, *memslot);
1896 n = kvm_dirty_bitmap_bytes(*memslot);
1898 for (i = 0; !any && i < n/sizeof(long); ++i)
1899 any = (*memslot)->dirty_bitmap[i];
1901 if (copy_to_user(log->dirty_bitmap, (*memslot)->dirty_bitmap, n))
1908 EXPORT_SYMBOL_GPL(kvm_get_dirty_log);
1910 #else /* CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT */
1912 * kvm_get_dirty_log_protect - get a snapshot of dirty pages
1913 * and reenable dirty page tracking for the corresponding pages.
1914 * @kvm: pointer to kvm instance
1915 * @log: slot id and address to which we copy the log
1917 * We need to keep it in mind that VCPU threads can write to the bitmap
1918 * concurrently. So, to avoid losing track of dirty pages we keep the
1921 * 1. Take a snapshot of the bit and clear it if needed.
1922 * 2. Write protect the corresponding page.
1923 * 3. Copy the snapshot to the userspace.
1924 * 4. Upon return caller flushes TLB's if needed.
1926 * Between 2 and 4, the guest may write to the page using the remaining TLB
1927 * entry. This is not a problem because the page is reported dirty using
1928 * the snapshot taken before and step 4 ensures that writes done after
1929 * exiting to userspace will be logged for the next call.
1932 static int kvm_get_dirty_log_protect(struct kvm *kvm, struct kvm_dirty_log *log)
1934 struct kvm_memslots *slots;
1935 struct kvm_memory_slot *memslot;
1938 unsigned long *dirty_bitmap;
1939 unsigned long *dirty_bitmap_buffer;
1942 /* Dirty ring tracking is exclusive to dirty log tracking */
1943 if (kvm->dirty_ring_size)
1946 as_id = log->slot >> 16;
1947 id = (u16)log->slot;
1948 if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_USER_MEM_SLOTS)
1951 slots = __kvm_memslots(kvm, as_id);
1952 memslot = id_to_memslot(slots, id);
1953 if (!memslot || !memslot->dirty_bitmap)
1956 dirty_bitmap = memslot->dirty_bitmap;
1958 kvm_arch_sync_dirty_log(kvm, memslot);
1960 n = kvm_dirty_bitmap_bytes(memslot);
1962 if (kvm->manual_dirty_log_protect) {
1964 * Unlike kvm_get_dirty_log, we always return false in *flush,
1965 * because no flush is needed until KVM_CLEAR_DIRTY_LOG. There
1966 * is some code duplication between this function and
1967 * kvm_get_dirty_log, but hopefully all architecture
1968 * transition to kvm_get_dirty_log_protect and kvm_get_dirty_log
1969 * can be eliminated.
1971 dirty_bitmap_buffer = dirty_bitmap;
1973 dirty_bitmap_buffer = kvm_second_dirty_bitmap(memslot);
1974 memset(dirty_bitmap_buffer, 0, n);
1977 for (i = 0; i < n / sizeof(long); i++) {
1981 if (!dirty_bitmap[i])
1985 mask = xchg(&dirty_bitmap[i], 0);
1986 dirty_bitmap_buffer[i] = mask;
1988 offset = i * BITS_PER_LONG;
1989 kvm_arch_mmu_enable_log_dirty_pt_masked(kvm, memslot,
1992 KVM_MMU_UNLOCK(kvm);
1996 kvm_arch_flush_remote_tlbs_memslot(kvm, memslot);
1998 if (copy_to_user(log->dirty_bitmap, dirty_bitmap_buffer, n))
2005 * kvm_vm_ioctl_get_dirty_log - get and clear the log of dirty pages in a slot
2006 * @kvm: kvm instance
2007 * @log: slot id and address to which we copy the log
2009 * Steps 1-4 below provide general overview of dirty page logging. See
2010 * kvm_get_dirty_log_protect() function description for additional details.
2012 * We call kvm_get_dirty_log_protect() to handle steps 1-3, upon return we
2013 * always flush the TLB (step 4) even if previous step failed and the dirty
2014 * bitmap may be corrupt. Regardless of previous outcome the KVM logging API
2015 * does not preclude user space subsequent dirty log read. Flushing TLB ensures
2016 * writes will be marked dirty for next log read.
2018 * 1. Take a snapshot of the bit and clear it if needed.
2019 * 2. Write protect the corresponding page.
2020 * 3. Copy the snapshot to the userspace.
2021 * 4. Flush TLB's if needed.
2023 static int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
2024 struct kvm_dirty_log *log)
2028 mutex_lock(&kvm->slots_lock);
2030 r = kvm_get_dirty_log_protect(kvm, log);
2032 mutex_unlock(&kvm->slots_lock);
2037 * kvm_clear_dirty_log_protect - clear dirty bits in the bitmap
2038 * and reenable dirty page tracking for the corresponding pages.
2039 * @kvm: pointer to kvm instance
2040 * @log: slot id and address from which to fetch the bitmap of dirty pages
2042 static int kvm_clear_dirty_log_protect(struct kvm *kvm,
2043 struct kvm_clear_dirty_log *log)
2045 struct kvm_memslots *slots;
2046 struct kvm_memory_slot *memslot;
2050 unsigned long *dirty_bitmap;
2051 unsigned long *dirty_bitmap_buffer;
2054 /* Dirty ring tracking is exclusive to dirty log tracking */
2055 if (kvm->dirty_ring_size)
2058 as_id = log->slot >> 16;
2059 id = (u16)log->slot;
2060 if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_USER_MEM_SLOTS)
2063 if (log->first_page & 63)
2066 slots = __kvm_memslots(kvm, as_id);
2067 memslot = id_to_memslot(slots, id);
2068 if (!memslot || !memslot->dirty_bitmap)
2071 dirty_bitmap = memslot->dirty_bitmap;
2073 n = ALIGN(log->num_pages, BITS_PER_LONG) / 8;
2075 if (log->first_page > memslot->npages ||
2076 log->num_pages > memslot->npages - log->first_page ||
2077 (log->num_pages < memslot->npages - log->first_page && (log->num_pages & 63)))
2080 kvm_arch_sync_dirty_log(kvm, memslot);
2083 dirty_bitmap_buffer = kvm_second_dirty_bitmap(memslot);
2084 if (copy_from_user(dirty_bitmap_buffer, log->dirty_bitmap, n))
2088 for (offset = log->first_page, i = offset / BITS_PER_LONG,
2089 n = DIV_ROUND_UP(log->num_pages, BITS_PER_LONG); n--;
2090 i++, offset += BITS_PER_LONG) {
2091 unsigned long mask = *dirty_bitmap_buffer++;
2092 atomic_long_t *p = (atomic_long_t *) &dirty_bitmap[i];
2096 mask &= atomic_long_fetch_andnot(mask, p);
2099 * mask contains the bits that really have been cleared. This
2100 * never includes any bits beyond the length of the memslot (if
2101 * the length is not aligned to 64 pages), therefore it is not
2102 * a problem if userspace sets them in log->dirty_bitmap.
2106 kvm_arch_mmu_enable_log_dirty_pt_masked(kvm, memslot,
2110 KVM_MMU_UNLOCK(kvm);
2113 kvm_arch_flush_remote_tlbs_memslot(kvm, memslot);
2118 static int kvm_vm_ioctl_clear_dirty_log(struct kvm *kvm,
2119 struct kvm_clear_dirty_log *log)
2123 mutex_lock(&kvm->slots_lock);
2125 r = kvm_clear_dirty_log_protect(kvm, log);
2127 mutex_unlock(&kvm->slots_lock);
2130 #endif /* CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT */
2132 struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn)
2134 return __gfn_to_memslot(kvm_memslots(kvm), gfn);
2136 EXPORT_SYMBOL_GPL(gfn_to_memslot);
2138 struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn)
2140 struct kvm_memslots *slots = kvm_vcpu_memslots(vcpu);
2141 struct kvm_memory_slot *slot;
2144 slot = try_get_memslot(slots, vcpu->last_used_slot, gfn);
2149 * Fall back to searching all memslots. We purposely use
2150 * search_memslots() instead of __gfn_to_memslot() to avoid
2151 * thrashing the VM-wide last_used_index in kvm_memslots.
2153 slot = search_memslots(slots, gfn, &slot_index);
2155 vcpu->last_used_slot = slot_index;
2161 EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_memslot);
2163 bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
2165 struct kvm_memory_slot *memslot = gfn_to_memslot(kvm, gfn);
2167 return kvm_is_visible_memslot(memslot);
2169 EXPORT_SYMBOL_GPL(kvm_is_visible_gfn);
2171 bool kvm_vcpu_is_visible_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
2173 struct kvm_memory_slot *memslot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
2175 return kvm_is_visible_memslot(memslot);
2177 EXPORT_SYMBOL_GPL(kvm_vcpu_is_visible_gfn);
2179 unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn)
2181 struct vm_area_struct *vma;
2182 unsigned long addr, size;
2186 addr = kvm_vcpu_gfn_to_hva_prot(vcpu, gfn, NULL);
2187 if (kvm_is_error_hva(addr))
2190 mmap_read_lock(current->mm);
2191 vma = find_vma(current->mm, addr);
2195 size = vma_kernel_pagesize(vma);
2198 mmap_read_unlock(current->mm);
2203 static bool memslot_is_readonly(struct kvm_memory_slot *slot)
2205 return slot->flags & KVM_MEM_READONLY;
2208 static unsigned long __gfn_to_hva_many(struct kvm_memory_slot *slot, gfn_t gfn,
2209 gfn_t *nr_pages, bool write)
2211 if (!slot || slot->flags & KVM_MEMSLOT_INVALID)
2212 return KVM_HVA_ERR_BAD;
2214 if (memslot_is_readonly(slot) && write)
2215 return KVM_HVA_ERR_RO_BAD;
2218 *nr_pages = slot->npages - (gfn - slot->base_gfn);
2220 return __gfn_to_hva_memslot(slot, gfn);
2223 static unsigned long gfn_to_hva_many(struct kvm_memory_slot *slot, gfn_t gfn,
2226 return __gfn_to_hva_many(slot, gfn, nr_pages, true);
2229 unsigned long gfn_to_hva_memslot(struct kvm_memory_slot *slot,
2232 return gfn_to_hva_many(slot, gfn, NULL);
2234 EXPORT_SYMBOL_GPL(gfn_to_hva_memslot);
2236 unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn)
2238 return gfn_to_hva_many(gfn_to_memslot(kvm, gfn), gfn, NULL);
2240 EXPORT_SYMBOL_GPL(gfn_to_hva);
2242 unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn)
2244 return gfn_to_hva_many(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn, NULL);
2246 EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_hva);
2249 * Return the hva of a @gfn and the R/W attribute if possible.
2251 * @slot: the kvm_memory_slot which contains @gfn
2252 * @gfn: the gfn to be translated
2253 * @writable: used to return the read/write attribute of the @slot if the hva
2254 * is valid and @writable is not NULL
2256 unsigned long gfn_to_hva_memslot_prot(struct kvm_memory_slot *slot,
2257 gfn_t gfn, bool *writable)
2259 unsigned long hva = __gfn_to_hva_many(slot, gfn, NULL, false);
2261 if (!kvm_is_error_hva(hva) && writable)
2262 *writable = !memslot_is_readonly(slot);
2267 unsigned long gfn_to_hva_prot(struct kvm *kvm, gfn_t gfn, bool *writable)
2269 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
2271 return gfn_to_hva_memslot_prot(slot, gfn, writable);
2274 unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable)
2276 struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
2278 return gfn_to_hva_memslot_prot(slot, gfn, writable);
2281 static inline int check_user_page_hwpoison(unsigned long addr)
2283 int rc, flags = FOLL_HWPOISON | FOLL_WRITE;
2285 rc = get_user_pages(addr, 1, flags, NULL, NULL);
2286 return rc == -EHWPOISON;
2290 * The fast path to get the writable pfn which will be stored in @pfn,
2291 * true indicates success, otherwise false is returned. It's also the
2292 * only part that runs if we can in atomic context.
2294 static bool hva_to_pfn_fast(unsigned long addr, bool write_fault,
2295 bool *writable, kvm_pfn_t *pfn)
2297 struct page *page[1];
2300 * Fast pin a writable pfn only if it is a write fault request
2301 * or the caller allows to map a writable pfn for a read fault
2304 if (!(write_fault || writable))
2307 if (get_user_page_fast_only(addr, FOLL_WRITE, page)) {
2308 *pfn = page_to_pfn(page[0]);
2319 * The slow path to get the pfn of the specified host virtual address,
2320 * 1 indicates success, -errno is returned if error is detected.
2322 static int hva_to_pfn_slow(unsigned long addr, bool *async, bool write_fault,
2323 bool *writable, kvm_pfn_t *pfn)
2325 unsigned int flags = FOLL_HWPOISON;
2332 *writable = write_fault;
2335 flags |= FOLL_WRITE;
2337 flags |= FOLL_NOWAIT;
2339 npages = get_user_pages_unlocked(addr, 1, &page, flags);
2343 /* map read fault as writable if possible */
2344 if (unlikely(!write_fault) && writable) {
2347 if (get_user_page_fast_only(addr, FOLL_WRITE, &wpage)) {
2353 *pfn = page_to_pfn(page);
2357 static bool vma_is_valid(struct vm_area_struct *vma, bool write_fault)
2359 if (unlikely(!(vma->vm_flags & VM_READ)))
2362 if (write_fault && (unlikely(!(vma->vm_flags & VM_WRITE))))
2368 static int kvm_try_get_pfn(kvm_pfn_t pfn)
2370 if (kvm_is_reserved_pfn(pfn))
2372 return get_page_unless_zero(pfn_to_page(pfn));
2375 static int hva_to_pfn_remapped(struct vm_area_struct *vma,
2376 unsigned long addr, bool *async,
2377 bool write_fault, bool *writable,
2385 r = follow_pte(vma->vm_mm, addr, &ptep, &ptl);
2388 * get_user_pages fails for VM_IO and VM_PFNMAP vmas and does
2389 * not call the fault handler, so do it here.
2391 bool unlocked = false;
2392 r = fixup_user_fault(current->mm, addr,
2393 (write_fault ? FAULT_FLAG_WRITE : 0),
2400 r = follow_pte(vma->vm_mm, addr, &ptep, &ptl);
2405 if (write_fault && !pte_write(*ptep)) {
2406 pfn = KVM_PFN_ERR_RO_FAULT;
2411 *writable = pte_write(*ptep);
2412 pfn = pte_pfn(*ptep);
2415 * Get a reference here because callers of *hva_to_pfn* and
2416 * *gfn_to_pfn* ultimately call kvm_release_pfn_clean on the
2417 * returned pfn. This is only needed if the VMA has VM_MIXEDMAP
2418 * set, but the kvm_try_get_pfn/kvm_release_pfn_clean pair will
2419 * simply do nothing for reserved pfns.
2421 * Whoever called remap_pfn_range is also going to call e.g.
2422 * unmap_mapping_range before the underlying pages are freed,
2423 * causing a call to our MMU notifier.
2425 * Certain IO or PFNMAP mappings can be backed with valid
2426 * struct pages, but be allocated without refcounting e.g.,
2427 * tail pages of non-compound higher order allocations, which
2428 * would then underflow the refcount when the caller does the
2429 * required put_page. Don't allow those pages here.
2431 if (!kvm_try_get_pfn(pfn))
2435 pte_unmap_unlock(ptep, ptl);
2442 * Pin guest page in memory and return its pfn.
2443 * @addr: host virtual address which maps memory to the guest
2444 * @atomic: whether this function can sleep
2445 * @async: whether this function need to wait IO complete if the
2446 * host page is not in the memory
2447 * @write_fault: whether we should get a writable host page
2448 * @writable: whether it allows to map a writable host page for !@write_fault
2450 * The function will map a writable host page for these two cases:
2451 * 1): @write_fault = true
2452 * 2): @write_fault = false && @writable, @writable will tell the caller
2453 * whether the mapping is writable.
2455 static kvm_pfn_t hva_to_pfn(unsigned long addr, bool atomic, bool *async,
2456 bool write_fault, bool *writable)
2458 struct vm_area_struct *vma;
2462 /* we can do it either atomically or asynchronously, not both */
2463 BUG_ON(atomic && async);
2465 if (hva_to_pfn_fast(addr, write_fault, writable, &pfn))
2469 return KVM_PFN_ERR_FAULT;
2471 npages = hva_to_pfn_slow(addr, async, write_fault, writable, &pfn);
2475 mmap_read_lock(current->mm);
2476 if (npages == -EHWPOISON ||
2477 (!async && check_user_page_hwpoison(addr))) {
2478 pfn = KVM_PFN_ERR_HWPOISON;
2483 vma = vma_lookup(current->mm, addr);
2486 pfn = KVM_PFN_ERR_FAULT;
2487 else if (vma->vm_flags & (VM_IO | VM_PFNMAP)) {
2488 r = hva_to_pfn_remapped(vma, addr, async, write_fault, writable, &pfn);
2492 pfn = KVM_PFN_ERR_FAULT;
2494 if (async && vma_is_valid(vma, write_fault))
2496 pfn = KVM_PFN_ERR_FAULT;
2499 mmap_read_unlock(current->mm);
2503 kvm_pfn_t __gfn_to_pfn_memslot(struct kvm_memory_slot *slot, gfn_t gfn,
2504 bool atomic, bool *async, bool write_fault,
2505 bool *writable, hva_t *hva)
2507 unsigned long addr = __gfn_to_hva_many(slot, gfn, NULL, write_fault);
2512 if (addr == KVM_HVA_ERR_RO_BAD) {
2515 return KVM_PFN_ERR_RO_FAULT;
2518 if (kvm_is_error_hva(addr)) {
2521 return KVM_PFN_NOSLOT;
2524 /* Do not map writable pfn in the readonly memslot. */
2525 if (writable && memslot_is_readonly(slot)) {
2530 return hva_to_pfn(addr, atomic, async, write_fault,
2533 EXPORT_SYMBOL_GPL(__gfn_to_pfn_memslot);
2535 kvm_pfn_t gfn_to_pfn_prot(struct kvm *kvm, gfn_t gfn, bool write_fault,
2538 return __gfn_to_pfn_memslot(gfn_to_memslot(kvm, gfn), gfn, false, NULL,
2539 write_fault, writable, NULL);
2541 EXPORT_SYMBOL_GPL(gfn_to_pfn_prot);
2543 kvm_pfn_t gfn_to_pfn_memslot(struct kvm_memory_slot *slot, gfn_t gfn)
2545 return __gfn_to_pfn_memslot(slot, gfn, false, NULL, true, NULL, NULL);
2547 EXPORT_SYMBOL_GPL(gfn_to_pfn_memslot);
2549 kvm_pfn_t gfn_to_pfn_memslot_atomic(struct kvm_memory_slot *slot, gfn_t gfn)
2551 return __gfn_to_pfn_memslot(slot, gfn, true, NULL, true, NULL, NULL);
2553 EXPORT_SYMBOL_GPL(gfn_to_pfn_memslot_atomic);
2555 kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn)
2557 return gfn_to_pfn_memslot_atomic(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn);
2559 EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_pfn_atomic);
2561 kvm_pfn_t gfn_to_pfn(struct kvm *kvm, gfn_t gfn)
2563 return gfn_to_pfn_memslot(gfn_to_memslot(kvm, gfn), gfn);
2565 EXPORT_SYMBOL_GPL(gfn_to_pfn);
2567 kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn)
2569 return gfn_to_pfn_memslot(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn);
2571 EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_pfn);
2573 int gfn_to_page_many_atomic(struct kvm_memory_slot *slot, gfn_t gfn,
2574 struct page **pages, int nr_pages)
2579 addr = gfn_to_hva_many(slot, gfn, &entry);
2580 if (kvm_is_error_hva(addr))
2583 if (entry < nr_pages)
2586 return get_user_pages_fast_only(addr, nr_pages, FOLL_WRITE, pages);
2588 EXPORT_SYMBOL_GPL(gfn_to_page_many_atomic);
2590 static struct page *kvm_pfn_to_page(kvm_pfn_t pfn)
2592 if (is_error_noslot_pfn(pfn))
2593 return KVM_ERR_PTR_BAD_PAGE;
2595 if (kvm_is_reserved_pfn(pfn)) {
2597 return KVM_ERR_PTR_BAD_PAGE;
2600 return pfn_to_page(pfn);
2603 struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn)
2607 pfn = gfn_to_pfn(kvm, gfn);
2609 return kvm_pfn_to_page(pfn);
2611 EXPORT_SYMBOL_GPL(gfn_to_page);
2613 void kvm_release_pfn(kvm_pfn_t pfn, bool dirty)
2619 kvm_release_pfn_dirty(pfn);
2621 kvm_release_pfn_clean(pfn);
2624 int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map)
2628 struct page *page = KVM_UNMAPPED_PAGE;
2633 pfn = gfn_to_pfn(vcpu->kvm, gfn);
2634 if (is_error_noslot_pfn(pfn))
2637 if (pfn_valid(pfn)) {
2638 page = pfn_to_page(pfn);
2640 #ifdef CONFIG_HAS_IOMEM
2642 hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB);
2656 EXPORT_SYMBOL_GPL(kvm_vcpu_map);
2658 void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty)
2666 if (map->page != KVM_UNMAPPED_PAGE)
2668 #ifdef CONFIG_HAS_IOMEM
2674 kvm_vcpu_mark_page_dirty(vcpu, map->gfn);
2676 kvm_release_pfn(map->pfn, dirty);
2681 EXPORT_SYMBOL_GPL(kvm_vcpu_unmap);
2683 struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn)
2687 pfn = kvm_vcpu_gfn_to_pfn(vcpu, gfn);
2689 return kvm_pfn_to_page(pfn);
2691 EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_page);
2693 void kvm_release_page_clean(struct page *page)
2695 WARN_ON(is_error_page(page));
2697 kvm_release_pfn_clean(page_to_pfn(page));
2699 EXPORT_SYMBOL_GPL(kvm_release_page_clean);
2701 void kvm_release_pfn_clean(kvm_pfn_t pfn)
2703 if (!is_error_noslot_pfn(pfn) && !kvm_is_reserved_pfn(pfn))
2704 put_page(pfn_to_page(pfn));
2706 EXPORT_SYMBOL_GPL(kvm_release_pfn_clean);
2708 void kvm_release_page_dirty(struct page *page)
2710 WARN_ON(is_error_page(page));
2712 kvm_release_pfn_dirty(page_to_pfn(page));
2714 EXPORT_SYMBOL_GPL(kvm_release_page_dirty);
2716 void kvm_release_pfn_dirty(kvm_pfn_t pfn)
2718 kvm_set_pfn_dirty(pfn);
2719 kvm_release_pfn_clean(pfn);
2721 EXPORT_SYMBOL_GPL(kvm_release_pfn_dirty);
2723 void kvm_set_pfn_dirty(kvm_pfn_t pfn)
2725 if (!kvm_is_reserved_pfn(pfn) && !kvm_is_zone_device_pfn(pfn))
2726 SetPageDirty(pfn_to_page(pfn));
2728 EXPORT_SYMBOL_GPL(kvm_set_pfn_dirty);
2730 void kvm_set_pfn_accessed(kvm_pfn_t pfn)
2732 if (!kvm_is_reserved_pfn(pfn) && !kvm_is_zone_device_pfn(pfn))
2733 mark_page_accessed(pfn_to_page(pfn));
2735 EXPORT_SYMBOL_GPL(kvm_set_pfn_accessed);
2737 static int next_segment(unsigned long len, int offset)
2739 if (len > PAGE_SIZE - offset)
2740 return PAGE_SIZE - offset;
2745 static int __kvm_read_guest_page(struct kvm_memory_slot *slot, gfn_t gfn,
2746 void *data, int offset, int len)
2751 addr = gfn_to_hva_memslot_prot(slot, gfn, NULL);
2752 if (kvm_is_error_hva(addr))
2754 r = __copy_from_user(data, (void __user *)addr + offset, len);
2760 int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
2763 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
2765 return __kvm_read_guest_page(slot, gfn, data, offset, len);
2767 EXPORT_SYMBOL_GPL(kvm_read_guest_page);
2769 int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data,
2770 int offset, int len)
2772 struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
2774 return __kvm_read_guest_page(slot, gfn, data, offset, len);
2776 EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_page);
2778 int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len)
2780 gfn_t gfn = gpa >> PAGE_SHIFT;
2782 int offset = offset_in_page(gpa);
2785 while ((seg = next_segment(len, offset)) != 0) {
2786 ret = kvm_read_guest_page(kvm, gfn, data, offset, seg);
2796 EXPORT_SYMBOL_GPL(kvm_read_guest);
2798 int kvm_vcpu_read_guest(struct kvm_vcpu *vcpu, gpa_t gpa, void *data, unsigned long len)
2800 gfn_t gfn = gpa >> PAGE_SHIFT;
2802 int offset = offset_in_page(gpa);
2805 while ((seg = next_segment(len, offset)) != 0) {
2806 ret = kvm_vcpu_read_guest_page(vcpu, gfn, data, offset, seg);
2816 EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest);
2818 static int __kvm_read_guest_atomic(struct kvm_memory_slot *slot, gfn_t gfn,
2819 void *data, int offset, unsigned long len)
2824 addr = gfn_to_hva_memslot_prot(slot, gfn, NULL);
2825 if (kvm_is_error_hva(addr))
2827 pagefault_disable();
2828 r = __copy_from_user_inatomic(data, (void __user *)addr + offset, len);
2835 int kvm_vcpu_read_guest_atomic(struct kvm_vcpu *vcpu, gpa_t gpa,
2836 void *data, unsigned long len)
2838 gfn_t gfn = gpa >> PAGE_SHIFT;
2839 struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
2840 int offset = offset_in_page(gpa);
2842 return __kvm_read_guest_atomic(slot, gfn, data, offset, len);
2844 EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_atomic);
2846 static int __kvm_write_guest_page(struct kvm *kvm,
2847 struct kvm_memory_slot *memslot, gfn_t gfn,
2848 const void *data, int offset, int len)
2853 addr = gfn_to_hva_memslot(memslot, gfn);
2854 if (kvm_is_error_hva(addr))
2856 r = __copy_to_user((void __user *)addr + offset, data, len);
2859 mark_page_dirty_in_slot(kvm, memslot, gfn);
2863 int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn,
2864 const void *data, int offset, int len)
2866 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
2868 return __kvm_write_guest_page(kvm, slot, gfn, data, offset, len);
2870 EXPORT_SYMBOL_GPL(kvm_write_guest_page);
2872 int kvm_vcpu_write_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn,
2873 const void *data, int offset, int len)
2875 struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
2877 return __kvm_write_guest_page(vcpu->kvm, slot, gfn, data, offset, len);
2879 EXPORT_SYMBOL_GPL(kvm_vcpu_write_guest_page);
2881 int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
2884 gfn_t gfn = gpa >> PAGE_SHIFT;
2886 int offset = offset_in_page(gpa);
2889 while ((seg = next_segment(len, offset)) != 0) {
2890 ret = kvm_write_guest_page(kvm, gfn, data, offset, seg);
2900 EXPORT_SYMBOL_GPL(kvm_write_guest);
2902 int kvm_vcpu_write_guest(struct kvm_vcpu *vcpu, gpa_t gpa, const void *data,
2905 gfn_t gfn = gpa >> PAGE_SHIFT;
2907 int offset = offset_in_page(gpa);
2910 while ((seg = next_segment(len, offset)) != 0) {
2911 ret = kvm_vcpu_write_guest_page(vcpu, gfn, data, offset, seg);
2921 EXPORT_SYMBOL_GPL(kvm_vcpu_write_guest);
2923 static int __kvm_gfn_to_hva_cache_init(struct kvm_memslots *slots,
2924 struct gfn_to_hva_cache *ghc,
2925 gpa_t gpa, unsigned long len)
2927 int offset = offset_in_page(gpa);
2928 gfn_t start_gfn = gpa >> PAGE_SHIFT;
2929 gfn_t end_gfn = (gpa + len - 1) >> PAGE_SHIFT;
2930 gfn_t nr_pages_needed = end_gfn - start_gfn + 1;
2931 gfn_t nr_pages_avail;
2933 /* Update ghc->generation before performing any error checks. */
2934 ghc->generation = slots->generation;
2936 if (start_gfn > end_gfn) {
2937 ghc->hva = KVM_HVA_ERR_BAD;
2942 * If the requested region crosses two memslots, we still
2943 * verify that the entire region is valid here.
2945 for ( ; start_gfn <= end_gfn; start_gfn += nr_pages_avail) {
2946 ghc->memslot = __gfn_to_memslot(slots, start_gfn);
2947 ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn,
2949 if (kvm_is_error_hva(ghc->hva))
2953 /* Use the slow path for cross page reads and writes. */
2954 if (nr_pages_needed == 1)
2957 ghc->memslot = NULL;
2964 int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
2965 gpa_t gpa, unsigned long len)
2967 struct kvm_memslots *slots = kvm_memslots(kvm);
2968 return __kvm_gfn_to_hva_cache_init(slots, ghc, gpa, len);
2970 EXPORT_SYMBOL_GPL(kvm_gfn_to_hva_cache_init);
2972 int kvm_write_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
2973 void *data, unsigned int offset,
2976 struct kvm_memslots *slots = kvm_memslots(kvm);
2978 gpa_t gpa = ghc->gpa + offset;
2980 if (WARN_ON_ONCE(len + offset > ghc->len))
2983 if (slots->generation != ghc->generation) {
2984 if (__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len))
2988 if (kvm_is_error_hva(ghc->hva))
2991 if (unlikely(!ghc->memslot))
2992 return kvm_write_guest(kvm, gpa, data, len);
2994 r = __copy_to_user((void __user *)ghc->hva + offset, data, len);
2997 mark_page_dirty_in_slot(kvm, ghc->memslot, gpa >> PAGE_SHIFT);
3001 EXPORT_SYMBOL_GPL(kvm_write_guest_offset_cached);
3003 int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
3004 void *data, unsigned long len)
3006 return kvm_write_guest_offset_cached(kvm, ghc, data, 0, len);
3008 EXPORT_SYMBOL_GPL(kvm_write_guest_cached);
3010 int kvm_read_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
3011 void *data, unsigned int offset,
3014 struct kvm_memslots *slots = kvm_memslots(kvm);
3016 gpa_t gpa = ghc->gpa + offset;
3018 if (WARN_ON_ONCE(len + offset > ghc->len))
3021 if (slots->generation != ghc->generation) {
3022 if (__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len))
3026 if (kvm_is_error_hva(ghc->hva))
3029 if (unlikely(!ghc->memslot))
3030 return kvm_read_guest(kvm, gpa, data, len);
3032 r = __copy_from_user(data, (void __user *)ghc->hva + offset, len);
3038 EXPORT_SYMBOL_GPL(kvm_read_guest_offset_cached);
3040 int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
3041 void *data, unsigned long len)
3043 return kvm_read_guest_offset_cached(kvm, ghc, data, 0, len);
3045 EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
3047 int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len)
3049 const void *zero_page = (const void *) __va(page_to_phys(ZERO_PAGE(0)));
3050 gfn_t gfn = gpa >> PAGE_SHIFT;
3052 int offset = offset_in_page(gpa);
3055 while ((seg = next_segment(len, offset)) != 0) {
3056 ret = kvm_write_guest_page(kvm, gfn, zero_page, offset, len);
3065 EXPORT_SYMBOL_GPL(kvm_clear_guest);
3067 void mark_page_dirty_in_slot(struct kvm *kvm,
3068 struct kvm_memory_slot *memslot,
3071 if (memslot && kvm_slot_dirty_track_enabled(memslot)) {
3072 unsigned long rel_gfn = gfn - memslot->base_gfn;
3073 u32 slot = (memslot->as_id << 16) | memslot->id;
3075 if (kvm->dirty_ring_size)
3076 kvm_dirty_ring_push(kvm_dirty_ring_get(kvm),
3079 set_bit_le(rel_gfn, memslot->dirty_bitmap);
3082 EXPORT_SYMBOL_GPL(mark_page_dirty_in_slot);
3084 void mark_page_dirty(struct kvm *kvm, gfn_t gfn)
3086 struct kvm_memory_slot *memslot;
3088 memslot = gfn_to_memslot(kvm, gfn);
3089 mark_page_dirty_in_slot(kvm, memslot, gfn);
3091 EXPORT_SYMBOL_GPL(mark_page_dirty);
3093 void kvm_vcpu_mark_page_dirty(struct kvm_vcpu *vcpu, gfn_t gfn)
3095 struct kvm_memory_slot *memslot;
3097 memslot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
3098 mark_page_dirty_in_slot(vcpu->kvm, memslot, gfn);
3100 EXPORT_SYMBOL_GPL(kvm_vcpu_mark_page_dirty);
3102 void kvm_sigset_activate(struct kvm_vcpu *vcpu)
3104 if (!vcpu->sigset_active)
3108 * This does a lockless modification of ->real_blocked, which is fine
3109 * because, only current can change ->real_blocked and all readers of
3110 * ->real_blocked don't care as long ->real_blocked is always a subset
3113 sigprocmask(SIG_SETMASK, &vcpu->sigset, ¤t->real_blocked);
3116 void kvm_sigset_deactivate(struct kvm_vcpu *vcpu)
3118 if (!vcpu->sigset_active)
3121 sigprocmask(SIG_SETMASK, ¤t->real_blocked, NULL);
3122 sigemptyset(¤t->real_blocked);
3125 static void grow_halt_poll_ns(struct kvm_vcpu *vcpu)
3127 unsigned int old, val, grow, grow_start;
3129 old = val = vcpu->halt_poll_ns;
3130 grow_start = READ_ONCE(halt_poll_ns_grow_start);
3131 grow = READ_ONCE(halt_poll_ns_grow);
3136 if (val < grow_start)
3139 if (val > vcpu->kvm->max_halt_poll_ns)
3140 val = vcpu->kvm->max_halt_poll_ns;
3142 vcpu->halt_poll_ns = val;
3144 trace_kvm_halt_poll_ns_grow(vcpu->vcpu_id, val, old);
3147 static void shrink_halt_poll_ns(struct kvm_vcpu *vcpu)
3149 unsigned int old, val, shrink, grow_start;
3151 old = val = vcpu->halt_poll_ns;
3152 shrink = READ_ONCE(halt_poll_ns_shrink);
3153 grow_start = READ_ONCE(halt_poll_ns_grow_start);
3159 if (val < grow_start)
3162 vcpu->halt_poll_ns = val;
3163 trace_kvm_halt_poll_ns_shrink(vcpu->vcpu_id, val, old);
3166 static int kvm_vcpu_check_block(struct kvm_vcpu *vcpu)
3169 int idx = srcu_read_lock(&vcpu->kvm->srcu);
3171 if (kvm_arch_vcpu_runnable(vcpu)) {
3172 kvm_make_request(KVM_REQ_UNHALT, vcpu);
3175 if (kvm_cpu_has_pending_timer(vcpu))
3177 if (signal_pending(current))
3179 if (kvm_check_request(KVM_REQ_UNBLOCK, vcpu))
3184 srcu_read_unlock(&vcpu->kvm->srcu, idx);
3189 update_halt_poll_stats(struct kvm_vcpu *vcpu, u64 poll_ns, bool waited)
3192 vcpu->stat.generic.halt_poll_fail_ns += poll_ns;
3194 vcpu->stat.generic.halt_poll_success_ns += poll_ns;
3198 * The vCPU has executed a HLT instruction with in-kernel mode enabled.
3200 void kvm_vcpu_block(struct kvm_vcpu *vcpu)
3202 ktime_t start, cur, poll_end;
3203 bool waited = false;
3206 kvm_arch_vcpu_blocking(vcpu);
3208 start = cur = poll_end = ktime_get();
3209 if (vcpu->halt_poll_ns && !kvm_arch_no_poll(vcpu)) {
3210 ktime_t stop = ktime_add_ns(ktime_get(), vcpu->halt_poll_ns);
3212 ++vcpu->stat.generic.halt_attempted_poll;
3215 * This sets KVM_REQ_UNHALT if an interrupt
3218 if (kvm_vcpu_check_block(vcpu) < 0) {
3219 ++vcpu->stat.generic.halt_successful_poll;
3220 if (!vcpu_valid_wakeup(vcpu))
3221 ++vcpu->stat.generic.halt_poll_invalid;
3223 KVM_STATS_LOG_HIST_UPDATE(
3224 vcpu->stat.generic.halt_poll_success_hist,
3225 ktime_to_ns(ktime_get()) -
3226 ktime_to_ns(start));
3230 poll_end = cur = ktime_get();
3231 } while (kvm_vcpu_can_poll(cur, stop));
3233 KVM_STATS_LOG_HIST_UPDATE(
3234 vcpu->stat.generic.halt_poll_fail_hist,
3235 ktime_to_ns(ktime_get()) - ktime_to_ns(start));
3239 prepare_to_rcuwait(&vcpu->wait);
3241 set_current_state(TASK_INTERRUPTIBLE);
3243 if (kvm_vcpu_check_block(vcpu) < 0)
3249 finish_rcuwait(&vcpu->wait);
3252 vcpu->stat.generic.halt_wait_ns +=
3253 ktime_to_ns(cur) - ktime_to_ns(poll_end);
3254 KVM_STATS_LOG_HIST_UPDATE(vcpu->stat.generic.halt_wait_hist,
3255 ktime_to_ns(cur) - ktime_to_ns(poll_end));
3258 kvm_arch_vcpu_unblocking(vcpu);
3259 block_ns = ktime_to_ns(cur) - ktime_to_ns(start);
3261 update_halt_poll_stats(
3262 vcpu, ktime_to_ns(ktime_sub(poll_end, start)), waited);
3264 if (!kvm_arch_no_poll(vcpu)) {
3265 if (!vcpu_valid_wakeup(vcpu)) {
3266 shrink_halt_poll_ns(vcpu);
3267 } else if (vcpu->kvm->max_halt_poll_ns) {
3268 if (block_ns <= vcpu->halt_poll_ns)
3270 /* we had a long block, shrink polling */
3271 else if (vcpu->halt_poll_ns &&
3272 block_ns > vcpu->kvm->max_halt_poll_ns)
3273 shrink_halt_poll_ns(vcpu);
3274 /* we had a short halt and our poll time is too small */
3275 else if (vcpu->halt_poll_ns < vcpu->kvm->max_halt_poll_ns &&
3276 block_ns < vcpu->kvm->max_halt_poll_ns)
3277 grow_halt_poll_ns(vcpu);
3279 vcpu->halt_poll_ns = 0;
3283 trace_kvm_vcpu_wakeup(block_ns, waited, vcpu_valid_wakeup(vcpu));
3284 kvm_arch_vcpu_block_finish(vcpu);
3286 EXPORT_SYMBOL_GPL(kvm_vcpu_block);
3288 bool kvm_vcpu_wake_up(struct kvm_vcpu *vcpu)
3290 struct rcuwait *waitp;
3292 waitp = kvm_arch_vcpu_get_wait(vcpu);
3293 if (rcuwait_wake_up(waitp)) {
3294 WRITE_ONCE(vcpu->ready, true);
3295 ++vcpu->stat.generic.halt_wakeup;
3301 EXPORT_SYMBOL_GPL(kvm_vcpu_wake_up);
3305 * Kick a sleeping VCPU, or a guest VCPU in guest mode, into host kernel mode.
3307 void kvm_vcpu_kick(struct kvm_vcpu *vcpu)
3311 if (kvm_vcpu_wake_up(vcpu))
3315 * Note, the vCPU could get migrated to a different pCPU at any point
3316 * after kvm_arch_vcpu_should_kick(), which could result in sending an
3317 * IPI to the previous pCPU. But, that's ok because the purpose of the
3318 * IPI is to force the vCPU to leave IN_GUEST_MODE, and migrating the
3319 * vCPU also requires it to leave IN_GUEST_MODE.
3322 if (kvm_arch_vcpu_should_kick(vcpu)) {
3323 cpu = READ_ONCE(vcpu->cpu);
3324 if (cpu != me && (unsigned)cpu < nr_cpu_ids && cpu_online(cpu))
3325 smp_send_reschedule(cpu);
3329 EXPORT_SYMBOL_GPL(kvm_vcpu_kick);
3330 #endif /* !CONFIG_S390 */
3332 int kvm_vcpu_yield_to(struct kvm_vcpu *target)
3335 struct task_struct *task = NULL;
3339 pid = rcu_dereference(target->pid);
3341 task = get_pid_task(pid, PIDTYPE_PID);
3345 ret = yield_to(task, 1);
3346 put_task_struct(task);
3350 EXPORT_SYMBOL_GPL(kvm_vcpu_yield_to);
3353 * Helper that checks whether a VCPU is eligible for directed yield.
3354 * Most eligible candidate to yield is decided by following heuristics:
3356 * (a) VCPU which has not done pl-exit or cpu relax intercepted recently
3357 * (preempted lock holder), indicated by @in_spin_loop.
3358 * Set at the beginning and cleared at the end of interception/PLE handler.
3360 * (b) VCPU which has done pl-exit/ cpu relax intercepted but did not get
3361 * chance last time (mostly it has become eligible now since we have probably
3362 * yielded to lockholder in last iteration. This is done by toggling
3363 * @dy_eligible each time a VCPU checked for eligibility.)
3365 * Yielding to a recently pl-exited/cpu relax intercepted VCPU before yielding
3366 * to preempted lock-holder could result in wrong VCPU selection and CPU
3367 * burning. Giving priority for a potential lock-holder increases lock
3370 * Since algorithm is based on heuristics, accessing another VCPU data without
3371 * locking does not harm. It may result in trying to yield to same VCPU, fail
3372 * and continue with next VCPU and so on.
3374 static bool kvm_vcpu_eligible_for_directed_yield(struct kvm_vcpu *vcpu)
3376 #ifdef CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT
3379 eligible = !vcpu->spin_loop.in_spin_loop ||
3380 vcpu->spin_loop.dy_eligible;
3382 if (vcpu->spin_loop.in_spin_loop)
3383 kvm_vcpu_set_dy_eligible(vcpu, !vcpu->spin_loop.dy_eligible);
3392 * Unlike kvm_arch_vcpu_runnable, this function is called outside
3393 * a vcpu_load/vcpu_put pair. However, for most architectures
3394 * kvm_arch_vcpu_runnable does not require vcpu_load.
3396 bool __weak kvm_arch_dy_runnable(struct kvm_vcpu *vcpu)
3398 return kvm_arch_vcpu_runnable(vcpu);
3401 static bool vcpu_dy_runnable(struct kvm_vcpu *vcpu)
3403 if (kvm_arch_dy_runnable(vcpu))
3406 #ifdef CONFIG_KVM_ASYNC_PF
3407 if (!list_empty_careful(&vcpu->async_pf.done))
3414 bool __weak kvm_arch_dy_has_pending_interrupt(struct kvm_vcpu *vcpu)
3419 void kvm_vcpu_on_spin(struct kvm_vcpu *me, bool yield_to_kernel_mode)
3421 struct kvm *kvm = me->kvm;
3422 struct kvm_vcpu *vcpu;
3423 int last_boosted_vcpu = me->kvm->last_boosted_vcpu;
3429 kvm_vcpu_set_in_spin_loop(me, true);
3431 * We boost the priority of a VCPU that is runnable but not
3432 * currently running, because it got preempted by something
3433 * else and called schedule in __vcpu_run. Hopefully that
3434 * VCPU is holding the lock that we need and will release it.
3435 * We approximate round-robin by starting at the last boosted VCPU.
3437 for (pass = 0; pass < 2 && !yielded && try; pass++) {
3438 kvm_for_each_vcpu(i, vcpu, kvm) {
3439 if (!pass && i <= last_boosted_vcpu) {
3440 i = last_boosted_vcpu;
3442 } else if (pass && i > last_boosted_vcpu)
3444 if (!READ_ONCE(vcpu->ready))
3448 if (rcuwait_active(&vcpu->wait) &&
3449 !vcpu_dy_runnable(vcpu))
3451 if (READ_ONCE(vcpu->preempted) && yield_to_kernel_mode &&
3452 !kvm_arch_dy_has_pending_interrupt(vcpu) &&
3453 !kvm_arch_vcpu_in_kernel(vcpu))
3455 if (!kvm_vcpu_eligible_for_directed_yield(vcpu))
3458 yielded = kvm_vcpu_yield_to(vcpu);
3460 kvm->last_boosted_vcpu = i;
3462 } else if (yielded < 0) {
3469 kvm_vcpu_set_in_spin_loop(me, false);
3471 /* Ensure vcpu is not eligible during next spinloop */
3472 kvm_vcpu_set_dy_eligible(me, false);
3474 EXPORT_SYMBOL_GPL(kvm_vcpu_on_spin);
3476 static bool kvm_page_in_dirty_ring(struct kvm *kvm, unsigned long pgoff)
3478 #if KVM_DIRTY_LOG_PAGE_OFFSET > 0
3479 return (pgoff >= KVM_DIRTY_LOG_PAGE_OFFSET) &&
3480 (pgoff < KVM_DIRTY_LOG_PAGE_OFFSET +
3481 kvm->dirty_ring_size / PAGE_SIZE);
3487 static vm_fault_t kvm_vcpu_fault(struct vm_fault *vmf)
3489 struct kvm_vcpu *vcpu = vmf->vma->vm_file->private_data;
3492 if (vmf->pgoff == 0)
3493 page = virt_to_page(vcpu->run);
3495 else if (vmf->pgoff == KVM_PIO_PAGE_OFFSET)
3496 page = virt_to_page(vcpu->arch.pio_data);
3498 #ifdef CONFIG_KVM_MMIO
3499 else if (vmf->pgoff == KVM_COALESCED_MMIO_PAGE_OFFSET)
3500 page = virt_to_page(vcpu->kvm->coalesced_mmio_ring);
3502 else if (kvm_page_in_dirty_ring(vcpu->kvm, vmf->pgoff))
3503 page = kvm_dirty_ring_get_page(
3505 vmf->pgoff - KVM_DIRTY_LOG_PAGE_OFFSET);
3507 return kvm_arch_vcpu_fault(vcpu, vmf);
3513 static const struct vm_operations_struct kvm_vcpu_vm_ops = {
3514 .fault = kvm_vcpu_fault,
3517 static int kvm_vcpu_mmap(struct file *file, struct vm_area_struct *vma)
3519 struct kvm_vcpu *vcpu = file->private_data;
3520 unsigned long pages = vma_pages(vma);
3522 if ((kvm_page_in_dirty_ring(vcpu->kvm, vma->vm_pgoff) ||
3523 kvm_page_in_dirty_ring(vcpu->kvm, vma->vm_pgoff + pages - 1)) &&
3524 ((vma->vm_flags & VM_EXEC) || !(vma->vm_flags & VM_SHARED)))
3527 vma->vm_ops = &kvm_vcpu_vm_ops;
3531 static int kvm_vcpu_release(struct inode *inode, struct file *filp)
3533 struct kvm_vcpu *vcpu = filp->private_data;
3535 kvm_put_kvm(vcpu->kvm);
3539 static struct file_operations kvm_vcpu_fops = {
3540 .release = kvm_vcpu_release,
3541 .unlocked_ioctl = kvm_vcpu_ioctl,
3542 .mmap = kvm_vcpu_mmap,
3543 .llseek = noop_llseek,
3544 KVM_COMPAT(kvm_vcpu_compat_ioctl),
3548 * Allocates an inode for the vcpu.
3550 static int create_vcpu_fd(struct kvm_vcpu *vcpu)
3552 char name[8 + 1 + ITOA_MAX_LEN + 1];
3554 snprintf(name, sizeof(name), "kvm-vcpu:%d", vcpu->vcpu_id);
3555 return anon_inode_getfd(name, &kvm_vcpu_fops, vcpu, O_RDWR | O_CLOEXEC);
3558 static void kvm_create_vcpu_debugfs(struct kvm_vcpu *vcpu)
3560 #ifdef __KVM_HAVE_ARCH_VCPU_DEBUGFS
3561 struct dentry *debugfs_dentry;
3562 char dir_name[ITOA_MAX_LEN * 2];
3564 if (!debugfs_initialized())
3567 snprintf(dir_name, sizeof(dir_name), "vcpu%d", vcpu->vcpu_id);
3568 debugfs_dentry = debugfs_create_dir(dir_name,
3569 vcpu->kvm->debugfs_dentry);
3571 kvm_arch_create_vcpu_debugfs(vcpu, debugfs_dentry);
3576 * Creates some virtual cpus. Good luck creating more than one.
3578 static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id)
3581 struct kvm_vcpu *vcpu;
3584 if (id >= KVM_MAX_VCPU_IDS)
3587 mutex_lock(&kvm->lock);
3588 if (kvm->created_vcpus == KVM_MAX_VCPUS) {
3589 mutex_unlock(&kvm->lock);
3593 kvm->created_vcpus++;
3594 mutex_unlock(&kvm->lock);
3596 r = kvm_arch_vcpu_precreate(kvm, id);
3598 goto vcpu_decrement;
3600 vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL_ACCOUNT);
3603 goto vcpu_decrement;
3606 BUILD_BUG_ON(sizeof(struct kvm_run) > PAGE_SIZE);
3607 page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
3612 vcpu->run = page_address(page);
3614 kvm_vcpu_init(vcpu, kvm, id);
3616 r = kvm_arch_vcpu_create(vcpu);
3618 goto vcpu_free_run_page;
3620 if (kvm->dirty_ring_size) {
3621 r = kvm_dirty_ring_alloc(&vcpu->dirty_ring,
3622 id, kvm->dirty_ring_size);
3624 goto arch_vcpu_destroy;
3627 mutex_lock(&kvm->lock);
3628 if (kvm_get_vcpu_by_id(kvm, id)) {
3630 goto unlock_vcpu_destroy;
3633 vcpu->vcpu_idx = atomic_read(&kvm->online_vcpus);
3634 r = xa_insert(&kvm->vcpu_array, vcpu->vcpu_idx, vcpu, GFP_KERNEL_ACCOUNT);
3635 BUG_ON(r == -EBUSY);
3637 goto unlock_vcpu_destroy;
3639 /* Fill the stats id string for the vcpu */
3640 snprintf(vcpu->stats_id, sizeof(vcpu->stats_id), "kvm-%d/vcpu-%d",
3641 task_pid_nr(current), id);
3643 /* Now it's all set up, let userspace reach it */
3645 r = create_vcpu_fd(vcpu);
3647 xa_erase(&kvm->vcpu_array, vcpu->vcpu_idx);
3648 kvm_put_kvm_no_destroy(kvm);
3649 goto unlock_vcpu_destroy;
3653 * Pairs with smp_rmb() in kvm_get_vcpu. Store the vcpu
3654 * pointer before kvm->online_vcpu's incremented value.
3657 atomic_inc(&kvm->online_vcpus);
3659 mutex_unlock(&kvm->lock);
3660 kvm_arch_vcpu_postcreate(vcpu);
3661 kvm_create_vcpu_debugfs(vcpu);
3664 unlock_vcpu_destroy:
3665 mutex_unlock(&kvm->lock);
3666 kvm_dirty_ring_free(&vcpu->dirty_ring);
3668 kvm_arch_vcpu_destroy(vcpu);
3670 free_page((unsigned long)vcpu->run);
3672 kmem_cache_free(kvm_vcpu_cache, vcpu);
3674 mutex_lock(&kvm->lock);
3675 kvm->created_vcpus--;
3676 mutex_unlock(&kvm->lock);
3680 static int kvm_vcpu_ioctl_set_sigmask(struct kvm_vcpu *vcpu, sigset_t *sigset)
3683 sigdelsetmask(sigset, sigmask(SIGKILL)|sigmask(SIGSTOP));
3684 vcpu->sigset_active = 1;
3685 vcpu->sigset = *sigset;
3687 vcpu->sigset_active = 0;
3691 static ssize_t kvm_vcpu_stats_read(struct file *file, char __user *user_buffer,
3692 size_t size, loff_t *offset)
3694 struct kvm_vcpu *vcpu = file->private_data;
3696 return kvm_stats_read(vcpu->stats_id, &kvm_vcpu_stats_header,
3697 &kvm_vcpu_stats_desc[0], &vcpu->stat,
3698 sizeof(vcpu->stat), user_buffer, size, offset);
3701 static const struct file_operations kvm_vcpu_stats_fops = {
3702 .read = kvm_vcpu_stats_read,
3703 .llseek = noop_llseek,
3706 static int kvm_vcpu_ioctl_get_stats_fd(struct kvm_vcpu *vcpu)
3710 char name[15 + ITOA_MAX_LEN + 1];
3712 snprintf(name, sizeof(name), "kvm-vcpu-stats:%d", vcpu->vcpu_id);
3714 fd = get_unused_fd_flags(O_CLOEXEC);
3718 file = anon_inode_getfile(name, &kvm_vcpu_stats_fops, vcpu, O_RDONLY);
3721 return PTR_ERR(file);
3723 file->f_mode |= FMODE_PREAD;
3724 fd_install(fd, file);
3729 static long kvm_vcpu_ioctl(struct file *filp,
3730 unsigned int ioctl, unsigned long arg)
3732 struct kvm_vcpu *vcpu = filp->private_data;
3733 void __user *argp = (void __user *)arg;
3735 struct kvm_fpu *fpu = NULL;
3736 struct kvm_sregs *kvm_sregs = NULL;
3738 if (vcpu->kvm->mm != current->mm || vcpu->kvm->vm_dead)
3741 if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
3745 * Some architectures have vcpu ioctls that are asynchronous to vcpu
3746 * execution; mutex_lock() would break them.
3748 r = kvm_arch_vcpu_async_ioctl(filp, ioctl, arg);
3749 if (r != -ENOIOCTLCMD)
3752 if (mutex_lock_killable(&vcpu->mutex))
3760 oldpid = rcu_access_pointer(vcpu->pid);
3761 if (unlikely(oldpid != task_pid(current))) {
3762 /* The thread running this VCPU changed. */
3765 r = kvm_arch_vcpu_run_pid_change(vcpu);
3769 newpid = get_task_pid(current, PIDTYPE_PID);
3770 rcu_assign_pointer(vcpu->pid, newpid);
3775 r = kvm_arch_vcpu_ioctl_run(vcpu);
3776 trace_kvm_userspace_exit(vcpu->run->exit_reason, r);
3779 case KVM_GET_REGS: {
3780 struct kvm_regs *kvm_regs;
3783 kvm_regs = kzalloc(sizeof(struct kvm_regs), GFP_KERNEL_ACCOUNT);
3786 r = kvm_arch_vcpu_ioctl_get_regs(vcpu, kvm_regs);
3790 if (copy_to_user(argp, kvm_regs, sizeof(struct kvm_regs)))
3797 case KVM_SET_REGS: {
3798 struct kvm_regs *kvm_regs;
3800 kvm_regs = memdup_user(argp, sizeof(*kvm_regs));
3801 if (IS_ERR(kvm_regs)) {
3802 r = PTR_ERR(kvm_regs);
3805 r = kvm_arch_vcpu_ioctl_set_regs(vcpu, kvm_regs);
3809 case KVM_GET_SREGS: {
3810 kvm_sregs = kzalloc(sizeof(struct kvm_sregs),
3811 GFP_KERNEL_ACCOUNT);
3815 r = kvm_arch_vcpu_ioctl_get_sregs(vcpu, kvm_sregs);
3819 if (copy_to_user(argp, kvm_sregs, sizeof(struct kvm_sregs)))
3824 case KVM_SET_SREGS: {
3825 kvm_sregs = memdup_user(argp, sizeof(*kvm_sregs));
3826 if (IS_ERR(kvm_sregs)) {
3827 r = PTR_ERR(kvm_sregs);
3831 r = kvm_arch_vcpu_ioctl_set_sregs(vcpu, kvm_sregs);
3834 case KVM_GET_MP_STATE: {
3835 struct kvm_mp_state mp_state;
3837 r = kvm_arch_vcpu_ioctl_get_mpstate(vcpu, &mp_state);
3841 if (copy_to_user(argp, &mp_state, sizeof(mp_state)))
3846 case KVM_SET_MP_STATE: {
3847 struct kvm_mp_state mp_state;
3850 if (copy_from_user(&mp_state, argp, sizeof(mp_state)))
3852 r = kvm_arch_vcpu_ioctl_set_mpstate(vcpu, &mp_state);
3855 case KVM_TRANSLATE: {
3856 struct kvm_translation tr;
3859 if (copy_from_user(&tr, argp, sizeof(tr)))
3861 r = kvm_arch_vcpu_ioctl_translate(vcpu, &tr);
3865 if (copy_to_user(argp, &tr, sizeof(tr)))
3870 case KVM_SET_GUEST_DEBUG: {
3871 struct kvm_guest_debug dbg;
3874 if (copy_from_user(&dbg, argp, sizeof(dbg)))
3876 r = kvm_arch_vcpu_ioctl_set_guest_debug(vcpu, &dbg);
3879 case KVM_SET_SIGNAL_MASK: {
3880 struct kvm_signal_mask __user *sigmask_arg = argp;
3881 struct kvm_signal_mask kvm_sigmask;
3882 sigset_t sigset, *p;
3887 if (copy_from_user(&kvm_sigmask, argp,
3888 sizeof(kvm_sigmask)))
3891 if (kvm_sigmask.len != sizeof(sigset))
3894 if (copy_from_user(&sigset, sigmask_arg->sigset,
3899 r = kvm_vcpu_ioctl_set_sigmask(vcpu, p);
3903 fpu = kzalloc(sizeof(struct kvm_fpu), GFP_KERNEL_ACCOUNT);
3907 r = kvm_arch_vcpu_ioctl_get_fpu(vcpu, fpu);
3911 if (copy_to_user(argp, fpu, sizeof(struct kvm_fpu)))
3917 fpu = memdup_user(argp, sizeof(*fpu));
3923 r = kvm_arch_vcpu_ioctl_set_fpu(vcpu, fpu);
3926 case KVM_GET_STATS_FD: {
3927 r = kvm_vcpu_ioctl_get_stats_fd(vcpu);
3931 r = kvm_arch_vcpu_ioctl(filp, ioctl, arg);
3934 mutex_unlock(&vcpu->mutex);
3940 #ifdef CONFIG_KVM_COMPAT
3941 static long kvm_vcpu_compat_ioctl(struct file *filp,
3942 unsigned int ioctl, unsigned long arg)
3944 struct kvm_vcpu *vcpu = filp->private_data;
3945 void __user *argp = compat_ptr(arg);
3948 if (vcpu->kvm->mm != current->mm || vcpu->kvm->vm_dead)
3952 case KVM_SET_SIGNAL_MASK: {
3953 struct kvm_signal_mask __user *sigmask_arg = argp;
3954 struct kvm_signal_mask kvm_sigmask;
3959 if (copy_from_user(&kvm_sigmask, argp,
3960 sizeof(kvm_sigmask)))
3963 if (kvm_sigmask.len != sizeof(compat_sigset_t))
3966 if (get_compat_sigset(&sigset,
3967 (compat_sigset_t __user *)sigmask_arg->sigset))
3969 r = kvm_vcpu_ioctl_set_sigmask(vcpu, &sigset);
3971 r = kvm_vcpu_ioctl_set_sigmask(vcpu, NULL);
3975 r = kvm_vcpu_ioctl(filp, ioctl, arg);
3983 static int kvm_device_mmap(struct file *filp, struct vm_area_struct *vma)
3985 struct kvm_device *dev = filp->private_data;
3988 return dev->ops->mmap(dev, vma);
3993 static int kvm_device_ioctl_attr(struct kvm_device *dev,
3994 int (*accessor)(struct kvm_device *dev,
3995 struct kvm_device_attr *attr),
3998 struct kvm_device_attr attr;
4003 if (copy_from_user(&attr, (void __user *)arg, sizeof(attr)))
4006 return accessor(dev, &attr);
4009 static long kvm_device_ioctl(struct file *filp, unsigned int ioctl,
4012 struct kvm_device *dev = filp->private_data;
4014 if (dev->kvm->mm != current->mm || dev->kvm->vm_dead)
4018 case KVM_SET_DEVICE_ATTR:
4019 return kvm_device_ioctl_attr(dev, dev->ops->set_attr, arg);
4020 case KVM_GET_DEVICE_ATTR:
4021 return kvm_device_ioctl_attr(dev, dev->ops->get_attr, arg);
4022 case KVM_HAS_DEVICE_ATTR:
4023 return kvm_device_ioctl_attr(dev, dev->ops->has_attr, arg);
4025 if (dev->ops->ioctl)
4026 return dev->ops->ioctl(dev, ioctl, arg);
4032 static int kvm_device_release(struct inode *inode, struct file *filp)
4034 struct kvm_device *dev = filp->private_data;
4035 struct kvm *kvm = dev->kvm;
4037 if (dev->ops->release) {
4038 mutex_lock(&kvm->lock);
4039 list_del(&dev->vm_node);
4040 dev->ops->release(dev);
4041 mutex_unlock(&kvm->lock);
4048 static const struct file_operations kvm_device_fops = {
4049 .unlocked_ioctl = kvm_device_ioctl,
4050 .release = kvm_device_release,
4051 KVM_COMPAT(kvm_device_ioctl),
4052 .mmap = kvm_device_mmap,
4055 struct kvm_device *kvm_device_from_filp(struct file *filp)
4057 if (filp->f_op != &kvm_device_fops)
4060 return filp->private_data;
4063 static const struct kvm_device_ops *kvm_device_ops_table[KVM_DEV_TYPE_MAX] = {
4064 #ifdef CONFIG_KVM_MPIC
4065 [KVM_DEV_TYPE_FSL_MPIC_20] = &kvm_mpic_ops,
4066 [KVM_DEV_TYPE_FSL_MPIC_42] = &kvm_mpic_ops,
4070 int kvm_register_device_ops(const struct kvm_device_ops *ops, u32 type)
4072 if (type >= ARRAY_SIZE(kvm_device_ops_table))
4075 if (kvm_device_ops_table[type] != NULL)
4078 kvm_device_ops_table[type] = ops;
4082 void kvm_unregister_device_ops(u32 type)
4084 if (kvm_device_ops_table[type] != NULL)
4085 kvm_device_ops_table[type] = NULL;
4088 static int kvm_ioctl_create_device(struct kvm *kvm,
4089 struct kvm_create_device *cd)
4091 const struct kvm_device_ops *ops = NULL;
4092 struct kvm_device *dev;
4093 bool test = cd->flags & KVM_CREATE_DEVICE_TEST;
4097 if (cd->type >= ARRAY_SIZE(kvm_device_ops_table))
4100 type = array_index_nospec(cd->type, ARRAY_SIZE(kvm_device_ops_table));
4101 ops = kvm_device_ops_table[type];
4108 dev = kzalloc(sizeof(*dev), GFP_KERNEL_ACCOUNT);
4115 mutex_lock(&kvm->lock);
4116 ret = ops->create(dev, type);
4118 mutex_unlock(&kvm->lock);
4122 list_add(&dev->vm_node, &kvm->devices);
4123 mutex_unlock(&kvm->lock);
4129 ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC);
4131 kvm_put_kvm_no_destroy(kvm);
4132 mutex_lock(&kvm->lock);
4133 list_del(&dev->vm_node);
4134 mutex_unlock(&kvm->lock);
4143 static long kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg)
4146 case KVM_CAP_USER_MEMORY:
4147 case KVM_CAP_DESTROY_MEMORY_REGION_WORKS:
4148 case KVM_CAP_JOIN_MEMORY_REGIONS_WORKS:
4149 case KVM_CAP_INTERNAL_ERROR_DATA:
4150 #ifdef CONFIG_HAVE_KVM_MSI
4151 case KVM_CAP_SIGNAL_MSI:
4153 #ifdef CONFIG_HAVE_KVM_IRQFD
4155 case KVM_CAP_IRQFD_RESAMPLE:
4157 case KVM_CAP_IOEVENTFD_ANY_LENGTH:
4158 case KVM_CAP_CHECK_EXTENSION_VM:
4159 case KVM_CAP_ENABLE_CAP_VM:
4160 case KVM_CAP_HALT_POLL:
4162 #ifdef CONFIG_KVM_MMIO
4163 case KVM_CAP_COALESCED_MMIO:
4164 return KVM_COALESCED_MMIO_PAGE_OFFSET;
4165 case KVM_CAP_COALESCED_PIO:
4168 #ifdef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
4169 case KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2:
4170 return KVM_DIRTY_LOG_MANUAL_CAPS;
4172 #ifdef CONFIG_HAVE_KVM_IRQ_ROUTING
4173 case KVM_CAP_IRQ_ROUTING:
4174 return KVM_MAX_IRQ_ROUTES;
4176 #if KVM_ADDRESS_SPACE_NUM > 1
4177 case KVM_CAP_MULTI_ADDRESS_SPACE:
4178 return KVM_ADDRESS_SPACE_NUM;
4180 case KVM_CAP_NR_MEMSLOTS:
4181 return KVM_USER_MEM_SLOTS;
4182 case KVM_CAP_DIRTY_LOG_RING:
4183 #if KVM_DIRTY_LOG_PAGE_OFFSET > 0
4184 return KVM_DIRTY_RING_MAX_ENTRIES * sizeof(struct kvm_dirty_gfn);
4188 case KVM_CAP_BINARY_STATS_FD:
4193 return kvm_vm_ioctl_check_extension(kvm, arg);
4196 static int kvm_vm_ioctl_enable_dirty_log_ring(struct kvm *kvm, u32 size)
4200 if (!KVM_DIRTY_LOG_PAGE_OFFSET)
4203 /* the size should be power of 2 */
4204 if (!size || (size & (size - 1)))
4207 /* Should be bigger to keep the reserved entries, or a page */
4208 if (size < kvm_dirty_ring_get_rsvd_entries() *
4209 sizeof(struct kvm_dirty_gfn) || size < PAGE_SIZE)
4212 if (size > KVM_DIRTY_RING_MAX_ENTRIES *
4213 sizeof(struct kvm_dirty_gfn))
4216 /* We only allow it to set once */
4217 if (kvm->dirty_ring_size)
4220 mutex_lock(&kvm->lock);
4222 if (kvm->created_vcpus) {
4223 /* We don't allow to change this value after vcpu created */
4226 kvm->dirty_ring_size = size;
4230 mutex_unlock(&kvm->lock);
4234 static int kvm_vm_ioctl_reset_dirty_pages(struct kvm *kvm)
4237 struct kvm_vcpu *vcpu;
4240 if (!kvm->dirty_ring_size)
4243 mutex_lock(&kvm->slots_lock);
4245 kvm_for_each_vcpu(i, vcpu, kvm)
4246 cleared += kvm_dirty_ring_reset(vcpu->kvm, &vcpu->dirty_ring);
4248 mutex_unlock(&kvm->slots_lock);
4251 kvm_flush_remote_tlbs(kvm);
4256 int __attribute__((weak)) kvm_vm_ioctl_enable_cap(struct kvm *kvm,
4257 struct kvm_enable_cap *cap)
4262 static int kvm_vm_ioctl_enable_cap_generic(struct kvm *kvm,
4263 struct kvm_enable_cap *cap)
4266 #ifdef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
4267 case KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2: {
4268 u64 allowed_options = KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE;
4270 if (cap->args[0] & KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE)
4271 allowed_options = KVM_DIRTY_LOG_MANUAL_CAPS;
4273 if (cap->flags || (cap->args[0] & ~allowed_options))
4275 kvm->manual_dirty_log_protect = cap->args[0];
4279 case KVM_CAP_HALT_POLL: {
4280 if (cap->flags || cap->args[0] != (unsigned int)cap->args[0])
4283 kvm->max_halt_poll_ns = cap->args[0];
4286 case KVM_CAP_DIRTY_LOG_RING:
4287 return kvm_vm_ioctl_enable_dirty_log_ring(kvm, cap->args[0]);
4289 return kvm_vm_ioctl_enable_cap(kvm, cap);
4293 static ssize_t kvm_vm_stats_read(struct file *file, char __user *user_buffer,
4294 size_t size, loff_t *offset)
4296 struct kvm *kvm = file->private_data;
4298 return kvm_stats_read(kvm->stats_id, &kvm_vm_stats_header,
4299 &kvm_vm_stats_desc[0], &kvm->stat,
4300 sizeof(kvm->stat), user_buffer, size, offset);
4303 static const struct file_operations kvm_vm_stats_fops = {
4304 .read = kvm_vm_stats_read,
4305 .llseek = noop_llseek,
4308 static int kvm_vm_ioctl_get_stats_fd(struct kvm *kvm)
4313 fd = get_unused_fd_flags(O_CLOEXEC);
4317 file = anon_inode_getfile("kvm-vm-stats",
4318 &kvm_vm_stats_fops, kvm, O_RDONLY);
4321 return PTR_ERR(file);
4323 file->f_mode |= FMODE_PREAD;
4324 fd_install(fd, file);
4329 static long kvm_vm_ioctl(struct file *filp,
4330 unsigned int ioctl, unsigned long arg)
4332 struct kvm *kvm = filp->private_data;
4333 void __user *argp = (void __user *)arg;
4336 if (kvm->mm != current->mm || kvm->vm_dead)
4339 case KVM_CREATE_VCPU:
4340 r = kvm_vm_ioctl_create_vcpu(kvm, arg);
4342 case KVM_ENABLE_CAP: {
4343 struct kvm_enable_cap cap;
4346 if (copy_from_user(&cap, argp, sizeof(cap)))
4348 r = kvm_vm_ioctl_enable_cap_generic(kvm, &cap);
4351 case KVM_SET_USER_MEMORY_REGION: {
4352 struct kvm_userspace_memory_region kvm_userspace_mem;
4355 if (copy_from_user(&kvm_userspace_mem, argp,
4356 sizeof(kvm_userspace_mem)))
4359 r = kvm_vm_ioctl_set_memory_region(kvm, &kvm_userspace_mem);
4362 case KVM_GET_DIRTY_LOG: {
4363 struct kvm_dirty_log log;
4366 if (copy_from_user(&log, argp, sizeof(log)))
4368 r = kvm_vm_ioctl_get_dirty_log(kvm, &log);
4371 #ifdef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
4372 case KVM_CLEAR_DIRTY_LOG: {
4373 struct kvm_clear_dirty_log log;
4376 if (copy_from_user(&log, argp, sizeof(log)))
4378 r = kvm_vm_ioctl_clear_dirty_log(kvm, &log);
4382 #ifdef CONFIG_KVM_MMIO
4383 case KVM_REGISTER_COALESCED_MMIO: {
4384 struct kvm_coalesced_mmio_zone zone;
4387 if (copy_from_user(&zone, argp, sizeof(zone)))
4389 r = kvm_vm_ioctl_register_coalesced_mmio(kvm, &zone);
4392 case KVM_UNREGISTER_COALESCED_MMIO: {
4393 struct kvm_coalesced_mmio_zone zone;
4396 if (copy_from_user(&zone, argp, sizeof(zone)))
4398 r = kvm_vm_ioctl_unregister_coalesced_mmio(kvm, &zone);
4403 struct kvm_irqfd data;
4406 if (copy_from_user(&data, argp, sizeof(data)))
4408 r = kvm_irqfd(kvm, &data);
4411 case KVM_IOEVENTFD: {
4412 struct kvm_ioeventfd data;
4415 if (copy_from_user(&data, argp, sizeof(data)))
4417 r = kvm_ioeventfd(kvm, &data);
4420 #ifdef CONFIG_HAVE_KVM_MSI
4421 case KVM_SIGNAL_MSI: {
4425 if (copy_from_user(&msi, argp, sizeof(msi)))
4427 r = kvm_send_userspace_msi(kvm, &msi);
4431 #ifdef __KVM_HAVE_IRQ_LINE
4432 case KVM_IRQ_LINE_STATUS:
4433 case KVM_IRQ_LINE: {
4434 struct kvm_irq_level irq_event;
4437 if (copy_from_user(&irq_event, argp, sizeof(irq_event)))
4440 r = kvm_vm_ioctl_irq_line(kvm, &irq_event,
4441 ioctl == KVM_IRQ_LINE_STATUS);
4446 if (ioctl == KVM_IRQ_LINE_STATUS) {
4447 if (copy_to_user(argp, &irq_event, sizeof(irq_event)))
4455 #ifdef CONFIG_HAVE_KVM_IRQ_ROUTING
4456 case KVM_SET_GSI_ROUTING: {
4457 struct kvm_irq_routing routing;
4458 struct kvm_irq_routing __user *urouting;
4459 struct kvm_irq_routing_entry *entries = NULL;
4462 if (copy_from_user(&routing, argp, sizeof(routing)))
4465 if (!kvm_arch_can_set_irq_routing(kvm))
4467 if (routing.nr > KVM_MAX_IRQ_ROUTES)
4473 entries = vmemdup_user(urouting->entries,
4474 array_size(sizeof(*entries),
4476 if (IS_ERR(entries)) {
4477 r = PTR_ERR(entries);
4481 r = kvm_set_irq_routing(kvm, entries, routing.nr,
4486 #endif /* CONFIG_HAVE_KVM_IRQ_ROUTING */
4487 case KVM_CREATE_DEVICE: {
4488 struct kvm_create_device cd;
4491 if (copy_from_user(&cd, argp, sizeof(cd)))
4494 r = kvm_ioctl_create_device(kvm, &cd);
4499 if (copy_to_user(argp, &cd, sizeof(cd)))
4505 case KVM_CHECK_EXTENSION:
4506 r = kvm_vm_ioctl_check_extension_generic(kvm, arg);
4508 case KVM_RESET_DIRTY_RINGS:
4509 r = kvm_vm_ioctl_reset_dirty_pages(kvm);
4511 case KVM_GET_STATS_FD:
4512 r = kvm_vm_ioctl_get_stats_fd(kvm);
4515 r = kvm_arch_vm_ioctl(filp, ioctl, arg);
4521 #ifdef CONFIG_KVM_COMPAT
4522 struct compat_kvm_dirty_log {
4526 compat_uptr_t dirty_bitmap; /* one bit per page */
4531 struct compat_kvm_clear_dirty_log {
4536 compat_uptr_t dirty_bitmap; /* one bit per page */
4541 static long kvm_vm_compat_ioctl(struct file *filp,
4542 unsigned int ioctl, unsigned long arg)
4544 struct kvm *kvm = filp->private_data;
4547 if (kvm->mm != current->mm || kvm->vm_dead)
4550 #ifdef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
4551 case KVM_CLEAR_DIRTY_LOG: {
4552 struct compat_kvm_clear_dirty_log compat_log;
4553 struct kvm_clear_dirty_log log;
4555 if (copy_from_user(&compat_log, (void __user *)arg,
4556 sizeof(compat_log)))
4558 log.slot = compat_log.slot;
4559 log.num_pages = compat_log.num_pages;
4560 log.first_page = compat_log.first_page;
4561 log.padding2 = compat_log.padding2;
4562 log.dirty_bitmap = compat_ptr(compat_log.dirty_bitmap);
4564 r = kvm_vm_ioctl_clear_dirty_log(kvm, &log);
4568 case KVM_GET_DIRTY_LOG: {
4569 struct compat_kvm_dirty_log compat_log;
4570 struct kvm_dirty_log log;
4572 if (copy_from_user(&compat_log, (void __user *)arg,
4573 sizeof(compat_log)))
4575 log.slot = compat_log.slot;
4576 log.padding1 = compat_log.padding1;
4577 log.padding2 = compat_log.padding2;
4578 log.dirty_bitmap = compat_ptr(compat_log.dirty_bitmap);
4580 r = kvm_vm_ioctl_get_dirty_log(kvm, &log);
4584 r = kvm_vm_ioctl(filp, ioctl, arg);
4590 static struct file_operations kvm_vm_fops = {
4591 .release = kvm_vm_release,
4592 .unlocked_ioctl = kvm_vm_ioctl,
4593 .llseek = noop_llseek,
4594 KVM_COMPAT(kvm_vm_compat_ioctl),
4597 bool file_is_kvm(struct file *file)
4599 return file && file->f_op == &kvm_vm_fops;
4601 EXPORT_SYMBOL_GPL(file_is_kvm);
4603 static int kvm_dev_ioctl_create_vm(unsigned long type)
4609 kvm = kvm_create_vm(type);
4611 return PTR_ERR(kvm);
4612 #ifdef CONFIG_KVM_MMIO
4613 r = kvm_coalesced_mmio_init(kvm);
4617 r = get_unused_fd_flags(O_CLOEXEC);
4621 snprintf(kvm->stats_id, sizeof(kvm->stats_id),
4622 "kvm-%d", task_pid_nr(current));
4624 file = anon_inode_getfile("kvm-vm", &kvm_vm_fops, kvm, O_RDWR);
4632 * Don't call kvm_put_kvm anymore at this point; file->f_op is
4633 * already set, with ->release() being kvm_vm_release(). In error
4634 * cases it will be called by the final fput(file) and will take
4635 * care of doing kvm_put_kvm(kvm).
4637 if (kvm_create_vm_debugfs(kvm, r) < 0) {
4642 kvm_uevent_notify_change(KVM_EVENT_CREATE_VM, kvm);
4644 fd_install(r, file);
4652 static long kvm_dev_ioctl(struct file *filp,
4653 unsigned int ioctl, unsigned long arg)
4658 case KVM_GET_API_VERSION:
4661 r = KVM_API_VERSION;
4664 r = kvm_dev_ioctl_create_vm(arg);
4666 case KVM_CHECK_EXTENSION:
4667 r = kvm_vm_ioctl_check_extension_generic(NULL, arg);
4669 case KVM_GET_VCPU_MMAP_SIZE:
4672 r = PAGE_SIZE; /* struct kvm_run */
4674 r += PAGE_SIZE; /* pio data page */
4676 #ifdef CONFIG_KVM_MMIO
4677 r += PAGE_SIZE; /* coalesced mmio ring page */
4680 case KVM_TRACE_ENABLE:
4681 case KVM_TRACE_PAUSE:
4682 case KVM_TRACE_DISABLE:
4686 return kvm_arch_dev_ioctl(filp, ioctl, arg);
4692 static struct file_operations kvm_chardev_ops = {
4693 .unlocked_ioctl = kvm_dev_ioctl,
4694 .llseek = noop_llseek,
4695 KVM_COMPAT(kvm_dev_ioctl),
4698 static struct miscdevice kvm_dev = {
4704 static void hardware_enable_nolock(void *junk)
4706 int cpu = raw_smp_processor_id();
4709 if (cpumask_test_cpu(cpu, cpus_hardware_enabled))
4712 cpumask_set_cpu(cpu, cpus_hardware_enabled);
4714 r = kvm_arch_hardware_enable();
4717 cpumask_clear_cpu(cpu, cpus_hardware_enabled);
4718 atomic_inc(&hardware_enable_failed);
4719 pr_info("kvm: enabling virtualization on CPU%d failed\n", cpu);
4723 static int kvm_starting_cpu(unsigned int cpu)
4725 raw_spin_lock(&kvm_count_lock);
4726 if (kvm_usage_count)
4727 hardware_enable_nolock(NULL);
4728 raw_spin_unlock(&kvm_count_lock);
4732 static void hardware_disable_nolock(void *junk)
4734 int cpu = raw_smp_processor_id();
4736 if (!cpumask_test_cpu(cpu, cpus_hardware_enabled))
4738 cpumask_clear_cpu(cpu, cpus_hardware_enabled);
4739 kvm_arch_hardware_disable();
4742 static int kvm_dying_cpu(unsigned int cpu)
4744 raw_spin_lock(&kvm_count_lock);
4745 if (kvm_usage_count)
4746 hardware_disable_nolock(NULL);
4747 raw_spin_unlock(&kvm_count_lock);
4751 static void hardware_disable_all_nolock(void)
4753 BUG_ON(!kvm_usage_count);
4756 if (!kvm_usage_count)
4757 on_each_cpu(hardware_disable_nolock, NULL, 1);
4760 static void hardware_disable_all(void)
4762 raw_spin_lock(&kvm_count_lock);
4763 hardware_disable_all_nolock();
4764 raw_spin_unlock(&kvm_count_lock);
4767 static int hardware_enable_all(void)
4771 raw_spin_lock(&kvm_count_lock);
4774 if (kvm_usage_count == 1) {
4775 atomic_set(&hardware_enable_failed, 0);
4776 on_each_cpu(hardware_enable_nolock, NULL, 1);
4778 if (atomic_read(&hardware_enable_failed)) {
4779 hardware_disable_all_nolock();
4784 raw_spin_unlock(&kvm_count_lock);
4789 static int kvm_reboot(struct notifier_block *notifier, unsigned long val,
4793 * Some (well, at least mine) BIOSes hang on reboot if
4796 * And Intel TXT required VMX off for all cpu when system shutdown.
4798 pr_info("kvm: exiting hardware virtualization\n");
4799 kvm_rebooting = true;
4800 on_each_cpu(hardware_disable_nolock, NULL, 1);
4804 static struct notifier_block kvm_reboot_notifier = {
4805 .notifier_call = kvm_reboot,
4809 static void kvm_io_bus_destroy(struct kvm_io_bus *bus)
4813 for (i = 0; i < bus->dev_count; i++) {
4814 struct kvm_io_device *pos = bus->range[i].dev;
4816 kvm_iodevice_destructor(pos);
4821 static inline int kvm_io_bus_cmp(const struct kvm_io_range *r1,
4822 const struct kvm_io_range *r2)
4824 gpa_t addr1 = r1->addr;
4825 gpa_t addr2 = r2->addr;
4830 /* If r2->len == 0, match the exact address. If r2->len != 0,
4831 * accept any overlapping write. Any order is acceptable for
4832 * overlapping ranges, because kvm_io_bus_get_first_dev ensures
4833 * we process all of them.
4846 static int kvm_io_bus_sort_cmp(const void *p1, const void *p2)
4848 return kvm_io_bus_cmp(p1, p2);
4851 static int kvm_io_bus_get_first_dev(struct kvm_io_bus *bus,
4852 gpa_t addr, int len)
4854 struct kvm_io_range *range, key;
4857 key = (struct kvm_io_range) {
4862 range = bsearch(&key, bus->range, bus->dev_count,
4863 sizeof(struct kvm_io_range), kvm_io_bus_sort_cmp);
4867 off = range - bus->range;
4869 while (off > 0 && kvm_io_bus_cmp(&key, &bus->range[off-1]) == 0)
4875 static int __kvm_io_bus_write(struct kvm_vcpu *vcpu, struct kvm_io_bus *bus,
4876 struct kvm_io_range *range, const void *val)
4880 idx = kvm_io_bus_get_first_dev(bus, range->addr, range->len);
4884 while (idx < bus->dev_count &&
4885 kvm_io_bus_cmp(range, &bus->range[idx]) == 0) {
4886 if (!kvm_iodevice_write(vcpu, bus->range[idx].dev, range->addr,
4895 /* kvm_io_bus_write - called under kvm->slots_lock */
4896 int kvm_io_bus_write(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx, gpa_t addr,
4897 int len, const void *val)
4899 struct kvm_io_bus *bus;
4900 struct kvm_io_range range;
4903 range = (struct kvm_io_range) {
4908 bus = srcu_dereference(vcpu->kvm->buses[bus_idx], &vcpu->kvm->srcu);
4911 r = __kvm_io_bus_write(vcpu, bus, &range, val);
4912 return r < 0 ? r : 0;
4914 EXPORT_SYMBOL_GPL(kvm_io_bus_write);
4916 /* kvm_io_bus_write_cookie - called under kvm->slots_lock */
4917 int kvm_io_bus_write_cookie(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx,
4918 gpa_t addr, int len, const void *val, long cookie)
4920 struct kvm_io_bus *bus;
4921 struct kvm_io_range range;
4923 range = (struct kvm_io_range) {
4928 bus = srcu_dereference(vcpu->kvm->buses[bus_idx], &vcpu->kvm->srcu);
4932 /* First try the device referenced by cookie. */
4933 if ((cookie >= 0) && (cookie < bus->dev_count) &&
4934 (kvm_io_bus_cmp(&range, &bus->range[cookie]) == 0))
4935 if (!kvm_iodevice_write(vcpu, bus->range[cookie].dev, addr, len,
4940 * cookie contained garbage; fall back to search and return the
4941 * correct cookie value.
4943 return __kvm_io_bus_write(vcpu, bus, &range, val);
4946 static int __kvm_io_bus_read(struct kvm_vcpu *vcpu, struct kvm_io_bus *bus,
4947 struct kvm_io_range *range, void *val)
4951 idx = kvm_io_bus_get_first_dev(bus, range->addr, range->len);
4955 while (idx < bus->dev_count &&
4956 kvm_io_bus_cmp(range, &bus->range[idx]) == 0) {
4957 if (!kvm_iodevice_read(vcpu, bus->range[idx].dev, range->addr,
4966 /* kvm_io_bus_read - called under kvm->slots_lock */
4967 int kvm_io_bus_read(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx, gpa_t addr,
4970 struct kvm_io_bus *bus;
4971 struct kvm_io_range range;
4974 range = (struct kvm_io_range) {
4979 bus = srcu_dereference(vcpu->kvm->buses[bus_idx], &vcpu->kvm->srcu);
4982 r = __kvm_io_bus_read(vcpu, bus, &range, val);
4983 return r < 0 ? r : 0;
4986 /* Caller must hold slots_lock. */
4987 int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
4988 int len, struct kvm_io_device *dev)
4991 struct kvm_io_bus *new_bus, *bus;
4992 struct kvm_io_range range;
4994 bus = kvm_get_bus(kvm, bus_idx);
4998 /* exclude ioeventfd which is limited by maximum fd */
4999 if (bus->dev_count - bus->ioeventfd_count > NR_IOBUS_DEVS - 1)
5002 new_bus = kmalloc(struct_size(bus, range, bus->dev_count + 1),
5003 GFP_KERNEL_ACCOUNT);
5007 range = (struct kvm_io_range) {
5013 for (i = 0; i < bus->dev_count; i++)
5014 if (kvm_io_bus_cmp(&bus->range[i], &range) > 0)
5017 memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range));
5018 new_bus->dev_count++;
5019 new_bus->range[i] = range;
5020 memcpy(new_bus->range + i + 1, bus->range + i,
5021 (bus->dev_count - i) * sizeof(struct kvm_io_range));
5022 rcu_assign_pointer(kvm->buses[bus_idx], new_bus);
5023 synchronize_srcu_expedited(&kvm->srcu);
5029 int kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
5030 struct kvm_io_device *dev)
5033 struct kvm_io_bus *new_bus, *bus;
5035 lockdep_assert_held(&kvm->slots_lock);
5037 bus = kvm_get_bus(kvm, bus_idx);
5041 for (i = 0; i < bus->dev_count; i++) {
5042 if (bus->range[i].dev == dev) {
5047 if (i == bus->dev_count)
5050 new_bus = kmalloc(struct_size(bus, range, bus->dev_count - 1),
5051 GFP_KERNEL_ACCOUNT);
5053 memcpy(new_bus, bus, struct_size(bus, range, i));
5054 new_bus->dev_count--;
5055 memcpy(new_bus->range + i, bus->range + i + 1,
5056 flex_array_size(new_bus, range, new_bus->dev_count - i));
5059 rcu_assign_pointer(kvm->buses[bus_idx], new_bus);
5060 synchronize_srcu_expedited(&kvm->srcu);
5062 /* Destroy the old bus _after_ installing the (null) bus. */
5064 pr_err("kvm: failed to shrink bus, removing it completely\n");
5065 for (j = 0; j < bus->dev_count; j++) {
5068 kvm_iodevice_destructor(bus->range[j].dev);
5073 return new_bus ? 0 : -ENOMEM;
5076 struct kvm_io_device *kvm_io_bus_get_dev(struct kvm *kvm, enum kvm_bus bus_idx,
5079 struct kvm_io_bus *bus;
5080 int dev_idx, srcu_idx;
5081 struct kvm_io_device *iodev = NULL;
5083 srcu_idx = srcu_read_lock(&kvm->srcu);
5085 bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
5089 dev_idx = kvm_io_bus_get_first_dev(bus, addr, 1);
5093 iodev = bus->range[dev_idx].dev;
5096 srcu_read_unlock(&kvm->srcu, srcu_idx);
5100 EXPORT_SYMBOL_GPL(kvm_io_bus_get_dev);
5102 static int kvm_debugfs_open(struct inode *inode, struct file *file,
5103 int (*get)(void *, u64 *), int (*set)(void *, u64),
5106 struct kvm_stat_data *stat_data = (struct kvm_stat_data *)
5110 * The debugfs files are a reference to the kvm struct which
5111 * is still valid when kvm_destroy_vm is called. kvm_get_kvm_safe
5112 * avoids the race between open and the removal of the debugfs directory.
5114 if (!kvm_get_kvm_safe(stat_data->kvm))
5117 if (simple_attr_open(inode, file, get,
5118 kvm_stats_debugfs_mode(stat_data->desc) & 0222
5121 kvm_put_kvm(stat_data->kvm);
5128 static int kvm_debugfs_release(struct inode *inode, struct file *file)
5130 struct kvm_stat_data *stat_data = (struct kvm_stat_data *)
5133 simple_attr_release(inode, file);
5134 kvm_put_kvm(stat_data->kvm);
5139 static int kvm_get_stat_per_vm(struct kvm *kvm, size_t offset, u64 *val)
5141 *val = *(u64 *)((void *)(&kvm->stat) + offset);
5146 static int kvm_clear_stat_per_vm(struct kvm *kvm, size_t offset)
5148 *(u64 *)((void *)(&kvm->stat) + offset) = 0;
5153 static int kvm_get_stat_per_vcpu(struct kvm *kvm, size_t offset, u64 *val)
5156 struct kvm_vcpu *vcpu;
5160 kvm_for_each_vcpu(i, vcpu, kvm)
5161 *val += *(u64 *)((void *)(&vcpu->stat) + offset);
5166 static int kvm_clear_stat_per_vcpu(struct kvm *kvm, size_t offset)
5169 struct kvm_vcpu *vcpu;
5171 kvm_for_each_vcpu(i, vcpu, kvm)
5172 *(u64 *)((void *)(&vcpu->stat) + offset) = 0;
5177 static int kvm_stat_data_get(void *data, u64 *val)
5180 struct kvm_stat_data *stat_data = (struct kvm_stat_data *)data;
5182 switch (stat_data->kind) {
5184 r = kvm_get_stat_per_vm(stat_data->kvm,
5185 stat_data->desc->desc.offset, val);
5188 r = kvm_get_stat_per_vcpu(stat_data->kvm,
5189 stat_data->desc->desc.offset, val);
5196 static int kvm_stat_data_clear(void *data, u64 val)
5199 struct kvm_stat_data *stat_data = (struct kvm_stat_data *)data;
5204 switch (stat_data->kind) {
5206 r = kvm_clear_stat_per_vm(stat_data->kvm,
5207 stat_data->desc->desc.offset);
5210 r = kvm_clear_stat_per_vcpu(stat_data->kvm,
5211 stat_data->desc->desc.offset);
5218 static int kvm_stat_data_open(struct inode *inode, struct file *file)
5220 __simple_attr_check_format("%llu\n", 0ull);
5221 return kvm_debugfs_open(inode, file, kvm_stat_data_get,
5222 kvm_stat_data_clear, "%llu\n");
5225 static const struct file_operations stat_fops_per_vm = {
5226 .owner = THIS_MODULE,
5227 .open = kvm_stat_data_open,
5228 .release = kvm_debugfs_release,
5229 .read = simple_attr_read,
5230 .write = simple_attr_write,
5231 .llseek = no_llseek,
5234 static int vm_stat_get(void *_offset, u64 *val)
5236 unsigned offset = (long)_offset;
5241 mutex_lock(&kvm_lock);
5242 list_for_each_entry(kvm, &vm_list, vm_list) {
5243 kvm_get_stat_per_vm(kvm, offset, &tmp_val);
5246 mutex_unlock(&kvm_lock);
5250 static int vm_stat_clear(void *_offset, u64 val)
5252 unsigned offset = (long)_offset;
5258 mutex_lock(&kvm_lock);
5259 list_for_each_entry(kvm, &vm_list, vm_list) {
5260 kvm_clear_stat_per_vm(kvm, offset);
5262 mutex_unlock(&kvm_lock);
5267 DEFINE_SIMPLE_ATTRIBUTE(vm_stat_fops, vm_stat_get, vm_stat_clear, "%llu\n");
5268 DEFINE_SIMPLE_ATTRIBUTE(vm_stat_readonly_fops, vm_stat_get, NULL, "%llu\n");
5270 static int vcpu_stat_get(void *_offset, u64 *val)
5272 unsigned offset = (long)_offset;
5277 mutex_lock(&kvm_lock);
5278 list_for_each_entry(kvm, &vm_list, vm_list) {
5279 kvm_get_stat_per_vcpu(kvm, offset, &tmp_val);
5282 mutex_unlock(&kvm_lock);
5286 static int vcpu_stat_clear(void *_offset, u64 val)
5288 unsigned offset = (long)_offset;
5294 mutex_lock(&kvm_lock);
5295 list_for_each_entry(kvm, &vm_list, vm_list) {
5296 kvm_clear_stat_per_vcpu(kvm, offset);
5298 mutex_unlock(&kvm_lock);
5303 DEFINE_SIMPLE_ATTRIBUTE(vcpu_stat_fops, vcpu_stat_get, vcpu_stat_clear,
5305 DEFINE_SIMPLE_ATTRIBUTE(vcpu_stat_readonly_fops, vcpu_stat_get, NULL, "%llu\n");
5307 static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm)
5309 struct kobj_uevent_env *env;
5310 unsigned long long created, active;
5312 if (!kvm_dev.this_device || !kvm)
5315 mutex_lock(&kvm_lock);
5316 if (type == KVM_EVENT_CREATE_VM) {
5317 kvm_createvm_count++;
5319 } else if (type == KVM_EVENT_DESTROY_VM) {
5322 created = kvm_createvm_count;
5323 active = kvm_active_vms;
5324 mutex_unlock(&kvm_lock);
5326 env = kzalloc(sizeof(*env), GFP_KERNEL_ACCOUNT);
5330 add_uevent_var(env, "CREATED=%llu", created);
5331 add_uevent_var(env, "COUNT=%llu", active);
5333 if (type == KVM_EVENT_CREATE_VM) {
5334 add_uevent_var(env, "EVENT=create");
5335 kvm->userspace_pid = task_pid_nr(current);
5336 } else if (type == KVM_EVENT_DESTROY_VM) {
5337 add_uevent_var(env, "EVENT=destroy");
5339 add_uevent_var(env, "PID=%d", kvm->userspace_pid);
5341 if (kvm->debugfs_dentry) {
5342 char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT);
5345 tmp = dentry_path_raw(kvm->debugfs_dentry, p, PATH_MAX);
5347 add_uevent_var(env, "STATS_PATH=%s", tmp);
5351 /* no need for checks, since we are adding at most only 5 keys */
5352 env->envp[env->envp_idx++] = NULL;
5353 kobject_uevent_env(&kvm_dev.this_device->kobj, KOBJ_CHANGE, env->envp);
5357 static void kvm_init_debug(void)
5359 const struct file_operations *fops;
5360 const struct _kvm_stats_desc *pdesc;
5363 kvm_debugfs_dir = debugfs_create_dir("kvm", NULL);
5365 for (i = 0; i < kvm_vm_stats_header.num_desc; ++i) {
5366 pdesc = &kvm_vm_stats_desc[i];
5367 if (kvm_stats_debugfs_mode(pdesc) & 0222)
5368 fops = &vm_stat_fops;
5370 fops = &vm_stat_readonly_fops;
5371 debugfs_create_file(pdesc->name, kvm_stats_debugfs_mode(pdesc),
5373 (void *)(long)pdesc->desc.offset, fops);
5376 for (i = 0; i < kvm_vcpu_stats_header.num_desc; ++i) {
5377 pdesc = &kvm_vcpu_stats_desc[i];
5378 if (kvm_stats_debugfs_mode(pdesc) & 0222)
5379 fops = &vcpu_stat_fops;
5381 fops = &vcpu_stat_readonly_fops;
5382 debugfs_create_file(pdesc->name, kvm_stats_debugfs_mode(pdesc),
5384 (void *)(long)pdesc->desc.offset, fops);
5388 static int kvm_suspend(void)
5390 if (kvm_usage_count)
5391 hardware_disable_nolock(NULL);
5395 static void kvm_resume(void)
5397 if (kvm_usage_count) {
5398 #ifdef CONFIG_LOCKDEP
5399 WARN_ON(lockdep_is_held(&kvm_count_lock));
5401 hardware_enable_nolock(NULL);
5405 static struct syscore_ops kvm_syscore_ops = {
5406 .suspend = kvm_suspend,
5407 .resume = kvm_resume,
5411 struct kvm_vcpu *preempt_notifier_to_vcpu(struct preempt_notifier *pn)
5413 return container_of(pn, struct kvm_vcpu, preempt_notifier);
5416 static void kvm_sched_in(struct preempt_notifier *pn, int cpu)
5418 struct kvm_vcpu *vcpu = preempt_notifier_to_vcpu(pn);
5420 WRITE_ONCE(vcpu->preempted, false);
5421 WRITE_ONCE(vcpu->ready, false);
5423 __this_cpu_write(kvm_running_vcpu, vcpu);
5424 kvm_arch_sched_in(vcpu, cpu);
5425 kvm_arch_vcpu_load(vcpu, cpu);
5428 static void kvm_sched_out(struct preempt_notifier *pn,
5429 struct task_struct *next)
5431 struct kvm_vcpu *vcpu = preempt_notifier_to_vcpu(pn);
5433 if (current->on_rq) {
5434 WRITE_ONCE(vcpu->preempted, true);
5435 WRITE_ONCE(vcpu->ready, true);
5437 kvm_arch_vcpu_put(vcpu);
5438 __this_cpu_write(kvm_running_vcpu, NULL);
5442 * kvm_get_running_vcpu - get the vcpu running on the current CPU.
5444 * We can disable preemption locally around accessing the per-CPU variable,
5445 * and use the resolved vcpu pointer after enabling preemption again,
5446 * because even if the current thread is migrated to another CPU, reading
5447 * the per-CPU value later will give us the same value as we update the
5448 * per-CPU variable in the preempt notifier handlers.
5450 struct kvm_vcpu *kvm_get_running_vcpu(void)
5452 struct kvm_vcpu *vcpu;
5455 vcpu = __this_cpu_read(kvm_running_vcpu);
5460 EXPORT_SYMBOL_GPL(kvm_get_running_vcpu);
5463 * kvm_get_running_vcpus - get the per-CPU array of currently running vcpus.
5465 struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void)
5467 return &kvm_running_vcpu;
5470 struct kvm_cpu_compat_check {
5475 static void check_processor_compat(void *data)
5477 struct kvm_cpu_compat_check *c = data;
5479 *c->ret = kvm_arch_check_processor_compat(c->opaque);
5482 int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5483 struct module *module)
5485 struct kvm_cpu_compat_check c;
5489 r = kvm_arch_init(opaque);
5494 * kvm_arch_init makes sure there's at most one caller
5495 * for architectures that support multiple implementations,
5496 * like intel and amd on x86.
5497 * kvm_arch_init must be called before kvm_irqfd_init to avoid creating
5498 * conflicts in case kvm is already setup for another implementation.
5500 r = kvm_irqfd_init();
5504 if (!zalloc_cpumask_var(&cpus_hardware_enabled, GFP_KERNEL)) {
5509 r = kvm_arch_hardware_setup(opaque);
5515 for_each_online_cpu(cpu) {
5516 smp_call_function_single(cpu, check_processor_compat, &c, 1);
5521 r = cpuhp_setup_state_nocalls(CPUHP_AP_KVM_STARTING, "kvm/cpu:starting",
5522 kvm_starting_cpu, kvm_dying_cpu);
5525 register_reboot_notifier(&kvm_reboot_notifier);
5527 /* A kmem cache lets us meet the alignment requirements of fx_save. */
5529 vcpu_align = __alignof__(struct kvm_vcpu);
5531 kmem_cache_create_usercopy("kvm_vcpu", vcpu_size, vcpu_align,
5533 offsetof(struct kvm_vcpu, arch),
5534 offsetofend(struct kvm_vcpu, stats_id)
5535 - offsetof(struct kvm_vcpu, arch),
5537 if (!kvm_vcpu_cache) {
5542 for_each_possible_cpu(cpu) {
5543 if (!alloc_cpumask_var_node(&per_cpu(cpu_kick_mask, cpu),
5544 GFP_KERNEL, cpu_to_node(cpu))) {
5550 r = kvm_async_pf_init();
5554 kvm_chardev_ops.owner = module;
5555 kvm_vm_fops.owner = module;
5556 kvm_vcpu_fops.owner = module;
5558 r = misc_register(&kvm_dev);
5560 pr_err("kvm: misc device register failed\n");
5564 register_syscore_ops(&kvm_syscore_ops);
5566 kvm_preempt_ops.sched_in = kvm_sched_in;
5567 kvm_preempt_ops.sched_out = kvm_sched_out;
5571 r = kvm_vfio_ops_init();
5577 kvm_async_pf_deinit();
5579 for_each_possible_cpu(cpu)
5580 free_cpumask_var(per_cpu(cpu_kick_mask, cpu));
5582 kmem_cache_destroy(kvm_vcpu_cache);
5584 unregister_reboot_notifier(&kvm_reboot_notifier);
5585 cpuhp_remove_state_nocalls(CPUHP_AP_KVM_STARTING);
5587 kvm_arch_hardware_unsetup();
5589 free_cpumask_var(cpus_hardware_enabled);
5597 EXPORT_SYMBOL_GPL(kvm_init);
5603 debugfs_remove_recursive(kvm_debugfs_dir);
5604 misc_deregister(&kvm_dev);
5605 for_each_possible_cpu(cpu)
5606 free_cpumask_var(per_cpu(cpu_kick_mask, cpu));
5607 kmem_cache_destroy(kvm_vcpu_cache);
5608 kvm_async_pf_deinit();
5609 unregister_syscore_ops(&kvm_syscore_ops);
5610 unregister_reboot_notifier(&kvm_reboot_notifier);
5611 cpuhp_remove_state_nocalls(CPUHP_AP_KVM_STARTING);
5612 on_each_cpu(hardware_disable_nolock, NULL, 1);
5613 kvm_arch_hardware_unsetup();
5616 free_cpumask_var(cpus_hardware_enabled);
5617 kvm_vfio_ops_exit();
5619 EXPORT_SYMBOL_GPL(kvm_exit);
5621 struct kvm_vm_worker_thread_context {
5623 struct task_struct *parent;
5624 struct completion init_done;
5625 kvm_vm_thread_fn_t thread_fn;
5630 static int kvm_vm_worker_thread(void *context)
5633 * The init_context is allocated on the stack of the parent thread, so
5634 * we have to locally copy anything that is needed beyond initialization
5636 struct kvm_vm_worker_thread_context *init_context = context;
5637 struct kvm *kvm = init_context->kvm;
5638 kvm_vm_thread_fn_t thread_fn = init_context->thread_fn;
5639 uintptr_t data = init_context->data;
5642 err = kthread_park(current);
5643 /* kthread_park(current) is never supposed to return an error */
5648 err = cgroup_attach_task_all(init_context->parent, current);
5650 kvm_err("%s: cgroup_attach_task_all failed with err %d\n",
5655 set_user_nice(current, task_nice(init_context->parent));
5658 init_context->err = err;
5659 complete(&init_context->init_done);
5660 init_context = NULL;
5665 /* Wait to be woken up by the spawner before proceeding. */
5668 if (!kthread_should_stop())
5669 err = thread_fn(kvm, data);
5674 int kvm_vm_create_worker_thread(struct kvm *kvm, kvm_vm_thread_fn_t thread_fn,
5675 uintptr_t data, const char *name,
5676 struct task_struct **thread_ptr)
5678 struct kvm_vm_worker_thread_context init_context = {};
5679 struct task_struct *thread;
5682 init_context.kvm = kvm;
5683 init_context.parent = current;
5684 init_context.thread_fn = thread_fn;
5685 init_context.data = data;
5686 init_completion(&init_context.init_done);
5688 thread = kthread_run(kvm_vm_worker_thread, &init_context,
5689 "%s-%d", name, task_pid_nr(current));
5691 return PTR_ERR(thread);
5693 /* kthread_run is never supposed to return NULL */
5694 WARN_ON(thread == NULL);
5696 wait_for_completion(&init_context.init_done);
5698 if (!init_context.err)
5699 *thread_ptr = thread;
5701 return init_context.err;
projects / platform / kernel / linux-starfive.git / blob