mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 00:48:50 +00:00
40548c6b6c
Pull x86 pti updates from Thomas Gleixner: "This contains: - a PTI bugfix to avoid setting reserved CR3 bits when PCID is disabled. This seems to cause issues on a virtual machine at least and is incorrect according to the AMD manual. - a PTI bugfix which disables the perf BTS facility if PTI is enabled. The BTS AUX buffer is not globally visible and causes the CPU to fault when the mapping disappears on switching CR3 to user space. A full fix which restores BTS on PTI is non trivial and will be worked on. - PTI bugfixes for EFI and trusted boot which make sure that the user space visible page table entries have the NX bit cleared - removal of dead code in the PTI pagetable setup functions - add PTI documentation - add a selftest for vsyscall to verify that the kernel actually implements what it advertises. - a sysfs interface to expose vulnerability and mitigation information so there is a coherent way for users to retrieve the status. - the initial spectre_v2 mitigations, aka retpoline: + The necessary ASM thunk and compiler support + The ASM variants of retpoline and the conversion of affected ASM code + Make LFENCE serializing on AMD so it can be used as speculation trap + The RSB fill after vmexit - initial objtool support for retpoline As I said in the status mail this is the most of the set of patches which should go into 4.15 except two straight forward patches still on hold: - the retpoline add on of LFENCE which waits for ACKs - the RSB fill after context switch Both should be ready to go early next week and with that we'll have covered the major holes of spectre_v2 and go back to normality" * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (28 commits) x86,perf: Disable intel_bts when PTI security/Kconfig: Correct the Documentation reference for PTI x86/pti: Fix !PCID and sanitize defines selftests/x86: Add test_vsyscall x86/retpoline: Fill return stack buffer on vmexit x86/retpoline/irq32: Convert assembler indirect jumps x86/retpoline/checksum32: Convert assembler indirect jumps x86/retpoline/xen: Convert Xen hypercall indirect jumps x86/retpoline/hyperv: Convert assembler indirect jumps x86/retpoline/ftrace: Convert ftrace assembler indirect jumps x86/retpoline/entry: Convert entry assembler indirect jumps x86/retpoline/crypto: Convert crypto assembler indirect jumps x86/spectre: Add boot time option to select Spectre v2 mitigation x86/retpoline: Add initial retpoline support objtool: Allow alternatives to be ignored objtool: Detect jumps to retpoline thunks x86/pti: Make unpoison of pgd for trusted boot work for real x86/alternatives: Fix optimize_nops() checking sysfs/cpu: Fix typos in vulnerability documentation x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC ...
380 lines
11 KiB
C
380 lines
11 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_X86_MSHYPER_H
|
|
#define _ASM_X86_MSHYPER_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/nmi.h>
|
|
#include <asm/io.h>
|
|
#include <asm/hyperv.h>
|
|
#include <asm/nospec-branch.h>
|
|
|
|
/*
|
|
* The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent
|
|
* is set by CPUID(HVCPUID_VERSION_FEATURES).
|
|
*/
|
|
enum hv_cpuid_function {
|
|
HVCPUID_VERSION_FEATURES = 0x00000001,
|
|
HVCPUID_VENDOR_MAXFUNCTION = 0x40000000,
|
|
HVCPUID_INTERFACE = 0x40000001,
|
|
|
|
/*
|
|
* The remaining functions depend on the value of
|
|
* HVCPUID_INTERFACE
|
|
*/
|
|
HVCPUID_VERSION = 0x40000002,
|
|
HVCPUID_FEATURES = 0x40000003,
|
|
HVCPUID_ENLIGHTENMENT_INFO = 0x40000004,
|
|
HVCPUID_IMPLEMENTATION_LIMITS = 0x40000005,
|
|
};
|
|
|
|
struct ms_hyperv_info {
|
|
u32 features;
|
|
u32 misc_features;
|
|
u32 hints;
|
|
u32 max_vp_index;
|
|
u32 max_lp_index;
|
|
};
|
|
|
|
extern struct ms_hyperv_info ms_hyperv;
|
|
|
|
/*
|
|
* Declare the MSR used to setup pages used to communicate with the hypervisor.
|
|
*/
|
|
union hv_x64_msr_hypercall_contents {
|
|
u64 as_uint64;
|
|
struct {
|
|
u64 enable:1;
|
|
u64 reserved:11;
|
|
u64 guest_physical_address:52;
|
|
};
|
|
};
|
|
|
|
/*
|
|
* TSC page layout.
|
|
*/
|
|
|
|
struct ms_hyperv_tsc_page {
|
|
volatile u32 tsc_sequence;
|
|
u32 reserved1;
|
|
volatile u64 tsc_scale;
|
|
volatile s64 tsc_offset;
|
|
u64 reserved2[509];
|
|
};
|
|
|
|
/*
|
|
* The guest OS needs to register the guest ID with the hypervisor.
|
|
* The guest ID is a 64 bit entity and the structure of this ID is
|
|
* specified in the Hyper-V specification:
|
|
*
|
|
* msdn.microsoft.com/en-us/library/windows/hardware/ff542653%28v=vs.85%29.aspx
|
|
*
|
|
* While the current guideline does not specify how Linux guest ID(s)
|
|
* need to be generated, our plan is to publish the guidelines for
|
|
* Linux and other guest operating systems that currently are hosted
|
|
* on Hyper-V. The implementation here conforms to this yet
|
|
* unpublished guidelines.
|
|
*
|
|
*
|
|
* Bit(s)
|
|
* 63 - Indicates if the OS is Open Source or not; 1 is Open Source
|
|
* 62:56 - Os Type; Linux is 0x100
|
|
* 55:48 - Distro specific identification
|
|
* 47:16 - Linux kernel version number
|
|
* 15:0 - Distro specific identification
|
|
*
|
|
*
|
|
*/
|
|
|
|
#define HV_LINUX_VENDOR_ID 0x8100
|
|
|
|
/*
|
|
* Generate the guest ID based on the guideline described above.
|
|
*/
|
|
|
|
static inline __u64 generate_guest_id(__u64 d_info1, __u64 kernel_version,
|
|
__u64 d_info2)
|
|
{
|
|
__u64 guest_id = 0;
|
|
|
|
guest_id = (((__u64)HV_LINUX_VENDOR_ID) << 48);
|
|
guest_id |= (d_info1 << 48);
|
|
guest_id |= (kernel_version << 16);
|
|
guest_id |= d_info2;
|
|
|
|
return guest_id;
|
|
}
|
|
|
|
|
|
/* Free the message slot and signal end-of-message if required */
|
|
static inline void vmbus_signal_eom(struct hv_message *msg, u32 old_msg_type)
|
|
{
|
|
/*
|
|
* On crash we're reading some other CPU's message page and we need
|
|
* to be careful: this other CPU may already had cleared the header
|
|
* and the host may already had delivered some other message there.
|
|
* In case we blindly write msg->header.message_type we're going
|
|
* to lose it. We can still lose a message of the same type but
|
|
* we count on the fact that there can only be one
|
|
* CHANNELMSG_UNLOAD_RESPONSE and we don't care about other messages
|
|
* on crash.
|
|
*/
|
|
if (cmpxchg(&msg->header.message_type, old_msg_type,
|
|
HVMSG_NONE) != old_msg_type)
|
|
return;
|
|
|
|
/*
|
|
* Make sure the write to MessageType (ie set to
|
|
* HVMSG_NONE) happens before we read the
|
|
* MessagePending and EOMing. Otherwise, the EOMing
|
|
* will not deliver any more messages since there is
|
|
* no empty slot
|
|
*/
|
|
mb();
|
|
|
|
if (msg->header.message_flags.msg_pending) {
|
|
/*
|
|
* This will cause message queue rescan to
|
|
* possibly deliver another msg from the
|
|
* hypervisor
|
|
*/
|
|
wrmsrl(HV_X64_MSR_EOM, 0);
|
|
}
|
|
}
|
|
|
|
#define hv_init_timer(timer, tick) wrmsrl(timer, tick)
|
|
#define hv_init_timer_config(config, val) wrmsrl(config, val)
|
|
|
|
#define hv_get_simp(val) rdmsrl(HV_X64_MSR_SIMP, val)
|
|
#define hv_set_simp(val) wrmsrl(HV_X64_MSR_SIMP, val)
|
|
|
|
#define hv_get_siefp(val) rdmsrl(HV_X64_MSR_SIEFP, val)
|
|
#define hv_set_siefp(val) wrmsrl(HV_X64_MSR_SIEFP, val)
|
|
|
|
#define hv_get_synic_state(val) rdmsrl(HV_X64_MSR_SCONTROL, val)
|
|
#define hv_set_synic_state(val) wrmsrl(HV_X64_MSR_SCONTROL, val)
|
|
|
|
#define hv_get_vp_index(index) rdmsrl(HV_X64_MSR_VP_INDEX, index)
|
|
|
|
#define hv_get_synint_state(int_num, val) rdmsrl(int_num, val)
|
|
#define hv_set_synint_state(int_num, val) wrmsrl(int_num, val)
|
|
|
|
void hyperv_callback_vector(void);
|
|
#ifdef CONFIG_TRACING
|
|
#define trace_hyperv_callback_vector hyperv_callback_vector
|
|
#endif
|
|
void hyperv_vector_handler(struct pt_regs *regs);
|
|
void hv_setup_vmbus_irq(void (*handler)(void));
|
|
void hv_remove_vmbus_irq(void);
|
|
|
|
void hv_setup_kexec_handler(void (*handler)(void));
|
|
void hv_remove_kexec_handler(void);
|
|
void hv_setup_crash_handler(void (*handler)(struct pt_regs *regs));
|
|
void hv_remove_crash_handler(void);
|
|
|
|
#if IS_ENABLED(CONFIG_HYPERV)
|
|
extern struct clocksource *hyperv_cs;
|
|
extern void *hv_hypercall_pg;
|
|
|
|
static inline u64 hv_do_hypercall(u64 control, void *input, void *output)
|
|
{
|
|
u64 input_address = input ? virt_to_phys(input) : 0;
|
|
u64 output_address = output ? virt_to_phys(output) : 0;
|
|
u64 hv_status;
|
|
|
|
#ifdef CONFIG_X86_64
|
|
if (!hv_hypercall_pg)
|
|
return U64_MAX;
|
|
|
|
__asm__ __volatile__("mov %4, %%r8\n"
|
|
CALL_NOSPEC
|
|
: "=a" (hv_status), ASM_CALL_CONSTRAINT,
|
|
"+c" (control), "+d" (input_address)
|
|
: "r" (output_address),
|
|
THUNK_TARGET(hv_hypercall_pg)
|
|
: "cc", "memory", "r8", "r9", "r10", "r11");
|
|
#else
|
|
u32 input_address_hi = upper_32_bits(input_address);
|
|
u32 input_address_lo = lower_32_bits(input_address);
|
|
u32 output_address_hi = upper_32_bits(output_address);
|
|
u32 output_address_lo = lower_32_bits(output_address);
|
|
|
|
if (!hv_hypercall_pg)
|
|
return U64_MAX;
|
|
|
|
__asm__ __volatile__(CALL_NOSPEC
|
|
: "=A" (hv_status),
|
|
"+c" (input_address_lo), ASM_CALL_CONSTRAINT
|
|
: "A" (control),
|
|
"b" (input_address_hi),
|
|
"D"(output_address_hi), "S"(output_address_lo),
|
|
THUNK_TARGET(hv_hypercall_pg)
|
|
: "cc", "memory");
|
|
#endif /* !x86_64 */
|
|
return hv_status;
|
|
}
|
|
|
|
#define HV_HYPERCALL_RESULT_MASK GENMASK_ULL(15, 0)
|
|
#define HV_HYPERCALL_FAST_BIT BIT(16)
|
|
#define HV_HYPERCALL_VARHEAD_OFFSET 17
|
|
#define HV_HYPERCALL_REP_COMP_OFFSET 32
|
|
#define HV_HYPERCALL_REP_COMP_MASK GENMASK_ULL(43, 32)
|
|
#define HV_HYPERCALL_REP_START_OFFSET 48
|
|
#define HV_HYPERCALL_REP_START_MASK GENMASK_ULL(59, 48)
|
|
|
|
/* Fast hypercall with 8 bytes of input and no output */
|
|
static inline u64 hv_do_fast_hypercall8(u16 code, u64 input1)
|
|
{
|
|
u64 hv_status, control = (u64)code | HV_HYPERCALL_FAST_BIT;
|
|
|
|
#ifdef CONFIG_X86_64
|
|
{
|
|
__asm__ __volatile__(CALL_NOSPEC
|
|
: "=a" (hv_status), ASM_CALL_CONSTRAINT,
|
|
"+c" (control), "+d" (input1)
|
|
: THUNK_TARGET(hv_hypercall_pg)
|
|
: "cc", "r8", "r9", "r10", "r11");
|
|
}
|
|
#else
|
|
{
|
|
u32 input1_hi = upper_32_bits(input1);
|
|
u32 input1_lo = lower_32_bits(input1);
|
|
|
|
__asm__ __volatile__ (CALL_NOSPEC
|
|
: "=A"(hv_status),
|
|
"+c"(input1_lo),
|
|
ASM_CALL_CONSTRAINT
|
|
: "A" (control),
|
|
"b" (input1_hi),
|
|
THUNK_TARGET(hv_hypercall_pg)
|
|
: "cc", "edi", "esi");
|
|
}
|
|
#endif
|
|
return hv_status;
|
|
}
|
|
|
|
/*
|
|
* Rep hypercalls. Callers of this functions are supposed to ensure that
|
|
* rep_count and varhead_size comply with Hyper-V hypercall definition.
|
|
*/
|
|
static inline u64 hv_do_rep_hypercall(u16 code, u16 rep_count, u16 varhead_size,
|
|
void *input, void *output)
|
|
{
|
|
u64 control = code;
|
|
u64 status;
|
|
u16 rep_comp;
|
|
|
|
control |= (u64)varhead_size << HV_HYPERCALL_VARHEAD_OFFSET;
|
|
control |= (u64)rep_count << HV_HYPERCALL_REP_COMP_OFFSET;
|
|
|
|
do {
|
|
status = hv_do_hypercall(control, input, output);
|
|
if ((status & HV_HYPERCALL_RESULT_MASK) != HV_STATUS_SUCCESS)
|
|
return status;
|
|
|
|
/* Bits 32-43 of status have 'Reps completed' data. */
|
|
rep_comp = (status & HV_HYPERCALL_REP_COMP_MASK) >>
|
|
HV_HYPERCALL_REP_COMP_OFFSET;
|
|
|
|
control &= ~HV_HYPERCALL_REP_START_MASK;
|
|
control |= (u64)rep_comp << HV_HYPERCALL_REP_START_OFFSET;
|
|
|
|
touch_nmi_watchdog();
|
|
} while (rep_comp < rep_count);
|
|
|
|
return status;
|
|
}
|
|
|
|
/*
|
|
* Hypervisor's notion of virtual processor ID is different from
|
|
* Linux' notion of CPU ID. This information can only be retrieved
|
|
* in the context of the calling CPU. Setup a map for easy access
|
|
* to this information.
|
|
*/
|
|
extern u32 *hv_vp_index;
|
|
extern u32 hv_max_vp_index;
|
|
|
|
/**
|
|
* hv_cpu_number_to_vp_number() - Map CPU to VP.
|
|
* @cpu_number: CPU number in Linux terms
|
|
*
|
|
* This function returns the mapping between the Linux processor
|
|
* number and the hypervisor's virtual processor number, useful
|
|
* in making hypercalls and such that talk about specific
|
|
* processors.
|
|
*
|
|
* Return: Virtual processor number in Hyper-V terms
|
|
*/
|
|
static inline int hv_cpu_number_to_vp_number(int cpu_number)
|
|
{
|
|
return hv_vp_index[cpu_number];
|
|
}
|
|
|
|
void hyperv_init(void);
|
|
void hyperv_setup_mmu_ops(void);
|
|
void hyper_alloc_mmu(void);
|
|
void hyperv_report_panic(struct pt_regs *regs, long err);
|
|
bool hv_is_hypercall_page_setup(void);
|
|
void hyperv_cleanup(void);
|
|
#else /* CONFIG_HYPERV */
|
|
static inline void hyperv_init(void) {}
|
|
static inline bool hv_is_hypercall_page_setup(void) { return false; }
|
|
static inline void hyperv_cleanup(void) {}
|
|
static inline void hyperv_setup_mmu_ops(void) {}
|
|
#endif /* CONFIG_HYPERV */
|
|
|
|
#ifdef CONFIG_HYPERV_TSCPAGE
|
|
struct ms_hyperv_tsc_page *hv_get_tsc_page(void);
|
|
static inline u64 hv_read_tsc_page(const struct ms_hyperv_tsc_page *tsc_pg)
|
|
{
|
|
u64 scale, offset, cur_tsc;
|
|
u32 sequence;
|
|
|
|
/*
|
|
* The protocol for reading Hyper-V TSC page is specified in Hypervisor
|
|
* Top-Level Functional Specification ver. 3.0 and above. To get the
|
|
* reference time we must do the following:
|
|
* - READ ReferenceTscSequence
|
|
* A special '0' value indicates the time source is unreliable and we
|
|
* need to use something else. The currently published specification
|
|
* versions (up to 4.0b) contain a mistake and wrongly claim '-1'
|
|
* instead of '0' as the special value, see commit c35b82ef0294.
|
|
* - ReferenceTime =
|
|
* ((RDTSC() * ReferenceTscScale) >> 64) + ReferenceTscOffset
|
|
* - READ ReferenceTscSequence again. In case its value has changed
|
|
* since our first reading we need to discard ReferenceTime and repeat
|
|
* the whole sequence as the hypervisor was updating the page in
|
|
* between.
|
|
*/
|
|
do {
|
|
sequence = READ_ONCE(tsc_pg->tsc_sequence);
|
|
if (!sequence)
|
|
return U64_MAX;
|
|
/*
|
|
* Make sure we read sequence before we read other values from
|
|
* TSC page.
|
|
*/
|
|
smp_rmb();
|
|
|
|
scale = READ_ONCE(tsc_pg->tsc_scale);
|
|
offset = READ_ONCE(tsc_pg->tsc_offset);
|
|
cur_tsc = rdtsc_ordered();
|
|
|
|
/*
|
|
* Make sure we read sequence after we read all other values
|
|
* from TSC page.
|
|
*/
|
|
smp_rmb();
|
|
|
|
} while (READ_ONCE(tsc_pg->tsc_sequence) != sequence);
|
|
|
|
return mul_u64_u64_shr(cur_tsc, scale, 64) + offset;
|
|
}
|
|
|
|
#else
|
|
static inline struct ms_hyperv_tsc_page *hv_get_tsc_page(void)
|
|
{
|
|
return NULL;
|
|
}
|
|
#endif
|
|
#endif
|