From nobody Thu Nov 28 08:48:04 2024 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 821761D0E1A; Wed, 2 Oct 2024 16:10:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727885458; cv=none; b=Jq9yIcDQ8Dw0k2/LAfK9tKcyFta39va6VlVA1oMAVH+Dmc0hixBwmybrbps9Z0uu/Ig/zcJs5bE6yRJwwxDdfHhVhPNOr91Q08zf8Rx98Ak9D8b9cOb2rs8EGPMoRyXI01CqLBRP16qbtWhZw+wWXRR+vsCw2+TOITGhSXJuqS8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727885458; c=relaxed/simple; bh=brCnzjkpTzbt3UiYWpTy1T/1nKLfDq4KxDK8Vbl7vQc=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=TyawmAibUYLCwiRNrXZ4pYFOpa25AQ4L/vUh/eqeTm1DeYASNLd0PaPG2iUdwmgo5ZCajxau6Rg81Eyo/T5+Vxs4MQprmTTwRylFJI+LcrlKoMYe+6HW16VoMUWOpd1dXF/mgBOs13X67YPu2Yt4lHlKaJCfHy9H3GZHJWT68Zs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=hRKnMDHo; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=GLxOBNlF; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="hRKnMDHo"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="GLxOBNlF" Date: Wed, 02 Oct 2024 16:10:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1727885454; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yQdSZifWR28PjcFEQ1LUgHhGuXS9x9Yyh4TeQsv/5+Y=; b=hRKnMDHouKqeBALzI0KCE16bAAbipYTK0PWO6KzC1ZorQfyBYh8+HutxDZNJOKYtHCgiua o6i5GNoogX+JEOOaZarUm7Cd7HnQzv2O38pr2ejEhZ83yL09x4OZ+/wMF+u1A2PnVogLHL v/KRX2A5UkBfZEecKkZvnsus29gjpZpqLWIaIprV6/KQ8bJebMxxFGGsk3TR1tGkUf0hJ2 mP3jkBi72Fd3qKzBNYFfeMq23oS+6irQI1TCzrBl5OhEmqBoC1ABqFTjPbbqZbHJavPEwC a0g0gFZ5jmFNAYIoAmQH0PGPT3YmcAlYe13YZcVBL5VCT/nCQi77C8WT5rpEuQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1727885454; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yQdSZifWR28PjcFEQ1LUgHhGuXS9x9Yyh4TeQsv/5+Y=; b=GLxOBNlFB3YYrcY/W4BipbMnGdBlzWfvqp4Aa0z3JTEfpSZxOxx06Rq/HKVRyjchNQCYC4 FJAvgk3FLAkjUqCw== From: "tip-bot2 for Steven Price" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: irq/core] irqchip/gic-v3-its: Share ITS tables with a non-trusted hypervisor Cc: Suzuki K Poulose , Steven Price , Thomas Gleixner , Will Deacon , Marc Zyngier , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20241002141630.433502-2-steven.price@arm.com> References: <20241002141630.433502-2-steven.price@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <172788545326.1442.16869941030805428745.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the irq/core branch of tip: Commit-ID: b08e2f42e86b5848add254da45b56fc672e2bced Gitweb: https://git.kernel.org/tip/b08e2f42e86b5848add254da45b56fc67= 2e2bced Author: Steven Price AuthorDate: Wed, 02 Oct 2024 15:16:29 +01:00 Committer: Thomas Gleixner CommitterDate: Wed, 02 Oct 2024 18:00:40 +02:00 irqchip/gic-v3-its: Share ITS tables with a non-trusted hypervisor Within a realm guest the ITS is emulated by the host. This means the allocations must have been made available to the host by a call to set_memory_decrypted(). Introduce an allocation function which performs this extra call. For the ITT use a custom genpool-based allocator that calls set_memory_decrypted() for each page allocated, but then suballocates the size needed for each ITT. Note that there is no mechanism implemented to return pages from the genpool, but it is unlikely that the peak number of devices will be much larger than the normal level - so this isn't expected to be an issue. Co-developed-by: Suzuki K Poulose Signed-off-by: Suzuki K Poulose Signed-off-by: Steven Price Signed-off-by: Thomas Gleixner Tested-by: Will Deacon Reviewed-by: Marc Zyngier Link: https://lore.kernel.org/all/20241002141630.433502-2-steven.price@arm.= com --- drivers/irqchip/irq-gic-v3-its.c | 138 +++++++++++++++++++++++++----- 1 file changed, 115 insertions(+), 23 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-= its.c index fdec478..6c1581b 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -12,12 +12,14 @@ #include #include #include +#include #include #include #include #include #include #include +#include #include #include #include @@ -27,6 +29,7 @@ #include #include #include +#include #include #include =20 @@ -164,6 +167,7 @@ struct its_device { struct its_node *its; struct event_lpi_map event_map; void *itt; + u32 itt_sz; u32 nr_ites; u32 device_id; bool shared; @@ -199,6 +203,87 @@ static DEFINE_IDA(its_vpeid_ida); #define gic_data_rdist_rd_base() (gic_data_rdist()->rd_base) #define gic_data_rdist_vlpi_base() (gic_data_rdist_rd_base() + SZ_128K) =20 +static struct page *its_alloc_pages_node(int node, gfp_t gfp, + unsigned int order) +{ + struct page *page; + int ret =3D 0; + + page =3D alloc_pages_node(node, gfp, order); + + if (!page) + return NULL; + + ret =3D set_memory_decrypted((unsigned long)page_address(page), + 1 << order); + /* + * If set_memory_decrypted() fails then we don't know what state the + * page is in, so we can't free it. Instead we leak it. + * set_memory_decrypted() will already have WARNed. + */ + if (ret) + return NULL; + + return page; +} + +static struct page *its_alloc_pages(gfp_t gfp, unsigned int order) +{ + return its_alloc_pages_node(NUMA_NO_NODE, gfp, order); +} + +static void its_free_pages(void *addr, unsigned int order) +{ + /* + * If the memory cannot be encrypted again then we must leak the pages. + * set_memory_encrypted() will already have WARNed. + */ + if (set_memory_encrypted((unsigned long)addr, 1 << order)) + return; + free_pages((unsigned long)addr, order); +} + +static struct gen_pool *itt_pool; + +static void *itt_alloc_pool(int node, int size) +{ + unsigned long addr; + struct page *page; + + if (size >=3D PAGE_SIZE) { + page =3D its_alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, get_order(s= ize)); + + return page ? page_address(page) : NULL; + } + + do { + addr =3D gen_pool_alloc(itt_pool, size); + if (addr) + break; + + page =3D its_alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 1); + if (!page) + break; + + gen_pool_add(itt_pool, (unsigned long)page_address(page), PAGE_SIZE, nod= e); + } while (!addr); + + return (void *)addr; +} + +static void itt_free_pool(void *addr, int size) +{ + if (!addr) + return; + + if (size >=3D PAGE_SIZE) { + its_free_pages(addr, get_order(size)); + return; + } + + gen_pool_free(itt_pool, (unsigned long)addr, size); +} + /* * Skip ITSs that have no vLPIs mapped, unless we're on GICv4.1, as we * always have vSGIs mapped. @@ -2181,7 +2266,8 @@ static struct page *its_allocate_prop_table(gfp_t gfp= _flags) { struct page *prop_page; =20 - prop_page =3D alloc_pages(gfp_flags, get_order(LPI_PROPBASE_SZ)); + prop_page =3D its_alloc_pages(gfp_flags, + get_order(LPI_PROPBASE_SZ)); if (!prop_page) return NULL; =20 @@ -2192,8 +2278,7 @@ static struct page *its_allocate_prop_table(gfp_t gfp= _flags) =20 static void its_free_prop_table(struct page *prop_page) { - free_pages((unsigned long)page_address(prop_page), - get_order(LPI_PROPBASE_SZ)); + its_free_pages(page_address(prop_page), get_order(LPI_PROPBASE_SZ)); } =20 static bool gic_check_reserved_range(phys_addr_t addr, unsigned long size) @@ -2315,7 +2400,7 @@ static int its_setup_baser(struct its_node *its, stru= ct its_baser *baser, order =3D get_order(GITS_BASER_PAGES_MAX * psz); } =20 - page =3D alloc_pages_node(its->numa_node, GFP_KERNEL | __GFP_ZERO, order); + page =3D its_alloc_pages_node(its->numa_node, GFP_KERNEL | __GFP_ZERO, or= der); if (!page) return -ENOMEM; =20 @@ -2328,7 +2413,7 @@ static int its_setup_baser(struct its_node *its, stru= ct its_baser *baser, /* 52bit PA is supported only when PageSize=3D64K */ if (psz !=3D SZ_64K) { pr_err("ITS: no 52bit PA support when psz=3D%d\n", psz); - free_pages((unsigned long)base, order); + its_free_pages(base, order); return -ENXIO; } =20 @@ -2384,7 +2469,7 @@ retry_baser: pr_err("ITS@%pa: %s doesn't stick: %llx %llx\n", &its->phys_base, its_base_type_string[type], val, tmp); - free_pages((unsigned long)base, order); + its_free_pages(base, order); return -ENXIO; } =20 @@ -2523,8 +2608,7 @@ static void its_free_tables(struct its_node *its) =20 for (i =3D 0; i < GITS_BASER_NR_REGS; i++) { if (its->tables[i].base) { - free_pages((unsigned long)its->tables[i].base, - its->tables[i].order); + its_free_pages(its->tables[i].base, its->tables[i].order); its->tables[i].base =3D NULL; } } @@ -2790,7 +2874,7 @@ static bool allocate_vpe_l2_table(int cpu, u32 id) =20 /* Allocate memory for 2nd level table */ if (!table[idx]) { - page =3D alloc_pages(GFP_KERNEL | __GFP_ZERO, get_order(psz)); + page =3D its_alloc_pages(GFP_KERNEL | __GFP_ZERO, get_order(psz)); if (!page) return false; =20 @@ -2909,7 +2993,7 @@ static int allocate_vpe_l1_table(void) =20 pr_debug("np =3D %d, npg =3D %lld, psz =3D %d, epp =3D %d, esz =3D %d\n", np, npg, psz, epp, esz); - page =3D alloc_pages(GFP_ATOMIC | __GFP_ZERO, get_order(np * PAGE_SIZE)); + page =3D its_alloc_pages(GFP_ATOMIC | __GFP_ZERO, get_order(np * PAGE_SIZ= E)); if (!page) return -ENOMEM; =20 @@ -2955,8 +3039,7 @@ static struct page *its_allocate_pending_table(gfp_t = gfp_flags) { struct page *pend_page; =20 - pend_page =3D alloc_pages(gfp_flags | __GFP_ZERO, - get_order(LPI_PENDBASE_SZ)); + pend_page =3D its_alloc_pages(gfp_flags | __GFP_ZERO, get_order(LPI_PENDB= ASE_SZ)); if (!pend_page) return NULL; =20 @@ -2968,7 +3051,7 @@ static struct page *its_allocate_pending_table(gfp_t = gfp_flags) =20 static void its_free_pending_table(struct page *pt) { - free_pages((unsigned long)page_address(pt), get_order(LPI_PENDBASE_SZ)); + its_free_pages(page_address(pt), get_order(LPI_PENDBASE_SZ)); } =20 /* @@ -3303,8 +3386,8 @@ static bool its_alloc_table_entry(struct its_node *it= s, =20 /* Allocate memory for 2nd level table */ if (!table[idx]) { - page =3D alloc_pages_node(its->numa_node, GFP_KERNEL | __GFP_ZERO, - get_order(baser->psz)); + page =3D its_alloc_pages_node(its->numa_node, GFP_KERNEL | __GFP_ZERO, + get_order(baser->psz)); if (!page) return false; =20 @@ -3399,7 +3482,6 @@ static struct its_device *its_create_device(struct it= s_node *its, u32 dev_id, if (WARN_ON(!is_power_of_2(nvecs))) nvecs =3D roundup_pow_of_two(nvecs); =20 - dev =3D kzalloc(sizeof(*dev), GFP_KERNEL); /* * Even if the device wants a single LPI, the ITT must be * sized as a power of two (and you need at least one bit...). @@ -3407,7 +3489,11 @@ static struct its_device *its_create_device(struct i= ts_node *its, u32 dev_id, nr_ites =3D max(2, nvecs); sz =3D nr_ites * (FIELD_GET(GITS_TYPER_ITT_ENTRY_SIZE, its->typer) + 1); sz =3D max(sz, ITS_ITT_ALIGN) + ITS_ITT_ALIGN - 1; - itt =3D kzalloc_node(sz, GFP_KERNEL, its->numa_node); + + itt =3D itt_alloc_pool(its->numa_node, sz); + + dev =3D kzalloc(sizeof(*dev), GFP_KERNEL); + if (alloc_lpis) { lpi_map =3D its_lpi_alloc(nvecs, &lpi_base, &nr_lpis); if (lpi_map) @@ -3419,9 +3505,9 @@ static struct its_device *its_create_device(struct it= s_node *its, u32 dev_id, lpi_base =3D 0; } =20 - if (!dev || !itt || !col_map || (!lpi_map && alloc_lpis)) { + if (!dev || !itt || !col_map || (!lpi_map && alloc_lpis)) { kfree(dev); - kfree(itt); + itt_free_pool(itt, sz); bitmap_free(lpi_map); kfree(col_map); return NULL; @@ -3431,6 +3517,7 @@ static struct its_device *its_create_device(struct it= s_node *its, u32 dev_id, =20 dev->its =3D its; dev->itt =3D itt; + dev->itt_sz =3D sz; dev->nr_ites =3D nr_ites; dev->event_map.lpi_map =3D lpi_map; dev->event_map.col_map =3D col_map; @@ -3458,7 +3545,7 @@ static void its_free_device(struct its_device *its_de= v) list_del(&its_dev->entry); raw_spin_unlock_irqrestore(&its_dev->its->lock, flags); kfree(its_dev->event_map.col_map); - kfree(its_dev->itt); + itt_free_pool(its_dev->itt, its_dev->itt_sz); kfree(its_dev); } =20 @@ -5116,8 +5203,9 @@ static int __init its_probe_one(struct its_node *its) } } =20 - page =3D alloc_pages_node(its->numa_node, GFP_KERNEL | __GFP_ZERO, - get_order(ITS_CMD_QUEUE_SZ)); + page =3D its_alloc_pages_node(its->numa_node, + GFP_KERNEL | __GFP_ZERO, + get_order(ITS_CMD_QUEUE_SZ)); if (!page) { err =3D -ENOMEM; goto out_unmap_sgir; @@ -5181,7 +5269,7 @@ static int __init its_probe_one(struct its_node *its) out_free_tables: its_free_tables(its); out_free_cmd: - free_pages((unsigned long)its->cmd_base, get_order(ITS_CMD_QUEUE_SZ)); + its_free_pages(its->cmd_base, get_order(ITS_CMD_QUEUE_SZ)); out_unmap_sgir: if (its->sgir_base) iounmap(its->sgir_base); @@ -5667,6 +5755,10 @@ int __init its_init(struct fwnode_handle *handle, st= ruct rdists *rdists, bool has_v4_1 =3D false; int err; =20 + itt_pool =3D gen_pool_create(get_order(ITS_ITT_ALIGN), -1); + if (!itt_pool) + return -ENOMEM; + gic_rdists =3D rdists; =20 lpi_prop_prio =3D irq_prio;