Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

    One of the following values:

	* H_SUCCESS	 on success.

        * H_STATE        if the VM is not in a position to switch to secure.

Description

~~~~~~~~~~~

	* H_UNSUPPORTED		if called from the wrong context (e.g.

				from an SVM or before an H_SVM_INIT_START

				hypercall).

	* H_STATE		if the hypervisor could not successfully

                                transition the VM to Secure VM.

Description

~~~~~~~~~~~

	  If unsure, say Y.

config HARDEN_EL2_VECTORS

	bool "Harden EL2 vector mapping against system register leak" if EXPERT

	default y

	help

	  Speculation attacks against some high-performance processors can

	  be used to leak privileged information such as the vector base

	  register, resulting in a potential defeat of the EL2 layout

	  randomization.

	  This config option will map the vectors to a fixed location,

	  independent of the EL2 code mapping, so that revealing VBAR_EL2

	  to an attacker does not give away any extra information. This

	  only gets enabled on affected CPUs.

	  If unsure, say Y.

config ARM64_SSBD

	bool "Speculative Store Bypass Disable" if EXPERT

	default y

config ARM64_PTR_AUTH

	bool "Enable support for pointer authentication"

	default y

	depends on !KVM || ARM64_VHE

	depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC

	# Modern compilers insert a .note.gnu.property section note for PAC

	# which is only understood by binutils starting with version 2.33.1.

	  The feature is detected at runtime. If the feature is not present in

	  hardware it will not be advertised to userspace/KVM guest nor will it

	  be enabled. However, KVM guest also require VHE mode and hence

	  CONFIG_ARM64_VHE=y option to use this feature.

	  be enabled.

	  If the feature is present on the boot CPU but not on a late CPU, then

	  the late CPU will be parked. Also, if the boot CPU does not have

#include <linux/mm.h>

/* Translate a kernel address of @sym into its equivalent linear mapping */

#define kvm_ksym_ref(sym)						\

/*

 * Translate name of a symbol defined in nVHE hyp to the name seen

 * by kernel proper. All nVHE symbols are prefixed by the build system

 * to avoid clashes with the VHE variants.

 */

#define kvm_nvhe_sym(sym)	__kvm_nvhe_##sym

#define DECLARE_KVM_VHE_SYM(sym)	extern char sym[]

#define DECLARE_KVM_NVHE_SYM(sym)	extern char kvm_nvhe_sym(sym)[]

/*

 * Define a pair of symbols sharing the same name but one defined in

 * VHE and the other in nVHE hyp implementations.

 */

#define DECLARE_KVM_HYP_SYM(sym)		\

	DECLARE_KVM_VHE_SYM(sym);		\

	DECLARE_KVM_NVHE_SYM(sym)

#define CHOOSE_VHE_SYM(sym)	sym

#define CHOOSE_NVHE_SYM(sym)	kvm_nvhe_sym(sym)

#ifndef __KVM_NVHE_HYPERVISOR__

/*

 * BIG FAT WARNINGS:

 *

 * - Don't be tempted to change the following is_kernel_in_hyp_mode()

 *   to has_vhe(). has_vhe() is implemented as a *final* capability,

 *   while this is used early at boot time, when the capabilities are

 *   not final yet....

 *

 * - Don't let the nVHE hypervisor have access to this, as it will

 *   pick the *wrong* symbol (yes, it runs at EL2...).

 */

#define CHOOSE_HYP_SYM(sym)	(is_kernel_in_hyp_mode() ? CHOOSE_VHE_SYM(sym) \

					   : CHOOSE_NVHE_SYM(sym))

#else

/* The nVHE hypervisor shouldn't even try to access anything */

extern void *__nvhe_undefined_symbol;

#define CHOOSE_HYP_SYM(sym)	__nvhe_undefined_symbol

#endif

/* Translate a kernel address @ptr into its equivalent linear mapping */

#define kvm_ksym_ref(ptr)						\

	({								\

		void *val = &sym;					\

		void *val = (ptr);					\

		if (!is_kernel_in_hyp_mode())				\

			val = lm_alias(&sym);				\

			val = lm_alias((ptr));				\

		val;							\

	 })

#define kvm_ksym_ref_nvhe(sym)	kvm_ksym_ref(kvm_nvhe_sym(sym))

struct kvm;

struct kvm_vcpu;

struct kvm_s2_mmu;

extern char __kvm_hyp_init[];

extern char __kvm_hyp_init_end[];

DECLARE_KVM_NVHE_SYM(__kvm_hyp_init);

DECLARE_KVM_HYP_SYM(__kvm_hyp_vector);

#define __kvm_hyp_init		CHOOSE_NVHE_SYM(__kvm_hyp_init)

#define __kvm_hyp_vector	CHOOSE_HYP_SYM(__kvm_hyp_vector)

extern char __kvm_hyp_vector[];

#ifdef CONFIG_KVM_INDIRECT_VECTORS

extern atomic_t arm64_el2_vector_last_slot;

DECLARE_KVM_HYP_SYM(__bp_harden_hyp_vecs);

#define __bp_harden_hyp_vecs	CHOOSE_HYP_SYM(__bp_harden_hyp_vecs)

#endif

extern void __kvm_flush_vm_context(void);

extern void __kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa);

extern void __kvm_tlb_flush_vmid(struct kvm *kvm);

extern void __kvm_tlb_flush_local_vmid(struct kvm_vcpu *vcpu);

extern void __kvm_tlb_flush_vmid_ipa(struct kvm_s2_mmu *mmu, phys_addr_t ipa,

				     int level);

extern void __kvm_tlb_flush_vmid(struct kvm_s2_mmu *mmu);

extern void __kvm_tlb_flush_local_vmid(struct kvm_s2_mmu *mmu);

extern void __kvm_timer_set_cntvoff(u64 cntvoff);

extern int kvm_vcpu_run_vhe(struct kvm_vcpu *vcpu);

extern int __kvm_vcpu_run_nvhe(struct kvm_vcpu *vcpu);

extern int __kvm_vcpu_run(struct kvm_vcpu *vcpu);

extern void __kvm_enable_ssbs(void);

.macro get_vcpu_ptr vcpu, ctxt

	get_host_ctxt \ctxt, \vcpu

	ldr	\vcpu, [\ctxt, #HOST_CONTEXT_VCPU]

	kern_hyp_va	\vcpu

.endm

#endif

	size_t num;

};

struct kvm_sys_reg_target_table {

	struct kvm_sys_reg_table table64;

	struct kvm_sys_reg_table table32;

};

void kvm_register_target_sys_reg_table(unsigned int target,

				       struct kvm_sys_reg_target_table *table);

int kvm_handle_cp14_load_store(struct kvm_vcpu *vcpu);

int kvm_handle_cp14_32(struct kvm_vcpu *vcpu);

int kvm_handle_cp14_64(struct kvm_vcpu *vcpu);

static __always_inline unsigned long *vcpu_pc(const struct kvm_vcpu *vcpu)

{

	return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.pc;

}

static inline unsigned long *__vcpu_elr_el1(const struct kvm_vcpu *vcpu)

{

	return (unsigned long *)&vcpu_gp_regs(vcpu)->elr_el1;

}

static inline unsigned long vcpu_read_elr_el1(const struct kvm_vcpu *vcpu)

{

	if (vcpu->arch.sysregs_loaded_on_cpu)

		return read_sysreg_el1(SYS_ELR);

	else

		return *__vcpu_elr_el1(vcpu);

}

static inline void vcpu_write_elr_el1(const struct kvm_vcpu *vcpu, unsigned long v)

{

	if (vcpu->arch.sysregs_loaded_on_cpu)

		write_sysreg_el1(v, SYS_ELR);

	else

		*__vcpu_elr_el1(vcpu) = v;

	return (unsigned long *)&vcpu_gp_regs(vcpu)->pc;

}

static __always_inline unsigned long *vcpu_cpsr(const struct kvm_vcpu *vcpu)

{

	return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.pstate;

	return (unsigned long *)&vcpu_gp_regs(vcpu)->pstate;

}

static __always_inline bool vcpu_mode_is_32bit(const struct kvm_vcpu *vcpu)

static __always_inline unsigned long vcpu_get_reg(const struct kvm_vcpu *vcpu,

					 u8 reg_num)

{

	return (reg_num == 31) ? 0 : vcpu_gp_regs(vcpu)->regs.regs[reg_num];

	return (reg_num == 31) ? 0 : vcpu_gp_regs(vcpu)->regs[reg_num];

}

static __always_inline void vcpu_set_reg(struct kvm_vcpu *vcpu, u8 reg_num,

				unsigned long val)

{

	if (reg_num != 31)

		vcpu_gp_regs(vcpu)->regs.regs[reg_num] = val;

		vcpu_gp_regs(vcpu)->regs[reg_num] = val;

}

static inline unsigned long vcpu_read_spsr(const struct kvm_vcpu *vcpu)

	if (vcpu->arch.sysregs_loaded_on_cpu)

		return read_sysreg_el1(SYS_SPSR);

	else

		return vcpu_gp_regs(vcpu)->spsr[KVM_SPSR_EL1];

		return __vcpu_sys_reg(vcpu, SPSR_EL1);

}

static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v)

	if (vcpu->arch.sysregs_loaded_on_cpu)

		write_sysreg_el1(v, SYS_SPSR);

	else

		vcpu_gp_regs(vcpu)->spsr[KVM_SPSR_EL1] = v;

		__vcpu_sys_reg(vcpu, SPSR_EL1) = v;

}

/*

	return mode != PSR_MODE_EL0t;

}

static __always_inline u32 kvm_vcpu_get_hsr(const struct kvm_vcpu *vcpu)

static __always_inline u32 kvm_vcpu_get_esr(const struct kvm_vcpu *vcpu)

{

	return vcpu->arch.fault.esr_el2;

}

static __always_inline int kvm_vcpu_get_condition(const struct kvm_vcpu *vcpu)

{

	u32 esr = kvm_vcpu_get_hsr(vcpu);

	u32 esr = kvm_vcpu_get_esr(vcpu);

	if (esr & ESR_ELx_CV)

		return (esr & ESR_ELx_COND_MASK) >> ESR_ELx_COND_SHIFT;

static inline u32 kvm_vcpu_hvc_get_imm(const struct kvm_vcpu *vcpu)

{

	return kvm_vcpu_get_hsr(vcpu) & ESR_ELx_xVC_IMM_MASK;

	return kvm_vcpu_get_esr(vcpu) & ESR_ELx_xVC_IMM_MASK;

}

static __always_inline bool kvm_vcpu_dabt_isvalid(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_ISV);

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_ISV);

}

static inline unsigned long kvm_vcpu_dabt_iss_nisv_sanitized(const struct kvm_vcpu *vcpu)

{

	return kvm_vcpu_get_hsr(vcpu) & (ESR_ELx_CM | ESR_ELx_WNR | ESR_ELx_FSC);

	return kvm_vcpu_get_esr(vcpu) & (ESR_ELx_CM | ESR_ELx_WNR | ESR_ELx_FSC);

}

static inline bool kvm_vcpu_dabt_issext(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SSE);

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_SSE);

}

static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SF);

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_SF);

}

static __always_inline int kvm_vcpu_dabt_get_rd(const struct kvm_vcpu *vcpu)

{

	return (kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SRT_MASK) >> ESR_ELx_SRT_SHIFT;

	return (kvm_vcpu_get_esr(vcpu) & ESR_ELx_SRT_MASK) >> ESR_ELx_SRT_SHIFT;

}

static __always_inline bool kvm_vcpu_dabt_iss1tw(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_S1PTW);

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_S1PTW);

}

static __always_inline bool kvm_vcpu_dabt_iswrite(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_WNR) ||

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_WNR) ||

		kvm_vcpu_dabt_iss1tw(vcpu); /* AF/DBM update */

}

static inline bool kvm_vcpu_dabt_is_cm(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_CM);

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_CM);

}

static __always_inline unsigned int kvm_vcpu_dabt_get_as(const struct kvm_vcpu *vcpu)

{

	return 1 << ((kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SAS) >> ESR_ELx_SAS_SHIFT);

	return 1 << ((kvm_vcpu_get_esr(vcpu) & ESR_ELx_SAS) >> ESR_ELx_SAS_SHIFT);

}

/* This one is not specific to Data Abort */

static __always_inline bool kvm_vcpu_trap_il_is32bit(const struct kvm_vcpu *vcpu)

{

	return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_IL);

	return !!(kvm_vcpu_get_esr(vcpu) & ESR_ELx_IL);

}

static __always_inline u8 kvm_vcpu_trap_get_class(const struct kvm_vcpu *vcpu)

{

	return ESR_ELx_EC(kvm_vcpu_get_hsr(vcpu));

	return ESR_ELx_EC(kvm_vcpu_get_esr(vcpu));

}

static inline bool kvm_vcpu_trap_is_iabt(const struct kvm_vcpu *vcpu)

static __always_inline u8 kvm_vcpu_trap_get_fault(const struct kvm_vcpu *vcpu)

{

	return kvm_vcpu_get_hsr(vcpu) & ESR_ELx_FSC;

	return kvm_vcpu_get_esr(vcpu) & ESR_ELx_FSC;

}

static __always_inline u8 kvm_vcpu_trap_get_fault_type(const struct kvm_vcpu *vcpu)

{

	return kvm_vcpu_get_hsr(vcpu) & ESR_ELx_FSC_TYPE;

	return kvm_vcpu_get_esr(vcpu) & ESR_ELx_FSC_TYPE;

}

static __always_inline bool kvm_vcpu_dabt_isextabt(const struct kvm_vcpu *vcpu)

static __always_inline bool kvm_vcpu_abt_issea(const struct kvm_vcpu *vcpu)

{

	switch (kvm_vcpu_trap_get_fault(vcpu)) {

	case FSC_SEA:

static __always_inline int kvm_vcpu_sys_get_rt(struct kvm_vcpu *vcpu)

{

	u32 esr = kvm_vcpu_get_hsr(vcpu);

	u32 esr = kvm_vcpu_get_esr(vcpu);

	return ESR_ELx_SYS64_ISS_RT(esr);

}

 * Skip an instruction which has been emulated at hyp while most guest sysregs

 * are live.

 */

static __always_inline void __hyp_text __kvm_skip_instr(struct kvm_vcpu *vcpu)

static __always_inline void __kvm_skip_instr(struct kvm_vcpu *vcpu)

{

	*vcpu_pc(vcpu) = read_sysreg_el2(SYS_ELR);

	vcpu->arch.ctxt.gp_regs.regs.pstate = read_sysreg_el2(SYS_SPSR);

	vcpu_gp_regs(vcpu)->pstate = read_sysreg_el2(SYS_SPSR);

	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));

	write_sysreg_el2(vcpu->arch.ctxt.gp_regs.regs.pstate, SYS_SPSR);

	write_sysreg_el2(vcpu_gp_regs(vcpu)->pstate, SYS_SPSR);

	write_sysreg_el2(*vcpu_pc(vcpu), SYS_ELR);

}