Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/arch/arm64/kvm/hypercalls.c
26442 views
1
// SPDX-License-Identifier: GPL-2.0

2
// Copyright (C) 2019 Arm Ltd.

3


4
#include <linux/arm-smccc.h>

5
#include <linux/kvm_host.h>

6


7
#include <asm/kvm_emulate.h>

8


9
#include <kvm/arm_hypercalls.h>

10
#include <kvm/arm_psci.h>

11


12
#define KVM_ARM_SMCCC_STD_FEATURES				\

13
	GENMASK(KVM_REG_ARM_STD_BMAP_BIT_COUNT - 1, 0)

14
#define KVM_ARM_SMCCC_STD_HYP_FEATURES				\

15
	GENMASK(KVM_REG_ARM_STD_HYP_BMAP_BIT_COUNT - 1, 0)

16
#define KVM_ARM_SMCCC_VENDOR_HYP_FEATURES			\

17
	GENMASK(KVM_REG_ARM_VENDOR_HYP_BMAP_BIT_COUNT - 1, 0)

18
#define KVM_ARM_SMCCC_VENDOR_HYP_FEATURES_2			\

19
	GENMASK(KVM_REG_ARM_VENDOR_HYP_BMAP_2_BIT_COUNT - 1, 0)

20


21
static void kvm_ptp_get_time(struct kvm_vcpu *vcpu, u64 *val)

22
{

23
	struct system_time_snapshot systime_snapshot;

24
	u64 cycles = ~0UL;

25
	u32 feature;

26


27
	/*

28
	 * system time and counter value must captured at the same

29
	 * time to keep consistency and precision.

30
	 */

31
	ktime_get_snapshot(&systime_snapshot);

32


33
	/*

34
	 * This is only valid if the current clocksource is the

35
	 * architected counter, as this is the only one the guest

36
	 * can see.

37
	 */

38
	if (systime_snapshot.cs_id != CSID_ARM_ARCH_COUNTER)

39
		return;

40


41
	/*

42
	 * The guest selects one of the two reference counters

43
	 * (virtual or physical) with the first argument of the SMCCC

44
	 * call. In case the identifier is not supported, error out.

45
	 */

46
	feature = smccc_get_arg1(vcpu);

47
	switch (feature) {

48
	case KVM_PTP_VIRT_COUNTER:

49
		cycles = systime_snapshot.cycles - vcpu->kvm->arch.timer_data.voffset;

50
		break;

51
	case KVM_PTP_PHYS_COUNTER:

52
		cycles = systime_snapshot.cycles - vcpu->kvm->arch.timer_data.poffset;

53
		break;

54
	default:

55
		return;

56
	}

57


58
	/*

59
	 * This relies on the top bit of val[0] never being set for

60
	 * valid values of system time, because that is *really* far

61
	 * in the future (about 292 years from 1970, and at that stage

62
	 * nobody will give a damn about it).

63
	 */

64
	val[0] = upper_32_bits(systime_snapshot.real);

65
	val[1] = lower_32_bits(systime_snapshot.real);

66
	val[2] = upper_32_bits(cycles);

67
	val[3] = lower_32_bits(cycles);

68
}

69


70
static bool kvm_smccc_default_allowed(u32 func_id)

71
{

72
	switch (func_id) {

73
	/*

74
	 * List of function-ids that are not gated with the bitmapped

75
	 * feature firmware registers, and are to be allowed for

76
	 * servicing the call by default.

77
	 */

78
	case ARM_SMCCC_VERSION_FUNC_ID:

79
	case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:

80
		return true;

81
	default:

82
		/* PSCI 0.2 and up is in the 0:0x1f range */

83
		if (ARM_SMCCC_OWNER_NUM(func_id) == ARM_SMCCC_OWNER_STANDARD &&

84
		    ARM_SMCCC_FUNC_NUM(func_id) <= 0x1f)

85
			return true;

86


87
		/*

88
		 * KVM's PSCI 0.1 doesn't comply with SMCCC, and has

89
		 * its own function-id base and range

90
		 */

91
		if (func_id >= KVM_PSCI_FN(0) && func_id <= KVM_PSCI_FN(3))

92
			return true;

93


94
		return false;

95
	}

96
}

97


98
static bool kvm_smccc_test_fw_bmap(struct kvm_vcpu *vcpu, u32 func_id)

99
{

100
	struct kvm_smccc_features *smccc_feat = &vcpu->kvm->arch.smccc_feat;

101


102
	switch (func_id) {

103
	case ARM_SMCCC_TRNG_VERSION:

104
	case ARM_SMCCC_TRNG_FEATURES:

105
	case ARM_SMCCC_TRNG_GET_UUID:

106
	case ARM_SMCCC_TRNG_RND32:

107
	case ARM_SMCCC_TRNG_RND64:

108
		return test_bit(KVM_REG_ARM_STD_BIT_TRNG_V1_0,

109
				&smccc_feat->std_bmap);

110
	case ARM_SMCCC_HV_PV_TIME_FEATURES:

111
	case ARM_SMCCC_HV_PV_TIME_ST:

112
		return test_bit(KVM_REG_ARM_STD_HYP_BIT_PV_TIME,

113
				&smccc_feat->std_hyp_bmap);

114
	case ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID:

115
	case ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID:

116
		return test_bit(KVM_REG_ARM_VENDOR_HYP_BIT_FUNC_FEAT,

117
				&smccc_feat->vendor_hyp_bmap);

118
	case ARM_SMCCC_VENDOR_HYP_KVM_PTP_FUNC_ID:

119
		return test_bit(KVM_REG_ARM_VENDOR_HYP_BIT_PTP,

120
				&smccc_feat->vendor_hyp_bmap);

121
	default:

122
		return false;

123
	}

124
}

125


126
#define SMC32_ARCH_RANGE_BEGIN	ARM_SMCCC_VERSION_FUNC_ID

127
#define SMC32_ARCH_RANGE_END	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,		\

128
						   ARM_SMCCC_SMC_32,		\

129
						   0, ARM_SMCCC_FUNC_MASK)

130


131
#define SMC64_ARCH_RANGE_BEGIN	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,		\

132
						   ARM_SMCCC_SMC_64,		\

133
						   0, 0)

134
#define SMC64_ARCH_RANGE_END	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,		\

135
						   ARM_SMCCC_SMC_64,		\

136
						   0, ARM_SMCCC_FUNC_MASK)

137


138
static int kvm_smccc_filter_insert_reserved(struct kvm *kvm)

139
{

140
	int r;

141


142
	/*

143
	 * Prevent userspace from handling any SMCCC calls in the architecture

144
	 * range, avoiding the risk of misrepresenting Spectre mitigation status

145
	 * to the guest.

146
	 */

147
	r = mtree_insert_range(&kvm->arch.smccc_filter,

148
			       SMC32_ARCH_RANGE_BEGIN, SMC32_ARCH_RANGE_END,

149
			       xa_mk_value(KVM_SMCCC_FILTER_HANDLE),

150
			       GFP_KERNEL_ACCOUNT);

151
	if (r)

152
		goto out_destroy;

153


154
	r = mtree_insert_range(&kvm->arch.smccc_filter,

155
			       SMC64_ARCH_RANGE_BEGIN, SMC64_ARCH_RANGE_END,

156
			       xa_mk_value(KVM_SMCCC_FILTER_HANDLE),

157
			       GFP_KERNEL_ACCOUNT);

158
	if (r)

159
		goto out_destroy;

160


161
	return 0;

162
out_destroy:

163
	mtree_destroy(&kvm->arch.smccc_filter);

164
	return r;

165
}

166


167
static bool kvm_smccc_filter_configured(struct kvm *kvm)

168
{

169
	return !mtree_empty(&kvm->arch.smccc_filter);

170
}

171


172
static int kvm_smccc_set_filter(struct kvm *kvm, struct kvm_smccc_filter __user *uaddr)

173
{

174
	const void *zero_page = page_to_virt(ZERO_PAGE(0));

175
	struct kvm_smccc_filter filter;

176
	u32 start, end;

177
	int r;

178


179
	if (copy_from_user(&filter, uaddr, sizeof(filter)))

180
		return -EFAULT;

181


182
	if (memcmp(filter.pad, zero_page, sizeof(filter.pad)))

183
		return -EINVAL;

184


185
	start = filter.base;

186
	end = start + filter.nr_functions - 1;

187


188
	if (end < start || filter.action >= NR_SMCCC_FILTER_ACTIONS)

189
		return -EINVAL;

190


191
	mutex_lock(&kvm->arch.config_lock);

192


193
	if (kvm_vm_has_ran_once(kvm)) {

194
		r = -EBUSY;

195
		goto out_unlock;

196
	}

197


198
	if (!kvm_smccc_filter_configured(kvm)) {

199
		r = kvm_smccc_filter_insert_reserved(kvm);

200
		if (WARN_ON_ONCE(r))

201
			goto out_unlock;

202
	}

203


204
	r = mtree_insert_range(&kvm->arch.smccc_filter, start, end,

205
			       xa_mk_value(filter.action), GFP_KERNEL_ACCOUNT);

206
out_unlock:

207
	mutex_unlock(&kvm->arch.config_lock);

208
	return r;

209
}

210


211
static u8 kvm_smccc_filter_get_action(struct kvm *kvm, u32 func_id)

212
{

213
	unsigned long idx = func_id;

214
	void *val;

215


216
	if (!kvm_smccc_filter_configured(kvm))

217
		return KVM_SMCCC_FILTER_HANDLE;

218


219
	/*

220
	 * But where's the error handling, you say?

221
	 *

222
	 * mt_find() returns NULL if no entry was found, which just so happens

223
	 * to match KVM_SMCCC_FILTER_HANDLE.

224
	 */

225
	val = mt_find(&kvm->arch.smccc_filter, &idx, idx);

226
	return xa_to_value(val);

227
}

228


229
static u8 kvm_smccc_get_action(struct kvm_vcpu *vcpu, u32 func_id)

230
{

231
	/*

232
	 * Intervening actions in the SMCCC filter take precedence over the

233
	 * pseudo-firmware register bitmaps.

234
	 */

235
	u8 action = kvm_smccc_filter_get_action(vcpu->kvm, func_id);

236
	if (action != KVM_SMCCC_FILTER_HANDLE)

237
		return action;

238


239
	if (kvm_smccc_test_fw_bmap(vcpu, func_id) ||

240
	    kvm_smccc_default_allowed(func_id))

241
		return KVM_SMCCC_FILTER_HANDLE;

242


243
	return KVM_SMCCC_FILTER_DENY;

244
}

245


246
static void kvm_prepare_hypercall_exit(struct kvm_vcpu *vcpu, u32 func_id)

247
{

248
	u8 ec = ESR_ELx_EC(kvm_vcpu_get_esr(vcpu));

249
	struct kvm_run *run = vcpu->run;

250
	u64 flags = 0;

251


252
	if (ec == ESR_ELx_EC_SMC32 || ec == ESR_ELx_EC_SMC64)

253
		flags |= KVM_HYPERCALL_EXIT_SMC;

254


255
	if (!kvm_vcpu_trap_il_is32bit(vcpu))

256
		flags |= KVM_HYPERCALL_EXIT_16BIT;

257


258
	run->exit_reason = KVM_EXIT_HYPERCALL;

259
	run->hypercall = (typeof(run->hypercall)) {

260
		.nr	= func_id,

261
		.flags	= flags,

262
	};

263
}

264


265
int kvm_smccc_call_handler(struct kvm_vcpu *vcpu)

266
{

267
	struct kvm_smccc_features *smccc_feat = &vcpu->kvm->arch.smccc_feat;

268
	u32 func_id = smccc_get_function(vcpu);

269
	u64 val[4] = {SMCCC_RET_NOT_SUPPORTED};

270
	u32 feature;

271
	u8 action;

272
	gpa_t gpa;

273
	uuid_t uuid;

274


275
	action = kvm_smccc_get_action(vcpu, func_id);

276
	switch (action) {

277
	case KVM_SMCCC_FILTER_HANDLE:

278
		break;

279
	case KVM_SMCCC_FILTER_DENY:

280
		goto out;

281
	case KVM_SMCCC_FILTER_FWD_TO_USER:

282
		kvm_prepare_hypercall_exit(vcpu, func_id);

283
		return 0;

284
	default:

285
		WARN_RATELIMIT(1, "Unhandled SMCCC filter action: %d\n", action);

286
		goto out;

287
	}

288


289
	switch (func_id) {

290
	case ARM_SMCCC_VERSION_FUNC_ID:

291
		val[0] = ARM_SMCCC_VERSION_1_1;

292
		break;

293
	case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:

294
		feature = smccc_get_arg1(vcpu);

295
		switch (feature) {

296
		case ARM_SMCCC_ARCH_WORKAROUND_1:

297
			switch (arm64_get_spectre_v2_state()) {

298
			case SPECTRE_VULNERABLE:

299
				break;

300
			case SPECTRE_MITIGATED:

301
				val[0] = SMCCC_RET_SUCCESS;

302
				break;

303
			case SPECTRE_UNAFFECTED:

304
				val[0] = SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED;

305
				break;

306
			}

307
			break;

308
		case ARM_SMCCC_ARCH_WORKAROUND_2:

309
			switch (arm64_get_spectre_v4_state()) {

310
			case SPECTRE_VULNERABLE:

311
				break;

312
			case SPECTRE_MITIGATED:

313
				/*

314
				 * SSBS everywhere: Indicate no firmware

315
				 * support, as the SSBS support will be

316
				 * indicated to the guest and the default is

317
				 * safe.

318
				 *

319
				 * Otherwise, expose a permanent mitigation

320
				 * to the guest, and hide SSBS so that the

321
				 * guest stays protected.

322
				 */

323
				if (kvm_has_feat(vcpu->kvm, ID_AA64PFR1_EL1, SSBS, IMP))

324
					break;

325
				fallthrough;

326
			case SPECTRE_UNAFFECTED:

327
				val[0] = SMCCC_RET_NOT_REQUIRED;

328
				break;

329
			}

330
			break;

331
		case ARM_SMCCC_ARCH_WORKAROUND_3:

332
			switch (arm64_get_spectre_bhb_state()) {

333
			case SPECTRE_VULNERABLE:

334
				break;

335
			case SPECTRE_MITIGATED:

336
				val[0] = SMCCC_RET_SUCCESS;

337
				break;

338
			case SPECTRE_UNAFFECTED:

339
				val[0] = SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED;

340
				break;

341
			}

342
			break;

343
		case ARM_SMCCC_HV_PV_TIME_FEATURES:

344
			if (test_bit(KVM_REG_ARM_STD_HYP_BIT_PV_TIME,

345
				     &smccc_feat->std_hyp_bmap))

346
				val[0] = SMCCC_RET_SUCCESS;

347
			break;

348
		}

349
		break;

350
	case ARM_SMCCC_HV_PV_TIME_FEATURES:

351
		val[0] = kvm_hypercall_pv_features(vcpu);

352
		break;

353
	case ARM_SMCCC_HV_PV_TIME_ST:

354
		gpa = kvm_init_stolen_time(vcpu);

355
		if (gpa != INVALID_GPA)

356
			val[0] = gpa;

357
		break;

358
	case ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID:

359
		uuid = ARM_SMCCC_VENDOR_HYP_UID_KVM;

360
		val[0] = smccc_uuid_to_reg(&uuid, 0);

361
		val[1] = smccc_uuid_to_reg(&uuid, 1);

362
		val[2] = smccc_uuid_to_reg(&uuid, 2);

363
		val[3] = smccc_uuid_to_reg(&uuid, 3);

364
		break;

365
	case ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID:

366
		val[0] = smccc_feat->vendor_hyp_bmap;

367
		/* Function numbers 2-63 are reserved for pKVM for now */

368
		val[2] = smccc_feat->vendor_hyp_bmap_2;

369
		break;

370
	case ARM_SMCCC_VENDOR_HYP_KVM_PTP_FUNC_ID:

371
		kvm_ptp_get_time(vcpu, val);

372
		break;

373
	case ARM_SMCCC_TRNG_VERSION:

374
	case ARM_SMCCC_TRNG_FEATURES:

375
	case ARM_SMCCC_TRNG_GET_UUID:

376
	case ARM_SMCCC_TRNG_RND32:

377
	case ARM_SMCCC_TRNG_RND64:

378
		return kvm_trng_call(vcpu);

379
	default:

380
		return kvm_psci_call(vcpu);

381
	}

382


383
out:

384
	smccc_set_retval(vcpu, val[0], val[1], val[2], val[3]);

385
	return 1;

386
}

387


388
static const u64 kvm_arm_fw_reg_ids[] = {

389
	KVM_REG_ARM_PSCI_VERSION,

390
	KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1,

391
	KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2,

392
	KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3,

393
	KVM_REG_ARM_STD_BMAP,

394
	KVM_REG_ARM_STD_HYP_BMAP,

395
	KVM_REG_ARM_VENDOR_HYP_BMAP,

396
	KVM_REG_ARM_VENDOR_HYP_BMAP_2,

397
};

398


399
void kvm_arm_init_hypercalls(struct kvm *kvm)

400
{

401
	struct kvm_smccc_features *smccc_feat = &kvm->arch.smccc_feat;

402


403
	smccc_feat->std_bmap = KVM_ARM_SMCCC_STD_FEATURES;

404
	smccc_feat->std_hyp_bmap = KVM_ARM_SMCCC_STD_HYP_FEATURES;

405
	smccc_feat->vendor_hyp_bmap = KVM_ARM_SMCCC_VENDOR_HYP_FEATURES;

406


407
	mt_init(&kvm->arch.smccc_filter);

408
}

409


410
void kvm_arm_teardown_hypercalls(struct kvm *kvm)

411
{

412
	mtree_destroy(&kvm->arch.smccc_filter);

413
}

414


415
int kvm_arm_get_fw_num_regs(struct kvm_vcpu *vcpu)

416
{

417
	return ARRAY_SIZE(kvm_arm_fw_reg_ids);

418
}

419


420
int kvm_arm_copy_fw_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices)

421
{

422
	int i;

423


424
	for (i = 0; i < ARRAY_SIZE(kvm_arm_fw_reg_ids); i++) {

425
		if (put_user(kvm_arm_fw_reg_ids[i], uindices++))

426
			return -EFAULT;

427
	}

428


429
	return 0;

430
}

431


432
#define KVM_REG_FEATURE_LEVEL_MASK	GENMASK(3, 0)

433


434
/*

435
 * Convert the workaround level into an easy-to-compare number, where higher

436
 * values mean better protection.

437
 */

438
static int get_kernel_wa_level(struct kvm_vcpu *vcpu, u64 regid)

439
{

440
	switch (regid) {

441
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1:

442
		switch (arm64_get_spectre_v2_state()) {

443
		case SPECTRE_VULNERABLE:

444
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL;

445
		case SPECTRE_MITIGATED:

446
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_AVAIL;

447
		case SPECTRE_UNAFFECTED:

448
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_REQUIRED;

449
		}

450
		return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL;

451
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:

452
		switch (arm64_get_spectre_v4_state()) {

453
		case SPECTRE_MITIGATED:

454
			/*

455
			 * As for the hypercall discovery, we pretend we

456
			 * don't have any FW mitigation if SSBS is there at

457
			 * all times.

458
			 */

459
			if (kvm_has_feat(vcpu->kvm, ID_AA64PFR1_EL1, SSBS, IMP))

460
				return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;

461
			fallthrough;

462
		case SPECTRE_UNAFFECTED:

463
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED;

464
		case SPECTRE_VULNERABLE:

465
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;

466
		}

467
		break;

468
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3:

469
		switch (arm64_get_spectre_bhb_state()) {

470
		case SPECTRE_VULNERABLE:

471
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_AVAIL;

472
		case SPECTRE_MITIGATED:

473
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_AVAIL;

474
		case SPECTRE_UNAFFECTED:

475
			return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_REQUIRED;

476
		}

477
		return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_AVAIL;

478
	}

479


480
	return -EINVAL;

481
}

482


483
int kvm_arm_get_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)

484
{

485
	struct kvm_smccc_features *smccc_feat = &vcpu->kvm->arch.smccc_feat;

486
	void __user *uaddr = (void __user *)(long)reg->addr;

487
	u64 val;

488


489
	switch (reg->id) {

490
	case KVM_REG_ARM_PSCI_VERSION:

491
		val = kvm_psci_version(vcpu);

492
		break;

493
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1:

494
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:

495
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3:

496
		val = get_kernel_wa_level(vcpu, reg->id) & KVM_REG_FEATURE_LEVEL_MASK;

497
		break;

498
	case KVM_REG_ARM_STD_BMAP:

499
		val = READ_ONCE(smccc_feat->std_bmap);

500
		break;

501
	case KVM_REG_ARM_STD_HYP_BMAP:

502
		val = READ_ONCE(smccc_feat->std_hyp_bmap);

503
		break;

504
	case KVM_REG_ARM_VENDOR_HYP_BMAP:

505
		val = READ_ONCE(smccc_feat->vendor_hyp_bmap);

506
		break;

507
	case KVM_REG_ARM_VENDOR_HYP_BMAP_2:

508
		val = READ_ONCE(smccc_feat->vendor_hyp_bmap_2);

509
		break;

510
	default:

511
		return -ENOENT;

512
	}

513


514
	if (copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id)))

515
		return -EFAULT;

516


517
	return 0;

518
}

519


520
static int kvm_arm_set_fw_reg_bmap(struct kvm_vcpu *vcpu, u64 reg_id, u64 val)

521
{

522
	int ret = 0;

523
	struct kvm *kvm = vcpu->kvm;

524
	struct kvm_smccc_features *smccc_feat = &kvm->arch.smccc_feat;

525
	unsigned long *fw_reg_bmap, fw_reg_features;

526


527
	switch (reg_id) {

528
	case KVM_REG_ARM_STD_BMAP:

529
		fw_reg_bmap = &smccc_feat->std_bmap;

530
		fw_reg_features = KVM_ARM_SMCCC_STD_FEATURES;

531
		break;

532
	case KVM_REG_ARM_STD_HYP_BMAP:

533
		fw_reg_bmap = &smccc_feat->std_hyp_bmap;

534
		fw_reg_features = KVM_ARM_SMCCC_STD_HYP_FEATURES;

535
		break;

536
	case KVM_REG_ARM_VENDOR_HYP_BMAP:

537
		fw_reg_bmap = &smccc_feat->vendor_hyp_bmap;

538
		fw_reg_features = KVM_ARM_SMCCC_VENDOR_HYP_FEATURES;

539
		break;

540
	case KVM_REG_ARM_VENDOR_HYP_BMAP_2:

541
		fw_reg_bmap = &smccc_feat->vendor_hyp_bmap_2;

542
		fw_reg_features = KVM_ARM_SMCCC_VENDOR_HYP_FEATURES_2;

543
		break;

544
	default:

545
		return -ENOENT;

546
	}

547


548
	/* Check for unsupported bit */

549
	if (val & ~fw_reg_features)

550
		return -EINVAL;

551


552
	mutex_lock(&kvm->arch.config_lock);

553


554
	if (kvm_vm_has_ran_once(kvm) && val != *fw_reg_bmap) {

555
		ret = -EBUSY;

556
		goto out;

557
	}

558


559
	WRITE_ONCE(*fw_reg_bmap, val);

560
out:

561
	mutex_unlock(&kvm->arch.config_lock);

562
	return ret;

563
}

564


565
int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)

566
{

567
	void __user *uaddr = (void __user *)(long)reg->addr;

568
	u64 val;

569
	int wa_level;

570


571
	if (KVM_REG_SIZE(reg->id) != sizeof(val))

572
		return -ENOENT;

573
	if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id)))

574
		return -EFAULT;

575


576
	switch (reg->id) {

577
	case KVM_REG_ARM_PSCI_VERSION:

578
	{

579
		bool wants_02;

580


581
		wants_02 = vcpu_has_feature(vcpu, KVM_ARM_VCPU_PSCI_0_2);

582


583
		switch (val) {

584
		case KVM_ARM_PSCI_0_1:

585
			if (wants_02)

586
				return -EINVAL;

587
			vcpu->kvm->arch.psci_version = val;

588
			return 0;

589
		case KVM_ARM_PSCI_0_2:

590
		case KVM_ARM_PSCI_1_0:

591
		case KVM_ARM_PSCI_1_1:

592
		case KVM_ARM_PSCI_1_2:

593
		case KVM_ARM_PSCI_1_3:

594
			if (!wants_02)

595
				return -EINVAL;

596
			vcpu->kvm->arch.psci_version = val;

597
			return 0;

598
		}

599
		break;

600
	}

601


602
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1:

603
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3:

604
		if (val & ~KVM_REG_FEATURE_LEVEL_MASK)

605
			return -EINVAL;

606


607
		if (get_kernel_wa_level(vcpu, reg->id) < val)

608
			return -EINVAL;

609


610
		return 0;

611


612
	case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:

613
		if (val & ~(KVM_REG_FEATURE_LEVEL_MASK |

614
			    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED))

615
			return -EINVAL;

616


617
		/* The enabled bit must not be set unless the level is AVAIL. */

618
		if ((val & KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED) &&

619
		    (val & KVM_REG_FEATURE_LEVEL_MASK) != KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL)

620
			return -EINVAL;

621


622
		/*

623
		 * Map all the possible incoming states to the only two we

624
		 * really want to deal with.

625
		 */

626
		switch (val & KVM_REG_FEATURE_LEVEL_MASK) {

627
		case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL:

628
		case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_UNKNOWN:

629
			wa_level = KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;

630
			break;

631
		case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL:

632
		case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED:

633
			wa_level = KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED;

634
			break;

635
		default:

636
			return -EINVAL;

637
		}

638


639
		/*

640
		 * We can deal with NOT_AVAIL on NOT_REQUIRED, but not the

641
		 * other way around.

642
		 */

643
		if (get_kernel_wa_level(vcpu, reg->id) < wa_level)

644
			return -EINVAL;

645


646
		return 0;

647
	case KVM_REG_ARM_STD_BMAP:

648
	case KVM_REG_ARM_STD_HYP_BMAP:

649
	case KVM_REG_ARM_VENDOR_HYP_BMAP:

650
	case KVM_REG_ARM_VENDOR_HYP_BMAP_2:

651
		return kvm_arm_set_fw_reg_bmap(vcpu, reg->id, val);

652
	default:

653
		return -ENOENT;

654
	}

655


656
	return -EINVAL;

657
}

658


659
int kvm_vm_smccc_has_attr(struct kvm *kvm, struct kvm_device_attr *attr)

660
{

661
	switch (attr->attr) {

662
	case KVM_ARM_VM_SMCCC_FILTER:

663
		return 0;

664
	default:

665
		return -ENXIO;

666
	}

667
}

668


669
int kvm_vm_smccc_set_attr(struct kvm *kvm, struct kvm_device_attr *attr)

670
{

671
	void __user *uaddr = (void __user *)attr->addr;

672


673
	switch (attr->attr) {

674
	case KVM_ARM_VM_SMCCC_FILTER:

675
		return kvm_smccc_set_filter(kvm, uaddr);

676
	default:

677
		return -ENXIO;

678
	}

679
}

680


681