Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1256800pxf;
        Fri, 19 Mar 2021 03:04:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzaBfqMU83iRqIeCKL2mK3x47CR7XKJQF1IkpQ2E2FxBSiA6wMnsQ+5Y8IKq1syoOizDUlU
X-Received: by 2002:a17:906:3b47:: with SMTP id h7mr3294821ejf.377.1616148244158;
        Fri, 19 Mar 2021 03:04:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1616148244; cv=none;
        d=google.com; s=arc-20160816;
        b=MwzZPbhmW2/vRo4snpiRabRH0vS0/HE28ILaOSB6euhMeNME0Gg8VZWdZErtsW/4r1
         YPPb9OztAfWPm6u1xgpQIU++cCQ6YdRRAloz57OyJqgoXRsPwHvhOo9ZF0LELtYxqMFa
         mgXo+HAAWcFoaDqAVm6hpp1X1Z338LLvHRcjRIK1Rx4uvvQ9F46CCFt4+gvzK7+8BhiH
         ams/anNP5jD65ViOAR0IqMB2ZmcGK7p8fUuvbNi8T2g94m4LycW4v/Kk6kk7Xr4Alg5o
         xQE0LWswP0RQTtF0CpXamqCNYxi3ZziCetLcPAKZsp93xHyH3oIWgmGv8dwSETCR7UBw
         FN+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:references:mime-version
         :message-id:in-reply-to:date:dkim-signature;
        bh=/O7aUiBDNsDlC5JEdHFVg6as0eZObhOTRgLXX/tsqoQ=;
        b=ela0rwLpuIEOouuU04hnNnh4dr/5O7PTZpE+gwi1Mp0iOqClPhD5RR+QqkyInSVtpH
         2INHJAQmkCszND/+2LeVtAWRKNGCKgyVOWCLx4beg6Dvw9VaAs2ecABHQwag5aVx32eM
         8pjum8CyfNSZo8Lgzv1hUZYypnp0umvXN+3w9djXleQU4QAySN8tPHpeB1/C/8kDm2JU
         CynLYBhfgYQ2K2ax9icTQmvuO02vcKoV2qpQeEt9m16j9C923sKSwteeL6ZaHLhib5/F
         PLUpy0ZnBhtJXKk8dF6zcafYjLHahIYww9oPI0udmaZkwniz0D/5qDupVBQc+gDE3iE8
         qoag==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=WNNJZE8q;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d3si3798518edq.276.2021.03.19.03.03.41;
        Fri, 19 Mar 2021 03:04:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=WNNJZE8q;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230167AbhCSKCs (ORCPT <rfc822;madrobroadblock@gmail.com>
        + 99 others); Fri, 19 Mar 2021 06:02:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54100 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230118AbhCSKCN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Mar 2021 06:02:13 -0400
Received: from mail-wr1-x449.google.com (mail-wr1-x449.google.com [IPv6:2a00:1450:4864:20::449])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9573CC06174A
        for <linux-kernel@vger.kernel.org>; Fri, 19 Mar 2021 03:02:12 -0700 (PDT)
Received: by mail-wr1-x449.google.com with SMTP id r12so21607972wro.15
        for <linux-kernel@vger.kernel.org>; Fri, 19 Mar 2021 03:02:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=/O7aUiBDNsDlC5JEdHFVg6as0eZObhOTRgLXX/tsqoQ=;
        b=WNNJZE8qr37DbOFirQKPXh0ilrsL35bpotEEfPL4GIDnAGf83WSEoYAFSKyVDQg4Dv
         uH0PSU3A/mTBU/ymqhA/7TJHxHLLuEw0Z9JKZDj1tQ0vKRR7GPQ52+MU0hwODcMecVZh
         YNo29OAzVgbgW6CCD/cwVoe/Hvx8Kunr4LS94Cm4X/8TQTlpbFtfzLpibxT5kizmLxLH
         yPrDgQpcaLnG0y5elHe+X00nuogIHS0pX6vJ5Q565khsEygcTfCbYGG5BaRjFfiCMqkB
         qFahk60ObHZ+kSFhim3xoBSywr+B4uvmXEgwEgXliwMj3ukSXmJaAHFXAeYh5HT2+iXK
         a1KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=/O7aUiBDNsDlC5JEdHFVg6as0eZObhOTRgLXX/tsqoQ=;
        b=unqB+IAHpOGe/ykfrUCrgsuZnjTRrX/xROkdBFfKSyLBQulPgkoSq+t7CclUMpHqz/
         Mp9N89CiarLa/4SqJ7Td5Ldj3mSYtpWkRKtjyX76NwPVk9470NgvugUVMz8fC3Pw5g7O
         oPhFzsGEu/zALKAyeDWoWlgnCRw63yDyNUvl+/UivabeGcC/MIRvRHwHLbXR8UMSoCvi
         bZ2OCPRgoVe6Md73SJ5spujo2aSyyh9YNRPg+KZGx3sxf9KB3u4PblbAOmefssHQZaye
         1nJdRHeszTZtlb8wfBQZdV8t2uvDXrcfoSQQoWtuJ4InUW3RPTy14WT9LKYqg5MBrgTu
         kdAA==
X-Gm-Message-State: AOAM532xoUybS5JS39X+tQfn80GbdjMt5FE3P2tVJ+JVQBKUIPxdidJY
        u9RUbToduGHqI/yUbwHFqcFRZVXbPUX/
X-Received: from r2d2-qp.c.googlers.com ([fda3:e722:ac3:10:28:9cb1:c0a8:1652])
 (user=qperret job=sendgmr) by 2002:a05:600c:190a:: with SMTP id
 j10mr2947925wmq.140.1616148131289; Fri, 19 Mar 2021 03:02:11 -0700 (PDT)
Date:   Fri, 19 Mar 2021 10:01:18 +0000
In-Reply-To: <20210319100146.1149909-1-qperret@google.com>
Message-Id: <20210319100146.1149909-11-qperret@google.com>
Mime-Version: 1.0
References: <20210319100146.1149909-1-qperret@google.com>
X-Mailer: git-send-email 2.31.0.rc2.261.g7f71774620-goog
Subject: [PATCH v6 10/38] KVM: arm64: Introduce an early Hyp page allocator
From:   Quentin Perret <qperret@google.com>
To:     catalin.marinas@arm.com, will@kernel.org, maz@kernel.org,
        james.morse@arm.com, julien.thierry.kdev@gmail.com,
        suzuki.poulose@arm.com
Cc:     android-kvm@google.com, seanjc@google.com, mate.toth-pal@arm.com,
        linux-kernel@vger.kernel.org, robh+dt@kernel.org,
        linux-arm-kernel@lists.infradead.org, kernel-team@android.com,
        kvmarm@lists.cs.columbia.edu, tabba@google.com, ardb@kernel.org,
        mark.rutland@arm.com, dbrazdil@google.com, qperret@google.com
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

With nVHE, the host currently creates all stage 1 hypervisor mappings at
EL1 during boot, installs them at EL2, and extends them as required
(e.g. when creating a new VM). But in a world where the host is no
longer trusted, it cannot have full control over the code mapped in the
hypervisor.

In preparation for enabling the hypervisor to create its own stage 1
mappings during boot, introduce an early page allocator, with minimal
functionality. This allocator is designed to be used only during early
bootstrap of the hyp code when memory protection is enabled, which will
then switch to using a full-fledged page allocator after init.

Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
---
 arch/arm64/kvm/hyp/include/nvhe/early_alloc.h | 14 +++++
 arch/arm64/kvm/hyp/include/nvhe/memory.h      | 24 +++++++++
 arch/arm64/kvm/hyp/nvhe/Makefile              |  2 +-
 arch/arm64/kvm/hyp/nvhe/early_alloc.c         | 54 +++++++++++++++++++
 arch/arm64/kvm/hyp/nvhe/psci-relay.c          |  4 +-
 5 files changed, 94 insertions(+), 4 deletions(-)
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/early_alloc.h
 create mode 100644 arch/arm64/kvm/hyp/include/nvhe/memory.h
 create mode 100644 arch/arm64/kvm/hyp/nvhe/early_alloc.c

diff --git a/arch/arm64/kvm/hyp/include/nvhe/early_alloc.h b/arch/arm64/kvm/hyp/include/nvhe/early_alloc.h
new file mode 100644
index 000000000000..dc61aaa56f31
--- /dev/null
+++ b/arch/arm64/kvm/hyp/include/nvhe/early_alloc.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef __KVM_HYP_EARLY_ALLOC_H
+#define __KVM_HYP_EARLY_ALLOC_H
+
+#include <asm/kvm_pgtable.h>
+
+void hyp_early_alloc_init(void *virt, unsigned long size);
+unsigned long hyp_early_alloc_nr_used_pages(void);
+void *hyp_early_alloc_page(void *arg);
+void *hyp_early_alloc_contig(unsigned int nr_pages);
+
+extern struct kvm_pgtable_mm_ops hyp_early_alloc_mm_ops;
+
+#endif /* __KVM_HYP_EARLY_ALLOC_H */
diff --git a/arch/arm64/kvm/hyp/include/nvhe/memory.h b/arch/arm64/kvm/hyp/include/nvhe/memory.h
new file mode 100644
index 000000000000..3e49eaa7e682
--- /dev/null
+++ b/arch/arm64/kvm/hyp/include/nvhe/memory.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef __KVM_HYP_MEMORY_H
+#define __KVM_HYP_MEMORY_H
+
+#include <asm/page.h>
+
+#include <linux/types.h>
+
+extern s64 hyp_physvirt_offset;
+
+#define __hyp_pa(virt)	((phys_addr_t)(virt) + hyp_physvirt_offset)
+#define __hyp_va(phys)	((void *)((phys_addr_t)(phys) - hyp_physvirt_offset))
+
+static inline void *hyp_phys_to_virt(phys_addr_t phys)
+{
+	return __hyp_va(phys);
+}
+
+static inline phys_addr_t hyp_virt_to_phys(void *addr)
+{
+	return __hyp_pa(addr);
+}
+
+#endif /* __KVM_HYP_MEMORY_H */
diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
index bc98f8e3d1da..24ff99e2eac5 100644
--- a/arch/arm64/kvm/hyp/nvhe/Makefile
+++ b/arch/arm64/kvm/hyp/nvhe/Makefile
@@ -13,7 +13,7 @@ lib-objs := clear_page.o copy_page.o memcpy.o memset.o
 lib-objs := $(addprefix ../../../lib/, $(lib-objs))
 
 obj-y := timer-sr.o sysreg-sr.o debug-sr.o switch.o tlb.o hyp-init.o host.o \
-	 hyp-main.o hyp-smp.o psci-relay.o
+	 hyp-main.o hyp-smp.o psci-relay.o early_alloc.o
 obj-y += ../vgic-v3-sr.o ../aarch32.o ../vgic-v2-cpuif-proxy.o ../entry.o \
 	 ../fpsimd.o ../hyp-entry.o ../exception.o
 obj-y += $(lib-objs)
diff --git a/arch/arm64/kvm/hyp/nvhe/early_alloc.c b/arch/arm64/kvm/hyp/nvhe/early_alloc.c
new file mode 100644
index 000000000000..1306c430ab87
--- /dev/null
+++ b/arch/arm64/kvm/hyp/nvhe/early_alloc.c
@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2020 Google LLC
+ * Author: Quentin Perret <qperret@google.com>
+ */
+
+#include <asm/kvm_pgtable.h>
+
+#include <nvhe/early_alloc.h>
+#include <nvhe/memory.h>
+
+struct kvm_pgtable_mm_ops hyp_early_alloc_mm_ops;
+s64 __ro_after_init hyp_physvirt_offset;
+
+static unsigned long base;
+static unsigned long end;
+static unsigned long cur;
+
+unsigned long hyp_early_alloc_nr_used_pages(void)
+{
+	return (cur - base) >> PAGE_SHIFT;
+}
+
+void *hyp_early_alloc_contig(unsigned int nr_pages)
+{
+	unsigned long size = (nr_pages << PAGE_SHIFT);
+	void *ret = (void *)cur;
+
+	if (!nr_pages)
+		return NULL;
+
+	if (end - cur < size)
+		return NULL;
+
+	cur += size;
+	memset(ret, 0, size);
+
+	return ret;
+}
+
+void *hyp_early_alloc_page(void *arg)
+{
+	return hyp_early_alloc_contig(1);
+}
+
+void hyp_early_alloc_init(void *virt, unsigned long size)
+{
+	base = cur = (unsigned long)virt;
+	end = base + size;
+
+	hyp_early_alloc_mm_ops.zalloc_page = hyp_early_alloc_page;
+	hyp_early_alloc_mm_ops.phys_to_virt = hyp_phys_to_virt;
+	hyp_early_alloc_mm_ops.virt_to_phys = hyp_virt_to_phys;
+}
diff --git a/arch/arm64/kvm/hyp/nvhe/psci-relay.c b/arch/arm64/kvm/hyp/nvhe/psci-relay.c
index 63de71c0481e..08508783ec3d 100644
--- a/arch/arm64/kvm/hyp/nvhe/psci-relay.c
+++ b/arch/arm64/kvm/hyp/nvhe/psci-relay.c
@@ -11,6 +11,7 @@
 #include <linux/kvm_host.h>
 #include <uapi/linux/psci.h>
 
+#include <nvhe/memory.h>
 #include <nvhe/trap_handler.h>
 
 void kvm_hyp_cpu_entry(unsigned long r0);
@@ -20,9 +21,6 @@ void __noreturn __host_enter(struct kvm_cpu_context *host_ctxt);
 
 /* Config options set by the host. */
 struct kvm_host_psci_config __ro_after_init kvm_host_psci_config;
-s64 __ro_after_init hyp_physvirt_offset;
-
-#define __hyp_pa(x) ((phys_addr_t)((x)) + hyp_physvirt_offset)
 
 #define INVALID_CPU_ID	UINT_MAX
 
-- 
2.31.0.rc2.261.g7f71774620-goog