arm64: RME: handle RIPAS changes before kvm_rec_enter

community inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/ICX7FX?from=project-issue

Reference: https://patchew.org/linux/[email protected]/[email protected]

------------------------

Each page within the protected region of the realm guest can be marked
as either RAM or EMPTY. Allow the VMM to control this before the guest
has started and provide the equivalent functions to change this (with
the guest's approval) at runtime.

When transitioning from RIPAS RAM (1) to RIPAS EMPTY (0) the memory is
unmapped from the guest and undelegated allowing the memory to be reused
by the host. When transitioning to RIPAS RAM the actual population of
the leaf RTTs is done later on stage 2 fault, however it may be
necessary to allocate additional RTTs to allow the RMM track the RIPAS
for the requested range.

When freeing a block mapping it is necessary to temporarily unfold the
RTT which requires delegating an extra page to the RMM, this page can
then be recovered once the contents of the block mapping have been
freed.

Fixes: 4afc64441759 ("[v8-15-43]arm64: RME: Allow VMM to set RIPAS")
Signed-off-by: Steven Price <[email protected]>
Signed-off-by: Xu Raoqing <[email protected]>
Signed-off-by: WangYuli <[email protected]>

Author: Steven Price

arch/arm64/kvm/rme.c

@@ -213,6 +213,7 @@ static int realm_rtt_fold(struct realm *realm,
 	unsigned long out_rtt;
 	int ret;
 
+	addr = ALIGN_DOWN(addr, rme_rtt_level_mapsize(level - 1));
 	ret = rmi_rtt_fold(virt_to_phys(realm->rd), addr, level, &out_rtt);
 
 	if (RMI_RETURN_STATUS(ret) == RMI_SUCCESS && rtt_granule)
@@ -283,6 +284,61 @@ static int realm_unmap_private_page(struct realm *realm,
 	return 0;
 }
 
+/*
+ * Returns 0 on successful fold, a negative value on error, a positive value if
+ * we were not able to fold all tables at this level.
+ */
+static int realm_fold_rtt_level(struct realm *realm, int level,
+				unsigned long start, unsigned long end)
+{
+	int not_folded = 0;
+	ssize_t map_size;
+	unsigned long addr, next_addr;
+
+	if (WARN_ON(level > RMM_RTT_MAX_LEVEL))
+		return -EINVAL;
+
+	map_size = rme_rtt_level_mapsize(level - 1);
+
+	for (addr = start; addr < end; addr = next_addr) {
+		phys_addr_t rtt_granule;
+		int ret;
+		unsigned long align_addr = ALIGN(addr, map_size);
+
+		next_addr = ALIGN(addr + 1, map_size);
+
+		ret = realm_rtt_fold(realm, align_addr, level, &rtt_granule);
+
+		switch (RMI_RETURN_STATUS(ret)) {
+		case RMI_SUCCESS:
+			free_delegated_granule(rtt_granule);
+			break;
+		case RMI_ERROR_RTT:
+			if (level == RMM_RTT_MAX_LEVEL ||
+			    RMI_RETURN_INDEX(ret) < level) {
+				not_folded++;
+				break;
+			}
+			/* Recurse a level deeper */
+			ret = realm_fold_rtt_level(realm,
+						   level + 1,
+						   addr,
+						   next_addr);
+			if (ret < 0)
+				return ret;
+			else if (ret == 0)
+				/* Try again at this level */
+				next_addr = addr;
+			break;
+		default:
+			WARN_ON(1);
+			return -ENXIO;
+		}
+	}
+
+	return not_folded;
+}
+
 static void realm_unmap_shared_range(struct kvm *kvm,
 				     int level,
 				     unsigned long start,
@@ -339,6 +395,7 @@ static void realm_unmap_shared_range(struct kvm *kvm,
 
 		cond_resched_rwlock_write(&kvm->mmu_lock);
 	}
+	realm_fold_rtt_level(realm, get_start_level(realm) + 1, start, end);
 }
 
 static int realm_init_sve_param(struct kvm *kvm, struct realm_params *params)
@@ -522,6 +579,7 @@ static int realm_create_rtt_levels(struct realm *realm,
 		if (RMI_RETURN_STATUS(ret) == RMI_ERROR_RTT &&
 		    RMI_RETURN_INDEX(ret) == level - 1) {
 			/* The RTT already exists, continue */
+			free_delegated_granule(rtt);
 			continue;
 		}
 		if (ret) {
@@ -625,61 +683,6 @@ static int realm_tear_down_rtt_range(struct realm *realm,
 					 start, end);
 }
 
-/*
- * Returns 0 on successful fold, a negative value on error, a positive value if
- * we were not able to fold all tables at this level.
- */
-static int realm_fold_rtt_level(struct realm *realm, int level,
-				unsigned long start, unsigned long end)
-{
-	int not_folded = 0;
-	ssize_t map_size;
-	unsigned long addr, next_addr;
-
-	if (WARN_ON(level > RMM_RTT_MAX_LEVEL))
-		return -EINVAL;
-
-	map_size = rme_rtt_level_mapsize(level - 1);
-
-	for (addr = start; addr < end; addr = next_addr) {
-		phys_addr_t rtt_granule;
-		int ret;
-		unsigned long align_addr = ALIGN(addr, map_size);
-
-		next_addr = ALIGN(addr + 1, map_size);
-
-		ret = realm_rtt_fold(realm, align_addr, level, &rtt_granule);
-
-		switch (RMI_RETURN_STATUS(ret)) {
-		case RMI_SUCCESS:
-			free_delegated_granule(rtt_granule);
-			break;
-		case RMI_ERROR_RTT:
-			if (level == RMM_RTT_MAX_LEVEL ||
-			    RMI_RETURN_INDEX(ret) < level) {
-				not_folded++;
-				break;
-			}
-			/* Recurse a level deeper */
-			ret = realm_fold_rtt_level(realm,
-						   level + 1,
-						   addr,
-						   next_addr);
-			if (ret < 0)
-				return ret;
-			else if (ret == 0)
-				/* Try again at this level */
-				next_addr = addr;
-			break;
-		default:
-			WARN_ON(1);
-			return -ENXIO;
-		}
-	}
-
-	return not_folded;
-}
-
 void kvm_realm_destroy_rtts(struct kvm *kvm, u32 ia_bits)
 {
 	struct realm *realm = &kvm->arch.realm;
@@ -1146,18 +1149,16 @@ static int realm_set_ipa_state(struct kvm_vcpu *vcpu,
 			 * If the RMM walk ended early then more tables are
 			 * needed to reach the required depth to set the RIPAS.
 			 */
-			if (walk_level < level) {
-				ret = realm_create_rtt_levels(realm, ipa,
+			if (walk_level >= level)
+				return -EINVAL;
+
+			ret = realm_create_rtt_levels(realm, ipa,
 							      walk_level,
 							      level,
 							      memcache);
-				/* Retry with RTTs created */
-				if (!ret)
-					continue;
-			} else {
-				ret = -EINVAL;
-			}
-
+			if (ret)
+				return ret;
+			/* Retry with the RTT levels in place */
 			break;
 		} else {
 			WARN(1, "Unexpected error in %s: %#x\n", __func__,
@@ -1466,7 +1467,8 @@ static void kvm_complete_ripas_change(struct kvm_vcpu *vcpu)
 			break;
 
 		base = top_ipa;
-	} while (top_ipa < top);
+	} while (base < top);
+	rec->run->exit.ripas_base = base;
 }
 
 /*