ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1783

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	arch/x86/kvm/lapic.c
Line in file:	491
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-11 08:47:26 UTC
Source:

   1
   2/*
   3 * Local APIC virtualization
   4 *
   5 * Copyright (C) 2006 Qumranet, Inc.
   6 * Copyright (C) 2007 Novell
   7 * Copyright (C) 2007 Intel
   8 *
   9 * Authors:
  10 *   Dor Laor <dor.laor@qumranet.com>
  11 *   Gregory Haskins <ghaskins@novell.com>
  12 *   Yaozu (Eddie) Dong <eddie.dong@intel.com>
  13 *
  14 * Based on Xen 3.1 code, Copyright (c) 2004, Intel Corporation.
  15 *
  16 * This work is licensed under the terms of the GNU GPL, version 2.  See
  17 * the COPYING file in the top-level directory.
  18 */
  19
  20#include <linux/kvm_host.h>
  21#include <linux/kvm.h>
  22#include <linux/mm.h>
  23#include <linux/highmem.h>
  24#include <linux/smp.h>
  25#include <linux/hrtimer.h>
  26#include <linux/io.h>
  27#include <linux/module.h>
  28#include <linux/math64.h>
  29#include <asm/processor.h>
  30#include <asm/msr.h>
  31#include <asm/page.h>
  32#include <asm/current.h>
  33#include <asm/apicdef.h>
  34#include <asm/atomic.h>
  35#include "kvm_cache_regs.h"
  36#include "irq.h"
  37
  38#define PRId64 "d"
  39#define PRIx64 "llx"
  40#define PRIu64 "u"
  41#define PRIo64 "o"
  42
  43#define APIC_BUS_CYCLE_NS 1
  44
  45/* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */
  46#define apic_debug(fmt, arg...)
  47
  48#define APIC_LVT_NUM                        6
  49/* 14 is the version for Xeon and Pentium 8.4.8*/
  50#define APIC_VERSION                        (0x14UL | ((APIC_LVT_NUM - 1) << 16))
  51#define LAPIC_MMIO_LENGTH                (1 << 12)
  52/* followed define is not in apicdef.h */
  53#define APIC_SHORT_MASK                        0xc0000
  54#define APIC_DEST_NOSHORT                0x0
  55#define APIC_DEST_MASK                        0x800
  56#define MAX_APIC_VECTOR                        256
  57
  58#define VEC_POS(v) ((v) & (32 - 1))
  59#define REG_POS(v) (((v) >> 5) << 4)
  60
  61static inline u32 apic_get_reg(struct kvm_lapic *apic, int reg_off)
  62{
  63        return *((u32 *) (apic->regs + reg_off));
  64}
  65
  66static inline void apic_set_reg(struct kvm_lapic *apic, int reg_off, u32 val)
  67{
  68        *((u32 *) (apic->regs + reg_off)) = val;
  69}
  70
  71static inline int apic_test_and_set_vector(int vec, void *bitmap)
  72{
  73        return test_and_set_bit(VEC_POS(vec), (bitmap) + REG_POS(vec));
  74}
  75
  76static inline int apic_test_and_clear_vector(int vec, void *bitmap)
  77{
  78        return test_and_clear_bit(VEC_POS(vec), (bitmap) + REG_POS(vec));
  79}
  80
  81static inline void apic_set_vector(int vec, void *bitmap)
  82{
  83        set_bit(VEC_POS(vec), (bitmap) + REG_POS(vec));
  84}
  85
  86static inline void apic_clear_vector(int vec, void *bitmap)
  87{
  88        clear_bit(VEC_POS(vec), (bitmap) + REG_POS(vec));
  89}
  90
  91static inline int apic_hw_enabled(struct kvm_lapic *apic)
  92{
  93        return (apic)->vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE;
  94}
  95
  96static inline int  apic_sw_enabled(struct kvm_lapic *apic)
  97{
  98        return apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_APIC_ENABLED;
  99}
 100
 101static inline int apic_enabled(struct kvm_lapic *apic)
 102{
 103        return apic_sw_enabled(apic) &&        apic_hw_enabled(apic);
 104}
 105
 106#define LVT_MASK        \
 107        (APIC_LVT_MASKED | APIC_SEND_PENDING | APIC_VECTOR_MASK)
 108
 109#define LINT_MASK        \
 110        (LVT_MASK | APIC_MODE_MASK | APIC_INPUT_POLARITY | \
 111         APIC_LVT_REMOTE_IRR | APIC_LVT_LEVEL_TRIGGER)
 112
 113static inline int kvm_apic_id(struct kvm_lapic *apic)
 114{
 115        return (apic_get_reg(apic, APIC_ID) >> 24) & 0xff;
 116}
 117
 118static inline int apic_lvt_enabled(struct kvm_lapic *apic, int lvt_type)
 119{
 120        return !(apic_get_reg(apic, lvt_type) & APIC_LVT_MASKED);
 121}
 122
 123static inline int apic_lvt_vector(struct kvm_lapic *apic, int lvt_type)
 124{
 125        return apic_get_reg(apic, lvt_type) & APIC_VECTOR_MASK;
 126}
 127
 128static inline int apic_lvtt_period(struct kvm_lapic *apic)
 129{
 130        return apic_get_reg(apic, APIC_LVTT) & APIC_LVT_TIMER_PERIODIC;
 131}
 132
 133static unsigned int apic_lvt_mask[APIC_LVT_NUM] = {
 134        LVT_MASK | APIC_LVT_TIMER_PERIODIC,        /* LVTT */
 135        LVT_MASK | APIC_MODE_MASK,        /* LVTTHMR */
 136        LVT_MASK | APIC_MODE_MASK,        /* LVTPC */
 137        LINT_MASK, LINT_MASK,        /* LVT0-1 */
 138        LVT_MASK                /* LVTERR */
 139};
 140
 141static int find_highest_vector(void *bitmap)
 142{
 143        u32 *word = bitmap;
 144        int word_offset = MAX_APIC_VECTOR >> 5;
 145
 146        while ((word_offset != 0) && (word[(--word_offset) << 2] == 0))
 147                continue;
 148
 149        if (likely(!word_offset && !word[0]))
 150                return -1;
 151        else
 152                return fls(word[word_offset << 2]) - 1 + (word_offset << 5);
 153}
 154
 155static inline int apic_test_and_set_irr(int vec, struct kvm_lapic *apic)
 156{
 157        return apic_test_and_set_vector(vec, apic->regs + APIC_IRR);
 158}
 159
 160static inline void apic_clear_irr(int vec, struct kvm_lapic *apic)
 161{
 162        apic_clear_vector(vec, apic->regs + APIC_IRR);
 163}
 164
 165static inline int apic_find_highest_irr(struct kvm_lapic *apic)
 166{
 167        int result;
 168
 169        result = find_highest_vector(apic->regs + APIC_IRR);
 170        ASSERT(result == -1 || result >= 16);
 171
 172        return result;
 173}
 174
 175int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
 176{
 177        struct kvm_lapic *apic = vcpu->arch.apic;
 178        int highest_irr;
 179
 180        if (!apic)
 181                return 0;
 182        highest_irr = apic_find_highest_irr(apic);
 183
 184        return highest_irr;
 185}
 186EXPORT_SYMBOL_GPL(kvm_lapic_find_highest_irr);
 187
 188int kvm_apic_set_irq(struct kvm_vcpu *vcpu, u8 vec, u8 trig)
 189{
 190        struct kvm_lapic *apic = vcpu->arch.apic;
 191
 192        if (!apic_test_and_set_irr(vec, apic)) {
 193                /* a new pending irq is set in IRR */
 194                if (trig)
 195                        apic_set_vector(vec, apic->regs + APIC_TMR);
 196                else
 197                        apic_clear_vector(vec, apic->regs + APIC_TMR);
 198                kvm_vcpu_kick(apic->vcpu);
 199                return 1;
 200        }
 201        return 0;
 202}
 203
 204static inline int apic_find_highest_isr(struct kvm_lapic *apic)
 205{
 206        int result;
 207
 208        result = find_highest_vector(apic->regs + APIC_ISR);
 209        ASSERT(result == -1 || result >= 16);
 210
 211        return result;
 212}
 213
 214static void apic_update_ppr(struct kvm_lapic *apic)
 215{
 216        u32 tpr, isrv, ppr;
 217        int isr;
 218
 219        tpr = apic_get_reg(apic, APIC_TASKPRI);
 220        isr = apic_find_highest_isr(apic);
 221        isrv = (isr != -1) ? isr : 0;
 222
 223        if ((tpr & 0xf0) >= (isrv & 0xf0))
 224                ppr = tpr & 0xff;
 225        else
 226                ppr = isrv & 0xf0;
 227
 228        apic_debug("vlapic %p, ppr 0x%x, isr 0x%x, isrv 0x%x",
 229                   apic, ppr, isr, isrv);
 230
 231        apic_set_reg(apic, APIC_PROCPRI, ppr);
 232}
 233
 234static void apic_set_tpr(struct kvm_lapic *apic, u32 tpr)
 235{
 236        apic_set_reg(apic, APIC_TASKPRI, tpr);
 237        apic_update_ppr(apic);
 238}
 239
 240int kvm_apic_match_physical_addr(struct kvm_lapic *apic, u16 dest)
 241{
 242        return kvm_apic_id(apic) == dest;
 243}
 244
 245int kvm_apic_match_logical_addr(struct kvm_lapic *apic, u8 mda)
 246{
 247        int result = 0;
 248        u8 logical_id;
 249
 250        logical_id = GET_APIC_LOGICAL_ID(apic_get_reg(apic, APIC_LDR));
 251
 252        switch (apic_get_reg(apic, APIC_DFR)) {
 253        case APIC_DFR_FLAT:
 254                if (logical_id & mda)
 255                        result = 1;
 256                break;
 257        case APIC_DFR_CLUSTER:
 258                if (((logical_id >> 4) == (mda >> 0x4))
 259                    && (logical_id & mda & 0xf))
 260                        result = 1;
 261                break;
 262        default:
 263                printk(KERN_WARNING "Bad DFR vcpu %d: %08x\n",
 264                       apic->vcpu->vcpu_id, apic_get_reg(apic, APIC_DFR));
 265                break;
 266        }
 267
 268        return result;
 269}
 270
 271static int apic_match_dest(struct kvm_vcpu *vcpu, struct kvm_lapic *source,
 272                           int short_hand, int dest, int dest_mode)
 273{
 274        int result = 0;
 275        struct kvm_lapic *target = vcpu->arch.apic;
 276
 277        apic_debug("target %p, source %p, dest 0x%x, "
 278                   "dest_mode 0x%x, short_hand 0x%x",
 279                   target, source, dest, dest_mode, short_hand);
 280
 281        ASSERT(!target);
 282        switch (short_hand) {
 283        case APIC_DEST_NOSHORT:
 284                if (dest_mode == 0) {
 285                        /* Physical mode. */
 286                        if ((dest == 0xFF) || (dest == kvm_apic_id(target)))
 287                                result = 1;
 288                } else
 289                        /* Logical mode. */
 290                        result = kvm_apic_match_logical_addr(target, dest);
 291                break;
 292        case APIC_DEST_SELF:
 293                if (target == source)
 294                        result = 1;
 295                break;
 296        case APIC_DEST_ALLINC:
 297                result = 1;
 298                break;
 299        case APIC_DEST_ALLBUT:
 300                if (target != source)
 301                        result = 1;
 302                break;
 303        default:
 304                printk(KERN_WARNING "Bad dest shorthand value %x\n",
 305                       short_hand);
 306                break;
 307        }
 308
 309        return result;
 310}
 311
 312/*
 313 * Add a pending IRQ into lapic.
 314 * Return 1 if successfully added and 0 if discarded.
 315 */
 316static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
 317                             int vector, int level, int trig_mode)
 318{
 319        int orig_irr, result = 0;
 320        struct kvm_vcpu *vcpu = apic->vcpu;
 321
 322        switch (delivery_mode) {
 323        case APIC_DM_FIXED:
 324        case APIC_DM_LOWEST:
 325                /* FIXME add logic for vcpu on reset */
 326                if (unlikely(!apic_enabled(apic)))
 327                        break;
 328
 329                orig_irr = apic_test_and_set_irr(vector, apic);
 330                if (orig_irr && trig_mode) {
 331                        apic_debug("level trig mode repeatedly for vector %d",
 332                                   vector);
 333                        break;
 334                }
 335
 336                if (trig_mode) {
 337                        apic_debug("level trig mode for vector %d", vector);
 338                        apic_set_vector(vector, apic->regs + APIC_TMR);
 339                } else
 340                        apic_clear_vector(vector, apic->regs + APIC_TMR);
 341
 342                kvm_vcpu_kick(vcpu);
 343
 344                result = (orig_irr == 0);
 345                break;
 346
 347        case APIC_DM_REMRD:
 348                printk(KERN_DEBUG "Ignoring delivery mode 3\n");
 349                break;
 350
 351        case APIC_DM_SMI:
 352                printk(KERN_DEBUG "Ignoring guest SMI\n");
 353                break;
 354
 355        case APIC_DM_NMI:
 356                kvm_inject_nmi(vcpu);
 357                break;
 358
 359        case APIC_DM_INIT:
 360                if (level) {
 361                        if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE)
 362                                printk(KERN_DEBUG
 363                                       "INIT on a runnable vcpu %d\n",
 364                                       vcpu->vcpu_id);
 365                        vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
 366                        kvm_vcpu_kick(vcpu);
 367                } else {
 368                        apic_debug("Ignoring de-assert INIT to vcpu %d\n",
 369                                   vcpu->vcpu_id);
 370                }
 371                break;
 372
 373        case APIC_DM_STARTUP:
 374                apic_debug("SIPI to vcpu %d vector 0x%02x\n",
 375                           vcpu->vcpu_id, vector);
 376                if (vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
 377                        vcpu->arch.sipi_vector = vector;
 378                        vcpu->arch.mp_state = KVM_MP_STATE_SIPI_RECEIVED;
 379                        kvm_vcpu_kick(vcpu);
 380                }
 381                break;
 382
 383        default:
 384                printk(KERN_ERR "TODO: unsupported delivery mode %x\n",
 385                       delivery_mode);
 386                break;
 387        }
 388        return result;
 389}
 390
 391static struct kvm_lapic *kvm_apic_round_robin(struct kvm *kvm, u8 vector,
 392                                       unsigned long bitmap)
 393{
 394        int last;
 395        int next;
 396        struct kvm_lapic *apic = NULL;
 397
 398        last = kvm->arch.round_robin_prev_vcpu;
 399        next = last;
 400
 401        do {
 402                if (++next == KVM_MAX_VCPUS)
 403                        next = 0;
 404                if (kvm->vcpus[next] == NULL || !test_bit(next, &bitmap))
 405                        continue;
 406                apic = kvm->vcpus[next]->arch.apic;
 407                if (apic && apic_enabled(apic))
 408                        break;
 409                apic = NULL;
 410        } while (next != last);
 411        kvm->arch.round_robin_prev_vcpu = next;
 412
 413        if (!apic)
 414                printk(KERN_DEBUG "vcpu not ready for apic_round_robin\n");
 415
 416        return apic;
 417}
 418
 419struct kvm_vcpu *kvm_get_lowest_prio_vcpu(struct kvm *kvm, u8 vector,
 420                unsigned long bitmap)
 421{
 422        struct kvm_lapic *apic;
 423
 424        apic = kvm_apic_round_robin(kvm, vector, bitmap);
 425        if (apic)
 426                return apic->vcpu;
 427        return NULL;
 428}
 429
 430static void apic_set_eoi(struct kvm_lapic *apic)
 431{
 432        int vector = apic_find_highest_isr(apic);
 433        int trigger_mode;
 434        /*
 435         * Not every write EOI will has corresponding ISR,
 436         * one example is when Kernel check timer on setup_IO_APIC
 437         */
 438        if (vector == -1)
 439                return;
 440
 441        apic_clear_vector(vector, apic->regs + APIC_ISR);
 442        apic_update_ppr(apic);
 443
 444        if (apic_test_and_clear_vector(vector, apic->regs + APIC_TMR))
 445                trigger_mode = IOAPIC_LEVEL_TRIG;
 446        else
 447                trigger_mode = IOAPIC_EDGE_TRIG;
 448        kvm_ioapic_update_eoi(apic->vcpu->kvm, vector, trigger_mode);
 449}
 450
 451static void apic_send_ipi(struct kvm_lapic *apic)
 452{
 453        u32 icr_low = apic_get_reg(apic, APIC_ICR);
 454        u32 icr_high = apic_get_reg(apic, APIC_ICR2);
 455
 456        unsigned int dest = GET_APIC_DEST_FIELD(icr_high);
 457        unsigned int short_hand = icr_low & APIC_SHORT_MASK;
 458        unsigned int trig_mode = icr_low & APIC_INT_LEVELTRIG;
 459        unsigned int level = icr_low & APIC_INT_ASSERT;
 460        unsigned int dest_mode = icr_low & APIC_DEST_MASK;
 461        unsigned int delivery_mode = icr_low & APIC_MODE_MASK;
 462        unsigned int vector = icr_low & APIC_VECTOR_MASK;
 463
 464        struct kvm_vcpu *target;
 465        struct kvm_vcpu *vcpu;
 466        unsigned long lpr_map = 0;
 467        int i;
 468
 469        apic_debug("icr_high 0x%x, icr_low 0x%x, "
 470                   "short_hand 0x%x, dest 0x%x, trig_mode 0x%x, level 0x%x, "
 471                   "dest_mode 0x%x, delivery_mode 0x%x, vector 0x%x\n",
 472                   icr_high, icr_low, short_hand, dest,
 473                   trig_mode, level, dest_mode, delivery_mode, vector);
 474
 475        for (i = 0; i < KVM_MAX_VCPUS; i++) {
 476                vcpu = apic->vcpu->kvm->vcpus[i];
 477                if (!vcpu)
 478                        continue;
 479
 480                if (vcpu->arch.apic &&
 481                    apic_match_dest(vcpu, apic, short_hand, dest, dest_mode)) {
 482                        if (delivery_mode == APIC_DM_LOWEST)
 483                                set_bit(vcpu->vcpu_id, &lpr_map);
 484                        else
 485                                __apic_accept_irq(vcpu->arch.apic, delivery_mode,
 486                                                  vector, level, trig_mode);
 487                }
 488        }
 489
 490        if (delivery_mode == APIC_DM_LOWEST) {
 491                target = kvm_get_lowest_prio_vcpu(vcpu->kvm, vector, lpr_map);
 492                if (target != NULL)
 493                        __apic_accept_irq(target->arch.apic, delivery_mode,
 494                                          vector, level, trig_mode);
 495        }
 496}
 497
 498static u32 apic_get_tmcct(struct kvm_lapic *apic)
 499{
 500        u64 counter_passed;
 501        ktime_t passed, now;
 502        u32 tmcct;
 503
 504        ASSERT(apic != NULL);
 505
 506        now = apic->timer.dev.base->get_time();
 507        tmcct = apic_get_reg(apic, APIC_TMICT);
 508
 509        /* if initial count is 0, current count should also be 0 */
 510        if (tmcct == 0)
 511                return 0;
 512
 513        if (unlikely(ktime_to_ns(now) <=
 514                ktime_to_ns(apic->timer.last_update))) {
 515                /* Wrap around */
 516                passed = ktime_add(( {
 517                                    (ktime_t) {
 518                                    .tv64 = KTIME_MAX -
 519                                    (apic->timer.last_update).tv64}; }
 520                                   ), now);
 521                apic_debug("time elapsed\n");
 522        } else
 523                passed = ktime_sub(now, apic->timer.last_update);
 524
 525        counter_passed = div64_u64(ktime_to_ns(passed),
 526                                   (APIC_BUS_CYCLE_NS * apic->timer.divide_count));
 527
 528        if (counter_passed > tmcct) {
 529                if (unlikely(!apic_lvtt_period(apic))) {
 530                        /* one-shot timers stick at 0 until reset */
 531                        tmcct = 0;
 532                } else {
 533                        /*
 534                         * periodic timers reset to APIC_TMICT when they
 535                         * hit 0. The while loop simulates this happening N
 536                         * times. (counter_passed %= tmcct) would also work,
 537                         * but might be slower or not work on 32-bit??
 538                         */
 539                        while (counter_passed > tmcct)
 540                                counter_passed -= tmcct;
 541                        tmcct -= counter_passed;
 542                }
 543        } else {
 544                tmcct -= counter_passed;
 545        }
 546
 547        return tmcct;
 548}
 549
 550static void __report_tpr_access(struct kvm_lapic *apic, bool write)
 551{
 552        struct kvm_vcpu *vcpu = apic->vcpu;
 553        struct kvm_run *run = vcpu->run;
 554
 555        set_bit(KVM_REQ_REPORT_TPR_ACCESS, &vcpu->requests);
 556        run->tpr_access.rip = kvm_rip_read(vcpu);
 557        run->tpr_access.is_write = write;
 558}
 559
 560static inline void report_tpr_access(struct kvm_lapic *apic, bool write)
 561{
 562        if (apic->vcpu->arch.tpr_access_reporting)
 563                __report_tpr_access(apic, write);
 564}
 565
 566static u32 __apic_read(struct kvm_lapic *apic, unsigned int offset)
 567{
 568        u32 val = 0;
 569
 570        KVMTRACE_1D(APIC_ACCESS, apic->vcpu, (u32)offset, handler);
 571
 572        if (offset >= LAPIC_MMIO_LENGTH)
 573                return 0;
 574
 575        switch (offset) {
 576        case APIC_ARBPRI:
 577                printk(KERN_WARNING "Access APIC ARBPRI register "
 578                       "which is for P6\n");
 579                break;
 580
 581        case APIC_TMCCT:        /* Timer CCR */
 582                val = apic_get_tmcct(apic);
 583                break;
 584
 585        case APIC_TASKPRI:
 586                report_tpr_access(apic, false);
 587                /* fall thru */
 588        default:
 589                apic_update_ppr(apic);
 590                val = apic_get_reg(apic, offset);
 591                break;
 592        }
 593
 594        return val;
 595}
 596
 597static void apic_mmio_read(struct kvm_io_device *this,
 598                           gpa_t address, int len, void *data)
 599{
 600        struct kvm_lapic *apic = (struct kvm_lapic *)this->private;
 601        unsigned int offset = address - apic->base_address;
 602        unsigned char alignment = offset & 0xf;
 603        u32 result;
 604
 605        if ((alignment + len) > 4) {
 606                printk(KERN_ERR "KVM_APIC_READ: alignment error %lx %d",
 607                       (unsigned long)address, len);
 608                return;
 609        }
 610        result = __apic_read(apic, offset & ~0xf);
 611
 612        switch (len) {
 613        case 1:
 614        case 2:
 615        case 4:
 616                memcpy(data, (char *)&result + alignment, len);
 617                break;
 618        default:
 619                printk(KERN_ERR "Local APIC read with len = %x, "
 620                       "should be 1,2, or 4 instead\n", len);
 621                break;
 622        }
 623}
 624
 625static void update_divide_count(struct kvm_lapic *apic)
 626{
 627        u32 tmp1, tmp2, tdcr;
 628
 629        tdcr = apic_get_reg(apic, APIC_TDCR);
 630        tmp1 = tdcr & 0xf;
 631        tmp2 = ((tmp1 & 0x3) | ((tmp1 & 0x8) >> 1)) + 1;
 632        apic->timer.divide_count = 0x1 << (tmp2 & 0x7);
 633
 634        apic_debug("timer divide count is 0x%x\n",
 635                                   apic->timer.divide_count);
 636}
 637
 638static void start_apic_timer(struct kvm_lapic *apic)
 639{
 640        ktime_t now = apic->timer.dev.base->get_time();
 641
 642        apic->timer.last_update = now;
 643
 644        apic->timer.period = apic_get_reg(apic, APIC_TMICT) *
 645                    APIC_BUS_CYCLE_NS * apic->timer.divide_count;
 646        atomic_set(&apic->timer.pending, 0);
 647
 648        if (!apic->timer.period)
 649                return;
 650
 651        hrtimer_start(&apic->timer.dev,
 652                      ktime_add_ns(now, apic->timer.period),
 653                      HRTIMER_MODE_ABS);
 654
 655        apic_debug("%s: bus cycle is %" PRId64 "ns, now 0x%016"
 656                           PRIx64 ", "
 657                           "timer initial count 0x%x, period %lldns, "
 658                           "expire @ 0x%016" PRIx64 ".\n", __func__,
 659                           APIC_BUS_CYCLE_NS, ktime_to_ns(now),
 660                           apic_get_reg(apic, APIC_TMICT),
 661                           apic->timer.period,
 662                           ktime_to_ns(ktime_add_ns(now,
 663                                        apic->timer.period)));
 664}
 665
 666static void apic_mmio_write(struct kvm_io_device *this,
 667                            gpa_t address, int len, const void *data)
 668{
 669        struct kvm_lapic *apic = (struct kvm_lapic *)this->private;
 670        unsigned int offset = address - apic->base_address;
 671        unsigned char alignment = offset & 0xf;
 672        u32 val;
 673
 674        /*
 675         * APIC register must be aligned on 128-bits boundary.
 676         * 32/64/128 bits registers must be accessed thru 32 bits.
 677         * Refer SDM 8.4.1
 678         */
 679        if (len != 4 || alignment) {
 680                /* Don't shout loud, $infamous_os would cause only noise. */
 681                apic_debug("apic write: bad size=%d %lx\n",
 682                           len, (long)address);
 683                return;
 684        }
 685
 686        val = *(u32 *) data;
 687
 688        /* too common printing */
 689        if (offset != APIC_EOI)
 690                apic_debug("%s: offset 0x%x with length 0x%x, and value is "
 691                           "0x%x\n", __func__, offset, len, val);
 692
 693        offset &= 0xff0;
 694
 695        KVMTRACE_1D(APIC_ACCESS, apic->vcpu, (u32)offset, handler);
 696
 697        switch (offset) {
 698        case APIC_ID:                /* Local APIC ID */
 699                apic_set_reg(apic, APIC_ID, val);
 700                break;
 701
 702        case APIC_TASKPRI:
 703                report_tpr_access(apic, true);
 704                apic_set_tpr(apic, val & 0xff);
 705                break;
 706
 707        case APIC_EOI:
 708                apic_set_eoi(apic);
 709                break;
 710
 711        case APIC_LDR:
 712                apic_set_reg(apic, APIC_LDR, val & APIC_LDR_MASK);
 713                break;
 714
 715        case APIC_DFR:
 716                apic_set_reg(apic, APIC_DFR, val | 0x0FFFFFFF);
 717                break;
 718
 719        case APIC_SPIV:
 720                apic_set_reg(apic, APIC_SPIV, val & 0x3ff);
 721                if (!(val & APIC_SPIV_APIC_ENABLED)) {
 722                        int i;
 723                        u32 lvt_val;
 724
 725                        for (i = 0; i < APIC_LVT_NUM; i++) {
 726                                lvt_val = apic_get_reg(apic,
 727                                                       APIC_LVTT + 0x10 * i);
 728                                apic_set_reg(apic, APIC_LVTT + 0x10 * i,
 729                                             lvt_val | APIC_LVT_MASKED);
 730                        }
 731                        atomic_set(&apic->timer.pending, 0);
 732
 733                }
 734                break;
 735
 736        case APIC_ICR:
 737                /* No delay here, so we always clear the pending bit */
 738                apic_set_reg(apic, APIC_ICR, val & ~(1 << 12));
 739                apic_send_ipi(apic);
 740                break;
 741
 742        case APIC_ICR2:
 743                apic_set_reg(apic, APIC_ICR2, val & 0xff000000);
 744                break;
 745
 746        case APIC_LVTT:
 747        case APIC_LVTTHMR:
 748        case APIC_LVTPC:
 749        case APIC_LVT0:
 750        case APIC_LVT1:
 751        case APIC_LVTERR:
 752                /* TODO: Check vector */
 753                if (!apic_sw_enabled(apic))
 754                        val |= APIC_LVT_MASKED;
 755
 756                val &= apic_lvt_mask[(offset - APIC_LVTT) >> 4];
 757                apic_set_reg(apic, offset, val);
 758
 759                break;
 760
 761        case APIC_TMICT:
 762                hrtimer_cancel(&apic->timer.dev);
 763                apic_set_reg(apic, APIC_TMICT, val);
 764                start_apic_timer(apic);
 765                return;
 766
 767        case APIC_TDCR:
 768                if (val & 4)
 769                        printk(KERN_ERR "KVM_WRITE:TDCR %x\n", val);
 770                apic_set_reg(apic, APIC_TDCR, val);
 771                update_divide_count(apic);
 772                break;
 773
 774        default:
 775                apic_debug("Local APIC Write to read-only register %x\n",
 776                           offset);
 777                break;
 778        }
 779
 780}
 781
 782static int apic_mmio_range(struct kvm_io_device *this, gpa_t addr,
 783                           int len, int size)
 784{
 785        struct kvm_lapic *apic = (struct kvm_lapic *)this->private;
 786        int ret = 0;
 787
 788
 789        if (apic_hw_enabled(apic) &&
 790            (addr >= apic->base_address) &&
 791            (addr < (apic->base_address + LAPIC_MMIO_LENGTH)))
 792                ret = 1;
 793
 794        return ret;
 795}
 796
 797void kvm_free_lapic(struct kvm_vcpu *vcpu)
 798{
 799        if (!vcpu->arch.apic)
 800                return;
 801
 802        hrtimer_cancel(&vcpu->arch.apic->timer.dev);
 803
 804        if (vcpu->arch.apic->regs_page)
 805                __free_page(vcpu->arch.apic->regs_page);
 806
 807        kfree(vcpu->arch.apic);
 808}
 809
 810/*
 811 *----------------------------------------------------------------------
 812 * LAPIC interface
 813 *----------------------------------------------------------------------
 814 */
 815
 816void kvm_lapic_set_tpr(struct kvm_vcpu *vcpu, unsigned long cr8)
 817{
 818        struct kvm_lapic *apic = vcpu->arch.apic;
 819
 820        if (!apic)
 821                return;
 822        apic_set_tpr(apic, ((cr8 & 0x0f) << 4)
 823                     | (apic_get_reg(apic, APIC_TASKPRI) & 4));
 824}
 825EXPORT_SYMBOL_GPL(kvm_lapic_set_tpr);
 826
 827u64 kvm_lapic_get_cr8(struct kvm_vcpu *vcpu)
 828{
 829        struct kvm_lapic *apic = vcpu->arch.apic;
 830        u64 tpr;
 831
 832        if (!apic)
 833                return 0;
 834        tpr = (u64) apic_get_reg(apic, APIC_TASKPRI);
 835
 836        return (tpr & 0xf0) >> 4;
 837}
 838EXPORT_SYMBOL_GPL(kvm_lapic_get_cr8);
 839
 840void kvm_lapic_set_base(struct kvm_vcpu *vcpu, u64 value)
 841{
 842        struct kvm_lapic *apic = vcpu->arch.apic;
 843
 844        if (!apic) {
 845                value |= MSR_IA32_APICBASE_BSP;
 846                vcpu->arch.apic_base = value;
 847                return;
 848        }
 849        if (apic->vcpu->vcpu_id)
 850                value &= ~MSR_IA32_APICBASE_BSP;
 851
 852        vcpu->arch.apic_base = value;
 853        apic->base_address = apic->vcpu->arch.apic_base &
 854                             MSR_IA32_APICBASE_BASE;
 855
 856        /* with FSB delivery interrupt, we can restart APIC functionality */
 857        apic_debug("apic base msr is 0x%016" PRIx64 ", and base address is "
 858                   "0x%lx.\n", apic->vcpu->arch.apic_base, apic->base_address);
 859
 860}
 861
 862u64 kvm_lapic_get_base(struct kvm_vcpu *vcpu)
 863{
 864        return vcpu->arch.apic_base;
 865}
 866EXPORT_SYMBOL_GPL(kvm_lapic_get_base);
 867
 868void kvm_lapic_reset(struct kvm_vcpu *vcpu)
 869{
 870        struct kvm_lapic *apic;
 871        int i;
 872
 873        apic_debug("%s\n", __func__);
 874
 875        ASSERT(vcpu);
 876        apic = vcpu->arch.apic;
 877        ASSERT(apic != NULL);
 878
 879        /* Stop the timer in case it's a reset to an active apic */
 880        hrtimer_cancel(&apic->timer.dev);
 881
 882        apic_set_reg(apic, APIC_ID, vcpu->vcpu_id << 24);
 883        apic_set_reg(apic, APIC_LVR, APIC_VERSION);
 884
 885        for (i = 0; i < APIC_LVT_NUM; i++)
 886                apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED);
 887        apic_set_reg(apic, APIC_LVT0,
 888                     SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT));
 889
 890        apic_set_reg(apic, APIC_DFR, 0xffffffffU);
 891        apic_set_reg(apic, APIC_SPIV, 0xff);
 892        apic_set_reg(apic, APIC_TASKPRI, 0);
 893        apic_set_reg(apic, APIC_LDR, 0);
 894        apic_set_reg(apic, APIC_ESR, 0);
 895        apic_set_reg(apic, APIC_ICR, 0);
 896        apic_set_reg(apic, APIC_ICR2, 0);
 897        apic_set_reg(apic, APIC_TDCR, 0);
 898        apic_set_reg(apic, APIC_TMICT, 0);
 899        for (i = 0; i < 8; i++) {
 900                apic_set_reg(apic, APIC_IRR + 0x10 * i, 0);
 901                apic_set_reg(apic, APIC_ISR + 0x10 * i, 0);
 902                apic_set_reg(apic, APIC_TMR + 0x10 * i, 0);
 903        }
 904        update_divide_count(apic);
 905        atomic_set(&apic->timer.pending, 0);
 906        if (vcpu->vcpu_id == 0)
 907                vcpu->arch.apic_base |= MSR_IA32_APICBASE_BSP;
 908        apic_update_ppr(apic);
 909
 910        apic_debug(KERN_INFO "%s: vcpu=%p, id=%d, base_msr="
 911                   "0x%016" PRIx64 ", base_address=0x%0lx.\n", __func__,
 912                   vcpu, kvm_apic_id(apic),
 913                   vcpu->arch.apic_base, apic->base_address);
 914}
 915EXPORT_SYMBOL_GPL(kvm_lapic_reset);
 916
 917int kvm_lapic_enabled(struct kvm_vcpu *vcpu)
 918{
 919        struct kvm_lapic *apic = vcpu->arch.apic;
 920        int ret = 0;
 921
 922        if (!apic)
 923                return 0;
 924        ret = apic_enabled(apic);
 925
 926        return ret;
 927}
 928EXPORT_SYMBOL_GPL(kvm_lapic_enabled);
 929
 930/*
 931 *----------------------------------------------------------------------
 932 * timer interface
 933 *----------------------------------------------------------------------
 934 */
 935
 936/* TODO: make sure __apic_timer_fn runs in current pCPU */
 937static int __apic_timer_fn(struct kvm_lapic *apic)
 938{
 939        int result = 0;
 940        wait_queue_head_t *q = &apic->vcpu->wq;
 941
 942        if(!atomic_inc_and_test(&apic->timer.pending))
 943                set_bit(KVM_REQ_PENDING_TIMER, &apic->vcpu->requests);
 944        if (waitqueue_active(q))
 945                wake_up_interruptible(q);
 946
 947        if (apic_lvtt_period(apic)) {
 948                result = 1;
 949                hrtimer_add_expires_ns(&apic->timer.dev, apic->timer.period);
 950        }
 951        return result;
 952}
 953
 954int apic_has_pending_timer(struct kvm_vcpu *vcpu)
 955{
 956        struct kvm_lapic *lapic = vcpu->arch.apic;
 957
 958        if (lapic && apic_enabled(lapic) && apic_lvt_enabled(lapic, APIC_LVTT))
 959                return atomic_read(&lapic->timer.pending);
 960
 961        return 0;
 962}
 963
 964static int __inject_apic_timer_irq(struct kvm_lapic *apic)
 965{
 966        int vector;
 967
 968        vector = apic_lvt_vector(apic, APIC_LVTT);
 969        return __apic_accept_irq(apic, APIC_DM_FIXED, vector, 1, 0);
 970}
 971
 972static enum hrtimer_restart apic_timer_fn(struct hrtimer *data)
 973{
 974        struct kvm_lapic *apic;
 975        int restart_timer = 0;
 976
 977        apic = container_of(data, struct kvm_lapic, timer.dev);
 978
 979        restart_timer = __apic_timer_fn(apic);
 980
 981        if (restart_timer)
 982                return HRTIMER_RESTART;
 983        else
 984                return HRTIMER_NORESTART;
 985}
 986
 987int kvm_create_lapic(struct kvm_vcpu *vcpu)
 988{
 989        struct kvm_lapic *apic;
 990
 991        ASSERT(vcpu != NULL);
 992        apic_debug("apic_init %d\n", vcpu->vcpu_id);
 993
 994        apic = kzalloc(sizeof(*apic), GFP_KERNEL);
 995        if (!apic)
 996                goto nomem;
 997
 998        vcpu->arch.apic = apic;
 999
1000        apic->regs_page = alloc_page(GFP_KERNEL);
1001        if (apic->regs_page == NULL) {
1002                printk(KERN_ERR "malloc apic regs error for vcpu %x\n",
1003                       vcpu->vcpu_id);
1004                goto nomem_free_apic;
1005        }
1006        apic->regs = page_address(apic->regs_page);
1007        memset(apic->regs, 0, PAGE_SIZE);
1008        apic->vcpu = vcpu;
1009
1010        hrtimer_init(&apic->timer.dev, CLOCK_MONOTONIC, HRTIMER_MODE_ABS);
1011        apic->timer.dev.function = apic_timer_fn;
1012        apic->base_address = APIC_DEFAULT_PHYS_BASE;
1013        vcpu->arch.apic_base = APIC_DEFAULT_PHYS_BASE;
1014
1015        kvm_lapic_reset(vcpu);
1016        apic->dev.read = apic_mmio_read;
1017        apic->dev.write = apic_mmio_write;
1018        apic->dev.in_range = apic_mmio_range;
1019        apic->dev.private = apic;
1020
1021        return 0;
1022nomem_free_apic:
1023        kfree(apic);
1024nomem:
1025        return -ENOMEM;
1026}
1027EXPORT_SYMBOL_GPL(kvm_create_lapic);
1028
1029int kvm_apic_has_interrupt(struct kvm_vcpu *vcpu)
1030{
1031        struct kvm_lapic *apic = vcpu->arch.apic;
1032        int highest_irr;
1033
1034        if (!apic || !apic_enabled(apic))
1035                return -1;
1036
1037        apic_update_ppr(apic);
1038        highest_irr = apic_find_highest_irr(apic);
1039        if ((highest_irr == -1) ||
1040            ((highest_irr & 0xF0) <= apic_get_reg(apic, APIC_PROCPRI)))
1041                return -1;
1042        return highest_irr;
1043}
1044
1045int kvm_apic_accept_pic_intr(struct kvm_vcpu *vcpu)
1046{
1047        u32 lvt0 = apic_get_reg(vcpu->arch.apic, APIC_LVT0);
1048        int r = 0;
1049
1050        if (vcpu->vcpu_id == 0) {
1051                if (!apic_hw_enabled(vcpu->arch.apic))
1052                        r = 1;
1053                if ((lvt0 & APIC_LVT_MASKED) == 0 &&
1054                    GET_APIC_DELIVERY_MODE(lvt0) == APIC_MODE_EXTINT)
1055                        r = 1;
1056        }
1057        return r;
1058}
1059
1060void kvm_inject_apic_timer_irqs(struct kvm_vcpu *vcpu)
1061{
1062        struct kvm_lapic *apic = vcpu->arch.apic;
1063
1064        if (apic && apic_lvt_enabled(apic, APIC_LVTT) &&
1065                atomic_read(&apic->timer.pending) > 0) {
1066                if (__inject_apic_timer_irq(apic))
1067                        atomic_dec(&apic->timer.pending);
1068        }
1069}
1070
1071void kvm_apic_timer_intr_post(struct kvm_vcpu *vcpu, int vec)
1072{
1073        struct kvm_lapic *apic = vcpu->arch.apic;
1074
1075        if (apic && apic_lvt_vector(apic, APIC_LVTT) == vec)
1076                apic->timer.last_update = ktime_add_ns(
1077                                apic->timer.last_update,
1078                                apic->timer.period);
1079}
1080
1081int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu)
1082{
1083        int vector = kvm_apic_has_interrupt(vcpu);
1084        struct kvm_lapic *apic = vcpu->arch.apic;
1085
1086        if (vector == -1)
1087                return -1;
1088
1089        apic_set_vector(vector, apic->regs + APIC_ISR);
1090        apic_update_ppr(apic);
1091        apic_clear_irr(vector, apic);
1092        return vector;
1093}
1094
1095void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu)
1096{
1097        struct kvm_lapic *apic = vcpu->arch.apic;
1098
1099        apic->base_address = vcpu->arch.apic_base &
1100                             MSR_IA32_APICBASE_BASE;
1101        apic_set_reg(apic, APIC_LVR, APIC_VERSION);
1102        apic_update_ppr(apic);
1103        hrtimer_cancel(&apic->timer.dev);
1104        update_divide_count(apic);
1105        start_apic_timer(apic);
1106}
1107
1108void __kvm_migrate_apic_timer(struct kvm_vcpu *vcpu)
1109{
1110        struct kvm_lapic *apic = vcpu->arch.apic;
1111        struct hrtimer *timer;
1112
1113        if (!apic)
1114                return;
1115
1116        timer = &apic->timer.dev;
1117        if (hrtimer_cancel(timer))
1118                hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
1119}
1120
1121void kvm_lapic_sync_from_vapic(struct kvm_vcpu *vcpu)
1122{
1123        u32 data;
1124        void *vapic;
1125
1126        if (!irqchip_in_kernel(vcpu->kvm) || !vcpu->arch.apic->vapic_addr)
1127                return;
1128
1129        vapic = kmap_atomic(vcpu->arch.apic->vapic_page, KM_USER0);
1130        data = *(u32 *)(vapic + offset_in_page(vcpu->arch.apic->vapic_addr));
1131        kunmap_atomic(vapic, KM_USER0);
1132
1133        apic_set_tpr(vcpu->arch.apic, data & 0xff);
1134}
1135
1136void kvm_lapic_sync_to_vapic(struct kvm_vcpu *vcpu)
1137{
1138        u32 data, tpr;
1139        int max_irr, max_isr;
1140        struct kvm_lapic *apic;
1141        void *vapic;
1142
1143        if (!irqchip_in_kernel(vcpu->kvm) || !vcpu->arch.apic->vapic_addr)
1144                return;
1145
1146        apic = vcpu->arch.apic;
1147        tpr = apic_get_reg(apic, APIC_TASKPRI) & 0xff;
1148        max_irr = apic_find_highest_irr(apic);
1149        if (max_irr < 0)
1150                max_irr = 0;
1151        max_isr = apic_find_highest_isr(apic);
1152        if (max_isr < 0)
1153                max_isr = 0;
1154        data = (tpr & 0xff) | ((max_isr & 0xf0) << 8) | (max_irr << 24);
1155
1156        vapic = kmap_atomic(vcpu->arch.apic->vapic_page, KM_USER0);
1157        *(u32 *)(vapic + offset_in_page(vcpu->arch.apic->vapic_addr)) = data;
1158        kunmap_atomic(vapic, KM_USER0);
1159}
1160
1161void kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr)
1162{
1163        if (!irqchip_in_kernel(vcpu->kvm))
1164                return;
1165
1166        vcpu->arch.apic->vapic_addr = vapic_addr;
1167}