2 * Kernel-based Virtual Machine driver for Linux
6 * Copyright (C) 2006 Qumranet, Inc.
7 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
10 * Yaniv Kamay <yaniv@qumranet.com>
11 * Avi Kivity <avi@qumranet.com>
13 * This work is licensed under the terms of the GNU GPL, version 2. See
14 * the COPYING file in the top-level directory.
18 #define pr_fmt(fmt) "SVM: " fmt
20 #include <linux/kvm_host.h>
24 #include "kvm_cache_regs.h"
29 #include <linux/module.h>
30 #include <linux/mod_devicetable.h>
31 #include <linux/kernel.h>
32 #include <linux/vmalloc.h>
33 #include <linux/highmem.h>
34 #include <linux/sched.h>
35 #include <linux/trace_events.h>
36 #include <linux/slab.h>
39 #include <asm/perf_event.h>
40 #include <asm/tlbflush.h>
42 #include <asm/debugreg.h>
43 #include <asm/kvm_para.h>
45 #include <asm/virtext.h>
48 #define __ex(x) __kvm_handle_fault_on_reboot(x)
50 MODULE_AUTHOR("Qumranet");
51 MODULE_LICENSE("GPL");
53 static const struct x86_cpu_id svm_cpu_id[] = {
54 X86_FEATURE_MATCH(X86_FEATURE_SVM),
57 MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id);
59 #define IOPM_ALLOC_ORDER 2
60 #define MSRPM_ALLOC_ORDER 1
62 #define SEG_TYPE_LDT 2
63 #define SEG_TYPE_BUSY_TSS16 3
65 #define SVM_FEATURE_NPT (1 << 0)
66 #define SVM_FEATURE_LBRV (1 << 1)
67 #define SVM_FEATURE_SVML (1 << 2)
68 #define SVM_FEATURE_NRIP (1 << 3)
69 #define SVM_FEATURE_TSC_RATE (1 << 4)
70 #define SVM_FEATURE_VMCB_CLEAN (1 << 5)
71 #define SVM_FEATURE_FLUSH_ASID (1 << 6)
72 #define SVM_FEATURE_DECODE_ASSIST (1 << 7)
73 #define SVM_FEATURE_PAUSE_FILTER (1 << 10)
75 #define SVM_AVIC_DOORBELL 0xc001011b
77 #define NESTED_EXIT_HOST 0 /* Exit handled on host level */
78 #define NESTED_EXIT_DONE 1 /* Exit caused nested vmexit */
79 #define NESTED_EXIT_CONTINUE 2 /* Further checks needed */
81 #define DEBUGCTL_RESERVED_BITS (~(0x3fULL))
83 #define TSC_RATIO_RSVD 0xffffff0000000000ULL
84 #define TSC_RATIO_MIN 0x0000000000000001ULL
85 #define TSC_RATIO_MAX 0x000000ffffffffffULL
87 #define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF)
90 * 0xff is broadcast, so the max index allowed for physical APIC ID
91 * table is 0xfe. APIC IDs above 0xff are reserved.
93 #define AVIC_MAX_PHYSICAL_ID_COUNT 255
95 #define AVIC_UNACCEL_ACCESS_WRITE_MASK 1
96 #define AVIC_UNACCEL_ACCESS_OFFSET_MASK 0xFF0
97 #define AVIC_UNACCEL_ACCESS_VECTOR_MASK 0xFFFFFFFF
99 static bool erratum_383_found __read_mostly;
101 static const u32 host_save_user_msrs[] = {
103 MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE,
106 MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
110 #define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs)
114 struct nested_state {
120 /* These are the merged vectors */
123 /* gpa pointers to the real vectors */
127 /* A VMEXIT is required but not yet emulated */
130 /* cache for intercepts of the guest */
133 u32 intercept_exceptions;
136 /* Nested Paging related state */
140 #define MSRPM_OFFSETS 16
141 static u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
144 * Set osvw_len to higher value when updated Revision Guides
145 * are published and we know what the new status bits are
147 static uint64_t osvw_len = 4, osvw_status;
150 struct kvm_vcpu vcpu;
152 unsigned long vmcb_pa;
153 struct svm_cpu_data *svm_data;
154 uint64_t asid_generation;
155 uint64_t sysenter_esp;
156 uint64_t sysenter_eip;
161 u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
173 struct nested_state nested;
177 unsigned int3_injected;
178 unsigned long int3_rip;
181 /* cached guest cpuid flags for faster access */
182 bool nrips_enabled : 1;
185 struct page *avic_backing_page;
186 u64 *avic_physical_id_cache;
187 bool avic_is_running;
190 #define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK (0xFF)
191 #define AVIC_LOGICAL_ID_ENTRY_VALID_MASK (1 << 31)
193 #define AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK (0xFFULL)
194 #define AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK (0xFFFFFFFFFFULL << 12)
195 #define AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK (1ULL << 62)
196 #define AVIC_PHYSICAL_ID_ENTRY_VALID_MASK (1ULL << 63)
198 static DEFINE_PER_CPU(u64, current_tsc_ratio);
199 #define TSC_RATIO_DEFAULT 0x0100000000ULL
201 #define MSR_INVALID 0xffffffffU
203 static const struct svm_direct_access_msrs {
204 u32 index; /* Index of the MSR */
205 bool always; /* True if intercept is always on */
206 } direct_access_msrs[] = {
207 { .index = MSR_STAR, .always = true },
208 { .index = MSR_IA32_SYSENTER_CS, .always = true },
210 { .index = MSR_GS_BASE, .always = true },
211 { .index = MSR_FS_BASE, .always = true },
212 { .index = MSR_KERNEL_GS_BASE, .always = true },
213 { .index = MSR_LSTAR, .always = true },
214 { .index = MSR_CSTAR, .always = true },
215 { .index = MSR_SYSCALL_MASK, .always = true },
217 { .index = MSR_IA32_LASTBRANCHFROMIP, .always = false },
218 { .index = MSR_IA32_LASTBRANCHTOIP, .always = false },
219 { .index = MSR_IA32_LASTINTFROMIP, .always = false },
220 { .index = MSR_IA32_LASTINTTOIP, .always = false },
221 { .index = MSR_INVALID, .always = false },
224 /* enable NPT for AMD64 and X86 with PAE */
225 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
226 static bool npt_enabled = true;
228 static bool npt_enabled;
231 /* allow nested paging (virtualized MMU) for all guests */
232 static int npt = true;
233 module_param(npt, int, S_IRUGO);
235 /* allow nested virtualization in KVM/SVM */
236 static int nested = true;
237 module_param(nested, int, S_IRUGO);
239 /* enable / disable AVIC */
241 #ifdef CONFIG_X86_LOCAL_APIC
242 module_param(avic, int, S_IRUGO);
245 static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
246 static void svm_flush_tlb(struct kvm_vcpu *vcpu);
247 static void svm_complete_interrupts(struct vcpu_svm *svm);
249 static int nested_svm_exit_handled(struct vcpu_svm *svm);
250 static int nested_svm_intercept(struct vcpu_svm *svm);
251 static int nested_svm_vmexit(struct vcpu_svm *svm);
252 static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
253 bool has_error_code, u32 error_code);
256 VMCB_INTERCEPTS, /* Intercept vectors, TSC offset,
257 pause filter count */
258 VMCB_PERM_MAP, /* IOPM Base and MSRPM Base */
259 VMCB_ASID, /* ASID */
260 VMCB_INTR, /* int_ctl, int_vector */
261 VMCB_NPT, /* npt_en, nCR3, gPAT */
262 VMCB_CR, /* CR0, CR3, CR4, EFER */
263 VMCB_DR, /* DR6, DR7 */
264 VMCB_DT, /* GDT, IDT */
265 VMCB_SEG, /* CS, DS, SS, ES, CPL */
266 VMCB_CR2, /* CR2 only */
267 VMCB_LBR, /* DBGCTL, BR_FROM, BR_TO, LAST_EX_FROM, LAST_EX_TO */
268 VMCB_AVIC, /* AVIC APIC_BAR, AVIC APIC_BACKING_PAGE,
269 * AVIC PHYSICAL_TABLE pointer,
270 * AVIC LOGICAL_TABLE pointer
275 /* TPR and CR2 are always written before VMRUN */
276 #define VMCB_ALWAYS_DIRTY_MASK ((1U << VMCB_INTR) | (1U << VMCB_CR2))
278 #define VMCB_AVIC_APIC_BAR_MASK 0xFFFFFFFFFF000ULL
280 static inline void mark_all_dirty(struct vmcb *vmcb)
282 vmcb->control.clean = 0;
285 static inline void mark_all_clean(struct vmcb *vmcb)
287 vmcb->control.clean = ((1 << VMCB_DIRTY_MAX) - 1)
288 & ~VMCB_ALWAYS_DIRTY_MASK;
291 static inline void mark_dirty(struct vmcb *vmcb, int bit)
293 vmcb->control.clean &= ~(1 << bit);
296 static inline struct vcpu_svm *to_svm(struct kvm_vcpu *vcpu)
298 return container_of(vcpu, struct vcpu_svm, vcpu);
301 static inline void avic_update_vapic_bar(struct vcpu_svm *svm, u64 data)
303 svm->vmcb->control.avic_vapic_bar = data & VMCB_AVIC_APIC_BAR_MASK;
304 mark_dirty(svm->vmcb, VMCB_AVIC);
307 static inline bool avic_vcpu_is_running(struct kvm_vcpu *vcpu)
309 struct vcpu_svm *svm = to_svm(vcpu);
310 u64 *entry = svm->avic_physical_id_cache;
315 return (READ_ONCE(*entry) & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);
318 static void recalc_intercepts(struct vcpu_svm *svm)
320 struct vmcb_control_area *c, *h;
321 struct nested_state *g;
323 mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
325 if (!is_guest_mode(&svm->vcpu))
328 c = &svm->vmcb->control;
329 h = &svm->nested.hsave->control;
332 c->intercept_cr = h->intercept_cr | g->intercept_cr;
333 c->intercept_dr = h->intercept_dr | g->intercept_dr;
334 c->intercept_exceptions = h->intercept_exceptions | g->intercept_exceptions;
335 c->intercept = h->intercept | g->intercept;
338 static inline struct vmcb *get_host_vmcb(struct vcpu_svm *svm)
340 if (is_guest_mode(&svm->vcpu))
341 return svm->nested.hsave;
346 static inline void set_cr_intercept(struct vcpu_svm *svm, int bit)
348 struct vmcb *vmcb = get_host_vmcb(svm);
350 vmcb->control.intercept_cr |= (1U << bit);
352 recalc_intercepts(svm);
355 static inline void clr_cr_intercept(struct vcpu_svm *svm, int bit)
357 struct vmcb *vmcb = get_host_vmcb(svm);
359 vmcb->control.intercept_cr &= ~(1U << bit);
361 recalc_intercepts(svm);
364 static inline bool is_cr_intercept(struct vcpu_svm *svm, int bit)
366 struct vmcb *vmcb = get_host_vmcb(svm);
368 return vmcb->control.intercept_cr & (1U << bit);
371 static inline void set_dr_intercepts(struct vcpu_svm *svm)
373 struct vmcb *vmcb = get_host_vmcb(svm);
375 vmcb->control.intercept_dr = (1 << INTERCEPT_DR0_READ)
376 | (1 << INTERCEPT_DR1_READ)
377 | (1 << INTERCEPT_DR2_READ)
378 | (1 << INTERCEPT_DR3_READ)
379 | (1 << INTERCEPT_DR4_READ)
380 | (1 << INTERCEPT_DR5_READ)
381 | (1 << INTERCEPT_DR6_READ)
382 | (1 << INTERCEPT_DR7_READ)
383 | (1 << INTERCEPT_DR0_WRITE)
384 | (1 << INTERCEPT_DR1_WRITE)
385 | (1 << INTERCEPT_DR2_WRITE)
386 | (1 << INTERCEPT_DR3_WRITE)
387 | (1 << INTERCEPT_DR4_WRITE)
388 | (1 << INTERCEPT_DR5_WRITE)
389 | (1 << INTERCEPT_DR6_WRITE)
390 | (1 << INTERCEPT_DR7_WRITE);
392 recalc_intercepts(svm);
395 static inline void clr_dr_intercepts(struct vcpu_svm *svm)
397 struct vmcb *vmcb = get_host_vmcb(svm);
399 vmcb->control.intercept_dr = 0;
401 recalc_intercepts(svm);
404 static inline void set_exception_intercept(struct vcpu_svm *svm, int bit)
406 struct vmcb *vmcb = get_host_vmcb(svm);
408 vmcb->control.intercept_exceptions |= (1U << bit);
410 recalc_intercepts(svm);
413 static inline void clr_exception_intercept(struct vcpu_svm *svm, int bit)
415 struct vmcb *vmcb = get_host_vmcb(svm);
417 vmcb->control.intercept_exceptions &= ~(1U << bit);
419 recalc_intercepts(svm);
422 static inline void set_intercept(struct vcpu_svm *svm, int bit)
424 struct vmcb *vmcb = get_host_vmcb(svm);
426 vmcb->control.intercept |= (1ULL << bit);
428 recalc_intercepts(svm);
431 static inline void clr_intercept(struct vcpu_svm *svm, int bit)
433 struct vmcb *vmcb = get_host_vmcb(svm);
435 vmcb->control.intercept &= ~(1ULL << bit);
437 recalc_intercepts(svm);
440 static inline void enable_gif(struct vcpu_svm *svm)
442 svm->vcpu.arch.hflags |= HF_GIF_MASK;
445 static inline void disable_gif(struct vcpu_svm *svm)
447 svm->vcpu.arch.hflags &= ~HF_GIF_MASK;
450 static inline bool gif_set(struct vcpu_svm *svm)
452 return !!(svm->vcpu.arch.hflags & HF_GIF_MASK);
455 static unsigned long iopm_base;
457 struct kvm_ldttss_desc {
460 unsigned base1:8, type:5, dpl:2, p:1;
461 unsigned limit1:4, zero0:3, g:1, base2:8;
464 } __attribute__((packed));
466 struct svm_cpu_data {
472 struct kvm_ldttss_desc *tss_desc;
474 struct page *save_area;
477 static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
479 struct svm_init_data {
484 static const u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};
486 #define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
487 #define MSRS_RANGE_SIZE 2048
488 #define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)
490 static u32 svm_msrpm_offset(u32 msr)
495 for (i = 0; i < NUM_MSR_MAPS; i++) {
496 if (msr < msrpm_ranges[i] ||
497 msr >= msrpm_ranges[i] + MSRS_IN_RANGE)
500 offset = (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
501 offset += (i * MSRS_RANGE_SIZE); /* add range offset */
503 /* Now we have the u8 offset - but need the u32 offset */
507 /* MSR not in any range */
511 #define MAX_INST_SIZE 15
513 static inline void clgi(void)
515 asm volatile (__ex(SVM_CLGI));
518 static inline void stgi(void)
520 asm volatile (__ex(SVM_STGI));
523 static inline void invlpga(unsigned long addr, u32 asid)
525 asm volatile (__ex(SVM_INVLPGA) : : "a"(addr), "c"(asid));
528 static int get_npt_level(void)
531 return PT64_ROOT_LEVEL;
533 return PT32E_ROOT_LEVEL;
537 static void svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
539 vcpu->arch.efer = efer;
540 if (!npt_enabled && !(efer & EFER_LMA))
543 to_svm(vcpu)->vmcb->save.efer = efer | EFER_SVME;
544 mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
547 static int is_external_interrupt(u32 info)
549 info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
550 return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
553 static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
555 struct vcpu_svm *svm = to_svm(vcpu);
558 if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
559 ret = KVM_X86_SHADOW_INT_STI | KVM_X86_SHADOW_INT_MOV_SS;
563 static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
565 struct vcpu_svm *svm = to_svm(vcpu);
568 svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
570 svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;
574 static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
576 struct vcpu_svm *svm = to_svm(vcpu);
578 if (svm->vmcb->control.next_rip != 0) {
579 WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
580 svm->next_rip = svm->vmcb->control.next_rip;
583 if (!svm->next_rip) {
584 if (emulate_instruction(vcpu, EMULTYPE_SKIP) !=
586 printk(KERN_DEBUG "%s: NOP\n", __func__);
589 if (svm->next_rip - kvm_rip_read(vcpu) > MAX_INST_SIZE)
590 printk(KERN_ERR "%s: ip 0x%lx next 0x%llx\n",
591 __func__, kvm_rip_read(vcpu), svm->next_rip);
593 kvm_rip_write(vcpu, svm->next_rip);
594 svm_set_interrupt_shadow(vcpu, 0);
597 static void svm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
598 bool has_error_code, u32 error_code,
601 struct vcpu_svm *svm = to_svm(vcpu);
604 * If we are within a nested VM we'd better #VMEXIT and let the guest
605 * handle the exception
608 nested_svm_check_exception(svm, nr, has_error_code, error_code))
611 if (nr == BP_VECTOR && !static_cpu_has(X86_FEATURE_NRIPS)) {
612 unsigned long rip, old_rip = kvm_rip_read(&svm->vcpu);
615 * For guest debugging where we have to reinject #BP if some
616 * INT3 is guest-owned:
617 * Emulate nRIP by moving RIP forward. Will fail if injection
618 * raises a fault that is not intercepted. Still better than
619 * failing in all cases.
621 skip_emulated_instruction(&svm->vcpu);
622 rip = kvm_rip_read(&svm->vcpu);
623 svm->int3_rip = rip + svm->vmcb->save.cs.base;
624 svm->int3_injected = rip - old_rip;
627 svm->vmcb->control.event_inj = nr
629 | (has_error_code ? SVM_EVTINJ_VALID_ERR : 0)
630 | SVM_EVTINJ_TYPE_EXEPT;
631 svm->vmcb->control.event_inj_err = error_code;
634 static void svm_init_erratum_383(void)
640 if (!static_cpu_has_bug(X86_BUG_AMD_TLB_MMATCH))
643 /* Use _safe variants to not break nested virtualization */
644 val = native_read_msr_safe(MSR_AMD64_DC_CFG, &err);
650 low = lower_32_bits(val);
651 high = upper_32_bits(val);
653 native_write_msr_safe(MSR_AMD64_DC_CFG, low, high);
655 erratum_383_found = true;
658 static void svm_init_osvw(struct kvm_vcpu *vcpu)
661 * Guests should see errata 400 and 415 as fixed (assuming that
662 * HLT and IO instructions are intercepted).
664 vcpu->arch.osvw.length = (osvw_len >= 3) ? (osvw_len) : 3;
665 vcpu->arch.osvw.status = osvw_status & ~(6ULL);
668 * By increasing VCPU's osvw.length to 3 we are telling the guest that
669 * all osvw.status bits inside that length, including bit 0 (which is
670 * reserved for erratum 298), are valid. However, if host processor's
671 * osvw_len is 0 then osvw_status[0] carries no information. We need to
672 * be conservative here and therefore we tell the guest that erratum 298
673 * is present (because we really don't know).
675 if (osvw_len == 0 && boot_cpu_data.x86 == 0x10)
676 vcpu->arch.osvw.status |= 1;
679 static int has_svm(void)
683 if (!cpu_has_svm(&msg)) {
684 printk(KERN_INFO "has_svm: %s\n", msg);
691 static void svm_hardware_disable(void)
693 /* Make sure we clean up behind us */
694 if (static_cpu_has(X86_FEATURE_TSCRATEMSR))
695 wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT);
699 amd_pmu_disable_virt();
702 static int svm_hardware_enable(void)
705 struct svm_cpu_data *sd;
707 struct desc_ptr gdt_descr;
708 struct desc_struct *gdt;
709 int me = raw_smp_processor_id();
711 rdmsrl(MSR_EFER, efer);
712 if (efer & EFER_SVME)
716 pr_err("%s: err EOPNOTSUPP on %d\n", __func__, me);
719 sd = per_cpu(svm_data, me);
721 pr_err("%s: svm_data is NULL on %d\n", __func__, me);
725 sd->asid_generation = 1;
726 sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
727 sd->next_asid = sd->max_asid + 1;
729 native_store_gdt(&gdt_descr);
730 gdt = (struct desc_struct *)gdt_descr.address;
731 sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
733 wrmsrl(MSR_EFER, efer | EFER_SVME);
735 wrmsrl(MSR_VM_HSAVE_PA, page_to_pfn(sd->save_area) << PAGE_SHIFT);
737 if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
738 wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT);
739 __this_cpu_write(current_tsc_ratio, TSC_RATIO_DEFAULT);
746 * Note that it is possible to have a system with mixed processor
747 * revisions and therefore different OSVW bits. If bits are not the same
748 * on different processors then choose the worst case (i.e. if erratum
749 * is present on one processor and not on another then assume that the
750 * erratum is present everywhere).
752 if (cpu_has(&boot_cpu_data, X86_FEATURE_OSVW)) {
753 uint64_t len, status = 0;
756 len = native_read_msr_safe(MSR_AMD64_OSVW_ID_LENGTH, &err);
758 status = native_read_msr_safe(MSR_AMD64_OSVW_STATUS,
762 osvw_status = osvw_len = 0;
766 osvw_status |= status;
767 osvw_status &= (1ULL << osvw_len) - 1;
770 osvw_status = osvw_len = 0;
772 svm_init_erratum_383();
774 amd_pmu_enable_virt();
779 static void svm_cpu_uninit(int cpu)
781 struct svm_cpu_data *sd = per_cpu(svm_data, raw_smp_processor_id());
786 per_cpu(svm_data, raw_smp_processor_id()) = NULL;
787 __free_page(sd->save_area);
791 static int svm_cpu_init(int cpu)
793 struct svm_cpu_data *sd;
796 sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
800 sd->save_area = alloc_page(GFP_KERNEL);
805 per_cpu(svm_data, cpu) = sd;
815 static bool valid_msr_intercept(u32 index)
819 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++)
820 if (direct_access_msrs[i].index == index)
826 static void set_msr_interception(u32 *msrpm, unsigned msr,
829 u8 bit_read, bit_write;
834 * If this warning triggers extend the direct_access_msrs list at the
835 * beginning of the file
837 WARN_ON(!valid_msr_intercept(msr));
839 offset = svm_msrpm_offset(msr);
840 bit_read = 2 * (msr & 0x0f);
841 bit_write = 2 * (msr & 0x0f) + 1;
844 BUG_ON(offset == MSR_INVALID);
846 read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp);
847 write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
852 static void svm_vcpu_init_msrpm(u32 *msrpm)
856 memset(msrpm, 0xff, PAGE_SIZE * (1 << MSRPM_ALLOC_ORDER));
858 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
859 if (!direct_access_msrs[i].always)
862 set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1);
866 static void add_msr_offset(u32 offset)
870 for (i = 0; i < MSRPM_OFFSETS; ++i) {
872 /* Offset already in list? */
873 if (msrpm_offsets[i] == offset)
876 /* Slot used by another offset? */
877 if (msrpm_offsets[i] != MSR_INVALID)
880 /* Add offset to list */
881 msrpm_offsets[i] = offset;
887 * If this BUG triggers the msrpm_offsets table has an overflow. Just
888 * increase MSRPM_OFFSETS in this case.
893 static void init_msrpm_offsets(void)
897 memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));
899 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
902 offset = svm_msrpm_offset(direct_access_msrs[i].index);
903 BUG_ON(offset == MSR_INVALID);
905 add_msr_offset(offset);
909 static void svm_enable_lbrv(struct vcpu_svm *svm)
911 u32 *msrpm = svm->msrpm;
913 svm->vmcb->control.lbr_ctl = 1;
914 set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
915 set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
916 set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
917 set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
920 static void svm_disable_lbrv(struct vcpu_svm *svm)
922 u32 *msrpm = svm->msrpm;
924 svm->vmcb->control.lbr_ctl = 0;
925 set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
926 set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
927 set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
928 set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
931 static __init int svm_hardware_setup(void)
934 struct page *iopm_pages;
938 iopm_pages = alloc_pages(GFP_KERNEL, IOPM_ALLOC_ORDER);
943 iopm_va = page_address(iopm_pages);
944 memset(iopm_va, 0xff, PAGE_SIZE * (1 << IOPM_ALLOC_ORDER));
945 iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT;
947 init_msrpm_offsets();
949 if (boot_cpu_has(X86_FEATURE_NX))
950 kvm_enable_efer_bits(EFER_NX);
952 if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
953 kvm_enable_efer_bits(EFER_FFXSR);
955 if (boot_cpu_has(X86_FEATURE_TSCRATEMSR)) {
956 kvm_has_tsc_control = true;
957 kvm_max_tsc_scaling_ratio = TSC_RATIO_MAX;
958 kvm_tsc_scaling_ratio_frac_bits = 32;
962 printk(KERN_INFO "kvm: Nested Virtualization enabled\n");
963 kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
966 for_each_possible_cpu(cpu) {
967 r = svm_cpu_init(cpu);
972 if (!boot_cpu_has(X86_FEATURE_NPT))
975 if (npt_enabled && !npt) {
976 printk(KERN_INFO "kvm: Nested Paging disabled\n");
981 printk(KERN_INFO "kvm: Nested Paging enabled\n");
988 !boot_cpu_has(X86_FEATURE_AVIC) ||
989 !IS_ENABLED(CONFIG_X86_LOCAL_APIC))
992 pr_info("AVIC enabled\n");
998 __free_pages(iopm_pages, IOPM_ALLOC_ORDER);
1003 static __exit void svm_hardware_unsetup(void)
1007 for_each_possible_cpu(cpu)
1008 svm_cpu_uninit(cpu);
1010 __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT), IOPM_ALLOC_ORDER);
1014 static void init_seg(struct vmcb_seg *seg)
1017 seg->attrib = SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK |
1018 SVM_SELECTOR_WRITE_MASK; /* Read/Write Data Segment */
1019 seg->limit = 0xffff;
1023 static void init_sys_seg(struct vmcb_seg *seg, uint32_t type)
1026 seg->attrib = SVM_SELECTOR_P_MASK | type;
1027 seg->limit = 0xffff;
1031 static u64 svm_read_tsc_offset(struct kvm_vcpu *vcpu)
1033 struct vcpu_svm *svm = to_svm(vcpu);
1035 return svm->vmcb->control.tsc_offset;
1038 static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
1040 struct vcpu_svm *svm = to_svm(vcpu);
1041 u64 g_tsc_offset = 0;
1043 if (is_guest_mode(vcpu)) {
1044 g_tsc_offset = svm->vmcb->control.tsc_offset -
1045 svm->nested.hsave->control.tsc_offset;
1046 svm->nested.hsave->control.tsc_offset = offset;
1048 trace_kvm_write_tsc_offset(vcpu->vcpu_id,
1049 svm->vmcb->control.tsc_offset,
1052 svm->vmcb->control.tsc_offset = offset + g_tsc_offset;
1054 mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1057 static void svm_adjust_tsc_offset_guest(struct kvm_vcpu *vcpu, s64 adjustment)
1059 struct vcpu_svm *svm = to_svm(vcpu);
1061 svm->vmcb->control.tsc_offset += adjustment;
1062 if (is_guest_mode(vcpu))
1063 svm->nested.hsave->control.tsc_offset += adjustment;
1065 trace_kvm_write_tsc_offset(vcpu->vcpu_id,
1066 svm->vmcb->control.tsc_offset - adjustment,
1067 svm->vmcb->control.tsc_offset);
1069 mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1072 static void avic_init_vmcb(struct vcpu_svm *svm)
1074 struct vmcb *vmcb = svm->vmcb;
1075 struct kvm_arch *vm_data = &svm->vcpu.kvm->arch;
1076 phys_addr_t bpa = page_to_phys(svm->avic_backing_page);
1077 phys_addr_t lpa = page_to_phys(vm_data->avic_logical_id_table_page);
1078 phys_addr_t ppa = page_to_phys(vm_data->avic_physical_id_table_page);
1080 vmcb->control.avic_backing_page = bpa & AVIC_HPA_MASK;
1081 vmcb->control.avic_logical_id = lpa & AVIC_HPA_MASK;
1082 vmcb->control.avic_physical_id = ppa & AVIC_HPA_MASK;
1083 vmcb->control.avic_physical_id |= AVIC_MAX_PHYSICAL_ID_COUNT;
1084 vmcb->control.int_ctl |= AVIC_ENABLE_MASK;
1085 svm->vcpu.arch.apicv_active = true;
1088 static void init_vmcb(struct vcpu_svm *svm)
1090 struct vmcb_control_area *control = &svm->vmcb->control;
1091 struct vmcb_save_area *save = &svm->vmcb->save;
1093 svm->vcpu.fpu_active = 1;
1094 svm->vcpu.arch.hflags = 0;
1096 set_cr_intercept(svm, INTERCEPT_CR0_READ);
1097 set_cr_intercept(svm, INTERCEPT_CR3_READ);
1098 set_cr_intercept(svm, INTERCEPT_CR4_READ);
1099 set_cr_intercept(svm, INTERCEPT_CR0_WRITE);
1100 set_cr_intercept(svm, INTERCEPT_CR3_WRITE);
1101 set_cr_intercept(svm, INTERCEPT_CR4_WRITE);
1102 if (!kvm_vcpu_apicv_active(&svm->vcpu))
1103 set_cr_intercept(svm, INTERCEPT_CR8_WRITE);
1105 set_dr_intercepts(svm);
1107 set_exception_intercept(svm, PF_VECTOR);
1108 set_exception_intercept(svm, UD_VECTOR);
1109 set_exception_intercept(svm, MC_VECTOR);
1110 set_exception_intercept(svm, AC_VECTOR);
1111 set_exception_intercept(svm, DB_VECTOR);
1113 set_intercept(svm, INTERCEPT_INTR);
1114 set_intercept(svm, INTERCEPT_NMI);
1115 set_intercept(svm, INTERCEPT_SMI);
1116 set_intercept(svm, INTERCEPT_SELECTIVE_CR0);
1117 set_intercept(svm, INTERCEPT_RDPMC);
1118 set_intercept(svm, INTERCEPT_CPUID);
1119 set_intercept(svm, INTERCEPT_INVD);
1120 set_intercept(svm, INTERCEPT_HLT);
1121 set_intercept(svm, INTERCEPT_INVLPG);
1122 set_intercept(svm, INTERCEPT_INVLPGA);
1123 set_intercept(svm, INTERCEPT_IOIO_PROT);
1124 set_intercept(svm, INTERCEPT_MSR_PROT);
1125 set_intercept(svm, INTERCEPT_TASK_SWITCH);
1126 set_intercept(svm, INTERCEPT_SHUTDOWN);
1127 set_intercept(svm, INTERCEPT_VMRUN);
1128 set_intercept(svm, INTERCEPT_VMMCALL);
1129 set_intercept(svm, INTERCEPT_VMLOAD);
1130 set_intercept(svm, INTERCEPT_VMSAVE);
1131 set_intercept(svm, INTERCEPT_STGI);
1132 set_intercept(svm, INTERCEPT_CLGI);
1133 set_intercept(svm, INTERCEPT_SKINIT);
1134 set_intercept(svm, INTERCEPT_WBINVD);
1135 set_intercept(svm, INTERCEPT_MONITOR);
1136 set_intercept(svm, INTERCEPT_MWAIT);
1137 set_intercept(svm, INTERCEPT_XSETBV);
1139 control->iopm_base_pa = iopm_base;
1140 control->msrpm_base_pa = __pa(svm->msrpm);
1141 control->int_ctl = V_INTR_MASKING_MASK;
1143 init_seg(&save->es);
1144 init_seg(&save->ss);
1145 init_seg(&save->ds);
1146 init_seg(&save->fs);
1147 init_seg(&save->gs);
1149 save->cs.selector = 0xf000;
1150 save->cs.base = 0xffff0000;
1151 /* Executable/Readable Code Segment */
1152 save->cs.attrib = SVM_SELECTOR_READ_MASK | SVM_SELECTOR_P_MASK |
1153 SVM_SELECTOR_S_MASK | SVM_SELECTOR_CODE_MASK;
1154 save->cs.limit = 0xffff;
1156 save->gdtr.limit = 0xffff;
1157 save->idtr.limit = 0xffff;
1159 init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
1160 init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);
1162 svm_set_efer(&svm->vcpu, 0);
1163 save->dr6 = 0xffff0ff0;
1164 kvm_set_rflags(&svm->vcpu, 2);
1165 save->rip = 0x0000fff0;
1166 svm->vcpu.arch.regs[VCPU_REGS_RIP] = save->rip;
1169 * svm_set_cr0() sets PG and WP and clears NW and CD on save->cr0.
1170 * It also updates the guest-visible cr0 value.
1172 svm_set_cr0(&svm->vcpu, X86_CR0_NW | X86_CR0_CD | X86_CR0_ET);
1173 kvm_mmu_reset_context(&svm->vcpu);
1175 save->cr4 = X86_CR4_PAE;
1179 /* Setup VMCB for Nested Paging */
1180 control->nested_ctl = 1;
1181 clr_intercept(svm, INTERCEPT_INVLPG);
1182 clr_exception_intercept(svm, PF_VECTOR);
1183 clr_cr_intercept(svm, INTERCEPT_CR3_READ);
1184 clr_cr_intercept(svm, INTERCEPT_CR3_WRITE);
1185 save->g_pat = svm->vcpu.arch.pat;
1189 svm->asid_generation = 0;
1191 svm->nested.vmcb = 0;
1192 svm->vcpu.arch.hflags = 0;
1194 if (boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {
1195 control->pause_filter_count = 3000;
1196 set_intercept(svm, INTERCEPT_PAUSE);
1200 avic_init_vmcb(svm);
1202 mark_all_dirty(svm->vmcb);
1208 static u64 *avic_get_physical_id_entry(struct kvm_vcpu *vcpu, int index)
1210 u64 *avic_physical_id_table;
1211 struct kvm_arch *vm_data = &vcpu->kvm->arch;
1213 if (index >= AVIC_MAX_PHYSICAL_ID_COUNT)
1216 avic_physical_id_table = page_address(vm_data->avic_physical_id_table_page);
1218 return &avic_physical_id_table[index];
1223 * AVIC hardware walks the nested page table to check permissions,
1224 * but does not use the SPA address specified in the leaf page
1225 * table entry since it uses address in the AVIC_BACKING_PAGE pointer
1226 * field of the VMCB. Therefore, we set up the
1227 * APIC_ACCESS_PAGE_PRIVATE_MEMSLOT (4KB) here.
1229 static int avic_init_access_page(struct kvm_vcpu *vcpu)
1231 struct kvm *kvm = vcpu->kvm;
1234 if (kvm->arch.apic_access_page_done)
1237 ret = x86_set_memory_region(kvm,
1238 APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
1239 APIC_DEFAULT_PHYS_BASE,
1244 kvm->arch.apic_access_page_done = true;
1248 static int avic_init_backing_page(struct kvm_vcpu *vcpu)
1251 u64 *entry, new_entry;
1252 int id = vcpu->vcpu_id;
1253 struct vcpu_svm *svm = to_svm(vcpu);
1255 ret = avic_init_access_page(vcpu);
1259 if (id >= AVIC_MAX_PHYSICAL_ID_COUNT)
1262 if (!svm->vcpu.arch.apic->regs)
1265 svm->avic_backing_page = virt_to_page(svm->vcpu.arch.apic->regs);
1267 /* Setting AVIC backing page address in the phy APIC ID table */
1268 entry = avic_get_physical_id_entry(vcpu, id);
1272 new_entry = READ_ONCE(*entry);
1273 new_entry = (page_to_phys(svm->avic_backing_page) &
1274 AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK) |
1275 AVIC_PHYSICAL_ID_ENTRY_VALID_MASK;
1276 WRITE_ONCE(*entry, new_entry);
1278 svm->avic_physical_id_cache = entry;
1283 static void avic_vm_destroy(struct kvm *kvm)
1285 struct kvm_arch *vm_data = &kvm->arch;
1287 if (vm_data->avic_logical_id_table_page)
1288 __free_page(vm_data->avic_logical_id_table_page);
1289 if (vm_data->avic_physical_id_table_page)
1290 __free_page(vm_data->avic_physical_id_table_page);
1293 static int avic_vm_init(struct kvm *kvm)
1296 struct kvm_arch *vm_data = &kvm->arch;
1297 struct page *p_page;
1298 struct page *l_page;
1303 /* Allocating physical APIC ID table (4KB) */
1304 p_page = alloc_page(GFP_KERNEL);
1308 vm_data->avic_physical_id_table_page = p_page;
1309 clear_page(page_address(p_page));
1311 /* Allocating logical APIC ID table (4KB) */
1312 l_page = alloc_page(GFP_KERNEL);
1316 vm_data->avic_logical_id_table_page = l_page;
1317 clear_page(page_address(l_page));
1322 avic_vm_destroy(kvm);
1327 * This function is called during VCPU halt/unhalt.
1329 static void avic_set_running(struct kvm_vcpu *vcpu, bool is_run)
1332 int h_physical_id = kvm_cpu_get_apicid(vcpu->cpu);
1333 struct vcpu_svm *svm = to_svm(vcpu);
1335 if (!kvm_vcpu_apicv_active(vcpu))
1338 svm->avic_is_running = is_run;
1340 /* ID = 0xff (broadcast), ID > 0xff (reserved) */
1341 if (WARN_ON(h_physical_id >= AVIC_MAX_PHYSICAL_ID_COUNT))
1344 entry = READ_ONCE(*(svm->avic_physical_id_cache));
1345 WARN_ON(is_run == !!(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK));
1347 entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
1349 entry |= AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
1350 WRITE_ONCE(*(svm->avic_physical_id_cache), entry);
1353 static void avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1356 /* ID = 0xff (broadcast), ID > 0xff (reserved) */
1357 int h_physical_id = kvm_cpu_get_apicid(cpu);
1358 struct vcpu_svm *svm = to_svm(vcpu);
1360 if (!kvm_vcpu_apicv_active(vcpu))
1363 if (WARN_ON(h_physical_id >= AVIC_MAX_PHYSICAL_ID_COUNT))
1366 entry = READ_ONCE(*(svm->avic_physical_id_cache));
1367 WARN_ON(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);
1369 entry &= ~AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK;
1370 entry |= (h_physical_id & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK);
1372 entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
1373 if (svm->avic_is_running)
1374 entry |= AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
1376 WRITE_ONCE(*(svm->avic_physical_id_cache), entry);
1379 static void avic_vcpu_put(struct kvm_vcpu *vcpu)
1382 struct vcpu_svm *svm = to_svm(vcpu);
1384 if (!kvm_vcpu_apicv_active(vcpu))
1387 entry = READ_ONCE(*(svm->avic_physical_id_cache));
1388 entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
1389 WRITE_ONCE(*(svm->avic_physical_id_cache), entry);
1392 static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
1394 struct vcpu_svm *svm = to_svm(vcpu);
1399 svm->vcpu.arch.apic_base = APIC_DEFAULT_PHYS_BASE |
1400 MSR_IA32_APICBASE_ENABLE;
1401 if (kvm_vcpu_is_reset_bsp(&svm->vcpu))
1402 svm->vcpu.arch.apic_base |= MSR_IA32_APICBASE_BSP;
1406 kvm_cpuid(vcpu, &eax, &dummy, &dummy, &dummy);
1407 kvm_register_write(vcpu, VCPU_REGS_RDX, eax);
1409 if (kvm_vcpu_apicv_active(vcpu) && !init_event)
1410 avic_update_vapic_bar(svm, APIC_DEFAULT_PHYS_BASE);
1413 static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id)
1415 struct vcpu_svm *svm;
1417 struct page *msrpm_pages;
1418 struct page *hsave_page;
1419 struct page *nested_msrpm_pages;
1422 svm = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
1428 err = kvm_vcpu_init(&svm->vcpu, kvm, id);
1433 page = alloc_page(GFP_KERNEL);
1437 msrpm_pages = alloc_pages(GFP_KERNEL, MSRPM_ALLOC_ORDER);
1441 nested_msrpm_pages = alloc_pages(GFP_KERNEL, MSRPM_ALLOC_ORDER);
1442 if (!nested_msrpm_pages)
1445 hsave_page = alloc_page(GFP_KERNEL);
1450 err = avic_init_backing_page(&svm->vcpu);
1455 /* We initialize this flag to true to make sure that the is_running
1456 * bit would be set the first time the vcpu is loaded.
1458 svm->avic_is_running = true;
1460 svm->nested.hsave = page_address(hsave_page);
1462 svm->msrpm = page_address(msrpm_pages);
1463 svm_vcpu_init_msrpm(svm->msrpm);
1465 svm->nested.msrpm = page_address(nested_msrpm_pages);
1466 svm_vcpu_init_msrpm(svm->nested.msrpm);
1468 svm->vmcb = page_address(page);
1469 clear_page(svm->vmcb);
1470 svm->vmcb_pa = page_to_pfn(page) << PAGE_SHIFT;
1471 svm->asid_generation = 0;
1474 svm_init_osvw(&svm->vcpu);
1479 __free_page(hsave_page);
1481 __free_pages(nested_msrpm_pages, MSRPM_ALLOC_ORDER);
1483 __free_pages(msrpm_pages, MSRPM_ALLOC_ORDER);
1487 kvm_vcpu_uninit(&svm->vcpu);
1489 kmem_cache_free(kvm_vcpu_cache, svm);
1491 return ERR_PTR(err);
1494 static void svm_free_vcpu(struct kvm_vcpu *vcpu)
1496 struct vcpu_svm *svm = to_svm(vcpu);
1498 __free_page(pfn_to_page(svm->vmcb_pa >> PAGE_SHIFT));
1499 __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER);
1500 __free_page(virt_to_page(svm->nested.hsave));
1501 __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
1502 kvm_vcpu_uninit(vcpu);
1503 kmem_cache_free(kvm_vcpu_cache, svm);
1506 static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1508 struct vcpu_svm *svm = to_svm(vcpu);
1511 if (unlikely(cpu != vcpu->cpu)) {
1512 svm->asid_generation = 0;
1513 mark_all_dirty(svm->vmcb);
1516 #ifdef CONFIG_X86_64
1517 rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host.gs_base);
1519 savesegment(fs, svm->host.fs);
1520 savesegment(gs, svm->host.gs);
1521 svm->host.ldt = kvm_read_ldt();
1523 for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
1524 rdmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
1526 if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
1527 u64 tsc_ratio = vcpu->arch.tsc_scaling_ratio;
1528 if (tsc_ratio != __this_cpu_read(current_tsc_ratio)) {
1529 __this_cpu_write(current_tsc_ratio, tsc_ratio);
1530 wrmsrl(MSR_AMD64_TSC_RATIO, tsc_ratio);
1533 /* This assumes that the kernel never uses MSR_TSC_AUX */
1534 if (static_cpu_has(X86_FEATURE_RDTSCP))
1535 wrmsrl(MSR_TSC_AUX, svm->tsc_aux);
1537 avic_vcpu_load(vcpu, cpu);
1540 static void svm_vcpu_put(struct kvm_vcpu *vcpu)
1542 struct vcpu_svm *svm = to_svm(vcpu);
1545 avic_vcpu_put(vcpu);
1547 ++vcpu->stat.host_state_reload;
1548 kvm_load_ldt(svm->host.ldt);
1549 #ifdef CONFIG_X86_64
1550 loadsegment(fs, svm->host.fs);
1551 wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gsbase);
1552 load_gs_index(svm->host.gs);
1554 #ifdef CONFIG_X86_32_LAZY_GS
1555 loadsegment(gs, svm->host.gs);
1558 for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
1559 wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
1562 static void svm_vcpu_blocking(struct kvm_vcpu *vcpu)
1564 avic_set_running(vcpu, false);
1567 static void svm_vcpu_unblocking(struct kvm_vcpu *vcpu)
1569 avic_set_running(vcpu, true);
1572 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
1574 return to_svm(vcpu)->vmcb->save.rflags;
1577 static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
1580 * Any change of EFLAGS.VM is accompained by a reload of SS
1581 * (caused by either a task switch or an inter-privilege IRET),
1582 * so we do not need to update the CPL here.
1584 to_svm(vcpu)->vmcb->save.rflags = rflags;
1587 static u32 svm_get_pkru(struct kvm_vcpu *vcpu)
1592 static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
1595 case VCPU_EXREG_PDPTR:
1596 BUG_ON(!npt_enabled);
1597 load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
1604 static void svm_set_vintr(struct vcpu_svm *svm)
1606 set_intercept(svm, INTERCEPT_VINTR);
1609 static void svm_clear_vintr(struct vcpu_svm *svm)
1611 clr_intercept(svm, INTERCEPT_VINTR);
1614 static struct vmcb_seg *svm_seg(struct kvm_vcpu *vcpu, int seg)
1616 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1619 case VCPU_SREG_CS: return &save->cs;
1620 case VCPU_SREG_DS: return &save->ds;
1621 case VCPU_SREG_ES: return &save->es;
1622 case VCPU_SREG_FS: return &save->fs;
1623 case VCPU_SREG_GS: return &save->gs;
1624 case VCPU_SREG_SS: return &save->ss;
1625 case VCPU_SREG_TR: return &save->tr;
1626 case VCPU_SREG_LDTR: return &save->ldtr;
1632 static u64 svm_get_segment_base(struct kvm_vcpu *vcpu, int seg)
1634 struct vmcb_seg *s = svm_seg(vcpu, seg);
1639 static void svm_get_segment(struct kvm_vcpu *vcpu,
1640 struct kvm_segment *var, int seg)
1642 struct vmcb_seg *s = svm_seg(vcpu, seg);
1644 var->base = s->base;
1645 var->limit = s->limit;
1646 var->selector = s->selector;
1647 var->type = s->attrib & SVM_SELECTOR_TYPE_MASK;
1648 var->s = (s->attrib >> SVM_SELECTOR_S_SHIFT) & 1;
1649 var->dpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
1650 var->present = (s->attrib >> SVM_SELECTOR_P_SHIFT) & 1;
1651 var->avl = (s->attrib >> SVM_SELECTOR_AVL_SHIFT) & 1;
1652 var->l = (s->attrib >> SVM_SELECTOR_L_SHIFT) & 1;
1653 var->db = (s->attrib >> SVM_SELECTOR_DB_SHIFT) & 1;
1656 * AMD CPUs circa 2014 track the G bit for all segments except CS.
1657 * However, the SVM spec states that the G bit is not observed by the
1658 * CPU, and some VMware virtual CPUs drop the G bit for all segments.
1659 * So let's synthesize a legal G bit for all segments, this helps
1660 * running KVM nested. It also helps cross-vendor migration, because
1661 * Intel's vmentry has a check on the 'G' bit.
1663 var->g = s->limit > 0xfffff;
1666 * AMD's VMCB does not have an explicit unusable field, so emulate it
1667 * for cross vendor migration purposes by "not present"
1669 var->unusable = !var->present || (var->type == 0);
1674 * Work around a bug where the busy flag in the tr selector
1684 * The accessed bit must always be set in the segment
1685 * descriptor cache, although it can be cleared in the
1686 * descriptor, the cached bit always remains at 1. Since
1687 * Intel has a check on this, set it here to support
1688 * cross-vendor migration.
1695 * On AMD CPUs sometimes the DB bit in the segment
1696 * descriptor is left as 1, although the whole segment has
1697 * been made unusable. Clear it here to pass an Intel VMX
1698 * entry check when cross vendor migrating.
1702 var->dpl = to_svm(vcpu)->vmcb->save.cpl;
1707 static int svm_get_cpl(struct kvm_vcpu *vcpu)
1709 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1714 static void svm_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1716 struct vcpu_svm *svm = to_svm(vcpu);
1718 dt->size = svm->vmcb->save.idtr.limit;
1719 dt->address = svm->vmcb->save.idtr.base;
1722 static void svm_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1724 struct vcpu_svm *svm = to_svm(vcpu);
1726 svm->vmcb->save.idtr.limit = dt->size;
1727 svm->vmcb->save.idtr.base = dt->address ;
1728 mark_dirty(svm->vmcb, VMCB_DT);
1731 static void svm_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1733 struct vcpu_svm *svm = to_svm(vcpu);
1735 dt->size = svm->vmcb->save.gdtr.limit;
1736 dt->address = svm->vmcb->save.gdtr.base;
1739 static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1741 struct vcpu_svm *svm = to_svm(vcpu);
1743 svm->vmcb->save.gdtr.limit = dt->size;
1744 svm->vmcb->save.gdtr.base = dt->address ;
1745 mark_dirty(svm->vmcb, VMCB_DT);
1748 static void svm_decache_cr0_guest_bits(struct kvm_vcpu *vcpu)
1752 static void svm_decache_cr3(struct kvm_vcpu *vcpu)
1756 static void svm_decache_cr4_guest_bits(struct kvm_vcpu *vcpu)
1760 static void update_cr0_intercept(struct vcpu_svm *svm)
1762 ulong gcr0 = svm->vcpu.arch.cr0;
1763 u64 *hcr0 = &svm->vmcb->save.cr0;
1765 if (!svm->vcpu.fpu_active)
1766 *hcr0 |= SVM_CR0_SELECTIVE_MASK;
1768 *hcr0 = (*hcr0 & ~SVM_CR0_SELECTIVE_MASK)
1769 | (gcr0 & SVM_CR0_SELECTIVE_MASK);
1771 mark_dirty(svm->vmcb, VMCB_CR);
1773 if (gcr0 == *hcr0 && svm->vcpu.fpu_active) {
1774 clr_cr_intercept(svm, INTERCEPT_CR0_READ);
1775 clr_cr_intercept(svm, INTERCEPT_CR0_WRITE);
1777 set_cr_intercept(svm, INTERCEPT_CR0_READ);
1778 set_cr_intercept(svm, INTERCEPT_CR0_WRITE);
1782 static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
1784 struct vcpu_svm *svm = to_svm(vcpu);
1786 #ifdef CONFIG_X86_64
1787 if (vcpu->arch.efer & EFER_LME) {
1788 if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
1789 vcpu->arch.efer |= EFER_LMA;
1790 svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
1793 if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
1794 vcpu->arch.efer &= ~EFER_LMA;
1795 svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
1799 vcpu->arch.cr0 = cr0;
1802 cr0 |= X86_CR0_PG | X86_CR0_WP;
1804 if (!vcpu->fpu_active)
1807 * re-enable caching here because the QEMU bios
1808 * does not do it - this results in some delay at
1811 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
1812 cr0 &= ~(X86_CR0_CD | X86_CR0_NW);
1813 svm->vmcb->save.cr0 = cr0;
1814 mark_dirty(svm->vmcb, VMCB_CR);
1815 update_cr0_intercept(svm);
1818 static int svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1820 unsigned long host_cr4_mce = cr4_read_shadow() & X86_CR4_MCE;
1821 unsigned long old_cr4 = to_svm(vcpu)->vmcb->save.cr4;
1823 if (cr4 & X86_CR4_VMXE)
1826 if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
1827 svm_flush_tlb(vcpu);
1829 vcpu->arch.cr4 = cr4;
1832 cr4 |= host_cr4_mce;
1833 to_svm(vcpu)->vmcb->save.cr4 = cr4;
1834 mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
1838 static void svm_set_segment(struct kvm_vcpu *vcpu,
1839 struct kvm_segment *var, int seg)
1841 struct vcpu_svm *svm = to_svm(vcpu);
1842 struct vmcb_seg *s = svm_seg(vcpu, seg);
1844 s->base = var->base;
1845 s->limit = var->limit;
1846 s->selector = var->selector;
1850 s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK);
1851 s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT;
1852 s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT;
1853 s->attrib |= (var->present & 1) << SVM_SELECTOR_P_SHIFT;
1854 s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT;
1855 s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT;
1856 s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT;
1857 s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT;
1861 * This is always accurate, except if SYSRET returned to a segment
1862 * with SS.DPL != 3. Intel does not have this quirk, and always
1863 * forces SS.DPL to 3 on sysret, so we ignore that case; fixing it
1864 * would entail passing the CPL to userspace and back.
1866 if (seg == VCPU_SREG_SS)
1867 svm->vmcb->save.cpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
1869 mark_dirty(svm->vmcb, VMCB_SEG);
1872 static void update_bp_intercept(struct kvm_vcpu *vcpu)
1874 struct vcpu_svm *svm = to_svm(vcpu);
1876 clr_exception_intercept(svm, BP_VECTOR);
1878 if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
1879 if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
1880 set_exception_intercept(svm, BP_VECTOR);
1882 vcpu->guest_debug = 0;
1885 static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
1887 if (sd->next_asid > sd->max_asid) {
1888 ++sd->asid_generation;
1890 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
1893 svm->asid_generation = sd->asid_generation;
1894 svm->vmcb->control.asid = sd->next_asid++;
1896 mark_dirty(svm->vmcb, VMCB_ASID);
1899 static u64 svm_get_dr6(struct kvm_vcpu *vcpu)
1901 return to_svm(vcpu)->vmcb->save.dr6;
1904 static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value)
1906 struct vcpu_svm *svm = to_svm(vcpu);
1908 svm->vmcb->save.dr6 = value;
1909 mark_dirty(svm->vmcb, VMCB_DR);
1912 static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
1914 struct vcpu_svm *svm = to_svm(vcpu);
1916 get_debugreg(vcpu->arch.db[0], 0);
1917 get_debugreg(vcpu->arch.db[1], 1);
1918 get_debugreg(vcpu->arch.db[2], 2);
1919 get_debugreg(vcpu->arch.db[3], 3);
1920 vcpu->arch.dr6 = svm_get_dr6(vcpu);
1921 vcpu->arch.dr7 = svm->vmcb->save.dr7;
1923 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
1924 set_dr_intercepts(svm);
1927 static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
1929 struct vcpu_svm *svm = to_svm(vcpu);
1931 svm->vmcb->save.dr7 = value;
1932 mark_dirty(svm->vmcb, VMCB_DR);
1935 static int pf_interception(struct vcpu_svm *svm)
1937 u64 fault_address = svm->vmcb->control.exit_info_2;
1941 switch (svm->apf_reason) {
1943 error_code = svm->vmcb->control.exit_info_1;
1945 trace_kvm_page_fault(fault_address, error_code);
1946 if (!npt_enabled && kvm_event_needs_reinjection(&svm->vcpu))
1947 kvm_mmu_unprotect_page_virt(&svm->vcpu, fault_address);
1948 r = kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code,
1949 svm->vmcb->control.insn_bytes,
1950 svm->vmcb->control.insn_len);
1952 case KVM_PV_REASON_PAGE_NOT_PRESENT:
1953 svm->apf_reason = 0;
1954 local_irq_disable();
1955 kvm_async_pf_task_wait(fault_address);
1958 case KVM_PV_REASON_PAGE_READY:
1959 svm->apf_reason = 0;
1960 local_irq_disable();
1961 kvm_async_pf_task_wake(fault_address);
1968 static int db_interception(struct vcpu_svm *svm)
1970 struct kvm_run *kvm_run = svm->vcpu.run;
1972 if (!(svm->vcpu.guest_debug &
1973 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
1974 !svm->nmi_singlestep) {
1975 kvm_queue_exception(&svm->vcpu, DB_VECTOR);
1979 if (svm->nmi_singlestep) {
1980 svm->nmi_singlestep = false;
1981 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
1982 svm->vmcb->save.rflags &=
1983 ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
1986 if (svm->vcpu.guest_debug &
1987 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) {
1988 kvm_run->exit_reason = KVM_EXIT_DEBUG;
1989 kvm_run->debug.arch.pc =
1990 svm->vmcb->save.cs.base + svm->vmcb->save.rip;
1991 kvm_run->debug.arch.exception = DB_VECTOR;
1998 static int bp_interception(struct vcpu_svm *svm)
2000 struct kvm_run *kvm_run = svm->vcpu.run;
2002 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2003 kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2004 kvm_run->debug.arch.exception = BP_VECTOR;
2008 static int ud_interception(struct vcpu_svm *svm)
2012 er = emulate_instruction(&svm->vcpu, EMULTYPE_TRAP_UD);
2013 if (er != EMULATE_DONE)
2014 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
2018 static int ac_interception(struct vcpu_svm *svm)
2020 kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
2024 static void svm_fpu_activate(struct kvm_vcpu *vcpu)
2026 struct vcpu_svm *svm = to_svm(vcpu);
2028 clr_exception_intercept(svm, NM_VECTOR);
2030 svm->vcpu.fpu_active = 1;
2031 update_cr0_intercept(svm);
2034 static int nm_interception(struct vcpu_svm *svm)
2036 svm_fpu_activate(&svm->vcpu);
2040 static bool is_erratum_383(void)
2045 if (!erratum_383_found)
2048 value = native_read_msr_safe(MSR_IA32_MC0_STATUS, &err);
2052 /* Bit 62 may or may not be set for this mce */
2053 value &= ~(1ULL << 62);
2055 if (value != 0xb600000000010015ULL)
2058 /* Clear MCi_STATUS registers */
2059 for (i = 0; i < 6; ++i)
2060 native_write_msr_safe(MSR_IA32_MCx_STATUS(i), 0, 0);
2062 value = native_read_msr_safe(MSR_IA32_MCG_STATUS, &err);
2066 value &= ~(1ULL << 2);
2067 low = lower_32_bits(value);
2068 high = upper_32_bits(value);
2070 native_write_msr_safe(MSR_IA32_MCG_STATUS, low, high);
2073 /* Flush tlb to evict multi-match entries */
2079 static void svm_handle_mce(struct vcpu_svm *svm)
2081 if (is_erratum_383()) {
2083 * Erratum 383 triggered. Guest state is corrupt so kill the
2086 pr_err("KVM: Guest triggered AMD Erratum 383\n");
2088 kvm_make_request(KVM_REQ_TRIPLE_FAULT, &svm->vcpu);
2094 * On an #MC intercept the MCE handler is not called automatically in
2095 * the host. So do it by hand here.
2099 /* not sure if we ever come back to this point */
2104 static int mc_interception(struct vcpu_svm *svm)
2109 static int shutdown_interception(struct vcpu_svm *svm)
2111 struct kvm_run *kvm_run = svm->vcpu.run;
2114 * VMCB is undefined after a SHUTDOWN intercept
2115 * so reinitialize it.
2117 clear_page(svm->vmcb);
2120 kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
2124 static int io_interception(struct vcpu_svm *svm)
2126 struct kvm_vcpu *vcpu = &svm->vcpu;
2127 u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
2128 int size, in, string;
2131 ++svm->vcpu.stat.io_exits;
2132 string = (io_info & SVM_IOIO_STR_MASK) != 0;
2133 in = (io_info & SVM_IOIO_TYPE_MASK) != 0;
2135 return emulate_instruction(vcpu, 0) == EMULATE_DONE;
2137 port = io_info >> 16;
2138 size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
2139 svm->next_rip = svm->vmcb->control.exit_info_2;
2140 skip_emulated_instruction(&svm->vcpu);
2142 return kvm_fast_pio_out(vcpu, size, port);
2145 static int nmi_interception(struct vcpu_svm *svm)
2150 static int intr_interception(struct vcpu_svm *svm)
2152 ++svm->vcpu.stat.irq_exits;
2156 static int nop_on_interception(struct vcpu_svm *svm)
2161 static int halt_interception(struct vcpu_svm *svm)
2163 svm->next_rip = kvm_rip_read(&svm->vcpu) + 1;
2164 return kvm_emulate_halt(&svm->vcpu);
2167 static int vmmcall_interception(struct vcpu_svm *svm)
2169 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
2170 return kvm_emulate_hypercall(&svm->vcpu);
2173 static unsigned long nested_svm_get_tdp_cr3(struct kvm_vcpu *vcpu)
2175 struct vcpu_svm *svm = to_svm(vcpu);
2177 return svm->nested.nested_cr3;
2180 static u64 nested_svm_get_tdp_pdptr(struct kvm_vcpu *vcpu, int index)
2182 struct vcpu_svm *svm = to_svm(vcpu);
2183 u64 cr3 = svm->nested.nested_cr3;
2187 ret = kvm_vcpu_read_guest_page(vcpu, gpa_to_gfn(cr3), &pdpte,
2188 offset_in_page(cr3) + index * 8, 8);
2194 static void nested_svm_set_tdp_cr3(struct kvm_vcpu *vcpu,
2197 struct vcpu_svm *svm = to_svm(vcpu);
2199 svm->vmcb->control.nested_cr3 = root;
2200 mark_dirty(svm->vmcb, VMCB_NPT);
2201 svm_flush_tlb(vcpu);
2204 static void nested_svm_inject_npf_exit(struct kvm_vcpu *vcpu,
2205 struct x86_exception *fault)
2207 struct vcpu_svm *svm = to_svm(vcpu);
2209 if (svm->vmcb->control.exit_code != SVM_EXIT_NPF) {
2211 * TODO: track the cause of the nested page fault, and
2212 * correctly fill in the high bits of exit_info_1.
2214 svm->vmcb->control.exit_code = SVM_EXIT_NPF;
2215 svm->vmcb->control.exit_code_hi = 0;
2216 svm->vmcb->control.exit_info_1 = (1ULL << 32);
2217 svm->vmcb->control.exit_info_2 = fault->address;
2220 svm->vmcb->control.exit_info_1 &= ~0xffffffffULL;
2221 svm->vmcb->control.exit_info_1 |= fault->error_code;
2224 * The present bit is always zero for page structure faults on real
2227 if (svm->vmcb->control.exit_info_1 & (2ULL << 32))
2228 svm->vmcb->control.exit_info_1 &= ~1;
2230 nested_svm_vmexit(svm);
2233 static void nested_svm_init_mmu_context(struct kvm_vcpu *vcpu)
2235 WARN_ON(mmu_is_nested(vcpu));
2236 kvm_init_shadow_mmu(vcpu);
2237 vcpu->arch.mmu.set_cr3 = nested_svm_set_tdp_cr3;
2238 vcpu->arch.mmu.get_cr3 = nested_svm_get_tdp_cr3;
2239 vcpu->arch.mmu.get_pdptr = nested_svm_get_tdp_pdptr;
2240 vcpu->arch.mmu.inject_page_fault = nested_svm_inject_npf_exit;
2241 vcpu->arch.mmu.shadow_root_level = get_npt_level();
2242 reset_shadow_zero_bits_mask(vcpu, &vcpu->arch.mmu);
2243 vcpu->arch.walk_mmu = &vcpu->arch.nested_mmu;
2246 static void nested_svm_uninit_mmu_context(struct kvm_vcpu *vcpu)
2248 vcpu->arch.walk_mmu = &vcpu->arch.mmu;
2251 static int nested_svm_check_permissions(struct vcpu_svm *svm)
2253 if (!(svm->vcpu.arch.efer & EFER_SVME)
2254 || !is_paging(&svm->vcpu)) {
2255 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
2259 if (svm->vmcb->save.cpl) {
2260 kvm_inject_gp(&svm->vcpu, 0);
2267 static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
2268 bool has_error_code, u32 error_code)
2272 if (!is_guest_mode(&svm->vcpu))
2275 svm->vmcb->control.exit_code = SVM_EXIT_EXCP_BASE + nr;
2276 svm->vmcb->control.exit_code_hi = 0;
2277 svm->vmcb->control.exit_info_1 = error_code;
2278 svm->vmcb->control.exit_info_2 = svm->vcpu.arch.cr2;
2280 vmexit = nested_svm_intercept(svm);
2281 if (vmexit == NESTED_EXIT_DONE)
2282 svm->nested.exit_required = true;
2287 /* This function returns true if it is save to enable the irq window */
2288 static inline bool nested_svm_intr(struct vcpu_svm *svm)
2290 if (!is_guest_mode(&svm->vcpu))
2293 if (!(svm->vcpu.arch.hflags & HF_VINTR_MASK))
2296 if (!(svm->vcpu.arch.hflags & HF_HIF_MASK))
2300 * if vmexit was already requested (by intercepted exception
2301 * for instance) do not overwrite it with "external interrupt"
2304 if (svm->nested.exit_required)
2307 svm->vmcb->control.exit_code = SVM_EXIT_INTR;
2308 svm->vmcb->control.exit_info_1 = 0;
2309 svm->vmcb->control.exit_info_2 = 0;
2311 if (svm->nested.intercept & 1ULL) {
2313 * The #vmexit can't be emulated here directly because this
2314 * code path runs with irqs and preemption disabled. A
2315 * #vmexit emulation might sleep. Only signal request for
2318 svm->nested.exit_required = true;
2319 trace_kvm_nested_intr_vmexit(svm->vmcb->save.rip);
2326 /* This function returns true if it is save to enable the nmi window */
2327 static inline bool nested_svm_nmi(struct vcpu_svm *svm)
2329 if (!is_guest_mode(&svm->vcpu))
2332 if (!(svm->nested.intercept & (1ULL << INTERCEPT_NMI)))
2335 svm->vmcb->control.exit_code = SVM_EXIT_NMI;
2336 svm->nested.exit_required = true;
2341 static void *nested_svm_map(struct vcpu_svm *svm, u64 gpa, struct page **_page)
2347 page = kvm_vcpu_gfn_to_page(&svm->vcpu, gpa >> PAGE_SHIFT);
2348 if (is_error_page(page))
2356 kvm_inject_gp(&svm->vcpu, 0);
2361 static void nested_svm_unmap(struct page *page)
2364 kvm_release_page_dirty(page);
2367 static int nested_svm_intercept_ioio(struct vcpu_svm *svm)
2369 unsigned port, size, iopm_len;
2374 if (!(svm->nested.intercept & (1ULL << INTERCEPT_IOIO_PROT)))
2375 return NESTED_EXIT_HOST;
2377 port = svm->vmcb->control.exit_info_1 >> 16;
2378 size = (svm->vmcb->control.exit_info_1 & SVM_IOIO_SIZE_MASK) >>
2379 SVM_IOIO_SIZE_SHIFT;
2380 gpa = svm->nested.vmcb_iopm + (port / 8);
2381 start_bit = port % 8;
2382 iopm_len = (start_bit + size > 8) ? 2 : 1;
2383 mask = (0xf >> (4 - size)) << start_bit;
2386 if (kvm_vcpu_read_guest(&svm->vcpu, gpa, &val, iopm_len))
2387 return NESTED_EXIT_DONE;
2389 return (val & mask) ? NESTED_EXIT_DONE : NESTED_EXIT_HOST;
2392 static int nested_svm_exit_handled_msr(struct vcpu_svm *svm)
2394 u32 offset, msr, value;
2397 if (!(svm->nested.intercept & (1ULL << INTERCEPT_MSR_PROT)))
2398 return NESTED_EXIT_HOST;
2400 msr = svm->vcpu.arch.regs[VCPU_REGS_RCX];
2401 offset = svm_msrpm_offset(msr);
2402 write = svm->vmcb->control.exit_info_1 & 1;
2403 mask = 1 << ((2 * (msr & 0xf)) + write);
2405 if (offset == MSR_INVALID)
2406 return NESTED_EXIT_DONE;
2408 /* Offset is in 32 bit units but need in 8 bit units */
2411 if (kvm_vcpu_read_guest(&svm->vcpu, svm->nested.vmcb_msrpm + offset, &value, 4))
2412 return NESTED_EXIT_DONE;
2414 return (value & mask) ? NESTED_EXIT_DONE : NESTED_EXIT_HOST;
2417 static int nested_svm_exit_special(struct vcpu_svm *svm)
2419 u32 exit_code = svm->vmcb->control.exit_code;
2421 switch (exit_code) {
2424 case SVM_EXIT_EXCP_BASE + MC_VECTOR:
2425 return NESTED_EXIT_HOST;
2427 /* For now we are always handling NPFs when using them */
2429 return NESTED_EXIT_HOST;
2431 case SVM_EXIT_EXCP_BASE + PF_VECTOR:
2432 /* When we're shadowing, trap PFs, but not async PF */
2433 if (!npt_enabled && svm->apf_reason == 0)
2434 return NESTED_EXIT_HOST;
2436 case SVM_EXIT_EXCP_BASE + NM_VECTOR:
2437 nm_interception(svm);
2443 return NESTED_EXIT_CONTINUE;
2447 * If this function returns true, this #vmexit was already handled
2449 static int nested_svm_intercept(struct vcpu_svm *svm)
2451 u32 exit_code = svm->vmcb->control.exit_code;
2452 int vmexit = NESTED_EXIT_HOST;
2454 switch (exit_code) {
2456 vmexit = nested_svm_exit_handled_msr(svm);
2459 vmexit = nested_svm_intercept_ioio(svm);
2461 case SVM_EXIT_READ_CR0 ... SVM_EXIT_WRITE_CR8: {
2462 u32 bit = 1U << (exit_code - SVM_EXIT_READ_CR0);
2463 if (svm->nested.intercept_cr & bit)
2464 vmexit = NESTED_EXIT_DONE;
2467 case SVM_EXIT_READ_DR0 ... SVM_EXIT_WRITE_DR7: {
2468 u32 bit = 1U << (exit_code - SVM_EXIT_READ_DR0);
2469 if (svm->nested.intercept_dr & bit)
2470 vmexit = NESTED_EXIT_DONE;
2473 case SVM_EXIT_EXCP_BASE ... SVM_EXIT_EXCP_BASE + 0x1f: {
2474 u32 excp_bits = 1 << (exit_code - SVM_EXIT_EXCP_BASE);
2475 if (svm->nested.intercept_exceptions & excp_bits)
2476 vmexit = NESTED_EXIT_DONE;
2477 /* async page fault always cause vmexit */
2478 else if ((exit_code == SVM_EXIT_EXCP_BASE + PF_VECTOR) &&
2479 svm->apf_reason != 0)
2480 vmexit = NESTED_EXIT_DONE;
2483 case SVM_EXIT_ERR: {
2484 vmexit = NESTED_EXIT_DONE;
2488 u64 exit_bits = 1ULL << (exit_code - SVM_EXIT_INTR);
2489 if (svm->nested.intercept & exit_bits)
2490 vmexit = NESTED_EXIT_DONE;
2497 static int nested_svm_exit_handled(struct vcpu_svm *svm)
2501 vmexit = nested_svm_intercept(svm);
2503 if (vmexit == NESTED_EXIT_DONE)
2504 nested_svm_vmexit(svm);
2509 static inline void copy_vmcb_control_area(struct vmcb *dst_vmcb, struct vmcb *from_vmcb)
2511 struct vmcb_control_area *dst = &dst_vmcb->control;
2512 struct vmcb_control_area *from = &from_vmcb->control;
2514 dst->intercept_cr = from->intercept_cr;
2515 dst->intercept_dr = from->intercept_dr;
2516 dst->intercept_exceptions = from->intercept_exceptions;
2517 dst->intercept = from->intercept;
2518 dst->iopm_base_pa = from->iopm_base_pa;
2519 dst->msrpm_base_pa = from->msrpm_base_pa;
2520 dst->tsc_offset = from->tsc_offset;
2521 dst->asid = from->asid;
2522 dst->tlb_ctl = from->tlb_ctl;
2523 dst->int_ctl = from->int_ctl;
2524 dst->int_vector = from->int_vector;
2525 dst->int_state = from->int_state;
2526 dst->exit_code = from->exit_code;
2527 dst->exit_code_hi = from->exit_code_hi;
2528 dst->exit_info_1 = from->exit_info_1;
2529 dst->exit_info_2 = from->exit_info_2;
2530 dst->exit_int_info = from->exit_int_info;
2531 dst->exit_int_info_err = from->exit_int_info_err;
2532 dst->nested_ctl = from->nested_ctl;
2533 dst->event_inj = from->event_inj;
2534 dst->event_inj_err = from->event_inj_err;
2535 dst->nested_cr3 = from->nested_cr3;
2536 dst->lbr_ctl = from->lbr_ctl;
2539 static int nested_svm_vmexit(struct vcpu_svm *svm)
2541 struct vmcb *nested_vmcb;
2542 struct vmcb *hsave = svm->nested.hsave;
2543 struct vmcb *vmcb = svm->vmcb;
2546 trace_kvm_nested_vmexit_inject(vmcb->control.exit_code,
2547 vmcb->control.exit_info_1,
2548 vmcb->control.exit_info_2,
2549 vmcb->control.exit_int_info,
2550 vmcb->control.exit_int_info_err,
2553 nested_vmcb = nested_svm_map(svm, svm->nested.vmcb, &page);
2557 /* Exit Guest-Mode */
2558 leave_guest_mode(&svm->vcpu);
2559 svm->nested.vmcb = 0;
2561 /* Give the current vmcb to the guest */
2564 nested_vmcb->save.es = vmcb->save.es;
2565 nested_vmcb->save.cs = vmcb->save.cs;
2566 nested_vmcb->save.ss = vmcb->save.ss;
2567 nested_vmcb->save.ds = vmcb->save.ds;
2568 nested_vmcb->save.gdtr = vmcb->save.gdtr;
2569 nested_vmcb->save.idtr = vmcb->save.idtr;
2570 nested_vmcb->save.efer = svm->vcpu.arch.efer;
2571 nested_vmcb->save.cr0 = kvm_read_cr0(&svm->vcpu);
2572 nested_vmcb->save.cr3 = kvm_read_cr3(&svm->vcpu);
2573 nested_vmcb->save.cr2 = vmcb->save.cr2;
2574 nested_vmcb->save.cr4 = svm->vcpu.arch.cr4;
2575 nested_vmcb->save.rflags = kvm_get_rflags(&svm->vcpu);
2576 nested_vmcb->save.rip = vmcb->save.rip;
2577 nested_vmcb->save.rsp = vmcb->save.rsp;
2578 nested_vmcb->save.rax = vmcb->save.rax;
2579 nested_vmcb->save.dr7 = vmcb->save.dr7;
2580 nested_vmcb->save.dr6 = vmcb->save.dr6;
2581 nested_vmcb->save.cpl = vmcb->save.cpl;
2583 nested_vmcb->control.int_ctl = vmcb->control.int_ctl;
2584 nested_vmcb->control.int_vector = vmcb->control.int_vector;
2585 nested_vmcb->control.int_state = vmcb->control.int_state;
2586 nested_vmcb->control.exit_code = vmcb->control.exit_code;
2587 nested_vmcb->control.exit_code_hi = vmcb->control.exit_code_hi;
2588 nested_vmcb->control.exit_info_1 = vmcb->control.exit_info_1;
2589 nested_vmcb->control.exit_info_2 = vmcb->control.exit_info_2;
2590 nested_vmcb->control.exit_int_info = vmcb->control.exit_int_info;
2591 nested_vmcb->control.exit_int_info_err = vmcb->control.exit_int_info_err;
2593 if (svm->nrips_enabled)
2594 nested_vmcb->control.next_rip = vmcb->control.next_rip;
2597 * If we emulate a VMRUN/#VMEXIT in the same host #vmexit cycle we have
2598 * to make sure that we do not lose injected events. So check event_inj
2599 * here and copy it to exit_int_info if it is valid.
2600 * Exit_int_info and event_inj can't be both valid because the case
2601 * below only happens on a VMRUN instruction intercept which has
2602 * no valid exit_int_info set.
2604 if (vmcb->control.event_inj & SVM_EVTINJ_VALID) {
2605 struct vmcb_control_area *nc = &nested_vmcb->control;
2607 nc->exit_int_info = vmcb->control.event_inj;
2608 nc->exit_int_info_err = vmcb->control.event_inj_err;
2611 nested_vmcb->control.tlb_ctl = 0;
2612 nested_vmcb->control.event_inj = 0;
2613 nested_vmcb->control.event_inj_err = 0;
2615 /* We always set V_INTR_MASKING and remember the old value in hflags */
2616 if (!(svm->vcpu.arch.hflags & HF_VINTR_MASK))
2617 nested_vmcb->control.int_ctl &= ~V_INTR_MASKING_MASK;
2619 /* Restore the original control entries */
2620 copy_vmcb_control_area(vmcb, hsave);
2622 kvm_clear_exception_queue(&svm->vcpu);
2623 kvm_clear_interrupt_queue(&svm->vcpu);
2625 svm->nested.nested_cr3 = 0;
2627 /* Restore selected save entries */
2628 svm->vmcb->save.es = hsave->save.es;
2629 svm->vmcb->save.cs = hsave->save.cs;
2630 svm->vmcb->save.ss = hsave->save.ss;
2631 svm->vmcb->save.ds = hsave->save.ds;
2632 svm->vmcb->save.gdtr = hsave->save.gdtr;
2633 svm->vmcb->save.idtr = hsave->save.idtr;
2634 kvm_set_rflags(&svm->vcpu, hsave->save.rflags);
2635 svm_set_efer(&svm->vcpu, hsave->save.efer);
2636 svm_set_cr0(&svm->vcpu, hsave->save.cr0 | X86_CR0_PE);
2637 svm_set_cr4(&svm->vcpu, hsave->save.cr4);
2639 svm->vmcb->save.cr3 = hsave->save.cr3;
2640 svm->vcpu.arch.cr3 = hsave->save.cr3;
2642 (void)kvm_set_cr3(&svm->vcpu, hsave->save.cr3);
2644 kvm_register_write(&svm->vcpu, VCPU_REGS_RAX, hsave->save.rax);
2645 kvm_register_write(&svm->vcpu, VCPU_REGS_RSP, hsave->save.rsp);
2646 kvm_register_write(&svm->vcpu, VCPU_REGS_RIP, hsave->save.rip);
2647 svm->vmcb->save.dr7 = 0;
2648 svm->vmcb->save.cpl = 0;
2649 svm->vmcb->control.exit_int_info = 0;
2651 mark_all_dirty(svm->vmcb);
2653 nested_svm_unmap(page);
2655 nested_svm_uninit_mmu_context(&svm->vcpu);
2656 kvm_mmu_reset_context(&svm->vcpu);
2657 kvm_mmu_load(&svm->vcpu);
2662 static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
2665 * This function merges the msr permission bitmaps of kvm and the
2666 * nested vmcb. It is optimized in that it only merges the parts where
2667 * the kvm msr permission bitmap may contain zero bits
2671 if (!(svm->nested.intercept & (1ULL << INTERCEPT_MSR_PROT)))
2674 for (i = 0; i < MSRPM_OFFSETS; i++) {
2678 if (msrpm_offsets[i] == 0xffffffff)
2681 p = msrpm_offsets[i];
2682 offset = svm->nested.vmcb_msrpm + (p * 4);
2684 if (kvm_vcpu_read_guest(&svm->vcpu, offset, &value, 4))
2687 svm->nested.msrpm[p] = svm->msrpm[p] | value;
2690 svm->vmcb->control.msrpm_base_pa = __pa(svm->nested.msrpm);
2695 static bool nested_vmcb_checks(struct vmcb *vmcb)
2697 if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0)
2700 if (vmcb->control.asid == 0)
2703 if (vmcb->control.nested_ctl && !npt_enabled)
2709 static bool nested_svm_vmrun(struct vcpu_svm *svm)
2711 struct vmcb *nested_vmcb;
2712 struct vmcb *hsave = svm->nested.hsave;
2713 struct vmcb *vmcb = svm->vmcb;
2717 vmcb_gpa = svm->vmcb->save.rax;
2719 nested_vmcb = nested_svm_map(svm, svm->vmcb->save.rax, &page);
2723 if (!nested_vmcb_checks(nested_vmcb)) {
2724 nested_vmcb->control.exit_code = SVM_EXIT_ERR;
2725 nested_vmcb->control.exit_code_hi = 0;
2726 nested_vmcb->control.exit_info_1 = 0;
2727 nested_vmcb->control.exit_info_2 = 0;
2729 nested_svm_unmap(page);
2734 trace_kvm_nested_vmrun(svm->vmcb->save.rip, vmcb_gpa,
2735 nested_vmcb->save.rip,
2736 nested_vmcb->control.int_ctl,
2737 nested_vmcb->control.event_inj,
2738 nested_vmcb->control.nested_ctl);
2740 trace_kvm_nested_intercepts(nested_vmcb->control.intercept_cr & 0xffff,
2741 nested_vmcb->control.intercept_cr >> 16,
2742 nested_vmcb->control.intercept_exceptions,
2743 nested_vmcb->control.intercept);
2745 /* Clear internal status */
2746 kvm_clear_exception_queue(&svm->vcpu);
2747 kvm_clear_interrupt_queue(&svm->vcpu);
2750 * Save the old vmcb, so we don't need to pick what we save, but can
2751 * restore everything when a VMEXIT occurs
2753 hsave->save.es = vmcb->save.es;
2754 hsave->save.cs = vmcb->save.cs;
2755 hsave->save.ss = vmcb->save.ss;
2756 hsave->save.ds = vmcb->save.ds;
2757 hsave->save.gdtr = vmcb->save.gdtr;
2758 hsave->save.idtr = vmcb->save.idtr;
2759 hsave->save.efer = svm->vcpu.arch.efer;
2760 hsave->save.cr0 = kvm_read_cr0(&svm->vcpu);
2761 hsave->save.cr4 = svm->vcpu.arch.cr4;
2762 hsave->save.rflags = kvm_get_rflags(&svm->vcpu);
2763 hsave->save.rip = kvm_rip_read(&svm->vcpu);
2764 hsave->save.rsp = vmcb->save.rsp;
2765 hsave->save.rax = vmcb->save.rax;
2767 hsave->save.cr3 = vmcb->save.cr3;
2769 hsave->save.cr3 = kvm_read_cr3(&svm->vcpu);
2771 copy_vmcb_control_area(hsave, vmcb);
2773 if (kvm_get_rflags(&svm->vcpu) & X86_EFLAGS_IF)
2774 svm->vcpu.arch.hflags |= HF_HIF_MASK;
2776 svm->vcpu.arch.hflags &= ~HF_HIF_MASK;
2778 if (nested_vmcb->control.nested_ctl) {
2779 kvm_mmu_unload(&svm->vcpu);
2780 svm->nested.nested_cr3 = nested_vmcb->control.nested_cr3;
2781 nested_svm_init_mmu_context(&svm->vcpu);
2784 /* Load the nested guest state */
2785 svm->vmcb->save.es = nested_vmcb->save.es;
2786 svm->vmcb->save.cs = nested_vmcb->save.cs;
2787 svm->vmcb->save.ss = nested_vmcb->save.ss;
2788 svm->vmcb->save.ds = nested_vmcb->save.ds;
2789 svm->vmcb->save.gdtr = nested_vmcb->save.gdtr;
2790 svm->vmcb->save.idtr = nested_vmcb->save.idtr;
2791 kvm_set_rflags(&svm->vcpu, nested_vmcb->save.rflags);
2792 svm_set_efer(&svm->vcpu, nested_vmcb->save.efer);
2793 svm_set_cr0(&svm->vcpu, nested_vmcb->save.cr0);
2794 svm_set_cr4(&svm->vcpu, nested_vmcb->save.cr4);
2796 svm->vmcb->save.cr3 = nested_vmcb->save.cr3;
2797 svm->vcpu.arch.cr3 = nested_vmcb->save.cr3;
2799 (void)kvm_set_cr3(&svm->vcpu, nested_vmcb->save.cr3);
2801 /* Guest paging mode is active - reset mmu */
2802 kvm_mmu_reset_context(&svm->vcpu);
2804 svm->vmcb->save.cr2 = svm->vcpu.arch.cr2 = nested_vmcb->save.cr2;
2805 kvm_register_write(&svm->vcpu, VCPU_REGS_RAX, nested_vmcb->save.rax);
2806 kvm_register_write(&svm->vcpu, VCPU_REGS_RSP, nested_vmcb->save.rsp);
2807 kvm_register_write(&svm->vcpu, VCPU_REGS_RIP, nested_vmcb->save.rip);
2809 /* In case we don't even reach vcpu_run, the fields are not updated */
2810 svm->vmcb->save.rax = nested_vmcb->save.rax;
2811 svm->vmcb->save.rsp = nested_vmcb->save.rsp;
2812 svm->vmcb->save.rip = nested_vmcb->save.rip;
2813 svm->vmcb->save.dr7 = nested_vmcb->save.dr7;
2814 svm->vmcb->save.dr6 = nested_vmcb->save.dr6;
2815 svm->vmcb->save.cpl = nested_vmcb->save.cpl;
2817 svm->nested.vmcb_msrpm = nested_vmcb->control.msrpm_base_pa & ~0x0fffULL;
2818 svm->nested.vmcb_iopm = nested_vmcb->control.iopm_base_pa & ~0x0fffULL;
2820 /* cache intercepts */
2821 svm->nested.intercept_cr = nested_vmcb->control.intercept_cr;
2822 svm->nested.intercept_dr = nested_vmcb->control.intercept_dr;
2823 svm->nested.intercept_exceptions = nested_vmcb->control.intercept_exceptions;
2824 svm->nested.intercept = nested_vmcb->control.intercept;
2826 svm_flush_tlb(&svm->vcpu);
2827 svm->vmcb->control.int_ctl = nested_vmcb->control.int_ctl | V_INTR_MASKING_MASK;
2828 if (nested_vmcb->control.int_ctl & V_INTR_MASKING_MASK)
2829 svm->vcpu.arch.hflags |= HF_VINTR_MASK;
2831 svm->vcpu.arch.hflags &= ~HF_VINTR_MASK;
2833 if (svm->vcpu.arch.hflags & HF_VINTR_MASK) {
2834 /* We only want the cr8 intercept bits of the guest */
2835 clr_cr_intercept(svm, INTERCEPT_CR8_READ);
2836 clr_cr_intercept(svm, INTERCEPT_CR8_WRITE);
2839 /* We don't want to see VMMCALLs from a nested guest */
2840 clr_intercept(svm, INTERCEPT_VMMCALL);
2842 svm->vmcb->control.lbr_ctl = nested_vmcb->control.lbr_ctl;
2843 svm->vmcb->control.int_vector = nested_vmcb->control.int_vector;
2844 svm->vmcb->control.int_state = nested_vmcb->control.int_state;
2845 svm->vmcb->control.tsc_offset += nested_vmcb->control.tsc_offset;
2846 svm->vmcb->control.event_inj = nested_vmcb->control.event_inj;
2847 svm->vmcb->control.event_inj_err = nested_vmcb->control.event_inj_err;
2849 nested_svm_unmap(page);
2851 /* Enter Guest-Mode */
2852 enter_guest_mode(&svm->vcpu);
2855 * Merge guest and host intercepts - must be called with vcpu in
2856 * guest-mode to take affect here
2858 recalc_intercepts(svm);
2860 svm->nested.vmcb = vmcb_gpa;
2864 mark_all_dirty(svm->vmcb);
2869 static void nested_svm_vmloadsave(struct vmcb *from_vmcb, struct vmcb *to_vmcb)
2871 to_vmcb->save.fs = from_vmcb->save.fs;
2872 to_vmcb->save.gs = from_vmcb->save.gs;
2873 to_vmcb->save.tr = from_vmcb->save.tr;
2874 to_vmcb->save.ldtr = from_vmcb->save.ldtr;
2875 to_vmcb->save.kernel_gs_base = from_vmcb->save.kernel_gs_base;
2876 to_vmcb->save.star = from_vmcb->save.star;
2877 to_vmcb->save.lstar = from_vmcb->save.lstar;
2878 to_vmcb->save.cstar = from_vmcb->save.cstar;
2879 to_vmcb->save.sfmask = from_vmcb->save.sfmask;
2880 to_vmcb->save.sysenter_cs = from_vmcb->save.sysenter_cs;
2881 to_vmcb->save.sysenter_esp = from_vmcb->save.sysenter_esp;
2882 to_vmcb->save.sysenter_eip = from_vmcb->save.sysenter_eip;
2885 static int vmload_interception(struct vcpu_svm *svm)
2887 struct vmcb *nested_vmcb;
2890 if (nested_svm_check_permissions(svm))
2893 nested_vmcb = nested_svm_map(svm, svm->vmcb->save.rax, &page);
2897 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
2898 skip_emulated_instruction(&svm->vcpu);
2900 nested_svm_vmloadsave(nested_vmcb, svm->vmcb);
2901 nested_svm_unmap(page);
2906 static int vmsave_interception(struct vcpu_svm *svm)
2908 struct vmcb *nested_vmcb;
2911 if (nested_svm_check_permissions(svm))
2914 nested_vmcb = nested_svm_map(svm, svm->vmcb->save.rax, &page);
2918 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
2919 skip_emulated_instruction(&svm->vcpu);
2921 nested_svm_vmloadsave(svm->vmcb, nested_vmcb);
2922 nested_svm_unmap(page);
2927 static int vmrun_interception(struct vcpu_svm *svm)
2929 if (nested_svm_check_permissions(svm))
2932 /* Save rip after vmrun instruction */
2933 kvm_rip_write(&svm->vcpu, kvm_rip_read(&svm->vcpu) + 3);
2935 if (!nested_svm_vmrun(svm))
2938 if (!nested_svm_vmrun_msrpm(svm))
2945 svm->vmcb->control.exit_code = SVM_EXIT_ERR;
2946 svm->vmcb->control.exit_code_hi = 0;
2947 svm->vmcb->control.exit_info_1 = 0;
2948 svm->vmcb->control.exit_info_2 = 0;
2950 nested_svm_vmexit(svm);
2955 static int stgi_interception(struct vcpu_svm *svm)
2957 if (nested_svm_check_permissions(svm))
2960 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
2961 skip_emulated_instruction(&svm->vcpu);
2962 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
2969 static int clgi_interception(struct vcpu_svm *svm)
2971 if (nested_svm_check_permissions(svm))
2974 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
2975 skip_emulated_instruction(&svm->vcpu);
2979 /* After a CLGI no interrupts should come */
2980 if (!kvm_vcpu_apicv_active(&svm->vcpu)) {
2981 svm_clear_vintr(svm);
2982 svm->vmcb->control.int_ctl &= ~V_IRQ_MASK;
2983 mark_dirty(svm->vmcb, VMCB_INTR);
2989 static int invlpga_interception(struct vcpu_svm *svm)
2991 struct kvm_vcpu *vcpu = &svm->vcpu;
2993 trace_kvm_invlpga(svm->vmcb->save.rip, kvm_register_read(&svm->vcpu, VCPU_REGS_RCX),
2994 kvm_register_read(&svm->vcpu, VCPU_REGS_RAX));
2996 /* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
2997 kvm_mmu_invlpg(vcpu, kvm_register_read(&svm->vcpu, VCPU_REGS_RAX));
2999 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
3000 skip_emulated_instruction(&svm->vcpu);
3004 static int skinit_interception(struct vcpu_svm *svm)
3006 trace_kvm_skinit(svm->vmcb->save.rip, kvm_register_read(&svm->vcpu, VCPU_REGS_RAX));
3008 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
3012 static int wbinvd_interception(struct vcpu_svm *svm)
3014 kvm_emulate_wbinvd(&svm->vcpu);
3018 static int xsetbv_interception(struct vcpu_svm *svm)
3020 u64 new_bv = kvm_read_edx_eax(&svm->vcpu);
3021 u32 index = kvm_register_read(&svm->vcpu, VCPU_REGS_RCX);
3023 if (kvm_set_xcr(&svm->vcpu, index, new_bv) == 0) {
3024 svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
3025 skip_emulated_instruction(&svm->vcpu);
3031 static int task_switch_interception(struct vcpu_svm *svm)
3035 int int_type = svm->vmcb->control.exit_int_info &
3036 SVM_EXITINTINFO_TYPE_MASK;
3037 int int_vec = svm->vmcb->control.exit_int_info & SVM_EVTINJ_VEC_MASK;
3039 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_TYPE_MASK;
3041 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID;
3042 bool has_error_code = false;
3045 tss_selector = (u16)svm->vmcb->control.exit_info_1;
3047 if (svm->vmcb->control.exit_info_2 &
3048 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_IRET))
3049 reason = TASK_SWITCH_IRET;
3050 else if (svm->vmcb->control.exit_info_2 &
3051 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
3052 reason = TASK_SWITCH_JMP;
3054 reason = TASK_SWITCH_GATE;
3056 reason = TASK_SWITCH_CALL;
3058 if (reason == TASK_SWITCH_GATE) {
3060 case SVM_EXITINTINFO_TYPE_NMI:
3061 svm->vcpu.arch.nmi_injected = false;
3063 case SVM_EXITINTINFO_TYPE_EXEPT:
3064 if (svm->vmcb->control.exit_info_2 &
3065 (1ULL << SVM_EXITINFOSHIFT_TS_HAS_ERROR_CODE)) {
3066 has_error_code = true;
3068 (u32)svm->vmcb->control.exit_info_2;
3070 kvm_clear_exception_queue(&svm->vcpu);
3072 case SVM_EXITINTINFO_TYPE_INTR:
3073 kvm_clear_interrupt_queue(&svm->vcpu);
3080 if (reason != TASK_SWITCH_GATE ||
3081 int_type == SVM_EXITINTINFO_TYPE_SOFT ||
3082 (int_type == SVM_EXITINTINFO_TYPE_EXEPT &&
3083 (int_vec == OF_VECTOR || int_vec == BP_VECTOR)))
3084 skip_emulated_instruction(&svm->vcpu);
3086 if (int_type != SVM_EXITINTINFO_TYPE_SOFT)
3089 if (kvm_task_switch(&svm->vcpu, tss_selector, int_vec, reason,
3090 has_error_code, error_code) == EMULATE_FAIL) {
3091 svm->vcpu.run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
3092 svm->vcpu.run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
3093 svm->vcpu.run->internal.ndata = 0;
3099 static int cpuid_interception(struct vcpu_svm *svm)
3101 svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
3102 kvm_emulate_cpuid(&svm->vcpu);
3106 static int iret_interception(struct vcpu_svm *svm)
3108 ++svm->vcpu.stat.nmi_window_exits;
3109 clr_intercept(svm, INTERCEPT_IRET);
3110 svm->vcpu.arch.hflags |= HF_IRET_MASK;
3111 svm->nmi_iret_rip = kvm_rip_read(&svm->vcpu);
3112 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
3116 static int invlpg_interception(struct vcpu_svm *svm)
3118 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
3119 return emulate_instruction(&svm->vcpu, 0) == EMULATE_DONE;
3121 kvm_mmu_invlpg(&svm->vcpu, svm->vmcb->control.exit_info_1);
3122 skip_emulated_instruction(&svm->vcpu);
3126 static int emulate_on_interception(struct vcpu_svm *svm)
3128 return emulate_instruction(&svm->vcpu, 0) == EMULATE_DONE;
3131 static int rdpmc_interception(struct vcpu_svm *svm)
3135 if (!static_cpu_has(X86_FEATURE_NRIPS))
3136 return emulate_on_interception(svm);
3138 err = kvm_rdpmc(&svm->vcpu);
3139 kvm_complete_insn_gp(&svm->vcpu, err);
3144 static bool check_selective_cr0_intercepted(struct vcpu_svm *svm,
3147 unsigned long cr0 = svm->vcpu.arch.cr0;
3151 intercept = svm->nested.intercept;
3153 if (!is_guest_mode(&svm->vcpu) ||
3154 (!(intercept & (1ULL << INTERCEPT_SELECTIVE_CR0))))
3157 cr0 &= ~SVM_CR0_SELECTIVE_MASK;
3158 val &= ~SVM_CR0_SELECTIVE_MASK;
3161 svm->vmcb->control.exit_code = SVM_EXIT_CR0_SEL_WRITE;
3162 ret = (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE);
3168 #define CR_VALID (1ULL << 63)
3170 static int cr_interception(struct vcpu_svm *svm)
3176 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
3177 return emulate_on_interception(svm);
3179 if (unlikely((svm->vmcb->control.exit_info_1 & CR_VALID) == 0))
3180 return emulate_on_interception(svm);
3182 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
3183 if (svm->vmcb->control.exit_code == SVM_EXIT_CR0_SEL_WRITE)
3184 cr = SVM_EXIT_WRITE_CR0 - SVM_EXIT_READ_CR0;
3186 cr = svm->vmcb->control.exit_code - SVM_EXIT_READ_CR0;
3189 if (cr >= 16) { /* mov to cr */
3191 val = kvm_register_read(&svm->vcpu, reg);
3194 if (!check_selective_cr0_intercepted(svm, val))
3195 err = kvm_set_cr0(&svm->vcpu, val);
3201 err = kvm_set_cr3(&svm->vcpu, val);
3204 err = kvm_set_cr4(&svm->vcpu, val);
3207 err = kvm_set_cr8(&svm->vcpu, val);
3210 WARN(1, "unhandled write to CR%d", cr);
3211 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
3214 } else { /* mov from cr */
3217 val = kvm_read_cr0(&svm->vcpu);
3220 val = svm->vcpu.arch.cr2;
3223 val = kvm_read_cr3(&svm->vcpu);
3226 val = kvm_read_cr4(&svm->vcpu);
3229 val = kvm_get_cr8(&svm->vcpu);
3232 WARN(1, "unhandled read from CR%d", cr);
3233 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
3236 kvm_register_write(&svm->vcpu, reg, val);
3238 kvm_complete_insn_gp(&svm->vcpu, err);
3243 static int dr_interception(struct vcpu_svm *svm)
3248 if (svm->vcpu.guest_debug == 0) {
3250 * No more DR vmexits; force a reload of the debug registers
3251 * and reenter on this instruction. The next vmexit will
3252 * retrieve the full state of the debug registers.
3254 clr_dr_intercepts(svm);
3255 svm->vcpu.arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
3259 if (!boot_cpu_has(X86_FEATURE_DECODEASSISTS))
3260 return emulate_on_interception(svm);
3262 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
3263 dr = svm->vmcb->control.exit_code - SVM_EXIT_READ_DR0;
3265 if (dr >= 16) { /* mov to DRn */
3266 if (!kvm_require_dr(&svm->vcpu, dr - 16))
3268 val = kvm_register_read(&svm->vcpu, reg);
3269 kvm_set_dr(&svm->vcpu, dr - 16, val);
3271 if (!kvm_require_dr(&svm->vcpu, dr))
3273 kvm_get_dr(&svm->vcpu, dr, &val);
3274 kvm_register_write(&svm->vcpu, reg, val);
3277 skip_emulated_instruction(&svm->vcpu);
3282 static int cr8_write_interception(struct vcpu_svm *svm)
3284 struct kvm_run *kvm_run = svm->vcpu.run;
3287 u8 cr8_prev = kvm_get_cr8(&svm->vcpu);
3288 /* instruction emulation calls kvm_set_cr8() */
3289 r = cr_interception(svm);
3290 if (lapic_in_kernel(&svm->vcpu))
3292 if (cr8_prev <= kvm_get_cr8(&svm->vcpu))
3294 kvm_run->exit_reason = KVM_EXIT_SET_TPR;
3298 static u64 svm_read_l1_tsc(struct kvm_vcpu *vcpu, u64 host_tsc)
3300 struct vmcb *vmcb = get_host_vmcb(to_svm(vcpu));
3301 return vmcb->control.tsc_offset + host_tsc;
3304 static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
3306 struct vcpu_svm *svm = to_svm(vcpu);
3308 switch (msr_info->index) {
3309 case MSR_IA32_TSC: {
3310 msr_info->data = svm->vmcb->control.tsc_offset +
3311 kvm_scale_tsc(vcpu, rdtsc());
3316 msr_info->data = svm->vmcb->save.star;
3318 #ifdef CONFIG_X86_64
3320 msr_info->data = svm->vmcb->save.lstar;
3323 msr_info->data = svm->vmcb->save.cstar;
3325 case MSR_KERNEL_GS_BASE:
3326 msr_info->data = svm->vmcb->save.kernel_gs_base;
3328 case MSR_SYSCALL_MASK:
3329 msr_info->data = svm->vmcb->save.sfmask;
3332 case MSR_IA32_SYSENTER_CS:
3333 msr_info->data = svm->vmcb->save.sysenter_cs;
3335 case MSR_IA32_SYSENTER_EIP:
3336 msr_info->data = svm->sysenter_eip;
3338 case MSR_IA32_SYSENTER_ESP:
3339 msr_info->data = svm->sysenter_esp;
3342 if (!boot_cpu_has(X86_FEATURE_RDTSCP))
3344 msr_info->data = svm->tsc_aux;
3347 * Nobody will change the following 5 values in the VMCB so we can
3348 * safely return them on rdmsr. They will always be 0 until LBRV is
3351 case MSR_IA32_DEBUGCTLMSR:
3352 msr_info->data = svm->vmcb->save.dbgctl;
3354 case MSR_IA32_LASTBRANCHFROMIP:
3355 msr_info->data = svm->vmcb->save.br_from;
3357 case MSR_IA32_LASTBRANCHTOIP:
3358 msr_info->data = svm->vmcb->save.br_to;
3360 case MSR_IA32_LASTINTFROMIP:
3361 msr_info->data = svm->vmcb->save.last_excp_from;
3363 case MSR_IA32_LASTINTTOIP:
3364 msr_info->data = svm->vmcb->save.last_excp_to;
3366 case MSR_VM_HSAVE_PA:
3367 msr_info->data = svm->nested.hsave_msr;
3370 msr_info->data = svm->nested.vm_cr_msr;
3372 case MSR_IA32_UCODE_REV:
3373 msr_info->data = 0x01000065;
3375 case MSR_F15H_IC_CFG: {
3379 family = guest_cpuid_family(vcpu);
3380 model = guest_cpuid_model(vcpu);
3382 if (family < 0 || model < 0)
3383 return kvm_get_msr_common(vcpu, msr_info);
3387 if (family == 0x15 &&
3388 (model >= 0x2 && model < 0x20))
3389 msr_info->data = 0x1E;
3393 return kvm_get_msr_common(vcpu, msr_info);
3398 static int rdmsr_interception(struct vcpu_svm *svm)
3400 u32 ecx = kvm_register_read(&svm->vcpu, VCPU_REGS_RCX);
3401 struct msr_data msr_info;
3403 msr_info.index = ecx;
3404 msr_info.host_initiated = false;
3405 if (svm_get_msr(&svm->vcpu, &msr_info)) {
3406 trace_kvm_msr_read_ex(ecx);
3407 kvm_inject_gp(&svm->vcpu, 0);
3409 trace_kvm_msr_read(ecx, msr_info.data);
3411 kvm_register_write(&svm->vcpu, VCPU_REGS_RAX,
3412 msr_info.data & 0xffffffff);
3413 kvm_register_write(&svm->vcpu, VCPU_REGS_RDX,
3414 msr_info.data >> 32);
3415 svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
3416 skip_emulated_instruction(&svm->vcpu);
3421 static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
3423 struct vcpu_svm *svm = to_svm(vcpu);
3424 int svm_dis, chg_mask;
3426 if (data & ~SVM_VM_CR_VALID_MASK)
3429 chg_mask = SVM_VM_CR_VALID_MASK;
3431 if (svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK)
3432 chg_mask &= ~(SVM_VM_CR_SVM_LOCK_MASK | SVM_VM_CR_SVM_DIS_MASK);
3434 svm->nested.vm_cr_msr &= ~chg_mask;
3435 svm->nested.vm_cr_msr |= (data & chg_mask);
3437 svm_dis = svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK;
3439 /* check for svm_disable while efer.svme is set */
3440 if (svm_dis && (vcpu->arch.efer & EFER_SVME))
3446 static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
3448 struct vcpu_svm *svm = to_svm(vcpu);
3450 u32 ecx = msr->index;
3451 u64 data = msr->data;
3454 kvm_write_tsc(vcpu, msr);
3457 svm->vmcb->save.star = data;
3459 #ifdef CONFIG_X86_64
3461 svm->vmcb->save.lstar = data;
3464 svm->vmcb->save.cstar = data;
3466 case MSR_KERNEL_GS_BASE:
3467 svm->vmcb->save.kernel_gs_base = data;
3469 case MSR_SYSCALL_MASK:
3470 svm->vmcb->save.sfmask = data;
3473 case MSR_IA32_SYSENTER_CS:
3474 svm->vmcb->save.sysenter_cs = data;
3476 case MSR_IA32_SYSENTER_EIP:
3477 svm->sysenter_eip = data;
3478 svm->vmcb->save.sysenter_eip = data;
3480 case MSR_IA32_SYSENTER_ESP:
3481 svm->sysenter_esp = data;
3482 svm->vmcb->save.sysenter_esp = data;
3485 if (!boot_cpu_has(X86_FEATURE_RDTSCP))
3489 * This is rare, so we update the MSR here instead of using
3490 * direct_access_msrs. Doing that would require a rdmsr in
3493 svm->tsc_aux = data;
3494 wrmsrl(MSR_TSC_AUX, svm->tsc_aux);
3496 case MSR_IA32_DEBUGCTLMSR:
3497 if (!boot_cpu_has(X86_FEATURE_LBRV)) {
3498 vcpu_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTL 0x%llx, nop\n",
3502 if (data & DEBUGCTL_RESERVED_BITS)
3505 svm->vmcb->save.dbgctl = data;
3506 mark_dirty(svm->vmcb, VMCB_LBR);
3507 if (data & (1ULL<<0))
3508 svm_enable_lbrv(svm);
3510 svm_disable_lbrv(svm);
3512 case MSR_VM_HSAVE_PA:
3513 svm->nested.hsave_msr = data;
3516 return svm_set_vm_cr(vcpu, data);
3518 vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
3520 case MSR_IA32_APICBASE:
3521 if (kvm_vcpu_apicv_active(vcpu))
3522 avic_update_vapic_bar(to_svm(vcpu), data);
3523 /* Follow through */
3525 return kvm_set_msr_common(vcpu, msr);
3530 static int wrmsr_interception(struct vcpu_svm *svm)
3532 struct msr_data msr;
3533 u32 ecx = kvm_register_read(&svm->vcpu, VCPU_REGS_RCX);
3534 u64 data = kvm_read_edx_eax(&svm->vcpu);
3538 msr.host_initiated = false;
3540 svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
3541 if (kvm_set_msr(&svm->vcpu, &msr)) {
3542 trace_kvm_msr_write_ex(ecx, data);
3543 kvm_inject_gp(&svm->vcpu, 0);
3545 trace_kvm_msr_write(ecx, data);
3546 skip_emulated_instruction(&svm->vcpu);
3551 static int msr_interception(struct vcpu_svm *svm)
3553 if (svm->vmcb->control.exit_info_1)
3554 return wrmsr_interception(svm);
3556 return rdmsr_interception(svm);
3559 static int interrupt_window_interception(struct vcpu_svm *svm)
3561 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
3562 svm_clear_vintr(svm);
3563 svm->vmcb->control.int_ctl &= ~V_IRQ_MASK;
3564 mark_dirty(svm->vmcb, VMCB_INTR);
3565 ++svm->vcpu.stat.irq_window_exits;
3569 static int pause_interception(struct vcpu_svm *svm)
3571 kvm_vcpu_on_spin(&(svm->vcpu));
3575 static int nop_interception(struct vcpu_svm *svm)
3577 skip_emulated_instruction(&(svm->vcpu));
3581 static int monitor_interception(struct vcpu_svm *svm)
3583 printk_once(KERN_WARNING "kvm: MONITOR instruction emulated as NOP!\n");
3584 return nop_interception(svm);
3587 static int mwait_interception(struct vcpu_svm *svm)
3589 printk_once(KERN_WARNING "kvm: MWAIT instruction emulated as NOP!\n");
3590 return nop_interception(svm);
3593 enum avic_ipi_failure_cause {
3594 AVIC_IPI_FAILURE_INVALID_INT_TYPE,
3595 AVIC_IPI_FAILURE_TARGET_NOT_RUNNING,
3596 AVIC_IPI_FAILURE_INVALID_TARGET,
3597 AVIC_IPI_FAILURE_INVALID_BACKING_PAGE,
3600 static int avic_incomplete_ipi_interception(struct vcpu_svm *svm)
3602 u32 icrh = svm->vmcb->control.exit_info_1 >> 32;
3603 u32 icrl = svm->vmcb->control.exit_info_1;
3604 u32 id = svm->vmcb->control.exit_info_2 >> 32;
3605 u32 index = svm->vmcb->control.exit_info_2 & 0xFF;
3606 struct kvm_lapic *apic = svm->vcpu.arch.apic;
3608 trace_kvm_avic_incomplete_ipi(svm->vcpu.vcpu_id, icrh, icrl, id, index);
3611 case AVIC_IPI_FAILURE_INVALID_INT_TYPE:
3613 * AVIC hardware handles the generation of
3614 * IPIs when the specified Message Type is Fixed
3615 * (also known as fixed delivery mode) and
3616 * the Trigger Mode is edge-triggered. The hardware
3617 * also supports self and broadcast delivery modes
3618 * specified via the Destination Shorthand(DSH)
3619 * field of the ICRL. Logical and physical APIC ID
3620 * formats are supported. All other IPI types cause
3621 * a #VMEXIT, which needs to emulated.
3623 kvm_lapic_reg_write(apic, APIC_ICR2, icrh);
3624 kvm_lapic_reg_write(apic, APIC_ICR, icrl);
3626 case AVIC_IPI_FAILURE_TARGET_NOT_RUNNING: {
3628 struct kvm_vcpu *vcpu;
3629 struct kvm *kvm = svm->vcpu.kvm;
3630 struct kvm_lapic *apic = svm->vcpu.arch.apic;
3633 * At this point, we expect that the AVIC HW has already
3634 * set the appropriate IRR bits on the valid target
3635 * vcpus. So, we just need to kick the appropriate vcpu.
3637 kvm_for_each_vcpu(i, vcpu, kvm) {
3638 bool m = kvm_apic_match_dest(vcpu, apic,
3639 icrl & KVM_APIC_SHORT_MASK,
3640 GET_APIC_DEST_FIELD(icrh),
3641 icrl & KVM_APIC_DEST_MASK);
3643 if (m && !avic_vcpu_is_running(vcpu))
3644 kvm_vcpu_wake_up(vcpu);
3648 case AVIC_IPI_FAILURE_INVALID_TARGET:
3650 case AVIC_IPI_FAILURE_INVALID_BACKING_PAGE:
3651 WARN_ONCE(1, "Invalid backing page\n");
3654 pr_err("Unknown IPI interception\n");
3660 static u32 *avic_get_logical_id_entry(struct kvm_vcpu *vcpu, u32 ldr, bool flat)
3662 struct kvm_arch *vm_data = &vcpu->kvm->arch;
3664 u32 *logical_apic_id_table;
3665 int dlid = GET_APIC_LOGICAL_ID(ldr);
3670 if (flat) { /* flat */
3671 index = ffs(dlid) - 1;
3674 } else { /* cluster */
3675 int cluster = (dlid & 0xf0) >> 4;
3676 int apic = ffs(dlid & 0x0f) - 1;
3678 if ((apic < 0) || (apic > 7) ||
3681 index = (cluster << 2) + apic;
3684 logical_apic_id_table = (u32 *) page_address(vm_data->avic_logical_id_table_page);
3686 return &logical_apic_id_table[index];
3689 static int avic_ldr_write(struct kvm_vcpu *vcpu, u8 g_physical_id, u32 ldr,
3693 u32 *entry, new_entry;
3695 flat = kvm_lapic_get_reg(vcpu->arch.apic, APIC_DFR) == APIC_DFR_FLAT;
3696 entry = avic_get_logical_id_entry(vcpu, ldr, flat);
3700 new_entry = READ_ONCE(*entry);
3701 new_entry &= ~AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK;
3702 new_entry |= (g_physical_id & AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK);
3704 new_entry |= AVIC_LOGICAL_ID_ENTRY_VALID_MASK;
3706 new_entry &= ~AVIC_LOGICAL_ID_ENTRY_VALID_MASK;
3707 WRITE_ONCE(*entry, new_entry);
3712 static int avic_handle_ldr_update(struct kvm_vcpu *vcpu)
3715 struct vcpu_svm *svm = to_svm(vcpu);
3716 u32 ldr = kvm_lapic_get_reg(vcpu->arch.apic, APIC_LDR);
3721 ret = avic_ldr_write(vcpu, vcpu->vcpu_id, ldr, true);
3722 if (ret && svm->ldr_reg) {
3723 avic_ldr_write(vcpu, 0, svm->ldr_reg, false);
3731 static int avic_handle_apic_id_update(struct kvm_vcpu *vcpu)
3734 struct vcpu_svm *svm = to_svm(vcpu);
3735 u32 apic_id_reg = kvm_lapic_get_reg(vcpu->arch.apic, APIC_ID);
3736 u32 id = (apic_id_reg >> 24) & 0xff;
3738 if (vcpu->vcpu_id == id)
3741 old = avic_get_physical_id_entry(vcpu, vcpu->vcpu_id);
3742 new = avic_get_physical_id_entry(vcpu, id);
3746 /* We need to move physical_id_entry to new offset */
3749 to_svm(vcpu)->avic_physical_id_cache = new;
3752 * Also update the guest physical APIC ID in the logical
3753 * APIC ID table entry if already setup the LDR.
3756 avic_handle_ldr_update(vcpu);
3761 static int avic_handle_dfr_update(struct kvm_vcpu *vcpu)
3763 struct vcpu_svm *svm = to_svm(vcpu);
3764 struct kvm_arch *vm_data = &vcpu->kvm->arch;
3765 u32 dfr = kvm_lapic_get_reg(vcpu->arch.apic, APIC_DFR);
3766 u32 mod = (dfr >> 28) & 0xf;
3769 * We assume that all local APICs are using the same type.
3770 * If this changes, we need to flush the AVIC logical
3773 if (vm_data->ldr_mode == mod)
3776 clear_page(page_address(vm_data->avic_logical_id_table_page));
3777 vm_data->ldr_mode = mod;
3780 avic_handle_ldr_update(vcpu);
3784 static int avic_unaccel_trap_write(struct vcpu_svm *svm)
3786 struct kvm_lapic *apic = svm->vcpu.arch.apic;
3787 u32 offset = svm->vmcb->control.exit_info_1 &
3788 AVIC_UNACCEL_ACCESS_OFFSET_MASK;
3792 if (avic_handle_apic_id_update(&svm->vcpu))
3796 if (avic_handle_ldr_update(&svm->vcpu))
3800 avic_handle_dfr_update(&svm->vcpu);
3806 kvm_lapic_reg_write(apic, offset, kvm_lapic_get_reg(apic, offset));
3811 static bool is_avic_unaccelerated_access_trap(u32 offset)
3840 static int avic_unaccelerated_access_interception(struct vcpu_svm *svm)
3843 u32 offset = svm->vmcb->control.exit_info_1 &
3844 AVIC_UNACCEL_ACCESS_OFFSET_MASK;
3845 u32 vector = svm->vmcb->control.exit_info_2 &
3846 AVIC_UNACCEL_ACCESS_VECTOR_MASK;
3847 bool write = (svm->vmcb->control.exit_info_1 >> 32) &
3848 AVIC_UNACCEL_ACCESS_WRITE_MASK;
3849 bool trap = is_avic_unaccelerated_access_trap(offset);
3851 trace_kvm_avic_unaccelerated_access(svm->vcpu.vcpu_id, offset,
3852 trap, write, vector);
3855 WARN_ONCE(!write, "svm: Handling trap read.\n");
3856 ret = avic_unaccel_trap_write(svm);
3858 /* Handling Fault */
3859 ret = (emulate_instruction(&svm->vcpu, 0) == EMULATE_DONE);
3865 static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
3866 [SVM_EXIT_READ_CR0] = cr_interception,
3867 [SVM_EXIT_READ_CR3] = cr_interception,
3868 [SVM_EXIT_READ_CR4] = cr_interception,
3869 [SVM_EXIT_READ_CR8] = cr_interception,
3870 [SVM_EXIT_CR0_SEL_WRITE] = cr_interception,
3871 [SVM_EXIT_WRITE_CR0] = cr_interception,
3872 [SVM_EXIT_WRITE_CR3] = cr_interception,
3873 [SVM_EXIT_WRITE_CR4] = cr_interception,
3874 [SVM_EXIT_WRITE_CR8] = cr8_write_interception,
3875 [SVM_EXIT_READ_DR0] = dr_interception,
3876 [SVM_EXIT_READ_DR1] = dr_interception,
3877 [SVM_EXIT_READ_DR2] = dr_interception,
3878 [SVM_EXIT_READ_DR3] = dr_interception,
3879 [SVM_EXIT_READ_DR4] = dr_interception,
3880 [SVM_EXIT_READ_DR5] = dr_interception,
3881 [SVM_EXIT_READ_DR6] = dr_interception,
3882 [SVM_EXIT_READ_DR7] = dr_interception,
3883 [SVM_EXIT_WRITE_DR0] = dr_interception,
3884 [SVM_EXIT_WRITE_DR1] = dr_interception,
3885 [SVM_EXIT_WRITE_DR2] = dr_interception,
3886 [SVM_EXIT_WRITE_DR3] = dr_interception,
3887 [SVM_EXIT_WRITE_DR4] = dr_interception,
3888 [SVM_EXIT_WRITE_DR5] = dr_interception,
3889 [SVM_EXIT_WRITE_DR6] = dr_interception,
3890 [SVM_EXIT_WRITE_DR7] = dr_interception,
3891 [SVM_EXIT_EXCP_BASE + DB_VECTOR] = db_interception,
3892 [SVM_EXIT_EXCP_BASE + BP_VECTOR] = bp_interception,
3893 [SVM_EXIT_EXCP_BASE + UD_VECTOR] = ud_interception,
3894 [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
3895 [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
3896 [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
3897 [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
3898 [SVM_EXIT_INTR] = intr_interception,
3899 [SVM_EXIT_NMI] = nmi_interception,
3900 [SVM_EXIT_SMI] = nop_on_interception,
3901 [SVM_EXIT_INIT] = nop_on_interception,
3902 [SVM_EXIT_VINTR] = interrupt_window_interception,
3903 [SVM_EXIT_RDPMC] = rdpmc_interception,
3904 [SVM_EXIT_CPUID] = cpuid_interception,
3905 [SVM_EXIT_IRET] = iret_interception,
3906 [SVM_EXIT_INVD] = emulate_on_interception,
3907 [SVM_EXIT_PAUSE] = pause_interception,
3908 [SVM_EXIT_HLT] = halt_interception,
3909 [SVM_EXIT_INVLPG] = invlpg_interception,
3910 [SVM_EXIT_INVLPGA] = invlpga_interception,
3911 [SVM_EXIT_IOIO] = io_interception,
3912 [SVM_EXIT_MSR] = msr_interception,
3913 [SVM_EXIT_TASK_SWITCH] = task_switch_interception,
3914 [SVM_EXIT_SHUTDOWN] = shutdown_interception,
3915 [SVM_EXIT_VMRUN] = vmrun_interception,
3916 [SVM_EXIT_VMMCALL] = vmmcall_interception,
3917 [SVM_EXIT_VMLOAD] = vmload_interception,
3918 [SVM_EXIT_VMSAVE] = vmsave_interception,
3919 [SVM_EXIT_STGI] = stgi_interception,
3920 [SVM_EXIT_CLGI] = clgi_interception,
3921 [SVM_EXIT_SKINIT] = skinit_interception,
3922 [SVM_EXIT_WBINVD] = wbinvd_interception,
3923 [SVM_EXIT_MONITOR] = monitor_interception,
3924 [SVM_EXIT_MWAIT] = mwait_interception,
3925 [SVM_EXIT_XSETBV] = xsetbv_interception,
3926 [SVM_EXIT_NPF] = pf_interception,
3927 [SVM_EXIT_RSM] = emulate_on_interception,
3928 [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception,
3929 [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception,
3932 static void dump_vmcb(struct kvm_vcpu *vcpu)
3934 struct vcpu_svm *svm = to_svm(vcpu);
3935 struct vmcb_control_area *control = &svm->vmcb->control;
3936 struct vmcb_save_area *save = &svm->vmcb->save;
3938 pr_err("VMCB Control Area:\n");
3939 pr_err("%-20s%04x\n", "cr_read:", control->intercept_cr & 0xffff);
3940 pr_err("%-20s%04x\n", "cr_write:", control->intercept_cr >> 16);
3941 pr_err("%-20s%04x\n", "dr_read:", control->intercept_dr & 0xffff);
3942 pr_err("%-20s%04x\n", "dr_write:", control->intercept_dr >> 16);
3943 pr_err("%-20s%08x\n", "exceptions:", control->intercept_exceptions);
3944 pr_err("%-20s%016llx\n", "intercepts:", control->intercept);
3945 pr_err("%-20s%d\n", "pause filter count:", control->pause_filter_count);
3946 pr_err("%-20s%016llx\n", "iopm_base_pa:", control->iopm_base_pa);
3947 pr_err("%-20s%016llx\n", "msrpm_base_pa:", control->msrpm_base_pa);
3948 pr_err("%-20s%016llx\n", "tsc_offset:", control->tsc_offset);
3949 pr_err("%-20s%d\n", "asid:", control->asid);
3950 pr_err("%-20s%d\n", "tlb_ctl:", control->tlb_ctl);
3951 pr_err("%-20s%08x\n", "int_ctl:", control->int_ctl);
3952 pr_err("%-20s%08x\n", "int_vector:", control->int_vector);
3953 pr_err("%-20s%08x\n", "int_state:", control->int_state);
3954 pr_err("%-20s%08x\n", "exit_code:", control->exit_code);
3955 pr_err("%-20s%016llx\n", "exit_info1:", control->exit_info_1);
3956 pr_err("%-20s%016llx\n", "exit_info2:", control->exit_info_2);
3957 pr_err("%-20s%08x\n", "exit_int_info:", control->exit_int_info);
3958 pr_err("%-20s%08x\n", "exit_int_info_err:", control->exit_int_info_err);
3959 pr_err("%-20s%lld\n", "nested_ctl:", control->nested_ctl);
3960 pr_err("%-20s%016llx\n", "nested_cr3:", control->nested_cr3);
3961 pr_err("%-20s%016llx\n", "avic_vapic_bar:", control->avic_vapic_bar);
3962 pr_err("%-20s%08x\n", "event_inj:", control->event_inj);
3963 pr_err("%-20s%08x\n", "event_inj_err:", control->event_inj_err);
3964 pr_err("%-20s%lld\n", "lbr_ctl:", control->lbr_ctl);
3965 pr_err("%-20s%016llx\n", "next_rip:", control->next_rip);
3966 pr_err("%-20s%016llx\n", "avic_backing_page:", control->avic_backing_page);
3967 pr_err("%-20s%016llx\n", "avic_logical_id:", control->avic_logical_id);
3968 pr_err("%-20s%016llx\n", "avic_physical_id:", control->avic_physical_id);
3969 pr_err("VMCB State Save Area:\n");
3970 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3972 save->es.selector, save->es.attrib,
3973 save->es.limit, save->es.base);
3974 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3976 save->cs.selector, save->cs.attrib,
3977 save->cs.limit, save->cs.base);
3978 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3980 save->ss.selector, save->ss.attrib,
3981 save->ss.limit, save->ss.base);
3982 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3984 save->ds.selector, save->ds.attrib,
3985 save->ds.limit, save->ds.base);
3986 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3988 save->fs.selector, save->fs.attrib,
3989 save->fs.limit, save->fs.base);
3990 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3992 save->gs.selector, save->gs.attrib,
3993 save->gs.limit, save->gs.base);
3994 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3996 save->gdtr.selector, save->gdtr.attrib,
3997 save->gdtr.limit, save->gdtr.base);
3998 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
4000 save->ldtr.selector, save->ldtr.attrib,
4001 save->ldtr.limit, save->ldtr.base);
4002 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
4004 save->idtr.selector, save->idtr.attrib,
4005 save->idtr.limit, save->idtr.base);
4006 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
4008 save->tr.selector, save->tr.attrib,
4009 save->tr.limit, save->tr.base);
4010 pr_err("cpl: %d efer: %016llx\n",
4011 save->cpl, save->efer);
4012 pr_err("%-15s %016llx %-13s %016llx\n",
4013 "cr0:", save->cr0, "cr2:", save->cr2);
4014 pr_err("%-15s %016llx %-13s %016llx\n",
4015 "cr3:", save->cr3, "cr4:", save->cr4);
4016 pr_err("%-15s %016llx %-13s %016llx\n",
4017 "dr6:", save->dr6, "dr7:", save->dr7);
4018 pr_err("%-15s %016llx %-13s %016llx\n",
4019 "rip:", save->rip, "rflags:", save->rflags);
4020 pr_err("%-15s %016llx %-13s %016llx\n",
4021 "rsp:", save->rsp, "rax:", save->rax);
4022 pr_err("%-15s %016llx %-13s %016llx\n",
4023 "star:", save->star, "lstar:", save->lstar);
4024 pr_err("%-15s %016llx %-13s %016llx\n",
4025 "cstar:", save->cstar, "sfmask:", save->sfmask);
4026 pr_err("%-15s %016llx %-13s %016llx\n",
4027 "kernel_gs_base:", save->kernel_gs_base,
4028 "sysenter_cs:", save->sysenter_cs);
4029 pr_err("%-15s %016llx %-13s %016llx\n",
4030 "sysenter_esp:", save->sysenter_esp,
4031 "sysenter_eip:", save->sysenter_eip);
4032 pr_err("%-15s %016llx %-13s %016llx\n",
4033 "gpat:", save->g_pat, "dbgctl:", save->dbgctl);
4034 pr_err("%-15s %016llx %-13s %016llx\n",
4035 "br_from:", save->br_from, "br_to:", save->br_to);
4036 pr_err("%-15s %016llx %-13s %016llx\n",
4037 "excp_from:", save->last_excp_from,
4038 "excp_to:", save->last_excp_to);
4041 static void svm_get_exit_info(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2)
4043 struct vmcb_control_area *control = &to_svm(vcpu)->vmcb->control;
4045 *info1 = control->exit_info_1;
4046 *info2 = control->exit_info_2;
4049 static int handle_exit(struct kvm_vcpu *vcpu)
4051 struct vcpu_svm *svm = to_svm(vcpu);
4052 struct kvm_run *kvm_run = vcpu->run;
4053 u32 exit_code = svm->vmcb->control.exit_code;
4055 trace_kvm_exit(exit_code, vcpu, KVM_ISA_SVM);
4057 if (!is_cr_intercept(svm, INTERCEPT_CR0_WRITE))
4058 vcpu->arch.cr0 = svm->vmcb->save.cr0;
4060 vcpu->arch.cr3 = svm->vmcb->save.cr3;
4062 if (unlikely(svm->nested.exit_required)) {
4063 nested_svm_vmexit(svm);
4064 svm->nested.exit_required = false;
4069 if (is_guest_mode(vcpu)) {
4072 trace_kvm_nested_vmexit(svm->vmcb->save.rip, exit_code,
4073 svm->vmcb->control.exit_info_1,
4074 svm->vmcb->control.exit_info_2,
4075 svm->vmcb->control.exit_int_info,
4076 svm->vmcb->control.exit_int_info_err,
4079 vmexit = nested_svm_exit_special(svm);
4081 if (vmexit == NESTED_EXIT_CONTINUE)
4082 vmexit = nested_svm_exit_handled(svm);
4084 if (vmexit == NESTED_EXIT_DONE)
4088 svm_complete_interrupts(svm);
4090 if (svm->vmcb->control.exit_code == SVM_EXIT_ERR) {
4091 kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
4092 kvm_run->fail_entry.hardware_entry_failure_reason
4093 = svm->vmcb->control.exit_code;
4094 pr_err("KVM: FAILED VMRUN WITH VMCB:\n");
4099 if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
4100 exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
4101 exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH &&
4102 exit_code != SVM_EXIT_INTR && exit_code != SVM_EXIT_NMI)
4103 printk(KERN_ERR "%s: unexpected exit_int_info 0x%x "
4105 __func__, svm->vmcb->control.exit_int_info,
4108 if (exit_code >= ARRAY_SIZE(svm_exit_handlers)
4109 || !svm_exit_handlers[exit_code]) {
4110 WARN_ONCE(1, "svm: unexpected exit reason 0x%x\n", exit_code);
4111 kvm_queue_exception(vcpu, UD_VECTOR);
4115 return svm_exit_handlers[exit_code](svm);
4118 static void reload_tss(struct kvm_vcpu *vcpu)
4120 int cpu = raw_smp_processor_id();
4122 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
4123 sd->tss_desc->type = 9; /* available 32/64-bit TSS */
4127 static void pre_svm_run(struct vcpu_svm *svm)
4129 int cpu = raw_smp_processor_id();
4131 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
4133 /* FIXME: handle wraparound of asid_generation */
4134 if (svm->asid_generation != sd->asid_generation)
4138 static void svm_inject_nmi(struct kvm_vcpu *vcpu)
4140 struct vcpu_svm *svm = to_svm(vcpu);
4142 svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI;
4143 vcpu->arch.hflags |= HF_NMI_MASK;
4144 set_intercept(svm, INTERCEPT_IRET);
4145 ++vcpu->stat.nmi_injections;
4148 static inline void svm_inject_irq(struct vcpu_svm *svm, int irq)
4150 struct vmcb_control_area *control;
4152 /* The following fields are ignored when AVIC is enabled */
4153 control = &svm->vmcb->control;
4154 control->int_vector = irq;
4155 control->int_ctl &= ~V_INTR_PRIO_MASK;
4156 control->int_ctl |= V_IRQ_MASK |
4157 ((/*control->int_vector >> 4*/ 0xf) << V_INTR_PRIO_SHIFT);
4158 mark_dirty(svm->vmcb, VMCB_INTR);
4161 static void svm_set_irq(struct kvm_vcpu *vcpu)
4163 struct vcpu_svm *svm = to_svm(vcpu);
4165 BUG_ON(!(gif_set(svm)));
4167 trace_kvm_inj_virq(vcpu->arch.interrupt.nr);
4168 ++vcpu->stat.irq_injections;
4170 svm->vmcb->control.event_inj = vcpu->arch.interrupt.nr |
4171 SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR;
4174 static inline bool svm_nested_virtualize_tpr(struct kvm_vcpu *vcpu)
4176 return is_guest_mode(vcpu) && (vcpu->arch.hflags & HF_VINTR_MASK);
4179 static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
4181 struct vcpu_svm *svm = to_svm(vcpu);
4183 if (svm_nested_virtualize_tpr(vcpu) ||
4184 kvm_vcpu_apicv_active(vcpu))
4187 clr_cr_intercept(svm, INTERCEPT_CR8_WRITE);
4193 set_cr_intercept(svm, INTERCEPT_CR8_WRITE);
4196 static void svm_set_virtual_x2apic_mode(struct kvm_vcpu *vcpu, bool set)
4201 static bool svm_get_enable_apicv(void)
4206 static void svm_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr)
4210 static void svm_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr)
4214 /* Note: Currently only used by Hyper-V. */
4215 static void svm_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
4217 struct vcpu_svm *svm = to_svm(vcpu);
4218 struct vmcb *vmcb = svm->vmcb;
4223 vmcb->control.int_ctl &= ~AVIC_ENABLE_MASK;
4224 mark_dirty(vmcb, VMCB_INTR);
4227 static void svm_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
4232 static void svm_sync_pir_to_irr(struct kvm_vcpu *vcpu)
4237 static void svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec)
4239 kvm_lapic_set_irr(vec, vcpu->arch.apic);
4240 smp_mb__after_atomic();
4242 if (avic_vcpu_is_running(vcpu))
4243 wrmsrl(SVM_AVIC_DOORBELL,
4244 kvm_cpu_get_apicid(vcpu->cpu));
4246 kvm_vcpu_wake_up(vcpu);
4249 static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
4251 struct vcpu_svm *svm = to_svm(vcpu);
4252 struct vmcb *vmcb = svm->vmcb;
4254 ret = !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
4255 !(svm->vcpu.arch.hflags & HF_NMI_MASK);
4256 ret = ret && gif_set(svm) && nested_svm_nmi(svm);
4261 static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
4263 struct vcpu_svm *svm = to_svm(vcpu);
4265 return !!(svm->vcpu.arch.hflags & HF_NMI_MASK);
4268 static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
4270 struct vcpu_svm *svm = to_svm(vcpu);
4273 svm->vcpu.arch.hflags |= HF_NMI_MASK;
4274 set_intercept(svm, INTERCEPT_IRET);
4276 svm->vcpu.arch.hflags &= ~HF_NMI_MASK;
4277 clr_intercept(svm, INTERCEPT_IRET);
4281 static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
4283 struct vcpu_svm *svm = to_svm(vcpu);
4284 struct vmcb *vmcb = svm->vmcb;
4287 if (!gif_set(svm) ||
4288 (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK))
4291 ret = !!(kvm_get_rflags(vcpu) & X86_EFLAGS_IF);
4293 if (is_guest_mode(vcpu))
4294 return ret && !(svm->vcpu.arch.hflags & HF_VINTR_MASK);
4299 static void enable_irq_window(struct kvm_vcpu *vcpu)
4301 struct vcpu_svm *svm = to_svm(vcpu);
4303 if (kvm_vcpu_apicv_active(vcpu))
4307 * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes
4308 * 1, because that's a separate STGI/VMRUN intercept. The next time we
4309 * get that intercept, this function will be called again though and
4310 * we'll get the vintr intercept.
4312 if (gif_set(svm) && nested_svm_intr(svm)) {
4314 svm_inject_irq(svm, 0x0);
4318 static void enable_nmi_window(struct kvm_vcpu *vcpu)
4320 struct vcpu_svm *svm = to_svm(vcpu);
4322 if ((svm->vcpu.arch.hflags & (HF_NMI_MASK | HF_IRET_MASK))
4324 return; /* IRET will cause a vm exit */
4327 * Something prevents NMI from been injected. Single step over possible
4328 * problem (IRET or exception injection or interrupt shadow)
4330 svm->nmi_singlestep = true;
4331 svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
4334 static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
4339 static void svm_flush_tlb(struct kvm_vcpu *vcpu)
4341 struct vcpu_svm *svm = to_svm(vcpu);
4343 if (static_cpu_has(X86_FEATURE_FLUSHBYASID))
4344 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
4346 svm->asid_generation--;
4349 static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu)
4353 static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
4355 struct vcpu_svm *svm = to_svm(vcpu);
4357 if (svm_nested_virtualize_tpr(vcpu))
4360 if (!is_cr_intercept(svm, INTERCEPT_CR8_WRITE)) {
4361 int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
4362 kvm_set_cr8(vcpu, cr8);
4366 static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
4368 struct vcpu_svm *svm = to_svm(vcpu);
4371 if (svm_nested_virtualize_tpr(vcpu) ||
4372 kvm_vcpu_apicv_active(vcpu))
4375 cr8 = kvm_get_cr8(vcpu);
4376 svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
4377 svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
4380 static void svm_complete_interrupts(struct vcpu_svm *svm)
4384 u32 exitintinfo = svm->vmcb->control.exit_int_info;
4385 unsigned int3_injected = svm->int3_injected;
4387 svm->int3_injected = 0;
4390 * If we've made progress since setting HF_IRET_MASK, we've
4391 * executed an IRET and can allow NMI injection.
4393 if ((svm->vcpu.arch.hflags & HF_IRET_MASK)
4394 && kvm_rip_read(&svm->vcpu) != svm->nmi_iret_rip) {
4395 svm->vcpu.arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK);
4396 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
4399 svm->vcpu.arch.nmi_injected = false;
4400 kvm_clear_exception_queue(&svm->vcpu);
4401 kvm_clear_interrupt_queue(&svm->vcpu);
4403 if (!(exitintinfo & SVM_EXITINTINFO_VALID))
4406 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
4408 vector = exitintinfo & SVM_EXITINTINFO_VEC_MASK;
4409 type = exitintinfo & SVM_EXITINTINFO_TYPE_MASK;
4412 case SVM_EXITINTINFO_TYPE_NMI:
4413 svm->vcpu.arch.nmi_injected = true;
4415 case SVM_EXITINTINFO_TYPE_EXEPT:
4417 * In case of software exceptions, do not reinject the vector,
4418 * but re-execute the instruction instead. Rewind RIP first
4419 * if we emulated INT3 before.
4421 if (kvm_exception_is_soft(vector)) {
4422 if (vector == BP_VECTOR && int3_injected &&
4423 kvm_is_linear_rip(&svm->vcpu, svm->int3_rip))
4424 kvm_rip_write(&svm->vcpu,
4425 kvm_rip_read(&svm->vcpu) -
4429 if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) {
4430 u32 err = svm->vmcb->control.exit_int_info_err;
4431 kvm_requeue_exception_e(&svm->vcpu, vector, err);
4434 kvm_requeue_exception(&svm->vcpu, vector);
4436 case SVM_EXITINTINFO_TYPE_INTR:
4437 kvm_queue_interrupt(&svm->vcpu, vector, false);
4444 static void svm_cancel_injection(struct kvm_vcpu *vcpu)
4446 struct vcpu_svm *svm = to_svm(vcpu);
4447 struct vmcb_control_area *control = &svm->vmcb->control;
4449 control->exit_int_info = control->event_inj;
4450 control->exit_int_info_err = control->event_inj_err;
4451 control->event_inj = 0;
4452 svm_complete_interrupts(svm);
4455 static void svm_vcpu_run(struct kvm_vcpu *vcpu)
4457 struct vcpu_svm *svm = to_svm(vcpu);
4459 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
4460 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
4461 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
4464 * A vmexit emulation is required before the vcpu can be executed
4467 if (unlikely(svm->nested.exit_required))
4472 sync_lapic_to_cr8(vcpu);
4474 svm->vmcb->save.cr2 = vcpu->arch.cr2;
4481 "push %%" _ASM_BP "; \n\t"
4482 "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t"
4483 "mov %c[rcx](%[svm]), %%" _ASM_CX " \n\t"
4484 "mov %c[rdx](%[svm]), %%" _ASM_DX " \n\t"
4485 "mov %c[rsi](%[svm]), %%" _ASM_SI " \n\t"
4486 "mov %c[rdi](%[svm]), %%" _ASM_DI " \n\t"
4487 "mov %c[rbp](%[svm]), %%" _ASM_BP " \n\t"
4488 #ifdef CONFIG_X86_64
4489 "mov %c[r8](%[svm]), %%r8 \n\t"
4490 "mov %c[r9](%[svm]), %%r9 \n\t"
4491 "mov %c[r10](%[svm]), %%r10 \n\t"
4492 "mov %c[r11](%[svm]), %%r11 \n\t"
4493 "mov %c[r12](%[svm]), %%r12 \n\t"
4494 "mov %c[r13](%[svm]), %%r13 \n\t"
4495 "mov %c[r14](%[svm]), %%r14 \n\t"
4496 "mov %c[r15](%[svm]), %%r15 \n\t"
4499 /* Enter guest mode */
4500 "push %%" _ASM_AX " \n\t"
4501 "mov %c[vmcb](%[svm]), %%" _ASM_AX " \n\t"
4502 __ex(SVM_VMLOAD) "\n\t"
4503 __ex(SVM_VMRUN) "\n\t"
4504 __ex(SVM_VMSAVE) "\n\t"
4505 "pop %%" _ASM_AX " \n\t"
4507 /* Save guest registers, load host registers */
4508 "mov %%" _ASM_BX ", %c[rbx](%[svm]) \n\t"
4509 "mov %%" _ASM_CX ", %c[rcx](%[svm]) \n\t"
4510 "mov %%" _ASM_DX ", %c[rdx](%[svm]) \n\t"
4511 "mov %%" _ASM_SI ", %c[rsi](%[svm]) \n\t"
4512 "mov %%" _ASM_DI ", %c[rdi](%[svm]) \n\t"
4513 "mov %%" _ASM_BP ", %c[rbp](%[svm]) \n\t"
4514 #ifdef CONFIG_X86_64
4515 "mov %%r8, %c[r8](%[svm]) \n\t"
4516 "mov %%r9, %c[r9](%[svm]) \n\t"
4517 "mov %%r10, %c[r10](%[svm]) \n\t"
4518 "mov %%r11, %c[r11](%[svm]) \n\t"
4519 "mov %%r12, %c[r12](%[svm]) \n\t"
4520 "mov %%r13, %c[r13](%[svm]) \n\t"
4521 "mov %%r14, %c[r14](%[svm]) \n\t"
4522 "mov %%r15, %c[r15](%[svm]) \n\t"
4527 [vmcb]"i"(offsetof(struct vcpu_svm, vmcb_pa)),
4528 [rbx]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RBX])),
4529 [rcx]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RCX])),
4530 [rdx]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RDX])),
4531 [rsi]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RSI])),
4532 [rdi]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RDI])),
4533 [rbp]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RBP]))
4534 #ifdef CONFIG_X86_64
4535 , [r8]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R8])),
4536 [r9]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R9])),
4537 [r10]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R10])),
4538 [r11]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R11])),
4539 [r12]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R12])),
4540 [r13]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R13])),
4541 [r14]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R14])),
4542 [r15]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R15]))
4545 #ifdef CONFIG_X86_64
4546 , "rbx", "rcx", "rdx", "rsi", "rdi"
4547 , "r8", "r9", "r10", "r11" , "r12", "r13", "r14", "r15"
4549 , "ebx", "ecx", "edx", "esi", "edi"
4553 #ifdef CONFIG_X86_64
4554 wrmsrl(MSR_GS_BASE, svm->host.gs_base);
4556 loadsegment(fs, svm->host.fs);
4557 #ifndef CONFIG_X86_32_LAZY_GS
4558 loadsegment(gs, svm->host.gs);
4564 local_irq_disable();
4566 vcpu->arch.cr2 = svm->vmcb->save.cr2;
4567 vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
4568 vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
4569 vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
4571 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4572 kvm_before_handle_nmi(&svm->vcpu);
4576 /* Any pending NMI will happen here */
4578 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4579 kvm_after_handle_nmi(&svm->vcpu);
4581 sync_cr8_to_lapic(vcpu);
4585 svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
4587 /* if exit due to PF check for async PF */
4588 if (svm->vmcb->control.exit_code == SVM_EXIT_EXCP_BASE + PF_VECTOR)
4589 svm->apf_reason = kvm_read_and_reset_pf_reason();
4592 vcpu->arch.regs_avail &= ~(1 << VCPU_EXREG_PDPTR);
4593 vcpu->arch.regs_dirty &= ~(1 << VCPU_EXREG_PDPTR);
4597 * We need to handle MC intercepts here before the vcpu has a chance to
4598 * change the physical cpu
4600 if (unlikely(svm->vmcb->control.exit_code ==
4601 SVM_EXIT_EXCP_BASE + MC_VECTOR))
4602 svm_handle_mce(svm);
4604 mark_all_clean(svm->vmcb);
4607 static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root)
4609 struct vcpu_svm *svm = to_svm(vcpu);
4611 svm->vmcb->save.cr3 = root;
4612 mark_dirty(svm->vmcb, VMCB_CR);
4613 svm_flush_tlb(vcpu);
4616 static void set_tdp_cr3(struct kvm_vcpu *vcpu, unsigned long root)
4618 struct vcpu_svm *svm = to_svm(vcpu);
4620 svm->vmcb->control.nested_cr3 = root;
4621 mark_dirty(svm->vmcb, VMCB_NPT);
4623 /* Also sync guest cr3 here in case we live migrate */
4624 svm->vmcb->save.cr3 = kvm_read_cr3(vcpu);
4625 mark_dirty(svm->vmcb, VMCB_CR);
4627 svm_flush_tlb(vcpu);
4630 static int is_disabled(void)
4634 rdmsrl(MSR_VM_CR, vm_cr);
4635 if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE))
4642 svm_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
4645 * Patch in the VMMCALL instruction:
4647 hypercall[0] = 0x0f;
4648 hypercall[1] = 0x01;
4649 hypercall[2] = 0xd9;
4652 static void svm_check_processor_compat(void *rtn)
4657 static bool svm_cpu_has_accelerated_tpr(void)
4662 static bool svm_has_high_real_mode_segbase(void)
4667 static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
4672 static void svm_cpuid_update(struct kvm_vcpu *vcpu)
4674 struct vcpu_svm *svm = to_svm(vcpu);
4675 struct kvm_cpuid_entry2 *entry;
4677 /* Update nrips enabled cache */
4678 svm->nrips_enabled = !!guest_cpuid_has_nrips(&svm->vcpu);
4680 if (!kvm_vcpu_apicv_active(vcpu))
4683 entry = kvm_find_cpuid_entry(vcpu, 1, 0);
4685 entry->ecx &= ~bit(X86_FEATURE_X2APIC);
4688 static void svm_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
4693 entry->ecx &= ~bit(X86_FEATURE_X2APIC);
4697 entry->ecx |= (1 << 2); /* Set SVM bit */
4700 entry->eax = 1; /* SVM revision 1 */
4701 entry->ebx = 8; /* Lets support 8 ASIDs in case we add proper
4702 ASID emulation to nested SVM */
4703 entry->ecx = 0; /* Reserved */
4704 entry->edx = 0; /* Per default do not support any
4705 additional features */
4707 /* Support next_rip if host supports it */
4708 if (boot_cpu_has(X86_FEATURE_NRIPS))
4709 entry->edx |= SVM_FEATURE_NRIP;
4711 /* Support NPT for the guest if enabled */
4713 entry->edx |= SVM_FEATURE_NPT;
4719 static int svm_get_lpage_level(void)
4721 return PT_PDPE_LEVEL;
4724 static bool svm_rdtscp_supported(void)
4726 return boot_cpu_has(X86_FEATURE_RDTSCP);
4729 static bool svm_invpcid_supported(void)
4734 static bool svm_mpx_supported(void)
4739 static bool svm_xsaves_supported(void)
4744 static bool svm_has_wbinvd_exit(void)
4749 static void svm_fpu_deactivate(struct kvm_vcpu *vcpu)
4751 struct vcpu_svm *svm = to_svm(vcpu);
4753 set_exception_intercept(svm, NM_VECTOR);
4754 update_cr0_intercept(svm);
4757 #define PRE_EX(exit) { .exit_code = (exit), \
4758 .stage = X86_ICPT_PRE_EXCEPT, }
4759 #define POST_EX(exit) { .exit_code = (exit), \
4760 .stage = X86_ICPT_POST_EXCEPT, }
4761 #define POST_MEM(exit) { .exit_code = (exit), \
4762 .stage = X86_ICPT_POST_MEMACCESS, }
4764 static const struct __x86_intercept {
4766 enum x86_intercept_stage stage;
4767 } x86_intercept_map[] = {
4768 [x86_intercept_cr_read] = POST_EX(SVM_EXIT_READ_CR0),
4769 [x86_intercept_cr_write] = POST_EX(SVM_EXIT_WRITE_CR0),
4770 [x86_intercept_clts] = POST_EX(SVM_EXIT_WRITE_CR0),
4771 [x86_intercept_lmsw] = POST_EX(SVM_EXIT_WRITE_CR0),
4772 [x86_intercept_smsw] = POST_EX(SVM_EXIT_READ_CR0),
4773 [x86_intercept_dr_read] = POST_EX(SVM_EXIT_READ_DR0),
4774 [x86_intercept_dr_write] = POST_EX(SVM_EXIT_WRITE_DR0),
4775 [x86_intercept_sldt] = POST_EX(SVM_EXIT_LDTR_READ),
4776 [x86_intercept_str] = POST_EX(SVM_EXIT_TR_READ),
4777 [x86_intercept_lldt] = POST_EX(SVM_EXIT_LDTR_WRITE),
4778 [x86_intercept_ltr] = POST_EX(SVM_EXIT_TR_WRITE),
4779 [x86_intercept_sgdt] = POST_EX(SVM_EXIT_GDTR_READ),
4780 [x86_intercept_sidt] = POST_EX(SVM_EXIT_IDTR_READ),
4781 [x86_intercept_lgdt] = POST_EX(SVM_EXIT_GDTR_WRITE),
4782 [x86_intercept_lidt] = POST_EX(SVM_EXIT_IDTR_WRITE),
4783 [x86_intercept_vmrun] = POST_EX(SVM_EXIT_VMRUN),
4784 [x86_intercept_vmmcall] = POST_EX(SVM_EXIT_VMMCALL),
4785 [x86_intercept_vmload] = POST_EX(SVM_EXIT_VMLOAD),
4786 [x86_intercept_vmsave] = POST_EX(SVM_EXIT_VMSAVE),
4787 [x86_intercept_stgi] = POST_EX(SVM_EXIT_STGI),
4788 [x86_intercept_clgi] = POST_EX(SVM_EXIT_CLGI),
4789 [x86_intercept_skinit] = POST_EX(SVM_EXIT_SKINIT),
4790 [x86_intercept_invlpga] = POST_EX(SVM_EXIT_INVLPGA),
4791 [x86_intercept_rdtscp] = POST_EX(SVM_EXIT_RDTSCP),
4792 [x86_intercept_monitor] = POST_MEM(SVM_EXIT_MONITOR),
4793 [x86_intercept_mwait] = POST_EX(SVM_EXIT_MWAIT),
4794 [x86_intercept_invlpg] = POST_EX(SVM_EXIT_INVLPG),
4795 [x86_intercept_invd] = POST_EX(SVM_EXIT_INVD),
4796 [x86_intercept_wbinvd] = POST_EX(SVM_EXIT_WBINVD),
4797 [x86_intercept_wrmsr] = POST_EX(SVM_EXIT_MSR),
4798 [x86_intercept_rdtsc] = POST_EX(SVM_EXIT_RDTSC),
4799 [x86_intercept_rdmsr] = POST_EX(SVM_EXIT_MSR),
4800 [x86_intercept_rdpmc] = POST_EX(SVM_EXIT_RDPMC),
4801 [x86_intercept_cpuid] = PRE_EX(SVM_EXIT_CPUID),
4802 [x86_intercept_rsm] = PRE_EX(SVM_EXIT_RSM),
4803 [x86_intercept_pause] = PRE_EX(SVM_EXIT_PAUSE),
4804 [x86_intercept_pushf] = PRE_EX(SVM_EXIT_PUSHF),
4805 [x86_intercept_popf] = PRE_EX(SVM_EXIT_POPF),
4806 [x86_intercept_intn] = PRE_EX(SVM_EXIT_SWINT),
4807 [x86_intercept_iret] = PRE_EX(SVM_EXIT_IRET),
4808 [x86_intercept_icebp] = PRE_EX(SVM_EXIT_ICEBP),
4809 [x86_intercept_hlt] = POST_EX(SVM_EXIT_HLT),
4810 [x86_intercept_in] = POST_EX(SVM_EXIT_IOIO),
4811 [x86_intercept_ins] = POST_EX(SVM_EXIT_IOIO),
4812 [x86_intercept_out] = POST_EX(SVM_EXIT_IOIO),
4813 [x86_intercept_outs] = POST_EX(SVM_EXIT_IOIO),
4820 static int svm_check_intercept(struct kvm_vcpu *vcpu,
4821 struct x86_instruction_info *info,
4822 enum x86_intercept_stage stage)
4824 struct vcpu_svm *svm = to_svm(vcpu);
4825 int vmexit, ret = X86EMUL_CONTINUE;
4826 struct __x86_intercept icpt_info;
4827 struct vmcb *vmcb = svm->vmcb;
4829 if (info->intercept >= ARRAY_SIZE(x86_intercept_map))
4832 icpt_info = x86_intercept_map[info->intercept];
4834 if (stage != icpt_info.stage)
4837 switch (icpt_info.exit_code) {
4838 case SVM_EXIT_READ_CR0:
4839 if (info->intercept == x86_intercept_cr_read)
4840 icpt_info.exit_code += info->modrm_reg;
4842 case SVM_EXIT_WRITE_CR0: {
4843 unsigned long cr0, val;
4846 if (info->intercept == x86_intercept_cr_write)
4847 icpt_info.exit_code += info->modrm_reg;
4849 if (icpt_info.exit_code != SVM_EXIT_WRITE_CR0 ||
4850 info->intercept == x86_intercept_clts)
4853 intercept = svm->nested.intercept;
4855 if (!(intercept & (1ULL << INTERCEPT_SELECTIVE_CR0)))
4858 cr0 = vcpu->arch.cr0 & ~SVM_CR0_SELECTIVE_MASK;
4859 val = info->src_val & ~SVM_CR0_SELECTIVE_MASK;
4861 if (info->intercept == x86_intercept_lmsw) {
4864 /* lmsw can't clear PE - catch this here */
4865 if (cr0 & X86_CR0_PE)
4870 icpt_info.exit_code = SVM_EXIT_CR0_SEL_WRITE;
4874 case SVM_EXIT_READ_DR0:
4875 case SVM_EXIT_WRITE_DR0:
4876 icpt_info.exit_code += info->modrm_reg;
4879 if (info->intercept == x86_intercept_wrmsr)
4880 vmcb->control.exit_info_1 = 1;
4882 vmcb->control.exit_info_1 = 0;
4884 case SVM_EXIT_PAUSE:
4886 * We get this for NOP only, but pause
4887 * is rep not, check this here
4889 if (info->rep_prefix != REPE_PREFIX)
4891 case SVM_EXIT_IOIO: {
4895 if (info->intercept == x86_intercept_in ||
4896 info->intercept == x86_intercept_ins) {
4897 exit_info = ((info->src_val & 0xffff) << 16) |
4899 bytes = info->dst_bytes;
4901 exit_info = (info->dst_val & 0xffff) << 16;
4902 bytes = info->src_bytes;
4905 if (info->intercept == x86_intercept_outs ||
4906 info->intercept == x86_intercept_ins)
4907 exit_info |= SVM_IOIO_STR_MASK;
4909 if (info->rep_prefix)
4910 exit_info |= SVM_IOIO_REP_MASK;
4912 bytes = min(bytes, 4u);
4914 exit_info |= bytes << SVM_IOIO_SIZE_SHIFT;
4916 exit_info |= (u32)info->ad_bytes << (SVM_IOIO_ASIZE_SHIFT - 1);
4918 vmcb->control.exit_info_1 = exit_info;
4919 vmcb->control.exit_info_2 = info->next_rip;
4927 /* TODO: Advertise NRIPS to guest hypervisor unconditionally */
4928 if (static_cpu_has(X86_FEATURE_NRIPS))
4929 vmcb->control.next_rip = info->next_rip;
4930 vmcb->control.exit_code = icpt_info.exit_code;
4931 vmexit = nested_svm_exit_handled(svm);
4933 ret = (vmexit == NESTED_EXIT_DONE) ? X86EMUL_INTERCEPTED
4940 static void svm_handle_external_intr(struct kvm_vcpu *vcpu)
4945 static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
4949 static inline void avic_post_state_restore(struct kvm_vcpu *vcpu)
4951 if (avic_handle_apic_id_update(vcpu) != 0)
4953 if (avic_handle_dfr_update(vcpu) != 0)
4955 avic_handle_ldr_update(vcpu);
4958 static struct kvm_x86_ops svm_x86_ops = {
4959 .cpu_has_kvm_support = has_svm,
4960 .disabled_by_bios = is_disabled,
4961 .hardware_setup = svm_hardware_setup,
4962 .hardware_unsetup = svm_hardware_unsetup,
4963 .check_processor_compatibility = svm_check_processor_compat,
4964 .hardware_enable = svm_hardware_enable,
4965 .hardware_disable = svm_hardware_disable,
4966 .cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr,
4967 .cpu_has_high_real_mode_segbase = svm_has_high_real_mode_segbase,
4969 .vcpu_create = svm_create_vcpu,
4970 .vcpu_free = svm_free_vcpu,
4971 .vcpu_reset = svm_vcpu_reset,
4973 .vm_init = avic_vm_init,
4974 .vm_destroy = avic_vm_destroy,
4976 .prepare_guest_switch = svm_prepare_guest_switch,
4977 .vcpu_load = svm_vcpu_load,
4978 .vcpu_put = svm_vcpu_put,
4979 .vcpu_blocking = svm_vcpu_blocking,
4980 .vcpu_unblocking = svm_vcpu_unblocking,
4982 .update_bp_intercept = update_bp_intercept,
4983 .get_msr = svm_get_msr,
4984 .set_msr = svm_set_msr,
4985 .get_segment_base = svm_get_segment_base,
4986 .get_segment = svm_get_segment,
4987 .set_segment = svm_set_segment,
4988 .get_cpl = svm_get_cpl,
4989 .get_cs_db_l_bits = kvm_get_cs_db_l_bits,
4990 .decache_cr0_guest_bits = svm_decache_cr0_guest_bits,
4991 .decache_cr3 = svm_decache_cr3,
4992 .decache_cr4_guest_bits = svm_decache_cr4_guest_bits,
4993 .set_cr0 = svm_set_cr0,
4994 .set_cr3 = svm_set_cr3,
4995 .set_cr4 = svm_set_cr4,
4996 .set_efer = svm_set_efer,
4997 .get_idt = svm_get_idt,
4998 .set_idt = svm_set_idt,
4999 .get_gdt = svm_get_gdt,
5000 .set_gdt = svm_set_gdt,
5001 .get_dr6 = svm_get_dr6,
5002 .set_dr6 = svm_set_dr6,
5003 .set_dr7 = svm_set_dr7,
5004 .sync_dirty_debug_regs = svm_sync_dirty_debug_regs,
5005 .cache_reg = svm_cache_reg,
5006 .get_rflags = svm_get_rflags,
5007 .set_rflags = svm_set_rflags,
5009 .get_pkru = svm_get_pkru,
5011 .fpu_activate = svm_fpu_activate,
5012 .fpu_deactivate = svm_fpu_deactivate,
5014 .tlb_flush = svm_flush_tlb,
5016 .run = svm_vcpu_run,
5017 .handle_exit = handle_exit,
5018 .skip_emulated_instruction = skip_emulated_instruction,
5019 .set_interrupt_shadow = svm_set_interrupt_shadow,
5020 .get_interrupt_shadow = svm_get_interrupt_shadow,
5021 .patch_hypercall = svm_patch_hypercall,
5022 .set_irq = svm_set_irq,
5023 .set_nmi = svm_inject_nmi,
5024 .queue_exception = svm_queue_exception,
5025 .cancel_injection = svm_cancel_injection,
5026 .interrupt_allowed = svm_interrupt_allowed,
5027 .nmi_allowed = svm_nmi_allowed,
5028 .get_nmi_mask = svm_get_nmi_mask,
5029 .set_nmi_mask = svm_set_nmi_mask,
5030 .enable_nmi_window = enable_nmi_window,
5031 .enable_irq_window = enable_irq_window,
5032 .update_cr8_intercept = update_cr8_intercept,
5033 .set_virtual_x2apic_mode = svm_set_virtual_x2apic_mode,
5034 .get_enable_apicv = svm_get_enable_apicv,
5035 .refresh_apicv_exec_ctrl = svm_refresh_apicv_exec_ctrl,
5036 .load_eoi_exitmap = svm_load_eoi_exitmap,
5037 .sync_pir_to_irr = svm_sync_pir_to_irr,
5038 .hwapic_irr_update = svm_hwapic_irr_update,
5039 .hwapic_isr_update = svm_hwapic_isr_update,
5040 .apicv_post_state_restore = avic_post_state_restore,
5042 .set_tss_addr = svm_set_tss_addr,
5043 .get_tdp_level = get_npt_level,
5044 .get_mt_mask = svm_get_mt_mask,
5046 .get_exit_info = svm_get_exit_info,
5048 .get_lpage_level = svm_get_lpage_level,
5050 .cpuid_update = svm_cpuid_update,
5052 .rdtscp_supported = svm_rdtscp_supported,
5053 .invpcid_supported = svm_invpcid_supported,
5054 .mpx_supported = svm_mpx_supported,
5055 .xsaves_supported = svm_xsaves_supported,
5057 .set_supported_cpuid = svm_set_supported_cpuid,
5059 .has_wbinvd_exit = svm_has_wbinvd_exit,
5061 .read_tsc_offset = svm_read_tsc_offset,
5062 .write_tsc_offset = svm_write_tsc_offset,
5063 .adjust_tsc_offset_guest = svm_adjust_tsc_offset_guest,
5064 .read_l1_tsc = svm_read_l1_tsc,
5066 .set_tdp_cr3 = set_tdp_cr3,
5068 .check_intercept = svm_check_intercept,
5069 .handle_external_intr = svm_handle_external_intr,
5071 .sched_in = svm_sched_in,
5073 .pmu_ops = &amd_pmu_ops,
5074 .deliver_posted_interrupt = svm_deliver_avic_intr,
5077 static int __init svm_init(void)
5079 return kvm_init(&svm_x86_ops, sizeof(struct vcpu_svm),
5080 __alignof__(struct vcpu_svm), THIS_MODULE);
5083 static void __exit svm_exit(void)
5088 module_init(svm_init)
5089 module_exit(svm_exit)
projects / karo-tx-linux.git / blob