1 // SPDX-License-Identifier: GPL-2.0-only
3 * Kernel-based Virtual Machine driver for Linux
5 * derived from drivers/kvm/kvm_main.c
7 * Copyright (C) 2006 Qumranet, Inc.
8 * Copyright (C) 2008 Qumranet, Inc.
9 * Copyright IBM Corporation, 2008
10 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
13 * Avi Kivity <avi@qumranet.com>
14 * Yaniv Kamay <yaniv@qumranet.com>
15 * Amit Shah <amit.shah@qumranet.com>
16 * Ben-Ami Yassour <benami@il.ibm.com>
19 #include <linux/kvm_host.h>
25 #include "kvm_cache_regs.h"
26 #include "kvm_emulate.h"
33 #include <linux/clocksource.h>
34 #include <linux/interrupt.h>
35 #include <linux/kvm.h>
37 #include <linux/vmalloc.h>
38 #include <linux/export.h>
39 #include <linux/moduleparam.h>
40 #include <linux/mman.h>
41 #include <linux/highmem.h>
42 #include <linux/iommu.h>
43 #include <linux/intel-iommu.h>
44 #include <linux/cpufreq.h>
45 #include <linux/user-return-notifier.h>
46 #include <linux/srcu.h>
47 #include <linux/slab.h>
48 #include <linux/perf_event.h>
49 #include <linux/uaccess.h>
50 #include <linux/hash.h>
51 #include <linux/pci.h>
52 #include <linux/timekeeper_internal.h>
53 #include <linux/pvclock_gtod.h>
54 #include <linux/kvm_irqfd.h>
55 #include <linux/irqbypass.h>
56 #include <linux/sched/stat.h>
57 #include <linux/sched/isolation.h>
58 #include <linux/mem_encrypt.h>
59 #include <linux/entry-kvm.h>
61 #include <trace/events/kvm.h>
63 #include <asm/debugreg.h>
67 #include <linux/kernel_stat.h>
68 #include <asm/fpu/internal.h> /* Ugh! */
69 #include <asm/pvclock.h>
70 #include <asm/div64.h>
71 #include <asm/irq_remapping.h>
72 #include <asm/mshyperv.h>
73 #include <asm/hypervisor.h>
74 #include <asm/tlbflush.h>
75 #include <asm/intel_pt.h>
76 #include <asm/emulate_prefix.h>
77 #include <clocksource/hyperv_timer.h>
79 #define CREATE_TRACE_POINTS
82 #define MAX_IO_MSRS 256
83 #define KVM_MAX_MCE_BANKS 32
84 u64 __read_mostly kvm_mce_cap_supported = MCG_CTL_P | MCG_SER_P;
85 EXPORT_SYMBOL_GPL(kvm_mce_cap_supported);
87 #define emul_to_vcpu(ctxt) \
88 ((struct kvm_vcpu *)(ctxt)->vcpu)
91 * - enable syscall per default because its emulated by KVM
92 * - enable LME and LMA per default on 64 bit KVM
96 u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
98 static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
101 static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS;
103 #define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \
104 KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK)
106 static void update_cr8_intercept(struct kvm_vcpu *vcpu);
107 static void process_nmi(struct kvm_vcpu *vcpu);
108 static void enter_smm(struct kvm_vcpu *vcpu);
109 static void __kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
110 static void store_regs(struct kvm_vcpu *vcpu);
111 static int sync_regs(struct kvm_vcpu *vcpu);
113 struct kvm_x86_ops kvm_x86_ops __read_mostly;
114 EXPORT_SYMBOL_GPL(kvm_x86_ops);
116 static bool __read_mostly ignore_msrs = 0;
117 module_param(ignore_msrs, bool, S_IRUGO | S_IWUSR);
119 static bool __read_mostly report_ignored_msrs = true;
120 module_param(report_ignored_msrs, bool, S_IRUGO | S_IWUSR);
122 unsigned int min_timer_period_us = 200;
123 module_param(min_timer_period_us, uint, S_IRUGO | S_IWUSR);
125 static bool __read_mostly kvmclock_periodic_sync = true;
126 module_param(kvmclock_periodic_sync, bool, S_IRUGO);
128 bool __read_mostly kvm_has_tsc_control;
129 EXPORT_SYMBOL_GPL(kvm_has_tsc_control);
130 u32 __read_mostly kvm_max_guest_tsc_khz;
131 EXPORT_SYMBOL_GPL(kvm_max_guest_tsc_khz);
132 u8 __read_mostly kvm_tsc_scaling_ratio_frac_bits;
133 EXPORT_SYMBOL_GPL(kvm_tsc_scaling_ratio_frac_bits);
134 u64 __read_mostly kvm_max_tsc_scaling_ratio;
135 EXPORT_SYMBOL_GPL(kvm_max_tsc_scaling_ratio);
136 u64 __read_mostly kvm_default_tsc_scaling_ratio;
137 EXPORT_SYMBOL_GPL(kvm_default_tsc_scaling_ratio);
139 /* tsc tolerance in parts per million - default to 1/2 of the NTP threshold */
140 static u32 __read_mostly tsc_tolerance_ppm = 250;
141 module_param(tsc_tolerance_ppm, uint, S_IRUGO | S_IWUSR);
144 * lapic timer advance (tscdeadline mode only) in nanoseconds. '-1' enables
145 * adaptive tuning starting from default advancment of 1000ns. '0' disables
146 * advancement entirely. Any other value is used as-is and disables adaptive
147 * tuning, i.e. allows priveleged userspace to set an exact advancement time.
149 static int __read_mostly lapic_timer_advance_ns = -1;
150 module_param(lapic_timer_advance_ns, int, S_IRUGO | S_IWUSR);
152 static bool __read_mostly vector_hashing = true;
153 module_param(vector_hashing, bool, S_IRUGO);
155 bool __read_mostly enable_vmware_backdoor = false;
156 module_param(enable_vmware_backdoor, bool, S_IRUGO);
157 EXPORT_SYMBOL_GPL(enable_vmware_backdoor);
159 static bool __read_mostly force_emulation_prefix = false;
160 module_param(force_emulation_prefix, bool, S_IRUGO);
162 int __read_mostly pi_inject_timer = -1;
163 module_param(pi_inject_timer, bint, S_IRUGO | S_IWUSR);
166 * Restoring the host value for MSRs that are only consumed when running in
167 * usermode, e.g. SYSCALL MSRs and TSC_AUX, can be deferred until the CPU
168 * returns to userspace, i.e. the kernel can run with the guest's value.
170 #define KVM_MAX_NR_USER_RETURN_MSRS 16
172 struct kvm_user_return_msrs_global {
174 u32 msrs[KVM_MAX_NR_USER_RETURN_MSRS];
177 struct kvm_user_return_msrs {
178 struct user_return_notifier urn;
180 struct kvm_user_return_msr_values {
183 } values[KVM_MAX_NR_USER_RETURN_MSRS];
186 static struct kvm_user_return_msrs_global __read_mostly user_return_msrs_global;
187 static struct kvm_user_return_msrs __percpu *user_return_msrs;
189 #define KVM_SUPPORTED_XCR0 (XFEATURE_MASK_FP | XFEATURE_MASK_SSE \
190 | XFEATURE_MASK_YMM | XFEATURE_MASK_BNDREGS \
191 | XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \
192 | XFEATURE_MASK_PKRU)
194 u64 __read_mostly host_efer;
195 EXPORT_SYMBOL_GPL(host_efer);
197 bool __read_mostly allow_smaller_maxphyaddr = 0;
198 EXPORT_SYMBOL_GPL(allow_smaller_maxphyaddr);
200 static u64 __read_mostly host_xss;
201 u64 __read_mostly supported_xss;
202 EXPORT_SYMBOL_GPL(supported_xss);
204 struct kvm_stats_debugfs_item debugfs_entries[] = {
205 VCPU_STAT("pf_fixed", pf_fixed),
206 VCPU_STAT("pf_guest", pf_guest),
207 VCPU_STAT("tlb_flush", tlb_flush),
208 VCPU_STAT("invlpg", invlpg),
209 VCPU_STAT("exits", exits),
210 VCPU_STAT("io_exits", io_exits),
211 VCPU_STAT("mmio_exits", mmio_exits),
212 VCPU_STAT("signal_exits", signal_exits),
213 VCPU_STAT("irq_window", irq_window_exits),
214 VCPU_STAT("nmi_window", nmi_window_exits),
215 VCPU_STAT("halt_exits", halt_exits),
216 VCPU_STAT("halt_successful_poll", halt_successful_poll),
217 VCPU_STAT("halt_attempted_poll", halt_attempted_poll),
218 VCPU_STAT("halt_poll_invalid", halt_poll_invalid),
219 VCPU_STAT("halt_wakeup", halt_wakeup),
220 VCPU_STAT("hypercalls", hypercalls),
221 VCPU_STAT("request_irq", request_irq_exits),
222 VCPU_STAT("irq_exits", irq_exits),
223 VCPU_STAT("host_state_reload", host_state_reload),
224 VCPU_STAT("fpu_reload", fpu_reload),
225 VCPU_STAT("insn_emulation", insn_emulation),
226 VCPU_STAT("insn_emulation_fail", insn_emulation_fail),
227 VCPU_STAT("irq_injections", irq_injections),
228 VCPU_STAT("nmi_injections", nmi_injections),
229 VCPU_STAT("req_event", req_event),
230 VCPU_STAT("l1d_flush", l1d_flush),
231 VCPU_STAT("halt_poll_success_ns", halt_poll_success_ns),
232 VCPU_STAT("halt_poll_fail_ns", halt_poll_fail_ns),
233 VM_STAT("mmu_shadow_zapped", mmu_shadow_zapped),
234 VM_STAT("mmu_pte_write", mmu_pte_write),
235 VM_STAT("mmu_pte_updated", mmu_pte_updated),
236 VM_STAT("mmu_pde_zapped", mmu_pde_zapped),
237 VM_STAT("mmu_flooded", mmu_flooded),
238 VM_STAT("mmu_recycled", mmu_recycled),
239 VM_STAT("mmu_cache_miss", mmu_cache_miss),
240 VM_STAT("mmu_unsync", mmu_unsync),
241 VM_STAT("remote_tlb_flush", remote_tlb_flush),
242 VM_STAT("largepages", lpages, .mode = 0444),
243 VM_STAT("nx_largepages_splitted", nx_lpage_splits, .mode = 0444),
244 VM_STAT("max_mmu_page_hash_collisions", max_mmu_page_hash_collisions),
248 u64 __read_mostly host_xcr0;
249 u64 __read_mostly supported_xcr0;
250 EXPORT_SYMBOL_GPL(supported_xcr0);
252 static struct kmem_cache *x86_fpu_cache;
254 static struct kmem_cache *x86_emulator_cache;
257 * When called, it means the previous get/set msr reached an invalid msr.
258 * Return true if we want to ignore/silent this failed msr access.
260 static bool kvm_msr_ignored_check(struct kvm_vcpu *vcpu, u32 msr,
261 u64 data, bool write)
263 const char *op = write ? "wrmsr" : "rdmsr";
266 if (report_ignored_msrs)
267 kvm_pr_unimpl("ignored %s: 0x%x data 0x%llx\n",
272 kvm_debug_ratelimited("unhandled %s: 0x%x data 0x%llx\n",
278 static struct kmem_cache *kvm_alloc_emulator_cache(void)
280 unsigned int useroffset = offsetof(struct x86_emulate_ctxt, src);
281 unsigned int size = sizeof(struct x86_emulate_ctxt);
283 return kmem_cache_create_usercopy("x86_emulator", size,
284 __alignof__(struct x86_emulate_ctxt),
285 SLAB_ACCOUNT, useroffset,
286 size - useroffset, NULL);
289 static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);
291 static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
294 for (i = 0; i < ASYNC_PF_PER_VCPU; i++)
295 vcpu->arch.apf.gfns[i] = ~0;
298 static void kvm_on_user_return(struct user_return_notifier *urn)
301 struct kvm_user_return_msrs *msrs
302 = container_of(urn, struct kvm_user_return_msrs, urn);
303 struct kvm_user_return_msr_values *values;
307 * Disabling irqs at this point since the following code could be
308 * interrupted and executed through kvm_arch_hardware_disable()
310 local_irq_save(flags);
311 if (msrs->registered) {
312 msrs->registered = false;
313 user_return_notifier_unregister(urn);
315 local_irq_restore(flags);
316 for (slot = 0; slot < user_return_msrs_global.nr; ++slot) {
317 values = &msrs->values[slot];
318 if (values->host != values->curr) {
319 wrmsrl(user_return_msrs_global.msrs[slot], values->host);
320 values->curr = values->host;
325 void kvm_define_user_return_msr(unsigned slot, u32 msr)
327 BUG_ON(slot >= KVM_MAX_NR_USER_RETURN_MSRS);
328 user_return_msrs_global.msrs[slot] = msr;
329 if (slot >= user_return_msrs_global.nr)
330 user_return_msrs_global.nr = slot + 1;
332 EXPORT_SYMBOL_GPL(kvm_define_user_return_msr);
334 static void kvm_user_return_msr_cpu_online(void)
336 unsigned int cpu = smp_processor_id();
337 struct kvm_user_return_msrs *msrs = per_cpu_ptr(user_return_msrs, cpu);
341 for (i = 0; i < user_return_msrs_global.nr; ++i) {
342 rdmsrl_safe(user_return_msrs_global.msrs[i], &value);
343 msrs->values[i].host = value;
344 msrs->values[i].curr = value;
348 int kvm_set_user_return_msr(unsigned slot, u64 value, u64 mask)
350 unsigned int cpu = smp_processor_id();
351 struct kvm_user_return_msrs *msrs = per_cpu_ptr(user_return_msrs, cpu);
354 value = (value & mask) | (msrs->values[slot].host & ~mask);
355 if (value == msrs->values[slot].curr)
357 err = wrmsrl_safe(user_return_msrs_global.msrs[slot], value);
361 msrs->values[slot].curr = value;
362 if (!msrs->registered) {
363 msrs->urn.on_user_return = kvm_on_user_return;
364 user_return_notifier_register(&msrs->urn);
365 msrs->registered = true;
369 EXPORT_SYMBOL_GPL(kvm_set_user_return_msr);
371 static void drop_user_return_notifiers(void)
373 unsigned int cpu = smp_processor_id();
374 struct kvm_user_return_msrs *msrs = per_cpu_ptr(user_return_msrs, cpu);
376 if (msrs->registered)
377 kvm_on_user_return(&msrs->urn);
380 u64 kvm_get_apic_base(struct kvm_vcpu *vcpu)
382 return vcpu->arch.apic_base;
384 EXPORT_SYMBOL_GPL(kvm_get_apic_base);
386 enum lapic_mode kvm_get_apic_mode(struct kvm_vcpu *vcpu)
388 return kvm_apic_mode(kvm_get_apic_base(vcpu));
390 EXPORT_SYMBOL_GPL(kvm_get_apic_mode);
392 int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
394 enum lapic_mode old_mode = kvm_get_apic_mode(vcpu);
395 enum lapic_mode new_mode = kvm_apic_mode(msr_info->data);
396 u64 reserved_bits = ((~0ULL) << cpuid_maxphyaddr(vcpu)) | 0x2ff |
397 (guest_cpuid_has(vcpu, X86_FEATURE_X2APIC) ? 0 : X2APIC_ENABLE);
399 if ((msr_info->data & reserved_bits) != 0 || new_mode == LAPIC_MODE_INVALID)
401 if (!msr_info->host_initiated) {
402 if (old_mode == LAPIC_MODE_X2APIC && new_mode == LAPIC_MODE_XAPIC)
404 if (old_mode == LAPIC_MODE_DISABLED && new_mode == LAPIC_MODE_X2APIC)
408 kvm_lapic_set_base(vcpu, msr_info->data);
409 kvm_recalculate_apic_map(vcpu->kvm);
412 EXPORT_SYMBOL_GPL(kvm_set_apic_base);
414 asmlinkage __visible noinstr void kvm_spurious_fault(void)
416 /* Fault while not rebooting. We want the trace. */
417 BUG_ON(!kvm_rebooting);
419 EXPORT_SYMBOL_GPL(kvm_spurious_fault);
421 #define EXCPT_BENIGN 0
422 #define EXCPT_CONTRIBUTORY 1
425 static int exception_class(int vector)
435 return EXCPT_CONTRIBUTORY;
442 #define EXCPT_FAULT 0
444 #define EXCPT_ABORT 2
445 #define EXCPT_INTERRUPT 3
447 static int exception_type(int vector)
451 if (WARN_ON(vector > 31 || vector == NMI_VECTOR))
452 return EXCPT_INTERRUPT;
456 /* #DB is trap, as instruction watchpoints are handled elsewhere */
457 if (mask & ((1 << DB_VECTOR) | (1 << BP_VECTOR) | (1 << OF_VECTOR)))
460 if (mask & ((1 << DF_VECTOR) | (1 << MC_VECTOR)))
463 /* Reserved exceptions will result in fault */
467 void kvm_deliver_exception_payload(struct kvm_vcpu *vcpu)
469 unsigned nr = vcpu->arch.exception.nr;
470 bool has_payload = vcpu->arch.exception.has_payload;
471 unsigned long payload = vcpu->arch.exception.payload;
479 * "Certain debug exceptions may clear bit 0-3. The
480 * remaining contents of the DR6 register are never
481 * cleared by the processor".
483 vcpu->arch.dr6 &= ~DR_TRAP_BITS;
485 * DR6.RTM is set by all #DB exceptions that don't clear it.
487 vcpu->arch.dr6 |= DR6_RTM;
488 vcpu->arch.dr6 |= payload;
490 * Bit 16 should be set in the payload whenever the #DB
491 * exception should clear DR6.RTM. This makes the payload
492 * compatible with the pending debug exceptions under VMX.
493 * Though not currently documented in the SDM, this also
494 * makes the payload compatible with the exit qualification
495 * for #DB exceptions under VMX.
497 vcpu->arch.dr6 ^= payload & DR6_RTM;
500 * The #DB payload is defined as compatible with the 'pending
501 * debug exceptions' field under VMX, not DR6. While bit 12 is
502 * defined in the 'pending debug exceptions' field (enabled
503 * breakpoint), it is reserved and must be zero in DR6.
505 vcpu->arch.dr6 &= ~BIT(12);
508 vcpu->arch.cr2 = payload;
512 vcpu->arch.exception.has_payload = false;
513 vcpu->arch.exception.payload = 0;
515 EXPORT_SYMBOL_GPL(kvm_deliver_exception_payload);
517 static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
518 unsigned nr, bool has_error, u32 error_code,
519 bool has_payload, unsigned long payload, bool reinject)
524 kvm_make_request(KVM_REQ_EVENT, vcpu);
526 if (!vcpu->arch.exception.pending && !vcpu->arch.exception.injected) {
528 if (has_error && !is_protmode(vcpu))
532 * On vmentry, vcpu->arch.exception.pending is only
533 * true if an event injection was blocked by
534 * nested_run_pending. In that case, however,
535 * vcpu_enter_guest requests an immediate exit,
536 * and the guest shouldn't proceed far enough to
539 WARN_ON_ONCE(vcpu->arch.exception.pending);
540 vcpu->arch.exception.injected = true;
541 if (WARN_ON_ONCE(has_payload)) {
543 * A reinjected event has already
544 * delivered its payload.
550 vcpu->arch.exception.pending = true;
551 vcpu->arch.exception.injected = false;
553 vcpu->arch.exception.has_error_code = has_error;
554 vcpu->arch.exception.nr = nr;
555 vcpu->arch.exception.error_code = error_code;
556 vcpu->arch.exception.has_payload = has_payload;
557 vcpu->arch.exception.payload = payload;
558 if (!is_guest_mode(vcpu))
559 kvm_deliver_exception_payload(vcpu);
563 /* to check exception */
564 prev_nr = vcpu->arch.exception.nr;
565 if (prev_nr == DF_VECTOR) {
566 /* triple fault -> shutdown */
567 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
570 class1 = exception_class(prev_nr);
571 class2 = exception_class(nr);
572 if ((class1 == EXCPT_CONTRIBUTORY && class2 == EXCPT_CONTRIBUTORY)
573 || (class1 == EXCPT_PF && class2 != EXCPT_BENIGN)) {
575 * Generate double fault per SDM Table 5-5. Set
576 * exception.pending = true so that the double fault
577 * can trigger a nested vmexit.
579 vcpu->arch.exception.pending = true;
580 vcpu->arch.exception.injected = false;
581 vcpu->arch.exception.has_error_code = true;
582 vcpu->arch.exception.nr = DF_VECTOR;
583 vcpu->arch.exception.error_code = 0;
584 vcpu->arch.exception.has_payload = false;
585 vcpu->arch.exception.payload = 0;
587 /* replace previous exception with a new one in a hope
588 that instruction re-execution will regenerate lost
593 void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr)
595 kvm_multiple_exception(vcpu, nr, false, 0, false, 0, false);
597 EXPORT_SYMBOL_GPL(kvm_queue_exception);
599 void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr)
601 kvm_multiple_exception(vcpu, nr, false, 0, false, 0, true);
603 EXPORT_SYMBOL_GPL(kvm_requeue_exception);
605 void kvm_queue_exception_p(struct kvm_vcpu *vcpu, unsigned nr,
606 unsigned long payload)
608 kvm_multiple_exception(vcpu, nr, false, 0, true, payload, false);
610 EXPORT_SYMBOL_GPL(kvm_queue_exception_p);
612 static void kvm_queue_exception_e_p(struct kvm_vcpu *vcpu, unsigned nr,
613 u32 error_code, unsigned long payload)
615 kvm_multiple_exception(vcpu, nr, true, error_code,
616 true, payload, false);
619 int kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err)
622 kvm_inject_gp(vcpu, 0);
624 return kvm_skip_emulated_instruction(vcpu);
628 EXPORT_SYMBOL_GPL(kvm_complete_insn_gp);
630 void kvm_inject_page_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault)
632 ++vcpu->stat.pf_guest;
633 vcpu->arch.exception.nested_apf =
634 is_guest_mode(vcpu) && fault->async_page_fault;
635 if (vcpu->arch.exception.nested_apf) {
636 vcpu->arch.apf.nested_apf_token = fault->address;
637 kvm_queue_exception_e(vcpu, PF_VECTOR, fault->error_code);
639 kvm_queue_exception_e_p(vcpu, PF_VECTOR, fault->error_code,
643 EXPORT_SYMBOL_GPL(kvm_inject_page_fault);
645 bool kvm_inject_emulated_page_fault(struct kvm_vcpu *vcpu,
646 struct x86_exception *fault)
648 struct kvm_mmu *fault_mmu;
649 WARN_ON_ONCE(fault->vector != PF_VECTOR);
651 fault_mmu = fault->nested_page_fault ? vcpu->arch.mmu :
655 * Invalidate the TLB entry for the faulting address, if it exists,
656 * else the access will fault indefinitely (and to emulate hardware).
658 if ((fault->error_code & PFERR_PRESENT_MASK) &&
659 !(fault->error_code & PFERR_RSVD_MASK))
660 kvm_mmu_invalidate_gva(vcpu, fault_mmu, fault->address,
661 fault_mmu->root_hpa);
663 fault_mmu->inject_page_fault(vcpu, fault);
664 return fault->nested_page_fault;
666 EXPORT_SYMBOL_GPL(kvm_inject_emulated_page_fault);
668 void kvm_inject_nmi(struct kvm_vcpu *vcpu)
670 atomic_inc(&vcpu->arch.nmi_queued);
671 kvm_make_request(KVM_REQ_NMI, vcpu);
673 EXPORT_SYMBOL_GPL(kvm_inject_nmi);
675 void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
677 kvm_multiple_exception(vcpu, nr, true, error_code, false, 0, false);
679 EXPORT_SYMBOL_GPL(kvm_queue_exception_e);
681 void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
683 kvm_multiple_exception(vcpu, nr, true, error_code, false, 0, true);
685 EXPORT_SYMBOL_GPL(kvm_requeue_exception_e);
688 * Checks if cpl <= required_cpl; if true, return true. Otherwise queue
689 * a #GP and return false.
691 bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
693 if (kvm_x86_ops.get_cpl(vcpu) <= required_cpl)
695 kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
698 EXPORT_SYMBOL_GPL(kvm_require_cpl);
700 bool kvm_require_dr(struct kvm_vcpu *vcpu, int dr)
702 if ((dr != 4 && dr != 5) || !kvm_read_cr4_bits(vcpu, X86_CR4_DE))
705 kvm_queue_exception(vcpu, UD_VECTOR);
708 EXPORT_SYMBOL_GPL(kvm_require_dr);
711 * This function will be used to read from the physical memory of the currently
712 * running guest. The difference to kvm_vcpu_read_guest_page is that this function
713 * can read from guest physical or from the guest's guest physical memory.
715 int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
716 gfn_t ngfn, void *data, int offset, int len,
719 struct x86_exception exception;
723 ngpa = gfn_to_gpa(ngfn);
724 real_gfn = mmu->translate_gpa(vcpu, ngpa, access, &exception);
725 if (real_gfn == UNMAPPED_GVA)
728 real_gfn = gpa_to_gfn(real_gfn);
730 return kvm_vcpu_read_guest_page(vcpu, real_gfn, data, offset, len);
732 EXPORT_SYMBOL_GPL(kvm_read_guest_page_mmu);
734 static int kvm_read_nested_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn,
735 void *data, int offset, int len, u32 access)
737 return kvm_read_guest_page_mmu(vcpu, vcpu->arch.walk_mmu, gfn,
738 data, offset, len, access);
741 static inline u64 pdptr_rsvd_bits(struct kvm_vcpu *vcpu)
743 return rsvd_bits(cpuid_maxphyaddr(vcpu), 63) | rsvd_bits(5, 8) |
748 * Load the pae pdptrs. Return 1 if they are all valid, 0 otherwise.
750 int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
752 gfn_t pdpt_gfn = cr3 >> PAGE_SHIFT;
753 unsigned offset = ((cr3 & (PAGE_SIZE-1)) >> 5) << 2;
756 u64 pdpte[ARRAY_SIZE(mmu->pdptrs)];
758 ret = kvm_read_guest_page_mmu(vcpu, mmu, pdpt_gfn, pdpte,
759 offset * sizeof(u64), sizeof(pdpte),
760 PFERR_USER_MASK|PFERR_WRITE_MASK);
765 for (i = 0; i < ARRAY_SIZE(pdpte); ++i) {
766 if ((pdpte[i] & PT_PRESENT_MASK) &&
767 (pdpte[i] & pdptr_rsvd_bits(vcpu))) {
774 memcpy(mmu->pdptrs, pdpte, sizeof(mmu->pdptrs));
775 kvm_register_mark_dirty(vcpu, VCPU_EXREG_PDPTR);
781 EXPORT_SYMBOL_GPL(load_pdptrs);
783 bool pdptrs_changed(struct kvm_vcpu *vcpu)
785 u64 pdpte[ARRAY_SIZE(vcpu->arch.walk_mmu->pdptrs)];
790 if (!is_pae_paging(vcpu))
793 if (!kvm_register_is_available(vcpu, VCPU_EXREG_PDPTR))
796 gfn = (kvm_read_cr3(vcpu) & 0xffffffe0ul) >> PAGE_SHIFT;
797 offset = (kvm_read_cr3(vcpu) & 0xffffffe0ul) & (PAGE_SIZE - 1);
798 r = kvm_read_nested_guest_page(vcpu, gfn, pdpte, offset, sizeof(pdpte),
799 PFERR_USER_MASK | PFERR_WRITE_MASK);
803 return memcmp(pdpte, vcpu->arch.walk_mmu->pdptrs, sizeof(pdpte)) != 0;
805 EXPORT_SYMBOL_GPL(pdptrs_changed);
807 void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0)
809 unsigned long update_bits = X86_CR0_PG | X86_CR0_WP;
811 if ((cr0 ^ old_cr0) & X86_CR0_PG) {
812 kvm_clear_async_pf_completion_queue(vcpu);
813 kvm_async_pf_hash_reset(vcpu);
816 if ((cr0 ^ old_cr0) & update_bits)
817 kvm_mmu_reset_context(vcpu);
819 if (((cr0 ^ old_cr0) & X86_CR0_CD) &&
820 kvm_arch_has_noncoherent_dma(vcpu->kvm) &&
821 !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
822 kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL);
824 EXPORT_SYMBOL_GPL(kvm_post_set_cr0);
826 int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
828 unsigned long old_cr0 = kvm_read_cr0(vcpu);
829 unsigned long pdptr_bits = X86_CR0_CD | X86_CR0_NW | X86_CR0_PG;
834 if (cr0 & 0xffffffff00000000UL)
838 cr0 &= ~CR0_RESERVED_BITS;
840 if ((cr0 & X86_CR0_NW) && !(cr0 & X86_CR0_CD))
843 if ((cr0 & X86_CR0_PG) && !(cr0 & X86_CR0_PE))
847 if ((vcpu->arch.efer & EFER_LME) && !is_paging(vcpu) &&
848 (cr0 & X86_CR0_PG)) {
853 kvm_x86_ops.get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
858 if (!(vcpu->arch.efer & EFER_LME) && (cr0 & X86_CR0_PG) &&
859 is_pae(vcpu) && ((cr0 ^ old_cr0) & pdptr_bits) &&
860 !load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu)))
863 if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE))
866 kvm_x86_ops.set_cr0(vcpu, cr0);
868 kvm_post_set_cr0(vcpu, old_cr0, cr0);
872 EXPORT_SYMBOL_GPL(kvm_set_cr0);
874 void kvm_lmsw(struct kvm_vcpu *vcpu, unsigned long msw)
876 (void)kvm_set_cr0(vcpu, kvm_read_cr0_bits(vcpu, ~0x0eul) | (msw & 0x0f));
878 EXPORT_SYMBOL_GPL(kvm_lmsw);
880 void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu)
882 if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE)) {
884 if (vcpu->arch.xcr0 != host_xcr0)
885 xsetbv(XCR_XFEATURE_ENABLED_MASK, vcpu->arch.xcr0);
887 if (vcpu->arch.xsaves_enabled &&
888 vcpu->arch.ia32_xss != host_xss)
889 wrmsrl(MSR_IA32_XSS, vcpu->arch.ia32_xss);
892 if (static_cpu_has(X86_FEATURE_PKU) &&
893 (kvm_read_cr4_bits(vcpu, X86_CR4_PKE) ||
894 (vcpu->arch.xcr0 & XFEATURE_MASK_PKRU)) &&
895 vcpu->arch.pkru != vcpu->arch.host_pkru)
896 __write_pkru(vcpu->arch.pkru);
898 EXPORT_SYMBOL_GPL(kvm_load_guest_xsave_state);
900 void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu)
902 if (static_cpu_has(X86_FEATURE_PKU) &&
903 (kvm_read_cr4_bits(vcpu, X86_CR4_PKE) ||
904 (vcpu->arch.xcr0 & XFEATURE_MASK_PKRU))) {
905 vcpu->arch.pkru = rdpkru();
906 if (vcpu->arch.pkru != vcpu->arch.host_pkru)
907 __write_pkru(vcpu->arch.host_pkru);
910 if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE)) {
912 if (vcpu->arch.xcr0 != host_xcr0)
913 xsetbv(XCR_XFEATURE_ENABLED_MASK, host_xcr0);
915 if (vcpu->arch.xsaves_enabled &&
916 vcpu->arch.ia32_xss != host_xss)
917 wrmsrl(MSR_IA32_XSS, host_xss);
921 EXPORT_SYMBOL_GPL(kvm_load_host_xsave_state);
923 static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
926 u64 old_xcr0 = vcpu->arch.xcr0;
929 /* Only support XCR_XFEATURE_ENABLED_MASK(xcr0) now */
930 if (index != XCR_XFEATURE_ENABLED_MASK)
932 if (!(xcr0 & XFEATURE_MASK_FP))
934 if ((xcr0 & XFEATURE_MASK_YMM) && !(xcr0 & XFEATURE_MASK_SSE))
938 * Do not allow the guest to set bits that we do not support
939 * saving. However, xcr0 bit 0 is always set, even if the
940 * emulated CPU does not support XSAVE (see fx_init).
942 valid_bits = vcpu->arch.guest_supported_xcr0 | XFEATURE_MASK_FP;
943 if (xcr0 & ~valid_bits)
946 if ((!(xcr0 & XFEATURE_MASK_BNDREGS)) !=
947 (!(xcr0 & XFEATURE_MASK_BNDCSR)))
950 if (xcr0 & XFEATURE_MASK_AVX512) {
951 if (!(xcr0 & XFEATURE_MASK_YMM))
953 if ((xcr0 & XFEATURE_MASK_AVX512) != XFEATURE_MASK_AVX512)
956 vcpu->arch.xcr0 = xcr0;
958 if ((xcr0 ^ old_xcr0) & XFEATURE_MASK_EXTEND)
959 kvm_update_cpuid_runtime(vcpu);
963 int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
965 if (kvm_x86_ops.get_cpl(vcpu) != 0 ||
966 __kvm_set_xcr(vcpu, index, xcr)) {
967 kvm_inject_gp(vcpu, 0);
972 EXPORT_SYMBOL_GPL(kvm_set_xcr);
974 bool kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
976 if (cr4 & cr4_reserved_bits)
979 if (cr4 & vcpu->arch.cr4_guest_rsvd_bits)
982 return kvm_x86_ops.is_valid_cr4(vcpu, cr4);
984 EXPORT_SYMBOL_GPL(kvm_is_valid_cr4);
986 int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
988 unsigned long old_cr4 = kvm_read_cr4(vcpu);
989 unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE |
991 unsigned long mmu_role_bits = pdptr_bits | X86_CR4_SMAP | X86_CR4_PKE;
993 if (!kvm_is_valid_cr4(vcpu, cr4))
996 if (is_long_mode(vcpu)) {
997 if (!(cr4 & X86_CR4_PAE))
999 if ((cr4 ^ old_cr4) & X86_CR4_LA57)
1001 } else if (is_paging(vcpu) && (cr4 & X86_CR4_PAE)
1002 && ((cr4 ^ old_cr4) & pdptr_bits)
1003 && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
1004 kvm_read_cr3(vcpu)))
1007 if ((cr4 & X86_CR4_PCIDE) && !(old_cr4 & X86_CR4_PCIDE)) {
1008 if (!guest_cpuid_has(vcpu, X86_FEATURE_PCID))
1011 /* PCID can not be enabled when cr3[11:0]!=000H or EFER.LMA=0 */
1012 if ((kvm_read_cr3(vcpu) & X86_CR3_PCID_MASK) || !is_long_mode(vcpu))
1016 kvm_x86_ops.set_cr4(vcpu, cr4);
1018 if (((cr4 ^ old_cr4) & mmu_role_bits) ||
1019 (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE)))
1020 kvm_mmu_reset_context(vcpu);
1024 EXPORT_SYMBOL_GPL(kvm_set_cr4);
1026 int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
1028 bool skip_tlb_flush = false;
1029 #ifdef CONFIG_X86_64
1030 bool pcid_enabled = kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE);
1033 skip_tlb_flush = cr3 & X86_CR3_PCID_NOFLUSH;
1034 cr3 &= ~X86_CR3_PCID_NOFLUSH;
1038 if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) {
1039 if (!skip_tlb_flush) {
1040 kvm_mmu_sync_roots(vcpu);
1041 kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu);
1046 if (is_long_mode(vcpu) &&
1047 (cr3 & vcpu->arch.cr3_lm_rsvd_bits))
1049 else if (is_pae_paging(vcpu) &&
1050 !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
1053 kvm_mmu_new_pgd(vcpu, cr3, skip_tlb_flush, skip_tlb_flush);
1054 vcpu->arch.cr3 = cr3;
1055 kvm_register_mark_available(vcpu, VCPU_EXREG_CR3);
1059 EXPORT_SYMBOL_GPL(kvm_set_cr3);
1061 int kvm_set_cr8(struct kvm_vcpu *vcpu, unsigned long cr8)
1063 if (cr8 & CR8_RESERVED_BITS)
1065 if (lapic_in_kernel(vcpu))
1066 kvm_lapic_set_tpr(vcpu, cr8);
1068 vcpu->arch.cr8 = cr8;
1071 EXPORT_SYMBOL_GPL(kvm_set_cr8);
1073 unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu)
1075 if (lapic_in_kernel(vcpu))
1076 return kvm_lapic_get_cr8(vcpu);
1078 return vcpu->arch.cr8;
1080 EXPORT_SYMBOL_GPL(kvm_get_cr8);
1082 static void kvm_update_dr0123(struct kvm_vcpu *vcpu)
1086 if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)) {
1087 for (i = 0; i < KVM_NR_DB_REGS; i++)
1088 vcpu->arch.eff_db[i] = vcpu->arch.db[i];
1089 vcpu->arch.switch_db_regs |= KVM_DEBUGREG_RELOAD;
1093 void kvm_update_dr7(struct kvm_vcpu *vcpu)
1097 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
1098 dr7 = vcpu->arch.guest_debug_dr7;
1100 dr7 = vcpu->arch.dr7;
1101 kvm_x86_ops.set_dr7(vcpu, dr7);
1102 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_BP_ENABLED;
1103 if (dr7 & DR7_BP_EN_MASK)
1104 vcpu->arch.switch_db_regs |= KVM_DEBUGREG_BP_ENABLED;
1106 EXPORT_SYMBOL_GPL(kvm_update_dr7);
1108 static u64 kvm_dr6_fixed(struct kvm_vcpu *vcpu)
1110 u64 fixed = DR6_FIXED_1;
1112 if (!guest_cpuid_has(vcpu, X86_FEATURE_RTM))
1117 static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
1119 size_t size = ARRAY_SIZE(vcpu->arch.db);
1123 vcpu->arch.db[array_index_nospec(dr, size)] = val;
1124 if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP))
1125 vcpu->arch.eff_db[dr] = val;
1129 if (!kvm_dr6_valid(val))
1130 return -1; /* #GP */
1131 vcpu->arch.dr6 = (val & DR6_VOLATILE) | kvm_dr6_fixed(vcpu);
1135 if (!kvm_dr7_valid(val))
1136 return -1; /* #GP */
1137 vcpu->arch.dr7 = (val & DR7_VOLATILE) | DR7_FIXED_1;
1138 kvm_update_dr7(vcpu);
1145 int kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
1147 if (__kvm_set_dr(vcpu, dr, val)) {
1148 kvm_inject_gp(vcpu, 0);
1153 EXPORT_SYMBOL_GPL(kvm_set_dr);
1155 int kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
1157 size_t size = ARRAY_SIZE(vcpu->arch.db);
1161 *val = vcpu->arch.db[array_index_nospec(dr, size)];
1165 *val = vcpu->arch.dr6;
1169 *val = vcpu->arch.dr7;
1174 EXPORT_SYMBOL_GPL(kvm_get_dr);
1176 bool kvm_rdpmc(struct kvm_vcpu *vcpu)
1178 u32 ecx = kvm_rcx_read(vcpu);
1182 err = kvm_pmu_rdpmc(vcpu, ecx, &data);
1185 kvm_rax_write(vcpu, (u32)data);
1186 kvm_rdx_write(vcpu, data >> 32);
1189 EXPORT_SYMBOL_GPL(kvm_rdpmc);
1192 * List of msr numbers which we expose to userspace through KVM_GET_MSRS
1193 * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST.
1195 * The three MSR lists(msrs_to_save, emulated_msrs, msr_based_features)
1196 * extract the supported MSRs from the related const lists.
1197 * msrs_to_save is selected from the msrs_to_save_all to reflect the
1198 * capabilities of the host cpu. This capabilities test skips MSRs that are
1199 * kvm-specific. Those are put in emulated_msrs_all; filtering of emulated_msrs
1200 * may depend on host virtualization features rather than host cpu features.
1203 static const u32 msrs_to_save_all[] = {
1204 MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
1206 #ifdef CONFIG_X86_64
1207 MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
1209 MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA,
1210 MSR_IA32_FEAT_CTL, MSR_IA32_BNDCFGS, MSR_TSC_AUX,
1212 MSR_IA32_RTIT_CTL, MSR_IA32_RTIT_STATUS, MSR_IA32_RTIT_CR3_MATCH,
1213 MSR_IA32_RTIT_OUTPUT_BASE, MSR_IA32_RTIT_OUTPUT_MASK,
1214 MSR_IA32_RTIT_ADDR0_A, MSR_IA32_RTIT_ADDR0_B,
1215 MSR_IA32_RTIT_ADDR1_A, MSR_IA32_RTIT_ADDR1_B,
1216 MSR_IA32_RTIT_ADDR2_A, MSR_IA32_RTIT_ADDR2_B,
1217 MSR_IA32_RTIT_ADDR3_A, MSR_IA32_RTIT_ADDR3_B,
1218 MSR_IA32_UMWAIT_CONTROL,
1220 MSR_ARCH_PERFMON_FIXED_CTR0, MSR_ARCH_PERFMON_FIXED_CTR1,
1221 MSR_ARCH_PERFMON_FIXED_CTR0 + 2, MSR_ARCH_PERFMON_FIXED_CTR0 + 3,
1222 MSR_CORE_PERF_FIXED_CTR_CTRL, MSR_CORE_PERF_GLOBAL_STATUS,
1223 MSR_CORE_PERF_GLOBAL_CTRL, MSR_CORE_PERF_GLOBAL_OVF_CTRL,
1224 MSR_ARCH_PERFMON_PERFCTR0, MSR_ARCH_PERFMON_PERFCTR1,
1225 MSR_ARCH_PERFMON_PERFCTR0 + 2, MSR_ARCH_PERFMON_PERFCTR0 + 3,
1226 MSR_ARCH_PERFMON_PERFCTR0 + 4, MSR_ARCH_PERFMON_PERFCTR0 + 5,
1227 MSR_ARCH_PERFMON_PERFCTR0 + 6, MSR_ARCH_PERFMON_PERFCTR0 + 7,
1228 MSR_ARCH_PERFMON_PERFCTR0 + 8, MSR_ARCH_PERFMON_PERFCTR0 + 9,
1229 MSR_ARCH_PERFMON_PERFCTR0 + 10, MSR_ARCH_PERFMON_PERFCTR0 + 11,
1230 MSR_ARCH_PERFMON_PERFCTR0 + 12, MSR_ARCH_PERFMON_PERFCTR0 + 13,
1231 MSR_ARCH_PERFMON_PERFCTR0 + 14, MSR_ARCH_PERFMON_PERFCTR0 + 15,
1232 MSR_ARCH_PERFMON_PERFCTR0 + 16, MSR_ARCH_PERFMON_PERFCTR0 + 17,
1233 MSR_ARCH_PERFMON_EVENTSEL0, MSR_ARCH_PERFMON_EVENTSEL1,
1234 MSR_ARCH_PERFMON_EVENTSEL0 + 2, MSR_ARCH_PERFMON_EVENTSEL0 + 3,
1235 MSR_ARCH_PERFMON_EVENTSEL0 + 4, MSR_ARCH_PERFMON_EVENTSEL0 + 5,
1236 MSR_ARCH_PERFMON_EVENTSEL0 + 6, MSR_ARCH_PERFMON_EVENTSEL0 + 7,
1237 MSR_ARCH_PERFMON_EVENTSEL0 + 8, MSR_ARCH_PERFMON_EVENTSEL0 + 9,
1238 MSR_ARCH_PERFMON_EVENTSEL0 + 10, MSR_ARCH_PERFMON_EVENTSEL0 + 11,
1239 MSR_ARCH_PERFMON_EVENTSEL0 + 12, MSR_ARCH_PERFMON_EVENTSEL0 + 13,
1240 MSR_ARCH_PERFMON_EVENTSEL0 + 14, MSR_ARCH_PERFMON_EVENTSEL0 + 15,
1241 MSR_ARCH_PERFMON_EVENTSEL0 + 16, MSR_ARCH_PERFMON_EVENTSEL0 + 17,
1244 static u32 msrs_to_save[ARRAY_SIZE(msrs_to_save_all)];
1245 static unsigned num_msrs_to_save;
1247 static const u32 emulated_msrs_all[] = {
1248 MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
1249 MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW,
1250 HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL,
1251 HV_X64_MSR_TIME_REF_COUNT, HV_X64_MSR_REFERENCE_TSC,
1252 HV_X64_MSR_TSC_FREQUENCY, HV_X64_MSR_APIC_FREQUENCY,
1253 HV_X64_MSR_CRASH_P0, HV_X64_MSR_CRASH_P1, HV_X64_MSR_CRASH_P2,
1254 HV_X64_MSR_CRASH_P3, HV_X64_MSR_CRASH_P4, HV_X64_MSR_CRASH_CTL,
1256 HV_X64_MSR_VP_INDEX,
1257 HV_X64_MSR_VP_RUNTIME,
1258 HV_X64_MSR_SCONTROL,
1259 HV_X64_MSR_STIMER0_CONFIG,
1260 HV_X64_MSR_VP_ASSIST_PAGE,
1261 HV_X64_MSR_REENLIGHTENMENT_CONTROL, HV_X64_MSR_TSC_EMULATION_CONTROL,
1262 HV_X64_MSR_TSC_EMULATION_STATUS,
1263 HV_X64_MSR_SYNDBG_OPTIONS,
1264 HV_X64_MSR_SYNDBG_CONTROL, HV_X64_MSR_SYNDBG_STATUS,
1265 HV_X64_MSR_SYNDBG_SEND_BUFFER, HV_X64_MSR_SYNDBG_RECV_BUFFER,
1266 HV_X64_MSR_SYNDBG_PENDING_BUFFER,
1268 MSR_KVM_ASYNC_PF_EN, MSR_KVM_STEAL_TIME,
1269 MSR_KVM_PV_EOI_EN, MSR_KVM_ASYNC_PF_INT, MSR_KVM_ASYNC_PF_ACK,
1271 MSR_IA32_TSC_ADJUST,
1272 MSR_IA32_TSCDEADLINE,
1273 MSR_IA32_ARCH_CAPABILITIES,
1274 MSR_IA32_PERF_CAPABILITIES,
1275 MSR_IA32_MISC_ENABLE,
1276 MSR_IA32_MCG_STATUS,
1278 MSR_IA32_MCG_EXT_CTL,
1282 MSR_MISC_FEATURES_ENABLES,
1283 MSR_AMD64_VIRT_SPEC_CTRL,
1288 * The following list leaves out MSRs whose values are determined
1289 * by arch/x86/kvm/vmx/nested.c based on CPUID or other MSRs.
1290 * We always support the "true" VMX control MSRs, even if the host
1291 * processor does not, so I am putting these registers here rather
1292 * than in msrs_to_save_all.
1295 MSR_IA32_VMX_TRUE_PINBASED_CTLS,
1296 MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
1297 MSR_IA32_VMX_TRUE_EXIT_CTLS,
1298 MSR_IA32_VMX_TRUE_ENTRY_CTLS,
1300 MSR_IA32_VMX_CR0_FIXED0,
1301 MSR_IA32_VMX_CR4_FIXED0,
1302 MSR_IA32_VMX_VMCS_ENUM,
1303 MSR_IA32_VMX_PROCBASED_CTLS2,
1304 MSR_IA32_VMX_EPT_VPID_CAP,
1305 MSR_IA32_VMX_VMFUNC,
1308 MSR_KVM_POLL_CONTROL,
1311 static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)];
1312 static unsigned num_emulated_msrs;
1315 * List of msr numbers which are used to expose MSR-based features that
1316 * can be used by a hypervisor to validate requested CPU features.
1318 static const u32 msr_based_features_all[] = {
1320 MSR_IA32_VMX_TRUE_PINBASED_CTLS,
1321 MSR_IA32_VMX_PINBASED_CTLS,
1322 MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
1323 MSR_IA32_VMX_PROCBASED_CTLS,
1324 MSR_IA32_VMX_TRUE_EXIT_CTLS,
1325 MSR_IA32_VMX_EXIT_CTLS,
1326 MSR_IA32_VMX_TRUE_ENTRY_CTLS,
1327 MSR_IA32_VMX_ENTRY_CTLS,
1329 MSR_IA32_VMX_CR0_FIXED0,
1330 MSR_IA32_VMX_CR0_FIXED1,
1331 MSR_IA32_VMX_CR4_FIXED0,
1332 MSR_IA32_VMX_CR4_FIXED1,
1333 MSR_IA32_VMX_VMCS_ENUM,
1334 MSR_IA32_VMX_PROCBASED_CTLS2,
1335 MSR_IA32_VMX_EPT_VPID_CAP,
1336 MSR_IA32_VMX_VMFUNC,
1340 MSR_IA32_ARCH_CAPABILITIES,
1341 MSR_IA32_PERF_CAPABILITIES,
1344 static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)];
1345 static unsigned int num_msr_based_features;
1347 static u64 kvm_get_arch_capabilities(void)
1351 if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))
1352 rdmsrl(MSR_IA32_ARCH_CAPABILITIES, data);
1355 * If nx_huge_pages is enabled, KVM's shadow paging will ensure that
1356 * the nested hypervisor runs with NX huge pages. If it is not,
1357 * L1 is anyway vulnerable to ITLB_MULTIHIT explots from other
1358 * L1 guests, so it need not worry about its own (L2) guests.
1360 data |= ARCH_CAP_PSCHANGE_MC_NO;
1363 * If we're doing cache flushes (either "always" or "cond")
1364 * we will do one whenever the guest does a vmlaunch/vmresume.
1365 * If an outer hypervisor is doing the cache flush for us
1366 * (VMENTER_L1D_FLUSH_NESTED_VM), we can safely pass that
1367 * capability to the guest too, and if EPT is disabled we're not
1368 * vulnerable. Overall, only VMENTER_L1D_FLUSH_NEVER will
1369 * require a nested hypervisor to do a flush of its own.
1371 if (l1tf_vmx_mitigation != VMENTER_L1D_FLUSH_NEVER)
1372 data |= ARCH_CAP_SKIP_VMENTRY_L1DFLUSH;
1374 if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
1375 data |= ARCH_CAP_RDCL_NO;
1376 if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
1377 data |= ARCH_CAP_SSB_NO;
1378 if (!boot_cpu_has_bug(X86_BUG_MDS))
1379 data |= ARCH_CAP_MDS_NO;
1382 * On TAA affected systems:
1383 * - nothing to do if TSX is disabled on the host.
1384 * - we emulate TSX_CTRL if present on the host.
1385 * This lets the guest use VERW to clear CPU buffers.
1387 if (!boot_cpu_has(X86_FEATURE_RTM))
1388 data &= ~(ARCH_CAP_TAA_NO | ARCH_CAP_TSX_CTRL_MSR);
1389 else if (!boot_cpu_has_bug(X86_BUG_TAA))
1390 data |= ARCH_CAP_TAA_NO;
1395 static int kvm_get_msr_feature(struct kvm_msr_entry *msr)
1397 switch (msr->index) {
1398 case MSR_IA32_ARCH_CAPABILITIES:
1399 msr->data = kvm_get_arch_capabilities();
1401 case MSR_IA32_UCODE_REV:
1402 rdmsrl_safe(msr->index, &msr->data);
1405 return kvm_x86_ops.get_msr_feature(msr);
1410 static int do_get_msr_feature(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
1412 struct kvm_msr_entry msr;
1416 r = kvm_get_msr_feature(&msr);
1418 if (r == KVM_MSR_RET_INVALID) {
1419 /* Unconditionally clear the output for simplicity */
1421 if (kvm_msr_ignored_check(vcpu, index, 0, false))
1433 static bool __kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer)
1435 if (efer & EFER_FFXSR && !guest_cpuid_has(vcpu, X86_FEATURE_FXSR_OPT))
1438 if (efer & EFER_SVME && !guest_cpuid_has(vcpu, X86_FEATURE_SVM))
1441 if (efer & (EFER_LME | EFER_LMA) &&
1442 !guest_cpuid_has(vcpu, X86_FEATURE_LM))
1445 if (efer & EFER_NX && !guest_cpuid_has(vcpu, X86_FEATURE_NX))
1451 bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer)
1453 if (efer & efer_reserved_bits)
1456 return __kvm_valid_efer(vcpu, efer);
1458 EXPORT_SYMBOL_GPL(kvm_valid_efer);
1460 static int set_efer(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
1462 u64 old_efer = vcpu->arch.efer;
1463 u64 efer = msr_info->data;
1466 if (efer & efer_reserved_bits)
1469 if (!msr_info->host_initiated) {
1470 if (!__kvm_valid_efer(vcpu, efer))
1473 if (is_paging(vcpu) &&
1474 (vcpu->arch.efer & EFER_LME) != (efer & EFER_LME))
1479 efer |= vcpu->arch.efer & EFER_LMA;
1481 r = kvm_x86_ops.set_efer(vcpu, efer);
1487 /* Update reserved bits */
1488 if ((efer ^ old_efer) & EFER_NX)
1489 kvm_mmu_reset_context(vcpu);
1494 void kvm_enable_efer_bits(u64 mask)
1496 efer_reserved_bits &= ~mask;
1498 EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
1500 bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
1502 struct kvm *kvm = vcpu->kvm;
1503 struct msr_bitmap_range *ranges = kvm->arch.msr_filter.ranges;
1504 u32 count = kvm->arch.msr_filter.count;
1506 bool r = kvm->arch.msr_filter.default_allow;
1509 /* MSR filtering not set up or x2APIC enabled, allow everything */
1510 if (!count || (index >= 0x800 && index <= 0x8ff))
1513 /* Prevent collision with set_msr_filter */
1514 idx = srcu_read_lock(&kvm->srcu);
1516 for (i = 0; i < count; i++) {
1517 u32 start = ranges[i].base;
1518 u32 end = start + ranges[i].nmsrs;
1519 u32 flags = ranges[i].flags;
1520 unsigned long *bitmap = ranges[i].bitmap;
1522 if ((index >= start) && (index < end) && (flags & type)) {
1523 r = !!test_bit(index - start, bitmap);
1528 srcu_read_unlock(&kvm->srcu, idx);
1532 EXPORT_SYMBOL_GPL(kvm_msr_allowed);
1535 * Write @data into the MSR specified by @index. Select MSR specific fault
1536 * checks are bypassed if @host_initiated is %true.
1537 * Returns 0 on success, non-0 otherwise.
1538 * Assumes vcpu_load() was already called.
1540 static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data,
1541 bool host_initiated)
1543 struct msr_data msr;
1545 if (!host_initiated && !kvm_msr_allowed(vcpu, index, KVM_MSR_FILTER_WRITE))
1546 return KVM_MSR_RET_FILTERED;
1551 case MSR_KERNEL_GS_BASE:
1554 if (is_noncanonical_address(data, vcpu))
1557 case MSR_IA32_SYSENTER_EIP:
1558 case MSR_IA32_SYSENTER_ESP:
1560 * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
1561 * non-canonical address is written on Intel but not on
1562 * AMD (which ignores the top 32-bits, because it does
1563 * not implement 64-bit SYSENTER).
1565 * 64-bit code should hence be able to write a non-canonical
1566 * value on AMD. Making the address canonical ensures that
1567 * vmentry does not fail on Intel after writing a non-canonical
1568 * value, and that something deterministic happens if the guest
1569 * invokes 64-bit SYSENTER.
1571 data = get_canonical(data, vcpu_virt_addr_bits(vcpu));
1576 msr.host_initiated = host_initiated;
1578 return kvm_x86_ops.set_msr(vcpu, &msr);
1581 static int kvm_set_msr_ignored_check(struct kvm_vcpu *vcpu,
1582 u32 index, u64 data, bool host_initiated)
1584 int ret = __kvm_set_msr(vcpu, index, data, host_initiated);
1586 if (ret == KVM_MSR_RET_INVALID)
1587 if (kvm_msr_ignored_check(vcpu, index, data, true))
1594 * Read the MSR specified by @index into @data. Select MSR specific fault
1595 * checks are bypassed if @host_initiated is %true.
1596 * Returns 0 on success, non-0 otherwise.
1597 * Assumes vcpu_load() was already called.
1599 int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data,
1600 bool host_initiated)
1602 struct msr_data msr;
1605 if (!host_initiated && !kvm_msr_allowed(vcpu, index, KVM_MSR_FILTER_READ))
1606 return KVM_MSR_RET_FILTERED;
1609 msr.host_initiated = host_initiated;
1611 ret = kvm_x86_ops.get_msr(vcpu, &msr);
1617 static int kvm_get_msr_ignored_check(struct kvm_vcpu *vcpu,
1618 u32 index, u64 *data, bool host_initiated)
1620 int ret = __kvm_get_msr(vcpu, index, data, host_initiated);
1622 if (ret == KVM_MSR_RET_INVALID) {
1623 /* Unconditionally clear *data for simplicity */
1625 if (kvm_msr_ignored_check(vcpu, index, 0, false))
1632 int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data)
1634 return kvm_get_msr_ignored_check(vcpu, index, data, false);
1636 EXPORT_SYMBOL_GPL(kvm_get_msr);
1638 int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data)
1640 return kvm_set_msr_ignored_check(vcpu, index, data, false);
1642 EXPORT_SYMBOL_GPL(kvm_set_msr);
1644 static int complete_emulated_rdmsr(struct kvm_vcpu *vcpu)
1646 int err = vcpu->run->msr.error;
1648 kvm_rax_write(vcpu, (u32)vcpu->run->msr.data);
1649 kvm_rdx_write(vcpu, vcpu->run->msr.data >> 32);
1652 return kvm_x86_ops.complete_emulated_msr(vcpu, err);
1655 static int complete_emulated_wrmsr(struct kvm_vcpu *vcpu)
1657 return kvm_x86_ops.complete_emulated_msr(vcpu, vcpu->run->msr.error);
1660 static u64 kvm_msr_reason(int r)
1663 case KVM_MSR_RET_INVALID:
1664 return KVM_MSR_EXIT_REASON_UNKNOWN;
1665 case KVM_MSR_RET_FILTERED:
1666 return KVM_MSR_EXIT_REASON_FILTER;
1668 return KVM_MSR_EXIT_REASON_INVAL;
1672 static int kvm_msr_user_space(struct kvm_vcpu *vcpu, u32 index,
1673 u32 exit_reason, u64 data,
1674 int (*completion)(struct kvm_vcpu *vcpu),
1677 u64 msr_reason = kvm_msr_reason(r);
1679 /* Check if the user wanted to know about this MSR fault */
1680 if (!(vcpu->kvm->arch.user_space_msr_mask & msr_reason))
1683 vcpu->run->exit_reason = exit_reason;
1684 vcpu->run->msr.error = 0;
1685 memset(vcpu->run->msr.pad, 0, sizeof(vcpu->run->msr.pad));
1686 vcpu->run->msr.reason = msr_reason;
1687 vcpu->run->msr.index = index;
1688 vcpu->run->msr.data = data;
1689 vcpu->arch.complete_userspace_io = completion;
1694 static int kvm_get_msr_user_space(struct kvm_vcpu *vcpu, u32 index, int r)
1696 return kvm_msr_user_space(vcpu, index, KVM_EXIT_X86_RDMSR, 0,
1697 complete_emulated_rdmsr, r);
1700 static int kvm_set_msr_user_space(struct kvm_vcpu *vcpu, u32 index, u64 data, int r)
1702 return kvm_msr_user_space(vcpu, index, KVM_EXIT_X86_WRMSR, data,
1703 complete_emulated_wrmsr, r);
1706 int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu)
1708 u32 ecx = kvm_rcx_read(vcpu);
1712 r = kvm_get_msr(vcpu, ecx, &data);
1714 /* MSR read failed? See if we should ask user space */
1715 if (r && kvm_get_msr_user_space(vcpu, ecx, r)) {
1716 /* Bounce to user space */
1721 trace_kvm_msr_read(ecx, data);
1723 kvm_rax_write(vcpu, data & -1u);
1724 kvm_rdx_write(vcpu, (data >> 32) & -1u);
1726 trace_kvm_msr_read_ex(ecx);
1729 return kvm_x86_ops.complete_emulated_msr(vcpu, r);
1731 EXPORT_SYMBOL_GPL(kvm_emulate_rdmsr);
1733 int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu)
1735 u32 ecx = kvm_rcx_read(vcpu);
1736 u64 data = kvm_read_edx_eax(vcpu);
1739 r = kvm_set_msr(vcpu, ecx, data);
1741 /* MSR write failed? See if we should ask user space */
1742 if (r && kvm_set_msr_user_space(vcpu, ecx, data, r))
1743 /* Bounce to user space */
1746 /* Signal all other negative errors to userspace */
1751 trace_kvm_msr_write(ecx, data);
1753 trace_kvm_msr_write_ex(ecx, data);
1755 return kvm_x86_ops.complete_emulated_msr(vcpu, r);
1757 EXPORT_SYMBOL_GPL(kvm_emulate_wrmsr);
1759 bool kvm_vcpu_exit_request(struct kvm_vcpu *vcpu)
1761 return vcpu->mode == EXITING_GUEST_MODE || kvm_request_pending(vcpu) ||
1762 xfer_to_guest_mode_work_pending();
1764 EXPORT_SYMBOL_GPL(kvm_vcpu_exit_request);
1767 * The fast path for frequent and performance sensitive wrmsr emulation,
1768 * i.e. the sending of IPI, sending IPI early in the VM-Exit flow reduces
1769 * the latency of virtual IPI by avoiding the expensive bits of transitioning
1770 * from guest to host, e.g. reacquiring KVM's SRCU lock. In contrast to the
1771 * other cases which must be called after interrupts are enabled on the host.
1773 static int handle_fastpath_set_x2apic_icr_irqoff(struct kvm_vcpu *vcpu, u64 data)
1775 if (!lapic_in_kernel(vcpu) || !apic_x2apic_mode(vcpu->arch.apic))
1778 if (((data & APIC_SHORT_MASK) == APIC_DEST_NOSHORT) &&
1779 ((data & APIC_DEST_MASK) == APIC_DEST_PHYSICAL) &&
1780 ((data & APIC_MODE_MASK) == APIC_DM_FIXED) &&
1781 ((u32)(data >> 32) != X2APIC_BROADCAST)) {
1784 kvm_apic_send_ipi(vcpu->arch.apic, (u32)data, (u32)(data >> 32));
1785 kvm_lapic_set_reg(vcpu->arch.apic, APIC_ICR2, (u32)(data >> 32));
1786 kvm_lapic_set_reg(vcpu->arch.apic, APIC_ICR, (u32)data);
1787 trace_kvm_apic_write(APIC_ICR, (u32)data);
1794 static int handle_fastpath_set_tscdeadline(struct kvm_vcpu *vcpu, u64 data)
1796 if (!kvm_can_use_hv_timer(vcpu))
1799 kvm_set_lapic_tscdeadline_msr(vcpu, data);
1803 fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu)
1805 u32 msr = kvm_rcx_read(vcpu);
1807 fastpath_t ret = EXIT_FASTPATH_NONE;
1810 case APIC_BASE_MSR + (APIC_ICR >> 4):
1811 data = kvm_read_edx_eax(vcpu);
1812 if (!handle_fastpath_set_x2apic_icr_irqoff(vcpu, data)) {
1813 kvm_skip_emulated_instruction(vcpu);
1814 ret = EXIT_FASTPATH_EXIT_HANDLED;
1817 case MSR_IA32_TSCDEADLINE:
1818 data = kvm_read_edx_eax(vcpu);
1819 if (!handle_fastpath_set_tscdeadline(vcpu, data)) {
1820 kvm_skip_emulated_instruction(vcpu);
1821 ret = EXIT_FASTPATH_REENTER_GUEST;
1828 if (ret != EXIT_FASTPATH_NONE)
1829 trace_kvm_msr_write(msr, data);
1833 EXPORT_SYMBOL_GPL(handle_fastpath_set_msr_irqoff);
1836 * Adapt set_msr() to msr_io()'s calling convention
1838 static int do_get_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
1840 return kvm_get_msr_ignored_check(vcpu, index, data, true);
1843 static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
1845 return kvm_set_msr_ignored_check(vcpu, index, *data, true);
1848 #ifdef CONFIG_X86_64
1849 struct pvclock_clock {
1859 struct pvclock_gtod_data {
1862 struct pvclock_clock clock; /* extract of a clocksource struct */
1863 struct pvclock_clock raw_clock; /* extract of a clocksource struct */
1869 static struct pvclock_gtod_data pvclock_gtod_data;
1871 static void update_pvclock_gtod(struct timekeeper *tk)
1873 struct pvclock_gtod_data *vdata = &pvclock_gtod_data;
1875 write_seqcount_begin(&vdata->seq);
1877 /* copy pvclock gtod data */
1878 vdata->clock.vclock_mode = tk->tkr_mono.clock->vdso_clock_mode;
1879 vdata->clock.cycle_last = tk->tkr_mono.cycle_last;
1880 vdata->clock.mask = tk->tkr_mono.mask;
1881 vdata->clock.mult = tk->tkr_mono.mult;
1882 vdata->clock.shift = tk->tkr_mono.shift;
1883 vdata->clock.base_cycles = tk->tkr_mono.xtime_nsec;
1884 vdata->clock.offset = tk->tkr_mono.base;
1886 vdata->raw_clock.vclock_mode = tk->tkr_raw.clock->vdso_clock_mode;
1887 vdata->raw_clock.cycle_last = tk->tkr_raw.cycle_last;
1888 vdata->raw_clock.mask = tk->tkr_raw.mask;
1889 vdata->raw_clock.mult = tk->tkr_raw.mult;
1890 vdata->raw_clock.shift = tk->tkr_raw.shift;
1891 vdata->raw_clock.base_cycles = tk->tkr_raw.xtime_nsec;
1892 vdata->raw_clock.offset = tk->tkr_raw.base;
1894 vdata->wall_time_sec = tk->xtime_sec;
1896 vdata->offs_boot = tk->offs_boot;
1898 write_seqcount_end(&vdata->seq);
1901 static s64 get_kvmclock_base_ns(void)
1903 /* Count up from boot time, but with the frequency of the raw clock. */
1904 return ktime_to_ns(ktime_add(ktime_get_raw(), pvclock_gtod_data.offs_boot));
1907 static s64 get_kvmclock_base_ns(void)
1909 /* Master clock not used, so we can just use CLOCK_BOOTTIME. */
1910 return ktime_get_boottime_ns();
1914 static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
1918 struct pvclock_wall_clock wc;
1921 kvm->arch.wall_clock = wall_clock;
1926 r = kvm_read_guest(kvm, wall_clock, &version, sizeof(version));
1931 ++version; /* first time write, random junk */
1935 if (kvm_write_guest(kvm, wall_clock, &version, sizeof(version)))
1939 * The guest calculates current wall clock time by adding
1940 * system time (updated by kvm_guest_time_update below) to the
1941 * wall clock specified here. We do the reverse here.
1943 wall_nsec = ktime_get_real_ns() - get_kvmclock_ns(kvm);
1945 wc.nsec = do_div(wall_nsec, 1000000000);
1946 wc.sec = (u32)wall_nsec; /* overflow in 2106 guest time */
1947 wc.version = version;
1949 kvm_write_guest(kvm, wall_clock, &wc, sizeof(wc));
1952 kvm_write_guest(kvm, wall_clock, &version, sizeof(version));
1955 static void kvm_write_system_time(struct kvm_vcpu *vcpu, gpa_t system_time,
1956 bool old_msr, bool host_initiated)
1958 struct kvm_arch *ka = &vcpu->kvm->arch;
1960 if (vcpu->vcpu_id == 0 && !host_initiated) {
1961 if (ka->boot_vcpu_runs_old_kvmclock != old_msr)
1962 kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
1964 ka->boot_vcpu_runs_old_kvmclock = old_msr;
1967 vcpu->arch.time = system_time;
1968 kvm_make_request(KVM_REQ_GLOBAL_CLOCK_UPDATE, vcpu);
1970 /* we verify if the enable bit is set... */
1971 vcpu->arch.pv_time_enabled = false;
1972 if (!(system_time & 1))
1975 if (!kvm_gfn_to_hva_cache_init(vcpu->kvm,
1976 &vcpu->arch.pv_time, system_time & ~1ULL,
1977 sizeof(struct pvclock_vcpu_time_info)))
1978 vcpu->arch.pv_time_enabled = true;
1983 static uint32_t div_frac(uint32_t dividend, uint32_t divisor)
1985 do_shl32_div32(dividend, divisor);
1989 static void kvm_get_time_scale(uint64_t scaled_hz, uint64_t base_hz,
1990 s8 *pshift, u32 *pmultiplier)
1998 scaled64 = scaled_hz;
1999 while (tps64 > scaled64*2 || tps64 & 0xffffffff00000000ULL) {
2004 tps32 = (uint32_t)tps64;
2005 while (tps32 <= scaled64 || scaled64 & 0xffffffff00000000ULL) {
2006 if (scaled64 & 0xffffffff00000000ULL || tps32 & 0x80000000)
2014 *pmultiplier = div_frac(scaled64, tps32);
2017 #ifdef CONFIG_X86_64
2018 static atomic_t kvm_guest_has_master_clock = ATOMIC_INIT(0);
2021 static DEFINE_PER_CPU(unsigned long, cpu_tsc_khz);
2022 static unsigned long max_tsc_khz;
2024 static u32 adjust_tsc_khz(u32 khz, s32 ppm)
2026 u64 v = (u64)khz * (1000000 + ppm);
2031 static int set_tsc_khz(struct kvm_vcpu *vcpu, u32 user_tsc_khz, bool scale)
2035 /* Guest TSC same frequency as host TSC? */
2037 vcpu->arch.tsc_scaling_ratio = kvm_default_tsc_scaling_ratio;
2041 /* TSC scaling supported? */
2042 if (!kvm_has_tsc_control) {
2043 if (user_tsc_khz > tsc_khz) {
2044 vcpu->arch.tsc_catchup = 1;
2045 vcpu->arch.tsc_always_catchup = 1;
2048 pr_warn_ratelimited("user requested TSC rate below hardware speed\n");
2053 /* TSC scaling required - calculate ratio */
2054 ratio = mul_u64_u32_div(1ULL << kvm_tsc_scaling_ratio_frac_bits,
2055 user_tsc_khz, tsc_khz);
2057 if (ratio == 0 || ratio >= kvm_max_tsc_scaling_ratio) {
2058 pr_warn_ratelimited("Invalid TSC scaling ratio - virtual-tsc-khz=%u\n",
2063 vcpu->arch.tsc_scaling_ratio = ratio;
2067 static int kvm_set_tsc_khz(struct kvm_vcpu *vcpu, u32 user_tsc_khz)
2069 u32 thresh_lo, thresh_hi;
2070 int use_scaling = 0;
2072 /* tsc_khz can be zero if TSC calibration fails */
2073 if (user_tsc_khz == 0) {
2074 /* set tsc_scaling_ratio to a safe value */
2075 vcpu->arch.tsc_scaling_ratio = kvm_default_tsc_scaling_ratio;
2079 /* Compute a scale to convert nanoseconds in TSC cycles */
2080 kvm_get_time_scale(user_tsc_khz * 1000LL, NSEC_PER_SEC,
2081 &vcpu->arch.virtual_tsc_shift,
2082 &vcpu->arch.virtual_tsc_mult);
2083 vcpu->arch.virtual_tsc_khz = user_tsc_khz;
2086 * Compute the variation in TSC rate which is acceptable
2087 * within the range of tolerance and decide if the
2088 * rate being applied is within that bounds of the hardware
2089 * rate. If so, no scaling or compensation need be done.
2091 thresh_lo = adjust_tsc_khz(tsc_khz, -tsc_tolerance_ppm);
2092 thresh_hi = adjust_tsc_khz(tsc_khz, tsc_tolerance_ppm);
2093 if (user_tsc_khz < thresh_lo || user_tsc_khz > thresh_hi) {
2094 pr_debug("kvm: requested TSC rate %u falls outside tolerance [%u,%u]\n", user_tsc_khz, thresh_lo, thresh_hi);
2097 return set_tsc_khz(vcpu, user_tsc_khz, use_scaling);
2100 static u64 compute_guest_tsc(struct kvm_vcpu *vcpu, s64 kernel_ns)
2102 u64 tsc = pvclock_scale_delta(kernel_ns-vcpu->arch.this_tsc_nsec,
2103 vcpu->arch.virtual_tsc_mult,
2104 vcpu->arch.virtual_tsc_shift);
2105 tsc += vcpu->arch.this_tsc_write;
2109 static inline int gtod_is_based_on_tsc(int mode)
2111 return mode == VDSO_CLOCKMODE_TSC || mode == VDSO_CLOCKMODE_HVCLOCK;
2114 static void kvm_track_tsc_matching(struct kvm_vcpu *vcpu)
2116 #ifdef CONFIG_X86_64
2118 struct kvm_arch *ka = &vcpu->kvm->arch;
2119 struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
2121 vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 ==
2122 atomic_read(&vcpu->kvm->online_vcpus));
2125 * Once the masterclock is enabled, always perform request in
2126 * order to update it.
2128 * In order to enable masterclock, the host clocksource must be TSC
2129 * and the vcpus need to have matched TSCs. When that happens,
2130 * perform request to enable masterclock.
2132 if (ka->use_master_clock ||
2133 (gtod_is_based_on_tsc(gtod->clock.vclock_mode) && vcpus_matched))
2134 kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
2136 trace_kvm_track_tsc(vcpu->vcpu_id, ka->nr_vcpus_matched_tsc,
2137 atomic_read(&vcpu->kvm->online_vcpus),
2138 ka->use_master_clock, gtod->clock.vclock_mode);
2143 * Multiply tsc by a fixed point number represented by ratio.
2145 * The most significant 64-N bits (mult) of ratio represent the
2146 * integral part of the fixed point number; the remaining N bits
2147 * (frac) represent the fractional part, ie. ratio represents a fixed
2148 * point number (mult + frac * 2^(-N)).
2150 * N equals to kvm_tsc_scaling_ratio_frac_bits.
2152 static inline u64 __scale_tsc(u64 ratio, u64 tsc)
2154 return mul_u64_u64_shr(tsc, ratio, kvm_tsc_scaling_ratio_frac_bits);
2157 u64 kvm_scale_tsc(struct kvm_vcpu *vcpu, u64 tsc)
2160 u64 ratio = vcpu->arch.tsc_scaling_ratio;
2162 if (ratio != kvm_default_tsc_scaling_ratio)
2163 _tsc = __scale_tsc(ratio, tsc);
2167 EXPORT_SYMBOL_GPL(kvm_scale_tsc);
2169 static u64 kvm_compute_tsc_offset(struct kvm_vcpu *vcpu, u64 target_tsc)
2173 tsc = kvm_scale_tsc(vcpu, rdtsc());
2175 return target_tsc - tsc;
2178 u64 kvm_read_l1_tsc(struct kvm_vcpu *vcpu, u64 host_tsc)
2180 return vcpu->arch.l1_tsc_offset + kvm_scale_tsc(vcpu, host_tsc);
2182 EXPORT_SYMBOL_GPL(kvm_read_l1_tsc);
2184 static void kvm_vcpu_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
2186 vcpu->arch.l1_tsc_offset = offset;
2187 vcpu->arch.tsc_offset = kvm_x86_ops.write_l1_tsc_offset(vcpu, offset);
2190 static inline bool kvm_check_tsc_unstable(void)
2192 #ifdef CONFIG_X86_64
2194 * TSC is marked unstable when we're running on Hyper-V,
2195 * 'TSC page' clocksource is good.
2197 if (pvclock_gtod_data.clock.vclock_mode == VDSO_CLOCKMODE_HVCLOCK)
2200 return check_tsc_unstable();
2203 static void kvm_synchronize_tsc(struct kvm_vcpu *vcpu, u64 data)
2205 struct kvm *kvm = vcpu->kvm;
2206 u64 offset, ns, elapsed;
2207 unsigned long flags;
2209 bool already_matched;
2210 bool synchronizing = false;
2212 raw_spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
2213 offset = kvm_compute_tsc_offset(vcpu, data);
2214 ns = get_kvmclock_base_ns();
2215 elapsed = ns - kvm->arch.last_tsc_nsec;
2217 if (vcpu->arch.virtual_tsc_khz) {
2220 * detection of vcpu initialization -- need to sync
2221 * with other vCPUs. This particularly helps to keep
2222 * kvm_clock stable after CPU hotplug
2224 synchronizing = true;
2226 u64 tsc_exp = kvm->arch.last_tsc_write +
2227 nsec_to_cycles(vcpu, elapsed);
2228 u64 tsc_hz = vcpu->arch.virtual_tsc_khz * 1000LL;
2230 * Special case: TSC write with a small delta (1 second)
2231 * of virtual cycle time against real time is
2232 * interpreted as an attempt to synchronize the CPU.
2234 synchronizing = data < tsc_exp + tsc_hz &&
2235 data + tsc_hz > tsc_exp;
2240 * For a reliable TSC, we can match TSC offsets, and for an unstable
2241 * TSC, we add elapsed time in this computation. We could let the
2242 * compensation code attempt to catch up if we fall behind, but
2243 * it's better to try to match offsets from the beginning.
2245 if (synchronizing &&
2246 vcpu->arch.virtual_tsc_khz == kvm->arch.last_tsc_khz) {
2247 if (!kvm_check_tsc_unstable()) {
2248 offset = kvm->arch.cur_tsc_offset;
2250 u64 delta = nsec_to_cycles(vcpu, elapsed);
2252 offset = kvm_compute_tsc_offset(vcpu, data);
2255 already_matched = (vcpu->arch.this_tsc_generation == kvm->arch.cur_tsc_generation);
2258 * We split periods of matched TSC writes into generations.
2259 * For each generation, we track the original measured
2260 * nanosecond time, offset, and write, so if TSCs are in
2261 * sync, we can match exact offset, and if not, we can match
2262 * exact software computation in compute_guest_tsc()
2264 * These values are tracked in kvm->arch.cur_xxx variables.
2266 kvm->arch.cur_tsc_generation++;
2267 kvm->arch.cur_tsc_nsec = ns;
2268 kvm->arch.cur_tsc_write = data;
2269 kvm->arch.cur_tsc_offset = offset;
2274 * We also track th most recent recorded KHZ, write and time to
2275 * allow the matching interval to be extended at each write.
2277 kvm->arch.last_tsc_nsec = ns;
2278 kvm->arch.last_tsc_write = data;
2279 kvm->arch.last_tsc_khz = vcpu->arch.virtual_tsc_khz;
2281 vcpu->arch.last_guest_tsc = data;
2283 /* Keep track of which generation this VCPU has synchronized to */
2284 vcpu->arch.this_tsc_generation = kvm->arch.cur_tsc_generation;
2285 vcpu->arch.this_tsc_nsec = kvm->arch.cur_tsc_nsec;
2286 vcpu->arch.this_tsc_write = kvm->arch.cur_tsc_write;
2288 kvm_vcpu_write_tsc_offset(vcpu, offset);
2289 raw_spin_unlock_irqrestore(&kvm->arch.tsc_write_lock, flags);
2291 spin_lock(&kvm->arch.pvclock_gtod_sync_lock);
2293 kvm->arch.nr_vcpus_matched_tsc = 0;
2294 } else if (!already_matched) {
2295 kvm->arch.nr_vcpus_matched_tsc++;
2298 kvm_track_tsc_matching(vcpu);
2299 spin_unlock(&kvm->arch.pvclock_gtod_sync_lock);
2302 static inline void adjust_tsc_offset_guest(struct kvm_vcpu *vcpu,
2305 u64 tsc_offset = vcpu->arch.l1_tsc_offset;
2306 kvm_vcpu_write_tsc_offset(vcpu, tsc_offset + adjustment);
2309 static inline void adjust_tsc_offset_host(struct kvm_vcpu *vcpu, s64 adjustment)
2311 if (vcpu->arch.tsc_scaling_ratio != kvm_default_tsc_scaling_ratio)
2312 WARN_ON(adjustment < 0);
2313 adjustment = kvm_scale_tsc(vcpu, (u64) adjustment);
2314 adjust_tsc_offset_guest(vcpu, adjustment);
2317 #ifdef CONFIG_X86_64
2319 static u64 read_tsc(void)
2321 u64 ret = (u64)rdtsc_ordered();
2322 u64 last = pvclock_gtod_data.clock.cycle_last;
2324 if (likely(ret >= last))
2328 * GCC likes to generate cmov here, but this branch is extremely
2329 * predictable (it's just a function of time and the likely is
2330 * very likely) and there's a data dependence, so force GCC
2331 * to generate a branch instead. I don't barrier() because
2332 * we don't actually need a barrier, and if this function
2333 * ever gets inlined it will generate worse code.
2339 static inline u64 vgettsc(struct pvclock_clock *clock, u64 *tsc_timestamp,
2345 switch (clock->vclock_mode) {
2346 case VDSO_CLOCKMODE_HVCLOCK:
2347 tsc_pg_val = hv_read_tsc_page_tsc(hv_get_tsc_page(),
2349 if (tsc_pg_val != U64_MAX) {
2350 /* TSC page valid */
2351 *mode = VDSO_CLOCKMODE_HVCLOCK;
2352 v = (tsc_pg_val - clock->cycle_last) &
2355 /* TSC page invalid */
2356 *mode = VDSO_CLOCKMODE_NONE;
2359 case VDSO_CLOCKMODE_TSC:
2360 *mode = VDSO_CLOCKMODE_TSC;
2361 *tsc_timestamp = read_tsc();
2362 v = (*tsc_timestamp - clock->cycle_last) &
2366 *mode = VDSO_CLOCKMODE_NONE;
2369 if (*mode == VDSO_CLOCKMODE_NONE)
2370 *tsc_timestamp = v = 0;
2372 return v * clock->mult;
2375 static int do_monotonic_raw(s64 *t, u64 *tsc_timestamp)
2377 struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
2383 seq = read_seqcount_begin(>od->seq);
2384 ns = gtod->raw_clock.base_cycles;
2385 ns += vgettsc(>od->raw_clock, tsc_timestamp, &mode);
2386 ns >>= gtod->raw_clock.shift;
2387 ns += ktime_to_ns(ktime_add(gtod->raw_clock.offset, gtod->offs_boot));
2388 } while (unlikely(read_seqcount_retry(>od->seq, seq)));
2394 static int do_realtime(struct timespec64 *ts, u64 *tsc_timestamp)
2396 struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
2402 seq = read_seqcount_begin(>od->seq);
2403 ts->tv_sec = gtod->wall_time_sec;
2404 ns = gtod->clock.base_cycles;
2405 ns += vgettsc(>od->clock, tsc_timestamp, &mode);
2406 ns >>= gtod->clock.shift;
2407 } while (unlikely(read_seqcount_retry(>od->seq, seq)));
2409 ts->tv_sec += __iter_div_u64_rem(ns, NSEC_PER_SEC, &ns);
2415 /* returns true if host is using TSC based clocksource */
2416 static bool kvm_get_time_and_clockread(s64 *kernel_ns, u64 *tsc_timestamp)
2418 /* checked again under seqlock below */
2419 if (!gtod_is_based_on_tsc(pvclock_gtod_data.clock.vclock_mode))
2422 return gtod_is_based_on_tsc(do_monotonic_raw(kernel_ns,
2426 /* returns true if host is using TSC based clocksource */
2427 static bool kvm_get_walltime_and_clockread(struct timespec64 *ts,
2430 /* checked again under seqlock below */
2431 if (!gtod_is_based_on_tsc(pvclock_gtod_data.clock.vclock_mode))
2434 return gtod_is_based_on_tsc(do_realtime(ts, tsc_timestamp));
2440 * Assuming a stable TSC across physical CPUS, and a stable TSC
2441 * across virtual CPUs, the following condition is possible.
2442 * Each numbered line represents an event visible to both
2443 * CPUs at the next numbered event.
2445 * "timespecX" represents host monotonic time. "tscX" represents
2448 * VCPU0 on CPU0 | VCPU1 on CPU1
2450 * 1. read timespec0,tsc0
2451 * 2. | timespec1 = timespec0 + N
2453 * 3. transition to guest | transition to guest
2454 * 4. ret0 = timespec0 + (rdtsc - tsc0) |
2455 * 5. | ret1 = timespec1 + (rdtsc - tsc1)
2456 * | ret1 = timespec0 + N + (rdtsc - (tsc0 + M))
2458 * Since ret0 update is visible to VCPU1 at time 5, to obey monotonicity:
2461 * - timespec0 + (rdtsc - tsc0) < timespec0 + N + (rdtsc - (tsc0 + M))
2463 * - 0 < N - M => M < N
2465 * That is, when timespec0 != timespec1, M < N. Unfortunately that is not
2466 * always the case (the difference between two distinct xtime instances
2467 * might be smaller then the difference between corresponding TSC reads,
2468 * when updating guest vcpus pvclock areas).
2470 * To avoid that problem, do not allow visibility of distinct
2471 * system_timestamp/tsc_timestamp values simultaneously: use a master
2472 * copy of host monotonic time values. Update that master copy
2475 * Rely on synchronization of host TSCs and guest TSCs for monotonicity.
2479 static void pvclock_update_vm_gtod_copy(struct kvm *kvm)
2481 #ifdef CONFIG_X86_64
2482 struct kvm_arch *ka = &kvm->arch;
2484 bool host_tsc_clocksource, vcpus_matched;
2486 vcpus_matched = (ka->nr_vcpus_matched_tsc + 1 ==
2487 atomic_read(&kvm->online_vcpus));
2490 * If the host uses TSC clock, then passthrough TSC as stable
2493 host_tsc_clocksource = kvm_get_time_and_clockread(
2494 &ka->master_kernel_ns,
2495 &ka->master_cycle_now);
2497 ka->use_master_clock = host_tsc_clocksource && vcpus_matched
2498 && !ka->backwards_tsc_observed
2499 && !ka->boot_vcpu_runs_old_kvmclock;
2501 if (ka->use_master_clock)
2502 atomic_set(&kvm_guest_has_master_clock, 1);
2504 vclock_mode = pvclock_gtod_data.clock.vclock_mode;
2505 trace_kvm_update_master_clock(ka->use_master_clock, vclock_mode,
2510 void kvm_make_mclock_inprogress_request(struct kvm *kvm)
2512 kvm_make_all_cpus_request(kvm, KVM_REQ_MCLOCK_INPROGRESS);
2515 static void kvm_gen_update_masterclock(struct kvm *kvm)
2517 #ifdef CONFIG_X86_64
2519 struct kvm_vcpu *vcpu;
2520 struct kvm_arch *ka = &kvm->arch;
2522 spin_lock(&ka->pvclock_gtod_sync_lock);
2523 kvm_make_mclock_inprogress_request(kvm);
2524 /* no guest entries from this point */
2525 pvclock_update_vm_gtod_copy(kvm);
2527 kvm_for_each_vcpu(i, vcpu, kvm)
2528 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
2530 /* guest entries allowed */
2531 kvm_for_each_vcpu(i, vcpu, kvm)
2532 kvm_clear_request(KVM_REQ_MCLOCK_INPROGRESS, vcpu);
2534 spin_unlock(&ka->pvclock_gtod_sync_lock);
2538 u64 get_kvmclock_ns(struct kvm *kvm)
2540 struct kvm_arch *ka = &kvm->arch;
2541 struct pvclock_vcpu_time_info hv_clock;
2544 spin_lock(&ka->pvclock_gtod_sync_lock);
2545 if (!ka->use_master_clock) {
2546 spin_unlock(&ka->pvclock_gtod_sync_lock);
2547 return get_kvmclock_base_ns() + ka->kvmclock_offset;
2550 hv_clock.tsc_timestamp = ka->master_cycle_now;
2551 hv_clock.system_time = ka->master_kernel_ns + ka->kvmclock_offset;
2552 spin_unlock(&ka->pvclock_gtod_sync_lock);
2554 /* both __this_cpu_read() and rdtsc() should be on the same cpu */
2557 if (__this_cpu_read(cpu_tsc_khz)) {
2558 kvm_get_time_scale(NSEC_PER_SEC, __this_cpu_read(cpu_tsc_khz) * 1000LL,
2559 &hv_clock.tsc_shift,
2560 &hv_clock.tsc_to_system_mul);
2561 ret = __pvclock_read_cycles(&hv_clock, rdtsc());
2563 ret = get_kvmclock_base_ns() + ka->kvmclock_offset;
2570 static void kvm_setup_pvclock_page(struct kvm_vcpu *v)
2572 struct kvm_vcpu_arch *vcpu = &v->arch;
2573 struct pvclock_vcpu_time_info guest_hv_clock;
2575 if (unlikely(kvm_read_guest_cached(v->kvm, &vcpu->pv_time,
2576 &guest_hv_clock, sizeof(guest_hv_clock))))
2579 /* This VCPU is paused, but it's legal for a guest to read another
2580 * VCPU's kvmclock, so we really have to follow the specification where
2581 * it says that version is odd if data is being modified, and even after
2584 * Version field updates must be kept separate. This is because
2585 * kvm_write_guest_cached might use a "rep movs" instruction, and
2586 * writes within a string instruction are weakly ordered. So there
2587 * are three writes overall.
2589 * As a small optimization, only write the version field in the first
2590 * and third write. The vcpu->pv_time cache is still valid, because the
2591 * version field is the first in the struct.
2593 BUILD_BUG_ON(offsetof(struct pvclock_vcpu_time_info, version) != 0);
2595 if (guest_hv_clock.version & 1)
2596 ++guest_hv_clock.version; /* first time write, random junk */
2598 vcpu->hv_clock.version = guest_hv_clock.version + 1;
2599 kvm_write_guest_cached(v->kvm, &vcpu->pv_time,
2601 sizeof(vcpu->hv_clock.version));
2605 /* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
2606 vcpu->hv_clock.flags |= (guest_hv_clock.flags & PVCLOCK_GUEST_STOPPED);
2608 if (vcpu->pvclock_set_guest_stopped_request) {
2609 vcpu->hv_clock.flags |= PVCLOCK_GUEST_STOPPED;
2610 vcpu->pvclock_set_guest_stopped_request = false;
2613 trace_kvm_pvclock_update(v->vcpu_id, &vcpu->hv_clock);
2615 kvm_write_guest_cached(v->kvm, &vcpu->pv_time,
2617 sizeof(vcpu->hv_clock));
2621 vcpu->hv_clock.version++;
2622 kvm_write_guest_cached(v->kvm, &vcpu->pv_time,
2624 sizeof(vcpu->hv_clock.version));
2627 static int kvm_guest_time_update(struct kvm_vcpu *v)
2629 unsigned long flags, tgt_tsc_khz;
2630 struct kvm_vcpu_arch *vcpu = &v->arch;
2631 struct kvm_arch *ka = &v->kvm->arch;
2633 u64 tsc_timestamp, host_tsc;
2635 bool use_master_clock;
2641 * If the host uses TSC clock, then passthrough TSC as stable
2644 spin_lock(&ka->pvclock_gtod_sync_lock);
2645 use_master_clock = ka->use_master_clock;
2646 if (use_master_clock) {
2647 host_tsc = ka->master_cycle_now;
2648 kernel_ns = ka->master_kernel_ns;
2650 spin_unlock(&ka->pvclock_gtod_sync_lock);
2652 /* Keep irq disabled to prevent changes to the clock */
2653 local_irq_save(flags);
2654 tgt_tsc_khz = __this_cpu_read(cpu_tsc_khz);
2655 if (unlikely(tgt_tsc_khz == 0)) {
2656 local_irq_restore(flags);
2657 kvm_make_request(KVM_REQ_CLOCK_UPDATE, v);
2660 if (!use_master_clock) {
2662 kernel_ns = get_kvmclock_base_ns();
2665 tsc_timestamp = kvm_read_l1_tsc(v, host_tsc);
2668 * We may have to catch up the TSC to match elapsed wall clock
2669 * time for two reasons, even if kvmclock is used.
2670 * 1) CPU could have been running below the maximum TSC rate
2671 * 2) Broken TSC compensation resets the base at each VCPU
2672 * entry to avoid unknown leaps of TSC even when running
2673 * again on the same CPU. This may cause apparent elapsed
2674 * time to disappear, and the guest to stand still or run
2677 if (vcpu->tsc_catchup) {
2678 u64 tsc = compute_guest_tsc(v, kernel_ns);
2679 if (tsc > tsc_timestamp) {
2680 adjust_tsc_offset_guest(v, tsc - tsc_timestamp);
2681 tsc_timestamp = tsc;
2685 local_irq_restore(flags);
2687 /* With all the info we got, fill in the values */
2689 if (kvm_has_tsc_control)
2690 tgt_tsc_khz = kvm_scale_tsc(v, tgt_tsc_khz);
2692 if (unlikely(vcpu->hw_tsc_khz != tgt_tsc_khz)) {
2693 kvm_get_time_scale(NSEC_PER_SEC, tgt_tsc_khz * 1000LL,
2694 &vcpu->hv_clock.tsc_shift,
2695 &vcpu->hv_clock.tsc_to_system_mul);
2696 vcpu->hw_tsc_khz = tgt_tsc_khz;
2699 vcpu->hv_clock.tsc_timestamp = tsc_timestamp;
2700 vcpu->hv_clock.system_time = kernel_ns + v->kvm->arch.kvmclock_offset;
2701 vcpu->last_guest_tsc = tsc_timestamp;
2703 /* If the host uses TSC clocksource, then it is stable */
2705 if (use_master_clock)
2706 pvclock_flags |= PVCLOCK_TSC_STABLE_BIT;
2708 vcpu->hv_clock.flags = pvclock_flags;
2710 if (vcpu->pv_time_enabled)
2711 kvm_setup_pvclock_page(v);
2712 if (v == kvm_get_vcpu(v->kvm, 0))
2713 kvm_hv_setup_tsc_page(v->kvm, &vcpu->hv_clock);
2718 * kvmclock updates which are isolated to a given vcpu, such as
2719 * vcpu->cpu migration, should not allow system_timestamp from
2720 * the rest of the vcpus to remain static. Otherwise ntp frequency
2721 * correction applies to one vcpu's system_timestamp but not
2724 * So in those cases, request a kvmclock update for all vcpus.
2725 * We need to rate-limit these requests though, as they can
2726 * considerably slow guests that have a large number of vcpus.
2727 * The time for a remote vcpu to update its kvmclock is bound
2728 * by the delay we use to rate-limit the updates.
2731 #define KVMCLOCK_UPDATE_DELAY msecs_to_jiffies(100)
2733 static void kvmclock_update_fn(struct work_struct *work)
2736 struct delayed_work *dwork = to_delayed_work(work);
2737 struct kvm_arch *ka = container_of(dwork, struct kvm_arch,
2738 kvmclock_update_work);
2739 struct kvm *kvm = container_of(ka, struct kvm, arch);
2740 struct kvm_vcpu *vcpu;
2742 kvm_for_each_vcpu(i, vcpu, kvm) {
2743 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
2744 kvm_vcpu_kick(vcpu);
2748 static void kvm_gen_kvmclock_update(struct kvm_vcpu *v)
2750 struct kvm *kvm = v->kvm;
2752 kvm_make_request(KVM_REQ_CLOCK_UPDATE, v);
2753 schedule_delayed_work(&kvm->arch.kvmclock_update_work,
2754 KVMCLOCK_UPDATE_DELAY);
2757 #define KVMCLOCK_SYNC_PERIOD (300 * HZ)
2759 static void kvmclock_sync_fn(struct work_struct *work)
2761 struct delayed_work *dwork = to_delayed_work(work);
2762 struct kvm_arch *ka = container_of(dwork, struct kvm_arch,
2763 kvmclock_sync_work);
2764 struct kvm *kvm = container_of(ka, struct kvm, arch);
2766 if (!kvmclock_periodic_sync)
2769 schedule_delayed_work(&kvm->arch.kvmclock_update_work, 0);
2770 schedule_delayed_work(&kvm->arch.kvmclock_sync_work,
2771 KVMCLOCK_SYNC_PERIOD);
2775 * On AMD, HWCR[McStatusWrEn] controls whether setting MCi_STATUS results in #GP.
2777 static bool can_set_mci_status(struct kvm_vcpu *vcpu)
2779 /* McStatusWrEn enabled? */
2780 if (guest_cpuid_is_amd_or_hygon(vcpu))
2781 return !!(vcpu->arch.msr_hwcr & BIT_ULL(18));
2786 static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2788 u64 mcg_cap = vcpu->arch.mcg_cap;
2789 unsigned bank_num = mcg_cap & 0xff;
2790 u32 msr = msr_info->index;
2791 u64 data = msr_info->data;
2794 case MSR_IA32_MCG_STATUS:
2795 vcpu->arch.mcg_status = data;
2797 case MSR_IA32_MCG_CTL:
2798 if (!(mcg_cap & MCG_CTL_P) &&
2799 (data || !msr_info->host_initiated))
2801 if (data != 0 && data != ~(u64)0)
2803 vcpu->arch.mcg_ctl = data;
2806 if (msr >= MSR_IA32_MC0_CTL &&
2807 msr < MSR_IA32_MCx_CTL(bank_num)) {
2808 u32 offset = array_index_nospec(
2809 msr - MSR_IA32_MC0_CTL,
2810 MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL);
2812 /* only 0 or all 1s can be written to IA32_MCi_CTL
2813 * some Linux kernels though clear bit 10 in bank 4 to
2814 * workaround a BIOS/GART TBL issue on AMD K8s, ignore
2815 * this to avoid an uncatched #GP in the guest
2817 if ((offset & 0x3) == 0 &&
2818 data != 0 && (data | (1 << 10)) != ~(u64)0)
2822 if (!msr_info->host_initiated &&
2823 (offset & 0x3) == 1 && data != 0) {
2824 if (!can_set_mci_status(vcpu))
2828 vcpu->arch.mce_banks[offset] = data;
2836 static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
2838 struct kvm *kvm = vcpu->kvm;
2839 int lm = is_long_mode(vcpu);
2840 u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
2841 : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
2842 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
2843 : kvm->arch.xen_hvm_config.blob_size_32;
2844 u32 page_num = data & ~PAGE_MASK;
2845 u64 page_addr = data & PAGE_MASK;
2848 if (page_num >= blob_size)
2851 page = memdup_user(blob_addr + (page_num * PAGE_SIZE), PAGE_SIZE);
2853 return PTR_ERR(page);
2855 if (kvm_vcpu_write_guest(vcpu, page_addr, page, PAGE_SIZE)) {
2862 static inline bool kvm_pv_async_pf_enabled(struct kvm_vcpu *vcpu)
2864 u64 mask = KVM_ASYNC_PF_ENABLED | KVM_ASYNC_PF_DELIVERY_AS_INT;
2866 return (vcpu->arch.apf.msr_en_val & mask) == mask;
2869 static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
2871 gpa_t gpa = data & ~0x3f;
2873 /* Bits 4:5 are reserved, Should be zero */
2877 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_VMEXIT) &&
2878 (data & KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT))
2881 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_INT) &&
2882 (data & KVM_ASYNC_PF_DELIVERY_AS_INT))
2885 if (!lapic_in_kernel(vcpu))
2886 return data ? 1 : 0;
2888 vcpu->arch.apf.msr_en_val = data;
2890 if (!kvm_pv_async_pf_enabled(vcpu)) {
2891 kvm_clear_async_pf_completion_queue(vcpu);
2892 kvm_async_pf_hash_reset(vcpu);
2896 if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa,
2900 vcpu->arch.apf.send_user_only = !(data & KVM_ASYNC_PF_SEND_ALWAYS);
2901 vcpu->arch.apf.delivery_as_pf_vmexit = data & KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT;
2903 kvm_async_pf_wakeup_all(vcpu);
2908 static int kvm_pv_enable_async_pf_int(struct kvm_vcpu *vcpu, u64 data)
2910 /* Bits 8-63 are reserved */
2914 if (!lapic_in_kernel(vcpu))
2917 vcpu->arch.apf.msr_int_val = data;
2919 vcpu->arch.apf.vec = data & KVM_ASYNC_PF_VEC_MASK;
2924 static void kvmclock_reset(struct kvm_vcpu *vcpu)
2926 vcpu->arch.pv_time_enabled = false;
2927 vcpu->arch.time = 0;
2930 static void kvm_vcpu_flush_tlb_all(struct kvm_vcpu *vcpu)
2932 ++vcpu->stat.tlb_flush;
2933 kvm_x86_ops.tlb_flush_all(vcpu);
2936 static void kvm_vcpu_flush_tlb_guest(struct kvm_vcpu *vcpu)
2938 ++vcpu->stat.tlb_flush;
2939 kvm_x86_ops.tlb_flush_guest(vcpu);
2942 static void record_steal_time(struct kvm_vcpu *vcpu)
2944 struct kvm_host_map map;
2945 struct kvm_steal_time *st;
2947 if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
2950 /* -EAGAIN is returned in atomic context so we can just return. */
2951 if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT,
2952 &map, &vcpu->arch.st.cache, false))
2956 offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
2959 * Doing a TLB flush here, on the guest's behalf, can avoid
2962 if (guest_pv_has(vcpu, KVM_FEATURE_PV_TLB_FLUSH)) {
2963 trace_kvm_pv_tlb_flush(vcpu->vcpu_id,
2964 st->preempted & KVM_VCPU_FLUSH_TLB);
2965 if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB)
2966 kvm_vcpu_flush_tlb_guest(vcpu);
2969 vcpu->arch.st.preempted = 0;
2971 if (st->version & 1)
2972 st->version += 1; /* first time write, random junk */
2978 st->steal += current->sched_info.run_delay -
2979 vcpu->arch.st.last_steal;
2980 vcpu->arch.st.last_steal = current->sched_info.run_delay;
2986 kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, false);
2989 int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2992 u32 msr = msr_info->index;
2993 u64 data = msr_info->data;
2996 case MSR_AMD64_NB_CFG:
2997 case MSR_IA32_UCODE_WRITE:
2998 case MSR_VM_HSAVE_PA:
2999 case MSR_AMD64_PATCH_LOADER:
3000 case MSR_AMD64_BU_CFG2:
3001 case MSR_AMD64_DC_CFG:
3002 case MSR_F15H_EX_CFG:
3005 case MSR_IA32_UCODE_REV:
3006 if (msr_info->host_initiated)
3007 vcpu->arch.microcode_version = data;
3009 case MSR_IA32_ARCH_CAPABILITIES:
3010 if (!msr_info->host_initiated)
3012 vcpu->arch.arch_capabilities = data;
3014 case MSR_IA32_PERF_CAPABILITIES: {
3015 struct kvm_msr_entry msr_ent = {.index = msr, .data = 0};
3017 if (!msr_info->host_initiated)
3019 if (guest_cpuid_has(vcpu, X86_FEATURE_PDCM) && kvm_get_msr_feature(&msr_ent))
3021 if (data & ~msr_ent.data)
3024 vcpu->arch.perf_capabilities = data;
3029 return set_efer(vcpu, msr_info);
3031 data &= ~(u64)0x40; /* ignore flush filter disable */
3032 data &= ~(u64)0x100; /* ignore ignne emulation enable */
3033 data &= ~(u64)0x8; /* ignore TLB cache disable */
3035 /* Handle McStatusWrEn */
3036 if (data == BIT_ULL(18)) {
3037 vcpu->arch.msr_hwcr = data;
3038 } else if (data != 0) {
3039 vcpu_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n",
3044 case MSR_FAM10H_MMIO_CONF_BASE:
3046 vcpu_unimpl(vcpu, "unimplemented MMIO_CONF_BASE wrmsr: "
3051 case MSR_IA32_DEBUGCTLMSR:
3053 /* We support the non-activated case already */
3055 } else if (data & ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BTF)) {
3056 /* Values other than LBR and BTF are vendor-specific,
3057 thus reserved and should throw a #GP */
3059 } else if (report_ignored_msrs)
3060 vcpu_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTLMSR 0x%llx, nop\n",
3063 case 0x200 ... 0x2ff:
3064 return kvm_mtrr_set_msr(vcpu, msr, data);
3065 case MSR_IA32_APICBASE:
3066 return kvm_set_apic_base(vcpu, msr_info);
3067 case APIC_BASE_MSR ... APIC_BASE_MSR + 0xff:
3068 return kvm_x2apic_msr_write(vcpu, msr, data);
3069 case MSR_IA32_TSCDEADLINE:
3070 kvm_set_lapic_tscdeadline_msr(vcpu, data);
3072 case MSR_IA32_TSC_ADJUST:
3073 if (guest_cpuid_has(vcpu, X86_FEATURE_TSC_ADJUST)) {
3074 if (!msr_info->host_initiated) {
3075 s64 adj = data - vcpu->arch.ia32_tsc_adjust_msr;
3076 adjust_tsc_offset_guest(vcpu, adj);
3078 vcpu->arch.ia32_tsc_adjust_msr = data;
3081 case MSR_IA32_MISC_ENABLE:
3082 if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT) &&
3083 ((vcpu->arch.ia32_misc_enable_msr ^ data) & MSR_IA32_MISC_ENABLE_MWAIT)) {
3084 if (!guest_cpuid_has(vcpu, X86_FEATURE_XMM3))
3086 vcpu->arch.ia32_misc_enable_msr = data;
3087 kvm_update_cpuid_runtime(vcpu);
3089 vcpu->arch.ia32_misc_enable_msr = data;
3092 case MSR_IA32_SMBASE:
3093 if (!msr_info->host_initiated)
3095 vcpu->arch.smbase = data;
3097 case MSR_IA32_POWER_CTL:
3098 vcpu->arch.msr_ia32_power_ctl = data;
3101 if (msr_info->host_initiated) {
3102 kvm_synchronize_tsc(vcpu, data);
3104 u64 adj = kvm_compute_tsc_offset(vcpu, data) - vcpu->arch.l1_tsc_offset;
3105 adjust_tsc_offset_guest(vcpu, adj);
3106 vcpu->arch.ia32_tsc_adjust_msr += adj;
3110 if (!msr_info->host_initiated &&
3111 !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
3114 * KVM supports exposing PT to the guest, but does not support
3115 * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than
3116 * XSAVES/XRSTORS to save/restore PT MSRs.
3118 if (data & ~supported_xss)
3120 vcpu->arch.ia32_xss = data;
3123 if (!msr_info->host_initiated)
3125 vcpu->arch.smi_count = data;
3127 case MSR_KVM_WALL_CLOCK_NEW:
3128 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE2))
3131 kvm_write_wall_clock(vcpu->kvm, data);
3133 case MSR_KVM_WALL_CLOCK:
3134 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE))
3137 kvm_write_wall_clock(vcpu->kvm, data);
3139 case MSR_KVM_SYSTEM_TIME_NEW:
3140 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE2))
3143 kvm_write_system_time(vcpu, data, false, msr_info->host_initiated);
3145 case MSR_KVM_SYSTEM_TIME:
3146 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE))
3149 kvm_write_system_time(vcpu, data, true, msr_info->host_initiated);
3151 case MSR_KVM_ASYNC_PF_EN:
3152 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF))
3155 if (kvm_pv_enable_async_pf(vcpu, data))
3158 case MSR_KVM_ASYNC_PF_INT:
3159 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_INT))
3162 if (kvm_pv_enable_async_pf_int(vcpu, data))
3165 case MSR_KVM_ASYNC_PF_ACK:
3166 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF))
3169 vcpu->arch.apf.pageready_pending = false;
3170 kvm_check_async_pf_completion(vcpu);
3173 case MSR_KVM_STEAL_TIME:
3174 if (!guest_pv_has(vcpu, KVM_FEATURE_STEAL_TIME))
3177 if (unlikely(!sched_info_on()))
3180 if (data & KVM_STEAL_RESERVED_MASK)
3183 vcpu->arch.st.msr_val = data;
3185 if (!(data & KVM_MSR_ENABLED))
3188 kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
3191 case MSR_KVM_PV_EOI_EN:
3192 if (!guest_pv_has(vcpu, KVM_FEATURE_PV_EOI))
3195 if (kvm_lapic_enable_pv_eoi(vcpu, data, sizeof(u8)))
3199 case MSR_KVM_POLL_CONTROL:
3200 if (!guest_pv_has(vcpu, KVM_FEATURE_POLL_CONTROL))
3203 /* only enable bit supported */
3204 if (data & (-1ULL << 1))
3207 vcpu->arch.msr_kvm_poll_control = data;
3210 case MSR_IA32_MCG_CTL:
3211 case MSR_IA32_MCG_STATUS:
3212 case MSR_IA32_MC0_CTL ... MSR_IA32_MCx_CTL(KVM_MAX_MCE_BANKS) - 1:
3213 return set_msr_mce(vcpu, msr_info);
3215 case MSR_K7_PERFCTR0 ... MSR_K7_PERFCTR3:
3216 case MSR_P6_PERFCTR0 ... MSR_P6_PERFCTR1:
3219 case MSR_K7_EVNTSEL0 ... MSR_K7_EVNTSEL3:
3220 case MSR_P6_EVNTSEL0 ... MSR_P6_EVNTSEL1:
3221 if (kvm_pmu_is_valid_msr(vcpu, msr))
3222 return kvm_pmu_set_msr(vcpu, msr_info);
3224 if (pr || data != 0)
3225 vcpu_unimpl(vcpu, "disabled perfctr wrmsr: "
3226 "0x%x data 0x%llx\n", msr, data);
3228 case MSR_K7_CLK_CTL:
3230 * Ignore all writes to this no longer documented MSR.
3231 * Writes are only relevant for old K7 processors,
3232 * all pre-dating SVM, but a recommended workaround from
3233 * AMD for these chips. It is possible to specify the
3234 * affected processor models on the command line, hence
3235 * the need to ignore the workaround.
3238 case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15:
3239 case HV_X64_MSR_SYNDBG_CONTROL ... HV_X64_MSR_SYNDBG_PENDING_BUFFER:
3240 case HV_X64_MSR_SYNDBG_OPTIONS:
3241 case HV_X64_MSR_CRASH_P0 ... HV_X64_MSR_CRASH_P4:
3242 case HV_X64_MSR_CRASH_CTL:
3243 case HV_X64_MSR_STIMER0_CONFIG ... HV_X64_MSR_STIMER3_COUNT:
3244 case HV_X64_MSR_REENLIGHTENMENT_CONTROL:
3245 case HV_X64_MSR_TSC_EMULATION_CONTROL:
3246 case HV_X64_MSR_TSC_EMULATION_STATUS:
3247 return kvm_hv_set_msr_common(vcpu, msr, data,
3248 msr_info->host_initiated);
3249 case MSR_IA32_BBL_CR_CTL3:
3250 /* Drop writes to this legacy MSR -- see rdmsr
3251 * counterpart for further detail.
3253 if (report_ignored_msrs)
3254 vcpu_unimpl(vcpu, "ignored wrmsr: 0x%x data 0x%llx\n",
3257 case MSR_AMD64_OSVW_ID_LENGTH:
3258 if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW))
3260 vcpu->arch.osvw.length = data;
3262 case MSR_AMD64_OSVW_STATUS:
3263 if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW))
3265 vcpu->arch.osvw.status = data;
3267 case MSR_PLATFORM_INFO:
3268 if (!msr_info->host_initiated ||
3269 (!(data & MSR_PLATFORM_INFO_CPUID_FAULT) &&
3270 cpuid_fault_enabled(vcpu)))
3272 vcpu->arch.msr_platform_info = data;
3274 case MSR_MISC_FEATURES_ENABLES:
3275 if (data & ~MSR_MISC_FEATURES_ENABLES_CPUID_FAULT ||
3276 (data & MSR_MISC_FEATURES_ENABLES_CPUID_FAULT &&
3277 !supports_cpuid_fault(vcpu)))
3279 vcpu->arch.msr_misc_features_enables = data;
3282 if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr))
3283 return xen_hvm_config(vcpu, data);
3284 if (kvm_pmu_is_valid_msr(vcpu, msr))
3285 return kvm_pmu_set_msr(vcpu, msr_info);
3286 return KVM_MSR_RET_INVALID;
3290 EXPORT_SYMBOL_GPL(kvm_set_msr_common);
3292 static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host)
3295 u64 mcg_cap = vcpu->arch.mcg_cap;
3296 unsigned bank_num = mcg_cap & 0xff;
3299 case MSR_IA32_P5_MC_ADDR:
3300 case MSR_IA32_P5_MC_TYPE:
3303 case MSR_IA32_MCG_CAP:
3304 data = vcpu->arch.mcg_cap;
3306 case MSR_IA32_MCG_CTL:
3307 if (!(mcg_cap & MCG_CTL_P) && !host)
3309 data = vcpu->arch.mcg_ctl;
3311 case MSR_IA32_MCG_STATUS:
3312 data = vcpu->arch.mcg_status;
3315 if (msr >= MSR_IA32_MC0_CTL &&
3316 msr < MSR_IA32_MCx_CTL(bank_num)) {
3317 u32 offset = array_index_nospec(
3318 msr - MSR_IA32_MC0_CTL,
3319 MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL);
3321 data = vcpu->arch.mce_banks[offset];
3330 int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
3332 switch (msr_info->index) {
3333 case MSR_IA32_PLATFORM_ID:
3334 case MSR_IA32_EBL_CR_POWERON:
3335 case MSR_IA32_DEBUGCTLMSR:
3336 case MSR_IA32_LASTBRANCHFROMIP:
3337 case MSR_IA32_LASTBRANCHTOIP:
3338 case MSR_IA32_LASTINTFROMIP:
3339 case MSR_IA32_LASTINTTOIP:
3341 case MSR_K8_TSEG_ADDR:
3342 case MSR_K8_TSEG_MASK:
3343 case MSR_VM_HSAVE_PA:
3344 case MSR_K8_INT_PENDING_MSG:
3345 case MSR_AMD64_NB_CFG:
3346 case MSR_FAM10H_MMIO_CONF_BASE:
3347 case MSR_AMD64_BU_CFG2:
3348 case MSR_IA32_PERF_CTL:
3349 case MSR_AMD64_DC_CFG:
3350 case MSR_F15H_EX_CFG:
3352 * Intel Sandy Bridge CPUs must support the RAPL (running average power
3353 * limit) MSRs. Just return 0, as we do not want to expose the host
3354 * data here. Do not conditionalize this on CPUID, as KVM does not do
3355 * so for existing CPU-specific MSRs.
3357 case MSR_RAPL_POWER_UNIT:
3358 case MSR_PP0_ENERGY_STATUS: /* Power plane 0 (core) */
3359 case MSR_PP1_ENERGY_STATUS: /* Power plane 1 (graphics uncore) */
3360 case MSR_PKG_ENERGY_STATUS: /* Total package */
3361 case MSR_DRAM_ENERGY_STATUS: /* DRAM controller */
3364 case MSR_F15H_PERF_CTL0 ... MSR_F15H_PERF_CTR5:
3365 case MSR_K7_EVNTSEL0 ... MSR_K7_EVNTSEL3:
3366 case MSR_K7_PERFCTR0 ... MSR_K7_PERFCTR3:
3367 case MSR_P6_PERFCTR0 ... MSR_P6_PERFCTR1:
3368 case MSR_P6_EVNTSEL0 ... MSR_P6_EVNTSEL1:
3369 if (kvm_pmu_is_valid_msr(vcpu, msr_info->index))
3370 return kvm_pmu_get_msr(vcpu, msr_info);
3373 case MSR_IA32_UCODE_REV:
3374 msr_info->data = vcpu->arch.microcode_version;
3376 case MSR_IA32_ARCH_CAPABILITIES:
3377 if (!msr_info->host_initiated &&
3378 !guest_cpuid_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES))
3380 msr_info->data = vcpu->arch.arch_capabilities;
3382 case MSR_IA32_PERF_CAPABILITIES:
3383 if (!msr_info->host_initiated &&
3384 !guest_cpuid_has(vcpu, X86_FEATURE_PDCM))
3386 msr_info->data = vcpu->arch.perf_capabilities;
3388 case MSR_IA32_POWER_CTL:
3389 msr_info->data = vcpu->arch.msr_ia32_power_ctl;
3391 case MSR_IA32_TSC: {
3393 * Intel SDM states that MSR_IA32_TSC read adds the TSC offset
3394 * even when not intercepted. AMD manual doesn't explicitly
3395 * state this but appears to behave the same.
3397 * On userspace reads and writes, however, we unconditionally
3398 * return L1's TSC value to ensure backwards-compatible
3399 * behavior for migration.
3401 u64 tsc_offset = msr_info->host_initiated ? vcpu->arch.l1_tsc_offset :
3402 vcpu->arch.tsc_offset;
3404 msr_info->data = kvm_scale_tsc(vcpu, rdtsc()) + tsc_offset;
3408 case 0x200 ... 0x2ff:
3409 return kvm_mtrr_get_msr(vcpu, msr_info->index, &msr_info->data);
3410 case 0xcd: /* fsb frequency */
3414 * MSR_EBC_FREQUENCY_ID
3415 * Conservative value valid for even the basic CPU models.
3416 * Models 0,1: 000 in bits 23:21 indicating a bus speed of
3417 * 100MHz, model 2 000 in bits 18:16 indicating 100MHz,
3418 * and 266MHz for model 3, or 4. Set Core Clock
3419 * Frequency to System Bus Frequency Ratio to 1 (bits
3420 * 31:24) even though these are only valid for CPU
3421 * models > 2, however guests may end up dividing or
3422 * multiplying by zero otherwise.
3424 case MSR_EBC_FREQUENCY_ID:
3425 msr_info->data = 1 << 24;
3427 case MSR_IA32_APICBASE:
3428 msr_info->data = kvm_get_apic_base(vcpu);
3430 case APIC_BASE_MSR ... APIC_BASE_MSR + 0xff:
3431 return kvm_x2apic_msr_read(vcpu, msr_info->index, &msr_info->data);
3432 case MSR_IA32_TSCDEADLINE:
3433 msr_info->data = kvm_get_lapic_tscdeadline_msr(vcpu);
3435 case MSR_IA32_TSC_ADJUST:
3436 msr_info->data = (u64)vcpu->arch.ia32_tsc_adjust_msr;
3438 case MSR_IA32_MISC_ENABLE:
3439 msr_info->data = vcpu->arch.ia32_misc_enable_msr;
3441 case MSR_IA32_SMBASE:
3442 if (!msr_info->host_initiated)
3444 msr_info->data = vcpu->arch.smbase;
3447 msr_info->data = vcpu->arch.smi_count;
3449 case MSR_IA32_PERF_STATUS:
3450 /* TSC increment by tick */
3451 msr_info->data = 1000ULL;
3452 /* CPU multiplier */
3453 msr_info->data |= (((uint64_t)4ULL) << 40);
3456 msr_info->data = vcpu->arch.efer;
3458 case MSR_KVM_WALL_CLOCK:
3459 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE))
3462 msr_info->data = vcpu->kvm->arch.wall_clock;
3464 case MSR_KVM_WALL_CLOCK_NEW:
3465 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE2))
3468 msr_info->data = vcpu->kvm->arch.wall_clock;
3470 case MSR_KVM_SYSTEM_TIME:
3471 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE))
3474 msr_info->data = vcpu->arch.time;
3476 case MSR_KVM_SYSTEM_TIME_NEW:
3477 if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE2))
3480 msr_info->data = vcpu->arch.time;
3482 case MSR_KVM_ASYNC_PF_EN:
3483 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF))
3486 msr_info->data = vcpu->arch.apf.msr_en_val;
3488 case MSR_KVM_ASYNC_PF_INT:
3489 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_INT))
3492 msr_info->data = vcpu->arch.apf.msr_int_val;
3494 case MSR_KVM_ASYNC_PF_ACK:
3495 if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF))
3500 case MSR_KVM_STEAL_TIME:
3501 if (!guest_pv_has(vcpu, KVM_FEATURE_STEAL_TIME))
3504 msr_info->data = vcpu->arch.st.msr_val;
3506 case MSR_KVM_PV_EOI_EN:
3507 if (!guest_pv_has(vcpu, KVM_FEATURE_PV_EOI))
3510 msr_info->data = vcpu->arch.pv_eoi.msr_val;
3512 case MSR_KVM_POLL_CONTROL:
3513 if (!guest_pv_has(vcpu, KVM_FEATURE_POLL_CONTROL))
3516 msr_info->data = vcpu->arch.msr_kvm_poll_control;
3518 case MSR_IA32_P5_MC_ADDR:
3519 case MSR_IA32_P5_MC_TYPE:
3520 case MSR_IA32_MCG_CAP:
3521 case MSR_IA32_MCG_CTL:
3522 case MSR_IA32_MCG_STATUS:
3523 case MSR_IA32_MC0_CTL ... MSR_IA32_MCx_CTL(KVM_MAX_MCE_BANKS) - 1:
3524 return get_msr_mce(vcpu, msr_info->index, &msr_info->data,
3525 msr_info->host_initiated);
3527 if (!msr_info->host_initiated &&
3528 !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
3530 msr_info->data = vcpu->arch.ia32_xss;
3532 case MSR_K7_CLK_CTL:
3534 * Provide expected ramp-up count for K7. All other
3535 * are set to zero, indicating minimum divisors for
3538 * This prevents guest kernels on AMD host with CPU
3539 * type 6, model 8 and higher from exploding due to
3540 * the rdmsr failing.
3542 msr_info->data = 0x20000000;
3544 case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15:
3545 case HV_X64_MSR_SYNDBG_CONTROL ... HV_X64_MSR_SYNDBG_PENDING_BUFFER:
3546 case HV_X64_MSR_SYNDBG_OPTIONS:
3547 case HV_X64_MSR_CRASH_P0 ... HV_X64_MSR_CRASH_P4:
3548 case HV_X64_MSR_CRASH_CTL:
3549 case HV_X64_MSR_STIMER0_CONFIG ... HV_X64_MSR_STIMER3_COUNT:
3550 case HV_X64_MSR_REENLIGHTENMENT_CONTROL:
3551 case HV_X64_MSR_TSC_EMULATION_CONTROL:
3552 case HV_X64_MSR_TSC_EMULATION_STATUS:
3553 return kvm_hv_get_msr_common(vcpu,
3554 msr_info->index, &msr_info->data,
3555 msr_info->host_initiated);
3556 case MSR_IA32_BBL_CR_CTL3:
3557 /* This legacy MSR exists but isn't fully documented in current
3558 * silicon. It is however accessed by winxp in very narrow
3559 * scenarios where it sets bit #19, itself documented as
3560 * a "reserved" bit. Best effort attempt to source coherent
3561 * read data here should the balance of the register be
3562 * interpreted by the guest:
3564 * L2 cache control register 3: 64GB range, 256KB size,
3565 * enabled, latency 0x1, configured
3567 msr_info->data = 0xbe702111;
3569 case MSR_AMD64_OSVW_ID_LENGTH:
3570 if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW))
3572 msr_info->data = vcpu->arch.osvw.length;
3574 case MSR_AMD64_OSVW_STATUS:
3575 if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW))
3577 msr_info->data = vcpu->arch.osvw.status;
3579 case MSR_PLATFORM_INFO:
3580 if (!msr_info->host_initiated &&
3581 !vcpu->kvm->arch.guest_can_read_msr_platform_info)
3583 msr_info->data = vcpu->arch.msr_platform_info;
3585 case MSR_MISC_FEATURES_ENABLES:
3586 msr_info->data = vcpu->arch.msr_misc_features_enables;
3589 msr_info->data = vcpu->arch.msr_hwcr;
3592 if (kvm_pmu_is_valid_msr(vcpu, msr_info->index))
3593 return kvm_pmu_get_msr(vcpu, msr_info);
3594 return KVM_MSR_RET_INVALID;
3598 EXPORT_SYMBOL_GPL(kvm_get_msr_common);
3601 * Read or write a bunch of msrs. All parameters are kernel addresses.
3603 * @return number of msrs set successfully.
3605 static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs,
3606 struct kvm_msr_entry *entries,
3607 int (*do_msr)(struct kvm_vcpu *vcpu,
3608 unsigned index, u64 *data))
3612 for (i = 0; i < msrs->nmsrs; ++i)
3613 if (do_msr(vcpu, entries[i].index, &entries[i].data))
3620 * Read or write a bunch of msrs. Parameters are user addresses.
3622 * @return number of msrs set successfully.
3624 static int msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs __user *user_msrs,
3625 int (*do_msr)(struct kvm_vcpu *vcpu,
3626 unsigned index, u64 *data),
3629 struct kvm_msrs msrs;
3630 struct kvm_msr_entry *entries;
3635 if (copy_from_user(&msrs, user_msrs, sizeof(msrs)))
3639 if (msrs.nmsrs >= MAX_IO_MSRS)
3642 size = sizeof(struct kvm_msr_entry) * msrs.nmsrs;
3643 entries = memdup_user(user_msrs->entries, size);
3644 if (IS_ERR(entries)) {
3645 r = PTR_ERR(entries);
3649 r = n = __msr_io(vcpu, &msrs, entries, do_msr);
3654 if (writeback && copy_to_user(user_msrs->entries, entries, size))
3665 static inline bool kvm_can_mwait_in_guest(void)
3667 return boot_cpu_has(X86_FEATURE_MWAIT) &&
3668 !boot_cpu_has_bug(X86_BUG_MONITOR) &&
3669 boot_cpu_has(X86_FEATURE_ARAT);
3672 static int kvm_ioctl_get_supported_hv_cpuid(struct kvm_vcpu *vcpu,
3673 struct kvm_cpuid2 __user *cpuid_arg)
3675 struct kvm_cpuid2 cpuid;
3679 if (copy_from_user(&cpuid, cpuid_arg, sizeof(cpuid)))
3682 r = kvm_get_hv_cpuid(vcpu, &cpuid, cpuid_arg->entries);
3687 if (copy_to_user(cpuid_arg, &cpuid, sizeof(cpuid)))
3693 int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
3698 case KVM_CAP_IRQCHIP:
3700 case KVM_CAP_MMU_SHADOW_CACHE_CONTROL:
3701 case KVM_CAP_SET_TSS_ADDR:
3702 case KVM_CAP_EXT_CPUID:
3703 case KVM_CAP_EXT_EMUL_CPUID:
3704 case KVM_CAP_CLOCKSOURCE:
3706 case KVM_CAP_NOP_IO_DELAY:
3707 case KVM_CAP_MP_STATE:
3708 case KVM_CAP_SYNC_MMU:
3709 case KVM_CAP_USER_NMI:
3710 case KVM_CAP_REINJECT_CONTROL:
3711 case KVM_CAP_IRQ_INJECT_STATUS:
3712 case KVM_CAP_IOEVENTFD:
3713 case KVM_CAP_IOEVENTFD_NO_LENGTH:
3715 case KVM_CAP_PIT_STATE2:
3716 case KVM_CAP_SET_IDENTITY_MAP_ADDR:
3717 case KVM_CAP_XEN_HVM:
3718 case KVM_CAP_VCPU_EVENTS:
3719 case KVM_CAP_HYPERV:
3720 case KVM_CAP_HYPERV_VAPIC:
3721 case KVM_CAP_HYPERV_SPIN:
3722 case KVM_CAP_HYPERV_SYNIC:
3723 case KVM_CAP_HYPERV_SYNIC2:
3724 case KVM_CAP_HYPERV_VP_INDEX:
3725 case KVM_CAP_HYPERV_EVENTFD:
3726 case KVM_CAP_HYPERV_TLBFLUSH:
3727 case KVM_CAP_HYPERV_SEND_IPI:
3728 case KVM_CAP_HYPERV_CPUID:
3729 case KVM_CAP_SYS_HYPERV_CPUID:
3730 case KVM_CAP_PCI_SEGMENT:
3731 case KVM_CAP_DEBUGREGS:
3732 case KVM_CAP_X86_ROBUST_SINGLESTEP:
3734 case KVM_CAP_ASYNC_PF:
3735 case KVM_CAP_ASYNC_PF_INT:
3736 case KVM_CAP_GET_TSC_KHZ:
3737 case KVM_CAP_KVMCLOCK_CTRL:
3738 case KVM_CAP_READONLY_MEM:
3739 case KVM_CAP_HYPERV_TIME:
3740 case KVM_CAP_IOAPIC_POLARITY_IGNORED:
3741 case KVM_CAP_TSC_DEADLINE_TIMER:
3742 case KVM_CAP_DISABLE_QUIRKS:
3743 case KVM_CAP_SET_BOOT_CPU_ID:
3744 case KVM_CAP_SPLIT_IRQCHIP:
3745 case KVM_CAP_IMMEDIATE_EXIT:
3746 case KVM_CAP_PMU_EVENT_FILTER:
3747 case KVM_CAP_GET_MSR_FEATURES:
3748 case KVM_CAP_MSR_PLATFORM_INFO:
3749 case KVM_CAP_EXCEPTION_PAYLOAD:
3750 case KVM_CAP_SET_GUEST_DEBUG:
3751 case KVM_CAP_LAST_CPU:
3752 case KVM_CAP_X86_USER_SPACE_MSR:
3753 case KVM_CAP_X86_MSR_FILTER:
3754 case KVM_CAP_ENFORCE_PV_FEATURE_CPUID:
3757 case KVM_CAP_SYNC_REGS:
3758 r = KVM_SYNC_X86_VALID_FIELDS;
3760 case KVM_CAP_ADJUST_CLOCK:
3761 r = KVM_CLOCK_TSC_STABLE;
3763 case KVM_CAP_X86_DISABLE_EXITS:
3764 r |= KVM_X86_DISABLE_EXITS_HLT | KVM_X86_DISABLE_EXITS_PAUSE |
3765 KVM_X86_DISABLE_EXITS_CSTATE;
3766 if(kvm_can_mwait_in_guest())
3767 r |= KVM_X86_DISABLE_EXITS_MWAIT;
3769 case KVM_CAP_X86_SMM:
3770 /* SMBASE is usually relocated above 1M on modern chipsets,
3771 * and SMM handlers might indeed rely on 4G segment limits,
3772 * so do not report SMM to be available if real mode is
3773 * emulated via vm86 mode. Still, do not go to great lengths
3774 * to avoid userspace's usage of the feature, because it is a
3775 * fringe case that is not enabled except via specific settings
3776 * of the module parameters.
3778 r = kvm_x86_ops.has_emulated_msr(MSR_IA32_SMBASE);
3781 r = !kvm_x86_ops.cpu_has_accelerated_tpr();
3783 case KVM_CAP_NR_VCPUS:
3784 r = KVM_SOFT_MAX_VCPUS;
3786 case KVM_CAP_MAX_VCPUS:
3789 case KVM_CAP_MAX_VCPU_ID:
3790 r = KVM_MAX_VCPU_ID;
3792 case KVM_CAP_PV_MMU: /* obsolete */
3796 r = KVM_MAX_MCE_BANKS;
3799 r = boot_cpu_has(X86_FEATURE_XSAVE);
3801 case KVM_CAP_TSC_CONTROL:
3802 r = kvm_has_tsc_control;
3804 case KVM_CAP_X2APIC_API:
3805 r = KVM_X2APIC_API_VALID_FLAGS;
3807 case KVM_CAP_NESTED_STATE:
3808 r = kvm_x86_ops.nested_ops->get_state ?
3809 kvm_x86_ops.nested_ops->get_state(NULL, NULL, 0) : 0;
3811 case KVM_CAP_HYPERV_DIRECT_TLBFLUSH:
3812 r = kvm_x86_ops.enable_direct_tlbflush != NULL;
3814 case KVM_CAP_HYPERV_ENLIGHTENED_VMCS:
3815 r = kvm_x86_ops.nested_ops->enable_evmcs != NULL;
3817 case KVM_CAP_SMALLER_MAXPHYADDR:
3818 r = (int) allow_smaller_maxphyaddr;
3820 case KVM_CAP_STEAL_TIME:
3821 r = sched_info_on();
3830 long kvm_arch_dev_ioctl(struct file *filp,
3831 unsigned int ioctl, unsigned long arg)
3833 void __user *argp = (void __user *)arg;
3837 case KVM_GET_MSR_INDEX_LIST: {
3838 struct kvm_msr_list __user *user_msr_list = argp;
3839 struct kvm_msr_list msr_list;
3843 if (copy_from_user(&msr_list, user_msr_list, sizeof(msr_list)))
3846 msr_list.nmsrs = num_msrs_to_save + num_emulated_msrs;
3847 if (copy_to_user(user_msr_list, &msr_list, sizeof(msr_list)))
3850 if (n < msr_list.nmsrs)
3853 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
3854 num_msrs_to_save * sizeof(u32)))
3856 if (copy_to_user(user_msr_list->indices + num_msrs_to_save,
3858 num_emulated_msrs * sizeof(u32)))
3863 case KVM_GET_SUPPORTED_CPUID:
3864 case KVM_GET_EMULATED_CPUID: {
3865 struct kvm_cpuid2 __user *cpuid_arg = argp;
3866 struct kvm_cpuid2 cpuid;
3869 if (copy_from_user(&cpuid, cpuid_arg, sizeof(cpuid)))
3872 r = kvm_dev_ioctl_get_cpuid(&cpuid, cpuid_arg->entries,
3878 if (copy_to_user(cpuid_arg, &cpuid, sizeof(cpuid)))
3883 case KVM_X86_GET_MCE_CAP_SUPPORTED:
3885 if (copy_to_user(argp, &kvm_mce_cap_supported,
3886 sizeof(kvm_mce_cap_supported)))
3890 case KVM_GET_MSR_FEATURE_INDEX_LIST: {
3891 struct kvm_msr_list __user *user_msr_list = argp;
3892 struct kvm_msr_list msr_list;
3896 if (copy_from_user(&msr_list, user_msr_list, sizeof(msr_list)))
3899 msr_list.nmsrs = num_msr_based_features;
3900 if (copy_to_user(user_msr_list, &msr_list, sizeof(msr_list)))
3903 if (n < msr_list.nmsrs)
3906 if (copy_to_user(user_msr_list->indices, &msr_based_features,
3907 num_msr_based_features * sizeof(u32)))
3913 r = msr_io(NULL, argp, do_get_msr_feature, 1);
3915 case KVM_GET_SUPPORTED_HV_CPUID:
3916 r = kvm_ioctl_get_supported_hv_cpuid(NULL, argp);
3926 static void wbinvd_ipi(void *garbage)
3931 static bool need_emulate_wbinvd(struct kvm_vcpu *vcpu)
3933 return kvm_arch_has_noncoherent_dma(vcpu->kvm);
3936 void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
3938 /* Address WBINVD may be executed by guest */
3939 if (need_emulate_wbinvd(vcpu)) {
3940 if (kvm_x86_ops.has_wbinvd_exit())
3941 cpumask_set_cpu(cpu, vcpu->arch.wbinvd_dirty_mask);
3942 else if (vcpu->cpu != -1 && vcpu->cpu != cpu)
3943 smp_call_function_single(vcpu->cpu,
3944 wbinvd_ipi, NULL, 1);
3947 kvm_x86_ops.vcpu_load(vcpu, cpu);
3949 /* Save host pkru register if supported */
3950 vcpu->arch.host_pkru = read_pkru();
3952 /* Apply any externally detected TSC adjustments (due to suspend) */
3953 if (unlikely(vcpu->arch.tsc_offset_adjustment)) {
3954 adjust_tsc_offset_host(vcpu, vcpu->arch.tsc_offset_adjustment);
3955 vcpu->arch.tsc_offset_adjustment = 0;
3956 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
3959 if (unlikely(vcpu->cpu != cpu) || kvm_check_tsc_unstable()) {
3960 s64 tsc_delta = !vcpu->arch.last_host_tsc ? 0 :
3961 rdtsc() - vcpu->arch.last_host_tsc;
3963 mark_tsc_unstable("KVM discovered backwards TSC");
3965 if (kvm_check_tsc_unstable()) {
3966 u64 offset = kvm_compute_tsc_offset(vcpu,
3967 vcpu->arch.last_guest_tsc);
3968 kvm_vcpu_write_tsc_offset(vcpu, offset);
3969 vcpu->arch.tsc_catchup = 1;
3972 if (kvm_lapic_hv_timer_in_use(vcpu))
3973 kvm_lapic_restart_hv_timer(vcpu);
3976 * On a host with synchronized TSC, there is no need to update
3977 * kvmclock on vcpu->cpu migration
3979 if (!vcpu->kvm->arch.use_master_clock || vcpu->cpu == -1)
3980 kvm_make_request(KVM_REQ_GLOBAL_CLOCK_UPDATE, vcpu);
3981 if (vcpu->cpu != cpu)
3982 kvm_make_request(KVM_REQ_MIGRATE_TIMER, vcpu);
3986 kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
3989 static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
3991 struct kvm_host_map map;
3992 struct kvm_steal_time *st;
3994 if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
3997 if (vcpu->arch.st.preempted)
4000 if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map,
4001 &vcpu->arch.st.cache, true))
4005 offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
4007 st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED;
4009 kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true);
4012 void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
4016 if (vcpu->preempted && !vcpu->arch.guest_state_protected)
4017 vcpu->arch.preempted_in_kernel = !kvm_x86_ops.get_cpl(vcpu);
4020 * Disable page faults because we're in atomic context here.
4021 * kvm_write_guest_offset_cached() would call might_fault()
4022 * that relies on pagefault_disable() to tell if there's a
4023 * bug. NOTE: the write to guest memory may not go through if
4024 * during postcopy live migration or if there's heavy guest
4027 pagefault_disable();
4029 * kvm_memslots() will be called by
4030 * kvm_write_guest_offset_cached() so take the srcu lock.
4032 idx = srcu_read_lock(&vcpu->kvm->srcu);
4033 kvm_steal_time_set_preempted(vcpu);
4034 srcu_read_unlock(&vcpu->kvm->srcu, idx);
4036 kvm_x86_ops.vcpu_put(vcpu);
4037 vcpu->arch.last_host_tsc = rdtsc();
4039 * If userspace has set any breakpoints or watchpoints, dr6 is restored
4040 * on every vmexit, but if not, we might have a stale dr6 from the
4041 * guest. do_debug expects dr6 to be cleared after it runs, do the same.
4046 static int kvm_vcpu_ioctl_get_lapic(struct kvm_vcpu *vcpu,
4047 struct kvm_lapic_state *s)
4049 if (vcpu->arch.apicv_active)
4050 kvm_x86_ops.sync_pir_to_irr(vcpu);
4052 return kvm_apic_get_state(vcpu, s);
4055 static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
4056 struct kvm_lapic_state *s)
4060 r = kvm_apic_set_state(vcpu, s);
4063 update_cr8_intercept(vcpu);
4068 static int kvm_cpu_accept_dm_intr(struct kvm_vcpu *vcpu)
4070 return (!lapic_in_kernel(vcpu) ||
4071 kvm_apic_accept_pic_intr(vcpu));
4075 * if userspace requested an interrupt window, check that the
4076 * interrupt window is open.
4078 * No need to exit to userspace if we already have an interrupt queued.
4080 static int kvm_vcpu_ready_for_interrupt_injection(struct kvm_vcpu *vcpu)
4082 return kvm_arch_interrupt_allowed(vcpu) &&
4083 !kvm_cpu_has_interrupt(vcpu) &&
4084 !kvm_event_needs_reinjection(vcpu) &&
4085 kvm_cpu_accept_dm_intr(vcpu);
4088 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
4089 struct kvm_interrupt *irq)
4091 if (irq->irq >= KVM_NR_INTERRUPTS)
4094 if (!irqchip_in_kernel(vcpu->kvm)) {
4095 kvm_queue_interrupt(vcpu, irq->irq, false);
4096 kvm_make_request(KVM_REQ_EVENT, vcpu);
4101 * With in-kernel LAPIC, we only use this to inject EXTINT, so
4102 * fail for in-kernel 8259.
4104 if (pic_in_kernel(vcpu->kvm))
4107 if (vcpu->arch.pending_external_vector != -1)
4110 vcpu->arch.pending_external_vector = irq->irq;
4111 kvm_make_request(KVM_REQ_EVENT, vcpu);
4115 static int kvm_vcpu_ioctl_nmi(struct kvm_vcpu *vcpu)
4117 kvm_inject_nmi(vcpu);
4122 static int kvm_vcpu_ioctl_smi(struct kvm_vcpu *vcpu)
4124 kvm_make_request(KVM_REQ_SMI, vcpu);
4129 static int vcpu_ioctl_tpr_access_reporting(struct kvm_vcpu *vcpu,
4130 struct kvm_tpr_access_ctl *tac)
4134 vcpu->arch.tpr_access_reporting = !!tac->enabled;
4138 static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu,
4142 unsigned bank_num = mcg_cap & 0xff, bank;
4145 if (!bank_num || bank_num > KVM_MAX_MCE_BANKS)
4147 if (mcg_cap & ~(kvm_mce_cap_supported | 0xff | 0xff0000))
4150 vcpu->arch.mcg_cap = mcg_cap;
4151 /* Init IA32_MCG_CTL to all 1s */
4152 if (mcg_cap & MCG_CTL_P)
4153 vcpu->arch.mcg_ctl = ~(u64)0;
4154 /* Init IA32_MCi_CTL to all 1s */
4155 for (bank = 0; bank < bank_num; bank++)
4156 vcpu->arch.mce_banks[bank*4] = ~(u64)0;
4158 kvm_x86_ops.setup_mce(vcpu);
4163 static int kvm_vcpu_ioctl_x86_set_mce(struct kvm_vcpu *vcpu,
4164 struct kvm_x86_mce *mce)
4166 u64 mcg_cap = vcpu->arch.mcg_cap;
4167 unsigned bank_num = mcg_cap & 0xff;
4168 u64 *banks = vcpu->arch.mce_banks;
4170 if (mce->bank >= bank_num || !(mce->status & MCI_STATUS_VAL))
4173 * if IA32_MCG_CTL is not all 1s, the uncorrected error
4174 * reporting is disabled
4176 if ((mce->status & MCI_STATUS_UC) && (mcg_cap & MCG_CTL_P) &&
4177 vcpu->arch.mcg_ctl != ~(u64)0)
4179 banks += 4 * mce->bank;
4181 * if IA32_MCi_CTL is not all 1s, the uncorrected error
4182 * reporting is disabled for the bank
4184 if ((mce->status & MCI_STATUS_UC) && banks[0] != ~(u64)0)
4186 if (mce->status & MCI_STATUS_UC) {
4187 if ((vcpu->arch.mcg_status & MCG_STATUS_MCIP) ||
4188 !kvm_read_cr4_bits(vcpu, X86_CR4_MCE)) {
4189 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
4192 if (banks[1] & MCI_STATUS_VAL)
4193 mce->status |= MCI_STATUS_OVER;
4194 banks[2] = mce->addr;
4195 banks[3] = mce->misc;
4196 vcpu->arch.mcg_status = mce->mcg_status;
4197 banks[1] = mce->status;
4198 kvm_queue_exception(vcpu, MC_VECTOR);
4199 } else if (!(banks[1] & MCI_STATUS_VAL)
4200 || !(banks[1] & MCI_STATUS_UC)) {
4201 if (banks[1] & MCI_STATUS_VAL)
4202 mce->status |= MCI_STATUS_OVER;
4203 banks[2] = mce->addr;
4204 banks[3] = mce->misc;
4205 banks[1] = mce->status;
4207 banks[1] |= MCI_STATUS_OVER;
4211 static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
4212 struct kvm_vcpu_events *events)
4217 * In guest mode, payload delivery should be deferred,
4218 * so that the L1 hypervisor can intercept #PF before
4219 * CR2 is modified (or intercept #DB before DR6 is
4220 * modified under nVMX). Unless the per-VM capability,
4221 * KVM_CAP_EXCEPTION_PAYLOAD, is set, we may not defer the delivery of
4222 * an exception payload and handle after a KVM_GET_VCPU_EVENTS. Since we
4223 * opportunistically defer the exception payload, deliver it if the
4224 * capability hasn't been requested before processing a
4225 * KVM_GET_VCPU_EVENTS.
4227 if (!vcpu->kvm->arch.exception_payload_enabled &&
4228 vcpu->arch.exception.pending && vcpu->arch.exception.has_payload)
4229 kvm_deliver_exception_payload(vcpu);
4232 * The API doesn't provide the instruction length for software
4233 * exceptions, so don't report them. As long as the guest RIP
4234 * isn't advanced, we should expect to encounter the exception
4237 if (kvm_exception_is_soft(vcpu->arch.exception.nr)) {
4238 events->exception.injected = 0;
4239 events->exception.pending = 0;
4241 events->exception.injected = vcpu->arch.exception.injected;
4242 events->exception.pending = vcpu->arch.exception.pending;
4244 * For ABI compatibility, deliberately conflate
4245 * pending and injected exceptions when
4246 * KVM_CAP_EXCEPTION_PAYLOAD isn't enabled.
4248 if (!vcpu->kvm->arch.exception_payload_enabled)
4249 events->exception.injected |=
4250 vcpu->arch.exception.pending;
4252 events->exception.nr = vcpu->arch.exception.nr;
4253 events->exception.has_error_code = vcpu->arch.exception.has_error_code;
4254 events->exception.error_code = vcpu->arch.exception.error_code;
4255 events->exception_has_payload = vcpu->arch.exception.has_payload;
4256 events->exception_payload = vcpu->arch.exception.payload;
4258 events->interrupt.injected =
4259 vcpu->arch.interrupt.injected && !vcpu->arch.interrupt.soft;
4260 events->interrupt.nr = vcpu->arch.interrupt.nr;
4261 events->interrupt.soft = 0;
4262 events->interrupt.shadow = kvm_x86_ops.get_interrupt_shadow(vcpu);
4264 events->nmi.injected = vcpu->arch.nmi_injected;
4265 events->nmi.pending = vcpu->arch.nmi_pending != 0;
4266 events->nmi.masked = kvm_x86_ops.get_nmi_mask(vcpu);
4267 events->nmi.pad = 0;
4269 events->sipi_vector = 0; /* never valid when reporting to user space */
4271 events->smi.smm = is_smm(vcpu);
4272 events->smi.pending = vcpu->arch.smi_pending;
4273 events->smi.smm_inside_nmi =
4274 !!(vcpu->arch.hflags & HF_SMM_INSIDE_NMI_MASK);
4275 events->smi.latched_init = kvm_lapic_latched_init(vcpu);
4277 events->flags = (KVM_VCPUEVENT_VALID_NMI_PENDING
4278 | KVM_VCPUEVENT_VALID_SHADOW
4279 | KVM_VCPUEVENT_VALID_SMM);
4280 if (vcpu->kvm->arch.exception_payload_enabled)
4281 events->flags |= KVM_VCPUEVENT_VALID_PAYLOAD;
4283 memset(&events->reserved, 0, sizeof(events->reserved));
4286 static void kvm_smm_changed(struct kvm_vcpu *vcpu);
4288 static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
4289 struct kvm_vcpu_events *events)
4291 if (events->flags & ~(KVM_VCPUEVENT_VALID_NMI_PENDING
4292 | KVM_VCPUEVENT_VALID_SIPI_VECTOR
4293 | KVM_VCPUEVENT_VALID_SHADOW
4294 | KVM_VCPUEVENT_VALID_SMM
4295 | KVM_VCPUEVENT_VALID_PAYLOAD))
4298 if (events->flags & KVM_VCPUEVENT_VALID_PAYLOAD) {
4299 if (!vcpu->kvm->arch.exception_payload_enabled)
4301 if (events->exception.pending)
4302 events->exception.injected = 0;
4304 events->exception_has_payload = 0;
4306 events->exception.pending = 0;
4307 events->exception_has_payload = 0;
4310 if ((events->exception.injected || events->exception.pending) &&
4311 (events->exception.nr > 31 || events->exception.nr == NMI_VECTOR))
4314 /* INITs are latched while in SMM */
4315 if (events->flags & KVM_VCPUEVENT_VALID_SMM &&
4316 (events->smi.smm || events->smi.pending) &&
4317 vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED)
4321 vcpu->arch.exception.injected = events->exception.injected;
4322 vcpu->arch.exception.pending = events->exception.pending;
4323 vcpu->arch.exception.nr = events->exception.nr;
4324 vcpu->arch.exception.has_error_code = events->exception.has_error_code;
4325 vcpu->arch.exception.error_code = events->exception.error_code;
4326 vcpu->arch.exception.has_payload = events->exception_has_payload;
4327 vcpu->arch.exception.payload = events->exception_payload;
4329 vcpu->arch.interrupt.injected = events->interrupt.injected;
4330 vcpu->arch.interrupt.nr = events->interrupt.nr;
4331 vcpu->arch.interrupt.soft = events->interrupt.soft;
4332 if (events->flags & KVM_VCPUEVENT_VALID_SHADOW)
4333 kvm_x86_ops.set_interrupt_shadow(vcpu,
4334 events->interrupt.shadow);
4336 vcpu->arch.nmi_injected = events->nmi.injected;
4337 if (events->flags & KVM_VCPUEVENT_VALID_NMI_PENDING)
4338 vcpu->arch.nmi_pending = events->nmi.pending;
4339 kvm_x86_ops.set_nmi_mask(vcpu, events->nmi.masked);
4341 if (events->flags & KVM_VCPUEVENT_VALID_SIPI_VECTOR &&
4342 lapic_in_kernel(vcpu))
4343 vcpu->arch.apic->sipi_vector = events->sipi_vector;
4345 if (events->flags & KVM_VCPUEVENT_VALID_SMM) {
4346 if (!!(vcpu->arch.hflags & HF_SMM_MASK) != events->smi.smm) {
4347 if (events->smi.smm)
4348 vcpu->arch.hflags |= HF_SMM_MASK;
4350 vcpu->arch.hflags &= ~HF_SMM_MASK;
4351 kvm_smm_changed(vcpu);
4354 vcpu->arch.smi_pending = events->smi.pending;
4356 if (events->smi.smm) {
4357 if (events->smi.smm_inside_nmi)
4358 vcpu->arch.hflags |= HF_SMM_INSIDE_NMI_MASK;
4360 vcpu->arch.hflags &= ~HF_SMM_INSIDE_NMI_MASK;
4363 if (lapic_in_kernel(vcpu)) {
4364 if (events->smi.latched_init)
4365 set_bit(KVM_APIC_INIT, &vcpu->arch.apic->pending_events);
4367 clear_bit(KVM_APIC_INIT, &vcpu->arch.apic->pending_events);
4371 kvm_make_request(KVM_REQ_EVENT, vcpu);
4376 static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
4377 struct kvm_debugregs *dbgregs)
4381 memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
4382 kvm_get_dr(vcpu, 6, &val);
4384 dbgregs->dr7 = vcpu->arch.dr7;
4386 memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
4389 static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
4390 struct kvm_debugregs *dbgregs)
4395 if (dbgregs->dr6 & ~0xffffffffull)
4397 if (dbgregs->dr7 & ~0xffffffffull)
4400 memcpy(vcpu->arch.db, dbgregs->db, sizeof(vcpu->arch.db));
4401 kvm_update_dr0123(vcpu);
4402 vcpu->arch.dr6 = dbgregs->dr6;
4403 vcpu->arch.dr7 = dbgregs->dr7;
4404 kvm_update_dr7(vcpu);
4409 #define XSTATE_COMPACTION_ENABLED (1ULL << 63)
4411 static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
4413 struct xregs_state *xsave = &vcpu->arch.guest_fpu->state.xsave;
4414 u64 xstate_bv = xsave->header.xfeatures;
4418 * Copy legacy XSAVE area, to avoid complications with CPUID
4419 * leaves 0 and 1 in the loop below.
4421 memcpy(dest, xsave, XSAVE_HDR_OFFSET);
4424 xstate_bv &= vcpu->arch.guest_supported_xcr0 | XFEATURE_MASK_FPSSE;
4425 *(u64 *)(dest + XSAVE_HDR_OFFSET) = xstate_bv;
4428 * Copy each region from the possibly compacted offset to the
4429 * non-compacted offset.
4431 valid = xstate_bv & ~XFEATURE_MASK_FPSSE;
4433 u64 xfeature_mask = valid & -valid;
4434 int xfeature_nr = fls64(xfeature_mask) - 1;
4435 void *src = get_xsave_addr(xsave, xfeature_nr);
4438 u32 size, offset, ecx, edx;
4439 cpuid_count(XSTATE_CPUID, xfeature_nr,
4440 &size, &offset, &ecx, &edx);
4441 if (xfeature_nr == XFEATURE_PKRU)
4442 memcpy(dest + offset, &vcpu->arch.pkru,
4443 sizeof(vcpu->arch.pkru));
4445 memcpy(dest + offset, src, size);
4449 valid -= xfeature_mask;
4453 static void load_xsave(struct kvm_vcpu *vcpu, u8 *src)
4455 struct xregs_state *xsave = &vcpu->arch.guest_fpu->state.xsave;
4456 u64 xstate_bv = *(u64 *)(src + XSAVE_HDR_OFFSET);
4460 * Copy legacy XSAVE area, to avoid complications with CPUID
4461 * leaves 0 and 1 in the loop below.
4463 memcpy(xsave, src, XSAVE_HDR_OFFSET);
4465 /* Set XSTATE_BV and possibly XCOMP_BV. */
4466 xsave->header.xfeatures = xstate_bv;
4467 if (boot_cpu_has(X86_FEATURE_XSAVES))
4468 xsave->header.xcomp_bv = host_xcr0 | XSTATE_COMPACTION_ENABLED;
4471 * Copy each region from the non-compacted offset to the
4472 * possibly compacted offset.
4474 valid = xstate_bv & ~XFEATURE_MASK_FPSSE;
4476 u64 xfeature_mask = valid & -valid;
4477 int xfeature_nr = fls64(xfeature_mask) - 1;
4478 void *dest = get_xsave_addr(xsave, xfeature_nr);
4481 u32 size, offset, ecx, edx;
4482 cpuid_count(XSTATE_CPUID, xfeature_nr,
4483 &size, &offset, &ecx, &edx);
4484 if (xfeature_nr == XFEATURE_PKRU)
4485 memcpy(&vcpu->arch.pkru, src + offset,
4486 sizeof(vcpu->arch.pkru));
4488 memcpy(dest, src + offset, size);
4491 valid -= xfeature_mask;
4495 static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
4496 struct kvm_xsave *guest_xsave)
4498 if (boot_cpu_has(X86_FEATURE_XSAVE)) {
4499 memset(guest_xsave, 0, sizeof(struct kvm_xsave));
4500 fill_xsave((u8 *) guest_xsave->region, vcpu);
4502 memcpy(guest_xsave->region,
4503 &vcpu->arch.guest_fpu->state.fxsave,
4504 sizeof(struct fxregs_state));
4505 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
4506 XFEATURE_MASK_FPSSE;
4510 #define XSAVE_MXCSR_OFFSET 24
4512 static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
4513 struct kvm_xsave *guest_xsave)
4516 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)];
4517 u32 mxcsr = *(u32 *)&guest_xsave->region[XSAVE_MXCSR_OFFSET / sizeof(u32)];
4519 if (boot_cpu_has(X86_FEATURE_XSAVE)) {
4521 * Here we allow setting states that are not present in
4522 * CPUID leaf 0xD, index 0, EDX:EAX. This is for compatibility
4523 * with old userspace.
4525 if (xstate_bv & ~supported_xcr0 || mxcsr & ~mxcsr_feature_mask)
4527 load_xsave(vcpu, (u8 *)guest_xsave->region);
4529 if (xstate_bv & ~XFEATURE_MASK_FPSSE ||
4530 mxcsr & ~mxcsr_feature_mask)
4532 memcpy(&vcpu->arch.guest_fpu->state.fxsave,
4533 guest_xsave->region, sizeof(struct fxregs_state));
4538 static void kvm_vcpu_ioctl_x86_get_xcrs(struct kvm_vcpu *vcpu,
4539 struct kvm_xcrs *guest_xcrs)
4541 if (!boot_cpu_has(X86_FEATURE_XSAVE)) {
4542 guest_xcrs->nr_xcrs = 0;
4546 guest_xcrs->nr_xcrs = 1;
4547 guest_xcrs->flags = 0;
4548 guest_xcrs->xcrs[0].xcr = XCR_XFEATURE_ENABLED_MASK;
4549 guest_xcrs->xcrs[0].value = vcpu->arch.xcr0;
4552 static int kvm_vcpu_ioctl_x86_set_xcrs(struct kvm_vcpu *vcpu,
4553 struct kvm_xcrs *guest_xcrs)
4557 if (!boot_cpu_has(X86_FEATURE_XSAVE))
4560 if (guest_xcrs->nr_xcrs > KVM_MAX_XCRS || guest_xcrs->flags)
4563 for (i = 0; i < guest_xcrs->nr_xcrs; i++)
4564 /* Only support XCR0 currently */
4565 if (guest_xcrs->xcrs[i].xcr == XCR_XFEATURE_ENABLED_MASK) {
4566 r = __kvm_set_xcr(vcpu, XCR_XFEATURE_ENABLED_MASK,
4567 guest_xcrs->xcrs[i].value);
4576 * kvm_set_guest_paused() indicates to the guest kernel that it has been
4577 * stopped by the hypervisor. This function will be called from the host only.
4578 * EINVAL is returned when the host attempts to set the flag for a guest that
4579 * does not support pv clocks.
4581 static int kvm_set_guest_paused(struct kvm_vcpu *vcpu)
4583 if (!vcpu->arch.pv_time_enabled)
4585 vcpu->arch.pvclock_set_guest_stopped_request = true;
4586 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
4590 static int kvm_vcpu_ioctl_enable_cap(struct kvm_vcpu *vcpu,
4591 struct kvm_enable_cap *cap)
4594 uint16_t vmcs_version;
4595 void __user *user_ptr;
4601 case KVM_CAP_HYPERV_SYNIC2:
4606 case KVM_CAP_HYPERV_SYNIC:
4607 if (!irqchip_in_kernel(vcpu->kvm))
4609 return kvm_hv_activate_synic(vcpu, cap->cap ==
4610 KVM_CAP_HYPERV_SYNIC2);
4611 case KVM_CAP_HYPERV_ENLIGHTENED_VMCS:
4612 if (!kvm_x86_ops.nested_ops->enable_evmcs)
4614 r = kvm_x86_ops.nested_ops->enable_evmcs(vcpu, &vmcs_version);
4616 user_ptr = (void __user *)(uintptr_t)cap->args[0];
4617 if (copy_to_user(user_ptr, &vmcs_version,
4618 sizeof(vmcs_version)))
4622 case KVM_CAP_HYPERV_DIRECT_TLBFLUSH:
4623 if (!kvm_x86_ops.enable_direct_tlbflush)
4626 return kvm_x86_ops.enable_direct_tlbflush(vcpu);
4628 case KVM_CAP_ENFORCE_PV_FEATURE_CPUID:
4629 vcpu->arch.pv_cpuid.enforce = cap->args[0];
4630 if (vcpu->arch.pv_cpuid.enforce)
4631 kvm_update_pv_runtime(vcpu);
4640 long kvm_arch_vcpu_ioctl(struct file *filp,
4641 unsigned int ioctl, unsigned long arg)
4643 struct kvm_vcpu *vcpu = filp->private_data;
4644 void __user *argp = (void __user *)arg;
4647 struct kvm_lapic_state *lapic;
4648 struct kvm_xsave *xsave;
4649 struct kvm_xcrs *xcrs;
4657 case KVM_GET_LAPIC: {
4659 if (!lapic_in_kernel(vcpu))
4661 u.lapic = kzalloc(sizeof(struct kvm_lapic_state),
4662 GFP_KERNEL_ACCOUNT);
4667 r = kvm_vcpu_ioctl_get_lapic(vcpu, u.lapic);
4671 if (copy_to_user(argp, u.lapic, sizeof(struct kvm_lapic_state)))
4676 case KVM_SET_LAPIC: {
4678 if (!lapic_in_kernel(vcpu))
4680 u.lapic = memdup_user(argp, sizeof(*u.lapic));
4681 if (IS_ERR(u.lapic)) {
4682 r = PTR_ERR(u.lapic);
4686 r = kvm_vcpu_ioctl_set_lapic(vcpu, u.lapic);
4689 case KVM_INTERRUPT: {
4690 struct kvm_interrupt irq;
4693 if (copy_from_user(&irq, argp, sizeof(irq)))
4695 r = kvm_vcpu_ioctl_interrupt(vcpu, &irq);
4699 r = kvm_vcpu_ioctl_nmi(vcpu);
4703 r = kvm_vcpu_ioctl_smi(vcpu);
4706 case KVM_SET_CPUID: {
4707 struct kvm_cpuid __user *cpuid_arg = argp;
4708 struct kvm_cpuid cpuid;
4711 if (copy_from_user(&cpuid, cpuid_arg, sizeof(cpuid)))
4713 r = kvm_vcpu_ioctl_set_cpuid(vcpu, &cpuid, cpuid_arg->entries);
4716 case KVM_SET_CPUID2: {
4717 struct kvm_cpuid2 __user *cpuid_arg = argp;
4718 struct kvm_cpuid2 cpuid;
4721 if (copy_from_user(&cpuid, cpuid_arg, sizeof(cpuid)))
4723 r = kvm_vcpu_ioctl_set_cpuid2(vcpu, &cpuid,
4724 cpuid_arg->entries);
4727 case KVM_GET_CPUID2: {
4728 struct kvm_cpuid2 __user *cpuid_arg = argp;
4729 struct kvm_cpuid2 cpuid;
4732 if (copy_from_user(&cpuid, cpuid_arg, sizeof(cpuid)))
4734 r = kvm_vcpu_ioctl_get_cpuid2(vcpu, &cpuid,
4735 cpuid_arg->entries);
4739 if (copy_to_user(cpuid_arg, &cpuid, sizeof(cpuid)))
4744 case KVM_GET_MSRS: {
4745 int idx = srcu_read_lock(&vcpu->kvm->srcu);
4746 r = msr_io(vcpu, argp, do_get_msr, 1);
4747 srcu_read_unlock(&vcpu->kvm->srcu, idx);
4750 case KVM_SET_MSRS: {
4751 int idx = srcu_read_lock(&vcpu->kvm->srcu);
4752 r = msr_io(vcpu, argp, do_set_msr, 0);
4753 srcu_read_unlock(&vcpu->kvm->srcu, idx);
4756 case KVM_TPR_ACCESS_REPORTING: {
4757 struct kvm_tpr_access_ctl tac;
4760 if (copy_from_user(&tac, argp, sizeof(tac)))
4762 r = vcpu_ioctl_tpr_access_reporting(vcpu, &tac);
4766 if (copy_to_user(argp, &tac, sizeof(tac)))
4771 case KVM_SET_VAPIC_ADDR: {
4772 struct kvm_vapic_addr va;
4776 if (!lapic_in_kernel(vcpu))
4779 if (copy_from_user(&va, argp, sizeof(va)))
4781 idx = srcu_read_lock(&vcpu->kvm->srcu);
4782 r = kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
4783 srcu_read_unlock(&vcpu->kvm->srcu, idx);
4786 case KVM_X86_SETUP_MCE: {
4790 if (copy_from_user(&mcg_cap, argp, sizeof(mcg_cap)))
4792 r = kvm_vcpu_ioctl_x86_setup_mce(vcpu, mcg_cap);
4795 case KVM_X86_SET_MCE: {
4796 struct kvm_x86_mce mce;
4799 if (copy_from_user(&mce, argp, sizeof(mce)))
4801 r = kvm_vcpu_ioctl_x86_set_mce(vcpu, &mce);
4804 case KVM_GET_VCPU_EVENTS: {
4805 struct kvm_vcpu_events events;
4807 kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
4810 if (copy_to_user(argp, &events, sizeof(struct kvm_vcpu_events)))
4815 case KVM_SET_VCPU_EVENTS: {
4816 struct kvm_vcpu_events events;
4819 if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events)))
4822 r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events);
4825 case KVM_GET_DEBUGREGS: {
4826 struct kvm_debugregs dbgregs;
4828 kvm_vcpu_ioctl_x86_get_debugregs(vcpu, &dbgregs);
4831 if (copy_to_user(argp, &dbgregs,
4832 sizeof(struct kvm_debugregs)))
4837 case KVM_SET_DEBUGREGS: {
4838 struct kvm_debugregs dbgregs;
4841 if (copy_from_user(&dbgregs, argp,
4842 sizeof(struct kvm_debugregs)))
4845 r = kvm_vcpu_ioctl_x86_set_debugregs(vcpu, &dbgregs);
4848 case KVM_GET_XSAVE: {
4849 u.xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL_ACCOUNT);
4854 kvm_vcpu_ioctl_x86_get_xsave(vcpu, u.xsave);
4857 if (copy_to_user(argp, u.xsave, sizeof(struct kvm_xsave)))
4862 case KVM_SET_XSAVE: {
4863 u.xsave = memdup_user(argp, sizeof(*u.xsave));
4864 if (IS_ERR(u.xsave)) {
4865 r = PTR_ERR(u.xsave);
4869 r = kvm_vcpu_ioctl_x86_set_xsave(vcpu, u.xsave);
4872 case KVM_GET_XCRS: {
4873 u.xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL_ACCOUNT);
4878 kvm_vcpu_ioctl_x86_get_xcrs(vcpu, u.xcrs);
4881 if (copy_to_user(argp, u.xcrs,
4882 sizeof(struct kvm_xcrs)))
4887 case KVM_SET_XCRS: {
4888 u.xcrs = memdup_user(argp, sizeof(*u.xcrs));
4889 if (IS_ERR(u.xcrs)) {
4890 r = PTR_ERR(u.xcrs);
4894 r = kvm_vcpu_ioctl_x86_set_xcrs(vcpu, u.xcrs);
4897 case KVM_SET_TSC_KHZ: {
4901 user_tsc_khz = (u32)arg;
4903 if (kvm_has_tsc_control &&
4904 user_tsc_khz >= kvm_max_guest_tsc_khz)
4907 if (user_tsc_khz == 0)
4908 user_tsc_khz = tsc_khz;
4910 if (!kvm_set_tsc_khz(vcpu, user_tsc_khz))
4915 case KVM_GET_TSC_KHZ: {
4916 r = vcpu->arch.virtual_tsc_khz;
4919 case KVM_KVMCLOCK_CTRL: {
4920 r = kvm_set_guest_paused(vcpu);
4923 case KVM_ENABLE_CAP: {
4924 struct kvm_enable_cap cap;
4927 if (copy_from_user(&cap, argp, sizeof(cap)))
4929 r = kvm_vcpu_ioctl_enable_cap(vcpu, &cap);
4932 case KVM_GET_NESTED_STATE: {
4933 struct kvm_nested_state __user *user_kvm_nested_state = argp;
4937 if (!kvm_x86_ops.nested_ops->get_state)
4940 BUILD_BUG_ON(sizeof(user_data_size) != sizeof(user_kvm_nested_state->size));
4942 if (get_user(user_data_size, &user_kvm_nested_state->size))
4945 r = kvm_x86_ops.nested_ops->get_state(vcpu, user_kvm_nested_state,
4950 if (r > user_data_size) {
4951 if (put_user(r, &user_kvm_nested_state->size))
4961 case KVM_SET_NESTED_STATE: {
4962 struct kvm_nested_state __user *user_kvm_nested_state = argp;
4963 struct kvm_nested_state kvm_state;
4967 if (!kvm_x86_ops.nested_ops->set_state)
4971 if (copy_from_user(&kvm_state, user_kvm_nested_state, sizeof(kvm_state)))
4975 if (kvm_state.size < sizeof(kvm_state))
4978 if (kvm_state.flags &
4979 ~(KVM_STATE_NESTED_RUN_PENDING | KVM_STATE_NESTED_GUEST_MODE
4980 | KVM_STATE_NESTED_EVMCS | KVM_STATE_NESTED_MTF_PENDING
4981 | KVM_STATE_NESTED_GIF_SET))
4984 /* nested_run_pending implies guest_mode. */
4985 if ((kvm_state.flags & KVM_STATE_NESTED_RUN_PENDING)
4986 && !(kvm_state.flags & KVM_STATE_NESTED_GUEST_MODE))
4989 idx = srcu_read_lock(&vcpu->kvm->srcu);
4990 r = kvm_x86_ops.nested_ops->set_state(vcpu, user_kvm_nested_state, &kvm_state);
4991 srcu_read_unlock(&vcpu->kvm->srcu, idx);
4994 case KVM_GET_SUPPORTED_HV_CPUID:
4995 r = kvm_ioctl_get_supported_hv_cpuid(vcpu, argp);
5007 vm_fault_t kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf)
5009 return VM_FAULT_SIGBUS;
5012 static int kvm_vm_ioctl_set_tss_addr(struct kvm *kvm, unsigned long addr)
5016 if (addr > (unsigned int)(-3 * PAGE_SIZE))
5018 ret = kvm_x86_ops.set_tss_addr(kvm, addr);
5022 static int kvm_vm_ioctl_set_identity_map_addr(struct kvm *kvm,
5025 return kvm_x86_ops.set_identity_map_addr(kvm, ident_addr);
5028 static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm,
5029 unsigned long kvm_nr_mmu_pages)
5031 if (kvm_nr_mmu_pages < KVM_MIN_ALLOC_MMU_PAGES)
5034 mutex_lock(&kvm->slots_lock);
5036 kvm_mmu_change_mmu_pages(kvm, kvm_nr_mmu_pages);
5037 kvm->arch.n_requested_mmu_pages = kvm_nr_mmu_pages;
5039 mutex_unlock(&kvm->slots_lock);
5043 static unsigned long kvm_vm_ioctl_get_nr_mmu_pages(struct kvm *kvm)
5045 return kvm->arch.n_max_mmu_pages;
5048 static int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
5050 struct kvm_pic *pic = kvm->arch.vpic;
5054 switch (chip->chip_id) {
5055 case KVM_IRQCHIP_PIC_MASTER:
5056 memcpy(&chip->chip.pic, &pic->pics[0],
5057 sizeof(struct kvm_pic_state));
5059 case KVM_IRQCHIP_PIC_SLAVE:
5060 memcpy(&chip->chip.pic, &pic->pics[1],
5061 sizeof(struct kvm_pic_state));
5063 case KVM_IRQCHIP_IOAPIC:
5064 kvm_get_ioapic(kvm, &chip->chip.ioapic);
5073 static int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
5075 struct kvm_pic *pic = kvm->arch.vpic;
5079 switch (chip->chip_id) {
5080 case KVM_IRQCHIP_PIC_MASTER:
5081 spin_lock(&pic->lock);
5082 memcpy(&pic->pics[0], &chip->chip.pic,
5083 sizeof(struct kvm_pic_state));
5084 spin_unlock(&pic->lock);
5086 case KVM_IRQCHIP_PIC_SLAVE:
5087 spin_lock(&pic->lock);
5088 memcpy(&pic->pics[1], &chip->chip.pic,
5089 sizeof(struct kvm_pic_state));
5090 spin_unlock(&pic->lock);
5092 case KVM_IRQCHIP_IOAPIC:
5093 kvm_set_ioapic(kvm, &chip->chip.ioapic);
5099 kvm_pic_update_irq(pic);
5103 static int kvm_vm_ioctl_get_pit(struct kvm *kvm, struct kvm_pit_state *ps)
5105 struct kvm_kpit_state *kps = &kvm->arch.vpit->pit_state;
5107 BUILD_BUG_ON(sizeof(*ps) != sizeof(kps->channels));
5109 mutex_lock(&kps->lock);
5110 memcpy(ps, &kps->channels, sizeof(*ps));
5111 mutex_unlock(&kps->lock);
5115 static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps)
5118 struct kvm_pit *pit = kvm->arch.vpit;
5120 mutex_lock(&pit->pit_state.lock);
5121 memcpy(&pit->pit_state.channels, ps, sizeof(*ps));
5122 for (i = 0; i < 3; i++)
5123 kvm_pit_load_count(pit, i, ps->channels[i].count, 0);
5124 mutex_unlock(&pit->pit_state.lock);
5128 static int kvm_vm_ioctl_get_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
5130 mutex_lock(&kvm->arch.vpit->pit_state.lock);
5131 memcpy(ps->channels, &kvm->arch.vpit->pit_state.channels,
5132 sizeof(ps->channels));
5133 ps->flags = kvm->arch.vpit->pit_state.flags;
5134 mutex_unlock(&kvm->arch.vpit->pit_state.lock);
5135 memset(&ps->reserved, 0, sizeof(ps->reserved));
5139 static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
5143 u32 prev_legacy, cur_legacy;
5144 struct kvm_pit *pit = kvm->arch.vpit;
5146 mutex_lock(&pit->pit_state.lock);
5147 prev_legacy = pit->pit_state.flags & KVM_PIT_FLAGS_HPET_LEGACY;
5148 cur_legacy = ps->flags & KVM_PIT_FLAGS_HPET_LEGACY;
5149 if (!prev_legacy && cur_legacy)
5151 memcpy(&pit->pit_state.channels, &ps->channels,
5152 sizeof(pit->pit_state.channels));
5153 pit->pit_state.flags = ps->flags;
5154 for (i = 0; i < 3; i++)
5155 kvm_pit_load_count(pit, i, pit->pit_state.channels[i].count,
5157 mutex_unlock(&pit->pit_state.lock);
5161 static int kvm_vm_ioctl_reinject(struct kvm *kvm,
5162 struct kvm_reinject_control *control)
5164 struct kvm_pit *pit = kvm->arch.vpit;
5166 /* pit->pit_state.lock was overloaded to prevent userspace from getting
5167 * an inconsistent state after running multiple KVM_REINJECT_CONTROL
5168 * ioctls in parallel. Use a separate lock if that ioctl isn't rare.
5170 mutex_lock(&pit->pit_state.lock);
5171 kvm_pit_set_reinject(pit, control->pit_reinject);
5172 mutex_unlock(&pit->pit_state.lock);
5177 void kvm_arch_sync_dirty_log(struct kvm *kvm, struct kvm_memory_slot *memslot)
5180 * Flush potentially hardware-cached dirty pages to dirty_bitmap.
5182 if (kvm_x86_ops.flush_log_dirty)
5183 kvm_x86_ops.flush_log_dirty(kvm);
5186 int kvm_vm_ioctl_irq_line(struct kvm *kvm, struct kvm_irq_level *irq_event,
5189 if (!irqchip_in_kernel(kvm))
5192 irq_event->status = kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID,
5193 irq_event->irq, irq_event->level,
5198 int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
5199 struct kvm_enable_cap *cap)
5207 case KVM_CAP_DISABLE_QUIRKS:
5208 kvm->arch.disabled_quirks = cap->args[0];
5211 case KVM_CAP_SPLIT_IRQCHIP: {
5212 mutex_lock(&kvm->lock);
5214 if (cap->args[0] > MAX_NR_RESERVED_IOAPIC_PINS)
5215 goto split_irqchip_unlock;
5217 if (irqchip_in_kernel(kvm))
5218 goto split_irqchip_unlock;
5219 if (kvm->created_vcpus)
5220 goto split_irqchip_unlock;
5221 r = kvm_setup_empty_irq_routing(kvm);
5223 goto split_irqchip_unlock;
5224 /* Pairs with irqchip_in_kernel. */
5226 kvm->arch.irqchip_mode = KVM_IRQCHIP_SPLIT;
5227 kvm->arch.nr_reserved_ioapic_pins = cap->args[0];
5229 split_irqchip_unlock:
5230 mutex_unlock(&kvm->lock);
5233 case KVM_CAP_X2APIC_API:
5235 if (cap->args[0] & ~KVM_X2APIC_API_VALID_FLAGS)
5238 if (cap->args[0] & KVM_X2APIC_API_USE_32BIT_IDS)
5239 kvm->arch.x2apic_format = true;
5240 if (cap->args[0] & KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK)
5241 kvm->arch.x2apic_broadcast_quirk_disabled = true;
5245 case KVM_CAP_X86_DISABLE_EXITS:
5247 if (cap->args[0] & ~KVM_X86_DISABLE_VALID_EXITS)
5250 if ((cap->args[0] & KVM_X86_DISABLE_EXITS_MWAIT) &&
5251 kvm_can_mwait_in_guest())
5252 kvm->arch.mwait_in_guest = true;
5253 if (cap->args[0] & KVM_X86_DISABLE_EXITS_HLT)
5254 kvm->arch.hlt_in_guest = true;
5255 if (cap->args[0] & KVM_X86_DISABLE_EXITS_PAUSE)
5256 kvm->arch.pause_in_guest = true;
5257 if (cap->args[0] & KVM_X86_DISABLE_EXITS_CSTATE)
5258 kvm->arch.cstate_in_guest = true;
5261 case KVM_CAP_MSR_PLATFORM_INFO:
5262 kvm->arch.guest_can_read_msr_platform_info = cap->args[0];
5265 case KVM_CAP_EXCEPTION_PAYLOAD:
5266 kvm->arch.exception_payload_enabled = cap->args[0];
5269 case KVM_CAP_X86_USER_SPACE_MSR:
5270 kvm->arch.user_space_msr_mask = cap->args[0];
5280 static void kvm_clear_msr_filter(struct kvm *kvm)
5283 u32 count = kvm->arch.msr_filter.count;
5284 struct msr_bitmap_range ranges[16];
5286 mutex_lock(&kvm->lock);
5287 kvm->arch.msr_filter.count = 0;
5288 memcpy(ranges, kvm->arch.msr_filter.ranges, count * sizeof(ranges[0]));
5289 mutex_unlock(&kvm->lock);
5290 synchronize_srcu(&kvm->srcu);
5292 for (i = 0; i < count; i++)
5293 kfree(ranges[i].bitmap);
5296 static int kvm_add_msr_filter(struct kvm *kvm, struct kvm_msr_filter_range *user_range)
5298 struct msr_bitmap_range *ranges = kvm->arch.msr_filter.ranges;
5299 struct msr_bitmap_range range;
5300 unsigned long *bitmap = NULL;
5304 if (!user_range->nmsrs)
5307 bitmap_size = BITS_TO_LONGS(user_range->nmsrs) * sizeof(long);
5308 if (!bitmap_size || bitmap_size > KVM_MSR_FILTER_MAX_BITMAP_SIZE)
5311 bitmap = memdup_user((__user u8*)user_range->bitmap, bitmap_size);
5313 return PTR_ERR(bitmap);
5315 range = (struct msr_bitmap_range) {
5316 .flags = user_range->flags,
5317 .base = user_range->base,
5318 .nmsrs = user_range->nmsrs,
5322 if (range.flags & ~(KVM_MSR_FILTER_READ | KVM_MSR_FILTER_WRITE)) {
5332 /* Everything ok, add this range identifier to our global pool */
5333 ranges[kvm->arch.msr_filter.count] = range;
5334 /* Make sure we filled the array before we tell anyone to walk it */
5336 kvm->arch.msr_filter.count++;
5344 static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp)
5346 struct kvm_msr_filter __user *user_msr_filter = argp;
5347 struct kvm_msr_filter filter;
5353 if (copy_from_user(&filter, user_msr_filter, sizeof(filter)))
5356 for (i = 0; i < ARRAY_SIZE(filter.ranges); i++)
5357 empty &= !filter.ranges[i].nmsrs;
5359 default_allow = !(filter.flags & KVM_MSR_FILTER_DEFAULT_DENY);
5360 if (empty && !default_allow)
5363 kvm_clear_msr_filter(kvm);
5365 kvm->arch.msr_filter.default_allow = default_allow;
5368 * Protect from concurrent calls to this function that could trigger
5369 * a TOCTOU violation on kvm->arch.msr_filter.count.
5371 mutex_lock(&kvm->lock);
5372 for (i = 0; i < ARRAY_SIZE(filter.ranges); i++) {
5373 r = kvm_add_msr_filter(kvm, &filter.ranges[i]);
5378 kvm_make_all_cpus_request(kvm, KVM_REQ_MSR_FILTER_CHANGED);
5379 mutex_unlock(&kvm->lock);
5384 long kvm_arch_vm_ioctl(struct file *filp,
5385 unsigned int ioctl, unsigned long arg)
5387 struct kvm *kvm = filp->private_data;
5388 void __user *argp = (void __user *)arg;
5391 * This union makes it completely explicit to gcc-3.x
5392 * that these two variables' stack usage should be
5393 * combined, not added together.
5396 struct kvm_pit_state ps;
5397 struct kvm_pit_state2 ps2;
5398 struct kvm_pit_config pit_config;
5402 case KVM_SET_TSS_ADDR:
5403 r = kvm_vm_ioctl_set_tss_addr(kvm, arg);
5405 case KVM_SET_IDENTITY_MAP_ADDR: {
5408 mutex_lock(&kvm->lock);
5410 if (kvm->created_vcpus)
5411 goto set_identity_unlock;
5413 if (copy_from_user(&ident_addr, argp, sizeof(ident_addr)))
5414 goto set_identity_unlock;
5415 r = kvm_vm_ioctl_set_identity_map_addr(kvm, ident_addr);
5416 set_identity_unlock:
5417 mutex_unlock(&kvm->lock);
5420 case KVM_SET_NR_MMU_PAGES:
5421 r = kvm_vm_ioctl_set_nr_mmu_pages(kvm, arg);
5423 case KVM_GET_NR_MMU_PAGES:
5424 r = kvm_vm_ioctl_get_nr_mmu_pages(kvm);
5426 case KVM_CREATE_IRQCHIP: {
5427 mutex_lock(&kvm->lock);
5430 if (irqchip_in_kernel(kvm))
5431 goto create_irqchip_unlock;
5434 if (kvm->created_vcpus)
5435 goto create_irqchip_unlock;
5437 r = kvm_pic_init(kvm);
5439 goto create_irqchip_unlock;
5441 r = kvm_ioapic_init(kvm);
5443 kvm_pic_destroy(kvm);
5444 goto create_irqchip_unlock;
5447 r = kvm_setup_default_irq_routing(kvm);
5449 kvm_ioapic_destroy(kvm);
5450 kvm_pic_destroy(kvm);
5451 goto create_irqchip_unlock;
5453 /* Write kvm->irq_routing before enabling irqchip_in_kernel. */
5455 kvm->arch.irqchip_mode = KVM_IRQCHIP_KERNEL;
5456 create_irqchip_unlock:
5457 mutex_unlock(&kvm->lock);
5460 case KVM_CREATE_PIT:
5461 u.pit_config.flags = KVM_PIT_SPEAKER_DUMMY;
5463 case KVM_CREATE_PIT2:
5465 if (copy_from_user(&u.pit_config, argp,
5466 sizeof(struct kvm_pit_config)))
5469 mutex_lock(&kvm->lock);
5472 goto create_pit_unlock;
5474 kvm->arch.vpit = kvm_create_pit(kvm, u.pit_config.flags);
5478 mutex_unlock(&kvm->lock);
5480 case KVM_GET_IRQCHIP: {
5481 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
5482 struct kvm_irqchip *chip;
5484 chip = memdup_user(argp, sizeof(*chip));
5491 if (!irqchip_kernel(kvm))
5492 goto get_irqchip_out;
5493 r = kvm_vm_ioctl_get_irqchip(kvm, chip);
5495 goto get_irqchip_out;
5497 if (copy_to_user(argp, chip, sizeof(*chip)))
5498 goto get_irqchip_out;
5504 case KVM_SET_IRQCHIP: {
5505 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
5506 struct kvm_irqchip *chip;
5508 chip = memdup_user(argp, sizeof(*chip));
5515 if (!irqchip_kernel(kvm))
5516 goto set_irqchip_out;
5517 r = kvm_vm_ioctl_set_irqchip(kvm, chip);
5524 if (copy_from_user(&u.ps, argp, sizeof(struct kvm_pit_state)))
5527 if (!kvm->arch.vpit)
5529 r = kvm_vm_ioctl_get_pit(kvm, &u.ps);
5533 if (copy_to_user(argp, &u.ps, sizeof(struct kvm_pit_state)))
5540 if (copy_from_user(&u.ps, argp, sizeof(u.ps)))
5542 mutex_lock(&kvm->lock);
5544 if (!kvm->arch.vpit)
5546 r = kvm_vm_ioctl_set_pit(kvm, &u.ps);
5548 mutex_unlock(&kvm->lock);
5551 case KVM_GET_PIT2: {
5553 if (!kvm->arch.vpit)
5555 r = kvm_vm_ioctl_get_pit2(kvm, &u.ps2);
5559 if (copy_to_user(argp, &u.ps2, sizeof(u.ps2)))
5564 case KVM_SET_PIT2: {
5566 if (copy_from_user(&u.ps2, argp, sizeof(u.ps2)))
5568 mutex_lock(&kvm->lock);
5570 if (!kvm->arch.vpit)
5572 r = kvm_vm_ioctl_set_pit2(kvm, &u.ps2);
5574 mutex_unlock(&kvm->lock);
5577 case KVM_REINJECT_CONTROL: {
5578 struct kvm_reinject_control control;
5580 if (copy_from_user(&control, argp, sizeof(control)))
5583 if (!kvm->arch.vpit)
5585 r = kvm_vm_ioctl_reinject(kvm, &control);
5588 case KVM_SET_BOOT_CPU_ID:
5590 mutex_lock(&kvm->lock);
5591 if (kvm->created_vcpus)
5594 kvm->arch.bsp_vcpu_id = arg;
5595 mutex_unlock(&kvm->lock);
5597 case KVM_XEN_HVM_CONFIG: {
5598 struct kvm_xen_hvm_config xhc;
5600 if (copy_from_user(&xhc, argp, sizeof(xhc)))
5605 memcpy(&kvm->arch.xen_hvm_config, &xhc, sizeof(xhc));
5609 case KVM_SET_CLOCK: {
5610 struct kvm_clock_data user_ns;
5614 if (copy_from_user(&user_ns, argp, sizeof(user_ns)))
5623 * TODO: userspace has to take care of races with VCPU_RUN, so
5624 * kvm_gen_update_masterclock() can be cut down to locked
5625 * pvclock_update_vm_gtod_copy().
5627 kvm_gen_update_masterclock(kvm);
5628 now_ns = get_kvmclock_ns(kvm);
5629 kvm->arch.kvmclock_offset += user_ns.clock - now_ns;
5630 kvm_make_all_cpus_request(kvm, KVM_REQ_CLOCK_UPDATE);
5633 case KVM_GET_CLOCK: {
5634 struct kvm_clock_data user_ns;
5637 now_ns = get_kvmclock_ns(kvm);
5638 user_ns.clock = now_ns;
5639 user_ns.flags = kvm->arch.use_master_clock ? KVM_CLOCK_TSC_STABLE : 0;
5640 memset(&user_ns.pad, 0, sizeof(user_ns.pad));
5643 if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
5648 case KVM_MEMORY_ENCRYPT_OP: {
5650 if (kvm_x86_ops.mem_enc_op)
5651 r = kvm_x86_ops.mem_enc_op(kvm, argp);
5654 case KVM_MEMORY_ENCRYPT_REG_REGION: {
5655 struct kvm_enc_region region;
5658 if (copy_from_user(®ion, argp, sizeof(region)))
5662 if (kvm_x86_ops.mem_enc_reg_region)
5663 r = kvm_x86_ops.mem_enc_reg_region(kvm, ®ion);
5666 case KVM_MEMORY_ENCRYPT_UNREG_REGION: {
5667 struct kvm_enc_region region;
5670 if (copy_from_user(®ion, argp, sizeof(region)))
5674 if (kvm_x86_ops.mem_enc_unreg_region)
5675 r = kvm_x86_ops.mem_enc_unreg_region(kvm, ®ion);
5678 case KVM_HYPERV_EVENTFD: {
5679 struct kvm_hyperv_eventfd hvevfd;
5682 if (copy_from_user(&hvevfd, argp, sizeof(hvevfd)))
5684 r = kvm_vm_ioctl_hv_eventfd(kvm, &hvevfd);
5687 case KVM_SET_PMU_EVENT_FILTER:
5688 r = kvm_vm_ioctl_set_pmu_event_filter(kvm, argp);
5690 case KVM_X86_SET_MSR_FILTER:
5691 r = kvm_vm_ioctl_set_msr_filter(kvm, argp);
5700 static void kvm_init_msr_list(void)
5702 struct x86_pmu_capability x86_pmu;
5706 BUILD_BUG_ON_MSG(INTEL_PMC_MAX_FIXED != 4,
5707 "Please update the fixed PMCs in msrs_to_saved_all[]");
5709 perf_get_x86_pmu_capability(&x86_pmu);
5711 num_msrs_to_save = 0;
5712 num_emulated_msrs = 0;
5713 num_msr_based_features = 0;
5715 for (i = 0; i < ARRAY_SIZE(msrs_to_save_all); i++) {
5716 if (rdmsr_safe(msrs_to_save_all[i], &dummy[0], &dummy[1]) < 0)
5720 * Even MSRs that are valid in the host may not be exposed
5721 * to the guests in some cases.
5723 switch (msrs_to_save_all[i]) {
5724 case MSR_IA32_BNDCFGS:
5725 if (!kvm_mpx_supported())
5729 if (!kvm_cpu_cap_has(X86_FEATURE_RDTSCP))
5732 case MSR_IA32_UMWAIT_CONTROL:
5733 if (!kvm_cpu_cap_has(X86_FEATURE_WAITPKG))
5736 case MSR_IA32_RTIT_CTL:
5737 case MSR_IA32_RTIT_STATUS:
5738 if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT))
5741 case MSR_IA32_RTIT_CR3_MATCH:
5742 if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT) ||
5743 !intel_pt_validate_hw_cap(PT_CAP_cr3_filtering))
5746 case MSR_IA32_RTIT_OUTPUT_BASE:
5747 case MSR_IA32_RTIT_OUTPUT_MASK:
5748 if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT) ||
5749 (!intel_pt_validate_hw_cap(PT_CAP_topa_output) &&
5750 !intel_pt_validate_hw_cap(PT_CAP_single_range_output)))
5753 case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
5754 if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT) ||
5755 msrs_to_save_all[i] - MSR_IA32_RTIT_ADDR0_A >=
5756 intel_pt_validate_hw_cap(PT_CAP_num_address_ranges) * 2)
5759 case MSR_ARCH_PERFMON_PERFCTR0 ... MSR_ARCH_PERFMON_PERFCTR0 + 17:
5760 if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_PERFCTR0 >=
5761 min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp))
5764 case MSR_ARCH_PERFMON_EVENTSEL0 ... MSR_ARCH_PERFMON_EVENTSEL0 + 17:
5765 if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_EVENTSEL0 >=
5766 min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp))
5773 msrs_to_save[num_msrs_to_save++] = msrs_to_save_all[i];
5776 for (i = 0; i < ARRAY_SIZE(emulated_msrs_all); i++) {
5777 if (!kvm_x86_ops.has_emulated_msr(emulated_msrs_all[i]))
5780 emulated_msrs[num_emulated_msrs++] = emulated_msrs_all[i];
5783 for (i = 0; i < ARRAY_SIZE(msr_based_features_all); i++) {
5784 struct kvm_msr_entry msr;
5786 msr.index = msr_based_features_all[i];
5787 if (kvm_get_msr_feature(&msr))
5790 msr_based_features[num_msr_based_features++] = msr_based_features_all[i];
5794 static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len,
5802 if (!(lapic_in_kernel(vcpu) &&
5803 !kvm_iodevice_write(vcpu, &vcpu->arch.apic->dev, addr, n, v))
5804 && kvm_io_bus_write(vcpu, KVM_MMIO_BUS, addr, n, v))
5815 static int vcpu_mmio_read(struct kvm_vcpu *vcpu, gpa_t addr, int len, void *v)
5822 if (!(lapic_in_kernel(vcpu) &&
5823 !kvm_iodevice_read(vcpu, &vcpu->arch.apic->dev,
5825 && kvm_io_bus_read(vcpu, KVM_MMIO_BUS, addr, n, v))
5827 trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, v);
5837 static void kvm_set_segment(struct kvm_vcpu *vcpu,
5838 struct kvm_segment *var, int seg)
5840 kvm_x86_ops.set_segment(vcpu, var, seg);
5843 void kvm_get_segment(struct kvm_vcpu *vcpu,
5844 struct kvm_segment *var, int seg)
5846 kvm_x86_ops.get_segment(vcpu, var, seg);
5849 gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access,
5850 struct x86_exception *exception)
5854 BUG_ON(!mmu_is_nested(vcpu));
5856 /* NPT walks are always user-walks */
5857 access |= PFERR_USER_MASK;
5858 t_gpa = vcpu->arch.mmu->gva_to_gpa(vcpu, gpa, access, exception);
5863 gpa_t kvm_mmu_gva_to_gpa_read(struct kvm_vcpu *vcpu, gva_t gva,
5864 struct x86_exception *exception)
5866 u32 access = (kvm_x86_ops.get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
5867 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
5870 gpa_t kvm_mmu_gva_to_gpa_fetch(struct kvm_vcpu *vcpu, gva_t gva,
5871 struct x86_exception *exception)
5873 u32 access = (kvm_x86_ops.get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
5874 access |= PFERR_FETCH_MASK;
5875 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
5878 gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu, gva_t gva,
5879 struct x86_exception *exception)
5881 u32 access = (kvm_x86_ops.get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
5882 access |= PFERR_WRITE_MASK;
5883 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
5886 /* uses this to access any guest's mapped memory without checking CPL */
5887 gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
5888 struct x86_exception *exception)
5890 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, 0, exception);
5893 static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
5894 struct kvm_vcpu *vcpu, u32 access,
5895 struct x86_exception *exception)
5898 int r = X86EMUL_CONTINUE;
5901 gpa_t gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr, access,
5903 unsigned offset = addr & (PAGE_SIZE-1);
5904 unsigned toread = min(bytes, (unsigned)PAGE_SIZE - offset);
5907 if (gpa == UNMAPPED_GVA)
5908 return X86EMUL_PROPAGATE_FAULT;
5909 ret = kvm_vcpu_read_guest_page(vcpu, gpa >> PAGE_SHIFT, data,
5912 r = X86EMUL_IO_NEEDED;
5924 /* used for instruction fetching */
5925 static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
5926 gva_t addr, void *val, unsigned int bytes,
5927 struct x86_exception *exception)
5929 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
5930 u32 access = (kvm_x86_ops.get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
5934 /* Inline kvm_read_guest_virt_helper for speed. */
5935 gpa_t gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr, access|PFERR_FETCH_MASK,
5937 if (unlikely(gpa == UNMAPPED_GVA))
5938 return X86EMUL_PROPAGATE_FAULT;
5940 offset = addr & (PAGE_SIZE-1);
5941 if (WARN_ON(offset + bytes > PAGE_SIZE))
5942 bytes = (unsigned)PAGE_SIZE - offset;
5943 ret = kvm_vcpu_read_guest_page(vcpu, gpa >> PAGE_SHIFT, val,
5945 if (unlikely(ret < 0))
5946 return X86EMUL_IO_NEEDED;
5948 return X86EMUL_CONTINUE;
5951 int kvm_read_guest_virt(struct kvm_vcpu *vcpu,
5952 gva_t addr, void *val, unsigned int bytes,
5953 struct x86_exception *exception)
5955 u32 access = (kvm_x86_ops.get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
5958 * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
5959 * is returned, but our callers are not ready for that and they blindly
5960 * call kvm_inject_page_fault. Ensure that they at least do not leak
5961 * uninitialized kernel stack memory into cr2 and error code.
5963 memset(exception, 0, sizeof(*exception));
5964 return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,
5967 EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
5969 static int emulator_read_std(struct x86_emulate_ctxt *ctxt,
5970 gva_t addr, void *val, unsigned int bytes,
5971 struct x86_exception *exception, bool system)
5973 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
5976 if (!system && kvm_x86_ops.get_cpl(vcpu) == 3)
5977 access |= PFERR_USER_MASK;
5979 return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access, exception);
5982 static int kvm_read_guest_phys_system(struct x86_emulate_ctxt *ctxt,
5983 unsigned long addr, void *val, unsigned int bytes)
5985 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
5986 int r = kvm_vcpu_read_guest(vcpu, addr, val, bytes);
5988 return r < 0 ? X86EMUL_IO_NEEDED : X86EMUL_CONTINUE;
5991 static int kvm_write_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
5992 struct kvm_vcpu *vcpu, u32 access,
5993 struct x86_exception *exception)
5996 int r = X86EMUL_CONTINUE;
5999 gpa_t gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr,
6002 unsigned offset = addr & (PAGE_SIZE-1);
6003 unsigned towrite = min(bytes, (unsigned)PAGE_SIZE - offset);
6006 if (gpa == UNMAPPED_GVA)
6007 return X86EMUL_PROPAGATE_FAULT;
6008 ret = kvm_vcpu_write_guest(vcpu, gpa, data, towrite);
6010 r = X86EMUL_IO_NEEDED;
6022 static int emulator_write_std(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val,
6023 unsigned int bytes, struct x86_exception *exception,
6026 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6027 u32 access = PFERR_WRITE_MASK;
6029 if (!system && kvm_x86_ops.get_cpl(vcpu) == 3)
6030 access |= PFERR_USER_MASK;
6032 return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
6036 int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val,
6037 unsigned int bytes, struct x86_exception *exception)
6039 /* kvm_write_guest_virt_system can pull in tons of pages. */
6040 vcpu->arch.l1tf_flush_l1d = true;
6042 return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
6043 PFERR_WRITE_MASK, exception);
6045 EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system);
6047 int handle_ud(struct kvm_vcpu *vcpu)
6049 static const char kvm_emulate_prefix[] = { __KVM_EMULATE_PREFIX };
6050 int emul_type = EMULTYPE_TRAP_UD;
6051 char sig[5]; /* ud2; .ascii "kvm" */
6052 struct x86_exception e;
6054 if (unlikely(!kvm_x86_ops.can_emulate_instruction(vcpu, NULL, 0)))
6057 if (force_emulation_prefix &&
6058 kvm_read_guest_virt(vcpu, kvm_get_linear_rip(vcpu),
6059 sig, sizeof(sig), &e) == 0 &&
6060 memcmp(sig, kvm_emulate_prefix, sizeof(sig)) == 0) {
6061 kvm_rip_write(vcpu, kvm_rip_read(vcpu) + sizeof(sig));
6062 emul_type = EMULTYPE_TRAP_UD_FORCED;
6065 return kvm_emulate_instruction(vcpu, emul_type);
6067 EXPORT_SYMBOL_GPL(handle_ud);
6069 static int vcpu_is_mmio_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
6070 gpa_t gpa, bool write)
6072 /* For APIC access vmexit */
6073 if ((gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE)
6076 if (vcpu_match_mmio_gpa(vcpu, gpa)) {
6077 trace_vcpu_match_mmio(gva, gpa, write, true);
6084 static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
6085 gpa_t *gpa, struct x86_exception *exception,
6088 u32 access = ((kvm_x86_ops.get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0)
6089 | (write ? PFERR_WRITE_MASK : 0);
6092 * currently PKRU is only applied to ept enabled guest so
6093 * there is no pkey in EPT page table for L1 guest or EPT
6094 * shadow page table for L2 guest.
6096 if (vcpu_match_mmio_gva(vcpu, gva)
6097 && !permission_fault(vcpu, vcpu->arch.walk_mmu,
6098 vcpu->arch.mmio_access, 0, access)) {
6099 *gpa = vcpu->arch.mmio_gfn << PAGE_SHIFT |
6100 (gva & (PAGE_SIZE - 1));
6101 trace_vcpu_match_mmio(gva, *gpa, write, false);
6105 *gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
6107 if (*gpa == UNMAPPED_GVA)
6110 return vcpu_is_mmio_gpa(vcpu, gva, *gpa, write);
6113 int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
6114 const void *val, int bytes)
6118 ret = kvm_vcpu_write_guest(vcpu, gpa, val, bytes);
6121 kvm_page_track_write(vcpu, gpa, val, bytes);
6125 struct read_write_emulator_ops {
6126 int (*read_write_prepare)(struct kvm_vcpu *vcpu, void *val,
6128 int (*read_write_emulate)(struct kvm_vcpu *vcpu, gpa_t gpa,
6129 void *val, int bytes);
6130 int (*read_write_mmio)(struct kvm_vcpu *vcpu, gpa_t gpa,
6131 int bytes, void *val);
6132 int (*read_write_exit_mmio)(struct kvm_vcpu *vcpu, gpa_t gpa,
6133 void *val, int bytes);
6137 static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes)
6139 if (vcpu->mmio_read_completed) {
6140 trace_kvm_mmio(KVM_TRACE_MMIO_READ, bytes,
6141 vcpu->mmio_fragments[0].gpa, val);
6142 vcpu->mmio_read_completed = 0;
6149 static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
6150 void *val, int bytes)
6152 return !kvm_vcpu_read_guest(vcpu, gpa, val, bytes);
6155 static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
6156 void *val, int bytes)
6158 return emulator_write_phys(vcpu, gpa, val, bytes);
6161 static int write_mmio(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes, void *val)
6163 trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, val);
6164 return vcpu_mmio_write(vcpu, gpa, bytes, val);
6167 static int read_exit_mmio(struct kvm_vcpu *vcpu, gpa_t gpa,
6168 void *val, int bytes)
6170 trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, NULL);
6171 return X86EMUL_IO_NEEDED;
6174 static int write_exit_mmio(struct kvm_vcpu *vcpu, gpa_t gpa,
6175 void *val, int bytes)
6177 struct kvm_mmio_fragment *frag = &vcpu->mmio_fragments[0];
6179 memcpy(vcpu->run->mmio.data, frag->data, min(8u, frag->len));
6180 return X86EMUL_CONTINUE;
6183 static const struct read_write_emulator_ops read_emultor = {
6184 .read_write_prepare = read_prepare,
6185 .read_write_emulate = read_emulate,
6186 .read_write_mmio = vcpu_mmio_read,
6187 .read_write_exit_mmio = read_exit_mmio,
6190 static const struct read_write_emulator_ops write_emultor = {
6191 .read_write_emulate = write_emulate,
6192 .read_write_mmio = write_mmio,
6193 .read_write_exit_mmio = write_exit_mmio,
6197 static int emulator_read_write_onepage(unsigned long addr, void *val,
6199 struct x86_exception *exception,
6200 struct kvm_vcpu *vcpu,
6201 const struct read_write_emulator_ops *ops)
6205 bool write = ops->write;
6206 struct kvm_mmio_fragment *frag;
6207 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
6210 * If the exit was due to a NPF we may already have a GPA.
6211 * If the GPA is present, use it to avoid the GVA to GPA table walk.
6212 * Note, this cannot be used on string operations since string
6213 * operation using rep will only have the initial GPA from the NPF
6216 if (ctxt->gpa_available && emulator_can_use_gpa(ctxt) &&
6217 (addr & ~PAGE_MASK) == (ctxt->gpa_val & ~PAGE_MASK)) {
6218 gpa = ctxt->gpa_val;
6219 ret = vcpu_is_mmio_gpa(vcpu, addr, gpa, write);
6221 ret = vcpu_mmio_gva_to_gpa(vcpu, addr, &gpa, exception, write);
6223 return X86EMUL_PROPAGATE_FAULT;
6226 if (!ret && ops->read_write_emulate(vcpu, gpa, val, bytes))
6227 return X86EMUL_CONTINUE;
6230 * Is this MMIO handled locally?
6232 handled = ops->read_write_mmio(vcpu, gpa, bytes, val);
6233 if (handled == bytes)
6234 return X86EMUL_CONTINUE;
6240 WARN_ON(vcpu->mmio_nr_fragments >= KVM_MAX_MMIO_FRAGMENTS);
6241 frag = &vcpu->mmio_fragments[vcpu->mmio_nr_fragments++];
6245 return X86EMUL_CONTINUE;
6248 static int emulator_read_write(struct x86_emulate_ctxt *ctxt,
6250 void *val, unsigned int bytes,
6251 struct x86_exception *exception,
6252 const struct read_write_emulator_ops *ops)
6254 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6258 if (ops->read_write_prepare &&
6259 ops->read_write_prepare(vcpu, val, bytes))
6260 return X86EMUL_CONTINUE;
6262 vcpu->mmio_nr_fragments = 0;
6264 /* Crossing a page boundary? */
6265 if (((addr + bytes - 1) ^ addr) & PAGE_MASK) {
6268 now = -addr & ~PAGE_MASK;
6269 rc = emulator_read_write_onepage(addr, val, now, exception,
6272 if (rc != X86EMUL_CONTINUE)
6275 if (ctxt->mode != X86EMUL_MODE_PROT64)
6281 rc = emulator_read_write_onepage(addr, val, bytes, exception,
6283 if (rc != X86EMUL_CONTINUE)
6286 if (!vcpu->mmio_nr_fragments)
6289 gpa = vcpu->mmio_fragments[0].gpa;
6291 vcpu->mmio_needed = 1;
6292 vcpu->mmio_cur_fragment = 0;
6294 vcpu->run->mmio.len = min(8u, vcpu->mmio_fragments[0].len);
6295 vcpu->run->mmio.is_write = vcpu->mmio_is_write = ops->write;
6296 vcpu->run->exit_reason = KVM_EXIT_MMIO;
6297 vcpu->run->mmio.phys_addr = gpa;
6299 return ops->read_write_exit_mmio(vcpu, gpa, val, bytes);
6302 static int emulator_read_emulated(struct x86_emulate_ctxt *ctxt,
6306 struct x86_exception *exception)
6308 return emulator_read_write(ctxt, addr, val, bytes,
6309 exception, &read_emultor);
6312 static int emulator_write_emulated(struct x86_emulate_ctxt *ctxt,
6316 struct x86_exception *exception)
6318 return emulator_read_write(ctxt, addr, (void *)val, bytes,
6319 exception, &write_emultor);
6322 #define CMPXCHG_TYPE(t, ptr, old, new) \
6323 (cmpxchg((t *)(ptr), *(t *)(old), *(t *)(new)) == *(t *)(old))
6325 #ifdef CONFIG_X86_64
6326 # define CMPXCHG64(ptr, old, new) CMPXCHG_TYPE(u64, ptr, old, new)
6328 # define CMPXCHG64(ptr, old, new) \
6329 (cmpxchg64((u64 *)(ptr), *(u64 *)(old), *(u64 *)(new)) == *(u64 *)(old))
6332 static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
6337 struct x86_exception *exception)
6339 struct kvm_host_map map;
6340 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6346 /* guests cmpxchg8b have to be emulated atomically */
6347 if (bytes > 8 || (bytes & (bytes - 1)))
6350 gpa = kvm_mmu_gva_to_gpa_write(vcpu, addr, NULL);
6352 if (gpa == UNMAPPED_GVA ||
6353 (gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE)
6357 * Emulate the atomic as a straight write to avoid #AC if SLD is
6358 * enabled in the host and the access splits a cache line.
6360 if (boot_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT))
6361 page_line_mask = ~(cache_line_size() - 1);
6363 page_line_mask = PAGE_MASK;
6365 if (((gpa + bytes - 1) & page_line_mask) != (gpa & page_line_mask))
6368 if (kvm_vcpu_map(vcpu, gpa_to_gfn(gpa), &map))
6371 kaddr = map.hva + offset_in_page(gpa);
6375 exchanged = CMPXCHG_TYPE(u8, kaddr, old, new);
6378 exchanged = CMPXCHG_TYPE(u16, kaddr, old, new);
6381 exchanged = CMPXCHG_TYPE(u32, kaddr, old, new);
6384 exchanged = CMPXCHG64(kaddr, old, new);
6390 kvm_vcpu_unmap(vcpu, &map, true);
6393 return X86EMUL_CMPXCHG_FAILED;
6395 kvm_page_track_write(vcpu, gpa, new, bytes);
6397 return X86EMUL_CONTINUE;
6400 printk_once(KERN_WARNING "kvm: emulating exchange as write\n");
6402 return emulator_write_emulated(ctxt, addr, new, bytes, exception);
6405 static int kernel_pio(struct kvm_vcpu *vcpu, void *pd)
6409 for (i = 0; i < vcpu->arch.pio.count; i++) {
6410 if (vcpu->arch.pio.in)
6411 r = kvm_io_bus_read(vcpu, KVM_PIO_BUS, vcpu->arch.pio.port,
6412 vcpu->arch.pio.size, pd);
6414 r = kvm_io_bus_write(vcpu, KVM_PIO_BUS,
6415 vcpu->arch.pio.port, vcpu->arch.pio.size,
6419 pd += vcpu->arch.pio.size;
6424 static int emulator_pio_in_out(struct kvm_vcpu *vcpu, int size,
6425 unsigned short port, void *val,
6426 unsigned int count, bool in)
6428 vcpu->arch.pio.port = port;
6429 vcpu->arch.pio.in = in;
6430 vcpu->arch.pio.count = count;
6431 vcpu->arch.pio.size = size;
6433 if (!kernel_pio(vcpu, vcpu->arch.pio_data)) {
6434 vcpu->arch.pio.count = 0;
6438 vcpu->run->exit_reason = KVM_EXIT_IO;
6439 vcpu->run->io.direction = in ? KVM_EXIT_IO_IN : KVM_EXIT_IO_OUT;
6440 vcpu->run->io.size = size;
6441 vcpu->run->io.data_offset = KVM_PIO_PAGE_OFFSET * PAGE_SIZE;
6442 vcpu->run->io.count = count;
6443 vcpu->run->io.port = port;
6448 static int emulator_pio_in(struct kvm_vcpu *vcpu, int size,
6449 unsigned short port, void *val, unsigned int count)
6453 if (vcpu->arch.pio.count)
6456 memset(vcpu->arch.pio_data, 0, size * count);
6458 ret = emulator_pio_in_out(vcpu, size, port, val, count, true);
6461 memcpy(val, vcpu->arch.pio_data, size * count);
6462 trace_kvm_pio(KVM_PIO_IN, port, size, count, vcpu->arch.pio_data);
6463 vcpu->arch.pio.count = 0;
6470 static int emulator_pio_in_emulated(struct x86_emulate_ctxt *ctxt,
6471 int size, unsigned short port, void *val,
6474 return emulator_pio_in(emul_to_vcpu(ctxt), size, port, val, count);
6478 static int emulator_pio_out(struct kvm_vcpu *vcpu, int size,
6479 unsigned short port, const void *val,
6482 memcpy(vcpu->arch.pio_data, val, size * count);
6483 trace_kvm_pio(KVM_PIO_OUT, port, size, count, vcpu->arch.pio_data);
6484 return emulator_pio_in_out(vcpu, size, port, (void *)val, count, false);
6487 static int emulator_pio_out_emulated(struct x86_emulate_ctxt *ctxt,
6488 int size, unsigned short port,
6489 const void *val, unsigned int count)
6491 return emulator_pio_out(emul_to_vcpu(ctxt), size, port, val, count);
6494 static unsigned long get_segment_base(struct kvm_vcpu *vcpu, int seg)
6496 return kvm_x86_ops.get_segment_base(vcpu, seg);
6499 static void emulator_invlpg(struct x86_emulate_ctxt *ctxt, ulong address)
6501 kvm_mmu_invlpg(emul_to_vcpu(ctxt), address);
6504 static int kvm_emulate_wbinvd_noskip(struct kvm_vcpu *vcpu)
6506 if (!need_emulate_wbinvd(vcpu))
6507 return X86EMUL_CONTINUE;
6509 if (kvm_x86_ops.has_wbinvd_exit()) {
6510 int cpu = get_cpu();
6512 cpumask_set_cpu(cpu, vcpu->arch.wbinvd_dirty_mask);
6513 smp_call_function_many(vcpu->arch.wbinvd_dirty_mask,
6514 wbinvd_ipi, NULL, 1);
6516 cpumask_clear(vcpu->arch.wbinvd_dirty_mask);
6519 return X86EMUL_CONTINUE;
6522 int kvm_emulate_wbinvd(struct kvm_vcpu *vcpu)
6524 kvm_emulate_wbinvd_noskip(vcpu);
6525 return kvm_skip_emulated_instruction(vcpu);
6527 EXPORT_SYMBOL_GPL(kvm_emulate_wbinvd);
6531 static void emulator_wbinvd(struct x86_emulate_ctxt *ctxt)
6533 kvm_emulate_wbinvd_noskip(emul_to_vcpu(ctxt));
6536 static int emulator_get_dr(struct x86_emulate_ctxt *ctxt, int dr,
6537 unsigned long *dest)
6539 return kvm_get_dr(emul_to_vcpu(ctxt), dr, dest);
6542 static int emulator_set_dr(struct x86_emulate_ctxt *ctxt, int dr,
6543 unsigned long value)
6546 return __kvm_set_dr(emul_to_vcpu(ctxt), dr, value);
6549 static u64 mk_cr_64(u64 curr_cr, u32 new_val)
6551 return (curr_cr & ~((1ULL << 32) - 1)) | new_val;
6554 static unsigned long emulator_get_cr(struct x86_emulate_ctxt *ctxt, int cr)
6556 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6557 unsigned long value;
6561 value = kvm_read_cr0(vcpu);
6564 value = vcpu->arch.cr2;
6567 value = kvm_read_cr3(vcpu);
6570 value = kvm_read_cr4(vcpu);
6573 value = kvm_get_cr8(vcpu);
6576 kvm_err("%s: unexpected cr %u\n", __func__, cr);
6583 static int emulator_set_cr(struct x86_emulate_ctxt *ctxt, int cr, ulong val)
6585 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6590 res = kvm_set_cr0(vcpu, mk_cr_64(kvm_read_cr0(vcpu), val));
6593 vcpu->arch.cr2 = val;
6596 res = kvm_set_cr3(vcpu, val);
6599 res = kvm_set_cr4(vcpu, mk_cr_64(kvm_read_cr4(vcpu), val));
6602 res = kvm_set_cr8(vcpu, val);
6605 kvm_err("%s: unexpected cr %u\n", __func__, cr);
6612 static int emulator_get_cpl(struct x86_emulate_ctxt *ctxt)
6614 return kvm_x86_ops.get_cpl(emul_to_vcpu(ctxt));
6617 static void emulator_get_gdt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
6619 kvm_x86_ops.get_gdt(emul_to_vcpu(ctxt), dt);
6622 static void emulator_get_idt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
6624 kvm_x86_ops.get_idt(emul_to_vcpu(ctxt), dt);
6627 static void emulator_set_gdt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
6629 kvm_x86_ops.set_gdt(emul_to_vcpu(ctxt), dt);
6632 static void emulator_set_idt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
6634 kvm_x86_ops.set_idt(emul_to_vcpu(ctxt), dt);
6637 static unsigned long emulator_get_cached_segment_base(
6638 struct x86_emulate_ctxt *ctxt, int seg)
6640 return get_segment_base(emul_to_vcpu(ctxt), seg);
6643 static bool emulator_get_segment(struct x86_emulate_ctxt *ctxt, u16 *selector,
6644 struct desc_struct *desc, u32 *base3,
6647 struct kvm_segment var;
6649 kvm_get_segment(emul_to_vcpu(ctxt), &var, seg);
6650 *selector = var.selector;
6653 memset(desc, 0, sizeof(*desc));
6661 set_desc_limit(desc, var.limit);
6662 set_desc_base(desc, (unsigned long)var.base);
6663 #ifdef CONFIG_X86_64
6665 *base3 = var.base >> 32;
6667 desc->type = var.type;
6669 desc->dpl = var.dpl;
6670 desc->p = var.present;
6671 desc->avl = var.avl;
6679 static void emulator_set_segment(struct x86_emulate_ctxt *ctxt, u16 selector,
6680 struct desc_struct *desc, u32 base3,
6683 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6684 struct kvm_segment var;
6686 var.selector = selector;
6687 var.base = get_desc_base(desc);
6688 #ifdef CONFIG_X86_64
6689 var.base |= ((u64)base3) << 32;
6691 var.limit = get_desc_limit(desc);
6693 var.limit = (var.limit << 12) | 0xfff;
6694 var.type = desc->type;
6695 var.dpl = desc->dpl;
6700 var.avl = desc->avl;
6701 var.present = desc->p;
6702 var.unusable = !var.present;
6705 kvm_set_segment(vcpu, &var, seg);
6709 static int emulator_get_msr(struct x86_emulate_ctxt *ctxt,
6710 u32 msr_index, u64 *pdata)
6712 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6715 r = kvm_get_msr(vcpu, msr_index, pdata);
6717 if (r && kvm_get_msr_user_space(vcpu, msr_index, r)) {
6718 /* Bounce to user space */
6719 return X86EMUL_IO_NEEDED;
6725 static int emulator_set_msr(struct x86_emulate_ctxt *ctxt,
6726 u32 msr_index, u64 data)
6728 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6731 r = kvm_set_msr(vcpu, msr_index, data);
6733 if (r && kvm_set_msr_user_space(vcpu, msr_index, data, r)) {
6734 /* Bounce to user space */
6735 return X86EMUL_IO_NEEDED;
6741 static u64 emulator_get_smbase(struct x86_emulate_ctxt *ctxt)
6743 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6745 return vcpu->arch.smbase;
6748 static void emulator_set_smbase(struct x86_emulate_ctxt *ctxt, u64 smbase)
6750 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
6752 vcpu->arch.smbase = smbase;
6755 static int emulator_check_pmc(struct x86_emulate_ctxt *ctxt,
6758 return kvm_pmu_is_valid_rdpmc_ecx(emul_to_vcpu(ctxt), pmc);
6761 static int emulator_read_pmc(struct x86_emulate_ctxt *ctxt,
6762 u32 pmc, u64 *pdata)
6764 return kvm_pmu_rdpmc(emul_to_vcpu(ctxt), pmc, pdata);
6767 static void emulator_halt(struct x86_emulate_ctxt *ctxt)
6769 emul_to_vcpu(ctxt)->arch.halt_request = 1;
6772 static int emulator_intercept(struct x86_emulate_ctxt *ctxt,
6773 struct x86_instruction_info *info,
6774 enum x86_intercept_stage stage)
6776 return kvm_x86_ops.check_intercept(emul_to_vcpu(ctxt), info, stage,
6780 static bool emulator_get_cpuid(struct x86_emulate_ctxt *ctxt,
6781 u32 *eax, u32 *ebx, u32 *ecx, u32 *edx,
6784 return kvm_cpuid(emul_to_vcpu(ctxt), eax, ebx, ecx, edx, exact_only);
6787 static bool emulator_guest_has_long_mode(struct x86_emulate_ctxt *ctxt)
6789 return guest_cpuid_has(emul_to_vcpu(ctxt), X86_FEATURE_LM);
6792 static bool emulator_guest_has_movbe(struct x86_emulate_ctxt *ctxt)
6794 return guest_cpuid_has(emul_to_vcpu(ctxt), X86_FEATURE_MOVBE);
6797 static bool emulator_guest_has_fxsr(struct x86_emulate_ctxt *ctxt)
6799 return guest_cpuid_has(emul_to_vcpu(ctxt), X86_FEATURE_FXSR);
6802 static ulong emulator_read_gpr(struct x86_emulate_ctxt *ctxt, unsigned reg)
6804 return kvm_register_read(emul_to_vcpu(ctxt), reg);
6807 static void emulator_write_gpr(struct x86_emulate_ctxt *ctxt, unsigned reg, ulong val)
6809 kvm_register_write(emul_to_vcpu(ctxt), reg, val);
6812 static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
6814 kvm_x86_ops.set_nmi_mask(emul_to_vcpu(ctxt), masked);
6817 static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt)
6819 return emul_to_vcpu(ctxt)->arch.hflags;
6822 static void emulator_set_hflags(struct x86_emulate_ctxt *ctxt, unsigned emul_flags)
6824 emul_to_vcpu(ctxt)->arch.hflags = emul_flags;
6827 static int emulator_pre_leave_smm(struct x86_emulate_ctxt *ctxt,
6828 const char *smstate)
6830 return kvm_x86_ops.pre_leave_smm(emul_to_vcpu(ctxt), smstate);
6833 static void emulator_post_leave_smm(struct x86_emulate_ctxt *ctxt)
6835 kvm_smm_changed(emul_to_vcpu(ctxt));
6838 static int emulator_set_xcr(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr)
6840 return __kvm_set_xcr(emul_to_vcpu(ctxt), index, xcr);
6843 static const struct x86_emulate_ops emulate_ops = {
6844 .read_gpr = emulator_read_gpr,
6845 .write_gpr = emulator_write_gpr,
6846 .read_std = emulator_read_std,
6847 .write_std = emulator_write_std,
6848 .read_phys = kvm_read_guest_phys_system,
6849 .fetch = kvm_fetch_guest_virt,
6850 .read_emulated = emulator_read_emulated,
6851 .write_emulated = emulator_write_emulated,
6852 .cmpxchg_emulated = emulator_cmpxchg_emulated,
6853 .invlpg = emulator_invlpg,
6854 .pio_in_emulated = emulator_pio_in_emulated,
6855 .pio_out_emulated = emulator_pio_out_emulated,
6856 .get_segment = emulator_get_segment,
6857 .set_segment = emulator_set_segment,
6858 .get_cached_segment_base = emulator_get_cached_segment_base,
6859 .get_gdt = emulator_get_gdt,
6860 .get_idt = emulator_get_idt,
6861 .set_gdt = emulator_set_gdt,
6862 .set_idt = emulator_set_idt,
6863 .get_cr = emulator_get_cr,
6864 .set_cr = emulator_set_cr,
6865 .cpl = emulator_get_cpl,
6866 .get_dr = emulator_get_dr,
6867 .set_dr = emulator_set_dr,
6868 .get_smbase = emulator_get_smbase,
6869 .set_smbase = emulator_set_smbase,
6870 .set_msr = emulator_set_msr,
6871 .get_msr = emulator_get_msr,
6872 .check_pmc = emulator_check_pmc,
6873 .read_pmc = emulator_read_pmc,
6874 .halt = emulator_halt,
6875 .wbinvd = emulator_wbinvd,
6876 .fix_hypercall = emulator_fix_hypercall,
6877 .intercept = emulator_intercept,
6878 .get_cpuid = emulator_get_cpuid,
6879 .guest_has_long_mode = emulator_guest_has_long_mode,
6880 .guest_has_movbe = emulator_guest_has_movbe,
6881 .guest_has_fxsr = emulator_guest_has_fxsr,
6882 .set_nmi_mask = emulator_set_nmi_mask,
6883 .get_hflags = emulator_get_hflags,
6884 .set_hflags = emulator_set_hflags,
6885 .pre_leave_smm = emulator_pre_leave_smm,
6886 .post_leave_smm = emulator_post_leave_smm,
6887 .set_xcr = emulator_set_xcr,
6890 static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask)
6892 u32 int_shadow = kvm_x86_ops.get_interrupt_shadow(vcpu);
6894 * an sti; sti; sequence only disable interrupts for the first
6895 * instruction. So, if the last instruction, be it emulated or
6896 * not, left the system with the INT_STI flag enabled, it
6897 * means that the last instruction is an sti. We should not
6898 * leave the flag on in this case. The same goes for mov ss
6900 if (int_shadow & mask)
6902 if (unlikely(int_shadow || mask)) {
6903 kvm_x86_ops.set_interrupt_shadow(vcpu, mask);
6905 kvm_make_request(KVM_REQ_EVENT, vcpu);
6909 static bool inject_emulated_exception(struct kvm_vcpu *vcpu)
6911 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
6912 if (ctxt->exception.vector == PF_VECTOR)
6913 return kvm_inject_emulated_page_fault(vcpu, &ctxt->exception);
6915 if (ctxt->exception.error_code_valid)
6916 kvm_queue_exception_e(vcpu, ctxt->exception.vector,
6917 ctxt->exception.error_code);
6919 kvm_queue_exception(vcpu, ctxt->exception.vector);
6923 static struct x86_emulate_ctxt *alloc_emulate_ctxt(struct kvm_vcpu *vcpu)
6925 struct x86_emulate_ctxt *ctxt;
6927 ctxt = kmem_cache_zalloc(x86_emulator_cache, GFP_KERNEL_ACCOUNT);
6929 pr_err("kvm: failed to allocate vcpu's emulator\n");
6934 ctxt->ops = &emulate_ops;
6935 vcpu->arch.emulate_ctxt = ctxt;
6940 static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
6942 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
6945 kvm_x86_ops.get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
6947 ctxt->gpa_available = false;
6948 ctxt->eflags = kvm_get_rflags(vcpu);
6949 ctxt->tf = (ctxt->eflags & X86_EFLAGS_TF) != 0;
6951 ctxt->eip = kvm_rip_read(vcpu);
6952 ctxt->mode = (!is_protmode(vcpu)) ? X86EMUL_MODE_REAL :
6953 (ctxt->eflags & X86_EFLAGS_VM) ? X86EMUL_MODE_VM86 :
6954 (cs_l && is_long_mode(vcpu)) ? X86EMUL_MODE_PROT64 :
6955 cs_db ? X86EMUL_MODE_PROT32 :
6956 X86EMUL_MODE_PROT16;
6957 BUILD_BUG_ON(HF_GUEST_MASK != X86EMUL_GUEST_MASK);
6958 BUILD_BUG_ON(HF_SMM_MASK != X86EMUL_SMM_MASK);
6959 BUILD_BUG_ON(HF_SMM_INSIDE_NMI_MASK != X86EMUL_SMM_INSIDE_NMI_MASK);
6961 init_decode_cache(ctxt);
6962 vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
6965 void kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
6967 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
6970 init_emulate_ctxt(vcpu);
6974 ctxt->_eip = ctxt->eip + inc_eip;
6975 ret = emulate_int_real(ctxt, irq);
6977 if (ret != X86EMUL_CONTINUE) {
6978 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
6980 ctxt->eip = ctxt->_eip;
6981 kvm_rip_write(vcpu, ctxt->eip);
6982 kvm_set_rflags(vcpu, ctxt->eflags);
6985 EXPORT_SYMBOL_GPL(kvm_inject_realmode_interrupt);
6987 static int handle_emulation_failure(struct kvm_vcpu *vcpu, int emulation_type)
6989 ++vcpu->stat.insn_emulation_fail;
6990 trace_kvm_emulate_insn_failed(vcpu);
6992 if (emulation_type & EMULTYPE_VMWARE_GP) {
6993 kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
6997 if (emulation_type & EMULTYPE_SKIP) {
6998 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
6999 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
7000 vcpu->run->internal.ndata = 0;
7004 kvm_queue_exception(vcpu, UD_VECTOR);
7006 if (!is_guest_mode(vcpu) && kvm_x86_ops.get_cpl(vcpu) == 0) {
7007 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
7008 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
7009 vcpu->run->internal.ndata = 0;
7016 static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
7017 bool write_fault_to_shadow_pgtable,
7020 gpa_t gpa = cr2_or_gpa;
7023 if (!(emulation_type & EMULTYPE_ALLOW_RETRY_PF))
7026 if (WARN_ON_ONCE(is_guest_mode(vcpu)) ||
7027 WARN_ON_ONCE(!(emulation_type & EMULTYPE_PF)))
7030 if (!vcpu->arch.mmu->direct_map) {
7032 * Write permission should be allowed since only
7033 * write access need to be emulated.
7035 gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
7038 * If the mapping is invalid in guest, let cpu retry
7039 * it to generate fault.
7041 if (gpa == UNMAPPED_GVA)
7046 * Do not retry the unhandleable instruction if it faults on the
7047 * readonly host memory, otherwise it will goto a infinite loop:
7048 * retry instruction -> write #PF -> emulation fail -> retry
7049 * instruction -> ...
7051 pfn = gfn_to_pfn(vcpu->kvm, gpa_to_gfn(gpa));
7054 * If the instruction failed on the error pfn, it can not be fixed,
7055 * report the error to userspace.
7057 if (is_error_noslot_pfn(pfn))
7060 kvm_release_pfn_clean(pfn);
7062 /* The instructions are well-emulated on direct mmu. */
7063 if (vcpu->arch.mmu->direct_map) {
7064 unsigned int indirect_shadow_pages;
7066 spin_lock(&vcpu->kvm->mmu_lock);
7067 indirect_shadow_pages = vcpu->kvm->arch.indirect_shadow_pages;
7068 spin_unlock(&vcpu->kvm->mmu_lock);
7070 if (indirect_shadow_pages)
7071 kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
7077 * if emulation was due to access to shadowed page table
7078 * and it failed try to unshadow page and re-enter the
7079 * guest to let CPU execute the instruction.
7081 kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
7084 * If the access faults on its page table, it can not
7085 * be fixed by unprotecting shadow page and it should
7086 * be reported to userspace.
7088 return !write_fault_to_shadow_pgtable;
7091 static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
7092 gpa_t cr2_or_gpa, int emulation_type)
7094 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
7095 unsigned long last_retry_eip, last_retry_addr, gpa = cr2_or_gpa;
7097 last_retry_eip = vcpu->arch.last_retry_eip;
7098 last_retry_addr = vcpu->arch.last_retry_addr;
7101 * If the emulation is caused by #PF and it is non-page_table
7102 * writing instruction, it means the VM-EXIT is caused by shadow
7103 * page protected, we can zap the shadow page and retry this
7104 * instruction directly.
7106 * Note: if the guest uses a non-page-table modifying instruction
7107 * on the PDE that points to the instruction, then we will unmap
7108 * the instruction and go to an infinite loop. So, we cache the
7109 * last retried eip and the last fault address, if we meet the eip
7110 * and the address again, we can break out of the potential infinite
7113 vcpu->arch.last_retry_eip = vcpu->arch.last_retry_addr = 0;
7115 if (!(emulation_type & EMULTYPE_ALLOW_RETRY_PF))
7118 if (WARN_ON_ONCE(is_guest_mode(vcpu)) ||
7119 WARN_ON_ONCE(!(emulation_type & EMULTYPE_PF)))
7122 if (x86_page_table_writing_insn(ctxt))
7125 if (ctxt->eip == last_retry_eip && last_retry_addr == cr2_or_gpa)
7128 vcpu->arch.last_retry_eip = ctxt->eip;
7129 vcpu->arch.last_retry_addr = cr2_or_gpa;
7131 if (!vcpu->arch.mmu->direct_map)
7132 gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
7134 kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
7139 static int complete_emulated_mmio(struct kvm_vcpu *vcpu);
7140 static int complete_emulated_pio(struct kvm_vcpu *vcpu);
7142 static void kvm_smm_changed(struct kvm_vcpu *vcpu)
7144 if (!(vcpu->arch.hflags & HF_SMM_MASK)) {
7145 /* This is a good place to trace that we are exiting SMM. */
7146 trace_kvm_enter_smm(vcpu->vcpu_id, vcpu->arch.smbase, false);
7148 /* Process a latched INIT or SMI, if any. */
7149 kvm_make_request(KVM_REQ_EVENT, vcpu);
7152 kvm_mmu_reset_context(vcpu);
7155 static int kvm_vcpu_check_hw_bp(unsigned long addr, u32 type, u32 dr7,
7164 for (i = 0; i < 4; i++, enable >>= 2, rwlen >>= 4)
7165 if ((enable & 3) && (rwlen & 15) == type && db[i] == addr)
7170 static int kvm_vcpu_do_singlestep(struct kvm_vcpu *vcpu)
7172 struct kvm_run *kvm_run = vcpu->run;
7174 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) {
7175 kvm_run->debug.arch.dr6 = DR6_BS | DR6_FIXED_1 | DR6_RTM;
7176 kvm_run->debug.arch.pc = kvm_get_linear_rip(vcpu);
7177 kvm_run->debug.arch.exception = DB_VECTOR;
7178 kvm_run->exit_reason = KVM_EXIT_DEBUG;
7181 kvm_queue_exception_p(vcpu, DB_VECTOR, DR6_BS);
7185 int kvm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
7187 unsigned long rflags = kvm_x86_ops.get_rflags(vcpu);
7190 r = kvm_x86_ops.skip_emulated_instruction(vcpu);
7195 * rflags is the old, "raw" value of the flags. The new value has
7196 * not been saved yet.
7198 * This is correct even for TF set by the guest, because "the
7199 * processor will not generate this exception after the instruction
7200 * that sets the TF flag".
7202 if (unlikely(rflags & X86_EFLAGS_TF))
7203 r = kvm_vcpu_do_singlestep(vcpu);
7206 EXPORT_SYMBOL_GPL(kvm_skip_emulated_instruction);
7208 static bool kvm_vcpu_check_breakpoint(struct kvm_vcpu *vcpu, int *r)
7210 if (unlikely(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) &&
7211 (vcpu->arch.guest_debug_dr7 & DR7_BP_EN_MASK)) {
7212 struct kvm_run *kvm_run = vcpu->run;
7213 unsigned long eip = kvm_get_linear_rip(vcpu);
7214 u32 dr6 = kvm_vcpu_check_hw_bp(eip, 0,
7215 vcpu->arch.guest_debug_dr7,
7219 kvm_run->debug.arch.dr6 = dr6 | DR6_FIXED_1 | DR6_RTM;
7220 kvm_run->debug.arch.pc = eip;
7221 kvm_run->debug.arch.exception = DB_VECTOR;
7222 kvm_run->exit_reason = KVM_EXIT_DEBUG;
7228 if (unlikely(vcpu->arch.dr7 & DR7_BP_EN_MASK) &&
7229 !(kvm_get_rflags(vcpu) & X86_EFLAGS_RF)) {
7230 unsigned long eip = kvm_get_linear_rip(vcpu);
7231 u32 dr6 = kvm_vcpu_check_hw_bp(eip, 0,
7236 kvm_queue_exception_p(vcpu, DB_VECTOR, dr6);
7245 static bool is_vmware_backdoor_opcode(struct x86_emulate_ctxt *ctxt)
7247 switch (ctxt->opcode_len) {
7254 case 0xe6: /* OUT */
7258 case 0x6c: /* INS */
7260 case 0x6e: /* OUTS */
7267 case 0x33: /* RDPMC */
7276 int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
7277 int emulation_type, void *insn, int insn_len)
7280 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
7281 bool writeback = true;
7282 bool write_fault_to_spt;
7284 if (unlikely(!kvm_x86_ops.can_emulate_instruction(vcpu, insn, insn_len)))
7287 vcpu->arch.l1tf_flush_l1d = true;
7290 * Clear write_fault_to_shadow_pgtable here to ensure it is
7293 write_fault_to_spt = vcpu->arch.write_fault_to_shadow_pgtable;
7294 vcpu->arch.write_fault_to_shadow_pgtable = false;
7295 kvm_clear_exception_queue(vcpu);
7297 if (!(emulation_type & EMULTYPE_NO_DECODE)) {
7298 init_emulate_ctxt(vcpu);
7301 * We will reenter on the same instruction since
7302 * we do not set complete_userspace_io. This does not
7303 * handle watchpoints yet, those would be handled in
7306 if (!(emulation_type & EMULTYPE_SKIP) &&
7307 kvm_vcpu_check_breakpoint(vcpu, &r))
7310 ctxt->interruptibility = 0;
7311 ctxt->have_exception = false;
7312 ctxt->exception.vector = -1;
7313 ctxt->perm_ok = false;
7315 ctxt->ud = emulation_type & EMULTYPE_TRAP_UD;
7317 r = x86_decode_insn(ctxt, insn, insn_len);
7319 trace_kvm_emulate_insn_start(vcpu);
7320 ++vcpu->stat.insn_emulation;
7321 if (r != EMULATION_OK) {
7322 if ((emulation_type & EMULTYPE_TRAP_UD) ||
7323 (emulation_type & EMULTYPE_TRAP_UD_FORCED)) {
7324 kvm_queue_exception(vcpu, UD_VECTOR);
7327 if (reexecute_instruction(vcpu, cr2_or_gpa,
7331 if (ctxt->have_exception) {
7333 * #UD should result in just EMULATION_FAILED, and trap-like
7334 * exception should not be encountered during decode.
7336 WARN_ON_ONCE(ctxt->exception.vector == UD_VECTOR ||
7337 exception_type(ctxt->exception.vector) == EXCPT_TRAP);
7338 inject_emulated_exception(vcpu);
7341 return handle_emulation_failure(vcpu, emulation_type);
7345 if ((emulation_type & EMULTYPE_VMWARE_GP) &&
7346 !is_vmware_backdoor_opcode(ctxt)) {
7347 kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
7352 * Note, EMULTYPE_SKIP is intended for use *only* by vendor callbacks
7353 * for kvm_skip_emulated_instruction(). The caller is responsible for
7354 * updating interruptibility state and injecting single-step #DBs.
7356 if (emulation_type & EMULTYPE_SKIP) {
7357 kvm_rip_write(vcpu, ctxt->_eip);
7358 if (ctxt->eflags & X86_EFLAGS_RF)
7359 kvm_set_rflags(vcpu, ctxt->eflags & ~X86_EFLAGS_RF);
7363 if (retry_instruction(ctxt, cr2_or_gpa, emulation_type))
7366 /* this is needed for vmware backdoor interface to work since it
7367 changes registers values during IO operation */
7368 if (vcpu->arch.emulate_regs_need_sync_from_vcpu) {
7369 vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
7370 emulator_invalidate_register_cache(ctxt);
7374 if (emulation_type & EMULTYPE_PF) {
7375 /* Save the faulting GPA (cr2) in the address field */
7376 ctxt->exception.address = cr2_or_gpa;
7378 /* With shadow page tables, cr2 contains a GVA or nGPA. */
7379 if (vcpu->arch.mmu->direct_map) {
7380 ctxt->gpa_available = true;
7381 ctxt->gpa_val = cr2_or_gpa;
7384 /* Sanitize the address out of an abundance of paranoia. */
7385 ctxt->exception.address = 0;
7388 r = x86_emulate_insn(ctxt);
7390 if (r == EMULATION_INTERCEPTED)
7393 if (r == EMULATION_FAILED) {
7394 if (reexecute_instruction(vcpu, cr2_or_gpa, write_fault_to_spt,
7398 return handle_emulation_failure(vcpu, emulation_type);
7401 if (ctxt->have_exception) {
7403 if (inject_emulated_exception(vcpu))
7405 } else if (vcpu->arch.pio.count) {
7406 if (!vcpu->arch.pio.in) {
7407 /* FIXME: return into emulator if single-stepping. */
7408 vcpu->arch.pio.count = 0;
7411 vcpu->arch.complete_userspace_io = complete_emulated_pio;
7414 } else if (vcpu->mmio_needed) {
7415 ++vcpu->stat.mmio_exits;
7417 if (!vcpu->mmio_is_write)
7420 vcpu->arch.complete_userspace_io = complete_emulated_mmio;
7421 } else if (r == EMULATION_RESTART)
7427 unsigned long rflags = kvm_x86_ops.get_rflags(vcpu);
7428 toggle_interruptibility(vcpu, ctxt->interruptibility);
7429 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
7430 if (!ctxt->have_exception ||
7431 exception_type(ctxt->exception.vector) == EXCPT_TRAP) {
7432 kvm_rip_write(vcpu, ctxt->eip);
7433 if (r && (ctxt->tf || (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)))
7434 r = kvm_vcpu_do_singlestep(vcpu);
7435 if (kvm_x86_ops.update_emulated_instruction)
7436 kvm_x86_ops.update_emulated_instruction(vcpu);
7437 __kvm_set_rflags(vcpu, ctxt->eflags);
7441 * For STI, interrupts are shadowed; so KVM_REQ_EVENT will
7442 * do nothing, and it will be requested again as soon as
7443 * the shadow expires. But we still need to check here,
7444 * because POPF has no interrupt shadow.
7446 if (unlikely((ctxt->eflags & ~rflags) & X86_EFLAGS_IF))
7447 kvm_make_request(KVM_REQ_EVENT, vcpu);
7449 vcpu->arch.emulate_regs_need_sync_to_vcpu = true;
7454 int kvm_emulate_instruction(struct kvm_vcpu *vcpu, int emulation_type)
7456 return x86_emulate_instruction(vcpu, 0, emulation_type, NULL, 0);
7458 EXPORT_SYMBOL_GPL(kvm_emulate_instruction);
7460 int kvm_emulate_instruction_from_buffer(struct kvm_vcpu *vcpu,
7461 void *insn, int insn_len)
7463 return x86_emulate_instruction(vcpu, 0, 0, insn, insn_len);
7465 EXPORT_SYMBOL_GPL(kvm_emulate_instruction_from_buffer);
7467 static int complete_fast_pio_out_port_0x7e(struct kvm_vcpu *vcpu)
7469 vcpu->arch.pio.count = 0;
7473 static int complete_fast_pio_out(struct kvm_vcpu *vcpu)
7475 vcpu->arch.pio.count = 0;
7477 if (unlikely(!kvm_is_linear_rip(vcpu, vcpu->arch.pio.linear_rip)))
7480 return kvm_skip_emulated_instruction(vcpu);
7483 static int kvm_fast_pio_out(struct kvm_vcpu *vcpu, int size,
7484 unsigned short port)
7486 unsigned long val = kvm_rax_read(vcpu);
7487 int ret = emulator_pio_out(vcpu, size, port, &val, 1);
7493 * Workaround userspace that relies on old KVM behavior of %rip being
7494 * incremented prior to exiting to userspace to handle "OUT 0x7e".
7497 kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_OUT_7E_INC_RIP)) {
7498 vcpu->arch.complete_userspace_io =
7499 complete_fast_pio_out_port_0x7e;
7500 kvm_skip_emulated_instruction(vcpu);
7502 vcpu->arch.pio.linear_rip = kvm_get_linear_rip(vcpu);
7503 vcpu->arch.complete_userspace_io = complete_fast_pio_out;
7508 static int complete_fast_pio_in(struct kvm_vcpu *vcpu)
7512 /* We should only ever be called with arch.pio.count equal to 1 */
7513 BUG_ON(vcpu->arch.pio.count != 1);
7515 if (unlikely(!kvm_is_linear_rip(vcpu, vcpu->arch.pio.linear_rip))) {
7516 vcpu->arch.pio.count = 0;
7520 /* For size less than 4 we merge, else we zero extend */
7521 val = (vcpu->arch.pio.size < 4) ? kvm_rax_read(vcpu) : 0;
7524 * Since vcpu->arch.pio.count == 1 let emulator_pio_in perform
7525 * the copy and tracing
7527 emulator_pio_in(vcpu, vcpu->arch.pio.size, vcpu->arch.pio.port, &val, 1);
7528 kvm_rax_write(vcpu, val);
7530 return kvm_skip_emulated_instruction(vcpu);
7533 static int kvm_fast_pio_in(struct kvm_vcpu *vcpu, int size,
7534 unsigned short port)
7539 /* For size less than 4 we merge, else we zero extend */
7540 val = (size < 4) ? kvm_rax_read(vcpu) : 0;
7542 ret = emulator_pio_in(vcpu, size, port, &val, 1);
7544 kvm_rax_write(vcpu, val);
7548 vcpu->arch.pio.linear_rip = kvm_get_linear_rip(vcpu);
7549 vcpu->arch.complete_userspace_io = complete_fast_pio_in;
7554 int kvm_fast_pio(struct kvm_vcpu *vcpu, int size, unsigned short port, int in)
7559 ret = kvm_fast_pio_in(vcpu, size, port);
7561 ret = kvm_fast_pio_out(vcpu, size, port);
7562 return ret && kvm_skip_emulated_instruction(vcpu);
7564 EXPORT_SYMBOL_GPL(kvm_fast_pio);
7566 static int kvmclock_cpu_down_prep(unsigned int cpu)
7568 __this_cpu_write(cpu_tsc_khz, 0);
7572 static void tsc_khz_changed(void *data)
7574 struct cpufreq_freqs *freq = data;
7575 unsigned long khz = 0;
7579 else if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
7580 khz = cpufreq_quick_get(raw_smp_processor_id());
7583 __this_cpu_write(cpu_tsc_khz, khz);
7586 #ifdef CONFIG_X86_64
7587 static void kvm_hyperv_tsc_notifier(void)
7590 struct kvm_vcpu *vcpu;
7593 mutex_lock(&kvm_lock);
7594 list_for_each_entry(kvm, &vm_list, vm_list)
7595 kvm_make_mclock_inprogress_request(kvm);
7597 hyperv_stop_tsc_emulation();
7599 /* TSC frequency always matches when on Hyper-V */
7600 for_each_present_cpu(cpu)
7601 per_cpu(cpu_tsc_khz, cpu) = tsc_khz;
7602 kvm_max_guest_tsc_khz = tsc_khz;
7604 list_for_each_entry(kvm, &vm_list, vm_list) {
7605 struct kvm_arch *ka = &kvm->arch;
7607 spin_lock(&ka->pvclock_gtod_sync_lock);
7609 pvclock_update_vm_gtod_copy(kvm);
7611 kvm_for_each_vcpu(cpu, vcpu, kvm)
7612 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
7614 kvm_for_each_vcpu(cpu, vcpu, kvm)
7615 kvm_clear_request(KVM_REQ_MCLOCK_INPROGRESS, vcpu);
7617 spin_unlock(&ka->pvclock_gtod_sync_lock);
7619 mutex_unlock(&kvm_lock);
7623 static void __kvmclock_cpufreq_notifier(struct cpufreq_freqs *freq, int cpu)
7626 struct kvm_vcpu *vcpu;
7627 int i, send_ipi = 0;
7630 * We allow guests to temporarily run on slowing clocks,
7631 * provided we notify them after, or to run on accelerating
7632 * clocks, provided we notify them before. Thus time never
7635 * However, we have a problem. We can't atomically update
7636 * the frequency of a given CPU from this function; it is
7637 * merely a notifier, which can be called from any CPU.
7638 * Changing the TSC frequency at arbitrary points in time
7639 * requires a recomputation of local variables related to
7640 * the TSC for each VCPU. We must flag these local variables
7641 * to be updated and be sure the update takes place with the
7642 * new frequency before any guests proceed.
7644 * Unfortunately, the combination of hotplug CPU and frequency
7645 * change creates an intractable locking scenario; the order
7646 * of when these callouts happen is undefined with respect to
7647 * CPU hotplug, and they can race with each other. As such,
7648 * merely setting per_cpu(cpu_tsc_khz) = X during a hotadd is
7649 * undefined; you can actually have a CPU frequency change take
7650 * place in between the computation of X and the setting of the
7651 * variable. To protect against this problem, all updates of
7652 * the per_cpu tsc_khz variable are done in an interrupt
7653 * protected IPI, and all callers wishing to update the value
7654 * must wait for a synchronous IPI to complete (which is trivial
7655 * if the caller is on the CPU already). This establishes the
7656 * necessary total order on variable updates.
7658 * Note that because a guest time update may take place
7659 * anytime after the setting of the VCPU's request bit, the
7660 * correct TSC value must be set before the request. However,
7661 * to ensure the update actually makes it to any guest which
7662 * starts running in hardware virtualization between the set
7663 * and the acquisition of the spinlock, we must also ping the
7664 * CPU after setting the request bit.
7668 smp_call_function_single(cpu, tsc_khz_changed, freq, 1);
7670 mutex_lock(&kvm_lock);
7671 list_for_each_entry(kvm, &vm_list, vm_list) {
7672 kvm_for_each_vcpu(i, vcpu, kvm) {
7673 if (vcpu->cpu != cpu)
7675 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
7676 if (vcpu->cpu != raw_smp_processor_id())
7680 mutex_unlock(&kvm_lock);
7682 if (freq->old < freq->new && send_ipi) {
7684 * We upscale the frequency. Must make the guest
7685 * doesn't see old kvmclock values while running with
7686 * the new frequency, otherwise we risk the guest sees
7687 * time go backwards.
7689 * In case we update the frequency for another cpu
7690 * (which might be in guest context) send an interrupt
7691 * to kick the cpu out of guest context. Next time
7692 * guest context is entered kvmclock will be updated,
7693 * so the guest will not see stale values.
7695 smp_call_function_single(cpu, tsc_khz_changed, freq, 1);
7699 static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
7702 struct cpufreq_freqs *freq = data;
7705 if (val == CPUFREQ_PRECHANGE && freq->old > freq->new)
7707 if (val == CPUFREQ_POSTCHANGE && freq->old < freq->new)
7710 for_each_cpu(cpu, freq->policy->cpus)
7711 __kvmclock_cpufreq_notifier(freq, cpu);
7716 static struct notifier_block kvmclock_cpufreq_notifier_block = {
7717 .notifier_call = kvmclock_cpufreq_notifier
7720 static int kvmclock_cpu_online(unsigned int cpu)
7722 tsc_khz_changed(NULL);
7726 static void kvm_timer_init(void)
7728 max_tsc_khz = tsc_khz;
7730 if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
7731 #ifdef CONFIG_CPU_FREQ
7732 struct cpufreq_policy *policy;
7736 policy = cpufreq_cpu_get(cpu);
7738 if (policy->cpuinfo.max_freq)
7739 max_tsc_khz = policy->cpuinfo.max_freq;
7740 cpufreq_cpu_put(policy);
7744 cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
7745 CPUFREQ_TRANSITION_NOTIFIER);
7748 cpuhp_setup_state(CPUHP_AP_X86_KVM_CLK_ONLINE, "x86/kvm/clk:online",
7749 kvmclock_cpu_online, kvmclock_cpu_down_prep);
7752 DEFINE_PER_CPU(struct kvm_vcpu *, current_vcpu);
7753 EXPORT_PER_CPU_SYMBOL_GPL(current_vcpu);
7755 int kvm_is_in_guest(void)
7757 return __this_cpu_read(current_vcpu) != NULL;
7760 static int kvm_is_user_mode(void)
7764 if (__this_cpu_read(current_vcpu))
7765 user_mode = kvm_x86_ops.get_cpl(__this_cpu_read(current_vcpu));
7767 return user_mode != 0;
7770 static unsigned long kvm_get_guest_ip(void)
7772 unsigned long ip = 0;
7774 if (__this_cpu_read(current_vcpu))
7775 ip = kvm_rip_read(__this_cpu_read(current_vcpu));
7780 static void kvm_handle_intel_pt_intr(void)
7782 struct kvm_vcpu *vcpu = __this_cpu_read(current_vcpu);
7784 kvm_make_request(KVM_REQ_PMI, vcpu);
7785 __set_bit(MSR_CORE_PERF_GLOBAL_OVF_CTRL_TRACE_TOPA_PMI_BIT,
7786 (unsigned long *)&vcpu->arch.pmu.global_status);
7789 static struct perf_guest_info_callbacks kvm_guest_cbs = {
7790 .is_in_guest = kvm_is_in_guest,
7791 .is_user_mode = kvm_is_user_mode,
7792 .get_guest_ip = kvm_get_guest_ip,
7793 .handle_intel_pt_intr = kvm_handle_intel_pt_intr,
7796 #ifdef CONFIG_X86_64
7797 static void pvclock_gtod_update_fn(struct work_struct *work)
7801 struct kvm_vcpu *vcpu;
7804 mutex_lock(&kvm_lock);
7805 list_for_each_entry(kvm, &vm_list, vm_list)
7806 kvm_for_each_vcpu(i, vcpu, kvm)
7807 kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
7808 atomic_set(&kvm_guest_has_master_clock, 0);
7809 mutex_unlock(&kvm_lock);
7812 static DECLARE_WORK(pvclock_gtod_work, pvclock_gtod_update_fn);
7815 * Notification about pvclock gtod data update.
7817 static int pvclock_gtod_notify(struct notifier_block *nb, unsigned long unused,
7820 struct pvclock_gtod_data *gtod = &pvclock_gtod_data;
7821 struct timekeeper *tk = priv;
7823 update_pvclock_gtod(tk);
7825 /* disable master clock if host does not trust, or does not
7826 * use, TSC based clocksource.
7828 if (!gtod_is_based_on_tsc(gtod->clock.vclock_mode) &&
7829 atomic_read(&kvm_guest_has_master_clock) != 0)
7830 queue_work(system_long_wq, &pvclock_gtod_work);
7835 static struct notifier_block pvclock_gtod_notifier = {
7836 .notifier_call = pvclock_gtod_notify,
7840 int kvm_arch_init(void *opaque)
7842 struct kvm_x86_init_ops *ops = opaque;
7845 if (kvm_x86_ops.hardware_enable) {
7846 printk(KERN_ERR "kvm: already loaded the other module\n");
7851 if (!ops->cpu_has_kvm_support()) {
7852 pr_err_ratelimited("kvm: no hardware support\n");
7856 if (ops->disabled_by_bios()) {
7857 pr_err_ratelimited("kvm: disabled by bios\n");
7863 * KVM explicitly assumes that the guest has an FPU and
7864 * FXSAVE/FXRSTOR. For example, the KVM_GET_FPU explicitly casts the
7865 * vCPU's FPU state as a fxregs_state struct.
7867 if (!boot_cpu_has(X86_FEATURE_FPU) || !boot_cpu_has(X86_FEATURE_FXSR)) {
7868 printk(KERN_ERR "kvm: inadequate fpu\n");
7874 x86_fpu_cache = kmem_cache_create("x86_fpu", sizeof(struct fpu),
7875 __alignof__(struct fpu), SLAB_ACCOUNT,
7877 if (!x86_fpu_cache) {
7878 printk(KERN_ERR "kvm: failed to allocate cache for x86 fpu\n");
7882 x86_emulator_cache = kvm_alloc_emulator_cache();
7883 if (!x86_emulator_cache) {
7884 pr_err("kvm: failed to allocate cache for x86 emulator\n");
7885 goto out_free_x86_fpu_cache;
7888 user_return_msrs = alloc_percpu(struct kvm_user_return_msrs);
7889 if (!user_return_msrs) {
7890 printk(KERN_ERR "kvm: failed to allocate percpu kvm_user_return_msrs\n");
7891 goto out_free_x86_emulator_cache;
7894 r = kvm_mmu_module_init();
7896 goto out_free_percpu;
7898 kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
7899 PT_DIRTY_MASK, PT64_NX_MASK, 0,
7900 PT_PRESENT_MASK, 0, sme_me_mask);
7903 perf_register_guest_info_callbacks(&kvm_guest_cbs);
7905 if (boot_cpu_has(X86_FEATURE_XSAVE)) {
7906 host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
7907 supported_xcr0 = host_xcr0 & KVM_SUPPORTED_XCR0;
7911 if (pi_inject_timer == -1)
7912 pi_inject_timer = housekeeping_enabled(HK_FLAG_TIMER);
7913 #ifdef CONFIG_X86_64
7914 pvclock_gtod_register_notifier(&pvclock_gtod_notifier);
7916 if (hypervisor_is_type(X86_HYPER_MS_HYPERV))
7917 set_hv_tscchange_cb(kvm_hyperv_tsc_notifier);
7923 free_percpu(user_return_msrs);
7924 out_free_x86_emulator_cache:
7925 kmem_cache_destroy(x86_emulator_cache);
7926 out_free_x86_fpu_cache:
7927 kmem_cache_destroy(x86_fpu_cache);
7932 void kvm_arch_exit(void)
7934 #ifdef CONFIG_X86_64
7935 if (hypervisor_is_type(X86_HYPER_MS_HYPERV))
7936 clear_hv_tscchange_cb();
7939 perf_unregister_guest_info_callbacks(&kvm_guest_cbs);
7941 if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
7942 cpufreq_unregister_notifier(&kvmclock_cpufreq_notifier_block,
7943 CPUFREQ_TRANSITION_NOTIFIER);
7944 cpuhp_remove_state_nocalls(CPUHP_AP_X86_KVM_CLK_ONLINE);
7945 #ifdef CONFIG_X86_64
7946 pvclock_gtod_unregister_notifier(&pvclock_gtod_notifier);
7948 kvm_x86_ops.hardware_enable = NULL;
7949 kvm_mmu_module_exit();
7950 free_percpu(user_return_msrs);
7951 kmem_cache_destroy(x86_fpu_cache);
7954 int kvm_vcpu_halt(struct kvm_vcpu *vcpu)
7956 ++vcpu->stat.halt_exits;
7957 if (lapic_in_kernel(vcpu)) {
7958 vcpu->arch.mp_state = KVM_MP_STATE_HALTED;
7961 vcpu->run->exit_reason = KVM_EXIT_HLT;
7965 EXPORT_SYMBOL_GPL(kvm_vcpu_halt);
7967 int kvm_emulate_halt(struct kvm_vcpu *vcpu)
7969 int ret = kvm_skip_emulated_instruction(vcpu);
7971 * TODO: we might be squashing a GUESTDBG_SINGLESTEP-triggered
7972 * KVM_EXIT_DEBUG here.
7974 return kvm_vcpu_halt(vcpu) && ret;
7976 EXPORT_SYMBOL_GPL(kvm_emulate_halt);
7978 #ifdef CONFIG_X86_64
7979 static int kvm_pv_clock_pairing(struct kvm_vcpu *vcpu, gpa_t paddr,
7980 unsigned long clock_type)
7982 struct kvm_clock_pairing clock_pairing;
7983 struct timespec64 ts;
7987 if (clock_type != KVM_CLOCK_PAIRING_WALLCLOCK)
7988 return -KVM_EOPNOTSUPP;
7990 if (kvm_get_walltime_and_clockread(&ts, &cycle) == false)
7991 return -KVM_EOPNOTSUPP;
7993 clock_pairing.sec = ts.tv_sec;
7994 clock_pairing.nsec = ts.tv_nsec;
7995 clock_pairing.tsc = kvm_read_l1_tsc(vcpu, cycle);
7996 clock_pairing.flags = 0;
7997 memset(&clock_pairing.pad, 0, sizeof(clock_pairing.pad));
8000 if (kvm_write_guest(vcpu->kvm, paddr, &clock_pairing,
8001 sizeof(struct kvm_clock_pairing)))
8009 * kvm_pv_kick_cpu_op: Kick a vcpu.
8011 * @apicid - apicid of vcpu to be kicked.
8013 static void kvm_pv_kick_cpu_op(struct kvm *kvm, unsigned long flags, int apicid)
8015 struct kvm_lapic_irq lapic_irq;
8017 lapic_irq.shorthand = APIC_DEST_NOSHORT;
8018 lapic_irq.dest_mode = APIC_DEST_PHYSICAL;
8019 lapic_irq.level = 0;
8020 lapic_irq.dest_id = apicid;
8021 lapic_irq.msi_redir_hint = false;
8023 lapic_irq.delivery_mode = APIC_DM_REMRD;
8024 kvm_irq_delivery_to_apic(kvm, NULL, &lapic_irq, NULL);
8027 bool kvm_apicv_activated(struct kvm *kvm)
8029 return (READ_ONCE(kvm->arch.apicv_inhibit_reasons) == 0);
8031 EXPORT_SYMBOL_GPL(kvm_apicv_activated);
8033 void kvm_apicv_init(struct kvm *kvm, bool enable)
8036 clear_bit(APICV_INHIBIT_REASON_DISABLE,
8037 &kvm->arch.apicv_inhibit_reasons);
8039 set_bit(APICV_INHIBIT_REASON_DISABLE,
8040 &kvm->arch.apicv_inhibit_reasons);
8042 EXPORT_SYMBOL_GPL(kvm_apicv_init);
8044 static void kvm_sched_yield(struct kvm *kvm, unsigned long dest_id)
8046 struct kvm_vcpu *target = NULL;
8047 struct kvm_apic_map *map;
8050 map = rcu_dereference(kvm->arch.apic_map);
8052 if (likely(map) && dest_id <= map->max_apic_id && map->phys_map[dest_id])
8053 target = map->phys_map[dest_id]->vcpu;
8057 if (target && READ_ONCE(target->ready))
8058 kvm_vcpu_yield_to(target);
8061 int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
8063 unsigned long nr, a0, a1, a2, a3, ret;
8066 if (kvm_hv_hypercall_enabled(vcpu->kvm))
8067 return kvm_hv_hypercall(vcpu);
8069 nr = kvm_rax_read(vcpu);
8070 a0 = kvm_rbx_read(vcpu);
8071 a1 = kvm_rcx_read(vcpu);
8072 a2 = kvm_rdx_read(vcpu);
8073 a3 = kvm_rsi_read(vcpu);
8075 trace_kvm_hypercall(nr, a0, a1, a2, a3);
8077 op_64_bit = is_64_bit_mode(vcpu);
8086 if (kvm_x86_ops.get_cpl(vcpu) != 0) {
8094 case KVM_HC_VAPIC_POLL_IRQ:
8097 case KVM_HC_KICK_CPU:
8098 if (!guest_pv_has(vcpu, KVM_FEATURE_PV_UNHALT))
8101 kvm_pv_kick_cpu_op(vcpu->kvm, a0, a1);
8102 kvm_sched_yield(vcpu->kvm, a1);
8105 #ifdef CONFIG_X86_64
8106 case KVM_HC_CLOCK_PAIRING:
8107 ret = kvm_pv_clock_pairing(vcpu, a0, a1);
8110 case KVM_HC_SEND_IPI:
8111 if (!guest_pv_has(vcpu, KVM_FEATURE_PV_SEND_IPI))
8114 ret = kvm_pv_send_ipi(vcpu->kvm, a0, a1, a2, a3, op_64_bit);
8116 case KVM_HC_SCHED_YIELD:
8117 if (!guest_pv_has(vcpu, KVM_FEATURE_PV_SCHED_YIELD))
8120 kvm_sched_yield(vcpu->kvm, a0);
8130 kvm_rax_write(vcpu, ret);
8132 ++vcpu->stat.hypercalls;
8133 return kvm_skip_emulated_instruction(vcpu);
8135 EXPORT_SYMBOL_GPL(kvm_emulate_hypercall);
8137 static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt)
8139 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
8140 char instruction[3];
8141 unsigned long rip = kvm_rip_read(vcpu);
8143 kvm_x86_ops.patch_hypercall(vcpu, instruction);
8145 return emulator_write_emulated(ctxt, rip, instruction, 3,
8149 static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
8151 return vcpu->run->request_interrupt_window &&
8152 likely(!pic_in_kernel(vcpu->kvm));
8155 static void post_kvm_run_save(struct kvm_vcpu *vcpu)
8157 struct kvm_run *kvm_run = vcpu->run;
8160 * if_flag is obsolete and useless, so do not bother
8161 * setting it for SEV-ES guests. Userspace can just
8162 * use kvm_run->ready_for_interrupt_injection.
8164 kvm_run->if_flag = !vcpu->arch.guest_state_protected
8165 && (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
8167 kvm_run->flags = is_smm(vcpu) ? KVM_RUN_X86_SMM : 0;
8168 kvm_run->cr8 = kvm_get_cr8(vcpu);
8169 kvm_run->apic_base = kvm_get_apic_base(vcpu);
8170 kvm_run->ready_for_interrupt_injection =
8171 pic_in_kernel(vcpu->kvm) ||
8172 kvm_vcpu_ready_for_interrupt_injection(vcpu);
8175 static void update_cr8_intercept(struct kvm_vcpu *vcpu)
8179 if (!kvm_x86_ops.update_cr8_intercept)
8182 if (!lapic_in_kernel(vcpu))
8185 if (vcpu->arch.apicv_active)
8188 if (!vcpu->arch.apic->vapic_addr)
8189 max_irr = kvm_lapic_find_highest_irr(vcpu);
8196 tpr = kvm_lapic_get_cr8(vcpu);
8198 kvm_x86_ops.update_cr8_intercept(vcpu, tpr, max_irr);
8201 static void inject_pending_event(struct kvm_vcpu *vcpu, bool *req_immediate_exit)
8204 bool can_inject = true;
8206 /* try to reinject previous events if any */
8208 if (vcpu->arch.exception.injected) {
8209 kvm_x86_ops.queue_exception(vcpu);
8213 * Do not inject an NMI or interrupt if there is a pending
8214 * exception. Exceptions and interrupts are recognized at
8215 * instruction boundaries, i.e. the start of an instruction.
8216 * Trap-like exceptions, e.g. #DB, have higher priority than
8217 * NMIs and interrupts, i.e. traps are recognized before an
8218 * NMI/interrupt that's pending on the same instruction.
8219 * Fault-like exceptions, e.g. #GP and #PF, are the lowest
8220 * priority, but are only generated (pended) during instruction
8221 * execution, i.e. a pending fault-like exception means the
8222 * fault occurred on the *previous* instruction and must be
8223 * serviced prior to recognizing any new events in order to
8224 * fully complete the previous instruction.
8226 else if (!vcpu->arch.exception.pending) {
8227 if (vcpu->arch.nmi_injected) {
8228 kvm_x86_ops.set_nmi(vcpu);
8230 } else if (vcpu->arch.interrupt.injected) {
8231 kvm_x86_ops.set_irq(vcpu);
8236 WARN_ON_ONCE(vcpu->arch.exception.injected &&
8237 vcpu->arch.exception.pending);
8240 * Call check_nested_events() even if we reinjected a previous event
8241 * in order for caller to determine if it should require immediate-exit
8242 * from L2 to L1 due to pending L1 events which require exit
8245 if (is_guest_mode(vcpu)) {
8246 r = kvm_x86_ops.nested_ops->check_events(vcpu);
8251 /* try to inject new event if pending */
8252 if (vcpu->arch.exception.pending) {
8253 trace_kvm_inj_exception(vcpu->arch.exception.nr,
8254 vcpu->arch.exception.has_error_code,
8255 vcpu->arch.exception.error_code);
8257 vcpu->arch.exception.pending = false;
8258 vcpu->arch.exception.injected = true;
8260 if (exception_type(vcpu->arch.exception.nr) == EXCPT_FAULT)
8261 __kvm_set_rflags(vcpu, kvm_get_rflags(vcpu) |
8264 if (vcpu->arch.exception.nr == DB_VECTOR) {
8265 kvm_deliver_exception_payload(vcpu);
8266 if (vcpu->arch.dr7 & DR7_GD) {
8267 vcpu->arch.dr7 &= ~DR7_GD;
8268 kvm_update_dr7(vcpu);
8272 kvm_x86_ops.queue_exception(vcpu);
8277 * Finally, inject interrupt events. If an event cannot be injected
8278 * due to architectural conditions (e.g. IF=0) a window-open exit
8279 * will re-request KVM_REQ_EVENT. Sometimes however an event is pending
8280 * and can architecturally be injected, but we cannot do it right now:
8281 * an interrupt could have arrived just now and we have to inject it
8282 * as a vmexit, or there could already an event in the queue, which is
8283 * indicated by can_inject. In that case we request an immediate exit
8284 * in order to make progress and get back here for another iteration.
8285 * The kvm_x86_ops hooks communicate this by returning -EBUSY.
8287 if (vcpu->arch.smi_pending) {
8288 r = can_inject ? kvm_x86_ops.smi_allowed(vcpu, true) : -EBUSY;
8292 vcpu->arch.smi_pending = false;
8293 ++vcpu->arch.smi_count;
8297 kvm_x86_ops.enable_smi_window(vcpu);
8300 if (vcpu->arch.nmi_pending) {
8301 r = can_inject ? kvm_x86_ops.nmi_allowed(vcpu, true) : -EBUSY;
8305 --vcpu->arch.nmi_pending;
8306 vcpu->arch.nmi_injected = true;
8307 kvm_x86_ops.set_nmi(vcpu);
8309 WARN_ON(kvm_x86_ops.nmi_allowed(vcpu, true) < 0);
8311 if (vcpu->arch.nmi_pending)
8312 kvm_x86_ops.enable_nmi_window(vcpu);
8315 if (kvm_cpu_has_injectable_intr(vcpu)) {
8316 r = can_inject ? kvm_x86_ops.interrupt_allowed(vcpu, true) : -EBUSY;
8320 kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu), false);
8321 kvm_x86_ops.set_irq(vcpu);
8322 WARN_ON(kvm_x86_ops.interrupt_allowed(vcpu, true) < 0);
8324 if (kvm_cpu_has_injectable_intr(vcpu))
8325 kvm_x86_ops.enable_irq_window(vcpu);
8328 if (is_guest_mode(vcpu) &&
8329 kvm_x86_ops.nested_ops->hv_timer_pending &&
8330 kvm_x86_ops.nested_ops->hv_timer_pending(vcpu))
8331 *req_immediate_exit = true;
8333 WARN_ON(vcpu->arch.exception.pending);
8337 *req_immediate_exit = true;
8341 static void process_nmi(struct kvm_vcpu *vcpu)
8346 * x86 is limited to one NMI running, and one NMI pending after it.
8347 * If an NMI is already in progress, limit further NMIs to just one.
8348 * Otherwise, allow two (and we'll inject the first one immediately).
8350 if (kvm_x86_ops.get_nmi_mask(vcpu) || vcpu->arch.nmi_injected)
8353 vcpu->arch.nmi_pending += atomic_xchg(&vcpu->arch.nmi_queued, 0);
8354 vcpu->arch.nmi_pending = min(vcpu->arch.nmi_pending, limit);
8355 kvm_make_request(KVM_REQ_EVENT, vcpu);
8358 static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
8361 flags |= seg->g << 23;
8362 flags |= seg->db << 22;
8363 flags |= seg->l << 21;
8364 flags |= seg->avl << 20;
8365 flags |= seg->present << 15;
8366 flags |= seg->dpl << 13;
8367 flags |= seg->s << 12;
8368 flags |= seg->type << 8;
8372 static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu, char *buf, int n)
8374 struct kvm_segment seg;
8377 kvm_get_segment(vcpu, &seg, n);
8378 put_smstate(u32, buf, 0x7fa8 + n * 4, seg.selector);
8381 offset = 0x7f84 + n * 12;
8383 offset = 0x7f2c + (n - 3) * 12;
8385 put_smstate(u32, buf, offset + 8, seg.base);
8386 put_smstate(u32, buf, offset + 4, seg.limit);
8387 put_smstate(u32, buf, offset, enter_smm_get_segment_flags(&seg));
8390 #ifdef CONFIG_X86_64
8391 static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
8393 struct kvm_segment seg;
8397 kvm_get_segment(vcpu, &seg, n);
8398 offset = 0x7e00 + n * 16;
8400 flags = enter_smm_get_segment_flags(&seg) >> 8;
8401 put_smstate(u16, buf, offset, seg.selector);
8402 put_smstate(u16, buf, offset + 2, flags);
8403 put_smstate(u32, buf, offset + 4, seg.limit);
8404 put_smstate(u64, buf, offset + 8, seg.base);
8408 static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, char *buf)
8411 struct kvm_segment seg;
8415 put_smstate(u32, buf, 0x7ffc, kvm_read_cr0(vcpu));
8416 put_smstate(u32, buf, 0x7ff8, kvm_read_cr3(vcpu));
8417 put_smstate(u32, buf, 0x7ff4, kvm_get_rflags(vcpu));
8418 put_smstate(u32, buf, 0x7ff0, kvm_rip_read(vcpu));
8420 for (i = 0; i < 8; i++)
8421 put_smstate(u32, buf, 0x7fd0 + i * 4, kvm_register_read(vcpu, i));
8423 kvm_get_dr(vcpu, 6, &val);
8424 put_smstate(u32, buf, 0x7fcc, (u32)val);
8425 kvm_get_dr(vcpu, 7, &val);
8426 put_smstate(u32, buf, 0x7fc8, (u32)val);
8428 kvm_get_segment(vcpu, &seg, VCPU_SREG_TR);
8429 put_smstate(u32, buf, 0x7fc4, seg.selector);
8430 put_smstate(u32, buf, 0x7f64, seg.base);
8431 put_smstate(u32, buf, 0x7f60, seg.limit);
8432 put_smstate(u32, buf, 0x7f5c, enter_smm_get_segment_flags(&seg));
8434 kvm_get_segment(vcpu, &seg, VCPU_SREG_LDTR);
8435 put_smstate(u32, buf, 0x7fc0, seg.selector);
8436 put_smstate(u32, buf, 0x7f80, seg.base);
8437 put_smstate(u32, buf, 0x7f7c, seg.limit);
8438 put_smstate(u32, buf, 0x7f78, enter_smm_get_segment_flags(&seg));
8440 kvm_x86_ops.get_gdt(vcpu, &dt);
8441 put_smstate(u32, buf, 0x7f74, dt.address);
8442 put_smstate(u32, buf, 0x7f70, dt.size);
8444 kvm_x86_ops.get_idt(vcpu, &dt);
8445 put_smstate(u32, buf, 0x7f58, dt.address);
8446 put_smstate(u32, buf, 0x7f54, dt.size);
8448 for (i = 0; i < 6; i++)
8449 enter_smm_save_seg_32(vcpu, buf, i);
8451 put_smstate(u32, buf, 0x7f14, kvm_read_cr4(vcpu));
8454 put_smstate(u32, buf, 0x7efc, 0x00020000);
8455 put_smstate(u32, buf, 0x7ef8, vcpu->arch.smbase);
8458 #ifdef CONFIG_X86_64
8459 static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, char *buf)
8462 struct kvm_segment seg;
8466 for (i = 0; i < 16; i++)
8467 put_smstate(u64, buf, 0x7ff8 - i * 8, kvm_register_read(vcpu, i));
8469 put_smstate(u64, buf, 0x7f78, kvm_rip_read(vcpu));
8470 put_smstate(u32, buf, 0x7f70, kvm_get_rflags(vcpu));
8472 kvm_get_dr(vcpu, 6, &val);
8473 put_smstate(u64, buf, 0x7f68, val);
8474 kvm_get_dr(vcpu, 7, &val);
8475 put_smstate(u64, buf, 0x7f60, val);
8477 put_smstate(u64, buf, 0x7f58, kvm_read_cr0(vcpu));
8478 put_smstate(u64, buf, 0x7f50, kvm_read_cr3(vcpu));
8479 put_smstate(u64, buf, 0x7f48, kvm_read_cr4(vcpu));
8481 put_smstate(u32, buf, 0x7f00, vcpu->arch.smbase);
8484 put_smstate(u32, buf, 0x7efc, 0x00020064);
8486 put_smstate(u64, buf, 0x7ed0, vcpu->arch.efer);
8488 kvm_get_segment(vcpu, &seg, VCPU_SREG_TR);
8489 put_smstate(u16, buf, 0x7e90, seg.selector);
8490 put_smstate(u16, buf, 0x7e92, enter_smm_get_segment_flags(&seg) >> 8);
8491 put_smstate(u32, buf, 0x7e94, seg.limit);
8492 put_smstate(u64, buf, 0x7e98, seg.base);
8494 kvm_x86_ops.get_idt(vcpu, &dt);
8495 put_smstate(u32, buf, 0x7e84, dt.size);
8496 put_smstate(u64, buf, 0x7e88, dt.address);
8498 kvm_get_segment(vcpu, &seg, VCPU_SREG_LDTR);
8499 put_smstate(u16, buf, 0x7e70, seg.selector);
8500 put_smstate(u16, buf, 0x7e72, enter_smm_get_segment_flags(&seg) >> 8);
8501 put_smstate(u32, buf, 0x7e74, seg.limit);
8502 put_smstate(u64, buf, 0x7e78, seg.base);
8504 kvm_x86_ops.get_gdt(vcpu, &dt);
8505 put_smstate(u32, buf, 0x7e64, dt.size);
8506 put_smstate(u64, buf, 0x7e68, dt.address);
8508 for (i = 0; i < 6; i++)
8509 enter_smm_save_seg_64(vcpu, buf, i);
8513 static void enter_smm(struct kvm_vcpu *vcpu)
8515 struct kvm_segment cs, ds;
8520 trace_kvm_enter_smm(vcpu->vcpu_id, vcpu->arch.smbase, true);
8521 memset(buf, 0, 512);
8522 #ifdef CONFIG_X86_64
8523 if (guest_cpuid_has(vcpu, X86_FEATURE_LM))
8524 enter_smm_save_state_64(vcpu, buf);
8527 enter_smm_save_state_32(vcpu, buf);
8530 * Give pre_enter_smm() a chance to make ISA-specific changes to the
8531 * vCPU state (e.g. leave guest mode) after we've saved the state into
8532 * the SMM state-save area.
8534 kvm_x86_ops.pre_enter_smm(vcpu, buf);
8536 vcpu->arch.hflags |= HF_SMM_MASK;
8537 kvm_vcpu_write_guest(vcpu, vcpu->arch.smbase + 0xfe00, buf, sizeof(buf));
8539 if (kvm_x86_ops.get_nmi_mask(vcpu))
8540 vcpu->arch.hflags |= HF_SMM_INSIDE_NMI_MASK;
8542 kvm_x86_ops.set_nmi_mask(vcpu, true);
8544 kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
8545 kvm_rip_write(vcpu, 0x8000);
8547 cr0 = vcpu->arch.cr0 & ~(X86_CR0_PE | X86_CR0_EM | X86_CR0_TS | X86_CR0_PG);
8548 kvm_x86_ops.set_cr0(vcpu, cr0);
8549 vcpu->arch.cr0 = cr0;
8551 kvm_x86_ops.set_cr4(vcpu, 0);
8553 /* Undocumented: IDT limit is set to zero on entry to SMM. */
8554 dt.address = dt.size = 0;
8555 kvm_x86_ops.set_idt(vcpu, &dt);
8557 __kvm_set_dr(vcpu, 7, DR7_FIXED_1);
8559 cs.selector = (vcpu->arch.smbase >> 4) & 0xffff;
8560 cs.base = vcpu->arch.smbase;
8565 cs.limit = ds.limit = 0xffffffff;
8566 cs.type = ds.type = 0x3;
8567 cs.dpl = ds.dpl = 0;
8572 cs.avl = ds.avl = 0;
8573 cs.present = ds.present = 1;
8574 cs.unusable = ds.unusable = 0;
8575 cs.padding = ds.padding = 0;
8577 kvm_set_segment(vcpu, &cs, VCPU_SREG_CS);
8578 kvm_set_segment(vcpu, &ds, VCPU_SREG_DS);
8579 kvm_set_segment(vcpu, &ds, VCPU_SREG_ES);
8580 kvm_set_segment(vcpu, &ds, VCPU_SREG_FS);
8581 kvm_set_segment(vcpu, &ds, VCPU_SREG_GS);
8582 kvm_set_segment(vcpu, &ds, VCPU_SREG_SS);
8584 #ifdef CONFIG_X86_64
8585 if (guest_cpuid_has(vcpu, X86_FEATURE_LM))
8586 kvm_x86_ops.set_efer(vcpu, 0);
8589 kvm_update_cpuid_runtime(vcpu);
8590 kvm_mmu_reset_context(vcpu);
8593 static void process_smi(struct kvm_vcpu *vcpu)
8595 vcpu->arch.smi_pending = true;
8596 kvm_make_request(KVM_REQ_EVENT, vcpu);
8599 void kvm_make_scan_ioapic_request_mask(struct kvm *kvm,
8600 unsigned long *vcpu_bitmap)
8604 zalloc_cpumask_var(&cpus, GFP_ATOMIC);
8606 kvm_make_vcpus_request_mask(kvm, KVM_REQ_SCAN_IOAPIC,
8607 NULL, vcpu_bitmap, cpus);
8609 free_cpumask_var(cpus);
8612 void kvm_make_scan_ioapic_request(struct kvm *kvm)
8614 kvm_make_all_cpus_request(kvm, KVM_REQ_SCAN_IOAPIC);
8617 void kvm_vcpu_update_apicv(struct kvm_vcpu *vcpu)
8619 if (!lapic_in_kernel(vcpu))
8622 vcpu->arch.apicv_active = kvm_apicv_activated(vcpu->kvm);
8623 kvm_apic_update_apicv(vcpu);
8624 kvm_x86_ops.refresh_apicv_exec_ctrl(vcpu);
8626 EXPORT_SYMBOL_GPL(kvm_vcpu_update_apicv);
8629 * NOTE: Do not hold any lock prior to calling this.
8631 * In particular, kvm_request_apicv_update() expects kvm->srcu not to be
8632 * locked, because it calls __x86_set_memory_region() which does
8633 * synchronize_srcu(&kvm->srcu).
8635 void kvm_request_apicv_update(struct kvm *kvm, bool activate, ulong bit)
8637 struct kvm_vcpu *except;
8638 unsigned long old, new, expected;
8640 if (!kvm_x86_ops.check_apicv_inhibit_reasons ||
8641 !kvm_x86_ops.check_apicv_inhibit_reasons(bit))
8644 old = READ_ONCE(kvm->arch.apicv_inhibit_reasons);
8646 expected = new = old;
8648 __clear_bit(bit, &new);
8650 __set_bit(bit, &new);
8653 old = cmpxchg(&kvm->arch.apicv_inhibit_reasons, expected, new);
8654 } while (old != expected);
8659 trace_kvm_apicv_update_request(activate, bit);
8660 if (kvm_x86_ops.pre_update_apicv_exec_ctrl)
8661 kvm_x86_ops.pre_update_apicv_exec_ctrl(kvm, activate);
8664 * Sending request to update APICV for all other vcpus,
8665 * while update the calling vcpu immediately instead of
8666 * waiting for another #VMEXIT to handle the request.
8668 except = kvm_get_running_vcpu();
8669 kvm_make_all_cpus_request_except(kvm, KVM_REQ_APICV_UPDATE,
8672 kvm_vcpu_update_apicv(except);
8674 EXPORT_SYMBOL_GPL(kvm_request_apicv_update);
8676 static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu)
8678 if (!kvm_apic_present(vcpu))
8681 bitmap_zero(vcpu->arch.ioapic_handled_vectors, 256);
8683 if (irqchip_split(vcpu->kvm))
8684 kvm_scan_ioapic_routes(vcpu, vcpu->arch.ioapic_handled_vectors);
8686 if (vcpu->arch.apicv_active)
8687 kvm_x86_ops.sync_pir_to_irr(vcpu);
8688 if (ioapic_in_kernel(vcpu->kvm))
8689 kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors);
8692 if (is_guest_mode(vcpu))
8693 vcpu->arch.load_eoi_exitmap_pending = true;
8695 kvm_make_request(KVM_REQ_LOAD_EOI_EXITMAP, vcpu);
8698 static void vcpu_load_eoi_exitmap(struct kvm_vcpu *vcpu)
8700 u64 eoi_exit_bitmap[4];
8702 if (!kvm_apic_hw_enabled(vcpu->arch.apic))
8705 bitmap_or((ulong *)eoi_exit_bitmap, vcpu->arch.ioapic_handled_vectors,
8706 vcpu_to_synic(vcpu)->vec_bitmap, 256);
8707 kvm_x86_ops.load_eoi_exitmap(vcpu, eoi_exit_bitmap);
8710 void kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
8711 unsigned long start, unsigned long end)
8713 unsigned long apic_address;
8716 * The physical address of apic access page is stored in the VMCS.
8717 * Update it when it becomes invalid.
8719 apic_address = gfn_to_hva(kvm, APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT);
8720 if (start <= apic_address && apic_address < end)
8721 kvm_make_all_cpus_request(kvm, KVM_REQ_APIC_PAGE_RELOAD);
8724 void kvm_vcpu_reload_apic_access_page(struct kvm_vcpu *vcpu)
8726 if (!lapic_in_kernel(vcpu))
8729 if (!kvm_x86_ops.set_apic_access_page_addr)
8732 kvm_x86_ops.set_apic_access_page_addr(vcpu);
8735 void __kvm_request_immediate_exit(struct kvm_vcpu *vcpu)
8737 smp_send_reschedule(vcpu->cpu);
8739 EXPORT_SYMBOL_GPL(__kvm_request_immediate_exit);
8742 * Returns 1 to let vcpu_run() continue the guest execution loop without
8743 * exiting to the userspace. Otherwise, the value will be returned to the
8746 static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
8750 dm_request_for_irq_injection(vcpu) &&
8751 kvm_cpu_accept_dm_intr(vcpu);
8752 fastpath_t exit_fastpath;
8754 bool req_immediate_exit = false;
8756 /* Forbid vmenter if vcpu dirty ring is soft-full */
8757 if (unlikely(vcpu->kvm->dirty_ring_size &&
8758 kvm_dirty_ring_soft_full(&vcpu->dirty_ring))) {
8759 vcpu->run->exit_reason = KVM_EXIT_DIRTY_RING_FULL;
8760 trace_kvm_dirty_ring_exit(vcpu);
8765 if (kvm_request_pending(vcpu)) {
8766 if (kvm_check_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu)) {
8767 if (unlikely(!kvm_x86_ops.nested_ops->get_nested_state_pages(vcpu))) {
8772 if (kvm_check_request(KVM_REQ_MMU_RELOAD, vcpu))
8773 kvm_mmu_unload(vcpu);
8774 if (kvm_check_request(KVM_REQ_MIGRATE_TIMER, vcpu))
8775 __kvm_migrate_timers(vcpu);
8776 if (kvm_check_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu))
8777 kvm_gen_update_masterclock(vcpu->kvm);
8778 if (kvm_check_request(KVM_REQ_GLOBAL_CLOCK_UPDATE, vcpu))
8779 kvm_gen_kvmclock_update(vcpu);
8780 if (kvm_check_request(KVM_REQ_CLOCK_UPDATE, vcpu)) {
8781 r = kvm_guest_time_update(vcpu);
8785 if (kvm_check_request(KVM_REQ_MMU_SYNC, vcpu))
8786 kvm_mmu_sync_roots(vcpu);
8787 if (kvm_check_request(KVM_REQ_LOAD_MMU_PGD, vcpu))
8788 kvm_mmu_load_pgd(vcpu);
8789 if (kvm_check_request(KVM_REQ_TLB_FLUSH, vcpu)) {
8790 kvm_vcpu_flush_tlb_all(vcpu);
8792 /* Flushing all ASIDs flushes the current ASID... */
8793 kvm_clear_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu);
8795 if (kvm_check_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu))
8796 kvm_vcpu_flush_tlb_current(vcpu);
8797 if (kvm_check_request(KVM_REQ_HV_TLB_FLUSH, vcpu))
8798 kvm_vcpu_flush_tlb_guest(vcpu);
8800 if (kvm_check_request(KVM_REQ_REPORT_TPR_ACCESS, vcpu)) {
8801 vcpu->run->exit_reason = KVM_EXIT_TPR_ACCESS;
8805 if (kvm_check_request(KVM_REQ_TRIPLE_FAULT, vcpu)) {
8806 vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
8807 vcpu->mmio_needed = 0;
8811 if (kvm_check_request(KVM_REQ_APF_HALT, vcpu)) {
8812 /* Page is swapped out. Do synthetic halt */
8813 vcpu->arch.apf.halted = true;
8817 if (kvm_check_request(KVM_REQ_STEAL_UPDATE, vcpu))
8818 record_steal_time(vcpu);
8819 if (kvm_check_request(KVM_REQ_SMI, vcpu))
8821 if (kvm_check_request(KVM_REQ_NMI, vcpu))
8823 if (kvm_check_request(KVM_REQ_PMU, vcpu))
8824 kvm_pmu_handle_event(vcpu);
8825 if (kvm_check_request(KVM_REQ_PMI, vcpu))
8826 kvm_pmu_deliver_pmi(vcpu);
8827 if (kvm_check_request(KVM_REQ_IOAPIC_EOI_EXIT, vcpu)) {
8828 BUG_ON(vcpu->arch.pending_ioapic_eoi > 255);
8829 if (test_bit(vcpu->arch.pending_ioapic_eoi,
8830 vcpu->arch.ioapic_handled_vectors)) {
8831 vcpu->run->exit_reason = KVM_EXIT_IOAPIC_EOI;
8832 vcpu->run->eoi.vector =
8833 vcpu->arch.pending_ioapic_eoi;
8838 if (kvm_check_request(KVM_REQ_SCAN_IOAPIC, vcpu))
8839 vcpu_scan_ioapic(vcpu);
8840 if (kvm_check_request(KVM_REQ_LOAD_EOI_EXITMAP, vcpu))
8841 vcpu_load_eoi_exitmap(vcpu);
8842 if (kvm_check_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu))
8843 kvm_vcpu_reload_apic_access_page(vcpu);
8844 if (kvm_check_request(KVM_REQ_HV_CRASH, vcpu)) {
8845 vcpu->run->exit_reason = KVM_EXIT_SYSTEM_EVENT;
8846 vcpu->run->system_event.type = KVM_SYSTEM_EVENT_CRASH;
8850 if (kvm_check_request(KVM_REQ_HV_RESET, vcpu)) {
8851 vcpu->run->exit_reason = KVM_EXIT_SYSTEM_EVENT;
8852 vcpu->run->system_event.type = KVM_SYSTEM_EVENT_RESET;
8856 if (kvm_check_request(KVM_REQ_HV_EXIT, vcpu)) {
8857 vcpu->run->exit_reason = KVM_EXIT_HYPERV;
8858 vcpu->run->hyperv = vcpu->arch.hyperv.exit;
8864 * KVM_REQ_HV_STIMER has to be processed after
8865 * KVM_REQ_CLOCK_UPDATE, because Hyper-V SynIC timers
8866 * depend on the guest clock being up-to-date
8868 if (kvm_check_request(KVM_REQ_HV_STIMER, vcpu))
8869 kvm_hv_process_stimers(vcpu);
8870 if (kvm_check_request(KVM_REQ_APICV_UPDATE, vcpu))
8871 kvm_vcpu_update_apicv(vcpu);
8872 if (kvm_check_request(KVM_REQ_APF_READY, vcpu))
8873 kvm_check_async_pf_completion(vcpu);
8874 if (kvm_check_request(KVM_REQ_MSR_FILTER_CHANGED, vcpu))
8875 kvm_x86_ops.msr_filter_changed(vcpu);
8878 if (kvm_check_request(KVM_REQ_EVENT, vcpu) || req_int_win) {
8879 ++vcpu->stat.req_event;
8880 kvm_apic_accept_events(vcpu);
8881 if (vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
8886 inject_pending_event(vcpu, &req_immediate_exit);
8888 kvm_x86_ops.enable_irq_window(vcpu);
8890 if (kvm_lapic_enabled(vcpu)) {
8891 update_cr8_intercept(vcpu);
8892 kvm_lapic_sync_to_vapic(vcpu);
8896 r = kvm_mmu_reload(vcpu);
8898 goto cancel_injection;
8903 kvm_x86_ops.prepare_guest_switch(vcpu);
8906 * Disable IRQs before setting IN_GUEST_MODE. Posted interrupt
8907 * IPI are then delayed after guest entry, which ensures that they
8908 * result in virtual interrupt delivery.
8910 local_irq_disable();
8911 vcpu->mode = IN_GUEST_MODE;
8913 srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
8916 * 1) We should set ->mode before checking ->requests. Please see
8917 * the comment in kvm_vcpu_exiting_guest_mode().
8919 * 2) For APICv, we should set ->mode before checking PID.ON. This
8920 * pairs with the memory barrier implicit in pi_test_and_set_on
8921 * (see vmx_deliver_posted_interrupt).
8923 * 3) This also orders the write to mode from any reads to the page
8924 * tables done while the VCPU is running. Please see the comment
8925 * in kvm_flush_remote_tlbs.
8927 smp_mb__after_srcu_read_unlock();
8930 * This handles the case where a posted interrupt was
8931 * notified with kvm_vcpu_kick.
8933 if (kvm_lapic_enabled(vcpu) && vcpu->arch.apicv_active)
8934 kvm_x86_ops.sync_pir_to_irr(vcpu);
8936 if (kvm_vcpu_exit_request(vcpu)) {
8937 vcpu->mode = OUTSIDE_GUEST_MODE;
8941 vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
8943 goto cancel_injection;
8946 if (req_immediate_exit) {
8947 kvm_make_request(KVM_REQ_EVENT, vcpu);
8948 kvm_x86_ops.request_immediate_exit(vcpu);
8951 trace_kvm_entry(vcpu);
8953 fpregs_assert_state_consistent();
8954 if (test_thread_flag(TIF_NEED_FPU_LOAD))
8955 switch_fpu_return();
8957 if (unlikely(vcpu->arch.switch_db_regs)) {
8959 set_debugreg(vcpu->arch.eff_db[0], 0);
8960 set_debugreg(vcpu->arch.eff_db[1], 1);
8961 set_debugreg(vcpu->arch.eff_db[2], 2);
8962 set_debugreg(vcpu->arch.eff_db[3], 3);
8963 set_debugreg(vcpu->arch.dr6, 6);
8964 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_RELOAD;
8967 exit_fastpath = kvm_x86_ops.run(vcpu);
8970 * Do this here before restoring debug registers on the host. And
8971 * since we do this before handling the vmexit, a DR access vmexit
8972 * can (a) read the correct value of the debug registers, (b) set
8973 * KVM_DEBUGREG_WONT_EXIT again.
8975 if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) {
8976 WARN_ON(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP);
8977 kvm_x86_ops.sync_dirty_debug_regs(vcpu);
8978 kvm_update_dr0123(vcpu);
8979 kvm_update_dr7(vcpu);
8980 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_RELOAD;
8984 * If the guest has used debug registers, at least dr7
8985 * will be disabled while returning to the host.
8986 * If we don't have active breakpoints in the host, we don't
8987 * care about the messed up debug address registers. But if
8988 * we have some of them active, restore the old state.
8990 if (hw_breakpoint_active())
8991 hw_breakpoint_restore();
8993 vcpu->arch.last_vmentry_cpu = vcpu->cpu;
8994 vcpu->arch.last_guest_tsc = kvm_read_l1_tsc(vcpu, rdtsc());
8996 vcpu->mode = OUTSIDE_GUEST_MODE;
8999 kvm_x86_ops.handle_exit_irqoff(vcpu);
9002 * Consume any pending interrupts, including the possible source of
9003 * VM-Exit on SVM and any ticks that occur between VM-Exit and now.
9004 * An instruction is required after local_irq_enable() to fully unblock
9005 * interrupts on processors that implement an interrupt shadow, the
9006 * stat.exits increment will do nicely.
9008 kvm_before_interrupt(vcpu);
9011 local_irq_disable();
9012 kvm_after_interrupt(vcpu);
9014 if (lapic_in_kernel(vcpu)) {
9015 s64 delta = vcpu->arch.apic->lapic_timer.advance_expire_delta;
9016 if (delta != S64_MIN) {
9017 trace_kvm_wait_lapic_expire(vcpu->vcpu_id, delta);
9018 vcpu->arch.apic->lapic_timer.advance_expire_delta = S64_MIN;
9025 vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
9028 * Profile KVM exit RIPs:
9030 if (unlikely(prof_on == KVM_PROFILING)) {
9031 unsigned long rip = kvm_rip_read(vcpu);
9032 profile_hit(KVM_PROFILING, (void *)rip);
9035 if (unlikely(vcpu->arch.tsc_always_catchup))
9036 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
9038 if (vcpu->arch.apic_attention)
9039 kvm_lapic_sync_from_vapic(vcpu);
9041 r = kvm_x86_ops.handle_exit(vcpu, exit_fastpath);
9045 if (req_immediate_exit)
9046 kvm_make_request(KVM_REQ_EVENT, vcpu);
9047 kvm_x86_ops.cancel_injection(vcpu);
9048 if (unlikely(vcpu->arch.apic_attention))
9049 kvm_lapic_sync_from_vapic(vcpu);
9054 static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu)
9056 if (!kvm_arch_vcpu_runnable(vcpu) &&
9057 (!kvm_x86_ops.pre_block || kvm_x86_ops.pre_block(vcpu) == 0)) {
9058 srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
9059 kvm_vcpu_block(vcpu);
9060 vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
9062 if (kvm_x86_ops.post_block)
9063 kvm_x86_ops.post_block(vcpu);
9065 if (!kvm_check_request(KVM_REQ_UNHALT, vcpu))
9069 kvm_apic_accept_events(vcpu);
9070 switch(vcpu->arch.mp_state) {
9071 case KVM_MP_STATE_HALTED:
9072 vcpu->arch.pv.pv_unhalted = false;
9073 vcpu->arch.mp_state =
9074 KVM_MP_STATE_RUNNABLE;
9076 case KVM_MP_STATE_RUNNABLE:
9077 vcpu->arch.apf.halted = false;
9079 case KVM_MP_STATE_INIT_RECEIVED:
9087 static inline bool kvm_vcpu_running(struct kvm_vcpu *vcpu)
9089 if (is_guest_mode(vcpu))
9090 kvm_x86_ops.nested_ops->check_events(vcpu);
9092 return (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE &&
9093 !vcpu->arch.apf.halted);
9096 static int vcpu_run(struct kvm_vcpu *vcpu)
9099 struct kvm *kvm = vcpu->kvm;
9101 vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
9102 vcpu->arch.l1tf_flush_l1d = true;
9105 if (kvm_vcpu_running(vcpu)) {
9106 r = vcpu_enter_guest(vcpu);
9108 r = vcpu_block(kvm, vcpu);
9114 kvm_clear_request(KVM_REQ_PENDING_TIMER, vcpu);
9115 if (kvm_cpu_has_pending_timer(vcpu))
9116 kvm_inject_pending_timer_irqs(vcpu);
9118 if (dm_request_for_irq_injection(vcpu) &&
9119 kvm_vcpu_ready_for_interrupt_injection(vcpu)) {
9121 vcpu->run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
9122 ++vcpu->stat.request_irq_exits;
9126 if (__xfer_to_guest_mode_work_pending()) {
9127 srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
9128 r = xfer_to_guest_mode_handle_work(vcpu);
9131 vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
9135 srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
9140 static inline int complete_emulated_io(struct kvm_vcpu *vcpu)
9144 vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
9145 r = kvm_emulate_instruction(vcpu, EMULTYPE_NO_DECODE);
9146 srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
9150 static int complete_emulated_pio(struct kvm_vcpu *vcpu)
9152 BUG_ON(!vcpu->arch.pio.count);
9154 return complete_emulated_io(vcpu);
9158 * Implements the following, as a state machine:
9162 * for each mmio piece in the fragment
9170 * for each mmio piece in the fragment
9175 static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
9177 struct kvm_run *run = vcpu->run;
9178 struct kvm_mmio_fragment *frag;
9181 BUG_ON(!vcpu->mmio_needed);
9183 /* Complete previous fragment */
9184 frag = &vcpu->mmio_fragments[vcpu->mmio_cur_fragment];
9185 len = min(8u, frag->len);
9186 if (!vcpu->mmio_is_write)
9187 memcpy(frag->data, run->mmio.data, len);
9189 if (frag->len <= 8) {
9190 /* Switch to the next fragment. */
9192 vcpu->mmio_cur_fragment++;
9194 /* Go forward to the next mmio piece. */
9200 if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) {
9201 vcpu->mmio_needed = 0;
9203 /* FIXME: return into emulator if single-stepping. */
9204 if (vcpu->mmio_is_write)
9206 vcpu->mmio_read_completed = 1;
9207 return complete_emulated_io(vcpu);
9210 run->exit_reason = KVM_EXIT_MMIO;
9211 run->mmio.phys_addr = frag->gpa;
9212 if (vcpu->mmio_is_write)
9213 memcpy(run->mmio.data, frag->data, min(8u, frag->len));
9214 run->mmio.len = min(8u, frag->len);
9215 run->mmio.is_write = vcpu->mmio_is_write;
9216 vcpu->arch.complete_userspace_io = complete_emulated_mmio;
9220 static void kvm_save_current_fpu(struct fpu *fpu)
9223 * If the target FPU state is not resident in the CPU registers, just
9224 * memcpy() from current, else save CPU state directly to the target.
9226 if (test_thread_flag(TIF_NEED_FPU_LOAD))
9227 memcpy(&fpu->state, ¤t->thread.fpu.state,
9228 fpu_kernel_xstate_size);
9230 copy_fpregs_to_fpstate(fpu);
9233 /* Swap (qemu) user FPU context for the guest FPU context. */
9234 static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
9238 kvm_save_current_fpu(vcpu->arch.user_fpu);
9240 /* PKRU is separately restored in kvm_x86_ops.run. */
9241 __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state,
9242 ~XFEATURE_MASK_PKRU);
9244 fpregs_mark_activate();
9250 /* When vcpu_run ends, restore user space FPU context. */
9251 static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu)
9255 kvm_save_current_fpu(vcpu->arch.guest_fpu);
9257 copy_kernel_to_fpregs(&vcpu->arch.user_fpu->state);
9259 fpregs_mark_activate();
9262 ++vcpu->stat.fpu_reload;
9266 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu)
9268 struct kvm_run *kvm_run = vcpu->run;
9272 kvm_sigset_activate(vcpu);
9273 kvm_load_guest_fpu(vcpu);
9275 if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) {
9276 if (kvm_run->immediate_exit) {
9280 kvm_vcpu_block(vcpu);
9281 kvm_apic_accept_events(vcpu);
9282 kvm_clear_request(KVM_REQ_UNHALT, vcpu);
9284 if (signal_pending(current)) {
9286 kvm_run->exit_reason = KVM_EXIT_INTR;
9287 ++vcpu->stat.signal_exits;
9292 if (kvm_run->kvm_valid_regs & ~KVM_SYNC_X86_VALID_FIELDS) {
9297 if (kvm_run->kvm_dirty_regs) {
9298 r = sync_regs(vcpu);
9303 /* re-sync apic's tpr */
9304 if (!lapic_in_kernel(vcpu)) {
9305 if (kvm_set_cr8(vcpu, kvm_run->cr8) != 0) {
9311 if (unlikely(vcpu->arch.complete_userspace_io)) {
9312 int (*cui)(struct kvm_vcpu *) = vcpu->arch.complete_userspace_io;
9313 vcpu->arch.complete_userspace_io = NULL;
9318 WARN_ON(vcpu->arch.pio.count || vcpu->mmio_needed);
9320 if (kvm_run->immediate_exit)
9326 kvm_put_guest_fpu(vcpu);
9327 if (kvm_run->kvm_valid_regs)
9329 post_kvm_run_save(vcpu);
9330 kvm_sigset_deactivate(vcpu);
9336 static void __get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
9338 if (vcpu->arch.emulate_regs_need_sync_to_vcpu) {
9340 * We are here if userspace calls get_regs() in the middle of
9341 * instruction emulation. Registers state needs to be copied
9342 * back from emulation context to vcpu. Userspace shouldn't do
9343 * that usually, but some bad designed PV devices (vmware
9344 * backdoor interface) need this to work
9346 emulator_writeback_register_cache(vcpu->arch.emulate_ctxt);
9347 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
9349 regs->rax = kvm_rax_read(vcpu);
9350 regs->rbx = kvm_rbx_read(vcpu);
9351 regs->rcx = kvm_rcx_read(vcpu);
9352 regs->rdx = kvm_rdx_read(vcpu);
9353 regs->rsi = kvm_rsi_read(vcpu);
9354 regs->rdi = kvm_rdi_read(vcpu);
9355 regs->rsp = kvm_rsp_read(vcpu);
9356 regs->rbp = kvm_rbp_read(vcpu);
9357 #ifdef CONFIG_X86_64
9358 regs->r8 = kvm_r8_read(vcpu);
9359 regs->r9 = kvm_r9_read(vcpu);
9360 regs->r10 = kvm_r10_read(vcpu);
9361 regs->r11 = kvm_r11_read(vcpu);
9362 regs->r12 = kvm_r12_read(vcpu);
9363 regs->r13 = kvm_r13_read(vcpu);
9364 regs->r14 = kvm_r14_read(vcpu);
9365 regs->r15 = kvm_r15_read(vcpu);
9368 regs->rip = kvm_rip_read(vcpu);
9369 regs->rflags = kvm_get_rflags(vcpu);
9372 int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
9375 __get_regs(vcpu, regs);
9380 static void __set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
9382 vcpu->arch.emulate_regs_need_sync_from_vcpu = true;
9383 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
9385 kvm_rax_write(vcpu, regs->rax);
9386 kvm_rbx_write(vcpu, regs->rbx);
9387 kvm_rcx_write(vcpu, regs->rcx);
9388 kvm_rdx_write(vcpu, regs->rdx);
9389 kvm_rsi_write(vcpu, regs->rsi);
9390 kvm_rdi_write(vcpu, regs->rdi);
9391 kvm_rsp_write(vcpu, regs->rsp);
9392 kvm_rbp_write(vcpu, regs->rbp);
9393 #ifdef CONFIG_X86_64
9394 kvm_r8_write(vcpu, regs->r8);
9395 kvm_r9_write(vcpu, regs->r9);
9396 kvm_r10_write(vcpu, regs->r10);
9397 kvm_r11_write(vcpu, regs->r11);
9398 kvm_r12_write(vcpu, regs->r12);
9399 kvm_r13_write(vcpu, regs->r13);
9400 kvm_r14_write(vcpu, regs->r14);
9401 kvm_r15_write(vcpu, regs->r15);
9404 kvm_rip_write(vcpu, regs->rip);
9405 kvm_set_rflags(vcpu, regs->rflags | X86_EFLAGS_FIXED);
9407 vcpu->arch.exception.pending = false;
9409 kvm_make_request(KVM_REQ_EVENT, vcpu);
9412 int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
9415 __set_regs(vcpu, regs);
9420 void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
9422 struct kvm_segment cs;
9424 kvm_get_segment(vcpu, &cs, VCPU_SREG_CS);
9428 EXPORT_SYMBOL_GPL(kvm_get_cs_db_l_bits);
9430 static void __get_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
9434 kvm_get_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
9435 kvm_get_segment(vcpu, &sregs->ds, VCPU_SREG_DS);
9436 kvm_get_segment(vcpu, &sregs->es, VCPU_SREG_ES);
9437 kvm_get_segment(vcpu, &sregs->fs, VCPU_SREG_FS);
9438 kvm_get_segment(vcpu, &sregs->gs, VCPU_SREG_GS);
9439 kvm_get_segment(vcpu, &sregs->ss, VCPU_SREG_SS);
9441 kvm_get_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
9442 kvm_get_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
9444 kvm_x86_ops.get_idt(vcpu, &dt);
9445 sregs->idt.limit = dt.size;
9446 sregs->idt.base = dt.address;
9447 kvm_x86_ops.get_gdt(vcpu, &dt);
9448 sregs->gdt.limit = dt.size;
9449 sregs->gdt.base = dt.address;
9451 sregs->cr0 = kvm_read_cr0(vcpu);
9452 sregs->cr2 = vcpu->arch.cr2;
9453 sregs->cr3 = kvm_read_cr3(vcpu);
9454 sregs->cr4 = kvm_read_cr4(vcpu);
9455 sregs->cr8 = kvm_get_cr8(vcpu);
9456 sregs->efer = vcpu->arch.efer;
9457 sregs->apic_base = kvm_get_apic_base(vcpu);
9459 memset(sregs->interrupt_bitmap, 0, sizeof(sregs->interrupt_bitmap));
9461 if (vcpu->arch.interrupt.injected && !vcpu->arch.interrupt.soft)
9462 set_bit(vcpu->arch.interrupt.nr,
9463 (unsigned long *)sregs->interrupt_bitmap);
9466 int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
9467 struct kvm_sregs *sregs)
9470 __get_sregs(vcpu, sregs);
9475 int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
9476 struct kvm_mp_state *mp_state)
9479 if (kvm_mpx_supported())
9480 kvm_load_guest_fpu(vcpu);
9482 kvm_apic_accept_events(vcpu);
9483 if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED &&
9484 vcpu->arch.pv.pv_unhalted)
9485 mp_state->mp_state = KVM_MP_STATE_RUNNABLE;
9487 mp_state->mp_state = vcpu->arch.mp_state;
9489 if (kvm_mpx_supported())
9490 kvm_put_guest_fpu(vcpu);
9495 int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
9496 struct kvm_mp_state *mp_state)
9502 if (!lapic_in_kernel(vcpu) &&
9503 mp_state->mp_state != KVM_MP_STATE_RUNNABLE)
9507 * KVM_MP_STATE_INIT_RECEIVED means the processor is in
9508 * INIT state; latched init should be reported using
9509 * KVM_SET_VCPU_EVENTS, so reject it here.
9511 if ((kvm_vcpu_latch_init(vcpu) || vcpu->arch.smi_pending) &&
9512 (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED ||
9513 mp_state->mp_state == KVM_MP_STATE_INIT_RECEIVED))
9516 if (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED) {
9517 vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
9518 set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events);
9520 vcpu->arch.mp_state = mp_state->mp_state;
9521 kvm_make_request(KVM_REQ_EVENT, vcpu);
9529 int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index,
9530 int reason, bool has_error_code, u32 error_code)
9532 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
9535 init_emulate_ctxt(vcpu);
9537 ret = emulator_task_switch(ctxt, tss_selector, idt_index, reason,
9538 has_error_code, error_code);
9540 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
9541 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
9542 vcpu->run->internal.ndata = 0;
9546 kvm_rip_write(vcpu, ctxt->eip);
9547 kvm_set_rflags(vcpu, ctxt->eflags);
9550 EXPORT_SYMBOL_GPL(kvm_task_switch);
9552 static bool kvm_is_valid_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
9554 if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG)) {
9556 * When EFER.LME and CR0.PG are set, the processor is in
9557 * 64-bit mode (though maybe in a 32-bit code segment).
9558 * CR4.PAE and EFER.LMA must be set.
9560 if (!(sregs->cr4 & X86_CR4_PAE) || !(sregs->efer & EFER_LMA))
9564 * Not in 64-bit mode: EFER.LMA is clear and the code
9565 * segment cannot be 64-bit.
9567 if (sregs->efer & EFER_LMA || sregs->cs.l)
9571 return kvm_is_valid_cr4(vcpu, sregs->cr4);
9574 static int __set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
9576 struct msr_data apic_base_msr;
9577 int mmu_reset_needed = 0;
9578 int pending_vec, max_bits, idx;
9582 if (!kvm_is_valid_sregs(vcpu, sregs))
9585 apic_base_msr.data = sregs->apic_base;
9586 apic_base_msr.host_initiated = true;
9587 if (kvm_set_apic_base(vcpu, &apic_base_msr))
9590 dt.size = sregs->idt.limit;
9591 dt.address = sregs->idt.base;
9592 kvm_x86_ops.set_idt(vcpu, &dt);
9593 dt.size = sregs->gdt.limit;
9594 dt.address = sregs->gdt.base;
9595 kvm_x86_ops.set_gdt(vcpu, &dt);
9597 vcpu->arch.cr2 = sregs->cr2;
9598 mmu_reset_needed |= kvm_read_cr3(vcpu) != sregs->cr3;
9599 vcpu->arch.cr3 = sregs->cr3;
9600 kvm_register_mark_available(vcpu, VCPU_EXREG_CR3);
9602 kvm_set_cr8(vcpu, sregs->cr8);
9604 mmu_reset_needed |= vcpu->arch.efer != sregs->efer;
9605 kvm_x86_ops.set_efer(vcpu, sregs->efer);
9607 mmu_reset_needed |= kvm_read_cr0(vcpu) != sregs->cr0;
9608 kvm_x86_ops.set_cr0(vcpu, sregs->cr0);
9609 vcpu->arch.cr0 = sregs->cr0;
9611 mmu_reset_needed |= kvm_read_cr4(vcpu) != sregs->cr4;
9612 kvm_x86_ops.set_cr4(vcpu, sregs->cr4);
9614 idx = srcu_read_lock(&vcpu->kvm->srcu);
9615 if (is_pae_paging(vcpu)) {
9616 load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
9617 mmu_reset_needed = 1;
9619 srcu_read_unlock(&vcpu->kvm->srcu, idx);
9621 if (mmu_reset_needed)
9622 kvm_mmu_reset_context(vcpu);
9624 max_bits = KVM_NR_INTERRUPTS;
9625 pending_vec = find_first_bit(
9626 (const unsigned long *)sregs->interrupt_bitmap, max_bits);
9627 if (pending_vec < max_bits) {
9628 kvm_queue_interrupt(vcpu, pending_vec, false);
9629 pr_debug("Set back pending irq %d\n", pending_vec);
9632 kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
9633 kvm_set_segment(vcpu, &sregs->ds, VCPU_SREG_DS);
9634 kvm_set_segment(vcpu, &sregs->es, VCPU_SREG_ES);
9635 kvm_set_segment(vcpu, &sregs->fs, VCPU_SREG_FS);
9636 kvm_set_segment(vcpu, &sregs->gs, VCPU_SREG_GS);
9637 kvm_set_segment(vcpu, &sregs->ss, VCPU_SREG_SS);
9639 kvm_set_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
9640 kvm_set_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
9642 update_cr8_intercept(vcpu);
9644 /* Older userspace won't unhalt the vcpu on reset. */
9645 if (kvm_vcpu_is_bsp(vcpu) && kvm_rip_read(vcpu) == 0xfff0 &&
9646 sregs->cs.selector == 0xf000 && sregs->cs.base == 0xffff0000 &&
9648 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
9650 kvm_make_request(KVM_REQ_EVENT, vcpu);
9657 int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
9658 struct kvm_sregs *sregs)
9663 ret = __set_sregs(vcpu, sregs);
9668 int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
9669 struct kvm_guest_debug *dbg)
9671 unsigned long rflags;
9674 if (vcpu->arch.guest_state_protected)
9679 if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) {
9681 if (vcpu->arch.exception.pending)
9683 if (dbg->control & KVM_GUESTDBG_INJECT_DB)
9684 kvm_queue_exception(vcpu, DB_VECTOR);
9686 kvm_queue_exception(vcpu, BP_VECTOR);
9690 * Read rflags as long as potentially injected trace flags are still
9693 rflags = kvm_get_rflags(vcpu);
9695 vcpu->guest_debug = dbg->control;
9696 if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
9697 vcpu->guest_debug = 0;
9699 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
9700 for (i = 0; i < KVM_NR_DB_REGS; ++i)
9701 vcpu->arch.eff_db[i] = dbg->arch.debugreg[i];
9702 vcpu->arch.guest_debug_dr7 = dbg->arch.debugreg[7];
9704 for (i = 0; i < KVM_NR_DB_REGS; i++)
9705 vcpu->arch.eff_db[i] = vcpu->arch.db[i];
9707 kvm_update_dr7(vcpu);
9709 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
9710 vcpu->arch.singlestep_rip = kvm_rip_read(vcpu) +
9711 get_segment_base(vcpu, VCPU_SREG_CS);
9714 * Trigger an rflags update that will inject or remove the trace
9717 kvm_set_rflags(vcpu, rflags);
9719 kvm_x86_ops.update_exception_bitmap(vcpu);
9729 * Translate a guest virtual address to a guest physical address.
9731 int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
9732 struct kvm_translation *tr)
9734 unsigned long vaddr = tr->linear_address;
9740 idx = srcu_read_lock(&vcpu->kvm->srcu);
9741 gpa = kvm_mmu_gva_to_gpa_system(vcpu, vaddr, NULL);
9742 srcu_read_unlock(&vcpu->kvm->srcu, idx);
9743 tr->physical_address = gpa;
9744 tr->valid = gpa != UNMAPPED_GVA;
9752 int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
9754 struct fxregs_state *fxsave;
9758 fxsave = &vcpu->arch.guest_fpu->state.fxsave;
9759 memcpy(fpu->fpr, fxsave->st_space, 128);
9760 fpu->fcw = fxsave->cwd;
9761 fpu->fsw = fxsave->swd;
9762 fpu->ftwx = fxsave->twd;
9763 fpu->last_opcode = fxsave->fop;
9764 fpu->last_ip = fxsave->rip;
9765 fpu->last_dp = fxsave->rdp;
9766 memcpy(fpu->xmm, fxsave->xmm_space, sizeof(fxsave->xmm_space));
9772 int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
9774 struct fxregs_state *fxsave;
9778 fxsave = &vcpu->arch.guest_fpu->state.fxsave;
9780 memcpy(fxsave->st_space, fpu->fpr, 128);
9781 fxsave->cwd = fpu->fcw;
9782 fxsave->swd = fpu->fsw;
9783 fxsave->twd = fpu->ftwx;
9784 fxsave->fop = fpu->last_opcode;
9785 fxsave->rip = fpu->last_ip;
9786 fxsave->rdp = fpu->last_dp;
9787 memcpy(fxsave->xmm_space, fpu->xmm, sizeof(fxsave->xmm_space));
9793 static void store_regs(struct kvm_vcpu *vcpu)
9795 BUILD_BUG_ON(sizeof(struct kvm_sync_regs) > SYNC_REGS_SIZE_BYTES);
9797 if (vcpu->run->kvm_valid_regs & KVM_SYNC_X86_REGS)
9798 __get_regs(vcpu, &vcpu->run->s.regs.regs);
9800 if (vcpu->run->kvm_valid_regs & KVM_SYNC_X86_SREGS)
9801 __get_sregs(vcpu, &vcpu->run->s.regs.sregs);
9803 if (vcpu->run->kvm_valid_regs & KVM_SYNC_X86_EVENTS)
9804 kvm_vcpu_ioctl_x86_get_vcpu_events(
9805 vcpu, &vcpu->run->s.regs.events);
9808 static int sync_regs(struct kvm_vcpu *vcpu)
9810 if (vcpu->run->kvm_dirty_regs & ~KVM_SYNC_X86_VALID_FIELDS)
9813 if (vcpu->run->kvm_dirty_regs & KVM_SYNC_X86_REGS) {
9814 __set_regs(vcpu, &vcpu->run->s.regs.regs);
9815 vcpu->run->kvm_dirty_regs &= ~KVM_SYNC_X86_REGS;
9817 if (vcpu->run->kvm_dirty_regs & KVM_SYNC_X86_SREGS) {
9818 if (__set_sregs(vcpu, &vcpu->run->s.regs.sregs))
9820 vcpu->run->kvm_dirty_regs &= ~KVM_SYNC_X86_SREGS;
9822 if (vcpu->run->kvm_dirty_regs & KVM_SYNC_X86_EVENTS) {
9823 if (kvm_vcpu_ioctl_x86_set_vcpu_events(
9824 vcpu, &vcpu->run->s.regs.events))
9826 vcpu->run->kvm_dirty_regs &= ~KVM_SYNC_X86_EVENTS;
9832 static void fx_init(struct kvm_vcpu *vcpu)
9834 fpstate_init(&vcpu->arch.guest_fpu->state);
9835 if (boot_cpu_has(X86_FEATURE_XSAVES))
9836 vcpu->arch.guest_fpu->state.xsave.header.xcomp_bv =
9837 host_xcr0 | XSTATE_COMPACTION_ENABLED;
9840 * Ensure guest xcr0 is valid for loading
9842 vcpu->arch.xcr0 = XFEATURE_MASK_FP;
9844 vcpu->arch.cr0 |= X86_CR0_ET;
9847 int kvm_arch_vcpu_precreate(struct kvm *kvm, unsigned int id)
9849 if (kvm_check_tsc_unstable() && atomic_read(&kvm->online_vcpus) != 0)
9850 pr_warn_once("kvm: SMP vm created on host with unstable TSC; "
9851 "guest TSC will not be reliable\n");
9856 int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
9861 if (!irqchip_in_kernel(vcpu->kvm) || kvm_vcpu_is_reset_bsp(vcpu))
9862 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
9864 vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
9866 kvm_set_tsc_khz(vcpu, max_tsc_khz);
9868 r = kvm_mmu_create(vcpu);
9872 if (irqchip_in_kernel(vcpu->kvm)) {
9873 r = kvm_create_lapic(vcpu, lapic_timer_advance_ns);
9875 goto fail_mmu_destroy;
9876 if (kvm_apicv_activated(vcpu->kvm))
9877 vcpu->arch.apicv_active = true;
9879 static_key_slow_inc(&kvm_no_apic_vcpu);
9883 page = alloc_page(GFP_KERNEL | __GFP_ZERO);
9885 goto fail_free_lapic;
9886 vcpu->arch.pio_data = page_address(page);
9888 vcpu->arch.mce_banks = kzalloc(KVM_MAX_MCE_BANKS * sizeof(u64) * 4,
9889 GFP_KERNEL_ACCOUNT);
9890 if (!vcpu->arch.mce_banks)
9891 goto fail_free_pio_data;
9892 vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;
9894 if (!zalloc_cpumask_var(&vcpu->arch.wbinvd_dirty_mask,
9895 GFP_KERNEL_ACCOUNT))
9896 goto fail_free_mce_banks;
9898 if (!alloc_emulate_ctxt(vcpu))
9899 goto free_wbinvd_dirty_mask;
9901 vcpu->arch.user_fpu = kmem_cache_zalloc(x86_fpu_cache,
9902 GFP_KERNEL_ACCOUNT);
9903 if (!vcpu->arch.user_fpu) {
9904 pr_err("kvm: failed to allocate userspace's fpu\n");
9905 goto free_emulate_ctxt;
9908 vcpu->arch.guest_fpu = kmem_cache_zalloc(x86_fpu_cache,
9909 GFP_KERNEL_ACCOUNT);
9910 if (!vcpu->arch.guest_fpu) {
9911 pr_err("kvm: failed to allocate vcpu's fpu\n");
9916 vcpu->arch.maxphyaddr = cpuid_query_maxphyaddr(vcpu);
9918 vcpu->arch.pat = MSR_IA32_CR_PAT_DEFAULT;
9920 kvm_async_pf_hash_reset(vcpu);
9923 vcpu->arch.pending_external_vector = -1;
9924 vcpu->arch.preempted_in_kernel = false;
9926 kvm_hv_vcpu_init(vcpu);
9928 r = kvm_x86_ops.vcpu_create(vcpu);
9930 goto free_guest_fpu;
9932 vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
9933 vcpu->arch.msr_platform_info = MSR_PLATFORM_INFO_CPUID_FAULT;
9934 kvm_vcpu_mtrr_init(vcpu);
9936 kvm_vcpu_reset(vcpu, false);
9937 kvm_init_mmu(vcpu, false);
9942 kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu);
9944 kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu);
9946 kmem_cache_free(x86_emulator_cache, vcpu->arch.emulate_ctxt);
9947 free_wbinvd_dirty_mask:
9948 free_cpumask_var(vcpu->arch.wbinvd_dirty_mask);
9949 fail_free_mce_banks:
9950 kfree(vcpu->arch.mce_banks);
9952 free_page((unsigned long)vcpu->arch.pio_data);
9954 kvm_free_lapic(vcpu);
9956 kvm_mmu_destroy(vcpu);
9960 void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
9962 struct kvm *kvm = vcpu->kvm;
9964 kvm_hv_vcpu_postcreate(vcpu);
9966 if (mutex_lock_killable(&vcpu->mutex))
9969 kvm_synchronize_tsc(vcpu, 0);
9972 /* poll control enabled by default */
9973 vcpu->arch.msr_kvm_poll_control = 1;
9975 mutex_unlock(&vcpu->mutex);
9977 if (kvmclock_periodic_sync && vcpu->vcpu_idx == 0)
9978 schedule_delayed_work(&kvm->arch.kvmclock_sync_work,
9979 KVMCLOCK_SYNC_PERIOD);
9982 void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
9984 struct gfn_to_pfn_cache *cache = &vcpu->arch.st.cache;
9987 kvm_release_pfn(cache->pfn, cache->dirty, cache);
9989 kvmclock_reset(vcpu);
9991 kvm_x86_ops.vcpu_free(vcpu);
9993 kmem_cache_free(x86_emulator_cache, vcpu->arch.emulate_ctxt);
9994 free_cpumask_var(vcpu->arch.wbinvd_dirty_mask);
9995 kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu);
9996 kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu);
9998 kvm_hv_vcpu_uninit(vcpu);
9999 kvm_pmu_destroy(vcpu);
10000 kfree(vcpu->arch.mce_banks);
10001 kvm_free_lapic(vcpu);
10002 idx = srcu_read_lock(&vcpu->kvm->srcu);
10003 kvm_mmu_destroy(vcpu);
10004 srcu_read_unlock(&vcpu->kvm->srcu, idx);
10005 free_page((unsigned long)vcpu->arch.pio_data);
10006 kvfree(vcpu->arch.cpuid_entries);
10007 if (!lapic_in_kernel(vcpu))
10008 static_key_slow_dec(&kvm_no_apic_vcpu);
10011 void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
10013 kvm_lapic_reset(vcpu, init_event);
10015 vcpu->arch.hflags = 0;
10017 vcpu->arch.smi_pending = 0;
10018 vcpu->arch.smi_count = 0;
10019 atomic_set(&vcpu->arch.nmi_queued, 0);
10020 vcpu->arch.nmi_pending = 0;
10021 vcpu->arch.nmi_injected = false;
10022 kvm_clear_interrupt_queue(vcpu);
10023 kvm_clear_exception_queue(vcpu);
10025 memset(vcpu->arch.db, 0, sizeof(vcpu->arch.db));
10026 kvm_update_dr0123(vcpu);
10027 vcpu->arch.dr6 = DR6_INIT;
10028 vcpu->arch.dr7 = DR7_FIXED_1;
10029 kvm_update_dr7(vcpu);
10031 vcpu->arch.cr2 = 0;
10033 kvm_make_request(KVM_REQ_EVENT, vcpu);
10034 vcpu->arch.apf.msr_en_val = 0;
10035 vcpu->arch.apf.msr_int_val = 0;
10036 vcpu->arch.st.msr_val = 0;
10038 kvmclock_reset(vcpu);
10040 kvm_clear_async_pf_completion_queue(vcpu);
10041 kvm_async_pf_hash_reset(vcpu);
10042 vcpu->arch.apf.halted = false;
10044 if (kvm_mpx_supported()) {
10045 void *mpx_state_buffer;
10048 * To avoid have the INIT path from kvm_apic_has_events() that be
10049 * called with loaded FPU and does not let userspace fix the state.
10052 kvm_put_guest_fpu(vcpu);
10053 mpx_state_buffer = get_xsave_addr(&vcpu->arch.guest_fpu->state.xsave,
10055 if (mpx_state_buffer)
10056 memset(mpx_state_buffer, 0, sizeof(struct mpx_bndreg_state));
10057 mpx_state_buffer = get_xsave_addr(&vcpu->arch.guest_fpu->state.xsave,
10059 if (mpx_state_buffer)
10060 memset(mpx_state_buffer, 0, sizeof(struct mpx_bndcsr));
10062 kvm_load_guest_fpu(vcpu);
10066 kvm_pmu_reset(vcpu);
10067 vcpu->arch.smbase = 0x30000;
10069 vcpu->arch.msr_misc_features_enables = 0;
10071 vcpu->arch.xcr0 = XFEATURE_MASK_FP;
10074 memset(vcpu->arch.regs, 0, sizeof(vcpu->arch.regs));
10075 vcpu->arch.regs_avail = ~0;
10076 vcpu->arch.regs_dirty = ~0;
10078 vcpu->arch.ia32_xss = 0;
10080 kvm_x86_ops.vcpu_reset(vcpu, init_event);
10083 void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
10085 struct kvm_segment cs;
10087 kvm_get_segment(vcpu, &cs, VCPU_SREG_CS);
10088 cs.selector = vector << 8;
10089 cs.base = vector << 12;
10090 kvm_set_segment(vcpu, &cs, VCPU_SREG_CS);
10091 kvm_rip_write(vcpu, 0);
10094 int kvm_arch_hardware_enable(void)
10097 struct kvm_vcpu *vcpu;
10102 bool stable, backwards_tsc = false;
10104 kvm_user_return_msr_cpu_online();
10105 ret = kvm_x86_ops.hardware_enable();
10109 local_tsc = rdtsc();
10110 stable = !kvm_check_tsc_unstable();
10111 list_for_each_entry(kvm, &vm_list, vm_list) {
10112 kvm_for_each_vcpu(i, vcpu, kvm) {
10113 if (!stable && vcpu->cpu == smp_processor_id())
10114 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
10115 if (stable && vcpu->arch.last_host_tsc > local_tsc) {
10116 backwards_tsc = true;
10117 if (vcpu->arch.last_host_tsc > max_tsc)
10118 max_tsc = vcpu->arch.last_host_tsc;
10124 * Sometimes, even reliable TSCs go backwards. This happens on
10125 * platforms that reset TSC during suspend or hibernate actions, but
10126 * maintain synchronization. We must compensate. Fortunately, we can
10127 * detect that condition here, which happens early in CPU bringup,
10128 * before any KVM threads can be running. Unfortunately, we can't
10129 * bring the TSCs fully up to date with real time, as we aren't yet far
10130 * enough into CPU bringup that we know how much real time has actually
10131 * elapsed; our helper function, ktime_get_boottime_ns() will be using boot
10132 * variables that haven't been updated yet.
10134 * So we simply find the maximum observed TSC above, then record the
10135 * adjustment to TSC in each VCPU. When the VCPU later gets loaded,
10136 * the adjustment will be applied. Note that we accumulate
10137 * adjustments, in case multiple suspend cycles happen before some VCPU
10138 * gets a chance to run again. In the event that no KVM threads get a
10139 * chance to run, we will miss the entire elapsed period, as we'll have
10140 * reset last_host_tsc, so VCPUs will not have the TSC adjusted and may
10141 * loose cycle time. This isn't too big a deal, since the loss will be
10142 * uniform across all VCPUs (not to mention the scenario is extremely
10143 * unlikely). It is possible that a second hibernate recovery happens
10144 * much faster than a first, causing the observed TSC here to be
10145 * smaller; this would require additional padding adjustment, which is
10146 * why we set last_host_tsc to the local tsc observed here.
10148 * N.B. - this code below runs only on platforms with reliable TSC,
10149 * as that is the only way backwards_tsc is set above. Also note
10150 * that this runs for ALL vcpus, which is not a bug; all VCPUs should
10151 * have the same delta_cyc adjustment applied if backwards_tsc
10152 * is detected. Note further, this adjustment is only done once,
10153 * as we reset last_host_tsc on all VCPUs to stop this from being
10154 * called multiple times (one for each physical CPU bringup).
10156 * Platforms with unreliable TSCs don't have to deal with this, they
10157 * will be compensated by the logic in vcpu_load, which sets the TSC to
10158 * catchup mode. This will catchup all VCPUs to real time, but cannot
10159 * guarantee that they stay in perfect synchronization.
10161 if (backwards_tsc) {
10162 u64 delta_cyc = max_tsc - local_tsc;
10163 list_for_each_entry(kvm, &vm_list, vm_list) {
10164 kvm->arch.backwards_tsc_observed = true;
10165 kvm_for_each_vcpu(i, vcpu, kvm) {
10166 vcpu->arch.tsc_offset_adjustment += delta_cyc;
10167 vcpu->arch.last_host_tsc = local_tsc;
10168 kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu);
10172 * We have to disable TSC offset matching.. if you were
10173 * booting a VM while issuing an S4 host suspend....
10174 * you may have some problem. Solving this issue is
10175 * left as an exercise to the reader.
10177 kvm->arch.last_tsc_nsec = 0;
10178 kvm->arch.last_tsc_write = 0;
10185 void kvm_arch_hardware_disable(void)
10187 kvm_x86_ops.hardware_disable();
10188 drop_user_return_notifiers();
10191 int kvm_arch_hardware_setup(void *opaque)
10193 struct kvm_x86_init_ops *ops = opaque;
10196 rdmsrl_safe(MSR_EFER, &host_efer);
10198 if (boot_cpu_has(X86_FEATURE_XSAVES))
10199 rdmsrl(MSR_IA32_XSS, host_xss);
10201 r = ops->hardware_setup();
10205 memcpy(&kvm_x86_ops, ops->runtime_ops, sizeof(kvm_x86_ops));
10207 if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES))
10210 #define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f)
10211 cr4_reserved_bits = __cr4_reserved_bits(__kvm_cpu_cap_has, UNUSED_);
10212 #undef __kvm_cpu_cap_has
10214 if (kvm_has_tsc_control) {
10216 * Make sure the user can only configure tsc_khz values that
10217 * fit into a signed integer.
10218 * A min value is not calculated because it will always
10219 * be 1 on all machines.
10221 u64 max = min(0x7fffffffULL,
10222 __scale_tsc(kvm_max_tsc_scaling_ratio, tsc_khz));
10223 kvm_max_guest_tsc_khz = max;
10225 kvm_default_tsc_scaling_ratio = 1ULL << kvm_tsc_scaling_ratio_frac_bits;
10228 kvm_init_msr_list();
10232 void kvm_arch_hardware_unsetup(void)
10234 kvm_x86_ops.hardware_unsetup();
10237 int kvm_arch_check_processor_compat(void *opaque)
10239 struct cpuinfo_x86 *c = &cpu_data(smp_processor_id());
10240 struct kvm_x86_init_ops *ops = opaque;
10242 WARN_ON(!irqs_disabled());
10244 if (__cr4_reserved_bits(cpu_has, c) !=
10245 __cr4_reserved_bits(cpu_has, &boot_cpu_data))
10248 return ops->check_processor_compatibility();
10251 bool kvm_vcpu_is_reset_bsp(struct kvm_vcpu *vcpu)
10253 return vcpu->kvm->arch.bsp_vcpu_id == vcpu->vcpu_id;
10255 EXPORT_SYMBOL_GPL(kvm_vcpu_is_reset_bsp);
10257 bool kvm_vcpu_is_bsp(struct kvm_vcpu *vcpu)
10259 return (vcpu->arch.apic_base & MSR_IA32_APICBASE_BSP) != 0;
10262 struct static_key kvm_no_apic_vcpu __read_mostly;
10263 EXPORT_SYMBOL_GPL(kvm_no_apic_vcpu);
10265 void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu)
10267 struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
10269 vcpu->arch.l1tf_flush_l1d = true;
10270 if (pmu->version && unlikely(pmu->event_count)) {
10271 pmu->need_cleanup = true;
10272 kvm_make_request(KVM_REQ_PMU, vcpu);
10274 kvm_x86_ops.sched_in(vcpu, cpu);
10277 void kvm_arch_free_vm(struct kvm *kvm)
10279 kfree(kvm->arch.hyperv.hv_pa_pg);
10284 int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
10289 INIT_HLIST_HEAD(&kvm->arch.mask_notifier_list);
10290 INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
10291 INIT_LIST_HEAD(&kvm->arch.zapped_obsolete_pages);
10292 INIT_LIST_HEAD(&kvm->arch.lpage_disallowed_mmu_pages);
10293 INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
10294 atomic_set(&kvm->arch.noncoherent_dma_count, 0);
10296 /* Reserve bit 0 of irq_sources_bitmap for userspace irq source */
10297 set_bit(KVM_USERSPACE_IRQ_SOURCE_ID, &kvm->arch.irq_sources_bitmap);
10298 /* Reserve bit 1 of irq_sources_bitmap for irqfd-resampler */
10299 set_bit(KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID,
10300 &kvm->arch.irq_sources_bitmap);
10302 raw_spin_lock_init(&kvm->arch.tsc_write_lock);
10303 mutex_init(&kvm->arch.apic_map_lock);
10304 spin_lock_init(&kvm->arch.pvclock_gtod_sync_lock);
10306 kvm->arch.kvmclock_offset = -get_kvmclock_base_ns();
10307 pvclock_update_vm_gtod_copy(kvm);
10309 kvm->arch.guest_can_read_msr_platform_info = true;
10311 INIT_DELAYED_WORK(&kvm->arch.kvmclock_update_work, kvmclock_update_fn);
10312 INIT_DELAYED_WORK(&kvm->arch.kvmclock_sync_work, kvmclock_sync_fn);
10314 kvm_hv_init_vm(kvm);
10315 kvm_page_track_init(kvm);
10316 kvm_mmu_init_vm(kvm);
10318 return kvm_x86_ops.vm_init(kvm);
10321 int kvm_arch_post_init_vm(struct kvm *kvm)
10323 return kvm_mmu_post_init_vm(kvm);
10326 static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
10329 kvm_mmu_unload(vcpu);
10333 static void kvm_free_vcpus(struct kvm *kvm)
10336 struct kvm_vcpu *vcpu;
10339 * Unpin any mmu pages first.
10341 kvm_for_each_vcpu(i, vcpu, kvm) {
10342 kvm_clear_async_pf_completion_queue(vcpu);
10343 kvm_unload_vcpu_mmu(vcpu);
10345 kvm_for_each_vcpu(i, vcpu, kvm)
10346 kvm_vcpu_destroy(vcpu);
10348 mutex_lock(&kvm->lock);
10349 for (i = 0; i < atomic_read(&kvm->online_vcpus); i++)
10350 kvm->vcpus[i] = NULL;
10352 atomic_set(&kvm->online_vcpus, 0);
10353 mutex_unlock(&kvm->lock);
10356 void kvm_arch_sync_events(struct kvm *kvm)
10358 cancel_delayed_work_sync(&kvm->arch.kvmclock_sync_work);
10359 cancel_delayed_work_sync(&kvm->arch.kvmclock_update_work);
10363 #define ERR_PTR_USR(e) ((void __user *)ERR_PTR(e))
10366 * __x86_set_memory_region: Setup KVM internal memory slot
10368 * @kvm: the kvm pointer to the VM.
10369 * @id: the slot ID to setup.
10370 * @gpa: the GPA to install the slot (unused when @size == 0).
10371 * @size: the size of the slot. Set to zero to uninstall a slot.
10373 * This function helps to setup a KVM internal memory slot. Specify
10374 * @size > 0 to install a new slot, while @size == 0 to uninstall a
10375 * slot. The return code can be one of the following:
10377 * HVA: on success (uninstall will return a bogus HVA)
10380 * The caller should always use IS_ERR() to check the return value
10381 * before use. Note, the KVM internal memory slots are guaranteed to
10382 * remain valid and unchanged until the VM is destroyed, i.e., the
10383 * GPA->HVA translation will not change. However, the HVA is a user
10384 * address, i.e. its accessibility is not guaranteed, and must be
10385 * accessed via __copy_{to,from}_user().
10387 void __user * __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa,
10391 unsigned long hva, old_npages;
10392 struct kvm_memslots *slots = kvm_memslots(kvm);
10393 struct kvm_memory_slot *slot;
10395 /* Called with kvm->slots_lock held. */
10396 if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
10397 return ERR_PTR_USR(-EINVAL);
10399 slot = id_to_memslot(slots, id);
10401 if (slot && slot->npages)
10402 return ERR_PTR_USR(-EEXIST);
10405 * MAP_SHARED to prevent internal slot pages from being moved
10408 hva = vm_mmap(NULL, 0, size, PROT_READ | PROT_WRITE,
10409 MAP_SHARED | MAP_ANONYMOUS, 0);
10410 if (IS_ERR((void *)hva))
10411 return (void __user *)hva;
10413 if (!slot || !slot->npages)
10416 old_npages = slot->npages;
10420 for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
10421 struct kvm_userspace_memory_region m;
10423 m.slot = id | (i << 16);
10425 m.guest_phys_addr = gpa;
10426 m.userspace_addr = hva;
10427 m.memory_size = size;
10428 r = __kvm_set_memory_region(kvm, &m);
10430 return ERR_PTR_USR(r);
10434 vm_munmap(hva, old_npages * PAGE_SIZE);
10436 return (void __user *)hva;
10438 EXPORT_SYMBOL_GPL(__x86_set_memory_region);
10440 void kvm_arch_pre_destroy_vm(struct kvm *kvm)
10442 kvm_mmu_pre_destroy_vm(kvm);
10445 void kvm_arch_destroy_vm(struct kvm *kvm)
10449 if (current->mm == kvm->mm) {
10451 * Free memory regions allocated on behalf of userspace,
10452 * unless the the memory map has changed due to process exit
10455 mutex_lock(&kvm->slots_lock);
10456 __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
10458 __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
10460 __x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
10461 mutex_unlock(&kvm->slots_lock);
10463 if (kvm_x86_ops.vm_destroy)
10464 kvm_x86_ops.vm_destroy(kvm);
10465 for (i = 0; i < kvm->arch.msr_filter.count; i++)
10466 kfree(kvm->arch.msr_filter.ranges[i].bitmap);
10467 kvm_pic_destroy(kvm);
10468 kvm_ioapic_destroy(kvm);
10469 kvm_free_vcpus(kvm);
10470 kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
10471 kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
10472 kvm_mmu_uninit_vm(kvm);
10473 kvm_page_track_cleanup(kvm);
10474 kvm_hv_destroy_vm(kvm);
10477 void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot)
10481 for (i = 0; i < KVM_NR_PAGE_SIZES; ++i) {
10482 kvfree(slot->arch.rmap[i]);
10483 slot->arch.rmap[i] = NULL;
10488 kvfree(slot->arch.lpage_info[i - 1]);
10489 slot->arch.lpage_info[i - 1] = NULL;
10492 kvm_page_track_free_memslot(slot);
10495 static int kvm_alloc_memslot_metadata(struct kvm_memory_slot *slot,
10496 unsigned long npages)
10501 * Clear out the previous array pointers for the KVM_MR_MOVE case. The
10502 * old arrays will be freed by __kvm_set_memory_region() if installing
10503 * the new memslot is successful.
10505 memset(&slot->arch, 0, sizeof(slot->arch));
10507 for (i = 0; i < KVM_NR_PAGE_SIZES; ++i) {
10508 struct kvm_lpage_info *linfo;
10509 unsigned long ugfn;
10513 lpages = gfn_to_index(slot->base_gfn + npages - 1,
10514 slot->base_gfn, level) + 1;
10516 slot->arch.rmap[i] =
10517 kvcalloc(lpages, sizeof(*slot->arch.rmap[i]),
10518 GFP_KERNEL_ACCOUNT);
10519 if (!slot->arch.rmap[i])
10524 linfo = kvcalloc(lpages, sizeof(*linfo), GFP_KERNEL_ACCOUNT);
10528 slot->arch.lpage_info[i - 1] = linfo;
10530 if (slot->base_gfn & (KVM_PAGES_PER_HPAGE(level) - 1))
10531 linfo[0].disallow_lpage = 1;
10532 if ((slot->base_gfn + npages) & (KVM_PAGES_PER_HPAGE(level) - 1))
10533 linfo[lpages - 1].disallow_lpage = 1;
10534 ugfn = slot->userspace_addr >> PAGE_SHIFT;
10536 * If the gfn and userspace address are not aligned wrt each
10537 * other, disable large page support for this slot.
10539 if ((slot->base_gfn ^ ugfn) & (KVM_PAGES_PER_HPAGE(level) - 1)) {
10542 for (j = 0; j < lpages; ++j)
10543 linfo[j].disallow_lpage = 1;
10547 if (kvm_page_track_create_memslot(slot, npages))
10553 for (i = 0; i < KVM_NR_PAGE_SIZES; ++i) {
10554 kvfree(slot->arch.rmap[i]);
10555 slot->arch.rmap[i] = NULL;
10559 kvfree(slot->arch.lpage_info[i - 1]);
10560 slot->arch.lpage_info[i - 1] = NULL;
10565 void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen)
10567 struct kvm_vcpu *vcpu;
10571 * memslots->generation has been incremented.
10572 * mmio generation may have reached its maximum value.
10574 kvm_mmu_invalidate_mmio_sptes(kvm, gen);
10576 /* Force re-initialization of steal_time cache */
10577 kvm_for_each_vcpu(i, vcpu, kvm)
10578 kvm_vcpu_kick(vcpu);
10581 int kvm_arch_prepare_memory_region(struct kvm *kvm,
10582 struct kvm_memory_slot *memslot,
10583 const struct kvm_userspace_memory_region *mem,
10584 enum kvm_mr_change change)
10586 if (change == KVM_MR_CREATE || change == KVM_MR_MOVE)
10587 return kvm_alloc_memslot_metadata(memslot,
10588 mem->memory_size >> PAGE_SHIFT);
10592 static void kvm_mmu_slot_apply_flags(struct kvm *kvm,
10593 struct kvm_memory_slot *old,
10594 struct kvm_memory_slot *new,
10595 enum kvm_mr_change change)
10598 * Nothing to do for RO slots or CREATE/MOVE/DELETE of a slot.
10599 * See comments below.
10601 if ((change != KVM_MR_FLAGS_ONLY) || (new->flags & KVM_MEM_READONLY))
10605 * Dirty logging tracks sptes in 4k granularity, meaning that large
10606 * sptes have to be split. If live migration is successful, the guest
10607 * in the source machine will be destroyed and large sptes will be
10608 * created in the destination. However, if the guest continues to run
10609 * in the source machine (for example if live migration fails), small
10610 * sptes will remain around and cause bad performance.
10612 * Scan sptes if dirty logging has been stopped, dropping those
10613 * which can be collapsed into a single large-page spte. Later
10614 * page faults will create the large-page sptes.
10616 * There is no need to do this in any of the following cases:
10617 * CREATE: No dirty mappings will already exist.
10618 * MOVE/DELETE: The old mappings will already have been cleaned up by
10619 * kvm_arch_flush_shadow_memslot()
10621 if ((old->flags & KVM_MEM_LOG_DIRTY_PAGES) &&
10622 !(new->flags & KVM_MEM_LOG_DIRTY_PAGES))
10623 kvm_mmu_zap_collapsible_sptes(kvm, new);
10626 * Enable or disable dirty logging for the slot.
10628 * For KVM_MR_DELETE and KVM_MR_MOVE, the shadow pages of the old
10629 * slot have been zapped so no dirty logging updates are needed for
10631 * For KVM_MR_CREATE and KVM_MR_MOVE, once the new slot is visible
10632 * any mappings that might be created in it will consume the
10633 * properties of the new slot and do not need to be updated here.
10635 * When PML is enabled, the kvm_x86_ops dirty logging hooks are
10636 * called to enable/disable dirty logging.
10638 * When disabling dirty logging with PML enabled, the D-bit is set
10639 * for sptes in the slot in order to prevent unnecessary GPA
10640 * logging in the PML buffer (and potential PML buffer full VMEXIT).
10641 * This guarantees leaving PML enabled for the guest's lifetime
10642 * won't have any additional overhead from PML when the guest is
10643 * running with dirty logging disabled.
10645 * When enabling dirty logging, large sptes are write-protected
10646 * so they can be split on first write. New large sptes cannot
10647 * be created for this slot until the end of the logging.
10648 * See the comments in fast_page_fault().
10649 * For small sptes, nothing is done if the dirty log is in the
10650 * initial-all-set state. Otherwise, depending on whether pml
10651 * is enabled the D-bit or the W-bit will be cleared.
10653 if (new->flags & KVM_MEM_LOG_DIRTY_PAGES) {
10654 if (kvm_x86_ops.slot_enable_log_dirty) {
10655 kvm_x86_ops.slot_enable_log_dirty(kvm, new);
10658 kvm_dirty_log_manual_protect_and_init_set(kvm) ?
10659 PG_LEVEL_2M : PG_LEVEL_4K;
10662 * If we're with initial-all-set, we don't need
10663 * to write protect any small page because
10664 * they're reported as dirty already. However
10665 * we still need to write-protect huge pages
10666 * so that the page split can happen lazily on
10667 * the first write to the huge page.
10669 kvm_mmu_slot_remove_write_access(kvm, new, level);
10672 if (kvm_x86_ops.slot_disable_log_dirty)
10673 kvm_x86_ops.slot_disable_log_dirty(kvm, new);
10677 void kvm_arch_commit_memory_region(struct kvm *kvm,
10678 const struct kvm_userspace_memory_region *mem,
10679 struct kvm_memory_slot *old,
10680 const struct kvm_memory_slot *new,
10681 enum kvm_mr_change change)
10683 if (!kvm->arch.n_requested_mmu_pages)
10684 kvm_mmu_change_mmu_pages(kvm,
10685 kvm_mmu_calculate_default_mmu_pages(kvm));
10688 * FIXME: const-ify all uses of struct kvm_memory_slot.
10690 kvm_mmu_slot_apply_flags(kvm, old, (struct kvm_memory_slot *) new, change);
10692 /* Free the arrays associated with the old memslot. */
10693 if (change == KVM_MR_MOVE)
10694 kvm_arch_free_memslot(kvm, old);
10697 void kvm_arch_flush_shadow_all(struct kvm *kvm)
10699 kvm_mmu_zap_all(kvm);
10702 void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
10703 struct kvm_memory_slot *slot)
10705 kvm_page_track_flush_slot(kvm, slot);
10708 static inline bool kvm_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
10710 return (is_guest_mode(vcpu) &&
10711 kvm_x86_ops.guest_apic_has_interrupt &&
10712 kvm_x86_ops.guest_apic_has_interrupt(vcpu));
10715 static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu)
10717 if (!list_empty_careful(&vcpu->async_pf.done))
10720 if (kvm_apic_has_events(vcpu))
10723 if (vcpu->arch.pv.pv_unhalted)
10726 if (vcpu->arch.exception.pending)
10729 if (kvm_test_request(KVM_REQ_NMI, vcpu) ||
10730 (vcpu->arch.nmi_pending &&
10731 kvm_x86_ops.nmi_allowed(vcpu, false)))
10734 if (kvm_test_request(KVM_REQ_SMI, vcpu) ||
10735 (vcpu->arch.smi_pending &&
10736 kvm_x86_ops.smi_allowed(vcpu, false)))
10739 if (kvm_arch_interrupt_allowed(vcpu) &&
10740 (kvm_cpu_has_interrupt(vcpu) ||
10741 kvm_guest_apic_has_interrupt(vcpu)))
10744 if (kvm_hv_has_stimer_pending(vcpu))
10747 if (is_guest_mode(vcpu) &&
10748 kvm_x86_ops.nested_ops->hv_timer_pending &&
10749 kvm_x86_ops.nested_ops->hv_timer_pending(vcpu))
10755 int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
10757 return kvm_vcpu_running(vcpu) || kvm_vcpu_has_events(vcpu);
10760 bool kvm_arch_dy_runnable(struct kvm_vcpu *vcpu)
10762 if (READ_ONCE(vcpu->arch.pv.pv_unhalted))
10765 if (kvm_test_request(KVM_REQ_NMI, vcpu) ||
10766 kvm_test_request(KVM_REQ_SMI, vcpu) ||
10767 kvm_test_request(KVM_REQ_EVENT, vcpu))
10770 if (vcpu->arch.apicv_active && kvm_x86_ops.dy_apicv_has_pending_interrupt(vcpu))
10776 bool kvm_arch_vcpu_in_kernel(struct kvm_vcpu *vcpu)
10778 return vcpu->arch.preempted_in_kernel;
10781 int kvm_arch_vcpu_should_kick(struct kvm_vcpu *vcpu)
10783 return kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE;
10786 int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu)
10788 return kvm_x86_ops.interrupt_allowed(vcpu, false);
10791 unsigned long kvm_get_linear_rip(struct kvm_vcpu *vcpu)
10793 /* Can't read the RIP when guest state is protected, just return 0 */
10794 if (vcpu->arch.guest_state_protected)
10797 if (is_64_bit_mode(vcpu))
10798 return kvm_rip_read(vcpu);
10799 return (u32)(get_segment_base(vcpu, VCPU_SREG_CS) +
10800 kvm_rip_read(vcpu));
10802 EXPORT_SYMBOL_GPL(kvm_get_linear_rip);
10804 bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip)
10806 return kvm_get_linear_rip(vcpu) == linear_rip;
10808 EXPORT_SYMBOL_GPL(kvm_is_linear_rip);
10810 unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu)
10812 unsigned long rflags;
10814 rflags = kvm_x86_ops.get_rflags(vcpu);
10815 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
10816 rflags &= ~X86_EFLAGS_TF;
10819 EXPORT_SYMBOL_GPL(kvm_get_rflags);
10821 static void __kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
10823 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP &&
10824 kvm_is_linear_rip(vcpu, vcpu->arch.singlestep_rip))
10825 rflags |= X86_EFLAGS_TF;
10826 kvm_x86_ops.set_rflags(vcpu, rflags);
10829 void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
10831 __kvm_set_rflags(vcpu, rflags);
10832 kvm_make_request(KVM_REQ_EVENT, vcpu);
10834 EXPORT_SYMBOL_GPL(kvm_set_rflags);
10836 void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
10840 if ((vcpu->arch.mmu->direct_map != work->arch.direct_map) ||
10844 r = kvm_mmu_reload(vcpu);
10848 if (!vcpu->arch.mmu->direct_map &&
10849 work->arch.cr3 != vcpu->arch.mmu->get_guest_pgd(vcpu))
10852 kvm_mmu_do_page_fault(vcpu, work->cr2_or_gpa, 0, true);
10855 static inline u32 kvm_async_pf_hash_fn(gfn_t gfn)
10857 BUILD_BUG_ON(!is_power_of_2(ASYNC_PF_PER_VCPU));
10859 return hash_32(gfn & 0xffffffff, order_base_2(ASYNC_PF_PER_VCPU));
10862 static inline u32 kvm_async_pf_next_probe(u32 key)
10864 return (key + 1) & (ASYNC_PF_PER_VCPU - 1);
10867 static void kvm_add_async_pf_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
10869 u32 key = kvm_async_pf_hash_fn(gfn);
10871 while (vcpu->arch.apf.gfns[key] != ~0)
10872 key = kvm_async_pf_next_probe(key);
10874 vcpu->arch.apf.gfns[key] = gfn;
10877 static u32 kvm_async_pf_gfn_slot(struct kvm_vcpu *vcpu, gfn_t gfn)
10880 u32 key = kvm_async_pf_hash_fn(gfn);
10882 for (i = 0; i < ASYNC_PF_PER_VCPU &&
10883 (vcpu->arch.apf.gfns[key] != gfn &&
10884 vcpu->arch.apf.gfns[key] != ~0); i++)
10885 key = kvm_async_pf_next_probe(key);
10890 bool kvm_find_async_pf_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
10892 return vcpu->arch.apf.gfns[kvm_async_pf_gfn_slot(vcpu, gfn)] == gfn;
10895 static void kvm_del_async_pf_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
10899 i = j = kvm_async_pf_gfn_slot(vcpu, gfn);
10901 if (WARN_ON_ONCE(vcpu->arch.apf.gfns[i] != gfn))
10905 vcpu->arch.apf.gfns[i] = ~0;
10907 j = kvm_async_pf_next_probe(j);
10908 if (vcpu->arch.apf.gfns[j] == ~0)
10910 k = kvm_async_pf_hash_fn(vcpu->arch.apf.gfns[j]);
10912 * k lies cyclically in ]i,j]
10914 * |....j i.k.| or |.k..j i...|
10916 } while ((i <= j) ? (i < k && k <= j) : (i < k || k <= j));
10917 vcpu->arch.apf.gfns[i] = vcpu->arch.apf.gfns[j];
10922 static inline int apf_put_user_notpresent(struct kvm_vcpu *vcpu)
10924 u32 reason = KVM_PV_REASON_PAGE_NOT_PRESENT;
10926 return kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.apf.data, &reason,
10930 static inline int apf_put_user_ready(struct kvm_vcpu *vcpu, u32 token)
10932 unsigned int offset = offsetof(struct kvm_vcpu_pv_apf_data, token);
10934 return kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.apf.data,
10935 &token, offset, sizeof(token));
10938 static inline bool apf_pageready_slot_free(struct kvm_vcpu *vcpu)
10940 unsigned int offset = offsetof(struct kvm_vcpu_pv_apf_data, token);
10943 if (kvm_read_guest_offset_cached(vcpu->kvm, &vcpu->arch.apf.data,
10944 &val, offset, sizeof(val)))
10950 static bool kvm_can_deliver_async_pf(struct kvm_vcpu *vcpu)
10952 if (!vcpu->arch.apf.delivery_as_pf_vmexit && is_guest_mode(vcpu))
10955 if (!kvm_pv_async_pf_enabled(vcpu) ||
10956 (vcpu->arch.apf.send_user_only && kvm_x86_ops.get_cpl(vcpu) == 0))
10962 bool kvm_can_do_async_pf(struct kvm_vcpu *vcpu)
10964 if (unlikely(!lapic_in_kernel(vcpu) ||
10965 kvm_event_needs_reinjection(vcpu) ||
10966 vcpu->arch.exception.pending))
10969 if (kvm_hlt_in_guest(vcpu->kvm) && !kvm_can_deliver_async_pf(vcpu))
10973 * If interrupts are off we cannot even use an artificial
10976 return kvm_arch_interrupt_allowed(vcpu);
10979 bool kvm_arch_async_page_not_present(struct kvm_vcpu *vcpu,
10980 struct kvm_async_pf *work)
10982 struct x86_exception fault;
10984 trace_kvm_async_pf_not_present(work->arch.token, work->cr2_or_gpa);
10985 kvm_add_async_pf_gfn(vcpu, work->arch.gfn);
10987 if (kvm_can_deliver_async_pf(vcpu) &&
10988 !apf_put_user_notpresent(vcpu)) {
10989 fault.vector = PF_VECTOR;
10990 fault.error_code_valid = true;
10991 fault.error_code = 0;
10992 fault.nested_page_fault = false;
10993 fault.address = work->arch.token;
10994 fault.async_page_fault = true;
10995 kvm_inject_page_fault(vcpu, &fault);
10999 * It is not possible to deliver a paravirtualized asynchronous
11000 * page fault, but putting the guest in an artificial halt state
11001 * can be beneficial nevertheless: if an interrupt arrives, we
11002 * can deliver it timely and perhaps the guest will schedule
11003 * another process. When the instruction that triggered a page
11004 * fault is retried, hopefully the page will be ready in the host.
11006 kvm_make_request(KVM_REQ_APF_HALT, vcpu);
11011 void kvm_arch_async_page_present(struct kvm_vcpu *vcpu,
11012 struct kvm_async_pf *work)
11014 struct kvm_lapic_irq irq = {
11015 .delivery_mode = APIC_DM_FIXED,
11016 .vector = vcpu->arch.apf.vec
11019 if (work->wakeup_all)
11020 work->arch.token = ~0; /* broadcast wakeup */
11022 kvm_del_async_pf_gfn(vcpu, work->arch.gfn);
11023 trace_kvm_async_pf_ready(work->arch.token, work->cr2_or_gpa);
11025 if ((work->wakeup_all || work->notpresent_injected) &&
11026 kvm_pv_async_pf_enabled(vcpu) &&
11027 !apf_put_user_ready(vcpu, work->arch.token)) {
11028 vcpu->arch.apf.pageready_pending = true;
11029 kvm_apic_set_irq(vcpu, &irq, NULL);
11032 vcpu->arch.apf.halted = false;
11033 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
11036 void kvm_arch_async_page_present_queued(struct kvm_vcpu *vcpu)
11038 kvm_make_request(KVM_REQ_APF_READY, vcpu);
11039 if (!vcpu->arch.apf.pageready_pending)
11040 kvm_vcpu_kick(vcpu);
11043 bool kvm_arch_can_dequeue_async_page_present(struct kvm_vcpu *vcpu)
11045 if (!kvm_pv_async_pf_enabled(vcpu))
11048 return apf_pageready_slot_free(vcpu);
11051 void kvm_arch_start_assignment(struct kvm *kvm)
11053 atomic_inc(&kvm->arch.assigned_device_count);
11055 EXPORT_SYMBOL_GPL(kvm_arch_start_assignment);
11057 void kvm_arch_end_assignment(struct kvm *kvm)
11059 atomic_dec(&kvm->arch.assigned_device_count);
11061 EXPORT_SYMBOL_GPL(kvm_arch_end_assignment);
11063 bool kvm_arch_has_assigned_device(struct kvm *kvm)
11065 return atomic_read(&kvm->arch.assigned_device_count);
11067 EXPORT_SYMBOL_GPL(kvm_arch_has_assigned_device);
11069 void kvm_arch_register_noncoherent_dma(struct kvm *kvm)
11071 atomic_inc(&kvm->arch.noncoherent_dma_count);
11073 EXPORT_SYMBOL_GPL(kvm_arch_register_noncoherent_dma);
11075 void kvm_arch_unregister_noncoherent_dma(struct kvm *kvm)
11077 atomic_dec(&kvm->arch.noncoherent_dma_count);
11079 EXPORT_SYMBOL_GPL(kvm_arch_unregister_noncoherent_dma);
11081 bool kvm_arch_has_noncoherent_dma(struct kvm *kvm)
11083 return atomic_read(&kvm->arch.noncoherent_dma_count);
11085 EXPORT_SYMBOL_GPL(kvm_arch_has_noncoherent_dma);
11087 bool kvm_arch_has_irq_bypass(void)
11092 int kvm_arch_irq_bypass_add_producer(struct irq_bypass_consumer *cons,
11093 struct irq_bypass_producer *prod)
11095 struct kvm_kernel_irqfd *irqfd =
11096 container_of(cons, struct kvm_kernel_irqfd, consumer);
11099 irqfd->producer = prod;
11100 kvm_arch_start_assignment(irqfd->kvm);
11101 ret = kvm_x86_ops.update_pi_irte(irqfd->kvm,
11102 prod->irq, irqfd->gsi, 1);
11105 kvm_arch_end_assignment(irqfd->kvm);
11110 void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons,
11111 struct irq_bypass_producer *prod)
11114 struct kvm_kernel_irqfd *irqfd =
11115 container_of(cons, struct kvm_kernel_irqfd, consumer);
11117 WARN_ON(irqfd->producer != prod);
11118 irqfd->producer = NULL;
11121 * When producer of consumer is unregistered, we change back to
11122 * remapped mode, so we can re-use the current implementation
11123 * when the irq is masked/disabled or the consumer side (KVM
11124 * int this case doesn't want to receive the interrupts.
11126 ret = kvm_x86_ops.update_pi_irte(irqfd->kvm, prod->irq, irqfd->gsi, 0);
11128 printk(KERN_INFO "irq bypass consumer (token %p) unregistration"
11129 " fails: %d\n", irqfd->consumer.token, ret);
11131 kvm_arch_end_assignment(irqfd->kvm);
11134 int kvm_arch_update_irqfd_routing(struct kvm *kvm, unsigned int host_irq,
11135 uint32_t guest_irq, bool set)
11137 return kvm_x86_ops.update_pi_irte(kvm, host_irq, guest_irq, set);
11140 bool kvm_vector_hashing_enabled(void)
11142 return vector_hashing;
11145 bool kvm_arch_no_poll(struct kvm_vcpu *vcpu)
11147 return (vcpu->arch.msr_kvm_poll_control & 1) == 0;
11149 EXPORT_SYMBOL_GPL(kvm_arch_no_poll);
11152 int kvm_spec_ctrl_test_value(u64 value)
11155 * test that setting IA32_SPEC_CTRL to given value
11156 * is allowed by the host processor
11160 unsigned long flags;
11163 local_irq_save(flags);
11165 if (rdmsrl_safe(MSR_IA32_SPEC_CTRL, &saved_value))
11167 else if (wrmsrl_safe(MSR_IA32_SPEC_CTRL, value))
11170 wrmsrl(MSR_IA32_SPEC_CTRL, saved_value);
11172 local_irq_restore(flags);
11176 EXPORT_SYMBOL_GPL(kvm_spec_ctrl_test_value);
11178 void kvm_fixup_and_inject_pf_error(struct kvm_vcpu *vcpu, gva_t gva, u16 error_code)
11180 struct x86_exception fault;
11181 u32 access = error_code &
11182 (PFERR_WRITE_MASK | PFERR_FETCH_MASK | PFERR_USER_MASK);
11184 if (!(error_code & PFERR_PRESENT_MASK) ||
11185 vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, &fault) != UNMAPPED_GVA) {
11187 * If vcpu->arch.walk_mmu->gva_to_gpa succeeded, the page
11188 * tables probably do not match the TLB. Just proceed
11189 * with the error code that the processor gave.
11191 fault.vector = PF_VECTOR;
11192 fault.error_code_valid = true;
11193 fault.error_code = error_code;
11194 fault.nested_page_fault = false;
11195 fault.address = gva;
11197 vcpu->arch.walk_mmu->inject_page_fault(vcpu, &fault);
11199 EXPORT_SYMBOL_GPL(kvm_fixup_and_inject_pf_error);
11202 * Handles kvm_read/write_guest_virt*() result and either injects #PF or returns
11203 * KVM_EXIT_INTERNAL_ERROR for cases not currently handled by KVM. Return value
11204 * indicates whether exit to userspace is needed.
11206 int kvm_handle_memory_failure(struct kvm_vcpu *vcpu, int r,
11207 struct x86_exception *e)
11209 if (r == X86EMUL_PROPAGATE_FAULT) {
11210 kvm_inject_emulated_page_fault(vcpu, e);
11215 * In case kvm_read/write_guest_virt*() failed with X86EMUL_IO_NEEDED
11216 * while handling a VMX instruction KVM could've handled the request
11217 * correctly by exiting to userspace and performing I/O but there
11218 * doesn't seem to be a real use-case behind such requests, just return
11219 * KVM_EXIT_INTERNAL_ERROR for now.
11221 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
11222 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
11223 vcpu->run->internal.ndata = 0;
11227 EXPORT_SYMBOL_GPL(kvm_handle_memory_failure);
11229 int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva)
11232 struct x86_exception e;
11234 unsigned long roots_to_free = 0;
11241 r = kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e);
11242 if (r != X86EMUL_CONTINUE)
11243 return kvm_handle_memory_failure(vcpu, r, &e);
11245 if (operand.pcid >> 12 != 0) {
11246 kvm_inject_gp(vcpu, 0);
11250 pcid_enabled = kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE);
11253 case INVPCID_TYPE_INDIV_ADDR:
11254 if ((!pcid_enabled && (operand.pcid != 0)) ||
11255 is_noncanonical_address(operand.gla, vcpu)) {
11256 kvm_inject_gp(vcpu, 0);
11259 kvm_mmu_invpcid_gva(vcpu, operand.gla, operand.pcid);
11260 return kvm_skip_emulated_instruction(vcpu);
11262 case INVPCID_TYPE_SINGLE_CTXT:
11263 if (!pcid_enabled && (operand.pcid != 0)) {
11264 kvm_inject_gp(vcpu, 0);
11268 if (kvm_get_active_pcid(vcpu) == operand.pcid) {
11269 kvm_mmu_sync_roots(vcpu);
11270 kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu);
11273 for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++)
11274 if (kvm_get_pcid(vcpu, vcpu->arch.mmu->prev_roots[i].pgd)
11276 roots_to_free |= KVM_MMU_ROOT_PREVIOUS(i);
11278 kvm_mmu_free_roots(vcpu, vcpu->arch.mmu, roots_to_free);
11280 * If neither the current cr3 nor any of the prev_roots use the
11281 * given PCID, then nothing needs to be done here because a
11282 * resync will happen anyway before switching to any other CR3.
11285 return kvm_skip_emulated_instruction(vcpu);
11287 case INVPCID_TYPE_ALL_NON_GLOBAL:
11289 * Currently, KVM doesn't mark global entries in the shadow
11290 * page tables, so a non-global flush just degenerates to a
11291 * global flush. If needed, we could optimize this later by
11292 * keeping track of global entries in shadow page tables.
11296 case INVPCID_TYPE_ALL_INCL_GLOBAL:
11297 kvm_mmu_unload(vcpu);
11298 return kvm_skip_emulated_instruction(vcpu);
11301 BUG(); /* We have already checked above that type <= 3 */
11304 EXPORT_SYMBOL_GPL(kvm_handle_invpcid);
11306 static int complete_sev_es_emulated_mmio(struct kvm_vcpu *vcpu)
11308 struct kvm_run *run = vcpu->run;
11309 struct kvm_mmio_fragment *frag;
11312 BUG_ON(!vcpu->mmio_needed);
11314 /* Complete previous fragment */
11315 frag = &vcpu->mmio_fragments[vcpu->mmio_cur_fragment];
11316 len = min(8u, frag->len);
11317 if (!vcpu->mmio_is_write)
11318 memcpy(frag->data, run->mmio.data, len);
11320 if (frag->len <= 8) {
11321 /* Switch to the next fragment. */
11323 vcpu->mmio_cur_fragment++;
11325 /* Go forward to the next mmio piece. */
11331 if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) {
11332 vcpu->mmio_needed = 0;
11334 // VMG change, at this point, we're always done
11335 // RIP has already been advanced
11339 // More MMIO is needed
11340 run->mmio.phys_addr = frag->gpa;
11341 run->mmio.len = min(8u, frag->len);
11342 run->mmio.is_write = vcpu->mmio_is_write;
11343 if (run->mmio.is_write)
11344 memcpy(run->mmio.data, frag->data, min(8u, frag->len));
11345 run->exit_reason = KVM_EXIT_MMIO;
11347 vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio;
11352 int kvm_sev_es_mmio_write(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes,
11356 struct kvm_mmio_fragment *frag;
11361 handled = write_emultor.read_write_mmio(vcpu, gpa, bytes, data);
11362 if (handled == bytes)
11369 /*TODO: Check if need to increment number of frags */
11370 frag = vcpu->mmio_fragments;
11371 vcpu->mmio_nr_fragments = 1;
11376 vcpu->mmio_needed = 1;
11377 vcpu->mmio_cur_fragment = 0;
11379 vcpu->run->mmio.phys_addr = gpa;
11380 vcpu->run->mmio.len = min(8u, frag->len);
11381 vcpu->run->mmio.is_write = 1;
11382 memcpy(vcpu->run->mmio.data, frag->data, min(8u, frag->len));
11383 vcpu->run->exit_reason = KVM_EXIT_MMIO;
11385 vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio;
11389 EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_write);
11391 int kvm_sev_es_mmio_read(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned int bytes,
11395 struct kvm_mmio_fragment *frag;
11400 handled = read_emultor.read_write_mmio(vcpu, gpa, bytes, data);
11401 if (handled == bytes)
11408 /*TODO: Check if need to increment number of frags */
11409 frag = vcpu->mmio_fragments;
11410 vcpu->mmio_nr_fragments = 1;
11415 vcpu->mmio_needed = 1;
11416 vcpu->mmio_cur_fragment = 0;
11418 vcpu->run->mmio.phys_addr = gpa;
11419 vcpu->run->mmio.len = min(8u, frag->len);
11420 vcpu->run->mmio.is_write = 0;
11421 vcpu->run->exit_reason = KVM_EXIT_MMIO;
11423 vcpu->arch.complete_userspace_io = complete_sev_es_emulated_mmio;
11427 EXPORT_SYMBOL_GPL(kvm_sev_es_mmio_read);
11429 static int complete_sev_es_emulated_ins(struct kvm_vcpu *vcpu)
11431 memcpy(vcpu->arch.guest_ins_data, vcpu->arch.pio_data,
11432 vcpu->arch.pio.count * vcpu->arch.pio.size);
11433 vcpu->arch.pio.count = 0;
11438 static int kvm_sev_es_outs(struct kvm_vcpu *vcpu, unsigned int size,
11439 unsigned int port, void *data, unsigned int count)
11443 ret = emulator_pio_out_emulated(vcpu->arch.emulate_ctxt, size, port,
11448 vcpu->arch.pio.count = 0;
11453 static int kvm_sev_es_ins(struct kvm_vcpu *vcpu, unsigned int size,
11454 unsigned int port, void *data, unsigned int count)
11458 ret = emulator_pio_in_emulated(vcpu->arch.emulate_ctxt, size, port,
11461 vcpu->arch.pio.count = 0;
11463 vcpu->arch.guest_ins_data = data;
11464 vcpu->arch.complete_userspace_io = complete_sev_es_emulated_ins;
11470 int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
11471 unsigned int port, void *data, unsigned int count,
11474 return in ? kvm_sev_es_ins(vcpu, size, port, data, count)
11475 : kvm_sev_es_outs(vcpu, size, port, data, count);
11477 EXPORT_SYMBOL_GPL(kvm_sev_es_string_io);
11479 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
11480 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio);
11481 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq);
11482 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_page_fault);
11483 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_msr);
11484 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_cr);
11485 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmrun);
11486 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit);
11487 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit_inject);
11488 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_intr_vmexit);
11489 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmenter_failed);
11490 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_invlpga);
11491 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_skinit);
11492 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_intercepts);
11493 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_write_tsc_offset);
11494 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_ple_window_update);
11495 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_pml_full);
11496 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_pi_irte_update);
11497 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_unaccelerated_access);
11498 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_incomplete_ipi);
11499 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_avic_ga_log);
11500 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_apicv_update_request);
11501 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_enter);
11502 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit);
11503 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_enter);
11504 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
projects / linux-2.6-microblaze.git / blob