2 * Kernel-based Virtual Machine driver for Linux
4 * derived from drivers/kvm/kvm_main.c
6 * Copyright (C) 2006 Qumranet, Inc.
7 * Copyright (C) 2008 Qumranet, Inc.
8 * Copyright IBM Corporation, 2008
9 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
12 * Avi Kivity <avi@qumranet.com>
13 * Yaniv Kamay <yaniv@qumranet.com>
14 * Amit Shah <amit.shah@qumranet.com>
15 * Ben-Ami Yassour <benami@il.ibm.com>
17 * This work is licensed under the terms of the GNU GPL, version 2. See
18 * the COPYING file in the top-level directory.
22 #include <linux/kvm_host.h>
27 #include "kvm_cache_regs.h"
31 #include <linux/clocksource.h>
32 #include <linux/interrupt.h>
33 #include <linux/kvm.h>
35 #include <linux/vmalloc.h>
36 #include <linux/module.h>
37 #include <linux/mman.h>
38 #include <linux/highmem.h>
39 #include <linux/iommu.h>
40 #include <linux/intel-iommu.h>
41 #include <linux/cpufreq.h>
42 #include <linux/user-return-notifier.h>
43 #include <linux/srcu.h>
44 #include <linux/slab.h>
45 #include <linux/perf_event.h>
46 #include <linux/uaccess.h>
47 #include <linux/hash.h>
48 #include <linux/pci.h>
49 #include <trace/events/kvm.h>
51 #define CREATE_TRACE_POINTS
54 #include <asm/debugreg.h>
60 #include <asm/fpu-internal.h> /* Ugh! */
62 #include <asm/pvclock.h>
63 #include <asm/div64.h>
65 #define MAX_IO_MSRS 256
66 #define KVM_MAX_MCE_BANKS 32
67 #define KVM_MCE_CAP_SUPPORTED (MCG_CTL_P | MCG_SER_P)
69 #define emul_to_vcpu(ctxt) \
70 container_of(ctxt, struct kvm_vcpu, arch.emulate_ctxt)
73 * - enable syscall per default because its emulated by KVM
74 * - enable LME and LMA per default on 64 bit KVM
78 u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
80 static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
83 #define VM_STAT(x) offsetof(struct kvm, stat.x), KVM_STAT_VM
84 #define VCPU_STAT(x) offsetof(struct kvm_vcpu, stat.x), KVM_STAT_VCPU
86 static void update_cr8_intercept(struct kvm_vcpu *vcpu);
87 static void process_nmi(struct kvm_vcpu *vcpu);
89 struct kvm_x86_ops *kvm_x86_ops;
90 EXPORT_SYMBOL_GPL(kvm_x86_ops);
92 static bool ignore_msrs = 0;
93 module_param(ignore_msrs, bool, S_IRUGO | S_IWUSR);
95 bool kvm_has_tsc_control;
96 EXPORT_SYMBOL_GPL(kvm_has_tsc_control);
97 u32 kvm_max_guest_tsc_khz;
98 EXPORT_SYMBOL_GPL(kvm_max_guest_tsc_khz);
100 /* tsc tolerance in parts per million - default to 1/2 of the NTP threshold */
101 static u32 tsc_tolerance_ppm = 250;
102 module_param(tsc_tolerance_ppm, uint, S_IRUGO | S_IWUSR);
104 #define KVM_NR_SHARED_MSRS 16
106 struct kvm_shared_msrs_global {
108 u32 msrs[KVM_NR_SHARED_MSRS];
111 struct kvm_shared_msrs {
112 struct user_return_notifier urn;
114 struct kvm_shared_msr_values {
117 } values[KVM_NR_SHARED_MSRS];
120 static struct kvm_shared_msrs_global __read_mostly shared_msrs_global;
121 static DEFINE_PER_CPU(struct kvm_shared_msrs, shared_msrs);
123 struct kvm_stats_debugfs_item debugfs_entries[] = {
124 { "pf_fixed", VCPU_STAT(pf_fixed) },
125 { "pf_guest", VCPU_STAT(pf_guest) },
126 { "tlb_flush", VCPU_STAT(tlb_flush) },
127 { "invlpg", VCPU_STAT(invlpg) },
128 { "exits", VCPU_STAT(exits) },
129 { "io_exits", VCPU_STAT(io_exits) },
130 { "mmio_exits", VCPU_STAT(mmio_exits) },
131 { "signal_exits", VCPU_STAT(signal_exits) },
132 { "irq_window", VCPU_STAT(irq_window_exits) },
133 { "nmi_window", VCPU_STAT(nmi_window_exits) },
134 { "halt_exits", VCPU_STAT(halt_exits) },
135 { "halt_wakeup", VCPU_STAT(halt_wakeup) },
136 { "hypercalls", VCPU_STAT(hypercalls) },
137 { "request_irq", VCPU_STAT(request_irq_exits) },
138 { "irq_exits", VCPU_STAT(irq_exits) },
139 { "host_state_reload", VCPU_STAT(host_state_reload) },
140 { "efer_reload", VCPU_STAT(efer_reload) },
141 { "fpu_reload", VCPU_STAT(fpu_reload) },
142 { "insn_emulation", VCPU_STAT(insn_emulation) },
143 { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
144 { "irq_injections", VCPU_STAT(irq_injections) },
145 { "nmi_injections", VCPU_STAT(nmi_injections) },
146 { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
147 { "mmu_pte_write", VM_STAT(mmu_pte_write) },
148 { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
149 { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
150 { "mmu_flooded", VM_STAT(mmu_flooded) },
151 { "mmu_recycled", VM_STAT(mmu_recycled) },
152 { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
153 { "mmu_unsync", VM_STAT(mmu_unsync) },
154 { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
155 { "largepages", VM_STAT(lpages) },
159 u64 __read_mostly host_xcr0;
161 int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);
163 static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
166 for (i = 0; i < roundup_pow_of_two(ASYNC_PF_PER_VCPU); i++)
167 vcpu->arch.apf.gfns[i] = ~0;
170 static void kvm_on_user_return(struct user_return_notifier *urn)
173 struct kvm_shared_msrs *locals
174 = container_of(urn, struct kvm_shared_msrs, urn);
175 struct kvm_shared_msr_values *values;
177 for (slot = 0; slot < shared_msrs_global.nr; ++slot) {
178 values = &locals->values[slot];
179 if (values->host != values->curr) {
180 wrmsrl(shared_msrs_global.msrs[slot], values->host);
181 values->curr = values->host;
184 locals->registered = false;
185 user_return_notifier_unregister(urn);
188 static void shared_msr_update(unsigned slot, u32 msr)
190 struct kvm_shared_msrs *smsr;
193 smsr = &__get_cpu_var(shared_msrs);
194 /* only read, and nobody should modify it at this time,
195 * so don't need lock */
196 if (slot >= shared_msrs_global.nr) {
197 printk(KERN_ERR "kvm: invalid MSR slot!");
200 rdmsrl_safe(msr, &value);
201 smsr->values[slot].host = value;
202 smsr->values[slot].curr = value;
205 void kvm_define_shared_msr(unsigned slot, u32 msr)
207 if (slot >= shared_msrs_global.nr)
208 shared_msrs_global.nr = slot + 1;
209 shared_msrs_global.msrs[slot] = msr;
210 /* we need ensured the shared_msr_global have been updated */
213 EXPORT_SYMBOL_GPL(kvm_define_shared_msr);
215 static void kvm_shared_msr_cpu_online(void)
219 for (i = 0; i < shared_msrs_global.nr; ++i)
220 shared_msr_update(i, shared_msrs_global.msrs[i]);
223 void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
225 struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
227 if (((value ^ smsr->values[slot].curr) & mask) == 0)
229 smsr->values[slot].curr = value;
230 wrmsrl(shared_msrs_global.msrs[slot], value);
231 if (!smsr->registered) {
232 smsr->urn.on_user_return = kvm_on_user_return;
233 user_return_notifier_register(&smsr->urn);
234 smsr->registered = true;
237 EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
239 static void drop_user_return_notifiers(void *ignore)
241 struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
243 if (smsr->registered)
244 kvm_on_user_return(&smsr->urn);
247 u64 kvm_get_apic_base(struct kvm_vcpu *vcpu)
249 return vcpu->arch.apic_base;
251 EXPORT_SYMBOL_GPL(kvm_get_apic_base);
253 void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data)
255 /* TODO: reserve bits check */
256 kvm_lapic_set_base(vcpu, data);
258 EXPORT_SYMBOL_GPL(kvm_set_apic_base);
260 #define EXCPT_BENIGN 0
261 #define EXCPT_CONTRIBUTORY 1
264 static int exception_class(int vector)
274 return EXCPT_CONTRIBUTORY;
281 static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
282 unsigned nr, bool has_error, u32 error_code,
288 kvm_make_request(KVM_REQ_EVENT, vcpu);
290 if (!vcpu->arch.exception.pending) {
292 vcpu->arch.exception.pending = true;
293 vcpu->arch.exception.has_error_code = has_error;
294 vcpu->arch.exception.nr = nr;
295 vcpu->arch.exception.error_code = error_code;
296 vcpu->arch.exception.reinject = reinject;
300 /* to check exception */
301 prev_nr = vcpu->arch.exception.nr;
302 if (prev_nr == DF_VECTOR) {
303 /* triple fault -> shutdown */
304 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
307 class1 = exception_class(prev_nr);
308 class2 = exception_class(nr);
309 if ((class1 == EXCPT_CONTRIBUTORY && class2 == EXCPT_CONTRIBUTORY)
310 || (class1 == EXCPT_PF && class2 != EXCPT_BENIGN)) {
311 /* generate double fault per SDM Table 5-5 */
312 vcpu->arch.exception.pending = true;
313 vcpu->arch.exception.has_error_code = true;
314 vcpu->arch.exception.nr = DF_VECTOR;
315 vcpu->arch.exception.error_code = 0;
317 /* replace previous exception with a new one in a hope
318 that instruction re-execution will regenerate lost
323 void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr)
325 kvm_multiple_exception(vcpu, nr, false, 0, false);
327 EXPORT_SYMBOL_GPL(kvm_queue_exception);
329 void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr)
331 kvm_multiple_exception(vcpu, nr, false, 0, true);
333 EXPORT_SYMBOL_GPL(kvm_requeue_exception);
335 void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err)
338 kvm_inject_gp(vcpu, 0);
340 kvm_x86_ops->skip_emulated_instruction(vcpu);
342 EXPORT_SYMBOL_GPL(kvm_complete_insn_gp);
344 void kvm_inject_page_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault)
346 ++vcpu->stat.pf_guest;
347 vcpu->arch.cr2 = fault->address;
348 kvm_queue_exception_e(vcpu, PF_VECTOR, fault->error_code);
350 EXPORT_SYMBOL_GPL(kvm_inject_page_fault);
352 void kvm_propagate_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault)
354 if (mmu_is_nested(vcpu) && !fault->nested_page_fault)
355 vcpu->arch.nested_mmu.inject_page_fault(vcpu, fault);
357 vcpu->arch.mmu.inject_page_fault(vcpu, fault);
360 void kvm_inject_nmi(struct kvm_vcpu *vcpu)
362 atomic_inc(&vcpu->arch.nmi_queued);
363 kvm_make_request(KVM_REQ_NMI, vcpu);
365 EXPORT_SYMBOL_GPL(kvm_inject_nmi);
367 void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
369 kvm_multiple_exception(vcpu, nr, true, error_code, false);
371 EXPORT_SYMBOL_GPL(kvm_queue_exception_e);
373 void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
375 kvm_multiple_exception(vcpu, nr, true, error_code, true);
377 EXPORT_SYMBOL_GPL(kvm_requeue_exception_e);
380 * Checks if cpl <= required_cpl; if true, return true. Otherwise queue
381 * a #GP and return false.
383 bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
385 if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl)
387 kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
390 EXPORT_SYMBOL_GPL(kvm_require_cpl);
393 * This function will be used to read from the physical memory of the currently
394 * running guest. The difference to kvm_read_guest_page is that this function
395 * can read from guest physical or from the guest's guest physical memory.
397 int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
398 gfn_t ngfn, void *data, int offset, int len,
404 ngpa = gfn_to_gpa(ngfn);
405 real_gfn = mmu->translate_gpa(vcpu, ngpa, access);
406 if (real_gfn == UNMAPPED_GVA)
409 real_gfn = gpa_to_gfn(real_gfn);
411 return kvm_read_guest_page(vcpu->kvm, real_gfn, data, offset, len);
413 EXPORT_SYMBOL_GPL(kvm_read_guest_page_mmu);
415 int kvm_read_nested_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn,
416 void *data, int offset, int len, u32 access)
418 return kvm_read_guest_page_mmu(vcpu, vcpu->arch.walk_mmu, gfn,
419 data, offset, len, access);
423 * Load the pae pdptrs. Return true is they are all valid.
425 int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
427 gfn_t pdpt_gfn = cr3 >> PAGE_SHIFT;
428 unsigned offset = ((cr3 & (PAGE_SIZE-1)) >> 5) << 2;
431 u64 pdpte[ARRAY_SIZE(mmu->pdptrs)];
433 ret = kvm_read_guest_page_mmu(vcpu, mmu, pdpt_gfn, pdpte,
434 offset * sizeof(u64), sizeof(pdpte),
435 PFERR_USER_MASK|PFERR_WRITE_MASK);
440 for (i = 0; i < ARRAY_SIZE(pdpte); ++i) {
441 if (is_present_gpte(pdpte[i]) &&
442 (pdpte[i] & vcpu->arch.mmu.rsvd_bits_mask[0][2])) {
449 memcpy(mmu->pdptrs, pdpte, sizeof(mmu->pdptrs));
450 __set_bit(VCPU_EXREG_PDPTR,
451 (unsigned long *)&vcpu->arch.regs_avail);
452 __set_bit(VCPU_EXREG_PDPTR,
453 (unsigned long *)&vcpu->arch.regs_dirty);
458 EXPORT_SYMBOL_GPL(load_pdptrs);
460 static bool pdptrs_changed(struct kvm_vcpu *vcpu)
462 u64 pdpte[ARRAY_SIZE(vcpu->arch.walk_mmu->pdptrs)];
468 if (is_long_mode(vcpu) || !is_pae(vcpu))
471 if (!test_bit(VCPU_EXREG_PDPTR,
472 (unsigned long *)&vcpu->arch.regs_avail))
475 gfn = (kvm_read_cr3(vcpu) & ~31u) >> PAGE_SHIFT;
476 offset = (kvm_read_cr3(vcpu) & ~31u) & (PAGE_SIZE - 1);
477 r = kvm_read_nested_guest_page(vcpu, gfn, pdpte, offset, sizeof(pdpte),
478 PFERR_USER_MASK | PFERR_WRITE_MASK);
481 changed = memcmp(pdpte, vcpu->arch.walk_mmu->pdptrs, sizeof(pdpte)) != 0;
487 int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
489 unsigned long old_cr0 = kvm_read_cr0(vcpu);
490 unsigned long update_bits = X86_CR0_PG | X86_CR0_WP |
491 X86_CR0_CD | X86_CR0_NW;
496 if (cr0 & 0xffffffff00000000UL)
500 cr0 &= ~CR0_RESERVED_BITS;
502 if ((cr0 & X86_CR0_NW) && !(cr0 & X86_CR0_CD))
505 if ((cr0 & X86_CR0_PG) && !(cr0 & X86_CR0_PE))
508 if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
510 if ((vcpu->arch.efer & EFER_LME)) {
515 kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
520 if (is_pae(vcpu) && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
525 if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE))
528 kvm_x86_ops->set_cr0(vcpu, cr0);
530 if ((cr0 ^ old_cr0) & X86_CR0_PG) {
531 kvm_clear_async_pf_completion_queue(vcpu);
532 kvm_async_pf_hash_reset(vcpu);
535 if ((cr0 ^ old_cr0) & update_bits)
536 kvm_mmu_reset_context(vcpu);
539 EXPORT_SYMBOL_GPL(kvm_set_cr0);
541 void kvm_lmsw(struct kvm_vcpu *vcpu, unsigned long msw)
543 (void)kvm_set_cr0(vcpu, kvm_read_cr0_bits(vcpu, ~0x0eul) | (msw & 0x0f));
545 EXPORT_SYMBOL_GPL(kvm_lmsw);
547 int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
551 /* Only support XCR_XFEATURE_ENABLED_MASK(xcr0) now */
552 if (index != XCR_XFEATURE_ENABLED_MASK)
555 if (kvm_x86_ops->get_cpl(vcpu) != 0)
557 if (!(xcr0 & XSTATE_FP))
559 if ((xcr0 & XSTATE_YMM) && !(xcr0 & XSTATE_SSE))
561 if (xcr0 & ~host_xcr0)
563 vcpu->arch.xcr0 = xcr0;
564 vcpu->guest_xcr0_loaded = 0;
568 int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
570 if (__kvm_set_xcr(vcpu, index, xcr)) {
571 kvm_inject_gp(vcpu, 0);
576 EXPORT_SYMBOL_GPL(kvm_set_xcr);
578 int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
580 unsigned long old_cr4 = kvm_read_cr4(vcpu);
581 unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE |
582 X86_CR4_PAE | X86_CR4_SMEP;
583 if (cr4 & CR4_RESERVED_BITS)
586 if (!guest_cpuid_has_xsave(vcpu) && (cr4 & X86_CR4_OSXSAVE))
589 if (!guest_cpuid_has_smep(vcpu) && (cr4 & X86_CR4_SMEP))
592 if (!guest_cpuid_has_fsgsbase(vcpu) && (cr4 & X86_CR4_RDWRGSFS))
595 if (is_long_mode(vcpu)) {
596 if (!(cr4 & X86_CR4_PAE))
598 } else if (is_paging(vcpu) && (cr4 & X86_CR4_PAE)
599 && ((cr4 ^ old_cr4) & pdptr_bits)
600 && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
604 if ((cr4 & X86_CR4_PCIDE) && !(old_cr4 & X86_CR4_PCIDE)) {
605 if (!guest_cpuid_has_pcid(vcpu))
608 /* PCID can not be enabled when cr3[11:0]!=000H or EFER.LMA=0 */
609 if ((kvm_read_cr3(vcpu) & X86_CR3_PCID_MASK) || !is_long_mode(vcpu))
613 if (kvm_x86_ops->set_cr4(vcpu, cr4))
616 if (((cr4 ^ old_cr4) & pdptr_bits) ||
617 (!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE)))
618 kvm_mmu_reset_context(vcpu);
620 if ((cr4 ^ old_cr4) & X86_CR4_OSXSAVE)
621 kvm_update_cpuid(vcpu);
625 EXPORT_SYMBOL_GPL(kvm_set_cr4);
627 int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
629 if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) {
630 kvm_mmu_sync_roots(vcpu);
631 kvm_mmu_flush_tlb(vcpu);
635 if (is_long_mode(vcpu)) {
636 if (kvm_read_cr4(vcpu) & X86_CR4_PCIDE) {
637 if (cr3 & CR3_PCID_ENABLED_RESERVED_BITS)
640 if (cr3 & CR3_L_MODE_RESERVED_BITS)
644 if (cr3 & CR3_PAE_RESERVED_BITS)
646 if (is_paging(vcpu) &&
647 !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
651 * We don't check reserved bits in nonpae mode, because
652 * this isn't enforced, and VMware depends on this.
657 * Does the new cr3 value map to physical memory? (Note, we
658 * catch an invalid cr3 even in real-mode, because it would
659 * cause trouble later on when we turn on paging anyway.)
661 * A real CPU would silently accept an invalid cr3 and would
662 * attempt to use it - with largely undefined (and often hard
663 * to debug) behavior on the guest side.
665 if (unlikely(!gfn_to_memslot(vcpu->kvm, cr3 >> PAGE_SHIFT)))
667 vcpu->arch.cr3 = cr3;
668 __set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
669 vcpu->arch.mmu.new_cr3(vcpu);
672 EXPORT_SYMBOL_GPL(kvm_set_cr3);
674 int kvm_set_cr8(struct kvm_vcpu *vcpu, unsigned long cr8)
676 if (cr8 & CR8_RESERVED_BITS)
678 if (irqchip_in_kernel(vcpu->kvm))
679 kvm_lapic_set_tpr(vcpu, cr8);
681 vcpu->arch.cr8 = cr8;
684 EXPORT_SYMBOL_GPL(kvm_set_cr8);
686 unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu)
688 if (irqchip_in_kernel(vcpu->kvm))
689 return kvm_lapic_get_cr8(vcpu);
691 return vcpu->arch.cr8;
693 EXPORT_SYMBOL_GPL(kvm_get_cr8);
695 static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
699 vcpu->arch.db[dr] = val;
700 if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP))
701 vcpu->arch.eff_db[dr] = val;
704 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
708 if (val & 0xffffffff00000000ULL)
710 vcpu->arch.dr6 = (val & DR6_VOLATILE) | DR6_FIXED_1;
713 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
717 if (val & 0xffffffff00000000ULL)
719 vcpu->arch.dr7 = (val & DR7_VOLATILE) | DR7_FIXED_1;
720 if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)) {
721 kvm_x86_ops->set_dr7(vcpu, vcpu->arch.dr7);
722 vcpu->arch.switch_db_regs = (val & DR7_BP_EN_MASK);
730 int kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
734 res = __kvm_set_dr(vcpu, dr, val);
736 kvm_queue_exception(vcpu, UD_VECTOR);
738 kvm_inject_gp(vcpu, 0);
742 EXPORT_SYMBOL_GPL(kvm_set_dr);
744 static int _kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
748 *val = vcpu->arch.db[dr];
751 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
755 *val = vcpu->arch.dr6;
758 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
762 *val = vcpu->arch.dr7;
769 int kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
771 if (_kvm_get_dr(vcpu, dr, val)) {
772 kvm_queue_exception(vcpu, UD_VECTOR);
777 EXPORT_SYMBOL_GPL(kvm_get_dr);
779 bool kvm_rdpmc(struct kvm_vcpu *vcpu)
781 u32 ecx = kvm_register_read(vcpu, VCPU_REGS_RCX);
785 err = kvm_pmu_read_pmc(vcpu, ecx, &data);
788 kvm_register_write(vcpu, VCPU_REGS_RAX, (u32)data);
789 kvm_register_write(vcpu, VCPU_REGS_RDX, data >> 32);
792 EXPORT_SYMBOL_GPL(kvm_rdpmc);
795 * List of msr numbers which we expose to userspace through KVM_GET_MSRS
796 * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST.
798 * This list is modified at module load time to reflect the
799 * capabilities of the host cpu. This capabilities test skips MSRs that are
800 * kvm-specific. Those are put in the beginning of the list.
803 #define KVM_SAVE_MSRS_BEGIN 10
804 static u32 msrs_to_save[] = {
805 MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
806 MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW,
807 HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL,
808 HV_X64_MSR_APIC_ASSIST_PAGE, MSR_KVM_ASYNC_PF_EN, MSR_KVM_STEAL_TIME,
810 MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
813 MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
815 MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA
818 static unsigned num_msrs_to_save;
820 static u32 emulated_msrs[] = {
821 MSR_IA32_TSCDEADLINE,
822 MSR_IA32_MISC_ENABLE,
827 static int set_efer(struct kvm_vcpu *vcpu, u64 efer)
829 u64 old_efer = vcpu->arch.efer;
831 if (efer & efer_reserved_bits)
835 && (vcpu->arch.efer & EFER_LME) != (efer & EFER_LME))
838 if (efer & EFER_FFXSR) {
839 struct kvm_cpuid_entry2 *feat;
841 feat = kvm_find_cpuid_entry(vcpu, 0x80000001, 0);
842 if (!feat || !(feat->edx & bit(X86_FEATURE_FXSR_OPT)))
846 if (efer & EFER_SVME) {
847 struct kvm_cpuid_entry2 *feat;
849 feat = kvm_find_cpuid_entry(vcpu, 0x80000001, 0);
850 if (!feat || !(feat->ecx & bit(X86_FEATURE_SVM)))
855 efer |= vcpu->arch.efer & EFER_LMA;
857 kvm_x86_ops->set_efer(vcpu, efer);
859 vcpu->arch.mmu.base_role.nxe = (efer & EFER_NX) && !tdp_enabled;
861 /* Update reserved bits */
862 if ((efer ^ old_efer) & EFER_NX)
863 kvm_mmu_reset_context(vcpu);
868 void kvm_enable_efer_bits(u64 mask)
870 efer_reserved_bits &= ~mask;
872 EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
876 * Writes msr value into into the appropriate "register".
877 * Returns 0 on success, non-0 otherwise.
878 * Assumes vcpu_load() was already called.
880 int kvm_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
882 return kvm_x86_ops->set_msr(vcpu, msr_index, data);
886 * Adapt set_msr() to msr_io()'s calling convention
888 static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
890 return kvm_set_msr(vcpu, index, *data);
893 static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
897 struct pvclock_wall_clock wc;
898 struct timespec boot;
903 r = kvm_read_guest(kvm, wall_clock, &version, sizeof(version));
908 ++version; /* first time write, random junk */
912 kvm_write_guest(kvm, wall_clock, &version, sizeof(version));
915 * The guest calculates current wall clock time by adding
916 * system time (updated by kvm_guest_time_update below) to the
917 * wall clock specified here. guest system time equals host
918 * system time for us, thus we must fill in host boot time here.
922 if (kvm->arch.kvmclock_offset) {
923 struct timespec ts = ns_to_timespec(kvm->arch.kvmclock_offset);
924 boot = timespec_sub(boot, ts);
926 wc.sec = boot.tv_sec;
927 wc.nsec = boot.tv_nsec;
928 wc.version = version;
930 kvm_write_guest(kvm, wall_clock, &wc, sizeof(wc));
933 kvm_write_guest(kvm, wall_clock, &version, sizeof(version));
936 static uint32_t div_frac(uint32_t dividend, uint32_t divisor)
938 uint32_t quotient, remainder;
940 /* Don't try to replace with do_div(), this one calculates
941 * "(dividend << 32) / divisor" */
943 : "=a" (quotient), "=d" (remainder)
944 : "0" (0), "1" (dividend), "r" (divisor) );
948 static void kvm_get_time_scale(uint32_t scaled_khz, uint32_t base_khz,
949 s8 *pshift, u32 *pmultiplier)
956 tps64 = base_khz * 1000LL;
957 scaled64 = scaled_khz * 1000LL;
958 while (tps64 > scaled64*2 || tps64 & 0xffffffff00000000ULL) {
963 tps32 = (uint32_t)tps64;
964 while (tps32 <= scaled64 || scaled64 & 0xffffffff00000000ULL) {
965 if (scaled64 & 0xffffffff00000000ULL || tps32 & 0x80000000)
973 *pmultiplier = div_frac(scaled64, tps32);
975 pr_debug("%s: base_khz %u => %u, shift %d, mul %u\n",
976 __func__, base_khz, scaled_khz, shift, *pmultiplier);
979 static inline u64 get_kernel_ns(void)
983 WARN_ON(preemptible());
985 monotonic_to_bootbased(&ts);
986 return timespec_to_ns(&ts);
989 static DEFINE_PER_CPU(unsigned long, cpu_tsc_khz);
990 unsigned long max_tsc_khz;
992 static inline u64 nsec_to_cycles(struct kvm_vcpu *vcpu, u64 nsec)
994 return pvclock_scale_delta(nsec, vcpu->arch.virtual_tsc_mult,
995 vcpu->arch.virtual_tsc_shift);
998 static u32 adjust_tsc_khz(u32 khz, s32 ppm)
1000 u64 v = (u64)khz * (1000000 + ppm);
1005 static void kvm_set_tsc_khz(struct kvm_vcpu *vcpu, u32 this_tsc_khz)
1007 u32 thresh_lo, thresh_hi;
1008 int use_scaling = 0;
1010 /* Compute a scale to convert nanoseconds in TSC cycles */
1011 kvm_get_time_scale(this_tsc_khz, NSEC_PER_SEC / 1000,
1012 &vcpu->arch.virtual_tsc_shift,
1013 &vcpu->arch.virtual_tsc_mult);
1014 vcpu->arch.virtual_tsc_khz = this_tsc_khz;
1017 * Compute the variation in TSC rate which is acceptable
1018 * within the range of tolerance and decide if the
1019 * rate being applied is within that bounds of the hardware
1020 * rate. If so, no scaling or compensation need be done.
1022 thresh_lo = adjust_tsc_khz(tsc_khz, -tsc_tolerance_ppm);
1023 thresh_hi = adjust_tsc_khz(tsc_khz, tsc_tolerance_ppm);
1024 if (this_tsc_khz < thresh_lo || this_tsc_khz > thresh_hi) {
1025 pr_debug("kvm: requested TSC rate %u falls outside tolerance [%u,%u]\n", this_tsc_khz, thresh_lo, thresh_hi);
1028 kvm_x86_ops->set_tsc_khz(vcpu, this_tsc_khz, use_scaling);
1031 static u64 compute_guest_tsc(struct kvm_vcpu *vcpu, s64 kernel_ns)
1033 u64 tsc = pvclock_scale_delta(kernel_ns-vcpu->arch.this_tsc_nsec,
1034 vcpu->arch.virtual_tsc_mult,
1035 vcpu->arch.virtual_tsc_shift);
1036 tsc += vcpu->arch.this_tsc_write;
1040 void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data)
1042 struct kvm *kvm = vcpu->kvm;
1043 u64 offset, ns, elapsed;
1044 unsigned long flags;
1047 raw_spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
1048 offset = kvm_x86_ops->compute_tsc_offset(vcpu, data);
1049 ns = get_kernel_ns();
1050 elapsed = ns - kvm->arch.last_tsc_nsec;
1052 /* n.b - signed multiplication and division required */
1053 usdiff = data - kvm->arch.last_tsc_write;
1054 #ifdef CONFIG_X86_64
1055 usdiff = (usdiff * 1000) / vcpu->arch.virtual_tsc_khz;
1057 /* do_div() only does unsigned */
1058 asm("idivl %2; xor %%edx, %%edx"
1060 : "A"(usdiff * 1000), "rm"(vcpu->arch.virtual_tsc_khz));
1062 do_div(elapsed, 1000);
1068 * Special case: TSC write with a small delta (1 second) of virtual
1069 * cycle time against real time is interpreted as an attempt to
1070 * synchronize the CPU.
1072 * For a reliable TSC, we can match TSC offsets, and for an unstable
1073 * TSC, we add elapsed time in this computation. We could let the
1074 * compensation code attempt to catch up if we fall behind, but
1075 * it's better to try to match offsets from the beginning.
1077 if (usdiff < USEC_PER_SEC &&
1078 vcpu->arch.virtual_tsc_khz == kvm->arch.last_tsc_khz) {
1079 if (!check_tsc_unstable()) {
1080 offset = kvm->arch.cur_tsc_offset;
1081 pr_debug("kvm: matched tsc offset for %llu\n", data);
1083 u64 delta = nsec_to_cycles(vcpu, elapsed);
1085 offset = kvm_x86_ops->compute_tsc_offset(vcpu, data);
1086 pr_debug("kvm: adjusted tsc offset by %llu\n", delta);
1090 * We split periods of matched TSC writes into generations.
1091 * For each generation, we track the original measured
1092 * nanosecond time, offset, and write, so if TSCs are in
1093 * sync, we can match exact offset, and if not, we can match
1094 * exact software computation in compute_guest_tsc()
1096 * These values are tracked in kvm->arch.cur_xxx variables.
1098 kvm->arch.cur_tsc_generation++;
1099 kvm->arch.cur_tsc_nsec = ns;
1100 kvm->arch.cur_tsc_write = data;
1101 kvm->arch.cur_tsc_offset = offset;
1102 pr_debug("kvm: new tsc generation %u, clock %llu\n",
1103 kvm->arch.cur_tsc_generation, data);
1107 * We also track th most recent recorded KHZ, write and time to
1108 * allow the matching interval to be extended at each write.
1110 kvm->arch.last_tsc_nsec = ns;
1111 kvm->arch.last_tsc_write = data;
1112 kvm->arch.last_tsc_khz = vcpu->arch.virtual_tsc_khz;
1114 /* Reset of TSC must disable overshoot protection below */
1115 vcpu->arch.hv_clock.tsc_timestamp = 0;
1116 vcpu->arch.last_guest_tsc = data;
1118 /* Keep track of which generation this VCPU has synchronized to */
1119 vcpu->arch.this_tsc_generation = kvm->arch.cur_tsc_generation;
1120 vcpu->arch.this_tsc_nsec = kvm->arch.cur_tsc_nsec;
1121 vcpu->arch.this_tsc_write = kvm->arch.cur_tsc_write;
1123 kvm_x86_ops->write_tsc_offset(vcpu, offset);
1124 raw_spin_unlock_irqrestore(&kvm->arch.tsc_write_lock, flags);
1127 EXPORT_SYMBOL_GPL(kvm_write_tsc);
1129 static int kvm_guest_time_update(struct kvm_vcpu *v)
1131 unsigned long flags;
1132 struct kvm_vcpu_arch *vcpu = &v->arch;
1134 unsigned long this_tsc_khz;
1135 s64 kernel_ns, max_kernel_ns;
1138 /* Keep irq disabled to prevent changes to the clock */
1139 local_irq_save(flags);
1140 tsc_timestamp = kvm_x86_ops->read_l1_tsc(v);
1141 kernel_ns = get_kernel_ns();
1142 this_tsc_khz = __get_cpu_var(cpu_tsc_khz);
1143 if (unlikely(this_tsc_khz == 0)) {
1144 local_irq_restore(flags);
1145 kvm_make_request(KVM_REQ_CLOCK_UPDATE, v);
1150 * We may have to catch up the TSC to match elapsed wall clock
1151 * time for two reasons, even if kvmclock is used.
1152 * 1) CPU could have been running below the maximum TSC rate
1153 * 2) Broken TSC compensation resets the base at each VCPU
1154 * entry to avoid unknown leaps of TSC even when running
1155 * again on the same CPU. This may cause apparent elapsed
1156 * time to disappear, and the guest to stand still or run
1159 if (vcpu->tsc_catchup) {
1160 u64 tsc = compute_guest_tsc(v, kernel_ns);
1161 if (tsc > tsc_timestamp) {
1162 adjust_tsc_offset_guest(v, tsc - tsc_timestamp);
1163 tsc_timestamp = tsc;
1167 local_irq_restore(flags);
1169 if (!vcpu->time_page)
1173 * Time as measured by the TSC may go backwards when resetting the base
1174 * tsc_timestamp. The reason for this is that the TSC resolution is
1175 * higher than the resolution of the other clock scales. Thus, many
1176 * possible measurments of the TSC correspond to one measurement of any
1177 * other clock, and so a spread of values is possible. This is not a
1178 * problem for the computation of the nanosecond clock; with TSC rates
1179 * around 1GHZ, there can only be a few cycles which correspond to one
1180 * nanosecond value, and any path through this code will inevitably
1181 * take longer than that. However, with the kernel_ns value itself,
1182 * the precision may be much lower, down to HZ granularity. If the
1183 * first sampling of TSC against kernel_ns ends in the low part of the
1184 * range, and the second in the high end of the range, we can get:
1186 * (TSC - offset_low) * S + kns_old > (TSC - offset_high) * S + kns_new
1188 * As the sampling errors potentially range in the thousands of cycles,
1189 * it is possible such a time value has already been observed by the
1190 * guest. To protect against this, we must compute the system time as
1191 * observed by the guest and ensure the new system time is greater.
1194 if (vcpu->hv_clock.tsc_timestamp) {
1195 max_kernel_ns = vcpu->last_guest_tsc -
1196 vcpu->hv_clock.tsc_timestamp;
1197 max_kernel_ns = pvclock_scale_delta(max_kernel_ns,
1198 vcpu->hv_clock.tsc_to_system_mul,
1199 vcpu->hv_clock.tsc_shift);
1200 max_kernel_ns += vcpu->last_kernel_ns;
1203 if (unlikely(vcpu->hw_tsc_khz != this_tsc_khz)) {
1204 kvm_get_time_scale(NSEC_PER_SEC / 1000, this_tsc_khz,
1205 &vcpu->hv_clock.tsc_shift,
1206 &vcpu->hv_clock.tsc_to_system_mul);
1207 vcpu->hw_tsc_khz = this_tsc_khz;
1210 if (max_kernel_ns > kernel_ns)
1211 kernel_ns = max_kernel_ns;
1213 /* With all the info we got, fill in the values */
1214 vcpu->hv_clock.tsc_timestamp = tsc_timestamp;
1215 vcpu->hv_clock.system_time = kernel_ns + v->kvm->arch.kvmclock_offset;
1216 vcpu->last_kernel_ns = kernel_ns;
1217 vcpu->last_guest_tsc = tsc_timestamp;
1218 vcpu->hv_clock.flags = 0;
1221 * The interface expects us to write an even number signaling that the
1222 * update is finished. Since the guest won't see the intermediate
1223 * state, we just increase by 2 at the end.
1225 vcpu->hv_clock.version += 2;
1227 shared_kaddr = kmap_atomic(vcpu->time_page);
1229 memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock,
1230 sizeof(vcpu->hv_clock));
1232 kunmap_atomic(shared_kaddr);
1234 mark_page_dirty(v->kvm, vcpu->time >> PAGE_SHIFT);
1238 static bool msr_mtrr_valid(unsigned msr)
1241 case 0x200 ... 0x200 + 2 * KVM_NR_VAR_MTRR - 1:
1242 case MSR_MTRRfix64K_00000:
1243 case MSR_MTRRfix16K_80000:
1244 case MSR_MTRRfix16K_A0000:
1245 case MSR_MTRRfix4K_C0000:
1246 case MSR_MTRRfix4K_C8000:
1247 case MSR_MTRRfix4K_D0000:
1248 case MSR_MTRRfix4K_D8000:
1249 case MSR_MTRRfix4K_E0000:
1250 case MSR_MTRRfix4K_E8000:
1251 case MSR_MTRRfix4K_F0000:
1252 case MSR_MTRRfix4K_F8000:
1253 case MSR_MTRRdefType:
1254 case MSR_IA32_CR_PAT:
1262 static bool valid_pat_type(unsigned t)
1264 return t < 8 && (1 << t) & 0xf3; /* 0, 1, 4, 5, 6, 7 */
1267 static bool valid_mtrr_type(unsigned t)
1269 return t < 8 && (1 << t) & 0x73; /* 0, 1, 4, 5, 6 */
1272 static bool mtrr_valid(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1276 if (!msr_mtrr_valid(msr))
1279 if (msr == MSR_IA32_CR_PAT) {
1280 for (i = 0; i < 8; i++)
1281 if (!valid_pat_type((data >> (i * 8)) & 0xff))
1284 } else if (msr == MSR_MTRRdefType) {
1287 return valid_mtrr_type(data & 0xff);
1288 } else if (msr >= MSR_MTRRfix64K_00000 && msr <= MSR_MTRRfix4K_F8000) {
1289 for (i = 0; i < 8 ; i++)
1290 if (!valid_mtrr_type((data >> (i * 8)) & 0xff))
1295 /* variable MTRRs */
1296 return valid_mtrr_type(data & 0xff);
1299 static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1301 u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges;
1303 if (!mtrr_valid(vcpu, msr, data))
1306 if (msr == MSR_MTRRdefType) {
1307 vcpu->arch.mtrr_state.def_type = data;
1308 vcpu->arch.mtrr_state.enabled = (data & 0xc00) >> 10;
1309 } else if (msr == MSR_MTRRfix64K_00000)
1311 else if (msr == MSR_MTRRfix16K_80000 || msr == MSR_MTRRfix16K_A0000)
1312 p[1 + msr - MSR_MTRRfix16K_80000] = data;
1313 else if (msr >= MSR_MTRRfix4K_C0000 && msr <= MSR_MTRRfix4K_F8000)
1314 p[3 + msr - MSR_MTRRfix4K_C0000] = data;
1315 else if (msr == MSR_IA32_CR_PAT)
1316 vcpu->arch.pat = data;
1317 else { /* Variable MTRRs */
1318 int idx, is_mtrr_mask;
1321 idx = (msr - 0x200) / 2;
1322 is_mtrr_mask = msr - 0x200 - 2 * idx;
1325 (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].base_lo;
1328 (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].mask_lo;
1332 kvm_mmu_reset_context(vcpu);
1336 static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1338 u64 mcg_cap = vcpu->arch.mcg_cap;
1339 unsigned bank_num = mcg_cap & 0xff;
1342 case MSR_IA32_MCG_STATUS:
1343 vcpu->arch.mcg_status = data;
1345 case MSR_IA32_MCG_CTL:
1346 if (!(mcg_cap & MCG_CTL_P))
1348 if (data != 0 && data != ~(u64)0)
1350 vcpu->arch.mcg_ctl = data;
1353 if (msr >= MSR_IA32_MC0_CTL &&
1354 msr < MSR_IA32_MC0_CTL + 4 * bank_num) {
1355 u32 offset = msr - MSR_IA32_MC0_CTL;
1356 /* only 0 or all 1s can be written to IA32_MCi_CTL
1357 * some Linux kernels though clear bit 10 in bank 4 to
1358 * workaround a BIOS/GART TBL issue on AMD K8s, ignore
1359 * this to avoid an uncatched #GP in the guest
1361 if ((offset & 0x3) == 0 &&
1362 data != 0 && (data | (1 << 10)) != ~(u64)0)
1364 vcpu->arch.mce_banks[offset] = data;
1372 static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
1374 struct kvm *kvm = vcpu->kvm;
1375 int lm = is_long_mode(vcpu);
1376 u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
1377 : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
1378 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
1379 : kvm->arch.xen_hvm_config.blob_size_32;
1380 u32 page_num = data & ~PAGE_MASK;
1381 u64 page_addr = data & PAGE_MASK;
1386 if (page_num >= blob_size)
1389 page = memdup_user(blob_addr + (page_num * PAGE_SIZE), PAGE_SIZE);
1394 if (kvm_write_guest(kvm, page_addr, page, PAGE_SIZE))
1403 static bool kvm_hv_hypercall_enabled(struct kvm *kvm)
1405 return kvm->arch.hv_hypercall & HV_X64_MSR_HYPERCALL_ENABLE;
1408 static bool kvm_hv_msr_partition_wide(u32 msr)
1412 case HV_X64_MSR_GUEST_OS_ID:
1413 case HV_X64_MSR_HYPERCALL:
1421 static int set_msr_hyperv_pw(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1423 struct kvm *kvm = vcpu->kvm;
1426 case HV_X64_MSR_GUEST_OS_ID:
1427 kvm->arch.hv_guest_os_id = data;
1428 /* setting guest os id to zero disables hypercall page */
1429 if (!kvm->arch.hv_guest_os_id)
1430 kvm->arch.hv_hypercall &= ~HV_X64_MSR_HYPERCALL_ENABLE;
1432 case HV_X64_MSR_HYPERCALL: {
1437 /* if guest os id is not set hypercall should remain disabled */
1438 if (!kvm->arch.hv_guest_os_id)
1440 if (!(data & HV_X64_MSR_HYPERCALL_ENABLE)) {
1441 kvm->arch.hv_hypercall = data;
1444 gfn = data >> HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_SHIFT;
1445 addr = gfn_to_hva(kvm, gfn);
1446 if (kvm_is_error_hva(addr))
1448 kvm_x86_ops->patch_hypercall(vcpu, instructions);
1449 ((unsigned char *)instructions)[3] = 0xc3; /* ret */
1450 if (__copy_to_user((void __user *)addr, instructions, 4))
1452 kvm->arch.hv_hypercall = data;
1456 vcpu_unimpl(vcpu, "HYPER-V unimplemented wrmsr: 0x%x "
1457 "data 0x%llx\n", msr, data);
1463 static int set_msr_hyperv(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1466 case HV_X64_MSR_APIC_ASSIST_PAGE: {
1469 if (!(data & HV_X64_MSR_APIC_ASSIST_PAGE_ENABLE)) {
1470 vcpu->arch.hv_vapic = data;
1473 addr = gfn_to_hva(vcpu->kvm, data >>
1474 HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT);
1475 if (kvm_is_error_hva(addr))
1477 if (__clear_user((void __user *)addr, PAGE_SIZE))
1479 vcpu->arch.hv_vapic = data;
1482 case HV_X64_MSR_EOI:
1483 return kvm_hv_vapic_msr_write(vcpu, APIC_EOI, data);
1484 case HV_X64_MSR_ICR:
1485 return kvm_hv_vapic_msr_write(vcpu, APIC_ICR, data);
1486 case HV_X64_MSR_TPR:
1487 return kvm_hv_vapic_msr_write(vcpu, APIC_TASKPRI, data);
1489 vcpu_unimpl(vcpu, "HYPER-V unimplemented wrmsr: 0x%x "
1490 "data 0x%llx\n", msr, data);
1497 static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
1499 gpa_t gpa = data & ~0x3f;
1501 /* Bits 2:5 are reserved, Should be zero */
1505 vcpu->arch.apf.msr_val = data;
1507 if (!(data & KVM_ASYNC_PF_ENABLED)) {
1508 kvm_clear_async_pf_completion_queue(vcpu);
1509 kvm_async_pf_hash_reset(vcpu);
1513 if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa))
1516 vcpu->arch.apf.send_user_only = !(data & KVM_ASYNC_PF_SEND_ALWAYS);
1517 kvm_async_pf_wakeup_all(vcpu);
1521 static void kvmclock_reset(struct kvm_vcpu *vcpu)
1523 if (vcpu->arch.time_page) {
1524 kvm_release_page_dirty(vcpu->arch.time_page);
1525 vcpu->arch.time_page = NULL;
1529 static void accumulate_steal_time(struct kvm_vcpu *vcpu)
1533 if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
1536 delta = current->sched_info.run_delay - vcpu->arch.st.last_steal;
1537 vcpu->arch.st.last_steal = current->sched_info.run_delay;
1538 vcpu->arch.st.accum_steal = delta;
1541 static void record_steal_time(struct kvm_vcpu *vcpu)
1543 if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
1546 if (unlikely(kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
1547 &vcpu->arch.st.steal, sizeof(struct kvm_steal_time))))
1550 vcpu->arch.st.steal.steal += vcpu->arch.st.accum_steal;
1551 vcpu->arch.st.steal.version += 2;
1552 vcpu->arch.st.accum_steal = 0;
1554 kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
1555 &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
1558 int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1564 return set_efer(vcpu, data);
1566 data &= ~(u64)0x40; /* ignore flush filter disable */
1567 data &= ~(u64)0x100; /* ignore ignne emulation enable */
1568 data &= ~(u64)0x8; /* ignore TLB cache disable */
1570 vcpu_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n",
1575 case MSR_FAM10H_MMIO_CONF_BASE:
1577 vcpu_unimpl(vcpu, "unimplemented MMIO_CONF_BASE wrmsr: "
1582 case MSR_AMD64_NB_CFG:
1584 case MSR_IA32_DEBUGCTLMSR:
1586 /* We support the non-activated case already */
1588 } else if (data & ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BTF)) {
1589 /* Values other than LBR and BTF are vendor-specific,
1590 thus reserved and should throw a #GP */
1593 vcpu_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTLMSR 0x%llx, nop\n",
1596 case MSR_IA32_UCODE_REV:
1597 case MSR_IA32_UCODE_WRITE:
1598 case MSR_VM_HSAVE_PA:
1599 case MSR_AMD64_PATCH_LOADER:
1601 case 0x200 ... 0x2ff:
1602 return set_msr_mtrr(vcpu, msr, data);
1603 case MSR_IA32_APICBASE:
1604 kvm_set_apic_base(vcpu, data);
1606 case APIC_BASE_MSR ... APIC_BASE_MSR + 0x3ff:
1607 return kvm_x2apic_msr_write(vcpu, msr, data);
1608 case MSR_IA32_TSCDEADLINE:
1609 kvm_set_lapic_tscdeadline_msr(vcpu, data);
1611 case MSR_IA32_MISC_ENABLE:
1612 vcpu->arch.ia32_misc_enable_msr = data;
1614 case MSR_KVM_WALL_CLOCK_NEW:
1615 case MSR_KVM_WALL_CLOCK:
1616 vcpu->kvm->arch.wall_clock = data;
1617 kvm_write_wall_clock(vcpu->kvm, data);
1619 case MSR_KVM_SYSTEM_TIME_NEW:
1620 case MSR_KVM_SYSTEM_TIME: {
1621 kvmclock_reset(vcpu);
1623 vcpu->arch.time = data;
1624 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
1626 /* we verify if the enable bit is set... */
1630 /* ...but clean it before doing the actual write */
1631 vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
1633 vcpu->arch.time_page =
1634 gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT);
1636 if (is_error_page(vcpu->arch.time_page))
1637 vcpu->arch.time_page = NULL;
1641 case MSR_KVM_ASYNC_PF_EN:
1642 if (kvm_pv_enable_async_pf(vcpu, data))
1645 case MSR_KVM_STEAL_TIME:
1647 if (unlikely(!sched_info_on()))
1650 if (data & KVM_STEAL_RESERVED_MASK)
1653 if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
1654 data & KVM_STEAL_VALID_BITS))
1657 vcpu->arch.st.msr_val = data;
1659 if (!(data & KVM_MSR_ENABLED))
1662 vcpu->arch.st.last_steal = current->sched_info.run_delay;
1665 accumulate_steal_time(vcpu);
1668 kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
1671 case MSR_KVM_PV_EOI_EN:
1672 if (kvm_lapic_enable_pv_eoi(vcpu, data))
1676 case MSR_IA32_MCG_CTL:
1677 case MSR_IA32_MCG_STATUS:
1678 case MSR_IA32_MC0_CTL ... MSR_IA32_MC0_CTL + 4 * KVM_MAX_MCE_BANKS - 1:
1679 return set_msr_mce(vcpu, msr, data);
1681 /* Performance counters are not protected by a CPUID bit,
1682 * so we should check all of them in the generic path for the sake of
1683 * cross vendor migration.
1684 * Writing a zero into the event select MSRs disables them,
1685 * which we perfectly emulate ;-). Any other value should be at least
1686 * reported, some guests depend on them.
1688 case MSR_K7_EVNTSEL0:
1689 case MSR_K7_EVNTSEL1:
1690 case MSR_K7_EVNTSEL2:
1691 case MSR_K7_EVNTSEL3:
1693 vcpu_unimpl(vcpu, "unimplemented perfctr wrmsr: "
1694 "0x%x data 0x%llx\n", msr, data);
1696 /* at least RHEL 4 unconditionally writes to the perfctr registers,
1697 * so we ignore writes to make it happy.
1699 case MSR_K7_PERFCTR0:
1700 case MSR_K7_PERFCTR1:
1701 case MSR_K7_PERFCTR2:
1702 case MSR_K7_PERFCTR3:
1703 vcpu_unimpl(vcpu, "unimplemented perfctr wrmsr: "
1704 "0x%x data 0x%llx\n", msr, data);
1706 case MSR_P6_PERFCTR0:
1707 case MSR_P6_PERFCTR1:
1709 case MSR_P6_EVNTSEL0:
1710 case MSR_P6_EVNTSEL1:
1711 if (kvm_pmu_msr(vcpu, msr))
1712 return kvm_pmu_set_msr(vcpu, msr, data);
1714 if (pr || data != 0)
1715 vcpu_unimpl(vcpu, "disabled perfctr wrmsr: "
1716 "0x%x data 0x%llx\n", msr, data);
1718 case MSR_K7_CLK_CTL:
1720 * Ignore all writes to this no longer documented MSR.
1721 * Writes are only relevant for old K7 processors,
1722 * all pre-dating SVM, but a recommended workaround from
1723 * AMD for these chips. It is possible to specify the
1724 * affected processor models on the command line, hence
1725 * the need to ignore the workaround.
1728 case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15:
1729 if (kvm_hv_msr_partition_wide(msr)) {
1731 mutex_lock(&vcpu->kvm->lock);
1732 r = set_msr_hyperv_pw(vcpu, msr, data);
1733 mutex_unlock(&vcpu->kvm->lock);
1736 return set_msr_hyperv(vcpu, msr, data);
1738 case MSR_IA32_BBL_CR_CTL3:
1739 /* Drop writes to this legacy MSR -- see rdmsr
1740 * counterpart for further detail.
1742 vcpu_unimpl(vcpu, "ignored wrmsr: 0x%x data %llx\n", msr, data);
1744 case MSR_AMD64_OSVW_ID_LENGTH:
1745 if (!guest_cpuid_has_osvw(vcpu))
1747 vcpu->arch.osvw.length = data;
1749 case MSR_AMD64_OSVW_STATUS:
1750 if (!guest_cpuid_has_osvw(vcpu))
1752 vcpu->arch.osvw.status = data;
1755 if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr))
1756 return xen_hvm_config(vcpu, data);
1757 if (kvm_pmu_msr(vcpu, msr))
1758 return kvm_pmu_set_msr(vcpu, msr, data);
1760 vcpu_unimpl(vcpu, "unhandled wrmsr: 0x%x data %llx\n",
1764 vcpu_unimpl(vcpu, "ignored wrmsr: 0x%x data %llx\n",
1771 EXPORT_SYMBOL_GPL(kvm_set_msr_common);
1775 * Reads an msr value (of 'msr_index') into 'pdata'.
1776 * Returns 0 on success, non-0 otherwise.
1777 * Assumes vcpu_load() was already called.
1779 int kvm_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
1781 return kvm_x86_ops->get_msr(vcpu, msr_index, pdata);
1784 static int get_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1786 u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges;
1788 if (!msr_mtrr_valid(msr))
1791 if (msr == MSR_MTRRdefType)
1792 *pdata = vcpu->arch.mtrr_state.def_type +
1793 (vcpu->arch.mtrr_state.enabled << 10);
1794 else if (msr == MSR_MTRRfix64K_00000)
1796 else if (msr == MSR_MTRRfix16K_80000 || msr == MSR_MTRRfix16K_A0000)
1797 *pdata = p[1 + msr - MSR_MTRRfix16K_80000];
1798 else if (msr >= MSR_MTRRfix4K_C0000 && msr <= MSR_MTRRfix4K_F8000)
1799 *pdata = p[3 + msr - MSR_MTRRfix4K_C0000];
1800 else if (msr == MSR_IA32_CR_PAT)
1801 *pdata = vcpu->arch.pat;
1802 else { /* Variable MTRRs */
1803 int idx, is_mtrr_mask;
1806 idx = (msr - 0x200) / 2;
1807 is_mtrr_mask = msr - 0x200 - 2 * idx;
1810 (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].base_lo;
1813 (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].mask_lo;
1820 static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1823 u64 mcg_cap = vcpu->arch.mcg_cap;
1824 unsigned bank_num = mcg_cap & 0xff;
1827 case MSR_IA32_P5_MC_ADDR:
1828 case MSR_IA32_P5_MC_TYPE:
1831 case MSR_IA32_MCG_CAP:
1832 data = vcpu->arch.mcg_cap;
1834 case MSR_IA32_MCG_CTL:
1835 if (!(mcg_cap & MCG_CTL_P))
1837 data = vcpu->arch.mcg_ctl;
1839 case MSR_IA32_MCG_STATUS:
1840 data = vcpu->arch.mcg_status;
1843 if (msr >= MSR_IA32_MC0_CTL &&
1844 msr < MSR_IA32_MC0_CTL + 4 * bank_num) {
1845 u32 offset = msr - MSR_IA32_MC0_CTL;
1846 data = vcpu->arch.mce_banks[offset];
1855 static int get_msr_hyperv_pw(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1858 struct kvm *kvm = vcpu->kvm;
1861 case HV_X64_MSR_GUEST_OS_ID:
1862 data = kvm->arch.hv_guest_os_id;
1864 case HV_X64_MSR_HYPERCALL:
1865 data = kvm->arch.hv_hypercall;
1868 vcpu_unimpl(vcpu, "Hyper-V unhandled rdmsr: 0x%x\n", msr);
1876 static int get_msr_hyperv(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1881 case HV_X64_MSR_VP_INDEX: {
1884 kvm_for_each_vcpu(r, v, vcpu->kvm)
1889 case HV_X64_MSR_EOI:
1890 return kvm_hv_vapic_msr_read(vcpu, APIC_EOI, pdata);
1891 case HV_X64_MSR_ICR:
1892 return kvm_hv_vapic_msr_read(vcpu, APIC_ICR, pdata);
1893 case HV_X64_MSR_TPR:
1894 return kvm_hv_vapic_msr_read(vcpu, APIC_TASKPRI, pdata);
1895 case HV_X64_MSR_APIC_ASSIST_PAGE:
1896 data = vcpu->arch.hv_vapic;
1899 vcpu_unimpl(vcpu, "Hyper-V unhandled rdmsr: 0x%x\n", msr);
1906 int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1911 case MSR_IA32_PLATFORM_ID:
1912 case MSR_IA32_EBL_CR_POWERON:
1913 case MSR_IA32_DEBUGCTLMSR:
1914 case MSR_IA32_LASTBRANCHFROMIP:
1915 case MSR_IA32_LASTBRANCHTOIP:
1916 case MSR_IA32_LASTINTFROMIP:
1917 case MSR_IA32_LASTINTTOIP:
1920 case MSR_VM_HSAVE_PA:
1921 case MSR_K7_EVNTSEL0:
1922 case MSR_K7_PERFCTR0:
1923 case MSR_K8_INT_PENDING_MSG:
1924 case MSR_AMD64_NB_CFG:
1925 case MSR_FAM10H_MMIO_CONF_BASE:
1928 case MSR_P6_PERFCTR0:
1929 case MSR_P6_PERFCTR1:
1930 case MSR_P6_EVNTSEL0:
1931 case MSR_P6_EVNTSEL1:
1932 if (kvm_pmu_msr(vcpu, msr))
1933 return kvm_pmu_get_msr(vcpu, msr, pdata);
1936 case MSR_IA32_UCODE_REV:
1937 data = 0x100000000ULL;
1940 data = 0x500 | KVM_NR_VAR_MTRR;
1942 case 0x200 ... 0x2ff:
1943 return get_msr_mtrr(vcpu, msr, pdata);
1944 case 0xcd: /* fsb frequency */
1948 * MSR_EBC_FREQUENCY_ID
1949 * Conservative value valid for even the basic CPU models.
1950 * Models 0,1: 000 in bits 23:21 indicating a bus speed of
1951 * 100MHz, model 2 000 in bits 18:16 indicating 100MHz,
1952 * and 266MHz for model 3, or 4. Set Core Clock
1953 * Frequency to System Bus Frequency Ratio to 1 (bits
1954 * 31:24) even though these are only valid for CPU
1955 * models > 2, however guests may end up dividing or
1956 * multiplying by zero otherwise.
1958 case MSR_EBC_FREQUENCY_ID:
1961 case MSR_IA32_APICBASE:
1962 data = kvm_get_apic_base(vcpu);
1964 case APIC_BASE_MSR ... APIC_BASE_MSR + 0x3ff:
1965 return kvm_x2apic_msr_read(vcpu, msr, pdata);
1967 case MSR_IA32_TSCDEADLINE:
1968 data = kvm_get_lapic_tscdeadline_msr(vcpu);
1970 case MSR_IA32_MISC_ENABLE:
1971 data = vcpu->arch.ia32_misc_enable_msr;
1973 case MSR_IA32_PERF_STATUS:
1974 /* TSC increment by tick */
1976 /* CPU multiplier */
1977 data |= (((uint64_t)4ULL) << 40);
1980 data = vcpu->arch.efer;
1982 case MSR_KVM_WALL_CLOCK:
1983 case MSR_KVM_WALL_CLOCK_NEW:
1984 data = vcpu->kvm->arch.wall_clock;
1986 case MSR_KVM_SYSTEM_TIME:
1987 case MSR_KVM_SYSTEM_TIME_NEW:
1988 data = vcpu->arch.time;
1990 case MSR_KVM_ASYNC_PF_EN:
1991 data = vcpu->arch.apf.msr_val;
1993 case MSR_KVM_STEAL_TIME:
1994 data = vcpu->arch.st.msr_val;
1996 case MSR_IA32_P5_MC_ADDR:
1997 case MSR_IA32_P5_MC_TYPE:
1998 case MSR_IA32_MCG_CAP:
1999 case MSR_IA32_MCG_CTL:
2000 case MSR_IA32_MCG_STATUS:
2001 case MSR_IA32_MC0_CTL ... MSR_IA32_MC0_CTL + 4 * KVM_MAX_MCE_BANKS - 1:
2002 return get_msr_mce(vcpu, msr, pdata);
2003 case MSR_K7_CLK_CTL:
2005 * Provide expected ramp-up count for K7. All other
2006 * are set to zero, indicating minimum divisors for
2009 * This prevents guest kernels on AMD host with CPU
2010 * type 6, model 8 and higher from exploding due to
2011 * the rdmsr failing.
2015 case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15:
2016 if (kvm_hv_msr_partition_wide(msr)) {
2018 mutex_lock(&vcpu->kvm->lock);
2019 r = get_msr_hyperv_pw(vcpu, msr, pdata);
2020 mutex_unlock(&vcpu->kvm->lock);
2023 return get_msr_hyperv(vcpu, msr, pdata);
2025 case MSR_IA32_BBL_CR_CTL3:
2026 /* This legacy MSR exists but isn't fully documented in current
2027 * silicon. It is however accessed by winxp in very narrow
2028 * scenarios where it sets bit #19, itself documented as
2029 * a "reserved" bit. Best effort attempt to source coherent
2030 * read data here should the balance of the register be
2031 * interpreted by the guest:
2033 * L2 cache control register 3: 64GB range, 256KB size,
2034 * enabled, latency 0x1, configured
2038 case MSR_AMD64_OSVW_ID_LENGTH:
2039 if (!guest_cpuid_has_osvw(vcpu))
2041 data = vcpu->arch.osvw.length;
2043 case MSR_AMD64_OSVW_STATUS:
2044 if (!guest_cpuid_has_osvw(vcpu))
2046 data = vcpu->arch.osvw.status;
2049 if (kvm_pmu_msr(vcpu, msr))
2050 return kvm_pmu_get_msr(vcpu, msr, pdata);
2052 vcpu_unimpl(vcpu, "unhandled rdmsr: 0x%x\n", msr);
2055 vcpu_unimpl(vcpu, "ignored rdmsr: 0x%x\n", msr);
2063 EXPORT_SYMBOL_GPL(kvm_get_msr_common);
2066 * Read or write a bunch of msrs. All parameters are kernel addresses.
2068 * @return number of msrs set successfully.
2070 static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs,
2071 struct kvm_msr_entry *entries,
2072 int (*do_msr)(struct kvm_vcpu *vcpu,
2073 unsigned index, u64 *data))
2077 idx = srcu_read_lock(&vcpu->kvm->srcu);
2078 for (i = 0; i < msrs->nmsrs; ++i)
2079 if (do_msr(vcpu, entries[i].index, &entries[i].data))
2081 srcu_read_unlock(&vcpu->kvm->srcu, idx);
2087 * Read or write a bunch of msrs. Parameters are user addresses.
2089 * @return number of msrs set successfully.
2091 static int msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs __user *user_msrs,
2092 int (*do_msr)(struct kvm_vcpu *vcpu,
2093 unsigned index, u64 *data),
2096 struct kvm_msrs msrs;
2097 struct kvm_msr_entry *entries;
2102 if (copy_from_user(&msrs, user_msrs, sizeof msrs))
2106 if (msrs.nmsrs >= MAX_IO_MSRS)
2109 size = sizeof(struct kvm_msr_entry) * msrs.nmsrs;
2110 entries = memdup_user(user_msrs->entries, size);
2111 if (IS_ERR(entries)) {
2112 r = PTR_ERR(entries);
2116 r = n = __msr_io(vcpu, &msrs, entries, do_msr);
2121 if (writeback && copy_to_user(user_msrs->entries, entries, size))
2132 int kvm_dev_ioctl_check_extension(long ext)
2137 case KVM_CAP_IRQCHIP:
2139 case KVM_CAP_MMU_SHADOW_CACHE_CONTROL:
2140 case KVM_CAP_SET_TSS_ADDR:
2141 case KVM_CAP_EXT_CPUID:
2142 case KVM_CAP_CLOCKSOURCE:
2144 case KVM_CAP_NOP_IO_DELAY:
2145 case KVM_CAP_MP_STATE:
2146 case KVM_CAP_SYNC_MMU:
2147 case KVM_CAP_USER_NMI:
2148 case KVM_CAP_REINJECT_CONTROL:
2149 case KVM_CAP_IRQ_INJECT_STATUS:
2150 case KVM_CAP_ASSIGN_DEV_IRQ:
2152 case KVM_CAP_IOEVENTFD:
2154 case KVM_CAP_PIT_STATE2:
2155 case KVM_CAP_SET_IDENTITY_MAP_ADDR:
2156 case KVM_CAP_XEN_HVM:
2157 case KVM_CAP_ADJUST_CLOCK:
2158 case KVM_CAP_VCPU_EVENTS:
2159 case KVM_CAP_HYPERV:
2160 case KVM_CAP_HYPERV_VAPIC:
2161 case KVM_CAP_HYPERV_SPIN:
2162 case KVM_CAP_PCI_SEGMENT:
2163 case KVM_CAP_DEBUGREGS:
2164 case KVM_CAP_X86_ROBUST_SINGLESTEP:
2166 case KVM_CAP_ASYNC_PF:
2167 case KVM_CAP_GET_TSC_KHZ:
2168 case KVM_CAP_PCI_2_3:
2169 case KVM_CAP_KVMCLOCK_CTRL:
2172 case KVM_CAP_COALESCED_MMIO:
2173 r = KVM_COALESCED_MMIO_PAGE_OFFSET;
2176 r = !kvm_x86_ops->cpu_has_accelerated_tpr();
2178 case KVM_CAP_NR_VCPUS:
2179 r = KVM_SOFT_MAX_VCPUS;
2181 case KVM_CAP_MAX_VCPUS:
2184 case KVM_CAP_NR_MEMSLOTS:
2185 r = KVM_MEMORY_SLOTS;
2187 case KVM_CAP_PV_MMU: /* obsolete */
2191 r = iommu_present(&pci_bus_type);
2194 r = KVM_MAX_MCE_BANKS;
2199 case KVM_CAP_TSC_CONTROL:
2200 r = kvm_has_tsc_control;
2202 case KVM_CAP_TSC_DEADLINE_TIMER:
2203 r = boot_cpu_has(X86_FEATURE_TSC_DEADLINE_TIMER);
2213 long kvm_arch_dev_ioctl(struct file *filp,
2214 unsigned int ioctl, unsigned long arg)
2216 void __user *argp = (void __user *)arg;
2220 case KVM_GET_MSR_INDEX_LIST: {
2221 struct kvm_msr_list __user *user_msr_list = argp;
2222 struct kvm_msr_list msr_list;
2226 if (copy_from_user(&msr_list, user_msr_list, sizeof msr_list))
2229 msr_list.nmsrs = num_msrs_to_save + ARRAY_SIZE(emulated_msrs);
2230 if (copy_to_user(user_msr_list, &msr_list, sizeof msr_list))
2233 if (n < msr_list.nmsrs)
2236 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
2237 num_msrs_to_save * sizeof(u32)))
2239 if (copy_to_user(user_msr_list->indices + num_msrs_to_save,
2241 ARRAY_SIZE(emulated_msrs) * sizeof(u32)))
2246 case KVM_GET_SUPPORTED_CPUID: {
2247 struct kvm_cpuid2 __user *cpuid_arg = argp;
2248 struct kvm_cpuid2 cpuid;
2251 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
2253 r = kvm_dev_ioctl_get_supported_cpuid(&cpuid,
2254 cpuid_arg->entries);
2259 if (copy_to_user(cpuid_arg, &cpuid, sizeof cpuid))
2264 case KVM_X86_GET_MCE_CAP_SUPPORTED: {
2267 mce_cap = KVM_MCE_CAP_SUPPORTED;
2269 if (copy_to_user(argp, &mce_cap, sizeof mce_cap))
2281 static void wbinvd_ipi(void *garbage)
2286 static bool need_emulate_wbinvd(struct kvm_vcpu *vcpu)
2288 return vcpu->kvm->arch.iommu_domain &&
2289 !(vcpu->kvm->arch.iommu_flags & KVM_IOMMU_CACHE_COHERENCY);
2292 void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
2294 /* Address WBINVD may be executed by guest */
2295 if (need_emulate_wbinvd(vcpu)) {
2296 if (kvm_x86_ops->has_wbinvd_exit())
2297 cpumask_set_cpu(cpu, vcpu->arch.wbinvd_dirty_mask);
2298 else if (vcpu->cpu != -1 && vcpu->cpu != cpu)
2299 smp_call_function_single(vcpu->cpu,
2300 wbinvd_ipi, NULL, 1);
2303 kvm_x86_ops->vcpu_load(vcpu, cpu);
2305 /* Apply any externally detected TSC adjustments (due to suspend) */
2306 if (unlikely(vcpu->arch.tsc_offset_adjustment)) {
2307 adjust_tsc_offset_host(vcpu, vcpu->arch.tsc_offset_adjustment);
2308 vcpu->arch.tsc_offset_adjustment = 0;
2309 set_bit(KVM_REQ_CLOCK_UPDATE, &vcpu->requests);
2312 if (unlikely(vcpu->cpu != cpu) || check_tsc_unstable()) {
2313 s64 tsc_delta = !vcpu->arch.last_host_tsc ? 0 :
2314 native_read_tsc() - vcpu->arch.last_host_tsc;
2316 mark_tsc_unstable("KVM discovered backwards TSC");
2317 if (check_tsc_unstable()) {
2318 u64 offset = kvm_x86_ops->compute_tsc_offset(vcpu,
2319 vcpu->arch.last_guest_tsc);
2320 kvm_x86_ops->write_tsc_offset(vcpu, offset);
2321 vcpu->arch.tsc_catchup = 1;
2323 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
2324 if (vcpu->cpu != cpu)
2325 kvm_migrate_timers(vcpu);
2329 accumulate_steal_time(vcpu);
2330 kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
2333 void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
2335 kvm_x86_ops->vcpu_put(vcpu);
2336 kvm_put_guest_fpu(vcpu);
2337 vcpu->arch.last_host_tsc = native_read_tsc();
2340 static int kvm_vcpu_ioctl_get_lapic(struct kvm_vcpu *vcpu,
2341 struct kvm_lapic_state *s)
2343 memcpy(s->regs, vcpu->arch.apic->regs, sizeof *s);
2348 static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
2349 struct kvm_lapic_state *s)
2351 memcpy(vcpu->arch.apic->regs, s->regs, sizeof *s);
2352 kvm_apic_post_state_restore(vcpu);
2353 update_cr8_intercept(vcpu);
2358 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
2359 struct kvm_interrupt *irq)
2361 if (irq->irq < 0 || irq->irq >= 256)
2363 if (irqchip_in_kernel(vcpu->kvm))
2366 kvm_queue_interrupt(vcpu, irq->irq, false);
2367 kvm_make_request(KVM_REQ_EVENT, vcpu);
2372 static int kvm_vcpu_ioctl_nmi(struct kvm_vcpu *vcpu)
2374 kvm_inject_nmi(vcpu);
2379 static int vcpu_ioctl_tpr_access_reporting(struct kvm_vcpu *vcpu,
2380 struct kvm_tpr_access_ctl *tac)
2384 vcpu->arch.tpr_access_reporting = !!tac->enabled;
2388 static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu,
2392 unsigned bank_num = mcg_cap & 0xff, bank;
2395 if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS)
2397 if (mcg_cap & ~(KVM_MCE_CAP_SUPPORTED | 0xff | 0xff0000))
2400 vcpu->arch.mcg_cap = mcg_cap;
2401 /* Init IA32_MCG_CTL to all 1s */
2402 if (mcg_cap & MCG_CTL_P)
2403 vcpu->arch.mcg_ctl = ~(u64)0;
2404 /* Init IA32_MCi_CTL to all 1s */
2405 for (bank = 0; bank < bank_num; bank++)
2406 vcpu->arch.mce_banks[bank*4] = ~(u64)0;
2411 static int kvm_vcpu_ioctl_x86_set_mce(struct kvm_vcpu *vcpu,
2412 struct kvm_x86_mce *mce)
2414 u64 mcg_cap = vcpu->arch.mcg_cap;
2415 unsigned bank_num = mcg_cap & 0xff;
2416 u64 *banks = vcpu->arch.mce_banks;
2418 if (mce->bank >= bank_num || !(mce->status & MCI_STATUS_VAL))
2421 * if IA32_MCG_CTL is not all 1s, the uncorrected error
2422 * reporting is disabled
2424 if ((mce->status & MCI_STATUS_UC) && (mcg_cap & MCG_CTL_P) &&
2425 vcpu->arch.mcg_ctl != ~(u64)0)
2427 banks += 4 * mce->bank;
2429 * if IA32_MCi_CTL is not all 1s, the uncorrected error
2430 * reporting is disabled for the bank
2432 if ((mce->status & MCI_STATUS_UC) && banks[0] != ~(u64)0)
2434 if (mce->status & MCI_STATUS_UC) {
2435 if ((vcpu->arch.mcg_status & MCG_STATUS_MCIP) ||
2436 !kvm_read_cr4_bits(vcpu, X86_CR4_MCE)) {
2437 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
2440 if (banks[1] & MCI_STATUS_VAL)
2441 mce->status |= MCI_STATUS_OVER;
2442 banks[2] = mce->addr;
2443 banks[3] = mce->misc;
2444 vcpu->arch.mcg_status = mce->mcg_status;
2445 banks[1] = mce->status;
2446 kvm_queue_exception(vcpu, MC_VECTOR);
2447 } else if (!(banks[1] & MCI_STATUS_VAL)
2448 || !(banks[1] & MCI_STATUS_UC)) {
2449 if (banks[1] & MCI_STATUS_VAL)
2450 mce->status |= MCI_STATUS_OVER;
2451 banks[2] = mce->addr;
2452 banks[3] = mce->misc;
2453 banks[1] = mce->status;
2455 banks[1] |= MCI_STATUS_OVER;
2459 static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
2460 struct kvm_vcpu_events *events)
2463 events->exception.injected =
2464 vcpu->arch.exception.pending &&
2465 !kvm_exception_is_soft(vcpu->arch.exception.nr);
2466 events->exception.nr = vcpu->arch.exception.nr;
2467 events->exception.has_error_code = vcpu->arch.exception.has_error_code;
2468 events->exception.pad = 0;
2469 events->exception.error_code = vcpu->arch.exception.error_code;
2471 events->interrupt.injected =
2472 vcpu->arch.interrupt.pending && !vcpu->arch.interrupt.soft;
2473 events->interrupt.nr = vcpu->arch.interrupt.nr;
2474 events->interrupt.soft = 0;
2475 events->interrupt.shadow =
2476 kvm_x86_ops->get_interrupt_shadow(vcpu,
2477 KVM_X86_SHADOW_INT_MOV_SS | KVM_X86_SHADOW_INT_STI);
2479 events->nmi.injected = vcpu->arch.nmi_injected;
2480 events->nmi.pending = vcpu->arch.nmi_pending != 0;
2481 events->nmi.masked = kvm_x86_ops->get_nmi_mask(vcpu);
2482 events->nmi.pad = 0;
2484 events->sipi_vector = vcpu->arch.sipi_vector;
2486 events->flags = (KVM_VCPUEVENT_VALID_NMI_PENDING
2487 | KVM_VCPUEVENT_VALID_SIPI_VECTOR
2488 | KVM_VCPUEVENT_VALID_SHADOW);
2489 memset(&events->reserved, 0, sizeof(events->reserved));
2492 static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
2493 struct kvm_vcpu_events *events)
2495 if (events->flags & ~(KVM_VCPUEVENT_VALID_NMI_PENDING
2496 | KVM_VCPUEVENT_VALID_SIPI_VECTOR
2497 | KVM_VCPUEVENT_VALID_SHADOW))
2501 vcpu->arch.exception.pending = events->exception.injected;
2502 vcpu->arch.exception.nr = events->exception.nr;
2503 vcpu->arch.exception.has_error_code = events->exception.has_error_code;
2504 vcpu->arch.exception.error_code = events->exception.error_code;
2506 vcpu->arch.interrupt.pending = events->interrupt.injected;
2507 vcpu->arch.interrupt.nr = events->interrupt.nr;
2508 vcpu->arch.interrupt.soft = events->interrupt.soft;
2509 if (events->flags & KVM_VCPUEVENT_VALID_SHADOW)
2510 kvm_x86_ops->set_interrupt_shadow(vcpu,
2511 events->interrupt.shadow);
2513 vcpu->arch.nmi_injected = events->nmi.injected;
2514 if (events->flags & KVM_VCPUEVENT_VALID_NMI_PENDING)
2515 vcpu->arch.nmi_pending = events->nmi.pending;
2516 kvm_x86_ops->set_nmi_mask(vcpu, events->nmi.masked);
2518 if (events->flags & KVM_VCPUEVENT_VALID_SIPI_VECTOR)
2519 vcpu->arch.sipi_vector = events->sipi_vector;
2521 kvm_make_request(KVM_REQ_EVENT, vcpu);
2526 static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
2527 struct kvm_debugregs *dbgregs)
2529 memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
2530 dbgregs->dr6 = vcpu->arch.dr6;
2531 dbgregs->dr7 = vcpu->arch.dr7;
2533 memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
2536 static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
2537 struct kvm_debugregs *dbgregs)
2542 memcpy(vcpu->arch.db, dbgregs->db, sizeof(vcpu->arch.db));
2543 vcpu->arch.dr6 = dbgregs->dr6;
2544 vcpu->arch.dr7 = dbgregs->dr7;
2549 static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
2550 struct kvm_xsave *guest_xsave)
2553 memcpy(guest_xsave->region,
2554 &vcpu->arch.guest_fpu.state->xsave,
2557 memcpy(guest_xsave->region,
2558 &vcpu->arch.guest_fpu.state->fxsave,
2559 sizeof(struct i387_fxsave_struct));
2560 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
2565 static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
2566 struct kvm_xsave *guest_xsave)
2569 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)];
2572 memcpy(&vcpu->arch.guest_fpu.state->xsave,
2573 guest_xsave->region, xstate_size);
2575 if (xstate_bv & ~XSTATE_FPSSE)
2577 memcpy(&vcpu->arch.guest_fpu.state->fxsave,
2578 guest_xsave->region, sizeof(struct i387_fxsave_struct));
2583 static void kvm_vcpu_ioctl_x86_get_xcrs(struct kvm_vcpu *vcpu,
2584 struct kvm_xcrs *guest_xcrs)
2586 if (!cpu_has_xsave) {
2587 guest_xcrs->nr_xcrs = 0;
2591 guest_xcrs->nr_xcrs = 1;
2592 guest_xcrs->flags = 0;
2593 guest_xcrs->xcrs[0].xcr = XCR_XFEATURE_ENABLED_MASK;
2594 guest_xcrs->xcrs[0].value = vcpu->arch.xcr0;
2597 static int kvm_vcpu_ioctl_x86_set_xcrs(struct kvm_vcpu *vcpu,
2598 struct kvm_xcrs *guest_xcrs)
2605 if (guest_xcrs->nr_xcrs > KVM_MAX_XCRS || guest_xcrs->flags)
2608 for (i = 0; i < guest_xcrs->nr_xcrs; i++)
2609 /* Only support XCR0 currently */
2610 if (guest_xcrs->xcrs[0].xcr == XCR_XFEATURE_ENABLED_MASK) {
2611 r = __kvm_set_xcr(vcpu, XCR_XFEATURE_ENABLED_MASK,
2612 guest_xcrs->xcrs[0].value);
2621 * kvm_set_guest_paused() indicates to the guest kernel that it has been
2622 * stopped by the hypervisor. This function will be called from the host only.
2623 * EINVAL is returned when the host attempts to set the flag for a guest that
2624 * does not support pv clocks.
2626 static int kvm_set_guest_paused(struct kvm_vcpu *vcpu)
2628 struct pvclock_vcpu_time_info *src = &vcpu->arch.hv_clock;
2629 if (!vcpu->arch.time_page)
2631 src->flags |= PVCLOCK_GUEST_STOPPED;
2632 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
2636 long kvm_arch_vcpu_ioctl(struct file *filp,
2637 unsigned int ioctl, unsigned long arg)
2639 struct kvm_vcpu *vcpu = filp->private_data;
2640 void __user *argp = (void __user *)arg;
2643 struct kvm_lapic_state *lapic;
2644 struct kvm_xsave *xsave;
2645 struct kvm_xcrs *xcrs;
2651 case KVM_GET_LAPIC: {
2653 if (!vcpu->arch.apic)
2655 u.lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
2660 r = kvm_vcpu_ioctl_get_lapic(vcpu, u.lapic);
2664 if (copy_to_user(argp, u.lapic, sizeof(struct kvm_lapic_state)))
2669 case KVM_SET_LAPIC: {
2671 if (!vcpu->arch.apic)
2673 u.lapic = memdup_user(argp, sizeof(*u.lapic));
2674 if (IS_ERR(u.lapic)) {
2675 r = PTR_ERR(u.lapic);
2679 r = kvm_vcpu_ioctl_set_lapic(vcpu, u.lapic);
2685 case KVM_INTERRUPT: {
2686 struct kvm_interrupt irq;
2689 if (copy_from_user(&irq, argp, sizeof irq))
2691 r = kvm_vcpu_ioctl_interrupt(vcpu, &irq);
2698 r = kvm_vcpu_ioctl_nmi(vcpu);
2704 case KVM_SET_CPUID: {
2705 struct kvm_cpuid __user *cpuid_arg = argp;
2706 struct kvm_cpuid cpuid;
2709 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
2711 r = kvm_vcpu_ioctl_set_cpuid(vcpu, &cpuid, cpuid_arg->entries);
2716 case KVM_SET_CPUID2: {
2717 struct kvm_cpuid2 __user *cpuid_arg = argp;
2718 struct kvm_cpuid2 cpuid;
2721 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
2723 r = kvm_vcpu_ioctl_set_cpuid2(vcpu, &cpuid,
2724 cpuid_arg->entries);
2729 case KVM_GET_CPUID2: {
2730 struct kvm_cpuid2 __user *cpuid_arg = argp;
2731 struct kvm_cpuid2 cpuid;
2734 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
2736 r = kvm_vcpu_ioctl_get_cpuid2(vcpu, &cpuid,
2737 cpuid_arg->entries);
2741 if (copy_to_user(cpuid_arg, &cpuid, sizeof cpuid))
2747 r = msr_io(vcpu, argp, kvm_get_msr, 1);
2750 r = msr_io(vcpu, argp, do_set_msr, 0);
2752 case KVM_TPR_ACCESS_REPORTING: {
2753 struct kvm_tpr_access_ctl tac;
2756 if (copy_from_user(&tac, argp, sizeof tac))
2758 r = vcpu_ioctl_tpr_access_reporting(vcpu, &tac);
2762 if (copy_to_user(argp, &tac, sizeof tac))
2767 case KVM_SET_VAPIC_ADDR: {
2768 struct kvm_vapic_addr va;
2771 if (!irqchip_in_kernel(vcpu->kvm))
2774 if (copy_from_user(&va, argp, sizeof va))
2777 kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
2780 case KVM_X86_SETUP_MCE: {
2784 if (copy_from_user(&mcg_cap, argp, sizeof mcg_cap))
2786 r = kvm_vcpu_ioctl_x86_setup_mce(vcpu, mcg_cap);
2789 case KVM_X86_SET_MCE: {
2790 struct kvm_x86_mce mce;
2793 if (copy_from_user(&mce, argp, sizeof mce))
2795 r = kvm_vcpu_ioctl_x86_set_mce(vcpu, &mce);
2798 case KVM_GET_VCPU_EVENTS: {
2799 struct kvm_vcpu_events events;
2801 kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
2804 if (copy_to_user(argp, &events, sizeof(struct kvm_vcpu_events)))
2809 case KVM_SET_VCPU_EVENTS: {
2810 struct kvm_vcpu_events events;
2813 if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events)))
2816 r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events);
2819 case KVM_GET_DEBUGREGS: {
2820 struct kvm_debugregs dbgregs;
2822 kvm_vcpu_ioctl_x86_get_debugregs(vcpu, &dbgregs);
2825 if (copy_to_user(argp, &dbgregs,
2826 sizeof(struct kvm_debugregs)))
2831 case KVM_SET_DEBUGREGS: {
2832 struct kvm_debugregs dbgregs;
2835 if (copy_from_user(&dbgregs, argp,
2836 sizeof(struct kvm_debugregs)))
2839 r = kvm_vcpu_ioctl_x86_set_debugregs(vcpu, &dbgregs);
2842 case KVM_GET_XSAVE: {
2843 u.xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL);
2848 kvm_vcpu_ioctl_x86_get_xsave(vcpu, u.xsave);
2851 if (copy_to_user(argp, u.xsave, sizeof(struct kvm_xsave)))
2856 case KVM_SET_XSAVE: {
2857 u.xsave = memdup_user(argp, sizeof(*u.xsave));
2858 if (IS_ERR(u.xsave)) {
2859 r = PTR_ERR(u.xsave);
2863 r = kvm_vcpu_ioctl_x86_set_xsave(vcpu, u.xsave);
2866 case KVM_GET_XCRS: {
2867 u.xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL);
2872 kvm_vcpu_ioctl_x86_get_xcrs(vcpu, u.xcrs);
2875 if (copy_to_user(argp, u.xcrs,
2876 sizeof(struct kvm_xcrs)))
2881 case KVM_SET_XCRS: {
2882 u.xcrs = memdup_user(argp, sizeof(*u.xcrs));
2883 if (IS_ERR(u.xcrs)) {
2884 r = PTR_ERR(u.xcrs);
2888 r = kvm_vcpu_ioctl_x86_set_xcrs(vcpu, u.xcrs);
2891 case KVM_SET_TSC_KHZ: {
2895 user_tsc_khz = (u32)arg;
2897 if (user_tsc_khz >= kvm_max_guest_tsc_khz)
2900 if (user_tsc_khz == 0)
2901 user_tsc_khz = tsc_khz;
2903 kvm_set_tsc_khz(vcpu, user_tsc_khz);
2908 case KVM_GET_TSC_KHZ: {
2909 r = vcpu->arch.virtual_tsc_khz;
2912 case KVM_KVMCLOCK_CTRL: {
2913 r = kvm_set_guest_paused(vcpu);
2924 int kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf)
2926 return VM_FAULT_SIGBUS;
2929 static int kvm_vm_ioctl_set_tss_addr(struct kvm *kvm, unsigned long addr)
2933 if (addr > (unsigned int)(-3 * PAGE_SIZE))
2935 ret = kvm_x86_ops->set_tss_addr(kvm, addr);
2939 static int kvm_vm_ioctl_set_identity_map_addr(struct kvm *kvm,
2942 kvm->arch.ept_identity_map_addr = ident_addr;
2946 static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm,
2947 u32 kvm_nr_mmu_pages)
2949 if (kvm_nr_mmu_pages < KVM_MIN_ALLOC_MMU_PAGES)
2952 mutex_lock(&kvm->slots_lock);
2953 spin_lock(&kvm->mmu_lock);
2955 kvm_mmu_change_mmu_pages(kvm, kvm_nr_mmu_pages);
2956 kvm->arch.n_requested_mmu_pages = kvm_nr_mmu_pages;
2958 spin_unlock(&kvm->mmu_lock);
2959 mutex_unlock(&kvm->slots_lock);
2963 static int kvm_vm_ioctl_get_nr_mmu_pages(struct kvm *kvm)
2965 return kvm->arch.n_max_mmu_pages;
2968 static int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
2973 switch (chip->chip_id) {
2974 case KVM_IRQCHIP_PIC_MASTER:
2975 memcpy(&chip->chip.pic,
2976 &pic_irqchip(kvm)->pics[0],
2977 sizeof(struct kvm_pic_state));
2979 case KVM_IRQCHIP_PIC_SLAVE:
2980 memcpy(&chip->chip.pic,
2981 &pic_irqchip(kvm)->pics[1],
2982 sizeof(struct kvm_pic_state));
2984 case KVM_IRQCHIP_IOAPIC:
2985 r = kvm_get_ioapic(kvm, &chip->chip.ioapic);
2994 static int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
2999 switch (chip->chip_id) {
3000 case KVM_IRQCHIP_PIC_MASTER:
3001 spin_lock(&pic_irqchip(kvm)->lock);
3002 memcpy(&pic_irqchip(kvm)->pics[0],
3004 sizeof(struct kvm_pic_state));
3005 spin_unlock(&pic_irqchip(kvm)->lock);
3007 case KVM_IRQCHIP_PIC_SLAVE:
3008 spin_lock(&pic_irqchip(kvm)->lock);
3009 memcpy(&pic_irqchip(kvm)->pics[1],
3011 sizeof(struct kvm_pic_state));
3012 spin_unlock(&pic_irqchip(kvm)->lock);
3014 case KVM_IRQCHIP_IOAPIC:
3015 r = kvm_set_ioapic(kvm, &chip->chip.ioapic);
3021 kvm_pic_update_irq(pic_irqchip(kvm));
3025 static int kvm_vm_ioctl_get_pit(struct kvm *kvm, struct kvm_pit_state *ps)
3029 mutex_lock(&kvm->arch.vpit->pit_state.lock);
3030 memcpy(ps, &kvm->arch.vpit->pit_state, sizeof(struct kvm_pit_state));
3031 mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3035 static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps)
3039 mutex_lock(&kvm->arch.vpit->pit_state.lock);
3040 memcpy(&kvm->arch.vpit->pit_state, ps, sizeof(struct kvm_pit_state));
3041 kvm_pit_load_count(kvm, 0, ps->channels[0].count, 0);
3042 mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3046 static int kvm_vm_ioctl_get_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
3050 mutex_lock(&kvm->arch.vpit->pit_state.lock);
3051 memcpy(ps->channels, &kvm->arch.vpit->pit_state.channels,
3052 sizeof(ps->channels));
3053 ps->flags = kvm->arch.vpit->pit_state.flags;
3054 mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3055 memset(&ps->reserved, 0, sizeof(ps->reserved));
3059 static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
3061 int r = 0, start = 0;
3062 u32 prev_legacy, cur_legacy;
3063 mutex_lock(&kvm->arch.vpit->pit_state.lock);
3064 prev_legacy = kvm->arch.vpit->pit_state.flags & KVM_PIT_FLAGS_HPET_LEGACY;
3065 cur_legacy = ps->flags & KVM_PIT_FLAGS_HPET_LEGACY;
3066 if (!prev_legacy && cur_legacy)
3068 memcpy(&kvm->arch.vpit->pit_state.channels, &ps->channels,
3069 sizeof(kvm->arch.vpit->pit_state.channels));
3070 kvm->arch.vpit->pit_state.flags = ps->flags;
3071 kvm_pit_load_count(kvm, 0, kvm->arch.vpit->pit_state.channels[0].count, start);
3072 mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3076 static int kvm_vm_ioctl_reinject(struct kvm *kvm,
3077 struct kvm_reinject_control *control)
3079 if (!kvm->arch.vpit)
3081 mutex_lock(&kvm->arch.vpit->pit_state.lock);
3082 kvm->arch.vpit->pit_state.reinject = control->pit_reinject;
3083 mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3088 * kvm_vm_ioctl_get_dirty_log - get and clear the log of dirty pages in a slot
3089 * @kvm: kvm instance
3090 * @log: slot id and address to which we copy the log
3092 * We need to keep it in mind that VCPU threads can write to the bitmap
3093 * concurrently. So, to avoid losing data, we keep the following order for
3096 * 1. Take a snapshot of the bit and clear it if needed.
3097 * 2. Write protect the corresponding page.
3098 * 3. Flush TLB's if needed.
3099 * 4. Copy the snapshot to the userspace.
3101 * Between 2 and 3, the guest may write to the page using the remaining TLB
3102 * entry. This is not a problem because the page will be reported dirty at
3103 * step 4 using the snapshot taken before and step 3 ensures that successive
3104 * writes will be logged for the next call.
3106 int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
3109 struct kvm_memory_slot *memslot;
3111 unsigned long *dirty_bitmap;
3112 unsigned long *dirty_bitmap_buffer;
3113 bool is_dirty = false;
3115 mutex_lock(&kvm->slots_lock);
3118 if (log->slot >= KVM_MEMORY_SLOTS)
3121 memslot = id_to_memslot(kvm->memslots, log->slot);
3123 dirty_bitmap = memslot->dirty_bitmap;
3128 n = kvm_dirty_bitmap_bytes(memslot);
3130 dirty_bitmap_buffer = dirty_bitmap + n / sizeof(long);
3131 memset(dirty_bitmap_buffer, 0, n);
3133 spin_lock(&kvm->mmu_lock);
3135 for (i = 0; i < n / sizeof(long); i++) {
3139 if (!dirty_bitmap[i])
3144 mask = xchg(&dirty_bitmap[i], 0);
3145 dirty_bitmap_buffer[i] = mask;
3147 offset = i * BITS_PER_LONG;
3148 kvm_mmu_write_protect_pt_masked(kvm, memslot, offset, mask);
3151 kvm_flush_remote_tlbs(kvm);
3153 spin_unlock(&kvm->mmu_lock);
3156 if (copy_to_user(log->dirty_bitmap, dirty_bitmap_buffer, n))
3161 mutex_unlock(&kvm->slots_lock);
3165 int kvm_vm_ioctl_irq_line(struct kvm *kvm, struct kvm_irq_level *irq_event)
3167 if (!irqchip_in_kernel(kvm))
3170 irq_event->status = kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID,
3171 irq_event->irq, irq_event->level);
3175 long kvm_arch_vm_ioctl(struct file *filp,
3176 unsigned int ioctl, unsigned long arg)
3178 struct kvm *kvm = filp->private_data;
3179 void __user *argp = (void __user *)arg;
3182 * This union makes it completely explicit to gcc-3.x
3183 * that these two variables' stack usage should be
3184 * combined, not added together.
3187 struct kvm_pit_state ps;
3188 struct kvm_pit_state2 ps2;
3189 struct kvm_pit_config pit_config;
3193 case KVM_SET_TSS_ADDR:
3194 r = kvm_vm_ioctl_set_tss_addr(kvm, arg);
3198 case KVM_SET_IDENTITY_MAP_ADDR: {
3202 if (copy_from_user(&ident_addr, argp, sizeof ident_addr))
3204 r = kvm_vm_ioctl_set_identity_map_addr(kvm, ident_addr);
3209 case KVM_SET_NR_MMU_PAGES:
3210 r = kvm_vm_ioctl_set_nr_mmu_pages(kvm, arg);
3214 case KVM_GET_NR_MMU_PAGES:
3215 r = kvm_vm_ioctl_get_nr_mmu_pages(kvm);
3217 case KVM_CREATE_IRQCHIP: {
3218 struct kvm_pic *vpic;
3220 mutex_lock(&kvm->lock);
3223 goto create_irqchip_unlock;
3225 if (atomic_read(&kvm->online_vcpus))
3226 goto create_irqchip_unlock;
3228 vpic = kvm_create_pic(kvm);
3230 r = kvm_ioapic_init(kvm);
3232 mutex_lock(&kvm->slots_lock);
3233 kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
3235 kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
3237 kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
3239 mutex_unlock(&kvm->slots_lock);
3241 goto create_irqchip_unlock;
3244 goto create_irqchip_unlock;
3246 kvm->arch.vpic = vpic;
3248 r = kvm_setup_default_irq_routing(kvm);
3250 mutex_lock(&kvm->slots_lock);
3251 mutex_lock(&kvm->irq_lock);
3252 kvm_ioapic_destroy(kvm);
3253 kvm_destroy_pic(kvm);
3254 mutex_unlock(&kvm->irq_lock);
3255 mutex_unlock(&kvm->slots_lock);
3257 create_irqchip_unlock:
3258 mutex_unlock(&kvm->lock);
3261 case KVM_CREATE_PIT:
3262 u.pit_config.flags = KVM_PIT_SPEAKER_DUMMY;
3264 case KVM_CREATE_PIT2:
3266 if (copy_from_user(&u.pit_config, argp,
3267 sizeof(struct kvm_pit_config)))
3270 mutex_lock(&kvm->slots_lock);
3273 goto create_pit_unlock;
3275 kvm->arch.vpit = kvm_create_pit(kvm, u.pit_config.flags);
3279 mutex_unlock(&kvm->slots_lock);
3281 case KVM_GET_IRQCHIP: {
3282 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
3283 struct kvm_irqchip *chip;
3285 chip = memdup_user(argp, sizeof(*chip));
3292 if (!irqchip_in_kernel(kvm))
3293 goto get_irqchip_out;
3294 r = kvm_vm_ioctl_get_irqchip(kvm, chip);
3296 goto get_irqchip_out;
3298 if (copy_to_user(argp, chip, sizeof *chip))
3299 goto get_irqchip_out;
3307 case KVM_SET_IRQCHIP: {
3308 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
3309 struct kvm_irqchip *chip;
3311 chip = memdup_user(argp, sizeof(*chip));
3318 if (!irqchip_in_kernel(kvm))
3319 goto set_irqchip_out;
3320 r = kvm_vm_ioctl_set_irqchip(kvm, chip);
3322 goto set_irqchip_out;
3332 if (copy_from_user(&u.ps, argp, sizeof(struct kvm_pit_state)))
3335 if (!kvm->arch.vpit)
3337 r = kvm_vm_ioctl_get_pit(kvm, &u.ps);
3341 if (copy_to_user(argp, &u.ps, sizeof(struct kvm_pit_state)))
3348 if (copy_from_user(&u.ps, argp, sizeof u.ps))
3351 if (!kvm->arch.vpit)
3353 r = kvm_vm_ioctl_set_pit(kvm, &u.ps);
3359 case KVM_GET_PIT2: {
3361 if (!kvm->arch.vpit)
3363 r = kvm_vm_ioctl_get_pit2(kvm, &u.ps2);
3367 if (copy_to_user(argp, &u.ps2, sizeof(u.ps2)))
3372 case KVM_SET_PIT2: {
3374 if (copy_from_user(&u.ps2, argp, sizeof(u.ps2)))
3377 if (!kvm->arch.vpit)
3379 r = kvm_vm_ioctl_set_pit2(kvm, &u.ps2);
3385 case KVM_REINJECT_CONTROL: {
3386 struct kvm_reinject_control control;
3388 if (copy_from_user(&control, argp, sizeof(control)))
3390 r = kvm_vm_ioctl_reinject(kvm, &control);
3396 case KVM_XEN_HVM_CONFIG: {
3398 if (copy_from_user(&kvm->arch.xen_hvm_config, argp,
3399 sizeof(struct kvm_xen_hvm_config)))
3402 if (kvm->arch.xen_hvm_config.flags)
3407 case KVM_SET_CLOCK: {
3408 struct kvm_clock_data user_ns;
3413 if (copy_from_user(&user_ns, argp, sizeof(user_ns)))
3421 local_irq_disable();
3422 now_ns = get_kernel_ns();
3423 delta = user_ns.clock - now_ns;
3425 kvm->arch.kvmclock_offset = delta;
3428 case KVM_GET_CLOCK: {
3429 struct kvm_clock_data user_ns;
3432 local_irq_disable();
3433 now_ns = get_kernel_ns();
3434 user_ns.clock = kvm->arch.kvmclock_offset + now_ns;
3437 memset(&user_ns.pad, 0, sizeof(user_ns.pad));
3440 if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
3453 static void kvm_init_msr_list(void)
3458 /* skip the first msrs in the list. KVM-specific */
3459 for (i = j = KVM_SAVE_MSRS_BEGIN; i < ARRAY_SIZE(msrs_to_save); i++) {
3460 if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0)
3463 msrs_to_save[j] = msrs_to_save[i];
3466 num_msrs_to_save = j;
3469 static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len,
3477 if (!(vcpu->arch.apic &&
3478 !kvm_iodevice_write(&vcpu->arch.apic->dev, addr, n, v))
3479 && kvm_io_bus_write(vcpu->kvm, KVM_MMIO_BUS, addr, n, v))
3490 static int vcpu_mmio_read(struct kvm_vcpu *vcpu, gpa_t addr, int len, void *v)
3497 if (!(vcpu->arch.apic &&
3498 !kvm_iodevice_read(&vcpu->arch.apic->dev, addr, n, v))
3499 && kvm_io_bus_read(vcpu->kvm, KVM_MMIO_BUS, addr, n, v))
3501 trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, *(u64 *)v);
3511 static void kvm_set_segment(struct kvm_vcpu *vcpu,
3512 struct kvm_segment *var, int seg)
3514 kvm_x86_ops->set_segment(vcpu, var, seg);
3517 void kvm_get_segment(struct kvm_vcpu *vcpu,
3518 struct kvm_segment *var, int seg)
3520 kvm_x86_ops->get_segment(vcpu, var, seg);
3523 gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access)
3526 struct x86_exception exception;
3528 BUG_ON(!mmu_is_nested(vcpu));
3530 /* NPT walks are always user-walks */
3531 access |= PFERR_USER_MASK;
3532 t_gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gpa, access, &exception);
3537 gpa_t kvm_mmu_gva_to_gpa_read(struct kvm_vcpu *vcpu, gva_t gva,
3538 struct x86_exception *exception)
3540 u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3541 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3544 gpa_t kvm_mmu_gva_to_gpa_fetch(struct kvm_vcpu *vcpu, gva_t gva,
3545 struct x86_exception *exception)
3547 u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3548 access |= PFERR_FETCH_MASK;
3549 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3552 gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu, gva_t gva,
3553 struct x86_exception *exception)
3555 u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3556 access |= PFERR_WRITE_MASK;
3557 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3560 /* uses this to access any guest's mapped memory without checking CPL */
3561 gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
3562 struct x86_exception *exception)
3564 return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, 0, exception);
3567 static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
3568 struct kvm_vcpu *vcpu, u32 access,
3569 struct x86_exception *exception)
3572 int r = X86EMUL_CONTINUE;
3575 gpa_t gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr, access,
3577 unsigned offset = addr & (PAGE_SIZE-1);
3578 unsigned toread = min(bytes, (unsigned)PAGE_SIZE - offset);
3581 if (gpa == UNMAPPED_GVA)
3582 return X86EMUL_PROPAGATE_FAULT;
3583 ret = kvm_read_guest(vcpu->kvm, gpa, data, toread);
3585 r = X86EMUL_IO_NEEDED;
3597 /* used for instruction fetching */
3598 static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
3599 gva_t addr, void *val, unsigned int bytes,
3600 struct x86_exception *exception)
3602 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3603 u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3605 return kvm_read_guest_virt_helper(addr, val, bytes, vcpu,
3606 access | PFERR_FETCH_MASK,
3610 int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt,
3611 gva_t addr, void *val, unsigned int bytes,
3612 struct x86_exception *exception)
3614 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3615 u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3617 return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,
3620 EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
3622 static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
3623 gva_t addr, void *val, unsigned int bytes,
3624 struct x86_exception *exception)
3626 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3627 return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, 0, exception);
3630 int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
3631 gva_t addr, void *val,
3633 struct x86_exception *exception)
3635 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3637 int r = X86EMUL_CONTINUE;
3640 gpa_t gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr,
3643 unsigned offset = addr & (PAGE_SIZE-1);
3644 unsigned towrite = min(bytes, (unsigned)PAGE_SIZE - offset);
3647 if (gpa == UNMAPPED_GVA)
3648 return X86EMUL_PROPAGATE_FAULT;
3649 ret = kvm_write_guest(vcpu->kvm, gpa, data, towrite);
3651 r = X86EMUL_IO_NEEDED;
3662 EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system);
3664 static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
3665 gpa_t *gpa, struct x86_exception *exception,
3668 u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3670 if (vcpu_match_mmio_gva(vcpu, gva) &&
3671 check_write_user_access(vcpu, write, access,
3672 vcpu->arch.access)) {
3673 *gpa = vcpu->arch.mmio_gfn << PAGE_SHIFT |
3674 (gva & (PAGE_SIZE - 1));
3675 trace_vcpu_match_mmio(gva, *gpa, write, false);
3680 access |= PFERR_WRITE_MASK;
3682 *gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3684 if (*gpa == UNMAPPED_GVA)
3687 /* For APIC access vmexit */
3688 if ((*gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE)
3691 if (vcpu_match_mmio_gpa(vcpu, *gpa)) {
3692 trace_vcpu_match_mmio(gva, *gpa, write, true);
3699 int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
3700 const void *val, int bytes)
3704 ret = kvm_write_guest(vcpu->kvm, gpa, val, bytes);
3707 kvm_mmu_pte_write(vcpu, gpa, val, bytes);
3711 struct read_write_emulator_ops {
3712 int (*read_write_prepare)(struct kvm_vcpu *vcpu, void *val,
3714 int (*read_write_emulate)(struct kvm_vcpu *vcpu, gpa_t gpa,
3715 void *val, int bytes);
3716 int (*read_write_mmio)(struct kvm_vcpu *vcpu, gpa_t gpa,
3717 int bytes, void *val);
3718 int (*read_write_exit_mmio)(struct kvm_vcpu *vcpu, gpa_t gpa,
3719 void *val, int bytes);
3723 static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes)
3725 if (vcpu->mmio_read_completed) {
3726 trace_kvm_mmio(KVM_TRACE_MMIO_READ, bytes,
3727 vcpu->mmio_fragments[0].gpa, *(u64 *)val);
3728 vcpu->mmio_read_completed = 0;
3735 static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
3736 void *val, int bytes)
3738 return !kvm_read_guest(vcpu->kvm, gpa, val, bytes);
3741 static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
3742 void *val, int bytes)
3744 return emulator_write_phys(vcpu, gpa, val, bytes);
3747 static int write_mmio(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes, void *val)
3749 trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, *(u64 *)val);
3750 return vcpu_mmio_write(vcpu, gpa, bytes, val);
3753 static int read_exit_mmio(struct kvm_vcpu *vcpu, gpa_t gpa,
3754 void *val, int bytes)
3756 trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, 0);
3757 return X86EMUL_IO_NEEDED;
3760 static int write_exit_mmio(struct kvm_vcpu *vcpu, gpa_t gpa,
3761 void *val, int bytes)
3763 struct kvm_mmio_fragment *frag = &vcpu->mmio_fragments[0];
3765 memcpy(vcpu->run->mmio.data, frag->data, frag->len);
3766 return X86EMUL_CONTINUE;
3769 static struct read_write_emulator_ops read_emultor = {
3770 .read_write_prepare = read_prepare,
3771 .read_write_emulate = read_emulate,
3772 .read_write_mmio = vcpu_mmio_read,
3773 .read_write_exit_mmio = read_exit_mmio,
3776 static struct read_write_emulator_ops write_emultor = {
3777 .read_write_emulate = write_emulate,
3778 .read_write_mmio = write_mmio,
3779 .read_write_exit_mmio = write_exit_mmio,
3783 static int emulator_read_write_onepage(unsigned long addr, void *val,
3785 struct x86_exception *exception,
3786 struct kvm_vcpu *vcpu,
3787 struct read_write_emulator_ops *ops)
3791 bool write = ops->write;
3792 struct kvm_mmio_fragment *frag;
3794 ret = vcpu_mmio_gva_to_gpa(vcpu, addr, &gpa, exception, write);
3797 return X86EMUL_PROPAGATE_FAULT;
3799 /* For APIC access vmexit */
3803 if (ops->read_write_emulate(vcpu, gpa, val, bytes))
3804 return X86EMUL_CONTINUE;
3808 * Is this MMIO handled locally?
3810 handled = ops->read_write_mmio(vcpu, gpa, bytes, val);
3811 if (handled == bytes)
3812 return X86EMUL_CONTINUE;
3819 unsigned now = min(bytes, 8U);
3821 frag = &vcpu->mmio_fragments[vcpu->mmio_nr_fragments++];
3830 return X86EMUL_CONTINUE;
3833 int emulator_read_write(struct x86_emulate_ctxt *ctxt, unsigned long addr,
3834 void *val, unsigned int bytes,
3835 struct x86_exception *exception,
3836 struct read_write_emulator_ops *ops)
3838 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3842 if (ops->read_write_prepare &&
3843 ops->read_write_prepare(vcpu, val, bytes))
3844 return X86EMUL_CONTINUE;
3846 vcpu->mmio_nr_fragments = 0;
3848 /* Crossing a page boundary? */
3849 if (((addr + bytes - 1) ^ addr) & PAGE_MASK) {
3852 now = -addr & ~PAGE_MASK;
3853 rc = emulator_read_write_onepage(addr, val, now, exception,
3856 if (rc != X86EMUL_CONTINUE)
3863 rc = emulator_read_write_onepage(addr, val, bytes, exception,
3865 if (rc != X86EMUL_CONTINUE)
3868 if (!vcpu->mmio_nr_fragments)
3871 gpa = vcpu->mmio_fragments[0].gpa;
3873 vcpu->mmio_needed = 1;
3874 vcpu->mmio_cur_fragment = 0;
3876 vcpu->run->mmio.len = vcpu->mmio_fragments[0].len;
3877 vcpu->run->mmio.is_write = vcpu->mmio_is_write = ops->write;
3878 vcpu->run->exit_reason = KVM_EXIT_MMIO;
3879 vcpu->run->mmio.phys_addr = gpa;
3881 return ops->read_write_exit_mmio(vcpu, gpa, val, bytes);
3884 static int emulator_read_emulated(struct x86_emulate_ctxt *ctxt,
3888 struct x86_exception *exception)
3890 return emulator_read_write(ctxt, addr, val, bytes,
3891 exception, &read_emultor);
3894 int emulator_write_emulated(struct x86_emulate_ctxt *ctxt,
3898 struct x86_exception *exception)
3900 return emulator_read_write(ctxt, addr, (void *)val, bytes,
3901 exception, &write_emultor);
3904 #define CMPXCHG_TYPE(t, ptr, old, new) \
3905 (cmpxchg((t *)(ptr), *(t *)(old), *(t *)(new)) == *(t *)(old))
3907 #ifdef CONFIG_X86_64
3908 # define CMPXCHG64(ptr, old, new) CMPXCHG_TYPE(u64, ptr, old, new)
3910 # define CMPXCHG64(ptr, old, new) \
3911 (cmpxchg64((u64 *)(ptr), *(u64 *)(old), *(u64 *)(new)) == *(u64 *)(old))
3914 static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
3919 struct x86_exception *exception)
3921 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3927 /* guests cmpxchg8b have to be emulated atomically */
3928 if (bytes > 8 || (bytes & (bytes - 1)))
3931 gpa = kvm_mmu_gva_to_gpa_write(vcpu, addr, NULL);
3933 if (gpa == UNMAPPED_GVA ||
3934 (gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE)
3937 if (((gpa + bytes - 1) & PAGE_MASK) != (gpa & PAGE_MASK))
3940 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
3941 if (is_error_page(page))
3944 kaddr = kmap_atomic(page);
3945 kaddr += offset_in_page(gpa);
3948 exchanged = CMPXCHG_TYPE(u8, kaddr, old, new);
3951 exchanged = CMPXCHG_TYPE(u16, kaddr, old, new);
3954 exchanged = CMPXCHG_TYPE(u32, kaddr, old, new);
3957 exchanged = CMPXCHG64(kaddr, old, new);
3962 kunmap_atomic(kaddr);
3963 kvm_release_page_dirty(page);
3966 return X86EMUL_CMPXCHG_FAILED;
3968 kvm_mmu_pte_write(vcpu, gpa, new, bytes);
3970 return X86EMUL_CONTINUE;
3973 printk_once(KERN_WARNING "kvm: emulating exchange as write\n");
3975 return emulator_write_emulated(ctxt, addr, new, bytes, exception);
3978 static int kernel_pio(struct kvm_vcpu *vcpu, void *pd)
3980 /* TODO: String I/O for in kernel device */
3983 if (vcpu->arch.pio.in)
3984 r = kvm_io_bus_read(vcpu->kvm, KVM_PIO_BUS, vcpu->arch.pio.port,
3985 vcpu->arch.pio.size, pd);
3987 r = kvm_io_bus_write(vcpu->kvm, KVM_PIO_BUS,
3988 vcpu->arch.pio.port, vcpu->arch.pio.size,
3993 static int emulator_pio_in_out(struct kvm_vcpu *vcpu, int size,
3994 unsigned short port, void *val,
3995 unsigned int count, bool in)
3997 trace_kvm_pio(!in, port, size, count);
3999 vcpu->arch.pio.port = port;
4000 vcpu->arch.pio.in = in;
4001 vcpu->arch.pio.count = count;
4002 vcpu->arch.pio.size = size;
4004 if (!kernel_pio(vcpu, vcpu->arch.pio_data)) {
4005 vcpu->arch.pio.count = 0;
4009 vcpu->run->exit_reason = KVM_EXIT_IO;
4010 vcpu->run->io.direction = in ? KVM_EXIT_IO_IN : KVM_EXIT_IO_OUT;
4011 vcpu->run->io.size = size;
4012 vcpu->run->io.data_offset = KVM_PIO_PAGE_OFFSET * PAGE_SIZE;
4013 vcpu->run->io.count = count;
4014 vcpu->run->io.port = port;
4019 static int emulator_pio_in_emulated(struct x86_emulate_ctxt *ctxt,
4020 int size, unsigned short port, void *val,
4023 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4026 if (vcpu->arch.pio.count)
4029 ret = emulator_pio_in_out(vcpu, size, port, val, count, true);
4032 memcpy(val, vcpu->arch.pio_data, size * count);
4033 vcpu->arch.pio.count = 0;
4040 static int emulator_pio_out_emulated(struct x86_emulate_ctxt *ctxt,
4041 int size, unsigned short port,
4042 const void *val, unsigned int count)
4044 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4046 memcpy(vcpu->arch.pio_data, val, size * count);
4047 return emulator_pio_in_out(vcpu, size, port, (void *)val, count, false);
4050 static unsigned long get_segment_base(struct kvm_vcpu *vcpu, int seg)
4052 return kvm_x86_ops->get_segment_base(vcpu, seg);
4055 static void emulator_invlpg(struct x86_emulate_ctxt *ctxt, ulong address)
4057 kvm_mmu_invlpg(emul_to_vcpu(ctxt), address);
4060 int kvm_emulate_wbinvd(struct kvm_vcpu *vcpu)
4062 if (!need_emulate_wbinvd(vcpu))
4063 return X86EMUL_CONTINUE;
4065 if (kvm_x86_ops->has_wbinvd_exit()) {
4066 int cpu = get_cpu();
4068 cpumask_set_cpu(cpu, vcpu->arch.wbinvd_dirty_mask);
4069 smp_call_function_many(vcpu->arch.wbinvd_dirty_mask,
4070 wbinvd_ipi, NULL, 1);
4072 cpumask_clear(vcpu->arch.wbinvd_dirty_mask);
4075 return X86EMUL_CONTINUE;
4077 EXPORT_SYMBOL_GPL(kvm_emulate_wbinvd);
4079 static void emulator_wbinvd(struct x86_emulate_ctxt *ctxt)
4081 kvm_emulate_wbinvd(emul_to_vcpu(ctxt));
4084 int emulator_get_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long *dest)
4086 return _kvm_get_dr(emul_to_vcpu(ctxt), dr, dest);
4089 int emulator_set_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long value)
4092 return __kvm_set_dr(emul_to_vcpu(ctxt), dr, value);
4095 static u64 mk_cr_64(u64 curr_cr, u32 new_val)
4097 return (curr_cr & ~((1ULL << 32) - 1)) | new_val;
4100 static unsigned long emulator_get_cr(struct x86_emulate_ctxt *ctxt, int cr)
4102 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4103 unsigned long value;
4107 value = kvm_read_cr0(vcpu);
4110 value = vcpu->arch.cr2;
4113 value = kvm_read_cr3(vcpu);
4116 value = kvm_read_cr4(vcpu);
4119 value = kvm_get_cr8(vcpu);
4122 kvm_err("%s: unexpected cr %u\n", __func__, cr);
4129 static int emulator_set_cr(struct x86_emulate_ctxt *ctxt, int cr, ulong val)
4131 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4136 res = kvm_set_cr0(vcpu, mk_cr_64(kvm_read_cr0(vcpu), val));
4139 vcpu->arch.cr2 = val;
4142 res = kvm_set_cr3(vcpu, val);
4145 res = kvm_set_cr4(vcpu, mk_cr_64(kvm_read_cr4(vcpu), val));
4148 res = kvm_set_cr8(vcpu, val);
4151 kvm_err("%s: unexpected cr %u\n", __func__, cr);
4158 static void emulator_set_rflags(struct x86_emulate_ctxt *ctxt, ulong val)
4160 kvm_set_rflags(emul_to_vcpu(ctxt), val);
4163 static int emulator_get_cpl(struct x86_emulate_ctxt *ctxt)
4165 return kvm_x86_ops->get_cpl(emul_to_vcpu(ctxt));
4168 static void emulator_get_gdt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4170 kvm_x86_ops->get_gdt(emul_to_vcpu(ctxt), dt);
4173 static void emulator_get_idt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4175 kvm_x86_ops->get_idt(emul_to_vcpu(ctxt), dt);
4178 static void emulator_set_gdt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4180 kvm_x86_ops->set_gdt(emul_to_vcpu(ctxt), dt);
4183 static void emulator_set_idt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4185 kvm_x86_ops->set_idt(emul_to_vcpu(ctxt), dt);
4188 static unsigned long emulator_get_cached_segment_base(
4189 struct x86_emulate_ctxt *ctxt, int seg)
4191 return get_segment_base(emul_to_vcpu(ctxt), seg);
4194 static bool emulator_get_segment(struct x86_emulate_ctxt *ctxt, u16 *selector,
4195 struct desc_struct *desc, u32 *base3,
4198 struct kvm_segment var;
4200 kvm_get_segment(emul_to_vcpu(ctxt), &var, seg);
4201 *selector = var.selector;
4208 set_desc_limit(desc, var.limit);
4209 set_desc_base(desc, (unsigned long)var.base);
4210 #ifdef CONFIG_X86_64
4212 *base3 = var.base >> 32;
4214 desc->type = var.type;
4216 desc->dpl = var.dpl;
4217 desc->p = var.present;
4218 desc->avl = var.avl;
4226 static void emulator_set_segment(struct x86_emulate_ctxt *ctxt, u16 selector,
4227 struct desc_struct *desc, u32 base3,
4230 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4231 struct kvm_segment var;
4233 var.selector = selector;
4234 var.base = get_desc_base(desc);
4235 #ifdef CONFIG_X86_64
4236 var.base |= ((u64)base3) << 32;
4238 var.limit = get_desc_limit(desc);
4240 var.limit = (var.limit << 12) | 0xfff;
4241 var.type = desc->type;
4242 var.present = desc->p;
4243 var.dpl = desc->dpl;
4248 var.avl = desc->avl;
4249 var.present = desc->p;
4250 var.unusable = !var.present;
4253 kvm_set_segment(vcpu, &var, seg);
4257 static int emulator_get_msr(struct x86_emulate_ctxt *ctxt,
4258 u32 msr_index, u64 *pdata)
4260 return kvm_get_msr(emul_to_vcpu(ctxt), msr_index, pdata);
4263 static int emulator_set_msr(struct x86_emulate_ctxt *ctxt,
4264 u32 msr_index, u64 data)
4266 return kvm_set_msr(emul_to_vcpu(ctxt), msr_index, data);
4269 static int emulator_read_pmc(struct x86_emulate_ctxt *ctxt,
4270 u32 pmc, u64 *pdata)
4272 return kvm_pmu_read_pmc(emul_to_vcpu(ctxt), pmc, pdata);
4275 static void emulator_halt(struct x86_emulate_ctxt *ctxt)
4277 emul_to_vcpu(ctxt)->arch.halt_request = 1;
4280 static void emulator_get_fpu(struct x86_emulate_ctxt *ctxt)
4283 kvm_load_guest_fpu(emul_to_vcpu(ctxt));
4285 * CR0.TS may reference the host fpu state, not the guest fpu state,
4286 * so it may be clear at this point.
4291 static void emulator_put_fpu(struct x86_emulate_ctxt *ctxt)
4296 static int emulator_intercept(struct x86_emulate_ctxt *ctxt,
4297 struct x86_instruction_info *info,
4298 enum x86_intercept_stage stage)
4300 return kvm_x86_ops->check_intercept(emul_to_vcpu(ctxt), info, stage);
4303 static void emulator_get_cpuid(struct x86_emulate_ctxt *ctxt,
4304 u32 *eax, u32 *ebx, u32 *ecx, u32 *edx)
4306 kvm_cpuid(emul_to_vcpu(ctxt), eax, ebx, ecx, edx);
4309 static struct x86_emulate_ops emulate_ops = {
4310 .read_std = kvm_read_guest_virt_system,
4311 .write_std = kvm_write_guest_virt_system,
4312 .fetch = kvm_fetch_guest_virt,
4313 .read_emulated = emulator_read_emulated,
4314 .write_emulated = emulator_write_emulated,
4315 .cmpxchg_emulated = emulator_cmpxchg_emulated,
4316 .invlpg = emulator_invlpg,
4317 .pio_in_emulated = emulator_pio_in_emulated,
4318 .pio_out_emulated = emulator_pio_out_emulated,
4319 .get_segment = emulator_get_segment,
4320 .set_segment = emulator_set_segment,
4321 .get_cached_segment_base = emulator_get_cached_segment_base,
4322 .get_gdt = emulator_get_gdt,
4323 .get_idt = emulator_get_idt,
4324 .set_gdt = emulator_set_gdt,
4325 .set_idt = emulator_set_idt,
4326 .get_cr = emulator_get_cr,
4327 .set_cr = emulator_set_cr,
4328 .set_rflags = emulator_set_rflags,
4329 .cpl = emulator_get_cpl,
4330 .get_dr = emulator_get_dr,
4331 .set_dr = emulator_set_dr,
4332 .set_msr = emulator_set_msr,
4333 .get_msr = emulator_get_msr,
4334 .read_pmc = emulator_read_pmc,
4335 .halt = emulator_halt,
4336 .wbinvd = emulator_wbinvd,
4337 .fix_hypercall = emulator_fix_hypercall,
4338 .get_fpu = emulator_get_fpu,
4339 .put_fpu = emulator_put_fpu,
4340 .intercept = emulator_intercept,
4341 .get_cpuid = emulator_get_cpuid,
4344 static void cache_all_regs(struct kvm_vcpu *vcpu)
4346 kvm_register_read(vcpu, VCPU_REGS_RAX);
4347 kvm_register_read(vcpu, VCPU_REGS_RSP);
4348 kvm_register_read(vcpu, VCPU_REGS_RIP);
4349 vcpu->arch.regs_dirty = ~0;
4352 static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask)
4354 u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(vcpu, mask);
4356 * an sti; sti; sequence only disable interrupts for the first
4357 * instruction. So, if the last instruction, be it emulated or
4358 * not, left the system with the INT_STI flag enabled, it
4359 * means that the last instruction is an sti. We should not
4360 * leave the flag on in this case. The same goes for mov ss
4362 if (!(int_shadow & mask))
4363 kvm_x86_ops->set_interrupt_shadow(vcpu, mask);
4366 static void inject_emulated_exception(struct kvm_vcpu *vcpu)
4368 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4369 if (ctxt->exception.vector == PF_VECTOR)
4370 kvm_propagate_fault(vcpu, &ctxt->exception);
4371 else if (ctxt->exception.error_code_valid)
4372 kvm_queue_exception_e(vcpu, ctxt->exception.vector,
4373 ctxt->exception.error_code);
4375 kvm_queue_exception(vcpu, ctxt->exception.vector);
4378 static void init_decode_cache(struct x86_emulate_ctxt *ctxt,
4379 const unsigned long *regs)
4381 memset(&ctxt->twobyte, 0,
4382 (void *)&ctxt->regs - (void *)&ctxt->twobyte);
4383 memcpy(ctxt->regs, regs, sizeof(ctxt->regs));
4385 ctxt->fetch.start = 0;
4386 ctxt->fetch.end = 0;
4387 ctxt->io_read.pos = 0;
4388 ctxt->io_read.end = 0;
4389 ctxt->mem_read.pos = 0;
4390 ctxt->mem_read.end = 0;
4393 static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
4395 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4399 * TODO: fix emulate.c to use guest_read/write_register
4400 * instead of direct ->regs accesses, can save hundred cycles
4401 * on Intel for instructions that don't read/change RSP, for
4404 cache_all_regs(vcpu);
4406 kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
4408 ctxt->eflags = kvm_get_rflags(vcpu);
4409 ctxt->eip = kvm_rip_read(vcpu);
4410 ctxt->mode = (!is_protmode(vcpu)) ? X86EMUL_MODE_REAL :
4411 (ctxt->eflags & X86_EFLAGS_VM) ? X86EMUL_MODE_VM86 :
4412 cs_l ? X86EMUL_MODE_PROT64 :
4413 cs_db ? X86EMUL_MODE_PROT32 :
4414 X86EMUL_MODE_PROT16;
4415 ctxt->guest_mode = is_guest_mode(vcpu);
4417 init_decode_cache(ctxt, vcpu->arch.regs);
4418 vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
4421 int kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
4423 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4426 init_emulate_ctxt(vcpu);
4430 ctxt->_eip = ctxt->eip + inc_eip;
4431 ret = emulate_int_real(ctxt, irq);
4433 if (ret != X86EMUL_CONTINUE)
4434 return EMULATE_FAIL;
4436 ctxt->eip = ctxt->_eip;
4437 memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
4438 kvm_rip_write(vcpu, ctxt->eip);
4439 kvm_set_rflags(vcpu, ctxt->eflags);
4441 if (irq == NMI_VECTOR)
4442 vcpu->arch.nmi_pending = 0;
4444 vcpu->arch.interrupt.pending = false;
4446 return EMULATE_DONE;
4448 EXPORT_SYMBOL_GPL(kvm_inject_realmode_interrupt);
4450 static int handle_emulation_failure(struct kvm_vcpu *vcpu)
4452 int r = EMULATE_DONE;
4454 ++vcpu->stat.insn_emulation_fail;
4455 trace_kvm_emulate_insn_failed(vcpu);
4456 if (!is_guest_mode(vcpu)) {
4457 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
4458 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
4459 vcpu->run->internal.ndata = 0;
4462 kvm_queue_exception(vcpu, UD_VECTOR);
4467 static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t gva)
4475 * if emulation was due to access to shadowed page table
4476 * and it failed try to unshadow page and re-enter the
4477 * guest to let CPU execute the instruction.
4479 if (kvm_mmu_unprotect_page_virt(vcpu, gva))
4482 gpa = kvm_mmu_gva_to_gpa_system(vcpu, gva, NULL);
4484 if (gpa == UNMAPPED_GVA)
4485 return true; /* let cpu generate fault */
4487 if (!kvm_is_error_hva(gfn_to_hva(vcpu->kvm, gpa >> PAGE_SHIFT)))
4493 static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
4494 unsigned long cr2, int emulation_type)
4496 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4497 unsigned long last_retry_eip, last_retry_addr, gpa = cr2;
4499 last_retry_eip = vcpu->arch.last_retry_eip;
4500 last_retry_addr = vcpu->arch.last_retry_addr;
4503 * If the emulation is caused by #PF and it is non-page_table
4504 * writing instruction, it means the VM-EXIT is caused by shadow
4505 * page protected, we can zap the shadow page and retry this
4506 * instruction directly.
4508 * Note: if the guest uses a non-page-table modifying instruction
4509 * on the PDE that points to the instruction, then we will unmap
4510 * the instruction and go to an infinite loop. So, we cache the
4511 * last retried eip and the last fault address, if we meet the eip
4512 * and the address again, we can break out of the potential infinite
4515 vcpu->arch.last_retry_eip = vcpu->arch.last_retry_addr = 0;
4517 if (!(emulation_type & EMULTYPE_RETRY))
4520 if (x86_page_table_writing_insn(ctxt))
4523 if (ctxt->eip == last_retry_eip && last_retry_addr == cr2)
4526 vcpu->arch.last_retry_eip = ctxt->eip;
4527 vcpu->arch.last_retry_addr = cr2;
4529 if (!vcpu->arch.mmu.direct_map)
4530 gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL);
4532 kvm_mmu_unprotect_page(vcpu->kvm, gpa >> PAGE_SHIFT);
4537 int x86_emulate_instruction(struct kvm_vcpu *vcpu,
4544 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4545 bool writeback = true;
4547 kvm_clear_exception_queue(vcpu);
4549 if (!(emulation_type & EMULTYPE_NO_DECODE)) {
4550 init_emulate_ctxt(vcpu);
4551 ctxt->interruptibility = 0;
4552 ctxt->have_exception = false;
4553 ctxt->perm_ok = false;
4555 ctxt->only_vendor_specific_insn
4556 = emulation_type & EMULTYPE_TRAP_UD;
4558 r = x86_decode_insn(ctxt, insn, insn_len);
4560 trace_kvm_emulate_insn_start(vcpu);
4561 ++vcpu->stat.insn_emulation;
4562 if (r != EMULATION_OK) {
4563 if (emulation_type & EMULTYPE_TRAP_UD)
4564 return EMULATE_FAIL;
4565 if (reexecute_instruction(vcpu, cr2))
4566 return EMULATE_DONE;
4567 if (emulation_type & EMULTYPE_SKIP)
4568 return EMULATE_FAIL;
4569 return handle_emulation_failure(vcpu);
4573 if (emulation_type & EMULTYPE_SKIP) {
4574 kvm_rip_write(vcpu, ctxt->_eip);
4575 return EMULATE_DONE;
4578 if (retry_instruction(ctxt, cr2, emulation_type))
4579 return EMULATE_DONE;
4581 /* this is needed for vmware backdoor interface to work since it
4582 changes registers values during IO operation */
4583 if (vcpu->arch.emulate_regs_need_sync_from_vcpu) {
4584 vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
4585 memcpy(ctxt->regs, vcpu->arch.regs, sizeof ctxt->regs);
4589 r = x86_emulate_insn(ctxt);
4591 if (r == EMULATION_INTERCEPTED)
4592 return EMULATE_DONE;
4594 if (r == EMULATION_FAILED) {
4595 if (reexecute_instruction(vcpu, cr2))
4596 return EMULATE_DONE;
4598 return handle_emulation_failure(vcpu);
4601 if (ctxt->have_exception) {
4602 inject_emulated_exception(vcpu);
4604 } else if (vcpu->arch.pio.count) {
4605 if (!vcpu->arch.pio.in)
4606 vcpu->arch.pio.count = 0;
4609 r = EMULATE_DO_MMIO;
4610 } else if (vcpu->mmio_needed) {
4611 if (!vcpu->mmio_is_write)
4613 r = EMULATE_DO_MMIO;
4614 } else if (r == EMULATION_RESTART)
4620 toggle_interruptibility(vcpu, ctxt->interruptibility);
4621 kvm_set_rflags(vcpu, ctxt->eflags);
4622 kvm_make_request(KVM_REQ_EVENT, vcpu);
4623 memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
4624 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
4625 kvm_rip_write(vcpu, ctxt->eip);
4627 vcpu->arch.emulate_regs_need_sync_to_vcpu = true;
4631 EXPORT_SYMBOL_GPL(x86_emulate_instruction);
4633 int kvm_fast_pio_out(struct kvm_vcpu *vcpu, int size, unsigned short port)
4635 unsigned long val = kvm_register_read(vcpu, VCPU_REGS_RAX);
4636 int ret = emulator_pio_out_emulated(&vcpu->arch.emulate_ctxt,
4637 size, port, &val, 1);
4638 /* do not return to emulator after return from userspace */
4639 vcpu->arch.pio.count = 0;
4642 EXPORT_SYMBOL_GPL(kvm_fast_pio_out);
4644 static void tsc_bad(void *info)
4646 __this_cpu_write(cpu_tsc_khz, 0);
4649 static void tsc_khz_changed(void *data)
4651 struct cpufreq_freqs *freq = data;
4652 unsigned long khz = 0;
4656 else if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
4657 khz = cpufreq_quick_get(raw_smp_processor_id());
4660 __this_cpu_write(cpu_tsc_khz, khz);
4663 static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
4666 struct cpufreq_freqs *freq = data;
4668 struct kvm_vcpu *vcpu;
4669 int i, send_ipi = 0;
4672 * We allow guests to temporarily run on slowing clocks,
4673 * provided we notify them after, or to run on accelerating
4674 * clocks, provided we notify them before. Thus time never
4677 * However, we have a problem. We can't atomically update
4678 * the frequency of a given CPU from this function; it is
4679 * merely a notifier, which can be called from any CPU.
4680 * Changing the TSC frequency at arbitrary points in time
4681 * requires a recomputation of local variables related to
4682 * the TSC for each VCPU. We must flag these local variables
4683 * to be updated and be sure the update takes place with the
4684 * new frequency before any guests proceed.
4686 * Unfortunately, the combination of hotplug CPU and frequency
4687 * change creates an intractable locking scenario; the order
4688 * of when these callouts happen is undefined with respect to
4689 * CPU hotplug, and they can race with each other. As such,
4690 * merely setting per_cpu(cpu_tsc_khz) = X during a hotadd is
4691 * undefined; you can actually have a CPU frequency change take
4692 * place in between the computation of X and the setting of the
4693 * variable. To protect against this problem, all updates of
4694 * the per_cpu tsc_khz variable are done in an interrupt
4695 * protected IPI, and all callers wishing to update the value
4696 * must wait for a synchronous IPI to complete (which is trivial
4697 * if the caller is on the CPU already). This establishes the
4698 * necessary total order on variable updates.
4700 * Note that because a guest time update may take place
4701 * anytime after the setting of the VCPU's request bit, the
4702 * correct TSC value must be set before the request. However,
4703 * to ensure the update actually makes it to any guest which
4704 * starts running in hardware virtualization between the set
4705 * and the acquisition of the spinlock, we must also ping the
4706 * CPU after setting the request bit.
4710 if (val == CPUFREQ_PRECHANGE && freq->old > freq->new)
4712 if (val == CPUFREQ_POSTCHANGE && freq->old < freq->new)
4715 smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
4717 raw_spin_lock(&kvm_lock);
4718 list_for_each_entry(kvm, &vm_list, vm_list) {
4719 kvm_for_each_vcpu(i, vcpu, kvm) {
4720 if (vcpu->cpu != freq->cpu)
4722 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
4723 if (vcpu->cpu != smp_processor_id())
4727 raw_spin_unlock(&kvm_lock);
4729 if (freq->old < freq->new && send_ipi) {
4731 * We upscale the frequency. Must make the guest
4732 * doesn't see old kvmclock values while running with
4733 * the new frequency, otherwise we risk the guest sees
4734 * time go backwards.
4736 * In case we update the frequency for another cpu
4737 * (which might be in guest context) send an interrupt
4738 * to kick the cpu out of guest context. Next time
4739 * guest context is entered kvmclock will be updated,
4740 * so the guest will not see stale values.
4742 smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
4747 static struct notifier_block kvmclock_cpufreq_notifier_block = {
4748 .notifier_call = kvmclock_cpufreq_notifier
4751 static int kvmclock_cpu_notifier(struct notifier_block *nfb,
4752 unsigned long action, void *hcpu)
4754 unsigned int cpu = (unsigned long)hcpu;
4758 case CPU_DOWN_FAILED:
4759 smp_call_function_single(cpu, tsc_khz_changed, NULL, 1);
4761 case CPU_DOWN_PREPARE:
4762 smp_call_function_single(cpu, tsc_bad, NULL, 1);
4768 static struct notifier_block kvmclock_cpu_notifier_block = {
4769 .notifier_call = kvmclock_cpu_notifier,
4770 .priority = -INT_MAX
4773 static void kvm_timer_init(void)
4777 max_tsc_khz = tsc_khz;
4778 register_hotcpu_notifier(&kvmclock_cpu_notifier_block);
4779 if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
4780 #ifdef CONFIG_CPU_FREQ
4781 struct cpufreq_policy policy;
4782 memset(&policy, 0, sizeof(policy));
4784 cpufreq_get_policy(&policy, cpu);
4785 if (policy.cpuinfo.max_freq)
4786 max_tsc_khz = policy.cpuinfo.max_freq;
4789 cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
4790 CPUFREQ_TRANSITION_NOTIFIER);
4792 pr_debug("kvm: max_tsc_khz = %ld\n", max_tsc_khz);
4793 for_each_online_cpu(cpu)
4794 smp_call_function_single(cpu, tsc_khz_changed, NULL, 1);
4797 static DEFINE_PER_CPU(struct kvm_vcpu *, current_vcpu);
4799 int kvm_is_in_guest(void)
4801 return __this_cpu_read(current_vcpu) != NULL;
4804 static int kvm_is_user_mode(void)
4808 if (__this_cpu_read(current_vcpu))
4809 user_mode = kvm_x86_ops->get_cpl(__this_cpu_read(current_vcpu));
4811 return user_mode != 0;
4814 static unsigned long kvm_get_guest_ip(void)
4816 unsigned long ip = 0;
4818 if (__this_cpu_read(current_vcpu))
4819 ip = kvm_rip_read(__this_cpu_read(current_vcpu));
4824 static struct perf_guest_info_callbacks kvm_guest_cbs = {
4825 .is_in_guest = kvm_is_in_guest,
4826 .is_user_mode = kvm_is_user_mode,
4827 .get_guest_ip = kvm_get_guest_ip,
4830 void kvm_before_handle_nmi(struct kvm_vcpu *vcpu)
4832 __this_cpu_write(current_vcpu, vcpu);
4834 EXPORT_SYMBOL_GPL(kvm_before_handle_nmi);
4836 void kvm_after_handle_nmi(struct kvm_vcpu *vcpu)
4838 __this_cpu_write(current_vcpu, NULL);
4840 EXPORT_SYMBOL_GPL(kvm_after_handle_nmi);
4842 static void kvm_set_mmio_spte_mask(void)
4845 int maxphyaddr = boot_cpu_data.x86_phys_bits;
4848 * Set the reserved bits and the present bit of an paging-structure
4849 * entry to generate page fault with PFER.RSV = 1.
4851 mask = ((1ull << (62 - maxphyaddr + 1)) - 1) << maxphyaddr;
4854 #ifdef CONFIG_X86_64
4856 * If reserved bit is not supported, clear the present bit to disable
4859 if (maxphyaddr == 52)
4863 kvm_mmu_set_mmio_spte_mask(mask);
4866 int kvm_arch_init(void *opaque)
4869 struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
4872 printk(KERN_ERR "kvm: already loaded the other module\n");
4877 if (!ops->cpu_has_kvm_support()) {
4878 printk(KERN_ERR "kvm: no hardware support\n");
4882 if (ops->disabled_by_bios()) {
4883 printk(KERN_ERR "kvm: disabled by bios\n");
4888 r = kvm_mmu_module_init();
4892 kvm_set_mmio_spte_mask();
4893 kvm_init_msr_list();
4896 kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
4897 PT_DIRTY_MASK, PT64_NX_MASK, 0);
4901 perf_register_guest_info_callbacks(&kvm_guest_cbs);
4904 host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
4913 void kvm_arch_exit(void)
4915 perf_unregister_guest_info_callbacks(&kvm_guest_cbs);
4917 if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
4918 cpufreq_unregister_notifier(&kvmclock_cpufreq_notifier_block,
4919 CPUFREQ_TRANSITION_NOTIFIER);
4920 unregister_hotcpu_notifier(&kvmclock_cpu_notifier_block);
4922 kvm_mmu_module_exit();
4925 int kvm_emulate_halt(struct kvm_vcpu *vcpu)
4927 ++vcpu->stat.halt_exits;
4928 if (irqchip_in_kernel(vcpu->kvm)) {
4929 vcpu->arch.mp_state = KVM_MP_STATE_HALTED;
4932 vcpu->run->exit_reason = KVM_EXIT_HLT;
4936 EXPORT_SYMBOL_GPL(kvm_emulate_halt);
4938 int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
4940 u64 param, ingpa, outgpa, ret;
4941 uint16_t code, rep_idx, rep_cnt, res = HV_STATUS_SUCCESS, rep_done = 0;
4942 bool fast, longmode;
4946 * hypercall generates UD from non zero cpl and real mode
4949 if (kvm_x86_ops->get_cpl(vcpu) != 0 || !is_protmode(vcpu)) {
4950 kvm_queue_exception(vcpu, UD_VECTOR);
4954 kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
4955 longmode = is_long_mode(vcpu) && cs_l == 1;
4958 param = ((u64)kvm_register_read(vcpu, VCPU_REGS_RDX) << 32) |
4959 (kvm_register_read(vcpu, VCPU_REGS_RAX) & 0xffffffff);
4960 ingpa = ((u64)kvm_register_read(vcpu, VCPU_REGS_RBX) << 32) |
4961 (kvm_register_read(vcpu, VCPU_REGS_RCX) & 0xffffffff);
4962 outgpa = ((u64)kvm_register_read(vcpu, VCPU_REGS_RDI) << 32) |
4963 (kvm_register_read(vcpu, VCPU_REGS_RSI) & 0xffffffff);
4965 #ifdef CONFIG_X86_64
4967 param = kvm_register_read(vcpu, VCPU_REGS_RCX);
4968 ingpa = kvm_register_read(vcpu, VCPU_REGS_RDX);
4969 outgpa = kvm_register_read(vcpu, VCPU_REGS_R8);
4973 code = param & 0xffff;
4974 fast = (param >> 16) & 0x1;
4975 rep_cnt = (param >> 32) & 0xfff;
4976 rep_idx = (param >> 48) & 0xfff;
4978 trace_kvm_hv_hypercall(code, fast, rep_cnt, rep_idx, ingpa, outgpa);
4981 case HV_X64_HV_NOTIFY_LONG_SPIN_WAIT:
4982 kvm_vcpu_on_spin(vcpu);
4985 res = HV_STATUS_INVALID_HYPERCALL_CODE;
4989 ret = res | (((u64)rep_done & 0xfff) << 32);
4991 kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
4993 kvm_register_write(vcpu, VCPU_REGS_RDX, ret >> 32);
4994 kvm_register_write(vcpu, VCPU_REGS_RAX, ret & 0xffffffff);
5000 int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
5002 unsigned long nr, a0, a1, a2, a3, ret;
5005 if (kvm_hv_hypercall_enabled(vcpu->kvm))
5006 return kvm_hv_hypercall(vcpu);
5008 nr = kvm_register_read(vcpu, VCPU_REGS_RAX);
5009 a0 = kvm_register_read(vcpu, VCPU_REGS_RBX);
5010 a1 = kvm_register_read(vcpu, VCPU_REGS_RCX);
5011 a2 = kvm_register_read(vcpu, VCPU_REGS_RDX);
5012 a3 = kvm_register_read(vcpu, VCPU_REGS_RSI);
5014 trace_kvm_hypercall(nr, a0, a1, a2, a3);
5016 if (!is_long_mode(vcpu)) {
5024 if (kvm_x86_ops->get_cpl(vcpu) != 0) {
5030 case KVM_HC_VAPIC_POLL_IRQ:
5038 kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
5039 ++vcpu->stat.hypercalls;
5042 EXPORT_SYMBOL_GPL(kvm_emulate_hypercall);
5044 int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt)
5046 struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
5047 char instruction[3];
5048 unsigned long rip = kvm_rip_read(vcpu);
5051 * Blow out the MMU to ensure that no other VCPU has an active mapping
5052 * to ensure that the updated hypercall appears atomically across all
5055 kvm_mmu_zap_all(vcpu->kvm);
5057 kvm_x86_ops->patch_hypercall(vcpu, instruction);
5059 return emulator_write_emulated(ctxt, rip, instruction, 3, NULL);
5063 * Check if userspace requested an interrupt window, and that the
5064 * interrupt window is open.
5066 * No need to exit to userspace if we already have an interrupt queued.
5068 static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
5070 return (!irqchip_in_kernel(vcpu->kvm) && !kvm_cpu_has_interrupt(vcpu) &&
5071 vcpu->run->request_interrupt_window &&
5072 kvm_arch_interrupt_allowed(vcpu));
5075 static void post_kvm_run_save(struct kvm_vcpu *vcpu)
5077 struct kvm_run *kvm_run = vcpu->run;
5079 kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
5080 kvm_run->cr8 = kvm_get_cr8(vcpu);
5081 kvm_run->apic_base = kvm_get_apic_base(vcpu);
5082 if (irqchip_in_kernel(vcpu->kvm))
5083 kvm_run->ready_for_interrupt_injection = 1;
5085 kvm_run->ready_for_interrupt_injection =
5086 kvm_arch_interrupt_allowed(vcpu) &&
5087 !kvm_cpu_has_interrupt(vcpu) &&
5088 !kvm_event_needs_reinjection(vcpu);
5091 static void vapic_enter(struct kvm_vcpu *vcpu)
5093 struct kvm_lapic *apic = vcpu->arch.apic;
5096 if (!apic || !apic->vapic_addr)
5099 page = gfn_to_page(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
5101 vcpu->arch.apic->vapic_page = page;
5104 static void vapic_exit(struct kvm_vcpu *vcpu)
5106 struct kvm_lapic *apic = vcpu->arch.apic;
5109 if (!apic || !apic->vapic_addr)
5112 idx = srcu_read_lock(&vcpu->kvm->srcu);
5113 kvm_release_page_dirty(apic->vapic_page);
5114 mark_page_dirty(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
5115 srcu_read_unlock(&vcpu->kvm->srcu, idx);
5118 static void update_cr8_intercept(struct kvm_vcpu *vcpu)
5122 if (!kvm_x86_ops->update_cr8_intercept)
5125 if (!vcpu->arch.apic)
5128 if (!vcpu->arch.apic->vapic_addr)
5129 max_irr = kvm_lapic_find_highest_irr(vcpu);
5136 tpr = kvm_lapic_get_cr8(vcpu);
5138 kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
5141 static void inject_pending_event(struct kvm_vcpu *vcpu)
5143 /* try to reinject previous events if any */
5144 if (vcpu->arch.exception.pending) {
5145 trace_kvm_inj_exception(vcpu->arch.exception.nr,
5146 vcpu->arch.exception.has_error_code,
5147 vcpu->arch.exception.error_code);
5148 kvm_x86_ops->queue_exception(vcpu, vcpu->arch.exception.nr,
5149 vcpu->arch.exception.has_error_code,
5150 vcpu->arch.exception.error_code,
5151 vcpu->arch.exception.reinject);
5155 if (vcpu->arch.nmi_injected) {
5156 kvm_x86_ops->set_nmi(vcpu);
5160 if (vcpu->arch.interrupt.pending) {
5161 kvm_x86_ops->set_irq(vcpu);
5165 /* try to inject new event if pending */
5166 if (vcpu->arch.nmi_pending) {
5167 if (kvm_x86_ops->nmi_allowed(vcpu)) {
5168 --vcpu->arch.nmi_pending;
5169 vcpu->arch.nmi_injected = true;
5170 kvm_x86_ops->set_nmi(vcpu);
5172 } else if (kvm_cpu_has_interrupt(vcpu)) {
5173 if (kvm_x86_ops->interrupt_allowed(vcpu)) {
5174 kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu),
5176 kvm_x86_ops->set_irq(vcpu);
5181 static void kvm_load_guest_xcr0(struct kvm_vcpu *vcpu)
5183 if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE) &&
5184 !vcpu->guest_xcr0_loaded) {
5185 /* kvm_set_xcr() also depends on this */
5186 xsetbv(XCR_XFEATURE_ENABLED_MASK, vcpu->arch.xcr0);
5187 vcpu->guest_xcr0_loaded = 1;
5191 static void kvm_put_guest_xcr0(struct kvm_vcpu *vcpu)
5193 if (vcpu->guest_xcr0_loaded) {
5194 if (vcpu->arch.xcr0 != host_xcr0)
5195 xsetbv(XCR_XFEATURE_ENABLED_MASK, host_xcr0);
5196 vcpu->guest_xcr0_loaded = 0;
5200 static void process_nmi(struct kvm_vcpu *vcpu)
5205 * x86 is limited to one NMI running, and one NMI pending after it.
5206 * If an NMI is already in progress, limit further NMIs to just one.
5207 * Otherwise, allow two (and we'll inject the first one immediately).
5209 if (kvm_x86_ops->get_nmi_mask(vcpu) || vcpu->arch.nmi_injected)
5212 vcpu->arch.nmi_pending += atomic_xchg(&vcpu->arch.nmi_queued, 0);
5213 vcpu->arch.nmi_pending = min(vcpu->arch.nmi_pending, limit);
5214 kvm_make_request(KVM_REQ_EVENT, vcpu);
5217 static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
5220 bool req_int_win = !irqchip_in_kernel(vcpu->kvm) &&
5221 vcpu->run->request_interrupt_window;
5222 bool req_immediate_exit = 0;
5224 if (vcpu->requests) {
5225 if (kvm_check_request(KVM_REQ_MMU_RELOAD, vcpu))
5226 kvm_mmu_unload(vcpu);
5227 if (kvm_check_request(KVM_REQ_MIGRATE_TIMER, vcpu))
5228 __kvm_migrate_timers(vcpu);
5229 if (kvm_check_request(KVM_REQ_CLOCK_UPDATE, vcpu)) {
5230 r = kvm_guest_time_update(vcpu);
5234 if (kvm_check_request(KVM_REQ_MMU_SYNC, vcpu))
5235 kvm_mmu_sync_roots(vcpu);
5236 if (kvm_check_request(KVM_REQ_TLB_FLUSH, vcpu))
5237 kvm_x86_ops->tlb_flush(vcpu);
5238 if (kvm_check_request(KVM_REQ_REPORT_TPR_ACCESS, vcpu)) {
5239 vcpu->run->exit_reason = KVM_EXIT_TPR_ACCESS;
5243 if (kvm_check_request(KVM_REQ_TRIPLE_FAULT, vcpu)) {
5244 vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
5248 if (kvm_check_request(KVM_REQ_DEACTIVATE_FPU, vcpu)) {
5249 vcpu->fpu_active = 0;
5250 kvm_x86_ops->fpu_deactivate(vcpu);
5252 if (kvm_check_request(KVM_REQ_APF_HALT, vcpu)) {
5253 /* Page is swapped out. Do synthetic halt */
5254 vcpu->arch.apf.halted = true;
5258 if (kvm_check_request(KVM_REQ_STEAL_UPDATE, vcpu))
5259 record_steal_time(vcpu);
5260 if (kvm_check_request(KVM_REQ_NMI, vcpu))
5262 req_immediate_exit =
5263 kvm_check_request(KVM_REQ_IMMEDIATE_EXIT, vcpu);
5264 if (kvm_check_request(KVM_REQ_PMU, vcpu))
5265 kvm_handle_pmu_event(vcpu);
5266 if (kvm_check_request(KVM_REQ_PMI, vcpu))
5267 kvm_deliver_pmi(vcpu);
5270 if (kvm_check_request(KVM_REQ_EVENT, vcpu) || req_int_win) {
5271 inject_pending_event(vcpu);
5273 /* enable NMI/IRQ window open exits if needed */
5274 if (vcpu->arch.nmi_pending)
5275 kvm_x86_ops->enable_nmi_window(vcpu);
5276 else if (kvm_cpu_has_interrupt(vcpu) || req_int_win)
5277 kvm_x86_ops->enable_irq_window(vcpu);
5279 if (kvm_lapic_enabled(vcpu)) {
5280 update_cr8_intercept(vcpu);
5281 kvm_lapic_sync_to_vapic(vcpu);
5285 r = kvm_mmu_reload(vcpu);
5287 goto cancel_injection;
5292 kvm_x86_ops->prepare_guest_switch(vcpu);
5293 if (vcpu->fpu_active)
5294 kvm_load_guest_fpu(vcpu);
5295 kvm_load_guest_xcr0(vcpu);
5297 vcpu->mode = IN_GUEST_MODE;
5299 /* We should set ->mode before check ->requests,
5300 * see the comment in make_all_cpus_request.
5304 local_irq_disable();
5306 if (vcpu->mode == EXITING_GUEST_MODE || vcpu->requests
5307 || need_resched() || signal_pending(current)) {
5308 vcpu->mode = OUTSIDE_GUEST_MODE;
5313 goto cancel_injection;
5316 srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
5318 if (req_immediate_exit)
5319 smp_send_reschedule(vcpu->cpu);
5323 if (unlikely(vcpu->arch.switch_db_regs)) {
5325 set_debugreg(vcpu->arch.eff_db[0], 0);
5326 set_debugreg(vcpu->arch.eff_db[1], 1);
5327 set_debugreg(vcpu->arch.eff_db[2], 2);
5328 set_debugreg(vcpu->arch.eff_db[3], 3);
5331 trace_kvm_entry(vcpu->vcpu_id);
5332 kvm_x86_ops->run(vcpu);
5335 * If the guest has used debug registers, at least dr7
5336 * will be disabled while returning to the host.
5337 * If we don't have active breakpoints in the host, we don't
5338 * care about the messed up debug address registers. But if
5339 * we have some of them active, restore the old state.
5341 if (hw_breakpoint_active())
5342 hw_breakpoint_restore();
5344 vcpu->arch.last_guest_tsc = kvm_x86_ops->read_l1_tsc(vcpu);
5346 vcpu->mode = OUTSIDE_GUEST_MODE;
5353 * We must have an instruction between local_irq_enable() and
5354 * kvm_guest_exit(), so the timer interrupt isn't delayed by
5355 * the interrupt shadow. The stat.exits increment will do nicely.
5356 * But we need to prevent reordering, hence this barrier():
5364 vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
5367 * Profile KVM exit RIPs:
5369 if (unlikely(prof_on == KVM_PROFILING)) {
5370 unsigned long rip = kvm_rip_read(vcpu);
5371 profile_hit(KVM_PROFILING, (void *)rip);
5374 if (unlikely(vcpu->arch.tsc_always_catchup))
5375 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
5377 if (vcpu->arch.apic_attention)
5378 kvm_lapic_sync_from_vapic(vcpu);
5380 r = kvm_x86_ops->handle_exit(vcpu);
5384 kvm_x86_ops->cancel_injection(vcpu);
5385 if (unlikely(vcpu->arch.apic_attention))
5386 kvm_lapic_sync_from_vapic(vcpu);
5392 static int __vcpu_run(struct kvm_vcpu *vcpu)
5395 struct kvm *kvm = vcpu->kvm;
5397 if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_SIPI_RECEIVED)) {
5398 pr_debug("vcpu %d received sipi with vector # %x\n",
5399 vcpu->vcpu_id, vcpu->arch.sipi_vector);
5400 kvm_lapic_reset(vcpu);
5401 r = kvm_arch_vcpu_reset(vcpu);
5404 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
5407 vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
5412 if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE &&
5413 !vcpu->arch.apf.halted)
5414 r = vcpu_enter_guest(vcpu);
5416 srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
5417 kvm_vcpu_block(vcpu);
5418 vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
5419 if (kvm_check_request(KVM_REQ_UNHALT, vcpu))
5421 switch(vcpu->arch.mp_state) {
5422 case KVM_MP_STATE_HALTED:
5423 vcpu->arch.mp_state =
5424 KVM_MP_STATE_RUNNABLE;
5425 case KVM_MP_STATE_RUNNABLE:
5426 vcpu->arch.apf.halted = false;
5428 case KVM_MP_STATE_SIPI_RECEIVED:
5439 clear_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests);
5440 if (kvm_cpu_has_pending_timer(vcpu))
5441 kvm_inject_pending_timer_irqs(vcpu);
5443 if (dm_request_for_irq_injection(vcpu)) {
5445 vcpu->run->exit_reason = KVM_EXIT_INTR;
5446 ++vcpu->stat.request_irq_exits;
5449 kvm_check_async_pf_completion(vcpu);
5451 if (signal_pending(current)) {
5453 vcpu->run->exit_reason = KVM_EXIT_INTR;
5454 ++vcpu->stat.signal_exits;
5456 if (need_resched()) {
5457 srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
5459 vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
5463 srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
5471 * Implements the following, as a state machine:
5486 static int complete_mmio(struct kvm_vcpu *vcpu)
5488 struct kvm_run *run = vcpu->run;
5489 struct kvm_mmio_fragment *frag;
5492 if (!(vcpu->arch.pio.count || vcpu->mmio_needed))
5495 if (vcpu->mmio_needed) {
5496 /* Complete previous fragment */
5497 frag = &vcpu->mmio_fragments[vcpu->mmio_cur_fragment++];
5498 if (!vcpu->mmio_is_write)
5499 memcpy(frag->data, run->mmio.data, frag->len);
5500 if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) {
5501 vcpu->mmio_needed = 0;
5502 if (vcpu->mmio_is_write)
5504 vcpu->mmio_read_completed = 1;
5507 /* Initiate next fragment */
5509 run->exit_reason = KVM_EXIT_MMIO;
5510 run->mmio.phys_addr = frag->gpa;
5511 if (vcpu->mmio_is_write)
5512 memcpy(run->mmio.data, frag->data, frag->len);
5513 run->mmio.len = frag->len;
5514 run->mmio.is_write = vcpu->mmio_is_write;
5519 vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
5520 r = emulate_instruction(vcpu, EMULTYPE_NO_DECODE);
5521 srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
5522 if (r != EMULATE_DONE)
5527 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
5532 if (!tsk_used_math(current) && init_fpu(current))
5535 if (vcpu->sigset_active)
5536 sigprocmask(SIG_SETMASK, &vcpu->sigset, &sigsaved);
5538 if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) {
5539 kvm_vcpu_block(vcpu);
5540 clear_bit(KVM_REQ_UNHALT, &vcpu->requests);
5545 /* re-sync apic's tpr */
5546 if (!irqchip_in_kernel(vcpu->kvm)) {
5547 if (kvm_set_cr8(vcpu, kvm_run->cr8) != 0) {
5553 r = complete_mmio(vcpu);
5557 r = __vcpu_run(vcpu);
5560 post_kvm_run_save(vcpu);
5561 if (vcpu->sigset_active)
5562 sigprocmask(SIG_SETMASK, &sigsaved, NULL);
5567 int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
5569 if (vcpu->arch.emulate_regs_need_sync_to_vcpu) {
5571 * We are here if userspace calls get_regs() in the middle of
5572 * instruction emulation. Registers state needs to be copied
5573 * back from emulation context to vcpu. Userspace shouldn't do
5574 * that usually, but some bad designed PV devices (vmware
5575 * backdoor interface) need this to work
5577 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
5578 memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
5579 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
5581 regs->rax = kvm_register_read(vcpu, VCPU_REGS_RAX);
5582 regs->rbx = kvm_register_read(vcpu, VCPU_REGS_RBX);
5583 regs->rcx = kvm_register_read(vcpu, VCPU_REGS_RCX);
5584 regs->rdx = kvm_register_read(vcpu, VCPU_REGS_RDX);
5585 regs->rsi = kvm_register_read(vcpu, VCPU_REGS_RSI);
5586 regs->rdi = kvm_register_read(vcpu, VCPU_REGS_RDI);
5587 regs->rsp = kvm_register_read(vcpu, VCPU_REGS_RSP);
5588 regs->rbp = kvm_register_read(vcpu, VCPU_REGS_RBP);
5589 #ifdef CONFIG_X86_64
5590 regs->r8 = kvm_register_read(vcpu, VCPU_REGS_R8);
5591 regs->r9 = kvm_register_read(vcpu, VCPU_REGS_R9);
5592 regs->r10 = kvm_register_read(vcpu, VCPU_REGS_R10);
5593 regs->r11 = kvm_register_read(vcpu, VCPU_REGS_R11);
5594 regs->r12 = kvm_register_read(vcpu, VCPU_REGS_R12);
5595 regs->r13 = kvm_register_read(vcpu, VCPU_REGS_R13);
5596 regs->r14 = kvm_register_read(vcpu, VCPU_REGS_R14);
5597 regs->r15 = kvm_register_read(vcpu, VCPU_REGS_R15);
5600 regs->rip = kvm_rip_read(vcpu);
5601 regs->rflags = kvm_get_rflags(vcpu);
5606 int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
5608 vcpu->arch.emulate_regs_need_sync_from_vcpu = true;
5609 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
5611 kvm_register_write(vcpu, VCPU_REGS_RAX, regs->rax);
5612 kvm_register_write(vcpu, VCPU_REGS_RBX, regs->rbx);
5613 kvm_register_write(vcpu, VCPU_REGS_RCX, regs->rcx);
5614 kvm_register_write(vcpu, VCPU_REGS_RDX, regs->rdx);
5615 kvm_register_write(vcpu, VCPU_REGS_RSI, regs->rsi);
5616 kvm_register_write(vcpu, VCPU_REGS_RDI, regs->rdi);
5617 kvm_register_write(vcpu, VCPU_REGS_RSP, regs->rsp);
5618 kvm_register_write(vcpu, VCPU_REGS_RBP, regs->rbp);
5619 #ifdef CONFIG_X86_64
5620 kvm_register_write(vcpu, VCPU_REGS_R8, regs->r8);
5621 kvm_register_write(vcpu, VCPU_REGS_R9, regs->r9);
5622 kvm_register_write(vcpu, VCPU_REGS_R10, regs->r10);
5623 kvm_register_write(vcpu, VCPU_REGS_R11, regs->r11);
5624 kvm_register_write(vcpu, VCPU_REGS_R12, regs->r12);
5625 kvm_register_write(vcpu, VCPU_REGS_R13, regs->r13);
5626 kvm_register_write(vcpu, VCPU_REGS_R14, regs->r14);
5627 kvm_register_write(vcpu, VCPU_REGS_R15, regs->r15);
5630 kvm_rip_write(vcpu, regs->rip);
5631 kvm_set_rflags(vcpu, regs->rflags);
5633 vcpu->arch.exception.pending = false;
5635 kvm_make_request(KVM_REQ_EVENT, vcpu);
5640 void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
5642 struct kvm_segment cs;
5644 kvm_get_segment(vcpu, &cs, VCPU_SREG_CS);
5648 EXPORT_SYMBOL_GPL(kvm_get_cs_db_l_bits);
5650 int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
5651 struct kvm_sregs *sregs)
5655 kvm_get_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
5656 kvm_get_segment(vcpu, &sregs->ds, VCPU_SREG_DS);
5657 kvm_get_segment(vcpu, &sregs->es, VCPU_SREG_ES);
5658 kvm_get_segment(vcpu, &sregs->fs, VCPU_SREG_FS);
5659 kvm_get_segment(vcpu, &sregs->gs, VCPU_SREG_GS);
5660 kvm_get_segment(vcpu, &sregs->ss, VCPU_SREG_SS);
5662 kvm_get_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
5663 kvm_get_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
5665 kvm_x86_ops->get_idt(vcpu, &dt);
5666 sregs->idt.limit = dt.size;
5667 sregs->idt.base = dt.address;
5668 kvm_x86_ops->get_gdt(vcpu, &dt);
5669 sregs->gdt.limit = dt.size;
5670 sregs->gdt.base = dt.address;
5672 sregs->cr0 = kvm_read_cr0(vcpu);
5673 sregs->cr2 = vcpu->arch.cr2;
5674 sregs->cr3 = kvm_read_cr3(vcpu);
5675 sregs->cr4 = kvm_read_cr4(vcpu);
5676 sregs->cr8 = kvm_get_cr8(vcpu);
5677 sregs->efer = vcpu->arch.efer;
5678 sregs->apic_base = kvm_get_apic_base(vcpu);
5680 memset(sregs->interrupt_bitmap, 0, sizeof sregs->interrupt_bitmap);
5682 if (vcpu->arch.interrupt.pending && !vcpu->arch.interrupt.soft)
5683 set_bit(vcpu->arch.interrupt.nr,
5684 (unsigned long *)sregs->interrupt_bitmap);
5689 int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
5690 struct kvm_mp_state *mp_state)
5692 mp_state->mp_state = vcpu->arch.mp_state;
5696 int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
5697 struct kvm_mp_state *mp_state)
5699 vcpu->arch.mp_state = mp_state->mp_state;
5700 kvm_make_request(KVM_REQ_EVENT, vcpu);
5704 int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index,
5705 int reason, bool has_error_code, u32 error_code)
5707 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
5710 init_emulate_ctxt(vcpu);
5712 ret = emulator_task_switch(ctxt, tss_selector, idt_index, reason,
5713 has_error_code, error_code);
5716 return EMULATE_FAIL;
5718 memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
5719 kvm_rip_write(vcpu, ctxt->eip);
5720 kvm_set_rflags(vcpu, ctxt->eflags);
5721 kvm_make_request(KVM_REQ_EVENT, vcpu);
5722 return EMULATE_DONE;
5724 EXPORT_SYMBOL_GPL(kvm_task_switch);
5726 int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
5727 struct kvm_sregs *sregs)
5729 int mmu_reset_needed = 0;
5730 int pending_vec, max_bits, idx;
5733 dt.size = sregs->idt.limit;
5734 dt.address = sregs->idt.base;
5735 kvm_x86_ops->set_idt(vcpu, &dt);
5736 dt.size = sregs->gdt.limit;
5737 dt.address = sregs->gdt.base;
5738 kvm_x86_ops->set_gdt(vcpu, &dt);
5740 vcpu->arch.cr2 = sregs->cr2;
5741 mmu_reset_needed |= kvm_read_cr3(vcpu) != sregs->cr3;
5742 vcpu->arch.cr3 = sregs->cr3;
5743 __set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
5745 kvm_set_cr8(vcpu, sregs->cr8);
5747 mmu_reset_needed |= vcpu->arch.efer != sregs->efer;
5748 kvm_x86_ops->set_efer(vcpu, sregs->efer);
5749 kvm_set_apic_base(vcpu, sregs->apic_base);
5751 mmu_reset_needed |= kvm_read_cr0(vcpu) != sregs->cr0;
5752 kvm_x86_ops->set_cr0(vcpu, sregs->cr0);
5753 vcpu->arch.cr0 = sregs->cr0;
5755 mmu_reset_needed |= kvm_read_cr4(vcpu) != sregs->cr4;
5756 kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
5757 if (sregs->cr4 & X86_CR4_OSXSAVE)
5758 kvm_update_cpuid(vcpu);
5760 idx = srcu_read_lock(&vcpu->kvm->srcu);
5761 if (!is_long_mode(vcpu) && is_pae(vcpu)) {
5762 load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
5763 mmu_reset_needed = 1;
5765 srcu_read_unlock(&vcpu->kvm->srcu, idx);
5767 if (mmu_reset_needed)
5768 kvm_mmu_reset_context(vcpu);
5770 max_bits = (sizeof sregs->interrupt_bitmap) << 3;
5771 pending_vec = find_first_bit(
5772 (const unsigned long *)sregs->interrupt_bitmap, max_bits);
5773 if (pending_vec < max_bits) {
5774 kvm_queue_interrupt(vcpu, pending_vec, false);
5775 pr_debug("Set back pending irq %d\n", pending_vec);
5778 kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
5779 kvm_set_segment(vcpu, &sregs->ds, VCPU_SREG_DS);
5780 kvm_set_segment(vcpu, &sregs->es, VCPU_SREG_ES);
5781 kvm_set_segment(vcpu, &sregs->fs, VCPU_SREG_FS);
5782 kvm_set_segment(vcpu, &sregs->gs, VCPU_SREG_GS);
5783 kvm_set_segment(vcpu, &sregs->ss, VCPU_SREG_SS);
5785 kvm_set_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
5786 kvm_set_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
5788 update_cr8_intercept(vcpu);
5790 /* Older userspace won't unhalt the vcpu on reset. */
5791 if (kvm_vcpu_is_bsp(vcpu) && kvm_rip_read(vcpu) == 0xfff0 &&
5792 sregs->cs.selector == 0xf000 && sregs->cs.base == 0xffff0000 &&
5794 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
5796 kvm_make_request(KVM_REQ_EVENT, vcpu);
5801 int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
5802 struct kvm_guest_debug *dbg)
5804 unsigned long rflags;
5807 if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) {
5809 if (vcpu->arch.exception.pending)
5811 if (dbg->control & KVM_GUESTDBG_INJECT_DB)
5812 kvm_queue_exception(vcpu, DB_VECTOR);
5814 kvm_queue_exception(vcpu, BP_VECTOR);
5818 * Read rflags as long as potentially injected trace flags are still
5821 rflags = kvm_get_rflags(vcpu);
5823 vcpu->guest_debug = dbg->control;
5824 if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
5825 vcpu->guest_debug = 0;
5827 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
5828 for (i = 0; i < KVM_NR_DB_REGS; ++i)
5829 vcpu->arch.eff_db[i] = dbg->arch.debugreg[i];
5830 vcpu->arch.switch_db_regs =
5831 (dbg->arch.debugreg[7] & DR7_BP_EN_MASK);
5833 for (i = 0; i < KVM_NR_DB_REGS; i++)
5834 vcpu->arch.eff_db[i] = vcpu->arch.db[i];
5835 vcpu->arch.switch_db_regs = (vcpu->arch.dr7 & DR7_BP_EN_MASK);
5838 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
5839 vcpu->arch.singlestep_rip = kvm_rip_read(vcpu) +
5840 get_segment_base(vcpu, VCPU_SREG_CS);
5843 * Trigger an rflags update that will inject or remove the trace
5846 kvm_set_rflags(vcpu, rflags);
5848 kvm_x86_ops->set_guest_debug(vcpu, dbg);
5858 * Translate a guest virtual address to a guest physical address.
5860 int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
5861 struct kvm_translation *tr)
5863 unsigned long vaddr = tr->linear_address;
5867 idx = srcu_read_lock(&vcpu->kvm->srcu);
5868 gpa = kvm_mmu_gva_to_gpa_system(vcpu, vaddr, NULL);
5869 srcu_read_unlock(&vcpu->kvm->srcu, idx);
5870 tr->physical_address = gpa;
5871 tr->valid = gpa != UNMAPPED_GVA;
5878 int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5880 struct i387_fxsave_struct *fxsave =
5881 &vcpu->arch.guest_fpu.state->fxsave;
5883 memcpy(fpu->fpr, fxsave->st_space, 128);
5884 fpu->fcw = fxsave->cwd;
5885 fpu->fsw = fxsave->swd;
5886 fpu->ftwx = fxsave->twd;
5887 fpu->last_opcode = fxsave->fop;
5888 fpu->last_ip = fxsave->rip;
5889 fpu->last_dp = fxsave->rdp;
5890 memcpy(fpu->xmm, fxsave->xmm_space, sizeof fxsave->xmm_space);
5895 int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
5897 struct i387_fxsave_struct *fxsave =
5898 &vcpu->arch.guest_fpu.state->fxsave;
5900 memcpy(fxsave->st_space, fpu->fpr, 128);
5901 fxsave->cwd = fpu->fcw;
5902 fxsave->swd = fpu->fsw;
5903 fxsave->twd = fpu->ftwx;
5904 fxsave->fop = fpu->last_opcode;
5905 fxsave->rip = fpu->last_ip;
5906 fxsave->rdp = fpu->last_dp;
5907 memcpy(fxsave->xmm_space, fpu->xmm, sizeof fxsave->xmm_space);
5912 int fx_init(struct kvm_vcpu *vcpu)
5916 err = fpu_alloc(&vcpu->arch.guest_fpu);
5920 fpu_finit(&vcpu->arch.guest_fpu);
5923 * Ensure guest xcr0 is valid for loading
5925 vcpu->arch.xcr0 = XSTATE_FP;
5927 vcpu->arch.cr0 |= X86_CR0_ET;
5931 EXPORT_SYMBOL_GPL(fx_init);
5933 static void fx_free(struct kvm_vcpu *vcpu)
5935 fpu_free(&vcpu->arch.guest_fpu);
5938 void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
5940 if (vcpu->guest_fpu_loaded)
5944 * Restore all possible states in the guest,
5945 * and assume host would use all available bits.
5946 * Guest xcr0 would be loaded later.
5948 kvm_put_guest_xcr0(vcpu);
5949 vcpu->guest_fpu_loaded = 1;
5950 unlazy_fpu(current);
5951 fpu_restore_checking(&vcpu->arch.guest_fpu);
5955 void kvm_put_guest_fpu(struct kvm_vcpu *vcpu)
5957 kvm_put_guest_xcr0(vcpu);
5959 if (!vcpu->guest_fpu_loaded)
5962 vcpu->guest_fpu_loaded = 0;
5963 fpu_save_init(&vcpu->arch.guest_fpu);
5964 ++vcpu->stat.fpu_reload;
5965 kvm_make_request(KVM_REQ_DEACTIVATE_FPU, vcpu);
5969 void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
5971 kvmclock_reset(vcpu);
5973 free_cpumask_var(vcpu->arch.wbinvd_dirty_mask);
5975 kvm_x86_ops->vcpu_free(vcpu);
5978 struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
5981 if (check_tsc_unstable() && atomic_read(&kvm->online_vcpus) != 0)
5982 printk_once(KERN_WARNING
5983 "kvm: SMP vm created on host with unstable TSC; "
5984 "guest TSC will not be reliable\n");
5985 return kvm_x86_ops->vcpu_create(kvm, id);
5988 int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
5992 vcpu->arch.mtrr_state.have_fixed = 1;
5994 r = kvm_arch_vcpu_reset(vcpu);
5996 r = kvm_mmu_setup(vcpu);
6002 void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
6004 vcpu->arch.apf.msr_val = 0;
6007 kvm_mmu_unload(vcpu);
6011 kvm_x86_ops->vcpu_free(vcpu);
6014 int kvm_arch_vcpu_reset(struct kvm_vcpu *vcpu)
6016 atomic_set(&vcpu->arch.nmi_queued, 0);
6017 vcpu->arch.nmi_pending = 0;
6018 vcpu->arch.nmi_injected = false;
6020 vcpu->arch.switch_db_regs = 0;
6021 memset(vcpu->arch.db, 0, sizeof(vcpu->arch.db));
6022 vcpu->arch.dr6 = DR6_FIXED_1;
6023 vcpu->arch.dr7 = DR7_FIXED_1;
6025 kvm_make_request(KVM_REQ_EVENT, vcpu);
6026 vcpu->arch.apf.msr_val = 0;
6027 vcpu->arch.st.msr_val = 0;
6029 kvmclock_reset(vcpu);
6031 kvm_clear_async_pf_completion_queue(vcpu);
6032 kvm_async_pf_hash_reset(vcpu);
6033 vcpu->arch.apf.halted = false;
6035 kvm_pmu_reset(vcpu);
6037 return kvm_x86_ops->vcpu_reset(vcpu);
6040 int kvm_arch_hardware_enable(void *garbage)
6043 struct kvm_vcpu *vcpu;
6048 bool stable, backwards_tsc = false;
6050 kvm_shared_msr_cpu_online();
6051 ret = kvm_x86_ops->hardware_enable(garbage);
6055 local_tsc = native_read_tsc();
6056 stable = !check_tsc_unstable();
6057 list_for_each_entry(kvm, &vm_list, vm_list) {
6058 kvm_for_each_vcpu(i, vcpu, kvm) {
6059 if (!stable && vcpu->cpu == smp_processor_id())
6060 set_bit(KVM_REQ_CLOCK_UPDATE, &vcpu->requests);
6061 if (stable && vcpu->arch.last_host_tsc > local_tsc) {
6062 backwards_tsc = true;
6063 if (vcpu->arch.last_host_tsc > max_tsc)
6064 max_tsc = vcpu->arch.last_host_tsc;
6070 * Sometimes, even reliable TSCs go backwards. This happens on
6071 * platforms that reset TSC during suspend or hibernate actions, but
6072 * maintain synchronization. We must compensate. Fortunately, we can
6073 * detect that condition here, which happens early in CPU bringup,
6074 * before any KVM threads can be running. Unfortunately, we can't
6075 * bring the TSCs fully up to date with real time, as we aren't yet far
6076 * enough into CPU bringup that we know how much real time has actually
6077 * elapsed; our helper function, get_kernel_ns() will be using boot
6078 * variables that haven't been updated yet.
6080 * So we simply find the maximum observed TSC above, then record the
6081 * adjustment to TSC in each VCPU. When the VCPU later gets loaded,
6082 * the adjustment will be applied. Note that we accumulate
6083 * adjustments, in case multiple suspend cycles happen before some VCPU
6084 * gets a chance to run again. In the event that no KVM threads get a
6085 * chance to run, we will miss the entire elapsed period, as we'll have
6086 * reset last_host_tsc, so VCPUs will not have the TSC adjusted and may
6087 * loose cycle time. This isn't too big a deal, since the loss will be
6088 * uniform across all VCPUs (not to mention the scenario is extremely
6089 * unlikely). It is possible that a second hibernate recovery happens
6090 * much faster than a first, causing the observed TSC here to be
6091 * smaller; this would require additional padding adjustment, which is
6092 * why we set last_host_tsc to the local tsc observed here.
6094 * N.B. - this code below runs only on platforms with reliable TSC,
6095 * as that is the only way backwards_tsc is set above. Also note
6096 * that this runs for ALL vcpus, which is not a bug; all VCPUs should
6097 * have the same delta_cyc adjustment applied if backwards_tsc
6098 * is detected. Note further, this adjustment is only done once,
6099 * as we reset last_host_tsc on all VCPUs to stop this from being
6100 * called multiple times (one for each physical CPU bringup).
6102 * Platforms with unreliable TSCs don't have to deal with this, they
6103 * will be compensated by the logic in vcpu_load, which sets the TSC to
6104 * catchup mode. This will catchup all VCPUs to real time, but cannot
6105 * guarantee that they stay in perfect synchronization.
6107 if (backwards_tsc) {
6108 u64 delta_cyc = max_tsc - local_tsc;
6109 list_for_each_entry(kvm, &vm_list, vm_list) {
6110 kvm_for_each_vcpu(i, vcpu, kvm) {
6111 vcpu->arch.tsc_offset_adjustment += delta_cyc;
6112 vcpu->arch.last_host_tsc = local_tsc;
6116 * We have to disable TSC offset matching.. if you were
6117 * booting a VM while issuing an S4 host suspend....
6118 * you may have some problem. Solving this issue is
6119 * left as an exercise to the reader.
6121 kvm->arch.last_tsc_nsec = 0;
6122 kvm->arch.last_tsc_write = 0;
6129 void kvm_arch_hardware_disable(void *garbage)
6131 kvm_x86_ops->hardware_disable(garbage);
6132 drop_user_return_notifiers(garbage);
6135 int kvm_arch_hardware_setup(void)
6137 return kvm_x86_ops->hardware_setup();
6140 void kvm_arch_hardware_unsetup(void)
6142 kvm_x86_ops->hardware_unsetup();
6145 void kvm_arch_check_processor_compat(void *rtn)
6147 kvm_x86_ops->check_processor_compatibility(rtn);
6150 bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
6152 return irqchip_in_kernel(vcpu->kvm) == (vcpu->arch.apic != NULL);
6155 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
6161 BUG_ON(vcpu->kvm == NULL);
6164 vcpu->arch.emulate_ctxt.ops = &emulate_ops;
6165 if (!irqchip_in_kernel(kvm) || kvm_vcpu_is_bsp(vcpu))
6166 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
6168 vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
6170 page = alloc_page(GFP_KERNEL | __GFP_ZERO);
6175 vcpu->arch.pio_data = page_address(page);
6177 kvm_set_tsc_khz(vcpu, max_tsc_khz);
6179 r = kvm_mmu_create(vcpu);
6181 goto fail_free_pio_data;
6183 if (irqchip_in_kernel(kvm)) {
6184 r = kvm_create_lapic(vcpu);
6186 goto fail_mmu_destroy;
6189 vcpu->arch.mce_banks = kzalloc(KVM_MAX_MCE_BANKS * sizeof(u64) * 4,
6191 if (!vcpu->arch.mce_banks) {
6193 goto fail_free_lapic;
6195 vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;
6197 if (!zalloc_cpumask_var(&vcpu->arch.wbinvd_dirty_mask, GFP_KERNEL))
6198 goto fail_free_mce_banks;
6200 kvm_async_pf_hash_reset(vcpu);
6204 fail_free_mce_banks:
6205 kfree(vcpu->arch.mce_banks);
6207 kvm_free_lapic(vcpu);
6209 kvm_mmu_destroy(vcpu);
6211 free_page((unsigned long)vcpu->arch.pio_data);
6216 void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
6220 kvm_pmu_destroy(vcpu);
6221 kfree(vcpu->arch.mce_banks);
6222 kvm_free_lapic(vcpu);
6223 idx = srcu_read_lock(&vcpu->kvm->srcu);
6224 kvm_mmu_destroy(vcpu);
6225 srcu_read_unlock(&vcpu->kvm->srcu, idx);
6226 free_page((unsigned long)vcpu->arch.pio_data);
6229 int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
6234 INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
6235 INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
6237 /* Reserve bit 0 of irq_sources_bitmap for userspace irq source */
6238 set_bit(KVM_USERSPACE_IRQ_SOURCE_ID, &kvm->arch.irq_sources_bitmap);
6240 raw_spin_lock_init(&kvm->arch.tsc_write_lock);
6245 static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
6248 kvm_mmu_unload(vcpu);
6252 static void kvm_free_vcpus(struct kvm *kvm)
6255 struct kvm_vcpu *vcpu;
6258 * Unpin any mmu pages first.
6260 kvm_for_each_vcpu(i, vcpu, kvm) {
6261 kvm_clear_async_pf_completion_queue(vcpu);
6262 kvm_unload_vcpu_mmu(vcpu);
6264 kvm_for_each_vcpu(i, vcpu, kvm)
6265 kvm_arch_vcpu_free(vcpu);
6267 mutex_lock(&kvm->lock);
6268 for (i = 0; i < atomic_read(&kvm->online_vcpus); i++)
6269 kvm->vcpus[i] = NULL;
6271 atomic_set(&kvm->online_vcpus, 0);
6272 mutex_unlock(&kvm->lock);
6275 void kvm_arch_sync_events(struct kvm *kvm)
6277 kvm_free_all_assigned_devices(kvm);
6281 void kvm_arch_destroy_vm(struct kvm *kvm)
6283 kvm_iommu_unmap_guest(kvm);
6284 kfree(kvm->arch.vpic);
6285 kfree(kvm->arch.vioapic);
6286 kvm_free_vcpus(kvm);
6287 if (kvm->arch.apic_access_page)
6288 put_page(kvm->arch.apic_access_page);
6289 if (kvm->arch.ept_identity_pagetable)
6290 put_page(kvm->arch.ept_identity_pagetable);
6293 void kvm_arch_free_memslot(struct kvm_memory_slot *free,
6294 struct kvm_memory_slot *dont)
6298 for (i = 0; i < KVM_NR_PAGE_SIZES; ++i) {
6299 if (!dont || free->arch.rmap[i] != dont->arch.rmap[i]) {
6300 kvm_kvfree(free->arch.rmap[i]);
6301 free->arch.rmap[i] = NULL;
6306 if (!dont || free->arch.lpage_info[i - 1] !=
6307 dont->arch.lpage_info[i - 1]) {
6308 kvm_kvfree(free->arch.lpage_info[i - 1]);
6309 free->arch.lpage_info[i - 1] = NULL;
6314 int kvm_arch_create_memslot(struct kvm_memory_slot *slot, unsigned long npages)
6318 for (i = 0; i < KVM_NR_PAGE_SIZES; ++i) {
6323 lpages = gfn_to_index(slot->base_gfn + npages - 1,
6324 slot->base_gfn, level) + 1;
6326 slot->arch.rmap[i] =
6327 kvm_kvzalloc(lpages * sizeof(*slot->arch.rmap[i]));
6328 if (!slot->arch.rmap[i])
6333 slot->arch.lpage_info[i - 1] = kvm_kvzalloc(lpages *
6334 sizeof(*slot->arch.lpage_info[i - 1]));
6335 if (!slot->arch.lpage_info[i - 1])
6338 if (slot->base_gfn & (KVM_PAGES_PER_HPAGE(level) - 1))
6339 slot->arch.lpage_info[i - 1][0].write_count = 1;
6340 if ((slot->base_gfn + npages) & (KVM_PAGES_PER_HPAGE(level) - 1))
6341 slot->arch.lpage_info[i - 1][lpages - 1].write_count = 1;
6342 ugfn = slot->userspace_addr >> PAGE_SHIFT;
6344 * If the gfn and userspace address are not aligned wrt each
6345 * other, or if explicitly asked to, disable large page
6346 * support for this slot
6348 if ((slot->base_gfn ^ ugfn) & (KVM_PAGES_PER_HPAGE(level) - 1) ||
6349 !kvm_largepages_enabled()) {
6352 for (j = 0; j < lpages; ++j)
6353 slot->arch.lpage_info[i - 1][j].write_count = 1;
6360 for (i = 0; i < KVM_NR_PAGE_SIZES; ++i) {
6361 kvm_kvfree(slot->arch.rmap[i]);
6362 slot->arch.rmap[i] = NULL;
6366 kvm_kvfree(slot->arch.lpage_info[i - 1]);
6367 slot->arch.lpage_info[i - 1] = NULL;
6372 int kvm_arch_prepare_memory_region(struct kvm *kvm,
6373 struct kvm_memory_slot *memslot,
6374 struct kvm_memory_slot old,
6375 struct kvm_userspace_memory_region *mem,
6378 int npages = memslot->npages;
6379 int map_flags = MAP_PRIVATE | MAP_ANONYMOUS;
6381 /* Prevent internal slot pages from being moved by fork()/COW. */
6382 if (memslot->id >= KVM_MEMORY_SLOTS)
6383 map_flags = MAP_SHARED | MAP_ANONYMOUS;
6385 /*To keep backward compatibility with older userspace,
6386 *x86 needs to handle !user_alloc case.
6389 if (npages && !old.npages) {
6390 unsigned long userspace_addr;
6392 userspace_addr = vm_mmap(NULL, 0,
6394 PROT_READ | PROT_WRITE,
6398 if (IS_ERR((void *)userspace_addr))
6399 return PTR_ERR((void *)userspace_addr);
6401 memslot->userspace_addr = userspace_addr;
6409 void kvm_arch_commit_memory_region(struct kvm *kvm,
6410 struct kvm_userspace_memory_region *mem,
6411 struct kvm_memory_slot old,
6415 int nr_mmu_pages = 0, npages = mem->memory_size >> PAGE_SHIFT;
6417 if (!user_alloc && !old.user_alloc && old.npages && !npages) {
6420 ret = vm_munmap(old.userspace_addr,
6421 old.npages * PAGE_SIZE);
6424 "kvm_vm_ioctl_set_memory_region: "
6425 "failed to munmap memory\n");
6428 if (!kvm->arch.n_requested_mmu_pages)
6429 nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
6431 spin_lock(&kvm->mmu_lock);
6433 kvm_mmu_change_mmu_pages(kvm, nr_mmu_pages);
6434 kvm_mmu_slot_remove_write_access(kvm, mem->slot);
6435 spin_unlock(&kvm->mmu_lock);
6438 void kvm_arch_flush_shadow(struct kvm *kvm)
6440 kvm_mmu_zap_all(kvm);
6441 kvm_reload_remote_mmus(kvm);
6444 int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
6446 return (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE &&
6447 !vcpu->arch.apf.halted)
6448 || !list_empty_careful(&vcpu->async_pf.done)
6449 || vcpu->arch.mp_state == KVM_MP_STATE_SIPI_RECEIVED
6450 || atomic_read(&vcpu->arch.nmi_queued) ||
6451 (kvm_arch_interrupt_allowed(vcpu) &&
6452 kvm_cpu_has_interrupt(vcpu));
6455 int kvm_arch_vcpu_should_kick(struct kvm_vcpu *vcpu)
6457 return kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE;
6460 int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu)
6462 return kvm_x86_ops->interrupt_allowed(vcpu);
6465 bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip)
6467 unsigned long current_rip = kvm_rip_read(vcpu) +
6468 get_segment_base(vcpu, VCPU_SREG_CS);
6470 return current_rip == linear_rip;
6472 EXPORT_SYMBOL_GPL(kvm_is_linear_rip);
6474 unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu)
6476 unsigned long rflags;
6478 rflags = kvm_x86_ops->get_rflags(vcpu);
6479 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
6480 rflags &= ~X86_EFLAGS_TF;
6483 EXPORT_SYMBOL_GPL(kvm_get_rflags);
6485 void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
6487 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP &&
6488 kvm_is_linear_rip(vcpu, vcpu->arch.singlestep_rip))
6489 rflags |= X86_EFLAGS_TF;
6490 kvm_x86_ops->set_rflags(vcpu, rflags);
6491 kvm_make_request(KVM_REQ_EVENT, vcpu);
6493 EXPORT_SYMBOL_GPL(kvm_set_rflags);
6495 void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
6499 if ((vcpu->arch.mmu.direct_map != work->arch.direct_map) ||
6500 is_error_page(work->page))
6503 r = kvm_mmu_reload(vcpu);
6507 if (!vcpu->arch.mmu.direct_map &&
6508 work->arch.cr3 != vcpu->arch.mmu.get_cr3(vcpu))
6511 vcpu->arch.mmu.page_fault(vcpu, work->gva, 0, true);
6514 static inline u32 kvm_async_pf_hash_fn(gfn_t gfn)
6516 return hash_32(gfn & 0xffffffff, order_base_2(ASYNC_PF_PER_VCPU));
6519 static inline u32 kvm_async_pf_next_probe(u32 key)
6521 return (key + 1) & (roundup_pow_of_two(ASYNC_PF_PER_VCPU) - 1);
6524 static void kvm_add_async_pf_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
6526 u32 key = kvm_async_pf_hash_fn(gfn);
6528 while (vcpu->arch.apf.gfns[key] != ~0)
6529 key = kvm_async_pf_next_probe(key);
6531 vcpu->arch.apf.gfns[key] = gfn;
6534 static u32 kvm_async_pf_gfn_slot(struct kvm_vcpu *vcpu, gfn_t gfn)
6537 u32 key = kvm_async_pf_hash_fn(gfn);
6539 for (i = 0; i < roundup_pow_of_two(ASYNC_PF_PER_VCPU) &&
6540 (vcpu->arch.apf.gfns[key] != gfn &&
6541 vcpu->arch.apf.gfns[key] != ~0); i++)
6542 key = kvm_async_pf_next_probe(key);
6547 bool kvm_find_async_pf_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
6549 return vcpu->arch.apf.gfns[kvm_async_pf_gfn_slot(vcpu, gfn)] == gfn;
6552 static void kvm_del_async_pf_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
6556 i = j = kvm_async_pf_gfn_slot(vcpu, gfn);
6558 vcpu->arch.apf.gfns[i] = ~0;
6560 j = kvm_async_pf_next_probe(j);
6561 if (vcpu->arch.apf.gfns[j] == ~0)
6563 k = kvm_async_pf_hash_fn(vcpu->arch.apf.gfns[j]);
6565 * k lies cyclically in ]i,j]
6567 * |....j i.k.| or |.k..j i...|
6569 } while ((i <= j) ? (i < k && k <= j) : (i < k || k <= j));
6570 vcpu->arch.apf.gfns[i] = vcpu->arch.apf.gfns[j];
6575 static int apf_put_user(struct kvm_vcpu *vcpu, u32 val)
6578 return kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.apf.data, &val,
6582 void kvm_arch_async_page_not_present(struct kvm_vcpu *vcpu,
6583 struct kvm_async_pf *work)
6585 struct x86_exception fault;
6587 trace_kvm_async_pf_not_present(work->arch.token, work->gva);
6588 kvm_add_async_pf_gfn(vcpu, work->arch.gfn);
6590 if (!(vcpu->arch.apf.msr_val & KVM_ASYNC_PF_ENABLED) ||
6591 (vcpu->arch.apf.send_user_only &&
6592 kvm_x86_ops->get_cpl(vcpu) == 0))
6593 kvm_make_request(KVM_REQ_APF_HALT, vcpu);
6594 else if (!apf_put_user(vcpu, KVM_PV_REASON_PAGE_NOT_PRESENT)) {
6595 fault.vector = PF_VECTOR;
6596 fault.error_code_valid = true;
6597 fault.error_code = 0;
6598 fault.nested_page_fault = false;
6599 fault.address = work->arch.token;
6600 kvm_inject_page_fault(vcpu, &fault);
6604 void kvm_arch_async_page_present(struct kvm_vcpu *vcpu,
6605 struct kvm_async_pf *work)
6607 struct x86_exception fault;
6609 trace_kvm_async_pf_ready(work->arch.token, work->gva);
6610 if (is_error_page(work->page))
6611 work->arch.token = ~0; /* broadcast wakeup */
6613 kvm_del_async_pf_gfn(vcpu, work->arch.gfn);
6615 if ((vcpu->arch.apf.msr_val & KVM_ASYNC_PF_ENABLED) &&
6616 !apf_put_user(vcpu, KVM_PV_REASON_PAGE_READY)) {
6617 fault.vector = PF_VECTOR;
6618 fault.error_code_valid = true;
6619 fault.error_code = 0;
6620 fault.nested_page_fault = false;
6621 fault.address = work->arch.token;
6622 kvm_inject_page_fault(vcpu, &fault);
6624 vcpu->arch.apf.halted = false;
6625 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
6628 bool kvm_arch_can_inject_async_page_present(struct kvm_vcpu *vcpu)
6630 if (!(vcpu->arch.apf.msr_val & KVM_ASYNC_PF_ENABLED))
6633 return !kvm_event_needs_reinjection(vcpu) &&
6634 kvm_x86_ops->interrupt_allowed(vcpu);
6637 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
6638 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq);
6639 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_page_fault);
6640 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_msr);
6641 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_cr);
6642 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmrun);
6643 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit);
6644 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit_inject);
6645 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_intr_vmexit);
6646 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_invlpga);
6647 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_skinit);
6648 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_intercepts);
projects / ~andy / linux / blob