1 #define pr_fmt(fmt) "SVM: " fmt
3 #include <linux/kvm_host.h>
7 #include "kvm_cache_regs.h"
12 #include <linux/module.h>
13 #include <linux/mod_devicetable.h>
14 #include <linux/kernel.h>
15 #include <linux/vmalloc.h>
16 #include <linux/highmem.h>
17 #include <linux/amd-iommu.h>
18 #include <linux/sched.h>
19 #include <linux/trace_events.h>
20 #include <linux/slab.h>
21 #include <linux/hashtable.h>
22 #include <linux/objtool.h>
23 #include <linux/psp-sev.h>
24 #include <linux/file.h>
25 #include <linux/pagemap.h>
26 #include <linux/swap.h>
27 #include <linux/rwsem.h>
28 #include <linux/cc_platform.h>
31 #include <asm/perf_event.h>
32 #include <asm/tlbflush.h>
34 #include <asm/debugreg.h>
35 #include <asm/kvm_para.h>
36 #include <asm/irq_remapping.h>
37 #include <asm/spec-ctrl.h>
38 #include <asm/cpu_device_id.h>
39 #include <asm/traps.h>
40 #include <asm/fpu/api.h>
42 #include <asm/virtext.h>
48 #include "kvm_onhyperv.h"
49 #include "svm_onhyperv.h"
51 MODULE_AUTHOR("Qumranet");
52 MODULE_LICENSE("GPL");
55 static const struct x86_cpu_id svm_cpu_id[] = {
56 X86_MATCH_FEATURE(X86_FEATURE_SVM, NULL),
59 MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id);
62 #define SEG_TYPE_LDT 2
63 #define SEG_TYPE_BUSY_TSS16 3
65 static bool erratum_383_found __read_mostly;
67 u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
70 * Set osvw_len to higher value when updated Revision Guides
71 * are published and we know what the new status bits are
73 static uint64_t osvw_len = 4, osvw_status;
75 static DEFINE_PER_CPU(u64, current_tsc_ratio);
77 #define X2APIC_MSR(x) (APIC_BASE_MSR + (x >> 4))
79 static const struct svm_direct_access_msrs {
80 u32 index; /* Index of the MSR */
81 bool always; /* True if intercept is initially cleared */
82 } direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] = {
83 { .index = MSR_STAR, .always = true },
84 { .index = MSR_IA32_SYSENTER_CS, .always = true },
85 { .index = MSR_IA32_SYSENTER_EIP, .always = false },
86 { .index = MSR_IA32_SYSENTER_ESP, .always = false },
88 { .index = MSR_GS_BASE, .always = true },
89 { .index = MSR_FS_BASE, .always = true },
90 { .index = MSR_KERNEL_GS_BASE, .always = true },
91 { .index = MSR_LSTAR, .always = true },
92 { .index = MSR_CSTAR, .always = true },
93 { .index = MSR_SYSCALL_MASK, .always = true },
95 { .index = MSR_IA32_SPEC_CTRL, .always = false },
96 { .index = MSR_IA32_PRED_CMD, .always = false },
97 { .index = MSR_IA32_LASTBRANCHFROMIP, .always = false },
98 { .index = MSR_IA32_LASTBRANCHTOIP, .always = false },
99 { .index = MSR_IA32_LASTINTFROMIP, .always = false },
100 { .index = MSR_IA32_LASTINTTOIP, .always = false },
101 { .index = MSR_EFER, .always = false },
102 { .index = MSR_IA32_CR_PAT, .always = false },
103 { .index = MSR_AMD64_SEV_ES_GHCB, .always = true },
104 { .index = MSR_TSC_AUX, .always = false },
105 { .index = X2APIC_MSR(APIC_ID), .always = false },
106 { .index = X2APIC_MSR(APIC_LVR), .always = false },
107 { .index = X2APIC_MSR(APIC_TASKPRI), .always = false },
108 { .index = X2APIC_MSR(APIC_ARBPRI), .always = false },
109 { .index = X2APIC_MSR(APIC_PROCPRI), .always = false },
110 { .index = X2APIC_MSR(APIC_EOI), .always = false },
111 { .index = X2APIC_MSR(APIC_RRR), .always = false },
112 { .index = X2APIC_MSR(APIC_LDR), .always = false },
113 { .index = X2APIC_MSR(APIC_DFR), .always = false },
114 { .index = X2APIC_MSR(APIC_SPIV), .always = false },
115 { .index = X2APIC_MSR(APIC_ISR), .always = false },
116 { .index = X2APIC_MSR(APIC_TMR), .always = false },
117 { .index = X2APIC_MSR(APIC_IRR), .always = false },
118 { .index = X2APIC_MSR(APIC_ESR), .always = false },
119 { .index = X2APIC_MSR(APIC_ICR), .always = false },
120 { .index = X2APIC_MSR(APIC_ICR2), .always = false },
124 * AMD does not virtualize APIC TSC-deadline timer mode, but it is
125 * emulated by KVM. When setting APIC LVTT (0x832) register bit 18,
126 * the AVIC hardware would generate GP fault. Therefore, always
127 * intercept the MSR 0x832, and do not setup direct_access_msr.
129 { .index = X2APIC_MSR(APIC_LVTTHMR), .always = false },
130 { .index = X2APIC_MSR(APIC_LVTPC), .always = false },
131 { .index = X2APIC_MSR(APIC_LVT0), .always = false },
132 { .index = X2APIC_MSR(APIC_LVT1), .always = false },
133 { .index = X2APIC_MSR(APIC_LVTERR), .always = false },
134 { .index = X2APIC_MSR(APIC_TMICT), .always = false },
135 { .index = X2APIC_MSR(APIC_TMCCT), .always = false },
136 { .index = X2APIC_MSR(APIC_TDCR), .always = false },
137 { .index = MSR_INVALID, .always = false },
141 * These 2 parameters are used to config the controls for Pause-Loop Exiting:
142 * pause_filter_count: On processors that support Pause filtering(indicated
143 * by CPUID Fn8000_000A_EDX), the VMCB provides a 16 bit pause filter
144 * count value. On VMRUN this value is loaded into an internal counter.
145 * Each time a pause instruction is executed, this counter is decremented
146 * until it reaches zero at which time a #VMEXIT is generated if pause
147 * intercept is enabled. Refer to AMD APM Vol 2 Section 15.14.4 Pause
148 * Intercept Filtering for more details.
149 * This also indicate if ple logic enabled.
151 * pause_filter_thresh: In addition, some processor families support advanced
152 * pause filtering (indicated by CPUID Fn8000_000A_EDX) upper bound on
153 * the amount of time a guest is allowed to execute in a pause loop.
154 * In this mode, a 16-bit pause filter threshold field is added in the
155 * VMCB. The threshold value is a cycle count that is used to reset the
156 * pause counter. As with simple pause filtering, VMRUN loads the pause
157 * count value from VMCB into an internal counter. Then, on each pause
158 * instruction the hardware checks the elapsed number of cycles since
159 * the most recent pause instruction against the pause filter threshold.
160 * If the elapsed cycle count is greater than the pause filter threshold,
161 * then the internal pause count is reloaded from the VMCB and execution
162 * continues. If the elapsed cycle count is less than the pause filter
163 * threshold, then the internal pause count is decremented. If the count
164 * value is less than zero and PAUSE intercept is enabled, a #VMEXIT is
165 * triggered. If advanced pause filtering is supported and pause filter
166 * threshold field is set to zero, the filter will operate in the simpler,
170 static unsigned short pause_filter_thresh = KVM_DEFAULT_PLE_GAP;
171 module_param(pause_filter_thresh, ushort, 0444);
173 static unsigned short pause_filter_count = KVM_SVM_DEFAULT_PLE_WINDOW;
174 module_param(pause_filter_count, ushort, 0444);
176 /* Default doubles per-vcpu window every exit. */
177 static unsigned short pause_filter_count_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
178 module_param(pause_filter_count_grow, ushort, 0444);
180 /* Default resets per-vcpu window every exit to pause_filter_count. */
181 static unsigned short pause_filter_count_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
182 module_param(pause_filter_count_shrink, ushort, 0444);
184 /* Default is to compute the maximum so we can never overflow. */
185 static unsigned short pause_filter_count_max = KVM_SVM_DEFAULT_PLE_WINDOW_MAX;
186 module_param(pause_filter_count_max, ushort, 0444);
189 * Use nested page tables by default. Note, NPT may get forced off by
190 * svm_hardware_setup() if it's unsupported by hardware or the host kernel.
192 bool npt_enabled = true;
193 module_param_named(npt, npt_enabled, bool, 0444);
195 /* allow nested virtualization in KVM/SVM */
196 static int nested = true;
197 module_param(nested, int, S_IRUGO);
199 /* enable/disable Next RIP Save */
200 static int nrips = true;
201 module_param(nrips, int, 0444);
203 /* enable/disable Virtual VMLOAD VMSAVE */
204 static int vls = true;
205 module_param(vls, int, 0444);
207 /* enable/disable Virtual GIF */
209 module_param(vgif, int, 0444);
211 /* enable/disable LBR virtualization */
212 static int lbrv = true;
213 module_param(lbrv, int, 0444);
215 static int tsc_scaling = true;
216 module_param(tsc_scaling, int, 0444);
219 * enable / disable AVIC. Because the defaults differ for APICv
220 * support between VMX and SVM we cannot use module_param_named.
223 module_param(avic, bool, 0444);
225 bool __read_mostly dump_invalid_vmcb;
226 module_param(dump_invalid_vmcb, bool, 0644);
229 bool intercept_smi = true;
230 module_param(intercept_smi, bool, 0444);
233 static bool svm_gp_erratum_intercept = true;
235 static u8 rsm_ins_bytes[] = "\x0f\xaa";
237 static unsigned long iopm_base;
239 struct kvm_ldttss_desc {
242 unsigned base1:8, type:5, dpl:2, p:1;
243 unsigned limit1:4, zero0:3, g:1, base2:8;
246 } __attribute__((packed));
248 DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
251 * Only MSR_TSC_AUX is switched via the user return hook. EFER is switched via
252 * the VMCB, and the SYSCALL/SYSENTER MSRs are handled by VMLOAD/VMSAVE.
254 * RDTSCP and RDPID are not used in the kernel, specifically to allow KVM to
255 * defer the restoration of TSC_AUX until the CPU returns to userspace.
257 static int tsc_aux_uret_slot __read_mostly = -1;
259 static const u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};
261 #define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
262 #define MSRS_RANGE_SIZE 2048
263 #define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)
265 u32 svm_msrpm_offset(u32 msr)
270 for (i = 0; i < NUM_MSR_MAPS; i++) {
271 if (msr < msrpm_ranges[i] ||
272 msr >= msrpm_ranges[i] + MSRS_IN_RANGE)
275 offset = (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
276 offset += (i * MSRS_RANGE_SIZE); /* add range offset */
278 /* Now we have the u8 offset - but need the u32 offset */
282 /* MSR not in any range */
286 static void svm_flush_tlb_current(struct kvm_vcpu *vcpu);
288 static int get_npt_level(void)
291 return pgtable_l5_enabled() ? PT64_ROOT_5LEVEL : PT64_ROOT_4LEVEL;
293 return PT32E_ROOT_LEVEL;
297 int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
299 struct vcpu_svm *svm = to_svm(vcpu);
300 u64 old_efer = vcpu->arch.efer;
301 vcpu->arch.efer = efer;
304 /* Shadow paging assumes NX to be available. */
307 if (!(efer & EFER_LMA))
311 if ((old_efer & EFER_SVME) != (efer & EFER_SVME)) {
312 if (!(efer & EFER_SVME)) {
313 svm_leave_nested(vcpu);
314 svm_set_gif(svm, true);
315 /* #GP intercept is still needed for vmware backdoor */
316 if (!enable_vmware_backdoor)
317 clr_exception_intercept(svm, GP_VECTOR);
320 * Free the nested guest state, unless we are in SMM.
321 * In this case we will return to the nested guest
322 * as soon as we leave SMM.
325 svm_free_nested(svm);
328 int ret = svm_allocate_nested(svm);
331 vcpu->arch.efer = old_efer;
336 * Never intercept #GP for SEV guests, KVM can't
337 * decrypt guest memory to workaround the erratum.
339 if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm))
340 set_exception_intercept(svm, GP_VECTOR);
344 svm->vmcb->save.efer = efer | EFER_SVME;
345 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
349 static int is_external_interrupt(u32 info)
351 info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
352 return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
355 static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
357 struct vcpu_svm *svm = to_svm(vcpu);
360 if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
361 ret = KVM_X86_SHADOW_INT_STI | KVM_X86_SHADOW_INT_MOV_SS;
365 static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
367 struct vcpu_svm *svm = to_svm(vcpu);
370 svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
372 svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;
376 static int __svm_skip_emulated_instruction(struct kvm_vcpu *vcpu,
377 bool commit_side_effects)
379 struct vcpu_svm *svm = to_svm(vcpu);
380 unsigned long old_rflags;
383 * SEV-ES does not expose the next RIP. The RIP update is controlled by
384 * the type of exit and the #VC handler in the guest.
386 if (sev_es_guest(vcpu->kvm))
389 if (nrips && svm->vmcb->control.next_rip != 0) {
390 WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
391 svm->next_rip = svm->vmcb->control.next_rip;
394 if (!svm->next_rip) {
395 if (unlikely(!commit_side_effects))
396 old_rflags = svm->vmcb->save.rflags;
398 if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
401 if (unlikely(!commit_side_effects))
402 svm->vmcb->save.rflags = old_rflags;
404 kvm_rip_write(vcpu, svm->next_rip);
408 if (likely(commit_side_effects))
409 svm_set_interrupt_shadow(vcpu, 0);
414 static int svm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
416 return __svm_skip_emulated_instruction(vcpu, true);
419 static int svm_update_soft_interrupt_rip(struct kvm_vcpu *vcpu)
421 unsigned long rip, old_rip = kvm_rip_read(vcpu);
422 struct vcpu_svm *svm = to_svm(vcpu);
425 * Due to architectural shortcomings, the CPU doesn't always provide
426 * NextRIP, e.g. if KVM intercepted an exception that occurred while
427 * the CPU was vectoring an INTO/INT3 in the guest. Temporarily skip
428 * the instruction even if NextRIP is supported to acquire the next
429 * RIP so that it can be shoved into the NextRIP field, otherwise
430 * hardware will fail to advance guest RIP during event injection.
431 * Drop the exception/interrupt if emulation fails and effectively
432 * retry the instruction, it's the least awful option. If NRIPS is
433 * in use, the skip must not commit any side effects such as clearing
434 * the interrupt shadow or RFLAGS.RF.
436 if (!__svm_skip_emulated_instruction(vcpu, !nrips))
439 rip = kvm_rip_read(vcpu);
442 * Save the injection information, even when using next_rip, as the
443 * VMCB's next_rip will be lost (cleared on VM-Exit) if the injection
444 * doesn't complete due to a VM-Exit occurring while the CPU is
445 * vectoring the event. Decoding the instruction isn't guaranteed to
446 * work as there may be no backing instruction, e.g. if the event is
447 * being injected by L1 for L2, or if the guest is patching INT3 into
448 * a different instruction.
450 svm->soft_int_injected = true;
451 svm->soft_int_csbase = svm->vmcb->save.cs.base;
452 svm->soft_int_old_rip = old_rip;
453 svm->soft_int_next_rip = rip;
456 kvm_rip_write(vcpu, old_rip);
458 if (static_cpu_has(X86_FEATURE_NRIPS))
459 svm->vmcb->control.next_rip = rip;
464 static void svm_inject_exception(struct kvm_vcpu *vcpu)
466 struct kvm_queued_exception *ex = &vcpu->arch.exception;
467 struct vcpu_svm *svm = to_svm(vcpu);
469 kvm_deliver_exception_payload(vcpu, ex);
471 if (kvm_exception_is_soft(ex->vector) &&
472 svm_update_soft_interrupt_rip(vcpu))
475 svm->vmcb->control.event_inj = ex->vector
477 | (ex->has_error_code ? SVM_EVTINJ_VALID_ERR : 0)
478 | SVM_EVTINJ_TYPE_EXEPT;
479 svm->vmcb->control.event_inj_err = ex->error_code;
482 static void svm_init_erratum_383(void)
488 if (!static_cpu_has_bug(X86_BUG_AMD_TLB_MMATCH))
491 /* Use _safe variants to not break nested virtualization */
492 val = native_read_msr_safe(MSR_AMD64_DC_CFG, &err);
498 low = lower_32_bits(val);
499 high = upper_32_bits(val);
501 native_write_msr_safe(MSR_AMD64_DC_CFG, low, high);
503 erratum_383_found = true;
506 static void svm_init_osvw(struct kvm_vcpu *vcpu)
509 * Guests should see errata 400 and 415 as fixed (assuming that
510 * HLT and IO instructions are intercepted).
512 vcpu->arch.osvw.length = (osvw_len >= 3) ? (osvw_len) : 3;
513 vcpu->arch.osvw.status = osvw_status & ~(6ULL);
516 * By increasing VCPU's osvw.length to 3 we are telling the guest that
517 * all osvw.status bits inside that length, including bit 0 (which is
518 * reserved for erratum 298), are valid. However, if host processor's
519 * osvw_len is 0 then osvw_status[0] carries no information. We need to
520 * be conservative here and therefore we tell the guest that erratum 298
521 * is present (because we really don't know).
523 if (osvw_len == 0 && boot_cpu_data.x86 == 0x10)
524 vcpu->arch.osvw.status |= 1;
527 static int has_svm(void)
531 if (!cpu_has_svm(&msg)) {
532 printk(KERN_INFO "has_svm: %s\n", msg);
536 if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
537 pr_info("KVM is unsupported when running as an SEV guest\n");
544 void __svm_write_tsc_multiplier(u64 multiplier)
548 if (multiplier == __this_cpu_read(current_tsc_ratio))
551 wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
552 __this_cpu_write(current_tsc_ratio, multiplier);
557 static void svm_hardware_disable(void)
559 /* Make sure we clean up behind us */
561 __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
565 amd_pmu_disable_virt();
568 static int svm_hardware_enable(void)
571 struct svm_cpu_data *sd;
573 struct desc_struct *gdt;
574 int me = raw_smp_processor_id();
576 rdmsrl(MSR_EFER, efer);
577 if (efer & EFER_SVME)
581 pr_err("%s: err EOPNOTSUPP on %d\n", __func__, me);
584 sd = per_cpu(svm_data, me);
586 pr_err("%s: svm_data is NULL on %d\n", __func__, me);
590 sd->asid_generation = 1;
591 sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
592 sd->next_asid = sd->max_asid + 1;
593 sd->min_asid = max_sev_asid + 1;
595 gdt = get_current_gdt_rw();
596 sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
598 wrmsrl(MSR_EFER, efer | EFER_SVME);
600 wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area));
602 if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
604 * Set the default value, even if we don't use TSC scaling
605 * to avoid having stale value in the msr
607 __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
614 * Note that it is possible to have a system with mixed processor
615 * revisions and therefore different OSVW bits. If bits are not the same
616 * on different processors then choose the worst case (i.e. if erratum
617 * is present on one processor and not on another then assume that the
618 * erratum is present everywhere).
620 if (cpu_has(&boot_cpu_data, X86_FEATURE_OSVW)) {
621 uint64_t len, status = 0;
624 len = native_read_msr_safe(MSR_AMD64_OSVW_ID_LENGTH, &err);
626 status = native_read_msr_safe(MSR_AMD64_OSVW_STATUS,
630 osvw_status = osvw_len = 0;
634 osvw_status |= status;
635 osvw_status &= (1ULL << osvw_len) - 1;
638 osvw_status = osvw_len = 0;
640 svm_init_erratum_383();
642 amd_pmu_enable_virt();
647 static void svm_cpu_uninit(int cpu)
649 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
654 per_cpu(svm_data, cpu) = NULL;
655 kfree(sd->sev_vmcbs);
656 __free_page(sd->save_area);
660 static int svm_cpu_init(int cpu)
662 struct svm_cpu_data *sd;
665 sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
669 sd->save_area = alloc_page(GFP_KERNEL | __GFP_ZERO);
673 ret = sev_cpu_init(sd);
677 per_cpu(svm_data, cpu) = sd;
682 __free_page(sd->save_area);
689 static int direct_access_msr_slot(u32 msr)
693 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++)
694 if (direct_access_msrs[i].index == msr)
700 static void set_shadow_msr_intercept(struct kvm_vcpu *vcpu, u32 msr, int read,
703 struct vcpu_svm *svm = to_svm(vcpu);
704 int slot = direct_access_msr_slot(msr);
709 /* Set the shadow bitmaps to the desired intercept states */
711 set_bit(slot, svm->shadow_msr_intercept.read);
713 clear_bit(slot, svm->shadow_msr_intercept.read);
716 set_bit(slot, svm->shadow_msr_intercept.write);
718 clear_bit(slot, svm->shadow_msr_intercept.write);
721 static bool valid_msr_intercept(u32 index)
723 return direct_access_msr_slot(index) != -ENOENT;
726 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
733 msrpm = is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm:
736 offset = svm_msrpm_offset(msr);
737 bit_write = 2 * (msr & 0x0f) + 1;
740 BUG_ON(offset == MSR_INVALID);
742 return !!test_bit(bit_write, &tmp);
745 static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm,
746 u32 msr, int read, int write)
748 struct vcpu_svm *svm = to_svm(vcpu);
749 u8 bit_read, bit_write;
754 * If this warning triggers extend the direct_access_msrs list at the
755 * beginning of the file
757 WARN_ON(!valid_msr_intercept(msr));
759 /* Enforce non allowed MSRs to trap */
760 if (read && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ))
763 if (write && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE))
766 offset = svm_msrpm_offset(msr);
767 bit_read = 2 * (msr & 0x0f);
768 bit_write = 2 * (msr & 0x0f) + 1;
771 BUG_ON(offset == MSR_INVALID);
773 read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp);
774 write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
778 svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
779 svm->nested.force_msr_bitmap_recalc = true;
782 void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr,
785 set_shadow_msr_intercept(vcpu, msr, read, write);
786 set_msr_interception_bitmap(vcpu, msrpm, msr, read, write);
789 u32 *svm_vcpu_alloc_msrpm(void)
791 unsigned int order = get_order(MSRPM_SIZE);
792 struct page *pages = alloc_pages(GFP_KERNEL_ACCOUNT, order);
798 msrpm = page_address(pages);
799 memset(msrpm, 0xff, PAGE_SIZE * (1 << order));
804 void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm)
808 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
809 if (!direct_access_msrs[i].always)
811 set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1);
815 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
819 if (intercept == svm->x2avic_msrs_intercepted)
822 if (avic_mode != AVIC_MODE_X2 ||
823 !apic_x2apic_mode(svm->vcpu.arch.apic))
826 for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
827 int index = direct_access_msrs[i].index;
829 if ((index < APIC_BASE_MSR) ||
830 (index > APIC_BASE_MSR + 0xff))
832 set_msr_interception(&svm->vcpu, svm->msrpm, index,
833 !intercept, !intercept);
836 svm->x2avic_msrs_intercepted = intercept;
839 void svm_vcpu_free_msrpm(u32 *msrpm)
841 __free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE));
844 static void svm_msr_filter_changed(struct kvm_vcpu *vcpu)
846 struct vcpu_svm *svm = to_svm(vcpu);
850 * Set intercept permissions for all direct access MSRs again. They
851 * will automatically get filtered through the MSR filter, so we are
852 * back in sync after this.
854 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
855 u32 msr = direct_access_msrs[i].index;
856 u32 read = test_bit(i, svm->shadow_msr_intercept.read);
857 u32 write = test_bit(i, svm->shadow_msr_intercept.write);
859 set_msr_interception_bitmap(vcpu, svm->msrpm, msr, read, write);
863 static void add_msr_offset(u32 offset)
867 for (i = 0; i < MSRPM_OFFSETS; ++i) {
869 /* Offset already in list? */
870 if (msrpm_offsets[i] == offset)
873 /* Slot used by another offset? */
874 if (msrpm_offsets[i] != MSR_INVALID)
877 /* Add offset to list */
878 msrpm_offsets[i] = offset;
884 * If this BUG triggers the msrpm_offsets table has an overflow. Just
885 * increase MSRPM_OFFSETS in this case.
890 static void init_msrpm_offsets(void)
894 memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));
896 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
899 offset = svm_msrpm_offset(direct_access_msrs[i].index);
900 BUG_ON(offset == MSR_INVALID);
902 add_msr_offset(offset);
906 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
908 to_vmcb->save.dbgctl = from_vmcb->save.dbgctl;
909 to_vmcb->save.br_from = from_vmcb->save.br_from;
910 to_vmcb->save.br_to = from_vmcb->save.br_to;
911 to_vmcb->save.last_excp_from = from_vmcb->save.last_excp_from;
912 to_vmcb->save.last_excp_to = from_vmcb->save.last_excp_to;
914 vmcb_mark_dirty(to_vmcb, VMCB_LBR);
917 static void svm_enable_lbrv(struct kvm_vcpu *vcpu)
919 struct vcpu_svm *svm = to_svm(vcpu);
921 svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK;
922 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
923 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
924 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
925 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
927 /* Move the LBR msrs to the vmcb02 so that the guest can see them. */
928 if (is_guest_mode(vcpu))
929 svm_copy_lbrs(svm->vmcb, svm->vmcb01.ptr);
932 static void svm_disable_lbrv(struct kvm_vcpu *vcpu)
934 struct vcpu_svm *svm = to_svm(vcpu);
936 svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
937 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
938 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
939 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
940 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
943 * Move the LBR msrs back to the vmcb01 to avoid copying them
944 * on nested guest entries.
946 if (is_guest_mode(vcpu))
947 svm_copy_lbrs(svm->vmcb01.ptr, svm->vmcb);
950 static int svm_get_lbr_msr(struct vcpu_svm *svm, u32 index)
953 * If the LBR virtualization is disabled, the LBR msrs are always
954 * kept in the vmcb01 to avoid copying them on nested guest entries.
956 * If nested, and the LBR virtualization is enabled/disabled, the msrs
957 * are moved between the vmcb01 and vmcb02 as needed.
960 (svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK) ?
961 svm->vmcb : svm->vmcb01.ptr;
964 case MSR_IA32_DEBUGCTLMSR:
965 return vmcb->save.dbgctl;
966 case MSR_IA32_LASTBRANCHFROMIP:
967 return vmcb->save.br_from;
968 case MSR_IA32_LASTBRANCHTOIP:
969 return vmcb->save.br_to;
970 case MSR_IA32_LASTINTFROMIP:
971 return vmcb->save.last_excp_from;
972 case MSR_IA32_LASTINTTOIP:
973 return vmcb->save.last_excp_to;
975 KVM_BUG(false, svm->vcpu.kvm,
976 "%s: Unknown MSR 0x%x", __func__, index);
981 void svm_update_lbrv(struct kvm_vcpu *vcpu)
983 struct vcpu_svm *svm = to_svm(vcpu);
985 bool enable_lbrv = svm_get_lbr_msr(svm, MSR_IA32_DEBUGCTLMSR) &
988 bool current_enable_lbrv = !!(svm->vmcb->control.virt_ext &
989 LBR_CTL_ENABLE_MASK);
991 if (unlikely(is_guest_mode(vcpu) && svm->lbrv_enabled))
992 if (unlikely(svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))
995 if (enable_lbrv == current_enable_lbrv)
999 svm_enable_lbrv(vcpu);
1001 svm_disable_lbrv(vcpu);
1004 void disable_nmi_singlestep(struct vcpu_svm *svm)
1006 svm->nmi_singlestep = false;
1008 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) {
1009 /* Clear our flags if they were not set by the guest */
1010 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
1011 svm->vmcb->save.rflags &= ~X86_EFLAGS_TF;
1012 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
1013 svm->vmcb->save.rflags &= ~X86_EFLAGS_RF;
1017 static void grow_ple_window(struct kvm_vcpu *vcpu)
1019 struct vcpu_svm *svm = to_svm(vcpu);
1020 struct vmcb_control_area *control = &svm->vmcb->control;
1021 int old = control->pause_filter_count;
1023 if (kvm_pause_in_guest(vcpu->kvm))
1026 control->pause_filter_count = __grow_ple_window(old,
1028 pause_filter_count_grow,
1029 pause_filter_count_max);
1031 if (control->pause_filter_count != old) {
1032 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1033 trace_kvm_ple_window_update(vcpu->vcpu_id,
1034 control->pause_filter_count, old);
1038 static void shrink_ple_window(struct kvm_vcpu *vcpu)
1040 struct vcpu_svm *svm = to_svm(vcpu);
1041 struct vmcb_control_area *control = &svm->vmcb->control;
1042 int old = control->pause_filter_count;
1044 if (kvm_pause_in_guest(vcpu->kvm))
1047 control->pause_filter_count =
1048 __shrink_ple_window(old,
1050 pause_filter_count_shrink,
1051 pause_filter_count);
1052 if (control->pause_filter_count != old) {
1053 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1054 trace_kvm_ple_window_update(vcpu->vcpu_id,
1055 control->pause_filter_count, old);
1059 static void svm_hardware_unsetup(void)
1063 sev_hardware_unsetup();
1065 for_each_possible_cpu(cpu)
1066 svm_cpu_uninit(cpu);
1068 __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT),
1069 get_order(IOPM_SIZE));
1073 static void init_seg(struct vmcb_seg *seg)
1076 seg->attrib = SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK |
1077 SVM_SELECTOR_WRITE_MASK; /* Read/Write Data Segment */
1078 seg->limit = 0xffff;
1082 static void init_sys_seg(struct vmcb_seg *seg, uint32_t type)
1085 seg->attrib = SVM_SELECTOR_P_MASK | type;
1086 seg->limit = 0xffff;
1090 static u64 svm_get_l2_tsc_offset(struct kvm_vcpu *vcpu)
1092 struct vcpu_svm *svm = to_svm(vcpu);
1094 return svm->nested.ctl.tsc_offset;
1097 static u64 svm_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu)
1099 struct vcpu_svm *svm = to_svm(vcpu);
1101 return svm->tsc_ratio_msr;
1104 static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
1106 struct vcpu_svm *svm = to_svm(vcpu);
1108 svm->vmcb01.ptr->control.tsc_offset = vcpu->arch.l1_tsc_offset;
1109 svm->vmcb->control.tsc_offset = offset;
1110 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1113 static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
1115 __svm_write_tsc_multiplier(multiplier);
1119 /* Evaluate instruction intercepts that depend on guest CPUID features. */
1120 static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
1121 struct vcpu_svm *svm)
1124 * Intercept INVPCID if shadow paging is enabled to sync/free shadow
1125 * roots, or if INVPCID is disabled in the guest to inject #UD.
1127 if (kvm_cpu_cap_has(X86_FEATURE_INVPCID)) {
1129 !guest_cpuid_has(&svm->vcpu, X86_FEATURE_INVPCID))
1130 svm_set_intercept(svm, INTERCEPT_INVPCID);
1132 svm_clr_intercept(svm, INTERCEPT_INVPCID);
1135 if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) {
1136 if (guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
1137 svm_clr_intercept(svm, INTERCEPT_RDTSCP);
1139 svm_set_intercept(svm, INTERCEPT_RDTSCP);
1143 static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu)
1145 struct vcpu_svm *svm = to_svm(vcpu);
1147 if (guest_cpuid_is_intel(vcpu)) {
1149 * We must intercept SYSENTER_EIP and SYSENTER_ESP
1150 * accesses because the processor only stores 32 bits.
1151 * For the same reason we cannot use virtual VMLOAD/VMSAVE.
1153 svm_set_intercept(svm, INTERCEPT_VMLOAD);
1154 svm_set_intercept(svm, INTERCEPT_VMSAVE);
1155 svm->vmcb->control.virt_ext &= ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
1157 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0);
1158 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0);
1160 svm->v_vmload_vmsave_enabled = false;
1163 * If hardware supports Virtual VMLOAD VMSAVE then enable it
1164 * in VMCB and clear intercepts to avoid #VMEXIT.
1167 svm_clr_intercept(svm, INTERCEPT_VMLOAD);
1168 svm_clr_intercept(svm, INTERCEPT_VMSAVE);
1169 svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
1171 /* No need to intercept these MSRs */
1172 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1);
1173 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1);
1177 static void init_vmcb(struct kvm_vcpu *vcpu)
1179 struct vcpu_svm *svm = to_svm(vcpu);
1180 struct vmcb *vmcb = svm->vmcb01.ptr;
1181 struct vmcb_control_area *control = &vmcb->control;
1182 struct vmcb_save_area *save = &vmcb->save;
1184 svm_set_intercept(svm, INTERCEPT_CR0_READ);
1185 svm_set_intercept(svm, INTERCEPT_CR3_READ);
1186 svm_set_intercept(svm, INTERCEPT_CR4_READ);
1187 svm_set_intercept(svm, INTERCEPT_CR0_WRITE);
1188 svm_set_intercept(svm, INTERCEPT_CR3_WRITE);
1189 svm_set_intercept(svm, INTERCEPT_CR4_WRITE);
1190 if (!kvm_vcpu_apicv_active(vcpu))
1191 svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
1193 set_dr_intercepts(svm);
1195 set_exception_intercept(svm, PF_VECTOR);
1196 set_exception_intercept(svm, UD_VECTOR);
1197 set_exception_intercept(svm, MC_VECTOR);
1198 set_exception_intercept(svm, AC_VECTOR);
1199 set_exception_intercept(svm, DB_VECTOR);
1201 * Guest access to VMware backdoor ports could legitimately
1202 * trigger #GP because of TSS I/O permission bitmap.
1203 * We intercept those #GP and allow access to them anyway
1204 * as VMware does. Don't intercept #GP for SEV guests as KVM can't
1205 * decrypt guest memory to decode the faulting instruction.
1207 if (enable_vmware_backdoor && !sev_guest(vcpu->kvm))
1208 set_exception_intercept(svm, GP_VECTOR);
1210 svm_set_intercept(svm, INTERCEPT_INTR);
1211 svm_set_intercept(svm, INTERCEPT_NMI);
1214 svm_set_intercept(svm, INTERCEPT_SMI);
1216 svm_set_intercept(svm, INTERCEPT_SELECTIVE_CR0);
1217 svm_set_intercept(svm, INTERCEPT_RDPMC);
1218 svm_set_intercept(svm, INTERCEPT_CPUID);
1219 svm_set_intercept(svm, INTERCEPT_INVD);
1220 svm_set_intercept(svm, INTERCEPT_INVLPG);
1221 svm_set_intercept(svm, INTERCEPT_INVLPGA);
1222 svm_set_intercept(svm, INTERCEPT_IOIO_PROT);
1223 svm_set_intercept(svm, INTERCEPT_MSR_PROT);
1224 svm_set_intercept(svm, INTERCEPT_TASK_SWITCH);
1225 svm_set_intercept(svm, INTERCEPT_SHUTDOWN);
1226 svm_set_intercept(svm, INTERCEPT_VMRUN);
1227 svm_set_intercept(svm, INTERCEPT_VMMCALL);
1228 svm_set_intercept(svm, INTERCEPT_VMLOAD);
1229 svm_set_intercept(svm, INTERCEPT_VMSAVE);
1230 svm_set_intercept(svm, INTERCEPT_STGI);
1231 svm_set_intercept(svm, INTERCEPT_CLGI);
1232 svm_set_intercept(svm, INTERCEPT_SKINIT);
1233 svm_set_intercept(svm, INTERCEPT_WBINVD);
1234 svm_set_intercept(svm, INTERCEPT_XSETBV);
1235 svm_set_intercept(svm, INTERCEPT_RDPRU);
1236 svm_set_intercept(svm, INTERCEPT_RSM);
1238 if (!kvm_mwait_in_guest(vcpu->kvm)) {
1239 svm_set_intercept(svm, INTERCEPT_MONITOR);
1240 svm_set_intercept(svm, INTERCEPT_MWAIT);
1243 if (!kvm_hlt_in_guest(vcpu->kvm))
1244 svm_set_intercept(svm, INTERCEPT_HLT);
1246 control->iopm_base_pa = __sme_set(iopm_base);
1247 control->msrpm_base_pa = __sme_set(__pa(svm->msrpm));
1248 control->int_ctl = V_INTR_MASKING_MASK;
1250 init_seg(&save->es);
1251 init_seg(&save->ss);
1252 init_seg(&save->ds);
1253 init_seg(&save->fs);
1254 init_seg(&save->gs);
1256 save->cs.selector = 0xf000;
1257 save->cs.base = 0xffff0000;
1258 /* Executable/Readable Code Segment */
1259 save->cs.attrib = SVM_SELECTOR_READ_MASK | SVM_SELECTOR_P_MASK |
1260 SVM_SELECTOR_S_MASK | SVM_SELECTOR_CODE_MASK;
1261 save->cs.limit = 0xffff;
1263 save->gdtr.base = 0;
1264 save->gdtr.limit = 0xffff;
1265 save->idtr.base = 0;
1266 save->idtr.limit = 0xffff;
1268 init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
1269 init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);
1272 /* Setup VMCB for Nested Paging */
1273 control->nested_ctl |= SVM_NESTED_CTL_NP_ENABLE;
1274 svm_clr_intercept(svm, INTERCEPT_INVLPG);
1275 clr_exception_intercept(svm, PF_VECTOR);
1276 svm_clr_intercept(svm, INTERCEPT_CR3_READ);
1277 svm_clr_intercept(svm, INTERCEPT_CR3_WRITE);
1278 save->g_pat = vcpu->arch.pat;
1281 svm->current_vmcb->asid_generation = 0;
1284 svm->nested.vmcb12_gpa = INVALID_GPA;
1285 svm->nested.last_vmcb12_gpa = INVALID_GPA;
1287 if (!kvm_pause_in_guest(vcpu->kvm)) {
1288 control->pause_filter_count = pause_filter_count;
1289 if (pause_filter_thresh)
1290 control->pause_filter_thresh = pause_filter_thresh;
1291 svm_set_intercept(svm, INTERCEPT_PAUSE);
1293 svm_clr_intercept(svm, INTERCEPT_PAUSE);
1296 svm_recalc_instruction_intercepts(vcpu, svm);
1299 * If the host supports V_SPEC_CTRL then disable the interception
1300 * of MSR_IA32_SPEC_CTRL.
1302 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
1303 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
1305 if (kvm_vcpu_apicv_active(vcpu))
1306 avic_init_vmcb(svm, vmcb);
1309 svm_clr_intercept(svm, INTERCEPT_STGI);
1310 svm_clr_intercept(svm, INTERCEPT_CLGI);
1311 svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK;
1314 if (sev_guest(vcpu->kvm))
1317 svm_hv_init_vmcb(vmcb);
1318 init_vmcb_after_set_cpuid(vcpu);
1320 vmcb_mark_all_dirty(vmcb);
1325 static void __svm_vcpu_reset(struct kvm_vcpu *vcpu)
1327 struct vcpu_svm *svm = to_svm(vcpu);
1329 svm_vcpu_init_msrpm(vcpu, svm->msrpm);
1331 svm_init_osvw(vcpu);
1332 vcpu->arch.microcode_version = 0x01000065;
1333 svm->tsc_ratio_msr = kvm_caps.default_tsc_scaling_ratio;
1335 if (sev_es_guest(vcpu->kvm))
1336 sev_es_vcpu_reset(svm);
1339 static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
1341 struct vcpu_svm *svm = to_svm(vcpu);
1344 svm->virt_spec_ctrl = 0;
1349 __svm_vcpu_reset(vcpu);
1352 void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vmcb)
1354 svm->current_vmcb = target_vmcb;
1355 svm->vmcb = target_vmcb->ptr;
1358 static int svm_vcpu_create(struct kvm_vcpu *vcpu)
1360 struct vcpu_svm *svm;
1361 struct page *vmcb01_page;
1362 struct page *vmsa_page = NULL;
1365 BUILD_BUG_ON(offsetof(struct vcpu_svm, vcpu) != 0);
1369 vmcb01_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
1373 if (sev_es_guest(vcpu->kvm)) {
1375 * SEV-ES guests require a separate VMSA page used to contain
1376 * the encrypted register state of the guest.
1378 vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
1380 goto error_free_vmcb_page;
1383 * SEV-ES guests maintain an encrypted version of their FPU
1384 * state which is restored and saved on VMRUN and VMEXIT.
1385 * Mark vcpu->arch.guest_fpu->fpstate as scratch so it won't
1386 * do xsave/xrstor on it.
1388 fpstate_set_confidential(&vcpu->arch.guest_fpu);
1391 err = avic_init_vcpu(svm);
1393 goto error_free_vmsa_page;
1395 svm->msrpm = svm_vcpu_alloc_msrpm();
1398 goto error_free_vmsa_page;
1401 svm->x2avic_msrs_intercepted = true;
1403 svm->vmcb01.ptr = page_address(vmcb01_page);
1404 svm->vmcb01.pa = __sme_set(page_to_pfn(vmcb01_page) << PAGE_SHIFT);
1405 svm_switch_vmcb(svm, &svm->vmcb01);
1408 svm->sev_es.vmsa = page_address(vmsa_page);
1410 svm->guest_state_loaded = false;
1414 error_free_vmsa_page:
1416 __free_page(vmsa_page);
1417 error_free_vmcb_page:
1418 __free_page(vmcb01_page);
1423 static void svm_clear_current_vmcb(struct vmcb *vmcb)
1427 for_each_online_cpu(i)
1428 cmpxchg(&per_cpu(svm_data, i)->current_vmcb, vmcb, NULL);
1431 static void svm_vcpu_free(struct kvm_vcpu *vcpu)
1433 struct vcpu_svm *svm = to_svm(vcpu);
1436 * The vmcb page can be recycled, causing a false negative in
1437 * svm_vcpu_load(). So, ensure that no logical CPU has this
1438 * vmcb page recorded as its current vmcb.
1440 svm_clear_current_vmcb(svm->vmcb);
1442 svm_free_nested(svm);
1444 sev_free_vcpu(vcpu);
1446 __free_page(pfn_to_page(__sme_clr(svm->vmcb01.pa) >> PAGE_SHIFT));
1447 __free_pages(virt_to_page(svm->msrpm), get_order(MSRPM_SIZE));
1450 static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
1452 struct vcpu_svm *svm = to_svm(vcpu);
1453 struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
1455 if (sev_es_guest(vcpu->kvm))
1456 sev_es_unmap_ghcb(svm);
1458 if (svm->guest_state_loaded)
1462 * Save additional host state that will be restored on VMEXIT (sev-es)
1463 * or subsequent vmload of host save area.
1465 vmsave(__sme_page_pa(sd->save_area));
1466 if (sev_es_guest(vcpu->kvm)) {
1467 struct sev_es_save_area *hostsa;
1468 hostsa = (struct sev_es_save_area *)(page_address(sd->save_area) + 0x400);
1470 sev_es_prepare_switch_to_guest(hostsa);
1474 __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
1476 if (likely(tsc_aux_uret_slot >= 0))
1477 kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull);
1479 svm->guest_state_loaded = true;
1482 static void svm_prepare_host_switch(struct kvm_vcpu *vcpu)
1484 to_svm(vcpu)->guest_state_loaded = false;
1487 static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1489 struct vcpu_svm *svm = to_svm(vcpu);
1490 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
1492 if (sd->current_vmcb != svm->vmcb) {
1493 sd->current_vmcb = svm->vmcb;
1494 indirect_branch_prediction_barrier();
1496 if (kvm_vcpu_apicv_active(vcpu))
1497 avic_vcpu_load(vcpu, cpu);
1500 static void svm_vcpu_put(struct kvm_vcpu *vcpu)
1502 if (kvm_vcpu_apicv_active(vcpu))
1503 avic_vcpu_put(vcpu);
1505 svm_prepare_host_switch(vcpu);
1507 ++vcpu->stat.host_state_reload;
1510 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
1512 struct vcpu_svm *svm = to_svm(vcpu);
1513 unsigned long rflags = svm->vmcb->save.rflags;
1515 if (svm->nmi_singlestep) {
1516 /* Hide our flags if they were not set by the guest */
1517 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
1518 rflags &= ~X86_EFLAGS_TF;
1519 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
1520 rflags &= ~X86_EFLAGS_RF;
1525 static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
1527 if (to_svm(vcpu)->nmi_singlestep)
1528 rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
1531 * Any change of EFLAGS.VM is accompanied by a reload of SS
1532 * (caused by either a task switch or an inter-privilege IRET),
1533 * so we do not need to update the CPL here.
1535 to_svm(vcpu)->vmcb->save.rflags = rflags;
1538 static bool svm_get_if_flag(struct kvm_vcpu *vcpu)
1540 struct vmcb *vmcb = to_svm(vcpu)->vmcb;
1542 return sev_es_guest(vcpu->kvm)
1543 ? vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK
1544 : kvm_get_rflags(vcpu) & X86_EFLAGS_IF;
1547 static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
1549 kvm_register_mark_available(vcpu, reg);
1552 case VCPU_EXREG_PDPTR:
1554 * When !npt_enabled, mmu->pdptrs[] is already available since
1555 * it is always updated per SDM when moving to CRs.
1558 load_pdptrs(vcpu, kvm_read_cr3(vcpu));
1561 KVM_BUG_ON(1, vcpu->kvm);
1565 static void svm_set_vintr(struct vcpu_svm *svm)
1567 struct vmcb_control_area *control;
1570 * The following fields are ignored when AVIC is enabled
1572 WARN_ON(kvm_vcpu_apicv_activated(&svm->vcpu));
1574 svm_set_intercept(svm, INTERCEPT_VINTR);
1577 * This is just a dummy VINTR to actually cause a vmexit to happen.
1578 * Actual injection of virtual interrupts happens through EVENTINJ.
1580 control = &svm->vmcb->control;
1581 control->int_vector = 0x0;
1582 control->int_ctl &= ~V_INTR_PRIO_MASK;
1583 control->int_ctl |= V_IRQ_MASK |
1584 ((/*control->int_vector >> 4*/ 0xf) << V_INTR_PRIO_SHIFT);
1585 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
1588 static void svm_clear_vintr(struct vcpu_svm *svm)
1590 svm_clr_intercept(svm, INTERCEPT_VINTR);
1592 /* Drop int_ctl fields related to VINTR injection. */
1593 svm->vmcb->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
1594 if (is_guest_mode(&svm->vcpu)) {
1595 svm->vmcb01.ptr->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
1597 WARN_ON((svm->vmcb->control.int_ctl & V_TPR_MASK) !=
1598 (svm->nested.ctl.int_ctl & V_TPR_MASK));
1600 svm->vmcb->control.int_ctl |= svm->nested.ctl.int_ctl &
1601 V_IRQ_INJECTION_BITS_MASK;
1603 svm->vmcb->control.int_vector = svm->nested.ctl.int_vector;
1606 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
1609 static struct vmcb_seg *svm_seg(struct kvm_vcpu *vcpu, int seg)
1611 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1612 struct vmcb_save_area *save01 = &to_svm(vcpu)->vmcb01.ptr->save;
1615 case VCPU_SREG_CS: return &save->cs;
1616 case VCPU_SREG_DS: return &save->ds;
1617 case VCPU_SREG_ES: return &save->es;
1618 case VCPU_SREG_FS: return &save01->fs;
1619 case VCPU_SREG_GS: return &save01->gs;
1620 case VCPU_SREG_SS: return &save->ss;
1621 case VCPU_SREG_TR: return &save01->tr;
1622 case VCPU_SREG_LDTR: return &save01->ldtr;
1628 static u64 svm_get_segment_base(struct kvm_vcpu *vcpu, int seg)
1630 struct vmcb_seg *s = svm_seg(vcpu, seg);
1635 static void svm_get_segment(struct kvm_vcpu *vcpu,
1636 struct kvm_segment *var, int seg)
1638 struct vmcb_seg *s = svm_seg(vcpu, seg);
1640 var->base = s->base;
1641 var->limit = s->limit;
1642 var->selector = s->selector;
1643 var->type = s->attrib & SVM_SELECTOR_TYPE_MASK;
1644 var->s = (s->attrib >> SVM_SELECTOR_S_SHIFT) & 1;
1645 var->dpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
1646 var->present = (s->attrib >> SVM_SELECTOR_P_SHIFT) & 1;
1647 var->avl = (s->attrib >> SVM_SELECTOR_AVL_SHIFT) & 1;
1648 var->l = (s->attrib >> SVM_SELECTOR_L_SHIFT) & 1;
1649 var->db = (s->attrib >> SVM_SELECTOR_DB_SHIFT) & 1;
1652 * AMD CPUs circa 2014 track the G bit for all segments except CS.
1653 * However, the SVM spec states that the G bit is not observed by the
1654 * CPU, and some VMware virtual CPUs drop the G bit for all segments.
1655 * So let's synthesize a legal G bit for all segments, this helps
1656 * running KVM nested. It also helps cross-vendor migration, because
1657 * Intel's vmentry has a check on the 'G' bit.
1659 var->g = s->limit > 0xfffff;
1662 * AMD's VMCB does not have an explicit unusable field, so emulate it
1663 * for cross vendor migration purposes by "not present"
1665 var->unusable = !var->present;
1670 * Work around a bug where the busy flag in the tr selector
1680 * The accessed bit must always be set in the segment
1681 * descriptor cache, although it can be cleared in the
1682 * descriptor, the cached bit always remains at 1. Since
1683 * Intel has a check on this, set it here to support
1684 * cross-vendor migration.
1691 * On AMD CPUs sometimes the DB bit in the segment
1692 * descriptor is left as 1, although the whole segment has
1693 * been made unusable. Clear it here to pass an Intel VMX
1694 * entry check when cross vendor migrating.
1698 /* This is symmetric with svm_set_segment() */
1699 var->dpl = to_svm(vcpu)->vmcb->save.cpl;
1704 static int svm_get_cpl(struct kvm_vcpu *vcpu)
1706 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1711 static void svm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
1713 struct kvm_segment cs;
1715 svm_get_segment(vcpu, &cs, VCPU_SREG_CS);
1720 static void svm_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1722 struct vcpu_svm *svm = to_svm(vcpu);
1724 dt->size = svm->vmcb->save.idtr.limit;
1725 dt->address = svm->vmcb->save.idtr.base;
1728 static void svm_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1730 struct vcpu_svm *svm = to_svm(vcpu);
1732 svm->vmcb->save.idtr.limit = dt->size;
1733 svm->vmcb->save.idtr.base = dt->address ;
1734 vmcb_mark_dirty(svm->vmcb, VMCB_DT);
1737 static void svm_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1739 struct vcpu_svm *svm = to_svm(vcpu);
1741 dt->size = svm->vmcb->save.gdtr.limit;
1742 dt->address = svm->vmcb->save.gdtr.base;
1745 static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1747 struct vcpu_svm *svm = to_svm(vcpu);
1749 svm->vmcb->save.gdtr.limit = dt->size;
1750 svm->vmcb->save.gdtr.base = dt->address ;
1751 vmcb_mark_dirty(svm->vmcb, VMCB_DT);
1754 static void sev_post_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
1756 struct vcpu_svm *svm = to_svm(vcpu);
1759 * For guests that don't set guest_state_protected, the cr3 update is
1760 * handled via kvm_mmu_load() while entering the guest. For guests
1761 * that do (SEV-ES/SEV-SNP), the cr3 update needs to be written to
1762 * VMCB save area now, since the save area will become the initial
1763 * contents of the VMSA, and future VMCB save area updates won't be
1766 if (sev_es_guest(vcpu->kvm)) {
1767 svm->vmcb->save.cr3 = cr3;
1768 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
1772 void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
1774 struct vcpu_svm *svm = to_svm(vcpu);
1776 bool old_paging = is_paging(vcpu);
1778 #ifdef CONFIG_X86_64
1779 if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) {
1780 if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
1781 vcpu->arch.efer |= EFER_LMA;
1782 svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
1785 if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
1786 vcpu->arch.efer &= ~EFER_LMA;
1787 svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
1791 vcpu->arch.cr0 = cr0;
1794 hcr0 |= X86_CR0_PG | X86_CR0_WP;
1795 if (old_paging != is_paging(vcpu))
1796 svm_set_cr4(vcpu, kvm_read_cr4(vcpu));
1800 * re-enable caching here because the QEMU bios
1801 * does not do it - this results in some delay at
1804 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
1805 hcr0 &= ~(X86_CR0_CD | X86_CR0_NW);
1807 svm->vmcb->save.cr0 = hcr0;
1808 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
1811 * SEV-ES guests must always keep the CR intercepts cleared. CR
1812 * tracking is done using the CR write traps.
1814 if (sev_es_guest(vcpu->kvm))
1818 /* Selective CR0 write remains on. */
1819 svm_clr_intercept(svm, INTERCEPT_CR0_READ);
1820 svm_clr_intercept(svm, INTERCEPT_CR0_WRITE);
1822 svm_set_intercept(svm, INTERCEPT_CR0_READ);
1823 svm_set_intercept(svm, INTERCEPT_CR0_WRITE);
1827 static bool svm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1832 void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1834 unsigned long host_cr4_mce = cr4_read_shadow() & X86_CR4_MCE;
1835 unsigned long old_cr4 = vcpu->arch.cr4;
1837 if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
1838 svm_flush_tlb_current(vcpu);
1840 vcpu->arch.cr4 = cr4;
1844 if (!is_paging(vcpu))
1845 cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
1847 cr4 |= host_cr4_mce;
1848 to_svm(vcpu)->vmcb->save.cr4 = cr4;
1849 vmcb_mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
1851 if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE))
1852 kvm_update_cpuid_runtime(vcpu);
1855 static void svm_set_segment(struct kvm_vcpu *vcpu,
1856 struct kvm_segment *var, int seg)
1858 struct vcpu_svm *svm = to_svm(vcpu);
1859 struct vmcb_seg *s = svm_seg(vcpu, seg);
1861 s->base = var->base;
1862 s->limit = var->limit;
1863 s->selector = var->selector;
1864 s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK);
1865 s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT;
1866 s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT;
1867 s->attrib |= ((var->present & 1) && !var->unusable) << SVM_SELECTOR_P_SHIFT;
1868 s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT;
1869 s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT;
1870 s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT;
1871 s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT;
1874 * This is always accurate, except if SYSRET returned to a segment
1875 * with SS.DPL != 3. Intel does not have this quirk, and always
1876 * forces SS.DPL to 3 on sysret, so we ignore that case; fixing it
1877 * would entail passing the CPL to userspace and back.
1879 if (seg == VCPU_SREG_SS)
1880 /* This is symmetric with svm_get_segment() */
1881 svm->vmcb->save.cpl = (var->dpl & 3);
1883 vmcb_mark_dirty(svm->vmcb, VMCB_SEG);
1886 static void svm_update_exception_bitmap(struct kvm_vcpu *vcpu)
1888 struct vcpu_svm *svm = to_svm(vcpu);
1890 clr_exception_intercept(svm, BP_VECTOR);
1892 if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
1893 if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
1894 set_exception_intercept(svm, BP_VECTOR);
1898 static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
1900 if (sd->next_asid > sd->max_asid) {
1901 ++sd->asid_generation;
1902 sd->next_asid = sd->min_asid;
1903 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
1904 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
1907 svm->current_vmcb->asid_generation = sd->asid_generation;
1908 svm->asid = sd->next_asid++;
1911 static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value)
1913 struct vmcb *vmcb = svm->vmcb;
1915 if (svm->vcpu.arch.guest_state_protected)
1918 if (unlikely(value != vmcb->save.dr6)) {
1919 vmcb->save.dr6 = value;
1920 vmcb_mark_dirty(vmcb, VMCB_DR);
1924 static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
1926 struct vcpu_svm *svm = to_svm(vcpu);
1928 if (vcpu->arch.guest_state_protected)
1931 get_debugreg(vcpu->arch.db[0], 0);
1932 get_debugreg(vcpu->arch.db[1], 1);
1933 get_debugreg(vcpu->arch.db[2], 2);
1934 get_debugreg(vcpu->arch.db[3], 3);
1936 * We cannot reset svm->vmcb->save.dr6 to DR6_ACTIVE_LOW here,
1937 * because db_interception might need it. We can do it before vmentry.
1939 vcpu->arch.dr6 = svm->vmcb->save.dr6;
1940 vcpu->arch.dr7 = svm->vmcb->save.dr7;
1941 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
1942 set_dr_intercepts(svm);
1945 static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
1947 struct vcpu_svm *svm = to_svm(vcpu);
1949 if (vcpu->arch.guest_state_protected)
1952 svm->vmcb->save.dr7 = value;
1953 vmcb_mark_dirty(svm->vmcb, VMCB_DR);
1956 static int pf_interception(struct kvm_vcpu *vcpu)
1958 struct vcpu_svm *svm = to_svm(vcpu);
1960 u64 fault_address = svm->vmcb->control.exit_info_2;
1961 u64 error_code = svm->vmcb->control.exit_info_1;
1963 return kvm_handle_page_fault(vcpu, error_code, fault_address,
1964 static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
1965 svm->vmcb->control.insn_bytes : NULL,
1966 svm->vmcb->control.insn_len);
1969 static int npf_interception(struct kvm_vcpu *vcpu)
1971 struct vcpu_svm *svm = to_svm(vcpu);
1973 u64 fault_address = svm->vmcb->control.exit_info_2;
1974 u64 error_code = svm->vmcb->control.exit_info_1;
1976 trace_kvm_page_fault(vcpu, fault_address, error_code);
1977 return kvm_mmu_page_fault(vcpu, fault_address, error_code,
1978 static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
1979 svm->vmcb->control.insn_bytes : NULL,
1980 svm->vmcb->control.insn_len);
1983 static int db_interception(struct kvm_vcpu *vcpu)
1985 struct kvm_run *kvm_run = vcpu->run;
1986 struct vcpu_svm *svm = to_svm(vcpu);
1988 if (!(vcpu->guest_debug &
1989 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
1990 !svm->nmi_singlestep) {
1991 u32 payload = svm->vmcb->save.dr6 ^ DR6_ACTIVE_LOW;
1992 kvm_queue_exception_p(vcpu, DB_VECTOR, payload);
1996 if (svm->nmi_singlestep) {
1997 disable_nmi_singlestep(svm);
1998 /* Make sure we check for pending NMIs upon entry */
1999 kvm_make_request(KVM_REQ_EVENT, vcpu);
2002 if (vcpu->guest_debug &
2003 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) {
2004 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2005 kvm_run->debug.arch.dr6 = svm->vmcb->save.dr6;
2006 kvm_run->debug.arch.dr7 = svm->vmcb->save.dr7;
2007 kvm_run->debug.arch.pc =
2008 svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2009 kvm_run->debug.arch.exception = DB_VECTOR;
2016 static int bp_interception(struct kvm_vcpu *vcpu)
2018 struct vcpu_svm *svm = to_svm(vcpu);
2019 struct kvm_run *kvm_run = vcpu->run;
2021 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2022 kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2023 kvm_run->debug.arch.exception = BP_VECTOR;
2027 static int ud_interception(struct kvm_vcpu *vcpu)
2029 return handle_ud(vcpu);
2032 static int ac_interception(struct kvm_vcpu *vcpu)
2034 kvm_queue_exception_e(vcpu, AC_VECTOR, 0);
2038 static bool is_erratum_383(void)
2043 if (!erratum_383_found)
2046 value = native_read_msr_safe(MSR_IA32_MC0_STATUS, &err);
2050 /* Bit 62 may or may not be set for this mce */
2051 value &= ~(1ULL << 62);
2053 if (value != 0xb600000000010015ULL)
2056 /* Clear MCi_STATUS registers */
2057 for (i = 0; i < 6; ++i)
2058 native_write_msr_safe(MSR_IA32_MCx_STATUS(i), 0, 0);
2060 value = native_read_msr_safe(MSR_IA32_MCG_STATUS, &err);
2064 value &= ~(1ULL << 2);
2065 low = lower_32_bits(value);
2066 high = upper_32_bits(value);
2068 native_write_msr_safe(MSR_IA32_MCG_STATUS, low, high);
2071 /* Flush tlb to evict multi-match entries */
2077 static void svm_handle_mce(struct kvm_vcpu *vcpu)
2079 if (is_erratum_383()) {
2081 * Erratum 383 triggered. Guest state is corrupt so kill the
2084 pr_err("KVM: Guest triggered AMD Erratum 383\n");
2086 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
2092 * On an #MC intercept the MCE handler is not called automatically in
2093 * the host. So do it by hand here.
2095 kvm_machine_check();
2098 static int mc_interception(struct kvm_vcpu *vcpu)
2103 static int shutdown_interception(struct kvm_vcpu *vcpu)
2105 struct kvm_run *kvm_run = vcpu->run;
2106 struct vcpu_svm *svm = to_svm(vcpu);
2109 * The VM save area has already been encrypted so it
2110 * cannot be reinitialized - just terminate.
2112 if (sev_es_guest(vcpu->kvm))
2116 * VMCB is undefined after a SHUTDOWN intercept. INIT the vCPU to put
2117 * the VMCB in a known good state. Unfortuately, KVM doesn't have
2118 * KVM_MP_STATE_SHUTDOWN and can't add it without potentially breaking
2119 * userspace. At a platform view, INIT is acceptable behavior as
2120 * there exist bare metal platforms that automatically INIT the CPU
2121 * in response to shutdown.
2123 clear_page(svm->vmcb);
2124 kvm_vcpu_reset(vcpu, true);
2126 kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
2130 static int io_interception(struct kvm_vcpu *vcpu)
2132 struct vcpu_svm *svm = to_svm(vcpu);
2133 u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
2134 int size, in, string;
2137 ++vcpu->stat.io_exits;
2138 string = (io_info & SVM_IOIO_STR_MASK) != 0;
2139 in = (io_info & SVM_IOIO_TYPE_MASK) != 0;
2140 port = io_info >> 16;
2141 size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
2144 if (sev_es_guest(vcpu->kvm))
2145 return sev_es_string_io(svm, size, port, in);
2147 return kvm_emulate_instruction(vcpu, 0);
2150 svm->next_rip = svm->vmcb->control.exit_info_2;
2152 return kvm_fast_pio(vcpu, size, port, in);
2155 static int nmi_interception(struct kvm_vcpu *vcpu)
2160 static int smi_interception(struct kvm_vcpu *vcpu)
2165 static int intr_interception(struct kvm_vcpu *vcpu)
2167 ++vcpu->stat.irq_exits;
2171 static int vmload_vmsave_interception(struct kvm_vcpu *vcpu, bool vmload)
2173 struct vcpu_svm *svm = to_svm(vcpu);
2174 struct vmcb *vmcb12;
2175 struct kvm_host_map map;
2178 if (nested_svm_check_permissions(vcpu))
2181 ret = kvm_vcpu_map(vcpu, gpa_to_gfn(svm->vmcb->save.rax), &map);
2184 kvm_inject_gp(vcpu, 0);
2190 ret = kvm_skip_emulated_instruction(vcpu);
2193 svm_copy_vmloadsave_state(svm->vmcb, vmcb12);
2194 svm->sysenter_eip_hi = 0;
2195 svm->sysenter_esp_hi = 0;
2197 svm_copy_vmloadsave_state(vmcb12, svm->vmcb);
2200 kvm_vcpu_unmap(vcpu, &map, true);
2205 static int vmload_interception(struct kvm_vcpu *vcpu)
2207 return vmload_vmsave_interception(vcpu, true);
2210 static int vmsave_interception(struct kvm_vcpu *vcpu)
2212 return vmload_vmsave_interception(vcpu, false);
2215 static int vmrun_interception(struct kvm_vcpu *vcpu)
2217 if (nested_svm_check_permissions(vcpu))
2220 return nested_svm_vmrun(vcpu);
2230 /* Return NONE_SVM_INSTR if not SVM instrs, otherwise return decode result */
2231 static int svm_instr_opcode(struct kvm_vcpu *vcpu)
2233 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
2235 if (ctxt->b != 0x1 || ctxt->opcode_len != 2)
2236 return NONE_SVM_INSTR;
2238 switch (ctxt->modrm) {
2239 case 0xd8: /* VMRUN */
2240 return SVM_INSTR_VMRUN;
2241 case 0xda: /* VMLOAD */
2242 return SVM_INSTR_VMLOAD;
2243 case 0xdb: /* VMSAVE */
2244 return SVM_INSTR_VMSAVE;
2249 return NONE_SVM_INSTR;
2252 static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode)
2254 const int guest_mode_exit_codes[] = {
2255 [SVM_INSTR_VMRUN] = SVM_EXIT_VMRUN,
2256 [SVM_INSTR_VMLOAD] = SVM_EXIT_VMLOAD,
2257 [SVM_INSTR_VMSAVE] = SVM_EXIT_VMSAVE,
2259 int (*const svm_instr_handlers[])(struct kvm_vcpu *vcpu) = {
2260 [SVM_INSTR_VMRUN] = vmrun_interception,
2261 [SVM_INSTR_VMLOAD] = vmload_interception,
2262 [SVM_INSTR_VMSAVE] = vmsave_interception,
2264 struct vcpu_svm *svm = to_svm(vcpu);
2267 if (is_guest_mode(vcpu)) {
2268 /* Returns '1' or -errno on failure, '0' on success. */
2269 ret = nested_svm_simple_vmexit(svm, guest_mode_exit_codes[opcode]);
2274 return svm_instr_handlers[opcode](vcpu);
2278 * #GP handling code. Note that #GP can be triggered under the following two
2280 * 1) SVM VM-related instructions (VMRUN/VMSAVE/VMLOAD) that trigger #GP on
2281 * some AMD CPUs when EAX of these instructions are in the reserved memory
2282 * regions (e.g. SMM memory on host).
2283 * 2) VMware backdoor
2285 static int gp_interception(struct kvm_vcpu *vcpu)
2287 struct vcpu_svm *svm = to_svm(vcpu);
2288 u32 error_code = svm->vmcb->control.exit_info_1;
2291 /* Both #GP cases have zero error_code */
2295 /* Decode the instruction for usage later */
2296 if (x86_decode_emulated_instruction(vcpu, 0, NULL, 0) != EMULATION_OK)
2299 opcode = svm_instr_opcode(vcpu);
2301 if (opcode == NONE_SVM_INSTR) {
2302 if (!enable_vmware_backdoor)
2306 * VMware backdoor emulation on #GP interception only handles
2307 * IN{S}, OUT{S}, and RDPMC.
2309 if (!is_guest_mode(vcpu))
2310 return kvm_emulate_instruction(vcpu,
2311 EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
2313 /* All SVM instructions expect page aligned RAX */
2314 if (svm->vmcb->save.rax & ~PAGE_MASK)
2317 return emulate_svm_instr(vcpu, opcode);
2321 kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
2325 void svm_set_gif(struct vcpu_svm *svm, bool value)
2329 * If VGIF is enabled, the STGI intercept is only added to
2330 * detect the opening of the SMI/NMI window; remove it now.
2331 * Likewise, clear the VINTR intercept, we will set it
2332 * again while processing KVM_REQ_EVENT if needed.
2335 svm_clr_intercept(svm, INTERCEPT_STGI);
2336 if (svm_is_intercept(svm, INTERCEPT_VINTR))
2337 svm_clear_vintr(svm);
2340 if (svm->vcpu.arch.smi_pending ||
2341 svm->vcpu.arch.nmi_pending ||
2342 kvm_cpu_has_injectable_intr(&svm->vcpu) ||
2343 kvm_apic_has_pending_init_or_sipi(&svm->vcpu))
2344 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
2349 * After a CLGI no interrupts should come. But if vGIF is
2350 * in use, we still rely on the VINTR intercept (rather than
2351 * STGI) to detect an open interrupt window.
2354 svm_clear_vintr(svm);
2358 static int stgi_interception(struct kvm_vcpu *vcpu)
2362 if (nested_svm_check_permissions(vcpu))
2365 ret = kvm_skip_emulated_instruction(vcpu);
2366 svm_set_gif(to_svm(vcpu), true);
2370 static int clgi_interception(struct kvm_vcpu *vcpu)
2374 if (nested_svm_check_permissions(vcpu))
2377 ret = kvm_skip_emulated_instruction(vcpu);
2378 svm_set_gif(to_svm(vcpu), false);
2382 static int invlpga_interception(struct kvm_vcpu *vcpu)
2384 gva_t gva = kvm_rax_read(vcpu);
2385 u32 asid = kvm_rcx_read(vcpu);
2387 /* FIXME: Handle an address size prefix. */
2388 if (!is_long_mode(vcpu))
2391 trace_kvm_invlpga(to_svm(vcpu)->vmcb->save.rip, asid, gva);
2393 /* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
2394 kvm_mmu_invlpg(vcpu, gva);
2396 return kvm_skip_emulated_instruction(vcpu);
2399 static int skinit_interception(struct kvm_vcpu *vcpu)
2401 trace_kvm_skinit(to_svm(vcpu)->vmcb->save.rip, kvm_rax_read(vcpu));
2403 kvm_queue_exception(vcpu, UD_VECTOR);
2407 static int task_switch_interception(struct kvm_vcpu *vcpu)
2409 struct vcpu_svm *svm = to_svm(vcpu);
2412 int int_type = svm->vmcb->control.exit_int_info &
2413 SVM_EXITINTINFO_TYPE_MASK;
2414 int int_vec = svm->vmcb->control.exit_int_info & SVM_EVTINJ_VEC_MASK;
2416 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_TYPE_MASK;
2418 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID;
2419 bool has_error_code = false;
2422 tss_selector = (u16)svm->vmcb->control.exit_info_1;
2424 if (svm->vmcb->control.exit_info_2 &
2425 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_IRET))
2426 reason = TASK_SWITCH_IRET;
2427 else if (svm->vmcb->control.exit_info_2 &
2428 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
2429 reason = TASK_SWITCH_JMP;
2431 reason = TASK_SWITCH_GATE;
2433 reason = TASK_SWITCH_CALL;
2435 if (reason == TASK_SWITCH_GATE) {
2437 case SVM_EXITINTINFO_TYPE_NMI:
2438 vcpu->arch.nmi_injected = false;
2440 case SVM_EXITINTINFO_TYPE_EXEPT:
2441 if (svm->vmcb->control.exit_info_2 &
2442 (1ULL << SVM_EXITINFOSHIFT_TS_HAS_ERROR_CODE)) {
2443 has_error_code = true;
2445 (u32)svm->vmcb->control.exit_info_2;
2447 kvm_clear_exception_queue(vcpu);
2449 case SVM_EXITINTINFO_TYPE_INTR:
2450 case SVM_EXITINTINFO_TYPE_SOFT:
2451 kvm_clear_interrupt_queue(vcpu);
2458 if (reason != TASK_SWITCH_GATE ||
2459 int_type == SVM_EXITINTINFO_TYPE_SOFT ||
2460 (int_type == SVM_EXITINTINFO_TYPE_EXEPT &&
2461 (int_vec == OF_VECTOR || int_vec == BP_VECTOR))) {
2462 if (!svm_skip_emulated_instruction(vcpu))
2466 if (int_type != SVM_EXITINTINFO_TYPE_SOFT)
2469 return kvm_task_switch(vcpu, tss_selector, int_vec, reason,
2470 has_error_code, error_code);
2473 static int iret_interception(struct kvm_vcpu *vcpu)
2475 struct vcpu_svm *svm = to_svm(vcpu);
2477 ++vcpu->stat.nmi_window_exits;
2478 vcpu->arch.hflags |= HF_IRET_MASK;
2479 if (!sev_es_guest(vcpu->kvm)) {
2480 svm_clr_intercept(svm, INTERCEPT_IRET);
2481 svm->nmi_iret_rip = kvm_rip_read(vcpu);
2483 kvm_make_request(KVM_REQ_EVENT, vcpu);
2487 static int invlpg_interception(struct kvm_vcpu *vcpu)
2489 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
2490 return kvm_emulate_instruction(vcpu, 0);
2492 kvm_mmu_invlpg(vcpu, to_svm(vcpu)->vmcb->control.exit_info_1);
2493 return kvm_skip_emulated_instruction(vcpu);
2496 static int emulate_on_interception(struct kvm_vcpu *vcpu)
2498 return kvm_emulate_instruction(vcpu, 0);
2501 static int rsm_interception(struct kvm_vcpu *vcpu)
2503 return kvm_emulate_instruction_from_buffer(vcpu, rsm_ins_bytes, 2);
2506 static bool check_selective_cr0_intercepted(struct kvm_vcpu *vcpu,
2509 struct vcpu_svm *svm = to_svm(vcpu);
2510 unsigned long cr0 = vcpu->arch.cr0;
2513 if (!is_guest_mode(vcpu) ||
2514 (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_SELECTIVE_CR0))))
2517 cr0 &= ~SVM_CR0_SELECTIVE_MASK;
2518 val &= ~SVM_CR0_SELECTIVE_MASK;
2521 svm->vmcb->control.exit_code = SVM_EXIT_CR0_SEL_WRITE;
2522 ret = (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE);
2528 #define CR_VALID (1ULL << 63)
2530 static int cr_interception(struct kvm_vcpu *vcpu)
2532 struct vcpu_svm *svm = to_svm(vcpu);
2537 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
2538 return emulate_on_interception(vcpu);
2540 if (unlikely((svm->vmcb->control.exit_info_1 & CR_VALID) == 0))
2541 return emulate_on_interception(vcpu);
2543 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
2544 if (svm->vmcb->control.exit_code == SVM_EXIT_CR0_SEL_WRITE)
2545 cr = SVM_EXIT_WRITE_CR0 - SVM_EXIT_READ_CR0;
2547 cr = svm->vmcb->control.exit_code - SVM_EXIT_READ_CR0;
2550 if (cr >= 16) { /* mov to cr */
2552 val = kvm_register_read(vcpu, reg);
2553 trace_kvm_cr_write(cr, val);
2556 if (!check_selective_cr0_intercepted(vcpu, val))
2557 err = kvm_set_cr0(vcpu, val);
2563 err = kvm_set_cr3(vcpu, val);
2566 err = kvm_set_cr4(vcpu, val);
2569 err = kvm_set_cr8(vcpu, val);
2572 WARN(1, "unhandled write to CR%d", cr);
2573 kvm_queue_exception(vcpu, UD_VECTOR);
2576 } else { /* mov from cr */
2579 val = kvm_read_cr0(vcpu);
2582 val = vcpu->arch.cr2;
2585 val = kvm_read_cr3(vcpu);
2588 val = kvm_read_cr4(vcpu);
2591 val = kvm_get_cr8(vcpu);
2594 WARN(1, "unhandled read from CR%d", cr);
2595 kvm_queue_exception(vcpu, UD_VECTOR);
2598 kvm_register_write(vcpu, reg, val);
2599 trace_kvm_cr_read(cr, val);
2601 return kvm_complete_insn_gp(vcpu, err);
2604 static int cr_trap(struct kvm_vcpu *vcpu)
2606 struct vcpu_svm *svm = to_svm(vcpu);
2607 unsigned long old_value, new_value;
2611 new_value = (unsigned long)svm->vmcb->control.exit_info_1;
2613 cr = svm->vmcb->control.exit_code - SVM_EXIT_CR0_WRITE_TRAP;
2616 old_value = kvm_read_cr0(vcpu);
2617 svm_set_cr0(vcpu, new_value);
2619 kvm_post_set_cr0(vcpu, old_value, new_value);
2622 old_value = kvm_read_cr4(vcpu);
2623 svm_set_cr4(vcpu, new_value);
2625 kvm_post_set_cr4(vcpu, old_value, new_value);
2628 ret = kvm_set_cr8(vcpu, new_value);
2631 WARN(1, "unhandled CR%d write trap", cr);
2632 kvm_queue_exception(vcpu, UD_VECTOR);
2636 return kvm_complete_insn_gp(vcpu, ret);
2639 static int dr_interception(struct kvm_vcpu *vcpu)
2641 struct vcpu_svm *svm = to_svm(vcpu);
2646 if (vcpu->guest_debug == 0) {
2648 * No more DR vmexits; force a reload of the debug registers
2649 * and reenter on this instruction. The next vmexit will
2650 * retrieve the full state of the debug registers.
2652 clr_dr_intercepts(svm);
2653 vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
2657 if (!boot_cpu_has(X86_FEATURE_DECODEASSISTS))
2658 return emulate_on_interception(vcpu);
2660 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
2661 dr = svm->vmcb->control.exit_code - SVM_EXIT_READ_DR0;
2662 if (dr >= 16) { /* mov to DRn */
2664 val = kvm_register_read(vcpu, reg);
2665 err = kvm_set_dr(vcpu, dr, val);
2667 kvm_get_dr(vcpu, dr, &val);
2668 kvm_register_write(vcpu, reg, val);
2671 return kvm_complete_insn_gp(vcpu, err);
2674 static int cr8_write_interception(struct kvm_vcpu *vcpu)
2678 u8 cr8_prev = kvm_get_cr8(vcpu);
2679 /* instruction emulation calls kvm_set_cr8() */
2680 r = cr_interception(vcpu);
2681 if (lapic_in_kernel(vcpu))
2683 if (cr8_prev <= kvm_get_cr8(vcpu))
2685 vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
2689 static int efer_trap(struct kvm_vcpu *vcpu)
2691 struct msr_data msr_info;
2695 * Clear the EFER_SVME bit from EFER. The SVM code always sets this
2696 * bit in svm_set_efer(), but __kvm_valid_efer() checks it against
2697 * whether the guest has X86_FEATURE_SVM - this avoids a failure if
2698 * the guest doesn't have X86_FEATURE_SVM.
2700 msr_info.host_initiated = false;
2701 msr_info.index = MSR_EFER;
2702 msr_info.data = to_svm(vcpu)->vmcb->control.exit_info_1 & ~EFER_SVME;
2703 ret = kvm_set_msr_common(vcpu, &msr_info);
2705 return kvm_complete_insn_gp(vcpu, ret);
2708 static int svm_get_msr_feature(struct kvm_msr_entry *msr)
2712 switch (msr->index) {
2713 case MSR_F10H_DECFG:
2714 if (boot_cpu_has(X86_FEATURE_LFENCE_RDTSC))
2715 msr->data |= MSR_F10H_DECFG_LFENCE_SERIALIZE;
2717 case MSR_IA32_PERF_CAPABILITIES:
2720 return KVM_MSR_RET_INVALID;
2726 static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2728 struct vcpu_svm *svm = to_svm(vcpu);
2730 switch (msr_info->index) {
2731 case MSR_AMD64_TSC_RATIO:
2732 if (!msr_info->host_initiated && !svm->tsc_scaling_enabled)
2734 msr_info->data = svm->tsc_ratio_msr;
2737 msr_info->data = svm->vmcb01.ptr->save.star;
2739 #ifdef CONFIG_X86_64
2741 msr_info->data = svm->vmcb01.ptr->save.lstar;
2744 msr_info->data = svm->vmcb01.ptr->save.cstar;
2746 case MSR_KERNEL_GS_BASE:
2747 msr_info->data = svm->vmcb01.ptr->save.kernel_gs_base;
2749 case MSR_SYSCALL_MASK:
2750 msr_info->data = svm->vmcb01.ptr->save.sfmask;
2753 case MSR_IA32_SYSENTER_CS:
2754 msr_info->data = svm->vmcb01.ptr->save.sysenter_cs;
2756 case MSR_IA32_SYSENTER_EIP:
2757 msr_info->data = (u32)svm->vmcb01.ptr->save.sysenter_eip;
2758 if (guest_cpuid_is_intel(vcpu))
2759 msr_info->data |= (u64)svm->sysenter_eip_hi << 32;
2761 case MSR_IA32_SYSENTER_ESP:
2762 msr_info->data = svm->vmcb01.ptr->save.sysenter_esp;
2763 if (guest_cpuid_is_intel(vcpu))
2764 msr_info->data |= (u64)svm->sysenter_esp_hi << 32;
2767 msr_info->data = svm->tsc_aux;
2769 case MSR_IA32_DEBUGCTLMSR:
2770 case MSR_IA32_LASTBRANCHFROMIP:
2771 case MSR_IA32_LASTBRANCHTOIP:
2772 case MSR_IA32_LASTINTFROMIP:
2773 case MSR_IA32_LASTINTTOIP:
2774 msr_info->data = svm_get_lbr_msr(svm, msr_info->index);
2776 case MSR_VM_HSAVE_PA:
2777 msr_info->data = svm->nested.hsave_msr;
2780 msr_info->data = svm->nested.vm_cr_msr;
2782 case MSR_IA32_SPEC_CTRL:
2783 if (!msr_info->host_initiated &&
2784 !guest_has_spec_ctrl_msr(vcpu))
2787 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
2788 msr_info->data = svm->vmcb->save.spec_ctrl;
2790 msr_info->data = svm->spec_ctrl;
2792 case MSR_AMD64_VIRT_SPEC_CTRL:
2793 if (!msr_info->host_initiated &&
2794 !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
2797 msr_info->data = svm->virt_spec_ctrl;
2799 case MSR_F15H_IC_CFG: {
2803 family = guest_cpuid_family(vcpu);
2804 model = guest_cpuid_model(vcpu);
2806 if (family < 0 || model < 0)
2807 return kvm_get_msr_common(vcpu, msr_info);
2811 if (family == 0x15 &&
2812 (model >= 0x2 && model < 0x20))
2813 msr_info->data = 0x1E;
2816 case MSR_F10H_DECFG:
2817 msr_info->data = svm->msr_decfg;
2820 return kvm_get_msr_common(vcpu, msr_info);
2825 static int svm_complete_emulated_msr(struct kvm_vcpu *vcpu, int err)
2827 struct vcpu_svm *svm = to_svm(vcpu);
2828 if (!err || !sev_es_guest(vcpu->kvm) || WARN_ON_ONCE(!svm->sev_es.ghcb))
2829 return kvm_complete_insn_gp(vcpu, err);
2831 ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 1);
2832 ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
2834 SVM_EVTINJ_TYPE_EXEPT |
2839 static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
2841 struct vcpu_svm *svm = to_svm(vcpu);
2842 int svm_dis, chg_mask;
2844 if (data & ~SVM_VM_CR_VALID_MASK)
2847 chg_mask = SVM_VM_CR_VALID_MASK;
2849 if (svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK)
2850 chg_mask &= ~(SVM_VM_CR_SVM_LOCK_MASK | SVM_VM_CR_SVM_DIS_MASK);
2852 svm->nested.vm_cr_msr &= ~chg_mask;
2853 svm->nested.vm_cr_msr |= (data & chg_mask);
2855 svm_dis = svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK;
2857 /* check for svm_disable while efer.svme is set */
2858 if (svm_dis && (vcpu->arch.efer & EFER_SVME))
2864 static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
2866 struct vcpu_svm *svm = to_svm(vcpu);
2869 u32 ecx = msr->index;
2870 u64 data = msr->data;
2872 case MSR_AMD64_TSC_RATIO:
2874 if (!svm->tsc_scaling_enabled) {
2876 if (!msr->host_initiated)
2879 * In case TSC scaling is not enabled, always
2880 * leave this MSR at the default value.
2882 * Due to bug in qemu 6.2.0, it would try to set
2883 * this msr to 0 if tsc scaling is not enabled.
2884 * Ignore this value as well.
2886 if (data != 0 && data != svm->tsc_ratio_msr)
2891 if (data & SVM_TSC_RATIO_RSVD)
2894 svm->tsc_ratio_msr = data;
2896 if (svm->tsc_scaling_enabled && is_guest_mode(vcpu))
2897 nested_svm_update_tsc_ratio_msr(vcpu);
2900 case MSR_IA32_CR_PAT:
2901 if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
2903 vcpu->arch.pat = data;
2904 svm->vmcb01.ptr->save.g_pat = data;
2905 if (is_guest_mode(vcpu))
2906 nested_vmcb02_compute_g_pat(svm);
2907 vmcb_mark_dirty(svm->vmcb, VMCB_NPT);
2909 case MSR_IA32_SPEC_CTRL:
2910 if (!msr->host_initiated &&
2911 !guest_has_spec_ctrl_msr(vcpu))
2914 if (kvm_spec_ctrl_test_value(data))
2917 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
2918 svm->vmcb->save.spec_ctrl = data;
2920 svm->spec_ctrl = data;
2926 * When it's written (to non-zero) for the first time, pass
2930 * The handling of the MSR bitmap for L2 guests is done in
2931 * nested_svm_vmrun_msrpm.
2932 * We update the L1 MSR bit as well since it will end up
2933 * touching the MSR anyway now.
2935 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
2937 case MSR_IA32_PRED_CMD:
2938 if (!msr->host_initiated &&
2939 !guest_has_pred_cmd_msr(vcpu))
2942 if (data & ~PRED_CMD_IBPB)
2944 if (!boot_cpu_has(X86_FEATURE_IBPB))
2949 wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
2950 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD, 0, 1);
2952 case MSR_AMD64_VIRT_SPEC_CTRL:
2953 if (!msr->host_initiated &&
2954 !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
2957 if (data & ~SPEC_CTRL_SSBD)
2960 svm->virt_spec_ctrl = data;
2963 svm->vmcb01.ptr->save.star = data;
2965 #ifdef CONFIG_X86_64
2967 svm->vmcb01.ptr->save.lstar = data;
2970 svm->vmcb01.ptr->save.cstar = data;
2972 case MSR_KERNEL_GS_BASE:
2973 svm->vmcb01.ptr->save.kernel_gs_base = data;
2975 case MSR_SYSCALL_MASK:
2976 svm->vmcb01.ptr->save.sfmask = data;
2979 case MSR_IA32_SYSENTER_CS:
2980 svm->vmcb01.ptr->save.sysenter_cs = data;
2982 case MSR_IA32_SYSENTER_EIP:
2983 svm->vmcb01.ptr->save.sysenter_eip = (u32)data;
2985 * We only intercept the MSR_IA32_SYSENTER_{EIP|ESP} msrs
2986 * when we spoof an Intel vendor ID (for cross vendor migration).
2987 * In this case we use this intercept to track the high
2988 * 32 bit part of these msrs to support Intel's
2989 * implementation of SYSENTER/SYSEXIT.
2991 svm->sysenter_eip_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
2993 case MSR_IA32_SYSENTER_ESP:
2994 svm->vmcb01.ptr->save.sysenter_esp = (u32)data;
2995 svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
2999 * TSC_AUX is usually changed only during boot and never read
3000 * directly. Intercept TSC_AUX instead of exposing it to the
3001 * guest via direct_access_msrs, and switch it via user return.
3004 r = kvm_set_user_return_msr(tsc_aux_uret_slot, data, -1ull);
3009 svm->tsc_aux = data;
3011 case MSR_IA32_DEBUGCTLMSR:
3013 vcpu_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTL 0x%llx, nop\n",
3017 if (data & DEBUGCTL_RESERVED_BITS)
3020 if (svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK)
3021 svm->vmcb->save.dbgctl = data;
3023 svm->vmcb01.ptr->save.dbgctl = data;
3025 svm_update_lbrv(vcpu);
3028 case MSR_VM_HSAVE_PA:
3030 * Old kernels did not validate the value written to
3031 * MSR_VM_HSAVE_PA. Allow KVM_SET_MSR to set an invalid
3032 * value to allow live migrating buggy or malicious guests
3033 * originating from those kernels.
3035 if (!msr->host_initiated && !page_address_valid(vcpu, data))
3038 svm->nested.hsave_msr = data & PAGE_MASK;
3041 return svm_set_vm_cr(vcpu, data);
3043 vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
3045 case MSR_F10H_DECFG: {
3046 struct kvm_msr_entry msr_entry;
3048 msr_entry.index = msr->index;
3049 if (svm_get_msr_feature(&msr_entry))
3052 /* Check the supported bits */
3053 if (data & ~msr_entry.data)
3056 /* Don't allow the guest to change a bit, #GP */
3057 if (!msr->host_initiated && (data ^ msr_entry.data))
3060 svm->msr_decfg = data;
3064 return kvm_set_msr_common(vcpu, msr);
3069 static int msr_interception(struct kvm_vcpu *vcpu)
3071 if (to_svm(vcpu)->vmcb->control.exit_info_1)
3072 return kvm_emulate_wrmsr(vcpu);
3074 return kvm_emulate_rdmsr(vcpu);
3077 static int interrupt_window_interception(struct kvm_vcpu *vcpu)
3079 kvm_make_request(KVM_REQ_EVENT, vcpu);
3080 svm_clear_vintr(to_svm(vcpu));
3083 * If not running nested, for AVIC, the only reason to end up here is ExtINTs.
3084 * In this case AVIC was temporarily disabled for
3085 * requesting the IRQ window and we have to re-enable it.
3087 * If running nested, still remove the VM wide AVIC inhibit to
3088 * support case in which the interrupt window was requested when the
3089 * vCPU was not running nested.
3091 * All vCPUs which run still run nested, will remain to have their
3092 * AVIC still inhibited due to per-cpu AVIC inhibition.
3094 kvm_clear_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_IRQWIN);
3096 ++vcpu->stat.irq_window_exits;
3100 static int pause_interception(struct kvm_vcpu *vcpu)
3104 * CPL is not made available for an SEV-ES guest, therefore
3105 * vcpu->arch.preempted_in_kernel can never be true. Just
3106 * set in_kernel to false as well.
3108 in_kernel = !sev_es_guest(vcpu->kvm) && svm_get_cpl(vcpu) == 0;
3110 grow_ple_window(vcpu);
3112 kvm_vcpu_on_spin(vcpu, in_kernel);
3113 return kvm_skip_emulated_instruction(vcpu);
3116 static int invpcid_interception(struct kvm_vcpu *vcpu)
3118 struct vcpu_svm *svm = to_svm(vcpu);
3122 if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) {
3123 kvm_queue_exception(vcpu, UD_VECTOR);
3128 * For an INVPCID intercept:
3129 * EXITINFO1 provides the linear address of the memory operand.
3130 * EXITINFO2 provides the contents of the register operand.
3132 type = svm->vmcb->control.exit_info_2;
3133 gva = svm->vmcb->control.exit_info_1;
3135 return kvm_handle_invpcid(vcpu, type, gva);
3138 static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = {
3139 [SVM_EXIT_READ_CR0] = cr_interception,
3140 [SVM_EXIT_READ_CR3] = cr_interception,
3141 [SVM_EXIT_READ_CR4] = cr_interception,
3142 [SVM_EXIT_READ_CR8] = cr_interception,
3143 [SVM_EXIT_CR0_SEL_WRITE] = cr_interception,
3144 [SVM_EXIT_WRITE_CR0] = cr_interception,
3145 [SVM_EXIT_WRITE_CR3] = cr_interception,
3146 [SVM_EXIT_WRITE_CR4] = cr_interception,
3147 [SVM_EXIT_WRITE_CR8] = cr8_write_interception,
3148 [SVM_EXIT_READ_DR0] = dr_interception,
3149 [SVM_EXIT_READ_DR1] = dr_interception,
3150 [SVM_EXIT_READ_DR2] = dr_interception,
3151 [SVM_EXIT_READ_DR3] = dr_interception,
3152 [SVM_EXIT_READ_DR4] = dr_interception,
3153 [SVM_EXIT_READ_DR5] = dr_interception,
3154 [SVM_EXIT_READ_DR6] = dr_interception,
3155 [SVM_EXIT_READ_DR7] = dr_interception,
3156 [SVM_EXIT_WRITE_DR0] = dr_interception,
3157 [SVM_EXIT_WRITE_DR1] = dr_interception,
3158 [SVM_EXIT_WRITE_DR2] = dr_interception,
3159 [SVM_EXIT_WRITE_DR3] = dr_interception,
3160 [SVM_EXIT_WRITE_DR4] = dr_interception,
3161 [SVM_EXIT_WRITE_DR5] = dr_interception,
3162 [SVM_EXIT_WRITE_DR6] = dr_interception,
3163 [SVM_EXIT_WRITE_DR7] = dr_interception,
3164 [SVM_EXIT_EXCP_BASE + DB_VECTOR] = db_interception,
3165 [SVM_EXIT_EXCP_BASE + BP_VECTOR] = bp_interception,
3166 [SVM_EXIT_EXCP_BASE + UD_VECTOR] = ud_interception,
3167 [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
3168 [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
3169 [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
3170 [SVM_EXIT_EXCP_BASE + GP_VECTOR] = gp_interception,
3171 [SVM_EXIT_INTR] = intr_interception,
3172 [SVM_EXIT_NMI] = nmi_interception,
3173 [SVM_EXIT_SMI] = smi_interception,
3174 [SVM_EXIT_VINTR] = interrupt_window_interception,
3175 [SVM_EXIT_RDPMC] = kvm_emulate_rdpmc,
3176 [SVM_EXIT_CPUID] = kvm_emulate_cpuid,
3177 [SVM_EXIT_IRET] = iret_interception,
3178 [SVM_EXIT_INVD] = kvm_emulate_invd,
3179 [SVM_EXIT_PAUSE] = pause_interception,
3180 [SVM_EXIT_HLT] = kvm_emulate_halt,
3181 [SVM_EXIT_INVLPG] = invlpg_interception,
3182 [SVM_EXIT_INVLPGA] = invlpga_interception,
3183 [SVM_EXIT_IOIO] = io_interception,
3184 [SVM_EXIT_MSR] = msr_interception,
3185 [SVM_EXIT_TASK_SWITCH] = task_switch_interception,
3186 [SVM_EXIT_SHUTDOWN] = shutdown_interception,
3187 [SVM_EXIT_VMRUN] = vmrun_interception,
3188 [SVM_EXIT_VMMCALL] = kvm_emulate_hypercall,
3189 [SVM_EXIT_VMLOAD] = vmload_interception,
3190 [SVM_EXIT_VMSAVE] = vmsave_interception,
3191 [SVM_EXIT_STGI] = stgi_interception,
3192 [SVM_EXIT_CLGI] = clgi_interception,
3193 [SVM_EXIT_SKINIT] = skinit_interception,
3194 [SVM_EXIT_RDTSCP] = kvm_handle_invalid_op,
3195 [SVM_EXIT_WBINVD] = kvm_emulate_wbinvd,
3196 [SVM_EXIT_MONITOR] = kvm_emulate_monitor,
3197 [SVM_EXIT_MWAIT] = kvm_emulate_mwait,
3198 [SVM_EXIT_XSETBV] = kvm_emulate_xsetbv,
3199 [SVM_EXIT_RDPRU] = kvm_handle_invalid_op,
3200 [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap,
3201 [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap,
3202 [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap,
3203 [SVM_EXIT_CR8_WRITE_TRAP] = cr_trap,
3204 [SVM_EXIT_INVPCID] = invpcid_interception,
3205 [SVM_EXIT_NPF] = npf_interception,
3206 [SVM_EXIT_RSM] = rsm_interception,
3207 [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception,
3208 [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception,
3209 [SVM_EXIT_VMGEXIT] = sev_handle_vmgexit,
3212 static void dump_vmcb(struct kvm_vcpu *vcpu)
3214 struct vcpu_svm *svm = to_svm(vcpu);
3215 struct vmcb_control_area *control = &svm->vmcb->control;
3216 struct vmcb_save_area *save = &svm->vmcb->save;
3217 struct vmcb_save_area *save01 = &svm->vmcb01.ptr->save;
3219 if (!dump_invalid_vmcb) {
3220 pr_warn_ratelimited("set kvm_amd.dump_invalid_vmcb=1 to dump internal KVM state.\n");
3224 pr_err("VMCB %p, last attempted VMRUN on CPU %d\n",
3225 svm->current_vmcb->ptr, vcpu->arch.last_vmentry_cpu);
3226 pr_err("VMCB Control Area:\n");
3227 pr_err("%-20s%04x\n", "cr_read:", control->intercepts[INTERCEPT_CR] & 0xffff);
3228 pr_err("%-20s%04x\n", "cr_write:", control->intercepts[INTERCEPT_CR] >> 16);
3229 pr_err("%-20s%04x\n", "dr_read:", control->intercepts[INTERCEPT_DR] & 0xffff);
3230 pr_err("%-20s%04x\n", "dr_write:", control->intercepts[INTERCEPT_DR] >> 16);
3231 pr_err("%-20s%08x\n", "exceptions:", control->intercepts[INTERCEPT_EXCEPTION]);
3232 pr_err("%-20s%08x %08x\n", "intercepts:",
3233 control->intercepts[INTERCEPT_WORD3],
3234 control->intercepts[INTERCEPT_WORD4]);
3235 pr_err("%-20s%d\n", "pause filter count:", control->pause_filter_count);
3236 pr_err("%-20s%d\n", "pause filter threshold:",
3237 control->pause_filter_thresh);
3238 pr_err("%-20s%016llx\n", "iopm_base_pa:", control->iopm_base_pa);
3239 pr_err("%-20s%016llx\n", "msrpm_base_pa:", control->msrpm_base_pa);
3240 pr_err("%-20s%016llx\n", "tsc_offset:", control->tsc_offset);
3241 pr_err("%-20s%d\n", "asid:", control->asid);
3242 pr_err("%-20s%d\n", "tlb_ctl:", control->tlb_ctl);
3243 pr_err("%-20s%08x\n", "int_ctl:", control->int_ctl);
3244 pr_err("%-20s%08x\n", "int_vector:", control->int_vector);
3245 pr_err("%-20s%08x\n", "int_state:", control->int_state);
3246 pr_err("%-20s%08x\n", "exit_code:", control->exit_code);
3247 pr_err("%-20s%016llx\n", "exit_info1:", control->exit_info_1);
3248 pr_err("%-20s%016llx\n", "exit_info2:", control->exit_info_2);
3249 pr_err("%-20s%08x\n", "exit_int_info:", control->exit_int_info);
3250 pr_err("%-20s%08x\n", "exit_int_info_err:", control->exit_int_info_err);
3251 pr_err("%-20s%lld\n", "nested_ctl:", control->nested_ctl);
3252 pr_err("%-20s%016llx\n", "nested_cr3:", control->nested_cr3);
3253 pr_err("%-20s%016llx\n", "avic_vapic_bar:", control->avic_vapic_bar);
3254 pr_err("%-20s%016llx\n", "ghcb:", control->ghcb_gpa);
3255 pr_err("%-20s%08x\n", "event_inj:", control->event_inj);
3256 pr_err("%-20s%08x\n", "event_inj_err:", control->event_inj_err);
3257 pr_err("%-20s%lld\n", "virt_ext:", control->virt_ext);
3258 pr_err("%-20s%016llx\n", "next_rip:", control->next_rip);
3259 pr_err("%-20s%016llx\n", "avic_backing_page:", control->avic_backing_page);
3260 pr_err("%-20s%016llx\n", "avic_logical_id:", control->avic_logical_id);
3261 pr_err("%-20s%016llx\n", "avic_physical_id:", control->avic_physical_id);
3262 pr_err("%-20s%016llx\n", "vmsa_pa:", control->vmsa_pa);
3263 pr_err("VMCB State Save Area:\n");
3264 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3266 save->es.selector, save->es.attrib,
3267 save->es.limit, save->es.base);
3268 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3270 save->cs.selector, save->cs.attrib,
3271 save->cs.limit, save->cs.base);
3272 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3274 save->ss.selector, save->ss.attrib,
3275 save->ss.limit, save->ss.base);
3276 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3278 save->ds.selector, save->ds.attrib,
3279 save->ds.limit, save->ds.base);
3280 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3282 save01->fs.selector, save01->fs.attrib,
3283 save01->fs.limit, save01->fs.base);
3284 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3286 save01->gs.selector, save01->gs.attrib,
3287 save01->gs.limit, save01->gs.base);
3288 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3290 save->gdtr.selector, save->gdtr.attrib,
3291 save->gdtr.limit, save->gdtr.base);
3292 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3294 save01->ldtr.selector, save01->ldtr.attrib,
3295 save01->ldtr.limit, save01->ldtr.base);
3296 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3298 save->idtr.selector, save->idtr.attrib,
3299 save->idtr.limit, save->idtr.base);
3300 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3302 save01->tr.selector, save01->tr.attrib,
3303 save01->tr.limit, save01->tr.base);
3304 pr_err("vmpl: %d cpl: %d efer: %016llx\n",
3305 save->vmpl, save->cpl, save->efer);
3306 pr_err("%-15s %016llx %-13s %016llx\n",
3307 "cr0:", save->cr0, "cr2:", save->cr2);
3308 pr_err("%-15s %016llx %-13s %016llx\n",
3309 "cr3:", save->cr3, "cr4:", save->cr4);
3310 pr_err("%-15s %016llx %-13s %016llx\n",
3311 "dr6:", save->dr6, "dr7:", save->dr7);
3312 pr_err("%-15s %016llx %-13s %016llx\n",
3313 "rip:", save->rip, "rflags:", save->rflags);
3314 pr_err("%-15s %016llx %-13s %016llx\n",
3315 "rsp:", save->rsp, "rax:", save->rax);
3316 pr_err("%-15s %016llx %-13s %016llx\n",
3317 "star:", save01->star, "lstar:", save01->lstar);
3318 pr_err("%-15s %016llx %-13s %016llx\n",
3319 "cstar:", save01->cstar, "sfmask:", save01->sfmask);
3320 pr_err("%-15s %016llx %-13s %016llx\n",
3321 "kernel_gs_base:", save01->kernel_gs_base,
3322 "sysenter_cs:", save01->sysenter_cs);
3323 pr_err("%-15s %016llx %-13s %016llx\n",
3324 "sysenter_esp:", save01->sysenter_esp,
3325 "sysenter_eip:", save01->sysenter_eip);
3326 pr_err("%-15s %016llx %-13s %016llx\n",
3327 "gpat:", save->g_pat, "dbgctl:", save->dbgctl);
3328 pr_err("%-15s %016llx %-13s %016llx\n",
3329 "br_from:", save->br_from, "br_to:", save->br_to);
3330 pr_err("%-15s %016llx %-13s %016llx\n",
3331 "excp_from:", save->last_excp_from,
3332 "excp_to:", save->last_excp_to);
3335 static bool svm_check_exit_valid(u64 exit_code)
3337 return (exit_code < ARRAY_SIZE(svm_exit_handlers) &&
3338 svm_exit_handlers[exit_code]);
3341 static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code)
3343 vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%llx\n", exit_code);
3345 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
3346 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
3347 vcpu->run->internal.ndata = 2;
3348 vcpu->run->internal.data[0] = exit_code;
3349 vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
3353 int svm_invoke_exit_handler(struct kvm_vcpu *vcpu, u64 exit_code)
3355 if (!svm_check_exit_valid(exit_code))
3356 return svm_handle_invalid_exit(vcpu, exit_code);
3358 #ifdef CONFIG_RETPOLINE
3359 if (exit_code == SVM_EXIT_MSR)
3360 return msr_interception(vcpu);
3361 else if (exit_code == SVM_EXIT_VINTR)
3362 return interrupt_window_interception(vcpu);
3363 else if (exit_code == SVM_EXIT_INTR)
3364 return intr_interception(vcpu);
3365 else if (exit_code == SVM_EXIT_HLT)
3366 return kvm_emulate_halt(vcpu);
3367 else if (exit_code == SVM_EXIT_NPF)
3368 return npf_interception(vcpu);
3370 return svm_exit_handlers[exit_code](vcpu);
3373 static void svm_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
3374 u64 *info1, u64 *info2,
3375 u32 *intr_info, u32 *error_code)
3377 struct vmcb_control_area *control = &to_svm(vcpu)->vmcb->control;
3379 *reason = control->exit_code;
3380 *info1 = control->exit_info_1;
3381 *info2 = control->exit_info_2;
3382 *intr_info = control->exit_int_info;
3383 if ((*intr_info & SVM_EXITINTINFO_VALID) &&
3384 (*intr_info & SVM_EXITINTINFO_VALID_ERR))
3385 *error_code = control->exit_int_info_err;
3390 static int svm_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
3392 struct vcpu_svm *svm = to_svm(vcpu);
3393 struct kvm_run *kvm_run = vcpu->run;
3394 u32 exit_code = svm->vmcb->control.exit_code;
3396 trace_kvm_exit(vcpu, KVM_ISA_SVM);
3398 /* SEV-ES guests must use the CR write traps to track CR registers. */
3399 if (!sev_es_guest(vcpu->kvm)) {
3400 if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE))
3401 vcpu->arch.cr0 = svm->vmcb->save.cr0;
3403 vcpu->arch.cr3 = svm->vmcb->save.cr3;
3406 if (is_guest_mode(vcpu)) {
3409 trace_kvm_nested_vmexit(vcpu, KVM_ISA_SVM);
3411 vmexit = nested_svm_exit_special(svm);
3413 if (vmexit == NESTED_EXIT_CONTINUE)
3414 vmexit = nested_svm_exit_handled(svm);
3416 if (vmexit == NESTED_EXIT_DONE)
3420 if (svm->vmcb->control.exit_code == SVM_EXIT_ERR) {
3421 kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
3422 kvm_run->fail_entry.hardware_entry_failure_reason
3423 = svm->vmcb->control.exit_code;
3424 kvm_run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
3429 if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
3430 exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
3431 exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH &&
3432 exit_code != SVM_EXIT_INTR && exit_code != SVM_EXIT_NMI)
3433 printk(KERN_ERR "%s: unexpected exit_int_info 0x%x "
3435 __func__, svm->vmcb->control.exit_int_info,
3438 if (exit_fastpath != EXIT_FASTPATH_NONE)
3441 return svm_invoke_exit_handler(vcpu, exit_code);
3444 static void reload_tss(struct kvm_vcpu *vcpu)
3446 struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
3448 sd->tss_desc->type = 9; /* available 32/64-bit TSS */
3452 static void pre_svm_run(struct kvm_vcpu *vcpu)
3454 struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
3455 struct vcpu_svm *svm = to_svm(vcpu);
3458 * If the previous vmrun of the vmcb occurred on a different physical
3459 * cpu, then mark the vmcb dirty and assign a new asid. Hardware's
3460 * vmcb clean bits are per logical CPU, as are KVM's asid assignments.
3462 if (unlikely(svm->current_vmcb->cpu != vcpu->cpu)) {
3463 svm->current_vmcb->asid_generation = 0;
3464 vmcb_mark_all_dirty(svm->vmcb);
3465 svm->current_vmcb->cpu = vcpu->cpu;
3468 if (sev_guest(vcpu->kvm))
3469 return pre_sev_run(svm, vcpu->cpu);
3471 /* FIXME: handle wraparound of asid_generation */
3472 if (svm->current_vmcb->asid_generation != sd->asid_generation)
3476 static void svm_inject_nmi(struct kvm_vcpu *vcpu)
3478 struct vcpu_svm *svm = to_svm(vcpu);
3480 svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI;
3482 if (svm->nmi_l1_to_l2)
3485 vcpu->arch.hflags |= HF_NMI_MASK;
3486 if (!sev_es_guest(vcpu->kvm))
3487 svm_set_intercept(svm, INTERCEPT_IRET);
3488 ++vcpu->stat.nmi_injections;
3491 static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
3493 struct vcpu_svm *svm = to_svm(vcpu);
3496 if (vcpu->arch.interrupt.soft) {
3497 if (svm_update_soft_interrupt_rip(vcpu))
3500 type = SVM_EVTINJ_TYPE_SOFT;
3502 type = SVM_EVTINJ_TYPE_INTR;
3505 trace_kvm_inj_virq(vcpu->arch.interrupt.nr,
3506 vcpu->arch.interrupt.soft, reinjected);
3507 ++vcpu->stat.irq_injections;
3509 svm->vmcb->control.event_inj = vcpu->arch.interrupt.nr |
3510 SVM_EVTINJ_VALID | type;
3513 void svm_complete_interrupt_delivery(struct kvm_vcpu *vcpu, int delivery_mode,
3514 int trig_mode, int vector)
3517 * apic->apicv_active must be read after vcpu->mode.
3518 * Pairs with smp_store_release in vcpu_enter_guest.
3520 bool in_guest_mode = (smp_load_acquire(&vcpu->mode) == IN_GUEST_MODE);
3522 /* Note, this is called iff the local APIC is in-kernel. */
3523 if (!READ_ONCE(vcpu->arch.apic->apicv_active)) {
3524 /* Process the interrupt via kvm_check_and_inject_events(). */
3525 kvm_make_request(KVM_REQ_EVENT, vcpu);
3526 kvm_vcpu_kick(vcpu);
3530 trace_kvm_apicv_accept_irq(vcpu->vcpu_id, delivery_mode, trig_mode, vector);
3531 if (in_guest_mode) {
3533 * Signal the doorbell to tell hardware to inject the IRQ. If
3534 * the vCPU exits the guest before the doorbell chimes, hardware
3535 * will automatically process AVIC interrupts at the next VMRUN.
3537 avic_ring_doorbell(vcpu);
3540 * Wake the vCPU if it was blocking. KVM will then detect the
3541 * pending IRQ when checking if the vCPU has a wake event.
3543 kvm_vcpu_wake_up(vcpu);
3547 static void svm_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
3548 int trig_mode, int vector)
3550 kvm_lapic_set_irr(vector, apic);
3553 * Pairs with the smp_mb_*() after setting vcpu->guest_mode in
3554 * vcpu_enter_guest() to ensure the write to the vIRR is ordered before
3555 * the read of guest_mode. This guarantees that either VMRUN will see
3556 * and process the new vIRR entry, or that svm_complete_interrupt_delivery
3557 * will signal the doorbell if the CPU has already entered the guest.
3559 smp_mb__after_atomic();
3560 svm_complete_interrupt_delivery(apic->vcpu, delivery_mode, trig_mode, vector);
3563 static void svm_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
3565 struct vcpu_svm *svm = to_svm(vcpu);
3568 * SEV-ES guests must always keep the CR intercepts cleared. CR
3569 * tracking is done using the CR write traps.
3571 if (sev_es_guest(vcpu->kvm))
3574 if (nested_svm_virtualize_tpr(vcpu))
3577 svm_clr_intercept(svm, INTERCEPT_CR8_WRITE);
3583 svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
3586 bool svm_nmi_blocked(struct kvm_vcpu *vcpu)
3588 struct vcpu_svm *svm = to_svm(vcpu);
3589 struct vmcb *vmcb = svm->vmcb;
3595 if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
3598 ret = (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) ||
3599 (vcpu->arch.hflags & HF_NMI_MASK);
3604 static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
3606 struct vcpu_svm *svm = to_svm(vcpu);
3607 if (svm->nested.nested_run_pending)
3610 if (svm_nmi_blocked(vcpu))
3613 /* An NMI must not be injected into L2 if it's supposed to VM-Exit. */
3614 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
3619 static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
3621 return !!(vcpu->arch.hflags & HF_NMI_MASK);
3624 static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
3626 struct vcpu_svm *svm = to_svm(vcpu);
3629 vcpu->arch.hflags |= HF_NMI_MASK;
3630 if (!sev_es_guest(vcpu->kvm))
3631 svm_set_intercept(svm, INTERCEPT_IRET);
3633 vcpu->arch.hflags &= ~HF_NMI_MASK;
3634 if (!sev_es_guest(vcpu->kvm))
3635 svm_clr_intercept(svm, INTERCEPT_IRET);
3639 bool svm_interrupt_blocked(struct kvm_vcpu *vcpu)
3641 struct vcpu_svm *svm = to_svm(vcpu);
3642 struct vmcb *vmcb = svm->vmcb;
3647 if (is_guest_mode(vcpu)) {
3648 /* As long as interrupts are being delivered... */
3649 if ((svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK)
3650 ? !(svm->vmcb01.ptr->save.rflags & X86_EFLAGS_IF)
3651 : !(kvm_get_rflags(vcpu) & X86_EFLAGS_IF))
3654 /* ... vmexits aren't blocked by the interrupt shadow */
3655 if (nested_exit_on_intr(svm))
3658 if (!svm_get_if_flag(vcpu))
3662 return (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK);
3665 static int svm_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
3667 struct vcpu_svm *svm = to_svm(vcpu);
3669 if (svm->nested.nested_run_pending)
3672 if (svm_interrupt_blocked(vcpu))
3676 * An IRQ must not be injected into L2 if it's supposed to VM-Exit,
3677 * e.g. if the IRQ arrived asynchronously after checking nested events.
3679 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_intr(svm))
3685 static void svm_enable_irq_window(struct kvm_vcpu *vcpu)
3687 struct vcpu_svm *svm = to_svm(vcpu);
3690 * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes
3691 * 1, because that's a separate STGI/VMRUN intercept. The next time we
3692 * get that intercept, this function will be called again though and
3693 * we'll get the vintr intercept. However, if the vGIF feature is
3694 * enabled, the STGI interception will not occur. Enable the irq
3695 * window under the assumption that the hardware will set the GIF.
3697 if (vgif || gif_set(svm)) {
3699 * IRQ window is not needed when AVIC is enabled,
3700 * unless we have pending ExtINT since it cannot be injected
3701 * via AVIC. In such case, KVM needs to temporarily disable AVIC,
3702 * and fallback to injecting IRQ via V_IRQ.
3704 * If running nested, AVIC is already locally inhibited
3705 * on this vCPU, therefore there is no need to request
3706 * the VM wide AVIC inhibition.
3708 if (!is_guest_mode(vcpu))
3709 kvm_set_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_IRQWIN);
3715 static void svm_enable_nmi_window(struct kvm_vcpu *vcpu)
3717 struct vcpu_svm *svm = to_svm(vcpu);
3719 if ((vcpu->arch.hflags & (HF_NMI_MASK | HF_IRET_MASK)) == HF_NMI_MASK)
3720 return; /* IRET will cause a vm exit */
3722 if (!gif_set(svm)) {
3724 svm_set_intercept(svm, INTERCEPT_STGI);
3725 return; /* STGI will cause a vm exit */
3729 * Something prevents NMI from been injected. Single step over possible
3730 * problem (IRET or exception injection or interrupt shadow)
3732 svm->nmi_singlestep_guest_rflags = svm_get_rflags(vcpu);
3733 svm->nmi_singlestep = true;
3734 svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
3737 static void svm_flush_tlb_current(struct kvm_vcpu *vcpu)
3739 struct vcpu_svm *svm = to_svm(vcpu);
3742 * Flush only the current ASID even if the TLB flush was invoked via
3743 * kvm_flush_remote_tlbs(). Although flushing remote TLBs requires all
3744 * ASIDs to be flushed, KVM uses a single ASID for L1 and L2, and
3745 * unconditionally does a TLB flush on both nested VM-Enter and nested
3746 * VM-Exit (via kvm_mmu_reset_context()).
3748 if (static_cpu_has(X86_FEATURE_FLUSHBYASID))
3749 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
3751 svm->current_vmcb->asid_generation--;
3754 static void svm_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t gva)
3756 struct vcpu_svm *svm = to_svm(vcpu);
3758 invlpga(gva, svm->vmcb->control.asid);
3761 static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
3763 struct vcpu_svm *svm = to_svm(vcpu);
3765 if (nested_svm_virtualize_tpr(vcpu))
3768 if (!svm_is_intercept(svm, INTERCEPT_CR8_WRITE)) {
3769 int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
3770 kvm_set_cr8(vcpu, cr8);
3774 static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
3776 struct vcpu_svm *svm = to_svm(vcpu);
3779 if (nested_svm_virtualize_tpr(vcpu) ||
3780 kvm_vcpu_apicv_active(vcpu))
3783 cr8 = kvm_get_cr8(vcpu);
3784 svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
3785 svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
3788 static void svm_complete_soft_interrupt(struct kvm_vcpu *vcpu, u8 vector,
3791 bool is_exception = (type == SVM_EXITINTINFO_TYPE_EXEPT);
3792 bool is_soft = (type == SVM_EXITINTINFO_TYPE_SOFT);
3793 struct vcpu_svm *svm = to_svm(vcpu);
3796 * If NRIPS is enabled, KVM must snapshot the pre-VMRUN next_rip that's
3797 * associated with the original soft exception/interrupt. next_rip is
3798 * cleared on all exits that can occur while vectoring an event, so KVM
3799 * needs to manually set next_rip for re-injection. Unlike the !nrips
3800 * case below, this needs to be done if and only if KVM is re-injecting
3801 * the same event, i.e. if the event is a soft exception/interrupt,
3802 * otherwise next_rip is unused on VMRUN.
3804 if (nrips && (is_soft || (is_exception && kvm_exception_is_soft(vector))) &&
3805 kvm_is_linear_rip(vcpu, svm->soft_int_old_rip + svm->soft_int_csbase))
3806 svm->vmcb->control.next_rip = svm->soft_int_next_rip;
3808 * If NRIPS isn't enabled, KVM must manually advance RIP prior to
3809 * injecting the soft exception/interrupt. That advancement needs to
3810 * be unwound if vectoring didn't complete. Note, the new event may
3811 * not be the injected event, e.g. if KVM injected an INTn, the INTn
3812 * hit a #NP in the guest, and the #NP encountered a #PF, the #NP will
3813 * be the reported vectored event, but RIP still needs to be unwound.
3815 else if (!nrips && (is_soft || is_exception) &&
3816 kvm_is_linear_rip(vcpu, svm->soft_int_next_rip + svm->soft_int_csbase))
3817 kvm_rip_write(vcpu, svm->soft_int_old_rip);
3820 static void svm_complete_interrupts(struct kvm_vcpu *vcpu)
3822 struct vcpu_svm *svm = to_svm(vcpu);
3825 u32 exitintinfo = svm->vmcb->control.exit_int_info;
3826 bool nmi_l1_to_l2 = svm->nmi_l1_to_l2;
3827 bool soft_int_injected = svm->soft_int_injected;
3829 svm->nmi_l1_to_l2 = false;
3830 svm->soft_int_injected = false;
3833 * If we've made progress since setting HF_IRET_MASK, we've
3834 * executed an IRET and can allow NMI injection.
3836 if ((vcpu->arch.hflags & HF_IRET_MASK) &&
3837 (sev_es_guest(vcpu->kvm) ||
3838 kvm_rip_read(vcpu) != svm->nmi_iret_rip)) {
3839 vcpu->arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK);
3840 kvm_make_request(KVM_REQ_EVENT, vcpu);
3843 vcpu->arch.nmi_injected = false;
3844 kvm_clear_exception_queue(vcpu);
3845 kvm_clear_interrupt_queue(vcpu);
3847 if (!(exitintinfo & SVM_EXITINTINFO_VALID))
3850 kvm_make_request(KVM_REQ_EVENT, vcpu);
3852 vector = exitintinfo & SVM_EXITINTINFO_VEC_MASK;
3853 type = exitintinfo & SVM_EXITINTINFO_TYPE_MASK;
3855 if (soft_int_injected)
3856 svm_complete_soft_interrupt(vcpu, vector, type);
3859 case SVM_EXITINTINFO_TYPE_NMI:
3860 vcpu->arch.nmi_injected = true;
3861 svm->nmi_l1_to_l2 = nmi_l1_to_l2;
3863 case SVM_EXITINTINFO_TYPE_EXEPT:
3865 * Never re-inject a #VC exception.
3867 if (vector == X86_TRAP_VC)
3870 if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) {
3871 u32 err = svm->vmcb->control.exit_int_info_err;
3872 kvm_requeue_exception_e(vcpu, vector, err);
3875 kvm_requeue_exception(vcpu, vector);
3877 case SVM_EXITINTINFO_TYPE_INTR:
3878 kvm_queue_interrupt(vcpu, vector, false);
3880 case SVM_EXITINTINFO_TYPE_SOFT:
3881 kvm_queue_interrupt(vcpu, vector, true);
3889 static void svm_cancel_injection(struct kvm_vcpu *vcpu)
3891 struct vcpu_svm *svm = to_svm(vcpu);
3892 struct vmcb_control_area *control = &svm->vmcb->control;
3894 control->exit_int_info = control->event_inj;
3895 control->exit_int_info_err = control->event_inj_err;
3896 control->event_inj = 0;
3897 svm_complete_interrupts(vcpu);
3900 static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
3905 static fastpath_t svm_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
3907 if (to_svm(vcpu)->vmcb->control.exit_code == SVM_EXIT_MSR &&
3908 to_svm(vcpu)->vmcb->control.exit_info_1)
3909 return handle_fastpath_set_msr_irqoff(vcpu);
3911 return EXIT_FASTPATH_NONE;
3914 static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu)
3916 struct vcpu_svm *svm = to_svm(vcpu);
3917 unsigned long vmcb_pa = svm->current_vmcb->pa;
3919 guest_state_enter_irqoff();
3921 if (sev_es_guest(vcpu->kvm)) {
3922 __svm_sev_es_vcpu_run(vmcb_pa);
3924 struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
3927 * Use a single vmcb (vmcb01 because it's always valid) for
3928 * context switching guest state via VMLOAD/VMSAVE, that way
3929 * the state doesn't need to be copied between vmcb01 and
3930 * vmcb02 when switching vmcbs for nested virtualization.
3932 vmload(svm->vmcb01.pa);
3933 __svm_vcpu_run(vmcb_pa, (unsigned long *)&vcpu->arch.regs);
3934 vmsave(svm->vmcb01.pa);
3936 vmload(__sme_page_pa(sd->save_area));
3939 guest_state_exit_irqoff();
3942 static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
3944 struct vcpu_svm *svm = to_svm(vcpu);
3946 trace_kvm_entry(vcpu);
3948 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
3949 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
3950 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
3953 * Disable singlestep if we're injecting an interrupt/exception.
3954 * We don't want our modified rflags to be pushed on the stack where
3955 * we might not be able to easily reset them if we disabled NMI
3958 if (svm->nmi_singlestep && svm->vmcb->control.event_inj) {
3960 * Event injection happens before external interrupts cause a
3961 * vmexit and interrupts are disabled here, so smp_send_reschedule
3962 * is enough to force an immediate vmexit.
3964 disable_nmi_singlestep(svm);
3965 smp_send_reschedule(vcpu->cpu);
3970 sync_lapic_to_cr8(vcpu);
3972 if (unlikely(svm->asid != svm->vmcb->control.asid)) {
3973 svm->vmcb->control.asid = svm->asid;
3974 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
3976 svm->vmcb->save.cr2 = vcpu->arch.cr2;
3978 svm_hv_update_vp_id(svm->vmcb, vcpu);
3981 * Run with all-zero DR6 unless needed, so that we can get the exact cause
3984 if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))
3985 svm_set_dr6(svm, vcpu->arch.dr6);
3987 svm_set_dr6(svm, DR6_ACTIVE_LOW);
3990 kvm_load_guest_xsave_state(vcpu);
3992 kvm_wait_lapic_expire(vcpu);
3995 * If this vCPU has touched SPEC_CTRL, restore the guest's value if
3996 * it's non-zero. Since vmentry is serialising on affected CPUs, there
3997 * is no need to worry about the conditional branch over the wrmsr
3998 * being speculatively taken.
4000 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
4001 x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
4003 svm_vcpu_enter_exit(vcpu);
4006 * We do not use IBRS in the kernel. If this vCPU has used the
4007 * SPEC_CTRL MSR it may have left it on; save the value and
4008 * turn it off. This is much more efficient than blindly adding
4009 * it to the atomic save/restore list. Especially as the former
4010 * (Saving guest MSRs on vmexit) doesn't even exist in KVM.
4012 * For non-nested case:
4013 * If the L01 MSR bitmap does not intercept the MSR, then we need to
4017 * If the L02 MSR bitmap does not intercept the MSR, then we need to
4020 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL) &&
4021 unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
4022 svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
4024 if (!sev_es_guest(vcpu->kvm))
4027 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
4028 x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
4030 if (!sev_es_guest(vcpu->kvm)) {
4031 vcpu->arch.cr2 = svm->vmcb->save.cr2;
4032 vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
4033 vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
4034 vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
4036 vcpu->arch.regs_dirty = 0;
4038 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4039 kvm_before_interrupt(vcpu, KVM_HANDLING_NMI);
4041 kvm_load_host_xsave_state(vcpu);
4044 /* Any pending NMI will happen here */
4046 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4047 kvm_after_interrupt(vcpu);
4049 sync_cr8_to_lapic(vcpu);
4052 if (is_guest_mode(vcpu)) {
4053 nested_sync_control_from_vmcb02(svm);
4055 /* Track VMRUNs that have made past consistency checking */
4056 if (svm->nested.nested_run_pending &&
4057 svm->vmcb->control.exit_code != SVM_EXIT_ERR)
4058 ++vcpu->stat.nested_run;
4060 svm->nested.nested_run_pending = 0;
4063 svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
4064 vmcb_mark_all_clean(svm->vmcb);
4066 /* if exit due to PF check for async PF */
4067 if (svm->vmcb->control.exit_code == SVM_EXIT_EXCP_BASE + PF_VECTOR)
4068 vcpu->arch.apf.host_apf_flags =
4069 kvm_read_and_reset_apf_flags();
4071 vcpu->arch.regs_avail &= ~SVM_REGS_LAZY_LOAD_SET;
4074 * We need to handle MC intercepts here before the vcpu has a chance to
4075 * change the physical cpu
4077 if (unlikely(svm->vmcb->control.exit_code ==
4078 SVM_EXIT_EXCP_BASE + MC_VECTOR))
4079 svm_handle_mce(vcpu);
4081 svm_complete_interrupts(vcpu);
4083 if (is_guest_mode(vcpu))
4084 return EXIT_FASTPATH_NONE;
4086 return svm_exit_handlers_fastpath(vcpu);
4089 static void svm_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa,
4092 struct vcpu_svm *svm = to_svm(vcpu);
4096 svm->vmcb->control.nested_cr3 = __sme_set(root_hpa);
4097 vmcb_mark_dirty(svm->vmcb, VMCB_NPT);
4099 hv_track_root_tdp(vcpu, root_hpa);
4101 cr3 = vcpu->arch.cr3;
4102 } else if (root_level >= PT64_ROOT_4LEVEL) {
4103 cr3 = __sme_set(root_hpa) | kvm_get_active_pcid(vcpu);
4105 /* PCID in the guest should be impossible with a 32-bit MMU. */
4106 WARN_ON_ONCE(kvm_get_active_pcid(vcpu));
4110 svm->vmcb->save.cr3 = cr3;
4111 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
4114 static int is_disabled(void)
4118 rdmsrl(MSR_VM_CR, vm_cr);
4119 if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE))
4126 svm_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
4129 * Patch in the VMMCALL instruction:
4131 hypercall[0] = 0x0f;
4132 hypercall[1] = 0x01;
4133 hypercall[2] = 0xd9;
4136 static int __init svm_check_processor_compat(void)
4142 * The kvm parameter can be NULL (module initialization, or invocation before
4143 * VM creation). Be sure to check the kvm parameter before using it.
4145 static bool svm_has_emulated_msr(struct kvm *kvm, u32 index)
4148 case MSR_IA32_MCG_EXT_CTL:
4149 case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
4151 case MSR_IA32_SMBASE:
4152 /* SEV-ES guests do not support SMM, so report false */
4153 if (kvm && sev_es_guest(kvm))
4163 static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
4165 struct vcpu_svm *svm = to_svm(vcpu);
4166 struct kvm_cpuid_entry2 *best;
4168 vcpu->arch.xsaves_enabled = guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) &&
4169 boot_cpu_has(X86_FEATURE_XSAVE) &&
4170 boot_cpu_has(X86_FEATURE_XSAVES);
4172 /* Update nrips enabled cache */
4173 svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) &&
4174 guest_cpuid_has(vcpu, X86_FEATURE_NRIPS);
4176 svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR);
4177 svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV);
4179 svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD);
4181 svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) &&
4182 guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER);
4184 svm->pause_threshold_enabled = kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD) &&
4185 guest_cpuid_has(vcpu, X86_FEATURE_PFTHRESHOLD);
4187 svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF);
4189 svm_recalc_instruction_intercepts(vcpu, svm);
4191 /* For sev guests, the memory encryption bit is not reserved in CR3. */
4192 if (sev_guest(vcpu->kvm)) {
4193 best = kvm_find_cpuid_entry(vcpu, 0x8000001F);
4195 vcpu->arch.reserved_gpa_bits &= ~(1UL << (best->ebx & 0x3f));
4198 init_vmcb_after_set_cpuid(vcpu);
4201 static bool svm_has_wbinvd_exit(void)
4206 #define PRE_EX(exit) { .exit_code = (exit), \
4207 .stage = X86_ICPT_PRE_EXCEPT, }
4208 #define POST_EX(exit) { .exit_code = (exit), \
4209 .stage = X86_ICPT_POST_EXCEPT, }
4210 #define POST_MEM(exit) { .exit_code = (exit), \
4211 .stage = X86_ICPT_POST_MEMACCESS, }
4213 static const struct __x86_intercept {
4215 enum x86_intercept_stage stage;
4216 } x86_intercept_map[] = {
4217 [x86_intercept_cr_read] = POST_EX(SVM_EXIT_READ_CR0),
4218 [x86_intercept_cr_write] = POST_EX(SVM_EXIT_WRITE_CR0),
4219 [x86_intercept_clts] = POST_EX(SVM_EXIT_WRITE_CR0),
4220 [x86_intercept_lmsw] = POST_EX(SVM_EXIT_WRITE_CR0),
4221 [x86_intercept_smsw] = POST_EX(SVM_EXIT_READ_CR0),
4222 [x86_intercept_dr_read] = POST_EX(SVM_EXIT_READ_DR0),
4223 [x86_intercept_dr_write] = POST_EX(SVM_EXIT_WRITE_DR0),
4224 [x86_intercept_sldt] = POST_EX(SVM_EXIT_LDTR_READ),
4225 [x86_intercept_str] = POST_EX(SVM_EXIT_TR_READ),
4226 [x86_intercept_lldt] = POST_EX(SVM_EXIT_LDTR_WRITE),
4227 [x86_intercept_ltr] = POST_EX(SVM_EXIT_TR_WRITE),
4228 [x86_intercept_sgdt] = POST_EX(SVM_EXIT_GDTR_READ),
4229 [x86_intercept_sidt] = POST_EX(SVM_EXIT_IDTR_READ),
4230 [x86_intercept_lgdt] = POST_EX(SVM_EXIT_GDTR_WRITE),
4231 [x86_intercept_lidt] = POST_EX(SVM_EXIT_IDTR_WRITE),
4232 [x86_intercept_vmrun] = POST_EX(SVM_EXIT_VMRUN),
4233 [x86_intercept_vmmcall] = POST_EX(SVM_EXIT_VMMCALL),
4234 [x86_intercept_vmload] = POST_EX(SVM_EXIT_VMLOAD),
4235 [x86_intercept_vmsave] = POST_EX(SVM_EXIT_VMSAVE),
4236 [x86_intercept_stgi] = POST_EX(SVM_EXIT_STGI),
4237 [x86_intercept_clgi] = POST_EX(SVM_EXIT_CLGI),
4238 [x86_intercept_skinit] = POST_EX(SVM_EXIT_SKINIT),
4239 [x86_intercept_invlpga] = POST_EX(SVM_EXIT_INVLPGA),
4240 [x86_intercept_rdtscp] = POST_EX(SVM_EXIT_RDTSCP),
4241 [x86_intercept_monitor] = POST_MEM(SVM_EXIT_MONITOR),
4242 [x86_intercept_mwait] = POST_EX(SVM_EXIT_MWAIT),
4243 [x86_intercept_invlpg] = POST_EX(SVM_EXIT_INVLPG),
4244 [x86_intercept_invd] = POST_EX(SVM_EXIT_INVD),
4245 [x86_intercept_wbinvd] = POST_EX(SVM_EXIT_WBINVD),
4246 [x86_intercept_wrmsr] = POST_EX(SVM_EXIT_MSR),
4247 [x86_intercept_rdtsc] = POST_EX(SVM_EXIT_RDTSC),
4248 [x86_intercept_rdmsr] = POST_EX(SVM_EXIT_MSR),
4249 [x86_intercept_rdpmc] = POST_EX(SVM_EXIT_RDPMC),
4250 [x86_intercept_cpuid] = PRE_EX(SVM_EXIT_CPUID),
4251 [x86_intercept_rsm] = PRE_EX(SVM_EXIT_RSM),
4252 [x86_intercept_pause] = PRE_EX(SVM_EXIT_PAUSE),
4253 [x86_intercept_pushf] = PRE_EX(SVM_EXIT_PUSHF),
4254 [x86_intercept_popf] = PRE_EX(SVM_EXIT_POPF),
4255 [x86_intercept_intn] = PRE_EX(SVM_EXIT_SWINT),
4256 [x86_intercept_iret] = PRE_EX(SVM_EXIT_IRET),
4257 [x86_intercept_icebp] = PRE_EX(SVM_EXIT_ICEBP),
4258 [x86_intercept_hlt] = POST_EX(SVM_EXIT_HLT),
4259 [x86_intercept_in] = POST_EX(SVM_EXIT_IOIO),
4260 [x86_intercept_ins] = POST_EX(SVM_EXIT_IOIO),
4261 [x86_intercept_out] = POST_EX(SVM_EXIT_IOIO),
4262 [x86_intercept_outs] = POST_EX(SVM_EXIT_IOIO),
4263 [x86_intercept_xsetbv] = PRE_EX(SVM_EXIT_XSETBV),
4270 static int svm_check_intercept(struct kvm_vcpu *vcpu,
4271 struct x86_instruction_info *info,
4272 enum x86_intercept_stage stage,
4273 struct x86_exception *exception)
4275 struct vcpu_svm *svm = to_svm(vcpu);
4276 int vmexit, ret = X86EMUL_CONTINUE;
4277 struct __x86_intercept icpt_info;
4278 struct vmcb *vmcb = svm->vmcb;
4280 if (info->intercept >= ARRAY_SIZE(x86_intercept_map))
4283 icpt_info = x86_intercept_map[info->intercept];
4285 if (stage != icpt_info.stage)
4288 switch (icpt_info.exit_code) {
4289 case SVM_EXIT_READ_CR0:
4290 if (info->intercept == x86_intercept_cr_read)
4291 icpt_info.exit_code += info->modrm_reg;
4293 case SVM_EXIT_WRITE_CR0: {
4294 unsigned long cr0, val;
4296 if (info->intercept == x86_intercept_cr_write)
4297 icpt_info.exit_code += info->modrm_reg;
4299 if (icpt_info.exit_code != SVM_EXIT_WRITE_CR0 ||
4300 info->intercept == x86_intercept_clts)
4303 if (!(vmcb12_is_intercept(&svm->nested.ctl,
4304 INTERCEPT_SELECTIVE_CR0)))
4307 cr0 = vcpu->arch.cr0 & ~SVM_CR0_SELECTIVE_MASK;
4308 val = info->src_val & ~SVM_CR0_SELECTIVE_MASK;
4310 if (info->intercept == x86_intercept_lmsw) {
4313 /* lmsw can't clear PE - catch this here */
4314 if (cr0 & X86_CR0_PE)
4319 icpt_info.exit_code = SVM_EXIT_CR0_SEL_WRITE;
4323 case SVM_EXIT_READ_DR0:
4324 case SVM_EXIT_WRITE_DR0:
4325 icpt_info.exit_code += info->modrm_reg;
4328 if (info->intercept == x86_intercept_wrmsr)
4329 vmcb->control.exit_info_1 = 1;
4331 vmcb->control.exit_info_1 = 0;
4333 case SVM_EXIT_PAUSE:
4335 * We get this for NOP only, but pause
4336 * is rep not, check this here
4338 if (info->rep_prefix != REPE_PREFIX)
4341 case SVM_EXIT_IOIO: {
4345 if (info->intercept == x86_intercept_in ||
4346 info->intercept == x86_intercept_ins) {
4347 exit_info = ((info->src_val & 0xffff) << 16) |
4349 bytes = info->dst_bytes;
4351 exit_info = (info->dst_val & 0xffff) << 16;
4352 bytes = info->src_bytes;
4355 if (info->intercept == x86_intercept_outs ||
4356 info->intercept == x86_intercept_ins)
4357 exit_info |= SVM_IOIO_STR_MASK;
4359 if (info->rep_prefix)
4360 exit_info |= SVM_IOIO_REP_MASK;
4362 bytes = min(bytes, 4u);
4364 exit_info |= bytes << SVM_IOIO_SIZE_SHIFT;
4366 exit_info |= (u32)info->ad_bytes << (SVM_IOIO_ASIZE_SHIFT - 1);
4368 vmcb->control.exit_info_1 = exit_info;
4369 vmcb->control.exit_info_2 = info->next_rip;
4377 /* TODO: Advertise NRIPS to guest hypervisor unconditionally */
4378 if (static_cpu_has(X86_FEATURE_NRIPS))
4379 vmcb->control.next_rip = info->next_rip;
4380 vmcb->control.exit_code = icpt_info.exit_code;
4381 vmexit = nested_svm_exit_handled(svm);
4383 ret = (vmexit == NESTED_EXIT_DONE) ? X86EMUL_INTERCEPTED
4390 static void svm_handle_exit_irqoff(struct kvm_vcpu *vcpu)
4392 if (to_svm(vcpu)->vmcb->control.exit_code == SVM_EXIT_INTR)
4393 vcpu->arch.at_instruction_boundary = true;
4396 static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
4398 if (!kvm_pause_in_guest(vcpu->kvm))
4399 shrink_ple_window(vcpu);
4402 static void svm_setup_mce(struct kvm_vcpu *vcpu)
4404 /* [63:9] are reserved. */
4405 vcpu->arch.mcg_cap &= 0x1ff;
4408 bool svm_smi_blocked(struct kvm_vcpu *vcpu)
4410 struct vcpu_svm *svm = to_svm(vcpu);
4412 /* Per APM Vol.2 15.22.2 "Response to SMI" */
4416 return is_smm(vcpu);
4419 static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
4421 struct vcpu_svm *svm = to_svm(vcpu);
4422 if (svm->nested.nested_run_pending)
4425 if (svm_smi_blocked(vcpu))
4428 /* An SMI must not be injected into L2 if it's supposed to VM-Exit. */
4429 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_smi(svm))
4435 static int svm_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
4437 struct vcpu_svm *svm = to_svm(vcpu);
4438 struct kvm_host_map map_save;
4441 if (!is_guest_mode(vcpu))
4444 /* FED8h - SVM Guest */
4445 put_smstate(u64, smstate, 0x7ed8, 1);
4446 /* FEE0h - SVM Guest VMCB Physical Address */
4447 put_smstate(u64, smstate, 0x7ee0, svm->nested.vmcb12_gpa);
4449 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
4450 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
4451 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
4453 ret = nested_svm_simple_vmexit(svm, SVM_EXIT_SW);
4458 * KVM uses VMCB01 to store L1 host state while L2 runs but
4459 * VMCB01 is going to be used during SMM and thus the state will
4460 * be lost. Temporary save non-VMLOAD/VMSAVE state to the host save
4461 * area pointed to by MSR_VM_HSAVE_PA. APM guarantees that the
4462 * format of the area is identical to guest save area offsetted
4463 * by 0x400 (matches the offset of 'struct vmcb_save_area'
4464 * within 'struct vmcb'). Note: HSAVE area may also be used by
4465 * L1 hypervisor to save additional host context (e.g. KVM does
4466 * that, see svm_prepare_switch_to_guest()) which must be
4469 if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr),
4470 &map_save) == -EINVAL)
4473 BUILD_BUG_ON(offsetof(struct vmcb, save) != 0x400);
4475 svm_copy_vmrun_state(map_save.hva + 0x400,
4476 &svm->vmcb01.ptr->save);
4478 kvm_vcpu_unmap(vcpu, &map_save, true);
4482 static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate)
4484 struct vcpu_svm *svm = to_svm(vcpu);
4485 struct kvm_host_map map, map_save;
4486 u64 saved_efer, vmcb12_gpa;
4487 struct vmcb *vmcb12;
4490 if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
4493 /* Non-zero if SMI arrived while vCPU was in guest mode. */
4494 if (!GET_SMSTATE(u64, smstate, 0x7ed8))
4497 if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))
4500 saved_efer = GET_SMSTATE(u64, smstate, 0x7ed0);
4501 if (!(saved_efer & EFER_SVME))
4504 vmcb12_gpa = GET_SMSTATE(u64, smstate, 0x7ee0);
4505 if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map) == -EINVAL)
4509 if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr), &map_save) == -EINVAL)
4512 if (svm_allocate_nested(svm))
4516 * Restore L1 host state from L1 HSAVE area as VMCB01 was
4517 * used during SMM (see svm_enter_smm())
4520 svm_copy_vmrun_state(&svm->vmcb01.ptr->save, map_save.hva + 0x400);
4523 * Enter the nested guest now
4526 vmcb_mark_all_dirty(svm->vmcb01.ptr);
4529 nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
4530 nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);
4531 ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false);
4536 svm->nested.nested_run_pending = 1;
4539 kvm_vcpu_unmap(vcpu, &map_save, true);
4541 kvm_vcpu_unmap(vcpu, &map, true);
4545 static void svm_enable_smi_window(struct kvm_vcpu *vcpu)
4547 struct vcpu_svm *svm = to_svm(vcpu);
4549 if (!gif_set(svm)) {
4551 svm_set_intercept(svm, INTERCEPT_STGI);
4552 /* STGI will cause a vm exit */
4554 /* We must be in SMM; RSM will cause a vmexit anyway. */
4558 static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type,
4559 void *insn, int insn_len)
4561 bool smep, smap, is_user;
4565 /* Emulation is always possible when KVM has access to all guest state. */
4566 if (!sev_guest(vcpu->kvm))
4569 /* #UD and #GP should never be intercepted for SEV guests. */
4570 WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD |
4571 EMULTYPE_TRAP_UD_FORCED |
4572 EMULTYPE_VMWARE_GP));
4575 * Emulation is impossible for SEV-ES guests as KVM doesn't have access
4576 * to guest register state.
4578 if (sev_es_guest(vcpu->kvm))
4582 * Emulation is possible if the instruction is already decoded, e.g.
4583 * when completing I/O after returning from userspace.
4585 if (emul_type & EMULTYPE_NO_DECODE)
4589 * Emulation is possible for SEV guests if and only if a prefilled
4590 * buffer containing the bytes of the intercepted instruction is
4591 * available. SEV guest memory is encrypted with a guest specific key
4592 * and cannot be decrypted by KVM, i.e. KVM would read cyphertext and
4595 * Inject #UD if KVM reached this point without an instruction buffer.
4596 * In practice, this path should never be hit by a well-behaved guest,
4597 * e.g. KVM doesn't intercept #UD or #GP for SEV guests, but this path
4598 * is still theoretically reachable, e.g. via unaccelerated fault-like
4599 * AVIC access, and needs to be handled by KVM to avoid putting the
4600 * guest into an infinite loop. Injecting #UD is somewhat arbitrary,
4601 * but its the least awful option given lack of insight into the guest.
4603 if (unlikely(!insn)) {
4604 kvm_queue_exception(vcpu, UD_VECTOR);
4609 * Emulate for SEV guests if the insn buffer is not empty. The buffer
4610 * will be empty if the DecodeAssist microcode cannot fetch bytes for
4611 * the faulting instruction because the code fetch itself faulted, e.g.
4612 * the guest attempted to fetch from emulated MMIO or a guest page
4613 * table used to translate CS:RIP resides in emulated MMIO.
4615 if (likely(insn_len))
4619 * Detect and workaround Errata 1096 Fam_17h_00_0Fh.
4622 * When CPU raises #NPF on guest data access and vCPU CR4.SMAP=1, it is
4623 * possible that CPU microcode implementing DecodeAssist will fail to
4624 * read guest memory at CS:RIP and vmcb.GuestIntrBytes will incorrectly
4625 * be '0'. This happens because microcode reads CS:RIP using a _data_
4626 * loap uop with CPL=0 privileges. If the load hits a SMAP #PF, ucode
4627 * gives up and does not fill the instruction bytes buffer.
4629 * As above, KVM reaches this point iff the VM is an SEV guest, the CPU
4630 * supports DecodeAssist, a #NPF was raised, KVM's page fault handler
4631 * triggered emulation (e.g. for MMIO), and the CPU returned 0 in the
4632 * GuestIntrBytes field of the VMCB.
4634 * This does _not_ mean that the erratum has been encountered, as the
4635 * DecodeAssist will also fail if the load for CS:RIP hits a legitimate
4636 * #PF, e.g. if the guest attempt to execute from emulated MMIO and
4637 * encountered a reserved/not-present #PF.
4639 * To hit the erratum, the following conditions must be true:
4640 * 1. CR4.SMAP=1 (obviously).
4641 * 2. CR4.SMEP=0 || CPL=3. If SMEP=1 and CPL<3, the erratum cannot
4642 * have been hit as the guest would have encountered a SMEP
4643 * violation #PF, not a #NPF.
4644 * 3. The #NPF is not due to a code fetch, in which case failure to
4645 * retrieve the instruction bytes is legitimate (see abvoe).
4647 * In addition, don't apply the erratum workaround if the #NPF occurred
4648 * while translating guest page tables (see below).
4650 error_code = to_svm(vcpu)->vmcb->control.exit_info_1;
4651 if (error_code & (PFERR_GUEST_PAGE_MASK | PFERR_FETCH_MASK))
4654 cr4 = kvm_read_cr4(vcpu);
4655 smep = cr4 & X86_CR4_SMEP;
4656 smap = cr4 & X86_CR4_SMAP;
4657 is_user = svm_get_cpl(vcpu) == 3;
4658 if (smap && (!smep || is_user)) {
4659 pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n");
4662 * If the fault occurred in userspace, arbitrarily inject #GP
4663 * to avoid killing the guest and to hopefully avoid confusing
4664 * the guest kernel too much, e.g. injecting #PF would not be
4665 * coherent with respect to the guest's page tables. Request
4666 * triple fault if the fault occurred in the kernel as there's
4667 * no fault that KVM can inject without confusing the guest.
4668 * In practice, the triple fault is moot as no sane SEV kernel
4669 * will execute from user memory while also running with SMAP=1.
4672 kvm_inject_gp(vcpu, 0);
4674 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
4679 * If the erratum was not hit, simply resume the guest and let it fault
4680 * again. While awful, e.g. the vCPU may get stuck in an infinite loop
4681 * if the fault is at CPL=0, it's the lesser of all evils. Exiting to
4682 * userspace will kill the guest, and letting the emulator read garbage
4683 * will yield random behavior and potentially corrupt the guest.
4685 * Simply resuming the guest is technically not a violation of the SEV
4686 * architecture. AMD's APM states that all code fetches and page table
4687 * accesses for SEV guest are encrypted, regardless of the C-Bit. The
4688 * APM also states that encrypted accesses to MMIO are "ignored", but
4689 * doesn't explicitly define "ignored", i.e. doing nothing and letting
4690 * the guest spin is technically "ignoring" the access.
4695 static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
4697 struct vcpu_svm *svm = to_svm(vcpu);
4699 return !gif_set(svm);
4702 static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
4704 if (!sev_es_guest(vcpu->kvm))
4705 return kvm_vcpu_deliver_sipi_vector(vcpu, vector);
4707 sev_vcpu_deliver_sipi_vector(vcpu, vector);
4710 static void svm_vm_destroy(struct kvm *kvm)
4712 avic_vm_destroy(kvm);
4713 sev_vm_destroy(kvm);
4716 static int svm_vm_init(struct kvm *kvm)
4718 if (!pause_filter_count || !pause_filter_thresh)
4719 kvm->arch.pause_in_guest = true;
4722 int ret = avic_vm_init(kvm);
4730 static struct kvm_x86_ops svm_x86_ops __initdata = {
4733 .hardware_unsetup = svm_hardware_unsetup,
4734 .hardware_enable = svm_hardware_enable,
4735 .hardware_disable = svm_hardware_disable,
4736 .has_emulated_msr = svm_has_emulated_msr,
4738 .vcpu_create = svm_vcpu_create,
4739 .vcpu_free = svm_vcpu_free,
4740 .vcpu_reset = svm_vcpu_reset,
4742 .vm_size = sizeof(struct kvm_svm),
4743 .vm_init = svm_vm_init,
4744 .vm_destroy = svm_vm_destroy,
4746 .prepare_switch_to_guest = svm_prepare_switch_to_guest,
4747 .vcpu_load = svm_vcpu_load,
4748 .vcpu_put = svm_vcpu_put,
4749 .vcpu_blocking = avic_vcpu_blocking,
4750 .vcpu_unblocking = avic_vcpu_unblocking,
4752 .update_exception_bitmap = svm_update_exception_bitmap,
4753 .get_msr_feature = svm_get_msr_feature,
4754 .get_msr = svm_get_msr,
4755 .set_msr = svm_set_msr,
4756 .get_segment_base = svm_get_segment_base,
4757 .get_segment = svm_get_segment,
4758 .set_segment = svm_set_segment,
4759 .get_cpl = svm_get_cpl,
4760 .get_cs_db_l_bits = svm_get_cs_db_l_bits,
4761 .set_cr0 = svm_set_cr0,
4762 .post_set_cr3 = sev_post_set_cr3,
4763 .is_valid_cr4 = svm_is_valid_cr4,
4764 .set_cr4 = svm_set_cr4,
4765 .set_efer = svm_set_efer,
4766 .get_idt = svm_get_idt,
4767 .set_idt = svm_set_idt,
4768 .get_gdt = svm_get_gdt,
4769 .set_gdt = svm_set_gdt,
4770 .set_dr7 = svm_set_dr7,
4771 .sync_dirty_debug_regs = svm_sync_dirty_debug_regs,
4772 .cache_reg = svm_cache_reg,
4773 .get_rflags = svm_get_rflags,
4774 .set_rflags = svm_set_rflags,
4775 .get_if_flag = svm_get_if_flag,
4777 .flush_tlb_all = svm_flush_tlb_current,
4778 .flush_tlb_current = svm_flush_tlb_current,
4779 .flush_tlb_gva = svm_flush_tlb_gva,
4780 .flush_tlb_guest = svm_flush_tlb_current,
4782 .vcpu_pre_run = svm_vcpu_pre_run,
4783 .vcpu_run = svm_vcpu_run,
4784 .handle_exit = svm_handle_exit,
4785 .skip_emulated_instruction = svm_skip_emulated_instruction,
4786 .update_emulated_instruction = NULL,
4787 .set_interrupt_shadow = svm_set_interrupt_shadow,
4788 .get_interrupt_shadow = svm_get_interrupt_shadow,
4789 .patch_hypercall = svm_patch_hypercall,
4790 .inject_irq = svm_inject_irq,
4791 .inject_nmi = svm_inject_nmi,
4792 .inject_exception = svm_inject_exception,
4793 .cancel_injection = svm_cancel_injection,
4794 .interrupt_allowed = svm_interrupt_allowed,
4795 .nmi_allowed = svm_nmi_allowed,
4796 .get_nmi_mask = svm_get_nmi_mask,
4797 .set_nmi_mask = svm_set_nmi_mask,
4798 .enable_nmi_window = svm_enable_nmi_window,
4799 .enable_irq_window = svm_enable_irq_window,
4800 .update_cr8_intercept = svm_update_cr8_intercept,
4801 .set_virtual_apic_mode = avic_set_virtual_apic_mode,
4802 .refresh_apicv_exec_ctrl = avic_refresh_apicv_exec_ctrl,
4803 .check_apicv_inhibit_reasons = avic_check_apicv_inhibit_reasons,
4804 .apicv_post_state_restore = avic_apicv_post_state_restore,
4806 .get_exit_info = svm_get_exit_info,
4808 .vcpu_after_set_cpuid = svm_vcpu_after_set_cpuid,
4810 .has_wbinvd_exit = svm_has_wbinvd_exit,
4812 .get_l2_tsc_offset = svm_get_l2_tsc_offset,
4813 .get_l2_tsc_multiplier = svm_get_l2_tsc_multiplier,
4814 .write_tsc_offset = svm_write_tsc_offset,
4815 .write_tsc_multiplier = svm_write_tsc_multiplier,
4817 .load_mmu_pgd = svm_load_mmu_pgd,
4819 .check_intercept = svm_check_intercept,
4820 .handle_exit_irqoff = svm_handle_exit_irqoff,
4822 .request_immediate_exit = __kvm_request_immediate_exit,
4824 .sched_in = svm_sched_in,
4826 .nested_ops = &svm_nested_ops,
4828 .deliver_interrupt = svm_deliver_interrupt,
4829 .pi_update_irte = avic_pi_update_irte,
4830 .setup_mce = svm_setup_mce,
4832 .smi_allowed = svm_smi_allowed,
4833 .enter_smm = svm_enter_smm,
4834 .leave_smm = svm_leave_smm,
4835 .enable_smi_window = svm_enable_smi_window,
4837 .mem_enc_ioctl = sev_mem_enc_ioctl,
4838 .mem_enc_register_region = sev_mem_enc_register_region,
4839 .mem_enc_unregister_region = sev_mem_enc_unregister_region,
4840 .guest_memory_reclaimed = sev_guest_memory_reclaimed,
4842 .vm_copy_enc_context_from = sev_vm_copy_enc_context_from,
4843 .vm_move_enc_context_from = sev_vm_move_enc_context_from,
4845 .can_emulate_instruction = svm_can_emulate_instruction,
4847 .apic_init_signal_blocked = svm_apic_init_signal_blocked,
4849 .msr_filter_changed = svm_msr_filter_changed,
4850 .complete_emulated_msr = svm_complete_emulated_msr,
4852 .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector,
4853 .vcpu_get_apicv_inhibit_reasons = avic_vcpu_get_apicv_inhibit_reasons,
4857 * The default MMIO mask is a single bit (excluding the present bit),
4858 * which could conflict with the memory encryption bit. Check for
4859 * memory encryption support and override the default MMIO mask if
4860 * memory encryption is enabled.
4862 static __init void svm_adjust_mmio_mask(void)
4864 unsigned int enc_bit, mask_bit;
4867 /* If there is no memory encryption support, use existing mask */
4868 if (cpuid_eax(0x80000000) < 0x8000001f)
4871 /* If memory encryption is not enabled, use existing mask */
4872 rdmsrl(MSR_AMD64_SYSCFG, msr);
4873 if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT))
4876 enc_bit = cpuid_ebx(0x8000001f) & 0x3f;
4877 mask_bit = boot_cpu_data.x86_phys_bits;
4879 /* Increment the mask bit if it is the same as the encryption bit */
4880 if (enc_bit == mask_bit)
4884 * If the mask bit location is below 52, then some bits above the
4885 * physical addressing limit will always be reserved, so use the
4886 * rsvd_bits() function to generate the mask. This mask, along with
4887 * the present bit, will be used to generate a page fault with
4890 * If the mask bit location is 52 (or above), then clear the mask.
4892 mask = (mask_bit < 52) ? rsvd_bits(mask_bit, 51) | PT_PRESENT_MASK : 0;
4894 kvm_mmu_set_mmio_spte_mask(mask, mask, PT_WRITABLE_MASK | PT_USER_MASK);
4897 static __init void svm_set_cpu_caps(void)
4901 kvm_caps.supported_xss = 0;
4903 /* CPUID 0x80000001 and 0x8000000A (SVM features) */
4905 kvm_cpu_cap_set(X86_FEATURE_SVM);
4906 kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
4909 kvm_cpu_cap_set(X86_FEATURE_NRIPS);
4912 kvm_cpu_cap_set(X86_FEATURE_NPT);
4915 kvm_cpu_cap_set(X86_FEATURE_TSCRATEMSR);
4918 kvm_cpu_cap_set(X86_FEATURE_V_VMSAVE_VMLOAD);
4920 kvm_cpu_cap_set(X86_FEATURE_LBRV);
4922 if (boot_cpu_has(X86_FEATURE_PAUSEFILTER))
4923 kvm_cpu_cap_set(X86_FEATURE_PAUSEFILTER);
4925 if (boot_cpu_has(X86_FEATURE_PFTHRESHOLD))
4926 kvm_cpu_cap_set(X86_FEATURE_PFTHRESHOLD);
4929 kvm_cpu_cap_set(X86_FEATURE_VGIF);
4931 /* Nested VM can receive #VMEXIT instead of triggering #GP */
4932 kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);
4935 /* CPUID 0x80000008 */
4936 if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD) ||
4937 boot_cpu_has(X86_FEATURE_AMD_SSBD))
4938 kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
4940 /* AMD PMU PERFCTR_CORE CPUID */
4941 if (enable_pmu && boot_cpu_has(X86_FEATURE_PERFCTR_CORE))
4942 kvm_cpu_cap_set(X86_FEATURE_PERFCTR_CORE);
4944 /* CPUID 0x8000001F (SME/SEV features) */
4948 static __init int svm_hardware_setup(void)
4951 struct page *iopm_pages;
4954 unsigned int order = get_order(IOPM_SIZE);
4957 * NX is required for shadow paging and for NPT if the NX huge pages
4958 * mitigation is enabled.
4960 if (!boot_cpu_has(X86_FEATURE_NX)) {
4961 pr_err_ratelimited("NX (Execute Disable) not supported\n");
4964 kvm_enable_efer_bits(EFER_NX);
4966 iopm_pages = alloc_pages(GFP_KERNEL, order);
4971 iopm_va = page_address(iopm_pages);
4972 memset(iopm_va, 0xff, PAGE_SIZE * (1 << order));
4973 iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT;
4975 init_msrpm_offsets();
4977 kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
4978 XFEATURE_MASK_BNDCSR);
4980 if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
4981 kvm_enable_efer_bits(EFER_FFXSR);
4984 if (!boot_cpu_has(X86_FEATURE_TSCRATEMSR)) {
4985 tsc_scaling = false;
4987 pr_info("TSC scaling supported\n");
4988 kvm_caps.has_tsc_control = true;
4991 kvm_caps.max_tsc_scaling_ratio = SVM_TSC_RATIO_MAX;
4992 kvm_caps.tsc_scaling_ratio_frac_bits = 32;
4994 tsc_aux_uret_slot = kvm_add_user_return_msr(MSR_TSC_AUX);
4996 /* Check for pause filtering support */
4997 if (!boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {
4998 pause_filter_count = 0;
4999 pause_filter_thresh = 0;
5000 } else if (!boot_cpu_has(X86_FEATURE_PFTHRESHOLD)) {
5001 pause_filter_thresh = 0;
5005 printk(KERN_INFO "kvm: Nested Virtualization enabled\n");
5006 kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
5010 * KVM's MMU doesn't support using 2-level paging for itself, and thus
5011 * NPT isn't supported if the host is using 2-level paging since host
5012 * CR4 is unchanged on VMRUN.
5014 if (!IS_ENABLED(CONFIG_X86_64) && !IS_ENABLED(CONFIG_X86_PAE))
5015 npt_enabled = false;
5017 if (!boot_cpu_has(X86_FEATURE_NPT))
5018 npt_enabled = false;
5020 /* Force VM NPT level equal to the host's paging level */
5021 kvm_configure_mmu(npt_enabled, get_npt_level(),
5022 get_npt_level(), PG_LEVEL_1G);
5023 pr_info("kvm: Nested Paging %sabled\n", npt_enabled ? "en" : "dis");
5025 /* Setup shadow_me_value and shadow_me_mask */
5026 kvm_mmu_set_me_spte_mask(sme_me_mask, sme_me_mask);
5028 svm_adjust_mmio_mask();
5031 * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
5032 * may be modified by svm_adjust_mmio_mask()).
5034 sev_hardware_setup();
5036 svm_hv_hardware_setup();
5038 for_each_possible_cpu(cpu) {
5039 r = svm_cpu_init(cpu);
5045 if (!boot_cpu_has(X86_FEATURE_NRIPS))
5049 enable_apicv = avic = avic && avic_hardware_setup(&svm_x86_ops);
5051 if (!enable_apicv) {
5052 svm_x86_ops.vcpu_blocking = NULL;
5053 svm_x86_ops.vcpu_unblocking = NULL;
5054 svm_x86_ops.vcpu_get_apicv_inhibit_reasons = NULL;
5059 !boot_cpu_has(X86_FEATURE_V_VMSAVE_VMLOAD) ||
5060 !IS_ENABLED(CONFIG_X86_64)) {
5063 pr_info("Virtual VMLOAD VMSAVE supported\n");
5067 if (boot_cpu_has(X86_FEATURE_SVME_ADDR_CHK))
5068 svm_gp_erratum_intercept = false;
5071 if (!boot_cpu_has(X86_FEATURE_VGIF))
5074 pr_info("Virtual GIF supported\n");
5078 if (!boot_cpu_has(X86_FEATURE_LBRV))
5081 pr_info("LBR virtualization supported\n");
5085 pr_info("PMU virtualization is disabled\n");
5090 * It seems that on AMD processors PTE's accessed bit is
5091 * being set by the CPU hardware before the NPF vmexit.
5092 * This is not expected behaviour and our tests fail because
5094 * A workaround here is to disable support for
5095 * GUEST_MAXPHYADDR < HOST_MAXPHYADDR if NPT is enabled.
5096 * In this case userspace can know if there is support using
5097 * KVM_CAP_SMALLER_MAXPHYADDR extension and decide how to handle
5099 * If future AMD CPU models change the behaviour described above,
5100 * this variable can be changed accordingly
5102 allow_smaller_maxphyaddr = !npt_enabled;
5107 svm_hardware_unsetup();
5112 static struct kvm_x86_init_ops svm_init_ops __initdata = {
5113 .cpu_has_kvm_support = has_svm,
5114 .disabled_by_bios = is_disabled,
5115 .hardware_setup = svm_hardware_setup,
5116 .check_processor_compatibility = svm_check_processor_compat,
5118 .runtime_ops = &svm_x86_ops,
5119 .pmu_ops = &amd_pmu_ops,
5122 static int __init svm_init(void)
5124 __unused_size_checks();
5126 return kvm_init(&svm_init_ops, sizeof(struct vcpu_svm),
5127 __alignof__(struct vcpu_svm), THIS_MODULE);
5130 static void __exit svm_exit(void)
5135 module_init(svm_init)
5136 module_exit(svm_exit)
projects / linux-2.6-block.git / blob