1 // SPDX-License-Identifier: GPL-2.0-only
3 * Kernel-based Virtual Machine driver for Linux
5 * This module enables machines with Intel VT-x extensions to run virtual
6 * machines without emulation or binary translation.
8 * Copyright (C) 2006 Qumranet, Inc.
9 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
12 * Avi Kivity <avi@qumranet.com>
13 * Yaniv Kamay <yaniv@qumranet.com>
15 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
17 #include <linux/highmem.h>
18 #include <linux/hrtimer.h>
19 #include <linux/kernel.h>
20 #include <linux/kvm_host.h>
21 #include <linux/module.h>
22 #include <linux/moduleparam.h>
23 #include <linux/mod_devicetable.h>
25 #include <linux/objtool.h>
26 #include <linux/sched.h>
27 #include <linux/sched/smt.h>
28 #include <linux/slab.h>
29 #include <linux/tboot.h>
30 #include <linux/trace_events.h>
31 #include <linux/entry-kvm.h>
36 #include <asm/cpu_device_id.h>
37 #include <asm/debugreg.h>
39 #include <asm/fpu/api.h>
40 #include <asm/fpu/xstate.h>
41 #include <asm/idtentry.h>
43 #include <asm/irq_remapping.h>
44 #include <asm/kexec.h>
45 #include <asm/perf_event.h>
46 #include <asm/mmu_context.h>
47 #include <asm/mshyperv.h>
48 #include <asm/mwait.h>
49 #include <asm/spec-ctrl.h>
50 #include <asm/virtext.h>
53 #include "capabilities.h"
56 #include "kvm_onhyperv.h"
58 #include "kvm_cache_regs.h"
71 MODULE_AUTHOR("Qumranet");
72 MODULE_LICENSE("GPL");
75 static const struct x86_cpu_id vmx_cpu_id[] = {
76 X86_MATCH_FEATURE(X86_FEATURE_VMX, NULL),
79 MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id);
82 bool __read_mostly enable_vpid = 1;
83 module_param_named(vpid, enable_vpid, bool, 0444);
85 static bool __read_mostly enable_vnmi = 1;
86 module_param_named(vnmi, enable_vnmi, bool, S_IRUGO);
88 bool __read_mostly flexpriority_enabled = 1;
89 module_param_named(flexpriority, flexpriority_enabled, bool, S_IRUGO);
91 bool __read_mostly enable_ept = 1;
92 module_param_named(ept, enable_ept, bool, S_IRUGO);
94 bool __read_mostly enable_unrestricted_guest = 1;
95 module_param_named(unrestricted_guest,
96 enable_unrestricted_guest, bool, S_IRUGO);
98 bool __read_mostly enable_ept_ad_bits = 1;
99 module_param_named(eptad, enable_ept_ad_bits, bool, S_IRUGO);
101 static bool __read_mostly emulate_invalid_guest_state = true;
102 module_param(emulate_invalid_guest_state, bool, S_IRUGO);
104 static bool __read_mostly fasteoi = 1;
105 module_param(fasteoi, bool, S_IRUGO);
107 module_param(enable_apicv, bool, S_IRUGO);
109 bool __read_mostly enable_ipiv = true;
110 module_param(enable_ipiv, bool, 0444);
113 * If nested=1, nested virtualization is supported, i.e., guests may use
114 * VMX and be a hypervisor for its own guests. If nested=0, guests may not
115 * use VMX instructions.
117 static bool __read_mostly nested = 1;
118 module_param(nested, bool, S_IRUGO);
120 bool __read_mostly enable_pml = 1;
121 module_param_named(pml, enable_pml, bool, S_IRUGO);
123 static bool __read_mostly error_on_inconsistent_vmcs_config = true;
124 module_param(error_on_inconsistent_vmcs_config, bool, 0444);
126 static bool __read_mostly dump_invalid_vmcs = 0;
127 module_param(dump_invalid_vmcs, bool, 0644);
129 #define MSR_BITMAP_MODE_X2APIC 1
130 #define MSR_BITMAP_MODE_X2APIC_APICV 2
132 #define KVM_VMX_TSC_MULTIPLIER_MAX 0xffffffffffffffffULL
134 /* Guest_tsc -> host_tsc conversion requires 64-bit division. */
135 static int __read_mostly cpu_preemption_timer_multi;
136 static bool __read_mostly enable_preemption_timer = 1;
138 module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO);
141 extern bool __read_mostly allow_smaller_maxphyaddr;
142 module_param(allow_smaller_maxphyaddr, bool, S_IRUGO);
144 #define KVM_VM_CR0_ALWAYS_OFF (X86_CR0_NW | X86_CR0_CD)
145 #define KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR0_NE
146 #define KVM_VM_CR0_ALWAYS_ON \
147 (KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST | X86_CR0_PG | X86_CR0_PE)
149 #define KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR4_VMXE
150 #define KVM_PMODE_VM_CR4_ALWAYS_ON (X86_CR4_PAE | X86_CR4_VMXE)
151 #define KVM_RMODE_VM_CR4_ALWAYS_ON (X86_CR4_VME | X86_CR4_PAE | X86_CR4_VMXE)
153 #define RMODE_GUEST_OWNED_EFLAGS_BITS (~(X86_EFLAGS_IOPL | X86_EFLAGS_VM))
155 #define MSR_IA32_RTIT_STATUS_MASK (~(RTIT_STATUS_FILTEREN | \
156 RTIT_STATUS_CONTEXTEN | RTIT_STATUS_TRIGGEREN | \
157 RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED | \
158 RTIT_STATUS_BYTECNT))
161 * List of MSRs that can be directly passed to the guest.
162 * In addition to these x2apic and PT MSRs are handled specially.
164 static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSTHROUGH_MSRS] = {
175 MSR_IA32_SYSENTER_CS,
176 MSR_IA32_SYSENTER_ESP,
177 MSR_IA32_SYSENTER_EIP,
179 MSR_CORE_C3_RESIDENCY,
180 MSR_CORE_C6_RESIDENCY,
181 MSR_CORE_C7_RESIDENCY,
185 * These 2 parameters are used to config the controls for Pause-Loop Exiting:
186 * ple_gap: upper bound on the amount of time between two successive
187 * executions of PAUSE in a loop. Also indicate if ple enabled.
188 * According to test, this time is usually smaller than 128 cycles.
189 * ple_window: upper bound on the amount of time a guest is allowed to execute
190 * in a PAUSE loop. Tests indicate that most spinlocks are held for
191 * less than 2^12 cycles
192 * Time is measured based on a counter that runs at the same rate as the TSC,
193 * refer SDM volume 3b section 21.6.13 & 22.1.3.
195 static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP;
196 module_param(ple_gap, uint, 0444);
198 static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW;
199 module_param(ple_window, uint, 0444);
201 /* Default doubles per-vcpu window every exit. */
202 static unsigned int ple_window_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
203 module_param(ple_window_grow, uint, 0444);
205 /* Default resets per-vcpu window every exit to ple_window. */
206 static unsigned int ple_window_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
207 module_param(ple_window_shrink, uint, 0444);
209 /* Default is to compute the maximum so we can never overflow. */
210 static unsigned int ple_window_max = KVM_VMX_DEFAULT_PLE_WINDOW_MAX;
211 module_param(ple_window_max, uint, 0444);
213 /* Default is SYSTEM mode, 1 for host-guest mode */
214 int __read_mostly pt_mode = PT_MODE_SYSTEM;
215 module_param(pt_mode, int, S_IRUGO);
217 static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush);
218 static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond);
219 static DEFINE_MUTEX(vmx_l1d_flush_mutex);
221 /* Storage for pre module init parameter parsing */
222 static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO;
224 static const struct {
227 } vmentry_l1d_param[] = {
228 [VMENTER_L1D_FLUSH_AUTO] = {"auto", true},
229 [VMENTER_L1D_FLUSH_NEVER] = {"never", true},
230 [VMENTER_L1D_FLUSH_COND] = {"cond", true},
231 [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true},
232 [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false},
233 [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false},
236 #define L1D_CACHE_ORDER 4
237 static void *vmx_l1d_flush_pages;
239 /* Control for disabling CPU Fill buffer clear */
240 static bool __read_mostly vmx_fb_clear_ctrl_available;
242 static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
247 if (!boot_cpu_has_bug(X86_BUG_L1TF)) {
248 l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
253 l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED;
257 if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) {
260 rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);
261 if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {
262 l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
267 /* If set to auto use the default l1tf mitigation method */
268 if (l1tf == VMENTER_L1D_FLUSH_AUTO) {
269 switch (l1tf_mitigation) {
270 case L1TF_MITIGATION_OFF:
271 l1tf = VMENTER_L1D_FLUSH_NEVER;
273 case L1TF_MITIGATION_FLUSH_NOWARN:
274 case L1TF_MITIGATION_FLUSH:
275 case L1TF_MITIGATION_FLUSH_NOSMT:
276 l1tf = VMENTER_L1D_FLUSH_COND;
278 case L1TF_MITIGATION_FULL:
279 case L1TF_MITIGATION_FULL_FORCE:
280 l1tf = VMENTER_L1D_FLUSH_ALWAYS;
283 } else if (l1tf_mitigation == L1TF_MITIGATION_FULL_FORCE) {
284 l1tf = VMENTER_L1D_FLUSH_ALWAYS;
287 if (l1tf != VMENTER_L1D_FLUSH_NEVER && !vmx_l1d_flush_pages &&
288 !boot_cpu_has(X86_FEATURE_FLUSH_L1D)) {
290 * This allocation for vmx_l1d_flush_pages is not tied to a VM
291 * lifetime and so should not be charged to a memcg.
293 page = alloc_pages(GFP_KERNEL, L1D_CACHE_ORDER);
296 vmx_l1d_flush_pages = page_address(page);
299 * Initialize each page with a different pattern in
300 * order to protect against KSM in the nested
301 * virtualization case.
303 for (i = 0; i < 1u << L1D_CACHE_ORDER; ++i) {
304 memset(vmx_l1d_flush_pages + i * PAGE_SIZE, i + 1,
309 l1tf_vmx_mitigation = l1tf;
311 if (l1tf != VMENTER_L1D_FLUSH_NEVER)
312 static_branch_enable(&vmx_l1d_should_flush);
314 static_branch_disable(&vmx_l1d_should_flush);
316 if (l1tf == VMENTER_L1D_FLUSH_COND)
317 static_branch_enable(&vmx_l1d_flush_cond);
319 static_branch_disable(&vmx_l1d_flush_cond);
323 static int vmentry_l1d_flush_parse(const char *s)
328 for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) {
329 if (vmentry_l1d_param[i].for_parse &&
330 sysfs_streq(s, vmentry_l1d_param[i].option))
337 static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
341 l1tf = vmentry_l1d_flush_parse(s);
345 if (!boot_cpu_has(X86_BUG_L1TF))
349 * Has vmx_init() run already? If not then this is the pre init
350 * parameter parsing. In that case just store the value and let
351 * vmx_init() do the proper setup after enable_ept has been
354 if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) {
355 vmentry_l1d_flush_param = l1tf;
359 mutex_lock(&vmx_l1d_flush_mutex);
360 ret = vmx_setup_l1d_flush(l1tf);
361 mutex_unlock(&vmx_l1d_flush_mutex);
365 static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
367 if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param)))
368 return sprintf(s, "???\n");
370 return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option);
373 static void vmx_setup_fb_clear_ctrl(void)
377 if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES) &&
378 !boot_cpu_has_bug(X86_BUG_MDS) &&
379 !boot_cpu_has_bug(X86_BUG_TAA)) {
380 rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);
381 if (msr & ARCH_CAP_FB_CLEAR_CTRL)
382 vmx_fb_clear_ctrl_available = true;
386 static __always_inline void vmx_disable_fb_clear(struct vcpu_vmx *vmx)
390 if (!vmx->disable_fb_clear)
393 msr = __rdmsr(MSR_IA32_MCU_OPT_CTRL);
395 native_wrmsrl(MSR_IA32_MCU_OPT_CTRL, msr);
396 /* Cache the MSR value to avoid reading it later */
397 vmx->msr_ia32_mcu_opt_ctrl = msr;
400 static __always_inline void vmx_enable_fb_clear(struct vcpu_vmx *vmx)
402 if (!vmx->disable_fb_clear)
405 vmx->msr_ia32_mcu_opt_ctrl &= ~FB_CLEAR_DIS;
406 native_wrmsrl(MSR_IA32_MCU_OPT_CTRL, vmx->msr_ia32_mcu_opt_ctrl);
409 static void vmx_update_fb_clear_dis(struct kvm_vcpu *vcpu, struct vcpu_vmx *vmx)
411 vmx->disable_fb_clear = vmx_fb_clear_ctrl_available;
414 * If guest will not execute VERW, there is no need to set FB_CLEAR_DIS
415 * at VMEntry. Skip the MSR read/write when a guest has no use case to
418 if ((vcpu->arch.arch_capabilities & ARCH_CAP_FB_CLEAR) ||
419 ((vcpu->arch.arch_capabilities & ARCH_CAP_MDS_NO) &&
420 (vcpu->arch.arch_capabilities & ARCH_CAP_TAA_NO) &&
421 (vcpu->arch.arch_capabilities & ARCH_CAP_PSDP_NO) &&
422 (vcpu->arch.arch_capabilities & ARCH_CAP_FBSDP_NO) &&
423 (vcpu->arch.arch_capabilities & ARCH_CAP_SBDR_SSDP_NO)))
424 vmx->disable_fb_clear = false;
427 static const struct kernel_param_ops vmentry_l1d_flush_ops = {
428 .set = vmentry_l1d_flush_set,
429 .get = vmentry_l1d_flush_get,
431 module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644);
433 static u32 vmx_segment_access_rights(struct kvm_segment *var);
435 void vmx_vmexit(void);
437 #define vmx_insn_failed(fmt...) \
440 pr_warn_ratelimited(fmt); \
443 void vmread_error(unsigned long field, bool fault)
446 kvm_spurious_fault();
448 vmx_insn_failed("vmread failed: field=%lx\n", field);
451 noinline void vmwrite_error(unsigned long field, unsigned long value)
453 vmx_insn_failed("vmwrite failed: field=%lx val=%lx err=%u\n",
454 field, value, vmcs_read32(VM_INSTRUCTION_ERROR));
457 noinline void vmclear_error(struct vmcs *vmcs, u64 phys_addr)
459 vmx_insn_failed("vmclear failed: %p/%llx err=%u\n",
460 vmcs, phys_addr, vmcs_read32(VM_INSTRUCTION_ERROR));
463 noinline void vmptrld_error(struct vmcs *vmcs, u64 phys_addr)
465 vmx_insn_failed("vmptrld failed: %p/%llx err=%u\n",
466 vmcs, phys_addr, vmcs_read32(VM_INSTRUCTION_ERROR));
469 noinline void invvpid_error(unsigned long ext, u16 vpid, gva_t gva)
471 vmx_insn_failed("invvpid failed: ext=0x%lx vpid=%u gva=0x%lx\n",
475 noinline void invept_error(unsigned long ext, u64 eptp, gpa_t gpa)
477 vmx_insn_failed("invept failed: ext=0x%lx eptp=%llx gpa=0x%llx\n",
481 static DEFINE_PER_CPU(struct vmcs *, vmxarea);
482 DEFINE_PER_CPU(struct vmcs *, current_vmcs);
484 * We maintain a per-CPU linked-list of VMCS loaded on that CPU. This is needed
485 * when a CPU is brought down, and we need to VMCLEAR all VMCSs loaded on it.
487 static DEFINE_PER_CPU(struct list_head, loaded_vmcss_on_cpu);
489 static DECLARE_BITMAP(vmx_vpid_bitmap, VMX_NR_VPIDS);
490 static DEFINE_SPINLOCK(vmx_vpid_lock);
492 struct vmcs_config vmcs_config __ro_after_init;
493 struct vmx_capability vmx_capability __ro_after_init;
495 #define VMX_SEGMENT_FIELD(seg) \
496 [VCPU_SREG_##seg] = { \
497 .selector = GUEST_##seg##_SELECTOR, \
498 .base = GUEST_##seg##_BASE, \
499 .limit = GUEST_##seg##_LIMIT, \
500 .ar_bytes = GUEST_##seg##_AR_BYTES, \
503 static const struct kvm_vmx_segment_field {
508 } kvm_vmx_segment_fields[] = {
509 VMX_SEGMENT_FIELD(CS),
510 VMX_SEGMENT_FIELD(DS),
511 VMX_SEGMENT_FIELD(ES),
512 VMX_SEGMENT_FIELD(FS),
513 VMX_SEGMENT_FIELD(GS),
514 VMX_SEGMENT_FIELD(SS),
515 VMX_SEGMENT_FIELD(TR),
516 VMX_SEGMENT_FIELD(LDTR),
519 static inline void vmx_segment_cache_clear(struct vcpu_vmx *vmx)
521 vmx->segment_cache.bitmask = 0;
524 static unsigned long host_idt_base;
526 #if IS_ENABLED(CONFIG_HYPERV)
527 static struct kvm_x86_ops vmx_x86_ops __initdata;
529 static bool __read_mostly enlightened_vmcs = true;
530 module_param(enlightened_vmcs, bool, 0444);
532 static int hv_enable_l2_tlb_flush(struct kvm_vcpu *vcpu)
534 struct hv_enlightened_vmcs *evmcs;
535 struct hv_partition_assist_pg **p_hv_pa_pg =
536 &to_kvm_hv(vcpu->kvm)->hv_pa_pg;
538 * Synthetic VM-Exit is not enabled in current code and so All
539 * evmcs in singe VM shares same assist page.
542 *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL_ACCOUNT);
547 evmcs = (struct hv_enlightened_vmcs *)to_vmx(vcpu)->loaded_vmcs->vmcs;
549 evmcs->partition_assist_page =
551 evmcs->hv_vm_id = (unsigned long)vcpu->kvm;
552 evmcs->hv_enlightenments_control.nested_flush_hypercall = 1;
557 static __init void hv_init_evmcs(void)
561 if (!enlightened_vmcs)
565 * Enlightened VMCS usage should be recommended and the host needs
566 * to support eVMCS v1 or above.
568 if (ms_hyperv.hints & HV_X64_ENLIGHTENED_VMCS_RECOMMENDED &&
569 (ms_hyperv.nested_features & HV_X64_ENLIGHTENED_VMCS_VERSION) >=
572 /* Check that we have assist pages on all online CPUs */
573 for_each_online_cpu(cpu) {
574 if (!hv_get_vp_assist_page(cpu)) {
575 enlightened_vmcs = false;
580 if (enlightened_vmcs) {
581 pr_info("Using Hyper-V Enlightened VMCS\n");
582 static_branch_enable(&enable_evmcs);
585 if (ms_hyperv.nested_features & HV_X64_NESTED_DIRECT_FLUSH)
586 vmx_x86_ops.enable_l2_tlb_flush
587 = hv_enable_l2_tlb_flush;
590 enlightened_vmcs = false;
594 static void hv_reset_evmcs(void)
596 struct hv_vp_assist_page *vp_ap;
598 if (!static_branch_unlikely(&enable_evmcs))
602 * KVM should enable eVMCS if and only if all CPUs have a VP assist
603 * page, and should reject CPU onlining if eVMCS is enabled the CPU
604 * doesn't have a VP assist page allocated.
606 vp_ap = hv_get_vp_assist_page(smp_processor_id());
607 if (WARN_ON_ONCE(!vp_ap))
611 * Reset everything to support using non-enlightened VMCS access later
612 * (e.g. when we reload the module with enlightened_vmcs=0)
614 vp_ap->nested_control.features.directhypercall = 0;
615 vp_ap->current_nested_vmcs = 0;
616 vp_ap->enlighten_vmentry = 0;
619 #else /* IS_ENABLED(CONFIG_HYPERV) */
620 static void hv_init_evmcs(void) {}
621 static void hv_reset_evmcs(void) {}
622 #endif /* IS_ENABLED(CONFIG_HYPERV) */
625 * Comment's format: document - errata name - stepping - processor name.
627 * https://www.virtualbox.org/svn/vbox/trunk/src/VBox/VMM/VMMR0/HMR0.cpp
629 static u32 vmx_preemption_cpu_tfms[] = {
630 /* 323344.pdf - BA86 - D0 - Xeon 7500 Series */
632 /* 323056.pdf - AAX65 - C2 - Xeon L3406 */
633 /* 322814.pdf - AAT59 - C2 - i7-600, i5-500, i5-400 and i3-300 Mobile */
634 /* 322911.pdf - AAU65 - C2 - i5-600, i3-500 Desktop and Pentium G6950 */
636 /* 322911.pdf - AAU65 - K0 - i5-600, i3-500 Desktop and Pentium G6950 */
638 /* 322373.pdf - AAO95 - B1 - Xeon 3400 Series */
639 /* 322166.pdf - AAN92 - B1 - i7-800 and i5-700 Desktop */
641 * 320767.pdf - AAP86 - B1 -
642 * i7-900 Mobile Extreme, i7-800 and i7-700 Mobile
645 /* 321333.pdf - AAM126 - C0 - Xeon 3500 */
647 /* 321333.pdf - AAM126 - C1 - Xeon 3500 */
649 /* 320836.pdf - AAJ124 - C0 - i7-900 Desktop Extreme and i7-900 Desktop */
651 /* 321333.pdf - AAM126 - D0 - Xeon 3500 */
652 /* 321324.pdf - AAK139 - D0 - Xeon 5500 */
653 /* 320836.pdf - AAJ124 - D0 - i7-900 Extreme and i7-900 Desktop */
655 /* Xeon E3-1220 V2 */
659 static inline bool cpu_has_broken_vmx_preemption_timer(void)
661 u32 eax = cpuid_eax(0x00000001), i;
663 /* Clear the reserved bits */
664 eax &= ~(0x3U << 14 | 0xfU << 28);
665 for (i = 0; i < ARRAY_SIZE(vmx_preemption_cpu_tfms); i++)
666 if (eax == vmx_preemption_cpu_tfms[i])
672 static inline bool cpu_need_virtualize_apic_accesses(struct kvm_vcpu *vcpu)
674 return flexpriority_enabled && lapic_in_kernel(vcpu);
677 static int possible_passthrough_msr_slot(u32 msr)
681 for (i = 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++)
682 if (vmx_possible_passthrough_msrs[i] == msr)
688 static bool is_valid_passthrough_msr(u32 msr)
693 case 0x800 ... 0x8ff:
694 /* x2APIC MSRs. These are handled in vmx_update_msr_bitmap_x2apic() */
696 case MSR_IA32_RTIT_STATUS:
697 case MSR_IA32_RTIT_OUTPUT_BASE:
698 case MSR_IA32_RTIT_OUTPUT_MASK:
699 case MSR_IA32_RTIT_CR3_MATCH:
700 case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
701 /* PT MSRs. These are handled in pt_update_intercept_for_msr() */
704 case MSR_LBR_INFO_0 ... MSR_LBR_INFO_0 + 31:
705 case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 31:
706 case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 31:
707 case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 8:
708 case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8:
709 /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */
713 r = possible_passthrough_msr_slot(msr) != -ENOENT;
715 WARN(!r, "Invalid MSR %x, please adapt vmx_possible_passthrough_msrs[]", msr);
720 struct vmx_uret_msr *vmx_find_uret_msr(struct vcpu_vmx *vmx, u32 msr)
724 i = kvm_find_user_return_msr(msr);
726 return &vmx->guest_uret_msrs[i];
730 static int vmx_set_guest_uret_msr(struct vcpu_vmx *vmx,
731 struct vmx_uret_msr *msr, u64 data)
733 unsigned int slot = msr - vmx->guest_uret_msrs;
736 if (msr->load_into_hardware) {
738 ret = kvm_set_user_return_msr(slot, data, msr->mask);
746 #ifdef CONFIG_KEXEC_CORE
747 static void crash_vmclear_local_loaded_vmcss(void)
749 int cpu = raw_smp_processor_id();
750 struct loaded_vmcs *v;
752 list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu),
753 loaded_vmcss_on_cpu_link)
756 #endif /* CONFIG_KEXEC_CORE */
758 static void __loaded_vmcs_clear(void *arg)
760 struct loaded_vmcs *loaded_vmcs = arg;
761 int cpu = raw_smp_processor_id();
763 if (loaded_vmcs->cpu != cpu)
764 return; /* vcpu migration can race with cpu offline */
765 if (per_cpu(current_vmcs, cpu) == loaded_vmcs->vmcs)
766 per_cpu(current_vmcs, cpu) = NULL;
768 vmcs_clear(loaded_vmcs->vmcs);
769 if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched)
770 vmcs_clear(loaded_vmcs->shadow_vmcs);
772 list_del(&loaded_vmcs->loaded_vmcss_on_cpu_link);
775 * Ensure all writes to loaded_vmcs, including deleting it from its
776 * current percpu list, complete before setting loaded_vmcs->cpu to
777 * -1, otherwise a different cpu can see loaded_vmcs->cpu == -1 first
778 * and add loaded_vmcs to its percpu list before it's deleted from this
779 * cpu's list. Pairs with the smp_rmb() in vmx_vcpu_load_vmcs().
783 loaded_vmcs->cpu = -1;
784 loaded_vmcs->launched = 0;
787 void loaded_vmcs_clear(struct loaded_vmcs *loaded_vmcs)
789 int cpu = loaded_vmcs->cpu;
792 smp_call_function_single(cpu,
793 __loaded_vmcs_clear, loaded_vmcs, 1);
796 static bool vmx_segment_cache_test_set(struct vcpu_vmx *vmx, unsigned seg,
800 u32 mask = 1 << (seg * SEG_FIELD_NR + field);
802 if (!kvm_register_is_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS)) {
803 kvm_register_mark_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS);
804 vmx->segment_cache.bitmask = 0;
806 ret = vmx->segment_cache.bitmask & mask;
807 vmx->segment_cache.bitmask |= mask;
811 static u16 vmx_read_guest_seg_selector(struct vcpu_vmx *vmx, unsigned seg)
813 u16 *p = &vmx->segment_cache.seg[seg].selector;
815 if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_SEL))
816 *p = vmcs_read16(kvm_vmx_segment_fields[seg].selector);
820 static ulong vmx_read_guest_seg_base(struct vcpu_vmx *vmx, unsigned seg)
822 ulong *p = &vmx->segment_cache.seg[seg].base;
824 if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_BASE))
825 *p = vmcs_readl(kvm_vmx_segment_fields[seg].base);
829 static u32 vmx_read_guest_seg_limit(struct vcpu_vmx *vmx, unsigned seg)
831 u32 *p = &vmx->segment_cache.seg[seg].limit;
833 if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_LIMIT))
834 *p = vmcs_read32(kvm_vmx_segment_fields[seg].limit);
838 static u32 vmx_read_guest_seg_ar(struct vcpu_vmx *vmx, unsigned seg)
840 u32 *p = &vmx->segment_cache.seg[seg].ar;
842 if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_AR))
843 *p = vmcs_read32(kvm_vmx_segment_fields[seg].ar_bytes);
847 void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu)
851 eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
852 (1u << DB_VECTOR) | (1u << AC_VECTOR);
854 * Guest access to VMware backdoor ports could legitimately
855 * trigger #GP because of TSS I/O permission bitmap.
856 * We intercept those #GP and allow access to them anyway
859 if (enable_vmware_backdoor)
860 eb |= (1u << GP_VECTOR);
861 if ((vcpu->guest_debug &
862 (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
863 (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
864 eb |= 1u << BP_VECTOR;
865 if (to_vmx(vcpu)->rmode.vm86_active)
867 if (!vmx_need_pf_intercept(vcpu))
868 eb &= ~(1u << PF_VECTOR);
870 /* When we are running a nested L2 guest and L1 specified for it a
871 * certain exception bitmap, we must trap the same exceptions and pass
872 * them to L1. When running L2, we will only handle the exceptions
873 * specified above if L1 did not want them.
875 if (is_guest_mode(vcpu))
876 eb |= get_vmcs12(vcpu)->exception_bitmap;
878 int mask = 0, match = 0;
880 if (enable_ept && (eb & (1u << PF_VECTOR))) {
882 * If EPT is enabled, #PF is currently only intercepted
883 * if MAXPHYADDR is smaller on the guest than on the
884 * host. In that case we only care about present,
885 * non-reserved faults. For vmcs02, however, PFEC_MASK
886 * and PFEC_MATCH are set in prepare_vmcs02_rare.
888 mask = PFERR_PRESENT_MASK | PFERR_RSVD_MASK;
889 match = PFERR_PRESENT_MASK;
891 vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, mask);
892 vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, match);
896 * Disabling xfd interception indicates that dynamic xfeatures
897 * might be used in the guest. Always trap #NM in this case
898 * to save guest xfd_err timely.
900 if (vcpu->arch.xfd_no_write_intercept)
901 eb |= (1u << NM_VECTOR);
903 vmcs_write32(EXCEPTION_BITMAP, eb);
907 * Check if MSR is intercepted for currently loaded MSR bitmap.
909 static bool msr_write_intercepted(struct vcpu_vmx *vmx, u32 msr)
911 if (!(exec_controls_get(vmx) & CPU_BASED_USE_MSR_BITMAPS))
914 return vmx_test_msr_bitmap_write(vmx->loaded_vmcs->msr_bitmap, msr);
917 unsigned int __vmx_vcpu_run_flags(struct vcpu_vmx *vmx)
919 unsigned int flags = 0;
921 if (vmx->loaded_vmcs->launched)
922 flags |= VMX_RUN_VMRESUME;
925 * If writes to the SPEC_CTRL MSR aren't intercepted, the guest is free
926 * to change it directly without causing a vmexit. In that case read
927 * it after vmexit and store it in vmx->spec_ctrl.
929 if (!msr_write_intercepted(vmx, MSR_IA32_SPEC_CTRL))
930 flags |= VMX_RUN_SAVE_SPEC_CTRL;
935 static __always_inline void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx,
936 unsigned long entry, unsigned long exit)
938 vm_entry_controls_clearbit(vmx, entry);
939 vm_exit_controls_clearbit(vmx, exit);
942 int vmx_find_loadstore_msr_slot(struct vmx_msrs *m, u32 msr)
946 for (i = 0; i < m->nr; ++i) {
947 if (m->val[i].index == msr)
953 static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
956 struct msr_autoload *m = &vmx->msr_autoload;
960 if (cpu_has_load_ia32_efer()) {
961 clear_atomic_switch_msr_special(vmx,
962 VM_ENTRY_LOAD_IA32_EFER,
963 VM_EXIT_LOAD_IA32_EFER);
967 case MSR_CORE_PERF_GLOBAL_CTRL:
968 if (cpu_has_load_perf_global_ctrl()) {
969 clear_atomic_switch_msr_special(vmx,
970 VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
971 VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL);
976 i = vmx_find_loadstore_msr_slot(&m->guest, msr);
980 m->guest.val[i] = m->guest.val[m->guest.nr];
981 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);
984 i = vmx_find_loadstore_msr_slot(&m->host, msr);
989 m->host.val[i] = m->host.val[m->host.nr];
990 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr);
993 static __always_inline void add_atomic_switch_msr_special(struct vcpu_vmx *vmx,
994 unsigned long entry, unsigned long exit,
995 unsigned long guest_val_vmcs, unsigned long host_val_vmcs,
996 u64 guest_val, u64 host_val)
998 vmcs_write64(guest_val_vmcs, guest_val);
999 if (host_val_vmcs != HOST_IA32_EFER)
1000 vmcs_write64(host_val_vmcs, host_val);
1001 vm_entry_controls_setbit(vmx, entry);
1002 vm_exit_controls_setbit(vmx, exit);
1005 static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
1006 u64 guest_val, u64 host_val, bool entry_only)
1009 struct msr_autoload *m = &vmx->msr_autoload;
1013 if (cpu_has_load_ia32_efer()) {
1014 add_atomic_switch_msr_special(vmx,
1015 VM_ENTRY_LOAD_IA32_EFER,
1016 VM_EXIT_LOAD_IA32_EFER,
1019 guest_val, host_val);
1023 case MSR_CORE_PERF_GLOBAL_CTRL:
1024 if (cpu_has_load_perf_global_ctrl()) {
1025 add_atomic_switch_msr_special(vmx,
1026 VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
1027 VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL,
1028 GUEST_IA32_PERF_GLOBAL_CTRL,
1029 HOST_IA32_PERF_GLOBAL_CTRL,
1030 guest_val, host_val);
1034 case MSR_IA32_PEBS_ENABLE:
1035 /* PEBS needs a quiescent period after being disabled (to write
1036 * a record). Disabling PEBS through VMX MSR swapping doesn't
1037 * provide that period, so a CPU could write host's record into
1040 wrmsrl(MSR_IA32_PEBS_ENABLE, 0);
1043 i = vmx_find_loadstore_msr_slot(&m->guest, msr);
1045 j = vmx_find_loadstore_msr_slot(&m->host, msr);
1047 if ((i < 0 && m->guest.nr == MAX_NR_LOADSTORE_MSRS) ||
1048 (j < 0 && m->host.nr == MAX_NR_LOADSTORE_MSRS)) {
1049 printk_once(KERN_WARNING "Not enough msr switch entries. "
1050 "Can't add msr %x\n", msr);
1055 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);
1057 m->guest.val[i].index = msr;
1058 m->guest.val[i].value = guest_val;
1065 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr);
1067 m->host.val[j].index = msr;
1068 m->host.val[j].value = host_val;
1071 static bool update_transition_efer(struct vcpu_vmx *vmx)
1073 u64 guest_efer = vmx->vcpu.arch.efer;
1074 u64 ignore_bits = 0;
1077 /* Shadow paging assumes NX to be available. */
1079 guest_efer |= EFER_NX;
1082 * LMA and LME handled by hardware; SCE meaningless outside long mode.
1084 ignore_bits |= EFER_SCE;
1085 #ifdef CONFIG_X86_64
1086 ignore_bits |= EFER_LMA | EFER_LME;
1087 /* SCE is meaningful only in long mode on Intel */
1088 if (guest_efer & EFER_LMA)
1089 ignore_bits &= ~(u64)EFER_SCE;
1093 * On EPT, we can't emulate NX, so we must switch EFER atomically.
1094 * On CPUs that support "load IA32_EFER", always switch EFER
1095 * atomically, since it's faster than switching it manually.
1097 if (cpu_has_load_ia32_efer() ||
1098 (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) {
1099 if (!(guest_efer & EFER_LMA))
1100 guest_efer &= ~EFER_LME;
1101 if (guest_efer != host_efer)
1102 add_atomic_switch_msr(vmx, MSR_EFER,
1103 guest_efer, host_efer, false);
1105 clear_atomic_switch_msr(vmx, MSR_EFER);
1109 i = kvm_find_user_return_msr(MSR_EFER);
1113 clear_atomic_switch_msr(vmx, MSR_EFER);
1115 guest_efer &= ~ignore_bits;
1116 guest_efer |= host_efer & ignore_bits;
1118 vmx->guest_uret_msrs[i].data = guest_efer;
1119 vmx->guest_uret_msrs[i].mask = ~ignore_bits;
1124 #ifdef CONFIG_X86_32
1126 * On 32-bit kernels, VM exits still load the FS and GS bases from the
1127 * VMCS rather than the segment table. KVM uses this helper to figure
1128 * out the current bases to poke them into the VMCS before entry.
1130 static unsigned long segment_base(u16 selector)
1132 struct desc_struct *table;
1135 if (!(selector & ~SEGMENT_RPL_MASK))
1138 table = get_current_gdt_ro();
1140 if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) {
1141 u16 ldt_selector = kvm_read_ldt();
1143 if (!(ldt_selector & ~SEGMENT_RPL_MASK))
1146 table = (struct desc_struct *)segment_base(ldt_selector);
1148 v = get_desc_base(&table[selector >> 3]);
1153 static inline bool pt_can_write_msr(struct vcpu_vmx *vmx)
1155 return vmx_pt_mode_is_host_guest() &&
1156 !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN);
1159 static inline bool pt_output_base_valid(struct kvm_vcpu *vcpu, u64 base)
1161 /* The base must be 128-byte aligned and a legal physical address. */
1162 return kvm_vcpu_is_legal_aligned_gpa(vcpu, base, 128);
1165 static inline void pt_load_msr(struct pt_ctx *ctx, u32 addr_range)
1169 wrmsrl(MSR_IA32_RTIT_STATUS, ctx->status);
1170 wrmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base);
1171 wrmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask);
1172 wrmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match);
1173 for (i = 0; i < addr_range; i++) {
1174 wrmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]);
1175 wrmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]);
1179 static inline void pt_save_msr(struct pt_ctx *ctx, u32 addr_range)
1183 rdmsrl(MSR_IA32_RTIT_STATUS, ctx->status);
1184 rdmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base);
1185 rdmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask);
1186 rdmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match);
1187 for (i = 0; i < addr_range; i++) {
1188 rdmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]);
1189 rdmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]);
1193 static void pt_guest_enter(struct vcpu_vmx *vmx)
1195 if (vmx_pt_mode_is_system())
1199 * GUEST_IA32_RTIT_CTL is already set in the VMCS.
1200 * Save host state before VM entry.
1202 rdmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl);
1203 if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) {
1204 wrmsrl(MSR_IA32_RTIT_CTL, 0);
1205 pt_save_msr(&vmx->pt_desc.host, vmx->pt_desc.num_address_ranges);
1206 pt_load_msr(&vmx->pt_desc.guest, vmx->pt_desc.num_address_ranges);
1210 static void pt_guest_exit(struct vcpu_vmx *vmx)
1212 if (vmx_pt_mode_is_system())
1215 if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) {
1216 pt_save_msr(&vmx->pt_desc.guest, vmx->pt_desc.num_address_ranges);
1217 pt_load_msr(&vmx->pt_desc.host, vmx->pt_desc.num_address_ranges);
1221 * KVM requires VM_EXIT_CLEAR_IA32_RTIT_CTL to expose PT to the guest,
1222 * i.e. RTIT_CTL is always cleared on VM-Exit. Restore it if necessary.
1224 if (vmx->pt_desc.host.ctl)
1225 wrmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl);
1228 void vmx_set_host_fs_gs(struct vmcs_host_state *host, u16 fs_sel, u16 gs_sel,
1229 unsigned long fs_base, unsigned long gs_base)
1231 if (unlikely(fs_sel != host->fs_sel)) {
1233 vmcs_write16(HOST_FS_SELECTOR, fs_sel);
1235 vmcs_write16(HOST_FS_SELECTOR, 0);
1236 host->fs_sel = fs_sel;
1238 if (unlikely(gs_sel != host->gs_sel)) {
1240 vmcs_write16(HOST_GS_SELECTOR, gs_sel);
1242 vmcs_write16(HOST_GS_SELECTOR, 0);
1243 host->gs_sel = gs_sel;
1245 if (unlikely(fs_base != host->fs_base)) {
1246 vmcs_writel(HOST_FS_BASE, fs_base);
1247 host->fs_base = fs_base;
1249 if (unlikely(gs_base != host->gs_base)) {
1250 vmcs_writel(HOST_GS_BASE, gs_base);
1251 host->gs_base = gs_base;
1255 void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
1257 struct vcpu_vmx *vmx = to_vmx(vcpu);
1258 struct vmcs_host_state *host_state;
1259 #ifdef CONFIG_X86_64
1260 int cpu = raw_smp_processor_id();
1262 unsigned long fs_base, gs_base;
1266 vmx->req_immediate_exit = false;
1269 * Note that guest MSRs to be saved/restored can also be changed
1270 * when guest state is loaded. This happens when guest transitions
1271 * to/from long-mode by setting MSR_EFER.LMA.
1273 if (!vmx->guest_uret_msrs_loaded) {
1274 vmx->guest_uret_msrs_loaded = true;
1275 for (i = 0; i < kvm_nr_uret_msrs; ++i) {
1276 if (!vmx->guest_uret_msrs[i].load_into_hardware)
1279 kvm_set_user_return_msr(i,
1280 vmx->guest_uret_msrs[i].data,
1281 vmx->guest_uret_msrs[i].mask);
1285 if (vmx->nested.need_vmcs12_to_shadow_sync)
1286 nested_sync_vmcs12_to_shadow(vcpu);
1288 if (vmx->guest_state_loaded)
1291 host_state = &vmx->loaded_vmcs->host_state;
1294 * Set host fs and gs selectors. Unfortunately, 22.2.3 does not
1295 * allow segment selectors with cpl > 0 or ti == 1.
1297 host_state->ldt_sel = kvm_read_ldt();
1299 #ifdef CONFIG_X86_64
1300 savesegment(ds, host_state->ds_sel);
1301 savesegment(es, host_state->es_sel);
1303 gs_base = cpu_kernelmode_gs_base(cpu);
1304 if (likely(is_64bit_mm(current->mm))) {
1305 current_save_fsgs();
1306 fs_sel = current->thread.fsindex;
1307 gs_sel = current->thread.gsindex;
1308 fs_base = current->thread.fsbase;
1309 vmx->msr_host_kernel_gs_base = current->thread.gsbase;
1311 savesegment(fs, fs_sel);
1312 savesegment(gs, gs_sel);
1313 fs_base = read_msr(MSR_FS_BASE);
1314 vmx->msr_host_kernel_gs_base = read_msr(MSR_KERNEL_GS_BASE);
1317 wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
1319 savesegment(fs, fs_sel);
1320 savesegment(gs, gs_sel);
1321 fs_base = segment_base(fs_sel);
1322 gs_base = segment_base(gs_sel);
1325 vmx_set_host_fs_gs(host_state, fs_sel, gs_sel, fs_base, gs_base);
1326 vmx->guest_state_loaded = true;
1329 static void vmx_prepare_switch_to_host(struct vcpu_vmx *vmx)
1331 struct vmcs_host_state *host_state;
1333 if (!vmx->guest_state_loaded)
1336 host_state = &vmx->loaded_vmcs->host_state;
1338 ++vmx->vcpu.stat.host_state_reload;
1340 #ifdef CONFIG_X86_64
1341 rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
1343 if (host_state->ldt_sel || (host_state->gs_sel & 7)) {
1344 kvm_load_ldt(host_state->ldt_sel);
1345 #ifdef CONFIG_X86_64
1346 load_gs_index(host_state->gs_sel);
1348 loadsegment(gs, host_state->gs_sel);
1351 if (host_state->fs_sel & 7)
1352 loadsegment(fs, host_state->fs_sel);
1353 #ifdef CONFIG_X86_64
1354 if (unlikely(host_state->ds_sel | host_state->es_sel)) {
1355 loadsegment(ds, host_state->ds_sel);
1356 loadsegment(es, host_state->es_sel);
1359 invalidate_tss_limit();
1360 #ifdef CONFIG_X86_64
1361 wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
1363 load_fixmap_gdt(raw_smp_processor_id());
1364 vmx->guest_state_loaded = false;
1365 vmx->guest_uret_msrs_loaded = false;
1368 #ifdef CONFIG_X86_64
1369 static u64 vmx_read_guest_kernel_gs_base(struct vcpu_vmx *vmx)
1372 if (vmx->guest_state_loaded)
1373 rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
1375 return vmx->msr_guest_kernel_gs_base;
1378 static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data)
1381 if (vmx->guest_state_loaded)
1382 wrmsrl(MSR_KERNEL_GS_BASE, data);
1384 vmx->msr_guest_kernel_gs_base = data;
1388 void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu,
1389 struct loaded_vmcs *buddy)
1391 struct vcpu_vmx *vmx = to_vmx(vcpu);
1392 bool already_loaded = vmx->loaded_vmcs->cpu == cpu;
1395 if (!already_loaded) {
1396 loaded_vmcs_clear(vmx->loaded_vmcs);
1397 local_irq_disable();
1400 * Ensure loaded_vmcs->cpu is read before adding loaded_vmcs to
1401 * this cpu's percpu list, otherwise it may not yet be deleted
1402 * from its previous cpu's percpu list. Pairs with the
1403 * smb_wmb() in __loaded_vmcs_clear().
1407 list_add(&vmx->loaded_vmcs->loaded_vmcss_on_cpu_link,
1408 &per_cpu(loaded_vmcss_on_cpu, cpu));
1412 prev = per_cpu(current_vmcs, cpu);
1413 if (prev != vmx->loaded_vmcs->vmcs) {
1414 per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs;
1415 vmcs_load(vmx->loaded_vmcs->vmcs);
1418 * No indirect branch prediction barrier needed when switching
1419 * the active VMCS within a vCPU, unless IBRS is advertised to
1420 * the vCPU. To minimize the number of IBPBs executed, KVM
1421 * performs IBPB on nested VM-Exit (a single nested transition
1422 * may switch the active VMCS multiple times).
1424 if (!buddy || WARN_ON_ONCE(buddy->vmcs != prev))
1425 indirect_branch_prediction_barrier();
1428 if (!already_loaded) {
1429 void *gdt = get_current_gdt_ro();
1432 * Flush all EPTP/VPID contexts, the new pCPU may have stale
1433 * TLB entries from its previous association with the vCPU.
1435 kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
1438 * Linux uses per-cpu TSS and GDT, so set these when switching
1439 * processors. See 22.2.4.
1441 vmcs_writel(HOST_TR_BASE,
1442 (unsigned long)&get_cpu_entry_area(cpu)->tss.x86_tss);
1443 vmcs_writel(HOST_GDTR_BASE, (unsigned long)gdt); /* 22.2.4 */
1445 if (IS_ENABLED(CONFIG_IA32_EMULATION) || IS_ENABLED(CONFIG_X86_32)) {
1447 vmcs_writel(HOST_IA32_SYSENTER_ESP,
1448 (unsigned long)(cpu_entry_stack(cpu) + 1));
1451 vmx->loaded_vmcs->cpu = cpu;
1456 * Switches to specified vcpu, until a matching vcpu_put(), but assumes
1457 * vcpu mutex is already taken.
1459 static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1461 struct vcpu_vmx *vmx = to_vmx(vcpu);
1463 vmx_vcpu_load_vmcs(vcpu, cpu, NULL);
1465 vmx_vcpu_pi_load(vcpu, cpu);
1467 vmx->host_debugctlmsr = get_debugctlmsr();
1470 static void vmx_vcpu_put(struct kvm_vcpu *vcpu)
1472 vmx_vcpu_pi_put(vcpu);
1474 vmx_prepare_switch_to_host(to_vmx(vcpu));
1477 bool vmx_emulation_required(struct kvm_vcpu *vcpu)
1479 return emulate_invalid_guest_state && !vmx_guest_state_valid(vcpu);
1482 unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu)
1484 struct vcpu_vmx *vmx = to_vmx(vcpu);
1485 unsigned long rflags, save_rflags;
1487 if (!kvm_register_is_available(vcpu, VCPU_EXREG_RFLAGS)) {
1488 kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS);
1489 rflags = vmcs_readl(GUEST_RFLAGS);
1490 if (vmx->rmode.vm86_active) {
1491 rflags &= RMODE_GUEST_OWNED_EFLAGS_BITS;
1492 save_rflags = vmx->rmode.save_rflags;
1493 rflags |= save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS;
1495 vmx->rflags = rflags;
1500 void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
1502 struct vcpu_vmx *vmx = to_vmx(vcpu);
1503 unsigned long old_rflags;
1505 if (is_unrestricted_guest(vcpu)) {
1506 kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS);
1507 vmx->rflags = rflags;
1508 vmcs_writel(GUEST_RFLAGS, rflags);
1512 old_rflags = vmx_get_rflags(vcpu);
1513 vmx->rflags = rflags;
1514 if (vmx->rmode.vm86_active) {
1515 vmx->rmode.save_rflags = rflags;
1516 rflags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM;
1518 vmcs_writel(GUEST_RFLAGS, rflags);
1520 if ((old_rflags ^ vmx->rflags) & X86_EFLAGS_VM)
1521 vmx->emulation_required = vmx_emulation_required(vcpu);
1524 static bool vmx_get_if_flag(struct kvm_vcpu *vcpu)
1526 return vmx_get_rflags(vcpu) & X86_EFLAGS_IF;
1529 u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu)
1531 u32 interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
1534 if (interruptibility & GUEST_INTR_STATE_STI)
1535 ret |= KVM_X86_SHADOW_INT_STI;
1536 if (interruptibility & GUEST_INTR_STATE_MOV_SS)
1537 ret |= KVM_X86_SHADOW_INT_MOV_SS;
1542 void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
1544 u32 interruptibility_old = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
1545 u32 interruptibility = interruptibility_old;
1547 interruptibility &= ~(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS);
1549 if (mask & KVM_X86_SHADOW_INT_MOV_SS)
1550 interruptibility |= GUEST_INTR_STATE_MOV_SS;
1551 else if (mask & KVM_X86_SHADOW_INT_STI)
1552 interruptibility |= GUEST_INTR_STATE_STI;
1554 if ((interruptibility != interruptibility_old))
1555 vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility);
1558 static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data)
1560 struct vcpu_vmx *vmx = to_vmx(vcpu);
1561 unsigned long value;
1564 * Any MSR write that attempts to change bits marked reserved will
1567 if (data & vmx->pt_desc.ctl_bitmask)
1571 * Any attempt to modify IA32_RTIT_CTL while TraceEn is set will
1572 * result in a #GP unless the same write also clears TraceEn.
1574 if ((vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) &&
1575 ((vmx->pt_desc.guest.ctl ^ data) & ~RTIT_CTL_TRACEEN))
1579 * WRMSR to IA32_RTIT_CTL that sets TraceEn but clears this bit
1580 * and FabricEn would cause #GP, if
1581 * CPUID.(EAX=14H, ECX=0):ECX.SNGLRGNOUT[bit 2] = 0
1583 if ((data & RTIT_CTL_TRACEEN) && !(data & RTIT_CTL_TOPA) &&
1584 !(data & RTIT_CTL_FABRIC_EN) &&
1585 !intel_pt_validate_cap(vmx->pt_desc.caps,
1586 PT_CAP_single_range_output))
1590 * MTCFreq, CycThresh and PSBFreq encodings check, any MSR write that
1591 * utilize encodings marked reserved will cause a #GP fault.
1593 value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc_periods);
1594 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc) &&
1595 !test_bit((data & RTIT_CTL_MTC_RANGE) >>
1596 RTIT_CTL_MTC_RANGE_OFFSET, &value))
1598 value = intel_pt_validate_cap(vmx->pt_desc.caps,
1599 PT_CAP_cycle_thresholds);
1600 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) &&
1601 !test_bit((data & RTIT_CTL_CYC_THRESH) >>
1602 RTIT_CTL_CYC_THRESH_OFFSET, &value))
1604 value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_periods);
1605 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) &&
1606 !test_bit((data & RTIT_CTL_PSB_FREQ) >>
1607 RTIT_CTL_PSB_FREQ_OFFSET, &value))
1611 * If ADDRx_CFG is reserved or the encodings is >2 will
1612 * cause a #GP fault.
1614 value = (data & RTIT_CTL_ADDR0) >> RTIT_CTL_ADDR0_OFFSET;
1615 if ((value && (vmx->pt_desc.num_address_ranges < 1)) || (value > 2))
1617 value = (data & RTIT_CTL_ADDR1) >> RTIT_CTL_ADDR1_OFFSET;
1618 if ((value && (vmx->pt_desc.num_address_ranges < 2)) || (value > 2))
1620 value = (data & RTIT_CTL_ADDR2) >> RTIT_CTL_ADDR2_OFFSET;
1621 if ((value && (vmx->pt_desc.num_address_ranges < 3)) || (value > 2))
1623 value = (data & RTIT_CTL_ADDR3) >> RTIT_CTL_ADDR3_OFFSET;
1624 if ((value && (vmx->pt_desc.num_address_ranges < 4)) || (value > 2))
1630 static bool vmx_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type,
1631 void *insn, int insn_len)
1634 * Emulation of instructions in SGX enclaves is impossible as RIP does
1635 * not point at the failing instruction, and even if it did, the code
1636 * stream is inaccessible. Inject #UD instead of exiting to userspace
1637 * so that guest userspace can't DoS the guest simply by triggering
1638 * emulation (enclaves are CPL3 only).
1640 if (to_vmx(vcpu)->exit_reason.enclave_mode) {
1641 kvm_queue_exception(vcpu, UD_VECTOR);
1647 static int skip_emulated_instruction(struct kvm_vcpu *vcpu)
1649 union vmx_exit_reason exit_reason = to_vmx(vcpu)->exit_reason;
1650 unsigned long rip, orig_rip;
1654 * Using VMCS.VM_EXIT_INSTRUCTION_LEN on EPT misconfig depends on
1655 * undefined behavior: Intel's SDM doesn't mandate the VMCS field be
1656 * set when EPT misconfig occurs. In practice, real hardware updates
1657 * VM_EXIT_INSTRUCTION_LEN on EPT misconfig, but other hypervisors
1658 * (namely Hyper-V) don't set it due to it being undefined behavior,
1659 * i.e. we end up advancing IP with some random value.
1661 if (!static_cpu_has(X86_FEATURE_HYPERVISOR) ||
1662 exit_reason.basic != EXIT_REASON_EPT_MISCONFIG) {
1663 instr_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
1666 * Emulating an enclave's instructions isn't supported as KVM
1667 * cannot access the enclave's memory or its true RIP, e.g. the
1668 * vmcs.GUEST_RIP points at the exit point of the enclave, not
1669 * the RIP that actually triggered the VM-Exit. But, because
1670 * most instructions that cause VM-Exit will #UD in an enclave,
1671 * most instruction-based VM-Exits simply do not occur.
1673 * There are a few exceptions, notably the debug instructions
1674 * INT1ICEBRK and INT3, as they are allowed in debug enclaves
1675 * and generate #DB/#BP as expected, which KVM might intercept.
1676 * But again, the CPU does the dirty work and saves an instr
1677 * length of zero so VMMs don't shoot themselves in the foot.
1678 * WARN if KVM tries to skip a non-zero length instruction on
1679 * a VM-Exit from an enclave.
1684 WARN_ONCE(exit_reason.enclave_mode,
1685 "skipping instruction after SGX enclave VM-Exit");
1687 orig_rip = kvm_rip_read(vcpu);
1688 rip = orig_rip + instr_len;
1689 #ifdef CONFIG_X86_64
1691 * We need to mask out the high 32 bits of RIP if not in 64-bit
1692 * mode, but just finding out that we are in 64-bit mode is
1693 * quite expensive. Only do it if there was a carry.
1695 if (unlikely(((rip ^ orig_rip) >> 31) == 3) && !is_64_bit_mode(vcpu))
1698 kvm_rip_write(vcpu, rip);
1700 if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
1705 /* skipping an emulated instruction also counts */
1706 vmx_set_interrupt_shadow(vcpu, 0);
1712 * Recognizes a pending MTF VM-exit and records the nested state for later
1715 static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
1717 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1718 struct vcpu_vmx *vmx = to_vmx(vcpu);
1720 if (!is_guest_mode(vcpu))
1724 * Per the SDM, MTF takes priority over debug-trap exceptions besides
1725 * TSS T-bit traps and ICEBP (INT1). KVM doesn't emulate T-bit traps
1726 * or ICEBP (in the emulator proper), and skipping of ICEBP after an
1727 * intercepted #DB deliberately avoids single-step #DB and MTF updates
1728 * as ICEBP is higher priority than both. As instruction emulation is
1729 * completed at this point (i.e. KVM is at the instruction boundary),
1730 * any #DB exception pending delivery must be a debug-trap of lower
1731 * priority than MTF. Record the pending MTF state to be delivered in
1732 * vmx_check_nested_events().
1734 if (nested_cpu_has_mtf(vmcs12) &&
1735 (!vcpu->arch.exception.pending ||
1736 vcpu->arch.exception.vector == DB_VECTOR) &&
1737 (!vcpu->arch.exception_vmexit.pending ||
1738 vcpu->arch.exception_vmexit.vector == DB_VECTOR)) {
1739 vmx->nested.mtf_pending = true;
1740 kvm_make_request(KVM_REQ_EVENT, vcpu);
1742 vmx->nested.mtf_pending = false;
1746 static int vmx_skip_emulated_instruction(struct kvm_vcpu *vcpu)
1748 vmx_update_emulated_instruction(vcpu);
1749 return skip_emulated_instruction(vcpu);
1752 static void vmx_clear_hlt(struct kvm_vcpu *vcpu)
1755 * Ensure that we clear the HLT state in the VMCS. We don't need to
1756 * explicitly skip the instruction because if the HLT state is set,
1757 * then the instruction is already executing and RIP has already been
1760 if (kvm_hlt_in_guest(vcpu->kvm) &&
1761 vmcs_read32(GUEST_ACTIVITY_STATE) == GUEST_ACTIVITY_HLT)
1762 vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE);
1765 static void vmx_inject_exception(struct kvm_vcpu *vcpu)
1767 struct kvm_queued_exception *ex = &vcpu->arch.exception;
1768 u32 intr_info = ex->vector | INTR_INFO_VALID_MASK;
1769 struct vcpu_vmx *vmx = to_vmx(vcpu);
1771 kvm_deliver_exception_payload(vcpu, ex);
1773 if (ex->has_error_code) {
1775 * Despite the error code being architecturally defined as 32
1776 * bits, and the VMCS field being 32 bits, Intel CPUs and thus
1777 * VMX don't actually supporting setting bits 31:16. Hardware
1778 * will (should) never provide a bogus error code, but AMD CPUs
1779 * do generate error codes with bits 31:16 set, and so KVM's
1780 * ABI lets userspace shove in arbitrary 32-bit values. Drop
1781 * the upper bits to avoid VM-Fail, losing information that
1782 * does't really exist is preferable to killing the VM.
1784 vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, (u16)ex->error_code);
1785 intr_info |= INTR_INFO_DELIVER_CODE_MASK;
1788 if (vmx->rmode.vm86_active) {
1790 if (kvm_exception_is_soft(ex->vector))
1791 inc_eip = vcpu->arch.event_exit_inst_len;
1792 kvm_inject_realmode_interrupt(vcpu, ex->vector, inc_eip);
1796 WARN_ON_ONCE(vmx->emulation_required);
1798 if (kvm_exception_is_soft(ex->vector)) {
1799 vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
1800 vmx->vcpu.arch.event_exit_inst_len);
1801 intr_info |= INTR_TYPE_SOFT_EXCEPTION;
1803 intr_info |= INTR_TYPE_HARD_EXCEPTION;
1805 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info);
1807 vmx_clear_hlt(vcpu);
1810 static void vmx_setup_uret_msr(struct vcpu_vmx *vmx, unsigned int msr,
1811 bool load_into_hardware)
1813 struct vmx_uret_msr *uret_msr;
1815 uret_msr = vmx_find_uret_msr(vmx, msr);
1819 uret_msr->load_into_hardware = load_into_hardware;
1823 * Configuring user return MSRs to automatically save, load, and restore MSRs
1824 * that need to be shoved into hardware when running the guest. Note, omitting
1825 * an MSR here does _NOT_ mean it's not emulated, only that it will not be
1826 * loaded into hardware when running the guest.
1828 static void vmx_setup_uret_msrs(struct vcpu_vmx *vmx)
1830 #ifdef CONFIG_X86_64
1831 bool load_syscall_msrs;
1834 * The SYSCALL MSRs are only needed on long mode guests, and only
1835 * when EFER.SCE is set.
1837 load_syscall_msrs = is_long_mode(&vmx->vcpu) &&
1838 (vmx->vcpu.arch.efer & EFER_SCE);
1840 vmx_setup_uret_msr(vmx, MSR_STAR, load_syscall_msrs);
1841 vmx_setup_uret_msr(vmx, MSR_LSTAR, load_syscall_msrs);
1842 vmx_setup_uret_msr(vmx, MSR_SYSCALL_MASK, load_syscall_msrs);
1844 vmx_setup_uret_msr(vmx, MSR_EFER, update_transition_efer(vmx));
1846 vmx_setup_uret_msr(vmx, MSR_TSC_AUX,
1847 guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDTSCP) ||
1848 guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDPID));
1851 * hle=0, rtm=0, tsx_ctrl=1 can be found with some combinations of new
1852 * kernel and old userspace. If those guests run on a tsx=off host, do
1853 * allow guests to use TSX_CTRL, but don't change the value in hardware
1854 * so that TSX remains always disabled.
1856 vmx_setup_uret_msr(vmx, MSR_IA32_TSX_CTRL, boot_cpu_has(X86_FEATURE_RTM));
1859 * The set of MSRs to load may have changed, reload MSRs before the
1862 vmx->guest_uret_msrs_loaded = false;
1865 u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu)
1867 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1869 if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETTING))
1870 return vmcs12->tsc_offset;
1875 u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu)
1877 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1879 if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETTING) &&
1880 nested_cpu_has2(vmcs12, SECONDARY_EXEC_TSC_SCALING))
1881 return vmcs12->tsc_multiplier;
1883 return kvm_caps.default_tsc_scaling_ratio;
1886 static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
1888 vmcs_write64(TSC_OFFSET, offset);
1891 static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
1893 vmcs_write64(TSC_MULTIPLIER, multiplier);
1897 * nested_vmx_allowed() checks whether a guest should be allowed to use VMX
1898 * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for
1899 * all guests if the "nested" module option is off, and can also be disabled
1900 * for a single guest by disabling its VMX cpuid bit.
1902 bool nested_vmx_allowed(struct kvm_vcpu *vcpu)
1904 return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX);
1908 * Userspace is allowed to set any supported IA32_FEATURE_CONTROL regardless of
1909 * guest CPUID. Note, KVM allows userspace to set "VMX in SMX" to maintain
1910 * backwards compatibility even though KVM doesn't support emulating SMX. And
1911 * because userspace set "VMX in SMX", the guest must also be allowed to set it,
1912 * e.g. if the MSR is left unlocked and the guest does a RMW operation.
1914 #define KVM_SUPPORTED_FEATURE_CONTROL (FEAT_CTL_LOCKED | \
1915 FEAT_CTL_VMX_ENABLED_INSIDE_SMX | \
1916 FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX | \
1917 FEAT_CTL_SGX_LC_ENABLED | \
1918 FEAT_CTL_SGX_ENABLED | \
1919 FEAT_CTL_LMCE_ENABLED)
1921 static inline bool is_vmx_feature_control_msr_valid(struct vcpu_vmx *vmx,
1922 struct msr_data *msr)
1924 uint64_t valid_bits;
1927 * Ensure KVM_SUPPORTED_FEATURE_CONTROL is updated when new bits are
1928 * exposed to the guest.
1930 WARN_ON_ONCE(vmx->msr_ia32_feature_control_valid_bits &
1931 ~KVM_SUPPORTED_FEATURE_CONTROL);
1933 if (!msr->host_initiated &&
1934 (vmx->msr_ia32_feature_control & FEAT_CTL_LOCKED))
1937 if (msr->host_initiated)
1938 valid_bits = KVM_SUPPORTED_FEATURE_CONTROL;
1940 valid_bits = vmx->msr_ia32_feature_control_valid_bits;
1942 return !(msr->data & ~valid_bits);
1945 static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
1947 switch (msr->index) {
1948 case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
1951 return vmx_get_vmx_msr(&vmcs_config.nested, msr->index, &msr->data);
1953 return KVM_MSR_RET_INVALID;
1958 * Reads an msr value (of 'msr_info->index') into 'msr_info->data'.
1959 * Returns 0 on success, non-0 otherwise.
1960 * Assumes vcpu_load() was already called.
1962 static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
1964 struct vcpu_vmx *vmx = to_vmx(vcpu);
1965 struct vmx_uret_msr *msr;
1968 switch (msr_info->index) {
1969 #ifdef CONFIG_X86_64
1971 msr_info->data = vmcs_readl(GUEST_FS_BASE);
1974 msr_info->data = vmcs_readl(GUEST_GS_BASE);
1976 case MSR_KERNEL_GS_BASE:
1977 msr_info->data = vmx_read_guest_kernel_gs_base(vmx);
1981 return kvm_get_msr_common(vcpu, msr_info);
1982 case MSR_IA32_TSX_CTRL:
1983 if (!msr_info->host_initiated &&
1984 !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR))
1987 case MSR_IA32_UMWAIT_CONTROL:
1988 if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx))
1991 msr_info->data = vmx->msr_ia32_umwait_control;
1993 case MSR_IA32_SPEC_CTRL:
1994 if (!msr_info->host_initiated &&
1995 !guest_has_spec_ctrl_msr(vcpu))
1998 msr_info->data = to_vmx(vcpu)->spec_ctrl;
2000 case MSR_IA32_SYSENTER_CS:
2001 msr_info->data = vmcs_read32(GUEST_SYSENTER_CS);
2003 case MSR_IA32_SYSENTER_EIP:
2004 msr_info->data = vmcs_readl(GUEST_SYSENTER_EIP);
2006 case MSR_IA32_SYSENTER_ESP:
2007 msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP);
2009 case MSR_IA32_BNDCFGS:
2010 if (!kvm_mpx_supported() ||
2011 (!msr_info->host_initiated &&
2012 !guest_cpuid_has(vcpu, X86_FEATURE_MPX)))
2014 msr_info->data = vmcs_read64(GUEST_BNDCFGS);
2016 case MSR_IA32_MCG_EXT_CTL:
2017 if (!msr_info->host_initiated &&
2018 !(vmx->msr_ia32_feature_control &
2019 FEAT_CTL_LMCE_ENABLED))
2021 msr_info->data = vcpu->arch.mcg_ext_ctl;
2023 case MSR_IA32_FEAT_CTL:
2024 msr_info->data = vmx->msr_ia32_feature_control;
2026 case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
2027 if (!msr_info->host_initiated &&
2028 !guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC))
2030 msr_info->data = to_vmx(vcpu)->msr_ia32_sgxlepubkeyhash
2031 [msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0];
2033 case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
2034 if (!nested_vmx_allowed(vcpu))
2036 if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index,
2040 * Enlightened VMCS v1 doesn't have certain VMCS fields but
2041 * instead of just ignoring the features, different Hyper-V
2042 * versions are either trying to use them and fail or do some
2043 * sanity checking and refuse to boot. Filter all unsupported
2046 if (!msr_info->host_initiated && guest_cpuid_has_evmcs(vcpu))
2047 nested_evmcs_filter_control_msr(vcpu, msr_info->index,
2050 case MSR_IA32_RTIT_CTL:
2051 if (!vmx_pt_mode_is_host_guest())
2053 msr_info->data = vmx->pt_desc.guest.ctl;
2055 case MSR_IA32_RTIT_STATUS:
2056 if (!vmx_pt_mode_is_host_guest())
2058 msr_info->data = vmx->pt_desc.guest.status;
2060 case MSR_IA32_RTIT_CR3_MATCH:
2061 if (!vmx_pt_mode_is_host_guest() ||
2062 !intel_pt_validate_cap(vmx->pt_desc.caps,
2063 PT_CAP_cr3_filtering))
2065 msr_info->data = vmx->pt_desc.guest.cr3_match;
2067 case MSR_IA32_RTIT_OUTPUT_BASE:
2068 if (!vmx_pt_mode_is_host_guest() ||
2069 (!intel_pt_validate_cap(vmx->pt_desc.caps,
2070 PT_CAP_topa_output) &&
2071 !intel_pt_validate_cap(vmx->pt_desc.caps,
2072 PT_CAP_single_range_output)))
2074 msr_info->data = vmx->pt_desc.guest.output_base;
2076 case MSR_IA32_RTIT_OUTPUT_MASK:
2077 if (!vmx_pt_mode_is_host_guest() ||
2078 (!intel_pt_validate_cap(vmx->pt_desc.caps,
2079 PT_CAP_topa_output) &&
2080 !intel_pt_validate_cap(vmx->pt_desc.caps,
2081 PT_CAP_single_range_output)))
2083 msr_info->data = vmx->pt_desc.guest.output_mask;
2085 case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
2086 index = msr_info->index - MSR_IA32_RTIT_ADDR0_A;
2087 if (!vmx_pt_mode_is_host_guest() ||
2088 (index >= 2 * vmx->pt_desc.num_address_ranges))
2091 msr_info->data = vmx->pt_desc.guest.addr_b[index / 2];
2093 msr_info->data = vmx->pt_desc.guest.addr_a[index / 2];
2095 case MSR_IA32_DEBUGCTLMSR:
2096 msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL);
2100 msr = vmx_find_uret_msr(vmx, msr_info->index);
2102 msr_info->data = msr->data;
2105 return kvm_get_msr_common(vcpu, msr_info);
2111 static u64 nested_vmx_truncate_sysenter_addr(struct kvm_vcpu *vcpu,
2114 #ifdef CONFIG_X86_64
2115 if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
2118 return (unsigned long)data;
2121 static u64 vmx_get_supported_debugctl(struct kvm_vcpu *vcpu, bool host_initiated)
2125 if (boot_cpu_has(X86_FEATURE_BUS_LOCK_DETECT) &&
2126 (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_BUS_LOCK_DETECT)))
2127 debugctl |= DEBUGCTLMSR_BUS_LOCK_DETECT;
2129 if ((kvm_caps.supported_perf_cap & PMU_CAP_LBR_FMT) &&
2130 (host_initiated || intel_pmu_lbr_is_enabled(vcpu)))
2131 debugctl |= DEBUGCTLMSR_LBR | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI;
2137 * Writes msr value into the appropriate "register".
2138 * Returns 0 on success, non-0 otherwise.
2139 * Assumes vcpu_load() was already called.
2141 static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2143 struct vcpu_vmx *vmx = to_vmx(vcpu);
2144 struct vmx_uret_msr *msr;
2146 u32 msr_index = msr_info->index;
2147 u64 data = msr_info->data;
2150 switch (msr_index) {
2152 ret = kvm_set_msr_common(vcpu, msr_info);
2154 #ifdef CONFIG_X86_64
2156 vmx_segment_cache_clear(vmx);
2157 vmcs_writel(GUEST_FS_BASE, data);
2160 vmx_segment_cache_clear(vmx);
2161 vmcs_writel(GUEST_GS_BASE, data);
2163 case MSR_KERNEL_GS_BASE:
2164 vmx_write_guest_kernel_gs_base(vmx, data);
2167 ret = kvm_set_msr_common(vcpu, msr_info);
2169 * Always intercepting WRMSR could incur non-negligible
2170 * overhead given xfd might be changed frequently in
2171 * guest context switch. Disable write interception
2172 * upon the first write with a non-zero value (indicating
2173 * potential usage on dynamic xfeatures). Also update
2174 * exception bitmap to trap #NM for proper virtualization
2178 vmx_disable_intercept_for_msr(vcpu, MSR_IA32_XFD,
2180 vcpu->arch.xfd_no_write_intercept = true;
2181 vmx_update_exception_bitmap(vcpu);
2185 case MSR_IA32_SYSENTER_CS:
2186 if (is_guest_mode(vcpu))
2187 get_vmcs12(vcpu)->guest_sysenter_cs = data;
2188 vmcs_write32(GUEST_SYSENTER_CS, data);
2190 case MSR_IA32_SYSENTER_EIP:
2191 if (is_guest_mode(vcpu)) {
2192 data = nested_vmx_truncate_sysenter_addr(vcpu, data);
2193 get_vmcs12(vcpu)->guest_sysenter_eip = data;
2195 vmcs_writel(GUEST_SYSENTER_EIP, data);
2197 case MSR_IA32_SYSENTER_ESP:
2198 if (is_guest_mode(vcpu)) {
2199 data = nested_vmx_truncate_sysenter_addr(vcpu, data);
2200 get_vmcs12(vcpu)->guest_sysenter_esp = data;
2202 vmcs_writel(GUEST_SYSENTER_ESP, data);
2204 case MSR_IA32_DEBUGCTLMSR: {
2207 invalid = data & ~vmx_get_supported_debugctl(vcpu, msr_info->host_initiated);
2208 if (invalid & (DEBUGCTLMSR_BTF|DEBUGCTLMSR_LBR)) {
2209 kvm_pr_unimpl_wrmsr(vcpu, msr_index, data);
2210 data &= ~(DEBUGCTLMSR_BTF|DEBUGCTLMSR_LBR);
2211 invalid &= ~(DEBUGCTLMSR_BTF|DEBUGCTLMSR_LBR);
2217 if (is_guest_mode(vcpu) && get_vmcs12(vcpu)->vm_exit_controls &
2218 VM_EXIT_SAVE_DEBUG_CONTROLS)
2219 get_vmcs12(vcpu)->guest_ia32_debugctl = data;
2221 vmcs_write64(GUEST_IA32_DEBUGCTL, data);
2222 if (intel_pmu_lbr_is_enabled(vcpu) && !to_vmx(vcpu)->lbr_desc.event &&
2223 (data & DEBUGCTLMSR_LBR))
2224 intel_pmu_create_guest_lbr_event(vcpu);
2227 case MSR_IA32_BNDCFGS:
2228 if (!kvm_mpx_supported() ||
2229 (!msr_info->host_initiated &&
2230 !guest_cpuid_has(vcpu, X86_FEATURE_MPX)))
2232 if (is_noncanonical_address(data & PAGE_MASK, vcpu) ||
2233 (data & MSR_IA32_BNDCFGS_RSVD))
2236 if (is_guest_mode(vcpu) &&
2237 ((vmx->nested.msrs.entry_ctls_high & VM_ENTRY_LOAD_BNDCFGS) ||
2238 (vmx->nested.msrs.exit_ctls_high & VM_EXIT_CLEAR_BNDCFGS)))
2239 get_vmcs12(vcpu)->guest_bndcfgs = data;
2241 vmcs_write64(GUEST_BNDCFGS, data);
2243 case MSR_IA32_UMWAIT_CONTROL:
2244 if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx))
2247 /* The reserved bit 1 and non-32 bit [63:32] should be zero */
2248 if (data & (BIT_ULL(1) | GENMASK_ULL(63, 32)))
2251 vmx->msr_ia32_umwait_control = data;
2253 case MSR_IA32_SPEC_CTRL:
2254 if (!msr_info->host_initiated &&
2255 !guest_has_spec_ctrl_msr(vcpu))
2258 if (kvm_spec_ctrl_test_value(data))
2261 vmx->spec_ctrl = data;
2267 * When it's written (to non-zero) for the first time, pass
2271 * The handling of the MSR bitmap for L2 guests is done in
2272 * nested_vmx_prepare_msr_bitmap. We should not touch the
2273 * vmcs02.msr_bitmap here since it gets completely overwritten
2274 * in the merging. We update the vmcs01 here for L1 as well
2275 * since it will end up touching the MSR anyway now.
2277 vmx_disable_intercept_for_msr(vcpu,
2281 case MSR_IA32_TSX_CTRL:
2282 if (!msr_info->host_initiated &&
2283 !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR))
2285 if (data & ~(TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR))
2288 case MSR_IA32_PRED_CMD:
2289 if (!msr_info->host_initiated &&
2290 !guest_has_pred_cmd_msr(vcpu))
2293 if (data & ~PRED_CMD_IBPB)
2295 if (!boot_cpu_has(X86_FEATURE_IBPB))
2300 wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
2304 * When it's written (to non-zero) for the first time, pass
2308 * The handling of the MSR bitmap for L2 guests is done in
2309 * nested_vmx_prepare_msr_bitmap. We should not touch the
2310 * vmcs02.msr_bitmap here since it gets completely overwritten
2313 vmx_disable_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W);
2315 case MSR_IA32_CR_PAT:
2316 if (!kvm_pat_valid(data))
2319 if (is_guest_mode(vcpu) &&
2320 get_vmcs12(vcpu)->vm_exit_controls & VM_EXIT_SAVE_IA32_PAT)
2321 get_vmcs12(vcpu)->guest_ia32_pat = data;
2323 if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) {
2324 vmcs_write64(GUEST_IA32_PAT, data);
2325 vcpu->arch.pat = data;
2328 ret = kvm_set_msr_common(vcpu, msr_info);
2330 case MSR_IA32_MCG_EXT_CTL:
2331 if ((!msr_info->host_initiated &&
2332 !(to_vmx(vcpu)->msr_ia32_feature_control &
2333 FEAT_CTL_LMCE_ENABLED)) ||
2334 (data & ~MCG_EXT_CTL_LMCE_EN))
2336 vcpu->arch.mcg_ext_ctl = data;
2338 case MSR_IA32_FEAT_CTL:
2339 if (!is_vmx_feature_control_msr_valid(vmx, msr_info))
2342 vmx->msr_ia32_feature_control = data;
2343 if (msr_info->host_initiated && data == 0)
2344 vmx_leave_nested(vcpu);
2346 /* SGX may be enabled/disabled by guest's firmware */
2347 vmx_write_encls_bitmap(vcpu, NULL);
2349 case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
2351 * On real hardware, the LE hash MSRs are writable before
2352 * the firmware sets bit 0 in MSR 0x7a ("activating" SGX),
2353 * at which point SGX related bits in IA32_FEATURE_CONTROL
2356 * KVM does not emulate SGX activation for simplicity, so
2357 * allow writes to the LE hash MSRs if IA32_FEATURE_CONTROL
2358 * is unlocked. This is technically not architectural
2359 * behavior, but it's close enough.
2361 if (!msr_info->host_initiated &&
2362 (!guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC) ||
2363 ((vmx->msr_ia32_feature_control & FEAT_CTL_LOCKED) &&
2364 !(vmx->msr_ia32_feature_control & FEAT_CTL_SGX_LC_ENABLED))))
2366 vmx->msr_ia32_sgxlepubkeyhash
2367 [msr_index - MSR_IA32_SGXLEPUBKEYHASH0] = data;
2369 case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
2370 if (!msr_info->host_initiated)
2371 return 1; /* they are read-only */
2372 if (!nested_vmx_allowed(vcpu))
2374 return vmx_set_vmx_msr(vcpu, msr_index, data);
2375 case MSR_IA32_RTIT_CTL:
2376 if (!vmx_pt_mode_is_host_guest() ||
2377 vmx_rtit_ctl_check(vcpu, data) ||
2380 vmcs_write64(GUEST_IA32_RTIT_CTL, data);
2381 vmx->pt_desc.guest.ctl = data;
2382 pt_update_intercept_for_msr(vcpu);
2384 case MSR_IA32_RTIT_STATUS:
2385 if (!pt_can_write_msr(vmx))
2387 if (data & MSR_IA32_RTIT_STATUS_MASK)
2389 vmx->pt_desc.guest.status = data;
2391 case MSR_IA32_RTIT_CR3_MATCH:
2392 if (!pt_can_write_msr(vmx))
2394 if (!intel_pt_validate_cap(vmx->pt_desc.caps,
2395 PT_CAP_cr3_filtering))
2397 vmx->pt_desc.guest.cr3_match = data;
2399 case MSR_IA32_RTIT_OUTPUT_BASE:
2400 if (!pt_can_write_msr(vmx))
2402 if (!intel_pt_validate_cap(vmx->pt_desc.caps,
2403 PT_CAP_topa_output) &&
2404 !intel_pt_validate_cap(vmx->pt_desc.caps,
2405 PT_CAP_single_range_output))
2407 if (!pt_output_base_valid(vcpu, data))
2409 vmx->pt_desc.guest.output_base = data;
2411 case MSR_IA32_RTIT_OUTPUT_MASK:
2412 if (!pt_can_write_msr(vmx))
2414 if (!intel_pt_validate_cap(vmx->pt_desc.caps,
2415 PT_CAP_topa_output) &&
2416 !intel_pt_validate_cap(vmx->pt_desc.caps,
2417 PT_CAP_single_range_output))
2419 vmx->pt_desc.guest.output_mask = data;
2421 case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
2422 if (!pt_can_write_msr(vmx))
2424 index = msr_info->index - MSR_IA32_RTIT_ADDR0_A;
2425 if (index >= 2 * vmx->pt_desc.num_address_ranges)
2427 if (is_noncanonical_address(data, vcpu))
2430 vmx->pt_desc.guest.addr_b[index / 2] = data;
2432 vmx->pt_desc.guest.addr_a[index / 2] = data;
2434 case MSR_IA32_PERF_CAPABILITIES:
2435 if (data && !vcpu_to_pmu(vcpu)->version)
2437 if (data & PMU_CAP_LBR_FMT) {
2438 if ((data & PMU_CAP_LBR_FMT) !=
2439 (kvm_caps.supported_perf_cap & PMU_CAP_LBR_FMT))
2441 if (!cpuid_model_is_consistent(vcpu))
2444 if (data & PERF_CAP_PEBS_FORMAT) {
2445 if ((data & PERF_CAP_PEBS_MASK) !=
2446 (kvm_caps.supported_perf_cap & PERF_CAP_PEBS_MASK))
2448 if (!guest_cpuid_has(vcpu, X86_FEATURE_DS))
2450 if (!guest_cpuid_has(vcpu, X86_FEATURE_DTES64))
2452 if (!cpuid_model_is_consistent(vcpu))
2455 ret = kvm_set_msr_common(vcpu, msr_info);
2460 msr = vmx_find_uret_msr(vmx, msr_index);
2462 ret = vmx_set_guest_uret_msr(vmx, msr, data);
2464 ret = kvm_set_msr_common(vcpu, msr_info);
2467 /* FB_CLEAR may have changed, also update the FB_CLEAR_DIS behavior */
2468 if (msr_index == MSR_IA32_ARCH_CAPABILITIES)
2469 vmx_update_fb_clear_dis(vcpu, vmx);
2474 static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
2476 unsigned long guest_owned_bits;
2478 kvm_register_mark_available(vcpu, reg);
2482 vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP);
2485 vcpu->arch.regs[VCPU_REGS_RIP] = vmcs_readl(GUEST_RIP);
2487 case VCPU_EXREG_PDPTR:
2489 ept_save_pdptrs(vcpu);
2491 case VCPU_EXREG_CR0:
2492 guest_owned_bits = vcpu->arch.cr0_guest_owned_bits;
2494 vcpu->arch.cr0 &= ~guest_owned_bits;
2495 vcpu->arch.cr0 |= vmcs_readl(GUEST_CR0) & guest_owned_bits;
2497 case VCPU_EXREG_CR3:
2499 * When intercepting CR3 loads, e.g. for shadowing paging, KVM's
2500 * CR3 is loaded into hardware, not the guest's CR3.
2502 if (!(exec_controls_get(to_vmx(vcpu)) & CPU_BASED_CR3_LOAD_EXITING))
2503 vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
2505 case VCPU_EXREG_CR4:
2506 guest_owned_bits = vcpu->arch.cr4_guest_owned_bits;
2508 vcpu->arch.cr4 &= ~guest_owned_bits;
2509 vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & guest_owned_bits;
2512 KVM_BUG_ON(1, vcpu->kvm);
2518 * There is no X86_FEATURE for SGX yet, but anyway we need to query CPUID
2519 * directly instead of going through cpu_has(), to ensure KVM is trapping
2520 * ENCLS whenever it's supported in hardware. It does not matter whether
2521 * the host OS supports or has enabled SGX.
2523 static bool cpu_has_sgx(void)
2525 return cpuid_eax(0) >= 0x12 && (cpuid_eax(0x12) & BIT(0));
2529 * Some cpus support VM_{ENTRY,EXIT}_IA32_PERF_GLOBAL_CTRL but they
2530 * can't be used due to errata where VM Exit may incorrectly clear
2531 * IA32_PERF_GLOBAL_CTRL[34:32]. Work around the errata by using the
2532 * MSR load mechanism to switch IA32_PERF_GLOBAL_CTRL.
2534 static bool cpu_has_perf_global_ctrl_bug(void)
2536 if (boot_cpu_data.x86 == 0x6) {
2537 switch (boot_cpu_data.x86_model) {
2538 case INTEL_FAM6_NEHALEM_EP: /* AAK155 */
2539 case INTEL_FAM6_NEHALEM: /* AAP115 */
2540 case INTEL_FAM6_WESTMERE: /* AAT100 */
2541 case INTEL_FAM6_WESTMERE_EP: /* BC86,AAY89,BD102 */
2542 case INTEL_FAM6_NEHALEM_EX: /* BA97 */
2552 static int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt, u32 msr, u32 *result)
2554 u32 vmx_msr_low, vmx_msr_high;
2555 u32 ctl = ctl_min | ctl_opt;
2557 rdmsr(msr, vmx_msr_low, vmx_msr_high);
2559 ctl &= vmx_msr_high; /* bit == 0 in high word ==> must be zero */
2560 ctl |= vmx_msr_low; /* bit == 1 in low word ==> must be one */
2562 /* Ensure minimum (required) set of control bits are supported. */
2570 static u64 adjust_vmx_controls64(u64 ctl_opt, u32 msr)
2574 rdmsrl(msr, allowed);
2576 return ctl_opt & allowed;
2579 static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
2580 struct vmx_capability *vmx_cap)
2582 u32 vmx_msr_low, vmx_msr_high;
2583 u32 _pin_based_exec_control = 0;
2584 u32 _cpu_based_exec_control = 0;
2585 u32 _cpu_based_2nd_exec_control = 0;
2586 u64 _cpu_based_3rd_exec_control = 0;
2587 u32 _vmexit_control = 0;
2588 u32 _vmentry_control = 0;
2593 * LOAD/SAVE_DEBUG_CONTROLS are absent because both are mandatory.
2594 * SAVE_IA32_PAT and SAVE_IA32_EFER are absent because KVM always
2595 * intercepts writes to PAT and EFER, i.e. never enables those controls.
2600 } const vmcs_entry_exit_pairs[] = {
2601 { VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL, VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL },
2602 { VM_ENTRY_LOAD_IA32_PAT, VM_EXIT_LOAD_IA32_PAT },
2603 { VM_ENTRY_LOAD_IA32_EFER, VM_EXIT_LOAD_IA32_EFER },
2604 { VM_ENTRY_LOAD_BNDCFGS, VM_EXIT_CLEAR_BNDCFGS },
2605 { VM_ENTRY_LOAD_IA32_RTIT_CTL, VM_EXIT_CLEAR_IA32_RTIT_CTL },
2608 memset(vmcs_conf, 0, sizeof(*vmcs_conf));
2610 if (adjust_vmx_controls(KVM_REQUIRED_VMX_CPU_BASED_VM_EXEC_CONTROL,
2611 KVM_OPTIONAL_VMX_CPU_BASED_VM_EXEC_CONTROL,
2612 MSR_IA32_VMX_PROCBASED_CTLS,
2613 &_cpu_based_exec_control))
2615 if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) {
2616 if (adjust_vmx_controls(KVM_REQUIRED_VMX_SECONDARY_VM_EXEC_CONTROL,
2617 KVM_OPTIONAL_VMX_SECONDARY_VM_EXEC_CONTROL,
2618 MSR_IA32_VMX_PROCBASED_CTLS2,
2619 &_cpu_based_2nd_exec_control))
2622 #ifndef CONFIG_X86_64
2623 if (!(_cpu_based_2nd_exec_control &
2624 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES))
2625 _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW;
2628 if (!(_cpu_based_exec_control & CPU_BASED_TPR_SHADOW))
2629 _cpu_based_2nd_exec_control &= ~(
2630 SECONDARY_EXEC_APIC_REGISTER_VIRT |
2631 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2632 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
2634 rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP,
2635 &vmx_cap->ept, &vmx_cap->vpid);
2637 if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) &&
2639 pr_warn_once("EPT CAP should not exist if not support "
2640 "1-setting enable EPT VM-execution control\n");
2642 if (error_on_inconsistent_vmcs_config)
2647 if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_VPID) &&
2649 pr_warn_once("VPID CAP should not exist if not support "
2650 "1-setting enable VPID VM-execution control\n");
2652 if (error_on_inconsistent_vmcs_config)
2659 _cpu_based_2nd_exec_control &= ~SECONDARY_EXEC_ENCLS_EXITING;
2661 if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS)
2662 _cpu_based_3rd_exec_control =
2663 adjust_vmx_controls64(KVM_OPTIONAL_VMX_TERTIARY_VM_EXEC_CONTROL,
2664 MSR_IA32_VMX_PROCBASED_CTLS3);
2666 if (adjust_vmx_controls(KVM_REQUIRED_VMX_VM_EXIT_CONTROLS,
2667 KVM_OPTIONAL_VMX_VM_EXIT_CONTROLS,
2668 MSR_IA32_VMX_EXIT_CTLS,
2672 if (adjust_vmx_controls(KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL,
2673 KVM_OPTIONAL_VMX_PIN_BASED_VM_EXEC_CONTROL,
2674 MSR_IA32_VMX_PINBASED_CTLS,
2675 &_pin_based_exec_control))
2678 if (cpu_has_broken_vmx_preemption_timer())
2679 _pin_based_exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
2680 if (!(_cpu_based_2nd_exec_control &
2681 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY))
2682 _pin_based_exec_control &= ~PIN_BASED_POSTED_INTR;
2684 if (adjust_vmx_controls(KVM_REQUIRED_VMX_VM_ENTRY_CONTROLS,
2685 KVM_OPTIONAL_VMX_VM_ENTRY_CONTROLS,
2686 MSR_IA32_VMX_ENTRY_CTLS,
2690 for (i = 0; i < ARRAY_SIZE(vmcs_entry_exit_pairs); i++) {
2691 u32 n_ctrl = vmcs_entry_exit_pairs[i].entry_control;
2692 u32 x_ctrl = vmcs_entry_exit_pairs[i].exit_control;
2694 if (!(_vmentry_control & n_ctrl) == !(_vmexit_control & x_ctrl))
2697 pr_warn_once("Inconsistent VM-Entry/VM-Exit pair, entry = %x, exit = %x\n",
2698 _vmentry_control & n_ctrl, _vmexit_control & x_ctrl);
2700 if (error_on_inconsistent_vmcs_config)
2703 _vmentry_control &= ~n_ctrl;
2704 _vmexit_control &= ~x_ctrl;
2707 rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high);
2709 /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */
2710 if ((vmx_msr_high & 0x1fff) > PAGE_SIZE)
2713 #ifdef CONFIG_X86_64
2714 /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */
2715 if (vmx_msr_high & (1u<<16))
2719 /* Require Write-Back (WB) memory type for VMCS accesses. */
2720 if (((vmx_msr_high >> 18) & 15) != 6)
2723 rdmsrl(MSR_IA32_VMX_MISC, misc_msr);
2725 vmcs_conf->size = vmx_msr_high & 0x1fff;
2726 vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff;
2728 vmcs_conf->revision_id = vmx_msr_low;
2730 vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control;
2731 vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control;
2732 vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control;
2733 vmcs_conf->cpu_based_3rd_exec_ctrl = _cpu_based_3rd_exec_control;
2734 vmcs_conf->vmexit_ctrl = _vmexit_control;
2735 vmcs_conf->vmentry_ctrl = _vmentry_control;
2736 vmcs_conf->misc = misc_msr;
2738 #if IS_ENABLED(CONFIG_HYPERV)
2739 if (enlightened_vmcs)
2740 evmcs_sanitize_exec_ctrls(vmcs_conf);
2746 static bool kvm_is_vmx_supported(void)
2748 int cpu = raw_smp_processor_id();
2750 if (!cpu_has_vmx()) {
2751 pr_err("VMX not supported by CPU %d\n", cpu);
2755 if (!this_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) ||
2756 !this_cpu_has(X86_FEATURE_VMX)) {
2757 pr_err("VMX not enabled (by BIOS) in MSR_IA32_FEAT_CTL on CPU %d\n", cpu);
2764 static int vmx_check_processor_compat(void)
2766 int cpu = raw_smp_processor_id();
2767 struct vmcs_config vmcs_conf;
2768 struct vmx_capability vmx_cap;
2770 if (!kvm_is_vmx_supported())
2773 if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0) {
2774 pr_err("Failed to setup VMCS config on CPU %d\n", cpu);
2778 nested_vmx_setup_ctls_msrs(&vmcs_conf, vmx_cap.ept);
2779 if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config))) {
2780 pr_err("Inconsistent VMCS config on CPU %d\n", cpu);
2786 static int kvm_cpu_vmxon(u64 vmxon_pointer)
2790 cr4_set_bits(X86_CR4_VMXE);
2792 asm_volatile_goto("1: vmxon %[vmxon_pointer]\n\t"
2793 _ASM_EXTABLE(1b, %l[fault])
2794 : : [vmxon_pointer] "m"(vmxon_pointer)
2799 WARN_ONCE(1, "VMXON faulted, MSR_IA32_FEAT_CTL (0x3a) = 0x%llx\n",
2800 rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr) ? 0xdeadbeef : msr);
2801 cr4_clear_bits(X86_CR4_VMXE);
2806 static int vmx_hardware_enable(void)
2808 int cpu = raw_smp_processor_id();
2809 u64 phys_addr = __pa(per_cpu(vmxarea, cpu));
2812 if (cr4_read_shadow() & X86_CR4_VMXE)
2816 * This can happen if we hot-added a CPU but failed to allocate
2817 * VP assist page for it.
2819 if (static_branch_unlikely(&enable_evmcs) &&
2820 !hv_get_vp_assist_page(cpu))
2823 intel_pt_handle_vmx(1);
2825 r = kvm_cpu_vmxon(phys_addr);
2827 intel_pt_handle_vmx(0);
2837 static void vmclear_local_loaded_vmcss(void)
2839 int cpu = raw_smp_processor_id();
2840 struct loaded_vmcs *v, *n;
2842 list_for_each_entry_safe(v, n, &per_cpu(loaded_vmcss_on_cpu, cpu),
2843 loaded_vmcss_on_cpu_link)
2844 __loaded_vmcs_clear(v);
2847 static void vmx_hardware_disable(void)
2849 vmclear_local_loaded_vmcss();
2852 kvm_spurious_fault();
2856 intel_pt_handle_vmx(0);
2859 struct vmcs *alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags)
2861 int node = cpu_to_node(cpu);
2865 pages = __alloc_pages_node(node, flags, 0);
2868 vmcs = page_address(pages);
2869 memset(vmcs, 0, vmcs_config.size);
2871 /* KVM supports Enlightened VMCS v1 only */
2872 if (static_branch_unlikely(&enable_evmcs))
2873 vmcs->hdr.revision_id = KVM_EVMCS_VERSION;
2875 vmcs->hdr.revision_id = vmcs_config.revision_id;
2878 vmcs->hdr.shadow_vmcs = 1;
2882 void free_vmcs(struct vmcs *vmcs)
2884 free_page((unsigned long)vmcs);
2888 * Free a VMCS, but before that VMCLEAR it on the CPU where it was last loaded
2890 void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
2892 if (!loaded_vmcs->vmcs)
2894 loaded_vmcs_clear(loaded_vmcs);
2895 free_vmcs(loaded_vmcs->vmcs);
2896 loaded_vmcs->vmcs = NULL;
2897 if (loaded_vmcs->msr_bitmap)
2898 free_page((unsigned long)loaded_vmcs->msr_bitmap);
2899 WARN_ON(loaded_vmcs->shadow_vmcs != NULL);
2902 int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
2904 loaded_vmcs->vmcs = alloc_vmcs(false);
2905 if (!loaded_vmcs->vmcs)
2908 vmcs_clear(loaded_vmcs->vmcs);
2910 loaded_vmcs->shadow_vmcs = NULL;
2911 loaded_vmcs->hv_timer_soft_disabled = false;
2912 loaded_vmcs->cpu = -1;
2913 loaded_vmcs->launched = 0;
2915 if (cpu_has_vmx_msr_bitmap()) {
2916 loaded_vmcs->msr_bitmap = (unsigned long *)
2917 __get_free_page(GFP_KERNEL_ACCOUNT);
2918 if (!loaded_vmcs->msr_bitmap)
2920 memset(loaded_vmcs->msr_bitmap, 0xff, PAGE_SIZE);
2923 memset(&loaded_vmcs->host_state, 0, sizeof(struct vmcs_host_state));
2924 memset(&loaded_vmcs->controls_shadow, 0,
2925 sizeof(struct vmcs_controls_shadow));
2930 free_loaded_vmcs(loaded_vmcs);
2934 static void free_kvm_area(void)
2938 for_each_possible_cpu(cpu) {
2939 free_vmcs(per_cpu(vmxarea, cpu));
2940 per_cpu(vmxarea, cpu) = NULL;
2944 static __init int alloc_kvm_area(void)
2948 for_each_possible_cpu(cpu) {
2951 vmcs = alloc_vmcs_cpu(false, cpu, GFP_KERNEL);
2958 * When eVMCS is enabled, alloc_vmcs_cpu() sets
2959 * vmcs->revision_id to KVM_EVMCS_VERSION instead of
2960 * revision_id reported by MSR_IA32_VMX_BASIC.
2962 * However, even though not explicitly documented by
2963 * TLFS, VMXArea passed as VMXON argument should
2964 * still be marked with revision_id reported by
2967 if (static_branch_unlikely(&enable_evmcs))
2968 vmcs->hdr.revision_id = vmcs_config.revision_id;
2970 per_cpu(vmxarea, cpu) = vmcs;
2975 static void fix_pmode_seg(struct kvm_vcpu *vcpu, int seg,
2976 struct kvm_segment *save)
2978 if (!emulate_invalid_guest_state) {
2980 * CS and SS RPL should be equal during guest entry according
2981 * to VMX spec, but in reality it is not always so. Since vcpu
2982 * is in the middle of the transition from real mode to
2983 * protected mode it is safe to assume that RPL 0 is a good
2986 if (seg == VCPU_SREG_CS || seg == VCPU_SREG_SS)
2987 save->selector &= ~SEGMENT_RPL_MASK;
2988 save->dpl = save->selector & SEGMENT_RPL_MASK;
2991 __vmx_set_segment(vcpu, save, seg);
2994 static void enter_pmode(struct kvm_vcpu *vcpu)
2996 unsigned long flags;
2997 struct vcpu_vmx *vmx = to_vmx(vcpu);
3000 * Update real mode segment cache. It may be not up-to-date if segment
3001 * register was written while vcpu was in a guest mode.
3003 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES);
3004 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS);
3005 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS);
3006 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS);
3007 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS);
3008 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS);
3010 vmx->rmode.vm86_active = 0;
3012 __vmx_set_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR);
3014 flags = vmcs_readl(GUEST_RFLAGS);
3015 flags &= RMODE_GUEST_OWNED_EFLAGS_BITS;
3016 flags |= vmx->rmode.save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS;
3017 vmcs_writel(GUEST_RFLAGS, flags);
3019 vmcs_writel(GUEST_CR4, (vmcs_readl(GUEST_CR4) & ~X86_CR4_VME) |
3020 (vmcs_readl(CR4_READ_SHADOW) & X86_CR4_VME));
3022 vmx_update_exception_bitmap(vcpu);
3024 fix_pmode_seg(vcpu, VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]);
3025 fix_pmode_seg(vcpu, VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]);
3026 fix_pmode_seg(vcpu, VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]);
3027 fix_pmode_seg(vcpu, VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]);
3028 fix_pmode_seg(vcpu, VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]);
3029 fix_pmode_seg(vcpu, VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]);
3032 static void fix_rmode_seg(int seg, struct kvm_segment *save)
3034 const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
3035 struct kvm_segment var = *save;
3038 if (seg == VCPU_SREG_CS)
3041 if (!emulate_invalid_guest_state) {
3042 var.selector = var.base >> 4;
3043 var.base = var.base & 0xffff0;
3053 if (save->base & 0xf)
3054 pr_warn_once("segment base is not paragraph aligned "
3055 "when entering protected mode (seg=%d)", seg);
3058 vmcs_write16(sf->selector, var.selector);
3059 vmcs_writel(sf->base, var.base);
3060 vmcs_write32(sf->limit, var.limit);
3061 vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(&var));
3064 static void enter_rmode(struct kvm_vcpu *vcpu)
3066 unsigned long flags;
3067 struct vcpu_vmx *vmx = to_vmx(vcpu);
3068 struct kvm_vmx *kvm_vmx = to_kvm_vmx(vcpu->kvm);
3070 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR);
3071 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES);
3072 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS);
3073 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS);
3074 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS);
3075 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS);
3076 vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS);
3078 vmx->rmode.vm86_active = 1;
3081 * Very old userspace does not call KVM_SET_TSS_ADDR before entering
3082 * vcpu. Warn the user that an update is overdue.
3084 if (!kvm_vmx->tss_addr)
3085 pr_warn_once("KVM_SET_TSS_ADDR needs to be called before running vCPU\n");
3087 vmx_segment_cache_clear(vmx);
3089 vmcs_writel(GUEST_TR_BASE, kvm_vmx->tss_addr);
3090 vmcs_write32(GUEST_TR_LIMIT, RMODE_TSS_SIZE - 1);
3091 vmcs_write32(GUEST_TR_AR_BYTES, 0x008b);
3093 flags = vmcs_readl(GUEST_RFLAGS);
3094 vmx->rmode.save_rflags = flags;
3096 flags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM;
3098 vmcs_writel(GUEST_RFLAGS, flags);
3099 vmcs_writel(GUEST_CR4, vmcs_readl(GUEST_CR4) | X86_CR4_VME);
3100 vmx_update_exception_bitmap(vcpu);
3102 fix_rmode_seg(VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]);
3103 fix_rmode_seg(VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]);
3104 fix_rmode_seg(VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]);
3105 fix_rmode_seg(VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]);
3106 fix_rmode_seg(VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]);
3107 fix_rmode_seg(VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]);
3110 int vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
3112 struct vcpu_vmx *vmx = to_vmx(vcpu);
3114 /* Nothing to do if hardware doesn't support EFER. */
3115 if (!vmx_find_uret_msr(vmx, MSR_EFER))
3118 vcpu->arch.efer = efer;
3119 #ifdef CONFIG_X86_64
3120 if (efer & EFER_LMA)
3121 vm_entry_controls_setbit(vmx, VM_ENTRY_IA32E_MODE);
3123 vm_entry_controls_clearbit(vmx, VM_ENTRY_IA32E_MODE);
3125 if (KVM_BUG_ON(efer & EFER_LMA, vcpu->kvm))
3129 vmx_setup_uret_msrs(vmx);
3133 #ifdef CONFIG_X86_64
3135 static void enter_lmode(struct kvm_vcpu *vcpu)
3139 vmx_segment_cache_clear(to_vmx(vcpu));
3141 guest_tr_ar = vmcs_read32(GUEST_TR_AR_BYTES);
3142 if ((guest_tr_ar & VMX_AR_TYPE_MASK) != VMX_AR_TYPE_BUSY_64_TSS) {
3143 pr_debug_ratelimited("%s: tss fixup for long mode. \n",
3145 vmcs_write32(GUEST_TR_AR_BYTES,
3146 (guest_tr_ar & ~VMX_AR_TYPE_MASK)
3147 | VMX_AR_TYPE_BUSY_64_TSS);
3149 vmx_set_efer(vcpu, vcpu->arch.efer | EFER_LMA);
3152 static void exit_lmode(struct kvm_vcpu *vcpu)
3154 vmx_set_efer(vcpu, vcpu->arch.efer & ~EFER_LMA);
3159 static void vmx_flush_tlb_all(struct kvm_vcpu *vcpu)
3161 struct vcpu_vmx *vmx = to_vmx(vcpu);
3164 * INVEPT must be issued when EPT is enabled, irrespective of VPID, as
3165 * the CPU is not required to invalidate guest-physical mappings on
3166 * VM-Entry, even if VPID is disabled. Guest-physical mappings are
3167 * associated with the root EPT structure and not any particular VPID
3168 * (INVVPID also isn't required to invalidate guest-physical mappings).
3172 } else if (enable_vpid) {
3173 if (cpu_has_vmx_invvpid_global()) {
3174 vpid_sync_vcpu_global();
3176 vpid_sync_vcpu_single(vmx->vpid);
3177 vpid_sync_vcpu_single(vmx->nested.vpid02);
3182 static inline int vmx_get_current_vpid(struct kvm_vcpu *vcpu)
3184 if (is_guest_mode(vcpu))
3185 return nested_get_vpid02(vcpu);
3186 return to_vmx(vcpu)->vpid;
3189 static void vmx_flush_tlb_current(struct kvm_vcpu *vcpu)
3191 struct kvm_mmu *mmu = vcpu->arch.mmu;
3192 u64 root_hpa = mmu->root.hpa;
3194 /* No flush required if the current context is invalid. */
3195 if (!VALID_PAGE(root_hpa))
3199 ept_sync_context(construct_eptp(vcpu, root_hpa,
3200 mmu->root_role.level));
3202 vpid_sync_context(vmx_get_current_vpid(vcpu));
3205 static void vmx_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t addr)
3208 * vpid_sync_vcpu_addr() is a nop if vpid==0, see the comment in
3209 * vmx_flush_tlb_guest() for an explanation of why this is ok.
3211 vpid_sync_vcpu_addr(vmx_get_current_vpid(vcpu), addr);
3214 static void vmx_flush_tlb_guest(struct kvm_vcpu *vcpu)
3217 * vpid_sync_context() is a nop if vpid==0, e.g. if enable_vpid==0 or a
3218 * vpid couldn't be allocated for this vCPU. VM-Enter and VM-Exit are
3219 * required to flush GVA->{G,H}PA mappings from the TLB if vpid is
3220 * disabled (VM-Enter with vpid enabled and vpid==0 is disallowed),
3221 * i.e. no explicit INVVPID is necessary.
3223 vpid_sync_context(vmx_get_current_vpid(vcpu));
3226 void vmx_ept_load_pdptrs(struct kvm_vcpu *vcpu)
3228 struct kvm_mmu *mmu = vcpu->arch.walk_mmu;
3230 if (!kvm_register_is_dirty(vcpu, VCPU_EXREG_PDPTR))
3233 if (is_pae_paging(vcpu)) {
3234 vmcs_write64(GUEST_PDPTR0, mmu->pdptrs[0]);
3235 vmcs_write64(GUEST_PDPTR1, mmu->pdptrs[1]);
3236 vmcs_write64(GUEST_PDPTR2, mmu->pdptrs[2]);
3237 vmcs_write64(GUEST_PDPTR3, mmu->pdptrs[3]);
3241 void ept_save_pdptrs(struct kvm_vcpu *vcpu)
3243 struct kvm_mmu *mmu = vcpu->arch.walk_mmu;
3245 if (WARN_ON_ONCE(!is_pae_paging(vcpu)))
3248 mmu->pdptrs[0] = vmcs_read64(GUEST_PDPTR0);
3249 mmu->pdptrs[1] = vmcs_read64(GUEST_PDPTR1);
3250 mmu->pdptrs[2] = vmcs_read64(GUEST_PDPTR2);
3251 mmu->pdptrs[3] = vmcs_read64(GUEST_PDPTR3);
3253 kvm_register_mark_available(vcpu, VCPU_EXREG_PDPTR);
3256 #define CR3_EXITING_BITS (CPU_BASED_CR3_LOAD_EXITING | \
3257 CPU_BASED_CR3_STORE_EXITING)
3259 void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
3261 struct vcpu_vmx *vmx = to_vmx(vcpu);
3262 unsigned long hw_cr0, old_cr0_pg;
3265 old_cr0_pg = kvm_read_cr0_bits(vcpu, X86_CR0_PG);
3267 hw_cr0 = (cr0 & ~KVM_VM_CR0_ALWAYS_OFF);
3268 if (is_unrestricted_guest(vcpu))
3269 hw_cr0 |= KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST;
3271 hw_cr0 |= KVM_VM_CR0_ALWAYS_ON;
3273 hw_cr0 |= X86_CR0_WP;
3275 if (vmx->rmode.vm86_active && (cr0 & X86_CR0_PE))
3278 if (!vmx->rmode.vm86_active && !(cr0 & X86_CR0_PE))
3282 vmcs_writel(CR0_READ_SHADOW, cr0);
3283 vmcs_writel(GUEST_CR0, hw_cr0);
3284 vcpu->arch.cr0 = cr0;
3285 kvm_register_mark_available(vcpu, VCPU_EXREG_CR0);
3287 #ifdef CONFIG_X86_64
3288 if (vcpu->arch.efer & EFER_LME) {
3289 if (!old_cr0_pg && (cr0 & X86_CR0_PG))
3291 else if (old_cr0_pg && !(cr0 & X86_CR0_PG))
3296 if (enable_ept && !is_unrestricted_guest(vcpu)) {
3298 * Ensure KVM has an up-to-date snapshot of the guest's CR3. If
3299 * the below code _enables_ CR3 exiting, vmx_cache_reg() will
3300 * (correctly) stop reading vmcs.GUEST_CR3 because it thinks
3301 * KVM's CR3 is installed.
3303 if (!kvm_register_is_available(vcpu, VCPU_EXREG_CR3))
3304 vmx_cache_reg(vcpu, VCPU_EXREG_CR3);
3307 * When running with EPT but not unrestricted guest, KVM must
3308 * intercept CR3 accesses when paging is _disabled_. This is
3309 * necessary because restricted guests can't actually run with
3310 * paging disabled, and so KVM stuffs its own CR3 in order to
3311 * run the guest when identity mapped page tables.
3313 * Do _NOT_ check the old CR0.PG, e.g. to optimize away the
3314 * update, it may be stale with respect to CR3 interception,
3315 * e.g. after nested VM-Enter.
3317 * Lastly, honor L1's desires, i.e. intercept CR3 loads and/or
3318 * stores to forward them to L1, even if KVM does not need to
3319 * intercept them to preserve its identity mapped page tables.
3321 if (!(cr0 & X86_CR0_PG)) {
3322 exec_controls_setbit(vmx, CR3_EXITING_BITS);
3323 } else if (!is_guest_mode(vcpu)) {
3324 exec_controls_clearbit(vmx, CR3_EXITING_BITS);
3326 tmp = exec_controls_get(vmx);
3327 tmp &= ~CR3_EXITING_BITS;
3328 tmp |= get_vmcs12(vcpu)->cpu_based_vm_exec_control & CR3_EXITING_BITS;
3329 exec_controls_set(vmx, tmp);
3332 /* Note, vmx_set_cr4() consumes the new vcpu->arch.cr0. */
3333 if ((old_cr0_pg ^ cr0) & X86_CR0_PG)
3334 vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
3337 * When !CR0_PG -> CR0_PG, vcpu->arch.cr3 becomes active, but
3338 * GUEST_CR3 is still vmx->ept_identity_map_addr if EPT + !URG.
3340 if (!(old_cr0_pg & X86_CR0_PG) && (cr0 & X86_CR0_PG))
3341 kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3);
3344 /* depends on vcpu->arch.cr0 to be set to a new value */
3345 vmx->emulation_required = vmx_emulation_required(vcpu);
3348 static int vmx_get_max_tdp_level(void)
3350 if (cpu_has_vmx_ept_5levels())
3355 u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level)
3357 u64 eptp = VMX_EPTP_MT_WB;
3359 eptp |= (root_level == 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4;
3361 if (enable_ept_ad_bits &&
3362 (!is_guest_mode(vcpu) || nested_ept_ad_enabled(vcpu)))
3363 eptp |= VMX_EPTP_AD_ENABLE_BIT;
3369 static void vmx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa,
3372 struct kvm *kvm = vcpu->kvm;
3373 bool update_guest_cr3 = true;
3374 unsigned long guest_cr3;
3378 eptp = construct_eptp(vcpu, root_hpa, root_level);
3379 vmcs_write64(EPT_POINTER, eptp);
3381 hv_track_root_tdp(vcpu, root_hpa);
3383 if (!enable_unrestricted_guest && !is_paging(vcpu))
3384 guest_cr3 = to_kvm_vmx(kvm)->ept_identity_map_addr;
3385 else if (kvm_register_is_dirty(vcpu, VCPU_EXREG_CR3))
3386 guest_cr3 = vcpu->arch.cr3;
3387 else /* vmcs.GUEST_CR3 is already up-to-date. */
3388 update_guest_cr3 = false;
3389 vmx_ept_load_pdptrs(vcpu);
3391 guest_cr3 = root_hpa | kvm_get_active_pcid(vcpu);
3394 if (update_guest_cr3)
3395 vmcs_writel(GUEST_CR3, guest_cr3);
3399 static bool vmx_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
3402 * We operate under the default treatment of SMM, so VMX cannot be
3403 * enabled under SMM. Note, whether or not VMXE is allowed at all,
3404 * i.e. is a reserved bit, is handled by common x86 code.
3406 if ((cr4 & X86_CR4_VMXE) && is_smm(vcpu))
3409 if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4))
3415 void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
3417 unsigned long old_cr4 = vcpu->arch.cr4;
3418 struct vcpu_vmx *vmx = to_vmx(vcpu);
3420 * Pass through host's Machine Check Enable value to hw_cr4, which
3421 * is in force while we are in guest mode. Do not let guests control
3422 * this bit, even if host CR4.MCE == 0.
3424 unsigned long hw_cr4;
3426 hw_cr4 = (cr4_read_shadow() & X86_CR4_MCE) | (cr4 & ~X86_CR4_MCE);
3427 if (is_unrestricted_guest(vcpu))
3428 hw_cr4 |= KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST;
3429 else if (vmx->rmode.vm86_active)
3430 hw_cr4 |= KVM_RMODE_VM_CR4_ALWAYS_ON;
3432 hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON;
3434 if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) {
3435 if (cr4 & X86_CR4_UMIP) {
3436 secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC);
3437 hw_cr4 &= ~X86_CR4_UMIP;
3438 } else if (!is_guest_mode(vcpu) ||
3439 !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) {
3440 secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC);
3444 vcpu->arch.cr4 = cr4;
3445 kvm_register_mark_available(vcpu, VCPU_EXREG_CR4);
3447 if (!is_unrestricted_guest(vcpu)) {
3449 if (!is_paging(vcpu)) {
3450 hw_cr4 &= ~X86_CR4_PAE;
3451 hw_cr4 |= X86_CR4_PSE;
3452 } else if (!(cr4 & X86_CR4_PAE)) {
3453 hw_cr4 &= ~X86_CR4_PAE;
3458 * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in
3459 * hardware. To emulate this behavior, SMEP/SMAP/PKU needs
3460 * to be manually disabled when guest switches to non-paging
3463 * If !enable_unrestricted_guest, the CPU is always running
3464 * with CR0.PG=1 and CR4 needs to be modified.
3465 * If enable_unrestricted_guest, the CPU automatically
3466 * disables SMEP/SMAP/PKU when the guest sets CR0.PG=0.
3468 if (!is_paging(vcpu))
3469 hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
3472 vmcs_writel(CR4_READ_SHADOW, cr4);
3473 vmcs_writel(GUEST_CR4, hw_cr4);
3475 if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE))
3476 kvm_update_cpuid_runtime(vcpu);
3479 void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
3481 struct vcpu_vmx *vmx = to_vmx(vcpu);
3484 if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) {
3485 *var = vmx->rmode.segs[seg];
3486 if (seg == VCPU_SREG_TR
3487 || var->selector == vmx_read_guest_seg_selector(vmx, seg))
3489 var->base = vmx_read_guest_seg_base(vmx, seg);
3490 var->selector = vmx_read_guest_seg_selector(vmx, seg);
3493 var->base = vmx_read_guest_seg_base(vmx, seg);
3494 var->limit = vmx_read_guest_seg_limit(vmx, seg);
3495 var->selector = vmx_read_guest_seg_selector(vmx, seg);
3496 ar = vmx_read_guest_seg_ar(vmx, seg);
3497 var->unusable = (ar >> 16) & 1;
3498 var->type = ar & 15;
3499 var->s = (ar >> 4) & 1;
3500 var->dpl = (ar >> 5) & 3;
3502 * Some userspaces do not preserve unusable property. Since usable
3503 * segment has to be present according to VMX spec we can use present
3504 * property to amend userspace bug by making unusable segment always
3505 * nonpresent. vmx_segment_access_rights() already marks nonpresent
3506 * segment as unusable.
3508 var->present = !var->unusable;
3509 var->avl = (ar >> 12) & 1;
3510 var->l = (ar >> 13) & 1;
3511 var->db = (ar >> 14) & 1;
3512 var->g = (ar >> 15) & 1;
3515 static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg)
3517 struct kvm_segment s;
3519 if (to_vmx(vcpu)->rmode.vm86_active) {
3520 vmx_get_segment(vcpu, &s, seg);
3523 return vmx_read_guest_seg_base(to_vmx(vcpu), seg);
3526 int vmx_get_cpl(struct kvm_vcpu *vcpu)
3528 struct vcpu_vmx *vmx = to_vmx(vcpu);
3530 if (unlikely(vmx->rmode.vm86_active))
3533 int ar = vmx_read_guest_seg_ar(vmx, VCPU_SREG_SS);
3534 return VMX_AR_DPL(ar);
3538 static u32 vmx_segment_access_rights(struct kvm_segment *var)
3542 ar = var->type & 15;
3543 ar |= (var->s & 1) << 4;
3544 ar |= (var->dpl & 3) << 5;
3545 ar |= (var->present & 1) << 7;
3546 ar |= (var->avl & 1) << 12;
3547 ar |= (var->l & 1) << 13;
3548 ar |= (var->db & 1) << 14;
3549 ar |= (var->g & 1) << 15;
3550 ar |= (var->unusable || !var->present) << 16;
3555 void __vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
3557 struct vcpu_vmx *vmx = to_vmx(vcpu);
3558 const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
3560 vmx_segment_cache_clear(vmx);
3562 if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) {
3563 vmx->rmode.segs[seg] = *var;
3564 if (seg == VCPU_SREG_TR)
3565 vmcs_write16(sf->selector, var->selector);
3567 fix_rmode_seg(seg, &vmx->rmode.segs[seg]);
3571 vmcs_writel(sf->base, var->base);
3572 vmcs_write32(sf->limit, var->limit);
3573 vmcs_write16(sf->selector, var->selector);
3576 * Fix the "Accessed" bit in AR field of segment registers for older
3578 * IA32 arch specifies that at the time of processor reset the
3579 * "Accessed" bit in the AR field of segment registers is 1. And qemu
3580 * is setting it to 0 in the userland code. This causes invalid guest
3581 * state vmexit when "unrestricted guest" mode is turned on.
3582 * Fix for this setup issue in cpu_reset is being pushed in the qemu
3583 * tree. Newer qemu binaries with that qemu fix would not need this
3586 if (is_unrestricted_guest(vcpu) && (seg != VCPU_SREG_LDTR))
3587 var->type |= 0x1; /* Accessed */
3589 vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(var));
3592 static void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
3594 __vmx_set_segment(vcpu, var, seg);
3596 to_vmx(vcpu)->emulation_required = vmx_emulation_required(vcpu);
3599 static void vmx_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
3601 u32 ar = vmx_read_guest_seg_ar(to_vmx(vcpu), VCPU_SREG_CS);
3603 *db = (ar >> 14) & 1;
3604 *l = (ar >> 13) & 1;
3607 static void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3609 dt->size = vmcs_read32(GUEST_IDTR_LIMIT);
3610 dt->address = vmcs_readl(GUEST_IDTR_BASE);
3613 static void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3615 vmcs_write32(GUEST_IDTR_LIMIT, dt->size);
3616 vmcs_writel(GUEST_IDTR_BASE, dt->address);
3619 static void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3621 dt->size = vmcs_read32(GUEST_GDTR_LIMIT);
3622 dt->address = vmcs_readl(GUEST_GDTR_BASE);
3625 static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3627 vmcs_write32(GUEST_GDTR_LIMIT, dt->size);
3628 vmcs_writel(GUEST_GDTR_BASE, dt->address);
3631 static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg)
3633 struct kvm_segment var;
3636 vmx_get_segment(vcpu, &var, seg);
3638 if (seg == VCPU_SREG_CS)
3640 ar = vmx_segment_access_rights(&var);
3642 if (var.base != (var.selector << 4))
3644 if (var.limit != 0xffff)
3652 static bool code_segment_valid(struct kvm_vcpu *vcpu)
3654 struct kvm_segment cs;
3655 unsigned int cs_rpl;
3657 vmx_get_segment(vcpu, &cs, VCPU_SREG_CS);
3658 cs_rpl = cs.selector & SEGMENT_RPL_MASK;
3662 if (~cs.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_ACCESSES_MASK))
3666 if (cs.type & VMX_AR_TYPE_WRITEABLE_MASK) {
3667 if (cs.dpl > cs_rpl)
3670 if (cs.dpl != cs_rpl)
3676 /* TODO: Add Reserved field check, this'll require a new member in the kvm_segment_field structure */
3680 static bool stack_segment_valid(struct kvm_vcpu *vcpu)
3682 struct kvm_segment ss;
3683 unsigned int ss_rpl;
3685 vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
3686 ss_rpl = ss.selector & SEGMENT_RPL_MASK;
3690 if (ss.type != 3 && ss.type != 7)
3694 if (ss.dpl != ss_rpl) /* DPL != RPL */
3702 static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg)
3704 struct kvm_segment var;
3707 vmx_get_segment(vcpu, &var, seg);
3708 rpl = var.selector & SEGMENT_RPL_MASK;
3716 if (~var.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_WRITEABLE_MASK)) {
3717 if (var.dpl < rpl) /* DPL < RPL */
3721 /* TODO: Add other members to kvm_segment_field to allow checking for other access
3727 static bool tr_valid(struct kvm_vcpu *vcpu)
3729 struct kvm_segment tr;
3731 vmx_get_segment(vcpu, &tr, VCPU_SREG_TR);
3735 if (tr.selector & SEGMENT_TI_MASK) /* TI = 1 */
3737 if (tr.type != 3 && tr.type != 11) /* TODO: Check if guest is in IA32e mode */
3745 static bool ldtr_valid(struct kvm_vcpu *vcpu)
3747 struct kvm_segment ldtr;
3749 vmx_get_segment(vcpu, &ldtr, VCPU_SREG_LDTR);
3753 if (ldtr.selector & SEGMENT_TI_MASK) /* TI = 1 */
3763 static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu)
3765 struct kvm_segment cs, ss;
3767 vmx_get_segment(vcpu, &cs, VCPU_SREG_CS);
3768 vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
3770 return ((cs.selector & SEGMENT_RPL_MASK) ==
3771 (ss.selector & SEGMENT_RPL_MASK));
3775 * Check if guest state is valid. Returns true if valid, false if
3777 * We assume that registers are always usable
3779 bool __vmx_guest_state_valid(struct kvm_vcpu *vcpu)
3781 /* real mode guest state checks */
3782 if (!is_protmode(vcpu) || (vmx_get_rflags(vcpu) & X86_EFLAGS_VM)) {
3783 if (!rmode_segment_valid(vcpu, VCPU_SREG_CS))
3785 if (!rmode_segment_valid(vcpu, VCPU_SREG_SS))
3787 if (!rmode_segment_valid(vcpu, VCPU_SREG_DS))
3789 if (!rmode_segment_valid(vcpu, VCPU_SREG_ES))
3791 if (!rmode_segment_valid(vcpu, VCPU_SREG_FS))
3793 if (!rmode_segment_valid(vcpu, VCPU_SREG_GS))
3796 /* protected mode guest state checks */
3797 if (!cs_ss_rpl_check(vcpu))
3799 if (!code_segment_valid(vcpu))
3801 if (!stack_segment_valid(vcpu))
3803 if (!data_segment_valid(vcpu, VCPU_SREG_DS))
3805 if (!data_segment_valid(vcpu, VCPU_SREG_ES))
3807 if (!data_segment_valid(vcpu, VCPU_SREG_FS))
3809 if (!data_segment_valid(vcpu, VCPU_SREG_GS))
3811 if (!tr_valid(vcpu))
3813 if (!ldtr_valid(vcpu))
3817 * - Add checks on RIP
3818 * - Add checks on RFLAGS
3824 static int init_rmode_tss(struct kvm *kvm, void __user *ua)
3826 const void *zero_page = (const void *) __va(page_to_phys(ZERO_PAGE(0)));
3830 for (i = 0; i < 3; i++) {
3831 if (__copy_to_user(ua + PAGE_SIZE * i, zero_page, PAGE_SIZE))
3835 data = TSS_BASE_SIZE + TSS_REDIRECTION_SIZE;
3836 if (__copy_to_user(ua + TSS_IOPB_BASE_OFFSET, &data, sizeof(u16)))
3840 if (__copy_to_user(ua + RMODE_TSS_SIZE - 1, &data, sizeof(u8)))
3846 static int init_rmode_identity_map(struct kvm *kvm)
3848 struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
3853 /* Protect kvm_vmx->ept_identity_pagetable_done. */
3854 mutex_lock(&kvm->slots_lock);
3856 if (likely(kvm_vmx->ept_identity_pagetable_done))
3859 if (!kvm_vmx->ept_identity_map_addr)
3860 kvm_vmx->ept_identity_map_addr = VMX_EPT_IDENTITY_PAGETABLE_ADDR;
3862 uaddr = __x86_set_memory_region(kvm,
3863 IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
3864 kvm_vmx->ept_identity_map_addr,
3866 if (IS_ERR(uaddr)) {
3871 /* Set up identity-mapping pagetable for EPT in real mode */
3872 for (i = 0; i < (PAGE_SIZE / sizeof(tmp)); i++) {
3873 tmp = (i << 22) + (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER |
3874 _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE);
3875 if (__copy_to_user(uaddr + i * sizeof(tmp), &tmp, sizeof(tmp))) {
3880 kvm_vmx->ept_identity_pagetable_done = true;
3883 mutex_unlock(&kvm->slots_lock);
3887 static void seg_setup(int seg)
3889 const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
3892 vmcs_write16(sf->selector, 0);
3893 vmcs_writel(sf->base, 0);
3894 vmcs_write32(sf->limit, 0xffff);
3896 if (seg == VCPU_SREG_CS)
3897 ar |= 0x08; /* code segment */
3899 vmcs_write32(sf->ar_bytes, ar);
3902 int allocate_vpid(void)
3908 spin_lock(&vmx_vpid_lock);
3909 vpid = find_first_zero_bit(vmx_vpid_bitmap, VMX_NR_VPIDS);
3910 if (vpid < VMX_NR_VPIDS)
3911 __set_bit(vpid, vmx_vpid_bitmap);
3914 spin_unlock(&vmx_vpid_lock);
3918 void free_vpid(int vpid)
3920 if (!enable_vpid || vpid == 0)
3922 spin_lock(&vmx_vpid_lock);
3923 __clear_bit(vpid, vmx_vpid_bitmap);
3924 spin_unlock(&vmx_vpid_lock);
3927 static void vmx_msr_bitmap_l01_changed(struct vcpu_vmx *vmx)
3930 * When KVM is a nested hypervisor on top of Hyper-V and uses
3931 * 'Enlightened MSR Bitmap' feature L0 needs to know that MSR
3932 * bitmap has changed.
3934 if (IS_ENABLED(CONFIG_HYPERV) && static_branch_unlikely(&enable_evmcs)) {
3935 struct hv_enlightened_vmcs *evmcs = (void *)vmx->vmcs01.vmcs;
3937 if (evmcs->hv_enlightenments_control.msr_bitmap)
3938 evmcs->hv_clean_fields &=
3939 ~HV_VMX_ENLIGHTENED_CLEAN_FIELD_MSR_BITMAP;
3942 vmx->nested.force_msr_bitmap_recalc = true;
3945 void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
3947 struct vcpu_vmx *vmx = to_vmx(vcpu);
3948 unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
3950 if (!cpu_has_vmx_msr_bitmap())
3953 vmx_msr_bitmap_l01_changed(vmx);
3956 * Mark the desired intercept state in shadow bitmap, this is needed
3957 * for resync when the MSR filters change.
3959 if (is_valid_passthrough_msr(msr)) {
3960 int idx = possible_passthrough_msr_slot(msr);
3962 if (idx != -ENOENT) {
3963 if (type & MSR_TYPE_R)
3964 clear_bit(idx, vmx->shadow_msr_intercept.read);
3965 if (type & MSR_TYPE_W)
3966 clear_bit(idx, vmx->shadow_msr_intercept.write);
3970 if ((type & MSR_TYPE_R) &&
3971 !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
3972 vmx_set_msr_bitmap_read(msr_bitmap, msr);
3973 type &= ~MSR_TYPE_R;
3976 if ((type & MSR_TYPE_W) &&
3977 !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) {
3978 vmx_set_msr_bitmap_write(msr_bitmap, msr);
3979 type &= ~MSR_TYPE_W;
3982 if (type & MSR_TYPE_R)
3983 vmx_clear_msr_bitmap_read(msr_bitmap, msr);
3985 if (type & MSR_TYPE_W)
3986 vmx_clear_msr_bitmap_write(msr_bitmap, msr);
3989 void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
3991 struct vcpu_vmx *vmx = to_vmx(vcpu);
3992 unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
3994 if (!cpu_has_vmx_msr_bitmap())
3997 vmx_msr_bitmap_l01_changed(vmx);
4000 * Mark the desired intercept state in shadow bitmap, this is needed
4001 * for resync when the MSR filter changes.
4003 if (is_valid_passthrough_msr(msr)) {
4004 int idx = possible_passthrough_msr_slot(msr);
4006 if (idx != -ENOENT) {
4007 if (type & MSR_TYPE_R)
4008 set_bit(idx, vmx->shadow_msr_intercept.read);
4009 if (type & MSR_TYPE_W)
4010 set_bit(idx, vmx->shadow_msr_intercept.write);
4014 if (type & MSR_TYPE_R)
4015 vmx_set_msr_bitmap_read(msr_bitmap, msr);
4017 if (type & MSR_TYPE_W)
4018 vmx_set_msr_bitmap_write(msr_bitmap, msr);
4021 static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu)
4024 * x2APIC indices for 64-bit accesses into the RDMSR and WRMSR halves
4025 * of the MSR bitmap. KVM emulates APIC registers up through 0x3f0,
4026 * i.e. MSR 0x83f, and so only needs to dynamically manipulate 64 bits.
4028 const int read_idx = APIC_BASE_MSR / BITS_PER_LONG_LONG;
4029 const int write_idx = read_idx + (0x800 / sizeof(u64));
4030 struct vcpu_vmx *vmx = to_vmx(vcpu);
4031 u64 *msr_bitmap = (u64 *)vmx->vmcs01.msr_bitmap;
4034 if (!cpu_has_vmx_msr_bitmap() || WARN_ON_ONCE(!lapic_in_kernel(vcpu)))
4037 if (cpu_has_secondary_exec_ctrls() &&
4038 (secondary_exec_controls_get(vmx) &
4039 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) {
4040 mode = MSR_BITMAP_MODE_X2APIC;
4041 if (enable_apicv && kvm_vcpu_apicv_active(vcpu))
4042 mode |= MSR_BITMAP_MODE_X2APIC_APICV;
4047 if (mode == vmx->x2apic_msr_bitmap_mode)
4050 vmx->x2apic_msr_bitmap_mode = mode;
4053 * Reset the bitmap for MSRs 0x800 - 0x83f. Leave AMD's uber-extended
4054 * registers (0x840 and above) intercepted, KVM doesn't support them.
4055 * Intercept all writes by default and poke holes as needed. Pass
4056 * through reads for all valid registers by default in x2APIC+APICv
4057 * mode, only the current timer count needs on-demand emulation by KVM.
4059 if (mode & MSR_BITMAP_MODE_X2APIC_APICV)
4060 msr_bitmap[read_idx] = ~kvm_lapic_readable_reg_mask(vcpu->arch.apic);
4062 msr_bitmap[read_idx] = ~0ull;
4063 msr_bitmap[write_idx] = ~0ull;
4066 * TPR reads and writes can be virtualized even if virtual interrupt
4067 * delivery is not in use.
4069 vmx_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TASKPRI), MSR_TYPE_RW,
4070 !(mode & MSR_BITMAP_MODE_X2APIC));
4072 if (mode & MSR_BITMAP_MODE_X2APIC_APICV) {
4073 vmx_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_RW);
4074 vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_EOI), MSR_TYPE_W);
4075 vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W);
4077 vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_ICR), MSR_TYPE_RW);
4081 void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu)
4083 struct vcpu_vmx *vmx = to_vmx(vcpu);
4084 bool flag = !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN);
4087 vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_STATUS, MSR_TYPE_RW, flag);
4088 vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_OUTPUT_BASE, MSR_TYPE_RW, flag);
4089 vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_OUTPUT_MASK, MSR_TYPE_RW, flag);
4090 vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_CR3_MATCH, MSR_TYPE_RW, flag);
4091 for (i = 0; i < vmx->pt_desc.num_address_ranges; i++) {
4092 vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_ADDR0_A + i * 2, MSR_TYPE_RW, flag);
4093 vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_ADDR0_B + i * 2, MSR_TYPE_RW, flag);
4097 static bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
4099 struct vcpu_vmx *vmx = to_vmx(vcpu);
4104 if (WARN_ON_ONCE(!is_guest_mode(vcpu)) ||
4105 !nested_cpu_has_vid(get_vmcs12(vcpu)) ||
4106 WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn))
4109 rvi = vmx_get_rvi();
4111 vapic_page = vmx->nested.virtual_apic_map.hva;
4112 vppr = *((u32 *)(vapic_page + APIC_PROCPRI));
4114 return ((rvi & 0xf0) > (vppr & 0xf0));
4117 static void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
4119 struct vcpu_vmx *vmx = to_vmx(vcpu);
4123 * Redo intercept permissions for MSRs that KVM is passing through to
4124 * the guest. Disabling interception will check the new MSR filter and
4125 * ensure that KVM enables interception if usersepace wants to filter
4126 * the MSR. MSRs that KVM is already intercepting don't need to be
4127 * refreshed since KVM is going to intercept them regardless of what
4130 for (i = 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) {
4131 u32 msr = vmx_possible_passthrough_msrs[i];
4133 if (!test_bit(i, vmx->shadow_msr_intercept.read))
4134 vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_R);
4136 if (!test_bit(i, vmx->shadow_msr_intercept.write))
4137 vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_W);
4140 /* PT MSRs can be passed through iff PT is exposed to the guest. */
4141 if (vmx_pt_mode_is_host_guest())
4142 pt_update_intercept_for_msr(vcpu);
4145 static inline void kvm_vcpu_trigger_posted_interrupt(struct kvm_vcpu *vcpu,
4149 if (vcpu->mode == IN_GUEST_MODE) {
4151 * The vector of the virtual has already been set in the PIR.
4152 * Send a notification event to deliver the virtual interrupt
4153 * unless the vCPU is the currently running vCPU, i.e. the
4154 * event is being sent from a fastpath VM-Exit handler, in
4155 * which case the PIR will be synced to the vIRR before
4156 * re-entering the guest.
4158 * When the target is not the running vCPU, the following
4159 * possibilities emerge:
4161 * Case 1: vCPU stays in non-root mode. Sending a notification
4162 * event posts the interrupt to the vCPU.
4164 * Case 2: vCPU exits to root mode and is still runnable. The
4165 * PIR will be synced to the vIRR before re-entering the guest.
4166 * Sending a notification event is ok as the host IRQ handler
4167 * will ignore the spurious event.
4169 * Case 3: vCPU exits to root mode and is blocked. vcpu_block()
4170 * has already synced PIR to vIRR and never blocks the vCPU if
4171 * the vIRR is not empty. Therefore, a blocked vCPU here does
4172 * not wait for any requested interrupts in PIR, and sending a
4173 * notification event also results in a benign, spurious event.
4176 if (vcpu != kvm_get_running_vcpu())
4177 apic->send_IPI_mask(get_cpu_mask(vcpu->cpu), pi_vec);
4182 * The vCPU isn't in the guest; wake the vCPU in case it is blocking,
4183 * otherwise do nothing as KVM will grab the highest priority pending
4184 * IRQ via ->sync_pir_to_irr() in vcpu_enter_guest().
4186 kvm_vcpu_wake_up(vcpu);
4189 static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu,
4192 struct vcpu_vmx *vmx = to_vmx(vcpu);
4194 if (is_guest_mode(vcpu) &&
4195 vector == vmx->nested.posted_intr_nv) {
4197 * If a posted intr is not recognized by hardware,
4198 * we will accomplish it in the next vmentry.
4200 vmx->nested.pi_pending = true;
4201 kvm_make_request(KVM_REQ_EVENT, vcpu);
4204 * This pairs with the smp_mb_*() after setting vcpu->mode in
4205 * vcpu_enter_guest() to guarantee the vCPU sees the event
4206 * request if triggering a posted interrupt "fails" because
4207 * vcpu->mode != IN_GUEST_MODE. The extra barrier is needed as
4208 * the smb_wmb() in kvm_make_request() only ensures everything
4209 * done before making the request is visible when the request
4210 * is visible, it doesn't ensure ordering between the store to
4211 * vcpu->requests and the load from vcpu->mode.
4213 smp_mb__after_atomic();
4215 /* the PIR and ON have been set by L1. */
4216 kvm_vcpu_trigger_posted_interrupt(vcpu, POSTED_INTR_NESTED_VECTOR);
4222 * Send interrupt to vcpu via posted interrupt way.
4223 * 1. If target vcpu is running(non-root mode), send posted interrupt
4224 * notification to vcpu and hardware will sync PIR to vIRR atomically.
4225 * 2. If target vcpu isn't running(root mode), kick it to pick up the
4226 * interrupt from PIR in next vmentry.
4228 static int vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector)
4230 struct vcpu_vmx *vmx = to_vmx(vcpu);
4233 r = vmx_deliver_nested_posted_interrupt(vcpu, vector);
4237 /* Note, this is called iff the local APIC is in-kernel. */
4238 if (!vcpu->arch.apic->apicv_active)
4241 if (pi_test_and_set_pir(vector, &vmx->pi_desc))
4244 /* If a previous notification has sent the IPI, nothing to do. */
4245 if (pi_test_and_set_on(&vmx->pi_desc))
4249 * The implied barrier in pi_test_and_set_on() pairs with the smp_mb_*()
4250 * after setting vcpu->mode in vcpu_enter_guest(), thus the vCPU is
4251 * guaranteed to see PID.ON=1 and sync the PIR to IRR if triggering a
4252 * posted interrupt "fails" because vcpu->mode != IN_GUEST_MODE.
4254 kvm_vcpu_trigger_posted_interrupt(vcpu, POSTED_INTR_VECTOR);
4258 static void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
4259 int trig_mode, int vector)
4261 struct kvm_vcpu *vcpu = apic->vcpu;
4263 if (vmx_deliver_posted_interrupt(vcpu, vector)) {
4264 kvm_lapic_set_irr(vector, apic);
4265 kvm_make_request(KVM_REQ_EVENT, vcpu);
4266 kvm_vcpu_kick(vcpu);
4268 trace_kvm_apicv_accept_irq(vcpu->vcpu_id, delivery_mode,
4274 * Set up the vmcs's constant host-state fields, i.e., host-state fields that
4275 * will not change in the lifetime of the guest.
4276 * Note that host-state that does change is set elsewhere. E.g., host-state
4277 * that is set differently for each CPU is set in vmx_vcpu_load(), not here.
4279 void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
4283 unsigned long cr0, cr3, cr4;
4286 WARN_ON(cr0 & X86_CR0_TS);
4287 vmcs_writel(HOST_CR0, cr0); /* 22.2.3 */
4290 * Save the most likely value for this task's CR3 in the VMCS.
4291 * We can't use __get_current_cr3_fast() because we're not atomic.
4294 vmcs_writel(HOST_CR3, cr3); /* 22.2.3 FIXME: shadow tables */
4295 vmx->loaded_vmcs->host_state.cr3 = cr3;
4297 /* Save the most likely value for this task's CR4 in the VMCS. */
4298 cr4 = cr4_read_shadow();
4299 vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */
4300 vmx->loaded_vmcs->host_state.cr4 = cr4;
4302 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
4303 #ifdef CONFIG_X86_64
4305 * Load null selectors, so we can avoid reloading them in
4306 * vmx_prepare_switch_to_host(), in case userspace uses
4307 * the null selectors too (the expected case).
4309 vmcs_write16(HOST_DS_SELECTOR, 0);
4310 vmcs_write16(HOST_ES_SELECTOR, 0);
4312 vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
4313 vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); /* 22.2.4 */
4315 vmcs_write16(HOST_SS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
4316 vmcs_write16(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8); /* 22.2.4 */
4318 vmcs_writel(HOST_IDTR_BASE, host_idt_base); /* 22.2.4 */
4320 vmcs_writel(HOST_RIP, (unsigned long)vmx_vmexit); /* 22.2.5 */
4322 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
4323 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
4326 * SYSENTER is used for 32-bit system calls on either 32-bit or
4327 * 64-bit kernels. It is always zero If neither is allowed, otherwise
4328 * vmx_vcpu_load_vmcs loads it with the per-CPU entry stack (and may
4329 * have already done so!).
4331 if (!IS_ENABLED(CONFIG_IA32_EMULATION) && !IS_ENABLED(CONFIG_X86_32))
4332 vmcs_writel(HOST_IA32_SYSENTER_ESP, 0);
4334 rdmsrl(MSR_IA32_SYSENTER_EIP, tmpl);
4335 vmcs_writel(HOST_IA32_SYSENTER_EIP, tmpl); /* 22.2.3 */
4337 if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT) {
4338 rdmsr(MSR_IA32_CR_PAT, low32, high32);
4339 vmcs_write64(HOST_IA32_PAT, low32 | ((u64) high32 << 32));
4342 if (cpu_has_load_ia32_efer())
4343 vmcs_write64(HOST_IA32_EFER, host_efer);
4346 void set_cr4_guest_host_mask(struct vcpu_vmx *vmx)
4348 struct kvm_vcpu *vcpu = &vmx->vcpu;
4350 vcpu->arch.cr4_guest_owned_bits = KVM_POSSIBLE_CR4_GUEST_BITS &
4351 ~vcpu->arch.cr4_guest_rsvd_bits;
4353 vcpu->arch.cr4_guest_owned_bits &= ~X86_CR4_TLBFLUSH_BITS;
4354 vcpu->arch.cr4_guest_owned_bits &= ~X86_CR4_PDPTR_BITS;
4356 if (is_guest_mode(&vmx->vcpu))
4357 vcpu->arch.cr4_guest_owned_bits &=
4358 ~get_vmcs12(vcpu)->cr4_guest_host_mask;
4359 vmcs_writel(CR4_GUEST_HOST_MASK, ~vcpu->arch.cr4_guest_owned_bits);
4362 static u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx)
4364 u32 pin_based_exec_ctrl = vmcs_config.pin_based_exec_ctrl;
4366 if (!kvm_vcpu_apicv_active(&vmx->vcpu))
4367 pin_based_exec_ctrl &= ~PIN_BASED_POSTED_INTR;
4370 pin_based_exec_ctrl &= ~PIN_BASED_VIRTUAL_NMIS;
4372 if (!enable_preemption_timer)
4373 pin_based_exec_ctrl &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
4375 return pin_based_exec_ctrl;
4378 static u32 vmx_vmentry_ctrl(void)
4380 u32 vmentry_ctrl = vmcs_config.vmentry_ctrl;
4382 if (vmx_pt_mode_is_system())
4383 vmentry_ctrl &= ~(VM_ENTRY_PT_CONCEAL_PIP |
4384 VM_ENTRY_LOAD_IA32_RTIT_CTL);
4386 * IA32e mode, and loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically.
4388 vmentry_ctrl &= ~(VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL |
4389 VM_ENTRY_LOAD_IA32_EFER |
4390 VM_ENTRY_IA32E_MODE);
4392 if (cpu_has_perf_global_ctrl_bug())
4393 vmentry_ctrl &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
4395 return vmentry_ctrl;
4398 static u32 vmx_vmexit_ctrl(void)
4400 u32 vmexit_ctrl = vmcs_config.vmexit_ctrl;
4403 * Not used by KVM and never set in vmcs01 or vmcs02, but emulated for
4404 * nested virtualization and thus allowed to be set in vmcs12.
4406 vmexit_ctrl &= ~(VM_EXIT_SAVE_IA32_PAT | VM_EXIT_SAVE_IA32_EFER |
4407 VM_EXIT_SAVE_VMX_PREEMPTION_TIMER);
4409 if (vmx_pt_mode_is_system())
4410 vmexit_ctrl &= ~(VM_EXIT_PT_CONCEAL_PIP |
4411 VM_EXIT_CLEAR_IA32_RTIT_CTL);
4413 if (cpu_has_perf_global_ctrl_bug())
4414 vmexit_ctrl &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
4416 /* Loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically */
4417 return vmexit_ctrl &
4418 ~(VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | VM_EXIT_LOAD_IA32_EFER);
4421 static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
4423 struct vcpu_vmx *vmx = to_vmx(vcpu);
4425 if (is_guest_mode(vcpu)) {
4426 vmx->nested.update_vmcs01_apicv_status = true;
4430 pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx));
4432 if (kvm_vcpu_apicv_active(vcpu)) {
4433 secondary_exec_controls_setbit(vmx,
4434 SECONDARY_EXEC_APIC_REGISTER_VIRT |
4435 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
4437 tertiary_exec_controls_setbit(vmx, TERTIARY_EXEC_IPI_VIRT);
4439 secondary_exec_controls_clearbit(vmx,
4440 SECONDARY_EXEC_APIC_REGISTER_VIRT |
4441 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
4443 tertiary_exec_controls_clearbit(vmx, TERTIARY_EXEC_IPI_VIRT);
4446 vmx_update_msr_bitmap_x2apic(vcpu);
4449 static u32 vmx_exec_control(struct vcpu_vmx *vmx)
4451 u32 exec_control = vmcs_config.cpu_based_exec_ctrl;
4454 * Not used by KVM, but fully supported for nesting, i.e. are allowed in
4455 * vmcs12 and propagated to vmcs02 when set in vmcs12.
4457 exec_control &= ~(CPU_BASED_RDTSC_EXITING |
4458 CPU_BASED_USE_IO_BITMAPS |
4459 CPU_BASED_MONITOR_TRAP_FLAG |
4460 CPU_BASED_PAUSE_EXITING);
4462 /* INTR_WINDOW_EXITING and NMI_WINDOW_EXITING are toggled dynamically */
4463 exec_control &= ~(CPU_BASED_INTR_WINDOW_EXITING |
4464 CPU_BASED_NMI_WINDOW_EXITING);
4466 if (vmx->vcpu.arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)
4467 exec_control &= ~CPU_BASED_MOV_DR_EXITING;
4469 if (!cpu_need_tpr_shadow(&vmx->vcpu))
4470 exec_control &= ~CPU_BASED_TPR_SHADOW;
4472 #ifdef CONFIG_X86_64
4473 if (exec_control & CPU_BASED_TPR_SHADOW)
4474 exec_control &= ~(CPU_BASED_CR8_LOAD_EXITING |
4475 CPU_BASED_CR8_STORE_EXITING);
4477 exec_control |= CPU_BASED_CR8_STORE_EXITING |
4478 CPU_BASED_CR8_LOAD_EXITING;
4480 /* No need to intercept CR3 access or INVPLG when using EPT. */
4482 exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
4483 CPU_BASED_CR3_STORE_EXITING |
4484 CPU_BASED_INVLPG_EXITING);
4485 if (kvm_mwait_in_guest(vmx->vcpu.kvm))
4486 exec_control &= ~(CPU_BASED_MWAIT_EXITING |
4487 CPU_BASED_MONITOR_EXITING);
4488 if (kvm_hlt_in_guest(vmx->vcpu.kvm))
4489 exec_control &= ~CPU_BASED_HLT_EXITING;
4490 return exec_control;
4493 static u64 vmx_tertiary_exec_control(struct vcpu_vmx *vmx)
4495 u64 exec_control = vmcs_config.cpu_based_3rd_exec_ctrl;
4498 * IPI virtualization relies on APICv. Disable IPI virtualization if
4499 * APICv is inhibited.
4501 if (!enable_ipiv || !kvm_vcpu_apicv_active(&vmx->vcpu))
4502 exec_control &= ~TERTIARY_EXEC_IPI_VIRT;
4504 return exec_control;
4508 * Adjust a single secondary execution control bit to intercept/allow an
4509 * instruction in the guest. This is usually done based on whether or not a
4510 * feature has been exposed to the guest in order to correctly emulate faults.
4513 vmx_adjust_secondary_exec_control(struct vcpu_vmx *vmx, u32 *exec_control,
4514 u32 control, bool enabled, bool exiting)
4517 * If the control is for an opt-in feature, clear the control if the
4518 * feature is not exposed to the guest, i.e. not enabled. If the
4519 * control is opt-out, i.e. an exiting control, clear the control if
4520 * the feature _is_ exposed to the guest, i.e. exiting/interception is
4521 * disabled for the associated instruction. Note, the caller is
4522 * responsible presetting exec_control to set all supported bits.
4524 if (enabled == exiting)
4525 *exec_control &= ~control;
4528 * Update the nested MSR settings so that a nested VMM can/can't set
4529 * controls for features that are/aren't exposed to the guest.
4533 * All features that can be added or removed to VMX MSRs must
4534 * be supported in the first place for nested virtualization.
4536 if (WARN_ON_ONCE(!(vmcs_config.nested.secondary_ctls_high & control)))
4540 vmx->nested.msrs.secondary_ctls_high |= control;
4542 vmx->nested.msrs.secondary_ctls_high &= ~control;
4547 * Wrapper macro for the common case of adjusting a secondary execution control
4548 * based on a single guest CPUID bit, with a dedicated feature bit. This also
4549 * verifies that the control is actually supported by KVM and hardware.
4551 #define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting) \
4555 if (cpu_has_vmx_##name()) { \
4556 __enabled = guest_cpuid_has(&(vmx)->vcpu, \
4557 X86_FEATURE_##feat_name); \
4558 vmx_adjust_secondary_exec_control(vmx, exec_control, \
4559 SECONDARY_EXEC_##ctrl_name, __enabled, exiting); \
4563 /* More macro magic for ENABLE_/opt-in versus _EXITING/opt-out controls. */
4564 #define vmx_adjust_sec_exec_feature(vmx, exec_control, lname, uname) \
4565 vmx_adjust_sec_exec_control(vmx, exec_control, lname, uname, ENABLE_##uname, false)
4567 #define vmx_adjust_sec_exec_exiting(vmx, exec_control, lname, uname) \
4568 vmx_adjust_sec_exec_control(vmx, exec_control, lname, uname, uname##_EXITING, true)
4570 static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx)
4572 struct kvm_vcpu *vcpu = &vmx->vcpu;
4574 u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl;
4576 if (vmx_pt_mode_is_system())
4577 exec_control &= ~(SECONDARY_EXEC_PT_USE_GPA | SECONDARY_EXEC_PT_CONCEAL_VMX);
4578 if (!cpu_need_virtualize_apic_accesses(vcpu))
4579 exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
4581 exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
4583 exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
4584 enable_unrestricted_guest = 0;
4586 if (!enable_unrestricted_guest)
4587 exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
4588 if (kvm_pause_in_guest(vmx->vcpu.kvm))
4589 exec_control &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING;
4590 if (!kvm_vcpu_apicv_active(vcpu))
4591 exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT |
4592 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
4593 exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
4596 * KVM doesn't support VMFUNC for L1, but the control is set in KVM's
4597 * base configuration as KVM emulates VMFUNC[EPTP_SWITCHING] for L2.
4599 exec_control &= ~SECONDARY_EXEC_ENABLE_VMFUNC;
4601 /* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP,
4602 * in vmx_set_cr4. */
4603 exec_control &= ~SECONDARY_EXEC_DESC;
4605 /* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD
4607 We can NOT enable shadow_vmcs here because we don't have yet
4610 exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS;
4613 * PML is enabled/disabled when dirty logging of memsmlots changes, but
4614 * it needs to be set here when dirty logging is already active, e.g.
4615 * if this vCPU was created after dirty logging was enabled.
4617 if (!enable_pml || !atomic_read(&vcpu->kvm->nr_memslots_dirty_logging))
4618 exec_control &= ~SECONDARY_EXEC_ENABLE_PML;
4620 if (cpu_has_vmx_xsaves()) {
4621 /* Exposing XSAVES only when XSAVE is exposed */
4622 bool xsaves_enabled =
4623 boot_cpu_has(X86_FEATURE_XSAVE) &&
4624 guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) &&
4625 guest_cpuid_has(vcpu, X86_FEATURE_XSAVES);
4627 vcpu->arch.xsaves_enabled = xsaves_enabled;
4629 vmx_adjust_secondary_exec_control(vmx, &exec_control,
4630 SECONDARY_EXEC_XSAVES,
4631 xsaves_enabled, false);
4635 * RDPID is also gated by ENABLE_RDTSCP, turn on the control if either
4636 * feature is exposed to the guest. This creates a virtualization hole
4637 * if both are supported in hardware but only one is exposed to the
4638 * guest, but letting the guest execute RDTSCP or RDPID when either one
4639 * is advertised is preferable to emulating the advertised instruction
4640 * in KVM on #UD, and obviously better than incorrectly injecting #UD.
4642 if (cpu_has_vmx_rdtscp()) {
4643 bool rdpid_or_rdtscp_enabled =
4644 guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP) ||
4645 guest_cpuid_has(vcpu, X86_FEATURE_RDPID);
4647 vmx_adjust_secondary_exec_control(vmx, &exec_control,
4648 SECONDARY_EXEC_ENABLE_RDTSCP,
4649 rdpid_or_rdtscp_enabled, false);
4651 vmx_adjust_sec_exec_feature(vmx, &exec_control, invpcid, INVPCID);
4653 vmx_adjust_sec_exec_exiting(vmx, &exec_control, rdrand, RDRAND);
4654 vmx_adjust_sec_exec_exiting(vmx, &exec_control, rdseed, RDSEED);
4656 vmx_adjust_sec_exec_control(vmx, &exec_control, waitpkg, WAITPKG,
4657 ENABLE_USR_WAIT_PAUSE, false);
4659 if (!vcpu->kvm->arch.bus_lock_detection_enabled)
4660 exec_control &= ~SECONDARY_EXEC_BUS_LOCK_DETECTION;
4662 if (!kvm_notify_vmexit_enabled(vcpu->kvm))
4663 exec_control &= ~SECONDARY_EXEC_NOTIFY_VM_EXITING;
4665 return exec_control;
4668 static inline int vmx_get_pid_table_order(struct kvm *kvm)
4670 return get_order(kvm->arch.max_vcpu_ids * sizeof(*to_kvm_vmx(kvm)->pid_table));
4673 static int vmx_alloc_ipiv_pid_table(struct kvm *kvm)
4676 struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
4678 if (!irqchip_in_kernel(kvm) || !enable_ipiv)
4681 if (kvm_vmx->pid_table)
4684 pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, vmx_get_pid_table_order(kvm));
4688 kvm_vmx->pid_table = (void *)page_address(pages);
4692 static int vmx_vcpu_precreate(struct kvm *kvm)
4694 return vmx_alloc_ipiv_pid_table(kvm);
4697 #define VMX_XSS_EXIT_BITMAP 0
4699 static void init_vmcs(struct vcpu_vmx *vmx)
4701 struct kvm *kvm = vmx->vcpu.kvm;
4702 struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
4705 nested_vmx_set_vmcs_shadowing_bitmap();
4707 if (cpu_has_vmx_msr_bitmap())
4708 vmcs_write64(MSR_BITMAP, __pa(vmx->vmcs01.msr_bitmap));
4710 vmcs_write64(VMCS_LINK_POINTER, INVALID_GPA); /* 22.3.1.5 */
4713 pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx));
4715 exec_controls_set(vmx, vmx_exec_control(vmx));
4717 if (cpu_has_secondary_exec_ctrls())
4718 secondary_exec_controls_set(vmx, vmx_secondary_exec_control(vmx));
4720 if (cpu_has_tertiary_exec_ctrls())
4721 tertiary_exec_controls_set(vmx, vmx_tertiary_exec_control(vmx));
4723 if (enable_apicv && lapic_in_kernel(&vmx->vcpu)) {
4724 vmcs_write64(EOI_EXIT_BITMAP0, 0);
4725 vmcs_write64(EOI_EXIT_BITMAP1, 0);
4726 vmcs_write64(EOI_EXIT_BITMAP2, 0);
4727 vmcs_write64(EOI_EXIT_BITMAP3, 0);
4729 vmcs_write16(GUEST_INTR_STATUS, 0);
4731 vmcs_write16(POSTED_INTR_NV, POSTED_INTR_VECTOR);
4732 vmcs_write64(POSTED_INTR_DESC_ADDR, __pa((&vmx->pi_desc)));
4735 if (vmx_can_use_ipiv(&vmx->vcpu)) {
4736 vmcs_write64(PID_POINTER_TABLE, __pa(kvm_vmx->pid_table));
4737 vmcs_write16(LAST_PID_POINTER_INDEX, kvm->arch.max_vcpu_ids - 1);
4740 if (!kvm_pause_in_guest(kvm)) {
4741 vmcs_write32(PLE_GAP, ple_gap);
4742 vmx->ple_window = ple_window;
4743 vmx->ple_window_dirty = true;
4746 if (kvm_notify_vmexit_enabled(kvm))
4747 vmcs_write32(NOTIFY_WINDOW, kvm->arch.notify_window);
4749 vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, 0);
4750 vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, 0);
4751 vmcs_write32(CR3_TARGET_COUNT, 0); /* 22.2.1 */
4753 vmcs_write16(HOST_FS_SELECTOR, 0); /* 22.2.4 */
4754 vmcs_write16(HOST_GS_SELECTOR, 0); /* 22.2.4 */
4755 vmx_set_constant_host_state(vmx);
4756 vmcs_writel(HOST_FS_BASE, 0); /* 22.2.4 */
4757 vmcs_writel(HOST_GS_BASE, 0); /* 22.2.4 */
4759 if (cpu_has_vmx_vmfunc())
4760 vmcs_write64(VM_FUNCTION_CONTROL, 0);
4762 vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
4763 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
4764 vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val));
4765 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
4766 vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val));
4768 if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT)
4769 vmcs_write64(GUEST_IA32_PAT, vmx->vcpu.arch.pat);
4771 vm_exit_controls_set(vmx, vmx_vmexit_ctrl());
4773 /* 22.2.1, 20.8.1 */
4774 vm_entry_controls_set(vmx, vmx_vmentry_ctrl());
4776 vmx->vcpu.arch.cr0_guest_owned_bits = KVM_POSSIBLE_CR0_GUEST_BITS;
4777 vmcs_writel(CR0_GUEST_HOST_MASK, ~vmx->vcpu.arch.cr0_guest_owned_bits);
4779 set_cr4_guest_host_mask(vmx);
4782 vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid);
4784 if (cpu_has_vmx_xsaves())
4785 vmcs_write64(XSS_EXIT_BITMAP, VMX_XSS_EXIT_BITMAP);
4788 vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg));
4789 vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1);
4792 vmx_write_encls_bitmap(&vmx->vcpu, NULL);
4794 if (vmx_pt_mode_is_host_guest()) {
4795 memset(&vmx->pt_desc, 0, sizeof(vmx->pt_desc));
4796 /* Bit[6~0] are forced to 1, writes are ignored. */
4797 vmx->pt_desc.guest.output_mask = 0x7F;
4798 vmcs_write64(GUEST_IA32_RTIT_CTL, 0);
4801 vmcs_write32(GUEST_SYSENTER_CS, 0);
4802 vmcs_writel(GUEST_SYSENTER_ESP, 0);
4803 vmcs_writel(GUEST_SYSENTER_EIP, 0);
4804 vmcs_write64(GUEST_IA32_DEBUGCTL, 0);
4806 if (cpu_has_vmx_tpr_shadow()) {
4807 vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, 0);
4808 if (cpu_need_tpr_shadow(&vmx->vcpu))
4809 vmcs_write64(VIRTUAL_APIC_PAGE_ADDR,
4810 __pa(vmx->vcpu.arch.apic->regs));
4811 vmcs_write32(TPR_THRESHOLD, 0);
4814 vmx_setup_uret_msrs(vmx);
4817 static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu)
4819 struct vcpu_vmx *vmx = to_vmx(vcpu);
4824 memcpy(&vmx->nested.msrs, &vmcs_config.nested, sizeof(vmx->nested.msrs));
4826 vcpu_setup_sgx_lepubkeyhash(vcpu);
4828 vmx->nested.posted_intr_nv = -1;
4829 vmx->nested.vmxon_ptr = INVALID_GPA;
4830 vmx->nested.current_vmptr = INVALID_GPA;
4831 vmx->nested.hv_evmcs_vmptr = EVMPTR_INVALID;
4833 vcpu->arch.microcode_version = 0x100000000ULL;
4834 vmx->msr_ia32_feature_control_valid_bits = FEAT_CTL_LOCKED;
4837 * Enforce invariant: pi_desc.nv is always either POSTED_INTR_VECTOR
4838 * or POSTED_INTR_WAKEUP_VECTOR.
4840 vmx->pi_desc.nv = POSTED_INTR_VECTOR;
4841 vmx->pi_desc.sn = 1;
4844 static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
4846 struct vcpu_vmx *vmx = to_vmx(vcpu);
4849 __vmx_vcpu_reset(vcpu);
4851 vmx->rmode.vm86_active = 0;
4854 vmx->msr_ia32_umwait_control = 0;
4856 vmx->hv_deadline_tsc = -1;
4857 kvm_set_cr8(vcpu, 0);
4859 vmx_segment_cache_clear(vmx);
4860 kvm_register_mark_available(vcpu, VCPU_EXREG_SEGMENTS);
4862 seg_setup(VCPU_SREG_CS);
4863 vmcs_write16(GUEST_CS_SELECTOR, 0xf000);
4864 vmcs_writel(GUEST_CS_BASE, 0xffff0000ul);
4866 seg_setup(VCPU_SREG_DS);
4867 seg_setup(VCPU_SREG_ES);
4868 seg_setup(VCPU_SREG_FS);
4869 seg_setup(VCPU_SREG_GS);
4870 seg_setup(VCPU_SREG_SS);
4872 vmcs_write16(GUEST_TR_SELECTOR, 0);
4873 vmcs_writel(GUEST_TR_BASE, 0);
4874 vmcs_write32(GUEST_TR_LIMIT, 0xffff);
4875 vmcs_write32(GUEST_TR_AR_BYTES, 0x008b);
4877 vmcs_write16(GUEST_LDTR_SELECTOR, 0);
4878 vmcs_writel(GUEST_LDTR_BASE, 0);
4879 vmcs_write32(GUEST_LDTR_LIMIT, 0xffff);
4880 vmcs_write32(GUEST_LDTR_AR_BYTES, 0x00082);
4882 vmcs_writel(GUEST_GDTR_BASE, 0);
4883 vmcs_write32(GUEST_GDTR_LIMIT, 0xffff);
4885 vmcs_writel(GUEST_IDTR_BASE, 0);
4886 vmcs_write32(GUEST_IDTR_LIMIT, 0xffff);
4888 vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE);
4889 vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, 0);
4890 vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS, 0);
4891 if (kvm_mpx_supported())
4892 vmcs_write64(GUEST_BNDCFGS, 0);
4894 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */
4896 kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
4898 vpid_sync_context(vmx->vpid);
4900 vmx_update_fb_clear_dis(vcpu, vmx);
4903 static void vmx_enable_irq_window(struct kvm_vcpu *vcpu)
4905 exec_controls_setbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING);
4908 static void vmx_enable_nmi_window(struct kvm_vcpu *vcpu)
4911 vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) {
4912 vmx_enable_irq_window(vcpu);
4916 exec_controls_setbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING);
4919 static void vmx_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
4921 struct vcpu_vmx *vmx = to_vmx(vcpu);
4923 int irq = vcpu->arch.interrupt.nr;
4925 trace_kvm_inj_virq(irq, vcpu->arch.interrupt.soft, reinjected);
4927 ++vcpu->stat.irq_injections;
4928 if (vmx->rmode.vm86_active) {
4930 if (vcpu->arch.interrupt.soft)
4931 inc_eip = vcpu->arch.event_exit_inst_len;
4932 kvm_inject_realmode_interrupt(vcpu, irq, inc_eip);
4935 intr = irq | INTR_INFO_VALID_MASK;
4936 if (vcpu->arch.interrupt.soft) {
4937 intr |= INTR_TYPE_SOFT_INTR;
4938 vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
4939 vmx->vcpu.arch.event_exit_inst_len);
4941 intr |= INTR_TYPE_EXT_INTR;
4942 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr);
4944 vmx_clear_hlt(vcpu);
4947 static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
4949 struct vcpu_vmx *vmx = to_vmx(vcpu);
4953 * Tracking the NMI-blocked state in software is built upon
4954 * finding the next open IRQ window. This, in turn, depends on
4955 * well-behaving guests: They have to keep IRQs disabled at
4956 * least as long as the NMI handler runs. Otherwise we may
4957 * cause NMI nesting, maybe breaking the guest. But as this is
4958 * highly unlikely, we can live with the residual risk.
4960 vmx->loaded_vmcs->soft_vnmi_blocked = 1;
4961 vmx->loaded_vmcs->vnmi_blocked_time = 0;
4964 ++vcpu->stat.nmi_injections;
4965 vmx->loaded_vmcs->nmi_known_unmasked = false;
4967 if (vmx->rmode.vm86_active) {
4968 kvm_inject_realmode_interrupt(vcpu, NMI_VECTOR, 0);
4972 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
4973 INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR);
4975 vmx_clear_hlt(vcpu);
4978 bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)
4980 struct vcpu_vmx *vmx = to_vmx(vcpu);
4984 return vmx->loaded_vmcs->soft_vnmi_blocked;
4985 if (vmx->loaded_vmcs->nmi_known_unmasked)
4987 masked = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_NMI;
4988 vmx->loaded_vmcs->nmi_known_unmasked = !masked;
4992 void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
4994 struct vcpu_vmx *vmx = to_vmx(vcpu);
4997 if (vmx->loaded_vmcs->soft_vnmi_blocked != masked) {
4998 vmx->loaded_vmcs->soft_vnmi_blocked = masked;
4999 vmx->loaded_vmcs->vnmi_blocked_time = 0;
5002 vmx->loaded_vmcs->nmi_known_unmasked = !masked;
5004 vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
5005 GUEST_INTR_STATE_NMI);
5007 vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
5008 GUEST_INTR_STATE_NMI);
5012 bool vmx_nmi_blocked(struct kvm_vcpu *vcpu)
5014 if (is_guest_mode(vcpu) && nested_exit_on_nmi(vcpu))
5017 if (!enable_vnmi && to_vmx(vcpu)->loaded_vmcs->soft_vnmi_blocked)
5020 return (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
5021 (GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_STI |
5022 GUEST_INTR_STATE_NMI));
5025 static int vmx_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
5027 if (to_vmx(vcpu)->nested.nested_run_pending)
5030 /* An NMI must not be injected into L2 if it's supposed to VM-Exit. */
5031 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_nmi(vcpu))
5034 return !vmx_nmi_blocked(vcpu);
5037 bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
5039 if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
5042 return !(vmx_get_rflags(vcpu) & X86_EFLAGS_IF) ||
5043 (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
5044 (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS));
5047 static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
5049 if (to_vmx(vcpu)->nested.nested_run_pending)
5053 * An IRQ must not be injected into L2 if it's supposed to VM-Exit,
5054 * e.g. if the IRQ arrived asynchronously after checking nested events.
5056 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
5059 return !vmx_interrupt_blocked(vcpu);
5062 static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
5066 if (enable_unrestricted_guest)
5069 mutex_lock(&kvm->slots_lock);
5070 ret = __x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
5072 mutex_unlock(&kvm->slots_lock);
5075 return PTR_ERR(ret);
5077 to_kvm_vmx(kvm)->tss_addr = addr;
5079 return init_rmode_tss(kvm, ret);
5082 static int vmx_set_identity_map_addr(struct kvm *kvm, u64 ident_addr)
5084 to_kvm_vmx(kvm)->ept_identity_map_addr = ident_addr;
5088 static bool rmode_exception(struct kvm_vcpu *vcpu, int vec)
5093 * Update instruction length as we may reinject the exception
5094 * from user space while in guest debugging mode.
5096 to_vmx(vcpu)->vcpu.arch.event_exit_inst_len =
5097 vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
5098 if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
5102 return !(vcpu->guest_debug &
5103 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP));
5117 static int handle_rmode_exception(struct kvm_vcpu *vcpu,
5118 int vec, u32 err_code)
5121 * Instruction with address size override prefix opcode 0x67
5122 * Cause the #SS fault with 0 error code in VM86 mode.
5124 if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0) {
5125 if (kvm_emulate_instruction(vcpu, 0)) {
5126 if (vcpu->arch.halt_request) {
5127 vcpu->arch.halt_request = 0;
5128 return kvm_emulate_halt_noskip(vcpu);
5136 * Forward all other exceptions that are valid in real mode.
5137 * FIXME: Breaks guest debugging in real mode, needs to be fixed with
5138 * the required debugging infrastructure rework.
5140 kvm_queue_exception(vcpu, vec);
5144 static int handle_machine_check(struct kvm_vcpu *vcpu)
5146 /* handled by vmx_vcpu_run() */
5151 * If the host has split lock detection disabled, then #AC is
5152 * unconditionally injected into the guest, which is the pre split lock
5153 * detection behaviour.
5155 * If the host has split lock detection enabled then #AC is
5156 * only injected into the guest when:
5157 * - Guest CPL == 3 (user mode)
5158 * - Guest has #AC detection enabled in CR0
5159 * - Guest EFLAGS has AC bit set
5161 bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu)
5163 if (!boot_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT))
5166 return vmx_get_cpl(vcpu) == 3 && kvm_read_cr0_bits(vcpu, X86_CR0_AM) &&
5167 (kvm_get_rflags(vcpu) & X86_EFLAGS_AC);
5170 static int handle_exception_nmi(struct kvm_vcpu *vcpu)
5172 struct vcpu_vmx *vmx = to_vmx(vcpu);
5173 struct kvm_run *kvm_run = vcpu->run;
5174 u32 intr_info, ex_no, error_code;
5175 unsigned long cr2, dr6;
5178 vect_info = vmx->idt_vectoring_info;
5179 intr_info = vmx_get_intr_info(vcpu);
5182 * Machine checks are handled by handle_exception_irqoff(), or by
5183 * vmx_vcpu_run() if a #MC occurs on VM-Entry. NMIs are handled by
5184 * vmx_vcpu_enter_exit().
5186 if (is_machine_check(intr_info) || is_nmi(intr_info))
5190 * Queue the exception here instead of in handle_nm_fault_irqoff().
5191 * This ensures the nested_vmx check is not skipped so vmexit can
5192 * be reflected to L1 (when it intercepts #NM) before reaching this
5195 if (is_nm_fault(intr_info)) {
5196 kvm_queue_exception(vcpu, NM_VECTOR);
5200 if (is_invalid_opcode(intr_info))
5201 return handle_ud(vcpu);
5204 if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
5205 error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
5207 if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) {
5208 WARN_ON_ONCE(!enable_vmware_backdoor);
5211 * VMware backdoor emulation on #GP interception only handles
5212 * IN{S}, OUT{S}, and RDPMC, none of which generate a non-zero
5213 * error code on #GP.
5216 kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
5219 return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP);
5223 * The #PF with PFEC.RSVD = 1 indicates the guest is accessing
5224 * MMIO, it is better to report an internal error.
5225 * See the comments in vmx_handle_exit.
5227 if ((vect_info & VECTORING_INFO_VALID_MASK) &&
5228 !(is_page_fault(intr_info) && !(error_code & PFERR_RSVD_MASK))) {
5229 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
5230 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX;
5231 vcpu->run->internal.ndata = 4;
5232 vcpu->run->internal.data[0] = vect_info;
5233 vcpu->run->internal.data[1] = intr_info;
5234 vcpu->run->internal.data[2] = error_code;
5235 vcpu->run->internal.data[3] = vcpu->arch.last_vmentry_cpu;
5239 if (is_page_fault(intr_info)) {
5240 cr2 = vmx_get_exit_qual(vcpu);
5241 if (enable_ept && !vcpu->arch.apf.host_apf_flags) {
5243 * EPT will cause page fault only if we need to
5244 * detect illegal GPAs.
5246 WARN_ON_ONCE(!allow_smaller_maxphyaddr);
5247 kvm_fixup_and_inject_pf_error(vcpu, cr2, error_code);
5250 return kvm_handle_page_fault(vcpu, error_code, cr2, NULL, 0);
5253 ex_no = intr_info & INTR_INFO_VECTOR_MASK;
5255 if (vmx->rmode.vm86_active && rmode_exception(vcpu, ex_no))
5256 return handle_rmode_exception(vcpu, ex_no, error_code);
5260 dr6 = vmx_get_exit_qual(vcpu);
5261 if (!(vcpu->guest_debug &
5262 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
5264 * If the #DB was due to ICEBP, a.k.a. INT1, skip the
5265 * instruction. ICEBP generates a trap-like #DB, but
5266 * despite its interception control being tied to #DB,
5267 * is an instruction intercept, i.e. the VM-Exit occurs
5268 * on the ICEBP itself. Use the inner "skip" helper to
5269 * avoid single-step #DB and MTF updates, as ICEBP is
5270 * higher priority. Note, skipping ICEBP still clears
5271 * STI and MOVSS blocking.
5273 * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS
5274 * if single-step is enabled in RFLAGS and STI or MOVSS
5275 * blocking is active, as the CPU doesn't set the bit
5276 * on VM-Exit due to #DB interception. VM-Entry has a
5277 * consistency check that a single-step #DB is pending
5278 * in this scenario as the previous instruction cannot
5279 * have toggled RFLAGS.TF 0=>1 (because STI and POP/MOV
5280 * don't modify RFLAGS), therefore the one instruction
5281 * delay when activating single-step breakpoints must
5282 * have already expired. Note, the CPU sets/clears BS
5283 * as appropriate for all other VM-Exits types.
5285 if (is_icebp(intr_info))
5286 WARN_ON(!skip_emulated_instruction(vcpu));
5287 else if ((vmx_get_rflags(vcpu) & X86_EFLAGS_TF) &&
5288 (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
5289 (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS)))
5290 vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS,
5291 vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS) | DR6_BS);
5293 kvm_queue_exception_p(vcpu, DB_VECTOR, dr6);
5296 kvm_run->debug.arch.dr6 = dr6 | DR6_ACTIVE_LOW;
5297 kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7);
5301 * Update instruction length as we may reinject #BP from
5302 * user space while in guest debugging mode. Reading it for
5303 * #DB as well causes no harm, it is not used in that case.
5305 vmx->vcpu.arch.event_exit_inst_len =
5306 vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
5307 kvm_run->exit_reason = KVM_EXIT_DEBUG;
5308 kvm_run->debug.arch.pc = kvm_get_linear_rip(vcpu);
5309 kvm_run->debug.arch.exception = ex_no;
5312 if (vmx_guest_inject_ac(vcpu)) {
5313 kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
5318 * Handle split lock. Depending on detection mode this will
5319 * either warn and disable split lock detection for this
5320 * task or force SIGBUS on it.
5322 if (handle_guest_split_lock(kvm_rip_read(vcpu)))
5326 kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
5327 kvm_run->ex.exception = ex_no;
5328 kvm_run->ex.error_code = error_code;
5334 static __always_inline int handle_external_interrupt(struct kvm_vcpu *vcpu)
5336 ++vcpu->stat.irq_exits;
5340 static int handle_triple_fault(struct kvm_vcpu *vcpu)
5342 vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
5343 vcpu->mmio_needed = 0;
5347 static int handle_io(struct kvm_vcpu *vcpu)
5349 unsigned long exit_qualification;
5350 int size, in, string;
5353 exit_qualification = vmx_get_exit_qual(vcpu);
5354 string = (exit_qualification & 16) != 0;
5356 ++vcpu->stat.io_exits;
5359 return kvm_emulate_instruction(vcpu, 0);
5361 port = exit_qualification >> 16;
5362 size = (exit_qualification & 7) + 1;
5363 in = (exit_qualification & 8) != 0;
5365 return kvm_fast_pio(vcpu, size, port, in);
5369 vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
5372 * Patch in the VMCALL instruction:
5374 hypercall[0] = 0x0f;
5375 hypercall[1] = 0x01;
5376 hypercall[2] = 0xc1;
5379 /* called to set cr0 as appropriate for a mov-to-cr0 exit. */
5380 static int handle_set_cr0(struct kvm_vcpu *vcpu, unsigned long val)
5382 if (is_guest_mode(vcpu)) {
5383 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
5384 unsigned long orig_val = val;
5387 * We get here when L2 changed cr0 in a way that did not change
5388 * any of L1's shadowed bits (see nested_vmx_exit_handled_cr),
5389 * but did change L0 shadowed bits. So we first calculate the
5390 * effective cr0 value that L1 would like to write into the
5391 * hardware. It consists of the L2-owned bits from the new
5392 * value combined with the L1-owned bits from L1's guest_cr0.
5394 val = (val & ~vmcs12->cr0_guest_host_mask) |
5395 (vmcs12->guest_cr0 & vmcs12->cr0_guest_host_mask);
5397 if (!nested_guest_cr0_valid(vcpu, val))
5400 if (kvm_set_cr0(vcpu, val))
5402 vmcs_writel(CR0_READ_SHADOW, orig_val);
5405 if (to_vmx(vcpu)->nested.vmxon &&
5406 !nested_host_cr0_valid(vcpu, val))
5409 return kvm_set_cr0(vcpu, val);
5413 static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val)
5415 if (is_guest_mode(vcpu)) {
5416 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
5417 unsigned long orig_val = val;
5419 /* analogously to handle_set_cr0 */
5420 val = (val & ~vmcs12->cr4_guest_host_mask) |
5421 (vmcs12->guest_cr4 & vmcs12->cr4_guest_host_mask);
5422 if (kvm_set_cr4(vcpu, val))
5424 vmcs_writel(CR4_READ_SHADOW, orig_val);
5427 return kvm_set_cr4(vcpu, val);
5430 static int handle_desc(struct kvm_vcpu *vcpu)
5432 WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));
5433 return kvm_emulate_instruction(vcpu, 0);
5436 static int handle_cr(struct kvm_vcpu *vcpu)
5438 unsigned long exit_qualification, val;
5444 exit_qualification = vmx_get_exit_qual(vcpu);
5445 cr = exit_qualification & 15;
5446 reg = (exit_qualification >> 8) & 15;
5447 switch ((exit_qualification >> 4) & 3) {
5448 case 0: /* mov to cr */
5449 val = kvm_register_read(vcpu, reg);
5450 trace_kvm_cr_write(cr, val);
5453 err = handle_set_cr0(vcpu, val);
5454 return kvm_complete_insn_gp(vcpu, err);
5456 WARN_ON_ONCE(enable_unrestricted_guest);
5458 err = kvm_set_cr3(vcpu, val);
5459 return kvm_complete_insn_gp(vcpu, err);
5461 err = handle_set_cr4(vcpu, val);
5462 return kvm_complete_insn_gp(vcpu, err);
5464 u8 cr8_prev = kvm_get_cr8(vcpu);
5466 err = kvm_set_cr8(vcpu, cr8);
5467 ret = kvm_complete_insn_gp(vcpu, err);
5468 if (lapic_in_kernel(vcpu))
5470 if (cr8_prev <= cr8)
5473 * TODO: we might be squashing a
5474 * KVM_GUESTDBG_SINGLESTEP-triggered
5475 * KVM_EXIT_DEBUG here.
5477 vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
5483 KVM_BUG(1, vcpu->kvm, "Guest always owns CR0.TS");
5485 case 1: /*mov from cr*/
5488 WARN_ON_ONCE(enable_unrestricted_guest);
5490 val = kvm_read_cr3(vcpu);
5491 kvm_register_write(vcpu, reg, val);
5492 trace_kvm_cr_read(cr, val);
5493 return kvm_skip_emulated_instruction(vcpu);
5495 val = kvm_get_cr8(vcpu);
5496 kvm_register_write(vcpu, reg, val);
5497 trace_kvm_cr_read(cr, val);
5498 return kvm_skip_emulated_instruction(vcpu);
5502 val = (exit_qualification >> LMSW_SOURCE_DATA_SHIFT) & 0x0f;
5503 trace_kvm_cr_write(0, (kvm_read_cr0(vcpu) & ~0xful) | val);
5504 kvm_lmsw(vcpu, val);
5506 return kvm_skip_emulated_instruction(vcpu);
5510 vcpu->run->exit_reason = 0;
5511 vcpu_unimpl(vcpu, "unhandled control register: op %d cr %d\n",
5512 (int)(exit_qualification >> 4) & 3, cr);
5516 static int handle_dr(struct kvm_vcpu *vcpu)
5518 unsigned long exit_qualification;
5522 exit_qualification = vmx_get_exit_qual(vcpu);
5523 dr = exit_qualification & DEBUG_REG_ACCESS_NUM;
5525 /* First, if DR does not exist, trigger UD */
5526 if (!kvm_require_dr(vcpu, dr))
5529 if (vmx_get_cpl(vcpu) > 0)
5532 dr7 = vmcs_readl(GUEST_DR7);
5535 * As the vm-exit takes precedence over the debug trap, we
5536 * need to emulate the latter, either for the host or the
5537 * guest debugging itself.
5539 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
5540 vcpu->run->debug.arch.dr6 = DR6_BD | DR6_ACTIVE_LOW;
5541 vcpu->run->debug.arch.dr7 = dr7;
5542 vcpu->run->debug.arch.pc = kvm_get_linear_rip(vcpu);
5543 vcpu->run->debug.arch.exception = DB_VECTOR;
5544 vcpu->run->exit_reason = KVM_EXIT_DEBUG;
5547 kvm_queue_exception_p(vcpu, DB_VECTOR, DR6_BD);
5552 if (vcpu->guest_debug == 0) {
5553 exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING);
5556 * No more DR vmexits; force a reload of the debug registers
5557 * and reenter on this instruction. The next vmexit will
5558 * retrieve the full state of the debug registers.
5560 vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
5564 reg = DEBUG_REG_ACCESS_REG(exit_qualification);
5565 if (exit_qualification & TYPE_MOV_FROM_DR) {
5568 kvm_get_dr(vcpu, dr, &val);
5569 kvm_register_write(vcpu, reg, val);
5572 err = kvm_set_dr(vcpu, dr, kvm_register_read(vcpu, reg));
5576 return kvm_complete_insn_gp(vcpu, err);
5579 static void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
5581 get_debugreg(vcpu->arch.db[0], 0);
5582 get_debugreg(vcpu->arch.db[1], 1);
5583 get_debugreg(vcpu->arch.db[2], 2);
5584 get_debugreg(vcpu->arch.db[3], 3);
5585 get_debugreg(vcpu->arch.dr6, 6);
5586 vcpu->arch.dr7 = vmcs_readl(GUEST_DR7);
5588 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
5589 exec_controls_setbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING);
5592 * exc_debug expects dr6 to be cleared after it runs, avoid that it sees
5593 * a stale dr6 from the guest.
5595 set_debugreg(DR6_RESERVED, 6);
5598 static void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val)
5600 vmcs_writel(GUEST_DR7, val);
5603 static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu)
5605 kvm_apic_update_ppr(vcpu);
5609 static int handle_interrupt_window(struct kvm_vcpu *vcpu)
5611 exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING);
5613 kvm_make_request(KVM_REQ_EVENT, vcpu);
5615 ++vcpu->stat.irq_window_exits;
5619 static int handle_invlpg(struct kvm_vcpu *vcpu)
5621 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5623 kvm_mmu_invlpg(vcpu, exit_qualification);
5624 return kvm_skip_emulated_instruction(vcpu);
5627 static int handle_apic_access(struct kvm_vcpu *vcpu)
5629 if (likely(fasteoi)) {
5630 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5631 int access_type, offset;
5633 access_type = exit_qualification & APIC_ACCESS_TYPE;
5634 offset = exit_qualification & APIC_ACCESS_OFFSET;
5636 * Sane guest uses MOV to write EOI, with written value
5637 * not cared. So make a short-circuit here by avoiding
5638 * heavy instruction emulation.
5640 if ((access_type == TYPE_LINEAR_APIC_INST_WRITE) &&
5641 (offset == APIC_EOI)) {
5642 kvm_lapic_set_eoi(vcpu);
5643 return kvm_skip_emulated_instruction(vcpu);
5646 return kvm_emulate_instruction(vcpu, 0);
5649 static int handle_apic_eoi_induced(struct kvm_vcpu *vcpu)
5651 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5652 int vector = exit_qualification & 0xff;
5654 /* EOI-induced VM exit is trap-like and thus no need to adjust IP */
5655 kvm_apic_set_eoi_accelerated(vcpu, vector);
5659 static int handle_apic_write(struct kvm_vcpu *vcpu)
5661 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5664 * APIC-write VM-Exit is trap-like, KVM doesn't need to advance RIP and
5665 * hardware has done any necessary aliasing, offset adjustments, etc...
5666 * for the access. I.e. the correct value has already been written to
5667 * the vAPIC page for the correct 16-byte chunk. KVM needs only to
5668 * retrieve the register value and emulate the access.
5670 u32 offset = exit_qualification & 0xff0;
5672 kvm_apic_write_nodecode(vcpu, offset);
5676 static int handle_task_switch(struct kvm_vcpu *vcpu)
5678 struct vcpu_vmx *vmx = to_vmx(vcpu);
5679 unsigned long exit_qualification;
5680 bool has_error_code = false;
5683 int reason, type, idt_v, idt_index;
5685 idt_v = (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK);
5686 idt_index = (vmx->idt_vectoring_info & VECTORING_INFO_VECTOR_MASK);
5687 type = (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK);
5689 exit_qualification = vmx_get_exit_qual(vcpu);
5691 reason = (u32)exit_qualification >> 30;
5692 if (reason == TASK_SWITCH_GATE && idt_v) {
5694 case INTR_TYPE_NMI_INTR:
5695 vcpu->arch.nmi_injected = false;
5696 vmx_set_nmi_mask(vcpu, true);
5698 case INTR_TYPE_EXT_INTR:
5699 case INTR_TYPE_SOFT_INTR:
5700 kvm_clear_interrupt_queue(vcpu);
5702 case INTR_TYPE_HARD_EXCEPTION:
5703 if (vmx->idt_vectoring_info &
5704 VECTORING_INFO_DELIVER_CODE_MASK) {
5705 has_error_code = true;
5707 vmcs_read32(IDT_VECTORING_ERROR_CODE);
5710 case INTR_TYPE_SOFT_EXCEPTION:
5711 kvm_clear_exception_queue(vcpu);
5717 tss_selector = exit_qualification;
5719 if (!idt_v || (type != INTR_TYPE_HARD_EXCEPTION &&
5720 type != INTR_TYPE_EXT_INTR &&
5721 type != INTR_TYPE_NMI_INTR))
5722 WARN_ON(!skip_emulated_instruction(vcpu));
5725 * TODO: What about debug traps on tss switch?
5726 * Are we supposed to inject them and update dr6?
5728 return kvm_task_switch(vcpu, tss_selector,
5729 type == INTR_TYPE_SOFT_INTR ? idt_index : -1,
5730 reason, has_error_code, error_code);
5733 static int handle_ept_violation(struct kvm_vcpu *vcpu)
5735 unsigned long exit_qualification;
5739 exit_qualification = vmx_get_exit_qual(vcpu);
5742 * EPT violation happened while executing iret from NMI,
5743 * "blocked by NMI" bit has to be set before next VM entry.
5744 * There are errata that may cause this bit to not be set:
5747 if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
5749 (exit_qualification & INTR_INFO_UNBLOCK_NMI))
5750 vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI);
5752 gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
5753 trace_kvm_page_fault(vcpu, gpa, exit_qualification);
5755 /* Is it a read fault? */
5756 error_code = (exit_qualification & EPT_VIOLATION_ACC_READ)
5757 ? PFERR_USER_MASK : 0;
5758 /* Is it a write fault? */
5759 error_code |= (exit_qualification & EPT_VIOLATION_ACC_WRITE)
5760 ? PFERR_WRITE_MASK : 0;
5761 /* Is it a fetch fault? */
5762 error_code |= (exit_qualification & EPT_VIOLATION_ACC_INSTR)
5763 ? PFERR_FETCH_MASK : 0;
5764 /* ept page table entry is present? */
5765 error_code |= (exit_qualification & EPT_VIOLATION_RWX_MASK)
5766 ? PFERR_PRESENT_MASK : 0;
5768 error_code |= (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) != 0 ?
5769 PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK;
5771 vcpu->arch.exit_qualification = exit_qualification;
5774 * Check that the GPA doesn't exceed physical memory limits, as that is
5775 * a guest page fault. We have to emulate the instruction here, because
5776 * if the illegal address is that of a paging structure, then
5777 * EPT_VIOLATION_ACC_WRITE bit is set. Alternatively, if supported we
5778 * would also use advanced VM-exit information for EPT violations to
5779 * reconstruct the page fault error code.
5781 if (unlikely(allow_smaller_maxphyaddr && kvm_vcpu_is_illegal_gpa(vcpu, gpa)))
5782 return kvm_emulate_instruction(vcpu, 0);
5784 return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0);
5787 static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
5791 if (!vmx_can_emulate_instruction(vcpu, EMULTYPE_PF, NULL, 0))
5795 * A nested guest cannot optimize MMIO vmexits, because we have an
5796 * nGPA here instead of the required GPA.
5798 gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
5799 if (!is_guest_mode(vcpu) &&
5800 !kvm_io_bus_write(vcpu, KVM_FAST_MMIO_BUS, gpa, 0, NULL)) {
5801 trace_kvm_fast_mmio(gpa);
5802 return kvm_skip_emulated_instruction(vcpu);
5805 return kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0);
5808 static int handle_nmi_window(struct kvm_vcpu *vcpu)
5810 if (KVM_BUG_ON(!enable_vnmi, vcpu->kvm))
5813 exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING);
5814 ++vcpu->stat.nmi_window_exits;
5815 kvm_make_request(KVM_REQ_EVENT, vcpu);
5820 static bool vmx_emulation_required_with_pending_exception(struct kvm_vcpu *vcpu)
5822 struct vcpu_vmx *vmx = to_vmx(vcpu);
5824 return vmx->emulation_required && !vmx->rmode.vm86_active &&
5825 (kvm_is_exception_pending(vcpu) || vcpu->arch.exception.injected);
5828 static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
5830 struct vcpu_vmx *vmx = to_vmx(vcpu);
5831 bool intr_window_requested;
5832 unsigned count = 130;
5834 intr_window_requested = exec_controls_get(vmx) &
5835 CPU_BASED_INTR_WINDOW_EXITING;
5837 while (vmx->emulation_required && count-- != 0) {
5838 if (intr_window_requested && !vmx_interrupt_blocked(vcpu))
5839 return handle_interrupt_window(&vmx->vcpu);
5841 if (kvm_test_request(KVM_REQ_EVENT, vcpu))
5844 if (!kvm_emulate_instruction(vcpu, 0))
5847 if (vmx_emulation_required_with_pending_exception(vcpu)) {
5848 kvm_prepare_emulation_failure_exit(vcpu);
5852 if (vcpu->arch.halt_request) {
5853 vcpu->arch.halt_request = 0;
5854 return kvm_emulate_halt_noskip(vcpu);
5858 * Note, return 1 and not 0, vcpu_run() will invoke
5859 * xfer_to_guest_mode() which will create a proper return
5862 if (__xfer_to_guest_mode_work_pending())
5869 static int vmx_vcpu_pre_run(struct kvm_vcpu *vcpu)
5871 if (vmx_emulation_required_with_pending_exception(vcpu)) {
5872 kvm_prepare_emulation_failure_exit(vcpu);
5879 static void grow_ple_window(struct kvm_vcpu *vcpu)
5881 struct vcpu_vmx *vmx = to_vmx(vcpu);
5882 unsigned int old = vmx->ple_window;
5884 vmx->ple_window = __grow_ple_window(old, ple_window,
5888 if (vmx->ple_window != old) {
5889 vmx->ple_window_dirty = true;
5890 trace_kvm_ple_window_update(vcpu->vcpu_id,
5891 vmx->ple_window, old);
5895 static void shrink_ple_window(struct kvm_vcpu *vcpu)
5897 struct vcpu_vmx *vmx = to_vmx(vcpu);
5898 unsigned int old = vmx->ple_window;
5900 vmx->ple_window = __shrink_ple_window(old, ple_window,
5904 if (vmx->ple_window != old) {
5905 vmx->ple_window_dirty = true;
5906 trace_kvm_ple_window_update(vcpu->vcpu_id,
5907 vmx->ple_window, old);
5912 * Indicate a busy-waiting vcpu in spinlock. We do not enable the PAUSE
5913 * exiting, so only get here on cpu with PAUSE-Loop-Exiting.
5915 static int handle_pause(struct kvm_vcpu *vcpu)
5917 if (!kvm_pause_in_guest(vcpu->kvm))
5918 grow_ple_window(vcpu);
5921 * Intel sdm vol3 ch-25.1.3 says: The "PAUSE-loop exiting"
5922 * VM-execution control is ignored if CPL > 0. OTOH, KVM
5923 * never set PAUSE_EXITING and just set PLE if supported,
5924 * so the vcpu must be CPL=0 if it gets a PAUSE exit.
5926 kvm_vcpu_on_spin(vcpu, true);
5927 return kvm_skip_emulated_instruction(vcpu);
5930 static int handle_monitor_trap(struct kvm_vcpu *vcpu)
5935 static int handle_invpcid(struct kvm_vcpu *vcpu)
5937 u32 vmx_instruction_info;
5946 if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) {
5947 kvm_queue_exception(vcpu, UD_VECTOR);
5951 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5952 gpr_index = vmx_get_instr_info_reg2(vmx_instruction_info);
5953 type = kvm_register_read(vcpu, gpr_index);
5955 /* According to the Intel instruction reference, the memory operand
5956 * is read even if it isn't needed (e.g., for type==all)
5958 if (get_vmx_mem_address(vcpu, vmx_get_exit_qual(vcpu),
5959 vmx_instruction_info, false,
5960 sizeof(operand), &gva))
5963 return kvm_handle_invpcid(vcpu, type, gva);
5966 static int handle_pml_full(struct kvm_vcpu *vcpu)
5968 unsigned long exit_qualification;
5970 trace_kvm_pml_full(vcpu->vcpu_id);
5972 exit_qualification = vmx_get_exit_qual(vcpu);
5975 * PML buffer FULL happened while executing iret from NMI,
5976 * "blocked by NMI" bit has to be set before next VM entry.
5978 if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
5980 (exit_qualification & INTR_INFO_UNBLOCK_NMI))
5981 vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
5982 GUEST_INTR_STATE_NMI);
5985 * PML buffer already flushed at beginning of VMEXIT. Nothing to do
5986 * here.., and there's no userspace involvement needed for PML.
5991 static fastpath_t handle_fastpath_preemption_timer(struct kvm_vcpu *vcpu)
5993 struct vcpu_vmx *vmx = to_vmx(vcpu);
5995 if (!vmx->req_immediate_exit &&
5996 !unlikely(vmx->loaded_vmcs->hv_timer_soft_disabled)) {
5997 kvm_lapic_expired_hv_timer(vcpu);
5998 return EXIT_FASTPATH_REENTER_GUEST;
6001 return EXIT_FASTPATH_NONE;
6004 static int handle_preemption_timer(struct kvm_vcpu *vcpu)
6006 handle_fastpath_preemption_timer(vcpu);
6011 * When nested=0, all VMX instruction VM Exits filter here. The handlers
6012 * are overwritten by nested_vmx_setup() when nested=1.
6014 static int handle_vmx_instruction(struct kvm_vcpu *vcpu)
6016 kvm_queue_exception(vcpu, UD_VECTOR);
6020 #ifndef CONFIG_X86_SGX_KVM
6021 static int handle_encls(struct kvm_vcpu *vcpu)
6024 * SGX virtualization is disabled. There is no software enable bit for
6025 * SGX, so KVM intercepts all ENCLS leafs and injects a #UD to prevent
6026 * the guest from executing ENCLS (when SGX is supported by hardware).
6028 kvm_queue_exception(vcpu, UD_VECTOR);
6031 #endif /* CONFIG_X86_SGX_KVM */
6033 static int handle_bus_lock_vmexit(struct kvm_vcpu *vcpu)
6036 * Hardware may or may not set the BUS_LOCK_DETECTED flag on BUS_LOCK
6037 * VM-Exits. Unconditionally set the flag here and leave the handling to
6038 * vmx_handle_exit().
6040 to_vmx(vcpu)->exit_reason.bus_lock_detected = true;
6044 static int handle_notify(struct kvm_vcpu *vcpu)
6046 unsigned long exit_qual = vmx_get_exit_qual(vcpu);
6047 bool context_invalid = exit_qual & NOTIFY_VM_CONTEXT_INVALID;
6049 ++vcpu->stat.notify_window_exits;
6052 * Notify VM exit happened while executing iret from NMI,
6053 * "blocked by NMI" bit has to be set before next VM entry.
6055 if (enable_vnmi && (exit_qual & INTR_INFO_UNBLOCK_NMI))
6056 vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
6057 GUEST_INTR_STATE_NMI);
6059 if (vcpu->kvm->arch.notify_vmexit_flags & KVM_X86_NOTIFY_VMEXIT_USER ||
6061 vcpu->run->exit_reason = KVM_EXIT_NOTIFY;
6062 vcpu->run->notify.flags = context_invalid ?
6063 KVM_NOTIFY_CONTEXT_INVALID : 0;
6071 * The exit handlers return 1 if the exit was handled fully and guest execution
6072 * may resume. Otherwise they set the kvm_run parameter to indicate what needs
6073 * to be done to userspace and return 0.
6075 static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
6076 [EXIT_REASON_EXCEPTION_NMI] = handle_exception_nmi,
6077 [EXIT_REASON_EXTERNAL_INTERRUPT] = handle_external_interrupt,
6078 [EXIT_REASON_TRIPLE_FAULT] = handle_triple_fault,
6079 [EXIT_REASON_NMI_WINDOW] = handle_nmi_window,
6080 [EXIT_REASON_IO_INSTRUCTION] = handle_io,
6081 [EXIT_REASON_CR_ACCESS] = handle_cr,
6082 [EXIT_REASON_DR_ACCESS] = handle_dr,
6083 [EXIT_REASON_CPUID] = kvm_emulate_cpuid,
6084 [EXIT_REASON_MSR_READ] = kvm_emulate_rdmsr,
6085 [EXIT_REASON_MSR_WRITE] = kvm_emulate_wrmsr,
6086 [EXIT_REASON_INTERRUPT_WINDOW] = handle_interrupt_window,
6087 [EXIT_REASON_HLT] = kvm_emulate_halt,
6088 [EXIT_REASON_INVD] = kvm_emulate_invd,
6089 [EXIT_REASON_INVLPG] = handle_invlpg,
6090 [EXIT_REASON_RDPMC] = kvm_emulate_rdpmc,
6091 [EXIT_REASON_VMCALL] = kvm_emulate_hypercall,
6092 [EXIT_REASON_VMCLEAR] = handle_vmx_instruction,
6093 [EXIT_REASON_VMLAUNCH] = handle_vmx_instruction,
6094 [EXIT_REASON_VMPTRLD] = handle_vmx_instruction,
6095 [EXIT_REASON_VMPTRST] = handle_vmx_instruction,
6096 [EXIT_REASON_VMREAD] = handle_vmx_instruction,
6097 [EXIT_REASON_VMRESUME] = handle_vmx_instruction,
6098 [EXIT_REASON_VMWRITE] = handle_vmx_instruction,
6099 [EXIT_REASON_VMOFF] = handle_vmx_instruction,
6100 [EXIT_REASON_VMON] = handle_vmx_instruction,
6101 [EXIT_REASON_TPR_BELOW_THRESHOLD] = handle_tpr_below_threshold,
6102 [EXIT_REASON_APIC_ACCESS] = handle_apic_access,
6103 [EXIT_REASON_APIC_WRITE] = handle_apic_write,
6104 [EXIT_REASON_EOI_INDUCED] = handle_apic_eoi_induced,
6105 [EXIT_REASON_WBINVD] = kvm_emulate_wbinvd,
6106 [EXIT_REASON_XSETBV] = kvm_emulate_xsetbv,
6107 [EXIT_REASON_TASK_SWITCH] = handle_task_switch,
6108 [EXIT_REASON_MCE_DURING_VMENTRY] = handle_machine_check,
6109 [EXIT_REASON_GDTR_IDTR] = handle_desc,
6110 [EXIT_REASON_LDTR_TR] = handle_desc,
6111 [EXIT_REASON_EPT_VIOLATION] = handle_ept_violation,
6112 [EXIT_REASON_EPT_MISCONFIG] = handle_ept_misconfig,
6113 [EXIT_REASON_PAUSE_INSTRUCTION] = handle_pause,
6114 [EXIT_REASON_MWAIT_INSTRUCTION] = kvm_emulate_mwait,
6115 [EXIT_REASON_MONITOR_TRAP_FLAG] = handle_monitor_trap,
6116 [EXIT_REASON_MONITOR_INSTRUCTION] = kvm_emulate_monitor,
6117 [EXIT_REASON_INVEPT] = handle_vmx_instruction,
6118 [EXIT_REASON_INVVPID] = handle_vmx_instruction,
6119 [EXIT_REASON_RDRAND] = kvm_handle_invalid_op,
6120 [EXIT_REASON_RDSEED] = kvm_handle_invalid_op,
6121 [EXIT_REASON_PML_FULL] = handle_pml_full,
6122 [EXIT_REASON_INVPCID] = handle_invpcid,
6123 [EXIT_REASON_VMFUNC] = handle_vmx_instruction,
6124 [EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer,
6125 [EXIT_REASON_ENCLS] = handle_encls,
6126 [EXIT_REASON_BUS_LOCK] = handle_bus_lock_vmexit,
6127 [EXIT_REASON_NOTIFY] = handle_notify,
6130 static const int kvm_vmx_max_exit_handlers =
6131 ARRAY_SIZE(kvm_vmx_exit_handlers);
6133 static void vmx_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
6134 u64 *info1, u64 *info2,
6135 u32 *intr_info, u32 *error_code)
6137 struct vcpu_vmx *vmx = to_vmx(vcpu);
6139 *reason = vmx->exit_reason.full;
6140 *info1 = vmx_get_exit_qual(vcpu);
6141 if (!(vmx->exit_reason.failed_vmentry)) {
6142 *info2 = vmx->idt_vectoring_info;
6143 *intr_info = vmx_get_intr_info(vcpu);
6144 if (is_exception_with_error_code(*intr_info))
6145 *error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
6155 static void vmx_destroy_pml_buffer(struct vcpu_vmx *vmx)
6158 __free_page(vmx->pml_pg);
6163 static void vmx_flush_pml_buffer(struct kvm_vcpu *vcpu)
6165 struct vcpu_vmx *vmx = to_vmx(vcpu);
6169 pml_idx = vmcs_read16(GUEST_PML_INDEX);
6171 /* Do nothing if PML buffer is empty */
6172 if (pml_idx == (PML_ENTITY_NUM - 1))
6175 /* PML index always points to next available PML buffer entity */
6176 if (pml_idx >= PML_ENTITY_NUM)
6181 pml_buf = page_address(vmx->pml_pg);
6182 for (; pml_idx < PML_ENTITY_NUM; pml_idx++) {
6185 gpa = pml_buf[pml_idx];
6186 WARN_ON(gpa & (PAGE_SIZE - 1));
6187 kvm_vcpu_mark_page_dirty(vcpu, gpa >> PAGE_SHIFT);
6190 /* reset PML index */
6191 vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1);
6194 static void vmx_dump_sel(char *name, uint32_t sel)
6196 pr_err("%s sel=0x%04x, attr=0x%05x, limit=0x%08x, base=0x%016lx\n",
6197 name, vmcs_read16(sel),
6198 vmcs_read32(sel + GUEST_ES_AR_BYTES - GUEST_ES_SELECTOR),
6199 vmcs_read32(sel + GUEST_ES_LIMIT - GUEST_ES_SELECTOR),
6200 vmcs_readl(sel + GUEST_ES_BASE - GUEST_ES_SELECTOR));
6203 static void vmx_dump_dtsel(char *name, uint32_t limit)
6205 pr_err("%s limit=0x%08x, base=0x%016lx\n",
6206 name, vmcs_read32(limit),
6207 vmcs_readl(limit + GUEST_GDTR_BASE - GUEST_GDTR_LIMIT));
6210 static void vmx_dump_msrs(char *name, struct vmx_msrs *m)
6213 struct vmx_msr_entry *e;
6215 pr_err("MSR %s:\n", name);
6216 for (i = 0, e = m->val; i < m->nr; ++i, ++e)
6217 pr_err(" %2d: msr=0x%08x value=0x%016llx\n", i, e->index, e->value);
6220 void dump_vmcs(struct kvm_vcpu *vcpu)
6222 struct vcpu_vmx *vmx = to_vmx(vcpu);
6223 u32 vmentry_ctl, vmexit_ctl;
6224 u32 cpu_based_exec_ctrl, pin_based_exec_ctrl, secondary_exec_control;
6225 u64 tertiary_exec_control;
6229 if (!dump_invalid_vmcs) {
6230 pr_warn_ratelimited("set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.\n");
6234 vmentry_ctl = vmcs_read32(VM_ENTRY_CONTROLS);
6235 vmexit_ctl = vmcs_read32(VM_EXIT_CONTROLS);
6236 cpu_based_exec_ctrl = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
6237 pin_based_exec_ctrl = vmcs_read32(PIN_BASED_VM_EXEC_CONTROL);
6238 cr4 = vmcs_readl(GUEST_CR4);
6240 if (cpu_has_secondary_exec_ctrls())
6241 secondary_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
6243 secondary_exec_control = 0;
6245 if (cpu_has_tertiary_exec_ctrls())
6246 tertiary_exec_control = vmcs_read64(TERTIARY_VM_EXEC_CONTROL);
6248 tertiary_exec_control = 0;
6250 pr_err("VMCS %p, last attempted VM-entry on CPU %d\n",
6251 vmx->loaded_vmcs->vmcs, vcpu->arch.last_vmentry_cpu);
6252 pr_err("*** Guest State ***\n");
6253 pr_err("CR0: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n",
6254 vmcs_readl(GUEST_CR0), vmcs_readl(CR0_READ_SHADOW),
6255 vmcs_readl(CR0_GUEST_HOST_MASK));
6256 pr_err("CR4: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n",
6257 cr4, vmcs_readl(CR4_READ_SHADOW), vmcs_readl(CR4_GUEST_HOST_MASK));
6258 pr_err("CR3 = 0x%016lx\n", vmcs_readl(GUEST_CR3));
6259 if (cpu_has_vmx_ept()) {
6260 pr_err("PDPTR0 = 0x%016llx PDPTR1 = 0x%016llx\n",
6261 vmcs_read64(GUEST_PDPTR0), vmcs_read64(GUEST_PDPTR1));
6262 pr_err("PDPTR2 = 0x%016llx PDPTR3 = 0x%016llx\n",
6263 vmcs_read64(GUEST_PDPTR2), vmcs_read64(GUEST_PDPTR3));
6265 pr_err("RSP = 0x%016lx RIP = 0x%016lx\n",
6266 vmcs_readl(GUEST_RSP), vmcs_readl(GUEST_RIP));
6267 pr_err("RFLAGS=0x%08lx DR7 = 0x%016lx\n",
6268 vmcs_readl(GUEST_RFLAGS), vmcs_readl(GUEST_DR7));
6269 pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n",
6270 vmcs_readl(GUEST_SYSENTER_ESP),
6271 vmcs_read32(GUEST_SYSENTER_CS), vmcs_readl(GUEST_SYSENTER_EIP));
6272 vmx_dump_sel("CS: ", GUEST_CS_SELECTOR);
6273 vmx_dump_sel("DS: ", GUEST_DS_SELECTOR);
6274 vmx_dump_sel("SS: ", GUEST_SS_SELECTOR);
6275 vmx_dump_sel("ES: ", GUEST_ES_SELECTOR);
6276 vmx_dump_sel("FS: ", GUEST_FS_SELECTOR);
6277 vmx_dump_sel("GS: ", GUEST_GS_SELECTOR);
6278 vmx_dump_dtsel("GDTR:", GUEST_GDTR_LIMIT);
6279 vmx_dump_sel("LDTR:", GUEST_LDTR_SELECTOR);
6280 vmx_dump_dtsel("IDTR:", GUEST_IDTR_LIMIT);
6281 vmx_dump_sel("TR: ", GUEST_TR_SELECTOR);
6282 efer_slot = vmx_find_loadstore_msr_slot(&vmx->msr_autoload.guest, MSR_EFER);
6283 if (vmentry_ctl & VM_ENTRY_LOAD_IA32_EFER)
6284 pr_err("EFER= 0x%016llx\n", vmcs_read64(GUEST_IA32_EFER));
6285 else if (efer_slot >= 0)
6286 pr_err("EFER= 0x%016llx (autoload)\n",
6287 vmx->msr_autoload.guest.val[efer_slot].value);
6288 else if (vmentry_ctl & VM_ENTRY_IA32E_MODE)
6289 pr_err("EFER= 0x%016llx (effective)\n",
6290 vcpu->arch.efer | (EFER_LMA | EFER_LME));
6292 pr_err("EFER= 0x%016llx (effective)\n",
6293 vcpu->arch.efer & ~(EFER_LMA | EFER_LME));
6294 if (vmentry_ctl & VM_ENTRY_LOAD_IA32_PAT)
6295 pr_err("PAT = 0x%016llx\n", vmcs_read64(GUEST_IA32_PAT));
6296 pr_err("DebugCtl = 0x%016llx DebugExceptions = 0x%016lx\n",
6297 vmcs_read64(GUEST_IA32_DEBUGCTL),
6298 vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS));
6299 if (cpu_has_load_perf_global_ctrl() &&
6300 vmentry_ctl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL)
6301 pr_err("PerfGlobCtl = 0x%016llx\n",
6302 vmcs_read64(GUEST_IA32_PERF_GLOBAL_CTRL));
6303 if (vmentry_ctl & VM_ENTRY_LOAD_BNDCFGS)
6304 pr_err("BndCfgS = 0x%016llx\n", vmcs_read64(GUEST_BNDCFGS));
6305 pr_err("Interruptibility = %08x ActivityState = %08x\n",
6306 vmcs_read32(GUEST_INTERRUPTIBILITY_INFO),
6307 vmcs_read32(GUEST_ACTIVITY_STATE));
6308 if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY)
6309 pr_err("InterruptStatus = %04x\n",
6310 vmcs_read16(GUEST_INTR_STATUS));
6311 if (vmcs_read32(VM_ENTRY_MSR_LOAD_COUNT) > 0)
6312 vmx_dump_msrs("guest autoload", &vmx->msr_autoload.guest);
6313 if (vmcs_read32(VM_EXIT_MSR_STORE_COUNT) > 0)
6314 vmx_dump_msrs("guest autostore", &vmx->msr_autostore.guest);
6316 pr_err("*** Host State ***\n");
6317 pr_err("RIP = 0x%016lx RSP = 0x%016lx\n",
6318 vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP));
6319 pr_err("CS=%04x SS=%04x DS=%04x ES=%04x FS=%04x GS=%04x TR=%04x\n",
6320 vmcs_read16(HOST_CS_SELECTOR), vmcs_read16(HOST_SS_SELECTOR),
6321 vmcs_read16(HOST_DS_SELECTOR), vmcs_read16(HOST_ES_SELECTOR),
6322 vmcs_read16(HOST_FS_SELECTOR), vmcs_read16(HOST_GS_SELECTOR),
6323 vmcs_read16(HOST_TR_SELECTOR));
6324 pr_err("FSBase=%016lx GSBase=%016lx TRBase=%016lx\n",
6325 vmcs_readl(HOST_FS_BASE), vmcs_readl(HOST_GS_BASE),
6326 vmcs_readl(HOST_TR_BASE));
6327 pr_err("GDTBase=%016lx IDTBase=%016lx\n",
6328 vmcs_readl(HOST_GDTR_BASE), vmcs_readl(HOST_IDTR_BASE));
6329 pr_err("CR0=%016lx CR3=%016lx CR4=%016lx\n",
6330 vmcs_readl(HOST_CR0), vmcs_readl(HOST_CR3),
6331 vmcs_readl(HOST_CR4));
6332 pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n",
6333 vmcs_readl(HOST_IA32_SYSENTER_ESP),
6334 vmcs_read32(HOST_IA32_SYSENTER_CS),
6335 vmcs_readl(HOST_IA32_SYSENTER_EIP));
6336 if (vmexit_ctl & VM_EXIT_LOAD_IA32_EFER)
6337 pr_err("EFER= 0x%016llx\n", vmcs_read64(HOST_IA32_EFER));
6338 if (vmexit_ctl & VM_EXIT_LOAD_IA32_PAT)
6339 pr_err("PAT = 0x%016llx\n", vmcs_read64(HOST_IA32_PAT));
6340 if (cpu_has_load_perf_global_ctrl() &&
6341 vmexit_ctl & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL)
6342 pr_err("PerfGlobCtl = 0x%016llx\n",
6343 vmcs_read64(HOST_IA32_PERF_GLOBAL_CTRL));
6344 if (vmcs_read32(VM_EXIT_MSR_LOAD_COUNT) > 0)
6345 vmx_dump_msrs("host autoload", &vmx->msr_autoload.host);
6347 pr_err("*** Control State ***\n");
6348 pr_err("CPUBased=0x%08x SecondaryExec=0x%08x TertiaryExec=0x%016llx\n",
6349 cpu_based_exec_ctrl, secondary_exec_control, tertiary_exec_control);
6350 pr_err("PinBased=0x%08x EntryControls=%08x ExitControls=%08x\n",
6351 pin_based_exec_ctrl, vmentry_ctl, vmexit_ctl);
6352 pr_err("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n",
6353 vmcs_read32(EXCEPTION_BITMAP),
6354 vmcs_read32(PAGE_FAULT_ERROR_CODE_MASK),
6355 vmcs_read32(PAGE_FAULT_ERROR_CODE_MATCH));
6356 pr_err("VMEntry: intr_info=%08x errcode=%08x ilen=%08x\n",
6357 vmcs_read32(VM_ENTRY_INTR_INFO_FIELD),
6358 vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE),
6359 vmcs_read32(VM_ENTRY_INSTRUCTION_LEN));
6360 pr_err("VMExit: intr_info=%08x errcode=%08x ilen=%08x\n",
6361 vmcs_read32(VM_EXIT_INTR_INFO),
6362 vmcs_read32(VM_EXIT_INTR_ERROR_CODE),
6363 vmcs_read32(VM_EXIT_INSTRUCTION_LEN));
6364 pr_err(" reason=%08x qualification=%016lx\n",
6365 vmcs_read32(VM_EXIT_REASON), vmcs_readl(EXIT_QUALIFICATION));
6366 pr_err("IDTVectoring: info=%08x errcode=%08x\n",
6367 vmcs_read32(IDT_VECTORING_INFO_FIELD),
6368 vmcs_read32(IDT_VECTORING_ERROR_CODE));
6369 pr_err("TSC Offset = 0x%016llx\n", vmcs_read64(TSC_OFFSET));
6370 if (secondary_exec_control & SECONDARY_EXEC_TSC_SCALING)
6371 pr_err("TSC Multiplier = 0x%016llx\n",
6372 vmcs_read64(TSC_MULTIPLIER));
6373 if (cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW) {
6374 if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) {
6375 u16 status = vmcs_read16(GUEST_INTR_STATUS);
6376 pr_err("SVI|RVI = %02x|%02x ", status >> 8, status & 0xff);
6378 pr_cont("TPR Threshold = 0x%02x\n", vmcs_read32(TPR_THRESHOLD));
6379 if (secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)
6380 pr_err("APIC-access addr = 0x%016llx ", vmcs_read64(APIC_ACCESS_ADDR));
6381 pr_cont("virt-APIC addr = 0x%016llx\n", vmcs_read64(VIRTUAL_APIC_PAGE_ADDR));
6383 if (pin_based_exec_ctrl & PIN_BASED_POSTED_INTR)
6384 pr_err("PostedIntrVec = 0x%02x\n", vmcs_read16(POSTED_INTR_NV));
6385 if ((secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT))
6386 pr_err("EPT pointer = 0x%016llx\n", vmcs_read64(EPT_POINTER));
6387 if (secondary_exec_control & SECONDARY_EXEC_PAUSE_LOOP_EXITING)
6388 pr_err("PLE Gap=%08x Window=%08x\n",
6389 vmcs_read32(PLE_GAP), vmcs_read32(PLE_WINDOW));
6390 if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID)
6391 pr_err("Virtual processor ID = 0x%04x\n",
6392 vmcs_read16(VIRTUAL_PROCESSOR_ID));
6396 * The guest has exited. See if we can fix it or if we need userspace
6399 static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
6401 struct vcpu_vmx *vmx = to_vmx(vcpu);
6402 union vmx_exit_reason exit_reason = vmx->exit_reason;
6403 u32 vectoring_info = vmx->idt_vectoring_info;
6404 u16 exit_handler_index;
6407 * Flush logged GPAs PML buffer, this will make dirty_bitmap more
6408 * updated. Another good is, in kvm_vm_ioctl_get_dirty_log, before
6409 * querying dirty_bitmap, we only need to kick all vcpus out of guest
6410 * mode as if vcpus is in root mode, the PML buffer must has been
6411 * flushed already. Note, PML is never enabled in hardware while
6414 if (enable_pml && !is_guest_mode(vcpu))
6415 vmx_flush_pml_buffer(vcpu);
6418 * KVM should never reach this point with a pending nested VM-Enter.
6419 * More specifically, short-circuiting VM-Entry to emulate L2 due to
6420 * invalid guest state should never happen as that means KVM knowingly
6421 * allowed a nested VM-Enter with an invalid vmcs12. More below.
6423 if (KVM_BUG_ON(vmx->nested.nested_run_pending, vcpu->kvm))
6426 if (is_guest_mode(vcpu)) {
6428 * PML is never enabled when running L2, bail immediately if a
6429 * PML full exit occurs as something is horribly wrong.
6431 if (exit_reason.basic == EXIT_REASON_PML_FULL)
6432 goto unexpected_vmexit;
6435 * The host physical addresses of some pages of guest memory
6436 * are loaded into the vmcs02 (e.g. vmcs12's Virtual APIC
6437 * Page). The CPU may write to these pages via their host
6438 * physical address while L2 is running, bypassing any
6439 * address-translation-based dirty tracking (e.g. EPT write
6442 * Mark them dirty on every exit from L2 to prevent them from
6443 * getting out of sync with dirty tracking.
6445 nested_mark_vmcs12_pages_dirty(vcpu);
6448 * Synthesize a triple fault if L2 state is invalid. In normal
6449 * operation, nested VM-Enter rejects any attempt to enter L2
6450 * with invalid state. However, those checks are skipped if
6451 * state is being stuffed via RSM or KVM_SET_NESTED_STATE. If
6452 * L2 state is invalid, it means either L1 modified SMRAM state
6453 * or userspace provided bad state. Synthesize TRIPLE_FAULT as
6454 * doing so is architecturally allowed in the RSM case, and is
6455 * the least awful solution for the userspace case without
6456 * risking false positives.
6458 if (vmx->emulation_required) {
6459 nested_vmx_vmexit(vcpu, EXIT_REASON_TRIPLE_FAULT, 0, 0);
6463 if (nested_vmx_reflect_vmexit(vcpu))
6467 /* If guest state is invalid, start emulating. L2 is handled above. */
6468 if (vmx->emulation_required)
6469 return handle_invalid_guest_state(vcpu);
6471 if (exit_reason.failed_vmentry) {
6473 vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
6474 vcpu->run->fail_entry.hardware_entry_failure_reason
6476 vcpu->run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
6480 if (unlikely(vmx->fail)) {
6482 vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
6483 vcpu->run->fail_entry.hardware_entry_failure_reason
6484 = vmcs_read32(VM_INSTRUCTION_ERROR);
6485 vcpu->run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
6491 * Do not try to fix EXIT_REASON_EPT_MISCONFIG if it caused by
6492 * delivery event since it indicates guest is accessing MMIO.
6493 * The vm-exit can be triggered again after return to guest that
6494 * will cause infinite loop.
6496 if ((vectoring_info & VECTORING_INFO_VALID_MASK) &&
6497 (exit_reason.basic != EXIT_REASON_EXCEPTION_NMI &&
6498 exit_reason.basic != EXIT_REASON_EPT_VIOLATION &&
6499 exit_reason.basic != EXIT_REASON_PML_FULL &&
6500 exit_reason.basic != EXIT_REASON_APIC_ACCESS &&
6501 exit_reason.basic != EXIT_REASON_TASK_SWITCH &&
6502 exit_reason.basic != EXIT_REASON_NOTIFY)) {
6505 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
6506 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV;
6507 vcpu->run->internal.data[0] = vectoring_info;
6508 vcpu->run->internal.data[1] = exit_reason.full;
6509 vcpu->run->internal.data[2] = vcpu->arch.exit_qualification;
6510 if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG) {
6511 vcpu->run->internal.data[ndata++] =
6512 vmcs_read64(GUEST_PHYSICAL_ADDRESS);
6514 vcpu->run->internal.data[ndata++] = vcpu->arch.last_vmentry_cpu;
6515 vcpu->run->internal.ndata = ndata;
6519 if (unlikely(!enable_vnmi &&
6520 vmx->loaded_vmcs->soft_vnmi_blocked)) {
6521 if (!vmx_interrupt_blocked(vcpu)) {
6522 vmx->loaded_vmcs->soft_vnmi_blocked = 0;
6523 } else if (vmx->loaded_vmcs->vnmi_blocked_time > 1000000000LL &&
6524 vcpu->arch.nmi_pending) {
6526 * This CPU don't support us in finding the end of an
6527 * NMI-blocked window if the guest runs with IRQs
6528 * disabled. So we pull the trigger after 1 s of
6529 * futile waiting, but inform the user about this.
6531 printk(KERN_WARNING "%s: Breaking out of NMI-blocked "
6532 "state on VCPU %d after 1 s timeout\n",
6533 __func__, vcpu->vcpu_id);
6534 vmx->loaded_vmcs->soft_vnmi_blocked = 0;
6538 if (exit_fastpath != EXIT_FASTPATH_NONE)
6541 if (exit_reason.basic >= kvm_vmx_max_exit_handlers)
6542 goto unexpected_vmexit;
6543 #ifdef CONFIG_RETPOLINE
6544 if (exit_reason.basic == EXIT_REASON_MSR_WRITE)
6545 return kvm_emulate_wrmsr(vcpu);
6546 else if (exit_reason.basic == EXIT_REASON_PREEMPTION_TIMER)
6547 return handle_preemption_timer(vcpu);
6548 else if (exit_reason.basic == EXIT_REASON_INTERRUPT_WINDOW)
6549 return handle_interrupt_window(vcpu);
6550 else if (exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
6551 return handle_external_interrupt(vcpu);
6552 else if (exit_reason.basic == EXIT_REASON_HLT)
6553 return kvm_emulate_halt(vcpu);
6554 else if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG)
6555 return handle_ept_misconfig(vcpu);
6558 exit_handler_index = array_index_nospec((u16)exit_reason.basic,
6559 kvm_vmx_max_exit_handlers);
6560 if (!kvm_vmx_exit_handlers[exit_handler_index])
6561 goto unexpected_vmexit;
6563 return kvm_vmx_exit_handlers[exit_handler_index](vcpu);
6566 vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n",
6569 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
6570 vcpu->run->internal.suberror =
6571 KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
6572 vcpu->run->internal.ndata = 2;
6573 vcpu->run->internal.data[0] = exit_reason.full;
6574 vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
6578 static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
6580 int ret = __vmx_handle_exit(vcpu, exit_fastpath);
6583 * Exit to user space when bus lock detected to inform that there is
6584 * a bus lock in guest.
6586 if (to_vmx(vcpu)->exit_reason.bus_lock_detected) {
6588 vcpu->run->exit_reason = KVM_EXIT_X86_BUS_LOCK;
6590 vcpu->run->flags |= KVM_RUN_X86_BUS_LOCK;
6597 * Software based L1D cache flush which is used when microcode providing
6598 * the cache control MSR is not loaded.
6600 * The L1D cache is 32 KiB on Nehalem and later microarchitectures, but to
6601 * flush it is required to read in 64 KiB because the replacement algorithm
6602 * is not exactly LRU. This could be sized at runtime via topology
6603 * information but as all relevant affected CPUs have 32KiB L1D cache size
6604 * there is no point in doing so.
6606 static noinstr void vmx_l1d_flush(struct kvm_vcpu *vcpu)
6608 int size = PAGE_SIZE << L1D_CACHE_ORDER;
6611 * This code is only executed when the flush mode is 'cond' or
6614 if (static_branch_likely(&vmx_l1d_flush_cond)) {
6618 * Clear the per-vcpu flush bit, it gets set again
6619 * either from vcpu_run() or from one of the unsafe
6622 flush_l1d = vcpu->arch.l1tf_flush_l1d;
6623 vcpu->arch.l1tf_flush_l1d = false;
6626 * Clear the per-cpu flush bit, it gets set again from
6627 * the interrupt handlers.
6629 flush_l1d |= kvm_get_cpu_l1tf_flush_l1d();
6630 kvm_clear_cpu_l1tf_flush_l1d();
6636 vcpu->stat.l1d_flush++;
6638 if (static_cpu_has(X86_FEATURE_FLUSH_L1D)) {
6639 native_wrmsrl(MSR_IA32_FLUSH_CMD, L1D_FLUSH);
6644 /* First ensure the pages are in the TLB */
6645 "xorl %%eax, %%eax\n"
6646 ".Lpopulate_tlb:\n\t"
6647 "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t"
6648 "addl $4096, %%eax\n\t"
6649 "cmpl %%eax, %[size]\n\t"
6650 "jne .Lpopulate_tlb\n\t"
6651 "xorl %%eax, %%eax\n\t"
6653 /* Now fill the cache */
6654 "xorl %%eax, %%eax\n"
6656 "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t"
6657 "addl $64, %%eax\n\t"
6658 "cmpl %%eax, %[size]\n\t"
6659 "jne .Lfill_cache\n\t"
6661 :: [flush_pages] "r" (vmx_l1d_flush_pages),
6663 : "eax", "ebx", "ecx", "edx");
6666 static void vmx_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
6668 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
6671 if (is_guest_mode(vcpu) &&
6672 nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW))
6675 tpr_threshold = (irr == -1 || tpr < irr) ? 0 : irr;
6676 if (is_guest_mode(vcpu))
6677 to_vmx(vcpu)->nested.l1_tpr_threshold = tpr_threshold;
6679 vmcs_write32(TPR_THRESHOLD, tpr_threshold);
6682 void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu)
6684 struct vcpu_vmx *vmx = to_vmx(vcpu);
6685 u32 sec_exec_control;
6687 if (!lapic_in_kernel(vcpu))
6690 if (!flexpriority_enabled &&
6691 !cpu_has_vmx_virtualize_x2apic_mode())
6694 /* Postpone execution until vmcs01 is the current VMCS. */
6695 if (is_guest_mode(vcpu)) {
6696 vmx->nested.change_vmcs01_virtual_apic_mode = true;
6700 sec_exec_control = secondary_exec_controls_get(vmx);
6701 sec_exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
6702 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE);
6704 switch (kvm_get_apic_mode(vcpu)) {
6705 case LAPIC_MODE_INVALID:
6706 WARN_ONCE(true, "Invalid local APIC state");
6708 case LAPIC_MODE_DISABLED:
6710 case LAPIC_MODE_XAPIC:
6711 if (flexpriority_enabled) {
6713 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
6714 kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
6717 * Flush the TLB, reloading the APIC access page will
6718 * only do so if its physical address has changed, but
6719 * the guest may have inserted a non-APIC mapping into
6720 * the TLB while the APIC access page was disabled.
6722 kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu);
6725 case LAPIC_MODE_X2APIC:
6726 if (cpu_has_vmx_virtualize_x2apic_mode())
6728 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
6731 secondary_exec_controls_set(vmx, sec_exec_control);
6733 vmx_update_msr_bitmap_x2apic(vcpu);
6736 static void vmx_set_apic_access_page_addr(struct kvm_vcpu *vcpu)
6740 /* Defer reload until vmcs01 is the current VMCS. */
6741 if (is_guest_mode(vcpu)) {
6742 to_vmx(vcpu)->nested.reload_vmcs01_apic_access_page = true;
6746 if (!(secondary_exec_controls_get(to_vmx(vcpu)) &
6747 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES))
6750 page = gfn_to_page(vcpu->kvm, APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT);
6751 if (is_error_page(page))
6754 vmcs_write64(APIC_ACCESS_ADDR, page_to_phys(page));
6755 vmx_flush_tlb_current(vcpu);
6758 * Do not pin apic access page in memory, the MMU notifier
6759 * will call us again if it is migrated or swapped out.
6764 static void vmx_hwapic_isr_update(int max_isr)
6772 status = vmcs_read16(GUEST_INTR_STATUS);
6774 if (max_isr != old) {
6776 status |= max_isr << 8;
6777 vmcs_write16(GUEST_INTR_STATUS, status);
6781 static void vmx_set_rvi(int vector)
6789 status = vmcs_read16(GUEST_INTR_STATUS);
6790 old = (u8)status & 0xff;
6791 if ((u8)vector != old) {
6793 status |= (u8)vector;
6794 vmcs_write16(GUEST_INTR_STATUS, status);
6798 static void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr)
6801 * When running L2, updating RVI is only relevant when
6802 * vmcs12 virtual-interrupt-delivery enabled.
6803 * However, it can be enabled only when L1 also
6804 * intercepts external-interrupts and in that case
6805 * we should not update vmcs02 RVI but instead intercept
6806 * interrupt. Therefore, do nothing when running L2.
6808 if (!is_guest_mode(vcpu))
6809 vmx_set_rvi(max_irr);
6812 static int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu)
6814 struct vcpu_vmx *vmx = to_vmx(vcpu);
6816 bool got_posted_interrupt;
6818 if (KVM_BUG_ON(!enable_apicv, vcpu->kvm))
6821 if (pi_test_on(&vmx->pi_desc)) {
6822 pi_clear_on(&vmx->pi_desc);
6824 * IOMMU can write to PID.ON, so the barrier matters even on UP.
6825 * But on x86 this is just a compiler barrier anyway.
6827 smp_mb__after_atomic();
6828 got_posted_interrupt =
6829 kvm_apic_update_irr(vcpu, vmx->pi_desc.pir, &max_irr);
6831 max_irr = kvm_lapic_find_highest_irr(vcpu);
6832 got_posted_interrupt = false;
6836 * Newly recognized interrupts are injected via either virtual interrupt
6837 * delivery (RVI) or KVM_REQ_EVENT. Virtual interrupt delivery is
6838 * disabled in two cases:
6840 * 1) If L2 is running and the vCPU has a new pending interrupt. If L1
6841 * wants to exit on interrupts, KVM_REQ_EVENT is needed to synthesize a
6842 * VM-Exit to L1. If L1 doesn't want to exit, the interrupt is injected
6843 * into L2, but KVM doesn't use virtual interrupt delivery to inject
6844 * interrupts into L2, and so KVM_REQ_EVENT is again needed.
6846 * 2) If APICv is disabled for this vCPU, assigned devices may still
6847 * attempt to post interrupts. The posted interrupt vector will cause
6848 * a VM-Exit and the subsequent entry will call sync_pir_to_irr.
6850 if (!is_guest_mode(vcpu) && kvm_vcpu_apicv_active(vcpu))
6851 vmx_set_rvi(max_irr);
6852 else if (got_posted_interrupt)
6853 kvm_make_request(KVM_REQ_EVENT, vcpu);
6858 static void vmx_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
6860 if (!kvm_vcpu_apicv_active(vcpu))
6863 vmcs_write64(EOI_EXIT_BITMAP0, eoi_exit_bitmap[0]);
6864 vmcs_write64(EOI_EXIT_BITMAP1, eoi_exit_bitmap[1]);
6865 vmcs_write64(EOI_EXIT_BITMAP2, eoi_exit_bitmap[2]);
6866 vmcs_write64(EOI_EXIT_BITMAP3, eoi_exit_bitmap[3]);
6869 static void vmx_apicv_post_state_restore(struct kvm_vcpu *vcpu)
6871 struct vcpu_vmx *vmx = to_vmx(vcpu);
6873 pi_clear_on(&vmx->pi_desc);
6874 memset(vmx->pi_desc.pir, 0, sizeof(vmx->pi_desc.pir));
6877 void vmx_do_interrupt_irqoff(unsigned long entry);
6878 void vmx_do_nmi_irqoff(void);
6880 static void handle_nm_fault_irqoff(struct kvm_vcpu *vcpu)
6883 * Save xfd_err to guest_fpu before interrupt is enabled, so the
6884 * MSR value is not clobbered by the host activity before the guest
6885 * has chance to consume it.
6887 * Do not blindly read xfd_err here, since this exception might
6888 * be caused by L1 interception on a platform which doesn't
6889 * support xfd at all.
6891 * Do it conditionally upon guest_fpu::xfd. xfd_err matters
6892 * only when xfd contains a non-zero value.
6894 * Queuing exception is done in vmx_handle_exit. See comment there.
6896 if (vcpu->arch.guest_fpu.fpstate->xfd)
6897 rdmsrl(MSR_IA32_XFD_ERR, vcpu->arch.guest_fpu.xfd_err);
6900 static void handle_exception_irqoff(struct vcpu_vmx *vmx)
6902 u32 intr_info = vmx_get_intr_info(&vmx->vcpu);
6904 /* if exit due to PF check for async PF */
6905 if (is_page_fault(intr_info))
6906 vmx->vcpu.arch.apf.host_apf_flags = kvm_read_and_reset_apf_flags();
6907 /* if exit due to NM, handle before interrupts are enabled */
6908 else if (is_nm_fault(intr_info))
6909 handle_nm_fault_irqoff(&vmx->vcpu);
6910 /* Handle machine checks before interrupts are enabled */
6911 else if (is_machine_check(intr_info))
6912 kvm_machine_check();
6915 static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu)
6917 u32 intr_info = vmx_get_intr_info(vcpu);
6918 unsigned int vector = intr_info & INTR_INFO_VECTOR_MASK;
6919 gate_desc *desc = (gate_desc *)host_idt_base + vector;
6921 if (KVM_BUG(!is_external_intr(intr_info), vcpu->kvm,
6922 "unexpected VM-Exit interrupt info: 0x%x", intr_info))
6925 kvm_before_interrupt(vcpu, KVM_HANDLING_IRQ);
6926 vmx_do_interrupt_irqoff(gate_offset(desc));
6927 kvm_after_interrupt(vcpu);
6929 vcpu->arch.at_instruction_boundary = true;
6932 static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu)
6934 struct vcpu_vmx *vmx = to_vmx(vcpu);
6936 if (vmx->emulation_required)
6939 if (vmx->exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
6940 handle_external_interrupt_irqoff(vcpu);
6941 else if (vmx->exit_reason.basic == EXIT_REASON_EXCEPTION_NMI)
6942 handle_exception_irqoff(vmx);
6946 * The kvm parameter can be NULL (module initialization, or invocation before
6947 * VM creation). Be sure to check the kvm parameter before using it.
6949 static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index)
6952 case MSR_IA32_SMBASE:
6953 if (!IS_ENABLED(CONFIG_KVM_SMM))
6956 * We cannot do SMM unless we can run the guest in big
6959 return enable_unrestricted_guest || emulate_invalid_guest_state;
6960 case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
6962 case MSR_AMD64_VIRT_SPEC_CTRL:
6963 case MSR_AMD64_TSC_RATIO:
6964 /* This is AMD only. */
6971 static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)
6976 bool idtv_info_valid;
6978 idtv_info_valid = vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK;
6981 if (vmx->loaded_vmcs->nmi_known_unmasked)
6984 exit_intr_info = vmx_get_intr_info(&vmx->vcpu);
6985 unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0;
6986 vector = exit_intr_info & INTR_INFO_VECTOR_MASK;
6988 * SDM 3: 27.7.1.2 (September 2008)
6989 * Re-set bit "block by NMI" before VM entry if vmexit caused by
6990 * a guest IRET fault.
6991 * SDM 3: 23.2.2 (September 2008)
6992 * Bit 12 is undefined in any of the following cases:
6993 * If the VM exit sets the valid bit in the IDT-vectoring
6994 * information field.
6995 * If the VM exit is due to a double fault.
6997 if ((exit_intr_info & INTR_INFO_VALID_MASK) && unblock_nmi &&
6998 vector != DF_VECTOR && !idtv_info_valid)
6999 vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
7000 GUEST_INTR_STATE_NMI);
7002 vmx->loaded_vmcs->nmi_known_unmasked =
7003 !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO)
7004 & GUEST_INTR_STATE_NMI);
7005 } else if (unlikely(vmx->loaded_vmcs->soft_vnmi_blocked))
7006 vmx->loaded_vmcs->vnmi_blocked_time +=
7007 ktime_to_ns(ktime_sub(ktime_get(),
7008 vmx->loaded_vmcs->entry_time));
7011 static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu,
7012 u32 idt_vectoring_info,
7013 int instr_len_field,
7014 int error_code_field)
7018 bool idtv_info_valid;
7020 idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK;
7022 vcpu->arch.nmi_injected = false;
7023 kvm_clear_exception_queue(vcpu);
7024 kvm_clear_interrupt_queue(vcpu);
7026 if (!idtv_info_valid)
7029 kvm_make_request(KVM_REQ_EVENT, vcpu);
7031 vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK;
7032 type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK;
7035 case INTR_TYPE_NMI_INTR:
7036 vcpu->arch.nmi_injected = true;
7038 * SDM 3: 27.7.1.2 (September 2008)
7039 * Clear bit "block by NMI" before VM entry if a NMI
7042 vmx_set_nmi_mask(vcpu, false);
7044 case INTR_TYPE_SOFT_EXCEPTION:
7045 vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field);
7047 case INTR_TYPE_HARD_EXCEPTION:
7048 if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) {
7049 u32 err = vmcs_read32(error_code_field);
7050 kvm_requeue_exception_e(vcpu, vector, err);
7052 kvm_requeue_exception(vcpu, vector);
7054 case INTR_TYPE_SOFT_INTR:
7055 vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field);
7057 case INTR_TYPE_EXT_INTR:
7058 kvm_queue_interrupt(vcpu, vector, type == INTR_TYPE_SOFT_INTR);
7065 static void vmx_complete_interrupts(struct vcpu_vmx *vmx)
7067 __vmx_complete_interrupts(&vmx->vcpu, vmx->idt_vectoring_info,
7068 VM_EXIT_INSTRUCTION_LEN,
7069 IDT_VECTORING_ERROR_CODE);
7072 static void vmx_cancel_injection(struct kvm_vcpu *vcpu)
7074 __vmx_complete_interrupts(vcpu,
7075 vmcs_read32(VM_ENTRY_INTR_INFO_FIELD),
7076 VM_ENTRY_INSTRUCTION_LEN,
7077 VM_ENTRY_EXCEPTION_ERROR_CODE);
7079 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0);
7082 static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
7085 struct perf_guest_switch_msr *msrs;
7086 struct kvm_pmu *pmu = vcpu_to_pmu(&vmx->vcpu);
7088 pmu->host_cross_mapped_mask = 0;
7089 if (pmu->pebs_enable & pmu->global_ctrl)
7090 intel_pmu_cross_mapped_check(pmu);
7092 /* Note, nr_msrs may be garbage if perf_guest_get_msrs() returns NULL. */
7093 msrs = perf_guest_get_msrs(&nr_msrs, (void *)pmu);
7097 for (i = 0; i < nr_msrs; i++)
7098 if (msrs[i].host == msrs[i].guest)
7099 clear_atomic_switch_msr(vmx, msrs[i].msr);
7101 add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest,
7102 msrs[i].host, false);
7105 static void vmx_update_hv_timer(struct kvm_vcpu *vcpu)
7107 struct vcpu_vmx *vmx = to_vmx(vcpu);
7111 if (vmx->req_immediate_exit) {
7112 vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, 0);
7113 vmx->loaded_vmcs->hv_timer_soft_disabled = false;
7114 } else if (vmx->hv_deadline_tsc != -1) {
7116 if (vmx->hv_deadline_tsc > tscl)
7117 /* set_hv_timer ensures the delta fits in 32-bits */
7118 delta_tsc = (u32)((vmx->hv_deadline_tsc - tscl) >>
7119 cpu_preemption_timer_multi);
7123 vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, delta_tsc);
7124 vmx->loaded_vmcs->hv_timer_soft_disabled = false;
7125 } else if (!vmx->loaded_vmcs->hv_timer_soft_disabled) {
7126 vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, -1);
7127 vmx->loaded_vmcs->hv_timer_soft_disabled = true;
7131 void noinstr vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp)
7133 if (unlikely(host_rsp != vmx->loaded_vmcs->host_state.rsp)) {
7134 vmx->loaded_vmcs->host_state.rsp = host_rsp;
7135 vmcs_writel(HOST_RSP, host_rsp);
7139 void noinstr vmx_spec_ctrl_restore_host(struct vcpu_vmx *vmx,
7142 u64 hostval = this_cpu_read(x86_spec_ctrl_current);
7144 if (!cpu_feature_enabled(X86_FEATURE_MSR_SPEC_CTRL))
7147 if (flags & VMX_RUN_SAVE_SPEC_CTRL)
7148 vmx->spec_ctrl = __rdmsr(MSR_IA32_SPEC_CTRL);
7151 * If the guest/host SPEC_CTRL values differ, restore the host value.
7153 * For legacy IBRS, the IBRS bit always needs to be written after
7154 * transitioning from a less privileged predictor mode, regardless of
7155 * whether the guest/host values differ.
7157 if (cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS) ||
7158 vmx->spec_ctrl != hostval)
7159 native_wrmsrl(MSR_IA32_SPEC_CTRL, hostval);
7164 static fastpath_t vmx_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
7166 switch (to_vmx(vcpu)->exit_reason.basic) {
7167 case EXIT_REASON_MSR_WRITE:
7168 return handle_fastpath_set_msr_irqoff(vcpu);
7169 case EXIT_REASON_PREEMPTION_TIMER:
7170 return handle_fastpath_preemption_timer(vcpu);
7172 return EXIT_FASTPATH_NONE;
7176 static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu,
7179 struct vcpu_vmx *vmx = to_vmx(vcpu);
7181 guest_state_enter_irqoff();
7183 /* L1D Flush includes CPU buffer clear to mitigate MDS */
7184 if (static_branch_unlikely(&vmx_l1d_should_flush))
7185 vmx_l1d_flush(vcpu);
7186 else if (static_branch_unlikely(&mds_user_clear))
7187 mds_clear_cpu_buffers();
7188 else if (static_branch_unlikely(&mmio_stale_data_clear) &&
7189 kvm_arch_has_assigned_device(vcpu->kvm))
7190 mds_clear_cpu_buffers();
7192 vmx_disable_fb_clear(vmx);
7194 if (vcpu->arch.cr2 != native_read_cr2())
7195 native_write_cr2(vcpu->arch.cr2);
7197 vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs,
7200 vcpu->arch.cr2 = native_read_cr2();
7202 vmx_enable_fb_clear(vmx);
7204 if (unlikely(vmx->fail))
7205 vmx->exit_reason.full = 0xdead;
7207 vmx->exit_reason.full = vmcs_read32(VM_EXIT_REASON);
7209 if ((u16)vmx->exit_reason.basic == EXIT_REASON_EXCEPTION_NMI &&
7210 is_nmi(vmx_get_intr_info(vcpu))) {
7211 kvm_before_interrupt(vcpu, KVM_HANDLING_NMI);
7212 vmx_do_nmi_irqoff();
7213 kvm_after_interrupt(vcpu);
7216 guest_state_exit_irqoff();
7219 static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu)
7221 struct vcpu_vmx *vmx = to_vmx(vcpu);
7222 unsigned long cr3, cr4;
7224 /* Record the guest's net vcpu time for enforced NMI injections. */
7225 if (unlikely(!enable_vnmi &&
7226 vmx->loaded_vmcs->soft_vnmi_blocked))
7227 vmx->loaded_vmcs->entry_time = ktime_get();
7230 * Don't enter VMX if guest state is invalid, let the exit handler
7231 * start emulation until we arrive back to a valid state. Synthesize a
7232 * consistency check VM-Exit due to invalid guest state and bail.
7234 if (unlikely(vmx->emulation_required)) {
7237 vmx->exit_reason.full = EXIT_REASON_INVALID_STATE;
7238 vmx->exit_reason.failed_vmentry = 1;
7239 kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_1);
7240 vmx->exit_qualification = ENTRY_FAIL_DEFAULT;
7241 kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_2);
7242 vmx->exit_intr_info = 0;
7243 return EXIT_FASTPATH_NONE;
7246 trace_kvm_entry(vcpu);
7248 if (vmx->ple_window_dirty) {
7249 vmx->ple_window_dirty = false;
7250 vmcs_write32(PLE_WINDOW, vmx->ple_window);
7254 * We did this in prepare_switch_to_guest, because it needs to
7255 * be within srcu_read_lock.
7257 WARN_ON_ONCE(vmx->nested.need_vmcs12_to_shadow_sync);
7259 if (kvm_register_is_dirty(vcpu, VCPU_REGS_RSP))
7260 vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
7261 if (kvm_register_is_dirty(vcpu, VCPU_REGS_RIP))
7262 vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
7263 vcpu->arch.regs_dirty = 0;
7266 * Refresh vmcs.HOST_CR3 if necessary. This must be done immediately
7267 * prior to VM-Enter, as the kernel may load a new ASID (PCID) any time
7268 * it switches back to the current->mm, which can occur in KVM context
7269 * when switching to a temporary mm to patch kernel code, e.g. if KVM
7270 * toggles a static key while handling a VM-Exit.
7272 cr3 = __get_current_cr3_fast();
7273 if (unlikely(cr3 != vmx->loaded_vmcs->host_state.cr3)) {
7274 vmcs_writel(HOST_CR3, cr3);
7275 vmx->loaded_vmcs->host_state.cr3 = cr3;
7278 cr4 = cr4_read_shadow();
7279 if (unlikely(cr4 != vmx->loaded_vmcs->host_state.cr4)) {
7280 vmcs_writel(HOST_CR4, cr4);
7281 vmx->loaded_vmcs->host_state.cr4 = cr4;
7284 /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */
7285 if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))
7286 set_debugreg(vcpu->arch.dr6, 6);
7288 /* When single-stepping over STI and MOV SS, we must clear the
7289 * corresponding interruptibility bits in the guest state. Otherwise
7290 * vmentry fails as it then expects bit 14 (BS) in pending debug
7291 * exceptions being set, but that's not correct for the guest debugging
7293 if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
7294 vmx_set_interrupt_shadow(vcpu, 0);
7296 kvm_load_guest_xsave_state(vcpu);
7298 pt_guest_enter(vmx);
7300 atomic_switch_perf_msrs(vmx);
7301 if (intel_pmu_lbr_is_enabled(vcpu))
7302 vmx_passthrough_lbr_msrs(vcpu);
7304 if (enable_preemption_timer)
7305 vmx_update_hv_timer(vcpu);
7307 kvm_wait_lapic_expire(vcpu);
7309 /* The actual VMENTER/EXIT is in the .noinstr.text section. */
7310 vmx_vcpu_enter_exit(vcpu, __vmx_vcpu_run_flags(vmx));
7312 /* All fields are clean at this point */
7313 if (static_branch_unlikely(&enable_evmcs)) {
7314 current_evmcs->hv_clean_fields |=
7315 HV_VMX_ENLIGHTENED_CLEAN_FIELD_ALL;
7317 current_evmcs->hv_vp_id = kvm_hv_get_vpindex(vcpu);
7320 /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */
7321 if (vmx->host_debugctlmsr)
7322 update_debugctlmsr(vmx->host_debugctlmsr);
7324 #ifndef CONFIG_X86_64
7326 * The sysexit path does not restore ds/es, so we must set them to
7327 * a reasonable value ourselves.
7329 * We can't defer this to vmx_prepare_switch_to_host() since that
7330 * function may be executed in interrupt context, which saves and
7331 * restore segments around it, nullifying its effect.
7333 loadsegment(ds, __USER_DS);
7334 loadsegment(es, __USER_DS);
7337 vcpu->arch.regs_avail &= ~VMX_REGS_LAZY_LOAD_SET;
7341 kvm_load_host_xsave_state(vcpu);
7343 if (is_guest_mode(vcpu)) {
7345 * Track VMLAUNCH/VMRESUME that have made past guest state
7348 if (vmx->nested.nested_run_pending &&
7349 !vmx->exit_reason.failed_vmentry)
7350 ++vcpu->stat.nested_run;
7352 vmx->nested.nested_run_pending = 0;
7355 vmx->idt_vectoring_info = 0;
7357 if (unlikely(vmx->fail))
7358 return EXIT_FASTPATH_NONE;
7360 if (unlikely((u16)vmx->exit_reason.basic == EXIT_REASON_MCE_DURING_VMENTRY))
7361 kvm_machine_check();
7363 if (likely(!vmx->exit_reason.failed_vmentry))
7364 vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD);
7366 trace_kvm_exit(vcpu, KVM_ISA_VMX);
7368 if (unlikely(vmx->exit_reason.failed_vmentry))
7369 return EXIT_FASTPATH_NONE;
7371 vmx->loaded_vmcs->launched = 1;
7373 vmx_recover_nmi_blocking(vmx);
7374 vmx_complete_interrupts(vmx);
7376 if (is_guest_mode(vcpu))
7377 return EXIT_FASTPATH_NONE;
7379 return vmx_exit_handlers_fastpath(vcpu);
7382 static void vmx_vcpu_free(struct kvm_vcpu *vcpu)
7384 struct vcpu_vmx *vmx = to_vmx(vcpu);
7387 vmx_destroy_pml_buffer(vmx);
7388 free_vpid(vmx->vpid);
7389 nested_vmx_free_vcpu(vcpu);
7390 free_loaded_vmcs(vmx->loaded_vmcs);
7393 static int vmx_vcpu_create(struct kvm_vcpu *vcpu)
7395 struct vmx_uret_msr *tsx_ctrl;
7396 struct vcpu_vmx *vmx;
7399 BUILD_BUG_ON(offsetof(struct vcpu_vmx, vcpu) != 0);
7402 INIT_LIST_HEAD(&vmx->pi_wakeup_list);
7406 vmx->vpid = allocate_vpid();
7409 * If PML is turned on, failure on enabling PML just results in failure
7410 * of creating the vcpu, therefore we can simplify PML logic (by
7411 * avoiding dealing with cases, such as enabling PML partially on vcpus
7412 * for the guest), etc.
7415 vmx->pml_pg = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
7420 for (i = 0; i < kvm_nr_uret_msrs; ++i)
7421 vmx->guest_uret_msrs[i].mask = -1ull;
7422 if (boot_cpu_has(X86_FEATURE_RTM)) {
7424 * TSX_CTRL_CPUID_CLEAR is handled in the CPUID interception.
7425 * Keep the host value unchanged to avoid changing CPUID bits
7426 * under the host kernel's feet.
7428 tsx_ctrl = vmx_find_uret_msr(vmx, MSR_IA32_TSX_CTRL);
7430 tsx_ctrl->mask = ~(u64)TSX_CTRL_CPUID_CLEAR;
7433 err = alloc_loaded_vmcs(&vmx->vmcs01);
7438 * Use Hyper-V 'Enlightened MSR Bitmap' feature when KVM runs as a
7439 * nested (L1) hypervisor and Hyper-V in L0 supports it. Enable the
7440 * feature only for vmcs01, KVM currently isn't equipped to realize any
7441 * performance benefits from enabling it for vmcs02.
7443 if (IS_ENABLED(CONFIG_HYPERV) && static_branch_unlikely(&enable_evmcs) &&
7444 (ms_hyperv.nested_features & HV_X64_NESTED_MSR_BITMAP)) {
7445 struct hv_enlightened_vmcs *evmcs = (void *)vmx->vmcs01.vmcs;
7447 evmcs->hv_enlightenments_control.msr_bitmap = 1;
7450 /* The MSR bitmap starts with all ones */
7451 bitmap_fill(vmx->shadow_msr_intercept.read, MAX_POSSIBLE_PASSTHROUGH_MSRS);
7452 bitmap_fill(vmx->shadow_msr_intercept.write, MAX_POSSIBLE_PASSTHROUGH_MSRS);
7454 vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R);
7455 #ifdef CONFIG_X86_64
7456 vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
7457 vmx_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
7458 vmx_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
7460 vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
7461 vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
7462 vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
7463 if (kvm_cstate_in_guest(vcpu->kvm)) {
7464 vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C1_RES, MSR_TYPE_R);
7465 vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R);
7466 vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R);
7467 vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R);
7470 vmx->loaded_vmcs = &vmx->vmcs01;
7472 if (cpu_need_virtualize_apic_accesses(vcpu)) {
7473 err = kvm_alloc_apic_access_page(vcpu->kvm);
7478 if (enable_ept && !enable_unrestricted_guest) {
7479 err = init_rmode_identity_map(vcpu->kvm);
7484 if (vmx_can_use_ipiv(vcpu))
7485 WRITE_ONCE(to_kvm_vmx(vcpu->kvm)->pid_table[vcpu->vcpu_id],
7486 __pa(&vmx->pi_desc) | PID_TABLE_ENTRY_VALID);
7491 free_loaded_vmcs(vmx->loaded_vmcs);
7493 vmx_destroy_pml_buffer(vmx);
7495 free_vpid(vmx->vpid);
7499 #define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n"
7500 #define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n"
7502 static int vmx_vm_init(struct kvm *kvm)
7505 kvm->arch.pause_in_guest = true;
7507 if (boot_cpu_has(X86_BUG_L1TF) && enable_ept) {
7508 switch (l1tf_mitigation) {
7509 case L1TF_MITIGATION_OFF:
7510 case L1TF_MITIGATION_FLUSH_NOWARN:
7511 /* 'I explicitly don't care' is set */
7513 case L1TF_MITIGATION_FLUSH:
7514 case L1TF_MITIGATION_FLUSH_NOSMT:
7515 case L1TF_MITIGATION_FULL:
7517 * Warn upon starting the first VM in a potentially
7518 * insecure environment.
7520 if (sched_smt_active())
7521 pr_warn_once(L1TF_MSG_SMT);
7522 if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER)
7523 pr_warn_once(L1TF_MSG_L1D);
7525 case L1TF_MITIGATION_FULL_FORCE:
7526 /* Flush is enforced */
7533 static u8 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
7537 /* We wanted to honor guest CD/MTRR/PAT, but doing so could result in
7538 * memory aliases with conflicting memory types and sometimes MCEs.
7539 * We have to be careful as to what are honored and when.
7541 * For MMIO, guest CD/MTRR are ignored. The EPT memory type is set to
7542 * UC. The effective memory type is UC or WC depending on guest PAT.
7543 * This was historically the source of MCEs and we want to be
7546 * When there is no need to deal with noncoherent DMA (e.g., no VT-d
7547 * or VT-d has snoop control), guest CD/MTRR/PAT are all ignored. The
7548 * EPT memory type is set to WB. The effective memory type is forced
7551 * Otherwise, we trust guest. Guest CD/MTRR/PAT are all honored. The
7552 * EPT memory type is used to emulate guest CD/MTRR.
7556 return MTRR_TYPE_UNCACHABLE << VMX_EPT_MT_EPTE_SHIFT;
7558 if (!kvm_arch_has_noncoherent_dma(vcpu->kvm))
7559 return (MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT) | VMX_EPT_IPAT_BIT;
7561 if (kvm_read_cr0(vcpu) & X86_CR0_CD) {
7562 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
7563 cache = MTRR_TYPE_WRBACK;
7565 cache = MTRR_TYPE_UNCACHABLE;
7567 return (cache << VMX_EPT_MT_EPTE_SHIFT) | VMX_EPT_IPAT_BIT;
7570 return kvm_mtrr_get_guest_memory_type(vcpu, gfn) << VMX_EPT_MT_EPTE_SHIFT;
7573 static void vmcs_set_secondary_exec_control(struct vcpu_vmx *vmx, u32 new_ctl)
7576 * These bits in the secondary execution controls field
7577 * are dynamic, the others are mostly based on the hypervisor
7578 * architecture and the guest's CPUID. Do not touch the
7582 SECONDARY_EXEC_SHADOW_VMCS |
7583 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
7584 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
7585 SECONDARY_EXEC_DESC;
7587 u32 cur_ctl = secondary_exec_controls_get(vmx);
7589 secondary_exec_controls_set(vmx, (new_ctl & ~mask) | (cur_ctl & mask));
7593 * Generate MSR_IA32_VMX_CR{0,4}_FIXED1 according to CPUID. Only set bits
7594 * (indicating "allowed-1") if they are supported in the guest's CPUID.
7596 static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu)
7598 struct vcpu_vmx *vmx = to_vmx(vcpu);
7599 struct kvm_cpuid_entry2 *entry;
7601 vmx->nested.msrs.cr0_fixed1 = 0xffffffff;
7602 vmx->nested.msrs.cr4_fixed1 = X86_CR4_PCE;
7604 #define cr4_fixed1_update(_cr4_mask, _reg, _cpuid_mask) do { \
7605 if (entry && (entry->_reg & (_cpuid_mask))) \
7606 vmx->nested.msrs.cr4_fixed1 |= (_cr4_mask); \
7609 entry = kvm_find_cpuid_entry(vcpu, 0x1);
7610 cr4_fixed1_update(X86_CR4_VME, edx, feature_bit(VME));
7611 cr4_fixed1_update(X86_CR4_PVI, edx, feature_bit(VME));
7612 cr4_fixed1_update(X86_CR4_TSD, edx, feature_bit(TSC));
7613 cr4_fixed1_update(X86_CR4_DE, edx, feature_bit(DE));
7614 cr4_fixed1_update(X86_CR4_PSE, edx, feature_bit(PSE));
7615 cr4_fixed1_update(X86_CR4_PAE, edx, feature_bit(PAE));
7616 cr4_fixed1_update(X86_CR4_MCE, edx, feature_bit(MCE));
7617 cr4_fixed1_update(X86_CR4_PGE, edx, feature_bit(PGE));
7618 cr4_fixed1_update(X86_CR4_OSFXSR, edx, feature_bit(FXSR));
7619 cr4_fixed1_update(X86_CR4_OSXMMEXCPT, edx, feature_bit(XMM));
7620 cr4_fixed1_update(X86_CR4_VMXE, ecx, feature_bit(VMX));
7621 cr4_fixed1_update(X86_CR4_SMXE, ecx, feature_bit(SMX));
7622 cr4_fixed1_update(X86_CR4_PCIDE, ecx, feature_bit(PCID));
7623 cr4_fixed1_update(X86_CR4_OSXSAVE, ecx, feature_bit(XSAVE));
7625 entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 0);
7626 cr4_fixed1_update(X86_CR4_FSGSBASE, ebx, feature_bit(FSGSBASE));
7627 cr4_fixed1_update(X86_CR4_SMEP, ebx, feature_bit(SMEP));
7628 cr4_fixed1_update(X86_CR4_SMAP, ebx, feature_bit(SMAP));
7629 cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU));
7630 cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP));
7631 cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57));
7633 #undef cr4_fixed1_update
7636 static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
7638 struct vcpu_vmx *vmx = to_vmx(vcpu);
7639 struct kvm_cpuid_entry2 *best = NULL;
7642 for (i = 0; i < PT_CPUID_LEAVES; i++) {
7643 best = kvm_find_cpuid_entry_index(vcpu, 0x14, i);
7646 vmx->pt_desc.caps[CPUID_EAX + i*PT_CPUID_REGS_NUM] = best->eax;
7647 vmx->pt_desc.caps[CPUID_EBX + i*PT_CPUID_REGS_NUM] = best->ebx;
7648 vmx->pt_desc.caps[CPUID_ECX + i*PT_CPUID_REGS_NUM] = best->ecx;
7649 vmx->pt_desc.caps[CPUID_EDX + i*PT_CPUID_REGS_NUM] = best->edx;
7652 /* Get the number of configurable Address Ranges for filtering */
7653 vmx->pt_desc.num_address_ranges = intel_pt_validate_cap(vmx->pt_desc.caps,
7654 PT_CAP_num_address_ranges);
7656 /* Initialize and clear the no dependency bits */
7657 vmx->pt_desc.ctl_bitmask = ~(RTIT_CTL_TRACEEN | RTIT_CTL_OS |
7658 RTIT_CTL_USR | RTIT_CTL_TSC_EN | RTIT_CTL_DISRETC |
7659 RTIT_CTL_BRANCH_EN);
7662 * If CPUID.(EAX=14H,ECX=0):EBX[0]=1 CR3Filter can be set otherwise
7663 * will inject an #GP
7665 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_cr3_filtering))
7666 vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_CR3EN;
7669 * If CPUID.(EAX=14H,ECX=0):EBX[1]=1 CYCEn, CycThresh and
7670 * PSBFreq can be set
7672 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc))
7673 vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_CYCLEACC |
7674 RTIT_CTL_CYC_THRESH | RTIT_CTL_PSB_FREQ);
7677 * If CPUID.(EAX=14H,ECX=0):EBX[3]=1 MTCEn and MTCFreq can be set
7679 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc))
7680 vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_MTC_EN |
7681 RTIT_CTL_MTC_RANGE);
7683 /* If CPUID.(EAX=14H,ECX=0):EBX[4]=1 FUPonPTW and PTWEn can be set */
7684 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_ptwrite))
7685 vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_FUP_ON_PTW |
7688 /* If CPUID.(EAX=14H,ECX=0):EBX[5]=1 PwrEvEn can be set */
7689 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_power_event_trace))
7690 vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_PWR_EVT_EN;
7692 /* If CPUID.(EAX=14H,ECX=0):ECX[0]=1 ToPA can be set */
7693 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_topa_output))
7694 vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_TOPA;
7696 /* If CPUID.(EAX=14H,ECX=0):ECX[3]=1 FabricEn can be set */
7697 if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_output_subsys))
7698 vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_FABRIC_EN;
7700 /* unmask address range configure area */
7701 for (i = 0; i < vmx->pt_desc.num_address_ranges; i++)
7702 vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4));
7705 static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
7707 struct vcpu_vmx *vmx = to_vmx(vcpu);
7709 /* xsaves_enabled is recomputed in vmx_compute_secondary_exec_control(). */
7710 vcpu->arch.xsaves_enabled = false;
7712 vmx_setup_uret_msrs(vmx);
7714 if (cpu_has_secondary_exec_ctrls())
7715 vmcs_set_secondary_exec_control(vmx,
7716 vmx_secondary_exec_control(vmx));
7718 if (nested_vmx_allowed(vcpu))
7719 vmx->msr_ia32_feature_control_valid_bits |=
7720 FEAT_CTL_VMX_ENABLED_INSIDE_SMX |
7721 FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX;
7723 vmx->msr_ia32_feature_control_valid_bits &=
7724 ~(FEAT_CTL_VMX_ENABLED_INSIDE_SMX |
7725 FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX);
7727 if (nested_vmx_allowed(vcpu))
7728 nested_vmx_cr_fixed1_bits_update(vcpu);
7730 if (boot_cpu_has(X86_FEATURE_INTEL_PT) &&
7731 guest_cpuid_has(vcpu, X86_FEATURE_INTEL_PT))
7732 update_intel_pt_cfg(vcpu);
7734 if (boot_cpu_has(X86_FEATURE_RTM)) {
7735 struct vmx_uret_msr *msr;
7736 msr = vmx_find_uret_msr(vmx, MSR_IA32_TSX_CTRL);
7738 bool enabled = guest_cpuid_has(vcpu, X86_FEATURE_RTM);
7739 vmx_set_guest_uret_msr(vmx, msr, enabled ? 0 : TSX_CTRL_RTM_DISABLE);
7743 if (kvm_cpu_cap_has(X86_FEATURE_XFD))
7744 vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R,
7745 !guest_cpuid_has(vcpu, X86_FEATURE_XFD));
7748 set_cr4_guest_host_mask(vmx);
7750 vmx_write_encls_bitmap(vcpu, NULL);
7751 if (guest_cpuid_has(vcpu, X86_FEATURE_SGX))
7752 vmx->msr_ia32_feature_control_valid_bits |= FEAT_CTL_SGX_ENABLED;
7754 vmx->msr_ia32_feature_control_valid_bits &= ~FEAT_CTL_SGX_ENABLED;
7756 if (guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC))
7757 vmx->msr_ia32_feature_control_valid_bits |=
7758 FEAT_CTL_SGX_LC_ENABLED;
7760 vmx->msr_ia32_feature_control_valid_bits &=
7761 ~FEAT_CTL_SGX_LC_ENABLED;
7763 /* Refresh #PF interception to account for MAXPHYADDR changes. */
7764 vmx_update_exception_bitmap(vcpu);
7767 static u64 vmx_get_perf_capabilities(void)
7769 u64 perf_cap = PMU_CAP_FW_WRITES;
7770 struct x86_pmu_lbr lbr;
7771 u64 host_perf_cap = 0;
7776 if (boot_cpu_has(X86_FEATURE_PDCM))
7777 rdmsrl(MSR_IA32_PERF_CAPABILITIES, host_perf_cap);
7779 x86_perf_get_lbr(&lbr);
7781 perf_cap |= host_perf_cap & PMU_CAP_LBR_FMT;
7783 if (vmx_pebs_supported()) {
7784 perf_cap |= host_perf_cap & PERF_CAP_PEBS_MASK;
7785 if ((perf_cap & PERF_CAP_PEBS_FORMAT) < 4)
7786 perf_cap &= ~PERF_CAP_PEBS_BASELINE;
7792 static __init void vmx_set_cpu_caps(void)
7798 kvm_cpu_cap_set(X86_FEATURE_VMX);
7801 if (kvm_mpx_supported())
7802 kvm_cpu_cap_check_and_set(X86_FEATURE_MPX);
7803 if (!cpu_has_vmx_invpcid())
7804 kvm_cpu_cap_clear(X86_FEATURE_INVPCID);
7805 if (vmx_pt_mode_is_host_guest())
7806 kvm_cpu_cap_check_and_set(X86_FEATURE_INTEL_PT);
7807 if (vmx_pebs_supported()) {
7808 kvm_cpu_cap_check_and_set(X86_FEATURE_DS);
7809 kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64);
7813 kvm_cpu_cap_clear(X86_FEATURE_PDCM);
7814 kvm_caps.supported_perf_cap = vmx_get_perf_capabilities();
7817 kvm_cpu_cap_clear(X86_FEATURE_SGX);
7818 kvm_cpu_cap_clear(X86_FEATURE_SGX_LC);
7819 kvm_cpu_cap_clear(X86_FEATURE_SGX1);
7820 kvm_cpu_cap_clear(X86_FEATURE_SGX2);
7823 if (vmx_umip_emulated())
7824 kvm_cpu_cap_set(X86_FEATURE_UMIP);
7827 kvm_caps.supported_xss = 0;
7828 if (!cpu_has_vmx_xsaves())
7829 kvm_cpu_cap_clear(X86_FEATURE_XSAVES);
7831 /* CPUID 0x80000001 and 0x7 (RDPID) */
7832 if (!cpu_has_vmx_rdtscp()) {
7833 kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
7834 kvm_cpu_cap_clear(X86_FEATURE_RDPID);
7837 if (cpu_has_vmx_waitpkg())
7838 kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
7841 static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu)
7843 to_vmx(vcpu)->req_immediate_exit = true;
7846 static int vmx_check_intercept_io(struct kvm_vcpu *vcpu,
7847 struct x86_instruction_info *info)
7849 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
7850 unsigned short port;
7854 if (info->intercept == x86_intercept_in ||
7855 info->intercept == x86_intercept_ins) {
7856 port = info->src_val;
7857 size = info->dst_bytes;
7859 port = info->dst_val;
7860 size = info->src_bytes;
7864 * If the 'use IO bitmaps' VM-execution control is 0, IO instruction
7865 * VM-exits depend on the 'unconditional IO exiting' VM-execution
7868 * Otherwise, IO instruction VM-exits are controlled by the IO bitmaps.
7870 if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
7871 intercept = nested_cpu_has(vmcs12,
7872 CPU_BASED_UNCOND_IO_EXITING);
7874 intercept = nested_vmx_check_io_bitmaps(vcpu, port, size);
7876 /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */
7877 return intercept ? X86EMUL_UNHANDLEABLE : X86EMUL_CONTINUE;
7880 static int vmx_check_intercept(struct kvm_vcpu *vcpu,
7881 struct x86_instruction_info *info,
7882 enum x86_intercept_stage stage,
7883 struct x86_exception *exception)
7885 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
7887 switch (info->intercept) {
7889 * RDPID causes #UD if disabled through secondary execution controls.
7890 * Because it is marked as EmulateOnUD, we need to intercept it here.
7891 * Note, RDPID is hidden behind ENABLE_RDTSCP.
7893 case x86_intercept_rdpid:
7894 if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_RDTSCP)) {
7895 exception->vector = UD_VECTOR;
7896 exception->error_code_valid = false;
7897 return X86EMUL_PROPAGATE_FAULT;
7901 case x86_intercept_in:
7902 case x86_intercept_ins:
7903 case x86_intercept_out:
7904 case x86_intercept_outs:
7905 return vmx_check_intercept_io(vcpu, info);
7907 case x86_intercept_lgdt:
7908 case x86_intercept_lidt:
7909 case x86_intercept_lldt:
7910 case x86_intercept_ltr:
7911 case x86_intercept_sgdt:
7912 case x86_intercept_sidt:
7913 case x86_intercept_sldt:
7914 case x86_intercept_str:
7915 if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_DESC))
7916 return X86EMUL_CONTINUE;
7918 /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */
7921 /* TODO: check more intercepts... */
7926 return X86EMUL_UNHANDLEABLE;
7929 #ifdef CONFIG_X86_64
7930 /* (a << shift) / divisor, return 1 if overflow otherwise 0 */
7931 static inline int u64_shl_div_u64(u64 a, unsigned int shift,
7932 u64 divisor, u64 *result)
7934 u64 low = a << shift, high = a >> (64 - shift);
7936 /* To avoid the overflow on divq */
7937 if (high >= divisor)
7940 /* Low hold the result, high hold rem which is discarded */
7941 asm("divq %2\n\t" : "=a" (low), "=d" (high) :
7942 "rm" (divisor), "0" (low), "1" (high));
7948 static int vmx_set_hv_timer(struct kvm_vcpu *vcpu, u64 guest_deadline_tsc,
7951 struct vcpu_vmx *vmx;
7952 u64 tscl, guest_tscl, delta_tsc, lapic_timer_advance_cycles;
7953 struct kvm_timer *ktimer = &vcpu->arch.apic->lapic_timer;
7957 guest_tscl = kvm_read_l1_tsc(vcpu, tscl);
7958 delta_tsc = max(guest_deadline_tsc, guest_tscl) - guest_tscl;
7959 lapic_timer_advance_cycles = nsec_to_cycles(vcpu,
7960 ktimer->timer_advance_ns);
7962 if (delta_tsc > lapic_timer_advance_cycles)
7963 delta_tsc -= lapic_timer_advance_cycles;
7967 /* Convert to host delta tsc if tsc scaling is enabled */
7968 if (vcpu->arch.l1_tsc_scaling_ratio != kvm_caps.default_tsc_scaling_ratio &&
7969 delta_tsc && u64_shl_div_u64(delta_tsc,
7970 kvm_caps.tsc_scaling_ratio_frac_bits,
7971 vcpu->arch.l1_tsc_scaling_ratio, &delta_tsc))
7975 * If the delta tsc can't fit in the 32 bit after the multi shift,
7976 * we can't use the preemption timer.
7977 * It's possible that it fits on later vmentries, but checking
7978 * on every vmentry is costly so we just use an hrtimer.
7980 if (delta_tsc >> (cpu_preemption_timer_multi + 32))
7983 vmx->hv_deadline_tsc = tscl + delta_tsc;
7984 *expired = !delta_tsc;
7988 static void vmx_cancel_hv_timer(struct kvm_vcpu *vcpu)
7990 to_vmx(vcpu)->hv_deadline_tsc = -1;
7994 static void vmx_sched_in(struct kvm_vcpu *vcpu, int cpu)
7996 if (!kvm_pause_in_guest(vcpu->kvm))
7997 shrink_ple_window(vcpu);
8000 void vmx_update_cpu_dirty_logging(struct kvm_vcpu *vcpu)
8002 struct vcpu_vmx *vmx = to_vmx(vcpu);
8004 if (WARN_ON_ONCE(!enable_pml))
8007 if (is_guest_mode(vcpu)) {
8008 vmx->nested.update_vmcs01_cpu_dirty_logging = true;
8013 * Note, nr_memslots_dirty_logging can be changed concurrent with this
8014 * code, but in that case another update request will be made and so
8015 * the guest will never run with a stale PML value.
8017 if (atomic_read(&vcpu->kvm->nr_memslots_dirty_logging))
8018 secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_ENABLE_PML);
8020 secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_ENABLE_PML);
8023 static void vmx_setup_mce(struct kvm_vcpu *vcpu)
8025 if (vcpu->arch.mcg_cap & MCG_LMCE_P)
8026 to_vmx(vcpu)->msr_ia32_feature_control_valid_bits |=
8027 FEAT_CTL_LMCE_ENABLED;
8029 to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &=
8030 ~FEAT_CTL_LMCE_ENABLED;
8033 #ifdef CONFIG_KVM_SMM
8034 static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
8036 /* we need a nested vmexit to enter SMM, postpone if run is pending */
8037 if (to_vmx(vcpu)->nested.nested_run_pending)
8039 return !is_smm(vcpu);
8042 static int vmx_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
8044 struct vcpu_vmx *vmx = to_vmx(vcpu);
8047 * TODO: Implement custom flows for forcing the vCPU out/in of L2 on
8048 * SMI and RSM. Using the common VM-Exit + VM-Enter routines is wrong
8049 * SMI and RSM only modify state that is saved and restored via SMRAM.
8050 * E.g. most MSRs are left untouched, but many are modified by VM-Exit
8051 * and VM-Enter, and thus L2's values may be corrupted on SMI+RSM.
8053 vmx->nested.smm.guest_mode = is_guest_mode(vcpu);
8054 if (vmx->nested.smm.guest_mode)
8055 nested_vmx_vmexit(vcpu, -1, 0, 0);
8057 vmx->nested.smm.vmxon = vmx->nested.vmxon;
8058 vmx->nested.vmxon = false;
8059 vmx_clear_hlt(vcpu);
8063 static int vmx_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
8065 struct vcpu_vmx *vmx = to_vmx(vcpu);
8068 if (vmx->nested.smm.vmxon) {
8069 vmx->nested.vmxon = true;
8070 vmx->nested.smm.vmxon = false;
8073 if (vmx->nested.smm.guest_mode) {
8074 ret = nested_vmx_enter_non_root_mode(vcpu, false);
8078 vmx->nested.nested_run_pending = 1;
8079 vmx->nested.smm.guest_mode = false;
8084 static void vmx_enable_smi_window(struct kvm_vcpu *vcpu)
8086 /* RSM will cause a vmexit anyway. */
8090 static bool vmx_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
8092 return to_vmx(vcpu)->nested.vmxon && !is_guest_mode(vcpu);
8095 static void vmx_migrate_timers(struct kvm_vcpu *vcpu)
8097 if (is_guest_mode(vcpu)) {
8098 struct hrtimer *timer = &to_vmx(vcpu)->nested.preemption_timer;
8100 if (hrtimer_try_to_cancel(timer) == 1)
8101 hrtimer_start_expires(timer, HRTIMER_MODE_ABS_PINNED);
8105 static void vmx_hardware_unsetup(void)
8107 kvm_set_posted_intr_wakeup_handler(NULL);
8110 nested_vmx_hardware_unsetup();
8115 #define VMX_REQUIRED_APICV_INHIBITS \
8117 BIT(APICV_INHIBIT_REASON_DISABLE)| \
8118 BIT(APICV_INHIBIT_REASON_ABSENT) | \
8119 BIT(APICV_INHIBIT_REASON_HYPERV) | \
8120 BIT(APICV_INHIBIT_REASON_BLOCKIRQ) | \
8121 BIT(APICV_INHIBIT_REASON_PHYSICAL_ID_ALIASED) | \
8122 BIT(APICV_INHIBIT_REASON_APIC_ID_MODIFIED) | \
8123 BIT(APICV_INHIBIT_REASON_APIC_BASE_MODIFIED) \
8126 static void vmx_vm_destroy(struct kvm *kvm)
8128 struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
8130 free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm));
8133 static struct kvm_x86_ops vmx_x86_ops __initdata = {
8134 .name = KBUILD_MODNAME,
8136 .check_processor_compatibility = vmx_check_processor_compat,
8138 .hardware_unsetup = vmx_hardware_unsetup,
8140 .hardware_enable = vmx_hardware_enable,
8141 .hardware_disable = vmx_hardware_disable,
8142 .has_emulated_msr = vmx_has_emulated_msr,
8144 .vm_size = sizeof(struct kvm_vmx),
8145 .vm_init = vmx_vm_init,
8146 .vm_destroy = vmx_vm_destroy,
8148 .vcpu_precreate = vmx_vcpu_precreate,
8149 .vcpu_create = vmx_vcpu_create,
8150 .vcpu_free = vmx_vcpu_free,
8151 .vcpu_reset = vmx_vcpu_reset,
8153 .prepare_switch_to_guest = vmx_prepare_switch_to_guest,
8154 .vcpu_load = vmx_vcpu_load,
8155 .vcpu_put = vmx_vcpu_put,
8157 .update_exception_bitmap = vmx_update_exception_bitmap,
8158 .get_msr_feature = vmx_get_msr_feature,
8159 .get_msr = vmx_get_msr,
8160 .set_msr = vmx_set_msr,
8161 .get_segment_base = vmx_get_segment_base,
8162 .get_segment = vmx_get_segment,
8163 .set_segment = vmx_set_segment,
8164 .get_cpl = vmx_get_cpl,
8165 .get_cs_db_l_bits = vmx_get_cs_db_l_bits,
8166 .set_cr0 = vmx_set_cr0,
8167 .is_valid_cr4 = vmx_is_valid_cr4,
8168 .set_cr4 = vmx_set_cr4,
8169 .set_efer = vmx_set_efer,
8170 .get_idt = vmx_get_idt,
8171 .set_idt = vmx_set_idt,
8172 .get_gdt = vmx_get_gdt,
8173 .set_gdt = vmx_set_gdt,
8174 .set_dr7 = vmx_set_dr7,
8175 .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs,
8176 .cache_reg = vmx_cache_reg,
8177 .get_rflags = vmx_get_rflags,
8178 .set_rflags = vmx_set_rflags,
8179 .get_if_flag = vmx_get_if_flag,
8181 .flush_tlb_all = vmx_flush_tlb_all,
8182 .flush_tlb_current = vmx_flush_tlb_current,
8183 .flush_tlb_gva = vmx_flush_tlb_gva,
8184 .flush_tlb_guest = vmx_flush_tlb_guest,
8186 .vcpu_pre_run = vmx_vcpu_pre_run,
8187 .vcpu_run = vmx_vcpu_run,
8188 .handle_exit = vmx_handle_exit,
8189 .skip_emulated_instruction = vmx_skip_emulated_instruction,
8190 .update_emulated_instruction = vmx_update_emulated_instruction,
8191 .set_interrupt_shadow = vmx_set_interrupt_shadow,
8192 .get_interrupt_shadow = vmx_get_interrupt_shadow,
8193 .patch_hypercall = vmx_patch_hypercall,
8194 .inject_irq = vmx_inject_irq,
8195 .inject_nmi = vmx_inject_nmi,
8196 .inject_exception = vmx_inject_exception,
8197 .cancel_injection = vmx_cancel_injection,
8198 .interrupt_allowed = vmx_interrupt_allowed,
8199 .nmi_allowed = vmx_nmi_allowed,
8200 .get_nmi_mask = vmx_get_nmi_mask,
8201 .set_nmi_mask = vmx_set_nmi_mask,
8202 .enable_nmi_window = vmx_enable_nmi_window,
8203 .enable_irq_window = vmx_enable_irq_window,
8204 .update_cr8_intercept = vmx_update_cr8_intercept,
8205 .set_virtual_apic_mode = vmx_set_virtual_apic_mode,
8206 .set_apic_access_page_addr = vmx_set_apic_access_page_addr,
8207 .refresh_apicv_exec_ctrl = vmx_refresh_apicv_exec_ctrl,
8208 .load_eoi_exitmap = vmx_load_eoi_exitmap,
8209 .apicv_post_state_restore = vmx_apicv_post_state_restore,
8210 .required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS,
8211 .hwapic_irr_update = vmx_hwapic_irr_update,
8212 .hwapic_isr_update = vmx_hwapic_isr_update,
8213 .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt,
8214 .sync_pir_to_irr = vmx_sync_pir_to_irr,
8215 .deliver_interrupt = vmx_deliver_interrupt,
8216 .dy_apicv_has_pending_interrupt = pi_has_pending_interrupt,
8218 .set_tss_addr = vmx_set_tss_addr,
8219 .set_identity_map_addr = vmx_set_identity_map_addr,
8220 .get_mt_mask = vmx_get_mt_mask,
8222 .get_exit_info = vmx_get_exit_info,
8224 .vcpu_after_set_cpuid = vmx_vcpu_after_set_cpuid,
8226 .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit,
8228 .get_l2_tsc_offset = vmx_get_l2_tsc_offset,
8229 .get_l2_tsc_multiplier = vmx_get_l2_tsc_multiplier,
8230 .write_tsc_offset = vmx_write_tsc_offset,
8231 .write_tsc_multiplier = vmx_write_tsc_multiplier,
8233 .load_mmu_pgd = vmx_load_mmu_pgd,
8235 .check_intercept = vmx_check_intercept,
8236 .handle_exit_irqoff = vmx_handle_exit_irqoff,
8238 .request_immediate_exit = vmx_request_immediate_exit,
8240 .sched_in = vmx_sched_in,
8242 .cpu_dirty_log_size = PML_ENTITY_NUM,
8243 .update_cpu_dirty_logging = vmx_update_cpu_dirty_logging,
8245 .nested_ops = &vmx_nested_ops,
8247 .pi_update_irte = vmx_pi_update_irte,
8248 .pi_start_assignment = vmx_pi_start_assignment,
8250 #ifdef CONFIG_X86_64
8251 .set_hv_timer = vmx_set_hv_timer,
8252 .cancel_hv_timer = vmx_cancel_hv_timer,
8255 .setup_mce = vmx_setup_mce,
8257 #ifdef CONFIG_KVM_SMM
8258 .smi_allowed = vmx_smi_allowed,
8259 .enter_smm = vmx_enter_smm,
8260 .leave_smm = vmx_leave_smm,
8261 .enable_smi_window = vmx_enable_smi_window,
8264 .can_emulate_instruction = vmx_can_emulate_instruction,
8265 .apic_init_signal_blocked = vmx_apic_init_signal_blocked,
8266 .migrate_timers = vmx_migrate_timers,
8268 .msr_filter_changed = vmx_msr_filter_changed,
8269 .complete_emulated_msr = kvm_complete_insn_gp,
8271 .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector,
8274 static unsigned int vmx_handle_intel_pt_intr(void)
8276 struct kvm_vcpu *vcpu = kvm_get_running_vcpu();
8278 /* '0' on failure so that the !PT case can use a RET0 static call. */
8279 if (!vcpu || !kvm_handling_nmi_from_guest(vcpu))
8282 kvm_make_request(KVM_REQ_PMI, vcpu);
8283 __set_bit(MSR_CORE_PERF_GLOBAL_OVF_CTRL_TRACE_TOPA_PMI_BIT,
8284 (unsigned long *)&vcpu->arch.pmu.global_status);
8288 static __init void vmx_setup_user_return_msrs(void)
8292 * Though SYSCALL is only supported in 64-bit mode on Intel CPUs, kvm
8293 * will emulate SYSCALL in legacy mode if the vendor string in guest
8294 * CPUID.0:{EBX,ECX,EDX} is "AuthenticAMD" or "AMDisbetter!" To
8295 * support this emulation, MSR_STAR is included in the list for i386,
8296 * but is never loaded into hardware. MSR_CSTAR is also never loaded
8297 * into hardware and is here purely for emulation purposes.
8299 const u32 vmx_uret_msrs_list[] = {
8300 #ifdef CONFIG_X86_64
8301 MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR,
8303 MSR_EFER, MSR_TSC_AUX, MSR_STAR,
8308 BUILD_BUG_ON(ARRAY_SIZE(vmx_uret_msrs_list) != MAX_NR_USER_RETURN_MSRS);
8310 for (i = 0; i < ARRAY_SIZE(vmx_uret_msrs_list); ++i)
8311 kvm_add_user_return_msr(vmx_uret_msrs_list[i]);
8314 static void __init vmx_setup_me_spte_mask(void)
8319 * kvm_get_shadow_phys_bits() returns shadow_phys_bits. Use
8320 * the former to avoid exposing shadow_phys_bits.
8322 * On pre-MKTME system, boot_cpu_data.x86_phys_bits equals to
8323 * shadow_phys_bits. On MKTME and/or TDX capable systems,
8324 * boot_cpu_data.x86_phys_bits holds the actual physical address
8325 * w/o the KeyID bits, and shadow_phys_bits equals to MAXPHYADDR
8326 * reported by CPUID. Those bits between are KeyID bits.
8328 if (boot_cpu_data.x86_phys_bits != kvm_get_shadow_phys_bits())
8329 me_mask = rsvd_bits(boot_cpu_data.x86_phys_bits,
8330 kvm_get_shadow_phys_bits() - 1);
8332 * Unlike SME, host kernel doesn't support setting up any
8333 * MKTME KeyID on Intel platforms. No memory encryption
8334 * bits should be included into the SPTE.
8336 kvm_mmu_set_me_spte_mask(0, me_mask);
8339 static struct kvm_x86_init_ops vmx_init_ops __initdata;
8341 static __init int hardware_setup(void)
8343 unsigned long host_bndcfgs;
8348 host_idt_base = dt.address;
8350 vmx_setup_user_return_msrs();
8352 if (setup_vmcs_config(&vmcs_config, &vmx_capability) < 0)
8355 if (cpu_has_perf_global_ctrl_bug())
8356 pr_warn_once("VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL "
8357 "does not work properly. Using workaround\n");
8359 if (boot_cpu_has(X86_FEATURE_NX))
8360 kvm_enable_efer_bits(EFER_NX);
8362 if (boot_cpu_has(X86_FEATURE_MPX)) {
8363 rdmsrl(MSR_IA32_BNDCFGS, host_bndcfgs);
8364 WARN_ONCE(host_bndcfgs, "BNDCFGS in host will be lost");
8367 if (!cpu_has_vmx_mpx())
8368 kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
8369 XFEATURE_MASK_BNDCSR);
8371 if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() ||
8372 !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global()))
8375 if (!cpu_has_vmx_ept() ||
8376 !cpu_has_vmx_ept_4levels() ||
8377 !cpu_has_vmx_ept_mt_wb() ||
8378 !cpu_has_vmx_invept_global())
8381 /* NX support is required for shadow paging. */
8382 if (!enable_ept && !boot_cpu_has(X86_FEATURE_NX)) {
8383 pr_err_ratelimited("NX (Execute Disable) not supported\n");
8387 if (!cpu_has_vmx_ept_ad_bits() || !enable_ept)
8388 enable_ept_ad_bits = 0;
8390 if (!cpu_has_vmx_unrestricted_guest() || !enable_ept)
8391 enable_unrestricted_guest = 0;
8393 if (!cpu_has_vmx_flexpriority())
8394 flexpriority_enabled = 0;
8396 if (!cpu_has_virtual_nmis())
8399 #ifdef CONFIG_X86_SGX_KVM
8400 if (!cpu_has_vmx_encls_vmexit())
8405 * set_apic_access_page_addr() is used to reload apic access
8406 * page upon invalidation. No need to do anything if not
8407 * using the APIC_ACCESS_ADDR VMCS field.
8409 if (!flexpriority_enabled)
8410 vmx_x86_ops.set_apic_access_page_addr = NULL;
8412 if (!cpu_has_vmx_tpr_shadow())
8413 vmx_x86_ops.update_cr8_intercept = NULL;
8415 #if IS_ENABLED(CONFIG_HYPERV)
8416 if (ms_hyperv.nested_features & HV_X64_NESTED_GUEST_MAPPING_FLUSH
8418 vmx_x86_ops.tlb_remote_flush = hv_remote_flush_tlb;
8419 vmx_x86_ops.tlb_remote_flush_with_range =
8420 hv_remote_flush_tlb_with_range;
8424 if (!cpu_has_vmx_ple()) {
8427 ple_window_grow = 0;
8429 ple_window_shrink = 0;
8432 if (!cpu_has_vmx_apicv())
8435 vmx_x86_ops.sync_pir_to_irr = NULL;
8437 if (!enable_apicv || !cpu_has_vmx_ipiv())
8438 enable_ipiv = false;
8440 if (cpu_has_vmx_tsc_scaling())
8441 kvm_caps.has_tsc_control = true;
8443 kvm_caps.max_tsc_scaling_ratio = KVM_VMX_TSC_MULTIPLIER_MAX;
8444 kvm_caps.tsc_scaling_ratio_frac_bits = 48;
8445 kvm_caps.has_bus_lock_exit = cpu_has_vmx_bus_lock_detection();
8446 kvm_caps.has_notify_vmexit = cpu_has_notify_vmexit();
8448 set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
8451 kvm_mmu_set_ept_masks(enable_ept_ad_bits,
8452 cpu_has_vmx_ept_execute_only());
8455 * Setup shadow_me_value/shadow_me_mask to include MKTME KeyID
8456 * bits to shadow_zero_check.
8458 vmx_setup_me_spte_mask();
8460 kvm_configure_mmu(enable_ept, 0, vmx_get_max_tdp_level(),
8461 ept_caps_to_lpage_level(vmx_capability.ept));
8464 * Only enable PML when hardware supports PML feature, and both EPT
8465 * and EPT A/D bit features are enabled -- PML depends on them to work.
8467 if (!enable_ept || !enable_ept_ad_bits || !cpu_has_vmx_pml())
8471 vmx_x86_ops.cpu_dirty_log_size = 0;
8473 if (!cpu_has_vmx_preemption_timer())
8474 enable_preemption_timer = false;
8476 if (enable_preemption_timer) {
8477 u64 use_timer_freq = 5000ULL * 1000 * 1000;
8479 cpu_preemption_timer_multi =
8480 vmcs_config.misc & VMX_MISC_PREEMPTION_TIMER_RATE_MASK;
8483 use_timer_freq = (u64)tsc_khz * 1000;
8484 use_timer_freq >>= cpu_preemption_timer_multi;
8487 * KVM "disables" the preemption timer by setting it to its max
8488 * value. Don't use the timer if it might cause spurious exits
8489 * at a rate faster than 0.1 Hz (of uninterrupted guest time).
8491 if (use_timer_freq > 0xffffffffu / 10)
8492 enable_preemption_timer = false;
8495 if (!enable_preemption_timer) {
8496 vmx_x86_ops.set_hv_timer = NULL;
8497 vmx_x86_ops.cancel_hv_timer = NULL;
8498 vmx_x86_ops.request_immediate_exit = __kvm_request_immediate_exit;
8501 kvm_caps.supported_mce_cap |= MCG_LMCE_P;
8502 kvm_caps.supported_mce_cap |= MCG_CMCI_P;
8504 if (pt_mode != PT_MODE_SYSTEM && pt_mode != PT_MODE_HOST_GUEST)
8506 if (!enable_ept || !enable_pmu || !cpu_has_vmx_intel_pt())
8507 pt_mode = PT_MODE_SYSTEM;
8508 if (pt_mode == PT_MODE_HOST_GUEST)
8509 vmx_init_ops.handle_intel_pt_intr = vmx_handle_intel_pt_intr;
8511 vmx_init_ops.handle_intel_pt_intr = NULL;
8513 setup_default_sgx_lepubkeyhash();
8516 nested_vmx_setup_ctls_msrs(&vmcs_config, vmx_capability.ept);
8518 r = nested_vmx_hardware_setup(kvm_vmx_exit_handlers);
8525 r = alloc_kvm_area();
8527 nested_vmx_hardware_unsetup();
8529 kvm_set_posted_intr_wakeup_handler(pi_wakeup_handler);
8534 static struct kvm_x86_init_ops vmx_init_ops __initdata = {
8535 .hardware_setup = hardware_setup,
8536 .handle_intel_pt_intr = NULL,
8538 .runtime_ops = &vmx_x86_ops,
8539 .pmu_ops = &intel_pmu_ops,
8542 static void vmx_cleanup_l1d_flush(void)
8544 if (vmx_l1d_flush_pages) {
8545 free_pages((unsigned long)vmx_l1d_flush_pages, L1D_CACHE_ORDER);
8546 vmx_l1d_flush_pages = NULL;
8548 /* Restore state so sysfs ignores VMX */
8549 l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
8552 static void __vmx_exit(void)
8554 allow_smaller_maxphyaddr = false;
8556 #ifdef CONFIG_KEXEC_CORE
8557 RCU_INIT_POINTER(crash_vmclear_loaded_vmcss, NULL);
8560 vmx_cleanup_l1d_flush();
8563 static void vmx_exit(void)
8566 kvm_x86_vendor_exit();
8570 module_exit(vmx_exit);
8572 static int __init vmx_init(void)
8576 if (!kvm_is_vmx_supported())
8580 * Note, hv_init_evmcs() touches only VMX knobs, i.e. there's nothing
8581 * to unwind if a later step fails.
8585 r = kvm_x86_vendor_init(&vmx_init_ops);
8590 * Must be called after common x86 init so enable_ept is properly set
8591 * up. Hand the parameter mitigation value in which was stored in
8592 * the pre module init parser. If no parameter was given, it will
8593 * contain 'auto' which will be turned into the default 'cond'
8596 r = vmx_setup_l1d_flush(vmentry_l1d_flush_param);
8600 vmx_setup_fb_clear_ctrl();
8602 for_each_possible_cpu(cpu) {
8603 INIT_LIST_HEAD(&per_cpu(loaded_vmcss_on_cpu, cpu));
8608 #ifdef CONFIG_KEXEC_CORE
8609 rcu_assign_pointer(crash_vmclear_loaded_vmcss,
8610 crash_vmclear_local_loaded_vmcss);
8612 vmx_check_vmcs12_offsets();
8615 * Shadow paging doesn't have a (further) performance penalty
8616 * from GUEST_MAXPHYADDR < HOST_MAXPHYADDR so enable it
8620 allow_smaller_maxphyaddr = true;
8623 * Common KVM initialization _must_ come last, after this, /dev/kvm is
8624 * exposed to userspace!
8626 r = kvm_init(sizeof(struct vcpu_vmx), __alignof__(struct vcpu_vmx),
8636 kvm_x86_vendor_exit();
8639 module_init(vmx_init);
projects / linux-block.git / blob