svm.c 84.3 KB
Newer Older
A
Avi Kivity 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
/*
 * Kernel-based Virtual Machine driver for Linux
 *
 * AMD SVM support
 *
 * Copyright (C) 2006 Qumranet, Inc.
 *
 * Authors:
 *   Yaniv Kamay  <yaniv@qumranet.com>
 *   Avi Kivity   <avi@qumranet.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2.  See
 * the COPYING file in the top-level directory.
 *
 */
16 17
#include <linux/kvm_host.h>

18
#include "irq.h"
19
#include "mmu.h"
20
#include "kvm_cache_regs.h"
21
#include "x86.h"
A
Avi Kivity 已提交
22

A
Avi Kivity 已提交
23
#include <linux/module.h>
24
#include <linux/kernel.h>
A
Avi Kivity 已提交
25 26
#include <linux/vmalloc.h>
#include <linux/highmem.h>
A
Alexey Dobriyan 已提交
27
#include <linux/sched.h>
28
#include <linux/ftrace_event.h>
29
#include <linux/slab.h>
A
Avi Kivity 已提交
30

A
Avi Kivity 已提交
31
#include <asm/desc.h>
A
Avi Kivity 已提交
32

33
#include <asm/virtext.h>
34
#include "trace.h"
35

36 37
#define __ex(x) __kvm_handle_fault_on_reboot(x)

A
Avi Kivity 已提交
38 39 40 41 42 43 44 45 46
MODULE_AUTHOR("Qumranet");
MODULE_LICENSE("GPL");

#define IOPM_ALLOC_ORDER 2
#define MSRPM_ALLOC_ORDER 1

#define SEG_TYPE_LDT 2
#define SEG_TYPE_BUSY_TSS16 3

47 48 49 50 51
#define SVM_FEATURE_NPT            (1 <<  0)
#define SVM_FEATURE_LBRV           (1 <<  1)
#define SVM_FEATURE_SVML           (1 <<  2)
#define SVM_FEATURE_NRIP           (1 <<  3)
#define SVM_FEATURE_PAUSE_FILTER   (1 << 10)
52

53 54 55 56
#define NESTED_EXIT_HOST	0	/* Exit handled on host level */
#define NESTED_EXIT_DONE	1	/* Exit caused nested vmexit  */
#define NESTED_EXIT_CONTINUE	2	/* Further checks needed      */

57 58
#define DEBUGCTL_RESERVED_BITS (~(0x3fULL))

A
Avi Kivity 已提交
59 60 61 62 63 64 65 66 67 68 69 70
static const u32 host_save_user_msrs[] = {
#ifdef CONFIG_X86_64
	MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE,
	MSR_FS_BASE,
#endif
	MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
};

#define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs)

struct kvm_vcpu;

71 72 73
struct nested_state {
	struct vmcb *hsave;
	u64 hsave_msr;
74
	u64 vm_cr_msr;
75 76 77 78 79 80 81
	u64 vmcb;

	/* These are the merged vectors */
	u32 *msrpm;

	/* gpa pointers to the real vectors */
	u64 vmcb_msrpm;
82
	u64 vmcb_iopm;
J
Joerg Roedel 已提交
83

84 85 86
	/* A VMEXIT is required but not yet emulated */
	bool exit_required;

J
Joerg Roedel 已提交
87 88 89 90 91 92 93 94
	/* cache for intercepts of the guest */
	u16 intercept_cr_read;
	u16 intercept_cr_write;
	u16 intercept_dr_read;
	u16 intercept_dr_write;
	u32 intercept_exceptions;
	u64 intercept;

95 96
};

97 98 99
#define MSRPM_OFFSETS	16
static u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;

A
Avi Kivity 已提交
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
struct vcpu_svm {
	struct kvm_vcpu vcpu;
	struct vmcb *vmcb;
	unsigned long vmcb_pa;
	struct svm_cpu_data *svm_data;
	uint64_t asid_generation;
	uint64_t sysenter_esp;
	uint64_t sysenter_eip;

	u64 next_rip;

	u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
	u64 host_gs_base;

	u32 *msrpm;

116
	struct nested_state nested;
J
Jan Kiszka 已提交
117 118

	bool nmi_singlestep;
119 120 121

	unsigned int3_injected;
	unsigned long int3_rip;
A
Avi Kivity 已提交
122 123
};

124 125
#define MSR_INVALID			0xffffffffU

126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
static struct svm_direct_access_msrs {
	u32 index;   /* Index of the MSR */
	bool always; /* True if intercept is always on */
} direct_access_msrs[] = {
	{ .index = MSR_K6_STAR,				.always = true  },
	{ .index = MSR_IA32_SYSENTER_CS,		.always = true  },
#ifdef CONFIG_X86_64
	{ .index = MSR_GS_BASE,				.always = true  },
	{ .index = MSR_FS_BASE,				.always = true  },
	{ .index = MSR_KERNEL_GS_BASE,			.always = true  },
	{ .index = MSR_LSTAR,				.always = true  },
	{ .index = MSR_CSTAR,				.always = true  },
	{ .index = MSR_SYSCALL_MASK,			.always = true  },
#endif
	{ .index = MSR_IA32_LASTBRANCHFROMIP,		.always = false },
	{ .index = MSR_IA32_LASTBRANCHTOIP,		.always = false },
	{ .index = MSR_IA32_LASTINTFROMIP,		.always = false },
	{ .index = MSR_IA32_LASTINTTOIP,		.always = false },
	{ .index = MSR_INVALID,				.always = false },
};

147 148 149 150
/* enable NPT for AMD64 and X86 with PAE */
#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
static bool npt_enabled = true;
#else
J
Joerg Roedel 已提交
151
static bool npt_enabled;
152
#endif
153 154 155
static int npt = 1;

module_param(npt, int, S_IRUGO);
156

157
static int nested = 1;
158 159
module_param(nested, int, S_IRUGO);

160
static void svm_flush_tlb(struct kvm_vcpu *vcpu);
161
static void svm_complete_interrupts(struct vcpu_svm *svm);
162

163
static int nested_svm_exit_handled(struct vcpu_svm *svm);
164
static int nested_svm_intercept(struct vcpu_svm *svm);
165 166 167 168
static int nested_svm_vmexit(struct vcpu_svm *svm);
static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
				      bool has_error_code, u32 error_code);

169 170
static inline struct vcpu_svm *to_svm(struct kvm_vcpu *vcpu)
{
R
Rusty Russell 已提交
171
	return container_of(vcpu, struct vcpu_svm, vcpu);
172 173
}

A
Alexander Graf 已提交
174 175
static inline bool is_nested(struct vcpu_svm *svm)
{
176
	return svm->nested.vmcb;
A
Alexander Graf 已提交
177 178
}

179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
static inline void enable_gif(struct vcpu_svm *svm)
{
	svm->vcpu.arch.hflags |= HF_GIF_MASK;
}

static inline void disable_gif(struct vcpu_svm *svm)
{
	svm->vcpu.arch.hflags &= ~HF_GIF_MASK;
}

static inline bool gif_set(struct vcpu_svm *svm)
{
	return !!(svm->vcpu.arch.hflags & HF_GIF_MASK);
}

194
static unsigned long iopm_base;
A
Avi Kivity 已提交
195 196 197 198

struct kvm_ldttss_desc {
	u16 limit0;
	u16 base0;
J
Joerg Roedel 已提交
199 200
	unsigned base1:8, type:5, dpl:2, p:1;
	unsigned limit1:4, zero0:3, g:1, base2:8;
A
Avi Kivity 已提交
201 202 203 204 205 206 207
	u32 base3;
	u32 zero1;
} __attribute__((packed));

struct svm_cpu_data {
	int cpu;

A
Avi Kivity 已提交
208 209 210
	u64 asid_generation;
	u32 max_asid;
	u32 next_asid;
A
Avi Kivity 已提交
211 212 213 214 215 216
	struct kvm_ldttss_desc *tss_desc;

	struct page *save_area;
};

static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
217
static uint32_t svm_features;
A
Avi Kivity 已提交
218 219 220 221 222 223 224 225

struct svm_init_data {
	int cpu;
	int r;
};

static u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};

226
#define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
A
Avi Kivity 已提交
227 228 229
#define MSRS_RANGE_SIZE 2048
#define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)

230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
static u32 svm_msrpm_offset(u32 msr)
{
	u32 offset;
	int i;

	for (i = 0; i < NUM_MSR_MAPS; i++) {
		if (msr < msrpm_ranges[i] ||
		    msr >= msrpm_ranges[i] + MSRS_IN_RANGE)
			continue;

		offset  = (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
		offset += (i * MSRS_RANGE_SIZE);       /* add range offset */

		/* Now we have the u8 offset - but need the u32 offset */
		return offset / 4;
	}

	/* MSR not in any range */
	return MSR_INVALID;
}

A
Avi Kivity 已提交
251 252
#define MAX_INST_SIZE 15

253 254 255 256 257
static inline u32 svm_has(u32 feat)
{
	return svm_features & feat;
}

A
Avi Kivity 已提交
258 259
static inline void clgi(void)
{
260
	asm volatile (__ex(SVM_CLGI));
A
Avi Kivity 已提交
261 262 263 264
}

static inline void stgi(void)
{
265
	asm volatile (__ex(SVM_STGI));
A
Avi Kivity 已提交
266 267 268 269
}

static inline void invlpga(unsigned long addr, u32 asid)
{
J
Joerg Roedel 已提交
270
	asm volatile (__ex(SVM_INVLPGA) : : "a"(addr), "c"(asid));
A
Avi Kivity 已提交
271 272 273 274
}

static inline void force_new_asid(struct kvm_vcpu *vcpu)
{
275
	to_svm(vcpu)->asid_generation--;
A
Avi Kivity 已提交
276 277 278 279 280 281 282 283 284
}

static inline void flush_guest_tlb(struct kvm_vcpu *vcpu)
{
	force_new_asid(vcpu);
}

static void svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
{
285
	if (!npt_enabled && !(efer & EFER_LMA))
286
		efer &= ~EFER_LME;
A
Avi Kivity 已提交
287

288
	to_svm(vcpu)->vmcb->save.efer = efer | EFER_SVME;
289
	vcpu->arch.efer = efer;
A
Avi Kivity 已提交
290 291 292 293 294 295 296 297
}

static int is_external_interrupt(u32 info)
{
	info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
	return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
}

298 299 300 301 302 303
static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
{
	struct vcpu_svm *svm = to_svm(vcpu);
	u32 ret = 0;

	if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
304
		ret |= KVM_X86_SHADOW_INT_STI | KVM_X86_SHADOW_INT_MOV_SS;
305 306 307 308 309 310 311 312 313 314 315 316 317 318
	return ret & mask;
}

static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	if (mask == 0)
		svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
	else
		svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;

}

A
Avi Kivity 已提交
319 320
static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
{
321 322
	struct vcpu_svm *svm = to_svm(vcpu);

323 324 325
	if (svm->vmcb->control.next_rip != 0)
		svm->next_rip = svm->vmcb->control.next_rip;

326
	if (!svm->next_rip) {
A
Avi Kivity 已提交
327
		if (emulate_instruction(vcpu, 0, 0, EMULTYPE_SKIP) !=
328 329
				EMULATE_DONE)
			printk(KERN_DEBUG "%s: NOP\n", __func__);
A
Avi Kivity 已提交
330 331
		return;
	}
332 333 334
	if (svm->next_rip - kvm_rip_read(vcpu) > MAX_INST_SIZE)
		printk(KERN_ERR "%s: ip 0x%lx next 0x%llx\n",
		       __func__, kvm_rip_read(vcpu), svm->next_rip);
A
Avi Kivity 已提交
335

336
	kvm_rip_write(vcpu, svm->next_rip);
337
	svm_set_interrupt_shadow(vcpu, 0);
A
Avi Kivity 已提交
338 339
}

J
Jan Kiszka 已提交
340
static void svm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
341 342
				bool has_error_code, u32 error_code,
				bool reinject)
J
Jan Kiszka 已提交
343 344 345
{
	struct vcpu_svm *svm = to_svm(vcpu);

J
Joerg Roedel 已提交
346 347 348 349
	/*
	 * If we are within a nested VM we'd better #VMEXIT and let the guest
	 * handle the exception
	 */
350 351
	if (!reinject &&
	    nested_svm_check_exception(svm, nr, has_error_code, error_code))
J
Jan Kiszka 已提交
352 353
		return;

354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369
	if (nr == BP_VECTOR && !svm_has(SVM_FEATURE_NRIP)) {
		unsigned long rip, old_rip = kvm_rip_read(&svm->vcpu);

		/*
		 * For guest debugging where we have to reinject #BP if some
		 * INT3 is guest-owned:
		 * Emulate nRIP by moving RIP forward. Will fail if injection
		 * raises a fault that is not intercepted. Still better than
		 * failing in all cases.
		 */
		skip_emulated_instruction(&svm->vcpu);
		rip = kvm_rip_read(&svm->vcpu);
		svm->int3_rip = rip + svm->vmcb->save.cs.base;
		svm->int3_injected = rip - old_rip;
	}

J
Jan Kiszka 已提交
370 371 372 373 374 375 376
	svm->vmcb->control.event_inj = nr
		| SVM_EVTINJ_VALID
		| (has_error_code ? SVM_EVTINJ_VALID_ERR : 0)
		| SVM_EVTINJ_TYPE_EXEPT;
	svm->vmcb->control.event_inj_err = error_code;
}

A
Avi Kivity 已提交
377 378
static int has_svm(void)
{
379
	const char *msg;
A
Avi Kivity 已提交
380

381
	if (!cpu_has_svm(&msg)) {
J
Joe Perches 已提交
382
		printk(KERN_INFO "has_svm: %s\n", msg);
A
Avi Kivity 已提交
383 384 385 386 387 388 389 390
		return 0;
	}

	return 1;
}

static void svm_hardware_disable(void *garbage)
{
391
	cpu_svm_disable();
A
Avi Kivity 已提交
392 393
}

394
static int svm_hardware_enable(void *garbage)
A
Avi Kivity 已提交
395 396
{

397
	struct svm_cpu_data *sd;
A
Avi Kivity 已提交
398
	uint64_t efer;
399
	struct desc_ptr gdt_descr;
A
Avi Kivity 已提交
400 401 402
	struct desc_struct *gdt;
	int me = raw_smp_processor_id();

403 404 405 406
	rdmsrl(MSR_EFER, efer);
	if (efer & EFER_SVME)
		return -EBUSY;

A
Avi Kivity 已提交
407
	if (!has_svm()) {
408 409
		printk(KERN_ERR "svm_hardware_enable: err EOPNOTSUPP on %d\n",
		       me);
410
		return -EINVAL;
A
Avi Kivity 已提交
411
	}
412
	sd = per_cpu(svm_data, me);
A
Avi Kivity 已提交
413

414
	if (!sd) {
415
		printk(KERN_ERR "svm_hardware_enable: svm_data is NULL on %d\n",
A
Avi Kivity 已提交
416
		       me);
417
		return -EINVAL;
A
Avi Kivity 已提交
418 419
	}

420 421 422
	sd->asid_generation = 1;
	sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
	sd->next_asid = sd->max_asid + 1;
A
Avi Kivity 已提交
423

424
	native_store_gdt(&gdt_descr);
425
	gdt = (struct desc_struct *)gdt_descr.address;
426
	sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
A
Avi Kivity 已提交
427

428
	wrmsrl(MSR_EFER, efer | EFER_SVME);
A
Avi Kivity 已提交
429

430
	wrmsrl(MSR_VM_HSAVE_PA, page_to_pfn(sd->save_area) << PAGE_SHIFT);
431 432

	return 0;
A
Avi Kivity 已提交
433 434
}

435 436
static void svm_cpu_uninit(int cpu)
{
437
	struct svm_cpu_data *sd = per_cpu(svm_data, raw_smp_processor_id());
438

439
	if (!sd)
440 441 442
		return;

	per_cpu(svm_data, raw_smp_processor_id()) = NULL;
443 444
	__free_page(sd->save_area);
	kfree(sd);
445 446
}

A
Avi Kivity 已提交
447 448
static int svm_cpu_init(int cpu)
{
449
	struct svm_cpu_data *sd;
A
Avi Kivity 已提交
450 451
	int r;

452 453
	sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
	if (!sd)
A
Avi Kivity 已提交
454
		return -ENOMEM;
455 456
	sd->cpu = cpu;
	sd->save_area = alloc_page(GFP_KERNEL);
A
Avi Kivity 已提交
457
	r = -ENOMEM;
458
	if (!sd->save_area)
A
Avi Kivity 已提交
459 460
		goto err_1;

461
	per_cpu(svm_data, cpu) = sd;
A
Avi Kivity 已提交
462 463 464 465

	return 0;

err_1:
466
	kfree(sd);
A
Avi Kivity 已提交
467 468 469 470
	return r;

}

471 472 473 474 475 476 477 478 479 480 481
static bool valid_msr_intercept(u32 index)
{
	int i;

	for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++)
		if (direct_access_msrs[i].index == index)
			return true;

	return false;
}

482 483
static void set_msr_interception(u32 *msrpm, unsigned msr,
				 int read, int write)
A
Avi Kivity 已提交
484
{
485 486 487
	u8 bit_read, bit_write;
	unsigned long tmp;
	u32 offset;
A
Avi Kivity 已提交
488

489 490 491 492 493 494
	/*
	 * If this warning triggers extend the direct_access_msrs list at the
	 * beginning of the file
	 */
	WARN_ON(!valid_msr_intercept(msr));

495 496 497 498 499 500 501 502 503 504 505
	offset    = svm_msrpm_offset(msr);
	bit_read  = 2 * (msr & 0x0f);
	bit_write = 2 * (msr & 0x0f) + 1;
	tmp       = msrpm[offset];

	BUG_ON(offset == MSR_INVALID);

	read  ? clear_bit(bit_read,  &tmp) : set_bit(bit_read,  &tmp);
	write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);

	msrpm[offset] = tmp;
A
Avi Kivity 已提交
506 507
}

508 509
static void svm_vcpu_init_msrpm(u32 *msrpm)
{
510 511
	int i;

512 513
	memset(msrpm, 0xff, PAGE_SIZE * (1 << MSRPM_ALLOC_ORDER));

514 515 516 517 518 519
	for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
		if (!direct_access_msrs[i].always)
			continue;

		set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1);
	}
520 521
}

522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564
static void add_msr_offset(u32 offset)
{
	int i;

	for (i = 0; i < MSRPM_OFFSETS; ++i) {

		/* Offset already in list? */
		if (msrpm_offsets[i] == offset)
			return;

		/* Slot used by another offset? */
		if (msrpm_offsets[i] != MSR_INVALID)
			continue;

		/* Add offset to list */
		msrpm_offsets[i] = offset;

		return;
	}

	/*
	 * If this BUG triggers the msrpm_offsets table has an overflow. Just
	 * increase MSRPM_OFFSETS in this case.
	 */
	BUG();
}

static void init_msrpm_offsets(void)
{
	int i;

	memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));

	for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
		u32 offset;

		offset = svm_msrpm_offset(direct_access_msrs[i].index);
		BUG_ON(offset == MSR_INVALID);

		add_msr_offset(offset);
	}
}

565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586
static void svm_enable_lbrv(struct vcpu_svm *svm)
{
	u32 *msrpm = svm->msrpm;

	svm->vmcb->control.lbr_ctl = 1;
	set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
	set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
	set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
	set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
}

static void svm_disable_lbrv(struct vcpu_svm *svm)
{
	u32 *msrpm = svm->msrpm;

	svm->vmcb->control.lbr_ctl = 0;
	set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
	set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
	set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
	set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
}

A
Avi Kivity 已提交
587 588 589 590
static __init int svm_hardware_setup(void)
{
	int cpu;
	struct page *iopm_pages;
591
	void *iopm_va;
A
Avi Kivity 已提交
592 593 594 595 596 597
	int r;

	iopm_pages = alloc_pages(GFP_KERNEL, IOPM_ALLOC_ORDER);

	if (!iopm_pages)
		return -ENOMEM;
598 599 600

	iopm_va = page_address(iopm_pages);
	memset(iopm_va, 0xff, PAGE_SIZE * (1 << IOPM_ALLOC_ORDER));
A
Avi Kivity 已提交
601 602
	iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT;

603 604
	init_msrpm_offsets();

605 606 607
	if (boot_cpu_has(X86_FEATURE_NX))
		kvm_enable_efer_bits(EFER_NX);

A
Alexander Graf 已提交
608 609 610
	if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
		kvm_enable_efer_bits(EFER_FFXSR);

611 612 613 614 615
	if (nested) {
		printk(KERN_INFO "kvm: Nested Virtualization enabled\n");
		kvm_enable_efer_bits(EFER_SVME);
	}

Z
Zachary Amsden 已提交
616
	for_each_possible_cpu(cpu) {
A
Avi Kivity 已提交
617 618
		r = svm_cpu_init(cpu);
		if (r)
619
			goto err;
A
Avi Kivity 已提交
620
	}
621 622 623

	svm_features = cpuid_edx(SVM_CPUID_FUNC);

624 625 626
	if (!svm_has(SVM_FEATURE_NPT))
		npt_enabled = false;

627 628 629 630 631
	if (npt_enabled && !npt) {
		printk(KERN_INFO "kvm: Nested Paging disabled\n");
		npt_enabled = false;
	}

632
	if (npt_enabled) {
633
		printk(KERN_INFO "kvm: Nested Paging enabled\n");
634
		kvm_enable_tdp();
635 636
	} else
		kvm_disable_tdp();
637

A
Avi Kivity 已提交
638 639
	return 0;

640
err:
A
Avi Kivity 已提交
641 642 643 644 645 646 647
	__free_pages(iopm_pages, IOPM_ALLOC_ORDER);
	iopm_base = 0;
	return r;
}

static __exit void svm_hardware_unsetup(void)
{
648 649
	int cpu;

Z
Zachary Amsden 已提交
650
	for_each_possible_cpu(cpu)
651 652
		svm_cpu_uninit(cpu);

A
Avi Kivity 已提交
653
	__free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT), IOPM_ALLOC_ORDER);
654
	iopm_base = 0;
A
Avi Kivity 已提交
655 656 657 658 659 660
}

static void init_seg(struct vmcb_seg *seg)
{
	seg->selector = 0;
	seg->attrib = SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK |
J
Joerg Roedel 已提交
661
		      SVM_SELECTOR_WRITE_MASK; /* Read/Write Data Segment */
A
Avi Kivity 已提交
662 663 664 665 666 667 668 669 670 671 672 673
	seg->limit = 0xffff;
	seg->base = 0;
}

static void init_sys_seg(struct vmcb_seg *seg, uint32_t type)
{
	seg->selector = 0;
	seg->attrib = SVM_SELECTOR_P_MASK | type;
	seg->limit = 0xffff;
	seg->base = 0;
}

674
static void init_vmcb(struct vcpu_svm *svm)
A
Avi Kivity 已提交
675
{
676 677
	struct vmcb_control_area *control = &svm->vmcb->control;
	struct vmcb_save_area *save = &svm->vmcb->save;
A
Avi Kivity 已提交
678

679 680
	svm->vcpu.fpu_active = 1;

J
Joerg Roedel 已提交
681
	control->intercept_cr_read =	INTERCEPT_CR0_MASK |
A
Avi Kivity 已提交
682
					INTERCEPT_CR3_MASK |
683
					INTERCEPT_CR4_MASK;
A
Avi Kivity 已提交
684

J
Joerg Roedel 已提交
685
	control->intercept_cr_write =	INTERCEPT_CR0_MASK |
A
Avi Kivity 已提交
686
					INTERCEPT_CR3_MASK |
687 688
					INTERCEPT_CR4_MASK |
					INTERCEPT_CR8_MASK;
A
Avi Kivity 已提交
689

J
Joerg Roedel 已提交
690
	control->intercept_dr_read =	INTERCEPT_DR0_MASK |
A
Avi Kivity 已提交
691 692
					INTERCEPT_DR1_MASK |
					INTERCEPT_DR2_MASK |
693 694 695 696 697
					INTERCEPT_DR3_MASK |
					INTERCEPT_DR4_MASK |
					INTERCEPT_DR5_MASK |
					INTERCEPT_DR6_MASK |
					INTERCEPT_DR7_MASK;
A
Avi Kivity 已提交
698

J
Joerg Roedel 已提交
699
	control->intercept_dr_write =	INTERCEPT_DR0_MASK |
A
Avi Kivity 已提交
700 701 702
					INTERCEPT_DR1_MASK |
					INTERCEPT_DR2_MASK |
					INTERCEPT_DR3_MASK |
703
					INTERCEPT_DR4_MASK |
A
Avi Kivity 已提交
704
					INTERCEPT_DR5_MASK |
705
					INTERCEPT_DR6_MASK |
A
Avi Kivity 已提交
706 707
					INTERCEPT_DR7_MASK;

708
	control->intercept_exceptions = (1 << PF_VECTOR) |
709 710
					(1 << UD_VECTOR) |
					(1 << MC_VECTOR);
A
Avi Kivity 已提交
711 712


J
Joerg Roedel 已提交
713
	control->intercept =	(1ULL << INTERCEPT_INTR) |
A
Avi Kivity 已提交
714
				(1ULL << INTERCEPT_NMI) |
715
				(1ULL << INTERCEPT_SMI) |
A
Avi Kivity 已提交
716
				(1ULL << INTERCEPT_SELECTIVE_CR0) |
A
Avi Kivity 已提交
717
				(1ULL << INTERCEPT_CPUID) |
718
				(1ULL << INTERCEPT_INVD) |
A
Avi Kivity 已提交
719
				(1ULL << INTERCEPT_HLT) |
M
Marcelo Tosatti 已提交
720
				(1ULL << INTERCEPT_INVLPG) |
A
Avi Kivity 已提交
721 722 723 724
				(1ULL << INTERCEPT_INVLPGA) |
				(1ULL << INTERCEPT_IOIO_PROT) |
				(1ULL << INTERCEPT_MSR_PROT) |
				(1ULL << INTERCEPT_TASK_SWITCH) |
725
				(1ULL << INTERCEPT_SHUTDOWN) |
A
Avi Kivity 已提交
726 727 728 729 730 731
				(1ULL << INTERCEPT_VMRUN) |
				(1ULL << INTERCEPT_VMMCALL) |
				(1ULL << INTERCEPT_VMLOAD) |
				(1ULL << INTERCEPT_VMSAVE) |
				(1ULL << INTERCEPT_STGI) |
				(1ULL << INTERCEPT_CLGI) |
732
				(1ULL << INTERCEPT_SKINIT) |
733
				(1ULL << INTERCEPT_WBINVD) |
734 735
				(1ULL << INTERCEPT_MONITOR) |
				(1ULL << INTERCEPT_MWAIT);
A
Avi Kivity 已提交
736 737

	control->iopm_base_pa = iopm_base;
738
	control->msrpm_base_pa = __pa(svm->msrpm);
739
	control->tsc_offset = 0;
A
Avi Kivity 已提交
740 741 742 743 744 745 746 747 748 749 750 751 752
	control->int_ctl = V_INTR_MASKING_MASK;

	init_seg(&save->es);
	init_seg(&save->ss);
	init_seg(&save->ds);
	init_seg(&save->fs);
	init_seg(&save->gs);

	save->cs.selector = 0xf000;
	/* Executable/Readable Code Segment */
	save->cs.attrib = SVM_SELECTOR_READ_MASK | SVM_SELECTOR_P_MASK |
		SVM_SELECTOR_S_MASK | SVM_SELECTOR_CODE_MASK;
	save->cs.limit = 0xffff;
753 754 755 756 757 758 759
	/*
	 * cs.base should really be 0xffff0000, but vmx can't handle that, so
	 * be consistent with it.
	 *
	 * Replace when we have real mode working for vmx.
	 */
	save->cs.base = 0xf0000;
A
Avi Kivity 已提交
760 761 762 763 764 765 766

	save->gdtr.limit = 0xffff;
	save->idtr.limit = 0xffff;

	init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
	init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);

767
	save->efer = EFER_SVME;
M
Mike Day 已提交
768
	save->dr6 = 0xffff0ff0;
A
Avi Kivity 已提交
769 770 771
	save->dr7 = 0x400;
	save->rflags = 2;
	save->rip = 0x0000fff0;
772
	svm->vcpu.arch.regs[VCPU_REGS_RIP] = save->rip;
A
Avi Kivity 已提交
773

J
Joerg Roedel 已提交
774 775
	/*
	 * This is the guest-visible cr0 value.
776
	 * svm_set_cr0() sets PG and WP and clears NW and CD on save->cr0.
A
Avi Kivity 已提交
777
	 */
778 779 780
	svm->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET;
	kvm_set_cr0(&svm->vcpu, svm->vcpu.arch.cr0);

781
	save->cr4 = X86_CR4_PAE;
A
Avi Kivity 已提交
782
	/* rdx = ?? */
783 784 785 786

	if (npt_enabled) {
		/* Setup VMCB for Nested Paging */
		control->nested_ctl = 1;
M
Marcelo Tosatti 已提交
787 788
		control->intercept &= ~((1ULL << INTERCEPT_TASK_SWITCH) |
					(1ULL << INTERCEPT_INVLPG));
789
		control->intercept_exceptions &= ~(1 << PF_VECTOR);
790 791
		control->intercept_cr_read &= ~INTERCEPT_CR3_MASK;
		control->intercept_cr_write &= ~INTERCEPT_CR3_MASK;
792 793 794 795
		save->g_pat = 0x0007040600070406ULL;
		save->cr3 = 0;
		save->cr4 = 0;
	}
796
	force_new_asid(&svm->vcpu);
797

798
	svm->nested.vmcb = 0;
799 800
	svm->vcpu.arch.hflags = 0;

801 802 803 804 805
	if (svm_has(SVM_FEATURE_PAUSE_FILTER)) {
		control->pause_filter_count = 3000;
		control->intercept |= (1ULL << INTERCEPT_PAUSE);
	}

806
	enable_gif(svm);
A
Avi Kivity 已提交
807 808
}

809
static int svm_vcpu_reset(struct kvm_vcpu *vcpu)
810 811 812
{
	struct vcpu_svm *svm = to_svm(vcpu);

813
	init_vmcb(svm);
A
Avi Kivity 已提交
814

815
	if (!kvm_vcpu_is_bsp(vcpu)) {
816
		kvm_rip_write(vcpu, 0);
817 818
		svm->vmcb->save.cs.base = svm->vcpu.arch.sipi_vector << 12;
		svm->vmcb->save.cs.selector = svm->vcpu.arch.sipi_vector << 8;
A
Avi Kivity 已提交
819
	}
820 821
	vcpu->arch.regs_avail = ~0;
	vcpu->arch.regs_dirty = ~0;
822 823

	return 0;
824 825
}

R
Rusty Russell 已提交
826
static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id)
A
Avi Kivity 已提交
827
{
828
	struct vcpu_svm *svm;
A
Avi Kivity 已提交
829
	struct page *page;
830
	struct page *msrpm_pages;
A
Alexander Graf 已提交
831
	struct page *hsave_page;
A
Alexander Graf 已提交
832
	struct page *nested_msrpm_pages;
R
Rusty Russell 已提交
833
	int err;
A
Avi Kivity 已提交
834

835
	svm = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
R
Rusty Russell 已提交
836 837 838 839 840 841 842 843 844
	if (!svm) {
		err = -ENOMEM;
		goto out;
	}

	err = kvm_vcpu_init(&svm->vcpu, kvm, id);
	if (err)
		goto free_svm;

845
	err = -ENOMEM;
A
Avi Kivity 已提交
846
	page = alloc_page(GFP_KERNEL);
847
	if (!page)
R
Rusty Russell 已提交
848
		goto uninit;
A
Avi Kivity 已提交
849

850 851
	msrpm_pages = alloc_pages(GFP_KERNEL, MSRPM_ALLOC_ORDER);
	if (!msrpm_pages)
852
		goto free_page1;
A
Alexander Graf 已提交
853 854 855

	nested_msrpm_pages = alloc_pages(GFP_KERNEL, MSRPM_ALLOC_ORDER);
	if (!nested_msrpm_pages)
856
		goto free_page2;
857

A
Alexander Graf 已提交
858 859
	hsave_page = alloc_page(GFP_KERNEL);
	if (!hsave_page)
860 861
		goto free_page3;

862
	svm->nested.hsave = page_address(hsave_page);
A
Alexander Graf 已提交
863

864 865 866
	svm->msrpm = page_address(msrpm_pages);
	svm_vcpu_init_msrpm(svm->msrpm);

867
	svm->nested.msrpm = page_address(nested_msrpm_pages);
868
	svm_vcpu_init_msrpm(svm->nested.msrpm);
A
Alexander Graf 已提交
869

870 871 872 873
	svm->vmcb = page_address(page);
	clear_page(svm->vmcb);
	svm->vmcb_pa = page_to_pfn(page) << PAGE_SHIFT;
	svm->asid_generation = 0;
874
	init_vmcb(svm);
875

R
Rusty Russell 已提交
876
	fx_init(&svm->vcpu);
877
	svm->vcpu.arch.apic_base = 0xfee00000 | MSR_IA32_APICBASE_ENABLE;
878
	if (kvm_vcpu_is_bsp(&svm->vcpu))
879
		svm->vcpu.arch.apic_base |= MSR_IA32_APICBASE_BSP;
A
Avi Kivity 已提交
880

R
Rusty Russell 已提交
881
	return &svm->vcpu;
882

883 884 885 886 887 888
free_page3:
	__free_pages(nested_msrpm_pages, MSRPM_ALLOC_ORDER);
free_page2:
	__free_pages(msrpm_pages, MSRPM_ALLOC_ORDER);
free_page1:
	__free_page(page);
R
Rusty Russell 已提交
889 890 891
uninit:
	kvm_vcpu_uninit(&svm->vcpu);
free_svm:
892
	kmem_cache_free(kvm_vcpu_cache, svm);
R
Rusty Russell 已提交
893 894
out:
	return ERR_PTR(err);
A
Avi Kivity 已提交
895 896 897 898
}

static void svm_free_vcpu(struct kvm_vcpu *vcpu)
{
899 900
	struct vcpu_svm *svm = to_svm(vcpu);

R
Rusty Russell 已提交
901
	__free_page(pfn_to_page(svm->vmcb_pa >> PAGE_SHIFT));
902
	__free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER);
903 904
	__free_page(virt_to_page(svm->nested.hsave));
	__free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
R
Rusty Russell 已提交
905
	kvm_vcpu_uninit(vcpu);
906
	kmem_cache_free(kvm_vcpu_cache, svm);
A
Avi Kivity 已提交
907 908
}

909
static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
A
Avi Kivity 已提交
910
{
911
	struct vcpu_svm *svm = to_svm(vcpu);
912
	int i;
913 914

	if (unlikely(cpu != vcpu->cpu)) {
915
		u64 delta;
916

917 918 919 920 921 922 923 924 925 926
		if (check_tsc_unstable()) {
			/*
			 * Make sure that the guest sees a monotonically
			 * increasing TSC.
			 */
			delta = vcpu->arch.host_tsc - native_read_tsc();
			svm->vmcb->control.tsc_offset += delta;
			if (is_nested(svm))
				svm->nested.hsave->control.tsc_offset += delta;
		}
927
		vcpu->cpu = cpu;
M
Marcelo Tosatti 已提交
928
		kvm_migrate_timers(vcpu);
929
		svm->asid_generation = 0;
930
	}
931 932

	for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
933
		rdmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
A
Avi Kivity 已提交
934 935 936 937
}

static void svm_vcpu_put(struct kvm_vcpu *vcpu)
{
938
	struct vcpu_svm *svm = to_svm(vcpu);
939 940
	int i;

941
	++vcpu->stat.host_state_reload;
942
	for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
943
		wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
944

945
	vcpu->arch.host_tsc = native_read_tsc();
A
Avi Kivity 已提交
946 947 948 949
}

static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
{
950
	return to_svm(vcpu)->vmcb->save.rflags;
A
Avi Kivity 已提交
951 952 953 954
}

static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
{
955
	to_svm(vcpu)->vmcb->save.rflags = rflags;
A
Avi Kivity 已提交
956 957
}

A
Avi Kivity 已提交
958 959 960 961 962 963 964 965 966 967 968 969
static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
{
	switch (reg) {
	case VCPU_EXREG_PDPTR:
		BUG_ON(!npt_enabled);
		load_pdptrs(vcpu, vcpu->arch.cr3);
		break;
	default:
		BUG();
	}
}

970 971 972 973 974 975 976 977 978 979
static void svm_set_vintr(struct vcpu_svm *svm)
{
	svm->vmcb->control.intercept |= 1ULL << INTERCEPT_VINTR;
}

static void svm_clear_vintr(struct vcpu_svm *svm)
{
	svm->vmcb->control.intercept &= ~(1ULL << INTERCEPT_VINTR);
}

A
Avi Kivity 已提交
980 981
static struct vmcb_seg *svm_seg(struct kvm_vcpu *vcpu, int seg)
{
982
	struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
A
Avi Kivity 已提交
983 984 985 986 987 988 989 990 991 992 993 994

	switch (seg) {
	case VCPU_SREG_CS: return &save->cs;
	case VCPU_SREG_DS: return &save->ds;
	case VCPU_SREG_ES: return &save->es;
	case VCPU_SREG_FS: return &save->fs;
	case VCPU_SREG_GS: return &save->gs;
	case VCPU_SREG_SS: return &save->ss;
	case VCPU_SREG_TR: return &save->tr;
	case VCPU_SREG_LDTR: return &save->ldtr;
	}
	BUG();
A
Al Viro 已提交
995
	return NULL;
A
Avi Kivity 已提交
996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020
}

static u64 svm_get_segment_base(struct kvm_vcpu *vcpu, int seg)
{
	struct vmcb_seg *s = svm_seg(vcpu, seg);

	return s->base;
}

static void svm_get_segment(struct kvm_vcpu *vcpu,
			    struct kvm_segment *var, int seg)
{
	struct vmcb_seg *s = svm_seg(vcpu, seg);

	var->base = s->base;
	var->limit = s->limit;
	var->selector = s->selector;
	var->type = s->attrib & SVM_SELECTOR_TYPE_MASK;
	var->s = (s->attrib >> SVM_SELECTOR_S_SHIFT) & 1;
	var->dpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
	var->present = (s->attrib >> SVM_SELECTOR_P_SHIFT) & 1;
	var->avl = (s->attrib >> SVM_SELECTOR_AVL_SHIFT) & 1;
	var->l = (s->attrib >> SVM_SELECTOR_L_SHIFT) & 1;
	var->db = (s->attrib >> SVM_SELECTOR_DB_SHIFT) & 1;
	var->g = (s->attrib >> SVM_SELECTOR_G_SHIFT) & 1;
1021

J
Joerg Roedel 已提交
1022 1023
	/*
	 * AMD's VMCB does not have an explicit unusable field, so emulate it
1024 1025 1026 1027
	 * for cross vendor migration purposes by "not present"
	 */
	var->unusable = !var->present || (var->type == 0);

1028 1029 1030 1031 1032 1033 1034
	switch (seg) {
	case VCPU_SREG_CS:
		/*
		 * SVM always stores 0 for the 'G' bit in the CS selector in
		 * the VMCB on a VMEXIT. This hurts cross-vendor migration:
		 * Intel's VMENTRY has a check on the 'G' bit.
		 */
1035
		var->g = s->limit > 0xfffff;
1036 1037 1038 1039 1040 1041
		break;
	case VCPU_SREG_TR:
		/*
		 * Work around a bug where the busy flag in the tr selector
		 * isn't exposed
		 */
1042
		var->type |= 0x2;
1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057
		break;
	case VCPU_SREG_DS:
	case VCPU_SREG_ES:
	case VCPU_SREG_FS:
	case VCPU_SREG_GS:
		/*
		 * The accessed bit must always be set in the segment
		 * descriptor cache, although it can be cleared in the
		 * descriptor, the cached bit always remains at 1. Since
		 * Intel has a check on this, set it here to support
		 * cross-vendor migration.
		 */
		if (!var->unusable)
			var->type |= 0x1;
		break;
1058
	case VCPU_SREG_SS:
J
Joerg Roedel 已提交
1059 1060
		/*
		 * On AMD CPUs sometimes the DB bit in the segment
1061 1062 1063 1064 1065 1066 1067
		 * descriptor is left as 1, although the whole segment has
		 * been made unusable. Clear it here to pass an Intel VMX
		 * entry check when cross vendor migrating.
		 */
		if (var->unusable)
			var->db = 0;
		break;
1068
	}
A
Avi Kivity 已提交
1069 1070
}

1071 1072 1073 1074 1075 1076 1077
static int svm_get_cpl(struct kvm_vcpu *vcpu)
{
	struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;

	return save->cpl;
}

1078
static void svm_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
A
Avi Kivity 已提交
1079
{
1080 1081
	struct vcpu_svm *svm = to_svm(vcpu);

1082 1083
	dt->size = svm->vmcb->save.idtr.limit;
	dt->address = svm->vmcb->save.idtr.base;
A
Avi Kivity 已提交
1084 1085
}

1086
static void svm_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
A
Avi Kivity 已提交
1087
{
1088 1089
	struct vcpu_svm *svm = to_svm(vcpu);

1090 1091
	svm->vmcb->save.idtr.limit = dt->size;
	svm->vmcb->save.idtr.base = dt->address ;
A
Avi Kivity 已提交
1092 1093
}

1094
static void svm_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
A
Avi Kivity 已提交
1095
{
1096 1097
	struct vcpu_svm *svm = to_svm(vcpu);

1098 1099
	dt->size = svm->vmcb->save.gdtr.limit;
	dt->address = svm->vmcb->save.gdtr.base;
A
Avi Kivity 已提交
1100 1101
}

1102
static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
A
Avi Kivity 已提交
1103
{
1104 1105
	struct vcpu_svm *svm = to_svm(vcpu);

1106 1107
	svm->vmcb->save.gdtr.limit = dt->size;
	svm->vmcb->save.gdtr.base = dt->address ;
A
Avi Kivity 已提交
1108 1109
}

1110 1111 1112 1113
static void svm_decache_cr0_guest_bits(struct kvm_vcpu *vcpu)
{
}

1114
static void svm_decache_cr4_guest_bits(struct kvm_vcpu *vcpu)
1115 1116 1117
{
}

A
Avi Kivity 已提交
1118 1119
static void update_cr0_intercept(struct vcpu_svm *svm)
{
1120
	struct vmcb *vmcb = svm->vmcb;
A
Avi Kivity 已提交
1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131
	ulong gcr0 = svm->vcpu.arch.cr0;
	u64 *hcr0 = &svm->vmcb->save.cr0;

	if (!svm->vcpu.fpu_active)
		*hcr0 |= SVM_CR0_SELECTIVE_MASK;
	else
		*hcr0 = (*hcr0 & ~SVM_CR0_SELECTIVE_MASK)
			| (gcr0 & SVM_CR0_SELECTIVE_MASK);


	if (gcr0 == *hcr0 && svm->vcpu.fpu_active) {
1132 1133 1134 1135 1136 1137 1138 1139 1140 1141
		vmcb->control.intercept_cr_read &= ~INTERCEPT_CR0_MASK;
		vmcb->control.intercept_cr_write &= ~INTERCEPT_CR0_MASK;
		if (is_nested(svm)) {
			struct vmcb *hsave = svm->nested.hsave;

			hsave->control.intercept_cr_read  &= ~INTERCEPT_CR0_MASK;
			hsave->control.intercept_cr_write &= ~INTERCEPT_CR0_MASK;
			vmcb->control.intercept_cr_read  |= svm->nested.intercept_cr_read;
			vmcb->control.intercept_cr_write |= svm->nested.intercept_cr_write;
		}
A
Avi Kivity 已提交
1142 1143 1144
	} else {
		svm->vmcb->control.intercept_cr_read |= INTERCEPT_CR0_MASK;
		svm->vmcb->control.intercept_cr_write |= INTERCEPT_CR0_MASK;
1145 1146 1147 1148 1149 1150
		if (is_nested(svm)) {
			struct vmcb *hsave = svm->nested.hsave;

			hsave->control.intercept_cr_read |= INTERCEPT_CR0_MASK;
			hsave->control.intercept_cr_write |= INTERCEPT_CR0_MASK;
		}
A
Avi Kivity 已提交
1151 1152 1153
	}
}

A
Avi Kivity 已提交
1154 1155
static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
{
1156 1157
	struct vcpu_svm *svm = to_svm(vcpu);

1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178
	if (is_nested(svm)) {
		/*
		 * We are here because we run in nested mode, the host kvm
		 * intercepts cr0 writes but the l1 hypervisor does not.
		 * But the L1 hypervisor may intercept selective cr0 writes.
		 * This needs to be checked here.
		 */
		unsigned long old, new;

		/* Remove bits that would trigger a real cr0 write intercept */
		old = vcpu->arch.cr0 & SVM_CR0_SELECTIVE_MASK;
		new = cr0 & SVM_CR0_SELECTIVE_MASK;

		if (old == new) {
			/* cr0 write with ts and mp unchanged */
			svm->vmcb->control.exit_code = SVM_EXIT_CR0_SEL_WRITE;
			if (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE)
				return;
		}
	}

1179
#ifdef CONFIG_X86_64
1180
	if (vcpu->arch.efer & EFER_LME) {
1181
		if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
1182
			vcpu->arch.efer |= EFER_LMA;
1183
			svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
A
Avi Kivity 已提交
1184 1185
		}

M
Mike Day 已提交
1186
		if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
1187
			vcpu->arch.efer &= ~EFER_LMA;
1188
			svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
A
Avi Kivity 已提交
1189 1190 1191
		}
	}
#endif
1192
	vcpu->arch.cr0 = cr0;
1193 1194 1195

	if (!npt_enabled)
		cr0 |= X86_CR0_PG | X86_CR0_WP;
1196 1197

	if (!vcpu->fpu_active)
J
Joerg Roedel 已提交
1198
		cr0 |= X86_CR0_TS;
1199 1200 1201 1202 1203 1204
	/*
	 * re-enable caching here because the QEMU bios
	 * does not do it - this results in some delay at
	 * reboot
	 */
	cr0 &= ~(X86_CR0_CD | X86_CR0_NW);
1205
	svm->vmcb->save.cr0 = cr0;
A
Avi Kivity 已提交
1206
	update_cr0_intercept(svm);
A
Avi Kivity 已提交
1207 1208 1209 1210
}

static void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
{
1211
	unsigned long host_cr4_mce = read_cr4() & X86_CR4_MCE;
1212 1213 1214 1215
	unsigned long old_cr4 = to_svm(vcpu)->vmcb->save.cr4;

	if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
		force_new_asid(vcpu);
1216

1217 1218 1219
	vcpu->arch.cr4 = cr4;
	if (!npt_enabled)
		cr4 |= X86_CR4_PAE;
1220
	cr4 |= host_cr4_mce;
1221
	to_svm(vcpu)->vmcb->save.cr4 = cr4;
A
Avi Kivity 已提交
1222 1223 1224 1225 1226
}

static void svm_set_segment(struct kvm_vcpu *vcpu,
			    struct kvm_segment *var, int seg)
{
1227
	struct vcpu_svm *svm = to_svm(vcpu);
A
Avi Kivity 已提交
1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245
	struct vmcb_seg *s = svm_seg(vcpu, seg);

	s->base = var->base;
	s->limit = var->limit;
	s->selector = var->selector;
	if (var->unusable)
		s->attrib = 0;
	else {
		s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK);
		s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT;
		s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT;
		s->attrib |= (var->present & 1) << SVM_SELECTOR_P_SHIFT;
		s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT;
		s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT;
		s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT;
		s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT;
	}
	if (seg == VCPU_SREG_CS)
1246 1247
		svm->vmcb->save.cpl
			= (svm->vmcb->save.cs.attrib
A
Avi Kivity 已提交
1248 1249 1250 1251
			   >> SVM_SELECTOR_DPL_SHIFT) & 3;

}

1252
static void update_db_intercept(struct kvm_vcpu *vcpu)
A
Avi Kivity 已提交
1253
{
J
Jan Kiszka 已提交
1254 1255 1256 1257
	struct vcpu_svm *svm = to_svm(vcpu);

	svm->vmcb->control.intercept_exceptions &=
		~((1 << DB_VECTOR) | (1 << BP_VECTOR));
1258

J
Jan Kiszka 已提交
1259
	if (svm->nmi_singlestep)
1260 1261
		svm->vmcb->control.intercept_exceptions |= (1 << DB_VECTOR);

J
Jan Kiszka 已提交
1262 1263 1264 1265 1266 1267 1268 1269 1270 1271
	if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
		if (vcpu->guest_debug &
		    (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
			svm->vmcb->control.intercept_exceptions |=
				1 << DB_VECTOR;
		if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
			svm->vmcb->control.intercept_exceptions |=
				1 << BP_VECTOR;
	} else
		vcpu->guest_debug = 0;
1272 1273
}

1274
static void svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
1275 1276 1277
{
	struct vcpu_svm *svm = to_svm(vcpu);

1278 1279 1280 1281 1282
	if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
		svm->vmcb->save.dr7 = dbg->arch.debugreg[7];
	else
		svm->vmcb->save.dr7 = vcpu->arch.dr7;

1283
	update_db_intercept(vcpu);
A
Avi Kivity 已提交
1284 1285 1286 1287
}

static void load_host_msrs(struct kvm_vcpu *vcpu)
{
1288
#ifdef CONFIG_X86_64
1289
	wrmsrl(MSR_GS_BASE, to_svm(vcpu)->host_gs_base);
1290
#endif
A
Avi Kivity 已提交
1291 1292 1293 1294
}

static void save_host_msrs(struct kvm_vcpu *vcpu)
{
1295
#ifdef CONFIG_X86_64
1296
	rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host_gs_base);
1297
#endif
A
Avi Kivity 已提交
1298 1299
}

1300
static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
A
Avi Kivity 已提交
1301
{
1302 1303 1304
	if (sd->next_asid > sd->max_asid) {
		++sd->asid_generation;
		sd->next_asid = 1;
1305
		svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
A
Avi Kivity 已提交
1306 1307
	}

1308 1309
	svm->asid_generation = sd->asid_generation;
	svm->vmcb->control.asid = sd->next_asid++;
A
Avi Kivity 已提交
1310 1311
}

1312
static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
A
Avi Kivity 已提交
1313
{
1314 1315
	struct vcpu_svm *svm = to_svm(vcpu);

1316
	svm->vmcb->save.dr7 = value;
A
Avi Kivity 已提交
1317 1318
}

A
Avi Kivity 已提交
1319
static int pf_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
1320 1321 1322 1323
{
	u64 fault_address;
	u32 error_code;

1324 1325
	fault_address  = svm->vmcb->control.exit_info_2;
	error_code = svm->vmcb->control.exit_info_1;
1326

1327
	trace_kvm_page_fault(fault_address, error_code);
1328 1329
	if (!npt_enabled && kvm_event_needs_reinjection(&svm->vcpu))
		kvm_mmu_unprotect_page_virt(&svm->vcpu, fault_address);
1330
	return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code);
A
Avi Kivity 已提交
1331 1332
}

A
Avi Kivity 已提交
1333
static int db_interception(struct vcpu_svm *svm)
J
Jan Kiszka 已提交
1334
{
A
Avi Kivity 已提交
1335 1336
	struct kvm_run *kvm_run = svm->vcpu.run;

J
Jan Kiszka 已提交
1337
	if (!(svm->vcpu.guest_debug &
1338
	      (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
J
Jan Kiszka 已提交
1339
		!svm->nmi_singlestep) {
J
Jan Kiszka 已提交
1340 1341 1342
		kvm_queue_exception(&svm->vcpu, DB_VECTOR);
		return 1;
	}
1343

J
Jan Kiszka 已提交
1344 1345
	if (svm->nmi_singlestep) {
		svm->nmi_singlestep = false;
1346 1347 1348 1349 1350 1351 1352
		if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
			svm->vmcb->save.rflags &=
				~(X86_EFLAGS_TF | X86_EFLAGS_RF);
		update_db_intercept(&svm->vcpu);
	}

	if (svm->vcpu.guest_debug &
J
Joerg Roedel 已提交
1353
	    (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) {
1354 1355 1356 1357 1358 1359 1360 1361
		kvm_run->exit_reason = KVM_EXIT_DEBUG;
		kvm_run->debug.arch.pc =
			svm->vmcb->save.cs.base + svm->vmcb->save.rip;
		kvm_run->debug.arch.exception = DB_VECTOR;
		return 0;
	}

	return 1;
J
Jan Kiszka 已提交
1362 1363
}

A
Avi Kivity 已提交
1364
static int bp_interception(struct vcpu_svm *svm)
J
Jan Kiszka 已提交
1365
{
A
Avi Kivity 已提交
1366 1367
	struct kvm_run *kvm_run = svm->vcpu.run;

J
Jan Kiszka 已提交
1368 1369 1370 1371 1372 1373
	kvm_run->exit_reason = KVM_EXIT_DEBUG;
	kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
	kvm_run->debug.arch.exception = BP_VECTOR;
	return 0;
}

A
Avi Kivity 已提交
1374
static int ud_interception(struct vcpu_svm *svm)
1375 1376 1377
{
	int er;

A
Avi Kivity 已提交
1378
	er = emulate_instruction(&svm->vcpu, 0, 0, EMULTYPE_TRAP_UD);
1379
	if (er != EMULATE_DONE)
1380
		kvm_queue_exception(&svm->vcpu, UD_VECTOR);
1381 1382 1383
	return 1;
}

A
Avi Kivity 已提交
1384
static void svm_fpu_activate(struct kvm_vcpu *vcpu)
A
Anthony Liguori 已提交
1385
{
A
Avi Kivity 已提交
1386
	struct vcpu_svm *svm = to_svm(vcpu);
1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397
	u32 excp;

	if (is_nested(svm)) {
		u32 h_excp, n_excp;

		h_excp  = svm->nested.hsave->control.intercept_exceptions;
		n_excp  = svm->nested.intercept_exceptions;
		h_excp &= ~(1 << NM_VECTOR);
		excp    = h_excp | n_excp;
	} else {
		excp  = svm->vmcb->control.intercept_exceptions;
J
Joerg Roedel 已提交
1398
		excp &= ~(1 << NM_VECTOR);
1399 1400 1401 1402
	}

	svm->vmcb->control.intercept_exceptions = excp;

R
Rusty Russell 已提交
1403
	svm->vcpu.fpu_active = 1;
A
Avi Kivity 已提交
1404
	update_cr0_intercept(svm);
A
Avi Kivity 已提交
1405
}
1406

A
Avi Kivity 已提交
1407 1408 1409
static int nm_interception(struct vcpu_svm *svm)
{
	svm_fpu_activate(&svm->vcpu);
1410
	return 1;
A
Anthony Liguori 已提交
1411 1412
}

A
Avi Kivity 已提交
1413
static int mc_interception(struct vcpu_svm *svm)
1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425
{
	/*
	 * On an #MC intercept the MCE handler is not called automatically in
	 * the host. So do it by hand here.
	 */
	asm volatile (
		"int $0x12\n");
	/* not sure if we ever come back to this point */

	return 1;
}

A
Avi Kivity 已提交
1426
static int shutdown_interception(struct vcpu_svm *svm)
1427
{
A
Avi Kivity 已提交
1428 1429
	struct kvm_run *kvm_run = svm->vcpu.run;

1430 1431 1432 1433
	/*
	 * VMCB is undefined after a SHUTDOWN intercept
	 * so reinitialize it.
	 */
1434
	clear_page(svm->vmcb);
1435
	init_vmcb(svm);
1436 1437 1438 1439 1440

	kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
	return 0;
}

A
Avi Kivity 已提交
1441
static int io_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
1442
{
1443
	struct kvm_vcpu *vcpu = &svm->vcpu;
M
Mike Day 已提交
1444
	u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
1445
	int size, in, string;
1446
	unsigned port;
A
Avi Kivity 已提交
1447

R
Rusty Russell 已提交
1448
	++svm->vcpu.stat.io_exits;
1449
	string = (io_info & SVM_IOIO_STR_MASK) != 0;
1450
	in = (io_info & SVM_IOIO_TYPE_MASK) != 0;
1451 1452 1453
	if (string || in)
		return !(emulate_instruction(vcpu, 0, 0, 0) == EMULATE_DO_MMIO);

1454 1455
	port = io_info >> 16;
	size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
1456
	svm->next_rip = svm->vmcb->control.exit_info_2;
1457
	skip_emulated_instruction(&svm->vcpu);
1458 1459

	return kvm_fast_pio_out(vcpu, size, port);
A
Avi Kivity 已提交
1460 1461
}

A
Avi Kivity 已提交
1462
static int nmi_interception(struct vcpu_svm *svm)
1463 1464 1465 1466
{
	return 1;
}

A
Avi Kivity 已提交
1467
static int intr_interception(struct vcpu_svm *svm)
1468 1469 1470 1471 1472
{
	++svm->vcpu.stat.irq_exits;
	return 1;
}

A
Avi Kivity 已提交
1473
static int nop_on_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
1474 1475 1476 1477
{
	return 1;
}

A
Avi Kivity 已提交
1478
static int halt_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
1479
{
1480
	svm->next_rip = kvm_rip_read(&svm->vcpu) + 1;
R
Rusty Russell 已提交
1481 1482
	skip_emulated_instruction(&svm->vcpu);
	return kvm_emulate_halt(&svm->vcpu);
A
Avi Kivity 已提交
1483 1484
}

A
Avi Kivity 已提交
1485
static int vmmcall_interception(struct vcpu_svm *svm)
1486
{
1487
	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
R
Rusty Russell 已提交
1488
	skip_emulated_instruction(&svm->vcpu);
1489 1490
	kvm_emulate_hypercall(&svm->vcpu);
	return 1;
1491 1492
}

1493 1494
static int nested_svm_check_permissions(struct vcpu_svm *svm)
{
1495
	if (!(svm->vcpu.arch.efer & EFER_SVME)
1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508
	    || !is_paging(&svm->vcpu)) {
		kvm_queue_exception(&svm->vcpu, UD_VECTOR);
		return 1;
	}

	if (svm->vmcb->save.cpl) {
		kvm_inject_gp(&svm->vcpu, 0);
		return 1;
	}

       return 0;
}

1509 1510 1511
static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
				      bool has_error_code, u32 error_code)
{
1512 1513
	int vmexit;

1514 1515
	if (!is_nested(svm))
		return 0;
1516

1517 1518 1519 1520 1521
	svm->vmcb->control.exit_code = SVM_EXIT_EXCP_BASE + nr;
	svm->vmcb->control.exit_code_hi = 0;
	svm->vmcb->control.exit_info_1 = error_code;
	svm->vmcb->control.exit_info_2 = svm->vcpu.arch.cr2;

1522 1523 1524 1525 1526
	vmexit = nested_svm_intercept(svm);
	if (vmexit == NESTED_EXIT_DONE)
		svm->nested.exit_required = true;

	return vmexit;
1527 1528
}

1529 1530
/* This function returns true if it is save to enable the irq window */
static inline bool nested_svm_intr(struct vcpu_svm *svm)
1531
{
1532
	if (!is_nested(svm))
1533
		return true;
1534

1535
	if (!(svm->vcpu.arch.hflags & HF_VINTR_MASK))
1536
		return true;
1537

1538
	if (!(svm->vcpu.arch.hflags & HF_HIF_MASK))
1539
		return false;
1540

1541 1542 1543
	svm->vmcb->control.exit_code   = SVM_EXIT_INTR;
	svm->vmcb->control.exit_info_1 = 0;
	svm->vmcb->control.exit_info_2 = 0;
1544

1545 1546 1547 1548 1549 1550 1551 1552
	if (svm->nested.intercept & 1ULL) {
		/*
		 * The #vmexit can't be emulated here directly because this
		 * code path runs with irqs and preemtion disabled. A
		 * #vmexit emulation might sleep. Only signal request for
		 * the #vmexit here.
		 */
		svm->nested.exit_required = true;
1553
		trace_kvm_nested_intr_vmexit(svm->vmcb->save.rip);
1554
		return false;
1555 1556
	}

1557
	return true;
1558 1559
}

1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574
/* This function returns true if it is save to enable the nmi window */
static inline bool nested_svm_nmi(struct vcpu_svm *svm)
{
	if (!is_nested(svm))
		return true;

	if (!(svm->nested.intercept & (1ULL << INTERCEPT_NMI)))
		return true;

	svm->vmcb->control.exit_code = SVM_EXIT_NMI;
	svm->nested.exit_required = true;

	return false;
}

1575
static void *nested_svm_map(struct vcpu_svm *svm, u64 gpa, struct page **_page)
1576 1577 1578
{
	struct page *page;

1579 1580
	might_sleep();

1581 1582 1583 1584
	page = gfn_to_page(svm->vcpu.kvm, gpa >> PAGE_SHIFT);
	if (is_error_page(page))
		goto error;

1585 1586 1587
	*_page = page;

	return kmap(page);
1588 1589 1590 1591 1592 1593 1594 1595

error:
	kvm_release_page_clean(page);
	kvm_inject_gp(&svm->vcpu, 0);

	return NULL;
}

1596
static void nested_svm_unmap(struct page *page)
1597
{
1598
	kunmap(page);
1599 1600 1601
	kvm_release_page_dirty(page);
}

1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621
static int nested_svm_intercept_ioio(struct vcpu_svm *svm)
{
	unsigned port;
	u8 val, bit;
	u64 gpa;

	if (!(svm->nested.intercept & (1ULL << INTERCEPT_IOIO_PROT)))
		return NESTED_EXIT_HOST;

	port = svm->vmcb->control.exit_info_1 >> 16;
	gpa  = svm->nested.vmcb_iopm + (port / 8);
	bit  = port % 8;
	val  = 0;

	if (kvm_read_guest(svm->vcpu.kvm, gpa, &val, 1))
		val &= (1 << bit);

	return val ? NESTED_EXIT_DONE : NESTED_EXIT_HOST;
}

1622
static int nested_svm_exit_handled_msr(struct vcpu_svm *svm)
1623
{
1624 1625
	u32 offset, msr, value;
	int write, mask;
1626

1627
	if (!(svm->nested.intercept & (1ULL << INTERCEPT_MSR_PROT)))
1628
		return NESTED_EXIT_HOST;
1629

1630 1631 1632 1633
	msr    = svm->vcpu.arch.regs[VCPU_REGS_RCX];
	offset = svm_msrpm_offset(msr);
	write  = svm->vmcb->control.exit_info_1 & 1;
	mask   = 1 << ((2 * (msr & 0xf)) + write);
1634

1635 1636
	if (offset == MSR_INVALID)
		return NESTED_EXIT_DONE;
1637

1638 1639 1640 1641 1642 1643 1644
	/* Offset is in 32 bit units but need in 8 bit units */
	offset *= 4;

	if (kvm_read_guest(svm->vcpu.kvm, svm->nested.vmcb_msrpm + offset, &value, 4))
		return NESTED_EXIT_DONE;

	return (value & mask) ? NESTED_EXIT_DONE : NESTED_EXIT_HOST;
1645 1646
}

1647
static int nested_svm_exit_special(struct vcpu_svm *svm)
1648 1649
{
	u32 exit_code = svm->vmcb->control.exit_code;
1650

1651 1652 1653
	switch (exit_code) {
	case SVM_EXIT_INTR:
	case SVM_EXIT_NMI:
1654
	case SVM_EXIT_EXCP_BASE + MC_VECTOR:
1655 1656
		return NESTED_EXIT_HOST;
	case SVM_EXIT_NPF:
J
Joerg Roedel 已提交
1657
		/* For now we are always handling NPFs when using them */
1658 1659 1660 1661
		if (npt_enabled)
			return NESTED_EXIT_HOST;
		break;
	case SVM_EXIT_EXCP_BASE + PF_VECTOR:
J
Joerg Roedel 已提交
1662
		/* When we're shadowing, trap PFs */
1663 1664 1665
		if (!npt_enabled)
			return NESTED_EXIT_HOST;
		break;
1666 1667 1668
	case SVM_EXIT_EXCP_BASE + NM_VECTOR:
		nm_interception(svm);
		break;
1669 1670
	default:
		break;
1671 1672
	}

1673 1674 1675 1676 1677 1678
	return NESTED_EXIT_CONTINUE;
}

/*
 * If this function returns true, this #vmexit was already handled
 */
1679
static int nested_svm_intercept(struct vcpu_svm *svm)
1680 1681 1682 1683
{
	u32 exit_code = svm->vmcb->control.exit_code;
	int vmexit = NESTED_EXIT_HOST;

1684
	switch (exit_code) {
1685
	case SVM_EXIT_MSR:
1686
		vmexit = nested_svm_exit_handled_msr(svm);
1687
		break;
1688 1689 1690
	case SVM_EXIT_IOIO:
		vmexit = nested_svm_intercept_ioio(svm);
		break;
1691 1692
	case SVM_EXIT_READ_CR0 ... SVM_EXIT_READ_CR8: {
		u32 cr_bits = 1 << (exit_code - SVM_EXIT_READ_CR0);
J
Joerg Roedel 已提交
1693
		if (svm->nested.intercept_cr_read & cr_bits)
1694
			vmexit = NESTED_EXIT_DONE;
1695 1696 1697 1698
		break;
	}
	case SVM_EXIT_WRITE_CR0 ... SVM_EXIT_WRITE_CR8: {
		u32 cr_bits = 1 << (exit_code - SVM_EXIT_WRITE_CR0);
J
Joerg Roedel 已提交
1699
		if (svm->nested.intercept_cr_write & cr_bits)
1700
			vmexit = NESTED_EXIT_DONE;
1701 1702 1703 1704
		break;
	}
	case SVM_EXIT_READ_DR0 ... SVM_EXIT_READ_DR7: {
		u32 dr_bits = 1 << (exit_code - SVM_EXIT_READ_DR0);
J
Joerg Roedel 已提交
1705
		if (svm->nested.intercept_dr_read & dr_bits)
1706
			vmexit = NESTED_EXIT_DONE;
1707 1708 1709 1710
		break;
	}
	case SVM_EXIT_WRITE_DR0 ... SVM_EXIT_WRITE_DR7: {
		u32 dr_bits = 1 << (exit_code - SVM_EXIT_WRITE_DR0);
J
Joerg Roedel 已提交
1711
		if (svm->nested.intercept_dr_write & dr_bits)
1712
			vmexit = NESTED_EXIT_DONE;
1713 1714 1715 1716
		break;
	}
	case SVM_EXIT_EXCP_BASE ... SVM_EXIT_EXCP_BASE + 0x1f: {
		u32 excp_bits = 1 << (exit_code - SVM_EXIT_EXCP_BASE);
J
Joerg Roedel 已提交
1717
		if (svm->nested.intercept_exceptions & excp_bits)
1718
			vmexit = NESTED_EXIT_DONE;
1719 1720
		break;
	}
1721 1722 1723 1724
	case SVM_EXIT_ERR: {
		vmexit = NESTED_EXIT_DONE;
		break;
	}
1725 1726
	default: {
		u64 exit_bits = 1ULL << (exit_code - SVM_EXIT_INTR);
J
Joerg Roedel 已提交
1727
		if (svm->nested.intercept & exit_bits)
1728
			vmexit = NESTED_EXIT_DONE;
1729 1730 1731
	}
	}

1732 1733 1734 1735 1736 1737 1738 1739 1740 1741
	return vmexit;
}

static int nested_svm_exit_handled(struct vcpu_svm *svm)
{
	int vmexit;

	vmexit = nested_svm_intercept(svm);

	if (vmexit == NESTED_EXIT_DONE)
1742 1743 1744
		nested_svm_vmexit(svm);

	return vmexit;
1745 1746
}

1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778
static inline void copy_vmcb_control_area(struct vmcb *dst_vmcb, struct vmcb *from_vmcb)
{
	struct vmcb_control_area *dst  = &dst_vmcb->control;
	struct vmcb_control_area *from = &from_vmcb->control;

	dst->intercept_cr_read    = from->intercept_cr_read;
	dst->intercept_cr_write   = from->intercept_cr_write;
	dst->intercept_dr_read    = from->intercept_dr_read;
	dst->intercept_dr_write   = from->intercept_dr_write;
	dst->intercept_exceptions = from->intercept_exceptions;
	dst->intercept            = from->intercept;
	dst->iopm_base_pa         = from->iopm_base_pa;
	dst->msrpm_base_pa        = from->msrpm_base_pa;
	dst->tsc_offset           = from->tsc_offset;
	dst->asid                 = from->asid;
	dst->tlb_ctl              = from->tlb_ctl;
	dst->int_ctl              = from->int_ctl;
	dst->int_vector           = from->int_vector;
	dst->int_state            = from->int_state;
	dst->exit_code            = from->exit_code;
	dst->exit_code_hi         = from->exit_code_hi;
	dst->exit_info_1          = from->exit_info_1;
	dst->exit_info_2          = from->exit_info_2;
	dst->exit_int_info        = from->exit_int_info;
	dst->exit_int_info_err    = from->exit_int_info_err;
	dst->nested_ctl           = from->nested_ctl;
	dst->event_inj            = from->event_inj;
	dst->event_inj_err        = from->event_inj_err;
	dst->nested_cr3           = from->nested_cr3;
	dst->lbr_ctl              = from->lbr_ctl;
}

1779
static int nested_svm_vmexit(struct vcpu_svm *svm)
1780
{
1781
	struct vmcb *nested_vmcb;
1782
	struct vmcb *hsave = svm->nested.hsave;
J
Joerg Roedel 已提交
1783
	struct vmcb *vmcb = svm->vmcb;
1784
	struct page *page;
1785

1786 1787 1788 1789 1790 1791
	trace_kvm_nested_vmexit_inject(vmcb->control.exit_code,
				       vmcb->control.exit_info_1,
				       vmcb->control.exit_info_2,
				       vmcb->control.exit_int_info,
				       vmcb->control.exit_int_info_err);

1792
	nested_vmcb = nested_svm_map(svm, svm->nested.vmcb, &page);
1793 1794 1795
	if (!nested_vmcb)
		return 1;

1796 1797 1798
	/* Exit nested SVM mode */
	svm->nested.vmcb = 0;

1799
	/* Give the current vmcb to the guest */
J
Joerg Roedel 已提交
1800 1801 1802 1803 1804 1805 1806 1807
	disable_gif(svm);

	nested_vmcb->save.es     = vmcb->save.es;
	nested_vmcb->save.cs     = vmcb->save.cs;
	nested_vmcb->save.ss     = vmcb->save.ss;
	nested_vmcb->save.ds     = vmcb->save.ds;
	nested_vmcb->save.gdtr   = vmcb->save.gdtr;
	nested_vmcb->save.idtr   = vmcb->save.idtr;
1808
	nested_vmcb->save.cr0    = kvm_read_cr0(&svm->vcpu);
1809
	nested_vmcb->save.cr3    = svm->vcpu.arch.cr3;
J
Joerg Roedel 已提交
1810
	nested_vmcb->save.cr2    = vmcb->save.cr2;
1811
	nested_vmcb->save.cr4    = svm->vcpu.arch.cr4;
J
Joerg Roedel 已提交
1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828
	nested_vmcb->save.rflags = vmcb->save.rflags;
	nested_vmcb->save.rip    = vmcb->save.rip;
	nested_vmcb->save.rsp    = vmcb->save.rsp;
	nested_vmcb->save.rax    = vmcb->save.rax;
	nested_vmcb->save.dr7    = vmcb->save.dr7;
	nested_vmcb->save.dr6    = vmcb->save.dr6;
	nested_vmcb->save.cpl    = vmcb->save.cpl;

	nested_vmcb->control.int_ctl           = vmcb->control.int_ctl;
	nested_vmcb->control.int_vector        = vmcb->control.int_vector;
	nested_vmcb->control.int_state         = vmcb->control.int_state;
	nested_vmcb->control.exit_code         = vmcb->control.exit_code;
	nested_vmcb->control.exit_code_hi      = vmcb->control.exit_code_hi;
	nested_vmcb->control.exit_info_1       = vmcb->control.exit_info_1;
	nested_vmcb->control.exit_info_2       = vmcb->control.exit_info_2;
	nested_vmcb->control.exit_int_info     = vmcb->control.exit_int_info;
	nested_vmcb->control.exit_int_info_err = vmcb->control.exit_int_info_err;
1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844

	/*
	 * If we emulate a VMRUN/#VMEXIT in the same host #vmexit cycle we have
	 * to make sure that we do not lose injected events. So check event_inj
	 * here and copy it to exit_int_info if it is valid.
	 * Exit_int_info and event_inj can't be both valid because the case
	 * below only happens on a VMRUN instruction intercept which has
	 * no valid exit_int_info set.
	 */
	if (vmcb->control.event_inj & SVM_EVTINJ_VALID) {
		struct vmcb_control_area *nc = &nested_vmcb->control;

		nc->exit_int_info     = vmcb->control.event_inj;
		nc->exit_int_info_err = vmcb->control.event_inj_err;
	}

J
Joerg Roedel 已提交
1845 1846 1847
	nested_vmcb->control.tlb_ctl           = 0;
	nested_vmcb->control.event_inj         = 0;
	nested_vmcb->control.event_inj_err     = 0;
1848 1849 1850 1851 1852 1853

	/* We always set V_INTR_MASKING and remember the old value in hflags */
	if (!(svm->vcpu.arch.hflags & HF_VINTR_MASK))
		nested_vmcb->control.int_ctl &= ~V_INTR_MASKING_MASK;

	/* Restore the original control entries */
1854
	copy_vmcb_control_area(vmcb, hsave);
1855

1856 1857
	kvm_clear_exception_queue(&svm->vcpu);
	kvm_clear_interrupt_queue(&svm->vcpu);
1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882

	/* Restore selected save entries */
	svm->vmcb->save.es = hsave->save.es;
	svm->vmcb->save.cs = hsave->save.cs;
	svm->vmcb->save.ss = hsave->save.ss;
	svm->vmcb->save.ds = hsave->save.ds;
	svm->vmcb->save.gdtr = hsave->save.gdtr;
	svm->vmcb->save.idtr = hsave->save.idtr;
	svm->vmcb->save.rflags = hsave->save.rflags;
	svm_set_efer(&svm->vcpu, hsave->save.efer);
	svm_set_cr0(&svm->vcpu, hsave->save.cr0 | X86_CR0_PE);
	svm_set_cr4(&svm->vcpu, hsave->save.cr4);
	if (npt_enabled) {
		svm->vmcb->save.cr3 = hsave->save.cr3;
		svm->vcpu.arch.cr3 = hsave->save.cr3;
	} else {
		kvm_set_cr3(&svm->vcpu, hsave->save.cr3);
	}
	kvm_register_write(&svm->vcpu, VCPU_REGS_RAX, hsave->save.rax);
	kvm_register_write(&svm->vcpu, VCPU_REGS_RSP, hsave->save.rsp);
	kvm_register_write(&svm->vcpu, VCPU_REGS_RIP, hsave->save.rip);
	svm->vmcb->save.dr7 = 0;
	svm->vmcb->save.cpl = 0;
	svm->vmcb->control.exit_int_info = 0;

1883
	nested_svm_unmap(page);
1884 1885 1886 1887 1888 1889

	kvm_mmu_reset_context(&svm->vcpu);
	kvm_mmu_load(&svm->vcpu);

	return 0;
}
A
Alexander Graf 已提交
1890

1891
static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
A
Alexander Graf 已提交
1892
{
1893 1894 1895 1896 1897
	/*
	 * This function merges the msr permission bitmaps of kvm and the
	 * nested vmcb. It is omptimized in that it only merges the parts where
	 * the kvm msr permission bitmap may contain zero bits
	 */
A
Alexander Graf 已提交
1898
	int i;
1899

1900 1901
	if (!(svm->nested.intercept & (1ULL << INTERCEPT_MSR_PROT)))
		return true;
1902

1903 1904 1905
	for (i = 0; i < MSRPM_OFFSETS; i++) {
		u32 value, p;
		u64 offset;
1906

1907 1908
		if (msrpm_offsets[i] == 0xffffffff)
			break;
A
Alexander Graf 已提交
1909

1910 1911
		p      = msrpm_offsets[i];
		offset = svm->nested.vmcb_msrpm + (p * 4);
1912 1913 1914 1915 1916 1917 1918 1919

		if (kvm_read_guest(svm->vcpu.kvm, offset, &value, 4))
			return false;

		svm->nested.msrpm[p] = svm->msrpm[p] | value;
	}

	svm->vmcb->control.msrpm_base_pa = __pa(svm->nested.msrpm);
1920 1921

	return true;
A
Alexander Graf 已提交
1922 1923
}

1924
static bool nested_svm_vmrun(struct vcpu_svm *svm)
A
Alexander Graf 已提交
1925
{
1926
	struct vmcb *nested_vmcb;
1927
	struct vmcb *hsave = svm->nested.hsave;
J
Joerg Roedel 已提交
1928
	struct vmcb *vmcb = svm->vmcb;
1929
	struct page *page;
1930 1931 1932
	u64 vmcb_gpa;

	vmcb_gpa = svm->vmcb->save.rax;
A
Alexander Graf 已提交
1933

1934
	nested_vmcb = nested_svm_map(svm, svm->vmcb->save.rax, &page);
1935 1936 1937
	if (!nested_vmcb)
		return false;

1938
	trace_kvm_nested_vmrun(svm->vmcb->save.rip - 3, vmcb_gpa,
1939 1940 1941 1942 1943
			       nested_vmcb->save.rip,
			       nested_vmcb->control.int_ctl,
			       nested_vmcb->control.event_inj,
			       nested_vmcb->control.nested_ctl);

1944 1945 1946 1947 1948
	trace_kvm_nested_intercepts(nested_vmcb->control.intercept_cr_read,
				    nested_vmcb->control.intercept_cr_write,
				    nested_vmcb->control.intercept_exceptions,
				    nested_vmcb->control.intercept);

A
Alexander Graf 已提交
1949
	/* Clear internal status */
1950 1951
	kvm_clear_exception_queue(&svm->vcpu);
	kvm_clear_interrupt_queue(&svm->vcpu);
A
Alexander Graf 已提交
1952

J
Joerg Roedel 已提交
1953 1954 1955 1956
	/*
	 * Save the old vmcb, so we don't need to pick what we save, but can
	 * restore everything when a VMEXIT occurs
	 */
J
Joerg Roedel 已提交
1957 1958 1959 1960 1961 1962
	hsave->save.es     = vmcb->save.es;
	hsave->save.cs     = vmcb->save.cs;
	hsave->save.ss     = vmcb->save.ss;
	hsave->save.ds     = vmcb->save.ds;
	hsave->save.gdtr   = vmcb->save.gdtr;
	hsave->save.idtr   = vmcb->save.idtr;
1963
	hsave->save.efer   = svm->vcpu.arch.efer;
1964
	hsave->save.cr0    = kvm_read_cr0(&svm->vcpu);
J
Joerg Roedel 已提交
1965 1966 1967 1968 1969 1970 1971 1972 1973 1974
	hsave->save.cr4    = svm->vcpu.arch.cr4;
	hsave->save.rflags = vmcb->save.rflags;
	hsave->save.rip    = svm->next_rip;
	hsave->save.rsp    = vmcb->save.rsp;
	hsave->save.rax    = vmcb->save.rax;
	if (npt_enabled)
		hsave->save.cr3    = vmcb->save.cr3;
	else
		hsave->save.cr3    = svm->vcpu.arch.cr3;

1975
	copy_vmcb_control_area(hsave, vmcb);
A
Alexander Graf 已提交
1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995

	if (svm->vmcb->save.rflags & X86_EFLAGS_IF)
		svm->vcpu.arch.hflags |= HF_HIF_MASK;
	else
		svm->vcpu.arch.hflags &= ~HF_HIF_MASK;

	/* Load the nested guest state */
	svm->vmcb->save.es = nested_vmcb->save.es;
	svm->vmcb->save.cs = nested_vmcb->save.cs;
	svm->vmcb->save.ss = nested_vmcb->save.ss;
	svm->vmcb->save.ds = nested_vmcb->save.ds;
	svm->vmcb->save.gdtr = nested_vmcb->save.gdtr;
	svm->vmcb->save.idtr = nested_vmcb->save.idtr;
	svm->vmcb->save.rflags = nested_vmcb->save.rflags;
	svm_set_efer(&svm->vcpu, nested_vmcb->save.efer);
	svm_set_cr0(&svm->vcpu, nested_vmcb->save.cr0);
	svm_set_cr4(&svm->vcpu, nested_vmcb->save.cr4);
	if (npt_enabled) {
		svm->vmcb->save.cr3 = nested_vmcb->save.cr3;
		svm->vcpu.arch.cr3 = nested_vmcb->save.cr3;
1996
	} else
A
Alexander Graf 已提交
1997
		kvm_set_cr3(&svm->vcpu, nested_vmcb->save.cr3);
1998 1999 2000 2001

	/* Guest paging mode is active - reset mmu */
	kvm_mmu_reset_context(&svm->vcpu);

J
Joerg Roedel 已提交
2002
	svm->vmcb->save.cr2 = svm->vcpu.arch.cr2 = nested_vmcb->save.cr2;
A
Alexander Graf 已提交
2003 2004 2005
	kvm_register_write(&svm->vcpu, VCPU_REGS_RAX, nested_vmcb->save.rax);
	kvm_register_write(&svm->vcpu, VCPU_REGS_RSP, nested_vmcb->save.rsp);
	kvm_register_write(&svm->vcpu, VCPU_REGS_RIP, nested_vmcb->save.rip);
J
Joerg Roedel 已提交
2006

A
Alexander Graf 已提交
2007 2008 2009 2010 2011 2012 2013 2014
	/* In case we don't even reach vcpu_run, the fields are not updated */
	svm->vmcb->save.rax = nested_vmcb->save.rax;
	svm->vmcb->save.rsp = nested_vmcb->save.rsp;
	svm->vmcb->save.rip = nested_vmcb->save.rip;
	svm->vmcb->save.dr7 = nested_vmcb->save.dr7;
	svm->vmcb->save.dr6 = nested_vmcb->save.dr6;
	svm->vmcb->save.cpl = nested_vmcb->save.cpl;

2015
	svm->nested.vmcb_msrpm = nested_vmcb->control.msrpm_base_pa & ~0x0fffULL;
2016
	svm->nested.vmcb_iopm  = nested_vmcb->control.iopm_base_pa  & ~0x0fffULL;
A
Alexander Graf 已提交
2017

J
Joerg Roedel 已提交
2018 2019 2020 2021 2022 2023 2024 2025
	/* cache intercepts */
	svm->nested.intercept_cr_read    = nested_vmcb->control.intercept_cr_read;
	svm->nested.intercept_cr_write   = nested_vmcb->control.intercept_cr_write;
	svm->nested.intercept_dr_read    = nested_vmcb->control.intercept_dr_read;
	svm->nested.intercept_dr_write   = nested_vmcb->control.intercept_dr_write;
	svm->nested.intercept_exceptions = nested_vmcb->control.intercept_exceptions;
	svm->nested.intercept            = nested_vmcb->control.intercept;

A
Alexander Graf 已提交
2026 2027 2028 2029 2030 2031 2032
	force_new_asid(&svm->vcpu);
	svm->vmcb->control.int_ctl = nested_vmcb->control.int_ctl | V_INTR_MASKING_MASK;
	if (nested_vmcb->control.int_ctl & V_INTR_MASKING_MASK)
		svm->vcpu.arch.hflags |= HF_VINTR_MASK;
	else
		svm->vcpu.arch.hflags &= ~HF_VINTR_MASK;

2033 2034 2035 2036 2037 2038
	if (svm->vcpu.arch.hflags & HF_VINTR_MASK) {
		/* We only want the cr8 intercept bits of the guest */
		svm->vmcb->control.intercept_cr_read &= ~INTERCEPT_CR8_MASK;
		svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
	}

J
Joerg Roedel 已提交
2039 2040 2041 2042
	/*
	 * We don't want a nested guest to be more powerful than the guest, so
	 * all intercepts are ORed
	 */
2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056
	svm->vmcb->control.intercept_cr_read |=
		nested_vmcb->control.intercept_cr_read;
	svm->vmcb->control.intercept_cr_write |=
		nested_vmcb->control.intercept_cr_write;
	svm->vmcb->control.intercept_dr_read |=
		nested_vmcb->control.intercept_dr_read;
	svm->vmcb->control.intercept_dr_write |=
		nested_vmcb->control.intercept_dr_write;
	svm->vmcb->control.intercept_exceptions |=
		nested_vmcb->control.intercept_exceptions;

	svm->vmcb->control.intercept |= nested_vmcb->control.intercept;

	svm->vmcb->control.lbr_ctl = nested_vmcb->control.lbr_ctl;
A
Alexander Graf 已提交
2057 2058 2059 2060 2061 2062
	svm->vmcb->control.int_vector = nested_vmcb->control.int_vector;
	svm->vmcb->control.int_state = nested_vmcb->control.int_state;
	svm->vmcb->control.tsc_offset += nested_vmcb->control.tsc_offset;
	svm->vmcb->control.event_inj = nested_vmcb->control.event_inj;
	svm->vmcb->control.event_inj_err = nested_vmcb->control.event_inj_err;

2063
	nested_svm_unmap(page);
2064

2065 2066 2067
	/* nested_vmcb is our indicator if nested SVM is activated */
	svm->nested.vmcb = vmcb_gpa;

2068
	enable_gif(svm);
A
Alexander Graf 已提交
2069

2070
	return true;
A
Alexander Graf 已提交
2071 2072
}

2073
static void nested_svm_vmloadsave(struct vmcb *from_vmcb, struct vmcb *to_vmcb)
2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088
{
	to_vmcb->save.fs = from_vmcb->save.fs;
	to_vmcb->save.gs = from_vmcb->save.gs;
	to_vmcb->save.tr = from_vmcb->save.tr;
	to_vmcb->save.ldtr = from_vmcb->save.ldtr;
	to_vmcb->save.kernel_gs_base = from_vmcb->save.kernel_gs_base;
	to_vmcb->save.star = from_vmcb->save.star;
	to_vmcb->save.lstar = from_vmcb->save.lstar;
	to_vmcb->save.cstar = from_vmcb->save.cstar;
	to_vmcb->save.sfmask = from_vmcb->save.sfmask;
	to_vmcb->save.sysenter_cs = from_vmcb->save.sysenter_cs;
	to_vmcb->save.sysenter_esp = from_vmcb->save.sysenter_esp;
	to_vmcb->save.sysenter_eip = from_vmcb->save.sysenter_eip;
}

A
Avi Kivity 已提交
2089
static int vmload_interception(struct vcpu_svm *svm)
2090
{
2091
	struct vmcb *nested_vmcb;
2092
	struct page *page;
2093

2094 2095 2096 2097 2098 2099
	if (nested_svm_check_permissions(svm))
		return 1;

	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
	skip_emulated_instruction(&svm->vcpu);

2100
	nested_vmcb = nested_svm_map(svm, svm->vmcb->save.rax, &page);
2101 2102 2103 2104
	if (!nested_vmcb)
		return 1;

	nested_svm_vmloadsave(nested_vmcb, svm->vmcb);
2105
	nested_svm_unmap(page);
2106 2107 2108 2109

	return 1;
}

A
Avi Kivity 已提交
2110
static int vmsave_interception(struct vcpu_svm *svm)
2111
{
2112
	struct vmcb *nested_vmcb;
2113
	struct page *page;
2114

2115 2116 2117 2118 2119 2120
	if (nested_svm_check_permissions(svm))
		return 1;

	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
	skip_emulated_instruction(&svm->vcpu);

2121
	nested_vmcb = nested_svm_map(svm, svm->vmcb->save.rax, &page);
2122 2123 2124 2125
	if (!nested_vmcb)
		return 1;

	nested_svm_vmloadsave(svm->vmcb, nested_vmcb);
2126
	nested_svm_unmap(page);
2127 2128 2129 2130

	return 1;
}

A
Avi Kivity 已提交
2131
static int vmrun_interception(struct vcpu_svm *svm)
A
Alexander Graf 已提交
2132 2133 2134 2135 2136 2137 2138
{
	if (nested_svm_check_permissions(svm))
		return 1;

	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
	skip_emulated_instruction(&svm->vcpu);

2139
	if (!nested_svm_vmrun(svm))
A
Alexander Graf 已提交
2140 2141
		return 1;

2142
	if (!nested_svm_vmrun_msrpm(svm))
2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154
		goto failed;

	return 1;

failed:

	svm->vmcb->control.exit_code    = SVM_EXIT_ERR;
	svm->vmcb->control.exit_code_hi = 0;
	svm->vmcb->control.exit_info_1  = 0;
	svm->vmcb->control.exit_info_2  = 0;

	nested_svm_vmexit(svm);
A
Alexander Graf 已提交
2155 2156 2157 2158

	return 1;
}

A
Avi Kivity 已提交
2159
static int stgi_interception(struct vcpu_svm *svm)
2160 2161 2162 2163 2164 2165 2166
{
	if (nested_svm_check_permissions(svm))
		return 1;

	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
	skip_emulated_instruction(&svm->vcpu);

2167
	enable_gif(svm);
2168 2169 2170 2171

	return 1;
}

A
Avi Kivity 已提交
2172
static int clgi_interception(struct vcpu_svm *svm)
2173 2174 2175 2176 2177 2178 2179
{
	if (nested_svm_check_permissions(svm))
		return 1;

	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
	skip_emulated_instruction(&svm->vcpu);

2180
	disable_gif(svm);
2181 2182 2183 2184 2185 2186 2187 2188

	/* After a CLGI no interrupts should come */
	svm_clear_vintr(svm);
	svm->vmcb->control.int_ctl &= ~V_IRQ_MASK;

	return 1;
}

A
Avi Kivity 已提交
2189
static int invlpga_interception(struct vcpu_svm *svm)
A
Alexander Graf 已提交
2190 2191 2192
{
	struct kvm_vcpu *vcpu = &svm->vcpu;

2193 2194 2195
	trace_kvm_invlpga(svm->vmcb->save.rip, vcpu->arch.regs[VCPU_REGS_RCX],
			  vcpu->arch.regs[VCPU_REGS_RAX]);

A
Alexander Graf 已提交
2196 2197 2198 2199 2200 2201 2202 2203
	/* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
	kvm_mmu_invlpg(vcpu, vcpu->arch.regs[VCPU_REGS_RAX]);

	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
	skip_emulated_instruction(&svm->vcpu);
	return 1;
}

2204 2205 2206 2207 2208 2209 2210 2211
static int skinit_interception(struct vcpu_svm *svm)
{
	trace_kvm_skinit(svm->vmcb->save.rip, svm->vcpu.arch.regs[VCPU_REGS_RAX]);

	kvm_queue_exception(&svm->vcpu, UD_VECTOR);
	return 1;
}

A
Avi Kivity 已提交
2212
static int invalid_op_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2213
{
2214
	kvm_queue_exception(&svm->vcpu, UD_VECTOR);
A
Avi Kivity 已提交
2215 2216 2217
	return 1;
}

A
Avi Kivity 已提交
2218
static int task_switch_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2219
{
2220
	u16 tss_selector;
2221 2222 2223
	int reason;
	int int_type = svm->vmcb->control.exit_int_info &
		SVM_EXITINTINFO_TYPE_MASK;
2224
	int int_vec = svm->vmcb->control.exit_int_info & SVM_EVTINJ_VEC_MASK;
2225 2226 2227 2228
	uint32_t type =
		svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_TYPE_MASK;
	uint32_t idt_v =
		svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID;
2229 2230
	bool has_error_code = false;
	u32 error_code = 0;
2231 2232

	tss_selector = (u16)svm->vmcb->control.exit_info_1;
2233

2234 2235
	if (svm->vmcb->control.exit_info_2 &
	    (1ULL << SVM_EXITINFOSHIFT_TS_REASON_IRET))
2236 2237 2238 2239
		reason = TASK_SWITCH_IRET;
	else if (svm->vmcb->control.exit_info_2 &
		 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
		reason = TASK_SWITCH_JMP;
2240
	else if (idt_v)
2241 2242 2243 2244
		reason = TASK_SWITCH_GATE;
	else
		reason = TASK_SWITCH_CALL;

2245 2246 2247 2248 2249 2250
	if (reason == TASK_SWITCH_GATE) {
		switch (type) {
		case SVM_EXITINTINFO_TYPE_NMI:
			svm->vcpu.arch.nmi_injected = false;
			break;
		case SVM_EXITINTINFO_TYPE_EXEPT:
2251 2252 2253 2254 2255 2256
			if (svm->vmcb->control.exit_info_2 &
			    (1ULL << SVM_EXITINFOSHIFT_TS_HAS_ERROR_CODE)) {
				has_error_code = true;
				error_code =
					(u32)svm->vmcb->control.exit_info_2;
			}
2257 2258 2259 2260 2261 2262 2263 2264 2265
			kvm_clear_exception_queue(&svm->vcpu);
			break;
		case SVM_EXITINTINFO_TYPE_INTR:
			kvm_clear_interrupt_queue(&svm->vcpu);
			break;
		default:
			break;
		}
	}
2266

2267 2268 2269
	if (reason != TASK_SWITCH_GATE ||
	    int_type == SVM_EXITINTINFO_TYPE_SOFT ||
	    (int_type == SVM_EXITINTINFO_TYPE_EXEPT &&
2270 2271
	     (int_vec == OF_VECTOR || int_vec == BP_VECTOR)))
		skip_emulated_instruction(&svm->vcpu);
2272

2273 2274 2275 2276 2277 2278 2279 2280
	if (kvm_task_switch(&svm->vcpu, tss_selector, reason,
				has_error_code, error_code) == EMULATE_FAIL) {
		svm->vcpu.run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
		svm->vcpu.run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
		svm->vcpu.run->internal.ndata = 0;
		return 0;
	}
	return 1;
A
Avi Kivity 已提交
2281 2282
}

A
Avi Kivity 已提交
2283
static int cpuid_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2284
{
2285
	svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
R
Rusty Russell 已提交
2286
	kvm_emulate_cpuid(&svm->vcpu);
2287
	return 1;
A
Avi Kivity 已提交
2288 2289
}

A
Avi Kivity 已提交
2290
static int iret_interception(struct vcpu_svm *svm)
2291 2292 2293
{
	++svm->vcpu.stat.nmi_window_exits;
	svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
2294
	svm->vcpu.arch.hflags |= HF_IRET_MASK;
2295 2296 2297
	return 1;
}

A
Avi Kivity 已提交
2298
static int invlpg_interception(struct vcpu_svm *svm)
M
Marcelo Tosatti 已提交
2299
{
A
Avi Kivity 已提交
2300
	if (emulate_instruction(&svm->vcpu, 0, 0, 0) != EMULATE_DONE)
M
Marcelo Tosatti 已提交
2301 2302 2303 2304
		pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
	return 1;
}

A
Avi Kivity 已提交
2305
static int emulate_on_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2306
{
A
Avi Kivity 已提交
2307
	if (emulate_instruction(&svm->vcpu, 0, 0, 0) != EMULATE_DONE)
2308
		pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
A
Avi Kivity 已提交
2309 2310 2311
	return 1;
}

A
Avi Kivity 已提交
2312
static int cr8_write_interception(struct vcpu_svm *svm)
2313
{
A
Avi Kivity 已提交
2314 2315
	struct kvm_run *kvm_run = svm->vcpu.run;

2316 2317
	u8 cr8_prev = kvm_get_cr8(&svm->vcpu);
	/* instruction emulation calls kvm_set_cr8() */
A
Avi Kivity 已提交
2318
	emulate_instruction(&svm->vcpu, 0, 0, 0);
2319 2320
	if (irqchip_in_kernel(svm->vcpu.kvm)) {
		svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
2321
		return 1;
2322
	}
2323 2324
	if (cr8_prev <= kvm_get_cr8(&svm->vcpu))
		return 1;
2325 2326 2327 2328
	kvm_run->exit_reason = KVM_EXIT_SET_TPR;
	return 0;
}

A
Avi Kivity 已提交
2329 2330
static int svm_get_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 *data)
{
2331 2332
	struct vcpu_svm *svm = to_svm(vcpu);

A
Avi Kivity 已提交
2333
	switch (ecx) {
2334
	case MSR_IA32_TSC: {
2335
		u64 tsc_offset;
A
Avi Kivity 已提交
2336

2337 2338 2339 2340 2341 2342
		if (is_nested(svm))
			tsc_offset = svm->nested.hsave->control.tsc_offset;
		else
			tsc_offset = svm->vmcb->control.tsc_offset;

		*data = tsc_offset + native_read_tsc();
A
Avi Kivity 已提交
2343 2344
		break;
	}
2345
	case MSR_K6_STAR:
2346
		*data = svm->vmcb->save.star;
A
Avi Kivity 已提交
2347
		break;
2348
#ifdef CONFIG_X86_64
A
Avi Kivity 已提交
2349
	case MSR_LSTAR:
2350
		*data = svm->vmcb->save.lstar;
A
Avi Kivity 已提交
2351 2352
		break;
	case MSR_CSTAR:
2353
		*data = svm->vmcb->save.cstar;
A
Avi Kivity 已提交
2354 2355
		break;
	case MSR_KERNEL_GS_BASE:
2356
		*data = svm->vmcb->save.kernel_gs_base;
A
Avi Kivity 已提交
2357 2358
		break;
	case MSR_SYSCALL_MASK:
2359
		*data = svm->vmcb->save.sfmask;
A
Avi Kivity 已提交
2360 2361 2362
		break;
#endif
	case MSR_IA32_SYSENTER_CS:
2363
		*data = svm->vmcb->save.sysenter_cs;
A
Avi Kivity 已提交
2364 2365
		break;
	case MSR_IA32_SYSENTER_EIP:
2366
		*data = svm->sysenter_eip;
A
Avi Kivity 已提交
2367 2368
		break;
	case MSR_IA32_SYSENTER_ESP:
2369
		*data = svm->sysenter_esp;
A
Avi Kivity 已提交
2370
		break;
J
Joerg Roedel 已提交
2371 2372 2373 2374 2375
	/*
	 * Nobody will change the following 5 values in the VMCB so we can
	 * safely return them on rdmsr. They will always be 0 until LBRV is
	 * implemented.
	 */
2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390
	case MSR_IA32_DEBUGCTLMSR:
		*data = svm->vmcb->save.dbgctl;
		break;
	case MSR_IA32_LASTBRANCHFROMIP:
		*data = svm->vmcb->save.br_from;
		break;
	case MSR_IA32_LASTBRANCHTOIP:
		*data = svm->vmcb->save.br_to;
		break;
	case MSR_IA32_LASTINTFROMIP:
		*data = svm->vmcb->save.last_excp_from;
		break;
	case MSR_IA32_LASTINTTOIP:
		*data = svm->vmcb->save.last_excp_to;
		break;
A
Alexander Graf 已提交
2391
	case MSR_VM_HSAVE_PA:
2392
		*data = svm->nested.hsave_msr;
A
Alexander Graf 已提交
2393
		break;
2394
	case MSR_VM_CR:
2395
		*data = svm->nested.vm_cr_msr;
2396
		break;
2397 2398 2399
	case MSR_IA32_UCODE_REV:
		*data = 0x01000065;
		break;
A
Avi Kivity 已提交
2400
	default:
2401
		return kvm_get_msr_common(vcpu, ecx, data);
A
Avi Kivity 已提交
2402 2403 2404 2405
	}
	return 0;
}

A
Avi Kivity 已提交
2406
static int rdmsr_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2407
{
2408
	u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
A
Avi Kivity 已提交
2409 2410
	u64 data;

2411 2412
	if (svm_get_msr(&svm->vcpu, ecx, &data)) {
		trace_kvm_msr_read_ex(ecx);
2413
		kvm_inject_gp(&svm->vcpu, 0);
2414
	} else {
2415
		trace_kvm_msr_read(ecx, data);
2416

2417
		svm->vcpu.arch.regs[VCPU_REGS_RAX] = data & 0xffffffff;
2418
		svm->vcpu.arch.regs[VCPU_REGS_RDX] = data >> 32;
2419
		svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
R
Rusty Russell 已提交
2420
		skip_emulated_instruction(&svm->vcpu);
A
Avi Kivity 已提交
2421 2422 2423 2424
	}
	return 1;
}

2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449
static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
{
	struct vcpu_svm *svm = to_svm(vcpu);
	int svm_dis, chg_mask;

	if (data & ~SVM_VM_CR_VALID_MASK)
		return 1;

	chg_mask = SVM_VM_CR_VALID_MASK;

	if (svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK)
		chg_mask &= ~(SVM_VM_CR_SVM_LOCK_MASK | SVM_VM_CR_SVM_DIS_MASK);

	svm->nested.vm_cr_msr &= ~chg_mask;
	svm->nested.vm_cr_msr |= (data & chg_mask);

	svm_dis = svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK;

	/* check for svm_disable while efer.svme is set */
	if (svm_dis && (vcpu->arch.efer & EFER_SVME))
		return 1;

	return 0;
}

A
Avi Kivity 已提交
2450 2451
static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
{
2452 2453
	struct vcpu_svm *svm = to_svm(vcpu);

A
Avi Kivity 已提交
2454
	switch (ecx) {
2455
	case MSR_IA32_TSC: {
2456 2457 2458 2459 2460 2461 2462 2463 2464 2465
		u64 tsc_offset = data - native_read_tsc();
		u64 g_tsc_offset = 0;

		if (is_nested(svm)) {
			g_tsc_offset = svm->vmcb->control.tsc_offset -
				       svm->nested.hsave->control.tsc_offset;
			svm->nested.hsave->control.tsc_offset = tsc_offset;
		}

		svm->vmcb->control.tsc_offset = tsc_offset + g_tsc_offset;
A
Avi Kivity 已提交
2466 2467 2468

		break;
	}
2469
	case MSR_K6_STAR:
2470
		svm->vmcb->save.star = data;
A
Avi Kivity 已提交
2471
		break;
2472
#ifdef CONFIG_X86_64
A
Avi Kivity 已提交
2473
	case MSR_LSTAR:
2474
		svm->vmcb->save.lstar = data;
A
Avi Kivity 已提交
2475 2476
		break;
	case MSR_CSTAR:
2477
		svm->vmcb->save.cstar = data;
A
Avi Kivity 已提交
2478 2479
		break;
	case MSR_KERNEL_GS_BASE:
2480
		svm->vmcb->save.kernel_gs_base = data;
A
Avi Kivity 已提交
2481 2482
		break;
	case MSR_SYSCALL_MASK:
2483
		svm->vmcb->save.sfmask = data;
A
Avi Kivity 已提交
2484 2485 2486
		break;
#endif
	case MSR_IA32_SYSENTER_CS:
2487
		svm->vmcb->save.sysenter_cs = data;
A
Avi Kivity 已提交
2488 2489
		break;
	case MSR_IA32_SYSENTER_EIP:
2490
		svm->sysenter_eip = data;
2491
		svm->vmcb->save.sysenter_eip = data;
A
Avi Kivity 已提交
2492 2493
		break;
	case MSR_IA32_SYSENTER_ESP:
2494
		svm->sysenter_esp = data;
2495
		svm->vmcb->save.sysenter_esp = data;
A
Avi Kivity 已提交
2496
		break;
2497
	case MSR_IA32_DEBUGCTLMSR:
2498 2499
		if (!svm_has(SVM_FEATURE_LBRV)) {
			pr_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTL 0x%llx, nop\n",
2500
					__func__, data);
2501 2502 2503 2504 2505 2506 2507 2508 2509 2510
			break;
		}
		if (data & DEBUGCTL_RESERVED_BITS)
			return 1;

		svm->vmcb->save.dbgctl = data;
		if (data & (1ULL<<0))
			svm_enable_lbrv(svm);
		else
			svm_disable_lbrv(svm);
2511
		break;
A
Alexander Graf 已提交
2512
	case MSR_VM_HSAVE_PA:
2513
		svm->nested.hsave_msr = data;
2514
		break;
2515
	case MSR_VM_CR:
2516
		return svm_set_vm_cr(vcpu, data);
2517 2518 2519
	case MSR_VM_IGNNE:
		pr_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
		break;
A
Avi Kivity 已提交
2520
	default:
2521
		return kvm_set_msr_common(vcpu, ecx, data);
A
Avi Kivity 已提交
2522 2523 2524 2525
	}
	return 0;
}

A
Avi Kivity 已提交
2526
static int wrmsr_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2527
{
2528
	u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
2529
	u64 data = (svm->vcpu.arch.regs[VCPU_REGS_RAX] & -1u)
2530
		| ((u64)(svm->vcpu.arch.regs[VCPU_REGS_RDX] & -1u) << 32);
2531 2532


2533
	svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
2534 2535
	if (svm_set_msr(&svm->vcpu, ecx, data)) {
		trace_kvm_msr_write_ex(ecx, data);
2536
		kvm_inject_gp(&svm->vcpu, 0);
2537 2538
	} else {
		trace_kvm_msr_write(ecx, data);
R
Rusty Russell 已提交
2539
		skip_emulated_instruction(&svm->vcpu);
2540
	}
A
Avi Kivity 已提交
2541 2542 2543
	return 1;
}

A
Avi Kivity 已提交
2544
static int msr_interception(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2545
{
R
Rusty Russell 已提交
2546
	if (svm->vmcb->control.exit_info_1)
A
Avi Kivity 已提交
2547
		return wrmsr_interception(svm);
A
Avi Kivity 已提交
2548
	else
A
Avi Kivity 已提交
2549
		return rdmsr_interception(svm);
A
Avi Kivity 已提交
2550 2551
}

A
Avi Kivity 已提交
2552
static int interrupt_window_interception(struct vcpu_svm *svm)
2553
{
A
Avi Kivity 已提交
2554 2555
	struct kvm_run *kvm_run = svm->vcpu.run;

2556
	svm_clear_vintr(svm);
2557
	svm->vmcb->control.int_ctl &= ~V_IRQ_MASK;
2558 2559 2560 2561
	/*
	 * If the user space waits to inject interrupts, exit as soon as
	 * possible
	 */
2562 2563 2564
	if (!irqchip_in_kernel(svm->vcpu.kvm) &&
	    kvm_run->request_interrupt_window &&
	    !kvm_cpu_has_interrupt(&svm->vcpu)) {
R
Rusty Russell 已提交
2565
		++svm->vcpu.stat.irq_window_exits;
2566 2567 2568 2569 2570 2571 2572
		kvm_run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
		return 0;
	}

	return 1;
}

2573 2574 2575 2576 2577 2578
static int pause_interception(struct vcpu_svm *svm)
{
	kvm_vcpu_on_spin(&(svm->vcpu));
	return 1;
}

A
Avi Kivity 已提交
2579
static int (*svm_exit_handlers[])(struct vcpu_svm *svm) = {
J
Joerg Roedel 已提交
2580 2581 2582 2583
	[SVM_EXIT_READ_CR0]			= emulate_on_interception,
	[SVM_EXIT_READ_CR3]			= emulate_on_interception,
	[SVM_EXIT_READ_CR4]			= emulate_on_interception,
	[SVM_EXIT_READ_CR8]			= emulate_on_interception,
A
Avi Kivity 已提交
2584
	[SVM_EXIT_CR0_SEL_WRITE]		= emulate_on_interception,
J
Joerg Roedel 已提交
2585 2586 2587 2588 2589
	[SVM_EXIT_WRITE_CR0]			= emulate_on_interception,
	[SVM_EXIT_WRITE_CR3]			= emulate_on_interception,
	[SVM_EXIT_WRITE_CR4]			= emulate_on_interception,
	[SVM_EXIT_WRITE_CR8]			= cr8_write_interception,
	[SVM_EXIT_READ_DR0]			= emulate_on_interception,
A
Avi Kivity 已提交
2590 2591 2592
	[SVM_EXIT_READ_DR1]			= emulate_on_interception,
	[SVM_EXIT_READ_DR2]			= emulate_on_interception,
	[SVM_EXIT_READ_DR3]			= emulate_on_interception,
2593 2594 2595 2596
	[SVM_EXIT_READ_DR4]			= emulate_on_interception,
	[SVM_EXIT_READ_DR5]			= emulate_on_interception,
	[SVM_EXIT_READ_DR6]			= emulate_on_interception,
	[SVM_EXIT_READ_DR7]			= emulate_on_interception,
A
Avi Kivity 已提交
2597 2598 2599 2600
	[SVM_EXIT_WRITE_DR0]			= emulate_on_interception,
	[SVM_EXIT_WRITE_DR1]			= emulate_on_interception,
	[SVM_EXIT_WRITE_DR2]			= emulate_on_interception,
	[SVM_EXIT_WRITE_DR3]			= emulate_on_interception,
2601
	[SVM_EXIT_WRITE_DR4]			= emulate_on_interception,
A
Avi Kivity 已提交
2602
	[SVM_EXIT_WRITE_DR5]			= emulate_on_interception,
2603
	[SVM_EXIT_WRITE_DR6]			= emulate_on_interception,
A
Avi Kivity 已提交
2604
	[SVM_EXIT_WRITE_DR7]			= emulate_on_interception,
J
Jan Kiszka 已提交
2605 2606
	[SVM_EXIT_EXCP_BASE + DB_VECTOR]	= db_interception,
	[SVM_EXIT_EXCP_BASE + BP_VECTOR]	= bp_interception,
2607
	[SVM_EXIT_EXCP_BASE + UD_VECTOR]	= ud_interception,
J
Joerg Roedel 已提交
2608 2609 2610 2611
	[SVM_EXIT_EXCP_BASE + PF_VECTOR]	= pf_interception,
	[SVM_EXIT_EXCP_BASE + NM_VECTOR]	= nm_interception,
	[SVM_EXIT_EXCP_BASE + MC_VECTOR]	= mc_interception,
	[SVM_EXIT_INTR]				= intr_interception,
2612
	[SVM_EXIT_NMI]				= nmi_interception,
A
Avi Kivity 已提交
2613 2614
	[SVM_EXIT_SMI]				= nop_on_interception,
	[SVM_EXIT_INIT]				= nop_on_interception,
2615
	[SVM_EXIT_VINTR]			= interrupt_window_interception,
A
Avi Kivity 已提交
2616
	[SVM_EXIT_CPUID]			= cpuid_interception,
2617
	[SVM_EXIT_IRET]                         = iret_interception,
2618
	[SVM_EXIT_INVD]                         = emulate_on_interception,
2619
	[SVM_EXIT_PAUSE]			= pause_interception,
A
Avi Kivity 已提交
2620
	[SVM_EXIT_HLT]				= halt_interception,
M
Marcelo Tosatti 已提交
2621
	[SVM_EXIT_INVLPG]			= invlpg_interception,
A
Alexander Graf 已提交
2622
	[SVM_EXIT_INVLPGA]			= invlpga_interception,
J
Joerg Roedel 已提交
2623
	[SVM_EXIT_IOIO]				= io_interception,
A
Avi Kivity 已提交
2624 2625
	[SVM_EXIT_MSR]				= msr_interception,
	[SVM_EXIT_TASK_SWITCH]			= task_switch_interception,
2626
	[SVM_EXIT_SHUTDOWN]			= shutdown_interception,
A
Alexander Graf 已提交
2627
	[SVM_EXIT_VMRUN]			= vmrun_interception,
2628
	[SVM_EXIT_VMMCALL]			= vmmcall_interception,
2629 2630
	[SVM_EXIT_VMLOAD]			= vmload_interception,
	[SVM_EXIT_VMSAVE]			= vmsave_interception,
2631 2632
	[SVM_EXIT_STGI]				= stgi_interception,
	[SVM_EXIT_CLGI]				= clgi_interception,
2633
	[SVM_EXIT_SKINIT]			= skinit_interception,
2634
	[SVM_EXIT_WBINVD]                       = emulate_on_interception,
2635 2636
	[SVM_EXIT_MONITOR]			= invalid_op_interception,
	[SVM_EXIT_MWAIT]			= invalid_op_interception,
2637
	[SVM_EXIT_NPF]				= pf_interception,
A
Avi Kivity 已提交
2638 2639
};

A
Avi Kivity 已提交
2640
static int handle_exit(struct kvm_vcpu *vcpu)
A
Avi Kivity 已提交
2641
{
2642
	struct vcpu_svm *svm = to_svm(vcpu);
A
Avi Kivity 已提交
2643
	struct kvm_run *kvm_run = vcpu->run;
2644
	u32 exit_code = svm->vmcb->control.exit_code;
A
Avi Kivity 已提交
2645

2646
	trace_kvm_exit(exit_code, vcpu);
2647

2648 2649 2650 2651 2652
	if (!(svm->vmcb->control.intercept_cr_write & INTERCEPT_CR0_MASK))
		vcpu->arch.cr0 = svm->vmcb->save.cr0;
	if (npt_enabled)
		vcpu->arch.cr3 = svm->vmcb->save.cr3;

2653 2654 2655 2656 2657 2658 2659
	if (unlikely(svm->nested.exit_required)) {
		nested_svm_vmexit(svm);
		svm->nested.exit_required = false;

		return 1;
	}

2660
	if (is_nested(svm)) {
2661 2662
		int vmexit;

2663 2664 2665 2666 2667 2668
		trace_kvm_nested_vmexit(svm->vmcb->save.rip, exit_code,
					svm->vmcb->control.exit_info_1,
					svm->vmcb->control.exit_info_2,
					svm->vmcb->control.exit_int_info,
					svm->vmcb->control.exit_int_info_err);

2669 2670 2671 2672 2673 2674
		vmexit = nested_svm_exit_special(svm);

		if (vmexit == NESTED_EXIT_CONTINUE)
			vmexit = nested_svm_exit_handled(svm);

		if (vmexit == NESTED_EXIT_DONE)
2675 2676 2677
			return 1;
	}

2678 2679
	svm_complete_interrupts(svm);

2680 2681 2682 2683 2684 2685 2686
	if (svm->vmcb->control.exit_code == SVM_EXIT_ERR) {
		kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
		kvm_run->fail_entry.hardware_entry_failure_reason
			= svm->vmcb->control.exit_code;
		return 0;
	}

2687
	if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
2688
	    exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
2689
	    exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH)
A
Avi Kivity 已提交
2690 2691
		printk(KERN_ERR "%s: unexpected exit_ini_info 0x%x "
		       "exit_code 0x%x\n",
2692
		       __func__, svm->vmcb->control.exit_int_info,
A
Avi Kivity 已提交
2693 2694
		       exit_code);

2695
	if (exit_code >= ARRAY_SIZE(svm_exit_handlers)
J
Joe Perches 已提交
2696
	    || !svm_exit_handlers[exit_code]) {
A
Avi Kivity 已提交
2697
		kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
2698
		kvm_run->hw.hardware_exit_reason = exit_code;
A
Avi Kivity 已提交
2699 2700 2701
		return 0;
	}

A
Avi Kivity 已提交
2702
	return svm_exit_handlers[exit_code](svm);
A
Avi Kivity 已提交
2703 2704 2705 2706 2707 2708
}

static void reload_tss(struct kvm_vcpu *vcpu)
{
	int cpu = raw_smp_processor_id();

2709 2710
	struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
	sd->tss_desc->type = 9; /* available 32/64-bit TSS */
A
Avi Kivity 已提交
2711 2712 2713
	load_TR_desc();
}

R
Rusty Russell 已提交
2714
static void pre_svm_run(struct vcpu_svm *svm)
A
Avi Kivity 已提交
2715 2716 2717
{
	int cpu = raw_smp_processor_id();

2718
	struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
A
Avi Kivity 已提交
2719

2720
	svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
2721
	/* FIXME: handle wraparound of asid_generation */
2722 2723
	if (svm->asid_generation != sd->asid_generation)
		new_asid(svm, sd);
A
Avi Kivity 已提交
2724 2725
}

2726 2727 2728 2729 2730 2731 2732 2733 2734
static void svm_inject_nmi(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI;
	vcpu->arch.hflags |= HF_NMI_MASK;
	svm->vmcb->control.intercept |= (1UL << INTERCEPT_IRET);
	++vcpu->stat.nmi_injections;
}
A
Avi Kivity 已提交
2735

2736
static inline void svm_inject_irq(struct vcpu_svm *svm, int irq)
A
Avi Kivity 已提交
2737 2738 2739
{
	struct vmcb_control_area *control;

2740
	trace_kvm_inj_virq(irq);
2741

2742
	++svm->vcpu.stat.irq_injections;
R
Rusty Russell 已提交
2743
	control = &svm->vmcb->control;
2744
	control->int_vector = irq;
A
Avi Kivity 已提交
2745 2746 2747 2748 2749
	control->int_ctl &= ~V_INTR_PRIO_MASK;
	control->int_ctl |= V_IRQ_MASK |
		((/*control->int_vector >> 4*/ 0xf) << V_INTR_PRIO_SHIFT);
}

2750
static void svm_set_irq(struct kvm_vcpu *vcpu)
E
Eddie Dong 已提交
2751 2752 2753
{
	struct vcpu_svm *svm = to_svm(vcpu);

2754
	BUG_ON(!(gif_set(svm)));
2755

2756 2757
	svm->vmcb->control.event_inj = vcpu->arch.interrupt.nr |
		SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR;
E
Eddie Dong 已提交
2758 2759
}

2760
static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
2761 2762 2763
{
	struct vcpu_svm *svm = to_svm(vcpu);

2764 2765 2766
	if (is_nested(svm) && (vcpu->arch.hflags & HF_VINTR_MASK))
		return;

2767
	if (irr == -1)
2768 2769
		return;

2770 2771 2772
	if (tpr >= irr)
		svm->vmcb->control.intercept_cr_write |= INTERCEPT_CR8_MASK;
}
2773

2774 2775 2776 2777
static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);
	struct vmcb *vmcb = svm->vmcb;
J
Joerg Roedel 已提交
2778 2779 2780 2781 2782 2783
	int ret;
	ret = !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
	      !(svm->vcpu.arch.hflags & HF_NMI_MASK);
	ret = ret && gif_set(svm) && nested_svm_nmi(svm);

	return ret;
2784 2785
}

J
Jan Kiszka 已提交
2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805
static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	return !!(svm->vcpu.arch.hflags & HF_NMI_MASK);
}

static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	if (masked) {
		svm->vcpu.arch.hflags |= HF_NMI_MASK;
		svm->vmcb->control.intercept |= (1UL << INTERCEPT_IRET);
	} else {
		svm->vcpu.arch.hflags &= ~HF_NMI_MASK;
		svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
	}
}

2806 2807 2808 2809
static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);
	struct vmcb *vmcb = svm->vmcb;
2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821
	int ret;

	if (!gif_set(svm) ||
	     (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK))
		return 0;

	ret = !!(vmcb->save.rflags & X86_EFLAGS_IF);

	if (is_nested(svm))
		return ret && !(svm->vcpu.arch.hflags & HF_VINTR_MASK);

	return ret;
2822 2823
}

2824
static void enable_irq_window(struct kvm_vcpu *vcpu)
A
Avi Kivity 已提交
2825
{
2826 2827
	struct vcpu_svm *svm = to_svm(vcpu);

J
Joerg Roedel 已提交
2828 2829 2830 2831 2832 2833
	/*
	 * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes
	 * 1, because that's a separate STGI/VMRUN intercept.  The next time we
	 * get that intercept, this function will be called again though and
	 * we'll get the vintr intercept.
	 */
2834
	if (gif_set(svm) && nested_svm_intr(svm)) {
2835 2836 2837
		svm_set_vintr(svm);
		svm_inject_irq(svm, 0x0);
	}
2838 2839
}

2840
static void enable_nmi_window(struct kvm_vcpu *vcpu)
2841
{
2842
	struct vcpu_svm *svm = to_svm(vcpu);
2843

2844 2845 2846 2847
	if ((svm->vcpu.arch.hflags & (HF_NMI_MASK | HF_IRET_MASK))
	    == HF_NMI_MASK)
		return; /* IRET will cause a vm exit */

J
Joerg Roedel 已提交
2848 2849 2850 2851
	/*
	 * Something prevents NMI from been injected. Single step over possible
	 * problem (IRET or exception injection or interrupt shadow)
	 */
J
Joerg Roedel 已提交
2852 2853 2854
	svm->nmi_singlestep = true;
	svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
	update_db_intercept(vcpu);
2855 2856
}

2857 2858 2859 2860 2861
static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
{
	return 0;
}

2862 2863 2864 2865 2866
static void svm_flush_tlb(struct kvm_vcpu *vcpu)
{
	force_new_asid(vcpu);
}

2867 2868 2869 2870
static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu)
{
}

2871 2872 2873 2874
static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);

2875 2876 2877
	if (is_nested(svm) && (vcpu->arch.hflags & HF_VINTR_MASK))
		return;

2878 2879
	if (!(svm->vmcb->control.intercept_cr_write & INTERCEPT_CR8_MASK)) {
		int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
2880
		kvm_set_cr8(vcpu, cr8);
2881 2882 2883
	}
}

2884 2885 2886 2887 2888
static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);
	u64 cr8;

2889 2890 2891
	if (is_nested(svm) && (vcpu->arch.hflags & HF_VINTR_MASK))
		return;

2892 2893 2894 2895 2896
	cr8 = kvm_get_cr8(vcpu);
	svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
	svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
}

2897 2898 2899 2900 2901
static void svm_complete_interrupts(struct vcpu_svm *svm)
{
	u8 vector;
	int type;
	u32 exitintinfo = svm->vmcb->control.exit_int_info;
2902 2903 2904
	unsigned int3_injected = svm->int3_injected;

	svm->int3_injected = 0;
2905

2906 2907 2908
	if (svm->vcpu.arch.hflags & HF_IRET_MASK)
		svm->vcpu.arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK);

2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923
	svm->vcpu.arch.nmi_injected = false;
	kvm_clear_exception_queue(&svm->vcpu);
	kvm_clear_interrupt_queue(&svm->vcpu);

	if (!(exitintinfo & SVM_EXITINTINFO_VALID))
		return;

	vector = exitintinfo & SVM_EXITINTINFO_VEC_MASK;
	type = exitintinfo & SVM_EXITINTINFO_TYPE_MASK;

	switch (type) {
	case SVM_EXITINTINFO_TYPE_NMI:
		svm->vcpu.arch.nmi_injected = true;
		break;
	case SVM_EXITINTINFO_TYPE_EXEPT:
2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934
		/*
		 * In case of software exceptions, do not reinject the vector,
		 * but re-execute the instruction instead. Rewind RIP first
		 * if we emulated INT3 before.
		 */
		if (kvm_exception_is_soft(vector)) {
			if (vector == BP_VECTOR && int3_injected &&
			    kvm_is_linear_rip(&svm->vcpu, svm->int3_rip))
				kvm_rip_write(&svm->vcpu,
					      kvm_rip_read(&svm->vcpu) -
					      int3_injected);
2935
			break;
2936
		}
2937 2938
		if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) {
			u32 err = svm->vmcb->control.exit_int_info_err;
2939
			kvm_requeue_exception_e(&svm->vcpu, vector, err);
2940 2941

		} else
2942
			kvm_requeue_exception(&svm->vcpu, vector);
2943 2944
		break;
	case SVM_EXITINTINFO_TYPE_INTR:
2945
		kvm_queue_interrupt(&svm->vcpu, vector, false);
2946 2947 2948 2949 2950 2951
		break;
	default:
		break;
	}
}

2952 2953 2954 2955 2956 2957
#ifdef CONFIG_X86_64
#define R "r"
#else
#define R "e"
#endif

A
Avi Kivity 已提交
2958
static void svm_vcpu_run(struct kvm_vcpu *vcpu)
A
Avi Kivity 已提交
2959
{
2960
	struct vcpu_svm *svm = to_svm(vcpu);
A
Avi Kivity 已提交
2961 2962 2963
	u16 fs_selector;
	u16 gs_selector;
	u16 ldt_selector;
2964

2965 2966 2967 2968
	svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
	svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
	svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];

2969 2970 2971 2972 2973 2974 2975
	/*
	 * A vmexit emulation is required before the vcpu can be executed
	 * again.
	 */
	if (unlikely(svm->nested.exit_required))
		return;

R
Rusty Russell 已提交
2976
	pre_svm_run(svm);
A
Avi Kivity 已提交
2977

2978 2979
	sync_lapic_to_cr8(vcpu);

A
Avi Kivity 已提交
2980
	save_host_msrs(vcpu);
2981 2982 2983
	fs_selector = kvm_read_fs();
	gs_selector = kvm_read_gs();
	ldt_selector = kvm_read_ldt();
2984
	svm->vmcb->save.cr2 = vcpu->arch.cr2;
2985 2986 2987
	/* required for live migration with NPT */
	if (npt_enabled)
		svm->vmcb->save.cr3 = vcpu->arch.cr3;
A
Avi Kivity 已提交
2988

2989 2990 2991
	clgi();

	local_irq_enable();
2992

A
Avi Kivity 已提交
2993
	asm volatile (
2994 2995 2996 2997 2998 2999 3000
		"push %%"R"bp; \n\t"
		"mov %c[rbx](%[svm]), %%"R"bx \n\t"
		"mov %c[rcx](%[svm]), %%"R"cx \n\t"
		"mov %c[rdx](%[svm]), %%"R"dx \n\t"
		"mov %c[rsi](%[svm]), %%"R"si \n\t"
		"mov %c[rdi](%[svm]), %%"R"di \n\t"
		"mov %c[rbp](%[svm]), %%"R"bp \n\t"
3001
#ifdef CONFIG_X86_64
R
Rusty Russell 已提交
3002 3003 3004 3005 3006 3007 3008 3009
		"mov %c[r8](%[svm]),  %%r8  \n\t"
		"mov %c[r9](%[svm]),  %%r9  \n\t"
		"mov %c[r10](%[svm]), %%r10 \n\t"
		"mov %c[r11](%[svm]), %%r11 \n\t"
		"mov %c[r12](%[svm]), %%r12 \n\t"
		"mov %c[r13](%[svm]), %%r13 \n\t"
		"mov %c[r14](%[svm]), %%r14 \n\t"
		"mov %c[r15](%[svm]), %%r15 \n\t"
A
Avi Kivity 已提交
3010 3011 3012
#endif

		/* Enter guest mode */
3013 3014
		"push %%"R"ax \n\t"
		"mov %c[vmcb](%[svm]), %%"R"ax \n\t"
3015 3016 3017
		__ex(SVM_VMLOAD) "\n\t"
		__ex(SVM_VMRUN) "\n\t"
		__ex(SVM_VMSAVE) "\n\t"
3018
		"pop %%"R"ax \n\t"
A
Avi Kivity 已提交
3019 3020

		/* Save guest registers, load host registers */
3021 3022 3023 3024 3025 3026
		"mov %%"R"bx, %c[rbx](%[svm]) \n\t"
		"mov %%"R"cx, %c[rcx](%[svm]) \n\t"
		"mov %%"R"dx, %c[rdx](%[svm]) \n\t"
		"mov %%"R"si, %c[rsi](%[svm]) \n\t"
		"mov %%"R"di, %c[rdi](%[svm]) \n\t"
		"mov %%"R"bp, %c[rbp](%[svm]) \n\t"
3027
#ifdef CONFIG_X86_64
R
Rusty Russell 已提交
3028 3029 3030 3031 3032 3033 3034 3035
		"mov %%r8,  %c[r8](%[svm]) \n\t"
		"mov %%r9,  %c[r9](%[svm]) \n\t"
		"mov %%r10, %c[r10](%[svm]) \n\t"
		"mov %%r11, %c[r11](%[svm]) \n\t"
		"mov %%r12, %c[r12](%[svm]) \n\t"
		"mov %%r13, %c[r13](%[svm]) \n\t"
		"mov %%r14, %c[r14](%[svm]) \n\t"
		"mov %%r15, %c[r15](%[svm]) \n\t"
A
Avi Kivity 已提交
3036
#endif
3037
		"pop %%"R"bp"
A
Avi Kivity 已提交
3038
		:
R
Rusty Russell 已提交
3039
		: [svm]"a"(svm),
A
Avi Kivity 已提交
3040
		  [vmcb]"i"(offsetof(struct vcpu_svm, vmcb_pa)),
3041 3042 3043 3044 3045 3046
		  [rbx]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RBX])),
		  [rcx]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RCX])),
		  [rdx]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RDX])),
		  [rsi]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RSI])),
		  [rdi]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RDI])),
		  [rbp]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_RBP]))
3047
#ifdef CONFIG_X86_64
3048 3049 3050 3051 3052 3053 3054 3055
		  , [r8]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R8])),
		  [r9]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R9])),
		  [r10]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R10])),
		  [r11]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R11])),
		  [r12]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R12])),
		  [r13]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R13])),
		  [r14]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R14])),
		  [r15]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R15]))
A
Avi Kivity 已提交
3056
#endif
3057
		: "cc", "memory"
3058
		, R"bx", R"cx", R"dx", R"si", R"di"
3059 3060 3061 3062
#ifdef CONFIG_X86_64
		, "r8", "r9", "r10", "r11" , "r12", "r13", "r14", "r15"
#endif
		);
A
Avi Kivity 已提交
3063

3064
	vcpu->arch.cr2 = svm->vmcb->save.cr2;
3065 3066 3067
	vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
	vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
	vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
A
Avi Kivity 已提交
3068

3069 3070 3071
	kvm_load_fs(fs_selector);
	kvm_load_gs(gs_selector);
	kvm_load_ldt(ldt_selector);
A
Avi Kivity 已提交
3072 3073 3074 3075
	load_host_msrs(vcpu);

	reload_tss(vcpu);

3076 3077 3078 3079
	local_irq_disable();

	stgi();

3080 3081
	sync_cr8_to_lapic(vcpu);

3082
	svm->next_rip = 0;
3083

A
Avi Kivity 已提交
3084 3085 3086 3087
	if (npt_enabled) {
		vcpu->arch.regs_avail &= ~(1 << VCPU_EXREG_PDPTR);
		vcpu->arch.regs_dirty &= ~(1 << VCPU_EXREG_PDPTR);
	}
A
Avi Kivity 已提交
3088 3089
}

3090 3091
#undef R

A
Avi Kivity 已提交
3092 3093
static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root)
{
3094 3095
	struct vcpu_svm *svm = to_svm(vcpu);

3096 3097 3098 3099 3100 3101
	if (npt_enabled) {
		svm->vmcb->control.nested_cr3 = root;
		force_new_asid(vcpu);
		return;
	}

3102
	svm->vmcb->save.cr3 = root;
A
Avi Kivity 已提交
3103 3104 3105 3106 3107
	force_new_asid(vcpu);
}

static int is_disabled(void)
{
3108 3109 3110 3111 3112 3113
	u64 vm_cr;

	rdmsrl(MSR_VM_CR, vm_cr);
	if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE))
		return 1;

A
Avi Kivity 已提交
3114 3115 3116
	return 0;
}

I
Ingo Molnar 已提交
3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127
static void
svm_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
{
	/*
	 * Patch in the VMMCALL instruction:
	 */
	hypercall[0] = 0x0f;
	hypercall[1] = 0x01;
	hypercall[2] = 0xd9;
}

Y
Yang, Sheng 已提交
3128 3129 3130 3131 3132
static void svm_check_processor_compat(void *rtn)
{
	*(int *)rtn = 0;
}

3133 3134 3135 3136 3137
static bool svm_cpu_has_accelerated_tpr(void)
{
	return false;
}

3138 3139 3140 3141 3142 3143 3144 3145 3146
static int get_npt_level(void)
{
#ifdef CONFIG_X86_64
	return PT64_ROOT_LEVEL;
#else
	return PT32E_ROOT_LEVEL;
#endif
}

3147
static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
S
Sheng Yang 已提交
3148 3149 3150 3151
{
	return 0;
}

3152 3153 3154 3155
static void svm_cpuid_update(struct kvm_vcpu *vcpu)
{
}

3156 3157
static void svm_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
{
3158 3159 3160 3161 3162 3163 3164 3165 3166 3167
	switch (func) {
	case 0x8000000A:
		entry->eax = 1; /* SVM revision 1 */
		entry->ebx = 8; /* Lets support 8 ASIDs in case we add proper
				   ASID emulation to nested SVM */
		entry->ecx = 0; /* Reserved */
		entry->edx = 0; /* Do not support any additional features */

		break;
	}
3168 3169
}

3170
static const struct trace_print_flags svm_exit_reasons_str[] = {
J
Joerg Roedel 已提交
3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188
	{ SVM_EXIT_READ_CR0,			"read_cr0" },
	{ SVM_EXIT_READ_CR3,			"read_cr3" },
	{ SVM_EXIT_READ_CR4,			"read_cr4" },
	{ SVM_EXIT_READ_CR8,			"read_cr8" },
	{ SVM_EXIT_WRITE_CR0,			"write_cr0" },
	{ SVM_EXIT_WRITE_CR3,			"write_cr3" },
	{ SVM_EXIT_WRITE_CR4,			"write_cr4" },
	{ SVM_EXIT_WRITE_CR8,			"write_cr8" },
	{ SVM_EXIT_READ_DR0,			"read_dr0" },
	{ SVM_EXIT_READ_DR1,			"read_dr1" },
	{ SVM_EXIT_READ_DR2,			"read_dr2" },
	{ SVM_EXIT_READ_DR3,			"read_dr3" },
	{ SVM_EXIT_WRITE_DR0,			"write_dr0" },
	{ SVM_EXIT_WRITE_DR1,			"write_dr1" },
	{ SVM_EXIT_WRITE_DR2,			"write_dr2" },
	{ SVM_EXIT_WRITE_DR3,			"write_dr3" },
	{ SVM_EXIT_WRITE_DR5,			"write_dr5" },
	{ SVM_EXIT_WRITE_DR7,			"write_dr7" },
3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222
	{ SVM_EXIT_EXCP_BASE + DB_VECTOR,	"DB excp" },
	{ SVM_EXIT_EXCP_BASE + BP_VECTOR,	"BP excp" },
	{ SVM_EXIT_EXCP_BASE + UD_VECTOR,	"UD excp" },
	{ SVM_EXIT_EXCP_BASE + PF_VECTOR,	"PF excp" },
	{ SVM_EXIT_EXCP_BASE + NM_VECTOR,	"NM excp" },
	{ SVM_EXIT_EXCP_BASE + MC_VECTOR,	"MC excp" },
	{ SVM_EXIT_INTR,			"interrupt" },
	{ SVM_EXIT_NMI,				"nmi" },
	{ SVM_EXIT_SMI,				"smi" },
	{ SVM_EXIT_INIT,			"init" },
	{ SVM_EXIT_VINTR,			"vintr" },
	{ SVM_EXIT_CPUID,			"cpuid" },
	{ SVM_EXIT_INVD,			"invd" },
	{ SVM_EXIT_HLT,				"hlt" },
	{ SVM_EXIT_INVLPG,			"invlpg" },
	{ SVM_EXIT_INVLPGA,			"invlpga" },
	{ SVM_EXIT_IOIO,			"io" },
	{ SVM_EXIT_MSR,				"msr" },
	{ SVM_EXIT_TASK_SWITCH,			"task_switch" },
	{ SVM_EXIT_SHUTDOWN,			"shutdown" },
	{ SVM_EXIT_VMRUN,			"vmrun" },
	{ SVM_EXIT_VMMCALL,			"hypercall" },
	{ SVM_EXIT_VMLOAD,			"vmload" },
	{ SVM_EXIT_VMSAVE,			"vmsave" },
	{ SVM_EXIT_STGI,			"stgi" },
	{ SVM_EXIT_CLGI,			"clgi" },
	{ SVM_EXIT_SKINIT,			"skinit" },
	{ SVM_EXIT_WBINVD,			"wbinvd" },
	{ SVM_EXIT_MONITOR,			"monitor" },
	{ SVM_EXIT_MWAIT,			"mwait" },
	{ SVM_EXIT_NPF,				"npf" },
	{ -1, NULL }
};

3223
static int svm_get_lpage_level(void)
3224
{
3225
	return PT_PDPE_LEVEL;
3226 3227
}

3228 3229 3230 3231 3232
static bool svm_rdtscp_supported(void)
{
	return false;
}

3233 3234 3235 3236 3237
static void svm_fpu_deactivate(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	svm->vmcb->control.intercept_exceptions |= 1 << NM_VECTOR;
3238 3239 3240
	if (is_nested(svm))
		svm->nested.hsave->control.intercept_exceptions |= 1 << NM_VECTOR;
	update_cr0_intercept(svm);
3241 3242
}

3243
static struct kvm_x86_ops svm_x86_ops = {
A
Avi Kivity 已提交
3244 3245 3246 3247
	.cpu_has_kvm_support = has_svm,
	.disabled_by_bios = is_disabled,
	.hardware_setup = svm_hardware_setup,
	.hardware_unsetup = svm_hardware_unsetup,
Y
Yang, Sheng 已提交
3248
	.check_processor_compatibility = svm_check_processor_compat,
A
Avi Kivity 已提交
3249 3250
	.hardware_enable = svm_hardware_enable,
	.hardware_disable = svm_hardware_disable,
3251
	.cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr,
A
Avi Kivity 已提交
3252 3253 3254

	.vcpu_create = svm_create_vcpu,
	.vcpu_free = svm_free_vcpu,
3255
	.vcpu_reset = svm_vcpu_reset,
A
Avi Kivity 已提交
3256

3257
	.prepare_guest_switch = svm_prepare_guest_switch,
A
Avi Kivity 已提交
3258 3259 3260 3261 3262 3263 3264 3265 3266
	.vcpu_load = svm_vcpu_load,
	.vcpu_put = svm_vcpu_put,

	.set_guest_debug = svm_guest_debug,
	.get_msr = svm_get_msr,
	.set_msr = svm_set_msr,
	.get_segment_base = svm_get_segment_base,
	.get_segment = svm_get_segment,
	.set_segment = svm_set_segment,
3267
	.get_cpl = svm_get_cpl,
3268
	.get_cs_db_l_bits = kvm_get_cs_db_l_bits,
3269
	.decache_cr0_guest_bits = svm_decache_cr0_guest_bits,
3270
	.decache_cr4_guest_bits = svm_decache_cr4_guest_bits,
A
Avi Kivity 已提交
3271 3272 3273 3274 3275 3276 3277 3278
	.set_cr0 = svm_set_cr0,
	.set_cr3 = svm_set_cr3,
	.set_cr4 = svm_set_cr4,
	.set_efer = svm_set_efer,
	.get_idt = svm_get_idt,
	.set_idt = svm_set_idt,
	.get_gdt = svm_get_gdt,
	.set_gdt = svm_set_gdt,
3279
	.set_dr7 = svm_set_dr7,
A
Avi Kivity 已提交
3280
	.cache_reg = svm_cache_reg,
A
Avi Kivity 已提交
3281 3282
	.get_rflags = svm_get_rflags,
	.set_rflags = svm_set_rflags,
A
Avi Kivity 已提交
3283
	.fpu_activate = svm_fpu_activate,
3284
	.fpu_deactivate = svm_fpu_deactivate,
A
Avi Kivity 已提交
3285 3286 3287 3288

	.tlb_flush = svm_flush_tlb,

	.run = svm_vcpu_run,
3289
	.handle_exit = handle_exit,
A
Avi Kivity 已提交
3290
	.skip_emulated_instruction = skip_emulated_instruction,
3291 3292
	.set_interrupt_shadow = svm_set_interrupt_shadow,
	.get_interrupt_shadow = svm_get_interrupt_shadow,
I
Ingo Molnar 已提交
3293
	.patch_hypercall = svm_patch_hypercall,
E
Eddie Dong 已提交
3294
	.set_irq = svm_set_irq,
3295
	.set_nmi = svm_inject_nmi,
3296
	.queue_exception = svm_queue_exception,
3297
	.interrupt_allowed = svm_interrupt_allowed,
3298
	.nmi_allowed = svm_nmi_allowed,
J
Jan Kiszka 已提交
3299 3300
	.get_nmi_mask = svm_get_nmi_mask,
	.set_nmi_mask = svm_set_nmi_mask,
3301 3302 3303
	.enable_nmi_window = enable_nmi_window,
	.enable_irq_window = enable_irq_window,
	.update_cr8_intercept = update_cr8_intercept,
3304 3305

	.set_tss_addr = svm_set_tss_addr,
3306
	.get_tdp_level = get_npt_level,
3307
	.get_mt_mask = svm_get_mt_mask,
3308 3309

	.exit_reasons_str = svm_exit_reasons_str,
3310
	.get_lpage_level = svm_get_lpage_level,
3311 3312

	.cpuid_update = svm_cpuid_update,
3313 3314

	.rdtscp_supported = svm_rdtscp_supported,
3315 3316

	.set_supported_cpuid = svm_set_supported_cpuid,
A
Avi Kivity 已提交
3317 3318 3319 3320
};

static int __init svm_init(void)
{
3321
	return kvm_init(&svm_x86_ops, sizeof(struct vcpu_svm),
3322
			__alignof__(struct vcpu_svm), THIS_MODULE);
A
Avi Kivity 已提交
3323 3324 3325 3326
}

static void __exit svm_exit(void)
{
3327
	kvm_exit();
A
Avi Kivity 已提交
3328 3329 3330 3331
}

module_init(svm_init)
module_exit(svm_exit)