1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/kvm_host.h>
7 #include "kvm_cache_regs.h"
13 #include <linux/module.h>
14 #include <linux/mod_devicetable.h>
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/highmem.h>
18 #include <linux/amd-iommu.h>
19 #include <linux/sched.h>
20 #include <linux/trace_events.h>
21 #include <linux/slab.h>
22 #include <linux/hashtable.h>
23 #include <linux/objtool.h>
24 #include <linux/psp-sev.h>
25 #include <linux/file.h>
26 #include <linux/pagemap.h>
27 #include <linux/swap.h>
28 #include <linux/rwsem.h>
29 #include <linux/cc_platform.h>
30 #include <linux/smp.h>
33 #include <asm/perf_event.h>
34 #include <asm/tlbflush.h>
36 #include <asm/debugreg.h>
37 #include <asm/kvm_para.h>
38 #include <asm/irq_remapping.h>
39 #include <asm/spec-ctrl.h>
40 #include <asm/cpu_device_id.h>
41 #include <asm/traps.h>
42 #include <asm/fpu/api.h>
44 #include <asm/virtext.h>
46 #include <trace/events/ipi.h>
53 #include "kvm_onhyperv.h"
54 #include "svm_onhyperv.h"
56 MODULE_AUTHOR("Qumranet");
57 MODULE_LICENSE("GPL");
60 static const struct x86_cpu_id svm_cpu_id[] = {
61 X86_MATCH_FEATURE(X86_FEATURE_SVM, NULL),
64 MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id);
67 #define SEG_TYPE_LDT 2
68 #define SEG_TYPE_BUSY_TSS16 3
70 static bool erratum_383_found __read_mostly;
72 u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
75 * Set osvw_len to higher value when updated Revision Guides
76 * are published and we know what the new status bits are
78 static uint64_t osvw_len = 4, osvw_status;
80 static DEFINE_PER_CPU(u64, current_tsc_ratio);
82 #define X2APIC_MSR(x) (APIC_BASE_MSR + (x >> 4))
84 static const struct svm_direct_access_msrs {
85 u32 index; /* Index of the MSR */
86 bool always; /* True if intercept is initially cleared */
87 } direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] = {
88 { .index = MSR_STAR, .always = true },
89 { .index = MSR_IA32_SYSENTER_CS, .always = true },
90 { .index = MSR_IA32_SYSENTER_EIP, .always = false },
91 { .index = MSR_IA32_SYSENTER_ESP, .always = false },
93 { .index = MSR_GS_BASE, .always = true },
94 { .index = MSR_FS_BASE, .always = true },
95 { .index = MSR_KERNEL_GS_BASE, .always = true },
96 { .index = MSR_LSTAR, .always = true },
97 { .index = MSR_CSTAR, .always = true },
98 { .index = MSR_SYSCALL_MASK, .always = true },
100 { .index = MSR_IA32_SPEC_CTRL, .always = false },
101 { .index = MSR_IA32_PRED_CMD, .always = false },
102 { .index = MSR_IA32_FLUSH_CMD, .always = false },
103 { .index = MSR_IA32_LASTBRANCHFROMIP, .always = false },
104 { .index = MSR_IA32_LASTBRANCHTOIP, .always = false },
105 { .index = MSR_IA32_LASTINTFROMIP, .always = false },
106 { .index = MSR_IA32_LASTINTTOIP, .always = false },
107 { .index = MSR_EFER, .always = false },
108 { .index = MSR_IA32_CR_PAT, .always = false },
109 { .index = MSR_AMD64_SEV_ES_GHCB, .always = true },
110 { .index = MSR_TSC_AUX, .always = false },
111 { .index = X2APIC_MSR(APIC_ID), .always = false },
112 { .index = X2APIC_MSR(APIC_LVR), .always = false },
113 { .index = X2APIC_MSR(APIC_TASKPRI), .always = false },
114 { .index = X2APIC_MSR(APIC_ARBPRI), .always = false },
115 { .index = X2APIC_MSR(APIC_PROCPRI), .always = false },
116 { .index = X2APIC_MSR(APIC_EOI), .always = false },
117 { .index = X2APIC_MSR(APIC_RRR), .always = false },
118 { .index = X2APIC_MSR(APIC_LDR), .always = false },
119 { .index = X2APIC_MSR(APIC_DFR), .always = false },
120 { .index = X2APIC_MSR(APIC_SPIV), .always = false },
121 { .index = X2APIC_MSR(APIC_ISR), .always = false },
122 { .index = X2APIC_MSR(APIC_TMR), .always = false },
123 { .index = X2APIC_MSR(APIC_IRR), .always = false },
124 { .index = X2APIC_MSR(APIC_ESR), .always = false },
125 { .index = X2APIC_MSR(APIC_ICR), .always = false },
126 { .index = X2APIC_MSR(APIC_ICR2), .always = false },
130 * AMD does not virtualize APIC TSC-deadline timer mode, but it is
131 * emulated by KVM. When setting APIC LVTT (0x832) register bit 18,
132 * the AVIC hardware would generate GP fault. Therefore, always
133 * intercept the MSR 0x832, and do not setup direct_access_msr.
135 { .index = X2APIC_MSR(APIC_LVTTHMR), .always = false },
136 { .index = X2APIC_MSR(APIC_LVTPC), .always = false },
137 { .index = X2APIC_MSR(APIC_LVT0), .always = false },
138 { .index = X2APIC_MSR(APIC_LVT1), .always = false },
139 { .index = X2APIC_MSR(APIC_LVTERR), .always = false },
140 { .index = X2APIC_MSR(APIC_TMICT), .always = false },
141 { .index = X2APIC_MSR(APIC_TMCCT), .always = false },
142 { .index = X2APIC_MSR(APIC_TDCR), .always = false },
143 { .index = MSR_INVALID, .always = false },
147 * These 2 parameters are used to config the controls for Pause-Loop Exiting:
148 * pause_filter_count: On processors that support Pause filtering(indicated
149 * by CPUID Fn8000_000A_EDX), the VMCB provides a 16 bit pause filter
150 * count value. On VMRUN this value is loaded into an internal counter.
151 * Each time a pause instruction is executed, this counter is decremented
152 * until it reaches zero at which time a #VMEXIT is generated if pause
153 * intercept is enabled. Refer to AMD APM Vol 2 Section 15.14.4 Pause
154 * Intercept Filtering for more details.
155 * This also indicate if ple logic enabled.
157 * pause_filter_thresh: In addition, some processor families support advanced
158 * pause filtering (indicated by CPUID Fn8000_000A_EDX) upper bound on
159 * the amount of time a guest is allowed to execute in a pause loop.
160 * In this mode, a 16-bit pause filter threshold field is added in the
161 * VMCB. The threshold value is a cycle count that is used to reset the
162 * pause counter. As with simple pause filtering, VMRUN loads the pause
163 * count value from VMCB into an internal counter. Then, on each pause
164 * instruction the hardware checks the elapsed number of cycles since
165 * the most recent pause instruction against the pause filter threshold.
166 * If the elapsed cycle count is greater than the pause filter threshold,
167 * then the internal pause count is reloaded from the VMCB and execution
168 * continues. If the elapsed cycle count is less than the pause filter
169 * threshold, then the internal pause count is decremented. If the count
170 * value is less than zero and PAUSE intercept is enabled, a #VMEXIT is
171 * triggered. If advanced pause filtering is supported and pause filter
172 * threshold field is set to zero, the filter will operate in the simpler,
176 static unsigned short pause_filter_thresh = KVM_DEFAULT_PLE_GAP;
177 module_param(pause_filter_thresh, ushort, 0444);
179 static unsigned short pause_filter_count = KVM_SVM_DEFAULT_PLE_WINDOW;
180 module_param(pause_filter_count, ushort, 0444);
182 /* Default doubles per-vcpu window every exit. */
183 static unsigned short pause_filter_count_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
184 module_param(pause_filter_count_grow, ushort, 0444);
186 /* Default resets per-vcpu window every exit to pause_filter_count. */
187 static unsigned short pause_filter_count_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
188 module_param(pause_filter_count_shrink, ushort, 0444);
190 /* Default is to compute the maximum so we can never overflow. */
191 static unsigned short pause_filter_count_max = KVM_SVM_DEFAULT_PLE_WINDOW_MAX;
192 module_param(pause_filter_count_max, ushort, 0444);
195 * Use nested page tables by default. Note, NPT may get forced off by
196 * svm_hardware_setup() if it's unsupported by hardware or the host kernel.
198 bool npt_enabled = true;
199 module_param_named(npt, npt_enabled, bool, 0444);
201 /* allow nested virtualization in KVM/SVM */
202 static int nested = true;
203 module_param(nested, int, S_IRUGO);
205 /* enable/disable Next RIP Save */
207 module_param(nrips, int, 0444);
209 /* enable/disable Virtual VMLOAD VMSAVE */
210 static int vls = true;
211 module_param(vls, int, 0444);
213 /* enable/disable Virtual GIF */
215 module_param(vgif, int, 0444);
217 /* enable/disable LBR virtualization */
218 static int lbrv = true;
219 module_param(lbrv, int, 0444);
221 static int tsc_scaling = true;
222 module_param(tsc_scaling, int, 0444);
225 * enable / disable AVIC. Because the defaults differ for APICv
226 * support between VMX and SVM we cannot use module_param_named.
229 module_param(avic, bool, 0444);
231 bool __read_mostly dump_invalid_vmcb;
232 module_param(dump_invalid_vmcb, bool, 0644);
235 bool intercept_smi = true;
236 module_param(intercept_smi, bool, 0444);
239 module_param(vnmi, bool, 0444);
241 static bool svm_gp_erratum_intercept = true;
243 static u8 rsm_ins_bytes[] = "\x0f\xaa";
245 static unsigned long iopm_base;
247 DEFINE_PER_CPU(struct svm_cpu_data, svm_data);
250 * Only MSR_TSC_AUX is switched via the user return hook. EFER is switched via
251 * the VMCB, and the SYSCALL/SYSENTER MSRs are handled by VMLOAD/VMSAVE.
253 * RDTSCP and RDPID are not used in the kernel, specifically to allow KVM to
254 * defer the restoration of TSC_AUX until the CPU returns to userspace.
256 static int tsc_aux_uret_slot __read_mostly = -1;
258 static const u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};
260 #define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
261 #define MSRS_RANGE_SIZE 2048
262 #define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)
264 u32 svm_msrpm_offset(u32 msr)
269 for (i = 0; i < NUM_MSR_MAPS; i++) {
270 if (msr < msrpm_ranges[i] ||
271 msr >= msrpm_ranges[i] + MSRS_IN_RANGE)
274 offset = (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
275 offset += (i * MSRS_RANGE_SIZE); /* add range offset */
277 /* Now we have the u8 offset - but need the u32 offset */
281 /* MSR not in any range */
285 static void svm_flush_tlb_current(struct kvm_vcpu *vcpu);
287 static int get_npt_level(void)
290 return pgtable_l5_enabled() ? PT64_ROOT_5LEVEL : PT64_ROOT_4LEVEL;
292 return PT32E_ROOT_LEVEL;
296 int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
298 struct vcpu_svm *svm = to_svm(vcpu);
299 u64 old_efer = vcpu->arch.efer;
300 vcpu->arch.efer = efer;
303 /* Shadow paging assumes NX to be available. */
306 if (!(efer & EFER_LMA))
310 if ((old_efer & EFER_SVME) != (efer & EFER_SVME)) {
311 if (!(efer & EFER_SVME)) {
312 svm_leave_nested(vcpu);
313 svm_set_gif(svm, true);
314 /* #GP intercept is still needed for vmware backdoor */
315 if (!enable_vmware_backdoor)
316 clr_exception_intercept(svm, GP_VECTOR);
319 * Free the nested guest state, unless we are in SMM.
320 * In this case we will return to the nested guest
321 * as soon as we leave SMM.
324 svm_free_nested(svm);
327 int ret = svm_allocate_nested(svm);
330 vcpu->arch.efer = old_efer;
335 * Never intercept #GP for SEV guests, KVM can't
336 * decrypt guest memory to workaround the erratum.
338 if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm))
339 set_exception_intercept(svm, GP_VECTOR);
343 svm->vmcb->save.efer = efer | EFER_SVME;
344 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
348 static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
350 struct vcpu_svm *svm = to_svm(vcpu);
353 if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
354 ret = KVM_X86_SHADOW_INT_STI | KVM_X86_SHADOW_INT_MOV_SS;
358 static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
360 struct vcpu_svm *svm = to_svm(vcpu);
363 svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
365 svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;
368 static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type,
369 void *insn, int insn_len);
371 static int __svm_skip_emulated_instruction(struct kvm_vcpu *vcpu,
372 bool commit_side_effects)
374 struct vcpu_svm *svm = to_svm(vcpu);
375 unsigned long old_rflags;
378 * SEV-ES does not expose the next RIP. The RIP update is controlled by
379 * the type of exit and the #VC handler in the guest.
381 if (sev_es_guest(vcpu->kvm))
384 if (nrips && svm->vmcb->control.next_rip != 0) {
385 WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
386 svm->next_rip = svm->vmcb->control.next_rip;
389 if (!svm->next_rip) {
391 * FIXME: Drop this when kvm_emulate_instruction() does the
392 * right thing and treats "can't emulate" as outright failure
395 if (!svm_can_emulate_instruction(vcpu, EMULTYPE_SKIP, NULL, 0))
398 if (unlikely(!commit_side_effects))
399 old_rflags = svm->vmcb->save.rflags;
401 if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
404 if (unlikely(!commit_side_effects))
405 svm->vmcb->save.rflags = old_rflags;
407 kvm_rip_write(vcpu, svm->next_rip);
411 if (likely(commit_side_effects))
412 svm_set_interrupt_shadow(vcpu, 0);
417 static int svm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
419 return __svm_skip_emulated_instruction(vcpu, true);
422 static int svm_update_soft_interrupt_rip(struct kvm_vcpu *vcpu)
424 unsigned long rip, old_rip = kvm_rip_read(vcpu);
425 struct vcpu_svm *svm = to_svm(vcpu);
428 * Due to architectural shortcomings, the CPU doesn't always provide
429 * NextRIP, e.g. if KVM intercepted an exception that occurred while
430 * the CPU was vectoring an INTO/INT3 in the guest. Temporarily skip
431 * the instruction even if NextRIP is supported to acquire the next
432 * RIP so that it can be shoved into the NextRIP field, otherwise
433 * hardware will fail to advance guest RIP during event injection.
434 * Drop the exception/interrupt if emulation fails and effectively
435 * retry the instruction, it's the least awful option. If NRIPS is
436 * in use, the skip must not commit any side effects such as clearing
437 * the interrupt shadow or RFLAGS.RF.
439 if (!__svm_skip_emulated_instruction(vcpu, !nrips))
442 rip = kvm_rip_read(vcpu);
445 * Save the injection information, even when using next_rip, as the
446 * VMCB's next_rip will be lost (cleared on VM-Exit) if the injection
447 * doesn't complete due to a VM-Exit occurring while the CPU is
448 * vectoring the event. Decoding the instruction isn't guaranteed to
449 * work as there may be no backing instruction, e.g. if the event is
450 * being injected by L1 for L2, or if the guest is patching INT3 into
451 * a different instruction.
453 svm->soft_int_injected = true;
454 svm->soft_int_csbase = svm->vmcb->save.cs.base;
455 svm->soft_int_old_rip = old_rip;
456 svm->soft_int_next_rip = rip;
459 kvm_rip_write(vcpu, old_rip);
461 if (static_cpu_has(X86_FEATURE_NRIPS))
462 svm->vmcb->control.next_rip = rip;
467 static void svm_inject_exception(struct kvm_vcpu *vcpu)
469 struct kvm_queued_exception *ex = &vcpu->arch.exception;
470 struct vcpu_svm *svm = to_svm(vcpu);
472 kvm_deliver_exception_payload(vcpu, ex);
474 if (kvm_exception_is_soft(ex->vector) &&
475 svm_update_soft_interrupt_rip(vcpu))
478 svm->vmcb->control.event_inj = ex->vector
480 | (ex->has_error_code ? SVM_EVTINJ_VALID_ERR : 0)
481 | SVM_EVTINJ_TYPE_EXEPT;
482 svm->vmcb->control.event_inj_err = ex->error_code;
485 static void svm_init_erratum_383(void)
491 if (!static_cpu_has_bug(X86_BUG_AMD_TLB_MMATCH))
494 /* Use _safe variants to not break nested virtualization */
495 val = native_read_msr_safe(MSR_AMD64_DC_CFG, &err);
501 low = lower_32_bits(val);
502 high = upper_32_bits(val);
504 native_write_msr_safe(MSR_AMD64_DC_CFG, low, high);
506 erratum_383_found = true;
509 static void svm_init_osvw(struct kvm_vcpu *vcpu)
512 * Guests should see errata 400 and 415 as fixed (assuming that
513 * HLT and IO instructions are intercepted).
515 vcpu->arch.osvw.length = (osvw_len >= 3) ? (osvw_len) : 3;
516 vcpu->arch.osvw.status = osvw_status & ~(6ULL);
519 * By increasing VCPU's osvw.length to 3 we are telling the guest that
520 * all osvw.status bits inside that length, including bit 0 (which is
521 * reserved for erratum 298), are valid. However, if host processor's
522 * osvw_len is 0 then osvw_status[0] carries no information. We need to
523 * be conservative here and therefore we tell the guest that erratum 298
524 * is present (because we really don't know).
526 if (osvw_len == 0 && boot_cpu_data.x86 == 0x10)
527 vcpu->arch.osvw.status |= 1;
530 static bool kvm_is_svm_supported(void)
532 int cpu = raw_smp_processor_id();
536 if (!cpu_has_svm(&msg)) {
537 pr_err("SVM not supported by CPU %d, %s\n", cpu, msg);
541 if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
542 pr_info("KVM is unsupported when running as an SEV guest\n");
546 rdmsrl(MSR_VM_CR, vm_cr);
547 if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE)) {
548 pr_err("SVM disabled (by BIOS) in MSR_VM_CR on CPU %d\n", cpu);
555 static int svm_check_processor_compat(void)
557 if (!kvm_is_svm_supported())
563 void __svm_write_tsc_multiplier(u64 multiplier)
567 if (multiplier == __this_cpu_read(current_tsc_ratio))
570 wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
571 __this_cpu_write(current_tsc_ratio, multiplier);
576 static void svm_hardware_disable(void)
578 /* Make sure we clean up behind us */
580 __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
584 amd_pmu_disable_virt();
587 static int svm_hardware_enable(void)
590 struct svm_cpu_data *sd;
592 int me = raw_smp_processor_id();
594 rdmsrl(MSR_EFER, efer);
595 if (efer & EFER_SVME)
598 sd = per_cpu_ptr(&svm_data, me);
599 sd->asid_generation = 1;
600 sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
601 sd->next_asid = sd->max_asid + 1;
602 sd->min_asid = max_sev_asid + 1;
604 wrmsrl(MSR_EFER, efer | EFER_SVME);
606 wrmsrl(MSR_VM_HSAVE_PA, sd->save_area_pa);
608 if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
610 * Set the default value, even if we don't use TSC scaling
611 * to avoid having stale value in the msr
613 __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
620 * Note that it is possible to have a system with mixed processor
621 * revisions and therefore different OSVW bits. If bits are not the same
622 * on different processors then choose the worst case (i.e. if erratum
623 * is present on one processor and not on another then assume that the
624 * erratum is present everywhere).
626 if (cpu_has(&boot_cpu_data, X86_FEATURE_OSVW)) {
627 uint64_t len, status = 0;
630 len = native_read_msr_safe(MSR_AMD64_OSVW_ID_LENGTH, &err);
632 status = native_read_msr_safe(MSR_AMD64_OSVW_STATUS,
636 osvw_status = osvw_len = 0;
640 osvw_status |= status;
641 osvw_status &= (1ULL << osvw_len) - 1;
644 osvw_status = osvw_len = 0;
646 svm_init_erratum_383();
648 amd_pmu_enable_virt();
653 static void svm_cpu_uninit(int cpu)
655 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
660 kfree(sd->sev_vmcbs);
661 __free_page(sd->save_area);
662 sd->save_area_pa = 0;
663 sd->save_area = NULL;
666 static int svm_cpu_init(int cpu)
668 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
671 memset(sd, 0, sizeof(struct svm_cpu_data));
672 sd->save_area = alloc_page(GFP_KERNEL | __GFP_ZERO);
676 ret = sev_cpu_init(sd);
680 sd->save_area_pa = __sme_page_pa(sd->save_area);
684 __free_page(sd->save_area);
685 sd->save_area = NULL;
690 static void set_dr_intercepts(struct vcpu_svm *svm)
692 struct vmcb *vmcb = svm->vmcb01.ptr;
694 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_READ);
695 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_READ);
696 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_READ);
697 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_READ);
698 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_READ);
699 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_READ);
700 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_READ);
701 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR0_WRITE);
702 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR1_WRITE);
703 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR2_WRITE);
704 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR3_WRITE);
705 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR4_WRITE);
706 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR5_WRITE);
707 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR6_WRITE);
708 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ);
709 vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE);
711 recalc_intercepts(svm);
714 static void clr_dr_intercepts(struct vcpu_svm *svm)
716 struct vmcb *vmcb = svm->vmcb01.ptr;
718 vmcb->control.intercepts[INTERCEPT_DR] = 0;
720 recalc_intercepts(svm);
723 static int direct_access_msr_slot(u32 msr)
727 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++)
728 if (direct_access_msrs[i].index == msr)
734 static void set_shadow_msr_intercept(struct kvm_vcpu *vcpu, u32 msr, int read,
737 struct vcpu_svm *svm = to_svm(vcpu);
738 int slot = direct_access_msr_slot(msr);
743 /* Set the shadow bitmaps to the desired intercept states */
745 set_bit(slot, svm->shadow_msr_intercept.read);
747 clear_bit(slot, svm->shadow_msr_intercept.read);
750 set_bit(slot, svm->shadow_msr_intercept.write);
752 clear_bit(slot, svm->shadow_msr_intercept.write);
755 static bool valid_msr_intercept(u32 index)
757 return direct_access_msr_slot(index) != -ENOENT;
760 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
768 * For non-nested case:
769 * If the L01 MSR bitmap does not intercept the MSR, then we need to
773 * If the L02 MSR bitmap does not intercept the MSR, then we need to
776 msrpm = is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm:
779 offset = svm_msrpm_offset(msr);
780 bit_write = 2 * (msr & 0x0f) + 1;
783 BUG_ON(offset == MSR_INVALID);
785 return test_bit(bit_write, &tmp);
788 static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm,
789 u32 msr, int read, int write)
791 struct vcpu_svm *svm = to_svm(vcpu);
792 u8 bit_read, bit_write;
797 * If this warning triggers extend the direct_access_msrs list at the
798 * beginning of the file
800 WARN_ON(!valid_msr_intercept(msr));
802 /* Enforce non allowed MSRs to trap */
803 if (read && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ))
806 if (write && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE))
809 offset = svm_msrpm_offset(msr);
810 bit_read = 2 * (msr & 0x0f);
811 bit_write = 2 * (msr & 0x0f) + 1;
814 BUG_ON(offset == MSR_INVALID);
816 read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp);
817 write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
821 svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
822 svm->nested.force_msr_bitmap_recalc = true;
825 void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr,
828 set_shadow_msr_intercept(vcpu, msr, read, write);
829 set_msr_interception_bitmap(vcpu, msrpm, msr, read, write);
832 u32 *svm_vcpu_alloc_msrpm(void)
834 unsigned int order = get_order(MSRPM_SIZE);
835 struct page *pages = alloc_pages(GFP_KERNEL_ACCOUNT, order);
841 msrpm = page_address(pages);
842 memset(msrpm, 0xff, PAGE_SIZE * (1 << order));
847 void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm)
851 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
852 if (!direct_access_msrs[i].always)
854 set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1);
858 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
862 if (intercept == svm->x2avic_msrs_intercepted)
865 if (!x2avic_enabled ||
866 !apic_x2apic_mode(svm->vcpu.arch.apic))
869 for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
870 int index = direct_access_msrs[i].index;
872 if ((index < APIC_BASE_MSR) ||
873 (index > APIC_BASE_MSR + 0xff))
875 set_msr_interception(&svm->vcpu, svm->msrpm, index,
876 !intercept, !intercept);
879 svm->x2avic_msrs_intercepted = intercept;
882 void svm_vcpu_free_msrpm(u32 *msrpm)
884 __free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE));
887 static void svm_msr_filter_changed(struct kvm_vcpu *vcpu)
889 struct vcpu_svm *svm = to_svm(vcpu);
893 * Set intercept permissions for all direct access MSRs again. They
894 * will automatically get filtered through the MSR filter, so we are
895 * back in sync after this.
897 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
898 u32 msr = direct_access_msrs[i].index;
899 u32 read = test_bit(i, svm->shadow_msr_intercept.read);
900 u32 write = test_bit(i, svm->shadow_msr_intercept.write);
902 set_msr_interception_bitmap(vcpu, svm->msrpm, msr, read, write);
906 static void add_msr_offset(u32 offset)
910 for (i = 0; i < MSRPM_OFFSETS; ++i) {
912 /* Offset already in list? */
913 if (msrpm_offsets[i] == offset)
916 /* Slot used by another offset? */
917 if (msrpm_offsets[i] != MSR_INVALID)
920 /* Add offset to list */
921 msrpm_offsets[i] = offset;
927 * If this BUG triggers the msrpm_offsets table has an overflow. Just
928 * increase MSRPM_OFFSETS in this case.
933 static void init_msrpm_offsets(void)
937 memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));
939 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
942 offset = svm_msrpm_offset(direct_access_msrs[i].index);
943 BUG_ON(offset == MSR_INVALID);
945 add_msr_offset(offset);
949 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
951 to_vmcb->save.dbgctl = from_vmcb->save.dbgctl;
952 to_vmcb->save.br_from = from_vmcb->save.br_from;
953 to_vmcb->save.br_to = from_vmcb->save.br_to;
954 to_vmcb->save.last_excp_from = from_vmcb->save.last_excp_from;
955 to_vmcb->save.last_excp_to = from_vmcb->save.last_excp_to;
957 vmcb_mark_dirty(to_vmcb, VMCB_LBR);
960 static void svm_enable_lbrv(struct kvm_vcpu *vcpu)
962 struct vcpu_svm *svm = to_svm(vcpu);
964 svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK;
965 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
966 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
967 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
968 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
970 /* Move the LBR msrs to the vmcb02 so that the guest can see them. */
971 if (is_guest_mode(vcpu))
972 svm_copy_lbrs(svm->vmcb, svm->vmcb01.ptr);
975 static void svm_disable_lbrv(struct kvm_vcpu *vcpu)
977 struct vcpu_svm *svm = to_svm(vcpu);
979 svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
980 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
981 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
982 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
983 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
986 * Move the LBR msrs back to the vmcb01 to avoid copying them
987 * on nested guest entries.
989 if (is_guest_mode(vcpu))
990 svm_copy_lbrs(svm->vmcb01.ptr, svm->vmcb);
993 static struct vmcb *svm_get_lbr_vmcb(struct vcpu_svm *svm)
996 * If LBR virtualization is disabled, the LBR MSRs are always kept in
997 * vmcb01. If LBR virtualization is enabled and L1 is running VMs of
998 * its own, the MSRs are moved between vmcb01 and vmcb02 as needed.
1000 return svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK ? svm->vmcb :
1004 void svm_update_lbrv(struct kvm_vcpu *vcpu)
1006 struct vcpu_svm *svm = to_svm(vcpu);
1007 bool current_enable_lbrv = svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK;
1008 bool enable_lbrv = (svm_get_lbr_vmcb(svm)->save.dbgctl & DEBUGCTLMSR_LBR) ||
1009 (is_guest_mode(vcpu) && svm->lbrv_enabled &&
1010 (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK));
1012 if (enable_lbrv == current_enable_lbrv)
1016 svm_enable_lbrv(vcpu);
1018 svm_disable_lbrv(vcpu);
1021 void disable_nmi_singlestep(struct vcpu_svm *svm)
1023 svm->nmi_singlestep = false;
1025 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) {
1026 /* Clear our flags if they were not set by the guest */
1027 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
1028 svm->vmcb->save.rflags &= ~X86_EFLAGS_TF;
1029 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
1030 svm->vmcb->save.rflags &= ~X86_EFLAGS_RF;
1034 static void grow_ple_window(struct kvm_vcpu *vcpu)
1036 struct vcpu_svm *svm = to_svm(vcpu);
1037 struct vmcb_control_area *control = &svm->vmcb->control;
1038 int old = control->pause_filter_count;
1040 if (kvm_pause_in_guest(vcpu->kvm))
1043 control->pause_filter_count = __grow_ple_window(old,
1045 pause_filter_count_grow,
1046 pause_filter_count_max);
1048 if (control->pause_filter_count != old) {
1049 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1050 trace_kvm_ple_window_update(vcpu->vcpu_id,
1051 control->pause_filter_count, old);
1055 static void shrink_ple_window(struct kvm_vcpu *vcpu)
1057 struct vcpu_svm *svm = to_svm(vcpu);
1058 struct vmcb_control_area *control = &svm->vmcb->control;
1059 int old = control->pause_filter_count;
1061 if (kvm_pause_in_guest(vcpu->kvm))
1064 control->pause_filter_count =
1065 __shrink_ple_window(old,
1067 pause_filter_count_shrink,
1068 pause_filter_count);
1069 if (control->pause_filter_count != old) {
1070 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1071 trace_kvm_ple_window_update(vcpu->vcpu_id,
1072 control->pause_filter_count, old);
1076 static void svm_hardware_unsetup(void)
1080 sev_hardware_unsetup();
1082 for_each_possible_cpu(cpu)
1083 svm_cpu_uninit(cpu);
1085 __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT),
1086 get_order(IOPM_SIZE));
1090 static void init_seg(struct vmcb_seg *seg)
1093 seg->attrib = SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK |
1094 SVM_SELECTOR_WRITE_MASK; /* Read/Write Data Segment */
1095 seg->limit = 0xffff;
1099 static void init_sys_seg(struct vmcb_seg *seg, uint32_t type)
1102 seg->attrib = SVM_SELECTOR_P_MASK | type;
1103 seg->limit = 0xffff;
1107 static u64 svm_get_l2_tsc_offset(struct kvm_vcpu *vcpu)
1109 struct vcpu_svm *svm = to_svm(vcpu);
1111 return svm->nested.ctl.tsc_offset;
1114 static u64 svm_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu)
1116 struct vcpu_svm *svm = to_svm(vcpu);
1118 return svm->tsc_ratio_msr;
1121 static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
1123 struct vcpu_svm *svm = to_svm(vcpu);
1125 svm->vmcb01.ptr->control.tsc_offset = vcpu->arch.l1_tsc_offset;
1126 svm->vmcb->control.tsc_offset = offset;
1127 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1130 static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
1132 __svm_write_tsc_multiplier(multiplier);
1136 /* Evaluate instruction intercepts that depend on guest CPUID features. */
1137 static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
1138 struct vcpu_svm *svm)
1141 * Intercept INVPCID if shadow paging is enabled to sync/free shadow
1142 * roots, or if INVPCID is disabled in the guest to inject #UD.
1144 if (kvm_cpu_cap_has(X86_FEATURE_INVPCID)) {
1146 !guest_cpuid_has(&svm->vcpu, X86_FEATURE_INVPCID))
1147 svm_set_intercept(svm, INTERCEPT_INVPCID);
1149 svm_clr_intercept(svm, INTERCEPT_INVPCID);
1152 if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) {
1153 if (guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
1154 svm_clr_intercept(svm, INTERCEPT_RDTSCP);
1156 svm_set_intercept(svm, INTERCEPT_RDTSCP);
1160 static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu)
1162 struct vcpu_svm *svm = to_svm(vcpu);
1164 if (guest_cpuid_is_intel(vcpu)) {
1166 * We must intercept SYSENTER_EIP and SYSENTER_ESP
1167 * accesses because the processor only stores 32 bits.
1168 * For the same reason we cannot use virtual VMLOAD/VMSAVE.
1170 svm_set_intercept(svm, INTERCEPT_VMLOAD);
1171 svm_set_intercept(svm, INTERCEPT_VMSAVE);
1172 svm->vmcb->control.virt_ext &= ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
1174 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0);
1175 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0);
1177 svm->v_vmload_vmsave_enabled = false;
1180 * If hardware supports Virtual VMLOAD VMSAVE then enable it
1181 * in VMCB and clear intercepts to avoid #VMEXIT.
1184 svm_clr_intercept(svm, INTERCEPT_VMLOAD);
1185 svm_clr_intercept(svm, INTERCEPT_VMSAVE);
1186 svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
1188 /* No need to intercept these MSRs */
1189 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1);
1190 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1);
1194 static void init_vmcb(struct kvm_vcpu *vcpu)
1196 struct vcpu_svm *svm = to_svm(vcpu);
1197 struct vmcb *vmcb = svm->vmcb01.ptr;
1198 struct vmcb_control_area *control = &vmcb->control;
1199 struct vmcb_save_area *save = &vmcb->save;
1201 svm_set_intercept(svm, INTERCEPT_CR0_READ);
1202 svm_set_intercept(svm, INTERCEPT_CR3_READ);
1203 svm_set_intercept(svm, INTERCEPT_CR4_READ);
1204 svm_set_intercept(svm, INTERCEPT_CR0_WRITE);
1205 svm_set_intercept(svm, INTERCEPT_CR3_WRITE);
1206 svm_set_intercept(svm, INTERCEPT_CR4_WRITE);
1207 if (!kvm_vcpu_apicv_active(vcpu))
1208 svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
1210 set_dr_intercepts(svm);
1212 set_exception_intercept(svm, PF_VECTOR);
1213 set_exception_intercept(svm, UD_VECTOR);
1214 set_exception_intercept(svm, MC_VECTOR);
1215 set_exception_intercept(svm, AC_VECTOR);
1216 set_exception_intercept(svm, DB_VECTOR);
1218 * Guest access to VMware backdoor ports could legitimately
1219 * trigger #GP because of TSS I/O permission bitmap.
1220 * We intercept those #GP and allow access to them anyway
1223 if (enable_vmware_backdoor)
1224 set_exception_intercept(svm, GP_VECTOR);
1226 svm_set_intercept(svm, INTERCEPT_INTR);
1227 svm_set_intercept(svm, INTERCEPT_NMI);
1230 svm_set_intercept(svm, INTERCEPT_SMI);
1232 svm_set_intercept(svm, INTERCEPT_SELECTIVE_CR0);
1233 svm_set_intercept(svm, INTERCEPT_RDPMC);
1234 svm_set_intercept(svm, INTERCEPT_CPUID);
1235 svm_set_intercept(svm, INTERCEPT_INVD);
1236 svm_set_intercept(svm, INTERCEPT_INVLPG);
1237 svm_set_intercept(svm, INTERCEPT_INVLPGA);
1238 svm_set_intercept(svm, INTERCEPT_IOIO_PROT);
1239 svm_set_intercept(svm, INTERCEPT_MSR_PROT);
1240 svm_set_intercept(svm, INTERCEPT_TASK_SWITCH);
1241 svm_set_intercept(svm, INTERCEPT_SHUTDOWN);
1242 svm_set_intercept(svm, INTERCEPT_VMRUN);
1243 svm_set_intercept(svm, INTERCEPT_VMMCALL);
1244 svm_set_intercept(svm, INTERCEPT_VMLOAD);
1245 svm_set_intercept(svm, INTERCEPT_VMSAVE);
1246 svm_set_intercept(svm, INTERCEPT_STGI);
1247 svm_set_intercept(svm, INTERCEPT_CLGI);
1248 svm_set_intercept(svm, INTERCEPT_SKINIT);
1249 svm_set_intercept(svm, INTERCEPT_WBINVD);
1250 svm_set_intercept(svm, INTERCEPT_XSETBV);
1251 svm_set_intercept(svm, INTERCEPT_RDPRU);
1252 svm_set_intercept(svm, INTERCEPT_RSM);
1254 if (!kvm_mwait_in_guest(vcpu->kvm)) {
1255 svm_set_intercept(svm, INTERCEPT_MONITOR);
1256 svm_set_intercept(svm, INTERCEPT_MWAIT);
1259 if (!kvm_hlt_in_guest(vcpu->kvm))
1260 svm_set_intercept(svm, INTERCEPT_HLT);
1262 control->iopm_base_pa = __sme_set(iopm_base);
1263 control->msrpm_base_pa = __sme_set(__pa(svm->msrpm));
1264 control->int_ctl = V_INTR_MASKING_MASK;
1266 init_seg(&save->es);
1267 init_seg(&save->ss);
1268 init_seg(&save->ds);
1269 init_seg(&save->fs);
1270 init_seg(&save->gs);
1272 save->cs.selector = 0xf000;
1273 save->cs.base = 0xffff0000;
1274 /* Executable/Readable Code Segment */
1275 save->cs.attrib = SVM_SELECTOR_READ_MASK | SVM_SELECTOR_P_MASK |
1276 SVM_SELECTOR_S_MASK | SVM_SELECTOR_CODE_MASK;
1277 save->cs.limit = 0xffff;
1279 save->gdtr.base = 0;
1280 save->gdtr.limit = 0xffff;
1281 save->idtr.base = 0;
1282 save->idtr.limit = 0xffff;
1284 init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
1285 init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);
1288 /* Setup VMCB for Nested Paging */
1289 control->nested_ctl |= SVM_NESTED_CTL_NP_ENABLE;
1290 svm_clr_intercept(svm, INTERCEPT_INVLPG);
1291 clr_exception_intercept(svm, PF_VECTOR);
1292 svm_clr_intercept(svm, INTERCEPT_CR3_READ);
1293 svm_clr_intercept(svm, INTERCEPT_CR3_WRITE);
1294 save->g_pat = vcpu->arch.pat;
1297 svm->current_vmcb->asid_generation = 0;
1300 svm->nested.vmcb12_gpa = INVALID_GPA;
1301 svm->nested.last_vmcb12_gpa = INVALID_GPA;
1303 if (!kvm_pause_in_guest(vcpu->kvm)) {
1304 control->pause_filter_count = pause_filter_count;
1305 if (pause_filter_thresh)
1306 control->pause_filter_thresh = pause_filter_thresh;
1307 svm_set_intercept(svm, INTERCEPT_PAUSE);
1309 svm_clr_intercept(svm, INTERCEPT_PAUSE);
1312 svm_recalc_instruction_intercepts(vcpu, svm);
1315 * If the host supports V_SPEC_CTRL then disable the interception
1316 * of MSR_IA32_SPEC_CTRL.
1318 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
1319 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
1321 if (kvm_vcpu_apicv_active(vcpu))
1322 avic_init_vmcb(svm, vmcb);
1325 svm->vmcb->control.int_ctl |= V_NMI_ENABLE_MASK;
1328 svm_clr_intercept(svm, INTERCEPT_STGI);
1329 svm_clr_intercept(svm, INTERCEPT_CLGI);
1330 svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK;
1333 if (sev_guest(vcpu->kvm))
1336 svm_hv_init_vmcb(vmcb);
1337 init_vmcb_after_set_cpuid(vcpu);
1339 vmcb_mark_all_dirty(vmcb);
1344 static void __svm_vcpu_reset(struct kvm_vcpu *vcpu)
1346 struct vcpu_svm *svm = to_svm(vcpu);
1348 svm_vcpu_init_msrpm(vcpu, svm->msrpm);
1350 svm_init_osvw(vcpu);
1351 vcpu->arch.microcode_version = 0x01000065;
1352 svm->tsc_ratio_msr = kvm_caps.default_tsc_scaling_ratio;
1354 svm->nmi_masked = false;
1355 svm->awaiting_iret_completion = false;
1357 if (sev_es_guest(vcpu->kvm))
1358 sev_es_vcpu_reset(svm);
1361 static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
1363 struct vcpu_svm *svm = to_svm(vcpu);
1366 svm->virt_spec_ctrl = 0;
1371 __svm_vcpu_reset(vcpu);
1374 void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vmcb)
1376 svm->current_vmcb = target_vmcb;
1377 svm->vmcb = target_vmcb->ptr;
1380 static int svm_vcpu_create(struct kvm_vcpu *vcpu)
1382 struct vcpu_svm *svm;
1383 struct page *vmcb01_page;
1384 struct page *vmsa_page = NULL;
1387 BUILD_BUG_ON(offsetof(struct vcpu_svm, vcpu) != 0);
1391 vmcb01_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
1395 if (sev_es_guest(vcpu->kvm)) {
1397 * SEV-ES guests require a separate VMSA page used to contain
1398 * the encrypted register state of the guest.
1400 vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
1402 goto error_free_vmcb_page;
1405 * SEV-ES guests maintain an encrypted version of their FPU
1406 * state which is restored and saved on VMRUN and VMEXIT.
1407 * Mark vcpu->arch.guest_fpu->fpstate as scratch so it won't
1408 * do xsave/xrstor on it.
1410 fpstate_set_confidential(&vcpu->arch.guest_fpu);
1413 err = avic_init_vcpu(svm);
1415 goto error_free_vmsa_page;
1417 svm->msrpm = svm_vcpu_alloc_msrpm();
1420 goto error_free_vmsa_page;
1423 svm->x2avic_msrs_intercepted = true;
1425 svm->vmcb01.ptr = page_address(vmcb01_page);
1426 svm->vmcb01.pa = __sme_set(page_to_pfn(vmcb01_page) << PAGE_SHIFT);
1427 svm_switch_vmcb(svm, &svm->vmcb01);
1430 svm->sev_es.vmsa = page_address(vmsa_page);
1432 svm->guest_state_loaded = false;
1436 error_free_vmsa_page:
1438 __free_page(vmsa_page);
1439 error_free_vmcb_page:
1440 __free_page(vmcb01_page);
1445 static void svm_clear_current_vmcb(struct vmcb *vmcb)
1449 for_each_online_cpu(i)
1450 cmpxchg(per_cpu_ptr(&svm_data.current_vmcb, i), vmcb, NULL);
1453 static void svm_vcpu_free(struct kvm_vcpu *vcpu)
1455 struct vcpu_svm *svm = to_svm(vcpu);
1458 * The vmcb page can be recycled, causing a false negative in
1459 * svm_vcpu_load(). So, ensure that no logical CPU has this
1460 * vmcb page recorded as its current vmcb.
1462 svm_clear_current_vmcb(svm->vmcb);
1464 svm_leave_nested(vcpu);
1465 svm_free_nested(svm);
1467 sev_free_vcpu(vcpu);
1469 __free_page(pfn_to_page(__sme_clr(svm->vmcb01.pa) >> PAGE_SHIFT));
1470 __free_pages(virt_to_page(svm->msrpm), get_order(MSRPM_SIZE));
1473 static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
1475 struct vcpu_svm *svm = to_svm(vcpu);
1476 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
1478 if (sev_es_guest(vcpu->kvm))
1479 sev_es_unmap_ghcb(svm);
1481 if (svm->guest_state_loaded)
1485 * Save additional host state that will be restored on VMEXIT (sev-es)
1486 * or subsequent vmload of host save area.
1488 vmsave(sd->save_area_pa);
1489 if (sev_es_guest(vcpu->kvm)) {
1490 struct sev_es_save_area *hostsa;
1491 hostsa = (struct sev_es_save_area *)(page_address(sd->save_area) + 0x400);
1493 sev_es_prepare_switch_to_guest(hostsa);
1497 __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
1499 if (likely(tsc_aux_uret_slot >= 0))
1500 kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull);
1502 svm->guest_state_loaded = true;
1505 static void svm_prepare_host_switch(struct kvm_vcpu *vcpu)
1507 to_svm(vcpu)->guest_state_loaded = false;
1510 static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1512 struct vcpu_svm *svm = to_svm(vcpu);
1513 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
1515 if (sd->current_vmcb != svm->vmcb) {
1516 sd->current_vmcb = svm->vmcb;
1517 indirect_branch_prediction_barrier();
1519 if (kvm_vcpu_apicv_active(vcpu))
1520 avic_vcpu_load(vcpu, cpu);
1523 static void svm_vcpu_put(struct kvm_vcpu *vcpu)
1525 if (kvm_vcpu_apicv_active(vcpu))
1526 avic_vcpu_put(vcpu);
1528 svm_prepare_host_switch(vcpu);
1530 ++vcpu->stat.host_state_reload;
1533 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
1535 struct vcpu_svm *svm = to_svm(vcpu);
1536 unsigned long rflags = svm->vmcb->save.rflags;
1538 if (svm->nmi_singlestep) {
1539 /* Hide our flags if they were not set by the guest */
1540 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
1541 rflags &= ~X86_EFLAGS_TF;
1542 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
1543 rflags &= ~X86_EFLAGS_RF;
1548 static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
1550 if (to_svm(vcpu)->nmi_singlestep)
1551 rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
1554 * Any change of EFLAGS.VM is accompanied by a reload of SS
1555 * (caused by either a task switch or an inter-privilege IRET),
1556 * so we do not need to update the CPL here.
1558 to_svm(vcpu)->vmcb->save.rflags = rflags;
1561 static bool svm_get_if_flag(struct kvm_vcpu *vcpu)
1563 struct vmcb *vmcb = to_svm(vcpu)->vmcb;
1565 return sev_es_guest(vcpu->kvm)
1566 ? vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK
1567 : kvm_get_rflags(vcpu) & X86_EFLAGS_IF;
1570 static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
1572 kvm_register_mark_available(vcpu, reg);
1575 case VCPU_EXREG_PDPTR:
1577 * When !npt_enabled, mmu->pdptrs[] is already available since
1578 * it is always updated per SDM when moving to CRs.
1581 load_pdptrs(vcpu, kvm_read_cr3(vcpu));
1584 KVM_BUG_ON(1, vcpu->kvm);
1588 static void svm_set_vintr(struct vcpu_svm *svm)
1590 struct vmcb_control_area *control;
1593 * The following fields are ignored when AVIC is enabled
1595 WARN_ON(kvm_vcpu_apicv_activated(&svm->vcpu));
1597 svm_set_intercept(svm, INTERCEPT_VINTR);
1600 * Recalculating intercepts may have cleared the VINTR intercept. If
1601 * V_INTR_MASKING is enabled in vmcb12, then the effective RFLAGS.IF
1602 * for L1 physical interrupts is L1's RFLAGS.IF at the time of VMRUN.
1603 * Requesting an interrupt window if save.RFLAGS.IF=0 is pointless as
1604 * interrupts will never be unblocked while L2 is running.
1606 if (!svm_is_intercept(svm, INTERCEPT_VINTR))
1610 * This is just a dummy VINTR to actually cause a vmexit to happen.
1611 * Actual injection of virtual interrupts happens through EVENTINJ.
1613 control = &svm->vmcb->control;
1614 control->int_vector = 0x0;
1615 control->int_ctl &= ~V_INTR_PRIO_MASK;
1616 control->int_ctl |= V_IRQ_MASK |
1617 ((/*control->int_vector >> 4*/ 0xf) << V_INTR_PRIO_SHIFT);
1618 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
1621 static void svm_clear_vintr(struct vcpu_svm *svm)
1623 svm_clr_intercept(svm, INTERCEPT_VINTR);
1625 /* Drop int_ctl fields related to VINTR injection. */
1626 svm->vmcb->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
1627 if (is_guest_mode(&svm->vcpu)) {
1628 svm->vmcb01.ptr->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
1630 WARN_ON((svm->vmcb->control.int_ctl & V_TPR_MASK) !=
1631 (svm->nested.ctl.int_ctl & V_TPR_MASK));
1633 svm->vmcb->control.int_ctl |= svm->nested.ctl.int_ctl &
1634 V_IRQ_INJECTION_BITS_MASK;
1636 svm->vmcb->control.int_vector = svm->nested.ctl.int_vector;
1639 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
1642 static struct vmcb_seg *svm_seg(struct kvm_vcpu *vcpu, int seg)
1644 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1645 struct vmcb_save_area *save01 = &to_svm(vcpu)->vmcb01.ptr->save;
1648 case VCPU_SREG_CS: return &save->cs;
1649 case VCPU_SREG_DS: return &save->ds;
1650 case VCPU_SREG_ES: return &save->es;
1651 case VCPU_SREG_FS: return &save01->fs;
1652 case VCPU_SREG_GS: return &save01->gs;
1653 case VCPU_SREG_SS: return &save->ss;
1654 case VCPU_SREG_TR: return &save01->tr;
1655 case VCPU_SREG_LDTR: return &save01->ldtr;
1661 static u64 svm_get_segment_base(struct kvm_vcpu *vcpu, int seg)
1663 struct vmcb_seg *s = svm_seg(vcpu, seg);
1668 static void svm_get_segment(struct kvm_vcpu *vcpu,
1669 struct kvm_segment *var, int seg)
1671 struct vmcb_seg *s = svm_seg(vcpu, seg);
1673 var->base = s->base;
1674 var->limit = s->limit;
1675 var->selector = s->selector;
1676 var->type = s->attrib & SVM_SELECTOR_TYPE_MASK;
1677 var->s = (s->attrib >> SVM_SELECTOR_S_SHIFT) & 1;
1678 var->dpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
1679 var->present = (s->attrib >> SVM_SELECTOR_P_SHIFT) & 1;
1680 var->avl = (s->attrib >> SVM_SELECTOR_AVL_SHIFT) & 1;
1681 var->l = (s->attrib >> SVM_SELECTOR_L_SHIFT) & 1;
1682 var->db = (s->attrib >> SVM_SELECTOR_DB_SHIFT) & 1;
1685 * AMD CPUs circa 2014 track the G bit for all segments except CS.
1686 * However, the SVM spec states that the G bit is not observed by the
1687 * CPU, and some VMware virtual CPUs drop the G bit for all segments.
1688 * So let's synthesize a legal G bit for all segments, this helps
1689 * running KVM nested. It also helps cross-vendor migration, because
1690 * Intel's vmentry has a check on the 'G' bit.
1692 var->g = s->limit > 0xfffff;
1695 * AMD's VMCB does not have an explicit unusable field, so emulate it
1696 * for cross vendor migration purposes by "not present"
1698 var->unusable = !var->present;
1703 * Work around a bug where the busy flag in the tr selector
1713 * The accessed bit must always be set in the segment
1714 * descriptor cache, although it can be cleared in the
1715 * descriptor, the cached bit always remains at 1. Since
1716 * Intel has a check on this, set it here to support
1717 * cross-vendor migration.
1724 * On AMD CPUs sometimes the DB bit in the segment
1725 * descriptor is left as 1, although the whole segment has
1726 * been made unusable. Clear it here to pass an Intel VMX
1727 * entry check when cross vendor migrating.
1731 /* This is symmetric with svm_set_segment() */
1732 var->dpl = to_svm(vcpu)->vmcb->save.cpl;
1737 static int svm_get_cpl(struct kvm_vcpu *vcpu)
1739 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1744 static void svm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
1746 struct kvm_segment cs;
1748 svm_get_segment(vcpu, &cs, VCPU_SREG_CS);
1753 static void svm_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1755 struct vcpu_svm *svm = to_svm(vcpu);
1757 dt->size = svm->vmcb->save.idtr.limit;
1758 dt->address = svm->vmcb->save.idtr.base;
1761 static void svm_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1763 struct vcpu_svm *svm = to_svm(vcpu);
1765 svm->vmcb->save.idtr.limit = dt->size;
1766 svm->vmcb->save.idtr.base = dt->address ;
1767 vmcb_mark_dirty(svm->vmcb, VMCB_DT);
1770 static void svm_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1772 struct vcpu_svm *svm = to_svm(vcpu);
1774 dt->size = svm->vmcb->save.gdtr.limit;
1775 dt->address = svm->vmcb->save.gdtr.base;
1778 static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1780 struct vcpu_svm *svm = to_svm(vcpu);
1782 svm->vmcb->save.gdtr.limit = dt->size;
1783 svm->vmcb->save.gdtr.base = dt->address ;
1784 vmcb_mark_dirty(svm->vmcb, VMCB_DT);
1787 static void sev_post_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
1789 struct vcpu_svm *svm = to_svm(vcpu);
1792 * For guests that don't set guest_state_protected, the cr3 update is
1793 * handled via kvm_mmu_load() while entering the guest. For guests
1794 * that do (SEV-ES/SEV-SNP), the cr3 update needs to be written to
1795 * VMCB save area now, since the save area will become the initial
1796 * contents of the VMSA, and future VMCB save area updates won't be
1799 if (sev_es_guest(vcpu->kvm)) {
1800 svm->vmcb->save.cr3 = cr3;
1801 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
1805 void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
1807 struct vcpu_svm *svm = to_svm(vcpu);
1809 bool old_paging = is_paging(vcpu);
1811 #ifdef CONFIG_X86_64
1812 if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) {
1813 if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
1814 vcpu->arch.efer |= EFER_LMA;
1815 svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
1818 if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
1819 vcpu->arch.efer &= ~EFER_LMA;
1820 svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
1824 vcpu->arch.cr0 = cr0;
1827 hcr0 |= X86_CR0_PG | X86_CR0_WP;
1828 if (old_paging != is_paging(vcpu))
1829 svm_set_cr4(vcpu, kvm_read_cr4(vcpu));
1833 * re-enable caching here because the QEMU bios
1834 * does not do it - this results in some delay at
1837 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
1838 hcr0 &= ~(X86_CR0_CD | X86_CR0_NW);
1840 svm->vmcb->save.cr0 = hcr0;
1841 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
1844 * SEV-ES guests must always keep the CR intercepts cleared. CR
1845 * tracking is done using the CR write traps.
1847 if (sev_es_guest(vcpu->kvm))
1851 /* Selective CR0 write remains on. */
1852 svm_clr_intercept(svm, INTERCEPT_CR0_READ);
1853 svm_clr_intercept(svm, INTERCEPT_CR0_WRITE);
1855 svm_set_intercept(svm, INTERCEPT_CR0_READ);
1856 svm_set_intercept(svm, INTERCEPT_CR0_WRITE);
1860 static bool svm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1865 void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1867 unsigned long host_cr4_mce = cr4_read_shadow() & X86_CR4_MCE;
1868 unsigned long old_cr4 = vcpu->arch.cr4;
1870 if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
1871 svm_flush_tlb_current(vcpu);
1873 vcpu->arch.cr4 = cr4;
1877 if (!is_paging(vcpu))
1878 cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
1880 cr4 |= host_cr4_mce;
1881 to_svm(vcpu)->vmcb->save.cr4 = cr4;
1882 vmcb_mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
1884 if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE))
1885 kvm_update_cpuid_runtime(vcpu);
1888 static void svm_set_segment(struct kvm_vcpu *vcpu,
1889 struct kvm_segment *var, int seg)
1891 struct vcpu_svm *svm = to_svm(vcpu);
1892 struct vmcb_seg *s = svm_seg(vcpu, seg);
1894 s->base = var->base;
1895 s->limit = var->limit;
1896 s->selector = var->selector;
1897 s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK);
1898 s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT;
1899 s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT;
1900 s->attrib |= ((var->present & 1) && !var->unusable) << SVM_SELECTOR_P_SHIFT;
1901 s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT;
1902 s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT;
1903 s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT;
1904 s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT;
1907 * This is always accurate, except if SYSRET returned to a segment
1908 * with SS.DPL != 3. Intel does not have this quirk, and always
1909 * forces SS.DPL to 3 on sysret, so we ignore that case; fixing it
1910 * would entail passing the CPL to userspace and back.
1912 if (seg == VCPU_SREG_SS)
1913 /* This is symmetric with svm_get_segment() */
1914 svm->vmcb->save.cpl = (var->dpl & 3);
1916 vmcb_mark_dirty(svm->vmcb, VMCB_SEG);
1919 static void svm_update_exception_bitmap(struct kvm_vcpu *vcpu)
1921 struct vcpu_svm *svm = to_svm(vcpu);
1923 clr_exception_intercept(svm, BP_VECTOR);
1925 if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
1926 if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
1927 set_exception_intercept(svm, BP_VECTOR);
1931 static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
1933 if (sd->next_asid > sd->max_asid) {
1934 ++sd->asid_generation;
1935 sd->next_asid = sd->min_asid;
1936 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
1937 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
1940 svm->current_vmcb->asid_generation = sd->asid_generation;
1941 svm->asid = sd->next_asid++;
1944 static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value)
1946 struct vmcb *vmcb = svm->vmcb;
1948 if (svm->vcpu.arch.guest_state_protected)
1951 if (unlikely(value != vmcb->save.dr6)) {
1952 vmcb->save.dr6 = value;
1953 vmcb_mark_dirty(vmcb, VMCB_DR);
1957 static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
1959 struct vcpu_svm *svm = to_svm(vcpu);
1961 if (WARN_ON_ONCE(sev_es_guest(vcpu->kvm)))
1964 get_debugreg(vcpu->arch.db[0], 0);
1965 get_debugreg(vcpu->arch.db[1], 1);
1966 get_debugreg(vcpu->arch.db[2], 2);
1967 get_debugreg(vcpu->arch.db[3], 3);
1969 * We cannot reset svm->vmcb->save.dr6 to DR6_ACTIVE_LOW here,
1970 * because db_interception might need it. We can do it before vmentry.
1972 vcpu->arch.dr6 = svm->vmcb->save.dr6;
1973 vcpu->arch.dr7 = svm->vmcb->save.dr7;
1974 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
1975 set_dr_intercepts(svm);
1978 static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
1980 struct vcpu_svm *svm = to_svm(vcpu);
1982 if (vcpu->arch.guest_state_protected)
1985 svm->vmcb->save.dr7 = value;
1986 vmcb_mark_dirty(svm->vmcb, VMCB_DR);
1989 static int pf_interception(struct kvm_vcpu *vcpu)
1991 struct vcpu_svm *svm = to_svm(vcpu);
1993 u64 fault_address = svm->vmcb->control.exit_info_2;
1994 u64 error_code = svm->vmcb->control.exit_info_1;
1996 return kvm_handle_page_fault(vcpu, error_code, fault_address,
1997 static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
1998 svm->vmcb->control.insn_bytes : NULL,
1999 svm->vmcb->control.insn_len);
2002 static int npf_interception(struct kvm_vcpu *vcpu)
2004 struct vcpu_svm *svm = to_svm(vcpu);
2006 u64 fault_address = svm->vmcb->control.exit_info_2;
2007 u64 error_code = svm->vmcb->control.exit_info_1;
2009 trace_kvm_page_fault(vcpu, fault_address, error_code);
2010 return kvm_mmu_page_fault(vcpu, fault_address, error_code,
2011 static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
2012 svm->vmcb->control.insn_bytes : NULL,
2013 svm->vmcb->control.insn_len);
2016 static int db_interception(struct kvm_vcpu *vcpu)
2018 struct kvm_run *kvm_run = vcpu->run;
2019 struct vcpu_svm *svm = to_svm(vcpu);
2021 if (!(vcpu->guest_debug &
2022 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
2023 !svm->nmi_singlestep) {
2024 u32 payload = svm->vmcb->save.dr6 ^ DR6_ACTIVE_LOW;
2025 kvm_queue_exception_p(vcpu, DB_VECTOR, payload);
2029 if (svm->nmi_singlestep) {
2030 disable_nmi_singlestep(svm);
2031 /* Make sure we check for pending NMIs upon entry */
2032 kvm_make_request(KVM_REQ_EVENT, vcpu);
2035 if (vcpu->guest_debug &
2036 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) {
2037 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2038 kvm_run->debug.arch.dr6 = svm->vmcb->save.dr6;
2039 kvm_run->debug.arch.dr7 = svm->vmcb->save.dr7;
2040 kvm_run->debug.arch.pc =
2041 svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2042 kvm_run->debug.arch.exception = DB_VECTOR;
2049 static int bp_interception(struct kvm_vcpu *vcpu)
2051 struct vcpu_svm *svm = to_svm(vcpu);
2052 struct kvm_run *kvm_run = vcpu->run;
2054 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2055 kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2056 kvm_run->debug.arch.exception = BP_VECTOR;
2060 static int ud_interception(struct kvm_vcpu *vcpu)
2062 return handle_ud(vcpu);
2065 static int ac_interception(struct kvm_vcpu *vcpu)
2067 kvm_queue_exception_e(vcpu, AC_VECTOR, 0);
2071 static bool is_erratum_383(void)
2076 if (!erratum_383_found)
2079 value = native_read_msr_safe(MSR_IA32_MC0_STATUS, &err);
2083 /* Bit 62 may or may not be set for this mce */
2084 value &= ~(1ULL << 62);
2086 if (value != 0xb600000000010015ULL)
2089 /* Clear MCi_STATUS registers */
2090 for (i = 0; i < 6; ++i)
2091 native_write_msr_safe(MSR_IA32_MCx_STATUS(i), 0, 0);
2093 value = native_read_msr_safe(MSR_IA32_MCG_STATUS, &err);
2097 value &= ~(1ULL << 2);
2098 low = lower_32_bits(value);
2099 high = upper_32_bits(value);
2101 native_write_msr_safe(MSR_IA32_MCG_STATUS, low, high);
2104 /* Flush tlb to evict multi-match entries */
2110 static void svm_handle_mce(struct kvm_vcpu *vcpu)
2112 if (is_erratum_383()) {
2114 * Erratum 383 triggered. Guest state is corrupt so kill the
2117 pr_err("Guest triggered AMD Erratum 383\n");
2119 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
2125 * On an #MC intercept the MCE handler is not called automatically in
2126 * the host. So do it by hand here.
2128 kvm_machine_check();
2131 static int mc_interception(struct kvm_vcpu *vcpu)
2136 static int shutdown_interception(struct kvm_vcpu *vcpu)
2138 struct kvm_run *kvm_run = vcpu->run;
2139 struct vcpu_svm *svm = to_svm(vcpu);
2142 * The VM save area has already been encrypted so it
2143 * cannot be reinitialized - just terminate.
2145 if (sev_es_guest(vcpu->kvm))
2149 * VMCB is undefined after a SHUTDOWN intercept. INIT the vCPU to put
2150 * the VMCB in a known good state. Unfortuately, KVM doesn't have
2151 * KVM_MP_STATE_SHUTDOWN and can't add it without potentially breaking
2152 * userspace. At a platform view, INIT is acceptable behavior as
2153 * there exist bare metal platforms that automatically INIT the CPU
2154 * in response to shutdown.
2156 clear_page(svm->vmcb);
2157 kvm_vcpu_reset(vcpu, true);
2159 kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
2163 static int io_interception(struct kvm_vcpu *vcpu)
2165 struct vcpu_svm *svm = to_svm(vcpu);
2166 u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
2167 int size, in, string;
2170 ++vcpu->stat.io_exits;
2171 string = (io_info & SVM_IOIO_STR_MASK) != 0;
2172 in = (io_info & SVM_IOIO_TYPE_MASK) != 0;
2173 port = io_info >> 16;
2174 size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
2177 if (sev_es_guest(vcpu->kvm))
2178 return sev_es_string_io(svm, size, port, in);
2180 return kvm_emulate_instruction(vcpu, 0);
2183 svm->next_rip = svm->vmcb->control.exit_info_2;
2185 return kvm_fast_pio(vcpu, size, port, in);
2188 static int nmi_interception(struct kvm_vcpu *vcpu)
2193 static int smi_interception(struct kvm_vcpu *vcpu)
2198 static int intr_interception(struct kvm_vcpu *vcpu)
2200 ++vcpu->stat.irq_exits;
2204 static int vmload_vmsave_interception(struct kvm_vcpu *vcpu, bool vmload)
2206 struct vcpu_svm *svm = to_svm(vcpu);
2207 struct vmcb *vmcb12;
2208 struct kvm_host_map map;
2211 if (nested_svm_check_permissions(vcpu))
2214 ret = kvm_vcpu_map(vcpu, gpa_to_gfn(svm->vmcb->save.rax), &map);
2217 kvm_inject_gp(vcpu, 0);
2223 ret = kvm_skip_emulated_instruction(vcpu);
2226 svm_copy_vmloadsave_state(svm->vmcb, vmcb12);
2227 svm->sysenter_eip_hi = 0;
2228 svm->sysenter_esp_hi = 0;
2230 svm_copy_vmloadsave_state(vmcb12, svm->vmcb);
2233 kvm_vcpu_unmap(vcpu, &map, true);
2238 static int vmload_interception(struct kvm_vcpu *vcpu)
2240 return vmload_vmsave_interception(vcpu, true);
2243 static int vmsave_interception(struct kvm_vcpu *vcpu)
2245 return vmload_vmsave_interception(vcpu, false);
2248 static int vmrun_interception(struct kvm_vcpu *vcpu)
2250 if (nested_svm_check_permissions(vcpu))
2253 return nested_svm_vmrun(vcpu);
2263 /* Return NONE_SVM_INSTR if not SVM instrs, otherwise return decode result */
2264 static int svm_instr_opcode(struct kvm_vcpu *vcpu)
2266 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
2268 if (ctxt->b != 0x1 || ctxt->opcode_len != 2)
2269 return NONE_SVM_INSTR;
2271 switch (ctxt->modrm) {
2272 case 0xd8: /* VMRUN */
2273 return SVM_INSTR_VMRUN;
2274 case 0xda: /* VMLOAD */
2275 return SVM_INSTR_VMLOAD;
2276 case 0xdb: /* VMSAVE */
2277 return SVM_INSTR_VMSAVE;
2282 return NONE_SVM_INSTR;
2285 static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode)
2287 const int guest_mode_exit_codes[] = {
2288 [SVM_INSTR_VMRUN] = SVM_EXIT_VMRUN,
2289 [SVM_INSTR_VMLOAD] = SVM_EXIT_VMLOAD,
2290 [SVM_INSTR_VMSAVE] = SVM_EXIT_VMSAVE,
2292 int (*const svm_instr_handlers[])(struct kvm_vcpu *vcpu) = {
2293 [SVM_INSTR_VMRUN] = vmrun_interception,
2294 [SVM_INSTR_VMLOAD] = vmload_interception,
2295 [SVM_INSTR_VMSAVE] = vmsave_interception,
2297 struct vcpu_svm *svm = to_svm(vcpu);
2300 if (is_guest_mode(vcpu)) {
2301 /* Returns '1' or -errno on failure, '0' on success. */
2302 ret = nested_svm_simple_vmexit(svm, guest_mode_exit_codes[opcode]);
2307 return svm_instr_handlers[opcode](vcpu);
2311 * #GP handling code. Note that #GP can be triggered under the following two
2313 * 1) SVM VM-related instructions (VMRUN/VMSAVE/VMLOAD) that trigger #GP on
2314 * some AMD CPUs when EAX of these instructions are in the reserved memory
2315 * regions (e.g. SMM memory on host).
2316 * 2) VMware backdoor
2318 static int gp_interception(struct kvm_vcpu *vcpu)
2320 struct vcpu_svm *svm = to_svm(vcpu);
2321 u32 error_code = svm->vmcb->control.exit_info_1;
2324 /* Both #GP cases have zero error_code */
2328 /* Decode the instruction for usage later */
2329 if (x86_decode_emulated_instruction(vcpu, 0, NULL, 0) != EMULATION_OK)
2332 opcode = svm_instr_opcode(vcpu);
2334 if (opcode == NONE_SVM_INSTR) {
2335 if (!enable_vmware_backdoor)
2339 * VMware backdoor emulation on #GP interception only handles
2340 * IN{S}, OUT{S}, and RDPMC.
2342 if (!is_guest_mode(vcpu))
2343 return kvm_emulate_instruction(vcpu,
2344 EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
2346 /* All SVM instructions expect page aligned RAX */
2347 if (svm->vmcb->save.rax & ~PAGE_MASK)
2350 return emulate_svm_instr(vcpu, opcode);
2354 kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
2358 void svm_set_gif(struct vcpu_svm *svm, bool value)
2362 * If VGIF is enabled, the STGI intercept is only added to
2363 * detect the opening of the SMI/NMI window; remove it now.
2364 * Likewise, clear the VINTR intercept, we will set it
2365 * again while processing KVM_REQ_EVENT if needed.
2368 svm_clr_intercept(svm, INTERCEPT_STGI);
2369 if (svm_is_intercept(svm, INTERCEPT_VINTR))
2370 svm_clear_vintr(svm);
2373 if (svm->vcpu.arch.smi_pending ||
2374 svm->vcpu.arch.nmi_pending ||
2375 kvm_cpu_has_injectable_intr(&svm->vcpu) ||
2376 kvm_apic_has_pending_init_or_sipi(&svm->vcpu))
2377 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
2382 * After a CLGI no interrupts should come. But if vGIF is
2383 * in use, we still rely on the VINTR intercept (rather than
2384 * STGI) to detect an open interrupt window.
2387 svm_clear_vintr(svm);
2391 static int stgi_interception(struct kvm_vcpu *vcpu)
2395 if (nested_svm_check_permissions(vcpu))
2398 ret = kvm_skip_emulated_instruction(vcpu);
2399 svm_set_gif(to_svm(vcpu), true);
2403 static int clgi_interception(struct kvm_vcpu *vcpu)
2407 if (nested_svm_check_permissions(vcpu))
2410 ret = kvm_skip_emulated_instruction(vcpu);
2411 svm_set_gif(to_svm(vcpu), false);
2415 static int invlpga_interception(struct kvm_vcpu *vcpu)
2417 gva_t gva = kvm_rax_read(vcpu);
2418 u32 asid = kvm_rcx_read(vcpu);
2420 /* FIXME: Handle an address size prefix. */
2421 if (!is_long_mode(vcpu))
2424 trace_kvm_invlpga(to_svm(vcpu)->vmcb->save.rip, asid, gva);
2426 /* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
2427 kvm_mmu_invlpg(vcpu, gva);
2429 return kvm_skip_emulated_instruction(vcpu);
2432 static int skinit_interception(struct kvm_vcpu *vcpu)
2434 trace_kvm_skinit(to_svm(vcpu)->vmcb->save.rip, kvm_rax_read(vcpu));
2436 kvm_queue_exception(vcpu, UD_VECTOR);
2440 static int task_switch_interception(struct kvm_vcpu *vcpu)
2442 struct vcpu_svm *svm = to_svm(vcpu);
2445 int int_type = svm->vmcb->control.exit_int_info &
2446 SVM_EXITINTINFO_TYPE_MASK;
2447 int int_vec = svm->vmcb->control.exit_int_info & SVM_EVTINJ_VEC_MASK;
2449 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_TYPE_MASK;
2451 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID;
2452 bool has_error_code = false;
2455 tss_selector = (u16)svm->vmcb->control.exit_info_1;
2457 if (svm->vmcb->control.exit_info_2 &
2458 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_IRET))
2459 reason = TASK_SWITCH_IRET;
2460 else if (svm->vmcb->control.exit_info_2 &
2461 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
2462 reason = TASK_SWITCH_JMP;
2464 reason = TASK_SWITCH_GATE;
2466 reason = TASK_SWITCH_CALL;
2468 if (reason == TASK_SWITCH_GATE) {
2470 case SVM_EXITINTINFO_TYPE_NMI:
2471 vcpu->arch.nmi_injected = false;
2473 case SVM_EXITINTINFO_TYPE_EXEPT:
2474 if (svm->vmcb->control.exit_info_2 &
2475 (1ULL << SVM_EXITINFOSHIFT_TS_HAS_ERROR_CODE)) {
2476 has_error_code = true;
2478 (u32)svm->vmcb->control.exit_info_2;
2480 kvm_clear_exception_queue(vcpu);
2482 case SVM_EXITINTINFO_TYPE_INTR:
2483 case SVM_EXITINTINFO_TYPE_SOFT:
2484 kvm_clear_interrupt_queue(vcpu);
2491 if (reason != TASK_SWITCH_GATE ||
2492 int_type == SVM_EXITINTINFO_TYPE_SOFT ||
2493 (int_type == SVM_EXITINTINFO_TYPE_EXEPT &&
2494 (int_vec == OF_VECTOR || int_vec == BP_VECTOR))) {
2495 if (!svm_skip_emulated_instruction(vcpu))
2499 if (int_type != SVM_EXITINTINFO_TYPE_SOFT)
2502 return kvm_task_switch(vcpu, tss_selector, int_vec, reason,
2503 has_error_code, error_code);
2506 static void svm_clr_iret_intercept(struct vcpu_svm *svm)
2508 if (!sev_es_guest(svm->vcpu.kvm))
2509 svm_clr_intercept(svm, INTERCEPT_IRET);
2512 static void svm_set_iret_intercept(struct vcpu_svm *svm)
2514 if (!sev_es_guest(svm->vcpu.kvm))
2515 svm_set_intercept(svm, INTERCEPT_IRET);
2518 static int iret_interception(struct kvm_vcpu *vcpu)
2520 struct vcpu_svm *svm = to_svm(vcpu);
2522 WARN_ON_ONCE(sev_es_guest(vcpu->kvm));
2524 ++vcpu->stat.nmi_window_exits;
2525 svm->awaiting_iret_completion = true;
2527 svm_clr_iret_intercept(svm);
2528 svm->nmi_iret_rip = kvm_rip_read(vcpu);
2530 kvm_make_request(KVM_REQ_EVENT, vcpu);
2534 static int invlpg_interception(struct kvm_vcpu *vcpu)
2536 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
2537 return kvm_emulate_instruction(vcpu, 0);
2539 kvm_mmu_invlpg(vcpu, to_svm(vcpu)->vmcb->control.exit_info_1);
2540 return kvm_skip_emulated_instruction(vcpu);
2543 static int emulate_on_interception(struct kvm_vcpu *vcpu)
2545 return kvm_emulate_instruction(vcpu, 0);
2548 static int rsm_interception(struct kvm_vcpu *vcpu)
2550 return kvm_emulate_instruction_from_buffer(vcpu, rsm_ins_bytes, 2);
2553 static bool check_selective_cr0_intercepted(struct kvm_vcpu *vcpu,
2556 struct vcpu_svm *svm = to_svm(vcpu);
2557 unsigned long cr0 = vcpu->arch.cr0;
2560 if (!is_guest_mode(vcpu) ||
2561 (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_SELECTIVE_CR0))))
2564 cr0 &= ~SVM_CR0_SELECTIVE_MASK;
2565 val &= ~SVM_CR0_SELECTIVE_MASK;
2568 svm->vmcb->control.exit_code = SVM_EXIT_CR0_SEL_WRITE;
2569 ret = (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE);
2575 #define CR_VALID (1ULL << 63)
2577 static int cr_interception(struct kvm_vcpu *vcpu)
2579 struct vcpu_svm *svm = to_svm(vcpu);
2584 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
2585 return emulate_on_interception(vcpu);
2587 if (unlikely((svm->vmcb->control.exit_info_1 & CR_VALID) == 0))
2588 return emulate_on_interception(vcpu);
2590 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
2591 if (svm->vmcb->control.exit_code == SVM_EXIT_CR0_SEL_WRITE)
2592 cr = SVM_EXIT_WRITE_CR0 - SVM_EXIT_READ_CR0;
2594 cr = svm->vmcb->control.exit_code - SVM_EXIT_READ_CR0;
2597 if (cr >= 16) { /* mov to cr */
2599 val = kvm_register_read(vcpu, reg);
2600 trace_kvm_cr_write(cr, val);
2603 if (!check_selective_cr0_intercepted(vcpu, val))
2604 err = kvm_set_cr0(vcpu, val);
2610 err = kvm_set_cr3(vcpu, val);
2613 err = kvm_set_cr4(vcpu, val);
2616 err = kvm_set_cr8(vcpu, val);
2619 WARN(1, "unhandled write to CR%d", cr);
2620 kvm_queue_exception(vcpu, UD_VECTOR);
2623 } else { /* mov from cr */
2626 val = kvm_read_cr0(vcpu);
2629 val = vcpu->arch.cr2;
2632 val = kvm_read_cr3(vcpu);
2635 val = kvm_read_cr4(vcpu);
2638 val = kvm_get_cr8(vcpu);
2641 WARN(1, "unhandled read from CR%d", cr);
2642 kvm_queue_exception(vcpu, UD_VECTOR);
2645 kvm_register_write(vcpu, reg, val);
2646 trace_kvm_cr_read(cr, val);
2648 return kvm_complete_insn_gp(vcpu, err);
2651 static int cr_trap(struct kvm_vcpu *vcpu)
2653 struct vcpu_svm *svm = to_svm(vcpu);
2654 unsigned long old_value, new_value;
2658 new_value = (unsigned long)svm->vmcb->control.exit_info_1;
2660 cr = svm->vmcb->control.exit_code - SVM_EXIT_CR0_WRITE_TRAP;
2663 old_value = kvm_read_cr0(vcpu);
2664 svm_set_cr0(vcpu, new_value);
2666 kvm_post_set_cr0(vcpu, old_value, new_value);
2669 old_value = kvm_read_cr4(vcpu);
2670 svm_set_cr4(vcpu, new_value);
2672 kvm_post_set_cr4(vcpu, old_value, new_value);
2675 ret = kvm_set_cr8(vcpu, new_value);
2678 WARN(1, "unhandled CR%d write trap", cr);
2679 kvm_queue_exception(vcpu, UD_VECTOR);
2683 return kvm_complete_insn_gp(vcpu, ret);
2686 static int dr_interception(struct kvm_vcpu *vcpu)
2688 struct vcpu_svm *svm = to_svm(vcpu);
2694 * SEV-ES intercepts DR7 only to disable guest debugging and the guest issues a VMGEXIT
2695 * for DR7 write only. KVM cannot change DR7 (always swapped as type 'A') so return early.
2697 if (sev_es_guest(vcpu->kvm))
2700 if (vcpu->guest_debug == 0) {
2702 * No more DR vmexits; force a reload of the debug registers
2703 * and reenter on this instruction. The next vmexit will
2704 * retrieve the full state of the debug registers.
2706 clr_dr_intercepts(svm);
2707 vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
2711 if (!boot_cpu_has(X86_FEATURE_DECODEASSISTS))
2712 return emulate_on_interception(vcpu);
2714 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
2715 dr = svm->vmcb->control.exit_code - SVM_EXIT_READ_DR0;
2716 if (dr >= 16) { /* mov to DRn */
2718 val = kvm_register_read(vcpu, reg);
2719 err = kvm_set_dr(vcpu, dr, val);
2721 kvm_get_dr(vcpu, dr, &val);
2722 kvm_register_write(vcpu, reg, val);
2725 return kvm_complete_insn_gp(vcpu, err);
2728 static int cr8_write_interception(struct kvm_vcpu *vcpu)
2732 u8 cr8_prev = kvm_get_cr8(vcpu);
2733 /* instruction emulation calls kvm_set_cr8() */
2734 r = cr_interception(vcpu);
2735 if (lapic_in_kernel(vcpu))
2737 if (cr8_prev <= kvm_get_cr8(vcpu))
2739 vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
2743 static int efer_trap(struct kvm_vcpu *vcpu)
2745 struct msr_data msr_info;
2749 * Clear the EFER_SVME bit from EFER. The SVM code always sets this
2750 * bit in svm_set_efer(), but __kvm_valid_efer() checks it against
2751 * whether the guest has X86_FEATURE_SVM - this avoids a failure if
2752 * the guest doesn't have X86_FEATURE_SVM.
2754 msr_info.host_initiated = false;
2755 msr_info.index = MSR_EFER;
2756 msr_info.data = to_svm(vcpu)->vmcb->control.exit_info_1 & ~EFER_SVME;
2757 ret = kvm_set_msr_common(vcpu, &msr_info);
2759 return kvm_complete_insn_gp(vcpu, ret);
2762 static int svm_get_msr_feature(struct kvm_msr_entry *msr)
2766 switch (msr->index) {
2767 case MSR_AMD64_DE_CFG:
2768 if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC))
2769 msr->data |= MSR_AMD64_DE_CFG_LFENCE_SERIALIZE;
2772 return KVM_MSR_RET_INVALID;
2778 static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2780 struct vcpu_svm *svm = to_svm(vcpu);
2782 switch (msr_info->index) {
2783 case MSR_AMD64_TSC_RATIO:
2784 if (!msr_info->host_initiated && !svm->tsc_scaling_enabled)
2786 msr_info->data = svm->tsc_ratio_msr;
2789 msr_info->data = svm->vmcb01.ptr->save.star;
2791 #ifdef CONFIG_X86_64
2793 msr_info->data = svm->vmcb01.ptr->save.lstar;
2796 msr_info->data = svm->vmcb01.ptr->save.cstar;
2798 case MSR_KERNEL_GS_BASE:
2799 msr_info->data = svm->vmcb01.ptr->save.kernel_gs_base;
2801 case MSR_SYSCALL_MASK:
2802 msr_info->data = svm->vmcb01.ptr->save.sfmask;
2805 case MSR_IA32_SYSENTER_CS:
2806 msr_info->data = svm->vmcb01.ptr->save.sysenter_cs;
2808 case MSR_IA32_SYSENTER_EIP:
2809 msr_info->data = (u32)svm->vmcb01.ptr->save.sysenter_eip;
2810 if (guest_cpuid_is_intel(vcpu))
2811 msr_info->data |= (u64)svm->sysenter_eip_hi << 32;
2813 case MSR_IA32_SYSENTER_ESP:
2814 msr_info->data = svm->vmcb01.ptr->save.sysenter_esp;
2815 if (guest_cpuid_is_intel(vcpu))
2816 msr_info->data |= (u64)svm->sysenter_esp_hi << 32;
2819 msr_info->data = svm->tsc_aux;
2821 case MSR_IA32_DEBUGCTLMSR:
2822 msr_info->data = svm_get_lbr_vmcb(svm)->save.dbgctl;
2824 case MSR_IA32_LASTBRANCHFROMIP:
2825 msr_info->data = svm_get_lbr_vmcb(svm)->save.br_from;
2827 case MSR_IA32_LASTBRANCHTOIP:
2828 msr_info->data = svm_get_lbr_vmcb(svm)->save.br_to;
2830 case MSR_IA32_LASTINTFROMIP:
2831 msr_info->data = svm_get_lbr_vmcb(svm)->save.last_excp_from;
2833 case MSR_IA32_LASTINTTOIP:
2834 msr_info->data = svm_get_lbr_vmcb(svm)->save.last_excp_to;
2836 case MSR_VM_HSAVE_PA:
2837 msr_info->data = svm->nested.hsave_msr;
2840 msr_info->data = svm->nested.vm_cr_msr;
2842 case MSR_IA32_SPEC_CTRL:
2843 if (!msr_info->host_initiated &&
2844 !guest_has_spec_ctrl_msr(vcpu))
2847 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
2848 msr_info->data = svm->vmcb->save.spec_ctrl;
2850 msr_info->data = svm->spec_ctrl;
2852 case MSR_AMD64_VIRT_SPEC_CTRL:
2853 if (!msr_info->host_initiated &&
2854 !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
2857 msr_info->data = svm->virt_spec_ctrl;
2859 case MSR_F15H_IC_CFG: {
2863 family = guest_cpuid_family(vcpu);
2864 model = guest_cpuid_model(vcpu);
2866 if (family < 0 || model < 0)
2867 return kvm_get_msr_common(vcpu, msr_info);
2871 if (family == 0x15 &&
2872 (model >= 0x2 && model < 0x20))
2873 msr_info->data = 0x1E;
2876 case MSR_AMD64_DE_CFG:
2877 msr_info->data = svm->msr_decfg;
2880 return kvm_get_msr_common(vcpu, msr_info);
2885 static int svm_complete_emulated_msr(struct kvm_vcpu *vcpu, int err)
2887 struct vcpu_svm *svm = to_svm(vcpu);
2888 if (!err || !sev_es_guest(vcpu->kvm) || WARN_ON_ONCE(!svm->sev_es.ghcb))
2889 return kvm_complete_insn_gp(vcpu, err);
2891 ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 1);
2892 ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
2894 SVM_EVTINJ_TYPE_EXEPT |
2899 static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
2901 struct vcpu_svm *svm = to_svm(vcpu);
2902 int svm_dis, chg_mask;
2904 if (data & ~SVM_VM_CR_VALID_MASK)
2907 chg_mask = SVM_VM_CR_VALID_MASK;
2909 if (svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK)
2910 chg_mask &= ~(SVM_VM_CR_SVM_LOCK_MASK | SVM_VM_CR_SVM_DIS_MASK);
2912 svm->nested.vm_cr_msr &= ~chg_mask;
2913 svm->nested.vm_cr_msr |= (data & chg_mask);
2915 svm_dis = svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK;
2917 /* check for svm_disable while efer.svme is set */
2918 if (svm_dis && (vcpu->arch.efer & EFER_SVME))
2924 static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
2926 struct vcpu_svm *svm = to_svm(vcpu);
2929 u32 ecx = msr->index;
2930 u64 data = msr->data;
2932 case MSR_AMD64_TSC_RATIO:
2934 if (!svm->tsc_scaling_enabled) {
2936 if (!msr->host_initiated)
2939 * In case TSC scaling is not enabled, always
2940 * leave this MSR at the default value.
2942 * Due to bug in qemu 6.2.0, it would try to set
2943 * this msr to 0 if tsc scaling is not enabled.
2944 * Ignore this value as well.
2946 if (data != 0 && data != svm->tsc_ratio_msr)
2951 if (data & SVM_TSC_RATIO_RSVD)
2954 svm->tsc_ratio_msr = data;
2956 if (svm->tsc_scaling_enabled && is_guest_mode(vcpu))
2957 nested_svm_update_tsc_ratio_msr(vcpu);
2960 case MSR_IA32_CR_PAT:
2961 ret = kvm_set_msr_common(vcpu, msr);
2965 svm->vmcb01.ptr->save.g_pat = data;
2966 if (is_guest_mode(vcpu))
2967 nested_vmcb02_compute_g_pat(svm);
2968 vmcb_mark_dirty(svm->vmcb, VMCB_NPT);
2970 case MSR_IA32_SPEC_CTRL:
2971 if (!msr->host_initiated &&
2972 !guest_has_spec_ctrl_msr(vcpu))
2975 if (kvm_spec_ctrl_test_value(data))
2978 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
2979 svm->vmcb->save.spec_ctrl = data;
2981 svm->spec_ctrl = data;
2987 * When it's written (to non-zero) for the first time, pass
2991 * The handling of the MSR bitmap for L2 guests is done in
2992 * nested_svm_vmrun_msrpm.
2993 * We update the L1 MSR bit as well since it will end up
2994 * touching the MSR anyway now.
2996 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
2998 case MSR_AMD64_VIRT_SPEC_CTRL:
2999 if (!msr->host_initiated &&
3000 !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
3003 if (data & ~SPEC_CTRL_SSBD)
3006 svm->virt_spec_ctrl = data;
3009 svm->vmcb01.ptr->save.star = data;
3011 #ifdef CONFIG_X86_64
3013 svm->vmcb01.ptr->save.lstar = data;
3016 svm->vmcb01.ptr->save.cstar = data;
3018 case MSR_KERNEL_GS_BASE:
3019 svm->vmcb01.ptr->save.kernel_gs_base = data;
3021 case MSR_SYSCALL_MASK:
3022 svm->vmcb01.ptr->save.sfmask = data;
3025 case MSR_IA32_SYSENTER_CS:
3026 svm->vmcb01.ptr->save.sysenter_cs = data;
3028 case MSR_IA32_SYSENTER_EIP:
3029 svm->vmcb01.ptr->save.sysenter_eip = (u32)data;
3031 * We only intercept the MSR_IA32_SYSENTER_{EIP|ESP} msrs
3032 * when we spoof an Intel vendor ID (for cross vendor migration).
3033 * In this case we use this intercept to track the high
3034 * 32 bit part of these msrs to support Intel's
3035 * implementation of SYSENTER/SYSEXIT.
3037 svm->sysenter_eip_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
3039 case MSR_IA32_SYSENTER_ESP:
3040 svm->vmcb01.ptr->save.sysenter_esp = (u32)data;
3041 svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
3045 * TSC_AUX is usually changed only during boot and never read
3046 * directly. Intercept TSC_AUX instead of exposing it to the
3047 * guest via direct_access_msrs, and switch it via user return.
3050 ret = kvm_set_user_return_msr(tsc_aux_uret_slot, data, -1ull);
3055 svm->tsc_aux = data;
3057 case MSR_IA32_DEBUGCTLMSR:
3059 kvm_pr_unimpl_wrmsr(vcpu, ecx, data);
3062 if (data & DEBUGCTL_RESERVED_BITS)
3065 svm_get_lbr_vmcb(svm)->save.dbgctl = data;
3066 svm_update_lbrv(vcpu);
3068 case MSR_VM_HSAVE_PA:
3070 * Old kernels did not validate the value written to
3071 * MSR_VM_HSAVE_PA. Allow KVM_SET_MSR to set an invalid
3072 * value to allow live migrating buggy or malicious guests
3073 * originating from those kernels.
3075 if (!msr->host_initiated && !page_address_valid(vcpu, data))
3078 svm->nested.hsave_msr = data & PAGE_MASK;
3081 return svm_set_vm_cr(vcpu, data);
3083 kvm_pr_unimpl_wrmsr(vcpu, ecx, data);
3085 case MSR_AMD64_DE_CFG: {
3086 struct kvm_msr_entry msr_entry;
3088 msr_entry.index = msr->index;
3089 if (svm_get_msr_feature(&msr_entry))
3092 /* Check the supported bits */
3093 if (data & ~msr_entry.data)
3096 /* Don't allow the guest to change a bit, #GP */
3097 if (!msr->host_initiated && (data ^ msr_entry.data))
3100 svm->msr_decfg = data;
3104 return kvm_set_msr_common(vcpu, msr);
3109 static int msr_interception(struct kvm_vcpu *vcpu)
3111 if (to_svm(vcpu)->vmcb->control.exit_info_1)
3112 return kvm_emulate_wrmsr(vcpu);
3114 return kvm_emulate_rdmsr(vcpu);
3117 static int interrupt_window_interception(struct kvm_vcpu *vcpu)
3119 kvm_make_request(KVM_REQ_EVENT, vcpu);
3120 svm_clear_vintr(to_svm(vcpu));
3123 * If not running nested, for AVIC, the only reason to end up here is ExtINTs.
3124 * In this case AVIC was temporarily disabled for
3125 * requesting the IRQ window and we have to re-enable it.
3127 * If running nested, still remove the VM wide AVIC inhibit to
3128 * support case in which the interrupt window was requested when the
3129 * vCPU was not running nested.
3131 * All vCPUs which run still run nested, will remain to have their
3132 * AVIC still inhibited due to per-cpu AVIC inhibition.
3134 kvm_clear_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_IRQWIN);
3136 ++vcpu->stat.irq_window_exits;
3140 static int pause_interception(struct kvm_vcpu *vcpu)
3144 * CPL is not made available for an SEV-ES guest, therefore
3145 * vcpu->arch.preempted_in_kernel can never be true. Just
3146 * set in_kernel to false as well.
3148 in_kernel = !sev_es_guest(vcpu->kvm) && svm_get_cpl(vcpu) == 0;
3150 grow_ple_window(vcpu);
3152 kvm_vcpu_on_spin(vcpu, in_kernel);
3153 return kvm_skip_emulated_instruction(vcpu);
3156 static int invpcid_interception(struct kvm_vcpu *vcpu)
3158 struct vcpu_svm *svm = to_svm(vcpu);
3162 if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) {
3163 kvm_queue_exception(vcpu, UD_VECTOR);
3168 * For an INVPCID intercept:
3169 * EXITINFO1 provides the linear address of the memory operand.
3170 * EXITINFO2 provides the contents of the register operand.
3172 type = svm->vmcb->control.exit_info_2;
3173 gva = svm->vmcb->control.exit_info_1;
3175 return kvm_handle_invpcid(vcpu, type, gva);
3178 static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = {
3179 [SVM_EXIT_READ_CR0] = cr_interception,
3180 [SVM_EXIT_READ_CR3] = cr_interception,
3181 [SVM_EXIT_READ_CR4] = cr_interception,
3182 [SVM_EXIT_READ_CR8] = cr_interception,
3183 [SVM_EXIT_CR0_SEL_WRITE] = cr_interception,
3184 [SVM_EXIT_WRITE_CR0] = cr_interception,
3185 [SVM_EXIT_WRITE_CR3] = cr_interception,
3186 [SVM_EXIT_WRITE_CR4] = cr_interception,
3187 [SVM_EXIT_WRITE_CR8] = cr8_write_interception,
3188 [SVM_EXIT_READ_DR0] = dr_interception,
3189 [SVM_EXIT_READ_DR1] = dr_interception,
3190 [SVM_EXIT_READ_DR2] = dr_interception,
3191 [SVM_EXIT_READ_DR3] = dr_interception,
3192 [SVM_EXIT_READ_DR4] = dr_interception,
3193 [SVM_EXIT_READ_DR5] = dr_interception,
3194 [SVM_EXIT_READ_DR6] = dr_interception,
3195 [SVM_EXIT_READ_DR7] = dr_interception,
3196 [SVM_EXIT_WRITE_DR0] = dr_interception,
3197 [SVM_EXIT_WRITE_DR1] = dr_interception,
3198 [SVM_EXIT_WRITE_DR2] = dr_interception,
3199 [SVM_EXIT_WRITE_DR3] = dr_interception,
3200 [SVM_EXIT_WRITE_DR4] = dr_interception,
3201 [SVM_EXIT_WRITE_DR5] = dr_interception,
3202 [SVM_EXIT_WRITE_DR6] = dr_interception,
3203 [SVM_EXIT_WRITE_DR7] = dr_interception,
3204 [SVM_EXIT_EXCP_BASE + DB_VECTOR] = db_interception,
3205 [SVM_EXIT_EXCP_BASE + BP_VECTOR] = bp_interception,
3206 [SVM_EXIT_EXCP_BASE + UD_VECTOR] = ud_interception,
3207 [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
3208 [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
3209 [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
3210 [SVM_EXIT_EXCP_BASE + GP_VECTOR] = gp_interception,
3211 [SVM_EXIT_INTR] = intr_interception,
3212 [SVM_EXIT_NMI] = nmi_interception,
3213 [SVM_EXIT_SMI] = smi_interception,
3214 [SVM_EXIT_VINTR] = interrupt_window_interception,
3215 [SVM_EXIT_RDPMC] = kvm_emulate_rdpmc,
3216 [SVM_EXIT_CPUID] = kvm_emulate_cpuid,
3217 [SVM_EXIT_IRET] = iret_interception,
3218 [SVM_EXIT_INVD] = kvm_emulate_invd,
3219 [SVM_EXIT_PAUSE] = pause_interception,
3220 [SVM_EXIT_HLT] = kvm_emulate_halt,
3221 [SVM_EXIT_INVLPG] = invlpg_interception,
3222 [SVM_EXIT_INVLPGA] = invlpga_interception,
3223 [SVM_EXIT_IOIO] = io_interception,
3224 [SVM_EXIT_MSR] = msr_interception,
3225 [SVM_EXIT_TASK_SWITCH] = task_switch_interception,
3226 [SVM_EXIT_SHUTDOWN] = shutdown_interception,
3227 [SVM_EXIT_VMRUN] = vmrun_interception,
3228 [SVM_EXIT_VMMCALL] = kvm_emulate_hypercall,
3229 [SVM_EXIT_VMLOAD] = vmload_interception,
3230 [SVM_EXIT_VMSAVE] = vmsave_interception,
3231 [SVM_EXIT_STGI] = stgi_interception,
3232 [SVM_EXIT_CLGI] = clgi_interception,
3233 [SVM_EXIT_SKINIT] = skinit_interception,
3234 [SVM_EXIT_RDTSCP] = kvm_handle_invalid_op,
3235 [SVM_EXIT_WBINVD] = kvm_emulate_wbinvd,
3236 [SVM_EXIT_MONITOR] = kvm_emulate_monitor,
3237 [SVM_EXIT_MWAIT] = kvm_emulate_mwait,
3238 [SVM_EXIT_XSETBV] = kvm_emulate_xsetbv,
3239 [SVM_EXIT_RDPRU] = kvm_handle_invalid_op,
3240 [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap,
3241 [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap,
3242 [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap,
3243 [SVM_EXIT_CR8_WRITE_TRAP] = cr_trap,
3244 [SVM_EXIT_INVPCID] = invpcid_interception,
3245 [SVM_EXIT_NPF] = npf_interception,
3246 [SVM_EXIT_RSM] = rsm_interception,
3247 [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception,
3248 [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception,
3249 [SVM_EXIT_VMGEXIT] = sev_handle_vmgexit,
3252 static void dump_vmcb(struct kvm_vcpu *vcpu)
3254 struct vcpu_svm *svm = to_svm(vcpu);
3255 struct vmcb_control_area *control = &svm->vmcb->control;
3256 struct vmcb_save_area *save = &svm->vmcb->save;
3257 struct vmcb_save_area *save01 = &svm->vmcb01.ptr->save;
3259 if (!dump_invalid_vmcb) {
3260 pr_warn_ratelimited("set kvm_amd.dump_invalid_vmcb=1 to dump internal KVM state.\n");
3264 pr_err("VMCB %p, last attempted VMRUN on CPU %d\n",
3265 svm->current_vmcb->ptr, vcpu->arch.last_vmentry_cpu);
3266 pr_err("VMCB Control Area:\n");
3267 pr_err("%-20s%04x\n", "cr_read:", control->intercepts[INTERCEPT_CR] & 0xffff);
3268 pr_err("%-20s%04x\n", "cr_write:", control->intercepts[INTERCEPT_CR] >> 16);
3269 pr_err("%-20s%04x\n", "dr_read:", control->intercepts[INTERCEPT_DR] & 0xffff);
3270 pr_err("%-20s%04x\n", "dr_write:", control->intercepts[INTERCEPT_DR] >> 16);
3271 pr_err("%-20s%08x\n", "exceptions:", control->intercepts[INTERCEPT_EXCEPTION]);
3272 pr_err("%-20s%08x %08x\n", "intercepts:",
3273 control->intercepts[INTERCEPT_WORD3],
3274 control->intercepts[INTERCEPT_WORD4]);
3275 pr_err("%-20s%d\n", "pause filter count:", control->pause_filter_count);
3276 pr_err("%-20s%d\n", "pause filter threshold:",
3277 control->pause_filter_thresh);
3278 pr_err("%-20s%016llx\n", "iopm_base_pa:", control->iopm_base_pa);
3279 pr_err("%-20s%016llx\n", "msrpm_base_pa:", control->msrpm_base_pa);
3280 pr_err("%-20s%016llx\n", "tsc_offset:", control->tsc_offset);
3281 pr_err("%-20s%d\n", "asid:", control->asid);
3282 pr_err("%-20s%d\n", "tlb_ctl:", control->tlb_ctl);
3283 pr_err("%-20s%08x\n", "int_ctl:", control->int_ctl);
3284 pr_err("%-20s%08x\n", "int_vector:", control->int_vector);
3285 pr_err("%-20s%08x\n", "int_state:", control->int_state);
3286 pr_err("%-20s%08x\n", "exit_code:", control->exit_code);
3287 pr_err("%-20s%016llx\n", "exit_info1:", control->exit_info_1);
3288 pr_err("%-20s%016llx\n", "exit_info2:", control->exit_info_2);
3289 pr_err("%-20s%08x\n", "exit_int_info:", control->exit_int_info);
3290 pr_err("%-20s%08x\n", "exit_int_info_err:", control->exit_int_info_err);
3291 pr_err("%-20s%lld\n", "nested_ctl:", control->nested_ctl);
3292 pr_err("%-20s%016llx\n", "nested_cr3:", control->nested_cr3);
3293 pr_err("%-20s%016llx\n", "avic_vapic_bar:", control->avic_vapic_bar);
3294 pr_err("%-20s%016llx\n", "ghcb:", control->ghcb_gpa);
3295 pr_err("%-20s%08x\n", "event_inj:", control->event_inj);
3296 pr_err("%-20s%08x\n", "event_inj_err:", control->event_inj_err);
3297 pr_err("%-20s%lld\n", "virt_ext:", control->virt_ext);
3298 pr_err("%-20s%016llx\n", "next_rip:", control->next_rip);
3299 pr_err("%-20s%016llx\n", "avic_backing_page:", control->avic_backing_page);
3300 pr_err("%-20s%016llx\n", "avic_logical_id:", control->avic_logical_id);
3301 pr_err("%-20s%016llx\n", "avic_physical_id:", control->avic_physical_id);
3302 pr_err("%-20s%016llx\n", "vmsa_pa:", control->vmsa_pa);
3303 pr_err("VMCB State Save Area:\n");
3304 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3306 save->es.selector, save->es.attrib,
3307 save->es.limit, save->es.base);
3308 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3310 save->cs.selector, save->cs.attrib,
3311 save->cs.limit, save->cs.base);
3312 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3314 save->ss.selector, save->ss.attrib,
3315 save->ss.limit, save->ss.base);
3316 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3318 save->ds.selector, save->ds.attrib,
3319 save->ds.limit, save->ds.base);
3320 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3322 save01->fs.selector, save01->fs.attrib,
3323 save01->fs.limit, save01->fs.base);
3324 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3326 save01->gs.selector, save01->gs.attrib,
3327 save01->gs.limit, save01->gs.base);
3328 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3330 save->gdtr.selector, save->gdtr.attrib,
3331 save->gdtr.limit, save->gdtr.base);
3332 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3334 save01->ldtr.selector, save01->ldtr.attrib,
3335 save01->ldtr.limit, save01->ldtr.base);
3336 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3338 save->idtr.selector, save->idtr.attrib,
3339 save->idtr.limit, save->idtr.base);
3340 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3342 save01->tr.selector, save01->tr.attrib,
3343 save01->tr.limit, save01->tr.base);
3344 pr_err("vmpl: %d cpl: %d efer: %016llx\n",
3345 save->vmpl, save->cpl, save->efer);
3346 pr_err("%-15s %016llx %-13s %016llx\n",
3347 "cr0:", save->cr0, "cr2:", save->cr2);
3348 pr_err("%-15s %016llx %-13s %016llx\n",
3349 "cr3:", save->cr3, "cr4:", save->cr4);
3350 pr_err("%-15s %016llx %-13s %016llx\n",
3351 "dr6:", save->dr6, "dr7:", save->dr7);
3352 pr_err("%-15s %016llx %-13s %016llx\n",
3353 "rip:", save->rip, "rflags:", save->rflags);
3354 pr_err("%-15s %016llx %-13s %016llx\n",
3355 "rsp:", save->rsp, "rax:", save->rax);
3356 pr_err("%-15s %016llx %-13s %016llx\n",
3357 "star:", save01->star, "lstar:", save01->lstar);
3358 pr_err("%-15s %016llx %-13s %016llx\n",
3359 "cstar:", save01->cstar, "sfmask:", save01->sfmask);
3360 pr_err("%-15s %016llx %-13s %016llx\n",
3361 "kernel_gs_base:", save01->kernel_gs_base,
3362 "sysenter_cs:", save01->sysenter_cs);
3363 pr_err("%-15s %016llx %-13s %016llx\n",
3364 "sysenter_esp:", save01->sysenter_esp,
3365 "sysenter_eip:", save01->sysenter_eip);
3366 pr_err("%-15s %016llx %-13s %016llx\n",
3367 "gpat:", save->g_pat, "dbgctl:", save->dbgctl);
3368 pr_err("%-15s %016llx %-13s %016llx\n",
3369 "br_from:", save->br_from, "br_to:", save->br_to);
3370 pr_err("%-15s %016llx %-13s %016llx\n",
3371 "excp_from:", save->last_excp_from,
3372 "excp_to:", save->last_excp_to);
3375 static bool svm_check_exit_valid(u64 exit_code)
3377 return (exit_code < ARRAY_SIZE(svm_exit_handlers) &&
3378 svm_exit_handlers[exit_code]);
3381 static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code)
3383 vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%llx\n", exit_code);
3385 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
3386 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
3387 vcpu->run->internal.ndata = 2;
3388 vcpu->run->internal.data[0] = exit_code;
3389 vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
3393 int svm_invoke_exit_handler(struct kvm_vcpu *vcpu, u64 exit_code)
3395 if (!svm_check_exit_valid(exit_code))
3396 return svm_handle_invalid_exit(vcpu, exit_code);
3398 #ifdef CONFIG_RETPOLINE
3399 if (exit_code == SVM_EXIT_MSR)
3400 return msr_interception(vcpu);
3401 else if (exit_code == SVM_EXIT_VINTR)
3402 return interrupt_window_interception(vcpu);
3403 else if (exit_code == SVM_EXIT_INTR)
3404 return intr_interception(vcpu);
3405 else if (exit_code == SVM_EXIT_HLT)
3406 return kvm_emulate_halt(vcpu);
3407 else if (exit_code == SVM_EXIT_NPF)
3408 return npf_interception(vcpu);
3410 return svm_exit_handlers[exit_code](vcpu);
3413 static void svm_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
3414 u64 *info1, u64 *info2,
3415 u32 *intr_info, u32 *error_code)
3417 struct vmcb_control_area *control = &to_svm(vcpu)->vmcb->control;
3419 *reason = control->exit_code;
3420 *info1 = control->exit_info_1;
3421 *info2 = control->exit_info_2;
3422 *intr_info = control->exit_int_info;
3423 if ((*intr_info & SVM_EXITINTINFO_VALID) &&
3424 (*intr_info & SVM_EXITINTINFO_VALID_ERR))
3425 *error_code = control->exit_int_info_err;
3430 static int svm_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
3432 struct vcpu_svm *svm = to_svm(vcpu);
3433 struct kvm_run *kvm_run = vcpu->run;
3434 u32 exit_code = svm->vmcb->control.exit_code;
3436 /* SEV-ES guests must use the CR write traps to track CR registers. */
3437 if (!sev_es_guest(vcpu->kvm)) {
3438 if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE))
3439 vcpu->arch.cr0 = svm->vmcb->save.cr0;
3441 vcpu->arch.cr3 = svm->vmcb->save.cr3;
3444 if (is_guest_mode(vcpu)) {
3447 trace_kvm_nested_vmexit(vcpu, KVM_ISA_SVM);
3449 vmexit = nested_svm_exit_special(svm);
3451 if (vmexit == NESTED_EXIT_CONTINUE)
3452 vmexit = nested_svm_exit_handled(svm);
3454 if (vmexit == NESTED_EXIT_DONE)
3458 if (svm->vmcb->control.exit_code == SVM_EXIT_ERR) {
3459 kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
3460 kvm_run->fail_entry.hardware_entry_failure_reason
3461 = svm->vmcb->control.exit_code;
3462 kvm_run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
3467 if (exit_fastpath != EXIT_FASTPATH_NONE)
3470 return svm_invoke_exit_handler(vcpu, exit_code);
3473 static void pre_svm_run(struct kvm_vcpu *vcpu)
3475 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
3476 struct vcpu_svm *svm = to_svm(vcpu);
3479 * If the previous vmrun of the vmcb occurred on a different physical
3480 * cpu, then mark the vmcb dirty and assign a new asid. Hardware's
3481 * vmcb clean bits are per logical CPU, as are KVM's asid assignments.
3483 if (unlikely(svm->current_vmcb->cpu != vcpu->cpu)) {
3484 svm->current_vmcb->asid_generation = 0;
3485 vmcb_mark_all_dirty(svm->vmcb);
3486 svm->current_vmcb->cpu = vcpu->cpu;
3489 if (sev_guest(vcpu->kvm))
3490 return pre_sev_run(svm, vcpu->cpu);
3492 /* FIXME: handle wraparound of asid_generation */
3493 if (svm->current_vmcb->asid_generation != sd->asid_generation)
3497 static void svm_inject_nmi(struct kvm_vcpu *vcpu)
3499 struct vcpu_svm *svm = to_svm(vcpu);
3501 svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI;
3503 if (svm->nmi_l1_to_l2)
3506 svm->nmi_masked = true;
3507 svm_set_iret_intercept(svm);
3508 ++vcpu->stat.nmi_injections;
3511 static bool svm_is_vnmi_pending(struct kvm_vcpu *vcpu)
3513 struct vcpu_svm *svm = to_svm(vcpu);
3515 if (!is_vnmi_enabled(svm))
3518 return !!(svm->vmcb->control.int_ctl & V_NMI_PENDING_MASK);
3521 static bool svm_set_vnmi_pending(struct kvm_vcpu *vcpu)
3523 struct vcpu_svm *svm = to_svm(vcpu);
3525 if (!is_vnmi_enabled(svm))
3528 if (svm->vmcb->control.int_ctl & V_NMI_PENDING_MASK)
3531 svm->vmcb->control.int_ctl |= V_NMI_PENDING_MASK;
3532 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
3535 * Because the pending NMI is serviced by hardware, KVM can't know when
3536 * the NMI is "injected", but for all intents and purposes, passing the
3537 * NMI off to hardware counts as injection.
3539 ++vcpu->stat.nmi_injections;
3544 static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
3546 struct vcpu_svm *svm = to_svm(vcpu);
3549 if (vcpu->arch.interrupt.soft) {
3550 if (svm_update_soft_interrupt_rip(vcpu))
3553 type = SVM_EVTINJ_TYPE_SOFT;
3555 type = SVM_EVTINJ_TYPE_INTR;
3558 trace_kvm_inj_virq(vcpu->arch.interrupt.nr,
3559 vcpu->arch.interrupt.soft, reinjected);
3560 ++vcpu->stat.irq_injections;
3562 svm->vmcb->control.event_inj = vcpu->arch.interrupt.nr |
3563 SVM_EVTINJ_VALID | type;
3566 void svm_complete_interrupt_delivery(struct kvm_vcpu *vcpu, int delivery_mode,
3567 int trig_mode, int vector)
3570 * apic->apicv_active must be read after vcpu->mode.
3571 * Pairs with smp_store_release in vcpu_enter_guest.
3573 bool in_guest_mode = (smp_load_acquire(&vcpu->mode) == IN_GUEST_MODE);
3575 /* Note, this is called iff the local APIC is in-kernel. */
3576 if (!READ_ONCE(vcpu->arch.apic->apicv_active)) {
3577 /* Process the interrupt via kvm_check_and_inject_events(). */
3578 kvm_make_request(KVM_REQ_EVENT, vcpu);
3579 kvm_vcpu_kick(vcpu);
3583 trace_kvm_apicv_accept_irq(vcpu->vcpu_id, delivery_mode, trig_mode, vector);
3584 if (in_guest_mode) {
3586 * Signal the doorbell to tell hardware to inject the IRQ. If
3587 * the vCPU exits the guest before the doorbell chimes, hardware
3588 * will automatically process AVIC interrupts at the next VMRUN.
3590 avic_ring_doorbell(vcpu);
3593 * Wake the vCPU if it was blocking. KVM will then detect the
3594 * pending IRQ when checking if the vCPU has a wake event.
3596 kvm_vcpu_wake_up(vcpu);
3600 static void svm_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
3601 int trig_mode, int vector)
3603 kvm_lapic_set_irr(vector, apic);
3606 * Pairs with the smp_mb_*() after setting vcpu->guest_mode in
3607 * vcpu_enter_guest() to ensure the write to the vIRR is ordered before
3608 * the read of guest_mode. This guarantees that either VMRUN will see
3609 * and process the new vIRR entry, or that svm_complete_interrupt_delivery
3610 * will signal the doorbell if the CPU has already entered the guest.
3612 smp_mb__after_atomic();
3613 svm_complete_interrupt_delivery(apic->vcpu, delivery_mode, trig_mode, vector);
3616 static void svm_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
3618 struct vcpu_svm *svm = to_svm(vcpu);
3621 * SEV-ES guests must always keep the CR intercepts cleared. CR
3622 * tracking is done using the CR write traps.
3624 if (sev_es_guest(vcpu->kvm))
3627 if (nested_svm_virtualize_tpr(vcpu))
3630 svm_clr_intercept(svm, INTERCEPT_CR8_WRITE);
3636 svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
3639 static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
3641 struct vcpu_svm *svm = to_svm(vcpu);
3643 if (is_vnmi_enabled(svm))
3644 return svm->vmcb->control.int_ctl & V_NMI_BLOCKING_MASK;
3646 return svm->nmi_masked;
3649 static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
3651 struct vcpu_svm *svm = to_svm(vcpu);
3653 if (is_vnmi_enabled(svm)) {
3655 svm->vmcb->control.int_ctl |= V_NMI_BLOCKING_MASK;
3657 svm->vmcb->control.int_ctl &= ~V_NMI_BLOCKING_MASK;
3660 svm->nmi_masked = masked;
3662 svm_set_iret_intercept(svm);
3664 svm_clr_iret_intercept(svm);
3668 bool svm_nmi_blocked(struct kvm_vcpu *vcpu)
3670 struct vcpu_svm *svm = to_svm(vcpu);
3671 struct vmcb *vmcb = svm->vmcb;
3676 if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
3679 if (svm_get_nmi_mask(vcpu))
3682 return vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK;
3685 static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
3687 struct vcpu_svm *svm = to_svm(vcpu);
3688 if (svm->nested.nested_run_pending)
3691 if (svm_nmi_blocked(vcpu))
3694 /* An NMI must not be injected into L2 if it's supposed to VM-Exit. */
3695 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
3700 bool svm_interrupt_blocked(struct kvm_vcpu *vcpu)
3702 struct vcpu_svm *svm = to_svm(vcpu);
3703 struct vmcb *vmcb = svm->vmcb;
3708 if (is_guest_mode(vcpu)) {
3709 /* As long as interrupts are being delivered... */
3710 if ((svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK)
3711 ? !(svm->vmcb01.ptr->save.rflags & X86_EFLAGS_IF)
3712 : !(kvm_get_rflags(vcpu) & X86_EFLAGS_IF))
3715 /* ... vmexits aren't blocked by the interrupt shadow */
3716 if (nested_exit_on_intr(svm))
3719 if (!svm_get_if_flag(vcpu))
3723 return (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK);
3726 static int svm_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
3728 struct vcpu_svm *svm = to_svm(vcpu);
3730 if (svm->nested.nested_run_pending)
3733 if (svm_interrupt_blocked(vcpu))
3737 * An IRQ must not be injected into L2 if it's supposed to VM-Exit,
3738 * e.g. if the IRQ arrived asynchronously after checking nested events.
3740 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_intr(svm))
3746 static void svm_enable_irq_window(struct kvm_vcpu *vcpu)
3748 struct vcpu_svm *svm = to_svm(vcpu);
3751 * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes
3752 * 1, because that's a separate STGI/VMRUN intercept. The next time we
3753 * get that intercept, this function will be called again though and
3754 * we'll get the vintr intercept. However, if the vGIF feature is
3755 * enabled, the STGI interception will not occur. Enable the irq
3756 * window under the assumption that the hardware will set the GIF.
3758 if (vgif || gif_set(svm)) {
3760 * IRQ window is not needed when AVIC is enabled,
3761 * unless we have pending ExtINT since it cannot be injected
3762 * via AVIC. In such case, KVM needs to temporarily disable AVIC,
3763 * and fallback to injecting IRQ via V_IRQ.
3765 * If running nested, AVIC is already locally inhibited
3766 * on this vCPU, therefore there is no need to request
3767 * the VM wide AVIC inhibition.
3769 if (!is_guest_mode(vcpu))
3770 kvm_set_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_IRQWIN);
3776 static void svm_enable_nmi_window(struct kvm_vcpu *vcpu)
3778 struct vcpu_svm *svm = to_svm(vcpu);
3781 * KVM should never request an NMI window when vNMI is enabled, as KVM
3782 * allows at most one to-be-injected NMI and one pending NMI, i.e. if
3783 * two NMIs arrive simultaneously, KVM will inject one and set
3784 * V_NMI_PENDING for the other. WARN, but continue with the standard
3785 * single-step approach to try and salvage the pending NMI.
3787 WARN_ON_ONCE(is_vnmi_enabled(svm));
3789 if (svm_get_nmi_mask(vcpu) && !svm->awaiting_iret_completion)
3790 return; /* IRET will cause a vm exit */
3793 * SEV-ES guests are responsible for signaling when a vCPU is ready to
3794 * receive a new NMI, as SEV-ES guests can't be single-stepped, i.e.
3795 * KVM can't intercept and single-step IRET to detect when NMIs are
3796 * unblocked (architecturally speaking). See SVM_VMGEXIT_NMI_COMPLETE.
3798 * Note, GIF is guaranteed to be '1' for SEV-ES guests as hardware
3799 * ignores SEV-ES guest writes to EFER.SVME *and* CLGI/STGI are not
3800 * supported NAEs in the GHCB protocol.
3802 if (sev_es_guest(vcpu->kvm))
3805 if (!gif_set(svm)) {
3807 svm_set_intercept(svm, INTERCEPT_STGI);
3808 return; /* STGI will cause a vm exit */
3812 * Something prevents NMI from been injected. Single step over possible
3813 * problem (IRET or exception injection or interrupt shadow)
3815 svm->nmi_singlestep_guest_rflags = svm_get_rflags(vcpu);
3816 svm->nmi_singlestep = true;
3817 svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
3820 static void svm_flush_tlb_asid(struct kvm_vcpu *vcpu)
3822 struct vcpu_svm *svm = to_svm(vcpu);
3825 * Unlike VMX, SVM doesn't provide a way to flush only NPT TLB entries.
3826 * A TLB flush for the current ASID flushes both "host" and "guest" TLB
3827 * entries, and thus is a superset of Hyper-V's fine grained flushing.
3829 kvm_hv_vcpu_purge_flush_tlb(vcpu);
3832 * Flush only the current ASID even if the TLB flush was invoked via
3833 * kvm_flush_remote_tlbs(). Although flushing remote TLBs requires all
3834 * ASIDs to be flushed, KVM uses a single ASID for L1 and L2, and
3835 * unconditionally does a TLB flush on both nested VM-Enter and nested
3836 * VM-Exit (via kvm_mmu_reset_context()).
3838 if (static_cpu_has(X86_FEATURE_FLUSHBYASID))
3839 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
3841 svm->current_vmcb->asid_generation--;
3844 static void svm_flush_tlb_current(struct kvm_vcpu *vcpu)
3846 hpa_t root_tdp = vcpu->arch.mmu->root.hpa;
3849 * When running on Hyper-V with EnlightenedNptTlb enabled, explicitly
3850 * flush the NPT mappings via hypercall as flushing the ASID only
3851 * affects virtual to physical mappings, it does not invalidate guest
3852 * physical to host physical mappings.
3854 if (svm_hv_is_enlightened_tlb_enabled(vcpu) && VALID_PAGE(root_tdp))
3855 hyperv_flush_guest_mapping(root_tdp);
3857 svm_flush_tlb_asid(vcpu);
3860 static void svm_flush_tlb_all(struct kvm_vcpu *vcpu)
3863 * When running on Hyper-V with EnlightenedNptTlb enabled, remote TLB
3864 * flushes should be routed to hv_flush_remote_tlbs() without requesting
3865 * a "regular" remote flush. Reaching this point means either there's
3866 * a KVM bug or a prior hv_flush_remote_tlbs() call failed, both of
3867 * which might be fatal to the guest. Yell, but try to recover.
3869 if (WARN_ON_ONCE(svm_hv_is_enlightened_tlb_enabled(vcpu)))
3870 hv_flush_remote_tlbs(vcpu->kvm);
3872 svm_flush_tlb_asid(vcpu);
3875 static void svm_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t gva)
3877 struct vcpu_svm *svm = to_svm(vcpu);
3879 invlpga(gva, svm->vmcb->control.asid);
3882 static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
3884 struct vcpu_svm *svm = to_svm(vcpu);
3886 if (nested_svm_virtualize_tpr(vcpu))
3889 if (!svm_is_intercept(svm, INTERCEPT_CR8_WRITE)) {
3890 int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
3891 kvm_set_cr8(vcpu, cr8);
3895 static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
3897 struct vcpu_svm *svm = to_svm(vcpu);
3900 if (nested_svm_virtualize_tpr(vcpu) ||
3901 kvm_vcpu_apicv_active(vcpu))
3904 cr8 = kvm_get_cr8(vcpu);
3905 svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
3906 svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
3909 static void svm_complete_soft_interrupt(struct kvm_vcpu *vcpu, u8 vector,
3912 bool is_exception = (type == SVM_EXITINTINFO_TYPE_EXEPT);
3913 bool is_soft = (type == SVM_EXITINTINFO_TYPE_SOFT);
3914 struct vcpu_svm *svm = to_svm(vcpu);
3917 * If NRIPS is enabled, KVM must snapshot the pre-VMRUN next_rip that's
3918 * associated with the original soft exception/interrupt. next_rip is
3919 * cleared on all exits that can occur while vectoring an event, so KVM
3920 * needs to manually set next_rip for re-injection. Unlike the !nrips
3921 * case below, this needs to be done if and only if KVM is re-injecting
3922 * the same event, i.e. if the event is a soft exception/interrupt,
3923 * otherwise next_rip is unused on VMRUN.
3925 if (nrips && (is_soft || (is_exception && kvm_exception_is_soft(vector))) &&
3926 kvm_is_linear_rip(vcpu, svm->soft_int_old_rip + svm->soft_int_csbase))
3927 svm->vmcb->control.next_rip = svm->soft_int_next_rip;
3929 * If NRIPS isn't enabled, KVM must manually advance RIP prior to
3930 * injecting the soft exception/interrupt. That advancement needs to
3931 * be unwound if vectoring didn't complete. Note, the new event may
3932 * not be the injected event, e.g. if KVM injected an INTn, the INTn
3933 * hit a #NP in the guest, and the #NP encountered a #PF, the #NP will
3934 * be the reported vectored event, but RIP still needs to be unwound.
3936 else if (!nrips && (is_soft || is_exception) &&
3937 kvm_is_linear_rip(vcpu, svm->soft_int_next_rip + svm->soft_int_csbase))
3938 kvm_rip_write(vcpu, svm->soft_int_old_rip);
3941 static void svm_complete_interrupts(struct kvm_vcpu *vcpu)
3943 struct vcpu_svm *svm = to_svm(vcpu);
3946 u32 exitintinfo = svm->vmcb->control.exit_int_info;
3947 bool nmi_l1_to_l2 = svm->nmi_l1_to_l2;
3948 bool soft_int_injected = svm->soft_int_injected;
3950 svm->nmi_l1_to_l2 = false;
3951 svm->soft_int_injected = false;
3954 * If we've made progress since setting awaiting_iret_completion, we've
3955 * executed an IRET and can allow NMI injection.
3957 if (svm->awaiting_iret_completion &&
3958 kvm_rip_read(vcpu) != svm->nmi_iret_rip) {
3959 svm->awaiting_iret_completion = false;
3960 svm->nmi_masked = false;
3961 kvm_make_request(KVM_REQ_EVENT, vcpu);
3964 vcpu->arch.nmi_injected = false;
3965 kvm_clear_exception_queue(vcpu);
3966 kvm_clear_interrupt_queue(vcpu);
3968 if (!(exitintinfo & SVM_EXITINTINFO_VALID))
3971 kvm_make_request(KVM_REQ_EVENT, vcpu);
3973 vector = exitintinfo & SVM_EXITINTINFO_VEC_MASK;
3974 type = exitintinfo & SVM_EXITINTINFO_TYPE_MASK;
3976 if (soft_int_injected)
3977 svm_complete_soft_interrupt(vcpu, vector, type);
3980 case SVM_EXITINTINFO_TYPE_NMI:
3981 vcpu->arch.nmi_injected = true;
3982 svm->nmi_l1_to_l2 = nmi_l1_to_l2;
3984 case SVM_EXITINTINFO_TYPE_EXEPT:
3986 * Never re-inject a #VC exception.
3988 if (vector == X86_TRAP_VC)
3991 if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) {
3992 u32 err = svm->vmcb->control.exit_int_info_err;
3993 kvm_requeue_exception_e(vcpu, vector, err);
3996 kvm_requeue_exception(vcpu, vector);
3998 case SVM_EXITINTINFO_TYPE_INTR:
3999 kvm_queue_interrupt(vcpu, vector, false);
4001 case SVM_EXITINTINFO_TYPE_SOFT:
4002 kvm_queue_interrupt(vcpu, vector, true);
4010 static void svm_cancel_injection(struct kvm_vcpu *vcpu)
4012 struct vcpu_svm *svm = to_svm(vcpu);
4013 struct vmcb_control_area *control = &svm->vmcb->control;
4015 control->exit_int_info = control->event_inj;
4016 control->exit_int_info_err = control->event_inj_err;
4017 control->event_inj = 0;
4018 svm_complete_interrupts(vcpu);
4021 static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
4026 static fastpath_t svm_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
4028 struct vmcb_control_area *control = &to_svm(vcpu)->vmcb->control;
4031 * Note, the next RIP must be provided as SRCU isn't held, i.e. KVM
4032 * can't read guest memory (dereference memslots) to decode the WRMSR.
4034 if (control->exit_code == SVM_EXIT_MSR && control->exit_info_1 &&
4035 nrips && control->next_rip)
4036 return handle_fastpath_set_msr_irqoff(vcpu);
4038 return EXIT_FASTPATH_NONE;
4041 static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_intercepted)
4043 struct vcpu_svm *svm = to_svm(vcpu);
4045 guest_state_enter_irqoff();
4047 if (sev_es_guest(vcpu->kvm))
4048 __svm_sev_es_vcpu_run(svm, spec_ctrl_intercepted);
4050 __svm_vcpu_run(svm, spec_ctrl_intercepted);
4052 guest_state_exit_irqoff();
4055 static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
4057 struct vcpu_svm *svm = to_svm(vcpu);
4058 bool spec_ctrl_intercepted = msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL);
4060 trace_kvm_entry(vcpu);
4062 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
4063 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
4064 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
4067 * Disable singlestep if we're injecting an interrupt/exception.
4068 * We don't want our modified rflags to be pushed on the stack where
4069 * we might not be able to easily reset them if we disabled NMI
4072 if (svm->nmi_singlestep && svm->vmcb->control.event_inj) {
4074 * Event injection happens before external interrupts cause a
4075 * vmexit and interrupts are disabled here, so smp_send_reschedule
4076 * is enough to force an immediate vmexit.
4078 disable_nmi_singlestep(svm);
4079 smp_send_reschedule(vcpu->cpu);
4084 sync_lapic_to_cr8(vcpu);
4086 if (unlikely(svm->asid != svm->vmcb->control.asid)) {
4087 svm->vmcb->control.asid = svm->asid;
4088 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
4090 svm->vmcb->save.cr2 = vcpu->arch.cr2;
4092 svm_hv_update_vp_id(svm->vmcb, vcpu);
4095 * Run with all-zero DR6 unless needed, so that we can get the exact cause
4098 if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))
4099 svm_set_dr6(svm, vcpu->arch.dr6);
4101 svm_set_dr6(svm, DR6_ACTIVE_LOW);
4104 kvm_load_guest_xsave_state(vcpu);
4106 kvm_wait_lapic_expire(vcpu);
4109 * If this vCPU has touched SPEC_CTRL, restore the guest's value if
4110 * it's non-zero. Since vmentry is serialising on affected CPUs, there
4111 * is no need to worry about the conditional branch over the wrmsr
4112 * being speculatively taken.
4114 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
4115 x86_spec_ctrl_set_guest(svm->virt_spec_ctrl);
4117 svm_vcpu_enter_exit(vcpu, spec_ctrl_intercepted);
4119 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
4120 x86_spec_ctrl_restore_host(svm->virt_spec_ctrl);
4122 if (!sev_es_guest(vcpu->kvm)) {
4123 vcpu->arch.cr2 = svm->vmcb->save.cr2;
4124 vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
4125 vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
4126 vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
4128 vcpu->arch.regs_dirty = 0;
4130 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4131 kvm_before_interrupt(vcpu, KVM_HANDLING_NMI);
4133 kvm_load_host_xsave_state(vcpu);
4136 /* Any pending NMI will happen here */
4138 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4139 kvm_after_interrupt(vcpu);
4141 sync_cr8_to_lapic(vcpu);
4144 if (is_guest_mode(vcpu)) {
4145 nested_sync_control_from_vmcb02(svm);
4147 /* Track VMRUNs that have made past consistency checking */
4148 if (svm->nested.nested_run_pending &&
4149 svm->vmcb->control.exit_code != SVM_EXIT_ERR)
4150 ++vcpu->stat.nested_run;
4152 svm->nested.nested_run_pending = 0;
4155 svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
4156 vmcb_mark_all_clean(svm->vmcb);
4158 /* if exit due to PF check for async PF */
4159 if (svm->vmcb->control.exit_code == SVM_EXIT_EXCP_BASE + PF_VECTOR)
4160 vcpu->arch.apf.host_apf_flags =
4161 kvm_read_and_reset_apf_flags();
4163 vcpu->arch.regs_avail &= ~SVM_REGS_LAZY_LOAD_SET;
4166 * We need to handle MC intercepts here before the vcpu has a chance to
4167 * change the physical cpu
4169 if (unlikely(svm->vmcb->control.exit_code ==
4170 SVM_EXIT_EXCP_BASE + MC_VECTOR))
4171 svm_handle_mce(vcpu);
4173 trace_kvm_exit(vcpu, KVM_ISA_SVM);
4175 svm_complete_interrupts(vcpu);
4177 if (is_guest_mode(vcpu))
4178 return EXIT_FASTPATH_NONE;
4180 return svm_exit_handlers_fastpath(vcpu);
4183 static void svm_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa,
4186 struct vcpu_svm *svm = to_svm(vcpu);
4190 svm->vmcb->control.nested_cr3 = __sme_set(root_hpa);
4191 vmcb_mark_dirty(svm->vmcb, VMCB_NPT);
4193 hv_track_root_tdp(vcpu, root_hpa);
4195 cr3 = vcpu->arch.cr3;
4196 } else if (root_level >= PT64_ROOT_4LEVEL) {
4197 cr3 = __sme_set(root_hpa) | kvm_get_active_pcid(vcpu);
4199 /* PCID in the guest should be impossible with a 32-bit MMU. */
4200 WARN_ON_ONCE(kvm_get_active_pcid(vcpu));
4204 svm->vmcb->save.cr3 = cr3;
4205 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
4209 svm_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
4212 * Patch in the VMMCALL instruction:
4214 hypercall[0] = 0x0f;
4215 hypercall[1] = 0x01;
4216 hypercall[2] = 0xd9;
4220 * The kvm parameter can be NULL (module initialization, or invocation before
4221 * VM creation). Be sure to check the kvm parameter before using it.
4223 static bool svm_has_emulated_msr(struct kvm *kvm, u32 index)
4226 case MSR_IA32_MCG_EXT_CTL:
4227 case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
4229 case MSR_IA32_SMBASE:
4230 if (!IS_ENABLED(CONFIG_KVM_SMM))
4232 /* SEV-ES guests do not support SMM, so report false */
4233 if (kvm && sev_es_guest(kvm))
4243 static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
4245 struct vcpu_svm *svm = to_svm(vcpu);
4246 struct kvm_cpuid_entry2 *best;
4248 vcpu->arch.xsaves_enabled = guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) &&
4249 boot_cpu_has(X86_FEATURE_XSAVE) &&
4250 boot_cpu_has(X86_FEATURE_XSAVES);
4252 /* Update nrips enabled cache */
4253 svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) &&
4254 guest_cpuid_has(vcpu, X86_FEATURE_NRIPS);
4256 svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR);
4257 svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV);
4259 svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD);
4261 svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) &&
4262 guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER);
4264 svm->pause_threshold_enabled = kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD) &&
4265 guest_cpuid_has(vcpu, X86_FEATURE_PFTHRESHOLD);
4267 svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF);
4269 svm->vnmi_enabled = vnmi && guest_cpuid_has(vcpu, X86_FEATURE_VNMI);
4271 svm_recalc_instruction_intercepts(vcpu, svm);
4273 if (boot_cpu_has(X86_FEATURE_IBPB))
4274 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD, 0,
4275 !!guest_has_pred_cmd_msr(vcpu));
4277 if (boot_cpu_has(X86_FEATURE_FLUSH_L1D))
4278 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_FLUSH_CMD, 0,
4279 !!guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D));
4281 /* For sev guests, the memory encryption bit is not reserved in CR3. */
4282 if (sev_guest(vcpu->kvm)) {
4283 best = kvm_find_cpuid_entry(vcpu, 0x8000001F);
4285 vcpu->arch.reserved_gpa_bits &= ~(1UL << (best->ebx & 0x3f));
4288 init_vmcb_after_set_cpuid(vcpu);
4291 static bool svm_has_wbinvd_exit(void)
4296 #define PRE_EX(exit) { .exit_code = (exit), \
4297 .stage = X86_ICPT_PRE_EXCEPT, }
4298 #define POST_EX(exit) { .exit_code = (exit), \
4299 .stage = X86_ICPT_POST_EXCEPT, }
4300 #define POST_MEM(exit) { .exit_code = (exit), \
4301 .stage = X86_ICPT_POST_MEMACCESS, }
4303 static const struct __x86_intercept {
4305 enum x86_intercept_stage stage;
4306 } x86_intercept_map[] = {
4307 [x86_intercept_cr_read] = POST_EX(SVM_EXIT_READ_CR0),
4308 [x86_intercept_cr_write] = POST_EX(SVM_EXIT_WRITE_CR0),
4309 [x86_intercept_clts] = POST_EX(SVM_EXIT_WRITE_CR0),
4310 [x86_intercept_lmsw] = POST_EX(SVM_EXIT_WRITE_CR0),
4311 [x86_intercept_smsw] = POST_EX(SVM_EXIT_READ_CR0),
4312 [x86_intercept_dr_read] = POST_EX(SVM_EXIT_READ_DR0),
4313 [x86_intercept_dr_write] = POST_EX(SVM_EXIT_WRITE_DR0),
4314 [x86_intercept_sldt] = POST_EX(SVM_EXIT_LDTR_READ),
4315 [x86_intercept_str] = POST_EX(SVM_EXIT_TR_READ),
4316 [x86_intercept_lldt] = POST_EX(SVM_EXIT_LDTR_WRITE),
4317 [x86_intercept_ltr] = POST_EX(SVM_EXIT_TR_WRITE),
4318 [x86_intercept_sgdt] = POST_EX(SVM_EXIT_GDTR_READ),
4319 [x86_intercept_sidt] = POST_EX(SVM_EXIT_IDTR_READ),
4320 [x86_intercept_lgdt] = POST_EX(SVM_EXIT_GDTR_WRITE),
4321 [x86_intercept_lidt] = POST_EX(SVM_EXIT_IDTR_WRITE),
4322 [x86_intercept_vmrun] = POST_EX(SVM_EXIT_VMRUN),
4323 [x86_intercept_vmmcall] = POST_EX(SVM_EXIT_VMMCALL),
4324 [x86_intercept_vmload] = POST_EX(SVM_EXIT_VMLOAD),
4325 [x86_intercept_vmsave] = POST_EX(SVM_EXIT_VMSAVE),
4326 [x86_intercept_stgi] = POST_EX(SVM_EXIT_STGI),
4327 [x86_intercept_clgi] = POST_EX(SVM_EXIT_CLGI),
4328 [x86_intercept_skinit] = POST_EX(SVM_EXIT_SKINIT),
4329 [x86_intercept_invlpga] = POST_EX(SVM_EXIT_INVLPGA),
4330 [x86_intercept_rdtscp] = POST_EX(SVM_EXIT_RDTSCP),
4331 [x86_intercept_monitor] = POST_MEM(SVM_EXIT_MONITOR),
4332 [x86_intercept_mwait] = POST_EX(SVM_EXIT_MWAIT),
4333 [x86_intercept_invlpg] = POST_EX(SVM_EXIT_INVLPG),
4334 [x86_intercept_invd] = POST_EX(SVM_EXIT_INVD),
4335 [x86_intercept_wbinvd] = POST_EX(SVM_EXIT_WBINVD),
4336 [x86_intercept_wrmsr] = POST_EX(SVM_EXIT_MSR),
4337 [x86_intercept_rdtsc] = POST_EX(SVM_EXIT_RDTSC),
4338 [x86_intercept_rdmsr] = POST_EX(SVM_EXIT_MSR),
4339 [x86_intercept_rdpmc] = POST_EX(SVM_EXIT_RDPMC),
4340 [x86_intercept_cpuid] = PRE_EX(SVM_EXIT_CPUID),
4341 [x86_intercept_rsm] = PRE_EX(SVM_EXIT_RSM),
4342 [x86_intercept_pause] = PRE_EX(SVM_EXIT_PAUSE),
4343 [x86_intercept_pushf] = PRE_EX(SVM_EXIT_PUSHF),
4344 [x86_intercept_popf] = PRE_EX(SVM_EXIT_POPF),
4345 [x86_intercept_intn] = PRE_EX(SVM_EXIT_SWINT),
4346 [x86_intercept_iret] = PRE_EX(SVM_EXIT_IRET),
4347 [x86_intercept_icebp] = PRE_EX(SVM_EXIT_ICEBP),
4348 [x86_intercept_hlt] = POST_EX(SVM_EXIT_HLT),
4349 [x86_intercept_in] = POST_EX(SVM_EXIT_IOIO),
4350 [x86_intercept_ins] = POST_EX(SVM_EXIT_IOIO),
4351 [x86_intercept_out] = POST_EX(SVM_EXIT_IOIO),
4352 [x86_intercept_outs] = POST_EX(SVM_EXIT_IOIO),
4353 [x86_intercept_xsetbv] = PRE_EX(SVM_EXIT_XSETBV),
4360 static int svm_check_intercept(struct kvm_vcpu *vcpu,
4361 struct x86_instruction_info *info,
4362 enum x86_intercept_stage stage,
4363 struct x86_exception *exception)
4365 struct vcpu_svm *svm = to_svm(vcpu);
4366 int vmexit, ret = X86EMUL_CONTINUE;
4367 struct __x86_intercept icpt_info;
4368 struct vmcb *vmcb = svm->vmcb;
4370 if (info->intercept >= ARRAY_SIZE(x86_intercept_map))
4373 icpt_info = x86_intercept_map[info->intercept];
4375 if (stage != icpt_info.stage)
4378 switch (icpt_info.exit_code) {
4379 case SVM_EXIT_READ_CR0:
4380 if (info->intercept == x86_intercept_cr_read)
4381 icpt_info.exit_code += info->modrm_reg;
4383 case SVM_EXIT_WRITE_CR0: {
4384 unsigned long cr0, val;
4386 if (info->intercept == x86_intercept_cr_write)
4387 icpt_info.exit_code += info->modrm_reg;
4389 if (icpt_info.exit_code != SVM_EXIT_WRITE_CR0 ||
4390 info->intercept == x86_intercept_clts)
4393 if (!(vmcb12_is_intercept(&svm->nested.ctl,
4394 INTERCEPT_SELECTIVE_CR0)))
4397 cr0 = vcpu->arch.cr0 & ~SVM_CR0_SELECTIVE_MASK;
4398 val = info->src_val & ~SVM_CR0_SELECTIVE_MASK;
4400 if (info->intercept == x86_intercept_lmsw) {
4403 /* lmsw can't clear PE - catch this here */
4404 if (cr0 & X86_CR0_PE)
4409 icpt_info.exit_code = SVM_EXIT_CR0_SEL_WRITE;
4413 case SVM_EXIT_READ_DR0:
4414 case SVM_EXIT_WRITE_DR0:
4415 icpt_info.exit_code += info->modrm_reg;
4418 if (info->intercept == x86_intercept_wrmsr)
4419 vmcb->control.exit_info_1 = 1;
4421 vmcb->control.exit_info_1 = 0;
4423 case SVM_EXIT_PAUSE:
4425 * We get this for NOP only, but pause
4426 * is rep not, check this here
4428 if (info->rep_prefix != REPE_PREFIX)
4431 case SVM_EXIT_IOIO: {
4435 if (info->intercept == x86_intercept_in ||
4436 info->intercept == x86_intercept_ins) {
4437 exit_info = ((info->src_val & 0xffff) << 16) |
4439 bytes = info->dst_bytes;
4441 exit_info = (info->dst_val & 0xffff) << 16;
4442 bytes = info->src_bytes;
4445 if (info->intercept == x86_intercept_outs ||
4446 info->intercept == x86_intercept_ins)
4447 exit_info |= SVM_IOIO_STR_MASK;
4449 if (info->rep_prefix)
4450 exit_info |= SVM_IOIO_REP_MASK;
4452 bytes = min(bytes, 4u);
4454 exit_info |= bytes << SVM_IOIO_SIZE_SHIFT;
4456 exit_info |= (u32)info->ad_bytes << (SVM_IOIO_ASIZE_SHIFT - 1);
4458 vmcb->control.exit_info_1 = exit_info;
4459 vmcb->control.exit_info_2 = info->next_rip;
4467 /* TODO: Advertise NRIPS to guest hypervisor unconditionally */
4468 if (static_cpu_has(X86_FEATURE_NRIPS))
4469 vmcb->control.next_rip = info->next_rip;
4470 vmcb->control.exit_code = icpt_info.exit_code;
4471 vmexit = nested_svm_exit_handled(svm);
4473 ret = (vmexit == NESTED_EXIT_DONE) ? X86EMUL_INTERCEPTED
4480 static void svm_handle_exit_irqoff(struct kvm_vcpu *vcpu)
4482 if (to_svm(vcpu)->vmcb->control.exit_code == SVM_EXIT_INTR)
4483 vcpu->arch.at_instruction_boundary = true;
4486 static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
4488 if (!kvm_pause_in_guest(vcpu->kvm))
4489 shrink_ple_window(vcpu);
4492 static void svm_setup_mce(struct kvm_vcpu *vcpu)
4494 /* [63:9] are reserved. */
4495 vcpu->arch.mcg_cap &= 0x1ff;
4498 #ifdef CONFIG_KVM_SMM
4499 bool svm_smi_blocked(struct kvm_vcpu *vcpu)
4501 struct vcpu_svm *svm = to_svm(vcpu);
4503 /* Per APM Vol.2 15.22.2 "Response to SMI" */
4507 return is_smm(vcpu);
4510 static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
4512 struct vcpu_svm *svm = to_svm(vcpu);
4513 if (svm->nested.nested_run_pending)
4516 if (svm_smi_blocked(vcpu))
4519 /* An SMI must not be injected into L2 if it's supposed to VM-Exit. */
4520 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_smi(svm))
4526 static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
4528 struct vcpu_svm *svm = to_svm(vcpu);
4529 struct kvm_host_map map_save;
4532 if (!is_guest_mode(vcpu))
4536 * 32-bit SMRAM format doesn't preserve EFER and SVM state. Userspace is
4537 * responsible for ensuring nested SVM and SMIs are mutually exclusive.
4540 if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
4543 smram->smram64.svm_guest_flag = 1;
4544 smram->smram64.svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa;
4546 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
4547 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
4548 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
4550 ret = nested_svm_simple_vmexit(svm, SVM_EXIT_SW);
4555 * KVM uses VMCB01 to store L1 host state while L2 runs but
4556 * VMCB01 is going to be used during SMM and thus the state will
4557 * be lost. Temporary save non-VMLOAD/VMSAVE state to the host save
4558 * area pointed to by MSR_VM_HSAVE_PA. APM guarantees that the
4559 * format of the area is identical to guest save area offsetted
4560 * by 0x400 (matches the offset of 'struct vmcb_save_area'
4561 * within 'struct vmcb'). Note: HSAVE area may also be used by
4562 * L1 hypervisor to save additional host context (e.g. KVM does
4563 * that, see svm_prepare_switch_to_guest()) which must be
4566 if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr), &map_save))
4569 BUILD_BUG_ON(offsetof(struct vmcb, save) != 0x400);
4571 svm_copy_vmrun_state(map_save.hva + 0x400,
4572 &svm->vmcb01.ptr->save);
4574 kvm_vcpu_unmap(vcpu, &map_save, true);
4578 static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
4580 struct vcpu_svm *svm = to_svm(vcpu);
4581 struct kvm_host_map map, map_save;
4582 struct vmcb *vmcb12;
4585 const struct kvm_smram_state_64 *smram64 = &smram->smram64;
4587 if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
4590 /* Non-zero if SMI arrived while vCPU was in guest mode. */
4591 if (!smram64->svm_guest_flag)
4594 if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))
4597 if (!(smram64->efer & EFER_SVME))
4600 if (kvm_vcpu_map(vcpu, gpa_to_gfn(smram64->svm_guest_vmcb_gpa), &map))
4604 if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr), &map_save))
4607 if (svm_allocate_nested(svm))
4611 * Restore L1 host state from L1 HSAVE area as VMCB01 was
4612 * used during SMM (see svm_enter_smm())
4615 svm_copy_vmrun_state(&svm->vmcb01.ptr->save, map_save.hva + 0x400);
4618 * Enter the nested guest now
4621 vmcb_mark_all_dirty(svm->vmcb01.ptr);
4624 nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
4625 nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);
4626 ret = enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, vmcb12, false);
4631 svm->nested.nested_run_pending = 1;
4634 kvm_vcpu_unmap(vcpu, &map_save, true);
4636 kvm_vcpu_unmap(vcpu, &map, true);
4640 static void svm_enable_smi_window(struct kvm_vcpu *vcpu)
4642 struct vcpu_svm *svm = to_svm(vcpu);
4644 if (!gif_set(svm)) {
4646 svm_set_intercept(svm, INTERCEPT_STGI);
4647 /* STGI will cause a vm exit */
4649 /* We must be in SMM; RSM will cause a vmexit anyway. */
4654 static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type,
4655 void *insn, int insn_len)
4657 bool smep, smap, is_user;
4660 /* Emulation is always possible when KVM has access to all guest state. */
4661 if (!sev_guest(vcpu->kvm))
4664 /* #UD and #GP should never be intercepted for SEV guests. */
4665 WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD |
4666 EMULTYPE_TRAP_UD_FORCED |
4667 EMULTYPE_VMWARE_GP));
4670 * Emulation is impossible for SEV-ES guests as KVM doesn't have access
4671 * to guest register state.
4673 if (sev_es_guest(vcpu->kvm))
4677 * Emulation is possible if the instruction is already decoded, e.g.
4678 * when completing I/O after returning from userspace.
4680 if (emul_type & EMULTYPE_NO_DECODE)
4684 * Emulation is possible for SEV guests if and only if a prefilled
4685 * buffer containing the bytes of the intercepted instruction is
4686 * available. SEV guest memory is encrypted with a guest specific key
4687 * and cannot be decrypted by KVM, i.e. KVM would read cyphertext and
4690 * If KVM is NOT trying to simply skip an instruction, inject #UD if
4691 * KVM reached this point without an instruction buffer. In practice,
4692 * this path should never be hit by a well-behaved guest, e.g. KVM
4693 * doesn't intercept #UD or #GP for SEV guests, but this path is still
4694 * theoretically reachable, e.g. via unaccelerated fault-like AVIC
4695 * access, and needs to be handled by KVM to avoid putting the guest
4696 * into an infinite loop. Injecting #UD is somewhat arbitrary, but
4697 * its the least awful option given lack of insight into the guest.
4699 * If KVM is trying to skip an instruction, simply resume the guest.
4700 * If a #NPF occurs while the guest is vectoring an INT3/INTO, then KVM
4701 * will attempt to re-inject the INT3/INTO and skip the instruction.
4702 * In that scenario, retrying the INT3/INTO and hoping the guest will
4703 * make forward progress is the only option that has a chance of
4704 * success (and in practice it will work the vast majority of the time).
4706 if (unlikely(!insn)) {
4707 if (!(emul_type & EMULTYPE_SKIP))
4708 kvm_queue_exception(vcpu, UD_VECTOR);
4713 * Emulate for SEV guests if the insn buffer is not empty. The buffer
4714 * will be empty if the DecodeAssist microcode cannot fetch bytes for
4715 * the faulting instruction because the code fetch itself faulted, e.g.
4716 * the guest attempted to fetch from emulated MMIO or a guest page
4717 * table used to translate CS:RIP resides in emulated MMIO.
4719 if (likely(insn_len))
4723 * Detect and workaround Errata 1096 Fam_17h_00_0Fh.
4726 * When CPU raises #NPF on guest data access and vCPU CR4.SMAP=1, it is
4727 * possible that CPU microcode implementing DecodeAssist will fail to
4728 * read guest memory at CS:RIP and vmcb.GuestIntrBytes will incorrectly
4729 * be '0'. This happens because microcode reads CS:RIP using a _data_
4730 * loap uop with CPL=0 privileges. If the load hits a SMAP #PF, ucode
4731 * gives up and does not fill the instruction bytes buffer.
4733 * As above, KVM reaches this point iff the VM is an SEV guest, the CPU
4734 * supports DecodeAssist, a #NPF was raised, KVM's page fault handler
4735 * triggered emulation (e.g. for MMIO), and the CPU returned 0 in the
4736 * GuestIntrBytes field of the VMCB.
4738 * This does _not_ mean that the erratum has been encountered, as the
4739 * DecodeAssist will also fail if the load for CS:RIP hits a legitimate
4740 * #PF, e.g. if the guest attempt to execute from emulated MMIO and
4741 * encountered a reserved/not-present #PF.
4743 * To hit the erratum, the following conditions must be true:
4744 * 1. CR4.SMAP=1 (obviously).
4745 * 2. CR4.SMEP=0 || CPL=3. If SMEP=1 and CPL<3, the erratum cannot
4746 * have been hit as the guest would have encountered a SMEP
4747 * violation #PF, not a #NPF.
4748 * 3. The #NPF is not due to a code fetch, in which case failure to
4749 * retrieve the instruction bytes is legitimate (see abvoe).
4751 * In addition, don't apply the erratum workaround if the #NPF occurred
4752 * while translating guest page tables (see below).
4754 error_code = to_svm(vcpu)->vmcb->control.exit_info_1;
4755 if (error_code & (PFERR_GUEST_PAGE_MASK | PFERR_FETCH_MASK))
4758 smep = kvm_is_cr4_bit_set(vcpu, X86_CR4_SMEP);
4759 smap = kvm_is_cr4_bit_set(vcpu, X86_CR4_SMAP);
4760 is_user = svm_get_cpl(vcpu) == 3;
4761 if (smap && (!smep || is_user)) {
4762 pr_err_ratelimited("SEV Guest triggered AMD Erratum 1096\n");
4765 * If the fault occurred in userspace, arbitrarily inject #GP
4766 * to avoid killing the guest and to hopefully avoid confusing
4767 * the guest kernel too much, e.g. injecting #PF would not be
4768 * coherent with respect to the guest's page tables. Request
4769 * triple fault if the fault occurred in the kernel as there's
4770 * no fault that KVM can inject without confusing the guest.
4771 * In practice, the triple fault is moot as no sane SEV kernel
4772 * will execute from user memory while also running with SMAP=1.
4775 kvm_inject_gp(vcpu, 0);
4777 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
4782 * If the erratum was not hit, simply resume the guest and let it fault
4783 * again. While awful, e.g. the vCPU may get stuck in an infinite loop
4784 * if the fault is at CPL=0, it's the lesser of all evils. Exiting to
4785 * userspace will kill the guest, and letting the emulator read garbage
4786 * will yield random behavior and potentially corrupt the guest.
4788 * Simply resuming the guest is technically not a violation of the SEV
4789 * architecture. AMD's APM states that all code fetches and page table
4790 * accesses for SEV guest are encrypted, regardless of the C-Bit. The
4791 * APM also states that encrypted accesses to MMIO are "ignored", but
4792 * doesn't explicitly define "ignored", i.e. doing nothing and letting
4793 * the guest spin is technically "ignoring" the access.
4798 static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
4800 struct vcpu_svm *svm = to_svm(vcpu);
4802 return !gif_set(svm);
4805 static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
4807 if (!sev_es_guest(vcpu->kvm))
4808 return kvm_vcpu_deliver_sipi_vector(vcpu, vector);
4810 sev_vcpu_deliver_sipi_vector(vcpu, vector);
4813 static void svm_vm_destroy(struct kvm *kvm)
4815 avic_vm_destroy(kvm);
4816 sev_vm_destroy(kvm);
4819 static int svm_vm_init(struct kvm *kvm)
4821 if (!pause_filter_count || !pause_filter_thresh)
4822 kvm->arch.pause_in_guest = true;
4825 int ret = avic_vm_init(kvm);
4833 static struct kvm_x86_ops svm_x86_ops __initdata = {
4834 .name = KBUILD_MODNAME,
4836 .check_processor_compatibility = svm_check_processor_compat,
4838 .hardware_unsetup = svm_hardware_unsetup,
4839 .hardware_enable = svm_hardware_enable,
4840 .hardware_disable = svm_hardware_disable,
4841 .has_emulated_msr = svm_has_emulated_msr,
4843 .vcpu_create = svm_vcpu_create,
4844 .vcpu_free = svm_vcpu_free,
4845 .vcpu_reset = svm_vcpu_reset,
4847 .vm_size = sizeof(struct kvm_svm),
4848 .vm_init = svm_vm_init,
4849 .vm_destroy = svm_vm_destroy,
4851 .prepare_switch_to_guest = svm_prepare_switch_to_guest,
4852 .vcpu_load = svm_vcpu_load,
4853 .vcpu_put = svm_vcpu_put,
4854 .vcpu_blocking = avic_vcpu_blocking,
4855 .vcpu_unblocking = avic_vcpu_unblocking,
4857 .update_exception_bitmap = svm_update_exception_bitmap,
4858 .get_msr_feature = svm_get_msr_feature,
4859 .get_msr = svm_get_msr,
4860 .set_msr = svm_set_msr,
4861 .get_segment_base = svm_get_segment_base,
4862 .get_segment = svm_get_segment,
4863 .set_segment = svm_set_segment,
4864 .get_cpl = svm_get_cpl,
4865 .get_cs_db_l_bits = svm_get_cs_db_l_bits,
4866 .set_cr0 = svm_set_cr0,
4867 .post_set_cr3 = sev_post_set_cr3,
4868 .is_valid_cr4 = svm_is_valid_cr4,
4869 .set_cr4 = svm_set_cr4,
4870 .set_efer = svm_set_efer,
4871 .get_idt = svm_get_idt,
4872 .set_idt = svm_set_idt,
4873 .get_gdt = svm_get_gdt,
4874 .set_gdt = svm_set_gdt,
4875 .set_dr7 = svm_set_dr7,
4876 .sync_dirty_debug_regs = svm_sync_dirty_debug_regs,
4877 .cache_reg = svm_cache_reg,
4878 .get_rflags = svm_get_rflags,
4879 .set_rflags = svm_set_rflags,
4880 .get_if_flag = svm_get_if_flag,
4882 .flush_tlb_all = svm_flush_tlb_all,
4883 .flush_tlb_current = svm_flush_tlb_current,
4884 .flush_tlb_gva = svm_flush_tlb_gva,
4885 .flush_tlb_guest = svm_flush_tlb_asid,
4887 .vcpu_pre_run = svm_vcpu_pre_run,
4888 .vcpu_run = svm_vcpu_run,
4889 .handle_exit = svm_handle_exit,
4890 .skip_emulated_instruction = svm_skip_emulated_instruction,
4891 .update_emulated_instruction = NULL,
4892 .set_interrupt_shadow = svm_set_interrupt_shadow,
4893 .get_interrupt_shadow = svm_get_interrupt_shadow,
4894 .patch_hypercall = svm_patch_hypercall,
4895 .inject_irq = svm_inject_irq,
4896 .inject_nmi = svm_inject_nmi,
4897 .is_vnmi_pending = svm_is_vnmi_pending,
4898 .set_vnmi_pending = svm_set_vnmi_pending,
4899 .inject_exception = svm_inject_exception,
4900 .cancel_injection = svm_cancel_injection,
4901 .interrupt_allowed = svm_interrupt_allowed,
4902 .nmi_allowed = svm_nmi_allowed,
4903 .get_nmi_mask = svm_get_nmi_mask,
4904 .set_nmi_mask = svm_set_nmi_mask,
4905 .enable_nmi_window = svm_enable_nmi_window,
4906 .enable_irq_window = svm_enable_irq_window,
4907 .update_cr8_intercept = svm_update_cr8_intercept,
4908 .set_virtual_apic_mode = avic_refresh_virtual_apic_mode,
4909 .refresh_apicv_exec_ctrl = avic_refresh_apicv_exec_ctrl,
4910 .apicv_post_state_restore = avic_apicv_post_state_restore,
4911 .required_apicv_inhibits = AVIC_REQUIRED_APICV_INHIBITS,
4913 .get_exit_info = svm_get_exit_info,
4915 .vcpu_after_set_cpuid = svm_vcpu_after_set_cpuid,
4917 .has_wbinvd_exit = svm_has_wbinvd_exit,
4919 .get_l2_tsc_offset = svm_get_l2_tsc_offset,
4920 .get_l2_tsc_multiplier = svm_get_l2_tsc_multiplier,
4921 .write_tsc_offset = svm_write_tsc_offset,
4922 .write_tsc_multiplier = svm_write_tsc_multiplier,
4924 .load_mmu_pgd = svm_load_mmu_pgd,
4926 .check_intercept = svm_check_intercept,
4927 .handle_exit_irqoff = svm_handle_exit_irqoff,
4929 .request_immediate_exit = __kvm_request_immediate_exit,
4931 .sched_in = svm_sched_in,
4933 .nested_ops = &svm_nested_ops,
4935 .deliver_interrupt = svm_deliver_interrupt,
4936 .pi_update_irte = avic_pi_update_irte,
4937 .setup_mce = svm_setup_mce,
4939 #ifdef CONFIG_KVM_SMM
4940 .smi_allowed = svm_smi_allowed,
4941 .enter_smm = svm_enter_smm,
4942 .leave_smm = svm_leave_smm,
4943 .enable_smi_window = svm_enable_smi_window,
4946 .mem_enc_ioctl = sev_mem_enc_ioctl,
4947 .mem_enc_register_region = sev_mem_enc_register_region,
4948 .mem_enc_unregister_region = sev_mem_enc_unregister_region,
4949 .guest_memory_reclaimed = sev_guest_memory_reclaimed,
4951 .vm_copy_enc_context_from = sev_vm_copy_enc_context_from,
4952 .vm_move_enc_context_from = sev_vm_move_enc_context_from,
4954 .can_emulate_instruction = svm_can_emulate_instruction,
4956 .apic_init_signal_blocked = svm_apic_init_signal_blocked,
4958 .msr_filter_changed = svm_msr_filter_changed,
4959 .complete_emulated_msr = svm_complete_emulated_msr,
4961 .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector,
4962 .vcpu_get_apicv_inhibit_reasons = avic_vcpu_get_apicv_inhibit_reasons,
4966 * The default MMIO mask is a single bit (excluding the present bit),
4967 * which could conflict with the memory encryption bit. Check for
4968 * memory encryption support and override the default MMIO mask if
4969 * memory encryption is enabled.
4971 static __init void svm_adjust_mmio_mask(void)
4973 unsigned int enc_bit, mask_bit;
4976 /* If there is no memory encryption support, use existing mask */
4977 if (cpuid_eax(0x80000000) < 0x8000001f)
4980 /* If memory encryption is not enabled, use existing mask */
4981 rdmsrl(MSR_AMD64_SYSCFG, msr);
4982 if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT))
4985 enc_bit = cpuid_ebx(0x8000001f) & 0x3f;
4986 mask_bit = boot_cpu_data.x86_phys_bits;
4988 /* Increment the mask bit if it is the same as the encryption bit */
4989 if (enc_bit == mask_bit)
4993 * If the mask bit location is below 52, then some bits above the
4994 * physical addressing limit will always be reserved, so use the
4995 * rsvd_bits() function to generate the mask. This mask, along with
4996 * the present bit, will be used to generate a page fault with
4999 * If the mask bit location is 52 (or above), then clear the mask.
5001 mask = (mask_bit < 52) ? rsvd_bits(mask_bit, 51) | PT_PRESENT_MASK : 0;
5003 kvm_mmu_set_mmio_spte_mask(mask, mask, PT_WRITABLE_MASK | PT_USER_MASK);
5006 static __init void svm_set_cpu_caps(void)
5010 kvm_caps.supported_perf_cap = 0;
5011 kvm_caps.supported_xss = 0;
5013 /* CPUID 0x80000001 and 0x8000000A (SVM features) */
5015 kvm_cpu_cap_set(X86_FEATURE_SVM);
5016 kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
5019 kvm_cpu_cap_set(X86_FEATURE_NRIPS);
5022 kvm_cpu_cap_set(X86_FEATURE_NPT);
5025 kvm_cpu_cap_set(X86_FEATURE_TSCRATEMSR);
5028 kvm_cpu_cap_set(X86_FEATURE_V_VMSAVE_VMLOAD);
5030 kvm_cpu_cap_set(X86_FEATURE_LBRV);
5032 if (boot_cpu_has(X86_FEATURE_PAUSEFILTER))
5033 kvm_cpu_cap_set(X86_FEATURE_PAUSEFILTER);
5035 if (boot_cpu_has(X86_FEATURE_PFTHRESHOLD))
5036 kvm_cpu_cap_set(X86_FEATURE_PFTHRESHOLD);
5039 kvm_cpu_cap_set(X86_FEATURE_VGIF);
5042 kvm_cpu_cap_set(X86_FEATURE_VNMI);
5044 /* Nested VM can receive #VMEXIT instead of triggering #GP */
5045 kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);
5048 /* CPUID 0x80000008 */
5049 if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD) ||
5050 boot_cpu_has(X86_FEATURE_AMD_SSBD))
5051 kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
5055 * Enumerate support for PERFCTR_CORE if and only if KVM has
5056 * access to enough counters to virtualize "core" support,
5057 * otherwise limit vPMU support to the legacy number of counters.
5059 if (kvm_pmu_cap.num_counters_gp < AMD64_NUM_COUNTERS_CORE)
5060 kvm_pmu_cap.num_counters_gp = min(AMD64_NUM_COUNTERS,
5061 kvm_pmu_cap.num_counters_gp);
5063 kvm_cpu_cap_check_and_set(X86_FEATURE_PERFCTR_CORE);
5065 if (kvm_pmu_cap.version != 2 ||
5066 !kvm_cpu_cap_has(X86_FEATURE_PERFCTR_CORE))
5067 kvm_cpu_cap_clear(X86_FEATURE_PERFMON_V2);
5070 /* CPUID 0x8000001F (SME/SEV features) */
5074 static __init int svm_hardware_setup(void)
5077 struct page *iopm_pages;
5080 unsigned int order = get_order(IOPM_SIZE);
5083 * NX is required for shadow paging and for NPT if the NX huge pages
5084 * mitigation is enabled.
5086 if (!boot_cpu_has(X86_FEATURE_NX)) {
5087 pr_err_ratelimited("NX (Execute Disable) not supported\n");
5090 kvm_enable_efer_bits(EFER_NX);
5092 iopm_pages = alloc_pages(GFP_KERNEL, order);
5097 iopm_va = page_address(iopm_pages);
5098 memset(iopm_va, 0xff, PAGE_SIZE * (1 << order));
5099 iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT;
5101 init_msrpm_offsets();
5103 kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
5104 XFEATURE_MASK_BNDCSR);
5106 if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
5107 kvm_enable_efer_bits(EFER_FFXSR);
5110 if (!boot_cpu_has(X86_FEATURE_TSCRATEMSR)) {
5111 tsc_scaling = false;
5113 pr_info("TSC scaling supported\n");
5114 kvm_caps.has_tsc_control = true;
5117 kvm_caps.max_tsc_scaling_ratio = SVM_TSC_RATIO_MAX;
5118 kvm_caps.tsc_scaling_ratio_frac_bits = 32;
5120 tsc_aux_uret_slot = kvm_add_user_return_msr(MSR_TSC_AUX);
5122 if (boot_cpu_has(X86_FEATURE_AUTOIBRS))
5123 kvm_enable_efer_bits(EFER_AUTOIBRS);
5125 /* Check for pause filtering support */
5126 if (!boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {
5127 pause_filter_count = 0;
5128 pause_filter_thresh = 0;
5129 } else if (!boot_cpu_has(X86_FEATURE_PFTHRESHOLD)) {
5130 pause_filter_thresh = 0;
5134 pr_info("Nested Virtualization enabled\n");
5135 kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
5139 * KVM's MMU doesn't support using 2-level paging for itself, and thus
5140 * NPT isn't supported if the host is using 2-level paging since host
5141 * CR4 is unchanged on VMRUN.
5143 if (!IS_ENABLED(CONFIG_X86_64) && !IS_ENABLED(CONFIG_X86_PAE))
5144 npt_enabled = false;
5146 if (!boot_cpu_has(X86_FEATURE_NPT))
5147 npt_enabled = false;
5149 /* Force VM NPT level equal to the host's paging level */
5150 kvm_configure_mmu(npt_enabled, get_npt_level(),
5151 get_npt_level(), PG_LEVEL_1G);
5152 pr_info("Nested Paging %sabled\n", npt_enabled ? "en" : "dis");
5154 /* Setup shadow_me_value and shadow_me_mask */
5155 kvm_mmu_set_me_spte_mask(sme_me_mask, sme_me_mask);
5157 svm_adjust_mmio_mask();
5159 nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS);
5162 * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
5163 * may be modified by svm_adjust_mmio_mask()), as well as nrips.
5165 sev_hardware_setup();
5167 svm_hv_hardware_setup();
5169 for_each_possible_cpu(cpu) {
5170 r = svm_cpu_init(cpu);
5175 enable_apicv = avic = avic && avic_hardware_setup();
5177 if (!enable_apicv) {
5178 svm_x86_ops.vcpu_blocking = NULL;
5179 svm_x86_ops.vcpu_unblocking = NULL;
5180 svm_x86_ops.vcpu_get_apicv_inhibit_reasons = NULL;
5181 } else if (!x2avic_enabled) {
5182 svm_x86_ops.allow_apicv_in_x2apic_without_x2apic_virtualization = true;
5187 !boot_cpu_has(X86_FEATURE_V_VMSAVE_VMLOAD) ||
5188 !IS_ENABLED(CONFIG_X86_64)) {
5191 pr_info("Virtual VMLOAD VMSAVE supported\n");
5195 if (boot_cpu_has(X86_FEATURE_SVME_ADDR_CHK))
5196 svm_gp_erratum_intercept = false;
5199 if (!boot_cpu_has(X86_FEATURE_VGIF))
5202 pr_info("Virtual GIF supported\n");
5205 vnmi = vgif && vnmi && boot_cpu_has(X86_FEATURE_VNMI);
5207 pr_info("Virtual NMI enabled\n");
5210 svm_x86_ops.is_vnmi_pending = NULL;
5211 svm_x86_ops.set_vnmi_pending = NULL;
5216 if (!boot_cpu_has(X86_FEATURE_LBRV))
5219 pr_info("LBR virtualization supported\n");
5223 pr_info("PMU virtualization is disabled\n");
5228 * It seems that on AMD processors PTE's accessed bit is
5229 * being set by the CPU hardware before the NPF vmexit.
5230 * This is not expected behaviour and our tests fail because
5232 * A workaround here is to disable support for
5233 * GUEST_MAXPHYADDR < HOST_MAXPHYADDR if NPT is enabled.
5234 * In this case userspace can know if there is support using
5235 * KVM_CAP_SMALLER_MAXPHYADDR extension and decide how to handle
5237 * If future AMD CPU models change the behaviour described above,
5238 * this variable can be changed accordingly
5240 allow_smaller_maxphyaddr = !npt_enabled;
5245 svm_hardware_unsetup();
5250 static struct kvm_x86_init_ops svm_init_ops __initdata = {
5251 .hardware_setup = svm_hardware_setup,
5253 .runtime_ops = &svm_x86_ops,
5254 .pmu_ops = &amd_pmu_ops,
5257 static int __init svm_init(void)
5261 __unused_size_checks();
5263 if (!kvm_is_svm_supported())
5266 r = kvm_x86_vendor_init(&svm_init_ops);
5271 * Common KVM initialization _must_ come last, after this, /dev/kvm is
5272 * exposed to userspace!
5274 r = kvm_init(sizeof(struct vcpu_svm), __alignof__(struct vcpu_svm),
5282 kvm_x86_vendor_exit();
5286 static void __exit svm_exit(void)
5289 kvm_x86_vendor_exit();
5292 module_init(svm_init)
5293 module_exit(svm_exit)
projects / platform / kernel / linux-starfive.git / blob