1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/kvm_host.h>
7 #include "kvm_cache_regs.h"
13 #include <linux/module.h>
14 #include <linux/mod_devicetable.h>
15 #include <linux/kernel.h>
16 #include <linux/vmalloc.h>
17 #include <linux/highmem.h>
18 #include <linux/amd-iommu.h>
19 #include <linux/sched.h>
20 #include <linux/trace_events.h>
21 #include <linux/slab.h>
22 #include <linux/hashtable.h>
23 #include <linux/objtool.h>
24 #include <linux/psp-sev.h>
25 #include <linux/file.h>
26 #include <linux/pagemap.h>
27 #include <linux/swap.h>
28 #include <linux/rwsem.h>
29 #include <linux/cc_platform.h>
30 #include <linux/smp.h>
33 #include <asm/perf_event.h>
34 #include <asm/tlbflush.h>
36 #include <asm/debugreg.h>
37 #include <asm/kvm_para.h>
38 #include <asm/irq_remapping.h>
39 #include <asm/spec-ctrl.h>
40 #include <asm/cpu_device_id.h>
41 #include <asm/traps.h>
42 #include <asm/reboot.h>
43 #include <asm/fpu/api.h>
45 #include <asm/virtext.h>
47 #include <trace/events/ipi.h>
54 #include "kvm_onhyperv.h"
55 #include "svm_onhyperv.h"
57 MODULE_AUTHOR("Qumranet");
58 MODULE_LICENSE("GPL");
61 static const struct x86_cpu_id svm_cpu_id[] = {
62 X86_MATCH_FEATURE(X86_FEATURE_SVM, NULL),
65 MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id);
68 #define SEG_TYPE_LDT 2
69 #define SEG_TYPE_BUSY_TSS16 3
71 static bool erratum_383_found __read_mostly;
73 u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
76 * Set osvw_len to higher value when updated Revision Guides
77 * are published and we know what the new status bits are
79 static uint64_t osvw_len = 4, osvw_status;
81 static DEFINE_PER_CPU(u64, current_tsc_ratio);
83 #define X2APIC_MSR(x) (APIC_BASE_MSR + (x >> 4))
85 static const struct svm_direct_access_msrs {
86 u32 index; /* Index of the MSR */
87 bool always; /* True if intercept is initially cleared */
88 } direct_access_msrs[MAX_DIRECT_ACCESS_MSRS] = {
89 { .index = MSR_STAR, .always = true },
90 { .index = MSR_IA32_SYSENTER_CS, .always = true },
91 { .index = MSR_IA32_SYSENTER_EIP, .always = false },
92 { .index = MSR_IA32_SYSENTER_ESP, .always = false },
94 { .index = MSR_GS_BASE, .always = true },
95 { .index = MSR_FS_BASE, .always = true },
96 { .index = MSR_KERNEL_GS_BASE, .always = true },
97 { .index = MSR_LSTAR, .always = true },
98 { .index = MSR_CSTAR, .always = true },
99 { .index = MSR_SYSCALL_MASK, .always = true },
101 { .index = MSR_IA32_SPEC_CTRL, .always = false },
102 { .index = MSR_IA32_PRED_CMD, .always = false },
103 { .index = MSR_IA32_FLUSH_CMD, .always = false },
104 { .index = MSR_IA32_LASTBRANCHFROMIP, .always = false },
105 { .index = MSR_IA32_LASTBRANCHTOIP, .always = false },
106 { .index = MSR_IA32_LASTINTFROMIP, .always = false },
107 { .index = MSR_IA32_LASTINTTOIP, .always = false },
108 { .index = MSR_EFER, .always = false },
109 { .index = MSR_IA32_CR_PAT, .always = false },
110 { .index = MSR_AMD64_SEV_ES_GHCB, .always = true },
111 { .index = MSR_TSC_AUX, .always = false },
112 { .index = X2APIC_MSR(APIC_ID), .always = false },
113 { .index = X2APIC_MSR(APIC_LVR), .always = false },
114 { .index = X2APIC_MSR(APIC_TASKPRI), .always = false },
115 { .index = X2APIC_MSR(APIC_ARBPRI), .always = false },
116 { .index = X2APIC_MSR(APIC_PROCPRI), .always = false },
117 { .index = X2APIC_MSR(APIC_EOI), .always = false },
118 { .index = X2APIC_MSR(APIC_RRR), .always = false },
119 { .index = X2APIC_MSR(APIC_LDR), .always = false },
120 { .index = X2APIC_MSR(APIC_DFR), .always = false },
121 { .index = X2APIC_MSR(APIC_SPIV), .always = false },
122 { .index = X2APIC_MSR(APIC_ISR), .always = false },
123 { .index = X2APIC_MSR(APIC_TMR), .always = false },
124 { .index = X2APIC_MSR(APIC_IRR), .always = false },
125 { .index = X2APIC_MSR(APIC_ESR), .always = false },
126 { .index = X2APIC_MSR(APIC_ICR), .always = false },
127 { .index = X2APIC_MSR(APIC_ICR2), .always = false },
131 * AMD does not virtualize APIC TSC-deadline timer mode, but it is
132 * emulated by KVM. When setting APIC LVTT (0x832) register bit 18,
133 * the AVIC hardware would generate GP fault. Therefore, always
134 * intercept the MSR 0x832, and do not setup direct_access_msr.
136 { .index = X2APIC_MSR(APIC_LVTTHMR), .always = false },
137 { .index = X2APIC_MSR(APIC_LVTPC), .always = false },
138 { .index = X2APIC_MSR(APIC_LVT0), .always = false },
139 { .index = X2APIC_MSR(APIC_LVT1), .always = false },
140 { .index = X2APIC_MSR(APIC_LVTERR), .always = false },
141 { .index = X2APIC_MSR(APIC_TMICT), .always = false },
142 { .index = X2APIC_MSR(APIC_TMCCT), .always = false },
143 { .index = X2APIC_MSR(APIC_TDCR), .always = false },
144 { .index = MSR_INVALID, .always = false },
148 * These 2 parameters are used to config the controls for Pause-Loop Exiting:
149 * pause_filter_count: On processors that support Pause filtering(indicated
150 * by CPUID Fn8000_000A_EDX), the VMCB provides a 16 bit pause filter
151 * count value. On VMRUN this value is loaded into an internal counter.
152 * Each time a pause instruction is executed, this counter is decremented
153 * until it reaches zero at which time a #VMEXIT is generated if pause
154 * intercept is enabled. Refer to AMD APM Vol 2 Section 15.14.4 Pause
155 * Intercept Filtering for more details.
156 * This also indicate if ple logic enabled.
158 * pause_filter_thresh: In addition, some processor families support advanced
159 * pause filtering (indicated by CPUID Fn8000_000A_EDX) upper bound on
160 * the amount of time a guest is allowed to execute in a pause loop.
161 * In this mode, a 16-bit pause filter threshold field is added in the
162 * VMCB. The threshold value is a cycle count that is used to reset the
163 * pause counter. As with simple pause filtering, VMRUN loads the pause
164 * count value from VMCB into an internal counter. Then, on each pause
165 * instruction the hardware checks the elapsed number of cycles since
166 * the most recent pause instruction against the pause filter threshold.
167 * If the elapsed cycle count is greater than the pause filter threshold,
168 * then the internal pause count is reloaded from the VMCB and execution
169 * continues. If the elapsed cycle count is less than the pause filter
170 * threshold, then the internal pause count is decremented. If the count
171 * value is less than zero and PAUSE intercept is enabled, a #VMEXIT is
172 * triggered. If advanced pause filtering is supported and pause filter
173 * threshold field is set to zero, the filter will operate in the simpler,
177 static unsigned short pause_filter_thresh = KVM_DEFAULT_PLE_GAP;
178 module_param(pause_filter_thresh, ushort, 0444);
180 static unsigned short pause_filter_count = KVM_SVM_DEFAULT_PLE_WINDOW;
181 module_param(pause_filter_count, ushort, 0444);
183 /* Default doubles per-vcpu window every exit. */
184 static unsigned short pause_filter_count_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
185 module_param(pause_filter_count_grow, ushort, 0444);
187 /* Default resets per-vcpu window every exit to pause_filter_count. */
188 static unsigned short pause_filter_count_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
189 module_param(pause_filter_count_shrink, ushort, 0444);
191 /* Default is to compute the maximum so we can never overflow. */
192 static unsigned short pause_filter_count_max = KVM_SVM_DEFAULT_PLE_WINDOW_MAX;
193 module_param(pause_filter_count_max, ushort, 0444);
196 * Use nested page tables by default. Note, NPT may get forced off by
197 * svm_hardware_setup() if it's unsupported by hardware or the host kernel.
199 bool npt_enabled = true;
200 module_param_named(npt, npt_enabled, bool, 0444);
202 /* allow nested virtualization in KVM/SVM */
203 static int nested = true;
204 module_param(nested, int, S_IRUGO);
206 /* enable/disable Next RIP Save */
207 static int nrips = true;
208 module_param(nrips, int, 0444);
210 /* enable/disable Virtual VMLOAD VMSAVE */
211 static int vls = true;
212 module_param(vls, int, 0444);
214 /* enable/disable Virtual GIF */
216 module_param(vgif, int, 0444);
218 /* enable/disable LBR virtualization */
219 static int lbrv = true;
220 module_param(lbrv, int, 0444);
222 static int tsc_scaling = true;
223 module_param(tsc_scaling, int, 0444);
226 * enable / disable AVIC. Because the defaults differ for APICv
227 * support between VMX and SVM we cannot use module_param_named.
230 module_param(avic, bool, 0444);
232 bool __read_mostly dump_invalid_vmcb;
233 module_param(dump_invalid_vmcb, bool, 0644);
236 bool intercept_smi = true;
237 module_param(intercept_smi, bool, 0444);
240 module_param(vnmi, bool, 0444);
242 static bool svm_gp_erratum_intercept = true;
244 static u8 rsm_ins_bytes[] = "\x0f\xaa";
246 static unsigned long iopm_base;
248 DEFINE_PER_CPU(struct svm_cpu_data, svm_data);
251 * Only MSR_TSC_AUX is switched via the user return hook. EFER is switched via
252 * the VMCB, and the SYSCALL/SYSENTER MSRs are handled by VMLOAD/VMSAVE.
254 * RDTSCP and RDPID are not used in the kernel, specifically to allow KVM to
255 * defer the restoration of TSC_AUX until the CPU returns to userspace.
257 static int tsc_aux_uret_slot __read_mostly = -1;
259 static const u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};
261 #define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
262 #define MSRS_RANGE_SIZE 2048
263 #define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)
265 u32 svm_msrpm_offset(u32 msr)
270 for (i = 0; i < NUM_MSR_MAPS; i++) {
271 if (msr < msrpm_ranges[i] ||
272 msr >= msrpm_ranges[i] + MSRS_IN_RANGE)
275 offset = (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
276 offset += (i * MSRS_RANGE_SIZE); /* add range offset */
278 /* Now we have the u8 offset - but need the u32 offset */
282 /* MSR not in any range */
286 static void svm_flush_tlb_current(struct kvm_vcpu *vcpu);
288 static int get_npt_level(void)
291 return pgtable_l5_enabled() ? PT64_ROOT_5LEVEL : PT64_ROOT_4LEVEL;
293 return PT32E_ROOT_LEVEL;
297 int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
299 struct vcpu_svm *svm = to_svm(vcpu);
300 u64 old_efer = vcpu->arch.efer;
301 vcpu->arch.efer = efer;
304 /* Shadow paging assumes NX to be available. */
307 if (!(efer & EFER_LMA))
311 if ((old_efer & EFER_SVME) != (efer & EFER_SVME)) {
312 if (!(efer & EFER_SVME)) {
313 svm_leave_nested(vcpu);
314 svm_set_gif(svm, true);
315 /* #GP intercept is still needed for vmware backdoor */
316 if (!enable_vmware_backdoor)
317 clr_exception_intercept(svm, GP_VECTOR);
320 * Free the nested guest state, unless we are in SMM.
321 * In this case we will return to the nested guest
322 * as soon as we leave SMM.
325 svm_free_nested(svm);
328 int ret = svm_allocate_nested(svm);
331 vcpu->arch.efer = old_efer;
336 * Never intercept #GP for SEV guests, KVM can't
337 * decrypt guest memory to workaround the erratum.
339 if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm))
340 set_exception_intercept(svm, GP_VECTOR);
344 svm->vmcb->save.efer = efer | EFER_SVME;
345 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
349 static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
351 struct vcpu_svm *svm = to_svm(vcpu);
354 if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
355 ret = KVM_X86_SHADOW_INT_STI | KVM_X86_SHADOW_INT_MOV_SS;
359 static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
361 struct vcpu_svm *svm = to_svm(vcpu);
364 svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
366 svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;
370 static int __svm_skip_emulated_instruction(struct kvm_vcpu *vcpu,
371 bool commit_side_effects)
373 struct vcpu_svm *svm = to_svm(vcpu);
374 unsigned long old_rflags;
377 * SEV-ES does not expose the next RIP. The RIP update is controlled by
378 * the type of exit and the #VC handler in the guest.
380 if (sev_es_guest(vcpu->kvm))
383 if (nrips && svm->vmcb->control.next_rip != 0) {
384 WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
385 svm->next_rip = svm->vmcb->control.next_rip;
388 if (!svm->next_rip) {
389 if (unlikely(!commit_side_effects))
390 old_rflags = svm->vmcb->save.rflags;
392 if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
395 if (unlikely(!commit_side_effects))
396 svm->vmcb->save.rflags = old_rflags;
398 kvm_rip_write(vcpu, svm->next_rip);
402 if (likely(commit_side_effects))
403 svm_set_interrupt_shadow(vcpu, 0);
408 static int svm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
410 return __svm_skip_emulated_instruction(vcpu, true);
413 static int svm_update_soft_interrupt_rip(struct kvm_vcpu *vcpu)
415 unsigned long rip, old_rip = kvm_rip_read(vcpu);
416 struct vcpu_svm *svm = to_svm(vcpu);
419 * Due to architectural shortcomings, the CPU doesn't always provide
420 * NextRIP, e.g. if KVM intercepted an exception that occurred while
421 * the CPU was vectoring an INTO/INT3 in the guest. Temporarily skip
422 * the instruction even if NextRIP is supported to acquire the next
423 * RIP so that it can be shoved into the NextRIP field, otherwise
424 * hardware will fail to advance guest RIP during event injection.
425 * Drop the exception/interrupt if emulation fails and effectively
426 * retry the instruction, it's the least awful option. If NRIPS is
427 * in use, the skip must not commit any side effects such as clearing
428 * the interrupt shadow or RFLAGS.RF.
430 if (!__svm_skip_emulated_instruction(vcpu, !nrips))
433 rip = kvm_rip_read(vcpu);
436 * Save the injection information, even when using next_rip, as the
437 * VMCB's next_rip will be lost (cleared on VM-Exit) if the injection
438 * doesn't complete due to a VM-Exit occurring while the CPU is
439 * vectoring the event. Decoding the instruction isn't guaranteed to
440 * work as there may be no backing instruction, e.g. if the event is
441 * being injected by L1 for L2, or if the guest is patching INT3 into
442 * a different instruction.
444 svm->soft_int_injected = true;
445 svm->soft_int_csbase = svm->vmcb->save.cs.base;
446 svm->soft_int_old_rip = old_rip;
447 svm->soft_int_next_rip = rip;
450 kvm_rip_write(vcpu, old_rip);
452 if (static_cpu_has(X86_FEATURE_NRIPS))
453 svm->vmcb->control.next_rip = rip;
458 static void svm_inject_exception(struct kvm_vcpu *vcpu)
460 struct kvm_queued_exception *ex = &vcpu->arch.exception;
461 struct vcpu_svm *svm = to_svm(vcpu);
463 kvm_deliver_exception_payload(vcpu, ex);
465 if (kvm_exception_is_soft(ex->vector) &&
466 svm_update_soft_interrupt_rip(vcpu))
469 svm->vmcb->control.event_inj = ex->vector
471 | (ex->has_error_code ? SVM_EVTINJ_VALID_ERR : 0)
472 | SVM_EVTINJ_TYPE_EXEPT;
473 svm->vmcb->control.event_inj_err = ex->error_code;
476 static void svm_init_erratum_383(void)
482 if (!static_cpu_has_bug(X86_BUG_AMD_TLB_MMATCH))
485 /* Use _safe variants to not break nested virtualization */
486 val = native_read_msr_safe(MSR_AMD64_DC_CFG, &err);
492 low = lower_32_bits(val);
493 high = upper_32_bits(val);
495 native_write_msr_safe(MSR_AMD64_DC_CFG, low, high);
497 erratum_383_found = true;
500 static void svm_init_osvw(struct kvm_vcpu *vcpu)
503 * Guests should see errata 400 and 415 as fixed (assuming that
504 * HLT and IO instructions are intercepted).
506 vcpu->arch.osvw.length = (osvw_len >= 3) ? (osvw_len) : 3;
507 vcpu->arch.osvw.status = osvw_status & ~(6ULL);
510 * By increasing VCPU's osvw.length to 3 we are telling the guest that
511 * all osvw.status bits inside that length, including bit 0 (which is
512 * reserved for erratum 298), are valid. However, if host processor's
513 * osvw_len is 0 then osvw_status[0] carries no information. We need to
514 * be conservative here and therefore we tell the guest that erratum 298
515 * is present (because we really don't know).
517 if (osvw_len == 0 && boot_cpu_data.x86 == 0x10)
518 vcpu->arch.osvw.status |= 1;
521 static bool __kvm_is_svm_supported(void)
523 int cpu = smp_processor_id();
524 struct cpuinfo_x86 *c = &cpu_data(cpu);
528 if (c->x86_vendor != X86_VENDOR_AMD &&
529 c->x86_vendor != X86_VENDOR_HYGON) {
530 pr_err("CPU %d isn't AMD or Hygon\n", cpu);
534 if (!cpu_has(c, X86_FEATURE_SVM)) {
535 pr_err("SVM not supported by CPU %d\n", cpu);
539 if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
540 pr_info("KVM is unsupported when running as an SEV guest\n");
544 rdmsrl(MSR_VM_CR, vm_cr);
545 if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE)) {
546 pr_err("SVM disabled (by BIOS) in MSR_VM_CR on CPU %d\n", cpu);
553 static bool kvm_is_svm_supported(void)
558 supported = __kvm_is_svm_supported();
564 static int svm_check_processor_compat(void)
566 if (!__kvm_is_svm_supported())
572 void __svm_write_tsc_multiplier(u64 multiplier)
576 if (multiplier == __this_cpu_read(current_tsc_ratio))
579 wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
580 __this_cpu_write(current_tsc_ratio, multiplier);
585 static void svm_emergency_disable(void)
590 static void svm_hardware_disable(void)
592 /* Make sure we clean up behind us */
594 __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
598 amd_pmu_disable_virt();
601 static int svm_hardware_enable(void)
604 struct svm_cpu_data *sd;
606 int me = raw_smp_processor_id();
608 rdmsrl(MSR_EFER, efer);
609 if (efer & EFER_SVME)
612 sd = per_cpu_ptr(&svm_data, me);
613 sd->asid_generation = 1;
614 sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
615 sd->next_asid = sd->max_asid + 1;
616 sd->min_asid = max_sev_asid + 1;
618 wrmsrl(MSR_EFER, efer | EFER_SVME);
620 wrmsrl(MSR_VM_HSAVE_PA, sd->save_area_pa);
622 if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
624 * Set the default value, even if we don't use TSC scaling
625 * to avoid having stale value in the msr
627 __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
634 * Note that it is possible to have a system with mixed processor
635 * revisions and therefore different OSVW bits. If bits are not the same
636 * on different processors then choose the worst case (i.e. if erratum
637 * is present on one processor and not on another then assume that the
638 * erratum is present everywhere).
640 if (cpu_has(&boot_cpu_data, X86_FEATURE_OSVW)) {
641 uint64_t len, status = 0;
644 len = native_read_msr_safe(MSR_AMD64_OSVW_ID_LENGTH, &err);
646 status = native_read_msr_safe(MSR_AMD64_OSVW_STATUS,
650 osvw_status = osvw_len = 0;
654 osvw_status |= status;
655 osvw_status &= (1ULL << osvw_len) - 1;
658 osvw_status = osvw_len = 0;
660 svm_init_erratum_383();
662 amd_pmu_enable_virt();
667 static void svm_cpu_uninit(int cpu)
669 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
674 kfree(sd->sev_vmcbs);
675 __free_page(sd->save_area);
676 sd->save_area_pa = 0;
677 sd->save_area = NULL;
680 static int svm_cpu_init(int cpu)
682 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
685 memset(sd, 0, sizeof(struct svm_cpu_data));
686 sd->save_area = alloc_page(GFP_KERNEL | __GFP_ZERO);
690 ret = sev_cpu_init(sd);
694 sd->save_area_pa = __sme_page_pa(sd->save_area);
698 __free_page(sd->save_area);
699 sd->save_area = NULL;
704 static int direct_access_msr_slot(u32 msr)
708 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++)
709 if (direct_access_msrs[i].index == msr)
715 static void set_shadow_msr_intercept(struct kvm_vcpu *vcpu, u32 msr, int read,
718 struct vcpu_svm *svm = to_svm(vcpu);
719 int slot = direct_access_msr_slot(msr);
724 /* Set the shadow bitmaps to the desired intercept states */
726 set_bit(slot, svm->shadow_msr_intercept.read);
728 clear_bit(slot, svm->shadow_msr_intercept.read);
731 set_bit(slot, svm->shadow_msr_intercept.write);
733 clear_bit(slot, svm->shadow_msr_intercept.write);
736 static bool valid_msr_intercept(u32 index)
738 return direct_access_msr_slot(index) != -ENOENT;
741 static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
749 * For non-nested case:
750 * If the L01 MSR bitmap does not intercept the MSR, then we need to
754 * If the L02 MSR bitmap does not intercept the MSR, then we need to
757 msrpm = is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm:
760 offset = svm_msrpm_offset(msr);
761 bit_write = 2 * (msr & 0x0f) + 1;
764 BUG_ON(offset == MSR_INVALID);
766 return test_bit(bit_write, &tmp);
769 static void set_msr_interception_bitmap(struct kvm_vcpu *vcpu, u32 *msrpm,
770 u32 msr, int read, int write)
772 struct vcpu_svm *svm = to_svm(vcpu);
773 u8 bit_read, bit_write;
778 * If this warning triggers extend the direct_access_msrs list at the
779 * beginning of the file
781 WARN_ON(!valid_msr_intercept(msr));
783 /* Enforce non allowed MSRs to trap */
784 if (read && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ))
787 if (write && !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE))
790 offset = svm_msrpm_offset(msr);
791 bit_read = 2 * (msr & 0x0f);
792 bit_write = 2 * (msr & 0x0f) + 1;
795 BUG_ON(offset == MSR_INVALID);
797 read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp);
798 write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
802 svm_hv_vmcb_dirty_nested_enlightenments(vcpu);
803 svm->nested.force_msr_bitmap_recalc = true;
806 void set_msr_interception(struct kvm_vcpu *vcpu, u32 *msrpm, u32 msr,
809 set_shadow_msr_intercept(vcpu, msr, read, write);
810 set_msr_interception_bitmap(vcpu, msrpm, msr, read, write);
813 u32 *svm_vcpu_alloc_msrpm(void)
815 unsigned int order = get_order(MSRPM_SIZE);
816 struct page *pages = alloc_pages(GFP_KERNEL_ACCOUNT, order);
822 msrpm = page_address(pages);
823 memset(msrpm, 0xff, PAGE_SIZE * (1 << order));
828 void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm)
832 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
833 if (!direct_access_msrs[i].always)
835 set_msr_interception(vcpu, msrpm, direct_access_msrs[i].index, 1, 1);
839 void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
843 if (intercept == svm->x2avic_msrs_intercepted)
846 if (!x2avic_enabled ||
847 !apic_x2apic_mode(svm->vcpu.arch.apic))
850 for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
851 int index = direct_access_msrs[i].index;
853 if ((index < APIC_BASE_MSR) ||
854 (index > APIC_BASE_MSR + 0xff))
856 set_msr_interception(&svm->vcpu, svm->msrpm, index,
857 !intercept, !intercept);
860 svm->x2avic_msrs_intercepted = intercept;
863 void svm_vcpu_free_msrpm(u32 *msrpm)
865 __free_pages(virt_to_page(msrpm), get_order(MSRPM_SIZE));
868 static void svm_msr_filter_changed(struct kvm_vcpu *vcpu)
870 struct vcpu_svm *svm = to_svm(vcpu);
874 * Set intercept permissions for all direct access MSRs again. They
875 * will automatically get filtered through the MSR filter, so we are
876 * back in sync after this.
878 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
879 u32 msr = direct_access_msrs[i].index;
880 u32 read = test_bit(i, svm->shadow_msr_intercept.read);
881 u32 write = test_bit(i, svm->shadow_msr_intercept.write);
883 set_msr_interception_bitmap(vcpu, svm->msrpm, msr, read, write);
887 static void add_msr_offset(u32 offset)
891 for (i = 0; i < MSRPM_OFFSETS; ++i) {
893 /* Offset already in list? */
894 if (msrpm_offsets[i] == offset)
897 /* Slot used by another offset? */
898 if (msrpm_offsets[i] != MSR_INVALID)
901 /* Add offset to list */
902 msrpm_offsets[i] = offset;
908 * If this BUG triggers the msrpm_offsets table has an overflow. Just
909 * increase MSRPM_OFFSETS in this case.
914 static void init_msrpm_offsets(void)
918 memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));
920 for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
923 offset = svm_msrpm_offset(direct_access_msrs[i].index);
924 BUG_ON(offset == MSR_INVALID);
926 add_msr_offset(offset);
930 void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
932 to_vmcb->save.dbgctl = from_vmcb->save.dbgctl;
933 to_vmcb->save.br_from = from_vmcb->save.br_from;
934 to_vmcb->save.br_to = from_vmcb->save.br_to;
935 to_vmcb->save.last_excp_from = from_vmcb->save.last_excp_from;
936 to_vmcb->save.last_excp_to = from_vmcb->save.last_excp_to;
938 vmcb_mark_dirty(to_vmcb, VMCB_LBR);
941 static void svm_enable_lbrv(struct kvm_vcpu *vcpu)
943 struct vcpu_svm *svm = to_svm(vcpu);
945 svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK;
946 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
947 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
948 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
949 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
951 /* Move the LBR msrs to the vmcb02 so that the guest can see them. */
952 if (is_guest_mode(vcpu))
953 svm_copy_lbrs(svm->vmcb, svm->vmcb01.ptr);
956 static void svm_disable_lbrv(struct kvm_vcpu *vcpu)
958 struct vcpu_svm *svm = to_svm(vcpu);
960 svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
961 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
962 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
963 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
964 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
967 * Move the LBR msrs back to the vmcb01 to avoid copying them
968 * on nested guest entries.
970 if (is_guest_mode(vcpu))
971 svm_copy_lbrs(svm->vmcb01.ptr, svm->vmcb);
974 static int svm_get_lbr_msr(struct vcpu_svm *svm, u32 index)
977 * If the LBR virtualization is disabled, the LBR msrs are always
978 * kept in the vmcb01 to avoid copying them on nested guest entries.
980 * If nested, and the LBR virtualization is enabled/disabled, the msrs
981 * are moved between the vmcb01 and vmcb02 as needed.
984 (svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK) ?
985 svm->vmcb : svm->vmcb01.ptr;
988 case MSR_IA32_DEBUGCTLMSR:
989 return vmcb->save.dbgctl;
990 case MSR_IA32_LASTBRANCHFROMIP:
991 return vmcb->save.br_from;
992 case MSR_IA32_LASTBRANCHTOIP:
993 return vmcb->save.br_to;
994 case MSR_IA32_LASTINTFROMIP:
995 return vmcb->save.last_excp_from;
996 case MSR_IA32_LASTINTTOIP:
997 return vmcb->save.last_excp_to;
999 KVM_BUG(false, svm->vcpu.kvm,
1000 "%s: Unknown MSR 0x%x", __func__, index);
1005 void svm_update_lbrv(struct kvm_vcpu *vcpu)
1007 struct vcpu_svm *svm = to_svm(vcpu);
1009 bool enable_lbrv = svm_get_lbr_msr(svm, MSR_IA32_DEBUGCTLMSR) &
1012 bool current_enable_lbrv = !!(svm->vmcb->control.virt_ext &
1013 LBR_CTL_ENABLE_MASK);
1015 if (unlikely(is_guest_mode(vcpu) && svm->lbrv_enabled))
1016 if (unlikely(svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))
1019 if (enable_lbrv == current_enable_lbrv)
1023 svm_enable_lbrv(vcpu);
1025 svm_disable_lbrv(vcpu);
1028 void disable_nmi_singlestep(struct vcpu_svm *svm)
1030 svm->nmi_singlestep = false;
1032 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) {
1033 /* Clear our flags if they were not set by the guest */
1034 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
1035 svm->vmcb->save.rflags &= ~X86_EFLAGS_TF;
1036 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
1037 svm->vmcb->save.rflags &= ~X86_EFLAGS_RF;
1041 static void grow_ple_window(struct kvm_vcpu *vcpu)
1043 struct vcpu_svm *svm = to_svm(vcpu);
1044 struct vmcb_control_area *control = &svm->vmcb->control;
1045 int old = control->pause_filter_count;
1047 if (kvm_pause_in_guest(vcpu->kvm))
1050 control->pause_filter_count = __grow_ple_window(old,
1052 pause_filter_count_grow,
1053 pause_filter_count_max);
1055 if (control->pause_filter_count != old) {
1056 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1057 trace_kvm_ple_window_update(vcpu->vcpu_id,
1058 control->pause_filter_count, old);
1062 static void shrink_ple_window(struct kvm_vcpu *vcpu)
1064 struct vcpu_svm *svm = to_svm(vcpu);
1065 struct vmcb_control_area *control = &svm->vmcb->control;
1066 int old = control->pause_filter_count;
1068 if (kvm_pause_in_guest(vcpu->kvm))
1071 control->pause_filter_count =
1072 __shrink_ple_window(old,
1074 pause_filter_count_shrink,
1075 pause_filter_count);
1076 if (control->pause_filter_count != old) {
1077 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1078 trace_kvm_ple_window_update(vcpu->vcpu_id,
1079 control->pause_filter_count, old);
1083 static void svm_hardware_unsetup(void)
1087 sev_hardware_unsetup();
1089 for_each_possible_cpu(cpu)
1090 svm_cpu_uninit(cpu);
1092 __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT),
1093 get_order(IOPM_SIZE));
1097 static void init_seg(struct vmcb_seg *seg)
1100 seg->attrib = SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK |
1101 SVM_SELECTOR_WRITE_MASK; /* Read/Write Data Segment */
1102 seg->limit = 0xffff;
1106 static void init_sys_seg(struct vmcb_seg *seg, uint32_t type)
1109 seg->attrib = SVM_SELECTOR_P_MASK | type;
1110 seg->limit = 0xffff;
1114 static u64 svm_get_l2_tsc_offset(struct kvm_vcpu *vcpu)
1116 struct vcpu_svm *svm = to_svm(vcpu);
1118 return svm->nested.ctl.tsc_offset;
1121 static u64 svm_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu)
1123 struct vcpu_svm *svm = to_svm(vcpu);
1125 return svm->tsc_ratio_msr;
1128 static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
1130 struct vcpu_svm *svm = to_svm(vcpu);
1132 svm->vmcb01.ptr->control.tsc_offset = vcpu->arch.l1_tsc_offset;
1133 svm->vmcb->control.tsc_offset = offset;
1134 vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
1137 static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
1139 __svm_write_tsc_multiplier(multiplier);
1143 /* Evaluate instruction intercepts that depend on guest CPUID features. */
1144 static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
1145 struct vcpu_svm *svm)
1148 * Intercept INVPCID if shadow paging is enabled to sync/free shadow
1149 * roots, or if INVPCID is disabled in the guest to inject #UD.
1151 if (kvm_cpu_cap_has(X86_FEATURE_INVPCID)) {
1153 !guest_cpuid_has(&svm->vcpu, X86_FEATURE_INVPCID))
1154 svm_set_intercept(svm, INTERCEPT_INVPCID);
1156 svm_clr_intercept(svm, INTERCEPT_INVPCID);
1159 if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) {
1160 if (guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
1161 svm_clr_intercept(svm, INTERCEPT_RDTSCP);
1163 svm_set_intercept(svm, INTERCEPT_RDTSCP);
1167 static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu)
1169 struct vcpu_svm *svm = to_svm(vcpu);
1171 if (guest_cpuid_is_intel(vcpu)) {
1173 * We must intercept SYSENTER_EIP and SYSENTER_ESP
1174 * accesses because the processor only stores 32 bits.
1175 * For the same reason we cannot use virtual VMLOAD/VMSAVE.
1177 svm_set_intercept(svm, INTERCEPT_VMLOAD);
1178 svm_set_intercept(svm, INTERCEPT_VMSAVE);
1179 svm->vmcb->control.virt_ext &= ~VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
1181 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0);
1182 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0);
1184 svm->v_vmload_vmsave_enabled = false;
1187 * If hardware supports Virtual VMLOAD VMSAVE then enable it
1188 * in VMCB and clear intercepts to avoid #VMEXIT.
1191 svm_clr_intercept(svm, INTERCEPT_VMLOAD);
1192 svm_clr_intercept(svm, INTERCEPT_VMSAVE);
1193 svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
1195 /* No need to intercept these MSRs */
1196 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 1, 1);
1197 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 1, 1);
1201 static void init_vmcb(struct kvm_vcpu *vcpu)
1203 struct vcpu_svm *svm = to_svm(vcpu);
1204 struct vmcb *vmcb = svm->vmcb01.ptr;
1205 struct vmcb_control_area *control = &vmcb->control;
1206 struct vmcb_save_area *save = &vmcb->save;
1208 svm_set_intercept(svm, INTERCEPT_CR0_READ);
1209 svm_set_intercept(svm, INTERCEPT_CR3_READ);
1210 svm_set_intercept(svm, INTERCEPT_CR4_READ);
1211 svm_set_intercept(svm, INTERCEPT_CR0_WRITE);
1212 svm_set_intercept(svm, INTERCEPT_CR3_WRITE);
1213 svm_set_intercept(svm, INTERCEPT_CR4_WRITE);
1214 if (!kvm_vcpu_apicv_active(vcpu))
1215 svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
1217 set_dr_intercepts(svm);
1219 set_exception_intercept(svm, PF_VECTOR);
1220 set_exception_intercept(svm, UD_VECTOR);
1221 set_exception_intercept(svm, MC_VECTOR);
1222 set_exception_intercept(svm, AC_VECTOR);
1223 set_exception_intercept(svm, DB_VECTOR);
1225 * Guest access to VMware backdoor ports could legitimately
1226 * trigger #GP because of TSS I/O permission bitmap.
1227 * We intercept those #GP and allow access to them anyway
1228 * as VMware does. Don't intercept #GP for SEV guests as KVM can't
1229 * decrypt guest memory to decode the faulting instruction.
1231 if (enable_vmware_backdoor && !sev_guest(vcpu->kvm))
1232 set_exception_intercept(svm, GP_VECTOR);
1234 svm_set_intercept(svm, INTERCEPT_INTR);
1235 svm_set_intercept(svm, INTERCEPT_NMI);
1238 svm_set_intercept(svm, INTERCEPT_SMI);
1240 svm_set_intercept(svm, INTERCEPT_SELECTIVE_CR0);
1241 svm_set_intercept(svm, INTERCEPT_RDPMC);
1242 svm_set_intercept(svm, INTERCEPT_CPUID);
1243 svm_set_intercept(svm, INTERCEPT_INVD);
1244 svm_set_intercept(svm, INTERCEPT_INVLPG);
1245 svm_set_intercept(svm, INTERCEPT_INVLPGA);
1246 svm_set_intercept(svm, INTERCEPT_IOIO_PROT);
1247 svm_set_intercept(svm, INTERCEPT_MSR_PROT);
1248 svm_set_intercept(svm, INTERCEPT_TASK_SWITCH);
1249 svm_set_intercept(svm, INTERCEPT_SHUTDOWN);
1250 svm_set_intercept(svm, INTERCEPT_VMRUN);
1251 svm_set_intercept(svm, INTERCEPT_VMMCALL);
1252 svm_set_intercept(svm, INTERCEPT_VMLOAD);
1253 svm_set_intercept(svm, INTERCEPT_VMSAVE);
1254 svm_set_intercept(svm, INTERCEPT_STGI);
1255 svm_set_intercept(svm, INTERCEPT_CLGI);
1256 svm_set_intercept(svm, INTERCEPT_SKINIT);
1257 svm_set_intercept(svm, INTERCEPT_WBINVD);
1258 svm_set_intercept(svm, INTERCEPT_XSETBV);
1259 svm_set_intercept(svm, INTERCEPT_RDPRU);
1260 svm_set_intercept(svm, INTERCEPT_RSM);
1262 if (!kvm_mwait_in_guest(vcpu->kvm)) {
1263 svm_set_intercept(svm, INTERCEPT_MONITOR);
1264 svm_set_intercept(svm, INTERCEPT_MWAIT);
1267 if (!kvm_hlt_in_guest(vcpu->kvm))
1268 svm_set_intercept(svm, INTERCEPT_HLT);
1270 control->iopm_base_pa = __sme_set(iopm_base);
1271 control->msrpm_base_pa = __sme_set(__pa(svm->msrpm));
1272 control->int_ctl = V_INTR_MASKING_MASK;
1274 init_seg(&save->es);
1275 init_seg(&save->ss);
1276 init_seg(&save->ds);
1277 init_seg(&save->fs);
1278 init_seg(&save->gs);
1280 save->cs.selector = 0xf000;
1281 save->cs.base = 0xffff0000;
1282 /* Executable/Readable Code Segment */
1283 save->cs.attrib = SVM_SELECTOR_READ_MASK | SVM_SELECTOR_P_MASK |
1284 SVM_SELECTOR_S_MASK | SVM_SELECTOR_CODE_MASK;
1285 save->cs.limit = 0xffff;
1287 save->gdtr.base = 0;
1288 save->gdtr.limit = 0xffff;
1289 save->idtr.base = 0;
1290 save->idtr.limit = 0xffff;
1292 init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
1293 init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);
1296 /* Setup VMCB for Nested Paging */
1297 control->nested_ctl |= SVM_NESTED_CTL_NP_ENABLE;
1298 svm_clr_intercept(svm, INTERCEPT_INVLPG);
1299 clr_exception_intercept(svm, PF_VECTOR);
1300 svm_clr_intercept(svm, INTERCEPT_CR3_READ);
1301 svm_clr_intercept(svm, INTERCEPT_CR3_WRITE);
1302 save->g_pat = vcpu->arch.pat;
1305 svm->current_vmcb->asid_generation = 0;
1308 svm->nested.vmcb12_gpa = INVALID_GPA;
1309 svm->nested.last_vmcb12_gpa = INVALID_GPA;
1311 if (!kvm_pause_in_guest(vcpu->kvm)) {
1312 control->pause_filter_count = pause_filter_count;
1313 if (pause_filter_thresh)
1314 control->pause_filter_thresh = pause_filter_thresh;
1315 svm_set_intercept(svm, INTERCEPT_PAUSE);
1317 svm_clr_intercept(svm, INTERCEPT_PAUSE);
1320 svm_recalc_instruction_intercepts(vcpu, svm);
1323 * If the host supports V_SPEC_CTRL then disable the interception
1324 * of MSR_IA32_SPEC_CTRL.
1326 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
1327 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
1329 if (kvm_vcpu_apicv_active(vcpu))
1330 avic_init_vmcb(svm, vmcb);
1333 svm->vmcb->control.int_ctl |= V_NMI_ENABLE_MASK;
1336 svm_clr_intercept(svm, INTERCEPT_STGI);
1337 svm_clr_intercept(svm, INTERCEPT_CLGI);
1338 svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK;
1341 if (sev_guest(vcpu->kvm))
1344 svm_hv_init_vmcb(vmcb);
1345 init_vmcb_after_set_cpuid(vcpu);
1347 vmcb_mark_all_dirty(vmcb);
1352 static void __svm_vcpu_reset(struct kvm_vcpu *vcpu)
1354 struct vcpu_svm *svm = to_svm(vcpu);
1356 svm_vcpu_init_msrpm(vcpu, svm->msrpm);
1358 svm_init_osvw(vcpu);
1359 vcpu->arch.microcode_version = 0x01000065;
1360 svm->tsc_ratio_msr = kvm_caps.default_tsc_scaling_ratio;
1362 svm->nmi_masked = false;
1363 svm->awaiting_iret_completion = false;
1365 if (sev_es_guest(vcpu->kvm))
1366 sev_es_vcpu_reset(svm);
1369 static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
1371 struct vcpu_svm *svm = to_svm(vcpu);
1374 svm->virt_spec_ctrl = 0;
1379 __svm_vcpu_reset(vcpu);
1382 void svm_switch_vmcb(struct vcpu_svm *svm, struct kvm_vmcb_info *target_vmcb)
1384 svm->current_vmcb = target_vmcb;
1385 svm->vmcb = target_vmcb->ptr;
1388 static int svm_vcpu_create(struct kvm_vcpu *vcpu)
1390 struct vcpu_svm *svm;
1391 struct page *vmcb01_page;
1392 struct page *vmsa_page = NULL;
1395 BUILD_BUG_ON(offsetof(struct vcpu_svm, vcpu) != 0);
1399 vmcb01_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
1403 if (sev_es_guest(vcpu->kvm)) {
1405 * SEV-ES guests require a separate VMSA page used to contain
1406 * the encrypted register state of the guest.
1408 vmsa_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
1410 goto error_free_vmcb_page;
1413 * SEV-ES guests maintain an encrypted version of their FPU
1414 * state which is restored and saved on VMRUN and VMEXIT.
1415 * Mark vcpu->arch.guest_fpu->fpstate as scratch so it won't
1416 * do xsave/xrstor on it.
1418 fpstate_set_confidential(&vcpu->arch.guest_fpu);
1421 err = avic_init_vcpu(svm);
1423 goto error_free_vmsa_page;
1425 svm->msrpm = svm_vcpu_alloc_msrpm();
1428 goto error_free_vmsa_page;
1431 svm->x2avic_msrs_intercepted = true;
1433 svm->vmcb01.ptr = page_address(vmcb01_page);
1434 svm->vmcb01.pa = __sme_set(page_to_pfn(vmcb01_page) << PAGE_SHIFT);
1435 svm_switch_vmcb(svm, &svm->vmcb01);
1438 svm->sev_es.vmsa = page_address(vmsa_page);
1440 svm->guest_state_loaded = false;
1444 error_free_vmsa_page:
1446 __free_page(vmsa_page);
1447 error_free_vmcb_page:
1448 __free_page(vmcb01_page);
1453 static void svm_clear_current_vmcb(struct vmcb *vmcb)
1457 for_each_online_cpu(i)
1458 cmpxchg(per_cpu_ptr(&svm_data.current_vmcb, i), vmcb, NULL);
1461 static void svm_vcpu_free(struct kvm_vcpu *vcpu)
1463 struct vcpu_svm *svm = to_svm(vcpu);
1466 * The vmcb page can be recycled, causing a false negative in
1467 * svm_vcpu_load(). So, ensure that no logical CPU has this
1468 * vmcb page recorded as its current vmcb.
1470 svm_clear_current_vmcb(svm->vmcb);
1472 svm_leave_nested(vcpu);
1473 svm_free_nested(svm);
1475 sev_free_vcpu(vcpu);
1477 __free_page(pfn_to_page(__sme_clr(svm->vmcb01.pa) >> PAGE_SHIFT));
1478 __free_pages(virt_to_page(svm->msrpm), get_order(MSRPM_SIZE));
1481 static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
1483 struct vcpu_svm *svm = to_svm(vcpu);
1484 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
1486 if (sev_es_guest(vcpu->kvm))
1487 sev_es_unmap_ghcb(svm);
1489 if (svm->guest_state_loaded)
1493 * Save additional host state that will be restored on VMEXIT (sev-es)
1494 * or subsequent vmload of host save area.
1496 vmsave(sd->save_area_pa);
1497 if (sev_es_guest(vcpu->kvm)) {
1498 struct sev_es_save_area *hostsa;
1499 hostsa = (struct sev_es_save_area *)(page_address(sd->save_area) + 0x400);
1501 sev_es_prepare_switch_to_guest(hostsa);
1505 __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
1507 if (likely(tsc_aux_uret_slot >= 0))
1508 kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull);
1510 svm->guest_state_loaded = true;
1513 static void svm_prepare_host_switch(struct kvm_vcpu *vcpu)
1515 to_svm(vcpu)->guest_state_loaded = false;
1518 static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1520 struct vcpu_svm *svm = to_svm(vcpu);
1521 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
1523 if (sd->current_vmcb != svm->vmcb) {
1524 sd->current_vmcb = svm->vmcb;
1525 indirect_branch_prediction_barrier();
1527 if (kvm_vcpu_apicv_active(vcpu))
1528 avic_vcpu_load(vcpu, cpu);
1531 static void svm_vcpu_put(struct kvm_vcpu *vcpu)
1533 if (kvm_vcpu_apicv_active(vcpu))
1534 avic_vcpu_put(vcpu);
1536 svm_prepare_host_switch(vcpu);
1538 ++vcpu->stat.host_state_reload;
1541 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
1543 struct vcpu_svm *svm = to_svm(vcpu);
1544 unsigned long rflags = svm->vmcb->save.rflags;
1546 if (svm->nmi_singlestep) {
1547 /* Hide our flags if they were not set by the guest */
1548 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
1549 rflags &= ~X86_EFLAGS_TF;
1550 if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
1551 rflags &= ~X86_EFLAGS_RF;
1556 static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
1558 if (to_svm(vcpu)->nmi_singlestep)
1559 rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
1562 * Any change of EFLAGS.VM is accompanied by a reload of SS
1563 * (caused by either a task switch or an inter-privilege IRET),
1564 * so we do not need to update the CPL here.
1566 to_svm(vcpu)->vmcb->save.rflags = rflags;
1569 static bool svm_get_if_flag(struct kvm_vcpu *vcpu)
1571 struct vmcb *vmcb = to_svm(vcpu)->vmcb;
1573 return sev_es_guest(vcpu->kvm)
1574 ? vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK
1575 : kvm_get_rflags(vcpu) & X86_EFLAGS_IF;
1578 static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
1580 kvm_register_mark_available(vcpu, reg);
1583 case VCPU_EXREG_PDPTR:
1585 * When !npt_enabled, mmu->pdptrs[] is already available since
1586 * it is always updated per SDM when moving to CRs.
1589 load_pdptrs(vcpu, kvm_read_cr3(vcpu));
1592 KVM_BUG_ON(1, vcpu->kvm);
1596 static void svm_set_vintr(struct vcpu_svm *svm)
1598 struct vmcb_control_area *control;
1601 * The following fields are ignored when AVIC is enabled
1603 WARN_ON(kvm_vcpu_apicv_activated(&svm->vcpu));
1605 svm_set_intercept(svm, INTERCEPT_VINTR);
1608 * Recalculating intercepts may have cleared the VINTR intercept. If
1609 * V_INTR_MASKING is enabled in vmcb12, then the effective RFLAGS.IF
1610 * for L1 physical interrupts is L1's RFLAGS.IF at the time of VMRUN.
1611 * Requesting an interrupt window if save.RFLAGS.IF=0 is pointless as
1612 * interrupts will never be unblocked while L2 is running.
1614 if (!svm_is_intercept(svm, INTERCEPT_VINTR))
1618 * This is just a dummy VINTR to actually cause a vmexit to happen.
1619 * Actual injection of virtual interrupts happens through EVENTINJ.
1621 control = &svm->vmcb->control;
1622 control->int_vector = 0x0;
1623 control->int_ctl &= ~V_INTR_PRIO_MASK;
1624 control->int_ctl |= V_IRQ_MASK |
1625 ((/*control->int_vector >> 4*/ 0xf) << V_INTR_PRIO_SHIFT);
1626 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
1629 static void svm_clear_vintr(struct vcpu_svm *svm)
1631 svm_clr_intercept(svm, INTERCEPT_VINTR);
1633 /* Drop int_ctl fields related to VINTR injection. */
1634 svm->vmcb->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
1635 if (is_guest_mode(&svm->vcpu)) {
1636 svm->vmcb01.ptr->control.int_ctl &= ~V_IRQ_INJECTION_BITS_MASK;
1638 WARN_ON((svm->vmcb->control.int_ctl & V_TPR_MASK) !=
1639 (svm->nested.ctl.int_ctl & V_TPR_MASK));
1641 svm->vmcb->control.int_ctl |= svm->nested.ctl.int_ctl &
1642 V_IRQ_INJECTION_BITS_MASK;
1644 svm->vmcb->control.int_vector = svm->nested.ctl.int_vector;
1647 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
1650 static struct vmcb_seg *svm_seg(struct kvm_vcpu *vcpu, int seg)
1652 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1653 struct vmcb_save_area *save01 = &to_svm(vcpu)->vmcb01.ptr->save;
1656 case VCPU_SREG_CS: return &save->cs;
1657 case VCPU_SREG_DS: return &save->ds;
1658 case VCPU_SREG_ES: return &save->es;
1659 case VCPU_SREG_FS: return &save01->fs;
1660 case VCPU_SREG_GS: return &save01->gs;
1661 case VCPU_SREG_SS: return &save->ss;
1662 case VCPU_SREG_TR: return &save01->tr;
1663 case VCPU_SREG_LDTR: return &save01->ldtr;
1669 static u64 svm_get_segment_base(struct kvm_vcpu *vcpu, int seg)
1671 struct vmcb_seg *s = svm_seg(vcpu, seg);
1676 static void svm_get_segment(struct kvm_vcpu *vcpu,
1677 struct kvm_segment *var, int seg)
1679 struct vmcb_seg *s = svm_seg(vcpu, seg);
1681 var->base = s->base;
1682 var->limit = s->limit;
1683 var->selector = s->selector;
1684 var->type = s->attrib & SVM_SELECTOR_TYPE_MASK;
1685 var->s = (s->attrib >> SVM_SELECTOR_S_SHIFT) & 1;
1686 var->dpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
1687 var->present = (s->attrib >> SVM_SELECTOR_P_SHIFT) & 1;
1688 var->avl = (s->attrib >> SVM_SELECTOR_AVL_SHIFT) & 1;
1689 var->l = (s->attrib >> SVM_SELECTOR_L_SHIFT) & 1;
1690 var->db = (s->attrib >> SVM_SELECTOR_DB_SHIFT) & 1;
1693 * AMD CPUs circa 2014 track the G bit for all segments except CS.
1694 * However, the SVM spec states that the G bit is not observed by the
1695 * CPU, and some VMware virtual CPUs drop the G bit for all segments.
1696 * So let's synthesize a legal G bit for all segments, this helps
1697 * running KVM nested. It also helps cross-vendor migration, because
1698 * Intel's vmentry has a check on the 'G' bit.
1700 var->g = s->limit > 0xfffff;
1703 * AMD's VMCB does not have an explicit unusable field, so emulate it
1704 * for cross vendor migration purposes by "not present"
1706 var->unusable = !var->present;
1711 * Work around a bug where the busy flag in the tr selector
1721 * The accessed bit must always be set in the segment
1722 * descriptor cache, although it can be cleared in the
1723 * descriptor, the cached bit always remains at 1. Since
1724 * Intel has a check on this, set it here to support
1725 * cross-vendor migration.
1732 * On AMD CPUs sometimes the DB bit in the segment
1733 * descriptor is left as 1, although the whole segment has
1734 * been made unusable. Clear it here to pass an Intel VMX
1735 * entry check when cross vendor migrating.
1739 /* This is symmetric with svm_set_segment() */
1740 var->dpl = to_svm(vcpu)->vmcb->save.cpl;
1745 static int svm_get_cpl(struct kvm_vcpu *vcpu)
1747 struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;
1752 static void svm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
1754 struct kvm_segment cs;
1756 svm_get_segment(vcpu, &cs, VCPU_SREG_CS);
1761 static void svm_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1763 struct vcpu_svm *svm = to_svm(vcpu);
1765 dt->size = svm->vmcb->save.idtr.limit;
1766 dt->address = svm->vmcb->save.idtr.base;
1769 static void svm_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1771 struct vcpu_svm *svm = to_svm(vcpu);
1773 svm->vmcb->save.idtr.limit = dt->size;
1774 svm->vmcb->save.idtr.base = dt->address ;
1775 vmcb_mark_dirty(svm->vmcb, VMCB_DT);
1778 static void svm_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1780 struct vcpu_svm *svm = to_svm(vcpu);
1782 dt->size = svm->vmcb->save.gdtr.limit;
1783 dt->address = svm->vmcb->save.gdtr.base;
1786 static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
1788 struct vcpu_svm *svm = to_svm(vcpu);
1790 svm->vmcb->save.gdtr.limit = dt->size;
1791 svm->vmcb->save.gdtr.base = dt->address ;
1792 vmcb_mark_dirty(svm->vmcb, VMCB_DT);
1795 static void sev_post_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
1797 struct vcpu_svm *svm = to_svm(vcpu);
1800 * For guests that don't set guest_state_protected, the cr3 update is
1801 * handled via kvm_mmu_load() while entering the guest. For guests
1802 * that do (SEV-ES/SEV-SNP), the cr3 update needs to be written to
1803 * VMCB save area now, since the save area will become the initial
1804 * contents of the VMSA, and future VMCB save area updates won't be
1807 if (sev_es_guest(vcpu->kvm)) {
1808 svm->vmcb->save.cr3 = cr3;
1809 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
1813 void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
1815 struct vcpu_svm *svm = to_svm(vcpu);
1817 bool old_paging = is_paging(vcpu);
1819 #ifdef CONFIG_X86_64
1820 if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) {
1821 if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
1822 vcpu->arch.efer |= EFER_LMA;
1823 svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
1826 if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
1827 vcpu->arch.efer &= ~EFER_LMA;
1828 svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
1832 vcpu->arch.cr0 = cr0;
1835 hcr0 |= X86_CR0_PG | X86_CR0_WP;
1836 if (old_paging != is_paging(vcpu))
1837 svm_set_cr4(vcpu, kvm_read_cr4(vcpu));
1841 * re-enable caching here because the QEMU bios
1842 * does not do it - this results in some delay at
1845 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
1846 hcr0 &= ~(X86_CR0_CD | X86_CR0_NW);
1848 svm->vmcb->save.cr0 = hcr0;
1849 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
1852 * SEV-ES guests must always keep the CR intercepts cleared. CR
1853 * tracking is done using the CR write traps.
1855 if (sev_es_guest(vcpu->kvm))
1859 /* Selective CR0 write remains on. */
1860 svm_clr_intercept(svm, INTERCEPT_CR0_READ);
1861 svm_clr_intercept(svm, INTERCEPT_CR0_WRITE);
1863 svm_set_intercept(svm, INTERCEPT_CR0_READ);
1864 svm_set_intercept(svm, INTERCEPT_CR0_WRITE);
1868 static bool svm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1873 void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
1875 unsigned long host_cr4_mce = cr4_read_shadow() & X86_CR4_MCE;
1876 unsigned long old_cr4 = vcpu->arch.cr4;
1878 if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
1879 svm_flush_tlb_current(vcpu);
1881 vcpu->arch.cr4 = cr4;
1885 if (!is_paging(vcpu))
1886 cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
1888 cr4 |= host_cr4_mce;
1889 to_svm(vcpu)->vmcb->save.cr4 = cr4;
1890 vmcb_mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
1892 if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE))
1893 kvm_update_cpuid_runtime(vcpu);
1896 static void svm_set_segment(struct kvm_vcpu *vcpu,
1897 struct kvm_segment *var, int seg)
1899 struct vcpu_svm *svm = to_svm(vcpu);
1900 struct vmcb_seg *s = svm_seg(vcpu, seg);
1902 s->base = var->base;
1903 s->limit = var->limit;
1904 s->selector = var->selector;
1905 s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK);
1906 s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT;
1907 s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT;
1908 s->attrib |= ((var->present & 1) && !var->unusable) << SVM_SELECTOR_P_SHIFT;
1909 s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT;
1910 s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT;
1911 s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT;
1912 s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT;
1915 * This is always accurate, except if SYSRET returned to a segment
1916 * with SS.DPL != 3. Intel does not have this quirk, and always
1917 * forces SS.DPL to 3 on sysret, so we ignore that case; fixing it
1918 * would entail passing the CPL to userspace and back.
1920 if (seg == VCPU_SREG_SS)
1921 /* This is symmetric with svm_get_segment() */
1922 svm->vmcb->save.cpl = (var->dpl & 3);
1924 vmcb_mark_dirty(svm->vmcb, VMCB_SEG);
1927 static void svm_update_exception_bitmap(struct kvm_vcpu *vcpu)
1929 struct vcpu_svm *svm = to_svm(vcpu);
1931 clr_exception_intercept(svm, BP_VECTOR);
1933 if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
1934 if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
1935 set_exception_intercept(svm, BP_VECTOR);
1939 static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
1941 if (sd->next_asid > sd->max_asid) {
1942 ++sd->asid_generation;
1943 sd->next_asid = sd->min_asid;
1944 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
1945 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
1948 svm->current_vmcb->asid_generation = sd->asid_generation;
1949 svm->asid = sd->next_asid++;
1952 static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value)
1954 struct vmcb *vmcb = svm->vmcb;
1956 if (svm->vcpu.arch.guest_state_protected)
1959 if (unlikely(value != vmcb->save.dr6)) {
1960 vmcb->save.dr6 = value;
1961 vmcb_mark_dirty(vmcb, VMCB_DR);
1965 static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
1967 struct vcpu_svm *svm = to_svm(vcpu);
1969 if (vcpu->arch.guest_state_protected)
1972 get_debugreg(vcpu->arch.db[0], 0);
1973 get_debugreg(vcpu->arch.db[1], 1);
1974 get_debugreg(vcpu->arch.db[2], 2);
1975 get_debugreg(vcpu->arch.db[3], 3);
1977 * We cannot reset svm->vmcb->save.dr6 to DR6_ACTIVE_LOW here,
1978 * because db_interception might need it. We can do it before vmentry.
1980 vcpu->arch.dr6 = svm->vmcb->save.dr6;
1981 vcpu->arch.dr7 = svm->vmcb->save.dr7;
1982 vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
1983 set_dr_intercepts(svm);
1986 static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
1988 struct vcpu_svm *svm = to_svm(vcpu);
1990 if (vcpu->arch.guest_state_protected)
1993 svm->vmcb->save.dr7 = value;
1994 vmcb_mark_dirty(svm->vmcb, VMCB_DR);
1997 static int pf_interception(struct kvm_vcpu *vcpu)
1999 struct vcpu_svm *svm = to_svm(vcpu);
2001 u64 fault_address = svm->vmcb->control.exit_info_2;
2002 u64 error_code = svm->vmcb->control.exit_info_1;
2004 return kvm_handle_page_fault(vcpu, error_code, fault_address,
2005 static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
2006 svm->vmcb->control.insn_bytes : NULL,
2007 svm->vmcb->control.insn_len);
2010 static int npf_interception(struct kvm_vcpu *vcpu)
2012 struct vcpu_svm *svm = to_svm(vcpu);
2014 u64 fault_address = svm->vmcb->control.exit_info_2;
2015 u64 error_code = svm->vmcb->control.exit_info_1;
2017 trace_kvm_page_fault(vcpu, fault_address, error_code);
2018 return kvm_mmu_page_fault(vcpu, fault_address, error_code,
2019 static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
2020 svm->vmcb->control.insn_bytes : NULL,
2021 svm->vmcb->control.insn_len);
2024 static int db_interception(struct kvm_vcpu *vcpu)
2026 struct kvm_run *kvm_run = vcpu->run;
2027 struct vcpu_svm *svm = to_svm(vcpu);
2029 if (!(vcpu->guest_debug &
2030 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
2031 !svm->nmi_singlestep) {
2032 u32 payload = svm->vmcb->save.dr6 ^ DR6_ACTIVE_LOW;
2033 kvm_queue_exception_p(vcpu, DB_VECTOR, payload);
2037 if (svm->nmi_singlestep) {
2038 disable_nmi_singlestep(svm);
2039 /* Make sure we check for pending NMIs upon entry */
2040 kvm_make_request(KVM_REQ_EVENT, vcpu);
2043 if (vcpu->guest_debug &
2044 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) {
2045 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2046 kvm_run->debug.arch.dr6 = svm->vmcb->save.dr6;
2047 kvm_run->debug.arch.dr7 = svm->vmcb->save.dr7;
2048 kvm_run->debug.arch.pc =
2049 svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2050 kvm_run->debug.arch.exception = DB_VECTOR;
2057 static int bp_interception(struct kvm_vcpu *vcpu)
2059 struct vcpu_svm *svm = to_svm(vcpu);
2060 struct kvm_run *kvm_run = vcpu->run;
2062 kvm_run->exit_reason = KVM_EXIT_DEBUG;
2063 kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
2064 kvm_run->debug.arch.exception = BP_VECTOR;
2068 static int ud_interception(struct kvm_vcpu *vcpu)
2070 return handle_ud(vcpu);
2073 static int ac_interception(struct kvm_vcpu *vcpu)
2075 kvm_queue_exception_e(vcpu, AC_VECTOR, 0);
2079 static bool is_erratum_383(void)
2084 if (!erratum_383_found)
2087 value = native_read_msr_safe(MSR_IA32_MC0_STATUS, &err);
2091 /* Bit 62 may or may not be set for this mce */
2092 value &= ~(1ULL << 62);
2094 if (value != 0xb600000000010015ULL)
2097 /* Clear MCi_STATUS registers */
2098 for (i = 0; i < 6; ++i)
2099 native_write_msr_safe(MSR_IA32_MCx_STATUS(i), 0, 0);
2101 value = native_read_msr_safe(MSR_IA32_MCG_STATUS, &err);
2105 value &= ~(1ULL << 2);
2106 low = lower_32_bits(value);
2107 high = upper_32_bits(value);
2109 native_write_msr_safe(MSR_IA32_MCG_STATUS, low, high);
2112 /* Flush tlb to evict multi-match entries */
2118 static void svm_handle_mce(struct kvm_vcpu *vcpu)
2120 if (is_erratum_383()) {
2122 * Erratum 383 triggered. Guest state is corrupt so kill the
2125 pr_err("Guest triggered AMD Erratum 383\n");
2127 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
2133 * On an #MC intercept the MCE handler is not called automatically in
2134 * the host. So do it by hand here.
2136 kvm_machine_check();
2139 static int mc_interception(struct kvm_vcpu *vcpu)
2144 static int shutdown_interception(struct kvm_vcpu *vcpu)
2146 struct kvm_run *kvm_run = vcpu->run;
2147 struct vcpu_svm *svm = to_svm(vcpu);
2150 * The VM save area has already been encrypted so it
2151 * cannot be reinitialized - just terminate.
2153 if (sev_es_guest(vcpu->kvm))
2157 * VMCB is undefined after a SHUTDOWN intercept. INIT the vCPU to put
2158 * the VMCB in a known good state. Unfortuately, KVM doesn't have
2159 * KVM_MP_STATE_SHUTDOWN and can't add it without potentially breaking
2160 * userspace. At a platform view, INIT is acceptable behavior as
2161 * there exist bare metal platforms that automatically INIT the CPU
2162 * in response to shutdown.
2164 clear_page(svm->vmcb);
2165 kvm_vcpu_reset(vcpu, true);
2167 kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
2171 static int io_interception(struct kvm_vcpu *vcpu)
2173 struct vcpu_svm *svm = to_svm(vcpu);
2174 u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
2175 int size, in, string;
2178 ++vcpu->stat.io_exits;
2179 string = (io_info & SVM_IOIO_STR_MASK) != 0;
2180 in = (io_info & SVM_IOIO_TYPE_MASK) != 0;
2181 port = io_info >> 16;
2182 size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
2185 if (sev_es_guest(vcpu->kvm))
2186 return sev_es_string_io(svm, size, port, in);
2188 return kvm_emulate_instruction(vcpu, 0);
2191 svm->next_rip = svm->vmcb->control.exit_info_2;
2193 return kvm_fast_pio(vcpu, size, port, in);
2196 static int nmi_interception(struct kvm_vcpu *vcpu)
2201 static int smi_interception(struct kvm_vcpu *vcpu)
2206 static int intr_interception(struct kvm_vcpu *vcpu)
2208 ++vcpu->stat.irq_exits;
2212 static int vmload_vmsave_interception(struct kvm_vcpu *vcpu, bool vmload)
2214 struct vcpu_svm *svm = to_svm(vcpu);
2215 struct vmcb *vmcb12;
2216 struct kvm_host_map map;
2219 if (nested_svm_check_permissions(vcpu))
2222 ret = kvm_vcpu_map(vcpu, gpa_to_gfn(svm->vmcb->save.rax), &map);
2225 kvm_inject_gp(vcpu, 0);
2231 ret = kvm_skip_emulated_instruction(vcpu);
2234 svm_copy_vmloadsave_state(svm->vmcb, vmcb12);
2235 svm->sysenter_eip_hi = 0;
2236 svm->sysenter_esp_hi = 0;
2238 svm_copy_vmloadsave_state(vmcb12, svm->vmcb);
2241 kvm_vcpu_unmap(vcpu, &map, true);
2246 static int vmload_interception(struct kvm_vcpu *vcpu)
2248 return vmload_vmsave_interception(vcpu, true);
2251 static int vmsave_interception(struct kvm_vcpu *vcpu)
2253 return vmload_vmsave_interception(vcpu, false);
2256 static int vmrun_interception(struct kvm_vcpu *vcpu)
2258 if (nested_svm_check_permissions(vcpu))
2261 return nested_svm_vmrun(vcpu);
2271 /* Return NONE_SVM_INSTR if not SVM instrs, otherwise return decode result */
2272 static int svm_instr_opcode(struct kvm_vcpu *vcpu)
2274 struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
2276 if (ctxt->b != 0x1 || ctxt->opcode_len != 2)
2277 return NONE_SVM_INSTR;
2279 switch (ctxt->modrm) {
2280 case 0xd8: /* VMRUN */
2281 return SVM_INSTR_VMRUN;
2282 case 0xda: /* VMLOAD */
2283 return SVM_INSTR_VMLOAD;
2284 case 0xdb: /* VMSAVE */
2285 return SVM_INSTR_VMSAVE;
2290 return NONE_SVM_INSTR;
2293 static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode)
2295 const int guest_mode_exit_codes[] = {
2296 [SVM_INSTR_VMRUN] = SVM_EXIT_VMRUN,
2297 [SVM_INSTR_VMLOAD] = SVM_EXIT_VMLOAD,
2298 [SVM_INSTR_VMSAVE] = SVM_EXIT_VMSAVE,
2300 int (*const svm_instr_handlers[])(struct kvm_vcpu *vcpu) = {
2301 [SVM_INSTR_VMRUN] = vmrun_interception,
2302 [SVM_INSTR_VMLOAD] = vmload_interception,
2303 [SVM_INSTR_VMSAVE] = vmsave_interception,
2305 struct vcpu_svm *svm = to_svm(vcpu);
2308 if (is_guest_mode(vcpu)) {
2309 /* Returns '1' or -errno on failure, '0' on success. */
2310 ret = nested_svm_simple_vmexit(svm, guest_mode_exit_codes[opcode]);
2315 return svm_instr_handlers[opcode](vcpu);
2319 * #GP handling code. Note that #GP can be triggered under the following two
2321 * 1) SVM VM-related instructions (VMRUN/VMSAVE/VMLOAD) that trigger #GP on
2322 * some AMD CPUs when EAX of these instructions are in the reserved memory
2323 * regions (e.g. SMM memory on host).
2324 * 2) VMware backdoor
2326 static int gp_interception(struct kvm_vcpu *vcpu)
2328 struct vcpu_svm *svm = to_svm(vcpu);
2329 u32 error_code = svm->vmcb->control.exit_info_1;
2332 /* Both #GP cases have zero error_code */
2336 /* Decode the instruction for usage later */
2337 if (x86_decode_emulated_instruction(vcpu, 0, NULL, 0) != EMULATION_OK)
2340 opcode = svm_instr_opcode(vcpu);
2342 if (opcode == NONE_SVM_INSTR) {
2343 if (!enable_vmware_backdoor)
2347 * VMware backdoor emulation on #GP interception only handles
2348 * IN{S}, OUT{S}, and RDPMC.
2350 if (!is_guest_mode(vcpu))
2351 return kvm_emulate_instruction(vcpu,
2352 EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
2354 /* All SVM instructions expect page aligned RAX */
2355 if (svm->vmcb->save.rax & ~PAGE_MASK)
2358 return emulate_svm_instr(vcpu, opcode);
2362 kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
2366 void svm_set_gif(struct vcpu_svm *svm, bool value)
2370 * If VGIF is enabled, the STGI intercept is only added to
2371 * detect the opening of the SMI/NMI window; remove it now.
2372 * Likewise, clear the VINTR intercept, we will set it
2373 * again while processing KVM_REQ_EVENT if needed.
2376 svm_clr_intercept(svm, INTERCEPT_STGI);
2377 if (svm_is_intercept(svm, INTERCEPT_VINTR))
2378 svm_clear_vintr(svm);
2381 if (svm->vcpu.arch.smi_pending ||
2382 svm->vcpu.arch.nmi_pending ||
2383 kvm_cpu_has_injectable_intr(&svm->vcpu) ||
2384 kvm_apic_has_pending_init_or_sipi(&svm->vcpu))
2385 kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
2390 * After a CLGI no interrupts should come. But if vGIF is
2391 * in use, we still rely on the VINTR intercept (rather than
2392 * STGI) to detect an open interrupt window.
2395 svm_clear_vintr(svm);
2399 static int stgi_interception(struct kvm_vcpu *vcpu)
2403 if (nested_svm_check_permissions(vcpu))
2406 ret = kvm_skip_emulated_instruction(vcpu);
2407 svm_set_gif(to_svm(vcpu), true);
2411 static int clgi_interception(struct kvm_vcpu *vcpu)
2415 if (nested_svm_check_permissions(vcpu))
2418 ret = kvm_skip_emulated_instruction(vcpu);
2419 svm_set_gif(to_svm(vcpu), false);
2423 static int invlpga_interception(struct kvm_vcpu *vcpu)
2425 gva_t gva = kvm_rax_read(vcpu);
2426 u32 asid = kvm_rcx_read(vcpu);
2428 /* FIXME: Handle an address size prefix. */
2429 if (!is_long_mode(vcpu))
2432 trace_kvm_invlpga(to_svm(vcpu)->vmcb->save.rip, asid, gva);
2434 /* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
2435 kvm_mmu_invlpg(vcpu, gva);
2437 return kvm_skip_emulated_instruction(vcpu);
2440 static int skinit_interception(struct kvm_vcpu *vcpu)
2442 trace_kvm_skinit(to_svm(vcpu)->vmcb->save.rip, kvm_rax_read(vcpu));
2444 kvm_queue_exception(vcpu, UD_VECTOR);
2448 static int task_switch_interception(struct kvm_vcpu *vcpu)
2450 struct vcpu_svm *svm = to_svm(vcpu);
2453 int int_type = svm->vmcb->control.exit_int_info &
2454 SVM_EXITINTINFO_TYPE_MASK;
2455 int int_vec = svm->vmcb->control.exit_int_info & SVM_EVTINJ_VEC_MASK;
2457 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_TYPE_MASK;
2459 svm->vmcb->control.exit_int_info & SVM_EXITINTINFO_VALID;
2460 bool has_error_code = false;
2463 tss_selector = (u16)svm->vmcb->control.exit_info_1;
2465 if (svm->vmcb->control.exit_info_2 &
2466 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_IRET))
2467 reason = TASK_SWITCH_IRET;
2468 else if (svm->vmcb->control.exit_info_2 &
2469 (1ULL << SVM_EXITINFOSHIFT_TS_REASON_JMP))
2470 reason = TASK_SWITCH_JMP;
2472 reason = TASK_SWITCH_GATE;
2474 reason = TASK_SWITCH_CALL;
2476 if (reason == TASK_SWITCH_GATE) {
2478 case SVM_EXITINTINFO_TYPE_NMI:
2479 vcpu->arch.nmi_injected = false;
2481 case SVM_EXITINTINFO_TYPE_EXEPT:
2482 if (svm->vmcb->control.exit_info_2 &
2483 (1ULL << SVM_EXITINFOSHIFT_TS_HAS_ERROR_CODE)) {
2484 has_error_code = true;
2486 (u32)svm->vmcb->control.exit_info_2;
2488 kvm_clear_exception_queue(vcpu);
2490 case SVM_EXITINTINFO_TYPE_INTR:
2491 case SVM_EXITINTINFO_TYPE_SOFT:
2492 kvm_clear_interrupt_queue(vcpu);
2499 if (reason != TASK_SWITCH_GATE ||
2500 int_type == SVM_EXITINTINFO_TYPE_SOFT ||
2501 (int_type == SVM_EXITINTINFO_TYPE_EXEPT &&
2502 (int_vec == OF_VECTOR || int_vec == BP_VECTOR))) {
2503 if (!svm_skip_emulated_instruction(vcpu))
2507 if (int_type != SVM_EXITINTINFO_TYPE_SOFT)
2510 return kvm_task_switch(vcpu, tss_selector, int_vec, reason,
2511 has_error_code, error_code);
2514 static void svm_clr_iret_intercept(struct vcpu_svm *svm)
2516 if (!sev_es_guest(svm->vcpu.kvm))
2517 svm_clr_intercept(svm, INTERCEPT_IRET);
2520 static void svm_set_iret_intercept(struct vcpu_svm *svm)
2522 if (!sev_es_guest(svm->vcpu.kvm))
2523 svm_set_intercept(svm, INTERCEPT_IRET);
2526 static int iret_interception(struct kvm_vcpu *vcpu)
2528 struct vcpu_svm *svm = to_svm(vcpu);
2530 ++vcpu->stat.nmi_window_exits;
2531 svm->awaiting_iret_completion = true;
2533 svm_clr_iret_intercept(svm);
2534 if (!sev_es_guest(vcpu->kvm))
2535 svm->nmi_iret_rip = kvm_rip_read(vcpu);
2537 kvm_make_request(KVM_REQ_EVENT, vcpu);
2541 static int invlpg_interception(struct kvm_vcpu *vcpu)
2543 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
2544 return kvm_emulate_instruction(vcpu, 0);
2546 kvm_mmu_invlpg(vcpu, to_svm(vcpu)->vmcb->control.exit_info_1);
2547 return kvm_skip_emulated_instruction(vcpu);
2550 static int emulate_on_interception(struct kvm_vcpu *vcpu)
2552 return kvm_emulate_instruction(vcpu, 0);
2555 static int rsm_interception(struct kvm_vcpu *vcpu)
2557 return kvm_emulate_instruction_from_buffer(vcpu, rsm_ins_bytes, 2);
2560 static bool check_selective_cr0_intercepted(struct kvm_vcpu *vcpu,
2563 struct vcpu_svm *svm = to_svm(vcpu);
2564 unsigned long cr0 = vcpu->arch.cr0;
2567 if (!is_guest_mode(vcpu) ||
2568 (!(vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_SELECTIVE_CR0))))
2571 cr0 &= ~SVM_CR0_SELECTIVE_MASK;
2572 val &= ~SVM_CR0_SELECTIVE_MASK;
2575 svm->vmcb->control.exit_code = SVM_EXIT_CR0_SEL_WRITE;
2576 ret = (nested_svm_exit_handled(svm) == NESTED_EXIT_DONE);
2582 #define CR_VALID (1ULL << 63)
2584 static int cr_interception(struct kvm_vcpu *vcpu)
2586 struct vcpu_svm *svm = to_svm(vcpu);
2591 if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
2592 return emulate_on_interception(vcpu);
2594 if (unlikely((svm->vmcb->control.exit_info_1 & CR_VALID) == 0))
2595 return emulate_on_interception(vcpu);
2597 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
2598 if (svm->vmcb->control.exit_code == SVM_EXIT_CR0_SEL_WRITE)
2599 cr = SVM_EXIT_WRITE_CR0 - SVM_EXIT_READ_CR0;
2601 cr = svm->vmcb->control.exit_code - SVM_EXIT_READ_CR0;
2604 if (cr >= 16) { /* mov to cr */
2606 val = kvm_register_read(vcpu, reg);
2607 trace_kvm_cr_write(cr, val);
2610 if (!check_selective_cr0_intercepted(vcpu, val))
2611 err = kvm_set_cr0(vcpu, val);
2617 err = kvm_set_cr3(vcpu, val);
2620 err = kvm_set_cr4(vcpu, val);
2623 err = kvm_set_cr8(vcpu, val);
2626 WARN(1, "unhandled write to CR%d", cr);
2627 kvm_queue_exception(vcpu, UD_VECTOR);
2630 } else { /* mov from cr */
2633 val = kvm_read_cr0(vcpu);
2636 val = vcpu->arch.cr2;
2639 val = kvm_read_cr3(vcpu);
2642 val = kvm_read_cr4(vcpu);
2645 val = kvm_get_cr8(vcpu);
2648 WARN(1, "unhandled read from CR%d", cr);
2649 kvm_queue_exception(vcpu, UD_VECTOR);
2652 kvm_register_write(vcpu, reg, val);
2653 trace_kvm_cr_read(cr, val);
2655 return kvm_complete_insn_gp(vcpu, err);
2658 static int cr_trap(struct kvm_vcpu *vcpu)
2660 struct vcpu_svm *svm = to_svm(vcpu);
2661 unsigned long old_value, new_value;
2665 new_value = (unsigned long)svm->vmcb->control.exit_info_1;
2667 cr = svm->vmcb->control.exit_code - SVM_EXIT_CR0_WRITE_TRAP;
2670 old_value = kvm_read_cr0(vcpu);
2671 svm_set_cr0(vcpu, new_value);
2673 kvm_post_set_cr0(vcpu, old_value, new_value);
2676 old_value = kvm_read_cr4(vcpu);
2677 svm_set_cr4(vcpu, new_value);
2679 kvm_post_set_cr4(vcpu, old_value, new_value);
2682 ret = kvm_set_cr8(vcpu, new_value);
2685 WARN(1, "unhandled CR%d write trap", cr);
2686 kvm_queue_exception(vcpu, UD_VECTOR);
2690 return kvm_complete_insn_gp(vcpu, ret);
2693 static int dr_interception(struct kvm_vcpu *vcpu)
2695 struct vcpu_svm *svm = to_svm(vcpu);
2700 if (vcpu->guest_debug == 0) {
2702 * No more DR vmexits; force a reload of the debug registers
2703 * and reenter on this instruction. The next vmexit will
2704 * retrieve the full state of the debug registers.
2706 clr_dr_intercepts(svm);
2707 vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
2711 if (!boot_cpu_has(X86_FEATURE_DECODEASSISTS))
2712 return emulate_on_interception(vcpu);
2714 reg = svm->vmcb->control.exit_info_1 & SVM_EXITINFO_REG_MASK;
2715 dr = svm->vmcb->control.exit_code - SVM_EXIT_READ_DR0;
2716 if (dr >= 16) { /* mov to DRn */
2718 val = kvm_register_read(vcpu, reg);
2719 err = kvm_set_dr(vcpu, dr, val);
2721 kvm_get_dr(vcpu, dr, &val);
2722 kvm_register_write(vcpu, reg, val);
2725 return kvm_complete_insn_gp(vcpu, err);
2728 static int cr8_write_interception(struct kvm_vcpu *vcpu)
2732 u8 cr8_prev = kvm_get_cr8(vcpu);
2733 /* instruction emulation calls kvm_set_cr8() */
2734 r = cr_interception(vcpu);
2735 if (lapic_in_kernel(vcpu))
2737 if (cr8_prev <= kvm_get_cr8(vcpu))
2739 vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
2743 static int efer_trap(struct kvm_vcpu *vcpu)
2745 struct msr_data msr_info;
2749 * Clear the EFER_SVME bit from EFER. The SVM code always sets this
2750 * bit in svm_set_efer(), but __kvm_valid_efer() checks it against
2751 * whether the guest has X86_FEATURE_SVM - this avoids a failure if
2752 * the guest doesn't have X86_FEATURE_SVM.
2754 msr_info.host_initiated = false;
2755 msr_info.index = MSR_EFER;
2756 msr_info.data = to_svm(vcpu)->vmcb->control.exit_info_1 & ~EFER_SVME;
2757 ret = kvm_set_msr_common(vcpu, &msr_info);
2759 return kvm_complete_insn_gp(vcpu, ret);
2762 static int svm_get_msr_feature(struct kvm_msr_entry *msr)
2766 switch (msr->index) {
2767 case MSR_AMD64_DE_CFG:
2768 if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC))
2769 msr->data |= MSR_AMD64_DE_CFG_LFENCE_SERIALIZE;
2772 return KVM_MSR_RET_INVALID;
2778 static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2780 struct vcpu_svm *svm = to_svm(vcpu);
2782 switch (msr_info->index) {
2783 case MSR_AMD64_TSC_RATIO:
2784 if (!msr_info->host_initiated && !svm->tsc_scaling_enabled)
2786 msr_info->data = svm->tsc_ratio_msr;
2789 msr_info->data = svm->vmcb01.ptr->save.star;
2791 #ifdef CONFIG_X86_64
2793 msr_info->data = svm->vmcb01.ptr->save.lstar;
2796 msr_info->data = svm->vmcb01.ptr->save.cstar;
2798 case MSR_KERNEL_GS_BASE:
2799 msr_info->data = svm->vmcb01.ptr->save.kernel_gs_base;
2801 case MSR_SYSCALL_MASK:
2802 msr_info->data = svm->vmcb01.ptr->save.sfmask;
2805 case MSR_IA32_SYSENTER_CS:
2806 msr_info->data = svm->vmcb01.ptr->save.sysenter_cs;
2808 case MSR_IA32_SYSENTER_EIP:
2809 msr_info->data = (u32)svm->vmcb01.ptr->save.sysenter_eip;
2810 if (guest_cpuid_is_intel(vcpu))
2811 msr_info->data |= (u64)svm->sysenter_eip_hi << 32;
2813 case MSR_IA32_SYSENTER_ESP:
2814 msr_info->data = svm->vmcb01.ptr->save.sysenter_esp;
2815 if (guest_cpuid_is_intel(vcpu))
2816 msr_info->data |= (u64)svm->sysenter_esp_hi << 32;
2819 msr_info->data = svm->tsc_aux;
2821 case MSR_IA32_DEBUGCTLMSR:
2822 case MSR_IA32_LASTBRANCHFROMIP:
2823 case MSR_IA32_LASTBRANCHTOIP:
2824 case MSR_IA32_LASTINTFROMIP:
2825 case MSR_IA32_LASTINTTOIP:
2826 msr_info->data = svm_get_lbr_msr(svm, msr_info->index);
2828 case MSR_VM_HSAVE_PA:
2829 msr_info->data = svm->nested.hsave_msr;
2832 msr_info->data = svm->nested.vm_cr_msr;
2834 case MSR_IA32_SPEC_CTRL:
2835 if (!msr_info->host_initiated &&
2836 !guest_has_spec_ctrl_msr(vcpu))
2839 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
2840 msr_info->data = svm->vmcb->save.spec_ctrl;
2842 msr_info->data = svm->spec_ctrl;
2844 case MSR_AMD64_VIRT_SPEC_CTRL:
2845 if (!msr_info->host_initiated &&
2846 !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
2849 msr_info->data = svm->virt_spec_ctrl;
2851 case MSR_F15H_IC_CFG: {
2855 family = guest_cpuid_family(vcpu);
2856 model = guest_cpuid_model(vcpu);
2858 if (family < 0 || model < 0)
2859 return kvm_get_msr_common(vcpu, msr_info);
2863 if (family == 0x15 &&
2864 (model >= 0x2 && model < 0x20))
2865 msr_info->data = 0x1E;
2868 case MSR_AMD64_DE_CFG:
2869 msr_info->data = svm->msr_decfg;
2872 return kvm_get_msr_common(vcpu, msr_info);
2877 static int svm_complete_emulated_msr(struct kvm_vcpu *vcpu, int err)
2879 struct vcpu_svm *svm = to_svm(vcpu);
2880 if (!err || !sev_es_guest(vcpu->kvm) || WARN_ON_ONCE(!svm->sev_es.ghcb))
2881 return kvm_complete_insn_gp(vcpu, err);
2883 ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 1);
2884 ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
2886 SVM_EVTINJ_TYPE_EXEPT |
2891 static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
2893 struct vcpu_svm *svm = to_svm(vcpu);
2894 int svm_dis, chg_mask;
2896 if (data & ~SVM_VM_CR_VALID_MASK)
2899 chg_mask = SVM_VM_CR_VALID_MASK;
2901 if (svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK)
2902 chg_mask &= ~(SVM_VM_CR_SVM_LOCK_MASK | SVM_VM_CR_SVM_DIS_MASK);
2904 svm->nested.vm_cr_msr &= ~chg_mask;
2905 svm->nested.vm_cr_msr |= (data & chg_mask);
2907 svm_dis = svm->nested.vm_cr_msr & SVM_VM_CR_SVM_DIS_MASK;
2909 /* check for svm_disable while efer.svme is set */
2910 if (svm_dis && (vcpu->arch.efer & EFER_SVME))
2916 static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
2918 struct vcpu_svm *svm = to_svm(vcpu);
2921 u32 ecx = msr->index;
2922 u64 data = msr->data;
2924 case MSR_AMD64_TSC_RATIO:
2926 if (!svm->tsc_scaling_enabled) {
2928 if (!msr->host_initiated)
2931 * In case TSC scaling is not enabled, always
2932 * leave this MSR at the default value.
2934 * Due to bug in qemu 6.2.0, it would try to set
2935 * this msr to 0 if tsc scaling is not enabled.
2936 * Ignore this value as well.
2938 if (data != 0 && data != svm->tsc_ratio_msr)
2943 if (data & SVM_TSC_RATIO_RSVD)
2946 svm->tsc_ratio_msr = data;
2948 if (svm->tsc_scaling_enabled && is_guest_mode(vcpu))
2949 nested_svm_update_tsc_ratio_msr(vcpu);
2952 case MSR_IA32_CR_PAT:
2953 ret = kvm_set_msr_common(vcpu, msr);
2957 svm->vmcb01.ptr->save.g_pat = data;
2958 if (is_guest_mode(vcpu))
2959 nested_vmcb02_compute_g_pat(svm);
2960 vmcb_mark_dirty(svm->vmcb, VMCB_NPT);
2962 case MSR_IA32_SPEC_CTRL:
2963 if (!msr->host_initiated &&
2964 !guest_has_spec_ctrl_msr(vcpu))
2967 if (kvm_spec_ctrl_test_value(data))
2970 if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
2971 svm->vmcb->save.spec_ctrl = data;
2973 svm->spec_ctrl = data;
2979 * When it's written (to non-zero) for the first time, pass
2983 * The handling of the MSR bitmap for L2 guests is done in
2984 * nested_svm_vmrun_msrpm.
2985 * We update the L1 MSR bit as well since it will end up
2986 * touching the MSR anyway now.
2988 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
2990 case MSR_AMD64_VIRT_SPEC_CTRL:
2991 if (!msr->host_initiated &&
2992 !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
2995 if (data & ~SPEC_CTRL_SSBD)
2998 svm->virt_spec_ctrl = data;
3001 svm->vmcb01.ptr->save.star = data;
3003 #ifdef CONFIG_X86_64
3005 svm->vmcb01.ptr->save.lstar = data;
3008 svm->vmcb01.ptr->save.cstar = data;
3010 case MSR_KERNEL_GS_BASE:
3011 svm->vmcb01.ptr->save.kernel_gs_base = data;
3013 case MSR_SYSCALL_MASK:
3014 svm->vmcb01.ptr->save.sfmask = data;
3017 case MSR_IA32_SYSENTER_CS:
3018 svm->vmcb01.ptr->save.sysenter_cs = data;
3020 case MSR_IA32_SYSENTER_EIP:
3021 svm->vmcb01.ptr->save.sysenter_eip = (u32)data;
3023 * We only intercept the MSR_IA32_SYSENTER_{EIP|ESP} msrs
3024 * when we spoof an Intel vendor ID (for cross vendor migration).
3025 * In this case we use this intercept to track the high
3026 * 32 bit part of these msrs to support Intel's
3027 * implementation of SYSENTER/SYSEXIT.
3029 svm->sysenter_eip_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
3031 case MSR_IA32_SYSENTER_ESP:
3032 svm->vmcb01.ptr->save.sysenter_esp = (u32)data;
3033 svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0;
3037 * TSC_AUX is usually changed only during boot and never read
3038 * directly. Intercept TSC_AUX instead of exposing it to the
3039 * guest via direct_access_msrs, and switch it via user return.
3042 ret = kvm_set_user_return_msr(tsc_aux_uret_slot, data, -1ull);
3047 svm->tsc_aux = data;
3049 case MSR_IA32_DEBUGCTLMSR:
3051 kvm_pr_unimpl_wrmsr(vcpu, ecx, data);
3054 if (data & DEBUGCTL_RESERVED_BITS)
3057 if (svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK)
3058 svm->vmcb->save.dbgctl = data;
3060 svm->vmcb01.ptr->save.dbgctl = data;
3062 svm_update_lbrv(vcpu);
3065 case MSR_VM_HSAVE_PA:
3067 * Old kernels did not validate the value written to
3068 * MSR_VM_HSAVE_PA. Allow KVM_SET_MSR to set an invalid
3069 * value to allow live migrating buggy or malicious guests
3070 * originating from those kernels.
3072 if (!msr->host_initiated && !page_address_valid(vcpu, data))
3075 svm->nested.hsave_msr = data & PAGE_MASK;
3078 return svm_set_vm_cr(vcpu, data);
3080 kvm_pr_unimpl_wrmsr(vcpu, ecx, data);
3082 case MSR_AMD64_DE_CFG: {
3083 struct kvm_msr_entry msr_entry;
3085 msr_entry.index = msr->index;
3086 if (svm_get_msr_feature(&msr_entry))
3089 /* Check the supported bits */
3090 if (data & ~msr_entry.data)
3093 /* Don't allow the guest to change a bit, #GP */
3094 if (!msr->host_initiated && (data ^ msr_entry.data))
3097 svm->msr_decfg = data;
3101 return kvm_set_msr_common(vcpu, msr);
3106 static int msr_interception(struct kvm_vcpu *vcpu)
3108 if (to_svm(vcpu)->vmcb->control.exit_info_1)
3109 return kvm_emulate_wrmsr(vcpu);
3111 return kvm_emulate_rdmsr(vcpu);
3114 static int interrupt_window_interception(struct kvm_vcpu *vcpu)
3116 kvm_make_request(KVM_REQ_EVENT, vcpu);
3117 svm_clear_vintr(to_svm(vcpu));
3120 * If not running nested, for AVIC, the only reason to end up here is ExtINTs.
3121 * In this case AVIC was temporarily disabled for
3122 * requesting the IRQ window and we have to re-enable it.
3124 * If running nested, still remove the VM wide AVIC inhibit to
3125 * support case in which the interrupt window was requested when the
3126 * vCPU was not running nested.
3128 * All vCPUs which run still run nested, will remain to have their
3129 * AVIC still inhibited due to per-cpu AVIC inhibition.
3131 kvm_clear_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_IRQWIN);
3133 ++vcpu->stat.irq_window_exits;
3137 static int pause_interception(struct kvm_vcpu *vcpu)
3141 * CPL is not made available for an SEV-ES guest, therefore
3142 * vcpu->arch.preempted_in_kernel can never be true. Just
3143 * set in_kernel to false as well.
3145 in_kernel = !sev_es_guest(vcpu->kvm) && svm_get_cpl(vcpu) == 0;
3147 grow_ple_window(vcpu);
3149 kvm_vcpu_on_spin(vcpu, in_kernel);
3150 return kvm_skip_emulated_instruction(vcpu);
3153 static int invpcid_interception(struct kvm_vcpu *vcpu)
3155 struct vcpu_svm *svm = to_svm(vcpu);
3159 if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) {
3160 kvm_queue_exception(vcpu, UD_VECTOR);
3165 * For an INVPCID intercept:
3166 * EXITINFO1 provides the linear address of the memory operand.
3167 * EXITINFO2 provides the contents of the register operand.
3169 type = svm->vmcb->control.exit_info_2;
3170 gva = svm->vmcb->control.exit_info_1;
3172 return kvm_handle_invpcid(vcpu, type, gva);
3175 static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = {
3176 [SVM_EXIT_READ_CR0] = cr_interception,
3177 [SVM_EXIT_READ_CR3] = cr_interception,
3178 [SVM_EXIT_READ_CR4] = cr_interception,
3179 [SVM_EXIT_READ_CR8] = cr_interception,
3180 [SVM_EXIT_CR0_SEL_WRITE] = cr_interception,
3181 [SVM_EXIT_WRITE_CR0] = cr_interception,
3182 [SVM_EXIT_WRITE_CR3] = cr_interception,
3183 [SVM_EXIT_WRITE_CR4] = cr_interception,
3184 [SVM_EXIT_WRITE_CR8] = cr8_write_interception,
3185 [SVM_EXIT_READ_DR0] = dr_interception,
3186 [SVM_EXIT_READ_DR1] = dr_interception,
3187 [SVM_EXIT_READ_DR2] = dr_interception,
3188 [SVM_EXIT_READ_DR3] = dr_interception,
3189 [SVM_EXIT_READ_DR4] = dr_interception,
3190 [SVM_EXIT_READ_DR5] = dr_interception,
3191 [SVM_EXIT_READ_DR6] = dr_interception,
3192 [SVM_EXIT_READ_DR7] = dr_interception,
3193 [SVM_EXIT_WRITE_DR0] = dr_interception,
3194 [SVM_EXIT_WRITE_DR1] = dr_interception,
3195 [SVM_EXIT_WRITE_DR2] = dr_interception,
3196 [SVM_EXIT_WRITE_DR3] = dr_interception,
3197 [SVM_EXIT_WRITE_DR4] = dr_interception,
3198 [SVM_EXIT_WRITE_DR5] = dr_interception,
3199 [SVM_EXIT_WRITE_DR6] = dr_interception,
3200 [SVM_EXIT_WRITE_DR7] = dr_interception,
3201 [SVM_EXIT_EXCP_BASE + DB_VECTOR] = db_interception,
3202 [SVM_EXIT_EXCP_BASE + BP_VECTOR] = bp_interception,
3203 [SVM_EXIT_EXCP_BASE + UD_VECTOR] = ud_interception,
3204 [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
3205 [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
3206 [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
3207 [SVM_EXIT_EXCP_BASE + GP_VECTOR] = gp_interception,
3208 [SVM_EXIT_INTR] = intr_interception,
3209 [SVM_EXIT_NMI] = nmi_interception,
3210 [SVM_EXIT_SMI] = smi_interception,
3211 [SVM_EXIT_VINTR] = interrupt_window_interception,
3212 [SVM_EXIT_RDPMC] = kvm_emulate_rdpmc,
3213 [SVM_EXIT_CPUID] = kvm_emulate_cpuid,
3214 [SVM_EXIT_IRET] = iret_interception,
3215 [SVM_EXIT_INVD] = kvm_emulate_invd,
3216 [SVM_EXIT_PAUSE] = pause_interception,
3217 [SVM_EXIT_HLT] = kvm_emulate_halt,
3218 [SVM_EXIT_INVLPG] = invlpg_interception,
3219 [SVM_EXIT_INVLPGA] = invlpga_interception,
3220 [SVM_EXIT_IOIO] = io_interception,
3221 [SVM_EXIT_MSR] = msr_interception,
3222 [SVM_EXIT_TASK_SWITCH] = task_switch_interception,
3223 [SVM_EXIT_SHUTDOWN] = shutdown_interception,
3224 [SVM_EXIT_VMRUN] = vmrun_interception,
3225 [SVM_EXIT_VMMCALL] = kvm_emulate_hypercall,
3226 [SVM_EXIT_VMLOAD] = vmload_interception,
3227 [SVM_EXIT_VMSAVE] = vmsave_interception,
3228 [SVM_EXIT_STGI] = stgi_interception,
3229 [SVM_EXIT_CLGI] = clgi_interception,
3230 [SVM_EXIT_SKINIT] = skinit_interception,
3231 [SVM_EXIT_RDTSCP] = kvm_handle_invalid_op,
3232 [SVM_EXIT_WBINVD] = kvm_emulate_wbinvd,
3233 [SVM_EXIT_MONITOR] = kvm_emulate_monitor,
3234 [SVM_EXIT_MWAIT] = kvm_emulate_mwait,
3235 [SVM_EXIT_XSETBV] = kvm_emulate_xsetbv,
3236 [SVM_EXIT_RDPRU] = kvm_handle_invalid_op,
3237 [SVM_EXIT_EFER_WRITE_TRAP] = efer_trap,
3238 [SVM_EXIT_CR0_WRITE_TRAP] = cr_trap,
3239 [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap,
3240 [SVM_EXIT_CR8_WRITE_TRAP] = cr_trap,
3241 [SVM_EXIT_INVPCID] = invpcid_interception,
3242 [SVM_EXIT_NPF] = npf_interception,
3243 [SVM_EXIT_RSM] = rsm_interception,
3244 [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception,
3245 [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception,
3246 [SVM_EXIT_VMGEXIT] = sev_handle_vmgexit,
3249 static void dump_vmcb(struct kvm_vcpu *vcpu)
3251 struct vcpu_svm *svm = to_svm(vcpu);
3252 struct vmcb_control_area *control = &svm->vmcb->control;
3253 struct vmcb_save_area *save = &svm->vmcb->save;
3254 struct vmcb_save_area *save01 = &svm->vmcb01.ptr->save;
3256 if (!dump_invalid_vmcb) {
3257 pr_warn_ratelimited("set kvm_amd.dump_invalid_vmcb=1 to dump internal KVM state.\n");
3261 pr_err("VMCB %p, last attempted VMRUN on CPU %d\n",
3262 svm->current_vmcb->ptr, vcpu->arch.last_vmentry_cpu);
3263 pr_err("VMCB Control Area:\n");
3264 pr_err("%-20s%04x\n", "cr_read:", control->intercepts[INTERCEPT_CR] & 0xffff);
3265 pr_err("%-20s%04x\n", "cr_write:", control->intercepts[INTERCEPT_CR] >> 16);
3266 pr_err("%-20s%04x\n", "dr_read:", control->intercepts[INTERCEPT_DR] & 0xffff);
3267 pr_err("%-20s%04x\n", "dr_write:", control->intercepts[INTERCEPT_DR] >> 16);
3268 pr_err("%-20s%08x\n", "exceptions:", control->intercepts[INTERCEPT_EXCEPTION]);
3269 pr_err("%-20s%08x %08x\n", "intercepts:",
3270 control->intercepts[INTERCEPT_WORD3],
3271 control->intercepts[INTERCEPT_WORD4]);
3272 pr_err("%-20s%d\n", "pause filter count:", control->pause_filter_count);
3273 pr_err("%-20s%d\n", "pause filter threshold:",
3274 control->pause_filter_thresh);
3275 pr_err("%-20s%016llx\n", "iopm_base_pa:", control->iopm_base_pa);
3276 pr_err("%-20s%016llx\n", "msrpm_base_pa:", control->msrpm_base_pa);
3277 pr_err("%-20s%016llx\n", "tsc_offset:", control->tsc_offset);
3278 pr_err("%-20s%d\n", "asid:", control->asid);
3279 pr_err("%-20s%d\n", "tlb_ctl:", control->tlb_ctl);
3280 pr_err("%-20s%08x\n", "int_ctl:", control->int_ctl);
3281 pr_err("%-20s%08x\n", "int_vector:", control->int_vector);
3282 pr_err("%-20s%08x\n", "int_state:", control->int_state);
3283 pr_err("%-20s%08x\n", "exit_code:", control->exit_code);
3284 pr_err("%-20s%016llx\n", "exit_info1:", control->exit_info_1);
3285 pr_err("%-20s%016llx\n", "exit_info2:", control->exit_info_2);
3286 pr_err("%-20s%08x\n", "exit_int_info:", control->exit_int_info);
3287 pr_err("%-20s%08x\n", "exit_int_info_err:", control->exit_int_info_err);
3288 pr_err("%-20s%lld\n", "nested_ctl:", control->nested_ctl);
3289 pr_err("%-20s%016llx\n", "nested_cr3:", control->nested_cr3);
3290 pr_err("%-20s%016llx\n", "avic_vapic_bar:", control->avic_vapic_bar);
3291 pr_err("%-20s%016llx\n", "ghcb:", control->ghcb_gpa);
3292 pr_err("%-20s%08x\n", "event_inj:", control->event_inj);
3293 pr_err("%-20s%08x\n", "event_inj_err:", control->event_inj_err);
3294 pr_err("%-20s%lld\n", "virt_ext:", control->virt_ext);
3295 pr_err("%-20s%016llx\n", "next_rip:", control->next_rip);
3296 pr_err("%-20s%016llx\n", "avic_backing_page:", control->avic_backing_page);
3297 pr_err("%-20s%016llx\n", "avic_logical_id:", control->avic_logical_id);
3298 pr_err("%-20s%016llx\n", "avic_physical_id:", control->avic_physical_id);
3299 pr_err("%-20s%016llx\n", "vmsa_pa:", control->vmsa_pa);
3300 pr_err("VMCB State Save Area:\n");
3301 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3303 save->es.selector, save->es.attrib,
3304 save->es.limit, save->es.base);
3305 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3307 save->cs.selector, save->cs.attrib,
3308 save->cs.limit, save->cs.base);
3309 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3311 save->ss.selector, save->ss.attrib,
3312 save->ss.limit, save->ss.base);
3313 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3315 save->ds.selector, save->ds.attrib,
3316 save->ds.limit, save->ds.base);
3317 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3319 save01->fs.selector, save01->fs.attrib,
3320 save01->fs.limit, save01->fs.base);
3321 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3323 save01->gs.selector, save01->gs.attrib,
3324 save01->gs.limit, save01->gs.base);
3325 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3327 save->gdtr.selector, save->gdtr.attrib,
3328 save->gdtr.limit, save->gdtr.base);
3329 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3331 save01->ldtr.selector, save01->ldtr.attrib,
3332 save01->ldtr.limit, save01->ldtr.base);
3333 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3335 save->idtr.selector, save->idtr.attrib,
3336 save->idtr.limit, save->idtr.base);
3337 pr_err("%-5s s: %04x a: %04x l: %08x b: %016llx\n",
3339 save01->tr.selector, save01->tr.attrib,
3340 save01->tr.limit, save01->tr.base);
3341 pr_err("vmpl: %d cpl: %d efer: %016llx\n",
3342 save->vmpl, save->cpl, save->efer);
3343 pr_err("%-15s %016llx %-13s %016llx\n",
3344 "cr0:", save->cr0, "cr2:", save->cr2);
3345 pr_err("%-15s %016llx %-13s %016llx\n",
3346 "cr3:", save->cr3, "cr4:", save->cr4);
3347 pr_err("%-15s %016llx %-13s %016llx\n",
3348 "dr6:", save->dr6, "dr7:", save->dr7);
3349 pr_err("%-15s %016llx %-13s %016llx\n",
3350 "rip:", save->rip, "rflags:", save->rflags);
3351 pr_err("%-15s %016llx %-13s %016llx\n",
3352 "rsp:", save->rsp, "rax:", save->rax);
3353 pr_err("%-15s %016llx %-13s %016llx\n",
3354 "star:", save01->star, "lstar:", save01->lstar);
3355 pr_err("%-15s %016llx %-13s %016llx\n",
3356 "cstar:", save01->cstar, "sfmask:", save01->sfmask);
3357 pr_err("%-15s %016llx %-13s %016llx\n",
3358 "kernel_gs_base:", save01->kernel_gs_base,
3359 "sysenter_cs:", save01->sysenter_cs);
3360 pr_err("%-15s %016llx %-13s %016llx\n",
3361 "sysenter_esp:", save01->sysenter_esp,
3362 "sysenter_eip:", save01->sysenter_eip);
3363 pr_err("%-15s %016llx %-13s %016llx\n",
3364 "gpat:", save->g_pat, "dbgctl:", save->dbgctl);
3365 pr_err("%-15s %016llx %-13s %016llx\n",
3366 "br_from:", save->br_from, "br_to:", save->br_to);
3367 pr_err("%-15s %016llx %-13s %016llx\n",
3368 "excp_from:", save->last_excp_from,
3369 "excp_to:", save->last_excp_to);
3372 static bool svm_check_exit_valid(u64 exit_code)
3374 return (exit_code < ARRAY_SIZE(svm_exit_handlers) &&
3375 svm_exit_handlers[exit_code]);
3378 static int svm_handle_invalid_exit(struct kvm_vcpu *vcpu, u64 exit_code)
3380 vcpu_unimpl(vcpu, "svm: unexpected exit reason 0x%llx\n", exit_code);
3382 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
3383 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
3384 vcpu->run->internal.ndata = 2;
3385 vcpu->run->internal.data[0] = exit_code;
3386 vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
3390 int svm_invoke_exit_handler(struct kvm_vcpu *vcpu, u64 exit_code)
3392 if (!svm_check_exit_valid(exit_code))
3393 return svm_handle_invalid_exit(vcpu, exit_code);
3395 #ifdef CONFIG_RETPOLINE
3396 if (exit_code == SVM_EXIT_MSR)
3397 return msr_interception(vcpu);
3398 else if (exit_code == SVM_EXIT_VINTR)
3399 return interrupt_window_interception(vcpu);
3400 else if (exit_code == SVM_EXIT_INTR)
3401 return intr_interception(vcpu);
3402 else if (exit_code == SVM_EXIT_HLT)
3403 return kvm_emulate_halt(vcpu);
3404 else if (exit_code == SVM_EXIT_NPF)
3405 return npf_interception(vcpu);
3407 return svm_exit_handlers[exit_code](vcpu);
3410 static void svm_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
3411 u64 *info1, u64 *info2,
3412 u32 *intr_info, u32 *error_code)
3414 struct vmcb_control_area *control = &to_svm(vcpu)->vmcb->control;
3416 *reason = control->exit_code;
3417 *info1 = control->exit_info_1;
3418 *info2 = control->exit_info_2;
3419 *intr_info = control->exit_int_info;
3420 if ((*intr_info & SVM_EXITINTINFO_VALID) &&
3421 (*intr_info & SVM_EXITINTINFO_VALID_ERR))
3422 *error_code = control->exit_int_info_err;
3427 static int svm_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
3429 struct vcpu_svm *svm = to_svm(vcpu);
3430 struct kvm_run *kvm_run = vcpu->run;
3431 u32 exit_code = svm->vmcb->control.exit_code;
3433 /* SEV-ES guests must use the CR write traps to track CR registers. */
3434 if (!sev_es_guest(vcpu->kvm)) {
3435 if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE))
3436 vcpu->arch.cr0 = svm->vmcb->save.cr0;
3438 vcpu->arch.cr3 = svm->vmcb->save.cr3;
3441 if (is_guest_mode(vcpu)) {
3444 trace_kvm_nested_vmexit(vcpu, KVM_ISA_SVM);
3446 vmexit = nested_svm_exit_special(svm);
3448 if (vmexit == NESTED_EXIT_CONTINUE)
3449 vmexit = nested_svm_exit_handled(svm);
3451 if (vmexit == NESTED_EXIT_DONE)
3455 if (svm->vmcb->control.exit_code == SVM_EXIT_ERR) {
3456 kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
3457 kvm_run->fail_entry.hardware_entry_failure_reason
3458 = svm->vmcb->control.exit_code;
3459 kvm_run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
3464 if (exit_fastpath != EXIT_FASTPATH_NONE)
3467 return svm_invoke_exit_handler(vcpu, exit_code);
3470 static void pre_svm_run(struct kvm_vcpu *vcpu)
3472 struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
3473 struct vcpu_svm *svm = to_svm(vcpu);
3476 * If the previous vmrun of the vmcb occurred on a different physical
3477 * cpu, then mark the vmcb dirty and assign a new asid. Hardware's
3478 * vmcb clean bits are per logical CPU, as are KVM's asid assignments.
3480 if (unlikely(svm->current_vmcb->cpu != vcpu->cpu)) {
3481 svm->current_vmcb->asid_generation = 0;
3482 vmcb_mark_all_dirty(svm->vmcb);
3483 svm->current_vmcb->cpu = vcpu->cpu;
3486 if (sev_guest(vcpu->kvm))
3487 return pre_sev_run(svm, vcpu->cpu);
3489 /* FIXME: handle wraparound of asid_generation */
3490 if (svm->current_vmcb->asid_generation != sd->asid_generation)
3494 static void svm_inject_nmi(struct kvm_vcpu *vcpu)
3496 struct vcpu_svm *svm = to_svm(vcpu);
3498 svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI;
3500 if (svm->nmi_l1_to_l2)
3503 svm->nmi_masked = true;
3504 svm_set_iret_intercept(svm);
3505 ++vcpu->stat.nmi_injections;
3508 static bool svm_is_vnmi_pending(struct kvm_vcpu *vcpu)
3510 struct vcpu_svm *svm = to_svm(vcpu);
3512 if (!is_vnmi_enabled(svm))
3515 return !!(svm->vmcb->control.int_ctl & V_NMI_PENDING_MASK);
3518 static bool svm_set_vnmi_pending(struct kvm_vcpu *vcpu)
3520 struct vcpu_svm *svm = to_svm(vcpu);
3522 if (!is_vnmi_enabled(svm))
3525 if (svm->vmcb->control.int_ctl & V_NMI_PENDING_MASK)
3528 svm->vmcb->control.int_ctl |= V_NMI_PENDING_MASK;
3529 vmcb_mark_dirty(svm->vmcb, VMCB_INTR);
3532 * Because the pending NMI is serviced by hardware, KVM can't know when
3533 * the NMI is "injected", but for all intents and purposes, passing the
3534 * NMI off to hardware counts as injection.
3536 ++vcpu->stat.nmi_injections;
3541 static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
3543 struct vcpu_svm *svm = to_svm(vcpu);
3546 if (vcpu->arch.interrupt.soft) {
3547 if (svm_update_soft_interrupt_rip(vcpu))
3550 type = SVM_EVTINJ_TYPE_SOFT;
3552 type = SVM_EVTINJ_TYPE_INTR;
3555 trace_kvm_inj_virq(vcpu->arch.interrupt.nr,
3556 vcpu->arch.interrupt.soft, reinjected);
3557 ++vcpu->stat.irq_injections;
3559 svm->vmcb->control.event_inj = vcpu->arch.interrupt.nr |
3560 SVM_EVTINJ_VALID | type;
3563 void svm_complete_interrupt_delivery(struct kvm_vcpu *vcpu, int delivery_mode,
3564 int trig_mode, int vector)
3567 * apic->apicv_active must be read after vcpu->mode.
3568 * Pairs with smp_store_release in vcpu_enter_guest.
3570 bool in_guest_mode = (smp_load_acquire(&vcpu->mode) == IN_GUEST_MODE);
3572 /* Note, this is called iff the local APIC is in-kernel. */
3573 if (!READ_ONCE(vcpu->arch.apic->apicv_active)) {
3574 /* Process the interrupt via kvm_check_and_inject_events(). */
3575 kvm_make_request(KVM_REQ_EVENT, vcpu);
3576 kvm_vcpu_kick(vcpu);
3580 trace_kvm_apicv_accept_irq(vcpu->vcpu_id, delivery_mode, trig_mode, vector);
3581 if (in_guest_mode) {
3583 * Signal the doorbell to tell hardware to inject the IRQ. If
3584 * the vCPU exits the guest before the doorbell chimes, hardware
3585 * will automatically process AVIC interrupts at the next VMRUN.
3587 avic_ring_doorbell(vcpu);
3590 * Wake the vCPU if it was blocking. KVM will then detect the
3591 * pending IRQ when checking if the vCPU has a wake event.
3593 kvm_vcpu_wake_up(vcpu);
3597 static void svm_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
3598 int trig_mode, int vector)
3600 kvm_lapic_set_irr(vector, apic);
3603 * Pairs with the smp_mb_*() after setting vcpu->guest_mode in
3604 * vcpu_enter_guest() to ensure the write to the vIRR is ordered before
3605 * the read of guest_mode. This guarantees that either VMRUN will see
3606 * and process the new vIRR entry, or that svm_complete_interrupt_delivery
3607 * will signal the doorbell if the CPU has already entered the guest.
3609 smp_mb__after_atomic();
3610 svm_complete_interrupt_delivery(apic->vcpu, delivery_mode, trig_mode, vector);
3613 static void svm_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
3615 struct vcpu_svm *svm = to_svm(vcpu);
3618 * SEV-ES guests must always keep the CR intercepts cleared. CR
3619 * tracking is done using the CR write traps.
3621 if (sev_es_guest(vcpu->kvm))
3624 if (nested_svm_virtualize_tpr(vcpu))
3627 svm_clr_intercept(svm, INTERCEPT_CR8_WRITE);
3633 svm_set_intercept(svm, INTERCEPT_CR8_WRITE);
3636 static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
3638 struct vcpu_svm *svm = to_svm(vcpu);
3640 if (is_vnmi_enabled(svm))
3641 return svm->vmcb->control.int_ctl & V_NMI_BLOCKING_MASK;
3643 return svm->nmi_masked;
3646 static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
3648 struct vcpu_svm *svm = to_svm(vcpu);
3650 if (is_vnmi_enabled(svm)) {
3652 svm->vmcb->control.int_ctl |= V_NMI_BLOCKING_MASK;
3654 svm->vmcb->control.int_ctl &= ~V_NMI_BLOCKING_MASK;
3657 svm->nmi_masked = masked;
3659 svm_set_iret_intercept(svm);
3661 svm_clr_iret_intercept(svm);
3665 bool svm_nmi_blocked(struct kvm_vcpu *vcpu)
3667 struct vcpu_svm *svm = to_svm(vcpu);
3668 struct vmcb *vmcb = svm->vmcb;
3673 if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
3676 if (svm_get_nmi_mask(vcpu))
3679 return vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK;
3682 static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
3684 struct vcpu_svm *svm = to_svm(vcpu);
3685 if (svm->nested.nested_run_pending)
3688 if (svm_nmi_blocked(vcpu))
3691 /* An NMI must not be injected into L2 if it's supposed to VM-Exit. */
3692 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
3697 bool svm_interrupt_blocked(struct kvm_vcpu *vcpu)
3699 struct vcpu_svm *svm = to_svm(vcpu);
3700 struct vmcb *vmcb = svm->vmcb;
3705 if (is_guest_mode(vcpu)) {
3706 /* As long as interrupts are being delivered... */
3707 if ((svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK)
3708 ? !(svm->vmcb01.ptr->save.rflags & X86_EFLAGS_IF)
3709 : !(kvm_get_rflags(vcpu) & X86_EFLAGS_IF))
3712 /* ... vmexits aren't blocked by the interrupt shadow */
3713 if (nested_exit_on_intr(svm))
3716 if (!svm_get_if_flag(vcpu))
3720 return (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK);
3723 static int svm_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
3725 struct vcpu_svm *svm = to_svm(vcpu);
3727 if (svm->nested.nested_run_pending)
3730 if (svm_interrupt_blocked(vcpu))
3734 * An IRQ must not be injected into L2 if it's supposed to VM-Exit,
3735 * e.g. if the IRQ arrived asynchronously after checking nested events.
3737 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_intr(svm))
3743 static void svm_enable_irq_window(struct kvm_vcpu *vcpu)
3745 struct vcpu_svm *svm = to_svm(vcpu);
3748 * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes
3749 * 1, because that's a separate STGI/VMRUN intercept. The next time we
3750 * get that intercept, this function will be called again though and
3751 * we'll get the vintr intercept. However, if the vGIF feature is
3752 * enabled, the STGI interception will not occur. Enable the irq
3753 * window under the assumption that the hardware will set the GIF.
3755 if (vgif || gif_set(svm)) {
3757 * IRQ window is not needed when AVIC is enabled,
3758 * unless we have pending ExtINT since it cannot be injected
3759 * via AVIC. In such case, KVM needs to temporarily disable AVIC,
3760 * and fallback to injecting IRQ via V_IRQ.
3762 * If running nested, AVIC is already locally inhibited
3763 * on this vCPU, therefore there is no need to request
3764 * the VM wide AVIC inhibition.
3766 if (!is_guest_mode(vcpu))
3767 kvm_set_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_IRQWIN);
3773 static void svm_enable_nmi_window(struct kvm_vcpu *vcpu)
3775 struct vcpu_svm *svm = to_svm(vcpu);
3778 * KVM should never request an NMI window when vNMI is enabled, as KVM
3779 * allows at most one to-be-injected NMI and one pending NMI, i.e. if
3780 * two NMIs arrive simultaneously, KVM will inject one and set
3781 * V_NMI_PENDING for the other. WARN, but continue with the standard
3782 * single-step approach to try and salvage the pending NMI.
3784 WARN_ON_ONCE(is_vnmi_enabled(svm));
3786 if (svm_get_nmi_mask(vcpu) && !svm->awaiting_iret_completion)
3787 return; /* IRET will cause a vm exit */
3789 if (!gif_set(svm)) {
3791 svm_set_intercept(svm, INTERCEPT_STGI);
3792 return; /* STGI will cause a vm exit */
3796 * Something prevents NMI from been injected. Single step over possible
3797 * problem (IRET or exception injection or interrupt shadow)
3799 svm->nmi_singlestep_guest_rflags = svm_get_rflags(vcpu);
3800 svm->nmi_singlestep = true;
3801 svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
3804 static void svm_flush_tlb_asid(struct kvm_vcpu *vcpu)
3806 struct vcpu_svm *svm = to_svm(vcpu);
3809 * Unlike VMX, SVM doesn't provide a way to flush only NPT TLB entries.
3810 * A TLB flush for the current ASID flushes both "host" and "guest" TLB
3811 * entries, and thus is a superset of Hyper-V's fine grained flushing.
3813 kvm_hv_vcpu_purge_flush_tlb(vcpu);
3816 * Flush only the current ASID even if the TLB flush was invoked via
3817 * kvm_flush_remote_tlbs(). Although flushing remote TLBs requires all
3818 * ASIDs to be flushed, KVM uses a single ASID for L1 and L2, and
3819 * unconditionally does a TLB flush on both nested VM-Enter and nested
3820 * VM-Exit (via kvm_mmu_reset_context()).
3822 if (static_cpu_has(X86_FEATURE_FLUSHBYASID))
3823 svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ASID;
3825 svm->current_vmcb->asid_generation--;
3828 static void svm_flush_tlb_current(struct kvm_vcpu *vcpu)
3830 hpa_t root_tdp = vcpu->arch.mmu->root.hpa;
3833 * When running on Hyper-V with EnlightenedNptTlb enabled, explicitly
3834 * flush the NPT mappings via hypercall as flushing the ASID only
3835 * affects virtual to physical mappings, it does not invalidate guest
3836 * physical to host physical mappings.
3838 if (svm_hv_is_enlightened_tlb_enabled(vcpu) && VALID_PAGE(root_tdp))
3839 hyperv_flush_guest_mapping(root_tdp);
3841 svm_flush_tlb_asid(vcpu);
3844 static void svm_flush_tlb_all(struct kvm_vcpu *vcpu)
3847 * When running on Hyper-V with EnlightenedNptTlb enabled, remote TLB
3848 * flushes should be routed to hv_flush_remote_tlbs() without requesting
3849 * a "regular" remote flush. Reaching this point means either there's
3850 * a KVM bug or a prior hv_flush_remote_tlbs() call failed, both of
3851 * which might be fatal to the guest. Yell, but try to recover.
3853 if (WARN_ON_ONCE(svm_hv_is_enlightened_tlb_enabled(vcpu)))
3854 hv_flush_remote_tlbs(vcpu->kvm);
3856 svm_flush_tlb_asid(vcpu);
3859 static void svm_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t gva)
3861 struct vcpu_svm *svm = to_svm(vcpu);
3863 invlpga(gva, svm->vmcb->control.asid);
3866 static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)
3868 struct vcpu_svm *svm = to_svm(vcpu);
3870 if (nested_svm_virtualize_tpr(vcpu))
3873 if (!svm_is_intercept(svm, INTERCEPT_CR8_WRITE)) {
3874 int cr8 = svm->vmcb->control.int_ctl & V_TPR_MASK;
3875 kvm_set_cr8(vcpu, cr8);
3879 static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
3881 struct vcpu_svm *svm = to_svm(vcpu);
3884 if (nested_svm_virtualize_tpr(vcpu) ||
3885 kvm_vcpu_apicv_active(vcpu))
3888 cr8 = kvm_get_cr8(vcpu);
3889 svm->vmcb->control.int_ctl &= ~V_TPR_MASK;
3890 svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
3893 static void svm_complete_soft_interrupt(struct kvm_vcpu *vcpu, u8 vector,
3896 bool is_exception = (type == SVM_EXITINTINFO_TYPE_EXEPT);
3897 bool is_soft = (type == SVM_EXITINTINFO_TYPE_SOFT);
3898 struct vcpu_svm *svm = to_svm(vcpu);
3901 * If NRIPS is enabled, KVM must snapshot the pre-VMRUN next_rip that's
3902 * associated with the original soft exception/interrupt. next_rip is
3903 * cleared on all exits that can occur while vectoring an event, so KVM
3904 * needs to manually set next_rip for re-injection. Unlike the !nrips
3905 * case below, this needs to be done if and only if KVM is re-injecting
3906 * the same event, i.e. if the event is a soft exception/interrupt,
3907 * otherwise next_rip is unused on VMRUN.
3909 if (nrips && (is_soft || (is_exception && kvm_exception_is_soft(vector))) &&
3910 kvm_is_linear_rip(vcpu, svm->soft_int_old_rip + svm->soft_int_csbase))
3911 svm->vmcb->control.next_rip = svm->soft_int_next_rip;
3913 * If NRIPS isn't enabled, KVM must manually advance RIP prior to
3914 * injecting the soft exception/interrupt. That advancement needs to
3915 * be unwound if vectoring didn't complete. Note, the new event may
3916 * not be the injected event, e.g. if KVM injected an INTn, the INTn
3917 * hit a #NP in the guest, and the #NP encountered a #PF, the #NP will
3918 * be the reported vectored event, but RIP still needs to be unwound.
3920 else if (!nrips && (is_soft || is_exception) &&
3921 kvm_is_linear_rip(vcpu, svm->soft_int_next_rip + svm->soft_int_csbase))
3922 kvm_rip_write(vcpu, svm->soft_int_old_rip);
3925 static void svm_complete_interrupts(struct kvm_vcpu *vcpu)
3927 struct vcpu_svm *svm = to_svm(vcpu);
3930 u32 exitintinfo = svm->vmcb->control.exit_int_info;
3931 bool nmi_l1_to_l2 = svm->nmi_l1_to_l2;
3932 bool soft_int_injected = svm->soft_int_injected;
3934 svm->nmi_l1_to_l2 = false;
3935 svm->soft_int_injected = false;
3938 * If we've made progress since setting HF_IRET_MASK, we've
3939 * executed an IRET and can allow NMI injection.
3941 if (svm->awaiting_iret_completion &&
3942 (sev_es_guest(vcpu->kvm) ||
3943 kvm_rip_read(vcpu) != svm->nmi_iret_rip)) {
3944 svm->awaiting_iret_completion = false;
3945 svm->nmi_masked = false;
3946 kvm_make_request(KVM_REQ_EVENT, vcpu);
3949 vcpu->arch.nmi_injected = false;
3950 kvm_clear_exception_queue(vcpu);
3951 kvm_clear_interrupt_queue(vcpu);
3953 if (!(exitintinfo & SVM_EXITINTINFO_VALID))
3956 kvm_make_request(KVM_REQ_EVENT, vcpu);
3958 vector = exitintinfo & SVM_EXITINTINFO_VEC_MASK;
3959 type = exitintinfo & SVM_EXITINTINFO_TYPE_MASK;
3961 if (soft_int_injected)
3962 svm_complete_soft_interrupt(vcpu, vector, type);
3965 case SVM_EXITINTINFO_TYPE_NMI:
3966 vcpu->arch.nmi_injected = true;
3967 svm->nmi_l1_to_l2 = nmi_l1_to_l2;
3969 case SVM_EXITINTINFO_TYPE_EXEPT:
3971 * Never re-inject a #VC exception.
3973 if (vector == X86_TRAP_VC)
3976 if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) {
3977 u32 err = svm->vmcb->control.exit_int_info_err;
3978 kvm_requeue_exception_e(vcpu, vector, err);
3981 kvm_requeue_exception(vcpu, vector);
3983 case SVM_EXITINTINFO_TYPE_INTR:
3984 kvm_queue_interrupt(vcpu, vector, false);
3986 case SVM_EXITINTINFO_TYPE_SOFT:
3987 kvm_queue_interrupt(vcpu, vector, true);
3995 static void svm_cancel_injection(struct kvm_vcpu *vcpu)
3997 struct vcpu_svm *svm = to_svm(vcpu);
3998 struct vmcb_control_area *control = &svm->vmcb->control;
4000 control->exit_int_info = control->event_inj;
4001 control->exit_int_info_err = control->event_inj_err;
4002 control->event_inj = 0;
4003 svm_complete_interrupts(vcpu);
4006 static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
4011 static fastpath_t svm_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
4013 struct vmcb_control_area *control = &to_svm(vcpu)->vmcb->control;
4016 * Note, the next RIP must be provided as SRCU isn't held, i.e. KVM
4017 * can't read guest memory (dereference memslots) to decode the WRMSR.
4019 if (control->exit_code == SVM_EXIT_MSR && control->exit_info_1 &&
4020 nrips && control->next_rip)
4021 return handle_fastpath_set_msr_irqoff(vcpu);
4023 return EXIT_FASTPATH_NONE;
4026 static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_intercepted)
4028 struct vcpu_svm *svm = to_svm(vcpu);
4030 guest_state_enter_irqoff();
4032 if (sev_es_guest(vcpu->kvm))
4033 __svm_sev_es_vcpu_run(svm, spec_ctrl_intercepted);
4035 __svm_vcpu_run(svm, spec_ctrl_intercepted);
4037 guest_state_exit_irqoff();
4040 static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
4042 struct vcpu_svm *svm = to_svm(vcpu);
4043 bool spec_ctrl_intercepted = msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL);
4045 trace_kvm_entry(vcpu);
4047 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
4048 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
4049 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
4052 * Disable singlestep if we're injecting an interrupt/exception.
4053 * We don't want our modified rflags to be pushed on the stack where
4054 * we might not be able to easily reset them if we disabled NMI
4057 if (svm->nmi_singlestep && svm->vmcb->control.event_inj) {
4059 * Event injection happens before external interrupts cause a
4060 * vmexit and interrupts are disabled here, so smp_send_reschedule
4061 * is enough to force an immediate vmexit.
4063 disable_nmi_singlestep(svm);
4064 smp_send_reschedule(vcpu->cpu);
4069 sync_lapic_to_cr8(vcpu);
4071 if (unlikely(svm->asid != svm->vmcb->control.asid)) {
4072 svm->vmcb->control.asid = svm->asid;
4073 vmcb_mark_dirty(svm->vmcb, VMCB_ASID);
4075 svm->vmcb->save.cr2 = vcpu->arch.cr2;
4077 svm_hv_update_vp_id(svm->vmcb, vcpu);
4080 * Run with all-zero DR6 unless needed, so that we can get the exact cause
4083 if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))
4084 svm_set_dr6(svm, vcpu->arch.dr6);
4086 svm_set_dr6(svm, DR6_ACTIVE_LOW);
4089 kvm_load_guest_xsave_state(vcpu);
4091 kvm_wait_lapic_expire(vcpu);
4094 * If this vCPU has touched SPEC_CTRL, restore the guest's value if
4095 * it's non-zero. Since vmentry is serialising on affected CPUs, there
4096 * is no need to worry about the conditional branch over the wrmsr
4097 * being speculatively taken.
4099 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
4100 x86_spec_ctrl_set_guest(svm->virt_spec_ctrl);
4102 svm_vcpu_enter_exit(vcpu, spec_ctrl_intercepted);
4104 if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
4105 x86_spec_ctrl_restore_host(svm->virt_spec_ctrl);
4107 if (!sev_es_guest(vcpu->kvm)) {
4108 vcpu->arch.cr2 = svm->vmcb->save.cr2;
4109 vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
4110 vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
4111 vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
4113 vcpu->arch.regs_dirty = 0;
4115 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4116 kvm_before_interrupt(vcpu, KVM_HANDLING_NMI);
4118 kvm_load_host_xsave_state(vcpu);
4121 /* Any pending NMI will happen here */
4123 if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
4124 kvm_after_interrupt(vcpu);
4126 sync_cr8_to_lapic(vcpu);
4129 if (is_guest_mode(vcpu)) {
4130 nested_sync_control_from_vmcb02(svm);
4132 /* Track VMRUNs that have made past consistency checking */
4133 if (svm->nested.nested_run_pending &&
4134 svm->vmcb->control.exit_code != SVM_EXIT_ERR)
4135 ++vcpu->stat.nested_run;
4137 svm->nested.nested_run_pending = 0;
4140 svm->vmcb->control.tlb_ctl = TLB_CONTROL_DO_NOTHING;
4141 vmcb_mark_all_clean(svm->vmcb);
4143 /* if exit due to PF check for async PF */
4144 if (svm->vmcb->control.exit_code == SVM_EXIT_EXCP_BASE + PF_VECTOR)
4145 vcpu->arch.apf.host_apf_flags =
4146 kvm_read_and_reset_apf_flags();
4148 vcpu->arch.regs_avail &= ~SVM_REGS_LAZY_LOAD_SET;
4151 * We need to handle MC intercepts here before the vcpu has a chance to
4152 * change the physical cpu
4154 if (unlikely(svm->vmcb->control.exit_code ==
4155 SVM_EXIT_EXCP_BASE + MC_VECTOR))
4156 svm_handle_mce(vcpu);
4158 trace_kvm_exit(vcpu, KVM_ISA_SVM);
4160 svm_complete_interrupts(vcpu);
4162 if (is_guest_mode(vcpu))
4163 return EXIT_FASTPATH_NONE;
4165 return svm_exit_handlers_fastpath(vcpu);
4168 static void svm_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa,
4171 struct vcpu_svm *svm = to_svm(vcpu);
4175 svm->vmcb->control.nested_cr3 = __sme_set(root_hpa);
4176 vmcb_mark_dirty(svm->vmcb, VMCB_NPT);
4178 hv_track_root_tdp(vcpu, root_hpa);
4180 cr3 = vcpu->arch.cr3;
4181 } else if (root_level >= PT64_ROOT_4LEVEL) {
4182 cr3 = __sme_set(root_hpa) | kvm_get_active_pcid(vcpu);
4184 /* PCID in the guest should be impossible with a 32-bit MMU. */
4185 WARN_ON_ONCE(kvm_get_active_pcid(vcpu));
4189 svm->vmcb->save.cr3 = cr3;
4190 vmcb_mark_dirty(svm->vmcb, VMCB_CR);
4194 svm_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
4197 * Patch in the VMMCALL instruction:
4199 hypercall[0] = 0x0f;
4200 hypercall[1] = 0x01;
4201 hypercall[2] = 0xd9;
4205 * The kvm parameter can be NULL (module initialization, or invocation before
4206 * VM creation). Be sure to check the kvm parameter before using it.
4208 static bool svm_has_emulated_msr(struct kvm *kvm, u32 index)
4211 case MSR_IA32_MCG_EXT_CTL:
4212 case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
4214 case MSR_IA32_SMBASE:
4215 if (!IS_ENABLED(CONFIG_KVM_SMM))
4217 /* SEV-ES guests do not support SMM, so report false */
4218 if (kvm && sev_es_guest(kvm))
4228 static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
4230 struct vcpu_svm *svm = to_svm(vcpu);
4231 struct kvm_cpuid_entry2 *best;
4233 vcpu->arch.xsaves_enabled = guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) &&
4234 boot_cpu_has(X86_FEATURE_XSAVE) &&
4235 boot_cpu_has(X86_FEATURE_XSAVES);
4237 /* Update nrips enabled cache */
4238 svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) &&
4239 guest_cpuid_has(vcpu, X86_FEATURE_NRIPS);
4241 svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR);
4242 svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV);
4244 svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD);
4246 svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) &&
4247 guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER);
4249 svm->pause_threshold_enabled = kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD) &&
4250 guest_cpuid_has(vcpu, X86_FEATURE_PFTHRESHOLD);
4252 svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF);
4254 svm->vnmi_enabled = vnmi && guest_cpuid_has(vcpu, X86_FEATURE_VNMI);
4256 svm_recalc_instruction_intercepts(vcpu, svm);
4258 if (boot_cpu_has(X86_FEATURE_IBPB))
4259 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD, 0,
4260 !!guest_has_pred_cmd_msr(vcpu));
4262 if (boot_cpu_has(X86_FEATURE_FLUSH_L1D))
4263 set_msr_interception(vcpu, svm->msrpm, MSR_IA32_FLUSH_CMD, 0,
4264 !!guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D));
4266 /* For sev guests, the memory encryption bit is not reserved in CR3. */
4267 if (sev_guest(vcpu->kvm)) {
4268 best = kvm_find_cpuid_entry(vcpu, 0x8000001F);
4270 vcpu->arch.reserved_gpa_bits &= ~(1UL << (best->ebx & 0x3f));
4273 init_vmcb_after_set_cpuid(vcpu);
4276 static bool svm_has_wbinvd_exit(void)
4281 #define PRE_EX(exit) { .exit_code = (exit), \
4282 .stage = X86_ICPT_PRE_EXCEPT, }
4283 #define POST_EX(exit) { .exit_code = (exit), \
4284 .stage = X86_ICPT_POST_EXCEPT, }
4285 #define POST_MEM(exit) { .exit_code = (exit), \
4286 .stage = X86_ICPT_POST_MEMACCESS, }
4288 static const struct __x86_intercept {
4290 enum x86_intercept_stage stage;
4291 } x86_intercept_map[] = {
4292 [x86_intercept_cr_read] = POST_EX(SVM_EXIT_READ_CR0),
4293 [x86_intercept_cr_write] = POST_EX(SVM_EXIT_WRITE_CR0),
4294 [x86_intercept_clts] = POST_EX(SVM_EXIT_WRITE_CR0),
4295 [x86_intercept_lmsw] = POST_EX(SVM_EXIT_WRITE_CR0),
4296 [x86_intercept_smsw] = POST_EX(SVM_EXIT_READ_CR0),
4297 [x86_intercept_dr_read] = POST_EX(SVM_EXIT_READ_DR0),
4298 [x86_intercept_dr_write] = POST_EX(SVM_EXIT_WRITE_DR0),
4299 [x86_intercept_sldt] = POST_EX(SVM_EXIT_LDTR_READ),
4300 [x86_intercept_str] = POST_EX(SVM_EXIT_TR_READ),
4301 [x86_intercept_lldt] = POST_EX(SVM_EXIT_LDTR_WRITE),
4302 [x86_intercept_ltr] = POST_EX(SVM_EXIT_TR_WRITE),
4303 [x86_intercept_sgdt] = POST_EX(SVM_EXIT_GDTR_READ),
4304 [x86_intercept_sidt] = POST_EX(SVM_EXIT_IDTR_READ),
4305 [x86_intercept_lgdt] = POST_EX(SVM_EXIT_GDTR_WRITE),
4306 [x86_intercept_lidt] = POST_EX(SVM_EXIT_IDTR_WRITE),
4307 [x86_intercept_vmrun] = POST_EX(SVM_EXIT_VMRUN),
4308 [x86_intercept_vmmcall] = POST_EX(SVM_EXIT_VMMCALL),
4309 [x86_intercept_vmload] = POST_EX(SVM_EXIT_VMLOAD),
4310 [x86_intercept_vmsave] = POST_EX(SVM_EXIT_VMSAVE),
4311 [x86_intercept_stgi] = POST_EX(SVM_EXIT_STGI),
4312 [x86_intercept_clgi] = POST_EX(SVM_EXIT_CLGI),
4313 [x86_intercept_skinit] = POST_EX(SVM_EXIT_SKINIT),
4314 [x86_intercept_invlpga] = POST_EX(SVM_EXIT_INVLPGA),
4315 [x86_intercept_rdtscp] = POST_EX(SVM_EXIT_RDTSCP),
4316 [x86_intercept_monitor] = POST_MEM(SVM_EXIT_MONITOR),
4317 [x86_intercept_mwait] = POST_EX(SVM_EXIT_MWAIT),
4318 [x86_intercept_invlpg] = POST_EX(SVM_EXIT_INVLPG),
4319 [x86_intercept_invd] = POST_EX(SVM_EXIT_INVD),
4320 [x86_intercept_wbinvd] = POST_EX(SVM_EXIT_WBINVD),
4321 [x86_intercept_wrmsr] = POST_EX(SVM_EXIT_MSR),
4322 [x86_intercept_rdtsc] = POST_EX(SVM_EXIT_RDTSC),
4323 [x86_intercept_rdmsr] = POST_EX(SVM_EXIT_MSR),
4324 [x86_intercept_rdpmc] = POST_EX(SVM_EXIT_RDPMC),
4325 [x86_intercept_cpuid] = PRE_EX(SVM_EXIT_CPUID),
4326 [x86_intercept_rsm] = PRE_EX(SVM_EXIT_RSM),
4327 [x86_intercept_pause] = PRE_EX(SVM_EXIT_PAUSE),
4328 [x86_intercept_pushf] = PRE_EX(SVM_EXIT_PUSHF),
4329 [x86_intercept_popf] = PRE_EX(SVM_EXIT_POPF),
4330 [x86_intercept_intn] = PRE_EX(SVM_EXIT_SWINT),
4331 [x86_intercept_iret] = PRE_EX(SVM_EXIT_IRET),
4332 [x86_intercept_icebp] = PRE_EX(SVM_EXIT_ICEBP),
4333 [x86_intercept_hlt] = POST_EX(SVM_EXIT_HLT),
4334 [x86_intercept_in] = POST_EX(SVM_EXIT_IOIO),
4335 [x86_intercept_ins] = POST_EX(SVM_EXIT_IOIO),
4336 [x86_intercept_out] = POST_EX(SVM_EXIT_IOIO),
4337 [x86_intercept_outs] = POST_EX(SVM_EXIT_IOIO),
4338 [x86_intercept_xsetbv] = PRE_EX(SVM_EXIT_XSETBV),
4345 static int svm_check_intercept(struct kvm_vcpu *vcpu,
4346 struct x86_instruction_info *info,
4347 enum x86_intercept_stage stage,
4348 struct x86_exception *exception)
4350 struct vcpu_svm *svm = to_svm(vcpu);
4351 int vmexit, ret = X86EMUL_CONTINUE;
4352 struct __x86_intercept icpt_info;
4353 struct vmcb *vmcb = svm->vmcb;
4355 if (info->intercept >= ARRAY_SIZE(x86_intercept_map))
4358 icpt_info = x86_intercept_map[info->intercept];
4360 if (stage != icpt_info.stage)
4363 switch (icpt_info.exit_code) {
4364 case SVM_EXIT_READ_CR0:
4365 if (info->intercept == x86_intercept_cr_read)
4366 icpt_info.exit_code += info->modrm_reg;
4368 case SVM_EXIT_WRITE_CR0: {
4369 unsigned long cr0, val;
4371 if (info->intercept == x86_intercept_cr_write)
4372 icpt_info.exit_code += info->modrm_reg;
4374 if (icpt_info.exit_code != SVM_EXIT_WRITE_CR0 ||
4375 info->intercept == x86_intercept_clts)
4378 if (!(vmcb12_is_intercept(&svm->nested.ctl,
4379 INTERCEPT_SELECTIVE_CR0)))
4382 cr0 = vcpu->arch.cr0 & ~SVM_CR0_SELECTIVE_MASK;
4383 val = info->src_val & ~SVM_CR0_SELECTIVE_MASK;
4385 if (info->intercept == x86_intercept_lmsw) {
4388 /* lmsw can't clear PE - catch this here */
4389 if (cr0 & X86_CR0_PE)
4394 icpt_info.exit_code = SVM_EXIT_CR0_SEL_WRITE;
4398 case SVM_EXIT_READ_DR0:
4399 case SVM_EXIT_WRITE_DR0:
4400 icpt_info.exit_code += info->modrm_reg;
4403 if (info->intercept == x86_intercept_wrmsr)
4404 vmcb->control.exit_info_1 = 1;
4406 vmcb->control.exit_info_1 = 0;
4408 case SVM_EXIT_PAUSE:
4410 * We get this for NOP only, but pause
4411 * is rep not, check this here
4413 if (info->rep_prefix != REPE_PREFIX)
4416 case SVM_EXIT_IOIO: {
4420 if (info->intercept == x86_intercept_in ||
4421 info->intercept == x86_intercept_ins) {
4422 exit_info = ((info->src_val & 0xffff) << 16) |
4424 bytes = info->dst_bytes;
4426 exit_info = (info->dst_val & 0xffff) << 16;
4427 bytes = info->src_bytes;
4430 if (info->intercept == x86_intercept_outs ||
4431 info->intercept == x86_intercept_ins)
4432 exit_info |= SVM_IOIO_STR_MASK;
4434 if (info->rep_prefix)
4435 exit_info |= SVM_IOIO_REP_MASK;
4437 bytes = min(bytes, 4u);
4439 exit_info |= bytes << SVM_IOIO_SIZE_SHIFT;
4441 exit_info |= (u32)info->ad_bytes << (SVM_IOIO_ASIZE_SHIFT - 1);
4443 vmcb->control.exit_info_1 = exit_info;
4444 vmcb->control.exit_info_2 = info->next_rip;
4452 /* TODO: Advertise NRIPS to guest hypervisor unconditionally */
4453 if (static_cpu_has(X86_FEATURE_NRIPS))
4454 vmcb->control.next_rip = info->next_rip;
4455 vmcb->control.exit_code = icpt_info.exit_code;
4456 vmexit = nested_svm_exit_handled(svm);
4458 ret = (vmexit == NESTED_EXIT_DONE) ? X86EMUL_INTERCEPTED
4465 static void svm_handle_exit_irqoff(struct kvm_vcpu *vcpu)
4467 if (to_svm(vcpu)->vmcb->control.exit_code == SVM_EXIT_INTR)
4468 vcpu->arch.at_instruction_boundary = true;
4471 static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
4473 if (!kvm_pause_in_guest(vcpu->kvm))
4474 shrink_ple_window(vcpu);
4477 static void svm_setup_mce(struct kvm_vcpu *vcpu)
4479 /* [63:9] are reserved. */
4480 vcpu->arch.mcg_cap &= 0x1ff;
4483 #ifdef CONFIG_KVM_SMM
4484 bool svm_smi_blocked(struct kvm_vcpu *vcpu)
4486 struct vcpu_svm *svm = to_svm(vcpu);
4488 /* Per APM Vol.2 15.22.2 "Response to SMI" */
4492 return is_smm(vcpu);
4495 static int svm_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
4497 struct vcpu_svm *svm = to_svm(vcpu);
4498 if (svm->nested.nested_run_pending)
4501 if (svm_smi_blocked(vcpu))
4504 /* An SMI must not be injected into L2 if it's supposed to VM-Exit. */
4505 if (for_injection && is_guest_mode(vcpu) && nested_exit_on_smi(svm))
4511 static int svm_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
4513 struct vcpu_svm *svm = to_svm(vcpu);
4514 struct kvm_host_map map_save;
4517 if (!is_guest_mode(vcpu))
4521 * 32-bit SMRAM format doesn't preserve EFER and SVM state. Userspace is
4522 * responsible for ensuring nested SVM and SMIs are mutually exclusive.
4525 if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
4528 smram->smram64.svm_guest_flag = 1;
4529 smram->smram64.svm_guest_vmcb_gpa = svm->nested.vmcb12_gpa;
4531 svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
4532 svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
4533 svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
4535 ret = nested_svm_simple_vmexit(svm, SVM_EXIT_SW);
4540 * KVM uses VMCB01 to store L1 host state while L2 runs but
4541 * VMCB01 is going to be used during SMM and thus the state will
4542 * be lost. Temporary save non-VMLOAD/VMSAVE state to the host save
4543 * area pointed to by MSR_VM_HSAVE_PA. APM guarantees that the
4544 * format of the area is identical to guest save area offsetted
4545 * by 0x400 (matches the offset of 'struct vmcb_save_area'
4546 * within 'struct vmcb'). Note: HSAVE area may also be used by
4547 * L1 hypervisor to save additional host context (e.g. KVM does
4548 * that, see svm_prepare_switch_to_guest()) which must be
4551 if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr), &map_save))
4554 BUILD_BUG_ON(offsetof(struct vmcb, save) != 0x400);
4556 svm_copy_vmrun_state(map_save.hva + 0x400,
4557 &svm->vmcb01.ptr->save);
4559 kvm_vcpu_unmap(vcpu, &map_save, true);
4563 static int svm_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
4565 struct vcpu_svm *svm = to_svm(vcpu);
4566 struct kvm_host_map map, map_save;
4567 struct vmcb *vmcb12;
4570 const struct kvm_smram_state_64 *smram64 = &smram->smram64;
4572 if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
4575 /* Non-zero if SMI arrived while vCPU was in guest mode. */
4576 if (!smram64->svm_guest_flag)
4579 if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM))
4582 if (!(smram64->efer & EFER_SVME))
4585 if (kvm_vcpu_map(vcpu, gpa_to_gfn(smram64->svm_guest_vmcb_gpa), &map))
4589 if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr), &map_save))
4592 if (svm_allocate_nested(svm))
4596 * Restore L1 host state from L1 HSAVE area as VMCB01 was
4597 * used during SMM (see svm_enter_smm())
4600 svm_copy_vmrun_state(&svm->vmcb01.ptr->save, map_save.hva + 0x400);
4603 * Enter the nested guest now
4606 vmcb_mark_all_dirty(svm->vmcb01.ptr);
4609 nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
4610 nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);
4611 ret = enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, vmcb12, false);
4616 svm->nested.nested_run_pending = 1;
4619 kvm_vcpu_unmap(vcpu, &map_save, true);
4621 kvm_vcpu_unmap(vcpu, &map, true);
4625 static void svm_enable_smi_window(struct kvm_vcpu *vcpu)
4627 struct vcpu_svm *svm = to_svm(vcpu);
4629 if (!gif_set(svm)) {
4631 svm_set_intercept(svm, INTERCEPT_STGI);
4632 /* STGI will cause a vm exit */
4634 /* We must be in SMM; RSM will cause a vmexit anyway. */
4639 static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type,
4640 void *insn, int insn_len)
4642 bool smep, smap, is_user;
4645 /* Emulation is always possible when KVM has access to all guest state. */
4646 if (!sev_guest(vcpu->kvm))
4649 /* #UD and #GP should never be intercepted for SEV guests. */
4650 WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD |
4651 EMULTYPE_TRAP_UD_FORCED |
4652 EMULTYPE_VMWARE_GP));
4655 * Emulation is impossible for SEV-ES guests as KVM doesn't have access
4656 * to guest register state.
4658 if (sev_es_guest(vcpu->kvm))
4662 * Emulation is possible if the instruction is already decoded, e.g.
4663 * when completing I/O after returning from userspace.
4665 if (emul_type & EMULTYPE_NO_DECODE)
4669 * Emulation is possible for SEV guests if and only if a prefilled
4670 * buffer containing the bytes of the intercepted instruction is
4671 * available. SEV guest memory is encrypted with a guest specific key
4672 * and cannot be decrypted by KVM, i.e. KVM would read cyphertext and
4675 * Inject #UD if KVM reached this point without an instruction buffer.
4676 * In practice, this path should never be hit by a well-behaved guest,
4677 * e.g. KVM doesn't intercept #UD or #GP for SEV guests, but this path
4678 * is still theoretically reachable, e.g. via unaccelerated fault-like
4679 * AVIC access, and needs to be handled by KVM to avoid putting the
4680 * guest into an infinite loop. Injecting #UD is somewhat arbitrary,
4681 * but its the least awful option given lack of insight into the guest.
4683 if (unlikely(!insn)) {
4684 kvm_queue_exception(vcpu, UD_VECTOR);
4689 * Emulate for SEV guests if the insn buffer is not empty. The buffer
4690 * will be empty if the DecodeAssist microcode cannot fetch bytes for
4691 * the faulting instruction because the code fetch itself faulted, e.g.
4692 * the guest attempted to fetch from emulated MMIO or a guest page
4693 * table used to translate CS:RIP resides in emulated MMIO.
4695 if (likely(insn_len))
4699 * Detect and workaround Errata 1096 Fam_17h_00_0Fh.
4702 * When CPU raises #NPF on guest data access and vCPU CR4.SMAP=1, it is
4703 * possible that CPU microcode implementing DecodeAssist will fail to
4704 * read guest memory at CS:RIP and vmcb.GuestIntrBytes will incorrectly
4705 * be '0'. This happens because microcode reads CS:RIP using a _data_
4706 * loap uop with CPL=0 privileges. If the load hits a SMAP #PF, ucode
4707 * gives up and does not fill the instruction bytes buffer.
4709 * As above, KVM reaches this point iff the VM is an SEV guest, the CPU
4710 * supports DecodeAssist, a #NPF was raised, KVM's page fault handler
4711 * triggered emulation (e.g. for MMIO), and the CPU returned 0 in the
4712 * GuestIntrBytes field of the VMCB.
4714 * This does _not_ mean that the erratum has been encountered, as the
4715 * DecodeAssist will also fail if the load for CS:RIP hits a legitimate
4716 * #PF, e.g. if the guest attempt to execute from emulated MMIO and
4717 * encountered a reserved/not-present #PF.
4719 * To hit the erratum, the following conditions must be true:
4720 * 1. CR4.SMAP=1 (obviously).
4721 * 2. CR4.SMEP=0 || CPL=3. If SMEP=1 and CPL<3, the erratum cannot
4722 * have been hit as the guest would have encountered a SMEP
4723 * violation #PF, not a #NPF.
4724 * 3. The #NPF is not due to a code fetch, in which case failure to
4725 * retrieve the instruction bytes is legitimate (see abvoe).
4727 * In addition, don't apply the erratum workaround if the #NPF occurred
4728 * while translating guest page tables (see below).
4730 error_code = to_svm(vcpu)->vmcb->control.exit_info_1;
4731 if (error_code & (PFERR_GUEST_PAGE_MASK | PFERR_FETCH_MASK))
4734 smep = kvm_is_cr4_bit_set(vcpu, X86_CR4_SMEP);
4735 smap = kvm_is_cr4_bit_set(vcpu, X86_CR4_SMAP);
4736 is_user = svm_get_cpl(vcpu) == 3;
4737 if (smap && (!smep || is_user)) {
4738 pr_err_ratelimited("SEV Guest triggered AMD Erratum 1096\n");
4741 * If the fault occurred in userspace, arbitrarily inject #GP
4742 * to avoid killing the guest and to hopefully avoid confusing
4743 * the guest kernel too much, e.g. injecting #PF would not be
4744 * coherent with respect to the guest's page tables. Request
4745 * triple fault if the fault occurred in the kernel as there's
4746 * no fault that KVM can inject without confusing the guest.
4747 * In practice, the triple fault is moot as no sane SEV kernel
4748 * will execute from user memory while also running with SMAP=1.
4751 kvm_inject_gp(vcpu, 0);
4753 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
4758 * If the erratum was not hit, simply resume the guest and let it fault
4759 * again. While awful, e.g. the vCPU may get stuck in an infinite loop
4760 * if the fault is at CPL=0, it's the lesser of all evils. Exiting to
4761 * userspace will kill the guest, and letting the emulator read garbage
4762 * will yield random behavior and potentially corrupt the guest.
4764 * Simply resuming the guest is technically not a violation of the SEV
4765 * architecture. AMD's APM states that all code fetches and page table
4766 * accesses for SEV guest are encrypted, regardless of the C-Bit. The
4767 * APM also states that encrypted accesses to MMIO are "ignored", but
4768 * doesn't explicitly define "ignored", i.e. doing nothing and letting
4769 * the guest spin is technically "ignoring" the access.
4774 static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
4776 struct vcpu_svm *svm = to_svm(vcpu);
4778 return !gif_set(svm);
4781 static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
4783 if (!sev_es_guest(vcpu->kvm))
4784 return kvm_vcpu_deliver_sipi_vector(vcpu, vector);
4786 sev_vcpu_deliver_sipi_vector(vcpu, vector);
4789 static void svm_vm_destroy(struct kvm *kvm)
4791 avic_vm_destroy(kvm);
4792 sev_vm_destroy(kvm);
4795 static int svm_vm_init(struct kvm *kvm)
4797 if (!pause_filter_count || !pause_filter_thresh)
4798 kvm->arch.pause_in_guest = true;
4801 int ret = avic_vm_init(kvm);
4809 static struct kvm_x86_ops svm_x86_ops __initdata = {
4810 .name = KBUILD_MODNAME,
4812 .check_processor_compatibility = svm_check_processor_compat,
4814 .hardware_unsetup = svm_hardware_unsetup,
4815 .hardware_enable = svm_hardware_enable,
4816 .hardware_disable = svm_hardware_disable,
4817 .has_emulated_msr = svm_has_emulated_msr,
4819 .vcpu_create = svm_vcpu_create,
4820 .vcpu_free = svm_vcpu_free,
4821 .vcpu_reset = svm_vcpu_reset,
4823 .vm_size = sizeof(struct kvm_svm),
4824 .vm_init = svm_vm_init,
4825 .vm_destroy = svm_vm_destroy,
4827 .prepare_switch_to_guest = svm_prepare_switch_to_guest,
4828 .vcpu_load = svm_vcpu_load,
4829 .vcpu_put = svm_vcpu_put,
4830 .vcpu_blocking = avic_vcpu_blocking,
4831 .vcpu_unblocking = avic_vcpu_unblocking,
4833 .update_exception_bitmap = svm_update_exception_bitmap,
4834 .get_msr_feature = svm_get_msr_feature,
4835 .get_msr = svm_get_msr,
4836 .set_msr = svm_set_msr,
4837 .get_segment_base = svm_get_segment_base,
4838 .get_segment = svm_get_segment,
4839 .set_segment = svm_set_segment,
4840 .get_cpl = svm_get_cpl,
4841 .get_cs_db_l_bits = svm_get_cs_db_l_bits,
4842 .set_cr0 = svm_set_cr0,
4843 .post_set_cr3 = sev_post_set_cr3,
4844 .is_valid_cr4 = svm_is_valid_cr4,
4845 .set_cr4 = svm_set_cr4,
4846 .set_efer = svm_set_efer,
4847 .get_idt = svm_get_idt,
4848 .set_idt = svm_set_idt,
4849 .get_gdt = svm_get_gdt,
4850 .set_gdt = svm_set_gdt,
4851 .set_dr7 = svm_set_dr7,
4852 .sync_dirty_debug_regs = svm_sync_dirty_debug_regs,
4853 .cache_reg = svm_cache_reg,
4854 .get_rflags = svm_get_rflags,
4855 .set_rflags = svm_set_rflags,
4856 .get_if_flag = svm_get_if_flag,
4858 .flush_tlb_all = svm_flush_tlb_all,
4859 .flush_tlb_current = svm_flush_tlb_current,
4860 .flush_tlb_gva = svm_flush_tlb_gva,
4861 .flush_tlb_guest = svm_flush_tlb_asid,
4863 .vcpu_pre_run = svm_vcpu_pre_run,
4864 .vcpu_run = svm_vcpu_run,
4865 .handle_exit = svm_handle_exit,
4866 .skip_emulated_instruction = svm_skip_emulated_instruction,
4867 .update_emulated_instruction = NULL,
4868 .set_interrupt_shadow = svm_set_interrupt_shadow,
4869 .get_interrupt_shadow = svm_get_interrupt_shadow,
4870 .patch_hypercall = svm_patch_hypercall,
4871 .inject_irq = svm_inject_irq,
4872 .inject_nmi = svm_inject_nmi,
4873 .is_vnmi_pending = svm_is_vnmi_pending,
4874 .set_vnmi_pending = svm_set_vnmi_pending,
4875 .inject_exception = svm_inject_exception,
4876 .cancel_injection = svm_cancel_injection,
4877 .interrupt_allowed = svm_interrupt_allowed,
4878 .nmi_allowed = svm_nmi_allowed,
4879 .get_nmi_mask = svm_get_nmi_mask,
4880 .set_nmi_mask = svm_set_nmi_mask,
4881 .enable_nmi_window = svm_enable_nmi_window,
4882 .enable_irq_window = svm_enable_irq_window,
4883 .update_cr8_intercept = svm_update_cr8_intercept,
4884 .set_virtual_apic_mode = avic_refresh_virtual_apic_mode,
4885 .refresh_apicv_exec_ctrl = avic_refresh_apicv_exec_ctrl,
4886 .apicv_post_state_restore = avic_apicv_post_state_restore,
4887 .required_apicv_inhibits = AVIC_REQUIRED_APICV_INHIBITS,
4889 .get_exit_info = svm_get_exit_info,
4891 .vcpu_after_set_cpuid = svm_vcpu_after_set_cpuid,
4893 .has_wbinvd_exit = svm_has_wbinvd_exit,
4895 .get_l2_tsc_offset = svm_get_l2_tsc_offset,
4896 .get_l2_tsc_multiplier = svm_get_l2_tsc_multiplier,
4897 .write_tsc_offset = svm_write_tsc_offset,
4898 .write_tsc_multiplier = svm_write_tsc_multiplier,
4900 .load_mmu_pgd = svm_load_mmu_pgd,
4902 .check_intercept = svm_check_intercept,
4903 .handle_exit_irqoff = svm_handle_exit_irqoff,
4905 .request_immediate_exit = __kvm_request_immediate_exit,
4907 .sched_in = svm_sched_in,
4909 .nested_ops = &svm_nested_ops,
4911 .deliver_interrupt = svm_deliver_interrupt,
4912 .pi_update_irte = avic_pi_update_irte,
4913 .setup_mce = svm_setup_mce,
4915 #ifdef CONFIG_KVM_SMM
4916 .smi_allowed = svm_smi_allowed,
4917 .enter_smm = svm_enter_smm,
4918 .leave_smm = svm_leave_smm,
4919 .enable_smi_window = svm_enable_smi_window,
4922 .mem_enc_ioctl = sev_mem_enc_ioctl,
4923 .mem_enc_register_region = sev_mem_enc_register_region,
4924 .mem_enc_unregister_region = sev_mem_enc_unregister_region,
4925 .guest_memory_reclaimed = sev_guest_memory_reclaimed,
4927 .vm_copy_enc_context_from = sev_vm_copy_enc_context_from,
4928 .vm_move_enc_context_from = sev_vm_move_enc_context_from,
4930 .can_emulate_instruction = svm_can_emulate_instruction,
4932 .apic_init_signal_blocked = svm_apic_init_signal_blocked,
4934 .msr_filter_changed = svm_msr_filter_changed,
4935 .complete_emulated_msr = svm_complete_emulated_msr,
4937 .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector,
4938 .vcpu_get_apicv_inhibit_reasons = avic_vcpu_get_apicv_inhibit_reasons,
4942 * The default MMIO mask is a single bit (excluding the present bit),
4943 * which could conflict with the memory encryption bit. Check for
4944 * memory encryption support and override the default MMIO mask if
4945 * memory encryption is enabled.
4947 static __init void svm_adjust_mmio_mask(void)
4949 unsigned int enc_bit, mask_bit;
4952 /* If there is no memory encryption support, use existing mask */
4953 if (cpuid_eax(0x80000000) < 0x8000001f)
4956 /* If memory encryption is not enabled, use existing mask */
4957 rdmsrl(MSR_AMD64_SYSCFG, msr);
4958 if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT))
4961 enc_bit = cpuid_ebx(0x8000001f) & 0x3f;
4962 mask_bit = boot_cpu_data.x86_phys_bits;
4964 /* Increment the mask bit if it is the same as the encryption bit */
4965 if (enc_bit == mask_bit)
4969 * If the mask bit location is below 52, then some bits above the
4970 * physical addressing limit will always be reserved, so use the
4971 * rsvd_bits() function to generate the mask. This mask, along with
4972 * the present bit, will be used to generate a page fault with
4975 * If the mask bit location is 52 (or above), then clear the mask.
4977 mask = (mask_bit < 52) ? rsvd_bits(mask_bit, 51) | PT_PRESENT_MASK : 0;
4979 kvm_mmu_set_mmio_spte_mask(mask, mask, PT_WRITABLE_MASK | PT_USER_MASK);
4982 static __init void svm_set_cpu_caps(void)
4986 kvm_caps.supported_perf_cap = 0;
4987 kvm_caps.supported_xss = 0;
4989 /* CPUID 0x80000001 and 0x8000000A (SVM features) */
4991 kvm_cpu_cap_set(X86_FEATURE_SVM);
4992 kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
4995 kvm_cpu_cap_set(X86_FEATURE_NRIPS);
4998 kvm_cpu_cap_set(X86_FEATURE_NPT);
5001 kvm_cpu_cap_set(X86_FEATURE_TSCRATEMSR);
5004 kvm_cpu_cap_set(X86_FEATURE_V_VMSAVE_VMLOAD);
5006 kvm_cpu_cap_set(X86_FEATURE_LBRV);
5008 if (boot_cpu_has(X86_FEATURE_PAUSEFILTER))
5009 kvm_cpu_cap_set(X86_FEATURE_PAUSEFILTER);
5011 if (boot_cpu_has(X86_FEATURE_PFTHRESHOLD))
5012 kvm_cpu_cap_set(X86_FEATURE_PFTHRESHOLD);
5015 kvm_cpu_cap_set(X86_FEATURE_VGIF);
5018 kvm_cpu_cap_set(X86_FEATURE_VNMI);
5020 /* Nested VM can receive #VMEXIT instead of triggering #GP */
5021 kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);
5024 /* CPUID 0x80000008 */
5025 if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD) ||
5026 boot_cpu_has(X86_FEATURE_AMD_SSBD))
5027 kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
5031 * Enumerate support for PERFCTR_CORE if and only if KVM has
5032 * access to enough counters to virtualize "core" support,
5033 * otherwise limit vPMU support to the legacy number of counters.
5035 if (kvm_pmu_cap.num_counters_gp < AMD64_NUM_COUNTERS_CORE)
5036 kvm_pmu_cap.num_counters_gp = min(AMD64_NUM_COUNTERS,
5037 kvm_pmu_cap.num_counters_gp);
5039 kvm_cpu_cap_check_and_set(X86_FEATURE_PERFCTR_CORE);
5041 if (kvm_pmu_cap.version != 2 ||
5042 !kvm_cpu_cap_has(X86_FEATURE_PERFCTR_CORE))
5043 kvm_cpu_cap_clear(X86_FEATURE_PERFMON_V2);
5046 /* CPUID 0x8000001F (SME/SEV features) */
5050 static __init int svm_hardware_setup(void)
5053 struct page *iopm_pages;
5056 unsigned int order = get_order(IOPM_SIZE);
5059 * NX is required for shadow paging and for NPT if the NX huge pages
5060 * mitigation is enabled.
5062 if (!boot_cpu_has(X86_FEATURE_NX)) {
5063 pr_err_ratelimited("NX (Execute Disable) not supported\n");
5066 kvm_enable_efer_bits(EFER_NX);
5068 iopm_pages = alloc_pages(GFP_KERNEL, order);
5073 iopm_va = page_address(iopm_pages);
5074 memset(iopm_va, 0xff, PAGE_SIZE * (1 << order));
5075 iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT;
5077 init_msrpm_offsets();
5079 kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
5080 XFEATURE_MASK_BNDCSR);
5082 if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
5083 kvm_enable_efer_bits(EFER_FFXSR);
5086 if (!boot_cpu_has(X86_FEATURE_TSCRATEMSR)) {
5087 tsc_scaling = false;
5089 pr_info("TSC scaling supported\n");
5090 kvm_caps.has_tsc_control = true;
5093 kvm_caps.max_tsc_scaling_ratio = SVM_TSC_RATIO_MAX;
5094 kvm_caps.tsc_scaling_ratio_frac_bits = 32;
5096 tsc_aux_uret_slot = kvm_add_user_return_msr(MSR_TSC_AUX);
5098 if (boot_cpu_has(X86_FEATURE_AUTOIBRS))
5099 kvm_enable_efer_bits(EFER_AUTOIBRS);
5101 /* Check for pause filtering support */
5102 if (!boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {
5103 pause_filter_count = 0;
5104 pause_filter_thresh = 0;
5105 } else if (!boot_cpu_has(X86_FEATURE_PFTHRESHOLD)) {
5106 pause_filter_thresh = 0;
5110 pr_info("Nested Virtualization enabled\n");
5111 kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
5115 * KVM's MMU doesn't support using 2-level paging for itself, and thus
5116 * NPT isn't supported if the host is using 2-level paging since host
5117 * CR4 is unchanged on VMRUN.
5119 if (!IS_ENABLED(CONFIG_X86_64) && !IS_ENABLED(CONFIG_X86_PAE))
5120 npt_enabled = false;
5122 if (!boot_cpu_has(X86_FEATURE_NPT))
5123 npt_enabled = false;
5125 /* Force VM NPT level equal to the host's paging level */
5126 kvm_configure_mmu(npt_enabled, get_npt_level(),
5127 get_npt_level(), PG_LEVEL_1G);
5128 pr_info("Nested Paging %sabled\n", npt_enabled ? "en" : "dis");
5130 /* Setup shadow_me_value and shadow_me_mask */
5131 kvm_mmu_set_me_spte_mask(sme_me_mask, sme_me_mask);
5133 svm_adjust_mmio_mask();
5136 * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
5137 * may be modified by svm_adjust_mmio_mask()).
5139 sev_hardware_setup();
5141 svm_hv_hardware_setup();
5143 for_each_possible_cpu(cpu) {
5144 r = svm_cpu_init(cpu);
5150 if (!boot_cpu_has(X86_FEATURE_NRIPS))
5154 enable_apicv = avic = avic && avic_hardware_setup();
5156 if (!enable_apicv) {
5157 svm_x86_ops.vcpu_blocking = NULL;
5158 svm_x86_ops.vcpu_unblocking = NULL;
5159 svm_x86_ops.vcpu_get_apicv_inhibit_reasons = NULL;
5160 } else if (!x2avic_enabled) {
5161 svm_x86_ops.allow_apicv_in_x2apic_without_x2apic_virtualization = true;
5166 !boot_cpu_has(X86_FEATURE_V_VMSAVE_VMLOAD) ||
5167 !IS_ENABLED(CONFIG_X86_64)) {
5170 pr_info("Virtual VMLOAD VMSAVE supported\n");
5174 if (boot_cpu_has(X86_FEATURE_SVME_ADDR_CHK))
5175 svm_gp_erratum_intercept = false;
5178 if (!boot_cpu_has(X86_FEATURE_VGIF))
5181 pr_info("Virtual GIF supported\n");
5184 vnmi = vgif && vnmi && boot_cpu_has(X86_FEATURE_VNMI);
5186 pr_info("Virtual NMI enabled\n");
5189 svm_x86_ops.is_vnmi_pending = NULL;
5190 svm_x86_ops.set_vnmi_pending = NULL;
5195 if (!boot_cpu_has(X86_FEATURE_LBRV))
5198 pr_info("LBR virtualization supported\n");
5202 pr_info("PMU virtualization is disabled\n");
5207 * It seems that on AMD processors PTE's accessed bit is
5208 * being set by the CPU hardware before the NPF vmexit.
5209 * This is not expected behaviour and our tests fail because
5211 * A workaround here is to disable support for
5212 * GUEST_MAXPHYADDR < HOST_MAXPHYADDR if NPT is enabled.
5213 * In this case userspace can know if there is support using
5214 * KVM_CAP_SMALLER_MAXPHYADDR extension and decide how to handle
5216 * If future AMD CPU models change the behaviour described above,
5217 * this variable can be changed accordingly
5219 allow_smaller_maxphyaddr = !npt_enabled;
5224 svm_hardware_unsetup();
5229 static struct kvm_x86_init_ops svm_init_ops __initdata = {
5230 .hardware_setup = svm_hardware_setup,
5232 .runtime_ops = &svm_x86_ops,
5233 .pmu_ops = &amd_pmu_ops,
5236 static void __svm_exit(void)
5238 kvm_x86_vendor_exit();
5240 cpu_emergency_unregister_virt_callback(svm_emergency_disable);
5243 static int __init svm_init(void)
5247 __unused_size_checks();
5249 if (!kvm_is_svm_supported())
5252 r = kvm_x86_vendor_init(&svm_init_ops);
5256 cpu_emergency_register_virt_callback(svm_emergency_disable);
5259 * Common KVM initialization _must_ come last, after this, /dev/kvm is
5260 * exposed to userspace!
5262 r = kvm_init(sizeof(struct vcpu_svm), __alignof__(struct vcpu_svm),
5274 static void __exit svm_exit(void)
5280 module_init(svm_init)
5281 module_exit(svm_exit)
projects / platform / kernel / linux-starfive.git / blob