KVM
vmx.c
Go to the documentation of this file.
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Kernel-based Virtual Machine driver for Linux
4  *
5  * This module enables machines with Intel VT-x extensions to run virtual
6  * machines without emulation or binary translation.
7  *
8  * Copyright (C) 2006 Qumranet, Inc.
9  * Copyright 2010 Red Hat, Inc. and/or its affiliates.
10  *
11  * Authors:
12  * Avi Kivity <avi@qumranet.com>
13  * Yaniv Kamay <yaniv@qumranet.com>
14  */
15 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
16 
17 #include <linux/highmem.h>
18 #include <linux/hrtimer.h>
19 #include <linux/kernel.h>
20 #include <linux/kvm_host.h>
21 #include <linux/module.h>
22 #include <linux/moduleparam.h>
23 #include <linux/mod_devicetable.h>
24 #include <linux/mm.h>
25 #include <linux/objtool.h>
26 #include <linux/sched.h>
27 #include <linux/sched/smt.h>
28 #include <linux/slab.h>
29 #include <linux/tboot.h>
30 #include <linux/trace_events.h>
31 #include <linux/entry-kvm.h>
32 
33 #include <asm/apic.h>
34 #include <asm/asm.h>
35 #include <asm/cpu.h>
36 #include <asm/cpu_device_id.h>
37 #include <asm/debugreg.h>
38 #include <asm/desc.h>
39 #include <asm/fpu/api.h>
40 #include <asm/fpu/xstate.h>
41 #include <asm/idtentry.h>
42 #include <asm/io.h>
43 #include <asm/irq_remapping.h>
44 #include <asm/reboot.h>
45 #include <asm/perf_event.h>
46 #include <asm/mmu_context.h>
47 #include <asm/mshyperv.h>
48 #include <asm/mwait.h>
49 #include <asm/spec-ctrl.h>
50 #include <asm/vmx.h>
51 
52 #include "capabilities.h"
53 #include "cpuid.h"
54 #include "hyperv.h"
55 #include "kvm_onhyperv.h"
56 #include "irq.h"
57 #include "kvm_cache_regs.h"
58 #include "lapic.h"
59 #include "mmu.h"
60 #include "nested.h"
61 #include "pmu.h"
62 #include "sgx.h"
63 #include "trace.h"
64 #include "vmcs.h"
65 #include "vmcs12.h"
66 #include "vmx.h"
67 #include "x86.h"
68 #include "smm.h"
69 #include "vmx_onhyperv.h"
70 
71 MODULE_AUTHOR("Qumranet");
72 MODULE_LICENSE("GPL");
73 
74 #ifdef MODULE
75 static const struct x86_cpu_id vmx_cpu_id[] = {
76  X86_MATCH_FEATURE(X86_FEATURE_VMX, NULL),
77  {}
78 };
79 MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id);
80 #endif
81 
82 bool __read_mostly enable_vpid = 1;
83 module_param_named(vpid, enable_vpid, bool, 0444);
84 
85 static bool __read_mostly enable_vnmi = 1;
86 module_param_named(vnmi, enable_vnmi, bool, 0444);
87 
88 bool __read_mostly flexpriority_enabled = 1;
89 module_param_named(flexpriority, flexpriority_enabled, bool, 0444);
90 
91 bool __read_mostly enable_ept = 1;
92 module_param_named(ept, enable_ept, bool, 0444);
93 
94 bool __read_mostly enable_unrestricted_guest = 1;
95 module_param_named(unrestricted_guest,
96  enable_unrestricted_guest, bool, 0444);
97 
98 bool __read_mostly enable_ept_ad_bits = 1;
99 module_param_named(eptad, enable_ept_ad_bits, bool, 0444);
100 
101 static bool __read_mostly emulate_invalid_guest_state = true;
102 module_param(emulate_invalid_guest_state, bool, 0444);
103 
104 static bool __read_mostly fasteoi = 1;
105 module_param(fasteoi, bool, 0444);
106 
107 module_param(enable_apicv, bool, 0444);
108 
109 bool __read_mostly enable_ipiv = true;
110 module_param(enable_ipiv, bool, 0444);
111 
112 /*
113  * If nested=1, nested virtualization is supported, i.e., guests may use
114  * VMX and be a hypervisor for its own guests. If nested=0, guests may not
115  * use VMX instructions.
116  */
117 static bool __read_mostly nested = 1;
118 module_param(nested, bool, 0444);
119 
120 bool __read_mostly enable_pml = 1;
121 module_param_named(pml, enable_pml, bool, 0444);
122 
123 static bool __read_mostly error_on_inconsistent_vmcs_config = true;
124 module_param(error_on_inconsistent_vmcs_config, bool, 0444);
125 
126 static bool __read_mostly dump_invalid_vmcs = 0;
127 module_param(dump_invalid_vmcs, bool, 0644);
128 
129 #define MSR_BITMAP_MODE_X2APIC 1
130 #define MSR_BITMAP_MODE_X2APIC_APICV 2
131 
132 #define KVM_VMX_TSC_MULTIPLIER_MAX 0xffffffffffffffffULL
133 
134 /* Guest_tsc -> host_tsc conversion requires 64-bit division. */
135 static int __read_mostly cpu_preemption_timer_multi;
136 static bool __read_mostly enable_preemption_timer = 1;
137 #ifdef CONFIG_X86_64
138 module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO);
139 #endif
140 
141 extern bool __read_mostly allow_smaller_maxphyaddr;
142 module_param(allow_smaller_maxphyaddr, bool, S_IRUGO);
143 
144 #define KVM_VM_CR0_ALWAYS_OFF (X86_CR0_NW | X86_CR0_CD)
145 #define KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR0_NE
146 #define KVM_VM_CR0_ALWAYS_ON \
147  (KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST | X86_CR0_PG | X86_CR0_PE)
148 
149 #define KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR4_VMXE
150 #define KVM_PMODE_VM_CR4_ALWAYS_ON (X86_CR4_PAE | X86_CR4_VMXE)
151 #define KVM_RMODE_VM_CR4_ALWAYS_ON (X86_CR4_VME | X86_CR4_PAE | X86_CR4_VMXE)
152 
153 #define RMODE_GUEST_OWNED_EFLAGS_BITS (~(X86_EFLAGS_IOPL | X86_EFLAGS_VM))
154 
155 #define MSR_IA32_RTIT_STATUS_MASK (~(RTIT_STATUS_FILTEREN | \
156  RTIT_STATUS_CONTEXTEN | RTIT_STATUS_TRIGGEREN | \
157  RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED | \
158  RTIT_STATUS_BYTECNT))
159 
160 /*
161  * List of MSRs that can be directly passed to the guest.
162  * In addition to these x2apic and PT MSRs are handled specially.
163  */
164 static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSTHROUGH_MSRS] = {
165  MSR_IA32_SPEC_CTRL,
166  MSR_IA32_PRED_CMD,
167  MSR_IA32_FLUSH_CMD,
168  MSR_IA32_TSC,
169 #ifdef CONFIG_X86_64
170  MSR_FS_BASE,
171  MSR_GS_BASE,
172  MSR_KERNEL_GS_BASE,
173  MSR_IA32_XFD,
174  MSR_IA32_XFD_ERR,
175 #endif
176  MSR_IA32_SYSENTER_CS,
177  MSR_IA32_SYSENTER_ESP,
178  MSR_IA32_SYSENTER_EIP,
179  MSR_CORE_C1_RES,
180  MSR_CORE_C3_RESIDENCY,
181  MSR_CORE_C6_RESIDENCY,
182  MSR_CORE_C7_RESIDENCY,
183 };
184 
185 /*
186  * These 2 parameters are used to config the controls for Pause-Loop Exiting:
187  * ple_gap: upper bound on the amount of time between two successive
188  * executions of PAUSE in a loop. Also indicate if ple enabled.
189  * According to test, this time is usually smaller than 128 cycles.
190  * ple_window: upper bound on the amount of time a guest is allowed to execute
191  * in a PAUSE loop. Tests indicate that most spinlocks are held for
192  * less than 2^12 cycles
193  * Time is measured based on a counter that runs at the same rate as the TSC,
194  * refer SDM volume 3b section 21.6.13 & 22.1.3.
195  */
196 static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP;
197 module_param(ple_gap, uint, 0444);
198 
199 static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW;
200 module_param(ple_window, uint, 0444);
201 
202 /* Default doubles per-vcpu window every exit. */
203 static unsigned int ple_window_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
204 module_param(ple_window_grow, uint, 0444);
205 
206 /* Default resets per-vcpu window every exit to ple_window. */
207 static unsigned int ple_window_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
208 module_param(ple_window_shrink, uint, 0444);
209 
210 /* Default is to compute the maximum so we can never overflow. */
211 static unsigned int ple_window_max = KVM_VMX_DEFAULT_PLE_WINDOW_MAX;
212 module_param(ple_window_max, uint, 0444);
213 
214 /* Default is SYSTEM mode, 1 for host-guest mode */
215 int __read_mostly pt_mode = PT_MODE_SYSTEM;
216 module_param(pt_mode, int, S_IRUGO);
217 
218 static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush);
219 static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond);
220 static DEFINE_MUTEX(vmx_l1d_flush_mutex);
221 
222 /* Storage for pre module init parameter parsing */
223 static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO;
224 
225 static const struct {
226  const char *option;
227  bool for_parse;
228 } vmentry_l1d_param[] = {
229  [VMENTER_L1D_FLUSH_AUTO] = {"auto", true},
230  [VMENTER_L1D_FLUSH_NEVER] = {"never", true},
231  [VMENTER_L1D_FLUSH_COND] = {"cond", true},
232  [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true},
233  [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false},
234  [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false},
235 };
236 
237 #define L1D_CACHE_ORDER 4
238 static void *vmx_l1d_flush_pages;
239 
240 static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
241 {
242  struct page *page;
243  unsigned int i;
244 
245  if (!boot_cpu_has_bug(X86_BUG_L1TF)) {
246  l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
247  return 0;
248  }
249 
250  if (!enable_ept) {
251  l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED;
252  return 0;
253  }
254 
255  if (host_arch_capabilities & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {
256  l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
257  return 0;
258  }
259 
260  /* If set to auto use the default l1tf mitigation method */
261  if (l1tf == VMENTER_L1D_FLUSH_AUTO) {
262  switch (l1tf_mitigation) {
263  case L1TF_MITIGATION_OFF:
264  l1tf = VMENTER_L1D_FLUSH_NEVER;
265  break;
266  case L1TF_MITIGATION_FLUSH_NOWARN:
267  case L1TF_MITIGATION_FLUSH:
268  case L1TF_MITIGATION_FLUSH_NOSMT:
269  l1tf = VMENTER_L1D_FLUSH_COND;
270  break;
271  case L1TF_MITIGATION_FULL:
272  case L1TF_MITIGATION_FULL_FORCE:
273  l1tf = VMENTER_L1D_FLUSH_ALWAYS;
274  break;
275  }
276  } else if (l1tf_mitigation == L1TF_MITIGATION_FULL_FORCE) {
277  l1tf = VMENTER_L1D_FLUSH_ALWAYS;
278  }
279 
280  if (l1tf != VMENTER_L1D_FLUSH_NEVER && !vmx_l1d_flush_pages &&
281  !boot_cpu_has(X86_FEATURE_FLUSH_L1D)) {
282  /*
283  * This allocation for vmx_l1d_flush_pages is not tied to a VM
284  * lifetime and so should not be charged to a memcg.
285  */
286  page = alloc_pages(GFP_KERNEL, L1D_CACHE_ORDER);
287  if (!page)
288  return -ENOMEM;
289  vmx_l1d_flush_pages = page_address(page);
290 
291  /*
292  * Initialize each page with a different pattern in
293  * order to protect against KSM in the nested
294  * virtualization case.
295  */
296  for (i = 0; i < 1u << L1D_CACHE_ORDER; ++i) {
297  memset(vmx_l1d_flush_pages + i * PAGE_SIZE, i + 1,
298  PAGE_SIZE);
299  }
300  }
301 
302  l1tf_vmx_mitigation = l1tf;
303 
304  if (l1tf != VMENTER_L1D_FLUSH_NEVER)
305  static_branch_enable(&vmx_l1d_should_flush);
306  else
307  static_branch_disable(&vmx_l1d_should_flush);
308 
309  if (l1tf == VMENTER_L1D_FLUSH_COND)
310  static_branch_enable(&vmx_l1d_flush_cond);
311  else
312  static_branch_disable(&vmx_l1d_flush_cond);
313  return 0;
314 }
315 
316 static int vmentry_l1d_flush_parse(const char *s)
317 {
318  unsigned int i;
319 
320  if (s) {
321  for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) {
322  if (vmentry_l1d_param[i].for_parse &&
323  sysfs_streq(s, vmentry_l1d_param[i].option))
324  return i;
325  }
326  }
327  return -EINVAL;
328 }
329 
330 static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
331 {
332  int l1tf, ret;
333 
334  l1tf = vmentry_l1d_flush_parse(s);
335  if (l1tf < 0)
336  return l1tf;
337 
338  if (!boot_cpu_has(X86_BUG_L1TF))
339  return 0;
340 
341  /*
342  * Has vmx_init() run already? If not then this is the pre init
343  * parameter parsing. In that case just store the value and let
344  * vmx_init() do the proper setup after enable_ept has been
345  * established.
346  */
347  if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) {
348  vmentry_l1d_flush_param = l1tf;
349  return 0;
350  }
351 
352  mutex_lock(&vmx_l1d_flush_mutex);
353  ret = vmx_setup_l1d_flush(l1tf);
354  mutex_unlock(&vmx_l1d_flush_mutex);
355  return ret;
356 }
357 
358 static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
359 {
360  if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param)))
361  return sysfs_emit(s, "???\n");
362 
363  return sysfs_emit(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option);
364 }
365 
366 static __always_inline void vmx_disable_fb_clear(struct vcpu_vmx *vmx)
367 {
368  u64 msr;
369 
370  if (!vmx->disable_fb_clear)
371  return;
372 
373  msr = __rdmsr(MSR_IA32_MCU_OPT_CTRL);
374  msr |= FB_CLEAR_DIS;
375  native_wrmsrl(MSR_IA32_MCU_OPT_CTRL, msr);
376  /* Cache the MSR value to avoid reading it later */
377  vmx->msr_ia32_mcu_opt_ctrl = msr;
378 }
379 
380 static __always_inline void vmx_enable_fb_clear(struct vcpu_vmx *vmx)
381 {
382  if (!vmx->disable_fb_clear)
383  return;
384 
385  vmx->msr_ia32_mcu_opt_ctrl &= ~FB_CLEAR_DIS;
386  native_wrmsrl(MSR_IA32_MCU_OPT_CTRL, vmx->msr_ia32_mcu_opt_ctrl);
387 }
388 
389 static void vmx_update_fb_clear_dis(struct kvm_vcpu *vcpu, struct vcpu_vmx *vmx)
390 {
391  /*
392  * Disable VERW's behavior of clearing CPU buffers for the guest if the
393  * CPU isn't affected by MDS/TAA, and the host hasn't forcefully enabled
394  * the mitigation. Disabling the clearing behavior provides a
395  * performance boost for guests that aren't aware that manually clearing
396  * CPU buffers is unnecessary, at the cost of MSR accesses on VM-Entry
397  * and VM-Exit.
398  */
399  vmx->disable_fb_clear = !cpu_feature_enabled(X86_FEATURE_CLEAR_CPU_BUF) &&
400  (host_arch_capabilities & ARCH_CAP_FB_CLEAR_CTRL) &&
401  !boot_cpu_has_bug(X86_BUG_MDS) &&
402  !boot_cpu_has_bug(X86_BUG_TAA);
403 
404  /*
405  * If guest will not execute VERW, there is no need to set FB_CLEAR_DIS
406  * at VMEntry. Skip the MSR read/write when a guest has no use case to
407  * execute VERW.
408  */
409  if ((vcpu->arch.arch_capabilities & ARCH_CAP_FB_CLEAR) ||
410  ((vcpu->arch.arch_capabilities & ARCH_CAP_MDS_NO) &&
411  (vcpu->arch.arch_capabilities & ARCH_CAP_TAA_NO) &&
412  (vcpu->arch.arch_capabilities & ARCH_CAP_PSDP_NO) &&
413  (vcpu->arch.arch_capabilities & ARCH_CAP_FBSDP_NO) &&
414  (vcpu->arch.arch_capabilities & ARCH_CAP_SBDR_SSDP_NO)))
415  vmx->disable_fb_clear = false;
416 }
417 
418 static const struct kernel_param_ops vmentry_l1d_flush_ops = {
419  .set = vmentry_l1d_flush_set,
420  .get = vmentry_l1d_flush_get,
421 };
422 module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644);
423 
424 static u32 vmx_segment_access_rights(struct kvm_segment *var);
425 
426 void vmx_vmexit(void);
427 
428 #define vmx_insn_failed(fmt...) \
429 do { \
430  WARN_ONCE(1, fmt); \
431  pr_warn_ratelimited(fmt); \
432 } while (0)
433 
434 noinline void vmread_error(unsigned long field)
435 {
436  vmx_insn_failed("vmread failed: field=%lx\n", field);
437 }
438 
439 #ifndef CONFIG_CC_HAS_ASM_GOTO_OUTPUT
440 noinstr void vmread_error_trampoline2(unsigned long field, bool fault)
441 {
442  if (fault) {
443  kvm_spurious_fault();
444  } else {
445  instrumentation_begin();
446  vmread_error(field);
447  instrumentation_end();
448  }
449 }
450 #endif
451 
452 noinline void vmwrite_error(unsigned long field, unsigned long value)
453 {
454  vmx_insn_failed("vmwrite failed: field=%lx val=%lx err=%u\n",
455  field, value, vmcs_read32(VM_INSTRUCTION_ERROR));
456 }
457 
458 noinline void vmclear_error(struct vmcs *vmcs, u64 phys_addr)
459 {
460  vmx_insn_failed("vmclear failed: %p/%llx err=%u\n",
461  vmcs, phys_addr, vmcs_read32(VM_INSTRUCTION_ERROR));
462 }
463 
464 noinline void vmptrld_error(struct vmcs *vmcs, u64 phys_addr)
465 {
466  vmx_insn_failed("vmptrld failed: %p/%llx err=%u\n",
467  vmcs, phys_addr, vmcs_read32(VM_INSTRUCTION_ERROR));
468 }
469 
470 noinline void invvpid_error(unsigned long ext, u16 vpid, gva_t gva)
471 {
472  vmx_insn_failed("invvpid failed: ext=0x%lx vpid=%u gva=0x%lx\n",
473  ext, vpid, gva);
474 }
475 
476 noinline void invept_error(unsigned long ext, u64 eptp, gpa_t gpa)
477 {
478  vmx_insn_failed("invept failed: ext=0x%lx eptp=%llx gpa=0x%llx\n",
479  ext, eptp, gpa);
480 }
481 
482 static DEFINE_PER_CPU(struct vmcs *, vmxarea);
483 DEFINE_PER_CPU(struct vmcs *, current_vmcs);
484 /*
485  * We maintain a per-CPU linked-list of VMCS loaded on that CPU. This is needed
486  * when a CPU is brought down, and we need to VMCLEAR all VMCSs loaded on it.
487  */
488 static DEFINE_PER_CPU(struct list_head, loaded_vmcss_on_cpu);
489 
490 static DECLARE_BITMAP(vmx_vpid_bitmap, VMX_NR_VPIDS);
491 static DEFINE_SPINLOCK(vmx_vpid_lock);
492 
493 struct vmcs_config vmcs_config __ro_after_init;
494 struct vmx_capability vmx_capability __ro_after_init;
495 
496 #define VMX_SEGMENT_FIELD(seg) \
497  [VCPU_SREG_##seg] = { \
498  .selector = GUEST_##seg##_SELECTOR, \
499  .base = GUEST_##seg##_BASE, \
500  .limit = GUEST_##seg##_LIMIT, \
501  .ar_bytes = GUEST_##seg##_AR_BYTES, \
502  }
503 
504 static const struct kvm_vmx_segment_field {
505  unsigned selector;
506  unsigned base;
507  unsigned limit;
508  unsigned ar_bytes;
509 } kvm_vmx_segment_fields[] = {
510  VMX_SEGMENT_FIELD(CS),
511  VMX_SEGMENT_FIELD(DS),
512  VMX_SEGMENT_FIELD(ES),
513  VMX_SEGMENT_FIELD(FS),
514  VMX_SEGMENT_FIELD(GS),
515  VMX_SEGMENT_FIELD(SS),
516  VMX_SEGMENT_FIELD(TR),
517  VMX_SEGMENT_FIELD(LDTR),
518 };
519 
520 static inline void vmx_segment_cache_clear(struct vcpu_vmx *vmx)
521 {
522  vmx->segment_cache.bitmask = 0;
523 }
524 
525 static unsigned long host_idt_base;
526 
527 #if IS_ENABLED(CONFIG_HYPERV)
528 static struct kvm_x86_ops vmx_x86_ops __initdata;
529 
530 static bool __read_mostly enlightened_vmcs = true;
531 module_param(enlightened_vmcs, bool, 0444);
532 
533 static int hv_enable_l2_tlb_flush(struct kvm_vcpu *vcpu)
534 {
535  struct hv_enlightened_vmcs *evmcs;
536  hpa_t partition_assist_page = hv_get_partition_assist_page(vcpu);
537 
538  if (partition_assist_page == INVALID_PAGE)
539  return -ENOMEM;
540 
541  evmcs = (struct hv_enlightened_vmcs *)to_vmx(vcpu)->loaded_vmcs->vmcs;
542 
543  evmcs->partition_assist_page = partition_assist_page;
544  evmcs->hv_vm_id = (unsigned long)vcpu->kvm;
545  evmcs->hv_enlightenments_control.nested_flush_hypercall = 1;
546 
547  return 0;
548 }
549 
550 static __init void hv_init_evmcs(void)
551 {
552  int cpu;
553 
554  if (!enlightened_vmcs)
555  return;
556 
557  /*
558  * Enlightened VMCS usage should be recommended and the host needs
559  * to support eVMCS v1 or above.
560  */
561  if (ms_hyperv.hints & HV_X64_ENLIGHTENED_VMCS_RECOMMENDED &&
562  (ms_hyperv.nested_features & HV_X64_ENLIGHTENED_VMCS_VERSION) >=
563  KVM_EVMCS_VERSION) {
564 
565  /* Check that we have assist pages on all online CPUs */
566  for_each_online_cpu(cpu) {
567  if (!hv_get_vp_assist_page(cpu)) {
568  enlightened_vmcs = false;
569  break;
570  }
571  }
572 
573  if (enlightened_vmcs) {
574  pr_info("Using Hyper-V Enlightened VMCS\n");
575  static_branch_enable(&__kvm_is_using_evmcs);
576  }
577 
578  if (ms_hyperv.nested_features & HV_X64_NESTED_DIRECT_FLUSH)
579  vmx_x86_ops.enable_l2_tlb_flush
580  = hv_enable_l2_tlb_flush;
581 
582  } else {
583  enlightened_vmcs = false;
584  }
585 }
586 
587 static void hv_reset_evmcs(void)
588 {
589  struct hv_vp_assist_page *vp_ap;
590 
591  if (!kvm_is_using_evmcs())
592  return;
593 
594  /*
595  * KVM should enable eVMCS if and only if all CPUs have a VP assist
596  * page, and should reject CPU onlining if eVMCS is enabled the CPU
597  * doesn't have a VP assist page allocated.
598  */
599  vp_ap = hv_get_vp_assist_page(smp_processor_id());
600  if (WARN_ON_ONCE(!vp_ap))
601  return;
602 
603  /*
604  * Reset everything to support using non-enlightened VMCS access later
605  * (e.g. when we reload the module with enlightened_vmcs=0)
606  */
607  vp_ap->nested_control.features.directhypercall = 0;
608  vp_ap->current_nested_vmcs = 0;
609  vp_ap->enlighten_vmentry = 0;
610 }
611 
612 #else /* IS_ENABLED(CONFIG_HYPERV) */
613 static void hv_init_evmcs(void) {}
614 static void hv_reset_evmcs(void) {}
615 #endif /* IS_ENABLED(CONFIG_HYPERV) */
616 
617 /*
618  * Comment's format: document - errata name - stepping - processor name.
619  * Refer from
620  * https://www.virtualbox.org/svn/vbox/trunk/src/VBox/VMM/VMMR0/HMR0.cpp
621  */
622 static u32 vmx_preemption_cpu_tfms[] = {
623 /* 323344.pdf - BA86 - D0 - Xeon 7500 Series */
624 0x000206E6,
625 /* 323056.pdf - AAX65 - C2 - Xeon L3406 */
626 /* 322814.pdf - AAT59 - C2 - i7-600, i5-500, i5-400 and i3-300 Mobile */
627 /* 322911.pdf - AAU65 - C2 - i5-600, i3-500 Desktop and Pentium G6950 */
628 0x00020652,
629 /* 322911.pdf - AAU65 - K0 - i5-600, i3-500 Desktop and Pentium G6950 */
630 0x00020655,
631 /* 322373.pdf - AAO95 - B1 - Xeon 3400 Series */
632 /* 322166.pdf - AAN92 - B1 - i7-800 and i5-700 Desktop */
633 /*
634  * 320767.pdf - AAP86 - B1 -
635  * i7-900 Mobile Extreme, i7-800 and i7-700 Mobile
636  */
637 0x000106E5,
638 /* 321333.pdf - AAM126 - C0 - Xeon 3500 */
639 0x000106A0,
640 /* 321333.pdf - AAM126 - C1 - Xeon 3500 */
641 0x000106A1,
642 /* 320836.pdf - AAJ124 - C0 - i7-900 Desktop Extreme and i7-900 Desktop */
643 0x000106A4,
644  /* 321333.pdf - AAM126 - D0 - Xeon 3500 */
645  /* 321324.pdf - AAK139 - D0 - Xeon 5500 */
646  /* 320836.pdf - AAJ124 - D0 - i7-900 Extreme and i7-900 Desktop */
647 0x000106A5,
648  /* Xeon E3-1220 V2 */
649 0x000306A8,
650 };
651 
652 static inline bool cpu_has_broken_vmx_preemption_timer(void)
653 {
654  u32 eax = cpuid_eax(0x00000001), i;
655 
656  /* Clear the reserved bits */
657  eax &= ~(0x3U << 14 | 0xfU << 28);
658  for (i = 0; i < ARRAY_SIZE(vmx_preemption_cpu_tfms); i++)
659  if (eax == vmx_preemption_cpu_tfms[i])
660  return true;
661 
662  return false;
663 }
664 
665 static inline bool cpu_need_virtualize_apic_accesses(struct kvm_vcpu *vcpu)
666 {
667  return flexpriority_enabled && lapic_in_kernel(vcpu);
668 }
669 
670 static int possible_passthrough_msr_slot(u32 msr)
671 {
672  u32 i;
673 
674  for (i = 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++)
675  if (vmx_possible_passthrough_msrs[i] == msr)
676  return i;
677 
678  return -ENOENT;
679 }
680 
681 static bool is_valid_passthrough_msr(u32 msr)
682 {
683  bool r;
684 
685  switch (msr) {
686  case 0x800 ... 0x8ff:
687  /* x2APIC MSRs. These are handled in vmx_update_msr_bitmap_x2apic() */
688  return true;
689  case MSR_IA32_RTIT_STATUS:
690  case MSR_IA32_RTIT_OUTPUT_BASE:
691  case MSR_IA32_RTIT_OUTPUT_MASK:
692  case MSR_IA32_RTIT_CR3_MATCH:
693  case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
694  /* PT MSRs. These are handled in pt_update_intercept_for_msr() */
695  case MSR_LBR_SELECT:
696  case MSR_LBR_TOS:
697  case MSR_LBR_INFO_0 ... MSR_LBR_INFO_0 + 31:
698  case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 31:
699  case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 31:
700  case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 8:
701  case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8:
702  /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */
703  return true;
704  }
705 
706  r = possible_passthrough_msr_slot(msr) != -ENOENT;
707 
708  WARN(!r, "Invalid MSR %x, please adapt vmx_possible_passthrough_msrs[]", msr);
709 
710  return r;
711 }
712 
713 struct vmx_uret_msr *vmx_find_uret_msr(struct vcpu_vmx *vmx, u32 msr)
714 {
715  int i;
716 
717  i = kvm_find_user_return_msr(msr);
718  if (i >= 0)
719  return &vmx->guest_uret_msrs[i];
720  return NULL;
721 }
722 
723 static int vmx_set_guest_uret_msr(struct vcpu_vmx *vmx,
724  struct vmx_uret_msr *msr, u64 data)
725 {
726  unsigned int slot = msr - vmx->guest_uret_msrs;
727  int ret = 0;
728 
729  if (msr->load_into_hardware) {
730  preempt_disable();
731  ret = kvm_set_user_return_msr(slot, data, msr->mask);
732  preempt_enable();
733  }
734  if (!ret)
735  msr->data = data;
736  return ret;
737 }
738 
739 /*
740  * Disable VMX and clear CR4.VMXE (even if VMXOFF faults)
741  *
742  * Note, VMXOFF causes a #UD if the CPU is !post-VMXON, but it's impossible to
743  * atomically track post-VMXON state, e.g. this may be called in NMI context.
744  * Eat all faults as all other faults on VMXOFF faults are mode related, i.e.
745  * faults are guaranteed to be due to the !post-VMXON check unless the CPU is
746  * magically in RM, VM86, compat mode, or at CPL>0.
747  */
748 static int kvm_cpu_vmxoff(void)
749 {
750  asm goto("1: vmxoff\n\t"
751  _ASM_EXTABLE(1b, %l[fault])
752  ::: "cc", "memory" : fault);
753 
754  cr4_clear_bits(X86_CR4_VMXE);
755  return 0;
756 
757 fault:
758  cr4_clear_bits(X86_CR4_VMXE);
759  return -EIO;
760 }
761 
762 static void vmx_emergency_disable(void)
763 {
764  int cpu = raw_smp_processor_id();
765  struct loaded_vmcs *v;
766 
767  kvm_rebooting = true;
768 
769  /*
770  * Note, CR4.VMXE can be _cleared_ in NMI context, but it can only be
771  * set in task context. If this races with VMX is disabled by an NMI,
772  * VMCLEAR and VMXOFF may #UD, but KVM will eat those faults due to
773  * kvm_rebooting set.
774  */
775  if (!(__read_cr4() & X86_CR4_VMXE))
776  return;
777 
778  list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu),
779  loaded_vmcss_on_cpu_link)
780  vmcs_clear(v->vmcs);
781 
782  kvm_cpu_vmxoff();
783 }
784 
785 static void __loaded_vmcs_clear(void *arg)
786 {
787  struct loaded_vmcs *loaded_vmcs = arg;
788  int cpu = raw_smp_processor_id();
789 
790  if (loaded_vmcs->cpu != cpu)
791  return; /* vcpu migration can race with cpu offline */
792  if (per_cpu(current_vmcs, cpu) == loaded_vmcs->vmcs)
793  per_cpu(current_vmcs, cpu) = NULL;
794 
795  vmcs_clear(loaded_vmcs->vmcs);
796  if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched)
797  vmcs_clear(loaded_vmcs->shadow_vmcs);
798 
799  list_del(&loaded_vmcs->loaded_vmcss_on_cpu_link);
800 
801  /*
802  * Ensure all writes to loaded_vmcs, including deleting it from its
803  * current percpu list, complete before setting loaded_vmcs->cpu to
804  * -1, otherwise a different cpu can see loaded_vmcs->cpu == -1 first
805  * and add loaded_vmcs to its percpu list before it's deleted from this
806  * cpu's list. Pairs with the smp_rmb() in vmx_vcpu_load_vmcs().
807  */
808  smp_wmb();
809 
810  loaded_vmcs->cpu = -1;
811  loaded_vmcs->launched = 0;
812 }
813 
814 void loaded_vmcs_clear(struct loaded_vmcs *loaded_vmcs)
815 {
816  int cpu = loaded_vmcs->cpu;
817 
818  if (cpu != -1)
819  smp_call_function_single(cpu,
820  __loaded_vmcs_clear, loaded_vmcs, 1);
821 }
822 
823 static bool vmx_segment_cache_test_set(struct vcpu_vmx *vmx, unsigned seg,
824  unsigned field)
825 {
826  bool ret;
827  u32 mask = 1 << (seg * SEG_FIELD_NR + field);
828 
829  if (!kvm_register_is_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS)) {
830  kvm_register_mark_available(&vmx->vcpu, VCPU_EXREG_SEGMENTS);
831  vmx->segment_cache.bitmask = 0;
832  }
833  ret = vmx->segment_cache.bitmask & mask;
834  vmx->segment_cache.bitmask |= mask;
835  return ret;
836 }
837 
838 static u16 vmx_read_guest_seg_selector(struct vcpu_vmx *vmx, unsigned seg)
839 {
840  u16 *p = &vmx->segment_cache.seg[seg].selector;
841 
842  if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_SEL))
843  *p = vmcs_read16(kvm_vmx_segment_fields[seg].selector);
844  return *p;
845 }
846 
847 static ulong vmx_read_guest_seg_base(struct vcpu_vmx *vmx, unsigned seg)
848 {
849  ulong *p = &vmx->segment_cache.seg[seg].base;
850 
851  if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_BASE))
852  *p = vmcs_readl(kvm_vmx_segment_fields[seg].base);
853  return *p;
854 }
855 
856 static u32 vmx_read_guest_seg_limit(struct vcpu_vmx *vmx, unsigned seg)
857 {
858  u32 *p = &vmx->segment_cache.seg[seg].limit;
859 
860  if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_LIMIT))
861  *p = vmcs_read32(kvm_vmx_segment_fields[seg].limit);
862  return *p;
863 }
864 
865 static u32 vmx_read_guest_seg_ar(struct vcpu_vmx *vmx, unsigned seg)
866 {
867  u32 *p = &vmx->segment_cache.seg[seg].ar;
868 
869  if (!vmx_segment_cache_test_set(vmx, seg, SEG_FIELD_AR))
870  *p = vmcs_read32(kvm_vmx_segment_fields[seg].ar_bytes);
871  return *p;
872 }
873 
874 void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu)
875 {
876  u32 eb;
877 
878  eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
879  (1u << DB_VECTOR) | (1u << AC_VECTOR);
880  /*
881  * Guest access to VMware backdoor ports could legitimately
882  * trigger #GP because of TSS I/O permission bitmap.
883  * We intercept those #GP and allow access to them anyway
884  * as VMware does.
885  */
886  if (enable_vmware_backdoor)
887  eb |= (1u << GP_VECTOR);
888  if ((vcpu->guest_debug &
889  (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
890  (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
891  eb |= 1u << BP_VECTOR;
892  if (to_vmx(vcpu)->rmode.vm86_active)
893  eb = ~0;
894  if (!vmx_need_pf_intercept(vcpu))
895  eb &= ~(1u << PF_VECTOR);
896 
897  /* When we are running a nested L2 guest and L1 specified for it a
898  * certain exception bitmap, we must trap the same exceptions and pass
899  * them to L1. When running L2, we will only handle the exceptions
900  * specified above if L1 did not want them.
901  */
902  if (is_guest_mode(vcpu))
903  eb |= get_vmcs12(vcpu)->exception_bitmap;
904  else {
905  int mask = 0, match = 0;
906 
907  if (enable_ept && (eb & (1u << PF_VECTOR))) {
908  /*
909  * If EPT is enabled, #PF is currently only intercepted
910  * if MAXPHYADDR is smaller on the guest than on the
911  * host. In that case we only care about present,
912  * non-reserved faults. For vmcs02, however, PFEC_MASK
913  * and PFEC_MATCH are set in prepare_vmcs02_rare.
914  */
915  mask = PFERR_PRESENT_MASK | PFERR_RSVD_MASK;
916  match = PFERR_PRESENT_MASK;
917  }
918  vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, mask);
919  vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, match);
920  }
921 
922  /*
923  * Disabling xfd interception indicates that dynamic xfeatures
924  * might be used in the guest. Always trap #NM in this case
925  * to save guest xfd_err timely.
926  */
927  if (vcpu->arch.xfd_no_write_intercept)
928  eb |= (1u << NM_VECTOR);
929 
930  vmcs_write32(EXCEPTION_BITMAP, eb);
931 }
932 
933 /*
934  * Check if MSR is intercepted for currently loaded MSR bitmap.
935  */
936 static bool msr_write_intercepted(struct vcpu_vmx *vmx, u32 msr)
937 {
938  if (!(exec_controls_get(vmx) & CPU_BASED_USE_MSR_BITMAPS))
939  return true;
940 
941  return vmx_test_msr_bitmap_write(vmx->loaded_vmcs->msr_bitmap, msr);
942 }
943 
944 unsigned int __vmx_vcpu_run_flags(struct vcpu_vmx *vmx)
945 {
946  unsigned int flags = 0;
947 
948  if (vmx->loaded_vmcs->launched)
949  flags |= VMX_RUN_VMRESUME;
950 
951  /*
952  * If writes to the SPEC_CTRL MSR aren't intercepted, the guest is free
953  * to change it directly without causing a vmexit. In that case read
954  * it after vmexit and store it in vmx->spec_ctrl.
955  */
956  if (!msr_write_intercepted(vmx, MSR_IA32_SPEC_CTRL))
957  flags |= VMX_RUN_SAVE_SPEC_CTRL;
958 
959  return flags;
960 }
961 
962 static __always_inline void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx,
963  unsigned long entry, unsigned long exit)
964 {
965  vm_entry_controls_clearbit(vmx, entry);
966  vm_exit_controls_clearbit(vmx, exit);
967 }
968 
969 int vmx_find_loadstore_msr_slot(struct vmx_msrs *m, u32 msr)
970 {
971  unsigned int i;
972 
973  for (i = 0; i < m->nr; ++i) {
974  if (m->val[i].index == msr)
975  return i;
976  }
977  return -ENOENT;
978 }
979 
980 static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
981 {
982  int i;
983  struct msr_autoload *m = &vmx->msr_autoload;
984 
985  switch (msr) {
986  case MSR_EFER:
987  if (cpu_has_load_ia32_efer()) {
988  clear_atomic_switch_msr_special(vmx,
989  VM_ENTRY_LOAD_IA32_EFER,
990  VM_EXIT_LOAD_IA32_EFER);
991  return;
992  }
993  break;
994  case MSR_CORE_PERF_GLOBAL_CTRL:
995  if (cpu_has_load_perf_global_ctrl()) {
996  clear_atomic_switch_msr_special(vmx,
997  VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
998  VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL);
999  return;
1000  }
1001  break;
1002  }
1003  i = vmx_find_loadstore_msr_slot(&m->guest, msr);
1004  if (i < 0)
1005  goto skip_guest;
1006  --m->guest.nr;
1007  m->guest.val[i] = m->guest.val[m->guest.nr];
1008  vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);
1009 
1010 skip_guest:
1011  i = vmx_find_loadstore_msr_slot(&m->host, msr);
1012  if (i < 0)
1013  return;
1014 
1015  --m->host.nr;
1016  m->host.val[i] = m->host.val[m->host.nr];
1017  vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr);
1018 }
1019 
1020 static __always_inline void add_atomic_switch_msr_special(struct vcpu_vmx *vmx,
1021  unsigned long entry, unsigned long exit,
1022  unsigned long guest_val_vmcs, unsigned long host_val_vmcs,
1023  u64 guest_val, u64 host_val)
1024 {
1025  vmcs_write64(guest_val_vmcs, guest_val);
1026  if (host_val_vmcs != HOST_IA32_EFER)
1027  vmcs_write64(host_val_vmcs, host_val);
1028  vm_entry_controls_setbit(vmx, entry);
1029  vm_exit_controls_setbit(vmx, exit);
1030 }
1031 
1032 static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
1033  u64 guest_val, u64 host_val, bool entry_only)
1034 {
1035  int i, j = 0;
1036  struct msr_autoload *m = &vmx->msr_autoload;
1037 
1038  switch (msr) {
1039  case MSR_EFER:
1040  if (cpu_has_load_ia32_efer()) {
1041  add_atomic_switch_msr_special(vmx,
1042  VM_ENTRY_LOAD_IA32_EFER,
1043  VM_EXIT_LOAD_IA32_EFER,
1044  GUEST_IA32_EFER,
1045  HOST_IA32_EFER,
1046  guest_val, host_val);
1047  return;
1048  }
1049  break;
1050  case MSR_CORE_PERF_GLOBAL_CTRL:
1051  if (cpu_has_load_perf_global_ctrl()) {
1052  add_atomic_switch_msr_special(vmx,
1053  VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
1054  VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL,
1055  GUEST_IA32_PERF_GLOBAL_CTRL,
1056  HOST_IA32_PERF_GLOBAL_CTRL,
1057  guest_val, host_val);
1058  return;
1059  }
1060  break;
1061  case MSR_IA32_PEBS_ENABLE:
1062  /* PEBS needs a quiescent period after being disabled (to write
1063  * a record). Disabling PEBS through VMX MSR swapping doesn't
1064  * provide that period, so a CPU could write host's record into
1065  * guest's memory.
1066  */
1067  wrmsrl(MSR_IA32_PEBS_ENABLE, 0);
1068  }
1069 
1070  i = vmx_find_loadstore_msr_slot(&m->guest, msr);
1071  if (!entry_only)
1072  j = vmx_find_loadstore_msr_slot(&m->host, msr);
1073 
1074  if ((i < 0 && m->guest.nr == MAX_NR_LOADSTORE_MSRS) ||
1075  (j < 0 && m->host.nr == MAX_NR_LOADSTORE_MSRS)) {
1076  printk_once(KERN_WARNING "Not enough msr switch entries. "
1077  "Can't add msr %x\n", msr);
1078  return;
1079  }
1080  if (i < 0) {
1081  i = m->guest.nr++;
1082  vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);
1083  }
1084  m->guest.val[i].index = msr;
1085  m->guest.val[i].value = guest_val;
1086 
1087  if (entry_only)
1088  return;
1089 
1090  if (j < 0) {
1091  j = m->host.nr++;
1092  vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr);
1093  }
1094  m->host.val[j].index = msr;
1095  m->host.val[j].value = host_val;
1096 }
1097 
1098 static bool update_transition_efer(struct vcpu_vmx *vmx)
1099 {
1100  u64 guest_efer = vmx->vcpu.arch.efer;
1101  u64 ignore_bits = 0;
1102  int i;
1103 
1104  /* Shadow paging assumes NX to be available. */
1105  if (!enable_ept)
1106  guest_efer |= EFER_NX;
1107 
1108  /*
1109  * LMA and LME handled by hardware; SCE meaningless outside long mode.
1110  */
1111  ignore_bits |= EFER_SCE;
1112 #ifdef CONFIG_X86_64
1113  ignore_bits |= EFER_LMA | EFER_LME;
1114  /* SCE is meaningful only in long mode on Intel */
1115  if (guest_efer & EFER_LMA)
1116  ignore_bits &= ~(u64)EFER_SCE;
1117 #endif
1118 
1119  /*
1120  * On EPT, we can't emulate NX, so we must switch EFER atomically.
1121  * On CPUs that support "load IA32_EFER", always switch EFER
1122  * atomically, since it's faster than switching it manually.
1123  */
1124  if (cpu_has_load_ia32_efer() ||
1125  (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) {
1126  if (!(guest_efer & EFER_LMA))
1127  guest_efer &= ~EFER_LME;
1128  if (guest_efer != host_efer)
1129  add_atomic_switch_msr(vmx, MSR_EFER,
1130  guest_efer, host_efer, false);
1131  else
1132  clear_atomic_switch_msr(vmx, MSR_EFER);
1133  return false;
1134  }
1135 
1136  i = kvm_find_user_return_msr(MSR_EFER);
1137  if (i < 0)
1138  return false;
1139 
1140  clear_atomic_switch_msr(vmx, MSR_EFER);
1141 
1142  guest_efer &= ~ignore_bits;
1143  guest_efer |= host_efer & ignore_bits;
1144 
1145  vmx->guest_uret_msrs[i].data = guest_efer;
1146  vmx->guest_uret_msrs[i].mask = ~ignore_bits;
1147 
1148  return true;
1149 }
1150 
1151 #ifdef CONFIG_X86_32
1152 /*
1153  * On 32-bit kernels, VM exits still load the FS and GS bases from the
1154  * VMCS rather than the segment table. KVM uses this helper to figure
1155  * out the current bases to poke them into the VMCS before entry.
1156  */
1157 static unsigned long segment_base(u16 selector)
1158 {
1159  struct desc_struct *table;
1160  unsigned long v;
1161 
1162  if (!(selector & ~SEGMENT_RPL_MASK))
1163  return 0;
1164 
1165  table = get_current_gdt_ro();
1166 
1167  if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) {
1168  u16 ldt_selector = kvm_read_ldt();
1169 
1170  if (!(ldt_selector & ~SEGMENT_RPL_MASK))
1171  return 0;
1172 
1173  table = (struct desc_struct *)segment_base(ldt_selector);
1174  }
1175  v = get_desc_base(&table[selector >> 3]);
1176  return v;
1177 }
1178 #endif
1179 
1180 static inline bool pt_can_write_msr(struct vcpu_vmx *vmx)
1181 {
1182  return vmx_pt_mode_is_host_guest() &&
1183  !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN);
1184 }
1185 
1186 static inline bool pt_output_base_valid(struct kvm_vcpu *vcpu, u64 base)
1187 {
1188  /* The base must be 128-byte aligned and a legal physical address. */
1189  return kvm_vcpu_is_legal_aligned_gpa(vcpu, base, 128);
1190 }
1191 
1192 static inline void pt_load_msr(struct pt_ctx *ctx, u32 addr_range)
1193 {
1194  u32 i;
1195 
1196  wrmsrl(MSR_IA32_RTIT_STATUS, ctx->status);
1197  wrmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base);
1198  wrmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask);
1199  wrmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match);
1200  for (i = 0; i < addr_range; i++) {
1201  wrmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]);
1202  wrmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]);
1203  }
1204 }
1205 
1206 static inline void pt_save_msr(struct pt_ctx *ctx, u32 addr_range)
1207 {
1208  u32 i;
1209 
1210  rdmsrl(MSR_IA32_RTIT_STATUS, ctx->status);
1211  rdmsrl(MSR_IA32_RTIT_OUTPUT_BASE, ctx->output_base);
1212  rdmsrl(MSR_IA32_RTIT_OUTPUT_MASK, ctx->output_mask);
1213  rdmsrl(MSR_IA32_RTIT_CR3_MATCH, ctx->cr3_match);
1214  for (i = 0; i < addr_range; i++) {
1215  rdmsrl(MSR_IA32_RTIT_ADDR0_A + i * 2, ctx->addr_a[i]);
1216  rdmsrl(MSR_IA32_RTIT_ADDR0_B + i * 2, ctx->addr_b[i]);
1217  }
1218 }
1219 
1220 static void pt_guest_enter(struct vcpu_vmx *vmx)
1221 {
1222  if (vmx_pt_mode_is_system())
1223  return;
1224 
1225  /*
1226  * GUEST_IA32_RTIT_CTL is already set in the VMCS.
1227  * Save host state before VM entry.
1228  */
1229  rdmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl);
1230  if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) {
1231  wrmsrl(MSR_IA32_RTIT_CTL, 0);
1232  pt_save_msr(&vmx->pt_desc.host, vmx->pt_desc.num_address_ranges);
1233  pt_load_msr(&vmx->pt_desc.guest, vmx->pt_desc.num_address_ranges);
1234  }
1235 }
1236 
1237 static void pt_guest_exit(struct vcpu_vmx *vmx)
1238 {
1239  if (vmx_pt_mode_is_system())
1240  return;
1241 
1242  if (vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) {
1243  pt_save_msr(&vmx->pt_desc.guest, vmx->pt_desc.num_address_ranges);
1244  pt_load_msr(&vmx->pt_desc.host, vmx->pt_desc.num_address_ranges);
1245  }
1246 
1247  /*
1248  * KVM requires VM_EXIT_CLEAR_IA32_RTIT_CTL to expose PT to the guest,
1249  * i.e. RTIT_CTL is always cleared on VM-Exit. Restore it if necessary.
1250  */
1251  if (vmx->pt_desc.host.ctl)
1252  wrmsrl(MSR_IA32_RTIT_CTL, vmx->pt_desc.host.ctl);
1253 }
1254 
1255 void vmx_set_host_fs_gs(struct vmcs_host_state *host, u16 fs_sel, u16 gs_sel,
1256  unsigned long fs_base, unsigned long gs_base)
1257 {
1258  if (unlikely(fs_sel != host->fs_sel)) {
1259  if (!(fs_sel & 7))
1260  vmcs_write16(HOST_FS_SELECTOR, fs_sel);
1261  else
1262  vmcs_write16(HOST_FS_SELECTOR, 0);
1263  host->fs_sel = fs_sel;
1264  }
1265  if (unlikely(gs_sel != host->gs_sel)) {
1266  if (!(gs_sel & 7))
1267  vmcs_write16(HOST_GS_SELECTOR, gs_sel);
1268  else
1269  vmcs_write16(HOST_GS_SELECTOR, 0);
1270  host->gs_sel = gs_sel;
1271  }
1272  if (unlikely(fs_base != host->fs_base)) {
1273  vmcs_writel(HOST_FS_BASE, fs_base);
1274  host->fs_base = fs_base;
1275  }
1276  if (unlikely(gs_base != host->gs_base)) {
1277  vmcs_writel(HOST_GS_BASE, gs_base);
1278  host->gs_base = gs_base;
1279  }
1280 }
1281 
1282 void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
1283 {
1284  struct vcpu_vmx *vmx = to_vmx(vcpu);
1285  struct vmcs_host_state *host_state;
1286 #ifdef CONFIG_X86_64
1287  int cpu = raw_smp_processor_id();
1288 #endif
1289  unsigned long fs_base, gs_base;
1290  u16 fs_sel, gs_sel;
1291  int i;
1292 
1293  vmx->req_immediate_exit = false;
1294 
1295  /*
1296  * Note that guest MSRs to be saved/restored can also be changed
1297  * when guest state is loaded. This happens when guest transitions
1298  * to/from long-mode by setting MSR_EFER.LMA.
1299  */
1300  if (!vmx->guest_uret_msrs_loaded) {
1301  vmx->guest_uret_msrs_loaded = true;
1302  for (i = 0; i < kvm_nr_uret_msrs; ++i) {
1303  if (!vmx->guest_uret_msrs[i].load_into_hardware)
1304  continue;
1305 
1306  kvm_set_user_return_msr(i,
1307  vmx->guest_uret_msrs[i].data,
1308  vmx->guest_uret_msrs[i].mask);
1309  }
1310  }
1311 
1312  if (vmx->nested.need_vmcs12_to_shadow_sync)
1313  nested_sync_vmcs12_to_shadow(vcpu);
1314 
1315  if (vmx->guest_state_loaded)
1316  return;
1317 
1318  host_state = &vmx->loaded_vmcs->host_state;
1319 
1320  /*
1321  * Set host fs and gs selectors. Unfortunately, 22.2.3 does not
1322  * allow segment selectors with cpl > 0 or ti == 1.
1323  */
1324  host_state->ldt_sel = kvm_read_ldt();
1325 
1326 #ifdef CONFIG_X86_64
1327  savesegment(ds, host_state->ds_sel);
1328  savesegment(es, host_state->es_sel);
1329 
1330  gs_base = cpu_kernelmode_gs_base(cpu);
1331  if (likely(is_64bit_mm(current->mm))) {
1332  current_save_fsgs();
1333  fs_sel = current->thread.fsindex;
1334  gs_sel = current->thread.gsindex;
1335  fs_base = current->thread.fsbase;
1336  vmx->msr_host_kernel_gs_base = current->thread.gsbase;
1337  } else {
1338  savesegment(fs, fs_sel);
1339  savesegment(gs, gs_sel);
1340  fs_base = read_msr(MSR_FS_BASE);
1341  vmx->msr_host_kernel_gs_base = read_msr(MSR_KERNEL_GS_BASE);
1342  }
1343 
1344  wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
1345 #else
1346  savesegment(fs, fs_sel);
1347  savesegment(gs, gs_sel);
1348  fs_base = segment_base(fs_sel);
1349  gs_base = segment_base(gs_sel);
1350 #endif
1351 
1352  vmx_set_host_fs_gs(host_state, fs_sel, gs_sel, fs_base, gs_base);
1353  vmx->guest_state_loaded = true;
1354 }
1355 
1356 static void vmx_prepare_switch_to_host(struct vcpu_vmx *vmx)
1357 {
1358  struct vmcs_host_state *host_state;
1359 
1360  if (!vmx->guest_state_loaded)
1361  return;
1362 
1363  host_state = &vmx->loaded_vmcs->host_state;
1364 
1365  ++vmx->vcpu.stat.host_state_reload;
1366 
1367 #ifdef CONFIG_X86_64
1368  rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
1369 #endif
1370  if (host_state->ldt_sel || (host_state->gs_sel & 7)) {
1371  kvm_load_ldt(host_state->ldt_sel);
1372 #ifdef CONFIG_X86_64
1373  load_gs_index(host_state->gs_sel);
1374 #else
1375  loadsegment(gs, host_state->gs_sel);
1376 #endif
1377  }
1378  if (host_state->fs_sel & 7)
1379  loadsegment(fs, host_state->fs_sel);
1380 #ifdef CONFIG_X86_64
1381  if (unlikely(host_state->ds_sel | host_state->es_sel)) {
1382  loadsegment(ds, host_state->ds_sel);
1383  loadsegment(es, host_state->es_sel);
1384  }
1385 #endif
1386  invalidate_tss_limit();
1387 #ifdef CONFIG_X86_64
1388  wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
1389 #endif
1390  load_fixmap_gdt(raw_smp_processor_id());
1391  vmx->guest_state_loaded = false;
1392  vmx->guest_uret_msrs_loaded = false;
1393 }
1394 
1395 #ifdef CONFIG_X86_64
1396 static u64 vmx_read_guest_kernel_gs_base(struct vcpu_vmx *vmx)
1397 {
1398  preempt_disable();
1399  if (vmx->guest_state_loaded)
1400  rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
1401  preempt_enable();
1402  return vmx->msr_guest_kernel_gs_base;
1403 }
1404 
1405 static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data)
1406 {
1407  preempt_disable();
1408  if (vmx->guest_state_loaded)
1409  wrmsrl(MSR_KERNEL_GS_BASE, data);
1410  preempt_enable();
1411  vmx->msr_guest_kernel_gs_base = data;
1412 }
1413 #endif
1414 
1415 void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu,
1416  struct loaded_vmcs *buddy)
1417 {
1418  struct vcpu_vmx *vmx = to_vmx(vcpu);
1419  bool already_loaded = vmx->loaded_vmcs->cpu == cpu;
1420  struct vmcs *prev;
1421 
1422  if (!already_loaded) {
1423  loaded_vmcs_clear(vmx->loaded_vmcs);
1424  local_irq_disable();
1425 
1426  /*
1427  * Ensure loaded_vmcs->cpu is read before adding loaded_vmcs to
1428  * this cpu's percpu list, otherwise it may not yet be deleted
1429  * from its previous cpu's percpu list. Pairs with the
1430  * smb_wmb() in __loaded_vmcs_clear().
1431  */
1432  smp_rmb();
1433 
1434  list_add(&vmx->loaded_vmcs->loaded_vmcss_on_cpu_link,
1435  &per_cpu(loaded_vmcss_on_cpu, cpu));
1436  local_irq_enable();
1437  }
1438 
1439  prev = per_cpu(current_vmcs, cpu);
1440  if (prev != vmx->loaded_vmcs->vmcs) {
1441  per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs;
1442  vmcs_load(vmx->loaded_vmcs->vmcs);
1443 
1444  /*
1445  * No indirect branch prediction barrier needed when switching
1446  * the active VMCS within a vCPU, unless IBRS is advertised to
1447  * the vCPU. To minimize the number of IBPBs executed, KVM
1448  * performs IBPB on nested VM-Exit (a single nested transition
1449  * may switch the active VMCS multiple times).
1450  */
1451  if (!buddy || WARN_ON_ONCE(buddy->vmcs != prev))
1452  indirect_branch_prediction_barrier();
1453  }
1454 
1455  if (!already_loaded) {
1456  void *gdt = get_current_gdt_ro();
1457 
1458  /*
1459  * Flush all EPTP/VPID contexts, the new pCPU may have stale
1460  * TLB entries from its previous association with the vCPU.
1461  */
1462  kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
1463 
1464  /*
1465  * Linux uses per-cpu TSS and GDT, so set these when switching
1466  * processors. See 22.2.4.
1467  */
1468  vmcs_writel(HOST_TR_BASE,
1469  (unsigned long)&get_cpu_entry_area(cpu)->tss.x86_tss);
1470  vmcs_writel(HOST_GDTR_BASE, (unsigned long)gdt); /* 22.2.4 */
1471 
1472  if (IS_ENABLED(CONFIG_IA32_EMULATION) || IS_ENABLED(CONFIG_X86_32)) {
1473  /* 22.2.3 */
1474  vmcs_writel(HOST_IA32_SYSENTER_ESP,
1475  (unsigned long)(cpu_entry_stack(cpu) + 1));
1476  }
1477 
1478  vmx->loaded_vmcs->cpu = cpu;
1479  }
1480 }
1481 
1482 /*
1483  * Switches to specified vcpu, until a matching vcpu_put(), but assumes
1484  * vcpu mutex is already taken.
1485  */
1486 static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
1487 {
1488  struct vcpu_vmx *vmx = to_vmx(vcpu);
1489 
1490  vmx_vcpu_load_vmcs(vcpu, cpu, NULL);
1491 
1492  vmx_vcpu_pi_load(vcpu, cpu);
1493 
1494  vmx->host_debugctlmsr = get_debugctlmsr();
1495 }
1496 
1497 static void vmx_vcpu_put(struct kvm_vcpu *vcpu)
1498 {
1499  vmx_vcpu_pi_put(vcpu);
1500 
1501  vmx_prepare_switch_to_host(to_vmx(vcpu));
1502 }
1503 
1504 bool vmx_emulation_required(struct kvm_vcpu *vcpu)
1505 {
1506  return emulate_invalid_guest_state && !vmx_guest_state_valid(vcpu);
1507 }
1508 
1509 unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu)
1510 {
1511  struct vcpu_vmx *vmx = to_vmx(vcpu);
1512  unsigned long rflags, save_rflags;
1513 
1514  if (!kvm_register_is_available(vcpu, VCPU_EXREG_RFLAGS)) {
1515  kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS);
1516  rflags = vmcs_readl(GUEST_RFLAGS);
1517  if (vmx->rmode.vm86_active) {
1518  rflags &= RMODE_GUEST_OWNED_EFLAGS_BITS;
1519  save_rflags = vmx->rmode.save_rflags;
1520  rflags |= save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS;
1521  }
1522  vmx->rflags = rflags;
1523  }
1524  return vmx->rflags;
1525 }
1526 
1527 void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
1528 {
1529  struct vcpu_vmx *vmx = to_vmx(vcpu);
1530  unsigned long old_rflags;
1531 
1532  /*
1533  * Unlike CR0 and CR4, RFLAGS handling requires checking if the vCPU
1534  * is an unrestricted guest in order to mark L2 as needing emulation
1535  * if L1 runs L2 as a restricted guest.
1536  */
1537  if (is_unrestricted_guest(vcpu)) {
1538  kvm_register_mark_available(vcpu, VCPU_EXREG_RFLAGS);
1539  vmx->rflags = rflags;
1540  vmcs_writel(GUEST_RFLAGS, rflags);
1541  return;
1542  }
1543 
1544  old_rflags = vmx_get_rflags(vcpu);
1545  vmx->rflags = rflags;
1546  if (vmx->rmode.vm86_active) {
1547  vmx->rmode.save_rflags = rflags;
1548  rflags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM;
1549  }
1550  vmcs_writel(GUEST_RFLAGS, rflags);
1551 
1552  if ((old_rflags ^ vmx->rflags) & X86_EFLAGS_VM)
1553  vmx->emulation_required = vmx_emulation_required(vcpu);
1554 }
1555 
1556 static bool vmx_get_if_flag(struct kvm_vcpu *vcpu)
1557 {
1558  return vmx_get_rflags(vcpu) & X86_EFLAGS_IF;
1559 }
1560 
1561 u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu)
1562 {
1563  u32 interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
1564  int ret = 0;
1565 
1566  if (interruptibility & GUEST_INTR_STATE_STI)
1567  ret |= KVM_X86_SHADOW_INT_STI;
1568  if (interruptibility & GUEST_INTR_STATE_MOV_SS)
1569  ret |= KVM_X86_SHADOW_INT_MOV_SS;
1570 
1571  return ret;
1572 }
1573 
1574 void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
1575 {
1576  u32 interruptibility_old = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
1577  u32 interruptibility = interruptibility_old;
1578 
1579  interruptibility &= ~(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS);
1580 
1581  if (mask & KVM_X86_SHADOW_INT_MOV_SS)
1582  interruptibility |= GUEST_INTR_STATE_MOV_SS;
1583  else if (mask & KVM_X86_SHADOW_INT_STI)
1584  interruptibility |= GUEST_INTR_STATE_STI;
1585 
1586  if ((interruptibility != interruptibility_old))
1587  vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility);
1588 }
1589 
1590 static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data)
1591 {
1592  struct vcpu_vmx *vmx = to_vmx(vcpu);
1593  unsigned long value;
1594 
1595  /*
1596  * Any MSR write that attempts to change bits marked reserved will
1597  * case a #GP fault.
1598  */
1599  if (data & vmx->pt_desc.ctl_bitmask)
1600  return 1;
1601 
1602  /*
1603  * Any attempt to modify IA32_RTIT_CTL while TraceEn is set will
1604  * result in a #GP unless the same write also clears TraceEn.
1605  */
1606  if ((vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) &&
1607  ((vmx->pt_desc.guest.ctl ^ data) & ~RTIT_CTL_TRACEEN))
1608  return 1;
1609 
1610  /*
1611  * WRMSR to IA32_RTIT_CTL that sets TraceEn but clears this bit
1612  * and FabricEn would cause #GP, if
1613  * CPUID.(EAX=14H, ECX=0):ECX.SNGLRGNOUT[bit 2] = 0
1614  */
1615  if ((data & RTIT_CTL_TRACEEN) && !(data & RTIT_CTL_TOPA) &&
1616  !(data & RTIT_CTL_FABRIC_EN) &&
1617  !intel_pt_validate_cap(vmx->pt_desc.caps,
1618  PT_CAP_single_range_output))
1619  return 1;
1620 
1621  /*
1622  * MTCFreq, CycThresh and PSBFreq encodings check, any MSR write that
1623  * utilize encodings marked reserved will cause a #GP fault.
1624  */
1625  value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc_periods);
1626  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc) &&
1627  !test_bit((data & RTIT_CTL_MTC_RANGE) >>
1628  RTIT_CTL_MTC_RANGE_OFFSET, &value))
1629  return 1;
1630  value = intel_pt_validate_cap(vmx->pt_desc.caps,
1631  PT_CAP_cycle_thresholds);
1632  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) &&
1633  !test_bit((data & RTIT_CTL_CYC_THRESH) >>
1634  RTIT_CTL_CYC_THRESH_OFFSET, &value))
1635  return 1;
1636  value = intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_periods);
1637  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc) &&
1638  !test_bit((data & RTIT_CTL_PSB_FREQ) >>
1639  RTIT_CTL_PSB_FREQ_OFFSET, &value))
1640  return 1;
1641 
1642  /*
1643  * If ADDRx_CFG is reserved or the encodings is >2 will
1644  * cause a #GP fault.
1645  */
1646  value = (data & RTIT_CTL_ADDR0) >> RTIT_CTL_ADDR0_OFFSET;
1647  if ((value && (vmx->pt_desc.num_address_ranges < 1)) || (value > 2))
1648  return 1;
1649  value = (data & RTIT_CTL_ADDR1) >> RTIT_CTL_ADDR1_OFFSET;
1650  if ((value && (vmx->pt_desc.num_address_ranges < 2)) || (value > 2))
1651  return 1;
1652  value = (data & RTIT_CTL_ADDR2) >> RTIT_CTL_ADDR2_OFFSET;
1653  if ((value && (vmx->pt_desc.num_address_ranges < 3)) || (value > 2))
1654  return 1;
1655  value = (data & RTIT_CTL_ADDR3) >> RTIT_CTL_ADDR3_OFFSET;
1656  if ((value && (vmx->pt_desc.num_address_ranges < 4)) || (value > 2))
1657  return 1;
1658 
1659  return 0;
1660 }
1661 
1662 static int vmx_check_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type,
1663  void *insn, int insn_len)
1664 {
1665  /*
1666  * Emulation of instructions in SGX enclaves is impossible as RIP does
1667  * not point at the failing instruction, and even if it did, the code
1668  * stream is inaccessible. Inject #UD instead of exiting to userspace
1669  * so that guest userspace can't DoS the guest simply by triggering
1670  * emulation (enclaves are CPL3 only).
1671  */
1672  if (to_vmx(vcpu)->exit_reason.enclave_mode) {
1673  kvm_queue_exception(vcpu, UD_VECTOR);
1674  return X86EMUL_PROPAGATE_FAULT;
1675  }
1676  return X86EMUL_CONTINUE;
1677 }
1678 
1679 static int skip_emulated_instruction(struct kvm_vcpu *vcpu)
1680 {
1681  union vmx_exit_reason exit_reason = to_vmx(vcpu)->exit_reason;
1682  unsigned long rip, orig_rip;
1683  u32 instr_len;
1684 
1685  /*
1686  * Using VMCS.VM_EXIT_INSTRUCTION_LEN on EPT misconfig depends on
1687  * undefined behavior: Intel's SDM doesn't mandate the VMCS field be
1688  * set when EPT misconfig occurs. In practice, real hardware updates
1689  * VM_EXIT_INSTRUCTION_LEN on EPT misconfig, but other hypervisors
1690  * (namely Hyper-V) don't set it due to it being undefined behavior,
1691  * i.e. we end up advancing IP with some random value.
1692  */
1693  if (!static_cpu_has(X86_FEATURE_HYPERVISOR) ||
1694  exit_reason.basic != EXIT_REASON_EPT_MISCONFIG) {
1695  instr_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
1696 
1697  /*
1698  * Emulating an enclave's instructions isn't supported as KVM
1699  * cannot access the enclave's memory or its true RIP, e.g. the
1700  * vmcs.GUEST_RIP points at the exit point of the enclave, not
1701  * the RIP that actually triggered the VM-Exit. But, because
1702  * most instructions that cause VM-Exit will #UD in an enclave,
1703  * most instruction-based VM-Exits simply do not occur.
1704  *
1705  * There are a few exceptions, notably the debug instructions
1706  * INT1ICEBRK and INT3, as they are allowed in debug enclaves
1707  * and generate #DB/#BP as expected, which KVM might intercept.
1708  * But again, the CPU does the dirty work and saves an instr
1709  * length of zero so VMMs don't shoot themselves in the foot.
1710  * WARN if KVM tries to skip a non-zero length instruction on
1711  * a VM-Exit from an enclave.
1712  */
1713  if (!instr_len)
1714  goto rip_updated;
1715 
1716  WARN_ONCE(exit_reason.enclave_mode,
1717  "skipping instruction after SGX enclave VM-Exit");
1718 
1719  orig_rip = kvm_rip_read(vcpu);
1720  rip = orig_rip + instr_len;
1721 #ifdef CONFIG_X86_64
1722  /*
1723  * We need to mask out the high 32 bits of RIP if not in 64-bit
1724  * mode, but just finding out that we are in 64-bit mode is
1725  * quite expensive. Only do it if there was a carry.
1726  */
1727  if (unlikely(((rip ^ orig_rip) >> 31) == 3) && !is_64_bit_mode(vcpu))
1728  rip = (u32)rip;
1729 #endif
1730  kvm_rip_write(vcpu, rip);
1731  } else {
1732  if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
1733  return 0;
1734  }
1735 
1736 rip_updated:
1737  /* skipping an emulated instruction also counts */
1738  vmx_set_interrupt_shadow(vcpu, 0);
1739 
1740  return 1;
1741 }
1742 
1743 /*
1744  * Recognizes a pending MTF VM-exit and records the nested state for later
1745  * delivery.
1746  */
1747 static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
1748 {
1749  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1750  struct vcpu_vmx *vmx = to_vmx(vcpu);
1751 
1752  if (!is_guest_mode(vcpu))
1753  return;
1754 
1755  /*
1756  * Per the SDM, MTF takes priority over debug-trap exceptions besides
1757  * TSS T-bit traps and ICEBP (INT1). KVM doesn't emulate T-bit traps
1758  * or ICEBP (in the emulator proper), and skipping of ICEBP after an
1759  * intercepted #DB deliberately avoids single-step #DB and MTF updates
1760  * as ICEBP is higher priority than both. As instruction emulation is
1761  * completed at this point (i.e. KVM is at the instruction boundary),
1762  * any #DB exception pending delivery must be a debug-trap of lower
1763  * priority than MTF. Record the pending MTF state to be delivered in
1764  * vmx_check_nested_events().
1765  */
1766  if (nested_cpu_has_mtf(vmcs12) &&
1767  (!vcpu->arch.exception.pending ||
1768  vcpu->arch.exception.vector == DB_VECTOR) &&
1769  (!vcpu->arch.exception_vmexit.pending ||
1770  vcpu->arch.exception_vmexit.vector == DB_VECTOR)) {
1771  vmx->nested.mtf_pending = true;
1772  kvm_make_request(KVM_REQ_EVENT, vcpu);
1773  } else {
1774  vmx->nested.mtf_pending = false;
1775  }
1776 }
1777 
1778 static int vmx_skip_emulated_instruction(struct kvm_vcpu *vcpu)
1779 {
1780  vmx_update_emulated_instruction(vcpu);
1781  return skip_emulated_instruction(vcpu);
1782 }
1783 
1784 static void vmx_clear_hlt(struct kvm_vcpu *vcpu)
1785 {
1786  /*
1787  * Ensure that we clear the HLT state in the VMCS. We don't need to
1788  * explicitly skip the instruction because if the HLT state is set,
1789  * then the instruction is already executing and RIP has already been
1790  * advanced.
1791  */
1792  if (kvm_hlt_in_guest(vcpu->kvm) &&
1793  vmcs_read32(GUEST_ACTIVITY_STATE) == GUEST_ACTIVITY_HLT)
1794  vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE);
1795 }
1796 
1797 static void vmx_inject_exception(struct kvm_vcpu *vcpu)
1798 {
1799  struct kvm_queued_exception *ex = &vcpu->arch.exception;
1800  u32 intr_info = ex->vector | INTR_INFO_VALID_MASK;
1801  struct vcpu_vmx *vmx = to_vmx(vcpu);
1802 
1803  kvm_deliver_exception_payload(vcpu, ex);
1804 
1805  if (ex->has_error_code) {
1806  /*
1807  * Despite the error code being architecturally defined as 32
1808  * bits, and the VMCS field being 32 bits, Intel CPUs and thus
1809  * VMX don't actually supporting setting bits 31:16. Hardware
1810  * will (should) never provide a bogus error code, but AMD CPUs
1811  * do generate error codes with bits 31:16 set, and so KVM's
1812  * ABI lets userspace shove in arbitrary 32-bit values. Drop
1813  * the upper bits to avoid VM-Fail, losing information that
1814  * doesn't really exist is preferable to killing the VM.
1815  */
1816  vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, (u16)ex->error_code);
1817  intr_info |= INTR_INFO_DELIVER_CODE_MASK;
1818  }
1819 
1820  if (vmx->rmode.vm86_active) {
1821  int inc_eip = 0;
1822  if (kvm_exception_is_soft(ex->vector))
1823  inc_eip = vcpu->arch.event_exit_inst_len;
1824  kvm_inject_realmode_interrupt(vcpu, ex->vector, inc_eip);
1825  return;
1826  }
1827 
1828  WARN_ON_ONCE(vmx->emulation_required);
1829 
1830  if (kvm_exception_is_soft(ex->vector)) {
1831  vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
1832  vmx->vcpu.arch.event_exit_inst_len);
1833  intr_info |= INTR_TYPE_SOFT_EXCEPTION;
1834  } else
1835  intr_info |= INTR_TYPE_HARD_EXCEPTION;
1836 
1837  vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info);
1838 
1839  vmx_clear_hlt(vcpu);
1840 }
1841 
1842 static void vmx_setup_uret_msr(struct vcpu_vmx *vmx, unsigned int msr,
1843  bool load_into_hardware)
1844 {
1845  struct vmx_uret_msr *uret_msr;
1846 
1847  uret_msr = vmx_find_uret_msr(vmx, msr);
1848  if (!uret_msr)
1849  return;
1850 
1851  uret_msr->load_into_hardware = load_into_hardware;
1852 }
1853 
1854 /*
1855  * Configuring user return MSRs to automatically save, load, and restore MSRs
1856  * that need to be shoved into hardware when running the guest. Note, omitting
1857  * an MSR here does _NOT_ mean it's not emulated, only that it will not be
1858  * loaded into hardware when running the guest.
1859  */
1860 static void vmx_setup_uret_msrs(struct vcpu_vmx *vmx)
1861 {
1862 #ifdef CONFIG_X86_64
1863  bool load_syscall_msrs;
1864 
1865  /*
1866  * The SYSCALL MSRs are only needed on long mode guests, and only
1867  * when EFER.SCE is set.
1868  */
1869  load_syscall_msrs = is_long_mode(&vmx->vcpu) &&
1870  (vmx->vcpu.arch.efer & EFER_SCE);
1871 
1872  vmx_setup_uret_msr(vmx, MSR_STAR, load_syscall_msrs);
1873  vmx_setup_uret_msr(vmx, MSR_LSTAR, load_syscall_msrs);
1874  vmx_setup_uret_msr(vmx, MSR_SYSCALL_MASK, load_syscall_msrs);
1875 #endif
1876  vmx_setup_uret_msr(vmx, MSR_EFER, update_transition_efer(vmx));
1877 
1878  vmx_setup_uret_msr(vmx, MSR_TSC_AUX,
1879  guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDTSCP) ||
1880  guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDPID));
1881 
1882  /*
1883  * hle=0, rtm=0, tsx_ctrl=1 can be found with some combinations of new
1884  * kernel and old userspace. If those guests run on a tsx=off host, do
1885  * allow guests to use TSX_CTRL, but don't change the value in hardware
1886  * so that TSX remains always disabled.
1887  */
1888  vmx_setup_uret_msr(vmx, MSR_IA32_TSX_CTRL, boot_cpu_has(X86_FEATURE_RTM));
1889 
1890  /*
1891  * The set of MSRs to load may have changed, reload MSRs before the
1892  * next VM-Enter.
1893  */
1894  vmx->guest_uret_msrs_loaded = false;
1895 }
1896 
1897 u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu)
1898 {
1899  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1900 
1901  if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETTING))
1902  return vmcs12->tsc_offset;
1903 
1904  return 0;
1905 }
1906 
1907 u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu)
1908 {
1909  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1910 
1911  if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETTING) &&
1912  nested_cpu_has2(vmcs12, SECONDARY_EXEC_TSC_SCALING))
1913  return vmcs12->tsc_multiplier;
1914 
1915  return kvm_caps.default_tsc_scaling_ratio;
1916 }
1917 
1918 static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu)
1919 {
1920  vmcs_write64(TSC_OFFSET, vcpu->arch.tsc_offset);
1921 }
1922 
1923 static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu)
1924 {
1925  vmcs_write64(TSC_MULTIPLIER, vcpu->arch.tsc_scaling_ratio);
1926 }
1927 
1928 /*
1929  * Userspace is allowed to set any supported IA32_FEATURE_CONTROL regardless of
1930  * guest CPUID. Note, KVM allows userspace to set "VMX in SMX" to maintain
1931  * backwards compatibility even though KVM doesn't support emulating SMX. And
1932  * because userspace set "VMX in SMX", the guest must also be allowed to set it,
1933  * e.g. if the MSR is left unlocked and the guest does a RMW operation.
1934  */
1935 #define KVM_SUPPORTED_FEATURE_CONTROL (FEAT_CTL_LOCKED | \
1936  FEAT_CTL_VMX_ENABLED_INSIDE_SMX | \
1937  FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX | \
1938  FEAT_CTL_SGX_LC_ENABLED | \
1939  FEAT_CTL_SGX_ENABLED | \
1940  FEAT_CTL_LMCE_ENABLED)
1941 
1942 static inline bool is_vmx_feature_control_msr_valid(struct vcpu_vmx *vmx,
1943  struct msr_data *msr)
1944 {
1945  uint64_t valid_bits;
1946 
1947  /*
1948  * Ensure KVM_SUPPORTED_FEATURE_CONTROL is updated when new bits are
1949  * exposed to the guest.
1950  */
1951  WARN_ON_ONCE(vmx->msr_ia32_feature_control_valid_bits &
1952  ~KVM_SUPPORTED_FEATURE_CONTROL);
1953 
1954  if (!msr->host_initiated &&
1955  (vmx->msr_ia32_feature_control & FEAT_CTL_LOCKED))
1956  return false;
1957 
1958  if (msr->host_initiated)
1959  valid_bits = KVM_SUPPORTED_FEATURE_CONTROL;
1960  else
1961  valid_bits = vmx->msr_ia32_feature_control_valid_bits;
1962 
1963  return !(msr->data & ~valid_bits);
1964 }
1965 
1966 static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
1967 {
1968  switch (msr->index) {
1969  case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
1970  if (!nested)
1971  return 1;
1972  return vmx_get_vmx_msr(&vmcs_config.nested, msr->index, &msr->data);
1973  default:
1974  return KVM_MSR_RET_INVALID;
1975  }
1976 }
1977 
1978 /*
1979  * Reads an msr value (of 'msr_info->index') into 'msr_info->data'.
1980  * Returns 0 on success, non-0 otherwise.
1981  * Assumes vcpu_load() was already called.
1982  */
1983 static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
1984 {
1985  struct vcpu_vmx *vmx = to_vmx(vcpu);
1986  struct vmx_uret_msr *msr;
1987  u32 index;
1988 
1989  switch (msr_info->index) {
1990 #ifdef CONFIG_X86_64
1991  case MSR_FS_BASE:
1992  msr_info->data = vmcs_readl(GUEST_FS_BASE);
1993  break;
1994  case MSR_GS_BASE:
1995  msr_info->data = vmcs_readl(GUEST_GS_BASE);
1996  break;
1997  case MSR_KERNEL_GS_BASE:
1998  msr_info->data = vmx_read_guest_kernel_gs_base(vmx);
1999  break;
2000 #endif
2001  case MSR_EFER:
2002  return kvm_get_msr_common(vcpu, msr_info);
2003  case MSR_IA32_TSX_CTRL:
2004  if (!msr_info->host_initiated &&
2005  !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR))
2006  return 1;
2007  goto find_uret_msr;
2008  case MSR_IA32_UMWAIT_CONTROL:
2009  if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx))
2010  return 1;
2011 
2012  msr_info->data = vmx->msr_ia32_umwait_control;
2013  break;
2014  case MSR_IA32_SPEC_CTRL:
2015  if (!msr_info->host_initiated &&
2016  !guest_has_spec_ctrl_msr(vcpu))
2017  return 1;
2018 
2019  msr_info->data = to_vmx(vcpu)->spec_ctrl;
2020  break;
2021  case MSR_IA32_SYSENTER_CS:
2022  msr_info->data = vmcs_read32(GUEST_SYSENTER_CS);
2023  break;
2024  case MSR_IA32_SYSENTER_EIP:
2025  msr_info->data = vmcs_readl(GUEST_SYSENTER_EIP);
2026  break;
2027  case MSR_IA32_SYSENTER_ESP:
2028  msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP);
2029  break;
2030  case MSR_IA32_BNDCFGS:
2031  if (!kvm_mpx_supported() ||
2032  (!msr_info->host_initiated &&
2033  !guest_cpuid_has(vcpu, X86_FEATURE_MPX)))
2034  return 1;
2035  msr_info->data = vmcs_read64(GUEST_BNDCFGS);
2036  break;
2037  case MSR_IA32_MCG_EXT_CTL:
2038  if (!msr_info->host_initiated &&
2039  !(vmx->msr_ia32_feature_control &
2040  FEAT_CTL_LMCE_ENABLED))
2041  return 1;
2042  msr_info->data = vcpu->arch.mcg_ext_ctl;
2043  break;
2044  case MSR_IA32_FEAT_CTL:
2045  msr_info->data = vmx->msr_ia32_feature_control;
2046  break;
2047  case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
2048  if (!msr_info->host_initiated &&
2049  !guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC))
2050  return 1;
2051  msr_info->data = to_vmx(vcpu)->msr_ia32_sgxlepubkeyhash
2052  [msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0];
2053  break;
2054  case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
2055  if (!guest_can_use(vcpu, X86_FEATURE_VMX))
2056  return 1;
2057  if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index,
2058  &msr_info->data))
2059  return 1;
2060 #ifdef CONFIG_KVM_HYPERV
2061  /*
2062  * Enlightened VMCS v1 doesn't have certain VMCS fields but
2063  * instead of just ignoring the features, different Hyper-V
2064  * versions are either trying to use them and fail or do some
2065  * sanity checking and refuse to boot. Filter all unsupported
2066  * features out.
2067  */
2068  if (!msr_info->host_initiated && guest_cpuid_has_evmcs(vcpu))
2069  nested_evmcs_filter_control_msr(vcpu, msr_info->index,
2070  &msr_info->data);
2071 #endif
2072  break;
2073  case MSR_IA32_RTIT_CTL:
2074  if (!vmx_pt_mode_is_host_guest())
2075  return 1;
2076  msr_info->data = vmx->pt_desc.guest.ctl;
2077  break;
2078  case MSR_IA32_RTIT_STATUS:
2079  if (!vmx_pt_mode_is_host_guest())
2080  return 1;
2081  msr_info->data = vmx->pt_desc.guest.status;
2082  break;
2083  case MSR_IA32_RTIT_CR3_MATCH:
2084  if (!vmx_pt_mode_is_host_guest() ||
2085  !intel_pt_validate_cap(vmx->pt_desc.caps,
2086  PT_CAP_cr3_filtering))
2087  return 1;
2088  msr_info->data = vmx->pt_desc.guest.cr3_match;
2089  break;
2090  case MSR_IA32_RTIT_OUTPUT_BASE:
2091  if (!vmx_pt_mode_is_host_guest() ||
2092  (!intel_pt_validate_cap(vmx->pt_desc.caps,
2093  PT_CAP_topa_output) &&
2094  !intel_pt_validate_cap(vmx->pt_desc.caps,
2095  PT_CAP_single_range_output)))
2096  return 1;
2097  msr_info->data = vmx->pt_desc.guest.output_base;
2098  break;
2099  case MSR_IA32_RTIT_OUTPUT_MASK:
2100  if (!vmx_pt_mode_is_host_guest() ||
2101  (!intel_pt_validate_cap(vmx->pt_desc.caps,
2102  PT_CAP_topa_output) &&
2103  !intel_pt_validate_cap(vmx->pt_desc.caps,
2104  PT_CAP_single_range_output)))
2105  return 1;
2106  msr_info->data = vmx->pt_desc.guest.output_mask;
2107  break;
2108  case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
2109  index = msr_info->index - MSR_IA32_RTIT_ADDR0_A;
2110  if (!vmx_pt_mode_is_host_guest() ||
2111  (index >= 2 * vmx->pt_desc.num_address_ranges))
2112  return 1;
2113  if (index % 2)
2114  msr_info->data = vmx->pt_desc.guest.addr_b[index / 2];
2115  else
2116  msr_info->data = vmx->pt_desc.guest.addr_a[index / 2];
2117  break;
2118  case MSR_IA32_DEBUGCTLMSR:
2119  msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL);
2120  break;
2121  default:
2122  find_uret_msr:
2123  msr = vmx_find_uret_msr(vmx, msr_info->index);
2124  if (msr) {
2125  msr_info->data = msr->data;
2126  break;
2127  }
2128  return kvm_get_msr_common(vcpu, msr_info);
2129  }
2130 
2131  return 0;
2132 }
2133 
2134 static u64 nested_vmx_truncate_sysenter_addr(struct kvm_vcpu *vcpu,
2135  u64 data)
2136 {
2137 #ifdef CONFIG_X86_64
2138  if (!guest_cpuid_has(vcpu, X86_FEATURE_LM))
2139  return (u32)data;
2140 #endif
2141  return (unsigned long)data;
2142 }
2143 
2144 static u64 vmx_get_supported_debugctl(struct kvm_vcpu *vcpu, bool host_initiated)
2145 {
2146  u64 debugctl = 0;
2147 
2148  if (boot_cpu_has(X86_FEATURE_BUS_LOCK_DETECT) &&
2149  (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_BUS_LOCK_DETECT)))
2150  debugctl |= DEBUGCTLMSR_BUS_LOCK_DETECT;
2151 
2152  if ((kvm_caps.supported_perf_cap & PMU_CAP_LBR_FMT) &&
2153  (host_initiated || intel_pmu_lbr_is_enabled(vcpu)))
2154  debugctl |= DEBUGCTLMSR_LBR | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI;
2155 
2156  return debugctl;
2157 }
2158 
2159 /*
2160  * Writes msr value into the appropriate "register".
2161  * Returns 0 on success, non-0 otherwise.
2162  * Assumes vcpu_load() was already called.
2163  */
2164 static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2165 {
2166  struct vcpu_vmx *vmx = to_vmx(vcpu);
2167  struct vmx_uret_msr *msr;
2168  int ret = 0;
2169  u32 msr_index = msr_info->index;
2170  u64 data = msr_info->data;
2171  u32 index;
2172 
2173  switch (msr_index) {
2174  case MSR_EFER:
2175  ret = kvm_set_msr_common(vcpu, msr_info);
2176  break;
2177 #ifdef CONFIG_X86_64
2178  case MSR_FS_BASE:
2179  vmx_segment_cache_clear(vmx);
2180  vmcs_writel(GUEST_FS_BASE, data);
2181  break;
2182  case MSR_GS_BASE:
2183  vmx_segment_cache_clear(vmx);
2184  vmcs_writel(GUEST_GS_BASE, data);
2185  break;
2186  case MSR_KERNEL_GS_BASE:
2187  vmx_write_guest_kernel_gs_base(vmx, data);
2188  break;
2189  case MSR_IA32_XFD:
2190  ret = kvm_set_msr_common(vcpu, msr_info);
2191  /*
2192  * Always intercepting WRMSR could incur non-negligible
2193  * overhead given xfd might be changed frequently in
2194  * guest context switch. Disable write interception
2195  * upon the first write with a non-zero value (indicating
2196  * potential usage on dynamic xfeatures). Also update
2197  * exception bitmap to trap #NM for proper virtualization
2198  * of guest xfd_err.
2199  */
2200  if (!ret && data) {
2201  vmx_disable_intercept_for_msr(vcpu, MSR_IA32_XFD,
2202  MSR_TYPE_RW);
2203  vcpu->arch.xfd_no_write_intercept = true;
2204  vmx_update_exception_bitmap(vcpu);
2205  }
2206  break;
2207 #endif
2208  case MSR_IA32_SYSENTER_CS:
2209  if (is_guest_mode(vcpu))
2210  get_vmcs12(vcpu)->guest_sysenter_cs = data;
2211  vmcs_write32(GUEST_SYSENTER_CS, data);
2212  break;
2213  case MSR_IA32_SYSENTER_EIP:
2214  if (is_guest_mode(vcpu)) {
2215  data = nested_vmx_truncate_sysenter_addr(vcpu, data);
2216  get_vmcs12(vcpu)->guest_sysenter_eip = data;
2217  }
2218  vmcs_writel(GUEST_SYSENTER_EIP, data);
2219  break;
2220  case MSR_IA32_SYSENTER_ESP:
2221  if (is_guest_mode(vcpu)) {
2222  data = nested_vmx_truncate_sysenter_addr(vcpu, data);
2223  get_vmcs12(vcpu)->guest_sysenter_esp = data;
2224  }
2225  vmcs_writel(GUEST_SYSENTER_ESP, data);
2226  break;
2227  case MSR_IA32_DEBUGCTLMSR: {
2228  u64 invalid;
2229 
2230  invalid = data & ~vmx_get_supported_debugctl(vcpu, msr_info->host_initiated);
2231  if (invalid & (DEBUGCTLMSR_BTF|DEBUGCTLMSR_LBR)) {
2232  kvm_pr_unimpl_wrmsr(vcpu, msr_index, data);
2233  data &= ~(DEBUGCTLMSR_BTF|DEBUGCTLMSR_LBR);
2234  invalid &= ~(DEBUGCTLMSR_BTF|DEBUGCTLMSR_LBR);
2235  }
2236 
2237  if (invalid)
2238  return 1;
2239 
2240  if (is_guest_mode(vcpu) && get_vmcs12(vcpu)->vm_exit_controls &
2241  VM_EXIT_SAVE_DEBUG_CONTROLS)
2242  get_vmcs12(vcpu)->guest_ia32_debugctl = data;
2243 
2244  vmcs_write64(GUEST_IA32_DEBUGCTL, data);
2245  if (intel_pmu_lbr_is_enabled(vcpu) && !to_vmx(vcpu)->lbr_desc.event &&
2246  (data & DEBUGCTLMSR_LBR))
2247  intel_pmu_create_guest_lbr_event(vcpu);
2248  return 0;
2249  }
2250  case MSR_IA32_BNDCFGS:
2251  if (!kvm_mpx_supported() ||
2252  (!msr_info->host_initiated &&
2253  !guest_cpuid_has(vcpu, X86_FEATURE_MPX)))
2254  return 1;
2255  if (is_noncanonical_address(data & PAGE_MASK, vcpu) ||
2256  (data & MSR_IA32_BNDCFGS_RSVD))
2257  return 1;
2258 
2259  if (is_guest_mode(vcpu) &&
2260  ((vmx->nested.msrs.entry_ctls_high & VM_ENTRY_LOAD_BNDCFGS) ||
2261  (vmx->nested.msrs.exit_ctls_high & VM_EXIT_CLEAR_BNDCFGS)))
2262  get_vmcs12(vcpu)->guest_bndcfgs = data;
2263 
2264  vmcs_write64(GUEST_BNDCFGS, data);
2265  break;
2266  case MSR_IA32_UMWAIT_CONTROL:
2267  if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx))
2268  return 1;
2269 
2270  /* The reserved bit 1 and non-32 bit [63:32] should be zero */
2271  if (data & (BIT_ULL(1) | GENMASK_ULL(63, 32)))
2272  return 1;
2273 
2274  vmx->msr_ia32_umwait_control = data;
2275  break;
2276  case MSR_IA32_SPEC_CTRL:
2277  if (!msr_info->host_initiated &&
2278  !guest_has_spec_ctrl_msr(vcpu))
2279  return 1;
2280 
2281  if (kvm_spec_ctrl_test_value(data))
2282  return 1;
2283 
2284  vmx->spec_ctrl = data;
2285  if (!data)
2286  break;
2287 
2288  /*
2289  * For non-nested:
2290  * When it's written (to non-zero) for the first time, pass
2291  * it through.
2292  *
2293  * For nested:
2294  * The handling of the MSR bitmap for L2 guests is done in
2295  * nested_vmx_prepare_msr_bitmap. We should not touch the
2296  * vmcs02.msr_bitmap here since it gets completely overwritten
2297  * in the merging. We update the vmcs01 here for L1 as well
2298  * since it will end up touching the MSR anyway now.
2299  */
2300  vmx_disable_intercept_for_msr(vcpu,
2301  MSR_IA32_SPEC_CTRL,
2302  MSR_TYPE_RW);
2303  break;
2304  case MSR_IA32_TSX_CTRL:
2305  if (!msr_info->host_initiated &&
2306  !(vcpu->arch.arch_capabilities & ARCH_CAP_TSX_CTRL_MSR))
2307  return 1;
2308  if (data & ~(TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR))
2309  return 1;
2310  goto find_uret_msr;
2311  case MSR_IA32_CR_PAT:
2312  ret = kvm_set_msr_common(vcpu, msr_info);
2313  if (ret)
2314  break;
2315 
2316  if (is_guest_mode(vcpu) &&
2317  get_vmcs12(vcpu)->vm_exit_controls & VM_EXIT_SAVE_IA32_PAT)
2318  get_vmcs12(vcpu)->guest_ia32_pat = data;
2319 
2320  if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT)
2321  vmcs_write64(GUEST_IA32_PAT, data);
2322  break;
2323  case MSR_IA32_MCG_EXT_CTL:
2324  if ((!msr_info->host_initiated &&
2325  !(to_vmx(vcpu)->msr_ia32_feature_control &
2326  FEAT_CTL_LMCE_ENABLED)) ||
2327  (data & ~MCG_EXT_CTL_LMCE_EN))
2328  return 1;
2329  vcpu->arch.mcg_ext_ctl = data;
2330  break;
2331  case MSR_IA32_FEAT_CTL:
2332  if (!is_vmx_feature_control_msr_valid(vmx, msr_info))
2333  return 1;
2334 
2335  vmx->msr_ia32_feature_control = data;
2336  if (msr_info->host_initiated && data == 0)
2337  vmx_leave_nested(vcpu);
2338 
2339  /* SGX may be enabled/disabled by guest's firmware */
2340  vmx_write_encls_bitmap(vcpu, NULL);
2341  break;
2342  case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
2343  /*
2344  * On real hardware, the LE hash MSRs are writable before
2345  * the firmware sets bit 0 in MSR 0x7a ("activating" SGX),
2346  * at which point SGX related bits in IA32_FEATURE_CONTROL
2347  * become writable.
2348  *
2349  * KVM does not emulate SGX activation for simplicity, so
2350  * allow writes to the LE hash MSRs if IA32_FEATURE_CONTROL
2351  * is unlocked. This is technically not architectural
2352  * behavior, but it's close enough.
2353  */
2354  if (!msr_info->host_initiated &&
2355  (!guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC) ||
2356  ((vmx->msr_ia32_feature_control & FEAT_CTL_LOCKED) &&
2357  !(vmx->msr_ia32_feature_control & FEAT_CTL_SGX_LC_ENABLED))))
2358  return 1;
2359  vmx->msr_ia32_sgxlepubkeyhash
2360  [msr_index - MSR_IA32_SGXLEPUBKEYHASH0] = data;
2361  break;
2362  case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
2363  if (!msr_info->host_initiated)
2364  return 1; /* they are read-only */
2365  if (!guest_can_use(vcpu, X86_FEATURE_VMX))
2366  return 1;
2367  return vmx_set_vmx_msr(vcpu, msr_index, data);
2368  case MSR_IA32_RTIT_CTL:
2369  if (!vmx_pt_mode_is_host_guest() ||
2370  vmx_rtit_ctl_check(vcpu, data) ||
2371  vmx->nested.vmxon)
2372  return 1;
2373  vmcs_write64(GUEST_IA32_RTIT_CTL, data);
2374  vmx->pt_desc.guest.ctl = data;
2375  pt_update_intercept_for_msr(vcpu);
2376  break;
2377  case MSR_IA32_RTIT_STATUS:
2378  if (!pt_can_write_msr(vmx))
2379  return 1;
2380  if (data & MSR_IA32_RTIT_STATUS_MASK)
2381  return 1;
2382  vmx->pt_desc.guest.status = data;
2383  break;
2384  case MSR_IA32_RTIT_CR3_MATCH:
2385  if (!pt_can_write_msr(vmx))
2386  return 1;
2387  if (!intel_pt_validate_cap(vmx->pt_desc.caps,
2388  PT_CAP_cr3_filtering))
2389  return 1;
2390  vmx->pt_desc.guest.cr3_match = data;
2391  break;
2392  case MSR_IA32_RTIT_OUTPUT_BASE:
2393  if (!pt_can_write_msr(vmx))
2394  return 1;
2395  if (!intel_pt_validate_cap(vmx->pt_desc.caps,
2396  PT_CAP_topa_output) &&
2397  !intel_pt_validate_cap(vmx->pt_desc.caps,
2398  PT_CAP_single_range_output))
2399  return 1;
2400  if (!pt_output_base_valid(vcpu, data))
2401  return 1;
2402  vmx->pt_desc.guest.output_base = data;
2403  break;
2404  case MSR_IA32_RTIT_OUTPUT_MASK:
2405  if (!pt_can_write_msr(vmx))
2406  return 1;
2407  if (!intel_pt_validate_cap(vmx->pt_desc.caps,
2408  PT_CAP_topa_output) &&
2409  !intel_pt_validate_cap(vmx->pt_desc.caps,
2410  PT_CAP_single_range_output))
2411  return 1;
2412  vmx->pt_desc.guest.output_mask = data;
2413  break;
2414  case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
2415  if (!pt_can_write_msr(vmx))
2416  return 1;
2417  index = msr_info->index - MSR_IA32_RTIT_ADDR0_A;
2418  if (index >= 2 * vmx->pt_desc.num_address_ranges)
2419  return 1;
2420  if (is_noncanonical_address(data, vcpu))
2421  return 1;
2422  if (index % 2)
2423  vmx->pt_desc.guest.addr_b[index / 2] = data;
2424  else
2425  vmx->pt_desc.guest.addr_a[index / 2] = data;
2426  break;
2427  case MSR_IA32_PERF_CAPABILITIES:
2428  if (data && !vcpu_to_pmu(vcpu)->version)
2429  return 1;
2430  if (data & PMU_CAP_LBR_FMT) {
2431  if ((data & PMU_CAP_LBR_FMT) !=
2432  (kvm_caps.supported_perf_cap & PMU_CAP_LBR_FMT))
2433  return 1;
2434  if (!cpuid_model_is_consistent(vcpu))
2435  return 1;
2436  }
2437  if (data & PERF_CAP_PEBS_FORMAT) {
2438  if ((data & PERF_CAP_PEBS_MASK) !=
2439  (kvm_caps.supported_perf_cap & PERF_CAP_PEBS_MASK))
2440  return 1;
2441  if (!guest_cpuid_has(vcpu, X86_FEATURE_DS))
2442  return 1;
2443  if (!guest_cpuid_has(vcpu, X86_FEATURE_DTES64))
2444  return 1;
2445  if (!cpuid_model_is_consistent(vcpu))
2446  return 1;
2447  }
2448  ret = kvm_set_msr_common(vcpu, msr_info);
2449  break;
2450 
2451  default:
2452  find_uret_msr:
2453  msr = vmx_find_uret_msr(vmx, msr_index);
2454  if (msr)
2455  ret = vmx_set_guest_uret_msr(vmx, msr, data);
2456  else
2457  ret = kvm_set_msr_common(vcpu, msr_info);
2458  }
2459 
2460  /* FB_CLEAR may have changed, also update the FB_CLEAR_DIS behavior */
2461  if (msr_index == MSR_IA32_ARCH_CAPABILITIES)
2462  vmx_update_fb_clear_dis(vcpu, vmx);
2463 
2464  return ret;
2465 }
2466 
2467 static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
2468 {
2469  unsigned long guest_owned_bits;
2470 
2471  kvm_register_mark_available(vcpu, reg);
2472 
2473  switch (reg) {
2474  case VCPU_REGS_RSP:
2475  vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP);
2476  break;
2477  case VCPU_REGS_RIP:
2478  vcpu->arch.regs[VCPU_REGS_RIP] = vmcs_readl(GUEST_RIP);
2479  break;
2480  case VCPU_EXREG_PDPTR:
2481  if (enable_ept)
2482  ept_save_pdptrs(vcpu);
2483  break;
2484  case VCPU_EXREG_CR0:
2485  guest_owned_bits = vcpu->arch.cr0_guest_owned_bits;
2486 
2487  vcpu->arch.cr0 &= ~guest_owned_bits;
2488  vcpu->arch.cr0 |= vmcs_readl(GUEST_CR0) & guest_owned_bits;
2489  break;
2490  case VCPU_EXREG_CR3:
2491  /*
2492  * When intercepting CR3 loads, e.g. for shadowing paging, KVM's
2493  * CR3 is loaded into hardware, not the guest's CR3.
2494  */
2495  if (!(exec_controls_get(to_vmx(vcpu)) & CPU_BASED_CR3_LOAD_EXITING))
2496  vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
2497  break;
2498  case VCPU_EXREG_CR4:
2499  guest_owned_bits = vcpu->arch.cr4_guest_owned_bits;
2500 
2501  vcpu->arch.cr4 &= ~guest_owned_bits;
2502  vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & guest_owned_bits;
2503  break;
2504  default:
2505  KVM_BUG_ON(1, vcpu->kvm);
2506  break;
2507  }
2508 }
2509 
2510 /*
2511  * There is no X86_FEATURE for SGX yet, but anyway we need to query CPUID
2512  * directly instead of going through cpu_has(), to ensure KVM is trapping
2513  * ENCLS whenever it's supported in hardware. It does not matter whether
2514  * the host OS supports or has enabled SGX.
2515  */
2516 static bool cpu_has_sgx(void)
2517 {
2518  return cpuid_eax(0) >= 0x12 && (cpuid_eax(0x12) & BIT(0));
2519 }
2520 
2521 /*
2522  * Some cpus support VM_{ENTRY,EXIT}_IA32_PERF_GLOBAL_CTRL but they
2523  * can't be used due to errata where VM Exit may incorrectly clear
2524  * IA32_PERF_GLOBAL_CTRL[34:32]. Work around the errata by using the
2525  * MSR load mechanism to switch IA32_PERF_GLOBAL_CTRL.
2526  */
2527 static bool cpu_has_perf_global_ctrl_bug(void)
2528 {
2529  if (boot_cpu_data.x86 == 0x6) {
2530  switch (boot_cpu_data.x86_model) {
2531  case INTEL_FAM6_NEHALEM_EP: /* AAK155 */
2532  case INTEL_FAM6_NEHALEM: /* AAP115 */
2533  case INTEL_FAM6_WESTMERE: /* AAT100 */
2534  case INTEL_FAM6_WESTMERE_EP: /* BC86,AAY89,BD102 */
2535  case INTEL_FAM6_NEHALEM_EX: /* BA97 */
2536  return true;
2537  default:
2538  break;
2539  }
2540  }
2541 
2542  return false;
2543 }
2544 
2545 static int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt, u32 msr, u32 *result)
2546 {
2547  u32 vmx_msr_low, vmx_msr_high;
2548  u32 ctl = ctl_min | ctl_opt;
2549 
2550  rdmsr(msr, vmx_msr_low, vmx_msr_high);
2551 
2552  ctl &= vmx_msr_high; /* bit == 0 in high word ==> must be zero */
2553  ctl |= vmx_msr_low; /* bit == 1 in low word ==> must be one */
2554 
2555  /* Ensure minimum (required) set of control bits are supported. */
2556  if (ctl_min & ~ctl)
2557  return -EIO;
2558 
2559  *result = ctl;
2560  return 0;
2561 }
2562 
2563 static u64 adjust_vmx_controls64(u64 ctl_opt, u32 msr)
2564 {
2565  u64 allowed;
2566 
2567  rdmsrl(msr, allowed);
2568 
2569  return ctl_opt & allowed;
2570 }
2571 
2572 static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
2573  struct vmx_capability *vmx_cap)
2574 {
2575  u32 vmx_msr_low, vmx_msr_high;
2576  u32 _pin_based_exec_control = 0;
2577  u32 _cpu_based_exec_control = 0;
2578  u32 _cpu_based_2nd_exec_control = 0;
2579  u64 _cpu_based_3rd_exec_control = 0;
2580  u32 _vmexit_control = 0;
2581  u32 _vmentry_control = 0;
2582  u64 misc_msr;
2583  int i;
2584 
2585  /*
2586  * LOAD/SAVE_DEBUG_CONTROLS are absent because both are mandatory.
2587  * SAVE_IA32_PAT and SAVE_IA32_EFER are absent because KVM always
2588  * intercepts writes to PAT and EFER, i.e. never enables those controls.
2589  */
2590  struct {
2591  u32 entry_control;
2592  u32 exit_control;
2593  } const vmcs_entry_exit_pairs[] = {
2594  { VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL, VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL },
2595  { VM_ENTRY_LOAD_IA32_PAT, VM_EXIT_LOAD_IA32_PAT },
2596  { VM_ENTRY_LOAD_IA32_EFER, VM_EXIT_LOAD_IA32_EFER },
2597  { VM_ENTRY_LOAD_BNDCFGS, VM_EXIT_CLEAR_BNDCFGS },
2598  { VM_ENTRY_LOAD_IA32_RTIT_CTL, VM_EXIT_CLEAR_IA32_RTIT_CTL },
2599  };
2600 
2601  memset(vmcs_conf, 0, sizeof(*vmcs_conf));
2602 
2603  if (adjust_vmx_controls(KVM_REQUIRED_VMX_CPU_BASED_VM_EXEC_CONTROL,
2604  KVM_OPTIONAL_VMX_CPU_BASED_VM_EXEC_CONTROL,
2605  MSR_IA32_VMX_PROCBASED_CTLS,
2606  &_cpu_based_exec_control))
2607  return -EIO;
2608  if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) {
2609  if (adjust_vmx_controls(KVM_REQUIRED_VMX_SECONDARY_VM_EXEC_CONTROL,
2610  KVM_OPTIONAL_VMX_SECONDARY_VM_EXEC_CONTROL,
2611  MSR_IA32_VMX_PROCBASED_CTLS2,
2612  &_cpu_based_2nd_exec_control))
2613  return -EIO;
2614  }
2615 #ifndef CONFIG_X86_64
2616  if (!(_cpu_based_2nd_exec_control &
2617  SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES))
2618  _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW;
2619 #endif
2620 
2621  if (!(_cpu_based_exec_control & CPU_BASED_TPR_SHADOW))
2622  _cpu_based_2nd_exec_control &= ~(
2623  SECONDARY_EXEC_APIC_REGISTER_VIRT |
2624  SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2625  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
2626 
2627  rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP,
2628  &vmx_cap->ept, &vmx_cap->vpid);
2629 
2630  if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) &&
2631  vmx_cap->ept) {
2632  pr_warn_once("EPT CAP should not exist if not support "
2633  "1-setting enable EPT VM-execution control\n");
2634 
2635  if (error_on_inconsistent_vmcs_config)
2636  return -EIO;
2637 
2638  vmx_cap->ept = 0;
2639  }
2640  if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_VPID) &&
2641  vmx_cap->vpid) {
2642  pr_warn_once("VPID CAP should not exist if not support "
2643  "1-setting enable VPID VM-execution control\n");
2644 
2645  if (error_on_inconsistent_vmcs_config)
2646  return -EIO;
2647 
2648  vmx_cap->vpid = 0;
2649  }
2650 
2651  if (!cpu_has_sgx())
2652  _cpu_based_2nd_exec_control &= ~SECONDARY_EXEC_ENCLS_EXITING;
2653 
2654  if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS)
2655  _cpu_based_3rd_exec_control =
2656  adjust_vmx_controls64(KVM_OPTIONAL_VMX_TERTIARY_VM_EXEC_CONTROL,
2657  MSR_IA32_VMX_PROCBASED_CTLS3);
2658 
2659  if (adjust_vmx_controls(KVM_REQUIRED_VMX_VM_EXIT_CONTROLS,
2660  KVM_OPTIONAL_VMX_VM_EXIT_CONTROLS,
2661  MSR_IA32_VMX_EXIT_CTLS,
2662  &_vmexit_control))
2663  return -EIO;
2664 
2665  if (adjust_vmx_controls(KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL,
2666  KVM_OPTIONAL_VMX_PIN_BASED_VM_EXEC_CONTROL,
2667  MSR_IA32_VMX_PINBASED_CTLS,
2668  &_pin_based_exec_control))
2669  return -EIO;
2670 
2671  if (cpu_has_broken_vmx_preemption_timer())
2672  _pin_based_exec_control &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
2673  if (!(_cpu_based_2nd_exec_control &
2674  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY))
2675  _pin_based_exec_control &= ~PIN_BASED_POSTED_INTR;
2676 
2677  if (adjust_vmx_controls(KVM_REQUIRED_VMX_VM_ENTRY_CONTROLS,
2678  KVM_OPTIONAL_VMX_VM_ENTRY_CONTROLS,
2679  MSR_IA32_VMX_ENTRY_CTLS,
2680  &_vmentry_control))
2681  return -EIO;
2682 
2683  for (i = 0; i < ARRAY_SIZE(vmcs_entry_exit_pairs); i++) {
2684  u32 n_ctrl = vmcs_entry_exit_pairs[i].entry_control;
2685  u32 x_ctrl = vmcs_entry_exit_pairs[i].exit_control;
2686 
2687  if (!(_vmentry_control & n_ctrl) == !(_vmexit_control & x_ctrl))
2688  continue;
2689 
2690  pr_warn_once("Inconsistent VM-Entry/VM-Exit pair, entry = %x, exit = %x\n",
2691  _vmentry_control & n_ctrl, _vmexit_control & x_ctrl);
2692 
2693  if (error_on_inconsistent_vmcs_config)
2694  return -EIO;
2695 
2696  _vmentry_control &= ~n_ctrl;
2697  _vmexit_control &= ~x_ctrl;
2698  }
2699 
2700  rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high);
2701 
2702  /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */
2703  if ((vmx_msr_high & 0x1fff) > PAGE_SIZE)
2704  return -EIO;
2705 
2706 #ifdef CONFIG_X86_64
2707  /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */
2708  if (vmx_msr_high & (1u<<16))
2709  return -EIO;
2710 #endif
2711 
2712  /* Require Write-Back (WB) memory type for VMCS accesses. */
2713  if (((vmx_msr_high >> 18) & 15) != 6)
2714  return -EIO;
2715 
2716  rdmsrl(MSR_IA32_VMX_MISC, misc_msr);
2717 
2718  vmcs_conf->size = vmx_msr_high & 0x1fff;
2719  vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff;
2720 
2721  vmcs_conf->revision_id = vmx_msr_low;
2722 
2723  vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control;
2724  vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control;
2725  vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control;
2726  vmcs_conf->cpu_based_3rd_exec_ctrl = _cpu_based_3rd_exec_control;
2727  vmcs_conf->vmexit_ctrl = _vmexit_control;
2728  vmcs_conf->vmentry_ctrl = _vmentry_control;
2729  vmcs_conf->misc = misc_msr;
2730 
2731 #if IS_ENABLED(CONFIG_HYPERV)
2732  if (enlightened_vmcs)
2733  evmcs_sanitize_exec_ctrls(vmcs_conf);
2734 #endif
2735 
2736  return 0;
2737 }
2738 
2739 static bool __kvm_is_vmx_supported(void)
2740 {
2741  int cpu = smp_processor_id();
2742 
2743  if (!(cpuid_ecx(1) & feature_bit(VMX))) {
2744  pr_err("VMX not supported by CPU %d\n", cpu);
2745  return false;
2746  }
2747 
2748  if (!this_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) ||
2749  !this_cpu_has(X86_FEATURE_VMX)) {
2750  pr_err("VMX not enabled (by BIOS) in MSR_IA32_FEAT_CTL on CPU %d\n", cpu);
2751  return false;
2752  }
2753 
2754  return true;
2755 }
2756 
2757 static bool kvm_is_vmx_supported(void)
2758 {
2759  bool supported;
2760 
2761  migrate_disable();
2762  supported = __kvm_is_vmx_supported();
2763  migrate_enable();
2764 
2765  return supported;
2766 }
2767 
2768 static int vmx_check_processor_compat(void)
2769 {
2770  int cpu = raw_smp_processor_id();
2771  struct vmcs_config vmcs_conf;
2772  struct vmx_capability vmx_cap;
2773 
2774  if (!__kvm_is_vmx_supported())
2775  return -EIO;
2776 
2777  if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0) {
2778  pr_err("Failed to setup VMCS config on CPU %d\n", cpu);
2779  return -EIO;
2780  }
2781  if (nested)
2782  nested_vmx_setup_ctls_msrs(&vmcs_conf, vmx_cap.ept);
2783  if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config))) {
2784  pr_err("Inconsistent VMCS config on CPU %d\n", cpu);
2785  return -EIO;
2786  }
2787  return 0;
2788 }
2789 
2790 static int kvm_cpu_vmxon(u64 vmxon_pointer)
2791 {
2792  u64 msr;
2793 
2794  cr4_set_bits(X86_CR4_VMXE);
2795 
2796  asm goto("1: vmxon %[vmxon_pointer]\n\t"
2797  _ASM_EXTABLE(1b, %l[fault])
2798  : : [vmxon_pointer] "m"(vmxon_pointer)
2799  : : fault);
2800  return 0;
2801 
2802 fault:
2803  WARN_ONCE(1, "VMXON faulted, MSR_IA32_FEAT_CTL (0x3a) = 0x%llx\n",
2804  rdmsrl_safe(MSR_IA32_FEAT_CTL, &msr) ? 0xdeadbeef : msr);
2805  cr4_clear_bits(X86_CR4_VMXE);
2806 
2807  return -EFAULT;
2808 }
2809 
2810 static int vmx_hardware_enable(void)
2811 {
2812  int cpu = raw_smp_processor_id();
2813  u64 phys_addr = __pa(per_cpu(vmxarea, cpu));
2814  int r;
2815 
2816  if (cr4_read_shadow() & X86_CR4_VMXE)
2817  return -EBUSY;
2818 
2819  /*
2820  * This can happen if we hot-added a CPU but failed to allocate
2821  * VP assist page for it.
2822  */
2823  if (kvm_is_using_evmcs() && !hv_get_vp_assist_page(cpu))
2824  return -EFAULT;
2825 
2826  intel_pt_handle_vmx(1);
2827 
2828  r = kvm_cpu_vmxon(phys_addr);
2829  if (r) {
2830  intel_pt_handle_vmx(0);
2831  return r;
2832  }
2833 
2834  if (enable_ept)
2835  ept_sync_global();
2836 
2837  return 0;
2838 }
2839 
2840 static void vmclear_local_loaded_vmcss(void)
2841 {
2842  int cpu = raw_smp_processor_id();
2843  struct loaded_vmcs *v, *n;
2844 
2845  list_for_each_entry_safe(v, n, &per_cpu(loaded_vmcss_on_cpu, cpu),
2846  loaded_vmcss_on_cpu_link)
2847  __loaded_vmcs_clear(v);
2848 }
2849 
2850 static void vmx_hardware_disable(void)
2851 {
2852  vmclear_local_loaded_vmcss();
2853 
2854  if (kvm_cpu_vmxoff())
2855  kvm_spurious_fault();
2856 
2857  hv_reset_evmcs();
2858 
2859  intel_pt_handle_vmx(0);
2860 }
2861 
2862 struct vmcs *alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags)
2863 {
2864  int node = cpu_to_node(cpu);
2865  struct page *pages;
2866  struct vmcs *vmcs;
2867 
2868  pages = __alloc_pages_node(node, flags, 0);
2869  if (!pages)
2870  return NULL;
2871  vmcs = page_address(pages);
2872  memset(vmcs, 0, vmcs_config.size);
2873 
2874  /* KVM supports Enlightened VMCS v1 only */
2875  if (kvm_is_using_evmcs())
2876  vmcs->hdr.revision_id = KVM_EVMCS_VERSION;
2877  else
2878  vmcs->hdr.revision_id = vmcs_config.revision_id;
2879 
2880  if (shadow)
2881  vmcs->hdr.shadow_vmcs = 1;
2882  return vmcs;
2883 }
2884 
2885 void free_vmcs(struct vmcs *vmcs)
2886 {
2887  free_page((unsigned long)vmcs);
2888 }
2889 
2890 /*
2891  * Free a VMCS, but before that VMCLEAR it on the CPU where it was last loaded
2892  */
2893 void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
2894 {
2895  if (!loaded_vmcs->vmcs)
2896  return;
2897  loaded_vmcs_clear(loaded_vmcs);
2898  free_vmcs(loaded_vmcs->vmcs);
2899  loaded_vmcs->vmcs = NULL;
2900  if (loaded_vmcs->msr_bitmap)
2901  free_page((unsigned long)loaded_vmcs->msr_bitmap);
2902  WARN_ON(loaded_vmcs->shadow_vmcs != NULL);
2903 }
2904 
2905 int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
2906 {
2907  loaded_vmcs->vmcs = alloc_vmcs(false);
2908  if (!loaded_vmcs->vmcs)
2909  return -ENOMEM;
2910 
2911  vmcs_clear(loaded_vmcs->vmcs);
2912 
2913  loaded_vmcs->shadow_vmcs = NULL;
2914  loaded_vmcs->hv_timer_soft_disabled = false;
2915  loaded_vmcs->cpu = -1;
2916  loaded_vmcs->launched = 0;
2917 
2918  if (cpu_has_vmx_msr_bitmap()) {
2919  loaded_vmcs->msr_bitmap = (unsigned long *)
2920  __get_free_page(GFP_KERNEL_ACCOUNT);
2921  if (!loaded_vmcs->msr_bitmap)
2922  goto out_vmcs;
2923  memset(loaded_vmcs->msr_bitmap, 0xff, PAGE_SIZE);
2924  }
2925 
2926  memset(&loaded_vmcs->host_state, 0, sizeof(struct vmcs_host_state));
2927  memset(&loaded_vmcs->controls_shadow, 0,
2928  sizeof(struct vmcs_controls_shadow));
2929 
2930  return 0;
2931 
2932 out_vmcs:
2933  free_loaded_vmcs(loaded_vmcs);
2934  return -ENOMEM;
2935 }
2936 
2937 static void free_kvm_area(void)
2938 {
2939  int cpu;
2940 
2941  for_each_possible_cpu(cpu) {
2942  free_vmcs(per_cpu(vmxarea, cpu));
2943  per_cpu(vmxarea, cpu) = NULL;
2944  }
2945 }
2946 
2947 static __init int alloc_kvm_area(void)
2948 {
2949  int cpu;
2950 
2951  for_each_possible_cpu(cpu) {
2952  struct vmcs *vmcs;
2953 
2954  vmcs = alloc_vmcs_cpu(false, cpu, GFP_KERNEL);
2955  if (!vmcs) {
2956  free_kvm_area();
2957  return -ENOMEM;
2958  }
2959 
2960  /*
2961  * When eVMCS is enabled, alloc_vmcs_cpu() sets
2962  * vmcs->revision_id to KVM_EVMCS_VERSION instead of
2963  * revision_id reported by MSR_IA32_VMX_BASIC.
2964  *
2965  * However, even though not explicitly documented by
2966  * TLFS, VMXArea passed as VMXON argument should
2967  * still be marked with revision_id reported by
2968  * physical CPU.
2969  */
2970  if (kvm_is_using_evmcs())
2971  vmcs->hdr.revision_id = vmcs_config.revision_id;
2972 
2973  per_cpu(vmxarea, cpu) = vmcs;
2974  }
2975  return 0;
2976 }
2977 
2978 static void fix_pmode_seg(struct kvm_vcpu *vcpu, int seg,
2979  struct kvm_segment *save)
2980 {
2981  if (!emulate_invalid_guest_state) {
2982  /*
2983  * CS and SS RPL should be equal during guest entry according
2984  * to VMX spec, but in reality it is not always so. Since vcpu
2985  * is in the middle of the transition from real mode to
2986  * protected mode it is safe to assume that RPL 0 is a good
2987  * default value.
2988  */
2989  if (seg == VCPU_SREG_CS || seg == VCPU_SREG_SS)
2990  save->selector &= ~SEGMENT_RPL_MASK;
2991  save->dpl = save->selector & SEGMENT_RPL_MASK;
2992  save->s = 1;
2993  }
2994  __vmx_set_segment(vcpu, save, seg);
2995 }
2996 
2997 static void enter_pmode(struct kvm_vcpu *vcpu)
2998 {
2999  unsigned long flags;
3000  struct vcpu_vmx *vmx = to_vmx(vcpu);
3001 
3002  /*
3003  * Update real mode segment cache. It may be not up-to-date if segment
3004  * register was written while vcpu was in a guest mode.
3005  */
3006  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES);
3007  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS);
3008  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS);
3009  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS);
3010  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS);
3011  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS);
3012 
3013  vmx->rmode.vm86_active = 0;
3014 
3015  __vmx_set_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR);
3016 
3017  flags = vmcs_readl(GUEST_RFLAGS);
3018  flags &= RMODE_GUEST_OWNED_EFLAGS_BITS;
3019  flags |= vmx->rmode.save_rflags & ~RMODE_GUEST_OWNED_EFLAGS_BITS;
3020  vmcs_writel(GUEST_RFLAGS, flags);
3021 
3022  vmcs_writel(GUEST_CR4, (vmcs_readl(GUEST_CR4) & ~X86_CR4_VME) |
3023  (vmcs_readl(CR4_READ_SHADOW) & X86_CR4_VME));
3024 
3025  vmx_update_exception_bitmap(vcpu);
3026 
3027  fix_pmode_seg(vcpu, VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]);
3028  fix_pmode_seg(vcpu, VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]);
3029  fix_pmode_seg(vcpu, VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]);
3030  fix_pmode_seg(vcpu, VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]);
3031  fix_pmode_seg(vcpu, VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]);
3032  fix_pmode_seg(vcpu, VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]);
3033 }
3034 
3035 static void fix_rmode_seg(int seg, struct kvm_segment *save)
3036 {
3037  const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
3038  struct kvm_segment var = *save;
3039 
3040  var.dpl = 0x3;
3041  if (seg == VCPU_SREG_CS)
3042  var.type = 0x3;
3043 
3044  if (!emulate_invalid_guest_state) {
3045  var.selector = var.base >> 4;
3046  var.base = var.base & 0xffff0;
3047  var.limit = 0xffff;
3048  var.g = 0;
3049  var.db = 0;
3050  var.present = 1;
3051  var.s = 1;
3052  var.l = 0;
3053  var.unusable = 0;
3054  var.type = 0x3;
3055  var.avl = 0;
3056  if (save->base & 0xf)
3057  pr_warn_once("segment base is not paragraph aligned "
3058  "when entering protected mode (seg=%d)", seg);
3059  }
3060 
3061  vmcs_write16(sf->selector, var.selector);
3062  vmcs_writel(sf->base, var.base);
3063  vmcs_write32(sf->limit, var.limit);
3064  vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(&var));
3065 }
3066 
3067 static void enter_rmode(struct kvm_vcpu *vcpu)
3068 {
3069  unsigned long flags;
3070  struct vcpu_vmx *vmx = to_vmx(vcpu);
3071  struct kvm_vmx *kvm_vmx = to_kvm_vmx(vcpu->kvm);
3072 
3073  /*
3074  * KVM should never use VM86 to virtualize Real Mode when L2 is active,
3075  * as using VM86 is unnecessary if unrestricted guest is enabled, and
3076  * if unrestricted guest is disabled, VM-Enter (from L1) with CR0.PG=0
3077  * should VM-Fail and KVM should reject userspace attempts to stuff
3078  * CR0.PG=0 when L2 is active.
3079  */
3080  WARN_ON_ONCE(is_guest_mode(vcpu));
3081 
3082  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_TR], VCPU_SREG_TR);
3083  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_ES], VCPU_SREG_ES);
3084  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_DS], VCPU_SREG_DS);
3085  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_FS], VCPU_SREG_FS);
3086  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_GS], VCPU_SREG_GS);
3087  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_SS], VCPU_SREG_SS);
3088  vmx_get_segment(vcpu, &vmx->rmode.segs[VCPU_SREG_CS], VCPU_SREG_CS);
3089 
3090  vmx->rmode.vm86_active = 1;
3091 
3092  vmx_segment_cache_clear(vmx);
3093 
3094  vmcs_writel(GUEST_TR_BASE, kvm_vmx->tss_addr);
3095  vmcs_write32(GUEST_TR_LIMIT, RMODE_TSS_SIZE - 1);
3096  vmcs_write32(GUEST_TR_AR_BYTES, 0x008b);
3097 
3098  flags = vmcs_readl(GUEST_RFLAGS);
3099  vmx->rmode.save_rflags = flags;
3100 
3101  flags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM;
3102 
3103  vmcs_writel(GUEST_RFLAGS, flags);
3104  vmcs_writel(GUEST_CR4, vmcs_readl(GUEST_CR4) | X86_CR4_VME);
3105  vmx_update_exception_bitmap(vcpu);
3106 
3107  fix_rmode_seg(VCPU_SREG_SS, &vmx->rmode.segs[VCPU_SREG_SS]);
3108  fix_rmode_seg(VCPU_SREG_CS, &vmx->rmode.segs[VCPU_SREG_CS]);
3109  fix_rmode_seg(VCPU_SREG_ES, &vmx->rmode.segs[VCPU_SREG_ES]);
3110  fix_rmode_seg(VCPU_SREG_DS, &vmx->rmode.segs[VCPU_SREG_DS]);
3111  fix_rmode_seg(VCPU_SREG_GS, &vmx->rmode.segs[VCPU_SREG_GS]);
3112  fix_rmode_seg(VCPU_SREG_FS, &vmx->rmode.segs[VCPU_SREG_FS]);
3113 }
3114 
3115 int vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
3116 {
3117  struct vcpu_vmx *vmx = to_vmx(vcpu);
3118 
3119  /* Nothing to do if hardware doesn't support EFER. */
3120  if (!vmx_find_uret_msr(vmx, MSR_EFER))
3121  return 0;
3122 
3123  vcpu->arch.efer = efer;
3124 #ifdef CONFIG_X86_64
3125  if (efer & EFER_LMA)
3126  vm_entry_controls_setbit(vmx, VM_ENTRY_IA32E_MODE);
3127  else
3128  vm_entry_controls_clearbit(vmx, VM_ENTRY_IA32E_MODE);
3129 #else
3130  if (KVM_BUG_ON(efer & EFER_LMA, vcpu->kvm))
3131  return 1;
3132 #endif
3133 
3134  vmx_setup_uret_msrs(vmx);
3135  return 0;
3136 }
3137 
3138 #ifdef CONFIG_X86_64
3139 
3140 static void enter_lmode(struct kvm_vcpu *vcpu)
3141 {
3142  u32 guest_tr_ar;
3143 
3144  vmx_segment_cache_clear(to_vmx(vcpu));
3145 
3146  guest_tr_ar = vmcs_read32(GUEST_TR_AR_BYTES);
3147  if ((guest_tr_ar & VMX_AR_TYPE_MASK) != VMX_AR_TYPE_BUSY_64_TSS) {
3148  pr_debug_ratelimited("%s: tss fixup for long mode. \n",
3149  __func__);
3150  vmcs_write32(GUEST_TR_AR_BYTES,
3151  (guest_tr_ar & ~VMX_AR_TYPE_MASK)
3152  | VMX_AR_TYPE_BUSY_64_TSS);
3153  }
3154  vmx_set_efer(vcpu, vcpu->arch.efer | EFER_LMA);
3155 }
3156 
3157 static void exit_lmode(struct kvm_vcpu *vcpu)
3158 {
3159  vmx_set_efer(vcpu, vcpu->arch.efer & ~EFER_LMA);
3160 }
3161 
3162 #endif
3163 
3164 static void vmx_flush_tlb_all(struct kvm_vcpu *vcpu)
3165 {
3166  struct vcpu_vmx *vmx = to_vmx(vcpu);
3167 
3168  /*
3169  * INVEPT must be issued when EPT is enabled, irrespective of VPID, as
3170  * the CPU is not required to invalidate guest-physical mappings on
3171  * VM-Entry, even if VPID is disabled. Guest-physical mappings are
3172  * associated with the root EPT structure and not any particular VPID
3173  * (INVVPID also isn't required to invalidate guest-physical mappings).
3174  */
3175  if (enable_ept) {
3176  ept_sync_global();
3177  } else if (enable_vpid) {
3178  if (cpu_has_vmx_invvpid_global()) {
3179  vpid_sync_vcpu_global();
3180  } else {
3181  vpid_sync_vcpu_single(vmx->vpid);
3182  vpid_sync_vcpu_single(vmx->nested.vpid02);
3183  }
3184  }
3185 }
3186 
3187 static inline int vmx_get_current_vpid(struct kvm_vcpu *vcpu)
3188 {
3189  if (is_guest_mode(vcpu))
3190  return nested_get_vpid02(vcpu);
3191  return to_vmx(vcpu)->vpid;
3192 }
3193 
3194 static void vmx_flush_tlb_current(struct kvm_vcpu *vcpu)
3195 {
3196  struct kvm_mmu *mmu = vcpu->arch.mmu;
3197  u64 root_hpa = mmu->root.hpa;
3198 
3199  /* No flush required if the current context is invalid. */
3200  if (!VALID_PAGE(root_hpa))
3201  return;
3202 
3203  if (enable_ept)
3204  ept_sync_context(construct_eptp(vcpu, root_hpa,
3205  mmu->root_role.level));
3206  else
3207  vpid_sync_context(vmx_get_current_vpid(vcpu));
3208 }
3209 
3210 static void vmx_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t addr)
3211 {
3212  /*
3213  * vpid_sync_vcpu_addr() is a nop if vpid==0, see the comment in
3214  * vmx_flush_tlb_guest() for an explanation of why this is ok.
3215  */
3216  vpid_sync_vcpu_addr(vmx_get_current_vpid(vcpu), addr);
3217 }
3218 
3219 static void vmx_flush_tlb_guest(struct kvm_vcpu *vcpu)
3220 {
3221  /*
3222  * vpid_sync_context() is a nop if vpid==0, e.g. if enable_vpid==0 or a
3223  * vpid couldn't be allocated for this vCPU. VM-Enter and VM-Exit are
3224  * required to flush GVA->{G,H}PA mappings from the TLB if vpid is
3225  * disabled (VM-Enter with vpid enabled and vpid==0 is disallowed),
3226  * i.e. no explicit INVVPID is necessary.
3227  */
3228  vpid_sync_context(vmx_get_current_vpid(vcpu));
3229 }
3230 
3231 void vmx_ept_load_pdptrs(struct kvm_vcpu *vcpu)
3232 {
3233  struct kvm_mmu *mmu = vcpu->arch.walk_mmu;
3234 
3235  if (!kvm_register_is_dirty(vcpu, VCPU_EXREG_PDPTR))
3236  return;
3237 
3238  if (is_pae_paging(vcpu)) {
3239  vmcs_write64(GUEST_PDPTR0, mmu->pdptrs[0]);
3240  vmcs_write64(GUEST_PDPTR1, mmu->pdptrs[1]);
3241  vmcs_write64(GUEST_PDPTR2, mmu->pdptrs[2]);
3242  vmcs_write64(GUEST_PDPTR3, mmu->pdptrs[3]);
3243  }
3244 }
3245 
3246 void ept_save_pdptrs(struct kvm_vcpu *vcpu)
3247 {
3248  struct kvm_mmu *mmu = vcpu->arch.walk_mmu;
3249 
3250  if (WARN_ON_ONCE(!is_pae_paging(vcpu)))
3251  return;
3252 
3253  mmu->pdptrs[0] = vmcs_read64(GUEST_PDPTR0);
3254  mmu->pdptrs[1] = vmcs_read64(GUEST_PDPTR1);
3255  mmu->pdptrs[2] = vmcs_read64(GUEST_PDPTR2);
3256  mmu->pdptrs[3] = vmcs_read64(GUEST_PDPTR3);
3257 
3258  kvm_register_mark_available(vcpu, VCPU_EXREG_PDPTR);
3259 }
3260 
3261 #define CR3_EXITING_BITS (CPU_BASED_CR3_LOAD_EXITING | \
3262  CPU_BASED_CR3_STORE_EXITING)
3263 
3264 static bool vmx_is_valid_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
3265 {
3266  if (is_guest_mode(vcpu))
3267  return nested_guest_cr0_valid(vcpu, cr0);
3268 
3269  if (to_vmx(vcpu)->nested.vmxon)
3270  return nested_host_cr0_valid(vcpu, cr0);
3271 
3272  return true;
3273 }
3274 
3275 void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
3276 {
3277  struct vcpu_vmx *vmx = to_vmx(vcpu);
3278  unsigned long hw_cr0, old_cr0_pg;
3279  u32 tmp;
3280 
3281  old_cr0_pg = kvm_read_cr0_bits(vcpu, X86_CR0_PG);
3282 
3283  hw_cr0 = (cr0 & ~KVM_VM_CR0_ALWAYS_OFF);
3284  if (enable_unrestricted_guest)
3285  hw_cr0 |= KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST;
3286  else {
3287  hw_cr0 |= KVM_VM_CR0_ALWAYS_ON;
3288  if (!enable_ept)
3289  hw_cr0 |= X86_CR0_WP;
3290 
3291  if (vmx->rmode.vm86_active && (cr0 & X86_CR0_PE))
3292  enter_pmode(vcpu);
3293 
3294  if (!vmx->rmode.vm86_active && !(cr0 & X86_CR0_PE))
3295  enter_rmode(vcpu);
3296  }
3297 
3298  vmcs_writel(CR0_READ_SHADOW, cr0);
3299  vmcs_writel(GUEST_CR0, hw_cr0);
3300  vcpu->arch.cr0 = cr0;
3301  kvm_register_mark_available(vcpu, VCPU_EXREG_CR0);
3302 
3303 #ifdef CONFIG_X86_64
3304  if (vcpu->arch.efer & EFER_LME) {
3305  if (!old_cr0_pg && (cr0 & X86_CR0_PG))
3306  enter_lmode(vcpu);
3307  else if (old_cr0_pg && !(cr0 & X86_CR0_PG))
3308  exit_lmode(vcpu);
3309  }
3310 #endif
3311 
3312  if (enable_ept && !enable_unrestricted_guest) {
3313  /*
3314  * Ensure KVM has an up-to-date snapshot of the guest's CR3. If
3315  * the below code _enables_ CR3 exiting, vmx_cache_reg() will
3316  * (correctly) stop reading vmcs.GUEST_CR3 because it thinks
3317  * KVM's CR3 is installed.
3318  */
3319  if (!kvm_register_is_available(vcpu, VCPU_EXREG_CR3))
3320  vmx_cache_reg(vcpu, VCPU_EXREG_CR3);
3321 
3322  /*
3323  * When running with EPT but not unrestricted guest, KVM must
3324  * intercept CR3 accesses when paging is _disabled_. This is
3325  * necessary because restricted guests can't actually run with
3326  * paging disabled, and so KVM stuffs its own CR3 in order to
3327  * run the guest when identity mapped page tables.
3328  *
3329  * Do _NOT_ check the old CR0.PG, e.g. to optimize away the
3330  * update, it may be stale with respect to CR3 interception,
3331  * e.g. after nested VM-Enter.
3332  *
3333  * Lastly, honor L1's desires, i.e. intercept CR3 loads and/or
3334  * stores to forward them to L1, even if KVM does not need to
3335  * intercept them to preserve its identity mapped page tables.
3336  */
3337  if (!(cr0 & X86_CR0_PG)) {
3338  exec_controls_setbit(vmx, CR3_EXITING_BITS);
3339  } else if (!is_guest_mode(vcpu)) {
3340  exec_controls_clearbit(vmx, CR3_EXITING_BITS);
3341  } else {
3342  tmp = exec_controls_get(vmx);
3343  tmp &= ~CR3_EXITING_BITS;
3344  tmp |= get_vmcs12(vcpu)->cpu_based_vm_exec_control & CR3_EXITING_BITS;
3345  exec_controls_set(vmx, tmp);
3346  }
3347 
3348  /* Note, vmx_set_cr4() consumes the new vcpu->arch.cr0. */
3349  if ((old_cr0_pg ^ cr0) & X86_CR0_PG)
3350  vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
3351 
3352  /*
3353  * When !CR0_PG -> CR0_PG, vcpu->arch.cr3 becomes active, but
3354  * GUEST_CR3 is still vmx->ept_identity_map_addr if EPT + !URG.
3355  */
3356  if (!(old_cr0_pg & X86_CR0_PG) && (cr0 & X86_CR0_PG))
3357  kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3);
3358  }
3359 
3360  /* depends on vcpu->arch.cr0 to be set to a new value */
3361  vmx->emulation_required = vmx_emulation_required(vcpu);
3362 }
3363 
3364 static int vmx_get_max_ept_level(void)
3365 {
3366  if (cpu_has_vmx_ept_5levels())
3367  return 5;
3368  return 4;
3369 }
3370 
3371 u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level)
3372 {
3373  u64 eptp = VMX_EPTP_MT_WB;
3374 
3375  eptp |= (root_level == 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4;
3376 
3377  if (enable_ept_ad_bits &&
3378  (!is_guest_mode(vcpu) || nested_ept_ad_enabled(vcpu)))
3379  eptp |= VMX_EPTP_AD_ENABLE_BIT;
3380  eptp |= root_hpa;
3381 
3382  return eptp;
3383 }
3384 
3385 static void vmx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa,
3386  int root_level)
3387 {
3388  struct kvm *kvm = vcpu->kvm;
3389  bool update_guest_cr3 = true;
3390  unsigned long guest_cr3;
3391  u64 eptp;
3392 
3393  if (enable_ept) {
3394  eptp = construct_eptp(vcpu, root_hpa, root_level);
3395  vmcs_write64(EPT_POINTER, eptp);
3396 
3397  hv_track_root_tdp(vcpu, root_hpa);
3398 
3399  if (!enable_unrestricted_guest && !is_paging(vcpu))
3400  guest_cr3 = to_kvm_vmx(kvm)->ept_identity_map_addr;
3401  else if (kvm_register_is_dirty(vcpu, VCPU_EXREG_CR3))
3402  guest_cr3 = vcpu->arch.cr3;
3403  else /* vmcs.GUEST_CR3 is already up-to-date. */
3404  update_guest_cr3 = false;
3405  vmx_ept_load_pdptrs(vcpu);
3406  } else {
3407  guest_cr3 = root_hpa | kvm_get_active_pcid(vcpu) |
3408  kvm_get_active_cr3_lam_bits(vcpu);
3409  }
3410 
3411  if (update_guest_cr3)
3412  vmcs_writel(GUEST_CR3, guest_cr3);
3413 }
3414 
3415 
3416 static bool vmx_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
3417 {
3418  /*
3419  * We operate under the default treatment of SMM, so VMX cannot be
3420  * enabled under SMM. Note, whether or not VMXE is allowed at all,
3421  * i.e. is a reserved bit, is handled by common x86 code.
3422  */
3423  if ((cr4 & X86_CR4_VMXE) && is_smm(vcpu))
3424  return false;
3425 
3426  if (to_vmx(vcpu)->nested.vmxon && !nested_cr4_valid(vcpu, cr4))
3427  return false;
3428 
3429  return true;
3430 }
3431 
3432 void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
3433 {
3434  unsigned long old_cr4 = kvm_read_cr4(vcpu);
3435  struct vcpu_vmx *vmx = to_vmx(vcpu);
3436  unsigned long hw_cr4;
3437 
3438  /*
3439  * Pass through host's Machine Check Enable value to hw_cr4, which
3440  * is in force while we are in guest mode. Do not let guests control
3441  * this bit, even if host CR4.MCE == 0.
3442  */
3443  hw_cr4 = (cr4_read_shadow() & X86_CR4_MCE) | (cr4 & ~X86_CR4_MCE);
3444  if (enable_unrestricted_guest)
3445  hw_cr4 |= KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST;
3446  else if (vmx->rmode.vm86_active)
3447  hw_cr4 |= KVM_RMODE_VM_CR4_ALWAYS_ON;
3448  else
3449  hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON;
3450 
3451  if (vmx_umip_emulated()) {
3452  if (cr4 & X86_CR4_UMIP) {
3453  secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC);
3454  hw_cr4 &= ~X86_CR4_UMIP;
3455  } else if (!is_guest_mode(vcpu) ||
3456  !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) {
3457  secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC);
3458  }
3459  }
3460 
3461  vcpu->arch.cr4 = cr4;
3462  kvm_register_mark_available(vcpu, VCPU_EXREG_CR4);
3463 
3464  if (!enable_unrestricted_guest) {
3465  if (enable_ept) {
3466  if (!is_paging(vcpu)) {
3467  hw_cr4 &= ~X86_CR4_PAE;
3468  hw_cr4 |= X86_CR4_PSE;
3469  } else if (!(cr4 & X86_CR4_PAE)) {
3470  hw_cr4 &= ~X86_CR4_PAE;
3471  }
3472  }
3473 
3474  /*
3475  * SMEP/SMAP/PKU is disabled if CPU is in non-paging mode in
3476  * hardware. To emulate this behavior, SMEP/SMAP/PKU needs
3477  * to be manually disabled when guest switches to non-paging
3478  * mode.
3479  *
3480  * If !enable_unrestricted_guest, the CPU is always running
3481  * with CR0.PG=1 and CR4 needs to be modified.
3482  * If enable_unrestricted_guest, the CPU automatically
3483  * disables SMEP/SMAP/PKU when the guest sets CR0.PG=0.
3484  */
3485  if (!is_paging(vcpu))
3486  hw_cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
3487  }
3488 
3489  vmcs_writel(CR4_READ_SHADOW, cr4);
3490  vmcs_writel(GUEST_CR4, hw_cr4);
3491 
3492  if ((cr4 ^ old_cr4) & (X86_CR4_OSXSAVE | X86_CR4_PKE))
3493  kvm_update_cpuid_runtime(vcpu);
3494 }
3495 
3496 void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
3497 {
3498  struct vcpu_vmx *vmx = to_vmx(vcpu);
3499  u32 ar;
3500 
3501  if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) {
3502  *var = vmx->rmode.segs[seg];
3503  if (seg == VCPU_SREG_TR
3504  || var->selector == vmx_read_guest_seg_selector(vmx, seg))
3505  return;
3506  var->base = vmx_read_guest_seg_base(vmx, seg);
3507  var->selector = vmx_read_guest_seg_selector(vmx, seg);
3508  return;
3509  }
3510  var->base = vmx_read_guest_seg_base(vmx, seg);
3511  var->limit = vmx_read_guest_seg_limit(vmx, seg);
3512  var->selector = vmx_read_guest_seg_selector(vmx, seg);
3513  ar = vmx_read_guest_seg_ar(vmx, seg);
3514  var->unusable = (ar >> 16) & 1;
3515  var->type = ar & 15;
3516  var->s = (ar >> 4) & 1;
3517  var->dpl = (ar >> 5) & 3;
3518  /*
3519  * Some userspaces do not preserve unusable property. Since usable
3520  * segment has to be present according to VMX spec we can use present
3521  * property to amend userspace bug by making unusable segment always
3522  * nonpresent. vmx_segment_access_rights() already marks nonpresent
3523  * segment as unusable.
3524  */
3525  var->present = !var->unusable;
3526  var->avl = (ar >> 12) & 1;
3527  var->l = (ar >> 13) & 1;
3528  var->db = (ar >> 14) & 1;
3529  var->g = (ar >> 15) & 1;
3530 }
3531 
3532 static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg)
3533 {
3534  struct kvm_segment s;
3535 
3536  if (to_vmx(vcpu)->rmode.vm86_active) {
3537  vmx_get_segment(vcpu, &s, seg);
3538  return s.base;
3539  }
3540  return vmx_read_guest_seg_base(to_vmx(vcpu), seg);
3541 }
3542 
3543 int vmx_get_cpl(struct kvm_vcpu *vcpu)
3544 {
3545  struct vcpu_vmx *vmx = to_vmx(vcpu);
3546 
3547  if (unlikely(vmx->rmode.vm86_active))
3548  return 0;
3549  else {
3550  int ar = vmx_read_guest_seg_ar(vmx, VCPU_SREG_SS);
3551  return VMX_AR_DPL(ar);
3552  }
3553 }
3554 
3555 static u32 vmx_segment_access_rights(struct kvm_segment *var)
3556 {
3557  u32 ar;
3558 
3559  ar = var->type & 15;
3560  ar |= (var->s & 1) << 4;
3561  ar |= (var->dpl & 3) << 5;
3562  ar |= (var->present & 1) << 7;
3563  ar |= (var->avl & 1) << 12;
3564  ar |= (var->l & 1) << 13;
3565  ar |= (var->db & 1) << 14;
3566  ar |= (var->g & 1) << 15;
3567  ar |= (var->unusable || !var->present) << 16;
3568 
3569  return ar;
3570 }
3571 
3572 void __vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
3573 {
3574  struct vcpu_vmx *vmx = to_vmx(vcpu);
3575  const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
3576 
3577  vmx_segment_cache_clear(vmx);
3578 
3579  if (vmx->rmode.vm86_active && seg != VCPU_SREG_LDTR) {
3580  vmx->rmode.segs[seg] = *var;
3581  if (seg == VCPU_SREG_TR)
3582  vmcs_write16(sf->selector, var->selector);
3583  else if (var->s)
3584  fix_rmode_seg(seg, &vmx->rmode.segs[seg]);
3585  return;
3586  }
3587 
3588  vmcs_writel(sf->base, var->base);
3589  vmcs_write32(sf->limit, var->limit);
3590  vmcs_write16(sf->selector, var->selector);
3591 
3592  /*
3593  * Fix the "Accessed" bit in AR field of segment registers for older
3594  * qemu binaries.
3595  * IA32 arch specifies that at the time of processor reset the
3596  * "Accessed" bit in the AR field of segment registers is 1. And qemu
3597  * is setting it to 0 in the userland code. This causes invalid guest
3598  * state vmexit when "unrestricted guest" mode is turned on.
3599  * Fix for this setup issue in cpu_reset is being pushed in the qemu
3600  * tree. Newer qemu binaries with that qemu fix would not need this
3601  * kvm hack.
3602  */
3603  if (is_unrestricted_guest(vcpu) && (seg != VCPU_SREG_LDTR))
3604  var->type |= 0x1; /* Accessed */
3605 
3606  vmcs_write32(sf->ar_bytes, vmx_segment_access_rights(var));
3607 }
3608 
3609 static void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
3610 {
3611  __vmx_set_segment(vcpu, var, seg);
3612 
3613  to_vmx(vcpu)->emulation_required = vmx_emulation_required(vcpu);
3614 }
3615 
3616 static void vmx_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
3617 {
3618  u32 ar = vmx_read_guest_seg_ar(to_vmx(vcpu), VCPU_SREG_CS);
3619 
3620  *db = (ar >> 14) & 1;
3621  *l = (ar >> 13) & 1;
3622 }
3623 
3624 static void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3625 {
3626  dt->size = vmcs_read32(GUEST_IDTR_LIMIT);
3627  dt->address = vmcs_readl(GUEST_IDTR_BASE);
3628 }
3629 
3630 static void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3631 {
3632  vmcs_write32(GUEST_IDTR_LIMIT, dt->size);
3633  vmcs_writel(GUEST_IDTR_BASE, dt->address);
3634 }
3635 
3636 static void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3637 {
3638  dt->size = vmcs_read32(GUEST_GDTR_LIMIT);
3639  dt->address = vmcs_readl(GUEST_GDTR_BASE);
3640 }
3641 
3642 static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
3643 {
3644  vmcs_write32(GUEST_GDTR_LIMIT, dt->size);
3645  vmcs_writel(GUEST_GDTR_BASE, dt->address);
3646 }
3647 
3648 static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg)
3649 {
3650  struct kvm_segment var;
3651  u32 ar;
3652 
3653  vmx_get_segment(vcpu, &var, seg);
3654  var.dpl = 0x3;
3655  if (seg == VCPU_SREG_CS)
3656  var.type = 0x3;
3657  ar = vmx_segment_access_rights(&var);
3658 
3659  if (var.base != (var.selector << 4))
3660  return false;
3661  if (var.limit != 0xffff)
3662  return false;
3663  if (ar != 0xf3)
3664  return false;
3665 
3666  return true;
3667 }
3668 
3669 static bool code_segment_valid(struct kvm_vcpu *vcpu)
3670 {
3671  struct kvm_segment cs;
3672  unsigned int cs_rpl;
3673 
3674  vmx_get_segment(vcpu, &cs, VCPU_SREG_CS);
3675  cs_rpl = cs.selector & SEGMENT_RPL_MASK;
3676 
3677  if (cs.unusable)
3678  return false;
3679  if (~cs.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_ACCESSES_MASK))
3680  return false;
3681  if (!cs.s)
3682  return false;
3683  if (cs.type & VMX_AR_TYPE_WRITEABLE_MASK) {
3684  if (cs.dpl > cs_rpl)
3685  return false;
3686  } else {
3687  if (cs.dpl != cs_rpl)
3688  return false;
3689  }
3690  if (!cs.present)
3691  return false;
3692 
3693  /* TODO: Add Reserved field check, this'll require a new member in the kvm_segment_field structure */
3694  return true;
3695 }
3696 
3697 static bool stack_segment_valid(struct kvm_vcpu *vcpu)
3698 {
3699  struct kvm_segment ss;
3700  unsigned int ss_rpl;
3701 
3702  vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
3703  ss_rpl = ss.selector & SEGMENT_RPL_MASK;
3704 
3705  if (ss.unusable)
3706  return true;
3707  if (ss.type != 3 && ss.type != 7)
3708  return false;
3709  if (!ss.s)
3710  return false;
3711  if (ss.dpl != ss_rpl) /* DPL != RPL */
3712  return false;
3713  if (!ss.present)
3714  return false;
3715 
3716  return true;
3717 }
3718 
3719 static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg)
3720 {
3721  struct kvm_segment var;
3722  unsigned int rpl;
3723 
3724  vmx_get_segment(vcpu, &var, seg);
3725  rpl = var.selector & SEGMENT_RPL_MASK;
3726 
3727  if (var.unusable)
3728  return true;
3729  if (!var.s)
3730  return false;
3731  if (!var.present)
3732  return false;
3733  if (~var.type & (VMX_AR_TYPE_CODE_MASK|VMX_AR_TYPE_WRITEABLE_MASK)) {
3734  if (var.dpl < rpl) /* DPL < RPL */
3735  return false;
3736  }
3737 
3738  /* TODO: Add other members to kvm_segment_field to allow checking for other access
3739  * rights flags
3740  */
3741  return true;
3742 }
3743 
3744 static bool tr_valid(struct kvm_vcpu *vcpu)
3745 {
3746  struct kvm_segment tr;
3747 
3748  vmx_get_segment(vcpu, &tr, VCPU_SREG_TR);
3749 
3750  if (tr.unusable)
3751  return false;
3752  if (tr.selector & SEGMENT_TI_MASK) /* TI = 1 */
3753  return false;
3754  if (tr.type != 3 && tr.type != 11) /* TODO: Check if guest is in IA32e mode */
3755  return false;
3756  if (!tr.present)
3757  return false;
3758 
3759  return true;
3760 }
3761 
3762 static bool ldtr_valid(struct kvm_vcpu *vcpu)
3763 {
3764  struct kvm_segment ldtr;
3765 
3766  vmx_get_segment(vcpu, &ldtr, VCPU_SREG_LDTR);
3767 
3768  if (ldtr.unusable)
3769  return true;
3770  if (ldtr.selector & SEGMENT_TI_MASK) /* TI = 1 */
3771  return false;
3772  if (ldtr.type != 2)
3773  return false;
3774  if (!ldtr.present)
3775  return false;
3776 
3777  return true;
3778 }
3779 
3780 static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu)
3781 {
3782  struct kvm_segment cs, ss;
3783 
3784  vmx_get_segment(vcpu, &cs, VCPU_SREG_CS);
3785  vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
3786 
3787  return ((cs.selector & SEGMENT_RPL_MASK) ==
3788  (ss.selector & SEGMENT_RPL_MASK));
3789 }
3790 
3791 /*
3792  * Check if guest state is valid. Returns true if valid, false if
3793  * not.
3794  * We assume that registers are always usable
3795  */
3796 bool __vmx_guest_state_valid(struct kvm_vcpu *vcpu)
3797 {
3798  /* real mode guest state checks */
3799  if (!is_protmode(vcpu) || (vmx_get_rflags(vcpu) & X86_EFLAGS_VM)) {
3800  if (!rmode_segment_valid(vcpu, VCPU_SREG_CS))
3801  return false;
3802  if (!rmode_segment_valid(vcpu, VCPU_SREG_SS))
3803  return false;
3804  if (!rmode_segment_valid(vcpu, VCPU_SREG_DS))
3805  return false;
3806  if (!rmode_segment_valid(vcpu, VCPU_SREG_ES))
3807  return false;
3808  if (!rmode_segment_valid(vcpu, VCPU_SREG_FS))
3809  return false;
3810  if (!rmode_segment_valid(vcpu, VCPU_SREG_GS))
3811  return false;
3812  } else {
3813  /* protected mode guest state checks */
3814  if (!cs_ss_rpl_check(vcpu))
3815  return false;
3816  if (!code_segment_valid(vcpu))
3817  return false;
3818  if (!stack_segment_valid(vcpu))
3819  return false;
3820  if (!data_segment_valid(vcpu, VCPU_SREG_DS))
3821  return false;
3822  if (!data_segment_valid(vcpu, VCPU_SREG_ES))
3823  return false;
3824  if (!data_segment_valid(vcpu, VCPU_SREG_FS))
3825  return false;
3826  if (!data_segment_valid(vcpu, VCPU_SREG_GS))
3827  return false;
3828  if (!tr_valid(vcpu))
3829  return false;
3830  if (!ldtr_valid(vcpu))
3831  return false;
3832  }
3833  /* TODO:
3834  * - Add checks on RIP
3835  * - Add checks on RFLAGS
3836  */
3837 
3838  return true;
3839 }
3840 
3841 static int init_rmode_tss(struct kvm *kvm, void __user *ua)
3842 {
3843  const void *zero_page = (const void *) __va(page_to_phys(ZERO_PAGE(0)));
3844  u16 data;
3845  int i;
3846 
3847  for (i = 0; i < 3; i++) {
3848  if (__copy_to_user(ua + PAGE_SIZE * i, zero_page, PAGE_SIZE))
3849  return -EFAULT;
3850  }
3851 
3852  data = TSS_BASE_SIZE + TSS_REDIRECTION_SIZE;
3853  if (__copy_to_user(ua + TSS_IOPB_BASE_OFFSET, &data, sizeof(u16)))
3854  return -EFAULT;
3855 
3856  data = ~0;
3857  if (__copy_to_user(ua + RMODE_TSS_SIZE - 1, &data, sizeof(u8)))
3858  return -EFAULT;
3859 
3860  return 0;
3861 }
3862 
3863 static int init_rmode_identity_map(struct kvm *kvm)
3864 {
3865  struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
3866  int i, r = 0;
3867  void __user *uaddr;
3868  u32 tmp;
3869 
3870  /* Protect kvm_vmx->ept_identity_pagetable_done. */
3871  mutex_lock(&kvm->slots_lock);
3872 
3873  if (likely(kvm_vmx->ept_identity_pagetable_done))
3874  goto out;
3875 
3876  if (!kvm_vmx->ept_identity_map_addr)
3877  kvm_vmx->ept_identity_map_addr = VMX_EPT_IDENTITY_PAGETABLE_ADDR;
3878 
3879  uaddr = __x86_set_memory_region(kvm,
3880  IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
3881  kvm_vmx->ept_identity_map_addr,
3882  PAGE_SIZE);
3883  if (IS_ERR(uaddr)) {
3884  r = PTR_ERR(uaddr);
3885  goto out;
3886  }
3887 
3888  /* Set up identity-mapping pagetable for EPT in real mode */
3889  for (i = 0; i < (PAGE_SIZE / sizeof(tmp)); i++) {
3890  tmp = (i << 22) + (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER |
3891  _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE);
3892  if (__copy_to_user(uaddr + i * sizeof(tmp), &tmp, sizeof(tmp))) {
3893  r = -EFAULT;
3894  goto out;
3895  }
3896  }
3897  kvm_vmx->ept_identity_pagetable_done = true;
3898 
3899 out:
3900  mutex_unlock(&kvm->slots_lock);
3901  return r;
3902 }
3903 
3904 static void seg_setup(int seg)
3905 {
3906  const struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
3907  unsigned int ar;
3908 
3909  vmcs_write16(sf->selector, 0);
3910  vmcs_writel(sf->base, 0);
3911  vmcs_write32(sf->limit, 0xffff);
3912  ar = 0x93;
3913  if (seg == VCPU_SREG_CS)
3914  ar |= 0x08; /* code segment */
3915 
3916  vmcs_write32(sf->ar_bytes, ar);
3917 }
3918 
3919 int allocate_vpid(void)
3920 {
3921  int vpid;
3922 
3923  if (!enable_vpid)
3924  return 0;
3925  spin_lock(&vmx_vpid_lock);
3926  vpid = find_first_zero_bit(vmx_vpid_bitmap, VMX_NR_VPIDS);
3927  if (vpid < VMX_NR_VPIDS)
3928  __set_bit(vpid, vmx_vpid_bitmap);
3929  else
3930  vpid = 0;
3931  spin_unlock(&vmx_vpid_lock);
3932  return vpid;
3933 }
3934 
3935 void free_vpid(int vpid)
3936 {
3937  if (!enable_vpid || vpid == 0)
3938  return;
3939  spin_lock(&vmx_vpid_lock);
3940  __clear_bit(vpid, vmx_vpid_bitmap);
3941  spin_unlock(&vmx_vpid_lock);
3942 }
3943 
3944 static void vmx_msr_bitmap_l01_changed(struct vcpu_vmx *vmx)
3945 {
3946  /*
3947  * When KVM is a nested hypervisor on top of Hyper-V and uses
3948  * 'Enlightened MSR Bitmap' feature L0 needs to know that MSR
3949  * bitmap has changed.
3950  */
3951  if (kvm_is_using_evmcs()) {
3952  struct hv_enlightened_vmcs *evmcs = (void *)vmx->vmcs01.vmcs;
3953 
3954  if (evmcs->hv_enlightenments_control.msr_bitmap)
3955  evmcs->hv_clean_fields &=
3956  ~HV_VMX_ENLIGHTENED_CLEAN_FIELD_MSR_BITMAP;
3957  }
3958 
3959  vmx->nested.force_msr_bitmap_recalc = true;
3960 }
3961 
3962 void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
3963 {
3964  struct vcpu_vmx *vmx = to_vmx(vcpu);
3965  unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
3966 
3967  if (!cpu_has_vmx_msr_bitmap())
3968  return;
3969 
3970  vmx_msr_bitmap_l01_changed(vmx);
3971 
3972  /*
3973  * Mark the desired intercept state in shadow bitmap, this is needed
3974  * for resync when the MSR filters change.
3975  */
3976  if (is_valid_passthrough_msr(msr)) {
3977  int idx = possible_passthrough_msr_slot(msr);
3978 
3979  if (idx != -ENOENT) {
3980  if (type & MSR_TYPE_R)
3981  clear_bit(idx, vmx->shadow_msr_intercept.read);
3982  if (type & MSR_TYPE_W)
3983  clear_bit(idx, vmx->shadow_msr_intercept.write);
3984  }
3985  }
3986 
3987  if ((type & MSR_TYPE_R) &&
3988  !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_READ)) {
3989  vmx_set_msr_bitmap_read(msr_bitmap, msr);
3990  type &= ~MSR_TYPE_R;
3991  }
3992 
3993  if ((type & MSR_TYPE_W) &&
3994  !kvm_msr_allowed(vcpu, msr, KVM_MSR_FILTER_WRITE)) {
3995  vmx_set_msr_bitmap_write(msr_bitmap, msr);
3996  type &= ~MSR_TYPE_W;
3997  }
3998 
3999  if (type & MSR_TYPE_R)
4000  vmx_clear_msr_bitmap_read(msr_bitmap, msr);
4001 
4002  if (type & MSR_TYPE_W)
4003  vmx_clear_msr_bitmap_write(msr_bitmap, msr);
4004 }
4005 
4006 void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
4007 {
4008  struct vcpu_vmx *vmx = to_vmx(vcpu);
4009  unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
4010 
4011  if (!cpu_has_vmx_msr_bitmap())
4012  return;
4013 
4014  vmx_msr_bitmap_l01_changed(vmx);
4015 
4016  /*
4017  * Mark the desired intercept state in shadow bitmap, this is needed
4018  * for resync when the MSR filter changes.
4019  */
4020  if (is_valid_passthrough_msr(msr)) {
4021  int idx = possible_passthrough_msr_slot(msr);
4022 
4023  if (idx != -ENOENT) {
4024  if (type & MSR_TYPE_R)
4025  set_bit(idx, vmx->shadow_msr_intercept.read);
4026  if (type & MSR_TYPE_W)
4027  set_bit(idx, vmx->shadow_msr_intercept.write);
4028  }
4029  }
4030 
4031  if (type & MSR_TYPE_R)
4032  vmx_set_msr_bitmap_read(msr_bitmap, msr);
4033 
4034  if (type & MSR_TYPE_W)
4035  vmx_set_msr_bitmap_write(msr_bitmap, msr);
4036 }
4037 
4038 static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu)
4039 {
4040  /*
4041  * x2APIC indices for 64-bit accesses into the RDMSR and WRMSR halves
4042  * of the MSR bitmap. KVM emulates APIC registers up through 0x3f0,
4043  * i.e. MSR 0x83f, and so only needs to dynamically manipulate 64 bits.
4044  */
4045  const int read_idx = APIC_BASE_MSR / BITS_PER_LONG_LONG;
4046  const int write_idx = read_idx + (0x800 / sizeof(u64));
4047  struct vcpu_vmx *vmx = to_vmx(vcpu);
4048  u64 *msr_bitmap = (u64 *)vmx->vmcs01.msr_bitmap;
4049  u8 mode;
4050 
4051  if (!cpu_has_vmx_msr_bitmap() || WARN_ON_ONCE(!lapic_in_kernel(vcpu)))
4052  return;
4053 
4054  if (cpu_has_secondary_exec_ctrls() &&
4055  (secondary_exec_controls_get(vmx) &
4056  SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) {
4057  mode = MSR_BITMAP_MODE_X2APIC;
4058  if (enable_apicv && kvm_vcpu_apicv_active(vcpu))
4059  mode |= MSR_BITMAP_MODE_X2APIC_APICV;
4060  } else {
4061  mode = 0;
4062  }
4063 
4064  if (mode == vmx->x2apic_msr_bitmap_mode)
4065  return;
4066 
4067  vmx->x2apic_msr_bitmap_mode = mode;
4068 
4069  /*
4070  * Reset the bitmap for MSRs 0x800 - 0x83f. Leave AMD's uber-extended
4071  * registers (0x840 and above) intercepted, KVM doesn't support them.
4072  * Intercept all writes by default and poke holes as needed. Pass
4073  * through reads for all valid registers by default in x2APIC+APICv
4074  * mode, only the current timer count needs on-demand emulation by KVM.
4075  */
4076  if (mode & MSR_BITMAP_MODE_X2APIC_APICV)
4077  msr_bitmap[read_idx] = ~kvm_lapic_readable_reg_mask(vcpu->arch.apic);
4078  else
4079  msr_bitmap[read_idx] = ~0ull;
4080  msr_bitmap[write_idx] = ~0ull;
4081 
4082  /*
4083  * TPR reads and writes can be virtualized even if virtual interrupt
4084  * delivery is not in use.
4085  */
4086  vmx_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TASKPRI), MSR_TYPE_RW,
4087  !(mode & MSR_BITMAP_MODE_X2APIC));
4088 
4089  if (mode & MSR_BITMAP_MODE_X2APIC_APICV) {
4090  vmx_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_RW);
4091  vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_EOI), MSR_TYPE_W);
4092  vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W);
4093  if (enable_ipiv)
4094  vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_ICR), MSR_TYPE_RW);
4095  }
4096 }
4097 
4098 void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu)
4099 {
4100  struct vcpu_vmx *vmx = to_vmx(vcpu);
4101  bool flag = !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN);
4102  u32 i;
4103 
4104  vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_STATUS, MSR_TYPE_RW, flag);
4105  vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_OUTPUT_BASE, MSR_TYPE_RW, flag);
4106  vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_OUTPUT_MASK, MSR_TYPE_RW, flag);
4107  vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_CR3_MATCH, MSR_TYPE_RW, flag);
4108  for (i = 0; i < vmx->pt_desc.num_address_ranges; i++) {
4109  vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_ADDR0_A + i * 2, MSR_TYPE_RW, flag);
4110  vmx_set_intercept_for_msr(vcpu, MSR_IA32_RTIT_ADDR0_B + i * 2, MSR_TYPE_RW, flag);
4111  }
4112 }
4113 
4114 static bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
4115 {
4116  struct vcpu_vmx *vmx = to_vmx(vcpu);
4117  void *vapic_page;
4118  u32 vppr;
4119  int rvi;
4120 
4121  if (WARN_ON_ONCE(!is_guest_mode(vcpu)) ||
4122  !nested_cpu_has_vid(get_vmcs12(vcpu)) ||
4123  WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn))
4124  return false;
4125 
4126  rvi = vmx_get_rvi();
4127 
4128  vapic_page = vmx->nested.virtual_apic_map.hva;
4129  vppr = *((u32 *)(vapic_page + APIC_PROCPRI));
4130 
4131  return ((rvi & 0xf0) > (vppr & 0xf0));
4132 }
4133 
4134 static void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
4135 {
4136  struct vcpu_vmx *vmx = to_vmx(vcpu);
4137  u32 i;
4138 
4139  /*
4140  * Redo intercept permissions for MSRs that KVM is passing through to
4141  * the guest. Disabling interception will check the new MSR filter and
4142  * ensure that KVM enables interception if usersepace wants to filter
4143  * the MSR. MSRs that KVM is already intercepting don't need to be
4144  * refreshed since KVM is going to intercept them regardless of what
4145  * userspace wants.
4146  */
4147  for (i = 0; i < ARRAY_SIZE(vmx_possible_passthrough_msrs); i++) {
4148  u32 msr = vmx_possible_passthrough_msrs[i];
4149 
4150  if (!test_bit(i, vmx->shadow_msr_intercept.read))
4151  vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_R);
4152 
4153  if (!test_bit(i, vmx->shadow_msr_intercept.write))
4154  vmx_disable_intercept_for_msr(vcpu, msr, MSR_TYPE_W);
4155  }
4156 
4157  /* PT MSRs can be passed through iff PT is exposed to the guest. */
4158  if (vmx_pt_mode_is_host_guest())
4159  pt_update_intercept_for_msr(vcpu);
4160 }
4161 
4162 static inline void kvm_vcpu_trigger_posted_interrupt(struct kvm_vcpu *vcpu,
4163  int pi_vec)
4164 {
4165 #ifdef CONFIG_SMP
4166  if (vcpu->mode == IN_GUEST_MODE) {
4167  /*
4168  * The vector of the virtual has already been set in the PIR.
4169  * Send a notification event to deliver the virtual interrupt
4170  * unless the vCPU is the currently running vCPU, i.e. the
4171  * event is being sent from a fastpath VM-Exit handler, in
4172  * which case the PIR will be synced to the vIRR before
4173  * re-entering the guest.
4174  *
4175  * When the target is not the running vCPU, the following
4176  * possibilities emerge:
4177  *
4178  * Case 1: vCPU stays in non-root mode. Sending a notification
4179  * event posts the interrupt to the vCPU.
4180  *
4181  * Case 2: vCPU exits to root mode and is still runnable. The
4182  * PIR will be synced to the vIRR before re-entering the guest.
4183  * Sending a notification event is ok as the host IRQ handler
4184  * will ignore the spurious event.
4185  *
4186  * Case 3: vCPU exits to root mode and is blocked. vcpu_block()
4187  * has already synced PIR to vIRR and never blocks the vCPU if
4188  * the vIRR is not empty. Therefore, a blocked vCPU here does
4189  * not wait for any requested interrupts in PIR, and sending a
4190  * notification event also results in a benign, spurious event.
4191  */
4192 
4193  if (vcpu != kvm_get_running_vcpu())
4194  __apic_send_IPI_mask(get_cpu_mask(vcpu->cpu), pi_vec);
4195  return;
4196  }
4197 #endif
4198  /*
4199  * The vCPU isn't in the guest; wake the vCPU in case it is blocking,
4200  * otherwise do nothing as KVM will grab the highest priority pending
4201  * IRQ via ->sync_pir_to_irr() in vcpu_enter_guest().
4202  */
4203  kvm_vcpu_wake_up(vcpu);
4204 }
4205 
4206 static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu,
4207  int vector)
4208 {
4209  struct vcpu_vmx *vmx = to_vmx(vcpu);
4210 
4211  if (is_guest_mode(vcpu) &&
4212  vector == vmx->nested.posted_intr_nv) {
4213  /*
4214  * If a posted intr is not recognized by hardware,
4215  * we will accomplish it in the next vmentry.
4216  */
4217  vmx->nested.pi_pending = true;
4218  kvm_make_request(KVM_REQ_EVENT, vcpu);
4219 
4220  /*
4221  * This pairs with the smp_mb_*() after setting vcpu->mode in
4222  * vcpu_enter_guest() to guarantee the vCPU sees the event
4223  * request if triggering a posted interrupt "fails" because
4224  * vcpu->mode != IN_GUEST_MODE. The extra barrier is needed as
4225  * the smb_wmb() in kvm_make_request() only ensures everything
4226  * done before making the request is visible when the request
4227  * is visible, it doesn't ensure ordering between the store to
4228  * vcpu->requests and the load from vcpu->mode.
4229  */
4230  smp_mb__after_atomic();
4231 
4232  /* the PIR and ON have been set by L1. */
4233  kvm_vcpu_trigger_posted_interrupt(vcpu, POSTED_INTR_NESTED_VECTOR);
4234  return 0;
4235  }
4236  return -1;
4237 }
4238 /*
4239  * Send interrupt to vcpu via posted interrupt way.
4240  * 1. If target vcpu is running(non-root mode), send posted interrupt
4241  * notification to vcpu and hardware will sync PIR to vIRR atomically.
4242  * 2. If target vcpu isn't running(root mode), kick it to pick up the
4243  * interrupt from PIR in next vmentry.
4244  */
4245 static int vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector)
4246 {
4247  struct vcpu_vmx *vmx = to_vmx(vcpu);
4248  int r;
4249 
4250  r = vmx_deliver_nested_posted_interrupt(vcpu, vector);
4251  if (!r)
4252  return 0;
4253 
4254  /* Note, this is called iff the local APIC is in-kernel. */
4255  if (!vcpu->arch.apic->apicv_active)
4256  return -1;
4257 
4258  if (pi_test_and_set_pir(vector, &vmx->pi_desc))
4259  return 0;
4260 
4261  /* If a previous notification has sent the IPI, nothing to do. */
4262  if (pi_test_and_set_on(&vmx->pi_desc))
4263  return 0;
4264 
4265  /*
4266  * The implied barrier in pi_test_and_set_on() pairs with the smp_mb_*()
4267  * after setting vcpu->mode in vcpu_enter_guest(), thus the vCPU is
4268  * guaranteed to see PID.ON=1 and sync the PIR to IRR if triggering a
4269  * posted interrupt "fails" because vcpu->mode != IN_GUEST_MODE.
4270  */
4271  kvm_vcpu_trigger_posted_interrupt(vcpu, POSTED_INTR_VECTOR);
4272  return 0;
4273 }
4274 
4275 static void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
4276  int trig_mode, int vector)
4277 {
4278  struct kvm_vcpu *vcpu = apic->vcpu;
4279 
4280  if (vmx_deliver_posted_interrupt(vcpu, vector)) {
4281  kvm_lapic_set_irr(vector, apic);
4282  kvm_make_request(KVM_REQ_EVENT, vcpu);
4283  kvm_vcpu_kick(vcpu);
4284  } else {
4285  trace_kvm_apicv_accept_irq(vcpu->vcpu_id, delivery_mode,
4286  trig_mode, vector);
4287  }
4288 }
4289 
4290 /*
4291  * Set up the vmcs's constant host-state fields, i.e., host-state fields that
4292  * will not change in the lifetime of the guest.
4293  * Note that host-state that does change is set elsewhere. E.g., host-state
4294  * that is set differently for each CPU is set in vmx_vcpu_load(), not here.
4295  */
4296 void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
4297 {
4298  u32 low32, high32;
4299  unsigned long tmpl;
4300  unsigned long cr0, cr3, cr4;
4301 
4302  cr0 = read_cr0();
4303  WARN_ON(cr0 & X86_CR0_TS);
4304  vmcs_writel(HOST_CR0, cr0); /* 22.2.3 */
4305 
4306  /*
4307  * Save the most likely value for this task's CR3 in the VMCS.
4308  * We can't use __get_current_cr3_fast() because we're not atomic.
4309  */
4310  cr3 = __read_cr3();
4311  vmcs_writel(HOST_CR3, cr3); /* 22.2.3 FIXME: shadow tables */
4312  vmx->loaded_vmcs->host_state.cr3 = cr3;
4313 
4314  /* Save the most likely value for this task's CR4 in the VMCS. */
4315  cr4 = cr4_read_shadow();
4316  vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */
4317  vmx->loaded_vmcs->host_state.cr4 = cr4;
4318 
4319  vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
4320 #ifdef CONFIG_X86_64
4321  /*
4322  * Load null selectors, so we can avoid reloading them in
4323  * vmx_prepare_switch_to_host(), in case userspace uses
4324  * the null selectors too (the expected case).
4325  */
4326  vmcs_write16(HOST_DS_SELECTOR, 0);
4327  vmcs_write16(HOST_ES_SELECTOR, 0);
4328 #else
4329  vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
4330  vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); /* 22.2.4 */
4331 #endif
4332  vmcs_write16(HOST_SS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
4333  vmcs_write16(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8); /* 22.2.4 */
4334 
4335  vmcs_writel(HOST_IDTR_BASE, host_idt_base); /* 22.2.4 */
4336 
4337  vmcs_writel(HOST_RIP, (unsigned long)vmx_vmexit); /* 22.2.5 */
4338 
4339  rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
4340  vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
4341 
4342  /*
4343  * SYSENTER is used for 32-bit system calls on either 32-bit or
4344  * 64-bit kernels. It is always zero If neither is allowed, otherwise
4345  * vmx_vcpu_load_vmcs loads it with the per-CPU entry stack (and may
4346  * have already done so!).
4347  */
4348  if (!IS_ENABLED(CONFIG_IA32_EMULATION) && !IS_ENABLED(CONFIG_X86_32))
4349  vmcs_writel(HOST_IA32_SYSENTER_ESP, 0);
4350 
4351  rdmsrl(MSR_IA32_SYSENTER_EIP, tmpl);
4352  vmcs_writel(HOST_IA32_SYSENTER_EIP, tmpl); /* 22.2.3 */
4353 
4354  if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT) {
4355  rdmsr(MSR_IA32_CR_PAT, low32, high32);
4356  vmcs_write64(HOST_IA32_PAT, low32 | ((u64) high32 << 32));
4357  }
4358 
4359  if (cpu_has_load_ia32_efer())
4360  vmcs_write64(HOST_IA32_EFER, host_efer);
4361 }
4362 
4363 void set_cr4_guest_host_mask(struct vcpu_vmx *vmx)
4364 {
4365  struct kvm_vcpu *vcpu = &vmx->vcpu;
4366 
4367  vcpu->arch.cr4_guest_owned_bits = KVM_POSSIBLE_CR4_GUEST_BITS &
4368  ~vcpu->arch.cr4_guest_rsvd_bits;
4369  if (!enable_ept) {
4370  vcpu->arch.cr4_guest_owned_bits &= ~X86_CR4_TLBFLUSH_BITS;
4371  vcpu->arch.cr4_guest_owned_bits &= ~X86_CR4_PDPTR_BITS;
4372  }
4373  if (is_guest_mode(&vmx->vcpu))
4374  vcpu->arch.cr4_guest_owned_bits &=
4375  ~get_vmcs12(vcpu)->cr4_guest_host_mask;
4376  vmcs_writel(CR4_GUEST_HOST_MASK, ~vcpu->arch.cr4_guest_owned_bits);
4377 }
4378 
4379 static u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx)
4380 {
4381  u32 pin_based_exec_ctrl = vmcs_config.pin_based_exec_ctrl;
4382 
4383  if (!kvm_vcpu_apicv_active(&vmx->vcpu))
4384  pin_based_exec_ctrl &= ~PIN_BASED_POSTED_INTR;
4385 
4386  if (!enable_vnmi)
4387  pin_based_exec_ctrl &= ~PIN_BASED_VIRTUAL_NMIS;
4388 
4389  if (!enable_preemption_timer)
4390  pin_based_exec_ctrl &= ~PIN_BASED_VMX_PREEMPTION_TIMER;
4391 
4392  return pin_based_exec_ctrl;
4393 }
4394 
4395 static u32 vmx_vmentry_ctrl(void)
4396 {
4397  u32 vmentry_ctrl = vmcs_config.vmentry_ctrl;
4398 
4399  if (vmx_pt_mode_is_system())
4400  vmentry_ctrl &= ~(VM_ENTRY_PT_CONCEAL_PIP |
4401  VM_ENTRY_LOAD_IA32_RTIT_CTL);
4402  /*
4403  * IA32e mode, and loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically.
4404  */
4405  vmentry_ctrl &= ~(VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL |
4406  VM_ENTRY_LOAD_IA32_EFER |
4407  VM_ENTRY_IA32E_MODE);
4408 
4409  if (cpu_has_perf_global_ctrl_bug())
4410  vmentry_ctrl &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
4411 
4412  return vmentry_ctrl;
4413 }
4414 
4415 static u32 vmx_vmexit_ctrl(void)
4416 {
4417  u32 vmexit_ctrl = vmcs_config.vmexit_ctrl;
4418 
4419  /*
4420  * Not used by KVM and never set in vmcs01 or vmcs02, but emulated for
4421  * nested virtualization and thus allowed to be set in vmcs12.
4422  */
4423  vmexit_ctrl &= ~(VM_EXIT_SAVE_IA32_PAT | VM_EXIT_SAVE_IA32_EFER |
4424  VM_EXIT_SAVE_VMX_PREEMPTION_TIMER);
4425 
4426  if (vmx_pt_mode_is_system())
4427  vmexit_ctrl &= ~(VM_EXIT_PT_CONCEAL_PIP |
4428  VM_EXIT_CLEAR_IA32_RTIT_CTL);
4429 
4430  if (cpu_has_perf_global_ctrl_bug())
4431  vmexit_ctrl &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
4432 
4433  /* Loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically */
4434  return vmexit_ctrl &
4435  ~(VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | VM_EXIT_LOAD_IA32_EFER);
4436 }
4437 
4438 static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
4439 {
4440  struct vcpu_vmx *vmx = to_vmx(vcpu);
4441 
4442  if (is_guest_mode(vcpu)) {
4443  vmx->nested.update_vmcs01_apicv_status = true;
4444  return;
4445  }
4446 
4447  pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx));
4448 
4449  if (kvm_vcpu_apicv_active(vcpu)) {
4450  secondary_exec_controls_setbit(vmx,
4451  SECONDARY_EXEC_APIC_REGISTER_VIRT |
4452  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
4453  if (enable_ipiv)
4454  tertiary_exec_controls_setbit(vmx, TERTIARY_EXEC_IPI_VIRT);
4455  } else {
4456  secondary_exec_controls_clearbit(vmx,
4457  SECONDARY_EXEC_APIC_REGISTER_VIRT |
4458  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
4459  if (enable_ipiv)
4460  tertiary_exec_controls_clearbit(vmx, TERTIARY_EXEC_IPI_VIRT);
4461  }
4462 
4463  vmx_update_msr_bitmap_x2apic(vcpu);
4464 }
4465 
4466 static u32 vmx_exec_control(struct vcpu_vmx *vmx)
4467 {
4468  u32 exec_control = vmcs_config.cpu_based_exec_ctrl;
4469 
4470  /*
4471  * Not used by KVM, but fully supported for nesting, i.e. are allowed in
4472  * vmcs12 and propagated to vmcs02 when set in vmcs12.
4473  */
4474  exec_control &= ~(CPU_BASED_RDTSC_EXITING |
4475  CPU_BASED_USE_IO_BITMAPS |
4476  CPU_BASED_MONITOR_TRAP_FLAG |
4477  CPU_BASED_PAUSE_EXITING);
4478 
4479  /* INTR_WINDOW_EXITING and NMI_WINDOW_EXITING are toggled dynamically */
4480  exec_control &= ~(CPU_BASED_INTR_WINDOW_EXITING |
4481  CPU_BASED_NMI_WINDOW_EXITING);
4482 
4483  if (vmx->vcpu.arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)
4484  exec_control &= ~CPU_BASED_MOV_DR_EXITING;
4485 
4486  if (!cpu_need_tpr_shadow(&vmx->vcpu))
4487  exec_control &= ~CPU_BASED_TPR_SHADOW;
4488 
4489 #ifdef CONFIG_X86_64
4490  if (exec_control & CPU_BASED_TPR_SHADOW)
4491  exec_control &= ~(CPU_BASED_CR8_LOAD_EXITING |
4492  CPU_BASED_CR8_STORE_EXITING);
4493  else
4494  exec_control |= CPU_BASED_CR8_STORE_EXITING |
4495  CPU_BASED_CR8_LOAD_EXITING;
4496 #endif
4497  /* No need to intercept CR3 access or INVPLG when using EPT. */
4498  if (enable_ept)
4499  exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
4500  CPU_BASED_CR3_STORE_EXITING |
4501  CPU_BASED_INVLPG_EXITING);
4502  if (kvm_mwait_in_guest(vmx->vcpu.kvm))
4503  exec_control &= ~(CPU_BASED_MWAIT_EXITING |
4504  CPU_BASED_MONITOR_EXITING);
4505  if (kvm_hlt_in_guest(vmx->vcpu.kvm))
4506  exec_control &= ~CPU_BASED_HLT_EXITING;
4507  return exec_control;
4508 }
4509 
4510 static u64 vmx_tertiary_exec_control(struct vcpu_vmx *vmx)
4511 {
4512  u64 exec_control = vmcs_config.cpu_based_3rd_exec_ctrl;
4513 
4514  /*
4515  * IPI virtualization relies on APICv. Disable IPI virtualization if
4516  * APICv is inhibited.
4517  */
4518  if (!enable_ipiv || !kvm_vcpu_apicv_active(&vmx->vcpu))
4519  exec_control &= ~TERTIARY_EXEC_IPI_VIRT;
4520 
4521  return exec_control;
4522 }
4523 
4524 /*
4525  * Adjust a single secondary execution control bit to intercept/allow an
4526  * instruction in the guest. This is usually done based on whether or not a
4527  * feature has been exposed to the guest in order to correctly emulate faults.
4528  */
4529 static inline void
4530 vmx_adjust_secondary_exec_control(struct vcpu_vmx *vmx, u32 *exec_control,
4531  u32 control, bool enabled, bool exiting)
4532 {
4533  /*
4534  * If the control is for an opt-in feature, clear the control if the
4535  * feature is not exposed to the guest, i.e. not enabled. If the
4536  * control is opt-out, i.e. an exiting control, clear the control if
4537  * the feature _is_ exposed to the guest, i.e. exiting/interception is
4538  * disabled for the associated instruction. Note, the caller is
4539  * responsible presetting exec_control to set all supported bits.
4540  */
4541  if (enabled == exiting)
4542  *exec_control &= ~control;
4543 
4544  /*
4545  * Update the nested MSR settings so that a nested VMM can/can't set
4546  * controls for features that are/aren't exposed to the guest.
4547  */
4548  if (nested) {
4549  /*
4550  * All features that can be added or removed to VMX MSRs must
4551  * be supported in the first place for nested virtualization.
4552  */
4553  if (WARN_ON_ONCE(!(vmcs_config.nested.secondary_ctls_high & control)))
4554  enabled = false;
4555 
4556  if (enabled)
4557  vmx->nested.msrs.secondary_ctls_high |= control;
4558  else
4559  vmx->nested.msrs.secondary_ctls_high &= ~control;
4560  }
4561 }
4562 
4563 /*
4564  * Wrapper macro for the common case of adjusting a secondary execution control
4565  * based on a single guest CPUID bit, with a dedicated feature bit. This also
4566  * verifies that the control is actually supported by KVM and hardware.
4567  */
4568 #define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting) \
4569 ({ \
4570  struct kvm_vcpu *__vcpu = &(vmx)->vcpu; \
4571  bool __enabled; \
4572  \
4573  if (cpu_has_vmx_##name()) { \
4574  if (kvm_is_governed_feature(X86_FEATURE_##feat_name)) \
4575  __enabled = guest_can_use(__vcpu, X86_FEATURE_##feat_name); \
4576  else \
4577  __enabled = guest_cpuid_has(__vcpu, X86_FEATURE_##feat_name); \
4578  vmx_adjust_secondary_exec_control(vmx, exec_control, SECONDARY_EXEC_##ctrl_name,\
4579  __enabled, exiting); \
4580  } \
4581 })
4582 
4583 /* More macro magic for ENABLE_/opt-in versus _EXITING/opt-out controls. */
4584 #define vmx_adjust_sec_exec_feature(vmx, exec_control, lname, uname) \
4585  vmx_adjust_sec_exec_control(vmx, exec_control, lname, uname, ENABLE_##uname, false)
4586 
4587 #define vmx_adjust_sec_exec_exiting(vmx, exec_control, lname, uname) \
4588  vmx_adjust_sec_exec_control(vmx, exec_control, lname, uname, uname##_EXITING, true)
4589 
4590 static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx)
4591 {
4592  struct kvm_vcpu *vcpu = &vmx->vcpu;
4593 
4594  u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl;
4595 
4596  if (vmx_pt_mode_is_system())
4597  exec_control &= ~(SECONDARY_EXEC_PT_USE_GPA | SECONDARY_EXEC_PT_CONCEAL_VMX);
4598  if (!cpu_need_virtualize_apic_accesses(vcpu))
4599  exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
4600  if (vmx->vpid == 0)
4601  exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
4602  if (!enable_ept) {
4603  exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
4604  enable_unrestricted_guest = 0;
4605  }
4606  if (!enable_unrestricted_guest)
4607  exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
4608  if (kvm_pause_in_guest(vmx->vcpu.kvm))
4609  exec_control &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING;
4610  if (!kvm_vcpu_apicv_active(vcpu))
4611  exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT |
4612  SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
4613  exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
4614 
4615  /*
4616  * KVM doesn't support VMFUNC for L1, but the control is set in KVM's
4617  * base configuration as KVM emulates VMFUNC[EPTP_SWITCHING] for L2.
4618  */
4619  exec_control &= ~SECONDARY_EXEC_ENABLE_VMFUNC;
4620 
4621  /* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP,
4622  * in vmx_set_cr4. */
4623  exec_control &= ~SECONDARY_EXEC_DESC;
4624 
4625  /* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD
4626  (handle_vmptrld).
4627  We can NOT enable shadow_vmcs here because we don't have yet
4628  a current VMCS12
4629  */
4630  exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS;
4631 
4632  /*
4633  * PML is enabled/disabled when dirty logging of memsmlots changes, but
4634  * it needs to be set here when dirty logging is already active, e.g.
4635  * if this vCPU was created after dirty logging was enabled.
4636  */
4637  if (!enable_pml || !atomic_read(&vcpu->kvm->nr_memslots_dirty_logging))
4638  exec_control &= ~SECONDARY_EXEC_ENABLE_PML;
4639 
4640  vmx_adjust_sec_exec_feature(vmx, &exec_control, xsaves, XSAVES);
4641 
4642  /*
4643  * RDPID is also gated by ENABLE_RDTSCP, turn on the control if either
4644  * feature is exposed to the guest. This creates a virtualization hole
4645  * if both are supported in hardware but only one is exposed to the
4646  * guest, but letting the guest execute RDTSCP or RDPID when either one
4647  * is advertised is preferable to emulating the advertised instruction
4648  * in KVM on #UD, and obviously better than incorrectly injecting #UD.
4649  */
4650  if (cpu_has_vmx_rdtscp()) {
4651  bool rdpid_or_rdtscp_enabled =
4652  guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP) ||
4653  guest_cpuid_has(vcpu, X86_FEATURE_RDPID);
4654 
4655  vmx_adjust_secondary_exec_control(vmx, &exec_control,
4656  SECONDARY_EXEC_ENABLE_RDTSCP,
4657  rdpid_or_rdtscp_enabled, false);
4658  }
4659 
4660  vmx_adjust_sec_exec_feature(vmx, &exec_control, invpcid, INVPCID);
4661 
4662  vmx_adjust_sec_exec_exiting(vmx, &exec_control, rdrand, RDRAND);
4663  vmx_adjust_sec_exec_exiting(vmx, &exec_control, rdseed, RDSEED);
4664 
4665  vmx_adjust_sec_exec_control(vmx, &exec_control, waitpkg, WAITPKG,
4666  ENABLE_USR_WAIT_PAUSE, false);
4667 
4668  if (!vcpu->kvm->arch.bus_lock_detection_enabled)
4669  exec_control &= ~SECONDARY_EXEC_BUS_LOCK_DETECTION;
4670 
4671  if (!kvm_notify_vmexit_enabled(vcpu->kvm))
4672  exec_control &= ~SECONDARY_EXEC_NOTIFY_VM_EXITING;
4673 
4674  return exec_control;
4675 }
4676 
4677 static inline int vmx_get_pid_table_order(struct kvm *kvm)
4678 {
4679  return get_order(kvm->arch.max_vcpu_ids * sizeof(*to_kvm_vmx(kvm)->pid_table));
4680 }
4681 
4682 static int vmx_alloc_ipiv_pid_table(struct kvm *kvm)
4683 {
4684  struct page *pages;
4685  struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
4686 
4687  if (!irqchip_in_kernel(kvm) || !enable_ipiv)
4688  return 0;
4689 
4690  if (kvm_vmx->pid_table)
4691  return 0;
4692 
4693  pages = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO,
4694  vmx_get_pid_table_order(kvm));
4695  if (!pages)
4696  return -ENOMEM;
4697 
4698  kvm_vmx->pid_table = (void *)page_address(pages);
4699  return 0;
4700 }
4701 
4702 static int vmx_vcpu_precreate(struct kvm *kvm)
4703 {
4704  return vmx_alloc_ipiv_pid_table(kvm);
4705 }
4706 
4707 #define VMX_XSS_EXIT_BITMAP 0
4708 
4709 static void init_vmcs(struct vcpu_vmx *vmx)
4710 {
4711  struct kvm *kvm = vmx->vcpu.kvm;
4712  struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
4713 
4714  if (nested)
4715  nested_vmx_set_vmcs_shadowing_bitmap();
4716 
4717  if (cpu_has_vmx_msr_bitmap())
4718  vmcs_write64(MSR_BITMAP, __pa(vmx->vmcs01.msr_bitmap));
4719 
4720  vmcs_write64(VMCS_LINK_POINTER, INVALID_GPA); /* 22.3.1.5 */
4721 
4722  /* Control */
4723  pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx));
4724 
4725  exec_controls_set(vmx, vmx_exec_control(vmx));
4726 
4727  if (cpu_has_secondary_exec_ctrls())
4728  secondary_exec_controls_set(vmx, vmx_secondary_exec_control(vmx));
4729 
4730  if (cpu_has_tertiary_exec_ctrls())
4731  tertiary_exec_controls_set(vmx, vmx_tertiary_exec_control(vmx));
4732 
4733  if (enable_apicv && lapic_in_kernel(&vmx->vcpu)) {
4734  vmcs_write64(EOI_EXIT_BITMAP0, 0);
4735  vmcs_write64(EOI_EXIT_BITMAP1, 0);
4736  vmcs_write64(EOI_EXIT_BITMAP2, 0);
4737  vmcs_write64(EOI_EXIT_BITMAP3, 0);
4738 
4739  vmcs_write16(GUEST_INTR_STATUS, 0);
4740 
4741  vmcs_write16(POSTED_INTR_NV, POSTED_INTR_VECTOR);
4742  vmcs_write64(POSTED_INTR_DESC_ADDR, __pa((&vmx->pi_desc)));
4743  }
4744 
4745  if (vmx_can_use_ipiv(&vmx->vcpu)) {
4746  vmcs_write64(PID_POINTER_TABLE, __pa(kvm_vmx->pid_table));
4747  vmcs_write16(LAST_PID_POINTER_INDEX, kvm->arch.max_vcpu_ids - 1);
4748  }
4749 
4750  if (!kvm_pause_in_guest(kvm)) {
4751  vmcs_write32(PLE_GAP, ple_gap);
4752  vmx->ple_window = ple_window;
4753  vmx->ple_window_dirty = true;
4754  }
4755 
4756  if (kvm_notify_vmexit_enabled(kvm))
4757  vmcs_write32(NOTIFY_WINDOW, kvm->arch.notify_window);
4758 
4759  vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, 0);
4760  vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, 0);
4761  vmcs_write32(CR3_TARGET_COUNT, 0); /* 22.2.1 */
4762 
4763  vmcs_write16(HOST_FS_SELECTOR, 0); /* 22.2.4 */
4764  vmcs_write16(HOST_GS_SELECTOR, 0); /* 22.2.4 */
4765  vmx_set_constant_host_state(vmx);
4766  vmcs_writel(HOST_FS_BASE, 0); /* 22.2.4 */
4767  vmcs_writel(HOST_GS_BASE, 0); /* 22.2.4 */
4768 
4769  if (cpu_has_vmx_vmfunc())
4770  vmcs_write64(VM_FUNCTION_CONTROL, 0);
4771 
4772  vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
4773  vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
4774  vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val));
4775  vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
4776  vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val));
4777 
4778  if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT)
4779  vmcs_write64(GUEST_IA32_PAT, vmx->vcpu.arch.pat);
4780 
4781  vm_exit_controls_set(vmx, vmx_vmexit_ctrl());
4782 
4783  /* 22.2.1, 20.8.1 */
4784  vm_entry_controls_set(vmx, vmx_vmentry_ctrl());
4785 
4786  vmx->vcpu.arch.cr0_guest_owned_bits = vmx_l1_guest_owned_cr0_bits();
4787  vmcs_writel(CR0_GUEST_HOST_MASK, ~vmx->vcpu.arch.cr0_guest_owned_bits);
4788 
4789  set_cr4_guest_host_mask(vmx);
4790 
4791  if (vmx->vpid != 0)
4792  vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid);
4793 
4794  if (cpu_has_vmx_xsaves())
4795  vmcs_write64(XSS_EXIT_BITMAP, VMX_XSS_EXIT_BITMAP);
4796 
4797  if (enable_pml) {
4798  vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg));
4799  vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1);
4800  }
4801 
4802  vmx_write_encls_bitmap(&vmx->vcpu, NULL);
4803 
4804  if (vmx_pt_mode_is_host_guest()) {
4805  memset(&vmx->pt_desc, 0, sizeof(vmx->pt_desc));
4806  /* Bit[6~0] are forced to 1, writes are ignored. */
4807  vmx->pt_desc.guest.output_mask = 0x7F;
4808  vmcs_write64(GUEST_IA32_RTIT_CTL, 0);
4809  }
4810 
4811  vmcs_write32(GUEST_SYSENTER_CS, 0);
4812  vmcs_writel(GUEST_SYSENTER_ESP, 0);
4813  vmcs_writel(GUEST_SYSENTER_EIP, 0);
4814  vmcs_write64(GUEST_IA32_DEBUGCTL, 0);
4815 
4816  if (cpu_has_vmx_tpr_shadow()) {
4817  vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, 0);
4818  if (cpu_need_tpr_shadow(&vmx->vcpu))
4819  vmcs_write64(VIRTUAL_APIC_PAGE_ADDR,
4820  __pa(vmx->vcpu.arch.apic->regs));
4821  vmcs_write32(TPR_THRESHOLD, 0);
4822  }
4823 
4824  vmx_setup_uret_msrs(vmx);
4825 }
4826 
4827 static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu)
4828 {
4829  struct vcpu_vmx *vmx = to_vmx(vcpu);
4830 
4831  init_vmcs(vmx);
4832 
4833  if (nested)
4834  memcpy(&vmx->nested.msrs, &vmcs_config.nested, sizeof(vmx->nested.msrs));
4835 
4836  vcpu_setup_sgx_lepubkeyhash(vcpu);
4837 
4838  vmx->nested.posted_intr_nv = -1;
4839  vmx->nested.vmxon_ptr = INVALID_GPA;
4840  vmx->nested.current_vmptr = INVALID_GPA;
4841 
4842 #ifdef CONFIG_KVM_HYPERV
4843  vmx->nested.hv_evmcs_vmptr = EVMPTR_INVALID;
4844 #endif
4845 
4846  vcpu->arch.microcode_version = 0x100000000ULL;
4847  vmx->msr_ia32_feature_control_valid_bits = FEAT_CTL_LOCKED;
4848 
4849  /*
4850  * Enforce invariant: pi_desc.nv is always either POSTED_INTR_VECTOR
4851  * or POSTED_INTR_WAKEUP_VECTOR.
4852  */
4853  vmx->pi_desc.nv = POSTED_INTR_VECTOR;
4854  vmx->pi_desc.sn = 1;
4855 }
4856 
4857 static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
4858 {
4859  struct vcpu_vmx *vmx = to_vmx(vcpu);
4860 
4861  if (!init_event)
4862  __vmx_vcpu_reset(vcpu);
4863 
4864  vmx->rmode.vm86_active = 0;
4865  vmx->spec_ctrl = 0;
4866 
4867  vmx->msr_ia32_umwait_control = 0;
4868 
4869  vmx->hv_deadline_tsc = -1;
4870  kvm_set_cr8(vcpu, 0);
4871 
4872  vmx_segment_cache_clear(vmx);
4873  kvm_register_mark_available(vcpu, VCPU_EXREG_SEGMENTS);
4874 
4875  seg_setup(VCPU_SREG_CS);
4876  vmcs_write16(GUEST_CS_SELECTOR, 0xf000);
4877  vmcs_writel(GUEST_CS_BASE, 0xffff0000ul);
4878 
4879  seg_setup(VCPU_SREG_DS);
4880  seg_setup(VCPU_SREG_ES);
4881  seg_setup(VCPU_SREG_FS);
4882  seg_setup(VCPU_SREG_GS);
4883  seg_setup(VCPU_SREG_SS);
4884 
4885  vmcs_write16(GUEST_TR_SELECTOR, 0);
4886  vmcs_writel(GUEST_TR_BASE, 0);
4887  vmcs_write32(GUEST_TR_LIMIT, 0xffff);
4888  vmcs_write32(GUEST_TR_AR_BYTES, 0x008b);
4889 
4890  vmcs_write16(GUEST_LDTR_SELECTOR, 0);
4891  vmcs_writel(GUEST_LDTR_BASE, 0);
4892  vmcs_write32(GUEST_LDTR_LIMIT, 0xffff);
4893  vmcs_write32(GUEST_LDTR_AR_BYTES, 0x00082);
4894 
4895  vmcs_writel(GUEST_GDTR_BASE, 0);
4896  vmcs_write32(GUEST_GDTR_LIMIT, 0xffff);
4897 
4898  vmcs_writel(GUEST_IDTR_BASE, 0);
4899  vmcs_write32(GUEST_IDTR_LIMIT, 0xffff);
4900 
4901  vmcs_write32(GUEST_ACTIVITY_STATE, GUEST_ACTIVITY_ACTIVE);
4902  vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, 0);
4903  vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS, 0);
4904  if (kvm_mpx_supported())
4905  vmcs_write64(GUEST_BNDCFGS, 0);
4906 
4907  vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); /* 22.2.1 */
4908 
4909  kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
4910 
4911  vpid_sync_context(vmx->vpid);
4912 
4913  vmx_update_fb_clear_dis(vcpu, vmx);
4914 }
4915 
4916 static void vmx_enable_irq_window(struct kvm_vcpu *vcpu)
4917 {
4918  exec_controls_setbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING);
4919 }
4920 
4921 static void vmx_enable_nmi_window(struct kvm_vcpu *vcpu)
4922 {
4923  if (!enable_vnmi ||
4924  vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) {
4925  vmx_enable_irq_window(vcpu);
4926  return;
4927  }
4928 
4929  exec_controls_setbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING);
4930 }
4931 
4932 static void vmx_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
4933 {
4934  struct vcpu_vmx *vmx = to_vmx(vcpu);
4935  uint32_t intr;
4936  int irq = vcpu->arch.interrupt.nr;
4937 
4938  trace_kvm_inj_virq(irq, vcpu->arch.interrupt.soft, reinjected);
4939 
4940  ++vcpu->stat.irq_injections;
4941  if (vmx->rmode.vm86_active) {
4942  int inc_eip = 0;
4943  if (vcpu->arch.interrupt.soft)
4944  inc_eip = vcpu->arch.event_exit_inst_len;
4945  kvm_inject_realmode_interrupt(vcpu, irq, inc_eip);
4946  return;
4947  }
4948  intr = irq | INTR_INFO_VALID_MASK;
4949  if (vcpu->arch.interrupt.soft) {
4950  intr |= INTR_TYPE_SOFT_INTR;
4951  vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
4952  vmx->vcpu.arch.event_exit_inst_len);
4953  } else
4954  intr |= INTR_TYPE_EXT_INTR;
4955  vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr);
4956 
4957  vmx_clear_hlt(vcpu);
4958 }
4959 
4960 static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
4961 {
4962  struct vcpu_vmx *vmx = to_vmx(vcpu);
4963 
4964  if (!enable_vnmi) {
4965  /*
4966  * Tracking the NMI-blocked state in software is built upon
4967  * finding the next open IRQ window. This, in turn, depends on
4968  * well-behaving guests: They have to keep IRQs disabled at
4969  * least as long as the NMI handler runs. Otherwise we may
4970  * cause NMI nesting, maybe breaking the guest. But as this is
4971  * highly unlikely, we can live with the residual risk.
4972  */
4973  vmx->loaded_vmcs->soft_vnmi_blocked = 1;
4974  vmx->loaded_vmcs->vnmi_blocked_time = 0;
4975  }
4976 
4977  ++vcpu->stat.nmi_injections;
4978  vmx->loaded_vmcs->nmi_known_unmasked = false;
4979 
4980  if (vmx->rmode.vm86_active) {
4981  kvm_inject_realmode_interrupt(vcpu, NMI_VECTOR, 0);
4982  return;
4983  }
4984 
4985  vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
4986  INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR);
4987 
4988  vmx_clear_hlt(vcpu);
4989 }
4990 
4991 bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)
4992 {
4993  struct vcpu_vmx *vmx = to_vmx(vcpu);
4994  bool masked;
4995 
4996  if (!enable_vnmi)
4997  return vmx->loaded_vmcs->soft_vnmi_blocked;
4998  if (vmx->loaded_vmcs->nmi_known_unmasked)
4999  return false;
5000  masked = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_NMI;
5001  vmx->loaded_vmcs->nmi_known_unmasked = !masked;
5002  return masked;
5003 }
5004 
5005 void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
5006 {
5007  struct vcpu_vmx *vmx = to_vmx(vcpu);
5008 
5009  if (!enable_vnmi) {
5010  if (vmx->loaded_vmcs->soft_vnmi_blocked != masked) {
5011  vmx->loaded_vmcs->soft_vnmi_blocked = masked;
5012  vmx->loaded_vmcs->vnmi_blocked_time = 0;
5013  }
5014  } else {
5015  vmx->loaded_vmcs->nmi_known_unmasked = !masked;
5016  if (masked)
5017  vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
5018  GUEST_INTR_STATE_NMI);
5019  else
5020  vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
5021  GUEST_INTR_STATE_NMI);
5022  }
5023 }
5024 
5025 bool vmx_nmi_blocked(struct kvm_vcpu *vcpu)
5026 {
5027  if (is_guest_mode(vcpu) && nested_exit_on_nmi(vcpu))
5028  return false;
5029 
5030  if (!enable_vnmi && to_vmx(vcpu)->loaded_vmcs->soft_vnmi_blocked)
5031  return true;
5032 
5033  return (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
5034  (GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_STI |
5035  GUEST_INTR_STATE_NMI));
5036 }
5037 
5038 static int vmx_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
5039 {
5040  if (to_vmx(vcpu)->nested.nested_run_pending)
5041  return -EBUSY;
5042 
5043  /* An NMI must not be injected into L2 if it's supposed to VM-Exit. */
5044  if (for_injection && is_guest_mode(vcpu) && nested_exit_on_nmi(vcpu))
5045  return -EBUSY;
5046 
5047  return !vmx_nmi_blocked(vcpu);
5048 }
5049 
5050 bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
5051 {
5052  if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
5053  return false;
5054 
5055  return !(vmx_get_rflags(vcpu) & X86_EFLAGS_IF) ||
5056  (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
5057  (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS));
5058 }
5059 
5060 static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
5061 {
5062  if (to_vmx(vcpu)->nested.nested_run_pending)
5063  return -EBUSY;
5064 
5065  /*
5066  * An IRQ must not be injected into L2 if it's supposed to VM-Exit,
5067  * e.g. if the IRQ arrived asynchronously after checking nested events.
5068  */
5069  if (for_injection && is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
5070  return -EBUSY;
5071 
5072  return !vmx_interrupt_blocked(vcpu);
5073 }
5074 
5075 static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
5076 {
5077  void __user *ret;
5078 
5079  if (enable_unrestricted_guest)
5080  return 0;
5081 
5082  mutex_lock(&kvm->slots_lock);
5083  ret = __x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
5084  PAGE_SIZE * 3);
5085  mutex_unlock(&kvm->slots_lock);
5086 
5087  if (IS_ERR(ret))
5088  return PTR_ERR(ret);
5089 
5090  to_kvm_vmx(kvm)->tss_addr = addr;
5091 
5092  return init_rmode_tss(kvm, ret);
5093 }
5094 
5095 static int vmx_set_identity_map_addr(struct kvm *kvm, u64 ident_addr)
5096 {
5097  to_kvm_vmx(kvm)->ept_identity_map_addr = ident_addr;
5098  return 0;
5099 }
5100 
5101 static bool rmode_exception(struct kvm_vcpu *vcpu, int vec)
5102 {
5103  switch (vec) {
5104  case BP_VECTOR:
5105  /*
5106  * Update instruction length as we may reinject the exception
5107  * from user space while in guest debugging mode.
5108  */
5109  to_vmx(vcpu)->vcpu.arch.event_exit_inst_len =
5110  vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
5111  if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
5112  return false;
5113  fallthrough;
5114  case DB_VECTOR:
5115  return !(vcpu->guest_debug &
5116  (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP));
5117  case DE_VECTOR:
5118  case OF_VECTOR:
5119  case BR_VECTOR:
5120  case UD_VECTOR:
5121  case DF_VECTOR:
5122  case SS_VECTOR:
5123  case GP_VECTOR:
5124  case MF_VECTOR:
5125  return true;
5126  }
5127  return false;
5128 }
5129 
5130 static int handle_rmode_exception(struct kvm_vcpu *vcpu,
5131  int vec, u32 err_code)
5132 {
5133  /*
5134  * Instruction with address size override prefix opcode 0x67
5135  * Cause the #SS fault with 0 error code in VM86 mode.
5136  */
5137  if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0) {
5138  if (kvm_emulate_instruction(vcpu, 0)) {
5139  if (vcpu->arch.halt_request) {
5140  vcpu->arch.halt_request = 0;
5141  return kvm_emulate_halt_noskip(vcpu);
5142  }
5143  return 1;
5144  }
5145  return 0;
5146  }
5147 
5148  /*
5149  * Forward all other exceptions that are valid in real mode.
5150  * FIXME: Breaks guest debugging in real mode, needs to be fixed with
5151  * the required debugging infrastructure rework.
5152  */
5153  kvm_queue_exception(vcpu, vec);
5154  return 1;
5155 }
5156 
5157 static int handle_machine_check(struct kvm_vcpu *vcpu)
5158 {
5159  /* handled by vmx_vcpu_run() */
5160  return 1;
5161 }
5162 
5163 /*
5164  * If the host has split lock detection disabled, then #AC is
5165  * unconditionally injected into the guest, which is the pre split lock
5166  * detection behaviour.
5167  *
5168  * If the host has split lock detection enabled then #AC is
5169  * only injected into the guest when:
5170  * - Guest CPL == 3 (user mode)
5171  * - Guest has #AC detection enabled in CR0
5172  * - Guest EFLAGS has AC bit set
5173  */
5174 bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu)
5175 {
5176  if (!boot_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT))
5177  return true;
5178 
5179  return vmx_get_cpl(vcpu) == 3 && kvm_is_cr0_bit_set(vcpu, X86_CR0_AM) &&
5180  (kvm_get_rflags(vcpu) & X86_EFLAGS_AC);
5181 }
5182 
5183 static int handle_exception_nmi(struct kvm_vcpu *vcpu)
5184 {
5185  struct vcpu_vmx *vmx = to_vmx(vcpu);
5186  struct kvm_run *kvm_run = vcpu->run;
5187  u32 intr_info, ex_no, error_code;
5188  unsigned long cr2, dr6;
5189  u32 vect_info;
5190 
5191  vect_info = vmx->idt_vectoring_info;
5192  intr_info = vmx_get_intr_info(vcpu);
5193 
5194  /*
5195  * Machine checks are handled by handle_exception_irqoff(), or by
5196  * vmx_vcpu_run() if a #MC occurs on VM-Entry. NMIs are handled by
5197  * vmx_vcpu_enter_exit().
5198  */
5199  if (is_machine_check(intr_info) || is_nmi(intr_info))
5200  return 1;
5201 
5202  /*
5203  * Queue the exception here instead of in handle_nm_fault_irqoff().
5204  * This ensures the nested_vmx check is not skipped so vmexit can
5205  * be reflected to L1 (when it intercepts #NM) before reaching this
5206  * point.
5207  */
5208  if (is_nm_fault(intr_info)) {
5209  kvm_queue_exception(vcpu, NM_VECTOR);
5210  return 1;
5211  }
5212 
5213  if (is_invalid_opcode(intr_info))
5214  return handle_ud(vcpu);
5215 
5216  error_code = 0;
5217  if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
5218  error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
5219 
5220  if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) {
5221  WARN_ON_ONCE(!enable_vmware_backdoor);
5222 
5223  /*
5224  * VMware backdoor emulation on #GP interception only handles
5225  * IN{S}, OUT{S}, and RDPMC, none of which generate a non-zero
5226  * error code on #GP.
5227  */
5228  if (error_code) {
5229  kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
5230  return 1;
5231  }
5232  return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP);
5233  }
5234 
5235  /*
5236  * The #PF with PFEC.RSVD = 1 indicates the guest is accessing
5237  * MMIO, it is better to report an internal error.
5238  * See the comments in vmx_handle_exit.
5239  */
5240  if ((vect_info & VECTORING_INFO_VALID_MASK) &&
5241  !(is_page_fault(intr_info) && !(error_code & PFERR_RSVD_MASK))) {
5242  vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
5243  vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX;
5244  vcpu->run->internal.ndata = 4;
5245  vcpu->run->internal.data[0] = vect_info;
5246  vcpu->run->internal.data[1] = intr_info;
5247  vcpu->run->internal.data[2] = error_code;
5248  vcpu->run->internal.data[3] = vcpu->arch.last_vmentry_cpu;
5249  return 0;
5250  }
5251 
5252  if (is_page_fault(intr_info)) {
5253  cr2 = vmx_get_exit_qual(vcpu);
5254  if (enable_ept && !vcpu->arch.apf.host_apf_flags) {
5255  /*
5256  * EPT will cause page fault only if we need to
5257  * detect illegal GPAs.
5258  */
5259  WARN_ON_ONCE(!allow_smaller_maxphyaddr);
5260  kvm_fixup_and_inject_pf_error(vcpu, cr2, error_code);
5261  return 1;
5262  } else
5263  return kvm_handle_page_fault(vcpu, error_code, cr2, NULL, 0);
5264  }
5265 
5266  ex_no = intr_info & INTR_INFO_VECTOR_MASK;
5267 
5268  if (vmx->rmode.vm86_active && rmode_exception(vcpu, ex_no))
5269  return handle_rmode_exception(vcpu, ex_no, error_code);
5270 
5271  switch (ex_no) {
5272  case DB_VECTOR:
5273  dr6 = vmx_get_exit_qual(vcpu);
5274  if (!(vcpu->guest_debug &
5275  (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
5276  /*
5277  * If the #DB was due to ICEBP, a.k.a. INT1, skip the
5278  * instruction. ICEBP generates a trap-like #DB, but
5279  * despite its interception control being tied to #DB,
5280  * is an instruction intercept, i.e. the VM-Exit occurs
5281  * on the ICEBP itself. Use the inner "skip" helper to
5282  * avoid single-step #DB and MTF updates, as ICEBP is
5283  * higher priority. Note, skipping ICEBP still clears
5284  * STI and MOVSS blocking.
5285  *
5286  * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS
5287  * if single-step is enabled in RFLAGS and STI or MOVSS
5288  * blocking is active, as the CPU doesn't set the bit
5289  * on VM-Exit due to #DB interception. VM-Entry has a
5290  * consistency check that a single-step #DB is pending
5291  * in this scenario as the previous instruction cannot
5292  * have toggled RFLAGS.TF 0=>1 (because STI and POP/MOV
5293  * don't modify RFLAGS), therefore the one instruction
5294  * delay when activating single-step breakpoints must
5295  * have already expired. Note, the CPU sets/clears BS
5296  * as appropriate for all other VM-Exits types.
5297  */
5298  if (is_icebp(intr_info))
5299  WARN_ON(!skip_emulated_instruction(vcpu));
5300  else if ((vmx_get_rflags(vcpu) & X86_EFLAGS_TF) &&
5301  (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
5302  (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS)))
5303  vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS,
5304  vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS) | DR6_BS);
5305 
5306  kvm_queue_exception_p(vcpu, DB_VECTOR, dr6);
5307  return 1;
5308  }
5309  kvm_run->debug.arch.dr6 = dr6 | DR6_ACTIVE_LOW;
5310  kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7);
5311  fallthrough;
5312  case BP_VECTOR:
5313  /*
5314  * Update instruction length as we may reinject #BP from
5315  * user space while in guest debugging mode. Reading it for
5316  * #DB as well causes no harm, it is not used in that case.
5317  */
5318  vmx->vcpu.arch.event_exit_inst_len =
5319  vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
5320  kvm_run->exit_reason = KVM_EXIT_DEBUG;
5321  kvm_run->debug.arch.pc = kvm_get_linear_rip(vcpu);
5322  kvm_run->debug.arch.exception = ex_no;
5323  break;
5324  case AC_VECTOR:
5325  if (vmx_guest_inject_ac(vcpu)) {
5326  kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
5327  return 1;
5328  }
5329 
5330  /*
5331  * Handle split lock. Depending on detection mode this will
5332  * either warn and disable split lock detection for this
5333  * task or force SIGBUS on it.
5334  */
5335  if (handle_guest_split_lock(kvm_rip_read(vcpu)))
5336  return 1;
5337  fallthrough;
5338  default:
5339  kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
5340  kvm_run->ex.exception = ex_no;
5341  kvm_run->ex.error_code = error_code;
5342  break;
5343  }
5344  return 0;
5345 }
5346 
5347 static __always_inline int handle_external_interrupt(struct kvm_vcpu *vcpu)
5348 {
5349  ++vcpu->stat.irq_exits;
5350  return 1;
5351 }
5352 
5353 static int handle_triple_fault(struct kvm_vcpu *vcpu)
5354 {
5355  vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
5356  vcpu->mmio_needed = 0;
5357  return 0;
5358 }
5359 
5360 static int handle_io(struct kvm_vcpu *vcpu)
5361 {
5362  unsigned long exit_qualification;
5363  int size, in, string;
5364  unsigned port;
5365 
5366  exit_qualification = vmx_get_exit_qual(vcpu);
5367  string = (exit_qualification & 16) != 0;
5368 
5369  ++vcpu->stat.io_exits;
5370 
5371  if (string)
5372  return kvm_emulate_instruction(vcpu, 0);
5373 
5374  port = exit_qualification >> 16;
5375  size = (exit_qualification & 7) + 1;
5376  in = (exit_qualification & 8) != 0;
5377 
5378  return kvm_fast_pio(vcpu, size, port, in);
5379 }
5380 
5381 static void
5382 vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
5383 {
5384  /*
5385  * Patch in the VMCALL instruction:
5386  */
5387  hypercall[0] = 0x0f;
5388  hypercall[1] = 0x01;
5389  hypercall[2] = 0xc1;
5390 }
5391 
5392 /* called to set cr0 as appropriate for a mov-to-cr0 exit. */
5393 static int handle_set_cr0(struct kvm_vcpu *vcpu, unsigned long val)
5394 {
5395  if (is_guest_mode(vcpu)) {
5396  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
5397  unsigned long orig_val = val;
5398 
5399  /*
5400  * We get here when L2 changed cr0 in a way that did not change
5401  * any of L1's shadowed bits (see nested_vmx_exit_handled_cr),
5402  * but did change L0 shadowed bits. So we first calculate the
5403  * effective cr0 value that L1 would like to write into the
5404  * hardware. It consists of the L2-owned bits from the new
5405  * value combined with the L1-owned bits from L1's guest_cr0.
5406  */
5407  val = (val & ~vmcs12->cr0_guest_host_mask) |
5408  (vmcs12->guest_cr0 & vmcs12->cr0_guest_host_mask);
5409 
5410  if (kvm_set_cr0(vcpu, val))
5411  return 1;
5412  vmcs_writel(CR0_READ_SHADOW, orig_val);
5413  return 0;
5414  } else {
5415  return kvm_set_cr0(vcpu, val);
5416  }
5417 }
5418 
5419 static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val)
5420 {
5421  if (is_guest_mode(vcpu)) {
5422  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
5423  unsigned long orig_val = val;
5424 
5425  /* analogously to handle_set_cr0 */
5426  val = (val & ~vmcs12->cr4_guest_host_mask) |
5427  (vmcs12->guest_cr4 & vmcs12->cr4_guest_host_mask);
5428  if (kvm_set_cr4(vcpu, val))
5429  return 1;
5430  vmcs_writel(CR4_READ_SHADOW, orig_val);
5431  return 0;
5432  } else
5433  return kvm_set_cr4(vcpu, val);
5434 }
5435 
5436 static int handle_desc(struct kvm_vcpu *vcpu)
5437 {
5438  /*
5439  * UMIP emulation relies on intercepting writes to CR4.UMIP, i.e. this
5440  * and other code needs to be updated if UMIP can be guest owned.
5441  */
5442  BUILD_BUG_ON(KVM_POSSIBLE_CR4_GUEST_BITS & X86_CR4_UMIP);
5443 
5444  WARN_ON_ONCE(!kvm_is_cr4_bit_set(vcpu, X86_CR4_UMIP));
5445  return kvm_emulate_instruction(vcpu, 0);
5446 }
5447 
5448 static int handle_cr(struct kvm_vcpu *vcpu)
5449 {
5450  unsigned long exit_qualification, val;
5451  int cr;
5452  int reg;
5453  int err;
5454  int ret;
5455 
5456  exit_qualification = vmx_get_exit_qual(vcpu);
5457  cr = exit_qualification & 15;
5458  reg = (exit_qualification >> 8) & 15;
5459  switch ((exit_qualification >> 4) & 3) {
5460  case 0: /* mov to cr */
5461  val = kvm_register_read(vcpu, reg);
5462  trace_kvm_cr_write(cr, val);
5463  switch (cr) {
5464  case 0:
5465  err = handle_set_cr0(vcpu, val);
5466  return kvm_complete_insn_gp(vcpu, err);
5467  case 3:
5468  WARN_ON_ONCE(enable_unrestricted_guest);
5469 
5470  err = kvm_set_cr3(vcpu, val);
5471  return kvm_complete_insn_gp(vcpu, err);
5472  case 4:
5473  err = handle_set_cr4(vcpu, val);
5474  return kvm_complete_insn_gp(vcpu, err);
5475  case 8: {
5476  u8 cr8_prev = kvm_get_cr8(vcpu);
5477  u8 cr8 = (u8)val;
5478  err = kvm_set_cr8(vcpu, cr8);
5479  ret = kvm_complete_insn_gp(vcpu, err);
5480  if (lapic_in_kernel(vcpu))
5481  return ret;
5482  if (cr8_prev <= cr8)
5483  return ret;
5484  /*
5485  * TODO: we might be squashing a
5486  * KVM_GUESTDBG_SINGLESTEP-triggered
5487  * KVM_EXIT_DEBUG here.
5488  */
5489  vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
5490  return 0;
5491  }
5492  }
5493  break;
5494  case 2: /* clts */
5495  KVM_BUG(1, vcpu->kvm, "Guest always owns CR0.TS");
5496  return -EIO;
5497  case 1: /*mov from cr*/
5498  switch (cr) {
5499  case 3:
5500  WARN_ON_ONCE(enable_unrestricted_guest);
5501 
5502  val = kvm_read_cr3(vcpu);
5503  kvm_register_write(vcpu, reg, val);
5504  trace_kvm_cr_read(cr, val);
5505  return kvm_skip_emulated_instruction(vcpu);
5506  case 8:
5507  val = kvm_get_cr8(vcpu);
5508  kvm_register_write(vcpu, reg, val);
5509  trace_kvm_cr_read(cr, val);
5510  return kvm_skip_emulated_instruction(vcpu);
5511  }
5512  break;
5513  case 3: /* lmsw */
5514  val = (exit_qualification >> LMSW_SOURCE_DATA_SHIFT) & 0x0f;
5515  trace_kvm_cr_write(0, (kvm_read_cr0_bits(vcpu, ~0xful) | val));
5516  kvm_lmsw(vcpu, val);
5517 
5518  return kvm_skip_emulated_instruction(vcpu);
5519  default:
5520  break;
5521  }
5522  vcpu->run->exit_reason = 0;
5523  vcpu_unimpl(vcpu, "unhandled control register: op %d cr %d\n",
5524  (int)(exit_qualification >> 4) & 3, cr);
5525  return 0;
5526 }
5527 
5528 static int handle_dr(struct kvm_vcpu *vcpu)
5529 {
5530  unsigned long exit_qualification;
5531  int dr, dr7, reg;
5532  int err = 1;
5533 
5534  exit_qualification = vmx_get_exit_qual(vcpu);
5535  dr = exit_qualification & DEBUG_REG_ACCESS_NUM;
5536 
5537  /* First, if DR does not exist, trigger UD */
5538  if (!kvm_require_dr(vcpu, dr))
5539  return 1;
5540 
5541  if (vmx_get_cpl(vcpu) > 0)
5542  goto out;
5543 
5544  dr7 = vmcs_readl(GUEST_DR7);
5545  if (dr7 & DR7_GD) {
5546  /*
5547  * As the vm-exit takes precedence over the debug trap, we
5548  * need to emulate the latter, either for the host or the
5549  * guest debugging itself.
5550  */
5551  if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
5552  vcpu->run->debug.arch.dr6 = DR6_BD | DR6_ACTIVE_LOW;
5553  vcpu->run->debug.arch.dr7 = dr7;
5554  vcpu->run->debug.arch.pc = kvm_get_linear_rip(vcpu);
5555  vcpu->run->debug.arch.exception = DB_VECTOR;
5556  vcpu->run->exit_reason = KVM_EXIT_DEBUG;
5557  return 0;
5558  } else {
5559  kvm_queue_exception_p(vcpu, DB_VECTOR, DR6_BD);
5560  return 1;
5561  }
5562  }
5563 
5564  if (vcpu->guest_debug == 0) {
5565  exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING);
5566 
5567  /*
5568  * No more DR vmexits; force a reload of the debug registers
5569  * and reenter on this instruction. The next vmexit will
5570  * retrieve the full state of the debug registers.
5571  */
5572  vcpu->arch.switch_db_regs |= KVM_DEBUGREG_WONT_EXIT;
5573  return 1;
5574  }
5575 
5576  reg = DEBUG_REG_ACCESS_REG(exit_qualification);
5577  if (exit_qualification & TYPE_MOV_FROM_DR) {
5578  unsigned long val;
5579 
5580  kvm_get_dr(vcpu, dr, &val);
5581  kvm_register_write(vcpu, reg, val);
5582  err = 0;
5583  } else {
5584  err = kvm_set_dr(vcpu, dr, kvm_register_read(vcpu, reg));
5585  }
5586 
5587 out:
5588  return kvm_complete_insn_gp(vcpu, err);
5589 }
5590 
5591 static void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
5592 {
5593  get_debugreg(vcpu->arch.db[0], 0);
5594  get_debugreg(vcpu->arch.db[1], 1);
5595  get_debugreg(vcpu->arch.db[2], 2);
5596  get_debugreg(vcpu->arch.db[3], 3);
5597  get_debugreg(vcpu->arch.dr6, 6);
5598  vcpu->arch.dr7 = vmcs_readl(GUEST_DR7);
5599 
5600  vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
5601  exec_controls_setbit(to_vmx(vcpu), CPU_BASED_MOV_DR_EXITING);
5602 
5603  /*
5604  * exc_debug expects dr6 to be cleared after it runs, avoid that it sees
5605  * a stale dr6 from the guest.
5606  */
5607  set_debugreg(DR6_RESERVED, 6);
5608 }
5609 
5610 static void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val)
5611 {
5612  vmcs_writel(GUEST_DR7, val);
5613 }
5614 
5615 static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu)
5616 {
5617  kvm_apic_update_ppr(vcpu);
5618  return 1;
5619 }
5620 
5621 static int handle_interrupt_window(struct kvm_vcpu *vcpu)
5622 {
5623  exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_INTR_WINDOW_EXITING);
5624 
5625  kvm_make_request(KVM_REQ_EVENT, vcpu);
5626 
5627  ++vcpu->stat.irq_window_exits;
5628  return 1;
5629 }
5630 
5631 static int handle_invlpg(struct kvm_vcpu *vcpu)
5632 {
5633  unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5634 
5635  kvm_mmu_invlpg(vcpu, exit_qualification);
5636  return kvm_skip_emulated_instruction(vcpu);
5637 }
5638 
5639 static int handle_apic_access(struct kvm_vcpu *vcpu)
5640 {
5641  if (likely(fasteoi)) {
5642  unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5643  int access_type, offset;
5644 
5645  access_type = exit_qualification & APIC_ACCESS_TYPE;
5646  offset = exit_qualification & APIC_ACCESS_OFFSET;
5647  /*
5648  * Sane guest uses MOV to write EOI, with written value
5649  * not cared. So make a short-circuit here by avoiding
5650  * heavy instruction emulation.
5651  */
5652  if ((access_type == TYPE_LINEAR_APIC_INST_WRITE) &&
5653  (offset == APIC_EOI)) {
5654  kvm_lapic_set_eoi(vcpu);
5655  return kvm_skip_emulated_instruction(vcpu);
5656  }
5657  }
5658  return kvm_emulate_instruction(vcpu, 0);
5659 }
5660 
5661 static int handle_apic_eoi_induced(struct kvm_vcpu *vcpu)
5662 {
5663  unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5664  int vector = exit_qualification & 0xff;
5665 
5666  /* EOI-induced VM exit is trap-like and thus no need to adjust IP */
5667  kvm_apic_set_eoi_accelerated(vcpu, vector);
5668  return 1;
5669 }
5670 
5671 static int handle_apic_write(struct kvm_vcpu *vcpu)
5672 {
5673  unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5674 
5675  /*
5676  * APIC-write VM-Exit is trap-like, KVM doesn't need to advance RIP and
5677  * hardware has done any necessary aliasing, offset adjustments, etc...
5678  * for the access. I.e. the correct value has already been written to
5679  * the vAPIC page for the correct 16-byte chunk. KVM needs only to
5680  * retrieve the register value and emulate the access.
5681  */
5682  u32 offset = exit_qualification & 0xff0;
5683 
5684  kvm_apic_write_nodecode(vcpu, offset);
5685  return 1;
5686 }
5687 
5688 static int handle_task_switch(struct kvm_vcpu *vcpu)
5689 {
5690  struct vcpu_vmx *vmx = to_vmx(vcpu);
5691  unsigned long exit_qualification;
5692  bool has_error_code = false;
5693  u32 error_code = 0;
5694  u16 tss_selector;
5695  int reason, type, idt_v, idt_index;
5696 
5697  idt_v = (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK);
5698  idt_index = (vmx->idt_vectoring_info & VECTORING_INFO_VECTOR_MASK);
5699  type = (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK);
5700 
5701  exit_qualification = vmx_get_exit_qual(vcpu);
5702 
5703  reason = (u32)exit_qualification >> 30;
5704  if (reason == TASK_SWITCH_GATE && idt_v) {
5705  switch (type) {
5706  case INTR_TYPE_NMI_INTR:
5707  vcpu->arch.nmi_injected = false;
5708  vmx_set_nmi_mask(vcpu, true);
5709  break;
5710  case INTR_TYPE_EXT_INTR:
5711  case INTR_TYPE_SOFT_INTR:
5712  kvm_clear_interrupt_queue(vcpu);
5713  break;
5714  case INTR_TYPE_HARD_EXCEPTION:
5715  if (vmx->idt_vectoring_info &
5716  VECTORING_INFO_DELIVER_CODE_MASK) {
5717  has_error_code = true;
5718  error_code =
5719  vmcs_read32(IDT_VECTORING_ERROR_CODE);
5720  }
5721  fallthrough;
5722  case INTR_TYPE_SOFT_EXCEPTION:
5723  kvm_clear_exception_queue(vcpu);
5724  break;
5725  default:
5726  break;
5727  }
5728  }
5729  tss_selector = exit_qualification;
5730 
5731  if (!idt_v || (type != INTR_TYPE_HARD_EXCEPTION &&
5732  type != INTR_TYPE_EXT_INTR &&
5733  type != INTR_TYPE_NMI_INTR))
5734  WARN_ON(!skip_emulated_instruction(vcpu));
5735 
5736  /*
5737  * TODO: What about debug traps on tss switch?
5738  * Are we supposed to inject them and update dr6?
5739  */
5740  return kvm_task_switch(vcpu, tss_selector,
5741  type == INTR_TYPE_SOFT_INTR ? idt_index : -1,
5742  reason, has_error_code, error_code);
5743 }
5744 
5745 static int handle_ept_violation(struct kvm_vcpu *vcpu)
5746 {
5747  unsigned long exit_qualification;
5748  gpa_t gpa;
5749  u64 error_code;
5750 
5751  exit_qualification = vmx_get_exit_qual(vcpu);
5752 
5753  /*
5754  * EPT violation happened while executing iret from NMI,
5755  * "blocked by NMI" bit has to be set before next VM entry.
5756  * There are errata that may cause this bit to not be set:
5757  * AAK134, BY25.
5758  */
5759  if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
5760  enable_vnmi &&
5761  (exit_qualification & INTR_INFO_UNBLOCK_NMI))
5762  vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI);
5763 
5764  gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
5765  trace_kvm_page_fault(vcpu, gpa, exit_qualification);
5766 
5767  /* Is it a read fault? */
5768  error_code = (exit_qualification & EPT_VIOLATION_ACC_READ)
5769  ? PFERR_USER_MASK : 0;
5770  /* Is it a write fault? */
5771  error_code |= (exit_qualification & EPT_VIOLATION_ACC_WRITE)
5772  ? PFERR_WRITE_MASK : 0;
5773  /* Is it a fetch fault? */
5774  error_code |= (exit_qualification & EPT_VIOLATION_ACC_INSTR)
5775  ? PFERR_FETCH_MASK : 0;
5776  /* ept page table entry is present? */
5777  error_code |= (exit_qualification & EPT_VIOLATION_RWX_MASK)
5778  ? PFERR_PRESENT_MASK : 0;
5779 
5780  error_code |= (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) != 0 ?
5781  PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK;
5782 
5783  vcpu->arch.exit_qualification = exit_qualification;
5784 
5785  /*
5786  * Check that the GPA doesn't exceed physical memory limits, as that is
5787  * a guest page fault. We have to emulate the instruction here, because
5788  * if the illegal address is that of a paging structure, then
5789  * EPT_VIOLATION_ACC_WRITE bit is set. Alternatively, if supported we
5790  * would also use advanced VM-exit information for EPT violations to
5791  * reconstruct the page fault error code.
5792  */
5793  if (unlikely(allow_smaller_maxphyaddr && !kvm_vcpu_is_legal_gpa(vcpu, gpa)))
5794  return kvm_emulate_instruction(vcpu, 0);
5795 
5796  return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0);
5797 }
5798 
5799 static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
5800 {
5801  gpa_t gpa;
5802 
5803  if (vmx_check_emulate_instruction(vcpu, EMULTYPE_PF, NULL, 0))
5804  return 1;
5805 
5806  /*
5807  * A nested guest cannot optimize MMIO vmexits, because we have an
5808  * nGPA here instead of the required GPA.
5809  */
5810  gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
5811  if (!is_guest_mode(vcpu) &&
5812  !kvm_io_bus_write(vcpu, KVM_FAST_MMIO_BUS, gpa, 0, NULL)) {
5813  trace_kvm_fast_mmio(gpa);
5814  return kvm_skip_emulated_instruction(vcpu);
5815  }
5816 
5817  return kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0);
5818 }
5819 
5820 static int handle_nmi_window(struct kvm_vcpu *vcpu)
5821 {
5822  if (KVM_BUG_ON(!enable_vnmi, vcpu->kvm))
5823  return -EIO;
5824 
5825  exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING);
5826  ++vcpu->stat.nmi_window_exits;
5827  kvm_make_request(KVM_REQ_EVENT, vcpu);
5828 
5829  return 1;
5830 }
5831 
5832 static bool vmx_emulation_required_with_pending_exception(struct kvm_vcpu *vcpu)
5833 {
5834  struct vcpu_vmx *vmx = to_vmx(vcpu);
5835 
5836  return vmx->emulation_required && !vmx->rmode.vm86_active &&
5837  (kvm_is_exception_pending(vcpu) || vcpu->arch.exception.injected);
5838 }
5839 
5840 static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
5841 {
5842  struct vcpu_vmx *vmx = to_vmx(vcpu);
5843  bool intr_window_requested;
5844  unsigned count = 130;
5845 
5846  intr_window_requested = exec_controls_get(vmx) &
5847  CPU_BASED_INTR_WINDOW_EXITING;
5848 
5849  while (vmx->emulation_required && count-- != 0) {
5850  if (intr_window_requested && !vmx_interrupt_blocked(vcpu))
5851  return handle_interrupt_window(&vmx->vcpu);
5852 
5853  if (kvm_test_request(KVM_REQ_EVENT, vcpu))
5854  return 1;
5855 
5856  if (!kvm_emulate_instruction(vcpu, 0))
5857  return 0;
5858 
5859  if (vmx_emulation_required_with_pending_exception(vcpu)) {
5860  kvm_prepare_emulation_failure_exit(vcpu);
5861  return 0;
5862  }
5863 
5864  if (vcpu->arch.halt_request) {
5865  vcpu->arch.halt_request = 0;
5866  return kvm_emulate_halt_noskip(vcpu);
5867  }
5868 
5869  /*
5870  * Note, return 1 and not 0, vcpu_run() will invoke
5871  * xfer_to_guest_mode() which will create a proper return
5872  * code.
5873  */
5874  if (__xfer_to_guest_mode_work_pending())
5875  return 1;
5876  }
5877 
5878  return 1;
5879 }
5880 
5881 static int vmx_vcpu_pre_run(struct kvm_vcpu *vcpu)
5882 {
5883  if (vmx_emulation_required_with_pending_exception(vcpu)) {
5884  kvm_prepare_emulation_failure_exit(vcpu);
5885  return 0;
5886  }
5887 
5888  return 1;
5889 }
5890 
5891 static void grow_ple_window(struct kvm_vcpu *vcpu)
5892 {
5893  struct vcpu_vmx *vmx = to_vmx(vcpu);
5894  unsigned int old = vmx->ple_window;
5895 
5896  vmx->ple_window = __grow_ple_window(old, ple_window,
5897  ple_window_grow,
5898  ple_window_max);
5899 
5900  if (vmx->ple_window != old) {
5901  vmx->ple_window_dirty = true;
5902  trace_kvm_ple_window_update(vcpu->vcpu_id,
5903  vmx->ple_window, old);
5904  }
5905 }
5906 
5907 static void shrink_ple_window(struct kvm_vcpu *vcpu)
5908 {
5909  struct vcpu_vmx *vmx = to_vmx(vcpu);
5910  unsigned int old = vmx->ple_window;
5911 
5912  vmx->ple_window = __shrink_ple_window(old, ple_window,
5913  ple_window_shrink,
5914  ple_window);
5915 
5916  if (vmx->ple_window != old) {
5917  vmx->ple_window_dirty = true;
5918  trace_kvm_ple_window_update(vcpu->vcpu_id,
5919  vmx->ple_window, old);
5920  }
5921 }
5922 
5923 /*
5924  * Indicate a busy-waiting vcpu in spinlock. We do not enable the PAUSE
5925  * exiting, so only get here on cpu with PAUSE-Loop-Exiting.
5926  */
5927 static int handle_pause(struct kvm_vcpu *vcpu)
5928 {
5929  if (!kvm_pause_in_guest(vcpu->kvm))
5930  grow_ple_window(vcpu);
5931 
5932  /*
5933  * Intel sdm vol3 ch-25.1.3 says: The "PAUSE-loop exiting"
5934  * VM-execution control is ignored if CPL > 0. OTOH, KVM
5935  * never set PAUSE_EXITING and just set PLE if supported,
5936  * so the vcpu must be CPL=0 if it gets a PAUSE exit.
5937  */
5938  kvm_vcpu_on_spin(vcpu, true);
5939  return kvm_skip_emulated_instruction(vcpu);
5940 }
5941 
5942 static int handle_monitor_trap(struct kvm_vcpu *vcpu)
5943 {
5944  return 1;
5945 }
5946 
5947 static int handle_invpcid(struct kvm_vcpu *vcpu)
5948 {
5949  u32 vmx_instruction_info;
5950  unsigned long type;
5951  gva_t gva;
5952  struct {
5953  u64 pcid;
5954  u64 gla;
5955  } operand;
5956  int gpr_index;
5957 
5958  if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) {
5959  kvm_queue_exception(vcpu, UD_VECTOR);
5960  return 1;
5961  }
5962 
5963  vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5964  gpr_index = vmx_get_instr_info_reg2(vmx_instruction_info);
5965  type = kvm_register_read(vcpu, gpr_index);
5966 
5967  /* According to the Intel instruction reference, the memory operand
5968  * is read even if it isn't needed (e.g., for type==all)
5969  */
5970  if (get_vmx_mem_address(vcpu, vmx_get_exit_qual(vcpu),
5971  vmx_instruction_info, false,
5972  sizeof(operand), &gva))
5973  return 1;
5974 
5975  return kvm_handle_invpcid(vcpu, type, gva);
5976 }
5977 
5978 static int handle_pml_full(struct kvm_vcpu *vcpu)
5979 {
5980  unsigned long exit_qualification;
5981 
5982  trace_kvm_pml_full(vcpu->vcpu_id);
5983 
5984  exit_qualification = vmx_get_exit_qual(vcpu);
5985 
5986  /*
5987  * PML buffer FULL happened while executing iret from NMI,
5988  * "blocked by NMI" bit has to be set before next VM entry.
5989  */
5990  if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
5991  enable_vnmi &&
5992  (exit_qualification & INTR_INFO_UNBLOCK_NMI))
5993  vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
5994  GUEST_INTR_STATE_NMI);
5995 
5996  /*
5997  * PML buffer already flushed at beginning of VMEXIT. Nothing to do
5998  * here.., and there's no userspace involvement needed for PML.
5999  */
6000  return 1;
6001 }
6002 
6003 static fastpath_t handle_fastpath_preemption_timer(struct kvm_vcpu *vcpu)
6004 {
6005  struct vcpu_vmx *vmx = to_vmx(vcpu);
6006 
6007  if (!vmx->req_immediate_exit &&
6008  !unlikely(vmx->loaded_vmcs->hv_timer_soft_disabled)) {
6009  kvm_lapic_expired_hv_timer(vcpu);
6010  return EXIT_FASTPATH_REENTER_GUEST;
6011  }
6012 
6013  return EXIT_FASTPATH_NONE;
6014 }
6015 
6016 static int handle_preemption_timer(struct kvm_vcpu *vcpu)
6017 {
6018  handle_fastpath_preemption_timer(vcpu);
6019  return 1;
6020 }
6021 
6022 /*
6023  * When nested=0, all VMX instruction VM Exits filter here. The handlers
6024  * are overwritten by nested_vmx_setup() when nested=1.
6025  */
6026 static int handle_vmx_instruction(struct kvm_vcpu *vcpu)
6027 {
6028  kvm_queue_exception(vcpu, UD_VECTOR);
6029  return 1;
6030 }
6031 
6032 #ifndef CONFIG_X86_SGX_KVM
6033 static int handle_encls(struct kvm_vcpu *vcpu)
6034 {
6035  /*
6036  * SGX virtualization is disabled. There is no software enable bit for
6037  * SGX, so KVM intercepts all ENCLS leafs and injects a #UD to prevent
6038  * the guest from executing ENCLS (when SGX is supported by hardware).
6039  */
6040  kvm_queue_exception(vcpu, UD_VECTOR);
6041  return 1;
6042 }
6043 #endif /* CONFIG_X86_SGX_KVM */
6044 
6045 static int handle_bus_lock_vmexit(struct kvm_vcpu *vcpu)
6046 {
6047  /*
6048  * Hardware may or may not set the BUS_LOCK_DETECTED flag on BUS_LOCK
6049  * VM-Exits. Unconditionally set the flag here and leave the handling to
6050  * vmx_handle_exit().
6051  */
6052  to_vmx(vcpu)->exit_reason.bus_lock_detected = true;
6053  return 1;
6054 }
6055 
6056 static int handle_notify(struct kvm_vcpu *vcpu)
6057 {
6058  unsigned long exit_qual = vmx_get_exit_qual(vcpu);
6059  bool context_invalid = exit_qual & NOTIFY_VM_CONTEXT_INVALID;
6060 
6061  ++vcpu->stat.notify_window_exits;
6062 
6063  /*
6064  * Notify VM exit happened while executing iret from NMI,
6065  * "blocked by NMI" bit has to be set before next VM entry.
6066  */
6067  if (enable_vnmi && (exit_qual & INTR_INFO_UNBLOCK_NMI))
6068  vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
6069  GUEST_INTR_STATE_NMI);
6070 
6071  if (vcpu->kvm->arch.notify_vmexit_flags & KVM_X86_NOTIFY_VMEXIT_USER ||
6072  context_invalid) {
6073  vcpu->run->exit_reason = KVM_EXIT_NOTIFY;
6074  vcpu->run->notify.flags = context_invalid ?
6075  KVM_NOTIFY_CONTEXT_INVALID : 0;
6076  return 0;
6077  }
6078 
6079  return 1;
6080 }
6081 
6082 /*
6083  * The exit handlers return 1 if the exit was handled fully and guest execution
6084  * may resume. Otherwise they set the kvm_run parameter to indicate what needs
6085  * to be done to userspace and return 0.
6086  */
6087 static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
6088  [EXIT_REASON_EXCEPTION_NMI] = handle_exception_nmi,
6089  [EXIT_REASON_EXTERNAL_INTERRUPT] = handle_external_interrupt,
6090  [EXIT_REASON_TRIPLE_FAULT] = handle_triple_fault,
6091  [EXIT_REASON_NMI_WINDOW] = handle_nmi_window,
6092  [EXIT_REASON_IO_INSTRUCTION] = handle_io,
6093  [EXIT_REASON_CR_ACCESS] = handle_cr,
6094  [EXIT_REASON_DR_ACCESS] = handle_dr,
6095  [EXIT_REASON_CPUID] = kvm_emulate_cpuid,
6096  [EXIT_REASON_MSR_READ] = kvm_emulate_rdmsr,
6097  [EXIT_REASON_MSR_WRITE] = kvm_emulate_wrmsr,
6098  [EXIT_REASON_INTERRUPT_WINDOW] = handle_interrupt_window,
6099  [EXIT_REASON_HLT] = kvm_emulate_halt,
6100  [EXIT_REASON_INVD] = kvm_emulate_invd,
6101  [EXIT_REASON_INVLPG] = handle_invlpg,
6102  [EXIT_REASON_RDPMC] = kvm_emulate_rdpmc,
6103  [EXIT_REASON_VMCALL] = kvm_emulate_hypercall,
6104  [EXIT_REASON_VMCLEAR] = handle_vmx_instruction,
6105  [EXIT_REASON_VMLAUNCH] = handle_vmx_instruction,
6106  [EXIT_REASON_VMPTRLD] = handle_vmx_instruction,
6107  [EXIT_REASON_VMPTRST] = handle_vmx_instruction,
6108  [EXIT_REASON_VMREAD] = handle_vmx_instruction,
6109  [EXIT_REASON_VMRESUME] = handle_vmx_instruction,
6110  [EXIT_REASON_VMWRITE] = handle_vmx_instruction,
6111  [EXIT_REASON_VMOFF] = handle_vmx_instruction,
6112  [EXIT_REASON_VMON] = handle_vmx_instruction,
6113  [EXIT_REASON_TPR_BELOW_THRESHOLD] = handle_tpr_below_threshold,
6114  [EXIT_REASON_APIC_ACCESS] = handle_apic_access,
6115  [EXIT_REASON_APIC_WRITE] = handle_apic_write,
6116  [EXIT_REASON_EOI_INDUCED] = handle_apic_eoi_induced,
6117  [EXIT_REASON_WBINVD] = kvm_emulate_wbinvd,
6118  [EXIT_REASON_XSETBV] = kvm_emulate_xsetbv,
6119  [EXIT_REASON_TASK_SWITCH] = handle_task_switch,
6120  [EXIT_REASON_MCE_DURING_VMENTRY] = handle_machine_check,
6121  [EXIT_REASON_GDTR_IDTR] = handle_desc,
6122  [EXIT_REASON_LDTR_TR] = handle_desc,
6123  [EXIT_REASON_EPT_VIOLATION] = handle_ept_violation,
6124  [EXIT_REASON_EPT_MISCONFIG] = handle_ept_misconfig,
6125  [EXIT_REASON_PAUSE_INSTRUCTION] = handle_pause,
6126  [EXIT_REASON_MWAIT_INSTRUCTION] = kvm_emulate_mwait,
6127  [EXIT_REASON_MONITOR_TRAP_FLAG] = handle_monitor_trap,
6128  [EXIT_REASON_MONITOR_INSTRUCTION] = kvm_emulate_monitor,
6129  [EXIT_REASON_INVEPT] = handle_vmx_instruction,
6130  [EXIT_REASON_INVVPID] = handle_vmx_instruction,
6131  [EXIT_REASON_RDRAND] = kvm_handle_invalid_op,
6132  [EXIT_REASON_RDSEED] = kvm_handle_invalid_op,
6133  [EXIT_REASON_PML_FULL] = handle_pml_full,
6134  [EXIT_REASON_INVPCID] = handle_invpcid,
6135  [EXIT_REASON_VMFUNC] = handle_vmx_instruction,
6136  [EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer,
6137  [EXIT_REASON_ENCLS] = handle_encls,
6138  [EXIT_REASON_BUS_LOCK] = handle_bus_lock_vmexit,
6139  [EXIT_REASON_NOTIFY] = handle_notify,
6140 };
6141 
6142 static const int kvm_vmx_max_exit_handlers =
6143  ARRAY_SIZE(kvm_vmx_exit_handlers);
6144 
6145 static void vmx_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
6146  u64 *info1, u64 *info2,
6147  u32 *intr_info, u32 *error_code)
6148 {
6149  struct vcpu_vmx *vmx = to_vmx(vcpu);
6150 
6151  *reason = vmx->exit_reason.full;
6152  *info1 = vmx_get_exit_qual(vcpu);
6153  if (!(vmx->exit_reason.failed_vmentry)) {
6154  *info2 = vmx->idt_vectoring_info;
6155  *intr_info = vmx_get_intr_info(vcpu);
6156  if (is_exception_with_error_code(*intr_info))
6157  *error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
6158  else
6159  *error_code = 0;
6160  } else {
6161  *info2 = 0;
6162  *intr_info = 0;
6163  *error_code = 0;
6164  }
6165 }
6166 
6167 static void vmx_destroy_pml_buffer(struct vcpu_vmx *vmx)
6168 {
6169  if (vmx->pml_pg) {
6170  __free_page(vmx->pml_pg);
6171  vmx->pml_pg = NULL;
6172  }
6173 }
6174 
6175 static void vmx_flush_pml_buffer(struct kvm_vcpu *vcpu)
6176 {
6177  struct vcpu_vmx *vmx = to_vmx(vcpu);
6178  u64 *pml_buf;
6179  u16 pml_idx;
6180 
6181  pml_idx = vmcs_read16(GUEST_PML_INDEX);
6182 
6183  /* Do nothing if PML buffer is empty */
6184  if (pml_idx == (PML_ENTITY_NUM - 1))
6185  return;
6186 
6187  /* PML index always points to next available PML buffer entity */
6188  if (pml_idx >= PML_ENTITY_NUM)
6189  pml_idx = 0;
6190  else
6191  pml_idx++;
6192 
6193  pml_buf = page_address(vmx->pml_pg);
6194  for (; pml_idx < PML_ENTITY_NUM; pml_idx++) {
6195  u64 gpa;
6196 
6197  gpa = pml_buf[pml_idx];
6198  WARN_ON(gpa & (PAGE_SIZE - 1));
6199  kvm_vcpu_mark_page_dirty(vcpu, gpa >> PAGE_SHIFT);
6200  }
6201 
6202  /* reset PML index */
6203  vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1);
6204 }
6205 
6206 static void vmx_dump_sel(char *name, uint32_t sel)
6207 {
6208  pr_err("%s sel=0x%04x, attr=0x%05x, limit=0x%08x, base=0x%016lx\n",
6209  name, vmcs_read16(sel),
6210  vmcs_read32(sel + GUEST_ES_AR_BYTES - GUEST_ES_SELECTOR),
6211  vmcs_read32(sel + GUEST_ES_LIMIT - GUEST_ES_SELECTOR),
6212  vmcs_readl(sel + GUEST_ES_BASE - GUEST_ES_SELECTOR));
6213 }
6214 
6215 static void vmx_dump_dtsel(char *name, uint32_t limit)
6216 {
6217  pr_err("%s limit=0x%08x, base=0x%016lx\n",
6218  name, vmcs_read32(limit),
6219  vmcs_readl(limit + GUEST_GDTR_BASE - GUEST_GDTR_LIMIT));
6220 }
6221 
6222 static void vmx_dump_msrs(char *name, struct vmx_msrs *m)
6223 {
6224  unsigned int i;
6225  struct vmx_msr_entry *e;
6226 
6227  pr_err("MSR %s:\n", name);
6228  for (i = 0, e = m->val; i < m->nr; ++i, ++e)
6229  pr_err(" %2d: msr=0x%08x value=0x%016llx\n", i, e->index, e->value);
6230 }
6231 
6232 void dump_vmcs(struct kvm_vcpu *vcpu)
6233 {
6234  struct vcpu_vmx *vmx = to_vmx(vcpu);
6235  u32 vmentry_ctl, vmexit_ctl;
6236  u32 cpu_based_exec_ctrl, pin_based_exec_ctrl, secondary_exec_control;
6237  u64 tertiary_exec_control;
6238  unsigned long cr4;
6239  int efer_slot;
6240 
6241  if (!dump_invalid_vmcs) {
6242  pr_warn_ratelimited("set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.\n");
6243  return;
6244  }
6245 
6246  vmentry_ctl = vmcs_read32(VM_ENTRY_CONTROLS);
6247  vmexit_ctl = vmcs_read32(VM_EXIT_CONTROLS);
6248  cpu_based_exec_ctrl = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
6249  pin_based_exec_ctrl = vmcs_read32(PIN_BASED_VM_EXEC_CONTROL);
6250  cr4 = vmcs_readl(GUEST_CR4);
6251 
6252  if (cpu_has_secondary_exec_ctrls())
6253  secondary_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
6254  else
6255  secondary_exec_control = 0;
6256 
6257  if (cpu_has_tertiary_exec_ctrls())
6258  tertiary_exec_control = vmcs_read64(TERTIARY_VM_EXEC_CONTROL);
6259  else
6260  tertiary_exec_control = 0;
6261 
6262  pr_err("VMCS %p, last attempted VM-entry on CPU %d\n",
6263  vmx->loaded_vmcs->vmcs, vcpu->arch.last_vmentry_cpu);
6264  pr_err("*** Guest State ***\n");
6265  pr_err("CR0: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n",
6266  vmcs_readl(GUEST_CR0), vmcs_readl(CR0_READ_SHADOW),
6267  vmcs_readl(CR0_GUEST_HOST_MASK));
6268  pr_err("CR4: actual=0x%016lx, shadow=0x%016lx, gh_mask=%016lx\n",
6269  cr4, vmcs_readl(CR4_READ_SHADOW), vmcs_readl(CR4_GUEST_HOST_MASK));
6270  pr_err("CR3 = 0x%016lx\n", vmcs_readl(GUEST_CR3));
6271  if (cpu_has_vmx_ept()) {
6272  pr_err("PDPTR0 = 0x%016llx PDPTR1 = 0x%016llx\n",
6273  vmcs_read64(GUEST_PDPTR0), vmcs_read64(GUEST_PDPTR1));
6274  pr_err("PDPTR2 = 0x%016llx PDPTR3 = 0x%016llx\n",
6275  vmcs_read64(GUEST_PDPTR2), vmcs_read64(GUEST_PDPTR3));
6276  }
6277  pr_err("RSP = 0x%016lx RIP = 0x%016lx\n",
6278  vmcs_readl(GUEST_RSP), vmcs_readl(GUEST_RIP));
6279  pr_err("RFLAGS=0x%08lx DR7 = 0x%016lx\n",
6280  vmcs_readl(GUEST_RFLAGS), vmcs_readl(GUEST_DR7));
6281  pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n",
6282  vmcs_readl(GUEST_SYSENTER_ESP),
6283  vmcs_read32(GUEST_SYSENTER_CS), vmcs_readl(GUEST_SYSENTER_EIP));
6284  vmx_dump_sel("CS: ", GUEST_CS_SELECTOR);
6285  vmx_dump_sel("DS: ", GUEST_DS_SELECTOR);
6286  vmx_dump_sel("SS: ", GUEST_SS_SELECTOR);
6287  vmx_dump_sel("ES: ", GUEST_ES_SELECTOR);
6288  vmx_dump_sel("FS: ", GUEST_FS_SELECTOR);
6289  vmx_dump_sel("GS: ", GUEST_GS_SELECTOR);
6290  vmx_dump_dtsel("GDTR:", GUEST_GDTR_LIMIT);
6291  vmx_dump_sel("LDTR:", GUEST_LDTR_SELECTOR);
6292  vmx_dump_dtsel("IDTR:", GUEST_IDTR_LIMIT);
6293  vmx_dump_sel("TR: ", GUEST_TR_SELECTOR);
6294  efer_slot = vmx_find_loadstore_msr_slot(&vmx->msr_autoload.guest, MSR_EFER);
6295  if (vmentry_ctl & VM_ENTRY_LOAD_IA32_EFER)
6296  pr_err("EFER= 0x%016llx\n", vmcs_read64(GUEST_IA32_EFER));
6297  else if (efer_slot >= 0)
6298  pr_err("EFER= 0x%016llx (autoload)\n",
6299  vmx->msr_autoload.guest.val[efer_slot].value);
6300  else if (vmentry_ctl & VM_ENTRY_IA32E_MODE)
6301  pr_err("EFER= 0x%016llx (effective)\n",
6302  vcpu->arch.efer | (EFER_LMA | EFER_LME));
6303  else
6304  pr_err("EFER= 0x%016llx (effective)\n",
6305  vcpu->arch.efer & ~(EFER_LMA | EFER_LME));
6306  if (vmentry_ctl & VM_ENTRY_LOAD_IA32_PAT)
6307  pr_err("PAT = 0x%016llx\n", vmcs_read64(GUEST_IA32_PAT));
6308  pr_err("DebugCtl = 0x%016llx DebugExceptions = 0x%016lx\n",
6309  vmcs_read64(GUEST_IA32_DEBUGCTL),
6310  vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS));
6311  if (cpu_has_load_perf_global_ctrl() &&
6312  vmentry_ctl & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL)
6313  pr_err("PerfGlobCtl = 0x%016llx\n",
6314  vmcs_read64(GUEST_IA32_PERF_GLOBAL_CTRL));
6315  if (vmentry_ctl & VM_ENTRY_LOAD_BNDCFGS)
6316  pr_err("BndCfgS = 0x%016llx\n", vmcs_read64(GUEST_BNDCFGS));
6317  pr_err("Interruptibility = %08x ActivityState = %08x\n",
6318  vmcs_read32(GUEST_INTERRUPTIBILITY_INFO),
6319  vmcs_read32(GUEST_ACTIVITY_STATE));
6320  if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY)
6321  pr_err("InterruptStatus = %04x\n",
6322  vmcs_read16(GUEST_INTR_STATUS));
6323  if (vmcs_read32(VM_ENTRY_MSR_LOAD_COUNT) > 0)
6324  vmx_dump_msrs("guest autoload", &vmx->msr_autoload.guest);
6325  if (vmcs_read32(VM_EXIT_MSR_STORE_COUNT) > 0)
6326  vmx_dump_msrs("guest autostore", &vmx->msr_autostore.guest);
6327 
6328  pr_err("*** Host State ***\n");
6329  pr_err("RIP = 0x%016lx RSP = 0x%016lx\n",
6330  vmcs_readl(HOST_RIP), vmcs_readl(HOST_RSP));
6331  pr_err("CS=%04x SS=%04x DS=%04x ES=%04x FS=%04x GS=%04x TR=%04x\n",
6332  vmcs_read16(HOST_CS_SELECTOR), vmcs_read16(HOST_SS_SELECTOR),
6333  vmcs_read16(HOST_DS_SELECTOR), vmcs_read16(HOST_ES_SELECTOR),
6334  vmcs_read16(HOST_FS_SELECTOR), vmcs_read16(HOST_GS_SELECTOR),
6335  vmcs_read16(HOST_TR_SELECTOR));
6336  pr_err("FSBase=%016lx GSBase=%016lx TRBase=%016lx\n",
6337  vmcs_readl(HOST_FS_BASE), vmcs_readl(HOST_GS_BASE),
6338  vmcs_readl(HOST_TR_BASE));
6339  pr_err("GDTBase=%016lx IDTBase=%016lx\n",
6340  vmcs_readl(HOST_GDTR_BASE), vmcs_readl(HOST_IDTR_BASE));
6341  pr_err("CR0=%016lx CR3=%016lx CR4=%016lx\n",
6342  vmcs_readl(HOST_CR0), vmcs_readl(HOST_CR3),
6343  vmcs_readl(HOST_CR4));
6344  pr_err("Sysenter RSP=%016lx CS:RIP=%04x:%016lx\n",
6345  vmcs_readl(HOST_IA32_SYSENTER_ESP),
6346  vmcs_read32(HOST_IA32_SYSENTER_CS),
6347  vmcs_readl(HOST_IA32_SYSENTER_EIP));
6348  if (vmexit_ctl & VM_EXIT_LOAD_IA32_EFER)
6349  pr_err("EFER= 0x%016llx\n", vmcs_read64(HOST_IA32_EFER));
6350  if (vmexit_ctl & VM_EXIT_LOAD_IA32_PAT)
6351  pr_err("PAT = 0x%016llx\n", vmcs_read64(HOST_IA32_PAT));
6352  if (cpu_has_load_perf_global_ctrl() &&
6353  vmexit_ctl & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL)
6354  pr_err("PerfGlobCtl = 0x%016llx\n",
6355  vmcs_read64(HOST_IA32_PERF_GLOBAL_CTRL));
6356  if (vmcs_read32(VM_EXIT_MSR_LOAD_COUNT) > 0)
6357  vmx_dump_msrs("host autoload", &vmx->msr_autoload.host);
6358 
6359  pr_err("*** Control State ***\n");
6360  pr_err("CPUBased=0x%08x SecondaryExec=0x%08x TertiaryExec=0x%016llx\n",
6361  cpu_based_exec_ctrl, secondary_exec_control, tertiary_exec_control);
6362  pr_err("PinBased=0x%08x EntryControls=%08x ExitControls=%08x\n",
6363  pin_based_exec_ctrl, vmentry_ctl, vmexit_ctl);
6364  pr_err("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n",
6365  vmcs_read32(EXCEPTION_BITMAP),
6366  vmcs_read32(PAGE_FAULT_ERROR_CODE_MASK),
6367  vmcs_read32(PAGE_FAULT_ERROR_CODE_MATCH));
6368  pr_err("VMEntry: intr_info=%08x errcode=%08x ilen=%08x\n",
6369  vmcs_read32(VM_ENTRY_INTR_INFO_FIELD),
6370  vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE),
6371  vmcs_read32(VM_ENTRY_INSTRUCTION_LEN));
6372  pr_err("VMExit: intr_info=%08x errcode=%08x ilen=%08x\n",
6373  vmcs_read32(VM_EXIT_INTR_INFO),
6374  vmcs_read32(VM_EXIT_INTR_ERROR_CODE),
6375  vmcs_read32(VM_EXIT_INSTRUCTION_LEN));
6376  pr_err(" reason=%08x qualification=%016lx\n",
6377  vmcs_read32(VM_EXIT_REASON), vmcs_readl(EXIT_QUALIFICATION));
6378  pr_err("IDTVectoring: info=%08x errcode=%08x\n",
6379  vmcs_read32(IDT_VECTORING_INFO_FIELD),
6380  vmcs_read32(IDT_VECTORING_ERROR_CODE));
6381  pr_err("TSC Offset = 0x%016llx\n", vmcs_read64(TSC_OFFSET));
6382  if (secondary_exec_control & SECONDARY_EXEC_TSC_SCALING)
6383  pr_err("TSC Multiplier = 0x%016llx\n",
6384  vmcs_read64(TSC_MULTIPLIER));
6385  if (cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW) {
6386  if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) {
6387  u16 status = vmcs_read16(GUEST_INTR_STATUS);
6388  pr_err("SVI|RVI = %02x|%02x ", status >> 8, status & 0xff);
6389  }
6390  pr_cont("TPR Threshold = 0x%02x\n", vmcs_read32(TPR_THRESHOLD));
6391  if (secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)
6392  pr_err("APIC-access addr = 0x%016llx ", vmcs_read64(APIC_ACCESS_ADDR));
6393  pr_cont("virt-APIC addr = 0x%016llx\n", vmcs_read64(VIRTUAL_APIC_PAGE_ADDR));
6394  }
6395  if (pin_based_exec_ctrl & PIN_BASED_POSTED_INTR)
6396  pr_err("PostedIntrVec = 0x%02x\n", vmcs_read16(POSTED_INTR_NV));
6397  if ((secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT))
6398  pr_err("EPT pointer = 0x%016llx\n", vmcs_read64(EPT_POINTER));
6399  if (secondary_exec_control & SECONDARY_EXEC_PAUSE_LOOP_EXITING)
6400  pr_err("PLE Gap=%08x Window=%08x\n",
6401  vmcs_read32(PLE_GAP), vmcs_read32(PLE_WINDOW));
6402  if (secondary_exec_control & SECONDARY_EXEC_ENABLE_VPID)
6403  pr_err("Virtual processor ID = 0x%04x\n",
6404  vmcs_read16(VIRTUAL_PROCESSOR_ID));
6405 }
6406 
6407 /*
6408  * The guest has exited. See if we can fix it or if we need userspace
6409  * assistance.
6410  */
6411 static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
6412 {
6413  struct vcpu_vmx *vmx = to_vmx(vcpu);
6414  union vmx_exit_reason exit_reason = vmx->exit_reason;
6415  u32 vectoring_info = vmx->idt_vectoring_info;
6416  u16 exit_handler_index;
6417 
6418  /*
6419  * Flush logged GPAs PML buffer, this will make dirty_bitmap more
6420  * updated. Another good is, in kvm_vm_ioctl_get_dirty_log, before
6421  * querying dirty_bitmap, we only need to kick all vcpus out of guest
6422  * mode as if vcpus is in root mode, the PML buffer must has been
6423  * flushed already. Note, PML is never enabled in hardware while
6424  * running L2.
6425  */
6426  if (enable_pml && !is_guest_mode(vcpu))
6427  vmx_flush_pml_buffer(vcpu);
6428 
6429  /*
6430  * KVM should never reach this point with a pending nested VM-Enter.
6431  * More specifically, short-circuiting VM-Entry to emulate L2 due to
6432  * invalid guest state should never happen as that means KVM knowingly
6433  * allowed a nested VM-Enter with an invalid vmcs12. More below.
6434  */
6435  if (KVM_BUG_ON(vmx->nested.nested_run_pending, vcpu->kvm))
6436  return -EIO;
6437 
6438  if (is_guest_mode(vcpu)) {
6439  /*
6440  * PML is never enabled when running L2, bail immediately if a
6441  * PML full exit occurs as something is horribly wrong.
6442  */
6443  if (exit_reason.basic == EXIT_REASON_PML_FULL)
6444  goto unexpected_vmexit;
6445 
6446  /*
6447  * The host physical addresses of some pages of guest memory
6448  * are loaded into the vmcs02 (e.g. vmcs12's Virtual APIC
6449  * Page). The CPU may write to these pages via their host
6450  * physical address while L2 is running, bypassing any
6451  * address-translation-based dirty tracking (e.g. EPT write
6452  * protection).
6453  *
6454  * Mark them dirty on every exit from L2 to prevent them from
6455  * getting out of sync with dirty tracking.
6456  */
6457  nested_mark_vmcs12_pages_dirty(vcpu);
6458 
6459  /*
6460  * Synthesize a triple fault if L2 state is invalid. In normal
6461  * operation, nested VM-Enter rejects any attempt to enter L2
6462  * with invalid state. However, those checks are skipped if
6463  * state is being stuffed via RSM or KVM_SET_NESTED_STATE. If
6464  * L2 state is invalid, it means either L1 modified SMRAM state
6465  * or userspace provided bad state. Synthesize TRIPLE_FAULT as
6466  * doing so is architecturally allowed in the RSM case, and is
6467  * the least awful solution for the userspace case without
6468  * risking false positives.
6469  */
6470  if (vmx->emulation_required) {
6471  nested_vmx_vmexit(vcpu, EXIT_REASON_TRIPLE_FAULT, 0, 0);
6472  return 1;
6473  }
6474 
6475  if (nested_vmx_reflect_vmexit(vcpu))
6476  return 1;
6477  }
6478 
6479  /* If guest state is invalid, start emulating. L2 is handled above. */
6480  if (vmx->emulation_required)
6481  return handle_invalid_guest_state(vcpu);
6482 
6483  if (exit_reason.failed_vmentry) {
6484  dump_vmcs(vcpu);
6485  vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
6486  vcpu->run->fail_entry.hardware_entry_failure_reason
6487  = exit_reason.full;
6488  vcpu->run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
6489  return 0;
6490  }
6491 
6492  if (unlikely(vmx->fail)) {
6493  dump_vmcs(vcpu);
6494  vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
6495  vcpu->run->fail_entry.hardware_entry_failure_reason
6496  = vmcs_read32(VM_INSTRUCTION_ERROR);
6497  vcpu->run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
6498  return 0;
6499  }
6500 
6501  /*
6502  * Note:
6503  * Do not try to fix EXIT_REASON_EPT_MISCONFIG if it caused by
6504  * delivery event since it indicates guest is accessing MMIO.
6505  * The vm-exit can be triggered again after return to guest that
6506  * will cause infinite loop.
6507  */
6508  if ((vectoring_info & VECTORING_INFO_VALID_MASK) &&
6509  (exit_reason.basic != EXIT_REASON_EXCEPTION_NMI &&
6510  exit_reason.basic != EXIT_REASON_EPT_VIOLATION &&
6511  exit_reason.basic != EXIT_REASON_PML_FULL &&
6512  exit_reason.basic != EXIT_REASON_APIC_ACCESS &&
6513  exit_reason.basic != EXIT_REASON_TASK_SWITCH &&
6514  exit_reason.basic != EXIT_REASON_NOTIFY)) {
6515  int ndata = 3;
6516 
6517  vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
6518  vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV;
6519  vcpu->run->internal.data[0] = vectoring_info;
6520  vcpu->run->internal.data[1] = exit_reason.full;
6521  vcpu->run->internal.data[2] = vcpu->arch.exit_qualification;
6522  if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG) {
6523  vcpu->run->internal.data[ndata++] =
6524  vmcs_read64(GUEST_PHYSICAL_ADDRESS);
6525  }
6526  vcpu->run->internal.data[ndata++] = vcpu->arch.last_vmentry_cpu;
6527  vcpu->run->internal.ndata = ndata;
6528  return 0;
6529  }
6530 
6531  if (unlikely(!enable_vnmi &&
6532  vmx->loaded_vmcs->soft_vnmi_blocked)) {
6533  if (!vmx_interrupt_blocked(vcpu)) {
6534  vmx->loaded_vmcs->soft_vnmi_blocked = 0;
6535  } else if (vmx->loaded_vmcs->vnmi_blocked_time > 1000000000LL &&
6536  vcpu->arch.nmi_pending) {
6537  /*
6538  * This CPU don't support us in finding the end of an
6539  * NMI-blocked window if the guest runs with IRQs
6540  * disabled. So we pull the trigger after 1 s of
6541  * futile waiting, but inform the user about this.
6542  */
6543  printk(KERN_WARNING "%s: Breaking out of NMI-blocked "
6544  "state on VCPU %d after 1 s timeout\n",
6545  __func__, vcpu->vcpu_id);
6546  vmx->loaded_vmcs->soft_vnmi_blocked = 0;
6547  }
6548  }
6549 
6550  if (exit_fastpath != EXIT_FASTPATH_NONE)
6551  return 1;
6552 
6553  if (exit_reason.basic >= kvm_vmx_max_exit_handlers)
6554  goto unexpected_vmexit;
6555 #ifdef CONFIG_RETPOLINE
6556  if (exit_reason.basic == EXIT_REASON_MSR_WRITE)
6557  return kvm_emulate_wrmsr(vcpu);
6558  else if (exit_reason.basic == EXIT_REASON_PREEMPTION_TIMER)
6559  return handle_preemption_timer(vcpu);
6560  else if (exit_reason.basic == EXIT_REASON_INTERRUPT_WINDOW)
6561  return handle_interrupt_window(vcpu);
6562  else if (exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
6563  return handle_external_interrupt(vcpu);
6564  else if (exit_reason.basic == EXIT_REASON_HLT)
6565  return kvm_emulate_halt(vcpu);
6566  else if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG)
6567  return handle_ept_misconfig(vcpu);
6568 #endif
6569 
6570  exit_handler_index = array_index_nospec((u16)exit_reason.basic,
6571  kvm_vmx_max_exit_handlers);
6572  if (!kvm_vmx_exit_handlers[exit_handler_index])
6573  goto unexpected_vmexit;
6574 
6575  return kvm_vmx_exit_handlers[exit_handler_index](vcpu);
6576 
6577 unexpected_vmexit:
6578  vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n",
6579  exit_reason.full);
6580  dump_vmcs(vcpu);
6581  vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
6582  vcpu->run->internal.suberror =
6583  KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
6584  vcpu->run->internal.ndata = 2;
6585  vcpu->run->internal.data[0] = exit_reason.full;
6586  vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
6587  return 0;
6588 }
6589 
6590 static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
6591 {
6592  int ret = __vmx_handle_exit(vcpu, exit_fastpath);
6593 
6594  /*
6595  * Exit to user space when bus lock detected to inform that there is
6596  * a bus lock in guest.
6597  */
6598  if (to_vmx(vcpu)->exit_reason.bus_lock_detected) {
6599  if (ret > 0)
6600  vcpu->run->exit_reason = KVM_EXIT_X86_BUS_LOCK;
6601 
6602  vcpu->run->flags |= KVM_RUN_X86_BUS_LOCK;
6603  return 0;
6604  }
6605  return ret;
6606 }
6607 
6608 /*
6609  * Software based L1D cache flush which is used when microcode providing
6610  * the cache control MSR is not loaded.
6611  *
6612  * The L1D cache is 32 KiB on Nehalem and later microarchitectures, but to
6613  * flush it is required to read in 64 KiB because the replacement algorithm
6614  * is not exactly LRU. This could be sized at runtime via topology
6615  * information but as all relevant affected CPUs have 32KiB L1D cache size
6616  * there is no point in doing so.
6617  */
6618 static noinstr void vmx_l1d_flush(struct kvm_vcpu *vcpu)
6619 {
6620  int size = PAGE_SIZE << L1D_CACHE_ORDER;
6621 
6622  /*
6623  * This code is only executed when the flush mode is 'cond' or
6624  * 'always'
6625  */
6626  if (static_branch_likely(&vmx_l1d_flush_cond)) {
6627  bool flush_l1d;
6628 
6629  /*
6630  * Clear the per-vcpu flush bit, it gets set again
6631  * either from vcpu_run() or from one of the unsafe
6632  * VMEXIT handlers.
6633  */
6634  flush_l1d = vcpu->arch.l1tf_flush_l1d;
6635  vcpu->arch.l1tf_flush_l1d = false;
6636 
6637  /*
6638  * Clear the per-cpu flush bit, it gets set again from
6639  * the interrupt handlers.
6640  */
6641  flush_l1d |= kvm_get_cpu_l1tf_flush_l1d();
6642  kvm_clear_cpu_l1tf_flush_l1d();
6643 
6644  if (!flush_l1d)
6645  return;
6646  }
6647 
6648  vcpu->stat.l1d_flush++;
6649 
6650  if (static_cpu_has(X86_FEATURE_FLUSH_L1D)) {
6651  native_wrmsrl(MSR_IA32_FLUSH_CMD, L1D_FLUSH);
6652  return;
6653  }
6654 
6655  asm volatile(
6656  /* First ensure the pages are in the TLB */
6657  "xorl %%eax, %%eax\n"
6658  ".Lpopulate_tlb:\n\t"
6659  "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t"
6660  "addl $4096, %%eax\n\t"
6661  "cmpl %%eax, %[size]\n\t"
6662  "jne .Lpopulate_tlb\n\t"
6663  "xorl %%eax, %%eax\n\t"
6664  "cpuid\n\t"
6665  /* Now fill the cache */
6666  "xorl %%eax, %%eax\n"
6667  ".Lfill_cache:\n"
6668  "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t"
6669  "addl $64, %%eax\n\t"
6670  "cmpl %%eax, %[size]\n\t"
6671  "jne .Lfill_cache\n\t"
6672  "lfence\n"
6673  :: [flush_pages] "r" (vmx_l1d_flush_pages),
6674  [size] "r" (size)
6675  : "eax", "ebx", "ecx", "edx");
6676 }
6677 
6678 static void vmx_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
6679 {
6680  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
6681  int tpr_threshold;
6682 
6683  if (is_guest_mode(vcpu) &&
6684  nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW))
6685  return;
6686 
6687  tpr_threshold = (irr == -1 || tpr < irr) ? 0 : irr;
6688  if (is_guest_mode(vcpu))
6689  to_vmx(vcpu)->nested.l1_tpr_threshold = tpr_threshold;
6690  else
6691  vmcs_write32(TPR_THRESHOLD, tpr_threshold);
6692 }
6693 
6694 void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu)
6695 {
6696  struct vcpu_vmx *vmx = to_vmx(vcpu);
6697  u32 sec_exec_control;
6698 
6699  if (!lapic_in_kernel(vcpu))
6700  return;
6701 
6702  if (!flexpriority_enabled &&
6703  !cpu_has_vmx_virtualize_x2apic_mode())
6704  return;
6705 
6706  /* Postpone execution until vmcs01 is the current VMCS. */
6707  if (is_guest_mode(vcpu)) {
6708  vmx->nested.change_vmcs01_virtual_apic_mode = true;
6709  return;
6710  }
6711 
6712  sec_exec_control = secondary_exec_controls_get(vmx);
6713  sec_exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
6714  SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE);
6715 
6716  switch (kvm_get_apic_mode(vcpu)) {
6717  case LAPIC_MODE_INVALID:
6718  WARN_ONCE(true, "Invalid local APIC state");
6719  break;
6720  case LAPIC_MODE_DISABLED:
6721  break;
6722  case LAPIC_MODE_XAPIC:
6723  if (flexpriority_enabled) {
6724  sec_exec_control |=
6725  SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
6726  kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
6727 
6728  /*
6729  * Flush the TLB, reloading the APIC access page will
6730  * only do so if its physical address has changed, but
6731  * the guest may have inserted a non-APIC mapping into
6732  * the TLB while the APIC access page was disabled.
6733  */
6734  kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu);
6735  }
6736  break;
6737  case LAPIC_MODE_X2APIC:
6738  if (cpu_has_vmx_virtualize_x2apic_mode())
6739  sec_exec_control |=
6740  SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
6741  break;
6742  }
6743  secondary_exec_controls_set(vmx, sec_exec_control);
6744 
6745  vmx_update_msr_bitmap_x2apic(vcpu);
6746 }
6747 
6748 static void vmx_set_apic_access_page_addr(struct kvm_vcpu *vcpu)
6749 {
6750  const gfn_t gfn = APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT;
6751  struct kvm *kvm = vcpu->kvm;
6752  struct kvm_memslots *slots = kvm_memslots(kvm);
6753  struct kvm_memory_slot *slot;
6754  unsigned long mmu_seq;
6755  kvm_pfn_t pfn;
6756 
6757  /* Defer reload until vmcs01 is the current VMCS. */
6758  if (is_guest_mode(vcpu)) {
6759  to_vmx(vcpu)->nested.reload_vmcs01_apic_access_page = true;
6760  return;
6761  }
6762 
6763  if (!(secondary_exec_controls_get(to_vmx(vcpu)) &
6764  SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES))
6765  return;
6766 
6767  /*
6768  * Explicitly grab the memslot using KVM's internal slot ID to ensure
6769  * KVM doesn't unintentionally grab a userspace memslot. It _should_
6770  * be impossible for userspace to create a memslot for the APIC when
6771  * APICv is enabled, but paranoia won't hurt in this case.
6772  */
6773  slot = id_to_memslot(slots, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT);
6774  if (!slot || slot->flags & KVM_MEMSLOT_INVALID)
6775  return;
6776 
6777  /*
6778  * Ensure that the mmu_notifier sequence count is read before KVM
6779  * retrieves the pfn from the primary MMU. Note, the memslot is
6780  * protected by SRCU, not the mmu_notifier. Pairs with the smp_wmb()
6781  * in kvm_mmu_invalidate_end().
6782  */
6783  mmu_seq = kvm->mmu_invalidate_seq;
6784  smp_rmb();
6785 
6786  /*
6787  * No need to retry if the memslot does not exist or is invalid. KVM
6788  * controls the APIC-access page memslot, and only deletes the memslot
6789  * if APICv is permanently inhibited, i.e. the memslot won't reappear.
6790  */
6791  pfn = gfn_to_pfn_memslot(slot, gfn);
6792  if (is_error_noslot_pfn(pfn))
6793  return;
6794 
6795  read_lock(&vcpu->kvm->mmu_lock);
6796  if (mmu_invalidate_retry_gfn(kvm, mmu_seq, gfn)) {
6797  kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
6798  read_unlock(&vcpu->kvm->mmu_lock);
6799  goto out;
6800  }
6801 
6802  vmcs_write64(APIC_ACCESS_ADDR, pfn_to_hpa(pfn));
6803  read_unlock(&vcpu->kvm->mmu_lock);
6804 
6805  /*
6806  * No need for a manual TLB flush at this point, KVM has already done a
6807  * flush if there were SPTEs pointing at the previous page.
6808  */
6809 out:
6810  /*
6811  * Do not pin apic access page in memory, the MMU notifier
6812  * will call us again if it is migrated or swapped out.
6813  */
6814  kvm_release_pfn_clean(pfn);
6815 }
6816 
6817 static void vmx_hwapic_isr_update(int max_isr)
6818 {
6819  u16 status;
6820  u8 old;
6821 
6822  if (max_isr == -1)
6823  max_isr = 0;
6824 
6825  status = vmcs_read16(GUEST_INTR_STATUS);
6826  old = status >> 8;
6827  if (max_isr != old) {
6828  status &= 0xff;
6829  status |= max_isr << 8;
6830  vmcs_write16(GUEST_INTR_STATUS, status);
6831  }
6832 }
6833 
6834 static void vmx_set_rvi(int vector)
6835 {
6836  u16 status;
6837  u8 old;
6838 
6839  if (vector == -1)
6840  vector = 0;
6841 
6842  status = vmcs_read16(GUEST_INTR_STATUS);
6843  old = (u8)status & 0xff;
6844  if ((u8)vector != old) {
6845  status &= ~0xff;
6846  status |= (u8)vector;
6847  vmcs_write16(GUEST_INTR_STATUS, status);
6848  }
6849 }
6850 
6851 static void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr)
6852 {
6853  /*
6854  * When running L2, updating RVI is only relevant when
6855  * vmcs12 virtual-interrupt-delivery enabled.
6856  * However, it can be enabled only when L1 also
6857  * intercepts external-interrupts and in that case
6858  * we should not update vmcs02 RVI but instead intercept
6859  * interrupt. Therefore, do nothing when running L2.
6860  */
6861  if (!is_guest_mode(vcpu))
6862  vmx_set_rvi(max_irr);
6863 }
6864 
6865 static int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu)
6866 {
6867  struct vcpu_vmx *vmx = to_vmx(vcpu);
6868  int max_irr;
6869  bool got_posted_interrupt;
6870 
6871  if (KVM_BUG_ON(!enable_apicv, vcpu->kvm))
6872  return -EIO;
6873 
6874  if (pi_test_on(&vmx->pi_desc)) {
6875  pi_clear_on(&vmx->pi_desc);
6876  /*
6877  * IOMMU can write to PID.ON, so the barrier matters even on UP.
6878  * But on x86 this is just a compiler barrier anyway.
6879  */
6880  smp_mb__after_atomic();
6881  got_posted_interrupt =
6882  kvm_apic_update_irr(vcpu, vmx->pi_desc.pir, &max_irr);
6883  } else {
6884  max_irr = kvm_lapic_find_highest_irr(vcpu);
6885  got_posted_interrupt = false;
6886  }
6887 
6888  /*
6889  * Newly recognized interrupts are injected via either virtual interrupt
6890  * delivery (RVI) or KVM_REQ_EVENT. Virtual interrupt delivery is
6891  * disabled in two cases:
6892  *
6893  * 1) If L2 is running and the vCPU has a new pending interrupt. If L1
6894  * wants to exit on interrupts, KVM_REQ_EVENT is needed to synthesize a
6895  * VM-Exit to L1. If L1 doesn't want to exit, the interrupt is injected
6896  * into L2, but KVM doesn't use virtual interrupt delivery to inject
6897  * interrupts into L2, and so KVM_REQ_EVENT is again needed.
6898  *
6899  * 2) If APICv is disabled for this vCPU, assigned devices may still
6900  * attempt to post interrupts. The posted interrupt vector will cause
6901  * a VM-Exit and the subsequent entry will call sync_pir_to_irr.
6902  */
6903  if (!is_guest_mode(vcpu) && kvm_vcpu_apicv_active(vcpu))
6904  vmx_set_rvi(max_irr);
6905  else if (got_posted_interrupt)
6906  kvm_make_request(KVM_REQ_EVENT, vcpu);
6907 
6908  return max_irr;
6909 }
6910 
6911 static void vmx_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
6912 {
6913  if (!kvm_vcpu_apicv_active(vcpu))
6914  return;
6915 
6916  vmcs_write64(EOI_EXIT_BITMAP0, eoi_exit_bitmap[0]);
6917  vmcs_write64(EOI_EXIT_BITMAP1, eoi_exit_bitmap[1]);
6918  vmcs_write64(EOI_EXIT_BITMAP2, eoi_exit_bitmap[2]);
6919  vmcs_write64(EOI_EXIT_BITMAP3, eoi_exit_bitmap[3]);
6920 }
6921 
6922 static void vmx_apicv_pre_state_restore(struct kvm_vcpu *vcpu)
6923 {
6924  struct vcpu_vmx *vmx = to_vmx(vcpu);
6925 
6926  pi_clear_on(&vmx->pi_desc);
6927  memset(vmx->pi_desc.pir, 0, sizeof(vmx->pi_desc.pir));
6928 }
6929 
6930 void vmx_do_interrupt_irqoff(unsigned long entry);
6931 void vmx_do_nmi_irqoff(void);
6932 
6933 static void handle_nm_fault_irqoff(struct kvm_vcpu *vcpu)
6934 {
6935  /*
6936  * Save xfd_err to guest_fpu before interrupt is enabled, so the
6937  * MSR value is not clobbered by the host activity before the guest
6938  * has chance to consume it.
6939  *
6940  * Do not blindly read xfd_err here, since this exception might
6941  * be caused by L1 interception on a platform which doesn't
6942  * support xfd at all.
6943  *
6944  * Do it conditionally upon guest_fpu::xfd. xfd_err matters
6945  * only when xfd contains a non-zero value.
6946  *
6947  * Queuing exception is done in vmx_handle_exit. See comment there.
6948  */
6949  if (vcpu->arch.guest_fpu.fpstate->xfd)
6950  rdmsrl(MSR_IA32_XFD_ERR, vcpu->arch.guest_fpu.xfd_err);
6951 }
6952 
6953 static void handle_exception_irqoff(struct vcpu_vmx *vmx)
6954 {
6955  u32 intr_info = vmx_get_intr_info(&vmx->vcpu);
6956 
6957  /* if exit due to PF check for async PF */
6958  if (is_page_fault(intr_info))
6959  vmx->vcpu.arch.apf.host_apf_flags = kvm_read_and_reset_apf_flags();
6960  /* if exit due to NM, handle before interrupts are enabled */
6961  else if (is_nm_fault(intr_info))
6962  handle_nm_fault_irqoff(&vmx->vcpu);
6963  /* Handle machine checks before interrupts are enabled */
6964  else if (is_machine_check(intr_info))
6965  kvm_machine_check();
6966 }
6967 
6968 static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu)
6969 {
6970  u32 intr_info = vmx_get_intr_info(vcpu);
6971  unsigned int vector = intr_info & INTR_INFO_VECTOR_MASK;
6972  gate_desc *desc = (gate_desc *)host_idt_base + vector;
6973 
6974  if (KVM_BUG(!is_external_intr(intr_info), vcpu->kvm,
6975  "unexpected VM-Exit interrupt info: 0x%x", intr_info))
6976  return;
6977 
6978  kvm_before_interrupt(vcpu, KVM_HANDLING_IRQ);
6979  vmx_do_interrupt_irqoff(gate_offset(desc));
6980  kvm_after_interrupt(vcpu);
6981 
6982  vcpu->arch.at_instruction_boundary = true;
6983 }
6984 
6985 static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu)
6986 {
6987  struct vcpu_vmx *vmx = to_vmx(vcpu);
6988 
6989  if (vmx->emulation_required)
6990  return;
6991 
6992  if (vmx->exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
6993  handle_external_interrupt_irqoff(vcpu);
6994  else if (vmx->exit_reason.basic == EXIT_REASON_EXCEPTION_NMI)
6995  handle_exception_irqoff(vmx);
6996 }
6997 
6998 /*
6999  * The kvm parameter can be NULL (module initialization, or invocation before
7000  * VM creation). Be sure to check the kvm parameter before using it.
7001  */
7002 static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index)
7003 {
7004  switch (index) {
7005  case MSR_IA32_SMBASE:
7006  if (!IS_ENABLED(CONFIG_KVM_SMM))
7007  return false;
7008  /*
7009  * We cannot do SMM unless we can run the guest in big
7010  * real mode.
7011  */
7012  return enable_unrestricted_guest || emulate_invalid_guest_state;
7013  case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
7014  return nested;
7015  case MSR_AMD64_VIRT_SPEC_CTRL:
7016  case MSR_AMD64_TSC_RATIO:
7017  /* This is AMD only. */
7018  return false;
7019  default:
7020  return true;
7021  }
7022 }
7023 
7024 static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)
7025 {
7026  u32 exit_intr_info;
7027  bool unblock_nmi;
7028  u8 vector;
7029  bool idtv_info_valid;
7030 
7031  idtv_info_valid = vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK;
7032 
7033  if (enable_vnmi) {
7034  if (vmx->loaded_vmcs->nmi_known_unmasked)
7035  return;
7036 
7037  exit_intr_info = vmx_get_intr_info(&vmx->vcpu);
7038  unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0;
7039  vector = exit_intr_info & INTR_INFO_VECTOR_MASK;
7040  /*
7041  * SDM 3: 27.7.1.2 (September 2008)
7042  * Re-set bit "block by NMI" before VM entry if vmexit caused by
7043  * a guest IRET fault.
7044  * SDM 3: 23.2.2 (September 2008)
7045  * Bit 12 is undefined in any of the following cases:
7046  * If the VM exit sets the valid bit in the IDT-vectoring
7047  * information field.
7048  * If the VM exit is due to a double fault.
7049  */
7050  if ((exit_intr_info & INTR_INFO_VALID_MASK) && unblock_nmi &&
7051  vector != DF_VECTOR && !idtv_info_valid)
7052  vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
7053  GUEST_INTR_STATE_NMI);
7054  else
7055  vmx->loaded_vmcs->nmi_known_unmasked =
7056  !(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO)
7057  & GUEST_INTR_STATE_NMI);
7058  } else if (unlikely(vmx->loaded_vmcs->soft_vnmi_blocked))
7059  vmx->loaded_vmcs->vnmi_blocked_time +=
7060  ktime_to_ns(ktime_sub(ktime_get(),
7061  vmx->loaded_vmcs->entry_time));
7062 }
7063 
7064 static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu,
7065  u32 idt_vectoring_info,
7066  int instr_len_field,
7067  int error_code_field)
7068 {
7069  u8 vector;
7070  int type;
7071  bool idtv_info_valid;
7072 
7073  idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK;
7074 
7075  vcpu->arch.nmi_injected = false;
7076  kvm_clear_exception_queue(vcpu);
7077  kvm_clear_interrupt_queue(vcpu);
7078 
7079  if (!idtv_info_valid)
7080  return;
7081 
7082  kvm_make_request(KVM_REQ_EVENT, vcpu);
7083 
7084  vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK;
7085  type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK;
7086 
7087  switch (type) {
7088  case INTR_TYPE_NMI_INTR:
7089  vcpu->arch.nmi_injected = true;
7090  /*
7091  * SDM 3: 27.7.1.2 (September 2008)
7092  * Clear bit "block by NMI" before VM entry if a NMI
7093  * delivery faulted.
7094  */
7095  vmx_set_nmi_mask(vcpu, false);
7096  break;
7097  case INTR_TYPE_SOFT_EXCEPTION:
7098  vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field);
7099  fallthrough;
7100  case INTR_TYPE_HARD_EXCEPTION:
7101  if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) {
7102  u32 err = vmcs_read32(error_code_field);
7103  kvm_requeue_exception_e(vcpu, vector, err);
7104  } else
7105  kvm_requeue_exception(vcpu, vector);
7106  break;
7107  case INTR_TYPE_SOFT_INTR:
7108  vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field);
7109  fallthrough;
7110  case INTR_TYPE_EXT_INTR:
7111  kvm_queue_interrupt(vcpu, vector, type == INTR_TYPE_SOFT_INTR);
7112  break;
7113  default:
7114  break;
7115  }
7116 }
7117 
7118 static void vmx_complete_interrupts(struct vcpu_vmx *vmx)
7119 {
7120  __vmx_complete_interrupts(&vmx->vcpu, vmx->idt_vectoring_info,
7121  VM_EXIT_INSTRUCTION_LEN,
7122  IDT_VECTORING_ERROR_CODE);
7123 }
7124 
7125 static void vmx_cancel_injection(struct kvm_vcpu *vcpu)
7126 {
7127  __vmx_complete_interrupts(vcpu,
7128  vmcs_read32(VM_ENTRY_INTR_INFO_FIELD),
7129  VM_ENTRY_INSTRUCTION_LEN,
7130  VM_ENTRY_EXCEPTION_ERROR_CODE);
7131 
7132  vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0);
7133 }
7134 
7135 static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
7136 {
7137  int i, nr_msrs;
7138  struct perf_guest_switch_msr *msrs;
7139  struct kvm_pmu *pmu = vcpu_to_pmu(&vmx->vcpu);
7140 
7141  pmu->host_cross_mapped_mask = 0;
7142  if (pmu->pebs_enable & pmu->global_ctrl)
7143  intel_pmu_cross_mapped_check(pmu);
7144 
7145  /* Note, nr_msrs may be garbage if perf_guest_get_msrs() returns NULL. */
7146  msrs = perf_guest_get_msrs(&nr_msrs, (void *)pmu);
7147  if (!msrs)
7148  return;
7149 
7150  for (i = 0; i < nr_msrs; i++)
7151  if (msrs[i].host == msrs[i].guest)
7152  clear_atomic_switch_msr(vmx, msrs[i].msr);
7153  else
7154  add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest,
7155  msrs[i].host, false);
7156 }
7157 
7158 static void vmx_update_hv_timer(struct kvm_vcpu *vcpu)
7159 {
7160  struct vcpu_vmx *vmx = to_vmx(vcpu);
7161  u64 tscl;
7162  u32 delta_tsc;
7163 
7164  if (vmx->req_immediate_exit) {
7165  vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, 0);
7166  vmx->loaded_vmcs->hv_timer_soft_disabled = false;
7167  } else if (vmx->hv_deadline_tsc != -1) {
7168  tscl = rdtsc();
7169  if (vmx->hv_deadline_tsc > tscl)
7170  /* set_hv_timer ensures the delta fits in 32-bits */
7171  delta_tsc = (u32)((vmx->hv_deadline_tsc - tscl) >>
7172  cpu_preemption_timer_multi);
7173  else
7174  delta_tsc = 0;
7175 
7176  vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, delta_tsc);
7177  vmx->loaded_vmcs->hv_timer_soft_disabled = false;
7178  } else if (!vmx->loaded_vmcs->hv_timer_soft_disabled) {
7179  vmcs_write32(VMX_PREEMPTION_TIMER_VALUE, -1);
7180  vmx->loaded_vmcs->hv_timer_soft_disabled = true;
7181  }
7182 }
7183 
7184 void noinstr vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp)
7185 {
7186  if (unlikely(host_rsp != vmx->loaded_vmcs->host_state.rsp)) {
7187  vmx->loaded_vmcs->host_state.rsp = host_rsp;
7188  vmcs_writel(HOST_RSP, host_rsp);
7189  }
7190 }
7191 
7192 void noinstr vmx_spec_ctrl_restore_host(struct vcpu_vmx *vmx,
7193  unsigned int flags)
7194 {
7195  u64 hostval = this_cpu_read(x86_spec_ctrl_current);
7196 
7197  if (!cpu_feature_enabled(X86_FEATURE_MSR_SPEC_CTRL))
7198  return;
7199 
7200  if (flags & VMX_RUN_SAVE_SPEC_CTRL)
7201  vmx->spec_ctrl = __rdmsr(MSR_IA32_SPEC_CTRL);
7202 
7203  /*
7204  * If the guest/host SPEC_CTRL values differ, restore the host value.
7205  *
7206  * For legacy IBRS, the IBRS bit always needs to be written after
7207  * transitioning from a less privileged predictor mode, regardless of
7208  * whether the guest/host values differ.
7209  */
7210  if (cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS) ||
7211  vmx->spec_ctrl != hostval)
7212  native_wrmsrl(MSR_IA32_SPEC_CTRL, hostval);
7213 
7214  barrier_nospec();
7215 }
7216 
7217 static fastpath_t vmx_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
7218 {
7219  switch (to_vmx(vcpu)->exit_reason.basic) {
7220  case EXIT_REASON_MSR_WRITE:
7221  return handle_fastpath_set_msr_irqoff(vcpu);
7222  case EXIT_REASON_PREEMPTION_TIMER:
7223  return handle_fastpath_preemption_timer(vcpu);
7224  default:
7225  return EXIT_FASTPATH_NONE;
7226  }
7227 }
7228 
7229 static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu,
7230  unsigned int flags)
7231 {
7232  struct vcpu_vmx *vmx = to_vmx(vcpu);
7233 
7234  guest_state_enter_irqoff();
7235 
7236  /*
7237  * L1D Flush includes CPU buffer clear to mitigate MDS, but VERW
7238  * mitigation for MDS is done late in VMentry and is still
7239  * executed in spite of L1D Flush. This is because an extra VERW
7240  * should not matter much after the big hammer L1D Flush.
7241  */
7242  if (static_branch_unlikely(&vmx_l1d_should_flush))
7243  vmx_l1d_flush(vcpu);
7244  else if (static_branch_unlikely(&mmio_stale_data_clear) &&
7245  kvm_arch_has_assigned_device(vcpu->kvm))
7246  mds_clear_cpu_buffers();
7247 
7248  vmx_disable_fb_clear(vmx);
7249 
7250  if (vcpu->arch.cr2 != native_read_cr2())
7251  native_write_cr2(vcpu->arch.cr2);
7252 
7253  vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs,
7254  flags);
7255 
7256  vcpu->arch.cr2 = native_read_cr2();
7257  vcpu->arch.regs_avail &= ~VMX_REGS_LAZY_LOAD_SET;
7258 
7259  vmx->idt_vectoring_info = 0;
7260 
7261  vmx_enable_fb_clear(vmx);
7262 
7263  if (unlikely(vmx->fail)) {
7264  vmx->exit_reason.full = 0xdead;
7265  goto out;
7266  }
7267 
7268  vmx->exit_reason.full = vmcs_read32(VM_EXIT_REASON);
7269  if (likely(!vmx->exit_reason.failed_vmentry))
7270  vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD);
7271 
7272  if ((u16)vmx->exit_reason.basic == EXIT_REASON_EXCEPTION_NMI &&
7273  is_nmi(vmx_get_intr_info(vcpu))) {
7274  kvm_before_interrupt(vcpu, KVM_HANDLING_NMI);
7275  vmx_do_nmi_irqoff();
7276  kvm_after_interrupt(vcpu);
7277  }
7278 
7279 out:
7280  guest_state_exit_irqoff();
7281 }
7282 
7283 static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu)
7284 {
7285  struct vcpu_vmx *vmx = to_vmx(vcpu);
7286  unsigned long cr3, cr4;
7287 
7288  /* Record the guest's net vcpu time for enforced NMI injections. */
7289  if (unlikely(!enable_vnmi &&
7290  vmx->loaded_vmcs->soft_vnmi_blocked))
7291  vmx->loaded_vmcs->entry_time = ktime_get();
7292 
7293  /*
7294  * Don't enter VMX if guest state is invalid, let the exit handler
7295  * start emulation until we arrive back to a valid state. Synthesize a
7296  * consistency check VM-Exit due to invalid guest state and bail.
7297  */
7298  if (unlikely(vmx->emulation_required)) {
7299  vmx->fail = 0;
7300 
7301  vmx->exit_reason.full = EXIT_REASON_INVALID_STATE;
7302  vmx->exit_reason.failed_vmentry = 1;
7303  kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_1);
7304  vmx->exit_qualification = ENTRY_FAIL_DEFAULT;
7305  kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_2);
7306  vmx->exit_intr_info = 0;
7307  return EXIT_FASTPATH_NONE;
7308  }
7309 
7310  trace_kvm_entry(vcpu);
7311 
7312  if (vmx->ple_window_dirty) {
7313  vmx->ple_window_dirty = false;
7314  vmcs_write32(PLE_WINDOW, vmx->ple_window);
7315  }
7316 
7317  /*
7318  * We did this in prepare_switch_to_guest, because it needs to
7319  * be within srcu_read_lock.
7320  */
7321  WARN_ON_ONCE(vmx->nested.need_vmcs12_to_shadow_sync);
7322 
7323  if (kvm_register_is_dirty(vcpu, VCPU_REGS_RSP))
7324  vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
7325  if (kvm_register_is_dirty(vcpu, VCPU_REGS_RIP))
7326  vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
7327  vcpu->arch.regs_dirty = 0;
7328 
7329  /*
7330  * Refresh vmcs.HOST_CR3 if necessary. This must be done immediately
7331  * prior to VM-Enter, as the kernel may load a new ASID (PCID) any time
7332  * it switches back to the current->mm, which can occur in KVM context
7333  * when switching to a temporary mm to patch kernel code, e.g. if KVM
7334  * toggles a static key while handling a VM-Exit.
7335  */
7336  cr3 = __get_current_cr3_fast();
7337  if (unlikely(cr3 != vmx->loaded_vmcs->host_state.cr3)) {
7338  vmcs_writel(HOST_CR3, cr3);
7339  vmx->loaded_vmcs->host_state.cr3 = cr3;
7340  }
7341 
7342  cr4 = cr4_read_shadow();
7343  if (unlikely(cr4 != vmx->loaded_vmcs->host_state.cr4)) {
7344  vmcs_writel(HOST_CR4, cr4);
7345  vmx->loaded_vmcs->host_state.cr4 = cr4;
7346  }
7347 
7348  /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */
7349  if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))
7350  set_debugreg(vcpu->arch.dr6, 6);
7351 
7352  /* When single-stepping over STI and MOV SS, we must clear the
7353  * corresponding interruptibility bits in the guest state. Otherwise
7354  * vmentry fails as it then expects bit 14 (BS) in pending debug
7355  * exceptions being set, but that's not correct for the guest debugging
7356  * case. */
7357  if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
7358  vmx_set_interrupt_shadow(vcpu, 0);
7359 
7360  kvm_load_guest_xsave_state(vcpu);
7361 
7362  pt_guest_enter(vmx);
7363 
7364  atomic_switch_perf_msrs(vmx);
7365  if (intel_pmu_lbr_is_enabled(vcpu))
7366  vmx_passthrough_lbr_msrs(vcpu);
7367 
7368  if (enable_preemption_timer)
7369  vmx_update_hv_timer(vcpu);
7370 
7371  kvm_wait_lapic_expire(vcpu);
7372 
7373  /* The actual VMENTER/EXIT is in the .noinstr.text section. */
7374  vmx_vcpu_enter_exit(vcpu, __vmx_vcpu_run_flags(vmx));
7375 
7376  /* All fields are clean at this point */
7377  if (kvm_is_using_evmcs()) {
7378  current_evmcs->hv_clean_fields |=
7379  HV_VMX_ENLIGHTENED_CLEAN_FIELD_ALL;
7380 
7381  current_evmcs->hv_vp_id = kvm_hv_get_vpindex(vcpu);
7382  }
7383 
7384  /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */
7385  if (vmx->host_debugctlmsr)
7386  update_debugctlmsr(vmx->host_debugctlmsr);
7387 
7388 #ifndef CONFIG_X86_64
7389  /*
7390  * The sysexit path does not restore ds/es, so we must set them to
7391  * a reasonable value ourselves.
7392  *
7393  * We can't defer this to vmx_prepare_switch_to_host() since that
7394  * function may be executed in interrupt context, which saves and
7395  * restore segments around it, nullifying its effect.
7396  */
7397  loadsegment(ds, __USER_DS);
7398  loadsegment(es, __USER_DS);
7399 #endif
7400 
7401  pt_guest_exit(vmx);
7402 
7403  kvm_load_host_xsave_state(vcpu);
7404 
7405  if (is_guest_mode(vcpu)) {
7406  /*
7407  * Track VMLAUNCH/VMRESUME that have made past guest state
7408  * checking.
7409  */
7410  if (vmx->nested.nested_run_pending &&
7411  !vmx->exit_reason.failed_vmentry)
7412  ++vcpu->stat.nested_run;
7413 
7414  vmx->nested.nested_run_pending = 0;
7415  }
7416 
7417  if (unlikely(vmx->fail))
7418  return EXIT_FASTPATH_NONE;
7419 
7420  if (unlikely((u16)vmx->exit_reason.basic == EXIT_REASON_MCE_DURING_VMENTRY))
7421  kvm_machine_check();
7422 
7423  trace_kvm_exit(vcpu, KVM_ISA_VMX);
7424 
7425  if (unlikely(vmx->exit_reason.failed_vmentry))
7426  return EXIT_FASTPATH_NONE;
7427 
7428  vmx->loaded_vmcs->launched = 1;
7429 
7430  vmx_recover_nmi_blocking(vmx);
7431  vmx_complete_interrupts(vmx);
7432 
7433  if (is_guest_mode(vcpu))
7434  return EXIT_FASTPATH_NONE;
7435 
7436  return vmx_exit_handlers_fastpath(vcpu);
7437 }
7438 
7439 static void vmx_vcpu_free(struct kvm_vcpu *vcpu)
7440 {
7441  struct vcpu_vmx *vmx = to_vmx(vcpu);
7442 
7443  if (enable_pml)
7444  vmx_destroy_pml_buffer(vmx);
7445  free_vpid(vmx->vpid);
7446  nested_vmx_free_vcpu(vcpu);
7447  free_loaded_vmcs(vmx->loaded_vmcs);
7448 }
7449 
7450 static int vmx_vcpu_create(struct kvm_vcpu *vcpu)
7451 {
7452  struct vmx_uret_msr *tsx_ctrl;
7453  struct vcpu_vmx *vmx;
7454  int i, err;
7455 
7456  BUILD_BUG_ON(offsetof(struct vcpu_vmx, vcpu) != 0);
7457  vmx = to_vmx(vcpu);
7458 
7459  INIT_LIST_HEAD(&vmx->pi_wakeup_list);
7460 
7461  err = -ENOMEM;
7462 
7463  vmx->vpid = allocate_vpid();
7464 
7465  /*
7466  * If PML is turned on, failure on enabling PML just results in failure
7467  * of creating the vcpu, therefore we can simplify PML logic (by
7468  * avoiding dealing with cases, such as enabling PML partially on vcpus
7469  * for the guest), etc.
7470  */
7471  if (enable_pml) {
7472  vmx->pml_pg = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
7473  if (!vmx->pml_pg)
7474  goto free_vpid;
7475  }
7476 
7477  for (i = 0; i < kvm_nr_uret_msrs; ++i)
7478  vmx->guest_uret_msrs[i].mask = -1ull;
7479  if (boot_cpu_has(X86_FEATURE_RTM)) {
7480  /*
7481  * TSX_CTRL_CPUID_CLEAR is handled in the CPUID interception.
7482  * Keep the host value unchanged to avoid changing CPUID bits
7483  * under the host kernel's feet.
7484  */
7485  tsx_ctrl = vmx_find_uret_msr(vmx, MSR_IA32_TSX_CTRL);
7486  if (tsx_ctrl)
7487  tsx_ctrl->mask = ~(u64)TSX_CTRL_CPUID_CLEAR;
7488  }
7489 
7490  err = alloc_loaded_vmcs(&vmx->vmcs01);
7491  if (err < 0)
7492  goto free_pml;
7493 
7494  /*
7495  * Use Hyper-V 'Enlightened MSR Bitmap' feature when KVM runs as a
7496  * nested (L1) hypervisor and Hyper-V in L0 supports it. Enable the
7497  * feature only for vmcs01, KVM currently isn't equipped to realize any
7498  * performance benefits from enabling it for vmcs02.
7499  */
7500  if (kvm_is_using_evmcs() &&
7501  (ms_hyperv.nested_features & HV_X64_NESTED_MSR_BITMAP)) {
7502  struct hv_enlightened_vmcs *evmcs = (void *)vmx->vmcs01.vmcs;
7503 
7504  evmcs->hv_enlightenments_control.msr_bitmap = 1;
7505  }
7506 
7507  /* The MSR bitmap starts with all ones */
7508  bitmap_fill(vmx->shadow_msr_intercept.read, MAX_POSSIBLE_PASSTHROUGH_MSRS);
7509  bitmap_fill(vmx->shadow_msr_intercept.write, MAX_POSSIBLE_PASSTHROUGH_MSRS);
7510 
7511  vmx_disable_intercept_for_msr(vcpu, MSR_IA32_TSC, MSR_TYPE_R);
7512 #ifdef CONFIG_X86_64
7513  vmx_disable_intercept_for_msr(vcpu, MSR_FS_BASE, MSR_TYPE_RW);
7514  vmx_disable_intercept_for_msr(vcpu, MSR_GS_BASE, MSR_TYPE_RW);
7515  vmx_disable_intercept_for_msr(vcpu, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
7516 #endif
7517  vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
7518  vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
7519  vmx_disable_intercept_for_msr(vcpu, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
7520  if (kvm_cstate_in_guest(vcpu->kvm)) {
7521  vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C1_RES, MSR_TYPE_R);
7522  vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R);
7523  vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R);
7524  vmx_disable_intercept_for_msr(vcpu, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R);
7525  }
7526 
7527  vmx->loaded_vmcs = &vmx->vmcs01;
7528 
7529  if (cpu_need_virtualize_apic_accesses(vcpu)) {
7530  err = kvm_alloc_apic_access_page(vcpu->kvm);
7531  if (err)
7532  goto free_vmcs;
7533  }
7534 
7535  if (enable_ept && !enable_unrestricted_guest) {
7536  err = init_rmode_identity_map(vcpu->kvm);
7537  if (err)
7538  goto free_vmcs;
7539  }
7540 
7541  if (vmx_can_use_ipiv(vcpu))
7542  WRITE_ONCE(to_kvm_vmx(vcpu->kvm)->pid_table[vcpu->vcpu_id],
7543  __pa(&vmx->pi_desc) | PID_TABLE_ENTRY_VALID);
7544 
7545  return 0;
7546 
7547 free_vmcs:
7548  free_loaded_vmcs(vmx->loaded_vmcs);
7549 free_pml:
7550  vmx_destroy_pml_buffer(vmx);
7551 free_vpid:
7552  free_vpid(vmx->vpid);
7553  return err;
7554 }
7555 
7556 #define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n"
7557 #define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n"
7558 
7559 static int vmx_vm_init(struct kvm *kvm)
7560 {
7561  if (!ple_gap)
7562  kvm->arch.pause_in_guest = true;
7563 
7564  if (boot_cpu_has(X86_BUG_L1TF) && enable_ept) {
7565  switch (l1tf_mitigation) {
7566  case L1TF_MITIGATION_OFF:
7567  case L1TF_MITIGATION_FLUSH_NOWARN:
7568  /* 'I explicitly don't care' is set */
7569  break;
7570  case L1TF_MITIGATION_FLUSH:
7571  case L1TF_MITIGATION_FLUSH_NOSMT:
7572  case L1TF_MITIGATION_FULL:
7573  /*
7574  * Warn upon starting the first VM in a potentially
7575  * insecure environment.
7576  */
7577  if (sched_smt_active())
7578  pr_warn_once(L1TF_MSG_SMT);
7579  if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER)
7580  pr_warn_once(L1TF_MSG_L1D);
7581  break;
7582  case L1TF_MITIGATION_FULL_FORCE:
7583  /* Flush is enforced */
7584  break;
7585  }
7586  }
7587  return 0;
7588 }
7589 
7590 static u8 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
7591 {
7592  /* We wanted to honor guest CD/MTRR/PAT, but doing so could result in
7593  * memory aliases with conflicting memory types and sometimes MCEs.
7594  * We have to be careful as to what are honored and when.
7595  *
7596  * For MMIO, guest CD/MTRR are ignored. The EPT memory type is set to
7597  * UC. The effective memory type is UC or WC depending on guest PAT.
7598  * This was historically the source of MCEs and we want to be
7599  * conservative.
7600  *
7601  * When there is no need to deal with noncoherent DMA (e.g., no VT-d
7602  * or VT-d has snoop control), guest CD/MTRR/PAT are all ignored. The
7603  * EPT memory type is set to WB. The effective memory type is forced
7604  * WB.
7605  *
7606  * Otherwise, we trust guest. Guest CD/MTRR/PAT are all honored. The
7607  * EPT memory type is used to emulate guest CD/MTRR.
7608  */
7609 
7610  if (is_mmio)
7611  return MTRR_TYPE_UNCACHABLE << VMX_EPT_MT_EPTE_SHIFT;
7612 
7613  if (!kvm_arch_has_noncoherent_dma(vcpu->kvm))
7614  return (MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT) | VMX_EPT_IPAT_BIT;
7615 
7616  if (kvm_read_cr0_bits(vcpu, X86_CR0_CD)) {
7617  if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
7618  return MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT;
7619  else
7620  return (MTRR_TYPE_UNCACHABLE << VMX_EPT_MT_EPTE_SHIFT) |
7621  VMX_EPT_IPAT_BIT;
7622  }
7623 
7624  return kvm_mtrr_get_guest_memory_type(vcpu, gfn) << VMX_EPT_MT_EPTE_SHIFT;
7625 }
7626 
7627 static void vmcs_set_secondary_exec_control(struct vcpu_vmx *vmx, u32 new_ctl)
7628 {
7629  /*
7630  * These bits in the secondary execution controls field
7631  * are dynamic, the others are mostly based on the hypervisor
7632  * architecture and the guest's CPUID. Do not touch the
7633  * dynamic bits.
7634  */
7635  u32 mask =
7636  SECONDARY_EXEC_SHADOW_VMCS |
7637  SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
7638  SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
7639  SECONDARY_EXEC_DESC;
7640 
7641  u32 cur_ctl = secondary_exec_controls_get(vmx);
7642 
7643  secondary_exec_controls_set(vmx, (new_ctl & ~mask) | (cur_ctl & mask));
7644 }
7645 
7646 /*
7647  * Generate MSR_IA32_VMX_CR{0,4}_FIXED1 according to CPUID. Only set bits
7648  * (indicating "allowed-1") if they are supported in the guest's CPUID.
7649  */
7650 static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu)
7651 {
7652  struct vcpu_vmx *vmx = to_vmx(vcpu);
7653  struct kvm_cpuid_entry2 *entry;
7654 
7655  vmx->nested.msrs.cr0_fixed1 = 0xffffffff;
7656  vmx->nested.msrs.cr4_fixed1 = X86_CR4_PCE;
7657 
7658 #define cr4_fixed1_update(_cr4_mask, _reg, _cpuid_mask) do { \
7659  if (entry && (entry->_reg & (_cpuid_mask))) \
7660  vmx->nested.msrs.cr4_fixed1 |= (_cr4_mask); \
7661 } while (0)
7662 
7663  entry = kvm_find_cpuid_entry(vcpu, 0x1);
7664  cr4_fixed1_update(X86_CR4_VME, edx, feature_bit(VME));
7665  cr4_fixed1_update(X86_CR4_PVI, edx, feature_bit(VME));
7666  cr4_fixed1_update(X86_CR4_TSD, edx, feature_bit(TSC));
7667  cr4_fixed1_update(X86_CR4_DE, edx, feature_bit(DE));
7668  cr4_fixed1_update(X86_CR4_PSE, edx, feature_bit(PSE));
7669  cr4_fixed1_update(X86_CR4_PAE, edx, feature_bit(PAE));
7670  cr4_fixed1_update(X86_CR4_MCE, edx, feature_bit(MCE));
7671  cr4_fixed1_update(X86_CR4_PGE, edx, feature_bit(PGE));
7672  cr4_fixed1_update(X86_CR4_OSFXSR, edx, feature_bit(FXSR));
7673  cr4_fixed1_update(X86_CR4_OSXMMEXCPT, edx, feature_bit(XMM));
7674  cr4_fixed1_update(X86_CR4_VMXE, ecx, feature_bit(VMX));
7675  cr4_fixed1_update(X86_CR4_SMXE, ecx, feature_bit(SMX));
7676  cr4_fixed1_update(X86_CR4_PCIDE, ecx, feature_bit(PCID));
7677  cr4_fixed1_update(X86_CR4_OSXSAVE, ecx, feature_bit(XSAVE));
7678 
7679  entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 0);
7680  cr4_fixed1_update(X86_CR4_FSGSBASE, ebx, feature_bit(FSGSBASE));
7681  cr4_fixed1_update(X86_CR4_SMEP, ebx, feature_bit(SMEP));
7682  cr4_fixed1_update(X86_CR4_SMAP, ebx, feature_bit(SMAP));
7683  cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU));
7684  cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP));
7685  cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57));
7686 
7687  entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1);
7688  cr4_fixed1_update(X86_CR4_LAM_SUP, eax, feature_bit(LAM));
7689 
7690 #undef cr4_fixed1_update
7691 }
7692 
7693 static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
7694 {
7695  struct vcpu_vmx *vmx = to_vmx(vcpu);
7696  struct kvm_cpuid_entry2 *best = NULL;
7697  int i;
7698 
7699  for (i = 0; i < PT_CPUID_LEAVES; i++) {
7700  best = kvm_find_cpuid_entry_index(vcpu, 0x14, i);
7701  if (!best)
7702  return;
7703  vmx->pt_desc.caps[CPUID_EAX + i*PT_CPUID_REGS_NUM] = best->eax;
7704  vmx->pt_desc.caps[CPUID_EBX + i*PT_CPUID_REGS_NUM] = best->ebx;
7705  vmx->pt_desc.caps[CPUID_ECX + i*PT_CPUID_REGS_NUM] = best->ecx;
7706  vmx->pt_desc.caps[CPUID_EDX + i*PT_CPUID_REGS_NUM] = best->edx;
7707  }
7708 
7709  /* Get the number of configurable Address Ranges for filtering */
7710  vmx->pt_desc.num_address_ranges = intel_pt_validate_cap(vmx->pt_desc.caps,
7711  PT_CAP_num_address_ranges);
7712 
7713  /* Initialize and clear the no dependency bits */
7714  vmx->pt_desc.ctl_bitmask = ~(RTIT_CTL_TRACEEN | RTIT_CTL_OS |
7715  RTIT_CTL_USR | RTIT_CTL_TSC_EN | RTIT_CTL_DISRETC |
7716  RTIT_CTL_BRANCH_EN);
7717 
7718  /*
7719  * If CPUID.(EAX=14H,ECX=0):EBX[0]=1 CR3Filter can be set otherwise
7720  * will inject an #GP
7721  */
7722  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_cr3_filtering))
7723  vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_CR3EN;
7724 
7725  /*
7726  * If CPUID.(EAX=14H,ECX=0):EBX[1]=1 CYCEn, CycThresh and
7727  * PSBFreq can be set
7728  */
7729  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_psb_cyc))
7730  vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_CYCLEACC |
7731  RTIT_CTL_CYC_THRESH | RTIT_CTL_PSB_FREQ);
7732 
7733  /*
7734  * If CPUID.(EAX=14H,ECX=0):EBX[3]=1 MTCEn and MTCFreq can be set
7735  */
7736  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_mtc))
7737  vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_MTC_EN |
7738  RTIT_CTL_MTC_RANGE);
7739 
7740  /* If CPUID.(EAX=14H,ECX=0):EBX[4]=1 FUPonPTW and PTWEn can be set */
7741  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_ptwrite))
7742  vmx->pt_desc.ctl_bitmask &= ~(RTIT_CTL_FUP_ON_PTW |
7743  RTIT_CTL_PTW_EN);
7744 
7745  /* If CPUID.(EAX=14H,ECX=0):EBX[5]=1 PwrEvEn can be set */
7746  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_power_event_trace))
7747  vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_PWR_EVT_EN;
7748 
7749  /* If CPUID.(EAX=14H,ECX=0):ECX[0]=1 ToPA can be set */
7750  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_topa_output))
7751  vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_TOPA;
7752 
7753  /* If CPUID.(EAX=14H,ECX=0):ECX[3]=1 FabricEn can be set */
7754  if (intel_pt_validate_cap(vmx->pt_desc.caps, PT_CAP_output_subsys))
7755  vmx->pt_desc.ctl_bitmask &= ~RTIT_CTL_FABRIC_EN;
7756 
7757  /* unmask address range configure area */
7758  for (i = 0; i < vmx->pt_desc.num_address_ranges; i++)
7759  vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4));
7760 }
7761 
7762 static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
7763 {
7764  struct vcpu_vmx *vmx = to_vmx(vcpu);
7765 
7766  /*
7767  * XSAVES is effectively enabled if and only if XSAVE is also exposed
7768  * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be
7769  * set if and only if XSAVE is supported.
7770  */
7771  if (boot_cpu_has(X86_FEATURE_XSAVE) &&
7772  guest_cpuid_has(vcpu, X86_FEATURE_XSAVE))
7773  kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES);
7774 
7775  kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX);
7776  kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LAM);
7777 
7778  vmx_setup_uret_msrs(vmx);
7779 
7780  if (cpu_has_secondary_exec_ctrls())
7781  vmcs_set_secondary_exec_control(vmx,
7782  vmx_secondary_exec_control(vmx));
7783 
7784  if (guest_can_use(vcpu, X86_FEATURE_VMX))
7785  vmx->msr_ia32_feature_control_valid_bits |=
7786  FEAT_CTL_VMX_ENABLED_INSIDE_SMX |
7787  FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX;
7788  else
7789  vmx->msr_ia32_feature_control_valid_bits &=
7790  ~(FEAT_CTL_VMX_ENABLED_INSIDE_SMX |
7791  FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX);
7792 
7793  if (guest_can_use(vcpu, X86_FEATURE_VMX))
7794  nested_vmx_cr_fixed1_bits_update(vcpu);
7795 
7796  if (boot_cpu_has(X86_FEATURE_INTEL_PT) &&
7797  guest_cpuid_has(vcpu, X86_FEATURE_INTEL_PT))
7798  update_intel_pt_cfg(vcpu);
7799 
7800  if (boot_cpu_has(X86_FEATURE_RTM)) {
7801  struct vmx_uret_msr *msr;
7802  msr = vmx_find_uret_msr(vmx, MSR_IA32_TSX_CTRL);
7803  if (msr) {
7804  bool enabled = guest_cpuid_has(vcpu, X86_FEATURE_RTM);
7805  vmx_set_guest_uret_msr(vmx, msr, enabled ? 0 : TSX_CTRL_RTM_DISABLE);
7806  }
7807  }
7808 
7809  if (kvm_cpu_cap_has(X86_FEATURE_XFD))
7810  vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R,
7811  !guest_cpuid_has(vcpu, X86_FEATURE_XFD));
7812 
7813  if (boot_cpu_has(X86_FEATURE_IBPB))
7814  vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W,
7815  !guest_has_pred_cmd_msr(vcpu));
7816 
7817  if (boot_cpu_has(X86_FEATURE_FLUSH_L1D))
7818  vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W,
7819  !guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D));
7820 
7821  set_cr4_guest_host_mask(vmx);
7822 
7823  vmx_write_encls_bitmap(vcpu, NULL);
7824  if (guest_cpuid_has(vcpu, X86_FEATURE_SGX))
7825  vmx->msr_ia32_feature_control_valid_bits |= FEAT_CTL_SGX_ENABLED;
7826  else
7827  vmx->msr_ia32_feature_control_valid_bits &= ~FEAT_CTL_SGX_ENABLED;
7828 
7829  if (guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC))
7830  vmx->msr_ia32_feature_control_valid_bits |=
7831  FEAT_CTL_SGX_LC_ENABLED;
7832  else
7833  vmx->msr_ia32_feature_control_valid_bits &=
7834  ~FEAT_CTL_SGX_LC_ENABLED;
7835 
7836  /* Refresh #PF interception to account for MAXPHYADDR changes. */
7837  vmx_update_exception_bitmap(vcpu);
7838 }
7839 
7840 static u64 vmx_get_perf_capabilities(void)
7841 {
7842  u64 perf_cap = PMU_CAP_FW_WRITES;
7843  struct x86_pmu_lbr lbr;
7844  u64 host_perf_cap = 0;
7845 
7846  if (!enable_pmu)
7847  return 0;
7848 
7849  if (boot_cpu_has(X86_FEATURE_PDCM))
7850  rdmsrl(MSR_IA32_PERF_CAPABILITIES, host_perf_cap);
7851 
7852  if (!cpu_feature_enabled(X86_FEATURE_ARCH_LBR)) {
7853  x86_perf_get_lbr(&lbr);
7854  if (lbr.nr)
7855  perf_cap |= host_perf_cap & PMU_CAP_LBR_FMT;
7856  }
7857 
7858  if (vmx_pebs_supported()) {
7859  perf_cap |= host_perf_cap & PERF_CAP_PEBS_MASK;
7860 
7861  /*
7862  * Disallow adaptive PEBS as it is functionally broken, can be
7863  * used by the guest to read *host* LBRs, and can be used to
7864  * bypass userspace event filters. To correctly and safely
7865  * support adaptive PEBS, KVM needs to:
7866  *
7867  * 1. Account for the ADAPTIVE flag when (re)programming fixed
7868  * counters.
7869  *
7870  * 2. Gain support from perf (or take direct control of counter
7871  * programming) to support events without adaptive PEBS
7872  * enabled for the hardware counter.
7873  *
7874  * 3. Ensure LBR MSRs cannot hold host data on VM-Entry with
7875  * adaptive PEBS enabled and MSR_PEBS_DATA_CFG.LBRS=1.
7876  *
7877  * 4. Document which PMU events are effectively exposed to the
7878  * guest via adaptive PEBS, and make adaptive PEBS mutually
7879  * exclusive with KVM_SET_PMU_EVENT_FILTER if necessary.
7880  */
7881  perf_cap &= ~PERF_CAP_PEBS_BASELINE;
7882  }
7883 
7884  return perf_cap;
7885 }
7886 
7887 static __init void vmx_set_cpu_caps(void)
7888 {
7889  kvm_set_cpu_caps();
7890 
7891  /* CPUID 0x1 */
7892  if (nested)
7893  kvm_cpu_cap_set(X86_FEATURE_VMX);
7894 
7895  /* CPUID 0x7 */
7896  if (kvm_mpx_supported())
7897  kvm_cpu_cap_check_and_set(X86_FEATURE_MPX);
7898  if (!cpu_has_vmx_invpcid())
7899  kvm_cpu_cap_clear(X86_FEATURE_INVPCID);
7900  if (vmx_pt_mode_is_host_guest())
7901  kvm_cpu_cap_check_and_set(X86_FEATURE_INTEL_PT);
7902  if (vmx_pebs_supported()) {
7903  kvm_cpu_cap_check_and_set(X86_FEATURE_DS);
7904  kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64);
7905  }
7906 
7907  if (!enable_pmu)
7908  kvm_cpu_cap_clear(X86_FEATURE_PDCM);
7909  kvm_caps.supported_perf_cap = vmx_get_perf_capabilities();
7910 
7911  if (!enable_sgx) {
7912  kvm_cpu_cap_clear(X86_FEATURE_SGX);
7913  kvm_cpu_cap_clear(X86_FEATURE_SGX_LC);
7914  kvm_cpu_cap_clear(X86_FEATURE_SGX1);
7915  kvm_cpu_cap_clear(X86_FEATURE_SGX2);
7916  }
7917 
7918  if (vmx_umip_emulated())
7919  kvm_cpu_cap_set(X86_FEATURE_UMIP);
7920 
7921  /* CPUID 0xD.1 */
7922  kvm_caps.supported_xss = 0;
7923  if (!cpu_has_vmx_xsaves())
7924  kvm_cpu_cap_clear(X86_FEATURE_XSAVES);
7925 
7926  /* CPUID 0x80000001 and 0x7 (RDPID) */
7927  if (!cpu_has_vmx_rdtscp()) {
7928  kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
7929  kvm_cpu_cap_clear(X86_FEATURE_RDPID);
7930  }
7931 
7932  if (cpu_has_vmx_waitpkg())
7933  kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);
7934 }
7935 
7936 static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu)
7937 {
7938  to_vmx(vcpu)->req_immediate_exit = true;
7939 }
7940 
7941 static int vmx_check_intercept_io(struct kvm_vcpu *vcpu,
7942  struct x86_instruction_info *info)
7943 {
7944  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
7945  unsigned short port;
7946  bool intercept;
7947  int size;
7948 
7949  if (info->intercept == x86_intercept_in ||
7950  info->intercept == x86_intercept_ins) {
7951  port = info->src_val;
7952  size = info->dst_bytes;
7953  } else {
7954  port = info->dst_val;
7955  size = info->src_bytes;
7956  }
7957 
7958  /*
7959  * If the 'use IO bitmaps' VM-execution control is 0, IO instruction
7960  * VM-exits depend on the 'unconditional IO exiting' VM-execution
7961  * control.
7962  *
7963  * Otherwise, IO instruction VM-exits are controlled by the IO bitmaps.
7964  */
7965  if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
7966  intercept = nested_cpu_has(vmcs12,
7967  CPU_BASED_UNCOND_IO_EXITING);
7968  else
7969  intercept = nested_vmx_check_io_bitmaps(vcpu, port, size);
7970 
7971  /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */
7972  return intercept ? X86EMUL_UNHANDLEABLE : X86EMUL_CONTINUE;
7973 }
7974 
7975 static int vmx_check_intercept(struct kvm_vcpu *vcpu,
7976  struct x86_instruction_info *info,
7977  enum x86_intercept_stage stage,
7978  struct x86_exception *exception)
7979 {
7980  struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
7981 
7982  switch (info->intercept) {
7983  /*
7984  * RDPID causes #UD if disabled through secondary execution controls.
7985  * Because it is marked as EmulateOnUD, we need to intercept it here.
7986  * Note, RDPID is hidden behind ENABLE_RDTSCP.
7987  */
7988  case x86_intercept_rdpid:
7989  if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_RDTSCP)) {
7990  exception->vector = UD_VECTOR;
7991  exception->error_code_valid = false;
7992  return X86EMUL_PROPAGATE_FAULT;
7993  }
7994  break;
7995 
7996  case x86_intercept_in:
7997  case x86_intercept_ins:
7998  case x86_intercept_out:
7999  case x86_intercept_outs:
8000  return vmx_check_intercept_io(vcpu, info);
8001 
8002  case x86_intercept_lgdt:
8003  case x86_intercept_lidt:
8004  case x86_intercept_lldt:
8005  case x86_intercept_ltr:
8006  case x86_intercept_sgdt:
8007  case x86_intercept_sidt:
8008  case x86_intercept_sldt:
8009  case x86_intercept_str:
8010  if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_DESC))
8011  return X86EMUL_CONTINUE;
8012 
8013  /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */
8014  break;
8015 
8016  case x86_intercept_pause:
8017  /*
8018  * PAUSE is a single-byte NOP with a REPE prefix, i.e. collides
8019  * with vanilla NOPs in the emulator. Apply the interception
8020  * check only to actual PAUSE instructions. Don't check
8021  * PAUSE-loop-exiting, software can't expect a given PAUSE to
8022  * exit, i.e. KVM is within its rights to allow L2 to execute
8023  * the PAUSE.
8024  */
8025  if ((info->rep_prefix != REPE_PREFIX) ||
8026  !nested_cpu_has2(vmcs12, CPU_BASED_PAUSE_EXITING))
8027  return X86EMUL_CONTINUE;
8028 
8029  break;
8030 
8031  /* TODO: check more intercepts... */
8032  default:
8033  break;
8034  }
8035 
8036  return X86EMUL_UNHANDLEABLE;
8037 }
8038 
8039 #ifdef CONFIG_X86_64
8040 /* (a << shift) / divisor, return 1 if overflow otherwise 0 */
8041 static inline int u64_shl_div_u64(u64 a, unsigned int shift,
8042  u64 divisor, u64 *result)
8043 {
8044  u64 low = a << shift, high = a >> (64 - shift);
8045 
8046  /* To avoid the overflow on divq */
8047  if (high >= divisor)
8048  return 1;
8049 
8050  /* Low hold the result, high hold rem which is discarded */
8051  asm("divq %2\n\t" : "=a" (low), "=d" (high) :
8052  "rm" (divisor), "0" (low), "1" (high));
8053  *result = low;
8054 
8055  return 0;
8056 }
8057 
8058 static int vmx_set_hv_timer(struct kvm_vcpu *vcpu, u64 guest_deadline_tsc,
8059  bool *expired)
8060 {
8061  struct vcpu_vmx *vmx;
8062  u64 tscl, guest_tscl, delta_tsc, lapic_timer_advance_cycles;
8063  struct kvm_timer *ktimer = &vcpu->arch.apic->lapic_timer;
8064 
8065  vmx = to_vmx(vcpu);
8066  tscl = rdtsc();
8067  guest_tscl = kvm_read_l1_tsc(vcpu, tscl);
8068  delta_tsc = max(guest_deadline_tsc, guest_tscl) - guest_tscl;
8069  lapic_timer_advance_cycles = nsec_to_cycles(vcpu,
8070  ktimer->timer_advance_ns);
8071 
8072  if (delta_tsc > lapic_timer_advance_cycles)
8073  delta_tsc -= lapic_timer_advance_cycles;
8074  else
8075  delta_tsc = 0;
8076 
8077  /* Convert to host delta tsc if tsc scaling is enabled */
8078  if (vcpu->arch.l1_tsc_scaling_ratio != kvm_caps.default_tsc_scaling_ratio &&
8079  delta_tsc && u64_shl_div_u64(delta_tsc,
8080  kvm_caps.tsc_scaling_ratio_frac_bits,
8081  vcpu->arch.l1_tsc_scaling_ratio, &delta_tsc))
8082  return -ERANGE;
8083 
8084  /*
8085  * If the delta tsc can't fit in the 32 bit after the multi shift,
8086  * we can't use the preemption timer.
8087  * It's possible that it fits on later vmentries, but checking
8088  * on every vmentry is costly so we just use an hrtimer.
8089  */
8090  if (delta_tsc >> (cpu_preemption_timer_multi + 32))
8091  return -ERANGE;
8092 
8093  vmx->hv_deadline_tsc = tscl + delta_tsc;
8094  *expired = !delta_tsc;
8095  return 0;
8096 }
8097 
8098 static void vmx_cancel_hv_timer(struct kvm_vcpu *vcpu)
8099 {
8100  to_vmx(vcpu)->hv_deadline_tsc = -1;
8101 }
8102 #endif
8103 
8104 static void vmx_sched_in(struct kvm_vcpu *vcpu, int cpu)
8105 {
8106  if (!kvm_pause_in_guest(vcpu->kvm))
8107  shrink_ple_window(vcpu);
8108 }
8109 
8110 void vmx_update_cpu_dirty_logging(struct kvm_vcpu *vcpu)
8111 {
8112  struct vcpu_vmx *vmx = to_vmx(vcpu);
8113 
8114  if (WARN_ON_ONCE(!enable_pml))
8115  return;
8116 
8117  if (is_guest_mode(vcpu)) {
8118  vmx->nested.update_vmcs01_cpu_dirty_logging = true;
8119  return;
8120  }
8121 
8122  /*
8123  * Note, nr_memslots_dirty_logging can be changed concurrent with this
8124  * code, but in that case another update request will be made and so
8125  * the guest will never run with a stale PML value.
8126  */
8127  if (atomic_read(&vcpu->kvm->nr_memslots_dirty_logging))
8128  secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_ENABLE_PML);
8129  else
8130  secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_ENABLE_PML);
8131 }
8132 
8133 static void vmx_setup_mce(struct kvm_vcpu *vcpu)
8134 {
8135  if (vcpu->arch.mcg_cap & MCG_LMCE_P)
8136  to_vmx(vcpu)->msr_ia32_feature_control_valid_bits |=
8137  FEAT_CTL_LMCE_ENABLED;
8138  else
8139  to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &=
8140  ~FEAT_CTL_LMCE_ENABLED;
8141 }
8142 
8143 #ifdef CONFIG_KVM_SMM
8144 static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
8145 {
8146  /* we need a nested vmexit to enter SMM, postpone if run is pending */
8147  if (to_vmx(vcpu)->nested.nested_run_pending)
8148  return -EBUSY;
8149  return !is_smm(vcpu);
8150 }
8151 
8152 static int vmx_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
8153 {
8154  struct vcpu_vmx *vmx = to_vmx(vcpu);
8155 
8156  /*
8157  * TODO: Implement custom flows for forcing the vCPU out/in of L2 on
8158  * SMI and RSM. Using the common VM-Exit + VM-Enter routines is wrong
8159  * SMI and RSM only modify state that is saved and restored via SMRAM.
8160  * E.g. most MSRs are left untouched, but many are modified by VM-Exit
8161  * and VM-Enter, and thus L2's values may be corrupted on SMI+RSM.
8162  */
8163  vmx->nested.smm.guest_mode = is_guest_mode(vcpu);
8164  if (vmx->nested.smm.guest_mode)
8165  nested_vmx_vmexit(vcpu, -1, 0, 0);
8166 
8167  vmx->nested.smm.vmxon = vmx->nested.vmxon;
8168  vmx->nested.vmxon = false;
8169  vmx_clear_hlt(vcpu);
8170  return 0;
8171 }
8172 
8173 static int vmx_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
8174 {
8175  struct vcpu_vmx *vmx = to_vmx(vcpu);
8176  int ret;
8177 
8178  if (vmx->nested.smm.vmxon) {
8179  vmx->nested.vmxon = true;
8180  vmx->nested.smm.vmxon = false;
8181  }
8182 
8183  if (vmx->nested.smm.guest_mode) {
8184  ret = nested_vmx_enter_non_root_mode(vcpu, false);
8185  if (ret)
8186  return ret;
8187 
8188  vmx->nested.nested_run_pending = 1;
8189  vmx->nested.smm.guest_mode = false;
8190  }
8191  return 0;
8192 }
8193 
8194 static void vmx_enable_smi_window(struct kvm_vcpu *vcpu)
8195 {
8196  /* RSM will cause a vmexit anyway. */
8197 }
8198 #endif
8199 
8200 static bool vmx_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
8201 {
8202  return to_vmx(vcpu)->nested.vmxon && !is_guest_mode(vcpu);
8203 }
8204 
8205 static void vmx_migrate_timers(struct kvm_vcpu *vcpu)
8206 {
8207  if (is_guest_mode(vcpu)) {
8208  struct hrtimer *timer = &to_vmx(vcpu)->nested.preemption_timer;
8209 
8210  if (hrtimer_try_to_cancel(timer) == 1)
8211  hrtimer_start_expires(timer, HRTIMER_MODE_ABS_PINNED);
8212  }
8213 }
8214 
8215 static void vmx_hardware_unsetup(void)
8216 {
8217  kvm_set_posted_intr_wakeup_handler(NULL);
8218 
8219  if (nested)
8220  nested_vmx_hardware_unsetup();
8221 
8222  free_kvm_area();
8223 }
8224 
8225 #define VMX_REQUIRED_APICV_INHIBITS \
8226 ( \
8227  BIT(APICV_INHIBIT_REASON_DISABLE)| \
8228  BIT(APICV_INHIBIT_REASON_ABSENT) | \
8229  BIT(APICV_INHIBIT_REASON_HYPERV) | \
8230  BIT(APICV_INHIBIT_REASON_BLOCKIRQ) | \
8231  BIT(APICV_INHIBIT_REASON_PHYSICAL_ID_ALIASED) | \
8232  BIT(APICV_INHIBIT_REASON_APIC_ID_MODIFIED) | \
8233  BIT(APICV_INHIBIT_REASON_APIC_BASE_MODIFIED) \
8234 )
8235 
8236 static void vmx_vm_destroy(struct kvm *kvm)
8237 {
8238  struct kvm_vmx *kvm_vmx = to_kvm_vmx(kvm);
8239 
8240  free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm));
8241 }
8242 
8243 /*
8244  * Note, the SDM states that the linear address is masked *after* the modified
8245  * canonicality check, whereas KVM masks (untags) the address and then performs
8246  * a "normal" canonicality check. Functionally, the two methods are identical,
8247  * and when the masking occurs relative to the canonicality check isn't visible
8248  * to software, i.e. KVM's behavior doesn't violate the SDM.
8249  */
8250 gva_t vmx_get_untagged_addr(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags)
8251 {
8252  int lam_bit;
8253  unsigned long cr3_bits;
8254 
8255  if (flags & (X86EMUL_F_FETCH | X86EMUL_F_IMPLICIT | X86EMUL_F_INVLPG))
8256  return gva;
8257 
8258  if (!is_64_bit_mode(vcpu))
8259  return gva;
8260 
8261  /*
8262  * Bit 63 determines if the address should be treated as user address
8263  * or a supervisor address.
8264  */
8265  if (!(gva & BIT_ULL(63))) {
8266  cr3_bits = kvm_get_active_cr3_lam_bits(vcpu);
8267  if (!(cr3_bits & (X86_CR3_LAM_U57 | X86_CR3_LAM_U48)))
8268  return gva;
8269 
8270  /* LAM_U48 is ignored if LAM_U57 is set. */
8271  lam_bit = cr3_bits & X86_CR3_LAM_U57 ? 56 : 47;
8272  } else {
8273  if (!kvm_is_cr4_bit_set(vcpu, X86_CR4_LAM_SUP))
8274  return gva;
8275 
8276  lam_bit = kvm_is_cr4_bit_set(vcpu, X86_CR4_LA57) ? 56 : 47;
8277  }
8278 
8279  /*
8280  * Untag the address by sign-extending the lam_bit, but NOT to bit 63.
8281  * Bit 63 is retained from the raw virtual address so that untagging
8282  * doesn't change a user access to a supervisor access, and vice versa.
8283  */
8284  return (sign_extend64(gva, lam_bit) & ~BIT_ULL(63)) | (gva & BIT_ULL(63));
8285 }
8286 
8287 static struct kvm_x86_ops vmx_x86_ops __initdata = {
8288  .name = KBUILD_MODNAME,
8289 
8290  .check_processor_compatibility = vmx_check_processor_compat,
8291 
8292  .hardware_unsetup = vmx_hardware_unsetup,
8293 
8294  .hardware_enable = vmx_hardware_enable,
8295  .hardware_disable = vmx_hardware_disable,
8296  .has_emulated_msr = vmx_has_emulated_msr,
8297 
8298  .vm_size = sizeof(struct kvm_vmx),
8299  .vm_init = vmx_vm_init,
8300  .vm_destroy = vmx_vm_destroy,
8301 
8302  .vcpu_precreate = vmx_vcpu_precreate,
8303  .vcpu_create = vmx_vcpu_create,
8304  .vcpu_free = vmx_vcpu_free,
8305  .vcpu_reset = vmx_vcpu_reset,
8306 
8307  .prepare_switch_to_guest = vmx_prepare_switch_to_guest,
8308  .vcpu_load = vmx_vcpu_load,
8309  .vcpu_put = vmx_vcpu_put,
8310 
8311  .update_exception_bitmap = vmx_update_exception_bitmap,
8312  .get_msr_feature = vmx_get_msr_feature,
8313  .get_msr = vmx_get_msr,
8314  .set_msr = vmx_set_msr,
8315  .get_segment_base = vmx_get_segment_base,
8316  .get_segment = vmx_get_segment,
8317  .set_segment = vmx_set_segment,
8318  .get_cpl = vmx_get_cpl,
8319  .get_cs_db_l_bits = vmx_get_cs_db_l_bits,
8320  .is_valid_cr0 = vmx_is_valid_cr0,
8321  .set_cr0 = vmx_set_cr0,
8322  .is_valid_cr4 = vmx_is_valid_cr4,
8323  .set_cr4 = vmx_set_cr4,
8324  .set_efer = vmx_set_efer,
8325  .get_idt = vmx_get_idt,
8326  .set_idt = vmx_set_idt,
8327  .get_gdt = vmx_get_gdt,
8328  .set_gdt = vmx_set_gdt,
8329  .set_dr7 = vmx_set_dr7,
8330  .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs,
8331  .cache_reg = vmx_cache_reg,
8332  .get_rflags = vmx_get_rflags,
8333  .set_rflags = vmx_set_rflags,
8334  .get_if_flag = vmx_get_if_flag,
8335 
8336  .flush_tlb_all = vmx_flush_tlb_all,
8337  .flush_tlb_current = vmx_flush_tlb_current,
8338  .flush_tlb_gva = vmx_flush_tlb_gva,
8339  .flush_tlb_guest = vmx_flush_tlb_guest,
8340 
8341  .vcpu_pre_run = vmx_vcpu_pre_run,
8342  .vcpu_run = vmx_vcpu_run,
8343  .handle_exit = vmx_handle_exit,
8344  .skip_emulated_instruction = vmx_skip_emulated_instruction,
8345  .update_emulated_instruction = vmx_update_emulated_instruction,
8346  .set_interrupt_shadow = vmx_set_interrupt_shadow,
8347  .get_interrupt_shadow = vmx_get_interrupt_shadow,
8348  .patch_hypercall = vmx_patch_hypercall,
8349  .inject_irq = vmx_inject_irq,
8350  .inject_nmi = vmx_inject_nmi,
8351  .inject_exception = vmx_inject_exception,
8352  .cancel_injection = vmx_cancel_injection,
8353  .interrupt_allowed = vmx_interrupt_allowed,
8354  .nmi_allowed = vmx_nmi_allowed,
8355  .get_nmi_mask = vmx_get_nmi_mask,
8356  .set_nmi_mask = vmx_set_nmi_mask,
8357  .enable_nmi_window = vmx_enable_nmi_window,
8358  .enable_irq_window = vmx_enable_irq_window,
8359  .update_cr8_intercept = vmx_update_cr8_intercept,
8360  .set_virtual_apic_mode = vmx_set_virtual_apic_mode,
8361  .set_apic_access_page_addr = vmx_set_apic_access_page_addr,
8362  .refresh_apicv_exec_ctrl = vmx_refresh_apicv_exec_ctrl,
8363  .load_eoi_exitmap = vmx_load_eoi_exitmap,
8364  .apicv_pre_state_restore = vmx_apicv_pre_state_restore,
8365  .required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS,
8366  .hwapic_irr_update = vmx_hwapic_irr_update,
8367  .hwapic_isr_update = vmx_hwapic_isr_update,
8368  .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt,
8369  .sync_pir_to_irr = vmx_sync_pir_to_irr,
8370  .deliver_interrupt = vmx_deliver_interrupt,
8371  .dy_apicv_has_pending_interrupt = pi_has_pending_interrupt,
8372 
8373  .set_tss_addr = vmx_set_tss_addr,
8374  .set_identity_map_addr = vmx_set_identity_map_addr,
8375  .get_mt_mask = vmx_get_mt_mask,
8376 
8377  .get_exit_info = vmx_get_exit_info,
8378 
8379  .vcpu_after_set_cpuid = vmx_vcpu_after_set_cpuid,
8380 
8381  .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit,
8382 
8383  .get_l2_tsc_offset = vmx_get_l2_tsc_offset,
8384  .get_l2_tsc_multiplier = vmx_get_l2_tsc_multiplier,
8385  .write_tsc_offset = vmx_write_tsc_offset,
8386  .write_tsc_multiplier = vmx_write_tsc_multiplier,
8387 
8388  .load_mmu_pgd = vmx_load_mmu_pgd,
8389 
8390  .check_intercept = vmx_check_intercept,
8391  .handle_exit_irqoff = vmx_handle_exit_irqoff,
8392 
8393  .request_immediate_exit = vmx_request_immediate_exit,
8394 
8395  .sched_in = vmx_sched_in,
8396 
8397  .cpu_dirty_log_size = PML_ENTITY_NUM,
8398  .update_cpu_dirty_logging = vmx_update_cpu_dirty_logging,
8399 
8400  .nested_ops = &vmx_nested_ops,
8401 
8402  .pi_update_irte = vmx_pi_update_irte,
8403  .pi_start_assignment = vmx_pi_start_assignment,
8404 
8405 #ifdef CONFIG_X86_64
8406  .set_hv_timer = vmx_set_hv_timer,
8407  .cancel_hv_timer = vmx_cancel_hv_timer,
8408 #endif
8409 
8410  .setup_mce = vmx_setup_mce,
8411 
8412 #ifdef CONFIG_KVM_SMM
8413  .smi_allowed = vmx_smi_allowed,
8414  .enter_smm = vmx_enter_smm,
8415  .leave_smm = vmx_leave_smm,
8416  .enable_smi_window = vmx_enable_smi_window,
8417 #endif
8418 
8419  .check_emulate_instruction = vmx_check_emulate_instruction,
8420  .apic_init_signal_blocked = vmx_apic_init_signal_blocked,
8421  .migrate_timers = vmx_migrate_timers,
8422 
8423  .msr_filter_changed = vmx_msr_filter_changed,
8424  .complete_emulated_msr = kvm_complete_insn_gp,
8425 
8426  .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector,
8427 
8428  .get_untagged_addr = vmx_get_untagged_addr,
8429 };
8430 
8431 static unsigned int vmx_handle_intel_pt_intr(void)
8432 {
8433  struct kvm_vcpu *vcpu = kvm_get_running_vcpu();
8434 
8435  /* '0' on failure so that the !PT case can use a RET0 static call. */
8436  if (!vcpu || !kvm_handling_nmi_from_guest(vcpu))
8437  return 0;
8438 
8439  kvm_make_request(KVM_REQ_PMI, vcpu);
8440  __set_bit(MSR_CORE_PERF_GLOBAL_OVF_CTRL_TRACE_TOPA_PMI_BIT,
8441  (unsigned long *)&vcpu->arch.pmu.global_status);
8442  return 1;
8443 }
8444 
8445 static __init void vmx_setup_user_return_msrs(void)
8446 {
8447 
8448  /*
8449  * Though SYSCALL is only supported in 64-bit mode on Intel CPUs, kvm
8450  * will emulate SYSCALL in legacy mode if the vendor string in guest
8451  * CPUID.0:{EBX,ECX,EDX} is "AuthenticAMD" or "AMDisbetter!" To
8452  * support this emulation, MSR_STAR is included in the list for i386,
8453  * but is never loaded into hardware. MSR_CSTAR is also never loaded
8454  * into hardware and is here purely for emulation purposes.
8455  */
8456  const u32 vmx_uret_msrs_list[] = {
8457  #ifdef CONFIG_X86_64
8458  MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR,
8459  #endif
8460  MSR_EFER, MSR_TSC_AUX, MSR_STAR,
8461  MSR_IA32_TSX_CTRL,
8462  };
8463  int i;
8464 
8465  BUILD_BUG_ON(ARRAY_SIZE(vmx_uret_msrs_list) != MAX_NR_USER_RETURN_MSRS);
8466 
8467  for (i = 0; i < ARRAY_SIZE(vmx_uret_msrs_list); ++i)
8468  kvm_add_user_return_msr(vmx_uret_msrs_list[i]);
8469 }
8470 
8471 static void __init vmx_setup_me_spte_mask(void)
8472 {
8473  u64 me_mask = 0;
8474 
8475  /*
8476  * kvm_get_shadow_phys_bits() returns shadow_phys_bits. Use
8477  * the former to avoid exposing shadow_phys_bits.
8478  *
8479  * On pre-MKTME system, boot_cpu_data.x86_phys_bits equals to
8480  * shadow_phys_bits. On MKTME and/or TDX capable systems,
8481  * boot_cpu_data.x86_phys_bits holds the actual physical address
8482  * w/o the KeyID bits, and shadow_phys_bits equals to MAXPHYADDR
8483  * reported by CPUID. Those bits between are KeyID bits.
8484  */
8485  if (boot_cpu_data.x86_phys_bits != kvm_get_shadow_phys_bits())
8486  me_mask = rsvd_bits(boot_cpu_data.x86_phys_bits,
8487  kvm_get_shadow_phys_bits() - 1);
8488  /*
8489  * Unlike SME, host kernel doesn't support setting up any
8490  * MKTME KeyID on Intel platforms. No memory encryption
8491  * bits should be included into the SPTE.
8492  */
8493  kvm_mmu_set_me_spte_mask(0, me_mask);
8494 }
8495 
8496 static struct kvm_x86_init_ops vmx_init_ops __initdata;
8497 
8498 static __init int hardware_setup(void)
8499 {
8500  unsigned long host_bndcfgs;
8501  struct desc_ptr dt;
8502  int r;
8503 
8504  store_idt(&dt);
8505  host_idt_base = dt.address;
8506 
8507  vmx_setup_user_return_msrs();
8508 
8509  if (setup_vmcs_config(&vmcs_config, &vmx_capability) < 0)
8510  return -EIO;
8511 
8512  if (cpu_has_perf_global_ctrl_bug())
8513  pr_warn_once("VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL "
8514  "does not work properly. Using workaround\n");
8515 
8516  if (boot_cpu_has(X86_FEATURE_NX))
8517  kvm_enable_efer_bits(EFER_NX);
8518 
8519  if (boot_cpu_has(X86_FEATURE_MPX)) {
8520  rdmsrl(MSR_IA32_BNDCFGS, host_bndcfgs);
8521  WARN_ONCE(host_bndcfgs, "BNDCFGS in host will be lost");
8522  }
8523 
8524  if (!cpu_has_vmx_mpx())
8525  kvm_caps.supported_xcr0 &= ~(XFEATURE_MASK_BNDREGS |
8526  XFEATURE_MASK_BNDCSR);
8527 
8528  if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() ||
8529  !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global()))
8530  enable_vpid = 0;
8531 
8532  if (!cpu_has_vmx_ept() ||
8533  !cpu_has_vmx_ept_4levels() ||
8534  !cpu_has_vmx_ept_mt_wb() ||
8535  !cpu_has_vmx_invept_global())
8536  enable_ept = 0;
8537 
8538  /* NX support is required for shadow paging. */
8539  if (!enable_ept && !boot_cpu_has(X86_FEATURE_NX)) {
8540  pr_err_ratelimited("NX (Execute Disable) not supported\n");
8541  return -EOPNOTSUPP;
8542  }
8543 
8544  if (!cpu_has_vmx_ept_ad_bits() || !enable_ept)
8545  enable_ept_ad_bits = 0;
8546 
8547  if (!cpu_has_vmx_unrestricted_guest() || !enable_ept)
8548  enable_unrestricted_guest = 0;
8549 
8550  if (!cpu_has_vmx_flexpriority())
8551  flexpriority_enabled = 0;
8552 
8553  if (!cpu_has_virtual_nmis())
8554  enable_vnmi = 0;
8555 
8556 #ifdef CONFIG_X86_SGX_KVM
8557  if (!cpu_has_vmx_encls_vmexit())
8558  enable_sgx = false;
8559 #endif
8560 
8561  /*
8562  * set_apic_access_page_addr() is used to reload apic access
8563  * page upon invalidation. No need to do anything if not
8564  * using the APIC_ACCESS_ADDR VMCS field.
8565  */
8566  if (!flexpriority_enabled)
8567  vmx_x86_ops.set_apic_access_page_addr = NULL;
8568 
8569  if (!cpu_has_vmx_tpr_shadow())
8570  vmx_x86_ops.update_cr8_intercept = NULL;
8571 
8572 #if IS_ENABLED(CONFIG_HYPERV)
8573  if (ms_hyperv.nested_features & HV_X64_NESTED_GUEST_MAPPING_FLUSH
8574  && enable_ept) {
8575  vmx_x86_ops.flush_remote_tlbs = hv_flush_remote_tlbs;
8576  vmx_x86_ops.flush_remote_tlbs_range = hv_flush_remote_tlbs_range;
8577  }
8578 #endif
8579 
8580  if (!cpu_has_vmx_ple()) {
8581  ple_gap = 0;
8582  ple_window = 0;
8583  ple_window_grow = 0;
8584  ple_window_max = 0;
8585  ple_window_shrink = 0;
8586  }
8587 
8588  if (!cpu_has_vmx_apicv())
8589  enable_apicv = 0;
8590  if (!enable_apicv)
8591  vmx_x86_ops.sync_pir_to_irr = NULL;
8592 
8593  if (!enable_apicv || !cpu_has_vmx_ipiv())
8594  enable_ipiv = false;
8595 
8596  if (cpu_has_vmx_tsc_scaling())
8597  kvm_caps.has_tsc_control = true;
8598 
8599  kvm_caps.max_tsc_scaling_ratio = KVM_VMX_TSC_MULTIPLIER_MAX;
8600  kvm_caps.tsc_scaling_ratio_frac_bits = 48;
8601  kvm_caps.has_bus_lock_exit = cpu_has_vmx_bus_lock_detection();
8602  kvm_caps.has_notify_vmexit = cpu_has_notify_vmexit();
8603 
8604  set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
8605 
8606  if (enable_ept)
8607  kvm_mmu_set_ept_masks(enable_ept_ad_bits,
8608  cpu_has_vmx_ept_execute_only());
8609 
8610  /*
8611  * Setup shadow_me_value/shadow_me_mask to include MKTME KeyID
8612  * bits to shadow_zero_check.
8613  */
8614  vmx_setup_me_spte_mask();
8615 
8616  kvm_configure_mmu(enable_ept, 0, vmx_get_max_ept_level(),
8617  ept_caps_to_lpage_level(vmx_capability.ept));
8618 
8619  /*
8620  * Only enable PML when hardware supports PML feature, and both EPT
8621  * and EPT A/D bit features are enabled -- PML depends on them to work.
8622  */
8623  if (!enable_ept || !enable_ept_ad_bits || !cpu_has_vmx_pml())
8624  enable_pml = 0;
8625 
8626  if (!enable_pml)
8627  vmx_x86_ops.cpu_dirty_log_size = 0;
8628 
8629  if (!cpu_has_vmx_preemption_timer())
8630  enable_preemption_timer = false;
8631 
8632  if (enable_preemption_timer) {
8633  u64 use_timer_freq = 5000ULL * 1000 * 1000;
8634 
8635  cpu_preemption_timer_multi =
8636  vmcs_config.misc & VMX_MISC_PREEMPTION_TIMER_RATE_MASK;
8637 
8638  if (tsc_khz)
8639  use_timer_freq = (u64)tsc_khz * 1000;
8640  use_timer_freq >>= cpu_preemption_timer_multi;
8641 
8642  /*
8643  * KVM "disables" the preemption timer by setting it to its max
8644  * value. Don't use the timer if it might cause spurious exits
8645  * at a rate faster than 0.1 Hz (of uninterrupted guest time).
8646  */
8647  if (use_timer_freq > 0xffffffffu / 10)
8648  enable_preemption_timer = false;
8649  }
8650 
8651  if (!enable_preemption_timer) {
8652  vmx_x86_ops.set_hv_timer = NULL;
8653  vmx_x86_ops.cancel_hv_timer = NULL;
8654  vmx_x86_ops.request_immediate_exit = __kvm_request_immediate_exit;
8655  }
8656 
8657  kvm_caps.supported_mce_cap |= MCG_LMCE_P;
8658  kvm_caps.supported_mce_cap |= MCG_CMCI_P;
8659 
8660  if (pt_mode != PT_MODE_SYSTEM && pt_mode != PT_MODE_HOST_GUEST)
8661  return -EINVAL;
8662  if (!enable_ept || !enable_pmu || !cpu_has_vmx_intel_pt())
8663  pt_mode = PT_MODE_SYSTEM;
8664  if (pt_mode == PT_MODE_HOST_GUEST)
8665  vmx_init_ops.handle_intel_pt_intr = vmx_handle_intel_pt_intr;
8666  else
8667  vmx_init_ops.handle_intel_pt_intr = NULL;
8668 
8669  setup_default_sgx_lepubkeyhash();
8670 
8671  if (nested) {
8672  nested_vmx_setup_ctls_msrs(&vmcs_config, vmx_capability.ept);
8673 
8674  r = nested_vmx_hardware_setup(kvm_vmx_exit_handlers);
8675  if (r)
8676  return r;
8677  }
8678 
8679  vmx_set_cpu_caps();
8680 
8681  r = alloc_kvm_area();
8682  if (r && nested)
8683  nested_vmx_hardware_unsetup();
8684 
8685  kvm_set_posted_intr_wakeup_handler(pi_wakeup_handler);
8686 
8687  return r;
8688 }
8689 
8690 static struct kvm_x86_init_ops vmx_init_ops __initdata = {
8691  .hardware_setup = hardware_setup,
8692  .handle_intel_pt_intr = NULL,
8693 
8694  .runtime_ops = &vmx_x86_ops,
8695  .pmu_ops = &intel_pmu_ops,
8696 };
8697 
8698 static void vmx_cleanup_l1d_flush(void)
8699 {
8700  if (vmx_l1d_flush_pages) {
8701  free_pages((unsigned long)vmx_l1d_flush_pages, L1D_CACHE_ORDER);
8702  vmx_l1d_flush_pages = NULL;
8703  }
8704  /* Restore state so sysfs ignores VMX */
8705  l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
8706 }
8707 
8708 static void __vmx_exit(void)
8709 {
8710  allow_smaller_maxphyaddr = false;
8711 
8712  cpu_emergency_unregister_virt_callback(vmx_emergency_disable);
8713 
8714  vmx_cleanup_l1d_flush();
8715 }
8716 
8717 static void vmx_exit(void)
8718 {
8719  kvm_exit();
8720  kvm_x86_vendor_exit();
8721 
8722  __vmx_exit();
8723 }
8724 module_exit(vmx_exit);
8725 
8726 static int __init vmx_init(void)
8727 {
8728  int r, cpu;
8729 
8730  if (!kvm_is_vmx_supported())
8731  return -EOPNOTSUPP;
8732 
8733  /*
8734  * Note, hv_init_evmcs() touches only VMX knobs, i.e. there's nothing
8735  * to unwind if a later step fails.
8736  */
8737  hv_init_evmcs();
8738 
8739  r = kvm_x86_vendor_init(&vmx_init_ops);
8740  if (r)
8741  return r;
8742 
8743  /*
8744  * Must be called after common x86 init so enable_ept is properly set
8745  * up. Hand the parameter mitigation value in which was stored in
8746  * the pre module init parser. If no parameter was given, it will
8747  * contain 'auto' which will be turned into the default 'cond'
8748  * mitigation mode.
8749  */
8750  r = vmx_setup_l1d_flush(vmentry_l1d_flush_param);
8751  if (r)
8752  goto err_l1d_flush;
8753 
8754  for_each_possible_cpu(cpu) {
8755  INIT_LIST_HEAD(&per_cpu(loaded_vmcss_on_cpu, cpu));
8756 
8757  pi_init_cpu(cpu);
8758  }
8759 
8760  cpu_emergency_register_virt_callback(vmx_emergency_disable);
8761 
8762  vmx_check_vmcs12_offsets();
8763 
8764  /*
8765  * Shadow paging doesn't have a (further) performance penalty
8766  * from GUEST_MAXPHYADDR < HOST_MAXPHYADDR so enable it
8767  * by default
8768  */
8769  if (!enable_ept)
8770  allow_smaller_maxphyaddr = true;
8771 
8772  /*
8773  * Common KVM initialization _must_ come last, after this, /dev/kvm is
8774  * exposed to userspace!
8775  */
8776  r = kvm_init(sizeof(struct vcpu_vmx), __alignof__(struct vcpu_vmx),
8777  THIS_MODULE);
8778  if (r)
8779  goto err_kvm_init;
8780 
8781  return 0;
8782 
8783 err_kvm_init:
8784  __vmx_exit();
8785 err_l1d_flush:
8786  kvm_x86_vendor_exit();
8787  return r;
8788 }
8789 module_init(vmx_init);
irqchip_in_kernel
#define irqchip_in_kernel(k)
Definition: arm_vgic.h:392
cpu_has_vmx_ept_ad_bits
static bool cpu_has_vmx_ept_ad_bits(void)
Definition: capabilities.h:333
cpu_has_vmx_tpr_shadow
static bool cpu_has_vmx_tpr_shadow(void)
Definition: capabilities.h:114
cpu_has_vmx_vmfunc
static bool cpu_has_vmx_vmfunc(void)
Definition: capabilities.h:219
cpu_has_vmx_vpid
static bool cpu_has_vmx_vpid(void)
Definition: capabilities.h:171
PT_MODE_HOST_GUEST
#define PT_MODE_HOST_GUEST
Definition: capabilities.h:22
vmx_pt_mode_is_host_guest
static bool vmx_pt_mode_is_host_guest(void)
Definition: capabilities.h:388
cpu_has_vmx_unrestricted_guest
static bool cpu_has_vmx_unrestricted_guest(void)
Definition: capabilities.h:183
cpu_has_vmx_ept_execute_only
static bool cpu_has_vmx_ept_execute_only(void)
Definition: capabilities.h:294
vmx_pebs_supported
static bool vmx_pebs_supported(void)
Definition: capabilities.h:393
cpu_has_vmx_mpx
static bool cpu_has_vmx_mpx(void)
Definition: capabilities.h:109
cpu_has_vmx_invept_global
static bool cpu_has_vmx_invept_global(void)
Definition: capabilities.h:343
PMU_CAP_FW_WRITES
#define PMU_CAP_FW_WRITES
Definition: capabilities.h:24
cpu_has_vmx_virtualize_x2apic_mode
static bool cpu_has_vmx_virtualize_x2apic_mode(void)
Definition: capabilities.h:165
cpu_has_vmx_ept
static bool cpu_has_vmx_ept(void)
Definition: capabilities.h:147
cpu_has_vmx_wbinvd_exit
static bool cpu_has_vmx_wbinvd_exit(void)
Definition: capabilities.h:177
cpu_has_vmx_xsaves
static bool cpu_has_vmx_xsaves(void)
Definition: capabilities.h:252
cpu_has_vmx_apicv
static bool cpu_has_vmx_apicv(void)
Definition: capabilities.h:276
cpu_has_load_ia32_efer
static bool cpu_has_load_ia32_efer(void)
Definition: capabilities.h:99
cpu_has_secondary_exec_ctrls
static bool cpu_has_secondary_exec_ctrls(void)
Definition: capabilities.h:129
vmx_umip_emulated
static bool vmx_umip_emulated(void)
Definition: capabilities.h:153
PMU_CAP_LBR_FMT
#define PMU_CAP_LBR_FMT
Definition: capabilities.h:25
cpu_has_vmx_intel_pt
static bool cpu_has_vmx_intel_pt(void)
Definition: capabilities.h:368
cpu_has_load_perf_global_ctrl
static bool cpu_has_load_perf_global_ctrl(void)
Definition: capabilities.h:104
cpu_has_vmx_ept_4levels
static bool cpu_has_vmx_ept_4levels(void)
Definition: capabilities.h:299
vmx_pt_mode_is_system
static bool vmx_pt_mode_is_system(void)
Definition: capabilities.h:384
cpu_has_vmx_invvpid
static bool cpu_has_vmx_invvpid(void)
Definition: capabilities.h:348
cpu_has_vmx_invpcid
static bool cpu_has_vmx_invpcid(void)
Definition: capabilities.h:213
cpu_has_vmx_flexpriority
static bool cpu_has_vmx_flexpriority(void)
Definition: capabilities.h:288
cpu_has_vmx_pml
static bool cpu_has_vmx_pml(void)
Definition: capabilities.h:247
cpu_has_vmx_tsc_scaling
static bool cpu_has_vmx_tsc_scaling(void)
Definition: capabilities.h:264
cpu_has_vmx_rdtscp
static bool cpu_has_vmx_rdtscp(void)
Definition: capabilities.h:159
cpu_has_vmx_encls_vmexit
static bool cpu_has_vmx_encls_vmexit(void)
Definition: capabilities.h:235
cpu_has_vmx_msr_bitmap
static bool cpu_has_vmx_msr_bitmap(void)
Definition: capabilities.h:124
cpu_has_vmx_invvpid_global
static bool cpu_has_vmx_invvpid_global(void)
Definition: capabilities.h:363
PT_MODE_SYSTEM
#define PT_MODE_SYSTEM
Definition: capabilities.h:21
cpu_has_vmx_invvpid_single
static bool cpu_has_vmx_invvpid_single(void)
Definition: capabilities.h:358
cpu_has_vmx_preemption_timer
static bool cpu_has_vmx_preemption_timer(void)
Definition: capabilities.h:88
cpu_has_vmx_ept_mt_wb
static bool cpu_has_vmx_ept_mt_wb(void)
Definition: capabilities.h:309
cpu_has_notify_vmexit
static bool cpu_has_notify_vmexit(void)
Definition: capabilities.h:398
cpu_has_virtual_nmis
static bool cpu_has_virtual_nmis(void)
Definition: capabilities.h:82
cpu_has_vmx_ple
static bool cpu_has_vmx_ple(void)
Definition: capabilities.h:201
ept_caps_to_lpage_level
static int ept_caps_to_lpage_level(u32 ept_caps)
Definition: capabilities.h:324
cpu_has_vmx_ept_5levels
static bool cpu_has_vmx_ept_5levels(void)
Definition: capabilities.h:304
cpu_need_tpr_shadow
static bool cpu_need_tpr_shadow(struct kvm_vcpu *vcpu)
Definition: capabilities.h:119
cpu_has_tertiary_exec_ctrls
static bool cpu_has_tertiary_exec_ctrls(void)
Definition: capabilities.h:135
cpu_has_vmx_ipiv
static bool cpu_has_vmx_ipiv(void)
Definition: capabilities.h:283
cpu_has_vmx_waitpkg
static bool cpu_has_vmx_waitpkg(void)
Definition: capabilities.h:258
cpu_has_vmx_bus_lock_detection
static bool cpu_has_vmx_bus_lock_detection(void)
Definition: capabilities.h:270
kvm_emulate_cpuid
int kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
Definition: cpuid.c:1583
kvm_update_cpuid_runtime
void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
Definition: cpuid.c:309
kvm_find_cpuid_entry_index
struct kvm_cpuid_entry2 * kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, u32 function, u32 index)
Definition: cpuid.c:1447
__read_mostly
u32 kvm_cpu_caps[NR_KVM_CPU_CAPS] __read_mostly
Definition: cpuid.c:36
kvm_find_cpuid_entry
struct kvm_cpuid_entry2 * kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, u32 function)
Definition: cpuid.c:1455
kvm_set_cpu_caps
void kvm_set_cpu_caps(void)
Definition: cpuid.c:585
kvm_cpu_cap_check_and_set
static __always_inline void kvm_cpu_cap_check_and_set(unsigned int x86_feature)
Definition: cpuid.h:226
kvm_cpu_cap_has
static __always_inline bool kvm_cpu_cap_has(unsigned int x86_feature)
Definition: cpuid.h:221
kvm_vcpu_is_legal_aligned_gpa
static bool kvm_vcpu_is_legal_aligned_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, gpa_t alignment)
Definition: cpuid.h:50
kvm_vcpu_is_legal_gpa
static bool kvm_vcpu_is_legal_gpa(struct kvm_vcpu *vcpu, gpa_t gpa)
Definition: cpuid.h:45
guest_has_pred_cmd_msr
static bool guest_has_pred_cmd_msr(struct kvm_vcpu *vcpu)
Definition: cpuid.h:179
kvm_governed_feature_check_and_set
static __always_inline void kvm_governed_feature_check_and_set(struct kvm_vcpu *vcpu, unsigned int x86_feature)
Definition: cpuid.h:271
cpuid_model_is_consistent
static bool cpuid_model_is_consistent(struct kvm_vcpu *vcpu)
Definition: cpuid.h:155
kvm_cpu_cap_clear
static __always_inline void kvm_cpu_cap_clear(unsigned int x86_feature)
Definition: cpuid.h:197
guest_can_use
static __always_inline bool guest_can_use(struct kvm_vcpu *vcpu, unsigned int x86_feature)
Definition: cpuid.h:278
guest_has_spec_ctrl_msr
static bool guest_has_spec_ctrl_msr(struct kvm_vcpu *vcpu)
Definition: cpuid.h:171
guest_cpuid_has
static __always_inline bool guest_cpuid_has(struct kvm_vcpu *vcpu, unsigned int x86_feature)
Definition: cpuid.h:83
kvm_cpu_cap_set
static __always_inline void kvm_cpu_cap_set(unsigned int x86_feature)
Definition: cpuid.h:205
kvm_hv_get_vpindex
static u32 kvm_hv_get_vpindex(struct kvm_vcpu *vcpu)
Definition: hyperv.h:320
KVM_EVMCS_VERSION
#define KVM_EVMCS_VERSION
Definition: hyperv_evmcs.h:14
kvm_cache_regs.h
kvm_register_mark_available
static void kvm_register_mark_available(struct kvm_vcpu *vcpu, enum kvm_reg reg)
Definition: kvm_cache_regs.h:65
X86_CR4_PDPTR_BITS
#define X86_CR4_PDPTR_BITS
Definition: kvm_cache_regs.h:14
kvm_register_mark_dirty
static void kvm_register_mark_dirty(struct kvm_vcpu *vcpu, enum kvm_reg reg)
Definition: kvm_cache_regs.h:71
kvm_register_is_dirty
static bool kvm_register_is_dirty(struct kvm_vcpu *vcpu, enum kvm_reg reg)
Definition: kvm_cache_regs.h:59
kvm_is_cr0_bit_set
static __always_inline bool kvm_is_cr0_bit_set(struct kvm_vcpu *vcpu, unsigned long cr0_bit)
Definition: kvm_cache_regs.h:160
kvm_is_cr4_bit_set
static __always_inline bool kvm_is_cr4_bit_set(struct kvm_vcpu *vcpu, unsigned long cr4_bit)
Definition: kvm_cache_regs.h:182
KVM_POSSIBLE_CR4_GUEST_BITS
#define KVM_POSSIBLE_CR4_GUEST_BITS
Definition: kvm_cache_regs.h:8
kvm_read_cr0_bits
static ulong kvm_read_cr0_bits(struct kvm_vcpu *vcpu, ulong mask)
Definition: kvm_cache_regs.h:151
kvm_register_is_available
static bool kvm_register_is_available(struct kvm_vcpu *vcpu, enum kvm_reg reg)
Definition: kvm_cache_regs.h:53
X86_CR4_TLBFLUSH_BITS
#define X86_CR4_TLBFLUSH_BITS
Definition: kvm_cache_regs.h:13
kvm_rip_write
static void kvm_rip_write(struct kvm_vcpu *vcpu, unsigned long val)
Definition: kvm_cache_regs.h:121
kvm_read_cr3
static ulong kvm_read_cr3(struct kvm_vcpu *vcpu)
Definition: kvm_cache_regs.h:190
kvm_read_cr4
static ulong kvm_read_cr4(struct kvm_vcpu *vcpu)
Definition: kvm_cache_regs.h:197
kvm_rip_read
static unsigned long kvm_rip_read(struct kvm_vcpu *vcpu)
Definition: kvm_cache_regs.h:116
is_guest_mode
static bool is_guest_mode(struct kvm_vcpu *vcpu)
Definition: kvm_cache_regs.h:226
X86EMUL_F_INVLPG
#define X86EMUL_F_INVLPG
Definition: kvm_emulate.h:95
X86EMUL_PROPAGATE_FAULT
#define X86EMUL_PROPAGATE_FAULT
Definition: kvm_emulate.h:85
x86_intercept_ins
@ x86_intercept_ins
Definition: kvm_emulate.h:488
x86_intercept_sldt
@ x86_intercept_sldt
Definition: kvm_emulate.h:456
x86_intercept_pause
@ x86_intercept_pause
Definition: kvm_emulate.h:468
x86_intercept_out
@ x86_intercept_out
Definition: kvm_emulate.h:489
x86_intercept_rdpid
@ x86_intercept_rdpid
Definition: kvm_emulate.h:480
x86_intercept_lgdt
@ x86_intercept_lgdt
Definition: kvm_emulate.h:453
x86_intercept_outs
@ x86_intercept_outs
Definition: kvm_emulate.h:490
x86_intercept_sidt
@ x86_intercept_sidt
Definition: kvm_emulate.h:452
x86_intercept_in
@ x86_intercept_in
Definition: kvm_emulate.h:487
x86_intercept_lldt
@ x86_intercept_lldt
Definition: kvm_emulate.h:455
x86_intercept_lidt
@ x86_intercept_lidt
Definition: kvm_emulate.h:451
x86_intercept_sgdt
@ x86_intercept_sgdt
Definition: kvm_emulate.h:454
x86_intercept_ltr
@ x86_intercept_ltr
Definition: kvm_emulate.h:457
x86_intercept_str
@ x86_intercept_str
Definition: kvm_emulate.h:458
X86EMUL_F_IMPLICIT
#define X86EMUL_F_IMPLICIT
Definition: kvm_emulate.h:94
REPE_PREFIX
#define REPE_PREFIX
Definition: kvm_emulate.h:387
X86EMUL_UNHANDLEABLE
#define X86EMUL_UNHANDLEABLE
Definition: kvm_emulate.h:83
X86EMUL_CONTINUE
#define X86EMUL_CONTINUE
Definition: kvm_emulate.h:81
X86EMUL_F_FETCH
#define X86EMUL_F_FETCH
Definition: kvm_emulate.h:93
x86_intercept_stage
x86_intercept_stage
Definition: kvm_emulate.h:435
kvm_init
int kvm_init(unsigned vcpu_size, unsigned vcpu_align, struct module *module)
Definition: kvm_main.c:6402
kvm_vcpu_on_spin
void kvm_vcpu_on_spin(struct kvm_vcpu *me, bool yield_to_kernel_mode)
Definition: kvm_main.c:4056
kvm_exit
void kvm_exit(void)
Definition: kvm_main.c:6495
gfn_to_pfn_memslot
kvm_pfn_t gfn_to_pfn_memslot(const struct kvm_memory_slot *slot, gfn_t gfn)
Definition: kvm_main.c:3071
kvm_vcpu_mark_page_dirty
void kvm_vcpu_mark_page_dirty(struct kvm_vcpu *vcpu, gfn_t gfn)
Definition: kvm_main.c:3669
kvm_io_bus_write
int kvm_io_bus_write(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx, gpa_t addr, int len, const void *val)
Definition: kvm_main.c:5807
kvm_get_running_vcpu
struct kvm_vcpu * kvm_get_running_vcpu(void)
Definition: kvm_main.c:6338
kvm_vcpu_kick
void kvm_vcpu_kick(struct kvm_vcpu *vcpu)
Definition: kvm_main.c:3931
kvm_vcpu_wake_up
bool kvm_vcpu_wake_up(struct kvm_vcpu *vcpu)
Definition: kvm_main.c:3915
kvm_release_pfn_clean
void kvm_release_pfn_clean(kvm_pfn_t pfn)
Definition: kvm_main.c:3241
hv_track_root_tdp
void hv_track_root_tdp(struct kvm_vcpu *vcpu, hpa_t root_tdp)
Definition: kvm_onhyperv.c:112
hv_flush_remote_tlbs_range
int hv_flush_remote_tlbs_range(struct kvm *kvm, gfn_t start_gfn, gfn_t nr_pages)
Definition: kvm_onhyperv.c:95
hv_flush_remote_tlbs
int hv_flush_remote_tlbs(struct kvm *kvm)
Definition: kvm_onhyperv.c:106
kvm_onhyperv.h
kvm_apic_write_nodecode
void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset)
Definition: lapic.c:2446
kvm_lapic_find_highest_irr
int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
Definition: lapic.c:808
kvm_apic_update_ppr
void kvm_apic_update_ppr(struct kvm_vcpu *vcpu)
Definition: lapic.c:975
kvm_lapic_readable_reg_mask
u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic)
Definition: lapic.c:1607
kvm_apic_set_eoi_accelerated
void kvm_apic_set_eoi_accelerated(struct kvm_vcpu *vcpu, int vector)
Definition: lapic.c:1493
kvm_lapic_expired_hv_timer
void kvm_lapic_expired_hv_timer(struct kvm_vcpu *vcpu)
Definition: lapic.c:2171
kvm_alloc_apic_access_page
int kvm_alloc_apic_access_page(struct kvm *kvm)
Definition: lapic.c:2598
kvm_apic_update_irr
bool kvm_apic_update_irr(struct kvm_vcpu *vcpu, u32 *pir, int *max_irr)
Definition: lapic.c:690
kvm_wait_lapic_expire
void kvm_wait_lapic_expire(struct kvm_vcpu *vcpu)
Definition: lapic.c:1869
kvm_lapic_set_eoi
void kvm_lapic_set_eoi(struct kvm_vcpu *vcpu)
Definition: lapic.c:2439
LAPIC_MODE_X2APIC
@ LAPIC_MODE_X2APIC
Definition: lapic.h:29
LAPIC_MODE_DISABLED
@ LAPIC_MODE_DISABLED
Definition: lapic.h:26
LAPIC_MODE_XAPIC
@ LAPIC_MODE_XAPIC
Definition: lapic.h:28
LAPIC_MODE_INVALID
@ LAPIC_MODE_INVALID
Definition: lapic.h:27
kvm_lapic_set_irr
static void kvm_lapic_set_irr(int vec, struct kvm_lapic *apic)
Definition: lapic.h:164
lapic_in_kernel
static bool lapic_in_kernel(struct kvm_vcpu *vcpu)
Definition: lapic.h:186
kvm_vcpu_apicv_active
static bool kvm_vcpu_apicv_active(struct kvm_vcpu *vcpu)
Definition: lapic.h:226
kvm_get_apic_mode
enum lapic_mode kvm_get_apic_mode(struct kvm_vcpu *vcpu)
Definition: x86.c:479
kvm_mmu_page_fault
int noinline kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 error_code, void *insn, int insn_len)
Definition: mmu.c:5830
kvm_mmu_invlpg
void kvm_mmu_invlpg(struct kvm_vcpu *vcpu, gva_t gva)
Definition: mmu.c:5968
kvm_handle_page_fault
int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code, u64 fault_address, char *insn, int insn_len)
Definition: mmu.c:4540
kvm_configure_mmu
void kvm_configure_mmu(bool enable_tdp, int tdp_forced_root_level, int tdp_max_root_level, int tdp_huge_page_level)
Definition: mmu.c:6012
rsvd_bits
static __always_inline u64 rsvd_bits(int s, int e)
Definition: mmu.h:45
kvm_get_active_cr3_lam_bits
static unsigned long kvm_get_active_cr3_lam_bits(struct kvm_vcpu *vcpu)
Definition: mmu.h:149
kvm_get_shadow_phys_bits
static u8 kvm_get_shadow_phys_bits(void)
Definition: mmu.h:84
kvm_get_active_pcid
static unsigned long kvm_get_active_pcid(struct kvm_vcpu *vcpu)
Definition: mmu.h:144
kvm_mtrr_get_guest_memory_type
u8 kvm_mtrr_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn)
Definition: mtrr.c:614
nested_cpu_has_vid
static bool nested_cpu_has_vid(struct vmcs12 *vmcs12)
Definition: nested.h:195
get_vmcs12
static struct vmcs12 * get_vmcs12(struct kvm_vcpu *vcpu)
Definition: nested.h:40
nested_ept_ad_enabled
static bool nested_ept_ad_enabled(struct kvm_vcpu *vcpu)
Definition: nested.h:77
nested_cr4_valid
static bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val)
Definition: nested.h:279
nested_get_vpid02
static u16 nested_get_vpid02(struct kvm_vcpu *vcpu)
Definition: nested.h:64
nested_cpu_has2
static bool nested_cpu_has2(struct vmcs12 *vmcs12, u32 bit)
Definition: nested.h:137
nested_cpu_has_mtf
static int nested_cpu_has_mtf(struct vmcs12 *vmcs12)
Definition: nested.h:160
nested_cpu_has
static bool nested_cpu_has(struct vmcs12 *vmcs12, u32 bit)
Definition: nested.h:132
nested_guest_cr0_valid
static bool nested_guest_cr0_valid(struct kvm_vcpu *vcpu, unsigned long val)
Definition: nested.h:257
nested_host_cr0_valid
static bool nested_host_cr0_valid(struct kvm_vcpu *vcpu, unsigned long val)
Definition: nested.h:271
vcpu_to_pmu
#define vcpu_to_pmu(vcpu)
Definition: pmu.h:7
intel_pmu_ops
struct kvm_pmu_ops intel_pmu_ops
intel_pmu_cross_mapped_check
void intel_pmu_cross_mapped_check(struct kvm_pmu *pmu)
Definition: pmu_intel.c:746
vmx_passthrough_lbr_msrs
void vmx_passthrough_lbr_msrs(struct kvm_vcpu *vcpu)
Definition: pmu_intel.c:713
intel_pmu_create_guest_lbr_event
int intel_pmu_create_guest_lbr_event(struct kvm_vcpu *vcpu)
Definition: pmu_intel.c:254
pi_has_pending_interrupt
bool pi_has_pending_interrupt(struct kvm_vcpu *vcpu)
Definition: posted_intr.c:240
vmx_pi_start_assignment
void vmx_pi_start_assignment(struct kvm *kvm)
Definition: posted_intr.c:255
vmx_vcpu_pi_load
void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu)
Definition: posted_intr.c:53
pi_init_cpu
void __init pi_init_cpu(int cpu)
Definition: posted_intr.c:234
vmx_vcpu_pi_put
void vmx_vcpu_pi_put(struct kvm_vcpu *vcpu)
Definition: posted_intr.c:196
pi_wakeup_handler
void pi_wakeup_handler(void)
Definition: posted_intr.c:218
vmx_pi_update_irte
int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, uint32_t guest_irq, bool set)
Definition: posted_intr.c:272
pi_clear_on
static void pi_clear_on(struct pi_desc *pi_desc)
Definition: posted_intr.h:73
pi_test_and_set_on
static bool pi_test_and_set_on(struct pi_desc *pi_desc)
Definition: posted_intr.h:33
PID_TABLE_ENTRY_VALID
#define PID_TABLE_ENTRY_VALID
Definition: posted_intr.h:8
pi_test_and_set_pir
static bool pi_test_and_set_pir(int vector, struct pi_desc *pi_desc)
Definition: posted_intr.h:51
control
u64 control
Definition: posted_intr.h:16
pi_test_on
static bool pi_test_on(struct pi_desc *pi_desc)
Definition: posted_intr.h:85
feature_bit
#define feature_bit(name)
Definition: reverse_cpuid.h:156
VMX_RUN_SAVE_SPEC_CTRL
#define VMX_RUN_SAVE_SPEC_CTRL
Definition: run_flags.h:9
VMX_RUN_VMRESUME
#define VMX_RUN_VMRESUME
Definition: run_flags.h:8
setup_default_sgx_lepubkeyhash
void setup_default_sgx_lepubkeyhash(void)
Definition: sgx.c:404
enable_sgx
bool __read_mostly enable_sgx
Definition: sgx.c:14
vcpu_setup_sgx_lepubkeyhash
void vcpu_setup_sgx_lepubkeyhash(struct kvm_vcpu *vcpu)
Definition: sgx.c:428
vmx_write_encls_bitmap
void vmx_write_encls_bitmap(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
Definition: sgx.c:468
is_smm
static bool is_smm(struct kvm_vcpu *vcpu)
Definition: smm.h:160
kvm_mmu_set_me_spte_mask
void kvm_mmu_set_me_spte_mask(u64 me_value, u64 me_mask)
Definition: spte.c:414
kvm_mmu_set_ept_masks
void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only)
Definition: spte.c:425
kvm_caps
Definition: x86.h:12
kvm_caps::default_tsc_scaling_ratio
u64 default_tsc_scaling_ratio
Definition: x86.h:22
kvm_caps::supported_mce_cap
u64 supported_mce_cap
Definition: x86.h:28
kvm_caps::has_notify_vmexit
bool has_notify_vmexit
Definition: x86.h:26
kvm_caps::supported_perf_cap
u64 supported_perf_cap
Definition: x86.h:31
kvm_caps::supported_xss
u64 supported_xss
Definition: x86.h:30
kvm_caps::max_tsc_scaling_ratio
u64 max_tsc_scaling_ratio
Definition: x86.h:20
kvm_caps::tsc_scaling_ratio_frac_bits
u8 tsc_scaling_ratio_frac_bits
Definition: x86.h:18
kvm_caps::has_tsc_control
bool has_tsc_control
Definition: x86.h:14
kvm_caps::supported_xcr0
u64 supported_xcr0
Definition: x86.h:29
kvm_caps::has_bus_lock_exit
bool has_bus_lock_exit
Definition: x86.h:24
kvm_lapic
Definition: lapic.h:59
kvm_lapic::vcpu
struct kvm_vcpu * vcpu
Definition: lapic.h:64
kvm_pmu
Definition: arm_pmu.h:110
kvm_timer
Definition: lapic.h:46
kvm_timer::timer_advance_ns
u32 timer_advance_ns
Definition: lapic.h:54
kvm_vmx_segment_field
Definition: vmx.c:504
kvm_vmx_segment_field::ar_bytes
unsigned ar_bytes
Definition: vmx.c:508
kvm_vmx_segment_field::base
unsigned base
Definition: vmx.c:506
kvm_vmx_segment_field::limit
unsigned limit
Definition: vmx.c:507
kvm_vmx_segment_field::selector
unsigned selector
Definition: vmx.c:505
kvm_vmx
Definition: vmx.h:369
kvm_vmx::pid_table
u64 * pid_table
Definition: vmx.h:376
kvm_vmx::kvm
struct kvm kvm
Definition: vmx.h:370
kvm_vmx::tss_addr
unsigned int tss_addr
Definition: vmx.h:372
kvm_vmx::ept_identity_pagetable_done
bool ept_identity_pagetable_done
Definition: vmx.h:373
kvm_vmx::ept_identity_map_addr
gpa_t ept_identity_map_addr
Definition: vmx.h:374
lbr_desc
Definition: vmx.h:96
lbr_desc::event
struct perf_event * event
Definition: vmx.h:106
loaded_vmcs
Definition: vmcs.h:61
loaded_vmcs::host_state
struct vmcs_host_state host_state
Definition: vmcs.h:74
loaded_vmcs::entry_time
ktime_t entry_time
Definition: vmcs.h:70
loaded_vmcs::cpu
int cpu
Definition: vmcs.h:64
loaded_vmcs::hv_timer_soft_disabled
bool hv_timer_soft_disabled
Definition: vmcs.h:67
loaded_vmcs::msr_bitmap
unsigned long * msr_bitmap
Definition: vmcs.h:72
loaded_vmcs::vnmi_blocked_time
s64 vnmi_blocked_time
Definition: vmcs.h:71
loaded_vmcs::vmcs
struct vmcs * vmcs
Definition: vmcs.h:62
loaded_vmcs::nmi_known_unmasked
bool nmi_known_unmasked
Definition: vmcs.h:66
loaded_vmcs::launched
bool launched
Definition: vmcs.h:65
loaded_vmcs::soft_vnmi_blocked
int soft_vnmi_blocked
Definition: vmcs.h:69
loaded_vmcs::shadow_vmcs
struct vmcs * shadow_vmcs
Definition: vmcs.h:63
loaded_vmcs::loaded_vmcss_on_cpu_link
struct list_head loaded_vmcss_on_cpu_link
Definition: vmcs.h:73
loaded_vmcs::controls_shadow
struct vmcs_controls_shadow controls_shadow
Definition: vmcs.h:75
nested_vmx_msrs::cr4_fixed1
u64 cr4_fixed1
Definition: capabilities.h:51
nested_vmx_msrs::secondary_ctls_high
u32 secondary_ctls_high
Definition: capabilities.h:36
nested_vmx_msrs::exit_ctls_high
u32 exit_ctls_high
Definition: capabilities.h:40
nested_vmx_msrs::cr0_fixed1
u64 cr0_fixed1
Definition: capabilities.h:49
nested_vmx_msrs::entry_ctls_high
u32 entry_ctls_high
Definition: capabilities.h:42
nested_vmx::preemption_timer
struct hrtimer preemption_timer
Definition: vmx.h:210
nested_vmx::posted_intr_nv
u16 posted_intr_nv
Definition: vmx.h:208
nested_vmx::vmxon
bool vmxon
Definition: vmx.h:118
nested_vmx::virtual_apic_map
struct kvm_host_map virtual_apic_map
Definition: vmx.h:201
nested_vmx::current_vmptr
gpa_t current_vmptr
Definition: vmx.h:123
nested_vmx::msrs
struct nested_vmx_msrs msrs
Definition: vmx.h:234
nested_vmx::nested_run_pending
bool nested_run_pending
Definition: vmx.h:189
nested_vmx::vpid02
u16 vpid02
Definition: vmx.h:231
nested_vmx::force_msr_bitmap_recalc
bool force_msr_bitmap_recalc
Definition: vmx.h:161
nested_vmx::guest_mode
bool guest_mode
Definition: vmx.h:241
nested_vmx::reload_vmcs01_apic_access_page
bool reload_vmcs01_apic_access_page
Definition: vmx.h:177
nested_vmx::l1_tpr_threshold
int l1_tpr_threshold
Definition: vmx.h:229
nested_vmx::pi_pending
bool pi_pending
Definition: vmx.h:207
nested_vmx::mtf_pending
bool mtf_pending
Definition: vmx.h:192
nested_vmx::need_vmcs12_to_shadow_sync
bool need_vmcs12_to_shadow_sync
Definition: vmx.h:151
nested_vmx::update_vmcs01_apicv_status
bool update_vmcs01_apicv_status
Definition: vmx.h:179
nested_vmx::smm
struct nested_vmx::@39 smm
nested_vmx::update_vmcs01_cpu_dirty_logging
bool update_vmcs01_cpu_dirty_logging
Definition: vmx.h:178
nested_vmx::change_vmcs01_virtual_apic_mode
bool change_vmcs01_virtual_apic_mode
Definition: vmx.h:176
nested_vmx::vmxon_ptr
gpa_t vmxon_ptr
Definition: vmx.h:119
pi_desc::pir
u32 pir[8]
Definition: posted_intr.h:12
pi_desc::sn
u16 sn
Definition: posted_intr.h:18
pi_desc::nv
u8 nv
Definition: posted_intr.h:22
pt_ctx
Definition: vmx.h:55
pt_ctx::addr_a
u64 addr_a[RTIT_ADDR_RANGE]
Definition: vmx.h:61
pt_ctx::ctl
u64 ctl
Definition: vmx.h:56
pt_ctx::addr_b
u64 addr_b[RTIT_ADDR_RANGE]
Definition: vmx.h:62
pt_ctx::output_mask
u64 output_mask
Definition: vmx.h:59
pt_ctx::status
u64 status
Definition: vmx.h:57
pt_ctx::output_base
u64 output_base
Definition: vmx.h:58
pt_ctx::cr3_match
u64 cr3_match
Definition: vmx.h:60
pt_desc::caps
u32 caps[PT_CPUID_REGS_NUM *PT_CPUID_LEAVES]
Definition: vmx.h:68
pt_desc::host
struct pt_ctx host
Definition: vmx.h:69
pt_desc::ctl_bitmask
u64 ctl_bitmask
Definition: vmx.h:66
pt_desc::guest
struct pt_ctx guest
Definition: vmx.h:70
pt_desc::num_address_ranges
u32 num_address_ranges
Definition: vmx.h:67
vcpu_vmx::msr_autoload::host
struct vmx_msrs host
Definition: vmx.h:296
vcpu_vmx::msr_autoload::guest
struct vmx_msrs guest
Definition: vmx.h:295
vcpu_vmx::msr_autostore::guest
struct vmx_msrs guest
Definition: vmx.h:300
vcpu_vmx
Definition: vmx.h:251
vcpu_vmx::exit_intr_info
u32 exit_intr_info
Definition: vmx.h:266
vcpu_vmx::guest_uret_msrs
struct vmx_uret_msr guest_uret_msrs[MAX_NR_USER_RETURN_MSRS]
Definition: vmx.h:276
vcpu_vmx::vpid
int vpid
Definition: vmx.h:317
vcpu_vmx::limit
u32 limit
Definition: vmx.h:313
vcpu_vmx::rflags
ulong rflags
Definition: vmx.h:268
vcpu_vmx::msr_autostore
struct vcpu_vmx::msr_autostore msr_autostore
vcpu_vmx::segs
struct kvm_segment segs[8]
Definition: vmx.h:306
vcpu_vmx::pt_desc
struct pt_desc pt_desc
Definition: vmx.h:358
vcpu_vmx::x2apic_msr_bitmap_mode
u8 x2apic_msr_bitmap_mode
Definition: vmx.h:254
vcpu_vmx::segment_cache
struct vcpu_vmx::@41 segment_cache
vcpu_vmx::ar
u32 ar
Definition: vmx.h:314
vcpu_vmx::vmcs01
struct loaded_vmcs vmcs01
Definition: vmx.h:291
vcpu_vmx::msr_ia32_mcu_opt_ctrl
u64 msr_ia32_mcu_opt_ctrl
Definition: vmx.h:355
vcpu_vmx::save_rflags
ulong save_rflags
Definition: vmx.h:305
vcpu_vmx::ple_window
unsigned int ple_window
Definition: vmx.h:332
vcpu_vmx::pi_wakeup_list
struct list_head pi_wakeup_list
Definition: vmx.h:326
vcpu_vmx::msr_ia32_feature_control_valid_bits
u64 msr_ia32_feature_control_valid_bits
Definition: vmx.h:352
vcpu_vmx::rmode
struct vcpu_vmx::@40 rmode
vcpu_vmx::bitmask
u32 bitmask
Definition: vmx.h:309
vcpu_vmx::loaded_vmcs
struct loaded_vmcs * loaded_vmcs
Definition: vmx.h:292
vcpu_vmx::ple_window_dirty
bool ple_window_dirty
Definition: vmx.h:333
vcpu_vmx::emulation_required
bool emulation_required
Definition: vmx.h:318
vcpu_vmx::msr_ia32_sgxlepubkeyhash
u64 msr_ia32_sgxlepubkeyhash[4]
Definition: vmx.h:354
vcpu_vmx::spec_ctrl
u64 spec_ctrl
Definition: vmx.h:283
vcpu_vmx::pml_pg
struct page * pml_pg
Definition: vmx.h:339
vcpu_vmx::vcpu
struct kvm_vcpu vcpu
Definition: vmx.h:252
vcpu_vmx::nested
struct nested_vmx nested
Definition: vmx.h:329
vcpu_vmx::fail
u8 fail
Definition: vmx.h:253
vcpu_vmx::host_debugctlmsr
unsigned long host_debugctlmsr
Definition: vmx.h:344
vcpu_vmx::pi_desc
struct pi_desc pi_desc
Definition: vmx.h:323
vcpu_vmx::disable_fb_clear
bool disable_fb_clear
Definition: vmx.h:356
vcpu_vmx::msr_autoload
struct vcpu_vmx::msr_autoload msr_autoload
vcpu_vmx::vm86_active
int vm86_active
Definition: vmx.h:304
vcpu_vmx::hv_deadline_tsc
u64 hv_deadline_tsc
Definition: vmx.h:342
vcpu_vmx::shadow_msr_intercept
struct vcpu_vmx::@42 shadow_msr_intercept
vcpu_vmx::guest_uret_msrs_loaded
bool guest_uret_msrs_loaded
Definition: vmx.h:277
vcpu_vmx::req_immediate_exit
bool req_immediate_exit
Definition: vmx.h:335
vcpu_vmx::seg
struct vcpu_vmx::@41::kvm_save_segment seg[8]
vcpu_vmx::msr_ia32_feature_control
u64 msr_ia32_feature_control
Definition: vmx.h:351
vcpu_vmx::guest_state_loaded
bool guest_state_loaded
Definition: vmx.h:263
vcpu_vmx::idt_vectoring_info
u32 idt_vectoring_info
Definition: vmx.h:267
vcpu_vmx::exit_qualification
unsigned long exit_qualification
Definition: vmx.h:265
vcpu_vmx::msr_ia32_umwait_control
u32 msr_ia32_umwait_control
Definition: vmx.h:284
vcpu_vmx::exit_reason
union vmx_exit_reason exit_reason
Definition: vmx.h:320
vmcs12
Definition: vmcs12.h:27
vmcs12::guest_sysenter_eip
natural_width guest_sysenter_eip
Definition: vmcs12.h:107
vmcs12::guest_cr4
natural_width guest_cr4
Definition: vmcs12.h:90
vmcs12::guest_ia32_pat
u64 guest_ia32_pat
Definition: vmcs12.h:56
vmcs12::cpu_based_vm_exec_control
u32 cpu_based_vm_exec_control
Definition: vmcs12.h:122
vmcs12::exception_bitmap
u32 exception_bitmap
Definition: vmcs12.h:123
vmcs12::tpr_threshold
u32 tpr_threshold
Definition: vmcs12.h:135
vmcs12::vm_exit_controls
u32 vm_exit_controls
Definition: vmcs12.h:127
vmcs12::guest_cr0
natural_width guest_cr0
Definition: vmcs12.h:88
vmcs12::guest_ia32_debugctl
u64 guest_ia32_debugctl
Definition: vmcs12.h:55
vmcs12::guest_bndcfgs
u64 guest_bndcfgs
Definition: vmcs12.h:63
vmcs12::guest_sysenter_esp
natural_width guest_sysenter_esp
Definition: vmcs12.h:106
vmcs12::tsc_multiplier
u64 tsc_multiplier
Definition: vmcs12.h:73
vmcs12::exit_qualification
natural_width exit_qualification
Definition: vmcs12.h:86
vmcs12::cr0_guest_host_mask
natural_width cr0_guest_host_mask
Definition: vmcs12.h:81
vmcs12::guest_sysenter_cs
u32 guest_sysenter_cs
Definition: vmcs12.h:165
vmcs12::cr4_guest_host_mask
natural_width cr4_guest_host_mask
Definition: vmcs12.h:82
vmcs12::tsc_offset
u64 tsc_offset
Definition: vmcs12.h:43
vmcs_config
Definition: capabilities.h:56
vmcs_config::revision_id
u32 revision_id
Definition: capabilities.h:59
vmcs_config::basic_cap
u32 basic_cap
Definition: capabilities.h:58
vmcs_config::cpu_based_exec_ctrl
u32 cpu_based_exec_ctrl
Definition: capabilities.h:61
vmcs_config::pin_based_exec_ctrl
u32 pin_based_exec_ctrl
Definition: capabilities.h:60
vmcs_config::cpu_based_3rd_exec_ctrl
u64 cpu_based_3rd_exec_ctrl
Definition: capabilities.h:63
vmcs_config::misc
u64 misc
Definition: capabilities.h:66
vmcs_config::vmexit_ctrl
u32 vmexit_ctrl
Definition: capabilities.h:64
vmcs_config::size
int size
Definition: capabilities.h:57
vmcs_config::vmentry_ctrl
u32 vmentry_ctrl
Definition: capabilities.h:65
vmcs_config::cpu_based_2nd_exec_ctrl
u32 cpu_based_2nd_exec_ctrl
Definition: capabilities.h:62
vmcs_config::nested
struct nested_vmx_msrs nested
Definition: capabilities.h:67
vmcs_controls_shadow
Definition: vmcs.h:47
vmcs_hdr::shadow_vmcs
u32 shadow_vmcs
Definition: vmcs.h:18
vmcs_hdr::revision_id
u32 revision_id
Definition: vmcs.h:17
vmcs_host_state
Definition: vmcs.h:34
vmcs_host_state::fs_sel
u16 fs_sel
Definition: vmcs.h:41
vmcs_host_state::cr3
unsigned long cr3
Definition: vmcs.h:35
vmcs_host_state::cr4
unsigned long cr4
Definition: vmcs.h:36
vmcs_host_state::fs_base
unsigned long fs_base
Definition: vmcs.h:38
vmcs_host_state::ldt_sel
u16 ldt_sel
Definition: vmcs.h:41
vmcs_host_state::gs_base
unsigned long gs_base
Definition: vmcs.h:37
vmcs_host_state::gs_sel
u16 gs_sel
Definition: vmcs.h:41
vmcs_host_state::rsp
unsigned long rsp
Definition: vmcs.h:39
vmcs
Definition: vmcs.h:21
vmcs::hdr
struct vmcs_hdr hdr
Definition: vmcs.h:22
vmx_capability
Definition: capabilities.h:71
vmx_capability::vpid
u32 vpid
Definition: capabilities.h:73
vmx_capability::ept
u32 ept
Definition: capabilities.h:72
vmx_msrs
Definition: vmx.h:33
vmx_msrs::nr
unsigned int nr
Definition: vmx.h:34
vmx_msrs::val
struct vmx_msr_entry val[MAX_NR_LOADSTORE_MSRS]
Definition: vmx.h:35
vmx_uret_msr
Definition: vmx.h:38
vmx_uret_msr::mask
u64 mask
Definition: vmx.h:41
vmx_uret_msr::load_into_hardware
bool load_into_hardware
Definition: vmx.h:39
vmx_uret_msr::data
u64 data
Definition: vmx.h:40
x86_exception
Definition: kvm_emulate.h:22
x86_exception::vector
u8 vector
Definition: kvm_emulate.h:23
x86_exception::error_code_valid
bool error_code_valid
Definition: kvm_emulate.h:24
x86_instruction_info
Definition: kvm_emulate.h:36
x86_instruction_info::src_val
u64 src_val
Definition: kvm_emulate.h:42
x86_instruction_info::dst_bytes
u8 dst_bytes
Definition: kvm_emulate.h:45
x86_instruction_info::intercept
u8 intercept
Definition: kvm_emulate.h:37
x86_instruction_info::src_bytes
u8 src_bytes
Definition: kvm_emulate.h:44
x86_instruction_info::rep_prefix
u8 rep_prefix
Definition: kvm_emulate.h:38
x86_instruction_info::dst_val
u64 dst_val
Definition: kvm_emulate.h:43
X2APIC_MSR
#define X2APIC_MSR(x)
Definition: svm.c:81
vnmi
bool vnmi
Definition: svm.c:238
nested_exit_on_intr
static bool nested_exit_on_intr(struct vcpu_svm *svm)
Definition: svm.h:581
nested_exit_on_nmi
static bool nested_exit_on_nmi(struct vcpu_svm *svm)
Definition: svm.h:586
trace_kvm_cr_read
#define trace_kvm_cr_read(cr, val)
Definition: trace.h:478
KVM_ISA_VMX
#define KVM_ISA_VMX
Definition: trace.h:283
trace_kvm_cr_write
#define trace_kvm_cr_write(cr, val)
Definition: trace.h:479
vmx_exit_reason
Definition: vmx.h:73
vmx_exit_reason::full
u32 full
Definition: vmx.h:93
vmx_exit_reason::bus_lock_detected
u32 bus_lock_detected
Definition: vmx.h:86
vmx_exit_reason::enclave_mode
u32 enclave_mode
Definition: vmx.h:87
vmx_exit_reason::basic
u32 basic
Definition: vmx.h:75
vmx_exit_reason::failed_vmentry
u32 failed_vmentry
Definition: vmx.h:91
vmx_check_vmcs12_offsets
static void vmx_check_vmcs12_offsets(void)
Definition: vmcs12.h:214
is_nmi
static __always_inline bool is_nmi(u32 intr_info)
Definition: vmcs.h:149
is_nm_fault
static bool is_nm_fault(u32 intr_info)
Definition: vmcs.h:138
is_gp_fault
static bool is_gp_fault(u32 intr_info)
Definition: vmcs.h:123
is_page_fault
static bool is_page_fault(u32 intr_info)
Definition: vmcs.h:113
is_exception_with_error_code
static bool is_exception_with_error_code(u32 intr_info)
Definition: vmcs.h:159
is_icebp
static bool is_icebp(u32 intr_info)
Definition: vmcs.h:144
is_external_intr
static bool is_external_intr(u32 intr_info)
Definition: vmcs.h:154
is_invalid_opcode
static bool is_invalid_opcode(u32 intr_info)
Definition: vmcs.h:118
is_machine_check
static bool is_machine_check(u32 intr_info)
Definition: vmcs.h:133
nested_evmcs_filter_control_msr
void nested_evmcs_filter_control_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
Definition: hyperv.c:111
EVMPTR_INVALID
#define EVMPTR_INVALID
Definition: hyperv.h:9
nested_mark_vmcs12_pages_dirty
void nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu)
Definition: nested.c:3838
nested_vmx_free_vcpu
void nested_vmx_free_vcpu(struct kvm_vcpu *vcpu)
Definition: nested.c:372
nested_vmx_enter_non_root_mode
enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu, bool from_vmentry)
Definition: nested.c:3427
nested_vmx_reflect_vmexit
bool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu)
Definition: nested.c:6393
nested_vmx_hardware_unsetup
void nested_vmx_hardware_unsetup(void)
Definition: nested.c:7082
vmx_leave_nested
void vmx_leave_nested(struct kvm_vcpu *vcpu)
Definition: nested.c:6568
vmx_nested_ops
struct kvm_x86_nested_ops vmx_nested_ops
Definition: nested.c:7131
nested_vmx_hardware_setup
__init int nested_vmx_hardware_setup(int(*exit_handlers[])(struct kvm_vcpu *))
Definition: nested.c:7092
get_vmx_mem_address
int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification, u32 vmx_instruction_info, bool wr, int len, gva_t *ret)
Definition: nested.c:4963
nested_vmx_check_io_bitmaps
bool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, unsigned int port, int size)
Definition: nested.c:5963
nested_vmx_setup_ctls_msrs
void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
Definition: nested.c:7045
nested_sync_vmcs12_to_shadow
void nested_sync_vmcs12_to_shadow(struct kvm_vcpu *vcpu)
Definition: nested.c:2124
vmx_get_vmx_msr
int vmx_get_vmx_msr(struct nested_vmx_msrs *msrs, u32 msr_index, u64 *pdata)
Definition: nested.c:1458
nested_vmx_vmexit
void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, u32 exit_intr_info, unsigned long exit_qualification)
Definition: nested.c:4767
nested_vmx_set_vmcs_shadowing_bitmap
void nested_vmx_set_vmcs_shadowing_bitmap(void)
Definition: nested.c:6764
vmx_set_vmx_msr
int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
Definition: nested.c:1393
vmx_is_valid_cr4
static bool vmx_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
Definition: vmx.c:3416
handle_vmx_instruction
static int handle_vmx_instruction(struct kvm_vcpu *vcpu)
Definition: vmx.c:6026
__vmx_set_segment
void __vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
Definition: vmx.c:3572
vmx_setup_mce
static void vmx_setup_mce(struct kvm_vcpu *vcpu)
Definition: vmx.c:8133
cpu_has_sgx
static bool cpu_has_sgx(void)
Definition: vmx.c:2516
vmx_clear_hlt
static void vmx_clear_hlt(struct kvm_vcpu *vcpu)
Definition: vmx.c:1784
rmode_exception
static bool rmode_exception(struct kvm_vcpu *vcpu, int vec)
Definition: vmx.c:5101
vmx_secondary_exec_control
static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx)
Definition: vmx.c:4590
vmx_load_mmu_pgd
static void vmx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level)
Definition: vmx.c:3385
vmx_find_loadstore_msr_slot
int vmx_find_loadstore_msr_slot(struct vmx_msrs *m, u32 msr)
Definition: vmx.c:969
ple_window_max
static unsigned int ple_window_max
Definition: vmx.c:211
pt_guest_enter
static void pt_guest_enter(struct vcpu_vmx *vmx)
Definition: vmx.c:1220
fix_pmode_seg
static void fix_pmode_seg(struct kvm_vcpu *vcpu, int seg, struct kvm_segment *save)
Definition: vmx.c:2978
vmx_segment_access_rights
static u32 vmx_segment_access_rights(struct kvm_segment *var)
Definition: vmx.c:3555
MSR_BITMAP_MODE_X2APIC_APICV
#define MSR_BITMAP_MODE_X2APIC_APICV
Definition: vmx.c:130
handle_task_switch
static int handle_task_switch(struct kvm_vcpu *vcpu)
Definition: vmx.c:5688
vmx_deliver_nested_posted_interrupt
static int vmx_deliver_nested_posted_interrupt(struct kvm_vcpu *vcpu, int vector)
Definition: vmx.c:4206
vmptrld_error
noinline void vmptrld_error(struct vmcs *vmcs, u64 phys_addr)
Definition: vmx.c:464
allocate_vpid
int allocate_vpid(void)
Definition: vmx.c:3919
vmx_set_msr
static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
Definition: vmx.c:2164
pt_save_msr
static void pt_save_msr(struct pt_ctx *ctx, u32 addr_range)
Definition: vmx.c:1206
handle_nmi_window
static int handle_nmi_window(struct kvm_vcpu *vcpu)
Definition: vmx.c:5820
cpu_preemption_timer_multi
static int __read_mostly cpu_preemption_timer_multi
Definition: vmx.c:135
ept_save_pdptrs
void ept_save_pdptrs(struct kvm_vcpu *vcpu)
Definition: vmx.c:3246
vmx_do_interrupt_irqoff
void vmx_do_interrupt_irqoff(unsigned long entry)
kvm_cpu_vmxon
static int kvm_cpu_vmxon(u64 vmxon_pointer)
Definition: vmx.c:2790
vmx_dump_dtsel
static void vmx_dump_dtsel(char *name, uint32_t limit)
Definition: vmx.c:6215
vmx_set_tss_addr
static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
Definition: vmx.c:5075
vmx_apic_init_signal_blocked
static bool vmx_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
Definition: vmx.c:8200
free_vmcs
void free_vmcs(struct vmcs *vmcs)
Definition: vmx.c:2885
vmx_msr_filter_changed
static void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
Definition: vmx.c:4134
L1D_CACHE_ORDER
#define L1D_CACHE_ORDER
Definition: vmx.c:237
vmx_refresh_apicv_exec_ctrl
static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
Definition: vmx.c:4438
vmentry_l1d_flush_ops
static const struct kernel_param_ops vmentry_l1d_flush_ops
Definition: vmx.c:418
vmx_set_constant_host_state
void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
Definition: vmx.c:4296
ldtr_valid
static bool ldtr_valid(struct kvm_vcpu *vcpu)
Definition: vmx.c:3762
vmx_load_eoi_exitmap
static void vmx_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
Definition: vmx.c:6911
vmx_skip_emulated_instruction
static int vmx_skip_emulated_instruction(struct kvm_vcpu *vcpu)
Definition: vmx.c:1778
vmx_write_tsc_multiplier
static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu)
Definition: vmx.c:1923
handle_machine_check
static int handle_machine_check(struct kvm_vcpu *vcpu)
Definition: vmx.c:5157
seg_setup
static void seg_setup(int seg)
Definition: vmx.c:3904
module_param_named
module_param_named(vpid, enable_vpid, bool, 0444)
__vmx_handle_exit
static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
Definition: vmx.c:6411
vmx_set_gdt
static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
Definition: vmx.c:3642
vmx_enable_fb_clear
static __always_inline void vmx_enable_fb_clear(struct vcpu_vmx *vmx)
Definition: vmx.c:380
vmx_set_idt
static void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
Definition: vmx.c:3630
vmx_vmexit
void vmx_vmexit(void)
vmx_dump_sel
static void vmx_dump_sel(char *name, uint32_t sel)
Definition: vmx.c:6206
vmx_get_if_flag
static bool vmx_get_if_flag(struct kvm_vcpu *vcpu)
Definition: vmx.c:1556
handle_invlpg
static int handle_invlpg(struct kvm_vcpu *vcpu)
Definition: vmx.c:5631
vmx_setup_uret_msr
static void vmx_setup_uret_msr(struct vcpu_vmx *vmx, unsigned int msr, bool load_into_hardware)
Definition: vmx.c:1842
vmx_complete_interrupts
static void vmx_complete_interrupts(struct vcpu_vmx *vmx)
Definition: vmx.c:7118
msr_write_intercepted
static bool msr_write_intercepted(struct vcpu_vmx *vmx, u32 msr)
Definition: vmx.c:936
handle_dr
static int handle_dr(struct kvm_vcpu *vcpu)
Definition: vmx.c:5528
vmentry_l1d_flush_parse
static int vmentry_l1d_flush_parse(const char *s)
Definition: vmx.c:316
MSR_BITMAP_MODE_X2APIC
#define MSR_BITMAP_MODE_X2APIC
Definition: vmx.c:129
vmx_check_emulate_instruction
static int vmx_check_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, void *insn, int insn_len)
Definition: vmx.c:1662
vmx_get_interrupt_shadow
u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu)
Definition: vmx.c:1561
vmx_cache_reg
static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
Definition: vmx.c:2467
vmx_exec_control
static u32 vmx_exec_control(struct vcpu_vmx *vmx)
Definition: vmx.c:4466
vmx_check_intercept_io
static int vmx_check_intercept_io(struct kvm_vcpu *vcpu, struct x86_instruction_info *info)
Definition: vmx.c:7941
vmx_hardware_disable
static void vmx_hardware_disable(void)
Definition: vmx.c:2850
pt_load_msr
static void pt_load_msr(struct pt_ctx *ctx, u32 addr_range)
Definition: vmx.c:1192
vmx_inject_irq
static void vmx_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
Definition: vmx.c:4932
option
const char * option
Definition: vmx.c:226
vmx_exit_handlers_fastpath
static fastpath_t vmx_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
Definition: vmx.c:7217
vmx_emulation_required
bool vmx_emulation_required(struct kvm_vcpu *vcpu)
Definition: vmx.c:1504
rmode_segment_valid
static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg)
Definition: vmx.c:3648
vmx_set_efer
int vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
Definition: vmx.c:3115
vmentry_l1d_param
static const struct @59 vmentry_l1d_param[]
vmx_interrupt_blocked
bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
Definition: vmx.c:5050
add_atomic_switch_msr_special
static __always_inline void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, unsigned long entry, unsigned long exit, unsigned long guest_val_vmcs, unsigned long host_val_vmcs, u64 guest_val, u64 host_val)
Definition: vmx.c:1020
cpu_has_perf_global_ctrl_bug
static bool cpu_has_perf_global_ctrl_bug(void)
Definition: vmx.c:2527
vmx_cancel_injection
static void vmx_cancel_injection(struct kvm_vcpu *vcpu)
Definition: vmx.c:7125
vmx_get_pid_table_order
static int vmx_get_pid_table_order(struct kvm *kvm)
Definition: vmx.c:4677
vmx_deliver_interrupt
static void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode, int trig_mode, int vector)
Definition: vmx.c:4275
vmx_hardware_enable
static int vmx_hardware_enable(void)
Definition: vmx.c:2810
KVM_RMODE_VM_CR4_ALWAYS_ON
#define KVM_RMODE_VM_CR4_ALWAYS_ON
Definition: vmx.c:151
vmx_enable_intercept_for_msr
void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
Definition: vmx.c:4006
vmx_setup_me_spte_mask
static void __init vmx_setup_me_spte_mask(void)
Definition: vmx.c:8471
vmx_set_virtual_apic_mode
void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu)
Definition: vmx.c:6694
vmx_check_intercept
static int vmx_check_intercept(struct kvm_vcpu *vcpu, struct x86_instruction_info *info, enum x86_intercept_stage stage, struct x86_exception *exception)
Definition: vmx.c:7975
handle_fastpath_preemption_timer
static fastpath_t handle_fastpath_preemption_timer(struct kvm_vcpu *vcpu)
Definition: vmx.c:6003
ple_window_shrink
static unsigned int ple_window_shrink
Definition: vmx.c:207
vmx_vcpu_create
static int vmx_vcpu_create(struct kvm_vcpu *vcpu)
Definition: vmx.c:7450
vmx_msr_bitmap_l01_changed
static void vmx_msr_bitmap_l01_changed(struct vcpu_vmx *vmx)
Definition: vmx.c:3944
alloc_loaded_vmcs
int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
Definition: vmx.c:2905
vmx_setup_uret_msrs
static void vmx_setup_uret_msrs(struct vcpu_vmx *vmx)
Definition: vmx.c:1860
vmx_nmi_allowed
static int vmx_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
Definition: vmx.c:5038
vmx_adjust_secondary_exec_control
static void vmx_adjust_secondary_exec_control(struct vcpu_vmx *vmx, u32 *exec_control, u32 control, bool enabled, bool exiting)
Definition: vmx.c:4530
vmx_get_max_ept_level
static int vmx_get_max_ept_level(void)
Definition: vmx.c:3364
vmx_get_l2_tsc_offset
u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu)
Definition: vmx.c:1897
handle_set_cr4
static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val)
Definition: vmx.c:5419
kvm_vmx_exit_handlers
static int(* kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu)
Definition: vmx.c:6087
DECLARE_BITMAP
static DECLARE_BITMAP(vmx_vpid_bitmap, VMX_NR_VPIDS)
vmx_guest_apic_has_interrupt
static bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
Definition: vmx.c:4114
vmx_sync_dirty_debug_regs
static void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
Definition: vmx.c:5591
vmx_check_processor_compat
static int vmx_check_processor_compat(void)
Definition: vmx.c:2768
vmx_vm_destroy
static void vmx_vm_destroy(struct kvm *kvm)
Definition: vmx.c:8236
vmx_inject_nmi
static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
Definition: vmx.c:4960
vmx_destroy_pml_buffer
static void vmx_destroy_pml_buffer(struct vcpu_vmx *vmx)
Definition: vmx.c:6167
vmx_setup_user_return_msrs
static __init void vmx_setup_user_return_msrs(void)
Definition: vmx.c:8445
kvm_is_vmx_supported
static bool kvm_is_vmx_supported(void)
Definition: vmx.c:2757
handle_encls
static int handle_encls(struct kvm_vcpu *vcpu)
Definition: vmx.c:6033
code_segment_valid
static bool code_segment_valid(struct kvm_vcpu *vcpu)
Definition: vmx.c:3669
vmx_dump_msrs
static void vmx_dump_msrs(char *name, struct vmx_msrs *m)
Definition: vmx.c:6222
__kvm_is_vmx_supported
static bool __kvm_is_vmx_supported(void)
Definition: vmx.c:2739
vmx_request_immediate_exit
static void vmx_request_immediate_exit(struct kvm_vcpu *vcpu)
Definition: vmx.c:7936
handle_triple_fault
static int handle_triple_fault(struct kvm_vcpu *vcpu)
Definition: vmx.c:5353
handle_ept_violation
static int handle_ept_violation(struct kvm_vcpu *vcpu)
Definition: vmx.c:5745
__vmx_complete_interrupts
static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, u32 idt_vectoring_info, int instr_len_field, int error_code_field)
Definition: vmx.c:7064
vmx_get_idt
static void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
Definition: vmx.c:3624
is_valid_passthrough_msr
static bool is_valid_passthrough_msr(u32 msr)
Definition: vmx.c:681
enable_ept_ad_bits
bool __read_mostly enable_ept_ad_bits
Definition: vmx.c:98
vmx_prepare_switch_to_host
static void vmx_prepare_switch_to_host(struct vcpu_vmx *vmx)
Definition: vmx.c:1356
dump_invalid_vmcs
static bool __read_mostly dump_invalid_vmcs
Definition: vmx.c:126
vmx_cleanup_l1d_flush
static void vmx_cleanup_l1d_flush(void)
Definition: vmx.c:8698
enter_pmode
static void enter_pmode(struct kvm_vcpu *vcpu)
Definition: vmx.c:2997
vmx_adjust_sec_exec_control
#define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting)
Definition: vmx.c:4568
update_transition_efer
static bool update_transition_efer(struct vcpu_vmx *vmx)
Definition: vmx.c:1098
handle_preemption_timer
static int handle_preemption_timer(struct kvm_vcpu *vcpu)
Definition: vmx.c:6016
vmx_vcpu_precreate
static int vmx_vcpu_precreate(struct kvm *kvm)
Definition: vmx.c:4702
vmcs_set_secondary_exec_control
static void vmcs_set_secondary_exec_control(struct vcpu_vmx *vmx, u32 new_ctl)
Definition: vmx.c:7627
__vmx_vcpu_run_flags
unsigned int __vmx_vcpu_run_flags(struct vcpu_vmx *vmx)
Definition: vmx.c:944
vmx_set_identity_map_addr
static int vmx_set_identity_map_addr(struct kvm *kvm, u64 ident_addr)
Definition: vmx.c:5095
alloc_kvm_area
static __init int alloc_kvm_area(void)
Definition: vmx.c:2947
vmx_update_msr_bitmap_x2apic
static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu)
Definition: vmx.c:4038
pt_can_write_msr
static bool pt_can_write_msr(struct vcpu_vmx *vmx)
Definition: vmx.c:1180
__vmx_exit
static void __vmx_exit(void)
Definition: vmx.c:8708
vmx_get_nmi_mask
bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)
Definition: vmx.c:4991
kvm_vmx_segment_fields
static const struct kvm_vmx_segment_field kvm_vmx_segment_fields[]
vmx_set_host_fs_gs
void vmx_set_host_fs_gs(struct vmcs_host_state *host, u16 fs_sel, u16 gs_sel, unsigned long fs_base, unsigned long gs_base)
Definition: vmx.c:1255
vmx_tertiary_exec_control
static u64 vmx_tertiary_exec_control(struct vcpu_vmx *vmx)
Definition: vmx.c:4510
vmx_vcpu_put
static void vmx_vcpu_put(struct kvm_vcpu *vcpu)
Definition: vmx.c:1497
vmx_flush_tlb_guest
static void vmx_flush_tlb_guest(struct kvm_vcpu *vcpu)
Definition: vmx.c:3219
vmx_segment_cache_test_set
static bool vmx_segment_cache_test_set(struct vcpu_vmx *vmx, unsigned seg, unsigned field)
Definition: vmx.c:823
RMODE_GUEST_OWNED_EFLAGS_BITS
#define RMODE_GUEST_OWNED_EFLAGS_BITS
Definition: vmx.c:153
KVM_VMX_TSC_MULTIPLIER_MAX
#define KVM_VMX_TSC_MULTIPLIER_MAX
Definition: vmx.c:132
vmx_insn_failed
#define vmx_insn_failed(fmt...)
Definition: vmx.c:428
L1TF_MSG_SMT
#define L1TF_MSG_SMT
Definition: vmx.c:7556
enable_vnmi
static bool __read_mostly enable_vnmi
Definition: vmx.c:85
handle_exception_irqoff
static void handle_exception_irqoff(struct vcpu_vmx *vmx)
Definition: vmx.c:6953
vmx_update_exception_bitmap
void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu)
Definition: vmx.c:874
vmx_handle_exit
static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
Definition: vmx.c:6590
error_on_inconsistent_vmcs_config
static bool __read_mostly error_on_inconsistent_vmcs_config
Definition: vmx.c:123
__loaded_vmcs_clear
static void __loaded_vmcs_clear(void *arg)
Definition: vmx.c:785
vmx_deliver_posted_interrupt
static int vmx_deliver_posted_interrupt(struct kvm_vcpu *vcpu, int vector)
Definition: vmx.c:4245
handle_rmode_exception
static int handle_rmode_exception(struct kvm_vcpu *vcpu, int vec, u32 err_code)
Definition: vmx.c:5130
CR3_EXITING_BITS
#define CR3_EXITING_BITS
Definition: vmx.c:3261
vmx_update_emulated_instruction
static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
Definition: vmx.c:1747
ple_window_grow
static unsigned int ple_window_grow
Definition: vmx.c:203
__vmx_guest_state_valid
bool __vmx_guest_state_valid(struct kvm_vcpu *vcpu)
Definition: vmx.c:3796
KVM_SUPPORTED_FEATURE_CONTROL
#define KVM_SUPPORTED_FEATURE_CONTROL
Definition: vmx.c:1935
vmx_pin_based_exec_ctrl
static u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx)
Definition: vmx.c:4379
handle_monitor_trap
static int handle_monitor_trap(struct kvm_vcpu *vcpu)
Definition: vmx.c:5942
handle_exception_nmi
static int handle_exception_nmi(struct kvm_vcpu *vcpu)
Definition: vmx.c:5183
vmclear_error
noinline void vmclear_error(struct vmcs *vmcs, u64 phys_addr)
Definition: vmx.c:458
vmx_vcpu_load_vmcs
void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, struct loaded_vmcs *buddy)
Definition: vmx.c:1415
hardware_setup
static __init int hardware_setup(void)
Definition: vmx.c:8498
ple_window
static unsigned int ple_window
Definition: vmx.c:199
clear_atomic_switch_msr_special
static __always_inline void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx, unsigned long entry, unsigned long exit)
Definition: vmx.c:962
set_cr4_guest_host_mask
void set_cr4_guest_host_mask(struct vcpu_vmx *vmx)
Definition: vmx.c:4363
vmx_setup_l1d_flush
static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
Definition: vmx.c:240
kvm_vmx_max_exit_handlers
static const int kvm_vmx_max_exit_handlers
Definition: vmx.c:6142
allow_smaller_maxphyaddr
bool __read_mostly allow_smaller_maxphyaddr
Definition: x86.c:232
handle_invalid_guest_state
static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
Definition: vmx.c:5840
vmx_possible_passthrough_msrs
static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSTHROUGH_MSRS]
Definition: vmx.c:164
vmx_recover_nmi_blocking
static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)
Definition: vmx.c:7024
vmx_prepare_switch_to_guest
void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
Definition: vmx.c:1282
enable_pml
bool __read_mostly enable_pml
Definition: vmx.c:120
vmx_has_emulated_msr
static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index)
Definition: vmx.c:7002
vmx_migrate_timers
static void vmx_migrate_timers(struct kvm_vcpu *vcpu)
Definition: vmx.c:8205
vmx_get_gdt
static void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
Definition: vmx.c:3636
handle_ept_misconfig
static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
Definition: vmx.c:5799
KVM_PMODE_VM_CR4_ALWAYS_ON
#define KVM_PMODE_VM_CR4_ALWAYS_ON
Definition: vmx.c:150
invvpid_error
noinline void invvpid_error(unsigned long ext, u16 vpid, gva_t gva)
Definition: vmx.c:470
vmx_interrupt_allowed
static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
Definition: vmx.c:5060
construct_eptp
u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level)
Definition: vmx.c:3371
MODULE_AUTHOR
MODULE_AUTHOR("Qumranet")
nested_vmx_cr_fixed1_bits_update
static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu)
Definition: vmx.c:7650
vmx_vcpu_reset
static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
Definition: vmx.c:4857
handle_nm_fault_irqoff
static void handle_nm_fault_irqoff(struct kvm_vcpu *vcpu)
Definition: vmx.c:6933
module_init
module_init(vmx_init)
pt_output_base_valid
static bool pt_output_base_valid(struct kvm_vcpu *vcpu, u64 base)
Definition: vmx.c:1186
VMX_XSS_EXIT_BITMAP
#define VMX_XSS_EXIT_BITMAP
Definition: vmx.c:4707
vmx_vcpu_after_set_cpuid
static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
Definition: vmx.c:7762
cpu_need_virtualize_apic_accesses
static bool cpu_need_virtualize_apic_accesses(struct kvm_vcpu *vcpu)
Definition: vmx.c:665
vmx_get_supported_debugctl
static u64 vmx_get_supported_debugctl(struct kvm_vcpu *vcpu, bool host_initiated)
Definition: vmx.c:2144
invept_error
noinline void invept_error(unsigned long ext, u64 eptp, gpa_t gpa)
Definition: vmx.c:476
vmx_vcpu_run
static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu)
Definition: vmx.c:7283
vmx_read_guest_seg_base
static ulong vmx_read_guest_seg_base(struct vcpu_vmx *vmx, unsigned seg)
Definition: vmx.c:847
vmx_apicv_pre_state_restore
static void vmx_apicv_pre_state_restore(struct kvm_vcpu *vcpu)
Definition: vmx.c:6922
vmx_update_host_rsp
void noinstr vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp)
Definition: vmx.c:7184
vmx_ept_load_pdptrs
void vmx_ept_load_pdptrs(struct kvm_vcpu *vcpu)
Definition: vmx.c:3231
vmx_find_uret_msr
struct vmx_uret_msr * vmx_find_uret_msr(struct vcpu_vmx *vmx, u32 msr)
Definition: vmx.c:713
handle_external_interrupt_irqoff
static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu)
Definition: vmx.c:6968
vmx_disable_intercept_for_msr
void vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type)
Definition: vmx.c:3962
init_rmode_tss
static int init_rmode_tss(struct kvm *kvm, void __user *ua)
Definition: vmx.c:3841
handle_desc
static int handle_desc(struct kvm_vcpu *vcpu)
Definition: vmx.c:5436
nested
static bool __read_mostly nested
Definition: vmx.c:117
vmx_preemption_cpu_tfms
static u32 vmx_preemption_cpu_tfms[]
Definition: vmx.c:622
clear_atomic_switch_msr
static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr)
Definition: vmx.c:980
vmx_get_cpl
int vmx_get_cpl(struct kvm_vcpu *vcpu)
Definition: vmx.c:3543
vmx_flush_tlb_all
static void vmx_flush_tlb_all(struct kvm_vcpu *vcpu)
Definition: vmx.c:3164
pt_mode
int __read_mostly pt_mode
Definition: vmx.c:215
vmx_get_cs_db_l_bits
static void vmx_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
Definition: vmx.c:3616
vmx_flush_tlb_gva
static void vmx_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t addr)
Definition: vmx.c:3210
vmx_set_segment
static void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
Definition: vmx.c:3609
DEFINE_STATIC_KEY_FALSE
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush)
vmx_hwapic_isr_update
static void vmx_hwapic_isr_update(int max_isr)
Definition: vmx.c:6817
KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST
#define KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST
Definition: vmx.c:145
handle_interrupt_window
static int handle_interrupt_window(struct kvm_vcpu *vcpu)
Definition: vmx.c:5621
cpu_has_broken_vmx_preemption_timer
static bool cpu_has_broken_vmx_preemption_timer(void)
Definition: vmx.c:652
handle_apic_write
static int handle_apic_write(struct kvm_vcpu *vcpu)
Definition: vmx.c:5671
vmx_set_dr7
static void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val)
Definition: vmx.c:5610
vmx_vcpu_load
static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
Definition: vmx.c:1486
possible_passthrough_msr_slot
static int possible_passthrough_msr_slot(u32 msr)
Definition: vmx.c:670
vmx_get_segment_base
static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg)
Definition: vmx.c:3532
handle_cr
static int handle_cr(struct kvm_vcpu *vcpu)
Definition: vmx.c:5448
vmentry_l1d_flush_get
static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
Definition: vmx.c:358
handle_apic_eoi_induced
static int handle_apic_eoi_induced(struct kvm_vcpu *vcpu)
Definition: vmx.c:5661
KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST
#define KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST
Definition: vmx.c:149
handle_io
static int handle_io(struct kvm_vcpu *vcpu)
Definition: vmx.c:5360
vmx_enable_irq_window
static void vmx_enable_irq_window(struct kvm_vcpu *vcpu)
Definition: vmx.c:4916
vmx_init
static int __init vmx_init(void)
Definition: vmx.c:8726
for_parse
bool for_parse
Definition: vmx.c:227
shrink_ple_window
static void shrink_ple_window(struct kvm_vcpu *vcpu)
Definition: vmx.c:5907
vmx_write_tsc_offset
static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu)
Definition: vmx.c:1918
vmx_vmexit_ctrl
static u32 vmx_vmexit_ctrl(void)
Definition: vmx.c:4415
emulate_invalid_guest_state
static bool __read_mostly emulate_invalid_guest_state
Definition: vmx.c:101
alloc_vmcs_cpu
struct vmcs * alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags)
Definition: vmx.c:2862
vmx_get_exit_info
static void vmx_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason, u64 *info1, u64 *info2, u32 *intr_info, u32 *error_code)
Definition: vmx.c:6145
KVM_VM_CR0_ALWAYS_OFF
#define KVM_VM_CR0_ALWAYS_OFF
Definition: vmx.c:144
grow_ple_window
static void grow_ple_window(struct kvm_vcpu *vcpu)
Definition: vmx.c:5891
vmx_update_cpu_dirty_logging
void vmx_update_cpu_dirty_logging(struct kvm_vcpu *vcpu)
Definition: vmx.c:8110
vmx_guest_inject_ac
bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu)
Definition: vmx.c:5174
vmx_update_cr8_intercept
static void vmx_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
Definition: vmx.c:6678
__ro_after_init
struct vmcs_config vmcs_config __ro_after_init
Definition: vmx.c:493
vmx_patch_hypercall
static void vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
Definition: vmx.c:5382
vmx_get_msr
static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
Definition: vmx.c:1983
kvm_vcpu_trigger_posted_interrupt
static void kvm_vcpu_trigger_posted_interrupt(struct kvm_vcpu *vcpu, int pi_vec)
Definition: vmx.c:4162
handle_pause
static int handle_pause(struct kvm_vcpu *vcpu)
Definition: vmx.c:5927
vmx_set_nmi_mask
void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
Definition: vmx.c:5005
vmx_read_guest_seg_limit
static u32 vmx_read_guest_seg_limit(struct vcpu_vmx *vmx, unsigned seg)
Definition: vmx.c:856
vmx_l1d_flush_pages
static void * vmx_l1d_flush_pages
Definition: vmx.c:238
module_exit
module_exit(vmx_exit)
vmx_spec_ctrl_restore_host
void noinstr vmx_spec_ctrl_restore_host(struct vcpu_vmx *vmx, unsigned int flags)
Definition: vmx.c:7192
vmx_vcpu_pre_run
static int vmx_vcpu_pre_run(struct kvm_vcpu *vcpu)
Definition: vmx.c:5881
vmx_get_current_vpid
static int vmx_get_current_vpid(struct kvm_vcpu *vcpu)
Definition: vmx.c:3187
__vmx_vcpu_reset
static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu)
Definition: vmx.c:4827
stack_segment_valid
static bool stack_segment_valid(struct kvm_vcpu *vcpu)
Definition: vmx.c:3697
enable_ept
bool __read_mostly enable_ept
Definition: vmx.c:91
free_kvm_area
static void free_kvm_area(void)
Definition: vmx.c:2937
kvm_cpu_vmxoff
static int kvm_cpu_vmxoff(void)
Definition: vmx.c:748
vmx_get_l2_tsc_multiplier
u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu)
Definition: vmx.c:1907
handle_set_cr0
static int handle_set_cr0(struct kvm_vcpu *vcpu, unsigned long val)
Definition: vmx.c:5393
vmx_emergency_disable
static void vmx_emergency_disable(void)
Definition: vmx.c:762
vmx_vcpu_free
static void vmx_vcpu_free(struct kvm_vcpu *vcpu)
Definition: vmx.c:7439
handle_external_interrupt
static __always_inline int handle_external_interrupt(struct kvm_vcpu *vcpu)
Definition: vmx.c:5347
vmx_sync_pir_to_irr
static int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu)
Definition: vmx.c:6865
adjust_vmx_controls64
static u64 adjust_vmx_controls64(u64 ctl_opt, u32 msr)
Definition: vmx.c:2563
vmx_rtit_ctl_check
static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data)
Definition: vmx.c:1590
vmx_hwapic_irr_update
static void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr)
Definition: vmx.c:6851
dump_vmcs
void dump_vmcs(struct kvm_vcpu *vcpu)
Definition: vmx.c:6232
vmentry_l1d_flush_param
static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param
Definition: vmx.c:223
pt_update_intercept_for_msr
void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu)
Definition: vmx.c:4098
vmx_get_untagged_addr
gva_t vmx_get_untagged_addr(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags)
Definition: vmx.c:8250
module_param_cb
module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644)
vmx_hardware_unsetup
static void vmx_hardware_unsetup(void)
Definition: vmx.c:8215
ple_gap
static unsigned int ple_gap
Definition: vmx.c:196
vmx_is_valid_cr0
static bool vmx_is_valid_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
Definition: vmx.c:3264
handle_pml_full
static int handle_pml_full(struct kvm_vcpu *vcpu)
Definition: vmx.c:5978
enable_vpid
bool __read_mostly enable_vpid
Definition: vmx.c:82
enter_rmode
static void enter_rmode(struct kvm_vcpu *vcpu)
Definition: vmx.c:3067
vmx_do_nmi_irqoff
void vmx_do_nmi_irqoff(void)
vmx_get_perf_capabilities
static u64 vmx_get_perf_capabilities(void)
Definition: vmx.c:7840
vmx_exit
static void vmx_exit(void)
Definition: vmx.c:8717
vmx_flush_pml_buffer
static void vmx_flush_pml_buffer(struct kvm_vcpu *vcpu)
Definition: vmx.c:6175
vmwrite_error
noinline void vmwrite_error(unsigned long field, unsigned long value)
Definition: vmx.c:452
vmx_get_msr_feature
static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
Definition: vmx.c:1966
init_rmode_identity_map
static int init_rmode_identity_map(struct kvm *kvm)
Definition: vmx.c:3863
hv_init_evmcs
static void hv_init_evmcs(void)
Definition: vmx.c:613
vmx_get_mt_mask
static u8 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
Definition: vmx.c:7590
MSR_IA32_RTIT_STATUS_MASK
#define MSR_IA32_RTIT_STATUS_MASK
Definition: vmx.c:155
pt_guest_exit
static void pt_guest_exit(struct vcpu_vmx *vmx)
Definition: vmx.c:1237
enable_unrestricted_guest
bool __read_mostly enable_unrestricted_guest
Definition: vmx.c:94
vmx_set_cr0
void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
Definition: vmx.c:3275
vmx_get_segment
void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg)
Definition: vmx.c:3496
loaded_vmcs_clear
void loaded_vmcs_clear(struct loaded_vmcs *loaded_vmcs)
Definition: vmx.c:814
data_segment_valid
static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg)
Definition: vmx.c:3719
adjust_vmx_controls
static int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt, u32 msr, u32 *result)
Definition: vmx.c:2545
vmx_enable_nmi_window
static void vmx_enable_nmi_window(struct kvm_vcpu *vcpu)
Definition: vmx.c:4921
setup_vmcs_config
static int setup_vmcs_config(struct vmcs_config *vmcs_conf, struct vmx_capability *vmx_cap)
Definition: vmx.c:2572
update_intel_pt_cfg
static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
Definition: vmx.c:7693
fix_rmode_seg
static void fix_rmode_seg(int seg, struct kvm_segment *save)
Definition: vmx.c:3035
enable_ipiv
bool __read_mostly enable_ipiv
Definition: vmx.c:109
cs_ss_rpl_check
static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu)
Definition: vmx.c:3780
vmx_set_guest_uret_msr
static int vmx_set_guest_uret_msr(struct vcpu_vmx *vmx, struct vmx_uret_msr *msr, u64 data)
Definition: vmx.c:723
vmx_handle_exit_irqoff
static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu)
Definition: vmx.c:6985
vmx_set_cpu_caps
static __init void vmx_set_cpu_caps(void)
Definition: vmx.c:7887
vmx_update_fb_clear_dis
static void vmx_update_fb_clear_dis(struct kvm_vcpu *vcpu, struct vcpu_vmx *vmx)
Definition: vmx.c:389
vmx_vm_init
static int vmx_vm_init(struct kvm *kvm)
Definition: vmx.c:7559
vmx_vcpu_enter_exit
static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu, unsigned int flags)
Definition: vmx.c:7229
DEFINE_PER_CPU
static DEFINE_PER_CPU(struct vmcs *, vmxarea)
MODULE_LICENSE
MODULE_LICENSE("GPL")
init_vmcs
static void init_vmcs(struct vcpu_vmx *vmx)
Definition: vmx.c:4709
fasteoi
static bool __read_mostly fasteoi
Definition: vmx.c:104
module_param
module_param(emulate_invalid_guest_state, bool, 0444)
flexpriority_enabled
bool __read_mostly flexpriority_enabled
Definition: vmx.c:88
vmx_emulation_required_with_pending_exception
static bool vmx_emulation_required_with_pending_exception(struct kvm_vcpu *vcpu)
Definition: vmx.c:5832
handle_apic_access
static int handle_apic_access(struct kvm_vcpu *vcpu)
Definition: vmx.c:5639
vmx_l1d_flush
static noinstr void vmx_l1d_flush(struct kvm_vcpu *vcpu)
Definition: vmx.c:6618
__initdata
static struct kvm_x86_ops vmx_x86_ops __initdata
Definition: vmx.c:8287
vmread_error
noinline void vmread_error(unsigned long field)
Definition: vmx.c:434
vmx_set_cr4
void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
Definition: vmx.c:3432
vmx_segment_cache_clear
static void vmx_segment_cache_clear(struct vcpu_vmx *vmx)
Definition: vmx.c:520
vmentry_l1d_flush_set
static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
Definition: vmx.c:330
vmx_get_rflags
unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu)
Definition: vmx.c:1509
vmx_read_guest_seg_selector
static u16 vmx_read_guest_seg_selector(struct vcpu_vmx *vmx, unsigned seg)
Definition: vmx.c:838
VMX_REQUIRED_APICV_INHIBITS
#define VMX_REQUIRED_APICV_INHIBITS
Definition: vmx.c:8225
tr_valid
static bool tr_valid(struct kvm_vcpu *vcpu)
Definition: vmx.c:3744
vmx_set_interrupt_shadow
void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
Definition: vmx.c:1574
atomic_switch_perf_msrs
static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
Definition: vmx.c:7135
is_vmx_feature_control_msr_valid
static bool is_vmx_feature_control_msr_valid(struct vcpu_vmx *vmx, struct msr_data *msr)
Definition: vmx.c:1942
vmx_set_rflags
void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
Definition: vmx.c:1527
handle_notify
static int handle_notify(struct kvm_vcpu *vcpu)
Definition: vmx.c:6056
enable_preemption_timer
static bool __read_mostly enable_preemption_timer
Definition: vmx.c:136
vmx_adjust_sec_exec_exiting
#define vmx_adjust_sec_exec_exiting(vmx, exec_control, lname, uname)
Definition: vmx.c:4587
handle_bus_lock_vmexit
static int handle_bus_lock_vmexit(struct kvm_vcpu *vcpu)
Definition: vmx.c:6045
vmx_nmi_blocked
bool vmx_nmi_blocked(struct kvm_vcpu *vcpu)
Definition: vmx.c:5025
vmx_read_guest_seg_ar
static u32 vmx_read_guest_seg_ar(struct vcpu_vmx *vmx, unsigned seg)
Definition: vmx.c:865
host_idt_base
static unsigned long host_idt_base
Definition: vmx.c:525
L1TF_MSG_L1D
#define L1TF_MSG_L1D
Definition: vmx.c:7557
add_atomic_switch_msr
static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, u64 guest_val, u64 host_val, bool entry_only)
Definition: vmx.c:1032
DEFINE_SPINLOCK
static DEFINE_SPINLOCK(vmx_vpid_lock)
vmx_inject_exception
static void vmx_inject_exception(struct kvm_vcpu *vcpu)
Definition: vmx.c:1797
vmx_alloc_ipiv_pid_table
static int vmx_alloc_ipiv_pid_table(struct kvm *kvm)
Definition: vmx.c:4682
vmx_sched_in
static void vmx_sched_in(struct kvm_vcpu *vcpu, int cpu)
Definition: vmx.c:8104
skip_emulated_instruction
static int skip_emulated_instruction(struct kvm_vcpu *vcpu)
Definition: vmx.c:1679
vmx_adjust_sec_exec_feature
#define vmx_adjust_sec_exec_feature(vmx, exec_control, lname, uname)
Definition: vmx.c:4584
vmx_handle_intel_pt_intr
static unsigned int vmx_handle_intel_pt_intr(void)
Definition: vmx.c:8431
vmread_error_trampoline2
noinstr void vmread_error_trampoline2(unsigned long field, bool fault)
Definition: vmx.c:440
free_vpid
void free_vpid(int vpid)
Definition: vmx.c:3935
handle_invpcid
static int handle_invpcid(struct kvm_vcpu *vcpu)
Definition: vmx.c:5947
vmx_flush_tlb_current
static void vmx_flush_tlb_current(struct kvm_vcpu *vcpu)
Definition: vmx.c:3194
vmclear_local_loaded_vmcss
static void vmclear_local_loaded_vmcss(void)
Definition: vmx.c:2840
vmx_update_hv_timer
static void vmx_update_hv_timer(struct kvm_vcpu *vcpu)
Definition: vmx.c:7158
vmx_set_rvi
static void vmx_set_rvi(int vector)
Definition: vmx.c:6834
vmx_set_apic_access_page_addr
static void vmx_set_apic_access_page_addr(struct kvm_vcpu *vcpu)
Definition: vmx.c:6748
cr4_fixed1_update
#define cr4_fixed1_update(_cr4_mask, _reg, _cpuid_mask)
free_loaded_vmcs
void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
Definition: vmx.c:2893
VMX_SEGMENT_FIELD
#define VMX_SEGMENT_FIELD(seg)
Definition: vmx.c:496
handle_tpr_below_threshold
static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu)
Definition: vmx.c:5615
vmx_disable_fb_clear
static __always_inline void vmx_disable_fb_clear(struct vcpu_vmx *vmx)
Definition: vmx.c:366
DEFINE_MUTEX
static DEFINE_MUTEX(vmx_l1d_flush_mutex)
KVM_VM_CR0_ALWAYS_ON
#define KVM_VM_CR0_ALWAYS_ON
Definition: vmx.c:146
vmx_vmentry_ctrl
static u32 vmx_vmentry_ctrl(void)
Definition: vmx.c:4395
nested_vmx_truncate_sysenter_addr
static u64 nested_vmx_truncate_sysenter_addr(struct kvm_vcpu *vcpu, u64 data)
Definition: vmx.c:2134
hv_reset_evmcs
static void hv_reset_evmcs(void)
Definition: vmx.c:614
to_kvm_vmx
static __always_inline struct kvm_vmx * to_kvm_vmx(struct kvm *kvm)
Definition: vmx.h:652
vmx_need_pf_intercept
static bool vmx_need_pf_intercept(struct kvm_vcpu *vcpu)
Definition: vmx.h:719
SEG_FIELD_BASE
@ SEG_FIELD_BASE
Definition: vmx.h:46
SEG_FIELD_SEL
@ SEG_FIELD_SEL
Definition: vmx.h:45
SEG_FIELD_NR
@ SEG_FIELD_NR
Definition: vmx.h:50
SEG_FIELD_AR
@ SEG_FIELD_AR
Definition: vmx.h:48
SEG_FIELD_LIMIT
@ SEG_FIELD_LIMIT
Definition: vmx.h:47
__vmx_vcpu_run
bool __vmx_vcpu_run(struct vcpu_vmx *vmx, unsigned long *regs, unsigned int flags)
VMX_REGS_LAZY_LOAD_SET
#define VMX_REGS_LAZY_LOAD_SET
Definition: vmx.h:623
vmx_can_use_ipiv
static bool vmx_can_use_ipiv(struct kvm_vcpu *vcpu)
Definition: vmx.h:747
MSR_TYPE_R
#define MSR_TYPE_R
Definition: vmx.h:19
KVM_REQUIRED_VMX_VM_ENTRY_CONTROLS
#define KVM_REQUIRED_VMX_VM_ENTRY_CONTROLS
Definition: vmx.h:478
vmx_has_waitpkg
static bool vmx_has_waitpkg(struct vcpu_vmx *vmx)
Definition: vmx.h:713
alloc_vmcs
static struct vmcs * alloc_vmcs(bool shadow)
Definition: vmx.h:707
KVM_OPTIONAL_VMX_VM_EXIT_CONTROLS
#define KVM_OPTIONAL_VMX_VM_EXIT_CONTROLS
Definition: vmx.h:500
KVM_OPTIONAL_VMX_CPU_BASED_VM_EXEC_CONTROL
#define KVM_OPTIONAL_VMX_CPU_BASED_VM_EXEC_CONTROL
Definition: vmx.h:542
vmx_get_exit_qual
static __always_inline unsigned long vmx_get_exit_qual(struct kvm_vcpu *vcpu)
Definition: vmx.h:681
MSR_TYPE_RW
#define MSR_TYPE_RW
Definition: vmx.h:21
KVM_REQUIRED_VMX_SECONDARY_VM_EXEC_CONTROL
#define KVM_REQUIRED_VMX_SECONDARY_VM_EXEC_CONTROL
Definition: vmx.h:553
MAX_NR_USER_RETURN_MSRS
#define MAX_NR_USER_RETURN_MSRS
Definition: vmx.h:28
vmx_set_intercept_for_msr
static void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, bool value)
Definition: vmx.h:427
KVM_OPTIONAL_VMX_VM_ENTRY_CONTROLS
#define KVM_OPTIONAL_VMX_VM_ENTRY_CONTROLS
Definition: vmx.h:481
KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL
#define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL
Definition: vmx.h:511
KVM_OPTIONAL_VMX_PIN_BASED_VM_EXEC_CONTROL
#define KVM_OPTIONAL_VMX_PIN_BASED_VM_EXEC_CONTROL
Definition: vmx.h:514
to_vmx
static __always_inline struct vcpu_vmx * to_vmx(struct kvm_vcpu *vcpu)
Definition: vmx.h:657
KVM_OPTIONAL_VMX_SECONDARY_VM_EXEC_CONTROL
#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXEC_CONTROL
Definition: vmx.h:554
vmx_get_instr_info_reg2
static int vmx_get_instr_info_reg2(u32 vmx_instr_info)
Definition: vmx.h:742
is_unrestricted_guest
static bool is_unrestricted_guest(struct kvm_vcpu *vcpu)
Definition: vmx.h:727
vmx_l1_guest_owned_cr0_bits
static unsigned long vmx_l1_guest_owned_cr0_bits(void)
Definition: vmx.h:634
MAX_POSSIBLE_PASSTHROUGH_MSRS
#define MAX_POSSIBLE_PASSTHROUGH_MSRS
Definition: vmx.h:362
intel_pmu_lbr_is_enabled
static bool intel_pmu_lbr_is_enabled(struct kvm_vcpu *vcpu)
Definition: vmx.h:672
MSR_TYPE_W
#define MSR_TYPE_W
Definition: vmx.h:20
vmx_guest_state_valid
static bool vmx_guest_state_valid(struct kvm_vcpu *vcpu)
Definition: vmx.h:735
vmx_get_rvi
static u8 vmx_get_rvi(void)
Definition: vmx.h:466
KVM_REQUIRED_VMX_VM_EXIT_CONTROLS
#define KVM_REQUIRED_VMX_VM_EXIT_CONTROLS
Definition: vmx.h:497
KVM_REQUIRED_VMX_CPU_BASED_VM_EXEC_CONTROL
#define KVM_REQUIRED_VMX_CPU_BASED_VM_EXEC_CONTROL
Definition: vmx.h:538
KVM_OPTIONAL_VMX_TERTIARY_VM_EXEC_CONTROL
#define KVM_OPTIONAL_VMX_TERTIARY_VM_EXEC_CONTROL
Definition: vmx.h:582
PML_ENTITY_NUM
#define PML_ENTITY_NUM
Definition: vmx.h:338
MAX_NR_LOADSTORE_MSRS
#define MAX_NR_LOADSTORE_MSRS
Definition: vmx.h:31
vmx_get_intr_info
static __always_inline u32 vmx_get_intr_info(struct kvm_vcpu *vcpu)
Definition: vmx.h:691
evmcs_sanitize_exec_ctrls
void evmcs_sanitize_exec_ctrls(struct vmcs_config *vmcs_conf)
Definition: vmx_onhyperv.c:28
vmx_onhyperv.h
current_evmcs
#define current_evmcs
Definition: vmx_onhyperv.h:15
kvm_is_using_evmcs
static __always_inline bool kvm_is_using_evmcs(void)
Definition: vmx_onhyperv.h:115
vpid_sync_vcpu_addr
static void vpid_sync_vcpu_addr(int vpid, gva_t addr)
Definition: vmx_ops.h:345
vmcs_writel
static __always_inline void vmcs_writel(unsigned long field, unsigned long value)
Definition: vmx_ops.h:258
vmcs_read64
static __always_inline u64 vmcs_read64(unsigned long field)
Definition: vmx_ops.h:169
vmcs_write16
static __always_inline void vmcs_write16(unsigned long field, u16 value)
Definition: vmx_ops.h:228
vmcs_write32
static __always_inline void vmcs_write32(unsigned long field, u32 value)
Definition: vmx_ops.h:237
vmcs_load
static void vmcs_load(struct vmcs *vmcs)
Definition: vmx_ops.h:294
vpid_sync_context
static void vpid_sync_context(int vpid)
Definition: vmx_ops.h:337
ept_sync_global
static void ept_sync_global(void)
Definition: vmx_ops.h:356
vmcs_read32
static __always_inline u32 vmcs_read32(unsigned long field)
Definition: vmx_ops.h:161
vpid_sync_vcpu_global
static void vpid_sync_vcpu_global(void)
Definition: vmx_ops.h:332
vpid_sync_vcpu_single
static void vpid_sync_vcpu_single(int vpid)
Definition: vmx_ops.h:324
vmcs_set_bits
static __always_inline void vmcs_set_bits(unsigned long field, u32 mask)
Definition: vmx_ops.h:277
vmcs_write64
static __always_inline void vmcs_write64(unsigned long field, u64 value)
Definition: vmx_ops.h:246
vmcs_clear_bits
static __always_inline void vmcs_clear_bits(unsigned long field, u32 mask)
Definition: vmx_ops.h:267
vmcs_clear
static void vmcs_clear(struct vmcs *vmcs)
Definition: vmx_ops.h:287
ept_sync_context
static void ept_sync_context(u64 eptp)
Definition: vmx_ops.h:361
vmcs_readl
static __always_inline unsigned long vmcs_readl(unsigned long field)
Definition: vmx_ops.h:181
vmcs_read16
static __always_inline u16 vmcs_read16(unsigned long field)
Definition: vmx_ops.h:153
kvm_spec_ctrl_test_value
int kvm_spec_ctrl_test_value(u64 value)
Definition: x86.c:13532
kvm_get_linear_rip
unsigned long kvm_get_linear_rip(struct kvm_vcpu *vcpu)
Definition: x86.c:13151
enable_apicv
bool __read_mostly enable_apicv
Definition: x86.c:235
kvm_arch_has_noncoherent_dma
bool kvm_arch_has_noncoherent_dma(struct kvm *kvm)
Definition: x86.c:13452
kvm_emulate_monitor
int kvm_emulate_monitor(struct kvm_vcpu *vcpu)
Definition: x86.c:2142
__x86_set_memory_region
void __user * __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
Definition: x86.c:12637
kvm_requeue_exception_e
void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
Definition: x86.c:830
kvm_set_dr
int kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
Definition: x86.c:1373
kvm_get_msr_common
int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
Definition: x86.c:4182
kvm_find_user_return_msr
int kvm_find_user_return_msr(u32 msr)
Definition: x86.c:416
kvm_fast_pio
int kvm_fast_pio(struct kvm_vcpu *vcpu, int size, unsigned short port, int in)
Definition: x86.c:9358
kvm_emulate_instruction
int kvm_emulate_instruction(struct kvm_vcpu *vcpu, int emulation_type)
Definition: x86.c:9262
kvm_set_cr8
int kvm_set_cr8(struct kvm_vcpu *vcpu, unsigned long cr8)
Definition: x86.c:1315
kvm_emulate_wrmsr
int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu)
Definition: x86.c:2082
kvm_task_switch
int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code)
Definition: x86.c:11657
enable_vmware_backdoor
bool __read_mostly enable_vmware_backdoor
Definition: x86.c:176
kvm_get_cr8
unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu)
Definition: x86.c:1327
host_arch_capabilities
u64 __read_mostly host_arch_capabilities
Definition: x86.c:241
kvm_read_l1_tsc
u64 kvm_read_l1_tsc(struct kvm_vcpu *vcpu, u64 host_tsc)
Definition: x86.c:2583
kvm_set_cr4
int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
Definition: x86.c:1192
kvm_handle_invalid_op
int kvm_handle_invalid_op(struct kvm_vcpu *vcpu)
Definition: x86.c:2119
kvm_x86_vendor_exit
void kvm_x86_vendor_exit(void)
Definition: x86.c:9798
kvm_emulate_wbinvd
int kvm_emulate_wbinvd(struct kvm_vcpu *vcpu)
Definition: x86.c:8169
kvm_set_cr3
int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
Definition: x86.c:1266
kvm_requeue_exception
void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr)
Definition: x86.c:737
kvm_vcpu_deliver_sipi_vector
void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector)
Definition: x86.c:12374
enable_pmu
bool __read_mostly enable_pmu
Definition: x86.c:192
kvm_nr_uret_msrs
u32 __read_mostly kvm_nr_uret_msrs
Definition: x86.c:219
handle_fastpath_set_msr_irqoff
fastpath_t handle_fastpath_set_msr_irqoff(struct kvm_vcpu *vcpu)
Definition: x86.c:2185
host_efer
u64 __read_mostly host_efer
Definition: x86.c:229
kvm_emulate_halt_noskip
int kvm_emulate_halt_noskip(struct kvm_vcpu *vcpu)
Definition: x86.c:9851
kvm_deliver_exception_payload
void kvm_deliver_exception_payload(struct kvm_vcpu *vcpu, struct kvm_queued_exception *ex)
Definition: x86.c:573
kvm_emulate_halt
int kvm_emulate_halt(struct kvm_vcpu *vcpu)
Definition: x86.c:9857
kvm_add_user_return_msr
int kvm_add_user_return_msr(u32 msr)
Definition: x86.c:404
kvm_emulate_rdmsr
int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu)
Definition: x86.c:2057
kvm_handle_invpcid
int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gva)
Definition: x86.c:13612
kvm_emulate_invd
int kvm_emulate_invd(struct kvm_vcpu *vcpu)
Definition: x86.c:2112
kvm_spurious_fault
noinstr void kvm_spurious_fault(void)
Definition: x86.c:513
kvm_set_cr0
int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
Definition: x86.c:971
kvm_queue_exception_e
void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
Definition: x86.c:824
kvm_complete_insn_gp
int kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err)
Definition: x86.c:757
kvm_get_dr
void kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
Definition: x86.c:1402
kvm_emulate_xsetbv
int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu)
Definition: x86.c:1119
kvm_skip_emulated_instruction
int kvm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
Definition: x86.c:8916
kvm_emulate_hypercall
int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
Definition: x86.c:10019
kvm_lmsw
void kvm_lmsw(struct kvm_vcpu *vcpu, unsigned long msw)
Definition: x86.c:1012
kvm_prepare_emulation_failure_exit
void kvm_prepare_emulation_failure_exit(struct kvm_vcpu *vcpu)
Definition: x86.c:8727
kvm_queue_exception
void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr)
Definition: x86.c:731
kvm_inject_realmode_interrupt
void kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
Definition: x86.c:8639
kvm_emulate_rdpmc
int kvm_emulate_rdpmc(struct kvm_vcpu *vcpu)
Definition: x86.c:1422
handle_ud
int handle_ud(struct kvm_vcpu *vcpu)
Definition: x86.c:7669
kvm_queue_exception_p
void kvm_queue_exception_p(struct kvm_vcpu *vcpu, unsigned nr, unsigned long payload)
Definition: x86.c:743
kvm_enable_efer_bits
void kvm_enable_efer_bits(u64 mask)
Definition: x86.c:1790
kvm_x86_vendor_init
int kvm_x86_vendor_init(struct kvm_x86_init_ops *ops)
Definition: x86.c:9786
kvm_arch_has_assigned_device
bool noinstr kvm_arch_has_assigned_device(struct kvm *kvm)
Definition: x86.c:13419
kvm_msr_allowed
bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
Definition: x86.c:1796
kvm_set_msr_common
int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
Definition: x86.c:3737
kvm_get_rflags
unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu)
Definition: x86.c:13170
kvm_load_guest_xsave_state
void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu)
Definition: x86.c:1018
kvm_fixup_and_inject_pf_error
void kvm_fixup_and_inject_pf_error(struct kvm_vcpu *vcpu, gva_t gva, u16 error_code)
Definition: x86.c:13558
kvm_set_user_return_msr
int kvm_set_user_return_msr(unsigned slot, u64 value, u64 mask)
Definition: x86.c:442
kvm_require_dr
bool kvm_require_dr(struct kvm_vcpu *vcpu, int dr)
Definition: x86.c:848
__kvm_request_immediate_exit
void __kvm_request_immediate_exit(struct kvm_vcpu *vcpu)
Definition: x86.c:10692
kvm_load_host_xsave_state
void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu)
Definition: x86.c:1041
kvm_emulate_mwait
int kvm_emulate_mwait(struct kvm_vcpu *vcpu)
Definition: x86.c:2136
is_protmode
static bool is_protmode(struct kvm_vcpu *vcpu)
Definition: x86.h:138
KVM_VMX_DEFAULT_PLE_WINDOW
#define KVM_VMX_DEFAULT_PLE_WINDOW
Definition: x86.h:53
kvm_cstate_in_guest
static bool kvm_cstate_in_guest(struct kvm *kvm)
Definition: x86.h:424
__grow_ple_window
static unsigned int __grow_ple_window(unsigned int val, unsigned int base, unsigned int modifier, unsigned int max)
Definition: x86.h:60
kvm_after_interrupt
static __always_inline void kvm_after_interrupt(struct kvm_vcpu *vcpu)
Definition: x86.h:446
kvm_exception_is_soft
static bool kvm_exception_is_soft(unsigned int nr)
Definition: x86.h:133
kvm_mpx_supported
static bool kvm_mpx_supported(void)
Definition: x86.h:361
KVM_FIRST_EMULATED_VMX_MSR
#define KVM_FIRST_EMULATED_VMX_MSR
Definition: x86.h:49
KVM_DEFAULT_PLE_WINDOW_SHRINK
#define KVM_DEFAULT_PLE_WINDOW_SHRINK
Definition: x86.h:55
is_paging
static bool is_paging(struct kvm_vcpu *vcpu)
Definition: x86.h:198
kvm_before_interrupt
static __always_inline void kvm_before_interrupt(struct kvm_vcpu *vcpu, enum kvm_intr_type intr)
Definition: x86.h:440
kvm_register_write
static void kvm_register_write(struct kvm_vcpu *vcpu, int reg, unsigned long val)
Definition: x86.h:280
KVM_HANDLING_IRQ
@ KVM_HANDLING_IRQ
Definition: x86.h:436
KVM_HANDLING_NMI
@ KVM_HANDLING_NMI
Definition: x86.h:437
kvm_mwait_in_guest
static bool kvm_mwait_in_guest(struct kvm *kvm)
Definition: x86.h:409
KVM_DEFAULT_PLE_WINDOW_GROW
#define KVM_DEFAULT_PLE_WINDOW_GROW
Definition: x86.h:54
kvm_clear_interrupt_queue
static void kvm_clear_interrupt_queue(struct kvm_vcpu *vcpu)
Definition: x86.h:122
kvm_register_read
static unsigned long kvm_register_read(struct kvm_vcpu *vcpu, int reg)
Definition: x86.h:273
kvm_machine_check
static void kvm_machine_check(void)
Definition: x86.h:482
kvm_is_exception_pending
static bool kvm_is_exception_pending(struct kvm_vcpu *vcpu)
Definition: x86.h:100
kvm_queue_interrupt
static void kvm_queue_interrupt(struct kvm_vcpu *vcpu, u8 vector, bool soft)
Definition: x86.h:114
is_pae_paging
static bool is_pae_paging(struct kvm_vcpu *vcpu)
Definition: x86.h:203
is_long_mode
static bool is_long_mode(struct kvm_vcpu *vcpu)
Definition: x86.h:143
kvm_pause_in_guest
static bool kvm_pause_in_guest(struct kvm *kvm)
Definition: x86.h:419
KVM_MSR_RET_INVALID
#define KVM_MSR_RET_INVALID
Definition: x86.h:508
nsec_to_cycles
static u64 nsec_to_cycles(struct kvm_vcpu *vcpu, u64 nsec)
Definition: x86.h:389
KVM_VMX_DEFAULT_PLE_WINDOW_MAX
#define KVM_VMX_DEFAULT_PLE_WINDOW_MAX
Definition: x86.h:56
KVM_DEFAULT_PLE_GAP
#define KVM_DEFAULT_PLE_GAP
Definition: x86.h:52
kvm_pr_unimpl_wrmsr
static void kvm_pr_unimpl_wrmsr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
Definition: x86.h:377
kvm_clear_exception_queue
static void kvm_clear_exception_queue(struct kvm_vcpu *vcpu)
Definition: x86.h:107
kvm_hlt_in_guest
static bool kvm_hlt_in_guest(struct kvm *kvm)
Definition: x86.h:414
KVM_LAST_EMULATED_VMX_MSR
#define KVM_LAST_EMULATED_VMX_MSR
Definition: x86.h:50
kvm_handling_nmi_from_guest
static bool kvm_handling_nmi_from_guest(struct kvm_vcpu *vcpu)
Definition: x86.h:451
is_64_bit_mode
static bool is_64_bit_mode(struct kvm_vcpu *vcpu)
Definition: x86.h:152
kvm_check_has_quirk
static bool kvm_check_has_quirk(struct kvm *kvm, u64 quirk)
Definition: x86.h:288
__shrink_ple_window
static unsigned int __shrink_ple_window(unsigned int val, unsigned int base, unsigned int modifier, unsigned int min)
Definition: x86.h:76
kvm_notify_vmexit_enabled
static bool kvm_notify_vmexit_enabled(struct kvm *kvm)
Definition: x86.h:429
is_noncanonical_address
static bool is_noncanonical_address(u64 la, struct kvm_vcpu *vcpu)
Definition: x86.h:213
flags
uint32_t flags
Definition: xen.c:1
Generated by doxygen 1.9.1