1 // SPDX-License-Identifier: GPL-2.0
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
4 #include <linux/objtool.h>
5 #include <linux/percpu.h>
7 #include <asm/debugreg.h>
8 #include <asm/mmu_context.h>
16 #include "posted_intr.h"
22 static bool __read_mostly enable_shadow_vmcs = 1;
23 module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
25 static bool __read_mostly nested_early_check = 0;
26 module_param(nested_early_check, bool, S_IRUGO);
28 #define CC KVM_NESTED_VMENTER_CONSISTENCY_CHECK
31 * Hyper-V requires all of these, so mark them as supported even though
32 * they are just treated the same as all-context.
34 #define VMX_VPID_EXTENT_SUPPORTED_MASK \
35 (VMX_VPID_EXTENT_INDIVIDUAL_ADDR_BIT | \
36 VMX_VPID_EXTENT_SINGLE_CONTEXT_BIT | \
37 VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT | \
38 VMX_VPID_EXTENT_SINGLE_NON_GLOBAL_BIT)
40 #define VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE 5
47 static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
49 #define vmx_vmread_bitmap (vmx_bitmap[VMX_VMREAD_BITMAP])
50 #define vmx_vmwrite_bitmap (vmx_bitmap[VMX_VMWRITE_BITMAP])
52 struct shadow_vmcs_field {
56 static struct shadow_vmcs_field shadow_read_only_fields[] = {
57 #define SHADOW_FIELD_RO(x, y) { x, offsetof(struct vmcs12, y) },
58 #include "vmcs_shadow_fields.h"
60 static int max_shadow_read_only_fields =
61 ARRAY_SIZE(shadow_read_only_fields);
63 static struct shadow_vmcs_field shadow_read_write_fields[] = {
64 #define SHADOW_FIELD_RW(x, y) { x, offsetof(struct vmcs12, y) },
65 #include "vmcs_shadow_fields.h"
67 static int max_shadow_read_write_fields =
68 ARRAY_SIZE(shadow_read_write_fields);
70 static void init_vmcs_shadow_fields(void)
74 memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
75 memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
77 for (i = j = 0; i < max_shadow_read_only_fields; i++) {
78 struct shadow_vmcs_field entry = shadow_read_only_fields[i];
79 u16 field = entry.encoding;
81 if (vmcs_field_width(field) == VMCS_FIELD_WIDTH_U64 &&
82 (i + 1 == max_shadow_read_only_fields ||
83 shadow_read_only_fields[i + 1].encoding != field + 1))
84 pr_err("Missing field from shadow_read_only_field %x\n",
87 clear_bit(field, vmx_vmread_bitmap);
92 entry.offset += sizeof(u32);
94 shadow_read_only_fields[j++] = entry;
96 max_shadow_read_only_fields = j;
98 for (i = j = 0; i < max_shadow_read_write_fields; i++) {
99 struct shadow_vmcs_field entry = shadow_read_write_fields[i];
100 u16 field = entry.encoding;
102 if (vmcs_field_width(field) == VMCS_FIELD_WIDTH_U64 &&
103 (i + 1 == max_shadow_read_write_fields ||
104 shadow_read_write_fields[i + 1].encoding != field + 1))
105 pr_err("Missing field from shadow_read_write_field %x\n",
108 WARN_ONCE(field >= GUEST_ES_AR_BYTES &&
109 field <= GUEST_TR_AR_BYTES,
110 "Update vmcs12_write_any() to drop reserved bits from AR_BYTES");
113 * PML and the preemption timer can be emulated, but the
114 * processor cannot vmwrite to fields that don't exist
118 case GUEST_PML_INDEX:
119 if (!cpu_has_vmx_pml())
122 case VMX_PREEMPTION_TIMER_VALUE:
123 if (!cpu_has_vmx_preemption_timer())
126 case GUEST_INTR_STATUS:
127 if (!cpu_has_vmx_apicv())
134 clear_bit(field, vmx_vmwrite_bitmap);
135 clear_bit(field, vmx_vmread_bitmap);
140 entry.offset += sizeof(u32);
142 shadow_read_write_fields[j++] = entry;
144 max_shadow_read_write_fields = j;
148 * The following 3 functions, nested_vmx_succeed()/failValid()/failInvalid(),
149 * set the success or error code of an emulated VMX instruction (as specified
150 * by Vol 2B, VMX Instruction Reference, "Conventions"), and skip the emulated
153 static int nested_vmx_succeed(struct kvm_vcpu *vcpu)
155 vmx_set_rflags(vcpu, vmx_get_rflags(vcpu)
156 & ~(X86_EFLAGS_CF | X86_EFLAGS_PF | X86_EFLAGS_AF |
157 X86_EFLAGS_ZF | X86_EFLAGS_SF | X86_EFLAGS_OF));
158 return kvm_skip_emulated_instruction(vcpu);
161 static int nested_vmx_failInvalid(struct kvm_vcpu *vcpu)
163 vmx_set_rflags(vcpu, (vmx_get_rflags(vcpu)
164 & ~(X86_EFLAGS_PF | X86_EFLAGS_AF | X86_EFLAGS_ZF |
165 X86_EFLAGS_SF | X86_EFLAGS_OF))
167 return kvm_skip_emulated_instruction(vcpu);
170 static int nested_vmx_failValid(struct kvm_vcpu *vcpu,
171 u32 vm_instruction_error)
173 vmx_set_rflags(vcpu, (vmx_get_rflags(vcpu)
174 & ~(X86_EFLAGS_CF | X86_EFLAGS_PF | X86_EFLAGS_AF |
175 X86_EFLAGS_SF | X86_EFLAGS_OF))
177 get_vmcs12(vcpu)->vm_instruction_error = vm_instruction_error;
179 * We don't need to force sync to shadow VMCS because
180 * VM_INSTRUCTION_ERROR is not shadowed. Enlightened VMCS 'shadows' all
181 * fields and thus must be synced.
183 if (nested_vmx_is_evmptr12_set(to_vmx(vcpu)))
184 to_vmx(vcpu)->nested.need_vmcs12_to_shadow_sync = true;
186 return kvm_skip_emulated_instruction(vcpu);
189 static int nested_vmx_fail(struct kvm_vcpu *vcpu, u32 vm_instruction_error)
191 struct vcpu_vmx *vmx = to_vmx(vcpu);
194 * failValid writes the error number to the current VMCS, which
195 * can't be done if there isn't a current VMCS.
197 if (vmx->nested.current_vmptr == INVALID_GPA &&
198 !nested_vmx_is_evmptr12_valid(vmx))
199 return nested_vmx_failInvalid(vcpu);
201 return nested_vmx_failValid(vcpu, vm_instruction_error);
204 static void nested_vmx_abort(struct kvm_vcpu *vcpu, u32 indicator)
206 /* TODO: not to reset guest simply here. */
207 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
208 pr_debug_ratelimited("nested vmx abort, indicator %d\n", indicator);
211 static inline bool vmx_control_verify(u32 control, u32 low, u32 high)
213 return fixed_bits_valid(control, low, high);
216 static inline u64 vmx_control_msr(u32 low, u32 high)
218 return low | ((u64)high << 32);
221 static void vmx_disable_shadow_vmcs(struct vcpu_vmx *vmx)
223 secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_SHADOW_VMCS);
224 vmcs_write64(VMCS_LINK_POINTER, INVALID_GPA);
225 vmx->nested.need_vmcs12_to_shadow_sync = false;
228 static inline void nested_release_evmcs(struct kvm_vcpu *vcpu)
230 #ifdef CONFIG_KVM_HYPERV
231 struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu);
232 struct vcpu_vmx *vmx = to_vmx(vcpu);
234 kvm_vcpu_unmap(vcpu, &vmx->nested.hv_evmcs_map);
235 vmx->nested.hv_evmcs = NULL;
236 vmx->nested.hv_evmcs_vmptr = EVMPTR_INVALID;
239 hv_vcpu->nested.pa_page_gpa = INVALID_GPA;
240 hv_vcpu->nested.vm_id = 0;
241 hv_vcpu->nested.vp_id = 0;
246 static bool nested_evmcs_handle_vmclear(struct kvm_vcpu *vcpu, gpa_t vmptr)
248 #ifdef CONFIG_KVM_HYPERV
249 struct vcpu_vmx *vmx = to_vmx(vcpu);
251 * When Enlightened VMEntry is enabled on the calling CPU we treat
252 * memory area pointer by vmptr as Enlightened VMCS (as there's no good
253 * way to distinguish it from VMCS12) and we must not corrupt it by
254 * writing to the non-existent 'launch_state' field. The area doesn't
255 * have to be the currently active EVMCS on the calling CPU and there's
256 * nothing KVM has to do to transition it from 'active' to 'non-active'
257 * state. It is possible that the area will stay mapped as
258 * vmx->nested.hv_evmcs but this shouldn't be a problem.
260 if (!guest_cpuid_has_evmcs(vcpu) ||
261 !evmptr_is_valid(nested_get_evmptr(vcpu)))
264 if (nested_vmx_evmcs(vmx) && vmptr == vmx->nested.hv_evmcs_vmptr)
265 nested_release_evmcs(vcpu);
273 static void vmx_sync_vmcs_host_state(struct vcpu_vmx *vmx,
274 struct loaded_vmcs *prev)
276 struct vmcs_host_state *dest, *src;
278 if (unlikely(!vmx->guest_state_loaded))
281 src = &prev->host_state;
282 dest = &vmx->loaded_vmcs->host_state;
284 vmx_set_host_fs_gs(dest, src->fs_sel, src->gs_sel, src->fs_base, src->gs_base);
285 dest->ldt_sel = src->ldt_sel;
287 dest->ds_sel = src->ds_sel;
288 dest->es_sel = src->es_sel;
292 static void vmx_switch_vmcs(struct kvm_vcpu *vcpu, struct loaded_vmcs *vmcs)
294 struct vcpu_vmx *vmx = to_vmx(vcpu);
295 struct loaded_vmcs *prev;
298 if (WARN_ON_ONCE(vmx->loaded_vmcs == vmcs))
302 prev = vmx->loaded_vmcs;
303 vmx->loaded_vmcs = vmcs;
304 vmx_vcpu_load_vmcs(vcpu, cpu, prev);
305 vmx_sync_vmcs_host_state(vmx, prev);
308 vcpu->arch.regs_avail = ~VMX_REGS_LAZY_LOAD_SET;
311 * All lazily updated registers will be reloaded from VMCS12 on both
312 * vmentry and vmexit.
314 vcpu->arch.regs_dirty = 0;
317 static void nested_put_vmcs12_pages(struct kvm_vcpu *vcpu)
319 struct vcpu_vmx *vmx = to_vmx(vcpu);
321 kvm_vcpu_unmap(vcpu, &vmx->nested.apic_access_page_map);
322 kvm_vcpu_unmap(vcpu, &vmx->nested.virtual_apic_map);
323 kvm_vcpu_unmap(vcpu, &vmx->nested.pi_desc_map);
324 vmx->nested.pi_desc = NULL;
328 * Free whatever needs to be freed from vmx->nested when L1 goes down, or
329 * just stops using VMX.
331 static void free_nested(struct kvm_vcpu *vcpu)
333 struct vcpu_vmx *vmx = to_vmx(vcpu);
335 if (WARN_ON_ONCE(vmx->loaded_vmcs != &vmx->vmcs01))
336 vmx_switch_vmcs(vcpu, &vmx->vmcs01);
338 if (!vmx->nested.vmxon && !vmx->nested.smm.vmxon)
341 kvm_clear_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu);
343 vmx->nested.vmxon = false;
344 vmx->nested.smm.vmxon = false;
345 vmx->nested.vmxon_ptr = INVALID_GPA;
346 free_vpid(vmx->nested.vpid02);
347 vmx->nested.posted_intr_nv = -1;
348 vmx->nested.current_vmptr = INVALID_GPA;
349 if (enable_shadow_vmcs) {
350 vmx_disable_shadow_vmcs(vmx);
351 vmcs_clear(vmx->vmcs01.shadow_vmcs);
352 free_vmcs(vmx->vmcs01.shadow_vmcs);
353 vmx->vmcs01.shadow_vmcs = NULL;
355 kfree(vmx->nested.cached_vmcs12);
356 vmx->nested.cached_vmcs12 = NULL;
357 kfree(vmx->nested.cached_shadow_vmcs12);
358 vmx->nested.cached_shadow_vmcs12 = NULL;
360 nested_put_vmcs12_pages(vcpu);
362 kvm_mmu_free_roots(vcpu->kvm, &vcpu->arch.guest_mmu, KVM_MMU_ROOTS_ALL);
364 nested_release_evmcs(vcpu);
366 free_loaded_vmcs(&vmx->nested.vmcs02);
370 * Ensure that the current vmcs of the logical processor is the
371 * vmcs01 of the vcpu before calling free_nested().
373 void nested_vmx_free_vcpu(struct kvm_vcpu *vcpu)
376 vmx_leave_nested(vcpu);
380 #define EPTP_PA_MASK GENMASK_ULL(51, 12)
382 static bool nested_ept_root_matches(hpa_t root_hpa, u64 root_eptp, u64 eptp)
384 return VALID_PAGE(root_hpa) &&
385 ((root_eptp & EPTP_PA_MASK) == (eptp & EPTP_PA_MASK));
388 static void nested_ept_invalidate_addr(struct kvm_vcpu *vcpu, gpa_t eptp,
391 unsigned long roots = 0;
393 struct kvm_mmu_root_info *cached_root;
395 WARN_ON_ONCE(!mmu_is_nested(vcpu));
397 for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) {
398 cached_root = &vcpu->arch.mmu->prev_roots[i];
400 if (nested_ept_root_matches(cached_root->hpa, cached_root->pgd,
402 roots |= KVM_MMU_ROOT_PREVIOUS(i);
405 kvm_mmu_invalidate_addr(vcpu, vcpu->arch.mmu, addr, roots);
408 static void nested_ept_inject_page_fault(struct kvm_vcpu *vcpu,
409 struct x86_exception *fault)
411 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
412 struct vcpu_vmx *vmx = to_vmx(vcpu);
413 unsigned long exit_qualification;
416 if (vmx->nested.pml_full) {
417 vm_exit_reason = EXIT_REASON_PML_FULL;
418 vmx->nested.pml_full = false;
421 * It should be impossible to trigger a nested PML Full VM-Exit
422 * for anything other than an EPT Violation from L2. KVM *can*
423 * trigger nEPT page fault injection in response to an EPT
424 * Misconfig, e.g. if the MMIO SPTE was stale and L1's EPT
425 * tables also changed, but KVM should not treat EPT Misconfig
426 * VM-Exits as writes.
428 WARN_ON_ONCE(vmx->exit_reason.basic != EXIT_REASON_EPT_VIOLATION);
431 * PML Full and EPT Violation VM-Exits both use bit 12 to report
432 * "NMI unblocking due to IRET", i.e. the bit can be propagated
433 * as-is from the original EXIT_QUALIFICATION.
435 exit_qualification = vmx_get_exit_qual(vcpu) & INTR_INFO_UNBLOCK_NMI;
437 if (fault->error_code & PFERR_RSVD_MASK) {
438 vm_exit_reason = EXIT_REASON_EPT_MISCONFIG;
439 exit_qualification = 0;
441 exit_qualification = fault->exit_qualification;
442 exit_qualification |= vmx_get_exit_qual(vcpu) &
443 (EPT_VIOLATION_GVA_IS_VALID |
444 EPT_VIOLATION_GVA_TRANSLATED);
445 vm_exit_reason = EXIT_REASON_EPT_VIOLATION;
449 * Although the caller (kvm_inject_emulated_page_fault) would
450 * have already synced the faulting address in the shadow EPT
451 * tables for the current EPTP12, we also need to sync it for
452 * any other cached EPTP02s based on the same EP4TA, since the
453 * TLB associates mappings to the EP4TA rather than the full EPTP.
455 nested_ept_invalidate_addr(vcpu, vmcs12->ept_pointer,
459 nested_vmx_vmexit(vcpu, vm_exit_reason, 0, exit_qualification);
460 vmcs12->guest_physical_address = fault->address;
463 static void nested_ept_new_eptp(struct kvm_vcpu *vcpu)
465 struct vcpu_vmx *vmx = to_vmx(vcpu);
466 bool execonly = vmx->nested.msrs.ept_caps & VMX_EPT_EXECUTE_ONLY_BIT;
467 int ept_lpage_level = ept_caps_to_lpage_level(vmx->nested.msrs.ept_caps);
469 kvm_init_shadow_ept_mmu(vcpu, execonly, ept_lpage_level,
470 nested_ept_ad_enabled(vcpu),
471 nested_ept_get_eptp(vcpu));
474 static void nested_ept_init_mmu_context(struct kvm_vcpu *vcpu)
476 WARN_ON(mmu_is_nested(vcpu));
478 vcpu->arch.mmu = &vcpu->arch.guest_mmu;
479 nested_ept_new_eptp(vcpu);
480 vcpu->arch.mmu->get_guest_pgd = nested_ept_get_eptp;
481 vcpu->arch.mmu->inject_page_fault = nested_ept_inject_page_fault;
482 vcpu->arch.mmu->get_pdptr = kvm_pdptr_read;
484 vcpu->arch.walk_mmu = &vcpu->arch.nested_mmu;
487 static void nested_ept_uninit_mmu_context(struct kvm_vcpu *vcpu)
489 vcpu->arch.mmu = &vcpu->arch.root_mmu;
490 vcpu->arch.walk_mmu = &vcpu->arch.root_mmu;
493 static bool nested_vmx_is_page_fault_vmexit(struct vmcs12 *vmcs12,
496 bool inequality, bit;
498 bit = (vmcs12->exception_bitmap & (1u << PF_VECTOR)) != 0;
500 (error_code & vmcs12->page_fault_error_code_mask) !=
501 vmcs12->page_fault_error_code_match;
502 return inequality ^ bit;
505 static bool nested_vmx_is_exception_vmexit(struct kvm_vcpu *vcpu, u8 vector,
508 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
511 * Drop bits 31:16 of the error code when performing the #PF mask+match
512 * check. All VMCS fields involved are 32 bits, but Intel CPUs never
513 * set bits 31:16 and VMX disallows setting bits 31:16 in the injected
514 * error code. Including the to-be-dropped bits in the check might
515 * result in an "impossible" or missed exit from L1's perspective.
517 if (vector == PF_VECTOR)
518 return nested_vmx_is_page_fault_vmexit(vmcs12, (u16)error_code);
520 return (vmcs12->exception_bitmap & (1u << vector));
523 static int nested_vmx_check_io_bitmap_controls(struct kvm_vcpu *vcpu,
524 struct vmcs12 *vmcs12)
526 if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
529 if (CC(!page_address_valid(vcpu, vmcs12->io_bitmap_a)) ||
530 CC(!page_address_valid(vcpu, vmcs12->io_bitmap_b)))
536 static int nested_vmx_check_msr_bitmap_controls(struct kvm_vcpu *vcpu,
537 struct vmcs12 *vmcs12)
539 if (!nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
542 if (CC(!page_address_valid(vcpu, vmcs12->msr_bitmap)))
548 static int nested_vmx_check_tpr_shadow_controls(struct kvm_vcpu *vcpu,
549 struct vmcs12 *vmcs12)
551 if (!nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW))
554 if (CC(!page_address_valid(vcpu, vmcs12->virtual_apic_page_addr)))
561 * For x2APIC MSRs, ignore the vmcs01 bitmap. L1 can enable x2APIC without L1
562 * itself utilizing x2APIC. All MSRs were previously set to be intercepted,
563 * only the "disable intercept" case needs to be handled.
565 static void nested_vmx_disable_intercept_for_x2apic_msr(unsigned long *msr_bitmap_l1,
566 unsigned long *msr_bitmap_l0,
569 if (type & MSR_TYPE_R && !vmx_test_msr_bitmap_read(msr_bitmap_l1, msr))
570 vmx_clear_msr_bitmap_read(msr_bitmap_l0, msr);
572 if (type & MSR_TYPE_W && !vmx_test_msr_bitmap_write(msr_bitmap_l1, msr))
573 vmx_clear_msr_bitmap_write(msr_bitmap_l0, msr);
576 static inline void enable_x2apic_msr_intercepts(unsigned long *msr_bitmap)
580 for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
581 unsigned word = msr / BITS_PER_LONG;
583 msr_bitmap[word] = ~0;
584 msr_bitmap[word + (0x800 / sizeof(long))] = ~0;
588 #define BUILD_NVMX_MSR_INTERCEPT_HELPER(rw) \
590 void nested_vmx_set_msr_##rw##_intercept(struct vcpu_vmx *vmx, \
591 unsigned long *msr_bitmap_l1, \
592 unsigned long *msr_bitmap_l0, u32 msr) \
594 if (vmx_test_msr_bitmap_##rw(vmx->vmcs01.msr_bitmap, msr) || \
595 vmx_test_msr_bitmap_##rw(msr_bitmap_l1, msr)) \
596 vmx_set_msr_bitmap_##rw(msr_bitmap_l0, msr); \
598 vmx_clear_msr_bitmap_##rw(msr_bitmap_l0, msr); \
600 BUILD_NVMX_MSR_INTERCEPT_HELPER(read)
601 BUILD_NVMX_MSR_INTERCEPT_HELPER(write)
603 static inline void nested_vmx_set_intercept_for_msr(struct vcpu_vmx *vmx,
604 unsigned long *msr_bitmap_l1,
605 unsigned long *msr_bitmap_l0,
608 if (types & MSR_TYPE_R)
609 nested_vmx_set_msr_read_intercept(vmx, msr_bitmap_l1,
611 if (types & MSR_TYPE_W)
612 nested_vmx_set_msr_write_intercept(vmx, msr_bitmap_l1,
617 * Merge L0's and L1's MSR bitmap, return false to indicate that
618 * we do not use the hardware.
620 static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu,
621 struct vmcs12 *vmcs12)
623 struct vcpu_vmx *vmx = to_vmx(vcpu);
625 unsigned long *msr_bitmap_l1;
626 unsigned long *msr_bitmap_l0 = vmx->nested.vmcs02.msr_bitmap;
627 struct kvm_host_map map;
629 /* Nothing to do if the MSR bitmap is not in use. */
630 if (!cpu_has_vmx_msr_bitmap() ||
631 !nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
635 * MSR bitmap update can be skipped when:
636 * - MSR bitmap for L1 hasn't changed.
637 * - Nested hypervisor (L1) is attempting to launch the same L2 as
639 * - Nested hypervisor (L1) has enabled 'Enlightened MSR Bitmap' feature
640 * and tells KVM (L0) there were no changes in MSR bitmap for L2.
642 if (!vmx->nested.force_msr_bitmap_recalc) {
643 struct hv_enlightened_vmcs *evmcs = nested_vmx_evmcs(vmx);
645 if (evmcs && evmcs->hv_enlightenments_control.msr_bitmap &&
646 evmcs->hv_clean_fields & HV_VMX_ENLIGHTENED_CLEAN_FIELD_MSR_BITMAP)
650 if (kvm_vcpu_map_readonly(vcpu, gpa_to_gfn(vmcs12->msr_bitmap), &map))
653 msr_bitmap_l1 = (unsigned long *)map.hva;
656 * To keep the control flow simple, pay eight 8-byte writes (sixteen
657 * 4-byte writes on 32-bit systems) up front to enable intercepts for
658 * the x2APIC MSR range and selectively toggle those relevant to L2.
660 enable_x2apic_msr_intercepts(msr_bitmap_l0);
662 if (nested_cpu_has_virt_x2apic_mode(vmcs12)) {
663 if (nested_cpu_has_apic_reg_virt(vmcs12)) {
665 * L0 need not intercept reads for MSRs between 0x800
666 * and 0x8ff, it just lets the processor take the value
667 * from the virtual-APIC page; take those 256 bits
668 * directly from the L1 bitmap.
670 for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
671 unsigned word = msr / BITS_PER_LONG;
673 msr_bitmap_l0[word] = msr_bitmap_l1[word];
677 nested_vmx_disable_intercept_for_x2apic_msr(
678 msr_bitmap_l1, msr_bitmap_l0,
679 X2APIC_MSR(APIC_TASKPRI),
680 MSR_TYPE_R | MSR_TYPE_W);
682 if (nested_cpu_has_vid(vmcs12)) {
683 nested_vmx_disable_intercept_for_x2apic_msr(
684 msr_bitmap_l1, msr_bitmap_l0,
685 X2APIC_MSR(APIC_EOI),
687 nested_vmx_disable_intercept_for_x2apic_msr(
688 msr_bitmap_l1, msr_bitmap_l0,
689 X2APIC_MSR(APIC_SELF_IPI),
695 * Always check vmcs01's bitmap to honor userspace MSR filters and any
696 * other runtime changes to vmcs01's bitmap, e.g. dynamic pass-through.
699 nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
700 MSR_FS_BASE, MSR_TYPE_RW);
702 nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
703 MSR_GS_BASE, MSR_TYPE_RW);
705 nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
706 MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
708 nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
709 MSR_IA32_SPEC_CTRL, MSR_TYPE_RW);
711 nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
712 MSR_IA32_PRED_CMD, MSR_TYPE_W);
714 nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0,
715 MSR_IA32_FLUSH_CMD, MSR_TYPE_W);
717 kvm_vcpu_unmap(vcpu, &map);
719 vmx->nested.force_msr_bitmap_recalc = false;
724 static void nested_cache_shadow_vmcs12(struct kvm_vcpu *vcpu,
725 struct vmcs12 *vmcs12)
727 struct vcpu_vmx *vmx = to_vmx(vcpu);
728 struct gfn_to_hva_cache *ghc = &vmx->nested.shadow_vmcs12_cache;
730 if (!nested_cpu_has_shadow_vmcs(vmcs12) ||
731 vmcs12->vmcs_link_pointer == INVALID_GPA)
734 if (ghc->gpa != vmcs12->vmcs_link_pointer &&
735 kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc,
736 vmcs12->vmcs_link_pointer, VMCS12_SIZE))
739 kvm_read_guest_cached(vmx->vcpu.kvm, ghc, get_shadow_vmcs12(vcpu),
743 static void nested_flush_cached_shadow_vmcs12(struct kvm_vcpu *vcpu,
744 struct vmcs12 *vmcs12)
746 struct vcpu_vmx *vmx = to_vmx(vcpu);
747 struct gfn_to_hva_cache *ghc = &vmx->nested.shadow_vmcs12_cache;
749 if (!nested_cpu_has_shadow_vmcs(vmcs12) ||
750 vmcs12->vmcs_link_pointer == INVALID_GPA)
753 if (ghc->gpa != vmcs12->vmcs_link_pointer &&
754 kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc,
755 vmcs12->vmcs_link_pointer, VMCS12_SIZE))
758 kvm_write_guest_cached(vmx->vcpu.kvm, ghc, get_shadow_vmcs12(vcpu),
763 * In nested virtualization, check if L1 has set
764 * VM_EXIT_ACK_INTR_ON_EXIT
766 static bool nested_exit_intr_ack_set(struct kvm_vcpu *vcpu)
768 return get_vmcs12(vcpu)->vm_exit_controls &
769 VM_EXIT_ACK_INTR_ON_EXIT;
772 static int nested_vmx_check_apic_access_controls(struct kvm_vcpu *vcpu,
773 struct vmcs12 *vmcs12)
775 if (nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES) &&
776 CC(!page_address_valid(vcpu, vmcs12->apic_access_addr)))
782 static int nested_vmx_check_apicv_controls(struct kvm_vcpu *vcpu,
783 struct vmcs12 *vmcs12)
785 if (!nested_cpu_has_virt_x2apic_mode(vmcs12) &&
786 !nested_cpu_has_apic_reg_virt(vmcs12) &&
787 !nested_cpu_has_vid(vmcs12) &&
788 !nested_cpu_has_posted_intr(vmcs12))
792 * If virtualize x2apic mode is enabled,
793 * virtualize apic access must be disabled.
795 if (CC(nested_cpu_has_virt_x2apic_mode(vmcs12) &&
796 nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)))
800 * If virtual interrupt delivery is enabled,
801 * we must exit on external interrupts.
803 if (CC(nested_cpu_has_vid(vmcs12) && !nested_exit_on_intr(vcpu)))
807 * bits 15:8 should be zero in posted_intr_nv,
808 * the descriptor address has been already checked
809 * in nested_get_vmcs12_pages.
811 * bits 5:0 of posted_intr_desc_addr should be zero.
813 if (nested_cpu_has_posted_intr(vmcs12) &&
814 (CC(!nested_cpu_has_vid(vmcs12)) ||
815 CC(!nested_exit_intr_ack_set(vcpu)) ||
816 CC((vmcs12->posted_intr_nv & 0xff00)) ||
817 CC(!kvm_vcpu_is_legal_aligned_gpa(vcpu, vmcs12->posted_intr_desc_addr, 64))))
820 /* tpr shadow is needed by all apicv features. */
821 if (CC(!nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)))
827 static int nested_vmx_check_msr_switch(struct kvm_vcpu *vcpu,
833 if (!kvm_vcpu_is_legal_aligned_gpa(vcpu, addr, 16) ||
834 !kvm_vcpu_is_legal_gpa(vcpu, (addr + count * sizeof(struct vmx_msr_entry) - 1)))
840 static int nested_vmx_check_exit_msr_switch_controls(struct kvm_vcpu *vcpu,
841 struct vmcs12 *vmcs12)
843 if (CC(nested_vmx_check_msr_switch(vcpu,
844 vmcs12->vm_exit_msr_load_count,
845 vmcs12->vm_exit_msr_load_addr)) ||
846 CC(nested_vmx_check_msr_switch(vcpu,
847 vmcs12->vm_exit_msr_store_count,
848 vmcs12->vm_exit_msr_store_addr)))
854 static int nested_vmx_check_entry_msr_switch_controls(struct kvm_vcpu *vcpu,
855 struct vmcs12 *vmcs12)
857 if (CC(nested_vmx_check_msr_switch(vcpu,
858 vmcs12->vm_entry_msr_load_count,
859 vmcs12->vm_entry_msr_load_addr)))
865 static int nested_vmx_check_pml_controls(struct kvm_vcpu *vcpu,
866 struct vmcs12 *vmcs12)
868 if (!nested_cpu_has_pml(vmcs12))
871 if (CC(!nested_cpu_has_ept(vmcs12)) ||
872 CC(!page_address_valid(vcpu, vmcs12->pml_address)))
878 static int nested_vmx_check_unrestricted_guest_controls(struct kvm_vcpu *vcpu,
879 struct vmcs12 *vmcs12)
881 if (CC(nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST) &&
882 !nested_cpu_has_ept(vmcs12)))
887 static int nested_vmx_check_mode_based_ept_exec_controls(struct kvm_vcpu *vcpu,
888 struct vmcs12 *vmcs12)
890 if (CC(nested_cpu_has2(vmcs12, SECONDARY_EXEC_MODE_BASED_EPT_EXEC) &&
891 !nested_cpu_has_ept(vmcs12)))
896 static int nested_vmx_check_shadow_vmcs_controls(struct kvm_vcpu *vcpu,
897 struct vmcs12 *vmcs12)
899 if (!nested_cpu_has_shadow_vmcs(vmcs12))
902 if (CC(!page_address_valid(vcpu, vmcs12->vmread_bitmap)) ||
903 CC(!page_address_valid(vcpu, vmcs12->vmwrite_bitmap)))
909 static int nested_vmx_msr_check_common(struct kvm_vcpu *vcpu,
910 struct vmx_msr_entry *e)
912 /* x2APIC MSR accesses are not allowed */
913 if (CC(vcpu->arch.apic_base & X2APIC_ENABLE && e->index >> 8 == 0x8))
915 if (CC(e->index == MSR_IA32_UCODE_WRITE) || /* SDM Table 35-2 */
916 CC(e->index == MSR_IA32_UCODE_REV))
918 if (CC(e->reserved != 0))
923 static int nested_vmx_load_msr_check(struct kvm_vcpu *vcpu,
924 struct vmx_msr_entry *e)
926 if (CC(e->index == MSR_FS_BASE) ||
927 CC(e->index == MSR_GS_BASE) ||
928 CC(e->index == MSR_IA32_SMM_MONITOR_CTL) || /* SMM is not supported */
929 nested_vmx_msr_check_common(vcpu, e))
934 static int nested_vmx_store_msr_check(struct kvm_vcpu *vcpu,
935 struct vmx_msr_entry *e)
937 if (CC(e->index == MSR_IA32_SMBASE) || /* SMM is not supported */
938 nested_vmx_msr_check_common(vcpu, e))
943 static u32 nested_vmx_max_atomic_switch_msrs(struct kvm_vcpu *vcpu)
945 struct vcpu_vmx *vmx = to_vmx(vcpu);
946 u64 vmx_misc = vmx_control_msr(vmx->nested.msrs.misc_low,
947 vmx->nested.msrs.misc_high);
949 return (vmx_misc_max_msr(vmx_misc) + 1) * VMX_MISC_MSR_LIST_MULTIPLIER;
953 * Load guest's/host's msr at nested entry/exit.
954 * return 0 for success, entry index for failure.
956 * One of the failure modes for MSR load/store is when a list exceeds the
957 * virtual hardware's capacity. To maintain compatibility with hardware inasmuch
958 * as possible, process all valid entries before failing rather than precheck
959 * for a capacity violation.
961 static u32 nested_vmx_load_msr(struct kvm_vcpu *vcpu, u64 gpa, u32 count)
964 struct vmx_msr_entry e;
965 u32 max_msr_list_size = nested_vmx_max_atomic_switch_msrs(vcpu);
967 for (i = 0; i < count; i++) {
968 if (unlikely(i >= max_msr_list_size))
971 if (kvm_vcpu_read_guest(vcpu, gpa + i * sizeof(e),
973 pr_debug_ratelimited(
974 "%s cannot read MSR entry (%u, 0x%08llx)\n",
975 __func__, i, gpa + i * sizeof(e));
978 if (nested_vmx_load_msr_check(vcpu, &e)) {
979 pr_debug_ratelimited(
980 "%s check failed (%u, 0x%x, 0x%x)\n",
981 __func__, i, e.index, e.reserved);
984 if (kvm_set_msr_with_filter(vcpu, e.index, e.value)) {
985 pr_debug_ratelimited(
986 "%s cannot write MSR (%u, 0x%x, 0x%llx)\n",
987 __func__, i, e.index, e.value);
993 /* Note, max_msr_list_size is at most 4096, i.e. this can't wrap. */
997 static bool nested_vmx_get_vmexit_msr_value(struct kvm_vcpu *vcpu,
1001 struct vcpu_vmx *vmx = to_vmx(vcpu);
1004 * If the L0 hypervisor stored a more accurate value for the TSC that
1005 * does not include the time taken for emulation of the L2->L1
1006 * VM-exit in L0, use the more accurate value.
1008 if (msr_index == MSR_IA32_TSC) {
1009 int i = vmx_find_loadstore_msr_slot(&vmx->msr_autostore.guest,
1013 u64 val = vmx->msr_autostore.guest.val[i].value;
1015 *data = kvm_read_l1_tsc(vcpu, val);
1020 if (kvm_get_msr_with_filter(vcpu, msr_index, data)) {
1021 pr_debug_ratelimited("%s cannot read MSR (0x%x)\n", __func__,
1028 static bool read_and_check_msr_entry(struct kvm_vcpu *vcpu, u64 gpa, int i,
1029 struct vmx_msr_entry *e)
1031 if (kvm_vcpu_read_guest(vcpu,
1032 gpa + i * sizeof(*e),
1033 e, 2 * sizeof(u32))) {
1034 pr_debug_ratelimited(
1035 "%s cannot read MSR entry (%u, 0x%08llx)\n",
1036 __func__, i, gpa + i * sizeof(*e));
1039 if (nested_vmx_store_msr_check(vcpu, e)) {
1040 pr_debug_ratelimited(
1041 "%s check failed (%u, 0x%x, 0x%x)\n",
1042 __func__, i, e->index, e->reserved);
1048 static int nested_vmx_store_msr(struct kvm_vcpu *vcpu, u64 gpa, u32 count)
1052 struct vmx_msr_entry e;
1053 u32 max_msr_list_size = nested_vmx_max_atomic_switch_msrs(vcpu);
1055 for (i = 0; i < count; i++) {
1056 if (unlikely(i >= max_msr_list_size))
1059 if (!read_and_check_msr_entry(vcpu, gpa, i, &e))
1062 if (!nested_vmx_get_vmexit_msr_value(vcpu, e.index, &data))
1065 if (kvm_vcpu_write_guest(vcpu,
1066 gpa + i * sizeof(e) +
1067 offsetof(struct vmx_msr_entry, value),
1068 &data, sizeof(data))) {
1069 pr_debug_ratelimited(
1070 "%s cannot write MSR (%u, 0x%x, 0x%llx)\n",
1071 __func__, i, e.index, data);
1078 static bool nested_msr_store_list_has_msr(struct kvm_vcpu *vcpu, u32 msr_index)
1080 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1081 u32 count = vmcs12->vm_exit_msr_store_count;
1082 u64 gpa = vmcs12->vm_exit_msr_store_addr;
1083 struct vmx_msr_entry e;
1086 for (i = 0; i < count; i++) {
1087 if (!read_and_check_msr_entry(vcpu, gpa, i, &e))
1090 if (e.index == msr_index)
1096 static void prepare_vmx_msr_autostore_list(struct kvm_vcpu *vcpu,
1099 struct vcpu_vmx *vmx = to_vmx(vcpu);
1100 struct vmx_msrs *autostore = &vmx->msr_autostore.guest;
1101 bool in_vmcs12_store_list;
1102 int msr_autostore_slot;
1103 bool in_autostore_list;
1106 msr_autostore_slot = vmx_find_loadstore_msr_slot(autostore, msr_index);
1107 in_autostore_list = msr_autostore_slot >= 0;
1108 in_vmcs12_store_list = nested_msr_store_list_has_msr(vcpu, msr_index);
1110 if (in_vmcs12_store_list && !in_autostore_list) {
1111 if (autostore->nr == MAX_NR_LOADSTORE_MSRS) {
1113 * Emulated VMEntry does not fail here. Instead a less
1114 * accurate value will be returned by
1115 * nested_vmx_get_vmexit_msr_value() by reading KVM's
1116 * internal MSR state instead of reading the value from
1117 * the vmcs02 VMExit MSR-store area.
1119 pr_warn_ratelimited(
1120 "Not enough msr entries in msr_autostore. Can't add msr %x\n",
1124 last = autostore->nr++;
1125 autostore->val[last].index = msr_index;
1126 } else if (!in_vmcs12_store_list && in_autostore_list) {
1127 last = --autostore->nr;
1128 autostore->val[msr_autostore_slot] = autostore->val[last];
1133 * Load guest's/host's cr3 at nested entry/exit. @nested_ept is true if we are
1134 * emulating VM-Entry into a guest with EPT enabled. On failure, the expected
1135 * Exit Qualification (for a VM-Entry consistency check VM-Exit) is assigned to
1136 * @entry_failure_code.
1138 static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3,
1139 bool nested_ept, bool reload_pdptrs,
1140 enum vm_entry_failure_code *entry_failure_code)
1142 if (CC(!kvm_vcpu_is_legal_cr3(vcpu, cr3))) {
1143 *entry_failure_code = ENTRY_FAIL_DEFAULT;
1148 * If PAE paging and EPT are both on, CR3 is not used by the CPU and
1149 * must not be dereferenced.
1151 if (reload_pdptrs && !nested_ept && is_pae_paging(vcpu) &&
1152 CC(!load_pdptrs(vcpu, cr3))) {
1153 *entry_failure_code = ENTRY_FAIL_PDPTE;
1157 vcpu->arch.cr3 = cr3;
1158 kvm_register_mark_dirty(vcpu, VCPU_EXREG_CR3);
1160 /* Re-initialize the MMU, e.g. to pick up CR4 MMU role changes. */
1164 kvm_mmu_new_pgd(vcpu, cr3);
1170 * Returns if KVM is able to config CPU to tag TLB entries
1171 * populated by L2 differently than TLB entries populated
1174 * If L0 uses EPT, L1 and L2 run with different EPTP because
1175 * guest_mode is part of kvm_mmu_page_role. Thus, TLB entries
1176 * are tagged with different EPTP.
1178 * If L1 uses VPID and we allocated a vpid02, TLB entries are tagged
1179 * with different VPID (L1 entries are tagged with vmx->vpid
1180 * while L2 entries are tagged with vmx->nested.vpid02).
1182 static bool nested_has_guest_tlb_tag(struct kvm_vcpu *vcpu)
1184 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
1186 return enable_ept ||
1187 (nested_cpu_has_vpid(vmcs12) && to_vmx(vcpu)->nested.vpid02);
1190 static void nested_vmx_transition_tlb_flush(struct kvm_vcpu *vcpu,
1191 struct vmcs12 *vmcs12,
1194 struct vcpu_vmx *vmx = to_vmx(vcpu);
1196 /* Handle pending Hyper-V TLB flush requests */
1197 kvm_hv_nested_transtion_tlb_flush(vcpu, enable_ept);
1200 * If VPID is disabled, then guest TLB accesses use VPID=0, i.e. the
1201 * same VPID as the host, and so architecturally, linear and combined
1202 * mappings for VPID=0 must be flushed at VM-Enter and VM-Exit. KVM
1203 * emulates L2 sharing L1's VPID=0 by using vpid01 while running L2,
1204 * and so KVM must also emulate TLB flush of VPID=0, i.e. vpid01. This
1205 * is required if VPID is disabled in KVM, as a TLB flush (there are no
1206 * VPIDs) still occurs from L1's perspective, and KVM may need to
1207 * synchronize the MMU in response to the guest TLB flush.
1209 * Note, using TLB_FLUSH_GUEST is correct even if nested EPT is in use.
1210 * EPT is a special snowflake, as guest-physical mappings aren't
1211 * flushed on VPID invalidations, including VM-Enter or VM-Exit with
1212 * VPID disabled. As a result, KVM _never_ needs to sync nEPT
1213 * entries on VM-Enter because L1 can't rely on VM-Enter to flush
1216 if (!nested_cpu_has_vpid(vmcs12)) {
1217 kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu);
1221 /* L2 should never have a VPID if VPID is disabled. */
1222 WARN_ON(!enable_vpid);
1225 * VPID is enabled and in use by vmcs12. If vpid12 is changing, then
1226 * emulate a guest TLB flush as KVM does not track vpid12 history nor
1227 * is the VPID incorporated into the MMU context. I.e. KVM must assume
1228 * that the new vpid12 has never been used and thus represents a new
1229 * guest ASID that cannot have entries in the TLB.
1231 if (is_vmenter && vmcs12->virtual_processor_id != vmx->nested.last_vpid) {
1232 vmx->nested.last_vpid = vmcs12->virtual_processor_id;
1233 kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu);
1238 * If VPID is enabled, used by vmc12, and vpid12 is not changing but
1239 * does not have a unique TLB tag (ASID), i.e. EPT is disabled and
1240 * KVM was unable to allocate a VPID for L2, flush the current context
1241 * as the effective ASID is common to both L1 and L2.
1243 if (!nested_has_guest_tlb_tag(vcpu))
1244 kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu);
1247 static bool is_bitwise_subset(u64 superset, u64 subset, u64 mask)
1252 return (superset | subset) == superset;
1255 static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data)
1257 const u64 feature_bits = VMX_BASIC_DUAL_MONITOR_TREATMENT |
1259 VMX_BASIC_TRUE_CTLS;
1261 const u64 reserved_bits = GENMASK_ULL(63, 56) |
1262 GENMASK_ULL(47, 45) |
1265 u64 vmx_basic = vmcs_config.nested.basic;
1267 BUILD_BUG_ON(feature_bits & reserved_bits);
1270 * Except for 32BIT_PHYS_ADDR_ONLY, which is an anti-feature bit (has
1271 * inverted polarity), the incoming value must not set feature bits or
1272 * reserved bits that aren't allowed/supported by KVM. Fields, i.e.
1273 * multi-bit values, are explicitly checked below.
1275 if (!is_bitwise_subset(vmx_basic, data, feature_bits | reserved_bits))
1279 * KVM does not emulate a version of VMX that constrains physical
1280 * addresses of VMX structures (e.g. VMCS) to 32-bits.
1282 if (data & VMX_BASIC_32BIT_PHYS_ADDR_ONLY)
1285 if (vmx_basic_vmcs_revision_id(vmx_basic) !=
1286 vmx_basic_vmcs_revision_id(data))
1289 if (vmx_basic_vmcs_size(vmx_basic) > vmx_basic_vmcs_size(data))
1292 vmx->nested.msrs.basic = data;
1296 static void vmx_get_control_msr(struct nested_vmx_msrs *msrs, u32 msr_index,
1297 u32 **low, u32 **high)
1299 switch (msr_index) {
1300 case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
1301 *low = &msrs->pinbased_ctls_low;
1302 *high = &msrs->pinbased_ctls_high;
1304 case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
1305 *low = &msrs->procbased_ctls_low;
1306 *high = &msrs->procbased_ctls_high;
1308 case MSR_IA32_VMX_TRUE_EXIT_CTLS:
1309 *low = &msrs->exit_ctls_low;
1310 *high = &msrs->exit_ctls_high;
1312 case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
1313 *low = &msrs->entry_ctls_low;
1314 *high = &msrs->entry_ctls_high;
1316 case MSR_IA32_VMX_PROCBASED_CTLS2:
1317 *low = &msrs->secondary_ctls_low;
1318 *high = &msrs->secondary_ctls_high;
1326 vmx_restore_control_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data)
1331 vmx_get_control_msr(&vmcs_config.nested, msr_index, &lowp, &highp);
1333 supported = vmx_control_msr(*lowp, *highp);
1335 /* Check must-be-1 bits are still 1. */
1336 if (!is_bitwise_subset(data, supported, GENMASK_ULL(31, 0)))
1339 /* Check must-be-0 bits are still 0. */
1340 if (!is_bitwise_subset(supported, data, GENMASK_ULL(63, 32)))
1343 vmx_get_control_msr(&vmx->nested.msrs, msr_index, &lowp, &highp);
1345 *highp = data >> 32;
1349 static int vmx_restore_vmx_misc(struct vcpu_vmx *vmx, u64 data)
1351 const u64 feature_bits = VMX_MISC_SAVE_EFER_LMA |
1352 VMX_MISC_ACTIVITY_HLT |
1353 VMX_MISC_ACTIVITY_SHUTDOWN |
1354 VMX_MISC_ACTIVITY_WAIT_SIPI |
1356 VMX_MISC_RDMSR_IN_SMM |
1357 VMX_MISC_VMWRITE_SHADOW_RO_FIELDS |
1358 VMX_MISC_VMXOFF_BLOCK_SMI |
1359 VMX_MISC_ZERO_LEN_INS;
1361 const u64 reserved_bits = BIT_ULL(31) | GENMASK_ULL(13, 9);
1363 u64 vmx_misc = vmx_control_msr(vmcs_config.nested.misc_low,
1364 vmcs_config.nested.misc_high);
1366 BUILD_BUG_ON(feature_bits & reserved_bits);
1369 * The incoming value must not set feature bits or reserved bits that
1370 * aren't allowed/supported by KVM. Fields, i.e. multi-bit values, are
1371 * explicitly checked below.
1373 if (!is_bitwise_subset(vmx_misc, data, feature_bits | reserved_bits))
1376 if ((vmx->nested.msrs.pinbased_ctls_high &
1377 PIN_BASED_VMX_PREEMPTION_TIMER) &&
1378 vmx_misc_preemption_timer_rate(data) !=
1379 vmx_misc_preemption_timer_rate(vmx_misc))
1382 if (vmx_misc_cr3_count(data) > vmx_misc_cr3_count(vmx_misc))
1385 if (vmx_misc_max_msr(data) > vmx_misc_max_msr(vmx_misc))
1388 if (vmx_misc_mseg_revid(data) != vmx_misc_mseg_revid(vmx_misc))
1391 vmx->nested.msrs.misc_low = data;
1392 vmx->nested.msrs.misc_high = data >> 32;
1397 static int vmx_restore_vmx_ept_vpid_cap(struct vcpu_vmx *vmx, u64 data)
1399 u64 vmx_ept_vpid_cap = vmx_control_msr(vmcs_config.nested.ept_caps,
1400 vmcs_config.nested.vpid_caps);
1402 /* Every bit is either reserved or a feature bit. */
1403 if (!is_bitwise_subset(vmx_ept_vpid_cap, data, -1ULL))
1406 vmx->nested.msrs.ept_caps = data;
1407 vmx->nested.msrs.vpid_caps = data >> 32;
1411 static u64 *vmx_get_fixed0_msr(struct nested_vmx_msrs *msrs, u32 msr_index)
1413 switch (msr_index) {
1414 case MSR_IA32_VMX_CR0_FIXED0:
1415 return &msrs->cr0_fixed0;
1416 case MSR_IA32_VMX_CR4_FIXED0:
1417 return &msrs->cr4_fixed0;
1423 static int vmx_restore_fixed0_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data)
1425 const u64 *msr = vmx_get_fixed0_msr(&vmcs_config.nested, msr_index);
1428 * 1 bits (which indicates bits which "must-be-1" during VMX operation)
1429 * must be 1 in the restored value.
1431 if (!is_bitwise_subset(data, *msr, -1ULL))
1434 *vmx_get_fixed0_msr(&vmx->nested.msrs, msr_index) = data;
1439 * Called when userspace is restoring VMX MSRs.
1441 * Returns 0 on success, non-0 otherwise.
1443 int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
1445 struct vcpu_vmx *vmx = to_vmx(vcpu);
1448 * Don't allow changes to the VMX capability MSRs while the vCPU
1449 * is in VMX operation.
1451 if (vmx->nested.vmxon)
1454 switch (msr_index) {
1455 case MSR_IA32_VMX_BASIC:
1456 return vmx_restore_vmx_basic(vmx, data);
1457 case MSR_IA32_VMX_PINBASED_CTLS:
1458 case MSR_IA32_VMX_PROCBASED_CTLS:
1459 case MSR_IA32_VMX_EXIT_CTLS:
1460 case MSR_IA32_VMX_ENTRY_CTLS:
1462 * The "non-true" VMX capability MSRs are generated from the
1463 * "true" MSRs, so we do not support restoring them directly.
1465 * If userspace wants to emulate VMX_BASIC[55]=0, userspace
1466 * should restore the "true" MSRs with the must-be-1 bits
1467 * set according to the SDM Vol 3. A.2 "RESERVED CONTROLS AND
1468 * DEFAULT SETTINGS".
1471 case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
1472 case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
1473 case MSR_IA32_VMX_TRUE_EXIT_CTLS:
1474 case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
1475 case MSR_IA32_VMX_PROCBASED_CTLS2:
1476 return vmx_restore_control_msr(vmx, msr_index, data);
1477 case MSR_IA32_VMX_MISC:
1478 return vmx_restore_vmx_misc(vmx, data);
1479 case MSR_IA32_VMX_CR0_FIXED0:
1480 case MSR_IA32_VMX_CR4_FIXED0:
1481 return vmx_restore_fixed0_msr(vmx, msr_index, data);
1482 case MSR_IA32_VMX_CR0_FIXED1:
1483 case MSR_IA32_VMX_CR4_FIXED1:
1485 * These MSRs are generated based on the vCPU's CPUID, so we
1486 * do not support restoring them directly.
1489 case MSR_IA32_VMX_EPT_VPID_CAP:
1490 return vmx_restore_vmx_ept_vpid_cap(vmx, data);
1491 case MSR_IA32_VMX_VMCS_ENUM:
1492 vmx->nested.msrs.vmcs_enum = data;
1494 case MSR_IA32_VMX_VMFUNC:
1495 if (data & ~vmcs_config.nested.vmfunc_controls)
1497 vmx->nested.msrs.vmfunc_controls = data;
1501 * The rest of the VMX capability MSRs do not support restore.
1507 /* Returns 0 on success, non-0 otherwise. */
1508 int vmx_get_vmx_msr(struct nested_vmx_msrs *msrs, u32 msr_index, u64 *pdata)
1510 switch (msr_index) {
1511 case MSR_IA32_VMX_BASIC:
1512 *pdata = msrs->basic;
1514 case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
1515 case MSR_IA32_VMX_PINBASED_CTLS:
1516 *pdata = vmx_control_msr(
1517 msrs->pinbased_ctls_low,
1518 msrs->pinbased_ctls_high);
1519 if (msr_index == MSR_IA32_VMX_PINBASED_CTLS)
1520 *pdata |= PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
1522 case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
1523 case MSR_IA32_VMX_PROCBASED_CTLS:
1524 *pdata = vmx_control_msr(
1525 msrs->procbased_ctls_low,
1526 msrs->procbased_ctls_high);
1527 if (msr_index == MSR_IA32_VMX_PROCBASED_CTLS)
1528 *pdata |= CPU_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
1530 case MSR_IA32_VMX_TRUE_EXIT_CTLS:
1531 case MSR_IA32_VMX_EXIT_CTLS:
1532 *pdata = vmx_control_msr(
1533 msrs->exit_ctls_low,
1534 msrs->exit_ctls_high);
1535 if (msr_index == MSR_IA32_VMX_EXIT_CTLS)
1536 *pdata |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR;
1538 case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
1539 case MSR_IA32_VMX_ENTRY_CTLS:
1540 *pdata = vmx_control_msr(
1541 msrs->entry_ctls_low,
1542 msrs->entry_ctls_high);
1543 if (msr_index == MSR_IA32_VMX_ENTRY_CTLS)
1544 *pdata |= VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR;
1546 case MSR_IA32_VMX_MISC:
1547 *pdata = vmx_control_msr(
1551 case MSR_IA32_VMX_CR0_FIXED0:
1552 *pdata = msrs->cr0_fixed0;
1554 case MSR_IA32_VMX_CR0_FIXED1:
1555 *pdata = msrs->cr0_fixed1;
1557 case MSR_IA32_VMX_CR4_FIXED0:
1558 *pdata = msrs->cr4_fixed0;
1560 case MSR_IA32_VMX_CR4_FIXED1:
1561 *pdata = msrs->cr4_fixed1;
1563 case MSR_IA32_VMX_VMCS_ENUM:
1564 *pdata = msrs->vmcs_enum;
1566 case MSR_IA32_VMX_PROCBASED_CTLS2:
1567 *pdata = vmx_control_msr(
1568 msrs->secondary_ctls_low,
1569 msrs->secondary_ctls_high);
1571 case MSR_IA32_VMX_EPT_VPID_CAP:
1572 *pdata = msrs->ept_caps |
1573 ((u64)msrs->vpid_caps << 32);
1575 case MSR_IA32_VMX_VMFUNC:
1576 *pdata = msrs->vmfunc_controls;
1586 * Copy the writable VMCS shadow fields back to the VMCS12, in case they have
1587 * been modified by the L1 guest. Note, "writable" in this context means
1588 * "writable by the guest", i.e. tagged SHADOW_FIELD_RW; the set of
1589 * fields tagged SHADOW_FIELD_RO may or may not align with the "read-only"
1590 * VM-exit information fields (which are actually writable if the vCPU is
1591 * configured to support "VMWRITE to any supported field in the VMCS").
1593 static void copy_shadow_to_vmcs12(struct vcpu_vmx *vmx)
1595 struct vmcs *shadow_vmcs = vmx->vmcs01.shadow_vmcs;
1596 struct vmcs12 *vmcs12 = get_vmcs12(&vmx->vcpu);
1597 struct shadow_vmcs_field field;
1601 if (WARN_ON(!shadow_vmcs))
1606 vmcs_load(shadow_vmcs);
1608 for (i = 0; i < max_shadow_read_write_fields; i++) {
1609 field = shadow_read_write_fields[i];
1610 val = __vmcs_readl(field.encoding);
1611 vmcs12_write_any(vmcs12, field.encoding, field.offset, val);
1614 vmcs_clear(shadow_vmcs);
1615 vmcs_load(vmx->loaded_vmcs->vmcs);
1620 static void copy_vmcs12_to_shadow(struct vcpu_vmx *vmx)
1622 const struct shadow_vmcs_field *fields[] = {
1623 shadow_read_write_fields,
1624 shadow_read_only_fields
1626 const int max_fields[] = {
1627 max_shadow_read_write_fields,
1628 max_shadow_read_only_fields
1630 struct vmcs *shadow_vmcs = vmx->vmcs01.shadow_vmcs;
1631 struct vmcs12 *vmcs12 = get_vmcs12(&vmx->vcpu);
1632 struct shadow_vmcs_field field;
1636 if (WARN_ON(!shadow_vmcs))
1639 vmcs_load(shadow_vmcs);
1641 for (q = 0; q < ARRAY_SIZE(fields); q++) {
1642 for (i = 0; i < max_fields[q]; i++) {
1643 field = fields[q][i];
1644 val = vmcs12_read_any(vmcs12, field.encoding,
1646 __vmcs_writel(field.encoding, val);
1650 vmcs_clear(shadow_vmcs);
1651 vmcs_load(vmx->loaded_vmcs->vmcs);
1654 static void copy_enlightened_to_vmcs12(struct vcpu_vmx *vmx, u32 hv_clean_fields)
1656 #ifdef CONFIG_KVM_HYPERV
1657 struct vmcs12 *vmcs12 = vmx->nested.cached_vmcs12;
1658 struct hv_enlightened_vmcs *evmcs = nested_vmx_evmcs(vmx);
1659 struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(&vmx->vcpu);
1661 /* HV_VMX_ENLIGHTENED_CLEAN_FIELD_NONE */
1662 vmcs12->tpr_threshold = evmcs->tpr_threshold;
1663 vmcs12->guest_rip = evmcs->guest_rip;
1665 if (unlikely(!(hv_clean_fields &
1666 HV_VMX_ENLIGHTENED_CLEAN_FIELD_ENLIGHTENMENTSCONTROL))) {
1667 hv_vcpu->nested.pa_page_gpa = evmcs->partition_assist_page;
1668 hv_vcpu->nested.vm_id = evmcs->hv_vm_id;
1669 hv_vcpu->nested.vp_id = evmcs->hv_vp_id;
1672 if (unlikely(!(hv_clean_fields &
1673 HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_BASIC))) {
1674 vmcs12->guest_rsp = evmcs->guest_rsp;
1675 vmcs12->guest_rflags = evmcs->guest_rflags;
1676 vmcs12->guest_interruptibility_info =
1677 evmcs->guest_interruptibility_info;
1679 * Not present in struct vmcs12:
1680 * vmcs12->guest_ssp = evmcs->guest_ssp;
1684 if (unlikely(!(hv_clean_fields &
1685 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_PROC))) {
1686 vmcs12->cpu_based_vm_exec_control =
1687 evmcs->cpu_based_vm_exec_control;
1690 if (unlikely(!(hv_clean_fields &
1691 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_EXCPN))) {
1692 vmcs12->exception_bitmap = evmcs->exception_bitmap;
1695 if (unlikely(!(hv_clean_fields &
1696 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_ENTRY))) {
1697 vmcs12->vm_entry_controls = evmcs->vm_entry_controls;
1700 if (unlikely(!(hv_clean_fields &
1701 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_EVENT))) {
1702 vmcs12->vm_entry_intr_info_field =
1703 evmcs->vm_entry_intr_info_field;
1704 vmcs12->vm_entry_exception_error_code =
1705 evmcs->vm_entry_exception_error_code;
1706 vmcs12->vm_entry_instruction_len =
1707 evmcs->vm_entry_instruction_len;
1710 if (unlikely(!(hv_clean_fields &
1711 HV_VMX_ENLIGHTENED_CLEAN_FIELD_HOST_GRP1))) {
1712 vmcs12->host_ia32_pat = evmcs->host_ia32_pat;
1713 vmcs12->host_ia32_efer = evmcs->host_ia32_efer;
1714 vmcs12->host_cr0 = evmcs->host_cr0;
1715 vmcs12->host_cr3 = evmcs->host_cr3;
1716 vmcs12->host_cr4 = evmcs->host_cr4;
1717 vmcs12->host_ia32_sysenter_esp = evmcs->host_ia32_sysenter_esp;
1718 vmcs12->host_ia32_sysenter_eip = evmcs->host_ia32_sysenter_eip;
1719 vmcs12->host_rip = evmcs->host_rip;
1720 vmcs12->host_ia32_sysenter_cs = evmcs->host_ia32_sysenter_cs;
1721 vmcs12->host_es_selector = evmcs->host_es_selector;
1722 vmcs12->host_cs_selector = evmcs->host_cs_selector;
1723 vmcs12->host_ss_selector = evmcs->host_ss_selector;
1724 vmcs12->host_ds_selector = evmcs->host_ds_selector;
1725 vmcs12->host_fs_selector = evmcs->host_fs_selector;
1726 vmcs12->host_gs_selector = evmcs->host_gs_selector;
1727 vmcs12->host_tr_selector = evmcs->host_tr_selector;
1728 vmcs12->host_ia32_perf_global_ctrl = evmcs->host_ia32_perf_global_ctrl;
1730 * Not present in struct vmcs12:
1731 * vmcs12->host_ia32_s_cet = evmcs->host_ia32_s_cet;
1732 * vmcs12->host_ssp = evmcs->host_ssp;
1733 * vmcs12->host_ia32_int_ssp_table_addr = evmcs->host_ia32_int_ssp_table_addr;
1737 if (unlikely(!(hv_clean_fields &
1738 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_GRP1))) {
1739 vmcs12->pin_based_vm_exec_control =
1740 evmcs->pin_based_vm_exec_control;
1741 vmcs12->vm_exit_controls = evmcs->vm_exit_controls;
1742 vmcs12->secondary_vm_exec_control =
1743 evmcs->secondary_vm_exec_control;
1746 if (unlikely(!(hv_clean_fields &
1747 HV_VMX_ENLIGHTENED_CLEAN_FIELD_IO_BITMAP))) {
1748 vmcs12->io_bitmap_a = evmcs->io_bitmap_a;
1749 vmcs12->io_bitmap_b = evmcs->io_bitmap_b;
1752 if (unlikely(!(hv_clean_fields &
1753 HV_VMX_ENLIGHTENED_CLEAN_FIELD_MSR_BITMAP))) {
1754 vmcs12->msr_bitmap = evmcs->msr_bitmap;
1757 if (unlikely(!(hv_clean_fields &
1758 HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_GRP2))) {
1759 vmcs12->guest_es_base = evmcs->guest_es_base;
1760 vmcs12->guest_cs_base = evmcs->guest_cs_base;
1761 vmcs12->guest_ss_base = evmcs->guest_ss_base;
1762 vmcs12->guest_ds_base = evmcs->guest_ds_base;
1763 vmcs12->guest_fs_base = evmcs->guest_fs_base;
1764 vmcs12->guest_gs_base = evmcs->guest_gs_base;
1765 vmcs12->guest_ldtr_base = evmcs->guest_ldtr_base;
1766 vmcs12->guest_tr_base = evmcs->guest_tr_base;
1767 vmcs12->guest_gdtr_base = evmcs->guest_gdtr_base;
1768 vmcs12->guest_idtr_base = evmcs->guest_idtr_base;
1769 vmcs12->guest_es_limit = evmcs->guest_es_limit;
1770 vmcs12->guest_cs_limit = evmcs->guest_cs_limit;
1771 vmcs12->guest_ss_limit = evmcs->guest_ss_limit;
1772 vmcs12->guest_ds_limit = evmcs->guest_ds_limit;
1773 vmcs12->guest_fs_limit = evmcs->guest_fs_limit;
1774 vmcs12->guest_gs_limit = evmcs->guest_gs_limit;
1775 vmcs12->guest_ldtr_limit = evmcs->guest_ldtr_limit;
1776 vmcs12->guest_tr_limit = evmcs->guest_tr_limit;
1777 vmcs12->guest_gdtr_limit = evmcs->guest_gdtr_limit;
1778 vmcs12->guest_idtr_limit = evmcs->guest_idtr_limit;
1779 vmcs12->guest_es_ar_bytes = evmcs->guest_es_ar_bytes;
1780 vmcs12->guest_cs_ar_bytes = evmcs->guest_cs_ar_bytes;
1781 vmcs12->guest_ss_ar_bytes = evmcs->guest_ss_ar_bytes;
1782 vmcs12->guest_ds_ar_bytes = evmcs->guest_ds_ar_bytes;
1783 vmcs12->guest_fs_ar_bytes = evmcs->guest_fs_ar_bytes;
1784 vmcs12->guest_gs_ar_bytes = evmcs->guest_gs_ar_bytes;
1785 vmcs12->guest_ldtr_ar_bytes = evmcs->guest_ldtr_ar_bytes;
1786 vmcs12->guest_tr_ar_bytes = evmcs->guest_tr_ar_bytes;
1787 vmcs12->guest_es_selector = evmcs->guest_es_selector;
1788 vmcs12->guest_cs_selector = evmcs->guest_cs_selector;
1789 vmcs12->guest_ss_selector = evmcs->guest_ss_selector;
1790 vmcs12->guest_ds_selector = evmcs->guest_ds_selector;
1791 vmcs12->guest_fs_selector = evmcs->guest_fs_selector;
1792 vmcs12->guest_gs_selector = evmcs->guest_gs_selector;
1793 vmcs12->guest_ldtr_selector = evmcs->guest_ldtr_selector;
1794 vmcs12->guest_tr_selector = evmcs->guest_tr_selector;
1797 if (unlikely(!(hv_clean_fields &
1798 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_GRP2))) {
1799 vmcs12->tsc_offset = evmcs->tsc_offset;
1800 vmcs12->virtual_apic_page_addr = evmcs->virtual_apic_page_addr;
1801 vmcs12->xss_exit_bitmap = evmcs->xss_exit_bitmap;
1802 vmcs12->encls_exiting_bitmap = evmcs->encls_exiting_bitmap;
1803 vmcs12->tsc_multiplier = evmcs->tsc_multiplier;
1806 if (unlikely(!(hv_clean_fields &
1807 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CRDR))) {
1808 vmcs12->cr0_guest_host_mask = evmcs->cr0_guest_host_mask;
1809 vmcs12->cr4_guest_host_mask = evmcs->cr4_guest_host_mask;
1810 vmcs12->cr0_read_shadow = evmcs->cr0_read_shadow;
1811 vmcs12->cr4_read_shadow = evmcs->cr4_read_shadow;
1812 vmcs12->guest_cr0 = evmcs->guest_cr0;
1813 vmcs12->guest_cr3 = evmcs->guest_cr3;
1814 vmcs12->guest_cr4 = evmcs->guest_cr4;
1815 vmcs12->guest_dr7 = evmcs->guest_dr7;
1818 if (unlikely(!(hv_clean_fields &
1819 HV_VMX_ENLIGHTENED_CLEAN_FIELD_HOST_POINTER))) {
1820 vmcs12->host_fs_base = evmcs->host_fs_base;
1821 vmcs12->host_gs_base = evmcs->host_gs_base;
1822 vmcs12->host_tr_base = evmcs->host_tr_base;
1823 vmcs12->host_gdtr_base = evmcs->host_gdtr_base;
1824 vmcs12->host_idtr_base = evmcs->host_idtr_base;
1825 vmcs12->host_rsp = evmcs->host_rsp;
1828 if (unlikely(!(hv_clean_fields &
1829 HV_VMX_ENLIGHTENED_CLEAN_FIELD_CONTROL_XLAT))) {
1830 vmcs12->ept_pointer = evmcs->ept_pointer;
1831 vmcs12->virtual_processor_id = evmcs->virtual_processor_id;
1834 if (unlikely(!(hv_clean_fields &
1835 HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_GRP1))) {
1836 vmcs12->vmcs_link_pointer = evmcs->vmcs_link_pointer;
1837 vmcs12->guest_ia32_debugctl = evmcs->guest_ia32_debugctl;
1838 vmcs12->guest_ia32_pat = evmcs->guest_ia32_pat;
1839 vmcs12->guest_ia32_efer = evmcs->guest_ia32_efer;
1840 vmcs12->guest_pdptr0 = evmcs->guest_pdptr0;
1841 vmcs12->guest_pdptr1 = evmcs->guest_pdptr1;
1842 vmcs12->guest_pdptr2 = evmcs->guest_pdptr2;
1843 vmcs12->guest_pdptr3 = evmcs->guest_pdptr3;
1844 vmcs12->guest_pending_dbg_exceptions =
1845 evmcs->guest_pending_dbg_exceptions;
1846 vmcs12->guest_sysenter_esp = evmcs->guest_sysenter_esp;
1847 vmcs12->guest_sysenter_eip = evmcs->guest_sysenter_eip;
1848 vmcs12->guest_bndcfgs = evmcs->guest_bndcfgs;
1849 vmcs12->guest_activity_state = evmcs->guest_activity_state;
1850 vmcs12->guest_sysenter_cs = evmcs->guest_sysenter_cs;
1851 vmcs12->guest_ia32_perf_global_ctrl = evmcs->guest_ia32_perf_global_ctrl;
1853 * Not present in struct vmcs12:
1854 * vmcs12->guest_ia32_s_cet = evmcs->guest_ia32_s_cet;
1855 * vmcs12->guest_ia32_lbr_ctl = evmcs->guest_ia32_lbr_ctl;
1856 * vmcs12->guest_ia32_int_ssp_table_addr = evmcs->guest_ia32_int_ssp_table_addr;
1862 * vmcs12->vm_exit_msr_store_addr = evmcs->vm_exit_msr_store_addr;
1863 * vmcs12->vm_exit_msr_load_addr = evmcs->vm_exit_msr_load_addr;
1864 * vmcs12->vm_entry_msr_load_addr = evmcs->vm_entry_msr_load_addr;
1865 * vmcs12->page_fault_error_code_mask =
1866 * evmcs->page_fault_error_code_mask;
1867 * vmcs12->page_fault_error_code_match =
1868 * evmcs->page_fault_error_code_match;
1869 * vmcs12->cr3_target_count = evmcs->cr3_target_count;
1870 * vmcs12->vm_exit_msr_store_count = evmcs->vm_exit_msr_store_count;
1871 * vmcs12->vm_exit_msr_load_count = evmcs->vm_exit_msr_load_count;
1872 * vmcs12->vm_entry_msr_load_count = evmcs->vm_entry_msr_load_count;
1877 * vmcs12->guest_physical_address = evmcs->guest_physical_address;
1878 * vmcs12->vm_instruction_error = evmcs->vm_instruction_error;
1879 * vmcs12->vm_exit_reason = evmcs->vm_exit_reason;
1880 * vmcs12->vm_exit_intr_info = evmcs->vm_exit_intr_info;
1881 * vmcs12->vm_exit_intr_error_code = evmcs->vm_exit_intr_error_code;
1882 * vmcs12->idt_vectoring_info_field = evmcs->idt_vectoring_info_field;
1883 * vmcs12->idt_vectoring_error_code = evmcs->idt_vectoring_error_code;
1884 * vmcs12->vm_exit_instruction_len = evmcs->vm_exit_instruction_len;
1885 * vmcs12->vmx_instruction_info = evmcs->vmx_instruction_info;
1886 * vmcs12->exit_qualification = evmcs->exit_qualification;
1887 * vmcs12->guest_linear_address = evmcs->guest_linear_address;
1889 * Not present in struct vmcs12:
1890 * vmcs12->exit_io_instruction_ecx = evmcs->exit_io_instruction_ecx;
1891 * vmcs12->exit_io_instruction_esi = evmcs->exit_io_instruction_esi;
1892 * vmcs12->exit_io_instruction_edi = evmcs->exit_io_instruction_edi;
1893 * vmcs12->exit_io_instruction_eip = evmcs->exit_io_instruction_eip;
1897 #else /* CONFIG_KVM_HYPERV */
1898 KVM_BUG_ON(1, vmx->vcpu.kvm);
1899 #endif /* CONFIG_KVM_HYPERV */
1902 static void copy_vmcs12_to_enlightened(struct vcpu_vmx *vmx)
1904 #ifdef CONFIG_KVM_HYPERV
1905 struct vmcs12 *vmcs12 = vmx->nested.cached_vmcs12;
1906 struct hv_enlightened_vmcs *evmcs = nested_vmx_evmcs(vmx);
1909 * Should not be changed by KVM:
1911 * evmcs->host_es_selector = vmcs12->host_es_selector;
1912 * evmcs->host_cs_selector = vmcs12->host_cs_selector;
1913 * evmcs->host_ss_selector = vmcs12->host_ss_selector;
1914 * evmcs->host_ds_selector = vmcs12->host_ds_selector;
1915 * evmcs->host_fs_selector = vmcs12->host_fs_selector;
1916 * evmcs->host_gs_selector = vmcs12->host_gs_selector;
1917 * evmcs->host_tr_selector = vmcs12->host_tr_selector;
1918 * evmcs->host_ia32_pat = vmcs12->host_ia32_pat;
1919 * evmcs->host_ia32_efer = vmcs12->host_ia32_efer;
1920 * evmcs->host_cr0 = vmcs12->host_cr0;
1921 * evmcs->host_cr3 = vmcs12->host_cr3;
1922 * evmcs->host_cr4 = vmcs12->host_cr4;
1923 * evmcs->host_ia32_sysenter_esp = vmcs12->host_ia32_sysenter_esp;
1924 * evmcs->host_ia32_sysenter_eip = vmcs12->host_ia32_sysenter_eip;
1925 * evmcs->host_rip = vmcs12->host_rip;
1926 * evmcs->host_ia32_sysenter_cs = vmcs12->host_ia32_sysenter_cs;
1927 * evmcs->host_fs_base = vmcs12->host_fs_base;
1928 * evmcs->host_gs_base = vmcs12->host_gs_base;
1929 * evmcs->host_tr_base = vmcs12->host_tr_base;
1930 * evmcs->host_gdtr_base = vmcs12->host_gdtr_base;
1931 * evmcs->host_idtr_base = vmcs12->host_idtr_base;
1932 * evmcs->host_rsp = vmcs12->host_rsp;
1933 * sync_vmcs02_to_vmcs12() doesn't read these:
1934 * evmcs->io_bitmap_a = vmcs12->io_bitmap_a;
1935 * evmcs->io_bitmap_b = vmcs12->io_bitmap_b;
1936 * evmcs->msr_bitmap = vmcs12->msr_bitmap;
1937 * evmcs->ept_pointer = vmcs12->ept_pointer;
1938 * evmcs->xss_exit_bitmap = vmcs12->xss_exit_bitmap;
1939 * evmcs->vm_exit_msr_store_addr = vmcs12->vm_exit_msr_store_addr;
1940 * evmcs->vm_exit_msr_load_addr = vmcs12->vm_exit_msr_load_addr;
1941 * evmcs->vm_entry_msr_load_addr = vmcs12->vm_entry_msr_load_addr;
1942 * evmcs->tpr_threshold = vmcs12->tpr_threshold;
1943 * evmcs->virtual_processor_id = vmcs12->virtual_processor_id;
1944 * evmcs->exception_bitmap = vmcs12->exception_bitmap;
1945 * evmcs->vmcs_link_pointer = vmcs12->vmcs_link_pointer;
1946 * evmcs->pin_based_vm_exec_control = vmcs12->pin_based_vm_exec_control;
1947 * evmcs->vm_exit_controls = vmcs12->vm_exit_controls;
1948 * evmcs->secondary_vm_exec_control = vmcs12->secondary_vm_exec_control;
1949 * evmcs->page_fault_error_code_mask =
1950 * vmcs12->page_fault_error_code_mask;
1951 * evmcs->page_fault_error_code_match =
1952 * vmcs12->page_fault_error_code_match;
1953 * evmcs->cr3_target_count = vmcs12->cr3_target_count;
1954 * evmcs->virtual_apic_page_addr = vmcs12->virtual_apic_page_addr;
1955 * evmcs->tsc_offset = vmcs12->tsc_offset;
1956 * evmcs->guest_ia32_debugctl = vmcs12->guest_ia32_debugctl;
1957 * evmcs->cr0_guest_host_mask = vmcs12->cr0_guest_host_mask;
1958 * evmcs->cr4_guest_host_mask = vmcs12->cr4_guest_host_mask;
1959 * evmcs->cr0_read_shadow = vmcs12->cr0_read_shadow;
1960 * evmcs->cr4_read_shadow = vmcs12->cr4_read_shadow;
1961 * evmcs->vm_exit_msr_store_count = vmcs12->vm_exit_msr_store_count;
1962 * evmcs->vm_exit_msr_load_count = vmcs12->vm_exit_msr_load_count;
1963 * evmcs->vm_entry_msr_load_count = vmcs12->vm_entry_msr_load_count;
1964 * evmcs->guest_ia32_perf_global_ctrl = vmcs12->guest_ia32_perf_global_ctrl;
1965 * evmcs->host_ia32_perf_global_ctrl = vmcs12->host_ia32_perf_global_ctrl;
1966 * evmcs->encls_exiting_bitmap = vmcs12->encls_exiting_bitmap;
1967 * evmcs->tsc_multiplier = vmcs12->tsc_multiplier;
1969 * Not present in struct vmcs12:
1970 * evmcs->exit_io_instruction_ecx = vmcs12->exit_io_instruction_ecx;
1971 * evmcs->exit_io_instruction_esi = vmcs12->exit_io_instruction_esi;
1972 * evmcs->exit_io_instruction_edi = vmcs12->exit_io_instruction_edi;
1973 * evmcs->exit_io_instruction_eip = vmcs12->exit_io_instruction_eip;
1974 * evmcs->host_ia32_s_cet = vmcs12->host_ia32_s_cet;
1975 * evmcs->host_ssp = vmcs12->host_ssp;
1976 * evmcs->host_ia32_int_ssp_table_addr = vmcs12->host_ia32_int_ssp_table_addr;
1977 * evmcs->guest_ia32_s_cet = vmcs12->guest_ia32_s_cet;
1978 * evmcs->guest_ia32_lbr_ctl = vmcs12->guest_ia32_lbr_ctl;
1979 * evmcs->guest_ia32_int_ssp_table_addr = vmcs12->guest_ia32_int_ssp_table_addr;
1980 * evmcs->guest_ssp = vmcs12->guest_ssp;
1983 evmcs->guest_es_selector = vmcs12->guest_es_selector;
1984 evmcs->guest_cs_selector = vmcs12->guest_cs_selector;
1985 evmcs->guest_ss_selector = vmcs12->guest_ss_selector;
1986 evmcs->guest_ds_selector = vmcs12->guest_ds_selector;
1987 evmcs->guest_fs_selector = vmcs12->guest_fs_selector;
1988 evmcs->guest_gs_selector = vmcs12->guest_gs_selector;
1989 evmcs->guest_ldtr_selector = vmcs12->guest_ldtr_selector;
1990 evmcs->guest_tr_selector = vmcs12->guest_tr_selector;
1992 evmcs->guest_es_limit = vmcs12->guest_es_limit;
1993 evmcs->guest_cs_limit = vmcs12->guest_cs_limit;
1994 evmcs->guest_ss_limit = vmcs12->guest_ss_limit;
1995 evmcs->guest_ds_limit = vmcs12->guest_ds_limit;
1996 evmcs->guest_fs_limit = vmcs12->guest_fs_limit;
1997 evmcs->guest_gs_limit = vmcs12->guest_gs_limit;
1998 evmcs->guest_ldtr_limit = vmcs12->guest_ldtr_limit;
1999 evmcs->guest_tr_limit = vmcs12->guest_tr_limit;
2000 evmcs->guest_gdtr_limit = vmcs12->guest_gdtr_limit;
2001 evmcs->guest_idtr_limit = vmcs12->guest_idtr_limit;
2003 evmcs->guest_es_ar_bytes = vmcs12->guest_es_ar_bytes;
2004 evmcs->guest_cs_ar_bytes = vmcs12->guest_cs_ar_bytes;
2005 evmcs->guest_ss_ar_bytes = vmcs12->guest_ss_ar_bytes;
2006 evmcs->guest_ds_ar_bytes = vmcs12->guest_ds_ar_bytes;
2007 evmcs->guest_fs_ar_bytes = vmcs12->guest_fs_ar_bytes;
2008 evmcs->guest_gs_ar_bytes = vmcs12->guest_gs_ar_bytes;
2009 evmcs->guest_ldtr_ar_bytes = vmcs12->guest_ldtr_ar_bytes;
2010 evmcs->guest_tr_ar_bytes = vmcs12->guest_tr_ar_bytes;
2012 evmcs->guest_es_base = vmcs12->guest_es_base;
2013 evmcs->guest_cs_base = vmcs12->guest_cs_base;
2014 evmcs->guest_ss_base = vmcs12->guest_ss_base;
2015 evmcs->guest_ds_base = vmcs12->guest_ds_base;
2016 evmcs->guest_fs_base = vmcs12->guest_fs_base;
2017 evmcs->guest_gs_base = vmcs12->guest_gs_base;
2018 evmcs->guest_ldtr_base = vmcs12->guest_ldtr_base;
2019 evmcs->guest_tr_base = vmcs12->guest_tr_base;
2020 evmcs->guest_gdtr_base = vmcs12->guest_gdtr_base;
2021 evmcs->guest_idtr_base = vmcs12->guest_idtr_base;
2023 evmcs->guest_ia32_pat = vmcs12->guest_ia32_pat;
2024 evmcs->guest_ia32_efer = vmcs12->guest_ia32_efer;
2026 evmcs->guest_pdptr0 = vmcs12->guest_pdptr0;
2027 evmcs->guest_pdptr1 = vmcs12->guest_pdptr1;
2028 evmcs->guest_pdptr2 = vmcs12->guest_pdptr2;
2029 evmcs->guest_pdptr3 = vmcs12->guest_pdptr3;
2031 evmcs->guest_pending_dbg_exceptions =
2032 vmcs12->guest_pending_dbg_exceptions;
2033 evmcs->guest_sysenter_esp = vmcs12->guest_sysenter_esp;
2034 evmcs->guest_sysenter_eip = vmcs12->guest_sysenter_eip;
2036 evmcs->guest_activity_state = vmcs12->guest_activity_state;
2037 evmcs->guest_sysenter_cs = vmcs12->guest_sysenter_cs;
2039 evmcs->guest_cr0 = vmcs12->guest_cr0;
2040 evmcs->guest_cr3 = vmcs12->guest_cr3;
2041 evmcs->guest_cr4 = vmcs12->guest_cr4;
2042 evmcs->guest_dr7 = vmcs12->guest_dr7;
2044 evmcs->guest_physical_address = vmcs12->guest_physical_address;
2046 evmcs->vm_instruction_error = vmcs12->vm_instruction_error;
2047 evmcs->vm_exit_reason = vmcs12->vm_exit_reason;
2048 evmcs->vm_exit_intr_info = vmcs12->vm_exit_intr_info;
2049 evmcs->vm_exit_intr_error_code = vmcs12->vm_exit_intr_error_code;
2050 evmcs->idt_vectoring_info_field = vmcs12->idt_vectoring_info_field;
2051 evmcs->idt_vectoring_error_code = vmcs12->idt_vectoring_error_code;
2052 evmcs->vm_exit_instruction_len = vmcs12->vm_exit_instruction_len;
2053 evmcs->vmx_instruction_info = vmcs12->vmx_instruction_info;
2055 evmcs->exit_qualification = vmcs12->exit_qualification;
2057 evmcs->guest_linear_address = vmcs12->guest_linear_address;
2058 evmcs->guest_rsp = vmcs12->guest_rsp;
2059 evmcs->guest_rflags = vmcs12->guest_rflags;
2061 evmcs->guest_interruptibility_info =
2062 vmcs12->guest_interruptibility_info;
2063 evmcs->cpu_based_vm_exec_control = vmcs12->cpu_based_vm_exec_control;
2064 evmcs->vm_entry_controls = vmcs12->vm_entry_controls;
2065 evmcs->vm_entry_intr_info_field = vmcs12->vm_entry_intr_info_field;
2066 evmcs->vm_entry_exception_error_code =
2067 vmcs12->vm_entry_exception_error_code;
2068 evmcs->vm_entry_instruction_len = vmcs12->vm_entry_instruction_len;
2070 evmcs->guest_rip = vmcs12->guest_rip;
2072 evmcs->guest_bndcfgs = vmcs12->guest_bndcfgs;
2075 #else /* CONFIG_KVM_HYPERV */
2076 KVM_BUG_ON(1, vmx->vcpu.kvm);
2077 #endif /* CONFIG_KVM_HYPERV */
2081 * This is an equivalent of the nested hypervisor executing the vmptrld
2084 static enum nested_evmptrld_status nested_vmx_handle_enlightened_vmptrld(
2085 struct kvm_vcpu *vcpu, bool from_launch)
2087 #ifdef CONFIG_KVM_HYPERV
2088 struct vcpu_vmx *vmx = to_vmx(vcpu);
2089 bool evmcs_gpa_changed = false;
2092 if (likely(!guest_cpuid_has_evmcs(vcpu)))
2093 return EVMPTRLD_DISABLED;
2095 evmcs_gpa = nested_get_evmptr(vcpu);
2096 if (!evmptr_is_valid(evmcs_gpa)) {
2097 nested_release_evmcs(vcpu);
2098 return EVMPTRLD_DISABLED;
2101 if (unlikely(evmcs_gpa != vmx->nested.hv_evmcs_vmptr)) {
2102 vmx->nested.current_vmptr = INVALID_GPA;
2104 nested_release_evmcs(vcpu);
2106 if (kvm_vcpu_map(vcpu, gpa_to_gfn(evmcs_gpa),
2107 &vmx->nested.hv_evmcs_map))
2108 return EVMPTRLD_ERROR;
2110 vmx->nested.hv_evmcs = vmx->nested.hv_evmcs_map.hva;
2113 * Currently, KVM only supports eVMCS version 1
2114 * (== KVM_EVMCS_VERSION) and thus we expect guest to set this
2115 * value to first u32 field of eVMCS which should specify eVMCS
2118 * Guest should be aware of supported eVMCS versions by host by
2119 * examining CPUID.0x4000000A.EAX[0:15]. Host userspace VMM is
2120 * expected to set this CPUID leaf according to the value
2121 * returned in vmcs_version from nested_enable_evmcs().
2123 * However, it turns out that Microsoft Hyper-V fails to comply
2124 * to their own invented interface: When Hyper-V use eVMCS, it
2125 * just sets first u32 field of eVMCS to revision_id specified
2126 * in MSR_IA32_VMX_BASIC. Instead of used eVMCS version number
2127 * which is one of the supported versions specified in
2128 * CPUID.0x4000000A.EAX[0:15].
2130 * To overcome Hyper-V bug, we accept here either a supported
2131 * eVMCS version or VMCS12 revision_id as valid values for first
2132 * u32 field of eVMCS.
2134 if ((vmx->nested.hv_evmcs->revision_id != KVM_EVMCS_VERSION) &&
2135 (vmx->nested.hv_evmcs->revision_id != VMCS12_REVISION)) {
2136 nested_release_evmcs(vcpu);
2137 return EVMPTRLD_VMFAIL;
2140 vmx->nested.hv_evmcs_vmptr = evmcs_gpa;
2142 evmcs_gpa_changed = true;
2144 * Unlike normal vmcs12, enlightened vmcs12 is not fully
2145 * reloaded from guest's memory (read only fields, fields not
2146 * present in struct hv_enlightened_vmcs, ...). Make sure there
2150 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
2151 memset(vmcs12, 0, sizeof(*vmcs12));
2152 vmcs12->hdr.revision_id = VMCS12_REVISION;
2158 * Clean fields data can't be used on VMLAUNCH and when we switch
2159 * between different L2 guests as KVM keeps a single VMCS12 per L1.
2161 if (from_launch || evmcs_gpa_changed) {
2162 vmx->nested.hv_evmcs->hv_clean_fields &=
2163 ~HV_VMX_ENLIGHTENED_CLEAN_FIELD_ALL;
2165 vmx->nested.force_msr_bitmap_recalc = true;
2168 return EVMPTRLD_SUCCEEDED;
2170 return EVMPTRLD_DISABLED;
2174 void nested_sync_vmcs12_to_shadow(struct kvm_vcpu *vcpu)
2176 struct vcpu_vmx *vmx = to_vmx(vcpu);
2178 if (nested_vmx_is_evmptr12_valid(vmx))
2179 copy_vmcs12_to_enlightened(vmx);
2181 copy_vmcs12_to_shadow(vmx);
2183 vmx->nested.need_vmcs12_to_shadow_sync = false;
2186 static enum hrtimer_restart vmx_preemption_timer_fn(struct hrtimer *timer)
2188 struct vcpu_vmx *vmx =
2189 container_of(timer, struct vcpu_vmx, nested.preemption_timer);
2191 vmx->nested.preemption_timer_expired = true;
2192 kvm_make_request(KVM_REQ_EVENT, &vmx->vcpu);
2193 kvm_vcpu_kick(&vmx->vcpu);
2195 return HRTIMER_NORESTART;
2198 static u64 vmx_calc_preemption_timer_value(struct kvm_vcpu *vcpu)
2200 struct vcpu_vmx *vmx = to_vmx(vcpu);
2201 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
2203 u64 l1_scaled_tsc = kvm_read_l1_tsc(vcpu, rdtsc()) >>
2204 VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE;
2206 if (!vmx->nested.has_preemption_timer_deadline) {
2207 vmx->nested.preemption_timer_deadline =
2208 vmcs12->vmx_preemption_timer_value + l1_scaled_tsc;
2209 vmx->nested.has_preemption_timer_deadline = true;
2211 return vmx->nested.preemption_timer_deadline - l1_scaled_tsc;
2214 static void vmx_start_preemption_timer(struct kvm_vcpu *vcpu,
2215 u64 preemption_timeout)
2217 struct vcpu_vmx *vmx = to_vmx(vcpu);
2220 * A timer value of zero is architecturally guaranteed to cause
2221 * a VMExit prior to executing any instructions in the guest.
2223 if (preemption_timeout == 0) {
2224 vmx_preemption_timer_fn(&vmx->nested.preemption_timer);
2228 if (vcpu->arch.virtual_tsc_khz == 0)
2231 preemption_timeout <<= VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE;
2232 preemption_timeout *= 1000000;
2233 do_div(preemption_timeout, vcpu->arch.virtual_tsc_khz);
2234 hrtimer_start(&vmx->nested.preemption_timer,
2235 ktime_add_ns(ktime_get(), preemption_timeout),
2236 HRTIMER_MODE_ABS_PINNED);
2239 static u64 nested_vmx_calc_efer(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
2241 if (vmx->nested.nested_run_pending &&
2242 (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER))
2243 return vmcs12->guest_ia32_efer;
2244 else if (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE)
2245 return vmx->vcpu.arch.efer | (EFER_LMA | EFER_LME);
2247 return vmx->vcpu.arch.efer & ~(EFER_LMA | EFER_LME);
2250 static void prepare_vmcs02_constant_state(struct vcpu_vmx *vmx)
2252 struct kvm *kvm = vmx->vcpu.kvm;
2255 * If vmcs02 hasn't been initialized, set the constant vmcs02 state
2256 * according to L0's settings (vmcs12 is irrelevant here). Host
2257 * fields that come from L0 and are not constant, e.g. HOST_CR3,
2258 * will be set as needed prior to VMLAUNCH/VMRESUME.
2260 if (vmx->nested.vmcs02_initialized)
2262 vmx->nested.vmcs02_initialized = true;
2265 * We don't care what the EPTP value is we just need to guarantee
2266 * it's valid so we don't get a false positive when doing early
2267 * consistency checks.
2269 if (enable_ept && nested_early_check)
2270 vmcs_write64(EPT_POINTER,
2271 construct_eptp(&vmx->vcpu, 0, PT64_ROOT_4LEVEL));
2274 vmcs_write64(VE_INFORMATION_ADDRESS, __pa(vmx->ve_info));
2276 /* All VMFUNCs are currently emulated through L0 vmexits. */
2277 if (cpu_has_vmx_vmfunc())
2278 vmcs_write64(VM_FUNCTION_CONTROL, 0);
2280 if (cpu_has_vmx_posted_intr())
2281 vmcs_write16(POSTED_INTR_NV, POSTED_INTR_NESTED_VECTOR);
2283 if (cpu_has_vmx_msr_bitmap())
2284 vmcs_write64(MSR_BITMAP, __pa(vmx->nested.vmcs02.msr_bitmap));
2287 * PML is emulated for L2, but never enabled in hardware as the MMU
2288 * handles A/D emulation. Disabling PML for L2 also avoids having to
2289 * deal with filtering out L2 GPAs from the buffer.
2292 vmcs_write64(PML_ADDRESS, 0);
2293 vmcs_write16(GUEST_PML_INDEX, -1);
2296 if (cpu_has_vmx_encls_vmexit())
2297 vmcs_write64(ENCLS_EXITING_BITMAP, INVALID_GPA);
2299 if (kvm_notify_vmexit_enabled(kvm))
2300 vmcs_write32(NOTIFY_WINDOW, kvm->arch.notify_window);
2303 * Set the MSR load/store lists to match L0's settings. Only the
2304 * addresses are constant (for vmcs02), the counts can change based
2305 * on L2's behavior, e.g. switching to/from long mode.
2307 vmcs_write64(VM_EXIT_MSR_STORE_ADDR, __pa(vmx->msr_autostore.guest.val));
2308 vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val));
2309 vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val));
2311 vmx_set_constant_host_state(vmx);
2314 static void prepare_vmcs02_early_rare(struct vcpu_vmx *vmx,
2315 struct vmcs12 *vmcs12)
2317 prepare_vmcs02_constant_state(vmx);
2319 vmcs_write64(VMCS_LINK_POINTER, INVALID_GPA);
2322 * If VPID is disabled, then guest TLB accesses use VPID=0, i.e. the
2323 * same VPID as the host. Emulate this behavior by using vpid01 for L2
2324 * if VPID is disabled in vmcs12. Note, if VPID is disabled, VM-Enter
2325 * and VM-Exit are architecturally required to flush VPID=0, but *only*
2326 * VPID=0. I.e. using vpid02 would be ok (so long as KVM emulates the
2327 * required flushes), but doing so would cause KVM to over-flush. E.g.
2328 * if L1 runs L2 X with VPID12=1, then runs L2 Y with VPID12 disabled,
2329 * and then runs L2 X again, then KVM can and should retain TLB entries
2333 if (nested_cpu_has_vpid(vmcs12) && vmx->nested.vpid02)
2334 vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->nested.vpid02);
2336 vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid);
2340 static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs01,
2341 struct vmcs12 *vmcs12)
2344 u64 guest_efer = nested_vmx_calc_efer(vmx, vmcs12);
2346 if (vmx->nested.dirty_vmcs12 || nested_vmx_is_evmptr12_valid(vmx))
2347 prepare_vmcs02_early_rare(vmx, vmcs12);
2352 exec_control = __pin_controls_get(vmcs01);
2353 exec_control |= (vmcs12->pin_based_vm_exec_control &
2354 ~PIN_BASED_VMX_PREEMPTION_TIMER);
2356 /* Posted interrupts setting is only taken from vmcs12. */
2357 vmx->nested.pi_pending = false;
2358 if (nested_cpu_has_posted_intr(vmcs12)) {
2359 vmx->nested.posted_intr_nv = vmcs12->posted_intr_nv;
2361 vmx->nested.posted_intr_nv = -1;
2362 exec_control &= ~PIN_BASED_POSTED_INTR;
2364 pin_controls_set(vmx, exec_control);
2369 exec_control = __exec_controls_get(vmcs01); /* L0's desires */
2370 exec_control &= ~CPU_BASED_INTR_WINDOW_EXITING;
2371 exec_control &= ~CPU_BASED_NMI_WINDOW_EXITING;
2372 exec_control &= ~CPU_BASED_TPR_SHADOW;
2373 exec_control |= vmcs12->cpu_based_vm_exec_control;
2375 vmx->nested.l1_tpr_threshold = -1;
2376 if (exec_control & CPU_BASED_TPR_SHADOW)
2377 vmcs_write32(TPR_THRESHOLD, vmcs12->tpr_threshold);
2378 #ifdef CONFIG_X86_64
2380 exec_control |= CPU_BASED_CR8_LOAD_EXITING |
2381 CPU_BASED_CR8_STORE_EXITING;
2385 * A vmexit (to either L1 hypervisor or L0 userspace) is always needed
2386 * for I/O port accesses.
2388 exec_control |= CPU_BASED_UNCOND_IO_EXITING;
2389 exec_control &= ~CPU_BASED_USE_IO_BITMAPS;
2392 * This bit will be computed in nested_get_vmcs12_pages, because
2393 * we do not have access to L1's MSR bitmap yet. For now, keep
2394 * the same bit as before, hoping to avoid multiple VMWRITEs that
2395 * only set/clear this bit.
2397 exec_control &= ~CPU_BASED_USE_MSR_BITMAPS;
2398 exec_control |= exec_controls_get(vmx) & CPU_BASED_USE_MSR_BITMAPS;
2400 exec_controls_set(vmx, exec_control);
2403 * SECONDARY EXEC CONTROLS
2405 if (cpu_has_secondary_exec_ctrls()) {
2406 exec_control = __secondary_exec_controls_get(vmcs01);
2408 /* Take the following fields only from vmcs12 */
2409 exec_control &= ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2410 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2411 SECONDARY_EXEC_ENABLE_INVPCID |
2412 SECONDARY_EXEC_ENABLE_RDTSCP |
2413 SECONDARY_EXEC_ENABLE_XSAVES |
2414 SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE |
2415 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2416 SECONDARY_EXEC_APIC_REGISTER_VIRT |
2417 SECONDARY_EXEC_ENABLE_VMFUNC |
2418 SECONDARY_EXEC_DESC);
2420 if (nested_cpu_has(vmcs12,
2421 CPU_BASED_ACTIVATE_SECONDARY_CONTROLS))
2422 exec_control |= vmcs12->secondary_vm_exec_control;
2424 /* PML is emulated and never enabled in hardware for L2. */
2425 exec_control &= ~SECONDARY_EXEC_ENABLE_PML;
2427 /* VMCS shadowing for L2 is emulated for now */
2428 exec_control &= ~SECONDARY_EXEC_SHADOW_VMCS;
2431 * Preset *DT exiting when emulating UMIP, so that vmx_set_cr4()
2432 * will not have to rewrite the controls just for this bit.
2434 if (vmx_umip_emulated() && (vmcs12->guest_cr4 & X86_CR4_UMIP))
2435 exec_control |= SECONDARY_EXEC_DESC;
2437 if (exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY)
2438 vmcs_write16(GUEST_INTR_STATUS,
2439 vmcs12->guest_intr_status);
2441 if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST))
2442 exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
2444 if (exec_control & SECONDARY_EXEC_ENCLS_EXITING)
2445 vmx_write_encls_bitmap(&vmx->vcpu, vmcs12);
2447 secondary_exec_controls_set(vmx, exec_control);
2453 * vmcs12's VM_{ENTRY,EXIT}_LOAD_IA32_EFER and VM_ENTRY_IA32E_MODE
2454 * are emulated by vmx_set_efer() in prepare_vmcs02(), but speculate
2455 * on the related bits (if supported by the CPU) in the hope that
2456 * we can avoid VMWrites during vmx_set_efer().
2458 * Similarly, take vmcs01's PERF_GLOBAL_CTRL in the hope that if KVM is
2459 * loading PERF_GLOBAL_CTRL via the VMCS for L1, then KVM will want to
2460 * do the same for L2.
2462 exec_control = __vm_entry_controls_get(vmcs01);
2463 exec_control |= (vmcs12->vm_entry_controls &
2464 ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL);
2465 exec_control &= ~(VM_ENTRY_IA32E_MODE | VM_ENTRY_LOAD_IA32_EFER);
2466 if (cpu_has_load_ia32_efer()) {
2467 if (guest_efer & EFER_LMA)
2468 exec_control |= VM_ENTRY_IA32E_MODE;
2469 if (guest_efer != kvm_host.efer)
2470 exec_control |= VM_ENTRY_LOAD_IA32_EFER;
2472 vm_entry_controls_set(vmx, exec_control);
2477 * L2->L1 exit controls are emulated - the hardware exit is to L0 so
2478 * we should use its exit controls. Note that VM_EXIT_LOAD_IA32_EFER
2479 * bits may be modified by vmx_set_efer() in prepare_vmcs02().
2481 exec_control = __vm_exit_controls_get(vmcs01);
2482 if (cpu_has_load_ia32_efer() && guest_efer != kvm_host.efer)
2483 exec_control |= VM_EXIT_LOAD_IA32_EFER;
2485 exec_control &= ~VM_EXIT_LOAD_IA32_EFER;
2486 vm_exit_controls_set(vmx, exec_control);
2489 * Interrupt/Exception Fields
2491 if (vmx->nested.nested_run_pending) {
2492 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
2493 vmcs12->vm_entry_intr_info_field);
2494 vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE,
2495 vmcs12->vm_entry_exception_error_code);
2496 vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
2497 vmcs12->vm_entry_instruction_len);
2498 vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
2499 vmcs12->guest_interruptibility_info);
2500 vmx->loaded_vmcs->nmi_known_unmasked =
2501 !(vmcs12->guest_interruptibility_info & GUEST_INTR_STATE_NMI);
2503 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0);
2507 static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
2509 struct hv_enlightened_vmcs *hv_evmcs = nested_vmx_evmcs(vmx);
2511 if (!hv_evmcs || !(hv_evmcs->hv_clean_fields &
2512 HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_GRP2)) {
2514 vmcs_write16(GUEST_ES_SELECTOR, vmcs12->guest_es_selector);
2515 vmcs_write16(GUEST_CS_SELECTOR, vmcs12->guest_cs_selector);
2516 vmcs_write16(GUEST_SS_SELECTOR, vmcs12->guest_ss_selector);
2517 vmcs_write16(GUEST_DS_SELECTOR, vmcs12->guest_ds_selector);
2518 vmcs_write16(GUEST_FS_SELECTOR, vmcs12->guest_fs_selector);
2519 vmcs_write16(GUEST_GS_SELECTOR, vmcs12->guest_gs_selector);
2520 vmcs_write16(GUEST_LDTR_SELECTOR, vmcs12->guest_ldtr_selector);
2521 vmcs_write16(GUEST_TR_SELECTOR, vmcs12->guest_tr_selector);
2522 vmcs_write32(GUEST_ES_LIMIT, vmcs12->guest_es_limit);
2523 vmcs_write32(GUEST_CS_LIMIT, vmcs12->guest_cs_limit);
2524 vmcs_write32(GUEST_SS_LIMIT, vmcs12->guest_ss_limit);
2525 vmcs_write32(GUEST_DS_LIMIT, vmcs12->guest_ds_limit);
2526 vmcs_write32(GUEST_FS_LIMIT, vmcs12->guest_fs_limit);
2527 vmcs_write32(GUEST_GS_LIMIT, vmcs12->guest_gs_limit);
2528 vmcs_write32(GUEST_LDTR_LIMIT, vmcs12->guest_ldtr_limit);
2529 vmcs_write32(GUEST_TR_LIMIT, vmcs12->guest_tr_limit);
2530 vmcs_write32(GUEST_GDTR_LIMIT, vmcs12->guest_gdtr_limit);
2531 vmcs_write32(GUEST_IDTR_LIMIT, vmcs12->guest_idtr_limit);
2532 vmcs_write32(GUEST_CS_AR_BYTES, vmcs12->guest_cs_ar_bytes);
2533 vmcs_write32(GUEST_SS_AR_BYTES, vmcs12->guest_ss_ar_bytes);
2534 vmcs_write32(GUEST_ES_AR_BYTES, vmcs12->guest_es_ar_bytes);
2535 vmcs_write32(GUEST_DS_AR_BYTES, vmcs12->guest_ds_ar_bytes);
2536 vmcs_write32(GUEST_FS_AR_BYTES, vmcs12->guest_fs_ar_bytes);
2537 vmcs_write32(GUEST_GS_AR_BYTES, vmcs12->guest_gs_ar_bytes);
2538 vmcs_write32(GUEST_LDTR_AR_BYTES, vmcs12->guest_ldtr_ar_bytes);
2539 vmcs_write32(GUEST_TR_AR_BYTES, vmcs12->guest_tr_ar_bytes);
2540 vmcs_writel(GUEST_ES_BASE, vmcs12->guest_es_base);
2541 vmcs_writel(GUEST_CS_BASE, vmcs12->guest_cs_base);
2542 vmcs_writel(GUEST_SS_BASE, vmcs12->guest_ss_base);
2543 vmcs_writel(GUEST_DS_BASE, vmcs12->guest_ds_base);
2544 vmcs_writel(GUEST_FS_BASE, vmcs12->guest_fs_base);
2545 vmcs_writel(GUEST_GS_BASE, vmcs12->guest_gs_base);
2546 vmcs_writel(GUEST_LDTR_BASE, vmcs12->guest_ldtr_base);
2547 vmcs_writel(GUEST_TR_BASE, vmcs12->guest_tr_base);
2548 vmcs_writel(GUEST_GDTR_BASE, vmcs12->guest_gdtr_base);
2549 vmcs_writel(GUEST_IDTR_BASE, vmcs12->guest_idtr_base);
2551 vmx_segment_cache_clear(vmx);
2554 if (!hv_evmcs || !(hv_evmcs->hv_clean_fields &
2555 HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_GRP1)) {
2556 vmcs_write32(GUEST_SYSENTER_CS, vmcs12->guest_sysenter_cs);
2557 vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS,
2558 vmcs12->guest_pending_dbg_exceptions);
2559 vmcs_writel(GUEST_SYSENTER_ESP, vmcs12->guest_sysenter_esp);
2560 vmcs_writel(GUEST_SYSENTER_EIP, vmcs12->guest_sysenter_eip);
2563 * L1 may access the L2's PDPTR, so save them to construct
2567 vmcs_write64(GUEST_PDPTR0, vmcs12->guest_pdptr0);
2568 vmcs_write64(GUEST_PDPTR1, vmcs12->guest_pdptr1);
2569 vmcs_write64(GUEST_PDPTR2, vmcs12->guest_pdptr2);
2570 vmcs_write64(GUEST_PDPTR3, vmcs12->guest_pdptr3);
2573 if (kvm_mpx_supported() && vmx->nested.nested_run_pending &&
2574 (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
2575 vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
2578 if (nested_cpu_has_xsaves(vmcs12))
2579 vmcs_write64(XSS_EXIT_BITMAP, vmcs12->xss_exit_bitmap);
2582 * Whether page-faults are trapped is determined by a combination of
2583 * 3 settings: PFEC_MASK, PFEC_MATCH and EXCEPTION_BITMAP.PF. If L0
2584 * doesn't care about page faults then we should set all of these to
2585 * L1's desires. However, if L0 does care about (some) page faults, it
2586 * is not easy (if at all possible?) to merge L0 and L1's desires, we
2587 * simply ask to exit on each and every L2 page fault. This is done by
2588 * setting MASK=MATCH=0 and (see below) EB.PF=1.
2589 * Note that below we don't need special code to set EB.PF beyond the
2590 * "or"ing of the EB of vmcs01 and vmcs12, because when enable_ept,
2591 * vmcs01's EB.PF is 0 so the "or" will take vmcs12's value, and when
2592 * !enable_ept, EB.PF is 1, so the "or" will always be 1.
2594 if (vmx_need_pf_intercept(&vmx->vcpu)) {
2596 * TODO: if both L0 and L1 need the same MASK and MATCH,
2597 * go ahead and use it?
2599 vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, 0);
2600 vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, 0);
2602 vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, vmcs12->page_fault_error_code_mask);
2603 vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, vmcs12->page_fault_error_code_match);
2606 if (cpu_has_vmx_apicv()) {
2607 vmcs_write64(EOI_EXIT_BITMAP0, vmcs12->eoi_exit_bitmap0);
2608 vmcs_write64(EOI_EXIT_BITMAP1, vmcs12->eoi_exit_bitmap1);
2609 vmcs_write64(EOI_EXIT_BITMAP2, vmcs12->eoi_exit_bitmap2);
2610 vmcs_write64(EOI_EXIT_BITMAP3, vmcs12->eoi_exit_bitmap3);
2614 * Make sure the msr_autostore list is up to date before we set the
2615 * count in the vmcs02.
2617 prepare_vmx_msr_autostore_list(&vmx->vcpu, MSR_IA32_TSC);
2619 vmcs_write32(VM_EXIT_MSR_STORE_COUNT, vmx->msr_autostore.guest.nr);
2620 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr);
2621 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
2623 set_cr4_guest_host_mask(vmx);
2627 * prepare_vmcs02 is called when the L1 guest hypervisor runs its nested
2628 * L2 guest. L1 has a vmcs for L2 (vmcs12), and this function "merges" it
2629 * with L0's requirements for its guest (a.k.a. vmcs01), so we can run the L2
2630 * guest in a way that will both be appropriate to L1's requests, and our
2631 * needs. In addition to modifying the active vmcs (which is vmcs02), this
2632 * function also has additional necessary side-effects, like setting various
2633 * vcpu->arch fields.
2634 * Returns 0 on success, 1 on failure. Invalid state exit qualification code
2635 * is assigned to entry_failure_code on failure.
2637 static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
2639 enum vm_entry_failure_code *entry_failure_code)
2641 struct vcpu_vmx *vmx = to_vmx(vcpu);
2642 struct hv_enlightened_vmcs *evmcs = nested_vmx_evmcs(vmx);
2643 bool load_guest_pdptrs_vmcs12 = false;
2645 if (vmx->nested.dirty_vmcs12 || nested_vmx_is_evmptr12_valid(vmx)) {
2646 prepare_vmcs02_rare(vmx, vmcs12);
2647 vmx->nested.dirty_vmcs12 = false;
2649 load_guest_pdptrs_vmcs12 = !nested_vmx_is_evmptr12_valid(vmx) ||
2650 !(evmcs->hv_clean_fields & HV_VMX_ENLIGHTENED_CLEAN_FIELD_GUEST_GRP1);
2653 if (vmx->nested.nested_run_pending &&
2654 (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS)) {
2655 kvm_set_dr(vcpu, 7, vmcs12->guest_dr7);
2656 vmcs_write64(GUEST_IA32_DEBUGCTL, vmcs12->guest_ia32_debugctl);
2658 kvm_set_dr(vcpu, 7, vcpu->arch.dr7);
2659 vmcs_write64(GUEST_IA32_DEBUGCTL, vmx->nested.pre_vmenter_debugctl);
2661 if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending ||
2662 !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
2663 vmcs_write64(GUEST_BNDCFGS, vmx->nested.pre_vmenter_bndcfgs);
2664 vmx_set_rflags(vcpu, vmcs12->guest_rflags);
2666 /* EXCEPTION_BITMAP and CR0_GUEST_HOST_MASK should basically be the
2667 * bitwise-or of what L1 wants to trap for L2, and what we want to
2668 * trap. Note that CR0.TS also needs updating - we do this later.
2670 vmx_update_exception_bitmap(vcpu);
2671 vcpu->arch.cr0_guest_owned_bits &= ~vmcs12->cr0_guest_host_mask;
2672 vmcs_writel(CR0_GUEST_HOST_MASK, ~vcpu->arch.cr0_guest_owned_bits);
2674 if (vmx->nested.nested_run_pending &&
2675 (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PAT)) {
2676 vmcs_write64(GUEST_IA32_PAT, vmcs12->guest_ia32_pat);
2677 vcpu->arch.pat = vmcs12->guest_ia32_pat;
2678 } else if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) {
2679 vmcs_write64(GUEST_IA32_PAT, vmx->vcpu.arch.pat);
2682 vcpu->arch.tsc_offset = kvm_calc_nested_tsc_offset(
2683 vcpu->arch.l1_tsc_offset,
2684 vmx_get_l2_tsc_offset(vcpu),
2685 vmx_get_l2_tsc_multiplier(vcpu));
2687 vcpu->arch.tsc_scaling_ratio = kvm_calc_nested_tsc_multiplier(
2688 vcpu->arch.l1_tsc_scaling_ratio,
2689 vmx_get_l2_tsc_multiplier(vcpu));
2691 vmcs_write64(TSC_OFFSET, vcpu->arch.tsc_offset);
2692 if (kvm_caps.has_tsc_control)
2693 vmcs_write64(TSC_MULTIPLIER, vcpu->arch.tsc_scaling_ratio);
2695 nested_vmx_transition_tlb_flush(vcpu, vmcs12, true);
2697 if (nested_cpu_has_ept(vmcs12))
2698 nested_ept_init_mmu_context(vcpu);
2701 * Override the CR0/CR4 read shadows after setting the effective guest
2702 * CR0/CR4. The common helpers also set the shadows, but they don't
2703 * account for vmcs12's cr0/4_guest_host_mask.
2705 vmx_set_cr0(vcpu, vmcs12->guest_cr0);
2706 vmcs_writel(CR0_READ_SHADOW, nested_read_cr0(vmcs12));
2708 vmx_set_cr4(vcpu, vmcs12->guest_cr4);
2709 vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12));
2711 vcpu->arch.efer = nested_vmx_calc_efer(vmx, vmcs12);
2712 /* Note: may modify VM_ENTRY/EXIT_CONTROLS and GUEST/HOST_IA32_EFER */
2713 vmx_set_efer(vcpu, vcpu->arch.efer);
2716 * Guest state is invalid and unrestricted guest is disabled,
2717 * which means L1 attempted VMEntry to L2 with invalid state.
2720 * However when force loading the guest state (SMM exit or
2721 * loading nested state after migration, it is possible to
2722 * have invalid guest state now, which will be later fixed by
2723 * restoring L2 register state
2725 if (CC(from_vmentry && !vmx_guest_state_valid(vcpu))) {
2726 *entry_failure_code = ENTRY_FAIL_DEFAULT;
2730 /* Shadow page tables on either EPT or shadow page tables. */
2731 if (nested_vmx_load_cr3(vcpu, vmcs12->guest_cr3, nested_cpu_has_ept(vmcs12),
2732 from_vmentry, entry_failure_code))
2736 * Immediately write vmcs02.GUEST_CR3. It will be propagated to vmcs12
2737 * on nested VM-Exit, which can occur without actually running L2 and
2738 * thus without hitting vmx_load_mmu_pgd(), e.g. if L1 is entering L2 with
2739 * vmcs12.GUEST_ACTIVITYSTATE=HLT, in which case KVM will intercept the
2740 * transition to HLT instead of running L2.
2743 vmcs_writel(GUEST_CR3, vmcs12->guest_cr3);
2745 /* Late preparation of GUEST_PDPTRs now that EFER and CRs are set. */
2746 if (load_guest_pdptrs_vmcs12 && nested_cpu_has_ept(vmcs12) &&
2747 is_pae_paging(vcpu)) {
2748 vmcs_write64(GUEST_PDPTR0, vmcs12->guest_pdptr0);
2749 vmcs_write64(GUEST_PDPTR1, vmcs12->guest_pdptr1);
2750 vmcs_write64(GUEST_PDPTR2, vmcs12->guest_pdptr2);
2751 vmcs_write64(GUEST_PDPTR3, vmcs12->guest_pdptr3);
2754 if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) &&
2755 kvm_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu)) &&
2756 WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL,
2757 vmcs12->guest_ia32_perf_global_ctrl))) {
2758 *entry_failure_code = ENTRY_FAIL_DEFAULT;
2762 kvm_rsp_write(vcpu, vmcs12->guest_rsp);
2763 kvm_rip_write(vcpu, vmcs12->guest_rip);
2766 * It was observed that genuine Hyper-V running in L1 doesn't reset
2767 * 'hv_clean_fields' by itself, it only sets the corresponding dirty
2768 * bits when it changes a field in eVMCS. Mark all fields as clean
2771 if (nested_vmx_is_evmptr12_valid(vmx))
2772 evmcs->hv_clean_fields |= HV_VMX_ENLIGHTENED_CLEAN_FIELD_ALL;
2777 static int nested_vmx_check_nmi_controls(struct vmcs12 *vmcs12)
2779 if (CC(!nested_cpu_has_nmi_exiting(vmcs12) &&
2780 nested_cpu_has_virtual_nmis(vmcs12)))
2783 if (CC(!nested_cpu_has_virtual_nmis(vmcs12) &&
2784 nested_cpu_has(vmcs12, CPU_BASED_NMI_WINDOW_EXITING)))
2790 static bool nested_vmx_check_eptp(struct kvm_vcpu *vcpu, u64 new_eptp)
2792 struct vcpu_vmx *vmx = to_vmx(vcpu);
2794 /* Check for memory type validity */
2795 switch (new_eptp & VMX_EPTP_MT_MASK) {
2796 case VMX_EPTP_MT_UC:
2797 if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPTP_UC_BIT)))
2800 case VMX_EPTP_MT_WB:
2801 if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPTP_WB_BIT)))
2808 /* Page-walk levels validity. */
2809 switch (new_eptp & VMX_EPTP_PWL_MASK) {
2810 case VMX_EPTP_PWL_5:
2811 if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPT_PAGE_WALK_5_BIT)))
2814 case VMX_EPTP_PWL_4:
2815 if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPT_PAGE_WALK_4_BIT)))
2822 /* Reserved bits should not be set */
2823 if (CC(!kvm_vcpu_is_legal_gpa(vcpu, new_eptp) || ((new_eptp >> 7) & 0x1f)))
2826 /* AD, if set, should be supported */
2827 if (new_eptp & VMX_EPTP_AD_ENABLE_BIT) {
2828 if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPT_AD_BIT)))
2836 * Checks related to VM-Execution Control Fields
2838 static int nested_check_vm_execution_controls(struct kvm_vcpu *vcpu,
2839 struct vmcs12 *vmcs12)
2841 struct vcpu_vmx *vmx = to_vmx(vcpu);
2843 if (CC(!vmx_control_verify(vmcs12->pin_based_vm_exec_control,
2844 vmx->nested.msrs.pinbased_ctls_low,
2845 vmx->nested.msrs.pinbased_ctls_high)) ||
2846 CC(!vmx_control_verify(vmcs12->cpu_based_vm_exec_control,
2847 vmx->nested.msrs.procbased_ctls_low,
2848 vmx->nested.msrs.procbased_ctls_high)))
2851 if (nested_cpu_has(vmcs12, CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) &&
2852 CC(!vmx_control_verify(vmcs12->secondary_vm_exec_control,
2853 vmx->nested.msrs.secondary_ctls_low,
2854 vmx->nested.msrs.secondary_ctls_high)))
2857 if (CC(vmcs12->cr3_target_count > nested_cpu_vmx_misc_cr3_count(vcpu)) ||
2858 nested_vmx_check_io_bitmap_controls(vcpu, vmcs12) ||
2859 nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12) ||
2860 nested_vmx_check_tpr_shadow_controls(vcpu, vmcs12) ||
2861 nested_vmx_check_apic_access_controls(vcpu, vmcs12) ||
2862 nested_vmx_check_apicv_controls(vcpu, vmcs12) ||
2863 nested_vmx_check_nmi_controls(vmcs12) ||
2864 nested_vmx_check_pml_controls(vcpu, vmcs12) ||
2865 nested_vmx_check_unrestricted_guest_controls(vcpu, vmcs12) ||
2866 nested_vmx_check_mode_based_ept_exec_controls(vcpu, vmcs12) ||
2867 nested_vmx_check_shadow_vmcs_controls(vcpu, vmcs12) ||
2868 CC(nested_cpu_has_vpid(vmcs12) && !vmcs12->virtual_processor_id))
2871 if (!nested_cpu_has_preemption_timer(vmcs12) &&
2872 nested_cpu_has_save_preemption_timer(vmcs12))
2875 if (nested_cpu_has_ept(vmcs12) &&
2876 CC(!nested_vmx_check_eptp(vcpu, vmcs12->ept_pointer)))
2879 if (nested_cpu_has_vmfunc(vmcs12)) {
2880 if (CC(vmcs12->vm_function_control &
2881 ~vmx->nested.msrs.vmfunc_controls))
2884 if (nested_cpu_has_eptp_switching(vmcs12)) {
2885 if (CC(!nested_cpu_has_ept(vmcs12)) ||
2886 CC(!page_address_valid(vcpu, vmcs12->eptp_list_address)))
2895 * Checks related to VM-Exit Control Fields
2897 static int nested_check_vm_exit_controls(struct kvm_vcpu *vcpu,
2898 struct vmcs12 *vmcs12)
2900 struct vcpu_vmx *vmx = to_vmx(vcpu);
2902 if (CC(!vmx_control_verify(vmcs12->vm_exit_controls,
2903 vmx->nested.msrs.exit_ctls_low,
2904 vmx->nested.msrs.exit_ctls_high)) ||
2905 CC(nested_vmx_check_exit_msr_switch_controls(vcpu, vmcs12)))
2912 * Checks related to VM-Entry Control Fields
2914 static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
2915 struct vmcs12 *vmcs12)
2917 struct vcpu_vmx *vmx = to_vmx(vcpu);
2919 if (CC(!vmx_control_verify(vmcs12->vm_entry_controls,
2920 vmx->nested.msrs.entry_ctls_low,
2921 vmx->nested.msrs.entry_ctls_high)))
2925 * From the Intel SDM, volume 3:
2926 * Fields relevant to VM-entry event injection must be set properly.
2927 * These fields are the VM-entry interruption-information field, the
2928 * VM-entry exception error code, and the VM-entry instruction length.
2930 if (vmcs12->vm_entry_intr_info_field & INTR_INFO_VALID_MASK) {
2931 u32 intr_info = vmcs12->vm_entry_intr_info_field;
2932 u8 vector = intr_info & INTR_INFO_VECTOR_MASK;
2933 u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK;
2934 bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK;
2935 bool should_have_error_code;
2936 bool urg = nested_cpu_has2(vmcs12,
2937 SECONDARY_EXEC_UNRESTRICTED_GUEST);
2938 bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE;
2940 /* VM-entry interruption-info field: interruption type */
2941 if (CC(intr_type == INTR_TYPE_RESERVED) ||
2942 CC(intr_type == INTR_TYPE_OTHER_EVENT &&
2943 !nested_cpu_supports_monitor_trap_flag(vcpu)))
2946 /* VM-entry interruption-info field: vector */
2947 if (CC(intr_type == INTR_TYPE_NMI_INTR && vector != NMI_VECTOR) ||
2948 CC(intr_type == INTR_TYPE_HARD_EXCEPTION && vector > 31) ||
2949 CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0))
2952 /* VM-entry interruption-info field: deliver error code */
2953 should_have_error_code =
2954 intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode &&
2955 x86_exception_has_error_code(vector);
2956 if (CC(has_error_code != should_have_error_code))
2959 /* VM-entry exception error code */
2960 if (CC(has_error_code &&
2961 vmcs12->vm_entry_exception_error_code & GENMASK(31, 16)))
2964 /* VM-entry interruption-info field: reserved bits */
2965 if (CC(intr_info & INTR_INFO_RESVD_BITS_MASK))
2968 /* VM-entry instruction length */
2969 switch (intr_type) {
2970 case INTR_TYPE_SOFT_EXCEPTION:
2971 case INTR_TYPE_SOFT_INTR:
2972 case INTR_TYPE_PRIV_SW_EXCEPTION:
2973 if (CC(vmcs12->vm_entry_instruction_len > 15) ||
2974 CC(vmcs12->vm_entry_instruction_len == 0 &&
2975 CC(!nested_cpu_has_zero_length_injection(vcpu))))
2980 if (nested_vmx_check_entry_msr_switch_controls(vcpu, vmcs12))
2986 static int nested_vmx_check_controls(struct kvm_vcpu *vcpu,
2987 struct vmcs12 *vmcs12)
2989 if (nested_check_vm_execution_controls(vcpu, vmcs12) ||
2990 nested_check_vm_exit_controls(vcpu, vmcs12) ||
2991 nested_check_vm_entry_controls(vcpu, vmcs12))
2994 #ifdef CONFIG_KVM_HYPERV
2995 if (guest_cpuid_has_evmcs(vcpu))
2996 return nested_evmcs_check_controls(vmcs12);
3002 static int nested_vmx_check_address_space_size(struct kvm_vcpu *vcpu,
3003 struct vmcs12 *vmcs12)
3005 #ifdef CONFIG_X86_64
3006 if (CC(!!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) !=
3007 !!(vcpu->arch.efer & EFER_LMA)))
3013 static bool is_l1_noncanonical_address_on_vmexit(u64 la, struct vmcs12 *vmcs12)
3016 * Check that the given linear address is canonical after a VM exit
3017 * from L2, based on HOST_CR4.LA57 value that will be loaded for L1.
3019 u8 l1_address_bits_on_exit = (vmcs12->host_cr4 & X86_CR4_LA57) ? 57 : 48;
3021 return !__is_canonical_address(la, l1_address_bits_on_exit);
3024 static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu,
3025 struct vmcs12 *vmcs12)
3027 bool ia32e = !!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE);
3029 if (CC(!nested_host_cr0_valid(vcpu, vmcs12->host_cr0)) ||
3030 CC(!nested_host_cr4_valid(vcpu, vmcs12->host_cr4)) ||
3031 CC(!kvm_vcpu_is_legal_cr3(vcpu, vmcs12->host_cr3)))
3034 if (CC(is_noncanonical_msr_address(vmcs12->host_ia32_sysenter_esp, vcpu)) ||
3035 CC(is_noncanonical_msr_address(vmcs12->host_ia32_sysenter_eip, vcpu)))
3038 if ((vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PAT) &&
3039 CC(!kvm_pat_valid(vmcs12->host_ia32_pat)))
3042 if ((vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) &&
3043 CC(!kvm_valid_perf_global_ctrl(vcpu_to_pmu(vcpu),
3044 vmcs12->host_ia32_perf_global_ctrl)))
3048 if (CC(!(vmcs12->host_cr4 & X86_CR4_PAE)))
3051 if (CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) ||
3052 CC(vmcs12->host_cr4 & X86_CR4_PCIDE) ||
3053 CC((vmcs12->host_rip) >> 32))
3057 if (CC(vmcs12->host_cs_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3058 CC(vmcs12->host_ss_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3059 CC(vmcs12->host_ds_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3060 CC(vmcs12->host_es_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3061 CC(vmcs12->host_fs_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3062 CC(vmcs12->host_gs_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3063 CC(vmcs12->host_tr_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
3064 CC(vmcs12->host_cs_selector == 0) ||
3065 CC(vmcs12->host_tr_selector == 0) ||
3066 CC(vmcs12->host_ss_selector == 0 && !ia32e))
3069 if (CC(is_noncanonical_base_address(vmcs12->host_fs_base, vcpu)) ||
3070 CC(is_noncanonical_base_address(vmcs12->host_gs_base, vcpu)) ||
3071 CC(is_noncanonical_base_address(vmcs12->host_gdtr_base, vcpu)) ||
3072 CC(is_noncanonical_base_address(vmcs12->host_idtr_base, vcpu)) ||
3073 CC(is_noncanonical_base_address(vmcs12->host_tr_base, vcpu)) ||
3074 CC(is_l1_noncanonical_address_on_vmexit(vmcs12->host_rip, vmcs12)))
3078 * If the load IA32_EFER VM-exit control is 1, bits reserved in the
3079 * IA32_EFER MSR must be 0 in the field for that register. In addition,
3080 * the values of the LMA and LME bits in the field must each be that of
3081 * the host address-space size VM-exit control.
3083 if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_EFER) {
3084 if (CC(!kvm_valid_efer(vcpu, vmcs12->host_ia32_efer)) ||
3085 CC(ia32e != !!(vmcs12->host_ia32_efer & EFER_LMA)) ||
3086 CC(ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)))
3093 static int nested_vmx_check_vmcs_link_ptr(struct kvm_vcpu *vcpu,
3094 struct vmcs12 *vmcs12)
3096 struct vcpu_vmx *vmx = to_vmx(vcpu);
3097 struct gfn_to_hva_cache *ghc = &vmx->nested.shadow_vmcs12_cache;
3098 struct vmcs_hdr hdr;
3100 if (vmcs12->vmcs_link_pointer == INVALID_GPA)
3103 if (CC(!page_address_valid(vcpu, vmcs12->vmcs_link_pointer)))
3106 if (ghc->gpa != vmcs12->vmcs_link_pointer &&
3107 CC(kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc,
3108 vmcs12->vmcs_link_pointer, VMCS12_SIZE)))
3111 if (CC(kvm_read_guest_offset_cached(vcpu->kvm, ghc, &hdr,
3112 offsetof(struct vmcs12, hdr),
3116 if (CC(hdr.revision_id != VMCS12_REVISION) ||
3117 CC(hdr.shadow_vmcs != nested_cpu_has_shadow_vmcs(vmcs12)))
3124 * Checks related to Guest Non-register State
3126 static int nested_check_guest_non_reg_state(struct vmcs12 *vmcs12)
3128 if (CC(vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE &&
3129 vmcs12->guest_activity_state != GUEST_ACTIVITY_HLT &&
3130 vmcs12->guest_activity_state != GUEST_ACTIVITY_WAIT_SIPI))
3136 static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu,
3137 struct vmcs12 *vmcs12,
3138 enum vm_entry_failure_code *entry_failure_code)
3140 bool ia32e = !!(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE);
3142 *entry_failure_code = ENTRY_FAIL_DEFAULT;
3144 if (CC(!nested_guest_cr0_valid(vcpu, vmcs12->guest_cr0)) ||
3145 CC(!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4)))
3148 if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS) &&
3149 CC(!kvm_dr7_valid(vmcs12->guest_dr7)))
3152 if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PAT) &&
3153 CC(!kvm_pat_valid(vmcs12->guest_ia32_pat)))
3156 if (nested_vmx_check_vmcs_link_ptr(vcpu, vmcs12)) {
3157 *entry_failure_code = ENTRY_FAIL_VMCS_LINK_PTR;
3161 if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) &&
3162 CC(!kvm_valid_perf_global_ctrl(vcpu_to_pmu(vcpu),
3163 vmcs12->guest_ia32_perf_global_ctrl)))
3166 if (CC((vmcs12->guest_cr0 & (X86_CR0_PG | X86_CR0_PE)) == X86_CR0_PG))
3169 if (CC(ia32e && !(vmcs12->guest_cr4 & X86_CR4_PAE)) ||
3170 CC(ia32e && !(vmcs12->guest_cr0 & X86_CR0_PG)))
3174 * If the load IA32_EFER VM-entry control is 1, the following checks
3175 * are performed on the field for the IA32_EFER MSR:
3176 * - Bits reserved in the IA32_EFER MSR must be 0.
3177 * - Bit 10 (corresponding to IA32_EFER.LMA) must equal the value of
3178 * the IA-32e mode guest VM-exit control. It must also be identical
3179 * to bit 8 (LME) if bit 31 in the CR0 field (corresponding to
3182 if (to_vmx(vcpu)->nested.nested_run_pending &&
3183 (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)) {
3184 if (CC(!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer)) ||
3185 CC(ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA)) ||
3186 CC(((vmcs12->guest_cr0 & X86_CR0_PG) &&
3187 ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME))))
3191 if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&
3192 (CC(is_noncanonical_msr_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu)) ||
3193 CC((vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD))))
3196 if (nested_check_guest_non_reg_state(vmcs12))
3202 static int nested_vmx_check_vmentry_hw(struct kvm_vcpu *vcpu)
3204 struct vcpu_vmx *vmx = to_vmx(vcpu);
3205 unsigned long cr3, cr4;
3208 if (!nested_early_check)
3211 if (vmx->msr_autoload.host.nr)
3212 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
3213 if (vmx->msr_autoload.guest.nr)
3214 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
3218 vmx_prepare_switch_to_guest(vcpu);
3221 * Induce a consistency check VMExit by clearing bit 1 in GUEST_RFLAGS,
3222 * which is reserved to '1' by hardware. GUEST_RFLAGS is guaranteed to
3223 * be written (by prepare_vmcs02()) before the "real" VMEnter, i.e.
3224 * there is no need to preserve other bits or save/restore the field.
3226 vmcs_writel(GUEST_RFLAGS, 0);
3228 cr3 = __get_current_cr3_fast();
3229 if (unlikely(cr3 != vmx->loaded_vmcs->host_state.cr3)) {
3230 vmcs_writel(HOST_CR3, cr3);
3231 vmx->loaded_vmcs->host_state.cr3 = cr3;
3234 cr4 = cr4_read_shadow();
3235 if (unlikely(cr4 != vmx->loaded_vmcs->host_state.cr4)) {
3236 vmcs_writel(HOST_CR4, cr4);
3237 vmx->loaded_vmcs->host_state.cr4 = cr4;
3240 vm_fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs,
3241 __vmx_vcpu_run_flags(vmx));
3243 if (vmx->msr_autoload.host.nr)
3244 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr);
3245 if (vmx->msr_autoload.guest.nr)
3246 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
3249 u32 error = vmcs_read32(VM_INSTRUCTION_ERROR);
3253 trace_kvm_nested_vmenter_failed(
3254 "early hardware check VM-instruction error: ", error);
3255 WARN_ON_ONCE(error != VMXERR_ENTRY_INVALID_CONTROL_FIELD);
3260 * VMExit clears RFLAGS.IF and DR7, even on a consistency check.
3262 if (hw_breakpoint_active())
3263 set_debugreg(__this_cpu_read(cpu_dr7), 7);
3268 * A non-failing VMEntry means we somehow entered guest mode with
3269 * an illegal RIP, and that's just the tip of the iceberg. There
3270 * is no telling what memory has been modified or what state has
3271 * been exposed to unknown code. Hitting this all but guarantees
3272 * a (very critical) hardware issue.
3274 WARN_ON(!(vmcs_read32(VM_EXIT_REASON) &
3275 VMX_EXIT_REASONS_FAILED_VMENTRY));
3280 #ifdef CONFIG_KVM_HYPERV
3281 static bool nested_get_evmcs_page(struct kvm_vcpu *vcpu)
3283 struct vcpu_vmx *vmx = to_vmx(vcpu);
3286 * hv_evmcs may end up being not mapped after migration (when
3287 * L2 was running), map it here to make sure vmcs12 changes are
3288 * properly reflected.
3290 if (guest_cpuid_has_evmcs(vcpu) &&
3291 vmx->nested.hv_evmcs_vmptr == EVMPTR_MAP_PENDING) {
3292 enum nested_evmptrld_status evmptrld_status =
3293 nested_vmx_handle_enlightened_vmptrld(vcpu, false);
3295 if (evmptrld_status == EVMPTRLD_VMFAIL ||
3296 evmptrld_status == EVMPTRLD_ERROR)
3300 * Post migration VMCS12 always provides the most actual
3301 * information, copy it to eVMCS upon entry.
3303 vmx->nested.need_vmcs12_to_shadow_sync = true;
3310 static bool nested_get_vmcs12_pages(struct kvm_vcpu *vcpu)
3312 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
3313 struct vcpu_vmx *vmx = to_vmx(vcpu);
3314 struct kvm_host_map *map;
3316 if (!vcpu->arch.pdptrs_from_userspace &&
3317 !nested_cpu_has_ept(vmcs12) && is_pae_paging(vcpu)) {
3319 * Reload the guest's PDPTRs since after a migration
3320 * the guest CR3 might be restored prior to setting the nested
3321 * state which can lead to a load of wrong PDPTRs.
3323 if (CC(!load_pdptrs(vcpu, vcpu->arch.cr3)))
3328 if (nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
3329 map = &vmx->nested.apic_access_page_map;
3331 if (!kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->apic_access_addr), map)) {
3332 vmcs_write64(APIC_ACCESS_ADDR, pfn_to_hpa(map->pfn));
3334 pr_debug_ratelimited("%s: no backing for APIC-access address in vmcs12\n",
3336 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
3337 vcpu->run->internal.suberror =
3338 KVM_INTERNAL_ERROR_EMULATION;
3339 vcpu->run->internal.ndata = 0;
3344 if (nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) {
3345 map = &vmx->nested.virtual_apic_map;
3347 if (!kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->virtual_apic_page_addr), map)) {
3348 vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, pfn_to_hpa(map->pfn));
3349 } else if (nested_cpu_has(vmcs12, CPU_BASED_CR8_LOAD_EXITING) &&
3350 nested_cpu_has(vmcs12, CPU_BASED_CR8_STORE_EXITING) &&
3351 !nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {
3353 * The processor will never use the TPR shadow, simply
3354 * clear the bit from the execution control. Such a
3355 * configuration is useless, but it happens in tests.
3356 * For any other configuration, failing the vm entry is
3357 * _not_ what the processor does but it's basically the
3358 * only possibility we have.
3360 exec_controls_clearbit(vmx, CPU_BASED_TPR_SHADOW);
3363 * Write an illegal value to VIRTUAL_APIC_PAGE_ADDR to
3364 * force VM-Entry to fail.
3366 vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, INVALID_GPA);
3370 if (nested_cpu_has_posted_intr(vmcs12)) {
3371 map = &vmx->nested.pi_desc_map;
3373 if (!kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->posted_intr_desc_addr), map)) {
3374 vmx->nested.pi_desc =
3375 (struct pi_desc *)(((void *)map->hva) +
3376 offset_in_page(vmcs12->posted_intr_desc_addr));
3377 vmcs_write64(POSTED_INTR_DESC_ADDR,
3378 pfn_to_hpa(map->pfn) + offset_in_page(vmcs12->posted_intr_desc_addr));
3381 * Defer the KVM_INTERNAL_EXIT until KVM tries to
3382 * access the contents of the VMCS12 posted interrupt
3383 * descriptor. (Note that KVM may do this when it
3384 * should not, per the architectural specification.)
3386 vmx->nested.pi_desc = NULL;
3387 pin_controls_clearbit(vmx, PIN_BASED_POSTED_INTR);
3390 if (nested_vmx_prepare_msr_bitmap(vcpu, vmcs12))
3391 exec_controls_setbit(vmx, CPU_BASED_USE_MSR_BITMAPS);
3393 exec_controls_clearbit(vmx, CPU_BASED_USE_MSR_BITMAPS);
3398 static bool vmx_get_nested_state_pages(struct kvm_vcpu *vcpu)
3400 #ifdef CONFIG_KVM_HYPERV
3402 * Note: nested_get_evmcs_page() also updates 'vp_assist_page' copy
3403 * in 'struct kvm_vcpu_hv' in case eVMCS is in use, this is mandatory
3404 * to make nested_evmcs_l2_tlb_flush_enabled() work correctly post
3407 if (!nested_get_evmcs_page(vcpu)) {
3408 pr_debug_ratelimited("%s: enlightened vmptrld failed\n",
3410 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
3411 vcpu->run->internal.suberror =
3412 KVM_INTERNAL_ERROR_EMULATION;
3413 vcpu->run->internal.ndata = 0;
3419 if (is_guest_mode(vcpu) && !nested_get_vmcs12_pages(vcpu))
3425 static int nested_vmx_write_pml_buffer(struct kvm_vcpu *vcpu, gpa_t gpa)
3427 struct vmcs12 *vmcs12;
3428 struct vcpu_vmx *vmx = to_vmx(vcpu);
3431 if (WARN_ON_ONCE(!is_guest_mode(vcpu)))
3434 if (WARN_ON_ONCE(vmx->nested.pml_full))
3438 * Check if PML is enabled for the nested guest. Whether eptp bit 6 is
3439 * set is already checked as part of A/D emulation.
3441 vmcs12 = get_vmcs12(vcpu);
3442 if (!nested_cpu_has_pml(vmcs12))
3445 if (vmcs12->guest_pml_index >= PML_ENTITY_NUM) {
3446 vmx->nested.pml_full = true;
3451 dst = vmcs12->pml_address + sizeof(u64) * vmcs12->guest_pml_index;
3453 if (kvm_write_guest_page(vcpu->kvm, gpa_to_gfn(dst), &gpa,
3454 offset_in_page(dst), sizeof(gpa)))
3457 vmcs12->guest_pml_index--;
3463 * Intel's VMX Instruction Reference specifies a common set of prerequisites
3464 * for running VMX instructions (except VMXON, whose prerequisites are
3465 * slightly different). It also specifies what exception to inject otherwise.
3466 * Note that many of these exceptions have priority over VM exits, so they
3467 * don't have to be checked again here.
3469 static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
3471 if (!to_vmx(vcpu)->nested.vmxon) {
3472 kvm_queue_exception(vcpu, UD_VECTOR);
3476 if (vmx_get_cpl(vcpu)) {
3477 kvm_inject_gp(vcpu, 0);
3484 static u8 vmx_has_apicv_interrupt(struct kvm_vcpu *vcpu)
3486 u8 rvi = vmx_get_rvi();
3487 u8 vppr = kvm_lapic_get_reg(vcpu->arch.apic, APIC_PROCPRI);
3489 return ((rvi & 0xf0) > (vppr & 0xf0));
3492 static void load_vmcs12_host_state(struct kvm_vcpu *vcpu,
3493 struct vmcs12 *vmcs12);
3496 * If from_vmentry is false, this is being called from state restore (either RSM
3497 * or KVM_SET_NESTED_STATE). Otherwise it's called from vmlaunch/vmresume.
3500 * NVMX_VMENTRY_SUCCESS: Entered VMX non-root mode
3501 * NVMX_VMENTRY_VMFAIL: Consistency check VMFail
3502 * NVMX_VMENTRY_VMEXIT: Consistency check VMExit
3503 * NVMX_VMENTRY_KVM_INTERNAL_ERROR: KVM internal error
3505 enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
3508 struct vcpu_vmx *vmx = to_vmx(vcpu);
3509 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
3510 enum vm_entry_failure_code entry_failure_code;
3511 bool evaluate_pending_interrupts;
3512 union vmx_exit_reason exit_reason = {
3513 .basic = EXIT_REASON_INVALID_STATE,
3514 .failed_vmentry = 1,
3518 trace_kvm_nested_vmenter(kvm_rip_read(vcpu),
3519 vmx->nested.current_vmptr,
3521 vmcs12->guest_intr_status,
3522 vmcs12->vm_entry_intr_info_field,
3523 vmcs12->secondary_vm_exec_control & SECONDARY_EXEC_ENABLE_EPT,
3524 vmcs12->ept_pointer,
3528 kvm_service_local_tlb_flush_requests(vcpu);
3530 evaluate_pending_interrupts = exec_controls_get(vmx) &
3531 (CPU_BASED_INTR_WINDOW_EXITING | CPU_BASED_NMI_WINDOW_EXITING);
3532 if (likely(!evaluate_pending_interrupts) && kvm_vcpu_apicv_active(vcpu))
3533 evaluate_pending_interrupts |= vmx_has_apicv_interrupt(vcpu);
3534 if (!evaluate_pending_interrupts)
3535 evaluate_pending_interrupts |= kvm_apic_has_pending_init_or_sipi(vcpu);
3537 if (!vmx->nested.nested_run_pending ||
3538 !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
3539 vmx->nested.pre_vmenter_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
3540 if (kvm_mpx_supported() &&
3541 (!vmx->nested.nested_run_pending ||
3542 !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
3543 vmx->nested.pre_vmenter_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
3546 * Overwrite vmcs01.GUEST_CR3 with L1's CR3 if EPT is disabled *and*
3547 * nested early checks are disabled. In the event of a "late" VM-Fail,
3548 * i.e. a VM-Fail detected by hardware but not KVM, KVM must unwind its
3549 * software model to the pre-VMEntry host state. When EPT is disabled,
3550 * GUEST_CR3 holds KVM's shadow CR3, not L1's "real" CR3, which causes
3551 * nested_vmx_restore_host_state() to corrupt vcpu->arch.cr3. Stuffing
3552 * vmcs01.GUEST_CR3 results in the unwind naturally setting arch.cr3 to
3553 * the correct value. Smashing vmcs01.GUEST_CR3 is safe because nested
3554 * VM-Exits, and the unwind, reset KVM's MMU, i.e. vmcs01.GUEST_CR3 is
3555 * guaranteed to be overwritten with a shadow CR3 prior to re-entering
3556 * L1. Don't stuff vmcs01.GUEST_CR3 when using nested early checks as
3557 * KVM modifies vcpu->arch.cr3 if and only if the early hardware checks
3558 * pass, and early VM-Fails do not reset KVM's MMU, i.e. the VM-Fail
3559 * path would need to manually save/restore vmcs01.GUEST_CR3.
3561 if (!enable_ept && !nested_early_check)
3562 vmcs_writel(GUEST_CR3, vcpu->arch.cr3);
3564 vmx_switch_vmcs(vcpu, &vmx->nested.vmcs02);
3566 prepare_vmcs02_early(vmx, &vmx->vmcs01, vmcs12);
3569 if (unlikely(!nested_get_vmcs12_pages(vcpu))) {
3570 vmx_switch_vmcs(vcpu, &vmx->vmcs01);
3571 return NVMX_VMENTRY_KVM_INTERNAL_ERROR;
3574 if (nested_vmx_check_vmentry_hw(vcpu)) {
3575 vmx_switch_vmcs(vcpu, &vmx->vmcs01);
3576 return NVMX_VMENTRY_VMFAIL;
3579 if (nested_vmx_check_guest_state(vcpu, vmcs12,
3580 &entry_failure_code)) {
3581 exit_reason.basic = EXIT_REASON_INVALID_STATE;
3582 vmcs12->exit_qualification = entry_failure_code;
3583 goto vmentry_fail_vmexit;
3587 enter_guest_mode(vcpu);
3589 if (prepare_vmcs02(vcpu, vmcs12, from_vmentry, &entry_failure_code)) {
3590 exit_reason.basic = EXIT_REASON_INVALID_STATE;
3591 vmcs12->exit_qualification = entry_failure_code;
3592 goto vmentry_fail_vmexit_guest_mode;
3596 failed_index = nested_vmx_load_msr(vcpu,
3597 vmcs12->vm_entry_msr_load_addr,
3598 vmcs12->vm_entry_msr_load_count);
3600 exit_reason.basic = EXIT_REASON_MSR_LOAD_FAIL;
3601 vmcs12->exit_qualification = failed_index;
3602 goto vmentry_fail_vmexit_guest_mode;
3606 * The MMU is not initialized to point at the right entities yet and
3607 * "get pages" would need to read data from the guest (i.e. we will
3608 * need to perform gpa to hpa translation). Request a call
3609 * to nested_get_vmcs12_pages before the next VM-entry. The MSRs
3610 * have already been set at vmentry time and should not be reset.
3612 kvm_make_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu);
3616 * Re-evaluate pending events if L1 had a pending IRQ/NMI/INIT/SIPI
3617 * when it executed VMLAUNCH/VMRESUME, as entering non-root mode can
3618 * effectively unblock various events, e.g. INIT/SIPI cause VM-Exit
3621 if (unlikely(evaluate_pending_interrupts))
3622 kvm_make_request(KVM_REQ_EVENT, vcpu);
3625 * Do not start the preemption timer hrtimer until after we know
3626 * we are successful, so that only nested_vmx_vmexit needs to cancel
3629 vmx->nested.preemption_timer_expired = false;
3630 if (nested_cpu_has_preemption_timer(vmcs12)) {
3631 u64 timer_value = vmx_calc_preemption_timer_value(vcpu);
3632 vmx_start_preemption_timer(vcpu, timer_value);
3636 * Note no nested_vmx_succeed or nested_vmx_fail here. At this point
3637 * we are no longer running L1, and VMLAUNCH/VMRESUME has not yet
3638 * returned as far as L1 is concerned. It will only return (and set
3639 * the success flag) when L2 exits (see nested_vmx_vmexit()).
3641 return NVMX_VMENTRY_SUCCESS;
3644 * A failed consistency check that leads to a VMExit during L1's
3645 * VMEnter to L2 is a variation of a normal VMexit, as explained in
3646 * 26.7 "VM-entry failures during or after loading guest state".
3648 vmentry_fail_vmexit_guest_mode:
3649 if (vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_TSC_OFFSETTING)
3650 vcpu->arch.tsc_offset -= vmcs12->tsc_offset;
3651 leave_guest_mode(vcpu);
3653 vmentry_fail_vmexit:
3654 vmx_switch_vmcs(vcpu, &vmx->vmcs01);
3657 return NVMX_VMENTRY_VMEXIT;
3659 load_vmcs12_host_state(vcpu, vmcs12);
3660 vmcs12->vm_exit_reason = exit_reason.full;
3661 if (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx))
3662 vmx->nested.need_vmcs12_to_shadow_sync = true;
3663 return NVMX_VMENTRY_VMEXIT;
3667 * nested_vmx_run() handles a nested entry, i.e., a VMLAUNCH or VMRESUME on L1
3668 * for running an L2 nested guest.
3670 static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
3672 struct vmcs12 *vmcs12;
3673 enum nvmx_vmentry_status status;
3674 struct vcpu_vmx *vmx = to_vmx(vcpu);
3675 u32 interrupt_shadow = vmx_get_interrupt_shadow(vcpu);
3676 enum nested_evmptrld_status evmptrld_status;
3678 if (!nested_vmx_check_permission(vcpu))
3681 evmptrld_status = nested_vmx_handle_enlightened_vmptrld(vcpu, launch);
3682 if (evmptrld_status == EVMPTRLD_ERROR) {
3683 kvm_queue_exception(vcpu, UD_VECTOR);
3687 kvm_pmu_trigger_event(vcpu, kvm_pmu_eventsel.BRANCH_INSTRUCTIONS_RETIRED);
3689 if (CC(evmptrld_status == EVMPTRLD_VMFAIL))
3690 return nested_vmx_failInvalid(vcpu);
3692 if (CC(!nested_vmx_is_evmptr12_valid(vmx) &&
3693 vmx->nested.current_vmptr == INVALID_GPA))
3694 return nested_vmx_failInvalid(vcpu);
3696 vmcs12 = get_vmcs12(vcpu);
3699 * Can't VMLAUNCH or VMRESUME a shadow VMCS. Despite the fact
3700 * that there *is* a valid VMCS pointer, RFLAGS.CF is set
3701 * rather than RFLAGS.ZF, and no error number is stored to the
3702 * VM-instruction error field.
3704 if (CC(vmcs12->hdr.shadow_vmcs))
3705 return nested_vmx_failInvalid(vcpu);
3707 if (nested_vmx_is_evmptr12_valid(vmx)) {
3708 struct hv_enlightened_vmcs *evmcs = nested_vmx_evmcs(vmx);
3710 copy_enlightened_to_vmcs12(vmx, evmcs->hv_clean_fields);
3711 /* Enlightened VMCS doesn't have launch state */
3712 vmcs12->launch_state = !launch;
3713 } else if (enable_shadow_vmcs) {
3714 copy_shadow_to_vmcs12(vmx);
3718 * The nested entry process starts with enforcing various prerequisites
3719 * on vmcs12 as required by the Intel SDM, and act appropriately when
3720 * they fail: As the SDM explains, some conditions should cause the
3721 * instruction to fail, while others will cause the instruction to seem
3722 * to succeed, but return an EXIT_REASON_INVALID_STATE.
3723 * To speed up the normal (success) code path, we should avoid checking
3724 * for misconfigurations which will anyway be caught by the processor
3725 * when using the merged vmcs02.
3727 if (CC(interrupt_shadow & KVM_X86_SHADOW_INT_MOV_SS))
3728 return nested_vmx_fail(vcpu, VMXERR_ENTRY_EVENTS_BLOCKED_BY_MOV_SS);
3730 if (CC(vmcs12->launch_state == launch))
3731 return nested_vmx_fail(vcpu,
3732 launch ? VMXERR_VMLAUNCH_NONCLEAR_VMCS
3733 : VMXERR_VMRESUME_NONLAUNCHED_VMCS);
3735 if (nested_vmx_check_controls(vcpu, vmcs12))
3736 return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
3738 if (nested_vmx_check_address_space_size(vcpu, vmcs12))
3739 return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);
3741 if (nested_vmx_check_host_state(vcpu, vmcs12))
3742 return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);
3745 * We're finally done with prerequisite checking, and can start with
3748 vmx->nested.nested_run_pending = 1;
3749 vmx->nested.has_preemption_timer_deadline = false;
3750 status = nested_vmx_enter_non_root_mode(vcpu, true);
3751 if (unlikely(status != NVMX_VMENTRY_SUCCESS))
3752 goto vmentry_failed;
3754 /* Emulate processing of posted interrupts on VM-Enter. */
3755 if (nested_cpu_has_posted_intr(vmcs12) &&
3756 kvm_apic_has_interrupt(vcpu) == vmx->nested.posted_intr_nv) {
3757 vmx->nested.pi_pending = true;
3758 kvm_make_request(KVM_REQ_EVENT, vcpu);
3759 kvm_apic_clear_irr(vcpu, vmx->nested.posted_intr_nv);
3762 /* Hide L1D cache contents from the nested guest. */
3763 vmx->vcpu.arch.l1tf_flush_l1d = true;
3766 * Must happen outside of nested_vmx_enter_non_root_mode() as it will
3767 * also be used as part of restoring nVMX state for
3768 * snapshot restore (migration).
3770 * In this flow, it is assumed that vmcs12 cache was
3771 * transferred as part of captured nVMX state and should
3772 * therefore not be read from guest memory (which may not
3773 * exist on destination host yet).
3775 nested_cache_shadow_vmcs12(vcpu, vmcs12);
3777 switch (vmcs12->guest_activity_state) {
3778 case GUEST_ACTIVITY_HLT:
3780 * If we're entering a halted L2 vcpu and the L2 vcpu won't be
3781 * awakened by event injection or by an NMI-window VM-exit or
3782 * by an interrupt-window VM-exit, halt the vcpu.
3784 if (!(vmcs12->vm_entry_intr_info_field & INTR_INFO_VALID_MASK) &&
3785 !nested_cpu_has(vmcs12, CPU_BASED_NMI_WINDOW_EXITING) &&
3786 !(nested_cpu_has(vmcs12, CPU_BASED_INTR_WINDOW_EXITING) &&
3787 (vmcs12->guest_rflags & X86_EFLAGS_IF))) {
3788 vmx->nested.nested_run_pending = 0;
3789 return kvm_emulate_halt_noskip(vcpu);
3792 case GUEST_ACTIVITY_WAIT_SIPI:
3793 vmx->nested.nested_run_pending = 0;
3794 vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
3803 vmx->nested.nested_run_pending = 0;
3804 if (status == NVMX_VMENTRY_KVM_INTERNAL_ERROR)
3806 if (status == NVMX_VMENTRY_VMEXIT)
3808 WARN_ON_ONCE(status != NVMX_VMENTRY_VMFAIL);
3809 return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
3813 * On a nested exit from L2 to L1, vmcs12.guest_cr0 might not be up-to-date
3814 * because L2 may have changed some cr0 bits directly (CR0_GUEST_HOST_MASK).
3815 * This function returns the new value we should put in vmcs12.guest_cr0.
3816 * It's not enough to just return the vmcs02 GUEST_CR0. Rather,
3817 * 1. Bits that neither L0 nor L1 trapped, were set directly by L2 and are now
3818 * available in vmcs02 GUEST_CR0. (Note: It's enough to check that L0
3819 * didn't trap the bit, because if L1 did, so would L0).
3820 * 2. Bits that L1 asked to trap (and therefore L0 also did) could not have
3821 * been modified by L2, and L1 knows it. So just leave the old value of
3822 * the bit from vmcs12.guest_cr0. Note that the bit from vmcs02 GUEST_CR0
3823 * isn't relevant, because if L0 traps this bit it can set it to anything.
3824 * 3. Bits that L1 didn't trap, but L0 did. L1 believes the guest could have
3825 * changed these bits, and therefore they need to be updated, but L0
3826 * didn't necessarily allow them to be changed in GUEST_CR0 - and rather
3827 * put them in vmcs02 CR0_READ_SHADOW. So take these bits from there.
3829 static inline unsigned long
3830 vmcs12_guest_cr0(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
3833 /*1*/ (vmcs_readl(GUEST_CR0) & vcpu->arch.cr0_guest_owned_bits) |
3834 /*2*/ (vmcs12->guest_cr0 & vmcs12->cr0_guest_host_mask) |
3835 /*3*/ (vmcs_readl(CR0_READ_SHADOW) & ~(vmcs12->cr0_guest_host_mask |
3836 vcpu->arch.cr0_guest_owned_bits));
3839 static inline unsigned long
3840 vmcs12_guest_cr4(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
3843 /*1*/ (vmcs_readl(GUEST_CR4) & vcpu->arch.cr4_guest_owned_bits) |
3844 /*2*/ (vmcs12->guest_cr4 & vmcs12->cr4_guest_host_mask) |
3845 /*3*/ (vmcs_readl(CR4_READ_SHADOW) & ~(vmcs12->cr4_guest_host_mask |
3846 vcpu->arch.cr4_guest_owned_bits));
3849 static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu,
3850 struct vmcs12 *vmcs12,
3851 u32 vm_exit_reason, u32 exit_intr_info)
3857 * Per the SDM, VM-Exits due to double and triple faults are never
3858 * considered to occur during event delivery, even if the double/triple
3859 * fault is the result of an escalating vectoring issue.
3861 * Note, the SDM qualifies the double fault behavior with "The original
3862 * event results in a double-fault exception". It's unclear why the
3863 * qualification exists since exits due to double fault can occur only
3864 * while vectoring a different exception (injected events are never
3865 * subject to interception), i.e. there's _always_ an original event.
3867 * The SDM also uses NMI as a confusing example for the "original event
3868 * causes the VM exit directly" clause. NMI isn't special in any way,
3869 * the same rule applies to all events that cause an exit directly.
3870 * NMI is an odd choice for the example because NMIs can only occur on
3871 * instruction boundaries, i.e. they _can't_ occur during vectoring.
3873 if ((u16)vm_exit_reason == EXIT_REASON_TRIPLE_FAULT ||
3874 ((u16)vm_exit_reason == EXIT_REASON_EXCEPTION_NMI &&
3875 is_double_fault(exit_intr_info))) {
3876 vmcs12->idt_vectoring_info_field = 0;
3877 } else if (vcpu->arch.exception.injected) {
3878 nr = vcpu->arch.exception.vector;
3879 idt_vectoring = nr | VECTORING_INFO_VALID_MASK;
3881 if (kvm_exception_is_soft(nr)) {
3882 vmcs12->vm_exit_instruction_len =
3883 vcpu->arch.event_exit_inst_len;
3884 idt_vectoring |= INTR_TYPE_SOFT_EXCEPTION;
3886 idt_vectoring |= INTR_TYPE_HARD_EXCEPTION;
3888 if (vcpu->arch.exception.has_error_code) {
3889 idt_vectoring |= VECTORING_INFO_DELIVER_CODE_MASK;
3890 vmcs12->idt_vectoring_error_code =
3891 vcpu->arch.exception.error_code;
3894 vmcs12->idt_vectoring_info_field = idt_vectoring;
3895 } else if (vcpu->arch.nmi_injected) {
3896 vmcs12->idt_vectoring_info_field =
3897 INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR;
3898 } else if (vcpu->arch.interrupt.injected) {
3899 nr = vcpu->arch.interrupt.nr;
3900 idt_vectoring = nr | VECTORING_INFO_VALID_MASK;
3902 if (vcpu->arch.interrupt.soft) {
3903 idt_vectoring |= INTR_TYPE_SOFT_INTR;
3904 vmcs12->vm_entry_instruction_len =
3905 vcpu->arch.event_exit_inst_len;
3907 idt_vectoring |= INTR_TYPE_EXT_INTR;
3909 vmcs12->idt_vectoring_info_field = idt_vectoring;
3911 vmcs12->idt_vectoring_info_field = 0;
3916 void nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu)
3918 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
3922 * Don't need to mark the APIC access page dirty; it is never
3923 * written to by the CPU during APIC virtualization.
3926 if (nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) {
3927 gfn = vmcs12->virtual_apic_page_addr >> PAGE_SHIFT;
3928 kvm_vcpu_mark_page_dirty(vcpu, gfn);
3931 if (nested_cpu_has_posted_intr(vmcs12)) {
3932 gfn = vmcs12->posted_intr_desc_addr >> PAGE_SHIFT;
3933 kvm_vcpu_mark_page_dirty(vcpu, gfn);
3937 static int vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu)
3939 struct vcpu_vmx *vmx = to_vmx(vcpu);
3944 if (!vmx->nested.pi_pending)
3947 if (!vmx->nested.pi_desc)
3950 vmx->nested.pi_pending = false;
3952 if (!pi_test_and_clear_on(vmx->nested.pi_desc))
3955 max_irr = pi_find_highest_vector(vmx->nested.pi_desc);
3957 vapic_page = vmx->nested.virtual_apic_map.hva;
3961 __kvm_apic_update_irr(vmx->nested.pi_desc->pir,
3962 vapic_page, &max_irr);
3963 status = vmcs_read16(GUEST_INTR_STATUS);
3964 if ((u8)max_irr > ((u8)status & 0xff)) {
3966 status |= (u8)max_irr;
3967 vmcs_write16(GUEST_INTR_STATUS, status);
3971 nested_mark_vmcs12_pages_dirty(vcpu);
3975 kvm_handle_memory_failure(vcpu, X86EMUL_IO_NEEDED, NULL);
3979 static void nested_vmx_inject_exception_vmexit(struct kvm_vcpu *vcpu)
3981 struct kvm_queued_exception *ex = &vcpu->arch.exception_vmexit;
3982 u32 intr_info = ex->vector | INTR_INFO_VALID_MASK;
3983 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
3984 unsigned long exit_qual;
3986 if (ex->has_payload) {
3987 exit_qual = ex->payload;
3988 } else if (ex->vector == PF_VECTOR) {
3989 exit_qual = vcpu->arch.cr2;
3990 } else if (ex->vector == DB_VECTOR) {
3991 exit_qual = vcpu->arch.dr6;
3992 exit_qual &= ~DR6_BT;
3993 exit_qual ^= DR6_ACTIVE_LOW;
3999 * Unlike AMD's Paged Real Mode, which reports an error code on #PF
4000 * VM-Exits even if the CPU is in Real Mode, Intel VMX never sets the
4001 * "has error code" flags on VM-Exit if the CPU is in Real Mode.
4003 if (ex->has_error_code && is_protmode(vcpu)) {
4005 * Intel CPUs do not generate error codes with bits 31:16 set,
4006 * and more importantly VMX disallows setting bits 31:16 in the
4007 * injected error code for VM-Entry. Drop the bits to mimic
4008 * hardware and avoid inducing failure on nested VM-Entry if L1
4009 * chooses to inject the exception back to L2. AMD CPUs _do_
4010 * generate "full" 32-bit error codes, so KVM allows userspace
4011 * to inject exception error codes with bits 31:16 set.
4013 vmcs12->vm_exit_intr_error_code = (u16)ex->error_code;
4014 intr_info |= INTR_INFO_DELIVER_CODE_MASK;
4017 if (kvm_exception_is_soft(ex->vector))
4018 intr_info |= INTR_TYPE_SOFT_EXCEPTION;
4020 intr_info |= INTR_TYPE_HARD_EXCEPTION;
4022 if (!(vmcs12->idt_vectoring_info_field & VECTORING_INFO_VALID_MASK) &&
4023 vmx_get_nmi_mask(vcpu))
4024 intr_info |= INTR_INFO_UNBLOCK_NMI;
4026 nested_vmx_vmexit(vcpu, EXIT_REASON_EXCEPTION_NMI, intr_info, exit_qual);
4030 * Returns true if a debug trap is (likely) pending delivery. Infer the class
4031 * of a #DB (trap-like vs. fault-like) from the exception payload (to-be-DR6).
4032 * Using the payload is flawed because code breakpoints (fault-like) and data
4033 * breakpoints (trap-like) set the same bits in DR6 (breakpoint detected), i.e.
4034 * this will return false positives if a to-be-injected code breakpoint #DB is
4035 * pending (from KVM's perspective, but not "pending" across an instruction
4036 * boundary). ICEBP, a.k.a. INT1, is also not reflected here even though it
4039 * KVM "works" despite these flaws as ICEBP isn't currently supported by the
4040 * emulator, Monitor Trap Flag is not marked pending on intercepted #DBs (the
4041 * #DB has already happened), and MTF isn't marked pending on code breakpoints
4042 * from the emulator (because such #DBs are fault-like and thus don't trigger
4043 * actions that fire on instruction retire).
4045 static unsigned long vmx_get_pending_dbg_trap(struct kvm_queued_exception *ex)
4047 if (!ex->pending || ex->vector != DB_VECTOR)
4050 /* General Detect #DBs are always fault-like. */
4051 return ex->payload & ~DR6_BD;
4055 * Returns true if there's a pending #DB exception that is lower priority than
4056 * a pending Monitor Trap Flag VM-Exit. TSS T-flag #DBs are not emulated by
4057 * KVM, but could theoretically be injected by userspace. Note, this code is
4058 * imperfect, see above.
4060 static bool vmx_is_low_priority_db_trap(struct kvm_queued_exception *ex)
4062 return vmx_get_pending_dbg_trap(ex) & ~DR6_BT;
4066 * Certain VM-exits set the 'pending debug exceptions' field to indicate a
4067 * recognized #DB (data or single-step) that has yet to be delivered. Since KVM
4068 * represents these debug traps with a payload that is said to be compatible
4069 * with the 'pending debug exceptions' field, write the payload to the VMCS
4070 * field if a VM-exit is delivered before the debug trap.
4072 static void nested_vmx_update_pending_dbg(struct kvm_vcpu *vcpu)
4074 unsigned long pending_dbg;
4076 pending_dbg = vmx_get_pending_dbg_trap(&vcpu->arch.exception);
4078 vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS, pending_dbg);
4081 static bool nested_vmx_preemption_timer_pending(struct kvm_vcpu *vcpu)
4083 return nested_cpu_has_preemption_timer(get_vmcs12(vcpu)) &&
4084 to_vmx(vcpu)->nested.preemption_timer_expired;
4087 static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection)
4089 struct vcpu_vmx *vmx = to_vmx(vcpu);
4090 void *vapic = vmx->nested.virtual_apic_map.hva;
4093 if (nested_vmx_preemption_timer_pending(vcpu) ||
4094 vmx->nested.mtf_pending)
4098 * Virtual Interrupt Delivery doesn't require manual injection. Either
4099 * the interrupt is already in GUEST_RVI and will be recognized by CPU
4100 * at VM-Entry, or there is a KVM_REQ_EVENT pending and KVM will move
4101 * the interrupt from the PIR to RVI prior to entering the guest.
4106 if (!nested_cpu_has_vid(get_vmcs12(vcpu)) ||
4107 __vmx_interrupt_blocked(vcpu))
4113 vppr = *((u32 *)(vapic + APIC_PROCPRI));
4115 max_irr = vmx_get_rvi();
4116 if ((max_irr & 0xf0) > (vppr & 0xf0))
4119 if (vmx->nested.pi_pending && vmx->nested.pi_desc &&
4120 pi_test_on(vmx->nested.pi_desc)) {
4121 max_irr = pi_find_highest_vector(vmx->nested.pi_desc);
4122 if (max_irr > 0 && (max_irr & 0xf0) > (vppr & 0xf0))
4130 * Per the Intel SDM's table "Priority Among Concurrent Events", with minor
4131 * edits to fill in missing examples, e.g. #DB due to split-lock accesses,
4132 * and less minor edits to splice in the priority of VMX Non-Root specific
4133 * events, e.g. MTF and NMI/INTR-window exiting.
4135 * 1 Hardware Reset and Machine Checks
4139 * 2 Trap on Task Switch
4140 * - T flag in TSS is set (on task switch)
4142 * 3 External Hardware Interventions
4148 * 3.5 Monitor Trap Flag (MTF) VM-exit[1]
4150 * 4 Traps on Previous Instruction
4152 * - Trap-class Debug Exceptions (#DB due to TF flag set, data/I-O
4153 * breakpoint, or #DB due to a split-lock access)
4155 * 4.3 VMX-preemption timer expired VM-exit
4157 * 4.6 NMI-window exiting VM-exit[2]
4159 * 5 Nonmaskable Interrupts (NMI)
4161 * 5.5 Interrupt-window exiting VM-exit and Virtual-interrupt delivery
4163 * 6 Maskable Hardware Interrupts
4165 * 7 Code Breakpoint Fault
4167 * 8 Faults from Fetching Next Instruction
4168 * - Code-Segment Limit Violation
4170 * - Control protection exception (missing ENDBRANCH at target of indirect
4173 * 9 Faults from Decoding Next Instruction
4174 * - Instruction length > 15 bytes
4176 * - Coprocessor Not Available
4178 *10 Faults on Executing Instruction
4182 * - Segment Not Present
4184 * - General Protection
4187 * - x86 FPU Floating-point exception
4188 * - SIMD floating-point exception
4189 * - Virtualization exception
4190 * - Control protection exception
4192 * [1] Per the "Monitor Trap Flag" section: System-management interrupts (SMIs),
4193 * INIT signals, and higher priority events take priority over MTF VM exits.
4194 * MTF VM exits take priority over debug-trap exceptions and lower priority
4197 * [2] Debug-trap exceptions and higher priority events take priority over VM exits
4198 * caused by the VMX-preemption timer. VM exits caused by the VMX-preemption
4199 * timer take priority over VM exits caused by the "NMI-window exiting"
4200 * VM-execution control and lower priority events.
4202 * [3] Debug-trap exceptions and higher priority events take priority over VM exits
4203 * caused by "NMI-window exiting". VM exits caused by this control take
4204 * priority over non-maskable interrupts (NMIs) and lower priority events.
4206 * [4] Virtual-interrupt delivery has the same priority as that of VM exits due to
4207 * the 1-setting of the "interrupt-window exiting" VM-execution control. Thus,
4208 * non-maskable interrupts (NMIs) and higher priority events take priority over
4209 * delivery of a virtual interrupt; delivery of a virtual interrupt takes
4210 * priority over external interrupts and lower priority events.
4212 static int vmx_check_nested_events(struct kvm_vcpu *vcpu)
4214 struct kvm_lapic *apic = vcpu->arch.apic;
4215 struct vcpu_vmx *vmx = to_vmx(vcpu);
4217 * Only a pending nested run blocks a pending exception. If there is a
4218 * previously injected event, the pending exception occurred while said
4219 * event was being delivered and thus needs to be handled.
4221 bool block_nested_exceptions = vmx->nested.nested_run_pending;
4223 * New events (not exceptions) are only recognized at instruction
4224 * boundaries. If an event needs reinjection, then KVM is handling a
4225 * VM-Exit that occurred _during_ instruction execution; new events are
4226 * blocked until the instruction completes.
4228 bool block_nested_events = block_nested_exceptions ||
4229 kvm_event_needs_reinjection(vcpu);
4231 if (lapic_in_kernel(vcpu) &&
4232 test_bit(KVM_APIC_INIT, &apic->pending_events)) {
4233 if (block_nested_events)
4235 nested_vmx_update_pending_dbg(vcpu);
4236 clear_bit(KVM_APIC_INIT, &apic->pending_events);
4237 if (vcpu->arch.mp_state != KVM_MP_STATE_INIT_RECEIVED)
4238 nested_vmx_vmexit(vcpu, EXIT_REASON_INIT_SIGNAL, 0, 0);
4240 /* MTF is discarded if the vCPU is in WFS. */
4241 vmx->nested.mtf_pending = false;
4245 if (lapic_in_kernel(vcpu) &&
4246 test_bit(KVM_APIC_SIPI, &apic->pending_events)) {
4247 if (block_nested_events)
4250 clear_bit(KVM_APIC_SIPI, &apic->pending_events);
4251 if (vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
4252 nested_vmx_vmexit(vcpu, EXIT_REASON_SIPI_SIGNAL, 0,
4253 apic->sipi_vector & 0xFFUL);
4256 /* Fallthrough, the SIPI is completely ignored. */
4260 * Process exceptions that are higher priority than Monitor Trap Flag:
4261 * fault-like exceptions, TSS T flag #DB (not emulated by KVM, but
4262 * could theoretically come in from userspace), and ICEBP (INT1).
4264 * TODO: SMIs have higher priority than MTF and trap-like #DBs (except
4265 * for TSS T flag #DBs). KVM also doesn't save/restore pending MTF
4266 * across SMI/RSM as it should; that needs to be addressed in order to
4267 * prioritize SMI over MTF and trap-like #DBs.
4269 if (vcpu->arch.exception_vmexit.pending &&
4270 !vmx_is_low_priority_db_trap(&vcpu->arch.exception_vmexit)) {
4271 if (block_nested_exceptions)
4274 nested_vmx_inject_exception_vmexit(vcpu);
4278 if (vcpu->arch.exception.pending &&
4279 !vmx_is_low_priority_db_trap(&vcpu->arch.exception)) {
4280 if (block_nested_exceptions)
4285 if (vmx->nested.mtf_pending) {
4286 if (block_nested_events)
4288 nested_vmx_update_pending_dbg(vcpu);
4289 nested_vmx_vmexit(vcpu, EXIT_REASON_MONITOR_TRAP_FLAG, 0, 0);
4293 if (vcpu->arch.exception_vmexit.pending) {
4294 if (block_nested_exceptions)
4297 nested_vmx_inject_exception_vmexit(vcpu);
4301 if (vcpu->arch.exception.pending) {
4302 if (block_nested_exceptions)
4307 if (nested_vmx_preemption_timer_pending(vcpu)) {
4308 if (block_nested_events)
4310 nested_vmx_vmexit(vcpu, EXIT_REASON_PREEMPTION_TIMER, 0, 0);
4314 if (vcpu->arch.smi_pending && !is_smm(vcpu)) {
4315 if (block_nested_events)
4320 if (vcpu->arch.nmi_pending && !vmx_nmi_blocked(vcpu)) {
4321 if (block_nested_events)
4323 if (!nested_exit_on_nmi(vcpu))
4326 nested_vmx_vmexit(vcpu, EXIT_REASON_EXCEPTION_NMI,
4327 NMI_VECTOR | INTR_TYPE_NMI_INTR |
4328 INTR_INFO_VALID_MASK, 0);
4330 * The NMI-triggered VM exit counts as injection:
4331 * clear this one and block further NMIs.
4333 vcpu->arch.nmi_pending = 0;
4334 vmx_set_nmi_mask(vcpu, true);
4338 if (kvm_cpu_has_interrupt(vcpu) && !vmx_interrupt_blocked(vcpu)) {
4341 if (block_nested_events)
4343 if (!nested_exit_on_intr(vcpu))
4346 if (!nested_exit_intr_ack_set(vcpu)) {
4347 nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT, 0, 0);
4351 irq = kvm_cpu_get_extint(vcpu);
4353 nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT,
4354 INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | irq, 0);
4358 irq = kvm_apic_has_interrupt(vcpu);
4359 if (WARN_ON_ONCE(irq < 0))
4363 * If the IRQ is L2's PI notification vector, process posted
4364 * interrupts for L2 instead of injecting VM-Exit, as the
4365 * detection/morphing architecturally occurs when the IRQ is
4366 * delivered to the CPU. Note, only interrupts that are routed
4367 * through the local APIC trigger posted interrupt processing,
4368 * and enabling posted interrupts requires ACK-on-exit.
4370 if (irq == vmx->nested.posted_intr_nv) {
4371 vmx->nested.pi_pending = true;
4372 kvm_apic_clear_irr(vcpu, irq);
4376 nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT,
4377 INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | irq, 0);
4380 * ACK the interrupt _after_ emulating VM-Exit, as the IRQ must
4381 * be marked as in-service in vmcs01.GUEST_INTERRUPT_STATUS.SVI
4382 * if APICv is active.
4384 kvm_apic_ack_interrupt(vcpu, irq);
4389 return vmx_complete_nested_posted_interrupt(vcpu);
4392 static u32 vmx_get_preemption_timer_value(struct kvm_vcpu *vcpu)
4395 hrtimer_get_remaining(&to_vmx(vcpu)->nested.preemption_timer);
4398 if (ktime_to_ns(remaining) <= 0)
4401 value = ktime_to_ns(remaining) * vcpu->arch.virtual_tsc_khz;
4402 do_div(value, 1000000);
4403 return value >> VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE;
4406 static bool is_vmcs12_ext_field(unsigned long field)
4409 case GUEST_ES_SELECTOR:
4410 case GUEST_CS_SELECTOR:
4411 case GUEST_SS_SELECTOR:
4412 case GUEST_DS_SELECTOR:
4413 case GUEST_FS_SELECTOR:
4414 case GUEST_GS_SELECTOR:
4415 case GUEST_LDTR_SELECTOR:
4416 case GUEST_TR_SELECTOR:
4417 case GUEST_ES_LIMIT:
4418 case GUEST_CS_LIMIT:
4419 case GUEST_SS_LIMIT:
4420 case GUEST_DS_LIMIT:
4421 case GUEST_FS_LIMIT:
4422 case GUEST_GS_LIMIT:
4423 case GUEST_LDTR_LIMIT:
4424 case GUEST_TR_LIMIT:
4425 case GUEST_GDTR_LIMIT:
4426 case GUEST_IDTR_LIMIT:
4427 case GUEST_ES_AR_BYTES:
4428 case GUEST_DS_AR_BYTES:
4429 case GUEST_FS_AR_BYTES:
4430 case GUEST_GS_AR_BYTES:
4431 case GUEST_LDTR_AR_BYTES:
4432 case GUEST_TR_AR_BYTES:
4439 case GUEST_LDTR_BASE:
4441 case GUEST_GDTR_BASE:
4442 case GUEST_IDTR_BASE:
4443 case GUEST_PENDING_DBG_EXCEPTIONS:
4453 static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu,
4454 struct vmcs12 *vmcs12)
4456 struct vcpu_vmx *vmx = to_vmx(vcpu);
4458 vmcs12->guest_es_selector = vmcs_read16(GUEST_ES_SELECTOR);
4459 vmcs12->guest_cs_selector = vmcs_read16(GUEST_CS_SELECTOR);
4460 vmcs12->guest_ss_selector = vmcs_read16(GUEST_SS_SELECTOR);
4461 vmcs12->guest_ds_selector = vmcs_read16(GUEST_DS_SELECTOR);
4462 vmcs12->guest_fs_selector = vmcs_read16(GUEST_FS_SELECTOR);
4463 vmcs12->guest_gs_selector = vmcs_read16(GUEST_GS_SELECTOR);
4464 vmcs12->guest_ldtr_selector = vmcs_read16(GUEST_LDTR_SELECTOR);
4465 vmcs12->guest_tr_selector = vmcs_read16(GUEST_TR_SELECTOR);
4466 vmcs12->guest_es_limit = vmcs_read32(GUEST_ES_LIMIT);
4467 vmcs12->guest_cs_limit = vmcs_read32(GUEST_CS_LIMIT);
4468 vmcs12->guest_ss_limit = vmcs_read32(GUEST_SS_LIMIT);
4469 vmcs12->guest_ds_limit = vmcs_read32(GUEST_DS_LIMIT);
4470 vmcs12->guest_fs_limit = vmcs_read32(GUEST_FS_LIMIT);
4471 vmcs12->guest_gs_limit = vmcs_read32(GUEST_GS_LIMIT);
4472 vmcs12->guest_ldtr_limit = vmcs_read32(GUEST_LDTR_LIMIT);
4473 vmcs12->guest_tr_limit = vmcs_read32(GUEST_TR_LIMIT);
4474 vmcs12->guest_gdtr_limit = vmcs_read32(GUEST_GDTR_LIMIT);
4475 vmcs12->guest_idtr_limit = vmcs_read32(GUEST_IDTR_LIMIT);
4476 vmcs12->guest_es_ar_bytes = vmcs_read32(GUEST_ES_AR_BYTES);
4477 vmcs12->guest_ds_ar_bytes = vmcs_read32(GUEST_DS_AR_BYTES);
4478 vmcs12->guest_fs_ar_bytes = vmcs_read32(GUEST_FS_AR_BYTES);
4479 vmcs12->guest_gs_ar_bytes = vmcs_read32(GUEST_GS_AR_BYTES);
4480 vmcs12->guest_ldtr_ar_bytes = vmcs_read32(GUEST_LDTR_AR_BYTES);
4481 vmcs12->guest_tr_ar_bytes = vmcs_read32(GUEST_TR_AR_BYTES);
4482 vmcs12->guest_es_base = vmcs_readl(GUEST_ES_BASE);
4483 vmcs12->guest_cs_base = vmcs_readl(GUEST_CS_BASE);
4484 vmcs12->guest_ss_base = vmcs_readl(GUEST_SS_BASE);
4485 vmcs12->guest_ds_base = vmcs_readl(GUEST_DS_BASE);
4486 vmcs12->guest_fs_base = vmcs_readl(GUEST_FS_BASE);
4487 vmcs12->guest_gs_base = vmcs_readl(GUEST_GS_BASE);
4488 vmcs12->guest_ldtr_base = vmcs_readl(GUEST_LDTR_BASE);
4489 vmcs12->guest_tr_base = vmcs_readl(GUEST_TR_BASE);
4490 vmcs12->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE);
4491 vmcs12->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE);
4492 vmcs12->guest_pending_dbg_exceptions =
4493 vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
4495 vmx->nested.need_sync_vmcs02_to_vmcs12_rare = false;
4498 static void copy_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu,
4499 struct vmcs12 *vmcs12)
4501 struct vcpu_vmx *vmx = to_vmx(vcpu);
4504 if (!vmx->nested.need_sync_vmcs02_to_vmcs12_rare)
4508 WARN_ON_ONCE(vmx->loaded_vmcs != &vmx->vmcs01);
4511 vmx->loaded_vmcs = &vmx->nested.vmcs02;
4512 vmx_vcpu_load_vmcs(vcpu, cpu, &vmx->vmcs01);
4514 sync_vmcs02_to_vmcs12_rare(vcpu, vmcs12);
4516 vmx->loaded_vmcs = &vmx->vmcs01;
4517 vmx_vcpu_load_vmcs(vcpu, cpu, &vmx->nested.vmcs02);
4522 * Update the guest state fields of vmcs12 to reflect changes that
4523 * occurred while L2 was running. (The "IA-32e mode guest" bit of the
4524 * VM-entry controls is also updated, since this is really a guest
4527 static void sync_vmcs02_to_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
4529 struct vcpu_vmx *vmx = to_vmx(vcpu);
4531 if (nested_vmx_is_evmptr12_valid(vmx))
4532 sync_vmcs02_to_vmcs12_rare(vcpu, vmcs12);
4534 vmx->nested.need_sync_vmcs02_to_vmcs12_rare =
4535 !nested_vmx_is_evmptr12_valid(vmx);
4537 vmcs12->guest_cr0 = vmcs12_guest_cr0(vcpu, vmcs12);
4538 vmcs12->guest_cr4 = vmcs12_guest_cr4(vcpu, vmcs12);
4540 vmcs12->guest_rsp = kvm_rsp_read(vcpu);
4541 vmcs12->guest_rip = kvm_rip_read(vcpu);
4542 vmcs12->guest_rflags = vmcs_readl(GUEST_RFLAGS);
4544 vmcs12->guest_cs_ar_bytes = vmcs_read32(GUEST_CS_AR_BYTES);
4545 vmcs12->guest_ss_ar_bytes = vmcs_read32(GUEST_SS_AR_BYTES);
4547 vmcs12->guest_interruptibility_info =
4548 vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
4550 if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED)
4551 vmcs12->guest_activity_state = GUEST_ACTIVITY_HLT;
4552 else if (vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED)
4553 vmcs12->guest_activity_state = GUEST_ACTIVITY_WAIT_SIPI;
4555 vmcs12->guest_activity_state = GUEST_ACTIVITY_ACTIVE;
4557 if (nested_cpu_has_preemption_timer(vmcs12) &&
4558 vmcs12->vm_exit_controls & VM_EXIT_SAVE_VMX_PREEMPTION_TIMER &&
4559 !vmx->nested.nested_run_pending)
4560 vmcs12->vmx_preemption_timer_value =
4561 vmx_get_preemption_timer_value(vcpu);
4564 * In some cases (usually, nested EPT), L2 is allowed to change its
4565 * own CR3 without exiting. If it has changed it, we must keep it.
4566 * Of course, if L0 is using shadow page tables, GUEST_CR3 was defined
4567 * by L0, not L1 or L2, so we mustn't unconditionally copy it to vmcs12.
4569 * Additionally, restore L2's PDPTR to vmcs12.
4572 vmcs12->guest_cr3 = vmcs_readl(GUEST_CR3);
4573 if (nested_cpu_has_ept(vmcs12) && is_pae_paging(vcpu)) {
4574 vmcs12->guest_pdptr0 = vmcs_read64(GUEST_PDPTR0);
4575 vmcs12->guest_pdptr1 = vmcs_read64(GUEST_PDPTR1);
4576 vmcs12->guest_pdptr2 = vmcs_read64(GUEST_PDPTR2);
4577 vmcs12->guest_pdptr3 = vmcs_read64(GUEST_PDPTR3);
4581 vmcs12->guest_linear_address = vmcs_readl(GUEST_LINEAR_ADDRESS);
4583 if (nested_cpu_has_vid(vmcs12))
4584 vmcs12->guest_intr_status = vmcs_read16(GUEST_INTR_STATUS);
4586 vmcs12->vm_entry_controls =
4587 (vmcs12->vm_entry_controls & ~VM_ENTRY_IA32E_MODE) |
4588 (vm_entry_controls_get(to_vmx(vcpu)) & VM_ENTRY_IA32E_MODE);
4590 if (vmcs12->vm_exit_controls & VM_EXIT_SAVE_DEBUG_CONTROLS)
4591 vmcs12->guest_dr7 = vcpu->arch.dr7;
4593 if (vmcs12->vm_exit_controls & VM_EXIT_SAVE_IA32_EFER)
4594 vmcs12->guest_ia32_efer = vcpu->arch.efer;
4598 * prepare_vmcs12 is part of what we need to do when the nested L2 guest exits
4599 * and we want to prepare to run its L1 parent. L1 keeps a vmcs for L2 (vmcs12),
4600 * and this function updates it to reflect the changes to the guest state while
4601 * L2 was running (and perhaps made some exits which were handled directly by L0
4602 * without going back to L1), and to reflect the exit reason.
4603 * Note that we do not have to copy here all VMCS fields, just those that
4604 * could have changed by the L2 guest or the exit - i.e., the guest-state and
4605 * exit-information fields only. Other fields are modified by L1 with VMWRITE,
4606 * which already writes to vmcs12 directly.
4608 static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
4609 u32 vm_exit_reason, u32 exit_intr_info,
4610 unsigned long exit_qualification)
4612 /* update exit information fields: */
4613 vmcs12->vm_exit_reason = vm_exit_reason;
4614 if (to_vmx(vcpu)->exit_reason.enclave_mode)
4615 vmcs12->vm_exit_reason |= VMX_EXIT_REASONS_SGX_ENCLAVE_MODE;
4616 vmcs12->exit_qualification = exit_qualification;
4619 * On VM-Exit due to a failed VM-Entry, the VMCS isn't marked launched
4620 * and only EXIT_REASON and EXIT_QUALIFICATION are updated, all other
4621 * exit info fields are unmodified.
4623 if (!(vmcs12->vm_exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY)) {
4624 vmcs12->launch_state = 1;
4626 /* vm_entry_intr_info_field is cleared on exit. Emulate this
4627 * instead of reading the real value. */
4628 vmcs12->vm_entry_intr_info_field &= ~INTR_INFO_VALID_MASK;
4631 * Transfer the event that L0 or L1 may wanted to inject into
4632 * L2 to IDT_VECTORING_INFO_FIELD.
4634 vmcs12_save_pending_event(vcpu, vmcs12,
4635 vm_exit_reason, exit_intr_info);
4637 vmcs12->vm_exit_intr_info = exit_intr_info;
4638 vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
4639 vmcs12->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
4642 * According to spec, there's no need to store the guest's
4643 * MSRs if the exit is due to a VM-entry failure that occurs
4644 * during or after loading the guest state. Since this exit
4645 * does not fall in that category, we need to save the MSRs.
4647 if (nested_vmx_store_msr(vcpu,
4648 vmcs12->vm_exit_msr_store_addr,
4649 vmcs12->vm_exit_msr_store_count))
4650 nested_vmx_abort(vcpu,
4651 VMX_ABORT_SAVE_GUEST_MSR_FAIL);
4656 * A part of what we need to when the nested L2 guest exits and we want to
4657 * run its L1 parent, is to reset L1's guest state to the host state specified
4659 * This function is to be called not only on normal nested exit, but also on
4660 * a nested entry failure, as explained in Intel's spec, 3B.23.7 ("VM-Entry
4661 * Failures During or After Loading Guest State").
4662 * This function should be called when the active VMCS is L1's (vmcs01).
4664 static void load_vmcs12_host_state(struct kvm_vcpu *vcpu,
4665 struct vmcs12 *vmcs12)
4667 enum vm_entry_failure_code ignored;
4668 struct kvm_segment seg;
4670 if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_EFER)
4671 vcpu->arch.efer = vmcs12->host_ia32_efer;
4672 else if (vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE)
4673 vcpu->arch.efer |= (EFER_LMA | EFER_LME);
4675 vcpu->arch.efer &= ~(EFER_LMA | EFER_LME);
4676 vmx_set_efer(vcpu, vcpu->arch.efer);
4678 kvm_rsp_write(vcpu, vmcs12->host_rsp);
4679 kvm_rip_write(vcpu, vmcs12->host_rip);
4680 vmx_set_rflags(vcpu, X86_EFLAGS_FIXED);
4681 vmx_set_interrupt_shadow(vcpu, 0);
4684 * Note that calling vmx_set_cr0 is important, even if cr0 hasn't
4685 * actually changed, because vmx_set_cr0 refers to efer set above.
4687 * CR0_GUEST_HOST_MASK is already set in the original vmcs01
4688 * (KVM doesn't change it);
4690 vcpu->arch.cr0_guest_owned_bits = vmx_l1_guest_owned_cr0_bits();
4691 vmx_set_cr0(vcpu, vmcs12->host_cr0);
4693 /* Same as above - no reason to call set_cr4_guest_host_mask(). */
4694 vcpu->arch.cr4_guest_owned_bits = ~vmcs_readl(CR4_GUEST_HOST_MASK);
4695 vmx_set_cr4(vcpu, vmcs12->host_cr4);
4697 nested_ept_uninit_mmu_context(vcpu);
4700 * Only PDPTE load can fail as the value of cr3 was checked on entry and
4701 * couldn't have changed.
4703 if (nested_vmx_load_cr3(vcpu, vmcs12->host_cr3, false, true, &ignored))
4704 nested_vmx_abort(vcpu, VMX_ABORT_LOAD_HOST_PDPTE_FAIL);
4706 nested_vmx_transition_tlb_flush(vcpu, vmcs12, false);
4708 vmcs_write32(GUEST_SYSENTER_CS, vmcs12->host_ia32_sysenter_cs);
4709 vmcs_writel(GUEST_SYSENTER_ESP, vmcs12->host_ia32_sysenter_esp);
4710 vmcs_writel(GUEST_SYSENTER_EIP, vmcs12->host_ia32_sysenter_eip);
4711 vmcs_writel(GUEST_IDTR_BASE, vmcs12->host_idtr_base);
4712 vmcs_writel(GUEST_GDTR_BASE, vmcs12->host_gdtr_base);
4713 vmcs_write32(GUEST_IDTR_LIMIT, 0xFFFF);
4714 vmcs_write32(GUEST_GDTR_LIMIT, 0xFFFF);
4716 /* If not VM_EXIT_CLEAR_BNDCFGS, the L2 value propagates to L1. */
4717 if (vmcs12->vm_exit_controls & VM_EXIT_CLEAR_BNDCFGS)
4718 vmcs_write64(GUEST_BNDCFGS, 0);
4720 if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PAT) {
4721 vmcs_write64(GUEST_IA32_PAT, vmcs12->host_ia32_pat);
4722 vcpu->arch.pat = vmcs12->host_ia32_pat;
4724 if ((vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) &&
4725 kvm_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu)))
4726 WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL,
4727 vmcs12->host_ia32_perf_global_ctrl));
4729 /* Set L1 segment info according to Intel SDM
4730 27.5.2 Loading Host Segment and Descriptor-Table Registers */
4731 seg = (struct kvm_segment) {
4733 .limit = 0xFFFFFFFF,
4734 .selector = vmcs12->host_cs_selector,
4740 if (vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE)
4744 __vmx_set_segment(vcpu, &seg, VCPU_SREG_CS);
4745 seg = (struct kvm_segment) {
4747 .limit = 0xFFFFFFFF,
4754 seg.selector = vmcs12->host_ds_selector;
4755 __vmx_set_segment(vcpu, &seg, VCPU_SREG_DS);
4756 seg.selector = vmcs12->host_es_selector;
4757 __vmx_set_segment(vcpu, &seg, VCPU_SREG_ES);
4758 seg.selector = vmcs12->host_ss_selector;
4759 __vmx_set_segment(vcpu, &seg, VCPU_SREG_SS);
4760 seg.selector = vmcs12->host_fs_selector;
4761 seg.base = vmcs12->host_fs_base;
4762 __vmx_set_segment(vcpu, &seg, VCPU_SREG_FS);
4763 seg.selector = vmcs12->host_gs_selector;
4764 seg.base = vmcs12->host_gs_base;
4765 __vmx_set_segment(vcpu, &seg, VCPU_SREG_GS);
4766 seg = (struct kvm_segment) {
4767 .base = vmcs12->host_tr_base,
4769 .selector = vmcs12->host_tr_selector,
4773 __vmx_set_segment(vcpu, &seg, VCPU_SREG_TR);
4775 memset(&seg, 0, sizeof(seg));
4777 __vmx_set_segment(vcpu, &seg, VCPU_SREG_LDTR);
4779 kvm_set_dr(vcpu, 7, 0x400);
4780 vmcs_write64(GUEST_IA32_DEBUGCTL, 0);
4782 if (nested_vmx_load_msr(vcpu, vmcs12->vm_exit_msr_load_addr,
4783 vmcs12->vm_exit_msr_load_count))
4784 nested_vmx_abort(vcpu, VMX_ABORT_LOAD_HOST_MSR_FAIL);
4786 to_vmx(vcpu)->emulation_required = vmx_emulation_required(vcpu);
4789 static inline u64 nested_vmx_get_vmcs01_guest_efer(struct vcpu_vmx *vmx)
4791 struct vmx_uret_msr *efer_msr;
4794 if (vm_entry_controls_get(vmx) & VM_ENTRY_LOAD_IA32_EFER)
4795 return vmcs_read64(GUEST_IA32_EFER);
4797 if (cpu_has_load_ia32_efer())
4798 return kvm_host.efer;
4800 for (i = 0; i < vmx->msr_autoload.guest.nr; ++i) {
4801 if (vmx->msr_autoload.guest.val[i].index == MSR_EFER)
4802 return vmx->msr_autoload.guest.val[i].value;
4805 efer_msr = vmx_find_uret_msr(vmx, MSR_EFER);
4807 return efer_msr->data;
4809 return kvm_host.efer;
4812 static void nested_vmx_restore_host_state(struct kvm_vcpu *vcpu)
4814 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
4815 struct vcpu_vmx *vmx = to_vmx(vcpu);
4816 struct vmx_msr_entry g, h;
4820 vcpu->arch.pat = vmcs_read64(GUEST_IA32_PAT);
4822 if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS) {
4824 * L1's host DR7 is lost if KVM_GUESTDBG_USE_HW_BP is set
4825 * as vmcs01.GUEST_DR7 contains a userspace defined value
4826 * and vcpu->arch.dr7 is not squirreled away before the
4827 * nested VMENTER (not worth adding a variable in nested_vmx).
4829 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
4830 kvm_set_dr(vcpu, 7, DR7_FIXED_1);
4832 WARN_ON(kvm_set_dr(vcpu, 7, vmcs_readl(GUEST_DR7)));
4836 * Note that calling vmx_set_{efer,cr0,cr4} is important as they
4837 * handle a variety of side effects to KVM's software model.
4839 vmx_set_efer(vcpu, nested_vmx_get_vmcs01_guest_efer(vmx));
4841 vcpu->arch.cr0_guest_owned_bits = vmx_l1_guest_owned_cr0_bits();
4842 vmx_set_cr0(vcpu, vmcs_readl(CR0_READ_SHADOW));
4844 vcpu->arch.cr4_guest_owned_bits = ~vmcs_readl(CR4_GUEST_HOST_MASK);
4845 vmx_set_cr4(vcpu, vmcs_readl(CR4_READ_SHADOW));
4847 nested_ept_uninit_mmu_context(vcpu);
4848 vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
4849 kvm_register_mark_available(vcpu, VCPU_EXREG_CR3);
4852 * Use ept_save_pdptrs(vcpu) to load the MMU's cached PDPTRs
4853 * from vmcs01 (if necessary). The PDPTRs are not loaded on
4854 * VMFail, like everything else we just need to ensure our
4855 * software model is up-to-date.
4857 if (enable_ept && is_pae_paging(vcpu))
4858 ept_save_pdptrs(vcpu);
4860 kvm_mmu_reset_context(vcpu);
4863 * This nasty bit of open coding is a compromise between blindly
4864 * loading L1's MSRs using the exit load lists (incorrect emulation
4865 * of VMFail), leaving the nested VM's MSRs in the software model
4866 * (incorrect behavior) and snapshotting the modified MSRs (too
4867 * expensive since the lists are unbound by hardware). For each
4868 * MSR that was (prematurely) loaded from the nested VMEntry load
4869 * list, reload it from the exit load list if it exists and differs
4870 * from the guest value. The intent is to stuff host state as
4871 * silently as possible, not to fully process the exit load list.
4873 for (i = 0; i < vmcs12->vm_entry_msr_load_count; i++) {
4874 gpa = vmcs12->vm_entry_msr_load_addr + (i * sizeof(g));
4875 if (kvm_vcpu_read_guest(vcpu, gpa, &g, sizeof(g))) {
4876 pr_debug_ratelimited(
4877 "%s read MSR index failed (%u, 0x%08llx)\n",
4882 for (j = 0; j < vmcs12->vm_exit_msr_load_count; j++) {
4883 gpa = vmcs12->vm_exit_msr_load_addr + (j * sizeof(h));
4884 if (kvm_vcpu_read_guest(vcpu, gpa, &h, sizeof(h))) {
4885 pr_debug_ratelimited(
4886 "%s read MSR failed (%u, 0x%08llx)\n",
4890 if (h.index != g.index)
4892 if (h.value == g.value)
4895 if (nested_vmx_load_msr_check(vcpu, &h)) {
4896 pr_debug_ratelimited(
4897 "%s check failed (%u, 0x%x, 0x%x)\n",
4898 __func__, j, h.index, h.reserved);
4902 if (kvm_set_msr_with_filter(vcpu, h.index, h.value)) {
4903 pr_debug_ratelimited(
4904 "%s WRMSR failed (%u, 0x%x, 0x%llx)\n",
4905 __func__, j, h.index, h.value);
4914 nested_vmx_abort(vcpu, VMX_ABORT_LOAD_HOST_MSR_FAIL);
4918 * Emulate an exit from nested guest (L2) to L1, i.e., prepare to run L1
4919 * and modify vmcs12 to make it see what it would expect to see there if
4920 * L2 was its real guest. Must only be called when in L2 (is_guest_mode())
4922 void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
4923 u32 exit_intr_info, unsigned long exit_qualification)
4925 struct vcpu_vmx *vmx = to_vmx(vcpu);
4926 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
4928 /* Pending MTF traps are discarded on VM-Exit. */
4929 vmx->nested.mtf_pending = false;
4931 /* trying to cancel vmlaunch/vmresume is a bug */
4932 WARN_ON_ONCE(vmx->nested.nested_run_pending);
4934 #ifdef CONFIG_KVM_HYPERV
4935 if (kvm_check_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu)) {
4937 * KVM_REQ_GET_NESTED_STATE_PAGES is also used to map
4938 * Enlightened VMCS after migration and we still need to
4939 * do that when something is forcing L2->L1 exit prior to
4942 (void)nested_get_evmcs_page(vcpu);
4946 /* Service pending TLB flush requests for L2 before switching to L1. */
4947 kvm_service_local_tlb_flush_requests(vcpu);
4950 * VCPU_EXREG_PDPTR will be clobbered in arch/x86/kvm/vmx/vmx.h between
4951 * now and the new vmentry. Ensure that the VMCS02 PDPTR fields are
4952 * up-to-date before switching to L1.
4954 if (enable_ept && is_pae_paging(vcpu))
4955 vmx_ept_load_pdptrs(vcpu);
4957 leave_guest_mode(vcpu);
4959 if (nested_cpu_has_preemption_timer(vmcs12))
4960 hrtimer_cancel(&to_vmx(vcpu)->nested.preemption_timer);
4962 if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETTING)) {
4963 vcpu->arch.tsc_offset = vcpu->arch.l1_tsc_offset;
4964 if (nested_cpu_has2(vmcs12, SECONDARY_EXEC_TSC_SCALING))
4965 vcpu->arch.tsc_scaling_ratio = vcpu->arch.l1_tsc_scaling_ratio;
4968 if (likely(!vmx->fail)) {
4969 sync_vmcs02_to_vmcs12(vcpu, vmcs12);
4971 if (vm_exit_reason != -1)
4972 prepare_vmcs12(vcpu, vmcs12, vm_exit_reason,
4973 exit_intr_info, exit_qualification);
4976 * Must happen outside of sync_vmcs02_to_vmcs12() as it will
4977 * also be used to capture vmcs12 cache as part of
4978 * capturing nVMX state for snapshot (migration).
4980 * Otherwise, this flush will dirty guest memory at a
4981 * point it is already assumed by user-space to be
4984 nested_flush_cached_shadow_vmcs12(vcpu, vmcs12);
4987 * The only expected VM-instruction error is "VM entry with
4988 * invalid control field(s)." Anything else indicates a
4989 * problem with L0. And we should never get here with a
4990 * VMFail of any type if early consistency checks are enabled.
4992 WARN_ON_ONCE(vmcs_read32(VM_INSTRUCTION_ERROR) !=
4993 VMXERR_ENTRY_INVALID_CONTROL_FIELD);
4994 WARN_ON_ONCE(nested_early_check);
4998 * Drop events/exceptions that were queued for re-injection to L2
4999 * (picked up via vmx_complete_interrupts()), as well as exceptions
5000 * that were pending for L2. Note, this must NOT be hoisted above
5001 * prepare_vmcs12(), events/exceptions queued for re-injection need to
5002 * be captured in vmcs12 (see vmcs12_save_pending_event()).
5004 vcpu->arch.nmi_injected = false;
5005 kvm_clear_exception_queue(vcpu);
5006 kvm_clear_interrupt_queue(vcpu);
5008 vmx_switch_vmcs(vcpu, &vmx->vmcs01);
5011 * If IBRS is advertised to the vCPU, KVM must flush the indirect
5012 * branch predictors when transitioning from L2 to L1, as L1 expects
5013 * hardware (KVM in this case) to provide separate predictor modes.
5014 * Bare metal isolates VMX root (host) from VMX non-root (guest), but
5015 * doesn't isolate different VMCSs, i.e. in this case, doesn't provide
5016 * separate modes for L2 vs L1.
5018 if (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
5019 indirect_branch_prediction_barrier();
5021 /* Update any VMCS fields that might have changed while L2 ran */
5022 vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr);
5023 vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
5024 vmcs_write64(TSC_OFFSET, vcpu->arch.tsc_offset);
5025 if (kvm_caps.has_tsc_control)
5026 vmcs_write64(TSC_MULTIPLIER, vcpu->arch.tsc_scaling_ratio);
5028 if (vmx->nested.l1_tpr_threshold != -1)
5029 vmcs_write32(TPR_THRESHOLD, vmx->nested.l1_tpr_threshold);
5031 if (vmx->nested.change_vmcs01_virtual_apic_mode) {
5032 vmx->nested.change_vmcs01_virtual_apic_mode = false;
5033 vmx_set_virtual_apic_mode(vcpu);
5036 if (vmx->nested.update_vmcs01_cpu_dirty_logging) {
5037 vmx->nested.update_vmcs01_cpu_dirty_logging = false;
5038 vmx_update_cpu_dirty_logging(vcpu);
5041 nested_put_vmcs12_pages(vcpu);
5043 if (vmx->nested.reload_vmcs01_apic_access_page) {
5044 vmx->nested.reload_vmcs01_apic_access_page = false;
5045 kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
5048 if (vmx->nested.update_vmcs01_apicv_status) {
5049 vmx->nested.update_vmcs01_apicv_status = false;
5050 kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
5053 if ((vm_exit_reason != -1) &&
5054 (enable_shadow_vmcs || nested_vmx_is_evmptr12_valid(vmx)))
5055 vmx->nested.need_vmcs12_to_shadow_sync = true;
5057 /* in case we halted in L2 */
5058 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
5060 if (likely(!vmx->fail)) {
5061 if (vm_exit_reason != -1)
5062 trace_kvm_nested_vmexit_inject(vmcs12->vm_exit_reason,
5063 vmcs12->exit_qualification,
5064 vmcs12->idt_vectoring_info_field,
5065 vmcs12->vm_exit_intr_info,
5066 vmcs12->vm_exit_intr_error_code,
5069 load_vmcs12_host_state(vcpu, vmcs12);
5075 * After an early L2 VM-entry failure, we're now back
5076 * in L1 which thinks it just finished a VMLAUNCH or
5077 * VMRESUME instruction, so we need to set the failure
5078 * flag and the VM-instruction error field of the VMCS
5079 * accordingly, and skip the emulated instruction.
5081 (void)nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
5084 * Restore L1's host state to KVM's software model. We're here
5085 * because a consistency check was caught by hardware, which
5086 * means some amount of guest state has been propagated to KVM's
5087 * model and needs to be unwound to the host's state.
5089 nested_vmx_restore_host_state(vcpu);
5094 static void nested_vmx_triple_fault(struct kvm_vcpu *vcpu)
5096 kvm_clear_request(KVM_REQ_TRIPLE_FAULT, vcpu);
5097 nested_vmx_vmexit(vcpu, EXIT_REASON_TRIPLE_FAULT, 0, 0);
5101 * Decode the memory-address operand of a vmx instruction, as recorded on an
5102 * exit caused by such an instruction (run by a guest hypervisor).
5103 * On success, returns 0. When the operand is invalid, returns 1 and throws
5106 int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification,
5107 u32 vmx_instruction_info, bool wr, int len, gva_t *ret)
5111 struct kvm_segment s;
5114 * According to Vol. 3B, "Information for VM Exits Due to Instruction
5115 * Execution", on an exit, vmx_instruction_info holds most of the
5116 * addressing components of the operand. Only the displacement part
5117 * is put in exit_qualification (see 3B, "Basic VM-Exit Information").
5118 * For how an actual address is calculated from all these components,
5119 * refer to Vol. 1, "Operand Addressing".
5121 int scaling = vmx_instruction_info & 3;
5122 int addr_size = (vmx_instruction_info >> 7) & 7;
5123 bool is_reg = vmx_instruction_info & (1u << 10);
5124 int seg_reg = (vmx_instruction_info >> 15) & 7;
5125 int index_reg = (vmx_instruction_info >> 18) & 0xf;
5126 bool index_is_valid = !(vmx_instruction_info & (1u << 22));
5127 int base_reg = (vmx_instruction_info >> 23) & 0xf;
5128 bool base_is_valid = !(vmx_instruction_info & (1u << 27));
5131 kvm_queue_exception(vcpu, UD_VECTOR);
5135 /* Addr = segment_base + offset */
5136 /* offset = base + [index * scale] + displacement */
5137 off = exit_qualification; /* holds the displacement */
5139 off = (gva_t)sign_extend64(off, 31);
5140 else if (addr_size == 0)
5141 off = (gva_t)sign_extend64(off, 15);
5143 off += kvm_register_read(vcpu, base_reg);
5145 off += kvm_register_read(vcpu, index_reg) << scaling;
5146 vmx_get_segment(vcpu, &s, seg_reg);
5149 * The effective address, i.e. @off, of a memory operand is truncated
5150 * based on the address size of the instruction. Note that this is
5151 * the *effective address*, i.e. the address prior to accounting for
5152 * the segment's base.
5154 if (addr_size == 1) /* 32 bit */
5156 else if (addr_size == 0) /* 16 bit */
5159 /* Checks for #GP/#SS exceptions. */
5161 if (is_long_mode(vcpu)) {
5163 * The virtual/linear address is never truncated in 64-bit
5164 * mode, e.g. a 32-bit address size can yield a 64-bit virtual
5165 * address when using FS/GS with a non-zero base.
5167 if (seg_reg == VCPU_SREG_FS || seg_reg == VCPU_SREG_GS)
5168 *ret = s.base + off;
5172 *ret = vmx_get_untagged_addr(vcpu, *ret, 0);
5173 /* Long mode: #GP(0)/#SS(0) if the memory address is in a
5174 * non-canonical form. This is the only check on the memory
5175 * destination for long mode!
5177 exn = is_noncanonical_address(*ret, vcpu, 0);
5180 * When not in long mode, the virtual/linear address is
5181 * unconditionally truncated to 32 bits regardless of the
5184 *ret = (s.base + off) & 0xffffffff;
5186 /* Protected mode: apply checks for segment validity in the
5188 * - segment type check (#GP(0) may be thrown)
5189 * - usability check (#GP(0)/#SS(0))
5190 * - limit check (#GP(0)/#SS(0))
5193 /* #GP(0) if the destination operand is located in a
5194 * read-only data segment or any code segment.
5196 exn = ((s.type & 0xa) == 0 || (s.type & 8));
5198 /* #GP(0) if the source operand is located in an
5199 * execute-only code segment
5201 exn = ((s.type & 0xa) == 8);
5203 kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
5206 /* Protected mode: #GP(0)/#SS(0) if the segment is unusable.
5208 exn = (s.unusable != 0);
5211 * Protected mode: #GP(0)/#SS(0) if the memory operand is
5212 * outside the segment limit. All CPUs that support VMX ignore
5213 * limit checks for flat segments, i.e. segments with base==0,
5214 * limit==0xffffffff and of type expand-up data or code.
5216 if (!(s.base == 0 && s.limit == 0xffffffff &&
5217 ((s.type & 8) || !(s.type & 4))))
5218 exn = exn || ((u64)off + len - 1 > s.limit);
5221 kvm_queue_exception_e(vcpu,
5222 seg_reg == VCPU_SREG_SS ?
5223 SS_VECTOR : GP_VECTOR,
5231 static int nested_vmx_get_vmptr(struct kvm_vcpu *vcpu, gpa_t *vmpointer,
5235 struct x86_exception e;
5238 if (get_vmx_mem_address(vcpu, vmx_get_exit_qual(vcpu),
5239 vmcs_read32(VMX_INSTRUCTION_INFO), false,
5240 sizeof(*vmpointer), &gva)) {
5245 r = kvm_read_guest_virt(vcpu, gva, vmpointer, sizeof(*vmpointer), &e);
5246 if (r != X86EMUL_CONTINUE) {
5247 *ret = kvm_handle_memory_failure(vcpu, r, &e);
5255 * Allocate a shadow VMCS and associate it with the currently loaded
5256 * VMCS, unless such a shadow VMCS already exists. The newly allocated
5257 * VMCS is also VMCLEARed, so that it is ready for use.
5259 static struct vmcs *alloc_shadow_vmcs(struct kvm_vcpu *vcpu)
5261 struct vcpu_vmx *vmx = to_vmx(vcpu);
5262 struct loaded_vmcs *loaded_vmcs = vmx->loaded_vmcs;
5265 * KVM allocates a shadow VMCS only when L1 executes VMXON and frees it
5266 * when L1 executes VMXOFF or the vCPU is forced out of nested
5267 * operation. VMXON faults if the CPU is already post-VMXON, so it
5268 * should be impossible to already have an allocated shadow VMCS. KVM
5269 * doesn't support virtualization of VMCS shadowing, so vmcs01 should
5270 * always be the loaded VMCS.
5272 if (WARN_ON(loaded_vmcs != &vmx->vmcs01 || loaded_vmcs->shadow_vmcs))
5273 return loaded_vmcs->shadow_vmcs;
5275 loaded_vmcs->shadow_vmcs = alloc_vmcs(true);
5276 if (loaded_vmcs->shadow_vmcs)
5277 vmcs_clear(loaded_vmcs->shadow_vmcs);
5279 return loaded_vmcs->shadow_vmcs;
5282 static int enter_vmx_operation(struct kvm_vcpu *vcpu)
5284 struct vcpu_vmx *vmx = to_vmx(vcpu);
5287 r = alloc_loaded_vmcs(&vmx->nested.vmcs02);
5291 vmx->nested.cached_vmcs12 = kzalloc(VMCS12_SIZE, GFP_KERNEL_ACCOUNT);
5292 if (!vmx->nested.cached_vmcs12)
5293 goto out_cached_vmcs12;
5295 vmx->nested.shadow_vmcs12_cache.gpa = INVALID_GPA;
5296 vmx->nested.cached_shadow_vmcs12 = kzalloc(VMCS12_SIZE, GFP_KERNEL_ACCOUNT);
5297 if (!vmx->nested.cached_shadow_vmcs12)
5298 goto out_cached_shadow_vmcs12;
5300 if (enable_shadow_vmcs && !alloc_shadow_vmcs(vcpu))
5301 goto out_shadow_vmcs;
5303 hrtimer_init(&vmx->nested.preemption_timer, CLOCK_MONOTONIC,
5304 HRTIMER_MODE_ABS_PINNED);
5305 vmx->nested.preemption_timer.function = vmx_preemption_timer_fn;
5307 vmx->nested.vpid02 = allocate_vpid();
5309 vmx->nested.vmcs02_initialized = false;
5310 vmx->nested.vmxon = true;
5312 if (vmx_pt_mode_is_host_guest()) {
5313 vmx->pt_desc.guest.ctl = 0;
5314 pt_update_intercept_for_msr(vcpu);
5320 kfree(vmx->nested.cached_shadow_vmcs12);
5322 out_cached_shadow_vmcs12:
5323 kfree(vmx->nested.cached_vmcs12);
5326 free_loaded_vmcs(&vmx->nested.vmcs02);
5332 /* Emulate the VMXON instruction. */
5333 static int handle_vmxon(struct kvm_vcpu *vcpu)
5338 struct vcpu_vmx *vmx = to_vmx(vcpu);
5339 const u64 VMXON_NEEDED_FEATURES = FEAT_CTL_LOCKED
5340 | FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX;
5343 * Manually check CR4.VMXE checks, KVM must force CR4.VMXE=1 to enter
5344 * the guest and so cannot rely on hardware to perform the check,
5345 * which has higher priority than VM-Exit (see Intel SDM's pseudocode
5348 * Rely on hardware for the other pre-VM-Exit checks, CR0.PE=1, !VM86
5349 * and !COMPATIBILITY modes. For an unrestricted guest, KVM doesn't
5350 * force any of the relevant guest state. For a restricted guest, KVM
5351 * does force CR0.PE=1, but only to also force VM86 in order to emulate
5352 * Real Mode, and so there's no need to check CR0.PE manually.
5354 if (!kvm_is_cr4_bit_set(vcpu, X86_CR4_VMXE)) {
5355 kvm_queue_exception(vcpu, UD_VECTOR);
5360 * The CPL is checked for "not in VMX operation" and for "in VMX root",
5361 * and has higher priority than the VM-Fail due to being post-VMXON,
5362 * i.e. VMXON #GPs outside of VMX non-root if CPL!=0. In VMX non-root,
5363 * VMXON causes VM-Exit and KVM unconditionally forwards VMXON VM-Exits
5364 * from L2 to L1, i.e. there's no need to check for the vCPU being in
5367 * Forwarding the VM-Exit unconditionally, i.e. without performing the
5368 * #UD checks (see above), is functionally ok because KVM doesn't allow
5369 * L1 to run L2 without CR4.VMXE=0, and because KVM never modifies L2's
5370 * CR0 or CR4, i.e. it's L2's responsibility to emulate #UDs that are
5371 * missed by hardware due to shadowing CR0 and/or CR4.
5373 if (vmx_get_cpl(vcpu)) {
5374 kvm_inject_gp(vcpu, 0);
5378 if (vmx->nested.vmxon)
5379 return nested_vmx_fail(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
5382 * Invalid CR0/CR4 generates #GP. These checks are performed if and
5383 * only if the vCPU isn't already in VMX operation, i.e. effectively
5384 * have lower priority than the VM-Fail above.
5386 if (!nested_host_cr0_valid(vcpu, kvm_read_cr0(vcpu)) ||
5387 !nested_host_cr4_valid(vcpu, kvm_read_cr4(vcpu))) {
5388 kvm_inject_gp(vcpu, 0);
5392 if ((vmx->msr_ia32_feature_control & VMXON_NEEDED_FEATURES)
5393 != VMXON_NEEDED_FEATURES) {
5394 kvm_inject_gp(vcpu, 0);
5398 if (nested_vmx_get_vmptr(vcpu, &vmptr, &ret))
5403 * The first 4 bytes of VMXON region contain the supported
5404 * VMCS revision identifier
5406 * Note - IA32_VMX_BASIC[48] will never be 1 for the nested case;
5407 * which replaces physical address width with 32
5409 if (!page_address_valid(vcpu, vmptr))
5410 return nested_vmx_failInvalid(vcpu);
5412 if (kvm_read_guest(vcpu->kvm, vmptr, &revision, sizeof(revision)) ||
5413 revision != VMCS12_REVISION)
5414 return nested_vmx_failInvalid(vcpu);
5416 vmx->nested.vmxon_ptr = vmptr;
5417 ret = enter_vmx_operation(vcpu);
5421 return nested_vmx_succeed(vcpu);
5424 static inline void nested_release_vmcs12(struct kvm_vcpu *vcpu)
5426 struct vcpu_vmx *vmx = to_vmx(vcpu);
5428 if (vmx->nested.current_vmptr == INVALID_GPA)
5431 copy_vmcs02_to_vmcs12_rare(vcpu, get_vmcs12(vcpu));
5433 if (enable_shadow_vmcs) {
5434 /* copy to memory all shadowed fields in case
5435 they were modified */
5436 copy_shadow_to_vmcs12(vmx);
5437 vmx_disable_shadow_vmcs(vmx);
5439 vmx->nested.posted_intr_nv = -1;
5441 /* Flush VMCS12 to guest memory */
5442 kvm_vcpu_write_guest_page(vcpu,
5443 vmx->nested.current_vmptr >> PAGE_SHIFT,
5444 vmx->nested.cached_vmcs12, 0, VMCS12_SIZE);
5446 kvm_mmu_free_roots(vcpu->kvm, &vcpu->arch.guest_mmu, KVM_MMU_ROOTS_ALL);
5448 vmx->nested.current_vmptr = INVALID_GPA;
5451 /* Emulate the VMXOFF instruction */
5452 static int handle_vmxoff(struct kvm_vcpu *vcpu)
5454 if (!nested_vmx_check_permission(vcpu))
5459 if (kvm_apic_has_pending_init_or_sipi(vcpu))
5460 kvm_make_request(KVM_REQ_EVENT, vcpu);
5462 return nested_vmx_succeed(vcpu);
5465 /* Emulate the VMCLEAR instruction */
5466 static int handle_vmclear(struct kvm_vcpu *vcpu)
5468 struct vcpu_vmx *vmx = to_vmx(vcpu);
5473 if (!nested_vmx_check_permission(vcpu))
5476 if (nested_vmx_get_vmptr(vcpu, &vmptr, &r))
5479 if (!page_address_valid(vcpu, vmptr))
5480 return nested_vmx_fail(vcpu, VMXERR_VMCLEAR_INVALID_ADDRESS);
5482 if (vmptr == vmx->nested.vmxon_ptr)
5483 return nested_vmx_fail(vcpu, VMXERR_VMCLEAR_VMXON_POINTER);
5485 if (likely(!nested_evmcs_handle_vmclear(vcpu, vmptr))) {
5486 if (vmptr == vmx->nested.current_vmptr)
5487 nested_release_vmcs12(vcpu);
5490 * Silently ignore memory errors on VMCLEAR, Intel's pseudocode
5491 * for VMCLEAR includes a "ensure that data for VMCS referenced
5492 * by the operand is in memory" clause that guards writes to
5493 * memory, i.e. doing nothing for I/O is architecturally valid.
5495 * FIXME: Suppress failures if and only if no memslot is found,
5496 * i.e. exit to userspace if __copy_to_user() fails.
5498 (void)kvm_vcpu_write_guest(vcpu,
5499 vmptr + offsetof(struct vmcs12,
5501 &zero, sizeof(zero));
5504 return nested_vmx_succeed(vcpu);
5507 /* Emulate the VMLAUNCH instruction */
5508 static int handle_vmlaunch(struct kvm_vcpu *vcpu)
5510 return nested_vmx_run(vcpu, true);
5513 /* Emulate the VMRESUME instruction */
5514 static int handle_vmresume(struct kvm_vcpu *vcpu)
5517 return nested_vmx_run(vcpu, false);
5520 static int handle_vmread(struct kvm_vcpu *vcpu)
5522 struct vmcs12 *vmcs12 = is_guest_mode(vcpu) ? get_shadow_vmcs12(vcpu)
5524 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5525 u32 instr_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5526 struct vcpu_vmx *vmx = to_vmx(vcpu);
5527 struct x86_exception e;
5528 unsigned long field;
5534 if (!nested_vmx_check_permission(vcpu))
5537 /* Decode instruction info and find the field to read */
5538 field = kvm_register_read(vcpu, (((instr_info) >> 28) & 0xf));
5540 if (!nested_vmx_is_evmptr12_valid(vmx)) {
5542 * In VMX non-root operation, when the VMCS-link pointer is INVALID_GPA,
5543 * any VMREAD sets the ALU flags for VMfailInvalid.
5545 if (vmx->nested.current_vmptr == INVALID_GPA ||
5546 (is_guest_mode(vcpu) &&
5547 get_vmcs12(vcpu)->vmcs_link_pointer == INVALID_GPA))
5548 return nested_vmx_failInvalid(vcpu);
5550 offset = get_vmcs12_field_offset(field);
5552 return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
5554 if (!is_guest_mode(vcpu) && is_vmcs12_ext_field(field))
5555 copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12);
5557 /* Read the field, zero-extended to a u64 value */
5558 value = vmcs12_read_any(vmcs12, field, offset);
5561 * Hyper-V TLFS (as of 6.0b) explicitly states, that while an
5562 * enlightened VMCS is active VMREAD/VMWRITE instructions are
5563 * unsupported. Unfortunately, certain versions of Windows 11
5564 * don't comply with this requirement which is not enforced in
5565 * genuine Hyper-V. Allow VMREAD from an enlightened VMCS as a
5566 * workaround, as misbehaving guests will panic on VM-Fail.
5567 * Note, enlightened VMCS is incompatible with shadow VMCS so
5568 * all VMREADs from L2 should go to L1.
5570 if (WARN_ON_ONCE(is_guest_mode(vcpu)))
5571 return nested_vmx_failInvalid(vcpu);
5573 offset = evmcs_field_offset(field, NULL);
5575 return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
5577 /* Read the field, zero-extended to a u64 value */
5578 value = evmcs_read_any(nested_vmx_evmcs(vmx), field, offset);
5582 * Now copy part of this value to register or memory, as requested.
5583 * Note that the number of bits actually copied is 32 or 64 depending
5584 * on the guest's mode (32 or 64 bit), not on the given field's length.
5586 if (instr_info & BIT(10)) {
5587 kvm_register_write(vcpu, (((instr_info) >> 3) & 0xf), value);
5589 len = is_64_bit_mode(vcpu) ? 8 : 4;
5590 if (get_vmx_mem_address(vcpu, exit_qualification,
5591 instr_info, true, len, &gva))
5593 /* _system ok, nested_vmx_check_permission has verified cpl=0 */
5594 r = kvm_write_guest_virt_system(vcpu, gva, &value, len, &e);
5595 if (r != X86EMUL_CONTINUE)
5596 return kvm_handle_memory_failure(vcpu, r, &e);
5599 return nested_vmx_succeed(vcpu);
5602 static bool is_shadow_field_rw(unsigned long field)
5605 #define SHADOW_FIELD_RW(x, y) case x:
5606 #include "vmcs_shadow_fields.h"
5614 static bool is_shadow_field_ro(unsigned long field)
5617 #define SHADOW_FIELD_RO(x, y) case x:
5618 #include "vmcs_shadow_fields.h"
5626 static int handle_vmwrite(struct kvm_vcpu *vcpu)
5628 struct vmcs12 *vmcs12 = is_guest_mode(vcpu) ? get_shadow_vmcs12(vcpu)
5630 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
5631 u32 instr_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5632 struct vcpu_vmx *vmx = to_vmx(vcpu);
5633 struct x86_exception e;
5634 unsigned long field;
5640 * The value to write might be 32 or 64 bits, depending on L1's long
5641 * mode, and eventually we need to write that into a field of several
5642 * possible lengths. The code below first zero-extends the value to 64
5643 * bit (value), and then copies only the appropriate number of
5644 * bits into the vmcs12 field.
5648 if (!nested_vmx_check_permission(vcpu))
5652 * In VMX non-root operation, when the VMCS-link pointer is INVALID_GPA,
5653 * any VMWRITE sets the ALU flags for VMfailInvalid.
5655 if (vmx->nested.current_vmptr == INVALID_GPA ||
5656 (is_guest_mode(vcpu) &&
5657 get_vmcs12(vcpu)->vmcs_link_pointer == INVALID_GPA))
5658 return nested_vmx_failInvalid(vcpu);
5660 if (instr_info & BIT(10))
5661 value = kvm_register_read(vcpu, (((instr_info) >> 3) & 0xf));
5663 len = is_64_bit_mode(vcpu) ? 8 : 4;
5664 if (get_vmx_mem_address(vcpu, exit_qualification,
5665 instr_info, false, len, &gva))
5667 r = kvm_read_guest_virt(vcpu, gva, &value, len, &e);
5668 if (r != X86EMUL_CONTINUE)
5669 return kvm_handle_memory_failure(vcpu, r, &e);
5672 field = kvm_register_read(vcpu, (((instr_info) >> 28) & 0xf));
5674 offset = get_vmcs12_field_offset(field);
5676 return nested_vmx_fail(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT);
5679 * If the vCPU supports "VMWRITE to any supported field in the
5680 * VMCS," then the "read-only" fields are actually read/write.
5682 if (vmcs_field_readonly(field) &&
5683 !nested_cpu_has_vmwrite_any_field(vcpu))
5684 return nested_vmx_fail(vcpu, VMXERR_VMWRITE_READ_ONLY_VMCS_COMPONENT);
5687 * Ensure vmcs12 is up-to-date before any VMWRITE that dirties
5688 * vmcs12, else we may crush a field or consume a stale value.
5690 if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field))
5691 copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12);
5694 * Some Intel CPUs intentionally drop the reserved bits of the AR byte
5695 * fields on VMWRITE. Emulate this behavior to ensure consistent KVM
5696 * behavior regardless of the underlying hardware, e.g. if an AR_BYTE
5697 * field is intercepted for VMWRITE but not VMREAD (in L1), then VMREAD
5698 * from L1 will return a different value than VMREAD from L2 (L1 sees
5699 * the stripped down value, L2 sees the full value as stored by KVM).
5701 if (field >= GUEST_ES_AR_BYTES && field <= GUEST_TR_AR_BYTES)
5704 vmcs12_write_any(vmcs12, field, offset, value);
5707 * Do not track vmcs12 dirty-state if in guest-mode as we actually
5708 * dirty shadow vmcs12 instead of vmcs12. Fields that can be updated
5709 * by L1 without a vmexit are always updated in the vmcs02, i.e. don't
5710 * "dirty" vmcs12, all others go down the prepare_vmcs02() slow path.
5712 if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field)) {
5714 * L1 can read these fields without exiting, ensure the
5715 * shadow VMCS is up-to-date.
5717 if (enable_shadow_vmcs && is_shadow_field_ro(field)) {
5719 vmcs_load(vmx->vmcs01.shadow_vmcs);
5721 __vmcs_writel(field, value);
5723 vmcs_clear(vmx->vmcs01.shadow_vmcs);
5724 vmcs_load(vmx->loaded_vmcs->vmcs);
5727 vmx->nested.dirty_vmcs12 = true;
5730 return nested_vmx_succeed(vcpu);
5733 static void set_current_vmptr(struct vcpu_vmx *vmx, gpa_t vmptr)
5735 vmx->nested.current_vmptr = vmptr;
5736 if (enable_shadow_vmcs) {
5737 secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_SHADOW_VMCS);
5738 vmcs_write64(VMCS_LINK_POINTER,
5739 __pa(vmx->vmcs01.shadow_vmcs));
5740 vmx->nested.need_vmcs12_to_shadow_sync = true;
5742 vmx->nested.dirty_vmcs12 = true;
5743 vmx->nested.force_msr_bitmap_recalc = true;
5746 /* Emulate the VMPTRLD instruction */
5747 static int handle_vmptrld(struct kvm_vcpu *vcpu)
5749 struct vcpu_vmx *vmx = to_vmx(vcpu);
5753 if (!nested_vmx_check_permission(vcpu))
5756 if (nested_vmx_get_vmptr(vcpu, &vmptr, &r))
5759 if (!page_address_valid(vcpu, vmptr))
5760 return nested_vmx_fail(vcpu, VMXERR_VMPTRLD_INVALID_ADDRESS);
5762 if (vmptr == vmx->nested.vmxon_ptr)
5763 return nested_vmx_fail(vcpu, VMXERR_VMPTRLD_VMXON_POINTER);
5765 /* Forbid normal VMPTRLD if Enlightened version was used */
5766 if (nested_vmx_is_evmptr12_valid(vmx))
5769 if (vmx->nested.current_vmptr != vmptr) {
5770 struct gfn_to_hva_cache *ghc = &vmx->nested.vmcs12_cache;
5771 struct vmcs_hdr hdr;
5773 if (kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, vmptr, VMCS12_SIZE)) {
5775 * Reads from an unbacked page return all 1s,
5776 * which means that the 32 bits located at the
5777 * given physical address won't match the required
5778 * VMCS12_REVISION identifier.
5780 return nested_vmx_fail(vcpu,
5781 VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID);
5784 if (kvm_read_guest_offset_cached(vcpu->kvm, ghc, &hdr,
5785 offsetof(struct vmcs12, hdr),
5787 return nested_vmx_fail(vcpu,
5788 VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID);
5791 if (hdr.revision_id != VMCS12_REVISION ||
5793 !nested_cpu_has_vmx_shadow_vmcs(vcpu))) {
5794 return nested_vmx_fail(vcpu,
5795 VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID);
5798 nested_release_vmcs12(vcpu);
5801 * Load VMCS12 from guest memory since it is not already
5804 if (kvm_read_guest_cached(vcpu->kvm, ghc, vmx->nested.cached_vmcs12,
5806 return nested_vmx_fail(vcpu,
5807 VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID);
5810 set_current_vmptr(vmx, vmptr);
5813 return nested_vmx_succeed(vcpu);
5816 /* Emulate the VMPTRST instruction */
5817 static int handle_vmptrst(struct kvm_vcpu *vcpu)
5819 unsigned long exit_qual = vmx_get_exit_qual(vcpu);
5820 u32 instr_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5821 gpa_t current_vmptr = to_vmx(vcpu)->nested.current_vmptr;
5822 struct x86_exception e;
5826 if (!nested_vmx_check_permission(vcpu))
5829 if (unlikely(nested_vmx_is_evmptr12_valid(to_vmx(vcpu))))
5832 if (get_vmx_mem_address(vcpu, exit_qual, instr_info,
5833 true, sizeof(gpa_t), &gva))
5835 /* *_system ok, nested_vmx_check_permission has verified cpl=0 */
5836 r = kvm_write_guest_virt_system(vcpu, gva, (void *)¤t_vmptr,
5838 if (r != X86EMUL_CONTINUE)
5839 return kvm_handle_memory_failure(vcpu, r, &e);
5841 return nested_vmx_succeed(vcpu);
5844 /* Emulate the INVEPT instruction */
5845 static int handle_invept(struct kvm_vcpu *vcpu)
5847 struct vcpu_vmx *vmx = to_vmx(vcpu);
5848 u32 vmx_instruction_info, types;
5849 unsigned long type, roots_to_free;
5850 struct kvm_mmu *mmu;
5852 struct x86_exception e;
5856 int i, r, gpr_index;
5858 if (!(vmx->nested.msrs.secondary_ctls_high &
5859 SECONDARY_EXEC_ENABLE_EPT) ||
5860 !(vmx->nested.msrs.ept_caps & VMX_EPT_INVEPT_BIT)) {
5861 kvm_queue_exception(vcpu, UD_VECTOR);
5865 if (!nested_vmx_check_permission(vcpu))
5868 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5869 gpr_index = vmx_get_instr_info_reg2(vmx_instruction_info);
5870 type = kvm_register_read(vcpu, gpr_index);
5872 types = (vmx->nested.msrs.ept_caps >> VMX_EPT_EXTENT_SHIFT) & 6;
5874 if (type >= 32 || !(types & (1 << type)))
5875 return nested_vmx_fail(vcpu, VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
5877 /* According to the Intel VMX instruction reference, the memory
5878 * operand is read even if it isn't needed (e.g., for type==global)
5880 if (get_vmx_mem_address(vcpu, vmx_get_exit_qual(vcpu),
5881 vmx_instruction_info, false, sizeof(operand), &gva))
5883 r = kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e);
5884 if (r != X86EMUL_CONTINUE)
5885 return kvm_handle_memory_failure(vcpu, r, &e);
5888 * Nested EPT roots are always held through guest_mmu,
5891 mmu = &vcpu->arch.guest_mmu;
5894 case VMX_EPT_EXTENT_CONTEXT:
5895 if (!nested_vmx_check_eptp(vcpu, operand.eptp))
5896 return nested_vmx_fail(vcpu,
5897 VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
5900 if (nested_ept_root_matches(mmu->root.hpa, mmu->root.pgd,
5902 roots_to_free |= KVM_MMU_ROOT_CURRENT;
5904 for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) {
5905 if (nested_ept_root_matches(mmu->prev_roots[i].hpa,
5906 mmu->prev_roots[i].pgd,
5908 roots_to_free |= KVM_MMU_ROOT_PREVIOUS(i);
5911 case VMX_EPT_EXTENT_GLOBAL:
5912 roots_to_free = KVM_MMU_ROOTS_ALL;
5920 kvm_mmu_free_roots(vcpu->kvm, mmu, roots_to_free);
5922 return nested_vmx_succeed(vcpu);
5925 static int handle_invvpid(struct kvm_vcpu *vcpu)
5927 struct vcpu_vmx *vmx = to_vmx(vcpu);
5928 u32 vmx_instruction_info;
5929 unsigned long type, types;
5931 struct x86_exception e;
5939 if (!(vmx->nested.msrs.secondary_ctls_high &
5940 SECONDARY_EXEC_ENABLE_VPID) ||
5941 !(vmx->nested.msrs.vpid_caps & VMX_VPID_INVVPID_BIT)) {
5942 kvm_queue_exception(vcpu, UD_VECTOR);
5946 if (!nested_vmx_check_permission(vcpu))
5949 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
5950 gpr_index = vmx_get_instr_info_reg2(vmx_instruction_info);
5951 type = kvm_register_read(vcpu, gpr_index);
5953 types = (vmx->nested.msrs.vpid_caps &
5954 VMX_VPID_EXTENT_SUPPORTED_MASK) >> 8;
5956 if (type >= 32 || !(types & (1 << type)))
5957 return nested_vmx_fail(vcpu,
5958 VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
5960 /* according to the intel vmx instruction reference, the memory
5961 * operand is read even if it isn't needed (e.g., for type==global)
5963 if (get_vmx_mem_address(vcpu, vmx_get_exit_qual(vcpu),
5964 vmx_instruction_info, false, sizeof(operand), &gva))
5966 r = kvm_read_guest_virt(vcpu, gva, &operand, sizeof(operand), &e);
5967 if (r != X86EMUL_CONTINUE)
5968 return kvm_handle_memory_failure(vcpu, r, &e);
5970 if (operand.vpid >> 16)
5971 return nested_vmx_fail(vcpu,
5972 VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
5975 * Always flush the effective vpid02, i.e. never flush the current VPID
5976 * and never explicitly flush vpid01. INVVPID targets a VPID, not a
5977 * VMCS, and so whether or not the current vmcs12 has VPID enabled is
5978 * irrelevant (and there may not be a loaded vmcs12).
5980 vpid02 = nested_get_vpid02(vcpu);
5982 case VMX_VPID_EXTENT_INDIVIDUAL_ADDR:
5984 * LAM doesn't apply to addresses that are inputs to TLB
5987 if (!operand.vpid ||
5988 is_noncanonical_invlpg_address(operand.gla, vcpu))
5989 return nested_vmx_fail(vcpu,
5990 VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
5991 vpid_sync_vcpu_addr(vpid02, operand.gla);
5993 case VMX_VPID_EXTENT_SINGLE_CONTEXT:
5994 case VMX_VPID_EXTENT_SINGLE_NON_GLOBAL:
5996 return nested_vmx_fail(vcpu,
5997 VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
5998 vpid_sync_context(vpid02);
6000 case VMX_VPID_EXTENT_ALL_CONTEXT:
6001 vpid_sync_context(vpid02);
6005 return kvm_skip_emulated_instruction(vcpu);
6009 * Sync the shadow page tables if EPT is disabled, L1 is invalidating
6010 * linear mappings for L2 (tagged with L2's VPID). Free all guest
6011 * roots as VPIDs are not tracked in the MMU role.
6013 * Note, this operates on root_mmu, not guest_mmu, as L1 and L2 share
6014 * an MMU when EPT is disabled.
6016 * TODO: sync only the affected SPTEs for INVDIVIDUAL_ADDR.
6019 kvm_mmu_free_guest_mode_roots(vcpu->kvm, &vcpu->arch.root_mmu);
6021 return nested_vmx_succeed(vcpu);
6024 static int nested_vmx_eptp_switching(struct kvm_vcpu *vcpu,
6025 struct vmcs12 *vmcs12)
6027 u32 index = kvm_rcx_read(vcpu);
6030 if (WARN_ON_ONCE(!nested_cpu_has_ept(vmcs12)))
6032 if (index >= VMFUNC_EPTP_ENTRIES)
6035 if (kvm_vcpu_read_guest_page(vcpu, vmcs12->eptp_list_address >> PAGE_SHIFT,
6036 &new_eptp, index * 8, 8))
6040 * If the (L2) guest does a vmfunc to the currently
6041 * active ept pointer, we don't have to do anything else
6043 if (vmcs12->ept_pointer != new_eptp) {
6044 if (!nested_vmx_check_eptp(vcpu, new_eptp))
6047 vmcs12->ept_pointer = new_eptp;
6048 nested_ept_new_eptp(vcpu);
6050 if (!nested_cpu_has_vpid(vmcs12))
6051 kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu);
6057 static int handle_vmfunc(struct kvm_vcpu *vcpu)
6059 struct vcpu_vmx *vmx = to_vmx(vcpu);
6060 struct vmcs12 *vmcs12;
6061 u32 function = kvm_rax_read(vcpu);
6064 * VMFUNC should never execute cleanly while L1 is active; KVM supports
6065 * VMFUNC for nested VMs, but not for L1.
6067 if (WARN_ON_ONCE(!is_guest_mode(vcpu))) {
6068 kvm_queue_exception(vcpu, UD_VECTOR);
6072 vmcs12 = get_vmcs12(vcpu);
6075 * #UD on out-of-bounds function has priority over VM-Exit, and VMFUNC
6076 * is enabled in vmcs02 if and only if it's enabled in vmcs12.
6078 if (WARN_ON_ONCE((function > 63) || !nested_cpu_has_vmfunc(vmcs12))) {
6079 kvm_queue_exception(vcpu, UD_VECTOR);
6083 if (!(vmcs12->vm_function_control & BIT_ULL(function)))
6088 if (nested_vmx_eptp_switching(vcpu, vmcs12))
6094 return kvm_skip_emulated_instruction(vcpu);
6098 * This is effectively a reflected VM-Exit, as opposed to a synthesized
6099 * nested VM-Exit. Pass the original exit reason, i.e. don't hardcode
6100 * EXIT_REASON_VMFUNC as the exit reason.
6102 nested_vmx_vmexit(vcpu, vmx->exit_reason.full,
6103 vmx_get_intr_info(vcpu),
6104 vmx_get_exit_qual(vcpu));
6109 * Return true if an IO instruction with the specified port and size should cause
6110 * a VM-exit into L1.
6112 bool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, unsigned int port,
6115 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
6116 gpa_t bitmap, last_bitmap;
6119 last_bitmap = INVALID_GPA;
6124 bitmap = vmcs12->io_bitmap_a;
6125 else if (port < 0x10000)
6126 bitmap = vmcs12->io_bitmap_b;
6129 bitmap += (port & 0x7fff) / 8;
6131 if (last_bitmap != bitmap)
6132 if (kvm_vcpu_read_guest(vcpu, bitmap, &b, 1))
6134 if (b & (1 << (port & 7)))
6139 last_bitmap = bitmap;
6145 static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu,
6146 struct vmcs12 *vmcs12)
6148 unsigned long exit_qualification;
6149 unsigned short port;
6152 if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
6153 return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING);
6155 exit_qualification = vmx_get_exit_qual(vcpu);
6157 port = exit_qualification >> 16;
6158 size = (exit_qualification & 7) + 1;
6160 return nested_vmx_check_io_bitmaps(vcpu, port, size);
6164 * Return 1 if we should exit from L2 to L1 to handle an MSR access,
6165 * rather than handle it ourselves in L0. I.e., check whether L1 expressed
6166 * disinterest in the current event (read or write a specific MSR) by using an
6167 * MSR bitmap. This may be the case even when L0 doesn't use MSR bitmaps.
6169 static bool nested_vmx_exit_handled_msr(struct kvm_vcpu *vcpu,
6170 struct vmcs12 *vmcs12,
6171 union vmx_exit_reason exit_reason)
6173 u32 msr_index = kvm_rcx_read(vcpu);
6176 if (!nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
6180 * The MSR_BITMAP page is divided into four 1024-byte bitmaps,
6181 * for the four combinations of read/write and low/high MSR numbers.
6182 * First we need to figure out which of the four to use:
6184 bitmap = vmcs12->msr_bitmap;
6185 if (exit_reason.basic == EXIT_REASON_MSR_WRITE)
6187 if (msr_index >= 0xc0000000) {
6188 msr_index -= 0xc0000000;
6192 /* Then read the msr_index'th bit from this bitmap: */
6193 if (msr_index < 1024*8) {
6195 if (kvm_vcpu_read_guest(vcpu, bitmap + msr_index/8, &b, 1))
6197 return 1 & (b >> (msr_index & 7));
6199 return true; /* let L1 handle the wrong parameter */
6203 * Return 1 if we should exit from L2 to L1 to handle a CR access exit,
6204 * rather than handle it ourselves in L0. I.e., check if L1 wanted to
6205 * intercept (via guest_host_mask etc.) the current event.
6207 static bool nested_vmx_exit_handled_cr(struct kvm_vcpu *vcpu,
6208 struct vmcs12 *vmcs12)
6210 unsigned long exit_qualification = vmx_get_exit_qual(vcpu);
6211 int cr = exit_qualification & 15;
6215 switch ((exit_qualification >> 4) & 3) {
6216 case 0: /* mov to cr */
6217 reg = (exit_qualification >> 8) & 15;
6218 val = kvm_register_read(vcpu, reg);
6221 if (vmcs12->cr0_guest_host_mask &
6222 (val ^ vmcs12->cr0_read_shadow))
6226 if (nested_cpu_has(vmcs12, CPU_BASED_CR3_LOAD_EXITING))
6230 if (vmcs12->cr4_guest_host_mask &
6231 (vmcs12->cr4_read_shadow ^ val))
6235 if (nested_cpu_has(vmcs12, CPU_BASED_CR8_LOAD_EXITING))
6241 if ((vmcs12->cr0_guest_host_mask & X86_CR0_TS) &&
6242 (vmcs12->cr0_read_shadow & X86_CR0_TS))
6245 case 1: /* mov from cr */
6248 if (vmcs12->cpu_based_vm_exec_control &
6249 CPU_BASED_CR3_STORE_EXITING)
6253 if (vmcs12->cpu_based_vm_exec_control &
6254 CPU_BASED_CR8_STORE_EXITING)
6261 * lmsw can change bits 1..3 of cr0, and only set bit 0 of
6262 * cr0. Other attempted changes are ignored, with no exit.
6264 val = (exit_qualification >> LMSW_SOURCE_DATA_SHIFT) & 0x0f;
6265 if (vmcs12->cr0_guest_host_mask & 0xe &
6266 (val ^ vmcs12->cr0_read_shadow))
6268 if ((vmcs12->cr0_guest_host_mask & 0x1) &&
6269 !(vmcs12->cr0_read_shadow & 0x1) &&
6277 static bool nested_vmx_exit_handled_encls(struct kvm_vcpu *vcpu,
6278 struct vmcs12 *vmcs12)
6282 if (!guest_cpuid_has(vcpu, X86_FEATURE_SGX) ||
6283 !nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENCLS_EXITING))
6286 encls_leaf = kvm_rax_read(vcpu);
6287 if (encls_leaf > 62)
6289 return vmcs12->encls_exiting_bitmap & BIT_ULL(encls_leaf);
6292 static bool nested_vmx_exit_handled_vmcs_access(struct kvm_vcpu *vcpu,
6293 struct vmcs12 *vmcs12, gpa_t bitmap)
6295 u32 vmx_instruction_info;
6296 unsigned long field;
6299 if (!nested_cpu_has_shadow_vmcs(vmcs12))
6302 /* Decode instruction info and find the field to access */
6303 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
6304 field = kvm_register_read(vcpu, (((vmx_instruction_info) >> 28) & 0xf));
6306 /* Out-of-range fields always cause a VM exit from L2 to L1 */
6310 if (kvm_vcpu_read_guest(vcpu, bitmap + field/8, &b, 1))
6313 return 1 & (b >> (field & 7));
6316 static bool nested_vmx_exit_handled_mtf(struct vmcs12 *vmcs12)
6318 u32 entry_intr_info = vmcs12->vm_entry_intr_info_field;
6320 if (nested_cpu_has_mtf(vmcs12))
6324 * An MTF VM-exit may be injected into the guest by setting the
6325 * interruption-type to 7 (other event) and the vector field to 0. Such
6326 * is the case regardless of the 'monitor trap flag' VM-execution
6329 return entry_intr_info == (INTR_INFO_VALID_MASK
6330 | INTR_TYPE_OTHER_EVENT);
6334 * Return true if L0 wants to handle an exit from L2 regardless of whether or not
6335 * L1 wants the exit. Only call this when in is_guest_mode (L2).
6337 static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu,
6338 union vmx_exit_reason exit_reason)
6342 switch ((u16)exit_reason.basic) {
6343 case EXIT_REASON_EXCEPTION_NMI:
6344 intr_info = vmx_get_intr_info(vcpu);
6345 if (is_nmi(intr_info))
6347 else if (is_page_fault(intr_info))
6348 return vcpu->arch.apf.host_apf_flags ||
6349 vmx_need_pf_intercept(vcpu);
6350 else if (is_debug(intr_info) &&
6352 (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
6354 else if (is_breakpoint(intr_info) &&
6355 vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
6357 else if (is_alignment_check(intr_info) &&
6358 !vmx_guest_inject_ac(vcpu))
6360 else if (is_ve_fault(intr_info))
6363 case EXIT_REASON_EXTERNAL_INTERRUPT:
6365 case EXIT_REASON_MCE_DURING_VMENTRY:
6367 case EXIT_REASON_EPT_VIOLATION:
6369 * L0 always deals with the EPT violation. If nested EPT is
6370 * used, and the nested mmu code discovers that the address is
6371 * missing in the guest EPT table (EPT12), the EPT violation
6372 * will be injected with nested_ept_inject_page_fault()
6375 case EXIT_REASON_EPT_MISCONFIG:
6377 * L2 never uses directly L1's EPT, but rather L0's own EPT
6378 * table (shadow on EPT) or a merged EPT table that L0 built
6379 * (EPT on EPT). So any problems with the structure of the
6380 * table is L0's fault.
6383 case EXIT_REASON_PREEMPTION_TIMER:
6385 case EXIT_REASON_PML_FULL:
6387 * PML is emulated for an L1 VMM and should never be enabled in
6388 * vmcs02, always "handle" PML_FULL by exiting to userspace.
6391 case EXIT_REASON_VMFUNC:
6392 /* VM functions are emulated through L2->L0 vmexits. */
6394 case EXIT_REASON_BUS_LOCK:
6396 * At present, bus lock VM exit is never exposed to L1.
6397 * Handle L2's bus locks in L0 directly.
6400 #ifdef CONFIG_KVM_HYPERV
6401 case EXIT_REASON_VMCALL:
6402 /* Hyper-V L2 TLB flush hypercall is handled by L0 */
6403 return guest_hv_cpuid_has_l2_tlb_flush(vcpu) &&
6404 nested_evmcs_l2_tlb_flush_enabled(vcpu) &&
6405 kvm_hv_is_tlb_flush_hcall(vcpu);
6414 * Return 1 if L1 wants to intercept an exit from L2. Only call this when in
6415 * is_guest_mode (L2).
6417 static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu,
6418 union vmx_exit_reason exit_reason)
6420 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
6423 switch ((u16)exit_reason.basic) {
6424 case EXIT_REASON_EXCEPTION_NMI:
6425 intr_info = vmx_get_intr_info(vcpu);
6426 if (is_nmi(intr_info))
6428 else if (is_page_fault(intr_info))
6430 return vmcs12->exception_bitmap &
6431 (1u << (intr_info & INTR_INFO_VECTOR_MASK));
6432 case EXIT_REASON_EXTERNAL_INTERRUPT:
6433 return nested_exit_on_intr(vcpu);
6434 case EXIT_REASON_TRIPLE_FAULT:
6436 case EXIT_REASON_INTERRUPT_WINDOW:
6437 return nested_cpu_has(vmcs12, CPU_BASED_INTR_WINDOW_EXITING);
6438 case EXIT_REASON_NMI_WINDOW:
6439 return nested_cpu_has(vmcs12, CPU_BASED_NMI_WINDOW_EXITING);
6440 case EXIT_REASON_TASK_SWITCH:
6442 case EXIT_REASON_CPUID:
6444 case EXIT_REASON_HLT:
6445 return nested_cpu_has(vmcs12, CPU_BASED_HLT_EXITING);
6446 case EXIT_REASON_INVD:
6448 case EXIT_REASON_INVLPG:
6449 return nested_cpu_has(vmcs12, CPU_BASED_INVLPG_EXITING);
6450 case EXIT_REASON_RDPMC:
6451 return nested_cpu_has(vmcs12, CPU_BASED_RDPMC_EXITING);
6452 case EXIT_REASON_RDRAND:
6453 return nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDRAND_EXITING);
6454 case EXIT_REASON_RDSEED:
6455 return nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDSEED_EXITING);
6456 case EXIT_REASON_RDTSC: case EXIT_REASON_RDTSCP:
6457 return nested_cpu_has(vmcs12, CPU_BASED_RDTSC_EXITING);
6458 case EXIT_REASON_VMREAD:
6459 return nested_vmx_exit_handled_vmcs_access(vcpu, vmcs12,
6460 vmcs12->vmread_bitmap);
6461 case EXIT_REASON_VMWRITE:
6462 return nested_vmx_exit_handled_vmcs_access(vcpu, vmcs12,
6463 vmcs12->vmwrite_bitmap);
6464 case EXIT_REASON_VMCALL: case EXIT_REASON_VMCLEAR:
6465 case EXIT_REASON_VMLAUNCH: case EXIT_REASON_VMPTRLD:
6466 case EXIT_REASON_VMPTRST: case EXIT_REASON_VMRESUME:
6467 case EXIT_REASON_VMOFF: case EXIT_REASON_VMON:
6468 case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID:
6470 * VMX instructions trap unconditionally. This allows L1 to
6471 * emulate them for its L2 guest, i.e., allows 3-level nesting!
6474 case EXIT_REASON_CR_ACCESS:
6475 return nested_vmx_exit_handled_cr(vcpu, vmcs12);
6476 case EXIT_REASON_DR_ACCESS:
6477 return nested_cpu_has(vmcs12, CPU_BASED_MOV_DR_EXITING);
6478 case EXIT_REASON_IO_INSTRUCTION:
6479 return nested_vmx_exit_handled_io(vcpu, vmcs12);
6480 case EXIT_REASON_GDTR_IDTR: case EXIT_REASON_LDTR_TR:
6481 return nested_cpu_has2(vmcs12, SECONDARY_EXEC_DESC);
6482 case EXIT_REASON_MSR_READ:
6483 case EXIT_REASON_MSR_WRITE:
6484 return nested_vmx_exit_handled_msr(vcpu, vmcs12, exit_reason);
6485 case EXIT_REASON_INVALID_STATE:
6487 case EXIT_REASON_MWAIT_INSTRUCTION:
6488 return nested_cpu_has(vmcs12, CPU_BASED_MWAIT_EXITING);
6489 case EXIT_REASON_MONITOR_TRAP_FLAG:
6490 return nested_vmx_exit_handled_mtf(vmcs12);
6491 case EXIT_REASON_MONITOR_INSTRUCTION:
6492 return nested_cpu_has(vmcs12, CPU_BASED_MONITOR_EXITING);
6493 case EXIT_REASON_PAUSE_INSTRUCTION:
6494 return nested_cpu_has(vmcs12, CPU_BASED_PAUSE_EXITING) ||
6495 nested_cpu_has2(vmcs12,
6496 SECONDARY_EXEC_PAUSE_LOOP_EXITING);
6497 case EXIT_REASON_MCE_DURING_VMENTRY:
6499 case EXIT_REASON_TPR_BELOW_THRESHOLD:
6500 return nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW);
6501 case EXIT_REASON_APIC_ACCESS:
6502 case EXIT_REASON_APIC_WRITE:
6503 case EXIT_REASON_EOI_INDUCED:
6505 * The controls for "virtualize APIC accesses," "APIC-
6506 * register virtualization," and "virtual-interrupt
6507 * delivery" only come from vmcs12.
6510 case EXIT_REASON_INVPCID:
6512 nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_INVPCID) &&
6513 nested_cpu_has(vmcs12, CPU_BASED_INVLPG_EXITING);
6514 case EXIT_REASON_WBINVD:
6515 return nested_cpu_has2(vmcs12, SECONDARY_EXEC_WBINVD_EXITING);
6516 case EXIT_REASON_XSETBV:
6518 case EXIT_REASON_XSAVES: case EXIT_REASON_XRSTORS:
6520 * This should never happen, since it is not possible to
6521 * set XSS to a non-zero value---neither in L1 nor in L2.
6522 * If if it were, XSS would have to be checked against
6523 * the XSS exit bitmap in vmcs12.
6525 return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_XSAVES);
6526 case EXIT_REASON_UMWAIT:
6527 case EXIT_REASON_TPAUSE:
6528 return nested_cpu_has2(vmcs12,
6529 SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE);
6530 case EXIT_REASON_ENCLS:
6531 return nested_vmx_exit_handled_encls(vcpu, vmcs12);
6532 case EXIT_REASON_NOTIFY:
6533 /* Notify VM exit is not exposed to L1 */
6541 * Conditionally reflect a VM-Exit into L1. Returns %true if the VM-Exit was
6542 * reflected into L1.
6544 bool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu)
6546 struct vcpu_vmx *vmx = to_vmx(vcpu);
6547 union vmx_exit_reason exit_reason = vmx->exit_reason;
6548 unsigned long exit_qual;
6551 WARN_ON_ONCE(vmx->nested.nested_run_pending);
6554 * Late nested VM-Fail shares the same flow as nested VM-Exit since KVM
6555 * has already loaded L2's state.
6557 if (unlikely(vmx->fail)) {
6558 trace_kvm_nested_vmenter_failed(
6559 "hardware VM-instruction error: ",
6560 vmcs_read32(VM_INSTRUCTION_ERROR));
6563 goto reflect_vmexit;
6566 trace_kvm_nested_vmexit(vcpu, KVM_ISA_VMX);
6568 /* If L0 (KVM) wants the exit, it trumps L1's desires. */
6569 if (nested_vmx_l0_wants_exit(vcpu, exit_reason))
6572 /* If L1 doesn't want the exit, handle it in L0. */
6573 if (!nested_vmx_l1_wants_exit(vcpu, exit_reason))
6577 * vmcs.VM_EXIT_INTR_INFO is only valid for EXCEPTION_NMI exits. For
6578 * EXTERNAL_INTERRUPT, the value for vmcs12->vm_exit_intr_info would
6579 * need to be synthesized by querying the in-kernel LAPIC, but external
6580 * interrupts are never reflected to L1 so it's a non-issue.
6582 exit_intr_info = vmx_get_intr_info(vcpu);
6583 if (is_exception_with_error_code(exit_intr_info)) {
6584 struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
6586 vmcs12->vm_exit_intr_error_code =
6587 vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
6589 exit_qual = vmx_get_exit_qual(vcpu);
6592 nested_vmx_vmexit(vcpu, exit_reason.full, exit_intr_info, exit_qual);
6596 static int vmx_get_nested_state(struct kvm_vcpu *vcpu,
6597 struct kvm_nested_state __user *user_kvm_nested_state,
6600 struct vcpu_vmx *vmx;
6601 struct vmcs12 *vmcs12;
6602 struct kvm_nested_state kvm_state = {
6604 .format = KVM_STATE_NESTED_FORMAT_VMX,
6605 .size = sizeof(kvm_state),
6607 .hdr.vmx.vmxon_pa = INVALID_GPA,
6608 .hdr.vmx.vmcs12_pa = INVALID_GPA,
6609 .hdr.vmx.preemption_timer_deadline = 0,
6611 struct kvm_vmx_nested_state_data __user *user_vmx_nested_state =
6612 &user_kvm_nested_state->data.vmx[0];
6615 return kvm_state.size + sizeof(*user_vmx_nested_state);
6618 vmcs12 = get_vmcs12(vcpu);
6620 if (guest_can_use(vcpu, X86_FEATURE_VMX) &&
6621 (vmx->nested.vmxon || vmx->nested.smm.vmxon)) {
6622 kvm_state.hdr.vmx.vmxon_pa = vmx->nested.vmxon_ptr;
6623 kvm_state.hdr.vmx.vmcs12_pa = vmx->nested.current_vmptr;
6625 if (vmx_has_valid_vmcs12(vcpu)) {
6626 kvm_state.size += sizeof(user_vmx_nested_state->vmcs12);
6628 /* 'hv_evmcs_vmptr' can also be EVMPTR_MAP_PENDING here */
6629 if (nested_vmx_is_evmptr12_set(vmx))
6630 kvm_state.flags |= KVM_STATE_NESTED_EVMCS;
6632 if (is_guest_mode(vcpu) &&
6633 nested_cpu_has_shadow_vmcs(vmcs12) &&
6634 vmcs12->vmcs_link_pointer != INVALID_GPA)
6635 kvm_state.size += sizeof(user_vmx_nested_state->shadow_vmcs12);
6638 if (vmx->nested.smm.vmxon)
6639 kvm_state.hdr.vmx.smm.flags |= KVM_STATE_NESTED_SMM_VMXON;
6641 if (vmx->nested.smm.guest_mode)
6642 kvm_state.hdr.vmx.smm.flags |= KVM_STATE_NESTED_SMM_GUEST_MODE;
6644 if (is_guest_mode(vcpu)) {
6645 kvm_state.flags |= KVM_STATE_NESTED_GUEST_MODE;
6647 if (vmx->nested.nested_run_pending)
6648 kvm_state.flags |= KVM_STATE_NESTED_RUN_PENDING;
6650 if (vmx->nested.mtf_pending)
6651 kvm_state.flags |= KVM_STATE_NESTED_MTF_PENDING;
6653 if (nested_cpu_has_preemption_timer(vmcs12) &&
6654 vmx->nested.has_preemption_timer_deadline) {
6655 kvm_state.hdr.vmx.flags |=
6656 KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE;
6657 kvm_state.hdr.vmx.preemption_timer_deadline =
6658 vmx->nested.preemption_timer_deadline;
6663 if (user_data_size < kvm_state.size)
6666 if (copy_to_user(user_kvm_nested_state, &kvm_state, sizeof(kvm_state)))
6669 if (!vmx_has_valid_vmcs12(vcpu))
6673 * When running L2, the authoritative vmcs12 state is in the
6674 * vmcs02. When running L1, the authoritative vmcs12 state is
6675 * in the shadow or enlightened vmcs linked to vmcs01, unless
6676 * need_vmcs12_to_shadow_sync is set, in which case, the authoritative
6677 * vmcs12 state is in the vmcs12 already.
6679 if (is_guest_mode(vcpu)) {
6680 sync_vmcs02_to_vmcs12(vcpu, vmcs12);
6681 sync_vmcs02_to_vmcs12_rare(vcpu, vmcs12);
6683 copy_vmcs02_to_vmcs12_rare(vcpu, get_vmcs12(vcpu));
6684 if (!vmx->nested.need_vmcs12_to_shadow_sync) {
6685 if (nested_vmx_is_evmptr12_valid(vmx))
6687 * L1 hypervisor is not obliged to keep eVMCS
6688 * clean fields data always up-to-date while
6689 * not in guest mode, 'hv_clean_fields' is only
6690 * supposed to be actual upon vmentry so we need
6691 * to ignore it here and do full copy.
6693 copy_enlightened_to_vmcs12(vmx, 0);
6694 else if (enable_shadow_vmcs)
6695 copy_shadow_to_vmcs12(vmx);
6699 BUILD_BUG_ON(sizeof(user_vmx_nested_state->vmcs12) < VMCS12_SIZE);
6700 BUILD_BUG_ON(sizeof(user_vmx_nested_state->shadow_vmcs12) < VMCS12_SIZE);
6703 * Copy over the full allocated size of vmcs12 rather than just the size
6706 if (copy_to_user(user_vmx_nested_state->vmcs12, vmcs12, VMCS12_SIZE))
6709 if (nested_cpu_has_shadow_vmcs(vmcs12) &&
6710 vmcs12->vmcs_link_pointer != INVALID_GPA) {
6711 if (copy_to_user(user_vmx_nested_state->shadow_vmcs12,
6712 get_shadow_vmcs12(vcpu), VMCS12_SIZE))
6716 return kvm_state.size;
6719 void vmx_leave_nested(struct kvm_vcpu *vcpu)
6721 if (is_guest_mode(vcpu)) {
6722 to_vmx(vcpu)->nested.nested_run_pending = 0;
6723 nested_vmx_vmexit(vcpu, -1, 0, 0);
6728 static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
6729 struct kvm_nested_state __user *user_kvm_nested_state,
6730 struct kvm_nested_state *kvm_state)
6732 struct vcpu_vmx *vmx = to_vmx(vcpu);
6733 struct vmcs12 *vmcs12;
6734 enum vm_entry_failure_code ignored;
6735 struct kvm_vmx_nested_state_data __user *user_vmx_nested_state =
6736 &user_kvm_nested_state->data.vmx[0];
6739 if (kvm_state->format != KVM_STATE_NESTED_FORMAT_VMX)
6742 if (kvm_state->hdr.vmx.vmxon_pa == INVALID_GPA) {
6743 if (kvm_state->hdr.vmx.smm.flags)
6746 if (kvm_state->hdr.vmx.vmcs12_pa != INVALID_GPA)
6750 * KVM_STATE_NESTED_EVMCS used to signal that KVM should
6751 * enable eVMCS capability on vCPU. However, since then
6752 * code was changed such that flag signals vmcs12 should
6753 * be copied into eVMCS in guest memory.
6755 * To preserve backwards compatibility, allow user
6756 * to set this flag even when there is no VMXON region.
6758 if (kvm_state->flags & ~KVM_STATE_NESTED_EVMCS)
6761 if (!guest_can_use(vcpu, X86_FEATURE_VMX))
6764 if (!page_address_valid(vcpu, kvm_state->hdr.vmx.vmxon_pa))
6768 if ((kvm_state->hdr.vmx.smm.flags & KVM_STATE_NESTED_SMM_GUEST_MODE) &&
6769 (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
6772 if (kvm_state->hdr.vmx.smm.flags &
6773 ~(KVM_STATE_NESTED_SMM_GUEST_MODE | KVM_STATE_NESTED_SMM_VMXON))
6776 if (kvm_state->hdr.vmx.flags & ~KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE)
6780 * SMM temporarily disables VMX, so we cannot be in guest mode,
6781 * nor can VMLAUNCH/VMRESUME be pending. Outside SMM, SMM flags
6786 (KVM_STATE_NESTED_GUEST_MODE | KVM_STATE_NESTED_RUN_PENDING))
6787 : kvm_state->hdr.vmx.smm.flags)
6790 if ((kvm_state->hdr.vmx.smm.flags & KVM_STATE_NESTED_SMM_GUEST_MODE) &&
6791 !(kvm_state->hdr.vmx.smm.flags & KVM_STATE_NESTED_SMM_VMXON))
6794 if ((kvm_state->flags & KVM_STATE_NESTED_EVMCS) &&
6795 (!guest_can_use(vcpu, X86_FEATURE_VMX) ||
6796 !vmx->nested.enlightened_vmcs_enabled))
6799 vmx_leave_nested(vcpu);
6801 if (kvm_state->hdr.vmx.vmxon_pa == INVALID_GPA)
6804 vmx->nested.vmxon_ptr = kvm_state->hdr.vmx.vmxon_pa;
6805 ret = enter_vmx_operation(vcpu);
6809 /* Empty 'VMXON' state is permitted if no VMCS loaded */
6810 if (kvm_state->size < sizeof(*kvm_state) + sizeof(*vmcs12)) {
6811 /* See vmx_has_valid_vmcs12. */
6812 if ((kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE) ||
6813 (kvm_state->flags & KVM_STATE_NESTED_EVMCS) ||
6814 (kvm_state->hdr.vmx.vmcs12_pa != INVALID_GPA))
6820 if (kvm_state->hdr.vmx.vmcs12_pa != INVALID_GPA) {
6821 if (kvm_state->hdr.vmx.vmcs12_pa == kvm_state->hdr.vmx.vmxon_pa ||
6822 !page_address_valid(vcpu, kvm_state->hdr.vmx.vmcs12_pa))
6825 set_current_vmptr(vmx, kvm_state->hdr.vmx.vmcs12_pa);
6826 #ifdef CONFIG_KVM_HYPERV
6827 } else if (kvm_state->flags & KVM_STATE_NESTED_EVMCS) {
6829 * nested_vmx_handle_enlightened_vmptrld() cannot be called
6830 * directly from here as HV_X64_MSR_VP_ASSIST_PAGE may not be
6831 * restored yet. EVMCS will be mapped from
6832 * nested_get_vmcs12_pages().
6834 vmx->nested.hv_evmcs_vmptr = EVMPTR_MAP_PENDING;
6835 kvm_make_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu);
6841 if (kvm_state->hdr.vmx.smm.flags & KVM_STATE_NESTED_SMM_VMXON) {
6842 vmx->nested.smm.vmxon = true;
6843 vmx->nested.vmxon = false;
6845 if (kvm_state->hdr.vmx.smm.flags & KVM_STATE_NESTED_SMM_GUEST_MODE)
6846 vmx->nested.smm.guest_mode = true;
6849 vmcs12 = get_vmcs12(vcpu);
6850 if (copy_from_user(vmcs12, user_vmx_nested_state->vmcs12, sizeof(*vmcs12)))
6853 if (vmcs12->hdr.revision_id != VMCS12_REVISION)
6856 if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
6859 vmx->nested.nested_run_pending =
6860 !!(kvm_state->flags & KVM_STATE_NESTED_RUN_PENDING);
6862 vmx->nested.mtf_pending =
6863 !!(kvm_state->flags & KVM_STATE_NESTED_MTF_PENDING);
6866 if (nested_cpu_has_shadow_vmcs(vmcs12) &&
6867 vmcs12->vmcs_link_pointer != INVALID_GPA) {
6868 struct vmcs12 *shadow_vmcs12 = get_shadow_vmcs12(vcpu);
6870 if (kvm_state->size <
6871 sizeof(*kvm_state) +
6872 sizeof(user_vmx_nested_state->vmcs12) + sizeof(*shadow_vmcs12))
6873 goto error_guest_mode;
6875 if (copy_from_user(shadow_vmcs12,
6876 user_vmx_nested_state->shadow_vmcs12,
6877 sizeof(*shadow_vmcs12))) {
6879 goto error_guest_mode;
6882 if (shadow_vmcs12->hdr.revision_id != VMCS12_REVISION ||
6883 !shadow_vmcs12->hdr.shadow_vmcs)
6884 goto error_guest_mode;
6887 vmx->nested.has_preemption_timer_deadline = false;
6888 if (kvm_state->hdr.vmx.flags & KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE) {
6889 vmx->nested.has_preemption_timer_deadline = true;
6890 vmx->nested.preemption_timer_deadline =
6891 kvm_state->hdr.vmx.preemption_timer_deadline;
6894 if (nested_vmx_check_controls(vcpu, vmcs12) ||
6895 nested_vmx_check_host_state(vcpu, vmcs12) ||
6896 nested_vmx_check_guest_state(vcpu, vmcs12, &ignored))
6897 goto error_guest_mode;
6899 vmx->nested.dirty_vmcs12 = true;
6900 vmx->nested.force_msr_bitmap_recalc = true;
6901 ret = nested_vmx_enter_non_root_mode(vcpu, false);
6903 goto error_guest_mode;
6905 if (vmx->nested.mtf_pending)
6906 kvm_make_request(KVM_REQ_EVENT, vcpu);
6911 vmx->nested.nested_run_pending = 0;
6915 void nested_vmx_set_vmcs_shadowing_bitmap(void)
6917 if (enable_shadow_vmcs) {
6918 vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
6919 vmcs_write64(VMWRITE_BITMAP, __pa(vmx_vmwrite_bitmap));
6924 * Indexing into the vmcs12 uses the VMCS encoding rotated left by 6. Undo
6925 * that madness to get the encoding for comparison.
6927 #define VMCS12_IDX_TO_ENC(idx) ((u16)(((u16)(idx) >> 6) | ((u16)(idx) << 10)))
6929 static u64 nested_vmx_calc_vmcs_enum_msr(void)
6932 * Note these are the so called "index" of the VMCS field encoding, not
6933 * the index into vmcs12.
6935 unsigned int max_idx, idx;
6939 * For better or worse, KVM allows VMREAD/VMWRITE to all fields in
6940 * vmcs12, regardless of whether or not the associated feature is
6941 * exposed to L1. Simply find the field with the highest index.
6944 for (i = 0; i < nr_vmcs12_fields; i++) {
6945 /* The vmcs12 table is very, very sparsely populated. */
6946 if (!vmcs12_field_offsets[i])
6949 idx = vmcs_field_index(VMCS12_IDX_TO_ENC(i));
6954 return (u64)max_idx << VMCS_FIELD_INDEX_SHIFT;
6957 static void nested_vmx_setup_pinbased_ctls(struct vmcs_config *vmcs_conf,
6958 struct nested_vmx_msrs *msrs)
6960 msrs->pinbased_ctls_low =
6961 PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
6963 msrs->pinbased_ctls_high = vmcs_conf->pin_based_exec_ctrl;
6964 msrs->pinbased_ctls_high &=
6965 PIN_BASED_EXT_INTR_MASK |
6966 PIN_BASED_NMI_EXITING |
6967 PIN_BASED_VIRTUAL_NMIS |
6968 (enable_apicv ? PIN_BASED_POSTED_INTR : 0);
6969 msrs->pinbased_ctls_high |=
6970 PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR |
6971 PIN_BASED_VMX_PREEMPTION_TIMER;
6974 static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf,
6975 struct nested_vmx_msrs *msrs)
6977 msrs->exit_ctls_low =
6978 VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR;
6980 msrs->exit_ctls_high = vmcs_conf->vmexit_ctrl;
6981 msrs->exit_ctls_high &=
6982 #ifdef CONFIG_X86_64
6983 VM_EXIT_HOST_ADDR_SPACE_SIZE |
6985 VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT |
6986 VM_EXIT_CLEAR_BNDCFGS;
6987 msrs->exit_ctls_high |=
6988 VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR |
6989 VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER |
6990 VM_EXIT_SAVE_VMX_PREEMPTION_TIMER | VM_EXIT_ACK_INTR_ON_EXIT |
6991 VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
6993 /* We support free control of debug control saving. */
6994 msrs->exit_ctls_low &= ~VM_EXIT_SAVE_DEBUG_CONTROLS;
6997 static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf,
6998 struct nested_vmx_msrs *msrs)
7000 msrs->entry_ctls_low =
7001 VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR;
7003 msrs->entry_ctls_high = vmcs_conf->vmentry_ctrl;
7004 msrs->entry_ctls_high &=
7005 #ifdef CONFIG_X86_64
7006 VM_ENTRY_IA32E_MODE |
7008 VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS;
7009 msrs->entry_ctls_high |=
7010 (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER |
7011 VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL);
7013 /* We support free control of debug control loading. */
7014 msrs->entry_ctls_low &= ~VM_ENTRY_LOAD_DEBUG_CONTROLS;
7017 static void nested_vmx_setup_cpubased_ctls(struct vmcs_config *vmcs_conf,
7018 struct nested_vmx_msrs *msrs)
7020 msrs->procbased_ctls_low =
7021 CPU_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
7023 msrs->procbased_ctls_high = vmcs_conf->cpu_based_exec_ctrl;
7024 msrs->procbased_ctls_high &=
7025 CPU_BASED_INTR_WINDOW_EXITING |
7026 CPU_BASED_NMI_WINDOW_EXITING | CPU_BASED_USE_TSC_OFFSETTING |
7027 CPU_BASED_HLT_EXITING | CPU_BASED_INVLPG_EXITING |
7028 CPU_BASED_MWAIT_EXITING | CPU_BASED_CR3_LOAD_EXITING |
7029 CPU_BASED_CR3_STORE_EXITING |
7030 #ifdef CONFIG_X86_64
7031 CPU_BASED_CR8_LOAD_EXITING | CPU_BASED_CR8_STORE_EXITING |
7033 CPU_BASED_MOV_DR_EXITING | CPU_BASED_UNCOND_IO_EXITING |
7034 CPU_BASED_USE_IO_BITMAPS | CPU_BASED_MONITOR_TRAP_FLAG |
7035 CPU_BASED_MONITOR_EXITING | CPU_BASED_RDPMC_EXITING |
7036 CPU_BASED_RDTSC_EXITING | CPU_BASED_PAUSE_EXITING |
7037 CPU_BASED_TPR_SHADOW | CPU_BASED_ACTIVATE_SECONDARY_CONTROLS;
7039 * We can allow some features even when not supported by the
7040 * hardware. For example, L1 can specify an MSR bitmap - and we
7041 * can use it to avoid exits to L1 - even when L0 runs L2
7042 * without MSR bitmaps.
7044 msrs->procbased_ctls_high |=
7045 CPU_BASED_ALWAYSON_WITHOUT_TRUE_MSR |
7046 CPU_BASED_USE_MSR_BITMAPS;
7048 /* We support free control of CR3 access interception. */
7049 msrs->procbased_ctls_low &=
7050 ~(CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING);
7053 static void nested_vmx_setup_secondary_ctls(u32 ept_caps,
7054 struct vmcs_config *vmcs_conf,
7055 struct nested_vmx_msrs *msrs)
7057 msrs->secondary_ctls_low = 0;
7059 msrs->secondary_ctls_high = vmcs_conf->cpu_based_2nd_exec_ctrl;
7060 msrs->secondary_ctls_high &=
7061 SECONDARY_EXEC_DESC |
7062 SECONDARY_EXEC_ENABLE_RDTSCP |
7063 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
7064 SECONDARY_EXEC_WBINVD_EXITING |
7065 SECONDARY_EXEC_APIC_REGISTER_VIRT |
7066 SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
7067 SECONDARY_EXEC_RDRAND_EXITING |
7068 SECONDARY_EXEC_ENABLE_INVPCID |
7069 SECONDARY_EXEC_ENABLE_VMFUNC |
7070 SECONDARY_EXEC_RDSEED_EXITING |
7071 SECONDARY_EXEC_ENABLE_XSAVES |
7072 SECONDARY_EXEC_TSC_SCALING |
7073 SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE;
7076 * We can emulate "VMCS shadowing," even if the hardware
7077 * doesn't support it.
7079 msrs->secondary_ctls_high |=
7080 SECONDARY_EXEC_SHADOW_VMCS;
7083 /* nested EPT: emulate EPT also to L1 */
7084 msrs->secondary_ctls_high |=
7085 SECONDARY_EXEC_ENABLE_EPT;
7087 VMX_EPT_PAGE_WALK_4_BIT |
7088 VMX_EPT_PAGE_WALK_5_BIT |
7090 VMX_EPT_INVEPT_BIT |
7091 VMX_EPT_EXECUTE_ONLY_BIT;
7093 msrs->ept_caps &= ept_caps;
7094 msrs->ept_caps |= VMX_EPT_EXTENT_GLOBAL_BIT |
7095 VMX_EPT_EXTENT_CONTEXT_BIT | VMX_EPT_2MB_PAGE_BIT |
7096 VMX_EPT_1GB_PAGE_BIT;
7097 if (enable_ept_ad_bits) {
7098 msrs->secondary_ctls_high |=
7099 SECONDARY_EXEC_ENABLE_PML;
7100 msrs->ept_caps |= VMX_EPT_AD_BIT;
7104 * Advertise EPTP switching irrespective of hardware support,
7105 * KVM emulates it in software so long as VMFUNC is supported.
7107 if (cpu_has_vmx_vmfunc())
7108 msrs->vmfunc_controls = VMX_VMFUNC_EPTP_SWITCHING;
7112 * Old versions of KVM use the single-context version without
7113 * checking for support, so declare that it is supported even
7114 * though it is treated as global context. The alternative is
7115 * not failing the single-context invvpid, and it is worse.
7118 msrs->secondary_ctls_high |=
7119 SECONDARY_EXEC_ENABLE_VPID;
7120 msrs->vpid_caps = VMX_VPID_INVVPID_BIT |
7121 VMX_VPID_EXTENT_SUPPORTED_MASK;
7124 if (enable_unrestricted_guest)
7125 msrs->secondary_ctls_high |=
7126 SECONDARY_EXEC_UNRESTRICTED_GUEST;
7128 if (flexpriority_enabled)
7129 msrs->secondary_ctls_high |=
7130 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
7133 msrs->secondary_ctls_high |= SECONDARY_EXEC_ENCLS_EXITING;
7136 static void nested_vmx_setup_misc_data(struct vmcs_config *vmcs_conf,
7137 struct nested_vmx_msrs *msrs)
7139 msrs->misc_low = (u32)vmcs_conf->misc & VMX_MISC_SAVE_EFER_LMA;
7141 VMX_MISC_VMWRITE_SHADOW_RO_FIELDS |
7142 VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE |
7143 VMX_MISC_ACTIVITY_HLT |
7144 VMX_MISC_ACTIVITY_WAIT_SIPI;
7145 msrs->misc_high = 0;
7148 static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs)
7151 * This MSR reports some information about VMX support. We
7152 * should return information about the VMX we emulate for the
7153 * guest, and the VMCS structure we give it - not about the
7154 * VMX support of the underlying hardware.
7156 msrs->basic = vmx_basic_encode_vmcs_info(VMCS12_REVISION, VMCS12_SIZE,
7159 msrs->basic |= VMX_BASIC_TRUE_CTLS;
7160 if (cpu_has_vmx_basic_inout())
7161 msrs->basic |= VMX_BASIC_INOUT;
7164 static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs)
7167 * These MSRs specify bits which the guest must keep fixed on
7168 * while L1 is in VMXON mode (in L1's root mode, or running an L2).
7169 * We picked the standard core2 setting.
7171 #define VMXON_CR0_ALWAYSON (X86_CR0_PE | X86_CR0_PG | X86_CR0_NE)
7172 #define VMXON_CR4_ALWAYSON X86_CR4_VMXE
7173 msrs->cr0_fixed0 = VMXON_CR0_ALWAYSON;
7174 msrs->cr4_fixed0 = VMXON_CR4_ALWAYSON;
7176 /* These MSRs specify bits which the guest must keep fixed off. */
7177 rdmsrl(MSR_IA32_VMX_CR0_FIXED1, msrs->cr0_fixed1);
7178 rdmsrl(MSR_IA32_VMX_CR4_FIXED1, msrs->cr4_fixed1);
7180 if (vmx_umip_emulated())
7181 msrs->cr4_fixed1 |= X86_CR4_UMIP;
7185 * nested_vmx_setup_ctls_msrs() sets up variables containing the values to be
7186 * returned for the various VMX controls MSRs when nested VMX is enabled.
7187 * The same values should also be used to verify that vmcs12 control fields are
7188 * valid during nested entry from L1 to L2.
7189 * Each of these control msrs has a low and high 32-bit half: A low bit is on
7190 * if the corresponding bit in the (32-bit) control field *must* be on, and a
7191 * bit in the high half is on if the corresponding bit in the control field
7192 * may be on. See also vmx_control_verify().
7194 void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
7196 struct nested_vmx_msrs *msrs = &vmcs_conf->nested;
7199 * Note that as a general rule, the high half of the MSRs (bits in
7200 * the control fields which may be 1) should be initialized by the
7201 * intersection of the underlying hardware's MSR (i.e., features which
7202 * can be supported) and the list of features we want to expose -
7203 * because they are known to be properly supported in our code.
7204 * Also, usually, the low half of the MSRs (bits which must be 1) can
7205 * be set to 0, meaning that L1 may turn off any of these bits. The
7206 * reason is that if one of these bits is necessary, it will appear
7207 * in vmcs01 and prepare_vmcs02, when it bitwise-or's the control
7208 * fields of vmcs01 and vmcs02, will turn these bits off - and
7209 * nested_vmx_l1_wants_exit() will not pass related exits to L1.
7210 * These rules have exceptions below.
7212 nested_vmx_setup_pinbased_ctls(vmcs_conf, msrs);
7214 nested_vmx_setup_exit_ctls(vmcs_conf, msrs);
7216 nested_vmx_setup_entry_ctls(vmcs_conf, msrs);
7218 nested_vmx_setup_cpubased_ctls(vmcs_conf, msrs);
7220 nested_vmx_setup_secondary_ctls(ept_caps, vmcs_conf, msrs);
7222 nested_vmx_setup_misc_data(vmcs_conf, msrs);
7224 nested_vmx_setup_basic(msrs);
7226 nested_vmx_setup_cr_fixed(msrs);
7228 msrs->vmcs_enum = nested_vmx_calc_vmcs_enum_msr();
7231 void nested_vmx_hardware_unsetup(void)
7235 if (enable_shadow_vmcs) {
7236 for (i = 0; i < VMX_BITMAP_NR; i++)
7237 free_page((unsigned long)vmx_bitmap[i]);
7241 __init int nested_vmx_hardware_setup(int (*exit_handlers[])(struct kvm_vcpu *))
7245 if (!cpu_has_vmx_shadow_vmcs())
7246 enable_shadow_vmcs = 0;
7247 if (enable_shadow_vmcs) {
7248 for (i = 0; i < VMX_BITMAP_NR; i++) {
7250 * The vmx_bitmap is not tied to a VM and so should
7251 * not be charged to a memcg.
7253 vmx_bitmap[i] = (unsigned long *)
7254 __get_free_page(GFP_KERNEL);
7255 if (!vmx_bitmap[i]) {
7256 nested_vmx_hardware_unsetup();
7261 init_vmcs_shadow_fields();
7264 exit_handlers[EXIT_REASON_VMCLEAR] = handle_vmclear;
7265 exit_handlers[EXIT_REASON_VMLAUNCH] = handle_vmlaunch;
7266 exit_handlers[EXIT_REASON_VMPTRLD] = handle_vmptrld;
7267 exit_handlers[EXIT_REASON_VMPTRST] = handle_vmptrst;
7268 exit_handlers[EXIT_REASON_VMREAD] = handle_vmread;
7269 exit_handlers[EXIT_REASON_VMRESUME] = handle_vmresume;
7270 exit_handlers[EXIT_REASON_VMWRITE] = handle_vmwrite;
7271 exit_handlers[EXIT_REASON_VMOFF] = handle_vmxoff;
7272 exit_handlers[EXIT_REASON_VMON] = handle_vmxon;
7273 exit_handlers[EXIT_REASON_INVEPT] = handle_invept;
7274 exit_handlers[EXIT_REASON_INVVPID] = handle_invvpid;
7275 exit_handlers[EXIT_REASON_VMFUNC] = handle_vmfunc;
7280 struct kvm_x86_nested_ops vmx_nested_ops = {
7281 .leave_nested = vmx_leave_nested,
7282 .is_exception_vmexit = nested_vmx_is_exception_vmexit,
7283 .check_events = vmx_check_nested_events,
7284 .has_events = vmx_has_nested_events,
7285 .triple_fault = nested_vmx_triple_fault,
7286 .get_state = vmx_get_nested_state,
7287 .set_state = vmx_set_nested_state,
7288 .get_nested_state_pages = vmx_get_nested_state_pages,
7289 .write_log_dirty = nested_vmx_write_pml_buffer,
7290 #ifdef CONFIG_KVM_HYPERV
7291 .enable_evmcs = nested_enable_evmcs,
7292 .get_evmcs_version = nested_get_evmcs_version,
7293 .hv_inject_synthetic_vmexit_post_tlb_flush = vmx_hv_inject_synthetic_vmexit_post_tlb_flush,
projects / J-linux.git / blob