4 * Copyright (C) 2006-2008 Qumranet Technologies
5 * Copyright IBM, Corp. 2008
10 * This work is licensed under the terms of the GNU GPL, version 2 or later.
11 * See the COPYING file in the top-level directory.
15 #include "qemu/osdep.h"
16 #include "qapi/error.h"
17 #include <sys/ioctl.h>
18 #include <sys/utsname.h>
20 #include <linux/kvm.h>
21 #include "standard-headers/asm-x86/kvm_para.h"
24 #include "sysemu/sysemu.h"
25 #include "sysemu/hw_accel.h"
26 #include "sysemu/kvm_int.h"
29 #include "hyperv-proto.h"
31 #include "exec/gdbstub.h"
32 #include "qemu/host-utils.h"
33 #include "qemu/config-file.h"
34 #include "qemu/error-report.h"
35 #include "hw/i386/pc.h"
36 #include "hw/i386/apic.h"
37 #include "hw/i386/apic_internal.h"
38 #include "hw/i386/apic-msidef.h"
39 #include "hw/i386/intel_iommu.h"
40 #include "hw/i386/x86-iommu.h"
42 #include "hw/pci/pci.h"
43 #include "hw/pci/msi.h"
44 #include "hw/pci/msix.h"
45 #include "migration/blocker.h"
46 #include "exec/memattrs.h"
52 #define DPRINTF(fmt, ...) \
53 do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
55 #define DPRINTF(fmt, ...) \
59 #define MSR_KVM_WALL_CLOCK 0x11
60 #define MSR_KVM_SYSTEM_TIME 0x12
62 /* A 4096-byte buffer can hold the 8-byte kvm_msrs header, plus
63 * 255 kvm_msr_entry structs */
64 #define MSR_BUF_SIZE 4096
66 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
67 KVM_CAP_INFO(SET_TSS_ADDR),
68 KVM_CAP_INFO(EXT_CPUID),
69 KVM_CAP_INFO(MP_STATE),
73 static bool has_msr_star;
74 static bool has_msr_hsave_pa;
75 static bool has_msr_tsc_aux;
76 static bool has_msr_tsc_adjust;
77 static bool has_msr_tsc_deadline;
78 static bool has_msr_feature_control;
79 static bool has_msr_misc_enable;
80 static bool has_msr_smbase;
81 static bool has_msr_bndcfgs;
82 static int lm_capable_kernel;
83 static bool has_msr_hv_hypercall;
84 static bool has_msr_hv_crash;
85 static bool has_msr_hv_reset;
86 static bool has_msr_hv_vpindex;
87 static bool hv_vpindex_settable;
88 static bool has_msr_hv_runtime;
89 static bool has_msr_hv_synic;
90 static bool has_msr_hv_stimer;
91 static bool has_msr_hv_frequencies;
92 static bool has_msr_hv_reenlightenment;
93 static bool has_msr_xss;
94 static bool has_msr_spec_ctrl;
95 static bool has_msr_virt_ssbd;
96 static bool has_msr_smi_count;
97 static bool has_msr_arch_capabs;
99 static uint32_t has_architectural_pmu_version;
100 static uint32_t num_architectural_pmu_gp_counters;
101 static uint32_t num_architectural_pmu_fixed_counters;
103 static int has_xsave;
105 static int has_pit_state2;
107 static bool has_msr_mcg_ext_ctl;
109 static struct kvm_cpuid2 *cpuid_cache;
110 static struct kvm_msr_list *kvm_feature_msrs;
112 int kvm_has_pit_state2(void)
114 return has_pit_state2;
117 bool kvm_has_smm(void)
119 return kvm_check_extension(kvm_state, KVM_CAP_X86_SMM);
122 bool kvm_has_adjust_clock_stable(void)
124 int ret = kvm_check_extension(kvm_state, KVM_CAP_ADJUST_CLOCK);
126 return (ret == KVM_CLOCK_TSC_STABLE);
129 bool kvm_allows_irq0_override(void)
131 return !kvm_irqchip_in_kernel() || kvm_has_gsi_routing();
134 static bool kvm_x2apic_api_set_flags(uint64_t flags)
136 KVMState *s = KVM_STATE(current_machine->accelerator);
138 return !kvm_vm_enable_cap(s, KVM_CAP_X2APIC_API, 0, flags);
141 #define MEMORIZE(fn, _result) \
143 static bool _memorized; \
152 static bool has_x2apic_api;
154 bool kvm_has_x2apic_api(void)
156 return has_x2apic_api;
159 bool kvm_enable_x2apic(void)
162 kvm_x2apic_api_set_flags(KVM_X2APIC_API_USE_32BIT_IDS |
163 KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK),
167 bool kvm_hv_vpindex_settable(void)
169 return hv_vpindex_settable;
172 static int kvm_get_tsc(CPUState *cs)
174 X86CPU *cpu = X86_CPU(cs);
175 CPUX86State *env = &cpu->env;
177 struct kvm_msrs info;
178 struct kvm_msr_entry entries[1];
182 if (env->tsc_valid) {
186 msr_data.info.nmsrs = 1;
187 msr_data.entries[0].index = MSR_IA32_TSC;
188 env->tsc_valid = !runstate_is_running();
190 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, &msr_data);
196 env->tsc = msr_data.entries[0].data;
200 static inline void do_kvm_synchronize_tsc(CPUState *cpu, run_on_cpu_data arg)
205 void kvm_synchronize_all_tsc(void)
211 run_on_cpu(cpu, do_kvm_synchronize_tsc, RUN_ON_CPU_NULL);
216 static struct kvm_cpuid2 *try_get_cpuid(KVMState *s, int max)
218 struct kvm_cpuid2 *cpuid;
221 size = sizeof(*cpuid) + max * sizeof(*cpuid->entries);
222 cpuid = g_malloc0(size);
224 r = kvm_ioctl(s, KVM_GET_SUPPORTED_CPUID, cpuid);
225 if (r == 0 && cpuid->nent >= max) {
233 fprintf(stderr, "KVM_GET_SUPPORTED_CPUID failed: %s\n",
241 /* Run KVM_GET_SUPPORTED_CPUID ioctl(), allocating a buffer large enough
244 static struct kvm_cpuid2 *get_supported_cpuid(KVMState *s)
246 struct kvm_cpuid2 *cpuid;
249 if (cpuid_cache != NULL) {
252 while ((cpuid = try_get_cpuid(s, max)) == NULL) {
259 static const struct kvm_para_features {
262 } para_features[] = {
263 { KVM_CAP_CLOCKSOURCE, KVM_FEATURE_CLOCKSOURCE },
264 { KVM_CAP_NOP_IO_DELAY, KVM_FEATURE_NOP_IO_DELAY },
265 { KVM_CAP_PV_MMU, KVM_FEATURE_MMU_OP },
266 { KVM_CAP_ASYNC_PF, KVM_FEATURE_ASYNC_PF },
269 static int get_para_features(KVMState *s)
273 for (i = 0; i < ARRAY_SIZE(para_features); i++) {
274 if (kvm_check_extension(s, para_features[i].cap)) {
275 features |= (1 << para_features[i].feature);
282 static bool host_tsx_blacklisted(void)
284 int family, model, stepping;\
285 char vendor[CPUID_VENDOR_SZ + 1];
287 host_vendor_fms(vendor, &family, &model, &stepping);
289 /* Check if we are running on a Haswell host known to have broken TSX */
290 return !strcmp(vendor, CPUID_VENDOR_INTEL) &&
292 ((model == 63 && stepping < 4) ||
293 model == 60 || model == 69 || model == 70);
296 /* Returns the value for a specific register on the cpuid entry
298 static uint32_t cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry, int reg)
318 /* Find matching entry for function/index on kvm_cpuid2 struct
320 static struct kvm_cpuid_entry2 *cpuid_find_entry(struct kvm_cpuid2 *cpuid,
325 for (i = 0; i < cpuid->nent; ++i) {
326 if (cpuid->entries[i].function == function &&
327 cpuid->entries[i].index == index) {
328 return &cpuid->entries[i];
335 uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
336 uint32_t index, int reg)
338 struct kvm_cpuid2 *cpuid;
340 uint32_t cpuid_1_edx;
343 cpuid = get_supported_cpuid(s);
345 struct kvm_cpuid_entry2 *entry = cpuid_find_entry(cpuid, function, index);
348 ret = cpuid_entry_get_reg(entry, reg);
351 /* Fixups for the data returned by KVM, below */
353 if (function == 1 && reg == R_EDX) {
354 /* KVM before 2.6.30 misreports the following features */
355 ret |= CPUID_MTRR | CPUID_PAT | CPUID_MCE | CPUID_MCA;
356 } else if (function == 1 && reg == R_ECX) {
357 /* We can set the hypervisor flag, even if KVM does not return it on
358 * GET_SUPPORTED_CPUID
360 ret |= CPUID_EXT_HYPERVISOR;
361 /* tsc-deadline flag is not returned by GET_SUPPORTED_CPUID, but it
362 * can be enabled if the kernel has KVM_CAP_TSC_DEADLINE_TIMER,
363 * and the irqchip is in the kernel.
365 if (kvm_irqchip_in_kernel() &&
366 kvm_check_extension(s, KVM_CAP_TSC_DEADLINE_TIMER)) {
367 ret |= CPUID_EXT_TSC_DEADLINE_TIMER;
370 /* x2apic is reported by GET_SUPPORTED_CPUID, but it can't be enabled
371 * without the in-kernel irqchip
373 if (!kvm_irqchip_in_kernel()) {
374 ret &= ~CPUID_EXT_X2APIC;
378 int disable_exits = kvm_check_extension(s,
379 KVM_CAP_X86_DISABLE_EXITS);
381 if (disable_exits & KVM_X86_DISABLE_EXITS_MWAIT) {
382 ret |= CPUID_EXT_MONITOR;
385 } else if (function == 6 && reg == R_EAX) {
386 ret |= CPUID_6_EAX_ARAT; /* safe to allow because of emulated APIC */
387 } else if (function == 7 && index == 0 && reg == R_EBX) {
388 if (host_tsx_blacklisted()) {
389 ret &= ~(CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_HLE);
391 } else if (function == 7 && index == 0 && reg == R_EDX) {
393 * Linux v4.17-v4.20 incorrectly return ARCH_CAPABILITIES on SVM hosts.
394 * We can detect the bug by checking if MSR_IA32_ARCH_CAPABILITIES is
395 * returned by KVM_GET_MSR_INDEX_LIST.
397 if (!has_msr_arch_capabs) {
398 ret &= ~CPUID_7_0_EDX_ARCH_CAPABILITIES;
400 } else if (function == 0x80000001 && reg == R_ECX) {
402 * It's safe to enable TOPOEXT even if it's not returned by
403 * GET_SUPPORTED_CPUID. Unconditionally enabling TOPOEXT here allows
404 * us to keep CPU models including TOPOEXT runnable on older kernels.
406 ret |= CPUID_EXT3_TOPOEXT;
407 } else if (function == 0x80000001 && reg == R_EDX) {
408 /* On Intel, kvm returns cpuid according to the Intel spec,
409 * so add missing bits according to the AMD spec:
411 cpuid_1_edx = kvm_arch_get_supported_cpuid(s, 1, 0, R_EDX);
412 ret |= cpuid_1_edx & CPUID_EXT2_AMD_ALIASES;
413 } else if (function == KVM_CPUID_FEATURES && reg == R_EAX) {
414 /* kvm_pv_unhalt is reported by GET_SUPPORTED_CPUID, but it can't
415 * be enabled without the in-kernel irqchip
417 if (!kvm_irqchip_in_kernel()) {
418 ret &= ~(1U << KVM_FEATURE_PV_UNHALT);
420 } else if (function == KVM_CPUID_FEATURES && reg == R_EDX) {
421 ret |= 1U << KVM_HINTS_REALTIME;
425 /* fallback for older kernels */
426 if ((function == KVM_CPUID_FEATURES) && !found) {
427 ret = get_para_features(s);
433 uint32_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
436 struct kvm_msrs info;
437 struct kvm_msr_entry entries[1];
441 if (kvm_feature_msrs == NULL) { /* Host doesn't support feature MSRs */
445 /* Check if requested MSR is supported feature MSR */
447 for (i = 0; i < kvm_feature_msrs->nmsrs; i++)
448 if (kvm_feature_msrs->indices[i] == index) {
451 if (i == kvm_feature_msrs->nmsrs) {
452 return 0; /* if the feature MSR is not supported, simply return 0 */
455 msr_data.info.nmsrs = 1;
456 msr_data.entries[0].index = index;
458 ret = kvm_ioctl(s, KVM_GET_MSRS, &msr_data);
460 error_report("KVM get MSR (index=0x%x) feature failed, %s",
461 index, strerror(-ret));
465 return msr_data.entries[0].data;
469 typedef struct HWPoisonPage {
471 QLIST_ENTRY(HWPoisonPage) list;
474 static QLIST_HEAD(, HWPoisonPage) hwpoison_page_list =
475 QLIST_HEAD_INITIALIZER(hwpoison_page_list);
477 static void kvm_unpoison_all(void *param)
479 HWPoisonPage *page, *next_page;
481 QLIST_FOREACH_SAFE(page, &hwpoison_page_list, list, next_page) {
482 QLIST_REMOVE(page, list);
483 qemu_ram_remap(page->ram_addr, TARGET_PAGE_SIZE);
488 static void kvm_hwpoison_page_add(ram_addr_t ram_addr)
492 QLIST_FOREACH(page, &hwpoison_page_list, list) {
493 if (page->ram_addr == ram_addr) {
497 page = g_new(HWPoisonPage, 1);
498 page->ram_addr = ram_addr;
499 QLIST_INSERT_HEAD(&hwpoison_page_list, page, list);
502 static int kvm_get_mce_cap_supported(KVMState *s, uint64_t *mce_cap,
507 r = kvm_check_extension(s, KVM_CAP_MCE);
510 return kvm_ioctl(s, KVM_X86_GET_MCE_CAP_SUPPORTED, mce_cap);
515 static void kvm_mce_inject(X86CPU *cpu, hwaddr paddr, int code)
517 CPUState *cs = CPU(cpu);
518 CPUX86State *env = &cpu->env;
519 uint64_t status = MCI_STATUS_VAL | MCI_STATUS_UC | MCI_STATUS_EN |
520 MCI_STATUS_MISCV | MCI_STATUS_ADDRV | MCI_STATUS_S;
521 uint64_t mcg_status = MCG_STATUS_MCIP;
524 if (code == BUS_MCEERR_AR) {
525 status |= MCI_STATUS_AR | 0x134;
526 mcg_status |= MCG_STATUS_EIPV;
529 mcg_status |= MCG_STATUS_RIPV;
532 flags = cpu_x86_support_mca_broadcast(env) ? MCE_INJECT_BROADCAST : 0;
533 /* We need to read back the value of MSR_EXT_MCG_CTL that was set by the
534 * guest kernel back into env->mcg_ext_ctl.
536 cpu_synchronize_state(cs);
537 if (env->mcg_ext_ctl & MCG_EXT_CTL_LMCE_EN) {
538 mcg_status |= MCG_STATUS_LMCE;
542 cpu_x86_inject_mce(NULL, cpu, 9, status, mcg_status, paddr,
543 (MCM_ADDR_PHYS << 6) | 0xc, flags);
546 static void hardware_memory_error(void)
548 fprintf(stderr, "Hardware memory error!\n");
552 void kvm_arch_on_sigbus_vcpu(CPUState *c, int code, void *addr)
554 X86CPU *cpu = X86_CPU(c);
555 CPUX86State *env = &cpu->env;
559 /* If we get an action required MCE, it has been injected by KVM
560 * while the VM was running. An action optional MCE instead should
561 * be coming from the main thread, which qemu_init_sigbus identifies
562 * as the "early kill" thread.
564 assert(code == BUS_MCEERR_AR || code == BUS_MCEERR_AO);
566 if ((env->mcg_cap & MCG_SER_P) && addr) {
567 ram_addr = qemu_ram_addr_from_host(addr);
568 if (ram_addr != RAM_ADDR_INVALID &&
569 kvm_physical_memory_addr_from_host(c->kvm_state, addr, &paddr)) {
570 kvm_hwpoison_page_add(ram_addr);
571 kvm_mce_inject(cpu, paddr, code);
575 fprintf(stderr, "Hardware memory error for memory used by "
576 "QEMU itself instead of guest system!\n");
579 if (code == BUS_MCEERR_AR) {
580 hardware_memory_error();
583 /* Hope we are lucky for AO MCE */
586 static int kvm_inject_mce_oldstyle(X86CPU *cpu)
588 CPUX86State *env = &cpu->env;
590 if (!kvm_has_vcpu_events() && env->exception_injected == EXCP12_MCHK) {
591 unsigned int bank, bank_num = env->mcg_cap & 0xff;
592 struct kvm_x86_mce mce;
594 env->exception_injected = -1;
597 * There must be at least one bank in use if an MCE is pending.
598 * Find it and use its values for the event injection.
600 for (bank = 0; bank < bank_num; bank++) {
601 if (env->mce_banks[bank * 4 + 1] & MCI_STATUS_VAL) {
605 assert(bank < bank_num);
608 mce.status = env->mce_banks[bank * 4 + 1];
609 mce.mcg_status = env->mcg_status;
610 mce.addr = env->mce_banks[bank * 4 + 2];
611 mce.misc = env->mce_banks[bank * 4 + 3];
613 return kvm_vcpu_ioctl(CPU(cpu), KVM_X86_SET_MCE, &mce);
618 static void cpu_update_state(void *opaque, int running, RunState state)
620 CPUX86State *env = opaque;
623 env->tsc_valid = false;
627 unsigned long kvm_arch_vcpu_id(CPUState *cs)
629 X86CPU *cpu = X86_CPU(cs);
633 #ifndef KVM_CPUID_SIGNATURE_NEXT
634 #define KVM_CPUID_SIGNATURE_NEXT 0x40000100
637 static bool hyperv_enabled(X86CPU *cpu)
639 CPUState *cs = CPU(cpu);
640 return kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV) > 0 &&
641 ((cpu->hyperv_spinlock_attempts != HYPERV_SPINLOCK_NEVER_RETRY) ||
642 cpu->hyperv_features);
645 static int kvm_arch_set_tsc_khz(CPUState *cs)
647 X86CPU *cpu = X86_CPU(cs);
648 CPUX86State *env = &cpu->env;
655 r = kvm_check_extension(cs->kvm_state, KVM_CAP_TSC_CONTROL) ?
656 kvm_vcpu_ioctl(cs, KVM_SET_TSC_KHZ, env->tsc_khz) :
659 /* When KVM_SET_TSC_KHZ fails, it's an error only if the current
660 * TSC frequency doesn't match the one we want.
662 int cur_freq = kvm_check_extension(cs->kvm_state, KVM_CAP_GET_TSC_KHZ) ?
663 kvm_vcpu_ioctl(cs, KVM_GET_TSC_KHZ) :
665 if (cur_freq <= 0 || cur_freq != env->tsc_khz) {
666 warn_report("TSC frequency mismatch between "
667 "VM (%" PRId64 " kHz) and host (%d kHz), "
668 "and TSC scaling unavailable",
669 env->tsc_khz, cur_freq);
677 static bool tsc_is_stable_and_known(CPUX86State *env)
682 return (env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC)
683 || env->user_tsc_khz;
686 static int hyperv_handle_properties(CPUState *cs)
688 X86CPU *cpu = X86_CPU(cs);
689 CPUX86State *env = &cpu->env;
691 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_RELAXED)) {
692 env->features[FEAT_HYPERV_EAX] |= HV_HYPERCALL_AVAILABLE;
694 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VAPIC)) {
695 env->features[FEAT_HYPERV_EAX] |= HV_HYPERCALL_AVAILABLE;
696 env->features[FEAT_HYPERV_EAX] |= HV_APIC_ACCESS_AVAILABLE;
698 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_TIME)) {
699 if (kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV_TIME) <= 0) {
700 fprintf(stderr, "Hyper-V clocksources "
701 "(requested by 'hv-time' cpu flag) "
702 "are not supported by kernel\n");
705 env->features[FEAT_HYPERV_EAX] |= HV_HYPERCALL_AVAILABLE;
706 env->features[FEAT_HYPERV_EAX] |= HV_TIME_REF_COUNT_AVAILABLE;
707 env->features[FEAT_HYPERV_EAX] |= HV_REFERENCE_TSC_AVAILABLE;
709 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_FREQUENCIES)) {
710 if (!has_msr_hv_frequencies) {
711 fprintf(stderr, "Hyper-V frequency MSRs "
712 "(requested by 'hv-frequencies' cpu flag) "
713 "are not supported by kernel\n");
716 env->features[FEAT_HYPERV_EAX] |= HV_ACCESS_FREQUENCY_MSRS;
717 env->features[FEAT_HYPERV_EDX] |= HV_FREQUENCY_MSRS_AVAILABLE;
719 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_CRASH)) {
720 if (!has_msr_hv_crash) {
721 fprintf(stderr, "Hyper-V crash MSRs "
722 "(requested by 'hv-crash' cpu flag) "
723 "are not supported by kernel\n");
726 env->features[FEAT_HYPERV_EDX] |= HV_GUEST_CRASH_MSR_AVAILABLE;
728 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_REENLIGHTENMENT)) {
729 if (!has_msr_hv_reenlightenment) {
731 "Hyper-V Reenlightenment MSRs "
732 "(requested by 'hv-reenlightenment' cpu flag) "
733 "are not supported by kernel\n");
736 env->features[FEAT_HYPERV_EAX] |= HV_ACCESS_REENLIGHTENMENTS_CONTROL;
738 env->features[FEAT_HYPERV_EDX] |= HV_CPU_DYNAMIC_PARTITIONING_AVAILABLE;
739 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_RESET)) {
740 if (!has_msr_hv_reset) {
741 fprintf(stderr, "Hyper-V reset MSR "
742 "(requested by 'hv-reset' cpu flag) "
743 "is not supported by kernel\n");
746 env->features[FEAT_HYPERV_EAX] |= HV_RESET_AVAILABLE;
748 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VPINDEX)) {
749 if (!has_msr_hv_vpindex) {
750 fprintf(stderr, "Hyper-V VP_INDEX MSR "
751 "(requested by 'hv-vpindex' cpu flag) "
752 "is not supported by kernel\n");
755 env->features[FEAT_HYPERV_EAX] |= HV_VP_INDEX_AVAILABLE;
757 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_RUNTIME)) {
758 if (!has_msr_hv_runtime) {
759 fprintf(stderr, "Hyper-V VP_RUNTIME MSR "
760 "(requested by 'hv-runtime' cpu flag) "
761 "is not supported by kernel\n");
764 env->features[FEAT_HYPERV_EAX] |= HV_VP_RUNTIME_AVAILABLE;
766 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC)) {
767 unsigned int cap = KVM_CAP_HYPERV_SYNIC;
768 if (!cpu->hyperv_synic_kvm_only) {
769 if (!hyperv_feat_enabled(cpu, HYPERV_FEAT_VPINDEX)) {
770 fprintf(stderr, "Hyper-V SynIC "
771 "(requested by 'hv-synic' cpu flag) "
772 "requires Hyper-V VP_INDEX ('hv-vpindex')\n");
775 cap = KVM_CAP_HYPERV_SYNIC2;
778 if (!has_msr_hv_synic || !kvm_check_extension(cs->kvm_state, cap)) {
779 fprintf(stderr, "Hyper-V SynIC (requested by 'hv-synic' cpu flag) "
780 "is not supported by kernel\n");
784 env->features[FEAT_HYPERV_EAX] |= HV_SYNIC_AVAILABLE;
786 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_STIMER)) {
787 if (!has_msr_hv_stimer) {
788 fprintf(stderr, "Hyper-V timers aren't supported by kernel\n");
791 env->features[FEAT_HYPERV_EAX] |= HV_SYNTIMERS_AVAILABLE;
793 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_RELAXED)) {
794 env->features[FEAT_HV_RECOMM_EAX] |= HV_RELAXED_TIMING_RECOMMENDED;
796 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VAPIC)) {
797 env->features[FEAT_HV_RECOMM_EAX] |= HV_APIC_ACCESS_RECOMMENDED;
799 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_TLBFLUSH)) {
800 if (kvm_check_extension(cs->kvm_state,
801 KVM_CAP_HYPERV_TLBFLUSH) <= 0) {
802 fprintf(stderr, "Hyper-V TLB flush support "
803 "(requested by 'hv-tlbflush' cpu flag) "
804 " is not supported by kernel\n");
807 env->features[FEAT_HV_RECOMM_EAX] |= HV_REMOTE_TLB_FLUSH_RECOMMENDED;
808 env->features[FEAT_HV_RECOMM_EAX] |= HV_EX_PROCESSOR_MASKS_RECOMMENDED;
810 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_IPI)) {
811 if (kvm_check_extension(cs->kvm_state,
812 KVM_CAP_HYPERV_SEND_IPI) <= 0) {
813 fprintf(stderr, "Hyper-V IPI send support "
814 "(requested by 'hv-ipi' cpu flag) "
815 " is not supported by kernel\n");
818 env->features[FEAT_HV_RECOMM_EAX] |= HV_CLUSTER_IPI_RECOMMENDED;
819 env->features[FEAT_HV_RECOMM_EAX] |= HV_EX_PROCESSOR_MASKS_RECOMMENDED;
821 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) {
822 uint16_t evmcs_version;
824 if (kvm_vcpu_enable_cap(cs, KVM_CAP_HYPERV_ENLIGHTENED_VMCS, 0,
825 (uintptr_t)&evmcs_version)) {
826 fprintf(stderr, "Hyper-V Enlightened VMCS "
827 "(requested by 'hv-evmcs' cpu flag) "
828 "is not supported by kernel\n");
831 env->features[FEAT_HV_RECOMM_EAX] |= HV_ENLIGHTENED_VMCS_RECOMMENDED;
832 env->features[FEAT_HV_NESTED_EAX] = evmcs_version;
838 static int hyperv_init_vcpu(X86CPU *cpu)
840 CPUState *cs = CPU(cpu);
843 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VPINDEX) && !hv_vpindex_settable) {
845 * the kernel doesn't support setting vp_index; assert that its value
849 struct kvm_msrs info;
850 struct kvm_msr_entry entries[1];
853 .entries[0].index = HV_X64_MSR_VP_INDEX,
856 ret = kvm_vcpu_ioctl(cs, KVM_GET_MSRS, &msr_data);
862 if (msr_data.entries[0].data != hyperv_vp_index(CPU(cpu))) {
863 error_report("kernel's vp_index != QEMU's vp_index");
868 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC)) {
869 uint32_t synic_cap = cpu->hyperv_synic_kvm_only ?
870 KVM_CAP_HYPERV_SYNIC : KVM_CAP_HYPERV_SYNIC2;
871 ret = kvm_vcpu_enable_cap(cs, synic_cap, 0);
873 error_report("failed to turn on HyperV SynIC in KVM: %s",
878 if (!cpu->hyperv_synic_kvm_only) {
879 ret = hyperv_x86_synic_add(cpu);
881 error_report("failed to create HyperV SynIC: %s",
891 static Error *invtsc_mig_blocker;
892 static Error *vmx_mig_blocker;
894 #define KVM_MAX_CPUID_ENTRIES 100
896 int kvm_arch_init_vcpu(CPUState *cs)
899 struct kvm_cpuid2 cpuid;
900 struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES];
903 * The kernel defines these structs with padding fields so there
904 * should be no extra padding in our cpuid_data struct.
906 QEMU_BUILD_BUG_ON(sizeof(cpuid_data) !=
907 sizeof(struct kvm_cpuid2) +
908 sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES);
910 X86CPU *cpu = X86_CPU(cs);
911 CPUX86State *env = &cpu->env;
912 uint32_t limit, i, j, cpuid_i;
914 struct kvm_cpuid_entry2 *c;
915 uint32_t signature[3];
916 int kvm_base = KVM_CPUID_SIGNATURE;
918 Error *local_err = NULL;
920 memset(&cpuid_data, 0, sizeof(cpuid_data));
924 r = kvm_arch_set_tsc_khz(cs);
929 /* vcpu's TSC frequency is either specified by user, or following
930 * the value used by KVM if the former is not present. In the
931 * latter case, we query it from KVM and record in env->tsc_khz,
932 * so that vcpu's TSC frequency can be migrated later via this field.
935 r = kvm_check_extension(cs->kvm_state, KVM_CAP_GET_TSC_KHZ) ?
936 kvm_vcpu_ioctl(cs, KVM_GET_TSC_KHZ) :
943 /* Paravirtualization CPUIDs */
944 if (hyperv_enabled(cpu)) {
945 c = &cpuid_data.entries[cpuid_i++];
946 c->function = HV_CPUID_VENDOR_AND_MAX_FUNCTIONS;
947 if (!cpu->hyperv_vendor_id) {
948 memcpy(signature, "Microsoft Hv", 12);
950 size_t len = strlen(cpu->hyperv_vendor_id);
953 error_report("hv-vendor-id truncated to 12 characters");
956 memset(signature, 0, 12);
957 memcpy(signature, cpu->hyperv_vendor_id, len);
959 c->eax = hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS) ?
960 HV_CPUID_NESTED_FEATURES : HV_CPUID_IMPLEMENT_LIMITS;
961 c->ebx = signature[0];
962 c->ecx = signature[1];
963 c->edx = signature[2];
965 c = &cpuid_data.entries[cpuid_i++];
966 c->function = HV_CPUID_INTERFACE;
967 memcpy(signature, "Hv#1\0\0\0\0\0\0\0\0", 12);
968 c->eax = signature[0];
973 c = &cpuid_data.entries[cpuid_i++];
974 c->function = HV_CPUID_VERSION;
978 c = &cpuid_data.entries[cpuid_i++];
979 c->function = HV_CPUID_FEATURES;
980 r = hyperv_handle_properties(cs);
984 c->eax = env->features[FEAT_HYPERV_EAX];
985 c->ebx = env->features[FEAT_HYPERV_EBX];
986 c->edx = env->features[FEAT_HYPERV_EDX];
988 c = &cpuid_data.entries[cpuid_i++];
989 c->function = HV_CPUID_ENLIGHTMENT_INFO;
991 c->eax = env->features[FEAT_HV_RECOMM_EAX];
992 c->ebx = cpu->hyperv_spinlock_attempts;
994 c = &cpuid_data.entries[cpuid_i++];
995 c->function = HV_CPUID_IMPLEMENT_LIMITS;
997 c->eax = cpu->hv_max_vps;
1000 kvm_base = KVM_CPUID_SIGNATURE_NEXT;
1001 has_msr_hv_hypercall = true;
1003 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) {
1006 /* Create zeroed 0x40000006..0x40000009 leaves */
1007 for (function = HV_CPUID_IMPLEMENT_LIMITS + 1;
1008 function < HV_CPUID_NESTED_FEATURES; function++) {
1009 c = &cpuid_data.entries[cpuid_i++];
1010 c->function = function;
1013 c = &cpuid_data.entries[cpuid_i++];
1014 c->function = HV_CPUID_NESTED_FEATURES;
1015 c->eax = env->features[FEAT_HV_NESTED_EAX];
1019 if (cpu->expose_kvm) {
1020 memcpy(signature, "KVMKVMKVM\0\0\0", 12);
1021 c = &cpuid_data.entries[cpuid_i++];
1022 c->function = KVM_CPUID_SIGNATURE | kvm_base;
1023 c->eax = KVM_CPUID_FEATURES | kvm_base;
1024 c->ebx = signature[0];
1025 c->ecx = signature[1];
1026 c->edx = signature[2];
1028 c = &cpuid_data.entries[cpuid_i++];
1029 c->function = KVM_CPUID_FEATURES | kvm_base;
1030 c->eax = env->features[FEAT_KVM];
1031 c->edx = env->features[FEAT_KVM_HINTS];
1034 cpu_x86_cpuid(env, 0, 0, &limit, &unused, &unused, &unused);
1036 for (i = 0; i <= limit; i++) {
1037 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1038 fprintf(stderr, "unsupported level value: 0x%x\n", limit);
1041 c = &cpuid_data.entries[cpuid_i++];
1045 /* Keep reading function 2 till all the input is received */
1049 c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC |
1050 KVM_CPUID_FLAG_STATE_READ_NEXT;
1051 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
1052 times = c->eax & 0xff;
1054 for (j = 1; j < times; ++j) {
1055 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1056 fprintf(stderr, "cpuid_data is full, no space for "
1057 "cpuid(eax:2):eax & 0xf = 0x%x\n", times);
1060 c = &cpuid_data.entries[cpuid_i++];
1062 c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC;
1063 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
1070 for (j = 0; ; j++) {
1071 if (i == 0xd && j == 64) {
1075 c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
1077 cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->edx);
1079 if (i == 4 && c->eax == 0) {
1082 if (i == 0xb && !(c->ecx & 0xff00)) {
1085 if (i == 0xd && c->eax == 0) {
1088 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1089 fprintf(stderr, "cpuid_data is full, no space for "
1090 "cpuid(eax:0x%x,ecx:0x%x)\n", i, j);
1093 c = &cpuid_data.entries[cpuid_i++];
1101 c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
1102 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
1105 for (j = 1; j <= times; ++j) {
1106 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1107 fprintf(stderr, "cpuid_data is full, no space for "
1108 "cpuid(eax:0x14,ecx:0x%x)\n", j);
1111 c = &cpuid_data.entries[cpuid_i++];
1114 c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
1115 cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->edx);
1122 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
1127 if (limit >= 0x0a) {
1130 cpu_x86_cpuid(env, 0x0a, 0, &eax, &unused, &unused, &edx);
1132 has_architectural_pmu_version = eax & 0xff;
1133 if (has_architectural_pmu_version > 0) {
1134 num_architectural_pmu_gp_counters = (eax & 0xff00) >> 8;
1136 /* Shouldn't be more than 32, since that's the number of bits
1137 * available in EBX to tell us _which_ counters are available.
1140 if (num_architectural_pmu_gp_counters > MAX_GP_COUNTERS) {
1141 num_architectural_pmu_gp_counters = MAX_GP_COUNTERS;
1144 if (has_architectural_pmu_version > 1) {
1145 num_architectural_pmu_fixed_counters = edx & 0x1f;
1147 if (num_architectural_pmu_fixed_counters > MAX_FIXED_COUNTERS) {
1148 num_architectural_pmu_fixed_counters = MAX_FIXED_COUNTERS;
1154 cpu_x86_cpuid(env, 0x80000000, 0, &limit, &unused, &unused, &unused);
1156 for (i = 0x80000000; i <= limit; i++) {
1157 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1158 fprintf(stderr, "unsupported xlevel value: 0x%x\n", limit);
1161 c = &cpuid_data.entries[cpuid_i++];
1165 /* Query for all AMD cache information leaves */
1166 for (j = 0; ; j++) {
1168 c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
1170 cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->edx);
1175 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1176 fprintf(stderr, "cpuid_data is full, no space for "
1177 "cpuid(eax:0x%x,ecx:0x%x)\n", i, j);
1180 c = &cpuid_data.entries[cpuid_i++];
1186 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
1191 /* Call Centaur's CPUID instructions they are supported. */
1192 if (env->cpuid_xlevel2 > 0) {
1193 cpu_x86_cpuid(env, 0xC0000000, 0, &limit, &unused, &unused, &unused);
1195 for (i = 0xC0000000; i <= limit; i++) {
1196 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
1197 fprintf(stderr, "unsupported xlevel2 value: 0x%x\n", limit);
1200 c = &cpuid_data.entries[cpuid_i++];
1204 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
1208 cpuid_data.cpuid.nent = cpuid_i;
1210 if (((env->cpuid_version >> 8)&0xF) >= 6
1211 && (env->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
1212 (CPUID_MCE | CPUID_MCA)
1213 && kvm_check_extension(cs->kvm_state, KVM_CAP_MCE) > 0) {
1214 uint64_t mcg_cap, unsupported_caps;
1218 ret = kvm_get_mce_cap_supported(cs->kvm_state, &mcg_cap, &banks);
1220 fprintf(stderr, "kvm_get_mce_cap_supported: %s", strerror(-ret));
1224 if (banks < (env->mcg_cap & MCG_CAP_BANKS_MASK)) {
1225 error_report("kvm: Unsupported MCE bank count (QEMU = %d, KVM = %d)",
1226 (int)(env->mcg_cap & MCG_CAP_BANKS_MASK), banks);
1230 unsupported_caps = env->mcg_cap & ~(mcg_cap | MCG_CAP_BANKS_MASK);
1231 if (unsupported_caps) {
1232 if (unsupported_caps & MCG_LMCE_P) {
1233 error_report("kvm: LMCE not supported");
1236 warn_report("Unsupported MCG_CAP bits: 0x%" PRIx64,
1240 env->mcg_cap &= mcg_cap | MCG_CAP_BANKS_MASK;
1241 ret = kvm_vcpu_ioctl(cs, KVM_X86_SETUP_MCE, &env->mcg_cap);
1243 fprintf(stderr, "KVM_X86_SETUP_MCE: %s", strerror(-ret));
1248 qemu_add_vm_change_state_handler(cpu_update_state, env);
1250 c = cpuid_find_entry(&cpuid_data.cpuid, 1, 0);
1252 has_msr_feature_control = !!(c->ecx & CPUID_EXT_VMX) ||
1253 !!(c->ecx & CPUID_EXT_SMX);
1256 if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
1257 error_setg(&vmx_mig_blocker,
1258 "Nested VMX virtualization does not support live migration yet");
1259 r = migrate_add_blocker(vmx_mig_blocker, &local_err);
1261 error_report_err(local_err);
1262 error_free(vmx_mig_blocker);
1267 if (env->mcg_cap & MCG_LMCE_P) {
1268 has_msr_mcg_ext_ctl = has_msr_feature_control = true;
1271 if (!env->user_tsc_khz) {
1272 if ((env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
1273 invtsc_mig_blocker == NULL) {
1274 error_setg(&invtsc_mig_blocker,
1275 "State blocked by non-migratable CPU device"
1277 r = migrate_add_blocker(invtsc_mig_blocker, &local_err);
1279 error_report_err(local_err);
1280 error_free(invtsc_mig_blocker);
1286 if (cpu->vmware_cpuid_freq
1287 /* Guests depend on 0x40000000 to detect this feature, so only expose
1288 * it if KVM exposes leaf 0x40000000. (Conflicts with Hyper-V) */
1290 && kvm_base == KVM_CPUID_SIGNATURE
1291 /* TSC clock must be stable and known for this feature. */
1292 && tsc_is_stable_and_known(env)) {
1294 c = &cpuid_data.entries[cpuid_i++];
1295 c->function = KVM_CPUID_SIGNATURE | 0x10;
1296 c->eax = env->tsc_khz;
1297 /* LAPIC resolution of 1ns (freq: 1GHz) is hardcoded in KVM's
1298 * APIC_BUS_CYCLE_NS */
1300 c->ecx = c->edx = 0;
1302 c = cpuid_find_entry(&cpuid_data.cpuid, kvm_base, 0);
1303 c->eax = MAX(c->eax, KVM_CPUID_SIGNATURE | 0x10);
1306 cpuid_data.cpuid.nent = cpuid_i;
1308 cpuid_data.cpuid.padding = 0;
1309 r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, &cpuid_data);
1315 env->xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
1317 cpu->kvm_msr_buf = g_malloc0(MSR_BUF_SIZE);
1319 if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_RDTSCP)) {
1320 has_msr_tsc_aux = false;
1323 r = hyperv_init_vcpu(cpu);
1331 migrate_del_blocker(invtsc_mig_blocker);
1335 void kvm_arch_reset_vcpu(X86CPU *cpu)
1337 CPUX86State *env = &cpu->env;
1340 if (kvm_irqchip_in_kernel()) {
1341 env->mp_state = cpu_is_bsp(cpu) ? KVM_MP_STATE_RUNNABLE :
1342 KVM_MP_STATE_UNINITIALIZED;
1344 env->mp_state = KVM_MP_STATE_RUNNABLE;
1347 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC)) {
1349 for (i = 0; i < ARRAY_SIZE(env->msr_hv_synic_sint); i++) {
1350 env->msr_hv_synic_sint[i] = HV_SINT_MASKED;
1353 hyperv_x86_synic_reset(cpu);
1357 void kvm_arch_do_init_vcpu(X86CPU *cpu)
1359 CPUX86State *env = &cpu->env;
1361 /* APs get directly into wait-for-SIPI state. */
1362 if (env->mp_state == KVM_MP_STATE_UNINITIALIZED) {
1363 env->mp_state = KVM_MP_STATE_INIT_RECEIVED;
1367 static int kvm_get_supported_feature_msrs(KVMState *s)
1371 if (kvm_feature_msrs != NULL) {
1375 if (!kvm_check_extension(s, KVM_CAP_GET_MSR_FEATURES)) {
1379 struct kvm_msr_list msr_list;
1382 ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, &msr_list);
1383 if (ret < 0 && ret != -E2BIG) {
1384 error_report("Fetch KVM feature MSR list failed: %s",
1389 assert(msr_list.nmsrs > 0);
1390 kvm_feature_msrs = (struct kvm_msr_list *) \
1391 g_malloc0(sizeof(msr_list) +
1392 msr_list.nmsrs * sizeof(msr_list.indices[0]));
1394 kvm_feature_msrs->nmsrs = msr_list.nmsrs;
1395 ret = kvm_ioctl(s, KVM_GET_MSR_FEATURE_INDEX_LIST, kvm_feature_msrs);
1398 error_report("Fetch KVM feature MSR list failed: %s",
1400 g_free(kvm_feature_msrs);
1401 kvm_feature_msrs = NULL;
1408 static int kvm_get_supported_msrs(KVMState *s)
1410 static int kvm_supported_msrs;
1414 if (kvm_supported_msrs == 0) {
1415 struct kvm_msr_list msr_list, *kvm_msr_list;
1417 kvm_supported_msrs = -1;
1419 /* Obtain MSR list from KVM. These are the MSRs that we must
1422 ret = kvm_ioctl(s, KVM_GET_MSR_INDEX_LIST, &msr_list);
1423 if (ret < 0 && ret != -E2BIG) {
1426 /* Old kernel modules had a bug and could write beyond the provided
1427 memory. Allocate at least a safe amount of 1K. */
1428 kvm_msr_list = g_malloc0(MAX(1024, sizeof(msr_list) +
1430 sizeof(msr_list.indices[0])));
1432 kvm_msr_list->nmsrs = msr_list.nmsrs;
1433 ret = kvm_ioctl(s, KVM_GET_MSR_INDEX_LIST, kvm_msr_list);
1437 for (i = 0; i < kvm_msr_list->nmsrs; i++) {
1438 switch (kvm_msr_list->indices[i]) {
1440 has_msr_star = true;
1442 case MSR_VM_HSAVE_PA:
1443 has_msr_hsave_pa = true;
1446 has_msr_tsc_aux = true;
1448 case MSR_TSC_ADJUST:
1449 has_msr_tsc_adjust = true;
1451 case MSR_IA32_TSCDEADLINE:
1452 has_msr_tsc_deadline = true;
1454 case MSR_IA32_SMBASE:
1455 has_msr_smbase = true;
1458 has_msr_smi_count = true;
1460 case MSR_IA32_MISC_ENABLE:
1461 has_msr_misc_enable = true;
1463 case MSR_IA32_BNDCFGS:
1464 has_msr_bndcfgs = true;
1469 case HV_X64_MSR_CRASH_CTL:
1470 has_msr_hv_crash = true;
1472 case HV_X64_MSR_RESET:
1473 has_msr_hv_reset = true;
1475 case HV_X64_MSR_VP_INDEX:
1476 has_msr_hv_vpindex = true;
1478 case HV_X64_MSR_VP_RUNTIME:
1479 has_msr_hv_runtime = true;
1481 case HV_X64_MSR_SCONTROL:
1482 has_msr_hv_synic = true;
1484 case HV_X64_MSR_STIMER0_CONFIG:
1485 has_msr_hv_stimer = true;
1487 case HV_X64_MSR_TSC_FREQUENCY:
1488 has_msr_hv_frequencies = true;
1490 case HV_X64_MSR_REENLIGHTENMENT_CONTROL:
1491 has_msr_hv_reenlightenment = true;
1493 case MSR_IA32_SPEC_CTRL:
1494 has_msr_spec_ctrl = true;
1497 has_msr_virt_ssbd = true;
1499 case MSR_IA32_ARCH_CAPABILITIES:
1500 has_msr_arch_capabs = true;
1506 g_free(kvm_msr_list);
1512 static Notifier smram_machine_done;
1513 static KVMMemoryListener smram_listener;
1514 static AddressSpace smram_address_space;
1515 static MemoryRegion smram_as_root;
1516 static MemoryRegion smram_as_mem;
1518 static void register_smram_listener(Notifier *n, void *unused)
1520 MemoryRegion *smram =
1521 (MemoryRegion *) object_resolve_path("/machine/smram", NULL);
1523 /* Outer container... */
1524 memory_region_init(&smram_as_root, OBJECT(kvm_state), "mem-container-smram", ~0ull);
1525 memory_region_set_enabled(&smram_as_root, true);
1527 /* ... with two regions inside: normal system memory with low
1530 memory_region_init_alias(&smram_as_mem, OBJECT(kvm_state), "mem-smram",
1531 get_system_memory(), 0, ~0ull);
1532 memory_region_add_subregion_overlap(&smram_as_root, 0, &smram_as_mem, 0);
1533 memory_region_set_enabled(&smram_as_mem, true);
1536 /* ... SMRAM with higher priority */
1537 memory_region_add_subregion_overlap(&smram_as_root, 0, smram, 10);
1538 memory_region_set_enabled(smram, true);
1541 address_space_init(&smram_address_space, &smram_as_root, "KVM-SMRAM");
1542 kvm_memory_listener_register(kvm_state, &smram_listener,
1543 &smram_address_space, 1);
1546 int kvm_arch_init(MachineState *ms, KVMState *s)
1548 uint64_t identity_base = 0xfffbc000;
1549 uint64_t shadow_mem;
1551 struct utsname utsname;
1553 has_xsave = kvm_check_extension(s, KVM_CAP_XSAVE);
1554 has_xcrs = kvm_check_extension(s, KVM_CAP_XCRS);
1555 has_pit_state2 = kvm_check_extension(s, KVM_CAP_PIT_STATE2);
1557 hv_vpindex_settable = kvm_check_extension(s, KVM_CAP_HYPERV_VP_INDEX);
1559 ret = kvm_get_supported_msrs(s);
1564 kvm_get_supported_feature_msrs(s);
1567 lm_capable_kernel = strcmp(utsname.machine, "x86_64") == 0;
1570 * On older Intel CPUs, KVM uses vm86 mode to emulate 16-bit code directly.
1571 * In order to use vm86 mode, an EPT identity map and a TSS are needed.
1572 * Since these must be part of guest physical memory, we need to allocate
1573 * them, both by setting their start addresses in the kernel and by
1574 * creating a corresponding e820 entry. We need 4 pages before the BIOS.
1576 * Older KVM versions may not support setting the identity map base. In
1577 * that case we need to stick with the default, i.e. a 256K maximum BIOS
1580 if (kvm_check_extension(s, KVM_CAP_SET_IDENTITY_MAP_ADDR)) {
1581 /* Allows up to 16M BIOSes. */
1582 identity_base = 0xfeffc000;
1584 ret = kvm_vm_ioctl(s, KVM_SET_IDENTITY_MAP_ADDR, &identity_base);
1590 /* Set TSS base one page after EPT identity map. */
1591 ret = kvm_vm_ioctl(s, KVM_SET_TSS_ADDR, identity_base + 0x1000);
1596 /* Tell fw_cfg to notify the BIOS to reserve the range. */
1597 ret = e820_add_entry(identity_base, 0x4000, E820_RESERVED);
1599 fprintf(stderr, "e820_add_entry() table is full\n");
1602 qemu_register_reset(kvm_unpoison_all, NULL);
1604 shadow_mem = machine_kvm_shadow_mem(ms);
1605 if (shadow_mem != -1) {
1607 ret = kvm_vm_ioctl(s, KVM_SET_NR_MMU_PAGES, shadow_mem);
1613 if (kvm_check_extension(s, KVM_CAP_X86_SMM) &&
1614 object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE) &&
1615 pc_machine_is_smm_enabled(PC_MACHINE(ms))) {
1616 smram_machine_done.notify = register_smram_listener;
1617 qemu_add_machine_init_done_notifier(&smram_machine_done);
1620 if (enable_cpu_pm) {
1621 int disable_exits = kvm_check_extension(s, KVM_CAP_X86_DISABLE_EXITS);
1624 /* Work around for kernel header with a typo. TODO: fix header and drop. */
1625 #if defined(KVM_X86_DISABLE_EXITS_HTL) && !defined(KVM_X86_DISABLE_EXITS_HLT)
1626 #define KVM_X86_DISABLE_EXITS_HLT KVM_X86_DISABLE_EXITS_HTL
1628 if (disable_exits) {
1629 disable_exits &= (KVM_X86_DISABLE_EXITS_MWAIT |
1630 KVM_X86_DISABLE_EXITS_HLT |
1631 KVM_X86_DISABLE_EXITS_PAUSE);
1634 ret = kvm_vm_enable_cap(s, KVM_CAP_X86_DISABLE_EXITS, 0,
1637 error_report("kvm: guest stopping CPU not supported: %s",
1645 static void set_v8086_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
1647 lhs->selector = rhs->selector;
1648 lhs->base = rhs->base;
1649 lhs->limit = rhs->limit;
1661 static void set_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
1663 unsigned flags = rhs->flags;
1664 lhs->selector = rhs->selector;
1665 lhs->base = rhs->base;
1666 lhs->limit = rhs->limit;
1667 lhs->type = (flags >> DESC_TYPE_SHIFT) & 15;
1668 lhs->present = (flags & DESC_P_MASK) != 0;
1669 lhs->dpl = (flags >> DESC_DPL_SHIFT) & 3;
1670 lhs->db = (flags >> DESC_B_SHIFT) & 1;
1671 lhs->s = (flags & DESC_S_MASK) != 0;
1672 lhs->l = (flags >> DESC_L_SHIFT) & 1;
1673 lhs->g = (flags & DESC_G_MASK) != 0;
1674 lhs->avl = (flags & DESC_AVL_MASK) != 0;
1675 lhs->unusable = !lhs->present;
1679 static void get_seg(SegmentCache *lhs, const struct kvm_segment *rhs)
1681 lhs->selector = rhs->selector;
1682 lhs->base = rhs->base;
1683 lhs->limit = rhs->limit;
1684 lhs->flags = (rhs->type << DESC_TYPE_SHIFT) |
1685 ((rhs->present && !rhs->unusable) * DESC_P_MASK) |
1686 (rhs->dpl << DESC_DPL_SHIFT) |
1687 (rhs->db << DESC_B_SHIFT) |
1688 (rhs->s * DESC_S_MASK) |
1689 (rhs->l << DESC_L_SHIFT) |
1690 (rhs->g * DESC_G_MASK) |
1691 (rhs->avl * DESC_AVL_MASK);
1694 static void kvm_getput_reg(__u64 *kvm_reg, target_ulong *qemu_reg, int set)
1697 *kvm_reg = *qemu_reg;
1699 *qemu_reg = *kvm_reg;
1703 static int kvm_getput_regs(X86CPU *cpu, int set)
1705 CPUX86State *env = &cpu->env;
1706 struct kvm_regs regs;
1710 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_REGS, ®s);
1716 kvm_getput_reg(®s.rax, &env->regs[R_EAX], set);
1717 kvm_getput_reg(®s.rbx, &env->regs[R_EBX], set);
1718 kvm_getput_reg(®s.rcx, &env->regs[R_ECX], set);
1719 kvm_getput_reg(®s.rdx, &env->regs[R_EDX], set);
1720 kvm_getput_reg(®s.rsi, &env->regs[R_ESI], set);
1721 kvm_getput_reg(®s.rdi, &env->regs[R_EDI], set);
1722 kvm_getput_reg(®s.rsp, &env->regs[R_ESP], set);
1723 kvm_getput_reg(®s.rbp, &env->regs[R_EBP], set);
1724 #ifdef TARGET_X86_64
1725 kvm_getput_reg(®s.r8, &env->regs[8], set);
1726 kvm_getput_reg(®s.r9, &env->regs[9], set);
1727 kvm_getput_reg(®s.r10, &env->regs[10], set);
1728 kvm_getput_reg(®s.r11, &env->regs[11], set);
1729 kvm_getput_reg(®s.r12, &env->regs[12], set);
1730 kvm_getput_reg(®s.r13, &env->regs[13], set);
1731 kvm_getput_reg(®s.r14, &env->regs[14], set);
1732 kvm_getput_reg(®s.r15, &env->regs[15], set);
1735 kvm_getput_reg(®s.rflags, &env->eflags, set);
1736 kvm_getput_reg(®s.rip, &env->eip, set);
1739 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_REGS, ®s);
1745 static int kvm_put_fpu(X86CPU *cpu)
1747 CPUX86State *env = &cpu->env;
1751 memset(&fpu, 0, sizeof fpu);
1752 fpu.fsw = env->fpus & ~(7 << 11);
1753 fpu.fsw |= (env->fpstt & 7) << 11;
1754 fpu.fcw = env->fpuc;
1755 fpu.last_opcode = env->fpop;
1756 fpu.last_ip = env->fpip;
1757 fpu.last_dp = env->fpdp;
1758 for (i = 0; i < 8; ++i) {
1759 fpu.ftwx |= (!env->fptags[i]) << i;
1761 memcpy(fpu.fpr, env->fpregs, sizeof env->fpregs);
1762 for (i = 0; i < CPU_NB_REGS; i++) {
1763 stq_p(&fpu.xmm[i][0], env->xmm_regs[i].ZMM_Q(0));
1764 stq_p(&fpu.xmm[i][8], env->xmm_regs[i].ZMM_Q(1));
1766 fpu.mxcsr = env->mxcsr;
1768 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_FPU, &fpu);
1771 #define XSAVE_FCW_FSW 0
1772 #define XSAVE_FTW_FOP 1
1773 #define XSAVE_CWD_RIP 2
1774 #define XSAVE_CWD_RDP 4
1775 #define XSAVE_MXCSR 6
1776 #define XSAVE_ST_SPACE 8
1777 #define XSAVE_XMM_SPACE 40
1778 #define XSAVE_XSTATE_BV 128
1779 #define XSAVE_YMMH_SPACE 144
1780 #define XSAVE_BNDREGS 240
1781 #define XSAVE_BNDCSR 256
1782 #define XSAVE_OPMASK 272
1783 #define XSAVE_ZMM_Hi256 288
1784 #define XSAVE_Hi16_ZMM 416
1785 #define XSAVE_PKRU 672
1787 #define XSAVE_BYTE_OFFSET(word_offset) \
1788 ((word_offset) * sizeof_field(struct kvm_xsave, region[0]))
1790 #define ASSERT_OFFSET(word_offset, field) \
1791 QEMU_BUILD_BUG_ON(XSAVE_BYTE_OFFSET(word_offset) != \
1792 offsetof(X86XSaveArea, field))
1794 ASSERT_OFFSET(XSAVE_FCW_FSW, legacy.fcw);
1795 ASSERT_OFFSET(XSAVE_FTW_FOP, legacy.ftw);
1796 ASSERT_OFFSET(XSAVE_CWD_RIP, legacy.fpip);
1797 ASSERT_OFFSET(XSAVE_CWD_RDP, legacy.fpdp);
1798 ASSERT_OFFSET(XSAVE_MXCSR, legacy.mxcsr);
1799 ASSERT_OFFSET(XSAVE_ST_SPACE, legacy.fpregs);
1800 ASSERT_OFFSET(XSAVE_XMM_SPACE, legacy.xmm_regs);
1801 ASSERT_OFFSET(XSAVE_XSTATE_BV, header.xstate_bv);
1802 ASSERT_OFFSET(XSAVE_YMMH_SPACE, avx_state);
1803 ASSERT_OFFSET(XSAVE_BNDREGS, bndreg_state);
1804 ASSERT_OFFSET(XSAVE_BNDCSR, bndcsr_state);
1805 ASSERT_OFFSET(XSAVE_OPMASK, opmask_state);
1806 ASSERT_OFFSET(XSAVE_ZMM_Hi256, zmm_hi256_state);
1807 ASSERT_OFFSET(XSAVE_Hi16_ZMM, hi16_zmm_state);
1808 ASSERT_OFFSET(XSAVE_PKRU, pkru_state);
1810 static int kvm_put_xsave(X86CPU *cpu)
1812 CPUX86State *env = &cpu->env;
1813 X86XSaveArea *xsave = env->xsave_buf;
1816 return kvm_put_fpu(cpu);
1818 x86_cpu_xsave_all_areas(cpu, xsave);
1820 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_XSAVE, xsave);
1823 static int kvm_put_xcrs(X86CPU *cpu)
1825 CPUX86State *env = &cpu->env;
1826 struct kvm_xcrs xcrs = {};
1834 xcrs.xcrs[0].xcr = 0;
1835 xcrs.xcrs[0].value = env->xcr0;
1836 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_XCRS, &xcrs);
1839 static int kvm_put_sregs(X86CPU *cpu)
1841 CPUX86State *env = &cpu->env;
1842 struct kvm_sregs sregs;
1844 memset(sregs.interrupt_bitmap, 0, sizeof(sregs.interrupt_bitmap));
1845 if (env->interrupt_injected >= 0) {
1846 sregs.interrupt_bitmap[env->interrupt_injected / 64] |=
1847 (uint64_t)1 << (env->interrupt_injected % 64);
1850 if ((env->eflags & VM_MASK)) {
1851 set_v8086_seg(&sregs.cs, &env->segs[R_CS]);
1852 set_v8086_seg(&sregs.ds, &env->segs[R_DS]);
1853 set_v8086_seg(&sregs.es, &env->segs[R_ES]);
1854 set_v8086_seg(&sregs.fs, &env->segs[R_FS]);
1855 set_v8086_seg(&sregs.gs, &env->segs[R_GS]);
1856 set_v8086_seg(&sregs.ss, &env->segs[R_SS]);
1858 set_seg(&sregs.cs, &env->segs[R_CS]);
1859 set_seg(&sregs.ds, &env->segs[R_DS]);
1860 set_seg(&sregs.es, &env->segs[R_ES]);
1861 set_seg(&sregs.fs, &env->segs[R_FS]);
1862 set_seg(&sregs.gs, &env->segs[R_GS]);
1863 set_seg(&sregs.ss, &env->segs[R_SS]);
1866 set_seg(&sregs.tr, &env->tr);
1867 set_seg(&sregs.ldt, &env->ldt);
1869 sregs.idt.limit = env->idt.limit;
1870 sregs.idt.base = env->idt.base;
1871 memset(sregs.idt.padding, 0, sizeof sregs.idt.padding);
1872 sregs.gdt.limit = env->gdt.limit;
1873 sregs.gdt.base = env->gdt.base;
1874 memset(sregs.gdt.padding, 0, sizeof sregs.gdt.padding);
1876 sregs.cr0 = env->cr[0];
1877 sregs.cr2 = env->cr[2];
1878 sregs.cr3 = env->cr[3];
1879 sregs.cr4 = env->cr[4];
1881 sregs.cr8 = cpu_get_apic_tpr(cpu->apic_state);
1882 sregs.apic_base = cpu_get_apic_base(cpu->apic_state);
1884 sregs.efer = env->efer;
1886 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_SREGS, &sregs);
1889 static void kvm_msr_buf_reset(X86CPU *cpu)
1891 memset(cpu->kvm_msr_buf, 0, MSR_BUF_SIZE);
1894 static void kvm_msr_entry_add(X86CPU *cpu, uint32_t index, uint64_t value)
1896 struct kvm_msrs *msrs = cpu->kvm_msr_buf;
1897 void *limit = ((void *)msrs) + MSR_BUF_SIZE;
1898 struct kvm_msr_entry *entry = &msrs->entries[msrs->nmsrs];
1900 assert((void *)(entry + 1) <= limit);
1902 entry->index = index;
1903 entry->reserved = 0;
1904 entry->data = value;
1908 static int kvm_put_one_msr(X86CPU *cpu, int index, uint64_t value)
1910 kvm_msr_buf_reset(cpu);
1911 kvm_msr_entry_add(cpu, index, value);
1913 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf);
1916 void kvm_put_apicbase(X86CPU *cpu, uint64_t value)
1920 ret = kvm_put_one_msr(cpu, MSR_IA32_APICBASE, value);
1924 static int kvm_put_tscdeadline_msr(X86CPU *cpu)
1926 CPUX86State *env = &cpu->env;
1929 if (!has_msr_tsc_deadline) {
1933 ret = kvm_put_one_msr(cpu, MSR_IA32_TSCDEADLINE, env->tsc_deadline);
1943 * Provide a separate write service for the feature control MSR in order to
1944 * kick the VCPU out of VMXON or even guest mode on reset. This has to be done
1945 * before writing any other state because forcibly leaving nested mode
1946 * invalidates the VCPU state.
1948 static int kvm_put_msr_feature_control(X86CPU *cpu)
1952 if (!has_msr_feature_control) {
1956 ret = kvm_put_one_msr(cpu, MSR_IA32_FEATURE_CONTROL,
1957 cpu->env.msr_ia32_feature_control);
1966 static int kvm_put_msrs(X86CPU *cpu, int level)
1968 CPUX86State *env = &cpu->env;
1972 kvm_msr_buf_reset(cpu);
1974 kvm_msr_entry_add(cpu, MSR_IA32_SYSENTER_CS, env->sysenter_cs);
1975 kvm_msr_entry_add(cpu, MSR_IA32_SYSENTER_ESP, env->sysenter_esp);
1976 kvm_msr_entry_add(cpu, MSR_IA32_SYSENTER_EIP, env->sysenter_eip);
1977 kvm_msr_entry_add(cpu, MSR_PAT, env->pat);
1979 kvm_msr_entry_add(cpu, MSR_STAR, env->star);
1981 if (has_msr_hsave_pa) {
1982 kvm_msr_entry_add(cpu, MSR_VM_HSAVE_PA, env->vm_hsave);
1984 if (has_msr_tsc_aux) {
1985 kvm_msr_entry_add(cpu, MSR_TSC_AUX, env->tsc_aux);
1987 if (has_msr_tsc_adjust) {
1988 kvm_msr_entry_add(cpu, MSR_TSC_ADJUST, env->tsc_adjust);
1990 if (has_msr_misc_enable) {
1991 kvm_msr_entry_add(cpu, MSR_IA32_MISC_ENABLE,
1992 env->msr_ia32_misc_enable);
1994 if (has_msr_smbase) {
1995 kvm_msr_entry_add(cpu, MSR_IA32_SMBASE, env->smbase);
1997 if (has_msr_smi_count) {
1998 kvm_msr_entry_add(cpu, MSR_SMI_COUNT, env->msr_smi_count);
2000 if (has_msr_bndcfgs) {
2001 kvm_msr_entry_add(cpu, MSR_IA32_BNDCFGS, env->msr_bndcfgs);
2004 kvm_msr_entry_add(cpu, MSR_IA32_XSS, env->xss);
2006 if (has_msr_spec_ctrl) {
2007 kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
2009 if (has_msr_virt_ssbd) {
2010 kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, env->virt_ssbd);
2013 #ifdef TARGET_X86_64
2014 if (lm_capable_kernel) {
2015 kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar);
2016 kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, env->kernelgsbase);
2017 kvm_msr_entry_add(cpu, MSR_FMASK, env->fmask);
2018 kvm_msr_entry_add(cpu, MSR_LSTAR, env->lstar);
2022 /* If host supports feature MSR, write down. */
2023 if (has_msr_arch_capabs) {
2024 kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
2025 env->features[FEAT_ARCH_CAPABILITIES]);
2029 * The following MSRs have side effects on the guest or are too heavy
2030 * for normal writeback. Limit them to reset or full state updates.
2032 if (level >= KVM_PUT_RESET_STATE) {
2033 kvm_msr_entry_add(cpu, MSR_IA32_TSC, env->tsc);
2034 kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, env->system_time_msr);
2035 kvm_msr_entry_add(cpu, MSR_KVM_WALL_CLOCK, env->wall_clock_msr);
2036 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_ASYNC_PF)) {
2037 kvm_msr_entry_add(cpu, MSR_KVM_ASYNC_PF_EN, env->async_pf_en_msr);
2039 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_PV_EOI)) {
2040 kvm_msr_entry_add(cpu, MSR_KVM_PV_EOI_EN, env->pv_eoi_en_msr);
2042 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
2043 kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, env->steal_time_msr);
2045 if (has_architectural_pmu_version > 0) {
2046 if (has_architectural_pmu_version > 1) {
2047 /* Stop the counter. */
2048 kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
2049 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
2052 /* Set the counter values. */
2053 for (i = 0; i < num_architectural_pmu_fixed_counters; i++) {
2054 kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR0 + i,
2055 env->msr_fixed_counters[i]);
2057 for (i = 0; i < num_architectural_pmu_gp_counters; i++) {
2058 kvm_msr_entry_add(cpu, MSR_P6_PERFCTR0 + i,
2059 env->msr_gp_counters[i]);
2060 kvm_msr_entry_add(cpu, MSR_P6_EVNTSEL0 + i,
2061 env->msr_gp_evtsel[i]);
2063 if (has_architectural_pmu_version > 1) {
2064 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_STATUS,
2065 env->msr_global_status);
2066 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_OVF_CTRL,
2067 env->msr_global_ovf_ctrl);
2069 /* Now start the PMU. */
2070 kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL,
2071 env->msr_fixed_ctr_ctrl);
2072 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL,
2073 env->msr_global_ctrl);
2077 * Hyper-V partition-wide MSRs: to avoid clearing them on cpu hot-add,
2078 * only sync them to KVM on the first cpu
2080 if (current_cpu == first_cpu) {
2081 if (has_msr_hv_hypercall) {
2082 kvm_msr_entry_add(cpu, HV_X64_MSR_GUEST_OS_ID,
2083 env->msr_hv_guest_os_id);
2084 kvm_msr_entry_add(cpu, HV_X64_MSR_HYPERCALL,
2085 env->msr_hv_hypercall);
2087 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_TIME)) {
2088 kvm_msr_entry_add(cpu, HV_X64_MSR_REFERENCE_TSC,
2091 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_REENLIGHTENMENT)) {
2092 kvm_msr_entry_add(cpu, HV_X64_MSR_REENLIGHTENMENT_CONTROL,
2093 env->msr_hv_reenlightenment_control);
2094 kvm_msr_entry_add(cpu, HV_X64_MSR_TSC_EMULATION_CONTROL,
2095 env->msr_hv_tsc_emulation_control);
2096 kvm_msr_entry_add(cpu, HV_X64_MSR_TSC_EMULATION_STATUS,
2097 env->msr_hv_tsc_emulation_status);
2100 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VAPIC)) {
2101 kvm_msr_entry_add(cpu, HV_X64_MSR_APIC_ASSIST_PAGE,
2104 if (has_msr_hv_crash) {
2107 for (j = 0; j < HV_CRASH_PARAMS; j++)
2108 kvm_msr_entry_add(cpu, HV_X64_MSR_CRASH_P0 + j,
2109 env->msr_hv_crash_params[j]);
2111 kvm_msr_entry_add(cpu, HV_X64_MSR_CRASH_CTL, HV_CRASH_CTL_NOTIFY);
2113 if (has_msr_hv_runtime) {
2114 kvm_msr_entry_add(cpu, HV_X64_MSR_VP_RUNTIME, env->msr_hv_runtime);
2116 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VPINDEX)
2117 && hv_vpindex_settable) {
2118 kvm_msr_entry_add(cpu, HV_X64_MSR_VP_INDEX,
2119 hyperv_vp_index(CPU(cpu)));
2121 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC)) {
2124 kvm_msr_entry_add(cpu, HV_X64_MSR_SVERSION, HV_SYNIC_VERSION);
2126 kvm_msr_entry_add(cpu, HV_X64_MSR_SCONTROL,
2127 env->msr_hv_synic_control);
2128 kvm_msr_entry_add(cpu, HV_X64_MSR_SIEFP,
2129 env->msr_hv_synic_evt_page);
2130 kvm_msr_entry_add(cpu, HV_X64_MSR_SIMP,
2131 env->msr_hv_synic_msg_page);
2133 for (j = 0; j < ARRAY_SIZE(env->msr_hv_synic_sint); j++) {
2134 kvm_msr_entry_add(cpu, HV_X64_MSR_SINT0 + j,
2135 env->msr_hv_synic_sint[j]);
2138 if (has_msr_hv_stimer) {
2141 for (j = 0; j < ARRAY_SIZE(env->msr_hv_stimer_config); j++) {
2142 kvm_msr_entry_add(cpu, HV_X64_MSR_STIMER0_CONFIG + j * 2,
2143 env->msr_hv_stimer_config[j]);
2146 for (j = 0; j < ARRAY_SIZE(env->msr_hv_stimer_count); j++) {
2147 kvm_msr_entry_add(cpu, HV_X64_MSR_STIMER0_COUNT + j * 2,
2148 env->msr_hv_stimer_count[j]);
2151 if (env->features[FEAT_1_EDX] & CPUID_MTRR) {
2152 uint64_t phys_mask = MAKE_64BIT_MASK(0, cpu->phys_bits);
2154 kvm_msr_entry_add(cpu, MSR_MTRRdefType, env->mtrr_deftype);
2155 kvm_msr_entry_add(cpu, MSR_MTRRfix64K_00000, env->mtrr_fixed[0]);
2156 kvm_msr_entry_add(cpu, MSR_MTRRfix16K_80000, env->mtrr_fixed[1]);
2157 kvm_msr_entry_add(cpu, MSR_MTRRfix16K_A0000, env->mtrr_fixed[2]);
2158 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_C0000, env->mtrr_fixed[3]);
2159 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_C8000, env->mtrr_fixed[4]);
2160 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_D0000, env->mtrr_fixed[5]);
2161 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_D8000, env->mtrr_fixed[6]);
2162 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_E0000, env->mtrr_fixed[7]);
2163 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_E8000, env->mtrr_fixed[8]);
2164 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_F0000, env->mtrr_fixed[9]);
2165 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_F8000, env->mtrr_fixed[10]);
2166 for (i = 0; i < MSR_MTRRcap_VCNT; i++) {
2167 /* The CPU GPs if we write to a bit above the physical limit of
2168 * the host CPU (and KVM emulates that)
2170 uint64_t mask = env->mtrr_var[i].mask;
2173 kvm_msr_entry_add(cpu, MSR_MTRRphysBase(i),
2174 env->mtrr_var[i].base);
2175 kvm_msr_entry_add(cpu, MSR_MTRRphysMask(i), mask);
2178 if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) {
2179 int addr_num = kvm_arch_get_supported_cpuid(kvm_state,
2180 0x14, 1, R_EAX) & 0x7;
2182 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_CTL,
2183 env->msr_rtit_ctrl);
2184 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_STATUS,
2185 env->msr_rtit_status);
2186 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_OUTPUT_BASE,
2187 env->msr_rtit_output_base);
2188 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_OUTPUT_MASK,
2189 env->msr_rtit_output_mask);
2190 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_CR3_MATCH,
2191 env->msr_rtit_cr3_match);
2192 for (i = 0; i < addr_num; i++) {
2193 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_ADDR0_A + i,
2194 env->msr_rtit_addrs[i]);
2198 /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
2199 * kvm_put_msr_feature_control. */
2204 kvm_msr_entry_add(cpu, MSR_MCG_STATUS, env->mcg_status);
2205 kvm_msr_entry_add(cpu, MSR_MCG_CTL, env->mcg_ctl);
2206 if (has_msr_mcg_ext_ctl) {
2207 kvm_msr_entry_add(cpu, MSR_MCG_EXT_CTL, env->mcg_ext_ctl);
2209 for (i = 0; i < (env->mcg_cap & 0xff) * 4; i++) {
2210 kvm_msr_entry_add(cpu, MSR_MC0_CTL + i, env->mce_banks[i]);
2214 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf);
2219 if (ret < cpu->kvm_msr_buf->nmsrs) {
2220 struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret];
2221 error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64,
2222 (uint32_t)e->index, (uint64_t)e->data);
2225 assert(ret == cpu->kvm_msr_buf->nmsrs);
2230 static int kvm_get_fpu(X86CPU *cpu)
2232 CPUX86State *env = &cpu->env;
2236 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_FPU, &fpu);
2241 env->fpstt = (fpu.fsw >> 11) & 7;
2242 env->fpus = fpu.fsw;
2243 env->fpuc = fpu.fcw;
2244 env->fpop = fpu.last_opcode;
2245 env->fpip = fpu.last_ip;
2246 env->fpdp = fpu.last_dp;
2247 for (i = 0; i < 8; ++i) {
2248 env->fptags[i] = !((fpu.ftwx >> i) & 1);
2250 memcpy(env->fpregs, fpu.fpr, sizeof env->fpregs);
2251 for (i = 0; i < CPU_NB_REGS; i++) {
2252 env->xmm_regs[i].ZMM_Q(0) = ldq_p(&fpu.xmm[i][0]);
2253 env->xmm_regs[i].ZMM_Q(1) = ldq_p(&fpu.xmm[i][8]);
2255 env->mxcsr = fpu.mxcsr;
2260 static int kvm_get_xsave(X86CPU *cpu)
2262 CPUX86State *env = &cpu->env;
2263 X86XSaveArea *xsave = env->xsave_buf;
2267 return kvm_get_fpu(cpu);
2270 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_XSAVE, xsave);
2274 x86_cpu_xrstor_all_areas(cpu, xsave);
2279 static int kvm_get_xcrs(X86CPU *cpu)
2281 CPUX86State *env = &cpu->env;
2283 struct kvm_xcrs xcrs;
2289 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_XCRS, &xcrs);
2294 for (i = 0; i < xcrs.nr_xcrs; i++) {
2295 /* Only support xcr0 now */
2296 if (xcrs.xcrs[i].xcr == 0) {
2297 env->xcr0 = xcrs.xcrs[i].value;
2304 static int kvm_get_sregs(X86CPU *cpu)
2306 CPUX86State *env = &cpu->env;
2307 struct kvm_sregs sregs;
2310 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_SREGS, &sregs);
2315 /* There can only be one pending IRQ set in the bitmap at a time, so try
2316 to find it and save its number instead (-1 for none). */
2317 env->interrupt_injected = -1;
2318 for (i = 0; i < ARRAY_SIZE(sregs.interrupt_bitmap); i++) {
2319 if (sregs.interrupt_bitmap[i]) {
2320 bit = ctz64(sregs.interrupt_bitmap[i]);
2321 env->interrupt_injected = i * 64 + bit;
2326 get_seg(&env->segs[R_CS], &sregs.cs);
2327 get_seg(&env->segs[R_DS], &sregs.ds);
2328 get_seg(&env->segs[R_ES], &sregs.es);
2329 get_seg(&env->segs[R_FS], &sregs.fs);
2330 get_seg(&env->segs[R_GS], &sregs.gs);
2331 get_seg(&env->segs[R_SS], &sregs.ss);
2333 get_seg(&env->tr, &sregs.tr);
2334 get_seg(&env->ldt, &sregs.ldt);
2336 env->idt.limit = sregs.idt.limit;
2337 env->idt.base = sregs.idt.base;
2338 env->gdt.limit = sregs.gdt.limit;
2339 env->gdt.base = sregs.gdt.base;
2341 env->cr[0] = sregs.cr0;
2342 env->cr[2] = sregs.cr2;
2343 env->cr[3] = sregs.cr3;
2344 env->cr[4] = sregs.cr4;
2346 env->efer = sregs.efer;
2348 /* changes to apic base and cr8/tpr are read back via kvm_arch_post_run */
2349 x86_update_hflags(env);
2354 static int kvm_get_msrs(X86CPU *cpu)
2356 CPUX86State *env = &cpu->env;
2357 struct kvm_msr_entry *msrs = cpu->kvm_msr_buf->entries;
2359 uint64_t mtrr_top_bits;
2361 kvm_msr_buf_reset(cpu);
2363 kvm_msr_entry_add(cpu, MSR_IA32_SYSENTER_CS, 0);
2364 kvm_msr_entry_add(cpu, MSR_IA32_SYSENTER_ESP, 0);
2365 kvm_msr_entry_add(cpu, MSR_IA32_SYSENTER_EIP, 0);
2366 kvm_msr_entry_add(cpu, MSR_PAT, 0);
2368 kvm_msr_entry_add(cpu, MSR_STAR, 0);
2370 if (has_msr_hsave_pa) {
2371 kvm_msr_entry_add(cpu, MSR_VM_HSAVE_PA, 0);
2373 if (has_msr_tsc_aux) {
2374 kvm_msr_entry_add(cpu, MSR_TSC_AUX, 0);
2376 if (has_msr_tsc_adjust) {
2377 kvm_msr_entry_add(cpu, MSR_TSC_ADJUST, 0);
2379 if (has_msr_tsc_deadline) {
2380 kvm_msr_entry_add(cpu, MSR_IA32_TSCDEADLINE, 0);
2382 if (has_msr_misc_enable) {
2383 kvm_msr_entry_add(cpu, MSR_IA32_MISC_ENABLE, 0);
2385 if (has_msr_smbase) {
2386 kvm_msr_entry_add(cpu, MSR_IA32_SMBASE, 0);
2388 if (has_msr_smi_count) {
2389 kvm_msr_entry_add(cpu, MSR_SMI_COUNT, 0);
2391 if (has_msr_feature_control) {
2392 kvm_msr_entry_add(cpu, MSR_IA32_FEATURE_CONTROL, 0);
2394 if (has_msr_bndcfgs) {
2395 kvm_msr_entry_add(cpu, MSR_IA32_BNDCFGS, 0);
2398 kvm_msr_entry_add(cpu, MSR_IA32_XSS, 0);
2400 if (has_msr_spec_ctrl) {
2401 kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
2403 if (has_msr_virt_ssbd) {
2404 kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, 0);
2406 if (!env->tsc_valid) {
2407 kvm_msr_entry_add(cpu, MSR_IA32_TSC, 0);
2408 env->tsc_valid = !runstate_is_running();
2411 #ifdef TARGET_X86_64
2412 if (lm_capable_kernel) {
2413 kvm_msr_entry_add(cpu, MSR_CSTAR, 0);
2414 kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, 0);
2415 kvm_msr_entry_add(cpu, MSR_FMASK, 0);
2416 kvm_msr_entry_add(cpu, MSR_LSTAR, 0);
2419 kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, 0);
2420 kvm_msr_entry_add(cpu, MSR_KVM_WALL_CLOCK, 0);
2421 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_ASYNC_PF)) {
2422 kvm_msr_entry_add(cpu, MSR_KVM_ASYNC_PF_EN, 0);
2424 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_PV_EOI)) {
2425 kvm_msr_entry_add(cpu, MSR_KVM_PV_EOI_EN, 0);
2427 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
2428 kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, 0);
2430 if (has_architectural_pmu_version > 0) {
2431 if (has_architectural_pmu_version > 1) {
2432 kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
2433 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
2434 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_STATUS, 0);
2435 kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_OVF_CTRL, 0);
2437 for (i = 0; i < num_architectural_pmu_fixed_counters; i++) {
2438 kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR0 + i, 0);
2440 for (i = 0; i < num_architectural_pmu_gp_counters; i++) {
2441 kvm_msr_entry_add(cpu, MSR_P6_PERFCTR0 + i, 0);
2442 kvm_msr_entry_add(cpu, MSR_P6_EVNTSEL0 + i, 0);
2447 kvm_msr_entry_add(cpu, MSR_MCG_STATUS, 0);
2448 kvm_msr_entry_add(cpu, MSR_MCG_CTL, 0);
2449 if (has_msr_mcg_ext_ctl) {
2450 kvm_msr_entry_add(cpu, MSR_MCG_EXT_CTL, 0);
2452 for (i = 0; i < (env->mcg_cap & 0xff) * 4; i++) {
2453 kvm_msr_entry_add(cpu, MSR_MC0_CTL + i, 0);
2457 if (has_msr_hv_hypercall) {
2458 kvm_msr_entry_add(cpu, HV_X64_MSR_HYPERCALL, 0);
2459 kvm_msr_entry_add(cpu, HV_X64_MSR_GUEST_OS_ID, 0);
2461 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_VAPIC)) {
2462 kvm_msr_entry_add(cpu, HV_X64_MSR_APIC_ASSIST_PAGE, 0);
2464 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_TIME)) {
2465 kvm_msr_entry_add(cpu, HV_X64_MSR_REFERENCE_TSC, 0);
2467 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_REENLIGHTENMENT)) {
2468 kvm_msr_entry_add(cpu, HV_X64_MSR_REENLIGHTENMENT_CONTROL, 0);
2469 kvm_msr_entry_add(cpu, HV_X64_MSR_TSC_EMULATION_CONTROL, 0);
2470 kvm_msr_entry_add(cpu, HV_X64_MSR_TSC_EMULATION_STATUS, 0);
2472 if (has_msr_hv_crash) {
2475 for (j = 0; j < HV_CRASH_PARAMS; j++) {
2476 kvm_msr_entry_add(cpu, HV_X64_MSR_CRASH_P0 + j, 0);
2479 if (has_msr_hv_runtime) {
2480 kvm_msr_entry_add(cpu, HV_X64_MSR_VP_RUNTIME, 0);
2482 if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC)) {
2485 kvm_msr_entry_add(cpu, HV_X64_MSR_SCONTROL, 0);
2486 kvm_msr_entry_add(cpu, HV_X64_MSR_SIEFP, 0);
2487 kvm_msr_entry_add(cpu, HV_X64_MSR_SIMP, 0);
2488 for (msr = HV_X64_MSR_SINT0; msr <= HV_X64_MSR_SINT15; msr++) {
2489 kvm_msr_entry_add(cpu, msr, 0);
2492 if (has_msr_hv_stimer) {
2495 for (msr = HV_X64_MSR_STIMER0_CONFIG; msr <= HV_X64_MSR_STIMER3_COUNT;
2497 kvm_msr_entry_add(cpu, msr, 0);
2500 if (env->features[FEAT_1_EDX] & CPUID_MTRR) {
2501 kvm_msr_entry_add(cpu, MSR_MTRRdefType, 0);
2502 kvm_msr_entry_add(cpu, MSR_MTRRfix64K_00000, 0);
2503 kvm_msr_entry_add(cpu, MSR_MTRRfix16K_80000, 0);
2504 kvm_msr_entry_add(cpu, MSR_MTRRfix16K_A0000, 0);
2505 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_C0000, 0);
2506 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_C8000, 0);
2507 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_D0000, 0);
2508 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_D8000, 0);
2509 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_E0000, 0);
2510 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_E8000, 0);
2511 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_F0000, 0);
2512 kvm_msr_entry_add(cpu, MSR_MTRRfix4K_F8000, 0);
2513 for (i = 0; i < MSR_MTRRcap_VCNT; i++) {
2514 kvm_msr_entry_add(cpu, MSR_MTRRphysBase(i), 0);
2515 kvm_msr_entry_add(cpu, MSR_MTRRphysMask(i), 0);
2519 if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) {
2521 kvm_arch_get_supported_cpuid(kvm_state, 0x14, 1, R_EAX) & 0x7;
2523 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_CTL, 0);
2524 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_STATUS, 0);
2525 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_OUTPUT_BASE, 0);
2526 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_OUTPUT_MASK, 0);
2527 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_CR3_MATCH, 0);
2528 for (i = 0; i < addr_num; i++) {
2529 kvm_msr_entry_add(cpu, MSR_IA32_RTIT_ADDR0_A + i, 0);
2533 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf);
2538 if (ret < cpu->kvm_msr_buf->nmsrs) {
2539 struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret];
2540 error_report("error: failed to get MSR 0x%" PRIx32,
2541 (uint32_t)e->index);
2544 assert(ret == cpu->kvm_msr_buf->nmsrs);
2546 * MTRR masks: Each mask consists of 5 parts
2547 * a 10..0: must be zero
2549 * c n-1.12: actual mask bits
2550 * d 51..n: reserved must be zero
2551 * e 63.52: reserved must be zero
2553 * 'n' is the number of physical bits supported by the CPU and is
2554 * apparently always <= 52. We know our 'n' but don't know what
2555 * the destinations 'n' is; it might be smaller, in which case
2556 * it masks (c) on loading. It might be larger, in which case
2557 * we fill 'd' so that d..c is consistent irrespetive of the 'n'
2558 * we're migrating to.
2561 if (cpu->fill_mtrr_mask) {
2562 QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > 52);
2563 assert(cpu->phys_bits <= TARGET_PHYS_ADDR_SPACE_BITS);
2564 mtrr_top_bits = MAKE_64BIT_MASK(cpu->phys_bits, 52 - cpu->phys_bits);
2569 for (i = 0; i < ret; i++) {
2570 uint32_t index = msrs[i].index;
2572 case MSR_IA32_SYSENTER_CS:
2573 env->sysenter_cs = msrs[i].data;
2575 case MSR_IA32_SYSENTER_ESP:
2576 env->sysenter_esp = msrs[i].data;
2578 case MSR_IA32_SYSENTER_EIP:
2579 env->sysenter_eip = msrs[i].data;
2582 env->pat = msrs[i].data;
2585 env->star = msrs[i].data;
2587 #ifdef TARGET_X86_64
2589 env->cstar = msrs[i].data;
2591 case MSR_KERNELGSBASE:
2592 env->kernelgsbase = msrs[i].data;
2595 env->fmask = msrs[i].data;
2598 env->lstar = msrs[i].data;
2602 env->tsc = msrs[i].data;
2605 env->tsc_aux = msrs[i].data;
2607 case MSR_TSC_ADJUST:
2608 env->tsc_adjust = msrs[i].data;
2610 case MSR_IA32_TSCDEADLINE:
2611 env->tsc_deadline = msrs[i].data;
2613 case MSR_VM_HSAVE_PA:
2614 env->vm_hsave = msrs[i].data;
2616 case MSR_KVM_SYSTEM_TIME:
2617 env->system_time_msr = msrs[i].data;
2619 case MSR_KVM_WALL_CLOCK:
2620 env->wall_clock_msr = msrs[i].data;
2622 case MSR_MCG_STATUS:
2623 env->mcg_status = msrs[i].data;
2626 env->mcg_ctl = msrs[i].data;
2628 case MSR_MCG_EXT_CTL:
2629 env->mcg_ext_ctl = msrs[i].data;
2631 case MSR_IA32_MISC_ENABLE:
2632 env->msr_ia32_misc_enable = msrs[i].data;
2634 case MSR_IA32_SMBASE:
2635 env->smbase = msrs[i].data;
2638 env->msr_smi_count = msrs[i].data;
2640 case MSR_IA32_FEATURE_CONTROL:
2641 env->msr_ia32_feature_control = msrs[i].data;
2643 case MSR_IA32_BNDCFGS:
2644 env->msr_bndcfgs = msrs[i].data;
2647 env->xss = msrs[i].data;
2650 if (msrs[i].index >= MSR_MC0_CTL &&
2651 msrs[i].index < MSR_MC0_CTL + (env->mcg_cap & 0xff) * 4) {
2652 env->mce_banks[msrs[i].index - MSR_MC0_CTL] = msrs[i].data;
2655 case MSR_KVM_ASYNC_PF_EN:
2656 env->async_pf_en_msr = msrs[i].data;
2658 case MSR_KVM_PV_EOI_EN:
2659 env->pv_eoi_en_msr = msrs[i].data;
2661 case MSR_KVM_STEAL_TIME:
2662 env->steal_time_msr = msrs[i].data;
2664 case MSR_CORE_PERF_FIXED_CTR_CTRL:
2665 env->msr_fixed_ctr_ctrl = msrs[i].data;
2667 case MSR_CORE_PERF_GLOBAL_CTRL:
2668 env->msr_global_ctrl = msrs[i].data;
2670 case MSR_CORE_PERF_GLOBAL_STATUS:
2671 env->msr_global_status = msrs[i].data;
2673 case MSR_CORE_PERF_GLOBAL_OVF_CTRL:
2674 env->msr_global_ovf_ctrl = msrs[i].data;
2676 case MSR_CORE_PERF_FIXED_CTR0 ... MSR_CORE_PERF_FIXED_CTR0 + MAX_FIXED_COUNTERS - 1:
2677 env->msr_fixed_counters[index - MSR_CORE_PERF_FIXED_CTR0] = msrs[i].data;
2679 case MSR_P6_PERFCTR0 ... MSR_P6_PERFCTR0 + MAX_GP_COUNTERS - 1:
2680 env->msr_gp_counters[index - MSR_P6_PERFCTR0] = msrs[i].data;
2682 case MSR_P6_EVNTSEL0 ... MSR_P6_EVNTSEL0 + MAX_GP_COUNTERS - 1:
2683 env->msr_gp_evtsel[index - MSR_P6_EVNTSEL0] = msrs[i].data;
2685 case HV_X64_MSR_HYPERCALL:
2686 env->msr_hv_hypercall = msrs[i].data;
2688 case HV_X64_MSR_GUEST_OS_ID:
2689 env->msr_hv_guest_os_id = msrs[i].data;
2691 case HV_X64_MSR_APIC_ASSIST_PAGE:
2692 env->msr_hv_vapic = msrs[i].data;
2694 case HV_X64_MSR_REFERENCE_TSC:
2695 env->msr_hv_tsc = msrs[i].data;
2697 case HV_X64_MSR_CRASH_P0 ... HV_X64_MSR_CRASH_P4:
2698 env->msr_hv_crash_params[index - HV_X64_MSR_CRASH_P0] = msrs[i].data;
2700 case HV_X64_MSR_VP_RUNTIME:
2701 env->msr_hv_runtime = msrs[i].data;
2703 case HV_X64_MSR_SCONTROL:
2704 env->msr_hv_synic_control = msrs[i].data;
2706 case HV_X64_MSR_SIEFP:
2707 env->msr_hv_synic_evt_page = msrs[i].data;
2709 case HV_X64_MSR_SIMP:
2710 env->msr_hv_synic_msg_page = msrs[i].data;
2712 case HV_X64_MSR_SINT0 ... HV_X64_MSR_SINT15:
2713 env->msr_hv_synic_sint[index - HV_X64_MSR_SINT0] = msrs[i].data;
2715 case HV_X64_MSR_STIMER0_CONFIG:
2716 case HV_X64_MSR_STIMER1_CONFIG:
2717 case HV_X64_MSR_STIMER2_CONFIG:
2718 case HV_X64_MSR_STIMER3_CONFIG:
2719 env->msr_hv_stimer_config[(index - HV_X64_MSR_STIMER0_CONFIG)/2] =
2722 case HV_X64_MSR_STIMER0_COUNT:
2723 case HV_X64_MSR_STIMER1_COUNT:
2724 case HV_X64_MSR_STIMER2_COUNT:
2725 case HV_X64_MSR_STIMER3_COUNT:
2726 env->msr_hv_stimer_count[(index - HV_X64_MSR_STIMER0_COUNT)/2] =
2729 case HV_X64_MSR_REENLIGHTENMENT_CONTROL:
2730 env->msr_hv_reenlightenment_control = msrs[i].data;
2732 case HV_X64_MSR_TSC_EMULATION_CONTROL:
2733 env->msr_hv_tsc_emulation_control = msrs[i].data;
2735 case HV_X64_MSR_TSC_EMULATION_STATUS:
2736 env->msr_hv_tsc_emulation_status = msrs[i].data;
2738 case MSR_MTRRdefType:
2739 env->mtrr_deftype = msrs[i].data;
2741 case MSR_MTRRfix64K_00000:
2742 env->mtrr_fixed[0] = msrs[i].data;
2744 case MSR_MTRRfix16K_80000:
2745 env->mtrr_fixed[1] = msrs[i].data;
2747 case MSR_MTRRfix16K_A0000:
2748 env->mtrr_fixed[2] = msrs[i].data;
2750 case MSR_MTRRfix4K_C0000:
2751 env->mtrr_fixed[3] = msrs[i].data;
2753 case MSR_MTRRfix4K_C8000:
2754 env->mtrr_fixed[4] = msrs[i].data;
2756 case MSR_MTRRfix4K_D0000:
2757 env->mtrr_fixed[5] = msrs[i].data;
2759 case MSR_MTRRfix4K_D8000:
2760 env->mtrr_fixed[6] = msrs[i].data;
2762 case MSR_MTRRfix4K_E0000:
2763 env->mtrr_fixed[7] = msrs[i].data;
2765 case MSR_MTRRfix4K_E8000:
2766 env->mtrr_fixed[8] = msrs[i].data;
2768 case MSR_MTRRfix4K_F0000:
2769 env->mtrr_fixed[9] = msrs[i].data;
2771 case MSR_MTRRfix4K_F8000:
2772 env->mtrr_fixed[10] = msrs[i].data;
2774 case MSR_MTRRphysBase(0) ... MSR_MTRRphysMask(MSR_MTRRcap_VCNT - 1):
2776 env->mtrr_var[MSR_MTRRphysIndex(index)].mask = msrs[i].data |
2779 env->mtrr_var[MSR_MTRRphysIndex(index)].base = msrs[i].data;
2782 case MSR_IA32_SPEC_CTRL:
2783 env->spec_ctrl = msrs[i].data;
2786 env->virt_ssbd = msrs[i].data;
2788 case MSR_IA32_RTIT_CTL:
2789 env->msr_rtit_ctrl = msrs[i].data;
2791 case MSR_IA32_RTIT_STATUS:
2792 env->msr_rtit_status = msrs[i].data;
2794 case MSR_IA32_RTIT_OUTPUT_BASE:
2795 env->msr_rtit_output_base = msrs[i].data;
2797 case MSR_IA32_RTIT_OUTPUT_MASK:
2798 env->msr_rtit_output_mask = msrs[i].data;
2800 case MSR_IA32_RTIT_CR3_MATCH:
2801 env->msr_rtit_cr3_match = msrs[i].data;
2803 case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
2804 env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] = msrs[i].data;
2812 static int kvm_put_mp_state(X86CPU *cpu)
2814 struct kvm_mp_state mp_state = { .mp_state = cpu->env.mp_state };
2816 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MP_STATE, &mp_state);
2819 static int kvm_get_mp_state(X86CPU *cpu)
2821 CPUState *cs = CPU(cpu);
2822 CPUX86State *env = &cpu->env;
2823 struct kvm_mp_state mp_state;
2826 ret = kvm_vcpu_ioctl(cs, KVM_GET_MP_STATE, &mp_state);
2830 env->mp_state = mp_state.mp_state;
2831 if (kvm_irqchip_in_kernel()) {
2832 cs->halted = (mp_state.mp_state == KVM_MP_STATE_HALTED);
2837 static int kvm_get_apic(X86CPU *cpu)
2839 DeviceState *apic = cpu->apic_state;
2840 struct kvm_lapic_state kapic;
2843 if (apic && kvm_irqchip_in_kernel()) {
2844 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_LAPIC, &kapic);
2849 kvm_get_apic_state(apic, &kapic);
2854 static int kvm_put_vcpu_events(X86CPU *cpu, int level)
2856 CPUState *cs = CPU(cpu);
2857 CPUX86State *env = &cpu->env;
2858 struct kvm_vcpu_events events = {};
2860 if (!kvm_has_vcpu_events()) {
2864 events.exception.injected = (env->exception_injected >= 0);
2865 events.exception.nr = env->exception_injected;
2866 events.exception.has_error_code = env->has_error_code;
2867 events.exception.error_code = env->error_code;
2869 events.interrupt.injected = (env->interrupt_injected >= 0);
2870 events.interrupt.nr = env->interrupt_injected;
2871 events.interrupt.soft = env->soft_interrupt;
2873 events.nmi.injected = env->nmi_injected;
2874 events.nmi.pending = env->nmi_pending;
2875 events.nmi.masked = !!(env->hflags2 & HF2_NMI_MASK);
2877 events.sipi_vector = env->sipi_vector;
2880 if (has_msr_smbase) {
2881 events.smi.smm = !!(env->hflags & HF_SMM_MASK);
2882 events.smi.smm_inside_nmi = !!(env->hflags2 & HF2_SMM_INSIDE_NMI_MASK);
2883 if (kvm_irqchip_in_kernel()) {
2884 /* As soon as these are moved to the kernel, remove them
2885 * from cs->interrupt_request.
2887 events.smi.pending = cs->interrupt_request & CPU_INTERRUPT_SMI;
2888 events.smi.latched_init = cs->interrupt_request & CPU_INTERRUPT_INIT;
2889 cs->interrupt_request &= ~(CPU_INTERRUPT_INIT | CPU_INTERRUPT_SMI);
2891 /* Keep these in cs->interrupt_request. */
2892 events.smi.pending = 0;
2893 events.smi.latched_init = 0;
2895 /* Stop SMI delivery on old machine types to avoid a reboot
2896 * on an inward migration of an old VM.
2898 if (!cpu->kvm_no_smi_migration) {
2899 events.flags |= KVM_VCPUEVENT_VALID_SMM;
2903 if (level >= KVM_PUT_RESET_STATE) {
2904 events.flags |= KVM_VCPUEVENT_VALID_NMI_PENDING;
2905 if (env->mp_state == KVM_MP_STATE_SIPI_RECEIVED) {
2906 events.flags |= KVM_VCPUEVENT_VALID_SIPI_VECTOR;
2910 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
2913 static int kvm_get_vcpu_events(X86CPU *cpu)
2915 CPUX86State *env = &cpu->env;
2916 struct kvm_vcpu_events events;
2919 if (!kvm_has_vcpu_events()) {
2923 memset(&events, 0, sizeof(events));
2924 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_VCPU_EVENTS, &events);
2928 env->exception_injected =
2929 events.exception.injected ? events.exception.nr : -1;
2930 env->has_error_code = events.exception.has_error_code;
2931 env->error_code = events.exception.error_code;
2933 env->interrupt_injected =
2934 events.interrupt.injected ? events.interrupt.nr : -1;
2935 env->soft_interrupt = events.interrupt.soft;
2937 env->nmi_injected = events.nmi.injected;
2938 env->nmi_pending = events.nmi.pending;
2939 if (events.nmi.masked) {
2940 env->hflags2 |= HF2_NMI_MASK;
2942 env->hflags2 &= ~HF2_NMI_MASK;
2945 if (events.flags & KVM_VCPUEVENT_VALID_SMM) {
2946 if (events.smi.smm) {
2947 env->hflags |= HF_SMM_MASK;
2949 env->hflags &= ~HF_SMM_MASK;
2951 if (events.smi.pending) {
2952 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_SMI);
2954 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_SMI);
2956 if (events.smi.smm_inside_nmi) {
2957 env->hflags2 |= HF2_SMM_INSIDE_NMI_MASK;
2959 env->hflags2 &= ~HF2_SMM_INSIDE_NMI_MASK;
2961 if (events.smi.latched_init) {
2962 cpu_interrupt(CPU(cpu), CPU_INTERRUPT_INIT);
2964 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_INIT);
2968 env->sipi_vector = events.sipi_vector;
2973 static int kvm_guest_debug_workarounds(X86CPU *cpu)
2975 CPUState *cs = CPU(cpu);
2976 CPUX86State *env = &cpu->env;
2978 unsigned long reinject_trap = 0;
2980 if (!kvm_has_vcpu_events()) {
2981 if (env->exception_injected == 1) {
2982 reinject_trap = KVM_GUESTDBG_INJECT_DB;
2983 } else if (env->exception_injected == 3) {
2984 reinject_trap = KVM_GUESTDBG_INJECT_BP;
2986 env->exception_injected = -1;
2990 * Kernels before KVM_CAP_X86_ROBUST_SINGLESTEP overwrote flags.TF
2991 * injected via SET_GUEST_DEBUG while updating GP regs. Work around this
2992 * by updating the debug state once again if single-stepping is on.
2993 * Another reason to call kvm_update_guest_debug here is a pending debug
2994 * trap raise by the guest. On kernels without SET_VCPU_EVENTS we have to
2995 * reinject them via SET_GUEST_DEBUG.
2997 if (reinject_trap ||
2998 (!kvm_has_robust_singlestep() && cs->singlestep_enabled)) {
2999 ret = kvm_update_guest_debug(cs, reinject_trap);
3004 static int kvm_put_debugregs(X86CPU *cpu)
3006 CPUX86State *env = &cpu->env;
3007 struct kvm_debugregs dbgregs;
3010 if (!kvm_has_debugregs()) {
3014 for (i = 0; i < 4; i++) {
3015 dbgregs.db[i] = env->dr[i];
3017 dbgregs.dr6 = env->dr[6];
3018 dbgregs.dr7 = env->dr[7];
3021 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_DEBUGREGS, &dbgregs);
3024 static int kvm_get_debugregs(X86CPU *cpu)
3026 CPUX86State *env = &cpu->env;
3027 struct kvm_debugregs dbgregs;
3030 if (!kvm_has_debugregs()) {
3034 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_DEBUGREGS, &dbgregs);
3038 for (i = 0; i < 4; i++) {
3039 env->dr[i] = dbgregs.db[i];
3041 env->dr[4] = env->dr[6] = dbgregs.dr6;
3042 env->dr[5] = env->dr[7] = dbgregs.dr7;
3047 int kvm_arch_put_registers(CPUState *cpu, int level)
3049 X86CPU *x86_cpu = X86_CPU(cpu);
3052 assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
3054 if (level >= KVM_PUT_RESET_STATE) {
3055 ret = kvm_put_msr_feature_control(x86_cpu);
3061 if (level == KVM_PUT_FULL_STATE) {
3062 /* We don't check for kvm_arch_set_tsc_khz() errors here,
3063 * because TSC frequency mismatch shouldn't abort migration,
3064 * unless the user explicitly asked for a more strict TSC
3065 * setting (e.g. using an explicit "tsc-freq" option).
3067 kvm_arch_set_tsc_khz(cpu);
3070 ret = kvm_getput_regs(x86_cpu, 1);
3074 ret = kvm_put_xsave(x86_cpu);
3078 ret = kvm_put_xcrs(x86_cpu);
3082 ret = kvm_put_sregs(x86_cpu);
3086 /* must be before kvm_put_msrs */
3087 ret = kvm_inject_mce_oldstyle(x86_cpu);
3091 ret = kvm_put_msrs(x86_cpu, level);
3095 ret = kvm_put_vcpu_events(x86_cpu, level);
3099 if (level >= KVM_PUT_RESET_STATE) {
3100 ret = kvm_put_mp_state(x86_cpu);
3106 ret = kvm_put_tscdeadline_msr(x86_cpu);
3110 ret = kvm_put_debugregs(x86_cpu);
3115 ret = kvm_guest_debug_workarounds(x86_cpu);
3122 int kvm_arch_get_registers(CPUState *cs)
3124 X86CPU *cpu = X86_CPU(cs);
3127 assert(cpu_is_stopped(cs) || qemu_cpu_is_self(cs));
3129 ret = kvm_get_vcpu_events(cpu);
3134 * KVM_GET_MPSTATE can modify CS and RIP, call it before
3135 * KVM_GET_REGS and KVM_GET_SREGS.
3137 ret = kvm_get_mp_state(cpu);
3141 ret = kvm_getput_regs(cpu, 0);
3145 ret = kvm_get_xsave(cpu);
3149 ret = kvm_get_xcrs(cpu);
3153 ret = kvm_get_sregs(cpu);
3157 ret = kvm_get_msrs(cpu);
3161 ret = kvm_get_apic(cpu);
3165 ret = kvm_get_debugregs(cpu);
3171 cpu_sync_bndcs_hflags(&cpu->env);
3175 void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
3177 X86CPU *x86_cpu = X86_CPU(cpu);
3178 CPUX86State *env = &x86_cpu->env;
3182 if (cpu->interrupt_request & (CPU_INTERRUPT_NMI | CPU_INTERRUPT_SMI)) {
3183 if (cpu->interrupt_request & CPU_INTERRUPT_NMI) {
3184 qemu_mutex_lock_iothread();
3185 cpu->interrupt_request &= ~CPU_INTERRUPT_NMI;
3186 qemu_mutex_unlock_iothread();
3187 DPRINTF("injected NMI\n");
3188 ret = kvm_vcpu_ioctl(cpu, KVM_NMI);
3190 fprintf(stderr, "KVM: injection failed, NMI lost (%s)\n",
3194 if (cpu->interrupt_request & CPU_INTERRUPT_SMI) {
3195 qemu_mutex_lock_iothread();
3196 cpu->interrupt_request &= ~CPU_INTERRUPT_SMI;
3197 qemu_mutex_unlock_iothread();
3198 DPRINTF("injected SMI\n");
3199 ret = kvm_vcpu_ioctl(cpu, KVM_SMI);
3201 fprintf(stderr, "KVM: injection failed, SMI lost (%s)\n",
3207 if (!kvm_pic_in_kernel()) {
3208 qemu_mutex_lock_iothread();
3211 /* Force the VCPU out of its inner loop to process any INIT requests
3212 * or (for userspace APIC, but it is cheap to combine the checks here)
3213 * pending TPR access reports.
3215 if (cpu->interrupt_request & (CPU_INTERRUPT_INIT | CPU_INTERRUPT_TPR)) {
3216 if ((cpu->interrupt_request & CPU_INTERRUPT_INIT) &&
3217 !(env->hflags & HF_SMM_MASK)) {
3218 cpu->exit_request = 1;
3220 if (cpu->interrupt_request & CPU_INTERRUPT_TPR) {
3221 cpu->exit_request = 1;
3225 if (!kvm_pic_in_kernel()) {
3226 /* Try to inject an interrupt if the guest can accept it */
3227 if (run->ready_for_interrupt_injection &&
3228 (cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
3229 (env->eflags & IF_MASK)) {
3232 cpu->interrupt_request &= ~CPU_INTERRUPT_HARD;
3233 irq = cpu_get_pic_interrupt(env);
3235 struct kvm_interrupt intr;
3238 DPRINTF("injected interrupt %d\n", irq);
3239 ret = kvm_vcpu_ioctl(cpu, KVM_INTERRUPT, &intr);
3242 "KVM: injection failed, interrupt lost (%s)\n",
3248 /* If we have an interrupt but the guest is not ready to receive an
3249 * interrupt, request an interrupt window exit. This will
3250 * cause a return to userspace as soon as the guest is ready to
3251 * receive interrupts. */
3252 if ((cpu->interrupt_request & CPU_INTERRUPT_HARD)) {
3253 run->request_interrupt_window = 1;
3255 run->request_interrupt_window = 0;
3258 DPRINTF("setting tpr\n");
3259 run->cr8 = cpu_get_apic_tpr(x86_cpu->apic_state);
3261 qemu_mutex_unlock_iothread();
3265 MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)
3267 X86CPU *x86_cpu = X86_CPU(cpu);
3268 CPUX86State *env = &x86_cpu->env;
3270 if (run->flags & KVM_RUN_X86_SMM) {
3271 env->hflags |= HF_SMM_MASK;
3273 env->hflags &= ~HF_SMM_MASK;
3276 env->eflags |= IF_MASK;
3278 env->eflags &= ~IF_MASK;
3281 /* We need to protect the apic state against concurrent accesses from
3282 * different threads in case the userspace irqchip is used. */
3283 if (!kvm_irqchip_in_kernel()) {
3284 qemu_mutex_lock_iothread();
3286 cpu_set_apic_tpr(x86_cpu->apic_state, run->cr8);
3287 cpu_set_apic_base(x86_cpu->apic_state, run->apic_base);
3288 if (!kvm_irqchip_in_kernel()) {
3289 qemu_mutex_unlock_iothread();
3291 return cpu_get_mem_attrs(env);
3294 int kvm_arch_process_async_events(CPUState *cs)
3296 X86CPU *cpu = X86_CPU(cs);
3297 CPUX86State *env = &cpu->env;
3299 if (cs->interrupt_request & CPU_INTERRUPT_MCE) {
3300 /* We must not raise CPU_INTERRUPT_MCE if it's not supported. */
3301 assert(env->mcg_cap);
3303 cs->interrupt_request &= ~CPU_INTERRUPT_MCE;
3305 kvm_cpu_synchronize_state(cs);
3307 if (env->exception_injected == EXCP08_DBLE) {
3308 /* this means triple fault */
3309 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
3310 cs->exit_request = 1;
3313 env->exception_injected = EXCP12_MCHK;
3314 env->has_error_code = 0;
3317 if (kvm_irqchip_in_kernel() && env->mp_state == KVM_MP_STATE_HALTED) {
3318 env->mp_state = KVM_MP_STATE_RUNNABLE;
3322 if ((cs->interrupt_request & CPU_INTERRUPT_INIT) &&
3323 !(env->hflags & HF_SMM_MASK)) {
3324 kvm_cpu_synchronize_state(cs);
3328 if (kvm_irqchip_in_kernel()) {
3332 if (cs->interrupt_request & CPU_INTERRUPT_POLL) {
3333 cs->interrupt_request &= ~CPU_INTERRUPT_POLL;
3334 apic_poll_irq(cpu->apic_state);
3336 if (((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
3337 (env->eflags & IF_MASK)) ||
3338 (cs->interrupt_request & CPU_INTERRUPT_NMI)) {
3341 if (cs->interrupt_request & CPU_INTERRUPT_SIPI) {
3342 kvm_cpu_synchronize_state(cs);
3345 if (cs->interrupt_request & CPU_INTERRUPT_TPR) {
3346 cs->interrupt_request &= ~CPU_INTERRUPT_TPR;
3347 kvm_cpu_synchronize_state(cs);
3348 apic_handle_tpr_access_report(cpu->apic_state, env->eip,
3349 env->tpr_access_type);
3355 static int kvm_handle_halt(X86CPU *cpu)
3357 CPUState *cs = CPU(cpu);
3358 CPUX86State *env = &cpu->env;
3360 if (!((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
3361 (env->eflags & IF_MASK)) &&
3362 !(cs->interrupt_request & CPU_INTERRUPT_NMI)) {
3370 static int kvm_handle_tpr_access(X86CPU *cpu)
3372 CPUState *cs = CPU(cpu);
3373 struct kvm_run *run = cs->kvm_run;
3375 apic_handle_tpr_access_report(cpu->apic_state, run->tpr_access.rip,
3376 run->tpr_access.is_write ? TPR_ACCESS_WRITE
3381 int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
3383 static const uint8_t int3 = 0xcc;
3385 if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 1, 0) ||
3386 cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&int3, 1, 1)) {
3392 int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
3396 if (cpu_memory_rw_debug(cs, bp->pc, &int3, 1, 0) || int3 != 0xcc ||
3397 cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 1, 1)) {
3409 static int nb_hw_breakpoint;
3411 static int find_hw_breakpoint(target_ulong addr, int len, int type)
3415 for (n = 0; n < nb_hw_breakpoint; n++) {
3416 if (hw_breakpoint[n].addr == addr && hw_breakpoint[n].type == type &&
3417 (hw_breakpoint[n].len == len || len == -1)) {
3424 int kvm_arch_insert_hw_breakpoint(target_ulong addr,
3425 target_ulong len, int type)
3428 case GDB_BREAKPOINT_HW:
3431 case GDB_WATCHPOINT_WRITE:
3432 case GDB_WATCHPOINT_ACCESS:
3439 if (addr & (len - 1)) {
3451 if (nb_hw_breakpoint == 4) {
3454 if (find_hw_breakpoint(addr, len, type) >= 0) {
3457 hw_breakpoint[nb_hw_breakpoint].addr = addr;
3458 hw_breakpoint[nb_hw_breakpoint].len = len;
3459 hw_breakpoint[nb_hw_breakpoint].type = type;
3465 int kvm_arch_remove_hw_breakpoint(target_ulong addr,
3466 target_ulong len, int type)
3470 n = find_hw_breakpoint(addr, (type == GDB_BREAKPOINT_HW) ? 1 : len, type);
3475 hw_breakpoint[n] = hw_breakpoint[nb_hw_breakpoint];
3480 void kvm_arch_remove_all_hw_breakpoints(void)
3482 nb_hw_breakpoint = 0;
3485 static CPUWatchpoint hw_watchpoint;
3487 static int kvm_handle_debug(X86CPU *cpu,
3488 struct kvm_debug_exit_arch *arch_info)
3490 CPUState *cs = CPU(cpu);
3491 CPUX86State *env = &cpu->env;
3495 if (arch_info->exception == 1) {
3496 if (arch_info->dr6 & (1 << 14)) {
3497 if (cs->singlestep_enabled) {
3501 for (n = 0; n < 4; n++) {
3502 if (arch_info->dr6 & (1 << n)) {
3503 switch ((arch_info->dr7 >> (16 + n*4)) & 0x3) {
3509 cs->watchpoint_hit = &hw_watchpoint;
3510 hw_watchpoint.vaddr = hw_breakpoint[n].addr;
3511 hw_watchpoint.flags = BP_MEM_WRITE;
3515 cs->watchpoint_hit = &hw_watchpoint;
3516 hw_watchpoint.vaddr = hw_breakpoint[n].addr;
3517 hw_watchpoint.flags = BP_MEM_ACCESS;
3523 } else if (kvm_find_sw_breakpoint(cs, arch_info->pc)) {
3527 cpu_synchronize_state(cs);
3528 assert(env->exception_injected == -1);
3531 env->exception_injected = arch_info->exception;
3532 env->has_error_code = 0;
3538 void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg)
3540 const uint8_t type_code[] = {
3541 [GDB_BREAKPOINT_HW] = 0x0,
3542 [GDB_WATCHPOINT_WRITE] = 0x1,
3543 [GDB_WATCHPOINT_ACCESS] = 0x3
3545 const uint8_t len_code[] = {
3546 [1] = 0x0, [2] = 0x1, [4] = 0x3, [8] = 0x2
3550 if (kvm_sw_breakpoints_active(cpu)) {
3551 dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP;
3553 if (nb_hw_breakpoint > 0) {
3554 dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP;
3555 dbg->arch.debugreg[7] = 0x0600;
3556 for (n = 0; n < nb_hw_breakpoint; n++) {
3557 dbg->arch.debugreg[n] = hw_breakpoint[n].addr;
3558 dbg->arch.debugreg[7] |= (2 << (n * 2)) |
3559 (type_code[hw_breakpoint[n].type] << (16 + n*4)) |
3560 ((uint32_t)len_code[hw_breakpoint[n].len] << (18 + n*4));
3565 static bool host_supports_vmx(void)
3567 uint32_t ecx, unused;
3569 host_cpuid(1, 0, &unused, &unused, &ecx, &unused);
3570 return ecx & CPUID_EXT_VMX;
3573 #define VMX_INVALID_GUEST_STATE 0x80000021
3575 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
3577 X86CPU *cpu = X86_CPU(cs);
3581 switch (run->exit_reason) {
3583 DPRINTF("handle_hlt\n");
3584 qemu_mutex_lock_iothread();
3585 ret = kvm_handle_halt(cpu);
3586 qemu_mutex_unlock_iothread();
3588 case KVM_EXIT_SET_TPR:
3591 case KVM_EXIT_TPR_ACCESS:
3592 qemu_mutex_lock_iothread();
3593 ret = kvm_handle_tpr_access(cpu);
3594 qemu_mutex_unlock_iothread();
3596 case KVM_EXIT_FAIL_ENTRY:
3597 code = run->fail_entry.hardware_entry_failure_reason;
3598 fprintf(stderr, "KVM: entry failed, hardware error 0x%" PRIx64 "\n",
3600 if (host_supports_vmx() && code == VMX_INVALID_GUEST_STATE) {
3602 "\nIf you're running a guest on an Intel machine without "
3603 "unrestricted mode\n"
3604 "support, the failure can be most likely due to the guest "
3605 "entering an invalid\n"
3606 "state for Intel VT. For example, the guest maybe running "
3607 "in big real mode\n"
3608 "which is not supported on less recent Intel processors."
3613 case KVM_EXIT_EXCEPTION:
3614 fprintf(stderr, "KVM: exception %d exit (error code 0x%x)\n",
3615 run->ex.exception, run->ex.error_code);
3618 case KVM_EXIT_DEBUG:
3619 DPRINTF("kvm_exit_debug\n");
3620 qemu_mutex_lock_iothread();
3621 ret = kvm_handle_debug(cpu, &run->debug.arch);
3622 qemu_mutex_unlock_iothread();
3624 case KVM_EXIT_HYPERV:
3625 ret = kvm_hv_handle_exit(cpu, &run->hyperv);
3627 case KVM_EXIT_IOAPIC_EOI:
3628 ioapic_eoi_broadcast(run->eoi.vector);
3632 fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
3640 bool kvm_arch_stop_on_emulation_error(CPUState *cs)
3642 X86CPU *cpu = X86_CPU(cs);
3643 CPUX86State *env = &cpu->env;
3645 kvm_cpu_synchronize_state(cs);
3646 return !(env->cr[0] & CR0_PE_MASK) ||
3647 ((env->segs[R_CS].selector & 3) != 3);
3650 void kvm_arch_init_irq_routing(KVMState *s)
3652 if (!kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
3653 /* If kernel can't do irq routing, interrupt source
3654 * override 0->2 cannot be set up as required by HPET.
3655 * So we have to disable it.
3659 /* We know at this point that we're using the in-kernel
3660 * irqchip, so we can use irqfds, and on x86 we know
3661 * we can use msi via irqfd and GSI routing.
3663 kvm_msi_via_irqfd_allowed = true;
3664 kvm_gsi_routing_allowed = true;
3666 if (kvm_irqchip_is_split()) {
3669 /* If the ioapic is in QEMU and the lapics are in KVM, reserve
3670 MSI routes for signaling interrupts to the local apics. */
3671 for (i = 0; i < IOAPIC_NUM_PINS; i++) {
3672 if (kvm_irqchip_add_msi_route(s, 0, NULL) < 0) {
3673 error_report("Could not enable split IRQ mode.");
3680 int kvm_arch_irqchip_create(MachineState *ms, KVMState *s)
3683 if (machine_kernel_irqchip_split(ms)) {
3684 ret = kvm_vm_enable_cap(s, KVM_CAP_SPLIT_IRQCHIP, 0, 24);
3686 error_report("Could not enable split irqchip mode: %s",
3690 DPRINTF("Enabled KVM_CAP_SPLIT_IRQCHIP\n");
3691 kvm_split_irqchip = true;
3699 /* Classic KVM device assignment interface. Will remain x86 only. */
3700 int kvm_device_pci_assign(KVMState *s, PCIHostDeviceAddress *dev_addr,
3701 uint32_t flags, uint32_t *dev_id)
3703 struct kvm_assigned_pci_dev dev_data = {
3704 .segnr = dev_addr->domain,
3705 .busnr = dev_addr->bus,
3706 .devfn = PCI_DEVFN(dev_addr->slot, dev_addr->function),
3711 dev_data.assigned_dev_id =
3712 (dev_addr->domain << 16) | (dev_addr->bus << 8) | dev_data.devfn;
3714 ret = kvm_vm_ioctl(s, KVM_ASSIGN_PCI_DEVICE, &dev_data);
3719 *dev_id = dev_data.assigned_dev_id;
3724 int kvm_device_pci_deassign(KVMState *s, uint32_t dev_id)
3726 struct kvm_assigned_pci_dev dev_data = {
3727 .assigned_dev_id = dev_id,
3730 return kvm_vm_ioctl(s, KVM_DEASSIGN_PCI_DEVICE, &dev_data);
3733 static int kvm_assign_irq_internal(KVMState *s, uint32_t dev_id,
3734 uint32_t irq_type, uint32_t guest_irq)
3736 struct kvm_assigned_irq assigned_irq = {
3737 .assigned_dev_id = dev_id,
3738 .guest_irq = guest_irq,
3742 if (kvm_check_extension(s, KVM_CAP_ASSIGN_DEV_IRQ)) {
3743 return kvm_vm_ioctl(s, KVM_ASSIGN_DEV_IRQ, &assigned_irq);
3745 return kvm_vm_ioctl(s, KVM_ASSIGN_IRQ, &assigned_irq);
3749 int kvm_device_intx_assign(KVMState *s, uint32_t dev_id, bool use_host_msi,
3752 uint32_t irq_type = KVM_DEV_IRQ_GUEST_INTX |
3753 (use_host_msi ? KVM_DEV_IRQ_HOST_MSI : KVM_DEV_IRQ_HOST_INTX);
3755 return kvm_assign_irq_internal(s, dev_id, irq_type, guest_irq);
3758 int kvm_device_intx_set_mask(KVMState *s, uint32_t dev_id, bool masked)
3760 struct kvm_assigned_pci_dev dev_data = {
3761 .assigned_dev_id = dev_id,
3762 .flags = masked ? KVM_DEV_ASSIGN_MASK_INTX : 0,
3765 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_INTX_MASK, &dev_data);
3768 static int kvm_deassign_irq_internal(KVMState *s, uint32_t dev_id,
3771 struct kvm_assigned_irq assigned_irq = {
3772 .assigned_dev_id = dev_id,
3776 return kvm_vm_ioctl(s, KVM_DEASSIGN_DEV_IRQ, &assigned_irq);
3779 int kvm_device_intx_deassign(KVMState *s, uint32_t dev_id, bool use_host_msi)
3781 return kvm_deassign_irq_internal(s, dev_id, KVM_DEV_IRQ_GUEST_INTX |
3782 (use_host_msi ? KVM_DEV_IRQ_HOST_MSI : KVM_DEV_IRQ_HOST_INTX));
3785 int kvm_device_msi_assign(KVMState *s, uint32_t dev_id, int virq)
3787 return kvm_assign_irq_internal(s, dev_id, KVM_DEV_IRQ_HOST_MSI |
3788 KVM_DEV_IRQ_GUEST_MSI, virq);
3791 int kvm_device_msi_deassign(KVMState *s, uint32_t dev_id)
3793 return kvm_deassign_irq_internal(s, dev_id, KVM_DEV_IRQ_GUEST_MSI |
3794 KVM_DEV_IRQ_HOST_MSI);
3797 bool kvm_device_msix_supported(KVMState *s)
3799 /* The kernel lacks a corresponding KVM_CAP, so we probe by calling
3800 * KVM_ASSIGN_SET_MSIX_NR with an invalid parameter. */
3801 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_MSIX_NR, NULL) == -EFAULT;
3804 int kvm_device_msix_init_vectors(KVMState *s, uint32_t dev_id,
3805 uint32_t nr_vectors)
3807 struct kvm_assigned_msix_nr msix_nr = {
3808 .assigned_dev_id = dev_id,
3809 .entry_nr = nr_vectors,
3812 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_MSIX_NR, &msix_nr);
3815 int kvm_device_msix_set_vector(KVMState *s, uint32_t dev_id, uint32_t vector,
3818 struct kvm_assigned_msix_entry msix_entry = {
3819 .assigned_dev_id = dev_id,
3824 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_MSIX_ENTRY, &msix_entry);
3827 int kvm_device_msix_assign(KVMState *s, uint32_t dev_id)
3829 return kvm_assign_irq_internal(s, dev_id, KVM_DEV_IRQ_HOST_MSIX |
3830 KVM_DEV_IRQ_GUEST_MSIX, 0);
3833 int kvm_device_msix_deassign(KVMState *s, uint32_t dev_id)
3835 return kvm_deassign_irq_internal(s, dev_id, KVM_DEV_IRQ_GUEST_MSIX |
3836 KVM_DEV_IRQ_HOST_MSIX);
3839 int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
3840 uint64_t address, uint32_t data, PCIDevice *dev)
3842 X86IOMMUState *iommu = x86_iommu_get_default();
3846 MSIMessage src, dst;
3847 X86IOMMUClass *class = X86_IOMMU_GET_CLASS(iommu);
3849 if (!class->int_remap) {
3853 src.address = route->u.msi.address_hi;
3854 src.address <<= VTD_MSI_ADDR_HI_SHIFT;
3855 src.address |= route->u.msi.address_lo;
3856 src.data = route->u.msi.data;
3858 ret = class->int_remap(iommu, &src, &dst, dev ? \
3859 pci_requester_id(dev) : \
3860 X86_IOMMU_SID_INVALID);
3862 trace_kvm_x86_fixup_msi_error(route->gsi);
3866 route->u.msi.address_hi = dst.address >> VTD_MSI_ADDR_HI_SHIFT;
3867 route->u.msi.address_lo = dst.address & VTD_MSI_ADDR_LO_MASK;
3868 route->u.msi.data = dst.data;
3874 typedef struct MSIRouteEntry MSIRouteEntry;
3876 struct MSIRouteEntry {
3877 PCIDevice *dev; /* Device pointer */
3878 int vector; /* MSI/MSIX vector index */
3879 int virq; /* Virtual IRQ index */
3880 QLIST_ENTRY(MSIRouteEntry) list;
3883 /* List of used GSI routes */
3884 static QLIST_HEAD(, MSIRouteEntry) msi_route_list = \
3885 QLIST_HEAD_INITIALIZER(msi_route_list);
3887 static void kvm_update_msi_routes_all(void *private, bool global,
3888 uint32_t index, uint32_t mask)
3890 int cnt = 0, vector;
3891 MSIRouteEntry *entry;
3895 /* TODO: explicit route update */
3896 QLIST_FOREACH(entry, &msi_route_list, list) {
3898 vector = entry->vector;
3900 if (msix_enabled(dev) && !msix_is_masked(dev, vector)) {
3901 msg = msix_get_message(dev, vector);
3902 } else if (msi_enabled(dev) && !msi_is_masked(dev, vector)) {
3903 msg = msi_get_message(dev, vector);
3906 * Either MSI/MSIX is disabled for the device, or the
3907 * specific message was masked out. Skip this one.
3911 kvm_irqchip_update_msi_route(kvm_state, entry->virq, msg, dev);
3913 kvm_irqchip_commit_routes(kvm_state);
3914 trace_kvm_x86_update_msi_routes(cnt);
3917 int kvm_arch_add_msi_route_post(struct kvm_irq_routing_entry *route,
3918 int vector, PCIDevice *dev)
3920 static bool notify_list_inited = false;
3921 MSIRouteEntry *entry;
3924 /* These are (possibly) IOAPIC routes only used for split
3925 * kernel irqchip mode, while what we are housekeeping are
3926 * PCI devices only. */
3930 entry = g_new0(MSIRouteEntry, 1);
3932 entry->vector = vector;
3933 entry->virq = route->gsi;
3934 QLIST_INSERT_HEAD(&msi_route_list, entry, list);
3936 trace_kvm_x86_add_msi_route(route->gsi);
3938 if (!notify_list_inited) {
3939 /* For the first time we do add route, add ourselves into
3940 * IOMMU's IEC notify list if needed. */
3941 X86IOMMUState *iommu = x86_iommu_get_default();
3943 x86_iommu_iec_register_notifier(iommu,
3944 kvm_update_msi_routes_all,
3947 notify_list_inited = true;
3952 int kvm_arch_release_virq_post(int virq)
3954 MSIRouteEntry *entry, *next;
3955 QLIST_FOREACH_SAFE(entry, &msi_route_list, list, next) {
3956 if (entry->virq == virq) {
3957 trace_kvm_x86_remove_msi_route(virq);
3958 QLIST_REMOVE(entry, list);
3966 int kvm_arch_msi_data_to_gsi(uint32_t data)
projects / qemu.git / blob