4 * Copyright (C) 2006-2008 Qumranet Technologies
5 * Copyright IBM, Corp. 2008
10 * This work is licensed under the terms of the GNU GPL, version 2 or later.
11 * See the COPYING file in the top-level directory.
15 #include <sys/types.h>
16 #include <sys/ioctl.h>
18 #include <sys/utsname.h>
20 #include <linux/kvm.h>
21 #include <linux/kvm_para.h>
23 #include "qemu-common.h"
24 #include "sysemu/sysemu.h"
25 #include "sysemu/kvm.h"
28 #include "exec/gdbstub.h"
29 #include "qemu/host-utils.h"
30 #include "qemu/config-file.h"
31 #include "hw/i386/pc.h"
32 #include "hw/i386/apic.h"
33 #include "hw/i386/apic_internal.h"
34 #include "hw/i386/apic-msidef.h"
35 #include "exec/ioport.h"
36 #include <asm/hyperv.h>
37 #include "hw/pci/pci.h"
38 #include "migration/migration.h"
39 #include "qapi/qmp/qerror.h"
44 #define DPRINTF(fmt, ...) \
45 do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
47 #define DPRINTF(fmt, ...) \
51 #define MSR_KVM_WALL_CLOCK 0x11
52 #define MSR_KVM_SYSTEM_TIME 0x12
55 #define BUS_MCEERR_AR 4
58 #define BUS_MCEERR_AO 5
61 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
62 KVM_CAP_INFO(SET_TSS_ADDR),
63 KVM_CAP_INFO(EXT_CPUID),
64 KVM_CAP_INFO(MP_STATE),
68 static bool has_msr_star;
69 static bool has_msr_hsave_pa;
70 static bool has_msr_tsc_adjust;
71 static bool has_msr_tsc_deadline;
72 static bool has_msr_feature_control;
73 static bool has_msr_async_pf_en;
74 static bool has_msr_pv_eoi_en;
75 static bool has_msr_misc_enable;
76 static bool has_msr_bndcfgs;
77 static bool has_msr_kvm_steal_time;
78 static int lm_capable_kernel;
79 static bool has_msr_hv_hypercall;
80 static bool has_msr_hv_vapic;
81 static bool has_msr_hv_tsc;
82 static bool has_msr_mtrr;
84 static bool has_msr_architectural_pmu;
85 static uint32_t num_architectural_pmu_counters;
87 bool kvm_allows_irq0_override(void)
89 return !kvm_irqchip_in_kernel() || kvm_has_gsi_routing();
92 static struct kvm_cpuid2 *try_get_cpuid(KVMState *s, int max)
94 struct kvm_cpuid2 *cpuid;
97 size = sizeof(*cpuid) + max * sizeof(*cpuid->entries);
98 cpuid = (struct kvm_cpuid2 *)g_malloc0(size);
100 r = kvm_ioctl(s, KVM_GET_SUPPORTED_CPUID, cpuid);
101 if (r == 0 && cpuid->nent >= max) {
109 fprintf(stderr, "KVM_GET_SUPPORTED_CPUID failed: %s\n",
117 /* Run KVM_GET_SUPPORTED_CPUID ioctl(), allocating a buffer large enough
120 static struct kvm_cpuid2 *get_supported_cpuid(KVMState *s)
122 struct kvm_cpuid2 *cpuid;
124 while ((cpuid = try_get_cpuid(s, max)) == NULL) {
130 static const struct kvm_para_features {
133 } para_features[] = {
134 { KVM_CAP_CLOCKSOURCE, KVM_FEATURE_CLOCKSOURCE },
135 { KVM_CAP_NOP_IO_DELAY, KVM_FEATURE_NOP_IO_DELAY },
136 { KVM_CAP_PV_MMU, KVM_FEATURE_MMU_OP },
137 { KVM_CAP_ASYNC_PF, KVM_FEATURE_ASYNC_PF },
140 static int get_para_features(KVMState *s)
144 for (i = 0; i < ARRAY_SIZE(para_features); i++) {
145 if (kvm_check_extension(s, para_features[i].cap)) {
146 features |= (1 << para_features[i].feature);
154 /* Returns the value for a specific register on the cpuid entry
156 static uint32_t cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry, int reg)
176 /* Find matching entry for function/index on kvm_cpuid2 struct
178 static struct kvm_cpuid_entry2 *cpuid_find_entry(struct kvm_cpuid2 *cpuid,
183 for (i = 0; i < cpuid->nent; ++i) {
184 if (cpuid->entries[i].function == function &&
185 cpuid->entries[i].index == index) {
186 return &cpuid->entries[i];
193 uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
194 uint32_t index, int reg)
196 struct kvm_cpuid2 *cpuid;
198 uint32_t cpuid_1_edx;
201 cpuid = get_supported_cpuid(s);
203 struct kvm_cpuid_entry2 *entry = cpuid_find_entry(cpuid, function, index);
206 ret = cpuid_entry_get_reg(entry, reg);
209 /* Fixups for the data returned by KVM, below */
211 if (function == 1 && reg == R_EDX) {
212 /* KVM before 2.6.30 misreports the following features */
213 ret |= CPUID_MTRR | CPUID_PAT | CPUID_MCE | CPUID_MCA;
214 } else if (function == 1 && reg == R_ECX) {
215 /* We can set the hypervisor flag, even if KVM does not return it on
216 * GET_SUPPORTED_CPUID
218 ret |= CPUID_EXT_HYPERVISOR;
219 /* tsc-deadline flag is not returned by GET_SUPPORTED_CPUID, but it
220 * can be enabled if the kernel has KVM_CAP_TSC_DEADLINE_TIMER,
221 * and the irqchip is in the kernel.
223 if (kvm_irqchip_in_kernel() &&
224 kvm_check_extension(s, KVM_CAP_TSC_DEADLINE_TIMER)) {
225 ret |= CPUID_EXT_TSC_DEADLINE_TIMER;
228 /* x2apic is reported by GET_SUPPORTED_CPUID, but it can't be enabled
229 * without the in-kernel irqchip
231 if (!kvm_irqchip_in_kernel()) {
232 ret &= ~CPUID_EXT_X2APIC;
234 } else if (function == 0x80000001 && reg == R_EDX) {
235 /* On Intel, kvm returns cpuid according to the Intel spec,
236 * so add missing bits according to the AMD spec:
238 cpuid_1_edx = kvm_arch_get_supported_cpuid(s, 1, 0, R_EDX);
239 ret |= cpuid_1_edx & CPUID_EXT2_AMD_ALIASES;
244 /* fallback for older kernels */
245 if ((function == KVM_CPUID_FEATURES) && !found) {
246 ret = get_para_features(s);
252 typedef struct HWPoisonPage {
254 QLIST_ENTRY(HWPoisonPage) list;
257 static QLIST_HEAD(, HWPoisonPage) hwpoison_page_list =
258 QLIST_HEAD_INITIALIZER(hwpoison_page_list);
260 static void kvm_unpoison_all(void *param)
262 HWPoisonPage *page, *next_page;
264 QLIST_FOREACH_SAFE(page, &hwpoison_page_list, list, next_page) {
265 QLIST_REMOVE(page, list);
266 qemu_ram_remap(page->ram_addr, TARGET_PAGE_SIZE);
271 static void kvm_hwpoison_page_add(ram_addr_t ram_addr)
275 QLIST_FOREACH(page, &hwpoison_page_list, list) {
276 if (page->ram_addr == ram_addr) {
280 page = g_malloc(sizeof(HWPoisonPage));
281 page->ram_addr = ram_addr;
282 QLIST_INSERT_HEAD(&hwpoison_page_list, page, list);
285 static int kvm_get_mce_cap_supported(KVMState *s, uint64_t *mce_cap,
290 r = kvm_check_extension(s, KVM_CAP_MCE);
293 return kvm_ioctl(s, KVM_X86_GET_MCE_CAP_SUPPORTED, mce_cap);
298 static void kvm_mce_inject(X86CPU *cpu, hwaddr paddr, int code)
300 CPUX86State *env = &cpu->env;
301 uint64_t status = MCI_STATUS_VAL | MCI_STATUS_UC | MCI_STATUS_EN |
302 MCI_STATUS_MISCV | MCI_STATUS_ADDRV | MCI_STATUS_S;
303 uint64_t mcg_status = MCG_STATUS_MCIP;
305 if (code == BUS_MCEERR_AR) {
306 status |= MCI_STATUS_AR | 0x134;
307 mcg_status |= MCG_STATUS_EIPV;
310 mcg_status |= MCG_STATUS_RIPV;
312 cpu_x86_inject_mce(NULL, cpu, 9, status, mcg_status, paddr,
313 (MCM_ADDR_PHYS << 6) | 0xc,
314 cpu_x86_support_mca_broadcast(env) ?
315 MCE_INJECT_BROADCAST : 0);
318 static void hardware_memory_error(void)
320 fprintf(stderr, "Hardware memory error!\n");
324 int kvm_arch_on_sigbus_vcpu(CPUState *c, int code, void *addr)
326 X86CPU *cpu = X86_CPU(c);
327 CPUX86State *env = &cpu->env;
331 if ((env->mcg_cap & MCG_SER_P) && addr
332 && (code == BUS_MCEERR_AR || code == BUS_MCEERR_AO)) {
333 if (qemu_ram_addr_from_host(addr, &ram_addr) == NULL ||
334 !kvm_physical_memory_addr_from_host(c->kvm_state, addr, &paddr)) {
335 fprintf(stderr, "Hardware memory error for memory used by "
336 "QEMU itself instead of guest system!\n");
337 /* Hope we are lucky for AO MCE */
338 if (code == BUS_MCEERR_AO) {
341 hardware_memory_error();
344 kvm_hwpoison_page_add(ram_addr);
345 kvm_mce_inject(cpu, paddr, code);
347 if (code == BUS_MCEERR_AO) {
349 } else if (code == BUS_MCEERR_AR) {
350 hardware_memory_error();
358 int kvm_arch_on_sigbus(int code, void *addr)
360 X86CPU *cpu = X86_CPU(first_cpu);
362 if ((cpu->env.mcg_cap & MCG_SER_P) && addr && code == BUS_MCEERR_AO) {
366 /* Hope we are lucky for AO MCE */
367 if (qemu_ram_addr_from_host(addr, &ram_addr) == NULL ||
368 !kvm_physical_memory_addr_from_host(first_cpu->kvm_state,
370 fprintf(stderr, "Hardware memory error for memory used by "
371 "QEMU itself instead of guest system!: %p\n", addr);
374 kvm_hwpoison_page_add(ram_addr);
375 kvm_mce_inject(X86_CPU(first_cpu), paddr, code);
377 if (code == BUS_MCEERR_AO) {
379 } else if (code == BUS_MCEERR_AR) {
380 hardware_memory_error();
388 static int kvm_inject_mce_oldstyle(X86CPU *cpu)
390 CPUX86State *env = &cpu->env;
392 if (!kvm_has_vcpu_events() && env->exception_injected == EXCP12_MCHK) {
393 unsigned int bank, bank_num = env->mcg_cap & 0xff;
394 struct kvm_x86_mce mce;
396 env->exception_injected = -1;
399 * There must be at least one bank in use if an MCE is pending.
400 * Find it and use its values for the event injection.
402 for (bank = 0; bank < bank_num; bank++) {
403 if (env->mce_banks[bank * 4 + 1] & MCI_STATUS_VAL) {
407 assert(bank < bank_num);
410 mce.status = env->mce_banks[bank * 4 + 1];
411 mce.mcg_status = env->mcg_status;
412 mce.addr = env->mce_banks[bank * 4 + 2];
413 mce.misc = env->mce_banks[bank * 4 + 3];
415 return kvm_vcpu_ioctl(CPU(cpu), KVM_X86_SET_MCE, &mce);
420 static void cpu_update_state(void *opaque, int running, RunState state)
422 CPUX86State *env = opaque;
425 env->tsc_valid = false;
429 unsigned long kvm_arch_vcpu_id(CPUState *cs)
431 X86CPU *cpu = X86_CPU(cs);
432 return cpu->env.cpuid_apic_id;
435 #ifndef KVM_CPUID_SIGNATURE_NEXT
436 #define KVM_CPUID_SIGNATURE_NEXT 0x40000100
439 static bool hyperv_hypercall_available(X86CPU *cpu)
441 return cpu->hyperv_vapic ||
442 (cpu->hyperv_spinlock_attempts != HYPERV_SPINLOCK_NEVER_RETRY);
445 static bool hyperv_enabled(X86CPU *cpu)
447 CPUState *cs = CPU(cpu);
448 return kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV) > 0 &&
449 (hyperv_hypercall_available(cpu) ||
451 cpu->hyperv_relaxed_timing);
454 static Error *invtsc_mig_blocker;
456 #define KVM_MAX_CPUID_ENTRIES 100
458 int kvm_arch_init_vcpu(CPUState *cs)
461 struct kvm_cpuid2 cpuid;
462 struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES];
463 } QEMU_PACKED cpuid_data;
464 X86CPU *cpu = X86_CPU(cs);
465 CPUX86State *env = &cpu->env;
466 uint32_t limit, i, j, cpuid_i;
468 struct kvm_cpuid_entry2 *c;
469 uint32_t signature[3];
470 int kvm_base = KVM_CPUID_SIGNATURE;
473 memset(&cpuid_data, 0, sizeof(cpuid_data));
477 /* Paravirtualization CPUIDs */
478 if (hyperv_enabled(cpu)) {
479 c = &cpuid_data.entries[cpuid_i++];
480 c->function = HYPERV_CPUID_VENDOR_AND_MAX_FUNCTIONS;
481 memcpy(signature, "Microsoft Hv", 12);
482 c->eax = HYPERV_CPUID_MIN;
483 c->ebx = signature[0];
484 c->ecx = signature[1];
485 c->edx = signature[2];
487 c = &cpuid_data.entries[cpuid_i++];
488 c->function = HYPERV_CPUID_INTERFACE;
489 memcpy(signature, "Hv#1\0\0\0\0\0\0\0\0", 12);
490 c->eax = signature[0];
495 c = &cpuid_data.entries[cpuid_i++];
496 c->function = HYPERV_CPUID_VERSION;
500 c = &cpuid_data.entries[cpuid_i++];
501 c->function = HYPERV_CPUID_FEATURES;
502 if (cpu->hyperv_relaxed_timing) {
503 c->eax |= HV_X64_MSR_HYPERCALL_AVAILABLE;
505 if (cpu->hyperv_vapic) {
506 c->eax |= HV_X64_MSR_HYPERCALL_AVAILABLE;
507 c->eax |= HV_X64_MSR_APIC_ACCESS_AVAILABLE;
508 has_msr_hv_vapic = true;
510 if (cpu->hyperv_time &&
511 kvm_check_extension(cs->kvm_state, KVM_CAP_HYPERV_TIME) > 0) {
512 c->eax |= HV_X64_MSR_HYPERCALL_AVAILABLE;
513 c->eax |= HV_X64_MSR_TIME_REF_COUNT_AVAILABLE;
515 has_msr_hv_tsc = true;
517 c = &cpuid_data.entries[cpuid_i++];
518 c->function = HYPERV_CPUID_ENLIGHTMENT_INFO;
519 if (cpu->hyperv_relaxed_timing) {
520 c->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED;
522 if (has_msr_hv_vapic) {
523 c->eax |= HV_X64_APIC_ACCESS_RECOMMENDED;
525 c->ebx = cpu->hyperv_spinlock_attempts;
527 c = &cpuid_data.entries[cpuid_i++];
528 c->function = HYPERV_CPUID_IMPLEMENT_LIMITS;
532 kvm_base = KVM_CPUID_SIGNATURE_NEXT;
533 has_msr_hv_hypercall = true;
536 if (cpu->expose_kvm) {
537 memcpy(signature, "KVMKVMKVM\0\0\0", 12);
538 c = &cpuid_data.entries[cpuid_i++];
539 c->function = KVM_CPUID_SIGNATURE | kvm_base;
540 c->eax = KVM_CPUID_FEATURES | kvm_base;
541 c->ebx = signature[0];
542 c->ecx = signature[1];
543 c->edx = signature[2];
545 c = &cpuid_data.entries[cpuid_i++];
546 c->function = KVM_CPUID_FEATURES | kvm_base;
547 c->eax = env->features[FEAT_KVM];
549 has_msr_async_pf_en = c->eax & (1 << KVM_FEATURE_ASYNC_PF);
551 has_msr_pv_eoi_en = c->eax & (1 << KVM_FEATURE_PV_EOI);
553 has_msr_kvm_steal_time = c->eax & (1 << KVM_FEATURE_STEAL_TIME);
556 cpu_x86_cpuid(env, 0, 0, &limit, &unused, &unused, &unused);
558 for (i = 0; i <= limit; i++) {
559 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
560 fprintf(stderr, "unsupported level value: 0x%x\n", limit);
563 c = &cpuid_data.entries[cpuid_i++];
567 /* Keep reading function 2 till all the input is received */
571 c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC |
572 KVM_CPUID_FLAG_STATE_READ_NEXT;
573 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
574 times = c->eax & 0xff;
576 for (j = 1; j < times; ++j) {
577 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
578 fprintf(stderr, "cpuid_data is full, no space for "
579 "cpuid(eax:2):eax & 0xf = 0x%x\n", times);
582 c = &cpuid_data.entries[cpuid_i++];
584 c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC;
585 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
593 if (i == 0xd && j == 64) {
597 c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
599 cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->edx);
601 if (i == 4 && c->eax == 0) {
604 if (i == 0xb && !(c->ecx & 0xff00)) {
607 if (i == 0xd && c->eax == 0) {
610 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
611 fprintf(stderr, "cpuid_data is full, no space for "
612 "cpuid(eax:0x%x,ecx:0x%x)\n", i, j);
615 c = &cpuid_data.entries[cpuid_i++];
621 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
629 cpu_x86_cpuid(env, 0x0a, 0, &ver, &unused, &unused, &unused);
630 if ((ver & 0xff) > 0) {
631 has_msr_architectural_pmu = true;
632 num_architectural_pmu_counters = (ver & 0xff00) >> 8;
634 /* Shouldn't be more than 32, since that's the number of bits
635 * available in EBX to tell us _which_ counters are available.
638 if (num_architectural_pmu_counters > MAX_GP_COUNTERS) {
639 num_architectural_pmu_counters = MAX_GP_COUNTERS;
644 cpu_x86_cpuid(env, 0x80000000, 0, &limit, &unused, &unused, &unused);
646 for (i = 0x80000000; i <= limit; i++) {
647 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
648 fprintf(stderr, "unsupported xlevel value: 0x%x\n", limit);
651 c = &cpuid_data.entries[cpuid_i++];
655 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
658 /* Call Centaur's CPUID instructions they are supported. */
659 if (env->cpuid_xlevel2 > 0) {
660 cpu_x86_cpuid(env, 0xC0000000, 0, &limit, &unused, &unused, &unused);
662 for (i = 0xC0000000; i <= limit; i++) {
663 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
664 fprintf(stderr, "unsupported xlevel2 value: 0x%x\n", limit);
667 c = &cpuid_data.entries[cpuid_i++];
671 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
675 cpuid_data.cpuid.nent = cpuid_i;
677 if (((env->cpuid_version >> 8)&0xF) >= 6
678 && (env->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
679 (CPUID_MCE | CPUID_MCA)
680 && kvm_check_extension(cs->kvm_state, KVM_CAP_MCE) > 0) {
685 ret = kvm_get_mce_cap_supported(cs->kvm_state, &mcg_cap, &banks);
687 fprintf(stderr, "kvm_get_mce_cap_supported: %s", strerror(-ret));
691 if (banks > MCE_BANKS_DEF) {
692 banks = MCE_BANKS_DEF;
694 mcg_cap &= MCE_CAP_DEF;
696 ret = kvm_vcpu_ioctl(cs, KVM_X86_SETUP_MCE, &mcg_cap);
698 fprintf(stderr, "KVM_X86_SETUP_MCE: %s", strerror(-ret));
702 env->mcg_cap = mcg_cap;
705 qemu_add_vm_change_state_handler(cpu_update_state, env);
707 c = cpuid_find_entry(&cpuid_data.cpuid, 1, 0);
709 has_msr_feature_control = !!(c->ecx & CPUID_EXT_VMX) ||
710 !!(c->ecx & CPUID_EXT_SMX);
713 c = cpuid_find_entry(&cpuid_data.cpuid, 0x80000007, 0);
714 if (c && (c->edx & 1<<8) && invtsc_mig_blocker == NULL) {
716 error_setg(&invtsc_mig_blocker,
717 "State blocked by non-migratable CPU device"
719 migrate_add_blocker(invtsc_mig_blocker);
721 vmstate_x86_cpu.unmigratable = 1;
724 cpuid_data.cpuid.padding = 0;
725 r = kvm_vcpu_ioctl(cs, KVM_SET_CPUID2, &cpuid_data);
730 r = kvm_check_extension(cs->kvm_state, KVM_CAP_TSC_CONTROL);
731 if (r && env->tsc_khz) {
732 r = kvm_vcpu_ioctl(cs, KVM_SET_TSC_KHZ, env->tsc_khz);
734 fprintf(stderr, "KVM_SET_TSC_KHZ failed\n");
739 if (kvm_has_xsave()) {
740 env->kvm_xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
743 if (env->features[FEAT_1_EDX] & CPUID_MTRR) {
750 void kvm_arch_reset_vcpu(X86CPU *cpu)
752 CPUX86State *env = &cpu->env;
754 env->exception_injected = -1;
755 env->interrupt_injected = -1;
757 if (kvm_irqchip_in_kernel()) {
758 env->mp_state = cpu_is_bsp(cpu) ? KVM_MP_STATE_RUNNABLE :
759 KVM_MP_STATE_UNINITIALIZED;
761 env->mp_state = KVM_MP_STATE_RUNNABLE;
765 void kvm_arch_do_init_vcpu(X86CPU *cpu)
767 CPUX86State *env = &cpu->env;
769 /* APs get directly into wait-for-SIPI state. */
770 if (env->mp_state == KVM_MP_STATE_UNINITIALIZED) {
771 env->mp_state = KVM_MP_STATE_INIT_RECEIVED;
775 static int kvm_get_supported_msrs(KVMState *s)
777 static int kvm_supported_msrs;
781 if (kvm_supported_msrs == 0) {
782 struct kvm_msr_list msr_list, *kvm_msr_list;
784 kvm_supported_msrs = -1;
786 /* Obtain MSR list from KVM. These are the MSRs that we must
789 ret = kvm_ioctl(s, KVM_GET_MSR_INDEX_LIST, &msr_list);
790 if (ret < 0 && ret != -E2BIG) {
793 /* Old kernel modules had a bug and could write beyond the provided
794 memory. Allocate at least a safe amount of 1K. */
795 kvm_msr_list = g_malloc0(MAX(1024, sizeof(msr_list) +
797 sizeof(msr_list.indices[0])));
799 kvm_msr_list->nmsrs = msr_list.nmsrs;
800 ret = kvm_ioctl(s, KVM_GET_MSR_INDEX_LIST, kvm_msr_list);
804 for (i = 0; i < kvm_msr_list->nmsrs; i++) {
805 if (kvm_msr_list->indices[i] == MSR_STAR) {
809 if (kvm_msr_list->indices[i] == MSR_VM_HSAVE_PA) {
810 has_msr_hsave_pa = true;
813 if (kvm_msr_list->indices[i] == MSR_TSC_ADJUST) {
814 has_msr_tsc_adjust = true;
817 if (kvm_msr_list->indices[i] == MSR_IA32_TSCDEADLINE) {
818 has_msr_tsc_deadline = true;
821 if (kvm_msr_list->indices[i] == MSR_IA32_MISC_ENABLE) {
822 has_msr_misc_enable = true;
825 if (kvm_msr_list->indices[i] == MSR_IA32_BNDCFGS) {
826 has_msr_bndcfgs = true;
832 g_free(kvm_msr_list);
838 int kvm_arch_init(KVMState *s)
840 uint64_t identity_base = 0xfffbc000;
843 struct utsname utsname;
845 ret = kvm_get_supported_msrs(s);
851 lm_capable_kernel = strcmp(utsname.machine, "x86_64") == 0;
854 * On older Intel CPUs, KVM uses vm86 mode to emulate 16-bit code directly.
855 * In order to use vm86 mode, an EPT identity map and a TSS are needed.
856 * Since these must be part of guest physical memory, we need to allocate
857 * them, both by setting their start addresses in the kernel and by
858 * creating a corresponding e820 entry. We need 4 pages before the BIOS.
860 * Older KVM versions may not support setting the identity map base. In
861 * that case we need to stick with the default, i.e. a 256K maximum BIOS
864 if (kvm_check_extension(s, KVM_CAP_SET_IDENTITY_MAP_ADDR)) {
865 /* Allows up to 16M BIOSes. */
866 identity_base = 0xfeffc000;
868 ret = kvm_vm_ioctl(s, KVM_SET_IDENTITY_MAP_ADDR, &identity_base);
874 /* Set TSS base one page after EPT identity map. */
875 ret = kvm_vm_ioctl(s, KVM_SET_TSS_ADDR, identity_base + 0x1000);
880 /* Tell fw_cfg to notify the BIOS to reserve the range. */
881 ret = e820_add_entry(identity_base, 0x4000, E820_RESERVED);
883 fprintf(stderr, "e820_add_entry() table is full\n");
886 qemu_register_reset(kvm_unpoison_all, NULL);
888 shadow_mem = qemu_opt_get_size(qemu_get_machine_opts(),
889 "kvm_shadow_mem", -1);
890 if (shadow_mem != -1) {
892 ret = kvm_vm_ioctl(s, KVM_SET_NR_MMU_PAGES, shadow_mem);
900 static void set_v8086_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
902 lhs->selector = rhs->selector;
903 lhs->base = rhs->base;
904 lhs->limit = rhs->limit;
916 static void set_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
918 unsigned flags = rhs->flags;
919 lhs->selector = rhs->selector;
920 lhs->base = rhs->base;
921 lhs->limit = rhs->limit;
922 lhs->type = (flags >> DESC_TYPE_SHIFT) & 15;
923 lhs->present = (flags & DESC_P_MASK) != 0;
924 lhs->dpl = (flags >> DESC_DPL_SHIFT) & 3;
925 lhs->db = (flags >> DESC_B_SHIFT) & 1;
926 lhs->s = (flags & DESC_S_MASK) != 0;
927 lhs->l = (flags >> DESC_L_SHIFT) & 1;
928 lhs->g = (flags & DESC_G_MASK) != 0;
929 lhs->avl = (flags & DESC_AVL_MASK) != 0;
934 static void get_seg(SegmentCache *lhs, const struct kvm_segment *rhs)
936 lhs->selector = rhs->selector;
937 lhs->base = rhs->base;
938 lhs->limit = rhs->limit;
939 lhs->flags = (rhs->type << DESC_TYPE_SHIFT) |
940 (rhs->present * DESC_P_MASK) |
941 (rhs->dpl << DESC_DPL_SHIFT) |
942 (rhs->db << DESC_B_SHIFT) |
943 (rhs->s * DESC_S_MASK) |
944 (rhs->l << DESC_L_SHIFT) |
945 (rhs->g * DESC_G_MASK) |
946 (rhs->avl * DESC_AVL_MASK);
949 static void kvm_getput_reg(__u64 *kvm_reg, target_ulong *qemu_reg, int set)
952 *kvm_reg = *qemu_reg;
954 *qemu_reg = *kvm_reg;
958 static int kvm_getput_regs(X86CPU *cpu, int set)
960 CPUX86State *env = &cpu->env;
961 struct kvm_regs regs;
965 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_REGS, ®s);
971 kvm_getput_reg(®s.rax, &env->regs[R_EAX], set);
972 kvm_getput_reg(®s.rbx, &env->regs[R_EBX], set);
973 kvm_getput_reg(®s.rcx, &env->regs[R_ECX], set);
974 kvm_getput_reg(®s.rdx, &env->regs[R_EDX], set);
975 kvm_getput_reg(®s.rsi, &env->regs[R_ESI], set);
976 kvm_getput_reg(®s.rdi, &env->regs[R_EDI], set);
977 kvm_getput_reg(®s.rsp, &env->regs[R_ESP], set);
978 kvm_getput_reg(®s.rbp, &env->regs[R_EBP], set);
980 kvm_getput_reg(®s.r8, &env->regs[8], set);
981 kvm_getput_reg(®s.r9, &env->regs[9], set);
982 kvm_getput_reg(®s.r10, &env->regs[10], set);
983 kvm_getput_reg(®s.r11, &env->regs[11], set);
984 kvm_getput_reg(®s.r12, &env->regs[12], set);
985 kvm_getput_reg(®s.r13, &env->regs[13], set);
986 kvm_getput_reg(®s.r14, &env->regs[14], set);
987 kvm_getput_reg(®s.r15, &env->regs[15], set);
990 kvm_getput_reg(®s.rflags, &env->eflags, set);
991 kvm_getput_reg(®s.rip, &env->eip, set);
994 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_REGS, ®s);
1000 static int kvm_put_fpu(X86CPU *cpu)
1002 CPUX86State *env = &cpu->env;
1006 memset(&fpu, 0, sizeof fpu);
1007 fpu.fsw = env->fpus & ~(7 << 11);
1008 fpu.fsw |= (env->fpstt & 7) << 11;
1009 fpu.fcw = env->fpuc;
1010 fpu.last_opcode = env->fpop;
1011 fpu.last_ip = env->fpip;
1012 fpu.last_dp = env->fpdp;
1013 for (i = 0; i < 8; ++i) {
1014 fpu.ftwx |= (!env->fptags[i]) << i;
1016 memcpy(fpu.fpr, env->fpregs, sizeof env->fpregs);
1017 memcpy(fpu.xmm, env->xmm_regs, sizeof env->xmm_regs);
1018 fpu.mxcsr = env->mxcsr;
1020 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_FPU, &fpu);
1023 #define XSAVE_FCW_FSW 0
1024 #define XSAVE_FTW_FOP 1
1025 #define XSAVE_CWD_RIP 2
1026 #define XSAVE_CWD_RDP 4
1027 #define XSAVE_MXCSR 6
1028 #define XSAVE_ST_SPACE 8
1029 #define XSAVE_XMM_SPACE 40
1030 #define XSAVE_XSTATE_BV 128
1031 #define XSAVE_YMMH_SPACE 144
1032 #define XSAVE_BNDREGS 240
1033 #define XSAVE_BNDCSR 256
1034 #define XSAVE_OPMASK 272
1035 #define XSAVE_ZMM_Hi256 288
1036 #define XSAVE_Hi16_ZMM 416
1038 static int kvm_put_xsave(X86CPU *cpu)
1040 CPUX86State *env = &cpu->env;
1041 struct kvm_xsave* xsave = env->kvm_xsave_buf;
1042 uint16_t cwd, swd, twd;
1045 if (!kvm_has_xsave()) {
1046 return kvm_put_fpu(cpu);
1049 memset(xsave, 0, sizeof(struct kvm_xsave));
1051 swd = env->fpus & ~(7 << 11);
1052 swd |= (env->fpstt & 7) << 11;
1054 for (i = 0; i < 8; ++i) {
1055 twd |= (!env->fptags[i]) << i;
1057 xsave->region[XSAVE_FCW_FSW] = (uint32_t)(swd << 16) + cwd;
1058 xsave->region[XSAVE_FTW_FOP] = (uint32_t)(env->fpop << 16) + twd;
1059 memcpy(&xsave->region[XSAVE_CWD_RIP], &env->fpip, sizeof(env->fpip));
1060 memcpy(&xsave->region[XSAVE_CWD_RDP], &env->fpdp, sizeof(env->fpdp));
1061 memcpy(&xsave->region[XSAVE_ST_SPACE], env->fpregs,
1062 sizeof env->fpregs);
1063 memcpy(&xsave->region[XSAVE_XMM_SPACE], env->xmm_regs,
1064 sizeof env->xmm_regs);
1065 xsave->region[XSAVE_MXCSR] = env->mxcsr;
1066 *(uint64_t *)&xsave->region[XSAVE_XSTATE_BV] = env->xstate_bv;
1067 memcpy(&xsave->region[XSAVE_YMMH_SPACE], env->ymmh_regs,
1068 sizeof env->ymmh_regs);
1069 memcpy(&xsave->region[XSAVE_BNDREGS], env->bnd_regs,
1070 sizeof env->bnd_regs);
1071 memcpy(&xsave->region[XSAVE_BNDCSR], &env->bndcs_regs,
1072 sizeof(env->bndcs_regs));
1073 memcpy(&xsave->region[XSAVE_OPMASK], env->opmask_regs,
1074 sizeof env->opmask_regs);
1075 memcpy(&xsave->region[XSAVE_ZMM_Hi256], env->zmmh_regs,
1076 sizeof env->zmmh_regs);
1077 #ifdef TARGET_X86_64
1078 memcpy(&xsave->region[XSAVE_Hi16_ZMM], env->hi16_zmm_regs,
1079 sizeof env->hi16_zmm_regs);
1081 r = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_XSAVE, xsave);
1085 static int kvm_put_xcrs(X86CPU *cpu)
1087 CPUX86State *env = &cpu->env;
1088 struct kvm_xcrs xcrs;
1090 if (!kvm_has_xcrs()) {
1096 xcrs.xcrs[0].xcr = 0;
1097 xcrs.xcrs[0].value = env->xcr0;
1098 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_XCRS, &xcrs);
1101 static int kvm_put_sregs(X86CPU *cpu)
1103 CPUX86State *env = &cpu->env;
1104 struct kvm_sregs sregs;
1106 memset(sregs.interrupt_bitmap, 0, sizeof(sregs.interrupt_bitmap));
1107 if (env->interrupt_injected >= 0) {
1108 sregs.interrupt_bitmap[env->interrupt_injected / 64] |=
1109 (uint64_t)1 << (env->interrupt_injected % 64);
1112 if ((env->eflags & VM_MASK)) {
1113 set_v8086_seg(&sregs.cs, &env->segs[R_CS]);
1114 set_v8086_seg(&sregs.ds, &env->segs[R_DS]);
1115 set_v8086_seg(&sregs.es, &env->segs[R_ES]);
1116 set_v8086_seg(&sregs.fs, &env->segs[R_FS]);
1117 set_v8086_seg(&sregs.gs, &env->segs[R_GS]);
1118 set_v8086_seg(&sregs.ss, &env->segs[R_SS]);
1120 set_seg(&sregs.cs, &env->segs[R_CS]);
1121 set_seg(&sregs.ds, &env->segs[R_DS]);
1122 set_seg(&sregs.es, &env->segs[R_ES]);
1123 set_seg(&sregs.fs, &env->segs[R_FS]);
1124 set_seg(&sregs.gs, &env->segs[R_GS]);
1125 set_seg(&sregs.ss, &env->segs[R_SS]);
1128 set_seg(&sregs.tr, &env->tr);
1129 set_seg(&sregs.ldt, &env->ldt);
1131 sregs.idt.limit = env->idt.limit;
1132 sregs.idt.base = env->idt.base;
1133 memset(sregs.idt.padding, 0, sizeof sregs.idt.padding);
1134 sregs.gdt.limit = env->gdt.limit;
1135 sregs.gdt.base = env->gdt.base;
1136 memset(sregs.gdt.padding, 0, sizeof sregs.gdt.padding);
1138 sregs.cr0 = env->cr[0];
1139 sregs.cr2 = env->cr[2];
1140 sregs.cr3 = env->cr[3];
1141 sregs.cr4 = env->cr[4];
1143 sregs.cr8 = cpu_get_apic_tpr(cpu->apic_state);
1144 sregs.apic_base = cpu_get_apic_base(cpu->apic_state);
1146 sregs.efer = env->efer;
1148 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_SREGS, &sregs);
1151 static void kvm_msr_entry_set(struct kvm_msr_entry *entry,
1152 uint32_t index, uint64_t value)
1154 entry->index = index;
1155 entry->data = value;
1158 static int kvm_put_tscdeadline_msr(X86CPU *cpu)
1160 CPUX86State *env = &cpu->env;
1162 struct kvm_msrs info;
1163 struct kvm_msr_entry entries[1];
1165 struct kvm_msr_entry *msrs = msr_data.entries;
1167 if (!has_msr_tsc_deadline) {
1171 kvm_msr_entry_set(&msrs[0], MSR_IA32_TSCDEADLINE, env->tsc_deadline);
1173 msr_data.info.nmsrs = 1;
1175 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, &msr_data);
1179 * Provide a separate write service for the feature control MSR in order to
1180 * kick the VCPU out of VMXON or even guest mode on reset. This has to be done
1181 * before writing any other state because forcibly leaving nested mode
1182 * invalidates the VCPU state.
1184 static int kvm_put_msr_feature_control(X86CPU *cpu)
1187 struct kvm_msrs info;
1188 struct kvm_msr_entry entry;
1191 kvm_msr_entry_set(&msr_data.entry, MSR_IA32_FEATURE_CONTROL,
1192 cpu->env.msr_ia32_feature_control);
1193 msr_data.info.nmsrs = 1;
1194 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, &msr_data);
1197 static int kvm_put_msrs(X86CPU *cpu, int level)
1199 CPUX86State *env = &cpu->env;
1201 struct kvm_msrs info;
1202 struct kvm_msr_entry entries[150];
1204 struct kvm_msr_entry *msrs = msr_data.entries;
1207 kvm_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_CS, env->sysenter_cs);
1208 kvm_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_ESP, env->sysenter_esp);
1209 kvm_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip);
1210 kvm_msr_entry_set(&msrs[n++], MSR_PAT, env->pat);
1212 kvm_msr_entry_set(&msrs[n++], MSR_STAR, env->star);
1214 if (has_msr_hsave_pa) {
1215 kvm_msr_entry_set(&msrs[n++], MSR_VM_HSAVE_PA, env->vm_hsave);
1217 if (has_msr_tsc_adjust) {
1218 kvm_msr_entry_set(&msrs[n++], MSR_TSC_ADJUST, env->tsc_adjust);
1220 if (has_msr_misc_enable) {
1221 kvm_msr_entry_set(&msrs[n++], MSR_IA32_MISC_ENABLE,
1222 env->msr_ia32_misc_enable);
1224 if (has_msr_bndcfgs) {
1225 kvm_msr_entry_set(&msrs[n++], MSR_IA32_BNDCFGS, env->msr_bndcfgs);
1227 #ifdef TARGET_X86_64
1228 if (lm_capable_kernel) {
1229 kvm_msr_entry_set(&msrs[n++], MSR_CSTAR, env->cstar);
1230 kvm_msr_entry_set(&msrs[n++], MSR_KERNELGSBASE, env->kernelgsbase);
1231 kvm_msr_entry_set(&msrs[n++], MSR_FMASK, env->fmask);
1232 kvm_msr_entry_set(&msrs[n++], MSR_LSTAR, env->lstar);
1236 * The following MSRs have side effects on the guest or are too heavy
1237 * for normal writeback. Limit them to reset or full state updates.
1239 if (level >= KVM_PUT_RESET_STATE) {
1240 kvm_msr_entry_set(&msrs[n++], MSR_IA32_TSC, env->tsc);
1241 kvm_msr_entry_set(&msrs[n++], MSR_KVM_SYSTEM_TIME,
1242 env->system_time_msr);
1243 kvm_msr_entry_set(&msrs[n++], MSR_KVM_WALL_CLOCK, env->wall_clock_msr);
1244 if (has_msr_async_pf_en) {
1245 kvm_msr_entry_set(&msrs[n++], MSR_KVM_ASYNC_PF_EN,
1246 env->async_pf_en_msr);
1248 if (has_msr_pv_eoi_en) {
1249 kvm_msr_entry_set(&msrs[n++], MSR_KVM_PV_EOI_EN,
1250 env->pv_eoi_en_msr);
1252 if (has_msr_kvm_steal_time) {
1253 kvm_msr_entry_set(&msrs[n++], MSR_KVM_STEAL_TIME,
1254 env->steal_time_msr);
1256 if (has_msr_architectural_pmu) {
1257 /* Stop the counter. */
1258 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
1259 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_GLOBAL_CTRL, 0);
1261 /* Set the counter values. */
1262 for (i = 0; i < MAX_FIXED_COUNTERS; i++) {
1263 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_FIXED_CTR0 + i,
1264 env->msr_fixed_counters[i]);
1266 for (i = 0; i < num_architectural_pmu_counters; i++) {
1267 kvm_msr_entry_set(&msrs[n++], MSR_P6_PERFCTR0 + i,
1268 env->msr_gp_counters[i]);
1269 kvm_msr_entry_set(&msrs[n++], MSR_P6_EVNTSEL0 + i,
1270 env->msr_gp_evtsel[i]);
1272 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_GLOBAL_STATUS,
1273 env->msr_global_status);
1274 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_GLOBAL_OVF_CTRL,
1275 env->msr_global_ovf_ctrl);
1277 /* Now start the PMU. */
1278 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_FIXED_CTR_CTRL,
1279 env->msr_fixed_ctr_ctrl);
1280 kvm_msr_entry_set(&msrs[n++], MSR_CORE_PERF_GLOBAL_CTRL,
1281 env->msr_global_ctrl);
1283 if (has_msr_hv_hypercall) {
1284 kvm_msr_entry_set(&msrs[n++], HV_X64_MSR_GUEST_OS_ID,
1285 env->msr_hv_guest_os_id);
1286 kvm_msr_entry_set(&msrs[n++], HV_X64_MSR_HYPERCALL,
1287 env->msr_hv_hypercall);
1289 if (has_msr_hv_vapic) {
1290 kvm_msr_entry_set(&msrs[n++], HV_X64_MSR_APIC_ASSIST_PAGE,
1293 if (has_msr_hv_tsc) {
1294 kvm_msr_entry_set(&msrs[n++], HV_X64_MSR_REFERENCE_TSC,
1298 kvm_msr_entry_set(&msrs[n++], MSR_MTRRdefType, env->mtrr_deftype);
1299 kvm_msr_entry_set(&msrs[n++],
1300 MSR_MTRRfix64K_00000, env->mtrr_fixed[0]);
1301 kvm_msr_entry_set(&msrs[n++],
1302 MSR_MTRRfix16K_80000, env->mtrr_fixed[1]);
1303 kvm_msr_entry_set(&msrs[n++],
1304 MSR_MTRRfix16K_A0000, env->mtrr_fixed[2]);
1305 kvm_msr_entry_set(&msrs[n++],
1306 MSR_MTRRfix4K_C0000, env->mtrr_fixed[3]);
1307 kvm_msr_entry_set(&msrs[n++],
1308 MSR_MTRRfix4K_C8000, env->mtrr_fixed[4]);
1309 kvm_msr_entry_set(&msrs[n++],
1310 MSR_MTRRfix4K_D0000, env->mtrr_fixed[5]);
1311 kvm_msr_entry_set(&msrs[n++],
1312 MSR_MTRRfix4K_D8000, env->mtrr_fixed[6]);
1313 kvm_msr_entry_set(&msrs[n++],
1314 MSR_MTRRfix4K_E0000, env->mtrr_fixed[7]);
1315 kvm_msr_entry_set(&msrs[n++],
1316 MSR_MTRRfix4K_E8000, env->mtrr_fixed[8]);
1317 kvm_msr_entry_set(&msrs[n++],
1318 MSR_MTRRfix4K_F0000, env->mtrr_fixed[9]);
1319 kvm_msr_entry_set(&msrs[n++],
1320 MSR_MTRRfix4K_F8000, env->mtrr_fixed[10]);
1321 for (i = 0; i < MSR_MTRRcap_VCNT; i++) {
1322 kvm_msr_entry_set(&msrs[n++],
1323 MSR_MTRRphysBase(i), env->mtrr_var[i].base);
1324 kvm_msr_entry_set(&msrs[n++],
1325 MSR_MTRRphysMask(i), env->mtrr_var[i].mask);
1329 /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
1330 * kvm_put_msr_feature_control. */
1335 kvm_msr_entry_set(&msrs[n++], MSR_MCG_STATUS, env->mcg_status);
1336 kvm_msr_entry_set(&msrs[n++], MSR_MCG_CTL, env->mcg_ctl);
1337 for (i = 0; i < (env->mcg_cap & 0xff) * 4; i++) {
1338 kvm_msr_entry_set(&msrs[n++], MSR_MC0_CTL + i, env->mce_banks[i]);
1342 msr_data.info.nmsrs = n;
1344 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, &msr_data);
1349 static int kvm_get_fpu(X86CPU *cpu)
1351 CPUX86State *env = &cpu->env;
1355 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_FPU, &fpu);
1360 env->fpstt = (fpu.fsw >> 11) & 7;
1361 env->fpus = fpu.fsw;
1362 env->fpuc = fpu.fcw;
1363 env->fpop = fpu.last_opcode;
1364 env->fpip = fpu.last_ip;
1365 env->fpdp = fpu.last_dp;
1366 for (i = 0; i < 8; ++i) {
1367 env->fptags[i] = !((fpu.ftwx >> i) & 1);
1369 memcpy(env->fpregs, fpu.fpr, sizeof env->fpregs);
1370 memcpy(env->xmm_regs, fpu.xmm, sizeof env->xmm_regs);
1371 env->mxcsr = fpu.mxcsr;
1376 static int kvm_get_xsave(X86CPU *cpu)
1378 CPUX86State *env = &cpu->env;
1379 struct kvm_xsave* xsave = env->kvm_xsave_buf;
1381 uint16_t cwd, swd, twd;
1383 if (!kvm_has_xsave()) {
1384 return kvm_get_fpu(cpu);
1387 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_XSAVE, xsave);
1392 cwd = (uint16_t)xsave->region[XSAVE_FCW_FSW];
1393 swd = (uint16_t)(xsave->region[XSAVE_FCW_FSW] >> 16);
1394 twd = (uint16_t)xsave->region[XSAVE_FTW_FOP];
1395 env->fpop = (uint16_t)(xsave->region[XSAVE_FTW_FOP] >> 16);
1396 env->fpstt = (swd >> 11) & 7;
1399 for (i = 0; i < 8; ++i) {
1400 env->fptags[i] = !((twd >> i) & 1);
1402 memcpy(&env->fpip, &xsave->region[XSAVE_CWD_RIP], sizeof(env->fpip));
1403 memcpy(&env->fpdp, &xsave->region[XSAVE_CWD_RDP], sizeof(env->fpdp));
1404 env->mxcsr = xsave->region[XSAVE_MXCSR];
1405 memcpy(env->fpregs, &xsave->region[XSAVE_ST_SPACE],
1406 sizeof env->fpregs);
1407 memcpy(env->xmm_regs, &xsave->region[XSAVE_XMM_SPACE],
1408 sizeof env->xmm_regs);
1409 env->xstate_bv = *(uint64_t *)&xsave->region[XSAVE_XSTATE_BV];
1410 memcpy(env->ymmh_regs, &xsave->region[XSAVE_YMMH_SPACE],
1411 sizeof env->ymmh_regs);
1412 memcpy(env->bnd_regs, &xsave->region[XSAVE_BNDREGS],
1413 sizeof env->bnd_regs);
1414 memcpy(&env->bndcs_regs, &xsave->region[XSAVE_BNDCSR],
1415 sizeof(env->bndcs_regs));
1416 memcpy(env->opmask_regs, &xsave->region[XSAVE_OPMASK],
1417 sizeof env->opmask_regs);
1418 memcpy(env->zmmh_regs, &xsave->region[XSAVE_ZMM_Hi256],
1419 sizeof env->zmmh_regs);
1420 #ifdef TARGET_X86_64
1421 memcpy(env->hi16_zmm_regs, &xsave->region[XSAVE_Hi16_ZMM],
1422 sizeof env->hi16_zmm_regs);
1427 static int kvm_get_xcrs(X86CPU *cpu)
1429 CPUX86State *env = &cpu->env;
1431 struct kvm_xcrs xcrs;
1433 if (!kvm_has_xcrs()) {
1437 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_XCRS, &xcrs);
1442 for (i = 0; i < xcrs.nr_xcrs; i++) {
1443 /* Only support xcr0 now */
1444 if (xcrs.xcrs[i].xcr == 0) {
1445 env->xcr0 = xcrs.xcrs[i].value;
1452 static int kvm_get_sregs(X86CPU *cpu)
1454 CPUX86State *env = &cpu->env;
1455 struct kvm_sregs sregs;
1459 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_SREGS, &sregs);
1464 /* There can only be one pending IRQ set in the bitmap at a time, so try
1465 to find it and save its number instead (-1 for none). */
1466 env->interrupt_injected = -1;
1467 for (i = 0; i < ARRAY_SIZE(sregs.interrupt_bitmap); i++) {
1468 if (sregs.interrupt_bitmap[i]) {
1469 bit = ctz64(sregs.interrupt_bitmap[i]);
1470 env->interrupt_injected = i * 64 + bit;
1475 get_seg(&env->segs[R_CS], &sregs.cs);
1476 get_seg(&env->segs[R_DS], &sregs.ds);
1477 get_seg(&env->segs[R_ES], &sregs.es);
1478 get_seg(&env->segs[R_FS], &sregs.fs);
1479 get_seg(&env->segs[R_GS], &sregs.gs);
1480 get_seg(&env->segs[R_SS], &sregs.ss);
1482 get_seg(&env->tr, &sregs.tr);
1483 get_seg(&env->ldt, &sregs.ldt);
1485 env->idt.limit = sregs.idt.limit;
1486 env->idt.base = sregs.idt.base;
1487 env->gdt.limit = sregs.gdt.limit;
1488 env->gdt.base = sregs.gdt.base;
1490 env->cr[0] = sregs.cr0;
1491 env->cr[2] = sregs.cr2;
1492 env->cr[3] = sregs.cr3;
1493 env->cr[4] = sregs.cr4;
1495 env->efer = sregs.efer;
1497 /* changes to apic base and cr8/tpr are read back via kvm_arch_post_run */
1499 #define HFLAG_COPY_MASK \
1500 ~( HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
1501 HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
1502 HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
1503 HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
1505 hflags = (env->segs[R_SS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
1506 hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
1507 hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
1508 (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
1509 hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
1510 hflags |= (env->cr[4] & CR4_OSFXSR_MASK) <<
1511 (HF_OSFXSR_SHIFT - CR4_OSFXSR_SHIFT);
1513 if (env->efer & MSR_EFER_LMA) {
1514 hflags |= HF_LMA_MASK;
1517 if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
1518 hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
1520 hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
1521 (DESC_B_SHIFT - HF_CS32_SHIFT);
1522 hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
1523 (DESC_B_SHIFT - HF_SS32_SHIFT);
1524 if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK) ||
1525 !(hflags & HF_CS32_MASK)) {
1526 hflags |= HF_ADDSEG_MASK;
1528 hflags |= ((env->segs[R_DS].base | env->segs[R_ES].base |
1529 env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
1532 env->hflags = (env->hflags & HFLAG_COPY_MASK) | hflags;
1537 static int kvm_get_msrs(X86CPU *cpu)
1539 CPUX86State *env = &cpu->env;
1541 struct kvm_msrs info;
1542 struct kvm_msr_entry entries[150];
1544 struct kvm_msr_entry *msrs = msr_data.entries;
1548 msrs[n++].index = MSR_IA32_SYSENTER_CS;
1549 msrs[n++].index = MSR_IA32_SYSENTER_ESP;
1550 msrs[n++].index = MSR_IA32_SYSENTER_EIP;
1551 msrs[n++].index = MSR_PAT;
1553 msrs[n++].index = MSR_STAR;
1555 if (has_msr_hsave_pa) {
1556 msrs[n++].index = MSR_VM_HSAVE_PA;
1558 if (has_msr_tsc_adjust) {
1559 msrs[n++].index = MSR_TSC_ADJUST;
1561 if (has_msr_tsc_deadline) {
1562 msrs[n++].index = MSR_IA32_TSCDEADLINE;
1564 if (has_msr_misc_enable) {
1565 msrs[n++].index = MSR_IA32_MISC_ENABLE;
1567 if (has_msr_feature_control) {
1568 msrs[n++].index = MSR_IA32_FEATURE_CONTROL;
1570 if (has_msr_bndcfgs) {
1571 msrs[n++].index = MSR_IA32_BNDCFGS;
1574 if (!env->tsc_valid) {
1575 msrs[n++].index = MSR_IA32_TSC;
1576 env->tsc_valid = !runstate_is_running();
1579 #ifdef TARGET_X86_64
1580 if (lm_capable_kernel) {
1581 msrs[n++].index = MSR_CSTAR;
1582 msrs[n++].index = MSR_KERNELGSBASE;
1583 msrs[n++].index = MSR_FMASK;
1584 msrs[n++].index = MSR_LSTAR;
1587 msrs[n++].index = MSR_KVM_SYSTEM_TIME;
1588 msrs[n++].index = MSR_KVM_WALL_CLOCK;
1589 if (has_msr_async_pf_en) {
1590 msrs[n++].index = MSR_KVM_ASYNC_PF_EN;
1592 if (has_msr_pv_eoi_en) {
1593 msrs[n++].index = MSR_KVM_PV_EOI_EN;
1595 if (has_msr_kvm_steal_time) {
1596 msrs[n++].index = MSR_KVM_STEAL_TIME;
1598 if (has_msr_architectural_pmu) {
1599 msrs[n++].index = MSR_CORE_PERF_FIXED_CTR_CTRL;
1600 msrs[n++].index = MSR_CORE_PERF_GLOBAL_CTRL;
1601 msrs[n++].index = MSR_CORE_PERF_GLOBAL_STATUS;
1602 msrs[n++].index = MSR_CORE_PERF_GLOBAL_OVF_CTRL;
1603 for (i = 0; i < MAX_FIXED_COUNTERS; i++) {
1604 msrs[n++].index = MSR_CORE_PERF_FIXED_CTR0 + i;
1606 for (i = 0; i < num_architectural_pmu_counters; i++) {
1607 msrs[n++].index = MSR_P6_PERFCTR0 + i;
1608 msrs[n++].index = MSR_P6_EVNTSEL0 + i;
1613 msrs[n++].index = MSR_MCG_STATUS;
1614 msrs[n++].index = MSR_MCG_CTL;
1615 for (i = 0; i < (env->mcg_cap & 0xff) * 4; i++) {
1616 msrs[n++].index = MSR_MC0_CTL + i;
1620 if (has_msr_hv_hypercall) {
1621 msrs[n++].index = HV_X64_MSR_HYPERCALL;
1622 msrs[n++].index = HV_X64_MSR_GUEST_OS_ID;
1624 if (has_msr_hv_vapic) {
1625 msrs[n++].index = HV_X64_MSR_APIC_ASSIST_PAGE;
1627 if (has_msr_hv_tsc) {
1628 msrs[n++].index = HV_X64_MSR_REFERENCE_TSC;
1631 msrs[n++].index = MSR_MTRRdefType;
1632 msrs[n++].index = MSR_MTRRfix64K_00000;
1633 msrs[n++].index = MSR_MTRRfix16K_80000;
1634 msrs[n++].index = MSR_MTRRfix16K_A0000;
1635 msrs[n++].index = MSR_MTRRfix4K_C0000;
1636 msrs[n++].index = MSR_MTRRfix4K_C8000;
1637 msrs[n++].index = MSR_MTRRfix4K_D0000;
1638 msrs[n++].index = MSR_MTRRfix4K_D8000;
1639 msrs[n++].index = MSR_MTRRfix4K_E0000;
1640 msrs[n++].index = MSR_MTRRfix4K_E8000;
1641 msrs[n++].index = MSR_MTRRfix4K_F0000;
1642 msrs[n++].index = MSR_MTRRfix4K_F8000;
1643 for (i = 0; i < MSR_MTRRcap_VCNT; i++) {
1644 msrs[n++].index = MSR_MTRRphysBase(i);
1645 msrs[n++].index = MSR_MTRRphysMask(i);
1649 msr_data.info.nmsrs = n;
1650 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, &msr_data);
1655 for (i = 0; i < ret; i++) {
1656 uint32_t index = msrs[i].index;
1658 case MSR_IA32_SYSENTER_CS:
1659 env->sysenter_cs = msrs[i].data;
1661 case MSR_IA32_SYSENTER_ESP:
1662 env->sysenter_esp = msrs[i].data;
1664 case MSR_IA32_SYSENTER_EIP:
1665 env->sysenter_eip = msrs[i].data;
1668 env->pat = msrs[i].data;
1671 env->star = msrs[i].data;
1673 #ifdef TARGET_X86_64
1675 env->cstar = msrs[i].data;
1677 case MSR_KERNELGSBASE:
1678 env->kernelgsbase = msrs[i].data;
1681 env->fmask = msrs[i].data;
1684 env->lstar = msrs[i].data;
1688 env->tsc = msrs[i].data;
1690 case MSR_TSC_ADJUST:
1691 env->tsc_adjust = msrs[i].data;
1693 case MSR_IA32_TSCDEADLINE:
1694 env->tsc_deadline = msrs[i].data;
1696 case MSR_VM_HSAVE_PA:
1697 env->vm_hsave = msrs[i].data;
1699 case MSR_KVM_SYSTEM_TIME:
1700 env->system_time_msr = msrs[i].data;
1702 case MSR_KVM_WALL_CLOCK:
1703 env->wall_clock_msr = msrs[i].data;
1705 case MSR_MCG_STATUS:
1706 env->mcg_status = msrs[i].data;
1709 env->mcg_ctl = msrs[i].data;
1711 case MSR_IA32_MISC_ENABLE:
1712 env->msr_ia32_misc_enable = msrs[i].data;
1714 case MSR_IA32_FEATURE_CONTROL:
1715 env->msr_ia32_feature_control = msrs[i].data;
1717 case MSR_IA32_BNDCFGS:
1718 env->msr_bndcfgs = msrs[i].data;
1721 if (msrs[i].index >= MSR_MC0_CTL &&
1722 msrs[i].index < MSR_MC0_CTL + (env->mcg_cap & 0xff) * 4) {
1723 env->mce_banks[msrs[i].index - MSR_MC0_CTL] = msrs[i].data;
1726 case MSR_KVM_ASYNC_PF_EN:
1727 env->async_pf_en_msr = msrs[i].data;
1729 case MSR_KVM_PV_EOI_EN:
1730 env->pv_eoi_en_msr = msrs[i].data;
1732 case MSR_KVM_STEAL_TIME:
1733 env->steal_time_msr = msrs[i].data;
1735 case MSR_CORE_PERF_FIXED_CTR_CTRL:
1736 env->msr_fixed_ctr_ctrl = msrs[i].data;
1738 case MSR_CORE_PERF_GLOBAL_CTRL:
1739 env->msr_global_ctrl = msrs[i].data;
1741 case MSR_CORE_PERF_GLOBAL_STATUS:
1742 env->msr_global_status = msrs[i].data;
1744 case MSR_CORE_PERF_GLOBAL_OVF_CTRL:
1745 env->msr_global_ovf_ctrl = msrs[i].data;
1747 case MSR_CORE_PERF_FIXED_CTR0 ... MSR_CORE_PERF_FIXED_CTR0 + MAX_FIXED_COUNTERS - 1:
1748 env->msr_fixed_counters[index - MSR_CORE_PERF_FIXED_CTR0] = msrs[i].data;
1750 case MSR_P6_PERFCTR0 ... MSR_P6_PERFCTR0 + MAX_GP_COUNTERS - 1:
1751 env->msr_gp_counters[index - MSR_P6_PERFCTR0] = msrs[i].data;
1753 case MSR_P6_EVNTSEL0 ... MSR_P6_EVNTSEL0 + MAX_GP_COUNTERS - 1:
1754 env->msr_gp_evtsel[index - MSR_P6_EVNTSEL0] = msrs[i].data;
1756 case HV_X64_MSR_HYPERCALL:
1757 env->msr_hv_hypercall = msrs[i].data;
1759 case HV_X64_MSR_GUEST_OS_ID:
1760 env->msr_hv_guest_os_id = msrs[i].data;
1762 case HV_X64_MSR_APIC_ASSIST_PAGE:
1763 env->msr_hv_vapic = msrs[i].data;
1765 case HV_X64_MSR_REFERENCE_TSC:
1766 env->msr_hv_tsc = msrs[i].data;
1768 case MSR_MTRRdefType:
1769 env->mtrr_deftype = msrs[i].data;
1771 case MSR_MTRRfix64K_00000:
1772 env->mtrr_fixed[0] = msrs[i].data;
1774 case MSR_MTRRfix16K_80000:
1775 env->mtrr_fixed[1] = msrs[i].data;
1777 case MSR_MTRRfix16K_A0000:
1778 env->mtrr_fixed[2] = msrs[i].data;
1780 case MSR_MTRRfix4K_C0000:
1781 env->mtrr_fixed[3] = msrs[i].data;
1783 case MSR_MTRRfix4K_C8000:
1784 env->mtrr_fixed[4] = msrs[i].data;
1786 case MSR_MTRRfix4K_D0000:
1787 env->mtrr_fixed[5] = msrs[i].data;
1789 case MSR_MTRRfix4K_D8000:
1790 env->mtrr_fixed[6] = msrs[i].data;
1792 case MSR_MTRRfix4K_E0000:
1793 env->mtrr_fixed[7] = msrs[i].data;
1795 case MSR_MTRRfix4K_E8000:
1796 env->mtrr_fixed[8] = msrs[i].data;
1798 case MSR_MTRRfix4K_F0000:
1799 env->mtrr_fixed[9] = msrs[i].data;
1801 case MSR_MTRRfix4K_F8000:
1802 env->mtrr_fixed[10] = msrs[i].data;
1804 case MSR_MTRRphysBase(0) ... MSR_MTRRphysMask(MSR_MTRRcap_VCNT - 1):
1806 env->mtrr_var[MSR_MTRRphysIndex(index)].mask = msrs[i].data;
1808 env->mtrr_var[MSR_MTRRphysIndex(index)].base = msrs[i].data;
1817 static int kvm_put_mp_state(X86CPU *cpu)
1819 struct kvm_mp_state mp_state = { .mp_state = cpu->env.mp_state };
1821 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MP_STATE, &mp_state);
1824 static int kvm_get_mp_state(X86CPU *cpu)
1826 CPUState *cs = CPU(cpu);
1827 CPUX86State *env = &cpu->env;
1828 struct kvm_mp_state mp_state;
1831 ret = kvm_vcpu_ioctl(cs, KVM_GET_MP_STATE, &mp_state);
1835 env->mp_state = mp_state.mp_state;
1836 if (kvm_irqchip_in_kernel()) {
1837 cs->halted = (mp_state.mp_state == KVM_MP_STATE_HALTED);
1842 static int kvm_get_apic(X86CPU *cpu)
1844 DeviceState *apic = cpu->apic_state;
1845 struct kvm_lapic_state kapic;
1848 if (apic && kvm_irqchip_in_kernel()) {
1849 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_LAPIC, &kapic);
1854 kvm_get_apic_state(apic, &kapic);
1859 static int kvm_put_apic(X86CPU *cpu)
1861 DeviceState *apic = cpu->apic_state;
1862 struct kvm_lapic_state kapic;
1864 if (apic && kvm_irqchip_in_kernel()) {
1865 kvm_put_apic_state(apic, &kapic);
1867 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_LAPIC, &kapic);
1872 static int kvm_put_vcpu_events(X86CPU *cpu, int level)
1874 CPUX86State *env = &cpu->env;
1875 struct kvm_vcpu_events events;
1877 if (!kvm_has_vcpu_events()) {
1881 events.exception.injected = (env->exception_injected >= 0);
1882 events.exception.nr = env->exception_injected;
1883 events.exception.has_error_code = env->has_error_code;
1884 events.exception.error_code = env->error_code;
1885 events.exception.pad = 0;
1887 events.interrupt.injected = (env->interrupt_injected >= 0);
1888 events.interrupt.nr = env->interrupt_injected;
1889 events.interrupt.soft = env->soft_interrupt;
1891 events.nmi.injected = env->nmi_injected;
1892 events.nmi.pending = env->nmi_pending;
1893 events.nmi.masked = !!(env->hflags2 & HF2_NMI_MASK);
1896 events.sipi_vector = env->sipi_vector;
1899 if (level >= KVM_PUT_RESET_STATE) {
1901 KVM_VCPUEVENT_VALID_NMI_PENDING | KVM_VCPUEVENT_VALID_SIPI_VECTOR;
1904 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
1907 static int kvm_get_vcpu_events(X86CPU *cpu)
1909 CPUX86State *env = &cpu->env;
1910 struct kvm_vcpu_events events;
1913 if (!kvm_has_vcpu_events()) {
1917 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_VCPU_EVENTS, &events);
1921 env->exception_injected =
1922 events.exception.injected ? events.exception.nr : -1;
1923 env->has_error_code = events.exception.has_error_code;
1924 env->error_code = events.exception.error_code;
1926 env->interrupt_injected =
1927 events.interrupt.injected ? events.interrupt.nr : -1;
1928 env->soft_interrupt = events.interrupt.soft;
1930 env->nmi_injected = events.nmi.injected;
1931 env->nmi_pending = events.nmi.pending;
1932 if (events.nmi.masked) {
1933 env->hflags2 |= HF2_NMI_MASK;
1935 env->hflags2 &= ~HF2_NMI_MASK;
1938 env->sipi_vector = events.sipi_vector;
1943 static int kvm_guest_debug_workarounds(X86CPU *cpu)
1945 CPUState *cs = CPU(cpu);
1946 CPUX86State *env = &cpu->env;
1948 unsigned long reinject_trap = 0;
1950 if (!kvm_has_vcpu_events()) {
1951 if (env->exception_injected == 1) {
1952 reinject_trap = KVM_GUESTDBG_INJECT_DB;
1953 } else if (env->exception_injected == 3) {
1954 reinject_trap = KVM_GUESTDBG_INJECT_BP;
1956 env->exception_injected = -1;
1960 * Kernels before KVM_CAP_X86_ROBUST_SINGLESTEP overwrote flags.TF
1961 * injected via SET_GUEST_DEBUG while updating GP regs. Work around this
1962 * by updating the debug state once again if single-stepping is on.
1963 * Another reason to call kvm_update_guest_debug here is a pending debug
1964 * trap raise by the guest. On kernels without SET_VCPU_EVENTS we have to
1965 * reinject them via SET_GUEST_DEBUG.
1967 if (reinject_trap ||
1968 (!kvm_has_robust_singlestep() && cs->singlestep_enabled)) {
1969 ret = kvm_update_guest_debug(cs, reinject_trap);
1974 static int kvm_put_debugregs(X86CPU *cpu)
1976 CPUX86State *env = &cpu->env;
1977 struct kvm_debugregs dbgregs;
1980 if (!kvm_has_debugregs()) {
1984 for (i = 0; i < 4; i++) {
1985 dbgregs.db[i] = env->dr[i];
1987 dbgregs.dr6 = env->dr[6];
1988 dbgregs.dr7 = env->dr[7];
1991 return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_DEBUGREGS, &dbgregs);
1994 static int kvm_get_debugregs(X86CPU *cpu)
1996 CPUX86State *env = &cpu->env;
1997 struct kvm_debugregs dbgregs;
2000 if (!kvm_has_debugregs()) {
2004 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_DEBUGREGS, &dbgregs);
2008 for (i = 0; i < 4; i++) {
2009 env->dr[i] = dbgregs.db[i];
2011 env->dr[4] = env->dr[6] = dbgregs.dr6;
2012 env->dr[5] = env->dr[7] = dbgregs.dr7;
2017 int kvm_arch_put_registers(CPUState *cpu, int level)
2019 X86CPU *x86_cpu = X86_CPU(cpu);
2022 assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
2024 if (level >= KVM_PUT_RESET_STATE && has_msr_feature_control) {
2025 ret = kvm_put_msr_feature_control(x86_cpu);
2031 ret = kvm_getput_regs(x86_cpu, 1);
2035 ret = kvm_put_xsave(x86_cpu);
2039 ret = kvm_put_xcrs(x86_cpu);
2043 ret = kvm_put_sregs(x86_cpu);
2047 /* must be before kvm_put_msrs */
2048 ret = kvm_inject_mce_oldstyle(x86_cpu);
2052 ret = kvm_put_msrs(x86_cpu, level);
2056 if (level >= KVM_PUT_RESET_STATE) {
2057 ret = kvm_put_mp_state(x86_cpu);
2061 ret = kvm_put_apic(x86_cpu);
2067 ret = kvm_put_tscdeadline_msr(x86_cpu);
2072 ret = kvm_put_vcpu_events(x86_cpu, level);
2076 ret = kvm_put_debugregs(x86_cpu);
2081 ret = kvm_guest_debug_workarounds(x86_cpu);
2088 int kvm_arch_get_registers(CPUState *cs)
2090 X86CPU *cpu = X86_CPU(cs);
2093 assert(cpu_is_stopped(cs) || qemu_cpu_is_self(cs));
2095 ret = kvm_getput_regs(cpu, 0);
2099 ret = kvm_get_xsave(cpu);
2103 ret = kvm_get_xcrs(cpu);
2107 ret = kvm_get_sregs(cpu);
2111 ret = kvm_get_msrs(cpu);
2115 ret = kvm_get_mp_state(cpu);
2119 ret = kvm_get_apic(cpu);
2123 ret = kvm_get_vcpu_events(cpu);
2127 ret = kvm_get_debugregs(cpu);
2134 void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
2136 X86CPU *x86_cpu = X86_CPU(cpu);
2137 CPUX86State *env = &x86_cpu->env;
2141 if (cpu->interrupt_request & CPU_INTERRUPT_NMI) {
2142 cpu->interrupt_request &= ~CPU_INTERRUPT_NMI;
2143 DPRINTF("injected NMI\n");
2144 ret = kvm_vcpu_ioctl(cpu, KVM_NMI);
2146 fprintf(stderr, "KVM: injection failed, NMI lost (%s)\n",
2151 /* Force the VCPU out of its inner loop to process any INIT requests
2152 * or (for userspace APIC, but it is cheap to combine the checks here)
2153 * pending TPR access reports.
2155 if (cpu->interrupt_request & (CPU_INTERRUPT_INIT | CPU_INTERRUPT_TPR)) {
2156 cpu->exit_request = 1;
2159 if (!kvm_irqchip_in_kernel()) {
2160 /* Try to inject an interrupt if the guest can accept it */
2161 if (run->ready_for_interrupt_injection &&
2162 (cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
2163 (env->eflags & IF_MASK)) {
2166 cpu->interrupt_request &= ~CPU_INTERRUPT_HARD;
2167 irq = cpu_get_pic_interrupt(env);
2169 struct kvm_interrupt intr;
2172 DPRINTF("injected interrupt %d\n", irq);
2173 ret = kvm_vcpu_ioctl(cpu, KVM_INTERRUPT, &intr);
2176 "KVM: injection failed, interrupt lost (%s)\n",
2182 /* If we have an interrupt but the guest is not ready to receive an
2183 * interrupt, request an interrupt window exit. This will
2184 * cause a return to userspace as soon as the guest is ready to
2185 * receive interrupts. */
2186 if ((cpu->interrupt_request & CPU_INTERRUPT_HARD)) {
2187 run->request_interrupt_window = 1;
2189 run->request_interrupt_window = 0;
2192 DPRINTF("setting tpr\n");
2193 run->cr8 = cpu_get_apic_tpr(x86_cpu->apic_state);
2197 void kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)
2199 X86CPU *x86_cpu = X86_CPU(cpu);
2200 CPUX86State *env = &x86_cpu->env;
2203 env->eflags |= IF_MASK;
2205 env->eflags &= ~IF_MASK;
2207 cpu_set_apic_tpr(x86_cpu->apic_state, run->cr8);
2208 cpu_set_apic_base(x86_cpu->apic_state, run->apic_base);
2211 int kvm_arch_process_async_events(CPUState *cs)
2213 X86CPU *cpu = X86_CPU(cs);
2214 CPUX86State *env = &cpu->env;
2216 if (cs->interrupt_request & CPU_INTERRUPT_MCE) {
2217 /* We must not raise CPU_INTERRUPT_MCE if it's not supported. */
2218 assert(env->mcg_cap);
2220 cs->interrupt_request &= ~CPU_INTERRUPT_MCE;
2222 kvm_cpu_synchronize_state(cs);
2224 if (env->exception_injected == EXCP08_DBLE) {
2225 /* this means triple fault */
2226 qemu_system_reset_request();
2227 cs->exit_request = 1;
2230 env->exception_injected = EXCP12_MCHK;
2231 env->has_error_code = 0;
2234 if (kvm_irqchip_in_kernel() && env->mp_state == KVM_MP_STATE_HALTED) {
2235 env->mp_state = KVM_MP_STATE_RUNNABLE;
2239 if (cs->interrupt_request & CPU_INTERRUPT_INIT) {
2240 kvm_cpu_synchronize_state(cs);
2244 if (kvm_irqchip_in_kernel()) {
2248 if (cs->interrupt_request & CPU_INTERRUPT_POLL) {
2249 cs->interrupt_request &= ~CPU_INTERRUPT_POLL;
2250 apic_poll_irq(cpu->apic_state);
2252 if (((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
2253 (env->eflags & IF_MASK)) ||
2254 (cs->interrupt_request & CPU_INTERRUPT_NMI)) {
2257 if (cs->interrupt_request & CPU_INTERRUPT_SIPI) {
2258 kvm_cpu_synchronize_state(cs);
2261 if (cs->interrupt_request & CPU_INTERRUPT_TPR) {
2262 cs->interrupt_request &= ~CPU_INTERRUPT_TPR;
2263 kvm_cpu_synchronize_state(cs);
2264 apic_handle_tpr_access_report(cpu->apic_state, env->eip,
2265 env->tpr_access_type);
2271 static int kvm_handle_halt(X86CPU *cpu)
2273 CPUState *cs = CPU(cpu);
2274 CPUX86State *env = &cpu->env;
2276 if (!((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
2277 (env->eflags & IF_MASK)) &&
2278 !(cs->interrupt_request & CPU_INTERRUPT_NMI)) {
2286 static int kvm_handle_tpr_access(X86CPU *cpu)
2288 CPUState *cs = CPU(cpu);
2289 struct kvm_run *run = cs->kvm_run;
2291 apic_handle_tpr_access_report(cpu->apic_state, run->tpr_access.rip,
2292 run->tpr_access.is_write ? TPR_ACCESS_WRITE
2297 int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
2299 static const uint8_t int3 = 0xcc;
2301 if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 1, 0) ||
2302 cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&int3, 1, 1)) {
2308 int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
2312 if (cpu_memory_rw_debug(cs, bp->pc, &int3, 1, 0) || int3 != 0xcc ||
2313 cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 1, 1)) {
2325 static int nb_hw_breakpoint;
2327 static int find_hw_breakpoint(target_ulong addr, int len, int type)
2331 for (n = 0; n < nb_hw_breakpoint; n++) {
2332 if (hw_breakpoint[n].addr == addr && hw_breakpoint[n].type == type &&
2333 (hw_breakpoint[n].len == len || len == -1)) {
2340 int kvm_arch_insert_hw_breakpoint(target_ulong addr,
2341 target_ulong len, int type)
2344 case GDB_BREAKPOINT_HW:
2347 case GDB_WATCHPOINT_WRITE:
2348 case GDB_WATCHPOINT_ACCESS:
2355 if (addr & (len - 1)) {
2367 if (nb_hw_breakpoint == 4) {
2370 if (find_hw_breakpoint(addr, len, type) >= 0) {
2373 hw_breakpoint[nb_hw_breakpoint].addr = addr;
2374 hw_breakpoint[nb_hw_breakpoint].len = len;
2375 hw_breakpoint[nb_hw_breakpoint].type = type;
2381 int kvm_arch_remove_hw_breakpoint(target_ulong addr,
2382 target_ulong len, int type)
2386 n = find_hw_breakpoint(addr, (type == GDB_BREAKPOINT_HW) ? 1 : len, type);
2391 hw_breakpoint[n] = hw_breakpoint[nb_hw_breakpoint];
2396 void kvm_arch_remove_all_hw_breakpoints(void)
2398 nb_hw_breakpoint = 0;
2401 static CPUWatchpoint hw_watchpoint;
2403 static int kvm_handle_debug(X86CPU *cpu,
2404 struct kvm_debug_exit_arch *arch_info)
2406 CPUState *cs = CPU(cpu);
2407 CPUX86State *env = &cpu->env;
2411 if (arch_info->exception == 1) {
2412 if (arch_info->dr6 & (1 << 14)) {
2413 if (cs->singlestep_enabled) {
2417 for (n = 0; n < 4; n++) {
2418 if (arch_info->dr6 & (1 << n)) {
2419 switch ((arch_info->dr7 >> (16 + n*4)) & 0x3) {
2425 cs->watchpoint_hit = &hw_watchpoint;
2426 hw_watchpoint.vaddr = hw_breakpoint[n].addr;
2427 hw_watchpoint.flags = BP_MEM_WRITE;
2431 cs->watchpoint_hit = &hw_watchpoint;
2432 hw_watchpoint.vaddr = hw_breakpoint[n].addr;
2433 hw_watchpoint.flags = BP_MEM_ACCESS;
2439 } else if (kvm_find_sw_breakpoint(cs, arch_info->pc)) {
2443 cpu_synchronize_state(cs);
2444 assert(env->exception_injected == -1);
2447 env->exception_injected = arch_info->exception;
2448 env->has_error_code = 0;
2454 void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg)
2456 const uint8_t type_code[] = {
2457 [GDB_BREAKPOINT_HW] = 0x0,
2458 [GDB_WATCHPOINT_WRITE] = 0x1,
2459 [GDB_WATCHPOINT_ACCESS] = 0x3
2461 const uint8_t len_code[] = {
2462 [1] = 0x0, [2] = 0x1, [4] = 0x3, [8] = 0x2
2466 if (kvm_sw_breakpoints_active(cpu)) {
2467 dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP;
2469 if (nb_hw_breakpoint > 0) {
2470 dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP;
2471 dbg->arch.debugreg[7] = 0x0600;
2472 for (n = 0; n < nb_hw_breakpoint; n++) {
2473 dbg->arch.debugreg[n] = hw_breakpoint[n].addr;
2474 dbg->arch.debugreg[7] |= (2 << (n * 2)) |
2475 (type_code[hw_breakpoint[n].type] << (16 + n*4)) |
2476 ((uint32_t)len_code[hw_breakpoint[n].len] << (18 + n*4));
2481 static bool host_supports_vmx(void)
2483 uint32_t ecx, unused;
2485 host_cpuid(1, 0, &unused, &unused, &ecx, &unused);
2486 return ecx & CPUID_EXT_VMX;
2489 #define VMX_INVALID_GUEST_STATE 0x80000021
2491 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
2493 X86CPU *cpu = X86_CPU(cs);
2497 switch (run->exit_reason) {
2499 DPRINTF("handle_hlt\n");
2500 ret = kvm_handle_halt(cpu);
2502 case KVM_EXIT_SET_TPR:
2505 case KVM_EXIT_TPR_ACCESS:
2506 ret = kvm_handle_tpr_access(cpu);
2508 case KVM_EXIT_FAIL_ENTRY:
2509 code = run->fail_entry.hardware_entry_failure_reason;
2510 fprintf(stderr, "KVM: entry failed, hardware error 0x%" PRIx64 "\n",
2512 if (host_supports_vmx() && code == VMX_INVALID_GUEST_STATE) {
2514 "\nIf you're running a guest on an Intel machine without "
2515 "unrestricted mode\n"
2516 "support, the failure can be most likely due to the guest "
2517 "entering an invalid\n"
2518 "state for Intel VT. For example, the guest maybe running "
2519 "in big real mode\n"
2520 "which is not supported on less recent Intel processors."
2525 case KVM_EXIT_EXCEPTION:
2526 fprintf(stderr, "KVM: exception %d exit (error code 0x%x)\n",
2527 run->ex.exception, run->ex.error_code);
2530 case KVM_EXIT_DEBUG:
2531 DPRINTF("kvm_exit_debug\n");
2532 ret = kvm_handle_debug(cpu, &run->debug.arch);
2535 fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
2543 bool kvm_arch_stop_on_emulation_error(CPUState *cs)
2545 X86CPU *cpu = X86_CPU(cs);
2546 CPUX86State *env = &cpu->env;
2548 kvm_cpu_synchronize_state(cs);
2549 return !(env->cr[0] & CR0_PE_MASK) ||
2550 ((env->segs[R_CS].selector & 3) != 3);
2553 void kvm_arch_init_irq_routing(KVMState *s)
2555 if (!kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
2556 /* If kernel can't do irq routing, interrupt source
2557 * override 0->2 cannot be set up as required by HPET.
2558 * So we have to disable it.
2562 /* We know at this point that we're using the in-kernel
2563 * irqchip, so we can use irqfds, and on x86 we know
2564 * we can use msi via irqfd and GSI routing.
2566 kvm_irqfds_allowed = true;
2567 kvm_msi_via_irqfd_allowed = true;
2568 kvm_gsi_routing_allowed = true;
2571 /* Classic KVM device assignment interface. Will remain x86 only. */
2572 int kvm_device_pci_assign(KVMState *s, PCIHostDeviceAddress *dev_addr,
2573 uint32_t flags, uint32_t *dev_id)
2575 struct kvm_assigned_pci_dev dev_data = {
2576 .segnr = dev_addr->domain,
2577 .busnr = dev_addr->bus,
2578 .devfn = PCI_DEVFN(dev_addr->slot, dev_addr->function),
2583 dev_data.assigned_dev_id =
2584 (dev_addr->domain << 16) | (dev_addr->bus << 8) | dev_data.devfn;
2586 ret = kvm_vm_ioctl(s, KVM_ASSIGN_PCI_DEVICE, &dev_data);
2591 *dev_id = dev_data.assigned_dev_id;
2596 int kvm_device_pci_deassign(KVMState *s, uint32_t dev_id)
2598 struct kvm_assigned_pci_dev dev_data = {
2599 .assigned_dev_id = dev_id,
2602 return kvm_vm_ioctl(s, KVM_DEASSIGN_PCI_DEVICE, &dev_data);
2605 static int kvm_assign_irq_internal(KVMState *s, uint32_t dev_id,
2606 uint32_t irq_type, uint32_t guest_irq)
2608 struct kvm_assigned_irq assigned_irq = {
2609 .assigned_dev_id = dev_id,
2610 .guest_irq = guest_irq,
2614 if (kvm_check_extension(s, KVM_CAP_ASSIGN_DEV_IRQ)) {
2615 return kvm_vm_ioctl(s, KVM_ASSIGN_DEV_IRQ, &assigned_irq);
2617 return kvm_vm_ioctl(s, KVM_ASSIGN_IRQ, &assigned_irq);
2621 int kvm_device_intx_assign(KVMState *s, uint32_t dev_id, bool use_host_msi,
2624 uint32_t irq_type = KVM_DEV_IRQ_GUEST_INTX |
2625 (use_host_msi ? KVM_DEV_IRQ_HOST_MSI : KVM_DEV_IRQ_HOST_INTX);
2627 return kvm_assign_irq_internal(s, dev_id, irq_type, guest_irq);
2630 int kvm_device_intx_set_mask(KVMState *s, uint32_t dev_id, bool masked)
2632 struct kvm_assigned_pci_dev dev_data = {
2633 .assigned_dev_id = dev_id,
2634 .flags = masked ? KVM_DEV_ASSIGN_MASK_INTX : 0,
2637 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_INTX_MASK, &dev_data);
2640 static int kvm_deassign_irq_internal(KVMState *s, uint32_t dev_id,
2643 struct kvm_assigned_irq assigned_irq = {
2644 .assigned_dev_id = dev_id,
2648 return kvm_vm_ioctl(s, KVM_DEASSIGN_DEV_IRQ, &assigned_irq);
2651 int kvm_device_intx_deassign(KVMState *s, uint32_t dev_id, bool use_host_msi)
2653 return kvm_deassign_irq_internal(s, dev_id, KVM_DEV_IRQ_GUEST_INTX |
2654 (use_host_msi ? KVM_DEV_IRQ_HOST_MSI : KVM_DEV_IRQ_HOST_INTX));
2657 int kvm_device_msi_assign(KVMState *s, uint32_t dev_id, int virq)
2659 return kvm_assign_irq_internal(s, dev_id, KVM_DEV_IRQ_HOST_MSI |
2660 KVM_DEV_IRQ_GUEST_MSI, virq);
2663 int kvm_device_msi_deassign(KVMState *s, uint32_t dev_id)
2665 return kvm_deassign_irq_internal(s, dev_id, KVM_DEV_IRQ_GUEST_MSI |
2666 KVM_DEV_IRQ_HOST_MSI);
2669 bool kvm_device_msix_supported(KVMState *s)
2671 /* The kernel lacks a corresponding KVM_CAP, so we probe by calling
2672 * KVM_ASSIGN_SET_MSIX_NR with an invalid parameter. */
2673 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_MSIX_NR, NULL) == -EFAULT;
2676 int kvm_device_msix_init_vectors(KVMState *s, uint32_t dev_id,
2677 uint32_t nr_vectors)
2679 struct kvm_assigned_msix_nr msix_nr = {
2680 .assigned_dev_id = dev_id,
2681 .entry_nr = nr_vectors,
2684 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_MSIX_NR, &msix_nr);
2687 int kvm_device_msix_set_vector(KVMState *s, uint32_t dev_id, uint32_t vector,
2690 struct kvm_assigned_msix_entry msix_entry = {
2691 .assigned_dev_id = dev_id,
2696 return kvm_vm_ioctl(s, KVM_ASSIGN_SET_MSIX_ENTRY, &msix_entry);
2699 int kvm_device_msix_assign(KVMState *s, uint32_t dev_id)
2701 return kvm_assign_irq_internal(s, dev_id, KVM_DEV_IRQ_HOST_MSIX |
2702 KVM_DEV_IRQ_GUEST_MSIX, 0);
2705 int kvm_device_msix_deassign(KVMState *s, uint32_t dev_id)
2707 return kvm_deassign_irq_internal(s, dev_id, KVM_DEV_IRQ_GUEST_MSIX |
2708 KVM_DEV_IRQ_HOST_MSIX);
projects / qemu.git / blob