blob: 0b1c10f797624de1e251eb608cf48cef5058f4bc [file] [log] [blame]
Joerg Roedel883b0a92020-03-24 10:41:52 +01001// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Kernel-based Virtual Machine driver for Linux
4 *
5 * AMD SVM support
6 *
7 * Copyright (C) 2006 Qumranet, Inc.
8 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
9 *
10 * Authors:
11 * Yaniv Kamay <yaniv@qumranet.com>
12 * Avi Kivity <avi@qumranet.com>
13 */
14
15#ifndef __SVM_SVM_H
16#define __SVM_SVM_H
17
18#include <linux/kvm_types.h>
19#include <linux/kvm_host.h>
20
21#include <asm/svm.h>
22
23static const u32 host_save_user_msrs[] = {
24#ifdef CONFIG_X86_64
25 MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE,
26 MSR_FS_BASE,
27#endif
28 MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
29 MSR_TSC_AUX,
30};
31
32#define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs)
33
34#define MSRPM_OFFSETS 16
35extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;
36extern bool npt_enabled;
37
38enum {
39 VMCB_INTERCEPTS, /* Intercept vectors, TSC offset,
40 pause filter count */
41 VMCB_PERM_MAP, /* IOPM Base and MSRPM Base */
42 VMCB_ASID, /* ASID */
43 VMCB_INTR, /* int_ctl, int_vector */
44 VMCB_NPT, /* npt_en, nCR3, gPAT */
45 VMCB_CR, /* CR0, CR3, CR4, EFER */
46 VMCB_DR, /* DR6, DR7 */
47 VMCB_DT, /* GDT, IDT */
48 VMCB_SEG, /* CS, DS, SS, ES, CPL */
49 VMCB_CR2, /* CR2 only */
50 VMCB_LBR, /* DBGCTL, BR_FROM, BR_TO, LAST_EX_FROM, LAST_EX_TO */
51 VMCB_AVIC, /* AVIC APIC_BAR, AVIC APIC_BACKING_PAGE,
52 * AVIC PHYSICAL_TABLE pointer,
53 * AVIC LOGICAL_TABLE pointer
54 */
55 VMCB_DIRTY_MAX,
56};
57
58/* TPR and CR2 are always written before VMRUN */
59#define VMCB_ALWAYS_DIRTY_MASK ((1U << VMCB_INTR) | (1U << VMCB_CR2))
60
61struct kvm_sev_info {
62 bool active; /* SEV enabled guest */
63 unsigned int asid; /* ASID used for this guest */
64 unsigned int handle; /* SEV firmware handle */
65 int fd; /* SEV device fd */
66 unsigned long pages_locked; /* Number of pages locked */
67 struct list_head regions_list; /* List of registered regions */
68};
69
70struct kvm_svm {
71 struct kvm kvm;
72
73 /* Struct members for AVIC */
74 u32 avic_vm_id;
75 struct page *avic_logical_id_table_page;
76 struct page *avic_physical_id_table_page;
77 struct hlist_node hnode;
78
79 struct kvm_sev_info sev_info;
80};
81
82struct kvm_vcpu;
83
Joerg Roedel7693b3e2020-06-25 10:03:22 +020084struct svm_nested_state {
Joerg Roedel883b0a92020-03-24 10:41:52 +010085 struct vmcb *hsave;
86 u64 hsave_msr;
87 u64 vm_cr_msr;
88 u64 vmcb;
Paolo Bonzini7c866632020-05-16 08:42:28 -040089 u32 host_intercept_exceptions;
Joerg Roedel883b0a92020-03-24 10:41:52 +010090
91 /* These are the merged vectors */
92 u32 *msrpm;
93
Paolo Bonzinif74f9412020-04-23 13:22:27 -040094 /* A VMRUN has started but has not yet been performed, so
95 * we cannot inject a nested vmexit yet. */
96 bool nested_run_pending;
97
Paolo Bonzinie670bf62020-05-13 13:16:12 -040098 /* cache for control fields of the guest */
99 struct vmcb_control_area ctl;
Joerg Roedel883b0a92020-03-24 10:41:52 +0100100};
101
102struct vcpu_svm {
103 struct kvm_vcpu vcpu;
104 struct vmcb *vmcb;
105 unsigned long vmcb_pa;
106 struct svm_cpu_data *svm_data;
107 uint64_t asid_generation;
108 uint64_t sysenter_esp;
109 uint64_t sysenter_eip;
110 uint64_t tsc_aux;
111
112 u64 msr_decfg;
113
114 u64 next_rip;
115
116 u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
117 struct {
118 u16 fs;
119 u16 gs;
120 u16 ldt;
121 u64 gs_base;
122 } host;
123
124 u64 spec_ctrl;
125 /*
126 * Contains guest-controlled bits of VIRT_SPEC_CTRL, which will be
127 * translated into the appropriate L2_CFG bits on the host to
128 * perform speculative control.
129 */
130 u64 virt_spec_ctrl;
131
132 u32 *msrpm;
133
134 ulong nmi_iret_rip;
135
Joerg Roedel7693b3e2020-06-25 10:03:22 +0200136 struct svm_nested_state nested;
Joerg Roedel883b0a92020-03-24 10:41:52 +0100137
138 bool nmi_singlestep;
139 u64 nmi_singlestep_guest_rflags;
140
141 unsigned int3_injected;
142 unsigned long int3_rip;
143
144 /* cached guest cpuid flags for faster access */
145 bool nrips_enabled : 1;
146
147 u32 ldr_reg;
148 u32 dfr_reg;
149 struct page *avic_backing_page;
150 u64 *avic_physical_id_cache;
151 bool avic_is_running;
152
153 /*
154 * Per-vcpu list of struct amd_svm_iommu_ir:
155 * This is used mainly to store interrupt remapping information used
156 * when update the vcpu affinity. This avoids the need to scan for
157 * IRTE and try to match ga_tag in the IOMMU driver.
158 */
159 struct list_head ir_list;
160 spinlock_t ir_list_lock;
Joerg Roedel883b0a92020-03-24 10:41:52 +0100161};
162
Joerg Roedeleaf78262020-03-24 10:41:54 +0100163struct svm_cpu_data {
164 int cpu;
165
166 u64 asid_generation;
167 u32 max_asid;
168 u32 next_asid;
169 u32 min_asid;
170 struct kvm_ldttss_desc *tss_desc;
171
172 struct page *save_area;
173 struct vmcb *current_vmcb;
174
175 /* index = sev_asid, value = vmcb pointer */
176 struct vmcb **sev_vmcbs;
177};
178
179DECLARE_PER_CPU(struct svm_cpu_data *, svm_data);
180
Joerg Roedel883b0a92020-03-24 10:41:52 +0100181void recalc_intercepts(struct vcpu_svm *svm);
182
Joerg Roedelef0f6492020-03-31 12:17:38 -0400183static inline struct kvm_svm *to_kvm_svm(struct kvm *kvm)
184{
185 return container_of(kvm, struct kvm_svm, kvm);
186}
187
Joerg Roedel06e78522020-06-25 10:03:23 +0200188static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)
Joerg Roedel883b0a92020-03-24 10:41:52 +0100189{
190 vmcb->control.clean = 0;
191}
192
Joerg Roedel06e78522020-06-25 10:03:23 +0200193static inline void vmcb_mark_all_clean(struct vmcb *vmcb)
Joerg Roedel883b0a92020-03-24 10:41:52 +0100194{
195 vmcb->control.clean = ((1 << VMCB_DIRTY_MAX) - 1)
196 & ~VMCB_ALWAYS_DIRTY_MASK;
197}
198
Joerg Roedel06e78522020-06-25 10:03:23 +0200199static inline void vmcb_mark_dirty(struct vmcb *vmcb, int bit)
Joerg Roedel883b0a92020-03-24 10:41:52 +0100200{
201 vmcb->control.clean &= ~(1 << bit);
202}
203
204static inline struct vcpu_svm *to_svm(struct kvm_vcpu *vcpu)
205{
206 return container_of(vcpu, struct vcpu_svm, vcpu);
207}
208
209static inline struct vmcb *get_host_vmcb(struct vcpu_svm *svm)
210{
211 if (is_guest_mode(&svm->vcpu))
212 return svm->nested.hsave;
213 else
214 return svm->vmcb;
215}
216
217static inline void set_cr_intercept(struct vcpu_svm *svm, int bit)
218{
219 struct vmcb *vmcb = get_host_vmcb(svm);
220
221 vmcb->control.intercept_cr |= (1U << bit);
222
223 recalc_intercepts(svm);
224}
225
226static inline void clr_cr_intercept(struct vcpu_svm *svm, int bit)
227{
228 struct vmcb *vmcb = get_host_vmcb(svm);
229
230 vmcb->control.intercept_cr &= ~(1U << bit);
231
232 recalc_intercepts(svm);
233}
234
235static inline bool is_cr_intercept(struct vcpu_svm *svm, int bit)
236{
237 struct vmcb *vmcb = get_host_vmcb(svm);
238
239 return vmcb->control.intercept_cr & (1U << bit);
240}
241
242static inline void set_dr_intercepts(struct vcpu_svm *svm)
243{
244 struct vmcb *vmcb = get_host_vmcb(svm);
245
246 vmcb->control.intercept_dr = (1 << INTERCEPT_DR0_READ)
247 | (1 << INTERCEPT_DR1_READ)
248 | (1 << INTERCEPT_DR2_READ)
249 | (1 << INTERCEPT_DR3_READ)
250 | (1 << INTERCEPT_DR4_READ)
251 | (1 << INTERCEPT_DR5_READ)
252 | (1 << INTERCEPT_DR6_READ)
253 | (1 << INTERCEPT_DR7_READ)
254 | (1 << INTERCEPT_DR0_WRITE)
255 | (1 << INTERCEPT_DR1_WRITE)
256 | (1 << INTERCEPT_DR2_WRITE)
257 | (1 << INTERCEPT_DR3_WRITE)
258 | (1 << INTERCEPT_DR4_WRITE)
259 | (1 << INTERCEPT_DR5_WRITE)
260 | (1 << INTERCEPT_DR6_WRITE)
261 | (1 << INTERCEPT_DR7_WRITE);
262
263 recalc_intercepts(svm);
264}
265
266static inline void clr_dr_intercepts(struct vcpu_svm *svm)
267{
268 struct vmcb *vmcb = get_host_vmcb(svm);
269
270 vmcb->control.intercept_dr = 0;
271
272 recalc_intercepts(svm);
273}
274
275static inline void set_exception_intercept(struct vcpu_svm *svm, int bit)
276{
277 struct vmcb *vmcb = get_host_vmcb(svm);
278
279 vmcb->control.intercept_exceptions |= (1U << bit);
280
281 recalc_intercepts(svm);
282}
283
284static inline void clr_exception_intercept(struct vcpu_svm *svm, int bit)
285{
286 struct vmcb *vmcb = get_host_vmcb(svm);
287
288 vmcb->control.intercept_exceptions &= ~(1U << bit);
289
290 recalc_intercepts(svm);
291}
292
293static inline void set_intercept(struct vcpu_svm *svm, int bit)
294{
295 struct vmcb *vmcb = get_host_vmcb(svm);
296
297 vmcb->control.intercept |= (1ULL << bit);
298
299 recalc_intercepts(svm);
300}
301
302static inline void clr_intercept(struct vcpu_svm *svm, int bit)
303{
304 struct vmcb *vmcb = get_host_vmcb(svm);
305
306 vmcb->control.intercept &= ~(1ULL << bit);
307
308 recalc_intercepts(svm);
309}
310
311static inline bool is_intercept(struct vcpu_svm *svm, int bit)
312{
313 return (svm->vmcb->control.intercept & (1ULL << bit)) != 0;
314}
315
316static inline bool vgif_enabled(struct vcpu_svm *svm)
317{
318 return !!(svm->vmcb->control.int_ctl & V_GIF_ENABLE_MASK);
319}
320
321static inline void enable_gif(struct vcpu_svm *svm)
322{
323 if (vgif_enabled(svm))
324 svm->vmcb->control.int_ctl |= V_GIF_MASK;
325 else
326 svm->vcpu.arch.hflags |= HF_GIF_MASK;
327}
328
329static inline void disable_gif(struct vcpu_svm *svm)
330{
331 if (vgif_enabled(svm))
332 svm->vmcb->control.int_ctl &= ~V_GIF_MASK;
333 else
334 svm->vcpu.arch.hflags &= ~HF_GIF_MASK;
335}
336
337static inline bool gif_set(struct vcpu_svm *svm)
338{
339 if (vgif_enabled(svm))
340 return !!(svm->vmcb->control.int_ctl & V_GIF_MASK);
341 else
342 return !!(svm->vcpu.arch.hflags & HF_GIF_MASK);
343}
344
345/* svm.c */
346#define MSR_INVALID 0xffffffffU
347
348u32 svm_msrpm_offset(u32 msr);
349void svm_set_efer(struct kvm_vcpu *vcpu, u64 efer);
350void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
351int svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4);
Sean Christophersonf55ac302020-03-20 14:28:12 -0700352void svm_flush_tlb(struct kvm_vcpu *vcpu);
Joerg Roedel883b0a92020-03-24 10:41:52 +0100353void disable_nmi_singlestep(struct vcpu_svm *svm);
Paolo Bonzinicae96af2020-04-23 14:19:26 -0400354bool svm_smi_blocked(struct kvm_vcpu *vcpu);
355bool svm_nmi_blocked(struct kvm_vcpu *vcpu);
356bool svm_interrupt_blocked(struct kvm_vcpu *vcpu);
Paolo Bonziniffdf7f92020-05-22 12:18:27 -0400357void svm_set_gif(struct vcpu_svm *svm, bool value);
Joerg Roedel883b0a92020-03-24 10:41:52 +0100358
359/* nested.c */
360
361#define NESTED_EXIT_HOST 0 /* Exit handled on host level */
362#define NESTED_EXIT_DONE 1 /* Exit caused nested vmexit */
363#define NESTED_EXIT_CONTINUE 2 /* Further checks needed */
364
Joerg Roedel883b0a92020-03-24 10:41:52 +0100365static inline bool svm_nested_virtualize_tpr(struct kvm_vcpu *vcpu)
366{
Paolo Bonzinie9fd7612020-05-13 13:28:23 -0400367 struct vcpu_svm *svm = to_svm(vcpu);
368
369 return is_guest_mode(vcpu) && (svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK);
Joerg Roedel883b0a92020-03-24 10:41:52 +0100370}
371
Paolo Bonzini55714cd2020-04-23 08:17:28 -0400372static inline bool nested_exit_on_smi(struct vcpu_svm *svm)
373{
Paolo Bonzinie670bf62020-05-13 13:16:12 -0400374 return (svm->nested.ctl.intercept & (1ULL << INTERCEPT_SMI));
Paolo Bonzini55714cd2020-04-23 08:17:28 -0400375}
376
Paolo Bonzinifc6f7c02020-04-23 18:02:45 -0400377static inline bool nested_exit_on_intr(struct vcpu_svm *svm)
378{
Paolo Bonzinie670bf62020-05-13 13:16:12 -0400379 return (svm->nested.ctl.intercept & (1ULL << INTERCEPT_INTR));
Paolo Bonzinifc6f7c02020-04-23 18:02:45 -0400380}
381
Paolo Bonzinibbdad0b2020-04-23 08:06:43 -0400382static inline bool nested_exit_on_nmi(struct vcpu_svm *svm)
383{
Paolo Bonzinie670bf62020-05-13 13:16:12 -0400384 return (svm->nested.ctl.intercept & (1ULL << INTERCEPT_NMI));
Paolo Bonzinibbdad0b2020-04-23 08:06:43 -0400385}
386
Joerg Roedel883b0a92020-03-24 10:41:52 +0100387void enter_svm_guest_mode(struct vcpu_svm *svm, u64 vmcb_gpa,
Paolo Bonzini69c9dfa2020-05-13 12:57:26 -0400388 struct vmcb *nested_vmcb);
Paolo Bonzinic513f482020-05-18 13:08:37 -0400389void svm_leave_nested(struct vcpu_svm *svm);
Joerg Roedel883b0a92020-03-24 10:41:52 +0100390int nested_svm_vmrun(struct vcpu_svm *svm);
391void nested_svm_vmloadsave(struct vmcb *from_vmcb, struct vmcb *to_vmcb);
392int nested_svm_vmexit(struct vcpu_svm *svm);
393int nested_svm_exit_handled(struct vcpu_svm *svm);
394int nested_svm_check_permissions(struct vcpu_svm *svm);
395int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
396 bool has_error_code, u32 error_code);
Joerg Roedel883b0a92020-03-24 10:41:52 +0100397int nested_svm_exit_special(struct vcpu_svm *svm);
Paolo Bonzini2d8a42b2020-05-22 03:50:14 -0400398void sync_nested_vmcb_control(struct vcpu_svm *svm);
Joerg Roedel883b0a92020-03-24 10:41:52 +0100399
Paolo Bonzini33b22172020-04-17 10:24:18 -0400400extern struct kvm_x86_nested_ops svm_nested_ops;
401
Joerg Roedelef0f6492020-03-31 12:17:38 -0400402/* avic.c */
403
404#define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK (0xFF)
405#define AVIC_LOGICAL_ID_ENTRY_VALID_BIT 31
406#define AVIC_LOGICAL_ID_ENTRY_VALID_MASK (1 << 31)
407
408#define AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK (0xFFULL)
409#define AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK (0xFFFFFFFFFFULL << 12)
410#define AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK (1ULL << 62)
411#define AVIC_PHYSICAL_ID_ENTRY_VALID_MASK (1ULL << 63)
412
413#define VMCB_AVIC_APIC_BAR_MASK 0xFFFFFFFFFF000ULL
414
415extern int avic;
416
417static inline void avic_update_vapic_bar(struct vcpu_svm *svm, u64 data)
418{
419 svm->vmcb->control.avic_vapic_bar = data & VMCB_AVIC_APIC_BAR_MASK;
Joerg Roedel06e78522020-06-25 10:03:23 +0200420 vmcb_mark_dirty(svm->vmcb, VMCB_AVIC);
Joerg Roedelef0f6492020-03-31 12:17:38 -0400421}
422
423static inline bool avic_vcpu_is_running(struct kvm_vcpu *vcpu)
424{
425 struct vcpu_svm *svm = to_svm(vcpu);
426 u64 *entry = svm->avic_physical_id_cache;
427
428 if (!entry)
429 return false;
430
431 return (READ_ONCE(*entry) & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);
432}
433
434int avic_ga_log_notifier(u32 ga_tag);
435void avic_vm_destroy(struct kvm *kvm);
436int avic_vm_init(struct kvm *kvm);
437void avic_init_vmcb(struct vcpu_svm *svm);
438void svm_toggle_avic_for_irq_window(struct kvm_vcpu *vcpu, bool activate);
439int avic_incomplete_ipi_interception(struct vcpu_svm *svm);
440int avic_unaccelerated_access_interception(struct vcpu_svm *svm);
441int avic_init_vcpu(struct vcpu_svm *svm);
442void avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu);
443void avic_vcpu_put(struct kvm_vcpu *vcpu);
444void avic_post_state_restore(struct kvm_vcpu *vcpu);
445void svm_set_virtual_apic_mode(struct kvm_vcpu *vcpu);
446void svm_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu);
447bool svm_check_apicv_inhibit_reasons(ulong bit);
448void svm_pre_update_apicv_exec_ctrl(struct kvm *kvm, bool activate);
449void svm_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap);
450void svm_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr);
451void svm_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr);
452int svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec);
453bool svm_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu);
454int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
455 uint32_t guest_irq, bool set);
456void svm_vcpu_blocking(struct kvm_vcpu *vcpu);
457void svm_vcpu_unblocking(struct kvm_vcpu *vcpu);
458
Joerg Roedeleaf78262020-03-24 10:41:54 +0100459/* sev.c */
460
461extern unsigned int max_sev_asid;
462
463static inline bool sev_guest(struct kvm *kvm)
464{
465#ifdef CONFIG_KVM_AMD_SEV
466 struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
467
468 return sev->active;
469#else
470 return false;
471#endif
472}
473
474static inline bool svm_sev_enabled(void)
475{
476 return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0;
477}
478
479void sev_vm_destroy(struct kvm *kvm);
480int svm_mem_enc_op(struct kvm *kvm, void __user *argp);
481int svm_register_enc_region(struct kvm *kvm,
482 struct kvm_enc_region *range);
483int svm_unregister_enc_region(struct kvm *kvm,
484 struct kvm_enc_region *range);
485void pre_sev_run(struct vcpu_svm *svm, int cpu);
486int __init sev_hardware_setup(void);
487void sev_hardware_teardown(void);
488
Joerg Roedel883b0a92020-03-24 10:41:52 +0100489#endif