2018-12-03 21:53:08 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef __KVM_X86_VMX_H
|
|
|
|
#define __KVM_X86_VMX_H
|
|
|
|
|
|
|
|
#include <linux/kvm_host.h>
|
|
|
|
|
|
|
|
#include <asm/kvm.h>
|
2018-10-24 08:05:10 +00:00
|
|
|
#include <asm/intel_pt.h>
|
2018-12-03 21:53:08 +00:00
|
|
|
|
|
|
|
#include "capabilities.h"
|
2018-12-03 21:53:07 +00:00
|
|
|
#include "ops.h"
|
2018-12-03 21:53:08 +00:00
|
|
|
#include "vmcs.h"
|
|
|
|
|
2018-12-03 21:53:15 +00:00
|
|
|
extern const u32 vmx_msr_index[];
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
#define MSR_TYPE_R 1
|
|
|
|
#define MSR_TYPE_W 2
|
|
|
|
#define MSR_TYPE_RW 3
|
|
|
|
|
|
|
|
#define X2APIC_MSR(r) (APIC_BASE_MSR + ((r) >> 4))
|
|
|
|
|
2019-12-04 00:24:42 +00:00
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
#define NR_SHARED_MSRS 7
|
|
|
|
#else
|
|
|
|
#define NR_SHARED_MSRS 4
|
|
|
|
#endif
|
|
|
|
|
2019-11-08 05:14:37 +00:00
|
|
|
#define NR_LOADSTORE_MSRS 8
|
2018-12-03 21:53:08 +00:00
|
|
|
|
|
|
|
struct vmx_msrs {
|
|
|
|
unsigned int nr;
|
2019-11-08 05:14:37 +00:00
|
|
|
struct vmx_msr_entry val[NR_LOADSTORE_MSRS];
|
2018-12-03 21:53:08 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct shared_msr_entry {
|
|
|
|
unsigned index;
|
|
|
|
u64 data;
|
|
|
|
u64 mask;
|
|
|
|
};
|
|
|
|
|
|
|
|
enum segment_cache_field {
|
|
|
|
SEG_FIELD_SEL = 0,
|
|
|
|
SEG_FIELD_BASE = 1,
|
|
|
|
SEG_FIELD_LIMIT = 2,
|
|
|
|
SEG_FIELD_AR = 3,
|
|
|
|
|
|
|
|
SEG_FIELD_NR = 4
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Posted-Interrupt Descriptor */
|
|
|
|
struct pi_desc {
|
|
|
|
u32 pir[8]; /* Posted interrupt requested */
|
|
|
|
union {
|
|
|
|
struct {
|
|
|
|
/* bit 256 - Outstanding Notification */
|
|
|
|
u16 on : 1,
|
|
|
|
/* bit 257 - Suppress Notification */
|
|
|
|
sn : 1,
|
|
|
|
/* bit 271:258 - Reserved */
|
|
|
|
rsvd_1 : 14;
|
|
|
|
/* bit 279:272 - Notification Vector */
|
|
|
|
u8 nv;
|
|
|
|
/* bit 287:280 - Reserved */
|
|
|
|
u8 rsvd_2;
|
|
|
|
/* bit 319:288 - Notification Destination */
|
|
|
|
u32 ndst;
|
|
|
|
};
|
|
|
|
u64 control;
|
|
|
|
};
|
|
|
|
u32 rsvd[6];
|
|
|
|
} __aligned(64);
|
|
|
|
|
2018-10-24 08:05:12 +00:00
|
|
|
#define RTIT_ADDR_RANGE 4
|
|
|
|
|
|
|
|
struct pt_ctx {
|
|
|
|
u64 ctl;
|
|
|
|
u64 status;
|
|
|
|
u64 output_base;
|
|
|
|
u64 output_mask;
|
|
|
|
u64 cr3_match;
|
|
|
|
u64 addr_a[RTIT_ADDR_RANGE];
|
|
|
|
u64 addr_b[RTIT_ADDR_RANGE];
|
|
|
|
};
|
|
|
|
|
|
|
|
struct pt_desc {
|
|
|
|
u64 ctl_bitmask;
|
|
|
|
u32 addr_range;
|
|
|
|
u32 caps[PT_CPUID_REGS_NUM * PT_CPUID_LEAVES];
|
|
|
|
struct pt_ctx host;
|
|
|
|
struct pt_ctx guest;
|
|
|
|
};
|
2018-12-03 21:53:08 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The nested_vmx structure is part of vcpu_vmx, and holds information we need
|
|
|
|
* for correct emulation of VMX (i.e., nested VMX) on this vcpu.
|
|
|
|
*/
|
|
|
|
struct nested_vmx {
|
|
|
|
/* Has the level1 guest done vmxon? */
|
|
|
|
bool vmxon;
|
|
|
|
gpa_t vmxon_ptr;
|
|
|
|
bool pml_full;
|
|
|
|
|
|
|
|
/* The guest-physical address of the current VMCS L1 keeps for L2 */
|
|
|
|
gpa_t current_vmptr;
|
|
|
|
/*
|
|
|
|
* Cache of the guest's VMCS, existing outside of guest memory.
|
|
|
|
* Loaded from guest memory during VMPTRLD. Flushed to guest
|
|
|
|
* memory during VMCLEAR and VMPTRLD.
|
|
|
|
*/
|
|
|
|
struct vmcs12 *cached_vmcs12;
|
|
|
|
/*
|
|
|
|
* Cache of the guest's shadow VMCS, existing outside of guest
|
|
|
|
* memory. Loaded from guest memory during VM entry. Flushed
|
|
|
|
* to guest memory during VM exit.
|
|
|
|
*/
|
|
|
|
struct vmcs12 *cached_shadow_vmcs12;
|
2019-05-07 15:36:29 +00:00
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
/*
|
|
|
|
* Indicates if the shadow vmcs or enlightened vmcs must be updated
|
|
|
|
* with the data held by struct vmcs12.
|
|
|
|
*/
|
2019-05-07 15:36:27 +00:00
|
|
|
bool need_vmcs12_to_shadow_sync;
|
2018-12-03 21:53:08 +00:00
|
|
|
bool dirty_vmcs12;
|
|
|
|
|
2019-05-07 15:36:29 +00:00
|
|
|
/*
|
|
|
|
* Indicates lazily loaded guest state has not yet been decached from
|
|
|
|
* vmcs02.
|
|
|
|
*/
|
|
|
|
bool need_sync_vmcs02_to_vmcs12_rare;
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
/*
|
|
|
|
* vmcs02 has been initialized, i.e. state that is constant for
|
|
|
|
* vmcs02 has been written to the backing VMCS. Initialization
|
|
|
|
* is delayed until L1 actually attempts to run a nested VM.
|
|
|
|
*/
|
|
|
|
bool vmcs02_initialized;
|
|
|
|
|
|
|
|
bool change_vmcs01_virtual_apic_mode;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Enlightened VMCS has been enabled. It does not mean that L1 has to
|
|
|
|
* use it. However, VMX features available to L1 will be limited based
|
|
|
|
* on what the enlightened VMCS supports.
|
|
|
|
*/
|
|
|
|
bool enlightened_vmcs_enabled;
|
|
|
|
|
|
|
|
/* L2 must run next, and mustn't decide to exit to L1. */
|
|
|
|
bool nested_run_pending;
|
|
|
|
|
2020-02-07 10:36:07 +00:00
|
|
|
/* Pending MTF VM-exit into L1. */
|
|
|
|
bool mtf_pending;
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
struct loaded_vmcs vmcs02;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Guest pages referred to in the vmcs02 with host-physical
|
|
|
|
* pointers, so we must keep them pinned while L2 runs.
|
|
|
|
*/
|
|
|
|
struct page *apic_access_page;
|
2019-01-31 20:24:37 +00:00
|
|
|
struct kvm_host_map virtual_apic_map;
|
2019-01-31 20:24:38 +00:00
|
|
|
struct kvm_host_map pi_desc_map;
|
2019-01-31 20:24:36 +00:00
|
|
|
|
|
|
|
struct kvm_host_map msr_bitmap_map;
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
struct pi_desc *pi_desc;
|
|
|
|
bool pi_pending;
|
|
|
|
u16 posted_intr_nv;
|
|
|
|
|
|
|
|
struct hrtimer preemption_timer;
|
|
|
|
bool preemption_timer_expired;
|
|
|
|
|
|
|
|
/* to migrate it to L2 if VM_ENTRY_LOAD_DEBUG_CONTROLS is off */
|
|
|
|
u64 vmcs01_debugctl;
|
|
|
|
u64 vmcs01_guest_bndcfgs;
|
|
|
|
|
2019-11-11 12:30:55 +00:00
|
|
|
/* to migrate it to L1 if L2 writes to L1's CR8 directly */
|
|
|
|
int l1_tpr_threshold;
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
u16 vpid02;
|
|
|
|
u16 last_vpid;
|
|
|
|
|
|
|
|
struct nested_vmx_msrs msrs;
|
|
|
|
|
|
|
|
/* SMM related state */
|
|
|
|
struct {
|
|
|
|
/* in VMX operation on SMM entry? */
|
|
|
|
bool vmxon;
|
|
|
|
/* in guest mode on SMM entry? */
|
|
|
|
bool guest_mode;
|
|
|
|
} smm;
|
|
|
|
|
|
|
|
gpa_t hv_evmcs_vmptr;
|
2019-01-31 20:24:42 +00:00
|
|
|
struct kvm_host_map hv_evmcs_map;
|
2018-12-03 21:53:08 +00:00
|
|
|
struct hv_enlightened_vmcs *hv_evmcs;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct vcpu_vmx {
|
|
|
|
struct kvm_vcpu vcpu;
|
|
|
|
u8 fail;
|
|
|
|
u8 msr_bitmap_mode;
|
2019-06-07 17:00:14 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If true, host state has been stored in vmx->loaded_vmcs for
|
|
|
|
* the CPU registers that only need to be switched when transitioning
|
|
|
|
* to/from the kernel, and the registers have been loaded with guest
|
|
|
|
* values. If false, host state is loaded in the CPU registers
|
|
|
|
* and vmx->loaded_vmcs->host_state is invalid.
|
|
|
|
*/
|
|
|
|
bool guest_state_loaded;
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
u32 exit_intr_info;
|
|
|
|
u32 idt_vectoring_info;
|
|
|
|
ulong rflags;
|
2019-05-07 19:17:54 +00:00
|
|
|
|
2019-12-04 00:24:42 +00:00
|
|
|
struct shared_msr_entry guest_msrs[NR_SHARED_MSRS];
|
2018-12-03 21:53:08 +00:00
|
|
|
int nmsrs;
|
|
|
|
int save_nmsrs;
|
2019-06-07 17:00:14 +00:00
|
|
|
bool guest_msrs_ready;
|
2018-12-03 21:53:08 +00:00
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
u64 msr_host_kernel_gs_base;
|
|
|
|
u64 msr_guest_kernel_gs_base;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
u64 spec_ctrl;
|
2019-07-16 06:55:50 +00:00
|
|
|
u32 msr_ia32_umwait_control;
|
2018-12-03 21:53:08 +00:00
|
|
|
|
|
|
|
u32 secondary_exec_control;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* loaded_vmcs points to the VMCS currently used in this vcpu. For a
|
|
|
|
* non-nested (L1) guest, it always points to vmcs01. For a nested
|
2019-06-07 17:00:14 +00:00
|
|
|
* guest (L2), it points to a different VMCS.
|
2018-12-03 21:53:08 +00:00
|
|
|
*/
|
|
|
|
struct loaded_vmcs vmcs01;
|
|
|
|
struct loaded_vmcs *loaded_vmcs;
|
2019-01-25 15:41:05 +00:00
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
struct msr_autoload {
|
|
|
|
struct vmx_msrs guest;
|
|
|
|
struct vmx_msrs host;
|
|
|
|
} msr_autoload;
|
|
|
|
|
2019-11-08 05:14:39 +00:00
|
|
|
struct msr_autostore {
|
|
|
|
struct vmx_msrs guest;
|
|
|
|
} msr_autostore;
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
struct {
|
|
|
|
int vm86_active;
|
|
|
|
ulong save_rflags;
|
|
|
|
struct kvm_segment segs[8];
|
|
|
|
} rmode;
|
|
|
|
struct {
|
|
|
|
u32 bitmask; /* 4 bits per segment (1 bit per field) */
|
|
|
|
struct kvm_save_segment {
|
|
|
|
u16 selector;
|
|
|
|
unsigned long base;
|
|
|
|
u32 limit;
|
|
|
|
u32 ar;
|
|
|
|
} seg[8];
|
|
|
|
} segment_cache;
|
|
|
|
int vpid;
|
|
|
|
bool emulation_required;
|
|
|
|
|
|
|
|
u32 exit_reason;
|
|
|
|
|
|
|
|
/* Posted interrupt descriptor */
|
|
|
|
struct pi_desc pi_desc;
|
|
|
|
|
|
|
|
/* Support for a guest hypervisor (nested VMX) */
|
|
|
|
struct nested_vmx nested;
|
|
|
|
|
|
|
|
/* Dynamic PLE window. */
|
2019-09-06 02:17:21 +00:00
|
|
|
unsigned int ple_window;
|
2018-12-03 21:53:08 +00:00
|
|
|
bool ple_window_dirty;
|
|
|
|
|
|
|
|
bool req_immediate_exit;
|
|
|
|
|
|
|
|
/* Support for PML */
|
|
|
|
#define PML_ENTITY_NUM 512
|
|
|
|
struct page *pml_pg;
|
|
|
|
|
|
|
|
/* apic deadline value in host tsc */
|
|
|
|
u64 hv_deadline_tsc;
|
|
|
|
|
|
|
|
u64 current_tsc_ratio;
|
|
|
|
|
|
|
|
u32 host_pkru;
|
|
|
|
|
|
|
|
unsigned long host_debugctlmsr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Only bits masked by msr_ia32_feature_control_valid_bits can be set in
|
x86/msr-index: Clean up bit defines for IA32_FEATURE_CONTROL MSR
As pointed out by Boris, the defines for bits in IA32_FEATURE_CONTROL
are quite a mouthful, especially the VMX bits which must differentiate
between enabling VMX inside and outside SMX (TXT) operation. Rename the
MSR and its bit defines to abbreviate FEATURE_CONTROL as FEAT_CTL to
make them a little friendlier on the eyes.
Arguably, the MSR itself should keep the full IA32_FEATURE_CONTROL name
to match Intel's SDM, but a future patch will add a dedicated Kconfig,
file and functions for the MSR. Using the full name for those assets is
rather unwieldy, so bite the bullet and use IA32_FEAT_CTL so that its
nomenclature is consistent throughout the kernel.
Opportunistically, fix a few other annoyances with the defines:
- Relocate the bit defines so that they immediately follow the MSR
define, e.g. aren't mistaken as belonging to MISC_FEATURE_CONTROL.
- Add whitespace around the block of feature control defines to make
it clear they're all related.
- Use BIT() instead of manually encoding the bit shift.
- Use "VMX" instead of "VMXON" to match the SDM.
- Append "_ENABLED" to the LMCE (Local Machine Check Exception) bit to
be consistent with the kernel's verbiage used for all other feature
control bits. Note, the SDM refers to the LMCE bit as LMCE_ON,
likely to differentiate it from IA32_MCG_EXT_CTL.LMCE_EN. Ignore
the (literal) one-off usage of _ON, the SDM is simply "wrong".
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20191221044513.21680-2-sean.j.christopherson@intel.com
2019-12-21 04:44:55 +00:00
|
|
|
* msr_ia32_feature_control. FEAT_CTL_LOCKED is always included
|
2018-12-03 21:53:08 +00:00
|
|
|
* in msr_ia32_feature_control_valid_bits.
|
|
|
|
*/
|
|
|
|
u64 msr_ia32_feature_control;
|
|
|
|
u64 msr_ia32_feature_control_valid_bits;
|
|
|
|
u64 ept_pointer;
|
2018-10-24 08:05:12 +00:00
|
|
|
|
|
|
|
struct pt_desc pt_desc;
|
2018-12-03 21:53:08 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
enum ept_pointers_status {
|
|
|
|
EPT_POINTERS_CHECK = 0,
|
|
|
|
EPT_POINTERS_MATCH = 1,
|
|
|
|
EPT_POINTERS_MISMATCH = 2
|
|
|
|
};
|
|
|
|
|
|
|
|
struct kvm_vmx {
|
|
|
|
struct kvm kvm;
|
|
|
|
|
|
|
|
unsigned int tss_addr;
|
|
|
|
bool ept_identity_pagetable_done;
|
|
|
|
gpa_t ept_identity_map_addr;
|
|
|
|
|
|
|
|
enum ept_pointers_status ept_pointers_match;
|
|
|
|
spinlock_t ept_pointer_lock;
|
|
|
|
};
|
|
|
|
|
2018-12-03 21:53:17 +00:00
|
|
|
bool nested_vmx_allowed(struct kvm_vcpu *vcpu);
|
2019-05-07 16:06:32 +00:00
|
|
|
void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu);
|
2018-12-03 21:53:16 +00:00
|
|
|
void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu);
|
|
|
|
int allocate_vpid(void);
|
|
|
|
void free_vpid(int vpid);
|
|
|
|
void vmx_set_constant_host_state(struct vcpu_vmx *vmx);
|
|
|
|
void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu);
|
2019-05-07 16:06:31 +00:00
|
|
|
void vmx_set_host_fs_gs(struct vmcs_host_state *host, u16 fs_sel, u16 gs_sel,
|
|
|
|
unsigned long fs_base, unsigned long gs_base);
|
2018-12-03 21:53:16 +00:00
|
|
|
int vmx_get_cpl(struct kvm_vcpu *vcpu);
|
|
|
|
unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu);
|
|
|
|
void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
|
|
|
|
u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu);
|
|
|
|
void vmx_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask);
|
|
|
|
void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer);
|
|
|
|
void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
|
|
|
|
int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4);
|
|
|
|
void set_cr4_guest_host_mask(struct vcpu_vmx *vmx);
|
2020-03-05 08:52:50 +00:00
|
|
|
void vmx_load_mmu_pgd(struct kvm_vcpu *vcpu, unsigned long cr3);
|
2018-12-03 21:53:16 +00:00
|
|
|
void ept_save_pdptrs(struct kvm_vcpu *vcpu);
|
|
|
|
void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg);
|
|
|
|
void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg);
|
|
|
|
u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa);
|
|
|
|
void update_exception_bitmap(struct kvm_vcpu *vcpu);
|
|
|
|
void vmx_update_msr_bitmap(struct kvm_vcpu *vcpu);
|
|
|
|
bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu);
|
|
|
|
void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked);
|
|
|
|
void vmx_set_virtual_apic_mode(struct kvm_vcpu *vcpu);
|
|
|
|
struct shared_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr);
|
2018-10-24 08:05:15 +00:00
|
|
|
void pt_update_intercept_for_msr(struct vcpu_vmx *vmx);
|
2019-05-20 04:27:47 +00:00
|
|
|
void vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp);
|
2019-11-08 05:14:39 +00:00
|
|
|
int vmx_find_msr_index(struct vmx_msrs *m, u32 msr);
|
2018-12-03 21:53:16 +00:00
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
#define POSTED_INTR_ON 0
|
|
|
|
#define POSTED_INTR_SN 1
|
|
|
|
|
|
|
|
static inline bool pi_test_and_set_on(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
return test_and_set_bit(POSTED_INTR_ON,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool pi_test_and_clear_on(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
return test_and_clear_bit(POSTED_INTR_ON,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int pi_test_and_set_pir(int vector, struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
return test_and_set_bit(vector, (unsigned long *)pi_desc->pir);
|
|
|
|
}
|
|
|
|
|
2019-11-11 17:20:12 +00:00
|
|
|
static inline bool pi_is_pir_empty(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
return bitmap_empty((unsigned long *)pi_desc->pir, NR_VECTORS);
|
|
|
|
}
|
|
|
|
|
2019-01-31 08:52:02 +00:00
|
|
|
static inline void pi_set_sn(struct pi_desc *pi_desc)
|
2018-12-03 21:53:08 +00:00
|
|
|
{
|
2019-01-31 08:52:02 +00:00
|
|
|
set_bit(POSTED_INTR_SN,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
2018-12-03 21:53:08 +00:00
|
|
|
}
|
|
|
|
|
2019-01-31 08:52:02 +00:00
|
|
|
static inline void pi_set_on(struct pi_desc *pi_desc)
|
2018-12-03 21:53:08 +00:00
|
|
|
{
|
2019-01-31 08:52:02 +00:00
|
|
|
set_bit(POSTED_INTR_ON,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
2018-12-03 21:53:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void pi_clear_on(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
clear_bit(POSTED_INTR_ON,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
2019-11-11 17:20:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void pi_clear_sn(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
clear_bit(POSTED_INTR_SN,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
2018-12-03 21:53:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline int pi_test_on(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
return test_bit(POSTED_INTR_ON,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int pi_test_sn(struct pi_desc *pi_desc)
|
|
|
|
{
|
|
|
|
return test_bit(POSTED_INTR_SN,
|
|
|
|
(unsigned long *)&pi_desc->control);
|
|
|
|
}
|
|
|
|
|
2018-12-03 21:53:07 +00:00
|
|
|
static inline u8 vmx_get_rvi(void)
|
|
|
|
{
|
|
|
|
return vmcs_read16(GUEST_INTR_STATUS) & 0xff;
|
|
|
|
}
|
|
|
|
|
2019-05-07 19:17:54 +00:00
|
|
|
#define BUILD_CONTROLS_SHADOW(lname, uname) \
|
|
|
|
static inline void lname##_controls_set(struct vcpu_vmx *vmx, u32 val) \
|
|
|
|
{ \
|
2019-05-07 19:17:58 +00:00
|
|
|
if (vmx->loaded_vmcs->controls_shadow.lname != val) { \
|
|
|
|
vmcs_write32(uname, val); \
|
|
|
|
vmx->loaded_vmcs->controls_shadow.lname = val; \
|
|
|
|
} \
|
2019-05-07 19:17:54 +00:00
|
|
|
} \
|
|
|
|
static inline u32 lname##_controls_get(struct vcpu_vmx *vmx) \
|
|
|
|
{ \
|
2019-05-07 19:17:58 +00:00
|
|
|
return vmx->loaded_vmcs->controls_shadow.lname; \
|
2019-05-07 19:17:54 +00:00
|
|
|
} \
|
|
|
|
static inline void lname##_controls_setbit(struct vcpu_vmx *vmx, u32 val) \
|
|
|
|
{ \
|
|
|
|
lname##_controls_set(vmx, lname##_controls_get(vmx) | val); \
|
|
|
|
} \
|
|
|
|
static inline void lname##_controls_clearbit(struct vcpu_vmx *vmx, u32 val) \
|
|
|
|
{ \
|
|
|
|
lname##_controls_set(vmx, lname##_controls_get(vmx) & ~val); \
|
2018-12-03 21:53:07 +00:00
|
|
|
}
|
2019-05-07 19:17:54 +00:00
|
|
|
BUILD_CONTROLS_SHADOW(vm_entry, VM_ENTRY_CONTROLS)
|
|
|
|
BUILD_CONTROLS_SHADOW(vm_exit, VM_EXIT_CONTROLS)
|
2019-05-07 19:17:55 +00:00
|
|
|
BUILD_CONTROLS_SHADOW(pin, PIN_BASED_VM_EXEC_CONTROL)
|
2019-05-07 19:17:56 +00:00
|
|
|
BUILD_CONTROLS_SHADOW(exec, CPU_BASED_VM_EXEC_CONTROL)
|
2019-05-07 19:17:57 +00:00
|
|
|
BUILD_CONTROLS_SHADOW(secondary_exec, SECONDARY_VM_EXEC_CONTROL)
|
2018-12-03 21:53:07 +00:00
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
static inline void vmx_segment_cache_clear(struct vcpu_vmx *vmx)
|
|
|
|
{
|
|
|
|
vmx->segment_cache.bitmask = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline u32 vmx_vmentry_ctrl(void)
|
|
|
|
{
|
2018-10-24 08:05:10 +00:00
|
|
|
u32 vmentry_ctrl = vmcs_config.vmentry_ctrl;
|
2020-03-02 23:56:22 +00:00
|
|
|
if (vmx_pt_mode_is_system())
|
2019-01-31 03:26:39 +00:00
|
|
|
vmentry_ctrl &= ~(VM_ENTRY_PT_CONCEAL_PIP |
|
|
|
|
VM_ENTRY_LOAD_IA32_RTIT_CTL);
|
2018-12-03 21:53:08 +00:00
|
|
|
/* Loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically */
|
2018-10-24 08:05:10 +00:00
|
|
|
return vmentry_ctrl &
|
2018-12-03 21:53:08 +00:00
|
|
|
~(VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VM_ENTRY_LOAD_IA32_EFER);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline u32 vmx_vmexit_ctrl(void)
|
|
|
|
{
|
2018-10-24 08:05:10 +00:00
|
|
|
u32 vmexit_ctrl = vmcs_config.vmexit_ctrl;
|
2020-03-02 23:56:22 +00:00
|
|
|
if (vmx_pt_mode_is_system())
|
2019-01-31 03:26:39 +00:00
|
|
|
vmexit_ctrl &= ~(VM_EXIT_PT_CONCEAL_PIP |
|
|
|
|
VM_EXIT_CLEAR_IA32_RTIT_CTL);
|
2018-12-03 21:53:08 +00:00
|
|
|
/* Loading of EFER and PERF_GLOBAL_CTRL are toggled dynamically */
|
2019-01-31 03:26:39 +00:00
|
|
|
return vmexit_ctrl &
|
2018-12-03 21:53:08 +00:00
|
|
|
~(VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | VM_EXIT_LOAD_IA32_EFER);
|
|
|
|
}
|
|
|
|
|
|
|
|
u32 vmx_exec_control(struct vcpu_vmx *vmx);
|
2019-05-07 19:17:53 +00:00
|
|
|
u32 vmx_pin_based_exec_ctrl(struct vcpu_vmx *vmx);
|
2018-12-03 21:53:08 +00:00
|
|
|
|
|
|
|
static inline struct kvm_vmx *to_kvm_vmx(struct kvm *kvm)
|
|
|
|
{
|
|
|
|
return container_of(kvm, struct kvm_vmx, kvm);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
|
|
|
return container_of(vcpu, struct vcpu_vmx, vcpu);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct pi_desc *vcpu_to_pi_desc(struct kvm_vcpu *vcpu)
|
|
|
|
{
|
|
|
|
return &(to_vmx(vcpu)->pi_desc);
|
|
|
|
}
|
|
|
|
|
2019-02-11 19:02:52 +00:00
|
|
|
struct vmcs *alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags);
|
2018-12-03 21:53:07 +00:00
|
|
|
void free_vmcs(struct vmcs *vmcs);
|
|
|
|
int alloc_loaded_vmcs(struct loaded_vmcs *loaded_vmcs);
|
|
|
|
void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs);
|
|
|
|
void loaded_vmcs_clear(struct loaded_vmcs *loaded_vmcs);
|
|
|
|
|
|
|
|
static inline struct vmcs *alloc_vmcs(bool shadow)
|
|
|
|
{
|
2019-02-11 19:02:52 +00:00
|
|
|
return alloc_vmcs_cpu(shadow, raw_smp_processor_id(),
|
|
|
|
GFP_KERNEL_ACCOUNT);
|
2018-12-03 21:53:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa);
|
|
|
|
|
|
|
|
static inline void __vmx_flush_tlb(struct kvm_vcpu *vcpu, int vpid,
|
|
|
|
bool invalidate_gpa)
|
|
|
|
{
|
|
|
|
if (enable_ept && (invalidate_gpa || !enable_vpid)) {
|
|
|
|
if (!VALID_PAGE(vcpu->arch.mmu->root_hpa))
|
|
|
|
return;
|
|
|
|
ept_sync_context(construct_eptp(vcpu,
|
|
|
|
vcpu->arch.mmu->root_hpa));
|
|
|
|
} else {
|
|
|
|
vpid_sync_context(vpid);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void vmx_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa)
|
|
|
|
{
|
KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush
Flush all EPTP/VPID contexts if a TLB flush _may_ have been triggered by
a remote or deferred TLB flush, i.e. by KVM_REQ_TLB_FLUSH. Remote TLB
flushes require all contexts to be invalidated, not just the active
contexts, e.g. all mappings in all contexts for a given HVA need to be
invalidated on a mmu_notifier invalidation. Similarly, the instigator
of the deferred TLB flush may be expecting all contexts to be flushed,
e.g. vmx_vcpu_load_vmcs().
Without nested VMX, flushing only the current EPTP/VPID context isn't
problematic because KVM uses a constant VPID for each vCPU, and
mmu_alloc_direct_roots() all but guarantees KVM will use a single EPTP
for L1. In the rare case where a different EPTP is created or reused,
KVM (currently) unconditionally flushes the new EPTP context prior to
entering the guest.
With nested VMX, KVM conditionally uses a different VPID for L2, and
unconditionally uses a different EPTP for L2. Because KVM doesn't
_intentionally_ guarantee L2's EPTP/VPID context is flushed on nested
VM-Enter, it'd be possible for a malicious L1 to attack the host and/or
different VMs by exploiting the lack of flushing for L2.
1) Launch nested guest from malicious L1.
2) Nested VM-Enter to L2.
3) Access target GPA 'g'. CPU inserts TLB entry tagged with L2's ASID
mapping 'g' to host PFN 'x'.
2) Nested VM-Exit to L1.
3) L1 triggers kernel same-page merging (ksm) by duplicating/zeroing
the page for PFN 'x'.
4) Host kernel merges PFN 'x' with PFN 'y', i.e. unmaps PFN 'x' and
remaps the page to PFN 'y'. mmu_notifier sends invalidate command,
KVM flushes TLB only for L1's ASID.
4) Host kernel reallocates PFN 'x' to some other task/guest.
5) Nested VM-Enter to L2. KVM does not invalidate L2's EPTP or VPID.
6) L2 accesses GPA 'g' and gains read/write access to PFN 'x' via its
stale TLB entry.
However, current KVM unconditionally flushes L1's EPTP/VPID context on
nested VM-Exit. But, that behavior is mostly unintentional, KVM doesn't
go out of its way to flush EPTP/VPID on nested VM-Enter/VM-Exit, rather
a TLB flush is guaranteed to occur prior to re-entering L1 due to
__kvm_mmu_new_cr3() always being called with skip_tlb_flush=false. On
nested VM-Enter, this happens via kvm_init_shadow_ept_mmu() (nested EPT
enabled) or in nested_vmx_load_cr3() (nested EPT disabled). On nested
VM-Exit it occurs via nested_vmx_load_cr3().
This also fixes a bug where a deferred TLB flush in the context of L2,
with EPT disabled, would flush L1's VPID instead of L2's VPID, as
vmx_flush_tlb() flushes L1's VPID regardless of is_guest_mode().
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Ben Gardon <bgardon@google.com>
Cc: Jim Mattson <jmattson@google.com>
Cc: Junaid Shahid <junaids@google.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: John Haxby <john.haxby@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Fixes: efebf0aaec3d ("KVM: nVMX: Do not flush TLB on L1<->L2 transitions if L1 uses VPID and EPT")
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200320212833.3507-2-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-03-20 21:27:57 +00:00
|
|
|
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Flush all EPTP/VPID contexts if the TLB flush _may_ have been
|
|
|
|
* invoked via kvm_flush_remote_tlbs(), which always passes %true for
|
|
|
|
* @invalidate_gpa. Flushing remote TLBs requires all contexts to be
|
|
|
|
* flushed, not just the active context.
|
|
|
|
*
|
|
|
|
* Note, this also ensures a deferred TLB flush with VPID enabled and
|
|
|
|
* EPT disabled invalidates the "correct" VPID, by nuking both L1 and
|
|
|
|
* L2's VPIDs.
|
|
|
|
*/
|
|
|
|
if (invalidate_gpa) {
|
|
|
|
if (enable_ept) {
|
|
|
|
ept_sync_global();
|
|
|
|
} else if (enable_vpid) {
|
|
|
|
if (cpu_has_vmx_invvpid_global()) {
|
|
|
|
vpid_sync_vcpu_global();
|
|
|
|
} else {
|
|
|
|
WARN_ON_ONCE(!cpu_has_vmx_invvpid_single());
|
|
|
|
vpid_sync_vcpu_single(vmx->vpid);
|
|
|
|
vpid_sync_vcpu_single(vmx->nested.vpid02);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
__vmx_flush_tlb(vcpu, vmx->vpid, false);
|
|
|
|
}
|
2018-12-03 21:53:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void decache_tsc_multiplier(struct vcpu_vmx *vmx)
|
|
|
|
{
|
|
|
|
vmx->current_tsc_ratio = vmx->vcpu.arch.tsc_scaling_ratio;
|
|
|
|
vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio);
|
|
|
|
}
|
|
|
|
|
2019-07-16 06:55:50 +00:00
|
|
|
static inline bool vmx_has_waitpkg(struct vcpu_vmx *vmx)
|
|
|
|
{
|
|
|
|
return vmx->secondary_exec_control &
|
|
|
|
SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE;
|
|
|
|
}
|
|
|
|
|
2019-04-15 13:16:17 +00:00
|
|
|
void dump_vmcs(void);
|
|
|
|
|
2018-12-03 21:53:08 +00:00
|
|
|
#endif /* __KVM_X86_VMX_H */
|