iommu/core: Convert iommu_found to iommu_present
[linux-2.6.git] / arch / x86 / kvm / x86.c
1 /*
2  * Kernel-based Virtual Machine driver for Linux
3  *
4  * derived from drivers/kvm/kvm_main.c
5  *
6  * Copyright (C) 2006 Qumranet, Inc.
7  * Copyright (C) 2008 Qumranet, Inc.
8  * Copyright IBM Corporation, 2008
9  * Copyright 2010 Red Hat, Inc. and/or its affiliates.
10  *
11  * Authors:
12  *   Avi Kivity   <avi@qumranet.com>
13  *   Yaniv Kamay  <yaniv@qumranet.com>
14  *   Amit Shah    <amit.shah@qumranet.com>
15  *   Ben-Ami Yassour <benami@il.ibm.com>
16  *
17  * This work is licensed under the terms of the GNU GPL, version 2.  See
18  * the COPYING file in the top-level directory.
19  *
20  */
21
22 #include <linux/kvm_host.h>
23 #include "irq.h"
24 #include "mmu.h"
25 #include "i8254.h"
26 #include "tss.h"
27 #include "kvm_cache_regs.h"
28 #include "x86.h"
29
30 #include <linux/clocksource.h>
31 #include <linux/interrupt.h>
32 #include <linux/kvm.h>
33 #include <linux/fs.h>
34 #include <linux/vmalloc.h>
35 #include <linux/module.h>
36 #include <linux/mman.h>
37 #include <linux/highmem.h>
38 #include <linux/iommu.h>
39 #include <linux/intel-iommu.h>
40 #include <linux/cpufreq.h>
41 #include <linux/user-return-notifier.h>
42 #include <linux/srcu.h>
43 #include <linux/slab.h>
44 #include <linux/perf_event.h>
45 #include <linux/uaccess.h>
46 #include <linux/hash.h>
47 #include <linux/pci.h>
48 #include <trace/events/kvm.h>
49
50 #define CREATE_TRACE_POINTS
51 #include "trace.h"
52
53 #include <asm/debugreg.h>
54 #include <asm/msr.h>
55 #include <asm/desc.h>
56 #include <asm/mtrr.h>
57 #include <asm/mce.h>
58 #include <asm/i387.h>
59 #include <asm/xcr.h>
60 #include <asm/pvclock.h>
61 #include <asm/div64.h>
62
63 #define MAX_IO_MSRS 256
64 #define KVM_MAX_MCE_BANKS 32
65 #define KVM_MCE_CAP_SUPPORTED (MCG_CTL_P | MCG_SER_P)
66
67 #define emul_to_vcpu(ctxt) \
68         container_of(ctxt, struct kvm_vcpu, arch.emulate_ctxt)
69
70 /* EFER defaults:
71  * - enable syscall per default because its emulated by KVM
72  * - enable LME and LMA per default on 64 bit KVM
73  */
74 #ifdef CONFIG_X86_64
75 static
76 u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
77 #else
78 static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
79 #endif
80
81 #define VM_STAT(x) offsetof(struct kvm, stat.x), KVM_STAT_VM
82 #define VCPU_STAT(x) offsetof(struct kvm_vcpu, stat.x), KVM_STAT_VCPU
83
84 static void update_cr8_intercept(struct kvm_vcpu *vcpu);
85 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
86                                     struct kvm_cpuid_entry2 __user *entries);
87
88 struct kvm_x86_ops *kvm_x86_ops;
89 EXPORT_SYMBOL_GPL(kvm_x86_ops);
90
91 int ignore_msrs = 0;
92 module_param_named(ignore_msrs, ignore_msrs, bool, S_IRUGO | S_IWUSR);
93
94 bool kvm_has_tsc_control;
95 EXPORT_SYMBOL_GPL(kvm_has_tsc_control);
96 u32  kvm_max_guest_tsc_khz;
97 EXPORT_SYMBOL_GPL(kvm_max_guest_tsc_khz);
98
99 #define KVM_NR_SHARED_MSRS 16
100
101 struct kvm_shared_msrs_global {
102         int nr;
103         u32 msrs[KVM_NR_SHARED_MSRS];
104 };
105
106 struct kvm_shared_msrs {
107         struct user_return_notifier urn;
108         bool registered;
109         struct kvm_shared_msr_values {
110                 u64 host;
111                 u64 curr;
112         } values[KVM_NR_SHARED_MSRS];
113 };
114
115 static struct kvm_shared_msrs_global __read_mostly shared_msrs_global;
116 static DEFINE_PER_CPU(struct kvm_shared_msrs, shared_msrs);
117
118 struct kvm_stats_debugfs_item debugfs_entries[] = {
119         { "pf_fixed", VCPU_STAT(pf_fixed) },
120         { "pf_guest", VCPU_STAT(pf_guest) },
121         { "tlb_flush", VCPU_STAT(tlb_flush) },
122         { "invlpg", VCPU_STAT(invlpg) },
123         { "exits", VCPU_STAT(exits) },
124         { "io_exits", VCPU_STAT(io_exits) },
125         { "mmio_exits", VCPU_STAT(mmio_exits) },
126         { "signal_exits", VCPU_STAT(signal_exits) },
127         { "irq_window", VCPU_STAT(irq_window_exits) },
128         { "nmi_window", VCPU_STAT(nmi_window_exits) },
129         { "halt_exits", VCPU_STAT(halt_exits) },
130         { "halt_wakeup", VCPU_STAT(halt_wakeup) },
131         { "hypercalls", VCPU_STAT(hypercalls) },
132         { "request_irq", VCPU_STAT(request_irq_exits) },
133         { "irq_exits", VCPU_STAT(irq_exits) },
134         { "host_state_reload", VCPU_STAT(host_state_reload) },
135         { "efer_reload", VCPU_STAT(efer_reload) },
136         { "fpu_reload", VCPU_STAT(fpu_reload) },
137         { "insn_emulation", VCPU_STAT(insn_emulation) },
138         { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
139         { "irq_injections", VCPU_STAT(irq_injections) },
140         { "nmi_injections", VCPU_STAT(nmi_injections) },
141         { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
142         { "mmu_pte_write", VM_STAT(mmu_pte_write) },
143         { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
144         { "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
145         { "mmu_flooded", VM_STAT(mmu_flooded) },
146         { "mmu_recycled", VM_STAT(mmu_recycled) },
147         { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
148         { "mmu_unsync", VM_STAT(mmu_unsync) },
149         { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
150         { "largepages", VM_STAT(lpages) },
151         { NULL }
152 };
153
154 u64 __read_mostly host_xcr0;
155
156 int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);
157
158 static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
159 {
160         int i;
161         for (i = 0; i < roundup_pow_of_two(ASYNC_PF_PER_VCPU); i++)
162                 vcpu->arch.apf.gfns[i] = ~0;
163 }
164
165 static void kvm_on_user_return(struct user_return_notifier *urn)
166 {
167         unsigned slot;
168         struct kvm_shared_msrs *locals
169                 = container_of(urn, struct kvm_shared_msrs, urn);
170         struct kvm_shared_msr_values *values;
171
172         for (slot = 0; slot < shared_msrs_global.nr; ++slot) {
173                 values = &locals->values[slot];
174                 if (values->host != values->curr) {
175                         wrmsrl(shared_msrs_global.msrs[slot], values->host);
176                         values->curr = values->host;
177                 }
178         }
179         locals->registered = false;
180         user_return_notifier_unregister(urn);
181 }
182
183 static void shared_msr_update(unsigned slot, u32 msr)
184 {
185         struct kvm_shared_msrs *smsr;
186         u64 value;
187
188         smsr = &__get_cpu_var(shared_msrs);
189         /* only read, and nobody should modify it at this time,
190          * so don't need lock */
191         if (slot >= shared_msrs_global.nr) {
192                 printk(KERN_ERR "kvm: invalid MSR slot!");
193                 return;
194         }
195         rdmsrl_safe(msr, &value);
196         smsr->values[slot].host = value;
197         smsr->values[slot].curr = value;
198 }
199
200 void kvm_define_shared_msr(unsigned slot, u32 msr)
201 {
202         if (slot >= shared_msrs_global.nr)
203                 shared_msrs_global.nr = slot + 1;
204         shared_msrs_global.msrs[slot] = msr;
205         /* we need ensured the shared_msr_global have been updated */
206         smp_wmb();
207 }
208 EXPORT_SYMBOL_GPL(kvm_define_shared_msr);
209
210 static void kvm_shared_msr_cpu_online(void)
211 {
212         unsigned i;
213
214         for (i = 0; i < shared_msrs_global.nr; ++i)
215                 shared_msr_update(i, shared_msrs_global.msrs[i]);
216 }
217
218 void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
219 {
220         struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
221
222         if (((value ^ smsr->values[slot].curr) & mask) == 0)
223                 return;
224         smsr->values[slot].curr = value;
225         wrmsrl(shared_msrs_global.msrs[slot], value);
226         if (!smsr->registered) {
227                 smsr->urn.on_user_return = kvm_on_user_return;
228                 user_return_notifier_register(&smsr->urn);
229                 smsr->registered = true;
230         }
231 }
232 EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
233
234 static void drop_user_return_notifiers(void *ignore)
235 {
236         struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
237
238         if (smsr->registered)
239                 kvm_on_user_return(&smsr->urn);
240 }
241
242 u64 kvm_get_apic_base(struct kvm_vcpu *vcpu)
243 {
244         if (irqchip_in_kernel(vcpu->kvm))
245                 return vcpu->arch.apic_base;
246         else
247                 return vcpu->arch.apic_base;
248 }
249 EXPORT_SYMBOL_GPL(kvm_get_apic_base);
250
251 void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data)
252 {
253         /* TODO: reserve bits check */
254         if (irqchip_in_kernel(vcpu->kvm))
255                 kvm_lapic_set_base(vcpu, data);
256         else
257                 vcpu->arch.apic_base = data;
258 }
259 EXPORT_SYMBOL_GPL(kvm_set_apic_base);
260
261 #define EXCPT_BENIGN            0
262 #define EXCPT_CONTRIBUTORY      1
263 #define EXCPT_PF                2
264
265 static int exception_class(int vector)
266 {
267         switch (vector) {
268         case PF_VECTOR:
269                 return EXCPT_PF;
270         case DE_VECTOR:
271         case TS_VECTOR:
272         case NP_VECTOR:
273         case SS_VECTOR:
274         case GP_VECTOR:
275                 return EXCPT_CONTRIBUTORY;
276         default:
277                 break;
278         }
279         return EXCPT_BENIGN;
280 }
281
282 static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
283                 unsigned nr, bool has_error, u32 error_code,
284                 bool reinject)
285 {
286         u32 prev_nr;
287         int class1, class2;
288
289         kvm_make_request(KVM_REQ_EVENT, vcpu);
290
291         if (!vcpu->arch.exception.pending) {
292         queue:
293                 vcpu->arch.exception.pending = true;
294                 vcpu->arch.exception.has_error_code = has_error;
295                 vcpu->arch.exception.nr = nr;
296                 vcpu->arch.exception.error_code = error_code;
297                 vcpu->arch.exception.reinject = reinject;
298                 return;
299         }
300
301         /* to check exception */
302         prev_nr = vcpu->arch.exception.nr;
303         if (prev_nr == DF_VECTOR) {
304                 /* triple fault -> shutdown */
305                 kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
306                 return;
307         }
308         class1 = exception_class(prev_nr);
309         class2 = exception_class(nr);
310         if ((class1 == EXCPT_CONTRIBUTORY && class2 == EXCPT_CONTRIBUTORY)
311                 || (class1 == EXCPT_PF && class2 != EXCPT_BENIGN)) {
312                 /* generate double fault per SDM Table 5-5 */
313                 vcpu->arch.exception.pending = true;
314                 vcpu->arch.exception.has_error_code = true;
315                 vcpu->arch.exception.nr = DF_VECTOR;
316                 vcpu->arch.exception.error_code = 0;
317         } else
318                 /* replace previous exception with a new one in a hope
319                    that instruction re-execution will regenerate lost
320                    exception */
321                 goto queue;
322 }
323
324 void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr)
325 {
326         kvm_multiple_exception(vcpu, nr, false, 0, false);
327 }
328 EXPORT_SYMBOL_GPL(kvm_queue_exception);
329
330 void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr)
331 {
332         kvm_multiple_exception(vcpu, nr, false, 0, true);
333 }
334 EXPORT_SYMBOL_GPL(kvm_requeue_exception);
335
336 void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err)
337 {
338         if (err)
339                 kvm_inject_gp(vcpu, 0);
340         else
341                 kvm_x86_ops->skip_emulated_instruction(vcpu);
342 }
343 EXPORT_SYMBOL_GPL(kvm_complete_insn_gp);
344
345 void kvm_inject_page_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault)
346 {
347         ++vcpu->stat.pf_guest;
348         vcpu->arch.cr2 = fault->address;
349         kvm_queue_exception_e(vcpu, PF_VECTOR, fault->error_code);
350 }
351 EXPORT_SYMBOL_GPL(kvm_inject_page_fault);
352
353 void kvm_propagate_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault)
354 {
355         if (mmu_is_nested(vcpu) && !fault->nested_page_fault)
356                 vcpu->arch.nested_mmu.inject_page_fault(vcpu, fault);
357         else
358                 vcpu->arch.mmu.inject_page_fault(vcpu, fault);
359 }
360
361 void kvm_inject_nmi(struct kvm_vcpu *vcpu)
362 {
363         kvm_make_request(KVM_REQ_EVENT, vcpu);
364         vcpu->arch.nmi_pending = 1;
365 }
366 EXPORT_SYMBOL_GPL(kvm_inject_nmi);
367
368 void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
369 {
370         kvm_multiple_exception(vcpu, nr, true, error_code, false);
371 }
372 EXPORT_SYMBOL_GPL(kvm_queue_exception_e);
373
374 void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code)
375 {
376         kvm_multiple_exception(vcpu, nr, true, error_code, true);
377 }
378 EXPORT_SYMBOL_GPL(kvm_requeue_exception_e);
379
380 /*
381  * Checks if cpl <= required_cpl; if true, return true.  Otherwise queue
382  * a #GP and return false.
383  */
384 bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
385 {
386         if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl)
387                 return true;
388         kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
389         return false;
390 }
391 EXPORT_SYMBOL_GPL(kvm_require_cpl);
392
393 /*
394  * This function will be used to read from the physical memory of the currently
395  * running guest. The difference to kvm_read_guest_page is that this function
396  * can read from guest physical or from the guest's guest physical memory.
397  */
398 int kvm_read_guest_page_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
399                             gfn_t ngfn, void *data, int offset, int len,
400                             u32 access)
401 {
402         gfn_t real_gfn;
403         gpa_t ngpa;
404
405         ngpa     = gfn_to_gpa(ngfn);
406         real_gfn = mmu->translate_gpa(vcpu, ngpa, access);
407         if (real_gfn == UNMAPPED_GVA)
408                 return -EFAULT;
409
410         real_gfn = gpa_to_gfn(real_gfn);
411
412         return kvm_read_guest_page(vcpu->kvm, real_gfn, data, offset, len);
413 }
414 EXPORT_SYMBOL_GPL(kvm_read_guest_page_mmu);
415
416 int kvm_read_nested_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn,
417                                void *data, int offset, int len, u32 access)
418 {
419         return kvm_read_guest_page_mmu(vcpu, vcpu->arch.walk_mmu, gfn,
420                                        data, offset, len, access);
421 }
422
423 /*
424  * Load the pae pdptrs.  Return true is they are all valid.
425  */
426 int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
427 {
428         gfn_t pdpt_gfn = cr3 >> PAGE_SHIFT;
429         unsigned offset = ((cr3 & (PAGE_SIZE-1)) >> 5) << 2;
430         int i;
431         int ret;
432         u64 pdpte[ARRAY_SIZE(mmu->pdptrs)];
433
434         ret = kvm_read_guest_page_mmu(vcpu, mmu, pdpt_gfn, pdpte,
435                                       offset * sizeof(u64), sizeof(pdpte),
436                                       PFERR_USER_MASK|PFERR_WRITE_MASK);
437         if (ret < 0) {
438                 ret = 0;
439                 goto out;
440         }
441         for (i = 0; i < ARRAY_SIZE(pdpte); ++i) {
442                 if (is_present_gpte(pdpte[i]) &&
443                     (pdpte[i] & vcpu->arch.mmu.rsvd_bits_mask[0][2])) {
444                         ret = 0;
445                         goto out;
446                 }
447         }
448         ret = 1;
449
450         memcpy(mmu->pdptrs, pdpte, sizeof(mmu->pdptrs));
451         __set_bit(VCPU_EXREG_PDPTR,
452                   (unsigned long *)&vcpu->arch.regs_avail);
453         __set_bit(VCPU_EXREG_PDPTR,
454                   (unsigned long *)&vcpu->arch.regs_dirty);
455 out:
456
457         return ret;
458 }
459 EXPORT_SYMBOL_GPL(load_pdptrs);
460
461 static bool pdptrs_changed(struct kvm_vcpu *vcpu)
462 {
463         u64 pdpte[ARRAY_SIZE(vcpu->arch.walk_mmu->pdptrs)];
464         bool changed = true;
465         int offset;
466         gfn_t gfn;
467         int r;
468
469         if (is_long_mode(vcpu) || !is_pae(vcpu))
470                 return false;
471
472         if (!test_bit(VCPU_EXREG_PDPTR,
473                       (unsigned long *)&vcpu->arch.regs_avail))
474                 return true;
475
476         gfn = (kvm_read_cr3(vcpu) & ~31u) >> PAGE_SHIFT;
477         offset = (kvm_read_cr3(vcpu) & ~31u) & (PAGE_SIZE - 1);
478         r = kvm_read_nested_guest_page(vcpu, gfn, pdpte, offset, sizeof(pdpte),
479                                        PFERR_USER_MASK | PFERR_WRITE_MASK);
480         if (r < 0)
481                 goto out;
482         changed = memcmp(pdpte, vcpu->arch.walk_mmu->pdptrs, sizeof(pdpte)) != 0;
483 out:
484
485         return changed;
486 }
487
488 int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
489 {
490         unsigned long old_cr0 = kvm_read_cr0(vcpu);
491         unsigned long update_bits = X86_CR0_PG | X86_CR0_WP |
492                                     X86_CR0_CD | X86_CR0_NW;
493
494         cr0 |= X86_CR0_ET;
495
496 #ifdef CONFIG_X86_64
497         if (cr0 & 0xffffffff00000000UL)
498                 return 1;
499 #endif
500
501         cr0 &= ~CR0_RESERVED_BITS;
502
503         if ((cr0 & X86_CR0_NW) && !(cr0 & X86_CR0_CD))
504                 return 1;
505
506         if ((cr0 & X86_CR0_PG) && !(cr0 & X86_CR0_PE))
507                 return 1;
508
509         if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
510 #ifdef CONFIG_X86_64
511                 if ((vcpu->arch.efer & EFER_LME)) {
512                         int cs_db, cs_l;
513
514                         if (!is_pae(vcpu))
515                                 return 1;
516                         kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
517                         if (cs_l)
518                                 return 1;
519                 } else
520 #endif
521                 if (is_pae(vcpu) && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
522                                                  kvm_read_cr3(vcpu)))
523                         return 1;
524         }
525
526         kvm_x86_ops->set_cr0(vcpu, cr0);
527
528         if ((cr0 ^ old_cr0) & X86_CR0_PG) {
529                 kvm_clear_async_pf_completion_queue(vcpu);
530                 kvm_async_pf_hash_reset(vcpu);
531         }
532
533         if ((cr0 ^ old_cr0) & update_bits)
534                 kvm_mmu_reset_context(vcpu);
535         return 0;
536 }
537 EXPORT_SYMBOL_GPL(kvm_set_cr0);
538
539 void kvm_lmsw(struct kvm_vcpu *vcpu, unsigned long msw)
540 {
541         (void)kvm_set_cr0(vcpu, kvm_read_cr0_bits(vcpu, ~0x0eul) | (msw & 0x0f));
542 }
543 EXPORT_SYMBOL_GPL(kvm_lmsw);
544
545 int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
546 {
547         u64 xcr0;
548
549         /* Only support XCR_XFEATURE_ENABLED_MASK(xcr0) now  */
550         if (index != XCR_XFEATURE_ENABLED_MASK)
551                 return 1;
552         xcr0 = xcr;
553         if (kvm_x86_ops->get_cpl(vcpu) != 0)
554                 return 1;
555         if (!(xcr0 & XSTATE_FP))
556                 return 1;
557         if ((xcr0 & XSTATE_YMM) && !(xcr0 & XSTATE_SSE))
558                 return 1;
559         if (xcr0 & ~host_xcr0)
560                 return 1;
561         vcpu->arch.xcr0 = xcr0;
562         vcpu->guest_xcr0_loaded = 0;
563         return 0;
564 }
565
566 int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
567 {
568         if (__kvm_set_xcr(vcpu, index, xcr)) {
569                 kvm_inject_gp(vcpu, 0);
570                 return 1;
571         }
572         return 0;
573 }
574 EXPORT_SYMBOL_GPL(kvm_set_xcr);
575
576 static bool guest_cpuid_has_xsave(struct kvm_vcpu *vcpu)
577 {
578         struct kvm_cpuid_entry2 *best;
579
580         best = kvm_find_cpuid_entry(vcpu, 1, 0);
581         return best && (best->ecx & bit(X86_FEATURE_XSAVE));
582 }
583
584 static bool guest_cpuid_has_smep(struct kvm_vcpu *vcpu)
585 {
586         struct kvm_cpuid_entry2 *best;
587
588         best = kvm_find_cpuid_entry(vcpu, 7, 0);
589         return best && (best->ebx & bit(X86_FEATURE_SMEP));
590 }
591
592 static bool guest_cpuid_has_fsgsbase(struct kvm_vcpu *vcpu)
593 {
594         struct kvm_cpuid_entry2 *best;
595
596         best = kvm_find_cpuid_entry(vcpu, 7, 0);
597         return best && (best->ebx & bit(X86_FEATURE_FSGSBASE));
598 }
599
600 static void update_cpuid(struct kvm_vcpu *vcpu)
601 {
602         struct kvm_cpuid_entry2 *best;
603
604         best = kvm_find_cpuid_entry(vcpu, 1, 0);
605         if (!best)
606                 return;
607
608         /* Update OSXSAVE bit */
609         if (cpu_has_xsave && best->function == 0x1) {
610                 best->ecx &= ~(bit(X86_FEATURE_OSXSAVE));
611                 if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE))
612                         best->ecx |= bit(X86_FEATURE_OSXSAVE);
613         }
614 }
615
616 int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
617 {
618         unsigned long old_cr4 = kvm_read_cr4(vcpu);
619         unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE |
620                                    X86_CR4_PAE | X86_CR4_SMEP;
621         if (cr4 & CR4_RESERVED_BITS)
622                 return 1;
623
624         if (!guest_cpuid_has_xsave(vcpu) && (cr4 & X86_CR4_OSXSAVE))
625                 return 1;
626
627         if (!guest_cpuid_has_smep(vcpu) && (cr4 & X86_CR4_SMEP))
628                 return 1;
629
630         if (!guest_cpuid_has_fsgsbase(vcpu) && (cr4 & X86_CR4_RDWRGSFS))
631                 return 1;
632
633         if (is_long_mode(vcpu)) {
634                 if (!(cr4 & X86_CR4_PAE))
635                         return 1;
636         } else if (is_paging(vcpu) && (cr4 & X86_CR4_PAE)
637                    && ((cr4 ^ old_cr4) & pdptr_bits)
638                    && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
639                                    kvm_read_cr3(vcpu)))
640                 return 1;
641
642         if (kvm_x86_ops->set_cr4(vcpu, cr4))
643                 return 1;
644
645         if ((cr4 ^ old_cr4) & pdptr_bits)
646                 kvm_mmu_reset_context(vcpu);
647
648         if ((cr4 ^ old_cr4) & X86_CR4_OSXSAVE)
649                 update_cpuid(vcpu);
650
651         return 0;
652 }
653 EXPORT_SYMBOL_GPL(kvm_set_cr4);
654
655 int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
656 {
657         if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) {
658                 kvm_mmu_sync_roots(vcpu);
659                 kvm_mmu_flush_tlb(vcpu);
660                 return 0;
661         }
662
663         if (is_long_mode(vcpu)) {
664                 if (cr3 & CR3_L_MODE_RESERVED_BITS)
665                         return 1;
666         } else {
667                 if (is_pae(vcpu)) {
668                         if (cr3 & CR3_PAE_RESERVED_BITS)
669                                 return 1;
670                         if (is_paging(vcpu) &&
671                             !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
672                                 return 1;
673                 }
674                 /*
675                  * We don't check reserved bits in nonpae mode, because
676                  * this isn't enforced, and VMware depends on this.
677                  */
678         }
679
680         /*
681          * Does the new cr3 value map to physical memory? (Note, we
682          * catch an invalid cr3 even in real-mode, because it would
683          * cause trouble later on when we turn on paging anyway.)
684          *
685          * A real CPU would silently accept an invalid cr3 and would
686          * attempt to use it - with largely undefined (and often hard
687          * to debug) behavior on the guest side.
688          */
689         if (unlikely(!gfn_to_memslot(vcpu->kvm, cr3 >> PAGE_SHIFT)))
690                 return 1;
691         vcpu->arch.cr3 = cr3;
692         __set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
693         vcpu->arch.mmu.new_cr3(vcpu);
694         return 0;
695 }
696 EXPORT_SYMBOL_GPL(kvm_set_cr3);
697
698 int kvm_set_cr8(struct kvm_vcpu *vcpu, unsigned long cr8)
699 {
700         if (cr8 & CR8_RESERVED_BITS)
701                 return 1;
702         if (irqchip_in_kernel(vcpu->kvm))
703                 kvm_lapic_set_tpr(vcpu, cr8);
704         else
705                 vcpu->arch.cr8 = cr8;
706         return 0;
707 }
708 EXPORT_SYMBOL_GPL(kvm_set_cr8);
709
710 unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu)
711 {
712         if (irqchip_in_kernel(vcpu->kvm))
713                 return kvm_lapic_get_cr8(vcpu);
714         else
715                 return vcpu->arch.cr8;
716 }
717 EXPORT_SYMBOL_GPL(kvm_get_cr8);
718
719 static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
720 {
721         switch (dr) {
722         case 0 ... 3:
723                 vcpu->arch.db[dr] = val;
724                 if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP))
725                         vcpu->arch.eff_db[dr] = val;
726                 break;
727         case 4:
728                 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
729                         return 1; /* #UD */
730                 /* fall through */
731         case 6:
732                 if (val & 0xffffffff00000000ULL)
733                         return -1; /* #GP */
734                 vcpu->arch.dr6 = (val & DR6_VOLATILE) | DR6_FIXED_1;
735                 break;
736         case 5:
737                 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
738                         return 1; /* #UD */
739                 /* fall through */
740         default: /* 7 */
741                 if (val & 0xffffffff00000000ULL)
742                         return -1; /* #GP */
743                 vcpu->arch.dr7 = (val & DR7_VOLATILE) | DR7_FIXED_1;
744                 if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)) {
745                         kvm_x86_ops->set_dr7(vcpu, vcpu->arch.dr7);
746                         vcpu->arch.switch_db_regs = (val & DR7_BP_EN_MASK);
747                 }
748                 break;
749         }
750
751         return 0;
752 }
753
754 int kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
755 {
756         int res;
757
758         res = __kvm_set_dr(vcpu, dr, val);
759         if (res > 0)
760                 kvm_queue_exception(vcpu, UD_VECTOR);
761         else if (res < 0)
762                 kvm_inject_gp(vcpu, 0);
763
764         return res;
765 }
766 EXPORT_SYMBOL_GPL(kvm_set_dr);
767
768 static int _kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
769 {
770         switch (dr) {
771         case 0 ... 3:
772                 *val = vcpu->arch.db[dr];
773                 break;
774         case 4:
775                 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
776                         return 1;
777                 /* fall through */
778         case 6:
779                 *val = vcpu->arch.dr6;
780                 break;
781         case 5:
782                 if (kvm_read_cr4_bits(vcpu, X86_CR4_DE))
783                         return 1;
784                 /* fall through */
785         default: /* 7 */
786                 *val = vcpu->arch.dr7;
787                 break;
788         }
789
790         return 0;
791 }
792
793 int kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
794 {
795         if (_kvm_get_dr(vcpu, dr, val)) {
796                 kvm_queue_exception(vcpu, UD_VECTOR);
797                 return 1;
798         }
799         return 0;
800 }
801 EXPORT_SYMBOL_GPL(kvm_get_dr);
802
803 /*
804  * List of msr numbers which we expose to userspace through KVM_GET_MSRS
805  * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST.
806  *
807  * This list is modified at module load time to reflect the
808  * capabilities of the host cpu. This capabilities test skips MSRs that are
809  * kvm-specific. Those are put in the beginning of the list.
810  */
811
812 #define KVM_SAVE_MSRS_BEGIN     9
813 static u32 msrs_to_save[] = {
814         MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
815         MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW,
816         HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL,
817         HV_X64_MSR_APIC_ASSIST_PAGE, MSR_KVM_ASYNC_PF_EN, MSR_KVM_STEAL_TIME,
818         MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
819         MSR_STAR,
820 #ifdef CONFIG_X86_64
821         MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
822 #endif
823         MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA
824 };
825
826 static unsigned num_msrs_to_save;
827
828 static u32 emulated_msrs[] = {
829         MSR_IA32_MISC_ENABLE,
830         MSR_IA32_MCG_STATUS,
831         MSR_IA32_MCG_CTL,
832 };
833
834 static int set_efer(struct kvm_vcpu *vcpu, u64 efer)
835 {
836         u64 old_efer = vcpu->arch.efer;
837
838         if (efer & efer_reserved_bits)
839                 return 1;
840
841         if (is_paging(vcpu)
842             && (vcpu->arch.efer & EFER_LME) != (efer & EFER_LME))
843                 return 1;
844
845         if (efer & EFER_FFXSR) {
846                 struct kvm_cpuid_entry2 *feat;
847
848                 feat = kvm_find_cpuid_entry(vcpu, 0x80000001, 0);
849                 if (!feat || !(feat->edx & bit(X86_FEATURE_FXSR_OPT)))
850                         return 1;
851         }
852
853         if (efer & EFER_SVME) {
854                 struct kvm_cpuid_entry2 *feat;
855
856                 feat = kvm_find_cpuid_entry(vcpu, 0x80000001, 0);
857                 if (!feat || !(feat->ecx & bit(X86_FEATURE_SVM)))
858                         return 1;
859         }
860
861         efer &= ~EFER_LMA;
862         efer |= vcpu->arch.efer & EFER_LMA;
863
864         kvm_x86_ops->set_efer(vcpu, efer);
865
866         vcpu->arch.mmu.base_role.nxe = (efer & EFER_NX) && !tdp_enabled;
867
868         /* Update reserved bits */
869         if ((efer ^ old_efer) & EFER_NX)
870                 kvm_mmu_reset_context(vcpu);
871
872         return 0;
873 }
874
875 void kvm_enable_efer_bits(u64 mask)
876 {
877        efer_reserved_bits &= ~mask;
878 }
879 EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
880
881
882 /*
883  * Writes msr value into into the appropriate "register".
884  * Returns 0 on success, non-0 otherwise.
885  * Assumes vcpu_load() was already called.
886  */
887 int kvm_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
888 {
889         return kvm_x86_ops->set_msr(vcpu, msr_index, data);
890 }
891
892 /*
893  * Adapt set_msr() to msr_io()'s calling convention
894  */
895 static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
896 {
897         return kvm_set_msr(vcpu, index, *data);
898 }
899
900 static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
901 {
902         int version;
903         int r;
904         struct pvclock_wall_clock wc;
905         struct timespec boot;
906
907         if (!wall_clock)
908                 return;
909
910         r = kvm_read_guest(kvm, wall_clock, &version, sizeof(version));
911         if (r)
912                 return;
913
914         if (version & 1)
915                 ++version;  /* first time write, random junk */
916
917         ++version;
918
919         kvm_write_guest(kvm, wall_clock, &version, sizeof(version));
920
921         /*
922          * The guest calculates current wall clock time by adding
923          * system time (updated by kvm_guest_time_update below) to the
924          * wall clock specified here.  guest system time equals host
925          * system time for us, thus we must fill in host boot time here.
926          */
927         getboottime(&boot);
928
929         wc.sec = boot.tv_sec;
930         wc.nsec = boot.tv_nsec;
931         wc.version = version;
932
933         kvm_write_guest(kvm, wall_clock, &wc, sizeof(wc));
934
935         version++;
936         kvm_write_guest(kvm, wall_clock, &version, sizeof(version));
937 }
938
939 static uint32_t div_frac(uint32_t dividend, uint32_t divisor)
940 {
941         uint32_t quotient, remainder;
942
943         /* Don't try to replace with do_div(), this one calculates
944          * "(dividend << 32) / divisor" */
945         __asm__ ( "divl %4"
946                   : "=a" (quotient), "=d" (remainder)
947                   : "0" (0), "1" (dividend), "r" (divisor) );
948         return quotient;
949 }
950
951 static void kvm_get_time_scale(uint32_t scaled_khz, uint32_t base_khz,
952                                s8 *pshift, u32 *pmultiplier)
953 {
954         uint64_t scaled64;
955         int32_t  shift = 0;
956         uint64_t tps64;
957         uint32_t tps32;
958
959         tps64 = base_khz * 1000LL;
960         scaled64 = scaled_khz * 1000LL;
961         while (tps64 > scaled64*2 || tps64 & 0xffffffff00000000ULL) {
962                 tps64 >>= 1;
963                 shift--;
964         }
965
966         tps32 = (uint32_t)tps64;
967         while (tps32 <= scaled64 || scaled64 & 0xffffffff00000000ULL) {
968                 if (scaled64 & 0xffffffff00000000ULL || tps32 & 0x80000000)
969                         scaled64 >>= 1;
970                 else
971                         tps32 <<= 1;
972                 shift++;
973         }
974
975         *pshift = shift;
976         *pmultiplier = div_frac(scaled64, tps32);
977
978         pr_debug("%s: base_khz %u => %u, shift %d, mul %u\n",
979                  __func__, base_khz, scaled_khz, shift, *pmultiplier);
980 }
981
982 static inline u64 get_kernel_ns(void)
983 {
984         struct timespec ts;
985
986         WARN_ON(preemptible());
987         ktime_get_ts(&ts);
988         monotonic_to_bootbased(&ts);
989         return timespec_to_ns(&ts);
990 }
991
992 static DEFINE_PER_CPU(unsigned long, cpu_tsc_khz);
993 unsigned long max_tsc_khz;
994
995 static inline int kvm_tsc_changes_freq(void)
996 {
997         int cpu = get_cpu();
998         int ret = !boot_cpu_has(X86_FEATURE_CONSTANT_TSC) &&
999                   cpufreq_quick_get(cpu) != 0;
1000         put_cpu();
1001         return ret;
1002 }
1003
1004 static u64 vcpu_tsc_khz(struct kvm_vcpu *vcpu)
1005 {
1006         if (vcpu->arch.virtual_tsc_khz)
1007                 return vcpu->arch.virtual_tsc_khz;
1008         else
1009                 return __this_cpu_read(cpu_tsc_khz);
1010 }
1011
1012 static inline u64 nsec_to_cycles(struct kvm_vcpu *vcpu, u64 nsec)
1013 {
1014         u64 ret;
1015
1016         WARN_ON(preemptible());
1017         if (kvm_tsc_changes_freq())
1018                 printk_once(KERN_WARNING
1019                  "kvm: unreliable cycle conversion on adjustable rate TSC\n");
1020         ret = nsec * vcpu_tsc_khz(vcpu);
1021         do_div(ret, USEC_PER_SEC);
1022         return ret;
1023 }
1024
1025 static void kvm_init_tsc_catchup(struct kvm_vcpu *vcpu, u32 this_tsc_khz)
1026 {
1027         /* Compute a scale to convert nanoseconds in TSC cycles */
1028         kvm_get_time_scale(this_tsc_khz, NSEC_PER_SEC / 1000,
1029                            &vcpu->arch.tsc_catchup_shift,
1030                            &vcpu->arch.tsc_catchup_mult);
1031 }
1032
1033 static u64 compute_guest_tsc(struct kvm_vcpu *vcpu, s64 kernel_ns)
1034 {
1035         u64 tsc = pvclock_scale_delta(kernel_ns-vcpu->arch.last_tsc_nsec,
1036                                       vcpu->arch.tsc_catchup_mult,
1037                                       vcpu->arch.tsc_catchup_shift);
1038         tsc += vcpu->arch.last_tsc_write;
1039         return tsc;
1040 }
1041
1042 void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data)
1043 {
1044         struct kvm *kvm = vcpu->kvm;
1045         u64 offset, ns, elapsed;
1046         unsigned long flags;
1047         s64 sdiff;
1048
1049         raw_spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
1050         offset = kvm_x86_ops->compute_tsc_offset(vcpu, data);
1051         ns = get_kernel_ns();
1052         elapsed = ns - kvm->arch.last_tsc_nsec;
1053         sdiff = data - kvm->arch.last_tsc_write;
1054         if (sdiff < 0)
1055                 sdiff = -sdiff;
1056
1057         /*
1058          * Special case: close write to TSC within 5 seconds of
1059          * another CPU is interpreted as an attempt to synchronize
1060          * The 5 seconds is to accommodate host load / swapping as
1061          * well as any reset of TSC during the boot process.
1062          *
1063          * In that case, for a reliable TSC, we can match TSC offsets,
1064          * or make a best guest using elapsed value.
1065          */
1066         if (sdiff < nsec_to_cycles(vcpu, 5ULL * NSEC_PER_SEC) &&
1067             elapsed < 5ULL * NSEC_PER_SEC) {
1068                 if (!check_tsc_unstable()) {
1069                         offset = kvm->arch.last_tsc_offset;
1070                         pr_debug("kvm: matched tsc offset for %llu\n", data);
1071                 } else {
1072                         u64 delta = nsec_to_cycles(vcpu, elapsed);
1073                         offset += delta;
1074                         pr_debug("kvm: adjusted tsc offset by %llu\n", delta);
1075                 }
1076                 ns = kvm->arch.last_tsc_nsec;
1077         }
1078         kvm->arch.last_tsc_nsec = ns;
1079         kvm->arch.last_tsc_write = data;
1080         kvm->arch.last_tsc_offset = offset;
1081         kvm_x86_ops->write_tsc_offset(vcpu, offset);
1082         raw_spin_unlock_irqrestore(&kvm->arch.tsc_write_lock, flags);
1083
1084         /* Reset of TSC must disable overshoot protection below */
1085         vcpu->arch.hv_clock.tsc_timestamp = 0;
1086         vcpu->arch.last_tsc_write = data;
1087         vcpu->arch.last_tsc_nsec = ns;
1088 }
1089 EXPORT_SYMBOL_GPL(kvm_write_tsc);
1090
1091 static int kvm_guest_time_update(struct kvm_vcpu *v)
1092 {
1093         unsigned long flags;
1094         struct kvm_vcpu_arch *vcpu = &v->arch;
1095         void *shared_kaddr;
1096         unsigned long this_tsc_khz;
1097         s64 kernel_ns, max_kernel_ns;
1098         u64 tsc_timestamp;
1099
1100         /* Keep irq disabled to prevent changes to the clock */
1101         local_irq_save(flags);
1102         kvm_get_msr(v, MSR_IA32_TSC, &tsc_timestamp);
1103         kernel_ns = get_kernel_ns();
1104         this_tsc_khz = vcpu_tsc_khz(v);
1105         if (unlikely(this_tsc_khz == 0)) {
1106                 local_irq_restore(flags);
1107                 kvm_make_request(KVM_REQ_CLOCK_UPDATE, v);
1108                 return 1;
1109         }
1110
1111         /*
1112          * We may have to catch up the TSC to match elapsed wall clock
1113          * time for two reasons, even if kvmclock is used.
1114          *   1) CPU could have been running below the maximum TSC rate
1115          *   2) Broken TSC compensation resets the base at each VCPU
1116          *      entry to avoid unknown leaps of TSC even when running
1117          *      again on the same CPU.  This may cause apparent elapsed
1118          *      time to disappear, and the guest to stand still or run
1119          *      very slowly.
1120          */
1121         if (vcpu->tsc_catchup) {
1122                 u64 tsc = compute_guest_tsc(v, kernel_ns);
1123                 if (tsc > tsc_timestamp) {
1124                         kvm_x86_ops->adjust_tsc_offset(v, tsc - tsc_timestamp);
1125                         tsc_timestamp = tsc;
1126                 }
1127         }
1128
1129         local_irq_restore(flags);
1130
1131         if (!vcpu->time_page)
1132                 return 0;
1133
1134         /*
1135          * Time as measured by the TSC may go backwards when resetting the base
1136          * tsc_timestamp.  The reason for this is that the TSC resolution is
1137          * higher than the resolution of the other clock scales.  Thus, many
1138          * possible measurments of the TSC correspond to one measurement of any
1139          * other clock, and so a spread of values is possible.  This is not a
1140          * problem for the computation of the nanosecond clock; with TSC rates
1141          * around 1GHZ, there can only be a few cycles which correspond to one
1142          * nanosecond value, and any path through this code will inevitably
1143          * take longer than that.  However, with the kernel_ns value itself,
1144          * the precision may be much lower, down to HZ granularity.  If the
1145          * first sampling of TSC against kernel_ns ends in the low part of the
1146          * range, and the second in the high end of the range, we can get:
1147          *
1148          * (TSC - offset_low) * S + kns_old > (TSC - offset_high) * S + kns_new
1149          *
1150          * As the sampling errors potentially range in the thousands of cycles,
1151          * it is possible such a time value has already been observed by the
1152          * guest.  To protect against this, we must compute the system time as
1153          * observed by the guest and ensure the new system time is greater.
1154          */
1155         max_kernel_ns = 0;
1156         if (vcpu->hv_clock.tsc_timestamp && vcpu->last_guest_tsc) {
1157                 max_kernel_ns = vcpu->last_guest_tsc -
1158                                 vcpu->hv_clock.tsc_timestamp;
1159                 max_kernel_ns = pvclock_scale_delta(max_kernel_ns,
1160                                     vcpu->hv_clock.tsc_to_system_mul,
1161                                     vcpu->hv_clock.tsc_shift);
1162                 max_kernel_ns += vcpu->last_kernel_ns;
1163         }
1164
1165         if (unlikely(vcpu->hw_tsc_khz != this_tsc_khz)) {
1166                 kvm_get_time_scale(NSEC_PER_SEC / 1000, this_tsc_khz,
1167                                    &vcpu->hv_clock.tsc_shift,
1168                                    &vcpu->hv_clock.tsc_to_system_mul);
1169                 vcpu->hw_tsc_khz = this_tsc_khz;
1170         }
1171
1172         if (max_kernel_ns > kernel_ns)
1173                 kernel_ns = max_kernel_ns;
1174
1175         /* With all the info we got, fill in the values */
1176         vcpu->hv_clock.tsc_timestamp = tsc_timestamp;
1177         vcpu->hv_clock.system_time = kernel_ns + v->kvm->arch.kvmclock_offset;
1178         vcpu->last_kernel_ns = kernel_ns;
1179         vcpu->last_guest_tsc = tsc_timestamp;
1180         vcpu->hv_clock.flags = 0;
1181
1182         /*
1183          * The interface expects us to write an even number signaling that the
1184          * update is finished. Since the guest won't see the intermediate
1185          * state, we just increase by 2 at the end.
1186          */
1187         vcpu->hv_clock.version += 2;
1188
1189         shared_kaddr = kmap_atomic(vcpu->time_page, KM_USER0);
1190
1191         memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock,
1192                sizeof(vcpu->hv_clock));
1193
1194         kunmap_atomic(shared_kaddr, KM_USER0);
1195
1196         mark_page_dirty(v->kvm, vcpu->time >> PAGE_SHIFT);
1197         return 0;
1198 }
1199
1200 static bool msr_mtrr_valid(unsigned msr)
1201 {
1202         switch (msr) {
1203         case 0x200 ... 0x200 + 2 * KVM_NR_VAR_MTRR - 1:
1204         case MSR_MTRRfix64K_00000:
1205         case MSR_MTRRfix16K_80000:
1206         case MSR_MTRRfix16K_A0000:
1207         case MSR_MTRRfix4K_C0000:
1208         case MSR_MTRRfix4K_C8000:
1209         case MSR_MTRRfix4K_D0000:
1210         case MSR_MTRRfix4K_D8000:
1211         case MSR_MTRRfix4K_E0000:
1212         case MSR_MTRRfix4K_E8000:
1213         case MSR_MTRRfix4K_F0000:
1214         case MSR_MTRRfix4K_F8000:
1215         case MSR_MTRRdefType:
1216         case MSR_IA32_CR_PAT:
1217                 return true;
1218         case 0x2f8:
1219                 return true;
1220         }
1221         return false;
1222 }
1223
1224 static bool valid_pat_type(unsigned t)
1225 {
1226         return t < 8 && (1 << t) & 0xf3; /* 0, 1, 4, 5, 6, 7 */
1227 }
1228
1229 static bool valid_mtrr_type(unsigned t)
1230 {
1231         return t < 8 && (1 << t) & 0x73; /* 0, 1, 4, 5, 6 */
1232 }
1233
1234 static bool mtrr_valid(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1235 {
1236         int i;
1237
1238         if (!msr_mtrr_valid(msr))
1239                 return false;
1240
1241         if (msr == MSR_IA32_CR_PAT) {
1242                 for (i = 0; i < 8; i++)
1243                         if (!valid_pat_type((data >> (i * 8)) & 0xff))
1244                                 return false;
1245                 return true;
1246         } else if (msr == MSR_MTRRdefType) {
1247                 if (data & ~0xcff)
1248                         return false;
1249                 return valid_mtrr_type(data & 0xff);
1250         } else if (msr >= MSR_MTRRfix64K_00000 && msr <= MSR_MTRRfix4K_F8000) {
1251                 for (i = 0; i < 8 ; i++)
1252                         if (!valid_mtrr_type((data >> (i * 8)) & 0xff))
1253                                 return false;
1254                 return true;
1255         }
1256
1257         /* variable MTRRs */
1258         return valid_mtrr_type(data & 0xff);
1259 }
1260
1261 static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1262 {
1263         u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges;
1264
1265         if (!mtrr_valid(vcpu, msr, data))
1266                 return 1;
1267
1268         if (msr == MSR_MTRRdefType) {
1269                 vcpu->arch.mtrr_state.def_type = data;
1270                 vcpu->arch.mtrr_state.enabled = (data & 0xc00) >> 10;
1271         } else if (msr == MSR_MTRRfix64K_00000)
1272                 p[0] = data;
1273         else if (msr == MSR_MTRRfix16K_80000 || msr == MSR_MTRRfix16K_A0000)
1274                 p[1 + msr - MSR_MTRRfix16K_80000] = data;
1275         else if (msr >= MSR_MTRRfix4K_C0000 && msr <= MSR_MTRRfix4K_F8000)
1276                 p[3 + msr - MSR_MTRRfix4K_C0000] = data;
1277         else if (msr == MSR_IA32_CR_PAT)
1278                 vcpu->arch.pat = data;
1279         else {  /* Variable MTRRs */
1280                 int idx, is_mtrr_mask;
1281                 u64 *pt;
1282
1283                 idx = (msr - 0x200) / 2;
1284                 is_mtrr_mask = msr - 0x200 - 2 * idx;
1285                 if (!is_mtrr_mask)
1286                         pt =
1287                           (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].base_lo;
1288                 else
1289                         pt =
1290                           (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].mask_lo;
1291                 *pt = data;
1292         }
1293
1294         kvm_mmu_reset_context(vcpu);
1295         return 0;
1296 }
1297
1298 static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1299 {
1300         u64 mcg_cap = vcpu->arch.mcg_cap;
1301         unsigned bank_num = mcg_cap & 0xff;
1302
1303         switch (msr) {
1304         case MSR_IA32_MCG_STATUS:
1305                 vcpu->arch.mcg_status = data;
1306                 break;
1307         case MSR_IA32_MCG_CTL:
1308                 if (!(mcg_cap & MCG_CTL_P))
1309                         return 1;
1310                 if (data != 0 && data != ~(u64)0)
1311                         return -1;
1312                 vcpu->arch.mcg_ctl = data;
1313                 break;
1314         default:
1315                 if (msr >= MSR_IA32_MC0_CTL &&
1316                     msr < MSR_IA32_MC0_CTL + 4 * bank_num) {
1317                         u32 offset = msr - MSR_IA32_MC0_CTL;
1318                         /* only 0 or all 1s can be written to IA32_MCi_CTL
1319                          * some Linux kernels though clear bit 10 in bank 4 to
1320                          * workaround a BIOS/GART TBL issue on AMD K8s, ignore
1321                          * this to avoid an uncatched #GP in the guest
1322                          */
1323                         if ((offset & 0x3) == 0 &&
1324                             data != 0 && (data | (1 << 10)) != ~(u64)0)
1325                                 return -1;
1326                         vcpu->arch.mce_banks[offset] = data;
1327                         break;
1328                 }
1329                 return 1;
1330         }
1331         return 0;
1332 }
1333
1334 static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
1335 {
1336         struct kvm *kvm = vcpu->kvm;
1337         int lm = is_long_mode(vcpu);
1338         u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
1339                 : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
1340         u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
1341                 : kvm->arch.xen_hvm_config.blob_size_32;
1342         u32 page_num = data & ~PAGE_MASK;
1343         u64 page_addr = data & PAGE_MASK;
1344         u8 *page;
1345         int r;
1346
1347         r = -E2BIG;
1348         if (page_num >= blob_size)
1349                 goto out;
1350         r = -ENOMEM;
1351         page = kzalloc(PAGE_SIZE, GFP_KERNEL);
1352         if (!page)
1353                 goto out;
1354         r = -EFAULT;
1355         if (copy_from_user(page, blob_addr + (page_num * PAGE_SIZE), PAGE_SIZE))
1356                 goto out_free;
1357         if (kvm_write_guest(kvm, page_addr, page, PAGE_SIZE))
1358                 goto out_free;
1359         r = 0;
1360 out_free:
1361         kfree(page);
1362 out:
1363         return r;
1364 }
1365
1366 static bool kvm_hv_hypercall_enabled(struct kvm *kvm)
1367 {
1368         return kvm->arch.hv_hypercall & HV_X64_MSR_HYPERCALL_ENABLE;
1369 }
1370
1371 static bool kvm_hv_msr_partition_wide(u32 msr)
1372 {
1373         bool r = false;
1374         switch (msr) {
1375         case HV_X64_MSR_GUEST_OS_ID:
1376         case HV_X64_MSR_HYPERCALL:
1377                 r = true;
1378                 break;
1379         }
1380
1381         return r;
1382 }
1383
1384 static int set_msr_hyperv_pw(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1385 {
1386         struct kvm *kvm = vcpu->kvm;
1387
1388         switch (msr) {
1389         case HV_X64_MSR_GUEST_OS_ID:
1390                 kvm->arch.hv_guest_os_id = data;
1391                 /* setting guest os id to zero disables hypercall page */
1392                 if (!kvm->arch.hv_guest_os_id)
1393                         kvm->arch.hv_hypercall &= ~HV_X64_MSR_HYPERCALL_ENABLE;
1394                 break;
1395         case HV_X64_MSR_HYPERCALL: {
1396                 u64 gfn;
1397                 unsigned long addr;
1398                 u8 instructions[4];
1399
1400                 /* if guest os id is not set hypercall should remain disabled */
1401                 if (!kvm->arch.hv_guest_os_id)
1402                         break;
1403                 if (!(data & HV_X64_MSR_HYPERCALL_ENABLE)) {
1404                         kvm->arch.hv_hypercall = data;
1405                         break;
1406                 }
1407                 gfn = data >> HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_SHIFT;
1408                 addr = gfn_to_hva(kvm, gfn);
1409                 if (kvm_is_error_hva(addr))
1410                         return 1;
1411                 kvm_x86_ops->patch_hypercall(vcpu, instructions);
1412                 ((unsigned char *)instructions)[3] = 0xc3; /* ret */
1413                 if (__copy_to_user((void __user *)addr, instructions, 4))
1414                         return 1;
1415                 kvm->arch.hv_hypercall = data;
1416                 break;
1417         }
1418         default:
1419                 pr_unimpl(vcpu, "HYPER-V unimplemented wrmsr: 0x%x "
1420                           "data 0x%llx\n", msr, data);
1421                 return 1;
1422         }
1423         return 0;
1424 }
1425
1426 static int set_msr_hyperv(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1427 {
1428         switch (msr) {
1429         case HV_X64_MSR_APIC_ASSIST_PAGE: {
1430                 unsigned long addr;
1431
1432                 if (!(data & HV_X64_MSR_APIC_ASSIST_PAGE_ENABLE)) {
1433                         vcpu->arch.hv_vapic = data;
1434                         break;
1435                 }
1436                 addr = gfn_to_hva(vcpu->kvm, data >>
1437                                   HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT);
1438                 if (kvm_is_error_hva(addr))
1439                         return 1;
1440                 if (__clear_user((void __user *)addr, PAGE_SIZE))
1441                         return 1;
1442                 vcpu->arch.hv_vapic = data;
1443                 break;
1444         }
1445         case HV_X64_MSR_EOI:
1446                 return kvm_hv_vapic_msr_write(vcpu, APIC_EOI, data);
1447         case HV_X64_MSR_ICR:
1448                 return kvm_hv_vapic_msr_write(vcpu, APIC_ICR, data);
1449         case HV_X64_MSR_TPR:
1450                 return kvm_hv_vapic_msr_write(vcpu, APIC_TASKPRI, data);
1451         default:
1452                 pr_unimpl(vcpu, "HYPER-V unimplemented wrmsr: 0x%x "
1453                           "data 0x%llx\n", msr, data);
1454                 return 1;
1455         }
1456
1457         return 0;
1458 }
1459
1460 static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data)
1461 {
1462         gpa_t gpa = data & ~0x3f;
1463
1464         /* Bits 2:5 are resrved, Should be zero */
1465         if (data & 0x3c)
1466                 return 1;
1467
1468         vcpu->arch.apf.msr_val = data;
1469
1470         if (!(data & KVM_ASYNC_PF_ENABLED)) {
1471                 kvm_clear_async_pf_completion_queue(vcpu);
1472                 kvm_async_pf_hash_reset(vcpu);
1473                 return 0;
1474         }
1475
1476         if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa))
1477                 return 1;
1478
1479         vcpu->arch.apf.send_user_only = !(data & KVM_ASYNC_PF_SEND_ALWAYS);
1480         kvm_async_pf_wakeup_all(vcpu);
1481         return 0;
1482 }
1483
1484 static void kvmclock_reset(struct kvm_vcpu *vcpu)
1485 {
1486         if (vcpu->arch.time_page) {
1487                 kvm_release_page_dirty(vcpu->arch.time_page);
1488                 vcpu->arch.time_page = NULL;
1489         }
1490 }
1491
1492 static void accumulate_steal_time(struct kvm_vcpu *vcpu)
1493 {
1494         u64 delta;
1495
1496         if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
1497                 return;
1498
1499         delta = current->sched_info.run_delay - vcpu->arch.st.last_steal;
1500         vcpu->arch.st.last_steal = current->sched_info.run_delay;
1501         vcpu->arch.st.accum_steal = delta;
1502 }
1503
1504 static void record_steal_time(struct kvm_vcpu *vcpu)
1505 {
1506         if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
1507                 return;
1508
1509         if (unlikely(kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
1510                 &vcpu->arch.st.steal, sizeof(struct kvm_steal_time))))
1511                 return;
1512
1513         vcpu->arch.st.steal.steal += vcpu->arch.st.accum_steal;
1514         vcpu->arch.st.steal.version += 2;
1515         vcpu->arch.st.accum_steal = 0;
1516
1517         kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
1518                 &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
1519 }
1520
1521 int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
1522 {
1523         switch (msr) {
1524         case MSR_EFER:
1525                 return set_efer(vcpu, data);
1526         case MSR_K7_HWCR:
1527                 data &= ~(u64)0x40;     /* ignore flush filter disable */
1528                 data &= ~(u64)0x100;    /* ignore ignne emulation enable */
1529                 if (data != 0) {
1530                         pr_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n",
1531                                 data);
1532                         return 1;
1533                 }
1534                 break;
1535         case MSR_FAM10H_MMIO_CONF_BASE:
1536                 if (data != 0) {
1537                         pr_unimpl(vcpu, "unimplemented MMIO_CONF_BASE wrmsr: "
1538                                 "0x%llx\n", data);
1539                         return 1;
1540                 }
1541                 break;
1542         case MSR_AMD64_NB_CFG:
1543                 break;
1544         case MSR_IA32_DEBUGCTLMSR:
1545                 if (!data) {
1546                         /* We support the non-activated case already */
1547                         break;
1548                 } else if (data & ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BTF)) {
1549                         /* Values other than LBR and BTF are vendor-specific,
1550                            thus reserved and should throw a #GP */
1551                         return 1;
1552                 }
1553                 pr_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTLMSR 0x%llx, nop\n",
1554                         __func__, data);
1555                 break;
1556         case MSR_IA32_UCODE_REV:
1557         case MSR_IA32_UCODE_WRITE:
1558         case MSR_VM_HSAVE_PA:
1559         case MSR_AMD64_PATCH_LOADER:
1560                 break;
1561         case 0x200 ... 0x2ff:
1562                 return set_msr_mtrr(vcpu, msr, data);
1563         case MSR_IA32_APICBASE:
1564                 kvm_set_apic_base(vcpu, data);
1565                 break;
1566         case APIC_BASE_MSR ... APIC_BASE_MSR + 0x3ff:
1567                 return kvm_x2apic_msr_write(vcpu, msr, data);
1568         case MSR_IA32_MISC_ENABLE:
1569                 vcpu->arch.ia32_misc_enable_msr = data;
1570                 break;
1571         case MSR_KVM_WALL_CLOCK_NEW:
1572         case MSR_KVM_WALL_CLOCK:
1573                 vcpu->kvm->arch.wall_clock = data;
1574                 kvm_write_wall_clock(vcpu->kvm, data);
1575                 break;
1576         case MSR_KVM_SYSTEM_TIME_NEW:
1577         case MSR_KVM_SYSTEM_TIME: {
1578                 kvmclock_reset(vcpu);
1579
1580                 vcpu->arch.time = data;
1581                 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
1582
1583                 /* we verify if the enable bit is set... */
1584                 if (!(data & 1))
1585                         break;
1586
1587                 /* ...but clean it before doing the actual write */
1588                 vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
1589
1590                 vcpu->arch.time_page =
1591                                 gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT);
1592
1593                 if (is_error_page(vcpu->arch.time_page)) {
1594                         kvm_release_page_clean(vcpu->arch.time_page);
1595                         vcpu->arch.time_page = NULL;
1596                 }
1597                 break;
1598         }
1599         case MSR_KVM_ASYNC_PF_EN:
1600                 if (kvm_pv_enable_async_pf(vcpu, data))
1601                         return 1;
1602                 break;
1603         case MSR_KVM_STEAL_TIME:
1604
1605                 if (unlikely(!sched_info_on()))
1606                         return 1;
1607
1608                 if (data & KVM_STEAL_RESERVED_MASK)
1609                         return 1;
1610
1611                 if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
1612                                                         data & KVM_STEAL_VALID_BITS))
1613                         return 1;
1614
1615                 vcpu->arch.st.msr_val = data;
1616
1617                 if (!(data & KVM_MSR_ENABLED))
1618                         break;
1619
1620                 vcpu->arch.st.last_steal = current->sched_info.run_delay;
1621
1622                 preempt_disable();
1623                 accumulate_steal_time(vcpu);
1624                 preempt_enable();
1625
1626                 kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
1627
1628                 break;
1629
1630         case MSR_IA32_MCG_CTL:
1631         case MSR_IA32_MCG_STATUS:
1632         case MSR_IA32_MC0_CTL ... MSR_IA32_MC0_CTL + 4 * KVM_MAX_MCE_BANKS - 1:
1633                 return set_msr_mce(vcpu, msr, data);
1634
1635         /* Performance counters are not protected by a CPUID bit,
1636          * so we should check all of them in the generic path for the sake of
1637          * cross vendor migration.
1638          * Writing a zero into the event select MSRs disables them,
1639          * which we perfectly emulate ;-). Any other value should be at least
1640          * reported, some guests depend on them.
1641          */
1642         case MSR_P6_EVNTSEL0:
1643         case MSR_P6_EVNTSEL1:
1644         case MSR_K7_EVNTSEL0:
1645         case MSR_K7_EVNTSEL1:
1646         case MSR_K7_EVNTSEL2:
1647         case MSR_K7_EVNTSEL3:
1648                 if (data != 0)
1649                         pr_unimpl(vcpu, "unimplemented perfctr wrmsr: "
1650                                 "0x%x data 0x%llx\n", msr, data);
1651                 break;
1652         /* at least RHEL 4 unconditionally writes to the perfctr registers,
1653          * so we ignore writes to make it happy.
1654          */
1655         case MSR_P6_PERFCTR0:
1656         case MSR_P6_PERFCTR1:
1657         case MSR_K7_PERFCTR0:
1658         case MSR_K7_PERFCTR1:
1659         case MSR_K7_PERFCTR2:
1660         case MSR_K7_PERFCTR3:
1661                 pr_unimpl(vcpu, "unimplemented perfctr wrmsr: "
1662                         "0x%x data 0x%llx\n", msr, data);
1663                 break;
1664         case MSR_K7_CLK_CTL:
1665                 /*
1666                  * Ignore all writes to this no longer documented MSR.
1667                  * Writes are only relevant for old K7 processors,
1668                  * all pre-dating SVM, but a recommended workaround from
1669                  * AMD for these chips. It is possible to speicify the
1670                  * affected processor models on the command line, hence
1671                  * the need to ignore the workaround.
1672                  */
1673                 break;
1674         case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15:
1675                 if (kvm_hv_msr_partition_wide(msr)) {
1676                         int r;
1677                         mutex_lock(&vcpu->kvm->lock);
1678                         r = set_msr_hyperv_pw(vcpu, msr, data);
1679                         mutex_unlock(&vcpu->kvm->lock);
1680                         return r;
1681                 } else
1682                         return set_msr_hyperv(vcpu, msr, data);
1683                 break;
1684         case MSR_IA32_BBL_CR_CTL3:
1685                 /* Drop writes to this legacy MSR -- see rdmsr
1686                  * counterpart for further detail.
1687                  */
1688                 pr_unimpl(vcpu, "ignored wrmsr: 0x%x data %llx\n", msr, data);
1689                 break;
1690         default:
1691                 if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr))
1692                         return xen_hvm_config(vcpu, data);
1693                 if (!ignore_msrs) {
1694                         pr_unimpl(vcpu, "unhandled wrmsr: 0x%x data %llx\n",
1695                                 msr, data);
1696                         return 1;
1697                 } else {
1698                         pr_unimpl(vcpu, "ignored wrmsr: 0x%x data %llx\n",
1699                                 msr, data);
1700                         break;
1701                 }
1702         }
1703         return 0;
1704 }
1705 EXPORT_SYMBOL_GPL(kvm_set_msr_common);
1706
1707
1708 /*
1709  * Reads an msr value (of 'msr_index') into 'pdata'.
1710  * Returns 0 on success, non-0 otherwise.
1711  * Assumes vcpu_load() was already called.
1712  */
1713 int kvm_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
1714 {
1715         return kvm_x86_ops->get_msr(vcpu, msr_index, pdata);
1716 }
1717
1718 static int get_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1719 {
1720         u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges;
1721
1722         if (!msr_mtrr_valid(msr))
1723                 return 1;
1724
1725         if (msr == MSR_MTRRdefType)
1726                 *pdata = vcpu->arch.mtrr_state.def_type +
1727                          (vcpu->arch.mtrr_state.enabled << 10);
1728         else if (msr == MSR_MTRRfix64K_00000)
1729                 *pdata = p[0];
1730         else if (msr == MSR_MTRRfix16K_80000 || msr == MSR_MTRRfix16K_A0000)
1731                 *pdata = p[1 + msr - MSR_MTRRfix16K_80000];
1732         else if (msr >= MSR_MTRRfix4K_C0000 && msr <= MSR_MTRRfix4K_F8000)
1733                 *pdata = p[3 + msr - MSR_MTRRfix4K_C0000];
1734         else if (msr == MSR_IA32_CR_PAT)
1735                 *pdata = vcpu->arch.pat;
1736         else {  /* Variable MTRRs */
1737                 int idx, is_mtrr_mask;
1738                 u64 *pt;
1739
1740                 idx = (msr - 0x200) / 2;
1741                 is_mtrr_mask = msr - 0x200 - 2 * idx;
1742                 if (!is_mtrr_mask)
1743                         pt =
1744                           (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].base_lo;
1745                 else
1746                         pt =
1747                           (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].mask_lo;
1748                 *pdata = *pt;
1749         }
1750
1751         return 0;
1752 }
1753
1754 static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1755 {
1756         u64 data;
1757         u64 mcg_cap = vcpu->arch.mcg_cap;
1758         unsigned bank_num = mcg_cap & 0xff;
1759
1760         switch (msr) {
1761         case MSR_IA32_P5_MC_ADDR:
1762         case MSR_IA32_P5_MC_TYPE:
1763                 data = 0;
1764                 break;
1765         case MSR_IA32_MCG_CAP:
1766                 data = vcpu->arch.mcg_cap;
1767                 break;
1768         case MSR_IA32_MCG_CTL:
1769                 if (!(mcg_cap & MCG_CTL_P))
1770                         return 1;
1771                 data = vcpu->arch.mcg_ctl;
1772                 break;
1773         case MSR_IA32_MCG_STATUS:
1774                 data = vcpu->arch.mcg_status;
1775                 break;
1776         default:
1777                 if (msr >= MSR_IA32_MC0_CTL &&
1778                     msr < MSR_IA32_MC0_CTL + 4 * bank_num) {
1779                         u32 offset = msr - MSR_IA32_MC0_CTL;
1780                         data = vcpu->arch.mce_banks[offset];
1781                         break;
1782                 }
1783                 return 1;
1784         }
1785         *pdata = data;
1786         return 0;
1787 }
1788
1789 static int get_msr_hyperv_pw(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1790 {
1791         u64 data = 0;
1792         struct kvm *kvm = vcpu->kvm;
1793
1794         switch (msr) {
1795         case HV_X64_MSR_GUEST_OS_ID:
1796                 data = kvm->arch.hv_guest_os_id;
1797                 break;
1798         case HV_X64_MSR_HYPERCALL:
1799                 data = kvm->arch.hv_hypercall;
1800                 break;
1801         default:
1802                 pr_unimpl(vcpu, "Hyper-V unhandled rdmsr: 0x%x\n", msr);
1803                 return 1;
1804         }
1805
1806         *pdata = data;
1807         return 0;
1808 }
1809
1810 static int get_msr_hyperv(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1811 {
1812         u64 data = 0;
1813
1814         switch (msr) {
1815         case HV_X64_MSR_VP_INDEX: {
1816                 int r;
1817                 struct kvm_vcpu *v;
1818                 kvm_for_each_vcpu(r, v, vcpu->kvm)
1819                         if (v == vcpu)
1820                                 data = r;
1821                 break;
1822         }
1823         case HV_X64_MSR_EOI:
1824                 return kvm_hv_vapic_msr_read(vcpu, APIC_EOI, pdata);
1825         case HV_X64_MSR_ICR:
1826                 return kvm_hv_vapic_msr_read(vcpu, APIC_ICR, pdata);
1827         case HV_X64_MSR_TPR:
1828                 return kvm_hv_vapic_msr_read(vcpu, APIC_TASKPRI, pdata);
1829         default:
1830                 pr_unimpl(vcpu, "Hyper-V unhandled rdmsr: 0x%x\n", msr);
1831                 return 1;
1832         }
1833         *pdata = data;
1834         return 0;
1835 }
1836
1837 int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
1838 {
1839         u64 data;
1840
1841         switch (msr) {
1842         case MSR_IA32_PLATFORM_ID:
1843         case MSR_IA32_UCODE_REV:
1844         case MSR_IA32_EBL_CR_POWERON:
1845         case MSR_IA32_DEBUGCTLMSR:
1846         case MSR_IA32_LASTBRANCHFROMIP:
1847         case MSR_IA32_LASTBRANCHTOIP:
1848         case MSR_IA32_LASTINTFROMIP:
1849         case MSR_IA32_LASTINTTOIP:
1850         case MSR_K8_SYSCFG:
1851         case MSR_K7_HWCR:
1852         case MSR_VM_HSAVE_PA:
1853         case MSR_P6_PERFCTR0:
1854         case MSR_P6_PERFCTR1:
1855         case MSR_P6_EVNTSEL0:
1856         case MSR_P6_EVNTSEL1:
1857         case MSR_K7_EVNTSEL0:
1858         case MSR_K7_PERFCTR0:
1859         case MSR_K8_INT_PENDING_MSG:
1860         case MSR_AMD64_NB_CFG:
1861         case MSR_FAM10H_MMIO_CONF_BASE:
1862                 data = 0;
1863                 break;
1864         case MSR_MTRRcap:
1865                 data = 0x500 | KVM_NR_VAR_MTRR;
1866                 break;
1867         case 0x200 ... 0x2ff:
1868                 return get_msr_mtrr(vcpu, msr, pdata);
1869         case 0xcd: /* fsb frequency */
1870                 data = 3;
1871                 break;
1872                 /*
1873                  * MSR_EBC_FREQUENCY_ID
1874                  * Conservative value valid for even the basic CPU models.
1875                  * Models 0,1: 000 in bits 23:21 indicating a bus speed of
1876                  * 100MHz, model 2 000 in bits 18:16 indicating 100MHz,
1877                  * and 266MHz for model 3, or 4. Set Core Clock
1878                  * Frequency to System Bus Frequency Ratio to 1 (bits
1879                  * 31:24) even though these are only valid for CPU
1880                  * models > 2, however guests may end up dividing or
1881                  * multiplying by zero otherwise.
1882                  */
1883         case MSR_EBC_FREQUENCY_ID:
1884                 data = 1 << 24;
1885                 break;
1886         case MSR_IA32_APICBASE:
1887                 data = kvm_get_apic_base(vcpu);
1888                 break;
1889         case APIC_BASE_MSR ... APIC_BASE_MSR + 0x3ff:
1890                 return kvm_x2apic_msr_read(vcpu, msr, pdata);
1891                 break;
1892         case MSR_IA32_MISC_ENABLE:
1893                 data = vcpu->arch.ia32_misc_enable_msr;
1894                 break;
1895         case MSR_IA32_PERF_STATUS:
1896                 /* TSC increment by tick */
1897                 data = 1000ULL;
1898                 /* CPU multiplier */
1899                 data |= (((uint64_t)4ULL) << 40);
1900                 break;
1901         case MSR_EFER:
1902                 data = vcpu->arch.efer;
1903                 break;
1904         case MSR_KVM_WALL_CLOCK:
1905         case MSR_KVM_WALL_CLOCK_NEW:
1906                 data = vcpu->kvm->arch.wall_clock;
1907                 break;
1908         case MSR_KVM_SYSTEM_TIME:
1909         case MSR_KVM_SYSTEM_TIME_NEW:
1910                 data = vcpu->arch.time;
1911                 break;
1912         case MSR_KVM_ASYNC_PF_EN:
1913                 data = vcpu->arch.apf.msr_val;
1914                 break;
1915         case MSR_KVM_STEAL_TIME:
1916                 data = vcpu->arch.st.msr_val;
1917                 break;
1918         case MSR_IA32_P5_MC_ADDR:
1919         case MSR_IA32_P5_MC_TYPE:
1920         case MSR_IA32_MCG_CAP:
1921         case MSR_IA32_MCG_CTL:
1922         case MSR_IA32_MCG_STATUS:
1923         case MSR_IA32_MC0_CTL ... MSR_IA32_MC0_CTL + 4 * KVM_MAX_MCE_BANKS - 1:
1924                 return get_msr_mce(vcpu, msr, pdata);
1925         case MSR_K7_CLK_CTL:
1926                 /*
1927                  * Provide expected ramp-up count for K7. All other
1928                  * are set to zero, indicating minimum divisors for
1929                  * every field.
1930                  *
1931                  * This prevents guest kernels on AMD host with CPU
1932                  * type 6, model 8 and higher from exploding due to
1933                  * the rdmsr failing.
1934                  */
1935                 data = 0x20000000;
1936                 break;
1937         case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15:
1938                 if (kvm_hv_msr_partition_wide(msr)) {
1939                         int r;
1940                         mutex_lock(&vcpu->kvm->lock);
1941                         r = get_msr_hyperv_pw(vcpu, msr, pdata);
1942                         mutex_unlock(&vcpu->kvm->lock);
1943                         return r;
1944                 } else
1945                         return get_msr_hyperv(vcpu, msr, pdata);
1946                 break;
1947         case MSR_IA32_BBL_CR_CTL3:
1948                 /* This legacy MSR exists but isn't fully documented in current
1949                  * silicon.  It is however accessed by winxp in very narrow
1950                  * scenarios where it sets bit #19, itself documented as
1951                  * a "reserved" bit.  Best effort attempt to source coherent
1952                  * read data here should the balance of the register be
1953                  * interpreted by the guest:
1954                  *
1955                  * L2 cache control register 3: 64GB range, 256KB size,
1956                  * enabled, latency 0x1, configured
1957                  */
1958                 data = 0xbe702111;
1959                 break;
1960         default:
1961                 if (!ignore_msrs) {
1962                         pr_unimpl(vcpu, "unhandled rdmsr: 0x%x\n", msr);
1963                         return 1;
1964                 } else {
1965                         pr_unimpl(vcpu, "ignored rdmsr: 0x%x\n", msr);
1966                         data = 0;
1967                 }
1968                 break;
1969         }
1970         *pdata = data;
1971         return 0;
1972 }
1973 EXPORT_SYMBOL_GPL(kvm_get_msr_common);
1974
1975 /*
1976  * Read or write a bunch of msrs. All parameters are kernel addresses.
1977  *
1978  * @return number of msrs set successfully.
1979  */
1980 static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs,
1981                     struct kvm_msr_entry *entries,
1982                     int (*do_msr)(struct kvm_vcpu *vcpu,
1983                                   unsigned index, u64 *data))
1984 {
1985         int i, idx;
1986
1987         idx = srcu_read_lock(&vcpu->kvm->srcu);
1988         for (i = 0; i < msrs->nmsrs; ++i)
1989                 if (do_msr(vcpu, entries[i].index, &entries[i].data))
1990                         break;
1991         srcu_read_unlock(&vcpu->kvm->srcu, idx);
1992
1993         return i;
1994 }
1995
1996 /*
1997  * Read or write a bunch of msrs. Parameters are user addresses.
1998  *
1999  * @return number of msrs set successfully.
2000  */
2001 static int msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs __user *user_msrs,
2002                   int (*do_msr)(struct kvm_vcpu *vcpu,
2003                                 unsigned index, u64 *data),
2004                   int writeback)
2005 {
2006         struct kvm_msrs msrs;
2007         struct kvm_msr_entry *entries;
2008         int r, n;
2009         unsigned size;
2010
2011         r = -EFAULT;
2012         if (copy_from_user(&msrs, user_msrs, sizeof msrs))
2013                 goto out;
2014
2015         r = -E2BIG;
2016         if (msrs.nmsrs >= MAX_IO_MSRS)
2017                 goto out;
2018
2019         r = -ENOMEM;
2020         size = sizeof(struct kvm_msr_entry) * msrs.nmsrs;
2021         entries = kmalloc(size, GFP_KERNEL);
2022         if (!entries)
2023                 goto out;
2024
2025         r = -EFAULT;
2026         if (copy_from_user(entries, user_msrs->entries, size))
2027                 goto out_free;
2028
2029         r = n = __msr_io(vcpu, &msrs, entries, do_msr);
2030         if (r < 0)
2031                 goto out_free;
2032
2033         r = -EFAULT;
2034         if (writeback && copy_to_user(user_msrs->entries, entries, size))
2035                 goto out_free;
2036
2037         r = n;
2038
2039 out_free:
2040         kfree(entries);
2041 out:
2042         return r;
2043 }
2044
2045 int kvm_dev_ioctl_check_extension(long ext)
2046 {
2047         int r;
2048
2049         switch (ext) {
2050         case KVM_CAP_IRQCHIP:
2051         case KVM_CAP_HLT:
2052         case KVM_CAP_MMU_SHADOW_CACHE_CONTROL:
2053         case KVM_CAP_SET_TSS_ADDR:
2054         case KVM_CAP_EXT_CPUID:
2055         case KVM_CAP_CLOCKSOURCE:
2056         case KVM_CAP_PIT:
2057         case KVM_CAP_NOP_IO_DELAY:
2058         case KVM_CAP_MP_STATE:
2059         case KVM_CAP_SYNC_MMU:
2060         case KVM_CAP_USER_NMI:
2061         case KVM_CAP_REINJECT_CONTROL:
2062         case KVM_CAP_IRQ_INJECT_STATUS:
2063         case KVM_CAP_ASSIGN_DEV_IRQ:
2064         case KVM_CAP_IRQFD:
2065         case KVM_CAP_IOEVENTFD:
2066         case KVM_CAP_PIT2:
2067         case KVM_CAP_PIT_STATE2:
2068         case KVM_CAP_SET_IDENTITY_MAP_ADDR:
2069         case KVM_CAP_XEN_HVM:
2070         case KVM_CAP_ADJUST_CLOCK:
2071         case KVM_CAP_VCPU_EVENTS:
2072         case KVM_CAP_HYPERV:
2073         case KVM_CAP_HYPERV_VAPIC:
2074         case KVM_CAP_HYPERV_SPIN:
2075         case KVM_CAP_PCI_SEGMENT:
2076         case KVM_CAP_DEBUGREGS:
2077         case KVM_CAP_X86_ROBUST_SINGLESTEP:
2078         case KVM_CAP_XSAVE:
2079         case KVM_CAP_ASYNC_PF:
2080         case KVM_CAP_GET_TSC_KHZ:
2081                 r = 1;
2082                 break;
2083         case KVM_CAP_COALESCED_MMIO:
2084                 r = KVM_COALESCED_MMIO_PAGE_OFFSET;
2085                 break;
2086         case KVM_CAP_VAPIC:
2087                 r = !kvm_x86_ops->cpu_has_accelerated_tpr();
2088                 break;
2089         case KVM_CAP_NR_VCPUS:
2090                 r = KVM_MAX_VCPUS;
2091                 break;
2092         case KVM_CAP_NR_MEMSLOTS:
2093                 r = KVM_MEMORY_SLOTS;
2094                 break;
2095         case KVM_CAP_PV_MMU:    /* obsolete */
2096                 r = 0;
2097                 break;
2098         case KVM_CAP_IOMMU:
2099                 r = iommu_present(&pci_bus_type);
2100                 break;
2101         case KVM_CAP_MCE:
2102                 r = KVM_MAX_MCE_BANKS;
2103                 break;
2104         case KVM_CAP_XCRS:
2105                 r = cpu_has_xsave;
2106                 break;
2107         case KVM_CAP_TSC_CONTROL:
2108                 r = kvm_has_tsc_control;
2109                 break;
2110         default:
2111                 r = 0;
2112                 break;
2113         }
2114         return r;
2115
2116 }
2117
2118 long kvm_arch_dev_ioctl(struct file *filp,
2119                         unsigned int ioctl, unsigned long arg)
2120 {
2121         void __user *argp = (void __user *)arg;
2122         long r;
2123
2124         switch (ioctl) {
2125         case KVM_GET_MSR_INDEX_LIST: {
2126                 struct kvm_msr_list __user *user_msr_list = argp;
2127                 struct kvm_msr_list msr_list;
2128                 unsigned n;
2129
2130                 r = -EFAULT;
2131                 if (copy_from_user(&msr_list, user_msr_list, sizeof msr_list))
2132                         goto out;
2133                 n = msr_list.nmsrs;
2134                 msr_list.nmsrs = num_msrs_to_save + ARRAY_SIZE(emulated_msrs);
2135                 if (copy_to_user(user_msr_list, &msr_list, sizeof msr_list))
2136                         goto out;
2137                 r = -E2BIG;
2138                 if (n < msr_list.nmsrs)
2139                         goto out;
2140                 r = -EFAULT;
2141                 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
2142                                  num_msrs_to_save * sizeof(u32)))
2143                         goto out;
2144                 if (copy_to_user(user_msr_list->indices + num_msrs_to_save,
2145                                  &emulated_msrs,
2146                                  ARRAY_SIZE(emulated_msrs) * sizeof(u32)))
2147                         goto out;
2148                 r = 0;
2149                 break;
2150         }
2151         case KVM_GET_SUPPORTED_CPUID: {
2152                 struct kvm_cpuid2 __user *cpuid_arg = argp;
2153                 struct kvm_cpuid2 cpuid;
2154
2155                 r = -EFAULT;
2156                 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
2157                         goto out;
2158                 r = kvm_dev_ioctl_get_supported_cpuid(&cpuid,
2159                                                       cpuid_arg->entries);
2160                 if (r)
2161                         goto out;
2162
2163                 r = -EFAULT;
2164                 if (copy_to_user(cpuid_arg, &cpuid, sizeof cpuid))
2165                         goto out;
2166                 r = 0;
2167                 break;
2168         }
2169         case KVM_X86_GET_MCE_CAP_SUPPORTED: {
2170                 u64 mce_cap;
2171
2172                 mce_cap = KVM_MCE_CAP_SUPPORTED;
2173                 r = -EFAULT;
2174                 if (copy_to_user(argp, &mce_cap, sizeof mce_cap))
2175                         goto out;
2176                 r = 0;
2177                 break;
2178         }
2179         default:
2180                 r = -EINVAL;
2181         }
2182 out:
2183         return r;
2184 }
2185
2186 static void wbinvd_ipi(void *garbage)
2187 {
2188         wbinvd();
2189 }
2190
2191 static bool need_emulate_wbinvd(struct kvm_vcpu *vcpu)
2192 {
2193         return vcpu->kvm->arch.iommu_domain &&
2194                 !(vcpu->kvm->arch.iommu_flags & KVM_IOMMU_CACHE_COHERENCY);
2195 }
2196
2197 void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
2198 {
2199         /* Address WBINVD may be executed by guest */
2200         if (need_emulate_wbinvd(vcpu)) {
2201                 if (kvm_x86_ops->has_wbinvd_exit())
2202                         cpumask_set_cpu(cpu, vcpu->arch.wbinvd_dirty_mask);
2203                 else if (vcpu->cpu != -1 && vcpu->cpu != cpu)
2204                         smp_call_function_single(vcpu->cpu,
2205                                         wbinvd_ipi, NULL, 1);
2206         }
2207
2208         kvm_x86_ops->vcpu_load(vcpu, cpu);
2209         if (unlikely(vcpu->cpu != cpu) || check_tsc_unstable()) {
2210                 /* Make sure TSC doesn't go backwards */
2211                 s64 tsc_delta;
2212                 u64 tsc;
2213
2214                 kvm_get_msr(vcpu, MSR_IA32_TSC, &tsc);
2215                 tsc_delta = !vcpu->arch.last_guest_tsc ? 0 :
2216                              tsc - vcpu->arch.last_guest_tsc;
2217
2218                 if (tsc_delta < 0)
2219                         mark_tsc_unstable("KVM discovered backwards TSC");
2220                 if (check_tsc_unstable()) {
2221                         kvm_x86_ops->adjust_tsc_offset(vcpu, -tsc_delta);
2222                         vcpu->arch.tsc_catchup = 1;
2223                 }
2224                 kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
2225                 if (vcpu->cpu != cpu)
2226                         kvm_migrate_timers(vcpu);
2227                 vcpu->cpu = cpu;
2228         }
2229
2230         accumulate_steal_time(vcpu);
2231         kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
2232 }
2233
2234 void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
2235 {
2236         kvm_x86_ops->vcpu_put(vcpu);
2237         kvm_put_guest_fpu(vcpu);
2238         kvm_get_msr(vcpu, MSR_IA32_TSC, &vcpu->arch.last_guest_tsc);
2239 }
2240
2241 static int is_efer_nx(void)
2242 {
2243         unsigned long long efer = 0;
2244
2245         rdmsrl_safe(MSR_EFER, &efer);
2246         return efer & EFER_NX;
2247 }
2248
2249 static void cpuid_fix_nx_cap(struct kvm_vcpu *vcpu)
2250 {
2251         int i;
2252         struct kvm_cpuid_entry2 *e, *entry;
2253
2254         entry = NULL;
2255         for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
2256                 e = &vcpu->arch.cpuid_entries[i];
2257                 if (e->function == 0x80000001) {
2258                         entry = e;
2259                         break;
2260                 }
2261         }
2262         if (entry && (entry->edx & (1 << 20)) && !is_efer_nx()) {
2263                 entry->edx &= ~(1 << 20);
2264                 printk(KERN_INFO "kvm: guest NX capability removed\n");
2265         }
2266 }
2267
2268 /* when an old userspace process fills a new kernel module */
2269 static int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
2270                                     struct kvm_cpuid *cpuid,
2271                                     struct kvm_cpuid_entry __user *entries)
2272 {
2273         int r, i;
2274         struct kvm_cpuid_entry *cpuid_entries;
2275
2276         r = -E2BIG;
2277         if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
2278                 goto out;
2279         r = -ENOMEM;
2280         cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry) * cpuid->nent);
2281         if (!cpuid_entries)
2282                 goto out;
2283         r = -EFAULT;
2284         if (copy_from_user(cpuid_entries, entries,
2285                            cpuid->nent * sizeof(struct kvm_cpuid_entry)))
2286                 goto out_free;
2287         for (i = 0; i < cpuid->nent; i++) {
2288                 vcpu->arch.cpuid_entries[i].function = cpuid_entries[i].function;
2289                 vcpu->arch.cpuid_entries[i].eax = cpuid_entries[i].eax;
2290                 vcpu->arch.cpuid_entries[i].ebx = cpuid_entries[i].ebx;
2291                 vcpu->arch.cpuid_entries[i].ecx = cpuid_entries[i].ecx;
2292                 vcpu->arch.cpuid_entries[i].edx = cpuid_entries[i].edx;
2293                 vcpu->arch.cpuid_entries[i].index = 0;
2294                 vcpu->arch.cpuid_entries[i].flags = 0;
2295                 vcpu->arch.cpuid_entries[i].padding[0] = 0;
2296                 vcpu->arch.cpuid_entries[i].padding[1] = 0;
2297                 vcpu->arch.cpuid_entries[i].padding[2] = 0;
2298         }
2299         vcpu->arch.cpuid_nent = cpuid->nent;
2300         cpuid_fix_nx_cap(vcpu);
2301         r = 0;
2302         kvm_apic_set_version(vcpu);
2303         kvm_x86_ops->cpuid_update(vcpu);
2304         update_cpuid(vcpu);
2305
2306 out_free:
2307         vfree(cpuid_entries);
2308 out:
2309         return r;
2310 }
2311
2312 static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
2313                                      struct kvm_cpuid2 *cpuid,
2314                                      struct kvm_cpuid_entry2 __user *entries)
2315 {
2316         int r;
2317
2318         r = -E2BIG;
2319         if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
2320                 goto out;
2321         r = -EFAULT;
2322         if (copy_from_user(&vcpu->arch.cpuid_entries, entries,
2323                            cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
2324                 goto out;
2325         vcpu->arch.cpuid_nent = cpuid->nent;
2326         kvm_apic_set_version(vcpu);
2327         kvm_x86_ops->cpuid_update(vcpu);
2328         update_cpuid(vcpu);
2329         return 0;
2330
2331 out:
2332         return r;
2333 }
2334
2335 static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
2336                                      struct kvm_cpuid2 *cpuid,
2337                                      struct kvm_cpuid_entry2 __user *entries)
2338 {
2339         int r;
2340
2341         r = -E2BIG;
2342         if (cpuid->nent < vcpu->arch.cpuid_nent)
2343                 goto out;
2344         r = -EFAULT;
2345         if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
2346                          vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
2347                 goto out;
2348         return 0;
2349
2350 out:
2351         cpuid->nent = vcpu->arch.cpuid_nent;
2352         return r;
2353 }
2354
2355 static void cpuid_mask(u32 *word, int wordnum)
2356 {
2357         *word &= boot_cpu_data.x86_capability[wordnum];
2358 }
2359
2360 static void do_cpuid_1_ent(struct kvm_cpuid_entry2 *entry, u32 function,
2361                            u32 index)
2362 {
2363         entry->function = function;
2364         entry->index = index;
2365         cpuid_count(entry->function, entry->index,
2366                     &entry->eax, &entry->ebx, &entry->ecx, &entry->edx);
2367         entry->flags = 0;
2368 }
2369
2370 static bool supported_xcr0_bit(unsigned bit)
2371 {
2372         u64 mask = ((u64)1 << bit);
2373
2374         return mask & (XSTATE_FP | XSTATE_SSE | XSTATE_YMM) & host_xcr0;
2375 }
2376
2377 #define F(x) bit(X86_FEATURE_##x)
2378
2379 static void do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
2380                          u32 index, int *nent, int maxnent)
2381 {
2382         unsigned f_nx = is_efer_nx() ? F(NX) : 0;
2383 #ifdef CONFIG_X86_64
2384         unsigned f_gbpages = (kvm_x86_ops->get_lpage_level() == PT_PDPE_LEVEL)
2385                                 ? F(GBPAGES) : 0;
2386         unsigned f_lm = F(LM);
2387 #else
2388         unsigned f_gbpages = 0;
2389         unsigned f_lm = 0;
2390 #endif
2391         unsigned f_rdtscp = kvm_x86_ops->rdtscp_supported() ? F(RDTSCP) : 0;
2392
2393         /* cpuid 1.edx */
2394         const u32 kvm_supported_word0_x86_features =
2395                 F(FPU) | F(VME) | F(DE) | F(PSE) |
2396                 F(TSC) | F(MSR) | F(PAE) | F(MCE) |
2397                 F(CX8) | F(APIC) | 0 /* Reserved */ | F(SEP) |
2398                 F(MTRR) | F(PGE) | F(MCA) | F(CMOV) |
2399                 F(PAT) | F(PSE36) | 0 /* PSN */ | F(CLFLSH) |
2400                 0 /* Reserved, DS, ACPI */ | F(MMX) |
2401                 F(FXSR) | F(XMM) | F(XMM2) | F(SELFSNOOP) |
2402                 0 /* HTT, TM, Reserved, PBE */;
2403         /* cpuid 0x80000001.edx */
2404         const u32 kvm_supported_word1_x86_features =
2405                 F(FPU) | F(VME) | F(DE) | F(PSE) |
2406                 F(TSC) | F(MSR) | F(PAE) | F(MCE) |
2407                 F(CX8) | F(APIC) | 0 /* Reserved */ | F(SYSCALL) |
2408                 F(MTRR) | F(PGE) | F(MCA) | F(CMOV) |
2409                 F(PAT) | F(PSE36) | 0 /* Reserved */ |
2410                 f_nx | 0 /* Reserved */ | F(MMXEXT) | F(MMX) |
2411                 F(FXSR) | F(FXSR_OPT) | f_gbpages | f_rdtscp |
2412                 0 /* Reserved */ | f_lm | F(3DNOWEXT) | F(3DNOW);
2413         /* cpuid 1.ecx */
2414         const u32 kvm_supported_word4_x86_features =
2415                 F(XMM3) | F(PCLMULQDQ) | 0 /* DTES64, MONITOR */ |
2416                 0 /* DS-CPL, VMX, SMX, EST */ |
2417                 0 /* TM2 */ | F(SSSE3) | 0 /* CNXT-ID */ | 0 /* Reserved */ |
2418                 0 /* Reserved */ | F(CX16) | 0 /* xTPR Update, PDCM */ |
2419                 0 /* Reserved, DCA */ | F(XMM4_1) |
2420                 F(XMM4_2) | F(X2APIC) | F(MOVBE) | F(POPCNT) |
2421                 0 /* Reserved*/ | F(AES) | F(XSAVE) | 0 /* OSXSAVE */ | F(AVX) |
2422                 F(F16C) | F(RDRAND);
2423         /* cpuid 0x80000001.ecx */
2424         const u32 kvm_supported_word6_x86_features =
2425                 F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | 0 /* ExtApicSpace */ |
2426                 F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) |
2427                 F(3DNOWPREFETCH) | 0 /* OSVW */ | 0 /* IBS */ | F(XOP) |
2428                 0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM);
2429
2430         /* cpuid 0xC0000001.edx */
2431         const u32 kvm_supported_word5_x86_features =
2432                 F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
2433                 F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) |
2434                 F(PMM) | F(PMM_EN);
2435
2436         /* cpuid 7.0.ebx */
2437         const u32 kvm_supported_word9_x86_features =
2438                 F(SMEP) | F(FSGSBASE) | F(ERMS);
2439
2440         /* all calls to cpuid_count() should be made on the same cpu */
2441         get_cpu();
2442         do_cpuid_1_ent(entry, function, index);
2443         ++*nent;
2444
2445         switch (function) {
2446         case 0:
2447                 entry->eax = min(entry->eax, (u32)0xd);
2448                 break;
2449         case 1:
2450                 entry->edx &= kvm_supported_word0_x86_features;
2451                 cpuid_mask(&entry->edx, 0);
2452                 entry->ecx &= kvm_supported_word4_x86_features;
2453                 cpuid_mask(&entry->ecx, 4);
2454                 /* we support x2apic emulation even if host does not support
2455                  * it since we emulate x2apic in software */
2456                 entry->ecx |= F(X2APIC);
2457                 break;
2458         /* function 2 entries are STATEFUL. That is, repeated cpuid commands
2459          * may return different values. This forces us to get_cpu() before
2460          * issuing the first command, and also to emulate this annoying behavior
2461          * in kvm_emulate_cpuid() using KVM_CPUID_FLAG_STATE_READ_NEXT */
2462         case 2: {
2463                 int t, times = entry->eax & 0xff;
2464
2465                 entry->flags |= KVM_CPUID_FLAG_STATEFUL_FUNC;
2466                 entry->flags |= KVM_CPUID_FLAG_STATE_READ_NEXT;
2467                 for (t = 1; t < times && *nent < maxnent; ++t) {
2468                         do_cpuid_1_ent(&entry[t], function, 0);
2469                         entry[t].flags |= KVM_CPUID_FLAG_STATEFUL_FUNC;
2470                         ++*nent;
2471                 }
2472                 break;
2473         }
2474         /* function 4 has additional index. */
2475         case 4: {
2476                 int i, cache_type;
2477
2478                 entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2479                 /* read more entries until cache_type is zero */
2480                 for (i = 1; *nent < maxnent; ++i) {
2481                         cache_type = entry[i - 1].eax & 0x1f;
2482                         if (!cache_type)
2483                                 break;
2484                         do_cpuid_1_ent(&entry[i], function, i);
2485                         entry[i].flags |=
2486                                KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2487                         ++*nent;
2488                 }
2489                 break;
2490         }
2491         case 7: {
2492                 entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2493                 /* Mask ebx against host capbability word 9 */
2494                 if (index == 0) {
2495                         entry->ebx &= kvm_supported_word9_x86_features;
2496                         cpuid_mask(&entry->ebx, 9);
2497                 } else
2498                         entry->ebx = 0;
2499                 entry->eax = 0;
2500                 entry->ecx = 0;
2501                 entry->edx = 0;
2502                 break;
2503         }
2504         case 9:
2505                 break;
2506         /* function 0xb has additional index. */
2507         case 0xb: {
2508                 int i, level_type;
2509
2510                 entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2511                 /* read more entries until level_type is zero */
2512                 for (i = 1; *nent < maxnent; ++i) {
2513                         level_type = entry[i - 1].ecx & 0xff00;
2514                         if (!level_type)
2515                                 break;
2516                         do_cpuid_1_ent(&entry[i], function, i);
2517                         entry[i].flags |=
2518                                KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2519                         ++*nent;
2520                 }
2521                 break;
2522         }
2523         case 0xd: {
2524                 int idx, i;
2525
2526                 entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2527                 for (idx = 1, i = 1; *nent < maxnent && idx < 64; ++idx) {
2528                         do_cpuid_1_ent(&entry[i], function, idx);
2529                         if (entry[i].eax == 0 || !supported_xcr0_bit(idx))
2530                                 continue;
2531                         entry[i].flags |=
2532                                KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
2533                         ++*nent;
2534                         ++i;
2535                 }
2536                 break;
2537         }
2538         case KVM_CPUID_SIGNATURE: {
2539                 char signature[12] = "KVMKVMKVM\0\0";
2540                 u32 *sigptr = (u32 *)signature;
2541                 entry->eax = 0;
2542                 entry->ebx = sigptr[0];
2543                 entry->ecx = sigptr[1];
2544                 entry->edx = sigptr[2];
2545                 break;
2546         }
2547         case KVM_CPUID_FEATURES:
2548                 entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
2549                              (1 << KVM_FEATURE_NOP_IO_DELAY) |
2550                              (1 << KVM_FEATURE_CLOCKSOURCE2) |
2551                              (1 << KVM_FEATURE_ASYNC_PF) |
2552                              (1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT);
2553
2554                 if (sched_info_on())
2555                         entry->eax |= (1 << KVM_FEATURE_STEAL_TIME);
2556
2557                 entry->ebx = 0;
2558                 entry->ecx = 0;
2559                 entry->edx = 0;
2560                 break;
2561         case 0x80000000:
2562                 entry->eax = min(entry->eax, 0x8000001a);
2563                 break;
2564         case 0x80000001:
2565                 entry->edx &= kvm_supported_word1_x86_features;
2566                 cpuid_mask(&entry->edx, 1);
2567                 entry->ecx &= kvm_supported_word6_x86_features;
2568                 cpuid_mask(&entry->ecx, 6);
2569                 break;
2570         case 0x80000008: {
2571                 unsigned g_phys_as = (entry->eax >> 16) & 0xff;
2572                 unsigned virt_as = max((entry->eax >> 8) & 0xff, 48U);
2573                 unsigned phys_as = entry->eax & 0xff;
2574
2575                 if (!g_phys_as)
2576                         g_phys_as = phys_as;
2577                 entry->eax = g_phys_as | (virt_as << 8);
2578                 entry->ebx = entry->edx = 0;
2579                 break;
2580         }
2581         case 0x80000019:
2582                 entry->ecx = entry->edx = 0;
2583                 break;
2584         case 0x8000001a:
2585                 break;
2586         case 0x8000001d:
2587                 break;
2588         /*Add support for Centaur's CPUID instruction*/
2589         case 0xC0000000:
2590                 /*Just support up to 0xC0000004 now*/
2591                 entry->eax = min(entry->eax, 0xC0000004);
2592                 break;
2593         case 0xC0000001:
2594                 entry->edx &= kvm_supported_word5_x86_features;
2595                 cpuid_mask(&entry->edx, 5);
2596                 break;
2597         case 3: /* Processor serial number */
2598         case 5: /* MONITOR/MWAIT */
2599         case 6: /* Thermal management */
2600         case 0xA: /* Architectural Performance Monitoring */
2601         case 0x80000007: /* Advanced power management */
2602         case 0xC0000002:
2603         case 0xC0000003:
2604         case 0xC0000004:
2605         default:
2606                 entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
2607                 break;
2608         }
2609
2610         kvm_x86_ops->set_supported_cpuid(function, entry);
2611
2612         put_cpu();
2613 }
2614
2615 #undef F
2616
2617 static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
2618                                      struct kvm_cpuid_entry2 __user *entries)
2619 {
2620         struct kvm_cpuid_entry2 *cpuid_entries;
2621         int limit, nent = 0, r = -E2BIG;
2622         u32 func;
2623
2624         if (cpuid->nent < 1)
2625                 goto out;
2626         if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
2627                 cpuid->nent = KVM_MAX_CPUID_ENTRIES;
2628         r = -ENOMEM;
2629         cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry2) * cpuid->nent);
2630         if (!cpuid_entries)
2631                 goto out;
2632
2633         do_cpuid_ent(&cpuid_entries[0], 0, 0, &nent, cpuid->nent);
2634         limit = cpuid_entries[0].eax;
2635         for (func = 1; func <= limit && nent < cpuid->nent; ++func)
2636                 do_cpuid_ent(&cpuid_entries[nent], func, 0,
2637                              &nent, cpuid->nent);
2638         r = -E2BIG;
2639         if (nent >= cpuid->nent)
2640                 goto out_free;
2641
2642         do_cpuid_ent(&cpuid_entries[nent], 0x80000000, 0, &nent, cpuid->nent);
2643         limit = cpuid_entries[nent - 1].eax;
2644         for (func = 0x80000001; func <= limit && nent < cpuid->nent; ++func)
2645                 do_cpuid_ent(&cpuid_entries[nent], func, 0,
2646                              &nent, cpuid->nent);
2647
2648
2649
2650         r = -E2BIG;
2651         if (nent >= cpuid->nent)
2652                 goto out_free;
2653
2654         /* Add support for Centaur's CPUID instruction. */
2655         if (boot_cpu_data.x86_vendor == X86_VENDOR_CENTAUR) {
2656                 do_cpuid_ent(&cpuid_entries[nent], 0xC0000000, 0,
2657                                 &nent, cpuid->nent);
2658
2659                 r = -E2BIG;
2660                 if (nent >= cpuid->nent)
2661                         goto out_free;
2662
2663                 limit = cpuid_entries[nent - 1].eax;
2664                 for (func = 0xC0000001;
2665                         func <= limit && nent < cpuid->nent; ++func)
2666                         do_cpuid_ent(&cpuid_entries[nent], func, 0,
2667                                         &nent, cpuid->nent);
2668
2669                 r = -E2BIG;
2670                 if (nent >= cpuid->nent)
2671                         goto out_free;
2672         }
2673
2674         do_cpuid_ent(&cpuid_entries[nent], KVM_CPUID_SIGNATURE, 0, &nent,
2675                      cpuid->nent);
2676
2677         r = -E2BIG;
2678         if (nent >= cpuid->nent)
2679                 goto out_free;
2680
2681         do_cpuid_ent(&cpuid_entries[nent], KVM_CPUID_FEATURES, 0, &nent,
2682                      cpuid->nent);
2683
2684         r = -E2BIG;
2685         if (nent >= cpuid->nent)
2686                 goto out_free;
2687
2688         r = -EFAULT;
2689         if (copy_to_user(entries, cpuid_entries,
2690                          nent * sizeof(struct kvm_cpuid_entry2)))
2691                 goto out_free;
2692         cpuid->nent = nent;
2693         r = 0;
2694
2695 out_free:
2696         vfree(cpuid_entries);
2697 out:
2698         return r;
2699 }
2700
2701 static int kvm_vcpu_ioctl_get_lapic(struct kvm_vcpu *vcpu,
2702                                     struct kvm_lapic_state *s)
2703 {
2704         memcpy(s->regs, vcpu->arch.apic->regs, sizeof *s);
2705
2706         return 0;
2707 }
2708
2709 static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
2710                                     struct kvm_lapic_state *s)
2711 {
2712         memcpy(vcpu->arch.apic->regs, s->regs, sizeof *s);
2713         kvm_apic_post_state_restore(vcpu);
2714         update_cr8_intercept(vcpu);
2715
2716         return 0;
2717 }
2718
2719 static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
2720                                     struct kvm_interrupt *irq)
2721 {
2722         if (irq->irq < 0 || irq->irq >= 256)
2723                 return -EINVAL;
2724         if (irqchip_in_kernel(vcpu->kvm))
2725                 return -ENXIO;
2726
2727         kvm_queue_interrupt(vcpu, irq->irq, false);
2728         kvm_make_request(KVM_REQ_EVENT, vcpu);
2729
2730         return 0;
2731 }
2732
2733 static int kvm_vcpu_ioctl_nmi(struct kvm_vcpu *vcpu)
2734 {
2735         kvm_inject_nmi(vcpu);
2736
2737         return 0;
2738 }
2739
2740 static int vcpu_ioctl_tpr_access_reporting(struct kvm_vcpu *vcpu,
2741                                            struct kvm_tpr_access_ctl *tac)
2742 {
2743         if (tac->flags)
2744                 return -EINVAL;
2745         vcpu->arch.tpr_access_reporting = !!tac->enabled;
2746         return 0;
2747 }
2748
2749 static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu,
2750                                         u64 mcg_cap)
2751 {
2752         int r;
2753         unsigned bank_num = mcg_cap & 0xff, bank;
2754
2755         r = -EINVAL;
2756         if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS)
2757                 goto out;
2758         if (mcg_cap & ~(KVM_MCE_CAP_SUPPORTED | 0xff | 0xff0000))
2759                 goto out;
2760         r = 0;
2761         vcpu->arch.mcg_cap = mcg_cap;
2762         /* Init IA32_MCG_CTL to all 1s */
2763         if (mcg_cap & MCG_CTL_P)
2764                 vcpu->arch.mcg_ctl = ~(u64)0;
2765         /* Init IA32_MCi_CTL to all 1s */
2766         for (bank = 0; bank < bank_num; bank++)
2767                 vcpu->arch.mce_banks[bank*4] = ~(u64)0;
2768 out:
2769         return r;
2770 }
2771
2772 static int kvm_vcpu_ioctl_x86_set_mce(struct kvm_vcpu *vcpu,
2773                                       struct kvm_x86_mce *mce)
2774 {
2775         u64 mcg_cap = vcpu->arch.mcg_cap;
2776         unsigned bank_num = mcg_cap & 0xff;
2777         u64 *banks = vcpu->arch.mce_banks;
2778
2779         if (mce->bank >= bank_num || !(mce->status & MCI_STATUS_VAL))
2780                 return -EINVAL;
2781         /*
2782          * if IA32_MCG_CTL is not all 1s, the uncorrected error
2783          * reporting is disabled
2784          */
2785         if ((mce->status & MCI_STATUS_UC) && (mcg_cap & MCG_CTL_P) &&
2786             vcpu->arch.mcg_ctl != ~(u64)0)
2787                 return 0;
2788         banks += 4 * mce->bank;
2789         /*
2790          * if IA32_MCi_CTL is not all 1s, the uncorrected error
2791          * reporting is disabled for the bank
2792          */
2793         if ((mce->status & MCI_STATUS_UC) && banks[0] != ~(u64)0)
2794                 return 0;
2795         if (mce->status & MCI_STATUS_UC) {
2796                 if ((vcpu->arch.mcg_status & MCG_STATUS_MCIP) ||
2797                     !kvm_read_cr4_bits(vcpu, X86_CR4_MCE)) {
2798                         kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
2799                         return 0;
2800                 }
2801                 if (banks[1] & MCI_STATUS_VAL)
2802                         mce->status |= MCI_STATUS_OVER;
2803                 banks[2] = mce->addr;
2804                 banks[3] = mce->misc;
2805                 vcpu->arch.mcg_status = mce->mcg_status;
2806                 banks[1] = mce->status;
2807                 kvm_queue_exception(vcpu, MC_VECTOR);
2808         } else if (!(banks[1] & MCI_STATUS_VAL)
2809                    || !(banks[1] & MCI_STATUS_UC)) {
2810                 if (banks[1] & MCI_STATUS_VAL)
2811                         mce->status |= MCI_STATUS_OVER;
2812                 banks[2] = mce->addr;
2813                 banks[3] = mce->misc;
2814                 banks[1] = mce->status;
2815         } else
2816                 banks[1] |= MCI_STATUS_OVER;
2817         return 0;
2818 }
2819
2820 static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
2821                                                struct kvm_vcpu_events *events)
2822 {
2823         events->exception.injected =
2824                 vcpu->arch.exception.pending &&
2825                 !kvm_exception_is_soft(vcpu->arch.exception.nr);
2826         events->exception.nr = vcpu->arch.exception.nr;
2827         events->exception.has_error_code = vcpu->arch.exception.has_error_code;
2828         events->exception.pad = 0;
2829         events->exception.error_code = vcpu->arch.exception.error_code;
2830
2831         events->interrupt.injected =
2832                 vcpu->arch.interrupt.pending && !vcpu->arch.interrupt.soft;
2833         events->interrupt.nr = vcpu->arch.interrupt.nr;
2834         events->interrupt.soft = 0;
2835         events->interrupt.shadow =
2836                 kvm_x86_ops->get_interrupt_shadow(vcpu,
2837                         KVM_X86_SHADOW_INT_MOV_SS | KVM_X86_SHADOW_INT_STI);
2838
2839         events->nmi.injected = vcpu->arch.nmi_injected;
2840         events->nmi.pending = vcpu->arch.nmi_pending;
2841         events->nmi.masked = kvm_x86_ops->get_nmi_mask(vcpu);
2842         events->nmi.pad = 0;
2843
2844         events->sipi_vector = vcpu->arch.sipi_vector;
2845
2846         events->flags = (KVM_VCPUEVENT_VALID_NMI_PENDING
2847                          | KVM_VCPUEVENT_VALID_SIPI_VECTOR
2848                          | KVM_VCPUEVENT_VALID_SHADOW);
2849         memset(&events->reserved, 0, sizeof(events->reserved));
2850 }
2851
2852 static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
2853                                               struct kvm_vcpu_events *events)
2854 {
2855         if (events->flags & ~(KVM_VCPUEVENT_VALID_NMI_PENDING
2856                               | KVM_VCPUEVENT_VALID_SIPI_VECTOR
2857                               | KVM_VCPUEVENT_VALID_SHADOW))
2858                 return -EINVAL;
2859
2860         vcpu->arch.exception.pending = events->exception.injected;
2861         vcpu->arch.exception.nr = events->exception.nr;
2862         vcpu->arch.exception.has_error_code = events->exception.has_error_code;
2863         vcpu->arch.exception.error_code = events->exception.error_code;
2864
2865         vcpu->arch.interrupt.pending = events->interrupt.injected;
2866         vcpu->arch.interrupt.nr = events->interrupt.nr;
2867         vcpu->arch.interrupt.soft = events->interrupt.soft;
2868         if (events->flags & KVM_VCPUEVENT_VALID_SHADOW)
2869                 kvm_x86_ops->set_interrupt_shadow(vcpu,
2870                                                   events->interrupt.shadow);
2871
2872         vcpu->arch.nmi_injected = events->nmi.injected;
2873         if (events->flags & KVM_VCPUEVENT_VALID_NMI_PENDING)
2874                 vcpu->arch.nmi_pending = events->nmi.pending;
2875         kvm_x86_ops->set_nmi_mask(vcpu, events->nmi.masked);
2876
2877         if (events->flags & KVM_VCPUEVENT_VALID_SIPI_VECTOR)
2878                 vcpu->arch.sipi_vector = events->sipi_vector;
2879
2880         kvm_make_request(KVM_REQ_EVENT, vcpu);
2881
2882         return 0;
2883 }
2884
2885 static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
2886                                              struct kvm_debugregs *dbgregs)
2887 {
2888         memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
2889         dbgregs->dr6 = vcpu->arch.dr6;
2890         dbgregs->dr7 = vcpu->arch.dr7;
2891         dbgregs->flags = 0;
2892         memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
2893 }
2894
2895 static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
2896                                             struct kvm_debugregs *dbgregs)
2897 {
2898         if (dbgregs->flags)
2899                 return -EINVAL;
2900
2901         memcpy(vcpu->arch.db, dbgregs->db, sizeof(vcpu->arch.db));
2902         vcpu->arch.dr6 = dbgregs->dr6;
2903         vcpu->arch.dr7 = dbgregs->dr7;
2904
2905         return 0;
2906 }
2907
2908 static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
2909                                          struct kvm_xsave *guest_xsave)
2910 {
2911         if (cpu_has_xsave)
2912                 memcpy(guest_xsave->region,
2913                         &vcpu->arch.guest_fpu.state->xsave,
2914                         xstate_size);
2915         else {
2916                 memcpy(guest_xsave->region,
2917                         &vcpu->arch.guest_fpu.state->fxsave,
2918                         sizeof(struct i387_fxsave_struct));
2919                 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
2920                         XSTATE_FPSSE;
2921         }
2922 }
2923
2924 static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
2925                                         struct kvm_xsave *guest_xsave)
2926 {
2927         u64 xstate_bv =
2928                 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)];
2929
2930         if (cpu_has_xsave)
2931                 memcpy(&vcpu->arch.guest_fpu.state->xsave,
2932                         guest_xsave->region, xstate_size);
2933         else {
2934                 if (xstate_bv & ~XSTATE_FPSSE)
2935                         return -EINVAL;
2936                 memcpy(&vcpu->arch.guest_fpu.state->fxsave,
2937                         guest_xsave->region, sizeof(struct i387_fxsave_struct));
2938         }
2939         return 0;
2940 }
2941
2942 static void kvm_vcpu_ioctl_x86_get_xcrs(struct kvm_vcpu *vcpu,
2943                                         struct kvm_xcrs *guest_xcrs)
2944 {
2945         if (!cpu_has_xsave) {
2946                 guest_xcrs->nr_xcrs = 0;
2947                 return;
2948         }
2949
2950         guest_xcrs->nr_xcrs = 1;
2951         guest_xcrs->flags = 0;
2952         guest_xcrs->xcrs[0].xcr = XCR_XFEATURE_ENABLED_MASK;
2953         guest_xcrs->xcrs[0].value = vcpu->arch.xcr0;
2954 }
2955
2956 static int kvm_vcpu_ioctl_x86_set_xcrs(struct kvm_vcpu *vcpu,
2957                                        struct kvm_xcrs *guest_xcrs)
2958 {
2959         int i, r = 0;
2960
2961         if (!cpu_has_xsave)
2962                 return -EINVAL;
2963
2964         if (guest_xcrs->nr_xcrs > KVM_MAX_XCRS || guest_xcrs->flags)
2965                 return -EINVAL;
2966
2967         for (i = 0; i < guest_xcrs->nr_xcrs; i++)
2968                 /* Only support XCR0 currently */
2969                 if (guest_xcrs->xcrs[0].xcr == XCR_XFEATURE_ENABLED_MASK) {
2970                         r = __kvm_set_xcr(vcpu, XCR_XFEATURE_ENABLED_MASK,
2971                                 guest_xcrs->xcrs[0].value);
2972                         break;
2973                 }
2974         if (r)
2975                 r = -EINVAL;
2976         return r;
2977 }
2978
2979 long kvm_arch_vcpu_ioctl(struct file *filp,
2980                          unsigned int ioctl, unsigned long arg)
2981 {
2982         struct kvm_vcpu *vcpu = filp->private_data;
2983         void __user *argp = (void __user *)arg;
2984         int r;
2985         union {
2986                 struct kvm_lapic_state *lapic;
2987                 struct kvm_xsave *xsave;
2988                 struct kvm_xcrs *xcrs;
2989                 void *buffer;
2990         } u;
2991
2992         u.buffer = NULL;
2993         switch (ioctl) {
2994         case KVM_GET_LAPIC: {
2995                 r = -EINVAL;
2996                 if (!vcpu->arch.apic)
2997                         goto out;
2998                 u.lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
2999
3000                 r = -ENOMEM;
3001                 if (!u.lapic)
3002                         goto out;
3003                 r = kvm_vcpu_ioctl_get_lapic(vcpu, u.lapic);
3004                 if (r)
3005                         goto out;
3006                 r = -EFAULT;
3007                 if (copy_to_user(argp, u.lapic, sizeof(struct kvm_lapic_state)))
3008                         goto out;
3009                 r = 0;
3010                 break;
3011         }
3012         case KVM_SET_LAPIC: {
3013                 r = -EINVAL;
3014                 if (!vcpu->arch.apic)
3015                         goto out;
3016                 u.lapic = kmalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
3017                 r = -ENOMEM;
3018                 if (!u.lapic)
3019                         goto out;
3020                 r = -EFAULT;
3021                 if (copy_from_user(u.lapic, argp, sizeof(struct kvm_lapic_state)))
3022                         goto out;
3023                 r = kvm_vcpu_ioctl_set_lapic(vcpu, u.lapic);
3024                 if (r)
3025                         goto out;
3026                 r = 0;
3027                 break;
3028         }
3029         case KVM_INTERRUPT: {
3030                 struct kvm_interrupt irq;
3031
3032                 r = -EFAULT;
3033                 if (copy_from_user(&irq, argp, sizeof irq))
3034                         goto out;
3035                 r = kvm_vcpu_ioctl_interrupt(vcpu, &irq);
3036                 if (r)
3037                         goto out;
3038                 r = 0;
3039                 break;
3040         }
3041         case KVM_NMI: {
3042                 r = kvm_vcpu_ioctl_nmi(vcpu);
3043                 if (r)
3044                         goto out;
3045                 r = 0;
3046                 break;
3047         }
3048         case KVM_SET_CPUID: {
3049                 struct kvm_cpuid __user *cpuid_arg = argp;
3050                 struct kvm_cpuid cpuid;
3051
3052                 r = -EFAULT;
3053                 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
3054                         goto out;
3055                 r = kvm_vcpu_ioctl_set_cpuid(vcpu, &cpuid, cpuid_arg->entries);
3056                 if (r)
3057                         goto out;
3058                 break;
3059         }
3060         case KVM_SET_CPUID2: {
3061                 struct kvm_cpuid2 __user *cpuid_arg = argp;
3062                 struct kvm_cpuid2 cpuid;
3063
3064                 r = -EFAULT;
3065                 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
3066                         goto out;
3067                 r = kvm_vcpu_ioctl_set_cpuid2(vcpu, &cpuid,
3068                                               cpuid_arg->entries);
3069                 if (r)
3070                         goto out;
3071                 break;
3072         }
3073         case KVM_GET_CPUID2: {
3074                 struct kvm_cpuid2 __user *cpuid_arg = argp;
3075                 struct kvm_cpuid2 cpuid;
3076
3077                 r = -EFAULT;
3078                 if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid))
3079                         goto out;
3080                 r = kvm_vcpu_ioctl_get_cpuid2(vcpu, &cpuid,
3081                                               cpuid_arg->entries);
3082                 if (r)
3083                         goto out;
3084                 r = -EFAULT;
3085                 if (copy_to_user(cpuid_arg, &cpuid, sizeof cpuid))
3086                         goto out;
3087                 r = 0;
3088                 break;
3089         }
3090         case KVM_GET_MSRS:
3091                 r = msr_io(vcpu, argp, kvm_get_msr, 1);
3092                 break;
3093         case KVM_SET_MSRS:
3094                 r = msr_io(vcpu, argp, do_set_msr, 0);
3095                 break;
3096         case KVM_TPR_ACCESS_REPORTING: {
3097                 struct kvm_tpr_access_ctl tac;
3098
3099                 r = -EFAULT;
3100                 if (copy_from_user(&tac, argp, sizeof tac))
3101                         goto out;
3102                 r = vcpu_ioctl_tpr_access_reporting(vcpu, &tac);
3103                 if (r)
3104                         goto out;
3105                 r = -EFAULT;
3106                 if (copy_to_user(argp, &tac, sizeof tac))
3107                         goto out;
3108                 r = 0;
3109                 break;
3110         };
3111         case KVM_SET_VAPIC_ADDR: {
3112                 struct kvm_vapic_addr va;
3113
3114                 r = -EINVAL;
3115                 if (!irqchip_in_kernel(vcpu->kvm))
3116                         goto out;
3117                 r = -EFAULT;
3118                 if (copy_from_user(&va, argp, sizeof va))
3119                         goto out;
3120                 r = 0;
3121                 kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr);
3122                 break;
3123         }
3124         case KVM_X86_SETUP_MCE: {
3125                 u64 mcg_cap;
3126
3127                 r = -EFAULT;
3128                 if (copy_from_user(&mcg_cap, argp, sizeof mcg_cap))
3129                         goto out;
3130                 r = kvm_vcpu_ioctl_x86_setup_mce(vcpu, mcg_cap);
3131                 break;
3132         }
3133         case KVM_X86_SET_MCE: {
3134                 struct kvm_x86_mce mce;
3135
3136                 r = -EFAULT;
3137                 if (copy_from_user(&mce, argp, sizeof mce))
3138                         goto out;
3139                 r = kvm_vcpu_ioctl_x86_set_mce(vcpu, &mce);
3140                 break;
3141         }
3142         case KVM_GET_VCPU_EVENTS: {
3143                 struct kvm_vcpu_events events;
3144
3145                 kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
3146
3147                 r = -EFAULT;
3148                 if (copy_to_user(argp, &events, sizeof(struct kvm_vcpu_events)))
3149                         break;
3150                 r = 0;
3151                 break;
3152         }
3153         case KVM_SET_VCPU_EVENTS: {
3154                 struct kvm_vcpu_events events;
3155
3156                 r = -EFAULT;
3157                 if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events)))
3158                         break;
3159
3160                 r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events);
3161                 break;
3162         }
3163         case KVM_GET_DEBUGREGS: {
3164                 struct kvm_debugregs dbgregs;
3165
3166                 kvm_vcpu_ioctl_x86_get_debugregs(vcpu, &dbgregs);
3167
3168                 r = -EFAULT;
3169                 if (copy_to_user(argp, &dbgregs,
3170                                  sizeof(struct kvm_debugregs)))
3171                         break;
3172                 r = 0;
3173                 break;
3174         }
3175         case KVM_SET_DEBUGREGS: {
3176                 struct kvm_debugregs dbgregs;
3177
3178                 r = -EFAULT;
3179                 if (copy_from_user(&dbgregs, argp,
3180                                    sizeof(struct kvm_debugregs)))
3181                         break;
3182
3183                 r = kvm_vcpu_ioctl_x86_set_debugregs(vcpu, &dbgregs);
3184                 break;
3185         }
3186         case KVM_GET_XSAVE: {
3187                 u.xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL);
3188                 r = -ENOMEM;
3189                 if (!u.xsave)
3190                         break;
3191
3192                 kvm_vcpu_ioctl_x86_get_xsave(vcpu, u.xsave);
3193
3194                 r = -EFAULT;
3195                 if (copy_to_user(argp, u.xsave, sizeof(struct kvm_xsave)))
3196                         break;
3197                 r = 0;
3198                 break;
3199         }
3200         case KVM_SET_XSAVE: {
3201                 u.xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL);
3202                 r = -ENOMEM;
3203                 if (!u.xsave)
3204                         break;
3205
3206                 r = -EFAULT;
3207                 if (copy_from_user(u.xsave, argp, sizeof(struct kvm_xsave)))
3208                         break;
3209
3210                 r = kvm_vcpu_ioctl_x86_set_xsave(vcpu, u.xsave);
3211                 break;
3212         }
3213         case KVM_GET_XCRS: {
3214                 u.xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL);
3215                 r = -ENOMEM;
3216                 if (!u.xcrs)
3217                         break;
3218
3219                 kvm_vcpu_ioctl_x86_get_xcrs(vcpu, u.xcrs);
3220
3221                 r = -EFAULT;
3222                 if (copy_to_user(argp, u.xcrs,
3223                                  sizeof(struct kvm_xcrs)))
3224                         break;
3225                 r = 0;
3226                 break;
3227         }
3228         case KVM_SET_XCRS: {
3229                 u.xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL);
3230                 r = -ENOMEM;
3231                 if (!u.xcrs)
3232                         break;
3233
3234                 r = -EFAULT;
3235                 if (copy_from_user(u.xcrs, argp,
3236                                    sizeof(struct kvm_xcrs)))
3237                         break;
3238
3239                 r = kvm_vcpu_ioctl_x86_set_xcrs(vcpu, u.xcrs);
3240                 break;
3241         }
3242         case KVM_SET_TSC_KHZ: {
3243                 u32 user_tsc_khz;
3244
3245                 r = -EINVAL;
3246                 if (!kvm_has_tsc_control)
3247                         break;
3248
3249                 user_tsc_khz = (u32)arg;
3250
3251                 if (user_tsc_khz >= kvm_max_guest_tsc_khz)
3252                         goto out;
3253
3254                 kvm_x86_ops->set_tsc_khz(vcpu, user_tsc_khz);
3255
3256                 r = 0;
3257                 goto out;
3258         }
3259         case KVM_GET_TSC_KHZ: {
3260                 r = -EIO;
3261                 if (check_tsc_unstable())
3262                         goto out;
3263
3264                 r = vcpu_tsc_khz(vcpu);
3265
3266                 goto out;
3267         }
3268         default:
3269                 r = -EINVAL;
3270         }
3271 out:
3272         kfree(u.buffer);
3273         return r;
3274 }
3275
3276 static int kvm_vm_ioctl_set_tss_addr(struct kvm *kvm, unsigned long addr)
3277 {
3278         int ret;
3279
3280         if (addr > (unsigned int)(-3 * PAGE_SIZE))
3281                 return -1;
3282         ret = kvm_x86_ops->set_tss_addr(kvm, addr);
3283         return ret;
3284 }
3285
3286 static int kvm_vm_ioctl_set_identity_map_addr(struct kvm *kvm,
3287                                               u64 ident_addr)
3288 {
3289         kvm->arch.ept_identity_map_addr = ident_addr;
3290         return 0;
3291 }
3292
3293 static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm,
3294                                           u32 kvm_nr_mmu_pages)
3295 {
3296         if (kvm_nr_mmu_pages < KVM_MIN_ALLOC_MMU_PAGES)
3297                 return -EINVAL;
3298
3299         mutex_lock(&kvm->slots_lock);
3300         spin_lock(&kvm->mmu_lock);
3301
3302         kvm_mmu_change_mmu_pages(kvm, kvm_nr_mmu_pages);
3303         kvm->arch.n_requested_mmu_pages = kvm_nr_mmu_pages;
3304
3305         spin_unlock(&kvm->mmu_lock);
3306         mutex_unlock(&kvm->slots_lock);
3307         return 0;
3308 }
3309
3310 static int kvm_vm_ioctl_get_nr_mmu_pages(struct kvm *kvm)
3311 {
3312         return kvm->arch.n_max_mmu_pages;
3313 }
3314
3315 static int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
3316 {
3317         int r;
3318
3319         r = 0;
3320         switch (chip->chip_id) {
3321         case KVM_IRQCHIP_PIC_MASTER:
3322                 memcpy(&chip->chip.pic,
3323                         &pic_irqchip(kvm)->pics[0],
3324                         sizeof(struct kvm_pic_state));
3325                 break;
3326         case KVM_IRQCHIP_PIC_SLAVE:
3327                 memcpy(&chip->chip.pic,
3328                         &pic_irqchip(kvm)->pics[1],
3329                         sizeof(struct kvm_pic_state));
3330                 break;
3331         case KVM_IRQCHIP_IOAPIC:
3332                 r = kvm_get_ioapic(kvm, &chip->chip.ioapic);
3333                 break;
3334         default:
3335                 r = -EINVAL;
3336                 break;
3337         }
3338         return r;
3339 }
3340
3341 static int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
3342 {
3343         int r;
3344
3345         r = 0;
3346         switch (chip->chip_id) {
3347         case KVM_IRQCHIP_PIC_MASTER:
3348                 spin_lock(&pic_irqchip(kvm)->lock);
3349                 memcpy(&pic_irqchip(kvm)->pics[0],
3350                         &chip->chip.pic,
3351                         sizeof(struct kvm_pic_state));
3352                 spin_unlock(&pic_irqchip(kvm)->lock);
3353                 break;
3354         case KVM_IRQCHIP_PIC_SLAVE:
3355                 spin_lock(&pic_irqchip(kvm)->lock);
3356                 memcpy(&pic_irqchip(kvm)->pics[1],
3357                         &chip->chip.pic,
3358                         sizeof(struct kvm_pic_state));
3359                 spin_unlock(&pic_irqchip(kvm)->lock);
3360                 break;
3361         case KVM_IRQCHIP_IOAPIC:
3362                 r = kvm_set_ioapic(kvm, &chip->chip.ioapic);
3363                 break;
3364         default:
3365                 r = -EINVAL;
3366                 break;
3367         }
3368         kvm_pic_update_irq(pic_irqchip(kvm));
3369         return r;
3370 }
3371
3372 static int kvm_vm_ioctl_get_pit(struct kvm *kvm, struct kvm_pit_state *ps)
3373 {
3374         int r = 0;
3375
3376         mutex_lock(&kvm->arch.vpit->pit_state.lock);
3377         memcpy(ps, &kvm->arch.vpit->pit_state, sizeof(struct kvm_pit_state));
3378         mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3379         return r;
3380 }
3381
3382 static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps)
3383 {
3384         int r = 0;
3385
3386         mutex_lock(&kvm->arch.vpit->pit_state.lock);
3387         memcpy(&kvm->arch.vpit->pit_state, ps, sizeof(struct kvm_pit_state));
3388         kvm_pit_load_count(kvm, 0, ps->channels[0].count, 0);
3389         mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3390         return r;
3391 }
3392
3393 static int kvm_vm_ioctl_get_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
3394 {
3395         int r = 0;
3396
3397         mutex_lock(&kvm->arch.vpit->pit_state.lock);
3398         memcpy(ps->channels, &kvm->arch.vpit->pit_state.channels,
3399                 sizeof(ps->channels));
3400         ps->flags = kvm->arch.vpit->pit_state.flags;
3401         mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3402         memset(&ps->reserved, 0, sizeof(ps->reserved));
3403         return r;
3404 }
3405
3406 static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
3407 {
3408         int r = 0, start = 0;
3409         u32 prev_legacy, cur_legacy;
3410         mutex_lock(&kvm->arch.vpit->pit_state.lock);
3411         prev_legacy = kvm->arch.vpit->pit_state.flags & KVM_PIT_FLAGS_HPET_LEGACY;
3412         cur_legacy = ps->flags & KVM_PIT_FLAGS_HPET_LEGACY;
3413         if (!prev_legacy && cur_legacy)
3414                 start = 1;
3415         memcpy(&kvm->arch.vpit->pit_state.channels, &ps->channels,
3416                sizeof(kvm->arch.vpit->pit_state.channels));
3417         kvm->arch.vpit->pit_state.flags = ps->flags;
3418         kvm_pit_load_count(kvm, 0, kvm->arch.vpit->pit_state.channels[0].count, start);
3419         mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3420         return r;
3421 }
3422
3423 static int kvm_vm_ioctl_reinject(struct kvm *kvm,
3424                                  struct kvm_reinject_control *control)
3425 {
3426         if (!kvm->arch.vpit)
3427                 return -ENXIO;
3428         mutex_lock(&kvm->arch.vpit->pit_state.lock);
3429         kvm->arch.vpit->pit_state.pit_timer.reinject = control->pit_reinject;
3430         mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3431         return 0;
3432 }
3433
3434 /*
3435  * Get (and clear) the dirty memory log for a memory slot.
3436  */
3437 int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
3438                                       struct kvm_dirty_log *log)
3439 {
3440         int r, i;
3441         struct kvm_memory_slot *memslot;
3442         unsigned long n;
3443         unsigned long is_dirty = 0;
3444
3445         mutex_lock(&kvm->slots_lock);
3446
3447         r = -EINVAL;
3448         if (log->slot >= KVM_MEMORY_SLOTS)
3449                 goto out;
3450
3451         memslot = &kvm->memslots->memslots[log->slot];
3452         r = -ENOENT;
3453         if (!memslot->dirty_bitmap)
3454                 goto out;
3455
3456         n = kvm_dirty_bitmap_bytes(memslot);
3457
3458         for (i = 0; !is_dirty && i < n/sizeof(long); i++)
3459                 is_dirty = memslot->dirty_bitmap[i];
3460
3461         /* If nothing is dirty, don't bother messing with page tables. */
3462         if (is_dirty) {
3463                 struct kvm_memslots *slots, *old_slots;
3464                 unsigned long *dirty_bitmap;
3465
3466                 dirty_bitmap = memslot->dirty_bitmap_head;
3467                 if (memslot->dirty_bitmap == dirty_bitmap)
3468                         dirty_bitmap += n / sizeof(long);
3469                 memset(dirty_bitmap, 0, n);
3470
3471                 r = -ENOMEM;
3472                 slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
3473                 if (!slots)
3474                         goto out;
3475                 memcpy(slots, kvm->memslots, sizeof(struct kvm_memslots));
3476                 slots->memslots[log->slot].dirty_bitmap = dirty_bitmap;
3477                 slots->generation++;
3478
3479                 old_slots = kvm->memslots;
3480                 rcu_assign_pointer(kvm->memslots, slots);
3481                 synchronize_srcu_expedited(&kvm->srcu);
3482                 dirty_bitmap = old_slots->memslots[log->slot].dirty_bitmap;
3483                 kfree(old_slots);
3484
3485                 spin_lock(&kvm->mmu_lock);
3486                 kvm_mmu_slot_remove_write_access(kvm, log->slot);
3487                 spin_unlock(&kvm->mmu_lock);
3488
3489                 r = -EFAULT;
3490                 if (copy_to_user(log->dirty_bitmap, dirty_bitmap, n))
3491                         goto out;
3492         } else {
3493                 r = -EFAULT;
3494                 if (clear_user(log->dirty_bitmap, n))
3495                         goto out;
3496         }
3497
3498         r = 0;
3499 out:
3500         mutex_unlock(&kvm->slots_lock);
3501         return r;
3502 }
3503
3504 long kvm_arch_vm_ioctl(struct file *filp,
3505                        unsigned int ioctl, unsigned long arg)
3506 {
3507         struct kvm *kvm = filp->private_data;
3508         void __user *argp = (void __user *)arg;
3509         int r = -ENOTTY;
3510         /*
3511          * This union makes it completely explicit to gcc-3.x
3512          * that these two variables' stack usage should be
3513          * combined, not added together.
3514          */
3515         union {
3516                 struct kvm_pit_state ps;
3517                 struct kvm_pit_state2 ps2;
3518                 struct kvm_pit_config pit_config;
3519         } u;
3520
3521         switch (ioctl) {
3522         case KVM_SET_TSS_ADDR:
3523                 r = kvm_vm_ioctl_set_tss_addr(kvm, arg);
3524                 if (r < 0)
3525                         goto out;
3526                 break;
3527         case KVM_SET_IDENTITY_MAP_ADDR: {
3528                 u64 ident_addr;
3529
3530                 r = -EFAULT;
3531                 if (copy_from_user(&ident_addr, argp, sizeof ident_addr))
3532                         goto out;
3533                 r = kvm_vm_ioctl_set_identity_map_addr(kvm, ident_addr);
3534                 if (r < 0)
3535                         goto out;
3536                 break;
3537         }
3538         case KVM_SET_NR_MMU_PAGES:
3539                 r = kvm_vm_ioctl_set_nr_mmu_pages(kvm, arg);
3540                 if (r)
3541                         goto out;
3542                 break;
3543         case KVM_GET_NR_MMU_PAGES:
3544                 r = kvm_vm_ioctl_get_nr_mmu_pages(kvm);
3545                 break;
3546         case KVM_CREATE_IRQCHIP: {
3547                 struct kvm_pic *vpic;
3548
3549                 mutex_lock(&kvm->lock);
3550                 r = -EEXIST;
3551                 if (kvm->arch.vpic)
3552                         goto create_irqchip_unlock;
3553                 r = -ENOMEM;
3554                 vpic = kvm_create_pic(kvm);
3555                 if (vpic) {
3556                         r = kvm_ioapic_init(kvm);
3557                         if (r) {
3558                                 mutex_lock(&kvm->slots_lock);
3559                                 kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,
3560                                                           &vpic->dev);
3561                                 mutex_unlock(&kvm->slots_lock);
3562                                 kfree(vpic);
3563                                 goto create_irqchip_unlock;
3564                         }
3565                 } else
3566                         goto create_irqchip_unlock;
3567                 smp_wmb();
3568                 kvm->arch.vpic = vpic;
3569                 smp_wmb();
3570                 r = kvm_setup_default_irq_routing(kvm);
3571                 if (r) {
3572                         mutex_lock(&kvm->slots_lock);
3573                         mutex_lock(&kvm->irq_lock);
3574                         kvm_ioapic_destroy(kvm);
3575                         kvm_destroy_pic(kvm);
3576                         mutex_unlock(&kvm->irq_lock);
3577                         mutex_unlock(&kvm->slots_lock);
3578                 }
3579         create_irqchip_unlock:
3580                 mutex_unlock(&kvm->lock);
3581                 break;
3582         }
3583         case KVM_CREATE_PIT:
3584                 u.pit_config.flags = KVM_PIT_SPEAKER_DUMMY;
3585                 goto create_pit;
3586         case KVM_CREATE_PIT2:
3587                 r = -EFAULT;
3588                 if (copy_from_user(&u.pit_config, argp,
3589                                    sizeof(struct kvm_pit_config)))
3590                         goto out;
3591         create_pit:
3592                 mutex_lock(&kvm->slots_lock);
3593                 r = -EEXIST;
3594                 if (kvm->arch.vpit)
3595                         goto create_pit_unlock;
3596                 r = -ENOMEM;
3597                 kvm->arch.vpit = kvm_create_pit(kvm, u.pit_config.flags);
3598                 if (kvm->arch.vpit)
3599                         r = 0;
3600         create_pit_unlock:
3601                 mutex_unlock(&kvm->slots_lock);
3602                 break;
3603         case KVM_IRQ_LINE_STATUS:
3604         case KVM_IRQ_LINE: {
3605                 struct kvm_irq_level irq_event;
3606
3607                 r = -EFAULT;
3608                 if (copy_from_user(&irq_event, argp, sizeof irq_event))
3609                         goto out;
3610                 r = -ENXIO;
3611                 if (irqchip_in_kernel(kvm)) {
3612                         __s32 status;
3613                         status = kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID,
3614                                         irq_event.irq, irq_event.level);
3615                         if (ioctl == KVM_IRQ_LINE_STATUS) {
3616                                 r = -EFAULT;
3617                                 irq_event.status = status;
3618                                 if (copy_to_user(argp, &irq_event,
3619                                                         sizeof irq_event))
3620                                         goto out;
3621                         }
3622                         r = 0;
3623                 }
3624                 break;
3625         }
3626         case KVM_GET_IRQCHIP: {
3627                 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
3628                 struct kvm_irqchip *chip = kmalloc(sizeof(*chip), GFP_KERNEL);
3629
3630                 r = -ENOMEM;
3631                 if (!chip)
3632                         goto out;
3633                 r = -EFAULT;
3634                 if (copy_from_user(chip, argp, sizeof *chip))
3635                         goto get_irqchip_out;
3636                 r = -ENXIO;
3637                 if (!irqchip_in_kernel(kvm))
3638                         goto get_irqchip_out;
3639                 r = kvm_vm_ioctl_get_irqchip(kvm, chip);
3640                 if (r)
3641                         goto get_irqchip_out;
3642                 r = -EFAULT;
3643                 if (copy_to_user(argp, chip, sizeof *chip))
3644                         goto get_irqchip_out;
3645                 r = 0;
3646         get_irqchip_out:
3647                 kfree(chip);
3648                 if (r)
3649                         goto out;
3650                 break;
3651         }
3652         case KVM_SET_IRQCHIP: {
3653                 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
3654                 struct kvm_irqchip *chip = kmalloc(sizeof(*chip), GFP_KERNEL);
3655
3656                 r = -ENOMEM;
3657                 if (!chip)
3658                         goto out;
3659                 r = -EFAULT;
3660                 if (copy_from_user(chip, argp, sizeof *chip))
3661                         goto set_irqchip_out;
3662                 r = -ENXIO;
3663                 if (!irqchip_in_kernel(kvm))
3664                         goto set_irqchip_out;
3665                 r = kvm_vm_ioctl_set_irqchip(kvm, chip);
3666                 if (r)
3667                         goto set_irqchip_out;
3668                 r = 0;
3669         set_irqchip_out:
3670                 kfree(chip);
3671                 if (r)
3672                         goto out;
3673                 break;
3674         }
3675         case KVM_GET_PIT: {
3676                 r = -EFAULT;
3677                 if (copy_from_user(&u.ps, argp, sizeof(struct kvm_pit_state)))
3678                         goto out;
3679                 r = -ENXIO;
3680                 if (!kvm->arch.vpit)
3681                         goto out;
3682                 r = kvm_vm_ioctl_get_pit(kvm, &u.ps);
3683                 if (r)
3684                         goto out;
3685                 r = -EFAULT;
3686                 if (copy_to_user(argp, &u.ps, sizeof(struct kvm_pit_state)))
3687                         goto out;
3688                 r = 0;
3689                 break;
3690         }
3691         case KVM_SET_PIT: {
3692                 r = -EFAULT;
3693                 if (copy_from_user(&u.ps, argp, sizeof u.ps))
3694                         goto out;
3695                 r = -ENXIO;
3696                 if (!kvm->arch.vpit)
3697                         goto out;
3698                 r = kvm_vm_ioctl_set_pit(kvm, &u.ps);
3699                 if (r)
3700                         goto out;
3701                 r = 0;
3702                 break;
3703         }
3704         case KVM_GET_PIT2: {
3705                 r = -ENXIO;
3706                 if (!kvm->arch.vpit)
3707                         goto out;
3708                 r = kvm_vm_ioctl_get_pit2(kvm, &u.ps2);
3709                 if (r)
3710                         goto out;
3711                 r = -EFAULT;
3712                 if (copy_to_user(argp, &u.ps2, sizeof(u.ps2)))
3713                         goto out;
3714                 r = 0;
3715                 break;
3716         }
3717         case KVM_SET_PIT2: {
3718                 r = -EFAULT;
3719                 if (copy_from_user(&u.ps2, argp, sizeof(u.ps2)))
3720                         goto out;
3721                 r = -ENXIO;
3722                 if (!kvm->arch.vpit)
3723                         goto out;
3724                 r = kvm_vm_ioctl_set_pit2(kvm, &u.ps2);
3725                 if (r)
3726                         goto out;
3727                 r = 0;
3728                 break;
3729         }
3730         case KVM_REINJECT_CONTROL: {
3731                 struct kvm_reinject_control control;
3732                 r =  -EFAULT;
3733                 if (copy_from_user(&control, argp, sizeof(control)))
3734                         goto out;
3735                 r = kvm_vm_ioctl_reinject(kvm, &control);
3736                 if (r)
3737                         goto out;
3738                 r = 0;
3739                 break;
3740         }
3741         case KVM_XEN_HVM_CONFIG: {
3742                 r = -EFAULT;
3743                 if (copy_from_user(&kvm->arch.xen_hvm_config, argp,
3744                                    sizeof(struct kvm_xen_hvm_config)))
3745                         goto out;
3746                 r = -EINVAL;
3747                 if (kvm->arch.xen_hvm_config.flags)
3748                         goto out;
3749                 r = 0;
3750                 break;
3751         }
3752         case KVM_SET_CLOCK: {
3753                 struct kvm_clock_data user_ns;
3754                 u64 now_ns;
3755                 s64 delta;
3756
3757                 r = -EFAULT;
3758                 if (copy_from_user(&user_ns, argp, sizeof(user_ns)))
3759                         goto out;
3760
3761                 r = -EINVAL;
3762                 if (user_ns.flags)
3763                         goto out;
3764
3765                 r = 0;
3766                 local_irq_disable();
3767                 now_ns = get_kernel_ns();
3768                 delta = user_ns.clock - now_ns;
3769                 local_irq_enable();
3770                 kvm->arch.kvmclock_offset = delta;
3771                 break;
3772         }
3773         case KVM_GET_CLOCK: {
3774                 struct kvm_clock_data user_ns;
3775                 u64 now_ns;
3776
3777                 local_irq_disable();
3778                 now_ns = get_kernel_ns();
3779                 user_ns.clock = kvm->arch.kvmclock_offset + now_ns;
3780                 local_irq_enable();
3781                 user_ns.flags = 0;
3782                 memset(&user_ns.pad, 0, sizeof(user_ns.pad));
3783
3784                 r = -EFAULT;
3785                 if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
3786                         goto out;
3787                 r = 0;
3788                 break;
3789         }
3790
3791         default:
3792                 ;
3793         }
3794 out:
3795         return r;
3796 }
3797
3798 static void kvm_init_msr_list(void)
3799 {
3800         u32 dummy[2];
3801         unsigned i, j;
3802
3803         /* skip the first msrs in the list. KVM-specific */
3804         for (i = j = KVM_SAVE_MSRS_BEGIN; i < ARRAY_SIZE(msrs_to_save); i++) {
3805                 if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0)
3806                         continue;
3807                 if (j < i)
3808                         msrs_to_save[j] = msrs_to_save[i];
3809                 j++;
3810         }
3811         num_msrs_to_save = j;
3812 }
3813
3814 static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len,
3815                            const void *v)
3816 {
3817         int handled = 0;
3818         int n;
3819
3820         do {
3821                 n = min(len, 8);
3822                 if (!(vcpu->arch.apic &&
3823                       !kvm_iodevice_write(&vcpu->arch.apic->dev, addr, n, v))
3824                     && kvm_io_bus_write(vcpu->kvm, KVM_MMIO_BUS, addr, n, v))
3825                         break;
3826                 handled += n;
3827                 addr += n;
3828                 len -= n;
3829                 v += n;
3830         } while (len);
3831
3832         return handled;
3833 }
3834
3835 static int vcpu_mmio_read(struct kvm_vcpu *vcpu, gpa_t addr, int len, void *v)
3836 {
3837         int handled = 0;
3838         int n;
3839
3840         do {
3841                 n = min(len, 8);
3842                 if (!(vcpu->arch.apic &&
3843                       !kvm_iodevice_read(&vcpu->arch.apic->dev, addr, n, v))
3844                     && kvm_io_bus_read(vcpu->kvm, KVM_MMIO_BUS, addr, n, v))
3845                         break;
3846                 trace_kvm_mmio(KVM_TRACE_MMIO_READ, n, addr, *(u64 *)v);
3847                 handled += n;
3848                 addr += n;
3849                 len -= n;
3850                 v += n;
3851         } while (len);
3852
3853         return handled;
3854 }
3855
3856 static void kvm_set_segment(struct kvm_vcpu *vcpu,
3857                         struct kvm_segment *var, int seg)
3858 {
3859         kvm_x86_ops->set_segment(vcpu, var, seg);
3860 }
3861
3862 void kvm_get_segment(struct kvm_vcpu *vcpu,
3863                      struct kvm_segment *var, int seg)
3864 {
3865         kvm_x86_ops->get_segment(vcpu, var, seg);
3866 }
3867
3868 static gpa_t translate_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access)
3869 {
3870         return gpa;
3871 }
3872
3873 static gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access)
3874 {
3875         gpa_t t_gpa;
3876         struct x86_exception exception;
3877
3878         BUG_ON(!mmu_is_nested(vcpu));
3879
3880         /* NPT walks are always user-walks */
3881         access |= PFERR_USER_MASK;
3882         t_gpa  = vcpu->arch.mmu.gva_to_gpa(vcpu, gpa, access, &exception);
3883
3884         return t_gpa;
3885 }
3886
3887 gpa_t kvm_mmu_gva_to_gpa_read(struct kvm_vcpu *vcpu, gva_t gva,
3888                               struct x86_exception *exception)
3889 {
3890         u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3891         return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3892 }
3893
3894  gpa_t kvm_mmu_gva_to_gpa_fetch(struct kvm_vcpu *vcpu, gva_t gva,
3895                                 struct x86_exception *exception)
3896 {
3897         u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3898         access |= PFERR_FETCH_MASK;
3899         return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3900 }
3901
3902 gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu, gva_t gva,
3903                                struct x86_exception *exception)
3904 {
3905         u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3906         access |= PFERR_WRITE_MASK;
3907         return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
3908 }
3909
3910 /* uses this to access any guest's mapped memory without checking CPL */
3911 gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
3912                                 struct x86_exception *exception)
3913 {
3914         return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, 0, exception);
3915 }
3916
3917 static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
3918                                       struct kvm_vcpu *vcpu, u32 access,
3919                                       struct x86_exception *exception)
3920 {
3921         void *data = val;
3922         int r = X86EMUL_CONTINUE;
3923
3924         while (bytes) {
3925                 gpa_t gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr, access,
3926                                                             exception);
3927                 unsigned offset = addr & (PAGE_SIZE-1);
3928                 unsigned toread = min(bytes, (unsigned)PAGE_SIZE - offset);
3929                 int ret;
3930
3931                 if (gpa == UNMAPPED_GVA)
3932                         return X86EMUL_PROPAGATE_FAULT;
3933                 ret = kvm_read_guest(vcpu->kvm, gpa, data, toread);
3934                 if (ret < 0) {
3935                         r = X86EMUL_IO_NEEDED;
3936                         goto out;
3937                 }
3938
3939                 bytes -= toread;
3940                 data += toread;
3941                 addr += toread;
3942         }
3943 out:
3944         return r;
3945 }
3946
3947 /* used for instruction fetching */
3948 static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
3949                                 gva_t addr, void *val, unsigned int bytes,
3950                                 struct x86_exception *exception)
3951 {
3952         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3953         u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3954
3955         return kvm_read_guest_virt_helper(addr, val, bytes, vcpu,
3956                                           access | PFERR_FETCH_MASK,
3957                                           exception);
3958 }
3959
3960 int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt,
3961                                gva_t addr, void *val, unsigned int bytes,
3962                                struct x86_exception *exception)
3963 {
3964         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3965         u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
3966
3967         return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,
3968                                           exception);
3969 }
3970 EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
3971
3972 static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
3973                                       gva_t addr, void *val, unsigned int bytes,
3974                                       struct x86_exception *exception)
3975 {
3976         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3977         return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, 0, exception);
3978 }
3979
3980 int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
3981                                        gva_t addr, void *val,
3982                                        unsigned int bytes,
3983                                        struct x86_exception *exception)
3984 {
3985         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3986         void *data = val;
3987         int r = X86EMUL_CONTINUE;
3988
3989         while (bytes) {
3990                 gpa_t gpa =  vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr,
3991                                                              PFERR_WRITE_MASK,
3992                                                              exception);
3993                 unsigned offset = addr & (PAGE_SIZE-1);
3994                 unsigned towrite = min(bytes, (unsigned)PAGE_SIZE - offset);
3995                 int ret;
3996
3997                 if (gpa == UNMAPPED_GVA)
3998                         return X86EMUL_PROPAGATE_FAULT;
3999                 ret = kvm_write_guest(vcpu->kvm, gpa, data, towrite);
4000                 if (ret < 0) {
4001                         r = X86EMUL_IO_NEEDED;
4002                         goto out;
4003                 }
4004
4005                 bytes -= towrite;
4006                 data += towrite;
4007                 addr += towrite;
4008         }
4009 out:
4010         return r;
4011 }
4012 EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system);
4013
4014 static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
4015                                 gpa_t *gpa, struct x86_exception *exception,
4016                                 bool write)
4017 {
4018         u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
4019
4020         if (vcpu_match_mmio_gva(vcpu, gva) &&
4021                   check_write_user_access(vcpu, write, access,
4022                   vcpu->arch.access)) {
4023                 *gpa = vcpu->arch.mmio_gfn << PAGE_SHIFT |
4024                                         (gva & (PAGE_SIZE - 1));
4025                 trace_vcpu_match_mmio(gva, *gpa, write, false);
4026                 return 1;
4027         }
4028
4029         if (write)
4030                 access |= PFERR_WRITE_MASK;
4031
4032         *gpa = vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
4033
4034         if (*gpa == UNMAPPED_GVA)
4035                 return -1;
4036
4037         /* For APIC access vmexit */
4038         if ((*gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE)
4039                 return 1;
4040
4041         if (vcpu_match_mmio_gpa(vcpu, *gpa)) {
4042                 trace_vcpu_match_mmio(gva, *gpa, write, true);
4043                 return 1;
4044         }
4045
4046         return 0;
4047 }
4048
4049 static int emulator_read_emulated(struct x86_emulate_ctxt *ctxt,
4050                                   unsigned long addr,
4051                                   void *val,
4052                                   unsigned int bytes,
4053                                   struct x86_exception *exception)
4054 {
4055         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4056         gpa_t gpa;
4057         int handled, ret;
4058
4059         if (vcpu->mmio_read_completed) {
4060                 memcpy(val, vcpu->mmio_data, bytes);
4061                 trace_kvm_mmio(KVM_TRACE_MMIO_READ, bytes,
4062                                vcpu->mmio_phys_addr, *(u64 *)val);
4063                 vcpu->mmio_read_completed = 0;
4064                 return X86EMUL_CONTINUE;
4065         }
4066
4067         ret = vcpu_mmio_gva_to_gpa(vcpu, addr, &gpa, exception, false);
4068
4069         if (ret < 0)
4070                 return X86EMUL_PROPAGATE_FAULT;
4071
4072         if (ret)
4073                 goto mmio;
4074
4075         if (kvm_read_guest_virt(ctxt, addr, val, bytes, exception)
4076             == X86EMUL_CONTINUE)
4077                 return X86EMUL_CONTINUE;
4078
4079 mmio:
4080         /*
4081          * Is this MMIO handled locally?
4082          */
4083         handled = vcpu_mmio_read(vcpu, gpa, bytes, val);
4084
4085         if (handled == bytes)
4086                 return X86EMUL_CONTINUE;
4087
4088         gpa += handled;
4089         bytes -= handled;
4090         val += handled;
4091
4092         trace_kvm_mmio(KVM_TRACE_MMIO_READ_UNSATISFIED, bytes, gpa, 0);
4093
4094         vcpu->mmio_needed = 1;
4095         vcpu->run->exit_reason = KVM_EXIT_MMIO;
4096         vcpu->run->mmio.phys_addr = vcpu->mmio_phys_addr = gpa;
4097         vcpu->mmio_size = bytes;
4098         vcpu->run->mmio.len = min(vcpu->mmio_size, 8);
4099         vcpu->run->mmio.is_write = vcpu->mmio_is_write = 0;
4100         vcpu->mmio_index = 0;
4101
4102         return X86EMUL_IO_NEEDED;
4103 }
4104
4105 int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
4106                         const void *val, int bytes)
4107 {
4108         int ret;
4109
4110         ret = kvm_write_guest(vcpu->kvm, gpa, val, bytes);
4111         if (ret < 0)
4112                 return 0;
4113         kvm_mmu_pte_write(vcpu, gpa, val, bytes, 1);
4114         return 1;
4115 }
4116
4117 static int emulator_write_emulated_onepage(unsigned long addr,
4118                                            const void *val,
4119                                            unsigned int bytes,
4120                                            struct x86_exception *exception,
4121                                            struct kvm_vcpu *vcpu)
4122 {
4123         gpa_t gpa;
4124         int handled, ret;
4125
4126         ret = vcpu_mmio_gva_to_gpa(vcpu, addr, &gpa, exception, true);
4127
4128         if (ret < 0)
4129                 return X86EMUL_PROPAGATE_FAULT;
4130
4131         /* For APIC access vmexit */
4132         if (ret)
4133                 goto mmio;
4134
4135         if (emulator_write_phys(vcpu, gpa, val, bytes))
4136                 return X86EMUL_CONTINUE;
4137
4138 mmio:
4139         trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, *(u64 *)val);
4140         /*
4141          * Is this MMIO handled locally?
4142          */
4143         handled = vcpu_mmio_write(vcpu, gpa, bytes, val);
4144         if (handled == bytes)
4145                 return X86EMUL_CONTINUE;
4146
4147         gpa += handled;
4148         bytes -= handled;
4149         val += handled;
4150
4151         vcpu->mmio_needed = 1;
4152         memcpy(vcpu->mmio_data, val, bytes);
4153         vcpu->run->exit_reason = KVM_EXIT_MMIO;
4154         vcpu->run->mmio.phys_addr = vcpu->mmio_phys_addr = gpa;
4155         vcpu->mmio_size = bytes;
4156         vcpu->run->mmio.len = min(vcpu->mmio_size, 8);
4157         vcpu->run->mmio.is_write = vcpu->mmio_is_write = 1;
4158         memcpy(vcpu->run->mmio.data, vcpu->mmio_data, 8);
4159         vcpu->mmio_index = 0;
4160
4161         return X86EMUL_CONTINUE;
4162 }
4163
4164 int emulator_write_emulated(struct x86_emulate_ctxt *ctxt,
4165                             unsigned long addr,
4166                             const void *val,
4167                             unsigned int bytes,
4168                             struct x86_exception *exception)
4169 {
4170         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4171
4172         /* Crossing a page boundary? */
4173         if (((addr + bytes - 1) ^ addr) & PAGE_MASK) {
4174                 int rc, now;
4175
4176                 now = -addr & ~PAGE_MASK;
4177                 rc = emulator_write_emulated_onepage(addr, val, now, exception,
4178                                                      vcpu);
4179                 if (rc != X86EMUL_CONTINUE)
4180                         return rc;
4181                 addr += now;
4182                 val += now;
4183                 bytes -= now;
4184         }
4185         return emulator_write_emulated_onepage(addr, val, bytes, exception,
4186                                                vcpu);
4187 }
4188
4189 #define CMPXCHG_TYPE(t, ptr, old, new) \
4190         (cmpxchg((t *)(ptr), *(t *)(old), *(t *)(new)) == *(t *)(old))
4191
4192 #ifdef CONFIG_X86_64
4193 #  define CMPXCHG64(ptr, old, new) CMPXCHG_TYPE(u64, ptr, old, new)
4194 #else
4195 #  define CMPXCHG64(ptr, old, new) \
4196         (cmpxchg64((u64 *)(ptr), *(u64 *)(old), *(u64 *)(new)) == *(u64 *)(old))
4197 #endif
4198
4199 static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
4200                                      unsigned long addr,
4201                                      const void *old,
4202                                      const void *new,
4203                                      unsigned int bytes,
4204                                      struct x86_exception *exception)
4205 {
4206         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4207         gpa_t gpa;
4208         struct page *page;
4209         char *kaddr;
4210         bool exchanged;
4211
4212         /* guests cmpxchg8b have to be emulated atomically */
4213         if (bytes > 8 || (bytes & (bytes - 1)))
4214                 goto emul_write;
4215
4216         gpa = kvm_mmu_gva_to_gpa_write(vcpu, addr, NULL);
4217
4218         if (gpa == UNMAPPED_GVA ||
4219             (gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE)
4220                 goto emul_write;
4221
4222         if (((gpa + bytes - 1) & PAGE_MASK) != (gpa & PAGE_MASK))
4223                 goto emul_write;
4224
4225         page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
4226         if (is_error_page(page)) {
4227                 kvm_release_page_clean(page);
4228                 goto emul_write;
4229         }
4230
4231         kaddr = kmap_atomic(page, KM_USER0);
4232         kaddr += offset_in_page(gpa);
4233         switch (bytes) {
4234         case 1:
4235                 exchanged = CMPXCHG_TYPE(u8, kaddr, old, new);
4236                 break;
4237         case 2:
4238                 exchanged = CMPXCHG_TYPE(u16, kaddr, old, new);
4239                 break;
4240         case 4:
4241                 exchanged = CMPXCHG_TYPE(u32, kaddr, old, new);
4242                 break;
4243         case 8:
4244                 exchanged = CMPXCHG64(kaddr, old, new);
4245                 break;
4246         default:
4247                 BUG();
4248         }
4249         kunmap_atomic(kaddr, KM_USER0);
4250         kvm_release_page_dirty(page);
4251
4252         if (!exchanged)
4253                 return X86EMUL_CMPXCHG_FAILED;
4254
4255         kvm_mmu_pte_write(vcpu, gpa, new, bytes, 1);
4256
4257         return X86EMUL_CONTINUE;
4258
4259 emul_write:
4260         printk_once(KERN_WARNING "kvm: emulating exchange as write\n");
4261
4262         return emulator_write_emulated(ctxt, addr, new, bytes, exception);
4263 }
4264
4265 static int kernel_pio(struct kvm_vcpu *vcpu, void *pd)
4266 {
4267         /* TODO: String I/O for in kernel device */
4268         int r;
4269
4270         if (vcpu->arch.pio.in)
4271                 r = kvm_io_bus_read(vcpu->kvm, KVM_PIO_BUS, vcpu->arch.pio.port,
4272                                     vcpu->arch.pio.size, pd);
4273         else
4274                 r = kvm_io_bus_write(vcpu->kvm, KVM_PIO_BUS,
4275                                      vcpu->arch.pio.port, vcpu->arch.pio.size,
4276                                      pd);
4277         return r;
4278 }
4279
4280
4281 static int emulator_pio_in_emulated(struct x86_emulate_ctxt *ctxt,
4282                                     int size, unsigned short port, void *val,
4283                                     unsigned int count)
4284 {
4285         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4286
4287         if (vcpu->arch.pio.count)
4288                 goto data_avail;
4289
4290         trace_kvm_pio(0, port, size, count);
4291
4292         vcpu->arch.pio.port = port;
4293         vcpu->arch.pio.in = 1;
4294         vcpu->arch.pio.count  = count;
4295         vcpu->arch.pio.size = size;
4296
4297         if (!kernel_pio(vcpu, vcpu->arch.pio_data)) {
4298         data_avail:
4299                 memcpy(val, vcpu->arch.pio_data, size * count);
4300                 vcpu->arch.pio.count = 0;
4301                 return 1;
4302         }
4303
4304         vcpu->run->exit_reason = KVM_EXIT_IO;
4305         vcpu->run->io.direction = KVM_EXIT_IO_IN;
4306         vcpu->run->io.size = size;
4307         vcpu->run->io.data_offset = KVM_PIO_PAGE_OFFSET * PAGE_SIZE;
4308         vcpu->run->io.count = count;
4309         vcpu->run->io.port = port;
4310
4311         return 0;
4312 }
4313
4314 static int emulator_pio_out_emulated(struct x86_emulate_ctxt *ctxt,
4315                                      int size, unsigned short port,
4316                                      const void *val, unsigned int count)
4317 {
4318         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4319
4320         trace_kvm_pio(1, port, size, count);
4321
4322         vcpu->arch.pio.port = port;
4323         vcpu->arch.pio.in = 0;
4324         vcpu->arch.pio.count = count;
4325         vcpu->arch.pio.size = size;
4326
4327         memcpy(vcpu->arch.pio_data, val, size * count);
4328
4329         if (!kernel_pio(vcpu, vcpu->arch.pio_data)) {
4330                 vcpu->arch.pio.count = 0;
4331                 return 1;
4332         }
4333
4334         vcpu->run->exit_reason = KVM_EXIT_IO;
4335         vcpu->run->io.direction = KVM_EXIT_IO_OUT;
4336         vcpu->run->io.size = size;
4337         vcpu->run->io.data_offset = KVM_PIO_PAGE_OFFSET * PAGE_SIZE;
4338         vcpu->run->io.count = count;
4339         vcpu->run->io.port = port;
4340
4341         return 0;
4342 }
4343
4344 static unsigned long get_segment_base(struct kvm_vcpu *vcpu, int seg)
4345 {
4346         return kvm_x86_ops->get_segment_base(vcpu, seg);
4347 }
4348
4349 static void emulator_invlpg(struct x86_emulate_ctxt *ctxt, ulong address)
4350 {
4351         kvm_mmu_invlpg(emul_to_vcpu(ctxt), address);
4352 }
4353
4354 int kvm_emulate_wbinvd(struct kvm_vcpu *vcpu)
4355 {
4356         if (!need_emulate_wbinvd(vcpu))
4357                 return X86EMUL_CONTINUE;
4358
4359         if (kvm_x86_ops->has_wbinvd_exit()) {
4360                 int cpu = get_cpu();
4361
4362                 cpumask_set_cpu(cpu, vcpu->arch.wbinvd_dirty_mask);
4363                 smp_call_function_many(vcpu->arch.wbinvd_dirty_mask,
4364                                 wbinvd_ipi, NULL, 1);
4365                 put_cpu();
4366                 cpumask_clear(vcpu->arch.wbinvd_dirty_mask);
4367         } else
4368                 wbinvd();
4369         return X86EMUL_CONTINUE;
4370 }
4371 EXPORT_SYMBOL_GPL(kvm_emulate_wbinvd);
4372
4373 static void emulator_wbinvd(struct x86_emulate_ctxt *ctxt)
4374 {
4375         kvm_emulate_wbinvd(emul_to_vcpu(ctxt));
4376 }
4377
4378 int emulator_get_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long *dest)
4379 {
4380         return _kvm_get_dr(emul_to_vcpu(ctxt), dr, dest);
4381 }
4382
4383 int emulator_set_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long value)
4384 {
4385
4386         return __kvm_set_dr(emul_to_vcpu(ctxt), dr, value);
4387 }
4388
4389 static u64 mk_cr_64(u64 curr_cr, u32 new_val)
4390 {
4391         return (curr_cr & ~((1ULL << 32) - 1)) | new_val;
4392 }
4393
4394 static unsigned long emulator_get_cr(struct x86_emulate_ctxt *ctxt, int cr)
4395 {
4396         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4397         unsigned long value;
4398
4399         switch (cr) {
4400         case 0:
4401                 value = kvm_read_cr0(vcpu);
4402                 break;
4403         case 2:
4404                 value = vcpu->arch.cr2;
4405                 break;
4406         case 3:
4407                 value = kvm_read_cr3(vcpu);
4408                 break;
4409         case 4:
4410                 value = kvm_read_cr4(vcpu);
4411                 break;
4412         case 8:
4413                 value = kvm_get_cr8(vcpu);
4414                 break;
4415         default:
4416                 vcpu_printf(vcpu, "%s: unexpected cr %u\n", __func__, cr);
4417                 return 0;
4418         }
4419
4420         return value;
4421 }
4422
4423 static int emulator_set_cr(struct x86_emulate_ctxt *ctxt, int cr, ulong val)
4424 {
4425         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4426         int res = 0;
4427
4428         switch (cr) {
4429         case 0:
4430                 res = kvm_set_cr0(vcpu, mk_cr_64(kvm_read_cr0(vcpu), val));
4431                 break;
4432         case 2:
4433                 vcpu->arch.cr2 = val;
4434                 break;
4435         case 3:
4436                 res = kvm_set_cr3(vcpu, val);
4437                 break;
4438         case 4:
4439                 res = kvm_set_cr4(vcpu, mk_cr_64(kvm_read_cr4(vcpu), val));
4440                 break;
4441         case 8:
4442                 res = kvm_set_cr8(vcpu, val);
4443                 break;
4444         default:
4445                 vcpu_printf(vcpu, "%s: unexpected cr %u\n", __func__, cr);
4446                 res = -1;
4447         }
4448
4449         return res;
4450 }
4451
4452 static int emulator_get_cpl(struct x86_emulate_ctxt *ctxt)
4453 {
4454         return kvm_x86_ops->get_cpl(emul_to_vcpu(ctxt));
4455 }
4456
4457 static void emulator_get_gdt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4458 {
4459         kvm_x86_ops->get_gdt(emul_to_vcpu(ctxt), dt);
4460 }
4461
4462 static void emulator_get_idt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4463 {
4464         kvm_x86_ops->get_idt(emul_to_vcpu(ctxt), dt);
4465 }
4466
4467 static void emulator_set_gdt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4468 {
4469         kvm_x86_ops->set_gdt(emul_to_vcpu(ctxt), dt);
4470 }
4471
4472 static void emulator_set_idt(struct x86_emulate_ctxt *ctxt, struct desc_ptr *dt)
4473 {
4474         kvm_x86_ops->set_idt(emul_to_vcpu(ctxt), dt);
4475 }
4476
4477 static unsigned long emulator_get_cached_segment_base(
4478         struct x86_emulate_ctxt *ctxt, int seg)
4479 {
4480         return get_segment_base(emul_to_vcpu(ctxt), seg);
4481 }
4482
4483 static bool emulator_get_segment(struct x86_emulate_ctxt *ctxt, u16 *selector,
4484                                  struct desc_struct *desc, u32 *base3,
4485                                  int seg)
4486 {
4487         struct kvm_segment var;
4488
4489         kvm_get_segment(emul_to_vcpu(ctxt), &var, seg);
4490         *selector = var.selector;
4491
4492         if (var.unusable)
4493                 return false;
4494
4495         if (var.g)
4496                 var.limit >>= 12;
4497         set_desc_limit(desc, var.limit);
4498         set_desc_base(desc, (unsigned long)var.base);
4499 #ifdef CONFIG_X86_64
4500         if (base3)
4501                 *base3 = var.base >> 32;
4502 #endif
4503         desc->type = var.type;
4504         desc->s = var.s;
4505         desc->dpl = var.dpl;
4506         desc->p = var.present;
4507         desc->avl = var.avl;
4508         desc->l = var.l;
4509         desc->d = var.db;
4510         desc->g = var.g;
4511
4512         return true;
4513 }
4514
4515 static void emulator_set_segment(struct x86_emulate_ctxt *ctxt, u16 selector,
4516                                  struct desc_struct *desc, u32 base3,
4517                                  int seg)
4518 {
4519         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
4520         struct kvm_segment var;
4521
4522         var.selector = selector;
4523         var.base = get_desc_base(desc);
4524 #ifdef CONFIG_X86_64
4525         var.base |= ((u64)base3) << 32;
4526 #endif
4527         var.limit = get_desc_limit(desc);
4528         if (desc->g)
4529                 var.limit = (var.limit << 12) | 0xfff;
4530         var.type = desc->type;
4531         var.present = desc->p;
4532         var.dpl = desc->dpl;
4533         var.db = desc->d;
4534         var.s = desc->s;
4535         var.l = desc->l;
4536         var.g = desc->g;
4537         var.avl = desc->avl;
4538         var.present = desc->p;
4539         var.unusable = !var.present;
4540         var.padding = 0;
4541
4542         kvm_set_segment(vcpu, &var, seg);
4543         return;
4544 }
4545
4546 static int emulator_get_msr(struct x86_emulate_ctxt *ctxt,
4547                             u32 msr_index, u64 *pdata)
4548 {
4549         return kvm_get_msr(emul_to_vcpu(ctxt), msr_index, pdata);
4550 }
4551
4552 static int emulator_set_msr(struct x86_emulate_ctxt *ctxt,
4553                             u32 msr_index, u64 data)
4554 {
4555         return kvm_set_msr(emul_to_vcpu(ctxt), msr_index, data);
4556 }
4557
4558 static void emulator_halt(struct x86_emulate_ctxt *ctxt)
4559 {
4560         emul_to_vcpu(ctxt)->arch.halt_request = 1;
4561 }
4562
4563 static void emulator_get_fpu(struct x86_emulate_ctxt *ctxt)
4564 {
4565         preempt_disable();
4566         kvm_load_guest_fpu(emul_to_vcpu(ctxt));
4567         /*
4568          * CR0.TS may reference the host fpu state, not the guest fpu state,
4569          * so it may be clear at this point.
4570          */
4571         clts();
4572 }
4573
4574 static void emulator_put_fpu(struct x86_emulate_ctxt *ctxt)
4575 {
4576         preempt_enable();
4577 }
4578
4579 static int emulator_intercept(struct x86_emulate_ctxt *ctxt,
4580                               struct x86_instruction_info *info,
4581                               enum x86_intercept_stage stage)
4582 {
4583         return kvm_x86_ops->check_intercept(emul_to_vcpu(ctxt), info, stage);
4584 }
4585
4586 static struct x86_emulate_ops emulate_ops = {
4587         .read_std            = kvm_read_guest_virt_system,
4588         .write_std           = kvm_write_guest_virt_system,
4589         .fetch               = kvm_fetch_guest_virt,
4590         .read_emulated       = emulator_read_emulated,
4591         .write_emulated      = emulator_write_emulated,
4592         .cmpxchg_emulated    = emulator_cmpxchg_emulated,
4593         .invlpg              = emulator_invlpg,
4594         .pio_in_emulated     = emulator_pio_in_emulated,
4595         .pio_out_emulated    = emulator_pio_out_emulated,
4596         .get_segment         = emulator_get_segment,
4597         .set_segment         = emulator_set_segment,
4598         .get_cached_segment_base = emulator_get_cached_segment_base,
4599         .get_gdt             = emulator_get_gdt,
4600         .get_idt             = emulator_get_idt,
4601         .set_gdt             = emulator_set_gdt,
4602         .set_idt             = emulator_set_idt,
4603         .get_cr              = emulator_get_cr,
4604         .set_cr              = emulator_set_cr,
4605         .cpl                 = emulator_get_cpl,
4606         .get_dr              = emulator_get_dr,
4607         .set_dr              = emulator_set_dr,
4608         .set_msr             = emulator_set_msr,
4609         .get_msr             = emulator_get_msr,
4610         .halt                = emulator_halt,
4611         .wbinvd              = emulator_wbinvd,
4612         .fix_hypercall       = emulator_fix_hypercall,
4613         .get_fpu             = emulator_get_fpu,
4614         .put_fpu             = emulator_put_fpu,
4615         .intercept           = emulator_intercept,
4616 };
4617
4618 static void cache_all_regs(struct kvm_vcpu *vcpu)
4619 {
4620         kvm_register_read(vcpu, VCPU_REGS_RAX);
4621         kvm_register_read(vcpu, VCPU_REGS_RSP);
4622         kvm_register_read(vcpu, VCPU_REGS_RIP);
4623         vcpu->arch.regs_dirty = ~0;
4624 }
4625
4626 static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask)
4627 {
4628         u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(vcpu, mask);
4629         /*
4630          * an sti; sti; sequence only disable interrupts for the first
4631          * instruction. So, if the last instruction, be it emulated or
4632          * not, left the system with the INT_STI flag enabled, it
4633          * means that the last instruction is an sti. We should not
4634          * leave the flag on in this case. The same goes for mov ss
4635          */
4636         if (!(int_shadow & mask))
4637                 kvm_x86_ops->set_interrupt_shadow(vcpu, mask);
4638 }
4639
4640 static void inject_emulated_exception(struct kvm_vcpu *vcpu)
4641 {
4642         struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4643         if (ctxt->exception.vector == PF_VECTOR)
4644                 kvm_propagate_fault(vcpu, &ctxt->exception);
4645         else if (ctxt->exception.error_code_valid)
4646                 kvm_queue_exception_e(vcpu, ctxt->exception.vector,
4647                                       ctxt->exception.error_code);
4648         else
4649                 kvm_queue_exception(vcpu, ctxt->exception.vector);
4650 }
4651
4652 static void init_decode_cache(struct x86_emulate_ctxt *ctxt,
4653                               const unsigned long *regs)
4654 {
4655         memset(&ctxt->twobyte, 0,
4656                (void *)&ctxt->regs - (void *)&ctxt->twobyte);
4657         memcpy(ctxt->regs, regs, sizeof(ctxt->regs));
4658
4659         ctxt->fetch.start = 0;
4660         ctxt->fetch.end = 0;
4661         ctxt->io_read.pos = 0;
4662         ctxt->io_read.end = 0;
4663         ctxt->mem_read.pos = 0;
4664         ctxt->mem_read.end = 0;
4665 }
4666
4667 static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
4668 {
4669         struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4670         int cs_db, cs_l;
4671
4672         /*
4673          * TODO: fix emulate.c to use guest_read/write_register
4674          * instead of direct ->regs accesses, can save hundred cycles
4675          * on Intel for instructions that don't read/change RSP, for
4676          * for example.
4677          */
4678         cache_all_regs(vcpu);
4679
4680         kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
4681
4682         ctxt->eflags = kvm_get_rflags(vcpu);
4683         ctxt->eip = kvm_rip_read(vcpu);
4684         ctxt->mode = (!is_protmode(vcpu))               ? X86EMUL_MODE_REAL :
4685                      (ctxt->eflags & X86_EFLAGS_VM)     ? X86EMUL_MODE_VM86 :
4686                      cs_l                               ? X86EMUL_MODE_PROT64 :
4687                      cs_db                              ? X86EMUL_MODE_PROT32 :
4688                                                           X86EMUL_MODE_PROT16;
4689         ctxt->guest_mode = is_guest_mode(vcpu);
4690
4691         init_decode_cache(ctxt, vcpu->arch.regs);
4692         vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
4693 }
4694
4695 int kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
4696 {
4697         struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4698         int ret;
4699
4700         init_emulate_ctxt(vcpu);
4701
4702         ctxt->op_bytes = 2;
4703         ctxt->ad_bytes = 2;
4704         ctxt->_eip = ctxt->eip + inc_eip;
4705         ret = emulate_int_real(ctxt, irq);
4706
4707         if (ret != X86EMUL_CONTINUE)
4708                 return EMULATE_FAIL;
4709
4710         ctxt->eip = ctxt->_eip;
4711         memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
4712         kvm_rip_write(vcpu, ctxt->eip);
4713         kvm_set_rflags(vcpu, ctxt->eflags);
4714
4715         if (irq == NMI_VECTOR)
4716                 vcpu->arch.nmi_pending = false;
4717         else
4718                 vcpu->arch.interrupt.pending = false;
4719
4720         return EMULATE_DONE;
4721 }
4722 EXPORT_SYMBOL_GPL(kvm_inject_realmode_interrupt);
4723
4724 static int handle_emulation_failure(struct kvm_vcpu *vcpu)
4725 {
4726         int r = EMULATE_DONE;
4727
4728         ++vcpu->stat.insn_emulation_fail;
4729         trace_kvm_emulate_insn_failed(vcpu);
4730         if (!is_guest_mode(vcpu)) {
4731                 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
4732                 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
4733                 vcpu->run->internal.ndata = 0;
4734                 r = EMULATE_FAIL;
4735         }
4736         kvm_queue_exception(vcpu, UD_VECTOR);
4737
4738         return r;
4739 }
4740
4741 static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t gva)
4742 {
4743         gpa_t gpa;
4744
4745         if (tdp_enabled)
4746                 return false;
4747
4748         /*
4749          * if emulation was due to access to shadowed page table
4750          * and it failed try to unshadow page and re-entetr the
4751          * guest to let CPU execute the instruction.
4752          */
4753         if (kvm_mmu_unprotect_page_virt(vcpu, gva))
4754                 return true;
4755
4756         gpa = kvm_mmu_gva_to_gpa_system(vcpu, gva, NULL);
4757
4758         if (gpa == UNMAPPED_GVA)
4759                 return true; /* let cpu generate fault */
4760
4761         if (!kvm_is_error_hva(gfn_to_hva(vcpu->kvm, gpa >> PAGE_SHIFT)))
4762                 return true;
4763
4764         return false;
4765 }
4766
4767 int x86_emulate_instruction(struct kvm_vcpu *vcpu,
4768                             unsigned long cr2,
4769                             int emulation_type,
4770                             void *insn,
4771                             int insn_len)
4772 {
4773         int r;
4774         struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
4775         bool writeback = true;
4776
4777         kvm_clear_exception_queue(vcpu);
4778
4779         if (!(emulation_type & EMULTYPE_NO_DECODE)) {
4780                 init_emulate_ctxt(vcpu);
4781                 ctxt->interruptibility = 0;
4782                 ctxt->have_exception = false;
4783                 ctxt->perm_ok = false;
4784
4785                 ctxt->only_vendor_specific_insn
4786                         = emulation_type & EMULTYPE_TRAP_UD;
4787
4788                 r = x86_decode_insn(ctxt, insn, insn_len);
4789
4790                 trace_kvm_emulate_insn_start(vcpu);
4791                 ++vcpu->stat.insn_emulation;
4792                 if (r)  {
4793                         if (emulation_type & EMULTYPE_TRAP_UD)
4794                                 return EMULATE_FAIL;
4795                         if (reexecute_instruction(vcpu, cr2))
4796                                 return EMULATE_DONE;
4797                         if (emulation_type & EMULTYPE_SKIP)
4798                                 return EMULATE_FAIL;
4799                         return handle_emulation_failure(vcpu);
4800                 }
4801         }
4802
4803         if (emulation_type & EMULTYPE_SKIP) {
4804                 kvm_rip_write(vcpu, ctxt->_eip);
4805                 return EMULATE_DONE;
4806         }
4807
4808         /* this is needed for vmware backdoor interface to work since it
4809            changes registers values  during IO operation */
4810         if (vcpu->arch.emulate_regs_need_sync_from_vcpu) {
4811                 vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
4812                 memcpy(ctxt->regs, vcpu->arch.regs, sizeof ctxt->regs);
4813         }
4814
4815 restart:
4816         r = x86_emulate_insn(ctxt);
4817
4818         if (r == EMULATION_INTERCEPTED)
4819                 return EMULATE_DONE;
4820
4821         if (r == EMULATION_FAILED) {
4822                 if (reexecute_instruction(vcpu, cr2))
4823                         return EMULATE_DONE;
4824
4825                 return handle_emulation_failure(vcpu);
4826         }
4827
4828         if (ctxt->have_exception) {
4829                 inject_emulated_exception(vcpu);
4830                 r = EMULATE_DONE;
4831         } else if (vcpu->arch.pio.count) {
4832                 if (!vcpu->arch.pio.in)
4833                         vcpu->arch.pio.count = 0;
4834                 else
4835                         writeback = false;
4836                 r = EMULATE_DO_MMIO;
4837         } else if (vcpu->mmio_needed) {
4838                 if (!vcpu->mmio_is_write)
4839                         writeback = false;
4840                 r = EMULATE_DO_MMIO;
4841         } else if (r == EMULATION_RESTART)
4842                 goto restart;
4843         else
4844                 r = EMULATE_DONE;
4845
4846         if (writeback) {
4847                 toggle_interruptibility(vcpu, ctxt->interruptibility);
4848                 kvm_set_rflags(vcpu, ctxt->eflags);
4849                 kvm_make_request(KVM_REQ_EVENT, vcpu);
4850                 memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
4851                 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
4852                 kvm_rip_write(vcpu, ctxt->eip);
4853         } else
4854                 vcpu->arch.emulate_regs_need_sync_to_vcpu = true;
4855
4856         return r;
4857 }
4858 EXPORT_SYMBOL_GPL(x86_emulate_instruction);
4859
4860 int kvm_fast_pio_out(struct kvm_vcpu *vcpu, int size, unsigned short port)
4861 {
4862         unsigned long val = kvm_register_read(vcpu, VCPU_REGS_RAX);
4863         int ret = emulator_pio_out_emulated(&vcpu->arch.emulate_ctxt,
4864                                             size, port, &val, 1);
4865         /* do not return to emulator after return from userspace */
4866         vcpu->arch.pio.count = 0;
4867         return ret;
4868 }
4869 EXPORT_SYMBOL_GPL(kvm_fast_pio_out);
4870
4871 static void tsc_bad(void *info)
4872 {
4873         __this_cpu_write(cpu_tsc_khz, 0);
4874 }
4875
4876 static void tsc_khz_changed(void *data)
4877 {
4878         struct cpufreq_freqs *freq = data;
4879         unsigned long khz = 0;
4880
4881         if (data)
4882                 khz = freq->new;
4883         else if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
4884                 khz = cpufreq_quick_get(raw_smp_processor_id());
4885         if (!khz)
4886                 khz = tsc_khz;
4887         __this_cpu_write(cpu_tsc_khz, khz);
4888 }
4889
4890 static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
4891                                      void *data)
4892 {
4893         struct cpufreq_freqs *freq = data;
4894         struct kvm *kvm;
4895         struct kvm_vcpu *vcpu;
4896         int i, send_ipi = 0;
4897
4898         /*
4899          * We allow guests to temporarily run on slowing clocks,
4900          * provided we notify them after, or to run on accelerating
4901          * clocks, provided we notify them before.  Thus time never
4902          * goes backwards.
4903          *
4904          * However, we have a problem.  We can't atomically update
4905          * the frequency of a given CPU from this function; it is
4906          * merely a notifier, which can be called from any CPU.
4907          * Changing the TSC frequency at arbitrary points in time
4908          * requires a recomputation of local variables related to
4909          * the TSC for each VCPU.  We must flag these local variables
4910          * to be updated and be sure the update takes place with the
4911          * new frequency before any guests proceed.
4912          *
4913          * Unfortunately, the combination of hotplug CPU and frequency
4914          * change creates an intractable locking scenario; the order
4915          * of when these callouts happen is undefined with respect to
4916          * CPU hotplug, and they can race with each other.  As such,
4917          * merely setting per_cpu(cpu_tsc_khz) = X during a hotadd is
4918          * undefined; you can actually have a CPU frequency change take
4919          * place in between the computation of X and the setting of the
4920          * variable.  To protect against this problem, all updates of
4921          * the per_cpu tsc_khz variable are done in an interrupt
4922          * protected IPI, and all callers wishing to update the value
4923          * must wait for a synchronous IPI to complete (which is trivial
4924          * if the caller is on the CPU already).  This establishes the
4925          * necessary total order on variable updates.
4926          *
4927          * Note that because a guest time update may take place
4928          * anytime after the setting of the VCPU's request bit, the
4929          * correct TSC value must be set before the request.  However,
4930          * to ensure the update actually makes it to any guest which
4931          * starts running in hardware virtualization between the set
4932          * and the acquisition of the spinlock, we must also ping the
4933          * CPU after setting the request bit.
4934          *
4935          */
4936
4937         if (val == CPUFREQ_PRECHANGE && freq->old > freq->new)
4938                 return 0;
4939         if (val == CPUFREQ_POSTCHANGE && freq->old < freq->new)
4940                 return 0;
4941
4942         smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
4943
4944         raw_spin_lock(&kvm_lock);
4945         list_for_each_entry(kvm, &vm_list, vm_list) {
4946                 kvm_for_each_vcpu(i, vcpu, kvm) {
4947                         if (vcpu->cpu != freq->cpu)
4948                                 continue;
4949                         kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu);
4950                         if (vcpu->cpu != smp_processor_id())
4951                                 send_ipi = 1;
4952                 }
4953         }
4954         raw_spin_unlock(&kvm_lock);
4955
4956         if (freq->old < freq->new && send_ipi) {
4957                 /*
4958                  * We upscale the frequency.  Must make the guest
4959                  * doesn't see old kvmclock values while running with
4960                  * the new frequency, otherwise we risk the guest sees
4961                  * time go backwards.
4962                  *
4963                  * In case we update the frequency for another cpu
4964                  * (which might be in guest context) send an interrupt
4965                  * to kick the cpu out of guest context.  Next time
4966                  * guest context is entered kvmclock will be updated,
4967                  * so the guest will not see stale values.
4968                  */
4969                 smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
4970         }
4971         return 0;
4972 }
4973
4974 static struct notifier_block kvmclock_cpufreq_notifier_block = {
4975         .notifier_call  = kvmclock_cpufreq_notifier
4976 };
4977
4978 static int kvmclock_cpu_notifier(struct notifier_block *nfb,
4979                                         unsigned long action, void *hcpu)
4980 {
4981         unsigned int cpu = (unsigned long)hcpu;
4982
4983         switch (action) {
4984                 case CPU_ONLINE:
4985                 case CPU_DOWN_FAILED:
4986                         smp_call_function_single(cpu, tsc_khz_changed, NULL, 1);
4987                         break;
4988                 case CPU_DOWN_PREPARE:
4989                         smp_call_function_single(cpu, tsc_bad, NULL, 1);
4990                         break;
4991         }
4992         return NOTIFY_OK;
4993 }
4994
4995 static struct notifier_block kvmclock_cpu_notifier_block = {
4996         .notifier_call  = kvmclock_cpu_notifier,
4997         .priority = -INT_MAX
4998 };
4999
5000 static void kvm_timer_init(void)
5001 {
5002         int cpu;
5003
5004         max_tsc_khz = tsc_khz;
5005         register_hotcpu_notifier(&kvmclock_cpu_notifier_block);
5006         if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
5007 #ifdef CONFIG_CPU_FREQ
5008                 struct cpufreq_policy policy;
5009                 memset(&policy, 0, sizeof(policy));
5010                 cpu = get_cpu();
5011                 cpufreq_get_policy(&policy, cpu);
5012                 if (policy.cpuinfo.max_freq)
5013                         max_tsc_khz = policy.cpuinfo.max_freq;
5014                 put_cpu();
5015 #endif
5016                 cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
5017                                           CPUFREQ_TRANSITION_NOTIFIER);
5018         }
5019         pr_debug("kvm: max_tsc_khz = %ld\n", max_tsc_khz);
5020         for_each_online_cpu(cpu)
5021                 smp_call_function_single(cpu, tsc_khz_changed, NULL, 1);
5022 }
5023
5024 static DEFINE_PER_CPU(struct kvm_vcpu *, current_vcpu);
5025
5026 static int kvm_is_in_guest(void)
5027 {
5028         return percpu_read(current_vcpu) != NULL;
5029 }
5030
5031 static int kvm_is_user_mode(void)
5032 {
5033         int user_mode = 3;
5034
5035         if (percpu_read(current_vcpu))
5036                 user_mode = kvm_x86_ops->get_cpl(percpu_read(current_vcpu));
5037
5038         return user_mode != 0;
5039 }
5040
5041 static unsigned long kvm_get_guest_ip(void)
5042 {
5043         unsigned long ip = 0;
5044
5045         if (percpu_read(current_vcpu))
5046                 ip = kvm_rip_read(percpu_read(current_vcpu));
5047
5048         return ip;
5049 }
5050
5051 static struct perf_guest_info_callbacks kvm_guest_cbs = {
5052         .is_in_guest            = kvm_is_in_guest,
5053         .is_user_mode           = kvm_is_user_mode,
5054         .get_guest_ip           = kvm_get_guest_ip,
5055 };
5056
5057 void kvm_before_handle_nmi(struct kvm_vcpu *vcpu)
5058 {
5059         percpu_write(current_vcpu, vcpu);
5060 }
5061 EXPORT_SYMBOL_GPL(kvm_before_handle_nmi);
5062
5063 void kvm_after_handle_nmi(struct kvm_vcpu *vcpu)
5064 {
5065         percpu_write(current_vcpu, NULL);
5066 }
5067 EXPORT_SYMBOL_GPL(kvm_after_handle_nmi);
5068
5069 static void kvm_set_mmio_spte_mask(void)
5070 {
5071         u64 mask;
5072         int maxphyaddr = boot_cpu_data.x86_phys_bits;
5073
5074         /*
5075          * Set the reserved bits and the present bit of an paging-structure
5076          * entry to generate page fault with PFER.RSV = 1.
5077          */
5078         mask = ((1ull << (62 - maxphyaddr + 1)) - 1) << maxphyaddr;
5079         mask |= 1ull;
5080
5081 #ifdef CONFIG_X86_64
5082         /*
5083          * If reserved bit is not supported, clear the present bit to disable
5084          * mmio page fault.
5085          */
5086         if (maxphyaddr == 52)
5087                 mask &= ~1ull;
5088 #endif
5089
5090         kvm_mmu_set_mmio_spte_mask(mask);
5091 }
5092
5093 int kvm_arch_init(void *opaque)
5094 {
5095         int r;
5096         struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
5097
5098         if (kvm_x86_ops) {
5099                 printk(KERN_ERR "kvm: already loaded the other module\n");
5100                 r = -EEXIST;
5101                 goto out;
5102         }
5103
5104         if (!ops->cpu_has_kvm_support()) {
5105                 printk(KERN_ERR "kvm: no hardware support\n");
5106                 r = -EOPNOTSUPP;
5107                 goto out;
5108         }
5109         if (ops->disabled_by_bios()) {
5110                 printk(KERN_ERR "kvm: disabled by bios\n");
5111                 r = -EOPNOTSUPP;
5112                 goto out;
5113         }
5114
5115         r = kvm_mmu_module_init();
5116         if (r)
5117                 goto out;
5118
5119         kvm_set_mmio_spte_mask();
5120         kvm_init_msr_list();
5121
5122         kvm_x86_ops = ops;
5123         kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
5124                         PT_DIRTY_MASK, PT64_NX_MASK, 0);
5125
5126         kvm_timer_init();
5127
5128         perf_register_guest_info_callbacks(&kvm_guest_cbs);
5129
5130         if (cpu_has_xsave)
5131                 host_xcr0 = xgetbv(XCR_XFEATURE_ENABLED_MASK);
5132
5133         return 0;
5134
5135 out:
5136         return r;
5137 }
5138
5139 void kvm_arch_exit(void)
5140 {
5141         perf_unregister_guest_info_callbacks(&kvm_guest_cbs);
5142
5143         if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
5144                 cpufreq_unregister_notifier(&kvmclock_cpufreq_notifier_block,
5145                                             CPUFREQ_TRANSITION_NOTIFIER);
5146         unregister_hotcpu_notifier(&kvmclock_cpu_notifier_block);
5147         kvm_x86_ops = NULL;
5148         kvm_mmu_module_exit();
5149 }
5150
5151 int kvm_emulate_halt(struct kvm_vcpu *vcpu)
5152 {
5153         ++vcpu->stat.halt_exits;
5154         if (irqchip_in_kernel(vcpu->kvm)) {
5155                 vcpu->arch.mp_state = KVM_MP_STATE_HALTED;
5156                 return 1;
5157         } else {
5158                 vcpu->run->exit_reason = KVM_EXIT_HLT;
5159                 return 0;
5160         }
5161 }
5162 EXPORT_SYMBOL_GPL(kvm_emulate_halt);
5163
5164 static inline gpa_t hc_gpa(struct kvm_vcpu *vcpu, unsigned long a0,
5165                            unsigned long a1)
5166 {
5167         if (is_long_mode(vcpu))
5168                 return a0;
5169         else
5170                 return a0 | ((gpa_t)a1 << 32);
5171 }
5172
5173 int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
5174 {
5175         u64 param, ingpa, outgpa, ret;
5176         uint16_t code, rep_idx, rep_cnt, res = HV_STATUS_SUCCESS, rep_done = 0;
5177         bool fast, longmode;
5178         int cs_db, cs_l;
5179
5180         /*
5181          * hypercall generates UD from non zero cpl and real mode
5182          * per HYPER-V spec
5183          */
5184         if (kvm_x86_ops->get_cpl(vcpu) != 0 || !is_protmode(vcpu)) {
5185                 kvm_queue_exception(vcpu, UD_VECTOR);
5186                 return 0;
5187         }
5188
5189         kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
5190         longmode = is_long_mode(vcpu) && cs_l == 1;
5191
5192         if (!longmode) {
5193                 param = ((u64)kvm_register_read(vcpu, VCPU_REGS_RDX) << 32) |
5194                         (kvm_register_read(vcpu, VCPU_REGS_RAX) & 0xffffffff);
5195                 ingpa = ((u64)kvm_register_read(vcpu, VCPU_REGS_RBX) << 32) |
5196                         (kvm_register_read(vcpu, VCPU_REGS_RCX) & 0xffffffff);
5197                 outgpa = ((u64)kvm_register_read(vcpu, VCPU_REGS_RDI) << 32) |
5198                         (kvm_register_read(vcpu, VCPU_REGS_RSI) & 0xffffffff);
5199         }
5200 #ifdef CONFIG_X86_64
5201         else {
5202                 param = kvm_register_read(vcpu, VCPU_REGS_RCX);
5203                 ingpa = kvm_register_read(vcpu, VCPU_REGS_RDX);
5204                 outgpa = kvm_register_read(vcpu, VCPU_REGS_R8);
5205         }
5206 #endif
5207
5208         code = param & 0xffff;
5209         fast = (param >> 16) & 0x1;
5210         rep_cnt = (param >> 32) & 0xfff;
5211         rep_idx = (param >> 48) & 0xfff;
5212
5213         trace_kvm_hv_hypercall(code, fast, rep_cnt, rep_idx, ingpa, outgpa);
5214
5215         switch (code) {
5216         case HV_X64_HV_NOTIFY_LONG_SPIN_WAIT:
5217                 kvm_vcpu_on_spin(vcpu);
5218                 break;
5219         default:
5220                 res = HV_STATUS_INVALID_HYPERCALL_CODE;
5221                 break;
5222         }
5223
5224         ret = res | (((u64)rep_done & 0xfff) << 32);
5225         if (longmode) {
5226                 kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
5227         } else {
5228                 kvm_register_write(vcpu, VCPU_REGS_RDX, ret >> 32);
5229                 kvm_register_write(vcpu, VCPU_REGS_RAX, ret & 0xffffffff);
5230         }
5231
5232         return 1;
5233 }
5234
5235 int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
5236 {
5237         unsigned long nr, a0, a1, a2, a3, ret;
5238         int r = 1;
5239
5240         if (kvm_hv_hypercall_enabled(vcpu->kvm))
5241                 return kvm_hv_hypercall(vcpu);
5242
5243         nr = kvm_register_read(vcpu, VCPU_REGS_RAX);
5244         a0 = kvm_register_read(vcpu, VCPU_REGS_RBX);
5245         a1 = kvm_register_read(vcpu, VCPU_REGS_RCX);
5246         a2 = kvm_register_read(vcpu, VCPU_REGS_RDX);
5247         a3 = kvm_register_read(vcpu, VCPU_REGS_RSI);
5248
5249         trace_kvm_hypercall(nr, a0, a1, a2, a3);
5250
5251         if (!is_long_mode(vcpu)) {
5252                 nr &= 0xFFFFFFFF;
5253                 a0 &= 0xFFFFFFFF;
5254                 a1 &= 0xFFFFFFFF;
5255                 a2 &= 0xFFFFFFFF;
5256                 a3 &= 0xFFFFFFFF;
5257         }
5258
5259         if (kvm_x86_ops->get_cpl(vcpu) != 0) {
5260                 ret = -KVM_EPERM;
5261                 goto out;
5262         }
5263
5264         switch (nr) {
5265         case KVM_HC_VAPIC_POLL_IRQ:
5266                 ret = 0;
5267                 break;
5268         case KVM_HC_MMU_OP:
5269                 r = kvm_pv_mmu_op(vcpu, a0, hc_gpa(vcpu, a1, a2), &ret);
5270                 break;
5271         default:
5272                 ret = -KVM_ENOSYS;
5273                 break;
5274         }
5275 out:
5276         kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
5277         ++vcpu->stat.hypercalls;
5278         return r;
5279 }
5280 EXPORT_SYMBOL_GPL(kvm_emulate_hypercall);
5281
5282 int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt)
5283 {
5284         struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
5285         char instruction[3];
5286         unsigned long rip = kvm_rip_read(vcpu);
5287
5288         /*
5289          * Blow out the MMU to ensure that no other VCPU has an active mapping
5290          * to ensure that the updated hypercall appears atomically across all
5291          * VCPUs.
5292          */
5293         kvm_mmu_zap_all(vcpu->kvm);
5294
5295         kvm_x86_ops->patch_hypercall(vcpu, instruction);
5296
5297         return emulator_write_emulated(ctxt, rip, instruction, 3, NULL);
5298 }
5299
5300 static int move_to_next_stateful_cpuid_entry(struct kvm_vcpu *vcpu, int i)
5301 {
5302         struct kvm_cpuid_entry2 *e = &vcpu->arch.cpuid_entries[i];
5303         int j, nent = vcpu->arch.cpuid_nent;
5304
5305         e->flags &= ~KVM_CPUID_FLAG_STATE_READ_NEXT;
5306         /* when no next entry is found, the current entry[i] is reselected */
5307         for (j = i + 1; ; j = (j + 1) % nent) {
5308                 struct kvm_cpuid_entry2 *ej = &vcpu->arch.cpuid_entries[j];
5309                 if (ej->function == e->function) {
5310                         ej->flags |= KVM_CPUID_FLAG_STATE_READ_NEXT;
5311                         return j;
5312                 }
5313         }
5314         return 0; /* silence gcc, even though control never reaches here */
5315 }
5316
5317 /* find an entry with matching function, matching index (if needed), and that
5318  * should be read next (if it's stateful) */
5319 static int is_matching_cpuid_entry(struct kvm_cpuid_entry2 *e,
5320         u32 function, u32 index)
5321 {
5322         if (e->function != function)
5323                 return 0;
5324         if ((e->flags & KVM_CPUID_FLAG_SIGNIFCANT_INDEX) && e->index != index)
5325                 return 0;
5326         if ((e->flags & KVM_CPUID_FLAG_STATEFUL_FUNC) &&
5327             !(e->flags & KVM_CPUID_FLAG_STATE_READ_NEXT))
5328                 return 0;
5329         return 1;
5330 }
5331
5332 struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu,
5333                                               u32 function, u32 index)
5334 {
5335         int i;
5336         struct kvm_cpuid_entry2 *best = NULL;
5337
5338         for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
5339                 struct kvm_cpuid_entry2 *e;
5340
5341                 e = &vcpu->arch.cpuid_entries[i];
5342                 if (is_matching_cpuid_entry(e, function, index)) {
5343                         if (e->flags & KVM_CPUID_FLAG_STATEFUL_FUNC)
5344                                 move_to_next_stateful_cpuid_entry(vcpu, i);
5345                         best = e;
5346                         break;
5347                 }
5348         }
5349         return best;
5350 }
5351 EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry);
5352
5353 int cpuid_maxphyaddr(struct kvm_vcpu *vcpu)
5354 {
5355         struct kvm_cpuid_entry2 *best;
5356
5357         best = kvm_find_cpuid_entry(vcpu, 0x80000000, 0);
5358         if (!best || best->eax < 0x80000008)
5359                 goto not_found;
5360         best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0);
5361         if (best)
5362                 return best->eax & 0xff;
5363 not_found:
5364         return 36;
5365 }
5366
5367 /*
5368  * If no match is found, check whether we exceed the vCPU's limit
5369  * and return the content of the highest valid _standard_ leaf instead.
5370  * This is to satisfy the CPUID specification.
5371  */
5372 static struct kvm_cpuid_entry2* check_cpuid_limit(struct kvm_vcpu *vcpu,
5373                                                   u32 function, u32 index)
5374 {
5375         struct kvm_cpuid_entry2 *maxlevel;
5376
5377         maxlevel = kvm_find_cpuid_entry(vcpu, function & 0x80000000, 0);
5378         if (!maxlevel || maxlevel->eax >= function)
5379                 return NULL;
5380         if (function & 0x80000000) {
5381                 maxlevel = kvm_find_cpuid_entry(vcpu, 0, 0);
5382                 if (!maxlevel)
5383                         return NULL;
5384         }
5385         return kvm_find_cpuid_entry(vcpu, maxlevel->eax, index);
5386 }
5387
5388 void kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
5389 {
5390         u32 function, index;
5391         struct kvm_cpuid_entry2 *best;
5392
5393         function = kvm_register_read(vcpu, VCPU_REGS_RAX);
5394         index = kvm_register_read(vcpu, VCPU_REGS_RCX);
5395         kvm_register_write(vcpu, VCPU_REGS_RAX, 0);
5396         kvm_register_write(vcpu, VCPU_REGS_RBX, 0);
5397         kvm_register_write(vcpu, VCPU_REGS_RCX, 0);
5398         kvm_register_write(vcpu, VCPU_REGS_RDX, 0);
5399         best = kvm_find_cpuid_entry(vcpu, function, index);
5400
5401         if (!best)
5402                 best = check_cpuid_limit(vcpu, function, index);
5403
5404         if (best) {
5405                 kvm_register_write(vcpu, VCPU_REGS_RAX, best->eax);
5406                 kvm_register_write(vcpu, VCPU_REGS_RBX, best->ebx);
5407                 kvm_register_write(vcpu, VCPU_REGS_RCX, best->ecx);
5408                 kvm_register_write(vcpu, VCPU_REGS_RDX, best->edx);
5409         }
5410         kvm_x86_ops->skip_emulated_instruction(vcpu);
5411         trace_kvm_cpuid(function,
5412                         kvm_register_read(vcpu, VCPU_REGS_RAX),
5413                         kvm_register_read(vcpu, VCPU_REGS_RBX),
5414                         kvm_register_read(vcpu, VCPU_REGS_RCX),
5415                         kvm_register_read(vcpu, VCPU_REGS_RDX));
5416 }
5417 EXPORT_SYMBOL_GPL(kvm_emulate_cpuid);
5418
5419 /*
5420  * Check if userspace requested an interrupt window, and that the
5421  * interrupt window is open.
5422  *
5423  * No need to exit to userspace if we already have an interrupt queued.
5424  */
5425 static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
5426 {
5427         return (!irqchip_in_kernel(vcpu->kvm) && !kvm_cpu_has_interrupt(vcpu) &&
5428                 vcpu->run->request_interrupt_window &&
5429                 kvm_arch_interrupt_allowed(vcpu));
5430 }
5431
5432 static void post_kvm_run_save(struct kvm_vcpu *vcpu)
5433 {
5434         struct kvm_run *kvm_run = vcpu->run;
5435
5436         kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
5437         kvm_run->cr8 = kvm_get_cr8(vcpu);
5438         kvm_run->apic_base = kvm_get_apic_base(vcpu);
5439         if (irqchip_in_kernel(vcpu->kvm))
5440                 kvm_run->ready_for_interrupt_injection = 1;
5441         else
5442                 kvm_run->ready_for_interrupt_injection =
5443                         kvm_arch_interrupt_allowed(vcpu) &&
5444                         !kvm_cpu_has_interrupt(vcpu) &&
5445                         !kvm_event_needs_reinjection(vcpu);
5446 }
5447
5448 static void vapic_enter(struct kvm_vcpu *vcpu)
5449 {
5450         struct kvm_lapic *apic = vcpu->arch.apic;
5451         struct page *page;
5452
5453         if (!apic || !apic->vapic_addr)
5454                 return;
5455
5456         page = gfn_to_page(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
5457
5458         vcpu->arch.apic->vapic_page = page;
5459 }
5460
5461 static void vapic_exit(struct kvm_vcpu *vcpu)
5462 {
5463         struct kvm_lapic *apic = vcpu->arch.apic;
5464         int idx;
5465
5466         if (!apic || !apic->vapic_addr)
5467                 return;
5468
5469         idx = srcu_read_lock(&vcpu->kvm->srcu);
5470         kvm_release_page_dirty(apic->vapic_page);
5471         mark_page_dirty(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
5472         srcu_read_unlock(&vcpu->kvm->srcu, idx);
5473 }
5474
5475 static void update_cr8_intercept(struct kvm_vcpu *vcpu)
5476 {
5477         int max_irr, tpr;
5478
5479         if (!kvm_x86_ops->update_cr8_intercept)
5480                 return;
5481
5482         if (!vcpu->arch.apic)
5483                 return;
5484
5485         if (!vcpu->arch.apic->vapic_addr)
5486                 max_irr = kvm_lapic_find_highest_irr(vcpu);
5487         else
5488                 max_irr = -1;
5489
5490         if (max_irr != -1)
5491                 max_irr >>= 4;
5492
5493         tpr = kvm_lapic_get_cr8(vcpu);
5494
5495         kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
5496 }
5497
5498 static void inject_pending_event(struct kvm_vcpu *vcpu)
5499 {
5500         /* try to reinject previous events if any */
5501         if (vcpu->arch.exception.pending) {
5502                 trace_kvm_inj_exception(vcpu->arch.exception.nr,
5503                                         vcpu->arch.exception.has_error_code,
5504                                         vcpu->arch.exception.error_code);
5505                 kvm_x86_ops->queue_exception(vcpu, vcpu->arch.exception.nr,
5506                                           vcpu->arch.exception.has_error_code,
5507                                           vcpu->arch.exception.error_code,
5508                                           vcpu->arch.exception.reinject);
5509                 return;
5510         }
5511
5512         if (vcpu->arch.nmi_injected) {
5513                 kvm_x86_ops->set_nmi(vcpu);
5514                 return;
5515         }
5516
5517         if (vcpu->arch.interrupt.pending) {
5518                 kvm_x86_ops->set_irq(vcpu);
5519                 return;
5520         }
5521
5522         /* try to inject new event if pending */
5523         if (vcpu->arch.nmi_pending) {
5524                 if (kvm_x86_ops->nmi_allowed(vcpu)) {
5525                         vcpu->arch.nmi_pending = false;
5526                         vcpu->arch.nmi_injected = true;
5527                         kvm_x86_ops->set_nmi(vcpu);
5528                 }
5529         } else if (kvm_cpu_has_interrupt(vcpu)) {
5530                 if (kvm_x86_ops->interrupt_allowed(vcpu)) {
5531                         kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu),
5532                                             false);
5533                         kvm_x86_ops->set_irq(vcpu);
5534                 }
5535         }
5536 }
5537
5538 static void kvm_load_guest_xcr0(struct kvm_vcpu *vcpu)
5539 {
5540         if (kvm_read_cr4_bits(vcpu, X86_CR4_OSXSAVE) &&
5541                         !vcpu->guest_xcr0_loaded) {
5542                 /* kvm_set_xcr() also depends on this */
5543                 xsetbv(XCR_XFEATURE_ENABLED_MASK, vcpu->arch.xcr0);
5544                 vcpu->guest_xcr0_loaded = 1;
5545         }
5546 }
5547
5548 static void kvm_put_guest_xcr0(struct kvm_vcpu *vcpu)
5549 {
5550         if (vcpu->guest_xcr0_loaded) {
5551                 if (vcpu->arch.xcr0 != host_xcr0)
5552                         xsetbv(XCR_XFEATURE_ENABLED_MASK, host_xcr0);
5553                 vcpu->guest_xcr0_loaded = 0;
5554         }
5555 }
5556
5557 static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
5558 {
5559         int r;
5560         bool nmi_pending;
5561         bool req_int_win = !irqchip_in_kernel(vcpu->kvm) &&
5562                 vcpu->run->request_interrupt_window;
5563
5564         if (vcpu->requests) {
5565                 if (kvm_check_request(KVM_REQ_MMU_RELOAD, vcpu))
5566                         kvm_mmu_unload(vcpu);
5567                 if (kvm_check_request(KVM_REQ_MIGRATE_TIMER, vcpu))
5568                         __kvm_migrate_timers(vcpu);
5569                 if (kvm_check_request(KVM_REQ_CLOCK_UPDATE, vcpu)) {
5570                         r = kvm_guest_time_update(vcpu);
5571                         if (unlikely(r))
5572                                 goto out;
5573                 }
5574                 if (kvm_check_request(KVM_REQ_MMU_SYNC, vcpu))
5575                         kvm_mmu_sync_roots(vcpu);
5576                 if (kvm_check_request(KVM_REQ_TLB_FLUSH, vcpu))
5577                         kvm_x86_ops->tlb_flush(vcpu);
5578                 if (kvm_check_request(KVM_REQ_REPORT_TPR_ACCESS, vcpu)) {
5579                         vcpu->run->exit_reason = KVM_EXIT_TPR_ACCESS;
5580                         r = 0;
5581                         goto out;
5582                 }
5583                 if (kvm_check_request(KVM_REQ_TRIPLE_FAULT, vcpu)) {
5584                         vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
5585                         r = 0;
5586                         goto out;
5587                 }
5588                 if (kvm_check_request(KVM_REQ_DEACTIVATE_FPU, vcpu)) {
5589                         vcpu->fpu_active = 0;
5590                         kvm_x86_ops->fpu_deactivate(vcpu);
5591                 }
5592                 if (kvm_check_request(KVM_REQ_APF_HALT, vcpu)) {
5593                         /* Page is swapped out. Do synthetic halt */
5594                         vcpu->arch.apf.halted = true;
5595                         r = 1;
5596                         goto out;
5597                 }
5598                 if (kvm_check_request(KVM_REQ_STEAL_UPDATE, vcpu))
5599                         record_steal_time(vcpu);
5600
5601         }
5602
5603         r = kvm_mmu_reload(vcpu);
5604         if (unlikely(r))
5605                 goto out;
5606
5607         /*
5608          * An NMI can be injected between local nmi_pending read and
5609          * vcpu->arch.nmi_pending read inside inject_pending_event().
5610          * But in that case, KVM_REQ_EVENT will be set, which makes
5611          * the race described above benign.
5612          */
5613         nmi_pending = ACCESS_ONCE(vcpu->arch.nmi_pending);
5614
5615         if (kvm_check_request(KVM_REQ_EVENT, vcpu) || req_int_win) {
5616                 inject_pending_event(vcpu);
5617
5618                 /* enable NMI/IRQ window open exits if needed */
5619                 if (nmi_pending)
5620                         kvm_x86_ops->enable_nmi_window(vcpu);
5621                 else if (kvm_cpu_has_interrupt(vcpu) || req_int_win)
5622                         kvm_x86_ops->enable_irq_window(vcpu);
5623
5624                 if (kvm_lapic_enabled(vcpu)) {
5625                         update_cr8_intercept(vcpu);
5626                         kvm_lapic_sync_to_vapic(vcpu);
5627                 }
5628         }
5629
5630         preempt_disable();
5631
5632         kvm_x86_ops->prepare_guest_switch(vcpu);
5633         if (vcpu->fpu_active)
5634                 kvm_load_guest_fpu(vcpu);
5635         kvm_load_guest_xcr0(vcpu);
5636
5637         vcpu->mode = IN_GUEST_MODE;
5638
5639         /* We should set ->mode before check ->requests,
5640          * see the comment in make_all_cpus_request.
5641          */
5642         smp_mb();
5643
5644         local_irq_disable();
5645
5646         if (vcpu->mode == EXITING_GUEST_MODE || vcpu->requests
5647             || need_resched() || signal_pending(current)) {
5648                 vcpu->mode = OUTSIDE_GUEST_MODE;
5649                 smp_wmb();
5650                 local_irq_enable();
5651                 preempt_enable();
5652                 kvm_x86_ops->cancel_injection(vcpu);
5653                 r = 1;
5654                 goto out;
5655         }
5656
5657         srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
5658
5659         kvm_guest_enter();
5660
5661         if (unlikely(vcpu->arch.switch_db_regs)) {
5662                 set_debugreg(0, 7);
5663                 set_debugreg(vcpu->arch.eff_db[0], 0);
5664                 set_debugreg(vcpu->arch.eff_db[1], 1);
5665                 set_debugreg(vcpu->arch.eff_db[2], 2);
5666                 set_debugreg(vcpu->arch.eff_db[3], 3);
5667         }
5668
5669         trace_kvm_entry(vcpu->vcpu_id);
5670         kvm_x86_ops->run(vcpu);
5671
5672         /*
5673          * If the guest has used debug registers, at least dr7
5674          * will be disabled while returning to the host.
5675          * If we don't have active breakpoints in the host, we don't
5676          * care about the messed up debug address registers. But if
5677          * we have some of them active, restore the old state.
5678          */
5679         if (hw_breakpoint_active())
5680                 hw_breakpoint_restore();
5681
5682         kvm_get_msr(vcpu, MSR_IA32_TSC, &vcpu->arch.last_guest_tsc);
5683
5684         vcpu->mode = OUTSIDE_GUEST_MODE;
5685         smp_wmb();
5686         local_irq_enable();
5687
5688         ++vcpu->stat.exits;
5689
5690         /*
5691          * We must have an instruction between local_irq_enable() and
5692          * kvm_guest_exit(), so the timer interrupt isn't delayed by
5693          * the interrupt shadow.  The stat.exits increment will do nicely.
5694          * But we need to prevent reordering, hence this barrier():
5695          */
5696         barrier();
5697
5698         kvm_guest_exit();
5699
5700         preempt_enable();
5701
5702         vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
5703
5704         /*
5705          * Profile KVM exit RIPs:
5706          */
5707         if (unlikely(prof_on == KVM_PROFILING)) {
5708                 unsigned long rip = kvm_rip_read(vcpu);
5709                 profile_hit(KVM_PROFILING, (void *)rip);
5710         }
5711
5712
5713         kvm_lapic_sync_from_vapic(vcpu);
5714
5715         r = kvm_x86_ops->handle_exit(vcpu);
5716 out:
5717         return r;
5718 }
5719
5720
5721 static int __vcpu_run(struct kvm_vcpu *vcpu)
5722 {
5723         int r;
5724         struct kvm *kvm = vcpu->kvm;
5725
5726         if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_SIPI_RECEIVED)) {
5727                 pr_debug("vcpu %d received sipi with vector # %x\n",
5728                          vcpu->vcpu_id, vcpu->arch.sipi_vector);
5729                 kvm_lapic_reset(vcpu);
5730                 r = kvm_arch_vcpu_reset(vcpu);
5731                 if (r)
5732                         return r;
5733                 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
5734         }
5735
5736         vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
5737         vapic_enter(vcpu);
5738
5739         r = 1;
5740         while (r > 0) {
5741                 if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE &&
5742                     !vcpu->arch.apf.halted)
5743                         r = vcpu_enter_guest(vcpu);
5744                 else {
5745                         srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
5746                         kvm_vcpu_block(vcpu);
5747                         vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
5748                         if (kvm_check_request(KVM_REQ_UNHALT, vcpu))
5749                         {
5750                                 switch(vcpu->arch.mp_state) {
5751                                 case KVM_MP_STATE_HALTED:
5752                                         vcpu->arch.mp_state =
5753                                                 KVM_MP_STATE_RUNNABLE;
5754                                 case KVM_MP_STATE_RUNNABLE:
5755                                         vcpu->arch.apf.halted = false;
5756                                         break;
5757                                 case KVM_MP_STATE_SIPI_RECEIVED:
5758                                 default:
5759                                         r = -EINTR;
5760                                         break;
5761                                 }
5762                         }
5763                 }
5764
5765                 if (r <= 0)
5766                         break;
5767
5768                 clear_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests);
5769                 if (kvm_cpu_has_pending_timer(vcpu))
5770                         kvm_inject_pending_timer_irqs(vcpu);
5771
5772                 if (dm_request_for_irq_injection(vcpu)) {
5773                         r = -EINTR;
5774                         vcpu->run->exit_reason = KVM_EXIT_INTR;
5775                         ++vcpu->stat.request_irq_exits;
5776                 }
5777
5778                 kvm_check_async_pf_completion(vcpu);
5779
5780                 if (signal_pending(current)) {
5781                         r = -EINTR;
5782                         vcpu->run->exit_reason = KVM_EXIT_INTR;
5783                         ++vcpu->stat.signal_exits;
5784                 }
5785                 if (need_resched()) {
5786                         srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
5787                         kvm_resched(vcpu);
5788                         vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
5789                 }
5790         }
5791
5792         srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx);
5793
5794         vapic_exit(vcpu);
5795
5796         return r;
5797 }
5798
5799 static int complete_mmio(struct kvm_vcpu *vcpu)
5800 {
5801         struct kvm_run *run = vcpu->run;
5802         int r;
5803
5804         if (!(vcpu->arch.pio.count || vcpu->mmio_needed))
5805                 return 1;
5806
5807         if (vcpu->mmio_needed) {
5808                 vcpu->mmio_needed = 0;
5809                 if (!vcpu->mmio_is_write)
5810                         memcpy(vcpu->mmio_data + vcpu->mmio_index,
5811                                run->mmio.data, 8);
5812                 vcpu->mmio_index += 8;
5813                 if (vcpu->mmio_index < vcpu->mmio_size) {
5814                         run->exit_reason = KVM_EXIT_MMIO;
5815                         run->mmio.phys_addr = vcpu->mmio_phys_addr + vcpu->mmio_index;
5816                         memcpy(run->mmio.data, vcpu->mmio_data + vcpu->mmio_index, 8);
5817                         run->mmio.len = min(vcpu->mmio_size - vcpu->mmio_index, 8);
5818                         run->mmio.is_write = vcpu->mmio_is_write;
5819                         vcpu->mmio_needed = 1;
5820                         return 0;
5821                 }
5822                 if (vcpu->mmio_is_write)
5823                         return 1;
5824                 vcpu->mmio_read_completed = 1;
5825         }
5826         vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
5827         r = emulate_instruction(vcpu, EMULTYPE_NO_DECODE);
5828         srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
5829         if (r != EMULATE_DONE)
5830                 return 0;
5831         return 1;
5832 }
5833
5834 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
5835 {
5836         int r;
5837         sigset_t sigsaved;
5838
5839         if (!tsk_used_math(current) && init_fpu(current))
5840                 return -ENOMEM;
5841
5842         if (vcpu->sigset_active)
5843                 sigprocmask(SIG_SETMASK, &vcpu->sigset, &sigsaved);
5844
5845         if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) {
5846                 kvm_vcpu_block(vcpu);
5847                 clear_bit(KVM_REQ_UNHALT, &vcpu->requests);
5848                 r = -EAGAIN;
5849                 goto out;
5850         }
5851
5852         /* re-sync apic's tpr */
5853         if (!irqchip_in_kernel(vcpu->kvm)) {
5854                 if (kvm_set_cr8(vcpu, kvm_run->cr8) != 0) {
5855                         r = -EINVAL;
5856                         goto out;
5857                 }
5858         }
5859
5860         r = complete_mmio(vcpu);
5861         if (r <= 0)
5862                 goto out;
5863
5864         if (kvm_run->exit_reason == KVM_EXIT_HYPERCALL)
5865                 kvm_register_write(vcpu, VCPU_REGS_RAX,
5866                                      kvm_run->hypercall.ret);
5867
5868         r = __vcpu_run(vcpu);
5869
5870 out:
5871         post_kvm_run_save(vcpu);
5872         if (vcpu->sigset_active)
5873                 sigprocmask(SIG_SETMASK, &sigsaved, NULL);
5874
5875         return r;
5876 }
5877
5878 int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
5879 {
5880         if (vcpu->arch.emulate_regs_need_sync_to_vcpu) {
5881                 /*
5882                  * We are here if userspace calls get_regs() in the middle of
5883                  * instruction emulation. Registers state needs to be copied
5884                  * back from emulation context to vcpu. Usrapace shouldn't do
5885                  * that usually, but some bad designed PV devices (vmware
5886                  * backdoor interface) need this to work
5887                  */
5888                 struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
5889                 memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
5890                 vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
5891         }
5892         regs->rax = kvm_register_read(vcpu, VCPU_REGS_RAX);
5893         regs->rbx = kvm_register_read(vcpu, VCPU_REGS_RBX);
5894         regs->rcx = kvm_register_read(vcpu, VCPU_REGS_RCX);
5895         regs->rdx = kvm_register_read(vcpu, VCPU_REGS_RDX);
5896         regs->rsi = kvm_register_read(vcpu, VCPU_REGS_RSI);
5897         regs->rdi = kvm_register_read(vcpu, VCPU_REGS_RDI);
5898         regs->rsp = kvm_register_read(vcpu, VCPU_REGS_RSP);
5899         regs->rbp = kvm_register_read(vcpu, VCPU_REGS_RBP);
5900 #ifdef CONFIG_X86_64
5901         regs->r8 = kvm_register_read(vcpu, VCPU_REGS_R8);
5902         regs->r9 = kvm_register_read(vcpu, VCPU_REGS_R9);
5903         regs->r10 = kvm_register_read(vcpu, VCPU_REGS_R10);
5904         regs->r11 = kvm_register_read(vcpu, VCPU_REGS_R11);
5905         regs->r12 = kvm_register_read(vcpu, VCPU_REGS_R12);
5906         regs->r13 = kvm_register_read(vcpu, VCPU_REGS_R13);
5907         regs->r14 = kvm_register_read(vcpu, VCPU_REGS_R14);
5908         regs->r15 = kvm_register_read(vcpu, VCPU_REGS_R15);
5909 #endif
5910
5911         regs->rip = kvm_rip_read(vcpu);
5912         regs->rflags = kvm_get_rflags(vcpu);
5913
5914         return 0;
5915 }
5916
5917 int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
5918 {
5919         vcpu->arch.emulate_regs_need_sync_from_vcpu = true;
5920         vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
5921
5922         kvm_register_write(vcpu, VCPU_REGS_RAX, regs->rax);
5923         kvm_register_write(vcpu, VCPU_REGS_RBX, regs->rbx);
5924         kvm_register_write(vcpu, VCPU_REGS_RCX, regs->rcx);
5925         kvm_register_write(vcpu, VCPU_REGS_RDX, regs->rdx);
5926         kvm_register_write(vcpu, VCPU_REGS_RSI, regs->rsi);
5927         kvm_register_write(vcpu, VCPU_REGS_RDI, regs->rdi);
5928         kvm_register_write(vcpu, VCPU_REGS_RSP, regs->rsp);
5929         kvm_register_write(vcpu, VCPU_REGS_RBP, regs->rbp);
5930 #ifdef CONFIG_X86_64
5931         kvm_register_write(vcpu, VCPU_REGS_R8, regs->r8);
5932         kvm_register_write(vcpu, VCPU_REGS_R9, regs->r9);
5933         kvm_register_write(vcpu, VCPU_REGS_R10, regs->r10);
5934         kvm_register_write(vcpu, VCPU_REGS_R11, regs->r11);
5935         kvm_register_write(vcpu, VCPU_REGS_R12, regs->r12);
5936         kvm_register_write(vcpu, VCPU_REGS_R13, regs->r13);
5937         kvm_register_write(vcpu, VCPU_REGS_R14, regs->r14);
5938         kvm_register_write(vcpu, VCPU_REGS_R15, regs->r15);
5939 #endif
5940
5941         kvm_rip_write(vcpu, regs->rip);
5942         kvm_set_rflags(vcpu, regs->rflags);
5943
5944         vcpu->arch.exception.pending = false;
5945
5946         kvm_make_request(KVM_REQ_EVENT, vcpu);
5947
5948         return 0;
5949 }
5950
5951 void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l)
5952 {
5953         struct kvm_segment cs;
5954
5955         kvm_get_segment(vcpu, &cs, VCPU_SREG_CS);
5956         *db = cs.db;
5957         *l = cs.l;
5958 }
5959 EXPORT_SYMBOL_GPL(kvm_get_cs_db_l_bits);
5960
5961 int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
5962                                   struct kvm_sregs *sregs)
5963 {
5964         struct desc_ptr dt;
5965
5966         kvm_get_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
5967         kvm_get_segment(vcpu, &sregs->ds, VCPU_SREG_DS);
5968         kvm_get_segment(vcpu, &sregs->es, VCPU_SREG_ES);
5969         kvm_get_segment(vcpu, &sregs->fs, VCPU_SREG_FS);
5970         kvm_get_segment(vcpu, &sregs->gs, VCPU_SREG_GS);
5971         kvm_get_segment(vcpu, &sregs->ss, VCPU_SREG_SS);
5972
5973         kvm_get_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
5974         kvm_get_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
5975
5976         kvm_x86_ops->get_idt(vcpu, &dt);
5977         sregs->idt.limit = dt.size;
5978         sregs->idt.base = dt.address;
5979         kvm_x86_ops->get_gdt(vcpu, &dt);
5980         sregs->gdt.limit = dt.size;
5981         sregs->gdt.base = dt.address;
5982
5983         sregs->cr0 = kvm_read_cr0(vcpu);
5984         sregs->cr2 = vcpu->arch.cr2;
5985         sregs->cr3 = kvm_read_cr3(vcpu);
5986         sregs->cr4 = kvm_read_cr4(vcpu);
5987         sregs->cr8 = kvm_get_cr8(vcpu);
5988         sregs->efer = vcpu->arch.efer;
5989         sregs->apic_base = kvm_get_apic_base(vcpu);
5990
5991         memset(sregs->interrupt_bitmap, 0, sizeof sregs->interrupt_bitmap);
5992
5993         if (vcpu->arch.interrupt.pending && !vcpu->arch.interrupt.soft)
5994                 set_bit(vcpu->arch.interrupt.nr,
5995                         (unsigned long *)sregs->interrupt_bitmap);
5996
5997         return 0;
5998 }
5999
6000 int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
6001                                     struct kvm_mp_state *mp_state)
6002 {
6003         mp_state->mp_state = vcpu->arch.mp_state;
6004         return 0;
6005 }
6006
6007 int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
6008                                     struct kvm_mp_state *mp_state)
6009 {
6010         vcpu->arch.mp_state = mp_state->mp_state;
6011         kvm_make_request(KVM_REQ_EVENT, vcpu);
6012         return 0;
6013 }
6014
6015 int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason,
6016                     bool has_error_code, u32 error_code)
6017 {
6018         struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
6019         int ret;
6020
6021         init_emulate_ctxt(vcpu);
6022
6023         ret = emulator_task_switch(ctxt, tss_selector, reason,
6024                                    has_error_code, error_code);
6025
6026         if (ret)
6027                 return EMULATE_FAIL;
6028
6029         memcpy(vcpu->arch.regs, ctxt->regs, sizeof ctxt->regs);
6030         kvm_rip_write(vcpu, ctxt->eip);
6031         kvm_set_rflags(vcpu, ctxt->eflags);
6032         kvm_make_request(KVM_REQ_EVENT, vcpu);
6033         return EMULATE_DONE;
6034 }
6035 EXPORT_SYMBOL_GPL(kvm_task_switch);
6036
6037 int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
6038                                   struct kvm_sregs *sregs)
6039 {
6040         int mmu_reset_needed = 0;
6041         int pending_vec, max_bits, idx;
6042         struct desc_ptr dt;
6043
6044         dt.size = sregs->idt.limit;
6045         dt.address = sregs->idt.base;
6046         kvm_x86_ops->set_idt(vcpu, &dt);
6047         dt.size = sregs->gdt.limit;
6048         dt.address = sregs->gdt.base;
6049         kvm_x86_ops->set_gdt(vcpu, &dt);
6050
6051         vcpu->arch.cr2 = sregs->cr2;
6052         mmu_reset_needed |= kvm_read_cr3(vcpu) != sregs->cr3;
6053         vcpu->arch.cr3 = sregs->cr3;
6054         __set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
6055
6056         kvm_set_cr8(vcpu, sregs->cr8);
6057
6058         mmu_reset_needed |= vcpu->arch.efer != sregs->efer;
6059         kvm_x86_ops->set_efer(vcpu, sregs->efer);
6060         kvm_set_apic_base(vcpu, sregs->apic_base);
6061
6062         mmu_reset_needed |= kvm_read_cr0(vcpu) != sregs->cr0;
6063         kvm_x86_ops->set_cr0(vcpu, sregs->cr0);
6064         vcpu->arch.cr0 = sregs->cr0;
6065
6066         mmu_reset_needed |= kvm_read_cr4(vcpu) != sregs->cr4;
6067         kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
6068         if (sregs->cr4 & X86_CR4_OSXSAVE)
6069                 update_cpuid(vcpu);
6070
6071         idx = srcu_read_lock(&vcpu->kvm->srcu);
6072         if (!is_long_mode(vcpu) && is_pae(vcpu)) {
6073                 load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
6074                 mmu_reset_needed = 1;
6075         }
6076         srcu_read_unlock(&vcpu->kvm->srcu, idx);
6077
6078         if (mmu_reset_needed)
6079                 kvm_mmu_reset_context(vcpu);
6080
6081         max_bits = (sizeof sregs->interrupt_bitmap) << 3;
6082         pending_vec = find_first_bit(
6083                 (const unsigned long *)sregs->interrupt_bitmap, max_bits);
6084         if (pending_vec < max_bits) {
6085                 kvm_queue_interrupt(vcpu, pending_vec, false);
6086                 pr_debug("Set back pending irq %d\n", pending_vec);
6087         }
6088
6089         kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
6090         kvm_set_segment(vcpu, &sregs->ds, VCPU_SREG_DS);
6091         kvm_set_segment(vcpu, &sregs->es, VCPU_SREG_ES);
6092         kvm_set_segment(vcpu, &sregs->fs, VCPU_SREG_FS);
6093         kvm_set_segment(vcpu, &sregs->gs, VCPU_SREG_GS);
6094         kvm_set_segment(vcpu, &sregs->ss, VCPU_SREG_SS);
6095
6096         kvm_set_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
6097         kvm_set_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
6098
6099         update_cr8_intercept(vcpu);
6100
6101         /* Older userspace won't unhalt the vcpu on reset. */
6102         if (kvm_vcpu_is_bsp(vcpu) && kvm_rip_read(vcpu) == 0xfff0 &&
6103             sregs->cs.selector == 0xf000 && sregs->cs.base == 0xffff0000 &&
6104             !is_protmode(vcpu))
6105                 vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
6106
6107         kvm_make_request(KVM_REQ_EVENT, vcpu);
6108
6109         return 0;
6110 }
6111
6112 int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
6113                                         struct kvm_guest_debug *dbg)
6114 {
6115         unsigned long rflags;
6116         int i, r;
6117
6118         if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) {
6119                 r = -EBUSY;
6120                 if (vcpu->arch.exception.pending)
6121                         goto out;
6122                 if (dbg->control & KVM_GUESTDBG_INJECT_DB)
6123                         kvm_queue_exception(vcpu, DB_VECTOR);
6124                 else
6125                         kvm_queue_exception(vcpu, BP_VECTOR);
6126         }
6127
6128         /*
6129          * Read rflags as long as potentially injected trace flags are still
6130          * filtered out.
6131          */
6132         rflags = kvm_get_rflags(vcpu);
6133
6134         vcpu->guest_debug = dbg->control;
6135         if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
6136                 vcpu->guest_debug = 0;
6137
6138         if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
6139                 for (i = 0; i < KVM_NR_DB_REGS; ++i)
6140                         vcpu->arch.eff_db[i] = dbg->arch.debugreg[i];
6141                 vcpu->arch.switch_db_regs =
6142                         (dbg->arch.debugreg[7] & DR7_BP_EN_MASK);
6143         } else {
6144                 for (i = 0; i < KVM_NR_DB_REGS; i++)
6145                         vcpu->arch.eff_db[i] = vcpu->arch.db[i];
6146                 vcpu->arch.switch_db_regs = (vcpu->arch.dr7 & DR7_BP_EN_MASK);
6147         }
6148
6149         if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
6150                 vcpu->arch.singlestep_rip = kvm_rip_read(vcpu) +
6151                         get_segment_base(vcpu, VCPU_SREG_CS);
6152
6153         /*
6154          * Trigger an rflags update that will inject or remove the trace
6155          * flags.
6156          */
6157         kvm_set_rflags(vcpu, rflags);
6158
6159         kvm_x86_ops->set_guest_debug(vcpu, dbg);
6160
6161         r = 0;
6162
6163 out:
6164
6165         return r;
6166 }
6167
6168 /*
6169  * Translate a guest virtual address to a guest physical address.
6170  */
6171 int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
6172                                     struct kvm_translation *tr)
6173 {
6174         unsigned long vaddr = tr->linear_address;
6175         gpa_t gpa;
6176         int idx;
6177
6178         idx = srcu_read_lock(&vcpu->kvm->srcu);
6179         gpa = kvm_mmu_gva_to_gpa_system(vcpu, vaddr, NULL);
6180         srcu_read_unlock(&vcpu->kvm->srcu, idx);
6181         tr->physical_address = gpa;
6182         tr->valid = gpa != UNMAPPED_GVA;
6183         tr->writeable = 1;
6184         tr->usermode = 0;
6185
6186         return 0;
6187 }
6188
6189 int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
6190 {
6191         struct i387_fxsave_struct *fxsave =
6192                         &vcpu->arch.guest_fpu.state->fxsave;
6193
6194         memcpy(fpu->fpr, fxsave->st_space, 128);
6195   &