From: Orit Wasserman <oritw@xxxxxxxxxx>
---
arch/x86/kvm/vmx.c | 890 +++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 873 insertions(+), 17 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index de1f596..0d36b49 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -223,10 +223,16 @@ struct __attribute__ ((__packed__)) level_state {
/* Has the level1 guest done vmclear? */
bool vmclear;
+ u64 shadow_efer;
+ unsigned long cr3;
+ unsigned long cr4;
+
u64 io_bitmap_a;
u64 io_bitmap_b;
u64 msr_bitmap;
+ int cpu;
+ int launched;
bool first_launch;
};
@@ -254,10 +260,14 @@ struct nested_vmx {
bool vmxon;
/* What is the location of the current vmcs l1 keeps for l2 */
gpa_t current_vmptr;
+ /* Are we running nested guest */
+ bool nested_mode;
/* Level 1 state for switching to level 2 and back */
struct level_state *l1_state;
/* Level 1 shadow vmcs for switching to level 2 and back */
struct shadow_vmcs *l1_shadow_vmcs;
+ /* Level 1 vmcs loaded into the processor */
+ struct vmcs *l1_vmcs;
/* list of vmcs for each l2 guest created by l1 */
struct list_head l2_vmcs_list;
/* l2 page corresponding to the current vmcs set by l1 */
@@ -287,7 +297,7 @@ static inline int vmcs_field_type(unsigned long field)
}
/*
- Returncs VMCS field size in bits
+ Returns VMCS field size in bits
*/
static inline int vmcs_field_size(int field_type, struct kvm_vcpu *vcpu)
{
@@ -313,6 +323,10 @@ static inline int vmcs_field_size(int field_type, struct kvm_vcpu *vcpu)
return 0;
}
+#define NESTED_VM_EXIT_CONTROLS_MASK (~(VM_EXIT_LOAD_IA32_PAT | \
+ VM_EXIT_SAVE_IA32_PAT))
+#define NESTED_VM_ENTRY_CONTROLS_MASK (~(VM_ENTRY_LOAD_IA32_PAT | \
+ VM_ENTRY_IA32E_MODE))
struct vcpu_vmx {
struct kvm_vcpu vcpu;
struct list_head local_vcpus_link;
@@ -892,7 +906,11 @@ static struct kvm_vmx_segment_field {
static u64 host_efer;
static void ept_save_pdptrs(struct kvm_vcpu *vcpu);
+
+static int nested_vmx_check_permission(struct kvm_vcpu *vcpu);
static int create_l1_state(struct kvm_vcpu *vcpu);
+static int create_l2_state(struct kvm_vcpu *vcpu);
+static int launch_guest(struct kvm_vcpu *vcpu, bool launch);
/*
* Keep MSR_K6_STAR at the end, as setup_msrs() will try to optimize it
@@ -993,6 +1011,18 @@ static inline bool cpu_has_vmx_ept_2m_page(void)
return !!(vmx_capability.ept & VMX_EPT_2MB_PAGE_BIT);
}
+static inline int is_exception(u32 intr_info)
+{
+ return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
+ == (INTR_TYPE_HARD_EXCEPTION | INTR_INFO_VALID_MASK);
+}
+
+static inline int is_nmi(u32 intr_info)
+{
+ return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
+ == (INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK);
+}
+
static inline int cpu_has_vmx_invept_individual_addr(void)
{
return !!(vmx_capability.ept & VMX_EPT_EXTENT_INDIVIDUAL_BIT);
@@ -1049,6 +1079,51 @@ static inline bool report_flexpriority(void)
return flexpriority_enabled;
}
+static inline int nested_cpu_has_vmx_tpr_shadow(struct kvm_vcpu *vcpu)
+{
+ return cpu_has_vmx_tpr_shadow() &&
+ get_shadow_vmcs(vcpu)->cpu_based_vm_exec_control &
+ CPU_BASED_TPR_SHADOW;
+}
+
+static inline int nested_cpu_has_secondary_exec_ctrls(struct kvm_vcpu *vcpu)
+{
+ return cpu_has_secondary_exec_ctrls() &&
+ get_shadow_vmcs(vcpu)->cpu_based_vm_exec_control &
+ CPU_BASED_ACTIVATE_SECONDARY_CONTROLS;
+}
+
+static inline bool nested_vm_need_virtualize_apic_accesses(struct kvm_vcpu
+ *vcpu)
+{
+ return get_shadow_vmcs(vcpu)->secondary_vm_exec_control &
+ SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
+}
+
+static inline int nested_cpu_has_vmx_ept(struct kvm_vcpu *vcpu)
+{
+ return get_shadow_vmcs(vcpu)->
+ secondary_vm_exec_control & SECONDARY_EXEC_ENABLE_EPT;
+}
+
+static inline int nested_cpu_has_vmx_vpid(struct kvm_vcpu *vcpu)
+{
+ return get_shadow_vmcs(vcpu)->secondary_vm_exec_control &
+ SECONDARY_EXEC_ENABLE_VPID;
+}
+
+static inline int nested_cpu_has_vmx_pat(struct kvm_vcpu *vcpu)
+{
+ return get_shadow_vmcs(vcpu)->vm_entry_controls &
+ VM_ENTRY_LOAD_IA32_PAT;
+}
+
+static inline int nested_cpu_has_vmx_msr_bitmap(struct kvm_vcpu *vcpu)
+{
+ return get_shadow_vmcs(vcpu)->cpu_based_vm_exec_control &
+ CPU_BASED_USE_MSR_BITMAPS;
+}
+
static int __find_msr_index(struct vcpu_vmx *vmx, u32 msr)
{
int i;
@@ -1390,6 +1465,8 @@ static void vmx_load_host_state(struct vcpu_vmx *vmx)
preempt_enable();
}
+static void vmx_fpu_deactivate(struct kvm_vcpu *vcpu);
+
/*
* Switches to specified vcpu, until a matching vcpu_put(), but assumes
* vcpu mutex is already taken.
@@ -1994,6 +2071,206 @@ static void vmclear_local_vcpus(void)
__vcpu_clear(vmx);
}
+
+void prepare_vmcs_12(struct kvm_vcpu *vcpu)
+{
+ struct shadow_vmcs *l2_shadow_vmcs =
+ get_shadow_vmcs(vcpu);
+
+ l2_shadow_vmcs->guest_es_selector = vmcs_read16(GUEST_ES_SELECTOR);
+ l2_shadow_vmcs->guest_cs_selector = vmcs_read16(GUEST_CS_SELECTOR);
+ l2_shadow_vmcs->guest_ss_selector = vmcs_read16(GUEST_SS_SELECTOR);
+ l2_shadow_vmcs->guest_ds_selector = vmcs_read16(GUEST_DS_SELECTOR);
+ l2_shadow_vmcs->guest_fs_selector = vmcs_read16(GUEST_FS_SELECTOR);
+ l2_shadow_vmcs->guest_gs_selector = vmcs_read16(GUEST_GS_SELECTOR);
+ l2_shadow_vmcs->guest_ldtr_selector = vmcs_read16(GUEST_LDTR_SELECTOR);
+ l2_shadow_vmcs->guest_tr_selector = vmcs_read16(GUEST_TR_SELECTOR);
+
+ l2_shadow_vmcs->tsc_offset = vmcs_read64(TSC_OFFSET);
+ l2_shadow_vmcs->guest_physical_address =
+ vmcs_read64(GUEST_PHYSICAL_ADDRESS);
+ l2_shadow_vmcs->vmcs_link_pointer = vmcs_read64(VMCS_LINK_POINTER);
+ l2_shadow_vmcs->guest_ia32_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT)
+ l2_shadow_vmcs->guest_ia32_pat = vmcs_read64(GUEST_IA32_PAT);
+ l2_shadow_vmcs->cr3_target_count = vmcs_read32(CR3_TARGET_COUNT);
+ l2_shadow_vmcs->vm_entry_intr_info_field =
+ vmcs_read32(VM_ENTRY_INTR_INFO_FIELD);
+ l2_shadow_vmcs->vm_entry_exception_error_code =
+ vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE);
+ l2_shadow_vmcs->vm_entry_instruction_len =
+ vmcs_read32(VM_ENTRY_INSTRUCTION_LEN);
+ l2_shadow_vmcs->vm_instruction_error =
+ vmcs_read32(VM_INSTRUCTION_ERROR);
+ l2_shadow_vmcs->vm_exit_reason = vmcs_read32(VM_EXIT_REASON);
+ l2_shadow_vmcs->vm_exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+ l2_shadow_vmcs->vm_exit_intr_error_code =
+ vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
+ l2_shadow_vmcs->idt_vectoring_info_field =
+ vmcs_read32(IDT_VECTORING_INFO_FIELD);
+ l2_shadow_vmcs->idt_vectoring_error_code =
+ vmcs_read32(IDT_VECTORING_ERROR_CODE);
+ l2_shadow_vmcs->vm_exit_instruction_len =
+ vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
+ l2_shadow_vmcs->vmx_instruction_info =
+ vmcs_read32(VMX_INSTRUCTION_INFO);
+ l2_shadow_vmcs->guest_es_limit = vmcs_read32(GUEST_ES_LIMIT);
+ l2_shadow_vmcs->guest_cs_limit = vmcs_read32(GUEST_CS_LIMIT);
+ l2_shadow_vmcs->guest_ss_limit = vmcs_read32(GUEST_SS_LIMIT);
+ l2_shadow_vmcs->guest_ds_limit = vmcs_read32(GUEST_DS_LIMIT);
+ l2_shadow_vmcs->guest_fs_limit = vmcs_read32(GUEST_FS_LIMIT);
+ l2_shadow_vmcs->guest_gs_limit = vmcs_read32(GUEST_GS_LIMIT);
+ l2_shadow_vmcs->guest_ldtr_limit = vmcs_read32(GUEST_LDTR_LIMIT);
+ l2_shadow_vmcs->guest_tr_limit = vmcs_read32(GUEST_TR_LIMIT);
+ l2_shadow_vmcs->guest_gdtr_limit = vmcs_read32(GUEST_GDTR_LIMIT);
+ l2_shadow_vmcs->guest_idtr_limit = vmcs_read32(GUEST_IDTR_LIMIT);
+ l2_shadow_vmcs->guest_es_ar_bytes = vmcs_read32(GUEST_ES_AR_BYTES);
+ l2_shadow_vmcs->guest_cs_ar_bytes = vmcs_read32(GUEST_CS_AR_BYTES);
+ l2_shadow_vmcs->guest_ss_ar_bytes = vmcs_read32(GUEST_SS_AR_BYTES);
+ l2_shadow_vmcs->guest_ds_ar_bytes = vmcs_read32(GUEST_DS_AR_BYTES);
+ l2_shadow_vmcs->guest_fs_ar_bytes = vmcs_read32(GUEST_FS_AR_BYTES);
+ l2_shadow_vmcs->guest_gs_ar_bytes = vmcs_read32(GUEST_GS_AR_BYTES);
+ l2_shadow_vmcs->guest_ldtr_ar_bytes = vmcs_read32(GUEST_LDTR_AR_BYTES);
+ l2_shadow_vmcs->guest_tr_ar_bytes = vmcs_read32(GUEST_TR_AR_BYTES);
+ l2_shadow_vmcs->guest_interruptibility_info =
+ vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
+ l2_shadow_vmcs->guest_activity_state =
+ vmcs_read32(GUEST_ACTIVITY_STATE);
+ l2_shadow_vmcs->guest_sysenter_cs = vmcs_read32(GUEST_SYSENTER_CS);
+
+ l2_shadow_vmcs->cr4_read_shadow = vmcs_readl(CR4_READ_SHADOW);
+ l2_shadow_vmcs->exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
+ l2_shadow_vmcs->guest_linear_address = vmcs_readl(GUEST_LINEAR_ADDRESS);
+
+ if (l2_shadow_vmcs->cr0_guest_host_mask & X86_CR0_TS)
+ l2_shadow_vmcs->guest_cr0 = vmcs_readl(GUEST_CR0);
+ else /* if CR0_GUEST_HOST_MASK[TS]=0 l1 should think TS was really written to CR0 */
+ l2_shadow_vmcs->guest_cr0 =
+ (vmcs_readl(GUEST_CR0)&~X86_CR0_TS) | (vmcs_readl(CR0_READ_SHADOW) & X86_CR0_TS);
+
+ l2_shadow_vmcs->guest_cr4 = vmcs_readl(GUEST_CR4);
+ l2_shadow_vmcs->guest_es_base = vmcs_readl(GUEST_ES_BASE);
+ l2_shadow_vmcs->guest_cs_base = vmcs_readl(GUEST_CS_BASE);
+ l2_shadow_vmcs->guest_ss_base = vmcs_readl(GUEST_SS_BASE);
+ l2_shadow_vmcs->guest_ds_base = vmcs_readl(GUEST_DS_BASE);
+ l2_shadow_vmcs->guest_fs_base = vmcs_readl(GUEST_FS_BASE);
+ l2_shadow_vmcs->guest_gs_base = vmcs_readl(GUEST_GS_BASE);
+ l2_shadow_vmcs->guest_ldtr_base = vmcs_readl(GUEST_LDTR_BASE);
+ l2_shadow_vmcs->guest_tr_base = vmcs_readl(GUEST_TR_BASE);
+ l2_shadow_vmcs->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE);
+ l2_shadow_vmcs->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE);
+ l2_shadow_vmcs->guest_dr7 = vmcs_readl(GUEST_DR7);
+ l2_shadow_vmcs->guest_rsp = vmcs_readl(GUEST_RSP);
+ l2_shadow_vmcs->guest_rip = vmcs_readl(GUEST_RIP);
+ l2_shadow_vmcs->guest_rflags = vmcs_readl(GUEST_RFLAGS);
+ l2_shadow_vmcs->guest_pending_dbg_exceptions =
+ vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
+ l2_shadow_vmcs->guest_sysenter_esp = vmcs_readl(GUEST_SYSENTER_ESP);
+ l2_shadow_vmcs->guest_sysenter_eip = vmcs_readl(GUEST_SYSENTER_EIP);
+}
+
+int load_vmcs_common(struct shadow_vmcs *src)
+{
+ vmcs_write16(GUEST_ES_SELECTOR, src->guest_es_selector);
+ vmcs_write16(GUEST_CS_SELECTOR, src->guest_cs_selector);
+ vmcs_write16(GUEST_SS_SELECTOR, src->guest_ss_selector);
+ vmcs_write16(GUEST_DS_SELECTOR, src->guest_ds_selector);
+ vmcs_write16(GUEST_FS_SELECTOR, src->guest_fs_selector);
+ vmcs_write16(GUEST_GS_SELECTOR, src->guest_gs_selector);
+ vmcs_write16(GUEST_LDTR_SELECTOR, src->guest_ldtr_selector);
+ vmcs_write16(GUEST_TR_SELECTOR, src->guest_tr_selector);
+
+ vmcs_write64(GUEST_IA32_DEBUGCTL, src->guest_ia32_debugctl);
+
+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT)
+ vmcs_write64(GUEST_IA32_PAT, src->guest_ia32_pat);
+
+ if (src->vm_entry_msr_load_count < 512)
+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, src->vm_entry_msr_load_count);
+
+ vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, src->vm_entry_intr_info_field);
+ vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE,
+ src->vm_entry_exception_error_code);
+ vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, src->vm_entry_instruction_len);
+
+ vmcs_write32(GUEST_ES_LIMIT, src->guest_es_limit);
+ vmcs_write32(GUEST_CS_LIMIT, src->guest_cs_limit);
+ vmcs_write32(GUEST_SS_LIMIT, src->guest_ss_limit);
+ vmcs_write32(GUEST_DS_LIMIT, src->guest_ds_limit);
+ vmcs_write32(GUEST_FS_LIMIT, src->guest_fs_limit);
+ vmcs_write32(GUEST_GS_LIMIT, src->guest_gs_limit);
+ vmcs_write32(GUEST_LDTR_LIMIT, src->guest_ldtr_limit);
+ vmcs_write32(GUEST_TR_LIMIT, src->guest_tr_limit);
+ vmcs_write32(GUEST_GDTR_LIMIT, src->guest_gdtr_limit);
+ vmcs_write32(GUEST_IDTR_LIMIT, src->guest_idtr_limit);
+ vmcs_write32(GUEST_ES_AR_BYTES, src->guest_es_ar_bytes);
+ vmcs_write32(GUEST_CS_AR_BYTES, src->guest_cs_ar_bytes);
+ vmcs_write32(GUEST_SS_AR_BYTES, src->guest_ss_ar_bytes);
+ vmcs_write32(GUEST_DS_AR_BYTES, src->guest_ds_ar_bytes);
+ vmcs_write32(GUEST_FS_AR_BYTES, src->guest_fs_ar_bytes);
+ vmcs_write32(GUEST_GS_AR_BYTES, src->guest_gs_ar_bytes);
+ vmcs_write32(GUEST_LDTR_AR_BYTES, src->guest_ldtr_ar_bytes);
+ vmcs_write32(GUEST_TR_AR_BYTES, src->guest_tr_ar_bytes);
+ vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
+ src->guest_interruptibility_info);
+ vmcs_write32(GUEST_ACTIVITY_STATE, src->guest_activity_state);
+ vmcs_write32(GUEST_SYSENTER_CS, src->guest_sysenter_cs);
+
+ vmcs_writel(GUEST_ES_BASE, src->guest_es_base);
+ vmcs_writel(GUEST_CS_BASE, src->guest_cs_base);
+ vmcs_writel(GUEST_SS_BASE, src->guest_ss_base);
+ vmcs_writel(GUEST_DS_BASE, src->guest_ds_base);
+ vmcs_writel(GUEST_FS_BASE, src->guest_fs_base);
+ vmcs_writel(GUEST_GS_BASE, src->guest_gs_base);
+ vmcs_writel(GUEST_LDTR_BASE, src->guest_ldtr_base);
+ vmcs_writel(GUEST_TR_BASE, src->guest_tr_base);
+ vmcs_writel(GUEST_GDTR_BASE, src->guest_gdtr_base);
+ vmcs_writel(GUEST_IDTR_BASE, src->guest_idtr_base);
+ vmcs_writel(GUEST_DR7, src->guest_dr7);
+ vmcs_writel(GUEST_RSP, src->guest_rsp);
+ vmcs_writel(GUEST_RIP, src->guest_rip);
+ vmcs_writel(GUEST_RFLAGS, src->guest_rflags);
+ vmcs_writel(GUEST_PENDING_DBG_EXCEPTIONS,
+ src->guest_pending_dbg_exceptions);
+ vmcs_writel(GUEST_SYSENTER_ESP, src->guest_sysenter_esp);
+ vmcs_writel(GUEST_SYSENTER_EIP, src->guest_sysenter_eip);
+
+ return 0;
+}
+
+int load_vmcs_host_state(struct shadow_vmcs *src)
+{
+ vmcs_write16(HOST_ES_SELECTOR, src->host_es_selector);
+ vmcs_write16(HOST_CS_SELECTOR, src->host_cs_selector);
+ vmcs_write16(HOST_SS_SELECTOR, src->host_ss_selector);
+ vmcs_write16(HOST_DS_SELECTOR, src->host_ds_selector);
+ vmcs_write16(HOST_FS_SELECTOR, src->host_fs_selector);
+ vmcs_write16(HOST_GS_SELECTOR, src->host_gs_selector);
+ vmcs_write16(HOST_TR_SELECTOR, src->host_tr_selector);
+
+ vmcs_write64(TSC_OFFSET, src->tsc_offset);
+
+ if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT)
+ vmcs_write64(HOST_IA32_PAT, src->host_ia32_pat);
+
+ vmcs_write32(HOST_IA32_SYSENTER_CS, src->host_ia32_sysenter_cs);
+
+ vmcs_writel(HOST_CR0, src->host_cr0);
+ vmcs_writel(HOST_CR3, src->host_cr3);
+ vmcs_writel(HOST_CR4, src->host_cr4);
+ vmcs_writel(HOST_FS_BASE, src->host_fs_base);
+ vmcs_writel(HOST_GS_BASE, src->host_gs_base);
+ vmcs_writel(HOST_TR_BASE, src->host_tr_base);
+ vmcs_writel(HOST_GDTR_BASE, src->host_gdtr_base);
+ vmcs_writel(HOST_IDTR_BASE, src->host_idtr_base);
+ vmcs_writel(HOST_RSP, src->host_rsp);
+ vmcs_writel(HOST_RIP, src->host_rip);
+ vmcs_writel(HOST_IA32_SYSENTER_ESP, src->host_ia32_sysenter_esp);
+ vmcs_writel(HOST_IA32_SYSENTER_EIP, src->host_ia32_sysenter_eip);
+
+ return 0;
+}
+
static struct level_state *create_state(void)
{
struct level_state *state = NULL;
@@ -2301,8 +2578,6 @@ static void free_l1_state(struct kvm_vcpu *vcpu)
kfree(list_item);
}
}
-
-
static void free_kvm_area(void)
{
int cpu;
@@ -3574,6 +3849,10 @@ static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
+ if (vmx->nested.nested_mode) {
+ return;
+ }
+
if (!cpu_has_virtual_nmis()) {
/*
* Tracking the NMI-blocked state in software is built upon
@@ -3759,7 +4038,12 @@ static int handle_exception(struct kvm_vcpu *vcpu)
return 1; /* already handled by vmx_vcpu_run() */
if (is_no_device(intr_info)) {
+ /* if l0 handled an fpu operation for l2 it's because l1 is
+ not interested (exception bitmap 12 does not include NM_VECTOR)
+ enable fpu and resume l2 (avoid switching to l1)
+ */
vmx_fpu_activate(vcpu);
+
return 1;
}
@@ -4151,12 +4435,6 @@ static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
return 1;
}
-static int handle_vmx_insn(struct kvm_vcpu *vcpu)
-{
- kvm_queue_exception(vcpu, UD_VECTOR);
- return 1;
-}
-
static void clear_rflags_cf_zf(struct kvm_vcpu *vcpu)
{
unsigned long rflags;
@@ -4264,6 +4542,17 @@ static int handle_vmclear(struct kvm_vcpu *vcpu)
return 1;
}
+static int handle_vmlaunch(struct kvm_vcpu *vcpu)
+{
+ return launch_guest(vcpu, true);
+}
+
+static int handle_vmresume(struct kvm_vcpu *vcpu)
+{
+
+ return launch_guest(vcpu, false);
+}
+
static int handle_vmread_reg(struct kvm_vcpu *vcpu, int reg,
unsigned long field)
{
@@ -4504,7 +4793,7 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
static int handle_vmptrld(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
- u64 guest_vmcs_addr;
+ gpa_t guest_vmcs_addr;
gva_t vmcs_gva;
unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
@@ -4847,11 +5136,11 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
[EXIT_REASON_INVLPG] = handle_invlpg,
[EXIT_REASON_VMCALL] = handle_vmcall,
[EXIT_REASON_VMCLEAR] = handle_vmclear,
- [EXIT_REASON_VMLAUNCH] = handle_vmx_insn,
+ [EXIT_REASON_VMLAUNCH] = handle_vmlaunch,
[EXIT_REASON_VMPTRLD] = handle_vmptrld,
[EXIT_REASON_VMPTRST] = handle_vmptrst,
[EXIT_REASON_VMREAD] = handle_vmread,
- [EXIT_REASON_VMRESUME] = handle_vmx_insn,
+ [EXIT_REASON_VMRESUME] = handle_vmresume,
[EXIT_REASON_VMWRITE] = handle_vmwrite,
[EXIT_REASON_VMOFF] = handle_vmoff,
[EXIT_REASON_VMON] = handle_vmon,
@@ -4895,7 +5184,6 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
= vmcs_read32(VM_INSTRUCTION_ERROR);
return 0;
}
-
if ((vectoring_info & VECTORING_INFO_VALID_MASK) &&
(exit_reason != EXIT_REASON_EXCEPTION_NMI &&
exit_reason != EXIT_REASON_EPT_VIOLATION &&
@@ -4903,8 +5191,7 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
printk(KERN_WARNING "%s: unexpected, valid vectoring info "
"(0x%x) and exit reason is 0x%x\n",
__func__, vectoring_info, exit_reason);
-
- if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) {
+ if (!vmx->nested.nested_mode && unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) {
if (vmx_interrupt_allowed(vcpu)) {
vmx->soft_vnmi_blocked = 0;
} else if (vmx->vnmi_blocked_time > 1000000000LL &&
@@ -4951,10 +5238,13 @@ static void vmx_complete_interrupts(struct vcpu_vmx *vmx)
int type;
bool idtv_info_valid;
- exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
-
vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
+ if (vmx->nested.nested_mode)
+ return;
+
+ exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+
/* Handle machine checks before interrupts are enabled */
if ((vmx->exit_reason == EXIT_REASON_MCE_DURING_VMENTRY)
|| (vmx->exit_reason == EXIT_REASON_EXCEPTION_NMI
@@ -5068,6 +5358,7 @@ static void fixup_rmode_irq(struct vcpu_vmx *vmx)
static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
+ u32 nested_exception_bitmap = 0;
/* Record the guest's net vcpu time for enforced NMI injections. */
if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
@@ -5099,6 +5390,37 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (vcpu->arch.switch_db_regs)
set_debugreg(vcpu->arch.dr6, 6);
+ if (vcpu->fpu_active) {
+ if (vmcs_readl(CR0_READ_SHADOW) & X86_CR0_TS)
+ vmcs_set_bits(GUEST_CR0, X86_CR0_TS);
+ else
+ vmcs_clear_bits(GUEST_CR0, X86_CR0_TS);
+
+ if (vmx->nested.nested_mode) {
+ if (!nested_map_current(vcpu)) {
+ vmx->fail = 1;
+ return;
+ }
+
+ nested_exception_bitmap = get_shadow_vmcs(vcpu)->
+ exception_bitmap;
+
+ nested_unmap_current(vcpu);
+ }
+
+ if (vmx->nested.nested_mode &&
+ (nested_exception_bitmap & (1u << NM_VECTOR)))
+ vmcs_write32(EXCEPTION_BITMAP,
+ vmcs_read32(EXCEPTION_BITMAP) | (1u << NM_VECTOR));
+ else
+ vmcs_write32(EXCEPTION_BITMAP,
+ vmcs_read32(EXCEPTION_BITMAP) & ~(1u << NM_VECTOR));
+ } else {
+ vmcs_set_bits(GUEST_CR0, X86_CR0_TS);
+ vmcs_write32(EXCEPTION_BITMAP,
+ vmcs_read32(EXCEPTION_BITMAP) | (1u << NM_VECTOR));
+ }
+
asm(
/* Store host registers */
"push %%"R"dx; push %%"R"bp;"
@@ -5216,6 +5538,7 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
}
vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD);
+
if (vmx->rmode.irq.pending)
fixup_rmode_irq(vmx);
@@ -5300,6 +5623,11 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
goto free_vmcs;
}
+ vmx->nested.current_vmptr = -1ull;
+
+ vmx->nested.l1_state = NULL;
+ vmx->nested.current_l2_page = NULL;
+
return &vmx->vcpu;
free_vmcs:
@@ -5388,6 +5716,534 @@ static bool vmx_gb_page_enable(void)
return false;
}
+void save_vmcs(struct shadow_vmcs *dst)
+{
+ dst->guest_es_selector = vmcs_read16(GUEST_ES_SELECTOR);
+ dst->guest_cs_selector = vmcs_read16(GUEST_CS_SELECTOR);
+ dst->guest_ss_selector = vmcs_read16(GUEST_SS_SELECTOR);
+ dst->guest_ds_selector = vmcs_read16(GUEST_DS_SELECTOR);
+ dst->guest_fs_selector = vmcs_read16(GUEST_FS_SELECTOR);
+ dst->guest_gs_selector = vmcs_read16(GUEST_GS_SELECTOR);
+ dst->guest_ldtr_selector = vmcs_read16(GUEST_LDTR_SELECTOR);
+ dst->guest_tr_selector = vmcs_read16(GUEST_TR_SELECTOR);
+ dst->host_es_selector = vmcs_read16(HOST_ES_SELECTOR);
+ dst->host_cs_selector = vmcs_read16(HOST_CS_SELECTOR);
+ dst->host_ss_selector = vmcs_read16(HOST_SS_SELECTOR);
+ dst->host_ds_selector = vmcs_read16(HOST_DS_SELECTOR);
+ dst->host_fs_selector = vmcs_read16(HOST_FS_SELECTOR);
+ dst->host_gs_selector = vmcs_read16(HOST_GS_SELECTOR);
+ dst->host_tr_selector = vmcs_read16(HOST_TR_SELECTOR);
+ dst->io_bitmap_a = vmcs_read64(IO_BITMAP_A);
+ dst->io_bitmap_b = vmcs_read64(IO_BITMAP_B);
+ if (cpu_has_vmx_msr_bitmap())
+ dst->msr_bitmap = vmcs_read64(MSR_BITMAP);
+
+ dst->vm_exit_msr_store_addr = vmcs_read64(VM_EXIT_MSR_STORE_ADDR);
+ dst->vm_exit_msr_load_addr = vmcs_read64(VM_EXIT_MSR_LOAD_ADDR);
+ dst->vm_entry_msr_load_addr = vmcs_read64(VM_ENTRY_MSR_LOAD_ADDR);
+ dst->tsc_offset = vmcs_read64(TSC_OFFSET);
+ dst->virtual_apic_page_addr = vmcs_read64(VIRTUAL_APIC_PAGE_ADDR);
+ dst->apic_access_addr = vmcs_read64(APIC_ACCESS_ADDR);
+ if (enable_ept)
+ dst->ept_pointer = vmcs_read64(EPT_POINTER);
+
+ dst->guest_physical_address = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
+ dst->vmcs_link_pointer = vmcs_read64(VMCS_LINK_POINTER);
+ dst->guest_ia32_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT)
+ dst->guest_ia32_pat = vmcs_read64(GUEST_IA32_PAT);
+ if (enable_ept) {
+ dst->guest_pdptr0 = vmcs_read64(GUEST_PDPTR0);
+ dst->guest_pdptr1 = vmcs_read64(GUEST_PDPTR1);
+ dst->guest_pdptr2 = vmcs_read64(GUEST_PDPTR2);
+ dst->guest_pdptr3 = vmcs_read64(GUEST_PDPTR3);
+ }
+ dst->pin_based_vm_exec_control = vmcs_read32(PIN_BASED_VM_EXEC_CONTROL);
+ dst->cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
+ dst->exception_bitmap = vmcs_read32(EXCEPTION_BITMAP);
+ dst->page_fault_error_code_mask =
+ vmcs_read32(PAGE_FAULT_ERROR_CODE_MASK);
+ dst->page_fault_error_code_match =
+ vmcs_read32(PAGE_FAULT_ERROR_CODE_MATCH);
+ dst->cr3_target_count = vmcs_read32(CR3_TARGET_COUNT);
+ dst->vm_exit_controls = vmcs_read32(VM_EXIT_CONTROLS);
+ dst->vm_exit_msr_store_count = vmcs_read32(VM_EXIT_MSR_STORE_COUNT);
+ dst->vm_exit_msr_load_count = vmcs_read32(VM_EXIT_MSR_LOAD_COUNT);
+ dst->vm_entry_controls = vmcs_read32(VM_ENTRY_CONTROLS);
+ dst->vm_entry_msr_load_count = vmcs_read32(VM_ENTRY_MSR_LOAD_COUNT);
+ dst->vm_entry_intr_info_field = vmcs_read32(VM_ENTRY_INTR_INFO_FIELD);
+ dst->vm_entry_exception_error_code =
+ vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE);
+ dst->vm_entry_instruction_len = vmcs_read32(VM_ENTRY_INSTRUCTION_LEN);
+ dst->tpr_threshold = vmcs_read32(TPR_THRESHOLD);
+ dst->secondary_vm_exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
+ if (enable_vpid && dst->secondary_vm_exec_control &
+ SECONDARY_EXEC_ENABLE_VPID)
+ dst->virtual_processor_id = vmcs_read16(VIRTUAL_PROCESSOR_ID);
+ dst->vm_instruction_error = vmcs_read32(VM_INSTRUCTION_ERROR);
+ dst->vm_exit_reason = vmcs_read32(VM_EXIT_REASON);
+ dst->vm_exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+ dst->vm_exit_intr_error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
+ dst->idt_vectoring_info_field = vmcs_read32(IDT_VECTORING_INFO_FIELD);
+ dst->idt_vectoring_error_code = vmcs_read32(IDT_VECTORING_ERROR_CODE);
+ dst->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
+ dst->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+ dst->guest_es_limit = vmcs_read32(GUEST_ES_LIMIT);
+ dst->guest_cs_limit = vmcs_read32(GUEST_CS_LIMIT);
+ dst->guest_ss_limit = vmcs_read32(GUEST_SS_LIMIT);
+ dst->guest_ds_limit = vmcs_read32(GUEST_DS_LIMIT);
+ dst->guest_fs_limit = vmcs_read32(GUEST_FS_LIMIT);
+ dst->guest_gs_limit = vmcs_read32(GUEST_GS_LIMIT);
+ dst->guest_ldtr_limit = vmcs_read32(GUEST_LDTR_LIMIT);
+ dst->guest_tr_limit = vmcs_read32(GUEST_TR_LIMIT);
+ dst->guest_gdtr_limit = vmcs_read32(GUEST_GDTR_LIMIT);
+ dst->guest_idtr_limit = vmcs_read32(GUEST_IDTR_LIMIT);
+ dst->guest_es_ar_bytes = vmcs_read32(GUEST_ES_AR_BYTES);
+ dst->guest_cs_ar_bytes = vmcs_read32(GUEST_CS_AR_BYTES);
+ dst->guest_ss_ar_bytes = vmcs_read32(GUEST_SS_AR_BYTES);
+ dst->guest_ds_ar_bytes = vmcs_read32(GUEST_DS_AR_BYTES);
+ dst->guest_fs_ar_bytes = vmcs_read32(GUEST_FS_AR_BYTES);
+ dst->guest_gs_ar_bytes = vmcs_read32(GUEST_GS_AR_BYTES);
+ dst->guest_ldtr_ar_bytes = vmcs_read32(GUEST_LDTR_AR_BYTES);
+ dst->guest_tr_ar_bytes = vmcs_read32(GUEST_TR_AR_BYTES);
+ dst->guest_interruptibility_info =
+ vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
+ dst->guest_activity_state = vmcs_read32(GUEST_ACTIVITY_STATE);
+ dst->guest_sysenter_cs = vmcs_read32(GUEST_SYSENTER_CS);
+ dst->host_ia32_sysenter_cs = vmcs_read32(HOST_IA32_SYSENTER_CS);
+ dst->cr0_guest_host_mask = vmcs_readl(CR0_GUEST_HOST_MASK);
+ dst->cr4_guest_host_mask = vmcs_readl(CR4_GUEST_HOST_MASK);
+ dst->cr0_read_shadow = vmcs_readl(CR0_READ_SHADOW);
+ dst->cr4_read_shadow = vmcs_readl(CR4_READ_SHADOW);
+ dst->cr3_target_value0 = vmcs_readl(CR3_TARGET_VALUE0);
+ dst->cr3_target_value1 = vmcs_readl(CR3_TARGET_VALUE1);
+ dst->cr3_target_value2 = vmcs_readl(CR3_TARGET_VALUE2);
+ dst->cr3_target_value3 = vmcs_readl(CR3_TARGET_VALUE3);
+ dst->exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
+ dst->guest_linear_address = vmcs_readl(GUEST_LINEAR_ADDRESS);
+ dst->guest_cr0 = vmcs_readl(GUEST_CR0);
+ dst->guest_cr3 = vmcs_readl(GUEST_CR3);
+ dst->guest_cr4 = vmcs_readl(GUEST_CR4);
+ dst->guest_es_base = vmcs_readl(GUEST_ES_BASE);
+ dst->guest_cs_base = vmcs_readl(GUEST_CS_BASE);
+ dst->guest_ss_base = vmcs_readl(GUEST_SS_BASE);
+ dst->guest_ds_base = vmcs_readl(GUEST_DS_BASE);
+ dst->guest_fs_base = vmcs_readl(GUEST_FS_BASE);
+ dst->guest_gs_base = vmcs_readl(GUEST_GS_BASE);
+ dst->guest_ldtr_base = vmcs_readl(GUEST_LDTR_BASE);
+ dst->guest_tr_base = vmcs_readl(GUEST_TR_BASE);
+ dst->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE);
+ dst->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE);
+ dst->guest_dr7 = vmcs_readl(GUEST_DR7);
+ dst->guest_rsp = vmcs_readl(GUEST_RSP);
+ dst->guest_rip = vmcs_readl(GUEST_RIP);
+ dst->guest_rflags = vmcs_readl(GUEST_RFLAGS);
+ dst->guest_pending_dbg_exceptions =
+ vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
+ dst->guest_sysenter_esp = vmcs_readl(GUEST_SYSENTER_ESP);
+ dst->guest_sysenter_eip = vmcs_readl(GUEST_SYSENTER_EIP);
+ dst->host_cr0 = vmcs_readl(HOST_CR0);
+ dst->host_cr3 = vmcs_readl(HOST_CR3);
+ dst->host_cr4 = vmcs_readl(HOST_CR4);
+ dst->host_fs_base = vmcs_readl(HOST_FS_BASE);
+ dst->host_gs_base = vmcs_readl(HOST_GS_BASE);
+ dst->host_tr_base = vmcs_readl(HOST_TR_BASE);
+ dst->host_gdtr_base = vmcs_readl(HOST_GDTR_BASE);
+ dst->host_idtr_base = vmcs_readl(HOST_IDTR_BASE);
+ dst->host_ia32_sysenter_esp = vmcs_readl(HOST_IA32_SYSENTER_ESP);
+ dst->host_ia32_sysenter_eip = vmcs_readl(HOST_IA32_SYSENTER_EIP);
+ dst->host_rsp = vmcs_readl(HOST_RSP);
+ dst->host_rip = vmcs_readl(HOST_RIP);
+ if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT)
+ dst->host_ia32_pat = vmcs_read64(HOST_IA32_PAT);
+}
+
+int prepare_vmcs_02(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ struct shadow_vmcs *src , *l1_shadow_vmcs = vmx->nested.l1_shadow_vmcs;
+ struct level_state *l2_state;
+ u32 exec_control;
+
+ src = get_shadow_vmcs(vcpu);
+ if (!src) {
+ nested_unmap_current(vcpu);
+ printk(KERN_INFO "%s: Error no shadow vmcs\n", __func__);
+ return 1;
+ }
+
+ load_vmcs_common(src);
+
+ l2_state = &(vmx->nested.current_l2_page->l2_state);
+
+ if (l2_state->first_launch) {
+
+ vmcs_write64(VMCS_LINK_POINTER, src->vmcs_link_pointer);
+
+ if (l2_state->io_bitmap_a)
+ vmcs_write64(IO_BITMAP_A, l2_state->io_bitmap_a);
+
+ if (l2_state->io_bitmap_b)
+ vmcs_write64(IO_BITMAP_B, l2_state->io_bitmap_b);
+
+ if (l2_state->msr_bitmap)
+ vmcs_write64(MSR_BITMAP, l2_state->msr_bitmap);
+
+ if (src->vm_entry_msr_load_count > 0) {
+ struct page *page;
+
+ page = nested_get_page(vcpu,
+ src->vm_entry_msr_load_addr);
+ if (!page)
+ return 1;
+
+ vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, page_to_phys(page));
+
+ kvm_release_page_clean(page);
+ }
+
+ if (nested_cpu_has_vmx_tpr_shadow(vcpu)) {
+ struct page *page;
+
+ page = nested_get_page(vcpu,
+ src->virtual_apic_page_addr);
+ if (!page)
+ return 1;
+
+ vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, page_to_phys(page));
+
+ kvm_release_page_clean(page);
+ }
+
+ if (nested_vm_need_virtualize_apic_accesses(vcpu)) {
+ struct page *page =
+ nested_get_page(vcpu, src->apic_access_addr);
+ if (!page)
+ return 1;
+
+ vmcs_write64(APIC_ACCESS_ADDR, page_to_phys(page));
+ kvm_release_page_clean(page);
+ }
+
+
+
+ vmcs_write32(PIN_BASED_VM_EXEC_CONTROL,
+ (l1_shadow_vmcs->pin_based_vm_exec_control |
+ src->pin_based_vm_exec_control));
+
+ vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK,
+ (l1_shadow_vmcs->page_fault_error_code_mask &
+ src->page_fault_error_code_mask));
+
+ vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH,
+ (l1_shadow_vmcs->page_fault_error_code_match &
+ src->page_fault_error_code_match));
+
+ if (cpu_has_secondary_exec_ctrls()) {
+
+ exec_control =
+ l1_shadow_vmcs->secondary_vm_exec_control;
+
+ if (nested_cpu_has_secondary_exec_ctrls(vcpu)) {
+
+ exec_control |= src->secondary_vm_exec_control;
+
+ if (!vm_need_virtualize_apic_accesses(vcpu->kvm) ||
+ !nested_vm_need_virtualize_apic_accesses(vcpu))
+ exec_control &=
+ ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
+ }
+
+ vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
+ }
+
+ load_vmcs_host_state(l1_shadow_vmcs);
+
+ l2_state->first_launch = false;
+ }
+
+ if (vm_need_tpr_shadow(vcpu->kvm) &&
+ nested_cpu_has_vmx_tpr_shadow(vcpu))
+ vmcs_write32(TPR_THRESHOLD, src->tpr_threshold);
+
+ if (enable_ept) {
+ if (!nested_cpu_has_vmx_ept(vcpu)) {
+ vmcs_write64(EPT_POINTER,
+ l1_shadow_vmcs->ept_pointer);
+ vmcs_write64(GUEST_PDPTR0,
+ l1_shadow_vmcs->guest_pdptr0);
+ vmcs_write64(GUEST_PDPTR1,
+ l1_shadow_vmcs->guest_pdptr1);
+ vmcs_write64(GUEST_PDPTR2,
+ l1_shadow_vmcs->guest_pdptr2);
+ vmcs_write64(GUEST_PDPTR3,
+ l1_shadow_vmcs->guest_pdptr3);
+ }
+ }
+
+ exec_control = l1_shadow_vmcs->cpu_based_vm_exec_control;
+
+ exec_control &= ~CPU_BASED_VIRTUAL_INTR_PENDING;
+
+ exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING;
+
+ exec_control &= ~CPU_BASED_TPR_SHADOW;
+
+ exec_control |= src->cpu_based_vm_exec_control;
+
+ if (!vm_need_tpr_shadow(vcpu->kvm) ||
+ src->virtual_apic_page_addr == 0) {
+ exec_control &= ~CPU_BASED_TPR_SHADOW;
+#ifdef CONFIG_X86_64
+ exec_control |= CPU_BASED_CR8_STORE_EXITING |
+ CPU_BASED_CR8_LOAD_EXITING;
+#endif
+ } else if (exec_control & CPU_BASED_TPR_SHADOW) {
+
+#ifdef CONFIG_X86_64
+ exec_control &= ~CPU_BASED_CR8_STORE_EXITING;
+ exec_control &= ~CPU_BASED_CR8_LOAD_EXITING;
+#endif
+ }
+
+ vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control);
+
+ vmcs_write32(EXCEPTION_BITMAP,
+ (l1_shadow_vmcs->exception_bitmap |
+ src->exception_bitmap));
+
+ vmcs_write32(VM_EXIT_CONTROLS,
+ ((l1_shadow_vmcs->vm_exit_controls &
+ NESTED_VM_EXIT_CONTROLS_MASK) | src->vm_exit_controls));
+
+ vmcs_write32(VM_ENTRY_CONTROLS,
+ (l1_shadow_vmcs->vm_entry_controls &
+ NESTED_VM_ENTRY_CONTROLS_MASK) | src->vm_entry_controls);
+
+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, src->vm_entry_msr_load_count);
+
+ vmcs_writel(CR0_GUEST_HOST_MASK,
+ src->cr0_guest_host_mask | X86_CR0_TS);
+ vmcs_writel(CR4_GUEST_HOST_MASK,
+ (l1_shadow_vmcs->cr4_guest_host_mask &
+ src->cr4_guest_host_mask));
+
+ return 0;
+}
+
+int switch_back_vmcs(struct kvm_vcpu *vcpu)
+{
+ struct shadow_vmcs *src = to_vmx(vcpu)->nested.l1_shadow_vmcs;
+
+ if (enable_vpid && src->virtual_processor_id != 0)
+ vmcs_write16(VIRTUAL_PROCESSOR_ID, src->virtual_processor_id);
+
+ vmcs_write64(IO_BITMAP_A, src->io_bitmap_a);
+ vmcs_write64(IO_BITMAP_B, src->io_bitmap_b);
+
+ if (cpu_has_vmx_msr_bitmap())
+ vmcs_write64(MSR_BITMAP, src->msr_bitmap);
+
+ vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, src->virtual_apic_page_addr);
+
+ if (vm_need_virtualize_apic_accesses(vcpu->kvm))
+ vmcs_write64(APIC_ACCESS_ADDR,
+ src->apic_access_addr);
+
+ if (enable_ept) {
+ vmcs_write64(EPT_POINTER, src->ept_pointer);
+ vmcs_write64(GUEST_PDPTR0, src->guest_pdptr0);
+ vmcs_write64(GUEST_PDPTR1, src->guest_pdptr1);
+ vmcs_write64(GUEST_PDPTR2, src->guest_pdptr2);
+ vmcs_write64(GUEST_PDPTR3, src->guest_pdptr3);
+ }
+
+ vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, src->pin_based_vm_exec_control);
+ vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, src->cpu_based_vm_exec_control);
+ vmcs_write32(EXCEPTION_BITMAP, src->exception_bitmap);
+ vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK,
+ src->page_fault_error_code_mask);
+ vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH,
+ src->page_fault_error_code_match);
+ vmcs_write32(VM_EXIT_CONTROLS, src->vm_exit_controls);
+ vmcs_write32(VM_ENTRY_CONTROLS, src->vm_entry_controls);
+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, src->vm_entry_msr_load_count);
+
+ if (cpu_has_secondary_exec_ctrls())
+ vmcs_write32(SECONDARY_VM_EXEC_CONTROL,
+ src->secondary_vm_exec_control);
+
+ load_vmcs_common(src);
+
+ load_vmcs_host_state(to_vmx(vcpu)->nested.l1_shadow_vmcs);
+
+ return 0;
+}
+
+void sync_cached_regs_to_vmcs(struct kvm_vcpu *vcpu)
+{
+ unsigned long mask;
+
+ if (test_bit(VCPU_REGS_RSP, (unsigned long *)&vcpu->arch.regs_dirty))
+ vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
+ if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
+ vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
+
+ mask = ~((1 << VCPU_REGS_RSP) | (1 << VCPU_REGS_RIP));
+
+ if (vcpu->arch.regs_dirty & mask) {
+ printk(KERN_INFO "WARNING: dirty cached registers regs_dirty 0x%x mask 0x%lx\n",
+ vcpu->arch.regs_dirty, mask);
+ WARN_ON(1);
+ }
+
+ vcpu->arch.regs_dirty = 0;
+}
+
+static int nested_vmx_run(struct kvm_vcpu *vcpu)
+{
+ /* verify that l1 has done vmptrld for l2 earlier */
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ int r = 0;
+ struct level_state *l2_state;
+
+ vmx->nested.nested_mode = 1;
+
+ sync_cached_regs_to_vmcs(vcpu);
+
+ save_vmcs(vmx->nested.l1_shadow_vmcs);
+
+ vmx->nested.l1_state->shadow_efer = vcpu->arch.shadow_efer;
+ if (!enable_ept)
+ vmx->nested.l1_state->cr3 = vcpu->arch.cr3;
+ vmx->nested.l1_state->cr4 = vcpu->arch.cr4;
+
+ if (!nested_map_current(vcpu)) {
+ set_rflags_to_vmx_fail_valid(vcpu);
+ return 1;
+ }
+
+ l2_state = &(vmx->nested.current_l2_page->l2_state);
+
+ if (cpu_has_vmx_msr_bitmap())
+ vmx->nested.l1_state->msr_bitmap = vmcs_read64(MSR_BITMAP);
+ else
+ vmx->nested.l1_state->msr_bitmap = 0;
+
+ vmx->nested.l1_state->io_bitmap_a = vmcs_read64(IO_BITMAP_A);
+ vmx->nested.l1_state->io_bitmap_b = vmcs_read64(IO_BITMAP_B);
+ vmx->nested.l1_vmcs = vmx->vmcs;
+ vmx->nested.l1_state->cpu = vcpu->cpu;
+ vmx->nested.l1_state->launched = vmx->launched;
+
+ vmx->vmcs = nested_get_current_vmcs(vcpu);
+ if (!vmx->vmcs) {
+ printk(KERN_ERR "Missing VMCS\n");
+ set_rflags_to_vmx_fail_valid(vcpu);
+ return 1;
+ }
+
+ vcpu->cpu = l2_state->cpu;
+ vmx->launched = l2_state->launched;
+
+ if (l2_state->vmclear || !vmx->launched) {
+ vmcs_clear(vmx->vmcs);
+ vmx->launched = 0;
+ l2_state->vmclear = 0;
+ }
+
+ vmx_vcpu_load(vcpu, get_cpu());
+ put_cpu();
+
+ prepare_vmcs_02(vcpu);
+
+ if (get_shadow_vmcs(vcpu)->vm_entry_controls &
+ VM_ENTRY_IA32E_MODE) {
+ if (!((vcpu->arch.shadow_efer & EFER_LMA) &&
+ (vcpu->arch.shadow_efer & EFER_LME)))
+ vcpu->arch.shadow_efer |= (EFER_LMA | EFER_LME);
+ } else {
+ if ((vcpu->arch.shadow_efer & EFER_LMA) ||
+ (vcpu->arch.shadow_efer & EFER_LME))
+ vcpu->arch.shadow_efer = 0;
+ }
+
+ vmx_set_cr0(vcpu,
+ (get_shadow_vmcs(vcpu)->guest_cr0 & ~get_shadow_vmcs(vcpu)->cr0_guest_host_mask) |
+ (get_shadow_vmcs(vcpu)->cr0_read_shadow & get_shadow_vmcs(vcpu)->cr0_guest_host_mask));
+
+ vmx_set_cr4(vcpu, get_shadow_vmcs(vcpu)->guest_cr4);
+ vmcs_writel(CR4_READ_SHADOW,
+ get_shadow_vmcs(vcpu)->cr4_read_shadow);
+
+ vcpu->arch.cr0 |= X86_CR0_PG;
+
+ if (enable_ept && !nested_cpu_has_vmx_ept(vcpu)) {
+ vmcs_write32(GUEST_CR3, get_shadow_vmcs(vcpu)->guest_cr3);
+ vmx->vcpu.arch.cr3 = get_shadow_vmcs(vcpu)->guest_cr3;
+ } else {
+ kvm_set_cr3(vcpu, get_shadow_vmcs(vcpu)->guest_cr3);
+ kvm_mmu_reset_context(vcpu);
+
+ nested_unmap_current(vcpu);
+
+ r = kvm_mmu_load(vcpu);
+ if (unlikely(r)) {
+ printk(KERN_ERR "Error in kvm_mmu_load r %d\n", r);
+ set_rflags_to_vmx_fail_valid(vcpu);
+ /* switch back to L1 */
+ vmx->nested.nested_mode = 0;
+ vmx->vmcs = vmx->nested.l1_vmcs;
+ vcpu->cpu = vmx->nested.l1_state->cpu;
+ vmx->launched = vmx->nested.l1_state->launched;
+
+ vmx_vcpu_load(vcpu, get_cpu());
+ put_cpu();
+
+ return 1;
+ }
+
+ nested_map_current(vcpu);
+ }
+
+ kvm_register_write(vcpu, VCPU_REGS_RSP,
+ get_shadow_vmcs(vcpu)->guest_rsp);
+ kvm_register_write(vcpu, VCPU_REGS_RIP,
+ get_shadow_vmcs(vcpu)->guest_rip);
+
+ vmcs_write32(EXCEPTION_BITMAP,
+ (vmx->nested.l1_shadow_vmcs->exception_bitmap |
+ get_shadow_vmcs(vcpu)->exception_bitmap));
+
+ nested_unmap_current(vcpu);
+
+ return 1;
+}
+
+static int launch_guest(struct kvm_vcpu *vcpu, bool launch)
+{
+ if (!nested_vmx_check_permission(vcpu))
+ return 1;
+
+ if (!nested_map_current(vcpu))
+ return 1;
+
+ if (to_vmx(vcpu)->nested.current_l2_page->l2_state.vmclear != launch) {
+ set_rflags_to_vmx_fail_valid(vcpu);
+ nested_unmap_current(vcpu);
+ return 1;
+ }
+
+ nested_unmap_current(vcpu);
+
+ skip_emulated_instruction(vcpu);
+
+ nested_vmx_run(vcpu);
+
+ return 1;
+}
+
static struct kvm_x86_ops vmx_x86_ops = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
--
1.6.0.4
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
