1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * tools/testing/selftests/kvm/lib/x86_64/vmx.c 4 * 5 * Copyright (C) 2018, Google LLC. 6 */ 7 8 #include "test_util.h" 9 #include "kvm_util.h" 10 #include "processor.h" 11 #include "vmx.h" 12 13 bool enable_evmcs; 14 15 /* Allocate memory regions for nested VMX tests. 16 * 17 * Input Args: 18 * vm - The VM to allocate guest-virtual addresses in. 19 * 20 * Output Args: 21 * p_vmx_gva - The guest virtual address for the struct vmx_pages. 22 * 23 * Return: 24 * Pointer to structure with the addresses of the VMX areas. 25 */ 26 struct vmx_pages * 27 vcpu_alloc_vmx(struct kvm_vm *vm, vm_vaddr_t *p_vmx_gva) 28 { 29 vm_vaddr_t vmx_gva = vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 30 struct vmx_pages *vmx = addr_gva2hva(vm, vmx_gva); 31 32 /* Setup of a region of guest memory for the vmxon region. */ 33 vmx->vmxon = (void *)vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 34 vmx->vmxon_hva = addr_gva2hva(vm, (uintptr_t)vmx->vmxon); 35 vmx->vmxon_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->vmxon); 36 37 /* Setup of a region of guest memory for a vmcs. */ 38 vmx->vmcs = (void *)vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 39 vmx->vmcs_hva = addr_gva2hva(vm, (uintptr_t)vmx->vmcs); 40 vmx->vmcs_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->vmcs); 41 42 /* Setup of a region of guest memory for the MSR bitmap. */ 43 vmx->msr = (void *)vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 44 vmx->msr_hva = addr_gva2hva(vm, (uintptr_t)vmx->msr); 45 vmx->msr_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->msr); 46 memset(vmx->msr_hva, 0, getpagesize()); 47 48 /* Setup of a region of guest memory for the shadow VMCS. */ 49 vmx->shadow_vmcs = (void *)vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 50 vmx->shadow_vmcs_hva = addr_gva2hva(vm, (uintptr_t)vmx->shadow_vmcs); 51 vmx->shadow_vmcs_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->shadow_vmcs); 52 53 /* Setup of a region of guest memory for the VMREAD and VMWRITE bitmaps. */ 54 vmx->vmread = (void *)vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 55 vmx->vmread_hva = addr_gva2hva(vm, (uintptr_t)vmx->vmread); 56 vmx->vmread_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->vmread); 57 memset(vmx->vmread_hva, 0, getpagesize()); 58 59 vmx->vmwrite = (void *)vm_vaddr_alloc(vm, getpagesize(), 0x10000, 0, 0); 60 vmx->vmwrite_hva = addr_gva2hva(vm, (uintptr_t)vmx->vmwrite); 61 vmx->vmwrite_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->vmwrite); 62 memset(vmx->vmwrite_hva, 0, getpagesize()); 63 64 /* Setup of a region of guest memory for the VP Assist page. */ 65 vmx->vp_assist = (void *)vm_vaddr_alloc(vm, getpagesize(), 66 0x10000, 0, 0); 67 vmx->vp_assist_hva = addr_gva2hva(vm, (uintptr_t)vmx->vp_assist); 68 vmx->vp_assist_gpa = addr_gva2gpa(vm, (uintptr_t)vmx->vp_assist); 69 70 /* Setup of a region of guest memory for the enlightened VMCS. */ 71 vmx->enlightened_vmcs = (void *)vm_vaddr_alloc(vm, getpagesize(), 72 0x10000, 0, 0); 73 vmx->enlightened_vmcs_hva = 74 addr_gva2hva(vm, (uintptr_t)vmx->enlightened_vmcs); 75 vmx->enlightened_vmcs_gpa = 76 addr_gva2gpa(vm, (uintptr_t)vmx->enlightened_vmcs); 77 78 *p_vmx_gva = vmx_gva; 79 return vmx; 80 } 81 82 bool prepare_for_vmx_operation(struct vmx_pages *vmx) 83 { 84 uint64_t feature_control; 85 uint64_t required; 86 unsigned long cr0; 87 unsigned long cr4; 88 89 /* 90 * Ensure bits in CR0 and CR4 are valid in VMX operation: 91 * - Bit X is 1 in _FIXED0: bit X is fixed to 1 in CRx. 92 * - Bit X is 0 in _FIXED1: bit X is fixed to 0 in CRx. 93 */ 94 __asm__ __volatile__("mov %%cr0, %0" : "=r"(cr0) : : "memory"); 95 cr0 &= rdmsr(MSR_IA32_VMX_CR0_FIXED1); 96 cr0 |= rdmsr(MSR_IA32_VMX_CR0_FIXED0); 97 __asm__ __volatile__("mov %0, %%cr0" : : "r"(cr0) : "memory"); 98 99 __asm__ __volatile__("mov %%cr4, %0" : "=r"(cr4) : : "memory"); 100 cr4 &= rdmsr(MSR_IA32_VMX_CR4_FIXED1); 101 cr4 |= rdmsr(MSR_IA32_VMX_CR4_FIXED0); 102 /* Enable VMX operation */ 103 cr4 |= X86_CR4_VMXE; 104 __asm__ __volatile__("mov %0, %%cr4" : : "r"(cr4) : "memory"); 105 106 /* 107 * Configure IA32_FEATURE_CONTROL MSR to allow VMXON: 108 * Bit 0: Lock bit. If clear, VMXON causes a #GP. 109 * Bit 2: Enables VMXON outside of SMX operation. If clear, VMXON 110 * outside of SMX causes a #GP. 111 */ 112 required = FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; 113 required |= FEATURE_CONTROL_LOCKED; 114 feature_control = rdmsr(MSR_IA32_FEATURE_CONTROL); 115 if ((feature_control & required) != required) 116 wrmsr(MSR_IA32_FEATURE_CONTROL, feature_control | required); 117 118 /* Enter VMX root operation. */ 119 *(uint32_t *)(vmx->vmxon) = vmcs_revision(); 120 if (vmxon(vmx->vmxon_gpa)) 121 return false; 122 123 return true; 124 } 125 126 bool load_vmcs(struct vmx_pages *vmx) 127 { 128 if (!enable_evmcs) { 129 /* Load a VMCS. */ 130 *(uint32_t *)(vmx->vmcs) = vmcs_revision(); 131 if (vmclear(vmx->vmcs_gpa)) 132 return false; 133 134 if (vmptrld(vmx->vmcs_gpa)) 135 return false; 136 137 /* Setup shadow VMCS, do not load it yet. */ 138 *(uint32_t *)(vmx->shadow_vmcs) = 139 vmcs_revision() | 0x80000000ul; 140 if (vmclear(vmx->shadow_vmcs_gpa)) 141 return false; 142 } else { 143 if (evmcs_vmptrld(vmx->enlightened_vmcs_gpa, 144 vmx->enlightened_vmcs)) 145 return false; 146 current_evmcs->revision_id = vmcs_revision(); 147 } 148 149 return true; 150 } 151 152 /* 153 * Initialize the control fields to the most basic settings possible. 154 */ 155 static inline void init_vmcs_control_fields(struct vmx_pages *vmx) 156 { 157 vmwrite(VIRTUAL_PROCESSOR_ID, 0); 158 vmwrite(POSTED_INTR_NV, 0); 159 160 vmwrite(PIN_BASED_VM_EXEC_CONTROL, rdmsr(MSR_IA32_VMX_TRUE_PINBASED_CTLS)); 161 if (!vmwrite(SECONDARY_VM_EXEC_CONTROL, 0)) 162 vmwrite(CPU_BASED_VM_EXEC_CONTROL, 163 rdmsr(MSR_IA32_VMX_TRUE_PROCBASED_CTLS) | CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); 164 else 165 vmwrite(CPU_BASED_VM_EXEC_CONTROL, rdmsr(MSR_IA32_VMX_TRUE_PROCBASED_CTLS)); 166 vmwrite(EXCEPTION_BITMAP, 0); 167 vmwrite(PAGE_FAULT_ERROR_CODE_MASK, 0); 168 vmwrite(PAGE_FAULT_ERROR_CODE_MATCH, -1); /* Never match */ 169 vmwrite(CR3_TARGET_COUNT, 0); 170 vmwrite(VM_EXIT_CONTROLS, rdmsr(MSR_IA32_VMX_EXIT_CTLS) | 171 VM_EXIT_HOST_ADDR_SPACE_SIZE); /* 64-bit host */ 172 vmwrite(VM_EXIT_MSR_STORE_COUNT, 0); 173 vmwrite(VM_EXIT_MSR_LOAD_COUNT, 0); 174 vmwrite(VM_ENTRY_CONTROLS, rdmsr(MSR_IA32_VMX_ENTRY_CTLS) | 175 VM_ENTRY_IA32E_MODE); /* 64-bit guest */ 176 vmwrite(VM_ENTRY_MSR_LOAD_COUNT, 0); 177 vmwrite(VM_ENTRY_INTR_INFO_FIELD, 0); 178 vmwrite(TPR_THRESHOLD, 0); 179 180 vmwrite(CR0_GUEST_HOST_MASK, 0); 181 vmwrite(CR4_GUEST_HOST_MASK, 0); 182 vmwrite(CR0_READ_SHADOW, get_cr0()); 183 vmwrite(CR4_READ_SHADOW, get_cr4()); 184 185 vmwrite(MSR_BITMAP, vmx->msr_gpa); 186 vmwrite(VMREAD_BITMAP, vmx->vmread_gpa); 187 vmwrite(VMWRITE_BITMAP, vmx->vmwrite_gpa); 188 } 189 190 /* 191 * Initialize the host state fields based on the current host state, with 192 * the exception of HOST_RSP and HOST_RIP, which should be set by vmlaunch 193 * or vmresume. 194 */ 195 static inline void init_vmcs_host_state(void) 196 { 197 uint32_t exit_controls = vmreadz(VM_EXIT_CONTROLS); 198 199 vmwrite(HOST_ES_SELECTOR, get_es()); 200 vmwrite(HOST_CS_SELECTOR, get_cs()); 201 vmwrite(HOST_SS_SELECTOR, get_ss()); 202 vmwrite(HOST_DS_SELECTOR, get_ds()); 203 vmwrite(HOST_FS_SELECTOR, get_fs()); 204 vmwrite(HOST_GS_SELECTOR, get_gs()); 205 vmwrite(HOST_TR_SELECTOR, get_tr()); 206 207 if (exit_controls & VM_EXIT_LOAD_IA32_PAT) 208 vmwrite(HOST_IA32_PAT, rdmsr(MSR_IA32_CR_PAT)); 209 if (exit_controls & VM_EXIT_LOAD_IA32_EFER) 210 vmwrite(HOST_IA32_EFER, rdmsr(MSR_EFER)); 211 if (exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) 212 vmwrite(HOST_IA32_PERF_GLOBAL_CTRL, 213 rdmsr(MSR_CORE_PERF_GLOBAL_CTRL)); 214 215 vmwrite(HOST_IA32_SYSENTER_CS, rdmsr(MSR_IA32_SYSENTER_CS)); 216 217 vmwrite(HOST_CR0, get_cr0()); 218 vmwrite(HOST_CR3, get_cr3()); 219 vmwrite(HOST_CR4, get_cr4()); 220 vmwrite(HOST_FS_BASE, rdmsr(MSR_FS_BASE)); 221 vmwrite(HOST_GS_BASE, rdmsr(MSR_GS_BASE)); 222 vmwrite(HOST_TR_BASE, 223 get_desc64_base((struct desc64 *)(get_gdt_base() + get_tr()))); 224 vmwrite(HOST_GDTR_BASE, get_gdt_base()); 225 vmwrite(HOST_IDTR_BASE, get_idt_base()); 226 vmwrite(HOST_IA32_SYSENTER_ESP, rdmsr(MSR_IA32_SYSENTER_ESP)); 227 vmwrite(HOST_IA32_SYSENTER_EIP, rdmsr(MSR_IA32_SYSENTER_EIP)); 228 } 229 230 /* 231 * Initialize the guest state fields essentially as a clone of 232 * the host state fields. Some host state fields have fixed 233 * values, and we set the corresponding guest state fields accordingly. 234 */ 235 static inline void init_vmcs_guest_state(void *rip, void *rsp) 236 { 237 vmwrite(GUEST_ES_SELECTOR, vmreadz(HOST_ES_SELECTOR)); 238 vmwrite(GUEST_CS_SELECTOR, vmreadz(HOST_CS_SELECTOR)); 239 vmwrite(GUEST_SS_SELECTOR, vmreadz(HOST_SS_SELECTOR)); 240 vmwrite(GUEST_DS_SELECTOR, vmreadz(HOST_DS_SELECTOR)); 241 vmwrite(GUEST_FS_SELECTOR, vmreadz(HOST_FS_SELECTOR)); 242 vmwrite(GUEST_GS_SELECTOR, vmreadz(HOST_GS_SELECTOR)); 243 vmwrite(GUEST_LDTR_SELECTOR, 0); 244 vmwrite(GUEST_TR_SELECTOR, vmreadz(HOST_TR_SELECTOR)); 245 vmwrite(GUEST_INTR_STATUS, 0); 246 vmwrite(GUEST_PML_INDEX, 0); 247 248 vmwrite(VMCS_LINK_POINTER, -1ll); 249 vmwrite(GUEST_IA32_DEBUGCTL, 0); 250 vmwrite(GUEST_IA32_PAT, vmreadz(HOST_IA32_PAT)); 251 vmwrite(GUEST_IA32_EFER, vmreadz(HOST_IA32_EFER)); 252 vmwrite(GUEST_IA32_PERF_GLOBAL_CTRL, 253 vmreadz(HOST_IA32_PERF_GLOBAL_CTRL)); 254 255 vmwrite(GUEST_ES_LIMIT, -1); 256 vmwrite(GUEST_CS_LIMIT, -1); 257 vmwrite(GUEST_SS_LIMIT, -1); 258 vmwrite(GUEST_DS_LIMIT, -1); 259 vmwrite(GUEST_FS_LIMIT, -1); 260 vmwrite(GUEST_GS_LIMIT, -1); 261 vmwrite(GUEST_LDTR_LIMIT, -1); 262 vmwrite(GUEST_TR_LIMIT, 0x67); 263 vmwrite(GUEST_GDTR_LIMIT, 0xffff); 264 vmwrite(GUEST_IDTR_LIMIT, 0xffff); 265 vmwrite(GUEST_ES_AR_BYTES, 266 vmreadz(GUEST_ES_SELECTOR) == 0 ? 0x10000 : 0xc093); 267 vmwrite(GUEST_CS_AR_BYTES, 0xa09b); 268 vmwrite(GUEST_SS_AR_BYTES, 0xc093); 269 vmwrite(GUEST_DS_AR_BYTES, 270 vmreadz(GUEST_DS_SELECTOR) == 0 ? 0x10000 : 0xc093); 271 vmwrite(GUEST_FS_AR_BYTES, 272 vmreadz(GUEST_FS_SELECTOR) == 0 ? 0x10000 : 0xc093); 273 vmwrite(GUEST_GS_AR_BYTES, 274 vmreadz(GUEST_GS_SELECTOR) == 0 ? 0x10000 : 0xc093); 275 vmwrite(GUEST_LDTR_AR_BYTES, 0x10000); 276 vmwrite(GUEST_TR_AR_BYTES, 0x8b); 277 vmwrite(GUEST_INTERRUPTIBILITY_INFO, 0); 278 vmwrite(GUEST_ACTIVITY_STATE, 0); 279 vmwrite(GUEST_SYSENTER_CS, vmreadz(HOST_IA32_SYSENTER_CS)); 280 vmwrite(VMX_PREEMPTION_TIMER_VALUE, 0); 281 282 vmwrite(GUEST_CR0, vmreadz(HOST_CR0)); 283 vmwrite(GUEST_CR3, vmreadz(HOST_CR3)); 284 vmwrite(GUEST_CR4, vmreadz(HOST_CR4)); 285 vmwrite(GUEST_ES_BASE, 0); 286 vmwrite(GUEST_CS_BASE, 0); 287 vmwrite(GUEST_SS_BASE, 0); 288 vmwrite(GUEST_DS_BASE, 0); 289 vmwrite(GUEST_FS_BASE, vmreadz(HOST_FS_BASE)); 290 vmwrite(GUEST_GS_BASE, vmreadz(HOST_GS_BASE)); 291 vmwrite(GUEST_LDTR_BASE, 0); 292 vmwrite(GUEST_TR_BASE, vmreadz(HOST_TR_BASE)); 293 vmwrite(GUEST_GDTR_BASE, vmreadz(HOST_GDTR_BASE)); 294 vmwrite(GUEST_IDTR_BASE, vmreadz(HOST_IDTR_BASE)); 295 vmwrite(GUEST_DR7, 0x400); 296 vmwrite(GUEST_RSP, (uint64_t)rsp); 297 vmwrite(GUEST_RIP, (uint64_t)rip); 298 vmwrite(GUEST_RFLAGS, 2); 299 vmwrite(GUEST_PENDING_DBG_EXCEPTIONS, 0); 300 vmwrite(GUEST_SYSENTER_ESP, vmreadz(HOST_IA32_SYSENTER_ESP)); 301 vmwrite(GUEST_SYSENTER_EIP, vmreadz(HOST_IA32_SYSENTER_EIP)); 302 } 303 304 void prepare_vmcs(struct vmx_pages *vmx, void *guest_rip, void *guest_rsp) 305 { 306 init_vmcs_control_fields(vmx); 307 init_vmcs_host_state(); 308 init_vmcs_guest_state(guest_rip, guest_rsp); 309 } 310