162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0 */ 262306a36Sopenharmony_ci#ifndef __KVM_X86_VMX_NESTED_H 362306a36Sopenharmony_ci#define __KVM_X86_VMX_NESTED_H 462306a36Sopenharmony_ci 562306a36Sopenharmony_ci#include "kvm_cache_regs.h" 662306a36Sopenharmony_ci#include "vmcs12.h" 762306a36Sopenharmony_ci#include "vmx.h" 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci/* 1062306a36Sopenharmony_ci * Status returned by nested_vmx_enter_non_root_mode(): 1162306a36Sopenharmony_ci */ 1262306a36Sopenharmony_cienum nvmx_vmentry_status { 1362306a36Sopenharmony_ci NVMX_VMENTRY_SUCCESS, /* Entered VMX non-root mode */ 1462306a36Sopenharmony_ci NVMX_VMENTRY_VMFAIL, /* Consistency check VMFail */ 1562306a36Sopenharmony_ci NVMX_VMENTRY_VMEXIT, /* Consistency check VMExit */ 1662306a36Sopenharmony_ci NVMX_VMENTRY_KVM_INTERNAL_ERROR,/* KVM internal error */ 1762306a36Sopenharmony_ci}; 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_civoid vmx_leave_nested(struct kvm_vcpu *vcpu); 2062306a36Sopenharmony_civoid nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps); 2162306a36Sopenharmony_civoid nested_vmx_hardware_unsetup(void); 2262306a36Sopenharmony_ci__init int nested_vmx_hardware_setup(int (*exit_handlers[])(struct kvm_vcpu *)); 2362306a36Sopenharmony_civoid nested_vmx_set_vmcs_shadowing_bitmap(void); 2462306a36Sopenharmony_civoid nested_vmx_free_vcpu(struct kvm_vcpu *vcpu); 2562306a36Sopenharmony_cienum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu, 2662306a36Sopenharmony_ci bool from_vmentry); 2762306a36Sopenharmony_cibool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu); 2862306a36Sopenharmony_civoid nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, 2962306a36Sopenharmony_ci u32 exit_intr_info, unsigned long exit_qualification); 3062306a36Sopenharmony_civoid nested_sync_vmcs12_to_shadow(struct kvm_vcpu *vcpu); 3162306a36Sopenharmony_ciint vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data); 3262306a36Sopenharmony_ciint vmx_get_vmx_msr(struct nested_vmx_msrs *msrs, u32 msr_index, u64 *pdata); 3362306a36Sopenharmony_ciint get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification, 3462306a36Sopenharmony_ci u32 vmx_instruction_info, bool wr, int len, gva_t *ret); 3562306a36Sopenharmony_civoid nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu); 3662306a36Sopenharmony_cibool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, unsigned int port, 3762306a36Sopenharmony_ci int size); 3862306a36Sopenharmony_ci 3962306a36Sopenharmony_cistatic inline struct vmcs12 *get_vmcs12(struct kvm_vcpu *vcpu) 4062306a36Sopenharmony_ci{ 4162306a36Sopenharmony_ci return to_vmx(vcpu)->nested.cached_vmcs12; 4262306a36Sopenharmony_ci} 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_cistatic inline struct vmcs12 *get_shadow_vmcs12(struct kvm_vcpu *vcpu) 4562306a36Sopenharmony_ci{ 4662306a36Sopenharmony_ci return to_vmx(vcpu)->nested.cached_shadow_vmcs12; 4762306a36Sopenharmony_ci} 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ci/* 5062306a36Sopenharmony_ci * Note: the same condition is checked against the state provided by userspace 5162306a36Sopenharmony_ci * in vmx_set_nested_state; if it is satisfied, the nested state must include 5262306a36Sopenharmony_ci * the VMCS12. 5362306a36Sopenharmony_ci */ 5462306a36Sopenharmony_cistatic inline int vmx_has_valid_vmcs12(struct kvm_vcpu *vcpu) 5562306a36Sopenharmony_ci{ 5662306a36Sopenharmony_ci struct vcpu_vmx *vmx = to_vmx(vcpu); 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci /* 'hv_evmcs_vmptr' can also be EVMPTR_MAP_PENDING here */ 5962306a36Sopenharmony_ci return vmx->nested.current_vmptr != -1ull || 6062306a36Sopenharmony_ci vmx->nested.hv_evmcs_vmptr != EVMPTR_INVALID; 6162306a36Sopenharmony_ci} 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_cistatic inline u16 nested_get_vpid02(struct kvm_vcpu *vcpu) 6462306a36Sopenharmony_ci{ 6562306a36Sopenharmony_ci struct vcpu_vmx *vmx = to_vmx(vcpu); 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ci return vmx->nested.vpid02 ? vmx->nested.vpid02 : vmx->vpid; 6862306a36Sopenharmony_ci} 6962306a36Sopenharmony_ci 7062306a36Sopenharmony_cistatic inline unsigned long nested_ept_get_eptp(struct kvm_vcpu *vcpu) 7162306a36Sopenharmony_ci{ 7262306a36Sopenharmony_ci /* return the page table to be shadowed - in our case, EPT12 */ 7362306a36Sopenharmony_ci return get_vmcs12(vcpu)->ept_pointer; 7462306a36Sopenharmony_ci} 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_cistatic inline bool nested_ept_ad_enabled(struct kvm_vcpu *vcpu) 7762306a36Sopenharmony_ci{ 7862306a36Sopenharmony_ci return nested_ept_get_eptp(vcpu) & VMX_EPTP_AD_ENABLE_BIT; 7962306a36Sopenharmony_ci} 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_ci/* 8262306a36Sopenharmony_ci * Return the cr0/4 value that a nested guest would read. This is a combination 8362306a36Sopenharmony_ci * of L1's "real" cr0 used to run the guest (guest_cr0), and the bits shadowed 8462306a36Sopenharmony_ci * by the L1 hypervisor (cr0_read_shadow). KVM must emulate CPU behavior as 8562306a36Sopenharmony_ci * the value+mask loaded into vmcs02 may not match the vmcs12 fields. 8662306a36Sopenharmony_ci */ 8762306a36Sopenharmony_cistatic inline unsigned long nested_read_cr0(struct vmcs12 *fields) 8862306a36Sopenharmony_ci{ 8962306a36Sopenharmony_ci return (fields->guest_cr0 & ~fields->cr0_guest_host_mask) | 9062306a36Sopenharmony_ci (fields->cr0_read_shadow & fields->cr0_guest_host_mask); 9162306a36Sopenharmony_ci} 9262306a36Sopenharmony_cistatic inline unsigned long nested_read_cr4(struct vmcs12 *fields) 9362306a36Sopenharmony_ci{ 9462306a36Sopenharmony_ci return (fields->guest_cr4 & ~fields->cr4_guest_host_mask) | 9562306a36Sopenharmony_ci (fields->cr4_read_shadow & fields->cr4_guest_host_mask); 9662306a36Sopenharmony_ci} 9762306a36Sopenharmony_ci 9862306a36Sopenharmony_cistatic inline unsigned nested_cpu_vmx_misc_cr3_count(struct kvm_vcpu *vcpu) 9962306a36Sopenharmony_ci{ 10062306a36Sopenharmony_ci return vmx_misc_cr3_count(to_vmx(vcpu)->nested.msrs.misc_low); 10162306a36Sopenharmony_ci} 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci/* 10462306a36Sopenharmony_ci * Do the virtual VMX capability MSRs specify that L1 can use VMWRITE 10562306a36Sopenharmony_ci * to modify any valid field of the VMCS, or are the VM-exit 10662306a36Sopenharmony_ci * information fields read-only? 10762306a36Sopenharmony_ci */ 10862306a36Sopenharmony_cistatic inline bool nested_cpu_has_vmwrite_any_field(struct kvm_vcpu *vcpu) 10962306a36Sopenharmony_ci{ 11062306a36Sopenharmony_ci return to_vmx(vcpu)->nested.msrs.misc_low & 11162306a36Sopenharmony_ci MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS; 11262306a36Sopenharmony_ci} 11362306a36Sopenharmony_ci 11462306a36Sopenharmony_cistatic inline bool nested_cpu_has_zero_length_injection(struct kvm_vcpu *vcpu) 11562306a36Sopenharmony_ci{ 11662306a36Sopenharmony_ci return to_vmx(vcpu)->nested.msrs.misc_low & VMX_MISC_ZERO_LEN_INS; 11762306a36Sopenharmony_ci} 11862306a36Sopenharmony_ci 11962306a36Sopenharmony_cistatic inline bool nested_cpu_supports_monitor_trap_flag(struct kvm_vcpu *vcpu) 12062306a36Sopenharmony_ci{ 12162306a36Sopenharmony_ci return to_vmx(vcpu)->nested.msrs.procbased_ctls_high & 12262306a36Sopenharmony_ci CPU_BASED_MONITOR_TRAP_FLAG; 12362306a36Sopenharmony_ci} 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_cistatic inline bool nested_cpu_has_vmx_shadow_vmcs(struct kvm_vcpu *vcpu) 12662306a36Sopenharmony_ci{ 12762306a36Sopenharmony_ci return to_vmx(vcpu)->nested.msrs.secondary_ctls_high & 12862306a36Sopenharmony_ci SECONDARY_EXEC_SHADOW_VMCS; 12962306a36Sopenharmony_ci} 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_cistatic inline bool nested_cpu_has(struct vmcs12 *vmcs12, u32 bit) 13262306a36Sopenharmony_ci{ 13362306a36Sopenharmony_ci return vmcs12->cpu_based_vm_exec_control & bit; 13462306a36Sopenharmony_ci} 13562306a36Sopenharmony_ci 13662306a36Sopenharmony_cistatic inline bool nested_cpu_has2(struct vmcs12 *vmcs12, u32 bit) 13762306a36Sopenharmony_ci{ 13862306a36Sopenharmony_ci return (vmcs12->cpu_based_vm_exec_control & 13962306a36Sopenharmony_ci CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) && 14062306a36Sopenharmony_ci (vmcs12->secondary_vm_exec_control & bit); 14162306a36Sopenharmony_ci} 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_cistatic inline bool nested_cpu_has_preemption_timer(struct vmcs12 *vmcs12) 14462306a36Sopenharmony_ci{ 14562306a36Sopenharmony_ci return vmcs12->pin_based_vm_exec_control & 14662306a36Sopenharmony_ci PIN_BASED_VMX_PREEMPTION_TIMER; 14762306a36Sopenharmony_ci} 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_cistatic inline bool nested_cpu_has_nmi_exiting(struct vmcs12 *vmcs12) 15062306a36Sopenharmony_ci{ 15162306a36Sopenharmony_ci return vmcs12->pin_based_vm_exec_control & PIN_BASED_NMI_EXITING; 15262306a36Sopenharmony_ci} 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_cistatic inline bool nested_cpu_has_virtual_nmis(struct vmcs12 *vmcs12) 15562306a36Sopenharmony_ci{ 15662306a36Sopenharmony_ci return vmcs12->pin_based_vm_exec_control & PIN_BASED_VIRTUAL_NMIS; 15762306a36Sopenharmony_ci} 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_cistatic inline int nested_cpu_has_mtf(struct vmcs12 *vmcs12) 16062306a36Sopenharmony_ci{ 16162306a36Sopenharmony_ci return nested_cpu_has(vmcs12, CPU_BASED_MONITOR_TRAP_FLAG); 16262306a36Sopenharmony_ci} 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_cistatic inline int nested_cpu_has_ept(struct vmcs12 *vmcs12) 16562306a36Sopenharmony_ci{ 16662306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_EPT); 16762306a36Sopenharmony_ci} 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_cistatic inline bool nested_cpu_has_xsaves(struct vmcs12 *vmcs12) 17062306a36Sopenharmony_ci{ 17162306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_XSAVES); 17262306a36Sopenharmony_ci} 17362306a36Sopenharmony_ci 17462306a36Sopenharmony_cistatic inline bool nested_cpu_has_pml(struct vmcs12 *vmcs12) 17562306a36Sopenharmony_ci{ 17662306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_PML); 17762306a36Sopenharmony_ci} 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_cistatic inline bool nested_cpu_has_virt_x2apic_mode(struct vmcs12 *vmcs12) 18062306a36Sopenharmony_ci{ 18162306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE); 18262306a36Sopenharmony_ci} 18362306a36Sopenharmony_ci 18462306a36Sopenharmony_cistatic inline bool nested_cpu_has_vpid(struct vmcs12 *vmcs12) 18562306a36Sopenharmony_ci{ 18662306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_VPID); 18762306a36Sopenharmony_ci} 18862306a36Sopenharmony_ci 18962306a36Sopenharmony_cistatic inline bool nested_cpu_has_apic_reg_virt(struct vmcs12 *vmcs12) 19062306a36Sopenharmony_ci{ 19162306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_APIC_REGISTER_VIRT); 19262306a36Sopenharmony_ci} 19362306a36Sopenharmony_ci 19462306a36Sopenharmony_cistatic inline bool nested_cpu_has_vid(struct vmcs12 *vmcs12) 19562306a36Sopenharmony_ci{ 19662306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); 19762306a36Sopenharmony_ci} 19862306a36Sopenharmony_ci 19962306a36Sopenharmony_cistatic inline bool nested_cpu_has_posted_intr(struct vmcs12 *vmcs12) 20062306a36Sopenharmony_ci{ 20162306a36Sopenharmony_ci return vmcs12->pin_based_vm_exec_control & PIN_BASED_POSTED_INTR; 20262306a36Sopenharmony_ci} 20362306a36Sopenharmony_ci 20462306a36Sopenharmony_cistatic inline bool nested_cpu_has_vmfunc(struct vmcs12 *vmcs12) 20562306a36Sopenharmony_ci{ 20662306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_VMFUNC); 20762306a36Sopenharmony_ci} 20862306a36Sopenharmony_ci 20962306a36Sopenharmony_cistatic inline bool nested_cpu_has_eptp_switching(struct vmcs12 *vmcs12) 21062306a36Sopenharmony_ci{ 21162306a36Sopenharmony_ci return nested_cpu_has_vmfunc(vmcs12) && 21262306a36Sopenharmony_ci (vmcs12->vm_function_control & 21362306a36Sopenharmony_ci VMX_VMFUNC_EPTP_SWITCHING); 21462306a36Sopenharmony_ci} 21562306a36Sopenharmony_ci 21662306a36Sopenharmony_cistatic inline bool nested_cpu_has_shadow_vmcs(struct vmcs12 *vmcs12) 21762306a36Sopenharmony_ci{ 21862306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_SHADOW_VMCS); 21962306a36Sopenharmony_ci} 22062306a36Sopenharmony_ci 22162306a36Sopenharmony_cistatic inline bool nested_cpu_has_save_preemption_timer(struct vmcs12 *vmcs12) 22262306a36Sopenharmony_ci{ 22362306a36Sopenharmony_ci return vmcs12->vm_exit_controls & 22462306a36Sopenharmony_ci VM_EXIT_SAVE_VMX_PREEMPTION_TIMER; 22562306a36Sopenharmony_ci} 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_cistatic inline bool nested_exit_on_nmi(struct kvm_vcpu *vcpu) 22862306a36Sopenharmony_ci{ 22962306a36Sopenharmony_ci return nested_cpu_has_nmi_exiting(get_vmcs12(vcpu)); 23062306a36Sopenharmony_ci} 23162306a36Sopenharmony_ci 23262306a36Sopenharmony_ci/* 23362306a36Sopenharmony_ci * In nested virtualization, check if L1 asked to exit on external interrupts. 23462306a36Sopenharmony_ci * For most existing hypervisors, this will always return true. 23562306a36Sopenharmony_ci */ 23662306a36Sopenharmony_cistatic inline bool nested_exit_on_intr(struct kvm_vcpu *vcpu) 23762306a36Sopenharmony_ci{ 23862306a36Sopenharmony_ci return get_vmcs12(vcpu)->pin_based_vm_exec_control & 23962306a36Sopenharmony_ci PIN_BASED_EXT_INTR_MASK; 24062306a36Sopenharmony_ci} 24162306a36Sopenharmony_ci 24262306a36Sopenharmony_cistatic inline bool nested_cpu_has_encls_exit(struct vmcs12 *vmcs12) 24362306a36Sopenharmony_ci{ 24462306a36Sopenharmony_ci return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENCLS_EXITING); 24562306a36Sopenharmony_ci} 24662306a36Sopenharmony_ci 24762306a36Sopenharmony_ci/* 24862306a36Sopenharmony_ci * if fixed0[i] == 1: val[i] must be 1 24962306a36Sopenharmony_ci * if fixed1[i] == 0: val[i] must be 0 25062306a36Sopenharmony_ci */ 25162306a36Sopenharmony_cistatic inline bool fixed_bits_valid(u64 val, u64 fixed0, u64 fixed1) 25262306a36Sopenharmony_ci{ 25362306a36Sopenharmony_ci return ((val & fixed1) | fixed0) == val; 25462306a36Sopenharmony_ci} 25562306a36Sopenharmony_ci 25662306a36Sopenharmony_cistatic inline bool nested_guest_cr0_valid(struct kvm_vcpu *vcpu, unsigned long val) 25762306a36Sopenharmony_ci{ 25862306a36Sopenharmony_ci u64 fixed0 = to_vmx(vcpu)->nested.msrs.cr0_fixed0; 25962306a36Sopenharmony_ci u64 fixed1 = to_vmx(vcpu)->nested.msrs.cr0_fixed1; 26062306a36Sopenharmony_ci struct vmcs12 *vmcs12 = get_vmcs12(vcpu); 26162306a36Sopenharmony_ci 26262306a36Sopenharmony_ci if (to_vmx(vcpu)->nested.msrs.secondary_ctls_high & 26362306a36Sopenharmony_ci SECONDARY_EXEC_UNRESTRICTED_GUEST && 26462306a36Sopenharmony_ci nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST)) 26562306a36Sopenharmony_ci fixed0 &= ~(X86_CR0_PE | X86_CR0_PG); 26662306a36Sopenharmony_ci 26762306a36Sopenharmony_ci return fixed_bits_valid(val, fixed0, fixed1); 26862306a36Sopenharmony_ci} 26962306a36Sopenharmony_ci 27062306a36Sopenharmony_cistatic inline bool nested_host_cr0_valid(struct kvm_vcpu *vcpu, unsigned long val) 27162306a36Sopenharmony_ci{ 27262306a36Sopenharmony_ci u64 fixed0 = to_vmx(vcpu)->nested.msrs.cr0_fixed0; 27362306a36Sopenharmony_ci u64 fixed1 = to_vmx(vcpu)->nested.msrs.cr0_fixed1; 27462306a36Sopenharmony_ci 27562306a36Sopenharmony_ci return fixed_bits_valid(val, fixed0, fixed1); 27662306a36Sopenharmony_ci} 27762306a36Sopenharmony_ci 27862306a36Sopenharmony_cistatic inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) 27962306a36Sopenharmony_ci{ 28062306a36Sopenharmony_ci u64 fixed0 = to_vmx(vcpu)->nested.msrs.cr4_fixed0; 28162306a36Sopenharmony_ci u64 fixed1 = to_vmx(vcpu)->nested.msrs.cr4_fixed1; 28262306a36Sopenharmony_ci 28362306a36Sopenharmony_ci return fixed_bits_valid(val, fixed0, fixed1) && 28462306a36Sopenharmony_ci __kvm_is_valid_cr4(vcpu, val); 28562306a36Sopenharmony_ci} 28662306a36Sopenharmony_ci 28762306a36Sopenharmony_ci/* No difference in the restrictions on guest and host CR4 in VMX operation. */ 28862306a36Sopenharmony_ci#define nested_guest_cr4_valid nested_cr4_valid 28962306a36Sopenharmony_ci#define nested_host_cr4_valid nested_cr4_valid 29062306a36Sopenharmony_ci 29162306a36Sopenharmony_ciextern struct kvm_x86_nested_ops vmx_nested_ops; 29262306a36Sopenharmony_ci 29362306a36Sopenharmony_ci#endif /* __KVM_X86_VMX_NESTED_H */ 294