1/*-
2 * Copyright (c) 2013 Anish Gupta (akgupt3@gmail.com)
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice unmodified, this list of conditions, and the following
10 * disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 * $FreeBSD: projects/bhyve_svm/sys/amd64/vmm/amd/vmcb.h 270962 2014-09-02 04:22:42Z neel $
27 */
28
29#ifndef _VMCB_H_
30#define _VMCB_H_
31
32/*
33 * Secure Virtual Machine: AMD64 Programmer's Manual Vol2, Chapter 15
34 * Layout of VMCB: AMD64 Programmer's Manual Vol2, Appendix B
35 */
36
37/* VMCB Control offset 0xC */
38#define VMCB_INTCPT_INTR BIT(0)
39#define VMCB_INTCPT_NMI BIT(1)
40#define VMCB_INTCPT_SMI BIT(2)
41#define VMCB_INTCPT_INIT BIT(3)
42#define VMCB_INTCPT_VINTR BIT(4)
43#define VMCB_INTCPT_CR0_WRITE BIT(5)
44#define VMCB_INTCPT_IDTR_READ BIT(6)
45#define VMCB_INTCPT_GDTR_READ BIT(7)
46#define VMCB_INTCPT_LDTR_READ BIT(8)
47#define VMCB_INTCPT_TR_READ BIT(9)
48#define VMCB_INTCPT_IDTR_WRITE BIT(10)
49#define VMCB_INTCPT_GDTR_WRITE BIT(11)
50#define VMCB_INTCPT_LDTR_WRITE BIT(12)
51#define VMCB_INTCPT_TR_WRITE BIT(13)
52#define VMCB_INTCPT_RDTSC BIT(14)
53#define VMCB_INTCPT_RDPMC BIT(15)
54#define VMCB_INTCPT_PUSHF BIT(16)
55#define VMCB_INTCPT_POPF BIT(17)
56#define VMCB_INTCPT_CPUID BIT(18)
57#define VMCB_INTCPT_RSM BIT(19)
58#define VMCB_INTCPT_IRET BIT(20)
59#define VMCB_INTCPT_INTn BIT(21)
60#define VMCB_INTCPT_INVD BIT(22)
61#define VMCB_INTCPT_PAUSE BIT(23)
62#define VMCB_INTCPT_HLT BIT(24)
63#define VMCB_INTCPT_INVPG BIT(25)
64#define VMCB_INTCPT_INVPGA BIT(26)
65#define VMCB_INTCPT_IO BIT(27)
66#define VMCB_INTCPT_MSR BIT(28)
67#define VMCB_INTCPT_TASK_SWITCH BIT(29)
68#define VMCB_INTCPT_FERR_FREEZE BIT(30)
69#define VMCB_INTCPT_SHUTDOWN BIT(31)
70
71/* VMCB Control offset 0x10 */
72#define VMCB_INTCPT_VMRUN BIT(0)
73#define VMCB_INTCPT_VMMCALL BIT(1)
74#define VMCB_INTCPT_VMLOAD BIT(2)
75#define VMCB_INTCPT_VMSAVE BIT(3)
76#define VMCB_INTCPT_STGI BIT(4)
77#define VMCB_INTCPT_CLGI BIT(5)
78#define VMCB_INTCPT_SKINIT BIT(6)
79#define VMCB_INTCPT_RDTSCP BIT(7)
80#define VMCB_INTCPT_ICEBP BIT(8)
81#define VMCB_INTCPT_WBINVD BIT(9)
82#define VMCB_INTCPT_MONITOR BIT(10)
83#define VMCB_INTCPT_MWAIT BIT(11)
84#define VMCB_INTCPT_MWAIT_ARMED BIT(12)
85#define VMCB_INTCPT_XSETBV BIT(13)
86
87/* VMCB TLB control */
88#define VMCB_TLB_FLUSH_NOTHING 0 /* Flush nothing */
89#define VMCB_TLB_FLUSH_ALL 1 /* Flush entire TLB */
90#define VMCB_TLB_FLUSH_GUEST 3 /* Flush all guest entries */
91#define VMCB_TLB_FLUSH_GUEST_NONGLOBAL 7 /* Flush guest non-PG entries */
92
93/* VMCB state caching */
94#define VMCB_CACHE_NONE 0 /* No caching */
95#define VMCB_CACHE_I BIT(0) /* Cache vectors, TSC offset */
96#define VMCB_CACHE_IOPM BIT(1) /* I/O and MSR permission */
97#define VMCB_CACHE_ASID BIT(2) /* ASID */
98#define VMCB_CACHE_TPR BIT(3) /* V_TPR to V_INTR_VECTOR */
99#define VMCB_CACHE_NP BIT(4) /* Nested Paging */
100#define VMCB_CACHE_CR BIT(5) /* CR0, CR3, CR4 & EFER */
101#define VMCB_CACHE_DR BIT(6) /* Debug registers */
102#define VMCB_CACHE_DT BIT(7) /* GDT/IDT */
103#define VMCB_CACHE_SEG BIT(8) /* User segments, CPL */
104#define VMCB_CACHE_CR2 BIT(9) /* page fault address */
105#define VMCB_CACHE_LBR BIT(10) /* Last branch */
106
107
108/* VMCB control event injection */
109#define VMCB_EVENTINJ_EC_VALID BIT(11) /* Error Code valid */
110#define VMCB_EVENTINJ_VALID BIT(31) /* Event valid */
111
112/* Event types that can be injected */
113#define VMCB_EVENTINJ_TYPE_INTR 0
114#define VMCB_EVENTINJ_TYPE_NMI 2
115#define VMCB_EVENTINJ_TYPE_EXCEPTION 3
116#define VMCB_EVENTINJ_TYPE_INTn 4
117
118/* VMCB exit code, APM vol2 Appendix C */
119#define VMCB_EXIT_MC 0x52
120#define VMCB_EXIT_INTR 0x60
121#define VMCB_EXIT_PUSHF 0x70
122#define VMCB_EXIT_POPF 0x71
123#define VMCB_EXIT_CPUID 0x72
124#define VMCB_EXIT_IRET 0x74
125#define VMCB_EXIT_PAUSE 0x77
126#define VMCB_EXIT_HLT 0x78
127#define VMCB_EXIT_IO 0x7B
128#define VMCB_EXIT_MSR 0x7C
129#define VMCB_EXIT_SHUTDOWN 0x7F
130#define VMCB_EXIT_VMSAVE 0x83
131#define VMCB_EXIT_NPF 0x400
132#define VMCB_EXIT_INVALID -1
133
134/*
135 * Nested page fault.
136 * Bit definitions to decode EXITINFO1.
137 */
138#define VMCB_NPF_INFO1_P BIT(0) /* Nested page present. */
139#define VMCB_NPF_INFO1_W BIT(1) /* Access was write. */
140#define VMCB_NPF_INFO1_U BIT(2) /* Access was user access. */
141#define VMCB_NPF_INFO1_RSV BIT(3) /* Reserved bits present. */
142#define VMCB_NPF_INFO1_ID BIT(4) /* Code read. */
143
144#define VMCB_NPF_INFO1_GPA BIT(32) /* Guest physical address. */
145#define VMCB_NPF_INFO1_GPT BIT(33) /* Guest page table. */
146
147/*
148 * EXITINTINFO, Interrupt exit info for all intrecepts.
149 * Section 15.7.2, Intercepts during IDT Interrupt Delivery.
150 */
151#define VMCB_EXITINTINFO_VECTOR(x) ((x) & 0xFF)
152#define VMCB_EXITINTINFO_TYPE(x) (((x) >> 8) & 0x7)
153#define VMCB_EXITINTINFO_EC_VALID(x) (((x) & BIT(11)) ? 1 : 0)
154#define VMCB_EXITINTINFO_VALID(x) (((x) & BIT(31)) ? 1 : 0)
155#define VMCB_EXITINTINFO_EC(x) (((x) >> 32) & 0xFFFFFFFF)
156
157/* VMCB save state area segment format */
158struct vmcb_segment {
159 uint16_t selector;
160 uint16_t attrib;
161 uint32_t limit;
162 uint64_t base;
163} __attribute__ ((__packed__));
164CTASSERT(sizeof(struct vmcb_segment) == 16);
165
166/* Code segment descriptor attribute in 12 bit format as saved by VMCB. */
167#define VMCB_CS_ATTRIB_L BIT(9) /* Long mode. */
168#define VMCB_CS_ATTRIB_D BIT(10) /* OPerand size bit. */
169
170/*
171 * The VMCB is divided into two areas - the first one contains various
172 * control bits including the intercept vector and the second one contains
173 * the guest state.
174 */
175
176/* VMCB control area - padded up to 1024 bytes */
177struct vmcb_ctrl {
178 uint16_t cr_read; /* Offset 0, CR0-15 read/write */
179 uint16_t cr_write;
180 uint16_t dr_read; /* Offset 4, DR0-DR15 */
181 uint16_t dr_write;
182 uint32_t exception; /* Offset 8, bit mask for exceptions. */
183 uint32_t ctrl1; /* Offset 0xC, intercept events1 */
184 uint32_t ctrl2; /* Offset 0x10, intercept event2 */
185 uint8_t pad1[0x28]; /* Offsets 0x14-0x3B are reserved. */
186 uint16_t pause_filthresh; /* Offset 0x3C, PAUSE filter threshold */
187 uint16_t pause_filcnt; /* Offset 0x3E, PAUSE filter count */
188 uint64_t iopm_base_pa; /* 0x40: IOPM_BASE_PA */
189 uint64_t msrpm_base_pa; /* 0x48: MSRPM_BASE_PA */
190 uint64_t tsc_offset; /* 0x50: TSC_OFFSET */
191 uint32_t asid; /* 0x58: Guest ASID */
192 uint8_t tlb_ctrl; /* 0x5C: TLB_CONTROL */
193 uint8_t pad2[3]; /* 0x5D-0x5F: Reserved. */
194 uint8_t v_tpr; /* 0x60: V_TPR, guest CR8 */
195 uint8_t v_irq:1; /* Is virtual interrupt pending? */
196 uint8_t :7; /* Padding */
197 uint8_t v_intr_prio:4; /* 0x62: Priority for virtual interrupt. */
198 uint8_t v_ign_tpr:1;
199 uint8_t :3;
200 uint8_t v_intr_masking:1; /* Guest and host sharing of RFLAGS. */
201 uint8_t :7;
202 uint8_t v_intr_vector; /* 0x65: Vector for virtual interrupt. */
203 uint8_t pad3[3]; /* Bit64-40 Reserved. */
204 uint64_t intr_shadow:1; /* 0x68: Interrupt shadow, section15.2.1 APM2 */
205 uint64_t :63;
206 uint64_t exitcode; /* 0x70, Exitcode */
207 uint64_t exitinfo1; /* 0x78, EXITINFO1 */
208 uint64_t exitinfo2; /* 0x80, EXITINFO2 */
209 uint64_t exitintinfo; /* 0x88, Interrupt exit value. */
210 uint64_t np_enable:1; /* 0x90, Nested paging enable. */
211 uint64_t :63;
212 uint8_t pad4[0x10]; /* 0x98-0xA7 reserved. */
213 uint64_t eventinj; /* 0xA8, Event injection. */
214 uint64_t n_cr3; /* B0, Nested page table. */
215 uint64_t lbr_virt_en:1; /* Enable LBR virtualization. */
216 uint64_t :63;
217 uint32_t vmcb_clean; /* 0xC0: VMCB clean bits for caching */
218 uint32_t :32; /* 0xC4: Reserved */
219 uint64_t nrip; /* 0xC8: Guest next nRIP. */
220 uint8_t inst_decode_size; /* 0xD0: Instruction decode */
221 uint8_t inst_decode_bytes[15];
222 uint8_t padd6[0x320];
223} __attribute__ ((__packed__));
224CTASSERT(sizeof(struct vmcb_ctrl) == 1024);
225
226struct vmcb_state {
227 struct vmcb_segment es;
228 struct vmcb_segment cs;
229 struct vmcb_segment ss;
230 struct vmcb_segment ds;
231 struct vmcb_segment fs;
232 struct vmcb_segment gs;
233 struct vmcb_segment gdt;
234 struct vmcb_segment ldt;
235 struct vmcb_segment idt;
236 struct vmcb_segment tr;
237 uint8_t pad1[0x2b]; /* Reserved: 0xA0-0xCA */
238 uint8_t cpl;
239 uint8_t pad2[4];
240 uint64_t efer;
241 uint8_t pad3[0x70]; /* Reserved: 0xd8-0x147 */
242 uint64_t cr4;
243 uint64_t cr3; /* Guest CR3 */
244 uint64_t cr0;
245 uint64_t dr7;
246 uint64_t dr6;
247 uint64_t rflags;
248 uint64_t rip;
249 uint8_t pad4[0x58]; /* Reserved: 0x180-0x1D7 */
250 uint64_t rsp;
251 uint8_t pad5[0x18]; /* Reserved 0x1E0-0x1F7 */
252 uint64_t rax;
253 uint64_t star;
254 uint64_t lstar;
255 uint64_t cstar;
256 uint64_t sfmask;
257 uint64_t kernelgsbase;
258 uint64_t sysenter_cs;
259 uint64_t sysenter_esp;
260 uint64_t sysenter_eip;
261 uint64_t cr2;
262 uint8_t pad6[0x20];
263 uint64_t g_pat;
264 uint64_t dbgctl;
265 uint64_t br_from;
266 uint64_t br_to;
267 uint64_t int_from;
268 uint64_t int_to;
269 uint8_t pad7[0x968]; /* Reserved upto end of VMCB */
270} __attribute__ ((__packed__));
271CTASSERT(sizeof(struct vmcb_state) == 0xC00);
272
273struct vmcb {
274 struct vmcb_ctrl ctrl;
275 struct vmcb_state state;
276} __attribute__ ((__packed__));
277CTASSERT(sizeof(struct vmcb) == PAGE_SIZE);
278CTASSERT(offsetof(struct vmcb, state) == 0x400);
279
280int svm_init_vmcb(struct vmcb *vmcb, uint64_t iopm_base_pa,
281 uint64_t msrpm_base_pa, uint64_t np_pml4);
282int svm_set_vmcb(struct vmcb *vmcb, uint8_t asid);
283int vmcb_read(struct vmcb *vmcb, int ident, uint64_t *retval);
284int vmcb_write(struct vmcb *vmcb, int ident, uint64_t val);
285struct vmcb_segment *vmcb_seg(struct vmcb *vmcb, int type);
286void vmcb_eventinject(struct vmcb_ctrl *ctrl, int type, int vector,
287 uint32_t error, bool ec_valid);
288
289#endif /* _VMCB_H_ */
2 * Copyright (c) 2013 Anish Gupta (akgupt3@gmail.com)
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice unmodified, this list of conditions, and the following
10 * disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 * $FreeBSD: projects/bhyve_svm/sys/amd64/vmm/amd/vmcb.h 270962 2014-09-02 04:22:42Z neel $
27 */
28
29#ifndef _VMCB_H_
30#define _VMCB_H_
31
32/*
33 * Secure Virtual Machine: AMD64 Programmer's Manual Vol2, Chapter 15
34 * Layout of VMCB: AMD64 Programmer's Manual Vol2, Appendix B
35 */
36
37/* VMCB Control offset 0xC */
38#define VMCB_INTCPT_INTR BIT(0)
39#define VMCB_INTCPT_NMI BIT(1)
40#define VMCB_INTCPT_SMI BIT(2)
41#define VMCB_INTCPT_INIT BIT(3)
42#define VMCB_INTCPT_VINTR BIT(4)
43#define VMCB_INTCPT_CR0_WRITE BIT(5)
44#define VMCB_INTCPT_IDTR_READ BIT(6)
45#define VMCB_INTCPT_GDTR_READ BIT(7)
46#define VMCB_INTCPT_LDTR_READ BIT(8)
47#define VMCB_INTCPT_TR_READ BIT(9)
48#define VMCB_INTCPT_IDTR_WRITE BIT(10)
49#define VMCB_INTCPT_GDTR_WRITE BIT(11)
50#define VMCB_INTCPT_LDTR_WRITE BIT(12)
51#define VMCB_INTCPT_TR_WRITE BIT(13)
52#define VMCB_INTCPT_RDTSC BIT(14)
53#define VMCB_INTCPT_RDPMC BIT(15)
54#define VMCB_INTCPT_PUSHF BIT(16)
55#define VMCB_INTCPT_POPF BIT(17)
56#define VMCB_INTCPT_CPUID BIT(18)
57#define VMCB_INTCPT_RSM BIT(19)
58#define VMCB_INTCPT_IRET BIT(20)
59#define VMCB_INTCPT_INTn BIT(21)
60#define VMCB_INTCPT_INVD BIT(22)
61#define VMCB_INTCPT_PAUSE BIT(23)
62#define VMCB_INTCPT_HLT BIT(24)
63#define VMCB_INTCPT_INVPG BIT(25)
64#define VMCB_INTCPT_INVPGA BIT(26)
65#define VMCB_INTCPT_IO BIT(27)
66#define VMCB_INTCPT_MSR BIT(28)
67#define VMCB_INTCPT_TASK_SWITCH BIT(29)
68#define VMCB_INTCPT_FERR_FREEZE BIT(30)
69#define VMCB_INTCPT_SHUTDOWN BIT(31)
70
71/* VMCB Control offset 0x10 */
72#define VMCB_INTCPT_VMRUN BIT(0)
73#define VMCB_INTCPT_VMMCALL BIT(1)
74#define VMCB_INTCPT_VMLOAD BIT(2)
75#define VMCB_INTCPT_VMSAVE BIT(3)
76#define VMCB_INTCPT_STGI BIT(4)
77#define VMCB_INTCPT_CLGI BIT(5)
78#define VMCB_INTCPT_SKINIT BIT(6)
79#define VMCB_INTCPT_RDTSCP BIT(7)
80#define VMCB_INTCPT_ICEBP BIT(8)
81#define VMCB_INTCPT_WBINVD BIT(9)
82#define VMCB_INTCPT_MONITOR BIT(10)
83#define VMCB_INTCPT_MWAIT BIT(11)
84#define VMCB_INTCPT_MWAIT_ARMED BIT(12)
85#define VMCB_INTCPT_XSETBV BIT(13)
86
87/* VMCB TLB control */
88#define VMCB_TLB_FLUSH_NOTHING 0 /* Flush nothing */
89#define VMCB_TLB_FLUSH_ALL 1 /* Flush entire TLB */
90#define VMCB_TLB_FLUSH_GUEST 3 /* Flush all guest entries */
91#define VMCB_TLB_FLUSH_GUEST_NONGLOBAL 7 /* Flush guest non-PG entries */
92
93/* VMCB state caching */
94#define VMCB_CACHE_NONE 0 /* No caching */
95#define VMCB_CACHE_I BIT(0) /* Cache vectors, TSC offset */
96#define VMCB_CACHE_IOPM BIT(1) /* I/O and MSR permission */
97#define VMCB_CACHE_ASID BIT(2) /* ASID */
98#define VMCB_CACHE_TPR BIT(3) /* V_TPR to V_INTR_VECTOR */
99#define VMCB_CACHE_NP BIT(4) /* Nested Paging */
100#define VMCB_CACHE_CR BIT(5) /* CR0, CR3, CR4 & EFER */
101#define VMCB_CACHE_DR BIT(6) /* Debug registers */
102#define VMCB_CACHE_DT BIT(7) /* GDT/IDT */
103#define VMCB_CACHE_SEG BIT(8) /* User segments, CPL */
104#define VMCB_CACHE_CR2 BIT(9) /* page fault address */
105#define VMCB_CACHE_LBR BIT(10) /* Last branch */
106
107
108/* VMCB control event injection */
109#define VMCB_EVENTINJ_EC_VALID BIT(11) /* Error Code valid */
110#define VMCB_EVENTINJ_VALID BIT(31) /* Event valid */
111
112/* Event types that can be injected */
113#define VMCB_EVENTINJ_TYPE_INTR 0
114#define VMCB_EVENTINJ_TYPE_NMI 2
115#define VMCB_EVENTINJ_TYPE_EXCEPTION 3
116#define VMCB_EVENTINJ_TYPE_INTn 4
117
118/* VMCB exit code, APM vol2 Appendix C */
119#define VMCB_EXIT_MC 0x52
120#define VMCB_EXIT_INTR 0x60
121#define VMCB_EXIT_PUSHF 0x70
122#define VMCB_EXIT_POPF 0x71
123#define VMCB_EXIT_CPUID 0x72
124#define VMCB_EXIT_IRET 0x74
125#define VMCB_EXIT_PAUSE 0x77
126#define VMCB_EXIT_HLT 0x78
127#define VMCB_EXIT_IO 0x7B
128#define VMCB_EXIT_MSR 0x7C
129#define VMCB_EXIT_SHUTDOWN 0x7F
130#define VMCB_EXIT_VMSAVE 0x83
131#define VMCB_EXIT_NPF 0x400
132#define VMCB_EXIT_INVALID -1
133
134/*
135 * Nested page fault.
136 * Bit definitions to decode EXITINFO1.
137 */
138#define VMCB_NPF_INFO1_P BIT(0) /* Nested page present. */
139#define VMCB_NPF_INFO1_W BIT(1) /* Access was write. */
140#define VMCB_NPF_INFO1_U BIT(2) /* Access was user access. */
141#define VMCB_NPF_INFO1_RSV BIT(3) /* Reserved bits present. */
142#define VMCB_NPF_INFO1_ID BIT(4) /* Code read. */
143
144#define VMCB_NPF_INFO1_GPA BIT(32) /* Guest physical address. */
145#define VMCB_NPF_INFO1_GPT BIT(33) /* Guest page table. */
146
147/*
148 * EXITINTINFO, Interrupt exit info for all intrecepts.
149 * Section 15.7.2, Intercepts during IDT Interrupt Delivery.
150 */
151#define VMCB_EXITINTINFO_VECTOR(x) ((x) & 0xFF)
152#define VMCB_EXITINTINFO_TYPE(x) (((x) >> 8) & 0x7)
153#define VMCB_EXITINTINFO_EC_VALID(x) (((x) & BIT(11)) ? 1 : 0)
154#define VMCB_EXITINTINFO_VALID(x) (((x) & BIT(31)) ? 1 : 0)
155#define VMCB_EXITINTINFO_EC(x) (((x) >> 32) & 0xFFFFFFFF)
156
157/* VMCB save state area segment format */
158struct vmcb_segment {
159 uint16_t selector;
160 uint16_t attrib;
161 uint32_t limit;
162 uint64_t base;
163} __attribute__ ((__packed__));
164CTASSERT(sizeof(struct vmcb_segment) == 16);
165
166/* Code segment descriptor attribute in 12 bit format as saved by VMCB. */
167#define VMCB_CS_ATTRIB_L BIT(9) /* Long mode. */
168#define VMCB_CS_ATTRIB_D BIT(10) /* OPerand size bit. */
169
170/*
171 * The VMCB is divided into two areas - the first one contains various
172 * control bits including the intercept vector and the second one contains
173 * the guest state.
174 */
175
176/* VMCB control area - padded up to 1024 bytes */
177struct vmcb_ctrl {
178 uint16_t cr_read; /* Offset 0, CR0-15 read/write */
179 uint16_t cr_write;
180 uint16_t dr_read; /* Offset 4, DR0-DR15 */
181 uint16_t dr_write;
182 uint32_t exception; /* Offset 8, bit mask for exceptions. */
183 uint32_t ctrl1; /* Offset 0xC, intercept events1 */
184 uint32_t ctrl2; /* Offset 0x10, intercept event2 */
185 uint8_t pad1[0x28]; /* Offsets 0x14-0x3B are reserved. */
186 uint16_t pause_filthresh; /* Offset 0x3C, PAUSE filter threshold */
187 uint16_t pause_filcnt; /* Offset 0x3E, PAUSE filter count */
188 uint64_t iopm_base_pa; /* 0x40: IOPM_BASE_PA */
189 uint64_t msrpm_base_pa; /* 0x48: MSRPM_BASE_PA */
190 uint64_t tsc_offset; /* 0x50: TSC_OFFSET */
191 uint32_t asid; /* 0x58: Guest ASID */
192 uint8_t tlb_ctrl; /* 0x5C: TLB_CONTROL */
193 uint8_t pad2[3]; /* 0x5D-0x5F: Reserved. */
194 uint8_t v_tpr; /* 0x60: V_TPR, guest CR8 */
195 uint8_t v_irq:1; /* Is virtual interrupt pending? */
196 uint8_t :7; /* Padding */
197 uint8_t v_intr_prio:4; /* 0x62: Priority for virtual interrupt. */
198 uint8_t v_ign_tpr:1;
199 uint8_t :3;
200 uint8_t v_intr_masking:1; /* Guest and host sharing of RFLAGS. */
201 uint8_t :7;
202 uint8_t v_intr_vector; /* 0x65: Vector for virtual interrupt. */
203 uint8_t pad3[3]; /* Bit64-40 Reserved. */
204 uint64_t intr_shadow:1; /* 0x68: Interrupt shadow, section15.2.1 APM2 */
205 uint64_t :63;
206 uint64_t exitcode; /* 0x70, Exitcode */
207 uint64_t exitinfo1; /* 0x78, EXITINFO1 */
208 uint64_t exitinfo2; /* 0x80, EXITINFO2 */
209 uint64_t exitintinfo; /* 0x88, Interrupt exit value. */
210 uint64_t np_enable:1; /* 0x90, Nested paging enable. */
211 uint64_t :63;
212 uint8_t pad4[0x10]; /* 0x98-0xA7 reserved. */
213 uint64_t eventinj; /* 0xA8, Event injection. */
214 uint64_t n_cr3; /* B0, Nested page table. */
215 uint64_t lbr_virt_en:1; /* Enable LBR virtualization. */
216 uint64_t :63;
217 uint32_t vmcb_clean; /* 0xC0: VMCB clean bits for caching */
218 uint32_t :32; /* 0xC4: Reserved */
219 uint64_t nrip; /* 0xC8: Guest next nRIP. */
220 uint8_t inst_decode_size; /* 0xD0: Instruction decode */
221 uint8_t inst_decode_bytes[15];
222 uint8_t padd6[0x320];
223} __attribute__ ((__packed__));
224CTASSERT(sizeof(struct vmcb_ctrl) == 1024);
225
226struct vmcb_state {
227 struct vmcb_segment es;
228 struct vmcb_segment cs;
229 struct vmcb_segment ss;
230 struct vmcb_segment ds;
231 struct vmcb_segment fs;
232 struct vmcb_segment gs;
233 struct vmcb_segment gdt;
234 struct vmcb_segment ldt;
235 struct vmcb_segment idt;
236 struct vmcb_segment tr;
237 uint8_t pad1[0x2b]; /* Reserved: 0xA0-0xCA */
238 uint8_t cpl;
239 uint8_t pad2[4];
240 uint64_t efer;
241 uint8_t pad3[0x70]; /* Reserved: 0xd8-0x147 */
242 uint64_t cr4;
243 uint64_t cr3; /* Guest CR3 */
244 uint64_t cr0;
245 uint64_t dr7;
246 uint64_t dr6;
247 uint64_t rflags;
248 uint64_t rip;
249 uint8_t pad4[0x58]; /* Reserved: 0x180-0x1D7 */
250 uint64_t rsp;
251 uint8_t pad5[0x18]; /* Reserved 0x1E0-0x1F7 */
252 uint64_t rax;
253 uint64_t star;
254 uint64_t lstar;
255 uint64_t cstar;
256 uint64_t sfmask;
257 uint64_t kernelgsbase;
258 uint64_t sysenter_cs;
259 uint64_t sysenter_esp;
260 uint64_t sysenter_eip;
261 uint64_t cr2;
262 uint8_t pad6[0x20];
263 uint64_t g_pat;
264 uint64_t dbgctl;
265 uint64_t br_from;
266 uint64_t br_to;
267 uint64_t int_from;
268 uint64_t int_to;
269 uint8_t pad7[0x968]; /* Reserved upto end of VMCB */
270} __attribute__ ((__packed__));
271CTASSERT(sizeof(struct vmcb_state) == 0xC00);
272
273struct vmcb {
274 struct vmcb_ctrl ctrl;
275 struct vmcb_state state;
276} __attribute__ ((__packed__));
277CTASSERT(sizeof(struct vmcb) == PAGE_SIZE);
278CTASSERT(offsetof(struct vmcb, state) == 0x400);
279
280int svm_init_vmcb(struct vmcb *vmcb, uint64_t iopm_base_pa,
281 uint64_t msrpm_base_pa, uint64_t np_pml4);
282int svm_set_vmcb(struct vmcb *vmcb, uint8_t asid);
283int vmcb_read(struct vmcb *vmcb, int ident, uint64_t *retval);
284int vmcb_write(struct vmcb *vmcb, int ident, uint64_t val);
285struct vmcb_segment *vmcb_seg(struct vmcb *vmcb, int type);
286void vmcb_eventinject(struct vmcb_ctrl *ctrl, int type, int vector,
287 uint32_t error, bool ec_valid);
288
289#endif /* _VMCB_H_ */