static int construct_vmcs(struct vcpu *v)
{
uint16_t sysenter_cs;
unsigned long sysenter_eip;
vmx_vmcs_enter(v);
/* VMCS controls. */
__vmwrite(PIN_BASED_VM_EXEC_CONTROL, vmx_pin_based_exec_control);
__vmwrite(VM_EXIT_CONTROLS, vmx_vmexit_control);
__vmwrite(VM_ENTRY_CONTROLS, vmx_vmentry_control);
__vmwrite(CPU_BASED_VM_EXEC_CONTROL, vmx_cpu_based_exec_control);
v->arch.hvm_vmx.exec_control = vmx_cpu_based_exec_control;
if ( vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS )
__vmwrite(SECONDARY_VM_EXEC_CONTROL, vmx_secondary_exec_control);
/* MSR access bitmap. */
if ( cpu_has_vmx_msr_bitmap )
{
char *msr_bitmap = alloc_xenheap_page();
if ( msr_bitmap == NULL )
return -ENOMEM;
memset(msr_bitmap, ~0, PAGE_SIZE);
v->arch.hvm_vmx.msr_bitmap = msr_bitmap;
__vmwrite(MSR_BITMAP, virt_to_maddr(msr_bitmap));
vmx_disable_intercept_for_msr(v, MSR_FS_BASE);
vmx_disable_intercept_for_msr(v, MSR_GS_BASE);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_CS);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_ESP);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_EIP);
}
/* I/O access bitmap. */
__vmwrite(IO_BITMAP_A, virt_to_maddr(hvm_io_bitmap));
__vmwrite(IO_BITMAP_B, virt_to_maddr(hvm_io_bitmap + PAGE_SIZE));
/* Host GDTR base. */
__vmwrite(HOST_GDTR_BASE, GDT_VIRT_START(v));
/* Host data selectors. */
__vmwrite(HOST_SS_SELECTOR, __HYPERVISOR_DS);
__vmwrite(HOST_DS_SELECTOR, __HYPERVISOR_DS);
__vmwrite(HOST_ES_SELECTOR, __HYPERVISOR_DS);
__vmwrite(HOST_FS_SELECTOR, 0);
__vmwrite(HOST_GS_SELECTOR, 0);
__vmwrite(HOST_FS_BASE, 0);
__vmwrite(HOST_GS_BASE, 0);
/* Host control registers. */
v->arch.hvm_vmx.host_cr0 = read_cr0() | X86_CR0_TS;
__vmwrite(HOST_CR0, v->arch.hvm_vmx.host_cr0);
__vmwrite(HOST_CR4, mmu_cr4_features);
/* Host CS:RIP. */
__vmwrite(HOST_CS_SELECTOR, __HYPERVISOR_CS);
__vmwrite(HOST_RIP, (unsigned long)vmx_asm_vmexit_handler);
/* Host SYSENTER CS:RIP. */
rdmsrl(MSR_IA32_SYSENTER_CS, sysenter_cs);
__vmwrite(HOST_SYSENTER_CS, sysenter_cs);
rdmsrl(MSR_IA32_SYSENTER_EIP, sysenter_eip);
__vmwrite(HOST_SYSENTER_EIP, sysenter_eip);
/* MSR intercepts. */
__vmwrite(VM_EXIT_MSR_LOAD_COUNT, 0);
__vmwrite(VM_EXIT_MSR_STORE_COUNT, 0);
__vmwrite(VM_ENTRY_MSR_LOAD_COUNT, 0);
__vmwrite(VM_ENTRY_INTR_INFO, 0);
__vmwrite(CR0_GUEST_HOST_MASK, ~0UL);
__vmwrite(CR4_GUEST_HOST_MASK, ~0UL);
__vmwrite(PAGE_FAULT_ERROR_CODE_MASK, 0);
__vmwrite(PAGE_FAULT_ERROR_CODE_MATCH, 0);
__vmwrite(CR3_TARGET_COUNT, 0);
__vmwrite(GUEST_ACTIVITY_STATE, 0);
/* Guest segment bases. */
__vmwrite(GUEST_ES_BASE, 0);
__vmwrite(GUEST_SS_BASE, 0);
__vmwrite(GUEST_DS_BASE, 0);
__vmwrite(GUEST_FS_BASE, 0);
__vmwrite(GUEST_GS_BASE, 0);
__vmwrite(GUEST_CS_BASE, 0);
/* Guest segment limits. */
__vmwrite(GUEST_ES_LIMIT, ~0u);
__vmwrite(GUEST_SS_LIMIT, ~0u);
__vmwrite(GUEST_DS_LIMIT, ~0u);
__vmwrite(GUEST_FS_LIMIT, ~0u);
__vmwrite(GUEST_GS_LIMIT, ~0u);
__vmwrite(GUEST_CS_LIMIT, ~0u);
/* Guest segment AR bytes. */
__vmwrite(GUEST_ES_AR_BYTES, 0xc093); /* read/write, accessed */
__vmwrite(GUEST_SS_AR_BYTES, 0xc093);
__vmwrite(GUEST_DS_AR_BYTES, 0xc093);
__vmwrite(GUEST_FS_AR_BYTES, 0xc093);
__vmwrite(GUEST_GS_AR_BYTES, 0xc093);
__vmwrite(GUEST_CS_AR_BYTES, 0xc09b); /* exec/read, accessed */
/* Guest IDT. */
__vmwrite(GUEST_IDTR_BASE, 0);
__vmwrite(GUEST_IDTR_LIMIT, 0);
/* Guest GDT. */
__vmwrite(GUEST_GDTR_BASE, 0);
__vmwrite(GUEST_GDTR_LIMIT, 0);
/* Guest LDT. */
__vmwrite(GUEST_LDTR_AR_BYTES, 0x0082); /* LDT */
__vmwrite(GUEST_LDTR_SELECTOR, 0);
__vmwrite(GUEST_LDTR_BASE, 0);
__vmwrite(GUEST_LDTR_LIMIT, 0);
/* Guest TSS. */
__vmwrite(GUEST_TR_AR_BYTES, 0x008b); /* 32-bit TSS (busy) */
__vmwrite(GUEST_TR_BASE, 0);
__vmwrite(GUEST_TR_LIMIT, 0xff);
__vmwrite(GUEST_INTERRUPTIBILITY_INFO, 0);
__vmwrite(GUEST_DR7, 0);
__vmwrite(VMCS_LINK_POINTER, ~0UL);
#if defined(__i386__)
__vmwrite(VMCS_LINK_POINTER_HIGH, ~0UL);
#endif
__vmwrite(EXCEPTION_BITMAP, (HVM_TRAP_MASK |
(1U << TRAP_page_fault) |
(1U << TRAP_no_device)));
v->arch.hvm_vcpu.guest_cr[0] = X86_CR0_PE | X86_CR0_ET;
hvm_update_guest_cr(v, 0);
v->arch.hvm_vcpu.guest_cr[4] = 0;
hvm_update_guest_cr(v, 4);
if ( cpu_has_vmx_tpr_shadow )
{
__vmwrite(VIRTUAL_APIC_PAGE_ADDR,
page_to_maddr(vcpu_vlapic(v)->regs_page));
__vmwrite(TPR_THRESHOLD, 0);
}
vmx_vmcs_exit(v);
paging_update_paging_modes(v); /* will update HOST & GUEST_CR3 as reqd */
vmx_vlapic_msr_changed(v);
return 0;
}
int monitor_domctl(struct domain *d, struct xen_domctl_monitor_op *mop)
{
int rc;
struct arch_domain *ad = &d->arch;
uint32_t capabilities = get_capabilities(d);
rc = xsm_vm_event_control(XSM_PRIV, d, mop->op, mop->event);
if ( rc )
return rc;
switch ( mop->op )
{
case XEN_DOMCTL_MONITOR_OP_GET_CAPABILITIES:
mop->event = capabilities;
return 0;
case XEN_DOMCTL_MONITOR_OP_EMULATE_EACH_REP:
d->arch.mem_access_emulate_each_rep = !!mop->event;
return 0;
}
/*
* Sanity check
*/
if ( mop->op != XEN_DOMCTL_MONITOR_OP_ENABLE &&
mop->op != XEN_DOMCTL_MONITOR_OP_DISABLE )
return -EOPNOTSUPP;
/* Check if event type is available. */
if ( !(capabilities & (1 << mop->event)) )
return -EOPNOTSUPP;
switch ( mop->event )
{
case XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG:
{
unsigned int ctrlreg_bitmask =
monitor_ctrlreg_bitmask(mop->u.mov_to_cr.index);
bool_t status =
!!(ad->monitor.write_ctrlreg_enabled & ctrlreg_bitmask);
struct vcpu *v;
rc = status_check(mop, status);
if ( rc )
return rc;
if ( mop->u.mov_to_cr.sync )
ad->monitor.write_ctrlreg_sync |= ctrlreg_bitmask;
else
ad->monitor.write_ctrlreg_sync &= ~ctrlreg_bitmask;
if ( mop->u.mov_to_cr.onchangeonly )
ad->monitor.write_ctrlreg_onchangeonly |= ctrlreg_bitmask;
else
ad->monitor.write_ctrlreg_onchangeonly &= ~ctrlreg_bitmask;
domain_pause(d);
if ( !status )
ad->monitor.write_ctrlreg_enabled |= ctrlreg_bitmask;
else
ad->monitor.write_ctrlreg_enabled &= ~ctrlreg_bitmask;
domain_unpause(d);
if ( mop->u.mov_to_cr.index == VM_EVENT_X86_CR3 )
/* Latches new CR3 mask through CR0 code */
for_each_vcpu ( d, v )
hvm_update_guest_cr(v, 0);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR:
{
bool_t status = ad->monitor.mov_to_msr_enabled;
rc = status_check(mop, status);
if ( rc )
return rc;
if ( mop->op == XEN_DOMCTL_MONITOR_OP_ENABLE &&
mop->u.mov_to_msr.extended_capture )
{
if ( hvm_enable_msr_exit_interception(d) )
ad->monitor.mov_to_msr_extended = 1;
else
return -EOPNOTSUPP;
} else
ad->monitor.mov_to_msr_extended = 0;
domain_pause(d);
ad->monitor.mov_to_msr_enabled = !status;
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP:
{
bool_t status = ad->monitor.singlestep_enabled;
rc = status_check(mop, status);
if ( rc )
return rc;
domain_pause(d);
ad->monitor.singlestep_enabled = !status;
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT:
{
bool_t status = ad->monitor.software_breakpoint_enabled;
rc = status_check(mop, status);
if ( rc )
return rc;
domain_pause(d);
ad->monitor.software_breakpoint_enabled = !status;
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST:
{
bool_t status = ad->monitor.guest_request_enabled;
rc = status_check(mop, status);
if ( rc )
return rc;
ad->monitor.guest_request_sync = mop->u.guest_request.sync;
domain_pause(d);
ad->monitor.guest_request_enabled = !status;
domain_unpause(d);
break;
}
default:
return -EOPNOTSUPP;
};
return 0;
}
int arch_monitor_domctl_event(struct domain *d,
struct xen_domctl_monitor_op *mop)
{
struct arch_domain *ad = &d->arch;
bool_t requested_status = (XEN_DOMCTL_MONITOR_OP_ENABLE == mop->op);
switch ( mop->event )
{
case XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG:
{
unsigned int ctrlreg_bitmask;
bool_t old_status;
/* sanity check: avoid left-shift undefined behavior */
if ( unlikely(mop->u.mov_to_cr.index > 31) )
return -EINVAL;
ctrlreg_bitmask = monitor_ctrlreg_bitmask(mop->u.mov_to_cr.index);
old_status = !!(ad->monitor.write_ctrlreg_enabled & ctrlreg_bitmask);
if ( unlikely(old_status == requested_status) )
return -EEXIST;
domain_pause(d);
if ( mop->u.mov_to_cr.sync )
ad->monitor.write_ctrlreg_sync |= ctrlreg_bitmask;
else
ad->monitor.write_ctrlreg_sync &= ~ctrlreg_bitmask;
if ( mop->u.mov_to_cr.onchangeonly )
ad->monitor.write_ctrlreg_onchangeonly |= ctrlreg_bitmask;
else
ad->monitor.write_ctrlreg_onchangeonly &= ~ctrlreg_bitmask;
if ( requested_status )
ad->monitor.write_ctrlreg_enabled |= ctrlreg_bitmask;
else
ad->monitor.write_ctrlreg_enabled &= ~ctrlreg_bitmask;
if ( VM_EVENT_X86_CR3 == mop->u.mov_to_cr.index )
{
struct vcpu *v;
/* Latches new CR3 mask through CR0 code. */
for_each_vcpu ( d, v )
hvm_update_guest_cr(v, 0);
}
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR:
{
bool_t old_status;
int rc;
u32 msr = mop->u.mov_to_msr.msr;
domain_pause(d);
old_status = monitored_msr(d, msr);
if ( unlikely(old_status == requested_status) )
{
domain_unpause(d);
return -EEXIST;
}
if ( requested_status )
rc = monitor_enable_msr(d, msr);
else
rc = monitor_disable_msr(d, msr);
domain_unpause(d);
return rc;
}
case XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP:
{
bool_t old_status = ad->monitor.singlestep_enabled;
if ( unlikely(old_status == requested_status) )
return -EEXIST;
domain_pause(d);
ad->monitor.singlestep_enabled = requested_status;
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT:
{
bool_t old_status = ad->monitor.software_breakpoint_enabled;
if ( unlikely(old_status == requested_status) )
return -EEXIST;
domain_pause(d);
ad->monitor.software_breakpoint_enabled = requested_status;
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_DEBUG_EXCEPTION:
{
bool_t old_status = ad->monitor.debug_exception_enabled;
if ( unlikely(old_status == requested_status) )
return -EEXIST;
domain_pause(d);
ad->monitor.debug_exception_enabled = requested_status;
ad->monitor.debug_exception_sync = requested_status ?
mop->u.debug_exception.sync :
0;
domain_unpause(d);
break;
}
case XEN_DOMCTL_MONITOR_EVENT_CPUID:
{
bool_t old_status = ad->monitor.cpuid_enabled;
if ( unlikely(old_status == requested_status) )
return -EEXIST;
domain_pause(d);
ad->monitor.cpuid_enabled = requested_status;
domain_unpause(d);
break;
}
default:
/*
* Should not be reached unless arch_monitor_get_capabilities() is
* not properly implemented.
*/
ASSERT_UNREACHABLE();
return -EOPNOTSUPP;
}
return 0;
}
/* This function can directly access fields which are covered by clean bits. */
static int construct_vmcb(struct vcpu *v)
{
struct arch_svm_struct *arch_svm = &v->arch.hvm_svm;
struct vmcb_struct *vmcb = arch_svm->vmcb;
vmcb->_general1_intercepts =
GENERAL1_INTERCEPT_INTR | GENERAL1_INTERCEPT_NMI |
GENERAL1_INTERCEPT_SMI | GENERAL1_INTERCEPT_INIT |
GENERAL1_INTERCEPT_CPUID | GENERAL1_INTERCEPT_INVD |
GENERAL1_INTERCEPT_HLT | GENERAL1_INTERCEPT_INVLPG |
GENERAL1_INTERCEPT_INVLPGA | GENERAL1_INTERCEPT_IOIO_PROT |
GENERAL1_INTERCEPT_MSR_PROT | GENERAL1_INTERCEPT_SHUTDOWN_EVT|
GENERAL1_INTERCEPT_TASK_SWITCH;
vmcb->_general2_intercepts =
GENERAL2_INTERCEPT_VMRUN | GENERAL2_INTERCEPT_VMMCALL |
GENERAL2_INTERCEPT_VMLOAD | GENERAL2_INTERCEPT_VMSAVE |
GENERAL2_INTERCEPT_STGI | GENERAL2_INTERCEPT_CLGI |
GENERAL2_INTERCEPT_SKINIT | GENERAL2_INTERCEPT_MWAIT |
GENERAL2_INTERCEPT_WBINVD | GENERAL2_INTERCEPT_MONITOR |
GENERAL2_INTERCEPT_XSETBV;
/* Intercept all debug-register writes. */
vmcb->_dr_intercepts = ~0u;
/* Intercept all control-register accesses except for CR2 and CR8. */
vmcb->_cr_intercepts = ~(CR_INTERCEPT_CR2_READ |
CR_INTERCEPT_CR2_WRITE |
CR_INTERCEPT_CR8_READ |
CR_INTERCEPT_CR8_WRITE);
/* I/O and MSR permission bitmaps. */
arch_svm->msrpm = alloc_xenheap_pages(get_order_from_bytes(MSRPM_SIZE), 0);
if ( arch_svm->msrpm == NULL )
return -ENOMEM;
memset(arch_svm->msrpm, 0xff, MSRPM_SIZE);
svm_disable_intercept_for_msr(v, MSR_FS_BASE);
svm_disable_intercept_for_msr(v, MSR_GS_BASE);
svm_disable_intercept_for_msr(v, MSR_SHADOW_GS_BASE);
svm_disable_intercept_for_msr(v, MSR_CSTAR);
svm_disable_intercept_for_msr(v, MSR_LSTAR);
svm_disable_intercept_for_msr(v, MSR_STAR);
svm_disable_intercept_for_msr(v, MSR_SYSCALL_MASK);
/* LWP_CBADDR MSR is saved and restored by FPU code. So SVM doesn't need to
* intercept it. */
if ( cpu_has_lwp )
svm_disable_intercept_for_msr(v, MSR_AMD64_LWP_CBADDR);
vmcb->_msrpm_base_pa = (u64)virt_to_maddr(arch_svm->msrpm);
vmcb->_iopm_base_pa = (u64)virt_to_maddr(hvm_io_bitmap);
/* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */
vmcb->_vintr.fields.intr_masking = 1;
/* Initialise event injection to no-op. */
vmcb->eventinj.bytes = 0;
/* TSC. */
vmcb->_tsc_offset = 0;
/* Don't need to intercept RDTSC if CPU supports TSC rate scaling */
if ( v->domain->arch.vtsc && !cpu_has_tsc_ratio )
{
vmcb->_general1_intercepts |= GENERAL1_INTERCEPT_RDTSC;
vmcb->_general2_intercepts |= GENERAL2_INTERCEPT_RDTSCP;
}
/* Guest EFER. */
v->arch.hvm_vcpu.guest_efer = 0;
hvm_update_guest_efer(v);
/* Guest segment limits. */
vmcb->cs.limit = ~0u;
vmcb->es.limit = ~0u;
vmcb->ss.limit = ~0u;
vmcb->ds.limit = ~0u;
vmcb->fs.limit = ~0u;
vmcb->gs.limit = ~0u;
/* Guest segment bases. */
vmcb->cs.base = 0;
vmcb->es.base = 0;
vmcb->ss.base = 0;
vmcb->ds.base = 0;
vmcb->fs.base = 0;
vmcb->gs.base = 0;
/* Guest segment AR bytes. */
vmcb->es.attr.bytes = 0xc93; /* read/write, accessed */
vmcb->ss.attr.bytes = 0xc93;
vmcb->ds.attr.bytes = 0xc93;
vmcb->fs.attr.bytes = 0xc93;
vmcb->gs.attr.bytes = 0xc93;
vmcb->cs.attr.bytes = 0xc9b; /* exec/read, accessed */
/* Guest IDT. */
vmcb->idtr.base = 0;
vmcb->idtr.limit = 0;
/* Guest GDT. */
vmcb->gdtr.base = 0;
vmcb->gdtr.limit = 0;
/* Guest LDT. */
vmcb->ldtr.sel = 0;
vmcb->ldtr.base = 0;
vmcb->ldtr.limit = 0;
vmcb->ldtr.attr.bytes = 0;
/* Guest TSS. */
vmcb->tr.attr.bytes = 0x08b; /* 32-bit TSS (busy) */
vmcb->tr.base = 0;
vmcb->tr.limit = 0xff;
v->arch.hvm_vcpu.guest_cr[0] = X86_CR0_PE | X86_CR0_ET;
hvm_update_guest_cr(v, 0);
v->arch.hvm_vcpu.guest_cr[4] = 0;
hvm_update_guest_cr(v, 4);
paging_update_paging_modes(v);
vmcb->_exception_intercepts =
HVM_TRAP_MASK
| (1U << TRAP_no_device);
if ( paging_mode_hap(v->domain) )
{
vmcb->_np_enable = 1; /* enable nested paging */
vmcb->_g_pat = MSR_IA32_CR_PAT_RESET; /* guest PAT */
vmcb->_h_cr3 = pagetable_get_paddr(
p2m_get_pagetable(p2m_get_hostp2m(v->domain)));
/* No point in intercepting CR3 reads/writes. */
vmcb->_cr_intercepts &=
~(CR_INTERCEPT_CR3_READ|CR_INTERCEPT_CR3_WRITE);
/*
* No point in intercepting INVLPG if we don't have shadow pagetables
* that need to be fixed up.
*/
vmcb->_general1_intercepts &= ~GENERAL1_INTERCEPT_INVLPG;
/* PAT is under complete control of SVM when using nested paging. */
svm_disable_intercept_for_msr(v, MSR_IA32_CR_PAT);
}
else
{
vmcb->_exception_intercepts |= (1U << TRAP_page_fault);
}
if ( cpu_has_pause_filter )
{
vmcb->_pause_filter_count = SVM_PAUSEFILTER_INIT;
vmcb->_general1_intercepts |= GENERAL1_INTERCEPT_PAUSE;
}
vmcb->cleanbits.bytes = 0;
return 0;
}
