2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2013 Anish Gupta (akgupt3@gmail.com)
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice unmodified, this list of conditions, and the following
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #define BIT(n) (1ULL << n)
39 * Secure Virtual Machine: AMD64 Programmer's Manual Vol2, Chapter 15
40 * Layout of VMCB: AMD64 Programmer's Manual Vol2, Appendix B
43 /* vmcb_ctrl->intercept[] array indices */
44 #define VMCB_CR_INTCPT 0
45 #define VMCB_DR_INTCPT 1
46 #define VMCB_EXC_INTCPT 2
47 #define VMCB_CTRL1_INTCPT 3
48 #define VMCB_CTRL2_INTCPT 4
50 /* intercept[VMCB_CTRL1_INTCPT] fields */
51 #define VMCB_INTCPT_INTR BIT(0)
52 #define VMCB_INTCPT_NMI BIT(1)
53 #define VMCB_INTCPT_SMI BIT(2)
54 #define VMCB_INTCPT_INIT BIT(3)
55 #define VMCB_INTCPT_VINTR BIT(4)
56 #define VMCB_INTCPT_CR0_WRITE BIT(5)
57 #define VMCB_INTCPT_IDTR_READ BIT(6)
58 #define VMCB_INTCPT_GDTR_READ BIT(7)
59 #define VMCB_INTCPT_LDTR_READ BIT(8)
60 #define VMCB_INTCPT_TR_READ BIT(9)
61 #define VMCB_INTCPT_IDTR_WRITE BIT(10)
62 #define VMCB_INTCPT_GDTR_WRITE BIT(11)
63 #define VMCB_INTCPT_LDTR_WRITE BIT(12)
64 #define VMCB_INTCPT_TR_WRITE BIT(13)
65 #define VMCB_INTCPT_RDTSC BIT(14)
66 #define VMCB_INTCPT_RDPMC BIT(15)
67 #define VMCB_INTCPT_PUSHF BIT(16)
68 #define VMCB_INTCPT_POPF BIT(17)
69 #define VMCB_INTCPT_CPUID BIT(18)
70 #define VMCB_INTCPT_RSM BIT(19)
71 #define VMCB_INTCPT_IRET BIT(20)
72 #define VMCB_INTCPT_INTn BIT(21)
73 #define VMCB_INTCPT_INVD BIT(22)
74 #define VMCB_INTCPT_PAUSE BIT(23)
75 #define VMCB_INTCPT_HLT BIT(24)
76 #define VMCB_INTCPT_INVLPG BIT(25)
77 #define VMCB_INTCPT_INVLPGA BIT(26)
78 #define VMCB_INTCPT_IO BIT(27)
79 #define VMCB_INTCPT_MSR BIT(28)
80 #define VMCB_INTCPT_TASK_SWITCH BIT(29)
81 #define VMCB_INTCPT_FERR_FREEZE BIT(30)
82 #define VMCB_INTCPT_SHUTDOWN BIT(31)
84 /* intercept[VMCB_CTRL2_INTCPT] fields */
85 #define VMCB_INTCPT_VMRUN BIT(0)
86 #define VMCB_INTCPT_VMMCALL BIT(1)
87 #define VMCB_INTCPT_VMLOAD BIT(2)
88 #define VMCB_INTCPT_VMSAVE BIT(3)
89 #define VMCB_INTCPT_STGI BIT(4)
90 #define VMCB_INTCPT_CLGI BIT(5)
91 #define VMCB_INTCPT_SKINIT BIT(6)
92 #define VMCB_INTCPT_RDTSCP BIT(7)
93 #define VMCB_INTCPT_ICEBP BIT(8)
94 #define VMCB_INTCPT_WBINVD BIT(9)
95 #define VMCB_INTCPT_MONITOR BIT(10)
96 #define VMCB_INTCPT_MWAIT BIT(11)
97 #define VMCB_INTCPT_MWAIT_ARMED BIT(12)
98 #define VMCB_INTCPT_XSETBV BIT(13)
100 /* VMCB TLB control */
101 #define VMCB_TLB_FLUSH_NOTHING 0 /* Flush nothing */
102 #define VMCB_TLB_FLUSH_ALL 1 /* Flush entire TLB */
103 #define VMCB_TLB_FLUSH_GUEST 3 /* Flush all guest entries */
104 #define VMCB_TLB_FLUSH_GUEST_NONGLOBAL 7 /* Flush guest non-PG entries */
106 /* VMCB state caching */
107 #define VMCB_CACHE_NONE 0 /* No caching */
108 #define VMCB_CACHE_I BIT(0) /* Intercept, TSC off, Pause filter */
109 #define VMCB_CACHE_IOPM BIT(1) /* I/O and MSR permission */
110 #define VMCB_CACHE_ASID BIT(2) /* ASID */
111 #define VMCB_CACHE_TPR BIT(3) /* V_TPR to V_INTR_VECTOR */
112 #define VMCB_CACHE_NP BIT(4) /* Nested Paging */
113 #define VMCB_CACHE_CR BIT(5) /* CR0, CR3, CR4 & EFER */
114 #define VMCB_CACHE_DR BIT(6) /* Debug registers */
115 #define VMCB_CACHE_DT BIT(7) /* GDT/IDT */
116 #define VMCB_CACHE_SEG BIT(8) /* User segments, CPL */
117 #define VMCB_CACHE_CR2 BIT(9) /* page fault address */
118 #define VMCB_CACHE_LBR BIT(10) /* Last branch */
120 /* VMCB control event injection */
121 #define VMCB_EVENTINJ_EC_VALID BIT(11) /* Error Code valid */
122 #define VMCB_EVENTINJ_VALID BIT(31) /* Event valid */
124 /* Event types that can be injected */
125 #define VMCB_EVENTINJ_TYPE_INTR 0
126 #define VMCB_EVENTINJ_TYPE_NMI 2
127 #define VMCB_EVENTINJ_TYPE_EXCEPTION 3
128 #define VMCB_EVENTINJ_TYPE_INTn 4
130 /* VMCB exit code, APM vol2 Appendix C */
131 #define VMCB_EXIT_MC 0x52
132 #define VMCB_EXIT_INTR 0x60
133 #define VMCB_EXIT_NMI 0x61
134 #define VMCB_EXIT_VINTR 0x64
135 #define VMCB_EXIT_PUSHF 0x70
136 #define VMCB_EXIT_POPF 0x71
137 #define VMCB_EXIT_CPUID 0x72
138 #define VMCB_EXIT_IRET 0x74
139 #define VMCB_EXIT_INVD 0x76
140 #define VMCB_EXIT_PAUSE 0x77
141 #define VMCB_EXIT_HLT 0x78
142 #define VMCB_EXIT_INVLPGA 0x7A
143 #define VMCB_EXIT_IO 0x7B
144 #define VMCB_EXIT_MSR 0x7C
145 #define VMCB_EXIT_SHUTDOWN 0x7F
146 #define VMCB_EXIT_VMRUN 0x80
147 #define VMCB_EXIT_VMMCALL 0x81
148 #define VMCB_EXIT_VMLOAD 0x82
149 #define VMCB_EXIT_VMSAVE 0x83
150 #define VMCB_EXIT_STGI 0x84
151 #define VMCB_EXIT_CLGI 0x85
152 #define VMCB_EXIT_SKINIT 0x86
153 #define VMCB_EXIT_ICEBP 0x88
154 #define VMCB_EXIT_MONITOR 0x8A
155 #define VMCB_EXIT_MWAIT 0x8B
156 #define VMCB_EXIT_NPF 0x400
157 #define VMCB_EXIT_INVALID -1
161 * Bit definitions to decode EXITINFO1.
163 #define VMCB_NPF_INFO1_P BIT(0) /* Nested page present. */
164 #define VMCB_NPF_INFO1_W BIT(1) /* Access was write. */
165 #define VMCB_NPF_INFO1_U BIT(2) /* Access was user access. */
166 #define VMCB_NPF_INFO1_RSV BIT(3) /* Reserved bits present. */
167 #define VMCB_NPF_INFO1_ID BIT(4) /* Code read. */
169 #define VMCB_NPF_INFO1_GPA BIT(32) /* Guest physical address. */
170 #define VMCB_NPF_INFO1_GPT BIT(33) /* Guest page table. */
173 * EXITINTINFO, Interrupt exit info for all intrecepts.
174 * Section 15.7.2, Intercepts during IDT Interrupt Delivery.
176 #define VMCB_EXITINTINFO_VECTOR(x) ((x) & 0xFF)
177 #define VMCB_EXITINTINFO_TYPE(x) (((x) >> 8) & 0x7)
178 #define VMCB_EXITINTINFO_EC_VALID(x) (((x) & BIT(11)) ? 1 : 0)
179 #define VMCB_EXITINTINFO_VALID(x) (((x) & BIT(31)) ? 1 : 0)
180 #define VMCB_EXITINTINFO_EC(x) (((x) >> 32) & 0xFFFFFFFF)
182 /* Offset of various VMCB fields. */
183 #define VMCB_OFF_CTRL(x) (x)
184 #define VMCB_OFF_STATE(x) ((x) + 0x400)
186 #define VMCB_OFF_CR_INTERCEPT VMCB_OFF_CTRL(0x0)
187 #define VMCB_OFF_DR_INTERCEPT VMCB_OFF_CTRL(0x4)
188 #define VMCB_OFF_EXC_INTERCEPT VMCB_OFF_CTRL(0x8)
189 #define VMCB_OFF_INST1_INTERCEPT VMCB_OFF_CTRL(0xC)
190 #define VMCB_OFF_INST2_INTERCEPT VMCB_OFF_CTRL(0x10)
191 #define VMCB_OFF_IO_PERM VMCB_OFF_CTRL(0x40)
192 #define VMCB_OFF_MSR_PERM VMCB_OFF_CTRL(0x48)
193 #define VMCB_OFF_TSC_OFFSET VMCB_OFF_CTRL(0x50)
194 #define VMCB_OFF_ASID VMCB_OFF_CTRL(0x58)
195 #define VMCB_OFF_TLB_CTRL VMCB_OFF_CTRL(0x5C)
196 #define VMCB_OFF_VIRQ VMCB_OFF_CTRL(0x60)
197 #define VMCB_OFF_EXIT_REASON VMCB_OFF_CTRL(0x70)
198 #define VMCB_OFF_EXITINFO1 VMCB_OFF_CTRL(0x78)
199 #define VMCB_OFF_EXITINFO2 VMCB_OFF_CTRL(0x80)
200 #define VMCB_OFF_EXITINTINFO VMCB_OFF_CTRL(0x88)
201 #define VMCB_OFF_AVIC_BAR VMCB_OFF_CTRL(0x98)
202 #define VMCB_OFF_NPT_BASE VMCB_OFF_CTRL(0xB0)
203 #define VMCB_OFF_AVIC_PAGE VMCB_OFF_CTRL(0xE0)
204 #define VMCB_OFF_AVIC_LT VMCB_OFF_CTRL(0xF0)
205 #define VMCB_OFF_AVIC_PT VMCB_OFF_CTRL(0xF8)
206 #define VMCB_OFF_SYSENTER_CS VMCB_OFF_STATE(0x228)
207 #define VMCB_OFF_SYSENTER_ESP VMCB_OFF_STATE(0x230)
208 #define VMCB_OFF_SYSENTER_EIP VMCB_OFF_STATE(0x238)
209 #define VMCB_OFF_GUEST_PAT VMCB_OFF_STATE(0x268)
212 * Encode the VMCB offset and bytes that we want to read from VMCB.
214 #define VMCB_ACCESS(o, w) (0x80000000 | (((w) & 0xF) << 16) | \
216 #define VMCB_ACCESS_OK(v) ((v) & 0x80000000 )
217 #define VMCB_ACCESS_BYTES(v) (((v) >> 16) & 0xF)
218 #define VMCB_ACCESS_OFFSET(v) ((v) & 0xFFF)
221 /* VMCB save state area segment format */
222 struct vmcb_segment {
227 } __attribute__ ((__packed__));
228 CTASSERT(sizeof(struct vmcb_segment) == 16);
230 /* Code segment descriptor attribute in 12 bit format as saved by VMCB. */
231 #define VMCB_CS_ATTRIB_L BIT(9) /* Long mode. */
232 #define VMCB_CS_ATTRIB_D BIT(10) /* OPerand size bit. */
235 * The VMCB is divided into two areas - the first one contains various
236 * control bits including the intercept vector and the second one contains
240 /* VMCB control area - padded up to 1024 bytes */
242 uint32_t intercept[5]; /* all intercepts */
243 uint8_t pad1[0x28]; /* Offsets 0x14-0x3B are reserved. */
244 uint16_t pause_filthresh; /* Offset 0x3C, PAUSE filter threshold */
245 uint16_t pause_filcnt; /* Offset 0x3E, PAUSE filter count */
246 uint64_t iopm_base_pa; /* 0x40: IOPM_BASE_PA */
247 uint64_t msrpm_base_pa; /* 0x48: MSRPM_BASE_PA */
248 uint64_t tsc_offset; /* 0x50: TSC_OFFSET */
249 uint32_t asid; /* 0x58: Guest ASID */
250 uint8_t tlb_ctrl; /* 0x5C: TLB_CONTROL */
251 uint8_t pad2[3]; /* 0x5D-0x5F: Reserved. */
252 uint8_t v_tpr; /* 0x60: V_TPR, guest CR8 */
253 uint8_t v_irq:1; /* Is virtual interrupt pending? */
254 uint8_t :7; /* Padding */
255 uint8_t v_intr_prio:4; /* 0x62: Priority for virtual interrupt. */
258 uint8_t v_intr_masking:1; /* Guest and host sharing of RFLAGS. */
260 uint8_t v_intr_vector; /* 0x64: Vector for virtual interrupt. */
261 uint8_t pad3[3]; /* 0x65-0x67 Reserved. */
262 uint64_t intr_shadow:1; /* 0x68: Interrupt shadow, section15.2.1 APM2 */
264 uint64_t exitcode; /* 0x70, Exitcode */
265 uint64_t exitinfo1; /* 0x78, EXITINFO1 */
266 uint64_t exitinfo2; /* 0x80, EXITINFO2 */
267 uint64_t exitintinfo; /* 0x88, Interrupt exit value. */
268 uint64_t np_enable:1; /* 0x90, Nested paging enable. */
270 uint8_t pad4[0x10]; /* 0x98-0xA7 reserved. */
271 uint64_t eventinj; /* 0xA8, Event injection. */
272 uint64_t n_cr3; /* B0, Nested page table. */
273 uint64_t lbr_virt_en:1; /* Enable LBR virtualization. */
275 uint32_t vmcb_clean; /* 0xC0: VMCB clean bits for caching */
276 uint32_t :32; /* 0xC4: Reserved */
277 uint64_t nrip; /* 0xC8: Guest next nRIP. */
278 uint8_t inst_len; /* 0xD0: #NPF decode assist */
279 uint8_t inst_bytes[15];
280 uint8_t padd6[0x320];
281 } __attribute__ ((__packed__));
282 CTASSERT(sizeof(struct vmcb_ctrl) == 1024);
285 struct vmcb_segment es;
286 struct vmcb_segment cs;
287 struct vmcb_segment ss;
288 struct vmcb_segment ds;
289 struct vmcb_segment fs;
290 struct vmcb_segment gs;
291 struct vmcb_segment gdt;
292 struct vmcb_segment ldt;
293 struct vmcb_segment idt;
294 struct vmcb_segment tr;
295 uint8_t pad1[0x2b]; /* Reserved: 0xA0-0xCA */
299 uint8_t pad3[0x70]; /* Reserved: 0xd8-0x147 */
301 uint64_t cr3; /* Guest CR3 */
307 uint8_t pad4[0x58]; /* Reserved: 0x180-0x1D7 */
309 uint8_t pad5[0x18]; /* Reserved 0x1E0-0x1F7 */
315 uint64_t kernelgsbase;
316 uint64_t sysenter_cs;
317 uint64_t sysenter_esp;
318 uint64_t sysenter_eip;
327 uint8_t pad7[0x968]; /* Reserved up to end of VMCB */
328 } __attribute__ ((__packed__));
329 CTASSERT(sizeof(struct vmcb_state) == 0xC00);
332 struct vmcb_ctrl ctrl;
333 struct vmcb_state state;
334 } __attribute__ ((__packed__));
335 CTASSERT(sizeof(struct vmcb) == PAGE_SIZE);
336 CTASSERT(offsetof(struct vmcb, state) == 0x400);
338 int vmcb_read(struct svm_softc *sc, int vcpu, int ident, uint64_t *retval);
339 int vmcb_write(struct svm_softc *sc, int vcpu, int ident, uint64_t val);
340 int vmcb_setdesc(void *arg, int vcpu, int ident, struct seg_desc *desc);
341 int vmcb_getdesc(void *arg, int vcpu, int ident, struct seg_desc *desc);
342 int vmcb_seg(struct vmcb *vmcb, int ident, struct vmcb_segment *seg);
345 #endif /* _VMCB_H_ */
projects / FreeBSD / FreeBSD.git / blob