openwrt/staging/blogic.git
13 years agoKVM: PPC: Move guest enter/exit down into subarch-specific code
Paul Mackerras [Wed, 29 Jun 2011 00:19:50 +0000 (00:19 +0000)]
KVM: PPC: Move guest enter/exit down into subarch-specific code

Instead of doing the kvm_guest_enter/exit() and local_irq_dis/enable()
calls in powerpc.c, this moves them down into the subarch-specific
book3s_pr.c and booke.c.  This eliminates an extra local_irq_enable()
call in book3s_pr.c, and will be needed for when we do SMT4 guest
support in the book3s hypervisor mode code.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: Pass init/destroy vm and prepare/commit memory region ops down
Paul Mackerras [Wed, 29 Jun 2011 00:19:22 +0000 (00:19 +0000)]
KVM: PPC: Pass init/destroy vm and prepare/commit memory region ops down

This arranges for the top-level arch/powerpc/kvm/powerpc.c file to
pass down some of the calls it gets to the lower-level subarchitecture
specific code.  The lower-level implementations (in booke.c and book3s.c)
are no-ops.  The coming book3s_hv.c will need this.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: Deliver program interrupts right away instead of queueing them
Paul Mackerras [Wed, 29 Jun 2011 00:18:52 +0000 (00:18 +0000)]
KVM: PPC: Deliver program interrupts right away instead of queueing them

Doing so means that we don't have to save the flags anywhere and gets
rid of the last reference to to_book3s(vcpu) in arch/powerpc/kvm/book3s.c.

Doing so is OK because a program interrupt won't be generated at the
same time as any other synchronous interrupt.  If a program interrupt
and an asynchronous interrupt (external or decrementer) are generated
at the same time, the program interrupt will be delivered, which is
correct because it has a higher priority, and then the asynchronous
interrupt will be masked.

We don't ever generate system reset or machine check interrupts to the
guest, but if we did, then we would need to make sure they got delivered
rather than the program interrupt.  The current code would be wrong in
this situation anyway since it would deliver the program interrupt as
well as the reset/machine check interrupt.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agopowerpc, KVM: Rework KVM checks in first-level interrupt handlers
Paul Mackerras [Wed, 29 Jun 2011 00:18:26 +0000 (00:18 +0000)]
powerpc, KVM: Rework KVM checks in first-level interrupt handlers

Instead of branching out-of-line with the DO_KVM macro to check if we
are in a KVM guest at the time of an interrupt, this moves the KVM
check inline in the first-level interrupt handlers.  This speeds up
the non-KVM case and makes sure that none of the interrupt handlers
are missing the check.

Because the first-level interrupt handlers are now larger, some things
had to be move out of line in exceptions-64s.S.

This all necessitated some minor changes to the interrupt entry code
in KVM.  This also streamlines the book3s_32 KVM test.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: Split out code from book3s.c into book3s_pr.c
Paul Mackerras [Wed, 29 Jun 2011 00:17:58 +0000 (00:17 +0000)]
KVM: PPC: Split out code from book3s.c into book3s_pr.c

In preparation for adding code to enable KVM to use hypervisor mode
on 64-bit Book 3S processors, this splits book3s.c into two files,
book3s.c and book3s_pr.c, where book3s_pr.c contains the code that is
specific to running the guest in problem state (user mode) and book3s.c
contains code which should apply to all Book 3S processors.

In doing this, we abstract some details, namely the interrupt offset,
updating the interrupt pending flag, and detecting if the guest is
in a critical section.  These are all things that will be different
when we use hypervisor mode.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: Move fields between struct kvm_vcpu_arch and kvmppc_vcpu_book3s
Paul Mackerras [Wed, 29 Jun 2011 00:17:33 +0000 (00:17 +0000)]
KVM: PPC: Move fields between struct kvm_vcpu_arch and kvmppc_vcpu_book3s

This moves the slb field, which represents the state of the emulated
SLB, from the kvmppc_vcpu_book3s struct to the kvm_vcpu_arch, and the
hpte_hash_[v]pte[_long] fields from kvm_vcpu_arch to kvmppc_vcpu_book3s.
This is in accord with the principle that the kvm_vcpu_arch struct
represents the state of the emulated CPU, and the kvmppc_vcpu_book3s
struct holds the auxiliary data structures used in the emulation.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: Fix machine checks on 32-bit Book3S
Paul Mackerras [Wed, 29 Jun 2011 00:16:42 +0000 (00:16 +0000)]
KVM: PPC: Fix machine checks on 32-bit Book3S

Commit 69acc0d3ba ("KVM: PPC: Resolve real-mode handlers through
function exports") resulted in vcpu->arch.trampoline_lowmem and
vcpu->arch.trampoline_enter ending up with kernel virtual addresses
rather than physical addresses.  This is OK on 64-bit Book3S machines,
which ignore the top 4 bits of the effective address in real mode,
but on 32-bit Book3S machines, accessing these addresses in real mode
causes machine check interrupts, as the hardware uses the whole
effective address as the physical address in real mode.

This fixes the problem by using __pa() to convert these addresses
to physical addresses.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: MMU: Introduce is_last_gpte() to clean up walk_addr_generic()
Takuya Yoshikawa [Thu, 30 Jun 2011 16:37:24 +0000 (01:37 +0900)]
KVM: MMU: Introduce is_last_gpte() to clean up walk_addr_generic()

Suggested by Ingo and Avi.

Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: Rename the walk label in walk_addr_generic()
Takuya Yoshikawa [Thu, 30 Jun 2011 16:36:07 +0000 (01:36 +0900)]
KVM: MMU: Rename the walk label in walk_addr_generic()

The current name does not explain the meaning well.  So give it a better
name "retry_walk" to show that we are trying the walk again.

This was suggested by Ingo Molnar.

Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: Clean up the error handling of walk_addr_generic()
Takuya Yoshikawa [Thu, 30 Jun 2011 16:34:56 +0000 (01:34 +0900)]
KVM: MMU: Clean up the error handling of walk_addr_generic()

Avoid two step jump to the error handling part.  This eliminates the use
of the variables present and rsvd_fault.

We also use the const type qualifier to show that write/user/fetch_fault
do not change in the function.

Both of these were suggested by Ingo Molnar.

Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoRevert "KVM: MMU: make kvm_mmu_reset_context() flush the guest TLB"
Marcelo Tosatti [Tue, 21 Jun 2011 17:00:10 +0000 (14:00 -0300)]
Revert "KVM: MMU: make kvm_mmu_reset_context() flush the guest TLB"

This reverts commit bee931d31e588b8eb86b7edee32fac2d16930cd7.

TLB flush should be done lazily during guest entry, in
kvm_mmu_load().

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: PPC: e500: Don't search over the entire TLB0.
Scott Wood [Tue, 14 Jun 2011 23:35:20 +0000 (18:35 -0500)]
KVM: PPC: e500: Don't search over the entire TLB0.

Only look in the 4 entries that could possibly contain the
entry we're looking for.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: Add shadow PID support
Liu Yu [Tue, 14 Jun 2011 23:35:14 +0000 (18:35 -0500)]
KVM: PPC: e500: Add shadow PID support

Dynamically assign host PIDs to guest PIDs, splitting each guest PID into
multiple host (shadow) PIDs based on kernel/user and MSR[IS/DS].  Use
both PID0 and PID1 so that the shadow PIDs for the right mode can be
selected, that correspond both to guest TID = zero and guest TID = guest
PID.

This allows us to significantly reduce the frequency of needing to
invalidate the entire TLB.  When the guest mode or PID changes, we just
update the host PID0/PID1.  And since the allocation of shadow PIDs is
global, multiple guests can share the TLB without conflict.

Note that KVM does not yet support the guest setting PID1 or PID2 to
a value other than zero.  This will need to be fixed for nested KVM
to work.  Until then, we enforce the requirement for guest PID1/PID2
to stay zero by failing the emulation if the guest tries to set them
to something else.

Signed-off-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: Stop keeping shadow TLB
Liu Yu [Tue, 14 Jun 2011 23:34:59 +0000 (18:34 -0500)]
KVM: PPC: e500: Stop keeping shadow TLB

Instead of a fully separate set of TLB entries, keep just the
pfn and dirty status.

Signed-off-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: enable magic page
Scott Wood [Tue, 14 Jun 2011 23:34:41 +0000 (18:34 -0500)]
KVM: PPC: e500: enable magic page

This is a shared page used for paravirtualization.  It is always present
in the guest kernel's effective address space at the address indicated
by the hypercall that enables it.

The physical address specified by the hypercall is not used, as
e500 does not have real mode.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: Support large page mappings of PFNMAP vmas.
Scott Wood [Tue, 14 Jun 2011 23:34:39 +0000 (18:34 -0500)]
KVM: PPC: e500: Support large page mappings of PFNMAP vmas.

This allows large pages to be used on guest mappings backed by things like
/dev/mem, resulting in a significant speedup when guest memory
is mapped this way (it's useful for directly-assigned MMIO, too).

This is not a substitute for hugetlbfs integration, but is useful for
configurations where devices are directly assigned on chips without an
IOMMU -- in these cases, we need guest physical and true physical to
match, and be contiguous, so static reservation and mapping via /dev/mem
is the most straightforward way to set things up.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: Eliminate shadow_pages[], and use pfns instead.
Scott Wood [Tue, 14 Jun 2011 23:34:37 +0000 (18:34 -0500)]
KVM: PPC: e500: Eliminate shadow_pages[], and use pfns instead.

This is in line with what other architectures do, and will allow us to
map things other than ordinary, unreserved kernel pages -- such as
dedicated devices, or large contiguous reserved regions.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: don't use MAS0 as intermediate storage.
Scott Wood [Tue, 14 Jun 2011 23:34:35 +0000 (18:34 -0500)]
KVM: PPC: e500: don't use MAS0 as intermediate storage.

This avoids races.  It also means that we use the shadow TLB way,
rather than the hardware hint -- if this is a problem, we could do
a tlbsx before inserting a TLB0 entry.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: Disable preloading TLB1 in tlb_load().
Scott Wood [Tue, 14 Jun 2011 23:34:34 +0000 (18:34 -0500)]
KVM: PPC: e500: Disable preloading TLB1 in tlb_load().

Since TLB1 loading doesn't check the shadow TLB before allocating another
entry, you can get duplicates.

Once shadow PIDs are enabled in a later patch, we won't need to
invalidate the TLB on every switch, so this optimization won't be
needed anyway.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: e500: Save/restore SPE state
Scott Wood [Tue, 14 Jun 2011 23:34:31 +0000 (18:34 -0500)]
KVM: PPC: e500: Save/restore SPE state

This is done lazily.  The SPE save will be done only if the guest has
used SPE since the last preemption or heavyweight exit.  Restore will be
done only on demand, when enabling MSR_SPE in the shadow MSR, in response
to an SPE fault or mtmsr emulation.

For SPEFSCR, Linux already switches it on context switch (non-lazily), so
the only remaining bit is to save it between qemu and the guest.

Signed-off-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: booke: use shadow_msr
Scott Wood [Tue, 14 Jun 2011 23:34:29 +0000 (18:34 -0500)]
KVM: PPC: booke: use shadow_msr

Keep the guest MSR and the guest-mode true MSR separate, rather than
modifying the guest MSR on each guest entry to produce a true MSR.

Any bits which should be modified based on guest MSR must be explicitly
propagated from vcpu->arch.shared->msr to vcpu->arch.shadow_msr in
kvmppc_set_msr().

While we're modifying the guest entry code, reorder a few instructions
to bury some load latencies.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agopowerpc/e500: SPE register saving: take arbitrary struct offset
Scott Wood [Tue, 14 Jun 2011 23:34:27 +0000 (18:34 -0500)]
powerpc/e500: SPE register saving: take arbitrary struct offset

Previously, these macros hardcoded THREAD_EVR0 as the base of the save
area, relative to the base register passed.  This base offset is now
passed as a separate macro parameter, allowing reuse with other SPE
save areas, such as used by KVM.

Acked-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agopowerpc/e500: Save SPEFCSR in flush_spe_to_thread()
yu liu [Tue, 14 Jun 2011 23:34:25 +0000 (18:34 -0500)]
powerpc/e500: Save SPEFCSR in flush_spe_to_thread()

giveup_spe() saves the SPE state which is protected by MSR[SPE].
However, modifying SPEFSCR does not trap when MSR[SPE]=0.
And since SPEFSCR is already saved/restored in _switch(),
not all the callers want to save SPEFSCR again.
Thus, saving SPEFSCR should not belong to giveup_spe().

This patch moves SPEFSCR saving to flush_spe_to_thread(),
and cleans up the caller that needs to save SPEFSCR accordingly.

Signed-off-by: Liu Yu <yu.liu@freescale.com>
Acked-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: Resolve real-mode handlers through function exports
Alexander Graf [Tue, 7 Jun 2011 18:45:34 +0000 (20:45 +0200)]
KVM: PPC: Resolve real-mode handlers through function exports

Up until now, Book3S KVM had variables stored in the kernel that a kernel module
or the kvm code in the kernel could read from to figure out where some real mode
helper functions are located.

This is all unnecessary. The high bits of the EA get ignore in real mode, so we
can just use the pointer as is. Also, it's a lot easier on relocations when we
use the normal way of resolving the address to a function, instead of jumping
through hoops.

This patch fixes compilation with CONFIG_RELOCATABLE=y.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: PPC: fix partial application of "exit timing in ticks"
Stuart Yoder [Tue, 17 May 2011 23:26:00 +0000 (18:26 -0500)]
KVM: PPC: fix partial application of "exit timing in ticks"

When http://www.spinics.net/lists/kvm-ppc/msg02664.html
was applied to produce commit b51e7aa7ed6d8d134d02df78300ab0f91cfff4d2,
the removal of the conversion in add_exit_timing was left out.

Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoKVM: MMU: make kvm_mmu_reset_context() flush the guest TLB
Avi Kivity [Sun, 12 Jun 2011 15:14:08 +0000 (18:14 +0300)]
KVM: MMU: make kvm_mmu_reset_context() flush the guest TLB

kvm_set_cr0() and kvm_set_cr4(), and possible other functions,
assume that kvm_mmu_reset_context() flushes the guest TLB.  However,
it does not.

Fix by flushing the tlb (and syncing the new root as well).

Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: MMU: Adjust shadow paging to work when SMEP=1 and CR0.WP=0
Avi Kivity [Mon, 6 Jun 2011 13:11:54 +0000 (16:11 +0300)]
KVM: MMU: Adjust shadow paging to work when SMEP=1 and CR0.WP=0

When CR0.WP=0, we sometimes map user pages as kernel pages (to allow
the kernel to write to them).  Unfortunately this also allows the kernel
to fetch from these pages, even if CR4.SMEP is set.

Adjust for this by also setting NX on the spte in these circumstances.

Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Enable ERMS feature support for KVM
Yang, Wei [Tue, 14 Jun 2011 07:19:06 +0000 (15:19 +0800)]
KVM: Enable ERMS feature support for KVM

This patch exposes ERMS feature to KVM guests.

The REP MOVSB/STOSB instruction can enhance fast strings attempts to
move as much of the data with larger size load/stores as possible.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Expose RDWRGSFS bit to KVM guests
Yang, Wei [Tue, 14 Jun 2011 12:10:19 +0000 (20:10 +0800)]
KVM: Expose RDWRGSFS bit to KVM guests

This patch exposes RDWRGSFS bit to KVM guests.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Add RDWRGSFS support when setting CR4
Yang, Wei [Tue, 14 Jun 2011 12:10:18 +0000 (20:10 +0800)]
KVM: Add RDWRGSFS support when setting CR4

This patch adds RDWRGSFS support when setting CR4.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Remove RDWRGSFS bit from CR4_RESERVED_BITS
Yang, Wei [Tue, 14 Jun 2011 12:10:17 +0000 (20:10 +0800)]
KVM: Remove RDWRGSFS bit from CR4_RESERVED_BITS

This patch removes RDWRGSFS bit from CR4_RESERVED_BITS.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Enable DRNG feature support for KVM
Yang, Wei Y [Mon, 13 Jun 2011 13:52:33 +0000 (21:52 +0800)]
KVM: Enable DRNG feature support for KVM

This patch exposes DRNG feature to KVM guests.

The RDRAND instruction can provide software with sequences of
random numbers generated from white noise.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: fix XSAVE bit scanning (now properly)
Andre Przywara [Fri, 10 Jun 2011 09:35:30 +0000 (11:35 +0200)]
KVM: fix XSAVE bit scanning (now properly)

commit 123108f1c1aafd51d6a5c79cc04d7999dd88a930 tried to fix KVMs
XSAVE valid feature scanning, but it was wrong. It was not considering
the sparse nature of this bitfield, instead reading values from
uninitialized members of the entries array.
This patch now separates subleaf indicies from KVM's array indicies
and fills the entry before querying it's value.
This fixes AVX support in KVM guests.

Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Fix KVM_ASSIGN_SET_MSIX_ENTRY documentation
Jan Kiszka [Sat, 11 Jun 2011 10:24:24 +0000 (12:24 +0200)]
KVM: Fix KVM_ASSIGN_SET_MSIX_ENTRY documentation

The documented behavior did not match the implemented one (which also
never changed).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Fix off-by-one in overflow check of KVM_ASSIGN_SET_MSIX_NR
Jan Kiszka [Sat, 11 Jun 2011 10:23:55 +0000 (12:23 +0200)]
KVM: Fix off-by-one in overflow check of KVM_ASSIGN_SET_MSIX_NR

KVM_MAX_MSIX_PER_DEV implies that up to that many MSI-X entries can be
requested. But the kernel so far rejected already the upper limit.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Add compat ioctl for KVM_SET_SIGNAL_MASK
Alexander Graf [Wed, 8 Jun 2011 00:45:37 +0000 (02:45 +0200)]
KVM: Add compat ioctl for KVM_SET_SIGNAL_MASK

KVM has an ioctl to define which signal mask should be used while running
inside VCPU_RUN. At least for big endian systems, this mask is different
on 32-bit and 64-bit systems (though the size is identical).

Add a compat wrapper that converts the mask to whatever the kernel accepts,
allowing 32-bit kvm user space to set signal masks.

This patch fixes qemu with --enable-io-thread on ppc64 hosts when running
32-bit user land.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Clarify KVM_ASSIGN_PCI_DEVICE documentation
Jan Kiszka [Fri, 3 Jun 2011 06:51:05 +0000 (08:51 +0200)]
KVM: Clarify KVM_ASSIGN_PCI_DEVICE documentation

Neither host_irq nor the guest_msi struct are used anymore today.
Tag the former, drop the latter to avoid confusion.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Add instruction fetch checking when walking guest page table
Yang, Wei Y [Fri, 3 Jun 2011 03:14:16 +0000 (11:14 +0800)]
KVM: Add instruction fetch checking when walking guest page table

This patch adds instruction fetch checking when walking guest page table,
to implement SMEP when emulating instead of executing natively.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Shan, Haitao <haitao.shan@intel.com>
Signed-off-by: Li, Xin <xin.li@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Mask function7 ebx against host capability word9
Yang, Wei Y [Fri, 3 Jun 2011 03:14:03 +0000 (11:14 +0800)]
KVM: Mask function7 ebx against host capability word9

This patch masks CPUID leaf 7 ebx against host capability word9.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Shan, Haitao <haitao.shan@intel.com>
Signed-off-by: Li, Xin <xin.li@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Add SMEP support when setting CR4
Yang, Wei Y [Fri, 3 Jun 2011 03:13:42 +0000 (11:13 +0800)]
KVM: Add SMEP support when setting CR4

This patch adds SMEP handling when setting CR4.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Shan, Haitao <haitao.shan@intel.com>
Signed-off-by: Li, Xin <xin.li@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Remove SMEP bit from CR4_RESERVED_BITS
Yang, Wei Y [Fri, 3 Jun 2011 03:13:35 +0000 (11:13 +0800)]
KVM: Remove SMEP bit from CR4_RESERVED_BITS

This patch removes SMEP bit from CR4_RESERVED_BITS.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Signed-off-by: Shan, Haitao <haitao.shan@intel.com>
Signed-off-by: Li, Xin <xin.li@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: nVMX: Fix bug preventing more than two levels of nesting
Nadav Har'El [Thu, 2 Jun 2011 08:54:52 +0000 (11:54 +0300)]
KVM: nVMX: Fix bug preventing more than two levels of nesting

The nested VMX feature is supposed to fully emulate VMX for the guest. This
(theoretically) not only allows it to run its own guests, but also also
to further emulate VMX for its own guests, and allow arbitrarily deep nesting.

This patch fixes a bug (discovered by Kevin Tian) in handling a VMLAUNCH
by L2, which prevented deeper nesting.

Deeper nesting now works (I only actually tested L3), but is currently
*absurdly* slow, to the point of being unusable.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: Fixup documentation section numbering
Jan Kiszka [Thu, 2 Jun 2011 14:16:20 +0000 (16:16 +0200)]
KVM: Fixup documentation section numbering

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: fold decode_cache into x86_emulate_ctxt
Avi Kivity [Wed, 1 Jun 2011 12:34:25 +0000 (15:34 +0300)]
KVM: x86 emulator: fold decode_cache into x86_emulate_ctxt

This saves a lot of pointless casts x86_emulate_ctxt and decode_cache.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: rename decode_cache::eip to _eip
Avi Kivity [Wed, 1 Jun 2011 12:34:24 +0000 (15:34 +0300)]
KVM: x86 emulator: rename decode_cache::eip to _eip

The name eip conflicts with a field of the same name in x86_emulate_ctxt,
which we plan to fold decode_cache into.

The name _eip is unfortunate, but what's really needed is a refactoring
here, not a better name.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: VMX: Silence warning on 32-bit hosts
Jan Kiszka [Wed, 1 Jun 2011 10:57:30 +0000 (12:57 +0200)]
KVM: VMX: Silence warning on 32-bit hosts

a is unused now on CONFIG_X86_32.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for CLI/STI(FA/FB)
Takuya Yoshikawa [Sun, 29 May 2011 13:05:15 +0000 (22:05 +0900)]
KVM: x86 emulator: Use opcode::execute for CLI/STI(FA/FB)

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for LOOP/JCXZ
Takuya Yoshikawa [Sun, 29 May 2011 13:04:08 +0000 (22:04 +0900)]
KVM: x86 emulator: Use opcode::execute for LOOP/JCXZ

  LOOP/LOOPcc      : E0-E2
  JCXZ/JECXZ/JRCXZ : E3

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Clean up INT n/INTO/INT 3(CC/CD/CE)
Takuya Yoshikawa [Sun, 29 May 2011 13:02:55 +0000 (22:02 +0900)]
KVM: x86 emulator: Clean up INT n/INTO/INT 3(CC/CD/CE)

Call emulate_int() directly to avoid spaghetti goto's.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for MOV(8C/8E)
Takuya Yoshikawa [Sun, 29 May 2011 13:01:33 +0000 (22:01 +0900)]
KVM: x86 emulator: Use opcode::execute for MOV(8C/8E)

Different functions for those which take segment register operands.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for RET(C3)
Takuya Yoshikawa [Sun, 29 May 2011 13:00:22 +0000 (22:00 +0900)]
KVM: x86 emulator: Use opcode::execute for RET(C3)

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for XCHG(86/87)
Takuya Yoshikawa [Sun, 29 May 2011 12:59:09 +0000 (21:59 +0900)]
KVM: x86 emulator: Use opcode::execute for XCHG(86/87)

In addition, replace one "goto xchg" with an em_xchg() call.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for TEST(84/85, A8/A9)
Takuya Yoshikawa [Sun, 29 May 2011 12:57:53 +0000 (21:57 +0900)]
KVM: x86 emulator: Use opcode::execute for TEST(84/85, A8/A9)

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use opcode::execute for some instructions
Takuya Yoshikawa [Sun, 29 May 2011 12:56:26 +0000 (21:56 +0900)]
KVM: x86 emulator: Use opcode::execute for some instructions

Move the following functions to the opcode tables:

  RET (Far return) : CB
  IRET             : CF
  JMP (Jump far)   : EA

  SYSCALL          : 0F 05
  CLTS             : 0F 06
  SYSENTER         : 0F 34
  SYSEXIT          : 0F 35

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Rename emulate_xxx() to em_xxx()
Takuya Yoshikawa [Sun, 29 May 2011 12:55:10 +0000 (21:55 +0900)]
KVM: x86 emulator: Rename emulate_xxx() to em_xxx()

The next patch will change these to be called by opcode::execute.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Use the pointers ctxt and c consistently
Takuya Yoshikawa [Sun, 29 May 2011 12:53:48 +0000 (21:53 +0900)]
KVM: x86 emulator: Use the pointers ctxt and c consistently

We should use the local variables ctxt and c when the emulate_ctxt and
decode appears many times.  At least, we need to be consistent about
how we use these in a function.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: Document KVM_IOEVENTFD
Sasha Levin [Sat, 28 May 2011 11:12:30 +0000 (14:12 +0300)]
KVM: Document KVM_IOEVENTFD

Document KVM_IOEVENTFD that can be used to receive
notifications of PIO/MMIO events without triggering
an exit.

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Documentation
Nadav Har'El [Wed, 25 May 2011 20:17:11 +0000 (23:17 +0300)]
KVM: nVMX: Documentation

This patch includes a brief introduction to the nested vmx feature in the
Documentation/kvm directory. The document also includes a copy of the
vmcs12 structure, as requested by Avi Kivity.

[marcelo: move to Documentation/virtual/kvm]

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Miscellenous small corrections
Nadav Har'El [Wed, 25 May 2011 20:16:40 +0000 (23:16 +0300)]
KVM: nVMX: Miscellenous small corrections

Small corrections of KVM (spelling, etc.) not directly related to nested VMX.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Add VMX to list of supported cpuid features
Nadav Har'El [Wed, 25 May 2011 20:16:10 +0000 (23:16 +0300)]
KVM: nVMX: Add VMX to list of supported cpuid features

If the "nested" module option is enabled, add the "VMX" CPU feature to the
list of CPU features KVM advertises with the KVM_GET_SUPPORTED_CPUID ioctl.

Qemu uses this ioctl, and intersects KVM's list with its own list of desired
cpu features (depending on the -cpu option given to qemu) to determine the
final list of features presented to the guest.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Additional TSC-offset handling
Nadav Har'El [Wed, 25 May 2011 20:15:39 +0000 (23:15 +0300)]
KVM: nVMX: Additional TSC-offset handling

In the unlikely case that L1 does not capture MSR_IA32_TSC, L0 needs to
emulate this MSR write by L2 by modifying vmcs02.tsc_offset. We also need to
set vmcs12.tsc_offset, for this change to survive the next nested entry (see
prepare_vmcs02()).
Additionally, we also need to modify vmx_adjust_tsc_offset: The semantics
of this function is that the TSC of all guests on this vcpu, L1 and possibly
several L2s, need to be adjusted. To do this, we need to adjust vmcs01's
tsc_offset (this offset will also apply to each L2s we enter). We can't set
vmcs01 now, so we have to remember this adjustment and apply it when we
later exit to L1.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Further fixes for lazy FPU loading
Nadav Har'El [Wed, 25 May 2011 20:15:08 +0000 (23:15 +0300)]
KVM: nVMX: Further fixes for lazy FPU loading

KVM's "Lazy FPU loading" means that sometimes L0 needs to set CR0.TS, even
if a guest didn't set it. Moreover, L0 must also trap CR0.TS changes and
NM exceptions, even if we have a guest hypervisor (L1) who didn't want these
traps. And of course, conversely: If L1 wanted to trap these events, we
must let it, even if L0 is not interested in them.

This patch fixes some existing KVM code (in update_exception_bitmap(),
vmx_fpu_activate(), vmx_fpu_deactivate()) to do the correct merging of L0's
and L1's needs. Note that handle_cr() was already fixed in the above patch,
and that new code in introduced in previous patches already handles CR0
correctly (see prepare_vmcs02(), prepare_vmcs12(), and nested_vmx_vmexit()).

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Handling of CR0 and CR4 modifying instructions
Nadav Har'El [Wed, 25 May 2011 20:14:38 +0000 (23:14 +0300)]
KVM: nVMX: Handling of CR0 and CR4 modifying instructions

When L2 tries to modify CR0 or CR4 (with mov or clts), and modifies a bit
which L1 asked to shadow (via CR[04]_GUEST_HOST_MASK), we already do the right
thing: we let L1 handle the trap (see nested_vmx_exit_handled_cr() in a
previous patch).
When L2 modifies bits that L1 doesn't care about, we let it think (via
CR[04]_READ_SHADOW) that it did these modifications, while only changing
(in GUEST_CR[04]) the bits that L0 doesn't shadow.

This is needed for corect handling of CR0.TS for lazy FPU loading: L0 may
want to leave TS on, while pretending to allow the guest to change it.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Correct handling of idt vectoring info
Nadav Har'El [Wed, 25 May 2011 20:14:07 +0000 (23:14 +0300)]
KVM: nVMX: Correct handling of idt vectoring info

This patch adds correct handling of IDT_VECTORING_INFO_FIELD for the nested
case.

When a guest exits while delivering an interrupt or exception, we get this
information in IDT_VECTORING_INFO_FIELD in the VMCS. When L2 exits to L1,
there's nothing we need to do, because L1 will see this field in vmcs12, and
handle it itself. However, when L2 exits and L0 handles the exit itself and
plans to return to L2, L0 must inject this event to L2.

In the normal non-nested case, the idt_vectoring_info case is discovered after
the exit, and the decision to inject (though not the injection itself) is made
at that point. However, in the nested case a decision of whether to return
to L2 or L1 also happens during the injection phase (see the previous
patches), so in the nested case we can only decide what to do about the
idt_vectoring_info right after the injection, i.e., in the beginning of
vmx_vcpu_run, which is the first time we know for sure if we're staying in
L2.

Therefore, when we exit L2 (is_guest_mode(vcpu)), we disable the regular
vmx_complete_interrupts() code which queues the idt_vectoring_info for
injection on next entry - because such injection would not be appropriate
if we will decide to exit to L1. Rather, we just save the idt_vectoring_info
and related fields in vmcs12 (which is a convenient place to save these
fields). On the next entry in vmx_vcpu_run (*after* the injection phase,
potentially exiting to L1 to inject an event requested by user space), if
we find ourselves in L1 we don't need to do anything with those values
we saved (as explained above). But if we find that we're in L2, or rather
*still* at L2 (it's not nested_run_pending, meaning that this is the first
round of L2 running after L1 having just launched it), we need to inject
the event saved in those fields - by writing the appropriate VMCS fields.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Correct handling of exception injection
Nadav Har'El [Wed, 25 May 2011 20:13:36 +0000 (23:13 +0300)]
KVM: nVMX: Correct handling of exception injection

Similar to the previous patch, but concerning injection of exceptions rather
than external interrupts.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Correct handling of interrupt injection
Nadav Har'El [Wed, 25 May 2011 20:13:06 +0000 (23:13 +0300)]
KVM: nVMX: Correct handling of interrupt injection

The code in this patch correctly emulates external-interrupt injection
while a nested guest L2 is running.

Because of this code's relative un-obviousness, I include here a longer-than-
usual justification for what it does - much longer than the code itself ;-)

To understand how to correctly emulate interrupt injection while L2 is
running, let's look first at what we need to emulate: How would things look
like if the extra L0 hypervisor layer is removed, and instead of L0 injecting
an interrupt, we had hardware delivering an interrupt?

Now we have L1 running on bare metal with a guest L2, and the hardware
generates an interrupt. Assuming that L1 set PIN_BASED_EXT_INTR_MASK to 1, and
VM_EXIT_ACK_INTR_ON_EXIT to 0 (we'll revisit these assumptions below), what
happens now is this: The processor exits from L2 to L1, with an external-
interrupt exit reason but without an interrupt vector. L1 runs, with
interrupts disabled, and it doesn't yet know what the interrupt was. Soon
after, it enables interrupts and only at that moment, it gets the interrupt
from the processor. when L1 is KVM, Linux handles this interrupt.

Now we need exactly the same thing to happen when that L1->L2 system runs
on top of L0, instead of real hardware. This is how we do this:

When L0 wants to inject an interrupt, it needs to exit from L2 to L1, with
external-interrupt exit reason (with an invalid interrupt vector), and run L1.
Just like in the bare metal case, it likely can't deliver the interrupt to
L1 now because L1 is running with interrupts disabled, in which case it turns
on the interrupt window when running L1 after the exit. L1 will soon enable
interrupts, and at that point L0 will gain control again and inject the
interrupt to L1.

Finally, there is an extra complication in the code: when nested_run_pending,
we cannot return to L1 now, and must launch L2. We need to remember the
interrupt we wanted to inject (and not clear it now), and do it on the
next exit.

The above explanation shows that the relative strangeness of the nested
interrupt injection code in this patch, and the extra interrupt-window
exit incurred, are in fact necessary for accurate emulation, and are not
just an unoptimized implementation.

Let's revisit now the two assumptions made above:

If L1 turns off PIN_BASED_EXT_INTR_MASK (no hypervisor that I know
does, by the way), things are simple: L0 may inject the interrupt directly
to the L2 guest - using the normal code path that injects to any guest.
We support this case in the code below.

If L1 turns on VM_EXIT_ACK_INTR_ON_EXIT, things look very different from the
description above: L1 expects to see an exit from L2 with the interrupt vector
already filled in the exit information, and does not expect to be interrupted
again with this interrupt. The current code does not (yet) support this case,
so we do not allow the VM_EXIT_ACK_INTR_ON_EXIT exit-control to be turned on
by L1.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Deciding if L0 or L1 should handle an L2 exit
Nadav Har'El [Wed, 25 May 2011 20:12:35 +0000 (23:12 +0300)]
KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit

This patch contains the logic of whether an L2 exit should be handled by L0
and then L2 should be resumed, or whether L1 should be run to handle this
exit (using the nested_vmx_vmexit() function of the previous patch).

The basic idea is to let L1 handle the exit only if it actually asked to
trap this sort of event. For example, when L2 exits on a change to CR0,
we check L1's CR0_GUEST_HOST_MASK to see if L1 expressed interest in any
bit which changed; If it did, we exit to L1. But if it didn't it means that
it is we (L0) that wished to trap this event, so we handle it ourselves.

The next two patches add additional logic of what to do when an interrupt or
exception is injected: Does L0 need to do it, should we exit to L1 to do it,
or should we resume L2 and keep the exception to be injected later.

We keep a new flag, "nested_run_pending", which can override the decision of
which should run next, L1 or L2. nested_run_pending=1 means that we *must* run
L2 next, not L1. This is necessary in particular when L1 did a VMLAUNCH of L2
and therefore expects L2 to be run (and perhaps be injected with an event it
specified, etc.). Nested_run_pending is especially intended to avoid switching
to L1 in the injection decision-point described above.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: vmcs12 checks on nested entry
Nadav Har'El [Wed, 25 May 2011 20:12:04 +0000 (23:12 +0300)]
KVM: nVMX: vmcs12 checks on nested entry

This patch adds a bunch of tests of the validity of the vmcs12 fields,
according to what the VMX spec and our implementation allows. If fields
we cannot (or don't want to) honor are discovered, an entry failure is
emulated.

According to the spec, there are two types of entry failures: If the problem
was in vmcs12's host state or control fields, the VMLAUNCH instruction simply
fails. But a problem is found in the guest state, the behavior is more
similar to that of an exit.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Exiting from L2 to L1
Nadav Har'El [Wed, 25 May 2011 20:11:34 +0000 (23:11 +0300)]
KVM: nVMX: Exiting from L2 to L1

This patch implements nested_vmx_vmexit(), called when the nested L2 guest
exits and we want to run its L1 parent and let it handle this exit.

Note that this will not necessarily be called on every L2 exit. L0 may decide
to handle a particular exit on its own, without L1's involvement; In that
case, L0 will handle the exit, and resume running L2, without running L1 and
without calling nested_vmx_vmexit(). The logic for deciding whether to handle
a particular exit in L1 or in L0, i.e., whether to call nested_vmx_vmexit(),
will appear in a separate patch below.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: No need for handle_vmx_insn function any more
Nadav Har'El [Wed, 25 May 2011 20:11:03 +0000 (23:11 +0300)]
KVM: nVMX: No need for handle_vmx_insn function any more

Before nested VMX support, the exit handler for a guest executing a VMX
instruction (vmclear, vmlaunch, vmptrld, vmptrst, vmread, vmread, vmresume,
vmwrite, vmon, vmoff), was handle_vmx_insn(). This handler simply threw a #UD
exception. Now that all these exit reasons are properly handled (and emulate
the respective VMX instruction), nothing calls this dummy handler and it can
be removed.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement VMLAUNCH and VMRESUME
Nadav Har'El [Wed, 25 May 2011 20:10:33 +0000 (23:10 +0300)]
KVM: nVMX: Implement VMLAUNCH and VMRESUME

Implement the VMLAUNCH and VMRESUME instructions, allowing a guest
hypervisor to run its own guests.

This patch does not include some of the necessary validity checks on
vmcs12 fields before the entry. These will appear in a separate patch
below.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12
Nadav Har'El [Wed, 25 May 2011 20:10:02 +0000 (23:10 +0300)]
KVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12

This patch contains code to prepare the VMCS which can be used to actually
run the L2 guest, vmcs02. prepare_vmcs02 appropriately merges the information
in vmcs12 (the vmcs that L1 built for L2) and in vmcs01 (our desires for our
own guests).

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Move control field setup to functions
Nadav Har'El [Wed, 25 May 2011 20:09:31 +0000 (23:09 +0300)]
KVM: nVMX: Move control field setup to functions

Move some of the control field setup to common functions. These functions will
also be needed for running L2 guests - L0's desires (expressed in these
functions) will be appropriately merged with L1's desires.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Move host-state field setup to a function
Nadav Har'El [Wed, 25 May 2011 20:09:01 +0000 (23:09 +0300)]
KVM: nVMX: Move host-state field setup to a function

Move the setting of constant host-state fields (fields that do not change
throughout the life of the guest) from vmx_vcpu_setup to a new common function
vmx_set_constant_host_state(). This function will also be used to set the
host state when running L2 guests.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement VMREAD and VMWRITE
Nadav Har'El [Wed, 25 May 2011 20:08:30 +0000 (23:08 +0300)]
KVM: nVMX: Implement VMREAD and VMWRITE

Implement the VMREAD and VMWRITE instructions. With these instructions, L1
can read and write to the VMCS it is holding. The values are read or written
to the fields of the vmcs12 structure introduced in a previous patch.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement VMPTRST
Nadav Har'El [Wed, 25 May 2011 20:08:00 +0000 (23:08 +0300)]
KVM: nVMX: Implement VMPTRST

This patch implements the VMPTRST instruction.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement VMPTRLD
Nadav Har'El [Wed, 25 May 2011 20:07:29 +0000 (23:07 +0300)]
KVM: nVMX: Implement VMPTRLD

This patch implements the VMPTRLD instruction.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement VMCLEAR
Nadav Har'El [Wed, 25 May 2011 20:06:59 +0000 (23:06 +0300)]
KVM: nVMX: Implement VMCLEAR

This patch implements the VMCLEAR instruction.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Success/failure of VMX instructions.
Nadav Har'El [Wed, 25 May 2011 20:06:28 +0000 (23:06 +0300)]
KVM: nVMX: Success/failure of VMX instructions.

VMX instructions specify success or failure by setting certain RFLAGS bits.
This patch contains common functions to do this, and they will be used in
the following patches which emulate the various VMX instructions.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Add VMCS fields to the vmcs12
Nadav Har'El [Wed, 25 May 2011 20:05:57 +0000 (23:05 +0300)]
KVM: nVMX: Add VMCS fields to the vmcs12

In this patch we add to vmcs12 (the VMCS that L1 keeps for L2) all the
standard VMCS fields.

Later patches will enable L1 to read and write these fields using VMREAD/
VMWRITE, and they will be used during a VMLAUNCH/VMRESUME in preparing vmcs02,
a hardware VMCS for running L2.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Introduce vmcs02: VMCS used to run L2
Nadav Har'El [Wed, 25 May 2011 20:05:27 +0000 (23:05 +0300)]
KVM: nVMX: Introduce vmcs02: VMCS used to run L2

We saw in a previous patch that L1 controls its L2 guest with a vcms12.
L0 needs to create a real VMCS for running L2. We call that "vmcs02".
A later patch will contain the code, prepare_vmcs02(), for filling the vmcs02
fields. This patch only contains code for allocating vmcs02.

In this version, prepare_vmcs02() sets *all* of vmcs02's fields each time we
enter from L1 to L2, so keeping just one vmcs02 for the vcpu is enough: It can
be reused even when L1 runs multiple L2 guests. However, in future versions
we'll probably want to add an optimization where vmcs02 fields that rarely
change will not be set each time. For that, we may want to keep around several
vmcs02s of L2 guests that have recently run, so that potentially we could run
these L2s again more quickly because less vmwrites to vmcs02 will be needed.

This patch adds to each vcpu a vmcs02 pool, vmx->nested.vmcs02_pool,
which remembers the vmcs02s last used to run up to VMCS02_POOL_SIZE L2s.
As explained above, in the current version we choose VMCS02_POOL_SIZE=1,
I.e., one vmcs02 is allocated (and loaded onto the processor), and it is
reused to enter any L2 guest. In the future, when prepare_vmcs02() is
optimized not to set all fields every time, VMCS02_POOL_SIZE should be
increased.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Decoding memory operands of VMX instructions
Nadav Har'El [Wed, 25 May 2011 20:04:56 +0000 (23:04 +0300)]
KVM: nVMX: Decoding memory operands of VMX instructions

This patch includes a utility function for decoding pointer operands of VMX
instructions issued by L1 (a guest hypervisor)

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement reading and writing of VMX MSRs
Nadav Har'El [Wed, 25 May 2011 20:04:25 +0000 (23:04 +0300)]
KVM: nVMX: Implement reading and writing of VMX MSRs

When the guest can use VMX instructions (when the "nested" module option is
on), it should also be able to read and write VMX MSRs, e.g., to query about
VMX capabilities. This patch adds this support.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Introduce vmcs12: a VMCS structure for L1
Nadav Har'El [Wed, 25 May 2011 20:03:55 +0000 (23:03 +0300)]
KVM: nVMX: Introduce vmcs12: a VMCS structure for L1

An implementation of VMX needs to define a VMCS structure. This structure
is kept in guest memory, but is opaque to the guest (who can only read or
write it with VMX instructions).

This patch starts to define the VMCS structure which our nested VMX
implementation will present to L1. We call it "vmcs12", as it is the VMCS
that L1 keeps for its L2 guest. We will add more content to this structure
in later patches.

This patch also adds the notion (as required by the VMX spec) of L1's "current
VMCS", and finally includes utility functions for mapping the guest-allocated
VMCSs in host memory.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Allow setting the VMXE bit in CR4
Nadav Har'El [Wed, 25 May 2011 20:03:24 +0000 (23:03 +0300)]
KVM: nVMX: Allow setting the VMXE bit in CR4

This patch allows the guest to enable the VMXE bit in CR4, which is a
prerequisite to running VMXON.

Whether to allow setting the VMXE bit now depends on the architecture (svm
or vmx), so its checking has moved to kvm_x86_ops->set_cr4(). This function
now returns an int: If kvm_x86_ops->set_cr4() returns 1, __kvm_set_cr4()
will also return 1, and this will cause kvm_set_cr4() will throw a #GP.

Turning on the VMXE bit is allowed only when the nested VMX feature is
enabled, and turning it off is forbidden after a vmxon.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Implement VMXON and VMXOFF
Nadav Har'El [Wed, 25 May 2011 20:02:54 +0000 (23:02 +0300)]
KVM: nVMX: Implement VMXON and VMXOFF

This patch allows a guest to use the VMXON and VMXOFF instructions, and
emulates them accordingly. Basically this amounts to checking some
prerequisites, and then remembering whether the guest has enabled or disabled
VMX operation.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: nVMX: Add "nested" module option to kvm_intel
Nadav Har'El [Wed, 25 May 2011 20:02:23 +0000 (23:02 +0300)]
KVM: nVMX: Add "nested" module option to kvm_intel

This patch adds to kvm_intel a module option "nested". This option controls
whether the guest can use VMX instructions, i.e., whether we allow nested
virtualization. A similar, but separate, option already exists for the
SVM module.

This option currently defaults to 0, meaning that nested VMX must be
explicitly enabled by giving nested=1. When nested VMX matures, the default
should probably be changed to enable nested VMX by default - just like
nested SVM is currently enabled by default.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: x86 emulator: Avoid clearing the whole decode_cache
Takuya Yoshikawa [Wed, 25 May 2011 02:09:38 +0000 (11:09 +0900)]
KVM: x86 emulator: Avoid clearing the whole decode_cache

During tracing the emulator, we noticed that init_emulate_ctxt()
sometimes took a bit longer time than we expected.

This patch is for mitigating the problem by some degree.

By looking into the function, we soon notice that it clears the whole
decode_cache whose size is about 2.5K bytes now.  Furthermore, most of
the bytes are taken for the two read_cache arrays, which are used only
by a few instructions.

Considering the fact that we are not assuming the cache arrays have
been cleared when we store actual data, we do not need to clear the
arrays: 2K bytes elimination.  In addition, we can avoid clearing the
fetch_cache and regs arrays.

This patch changes the initialization not to clear the arrays.

On our 64-bit host, init_emulate_ctxt() becomes 0.3 to 0.5us faster with
this patch applied.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: x86 emulator: Clean up init_emulate_ctxt()
Takuya Yoshikawa [Wed, 25 May 2011 02:06:16 +0000 (11:06 +0900)]
KVM: x86 emulator: Clean up init_emulate_ctxt()

Use a local pointer to the emulate_ctxt for simplicity.  Then, arrange
the hard-to-read mode selection lines neatly.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Clean up error handling during VCPU creation
Jan Kiszka [Mon, 23 May 2011 08:33:05 +0000 (10:33 +0200)]
KVM: Clean up error handling during VCPU creation

So far kvm_arch_vcpu_setup is responsible for freeing the vcpu struct if
it fails. Move this confusing resonsibility back into the hands of
kvm_vm_ioctl_create_vcpu. Only kvm_arch_vcpu_setup of x86 is affected,
all other archs cannot fail.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: VMX: Keep list of loaded VMCSs, instead of vcpus
Nadav Har'El [Tue, 24 May 2011 12:26:10 +0000 (15:26 +0300)]
KVM: VMX: Keep list of loaded VMCSs, instead of vcpus

In VMX, before we bring down a CPU we must VMCLEAR all VMCSs loaded on it
because (at least in theory) the processor might not have written all of its
content back to memory. Since a patch from June 26, 2008, this is done using
a per-cpu "vcpus_on_cpu" linked list of vcpus loaded on each CPU.

The problem is that with nested VMX, we no longer have the concept of a
vcpu being loaded on a cpu: A vcpu has multiple VMCSs (one for L1, a pool for
L2s), and each of those may be have been last loaded on a different cpu.

So instead of linking the vcpus, we link the VMCSs, using a new structure
loaded_vmcs. This structure contains the VMCS, and the information pertaining
to its loading on a specific cpu (namely, the cpu number, and whether it
was already launched on this cpu once). In nested we will also use the same
structure to hold L2 VMCSs, and vmx->loaded_vmcs is a pointer to the
currently active VMCS.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Acked-by: Acked-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
13 years agoKVM: Sanitize cpuid
Avi Kivity [Wed, 18 May 2011 09:56:07 +0000 (05:56 -0400)]
KVM: Sanitize cpuid

Instead of blacklisting known-unsupported cpuid leaves, whitelist known-
supported leaves.  This is more conservative and prevents us from reporting
features we don't support.  Also whitelist a few more leaves while at it.

Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: cleanup for dropping parent pte
Xiao Guangrong [Sun, 15 May 2011 15:28:29 +0000 (23:28 +0800)]
KVM: MMU: cleanup for dropping parent pte

Introduce drop_parent_pte to remove the rmap of parent pte and
clear parent pte

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: cleanup for kvm_mmu_page_unlink_children
Xiao Guangrong [Sun, 15 May 2011 15:27:52 +0000 (23:27 +0800)]
KVM: MMU: cleanup for kvm_mmu_page_unlink_children

Cleanup the same operation between kvm_mmu_page_unlink_children and
mmu_pte_write_zap_pte

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: remove the arithmetic of parent pte rmap
Xiao Guangrong [Sun, 15 May 2011 15:27:08 +0000 (23:27 +0800)]
KVM: MMU: remove the arithmetic of parent pte rmap

Parent pte rmap and page rmap are very similar, so use the same arithmetic
for them

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: abstract the operation of rmap
Xiao Guangrong [Sun, 15 May 2011 15:26:20 +0000 (23:26 +0800)]
KVM: MMU: abstract the operation of rmap

Abstract the operation of rmap to spte_list, then we can use it for the
reverse mapping of parent pte in the later patch

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: fix uninitialized warning
Xiao Guangrong [Sun, 15 May 2011 15:25:10 +0000 (23:25 +0800)]
KVM: fix uninitialized warning

Fix:

 warning: ‘cs_sel’ may be used uninitialized in this function
 warning: ‘ss_sel’ may be used uninitialized in this function

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: use __copy_to_user/__clear_user to write guest page
Xiao Guangrong [Sun, 15 May 2011 15:22:04 +0000 (23:22 +0800)]
KVM: use __copy_to_user/__clear_user to write guest page

Simply use __copy_to_user/__clear_user to write guest page since we have
already verified the user address when the memslot is set

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: MMU: optimize pte write path if don't have protected sp
Xiao Guangrong [Sun, 15 May 2011 15:20:27 +0000 (23:20 +0800)]
KVM: MMU: optimize pte write path if don't have protected sp

Simply return from kvm_mmu_pte_write path if no shadow page is
write-protected, then we can avoid to walk all shadow pages and hold
mmu-lock

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoKVM: VMX: always_inline VMREADs
Avi Kivity [Sun, 15 May 2011 14:13:13 +0000 (10:13 -0400)]
KVM: VMX: always_inline VMREADs

vmcs_readl() and friends are really short, but gcc thinks they are long because of
the out-of-line exception handlers.  Mark them always_inline to clear the
misunderstanding.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>