kvm.h 24 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049
  1. /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
  2. #ifndef _ASM_X86_KVM_H
  3. #define _ASM_X86_KVM_H
  4. /*
  5. * KVM x86 specific structures and definitions
  6. *
  7. */
  8. #include <linux/const.h>
  9. #include <linux/bits.h>
  10. #include <linux/types.h>
  11. #include <linux/ioctl.h>
  12. #include <linux/stddef.h>
  13. #define KVM_PIO_PAGE_OFFSET 1
  14. #define KVM_COALESCED_MMIO_PAGE_OFFSET 2
  15. #define KVM_DIRTY_LOG_PAGE_OFFSET 64
  16. #define DE_VECTOR 0
  17. #define DB_VECTOR 1
  18. #define BP_VECTOR 3
  19. #define OF_VECTOR 4
  20. #define BR_VECTOR 5
  21. #define UD_VECTOR 6
  22. #define NM_VECTOR 7
  23. #define DF_VECTOR 8
  24. #define TS_VECTOR 10
  25. #define NP_VECTOR 11
  26. #define SS_VECTOR 12
  27. #define GP_VECTOR 13
  28. #define PF_VECTOR 14
  29. #define MF_VECTOR 16
  30. #define AC_VECTOR 17
  31. #define MC_VECTOR 18
  32. #define XM_VECTOR 19
  33. #define VE_VECTOR 20
  34. #define CP_VECTOR 21
  35. #define HV_VECTOR 28
  36. #define VC_VECTOR 29
  37. #define SX_VECTOR 30
  38. /* Select x86 specific features in <linux/kvm.h> */
  39. #define __KVM_HAVE_PIT
  40. #define __KVM_HAVE_IOAPIC
  41. #define __KVM_HAVE_IRQ_LINE
  42. #define __KVM_HAVE_MSI
  43. #define __KVM_HAVE_USER_NMI
  44. #define __KVM_HAVE_MSIX
  45. #define __KVM_HAVE_MCE
  46. #define __KVM_HAVE_PIT_STATE2
  47. #define __KVM_HAVE_XEN_HVM
  48. #define __KVM_HAVE_VCPU_EVENTS
  49. #define __KVM_HAVE_DEBUGREGS
  50. #define __KVM_HAVE_XSAVE
  51. #define __KVM_HAVE_XCRS
  52. /* Architectural interrupt line count. */
  53. #define KVM_NR_INTERRUPTS 256
  54. /* for KVM_GET_IRQCHIP and KVM_SET_IRQCHIP */
  55. struct kvm_pic_state {
  56. __u8 last_irr; /* edge detection */
  57. __u8 irr; /* interrupt request register */
  58. __u8 imr; /* interrupt mask register */
  59. __u8 isr; /* interrupt service register */
  60. __u8 priority_add; /* highest irq priority */
  61. __u8 irq_base;
  62. __u8 read_reg_select;
  63. __u8 poll;
  64. __u8 special_mask;
  65. __u8 init_state;
  66. __u8 auto_eoi;
  67. __u8 rotate_on_auto_eoi;
  68. __u8 special_fully_nested_mode;
  69. __u8 init4; /* true if 4 byte init */
  70. __u8 elcr; /* PIIX edge/trigger selection */
  71. __u8 elcr_mask;
  72. };
  73. #define KVM_IOAPIC_NUM_PINS 24
  74. struct kvm_ioapic_state {
  75. __u64 base_address;
  76. __u32 ioregsel;
  77. __u32 id;
  78. __u32 irr;
  79. __u32 pad;
  80. union {
  81. __u64 bits;
  82. struct {
  83. __u8 vector;
  84. __u8 delivery_mode:3;
  85. __u8 dest_mode:1;
  86. __u8 delivery_status:1;
  87. __u8 polarity:1;
  88. __u8 remote_irr:1;
  89. __u8 trig_mode:1;
  90. __u8 mask:1;
  91. __u8 reserve:7;
  92. __u8 reserved[4];
  93. __u8 dest_id;
  94. } fields;
  95. } redirtbl[KVM_IOAPIC_NUM_PINS];
  96. };
  97. #define KVM_IRQCHIP_PIC_MASTER 0
  98. #define KVM_IRQCHIP_PIC_SLAVE 1
  99. #define KVM_IRQCHIP_IOAPIC 2
  100. #define KVM_NR_IRQCHIPS 3
  101. #define KVM_RUN_X86_SMM (1 << 0)
  102. #define KVM_RUN_X86_BUS_LOCK (1 << 1)
  103. #define KVM_RUN_X86_GUEST_MODE (1 << 2)
  104. /* for KVM_GET_REGS and KVM_SET_REGS */
  105. struct kvm_regs {
  106. /* out (KVM_GET_REGS) / in (KVM_SET_REGS) */
  107. __u64 rax, rbx, rcx, rdx;
  108. __u64 rsi, rdi, rsp, rbp;
  109. __u64 r8, r9, r10, r11;
  110. __u64 r12, r13, r14, r15;
  111. __u64 rip, rflags;
  112. };
  113. /* for KVM_GET_LAPIC and KVM_SET_LAPIC */
  114. #define KVM_APIC_REG_SIZE 0x400
  115. struct kvm_lapic_state {
  116. char regs[KVM_APIC_REG_SIZE];
  117. };
  118. struct kvm_segment {
  119. __u64 base;
  120. __u32 limit;
  121. __u16 selector;
  122. __u8 type;
  123. __u8 present, dpl, db, s, l, g, avl;
  124. __u8 unusable;
  125. __u8 padding;
  126. };
  127. struct kvm_dtable {
  128. __u64 base;
  129. __u16 limit;
  130. __u16 padding[3];
  131. };
  132. /* for KVM_GET_SREGS and KVM_SET_SREGS */
  133. struct kvm_sregs {
  134. /* out (KVM_GET_SREGS) / in (KVM_SET_SREGS) */
  135. struct kvm_segment cs, ds, es, fs, gs, ss;
  136. struct kvm_segment tr, ldt;
  137. struct kvm_dtable gdt, idt;
  138. __u64 cr0, cr2, cr3, cr4, cr8;
  139. __u64 efer;
  140. __u64 apic_base;
  141. __u64 interrupt_bitmap[(KVM_NR_INTERRUPTS + 63) / 64];
  142. };
  143. struct kvm_sregs2 {
  144. /* out (KVM_GET_SREGS2) / in (KVM_SET_SREGS2) */
  145. struct kvm_segment cs, ds, es, fs, gs, ss;
  146. struct kvm_segment tr, ldt;
  147. struct kvm_dtable gdt, idt;
  148. __u64 cr0, cr2, cr3, cr4, cr8;
  149. __u64 efer;
  150. __u64 apic_base;
  151. __u64 flags;
  152. __u64 pdptrs[4];
  153. };
  154. #define KVM_SREGS2_FLAGS_PDPTRS_VALID 1
  155. /* for KVM_GET_FPU and KVM_SET_FPU */
  156. struct kvm_fpu {
  157. __u8 fpr[8][16];
  158. __u16 fcw;
  159. __u16 fsw;
  160. __u8 ftwx; /* in fxsave format */
  161. __u8 pad1;
  162. __u16 last_opcode;
  163. __u64 last_ip;
  164. __u64 last_dp;
  165. __u8 xmm[16][16];
  166. __u32 mxcsr;
  167. __u32 pad2;
  168. };
  169. struct kvm_msr_entry {
  170. __u32 index;
  171. __u32 reserved;
  172. __u64 data;
  173. };
  174. /* for KVM_GET_MSRS and KVM_SET_MSRS */
  175. struct kvm_msrs {
  176. __u32 nmsrs; /* number of msrs in entries */
  177. __u32 pad;
  178. __DECLARE_FLEX_ARRAY(struct kvm_msr_entry, entries);
  179. };
  180. /* for KVM_GET_MSR_INDEX_LIST */
  181. struct kvm_msr_list {
  182. __u32 nmsrs; /* number of msrs in entries */
  183. __DECLARE_FLEX_ARRAY(__u32, indices);
  184. };
  185. /* Maximum size of any access bitmap in bytes */
  186. #define KVM_MSR_FILTER_MAX_BITMAP_SIZE 0x600
  187. /* for KVM_X86_SET_MSR_FILTER */
  188. struct kvm_msr_filter_range {
  189. #define KVM_MSR_FILTER_READ (1 << 0)
  190. #define KVM_MSR_FILTER_WRITE (1 << 1)
  191. #define KVM_MSR_FILTER_RANGE_VALID_MASK (KVM_MSR_FILTER_READ | \
  192. KVM_MSR_FILTER_WRITE)
  193. __u32 flags;
  194. __u32 nmsrs; /* number of msrs in bitmap */
  195. __u32 base; /* MSR index the bitmap starts at */
  196. __u8 *bitmap; /* a 1 bit allows the operations in flags, 0 denies */
  197. };
  198. #define KVM_MSR_FILTER_MAX_RANGES 16
  199. struct kvm_msr_filter {
  200. #define KVM_MSR_FILTER_DEFAULT_ALLOW (0 << 0)
  201. #define KVM_MSR_FILTER_DEFAULT_DENY (1 << 0)
  202. #define KVM_MSR_FILTER_VALID_MASK (KVM_MSR_FILTER_DEFAULT_DENY)
  203. __u32 flags;
  204. struct kvm_msr_filter_range ranges[KVM_MSR_FILTER_MAX_RANGES];
  205. };
  206. struct kvm_cpuid_entry {
  207. __u32 function;
  208. __u32 eax;
  209. __u32 ebx;
  210. __u32 ecx;
  211. __u32 edx;
  212. __u32 padding;
  213. };
  214. /* for KVM_SET_CPUID */
  215. struct kvm_cpuid {
  216. __u32 nent;
  217. __u32 padding;
  218. __DECLARE_FLEX_ARRAY(struct kvm_cpuid_entry, entries);
  219. };
  220. struct kvm_cpuid_entry2 {
  221. __u32 function;
  222. __u32 index;
  223. __u32 flags;
  224. __u32 eax;
  225. __u32 ebx;
  226. __u32 ecx;
  227. __u32 edx;
  228. __u32 padding[3];
  229. };
  230. #define KVM_CPUID_FLAG_SIGNIFCANT_INDEX (1 << 0)
  231. #define KVM_CPUID_FLAG_STATEFUL_FUNC (1 << 1)
  232. #define KVM_CPUID_FLAG_STATE_READ_NEXT (1 << 2)
  233. /* for KVM_SET_CPUID2 */
  234. struct kvm_cpuid2 {
  235. __u32 nent;
  236. __u32 padding;
  237. __DECLARE_FLEX_ARRAY(struct kvm_cpuid_entry2, entries);
  238. };
  239. /* for KVM_GET_PIT and KVM_SET_PIT */
  240. struct kvm_pit_channel_state {
  241. __u32 count; /* can be 65536 */
  242. __u16 latched_count;
  243. __u8 count_latched;
  244. __u8 status_latched;
  245. __u8 status;
  246. __u8 read_state;
  247. __u8 write_state;
  248. __u8 write_latch;
  249. __u8 rw_mode;
  250. __u8 mode;
  251. __u8 bcd;
  252. __u8 gate;
  253. __s64 count_load_time;
  254. };
  255. struct kvm_debug_exit_arch {
  256. __u32 exception;
  257. __u32 pad;
  258. __u64 pc;
  259. __u64 dr6;
  260. __u64 dr7;
  261. };
  262. #define KVM_GUESTDBG_USE_SW_BP 0x00010000
  263. #define KVM_GUESTDBG_USE_HW_BP 0x00020000
  264. #define KVM_GUESTDBG_INJECT_DB 0x00040000
  265. #define KVM_GUESTDBG_INJECT_BP 0x00080000
  266. #define KVM_GUESTDBG_BLOCKIRQ 0x00100000
  267. /* for KVM_SET_GUEST_DEBUG */
  268. struct kvm_guest_debug_arch {
  269. __u64 debugreg[8];
  270. };
  271. struct kvm_pit_state {
  272. struct kvm_pit_channel_state channels[3];
  273. };
  274. #define KVM_PIT_FLAGS_HPET_LEGACY 0x00000001
  275. #define KVM_PIT_FLAGS_SPEAKER_DATA_ON 0x00000002
  276. struct kvm_pit_state2 {
  277. struct kvm_pit_channel_state channels[3];
  278. __u32 flags;
  279. __u32 reserved[9];
  280. };
  281. struct kvm_reinject_control {
  282. __u8 pit_reinject;
  283. __u8 reserved[31];
  284. };
  285. /* When set in flags, include corresponding fields on KVM_SET_VCPU_EVENTS */
  286. #define KVM_VCPUEVENT_VALID_NMI_PENDING 0x00000001
  287. #define KVM_VCPUEVENT_VALID_SIPI_VECTOR 0x00000002
  288. #define KVM_VCPUEVENT_VALID_SHADOW 0x00000004
  289. #define KVM_VCPUEVENT_VALID_SMM 0x00000008
  290. #define KVM_VCPUEVENT_VALID_PAYLOAD 0x00000010
  291. #define KVM_VCPUEVENT_VALID_TRIPLE_FAULT 0x00000020
  292. /* Interrupt shadow states */
  293. #define KVM_X86_SHADOW_INT_MOV_SS 0x01
  294. #define KVM_X86_SHADOW_INT_STI 0x02
  295. /* for KVM_GET/SET_VCPU_EVENTS */
  296. struct kvm_vcpu_events {
  297. struct {
  298. __u8 injected;
  299. __u8 nr;
  300. __u8 has_error_code;
  301. __u8 pending;
  302. __u32 error_code;
  303. } exception;
  304. struct {
  305. __u8 injected;
  306. __u8 nr;
  307. __u8 soft;
  308. __u8 shadow;
  309. } interrupt;
  310. struct {
  311. __u8 injected;
  312. __u8 pending;
  313. __u8 masked;
  314. __u8 pad;
  315. } nmi;
  316. __u32 sipi_vector;
  317. __u32 flags;
  318. struct {
  319. __u8 smm;
  320. __u8 pending;
  321. __u8 smm_inside_nmi;
  322. __u8 latched_init;
  323. } smi;
  324. struct {
  325. __u8 pending;
  326. } triple_fault;
  327. __u8 reserved[26];
  328. __u8 exception_has_payload;
  329. __u64 exception_payload;
  330. };
  331. /* for KVM_GET/SET_DEBUGREGS */
  332. struct kvm_debugregs {
  333. __u64 db[4];
  334. __u64 dr6;
  335. __u64 dr7;
  336. __u64 flags;
  337. __u64 reserved[9];
  338. };
  339. /* for KVM_CAP_XSAVE and KVM_CAP_XSAVE2 */
  340. struct kvm_xsave {
  341. /*
  342. * KVM_GET_XSAVE2 and KVM_SET_XSAVE write and read as many bytes
  343. * as are returned by KVM_CHECK_EXTENSION(KVM_CAP_XSAVE2)
  344. * respectively, when invoked on the vm file descriptor.
  345. *
  346. * The size value returned by KVM_CHECK_EXTENSION(KVM_CAP_XSAVE2)
  347. * will always be at least 4096. Currently, it is only greater
  348. * than 4096 if a dynamic feature has been enabled with
  349. * ``arch_prctl()``, but this may change in the future.
  350. *
  351. * The offsets of the state save areas in struct kvm_xsave follow
  352. * the contents of CPUID leaf 0xD on the host.
  353. */
  354. __u32 region[1024];
  355. __DECLARE_FLEX_ARRAY(__u32, extra);
  356. };
  357. #define KVM_MAX_XCRS 16
  358. struct kvm_xcr {
  359. __u32 xcr;
  360. __u32 reserved;
  361. __u64 value;
  362. };
  363. struct kvm_xcrs {
  364. __u32 nr_xcrs;
  365. __u32 flags;
  366. struct kvm_xcr xcrs[KVM_MAX_XCRS];
  367. __u64 padding[16];
  368. };
  369. #define KVM_X86_REG_TYPE_MSR 2
  370. #define KVM_X86_REG_TYPE_KVM 3
  371. #define KVM_X86_KVM_REG_SIZE(reg) \
  372. ({ \
  373. reg == KVM_REG_GUEST_SSP ? KVM_REG_SIZE_U64 : 0; \
  374. })
  375. #define KVM_X86_REG_TYPE_SIZE(type, reg) \
  376. ({ \
  377. __u64 type_size = (__u64)type << 32; \
  378. \
  379. type_size |= type == KVM_X86_REG_TYPE_MSR ? KVM_REG_SIZE_U64 : \
  380. type == KVM_X86_REG_TYPE_KVM ? KVM_X86_KVM_REG_SIZE(reg) : \
  381. 0; \
  382. type_size; \
  383. })
  384. #define KVM_X86_REG_ID(type, index) \
  385. (KVM_REG_X86 | KVM_X86_REG_TYPE_SIZE(type, index) | index)
  386. #define KVM_X86_REG_MSR(index) \
  387. KVM_X86_REG_ID(KVM_X86_REG_TYPE_MSR, index)
  388. #define KVM_X86_REG_KVM(index) \
  389. KVM_X86_REG_ID(KVM_X86_REG_TYPE_KVM, index)
  390. /* KVM-defined registers starting from 0 */
  391. #define KVM_REG_GUEST_SSP 0
  392. #define KVM_SYNC_X86_REGS (1UL << 0)
  393. #define KVM_SYNC_X86_SREGS (1UL << 1)
  394. #define KVM_SYNC_X86_EVENTS (1UL << 2)
  395. #define KVM_SYNC_X86_VALID_FIELDS \
  396. (KVM_SYNC_X86_REGS| \
  397. KVM_SYNC_X86_SREGS| \
  398. KVM_SYNC_X86_EVENTS)
  399. /* kvm_sync_regs struct included by kvm_run struct */
  400. struct kvm_sync_regs {
  401. /* Members of this structure are potentially malicious.
  402. * Care must be taken by code reading, esp. interpreting,
  403. * data fields from them inside KVM to prevent TOCTOU and
  404. * double-fetch types of vulnerabilities.
  405. */
  406. struct kvm_regs regs;
  407. struct kvm_sregs sregs;
  408. struct kvm_vcpu_events events;
  409. };
  410. #define KVM_X86_QUIRK_LINT0_REENABLED (1 << 0)
  411. #define KVM_X86_QUIRK_CD_NW_CLEARED (1 << 1)
  412. #define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2)
  413. #define KVM_X86_QUIRK_OUT_7E_INC_RIP (1 << 3)
  414. #define KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT (1 << 4)
  415. #define KVM_X86_QUIRK_FIX_HYPERCALL_INSN (1 << 5)
  416. #define KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS (1 << 6)
  417. #define KVM_X86_QUIRK_SLOT_ZAP_ALL (1 << 7)
  418. #define KVM_X86_QUIRK_STUFF_FEATURE_MSRS (1 << 8)
  419. #define KVM_X86_QUIRK_IGNORE_GUEST_PAT (1 << 9)
  420. #define KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM (1 << 10)
  421. #define KVM_STATE_NESTED_FORMAT_VMX 0
  422. #define KVM_STATE_NESTED_FORMAT_SVM 1
  423. #define KVM_STATE_NESTED_GUEST_MODE 0x00000001
  424. #define KVM_STATE_NESTED_RUN_PENDING 0x00000002
  425. #define KVM_STATE_NESTED_EVMCS 0x00000004
  426. #define KVM_STATE_NESTED_MTF_PENDING 0x00000008
  427. #define KVM_STATE_NESTED_GIF_SET 0x00000100
  428. #define KVM_STATE_NESTED_SMM_GUEST_MODE 0x00000001
  429. #define KVM_STATE_NESTED_SMM_VMXON 0x00000002
  430. #define KVM_STATE_NESTED_VMX_VMCS_SIZE 0x1000
  431. #define KVM_STATE_NESTED_SVM_VMCB_SIZE 0x1000
  432. #define KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE 0x00000001
  433. /* vendor-independent attributes for system fd (group 0) */
  434. #define KVM_X86_GRP_SYSTEM 0
  435. # define KVM_X86_XCOMP_GUEST_SUPP 0
  436. /* vendor-specific groups and attributes for system fd */
  437. #define KVM_X86_GRP_SEV 1
  438. # define KVM_X86_SEV_VMSA_FEATURES 0
  439. # define KVM_X86_SNP_POLICY_BITS 1
  440. # define KVM_X86_SEV_SNP_REQ_CERTS 2
  441. struct kvm_vmx_nested_state_data {
  442. __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
  443. __u8 shadow_vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
  444. };
  445. struct kvm_vmx_nested_state_hdr {
  446. __u64 vmxon_pa;
  447. __u64 vmcs12_pa;
  448. struct {
  449. __u16 flags;
  450. } smm;
  451. __u16 pad;
  452. __u32 flags;
  453. __u64 preemption_timer_deadline;
  454. };
  455. struct kvm_svm_nested_state_data {
  456. /* Save area only used if KVM_STATE_NESTED_RUN_PENDING. */
  457. __u8 vmcb12[KVM_STATE_NESTED_SVM_VMCB_SIZE];
  458. };
  459. struct kvm_svm_nested_state_hdr {
  460. __u64 vmcb_pa;
  461. };
  462. /* for KVM_CAP_NESTED_STATE */
  463. struct kvm_nested_state {
  464. __u16 flags;
  465. __u16 format;
  466. __u32 size;
  467. union {
  468. struct kvm_vmx_nested_state_hdr vmx;
  469. struct kvm_svm_nested_state_hdr svm;
  470. /* Pad the header to 128 bytes. */
  471. __u8 pad[120];
  472. } hdr;
  473. /*
  474. * Define data region as 0 bytes to preserve backwards-compatability
  475. * to old definition of kvm_nested_state in order to avoid changing
  476. * KVM_{GET,PUT}_NESTED_STATE ioctl values.
  477. */
  478. union {
  479. __DECLARE_FLEX_ARRAY(struct kvm_vmx_nested_state_data, vmx);
  480. __DECLARE_FLEX_ARRAY(struct kvm_svm_nested_state_data, svm);
  481. } data;
  482. };
  483. /* for KVM_CAP_PMU_EVENT_FILTER */
  484. struct kvm_pmu_event_filter {
  485. __u32 action;
  486. __u32 nevents;
  487. __u32 fixed_counter_bitmap;
  488. __u32 flags;
  489. __u32 pad[4];
  490. __DECLARE_FLEX_ARRAY(__u64, events);
  491. };
  492. #define KVM_PMU_EVENT_ALLOW 0
  493. #define KVM_PMU_EVENT_DENY 1
  494. #define KVM_PMU_EVENT_FLAG_MASKED_EVENTS _BITUL(0)
  495. #define KVM_PMU_EVENT_FLAGS_VALID_MASK (KVM_PMU_EVENT_FLAG_MASKED_EVENTS)
  496. /* for KVM_CAP_MCE */
  497. struct kvm_x86_mce {
  498. __u64 status;
  499. __u64 addr;
  500. __u64 misc;
  501. __u64 mcg_status;
  502. __u8 bank;
  503. __u8 pad1[7];
  504. __u64 pad2[3];
  505. };
  506. /* for KVM_CAP_XEN_HVM */
  507. #define KVM_XEN_HVM_CONFIG_HYPERCALL_MSR (1 << 0)
  508. #define KVM_XEN_HVM_CONFIG_INTERCEPT_HCALL (1 << 1)
  509. #define KVM_XEN_HVM_CONFIG_SHARED_INFO (1 << 2)
  510. #define KVM_XEN_HVM_CONFIG_RUNSTATE (1 << 3)
  511. #define KVM_XEN_HVM_CONFIG_EVTCHN_2LEVEL (1 << 4)
  512. #define KVM_XEN_HVM_CONFIG_EVTCHN_SEND (1 << 5)
  513. #define KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG (1 << 6)
  514. #define KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE (1 << 7)
  515. #define KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA (1 << 8)
  516. #define KVM_XEN_MSR_MIN_INDEX 0x40000000u
  517. #define KVM_XEN_MSR_MAX_INDEX 0x4fffffffu
  518. struct kvm_xen_hvm_config {
  519. __u32 flags;
  520. __u32 msr;
  521. __u64 blob_addr_32;
  522. __u64 blob_addr_64;
  523. __u8 blob_size_32;
  524. __u8 blob_size_64;
  525. __u8 pad2[30];
  526. };
  527. struct kvm_xen_hvm_attr {
  528. __u16 type;
  529. __u16 pad[3];
  530. union {
  531. __u8 long_mode;
  532. __u8 vector;
  533. __u8 runstate_update_flag;
  534. union {
  535. __u64 gfn;
  536. #define KVM_XEN_INVALID_GFN ((__u64)-1)
  537. __u64 hva;
  538. } shared_info;
  539. struct {
  540. __u32 send_port;
  541. __u32 type; /* EVTCHNSTAT_ipi / EVTCHNSTAT_interdomain */
  542. __u32 flags;
  543. #define KVM_XEN_EVTCHN_DEASSIGN (1 << 0)
  544. #define KVM_XEN_EVTCHN_UPDATE (1 << 1)
  545. #define KVM_XEN_EVTCHN_RESET (1 << 2)
  546. /*
  547. * Events sent by the guest are either looped back to
  548. * the guest itself (potentially on a different port#)
  549. * or signalled via an eventfd.
  550. */
  551. union {
  552. struct {
  553. __u32 port;
  554. __u32 vcpu;
  555. __u32 priority;
  556. } port;
  557. struct {
  558. __u32 port; /* Zero for eventfd */
  559. __s32 fd;
  560. } eventfd;
  561. __u32 padding[4];
  562. } deliver;
  563. } evtchn;
  564. __u32 xen_version;
  565. __u64 pad[8];
  566. } u;
  567. };
  568. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */
  569. #define KVM_XEN_ATTR_TYPE_LONG_MODE 0x0
  570. #define KVM_XEN_ATTR_TYPE_SHARED_INFO 0x1
  571. #define KVM_XEN_ATTR_TYPE_UPCALL_VECTOR 0x2
  572. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */
  573. #define KVM_XEN_ATTR_TYPE_EVTCHN 0x3
  574. #define KVM_XEN_ATTR_TYPE_XEN_VERSION 0x4
  575. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG */
  576. #define KVM_XEN_ATTR_TYPE_RUNSTATE_UPDATE_FLAG 0x5
  577. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA */
  578. #define KVM_XEN_ATTR_TYPE_SHARED_INFO_HVA 0x6
  579. struct kvm_xen_vcpu_attr {
  580. __u16 type;
  581. __u16 pad[3];
  582. union {
  583. __u64 gpa;
  584. #define KVM_XEN_INVALID_GPA ((__u64)-1)
  585. __u64 hva;
  586. __u64 pad[8];
  587. struct {
  588. __u64 state;
  589. __u64 state_entry_time;
  590. __u64 time_running;
  591. __u64 time_runnable;
  592. __u64 time_blocked;
  593. __u64 time_offline;
  594. } runstate;
  595. __u32 vcpu_id;
  596. struct {
  597. __u32 port;
  598. __u32 priority;
  599. __u64 expires_ns;
  600. } timer;
  601. __u8 vector;
  602. } u;
  603. };
  604. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */
  605. #define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO 0x0
  606. #define KVM_XEN_VCPU_ATTR_TYPE_VCPU_TIME_INFO 0x1
  607. #define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADDR 0x2
  608. #define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_CURRENT 0x3
  609. #define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_DATA 0x4
  610. #define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADJUST 0x5
  611. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */
  612. #define KVM_XEN_VCPU_ATTR_TYPE_VCPU_ID 0x6
  613. #define KVM_XEN_VCPU_ATTR_TYPE_TIMER 0x7
  614. #define KVM_XEN_VCPU_ATTR_TYPE_UPCALL_VECTOR 0x8
  615. /* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA */
  616. #define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO_HVA 0x9
  617. /* Secure Encrypted Virtualization command */
  618. enum sev_cmd_id {
  619. /* Guest initialization commands */
  620. KVM_SEV_INIT = 0,
  621. KVM_SEV_ES_INIT,
  622. /* Guest launch commands */
  623. KVM_SEV_LAUNCH_START,
  624. KVM_SEV_LAUNCH_UPDATE_DATA,
  625. KVM_SEV_LAUNCH_UPDATE_VMSA,
  626. KVM_SEV_LAUNCH_SECRET,
  627. KVM_SEV_LAUNCH_MEASURE,
  628. KVM_SEV_LAUNCH_FINISH,
  629. /* Guest migration commands (outgoing) */
  630. KVM_SEV_SEND_START,
  631. KVM_SEV_SEND_UPDATE_DATA,
  632. KVM_SEV_SEND_UPDATE_VMSA,
  633. KVM_SEV_SEND_FINISH,
  634. /* Guest migration commands (incoming) */
  635. KVM_SEV_RECEIVE_START,
  636. KVM_SEV_RECEIVE_UPDATE_DATA,
  637. KVM_SEV_RECEIVE_UPDATE_VMSA,
  638. KVM_SEV_RECEIVE_FINISH,
  639. /* Guest status and debug commands */
  640. KVM_SEV_GUEST_STATUS,
  641. KVM_SEV_DBG_DECRYPT,
  642. KVM_SEV_DBG_ENCRYPT,
  643. /* Guest certificates commands */
  644. KVM_SEV_CERT_EXPORT,
  645. /* Attestation report */
  646. KVM_SEV_GET_ATTESTATION_REPORT,
  647. /* Guest Migration Extension */
  648. KVM_SEV_SEND_CANCEL,
  649. /* Second time is the charm; improved versions of the above ioctls. */
  650. KVM_SEV_INIT2,
  651. /* SNP-specific commands */
  652. KVM_SEV_SNP_LAUNCH_START = 100,
  653. KVM_SEV_SNP_LAUNCH_UPDATE,
  654. KVM_SEV_SNP_LAUNCH_FINISH,
  655. KVM_SEV_SNP_ENABLE_REQ_CERTS,
  656. KVM_SEV_NR_MAX,
  657. };
  658. struct kvm_sev_cmd {
  659. __u32 id;
  660. __u32 pad0;
  661. __u64 data;
  662. __u32 error;
  663. __u32 sev_fd;
  664. };
  665. struct kvm_sev_init {
  666. __u64 vmsa_features;
  667. __u32 flags;
  668. __u16 ghcb_version;
  669. __u16 pad1;
  670. __u32 pad2[8];
  671. };
  672. struct kvm_sev_launch_start {
  673. __u32 handle;
  674. __u32 policy;
  675. __u64 dh_uaddr;
  676. __u32 dh_len;
  677. __u32 pad0;
  678. __u64 session_uaddr;
  679. __u32 session_len;
  680. __u32 pad1;
  681. };
  682. struct kvm_sev_launch_update_data {
  683. __u64 uaddr;
  684. __u32 len;
  685. __u32 pad0;
  686. };
  687. struct kvm_sev_launch_secret {
  688. __u64 hdr_uaddr;
  689. __u32 hdr_len;
  690. __u32 pad0;
  691. __u64 guest_uaddr;
  692. __u32 guest_len;
  693. __u32 pad1;
  694. __u64 trans_uaddr;
  695. __u32 trans_len;
  696. __u32 pad2;
  697. };
  698. struct kvm_sev_launch_measure {
  699. __u64 uaddr;
  700. __u32 len;
  701. __u32 pad0;
  702. };
  703. struct kvm_sev_guest_status {
  704. __u32 handle;
  705. __u32 policy;
  706. __u32 state;
  707. };
  708. struct kvm_sev_dbg {
  709. __u64 src_uaddr;
  710. __u64 dst_uaddr;
  711. __u32 len;
  712. __u32 pad0;
  713. };
  714. struct kvm_sev_attestation_report {
  715. __u8 mnonce[16];
  716. __u64 uaddr;
  717. __u32 len;
  718. __u32 pad0;
  719. };
  720. struct kvm_sev_send_start {
  721. __u32 policy;
  722. __u32 pad0;
  723. __u64 pdh_cert_uaddr;
  724. __u32 pdh_cert_len;
  725. __u32 pad1;
  726. __u64 plat_certs_uaddr;
  727. __u32 plat_certs_len;
  728. __u32 pad2;
  729. __u64 amd_certs_uaddr;
  730. __u32 amd_certs_len;
  731. __u32 pad3;
  732. __u64 session_uaddr;
  733. __u32 session_len;
  734. __u32 pad4;
  735. };
  736. struct kvm_sev_send_update_data {
  737. __u64 hdr_uaddr;
  738. __u32 hdr_len;
  739. __u32 pad0;
  740. __u64 guest_uaddr;
  741. __u32 guest_len;
  742. __u32 pad1;
  743. __u64 trans_uaddr;
  744. __u32 trans_len;
  745. __u32 pad2;
  746. };
  747. struct kvm_sev_receive_start {
  748. __u32 handle;
  749. __u32 policy;
  750. __u64 pdh_uaddr;
  751. __u32 pdh_len;
  752. __u32 pad0;
  753. __u64 session_uaddr;
  754. __u32 session_len;
  755. __u32 pad1;
  756. };
  757. struct kvm_sev_receive_update_data {
  758. __u64 hdr_uaddr;
  759. __u32 hdr_len;
  760. __u32 pad0;
  761. __u64 guest_uaddr;
  762. __u32 guest_len;
  763. __u32 pad1;
  764. __u64 trans_uaddr;
  765. __u32 trans_len;
  766. __u32 pad2;
  767. };
  768. struct kvm_sev_snp_launch_start {
  769. __u64 policy;
  770. __u8 gosvw[16];
  771. __u16 flags;
  772. __u8 pad0[6];
  773. __u64 pad1[4];
  774. };
  775. /* Kept in sync with firmware values for simplicity. */
  776. #define KVM_SEV_PAGE_TYPE_INVALID 0x0
  777. #define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1
  778. #define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3
  779. #define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4
  780. #define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5
  781. #define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6
  782. struct kvm_sev_snp_launch_update {
  783. __u64 gfn_start;
  784. __u64 uaddr;
  785. __u64 len;
  786. __u8 type;
  787. __u8 pad0;
  788. __u16 flags;
  789. __u32 pad1;
  790. __u64 pad2[4];
  791. };
  792. #define KVM_SEV_SNP_ID_BLOCK_SIZE 96
  793. #define KVM_SEV_SNP_ID_AUTH_SIZE 4096
  794. #define KVM_SEV_SNP_FINISH_DATA_SIZE 32
  795. struct kvm_sev_snp_launch_finish {
  796. __u64 id_block_uaddr;
  797. __u64 id_auth_uaddr;
  798. __u8 id_block_en;
  799. __u8 auth_key_en;
  800. __u8 vcek_disabled;
  801. __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE];
  802. __u8 pad0[3];
  803. __u16 flags;
  804. __u64 pad1[4];
  805. };
  806. #define KVM_X2APIC_API_USE_32BIT_IDS _BITULL(0)
  807. #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK _BITULL(1)
  808. #define KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST _BITULL(2)
  809. #define KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST _BITULL(3)
  810. struct kvm_hyperv_eventfd {
  811. __u32 conn_id;
  812. __s32 fd;
  813. __u32 flags;
  814. __u32 padding[3];
  815. };
  816. #define KVM_HYPERV_CONN_ID_MASK 0x00ffffff
  817. #define KVM_HYPERV_EVENTFD_DEASSIGN (1 << 0)
  818. /*
  819. * Masked event layout.
  820. * Bits Description
  821. * ---- -----------
  822. * 7:0 event select (low bits)
  823. * 15:8 umask match
  824. * 31:16 unused
  825. * 35:32 event select (high bits)
  826. * 36:54 unused
  827. * 55 exclude bit
  828. * 63:56 umask mask
  829. */
  830. #define KVM_PMU_ENCODE_MASKED_ENTRY(event_select, mask, match, exclude) \
  831. (((event_select) & 0xFFULL) | (((event_select) & 0XF00ULL) << 24) | \
  832. (((mask) & 0xFFULL) << 56) | \
  833. (((match) & 0xFFULL) << 8) | \
  834. ((__u64)(!!(exclude)) << 55))
  835. #define KVM_PMU_MASKED_ENTRY_EVENT_SELECT \
  836. (__GENMASK_ULL(7, 0) | __GENMASK_ULL(35, 32))
  837. #define KVM_PMU_MASKED_ENTRY_UMASK_MASK (__GENMASK_ULL(63, 56))
  838. #define KVM_PMU_MASKED_ENTRY_UMASK_MATCH (__GENMASK_ULL(15, 8))
  839. #define KVM_PMU_MASKED_ENTRY_EXCLUDE (_BITULL(55))
  840. #define KVM_PMU_MASKED_ENTRY_UMASK_MASK_SHIFT (56)
  841. /* for KVM_{GET,SET,HAS}_DEVICE_ATTR */
  842. #define KVM_VCPU_TSC_CTRL 0 /* control group for the timestamp counter (TSC) */
  843. #define KVM_VCPU_TSC_OFFSET 0 /* attribute for the TSC offset */
  844. /* x86-specific KVM_EXIT_HYPERCALL flags. */
  845. #define KVM_EXIT_HYPERCALL_LONG_MODE _BITULL(0)
  846. #define KVM_X86_DEFAULT_VM 0
  847. #define KVM_X86_SW_PROTECTED_VM 1
  848. #define KVM_X86_SEV_VM 2
  849. #define KVM_X86_SEV_ES_VM 3
  850. #define KVM_X86_SNP_VM 4
  851. #define KVM_X86_TDX_VM 5
  852. /* Trust Domain eXtension sub-ioctl() commands. */
  853. enum kvm_tdx_cmd_id {
  854. KVM_TDX_CAPABILITIES = 0,
  855. KVM_TDX_INIT_VM,
  856. KVM_TDX_INIT_VCPU,
  857. KVM_TDX_INIT_MEM_REGION,
  858. KVM_TDX_FINALIZE_VM,
  859. KVM_TDX_GET_CPUID,
  860. KVM_TDX_CMD_NR_MAX,
  861. };
  862. struct kvm_tdx_cmd {
  863. /* enum kvm_tdx_cmd_id */
  864. __u32 id;
  865. /* flags for sub-commend. If sub-command doesn't use this, set zero. */
  866. __u32 flags;
  867. /*
  868. * data for each sub-command. An immediate or a pointer to the actual
  869. * data in process virtual address. If sub-command doesn't use it,
  870. * set zero.
  871. */
  872. __u64 data;
  873. /*
  874. * Auxiliary error code. The sub-command may return TDX SEAMCALL
  875. * status code in addition to -Exxx.
  876. */
  877. __u64 hw_error;
  878. };
  879. struct kvm_tdx_capabilities {
  880. __u64 supported_attrs;
  881. __u64 supported_xfam;
  882. __u64 kernel_tdvmcallinfo_1_r11;
  883. __u64 user_tdvmcallinfo_1_r11;
  884. __u64 kernel_tdvmcallinfo_1_r12;
  885. __u64 user_tdvmcallinfo_1_r12;
  886. __u64 reserved[250];
  887. /* Configurable CPUID bits for userspace */
  888. struct kvm_cpuid2 cpuid;
  889. };
  890. struct kvm_tdx_init_vm {
  891. __u64 attributes;
  892. __u64 xfam;
  893. __u64 mrconfigid[6]; /* sha384 digest */
  894. __u64 mrowner[6]; /* sha384 digest */
  895. __u64 mrownerconfig[6]; /* sha384 digest */
  896. /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */
  897. __u64 reserved[12];
  898. /*
  899. * Call KVM_TDX_INIT_VM before vcpu creation, thus before
  900. * KVM_SET_CPUID2.
  901. * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the
  902. * TDX module directly virtualizes those CPUIDs without VMM. The user
  903. * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with
  904. * those values. If it doesn't, KVM may have wrong idea of vCPUIDs of
  905. * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX
  906. * module doesn't virtualize.
  907. */
  908. struct kvm_cpuid2 cpuid;
  909. };
  910. #define KVM_TDX_MEASURE_MEMORY_REGION _BITULL(0)
  911. struct kvm_tdx_init_mem_region {
  912. __u64 source_addr;
  913. __u64 gpa;
  914. __u64 nr_pages;
  915. };
  916. #endif /* _ASM_X86_KVM_H */