xref: /illumos-gate/usr/src/uts/intel/sys/vmm.h (revision 32640292)

/*-
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Copyright (c) 2011 NetApp, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY NETAPP, INC ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL NETAPP, INC OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
/*
 * This file and its contents are supplied under the terms of the
 * Common Development and Distribution License ("CDDL"), version 1.0.
 * You may only use this file in accordance with the terms of version
 * 1.0 of the CDDL.
 *
 * A full copy of the text of the CDDL should have accompanied this
 * source.  A copy of the CDDL is also available via the Internet at
 * http://www.illumos.org/license/CDDL.
 *
 * Copyright 2015 Pluribus Networks Inc.
 * Copyright 2019 Joyent, Inc.
 * Copyright 2022 Oxide Computer Company
 */

#ifndef _VMM_H_
#define	_VMM_H_

enum vm_suspend_how {
	VM_SUSPEND_NONE,
	VM_SUSPEND_RESET,
	VM_SUSPEND_POWEROFF,
	VM_SUSPEND_HALT,
	VM_SUSPEND_TRIPLEFAULT,
	VM_SUSPEND_LAST
};

/*
 * Identifiers for architecturally defined registers.
 */
enum vm_reg_name {
	VM_REG_GUEST_RAX,
	VM_REG_GUEST_RBX,
	VM_REG_GUEST_RCX,
	VM_REG_GUEST_RDX,
	VM_REG_GUEST_RSI,
	VM_REG_GUEST_RDI,
	VM_REG_GUEST_RBP,
	VM_REG_GUEST_R8,
	VM_REG_GUEST_R9,
	VM_REG_GUEST_R10,
	VM_REG_GUEST_R11,
	VM_REG_GUEST_R12,
	VM_REG_GUEST_R13,
	VM_REG_GUEST_R14,
	VM_REG_GUEST_R15,
	VM_REG_GUEST_CR0,
	VM_REG_GUEST_CR3,
	VM_REG_GUEST_CR4,
	VM_REG_GUEST_DR7,
	VM_REG_GUEST_RSP,
	VM_REG_GUEST_RIP,
	VM_REG_GUEST_RFLAGS,
	VM_REG_GUEST_ES,
	VM_REG_GUEST_CS,
	VM_REG_GUEST_SS,
	VM_REG_GUEST_DS,
	VM_REG_GUEST_FS,
	VM_REG_GUEST_GS,
	VM_REG_GUEST_LDTR,
	VM_REG_GUEST_TR,
	VM_REG_GUEST_IDTR,
	VM_REG_GUEST_GDTR,
	VM_REG_GUEST_EFER,
	VM_REG_GUEST_CR2,
	VM_REG_GUEST_PDPTE0,
	VM_REG_GUEST_PDPTE1,
	VM_REG_GUEST_PDPTE2,
	VM_REG_GUEST_PDPTE3,
	VM_REG_GUEST_INTR_SHADOW,
	VM_REG_GUEST_DR0,
	VM_REG_GUEST_DR1,
	VM_REG_GUEST_DR2,
	VM_REG_GUEST_DR3,
	VM_REG_GUEST_DR6,
	VM_REG_GUEST_ENTRY_INST_LENGTH,
	VM_REG_GUEST_XCR0,
	VM_REG_LAST
};

enum x2apic_state {
	X2APIC_DISABLED,
	X2APIC_ENABLED,
	X2APIC_STATE_LAST
};

#define	VM_INTINFO_MASK_VECTOR	0xffUL
#define	VM_INTINFO_MASK_TYPE	0x700UL
#define	VM_INTINFO_MASK_RSVD	0x7ffff000UL
#define	VM_INTINFO_SHIFT_ERRCODE 32

#define	VM_INTINFO_VECTOR(val)	((val) & VM_INTINFO_MASK_VECTOR)
#define	VM_INTINFO_TYPE(val)	((val) & VM_INTINFO_MASK_TYPE)
#define	VM_INTINFO_ERRCODE(val)	((val) >> VM_INTINFO_SHIFT_ERRCODE)
#define	VM_INTINFO_PENDING(val)	(((val) & VM_INTINFO_VALID) != 0)
#define	VM_INTINFO_HAS_ERRCODE(val) (((val) & VM_INTINFO_DEL_ERRCODE) != 0)

#define	VM_INTINFO_VALID	(1UL << 31)
#define	VM_INTINFO_DEL_ERRCODE	(1UL << 11)

#define	VM_INTINFO_HWINTR	(0 << 8)
#define	VM_INTINFO_NMI		(2 << 8)
#define	VM_INTINFO_HWEXCP	(3 << 8)
#define	VM_INTINFO_SWINTR	(4 << 8)
/* Reserved for CPU (read: Intel) specific types */
#define	VM_INTINFO_RESV1	(1 << 8)
#define	VM_INTINFO_RESV5	(5 << 8)
#define	VM_INTINFO_RESV6	(6 << 8)
#define	VM_INTINFO_RESV7	(7 << 8)

/*
 * illumos doesn't have a limitation based on SPECNAMELEN like FreeBSD does.
 * To simplify structure definitions, an arbitrary limit has been chosen.
 * This same limit is used for memory segment names
 */

#define	VM_MAX_NAMELEN		128
#define	VM_MAX_SEG_NAMELEN	128

#ifdef _KERNEL
#define	VM_MAXCPU	32			/* maximum virtual cpus */
#endif

/*
 * Identifiers for optional vmm capabilities
 */
enum vm_cap_type {
	VM_CAP_HALT_EXIT,
	VM_CAP_MTRAP_EXIT,
	VM_CAP_PAUSE_EXIT,
	VM_CAP_ENABLE_INVPCID,
	VM_CAP_BPT_EXIT,
	VM_CAP_MAX
};

enum vmx_caps {
	VMX_CAP_NONE		= 0,
	VMX_CAP_TPR_SHADOW	= (1UL << 0),
	VMX_CAP_APICV		= (1UL << 1),
	VMX_CAP_APICV_X2APIC	= (1UL << 2),
	VMX_CAP_APICV_PIR	= (1UL << 3),
};

enum vm_intr_trigger {
	EDGE_TRIGGER,
	LEVEL_TRIGGER
};

/*
 * The 'access' field has the format specified in Table 21-2 of the Intel
 * Architecture Manual vol 3b.
 *
 * XXX The contents of the 'access' field are architecturally defined except
 * bit 16 - Segment Unusable.
 */
struct seg_desc {
	uint64_t	base;
	uint32_t	limit;
	uint32_t	access;
};
#define	SEG_DESC_TYPE(access)		((access) & 0x001f)
#define	SEG_DESC_DPL_MASK		0x3
#define	SEG_DESC_DPL_SHIFT		5
#define	SEG_DESC_DPL(access)		\
	(((access) >> SEG_DESC_DPL_SHIFT) & SEG_DESC_DPL_MASK)
#define	SEG_DESC_PRESENT(access)	(((access) & 0x0080) ? 1 : 0)
#define	SEG_DESC_DEF32(access)		(((access) & 0x4000) ? 1 : 0)
#define	SEG_DESC_GRANULARITY(access)	(((access) & 0x8000) ? 1 : 0)
#define	SEG_DESC_UNUSABLE(access)	(((access) & 0x10000) ? 1 : 0)

enum vm_cpu_mode {
	CPU_MODE_REAL,
	CPU_MODE_PROTECTED,
	CPU_MODE_COMPATIBILITY,		/* IA-32E mode (CS.L = 0) */
	CPU_MODE_64BIT,			/* IA-32E mode (CS.L = 1) */
};

enum vm_paging_mode {
	PAGING_MODE_FLAT,
	PAGING_MODE_32,
	PAGING_MODE_PAE,
	PAGING_MODE_64,
};

struct vm_guest_paging {
	uint64_t	cr3;
	int		cpl;
	enum vm_cpu_mode cpu_mode;
	enum vm_paging_mode paging_mode;
};

enum vm_exitcode {
	VM_EXITCODE_INOUT,
	VM_EXITCODE_VMX,
	VM_EXITCODE_BOGUS,
	VM_EXITCODE_RDMSR,
	VM_EXITCODE_WRMSR,
	VM_EXITCODE_HLT,
	VM_EXITCODE_MTRAP,
	VM_EXITCODE_PAUSE,
	VM_EXITCODE_PAGING,
	VM_EXITCODE_INST_EMUL,
	VM_EXITCODE_RUN_STATE,
	VM_EXITCODE_MMIO_EMUL,
	VM_EXITCODE_DEPRECATED,	/* formerly RUNBLOCK */
	VM_EXITCODE_IOAPIC_EOI,
	VM_EXITCODE_SUSPENDED,
	VM_EXITCODE_MMIO,
	VM_EXITCODE_TASK_SWITCH,
	VM_EXITCODE_MONITOR,
	VM_EXITCODE_MWAIT,
	VM_EXITCODE_SVM,
	VM_EXITCODE_DEPRECATED2, /* formerly REQIDLE */
	VM_EXITCODE_DEBUG,
	VM_EXITCODE_VMINSN,
	VM_EXITCODE_BPT,
	VM_EXITCODE_HT,
	VM_EXITCODE_MAX
};

enum inout_flags {
	INOUT_IN	= (1U << 0), /* direction: 'in' when set, else 'out' */

	/*
	 * The following flags are used only for in-kernel emulation logic and
	 * are not exposed to userspace.
	 */
	INOUT_STR	= (1U << 1), /* ins/outs operation */
	INOUT_REP	= (1U << 2), /* 'rep' prefix present on instruction */
};

struct vm_inout {
	uint32_t	eax;
	uint16_t	port;
	uint8_t		bytes;		/* 1 or 2 or 4 */
	uint8_t		flags;		/* see: inout_flags */

	/*
	 * The address size and segment are relevant to INS/OUTS operations.
	 * Userspace is not concerned with them since the in-kernel emulation
	 * handles those specific aspects.
	 */
	uint8_t		addrsize;
	uint8_t		segment;
};

struct vm_mmio {
	uint8_t		bytes;		/* 1/2/4/8 bytes */
	uint8_t		read;		/* read: 1, write: 0 */
	uint16_t	_pad[3];
	uint64_t	gpa;
	uint64_t	data;
};

enum task_switch_reason {
	TSR_CALL,
	TSR_IRET,
	TSR_JMP,
	TSR_IDT_GATE,	/* task gate in IDT */
};

struct vm_task_switch {
	uint16_t	tsssel;		/* new TSS selector */
	int		ext;		/* task switch due to external event */
	uint32_t	errcode;
	int		errcode_valid;	/* push 'errcode' on the new stack */
	enum task_switch_reason reason;
	struct vm_guest_paging paging;
};

enum vcpu_run_state {
	VRS_HALT		= 0,
	VRS_INIT		= (1 << 0),
	VRS_RUN			= (1 << 1),

	VRS_PEND_INIT		= (1 << 14),
	VRS_PEND_SIPI		= (1 << 15),
};
#define VRS_MASK_VALID(v)	\
	((v) & (VRS_INIT | VRS_RUN | VRS_PEND_SIPI | VRS_PEND_SIPI))
#define VRS_IS_VALID(v)		((v) == VRS_MASK_VALID(v))

struct vm_exit {
	enum vm_exitcode	exitcode;
	int			inst_length;	/* 0 means unknown */
	uint64_t		rip;
	union {
		struct vm_inout	inout;
		struct vm_mmio	mmio;
		struct {
			uint64_t	gpa;
			int		fault_type;
		} paging;
		/*
		 * Kernel-internal MMIO decoding and emulation.
		 * Userspace should not expect to see this, but rather a
		 * VM_EXITCODE_MMIO with the above 'mmio' context.
		 */
		struct {
			uint64_t	gpa;
			uint64_t	gla;
			uint64_t	cs_base;
			int		cs_d;		/* CS.D */
		} mmio_emul;
		struct {
			uint8_t		inst[15];
			uint8_t		num_valid;
		} inst_emul;
		/*
		 * VMX specific payload. Used when there is no "better"
		 * exitcode to represent the VM-exit.
		 */
		struct {
			int		status;		/* vmx inst status */
			/*
			 * 'exit_reason' and 'exit_qualification' are valid
			 * only if 'status' is zero.
			 */
			uint32_t	exit_reason;
			uint64_t	exit_qualification;
			/*
			 * 'inst_error' and 'inst_type' are valid
			 * only if 'status' is non-zero.
			 */
			int		inst_type;
			int		inst_error;
		} vmx;
		/*
		 * SVM specific payload.
		 */
		struct {
			uint64_t	exitcode;
			uint64_t	exitinfo1;
			uint64_t	exitinfo2;
		} svm;
		struct {
			int		inst_length;
		} bpt;
		struct {
			uint32_t	code;		/* ecx value */
			uint64_t	wval;
		} msr;
		struct {
			uint64_t	rflags;
		} hlt;
		struct {
			int		vector;
		} ioapic_eoi;
		struct {
			enum vm_suspend_how how;
			/*
			 * Source vcpuid for suspend status.  Typically -1,
			 * except for triple-fault events which occur on a
			 * specific faulting vCPU.
			 */
			int source;
			/*
			 * When suspend status was set on VM, measured in
			 * nanoseconds since VM boot.
			 */
			uint64_t when;
		} suspended;
		struct vm_task_switch task_switch;
	} u;
};

enum vm_entry_cmds {
	VEC_DEFAULT = 0,
	VEC_DISCARD_INSTR,	/* discard inst emul state */
	VEC_FULFILL_MMIO,	/* entry includes result for mmio emul */
	VEC_FULFILL_INOUT,	/* entry includes result for inout emul */

	/* Below are flags which can be combined with the above commands: */

	/*
	 * Exit to userspace when vCPU is in consistent state: when any pending
	 * instruction emulation tasks have been completed and committed to the
	 * architecturally defined state.
	 */
	VEC_FLAG_EXIT_CONSISTENT	= 1 << 31,
};

struct vm_entry {
	int cpuid;
	uint_t cmd;		/* see: vm_entry_cmds */
	void *exit_data;
	union {
		struct vm_inout inout;
		struct vm_mmio mmio;
	} u;
};

int vm_restart_instruction(void *vm, int vcpuid);

enum vm_create_flags {
	/*
	 * Allocate guest memory segments from existing reservoir capacity,
	 * rather than attempting to create transient allocations.
	 */
	VCF_RESERVOIR_MEM = (1 << 0),

	/*
	 * Enable dirty page tracking for the guest.
	 */
	VCF_TRACK_DIRTY = (1 << 1),
};

/*
 * Describes an entry for `cpuid` emulation.
 * Used internally by bhyve (kernel) in addition to exposed ioctl(2) interface.
 */
struct vcpu_cpuid_entry {
	uint32_t	vce_function;
	uint32_t	vce_index;
	uint32_t	vce_flags;
	uint32_t	vce_eax;
	uint32_t	vce_ebx;
	uint32_t	vce_ecx;
	uint32_t	vce_edx;
	uint32_t	_pad;
};

/*
 * Defined flags for vcpu_cpuid_entry`vce_flags are below.
 */

/* Use index (ecx) input value when matching entry */
#define	VCE_FLAG_MATCH_INDEX		(1 << 0)

/* All valid flacts for vcpu_cpuid_entry`vce_flags */
#define	VCE_FLAGS_VALID		VCE_FLAG_MATCH_INDEX

/*
 * Defined flags for vcpu_cpuid configuration are below.
 * These are used by both the ioctl(2) interface via vm_vcpu_cpuid_config and
 * internally in the kernel vmm.
 */

/* Use legacy hard-coded cpuid masking tables applied to the host CPU */
#define	VCC_FLAG_LEGACY_HANDLING	(1 << 0)
/*
 * Emulate Intel-style fallback behavior (emit highest "standard" entry) if the
 * queried function/index do not match.  If not set, emulate AMD-style, where
 * all zeroes are returned in such cases.
 */
#define	VCC_FLAG_INTEL_FALLBACK		(1 << 1)

/* All valid flacts for vm_vcpu_cpuid_config`vvcc_flags */
#define	VCC_FLAGS_VALID		\
	(VCC_FLAG_LEGACY_HANDLING | VCC_FLAG_INTEL_FALLBACK)

/* Maximum vcpu_cpuid_entry records per vCPU */
#define	VMM_MAX_CPUID_ENTRIES		256

#endif	/* _VMM_H_ */