1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
|
#ifndef __ASM_MSR_H
#define __ASM_MSR_H
#include "msr-index.h"
#include <xen/types.h>
#include <xen/percpu.h>
#include <xen/errno.h>
#include <xen/lib/x86/msr.h>
#include <asm/asm_defns.h>
#include <asm/cpufeature.h>
#include <asm/processor.h>
#define rdmsr(msr,val1,val2) \
__asm__ __volatile__("rdmsr" \
: "=a" (val1), "=d" (val2) \
: "c" (msr))
#define rdmsrl(msr,val) do { unsigned long a__,b__; \
__asm__ __volatile__("rdmsr" \
: "=a" (a__), "=d" (b__) \
: "c" (msr)); \
val = a__ | ((u64)b__<<32); \
} while(0)
#define wrmsr(msr,val1,val2) \
__asm__ __volatile__("wrmsr" \
: /* no outputs */ \
: "c" (msr), "a" (val1), "d" (val2))
static inline void wrmsrl(unsigned int msr, __u64 val)
{
__u32 lo, hi;
lo = (__u32)val;
hi = (__u32)(val >> 32);
wrmsr(msr, lo, hi);
}
/* rdmsr with exception handling */
#define rdmsr_safe(msr,val) ({\
int rc_; \
uint32_t lo_, hi_; \
__asm__ __volatile__( \
"1: rdmsr\n2:\n" \
".section .fixup,\"ax\"\n" \
"3: xorl %0,%0\n; xorl %1,%1\n" \
" movl %5,%2\n; jmp 2b\n" \
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "=a" (lo_), "=d" (hi_), "=&r" (rc_) \
: "c" (msr), "2" (0), "i" (-EFAULT)); \
val = lo_ | ((uint64_t)hi_ << 32); \
rc_; })
/* wrmsr with exception handling */
static inline int wrmsr_safe(unsigned int msr, uint64_t val)
{
int rc;
uint32_t lo, hi;
lo = (uint32_t)val;
hi = (uint32_t)(val >> 32);
__asm__ __volatile__(
"1: wrmsr\n2:\n"
".section .fixup,\"ax\"\n"
"3: movl %5,%0\n; jmp 2b\n"
".previous\n"
_ASM_EXTABLE(1b, 3b)
: "=&r" (rc)
: "c" (msr), "a" (lo), "d" (hi), "0" (0), "i" (-EFAULT));
return rc;
}
static inline uint64_t msr_fold(const struct cpu_user_regs *regs)
{
return (regs->rdx << 32) | regs->eax;
}
static inline void msr_split(struct cpu_user_regs *regs, uint64_t val)
{
regs->rdx = val >> 32;
regs->rax = (uint32_t)val;
}
static inline uint64_t rdtsc(void)
{
uint32_t low, high;
__asm__ __volatile__("rdtsc" : "=a" (low), "=d" (high));
return ((uint64_t)high << 32) | low;
}
static inline uint64_t rdtsc_ordered(void)
{
/*
* The RDTSC instruction is not ordered relative to memory access.
* The Intel SDM and the AMD APM are both vague on this point, but
* empirically an RDTSC instruction can be speculatively executed
* before prior loads. An RDTSC immediately after an appropriate
* barrier appears to be ordered as a normal load, that is, it
* provides the same ordering guarantees as reading from a global
* memory location that some other imaginary CPU is updating
* continuously with a time stamp.
*/
alternative("lfence", "mfence", X86_FEATURE_MFENCE_RDTSC);
return rdtsc();
}
#define __write_tsc(val) wrmsrl(MSR_IA32_TSC, val)
#define write_tsc(val) ({ \
/* Reliable TSCs are in lockstep across all CPUs. We should \
* never write to them. */ \
ASSERT(!boot_cpu_has(X86_FEATURE_TSC_RELIABLE)); \
__write_tsc(val); \
})
#define rdpmc(counter,low,high) \
__asm__ __volatile__("rdpmc" \
: "=a" (low), "=d" (high) \
: "c" (counter))
/*
* On hardware supporting FSGSBASE, the value loaded into hardware is the
* guest kernel's choice for 64bit PV guests (Xen's choice for Idle, HVM and
* 32bit PV).
*
* Therefore, the {RD,WR}{FS,GS}BASE instructions are only safe to use if
* %cr4.fsgsbase is set.
*/
static inline unsigned long __rdfsbase(void)
{
unsigned long base;
#ifdef HAVE_AS_FSGSBASE
asm volatile ( "rdfsbase %0" : "=r" (base) );
#else
asm volatile ( ".byte 0xf3, 0x48, 0x0f, 0xae, 0xc0" : "=a" (base) );
#endif
return base;
}
static inline unsigned long __rdgsbase(void)
{
unsigned long base;
#ifdef HAVE_AS_FSGSBASE
asm volatile ( "rdgsbase %0" : "=r" (base) );
#else
asm volatile ( ".byte 0xf3, 0x48, 0x0f, 0xae, 0xc8" : "=a" (base) );
#endif
return base;
}
static inline void __wrfsbase(unsigned long base)
{
#ifdef HAVE_AS_FSGSBASE
asm volatile ( "wrfsbase %0" :: "r" (base) );
#else
asm volatile ( ".byte 0xf3, 0x48, 0x0f, 0xae, 0xd0" :: "a" (base) );
#endif
}
static inline void __wrgsbase(unsigned long base)
{
#ifdef HAVE_AS_FSGSBASE
asm volatile ( "wrgsbase %0" :: "r" (base) );
#else
asm volatile ( ".byte 0xf3, 0x48, 0x0f, 0xae, 0xd8" :: "a" (base) );
#endif
}
static inline unsigned long read_fs_base(void)
{
unsigned long base;
if ( read_cr4() & X86_CR4_FSGSBASE )
return __rdfsbase();
rdmsrl(MSR_FS_BASE, base);
return base;
}
static inline unsigned long read_gs_base(void)
{
unsigned long base;
if ( read_cr4() & X86_CR4_FSGSBASE )
return __rdgsbase();
rdmsrl(MSR_GS_BASE, base);
return base;
}
static inline unsigned long read_gs_shadow(void)
{
unsigned long base;
if ( read_cr4() & X86_CR4_FSGSBASE )
{
asm volatile ( "swapgs" );
base = __rdgsbase();
asm volatile ( "swapgs" );
}
else
rdmsrl(MSR_SHADOW_GS_BASE, base);
return base;
}
static inline void write_fs_base(unsigned long base)
{
if ( read_cr4() & X86_CR4_FSGSBASE )
__wrfsbase(base);
else
wrmsrl(MSR_FS_BASE, base);
}
static inline void write_gs_base(unsigned long base)
{
if ( read_cr4() & X86_CR4_FSGSBASE )
__wrgsbase(base);
else
wrmsrl(MSR_GS_BASE, base);
}
static inline void write_gs_shadow(unsigned long base)
{
if ( read_cr4() & X86_CR4_FSGSBASE )
{
asm volatile ( "swapgs\n\t"
#ifdef HAVE_AS_FSGSBASE
"wrgsbase %0\n\t"
"swapgs"
:: "r" (base) );
#else
".byte 0xf3, 0x48, 0x0f, 0xae, 0xd8\n\t"
"swapgs"
:: "a" (base) );
#endif
}
else
wrmsrl(MSR_SHADOW_GS_BASE, base);
}
DECLARE_PER_CPU(uint64_t, efer);
static inline uint64_t read_efer(void)
{
return this_cpu(efer);
}
static inline void write_efer(uint64_t val)
{
this_cpu(efer) = val;
wrmsrl(MSR_EFER, val);
}
extern unsigned int ler_msr;
DECLARE_PER_CPU(uint32_t, tsc_aux);
/* Lazy update of MSR_TSC_AUX */
static inline void wrmsr_tsc_aux(uint32_t val)
{
uint32_t *this_tsc_aux = &this_cpu(tsc_aux);
if ( *this_tsc_aux != val )
{
wrmsr(MSR_TSC_AUX, val, 0);
*this_tsc_aux = val;
}
}
uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp);
extern struct msr_policy raw_msr_policy,
host_msr_policy,
pv_max_msr_policy,
pv_def_msr_policy,
hvm_max_msr_policy,
hvm_def_msr_policy;
/* Container object for per-vCPU MSRs */
struct vcpu_msrs
{
/*
* 0x00000048 - MSR_SPEC_CTRL
*
* For PV guests, this holds the guest kernel value. It is accessed on
* every entry/exit path.
*
* For VT-x guests, the guest value is held in the MSR guest load/save
* list.
*
* For SVM, the guest value lives in the VMCB, and hardware saves/restores
* the host value automatically. However, guests run with the OR of the
* host and guest value, which allows Xen to set protections behind the
* guest's back.
*
* We must clear/restore Xen's value before/after VMRUN to avoid unduly
* influencing the guest. In order to support "behind the guest's back"
* protections, we load this value (commonly 0) before VMRUN.
*/
struct {
uint32_t raw;
} spec_ctrl;
/*
* 0x00000140 - MSR_INTEL_MISC_FEATURES_ENABLES
*
* This MSR is non-architectural, but for simplicy we allow it to be read
* unconditionally. The CPUID Faulting bit is the only writeable bit, and
* only if enumerated by MSR_PLATFORM_INFO.
*/
union {
uint32_t raw;
struct {
bool cpuid_faulting:1;
};
} misc_features_enables;
/*
* 0x00000560 ... 57x - MSR_RTIT_*
*
* "Real Time Instruction Trace", now called Processor Trace.
*
* These MSRs are not exposed to guests. They are controlled by Xen
* behind the scenes, when vmtrace is enabled for the domain.
*
* MSR_RTIT_OUTPUT_BASE not stored here. It is fixed per vcpu, and
* derived from v->vmtrace.buf.
*/
struct {
/*
* Placed in the MSR load/save lists. Only modified by hypercall in
* the common case.
*/
uint64_t ctl;
/*
* Updated by hardware in non-root mode. Synchronised here on vcpu
* context switch.
*/
uint64_t status;
union {
uint64_t output_mask;
struct {
uint32_t output_limit;
uint32_t output_offset;
};
};
} rtit;
/* 0x00000da0 - MSR_IA32_XSS */
struct {
uint64_t raw;
} xss;
/*
* 0xc0000103 - MSR_TSC_AUX
*
* Value is guest chosen, and always loaded in vcpu context. Guests have
* no direct MSR access, and the value is accessible to userspace with the
* RDTSCP and RDPID instructions.
*/
uint32_t tsc_aux;
/*
* 0xc00110{27,19-1b} MSR_AMD64_DR{0-3}_ADDRESS_MASK
*
* Loaded into hardware for guests which have active %dr7 settings.
* Furthermore, HVM guests are offered direct access, meaning that the
* values here may be stale in current context.
*/
uint32_t dr_mask[4];
};
void init_guest_msr_policy(void);
int init_domain_msr_policy(struct domain *d);
int init_vcpu_msr_policy(struct vcpu *v);
/*
* Below functions can return X86EMUL_UNHANDLEABLE which means that MSR is
* not (yet) handled by it and must be processed by legacy handlers. Such
* behaviour is needed for transition period until all rd/wrmsr are handled
* by the new MSR infrastructure.
*
* These functions are also used by the migration logic, so need to cope with
* being used outside of v's context.
*/
int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val);
int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val);
#endif /* __ASM_MSR_H */
|
