GitHub/LineageOS/android_kernel_motorola_exynos9610.git
11 years agox86, apicv: add virtual interrupt delivery support
Yang Zhang [Fri, 25 Jan 2013 02:18:51 +0000 (10:18 +0800)]
x86, apicv: add virtual interrupt delivery support

Virtual interrupt delivery avoids KVM to inject vAPIC interrupts
manually, which is fully taken care of by the hardware. This needs
some special awareness into existing interrupr injection path:

- for pending interrupt, instead of direct injection, we may need
  update architecture specific indicators before resuming to guest.

- A pending interrupt, which is masked by ISR, should be also
  considered in above update action, since hardware will decide
  when to inject it at right time. Current has_interrupt and
  get_interrupt only returns a valid vector from injection p.o.v.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agox86, apicv: add virtual x2apic support
Yang Zhang [Fri, 25 Jan 2013 02:18:50 +0000 (10:18 +0800)]
x86, apicv: add virtual x2apic support

basically to benefit from apicv, we need to enable virtualized x2apic mode.
Currently, we only enable it when guest is really using x2apic.

Also, clear MSR bitmap for corresponding x2apic MSRs when guest enabled x2apic:
0x800 - 0x8ff: no read intercept for apicv register virtualization,
               except APIC ID and TMCCT which need software's assistance to
               get right value.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agox86, apicv: add APICv register virtualization support
Yang Zhang [Fri, 25 Jan 2013 02:18:49 +0000 (10:18 +0800)]
x86, apicv: add APICv register virtualization support

- APIC read doesn't cause VM-Exit
- APIC write becomes trap-like

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agokvm: Obey read-only mappings in iommu
Alex Williamson [Thu, 24 Jan 2013 22:04:09 +0000 (15:04 -0700)]
kvm: Obey read-only mappings in iommu

We've been ignoring read-only mappings and programming everything
into the iommu as read-write.  Fix this to only include the write
access flag when read-only is not set.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agokvm: Force IOMMU remapping on memory slot read-only flag changes
Alex Williamson [Thu, 24 Jan 2013 22:04:03 +0000 (15:04 -0700)]
kvm: Force IOMMU remapping on memory slot read-only flag changes

Memory slot flags can be altered without changing other parameters of
the slot.  The read-only attribute is the only one the IOMMU cares
about, so generate an un-map, re-map when this occurs.  This also
avoid unnecessarily re-mapping the slot when no IOMMU visible changes
are made.

Reviewed-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agoKVM: x86 emulator: fix test_cc() build failure on i386
Avi Kivity [Sat, 26 Jan 2013 21:56:04 +0000 (23:56 +0200)]
KVM: x86 emulator: fix test_cc() build failure on i386

'pushq' doesn't exist on i386.  Replace with 'push', which should work
since the operand is a register.

Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agoKVM: VMX: set vmx->emulation_required only when needed.
Gleb Natapov [Mon, 21 Jan 2013 13:36:49 +0000 (15:36 +0200)]
KVM: VMX: set vmx->emulation_required only when needed.

If emulate_invalid_guest_state=false vmx->emulation_required is never
actually used, but it ends up to be always set to true since
handle_invalid_guest_state(), the only place it is reset back to
false, is never called. This, besides been not very clean, makes vmexit
and vmentry path to check emulate_invalid_guest_state needlessly.

The patch fixes that by keeping emulation_required coherent with
emulate_invalid_guest_state setting.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86: fix use of uninitialized memory as segment descriptor in emulator.
Gleb Natapov [Mon, 21 Jan 2013 13:36:48 +0000 (15:36 +0200)]
KVM: x86: fix use of uninitialized memory as segment descriptor in emulator.

If VMX reports segment as unusable, zero descriptor passed by the emulator
before returning. Such descriptor will be considered not present by the
emulator.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: rename fix_pmode_dataseg to fix_pmode_seg.
Gleb Natapov [Mon, 21 Jan 2013 13:36:47 +0000 (15:36 +0200)]
KVM: VMX: rename fix_pmode_dataseg to fix_pmode_seg.

The function deals with code segment too.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: don't clobber segment AR of unusable segments.
Gleb Natapov [Mon, 21 Jan 2013 13:36:46 +0000 (15:36 +0200)]
KVM: VMX: don't clobber segment AR of unusable segments.

Usability is returned in unusable field, so not need to clobber entire
AR. Callers have to know how to deal with unusable segments already
since if emulate_invalid_guest_state=true AR is not zeroed.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: skip vmx->rmode.vm86_active check on cr0 write if unrestricted guest is...
Gleb Natapov [Mon, 21 Jan 2013 13:36:45 +0000 (15:36 +0200)]
KVM: VMX: skip vmx->rmode.vm86_active check on cr0 write if unrestricted guest is enabled

vmx->rmode.vm86_active is never true is unrestricted guest is enabled.
Make it more explicit that neither enter_pmode() nor enter_rmode() is
called in this case.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: remove hack that disables emulation on vcpu reset/init
Gleb Natapov [Mon, 21 Jan 2013 13:36:44 +0000 (15:36 +0200)]
KVM: VMX: remove hack that disables emulation on vcpu reset/init

There is no reason for it. If state is suitable for vmentry it
will be detected during guest entry and no emulation will happen.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: if unrestricted guest is enabled vcpu state is always valid.
Gleb Natapov [Mon, 21 Jan 2013 13:36:43 +0000 (15:36 +0200)]
KVM: VMX: if unrestricted guest is enabled vcpu state is always valid.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: reset CPL only on CS register write.
Gleb Natapov [Mon, 21 Jan 2013 13:36:42 +0000 (15:36 +0200)]
KVM: VMX: reset CPL only on CS register write.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: VMX: remove special CPL cache access during transition to real mode.
Gleb Natapov [Mon, 21 Jan 2013 13:36:41 +0000 (15:36 +0200)]
KVM: VMX: remove special CPL cache access during transition to real mode.

Since vmx_get_cpl() always returns 0 when VCPU is in real mode it is no
longer needed. Also reset CPL cache to zero during transaction to
protected mode since transaction may happen while CS.selectors & 3 != 0,
but in reality CPL is 0.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: convert a few freestanding emulations to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:57 +0000 (19:51 +0200)]
KVM: x86 emulator: convert a few freestanding emulations to fastop

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: rearrange fastop definitions
Avi Kivity [Sat, 19 Jan 2013 17:51:56 +0000 (19:51 +0200)]
KVM: x86 emulator: rearrange fastop definitions

Make fastop opcodes usable in other emulations.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: convert 2-operand IMUL to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:55 +0000 (19:51 +0200)]
KVM: x86 emulator: convert 2-operand IMUL to fastop

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: convert BT/BTS/BTR/BTC/BSF/BSR to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:54 +0000 (19:51 +0200)]
KVM: x86 emulator: convert BT/BTS/BTR/BTC/BSF/BSR to fastop

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: convert INC/DEC to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:53 +0000 (19:51 +0200)]
KVM: x86 emulator: convert INC/DEC to fastop

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: covert SETCC to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:52 +0000 (19:51 +0200)]
KVM: x86 emulator: covert SETCC to fastop

This is a bit of a special case since we don't have the usual
byte/word/long/quad switch; instead we switch on the condition code embedded
in the instruction.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: convert shift/rotate instructions to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:51 +0000 (19:51 +0200)]
KVM: x86 emulator: convert shift/rotate instructions to fastop

SHL, SHR, ROL, ROR, RCL, RCR, SAR, SAL

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86 emulator: Convert SHLD, SHRD to fastop
Avi Kivity [Sat, 19 Jan 2013 17:51:50 +0000 (19:51 +0200)]
KVM: x86 emulator: Convert SHLD, SHRD to fastop

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86: improve reexecute_instruction
Xiao Guangrong [Sun, 13 Jan 2013 15:49:07 +0000 (23:49 +0800)]
KVM: x86: improve reexecute_instruction

The current reexecute_instruction can not well detect the failed instruction
emulation. It allows guest to retry all the instructions except it accesses
on error pfn

For example, some cases are nested-write-protect - if the page we want to
write is used as PDE but it chains to itself. Under this case, we should
stop the emulation and report the case to userspace

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86: let reexecute_instruction work for tdp
Xiao Guangrong [Sun, 13 Jan 2013 15:46:52 +0000 (23:46 +0800)]
KVM: x86: let reexecute_instruction work for tdp

Currently, reexecute_instruction refused to retry all instructions if
tdp is enabled. If nested npt is used, the emulation may be caused by
shadow page, it can be fixed by dropping the shadow page. And the only
condition that tdp can not retry the instruction is the access fault
on error pfn

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: x86: clean up reexecute_instruction
Xiao Guangrong [Sun, 13 Jan 2013 15:44:12 +0000 (23:44 +0800)]
KVM: x86: clean up reexecute_instruction

Little cleanup for reexecute_instruction, also use gpa_to_gfn in
retry_instruction

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
11 years agoKVM: set_memory_region: Remove unnecessary variable memslot
Takuya Yoshikawa [Fri, 11 Jan 2013 09:27:43 +0000 (18:27 +0900)]
KVM: set_memory_region: Remove unnecessary variable memslot

One such variable, slot, is enough for holding a pointer temporarily.
We also remove another local variable named slot, which is limited in
a block, since it is confusing to have the same name in this function.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agoKVM: set_memory_region: Don't check for overlaps unless we create or move a slot
Takuya Yoshikawa [Fri, 11 Jan 2013 09:26:55 +0000 (18:26 +0900)]
KVM: set_memory_region: Don't check for overlaps unless we create or move a slot

Don't need the check for deleting an existing slot or just modifiying
the flags.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agoKVM: set_memory_region: Don't jump to out_free unnecessarily
Takuya Yoshikawa [Fri, 11 Jan 2013 09:26:10 +0000 (18:26 +0900)]
KVM: set_memory_region: Don't jump to out_free unnecessarily

This makes the separation between the sanity checks and the rest of the
code a bit clearer.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agoKVM: s390: kvm/sigp.c: fix memory leakage
Cong Ding [Tue, 15 Jan 2013 10:17:29 +0000 (11:17 +0100)]
KVM: s390: kvm/sigp.c: fix memory leakage

the variable inti should be freed in the branch CPUSTAT_STOPPED.

Signed-off-by: Cong Ding <dinggnu@gmail.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: MMU: Conditionally reschedule when kvm_mmu_slot_remove_write_access() takes...
Takuya Yoshikawa [Tue, 8 Jan 2013 10:47:33 +0000 (19:47 +0900)]
KVM: MMU: Conditionally reschedule when kvm_mmu_slot_remove_write_access() takes a long time

If the userspace starts dirty logging for a large slot, say 64GB of
memory, kvm_mmu_slot_remove_write_access() needs to hold mmu_lock for
a long time such as tens of milliseconds.  This patch controls the lock
hold time by asking the scheduler if we need to reschedule for others.

One penalty for this is that we need to flush TLBs before releasing
mmu_lock.  But since holding mmu_lock for a long time does affect not
only the guest, vCPU threads in other words, but also the host as a
whole, we should pay for that.

In practice, the cost will not be so high because we can protect a fair
amount of memory before being rescheduled: on my test environment,
cond_resched_lock() was called only once for protecting 12GB of memory
even without THP.  We can also revisit Avi's "unlocked TLB flush" work
later for completely suppressing extra TLB flushes if needed.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: Make kvm_mmu_slot_remove_write_access() take mmu_lock by itself
Takuya Yoshikawa [Tue, 8 Jan 2013 10:46:48 +0000 (19:46 +0900)]
KVM: Make kvm_mmu_slot_remove_write_access() take mmu_lock by itself

Better to place mmu_lock handling and TLB flushing code together since
this is a self-contained function.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: Make kvm_mmu_change_mmu_pages() take mmu_lock by itself
Takuya Yoshikawa [Tue, 8 Jan 2013 10:46:07 +0000 (19:46 +0900)]
KVM: Make kvm_mmu_change_mmu_pages() take mmu_lock by itself

No reason to make callers take mmu_lock since we do not need to protect
kvm_mmu_change_mmu_pages() and kvm_mmu_slot_remove_write_access()
together by mmu_lock in kvm_arch_commit_memory_region(): the former
calls kvm_mmu_commit_zap_page() and flushes TLBs by itself.

Note: we do not need to protect kvm->arch.n_requested_mmu_pages by
mmu_lock as can be seen from the fact that it is read locklessly.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: Remove unused slot_bitmap from kvm_mmu_page
Takuya Yoshikawa [Tue, 8 Jan 2013 10:45:28 +0000 (19:45 +0900)]
KVM: Remove unused slot_bitmap from kvm_mmu_page

Not needed any more.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: MMU: Make kvm_mmu_slot_remove_write_access() rmap based
Takuya Yoshikawa [Tue, 8 Jan 2013 10:44:48 +0000 (19:44 +0900)]
KVM: MMU: Make kvm_mmu_slot_remove_write_access() rmap based

This makes it possible to release mmu_lock and reschedule conditionally
in a later patch.  Although this may increase the time needed to protect
the whole slot when we start dirty logging, the kernel should not allow
the userspace to trigger something that will hold a spinlock for such a
long time as tens of milliseconds: actually there is no limit since it
is roughly proportional to the number of guest pages.

Another point to note is that this patch removes the only user of
slot_bitmap which will cause some problems when we increase the number
of slots further.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: MMU: Remove unused parameter level from __rmap_write_protect()
Takuya Yoshikawa [Tue, 8 Jan 2013 10:44:09 +0000 (19:44 +0900)]
KVM: MMU: Remove unused parameter level from __rmap_write_protect()

No longer need to care about the mapping level in this function.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: Write protect the updated slot only when dirty logging is enabled
Takuya Yoshikawa [Tue, 8 Jan 2013 10:43:28 +0000 (19:43 +0900)]
KVM: Write protect the updated slot only when dirty logging is enabled

Calling kvm_mmu_slot_remove_write_access() for a deleted slot does
nothing but search for non-existent mmu pages which have mappings to
that deleted memory; this is safe but a waste of time.

Since we want to make the function rmap based in a later patch, in a
manner which makes it unsafe to be called for a deleted slot, we makes
the caller see if the slot is non-zero and being dirty logged.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoMerge branch 'kvm-ppc-next' of https://github.com/agraf/linux-2.6 into queue
Gleb Natapov [Mon, 14 Jan 2013 09:01:26 +0000 (11:01 +0200)]
Merge branch 'kvm-ppc-next' of https://github.com/agraf/linux-2.6 into queue

12 years agoKVM: trace: Fix exit decoding.
Cornelia Huck [Tue, 8 Jan 2013 12:00:01 +0000 (13:00 +0100)]
KVM: trace: Fix exit decoding.

trace_kvm_userspace_exit has been missing the KVM_EXIT_WATCHDOG exit.

CC: Bharat Bhushan <r65777@freescale.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: MMU: fix infinite fault access retry
Xiao Guangrong [Tue, 8 Jan 2013 06:36:51 +0000 (14:36 +0800)]
KVM: MMU: fix infinite fault access retry

We have two issues in current code:
- if target gfn is used as its page table, guest will refault then kvm will use
  small page size to map it. We need two #PF to fix its shadow page table

- sometimes, say a exception is triggered during vm-exit caused by #PF
  (see handle_exception() in vmx.c), we remove all the shadow pages shadowed
  by the target gfn before go into page fault path, it will cause infinite
  loop:
  delete shadow pages shadowed by the gfn -> try to use large page size to map
  the gfn -> retry the access ->...

To fix these, we can adjust page size early if the target gfn is used as page
table

Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: MMU: fix Dirty bit missed if CR0.WP = 0
Xiao Guangrong [Tue, 8 Jan 2013 06:36:04 +0000 (14:36 +0800)]
KVM: MMU: fix Dirty bit missed if CR0.WP = 0

If the write-fault access is from supervisor and CR0.WP is not set on the
vcpu, kvm will fix it by adjusting pte access - it sets the W bit on pte
and clears U bit. This is the chance that kvm can change pte access from
readonly to writable

Unfortunately, the pte access is the access of 'direct' shadow page table,
means direct sp.role.access = pte_access, then we will create a writable
spte entry on the readonly shadow page table. It will cause Dirty bit is
not tracked when two guest ptes point to the same large page. Note, it
does not have other impact except Dirty bit since cr0.wp is encoded into
sp.role

It can be fixed by adjusting pte access before establishing shadow page
table. Also, after that, no mmu specified code exists in the common function
and drop two parameters in set_spte

Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: PPC: BookE: Add EPR ONE_REG sync
Alexander Graf [Fri, 4 Jan 2013 17:28:51 +0000 (18:28 +0100)]
KVM: PPC: BookE: Add EPR ONE_REG sync

We need to be able to read and write the contents of the EPR register
from user space.

This patch implements that logic through the ONE_REG API and declares
its (never implemented) SREGS counterpart as deprecated.

Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: BookE: Implement EPR exit
Alexander Graf [Fri, 4 Jan 2013 17:12:48 +0000 (18:12 +0100)]
KVM: PPC: BookE: Implement EPR exit

The External Proxy Facility in FSL BookE chips allows the interrupt
controller to automatically acknowledge an interrupt as soon as a
core gets its pending external interrupt delivered.

Today, user space implements the interrupt controller, so we need to
check on it during such a cycle.

This patch implements logic for user space to enable EPR exiting,
disable EPR exiting and EPR exiting itself, so that user space can
acknowledge an interrupt when an external interrupt has successfully
been delivered into the guest vcpu.

Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: BookE: Emulate mfspr on EPR
Alexander Graf [Fri, 4 Jan 2013 17:02:14 +0000 (18:02 +0100)]
KVM: PPC: BookE: Emulate mfspr on EPR

The EPR register is potentially valid for PR KVM as well, so we need
to emulate accesses to it. It's only defined for reading, so only
handle the mfspr case.

Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: BookE: Allow irq deliveries to inject requests
Alexander Graf [Thu, 20 Dec 2012 04:52:39 +0000 (04:52 +0000)]
KVM: PPC: BookE: Allow irq deliveries to inject requests

When injecting an interrupt into guest context, we usually don't need
to check for requests anymore. At least not until today.

With the introduction of EPR, we will have to create a request when the
guest has successfully accepted an external interrupt though.

So we need to prepare the interrupt delivery to abort guest entry
gracefully. Otherwise we'd delay the EPR request.

Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: Fix mfspr/mtspr MMUCFG emulation
Mihai Caraman [Thu, 20 Dec 2012 04:52:39 +0000 (04:52 +0000)]
KVM: PPC: Fix mfspr/mtspr MMUCFG emulation

On mfspr/mtspr emulation path Book3E's MMUCFG SPR with value 1015 clashes
with G4's MSSSR0 SPR. Move MSSSR0 emulation from generic part to Books3S.
MSSSR0 also clashes with Book3S's DABRX SPR. DABRX was not explicitly
handled so Book3S execution flow will behave as before.

Signed-off-by: Mihai Caraman <mihai.caraman@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: Book3S: PR: Enable alternative instruction for SC 1
Alexander Graf [Fri, 14 Dec 2012 22:42:05 +0000 (23:42 +0100)]
KVM: PPC: Book3S: PR: Enable alternative instruction for SC 1

When running on top of pHyp, the hypercall instruction "sc 1" goes
straight into pHyp without trapping in supervisor mode.

So if we want to support PAPR guest in this configuration we need to
add a second way of accessing PAPR hypercalls, preferably with the
exact same semantics except for the instruction.

So let's overlay an officially reserved instruction and emulate PAPR
hypercalls whenever we hit that one.

Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: Only WARN on invalid emulation
Alexander Graf [Fri, 14 Dec 2012 22:46:03 +0000 (23:46 +0100)]
KVM: PPC: Only WARN on invalid emulation

When we hit an emulation result that we didn't expect, that is an error,
but it's nothing that warrants a BUG(), because it can be guest triggered.

So instead, let's only WARN() the user that this happened.

Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: PPC: Fix SREGS documentation reference
Mihai Caraman [Tue, 11 Dec 2012 03:38:23 +0000 (03:38 +0000)]
KVM: PPC: Fix SREGS documentation reference

Reflect the uapi folder change in SREGS API documentation.

Signed-off-by: Mihai Caraman <mihai.caraman@freescale.com>
Reviewed-by: Amos Kong <kongjianjun@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
12 years agoKVM: s390: Gracefully handle busy conditions on ccw_device_start
Christian Borntraeger [Mon, 7 Jan 2013 14:51:52 +0000 (15:51 +0100)]
KVM: s390: Gracefully handle busy conditions on ccw_device_start

In rare cases a virtio command might try to issue a ccw before a former
ccw was answered with a tsch. This will cause CC=2 (busy). Lets just
retry in that case.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Dynamic allocation of virtio-ccw I/O data.
Cornelia Huck [Mon, 7 Jan 2013 14:51:51 +0000 (15:51 +0100)]
KVM: s390: Dynamic allocation of virtio-ccw I/O data.

Dynamically allocate any data structures like ccw used when
doing channel I/O. Otherwise, we'd need to add extra serialization
for the different callbacks using the same data structures.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: convert basic ALU ops to fastop
Avi Kivity [Fri, 4 Jan 2013 14:18:54 +0000 (16:18 +0200)]
KVM: x86 emulator: convert basic ALU ops to fastop

Opcodes:
TEST
CMP
ADD
ADC
SUB
SBB
XOR
OR
AND

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: add macros for defining 2-operand fastop emulation
Avi Kivity [Fri, 4 Jan 2013 14:18:53 +0000 (16:18 +0200)]
KVM: x86 emulator: add macros for defining 2-operand fastop emulation

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: convert NOT, NEG to fastop
Avi Kivity [Fri, 4 Jan 2013 14:18:52 +0000 (16:18 +0200)]
KVM: x86 emulator: convert NOT, NEG to fastop

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: mark CMP, CMPS, SCAS, TEST as NoWrite
Avi Kivity [Fri, 4 Jan 2013 14:18:51 +0000 (16:18 +0200)]
KVM: x86 emulator: mark CMP, CMPS, SCAS, TEST as NoWrite

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: introduce NoWrite flag
Avi Kivity [Fri, 4 Jan 2013 14:18:50 +0000 (16:18 +0200)]
KVM: x86 emulator: introduce NoWrite flag

Instead of disabling writeback via OP_NONE, just specify NoWrite.

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: Support for declaring single operand fastops
Avi Kivity [Fri, 4 Jan 2013 14:18:49 +0000 (16:18 +0200)]
KVM: x86 emulator: Support for declaring single operand fastops

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86 emulator: framework for streamlining arithmetic opcodes
Avi Kivity [Fri, 4 Jan 2013 14:18:48 +0000 (16:18 +0200)]
KVM: x86 emulator: framework for streamlining arithmetic opcodes

We emulate arithmetic opcodes by executing a "similar" (same operation,
different operands) on the cpu.  This ensures accurate emulation, esp. wrt.
eflags.  However, the prologue and epilogue around the opcode is fairly long,
consisting of a switch (for the operand size) and code to load and save the
operands.  This is repeated for every opcode.

This patch introduces an alternative way to emulate arithmetic opcodes.
Instead of the above, we have four (three on i386) functions consisting
of just the opcode and a ret; one for each operand size.  For example:

   .align 8
   em_notb:
not %al
ret

   .align 8
   em_notw:
not %ax
ret

   .align 8
   em_notl:
not %eax
ret

   .align 8
   em_notq:
not %rax
ret

The prologue and epilogue are shared across all opcodes.  Note the functions
use a special calling convention; notably eflags is an input/output parameter
and is not clobbered.  Rather than dispatching the four functions through a
jump table, the functions are declared as a constant size (8) so their address
can be calculated.

Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: VMX: fix incorrect cached cpl value with real/v8086 modes
Marcelo Tosatti [Mon, 7 Jan 2013 21:27:06 +0000 (19:27 -0200)]
KVM: VMX: fix incorrect cached cpl value with real/v8086 modes

CPL is always 0 when in real mode, and always 3 when virtual 8086 mode.

Using values other than those can cause failures on operations that
check CPL.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: x86: remove unused variable from walk_addr_generic()
Gleb Natapov [Tue, 8 Jan 2013 08:49:00 +0000 (10:49 +0200)]
KVM: x86: remove unused variable from walk_addr_generic()

Fix compilation warning.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: MMU: simplify folding of dirty bit into accessed_dirty
Gleb Natapov [Thu, 27 Dec 2012 12:44:58 +0000 (14:44 +0200)]
KVM: MMU: simplify folding of dirty bit into accessed_dirty

MMU code tries to avoid if()s HW is not able to predict reliably by using
bitwise operation to streamline code execution, but in case of a dirty bit
folding this gives us nothing since write_fault is checked right before
the folding code. Lets just piggyback onto the if() to make code more clear.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: mmu: remove unused trace event
Gleb Natapov [Tue, 25 Dec 2012 12:34:06 +0000 (14:34 +0200)]
KVM: mmu: remove unused trace event

trace_kvm_mmu_delay_free_pages() is no longer used.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Add support for channel I/O instructions.
Cornelia Huck [Thu, 20 Dec 2012 14:32:12 +0000 (15:32 +0100)]
KVM: s390: Add support for channel I/O instructions.

Add a new capability, KVM_CAP_S390_CSS_SUPPORT, which will pass
intercepts for channel I/O instructions to userspace. Only I/O
instructions interacting with I/O interrupts need to be handled
in-kernel:

- TEST PENDING INTERRUPTION (tpi) dequeues and stores pending
  interrupts entirely in-kernel.
- TEST SUBCHANNEL (tsch) dequeues pending interrupts in-kernel
  and exits via KVM_EXIT_S390_TSCH to userspace for subchannel-
  related processing.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Base infrastructure for enabling capabilities.
Cornelia Huck [Thu, 20 Dec 2012 14:32:11 +0000 (15:32 +0100)]
KVM: s390: Base infrastructure for enabling capabilities.

Make s390 support KVM_ENABLE_CAP.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: In-kernel handling of I/O instructions.
Cornelia Huck [Thu, 20 Dec 2012 14:32:10 +0000 (15:32 +0100)]
KVM: s390: In-kernel handling of I/O instructions.

Explicitely catch all channel I/O related instructions intercepts
in the kernel and set condition code 3 for them.

This paves the way for properly handling these instructions later
on.

Note: This is not architecture compliant (the previous code wasn't
either) since setting cc 3 is not the correct thing to do for some
of these instructions. For Linux guests, however, it still has the
intended effect of stopping css probing.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Add support for machine checks.
Cornelia Huck [Thu, 20 Dec 2012 14:32:09 +0000 (15:32 +0100)]
KVM: s390: Add support for machine checks.

Add support for injecting machine checks (only repressible
conditions for now).

This is a bit more involved than I/O interrupts, for these reasons:

- Machine checks come in both floating and cpu varieties.
- We don't have a bit for machine checks enabling, but have to use
  a roundabout approach with trapping PSW changing instructions and
  watching for opened machine checks.

Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Support for I/O interrupts.
Cornelia Huck [Thu, 20 Dec 2012 14:32:08 +0000 (15:32 +0100)]
KVM: s390: Support for I/O interrupts.

Add support for handling I/O interrupts (standard, subchannel-related
ones and rudimentary adapter interrupts).

The subchannel-identifying parameters are encoded into the interrupt
type.

I/O interrupts are floating, so they can't be injected on a specific
vcpu.

Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Decoding helper functions.
Cornelia Huck [Thu, 20 Dec 2012 14:32:07 +0000 (15:32 +0100)]
KVM: s390: Decoding helper functions.

Introduce helper functions for decoding the various base/displacement
instruction formats.

Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: s390: Constify intercept handler tables.
Cornelia Huck [Thu, 20 Dec 2012 14:32:06 +0000 (15:32 +0100)]
KVM: s390: Constify intercept handler tables.

These tables are never modified.

Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: VMX: handle IO when emulation is due to #GP in real mode.
Gleb Natapov [Thu, 20 Dec 2012 14:57:47 +0000 (16:57 +0200)]
KVM: VMX: handle IO when emulation is due to #GP in real mode.

With emulate_invalid_guest_state=0 if a vcpu is in real mode VMX can
enter the vcpu with smaller segment limit than guest configured.  If the
guest tries to access pass this limit it will get #GP at which point
instruction will be emulated with correct segment limit applied. If
during the emulation IO is detected it is not handled correctly. Vcpu
thread should exit to userspace to serve the IO, but it returns to the
guest instead.  Since emulation is not completed till userspace completes
the IO the faulty instruction is re-executed ad infinitum.

The patch fixes that by exiting to userspace if IO happens during
instruction emulation.

Reported-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: VMX: Do not fix segment register during vcpu initialization.
Gleb Natapov [Thu, 20 Dec 2012 14:57:46 +0000 (16:57 +0200)]
KVM: VMX: Do not fix segment register during vcpu initialization.

Segment registers will be fixed according to current emulation policy
during switching to real mode for the first time.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: VMX: fix emulation of invalid guest state.
Gleb Natapov [Thu, 20 Dec 2012 14:57:45 +0000 (16:57 +0200)]
KVM: VMX: fix emulation of invalid guest state.

Currently when emulation of invalid guest state is enable
(emulate_invalid_guest_state=1) segment registers are still fixed for
entry to vm86 mode some times. Segment register fixing is avoided in
enter_rmode(), but vmx_set_segment() still does it unconditionally.
The patch fixes it.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: VMX: make rmode_segment_valid() more strict.
Gleb Natapov [Thu, 20 Dec 2012 14:57:44 +0000 (16:57 +0200)]
KVM: VMX: make rmode_segment_valid() more strict.

Currently it allows entering vm86 mode if segment limit is greater than
0xffff and db bit is set. Both of those can cause incorrect execution of
instruction by cpu since in vm86 mode limit will be set to 0xffff and db
will be forced to 0.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: emulator: implement fninit, fnstsw, fnstcw
Gleb Natapov [Thu, 20 Dec 2012 14:57:43 +0000 (16:57 +0200)]
KVM: emulator: implement fninit, fnstsw, fnstcw

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: emulator: drop RPL check from linearize() function
Gleb Natapov [Thu, 20 Dec 2012 14:57:42 +0000 (16:57 +0200)]
KVM: emulator: drop RPL check from linearize() function

According to Intel SDM Vol3 Section 5.5 "Privilege Levels" and 5.6
"Privilege Level Checking When Accessing Data Segments" RPL checking is
done during loading of a segment selector, not during data access. We
already do checking during segment selector loading, so drop the check
during data access. Checking RPL during data access triggers #GP if
after transition from real mode to protected mode RPL bits in a segment
selector are set.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agox86: kvm_para: fix typo in hypercall comments
Jesse Larrew [Mon, 10 Dec 2012 21:31:51 +0000 (15:31 -0600)]
x86: kvm_para: fix typo in hypercall comments

Correct a typo in the comment explaining hypercalls.

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: move the code that installs new slots array to a separate function.
Gleb Natapov [Mon, 24 Dec 2012 15:49:30 +0000 (17:49 +0200)]
KVM: move the code that installs new slots array to a separate function.

Move repetitive code sequence to a separate function.

Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: remove unneeded temporary variable from vmx_set_segment()
Gleb Natapov [Wed, 12 Dec 2012 17:10:55 +0000 (19:10 +0200)]
KVM: VMX: remove unneeded temporary variable from vmx_set_segment()

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: clean-up vmx_set_segment()
Gleb Natapov [Wed, 12 Dec 2012 17:10:54 +0000 (19:10 +0200)]
KVM: VMX: clean-up vmx_set_segment()

Move all vm86_active logic into one place.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: remove redundant code from vmx_set_segment()
Gleb Natapov [Wed, 12 Dec 2012 17:10:53 +0000 (19:10 +0200)]
KVM: VMX: remove redundant code from vmx_set_segment()

Segment descriptor's base is fixed by call to fix_rmode_seg(). Not need
to do it twice.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: use fix_rmode_seg() to fix all code/data segments
Gleb Natapov [Wed, 12 Dec 2012 17:10:52 +0000 (19:10 +0200)]
KVM: VMX: use fix_rmode_seg() to fix all code/data segments

The code for SS and CS does the same thing fix_rmode_seg() is doing.
Use it instead of hand crafted code.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: return correct segment limit and flags for CS/SS registers in real mode
Gleb Natapov [Wed, 12 Dec 2012 17:10:51 +0000 (19:10 +0200)]
KVM: VMX: return correct segment limit and flags for CS/SS registers in real mode

VMX without unrestricted mode cannot virtualize real mode, so if
emulate_invalid_guest_state=0 kvm uses vm86 mode to approximate
it. Sometimes, when guest moves from protected mode to real mode, it
leaves segment descriptors in a state not suitable for use by vm86 mode
virtualization, so we keep shadow copy of segment descriptors for internal
use and load fake register to VMCS for guest entry to succeed. Till
now we kept shadow for all segments except SS and CS (for SS and CS we
returned parameters directly from VMCS), but since commit a5625189f6810
emulator enforces segment limits in real mode. This causes #GP during move
from protected mode to real mode when emulator fetches first instruction
after moving to real mode since it uses incorrect CS base and limit to
linearize the %rip. Fix by keeping shadow for SS and CS too.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: relax check for CS register in rmode_segment_valid()
Gleb Natapov [Wed, 12 Dec 2012 17:10:50 +0000 (19:10 +0200)]
KVM: VMX: relax check for CS register in rmode_segment_valid()

rmode_segment_valid() checks if segment descriptor can be used to enter
vm86 mode. VMX spec mandates that in vm86 mode CS register will be of
type data, not code. Lets allow guest entry with vm86 mode if the only
problem with CS register is incorrect type. Otherwise entire real mode
will be emulated.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: VMX: cleanup rmode_segment_valid()
Gleb Natapov [Wed, 12 Dec 2012 17:10:49 +0000 (19:10 +0200)]
KVM: VMX: cleanup rmode_segment_valid()

Set segment fields explicitly instead of using  binary operations.

No behaviour changes.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agokvm: Fix memory slot generation updates
Alex Williamson [Fri, 21 Dec 2012 15:20:16 +0000 (08:20 -0700)]
kvm: Fix memory slot generation updates

Previous patch "kvm: Minor memory slot optimization" (b7f69c555ca43)
overlooked the generation field of the memory slots.  Re-using the
original memory slots left us with with two slightly different memory
slots with the same generation.  To fix this, make update_memslots()
take a new parameter to specify the last generation.  This also makes
generation management more explicit to avoid such problems in the future.

Reported-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: remove a wrong hack of delivery PIT intr to vcpu0
Yang Zhang [Wed, 12 Dec 2012 05:05:12 +0000 (13:05 +0800)]
KVM: remove a wrong hack of delivery PIT intr to vcpu0

This hack is wrong. The pin number of PIT is connected to
2 not 0. This means this hack never takes effect. So it is ok
to remove it.

Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: s390: Add a channel I/O based virtio transport driver.
Cornelia Huck [Fri, 14 Dec 2012 16:02:18 +0000 (17:02 +0100)]
KVM: s390: Add a channel I/O based virtio transport driver.

Add a driver for kvm guests that matches virtual ccw devices provided
by the host as virtio bridge devices.

These virtio-ccw devices use a special set of channel commands in order
to perform virtio functions.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agos390/ccwdev: Include asm/schid.h.
Cornelia Huck [Fri, 14 Dec 2012 16:02:17 +0000 (17:02 +0100)]
s390/ccwdev: Include asm/schid.h.

Get the definition of struct subchannel_id.

Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: s390: Handle hosts not supporting s390-virtio.
Cornelia Huck [Fri, 14 Dec 2012 16:02:16 +0000 (17:02 +0100)]
KVM: s390: Handle hosts not supporting s390-virtio.

Running under a kvm host does not necessarily imply the presence of
a page mapped above the main memory with the virtio information;
however, the code includes a hard coded access to that page.

Instead, check for the presence of the page and exit gracefully
before we hit an addressing exception if it does not exist.

Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
cc: stable@vger.kernel.org
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agokvm: fix i8254 counter 0 wraparound
Nickolai Zeldovich [Sat, 15 Dec 2012 11:34:37 +0000 (06:34 -0500)]
kvm: fix i8254 counter 0 wraparound

The kvm i8254 emulation for counter 0 (but not for counters 1 and 2)
has at least two bugs in mode 0:

1. The OUT bit, computed by pit_get_out(), is never set high.

2. The counter value, computed by pit_get_count(), wraps back around to
   the initial counter value, rather than wrapping back to 0xFFFF
   (which is the behavior described in the comment in __kpit_elapsed,
   the behavior implemented by qemu, and the behavior observed on AMD
   hardware).

The bug stems from __kpit_elapsed computing the elapsed time mod the
initial counter value (stored as nanoseconds in ps->period).  This is both
unnecessary (none of the callers of kpit_elapsed expect the value to be
at most the initial counter value) and incorrect (it causes pit_get_count
to appear to wrap around to the initial counter value rather than 0xFFFF).
Removing this mod from __kpit_elapsed fixes both of the above bugs.

Signed-off-by: Nickolai Zeldovich <nickolai@csail.mit.edu>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
12 years agoKVM: remove unused variable.
Gleb Natapov [Fri, 14 Dec 2012 13:23:16 +0000 (15:23 +0200)]
KVM: remove unused variable.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: Increase user memory slots on x86 to 125
Alex Williamson [Mon, 10 Dec 2012 17:33:38 +0000 (10:33 -0700)]
KVM: Increase user memory slots on x86 to 125

With the 3 private slots, this gives us a nice round 128 slots total.
The primary motivation for this is to support more assigned devices.
Each assigned device can theoretically use up to 8 slots (6 MMIO BARs,
1 ROM BAR, 1 spare for a split MSI-X table mapping) though it's far
more typical for a device to use 3-4 slots.  If we assume a typical VM
uses a dozen slots for non-assigned devices purposes, we should always
be able to support 14 worst case assigned devices or 28 to 37 typical
devices.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: struct kvm_memory_slot.id -> short
Alex Williamson [Mon, 10 Dec 2012 17:33:32 +0000 (10:33 -0700)]
KVM: struct kvm_memory_slot.id -> short

We're currently offering a whopping 32 memory slots to user space, an
int is a bit excessive for storing this.  We would like to increase
our memslots, but SHRT_MAX should be more than enough.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: struct kvm_memory_slot.flags -> u32
Alex Williamson [Mon, 10 Dec 2012 17:33:26 +0000 (10:33 -0700)]
KVM: struct kvm_memory_slot.flags -> u32

struct kvm_userspace_memory_region.flags is a u32 with a comment that
bits 0 ~ 15 are visible to userspace and the other bits are reserved
for kvm internal use.  KVM_MEMSLOT_INVALID is the only internal use
flag and it has a comment that bits 16 ~ 31 are internally used and
the other bits are visible to userspace.

Therefore, let's define this as a u32 so we don't waste bytes on LP64
systems.  Move to the end of the struct for alignment.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: struct kvm_memory_slot.user_alloc -> bool
Alex Williamson [Mon, 10 Dec 2012 17:33:21 +0000 (10:33 -0700)]
KVM: struct kvm_memory_slot.user_alloc -> bool

There's no need for this to be an int, it holds a boolean.
Move to the end of the struct for alignment.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: Make KVM_PRIVATE_MEM_SLOTS optional
Alex Williamson [Mon, 10 Dec 2012 17:33:15 +0000 (10:33 -0700)]
KVM: Make KVM_PRIVATE_MEM_SLOTS optional

Seems like everyone copied x86 and defined 4 private memory slots
that never actually get used.  Even x86 only uses 3 of the 4.  These
aren't exposed so there's no need to add padding.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: Rename KVM_MEMORY_SLOTS -> KVM_USER_MEM_SLOTS
Alex Williamson [Mon, 10 Dec 2012 17:33:09 +0000 (10:33 -0700)]
KVM: Rename KVM_MEMORY_SLOTS -> KVM_USER_MEM_SLOTS

It's easy to confuse KVM_MEMORY_SLOTS and KVM_MEM_SLOTS_NUM.  One is
the user accessible slots and the other is user + private.  Make this
more obvious.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: Minor memory slot optimization
Alex Williamson [Mon, 10 Dec 2012 17:33:03 +0000 (10:33 -0700)]
KVM: Minor memory slot optimization

If a slot is removed or moved in the guest physical address space, we
first allocate and install a new slot array with the invalidated
entry.  The old array is then freed.  We then proceed to allocate yet
another slot array to install the permanent replacement.  Re-use the
original array when this occurs and avoid the extra kfree/kmalloc.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: Fix iommu map/unmap to handle memory slot moves
Alex Williamson [Mon, 10 Dec 2012 17:32:57 +0000 (10:32 -0700)]
KVM: Fix iommu map/unmap to handle memory slot moves

The iommu integration into memory slots expects memory slots to be
added or removed and doesn't handle the move case.  We can unmap
slots from the iommu after we mark them invalid and map them before
installing the final memslot array.  Also re-order the kmemdup vs
map so we don't leave iommu mappings if we get ENOMEM.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
12 years agoKVM: Check userspace_addr when modifying a memory slot
Alex Williamson [Mon, 10 Dec 2012 17:32:51 +0000 (10:32 -0700)]
KVM: Check userspace_addr when modifying a memory slot

The API documents that only flags and guest physical memory space can
be modified on an existing slot, but we don't enforce that the
userspace address cannot be modified.  Instead we just ignore it.
This means that a user may think they've successfully moved both the
guest and user addresses, when in fact only the guest address changed.
Check and error instead.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>