master
1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2#ifndef _ASM_X86_KVM_H
3#define _ASM_X86_KVM_H
4
5/*
6 * KVM x86 specific structures and definitions
7 *
8 */
9
10#include <linux/const.h>
11#include <linux/bits.h>
12#include <linux/types.h>
13#include <linux/ioctl.h>
14#include <linux/stddef.h>
15
16#define KVM_PIO_PAGE_OFFSET 1
17#define KVM_COALESCED_MMIO_PAGE_OFFSET 2
18#define KVM_DIRTY_LOG_PAGE_OFFSET 64
19
20#define DE_VECTOR 0
21#define DB_VECTOR 1
22#define BP_VECTOR 3
23#define OF_VECTOR 4
24#define BR_VECTOR 5
25#define UD_VECTOR 6
26#define NM_VECTOR 7
27#define DF_VECTOR 8
28#define TS_VECTOR 10
29#define NP_VECTOR 11
30#define SS_VECTOR 12
31#define GP_VECTOR 13
32#define PF_VECTOR 14
33#define MF_VECTOR 16
34#define AC_VECTOR 17
35#define MC_VECTOR 18
36#define XM_VECTOR 19
37#define VE_VECTOR 20
38
39/* Select x86 specific features in <linux/kvm.h> */
40#define __KVM_HAVE_PIT
41#define __KVM_HAVE_IOAPIC
42#define __KVM_HAVE_IRQ_LINE
43#define __KVM_HAVE_MSI
44#define __KVM_HAVE_USER_NMI
45#define __KVM_HAVE_MSIX
46#define __KVM_HAVE_MCE
47#define __KVM_HAVE_PIT_STATE2
48#define __KVM_HAVE_XEN_HVM
49#define __KVM_HAVE_VCPU_EVENTS
50#define __KVM_HAVE_DEBUGREGS
51#define __KVM_HAVE_XSAVE
52#define __KVM_HAVE_XCRS
53
54/* Architectural interrupt line count. */
55#define KVM_NR_INTERRUPTS 256
56
57/* for KVM_GET_IRQCHIP and KVM_SET_IRQCHIP */
58struct kvm_pic_state {
59 __u8 last_irr; /* edge detection */
60 __u8 irr; /* interrupt request register */
61 __u8 imr; /* interrupt mask register */
62 __u8 isr; /* interrupt service register */
63 __u8 priority_add; /* highest irq priority */
64 __u8 irq_base;
65 __u8 read_reg_select;
66 __u8 poll;
67 __u8 special_mask;
68 __u8 init_state;
69 __u8 auto_eoi;
70 __u8 rotate_on_auto_eoi;
71 __u8 special_fully_nested_mode;
72 __u8 init4; /* true if 4 byte init */
73 __u8 elcr; /* PIIX edge/trigger selection */
74 __u8 elcr_mask;
75};
76
77#define KVM_IOAPIC_NUM_PINS 24
78struct kvm_ioapic_state {
79 __u64 base_address;
80 __u32 ioregsel;
81 __u32 id;
82 __u32 irr;
83 __u32 pad;
84 union {
85 __u64 bits;
86 struct {
87 __u8 vector;
88 __u8 delivery_mode:3;
89 __u8 dest_mode:1;
90 __u8 delivery_status:1;
91 __u8 polarity:1;
92 __u8 remote_irr:1;
93 __u8 trig_mode:1;
94 __u8 mask:1;
95 __u8 reserve:7;
96 __u8 reserved[4];
97 __u8 dest_id;
98 } fields;
99 } redirtbl[KVM_IOAPIC_NUM_PINS];
100};
101
102#define KVM_IRQCHIP_PIC_MASTER 0
103#define KVM_IRQCHIP_PIC_SLAVE 1
104#define KVM_IRQCHIP_IOAPIC 2
105#define KVM_NR_IRQCHIPS 3
106
107#define KVM_RUN_X86_SMM (1 << 0)
108#define KVM_RUN_X86_BUS_LOCK (1 << 1)
109#define KVM_RUN_X86_GUEST_MODE (1 << 2)
110
111/* for KVM_GET_REGS and KVM_SET_REGS */
112struct kvm_regs {
113 /* out (KVM_GET_REGS) / in (KVM_SET_REGS) */
114 __u64 rax, rbx, rcx, rdx;
115 __u64 rsi, rdi, rsp, rbp;
116 __u64 r8, r9, r10, r11;
117 __u64 r12, r13, r14, r15;
118 __u64 rip, rflags;
119};
120
121/* for KVM_GET_LAPIC and KVM_SET_LAPIC */
122#define KVM_APIC_REG_SIZE 0x400
123struct kvm_lapic_state {
124 char regs[KVM_APIC_REG_SIZE];
125};
126
127struct kvm_segment {
128 __u64 base;
129 __u32 limit;
130 __u16 selector;
131 __u8 type;
132 __u8 present, dpl, db, s, l, g, avl;
133 __u8 unusable;
134 __u8 padding;
135};
136
137struct kvm_dtable {
138 __u64 base;
139 __u16 limit;
140 __u16 padding[3];
141};
142
143
144/* for KVM_GET_SREGS and KVM_SET_SREGS */
145struct kvm_sregs {
146 /* out (KVM_GET_SREGS) / in (KVM_SET_SREGS) */
147 struct kvm_segment cs, ds, es, fs, gs, ss;
148 struct kvm_segment tr, ldt;
149 struct kvm_dtable gdt, idt;
150 __u64 cr0, cr2, cr3, cr4, cr8;
151 __u64 efer;
152 __u64 apic_base;
153 __u64 interrupt_bitmap[(KVM_NR_INTERRUPTS + 63) / 64];
154};
155
156struct kvm_sregs2 {
157 /* out (KVM_GET_SREGS2) / in (KVM_SET_SREGS2) */
158 struct kvm_segment cs, ds, es, fs, gs, ss;
159 struct kvm_segment tr, ldt;
160 struct kvm_dtable gdt, idt;
161 __u64 cr0, cr2, cr3, cr4, cr8;
162 __u64 efer;
163 __u64 apic_base;
164 __u64 flags;
165 __u64 pdptrs[4];
166};
167#define KVM_SREGS2_FLAGS_PDPTRS_VALID 1
168
169/* for KVM_GET_FPU and KVM_SET_FPU */
170struct kvm_fpu {
171 __u8 fpr[8][16];
172 __u16 fcw;
173 __u16 fsw;
174 __u8 ftwx; /* in fxsave format */
175 __u8 pad1;
176 __u16 last_opcode;
177 __u64 last_ip;
178 __u64 last_dp;
179 __u8 xmm[16][16];
180 __u32 mxcsr;
181 __u32 pad2;
182};
183
184struct kvm_msr_entry {
185 __u32 index;
186 __u32 reserved;
187 __u64 data;
188};
189
190/* for KVM_GET_MSRS and KVM_SET_MSRS */
191struct kvm_msrs {
192 __u32 nmsrs; /* number of msrs in entries */
193 __u32 pad;
194
195 struct kvm_msr_entry entries[];
196};
197
198/* for KVM_GET_MSR_INDEX_LIST */
199struct kvm_msr_list {
200 __u32 nmsrs; /* number of msrs in entries */
201 __u32 indices[];
202};
203
204/* Maximum size of any access bitmap in bytes */
205#define KVM_MSR_FILTER_MAX_BITMAP_SIZE 0x600
206
207/* for KVM_X86_SET_MSR_FILTER */
208struct kvm_msr_filter_range {
209#define KVM_MSR_FILTER_READ (1 << 0)
210#define KVM_MSR_FILTER_WRITE (1 << 1)
211#define KVM_MSR_FILTER_RANGE_VALID_MASK (KVM_MSR_FILTER_READ | \
212 KVM_MSR_FILTER_WRITE)
213 __u32 flags;
214 __u32 nmsrs; /* number of msrs in bitmap */
215 __u32 base; /* MSR index the bitmap starts at */
216 __u8 *bitmap; /* a 1 bit allows the operations in flags, 0 denies */
217};
218
219#define KVM_MSR_FILTER_MAX_RANGES 16
220struct kvm_msr_filter {
221#define KVM_MSR_FILTER_DEFAULT_ALLOW (0 << 0)
222#define KVM_MSR_FILTER_DEFAULT_DENY (1 << 0)
223#define KVM_MSR_FILTER_VALID_MASK (KVM_MSR_FILTER_DEFAULT_DENY)
224 __u32 flags;
225 struct kvm_msr_filter_range ranges[KVM_MSR_FILTER_MAX_RANGES];
226};
227
228struct kvm_cpuid_entry {
229 __u32 function;
230 __u32 eax;
231 __u32 ebx;
232 __u32 ecx;
233 __u32 edx;
234 __u32 padding;
235};
236
237/* for KVM_SET_CPUID */
238struct kvm_cpuid {
239 __u32 nent;
240 __u32 padding;
241 struct kvm_cpuid_entry entries[];
242};
243
244struct kvm_cpuid_entry2 {
245 __u32 function;
246 __u32 index;
247 __u32 flags;
248 __u32 eax;
249 __u32 ebx;
250 __u32 ecx;
251 __u32 edx;
252 __u32 padding[3];
253};
254
255#define KVM_CPUID_FLAG_SIGNIFCANT_INDEX (1 << 0)
256#define KVM_CPUID_FLAG_STATEFUL_FUNC (1 << 1)
257#define KVM_CPUID_FLAG_STATE_READ_NEXT (1 << 2)
258
259/* for KVM_SET_CPUID2 */
260struct kvm_cpuid2 {
261 __u32 nent;
262 __u32 padding;
263 struct kvm_cpuid_entry2 entries[];
264};
265
266/* for KVM_GET_PIT and KVM_SET_PIT */
267struct kvm_pit_channel_state {
268 __u32 count; /* can be 65536 */
269 __u16 latched_count;
270 __u8 count_latched;
271 __u8 status_latched;
272 __u8 status;
273 __u8 read_state;
274 __u8 write_state;
275 __u8 write_latch;
276 __u8 rw_mode;
277 __u8 mode;
278 __u8 bcd;
279 __u8 gate;
280 __s64 count_load_time;
281};
282
283struct kvm_debug_exit_arch {
284 __u32 exception;
285 __u32 pad;
286 __u64 pc;
287 __u64 dr6;
288 __u64 dr7;
289};
290
291#define KVM_GUESTDBG_USE_SW_BP 0x00010000
292#define KVM_GUESTDBG_USE_HW_BP 0x00020000
293#define KVM_GUESTDBG_INJECT_DB 0x00040000
294#define KVM_GUESTDBG_INJECT_BP 0x00080000
295#define KVM_GUESTDBG_BLOCKIRQ 0x00100000
296
297/* for KVM_SET_GUEST_DEBUG */
298struct kvm_guest_debug_arch {
299 __u64 debugreg[8];
300};
301
302struct kvm_pit_state {
303 struct kvm_pit_channel_state channels[3];
304};
305
306#define KVM_PIT_FLAGS_HPET_LEGACY 0x00000001
307#define KVM_PIT_FLAGS_SPEAKER_DATA_ON 0x00000002
308
309struct kvm_pit_state2 {
310 struct kvm_pit_channel_state channels[3];
311 __u32 flags;
312 __u32 reserved[9];
313};
314
315struct kvm_reinject_control {
316 __u8 pit_reinject;
317 __u8 reserved[31];
318};
319
320/* When set in flags, include corresponding fields on KVM_SET_VCPU_EVENTS */
321#define KVM_VCPUEVENT_VALID_NMI_PENDING 0x00000001
322#define KVM_VCPUEVENT_VALID_SIPI_VECTOR 0x00000002
323#define KVM_VCPUEVENT_VALID_SHADOW 0x00000004
324#define KVM_VCPUEVENT_VALID_SMM 0x00000008
325#define KVM_VCPUEVENT_VALID_PAYLOAD 0x00000010
326#define KVM_VCPUEVENT_VALID_TRIPLE_FAULT 0x00000020
327
328/* Interrupt shadow states */
329#define KVM_X86_SHADOW_INT_MOV_SS 0x01
330#define KVM_X86_SHADOW_INT_STI 0x02
331
332/* for KVM_GET/SET_VCPU_EVENTS */
333struct kvm_vcpu_events {
334 struct {
335 __u8 injected;
336 __u8 nr;
337 __u8 has_error_code;
338 __u8 pending;
339 __u32 error_code;
340 } exception;
341 struct {
342 __u8 injected;
343 __u8 nr;
344 __u8 soft;
345 __u8 shadow;
346 } interrupt;
347 struct {
348 __u8 injected;
349 __u8 pending;
350 __u8 masked;
351 __u8 pad;
352 } nmi;
353 __u32 sipi_vector;
354 __u32 flags;
355 struct {
356 __u8 smm;
357 __u8 pending;
358 __u8 smm_inside_nmi;
359 __u8 latched_init;
360 } smi;
361 struct {
362 __u8 pending;
363 } triple_fault;
364 __u8 reserved[26];
365 __u8 exception_has_payload;
366 __u64 exception_payload;
367};
368
369/* for KVM_GET/SET_DEBUGREGS */
370struct kvm_debugregs {
371 __u64 db[4];
372 __u64 dr6;
373 __u64 dr7;
374 __u64 flags;
375 __u64 reserved[9];
376};
377
378/* for KVM_CAP_XSAVE and KVM_CAP_XSAVE2 */
379struct kvm_xsave {
380 /*
381 * KVM_GET_XSAVE2 and KVM_SET_XSAVE write and read as many bytes
382 * as are returned by KVM_CHECK_EXTENSION(KVM_CAP_XSAVE2)
383 * respectively, when invoked on the vm file descriptor.
384 *
385 * The size value returned by KVM_CHECK_EXTENSION(KVM_CAP_XSAVE2)
386 * will always be at least 4096. Currently, it is only greater
387 * than 4096 if a dynamic feature has been enabled with
388 * ``arch_prctl()``, but this may change in the future.
389 *
390 * The offsets of the state save areas in struct kvm_xsave follow
391 * the contents of CPUID leaf 0xD on the host.
392 */
393 __u32 region[1024];
394 __u32 extra[];
395};
396
397#define KVM_MAX_XCRS 16
398
399struct kvm_xcr {
400 __u32 xcr;
401 __u32 reserved;
402 __u64 value;
403};
404
405struct kvm_xcrs {
406 __u32 nr_xcrs;
407 __u32 flags;
408 struct kvm_xcr xcrs[KVM_MAX_XCRS];
409 __u64 padding[16];
410};
411
412#define KVM_SYNC_X86_REGS (1UL << 0)
413#define KVM_SYNC_X86_SREGS (1UL << 1)
414#define KVM_SYNC_X86_EVENTS (1UL << 2)
415
416#define KVM_SYNC_X86_VALID_FIELDS \
417 (KVM_SYNC_X86_REGS| \
418 KVM_SYNC_X86_SREGS| \
419 KVM_SYNC_X86_EVENTS)
420
421/* kvm_sync_regs struct included by kvm_run struct */
422struct kvm_sync_regs {
423 /* Members of this structure are potentially malicious.
424 * Care must be taken by code reading, esp. interpreting,
425 * data fields from them inside KVM to prevent TOCTOU and
426 * double-fetch types of vulnerabilities.
427 */
428 struct kvm_regs regs;
429 struct kvm_sregs sregs;
430 struct kvm_vcpu_events events;
431};
432
433#define KVM_X86_QUIRK_LINT0_REENABLED (1 << 0)
434#define KVM_X86_QUIRK_CD_NW_CLEARED (1 << 1)
435#define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2)
436#define KVM_X86_QUIRK_OUT_7E_INC_RIP (1 << 3)
437#define KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT (1 << 4)
438#define KVM_X86_QUIRK_FIX_HYPERCALL_INSN (1 << 5)
439#define KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS (1 << 6)
440#define KVM_X86_QUIRK_SLOT_ZAP_ALL (1 << 7)
441#define KVM_X86_QUIRK_STUFF_FEATURE_MSRS (1 << 8)
442#define KVM_X86_QUIRK_IGNORE_GUEST_PAT (1 << 9)
443
444#define KVM_STATE_NESTED_FORMAT_VMX 0
445#define KVM_STATE_NESTED_FORMAT_SVM 1
446
447#define KVM_STATE_NESTED_GUEST_MODE 0x00000001
448#define KVM_STATE_NESTED_RUN_PENDING 0x00000002
449#define KVM_STATE_NESTED_EVMCS 0x00000004
450#define KVM_STATE_NESTED_MTF_PENDING 0x00000008
451#define KVM_STATE_NESTED_GIF_SET 0x00000100
452
453#define KVM_STATE_NESTED_SMM_GUEST_MODE 0x00000001
454#define KVM_STATE_NESTED_SMM_VMXON 0x00000002
455
456#define KVM_STATE_NESTED_VMX_VMCS_SIZE 0x1000
457
458#define KVM_STATE_NESTED_SVM_VMCB_SIZE 0x1000
459
460#define KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE 0x00000001
461
462/* vendor-independent attributes for system fd (group 0) */
463#define KVM_X86_GRP_SYSTEM 0
464# define KVM_X86_XCOMP_GUEST_SUPP 0
465
466/* vendor-specific groups and attributes for system fd */
467#define KVM_X86_GRP_SEV 1
468# define KVM_X86_SEV_VMSA_FEATURES 0
469
470struct kvm_vmx_nested_state_data {
471 __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
472 __u8 shadow_vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
473};
474
475struct kvm_vmx_nested_state_hdr {
476 __u64 vmxon_pa;
477 __u64 vmcs12_pa;
478
479 struct {
480 __u16 flags;
481 } smm;
482
483 __u16 pad;
484
485 __u32 flags;
486 __u64 preemption_timer_deadline;
487};
488
489struct kvm_svm_nested_state_data {
490 /* Save area only used if KVM_STATE_NESTED_RUN_PENDING. */
491 __u8 vmcb12[KVM_STATE_NESTED_SVM_VMCB_SIZE];
492};
493
494struct kvm_svm_nested_state_hdr {
495 __u64 vmcb_pa;
496};
497
498/* for KVM_CAP_NESTED_STATE */
499struct kvm_nested_state {
500 __u16 flags;
501 __u16 format;
502 __u32 size;
503
504 union {
505 struct kvm_vmx_nested_state_hdr vmx;
506 struct kvm_svm_nested_state_hdr svm;
507
508 /* Pad the header to 128 bytes. */
509 __u8 pad[120];
510 } hdr;
511
512 /*
513 * Define data region as 0 bytes to preserve backwards-compatability
514 * to old definition of kvm_nested_state in order to avoid changing
515 * KVM_{GET,PUT}_NESTED_STATE ioctl values.
516 */
517 union {
518 __DECLARE_FLEX_ARRAY(struct kvm_vmx_nested_state_data, vmx);
519 __DECLARE_FLEX_ARRAY(struct kvm_svm_nested_state_data, svm);
520 } data;
521};
522
523/* for KVM_CAP_PMU_EVENT_FILTER */
524struct kvm_pmu_event_filter {
525 __u32 action;
526 __u32 nevents;
527 __u32 fixed_counter_bitmap;
528 __u32 flags;
529 __u32 pad[4];
530 __u64 events[];
531};
532
533#define KVM_PMU_EVENT_ALLOW 0
534#define KVM_PMU_EVENT_DENY 1
535
536#define KVM_PMU_EVENT_FLAG_MASKED_EVENTS _BITUL(0)
537#define KVM_PMU_EVENT_FLAGS_VALID_MASK (KVM_PMU_EVENT_FLAG_MASKED_EVENTS)
538
539/* for KVM_CAP_MCE */
540struct kvm_x86_mce {
541 __u64 status;
542 __u64 addr;
543 __u64 misc;
544 __u64 mcg_status;
545 __u8 bank;
546 __u8 pad1[7];
547 __u64 pad2[3];
548};
549
550/* for KVM_CAP_XEN_HVM */
551#define KVM_XEN_HVM_CONFIG_HYPERCALL_MSR (1 << 0)
552#define KVM_XEN_HVM_CONFIG_INTERCEPT_HCALL (1 << 1)
553#define KVM_XEN_HVM_CONFIG_SHARED_INFO (1 << 2)
554#define KVM_XEN_HVM_CONFIG_RUNSTATE (1 << 3)
555#define KVM_XEN_HVM_CONFIG_EVTCHN_2LEVEL (1 << 4)
556#define KVM_XEN_HVM_CONFIG_EVTCHN_SEND (1 << 5)
557#define KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG (1 << 6)
558#define KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE (1 << 7)
559#define KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA (1 << 8)
560
561#define KVM_XEN_MSR_MIN_INDEX 0x40000000u
562#define KVM_XEN_MSR_MAX_INDEX 0x4fffffffu
563
564struct kvm_xen_hvm_config {
565 __u32 flags;
566 __u32 msr;
567 __u64 blob_addr_32;
568 __u64 blob_addr_64;
569 __u8 blob_size_32;
570 __u8 blob_size_64;
571 __u8 pad2[30];
572};
573
574struct kvm_xen_hvm_attr {
575 __u16 type;
576 __u16 pad[3];
577 union {
578 __u8 long_mode;
579 __u8 vector;
580 __u8 runstate_update_flag;
581 union {
582 __u64 gfn;
583#define KVM_XEN_INVALID_GFN ((__u64)-1)
584 __u64 hva;
585 } shared_info;
586 struct {
587 __u32 send_port;
588 __u32 type; /* EVTCHNSTAT_ipi / EVTCHNSTAT_interdomain */
589 __u32 flags;
590#define KVM_XEN_EVTCHN_DEASSIGN (1 << 0)
591#define KVM_XEN_EVTCHN_UPDATE (1 << 1)
592#define KVM_XEN_EVTCHN_RESET (1 << 2)
593 /*
594 * Events sent by the guest are either looped back to
595 * the guest itself (potentially on a different port#)
596 * or signalled via an eventfd.
597 */
598 union {
599 struct {
600 __u32 port;
601 __u32 vcpu;
602 __u32 priority;
603 } port;
604 struct {
605 __u32 port; /* Zero for eventfd */
606 __s32 fd;
607 } eventfd;
608 __u32 padding[4];
609 } deliver;
610 } evtchn;
611 __u32 xen_version;
612 __u64 pad[8];
613 } u;
614};
615
616
617/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */
618#define KVM_XEN_ATTR_TYPE_LONG_MODE 0x0
619#define KVM_XEN_ATTR_TYPE_SHARED_INFO 0x1
620#define KVM_XEN_ATTR_TYPE_UPCALL_VECTOR 0x2
621/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */
622#define KVM_XEN_ATTR_TYPE_EVTCHN 0x3
623#define KVM_XEN_ATTR_TYPE_XEN_VERSION 0x4
624/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_RUNSTATE_UPDATE_FLAG */
625#define KVM_XEN_ATTR_TYPE_RUNSTATE_UPDATE_FLAG 0x5
626/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA */
627#define KVM_XEN_ATTR_TYPE_SHARED_INFO_HVA 0x6
628
629struct kvm_xen_vcpu_attr {
630 __u16 type;
631 __u16 pad[3];
632 union {
633 __u64 gpa;
634#define KVM_XEN_INVALID_GPA ((__u64)-1)
635 __u64 hva;
636 __u64 pad[8];
637 struct {
638 __u64 state;
639 __u64 state_entry_time;
640 __u64 time_running;
641 __u64 time_runnable;
642 __u64 time_blocked;
643 __u64 time_offline;
644 } runstate;
645 __u32 vcpu_id;
646 struct {
647 __u32 port;
648 __u32 priority;
649 __u64 expires_ns;
650 } timer;
651 __u8 vector;
652 } u;
653};
654
655/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO */
656#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO 0x0
657#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_TIME_INFO 0x1
658#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADDR 0x2
659#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_CURRENT 0x3
660#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_DATA 0x4
661#define KVM_XEN_VCPU_ATTR_TYPE_RUNSTATE_ADJUST 0x5
662/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_EVTCHN_SEND */
663#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_ID 0x6
664#define KVM_XEN_VCPU_ATTR_TYPE_TIMER 0x7
665#define KVM_XEN_VCPU_ATTR_TYPE_UPCALL_VECTOR 0x8
666/* Available with KVM_CAP_XEN_HVM / KVM_XEN_HVM_CONFIG_SHARED_INFO_HVA */
667#define KVM_XEN_VCPU_ATTR_TYPE_VCPU_INFO_HVA 0x9
668
669/* Secure Encrypted Virtualization command */
670enum sev_cmd_id {
671 /* Guest initialization commands */
672 KVM_SEV_INIT = 0,
673 KVM_SEV_ES_INIT,
674 /* Guest launch commands */
675 KVM_SEV_LAUNCH_START,
676 KVM_SEV_LAUNCH_UPDATE_DATA,
677 KVM_SEV_LAUNCH_UPDATE_VMSA,
678 KVM_SEV_LAUNCH_SECRET,
679 KVM_SEV_LAUNCH_MEASURE,
680 KVM_SEV_LAUNCH_FINISH,
681 /* Guest migration commands (outgoing) */
682 KVM_SEV_SEND_START,
683 KVM_SEV_SEND_UPDATE_DATA,
684 KVM_SEV_SEND_UPDATE_VMSA,
685 KVM_SEV_SEND_FINISH,
686 /* Guest migration commands (incoming) */
687 KVM_SEV_RECEIVE_START,
688 KVM_SEV_RECEIVE_UPDATE_DATA,
689 KVM_SEV_RECEIVE_UPDATE_VMSA,
690 KVM_SEV_RECEIVE_FINISH,
691 /* Guest status and debug commands */
692 KVM_SEV_GUEST_STATUS,
693 KVM_SEV_DBG_DECRYPT,
694 KVM_SEV_DBG_ENCRYPT,
695 /* Guest certificates commands */
696 KVM_SEV_CERT_EXPORT,
697 /* Attestation report */
698 KVM_SEV_GET_ATTESTATION_REPORT,
699 /* Guest Migration Extension */
700 KVM_SEV_SEND_CANCEL,
701
702 /* Second time is the charm; improved versions of the above ioctls. */
703 KVM_SEV_INIT2,
704
705 /* SNP-specific commands */
706 KVM_SEV_SNP_LAUNCH_START = 100,
707 KVM_SEV_SNP_LAUNCH_UPDATE,
708 KVM_SEV_SNP_LAUNCH_FINISH,
709
710 KVM_SEV_NR_MAX,
711};
712
713struct kvm_sev_cmd {
714 __u32 id;
715 __u32 pad0;
716 __u64 data;
717 __u32 error;
718 __u32 sev_fd;
719};
720
721struct kvm_sev_init {
722 __u64 vmsa_features;
723 __u32 flags;
724 __u16 ghcb_version;
725 __u16 pad1;
726 __u32 pad2[8];
727};
728
729struct kvm_sev_launch_start {
730 __u32 handle;
731 __u32 policy;
732 __u64 dh_uaddr;
733 __u32 dh_len;
734 __u32 pad0;
735 __u64 session_uaddr;
736 __u32 session_len;
737 __u32 pad1;
738};
739
740struct kvm_sev_launch_update_data {
741 __u64 uaddr;
742 __u32 len;
743 __u32 pad0;
744};
745
746
747struct kvm_sev_launch_secret {
748 __u64 hdr_uaddr;
749 __u32 hdr_len;
750 __u32 pad0;
751 __u64 guest_uaddr;
752 __u32 guest_len;
753 __u32 pad1;
754 __u64 trans_uaddr;
755 __u32 trans_len;
756 __u32 pad2;
757};
758
759struct kvm_sev_launch_measure {
760 __u64 uaddr;
761 __u32 len;
762 __u32 pad0;
763};
764
765struct kvm_sev_guest_status {
766 __u32 handle;
767 __u32 policy;
768 __u32 state;
769};
770
771struct kvm_sev_dbg {
772 __u64 src_uaddr;
773 __u64 dst_uaddr;
774 __u32 len;
775 __u32 pad0;
776};
777
778struct kvm_sev_attestation_report {
779 __u8 mnonce[16];
780 __u64 uaddr;
781 __u32 len;
782 __u32 pad0;
783};
784
785struct kvm_sev_send_start {
786 __u32 policy;
787 __u32 pad0;
788 __u64 pdh_cert_uaddr;
789 __u32 pdh_cert_len;
790 __u32 pad1;
791 __u64 plat_certs_uaddr;
792 __u32 plat_certs_len;
793 __u32 pad2;
794 __u64 amd_certs_uaddr;
795 __u32 amd_certs_len;
796 __u32 pad3;
797 __u64 session_uaddr;
798 __u32 session_len;
799 __u32 pad4;
800};
801
802struct kvm_sev_send_update_data {
803 __u64 hdr_uaddr;
804 __u32 hdr_len;
805 __u32 pad0;
806 __u64 guest_uaddr;
807 __u32 guest_len;
808 __u32 pad1;
809 __u64 trans_uaddr;
810 __u32 trans_len;
811 __u32 pad2;
812};
813
814struct kvm_sev_receive_start {
815 __u32 handle;
816 __u32 policy;
817 __u64 pdh_uaddr;
818 __u32 pdh_len;
819 __u32 pad0;
820 __u64 session_uaddr;
821 __u32 session_len;
822 __u32 pad1;
823};
824
825struct kvm_sev_receive_update_data {
826 __u64 hdr_uaddr;
827 __u32 hdr_len;
828 __u32 pad0;
829 __u64 guest_uaddr;
830 __u32 guest_len;
831 __u32 pad1;
832 __u64 trans_uaddr;
833 __u32 trans_len;
834 __u32 pad2;
835};
836
837struct kvm_sev_snp_launch_start {
838 __u64 policy;
839 __u8 gosvw[16];
840 __u16 flags;
841 __u8 pad0[6];
842 __u64 pad1[4];
843};
844
845/* Kept in sync with firmware values for simplicity. */
846#define KVM_SEV_PAGE_TYPE_INVALID 0x0
847#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1
848#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3
849#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4
850#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5
851#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6
852
853struct kvm_sev_snp_launch_update {
854 __u64 gfn_start;
855 __u64 uaddr;
856 __u64 len;
857 __u8 type;
858 __u8 pad0;
859 __u16 flags;
860 __u32 pad1;
861 __u64 pad2[4];
862};
863
864#define KVM_SEV_SNP_ID_BLOCK_SIZE 96
865#define KVM_SEV_SNP_ID_AUTH_SIZE 4096
866#define KVM_SEV_SNP_FINISH_DATA_SIZE 32
867
868struct kvm_sev_snp_launch_finish {
869 __u64 id_block_uaddr;
870 __u64 id_auth_uaddr;
871 __u8 id_block_en;
872 __u8 auth_key_en;
873 __u8 vcek_disabled;
874 __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE];
875 __u8 pad0[3];
876 __u16 flags;
877 __u64 pad1[4];
878};
879
880#define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0)
881#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1)
882
883struct kvm_hyperv_eventfd {
884 __u32 conn_id;
885 __s32 fd;
886 __u32 flags;
887 __u32 padding[3];
888};
889
890#define KVM_HYPERV_CONN_ID_MASK 0x00ffffff
891#define KVM_HYPERV_EVENTFD_DEASSIGN (1 << 0)
892
893/*
894 * Masked event layout.
895 * Bits Description
896 * ---- -----------
897 * 7:0 event select (low bits)
898 * 15:8 umask match
899 * 31:16 unused
900 * 35:32 event select (high bits)
901 * 36:54 unused
902 * 55 exclude bit
903 * 63:56 umask mask
904 */
905
906#define KVM_PMU_ENCODE_MASKED_ENTRY(event_select, mask, match, exclude) \
907 (((event_select) & 0xFFULL) | (((event_select) & 0XF00ULL) << 24) | \
908 (((mask) & 0xFFULL) << 56) | \
909 (((match) & 0xFFULL) << 8) | \
910 ((__u64)(!!(exclude)) << 55))
911
912#define KVM_PMU_MASKED_ENTRY_EVENT_SELECT \
913 (__GENMASK_ULL(7, 0) | __GENMASK_ULL(35, 32))
914#define KVM_PMU_MASKED_ENTRY_UMASK_MASK (__GENMASK_ULL(63, 56))
915#define KVM_PMU_MASKED_ENTRY_UMASK_MATCH (__GENMASK_ULL(15, 8))
916#define KVM_PMU_MASKED_ENTRY_EXCLUDE (_BITULL(55))
917#define KVM_PMU_MASKED_ENTRY_UMASK_MASK_SHIFT (56)
918
919/* for KVM_{GET,SET,HAS}_DEVICE_ATTR */
920#define KVM_VCPU_TSC_CTRL 0 /* control group for the timestamp counter (TSC) */
921#define KVM_VCPU_TSC_OFFSET 0 /* attribute for the TSC offset */
922
923/* x86-specific KVM_EXIT_HYPERCALL flags. */
924#define KVM_EXIT_HYPERCALL_LONG_MODE _BITULL(0)
925
926#define KVM_X86_DEFAULT_VM 0
927#define KVM_X86_SW_PROTECTED_VM 1
928#define KVM_X86_SEV_VM 2
929#define KVM_X86_SEV_ES_VM 3
930#define KVM_X86_SNP_VM 4
931#define KVM_X86_TDX_VM 5
932
933/* Trust Domain eXtension sub-ioctl() commands. */
934enum kvm_tdx_cmd_id {
935 KVM_TDX_CAPABILITIES = 0,
936 KVM_TDX_INIT_VM,
937 KVM_TDX_INIT_VCPU,
938 KVM_TDX_INIT_MEM_REGION,
939 KVM_TDX_FINALIZE_VM,
940 KVM_TDX_GET_CPUID,
941
942 KVM_TDX_CMD_NR_MAX,
943};
944
945struct kvm_tdx_cmd {
946 /* enum kvm_tdx_cmd_id */
947 __u32 id;
948 /* flags for sub-commend. If sub-command doesn't use this, set zero. */
949 __u32 flags;
950 /*
951 * data for each sub-command. An immediate or a pointer to the actual
952 * data in process virtual address. If sub-command doesn't use it,
953 * set zero.
954 */
955 __u64 data;
956 /*
957 * Auxiliary error code. The sub-command may return TDX SEAMCALL
958 * status code in addition to -Exxx.
959 */
960 __u64 hw_error;
961};
962
963struct kvm_tdx_capabilities {
964 __u64 supported_attrs;
965 __u64 supported_xfam;
966
967 __u64 kernel_tdvmcallinfo_1_r11;
968 __u64 user_tdvmcallinfo_1_r11;
969 __u64 kernel_tdvmcallinfo_1_r12;
970 __u64 user_tdvmcallinfo_1_r12;
971
972 __u64 reserved[250];
973
974 /* Configurable CPUID bits for userspace */
975 struct kvm_cpuid2 cpuid;
976};
977
978struct kvm_tdx_init_vm {
979 __u64 attributes;
980 __u64 xfam;
981 __u64 mrconfigid[6]; /* sha384 digest */
982 __u64 mrowner[6]; /* sha384 digest */
983 __u64 mrownerconfig[6]; /* sha384 digest */
984
985 /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */
986 __u64 reserved[12];
987
988 /*
989 * Call KVM_TDX_INIT_VM before vcpu creation, thus before
990 * KVM_SET_CPUID2.
991 * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the
992 * TDX module directly virtualizes those CPUIDs without VMM. The user
993 * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with
994 * those values. If it doesn't, KVM may have wrong idea of vCPUIDs of
995 * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX
996 * module doesn't virtualize.
997 */
998 struct kvm_cpuid2 cpuid;
999};
1000
1001#define KVM_TDX_MEASURE_MEMORY_REGION _BITULL(0)
1002
1003struct kvm_tdx_init_mem_region {
1004 __u64 source_addr;
1005 __u64 gpa;
1006 __u64 nr_pages;
1007};
1008
1009#endif /* _ASM_X86_KVM_H */