diff options
author | Avi Kivity <avi@qumranet.com> | 2007-11-08 11:19:20 -0500 |
---|---|---|
committer | Avi Kivity <avi@qumranet.com> | 2008-01-30 10:53:00 -0500 |
commit | 9c5623e3e42e94927d02a6693875badf15692970 (patch) | |
tree | 74ea5711aa9884aa5bee97282c52c32659aca53a | |
parent | 12264760e46077a65c1240ac0b27dfa34b402158 (diff) |
KVM: VMX: Use vmx to inject real-mode interrupts
Instead of injecting real-mode interrupts by writing the interrupt frame into
guest memory, abuse vmx by injecting a software interrupt. We need to
pretend the software interrupt instruction had a length > 0, so we have to
adjust rip backward.
This lets us not to mess with writing guest memory, which is complex and also
sleeps.
Signed-off-by: Avi Kivity <avi@qumranet.com>
-rw-r--r-- | drivers/kvm/vmx.c | 53 | ||||
-rw-r--r-- | drivers/kvm/vmx.h | 1 |
2 files changed, 5 insertions, 49 deletions
diff --git a/drivers/kvm/vmx.c b/drivers/kvm/vmx.c index eca422e9506..d2c25e25d3a 100644 --- a/drivers/kvm/vmx.c +++ b/drivers/kvm/vmx.c | |||
@@ -1709,58 +1709,13 @@ out: | |||
1709 | return ret; | 1709 | return ret; |
1710 | } | 1710 | } |
1711 | 1711 | ||
1712 | static void inject_rmode_irq(struct kvm_vcpu *vcpu, int irq) | ||
1713 | { | ||
1714 | u16 ent[2]; | ||
1715 | u16 cs; | ||
1716 | u16 ip; | ||
1717 | unsigned long flags; | ||
1718 | unsigned long ss_base = vmcs_readl(GUEST_SS_BASE); | ||
1719 | u16 sp = vmcs_readl(GUEST_RSP); | ||
1720 | u32 ss_limit = vmcs_read32(GUEST_SS_LIMIT); | ||
1721 | |||
1722 | if (sp > ss_limit || sp < 6) { | ||
1723 | vcpu_printf(vcpu, "%s: #SS, rsp 0x%lx ss 0x%lx limit 0x%x\n", | ||
1724 | __FUNCTION__, | ||
1725 | vmcs_readl(GUEST_RSP), | ||
1726 | vmcs_readl(GUEST_SS_BASE), | ||
1727 | vmcs_read32(GUEST_SS_LIMIT)); | ||
1728 | return; | ||
1729 | } | ||
1730 | |||
1731 | if (emulator_read_std(irq * sizeof(ent), &ent, sizeof(ent), vcpu) != | ||
1732 | X86EMUL_CONTINUE) { | ||
1733 | vcpu_printf(vcpu, "%s: read guest err\n", __FUNCTION__); | ||
1734 | return; | ||
1735 | } | ||
1736 | |||
1737 | flags = vmcs_readl(GUEST_RFLAGS); | ||
1738 | cs = vmcs_readl(GUEST_CS_BASE) >> 4; | ||
1739 | ip = vmcs_readl(GUEST_RIP); | ||
1740 | |||
1741 | |||
1742 | if (emulator_write_emulated( | ||
1743 | ss_base + sp - 2, &flags, 2, vcpu) != X86EMUL_CONTINUE || | ||
1744 | emulator_write_emulated( | ||
1745 | ss_base + sp - 4, &cs, 2, vcpu) != X86EMUL_CONTINUE || | ||
1746 | emulator_write_emulated( | ||
1747 | ss_base + sp - 6, &ip, 2, vcpu) != X86EMUL_CONTINUE) { | ||
1748 | vcpu_printf(vcpu, "%s: write guest err\n", __FUNCTION__); | ||
1749 | return; | ||
1750 | } | ||
1751 | |||
1752 | vmcs_writel(GUEST_RFLAGS, flags & | ||
1753 | ~(X86_EFLAGS_IF | X86_EFLAGS_AC | X86_EFLAGS_TF)); | ||
1754 | vmcs_write16(GUEST_CS_SELECTOR, ent[1]) ; | ||
1755 | vmcs_writel(GUEST_CS_BASE, ent[1] << 4); | ||
1756 | vmcs_writel(GUEST_RIP, ent[0]); | ||
1757 | vmcs_writel(GUEST_RSP, (vmcs_readl(GUEST_RSP) & ~0xffff) | (sp - 6)); | ||
1758 | } | ||
1759 | |||
1760 | static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq) | 1712 | static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq) |
1761 | { | 1713 | { |
1762 | if (vcpu->rmode.active) { | 1714 | if (vcpu->rmode.active) { |
1763 | inject_rmode_irq(vcpu, irq); | 1715 | vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, |
1716 | irq | INTR_TYPE_SOFT_INTR | INTR_INFO_VALID_MASK); | ||
1717 | vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1); | ||
1718 | vmcs_writel(GUEST_RIP, vmcs_readl(GUEST_RIP) - 1); | ||
1764 | return; | 1719 | return; |
1765 | } | 1720 | } |
1766 | vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, | 1721 | vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, |
diff --git a/drivers/kvm/vmx.h b/drivers/kvm/vmx.h index c84bd373315..d757b36c2fb 100644 --- a/drivers/kvm/vmx.h +++ b/drivers/kvm/vmx.h | |||
@@ -233,6 +233,7 @@ enum vmcs_field { | |||
233 | 233 | ||
234 | #define INTR_TYPE_EXT_INTR (0 << 8) /* external interrupt */ | 234 | #define INTR_TYPE_EXT_INTR (0 << 8) /* external interrupt */ |
235 | #define INTR_TYPE_EXCEPTION (3 << 8) /* processor exception */ | 235 | #define INTR_TYPE_EXCEPTION (3 << 8) /* processor exception */ |
236 | #define INTR_TYPE_SOFT_INTR (4 << 8) /* software interrupt */ | ||
236 | 237 | ||
237 | /* | 238 | /* |
238 | * Exit Qualifications for MOV for Control Register Access | 239 | * Exit Qualifications for MOV for Control Register Access |