aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAvi Kivity <avi@qumranet.com>2007-11-08 11:19:20 -0500
committerAvi Kivity <avi@qumranet.com>2008-01-30 10:53:00 -0500
commit9c5623e3e42e94927d02a6693875badf15692970 (patch)
tree74ea5711aa9884aa5bee97282c52c32659aca53a
parent12264760e46077a65c1240ac0b27dfa34b402158 (diff)
KVM: VMX: Use vmx to inject real-mode interrupts
Instead of injecting real-mode interrupts by writing the interrupt frame into guest memory, abuse vmx by injecting a software interrupt. We need to pretend the software interrupt instruction had a length > 0, so we have to adjust rip backward. This lets us not to mess with writing guest memory, which is complex and also sleeps. Signed-off-by: Avi Kivity <avi@qumranet.com>
-rw-r--r--drivers/kvm/vmx.c53
-rw-r--r--drivers/kvm/vmx.h1
2 files changed, 5 insertions, 49 deletions
diff --git a/drivers/kvm/vmx.c b/drivers/kvm/vmx.c
index eca422e9506d..d2c25e25d3aa 100644
--- a/drivers/kvm/vmx.c
+++ b/drivers/kvm/vmx.c
@@ -1709,58 +1709,13 @@ out:
1709 return ret; 1709 return ret;
1710} 1710}
1711 1711
1712static void inject_rmode_irq(struct kvm_vcpu *vcpu, int irq)
1713{
1714 u16 ent[2];
1715 u16 cs;
1716 u16 ip;
1717 unsigned long flags;
1718 unsigned long ss_base = vmcs_readl(GUEST_SS_BASE);
1719 u16 sp = vmcs_readl(GUEST_RSP);
1720 u32 ss_limit = vmcs_read32(GUEST_SS_LIMIT);
1721
1722 if (sp > ss_limit || sp < 6) {
1723 vcpu_printf(vcpu, "%s: #SS, rsp 0x%lx ss 0x%lx limit 0x%x\n",
1724 __FUNCTION__,
1725 vmcs_readl(GUEST_RSP),
1726 vmcs_readl(GUEST_SS_BASE),
1727 vmcs_read32(GUEST_SS_LIMIT));
1728 return;
1729 }
1730
1731 if (emulator_read_std(irq * sizeof(ent), &ent, sizeof(ent), vcpu) !=
1732 X86EMUL_CONTINUE) {
1733 vcpu_printf(vcpu, "%s: read guest err\n", __FUNCTION__);
1734 return;
1735 }
1736
1737 flags = vmcs_readl(GUEST_RFLAGS);
1738 cs = vmcs_readl(GUEST_CS_BASE) >> 4;
1739 ip = vmcs_readl(GUEST_RIP);
1740
1741
1742 if (emulator_write_emulated(
1743 ss_base + sp - 2, &flags, 2, vcpu) != X86EMUL_CONTINUE ||
1744 emulator_write_emulated(
1745 ss_base + sp - 4, &cs, 2, vcpu) != X86EMUL_CONTINUE ||
1746 emulator_write_emulated(
1747 ss_base + sp - 6, &ip, 2, vcpu) != X86EMUL_CONTINUE) {
1748 vcpu_printf(vcpu, "%s: write guest err\n", __FUNCTION__);
1749 return;
1750 }
1751
1752 vmcs_writel(GUEST_RFLAGS, flags &
1753 ~(X86_EFLAGS_IF | X86_EFLAGS_AC | X86_EFLAGS_TF));
1754 vmcs_write16(GUEST_CS_SELECTOR, ent[1]) ;
1755 vmcs_writel(GUEST_CS_BASE, ent[1] << 4);
1756 vmcs_writel(GUEST_RIP, ent[0]);
1757 vmcs_writel(GUEST_RSP, (vmcs_readl(GUEST_RSP) & ~0xffff) | (sp - 6));
1758}
1759
1760static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq) 1712static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq)
1761{ 1713{
1762 if (vcpu->rmode.active) { 1714 if (vcpu->rmode.active) {
1763 inject_rmode_irq(vcpu, irq); 1715 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
1716 irq | INTR_TYPE_SOFT_INTR | INTR_INFO_VALID_MASK);
1717 vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1);
1718 vmcs_writel(GUEST_RIP, vmcs_readl(GUEST_RIP) - 1);
1764 return; 1719 return;
1765 } 1720 }
1766 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 1721 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
diff --git a/drivers/kvm/vmx.h b/drivers/kvm/vmx.h
index c84bd3733153..d757b36c2fbe 100644
--- a/drivers/kvm/vmx.h
+++ b/drivers/kvm/vmx.h
@@ -233,6 +233,7 @@ enum vmcs_field {
233 233
234#define INTR_TYPE_EXT_INTR (0 << 8) /* external interrupt */ 234#define INTR_TYPE_EXT_INTR (0 << 8) /* external interrupt */
235#define INTR_TYPE_EXCEPTION (3 << 8) /* processor exception */ 235#define INTR_TYPE_EXCEPTION (3 << 8) /* processor exception */
236#define INTR_TYPE_SOFT_INTR (4 << 8) /* software interrupt */
236 237
237/* 238/*
238 * Exit Qualifications for MOV for Control Register Access 239 * Exit Qualifications for MOV for Control Register Access