1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Kernel-based Virtual Machine driver for Linux
4
 * cpuid support routines
5
 *
6
 * derived from arch/x86/kvm/x86.c
7
 *
8
 * Copyright 2011 Red Hat, Inc. and/or its affiliates.
9
 * Copyright IBM Corporation, 2008
10
 */
11
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12

13
#include <linux/kvm_host.h>
14
#include "linux/lockdep.h"
15
#include <linux/export.h>
16
#include <linux/vmalloc.h>
17
#include <linux/uaccess.h>
18
#include <linux/sched/stat.h>
19

20
#include <asm/processor.h>
21
#include <asm/user.h>
22
#include <asm/fpu/xstate.h>
23
#include <asm/sgx.h>
24
#include <asm/cpuid/api.h>
25
#include "cpuid.h"
26
#include "lapic.h"
27
#include "mmu.h"
28
#include "trace.h"
29
#include "pmu.h"
30
#include "xen.h"
31

32
/*
33
 * Unlike "struct cpuinfo_x86.x86_capability", kvm_cpu_caps doesn't need to be
34
 * aligned to sizeof(unsigned long) because it's not accessed via bitops.
35
 */
36
u32 kvm_cpu_caps[NR_KVM_CPU_CAPS] __read_mostly;
37
EXPORT_SYMBOL_GPL(kvm_cpu_caps);
38

39
struct cpuid_xstate_sizes {
40
	u32 eax;
41
	u32 ebx;
42
	u32 ecx;
43
};
44

45
static struct cpuid_xstate_sizes xstate_sizes[XFEATURE_MAX] __ro_after_init;
46

47
void __init kvm_init_xstate_sizes(void)
48
{
49
	u32 ign;
50
	int i;
51

52
	for (i = XFEATURE_YMM; i < ARRAY_SIZE(xstate_sizes); i++) {
53
		struct cpuid_xstate_sizes *xs = &xstate_sizes[i];
54

55
		cpuid_count(0xD, i, &xs->eax, &xs->ebx, &xs->ecx, &ign);
56
	}
57
}
58

59
u32 xstate_required_size(u64 xstate_bv, bool compacted)
60
{
61
	u32 ret = XSAVE_HDR_SIZE + XSAVE_HDR_OFFSET;
62
	int i;
63

64
	xstate_bv &= XFEATURE_MASK_EXTEND;
65
	for (i = XFEATURE_YMM; i < ARRAY_SIZE(xstate_sizes) && xstate_bv; i++) {
66
		struct cpuid_xstate_sizes *xs = &xstate_sizes[i];
67
		u32 offset;
68

69
		if (!(xstate_bv & BIT_ULL(i)))
70
			continue;
71

72
		/* ECX[1]: 64B alignment in compacted form */
73
		if (compacted)
74
			offset = (xs->ecx & 0x2) ? ALIGN(ret, 64) : ret;
75
		else
76
			offset = xs->ebx;
77
		ret = max(ret, offset + xs->eax);
78
		xstate_bv &= ~BIT_ULL(i);
79
	}
80

81
	return ret;
82
}
83

84
struct kvm_cpuid_entry2 *kvm_find_cpuid_entry2(
85
	struct kvm_cpuid_entry2 *entries, int nent, u32 function, u64 index)
86
{
87
	struct kvm_cpuid_entry2 *e;
88
	int i;
89

90
	/*
91
	 * KVM has a semi-arbitrary rule that querying the guest's CPUID model
92
	 * with IRQs disabled is disallowed.  The CPUID model can legitimately
93
	 * have over one hundred entries, i.e. the lookup is slow, and IRQs are
94
	 * typically disabled in KVM only when KVM is in a performance critical
95
	 * path, e.g. the core VM-Enter/VM-Exit run loop.  Nothing will break
96
	 * if this rule is violated, this assertion is purely to flag potential
97
	 * performance issues.  If this fires, consider moving the lookup out
98
	 * of the hotpath, e.g. by caching information during CPUID updates.
99
	 */
100
	lockdep_assert_irqs_enabled();
101

102
	for (i = 0; i < nent; i++) {
103
		e = &entries[i];
104

105
		if (e->function != function)
106
			continue;
107

108
		/*
109
		 * If the index isn't significant, use the first entry with a
110
		 * matching function.  It's userspace's responsibility to not
111
		 * provide "duplicate" entries in all cases.
112
		 */
113
		if (!(e->flags & KVM_CPUID_FLAG_SIGNIFCANT_INDEX) || e->index == index)
114
			return e;
115

116

117
		/*
118
		 * Similarly, use the first matching entry if KVM is doing a
119
		 * lookup (as opposed to emulating CPUID) for a function that's
120
		 * architecturally defined as not having a significant index.
121
		 */
122
		if (index == KVM_CPUID_INDEX_NOT_SIGNIFICANT) {
123
			/*
124
			 * Direct lookups from KVM should not diverge from what
125
			 * KVM defines internally (the architectural behavior).
126
			 */
127
			WARN_ON_ONCE(cpuid_function_is_indexed(function));
128
			return e;
129
		}
130
	}
131

132
	return NULL;
133
}
134
EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry2);
135

136
static int kvm_check_cpuid(struct kvm_vcpu *vcpu)
137
{
138
	struct kvm_cpuid_entry2 *best;
139
	u64 xfeatures;
140

141
	/*
142
	 * The existing code assumes virtual address is 48-bit or 57-bit in the
143
	 * canonical address checks; exit if it is ever changed.
144
	 */
145
	best = kvm_find_cpuid_entry(vcpu, 0x80000008);
146
	if (best) {
147
		int vaddr_bits = (best->eax & 0xff00) >> 8;
148

149
		if (vaddr_bits != 48 && vaddr_bits != 57 && vaddr_bits != 0)
150
			return -EINVAL;
151
	}
152

153
	/*
154
	 * Exposing dynamic xfeatures to the guest requires additional
155
	 * enabling in the FPU, e.g. to expand the guest XSAVE state size.
156
	 */
157
	best = kvm_find_cpuid_entry_index(vcpu, 0xd, 0);
158
	if (!best)
159
		return 0;
160

161
	xfeatures = best->eax | ((u64)best->edx << 32);
162
	xfeatures &= XFEATURE_MASK_USER_DYNAMIC;
163
	if (!xfeatures)
164
		return 0;
165

166
	return fpu_enable_guest_xfd_features(&vcpu->arch.guest_fpu, xfeatures);
167
}
168

169
static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu);
170
static void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu);
171

172
/* Check whether the supplied CPUID data is equal to what is already set for the vCPU. */
173
static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
174
				 int nent)
175
{
176
	struct kvm_cpuid_entry2 *orig;
177
	int i;
178

179
	/*
180
	 * Apply runtime CPUID updates to the incoming CPUID entries to avoid
181
	 * false positives due mismatches on KVM-owned feature flags.
182
	 *
183
	 * Note!  @e2 and @nent track the _old_ CPUID entries!
184
	 */
185
	kvm_update_cpuid_runtime(vcpu);
186
	kvm_apply_cpuid_pv_features_quirk(vcpu);
187

188
	if (nent != vcpu->arch.cpuid_nent)
189
		return -EINVAL;
190

191
	for (i = 0; i < nent; i++) {
192
		orig = &vcpu->arch.cpuid_entries[i];
193
		if (e2[i].function != orig->function ||
194
		    e2[i].index != orig->index ||
195
		    e2[i].flags != orig->flags ||
196
		    e2[i].eax != orig->eax || e2[i].ebx != orig->ebx ||
197
		    e2[i].ecx != orig->ecx || e2[i].edx != orig->edx)
198
			return -EINVAL;
199
	}
200

201
	return 0;
202
}
203

204
static struct kvm_hypervisor_cpuid kvm_get_hypervisor_cpuid(struct kvm_vcpu *vcpu,
205
							    const char *sig)
206
{
207
	struct kvm_hypervisor_cpuid cpuid = {};
208
	struct kvm_cpuid_entry2 *entry;
209
	u32 base;
210

211
	for_each_possible_cpuid_base_hypervisor(base) {
212
		entry = kvm_find_cpuid_entry(vcpu, base);
213

214
		if (entry) {
215
			u32 signature[3];
216

217
			signature[0] = entry->ebx;
218
			signature[1] = entry->ecx;
219
			signature[2] = entry->edx;
220

221
			if (!memcmp(signature, sig, sizeof(signature))) {
222
				cpuid.base = base;
223
				cpuid.limit = entry->eax;
224
				break;
225
			}
226
		}
227
	}
228

229
	return cpuid;
230
}
231

232
static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu)
233
{
234
	struct kvm_hypervisor_cpuid kvm_cpuid;
235
	struct kvm_cpuid_entry2 *best;
236

237
	kvm_cpuid = kvm_get_hypervisor_cpuid(vcpu, KVM_SIGNATURE);
238
	if (!kvm_cpuid.base)
239
		return 0;
240

241
	best = kvm_find_cpuid_entry(vcpu, kvm_cpuid.base | KVM_CPUID_FEATURES);
242
	if (!best)
243
		return 0;
244

245
	if (kvm_hlt_in_guest(vcpu->kvm))
246
		best->eax &= ~(1 << KVM_FEATURE_PV_UNHALT);
247

248
	return best->eax;
249
}
250

251
/*
252
 * Calculate guest's supported XCR0 taking into account guest CPUID data and
253
 * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0).
254
 */
255
static u64 cpuid_get_supported_xcr0(struct kvm_vcpu *vcpu)
256
{
257
	struct kvm_cpuid_entry2 *best;
258

259
	best = kvm_find_cpuid_entry_index(vcpu, 0xd, 0);
260
	if (!best)
261
		return 0;
262

263
	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;
264
}
265

266
static __always_inline void kvm_update_feature_runtime(struct kvm_vcpu *vcpu,
267
						       struct kvm_cpuid_entry2 *entry,
268
						       unsigned int x86_feature,
269
						       bool has_feature)
270
{
271
	cpuid_entry_change(entry, x86_feature, has_feature);
272
	guest_cpu_cap_change(vcpu, x86_feature, has_feature);
273
}
274

275
static void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
276
{
277
	struct kvm_cpuid_entry2 *best;
278

279
	vcpu->arch.cpuid_dynamic_bits_dirty = false;
280

281
	best = kvm_find_cpuid_entry(vcpu, 1);
282
	if (best) {
283
		kvm_update_feature_runtime(vcpu, best, X86_FEATURE_OSXSAVE,
284
					   kvm_is_cr4_bit_set(vcpu, X86_CR4_OSXSAVE));
285

286
		kvm_update_feature_runtime(vcpu, best, X86_FEATURE_APIC,
287
					   vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE);
288

289
		if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT))
290
			kvm_update_feature_runtime(vcpu, best, X86_FEATURE_MWAIT,
291
						   vcpu->arch.ia32_misc_enable_msr &
292
						   MSR_IA32_MISC_ENABLE_MWAIT);
293
	}
294

295
	best = kvm_find_cpuid_entry_index(vcpu, 7, 0);
296
	if (best)
297
		kvm_update_feature_runtime(vcpu, best, X86_FEATURE_OSPKE,
298
					   kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE));
299

300

301
	best = kvm_find_cpuid_entry_index(vcpu, 0xD, 0);
302
	if (best)
303
		best->ebx = xstate_required_size(vcpu->arch.xcr0, false);
304

305
	best = kvm_find_cpuid_entry_index(vcpu, 0xD, 1);
306
	if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) ||
307
		     cpuid_entry_has(best, X86_FEATURE_XSAVEC)))
308
		best->ebx = xstate_required_size(vcpu->arch.xcr0, true);
309
}
310

311
static bool kvm_cpuid_has_hyperv(struct kvm_vcpu *vcpu)
312
{
313
#ifdef CONFIG_KVM_HYPERV
314
	struct kvm_cpuid_entry2 *entry;
315

316
	entry = kvm_find_cpuid_entry(vcpu, HYPERV_CPUID_INTERFACE);
317
	return entry && entry->eax == HYPERV_CPUID_SIGNATURE_EAX;
318
#else
319
	return false;
320
#endif
321
}
322

323
static bool guest_cpuid_is_amd_or_hygon(struct kvm_vcpu *vcpu)
324
{
325
	struct kvm_cpuid_entry2 *entry;
326

327
	entry = kvm_find_cpuid_entry(vcpu, 0);
328
	if (!entry)
329
		return false;
330

331
	return is_guest_vendor_amd(entry->ebx, entry->ecx, entry->edx) ||
332
	       is_guest_vendor_hygon(entry->ebx, entry->ecx, entry->edx);
333
}
334

335
/*
336
 * This isn't truly "unsafe", but except for the cpu_caps initialization code,
337
 * all register lookups should use __cpuid_entry_get_reg(), which provides
338
 * compile-time validation of the input.
339
 */
340
static u32 cpuid_get_reg_unsafe(struct kvm_cpuid_entry2 *entry, u32 reg)
341
{
342
	switch (reg) {
343
	case CPUID_EAX:
344
		return entry->eax;
345
	case CPUID_EBX:
346
		return entry->ebx;
347
	case CPUID_ECX:
348
		return entry->ecx;
349
	case CPUID_EDX:
350
		return entry->edx;
351
	default:
352
		WARN_ON_ONCE(1);
353
		return 0;
354
	}
355
}
356

357
static int cpuid_func_emulated(struct kvm_cpuid_entry2 *entry, u32 func,
358
			       bool include_partially_emulated);
359

360
void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
361
{
362
	struct kvm_lapic *apic = vcpu->arch.apic;
363
	struct kvm_cpuid_entry2 *best;
364
	struct kvm_cpuid_entry2 *entry;
365
	bool allow_gbpages;
366
	int i;
367

368
	memset(vcpu->arch.cpu_caps, 0, sizeof(vcpu->arch.cpu_caps));
369
	BUILD_BUG_ON(ARRAY_SIZE(reverse_cpuid) != NR_KVM_CPU_CAPS);
370

371
	/*
372
	 * Reset guest capabilities to userspace's guest CPUID definition, i.e.
373
	 * honor userspace's definition for features that don't require KVM or
374
	 * hardware management/support (or that KVM simply doesn't care about).
375
	 */
376
	for (i = 0; i < NR_KVM_CPU_CAPS; i++) {
377
		const struct cpuid_reg cpuid = reverse_cpuid[i];
378
		struct kvm_cpuid_entry2 emulated;
379

380
		if (!cpuid.function)
381
			continue;
382

383
		entry = kvm_find_cpuid_entry_index(vcpu, cpuid.function, cpuid.index);
384
		if (!entry)
385
			continue;
386

387
		cpuid_func_emulated(&emulated, cpuid.function, true);
388

389
		/*
390
		 * A vCPU has a feature if it's supported by KVM and is enabled
391
		 * in guest CPUID.  Note, this includes features that are
392
		 * supported by KVM but aren't advertised to userspace!
393
		 */
394
		vcpu->arch.cpu_caps[i] = kvm_cpu_caps[i] |
395
					 cpuid_get_reg_unsafe(&emulated, cpuid.reg);
396
		vcpu->arch.cpu_caps[i] &= cpuid_get_reg_unsafe(entry, cpuid.reg);
397
	}
398

399
	kvm_update_cpuid_runtime(vcpu);
400

401
	/*
402
	 * If TDP is enabled, let the guest use GBPAGES if they're supported in
403
	 * hardware.  The hardware page walker doesn't let KVM disable GBPAGES,
404
	 * i.e. won't treat them as reserved, and KVM doesn't redo the GVA->GPA
405
	 * walk for performance and complexity reasons.  Not to mention KVM
406
	 * _can't_ solve the problem because GVA->GPA walks aren't visible to
407
	 * KVM once a TDP translation is installed.  Mimic hardware behavior so
408
	 * that KVM's is at least consistent, i.e. doesn't randomly inject #PF.
409
	 * If TDP is disabled, honor *only* guest CPUID as KVM has full control
410
	 * and can install smaller shadow pages if the host lacks 1GiB support.
411
	 */
412
	allow_gbpages = tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) :
413
				      guest_cpu_cap_has(vcpu, X86_FEATURE_GBPAGES);
414
	guest_cpu_cap_change(vcpu, X86_FEATURE_GBPAGES, allow_gbpages);
415

416
	best = kvm_find_cpuid_entry(vcpu, 1);
417
	if (best && apic) {
418
		if (cpuid_entry_has(best, X86_FEATURE_TSC_DEADLINE_TIMER))
419
			apic->lapic_timer.timer_mode_mask = 3 << 17;
420
		else
421
			apic->lapic_timer.timer_mode_mask = 1 << 17;
422

423
		kvm_apic_set_version(vcpu);
424
	}
425

426
	vcpu->arch.guest_supported_xcr0 = cpuid_get_supported_xcr0(vcpu);
427

428
	vcpu->arch.pv_cpuid.features = kvm_apply_cpuid_pv_features_quirk(vcpu);
429

430
	vcpu->arch.is_amd_compatible = guest_cpuid_is_amd_or_hygon(vcpu);
431
	vcpu->arch.maxphyaddr = cpuid_query_maxphyaddr(vcpu);
432
	vcpu->arch.reserved_gpa_bits = kvm_vcpu_reserved_gpa_bits_raw(vcpu);
433

434
	kvm_pmu_refresh(vcpu);
435

436
#define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f)
437
	vcpu->arch.cr4_guest_rsvd_bits = __cr4_reserved_bits(__kvm_cpu_cap_has, UNUSED_) |
438
					 __cr4_reserved_bits(guest_cpu_cap_has, vcpu);
439
#undef __kvm_cpu_cap_has
440

441
	kvm_hv_set_cpuid(vcpu, kvm_cpuid_has_hyperv(vcpu));
442

443
	/* Invoke the vendor callback only after the above state is updated. */
444
	kvm_x86_call(vcpu_after_set_cpuid)(vcpu);
445

446
	/*
447
	 * Except for the MMU, which needs to do its thing any vendor specific
448
	 * adjustments to the reserved GPA bits.
449
	 */
450
	kvm_mmu_after_set_cpuid(vcpu);
451
}
452

453
int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu)
454
{
455
	struct kvm_cpuid_entry2 *best;
456

457
	best = kvm_find_cpuid_entry(vcpu, 0x80000000);
458
	if (!best || best->eax < 0x80000008)
459
		goto not_found;
460
	best = kvm_find_cpuid_entry(vcpu, 0x80000008);
461
	if (best)
462
		return best->eax & 0xff;
463
not_found:
464
	return 36;
465
}
466

467
int cpuid_query_maxguestphyaddr(struct kvm_vcpu *vcpu)
468
{
469
	struct kvm_cpuid_entry2 *best;
470

471
	best = kvm_find_cpuid_entry(vcpu, 0x80000000);
472
	if (!best || best->eax < 0x80000008)
473
		goto not_found;
474
	best = kvm_find_cpuid_entry(vcpu, 0x80000008);
475
	if (best)
476
		return (best->eax >> 16) & 0xff;
477
not_found:
478
	return 0;
479
}
480

481
/*
482
 * This "raw" version returns the reserved GPA bits without any adjustments for
483
 * encryption technologies that usurp bits.  The raw mask should be used if and
484
 * only if hardware does _not_ strip the usurped bits, e.g. in virtual MTRRs.
485
 */
486
u64 kvm_vcpu_reserved_gpa_bits_raw(struct kvm_vcpu *vcpu)
487
{
488
	return rsvd_bits(cpuid_maxphyaddr(vcpu), 63);
489
}
490

491
static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
492
                        int nent)
493
{
494
	u32 vcpu_caps[NR_KVM_CPU_CAPS];
495
	int r;
496

497
	/*
498
	 * Swap the existing (old) entries with the incoming (new) entries in
499
	 * order to massage the new entries, e.g. to account for dynamic bits
500
	 * that KVM controls, without clobbering the current guest CPUID, which
501
	 * KVM needs to preserve in order to unwind on failure.
502
	 *
503
	 * Similarly, save the vCPU's current cpu_caps so that the capabilities
504
	 * can be updated alongside the CPUID entries when performing runtime
505
	 * updates.  Full initialization is done if and only if the vCPU hasn't
506
	 * run, i.e. only if userspace is potentially changing CPUID features.
507
	 */
508
	swap(vcpu->arch.cpuid_entries, e2);
509
	swap(vcpu->arch.cpuid_nent, nent);
510

511
	memcpy(vcpu_caps, vcpu->arch.cpu_caps, sizeof(vcpu_caps));
512
	BUILD_BUG_ON(sizeof(vcpu_caps) != sizeof(vcpu->arch.cpu_caps));
513

514
	/*
515
	 * KVM does not correctly handle changing guest CPUID after KVM_RUN, as
516
	 * MAXPHYADDR, GBPAGES support, AMD reserved bit behavior, etc.. aren't
517
	 * tracked in kvm_mmu_page_role.  As a result, KVM may miss guest page
518
	 * faults due to reusing SPs/SPTEs. In practice no sane VMM mucks with
519
	 * the core vCPU model on the fly. It would've been better to forbid any
520
	 * KVM_SET_CPUID{,2} calls after KVM_RUN altogether but unfortunately
521
	 * some VMMs (e.g. QEMU) reuse vCPU fds for CPU hotplug/unplug and do
522
	 * KVM_SET_CPUID{,2} again. To support this legacy behavior, check
523
	 * whether the supplied CPUID data is equal to what's already set.
524
	 */
525
	if (kvm_vcpu_has_run(vcpu)) {
526
		r = kvm_cpuid_check_equal(vcpu, e2, nent);
527
		if (r)
528
			goto err;
529
		goto success;
530
	}
531

532
#ifdef CONFIG_KVM_HYPERV
533
	if (kvm_cpuid_has_hyperv(vcpu)) {
534
		r = kvm_hv_vcpu_init(vcpu);
535
		if (r)
536
			goto err;
537
	}
538
#endif
539

540
	r = kvm_check_cpuid(vcpu);
541
	if (r)
542
		goto err;
543

544
#ifdef CONFIG_KVM_XEN
545
	vcpu->arch.xen.cpuid = kvm_get_hypervisor_cpuid(vcpu, XEN_SIGNATURE);
546
#endif
547
	kvm_vcpu_after_set_cpuid(vcpu);
548

549
success:
550
	kvfree(e2);
551
	return 0;
552

553
err:
554
	memcpy(vcpu->arch.cpu_caps, vcpu_caps, sizeof(vcpu_caps));
555
	swap(vcpu->arch.cpuid_entries, e2);
556
	swap(vcpu->arch.cpuid_nent, nent);
557
	return r;
558
}
559

560
/* when an old userspace process fills a new kernel module */
561
int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
562
			     struct kvm_cpuid *cpuid,
563
			     struct kvm_cpuid_entry __user *entries)
564
{
565
	int r, i;
566
	struct kvm_cpuid_entry *e = NULL;
567
	struct kvm_cpuid_entry2 *e2 = NULL;
568

569
	if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
570
		return -E2BIG;
571

572
	if (cpuid->nent) {
573
		e = vmemdup_array_user(entries, cpuid->nent, sizeof(*e));
574
		if (IS_ERR(e))
575
			return PTR_ERR(e);
576

577
		e2 = kvmalloc_array(cpuid->nent, sizeof(*e2), GFP_KERNEL_ACCOUNT);
578
		if (!e2) {
579
			r = -ENOMEM;
580
			goto out_free_cpuid;
581
		}
582
	}
583
	for (i = 0; i < cpuid->nent; i++) {
584
		e2[i].function = e[i].function;
585
		e2[i].eax = e[i].eax;
586
		e2[i].ebx = e[i].ebx;
587
		e2[i].ecx = e[i].ecx;
588
		e2[i].edx = e[i].edx;
589
		e2[i].index = 0;
590
		e2[i].flags = 0;
591
		e2[i].padding[0] = 0;
592
		e2[i].padding[1] = 0;
593
		e2[i].padding[2] = 0;
594
	}
595

596
	r = kvm_set_cpuid(vcpu, e2, cpuid->nent);
597
	if (r)
598
		kvfree(e2);
599

600
out_free_cpuid:
601
	kvfree(e);
602

603
	return r;
604
}
605

606
int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
607
			      struct kvm_cpuid2 *cpuid,
608
			      struct kvm_cpuid_entry2 __user *entries)
609
{
610
	struct kvm_cpuid_entry2 *e2 = NULL;
611
	int r;
612

613
	if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
614
		return -E2BIG;
615

616
	if (cpuid->nent) {
617
		e2 = vmemdup_array_user(entries, cpuid->nent, sizeof(*e2));
618
		if (IS_ERR(e2))
619
			return PTR_ERR(e2);
620
	}
621

622
	r = kvm_set_cpuid(vcpu, e2, cpuid->nent);
623
	if (r)
624
		kvfree(e2);
625

626
	return r;
627
}
628

629
int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
630
			      struct kvm_cpuid2 *cpuid,
631
			      struct kvm_cpuid_entry2 __user *entries)
632
{
633
	if (cpuid->nent < vcpu->arch.cpuid_nent)
634
		return -E2BIG;
635

636
	if (vcpu->arch.cpuid_dynamic_bits_dirty)
637
		kvm_update_cpuid_runtime(vcpu);
638

639
	if (copy_to_user(entries, vcpu->arch.cpuid_entries,
640
			 vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
641
		return -EFAULT;
642

643
	cpuid->nent = vcpu->arch.cpuid_nent;
644
	return 0;
645
}
646

647
static __always_inline u32 raw_cpuid_get(struct cpuid_reg cpuid)
648
{
649
	struct kvm_cpuid_entry2 entry;
650
	u32 base;
651

652
	/*
653
	 * KVM only supports features defined by Intel (0x0), AMD (0x80000000),
654
	 * and Centaur (0xc0000000).  WARN if a feature for new vendor base is
655
	 * defined, as this and other code would need to be updated.
656
	 */
657
	base = cpuid.function & 0xffff0000;
658
	if (WARN_ON_ONCE(base && base != 0x80000000 && base != 0xc0000000))
659
		return 0;
660

661
	if (cpuid_eax(base) < cpuid.function)
662
		return 0;
663

664
	cpuid_count(cpuid.function, cpuid.index,
665
		    &entry.eax, &entry.ebx, &entry.ecx, &entry.edx);
666

667
	return *__cpuid_entry_get_reg(&entry, cpuid.reg);
668
}
669

670
/*
671
 * For kernel-defined leafs, mask KVM's supported feature set with the kernel's
672
 * capabilities as well as raw CPUID.  For KVM-defined leafs, consult only raw
673
 * CPUID, as KVM is the one and only authority (in the kernel).
674
 */
675
#define kvm_cpu_cap_init(leaf, feature_initializers...)			\
676
do {									\
677
	const struct cpuid_reg cpuid = x86_feature_cpuid(leaf * 32);	\
678
	const u32 __maybe_unused kvm_cpu_cap_init_in_progress = leaf;	\
679
	const u32 *kernel_cpu_caps = boot_cpu_data.x86_capability;	\
680
	u32 kvm_cpu_cap_passthrough = 0;				\
681
	u32 kvm_cpu_cap_synthesized = 0;				\
682
	u32 kvm_cpu_cap_emulated = 0;					\
683
	u32 kvm_cpu_cap_features = 0;					\
684
									\
685
	feature_initializers						\
686
									\
687
	kvm_cpu_caps[leaf] = kvm_cpu_cap_features;			\
688
									\
689
	if (leaf < NCAPINTS)						\
690
		kvm_cpu_caps[leaf] &= kernel_cpu_caps[leaf];		\
691
									\
692
	kvm_cpu_caps[leaf] |= kvm_cpu_cap_passthrough;			\
693
	kvm_cpu_caps[leaf] &= (raw_cpuid_get(cpuid) |			\
694
			       kvm_cpu_cap_synthesized);		\
695
	kvm_cpu_caps[leaf] |= kvm_cpu_cap_emulated;			\
696
} while (0)
697

698
/*
699
 * Assert that the feature bit being declared, e.g. via F(), is in the CPUID
700
 * word that's being initialized.  Exempt 0x8000_0001.EDX usage of 0x1.EDX
701
 * features, as AMD duplicated many 0x1.EDX features into 0x8000_0001.EDX.
702
 */
703
#define KVM_VALIDATE_CPU_CAP_USAGE(name)				\
704
do {									\
705
	u32 __leaf = __feature_leaf(X86_FEATURE_##name);		\
706
									\
707
	BUILD_BUG_ON(__leaf != kvm_cpu_cap_init_in_progress);		\
708
} while (0)
709

710
#define F(name)							\
711
({								\
712
	KVM_VALIDATE_CPU_CAP_USAGE(name);			\
713
	kvm_cpu_cap_features |= feature_bit(name);		\
714
})
715

716
/* Scattered Flag - For features that are scattered by cpufeatures.h. */
717
#define SCATTERED_F(name)					\
718
({								\
719
	BUILD_BUG_ON(X86_FEATURE_##name >= MAX_CPU_FEATURES);	\
720
	KVM_VALIDATE_CPU_CAP_USAGE(name);			\
721
	if (boot_cpu_has(X86_FEATURE_##name))			\
722
		F(name);					\
723
})
724

725
/* Features that KVM supports only on 64-bit kernels. */
726
#define X86_64_F(name)						\
727
({								\
728
	KVM_VALIDATE_CPU_CAP_USAGE(name);			\
729
	if (IS_ENABLED(CONFIG_X86_64))				\
730
		F(name);					\
731
})
732

733
/*
734
 * Emulated Feature - For features that KVM emulates in software irrespective
735
 * of host CPU/kernel support.
736
 */
737
#define EMULATED_F(name)					\
738
({								\
739
	kvm_cpu_cap_emulated |= feature_bit(name);		\
740
	F(name);						\
741
})
742

743
/*
744
 * Synthesized Feature - For features that are synthesized into boot_cpu_data,
745
 * i.e. may not be present in the raw CPUID, but can still be advertised to
746
 * userspace.  Primarily used for mitigation related feature flags.
747
 */
748
#define SYNTHESIZED_F(name)					\
749
({								\
750
	kvm_cpu_cap_synthesized |= feature_bit(name);		\
751
	F(name);						\
752
})
753

754
/*
755
 * Passthrough Feature - For features that KVM supports based purely on raw
756
 * hardware CPUID, i.e. that KVM virtualizes even if the host kernel doesn't
757
 * use the feature.  Simply force set the feature in KVM's capabilities, raw
758
 * CPUID support will be factored in by kvm_cpu_cap_mask().
759
 */
760
#define PASSTHROUGH_F(name)					\
761
({								\
762
	kvm_cpu_cap_passthrough |= feature_bit(name);		\
763
	F(name);						\
764
})
765

766
/*
767
 * Aliased Features - For features in 0x8000_0001.EDX that are duplicates of
768
 * identical 0x1.EDX features, and thus are aliased from 0x1 to 0x8000_0001.
769
 */
770
#define ALIASED_1_EDX_F(name)							\
771
({										\
772
	BUILD_BUG_ON(__feature_leaf(X86_FEATURE_##name) != CPUID_1_EDX);	\
773
	BUILD_BUG_ON(kvm_cpu_cap_init_in_progress != CPUID_8000_0001_EDX);	\
774
	kvm_cpu_cap_features |= feature_bit(name);				\
775
})
776

777
/*
778
 * Vendor Features - For features that KVM supports, but are added in later
779
 * because they require additional vendor enabling.
780
 */
781
#define VENDOR_F(name)						\
782
({								\
783
	KVM_VALIDATE_CPU_CAP_USAGE(name);			\
784
})
785

786
/*
787
 * Runtime Features - For features that KVM dynamically sets/clears at runtime,
788
 * e.g. when CR4 changes, but which are never advertised to userspace.
789
 */
790
#define RUNTIME_F(name)						\
791
({								\
792
	KVM_VALIDATE_CPU_CAP_USAGE(name);			\
793
})
794

795
/*
796
 * Undefine the MSR bit macro to avoid token concatenation issues when
797
 * processing X86_FEATURE_SPEC_CTRL_SSBD.
798
 */
799
#undef SPEC_CTRL_SSBD
800

801
/* DS is defined by ptrace-abi.h on 32-bit builds. */
802
#undef DS
803

804
void kvm_set_cpu_caps(void)
805
{
806
	memset(kvm_cpu_caps, 0, sizeof(kvm_cpu_caps));
807

808
	BUILD_BUG_ON(sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps)) >
809
		     sizeof(boot_cpu_data.x86_capability));
810

811
	kvm_cpu_cap_init(CPUID_1_ECX,
812
		F(XMM3),
813
		F(PCLMULQDQ),
814
		VENDOR_F(DTES64),
815
		/*
816
		 * NOTE: MONITOR (and MWAIT) are emulated as NOP, but *not*
817
		 * advertised to guests via CPUID!  MWAIT is also technically a
818
		 * runtime flag thanks to IA32_MISC_ENABLES; mark it as such so
819
		 * that KVM is aware that it's a known, unadvertised flag.
820
		 */
821
		RUNTIME_F(MWAIT),
822
		/* DS-CPL */
823
		VENDOR_F(VMX),
824
		/* SMX, EST */
825
		/* TM2 */
826
		F(SSSE3),
827
		/* CNXT-ID */
828
		/* Reserved */
829
		F(FMA),
830
		F(CX16),
831
		/* xTPR Update */
832
		F(PDCM),
833
		F(PCID),
834
		/* Reserved, DCA */
835
		F(XMM4_1),
836
		F(XMM4_2),
837
		EMULATED_F(X2APIC),
838
		F(MOVBE),
839
		F(POPCNT),
840
		EMULATED_F(TSC_DEADLINE_TIMER),
841
		F(AES),
842
		F(XSAVE),
843
		RUNTIME_F(OSXSAVE),
844
		F(AVX),
845
		F(F16C),
846
		F(RDRAND),
847
		EMULATED_F(HYPERVISOR),
848
	);
849

850
	kvm_cpu_cap_init(CPUID_1_EDX,
851
		F(FPU),
852
		F(VME),
853
		F(DE),
854
		F(PSE),
855
		F(TSC),
856
		F(MSR),
857
		F(PAE),
858
		F(MCE),
859
		F(CX8),
860
		F(APIC),
861
		/* Reserved */
862
		F(SEP),
863
		F(MTRR),
864
		F(PGE),
865
		F(MCA),
866
		F(CMOV),
867
		F(PAT),
868
		F(PSE36),
869
		/* PSN */
870
		F(CLFLUSH),
871
		/* Reserved */
872
		VENDOR_F(DS),
873
		/* ACPI */
874
		F(MMX),
875
		F(FXSR),
876
		F(XMM),
877
		F(XMM2),
878
		F(SELFSNOOP),
879
		/* HTT, TM, Reserved, PBE */
880
	);
881

882
	kvm_cpu_cap_init(CPUID_7_0_EBX,
883
		F(FSGSBASE),
884
		EMULATED_F(TSC_ADJUST),
885
		F(SGX),
886
		F(BMI1),
887
		F(HLE),
888
		F(AVX2),
889
		F(FDP_EXCPTN_ONLY),
890
		F(SMEP),
891
		F(BMI2),
892
		F(ERMS),
893
		F(INVPCID),
894
		F(RTM),
895
		F(ZERO_FCS_FDS),
896
		VENDOR_F(MPX),
897
		F(AVX512F),
898
		F(AVX512DQ),
899
		F(RDSEED),
900
		F(ADX),
901
		F(SMAP),
902
		F(AVX512IFMA),
903
		F(CLFLUSHOPT),
904
		F(CLWB),
905
		VENDOR_F(INTEL_PT),
906
		F(AVX512PF),
907
		F(AVX512ER),
908
		F(AVX512CD),
909
		F(SHA_NI),
910
		F(AVX512BW),
911
		F(AVX512VL),
912
	);
913

914
	kvm_cpu_cap_init(CPUID_7_ECX,
915
		F(AVX512VBMI),
916
		PASSTHROUGH_F(LA57),
917
		F(PKU),
918
		RUNTIME_F(OSPKE),
919
		F(RDPID),
920
		F(AVX512_VPOPCNTDQ),
921
		F(UMIP),
922
		F(AVX512_VBMI2),
923
		F(GFNI),
924
		F(VAES),
925
		F(VPCLMULQDQ),
926
		F(AVX512_VNNI),
927
		F(AVX512_BITALG),
928
		F(CLDEMOTE),
929
		F(MOVDIRI),
930
		F(MOVDIR64B),
931
		VENDOR_F(WAITPKG),
932
		F(SGX_LC),
933
		F(BUS_LOCK_DETECT),
934
	);
935

936
	/*
937
	 * PKU not yet implemented for shadow paging and requires OSPKE
938
	 * to be set on the host. Clear it if that is not the case
939
	 */
940
	if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
941
		kvm_cpu_cap_clear(X86_FEATURE_PKU);
942

943
	kvm_cpu_cap_init(CPUID_7_EDX,
944
		F(AVX512_4VNNIW),
945
		F(AVX512_4FMAPS),
946
		F(SPEC_CTRL),
947
		F(SPEC_CTRL_SSBD),
948
		EMULATED_F(ARCH_CAPABILITIES),
949
		F(INTEL_STIBP),
950
		F(MD_CLEAR),
951
		F(AVX512_VP2INTERSECT),
952
		F(FSRM),
953
		F(SERIALIZE),
954
		F(TSXLDTRK),
955
		F(AVX512_FP16),
956
		F(AMX_TILE),
957
		F(AMX_INT8),
958
		F(AMX_BF16),
959
		F(FLUSH_L1D),
960
	);
961

962
	if (boot_cpu_has(X86_FEATURE_AMD_IBPB_RET) &&
963
	    boot_cpu_has(X86_FEATURE_AMD_IBPB) &&
964
	    boot_cpu_has(X86_FEATURE_AMD_IBRS))
965
		kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL);
966
	if (boot_cpu_has(X86_FEATURE_STIBP))
967
		kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP);
968
	if (boot_cpu_has(X86_FEATURE_AMD_SSBD))
969
		kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD);
970

971
	kvm_cpu_cap_init(CPUID_7_1_EAX,
972
		F(SHA512),
973
		F(SM3),
974
		F(SM4),
975
		F(AVX_VNNI),
976
		F(AVX512_BF16),
977
		F(CMPCCXADD),
978
		F(FZRM),
979
		F(FSRS),
980
		F(FSRC),
981
		F(WRMSRNS),
982
		X86_64_F(LKGS),
983
		F(AMX_FP16),
984
		F(AVX_IFMA),
985
		F(LAM),
986
	);
987

988
	kvm_cpu_cap_init(CPUID_7_1_EDX,
989
		F(AVX_VNNI_INT8),
990
		F(AVX_NE_CONVERT),
991
		F(AMX_COMPLEX),
992
		F(AVX_VNNI_INT16),
993
		F(PREFETCHITI),
994
		F(AVX10),
995
	);
996

997
	kvm_cpu_cap_init(CPUID_7_2_EDX,
998
		F(INTEL_PSFD),
999
		F(IPRED_CTRL),
1000
		F(RRSBA_CTRL),
1001
		F(DDPD_U),
1002
		F(BHI_CTRL),
1003
		F(MCDT_NO),
1004
	);
1005

1006
	kvm_cpu_cap_init(CPUID_D_1_EAX,
1007
		F(XSAVEOPT),
1008
		F(XSAVEC),
1009
		F(XGETBV1),
1010
		F(XSAVES),
1011
		X86_64_F(XFD),
1012
	);
1013

1014
	kvm_cpu_cap_init(CPUID_12_EAX,
1015
		SCATTERED_F(SGX1),
1016
		SCATTERED_F(SGX2),
1017
		SCATTERED_F(SGX_EDECCSSA),
1018
	);
1019

1020
	kvm_cpu_cap_init(CPUID_24_0_EBX,
1021
		F(AVX10_128),
1022
		F(AVX10_256),
1023
		F(AVX10_512),
1024
	);
1025

1026
	kvm_cpu_cap_init(CPUID_8000_0001_ECX,
1027
		F(LAHF_LM),
1028
		F(CMP_LEGACY),
1029
		VENDOR_F(SVM),
1030
		/* ExtApicSpace */
1031
		F(CR8_LEGACY),
1032
		F(ABM),
1033
		F(SSE4A),
1034
		F(MISALIGNSSE),
1035
		F(3DNOWPREFETCH),
1036
		F(OSVW),
1037
		/* IBS */
1038
		F(XOP),
1039
		/* SKINIT, WDT, LWP */
1040
		F(FMA4),
1041
		F(TBM),
1042
		F(TOPOEXT),
1043
		VENDOR_F(PERFCTR_CORE),
1044
	);
1045

1046
	kvm_cpu_cap_init(CPUID_8000_0001_EDX,
1047
		ALIASED_1_EDX_F(FPU),
1048
		ALIASED_1_EDX_F(VME),
1049
		ALIASED_1_EDX_F(DE),
1050
		ALIASED_1_EDX_F(PSE),
1051
		ALIASED_1_EDX_F(TSC),
1052
		ALIASED_1_EDX_F(MSR),
1053
		ALIASED_1_EDX_F(PAE),
1054
		ALIASED_1_EDX_F(MCE),
1055
		ALIASED_1_EDX_F(CX8),
1056
		ALIASED_1_EDX_F(APIC),
1057
		/* Reserved */
1058
		F(SYSCALL),
1059
		ALIASED_1_EDX_F(MTRR),
1060
		ALIASED_1_EDX_F(PGE),
1061
		ALIASED_1_EDX_F(MCA),
1062
		ALIASED_1_EDX_F(CMOV),
1063
		ALIASED_1_EDX_F(PAT),
1064
		ALIASED_1_EDX_F(PSE36),
1065
		/* Reserved */
1066
		F(NX),
1067
		/* Reserved */
1068
		F(MMXEXT),
1069
		ALIASED_1_EDX_F(MMX),
1070
		ALIASED_1_EDX_F(FXSR),
1071
		F(FXSR_OPT),
1072
		X86_64_F(GBPAGES),
1073
		F(RDTSCP),
1074
		/* Reserved */
1075
		X86_64_F(LM),
1076
		F(3DNOWEXT),
1077
		F(3DNOW),
1078
	);
1079

1080
	if (!tdp_enabled && IS_ENABLED(CONFIG_X86_64))
1081
		kvm_cpu_cap_set(X86_FEATURE_GBPAGES);
1082

1083
	kvm_cpu_cap_init(CPUID_8000_0007_EDX,
1084
		SCATTERED_F(CONSTANT_TSC),
1085
	);
1086

1087
	kvm_cpu_cap_init(CPUID_8000_0008_EBX,
1088
		F(CLZERO),
1089
		F(XSAVEERPTR),
1090
		F(WBNOINVD),
1091
		F(AMD_IBPB),
1092
		F(AMD_IBRS),
1093
		F(AMD_SSBD),
1094
		F(VIRT_SSBD),
1095
		F(AMD_SSB_NO),
1096
		F(AMD_STIBP),
1097
		F(AMD_STIBP_ALWAYS_ON),
1098
		F(AMD_IBRS_SAME_MODE),
1099
		F(AMD_PSFD),
1100
		F(AMD_IBPB_RET),
1101
	);
1102

1103
	/*
1104
	 * AMD has separate bits for each SPEC_CTRL bit.
1105
	 * arch/x86/kernel/cpu/bugs.c is kind enough to
1106
	 * record that in cpufeatures so use them.
1107
	 */
1108
	if (boot_cpu_has(X86_FEATURE_IBPB)) {
1109
		kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB);
1110
		if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) &&
1111
		    !boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB))
1112
			kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB_RET);
1113
	}
1114
	if (boot_cpu_has(X86_FEATURE_IBRS))
1115
		kvm_cpu_cap_set(X86_FEATURE_AMD_IBRS);
1116
	if (boot_cpu_has(X86_FEATURE_STIBP))
1117
		kvm_cpu_cap_set(X86_FEATURE_AMD_STIBP);
1118
	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
1119
		kvm_cpu_cap_set(X86_FEATURE_AMD_SSBD);
1120
	if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
1121
		kvm_cpu_cap_set(X86_FEATURE_AMD_SSB_NO);
1122
	/*
1123
	 * The preference is to use SPEC CTRL MSR instead of the
1124
	 * VIRT_SPEC MSR.
1125
	 */
1126
	if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD) &&
1127
	    !boot_cpu_has(X86_FEATURE_AMD_SSBD))
1128
		kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
1129

1130
	/* All SVM features required additional vendor module enabling. */
1131
	kvm_cpu_cap_init(CPUID_8000_000A_EDX,
1132
		VENDOR_F(NPT),
1133
		VENDOR_F(VMCBCLEAN),
1134
		VENDOR_F(FLUSHBYASID),
1135
		VENDOR_F(NRIPS),
1136
		VENDOR_F(TSCRATEMSR),
1137
		VENDOR_F(V_VMSAVE_VMLOAD),
1138
		VENDOR_F(LBRV),
1139
		VENDOR_F(PAUSEFILTER),
1140
		VENDOR_F(PFTHRESHOLD),
1141
		VENDOR_F(VGIF),
1142
		VENDOR_F(VNMI),
1143
		VENDOR_F(SVME_ADDR_CHK),
1144
	);
1145

1146
	kvm_cpu_cap_init(CPUID_8000_001F_EAX,
1147
		VENDOR_F(SME),
1148
		VENDOR_F(SEV),
1149
		/* VM_PAGE_FLUSH */
1150
		VENDOR_F(SEV_ES),
1151
		F(SME_COHERENT),
1152
	);
1153

1154
	kvm_cpu_cap_init(CPUID_8000_0021_EAX,
1155
		F(NO_NESTED_DATA_BP),
1156
		F(WRMSR_XX_BASE_NS),
1157
		/*
1158
		 * Synthesize "LFENCE is serializing" into the AMD-defined entry
1159
		 * in KVM's supported CPUID, i.e. if the feature is reported as
1160
		 * supported by the kernel.  LFENCE_RDTSC was a Linux-defined
1161
		 * synthetic feature long before AMD joined the bandwagon, e.g.
1162
		 * LFENCE is serializing on most CPUs that support SSE2.  On
1163
		 * CPUs that don't support AMD's leaf, ANDing with the raw host
1164
		 * CPUID will drop the flags, and reporting support in AMD's
1165
		 * leaf can make it easier for userspace to detect the feature.
1166
		 */
1167
		SYNTHESIZED_F(LFENCE_RDTSC),
1168
		/* SmmPgCfgLock */
1169
		/* 4: Resv */
1170
		SYNTHESIZED_F(VERW_CLEAR),
1171
		F(NULL_SEL_CLR_BASE),
1172
		/* UpperAddressIgnore */
1173
		F(AUTOIBRS),
1174
		F(PREFETCHI),
1175
		EMULATED_F(NO_SMM_CTL_MSR),
1176
		/* PrefetchCtlMsr */
1177
		/* GpOnUserCpuid */
1178
		/* EPSF */
1179
		SYNTHESIZED_F(SBPB),
1180
		SYNTHESIZED_F(IBPB_BRTYPE),
1181
		SYNTHESIZED_F(SRSO_NO),
1182
		F(SRSO_USER_KERNEL_NO),
1183
	);
1184

1185
	kvm_cpu_cap_init(CPUID_8000_0021_ECX,
1186
		SYNTHESIZED_F(TSA_SQ_NO),
1187
		SYNTHESIZED_F(TSA_L1_NO),
1188
	);
1189

1190
	kvm_cpu_cap_init(CPUID_8000_0022_EAX,
1191
		F(PERFMON_V2),
1192
	);
1193

1194
	if (!static_cpu_has_bug(X86_BUG_NULL_SEG))
1195
		kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE);
1196

1197
	kvm_cpu_cap_init(CPUID_C000_0001_EDX,
1198
		F(XSTORE),
1199
		F(XSTORE_EN),
1200
		F(XCRYPT),
1201
		F(XCRYPT_EN),
1202
		F(ACE2),
1203
		F(ACE2_EN),
1204
		F(PHE),
1205
		F(PHE_EN),
1206
		F(PMM),
1207
		F(PMM_EN),
1208
	);
1209

1210
	/*
1211
	 * Hide RDTSCP and RDPID if either feature is reported as supported but
1212
	 * probing MSR_TSC_AUX failed.  This is purely a sanity check and
1213
	 * should never happen, but the guest will likely crash if RDTSCP or
1214
	 * RDPID is misreported, and KVM has botched MSR_TSC_AUX emulation in
1215
	 * the past.  For example, the sanity check may fire if this instance of
1216
	 * KVM is running as L1 on top of an older, broken KVM.
1217
	 */
1218
	if (WARN_ON((kvm_cpu_cap_has(X86_FEATURE_RDTSCP) ||
1219
		     kvm_cpu_cap_has(X86_FEATURE_RDPID)) &&
1220
		     !kvm_is_supported_user_return_msr(MSR_TSC_AUX))) {
1221
		kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
1222
		kvm_cpu_cap_clear(X86_FEATURE_RDPID);
1223
	}
1224
}
1225
EXPORT_SYMBOL_GPL(kvm_set_cpu_caps);
1226

1227
#undef F
1228
#undef SCATTERED_F
1229
#undef X86_64_F
1230
#undef EMULATED_F
1231
#undef SYNTHESIZED_F
1232
#undef PASSTHROUGH_F
1233
#undef ALIASED_1_EDX_F
1234
#undef VENDOR_F
1235
#undef RUNTIME_F
1236

1237
struct kvm_cpuid_array {
1238
	struct kvm_cpuid_entry2 *entries;
1239
	int maxnent;
1240
	int nent;
1241
};
1242

1243
static struct kvm_cpuid_entry2 *get_next_cpuid(struct kvm_cpuid_array *array)
1244
{
1245
	if (array->nent >= array->maxnent)
1246
		return NULL;
1247

1248
	return &array->entries[array->nent++];
1249
}
1250

1251
static struct kvm_cpuid_entry2 *do_host_cpuid(struct kvm_cpuid_array *array,
1252
					      u32 function, u32 index)
1253
{
1254
	struct kvm_cpuid_entry2 *entry = get_next_cpuid(array);
1255

1256
	if (!entry)
1257
		return NULL;
1258

1259
	memset(entry, 0, sizeof(*entry));
1260
	entry->function = function;
1261
	entry->index = index;
1262
	switch (function & 0xC0000000) {
1263
	case 0x40000000:
1264
		/* Hypervisor leaves are always synthesized by __do_cpuid_func.  */
1265
		return entry;
1266

1267
	case 0x80000000:
1268
		/*
1269
		 * 0x80000021 is sometimes synthesized by __do_cpuid_func, which
1270
		 * would result in out-of-bounds calls to do_host_cpuid.
1271
		 */
1272
		{
1273
			static int max_cpuid_80000000;
1274
			if (!READ_ONCE(max_cpuid_80000000))
1275
				WRITE_ONCE(max_cpuid_80000000, cpuid_eax(0x80000000));
1276
			if (function > READ_ONCE(max_cpuid_80000000))
1277
				return entry;
1278
		}
1279
		break;
1280

1281
	default:
1282
		break;
1283
	}
1284

1285
	cpuid_count(entry->function, entry->index,
1286
		    &entry->eax, &entry->ebx, &entry->ecx, &entry->edx);
1287

1288
	if (cpuid_function_is_indexed(function))
1289
		entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
1290

1291
	return entry;
1292
}
1293

1294
static int cpuid_func_emulated(struct kvm_cpuid_entry2 *entry, u32 func,
1295
			       bool include_partially_emulated)
1296
{
1297
	memset(entry, 0, sizeof(*entry));
1298

1299
	entry->function = func;
1300
	entry->index = 0;
1301
	entry->flags = 0;
1302

1303
	switch (func) {
1304
	case 0:
1305
		entry->eax = 7;
1306
		return 1;
1307
	case 1:
1308
		entry->ecx = feature_bit(MOVBE);
1309
		/*
1310
		 * KVM allows userspace to enumerate MONITOR+MWAIT support to
1311
		 * the guest, but the MWAIT feature flag is never advertised
1312
		 * to userspace because MONITOR+MWAIT aren't virtualized by
1313
		 * hardware, can't be faithfully emulated in software (KVM
1314
		 * emulates them as NOPs), and allowing the guest to execute
1315
		 * them natively requires enabling a per-VM capability.
1316
		 */
1317
		if (include_partially_emulated)
1318
			entry->ecx |= feature_bit(MWAIT);
1319
		return 1;
1320
	case 7:
1321
		entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
1322
		entry->eax = 0;
1323
		if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP))
1324
			entry->ecx = feature_bit(RDPID);
1325
		return 1;
1326
	default:
1327
		return 0;
1328
	}
1329
}
1330

1331
static int __do_cpuid_func_emulated(struct kvm_cpuid_array *array, u32 func)
1332
{
1333
	if (array->nent >= array->maxnent)
1334
		return -E2BIG;
1335

1336
	array->nent += cpuid_func_emulated(&array->entries[array->nent], func, false);
1337
	return 0;
1338
}
1339

1340
static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
1341
{
1342
	struct kvm_cpuid_entry2 *entry;
1343
	int r, i, max_idx;
1344

1345
	/* all calls to cpuid_count() should be made on the same cpu */
1346
	get_cpu();
1347

1348
	r = -E2BIG;
1349

1350
	entry = do_host_cpuid(array, function, 0);
1351
	if (!entry)
1352
		goto out;
1353

1354
	switch (function) {
1355
	case 0:
1356
		/* Limited to the highest leaf implemented in KVM. */
1357
		entry->eax = min(entry->eax, 0x24U);
1358
		break;
1359
	case 1:
1360
		cpuid_entry_override(entry, CPUID_1_EDX);
1361
		cpuid_entry_override(entry, CPUID_1_ECX);
1362
		break;
1363
	case 2:
1364
		/*
1365
		 * On ancient CPUs, function 2 entries are STATEFUL.  That is,
1366
		 * CPUID(function=2, index=0) may return different results each
1367
		 * time, with the least-significant byte in EAX enumerating the
1368
		 * number of times software should do CPUID(2, 0).
1369
		 *
1370
		 * Modern CPUs, i.e. every CPU KVM has *ever* run on are less
1371
		 * idiotic.  Intel's SDM states that EAX & 0xff "will always
1372
		 * return 01H. Software should ignore this value and not
1373
		 * interpret it as an informational descriptor", while AMD's
1374
		 * APM states that CPUID(2) is reserved.
1375
		 *
1376
		 * WARN if a frankenstein CPU that supports virtualization and
1377
		 * a stateful CPUID.0x2 is encountered.
1378
		 */
1379
		WARN_ON_ONCE((entry->eax & 0xff) > 1);
1380
		break;
1381
	/* functions 4 and 0x8000001d have additional index. */
1382
	case 4:
1383
	case 0x8000001d:
1384
		/*
1385
		 * Read entries until the cache type in the previous entry is
1386
		 * zero, i.e. indicates an invalid entry.
1387
		 */
1388
		for (i = 1; entry->eax & 0x1f; ++i) {
1389
			entry = do_host_cpuid(array, function, i);
1390
			if (!entry)
1391
				goto out;
1392
		}
1393
		break;
1394
	case 6: /* Thermal management */
1395
		entry->eax = 0x4; /* allow ARAT */
1396
		entry->ebx = 0;
1397
		entry->ecx = 0;
1398
		entry->edx = 0;
1399
		break;
1400
	/* function 7 has additional index. */
1401
	case 7:
1402
		max_idx = entry->eax = min(entry->eax, 2u);
1403
		cpuid_entry_override(entry, CPUID_7_0_EBX);
1404
		cpuid_entry_override(entry, CPUID_7_ECX);
1405
		cpuid_entry_override(entry, CPUID_7_EDX);
1406

1407
		/* KVM only supports up to 0x7.2, capped above via min(). */
1408
		if (max_idx >= 1) {
1409
			entry = do_host_cpuid(array, function, 1);
1410
			if (!entry)
1411
				goto out;
1412

1413
			cpuid_entry_override(entry, CPUID_7_1_EAX);
1414
			cpuid_entry_override(entry, CPUID_7_1_EDX);
1415
			entry->ebx = 0;
1416
			entry->ecx = 0;
1417
		}
1418
		if (max_idx >= 2) {
1419
			entry = do_host_cpuid(array, function, 2);
1420
			if (!entry)
1421
				goto out;
1422

1423
			cpuid_entry_override(entry, CPUID_7_2_EDX);
1424
			entry->ecx = 0;
1425
			entry->ebx = 0;
1426
			entry->eax = 0;
1427
		}
1428
		break;
1429
	case 0xa: { /* Architectural Performance Monitoring */
1430
		union cpuid10_eax eax = { };
1431
		union cpuid10_edx edx = { };
1432

1433
		if (!enable_pmu || !static_cpu_has(X86_FEATURE_ARCH_PERFMON)) {
1434
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1435
			break;
1436
		}
1437

1438
		eax.split.version_id = kvm_pmu_cap.version;
1439
		eax.split.num_counters = kvm_pmu_cap.num_counters_gp;
1440
		eax.split.bit_width = kvm_pmu_cap.bit_width_gp;
1441
		eax.split.mask_length = kvm_pmu_cap.events_mask_len;
1442
		edx.split.num_counters_fixed = kvm_pmu_cap.num_counters_fixed;
1443
		edx.split.bit_width_fixed = kvm_pmu_cap.bit_width_fixed;
1444

1445
		if (kvm_pmu_cap.version)
1446
			edx.split.anythread_deprecated = 1;
1447

1448
		entry->eax = eax.full;
1449
		entry->ebx = kvm_pmu_cap.events_mask;
1450
		entry->ecx = 0;
1451
		entry->edx = edx.full;
1452
		break;
1453
	}
1454
	case 0x1f:
1455
	case 0xb:
1456
		/*
1457
		 * No topology; a valid topology is indicated by the presence
1458
		 * of subleaf 1.
1459
		 */
1460
		entry->eax = entry->ebx = entry->ecx = 0;
1461
		break;
1462
	case 0xd: {
1463
		u64 permitted_xcr0 = kvm_get_filtered_xcr0();
1464
		u64 permitted_xss = kvm_caps.supported_xss;
1465

1466
		entry->eax &= permitted_xcr0;
1467
		entry->ebx = xstate_required_size(permitted_xcr0, false);
1468
		entry->ecx = entry->ebx;
1469
		entry->edx &= permitted_xcr0 >> 32;
1470
		if (!permitted_xcr0)
1471
			break;
1472

1473
		entry = do_host_cpuid(array, function, 1);
1474
		if (!entry)
1475
			goto out;
1476

1477
		cpuid_entry_override(entry, CPUID_D_1_EAX);
1478
		if (entry->eax & (feature_bit(XSAVES) | feature_bit(XSAVEC)))
1479
			entry->ebx = xstate_required_size(permitted_xcr0 | permitted_xss,
1480
							  true);
1481
		else {
1482
			WARN_ON_ONCE(permitted_xss != 0);
1483
			entry->ebx = 0;
1484
		}
1485
		entry->ecx &= permitted_xss;
1486
		entry->edx &= permitted_xss >> 32;
1487

1488
		for (i = 2; i < 64; ++i) {
1489
			bool s_state;
1490
			if (permitted_xcr0 & BIT_ULL(i))
1491
				s_state = false;
1492
			else if (permitted_xss & BIT_ULL(i))
1493
				s_state = true;
1494
			else
1495
				continue;
1496

1497
			entry = do_host_cpuid(array, function, i);
1498
			if (!entry)
1499
				goto out;
1500

1501
			/*
1502
			 * The supported check above should have filtered out
1503
			 * invalid sub-leafs.  Only valid sub-leafs should
1504
			 * reach this point, and they should have a non-zero
1505
			 * save state size.  Furthermore, check whether the
1506
			 * processor agrees with permitted_xcr0/permitted_xss
1507
			 * on whether this is an XCR0- or IA32_XSS-managed area.
1508
			 */
1509
			if (WARN_ON_ONCE(!entry->eax || (entry->ecx & 0x1) != s_state)) {
1510
				--array->nent;
1511
				continue;
1512
			}
1513

1514
			if (!kvm_cpu_cap_has(X86_FEATURE_XFD))
1515
				entry->ecx &= ~BIT_ULL(2);
1516
			entry->edx = 0;
1517
		}
1518
		break;
1519
	}
1520
	case 0x12:
1521
		/* Intel SGX */
1522
		if (!kvm_cpu_cap_has(X86_FEATURE_SGX)) {
1523
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1524
			break;
1525
		}
1526

1527
		/*
1528
		 * Index 0: Sub-features, MISCSELECT (a.k.a extended features)
1529
		 * and max enclave sizes.   The SGX sub-features and MISCSELECT
1530
		 * are restricted by kernel and KVM capabilities (like most
1531
		 * feature flags), while enclave size is unrestricted.
1532
		 */
1533
		cpuid_entry_override(entry, CPUID_12_EAX);
1534
		entry->ebx &= SGX_MISC_EXINFO;
1535

1536
		entry = do_host_cpuid(array, function, 1);
1537
		if (!entry)
1538
			goto out;
1539

1540
		/*
1541
		 * Index 1: SECS.ATTRIBUTES.  ATTRIBUTES are restricted a la
1542
		 * feature flags.  Advertise all supported flags, including
1543
		 * privileged attributes that require explicit opt-in from
1544
		 * userspace.  ATTRIBUTES.XFRM is not adjusted as userspace is
1545
		 * expected to derive it from supported XCR0.
1546
		 */
1547
		entry->eax &= SGX_ATTR_PRIV_MASK | SGX_ATTR_UNPRIV_MASK;
1548
		entry->ebx &= 0;
1549
		break;
1550
	/* Intel PT */
1551
	case 0x14:
1552
		if (!kvm_cpu_cap_has(X86_FEATURE_INTEL_PT)) {
1553
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1554
			break;
1555
		}
1556

1557
		for (i = 1, max_idx = entry->eax; i <= max_idx; ++i) {
1558
			if (!do_host_cpuid(array, function, i))
1559
				goto out;
1560
		}
1561
		break;
1562
	/* Intel AMX TILE */
1563
	case 0x1d:
1564
		if (!kvm_cpu_cap_has(X86_FEATURE_AMX_TILE)) {
1565
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1566
			break;
1567
		}
1568

1569
		for (i = 1, max_idx = entry->eax; i <= max_idx; ++i) {
1570
			if (!do_host_cpuid(array, function, i))
1571
				goto out;
1572
		}
1573
		break;
1574
	case 0x1e: /* TMUL information */
1575
		if (!kvm_cpu_cap_has(X86_FEATURE_AMX_TILE)) {
1576
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1577
			break;
1578
		}
1579
		break;
1580
	case 0x24: {
1581
		u8 avx10_version;
1582

1583
		if (!kvm_cpu_cap_has(X86_FEATURE_AVX10)) {
1584
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1585
			break;
1586
		}
1587

1588
		/*
1589
		 * The AVX10 version is encoded in EBX[7:0].  Note, the version
1590
		 * is guaranteed to be >=1 if AVX10 is supported.  Note #2, the
1591
		 * version needs to be captured before overriding EBX features!
1592
		 */
1593
		avx10_version = min_t(u8, entry->ebx & 0xff, 1);
1594
		cpuid_entry_override(entry, CPUID_24_0_EBX);
1595
		entry->ebx |= avx10_version;
1596

1597
		entry->eax = 0;
1598
		entry->ecx = 0;
1599
		entry->edx = 0;
1600
		break;
1601
	}
1602
	case KVM_CPUID_SIGNATURE: {
1603
		const u32 *sigptr = (const u32 *)KVM_SIGNATURE;
1604
		entry->eax = KVM_CPUID_FEATURES;
1605
		entry->ebx = sigptr[0];
1606
		entry->ecx = sigptr[1];
1607
		entry->edx = sigptr[2];
1608
		break;
1609
	}
1610
	case KVM_CPUID_FEATURES:
1611
		entry->eax = (1 << KVM_FEATURE_CLOCKSOURCE) |
1612
			     (1 << KVM_FEATURE_NOP_IO_DELAY) |
1613
			     (1 << KVM_FEATURE_CLOCKSOURCE2) |
1614
			     (1 << KVM_FEATURE_ASYNC_PF) |
1615
			     (1 << KVM_FEATURE_PV_EOI) |
1616
			     (1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) |
1617
			     (1 << KVM_FEATURE_PV_UNHALT) |
1618
			     (1 << KVM_FEATURE_PV_TLB_FLUSH) |
1619
			     (1 << KVM_FEATURE_ASYNC_PF_VMEXIT) |
1620
			     (1 << KVM_FEATURE_PV_SEND_IPI) |
1621
			     (1 << KVM_FEATURE_POLL_CONTROL) |
1622
			     (1 << KVM_FEATURE_PV_SCHED_YIELD) |
1623
			     (1 << KVM_FEATURE_ASYNC_PF_INT);
1624

1625
		if (sched_info_on())
1626
			entry->eax |= (1 << KVM_FEATURE_STEAL_TIME);
1627

1628
		entry->ebx = 0;
1629
		entry->ecx = 0;
1630
		entry->edx = 0;
1631
		break;
1632
	case 0x80000000:
1633
		entry->eax = min(entry->eax, 0x80000022);
1634
		/*
1635
		 * Serializing LFENCE is reported in a multitude of ways, and
1636
		 * NullSegClearsBase is not reported in CPUID on Zen2; help
1637
		 * userspace by providing the CPUID leaf ourselves.
1638
		 *
1639
		 * However, only do it if the host has CPUID leaf 0x8000001d.
1640
		 * QEMU thinks that it can query the host blindly for that
1641
		 * CPUID leaf if KVM reports that it supports 0x8000001d or
1642
		 * above.  The processor merrily returns values from the
1643
		 * highest Intel leaf which QEMU tries to use as the guest's
1644
		 * 0x8000001d.  Even worse, this can result in an infinite
1645
		 * loop if said highest leaf has no subleaves indexed by ECX.
1646
		 */
1647
		if (entry->eax >= 0x8000001d &&
1648
		    (static_cpu_has(X86_FEATURE_LFENCE_RDTSC)
1649
		     || !static_cpu_has_bug(X86_BUG_NULL_SEG)))
1650
			entry->eax = max(entry->eax, 0x80000021);
1651
		break;
1652
	case 0x80000001:
1653
		entry->ebx &= ~GENMASK(27, 16);
1654
		cpuid_entry_override(entry, CPUID_8000_0001_EDX);
1655
		cpuid_entry_override(entry, CPUID_8000_0001_ECX);
1656
		break;
1657
	case 0x80000005:
1658
		/*  Pass host L1 cache and TLB info. */
1659
		break;
1660
	case 0x80000006:
1661
		/* Drop reserved bits, pass host L2 cache and TLB info. */
1662
		entry->edx &= ~GENMASK(17, 16);
1663
		break;
1664
	case 0x80000007: /* Advanced power management */
1665
		cpuid_entry_override(entry, CPUID_8000_0007_EDX);
1666

1667
		/* mask against host */
1668
		entry->edx &= boot_cpu_data.x86_power;
1669
		entry->eax = entry->ebx = entry->ecx = 0;
1670
		break;
1671
	case 0x80000008: {
1672
		/*
1673
		 * GuestPhysAddrSize (EAX[23:16]) is intended for software
1674
		 * use.
1675
		 *
1676
		 * KVM's ABI is to report the effective MAXPHYADDR for the
1677
		 * guest in PhysAddrSize (phys_as), and the maximum
1678
		 * *addressable* GPA in GuestPhysAddrSize (g_phys_as).
1679
		 *
1680
		 * GuestPhysAddrSize is valid if and only if TDP is enabled,
1681
		 * in which case the max GPA that can be addressed by KVM may
1682
		 * be less than the max GPA that can be legally generated by
1683
		 * the guest, e.g. if MAXPHYADDR>48 but the CPU doesn't
1684
		 * support 5-level TDP.
1685
		 */
1686
		unsigned int virt_as = max((entry->eax >> 8) & 0xff, 48U);
1687
		unsigned int phys_as, g_phys_as;
1688

1689
		/*
1690
		 * If TDP (NPT) is disabled use the adjusted host MAXPHYADDR as
1691
		 * the guest operates in the same PA space as the host, i.e.
1692
		 * reductions in MAXPHYADDR for memory encryption affect shadow
1693
		 * paging, too.
1694
		 *
1695
		 * If TDP is enabled, use the raw bare metal MAXPHYADDR as
1696
		 * reductions to the HPAs do not affect GPAs.  The max
1697
		 * addressable GPA is the same as the max effective GPA, except
1698
		 * that it's capped at 48 bits if 5-level TDP isn't supported
1699
		 * (hardware processes bits 51:48 only when walking the fifth
1700
		 * level page table).
1701
		 */
1702
		if (!tdp_enabled) {
1703
			phys_as = boot_cpu_data.x86_phys_bits;
1704
			g_phys_as = 0;
1705
		} else {
1706
			phys_as = entry->eax & 0xff;
1707
			g_phys_as = phys_as;
1708
			if (kvm_mmu_get_max_tdp_level() < 5)
1709
				g_phys_as = min(g_phys_as, 48U);
1710
		}
1711

1712
		entry->eax = phys_as | (virt_as << 8) | (g_phys_as << 16);
1713
		entry->ecx &= ~(GENMASK(31, 16) | GENMASK(11, 8));
1714
		entry->edx = 0;
1715
		cpuid_entry_override(entry, CPUID_8000_0008_EBX);
1716
		break;
1717
	}
1718
	case 0x8000000A:
1719
		if (!kvm_cpu_cap_has(X86_FEATURE_SVM)) {
1720
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1721
			break;
1722
		}
1723
		entry->eax = 1; /* SVM revision 1 */
1724
		entry->ebx = 8; /* Lets support 8 ASIDs in case we add proper
1725
				   ASID emulation to nested SVM */
1726
		entry->ecx = 0; /* Reserved */
1727
		cpuid_entry_override(entry, CPUID_8000_000A_EDX);
1728
		break;
1729
	case 0x80000019:
1730
		entry->ecx = entry->edx = 0;
1731
		break;
1732
	case 0x8000001a:
1733
		entry->eax &= GENMASK(2, 0);
1734
		entry->ebx = entry->ecx = entry->edx = 0;
1735
		break;
1736
	case 0x8000001e:
1737
		/* Do not return host topology information.  */
1738
		entry->eax = entry->ebx = entry->ecx = 0;
1739
		entry->edx = 0; /* reserved */
1740
		break;
1741
	case 0x8000001F:
1742
		if (!kvm_cpu_cap_has(X86_FEATURE_SEV)) {
1743
			entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1744
		} else {
1745
			cpuid_entry_override(entry, CPUID_8000_001F_EAX);
1746
			/* Clear NumVMPL since KVM does not support VMPL.  */
1747
			entry->ebx &= ~GENMASK(31, 12);
1748
			/*
1749
			 * Enumerate '0' for "PA bits reduction", the adjusted
1750
			 * MAXPHYADDR is enumerated directly (see 0x80000008).
1751
			 */
1752
			entry->ebx &= ~GENMASK(11, 6);
1753
		}
1754
		break;
1755
	case 0x80000020:
1756
		entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1757
		break;
1758
	case 0x80000021:
1759
		entry->ebx = entry->edx = 0;
1760
		cpuid_entry_override(entry, CPUID_8000_0021_EAX);
1761
		cpuid_entry_override(entry, CPUID_8000_0021_ECX);
1762
		break;
1763
	/* AMD Extended Performance Monitoring and Debug */
1764
	case 0x80000022: {
1765
		union cpuid_0x80000022_ebx ebx = { };
1766

1767
		entry->ecx = entry->edx = 0;
1768
		if (!enable_pmu || !kvm_cpu_cap_has(X86_FEATURE_PERFMON_V2)) {
1769
			entry->eax = entry->ebx = 0;
1770
			break;
1771
		}
1772

1773
		cpuid_entry_override(entry, CPUID_8000_0022_EAX);
1774

1775
		ebx.split.num_core_pmc = kvm_pmu_cap.num_counters_gp;
1776
		entry->ebx = ebx.full;
1777
		break;
1778
	}
1779
	/*Add support for Centaur's CPUID instruction*/
1780
	case 0xC0000000:
1781
		/*Just support up to 0xC0000004 now*/
1782
		entry->eax = min(entry->eax, 0xC0000004);
1783
		break;
1784
	case 0xC0000001:
1785
		cpuid_entry_override(entry, CPUID_C000_0001_EDX);
1786
		break;
1787
	case 3: /* Processor serial number */
1788
	case 5: /* MONITOR/MWAIT */
1789
	case 0xC0000002:
1790
	case 0xC0000003:
1791
	case 0xC0000004:
1792
	default:
1793
		entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
1794
		break;
1795
	}
1796

1797
	r = 0;
1798

1799
out:
1800
	put_cpu();
1801

1802
	return r;
1803
}
1804

1805
static int do_cpuid_func(struct kvm_cpuid_array *array, u32 func,
1806
			 unsigned int type)
1807
{
1808
	if (type == KVM_GET_EMULATED_CPUID)
1809
		return __do_cpuid_func_emulated(array, func);
1810

1811
	return __do_cpuid_func(array, func);
1812
}
1813

1814
#define CENTAUR_CPUID_SIGNATURE 0xC0000000
1815

1816
static int get_cpuid_func(struct kvm_cpuid_array *array, u32 func,
1817
			  unsigned int type)
1818
{
1819
	u32 limit;
1820
	int r;
1821

1822
	if (func == CENTAUR_CPUID_SIGNATURE &&
1823
	    boot_cpu_data.x86_vendor != X86_VENDOR_CENTAUR)
1824
		return 0;
1825

1826
	r = do_cpuid_func(array, func, type);
1827
	if (r)
1828
		return r;
1829

1830
	limit = array->entries[array->nent - 1].eax;
1831
	for (func = func + 1; func <= limit; ++func) {
1832
		r = do_cpuid_func(array, func, type);
1833
		if (r)
1834
			break;
1835
	}
1836

1837
	return r;
1838
}
1839

1840
static bool sanity_check_entries(struct kvm_cpuid_entry2 __user *entries,
1841
				 __u32 num_entries, unsigned int ioctl_type)
1842
{
1843
	int i;
1844
	__u32 pad[3];
1845

1846
	if (ioctl_type != KVM_GET_EMULATED_CPUID)
1847
		return false;
1848

1849
	/*
1850
	 * We want to make sure that ->padding is being passed clean from
1851
	 * userspace in case we want to use it for something in the future.
1852
	 *
1853
	 * Sadly, this wasn't enforced for KVM_GET_SUPPORTED_CPUID and so we
1854
	 * have to give ourselves satisfied only with the emulated side. /me
1855
	 * sheds a tear.
1856
	 */
1857
	for (i = 0; i < num_entries; i++) {
1858
		if (copy_from_user(pad, entries[i].padding, sizeof(pad)))
1859
			return true;
1860

1861
		if (pad[0] || pad[1] || pad[2])
1862
			return true;
1863
	}
1864
	return false;
1865
}
1866

1867
int kvm_dev_ioctl_get_cpuid(struct kvm_cpuid2 *cpuid,
1868
			    struct kvm_cpuid_entry2 __user *entries,
1869
			    unsigned int type)
1870
{
1871
	static const u32 funcs[] = {
1872
		0, 0x80000000, CENTAUR_CPUID_SIGNATURE, KVM_CPUID_SIGNATURE,
1873
	};
1874

1875
	struct kvm_cpuid_array array = {
1876
		.nent = 0,
1877
	};
1878
	int r, i;
1879

1880
	if (cpuid->nent < 1)
1881
		return -E2BIG;
1882
	if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
1883
		cpuid->nent = KVM_MAX_CPUID_ENTRIES;
1884

1885
	if (sanity_check_entries(entries, cpuid->nent, type))
1886
		return -EINVAL;
1887

1888
	array.entries = kvcalloc(cpuid->nent, sizeof(struct kvm_cpuid_entry2), GFP_KERNEL);
1889
	if (!array.entries)
1890
		return -ENOMEM;
1891

1892
	array.maxnent = cpuid->nent;
1893

1894
	for (i = 0; i < ARRAY_SIZE(funcs); i++) {
1895
		r = get_cpuid_func(&array, funcs[i], type);
1896
		if (r)
1897
			goto out_free;
1898
	}
1899
	cpuid->nent = array.nent;
1900

1901
	if (copy_to_user(entries, array.entries,
1902
			 array.nent * sizeof(struct kvm_cpuid_entry2)))
1903
		r = -EFAULT;
1904

1905
out_free:
1906
	kvfree(array.entries);
1907
	return r;
1908
}
1909

1910
/*
1911
 * Intel CPUID semantics treats any query for an out-of-range leaf as if the
1912
 * highest basic leaf (i.e. CPUID.0H:EAX) were requested.  AMD CPUID semantics
1913
 * returns all zeroes for any undefined leaf, whether or not the leaf is in
1914
 * range.  Centaur/VIA follows Intel semantics.
1915
 *
1916
 * A leaf is considered out-of-range if its function is higher than the maximum
1917
 * supported leaf of its associated class or if its associated class does not
1918
 * exist.
1919
 *
1920
 * There are three primary classes to be considered, with their respective
1921
 * ranges described as "<base> - <top>[,<base2> - <top2>] inclusive.  A primary
1922
 * class exists if a guest CPUID entry for its <base> leaf exists.  For a given
1923
 * class, CPUID.<base>.EAX contains the max supported leaf for the class.
1924
 *
1925
 *  - Basic:      0x00000000 - 0x3fffffff, 0x50000000 - 0x7fffffff
1926
 *  - Hypervisor: 0x40000000 - 0x4fffffff
1927
 *  - Extended:   0x80000000 - 0xbfffffff
1928
 *  - Centaur:    0xc0000000 - 0xcfffffff
1929
 *
1930
 * The Hypervisor class is further subdivided into sub-classes that each act as
1931
 * their own independent class associated with a 0x100 byte range.  E.g. if Qemu
1932
 * is advertising support for both HyperV and KVM, the resulting Hypervisor
1933
 * CPUID sub-classes are:
1934
 *
1935
 *  - HyperV:     0x40000000 - 0x400000ff
1936
 *  - KVM:        0x40000100 - 0x400001ff
1937
 */
1938
static struct kvm_cpuid_entry2 *
1939
get_out_of_range_cpuid_entry(struct kvm_vcpu *vcpu, u32 *fn_ptr, u32 index)
1940
{
1941
	struct kvm_cpuid_entry2 *basic, *class;
1942
	u32 function = *fn_ptr;
1943

1944
	basic = kvm_find_cpuid_entry(vcpu, 0);
1945
	if (!basic)
1946
		return NULL;
1947

1948
	if (is_guest_vendor_amd(basic->ebx, basic->ecx, basic->edx) ||
1949
	    is_guest_vendor_hygon(basic->ebx, basic->ecx, basic->edx))
1950
		return NULL;
1951

1952
	if (function >= 0x40000000 && function <= 0x4fffffff)
1953
		class = kvm_find_cpuid_entry(vcpu, function & 0xffffff00);
1954
	else if (function >= 0xc0000000)
1955
		class = kvm_find_cpuid_entry(vcpu, 0xc0000000);
1956
	else
1957
		class = kvm_find_cpuid_entry(vcpu, function & 0x80000000);
1958

1959
	if (class && function <= class->eax)
1960
		return NULL;
1961

1962
	/*
1963
	 * Leaf specific adjustments are also applied when redirecting to the
1964
	 * max basic entry, e.g. if the max basic leaf is 0xb but there is no
1965
	 * entry for CPUID.0xb.index (see below), then the output value for EDX
1966
	 * needs to be pulled from CPUID.0xb.1.
1967
	 */
1968
	*fn_ptr = basic->eax;
1969

1970
	/*
1971
	 * The class does not exist or the requested function is out of range;
1972
	 * the effective CPUID entry is the max basic leaf.  Note, the index of
1973
	 * the original requested leaf is observed!
1974
	 */
1975
	return kvm_find_cpuid_entry_index(vcpu, basic->eax, index);
1976
}
1977

1978
bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
1979
	       u32 *ecx, u32 *edx, bool exact_only)
1980
{
1981
	u32 orig_function = *eax, function = *eax, index = *ecx;
1982
	struct kvm_cpuid_entry2 *entry;
1983
	bool exact, used_max_basic = false;
1984

1985
	if (vcpu->arch.cpuid_dynamic_bits_dirty)
1986
		kvm_update_cpuid_runtime(vcpu);
1987

1988
	entry = kvm_find_cpuid_entry_index(vcpu, function, index);
1989
	exact = !!entry;
1990

1991
	if (!entry && !exact_only) {
1992
		entry = get_out_of_range_cpuid_entry(vcpu, &function, index);
1993
		used_max_basic = !!entry;
1994
	}
1995

1996
	if (entry) {
1997
		*eax = entry->eax;
1998
		*ebx = entry->ebx;
1999
		*ecx = entry->ecx;
2000
		*edx = entry->edx;
2001
		if (function == 7 && index == 0) {
2002
			u64 data;
2003
			if ((*ebx & (feature_bit(RTM) | feature_bit(HLE))) &&
2004
			    !__kvm_get_msr(vcpu, MSR_IA32_TSX_CTRL, &data, true) &&
2005
			    (data & TSX_CTRL_CPUID_CLEAR))
2006
				*ebx &= ~(feature_bit(RTM) | feature_bit(HLE));
2007
		} else if (function == 0x80000007) {
2008
			if (kvm_hv_invtsc_suppressed(vcpu))
2009
				*edx &= ~feature_bit(CONSTANT_TSC);
2010
		} else if (IS_ENABLED(CONFIG_KVM_XEN) &&
2011
			   kvm_xen_is_tsc_leaf(vcpu, function)) {
2012
			/*
2013
			 * Update guest TSC frequency information if necessary.
2014
			 * Ignore failures, there is no sane value that can be
2015
			 * provided if KVM can't get the TSC frequency.
2016
			 */
2017
			if (kvm_check_request(KVM_REQ_CLOCK_UPDATE, vcpu))
2018
				kvm_guest_time_update(vcpu);
2019

2020
			if (index == 1) {
2021
				*ecx = vcpu->arch.pvclock_tsc_mul;
2022
				*edx = vcpu->arch.pvclock_tsc_shift;
2023
			} else if (index == 2) {
2024
				*eax = vcpu->arch.hw_tsc_khz;
2025
			}
2026
		}
2027
	} else {
2028
		*eax = *ebx = *ecx = *edx = 0;
2029
		/*
2030
		 * When leaf 0BH or 1FH is defined, CL is pass-through
2031
		 * and EDX is always the x2APIC ID, even for undefined
2032
		 * subleaves. Index 1 will exist iff the leaf is
2033
		 * implemented, so we pass through CL iff leaf 1
2034
		 * exists. EDX can be copied from any existing index.
2035
		 */
2036
		if (function == 0xb || function == 0x1f) {
2037
			entry = kvm_find_cpuid_entry_index(vcpu, function, 1);
2038
			if (entry) {
2039
				*ecx = index & 0xff;
2040
				*edx = entry->edx;
2041
			}
2042
		}
2043
	}
2044
	trace_kvm_cpuid(orig_function, index, *eax, *ebx, *ecx, *edx, exact,
2045
			used_max_basic);
2046
	return exact;
2047
}
2048
EXPORT_SYMBOL_GPL(kvm_cpuid);
2049

2050
int kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
2051
{
2052
	u32 eax, ebx, ecx, edx;
2053

2054
	if (cpuid_fault_enabled(vcpu) && !kvm_require_cpl(vcpu, 0))
2055
		return 1;
2056

2057
	eax = kvm_rax_read(vcpu);
2058
	ecx = kvm_rcx_read(vcpu);
2059
	kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, false);
2060
	kvm_rax_write(vcpu, eax);
2061
	kvm_rbx_write(vcpu, ebx);
2062
	kvm_rcx_write(vcpu, ecx);
2063
	kvm_rdx_write(vcpu, edx);
2064
	return kvm_skip_emulated_instruction(vcpu);
2065
}
2066
EXPORT_SYMBOL_GPL(kvm_emulate_cpuid);
2067

2068