1 /* 2 ** Copyright (c) 2011, Intel Corporation 3 ** 4 ** This software is licensed under the terms of the GNU General Public 5 ** License version 2, as published by the Free Software Foundation, and 6 ** may be copied, distributed, and modified under those terms. 7 ** 8 ** This program is distributed in the hope that it will be useful, 9 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 10 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 ** GNU General Public License for more details. 12 */ 13 14 #ifndef _HAX_INTERFACE_H 15 #define _HAX_INTERFACE_H 16 17 /* 18 * Common data structure for HAX interface on both Mac and Windows 19 * The IOCTL is defined in hax-darwin.h and hax-windows.h 20 */ 21 22 /* fx_layout according to Intel SDM */ 23 struct fx_layout { 24 uint16_t fcw; 25 uint16_t fsw; 26 uint8 ftw; 27 uint8 res1; 28 uint16_t fop; 29 union { 30 struct { 31 uint32 fip; 32 uint16_t fcs; 33 uint16_t res2; 34 }; 35 uint64 fpu_ip; 36 }; 37 union { 38 struct { 39 uint32 fdp; 40 uint16_t fds; 41 uint16_t res3; 42 }; 43 uint64 fpu_dp; 44 }; 45 uint32 mxcsr; 46 uint32 mxcsr_mask; 47 uint8 st_mm[8][16]; 48 uint8 mmx_1[8][16]; 49 uint8 mmx_2[8][16]; 50 uint8 pad[96]; 51 }; 52 53 struct vmx_msr { 54 uint64 entry; 55 uint64 value; 56 }; 57 58 /* 59 * Use fixed-size array to make Mac OS X support efficient by avoiding 60 * use memory map or copy-in routines. 61 */ 62 #define HAX_MAX_MSR_ARRAY 0x20 63 struct hax_msr_data 64 { 65 uint16_t nr_msr; 66 uint16_t done; 67 uint16_t pad[2]; 68 struct vmx_msr entries[HAX_MAX_MSR_ARRAY]; 69 }; 70 71 union interruptibility_state_t { 72 uint32 raw; 73 struct { 74 uint32 sti_blocking : 1; 75 uint32 movss_blocking : 1; 76 uint32 smi_blocking : 1; 77 uint32 nmi_blocking : 1; 78 uint32 reserved : 28; 79 }; 80 uint64_t pad; 81 }; 82 83 typedef union interruptibility_state_t interruptibility_state_t; 84 85 // Segment descriptor 86 struct segment_desc_t { 87 uint16_t selector; 88 uint16_t _dummy; 89 uint32 limit; 90 uint64 base; 91 union { 92 struct { 93 uint32 type : 4; 94 uint32 desc : 1; 95 uint32 dpl : 2; 96 uint32 present : 1; 97 uint32 : 4; 98 uint32 available : 1; 99 uint32 long_mode : 1; 100 uint32 operand_size : 1; 101 uint32 granularity : 1; 102 uint32 null : 1; 103 uint32 : 15; 104 }; 105 uint32 ar; 106 }; 107 uint32 ipad; 108 }; 109 110 typedef struct segment_desc_t segment_desc_t; 111 112 struct vcpu_state_t 113 { 114 union { 115 uint64 _regs[16]; 116 struct { 117 union { 118 struct { 119 uint8 _al, 120 _ah; 121 }; 122 uint16_t _ax; 123 uint32 _eax; 124 uint64 _rax; 125 }; 126 union { 127 struct { 128 uint8 _cl, 129 _ch; 130 }; 131 uint16_t _cx; 132 uint32 _ecx; 133 uint64 _rcx; 134 }; 135 union { 136 struct { 137 uint8 _dl, 138 _dh; 139 }; 140 uint16_t _dx; 141 uint32 _edx; 142 uint64 _rdx; 143 }; 144 union { 145 struct { 146 uint8 _bl, 147 _bh; 148 }; 149 uint16_t _bx; 150 uint32 _ebx; 151 uint64 _rbx; 152 }; 153 union { 154 uint16_t _sp; 155 uint32 _esp; 156 uint64 _rsp; 157 }; 158 union { 159 uint16_t _bp; 160 uint32 _ebp; 161 uint64 _rbp; 162 }; 163 union { 164 uint16_t _si; 165 uint32 _esi; 166 uint64 _rsi; 167 }; 168 union { 169 uint16_t _di; 170 uint32 _edi; 171 uint64 _rdi; 172 }; 173 174 uint64 _r8; 175 uint64 _r9; 176 uint64 _r10; 177 uint64 _r11; 178 uint64 _r12; 179 uint64 _r13; 180 uint64 _r14; 181 uint64 _r15; 182 }; 183 }; 184 185 union { 186 uint32 _eip; 187 uint64 _rip; 188 }; 189 190 union { 191 uint32 _eflags; 192 uint64 _rflags; 193 }; 194 195 segment_desc_t _cs; 196 segment_desc_t _ss; 197 segment_desc_t _ds; 198 segment_desc_t _es; 199 segment_desc_t _fs; 200 segment_desc_t _gs; 201 segment_desc_t _ldt; 202 segment_desc_t _tr; 203 204 segment_desc_t _gdt; 205 segment_desc_t _idt; 206 207 uint64 _cr0; 208 uint64 _cr2; 209 uint64 _cr3; 210 uint64 _cr4; 211 212 uint64 _dr0; 213 uint64 _dr1; 214 uint64 _dr2; 215 uint64 _dr3; 216 uint64 _dr6; 217 uint64 _dr7; 218 uint64 _pde; 219 220 uint32 _efer; 221 222 uint32 _sysenter_cs; 223 uint64 _sysenter_eip; 224 uint64 _sysenter_esp; 225 226 uint32 _activity_state; 227 uint32 pad; 228 interruptibility_state_t _interruptibility_state; 229 }; 230 231 /* 232 * HAX tunnel is a per-vCPU shared memory between QEMU and HAX driver 233 * It is used to pass information between QEMU and HAX driver, like KVM_RUN 234 * 235 * In HAX_VCPU_IOCTL_SETUP_TUNNEL ioctl, HAX driver allocats the memory, maps 236 * it to QEMU virtual address space and returns the virtual address and size to 237 * QEMU through hax_tunnel_info structure 238 */ 239 struct hax_tunnel 240 { 241 uint32_t _exit_reason; 242 uint32_t _exit_flag; 243 uint32_t _exit_status; 244 uint32_t user_event_pending; 245 int ready_for_interrupt_injection; 246 int request_interrupt_window; 247 union { 248 struct { 249 /* 0: read, 1: write */ 250 #define HAX_EXIT_IO_IN 1 251 #define HAX_EXIT_IO_OUT 0 252 uint8_t _direction; 253 uint8_t _df; 254 uint16_t _size; 255 uint16_t _port; 256 uint16_t _count; 257 uint8_t _flags; 258 uint8_t _pad0; 259 uint16_t _pad1; 260 uint32_t _pad2; 261 uint64_t _vaddr; 262 } pio; 263 struct { 264 uint64_t gla; 265 } mmio; 266 struct { 267 } state; 268 }; 269 }; 270 271 struct hax_tunnel_info 272 { 273 uint64_t va; 274 uint64_t io_va; 275 uint16_t size; 276 uint16_t pad[3]; 277 }; 278 279 /* The exit reason in HAX tunnel for HAX_VCPU_IOCTL_RUN IOCTL */ 280 enum exit_status { 281 /* IO port emulation request */ 282 HAX_EXIT_IO = 1, 283 /* MMIO instruction emulation request 284 * QEMU emulates MMIO instruction in following step: 285 * 1. When guest accesses MMIO address, it is trapped to HAX driver 286 * 2. HAX driver return back to QEMU with the instruction pointer address 287 * 3. QEMU sync the vcpu state with HAX driver 288 * 4. QEMU emulates this instruction 289 * 5. QEMU sync the vcpu state to HAX driver 290 * 6. HAX driver continuous run the guest through HAX_VCPU_IOCTL_RUN 291 */ 292 HAX_EXIT_MMIO, 293 /* 294 * QEMU emulation mode request 295 * QEMU emulates guest instruction when guest is running in 296 * real mode or protected mode 297 */ 298 HAX_EXIT_REAL, 299 /* 300 * Interrupt window open, qemu can inject an interrupt now. 301 * Also used to indicate a signal is pending to QEMU 302 */ 303 HAX_EXIT_INTERRUPT, 304 /* Unknown vmexit, mostly trigger reboot */ 305 HAX_EXIT_UNKNOWN_VMEXIT, 306 /* 307 * Halt in guest 308 * When guest executes HLT instruction with interrupt enabled, HAX 309 * return back to QEMU. 310 */ 311 HAX_EXIT_HLT, 312 /* Reboot request, like because of tripple fault in guest */ 313 HAX_EXIT_STATECHANGE, 314 /* 315 * The VCPU is paused 316 * Now the vcpu is only paused when to be destroid, so simply return to hax 317 */ 318 HAX_EXIT_PAUSED, 319 /* from API 2.0 */ 320 /* 321 * In API 1.0, HAXM driver utilizes QEMU to decode and emulate MMIO 322 * operations. 323 * From 2.0, HAXM driver will decode some MMIO instructions to improve 324 * MMIO handling performance, especially for GLES hardware acceleration 325 */ 326 HAX_EXIT_FAST_MMIO, 327 }; 328 329 /* 330 * The API version between QEMU and HAX driver 331 * Compat_version defines the oldest API version the HAX driver can support 332 */ 333 struct hax_module_version 334 { 335 uint32_t compat_version; 336 uint32_t cur_version; 337 }; 338 339 /* This interface is support only after API version 2 */ 340 struct hax_qemu_version 341 { 342 /* Current API version in QEMU*/ 343 uint32_t cur_version; 344 /* The least API version supported by QEMU */ 345 uint32_t least_version; 346 }; 347 348 /* See comments for HAX_VM_IOCTL_ALLOC_RAM ioctl */ 349 struct hax_alloc_ram_info 350 { 351 uint32_t size; 352 uint32_t pad; 353 uint64_t va; 354 }; 355 356 /* See comments for HAX_VM_IOCTL_SET_RAM ioctl */ 357 #define HAX_RAM_INFO_ROM 0x1 358 struct hax_set_ram_info 359 { 360 uint64_t pa_start; 361 uint32_t size; 362 uint8_t flags; 363 uint8_t pad[3]; 364 uint64_t va; 365 }; 366 367 /* 368 * We need to load the HAXM (HAX Manager) to tell if the host system has the 369 * required capabilities to operate, and we use hax_capabilityinfo to get such 370 * info from HAXM. 371 * 372 * To prevent HAXM from over-consuming RAM, we set the maximum amount of RAM 373 * that can be used for guests at HAX installation time. Once the quota is 374 * reached, HAXM will no longer attempt to allocate memory for guests. 375 * Detect that HAXM is out of quota can take the emulator to non-HAXM model 376 */ 377 struct hax_capabilityinfo 378 { 379 /* bit 0: 1 - HAXM is working 380 * 0 - HAXM is not working possibly because VT/NX is disabled 381 NX means Non-eXecution, aks. XD (eXecution Disable) 382 * bit 1: 1 - HAXM has hard limit on how many RAM can be used as guest RAM 383 * 0 - HAXM has no memory limitation 384 */ 385 #define HAX_CAP_STATUS_WORKING 0x1 386 #define HAX_CAP_STATUS_NOTWORKING 0x0 387 #define HAX_CAP_WORKSTATUS_MASK 0x1 388 #define HAX_CAP_MEMQUOTA 0x2 389 uint16_t wstatus; 390 /* 391 * valid when HAXM is not working 392 * bit 0: HAXM is not working because VT is not enabeld 393 * bit 1: HAXM is not working because NX not enabled 394 */ 395 #define HAX_CAP_FAILREASON_VT 0x1 396 #define HAX_CAP_FAILREASON_NX 0x2 397 uint16_t winfo; 398 uint32_t pad; 399 uint64_t mem_quota; 400 }; 401 402 /* API 2.0 */ 403 404 struct hax_fastmmio 405 { 406 uint64_t gpa; 407 uint64_t value; 408 uint8_t size; 409 uint8_t direction; 410 uint16_t reg_index; 411 uint32_t pad0; 412 uint64_t _cr0; 413 uint64_t _cr2; 414 uint64_t _cr3; 415 uint64_t _cr4; 416 }; 417 418 #endif 419