github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/executor/kvm.h (about) 1 // Copyright 2017 syzkaller project authors. All rights reserved. 2 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 #ifndef EXECUTOR_KVM_H 5 #define EXECUTOR_KVM_H 6 7 // x86-specific definitions. 8 #if GOARCH_amd64 9 #define X86_ADDR_TEXT 0x0000 10 #define X86_ADDR_PD_IOAPIC 0x0000 11 #define X86_ADDR_GDT 0x1000 12 #define X86_ADDR_LDT 0x1800 13 #define X86_ADDR_PML4 0x2000 14 #define X86_ADDR_PDP 0x3000 15 #define X86_ADDR_PD 0x4000 16 #define X86_ADDR_STACK0 0x0f80 17 #define X86_ADDR_VAR_HLT 0x2800 18 #define X86_ADDR_VAR_SYSRET 0x2808 19 #define X86_ADDR_VAR_SYSEXIT 0x2810 20 #define X86_ADDR_VAR_IDT 0x3800 21 #define X86_ADDR_VAR_TSS64 0x3a00 22 #define X86_ADDR_VAR_TSS64_CPL3 0x3c00 23 #define X86_ADDR_VAR_TSS16 0x3d00 24 #define X86_ADDR_VAR_TSS16_2 0x3e00 25 #define X86_ADDR_VAR_TSS16_CPL3 0x3f00 26 #define X86_ADDR_VAR_TSS32 0x4800 27 #define X86_ADDR_VAR_TSS32_2 0x4a00 28 #define X86_ADDR_VAR_TSS32_CPL3 0x4c00 29 #define X86_ADDR_VAR_TSS32_VM86 0x4e00 30 #define X86_ADDR_VAR_VMXON_PTR 0x5f00 31 #define X86_ADDR_VAR_VMCS_PTR 0x5f08 32 #define X86_ADDR_VAR_VMEXIT_PTR 0x5f10 33 #define X86_ADDR_VAR_VMWRITE_FLD 0x5f18 34 #define X86_ADDR_VAR_VMWRITE_VAL 0x5f20 35 #define X86_ADDR_VAR_VMXON 0x6000 36 #define X86_ADDR_VAR_VMCS 0x7000 37 #define X86_ADDR_VAR_VMEXIT_CODE 0x9000 38 #define X86_ADDR_VAR_USER_CODE 0x9100 39 #define X86_ADDR_VAR_USER_CODE2 0x9120 40 41 // Zero page (0x0 - 0xfff) is deliberately unused. 42 #define X86_SYZOS_ADDR_ZERO 0x0 43 #define X86_SYZOS_ADDR_GDT 0x1000 44 // PML4 for GPAs 0x0 - 0xffffffffffff. 45 #define X86_SYZOS_ADDR_PML4 0x2000 46 // PDP for GPAs 0x0 - 0x7fffffffff. 47 #define X86_SYZOS_ADDR_PDP 0x3000 48 // Pool of 32 pages for dynamic PT/PD allocations. 49 #define X86_SYZOS_ADDR_PT_POOL 0x5000 50 #define X86_SYZOS_ADDR_VAR_IDT 0x25000 51 #define X86_SYZOS_ADDR_VAR_TSS 0x26000 52 53 #define X86_SYZOS_ADDR_SMRAM 0x30000 54 // Write to this page to trigger a page fault and stop KVM_RUN. 55 #define X86_SYZOS_ADDR_EXIT 0x40000 56 // Dedicated address within the exit page for the uexit command. 57 #define X86_SYZOS_ADDR_UEXIT (X86_SYZOS_ADDR_EXIT + 256) 58 #define X86_SYZOS_ADDR_DIRTY_PAGES 0x41000 59 #define X86_SYZOS_ADDR_USER_CODE 0x50000 60 // Location of the SYZOS guest code. Name shared with ARM64 SYZOS. 61 #define SYZOS_ADDR_EXECUTOR_CODE 0x54000 62 #define X86_SYZOS_ADDR_SCRATCH_CODE 0x58000 63 #define X86_SYZOS_ADDR_STACK_BOTTOM 0x60000 64 #define X86_SYZOS_ADDR_STACK0 0x60f80 65 66 // Base address for all per-L1-VCPU regions. 67 #define X86_SYZOS_PER_VCPU_REGIONS_BASE 0x70000 68 // Size of the entire memory block allocated for a single L1 VCPU to manage its L2 VMs. 69 // We need space for 1 VMXON page + 4 L2 VMs. Let's allocate 256KB per L1 VCPU for ample space. 70 #define X86_SYZOS_L1_VCPU_REGION_SIZE 0x40000 71 72 // Offsets within a single L1 VCPU's region. 73 74 // Shared data for the L1 VCPU itself: 1 page for VMXON/HSAVE 75 #define X86_SYZOS_L1_VCPU_OFFSET_VM_ARCH_SPECIFIC 0x0000 76 // Base offset for the area containing the 4 L2 VM slots. 77 #define X86_SYZOS_L1_VCPU_OFFSET_L2_VMS_AREA 0x1000 78 79 // Layout of a single L2 VM's data block. 80 81 // Size of the memory block for a single L2 VM. 82 #define X86_SYZOS_L2_VM_REGION_SIZE 0x8000 83 84 // Offsets within a single L2 VM's region. 85 #define X86_SYZOS_L2_VM_OFFSET_VMCS_VMCB 0x0000 86 #define X86_SYZOS_L2_VM_OFFSET_VM_STACK 0x1000 87 #define X86_SYZOS_L2_VM_OFFSET_VM_CODE 0x2000 88 // 4 pages for L2 EPT/NPT. 89 #define X86_SYZOS_L2_VM_OFFSET_VM_PGTABLE 0x3000 90 #define X86_SYZOS_L2_VM_OFFSET_MSR_BITMAP 0x7000 91 92 // Subsequent addresses are shifted to accommodate all L1 VCPU regions. 93 #define X86_SYZOS_ADDR_UNUSED 0x200000 94 #define X86_SYZOS_ADDR_IOAPIC 0xfec00000 95 96 #define X86_SYZOS_ADDR_VMCS_VMCB(cpu, vm) \ 97 (X86_SYZOS_PER_VCPU_REGIONS_BASE + (cpu) * X86_SYZOS_L1_VCPU_REGION_SIZE + \ 98 X86_SYZOS_L1_VCPU_OFFSET_L2_VMS_AREA + (vm) * X86_SYZOS_L2_VM_REGION_SIZE + \ 99 X86_SYZOS_L2_VM_OFFSET_VMCS_VMCB) 100 101 #define X86_SYZOS_ADDR_VM_CODE(cpu, vm) \ 102 (X86_SYZOS_PER_VCPU_REGIONS_BASE + (cpu) * X86_SYZOS_L1_VCPU_REGION_SIZE + \ 103 X86_SYZOS_L1_VCPU_OFFSET_L2_VMS_AREA + (vm) * X86_SYZOS_L2_VM_REGION_SIZE + \ 104 X86_SYZOS_L2_VM_OFFSET_VM_CODE) 105 106 #define X86_SYZOS_ADDR_VM_STACK(cpu, vm) \ 107 (X86_SYZOS_PER_VCPU_REGIONS_BASE + (cpu) * X86_SYZOS_L1_VCPU_REGION_SIZE + \ 108 X86_SYZOS_L1_VCPU_OFFSET_L2_VMS_AREA + (vm) * X86_SYZOS_L2_VM_REGION_SIZE + \ 109 X86_SYZOS_L2_VM_OFFSET_VM_STACK) 110 111 #define X86_SYZOS_ADDR_VM_PGTABLE(cpu, vm) \ 112 (X86_SYZOS_PER_VCPU_REGIONS_BASE + (cpu) * X86_SYZOS_L1_VCPU_REGION_SIZE + \ 113 X86_SYZOS_L1_VCPU_OFFSET_L2_VMS_AREA + (vm) * X86_SYZOS_L2_VM_REGION_SIZE + \ 114 X86_SYZOS_L2_VM_OFFSET_VM_PGTABLE) 115 116 #define X86_SYZOS_ADDR_MSR_BITMAP(cpu, vm) \ 117 (X86_SYZOS_PER_VCPU_REGIONS_BASE + (cpu) * X86_SYZOS_L1_VCPU_REGION_SIZE + \ 118 X86_SYZOS_L1_VCPU_OFFSET_L2_VMS_AREA + (vm) * X86_SYZOS_L2_VM_REGION_SIZE + \ 119 X86_SYZOS_L2_VM_OFFSET_MSR_BITMAP) 120 121 #define X86_SYZOS_ADDR_VM_ARCH_SPECIFIC(cpu) \ 122 (X86_SYZOS_PER_VCPU_REGIONS_BASE + (cpu) * X86_SYZOS_L1_VCPU_REGION_SIZE + \ 123 X86_SYZOS_L1_VCPU_OFFSET_VM_ARCH_SPECIFIC) 124 125 // SYZOS segment selectors 126 #define X86_SYZOS_SEL_CODE 0x8 127 #define X86_SYZOS_SEL_DATA 0x10 128 #define X86_SYZOS_SEL_TSS64 0x18 129 130 #define X86_CR0_PE 1ULL 131 #define X86_CR0_MP (1ULL << 1) 132 #define X86_CR0_EM (1ULL << 2) 133 #define X86_CR0_TS (1ULL << 3) 134 #define X86_CR0_ET (1ULL << 4) 135 #define X86_CR0_NE (1ULL << 5) 136 #define X86_CR0_WP (1ULL << 16) 137 #define X86_CR0_AM (1ULL << 18) 138 #define X86_CR0_NW (1ULL << 29) 139 #define X86_CR0_CD (1ULL << 30) 140 #define X86_CR0_PG (1ULL << 31) 141 142 #define X86_CR4_VME 1ULL 143 #define X86_CR4_PVI (1ULL << 1) 144 #define X86_CR4_TSD (1ULL << 2) 145 #define X86_CR4_DE (1ULL << 3) 146 #define X86_CR4_PSE (1ULL << 4) 147 #define X86_CR4_PAE (1ULL << 5) 148 #define X86_CR4_MCE (1ULL << 6) 149 #define X86_CR4_PGE (1ULL << 7) 150 #define X86_CR4_PCE (1ULL << 8) 151 #define X86_CR4_OSFXSR (1ULL << 8) 152 #define X86_CR4_OSXMMEXCPT (1ULL << 10) 153 #define X86_CR4_UMIP (1ULL << 11) 154 #define X86_CR4_VMXE (1ULL << 13) 155 #define X86_CR4_SMXE (1ULL << 14) 156 #define X86_CR4_FSGSBASE (1ULL << 16) 157 #define X86_CR4_PCIDE (1ULL << 17) 158 #define X86_CR4_OSXSAVE (1ULL << 18) 159 #define X86_CR4_SMEP (1ULL << 20) 160 #define X86_CR4_SMAP (1ULL << 21) 161 #define X86_CR4_PKE (1ULL << 22) 162 163 #define X86_EFER_SCE 1ULL 164 #define X86_EFER_LME (1ULL << 8) 165 #define X86_EFER_LMA (1ULL << 10) 166 #define X86_EFER_NXE (1ULL << 11) 167 #define X86_EFER_SVME (1ULL << 12) 168 #define X86_EFER_LMSLE (1ULL << 13) 169 #define X86_EFER_FFXSR (1ULL << 14) 170 #define X86_EFER_TCE (1ULL << 15) 171 172 // 32-bit page directory entry bits 173 #define X86_PDE32_PRESENT 1UL 174 #define X86_PDE32_RW (1UL << 1) 175 #define X86_PDE32_USER (1UL << 2) 176 #define X86_PDE32_PS (1UL << 7) 177 178 // 64-bit page * entry bits 179 #define X86_PDE64_PRESENT 1 180 #define X86_PDE64_RW (1ULL << 1) 181 #define X86_PDE64_USER (1ULL << 2) 182 #define X86_PDE64_ACCESSED (1ULL << 5) 183 #define X86_PDE64_DIRTY (1ULL << 6) 184 #define X86_PDE64_PS (1ULL << 7) 185 #define X86_PDE64_G (1ULL << 8) 186 187 // Intel-specific EPT Flags. 188 #define EPT_MEMTYPE_WB (6ULL << 3) 189 #define EPT_ACCESSED (1ULL << 8) 190 #define EPT_DIRTY (1ULL << 9) 191 192 #define X86_SEL_LDT (1 << 3) 193 #define X86_SEL_CS16 (2 << 3) 194 #define X86_SEL_DS16 (3 << 3) 195 #define X86_SEL_CS16_CPL3 ((4 << 3) + 3) 196 #define X86_SEL_DS16_CPL3 ((5 << 3) + 3) 197 #define X86_SEL_CS32 (6 << 3) 198 #define X86_SEL_DS32 (7 << 3) 199 #define X86_SEL_CS32_CPL3 ((8 << 3) + 3) 200 #define X86_SEL_DS32_CPL3 ((9 << 3) + 3) 201 #define X86_SEL_CS64 (10 << 3) 202 #define X86_SEL_DS64 (11 << 3) 203 #define X86_SEL_CS64_CPL3 ((12 << 3) + 3) 204 #define X86_SEL_DS64_CPL3 ((13 << 3) + 3) 205 #define X86_SEL_CGATE16 (14 << 3) 206 #define X86_SEL_TGATE16 (15 << 3) 207 #define X86_SEL_CGATE32 (16 << 3) 208 #define X86_SEL_TGATE32 (17 << 3) 209 #define X86_SEL_CGATE64 (18 << 3) 210 #define X86_SEL_CGATE64_HI (19 << 3) 211 #define X86_SEL_TSS16 (20 << 3) 212 #define X86_SEL_TSS16_2 (21 << 3) 213 #define X86_SEL_TSS16_CPL3 ((22 << 3) + 3) 214 #define X86_SEL_TSS32 (23 << 3) 215 #define X86_SEL_TSS32_2 (24 << 3) 216 #define X86_SEL_TSS32_CPL3 ((25 << 3) + 3) 217 #define X86_SEL_TSS32_VM86 (26 << 3) 218 #define X86_SEL_TSS64 (27 << 3) 219 #define X86_SEL_TSS64_HI (28 << 3) 220 #define X86_SEL_TSS64_CPL3 ((29 << 3) + 3) 221 #define X86_SEL_TSS64_CPL3_HI (30 << 3) 222 223 // Model-Specific Registers (MSRs). 224 #define X86_MSR_IA32_FEATURE_CONTROL 0x3a 225 #define X86_MSR_IA32_VMX_BASIC 0x480 226 #define X86_MSR_IA32_SMBASE 0x9e 227 #define X86_MSR_IA32_SYSENTER_CS 0x174 228 #define X86_MSR_IA32_SYSENTER_ESP 0x175 229 #define X86_MSR_IA32_SYSENTER_EIP 0x176 230 #define X86_MSR_IA32_CR_PAT 0x277 231 #define X86_MSR_CORE_PERF_GLOBAL_CTRL 0x38f 232 #define X86_MSR_IA32_VMX_TRUE_PINBASED_CTLS 0x48d 233 #define X86_MSR_IA32_VMX_TRUE_PROCBASED_CTLS 0x48e 234 #define X86_MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f 235 #define X86_MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 236 #define X86_MSR_IA32_EFER 0xc0000080 237 #define X86_MSR_IA32_STAR 0xC0000081 238 #define X86_MSR_IA32_LSTAR 0xC0000082 239 #define X86_MSR_FS_BASE 0xc0000100 240 #define X86_MSR_GS_BASE 0xc0000101 241 #define X86_MSR_VM_HSAVE_PA 0xc0010117 242 #define X86_MSR_IA32_VMX_PROCBASED_CTLS2 0x48B 243 244 // VMX control bits 245 #define RFLAGS_1_BIT (1ULL << 1) 246 #define CPU_BASED_HLT_EXITING (1U << 7) 247 #define CPU_BASED_RDTSC_EXITING (1U << 12) 248 #define AR_TSS_AVAILABLE 0x0089 249 #define SVM_ATTR_LDTR_UNUSABLE 0x0000 250 #define VMX_AR_TSS_BUSY 0x008b 251 #define VMX_AR_TSS_AVAILABLE 0x0089 252 #define VMX_AR_LDTR_UNUSABLE 0x10000 253 #define VM_ENTRY_IA32E_MODE (1U << 9) 254 #define SECONDARY_EXEC_ENABLE_EPT (1U << 1) 255 #define SECONDARY_EXEC_ENABLE_RDTSCP (1U << 3) 256 #define VM_EXIT_HOST_ADDR_SPACE_SIZE (1U << 9) 257 #define CPU_BASED_ACTIVATE_SECONDARY_CONTROLS (1U << 31) 258 259 #define VMX_ACCESS_RIGHTS_P (1 << 7) 260 #define VMX_ACCESS_RIGHTS_S (1 << 4) 261 #define VMX_ACCESS_RIGHTS_TYPE_A (1 << 0) 262 #define VMX_ACCESS_RIGHTS_TYPE_RW (1 << 1) 263 #define VMX_ACCESS_RIGHTS_TYPE_E (1 << 3) 264 #define VMX_ACCESS_RIGHTS_G (1 << 15) 265 #define VMX_ACCESS_RIGHTS_DB (1 << 14) 266 #define VMX_ACCESS_RIGHTS_L (1 << 13) 267 268 // This is a 64-bit data/stack segment: 269 // P=1, S=1, Type=3 (RW+Accessed), G=1, DB=1, L=0 270 #define VMX_AR_64BIT_DATA_STACK (VMX_ACCESS_RIGHTS_P | VMX_ACCESS_RIGHTS_S | \ 271 VMX_ACCESS_RIGHTS_TYPE_RW | VMX_ACCESS_RIGHTS_TYPE_A | \ 272 VMX_ACCESS_RIGHTS_G | VMX_ACCESS_RIGHTS_DB) 273 274 // This is a 64-bit code segment: 275 // P=1, S=1, Type=11 (Exec/Read+Accessed), G=1, DB=0, L=1 276 #define VMX_AR_64BIT_CODE (VMX_ACCESS_RIGHTS_P | VMX_ACCESS_RIGHTS_S | \ 277 VMX_ACCESS_RIGHTS_TYPE_E | VMX_ACCESS_RIGHTS_TYPE_RW | \ 278 VMX_ACCESS_RIGHTS_TYPE_A | VMX_ACCESS_RIGHTS_G | \ 279 VMX_ACCESS_RIGHTS_L) 280 281 // VMCS Control Fields. 282 #define VMCS_VIRTUAL_PROCESSOR_ID 0x00000000 283 #define VMCS_POSTED_INTR_NV 0x00000002 284 #define VMCS_MSR_BITMAP 0x00002004 285 #define VMCS_VMREAD_BITMAP 0x00002006 286 #define VMCS_VMWRITE_BITMAP 0x00002008 287 #define VMCS_EPT_POINTER 0x0000201a 288 #define VMCS_LINK_POINTER 0x00002800 289 #define VMCS_PIN_BASED_VM_EXEC_CONTROL 0x00004000 290 #define VMCS_CPU_BASED_VM_EXEC_CONTROL 0x00004002 291 #define VMCS_EXCEPTION_BITMAP 0x00004004 292 #define VMCS_PAGE_FAULT_ERROR_CODE_MASK 0x00004006 293 #define VMCS_PAGE_FAULT_ERROR_CODE_MATCH 0x00004008 294 #define VMCS_CR3_TARGET_COUNT 0x0000400a 295 #define VMCS_VM_EXIT_CONTROLS 0x0000400c 296 #define VMCS_VM_EXIT_MSR_STORE_COUNT 0x0000400e 297 #define VMCS_VM_EXIT_MSR_LOAD_COUNT 0x00004010 298 #define VMCS_VM_ENTRY_CONTROLS 0x00004012 299 #define VMCS_VM_ENTRY_MSR_LOAD_COUNT 0x00004014 300 #define VMCS_VM_ENTRY_INTR_INFO_FIELD 0x00004016 301 #define VMCS_TPR_THRESHOLD 0x0000401c 302 #define VMCS_SECONDARY_VM_EXEC_CONTROL 0x0000401e 303 #define VMCS_VM_INSTRUCTION_ERROR 0x00004400 304 #define VMCS_VM_EXIT_REASON 0x00004402 305 #define VMCS_VMX_PREEMPTION_TIMER_VALUE 0x0000482e 306 #define VMCS_CR0_GUEST_HOST_MASK 0x00006000 307 #define VMCS_CR4_GUEST_HOST_MASK 0x00006002 308 #define VMCS_CR0_READ_SHADOW 0x00006004 309 #define VMCS_CR4_READ_SHADOW 0x00006006 310 311 // VMCS Host State Fields. 312 #define VMCS_HOST_ES_SELECTOR 0x00000c00 313 #define VMCS_HOST_CS_SELECTOR 0x00000c02 314 #define VMCS_HOST_SS_SELECTOR 0x00000c04 315 #define VMCS_HOST_DS_SELECTOR 0x00000c06 316 #define VMCS_HOST_FS_SELECTOR 0x00000c08 317 #define VMCS_HOST_GS_SELECTOR 0x00000c0a 318 #define VMCS_HOST_TR_SELECTOR 0x00000c0c 319 #define VMCS_HOST_IA32_PAT 0x00002c00 320 #define VMCS_HOST_IA32_EFER 0x00002c02 321 #define VMCS_HOST_IA32_PERF_GLOBAL_CTRL 0x00002c04 322 #define VMCS_HOST_IA32_SYSENTER_CS 0x00004c00 323 #define VMCS_HOST_CR0 0x00006c00 324 #define VMCS_HOST_CR3 0x00006c02 325 #define VMCS_HOST_CR4 0x00006c04 326 #define VMCS_HOST_FS_BASE 0x00006c06 327 #define VMCS_HOST_GS_BASE 0x00006c08 328 #define VMCS_HOST_TR_BASE 0x00006c0a 329 #define VMCS_HOST_GDTR_BASE 0x00006c0c 330 #define VMCS_HOST_IDTR_BASE 0x00006c0e 331 #define VMCS_HOST_IA32_SYSENTER_ESP 0x00006c10 332 #define VMCS_HOST_IA32_SYSENTER_EIP 0x00006c12 333 #define VMCS_HOST_RSP 0x00006c14 334 #define VMCS_HOST_RIP 0x00006c16 335 336 // VMCS Guest State Fields. 337 #define VMCS_GUEST_INTR_STATUS 0x00000810 338 #define VMCS_GUEST_PML_INDEX 0x00000812 339 #define VMCS_GUEST_IA32_DEBUGCTL 0x00002802 340 #define VMCS_GUEST_IA32_PAT 0x00002804 341 #define VMCS_GUEST_IA32_EFER 0x00002806 342 #define VMCS_GUEST_IA32_PERF_GLOBAL_CTRL 0x00002808 343 #define VMCS_GUEST_ES_SELECTOR 0x00000800 344 #define VMCS_GUEST_CS_SELECTOR 0x00000802 345 #define VMCS_GUEST_SS_SELECTOR 0x00000804 346 #define VMCS_GUEST_DS_SELECTOR 0x00000806 347 #define VMCS_GUEST_FS_SELECTOR 0x00000808 348 #define VMCS_GUEST_GS_SELECTOR 0x0000080a 349 #define VMCS_GUEST_LDTR_SELECTOR 0x0000080c 350 #define VMCS_GUEST_TR_SELECTOR 0x0000080e 351 #define VMCS_GUEST_ES_LIMIT 0x00004800 352 #define VMCS_GUEST_CS_LIMIT 0x00004802 353 #define VMCS_GUEST_SS_LIMIT 0x00004804 354 #define VMCS_GUEST_DS_LIMIT 0x00004806 355 #define VMCS_GUEST_FS_LIMIT 0x00004808 356 #define VMCS_GUEST_GS_LIMIT 0x0000480a 357 #define VMCS_GUEST_LDTR_LIMIT 0x0000480c 358 #define VMCS_GUEST_TR_LIMIT 0x0000480e 359 #define VMCS_GUEST_GDTR_LIMIT 0x00004810 360 #define VMCS_GUEST_IDTR_LIMIT 0x00004812 361 #define VMCS_GUEST_ES_ACCESS_RIGHTS 0x00004814 362 #define VMCS_GUEST_CS_ACCESS_RIGHTS 0x00004816 363 #define VMCS_GUEST_SS_ACCESS_RIGHTS 0x00004818 364 #define VMCS_GUEST_DS_ACCESS_RIGHTS 0x0000481a 365 #define VMCS_GUEST_FS_ACCESS_RIGHTS 0x0000481c 366 #define VMCS_GUEST_GS_ACCESS_RIGHTS 0x0000481e 367 #define VMCS_GUEST_LDTR_ACCESS_RIGHTS 0x00004820 368 #define VMCS_GUEST_TR_ACCESS_RIGHTS 0x00004822 369 #define VMCS_GUEST_ACTIVITY_STATE 0x00004824 370 #define VMCS_GUEST_INTERRUPTIBILITY_INFO 0x00004826 371 #define VMCS_GUEST_SYSENTER_CS 0x0000482a 372 #define VMCS_GUEST_CR0 0x00006800 373 #define VMCS_GUEST_CR3 0x00006802 374 #define VMCS_GUEST_CR4 0x00006804 375 #define VMCS_GUEST_ES_BASE 0x00006806 376 #define VMCS_GUEST_CS_BASE 0x00006808 377 #define VMCS_GUEST_SS_BASE 0x0000680a 378 #define VMCS_GUEST_DS_BASE 0x0000680c 379 #define VMCS_GUEST_FS_BASE 0x0000680e 380 #define VMCS_GUEST_GS_BASE 0x00006810 381 #define VMCS_GUEST_LDTR_BASE 0x00006812 382 #define VMCS_GUEST_TR_BASE 0x00006814 383 #define VMCS_GUEST_GDTR_BASE 0x00006816 384 #define VMCS_GUEST_IDTR_BASE 0x00006818 385 #define VMCS_GUEST_DR7 0x0000681a 386 #define VMCS_GUEST_RSP 0x0000681c 387 #define VMCS_GUEST_RIP 0x0000681e 388 #define VMCS_GUEST_RFLAGS 0x00006820 389 #define VMCS_GUEST_PENDING_DBG_EXCEPTIONS 0x00006822 390 #define VMCS_GUEST_SYSENTER_ESP 0x00006824 391 #define VMCS_GUEST_SYSENTER_EIP 0x00006826 392 393 // VMCB (Virtual Machine Control Block) Field Offsets 394 // (From AMD64 Programmer's Manual Vol 2, Appendix B) 395 396 // Control Area 397 #define VMCB_CTRL_INTERCEPT_VEC3 0x0c 398 #define VMCB_CTRL_INTERCEPT_VEC3_ALL (0xffffffff) 399 #define VMCB_CTRL_INTERCEPT_VEC4 0x10 400 // Bits 0-9: intercept VMRUN, VMMCALL, VMLOAD, VMSAVE, STGI, CLGI, SKINIT, RDTSCP, ICEBP, WBINVD. 401 #define VMCB_CTRL_INTERCEPT_VEC4_ALL (0x3ff) 402 403 #define VMCB_CTRL_ASID 0x058 404 #define VMCB_EXIT_CODE 0x070 405 406 // NP_ENABLE is actually 1 byte, but the 7 following bytes are reserved, so it's okay 407 #define VMCB_CTRL_NP_ENABLE 0x090 408 #define VMCB_CTRL_NPT_ENABLE_BIT 0 409 410 #define VMCB_CTRL_N_CR3 0x0b0 411 412 // Guest State Area (starts at 0x400) 413 #define VMCB_GUEST_ES_SEL 0x400 414 #define VMCB_GUEST_ES_ATTR 0x402 415 #define VMCB_GUEST_ES_LIM 0x404 416 #define VMCB_GUEST_ES_BASE 0x408 417 #define VMCB_GUEST_CS_SEL 0x410 418 #define VMCB_GUEST_CS_ATTR 0x412 419 #define VMCB_GUEST_CS_LIM 0x414 420 #define VMCB_GUEST_CS_BASE 0x418 421 #define VMCB_GUEST_SS_SEL 0x420 422 #define VMCB_GUEST_SS_ATTR 0x422 423 #define VMCB_GUEST_SS_LIM 0x424 424 #define VMCB_GUEST_SS_BASE 0x428 425 #define VMCB_GUEST_DS_SEL 0x430 426 #define VMCB_GUEST_DS_ATTR 0x432 427 #define VMCB_GUEST_DS_LIM 0x434 428 #define VMCB_GUEST_DS_BASE 0x438 429 #define VMCB_GUEST_FS_SEL 0x440 430 #define VMCB_GUEST_FS_ATTR 0x442 431 #define VMCB_GUEST_FS_LIM 0x444 432 #define VMCB_GUEST_FS_BASE 0x448 433 #define VMCB_GUEST_GS_SEL 0x450 434 #define VMCB_GUEST_GS_ATTR 0x452 435 #define VMCB_GUEST_GS_LIM 0x454 436 #define VMCB_GUEST_GS_BASE 0x458 437 438 #define VMCB_GUEST_IDTR_SEL 0x480 439 #define VMCB_GUEST_IDTR_ATTR 0x482 440 #define VMCB_GUEST_IDTR_LIM 0x484 441 #define VMCB_GUEST_IDTR_BASE 0x488 442 #define VMCB_GUEST_GDTR_SEL 0x460 443 #define VMCB_GUEST_GDTR_ATTR 0x462 444 #define VMCB_GUEST_GDTR_LIM 0x464 445 #define VMCB_GUEST_GDTR_BASE 0x468 446 #define VMCB_GUEST_LDTR_SEL 0x470 447 #define VMCB_GUEST_LDTR_ATTR 0x472 448 #define VMCB_GUEST_LDTR_LIM 0x474 449 #define VMCB_GUEST_LDTR_BASE 0x478 450 #define VMCB_GUEST_TR_SEL 0x490 451 #define VMCB_GUEST_TR_ATTR 0x492 452 #define VMCB_GUEST_TR_LIM 0x494 453 #define VMCB_GUEST_TR_BASE 0x498 454 455 #define VMCB_GUEST_EFER 0x4d0 456 #define VMCB_GUEST_CR4 0x548 457 #define VMCB_GUEST_CR3 0x550 458 #define VMCB_GUEST_CR0 0x558 459 #define VMCB_GUEST_DR7 0x560 460 #define VMCB_GUEST_DR6 0x568 461 #define VMCB_GUEST_RFLAGS 0x570 462 #define VMCB_GUEST_RIP 0x578 463 #define VMCB_GUEST_RSP 0x5d8 464 #define VMCB_GUEST_PAT 0x668 465 #define VMCB_GUEST_DEBUGCTL 0x670 466 467 // SVM Segment Attribute Defines 468 #define SVM_ATTR_G (1 << 15) 469 #define SVM_ATTR_DB (1 << 14) 470 #define SVM_ATTR_L (1 << 13) 471 #define SVM_ATTR_P (1 << 7) 472 #define SVM_ATTR_S (1 << 4) 473 // Type bits. 474 #define SVM_ATTR_TYPE_A (1 << 0) 475 #define SVM_ATTR_TYPE_RW (1 << 1) 476 #define SVM_ATTR_TYPE_E (1 << 3) 477 478 // 64-bit Code Segment: P=1, S=1, Type=11 (E/R/A), L=1, G=1 479 #define SVM_ATTR_64BIT_CODE \ 480 (SVM_ATTR_P | SVM_ATTR_S | SVM_ATTR_TYPE_E | SVM_ATTR_TYPE_RW | \ 481 SVM_ATTR_TYPE_A | SVM_ATTR_L | SVM_ATTR_G) 482 483 // 64-bit Data Segment: P=1, S=1, Type=3 (RW/A), D/B=1, G=1 484 #define SVM_ATTR_64BIT_DATA \ 485 (SVM_ATTR_P | SVM_ATTR_S | SVM_ATTR_TYPE_RW | SVM_ATTR_TYPE_A | \ 486 SVM_ATTR_DB | SVM_ATTR_G) 487 488 #define X86_NEXT_INSN $0xbadc0de 489 #define X86_PREFIX_SIZE 0xba1d 490 #endif // x86-specific definitions. 491 492 #define KVM_MAX_VCPU 4 493 #define KVM_PAGE_SIZE (1 << 12) 494 #define KVM_GUEST_PAGES 1024 495 #define KVM_GUEST_MEM_SIZE (KVM_GUEST_PAGES * KVM_PAGE_SIZE) 496 #define SZ_4K 0x00001000 497 #define SZ_64K 0x00010000 498 #define GENMASK_ULL(h, l) \ 499 (((~0ULL) - (1ULL << (l)) + 1ULL) & \ 500 (~0ULL >> (63 - (h)))) 501 502 // ARM64 SYZOS definitions. 503 #if GOARCH_arm64 504 // GICv3 distributor address. 505 #define ARM64_ADDR_GICD_BASE 0x08000000 506 // GICv3 ITS address. 507 #define ARM64_ADDR_GITS_BASE 0x08080000 508 // GICv3 redistributor address. 509 #define ARM64_ADDR_GICR_BASE 0x080a0000 510 #define ARM64_ADDR_ITS_TABLES 0xc0000000 511 // Write to this page to trigger a page fault and stop KVM_RUN. 512 #define ARM64_ADDR_EXIT 0xdddd0000 513 // Dedicated address within the exit page for the uexit command. 514 #define ARM64_ADDR_UEXIT (ARM64_ADDR_EXIT + 256) 515 // Two writable pages with KVM_MEM_LOG_DIRTY_PAGES explicitly set. 516 #define ARM64_ADDR_DIRTY_PAGES 0xdddd1000 517 #define ARM64_ADDR_USER_CODE 0xeeee0000 518 // Location of the SYZOS guest code. Name shared with x86 SYZOS. 519 #define SYZOS_ADDR_EXECUTOR_CODE 0xeeee8000 520 #define ARM64_ADDR_SCRATCH_CODE 0xeeef0000 521 #define ARM64_ADDR_EL1_STACK_BOTTOM 0xffff1000 522 523 // GICv3 ITS tables. 524 #define ITS_MAX_DEVICES 16 525 #define ARM64_ADDR_ITS_DEVICE_TABLE (ARM64_ADDR_ITS_TABLES) 526 #define ARM64_ADDR_ITS_COLL_TABLE (ARM64_ADDR_ITS_DEVICE_TABLE + SZ_64K) 527 #define ARM64_ADDR_ITS_CMDQ_BASE (ARM64_ADDR_ITS_COLL_TABLE + SZ_64K) 528 // 16 slots for ITT tables, typically used by devices 0-15. 529 #define ARM64_ADDR_ITS_ITT_TABLES (ARM64_ADDR_ITS_CMDQ_BASE + SZ_64K) 530 #define ARM64_ADDR_ITS_PROP_TABLE (ARM64_ADDR_ITS_ITT_TABLES + SZ_64K * ITS_MAX_DEVICES) 531 #define ARM64_ADDR_ITS_PEND_TABLES (ARM64_ADDR_ITS_PROP_TABLE + SZ_64K) 532 533 #endif // ARM64 SYZOS definitions 534 535 #endif // EXECUTOR_KVM_H