1 /****************************************************************************** 2 * vm_event.h 3 * 4 * Memory event common structures. 5 * 6 * Copyright (c) 2009 by Citrix Systems, Inc. (Patrick Colp) 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to 10 * deal in the Software without restriction, including without limitation the 11 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 12 * sell copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 23 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 24 * DEALINGS IN THE SOFTWARE. 25 */ 26 27 #ifndef _XEN_PUBLIC_VM_EVENT_H 28 #define _XEN_PUBLIC_VM_EVENT_H 29 30 #include "xen.h" 31 32 #define VM_EVENT_INTERFACE_VERSION 0x00000007 33 34 #if defined(__XEN__) || defined(__XEN_TOOLS__) 35 36 #include "io/ring.h" 37 38 /* 39 * Memory event flags 40 */ 41 42 /* 43 * VCPU_PAUSED in a request signals that the vCPU triggering the event has been 44 * paused 45 * VCPU_PAUSED in a response signals to unpause the vCPU 46 */ 47 #define VM_EVENT_FLAG_VCPU_PAUSED (1 << 0) 48 /* Flags to aid debugging vm_event */ 49 #define VM_EVENT_FLAG_FOREIGN (1 << 1) 50 /* 51 * The following flags can be set in response to a mem_access event. 52 * 53 * Emulate the fault-causing instruction (if set in the event response flags). 54 * This will allow the guest to continue execution without lifting the page 55 * access restrictions. 56 */ 57 #define VM_EVENT_FLAG_EMULATE (1 << 2) 58 /* 59 * Same as VM_EVENT_FLAG_EMULATE, but with write operations or operations 60 * potentially having side effects (like memory mapped or port I/O) disabled. 61 */ 62 #define VM_EVENT_FLAG_EMULATE_NOWRITE (1 << 3) 63 /* 64 * Toggle singlestepping on vm_event response. 65 * Requires the vCPU to be paused already (synchronous events only). 66 */ 67 #define VM_EVENT_FLAG_TOGGLE_SINGLESTEP (1 << 4) 68 /* 69 * Data is being sent back to the hypervisor in the event response, to be 70 * returned by the read function when emulating an instruction. 71 * This flag is only useful when combined with VM_EVENT_FLAG_EMULATE 72 * and takes precedence if combined with VM_EVENT_FLAG_EMULATE_NOWRITE 73 * (i.e. if both VM_EVENT_FLAG_EMULATE_NOWRITE and 74 * VM_EVENT_FLAG_SET_EMUL_READ_DATA are set, only the latter will be honored). 75 */ 76 #define VM_EVENT_FLAG_SET_EMUL_READ_DATA (1 << 5) 77 /* 78 * Deny completion of the operation that triggered the event. 79 * Currently only useful for MSR and control-register write events. 80 * Requires the vCPU to be paused already (synchronous events only). 81 */ 82 #define VM_EVENT_FLAG_DENY (1 << 6) 83 /* 84 * This flag can be set in a request or a response 85 * 86 * On a request, indicates that the event occurred in the alternate p2m 87 * specified by the altp2m_idx request field. 88 * 89 * On a response, indicates that the VCPU should resume in the alternate p2m 90 * specified by the altp2m_idx response field if possible. 91 */ 92 #define VM_EVENT_FLAG_ALTERNATE_P2M (1 << 7) 93 /* 94 * Set the vCPU registers to the values in the vm_event response. 95 * At the moment x86-only, applies to EAX-EDX, ESP, EBP, ESI, EDI, R8-R15, 96 * EFLAGS, and EIP. 97 * Requires the vCPU to be paused already (synchronous events only). 98 */ 99 #define VM_EVENT_FLAG_SET_REGISTERS (1 << 8) 100 /* 101 * Instruction cache is being sent back to the hypervisor in the event response 102 * to be used by the emulator. This flag is only useful when combined with 103 * VM_EVENT_FLAG_EMULATE and does not take presedence if combined with 104 * VM_EVENT_FLAG_EMULATE_NOWRITE or VM_EVENT_FLAG_SET_EMUL_READ_DATA, (i.e. 105 * if any of those flags are set, only those will be honored). 106 */ 107 #define VM_EVENT_FLAG_SET_EMUL_INSN_DATA (1 << 9) 108 /* 109 * Have a one-shot VM_EVENT_REASON_INTERRUPT event sent for the first 110 * interrupt pending after resuming the VCPU. 111 */ 112 #define VM_EVENT_FLAG_GET_NEXT_INTERRUPT (1 << 10) 113 /* 114 * Execute fast singlestepping on vm_event response. 115 * Requires the vCPU to be paused already (synchronous events only). 116 * 117 * On a response requires setting the p2midx field of fast_singlestep to which 118 * Xen will switch the vCPU to on the occurance of the first singlestep, after 119 * which singlestep gets automatically disabled. 120 */ 121 #define VM_EVENT_FLAG_FAST_SINGLESTEP (1 << 11) 122 /* 123 * Set if the event comes from a nested VM and thus npt_base is valid. 124 */ 125 #define VM_EVENT_FLAG_NESTED_P2M (1 << 12) 126 /* 127 * Reset the vmtrace buffer (if vmtrace is enabled) 128 */ 129 #define VM_EVENT_FLAG_RESET_VMTRACE (1 << 13) 130 131 /* 132 * Reasons for the vm event request 133 */ 134 135 /* Default case */ 136 #define VM_EVENT_REASON_UNKNOWN 0 137 /* Memory access violation */ 138 #define VM_EVENT_REASON_MEM_ACCESS 1 139 /* Memory sharing event */ 140 #define VM_EVENT_REASON_MEM_SHARING 2 141 /* Memory paging event */ 142 #define VM_EVENT_REASON_MEM_PAGING 3 143 /* A control register was updated */ 144 #define VM_EVENT_REASON_WRITE_CTRLREG 4 145 /* An MSR was updated. */ 146 #define VM_EVENT_REASON_MOV_TO_MSR 5 147 /* Debug operation executed (e.g. int3) */ 148 #define VM_EVENT_REASON_SOFTWARE_BREAKPOINT 6 149 /* Single-step (e.g. MTF) */ 150 #define VM_EVENT_REASON_SINGLESTEP 7 151 /* An event has been requested via HVMOP_guest_request_vm_event. */ 152 #define VM_EVENT_REASON_GUEST_REQUEST 8 153 /* A debug exception was caught */ 154 #define VM_EVENT_REASON_DEBUG_EXCEPTION 9 155 /* CPUID executed */ 156 #define VM_EVENT_REASON_CPUID 10 157 /* 158 * Privileged call executed (e.g. SMC). 159 * Note: event may be generated even if SMC condition check fails on some CPUs. 160 * As this behavior is CPU-specific, users are advised to not rely on it. 161 * These kinds of events will be filtered out in future versions. 162 */ 163 #define VM_EVENT_REASON_PRIVILEGED_CALL 11 164 /* An interrupt has been delivered. */ 165 #define VM_EVENT_REASON_INTERRUPT 12 166 /* A descriptor table register was accessed. */ 167 #define VM_EVENT_REASON_DESCRIPTOR_ACCESS 13 168 /* Current instruction is not implemented by the emulator */ 169 #define VM_EVENT_REASON_EMUL_UNIMPLEMENTED 14 170 171 /* Supported values for the vm_event_write_ctrlreg index. */ 172 #define VM_EVENT_X86_CR0 0 173 #define VM_EVENT_X86_CR3 1 174 #define VM_EVENT_X86_CR4 2 175 #define VM_EVENT_X86_XCR0 3 176 177 /* The limit field is right-shifted by 12 bits if .ar.g is set. */ 178 struct vm_event_x86_selector_reg { 179 uint32_t limit : 20; 180 uint32_t ar : 12; 181 }; 182 183 /* 184 * Using custom vCPU structs (i.e. not hvm_hw_cpu) for both x86 and ARM 185 * so as to not fill the vm_event ring buffer too quickly. 186 */ 187 struct vm_event_regs_x86 { 188 uint64_t rax; 189 uint64_t rcx; 190 uint64_t rdx; 191 uint64_t rbx; 192 uint64_t rsp; 193 uint64_t rbp; 194 uint64_t rsi; 195 uint64_t rdi; 196 uint64_t r8; 197 uint64_t r9; 198 uint64_t r10; 199 uint64_t r11; 200 uint64_t r12; 201 uint64_t r13; 202 uint64_t r14; 203 uint64_t r15; 204 uint64_t rflags; 205 uint64_t dr6; 206 uint64_t dr7; 207 uint64_t rip; 208 uint64_t cr0; 209 uint64_t cr2; 210 uint64_t cr3; 211 uint64_t cr4; 212 uint64_t sysenter_cs; 213 uint64_t sysenter_esp; 214 uint64_t sysenter_eip; 215 uint64_t msr_efer; 216 uint64_t msr_star; 217 uint64_t msr_lstar; 218 uint64_t gdtr_base; 219 220 /* 221 * When VM_EVENT_FLAG_NESTED_P2M is set, this event comes from a nested 222 * VM. npt_base is the guest physical address of the L1 hypervisors 223 * EPT/NPT tables for the nested guest. 224 * 225 * All bits outside of architectural address ranges are reserved for 226 * future metadata. 227 */ 228 uint64_t npt_base; 229 230 /* 231 * Current position in the vmtrace buffer, or ~0 if vmtrace is not active. 232 * 233 * For Intel Processor Trace, it is the upper half of MSR_RTIT_OUTPUT_MASK. 234 */ 235 uint64_t vmtrace_pos; 236 237 uint32_t cs_base; 238 uint32_t ss_base; 239 uint32_t ds_base; 240 uint32_t es_base; 241 uint64_t fs_base; 242 uint64_t gs_base; 243 struct vm_event_x86_selector_reg cs; 244 struct vm_event_x86_selector_reg ss; 245 struct vm_event_x86_selector_reg ds; 246 struct vm_event_x86_selector_reg es; 247 struct vm_event_x86_selector_reg fs; 248 struct vm_event_x86_selector_reg gs; 249 uint64_t shadow_gs; 250 uint16_t gdtr_limit; 251 uint16_t cs_sel; 252 uint16_t ss_sel; 253 uint16_t ds_sel; 254 uint16_t es_sel; 255 uint16_t fs_sel; 256 uint16_t gs_sel; 257 uint16_t _pad; 258 }; 259 260 /* 261 * Only the register 'pc' can be set on a vm_event response using the 262 * VM_EVENT_FLAG_SET_REGISTERS flag. 263 */ 264 struct vm_event_regs_arm { 265 uint64_t ttbr0; 266 uint64_t ttbr1; 267 uint64_t ttbcr; 268 uint64_t pc; 269 uint64_t cpsr; 270 }; 271 272 /* 273 * mem_access flag definitions 274 * 275 * These flags are set only as part of a mem_event request. 276 * 277 * R/W/X: Defines the type of violation that has triggered the event 278 * Multiple types can be set in a single violation! 279 * GLA_VALID: If the gla field holds a guest VA associated with the event 280 * FAULT_WITH_GLA: If the violation was triggered by accessing gla 281 * FAULT_IN_GPT: If the violation was triggered during translating gla 282 */ 283 #define MEM_ACCESS_R (1 << 0) 284 #define MEM_ACCESS_W (1 << 1) 285 #define MEM_ACCESS_X (1 << 2) 286 #define MEM_ACCESS_RWX (MEM_ACCESS_R | MEM_ACCESS_W | MEM_ACCESS_X) 287 #define MEM_ACCESS_RW (MEM_ACCESS_R | MEM_ACCESS_W) 288 #define MEM_ACCESS_RX (MEM_ACCESS_R | MEM_ACCESS_X) 289 #define MEM_ACCESS_WX (MEM_ACCESS_W | MEM_ACCESS_X) 290 #define MEM_ACCESS_GLA_VALID (1 << 3) 291 #define MEM_ACCESS_FAULT_WITH_GLA (1 << 4) 292 #define MEM_ACCESS_FAULT_IN_GPT (1 << 5) 293 294 struct vm_event_mem_access { 295 uint64_t gfn; 296 uint64_t offset; 297 uint64_t gla; /* if flags has MEM_ACCESS_GLA_VALID set */ 298 uint32_t flags; /* MEM_ACCESS_* */ 299 uint32_t _pad; 300 }; 301 302 struct vm_event_write_ctrlreg { 303 uint32_t index; 304 uint32_t _pad; 305 uint64_t new_value; 306 uint64_t old_value; 307 }; 308 309 struct vm_event_singlestep { 310 uint64_t gfn; 311 }; 312 313 struct vm_event_fast_singlestep { 314 uint16_t p2midx; 315 }; 316 317 struct vm_event_debug { 318 uint64_t gfn; 319 uint64_t pending_dbg; /* Behaves like the VT-x PENDING_DBG field. */ 320 uint32_t insn_length; 321 uint8_t type; /* HVMOP_TRAP_* */ 322 uint8_t _pad[3]; 323 }; 324 325 struct vm_event_mov_to_msr { 326 uint64_t msr; 327 uint64_t new_value; 328 uint64_t old_value; 329 }; 330 331 #define VM_EVENT_DESC_IDTR 1 332 #define VM_EVENT_DESC_GDTR 2 333 #define VM_EVENT_DESC_LDTR 3 334 #define VM_EVENT_DESC_TR 4 335 336 struct vm_event_desc_access { 337 union { 338 struct { 339 uint32_t instr_info; /* VMX: VMCS Instruction-Information */ 340 uint32_t _pad1; 341 uint64_t exit_qualification; /* VMX: VMCS Exit Qualification */ 342 } vmx; 343 } arch; 344 uint8_t descriptor; /* VM_EVENT_DESC_* */ 345 uint8_t is_write; 346 uint8_t _pad[6]; 347 }; 348 349 struct vm_event_cpuid { 350 uint32_t insn_length; 351 uint32_t leaf; 352 uint32_t subleaf; 353 uint32_t _pad; 354 }; 355 356 struct vm_event_interrupt_x86 { 357 uint32_t vector; 358 uint32_t type; 359 uint32_t error_code; 360 uint32_t _pad; 361 uint64_t cr2; 362 }; 363 364 #define MEM_PAGING_DROP_PAGE (1 << 0) 365 #define MEM_PAGING_EVICT_FAIL (1 << 1) 366 367 struct vm_event_paging { 368 uint64_t gfn; 369 uint32_t p2mt; 370 uint32_t flags; 371 }; 372 373 struct vm_event_sharing { 374 uint64_t gfn; 375 uint32_t p2mt; 376 uint32_t _pad; 377 }; 378 379 struct vm_event_emul_read_data { 380 uint32_t size; 381 /* The struct is used in a union with vm_event_regs_x86. */ 382 uint8_t data[sizeof(struct vm_event_regs_x86) - sizeof(uint32_t)]; 383 }; 384 385 struct vm_event_emul_insn_data { 386 uint8_t data[16]; /* Has to be completely filled */ 387 }; 388 389 typedef struct vm_event_st { 390 uint32_t version; /* VM_EVENT_INTERFACE_VERSION */ 391 uint32_t flags; /* VM_EVENT_FLAG_* */ 392 uint32_t reason; /* VM_EVENT_REASON_* */ 393 uint32_t vcpu_id; 394 uint16_t altp2m_idx; /* may be used during request and response */ 395 uint16_t _pad[3]; 396 397 union { 398 struct vm_event_paging mem_paging; 399 struct vm_event_sharing mem_sharing; 400 struct vm_event_mem_access mem_access; 401 struct vm_event_write_ctrlreg write_ctrlreg; 402 struct vm_event_mov_to_msr mov_to_msr; 403 struct vm_event_desc_access desc_access; 404 struct vm_event_singlestep singlestep; 405 struct vm_event_fast_singlestep fast_singlestep; 406 struct vm_event_debug software_breakpoint; 407 struct vm_event_debug debug_exception; 408 struct vm_event_cpuid cpuid; 409 union { 410 struct vm_event_interrupt_x86 x86; 411 } interrupt; 412 } u; 413 414 union { 415 union { 416 struct vm_event_regs_x86 x86; 417 struct vm_event_regs_arm arm; 418 } regs; 419 420 union { 421 struct vm_event_emul_read_data read; 422 struct vm_event_emul_insn_data insn; 423 } emul; 424 } data; 425 } vm_event_request_t, vm_event_response_t; 426 427 DEFINE_RING_TYPES(vm_event, vm_event_request_t, vm_event_response_t); 428 429 #endif /* defined(__XEN__) || defined(__XEN_TOOLS__) */ 430 #endif /* _XEN_PUBLIC_VM_EVENT_H */ 431 432 /* 433 * Local variables: 434 * mode: C 435 * c-file-style: "BSD" 436 * c-basic-offset: 4 437 * tab-width: 4 438 * indent-tabs-mode: nil 439 * End: 440 */ 441