/*
 * Kernel-based Virtual Machine driver for Linux
 *
 * AMD SVM support
 *
 * Copyright (C) 2006 Qumranet, Inc.
 * Copyright 2010 Red Hat, Inc. and/or its affiliates.
 *
 * Authors:
 *   Yaniv Kamay  <yaniv@qumranet.com>
 *   Avi Kivity   <avi@qumranet.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2.  See
 * the COPYING file in the top-level directory.
 *
 */

#define pr_fmt(fmt) "SVM: " fmt

#include <linux/kvm_host.h>

#include "irq.h"
#include "mmu.h"
#include "kvm_cache_regs.h"
#include "x86.h"
#include "cpuid.h"
#include "pmu.h"

#include <linux/module.h>
#include <linux/mod_devicetable.h>
#include <linux/kernel.h>
#include <linux/vmalloc.h>
#include <linux/highmem.h>
#include <linux/sched.h>
#include <linux/trace_events.h>
#include <linux/slab.h>
#include <linux/amd-iommu.h>
#include <linux/hashtable.h>
#include <linux/frame.h>
#include <linux/psp-sev.h>
#include <linux/file.h>
#include <linux/pagemap.h>
#include <linux/swap.h>

#include <asm/apic.h>
#include <asm/perf_event.h>
#include <asm/tlbflush.h>
#include <asm/desc.h>
#include <asm/debugreg.h>
#include <asm/kvm_para.h>
#include <asm/irq_remapping.h>
#include <asm/spec-ctrl.h>

#include <asm/virtext.h>
#include "trace.h"

#define __ex(x) __kvm_handle_fault_on_reboot(x)

MODULE_AUTHOR("Qumranet");
MODULE_LICENSE("GPL");

static const struct x86_cpu_id svm_cpu_id[] = {
        X86_FEATURE_MATCH(X86_FEATURE_SVM),
        {}
};
MODULE_DEVICE_TABLE(x86cpu, svm_cpu_id);

#define IOPM_ALLOC_ORDER 2
#define MSRPM_ALLOC_ORDER 1

#define SEG_TYPE_LDT 2
#define SEG_TYPE_BUSY_TSS16 3

#define SVM_FEATURE_NPT            (1 <<  0)
#define SVM_FEATURE_LBRV           (1 <<  1)
#define SVM_FEATURE_SVML           (1 <<  2)
#define SVM_FEATURE_NRIP           (1 <<  3)
#define SVM_FEATURE_TSC_RATE       (1 <<  4)
#define SVM_FEATURE_VMCB_CLEAN     (1 <<  5)
#define SVM_FEATURE_FLUSH_ASID     (1 <<  6)
#define SVM_FEATURE_DECODE_ASSIST  (1 <<  7)
#define SVM_FEATURE_PAUSE_FILTER   (1 << 10)

#define SVM_AVIC_DOORBELL       0xc001011b

#define NESTED_EXIT_HOST        0       /* Exit handled on host level */
#define NESTED_EXIT_DONE        1       /* Exit caused nested vmexit  */
#define NESTED_EXIT_CONTINUE    2       /* Further checks needed      */

#define DEBUGCTL_RESERVED_BITS (~(0x3fULL))

#define TSC_RATIO_RSVD          0xffffff0000000000ULL
#define TSC_RATIO_MIN           0x0000000000000001ULL
#define TSC_RATIO_MAX           0x000000ffffffffffULL

#define AVIC_HPA_MASK   ~((0xFFFULL << 52) | 0xFFF)

/*
 * 0xff is broadcast, so the max index allowed for physical APIC ID
 * table is 0xfe.  APIC IDs above 0xff are reserved.
 */
#define AVIC_MAX_PHYSICAL_ID_COUNT      255

#define AVIC_UNACCEL_ACCESS_WRITE_MASK          1
#define AVIC_UNACCEL_ACCESS_OFFSET_MASK         0xFF0
#define AVIC_UNACCEL_ACCESS_VECTOR_MASK         0xFFFFFFFF

/* AVIC GATAG is encoded using VM and VCPU IDs */
#define AVIC_VCPU_ID_BITS               8
#define AVIC_VCPU_ID_MASK               ((1 << AVIC_VCPU_ID_BITS) - 1)

#define AVIC_VM_ID_BITS                 24
#define AVIC_VM_ID_NR                   (1 << AVIC_VM_ID_BITS)
#define AVIC_VM_ID_MASK                 ((1 << AVIC_VM_ID_BITS) - 1)

#define AVIC_GATAG(x, y)                (((x & AVIC_VM_ID_MASK) << AVIC_VCPU_ID_BITS) | \
                                                (y & AVIC_VCPU_ID_MASK))
#define AVIC_GATAG_TO_VMID(x)           ((x >> AVIC_VCPU_ID_BITS) & AVIC_VM_ID_MASK)
#define AVIC_GATAG_TO_VCPUID(x)         (x & AVIC_VCPU_ID_MASK)

static bool erratum_383_found __read_mostly;

static const u32 host_save_user_msrs[] = {
#ifdef CONFIG_X86_64
        MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE,
        MSR_FS_BASE,
#endif
        MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
        MSR_TSC_AUX,
};

#define NR_HOST_SAVE_USER_MSRS ARRAY_SIZE(host_save_user_msrs)

struct kvm_sev_info {
        bool active;            /* SEV enabled guest */
        unsigned int asid;      /* ASID used for this guest */
        unsigned int handle;    /* SEV firmware handle */
        int fd;                 /* SEV device fd */
        unsigned long pages_locked; /* Number of pages locked */
        struct list_head regions_list;  /* List of registered regions */
};

struct kvm_svm {
        struct kvm kvm;

        /* Struct members for AVIC */
        u32 avic_vm_id;
        u32 ldr_mode;
        struct page *avic_logical_id_table_page;
        struct page *avic_physical_id_table_page;
        struct hlist_node hnode;

        struct kvm_sev_info sev_info;
};

struct kvm_vcpu;

struct nested_state {
        struct vmcb *hsave;
        u64 hsave_msr;
        u64 vm_cr_msr;
        u64 vmcb;

        /* These are the merged vectors */
        u32 *msrpm;

        /* gpa pointers to the real vectors */
        u64 vmcb_msrpm;
        u64 vmcb_iopm;

        /* A VMEXIT is required but not yet emulated */
        bool exit_required;

        /* cache for intercepts of the guest */
        u32 intercept_cr;
        u32 intercept_dr;
        u32 intercept_exceptions;
        u64 intercept;

        /* Nested Paging related state */
        u64 nested_cr3;
};

#define MSRPM_OFFSETS   16
static u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly;

/*
 * Set osvw_len to higher value when updated Revision Guides
 * are published and we know what the new status bits are
 */
static uint64_t osvw_len = 4, osvw_status;

struct vcpu_svm {
        struct kvm_vcpu vcpu;
        struct vmcb *vmcb;
        unsigned long vmcb_pa;
        struct svm_cpu_data *svm_data;
        uint64_t asid_generation;
        uint64_t sysenter_esp;
        uint64_t sysenter_eip;
        uint64_t tsc_aux;

        u64 msr_decfg;

        u64 next_rip;

        u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
        struct {
                u16 fs;
                u16 gs;
                u16 ldt;
                u64 gs_base;
        } host;

        u64 spec_ctrl;
        /*
         * Contains guest-controlled bits of VIRT_SPEC_CTRL, which will be
         * translated into the appropriate L2_CFG bits on the host to
         * perform speculative control.
         */
        u64 virt_spec_ctrl;

        u32 *msrpm;

        ulong nmi_iret_rip;

        struct nested_state nested;

        bool nmi_singlestep;
        u64 nmi_singlestep_guest_rflags;

        unsigned int3_injected;
        unsigned long int3_rip;

        /* cached guest cpuid flags for faster access */
        bool nrips_enabled      : 1;

        u32 ldr_reg;
        struct page *avic_backing_page;
        u64 *avic_physical_id_cache;
        bool avic_is_running;

        /*
         * Per-vcpu list of struct amd_svm_iommu_ir:
         * This is used mainly to store interrupt remapping information used
         * when update the vcpu affinity. This avoids the need to scan for
         * IRTE and try to match ga_tag in the IOMMU driver.
         */
        struct list_head ir_list;
        spinlock_t ir_list_lock;

        /* which host CPU was used for running this vcpu */
        unsigned int last_cpu;
};

/*
 * This is a wrapper of struct amd_iommu_ir_data.
 */
struct amd_svm_iommu_ir {
        struct list_head node;  /* Used by SVM for per-vcpu ir_list */
        void *data;             /* Storing pointer to struct amd_ir_data */
};

#define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK    (0xFF)
#define AVIC_LOGICAL_ID_ENTRY_VALID_MASK                (1 << 31)

#define AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK    (0xFFULL)
#define AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK        (0xFFFFFFFFFFULL << 12)
#define AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK          (1ULL << 62)
#define AVIC_PHYSICAL_ID_ENTRY_VALID_MASK               (1ULL << 63)

static DEFINE_PER_CPU(u64, current_tsc_ratio);
#define TSC_RATIO_DEFAULT       0x0100000000ULL

#define MSR_INVALID                     0xffffffffU

static const struct svm_direct_access_msrs {
        u32 index;   /* Index of the MSR */
        bool always; /* True if intercept is always on */
} direct_access_msrs[] = {
        { .index = MSR_STAR,                            .always = true  },
        { .index = MSR_IA32_SYSENTER_CS,                .always = true  },
#ifdef CONFIG_X86_64
        { .index = MSR_GS_BASE,                         .always = true  },
        { .index = MSR_FS_BASE,                         .always = true  },
        { .index = MSR_KERNEL_GS_BASE,                  .always = true  },
        { .index = MSR_LSTAR,                           .always = true  },
        { .index = MSR_CSTAR,                           .always = true  },
        { .index = MSR_SYSCALL_MASK,                    .always = true  },
#endif
        { .index = MSR_IA32_SPEC_CTRL,                  .always = false },
        { .index = MSR_IA32_PRED_CMD,                   .always = false },
        { .index = MSR_IA32_LASTBRANCHFROMIP,           .always = false },
        { .index = MSR_IA32_LASTBRANCHTOIP,             .always = false },
        { .index = MSR_IA32_LASTINTFROMIP,              .always = false },
        { .index = MSR_IA32_LASTINTTOIP,                .always = false },
        { .index = MSR_INVALID,                         .always = false },
};

/* enable NPT for AMD64 and X86 with PAE */
#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
static bool npt_enabled = true;
#else
static bool npt_enabled;
#endif

/*
 * These 2 parameters are used to config the controls for Pause-Loop Exiting:
 * pause_filter_count: On processors that support Pause filtering(indicated
 *      by CPUID Fn8000_000A_EDX), the VMCB provides a 16 bit pause filter
 *      count value. On VMRUN this value is loaded into an internal counter.
 *      Each time a pause instruction is executed, this counter is decremented
 *      until it reaches zero at which time a #VMEXIT is generated if pause
 *      intercept is enabled. Refer to  AMD APM Vol 2 Section 15.14.4 Pause
 *      Intercept Filtering for more details.
 *      This also indicate if ple logic enabled.
 *
 * pause_filter_thresh: In addition, some processor families support advanced
 *      pause filtering (indicated by CPUID Fn8000_000A_EDX) upper bound on
 *      the amount of time a guest is allowed to execute in a pause loop.
 *      In this mode, a 16-bit pause filter threshold field is added in the
 *      VMCB. The threshold value is a cycle count that is used to reset the
 *      pause counter. As with simple pause filtering, VMRUN loads the pause
 *      count value from VMCB into an internal counter. Then, on each pause
 *      instruction the hardware checks the elapsed number of cycles since
 *      the most recent pause instruction against the pause filter threshold.
 *      If the elapsed cycle count is greater than the pause filter threshold,
 *      then the internal pause count is reloaded from the VMCB and execution
 *      continues. If the elapsed cycle count is less than the pause filter
 *      threshold, then the internal pause count is decremented. If the count
 *      value is less than zero and PAUSE intercept is enabled, a #VMEXIT is
 *      triggered. If advanced pause filtering is supported and pause filter
 *      threshold field is set to zero, the filter will operate in the simpler,
 *      count only mode.
 */

static unsigned short pause_filter_thresh = KVM_DEFAULT_PLE_GAP;
module_param(pause_filter_thresh, ushort, 0444);

static unsigned short pause_filter_count = KVM_SVM_DEFAULT_PLE_WINDOW;
module_param(pause_filter_count, ushort, 0444);

/* Default doubles per-vcpu window every exit. */
static unsigned short pause_filter_count_grow = KVM_DEFAULT_PLE_WINDOW_GROW;
module_param(pause_filter_count_grow, ushort, 0444);

/* Default resets per-vcpu window every exit to pause_filter_count. */
static unsigned short pause_filter_count_shrink = KVM_DEFAULT_PLE_WINDOW_SHRINK;
module_param(pause_filter_count_shrink, ushort, 0444);

/* Default is to compute the maximum so we can never overflow. */
static unsigned short pause_filter_count_max = KVM_SVM_DEFAULT_PLE_WINDOW_MAX;
module_param(pause_filter_count_max, ushort, 0444);

/* allow nested paging (virtualized MMU) for all guests */
static int npt = true;
module_param(npt, int, S_IRUGO);

/* allow nested virtualization in KVM/SVM */
static int nested = true;
module_param(nested, int, S_IRUGO);

/* enable / disable AVIC */
static int avic;
#ifdef CONFIG_X86_LOCAL_APIC
module_param(avic, int, S_IRUGO);
#endif

/* enable/disable Virtual VMLOAD VMSAVE */
static int vls = true;
module_param(vls, int, 0444);

/* enable/disable Virtual GIF */
static int vgif = true;
module_param(vgif, int, 0444);

/* enable/disable SEV support */
static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT);
module_param(sev, int, 0444);

static u8 rsm_ins_bytes[] = "\x0f\xaa";

static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
static void svm_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa);
static void svm_complete_interrupts(struct vcpu_svm *svm);

static int nested_svm_exit_handled(struct vcpu_svm *svm);
static int nested_svm_intercept(struct vcpu_svm *svm);
static int nested_svm_vmexit(struct vcpu_svm *svm);
static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
                                      bool has_error_code, u32 error_code);

enum {
        VMCB_INTERCEPTS, /* Intercept vectors, TSC offset,
                            pause filter count */
        VMCB_PERM_MAP,   /* IOPM Base and MSRPM Base */
        VMCB_ASID,       /* ASID */
        VMCB_INTR,       /* int_ctl, int_vector */
        VMCB_NPT,        /* npt_en, nCR3, gPAT */
        VMCB_CR,         /* CR0, CR3, CR4, EFER */
        VMCB_DR,         /* DR6, DR7 */
        VMCB_DT,         /* GDT, IDT */
        VMCB_SEG,        /* CS, DS, SS, ES, CPL */
        VMCB_CR2,        /* CR2 only */
        VMCB_LBR,        /* DBGCTL, BR_FROM, BR_TO, LAST_EX_FROM, LAST_EX_TO */
        VMCB_AVIC,       /* AVIC APIC_BAR, AVIC APIC_BACKING_PAGE,
                          * AVIC PHYSICAL_TABLE pointer,
                          * AVIC LOGICAL_TABLE pointer
                          */
        VMCB_DIRTY_MAX,
};

/* TPR and CR2 are always written before VMRUN */
#define VMCB_ALWAYS_DIRTY_MASK  ((1U << VMCB_INTR) | (1U << VMCB_CR2))

#define VMCB_AVIC_APIC_BAR_MASK         0xFFFFFFFFFF000ULL

static unsigned int max_sev_asid;
static unsigned int min_sev_asid;
static unsigned long *sev_asid_bitmap;
#define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT)

struct enc_region {
        struct list_head list;
        unsigned long npages;
        struct page **pages;
        unsigned long uaddr;
        unsigned long size;
};


static inline struct kvm_svm *to_kvm_svm(struct kvm *kvm)
{
        return container_of(kvm, struct kvm_svm, kvm);
}

static inline bool svm_sev_enabled(void)
{
        return max_sev_asid;
}

static inline bool sev_guest(struct kvm *kvm)
{
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;

        return sev->active;
}

static inline int sev_get_asid(struct kvm *kvm)
{
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;

        return sev->asid;
}

static inline void mark_all_dirty(struct vmcb *vmcb)
{
        vmcb->control.clean = 0;
}

static inline void mark_all_clean(struct vmcb *vmcb)
{
        vmcb->control.clean = ((1 << VMCB_DIRTY_MAX) - 1)
                               & ~VMCB_ALWAYS_DIRTY_MASK;
}

static inline void mark_dirty(struct vmcb *vmcb, int bit)
{
        vmcb->control.clean &= ~(1 << bit);
}

static inline struct vcpu_svm *to_svm(struct kvm_vcpu *vcpu)
{
        return container_of(vcpu, struct vcpu_svm, vcpu);
}

static inline void avic_update_vapic_bar(struct vcpu_svm *svm, u64 data)
{
        svm->vmcb->control.avic_vapic_bar = data & VMCB_AVIC_APIC_BAR_MASK;
        mark_dirty(svm->vmcb, VMCB_AVIC);
}

static inline bool avic_vcpu_is_running(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        u64 *entry = svm->avic_physical_id_cache;

        if (!entry)
                return false;

        return (READ_ONCE(*entry) & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);
}

static void recalc_intercepts(struct vcpu_svm *svm)
{
        struct vmcb_control_area *c, *h;
        struct nested_state *g;

        mark_dirty(svm->vmcb, VMCB_INTERCEPTS);

        if (!is_guest_mode(&svm->vcpu))
                return;

        c = &svm->vmcb->control;
        h = &svm->nested.hsave->control;
        g = &svm->nested;

        c->intercept_cr = h->intercept_cr | g->intercept_cr;
        c->intercept_dr = h->intercept_dr | g->intercept_dr;
        c->intercept_exceptions = h->intercept_exceptions | g->intercept_exceptions;
        c->intercept = h->intercept | g->intercept;
}

static inline struct vmcb *get_host_vmcb(struct vcpu_svm *svm)
{
        if (is_guest_mode(&svm->vcpu))
                return svm->nested.hsave;
        else
                return svm->vmcb;
}

static inline void set_cr_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept_cr |= (1U << bit);

        recalc_intercepts(svm);
}

static inline void clr_cr_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept_cr &= ~(1U << bit);

        recalc_intercepts(svm);
}

static inline bool is_cr_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        return vmcb->control.intercept_cr & (1U << bit);
}

static inline void set_dr_intercepts(struct vcpu_svm *svm)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept_dr = (1 << INTERCEPT_DR0_READ)
                | (1 << INTERCEPT_DR1_READ)
                | (1 << INTERCEPT_DR2_READ)
                | (1 << INTERCEPT_DR3_READ)
                | (1 << INTERCEPT_DR4_READ)
                | (1 << INTERCEPT_DR5_READ)
                | (1 << INTERCEPT_DR6_READ)
                | (1 << INTERCEPT_DR7_READ)
                | (1 << INTERCEPT_DR0_WRITE)
                | (1 << INTERCEPT_DR1_WRITE)
                | (1 << INTERCEPT_DR2_WRITE)
                | (1 << INTERCEPT_DR3_WRITE)
                | (1 << INTERCEPT_DR4_WRITE)
                | (1 << INTERCEPT_DR5_WRITE)
                | (1 << INTERCEPT_DR6_WRITE)
                | (1 << INTERCEPT_DR7_WRITE);

        recalc_intercepts(svm);
}

static inline void clr_dr_intercepts(struct vcpu_svm *svm)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept_dr = 0;

        recalc_intercepts(svm);
}

static inline void set_exception_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept_exceptions |= (1U << bit);

        recalc_intercepts(svm);
}

static inline void clr_exception_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept_exceptions &= ~(1U << bit);

        recalc_intercepts(svm);
}

static inline void set_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept |= (1ULL << bit);

        recalc_intercepts(svm);
}

static inline void clr_intercept(struct vcpu_svm *svm, int bit)
{
        struct vmcb *vmcb = get_host_vmcb(svm);

        vmcb->control.intercept &= ~(1ULL << bit);

        recalc_intercepts(svm);
}

static inline bool vgif_enabled(struct vcpu_svm *svm)
{
        return !!(svm->vmcb->control.int_ctl & V_GIF_ENABLE_MASK);
}

static inline void enable_gif(struct vcpu_svm *svm)
{
        if (vgif_enabled(svm))
                svm->vmcb->control.int_ctl |= V_GIF_MASK;
        else
                svm->vcpu.arch.hflags |= HF_GIF_MASK;
}

static inline void disable_gif(struct vcpu_svm *svm)
{
        if (vgif_enabled(svm))
                svm->vmcb->control.int_ctl &= ~V_GIF_MASK;
        else
                svm->vcpu.arch.hflags &= ~HF_GIF_MASK;
}

static inline bool gif_set(struct vcpu_svm *svm)
{
        if (vgif_enabled(svm))
                return !!(svm->vmcb->control.int_ctl & V_GIF_MASK);
        else
                return !!(svm->vcpu.arch.hflags & HF_GIF_MASK);
}

static unsigned long iopm_base;

struct kvm_ldttss_desc {
        u16 limit0;
        u16 base0;
        unsigned base1:8, type:5, dpl:2, p:1;
        unsigned limit1:4, zero0:3, g:1, base2:8;
        u32 base3;
        u32 zero1;
} __attribute__((packed));

struct svm_cpu_data {
        int cpu;

        u64 asid_generation;
        u32 max_asid;
        u32 next_asid;
        u32 min_asid;
        struct kvm_ldttss_desc *tss_desc;

        struct page *save_area;
        struct vmcb *current_vmcb;

        /* index = sev_asid, value = vmcb pointer */
        struct vmcb **sev_vmcbs;
};

static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);

struct svm_init_data {
        int cpu;
        int r;
};

static const u32 msrpm_ranges[] = {0, 0xc0000000, 0xc0010000};

#define NUM_MSR_MAPS ARRAY_SIZE(msrpm_ranges)
#define MSRS_RANGE_SIZE 2048
#define MSRS_IN_RANGE (MSRS_RANGE_SIZE * 8 / 2)

static u32 svm_msrpm_offset(u32 msr)
{
        u32 offset;
        int i;

        for (i = 0; i < NUM_MSR_MAPS; i++) {
                if (msr < msrpm_ranges[i] ||
                    msr >= msrpm_ranges[i] + MSRS_IN_RANGE)
                        continue;

                offset  = (msr - msrpm_ranges[i]) / 4; /* 4 msrs per u8 */
                offset += (i * MSRS_RANGE_SIZE);       /* add range offset */

                /* Now we have the u8 offset - but need the u32 offset */
                return offset / 4;
        }

        /* MSR not in any range */
        return MSR_INVALID;
}

#define MAX_INST_SIZE 15

static inline void clgi(void)
{
        asm volatile (__ex(SVM_CLGI));
}

static inline void stgi(void)
{
        asm volatile (__ex(SVM_STGI));
}

static inline void invlpga(unsigned long addr, u32 asid)
{
        asm volatile (__ex(SVM_INVLPGA) : : "a"(addr), "c"(asid));
}

static int get_npt_level(struct kvm_vcpu *vcpu)
{
#ifdef CONFIG_X86_64
        return PT64_ROOT_4LEVEL;
#else
        return PT32E_ROOT_LEVEL;
#endif
}

static void svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
{
        vcpu->arch.efer = efer;
        if (!npt_enabled && !(efer & EFER_LMA))
                efer &= ~EFER_LME;

        to_svm(vcpu)->vmcb->save.efer = efer | EFER_SVME;
        mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
}

static int is_external_interrupt(u32 info)
{
        info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
        return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
}

static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        u32 ret = 0;

        if (svm->vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)
                ret = KVM_X86_SHADOW_INT_STI | KVM_X86_SHADOW_INT_MOV_SS;
        return ret;
}

static void svm_set_interrupt_shadow(struct kvm_vcpu *vcpu, int mask)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        if (mask == 0)
                svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
        else
                svm->vmcb->control.int_state |= SVM_INTERRUPT_SHADOW_MASK;

}

static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        if (svm->vmcb->control.next_rip != 0) {
                WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
                svm->next_rip = svm->vmcb->control.next_rip;
        }

        if (!svm->next_rip) {
                if (emulate_instruction(vcpu, EMULTYPE_SKIP) !=
                                EMULATE_DONE)
                        printk(KERN_DEBUG "%s: NOP\n", __func__);
                return;
        }
        if (svm->next_rip - kvm_rip_read(vcpu) > MAX_INST_SIZE)
                printk(KERN_ERR "%s: ip 0x%lx next 0x%llx\n",
                       __func__, kvm_rip_read(vcpu), svm->next_rip);

        kvm_rip_write(vcpu, svm->next_rip);
        svm_set_interrupt_shadow(vcpu, 0);
}

static void svm_queue_exception(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        unsigned nr = vcpu->arch.exception.nr;
        bool has_error_code = vcpu->arch.exception.has_error_code;
        bool reinject = vcpu->arch.exception.injected;
        u32 error_code = vcpu->arch.exception.error_code;

        /*
         * If we are within a nested VM we'd better #VMEXIT and let the guest
         * handle the exception
         */
        if (!reinject &&
            nested_svm_check_exception(svm, nr, has_error_code, error_code))
                return;

        if (nr == BP_VECTOR && !static_cpu_has(X86_FEATURE_NRIPS)) {
                unsigned long rip, old_rip = kvm_rip_read(&svm->vcpu);

                /*
                 * For guest debugging where we have to reinject #BP if some
                 * INT3 is guest-owned:
                 * Emulate nRIP by moving RIP forward. Will fail if injection
                 * raises a fault that is not intercepted. Still better than
                 * failing in all cases.
                 */
                skip_emulated_instruction(&svm->vcpu);
                rip = kvm_rip_read(&svm->vcpu);
                svm->int3_rip = rip + svm->vmcb->save.cs.base;
                svm->int3_injected = rip - old_rip;
        }

        svm->vmcb->control.event_inj = nr
                | SVM_EVTINJ_VALID
                | (has_error_code ? SVM_EVTINJ_VALID_ERR : 0)
                | SVM_EVTINJ_TYPE_EXEPT;
        svm->vmcb->control.event_inj_err = error_code;
}

static void svm_init_erratum_383(void)
{
        u32 low, high;
        int err;
        u64 val;

        if (!static_cpu_has_bug(X86_BUG_AMD_TLB_MMATCH))
                return;

        /* Use _safe variants to not break nested virtualization */
        val = native_read_msr_safe(MSR_AMD64_DC_CFG, &err);
        if (err)
                return;

        val |= (1ULL << 47);

        low  = lower_32_bits(val);
        high = upper_32_bits(val);

        native_write_msr_safe(MSR_AMD64_DC_CFG, low, high);

        erratum_383_found = true;
}

static void svm_init_osvw(struct kvm_vcpu *vcpu)
{
        /*
         * Guests should see errata 400 and 415 as fixed (assuming that
         * HLT and IO instructions are intercepted).
         */
        vcpu->arch.osvw.length = (osvw_len >= 3) ? (osvw_len) : 3;
        vcpu->arch.osvw.status = osvw_status & ~(6ULL);

        /*
         * By increasing VCPU's osvw.length to 3 we are telling the guest that
         * all osvw.status bits inside that length, including bit 0 (which is
         * reserved for erratum 298), are valid. However, if host processor's
         * osvw_len is 0 then osvw_status[0] carries no information. We need to
         * be conservative here and therefore we tell the guest that erratum 298
         * is present (because we really don't know).
         */
        if (osvw_len == 0 && boot_cpu_data.x86 == 0x10)
                vcpu->arch.osvw.status |= 1;
}

static int has_svm(void)
{
        const char *msg;

        if (!cpu_has_svm(&msg)) {
                printk(KERN_INFO "has_svm: %s\n", msg);
                return 0;
        }

        return 1;
}

static void svm_hardware_disable(void)
{
        /* Make sure we clean up behind us */
        if (static_cpu_has(X86_FEATURE_TSCRATEMSR))
                wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT);

        cpu_svm_disable();

        amd_pmu_disable_virt();
}

static int svm_hardware_enable(void)
{

        struct svm_cpu_data *sd;
        uint64_t efer;
        struct desc_struct *gdt;
        int me = raw_smp_processor_id();

        rdmsrl(MSR_EFER, efer);
        if (efer & EFER_SVME)
                return -EBUSY;

        if (!has_svm()) {
                pr_err("%s: err EOPNOTSUPP on %d\n", __func__, me);
                return -EINVAL;
        }
        sd = per_cpu(svm_data, me);
        if (!sd) {
                pr_err("%s: svm_data is NULL on %d\n", __func__, me);
                return -EINVAL;
        }

        sd->asid_generation = 1;
        sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
        sd->next_asid = sd->max_asid + 1;
        sd->min_asid = max_sev_asid + 1;

        gdt = get_current_gdt_rw();
        sd->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);

        wrmsrl(MSR_EFER, efer | EFER_SVME);

        wrmsrl(MSR_VM_HSAVE_PA, page_to_pfn(sd->save_area) << PAGE_SHIFT);

        if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
                wrmsrl(MSR_AMD64_TSC_RATIO, TSC_RATIO_DEFAULT);
                __this_cpu_write(current_tsc_ratio, TSC_RATIO_DEFAULT);
        }


        /*
         * Get OSVW bits.
         *
         * Note that it is possible to have a system with mixed processor
         * revisions and therefore different OSVW bits. If bits are not the same
         * on different processors then choose the worst case (i.e. if erratum
         * is present on one processor and not on another then assume that the
         * erratum is present everywhere).
         */
        if (cpu_has(&boot_cpu_data, X86_FEATURE_OSVW)) {
                uint64_t len, status = 0;
                int err;

                len = native_read_msr_safe(MSR_AMD64_OSVW_ID_LENGTH, &err);
                if (!err)
                        status = native_read_msr_safe(MSR_AMD64_OSVW_STATUS,
                                                      &err);

                if (err)
                        osvw_status = osvw_len = 0;
                else {
                        if (len < osvw_len)
                                osvw_len = len;
                        osvw_status |= status;
                        osvw_status &= (1ULL << osvw_len) - 1;
                }
        } else
                osvw_status = osvw_len = 0;

        svm_init_erratum_383();

        amd_pmu_enable_virt();

        return 0;
}

static void svm_cpu_uninit(int cpu)
{
        struct svm_cpu_data *sd = per_cpu(svm_data, raw_smp_processor_id());

        if (!sd)
                return;

        per_cpu(svm_data, raw_smp_processor_id()) = NULL;
        kfree(sd->sev_vmcbs);
        __free_page(sd->save_area);
        kfree(sd);
}

static int svm_cpu_init(int cpu)
{
        struct svm_cpu_data *sd;
        int r;

        sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
        if (!sd)
                return -ENOMEM;
        sd->cpu = cpu;
        r = -ENOMEM;
        sd->save_area = alloc_page(GFP_KERNEL);
        if (!sd->save_area)
                goto err_1;

        if (svm_sev_enabled()) {
                r = -ENOMEM;
                sd->sev_vmcbs = kmalloc((max_sev_asid + 1) * sizeof(void *), GFP_KERNEL);
                if (!sd->sev_vmcbs)
                        goto err_1;
        }

        per_cpu(svm_data, cpu) = sd;

        return 0;

err_1:
        kfree(sd);
        return r;

}

static bool valid_msr_intercept(u32 index)
{
        int i;

        for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++)
                if (direct_access_msrs[i].index == index)
                        return true;

        return false;
}

static bool msr_write_intercepted(struct kvm_vcpu *vcpu, unsigned msr)
{
        u8 bit_write;
        unsigned long tmp;
        u32 offset;
        u32 *msrpm;

        msrpm = is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm:
                                      to_svm(vcpu)->msrpm;

        offset    = svm_msrpm_offset(msr);
        bit_write = 2 * (msr & 0x0f) + 1;
        tmp       = msrpm[offset];

        BUG_ON(offset == MSR_INVALID);

        return !!test_bit(bit_write,  &tmp);
}

static void set_msr_interception(u32 *msrpm, unsigned msr,
                                 int read, int write)
{
        u8 bit_read, bit_write;
        unsigned long tmp;
        u32 offset;

        /*
         * If this warning triggers extend the direct_access_msrs list at the
         * beginning of the file
         */
        WARN_ON(!valid_msr_intercept(msr));

        offset    = svm_msrpm_offset(msr);
        bit_read  = 2 * (msr & 0x0f);
        bit_write = 2 * (msr & 0x0f) + 1;
        tmp       = msrpm[offset];

        BUG_ON(offset == MSR_INVALID);

        read  ? clear_bit(bit_read,  &tmp) : set_bit(bit_read,  &tmp);
        write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);

        msrpm[offset] = tmp;
}

static void svm_vcpu_init_msrpm(u32 *msrpm)
{
        int i;

        memset(msrpm, 0xff, PAGE_SIZE * (1 << MSRPM_ALLOC_ORDER));

        for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
                if (!direct_access_msrs[i].always)
                        continue;

                set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1);
        }
}

static void add_msr_offset(u32 offset)
{
        int i;

        for (i = 0; i < MSRPM_OFFSETS; ++i) {

                /* Offset already in list? */
                if (msrpm_offsets[i] == offset)
                        return;

                /* Slot used by another offset? */
                if (msrpm_offsets[i] != MSR_INVALID)
                        continue;

                /* Add offset to list */
                msrpm_offsets[i] = offset;

                return;
        }

        /*
         * If this BUG triggers the msrpm_offsets table has an overflow. Just
         * increase MSRPM_OFFSETS in this case.
         */
        BUG();
}

static void init_msrpm_offsets(void)
{
        int i;

        memset(msrpm_offsets, 0xff, sizeof(msrpm_offsets));

        for (i = 0; direct_access_msrs[i].index != MSR_INVALID; i++) {
                u32 offset;

                offset = svm_msrpm_offset(direct_access_msrs[i].index);
                BUG_ON(offset == MSR_INVALID);

                add_msr_offset(offset);
        }
}

static void svm_enable_lbrv(struct vcpu_svm *svm)
{
        u32 *msrpm = svm->msrpm;

        svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK;
        set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
        set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
        set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
        set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
}

static void svm_disable_lbrv(struct vcpu_svm *svm)
{
        u32 *msrpm = svm->msrpm;

        svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
        set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
        set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
        set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
        set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
}

static void disable_nmi_singlestep(struct vcpu_svm *svm)
{
        svm->nmi_singlestep = false;

        if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) {
                /* Clear our flags if they were not set by the guest */
                if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
                        svm->vmcb->save.rflags &= ~X86_EFLAGS_TF;
                if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
                        svm->vmcb->save.rflags &= ~X86_EFLAGS_RF;
        }
}

/* Note:
 * This hash table is used to map VM_ID to a struct kvm_svm,
 * when handling AMD IOMMU GALOG notification to schedule in
 * a particular vCPU.
 */
#define SVM_VM_DATA_HASH_BITS   8
static DEFINE_HASHTABLE(svm_vm_data_hash, SVM_VM_DATA_HASH_BITS);
static u32 next_vm_id = 0;
static bool next_vm_id_wrapped = 0;
static DEFINE_SPINLOCK(svm_vm_data_hash_lock);

/* Note:
 * This function is called from IOMMU driver to notify
 * SVM to schedule in a particular vCPU of a particular VM.
 */
static int avic_ga_log_notifier(u32 ga_tag)
{
        unsigned long flags;
        struct kvm_svm *kvm_svm;
        struct kvm_vcpu *vcpu = NULL;
        u32 vm_id = AVIC_GATAG_TO_VMID(ga_tag);
        u32 vcpu_id = AVIC_GATAG_TO_VCPUID(ga_tag);

        pr_debug("SVM: %s: vm_id=%#x, vcpu_id=%#x\n", __func__, vm_id, vcpu_id);

        spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
        hash_for_each_possible(svm_vm_data_hash, kvm_svm, hnode, vm_id) {
                if (kvm_svm->avic_vm_id != vm_id)
                        continue;
                vcpu = kvm_get_vcpu_by_id(&kvm_svm->kvm, vcpu_id);
                break;
        }
        spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);

        /* Note:
         * At this point, the IOMMU should have already set the pending
         * bit in the vAPIC backing page. So, we just need to schedule
         * in the vcpu.
         */
        if (vcpu)
                kvm_vcpu_wake_up(vcpu);

        return 0;
}

static __init int sev_hardware_setup(void)
{
        struct sev_user_data_status *status;
        int rc;

        /* Maximum number of encrypted guests supported simultaneously */
        max_sev_asid = cpuid_ecx(0x8000001F);

        if (!max_sev_asid)
                return 1;

        /* Minimum ASID value that should be used for SEV guest */
        min_sev_asid = cpuid_edx(0x8000001F);

        /* Initialize SEV ASID bitmap */
        sev_asid_bitmap = kcalloc(BITS_TO_LONGS(max_sev_asid),
                                sizeof(unsigned long), GFP_KERNEL);
        if (!sev_asid_bitmap)
                return 1;

        status = kmalloc(sizeof(*status), GFP_KERNEL);
        if (!status)
                return 1;

        /*
         * Check SEV platform status.
         *
         * PLATFORM_STATUS can be called in any state, if we failed to query
         * the PLATFORM status then either PSP firmware does not support SEV
         * feature or SEV firmware is dead.
         */
        rc = sev_platform_status(status, NULL);
        if (rc)
                goto err;

        pr_info("SEV supported\n");

err:
        kfree(status);
        return rc;
}

static void grow_ple_window(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        struct vmcb_control_area *control = &svm->vmcb->control;
        int old = control->pause_filter_count;

        control->pause_filter_count = __grow_ple_window(old,
                                                        pause_filter_count,
                                                        pause_filter_count_grow,
                                                        pause_filter_count_max);

        if (control->pause_filter_count != old)
                mark_dirty(svm->vmcb, VMCB_INTERCEPTS);

        trace_kvm_ple_window_grow(vcpu->vcpu_id,
                                  control->pause_filter_count, old);
}

static void shrink_ple_window(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        struct vmcb_control_area *control = &svm->vmcb->control;
        int old = control->pause_filter_count;

        control->pause_filter_count =
                                __shrink_ple_window(old,
                                                    pause_filter_count,
                                                    pause_filter_count_shrink,
                                                    pause_filter_count);
        if (control->pause_filter_count != old)
                mark_dirty(svm->vmcb, VMCB_INTERCEPTS);

        trace_kvm_ple_window_shrink(vcpu->vcpu_id,
                                    control->pause_filter_count, old);
}

static __init int svm_hardware_setup(void)
{
        int cpu;
        struct page *iopm_pages;
        void *iopm_va;
        int r;

        iopm_pages = alloc_pages(GFP_KERNEL, IOPM_ALLOC_ORDER);

        if (!iopm_pages)
                return -ENOMEM;

        iopm_va = page_address(iopm_pages);
        memset(iopm_va, 0xff, PAGE_SIZE * (1 << IOPM_ALLOC_ORDER));
        iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT;

        init_msrpm_offsets();

        if (boot_cpu_has(X86_FEATURE_NX))
                kvm_enable_efer_bits(EFER_NX);

        if (boot_cpu_has(X86_FEATURE_FXSR_OPT))
                kvm_enable_efer_bits(EFER_FFXSR);

        if (boot_cpu_has(X86_FEATURE_TSCRATEMSR)) {
                kvm_has_tsc_control = true;
                kvm_max_tsc_scaling_ratio = TSC_RATIO_MAX;
                kvm_tsc_scaling_ratio_frac_bits = 32;
        }

        /* Check for pause filtering support */
        if (!boot_cpu_has(X86_FEATURE_PAUSEFILTER)) {
                pause_filter_count = 0;
                pause_filter_thresh = 0;
        } else if (!boot_cpu_has(X86_FEATURE_PFTHRESHOLD)) {
                pause_filter_thresh = 0;
        }

        if (nested) {
                printk(KERN_INFO "kvm: Nested Virtualization enabled\n");
                kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
        }

        if (sev) {
                if (boot_cpu_has(X86_FEATURE_SEV) &&
                    IS_ENABLED(CONFIG_KVM_AMD_SEV)) {
                        r = sev_hardware_setup();
                        if (r)
                                sev = false;
                } else {
                        sev = false;
                }
        }

        for_each_possible_cpu(cpu) {
                r = svm_cpu_init(cpu);
                if (r)
                        goto err;
        }

        if (!boot_cpu_has(X86_FEATURE_NPT))
                npt_enabled = false;

        if (npt_enabled && !npt) {
                printk(KERN_INFO "kvm: Nested Paging disabled\n");
                npt_enabled = false;
        }

        if (npt_enabled) {
                printk(KERN_INFO "kvm: Nested Paging enabled\n");
                kvm_enable_tdp();
        } else
                kvm_disable_tdp();

        if (avic) {
                if (!npt_enabled ||
                    !boot_cpu_has(X86_FEATURE_AVIC) ||
                    !IS_ENABLED(CONFIG_X86_LOCAL_APIC)) {
                        avic = false;
                } else {
                        pr_info("AVIC enabled\n");

                        amd_iommu_register_ga_log_notifier(&avic_ga_log_notifier);
                }
        }

        if (vls) {
                if (!npt_enabled ||
                    !boot_cpu_has(X86_FEATURE_V_VMSAVE_VMLOAD) ||
                    !IS_ENABLED(CONFIG_X86_64)) {
                        vls = false;
                } else {
                        pr_info("Virtual VMLOAD VMSAVE supported\n");
                }
        }

        if (vgif) {
                if (!boot_cpu_has(X86_FEATURE_VGIF))
                        vgif = false;
                else
                        pr_info("Virtual GIF supported\n");
        }

        return 0;

err:
        __free_pages(iopm_pages, IOPM_ALLOC_ORDER);
        iopm_base = 0;
        return r;
}

static __exit void svm_hardware_unsetup(void)
{
        int cpu;

        if (svm_sev_enabled())
                kfree(sev_asid_bitmap);

        for_each_possible_cpu(cpu)
                svm_cpu_uninit(cpu);

        __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT), IOPM_ALLOC_ORDER);
        iopm_base = 0;
}

static void init_seg(struct vmcb_seg *seg)
{
        seg->selector = 0;
        seg->attrib = SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK |
                      SVM_SELECTOR_WRITE_MASK; /* Read/Write Data Segment */
        seg->limit = 0xffff;
        seg->base = 0;
}

static void init_sys_seg(struct vmcb_seg *seg, uint32_t type)
{
        seg->selector = 0;
        seg->attrib = SVM_SELECTOR_P_MASK | type;
        seg->limit = 0xffff;
        seg->base = 0;
}

static u64 svm_read_l1_tsc_offset(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        if (is_guest_mode(vcpu))
                return svm->nested.hsave->control.tsc_offset;

        return vcpu->arch.tsc_offset;
}

static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        u64 g_tsc_offset = 0;

        if (is_guest_mode(vcpu)) {
                /* Write L1's TSC offset.  */
                g_tsc_offset = svm->vmcb->control.tsc_offset -
                               svm->nested.hsave->control.tsc_offset;
                svm->nested.hsave->control.tsc_offset = offset;
        } else
                trace_kvm_write_tsc_offset(vcpu->vcpu_id,
                                           svm->vmcb->control.tsc_offset,
                                           offset);

        svm->vmcb->control.tsc_offset = offset + g_tsc_offset;

        mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
}

static void avic_init_vmcb(struct vcpu_svm *svm)
{
        struct vmcb *vmcb = svm->vmcb;
        struct kvm_svm *kvm_svm = to_kvm_svm(svm->vcpu.kvm);
        phys_addr_t bpa = __sme_set(page_to_phys(svm->avic_backing_page));
        phys_addr_t lpa = __sme_set(page_to_phys(kvm_svm->avic_logical_id_table_page));
        phys_addr_t ppa = __sme_set(page_to_phys(kvm_svm->avic_physical_id_table_page));

        vmcb->control.avic_backing_page = bpa & AVIC_HPA_MASK;
        vmcb->control.avic_logical_id = lpa & AVIC_HPA_MASK;
        vmcb->control.avic_physical_id = ppa & AVIC_HPA_MASK;
        vmcb->control.avic_physical_id |= AVIC_MAX_PHYSICAL_ID_COUNT;
        vmcb->control.int_ctl |= AVIC_ENABLE_MASK;
}

static void init_vmcb(struct vcpu_svm *svm)
{
        struct vmcb_control_area *control = &svm->vmcb->control;
        struct vmcb_save_area *save = &svm->vmcb->save;

        svm->vcpu.arch.hflags = 0;

        set_cr_intercept(svm, INTERCEPT_CR0_READ);
        set_cr_intercept(svm, INTERCEPT_CR3_READ);
        set_cr_intercept(svm, INTERCEPT_CR4_READ);
        set_cr_intercept(svm, INTERCEPT_CR0_WRITE);
        set_cr_intercept(svm, INTERCEPT_CR3_WRITE);
        set_cr_intercept(svm, INTERCEPT_CR4_WRITE);
        if (!kvm_vcpu_apicv_active(&svm->vcpu))
                set_cr_intercept(svm, INTERCEPT_CR8_WRITE);

        set_dr_intercepts(svm);

        set_exception_intercept(svm, PF_VECTOR);
        set_exception_intercept(svm, UD_VECTOR);
        set_exception_intercept(svm, MC_VECTOR);
        set_exception_intercept(svm, AC_VECTOR);
        set_exception_intercept(svm, DB_VECTOR);
        /*
         * Guest access to VMware backdoor ports could legitimately
         * trigger #GP because of TSS I/O permission bitmap.
         * We intercept those #GP and allow access to them anyway
         * as VMware does.
         */
        if (enable_vmware_backdoor)
                set_exception_intercept(svm, GP_VECTOR);

        set_intercept(svm, INTERCEPT_INTR);
        set_intercept(svm, INTERCEPT_NMI);
        set_intercept(svm, INTERCEPT_SMI);
        set_intercept(svm, INTERCEPT_SELECTIVE_CR0);
        set_intercept(svm, INTERCEPT_RDPMC);
        set_intercept(svm, INTERCEPT_CPUID);
        set_intercept(svm, INTERCEPT_INVD);
        set_intercept(svm, INTERCEPT_INVLPG);
        set_intercept(svm, INTERCEPT_INVLPGA);
        set_intercept(svm, INTERCEPT_IOIO_PROT);
        set_intercept(svm, INTERCEPT_MSR_PROT);
        set_intercept(svm, INTERCEPT_TASK_SWITCH);
        set_intercept(svm, INTERCEPT_SHUTDOWN);
        set_intercept(svm, INTERCEPT_VMRUN);
        set_intercept(svm, INTERCEPT_VMMCALL);
        set_intercept(svm, INTERCEPT_VMLOAD);
        set_intercept(svm, INTERCEPT_VMSAVE);
        set_intercept(svm, INTERCEPT_STGI);
        set_intercept(svm, INTERCEPT_CLGI);
        set_intercept(svm, INTERCEPT_SKINIT);
        set_intercept(svm, INTERCEPT_WBINVD);
        set_intercept(svm, INTERCEPT_XSETBV);
        set_intercept(svm, INTERCEPT_RSM);

        if (!kvm_mwait_in_guest(svm->vcpu.kvm)) {
                set_intercept(svm, INTERCEPT_MONITOR);
                set_intercept(svm, INTERCEPT_MWAIT);
        }

        if (!kvm_hlt_in_guest(svm->vcpu.kvm))
                set_intercept(svm, INTERCEPT_HLT);

        control->iopm_base_pa = __sme_set(iopm_base);
        control->msrpm_base_pa = __sme_set(__pa(svm->msrpm));
        control->int_ctl = V_INTR_MASKING_MASK;

        init_seg(&save->es);
        init_seg(&save->ss);
        init_seg(&save->ds);
        init_seg(&save->fs);
        init_seg(&save->gs);

        save->cs.selector = 0xf000;
        save->cs.base = 0xffff0000;
        /* Executable/Readable Code Segment */
        save->cs.attrib = SVM_SELECTOR_READ_MASK | SVM_SELECTOR_P_MASK |
                SVM_SELECTOR_S_MASK | SVM_SELECTOR_CODE_MASK;
        save->cs.limit = 0xffff;

        save->gdtr.limit = 0xffff;
        save->idtr.limit = 0xffff;

        init_sys_seg(&save->ldtr, SEG_TYPE_LDT);
        init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16);

        svm_set_efer(&svm->vcpu, 0);
        save->dr6 = 0xffff0ff0;
        kvm_set_rflags(&svm->vcpu, 2);
        save->rip = 0x0000fff0;
        svm->vcpu.arch.regs[VCPU_REGS_RIP] = save->rip;

        /*
         * svm_set_cr0() sets PG and WP and clears NW and CD on save->cr0.
         * It also updates the guest-visible cr0 value.
         */
        svm_set_cr0(&svm->vcpu, X86_CR0_NW | X86_CR0_CD | X86_CR0_ET);
        kvm_mmu_reset_context(&svm->vcpu);

        save->cr4 = X86_CR4_PAE;
        /* rdx = ?? */

        if (npt_enabled) {
                /* Setup VMCB for Nested Paging */
                control->nested_ctl |= SVM_NESTED_CTL_NP_ENABLE;
                clr_intercept(svm, INTERCEPT_INVLPG);
                clr_exception_intercept(svm, PF_VECTOR);
                clr_cr_intercept(svm, INTERCEPT_CR3_READ);
                clr_cr_intercept(svm, INTERCEPT_CR3_WRITE);
                save->g_pat = svm->vcpu.arch.pat;
                save->cr3 = 0;
                save->cr4 = 0;
        }
        svm->asid_generation = 0;

        svm->nested.vmcb = 0;
        svm->vcpu.arch.hflags = 0;

        if (pause_filter_count) {
                control->pause_filter_count = pause_filter_count;
                if (pause_filter_thresh)
                        control->pause_filter_thresh = pause_filter_thresh;
                set_intercept(svm, INTERCEPT_PAUSE);
        } else {
                clr_intercept(svm, INTERCEPT_PAUSE);
        }

        if (kvm_vcpu_apicv_active(&svm->vcpu))
                avic_init_vmcb(svm);

        /*
         * If hardware supports Virtual VMLOAD VMSAVE then enable it
         * in VMCB and clear intercepts to avoid #VMEXIT.
         */
        if (vls) {
                clr_intercept(svm, INTERCEPT_VMLOAD);
                clr_intercept(svm, INTERCEPT_VMSAVE);
                svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
        }

        if (vgif) {
                clr_intercept(svm, INTERCEPT_STGI);
                clr_intercept(svm, INTERCEPT_CLGI);
                svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK;
        }

        if (sev_guest(svm->vcpu.kvm)) {
                svm->vmcb->control.nested_ctl |= SVM_NESTED_CTL_SEV_ENABLE;
                clr_exception_intercept(svm, UD_VECTOR);
        }

        mark_all_dirty(svm->vmcb);

        enable_gif(svm);

}

static u64 *avic_get_physical_id_entry(struct kvm_vcpu *vcpu,
                                       unsigned int index)
{
        u64 *avic_physical_id_table;
        struct kvm_svm *kvm_svm = to_kvm_svm(vcpu->kvm);

        if (index >= AVIC_MAX_PHYSICAL_ID_COUNT)
                return NULL;

        avic_physical_id_table = page_address(kvm_svm->avic_physical_id_table_page);

        return &avic_physical_id_table[index];
}

/**
 * Note:
 * AVIC hardware walks the nested page table to check permissions,
 * but does not use the SPA address specified in the leaf page
 * table entry since it uses  address in the AVIC_BACKING_PAGE pointer
 * field of the VMCB. Therefore, we set up the
 * APIC_ACCESS_PAGE_PRIVATE_MEMSLOT (4KB) here.
 */
static int avic_init_access_page(struct kvm_vcpu *vcpu)
{
        struct kvm *kvm = vcpu->kvm;
        int ret;

        if (kvm->arch.apic_access_page_done)
                return 0;

        ret = x86_set_memory_region(kvm,
                                    APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
                                    APIC_DEFAULT_PHYS_BASE,
                                    PAGE_SIZE);
        if (ret)
                return ret;

        kvm->arch.apic_access_page_done = true;
        return 0;
}

static int avic_init_backing_page(struct kvm_vcpu *vcpu)
{
        int ret;
        u64 *entry, new_entry;
        int id = vcpu->vcpu_id;
        struct vcpu_svm *svm = to_svm(vcpu);

        ret = avic_init_access_page(vcpu);
        if (ret)
                return ret;

        if (id >= AVIC_MAX_PHYSICAL_ID_COUNT)
                return -EINVAL;

        if (!svm->vcpu.arch.apic->regs)
                return -EINVAL;

        svm->avic_backing_page = virt_to_page(svm->vcpu.arch.apic->regs);

        /* Setting AVIC backing page address in the phy APIC ID table */
        entry = avic_get_physical_id_entry(vcpu, id);
        if (!entry)
                return -EINVAL;

        new_entry = READ_ONCE(*entry);
        new_entry = __sme_set((page_to_phys(svm->avic_backing_page) &
                              AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK) |
                              AVIC_PHYSICAL_ID_ENTRY_VALID_MASK);
        WRITE_ONCE(*entry, new_entry);

        svm->avic_physical_id_cache = entry;

        return 0;
}

static void __sev_asid_free(int asid)
{
        struct svm_cpu_data *sd;
        int cpu, pos;

        pos = asid - 1;
        clear_bit(pos, sev_asid_bitmap);

        for_each_possible_cpu(cpu) {
                sd = per_cpu(svm_data, cpu);
                sd->sev_vmcbs[pos] = NULL;
        }
}

static void sev_asid_free(struct kvm *kvm)
{
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;

        __sev_asid_free(sev->asid);
}

static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
{
        struct sev_data_decommission *decommission;
        struct sev_data_deactivate *data;

        if (!handle)
                return;

        data = kzalloc(sizeof(*data), GFP_KERNEL);
        if (!data)
                return;

        /* deactivate handle */
        data->handle = handle;
        sev_guest_deactivate(data, NULL);

        wbinvd_on_all_cpus();
        sev_guest_df_flush(NULL);
        kfree(data);

        decommission = kzalloc(sizeof(*decommission), GFP_KERNEL);
        if (!decommission)
                return;

        /* decommission handle */
        decommission->handle = handle;
        sev_guest_decommission(decommission, NULL);

        kfree(decommission);
}

static struct page **sev_pin_memory(struct kvm *kvm, unsigned long uaddr,
                                    unsigned long ulen, unsigned long *n,
                                    int write)
{
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
        unsigned long npages, npinned, size;
        unsigned long locked, lock_limit;
        struct page **pages;
        int first, last;

        /* Calculate number of pages. */
        first = (uaddr & PAGE_MASK) >> PAGE_SHIFT;
        last = ((uaddr + ulen - 1) & PAGE_MASK) >> PAGE_SHIFT;
        npages = (last - first + 1);

        locked = sev->pages_locked + npages;
        lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
        if (locked > lock_limit && !capable(CAP_IPC_LOCK)) {
                pr_err("SEV: %lu locked pages exceed the lock limit of %lu.\n", locked, lock_limit);
                return NULL;
        }

        /* Avoid using vmalloc for smaller buffers. */
        size = npages * sizeof(struct page *);
        if (size > PAGE_SIZE)
                pages = vmalloc(size);
        else
                pages = kmalloc(size, GFP_KERNEL);

        if (!pages)
                return NULL;

        /* Pin the user virtual address. */
        npinned = get_user_pages_fast(uaddr, npages, write ? FOLL_WRITE : 0, pages);
        if (npinned != npages) {
                pr_err("SEV: Failure locking %lu pages.\n", npages);
                goto err;
        }

        *n = npages;
        sev->pages_locked = locked;

        return pages;

err:
        if (npinned > 0)
                release_pages(pages, npinned);

        kvfree(pages);
        return NULL;
}

static void sev_unpin_memory(struct kvm *kvm, struct page **pages,
                             unsigned long npages)
{
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;

        release_pages(pages, npages);
        kvfree(pages);
        sev->pages_locked -= npages;
}

static void sev_clflush_pages(struct page *pages[], unsigned long npages)
{
        uint8_t *page_virtual;
        unsigned long i;

        if (npages == 0 || pages == NULL)
                return;

        for (i = 0; i < npages; i++) {
                page_virtual = kmap_atomic(pages[i]);
                clflush_cache_range(page_virtual, PAGE_SIZE);
                kunmap_atomic(page_virtual);
        }
}

static void __unregister_enc_region_locked(struct kvm *kvm,
                                           struct enc_region *region)
{
        /*
         * The guest may change the memory encryption attribute from C=0 -> C=1
         * or vice versa for this memory range. Lets make sure caches are
         * flushed to ensure that guest data gets written into memory with
         * correct C-bit.
         */
        sev_clflush_pages(region->pages, region->npages);

        sev_unpin_memory(kvm, region->pages, region->npages);
        list_del(&region->list);
        kfree(region);
}

static struct kvm *svm_vm_alloc(void)
{
        struct kvm_svm *kvm_svm = kzalloc(sizeof(struct kvm_svm), GFP_KERNEL);
        return &kvm_svm->kvm;
}

static void svm_vm_free(struct kvm *kvm)
{
        kfree(to_kvm_svm(kvm));
}

static void sev_vm_destroy(struct kvm *kvm)
{
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
        struct list_head *head = &sev->regions_list;
        struct list_head *pos, *q;

        if (!sev_guest(kvm))
                return;

        mutex_lock(&kvm->lock);

        /*
         * if userspace was terminated before unregistering the memory regions
         * then lets unpin all the registered memory.
         */
        if (!list_empty(head)) {
                list_for_each_safe(pos, q, head) {
                        __unregister_enc_region_locked(kvm,
                                list_entry(pos, struct enc_region, list));
                }
        }

        mutex_unlock(&kvm->lock);

        sev_unbind_asid(kvm, sev->handle);
        sev_asid_free(kvm);
}

static void avic_vm_destroy(struct kvm *kvm)
{
        unsigned long flags;
        struct kvm_svm *kvm_svm = to_kvm_svm(kvm);

        if (!avic)
                return;

        if (kvm_svm->avic_logical_id_table_page)
                __free_page(kvm_svm->avic_logical_id_table_page);
        if (kvm_svm->avic_physical_id_table_page)
                __free_page(kvm_svm->avic_physical_id_table_page);

        spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
        hash_del(&kvm_svm->hnode);
        spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);
}

static void svm_vm_destroy(struct kvm *kvm)
{
        avic_vm_destroy(kvm);
        sev_vm_destroy(kvm);
}

static int avic_vm_init(struct kvm *kvm)
{
        unsigned long flags;
        int err = -ENOMEM;
        struct kvm_svm *kvm_svm = to_kvm_svm(kvm);
        struct kvm_svm *k2;
        struct page *p_page;
        struct page *l_page;
        u32 vm_id;

        if (!avic)
                return 0;

        /* Allocating physical APIC ID table (4KB) */
        p_page = alloc_page(GFP_KERNEL);
        if (!p_page)
                goto free_avic;

        kvm_svm->avic_physical_id_table_page = p_page;
        clear_page(page_address(p_page));

        /* Allocating logical APIC ID table (4KB) */
        l_page = alloc_page(GFP_KERNEL);
        if (!l_page)
                goto free_avic;

        kvm_svm->avic_logical_id_table_page = l_page;
        clear_page(page_address(l_page));

        spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
 again:
        vm_id = next_vm_id = (next_vm_id + 1) & AVIC_VM_ID_MASK;
        if (vm_id == 0) { /* id is 1-based, zero is not okay */
                next_vm_id_wrapped = 1;
                goto again;
        }
        /* Is it still in use? Only possible if wrapped at least once */
        if (next_vm_id_wrapped) {
                hash_for_each_possible(svm_vm_data_hash, k2, hnode, vm_id) {
                        if (k2->avic_vm_id == vm_id)
                                goto again;
                }
        }
        kvm_svm->avic_vm_id = vm_id;
        hash_add(svm_vm_data_hash, &kvm_svm->hnode, kvm_svm->avic_vm_id);
        spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);

        return 0;

free_avic:
        avic_vm_destroy(kvm);
        return err;
}

static inline int
avic_update_iommu_vcpu_affinity(struct kvm_vcpu *vcpu, int cpu, bool r)
{
        int ret = 0;
        unsigned long flags;
        struct amd_svm_iommu_ir *ir;
        struct vcpu_svm *svm = to_svm(vcpu);

        if (!kvm_arch_has_assigned_device(vcpu->kvm))
                return 0;

        /*
         * Here, we go through the per-vcpu ir_list to update all existing
         * interrupt remapping table entry targeting this vcpu.
         */
        spin_lock_irqsave(&svm->ir_list_lock, flags);

        if (list_empty(&svm->ir_list))
                goto out;

        list_for_each_entry(ir, &svm->ir_list, node) {
                ret = amd_iommu_update_ga(cpu, r, ir->data);
                if (ret)
                        break;
        }
out:
        spin_unlock_irqrestore(&svm->ir_list_lock, flags);
        return ret;

}

static void avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
{
        u64 entry;
        /* ID = 0xff (broadcast), ID > 0xff (reserved) */
        int h_physical_id = kvm_cpu_get_apicid(cpu);
        struct vcpu_svm *svm = to_svm(vcpu);

        if (!kvm_vcpu_apicv_active(vcpu))
                return;

        if (WARN_ON(h_physical_id >= AVIC_MAX_PHYSICAL_ID_COUNT))
                return;

        entry = READ_ONCE(*(svm->avic_physical_id_cache));
        WARN_ON(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);

        entry &= ~AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK;
        entry |= (h_physical_id & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK);

        entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
        if (svm->avic_is_running)
                entry |= AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;

        WRITE_ONCE(*(svm->avic_physical_id_cache), entry);
        avic_update_iommu_vcpu_affinity(vcpu, h_physical_id,
                                        svm->avic_is_running);
}

static void avic_vcpu_put(struct kvm_vcpu *vcpu)
{
        u64 entry;
        struct vcpu_svm *svm = to_svm(vcpu);

        if (!kvm_vcpu_apicv_active(vcpu))
                return;

        entry = READ_ONCE(*(svm->avic_physical_id_cache));
        if (entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK)
                avic_update_iommu_vcpu_affinity(vcpu, -1, 0);

        entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
        WRITE_ONCE(*(svm->avic_physical_id_cache), entry);
}

/**
 * This function is called during VCPU halt/unhalt.
 */
static void avic_set_running(struct kvm_vcpu *vcpu, bool is_run)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        svm->avic_is_running = is_run;
        if (is_run)
                avic_vcpu_load(vcpu, vcpu->cpu);
        else
                avic_vcpu_put(vcpu);
}

static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        u32 dummy;
        u32 eax = 1;

        vcpu->arch.microcode_version = 0x01000065;
        svm->spec_ctrl = 0;
        svm->virt_spec_ctrl = 0;

        if (!init_event) {
                svm->vcpu.arch.apic_base = APIC_DEFAULT_PHYS_BASE |
                                           MSR_IA32_APICBASE_ENABLE;
                if (kvm_vcpu_is_reset_bsp(&svm->vcpu))
                        svm->vcpu.arch.apic_base |= MSR_IA32_APICBASE_BSP;
        }
        init_vmcb(svm);

        kvm_cpuid(vcpu, &eax, &dummy, &dummy, &dummy, true);
        kvm_register_write(vcpu, VCPU_REGS_RDX, eax);

        if (kvm_vcpu_apicv_active(vcpu) && !init_event)
                avic_update_vapic_bar(svm, APIC_DEFAULT_PHYS_BASE);
}

static int avic_init_vcpu(struct vcpu_svm *svm)
{
        int ret;

        if (!kvm_vcpu_apicv_active(&svm->vcpu))
                return 0;

        ret = avic_init_backing_page(&svm->vcpu);
        if (ret)
                return ret;

        INIT_LIST_HEAD(&svm->ir_list);
        spin_lock_init(&svm->ir_list_lock);

        return ret;
}

static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id)
{
        struct vcpu_svm *svm;
        struct page *page;
        struct page *msrpm_pages;
        struct page *hsave_page;
        struct page *nested_msrpm_pages;
        int err;

        svm = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
        if (!svm) {
                err = -ENOMEM;
                goto out;
        }

        err = kvm_vcpu_init(&svm->vcpu, kvm, id);
        if (err)
                goto free_svm;

        err = -ENOMEM;
        page = alloc_page(GFP_KERNEL);
        if (!page)
                goto uninit;

        msrpm_pages = alloc_pages(GFP_KERNEL, MSRPM_ALLOC_ORDER);
        if (!msrpm_pages)
                goto free_page1;

        nested_msrpm_pages = alloc_pages(GFP_KERNEL, MSRPM_ALLOC_ORDER);
        if (!nested_msrpm_pages)
                goto free_page2;

        hsave_page = alloc_page(GFP_KERNEL);
        if (!hsave_page)
                goto free_page3;

        err = avic_init_vcpu(svm);
        if (err)
                goto free_page4;

        /* We initialize this flag to true to make sure that the is_running
         * bit would be set the first time the vcpu is loaded.
         */
        svm->avic_is_running = true;

        svm->nested.hsave = page_address(hsave_page);

        svm->msrpm = page_address(msrpm_pages);
        svm_vcpu_init_msrpm(svm->msrpm);

        svm->nested.msrpm = page_address(nested_msrpm_pages);
        svm_vcpu_init_msrpm(svm->nested.msrpm);

        svm->vmcb = page_address(page);
        clear_page(svm->vmcb);
        svm->vmcb_pa = __sme_set(page_to_pfn(page) << PAGE_SHIFT);
        svm->asid_generation = 0;
        init_vmcb(svm);

        svm_init_osvw(&svm->vcpu);

        return &svm->vcpu;

free_page4:
        __free_page(hsave_page);
free_page3:
        __free_pages(nested_msrpm_pages, MSRPM_ALLOC_ORDER);
free_page2:
        __free_pages(msrpm_pages, MSRPM_ALLOC_ORDER);
free_page1:
        __free_page(page);
uninit:
        kvm_vcpu_uninit(&svm->vcpu);
free_svm:
        kmem_cache_free(kvm_vcpu_cache, svm);
out:
        return ERR_PTR(err);
}

static void svm_free_vcpu(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT));
        __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER);
        __free_page(virt_to_page(svm->nested.hsave));
        __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
        kvm_vcpu_uninit(vcpu);
        kmem_cache_free(kvm_vcpu_cache, svm);
        /*
         * The vmcb page can be recycled, causing a false negative in
         * svm_vcpu_load(). So do a full IBPB now.
         */
        indirect_branch_prediction_barrier();
}

static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
        int i;

        if (unlikely(cpu != vcpu->cpu)) {
                svm->asid_generation = 0;
                mark_all_dirty(svm->vmcb);
        }

#ifdef CONFIG_X86_64
        rdmsrl(MSR_GS_BASE, to_svm(vcpu)->host.gs_base);
#endif
        savesegment(fs, svm->host.fs);
        savesegment(gs, svm->host.gs);
        svm->host.ldt = kvm_read_ldt();

        for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
                rdmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);

        if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
                u64 tsc_ratio = vcpu->arch.tsc_scaling_ratio;
                if (tsc_ratio != __this_cpu_read(current_tsc_ratio)) {
                        __this_cpu_write(current_tsc_ratio, tsc_ratio);
                        wrmsrl(MSR_AMD64_TSC_RATIO, tsc_ratio);
                }
        }
        /* This assumes that the kernel never uses MSR_TSC_AUX */
        if (static_cpu_has(X86_FEATURE_RDTSCP))
                wrmsrl(MSR_TSC_AUX, svm->tsc_aux);

        if (sd->current_vmcb != svm->vmcb) {
                sd->current_vmcb = svm->vmcb;
                indirect_branch_prediction_barrier();
        }
        avic_vcpu_load(vcpu, cpu);
}

static void svm_vcpu_put(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        int i;

        avic_vcpu_put(vcpu);

        ++vcpu->stat.host_state_reload;
        kvm_load_ldt(svm->host.ldt);
#ifdef CONFIG_X86_64
        loadsegment(fs, svm->host.fs);
        wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gsbase);
        load_gs_index(svm->host.gs);
#else
#ifdef CONFIG_X86_32_LAZY_GS
        loadsegment(gs, svm->host.gs);
#endif
#endif
        for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
                wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
}

static void svm_vcpu_blocking(struct kvm_vcpu *vcpu)
{
        avic_set_running(vcpu, false);
}

static void svm_vcpu_unblocking(struct kvm_vcpu *vcpu)
{
        avic_set_running(vcpu, true);
}

static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        unsigned long rflags = svm->vmcb->save.rflags;

        if (svm->nmi_singlestep) {
                /* Hide our flags if they were not set by the guest */
                if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
                        rflags &= ~X86_EFLAGS_TF;
                if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
                        rflags &= ~X86_EFLAGS_RF;
        }
        return rflags;
}

static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
{
        if (to_svm(vcpu)->nmi_singlestep)
                rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);

       /*
        * Any change of EFLAGS.VM is accompanied by a reload of SS
        * (caused by either a task switch or an inter-privilege IRET),
        * so we do not need to update the CPL here.
        */
        to_svm(vcpu)->vmcb->save.rflags = rflags;
}

static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
{
        switch (reg) {
        case VCPU_EXREG_PDPTR:
                BUG_ON(!npt_enabled);
                load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
                break;
        default:
                BUG();
        }
}

static void svm_set_vintr(struct vcpu_svm *svm)
{
        set_intercept(svm, INTERCEPT_VINTR);
}

static void svm_clear_vintr(struct vcpu_svm *svm)
{
        clr_intercept(svm, INTERCEPT_VINTR);
}

static struct vmcb_seg *svm_seg(struct kvm_vcpu *vcpu, int seg)
{
        struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;

        switch (seg) {
        case VCPU_SREG_CS: return &save->cs;
        case VCPU_SREG_DS: return &save->ds;
        case VCPU_SREG_ES: return &save->es;
        case VCPU_SREG_FS: return &save->fs;
        case VCPU_SREG_GS: return &save->gs;
        case VCPU_SREG_SS: return &save->ss;
        case VCPU_SREG_TR: return &save->tr;
        case VCPU_SREG_LDTR: return &save->ldtr;
        }
        BUG();
        return NULL;
}

static u64 svm_get_segment_base(struct kvm_vcpu *vcpu, int seg)
{
        struct vmcb_seg *s = svm_seg(vcpu, seg);

        return s->base;
}

static void svm_get_segment(struct kvm_vcpu *vcpu,
                            struct kvm_segment *var, int seg)
{
        struct vmcb_seg *s = svm_seg(vcpu, seg);

        var->base = s->base;
        var->limit = s->limit;
        var->selector = s->selector;
        var->type = s->attrib & SVM_SELECTOR_TYPE_MASK;
        var->s = (s->attrib >> SVM_SELECTOR_S_SHIFT) & 1;
        var->dpl = (s->attrib >> SVM_SELECTOR_DPL_SHIFT) & 3;
        var->present = (s->attrib >> SVM_SELECTOR_P_SHIFT) & 1;
        var->avl = (s->attrib >> SVM_SELECTOR_AVL_SHIFT) & 1;
        var->l = (s->attrib >> SVM_SELECTOR_L_SHIFT) & 1;
        var->db = (s->attrib >> SVM_SELECTOR_DB_SHIFT) & 1;

        /*
         * AMD CPUs circa 2014 track the G bit for all segments except CS.
         * However, the SVM spec states that the G bit is not observed by the
         * CPU, and some VMware virtual CPUs drop the G bit for all segments.
         * So let's synthesize a legal G bit for all segments, this helps
         * running KVM nested. It also helps cross-vendor migration, because
         * Intel's vmentry has a check on the 'G' bit.
         */
        var->g = s->limit > 0xfffff;

        /*
         * AMD's VMCB does not have an explicit unusable field, so emulate it
         * for cross vendor migration purposes by "not present"
         */
        var->unusable = !var->present;

        switch (seg) {
        case VCPU_SREG_TR:
                /*
                 * Work around a bug where the busy flag in the tr selector
                 * isn't exposed
                 */
                var->type |= 0x2;
                break;
        case VCPU_SREG_DS:
        case VCPU_SREG_ES:
        case VCPU_SREG_FS:
        case VCPU_SREG_GS:
                /*
                 * The accessed bit must always be set in the segment
                 * descriptor cache, although it can be cleared in the
                 * descriptor, the cached bit always remains at 1. Since
                 * Intel has a check on this, set it here to support
                 * cross-vendor migration.
                 */
                if (!var->unusable)
                        var->type |= 0x1;
                break;
        case VCPU_SREG_SS:
                /*
                 * On AMD CPUs sometimes the DB bit in the segment
                 * descriptor is left as 1, although the whole segment has
                 * been made unusable. Clear it here to pass an Intel VMX
                 * entry check when cross vendor migrating.
                 */
                if (var->unusable)
                        var->db = 0;
                /* This is symmetric with svm_set_segment() */
                var->dpl = to_svm(vcpu)->vmcb->save.cpl;
                break;
        }
}

static int svm_get_cpl(struct kvm_vcpu *vcpu)
{
        struct vmcb_save_area *save = &to_svm(vcpu)->vmcb->save;

        return save->cpl;
}

static void svm_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        dt->size = svm->vmcb->save.idtr.limit;
        dt->address = svm->vmcb->save.idtr.base;
}

static void svm_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        svm->vmcb->save.idtr.limit = dt->size;
        svm->vmcb->save.idtr.base = dt->address ;
        mark_dirty(svm->vmcb, VMCB_DT);
}

static void svm_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        dt->size = svm->vmcb->save.gdtr.limit;
        dt->address = svm->vmcb->save.gdtr.base;
}

static void svm_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        svm->vmcb->save.gdtr.limit = dt->size;
        svm->vmcb->save.gdtr.base = dt->address ;
        mark_dirty(svm->vmcb, VMCB_DT);
}

static void svm_decache_cr0_guest_bits(struct kvm_vcpu *vcpu)
{
}

static void svm_decache_cr3(struct kvm_vcpu *vcpu)
{
}

static void svm_decache_cr4_guest_bits(struct kvm_vcpu *vcpu)
{
}

static void update_cr0_intercept(struct vcpu_svm *svm)
{
        ulong gcr0 = svm->vcpu.arch.cr0;
        u64 *hcr0 = &svm->vmcb->save.cr0;

        *hcr0 = (*hcr0 & ~SVM_CR0_SELECTIVE_MASK)
                | (gcr0 & SVM_CR0_SELECTIVE_MASK);

        mark_dirty(svm->vmcb, VMCB_CR);

        if (gcr0 == *hcr0) {
                clr_cr_intercept(svm, INTERCEPT_CR0_READ);
                clr_cr_intercept(svm, INTERCEPT_CR0_WRITE);
        } else {
                set_cr_intercept(svm, INTERCEPT_CR0_READ);
                set_cr_intercept(svm, INTERCEPT_CR0_WRITE);
        }
}

static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
{
        struct vcpu_svm *svm = to_svm(vcpu);

#ifdef CONFIG_X86_64
        if (vcpu->arch.efer & EFER_LME) {
                if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
                        vcpu->arch.efer |= EFER_LMA;
                        svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
                }

                if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
                        vcpu->arch.efer &= ~EFER_LMA;
                        svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
                }
        }
#endif
        vcpu->arch.cr0 = cr0;

        if (!npt_enabled)
                cr0 |= X86_CR0_PG | X86_CR0_WP;

        /*
         * re-enable caching here because the QEMU bios
         * does not do it - this results in some delay at
         * reboot
         */
        if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED))
                cr0 &= ~(X86_CR0_CD | X86_CR0_NW);
        svm->vmcb->save.cr0 = cr0;
        mark_dirty(svm->vmcb, VMCB_CR);
        update_cr0_intercept(svm);
}

static int svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
{
        unsigned long host_cr4_mce = cr4_read_shadow() & X86_CR4_MCE;
        unsigned long old_cr4 = to_svm(vcpu)->vmcb->save.cr4;

        if (cr4 & X86_CR4_VMXE)
                return 1;

        if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
                svm_flush_tlb(vcpu, true);

        vcpu->arch.cr4 = cr4;
        if (!npt_enabled)
                cr4 |= X86_CR4_PAE;
        cr4 |= host_cr4_mce;
        to_svm(vcpu)->vmcb->save.cr4 = cr4;
        mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
        return 0;
}

static void svm_set_segment(struct kvm_vcpu *vcpu,
                            struct kvm_segment *var, int seg)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        struct vmcb_seg *s = svm_seg(vcpu, seg);

        s->base = var->base;
        s->limit = var->limit;
        s->selector = var->selector;
        s->attrib = (var->type & SVM_SELECTOR_TYPE_MASK);
        s->attrib |= (var->s & 1) << SVM_SELECTOR_S_SHIFT;
        s->attrib |= (var->dpl & 3) << SVM_SELECTOR_DPL_SHIFT;
        s->attrib |= ((var->present & 1) && !var->unusable) << SVM_SELECTOR_P_SHIFT;
        s->attrib |= (var->avl & 1) << SVM_SELECTOR_AVL_SHIFT;
        s->attrib |= (var->l & 1) << SVM_SELECTOR_L_SHIFT;
        s->attrib |= (var->db & 1) << SVM_SELECTOR_DB_SHIFT;
        s->attrib |= (var->g & 1) << SVM_SELECTOR_G_SHIFT;

        /*
         * This is always accurate, except if SYSRET returned to a segment
         * with SS.DPL != 3.  Intel does not have this quirk, and always
         * forces SS.DPL to 3 on sysret, so we ignore that case; fixing it
         * would entail passing the CPL to userspace and back.
         */
        if (seg == VCPU_SREG_SS)
                /* This is symmetric with svm_get_segment() */
                svm->vmcb->save.cpl = (var->dpl & 3);

        mark_dirty(svm->vmcb, VMCB_SEG);
}

static void update_bp_intercept(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        clr_exception_intercept(svm, BP_VECTOR);

        if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
                if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
                        set_exception_intercept(svm, BP_VECTOR);
        } else
                vcpu->guest_debug = 0;
}

static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd)
{
        if (sd->next_asid > sd->max_asid) {
                ++sd->asid_generation;
                sd->next_asid = sd->min_asid;
                svm->vmcb->control.tlb_ctl = TLB_CONTROL_FLUSH_ALL_ASID;
        }

        svm->asid_generation = sd->asid_generation;
        svm->vmcb->control.asid = sd->next_asid++;

        mark_dirty(svm->vmcb, VMCB_ASID);
}

static u64 svm_get_dr6(struct kvm_vcpu *vcpu)
{
        return to_svm(vcpu)->vmcb->save.dr6;
}

static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        svm->vmcb->save.dr6 = value;
        mark_dirty(svm->vmcb, VMCB_DR);
}

static void svm_sync_dirty_debug_regs(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        get_debugreg(vcpu->arch.db[0], 0);
        get_debugreg(vcpu->arch.db[1], 1);
        get_debugreg(vcpu->arch.db[2], 2);
        get_debugreg(vcpu->arch.db[3], 3);
        vcpu->arch.dr6 = svm_get_dr6(vcpu);
        vcpu->arch.dr7 = svm->vmcb->save.dr7;

        vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_WONT_EXIT;
        set_dr_intercepts(svm);
}

static void svm_set_dr7(struct kvm_vcpu *vcpu, unsigned long value)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        svm->vmcb->save.dr7 = value;
        mark_dirty(svm->vmcb, VMCB_DR);
}

static int pf_interception(struct vcpu_svm *svm)
{
        u64 fault_address = __sme_clr(svm->vmcb->control.exit_info_2);
        u64 error_code = svm->vmcb->control.exit_info_1;

        return kvm_handle_page_fault(&svm->vcpu, error_code, fault_address,
                        static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
                        svm->vmcb->control.insn_bytes : NULL,
                        svm->vmcb->control.insn_len);
}

static int npf_interception(struct vcpu_svm *svm)
{
        u64 fault_address = __sme_clr(svm->vmcb->control.exit_info_2);
        u64 error_code = svm->vmcb->control.exit_info_1;

        trace_kvm_page_fault(fault_address, error_code);
        return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code,
                        static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
                        svm->vmcb->control.insn_bytes : NULL,
                        svm->vmcb->control.insn_len);
}

static int db_interception(struct vcpu_svm *svm)
{
        struct kvm_run *kvm_run = svm->vcpu.run;

        if (!(svm->vcpu.guest_debug &
              (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
                !svm->nmi_singlestep) {
                kvm_queue_exception(&svm->vcpu, DB_VECTOR);
                return 1;
        }

        if (svm->nmi_singlestep) {
                disable_nmi_singlestep(svm);
        }

        if (svm->vcpu.guest_debug &
            (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) {
                kvm_run->exit_reason = KVM_EXIT_DEBUG;
                kvm_run->debug.arch.pc =
                        svm->vmcb->save.cs.base + svm->vmcb->save.rip;
                kvm_run->debug.arch.exception = DB_VECTOR;
                return 0;
        }

        return 1;
}

static int bp_interception(struct vcpu_svm *svm)
{
        struct kvm_run *kvm_run = svm->vcpu.run;

        kvm_run->exit_reason = KVM_EXIT_DEBUG;
        kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
        kvm_run->debug.arch.exception = BP_VECTOR;
        return 0;
}

static int ud_interception(struct vcpu_svm *svm)
{
        return handle_ud(&svm->vcpu);
}

static int ac_interception(struct vcpu_svm *svm)
{
        kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
        return 1;
}

static int gp_interception(struct vcpu_svm *svm)
{
        struct kvm_vcpu *vcpu = &svm->vcpu;
        u32 error_code = svm->vmcb->control.exit_info_1;
        int er;

        WARN_ON_ONCE(!enable_vmware_backdoor);

        er = emulate_instruction(vcpu,
                EMULTYPE_VMWARE | EMULTYPE_NO_UD_ON_FAIL);
        if (er == EMULATE_USER_EXIT)
                return 0;
        else if (er != EMULATE_DONE)
                kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
        return 1;
}

static bool is_erratum_383(void)
{
        int err, i;
        u64 value;

        if (!erratum_383_found)
                return false;

        value = native_read_msr_safe(MSR_IA32_MC0_STATUS, &err);
        if (err)
                return false;

        /* Bit 62 may or may not be set for this mce */
        value &= ~(1ULL << 62);

        if (value != 0xb600000000010015ULL)
                return false;

        /* Clear MCi_STATUS registers */
        for (i = 0; i < 6; ++i)
                native_write_msr_safe(MSR_IA32_MCx_STATUS(i), 0, 0);

        value = native_read_msr_safe(MSR_IA32_MCG_STATUS, &err);
        if (!err) {
                u32 low, high;

                value &= ~(1ULL << 2);
                low    = lower_32_bits(value);
                high   = upper_32_bits(value);

                native_write_msr_safe(MSR_IA32_MCG_STATUS, low, high);
        }

        /* Flush tlb to evict multi-match entries */
        __flush_tlb_all();

        return true;
}

static void svm_handle_mce(struct vcpu_svm *svm)
{
        if (is_erratum_383()) {
                /*
                 * Erratum 383 triggered. Guest state is corrupt so kill the
                 * guest.
                 */
                pr_err("KVM: Guest triggered AMD Erratum 383\n");

                kvm_make_request(KVM_REQ_TRIPLE_FAULT, &svm->vcpu);

                return;
        }

        /*
         * On an #MC intercept the MCE handler is not called automatically in
         * the host. So do it by hand here.
         */
        asm volatile (
                "int $0x12\n");
        /* not sure if we ever come back to this point */

        return;
}

static int mc_interception(struct vcpu_svm *svm)
{
        return 1;
}

static int shutdown_interception(struct vcpu_svm *svm)
{
        struct kvm_run *kvm_run = svm->vcpu.run;

        /*
         * VMCB is undefined after a SHUTDOWN intercept
         * so reinitialize it.
         */
        clear_page(svm->vmcb);
        init_vmcb(svm);

        kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
        return 0;
}

static int io_interception(struct vcpu_svm *svm)
{
        struct kvm_vcpu *vcpu = &svm->vcpu;
        u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
        int size, in, string;
        unsigned port;

        ++svm->vcpu.stat.io_exits;
        string = (io_info & SVM_IOIO_STR_MASK) != 0;
        in = (io_info & SVM_IOIO_TYPE_MASK) != 0;
        if (string)
                return emulate_instruction(vcpu, 0) == EMULATE_DONE;

        port = io_info >> 16;
        size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
        svm->next_rip = svm->vmcb->control.exit_info_2;

        return kvm_fast_pio(&svm->vcpu, size, port, in);
}

static int nmi_interception(struct vcpu_svm *svm)
{
        return 1;
}

static int intr_interception(struct vcpu_svm *svm)
{
        ++svm->vcpu.stat.irq_exits;
        return 1;
}

static int nop_on_interception(struct vcpu_svm *svm)
{
        return 1;
}

static int halt_interception(struct vcpu_svm *svm)
{
        svm->next_rip = kvm_rip_read(&svm->vcpu) + 1;
        return kvm_emulate_halt(&svm->vcpu);
}

static int vmmcall_interception(struct vcpu_svm *svm)
{
        svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
        return kvm_emulate_hypercall(&svm->vcpu);
}

static unsigned long nested_svm_get_tdp_cr3(struct kvm_vcpu *vcpu)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        return svm->nested.nested_cr3;
}

static u64 nested_svm_get_tdp_pdptr(struct kvm_vcpu *vcpu, int index)
{
        struct vcpu_svm *svm = to_svm(vcpu);
        u64 cr3 = svm->nested.nested_cr3;
        u64 pdpte;
        int ret;

        ret = kvm_vcpu_read_guest_page(vcpu, gpa_to_gfn(__sme_clr(cr3)), &pdpte,
                                       offset_in_page(cr3) + index * 8, 8);
        if (ret)
                return 0;
        return pdpte;
}

static void nested_svm_set_tdp_cr3(struct kvm_vcpu *vcpu,
                                   unsigned long root)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        svm->vmcb->control.nested_cr3 = __sme_set(root);
        mark_dirty(svm->vmcb, VMCB_NPT);
        svm_flush_tlb(vcpu, true);
}

static void nested_svm_inject_npf_exit(struct kvm_vcpu *vcpu,
                                       struct x86_exception *fault)
{
        struct vcpu_svm *svm = to_svm(vcpu);

        if (svm->vmcb->control.exit_code != SVM_EXIT_NPF) {
                /*
                 * TODO: track the cause of the nested page fault, and
                 * correctly fill in the high bits of exit_info_1.
                 */
                svm->vmcb->control.exit_code = SVM_EXIT_NPF;
                svm->vmcb->control.exit_code_hi = 0;
                svm->vmcb->control.exit_info_1 = (1ULL << 32);
                svm->vmcb->control.exit_info_2 = fault->address;
        }

        svm->vmcb->control.exit_info_1 &= ~0xffffffffULL;
        svm->vmcb->control.exit_info_1 |= fault->error_code;

        /*
         * The present bit is always zero for page structure faults on real
         * hardware.
         */
        if (svm->vmcb->control.exit_info_1 & (2ULL << 32))
                svm->vmcb->control.exit_info_1 &= ~1;

        nested_svm_vmexit(svm);
}

static void nested_svm_init_mmu_context(struct kvm_vcpu *vcpu)
{
        WARN_ON(mmu_is_nested(vcpu));
        kvm_init_shadow_mmu(vcpu);
        vcpu->arch.mmu.set_cr3           = nested_svm_set_tdp_cr3;
        vcpu->arch.mmu.get_cr3           = nested_svm_get_tdp_cr3;
        vcpu->arch.mmu.get_pdptr         = nested_svm_get_tdp_pdptr;
        vcpu->arch.mmu.inject_page_fault = nested_svm_inject_npf_exit;
        vcpu->arch.mmu.shadow_root_level = get_npt_level(vcpu);
        reset_shadow_zero_bits_mask(vcpu, &vcpu->arch.mmu);
        vcpu->arch.walk_mmu              = &vcpu->arch.nested_mmu;
}

static void nested_svm_uninit_mmu_context(struct kvm_vcpu *vcpu)
{
        vcpu->arch.walk_mmu = &vcpu->arch.mmu;
}

static int nested_svm_check_permissions(struct vcpu_svm *svm)
{
        if (!(svm->vcpu.arch.efer & EFER_SVME) ||
            !is_paging(&svm->vcpu)) {
                kvm_queue_exception(&svm->vcpu, UD_VECTOR);
                return 1;
        }

        if (svm->vmcb->save.cpl) {
                kvm_inject_gp(&svm->vcpu, 0);
                return 1;
        }

        return 0;
}

static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
                                      bool has_error_code, u32 error_code)
{
        int vmexit;

        if (!is_guest_mode(&svm->vcpu))
                return 0;

        vmexit = nested_svm_intercept(svm);
        if (vmexit != NESTED_EXIT_DONE)
                return 0;

        svm->vmcb->control.exit_code = SVM_EXIT_EXCP_BASE + nr;
        svm->vmcb->control.exit_code_hi = 0;
        svm->vmcb->control.exit_info_1 = error_code;

        /*
         * FIXME: we should not write CR2 when L1 intercepts an L2 #PF exception.
         * The fix is to add the ancillary datum (CR2 or DR6) to structs
         * kvm_queued_exception and kvm_vcpu_events, so that CR2 and DR6 can be
         * written only when inject_pending_event runs (DR6 would written here
         * too).  This should be conditional on a new capability---if the
         * capability is disabled, kvm_multiple_exception would write the
         * ancillary information to CR2 or DR6, for backwards ABI-compatibility.
         */
        if (svm->vcpu.arch.exception.nested_apf)
                svm->vmcb->control.exit_info_2 = svm->vcpu.arch.apf.nested_apf_token;
        else
                svm->vmcb->control.exit_info_2 = svm->vcpu.arch.cr2;

        svm->nested.exit_required = true;
        return vmexit;
}

/* This function returns true if it is save to enable the irq window */
static inline bool nested_svm_intr(struct vcpu_svm *svm)
{
        if (!is_guest_mode(&svm->vcpu))
                return true;

        if (!(svm->vcpu.arch.hflags & HF_VINTR_MASK))
                return true;

        if (!(svm->vcpu.arch.hflags & HF_HIF_MASK))
                return false;

        /*
         * if vmexit was already requested (by intercepted exception
         * for instance) do not overwrite it with "external interrupt"
         * vmexit.
         */
        if (svm->nested.exit_required)
                return false;