Lines Matching +full:max +full:- +full:outbound +full:- +full:regions
1 .. SPDX-License-Identifier: GPL-2.0
4 The Definitive KVM (Kernel-based Virtual Machine) API Documentation
13 - System ioctls: These query and set global attributes which affect the
17 - VM ioctls: These query and set attributes that affect an entire virtual
24 - vcpu ioctls: These query and set attributes that control the operation
32 - device ioctls: These query and set attributes that control the operation
80 facility that allows backward-compatible extensions to the API to be
104 the ioctl returns -ENOTTY.
122 -----------------------
139 -----------------
178 address used by the VM. The IPA_Bits is encoded in bits[7-0] of the
196 ioctl() at run-time.
208 ----------------------------------------------------------
214 :Returns: 0 on success; -1 on error
250 -----------------------
269 --------------------------
282 the VCPU file descriptor can be mmap-ed, including:
284 - if KVM_CAP_COALESCED_MMIO is available, a page at
289 - if KVM_CAP_DIRTY_LOG_RING is available, a number of pages at
295 -------------------
301 :Returns: vcpu fd on success, -1 on error
307 the KVM_CHECK_EXTENSION ioctl() at run-time.
309 KVM_CAP_MAX_VCPUS of the KVM_CHECK_EXTENSION ioctl() at run-time.
312 cpus max.
317 KVM_CAP_MAX_VCPU_ID of the KVM_CHECK_EXTENSION ioctl() at run-time.
332 single-threaded guest vcpus, it should make all vcpu ids be a multiple
342 --------------------------------
348 :Returns: 0 on success, -1 on error
367 If KVM_CAP_MULTI_ADDRESS_SPACE is available, bits 16-31 of slot field specifies
380 ------------
386 :Returns: 0 on success, -1 on error
407 -----------------
413 :Returns: 0 on success, -1 on error
447 -----------------
453 :Returns: 0 on success, -1 on error
461 ------------------
467 :Returns: 0 on success, -1 on error
484 /* ppc -- see arch/powerpc/include/uapi/asm/kvm.h */
492 ------------------
498 :Returns: 0 on success, -1 on error
505 ------------------
511 :Returns: 0 on success, -1 on error
532 ------------------
557 -EEXIST if an interrupt is already enqueued
558 -EINVAL the irq number is invalid
559 -ENXIO if the PIC is in the kernel
560 -EFAULT if the pointer is invalid
564 ioctl is useful if the in-kernel PIC is not used.
604 RISC-V:
631 -----------------
638 -1 on error
641 Reads the values of MSR-based features that are available for the VM. This
643 The list of msr-based features can be obtained using KVM_GET_MSR_FEATURE_INDEX_LIST
647 Reads model-specific registers from the vcpu. Supported msr indices can
671 -----------------
677 :Returns: number of msrs successfully set (see below), -1 on error
679 Writes model-specific registers to the vcpu. See KVM_GET_MSRS for the
693 ------------------
699 :Returns: 0 on success, -1 on error
705 - If this IOCTL fails, KVM gives no guarantees that previous valid CPUID
708 - Using KVM_SET_CPUID{,2} after KVM_RUN, i.e. changing the guest vCPU model
710 - Using heterogeneous CPUID configurations, modulo APIC IDs, topology, etc...
733 ------------------------
739 :Returns: 0 on success, -1 on error
744 their traditional behaviour) will cause KVM_RUN to return with -EINTR.
759 ----------------
765 :Returns: 0 on success, -1 on error
797 ----------------
803 :Returns: 0 on success, -1 on error
835 -----------------------
841 :Returns: 0 on success, -1 on error
845 future vcpus to have a local APIC. IRQ routing for GSIs 0-15 is set to both
846 PIC and IOAPIC; GSI 16-23 only go to the IOAPIC.
857 -----------------
863 :Returns: 0 on success, -1 on error
867 been previously created with KVM_CREATE_IRQCHIP. Note that edge-triggered
870 On real hardware, interrupt pins can be active-low or active-high. This
875 (active-low/active-high) for level-triggered interrupts, and KVM used
877 active-low interrupts, the above convention is now valid on x86 too.
879 should not present interrupts to the guest as active-low unless this
880 capability is present (or unless it is not using the in-kernel irqchip,
885 in-kernel irqchip (GIC), and for in-kernel irqchip can tell the GIC to
894 - irq_type[0]:
895 out-of-kernel GIC: irq_id 0 is IRQ, irq_id 1 is FIQ
896 - irq_type[1]:
897 in-kernel GIC: SPI, irq_id between 32 and 1019 (incl.)
899 - irq_type[2]:
900 in-kernel GIC: PPI, irq_id between 16 and 31 (incl.)
911 injection of interrupts for the in-kernel irqchip. KVM_IRQ_LINE can always
926 --------------------
932 :Returns: 0 on success, -1 on error
951 --------------------
957 :Returns: 0 on success, -1 on error
976 -----------------------
982 :Returns: 0 on success, -1 on error
987 page of a blob (32- or 64-bit, depending on the vcpu mode) to guest
1022 ------------------
1028 :Returns: 0 on success, -1 on error
1072 ------------------
1078 :Returns: 0 on success, -1 on error
1107 ------------------------
1114 :Returns: 0 on success, -1 on error
1159 - KVM_VCPUEVENT_VALID_SHADOW may be set to signal that
1162 - KVM_VCPUEVENT_VALID_SMM may be set to signal that smi contains a
1165 - KVM_VCPUEVENT_VALID_PAYLOAD may be set to signal that the
1170 - KVM_VCPUEVENT_VALID_TRIPLE_FAULT may be set to signal that the
1189 guest-visible registers. It is not possible to 'cancel' an SError that has been
1192 A device being emulated in user-space may also wish to generate an SError. To do
1193 this the events structure can be populated by user-space. The current state
1202 always have a non-zero value when read, and the agent making an SError pending
1204 the system supports KVM_CAP_ARM_INJECT_SERROR_ESR, but user-space sets the events
1208 -EINVAL. Setting anything other than the lower 24bits of exception.serror_esr
1209 will return -EINVAL.
1230 ------------------------
1237 :Returns: 0 on success, -1 on error
1250 suppress overwriting the current in-kernel state. The bits are:
1255 KVM_VCPUEVENT_VALID_SMM transfer the smi sub-struct.
1297 ----------------------
1303 :Returns: 0 on success, -1 on error
1319 ----------------------
1325 :Returns: 0 on success, -1 on error
1334 -------------------------------
1340 :Returns: 0 on success, -1 on error
1357 memory slot. Bits 0-15 of "slot" specify the slot id and this value
1362 If KVM_CAP_MULTI_ADDRESS_SPACE is available, bits 16-31 of "slot"
1389 to make a new slot read-only. In this case, writes to this memory will be
1397 Note: On arm64, a write generated by the page-table walker (to update
1401 page-table walker, making it impossible to emulate the access.
1402 Instead, an abort (data abort if the cause of the page-table update
1407 ---------------------
1413 :Returns: 0 on success, -1 on error
1415 This ioctl defines the physical address of a three-page region in the guest
1421 This ioctl is required on Intel-based hosts. This is needed on Intel hardware
1427 -------------------
1433 :Returns: 0 on success; -1 on error
1439 :Returns: 0 on success; -1 on error
1478 The vcpu ioctl should be used for vcpu-specific capabilities, the vm ioctl
1479 for vm-wide capabilities.
1482 ---------------------
1488 :Returns: 0 on success; -1 on error
1523 in-kernel irqchip, the multiprocessing state must be maintained by userspace on
1563 ---------------------
1569 :Returns: 0 on success; -1 on error
1575 in-kernel irqchip, the multiprocessing state must be maintained by userspace on
1588 ------------------------------
1594 :Returns: 0 on success, -1 on error
1596 This ioctl defines the physical address of a one-page region in the guest
1605 This ioctl is required on Intel-based hosts. This is needed on Intel hardware
1612 ------------------------
1618 :Returns: 0 on success, -1 on error
1627 ------------------
1633 :Returns: 0 on success, -1 on error
1647 ------------------
1653 :Returns: 0 on success, -1 on error
1675 -----------------
1681 :Returns: 0 on success, -1 on error
1702 -----------------
1708 :Returns: 0 on success, -1 on error
1729 ----------------------------
1735 :Returns: 0 on success, -1 on error
1768 Dynamically-enabled feature bits need to be requested with
1778 with the 'nent' field indicating the number of entries in the variable-size
1818 -----------------------
1848 ------------------------
1854 :Returns: 0 on success, -1 on error
1860 - GSI routing does not apply to KVM_IRQ_LINE but only to KVM_IRQFD.
1898 - KVM_MSI_VALID_DEVID: used along with KVM_IRQ_ROUTING_MSI routing entry
1899 type, specifies that the devid field contains a valid value. The per-VM
1903 - zero otherwise
1928 address_hi bits 31-8 provide bits 31-8 of the destination id. Bits 7-0 of
1962 --------------------
1968 :Returns: 0 on success, -1 on error
1978 --------------------
1984 :Returns: virtual tsc-khz on success, negative value on error
1987 KHz. If the host has unstable tsc this ioctl returns -EIO instead as an
1992 ------------------
1998 :Returns: 0 on success, -1 on error
2013 the APIC_ID register (bytes 32-35). xAPIC only allows an 8-bit APIC ID
2014 which is stored in bits 31-24 of the APIC register, or equivalently in
2023 ------------------
2029 :Returns: 0 on success, -1 on error
2041 The format of the APIC ID register (bytes 32-35 of struct kvm_lapic_state's
2047 ------------------
2070 For the special case of virtio-ccw devices on s390, the ioevent is matched
2084 For virtio-ccw devices, addr contains the subchannel id and datamatch the
2093 ------------------
2099 :Returns: 0 on success, -1 on error
2119 The array is little-endian: the bit 0 is the least significant bit of the
2129 -------------------------
2138 is an IOMMU for PAPR-style virtual I/O. It is used to translate
2152 which this TCE table will translate - the table will contain one 64
2162 the entries written by kernel-handled H_PUT_TCE calls, and also lets
2168 ---------------------
2177 time by the kernel. An RMA is a physically-contiguous, aligned region
2179 will be accessed by real-mode (MMU off) accesses in a KVM guest.
2204 ------------
2210 :Returns: 0 on success, -1 on error
2220 - pause the vcpu
2221 - read the local APIC's state (KVM_GET_LAPIC)
2222 - check whether changing LINT1 will queue an NMI (see the LVT entry for LINT1)
2223 - if so, issue KVM_NMI
2224 - resume the vcpu
2231 ----------------------
2253 ------------------------
2275 ------------------------
2293 --------------------
2533 ARM 32-bit CP15 registers have the following id bit patterns::
2537 ARM 64-bit CP15 registers have the following id bit patterns::
2545 ARM 32-bit VFP control registers have the following id bit patterns::
2549 ARM 64-bit FP registers have the following id bit patterns::
2553 ARM firmware pseudo-registers have the following bit pattern::
2561 arm64 core/FP-SIMD registers have the following id bit patterns. Note
2595 .. [1] These encodings are not accepted for SVE-enabled vcpus. See
2620 arm64 firmware pseudo-registers have the following bit pattern::
2629 0x6060 0000 0015 ffff KVM_REG_ARM64_SVE_VLS pseudo-register
2632 ENOENT. max_vq is the vcpu's maximum supported vector length in 128-bit
2643 KVM_REG_ARM64_SVE_VLS is a pseudo-register that allows the set of vector
2653 ((vector_lengths[(vq - KVM_ARM64_SVE_VQ_MIN) / 64] >>
2654 ((vq - KVM_ARM64_SVE_VQ_MIN) % 64)) & 1))
2676 is hardware-dependent and may not be available. Attempting to configure
2683 arm64 bitmap feature firmware pseudo-registers have the following bit pattern::
2697 a -EBUSY to userspace.
2710 patterns depending on whether they're 32-bit or 64-bit registers::
2712 0x7020 0000 0001 00 <reg:5> <sel:3> (32-bit)
2713 0x7030 0000 0001 00 <reg:5> <sel:3> (64-bit)
2738 0x7020 0000 0003 00 <0:3> <reg:5> (32-bit FPU registers)
2739 0x7030 0000 0003 00 <0:3> <reg:5> (64-bit FPU registers)
2740 0x7040 0000 0003 00 <0:3> <reg:5> (128-bit MSA vector registers)
2752 RISC-V registers are mapped using the lower 32 bits. The upper 8 bits of
2755 RISC-V config registers are meant for configuring a Guest VCPU and it has
2761 Following are the RISC-V config registers:
2773 RISC-V core registers represent the general execution state of a Guest VCPU
2779 Following are the RISC-V core registers:
2816 0x80x0 0000 0200 0020 mode Privilege mode (1 = S-mode or 0 = U-mode)
2819 RISC-V csr registers represent the supervisor mode control/status registers
2825 Following are the RISC-V csr registers:
2841 RISC-V timer registers represent the timer state of a Guest VCPU and it has
2846 Following are the RISC-V timer registers:
2851 0x8030 0000 0400 0000 frequency Time base frequency (read-only)
2857 RISC-V F-extension registers represent the single precision floating point
2862 Following are the RISC-V F-extension registers:
2873 RISC-V D-extension registers represent the double precision floating point
2877 0x8030 0000 06 <index into the __riscv_d_ext_state struct:24> (non-fcsr)
2879 Following are the RISC-V D-extension registers:
2896 0x9030 0000 0001 00 <reg:5> <sel:3> (64-bit)
2905 --------------------
2935 ----------------------
2941 :Returns: 0 on success, -1 on error
2952 load-link/store-conditional, or equivalent must be used. There are two cases
2959 -------------------
2965 :Returns: >0 on delivery, 0 if guest blocked the MSI, and -1 on error
2967 Directly inject a MSI message. Only valid with in-kernel irqchip that handles
2982 KVM_MSI_VALID_DEVID: devid contains a valid value. The per-VM
2993 address_hi bits 31-8 provide bits 31-8 of the destination id. Bits 7-0 of
2998 --------------------
3004 :Returns: 0 on success, -1 on error
3006 Creates an in-kernel device model for the i8254 PIT. This call is only valid
3007 after enabling in-kernel irqchip support via KVM_CREATE_IRQCHIP. The following
3019 PIT timer interrupts may use a per-VM kernel thread for injection. If it
3022 kvm-pit/<owner-process-pid>
3031 -----------------
3037 :Returns: 0 on success, -1 on error
3039 Retrieves the state of the in-kernel PIT model. Only valid after
3059 -----------------
3065 :Returns: 0 on success, -1 on error
3067 Sets the state of the in-kernel PIT model. Only valid after KVM_CREATE_PIT2.
3074 --------------------------
3080 :Returns: 0 on success, -1 on error
3085 device-tree properties for the guest operating system.
3099 - KVM_PPC_PAGE_SIZES_REAL:
3104 - KVM_PPC_1T_SEGMENTS
3108 - KVM_PPC_NO_HASH
3149 --------------
3155 :Returns: 0 on success, -1 on error
3165 With KVM_CAP_IRQFD_RESAMPLE, KVM_IRQFD supports a de-assert and notify
3166 mechanism allowing emulation of level-triggered, irqfd-based
3171 as from an EOI, the gsi is de-asserted and the user is notified via
3172 kvm_irqfd.resamplefd. It is the user's responsibility to re-queue
3180 - in case no routing entry is associated to this gsi, injection fails
3181 - in case the gsi is associated to an irqchip routing entry,
3183 - in case the gsi is associated to an MSI routing entry, the MSI
3185 to GICv3 ITS in-kernel emulation).
3188 --------------------------
3194 :Returns: 0 on success, -1 on error
3206 The parameter is a pointer to a 32-bit unsigned integer variable
3213 default-sized hash table (16 MB).
3221 real-mode area (VRMA) facility, the kernel will re-create the VMRA
3225 -----------------------
3231 :Returns: 0 on success, -1 on error
3247 - sigp stop; optional flags in parm
3249 - program check; code in parm
3251 - sigp set prefix; prefix address in parm
3253 - restart
3255 - clock comparator interrupt
3257 - CPU timer interrupt
3259 - virtio external interrupt; external interrupt
3262 - sclp external interrupt; sclp parameter in parm
3264 - sigp emergency; source cpu in parm
3266 - sigp external call; source cpu in parm
3268 - compound value to indicate an
3269 I/O interrupt (ai - adapter interrupt; cssid,ssid,schid - subchannel);
3273 - machine check interrupt; cr 14 bits in parm, machine check interrupt
3280 ------------------------
3286 :Returns: file descriptor number (>= 0) on success, -1 on error
3335 ----------------------
3341 :Returns: 0 on success, -1 on error
3374 --------------------------------------------
3382 :Returns: 0 on success, -1 on error
3390 (e.g. read-only attribute, or attribute that only makes
3397 semantics are device-specific. See individual device documentation in
3405 __u32 group; /* device-defined */
3406 __u64 attr; /* group-defined */
3411 ------------------------
3418 :Returns: 0 on success, -1 on error
3435 ----------------------
3441 :Returns: 0 on success; -1 on error
3456 - Processor state:
3461 - General Purpose registers, including PC and SP: set to 0
3462 - FPSIMD/NEON registers: set to 0
3463 - SVE registers: set to 0
3464 - System registers: Reset to their architecturally defined
3477 - KVM_ARM_VCPU_POWER_OFF: Starts the CPU in a power-off state.
3480 - KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode.
3482 - KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 (or a future revision
3485 - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU.
3488 - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication
3496 - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication
3504 - KVM_ARM_VCPU_SVE: Enables SVE for the CPU (arm64 only).
3510 - KVM_REG_ARM64_SVE_VLS may be read using KVM_GET_ONE_REG: the
3511 initial value of this pseudo-register indicates the best set of
3516 - KVM_RUN and KVM_GET_REG_LIST are not available;
3518 - KVM_GET_ONE_REG and KVM_SET_ONE_REG cannot be used to access
3523 - KVM_REG_ARM64_SVE_VLS may optionally be written using
3529 - the KVM_REG_ARM64_SVE_VLS pseudo-register is immutable, and can
3533 -----------------------------
3539 :Returns: 0 on success; -1 on error
3552 kvm_vcpu_init->features bitmap returned will have feature bits set if
3562 ---------------------
3568 :Returns: 0 on success; -1 on error
3589 -----------------------------------------
3595 :Returns: 0 on success, -1 on error
3625 arm64 currently only require this when using the in-kernel GIC
3631 base addresses will return -EEXIST.
3638 ------------------------------
3644 :Returns: 0 on success, -1 on error
3649 of a service that has a kernel-side implementation. If the token
3650 value is non-zero, it will be associated with that service, and
3658 ------------------------
3664 :Returns: 0 on success; -1 on error
3679 - KVM_GUESTDBG_ENABLE: guest debugging is enabled
3680 - KVM_GUESTDBG_SINGLESTEP: the next run should single-step
3685 - KVM_GUESTDBG_USE_SW_BP: using software breakpoints [x86, arm64]
3686 - KVM_GUESTDBG_USE_HW_BP: using hardware breakpoints [x86, s390]
3687 - KVM_GUESTDBG_USE_HW: using hardware debug events [arm64]
3688 - KVM_GUESTDBG_INJECT_DB: inject DB type exception [x86]
3689 - KVM_GUESTDBG_INJECT_BP: inject BP type exception [x86]
3690 - KVM_GUESTDBG_EXIT_PENDING: trigger an immediate guest exit [s390]
3691 - KVM_GUESTDBG_BLOCKIRQ: avoid injecting interrupts/NMI/SMI [x86]
3709 the single-step debug event (KVM_GUESTDBG_SINGLESTEP) is supported.
3719 ---------------------------
3725 :Returns: 0 on success, -1 on error
3760 the variable-size array 'entries'. If the number of entries is too low
3794 --------------------
3801 < 0 on generic error (e.g. -EFAULT or -ENOMEM),
3859 Logical accesses are permitted for non-protected guests only.
3877 translation-exception identifier (TEID) indicates suppression.
3900 Absolute accesses are permitted for non-protected guests only.
3939 -----------------------
3965 will cause the ioctl to return -EINVAL.
3971 -----------------------
3989 will cause the ioctl to return -EINVAL.
3996 the ioctl will return -EINVAL.
3999 -----------------
4005 :Returns: 0 on success, -1 on error
4046 - KVM_S390_SIGP_STOP - sigp stop; parameter in .stop
4047 - KVM_S390_PROGRAM_INT - program check; parameters in .pgm
4048 - KVM_S390_SIGP_SET_PREFIX - sigp set prefix; parameters in .prefix
4049 - KVM_S390_RESTART - restart; no parameters
4050 - KVM_S390_INT_CLOCK_COMP - clock comparator interrupt; no parameters
4051 - KVM_S390_INT_CPU_TIMER - CPU timer interrupt; no parameters
4052 - KVM_S390_INT_EMERGENCY - sigp emergency; parameters in .emerg
4053 - KVM_S390_INT_EXTERNAL_CALL - sigp external call; parameters in .extcall
4054 - KVM_S390_MCHK - machine check interrupt; parameters in .mchk
4059 ---------------------------
4066 -EINVAL if buffer size is 0,
4067 -ENOBUFS if buffer size is too small to fit all pending interrupts,
4068 -EFAULT if the buffer address was invalid
4086 the kernel never checked for flags == 0 and QEMU never pre-zeroed flags and
4090 If -ENOBUFS is returned the buffer provided was too small and userspace
4094 ---------------------------
4101 -EFAULT if the buffer address was invalid,
4102 -EINVAL for an invalid buffer length (see below),
4103 -EBUSY if there were already interrupts pending,
4107 This ioctl allows userspace to set the complete state of all cpu-local
4129 which is the maximum number of possibly pending cpu-local interrupts.
4132 ------------
4138 :Returns: 0 on success, -1 on error
4143 ----------------------------
4223 MSR accesses as part of nested VM-Enter/VM-Exit are not filtered.
4241 ----------------------------
4274 -------------------------
4281 -EFAULT if struct kvm_reinject_control cannot be read,
4282 -ENXIO if KVM_CREATE_PIT or KVM_CREATE_PIT2 didn't succeed earlier.
4301 ------------------------------
4308 -EFAULT if struct kvm_ppc_mmuv3_cfg cannot be read,
4309 -EINVAL if the configuration is invalid
4335 ---------------------------
4342 -EFAULT if struct kvm_ppc_rmmu_info cannot be written,
4343 -EINVAL if no useful information can be returned
4372 --------------------------------
4381 -EFAULT if struct kvm_reinject_control cannot be read,
4382 -EINVAL if the supplied shift or flags are invalid,
4383 -ENOMEM if unable to allocate the new HPT,
4416 returns 0 (i.e. cancels any in-progress preparation).
4419 flags will result in an -EINVAL.
4426 -------------------------------
4433 -EFAULT if struct kvm_reinject_control cannot be read,
4434 -EINVAL if the supplied shift or flags are invalid,
4435 -ENXIO is there is no pending HPT, or the pending HPT doesn't
4437 -EBUSY if the pending HPT is not fully prepared,
4438 -ENOSPC if there was a hash collision when moving existing
4440 -EIO on other error conditions
4457 KVM_PPC_RESIZE_HPT_COMMIT will return an error (usually -ENXIO or
4458 -EBUSY, though others may be possible if the preparation was started,
4471 -----------------------------------
4477 :Returns: 0 on success, -1 on error
4484 -----------------------
4491 -EFAULT if u64 mcg_cap cannot be read,
4492 -EINVAL if the requested number of banks is invalid,
4493 -EINVAL if requested MCE capability is not supported.
4498 supported number of error-reporting banks can be retrieved when
4503 ---------------------
4510 -EFAULT if struct kvm_x86_mce cannot be read,
4511 -EINVAL if the bank number is invalid,
4512 -EINVAL if VAL bit is not set in status field.
4537 ----------------------------
4560 - During live migration to save the CMMA values. Live migration needs
4562 - To non-destructively peek at the CMMA values, with the flag
4593 KVM_S390_SKEYS_MAX. KVM_S390_SKEYS_MAX is re-used for consistency with
4638 ----------------------------
4677 This ioctl can fail with -ENOMEM if not enough memory can be allocated to
4678 complete the task, with -ENXIO if CMMA is not enabled, with -EINVAL if
4680 if the flags field was not 0, with -EFAULT if the userspace address is
4686 --------------------------
4693 -EFAULT if struct kvm_ppc_cpu_char cannot be written
4698 CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). The information is
4715 with preventing inadvertent information disclosure - specifically,
4716 whether there is an instruction to flash-invalidate the L1 data cache
4733 ---------------------------
4739 :Returns: 0 on success; -1 on error
4742 for issuing platform-specific memory encryption commands to manage those
4747 Documentation/virt/kvm/x86/amd-memory-encryption.rst.
4750 -----------------------------------
4756 :Returns: 0 on success; -1 on error
4761 It is used in the SEV-enabled guest. When encryption is enabled, a guest
4774 -------------------------------------
4780 :Returns: 0 on success; -1 on error
4786 ------------------------
4794 the specified Hyper-V connection id through the SIGNAL_EVENT hypercall, without
4795 causing a user exit. SIGNAL_EVENT hypercall with non-zero event flag number
4796 (bits 24-31) still triggers a KVM_EXIT_HYPERV_HCALL user exit.
4816 -EINVAL if conn_id or flags is outside the allowed range,
4817 -ENOENT on deassign if the conn_id isn't registered,
4818 -EEXIST on assign if the conn_id is already registered
4821 --------------------------
4827 :Returns: 0 on success, -1 on error
4895 --------------------------
4901 :Returns: 0 on success, -1 on error
4907 -------------------------------------
4936 ------------------------------------
4942 :Returns: 0 on success, -1 on error
4964 in KVM's dirty bitmap, and dirty tracking is re-enabled for that page
4965 (for example via write-protection, or by clearing the dirty bit in
4968 If KVM_CAP_MULTI_ADDRESS_SPACE is available, bits 16-31 of slot field specifies
4978 --------------------------------
4984 :Returns: 0 on success, -1 on error
5005 This ioctl returns x86 cpuid features leaves related to Hyper-V emulation in
5007 cpuid information presented to guests consuming Hyper-V enlightenments (e.g.
5008 Windows or Hyper-V guests).
5010 CPUID feature leaves returned by this ioctl are defined by Hyper-V Top Level
5017 - HYPERV_CPUID_VENDOR_AND_MAX_FUNCTIONS
5018 - HYPERV_CPUID_INTERFACE
5019 - HYPERV_CPUID_VERSION
5020 - HYPERV_CPUID_FEATURES
5021 - HYPERV_CPUID_ENLIGHTMENT_INFO
5022 - HYPERV_CPUID_IMPLEMENT_LIMITS
5023 - HYPERV_CPUID_NESTED_FEATURES
5024 - HYPERV_CPUID_SYNDBG_VENDOR_AND_MAX_FUNCTIONS
5025 - HYPERV_CPUID_SYNDBG_INTERFACE
5026 - HYPERV_CPUID_SYNDBG_PLATFORM_CAPABILITIES
5029 with the 'nent' field indicating the number of entries in the variable-size
5030 array 'entries'. If the number of entries is too low to describe all Hyper-V
5032 to the number of Hyper-V feature leaves, the 'nent' field is adjusted to the
5042 - HYPERV_CPUID_NESTED_FEATURES leaf and HV_X64_ENLIGHTENED_VMCS_RECOMMENDED
5045 - HV_STIMER_DIRECT_MODE_AVAILABLE bit is only exposed with in-kernel LAPIC.
5049 ---------------------------
5054 :Returns: 0 on success, -1 on error
5080 that should be performed and how to do it are feature-dependent.
5084 -EPERM unless the feature has already been finalized by means of a
5091 ------------------------------
5097 :Returns: 0 on success, -1 on error
5150 ---- -----------
5179 When setting a new pmu event filter, -EINVAL will be returned if any of the
5191 Specifically, KVM follows the following pseudo-code when determining whether to
5192 allow the guest FixCtr[i] to count its pre-defined fixed event::
5207 ---------------------
5231 ---------------------------
5243 ----------------------------
5256 --------------------------
5270 -------------------------
5315 All registered VCPUs are converted back to non-protected ones. If a
5416 not succeed all other subcommands will fail with -EINVAL. This
5417 subcommand will return -EINVAL if a dump process has not yet been
5448 resume execution immediately as non-protected. There can be at most
5473 --------------------------
5518 Sets the ABI mode of the VM to 32-bit or 64-bit (long mode). This
5545 This is the HVM-wide vector injected directly by the hypervisor
5553 an outbound port number for interception of EVTCHNOP_send requests
5561 outbound event channels. The values of the flags field are mutually
5567 the 32-bit version code returned to the guest when it invokes the
5582 --------------------------
5595 ---------------------------
5665 other four times. The state field must be set to -1, or to a valid
5673 vCPU ID of the given vCPU, to allow timer-related VCPU operations to
5686 per-vCPU local APIC upcall vector, configured by a Xen guest with
5688 used by Windows guests, and is distinct from the HVM-wide upcall
5694 ---------------------------
5709 ---------------------------
5715 :Returns: number of bytes copied, < 0 on error (-EINVAL for incorrect
5716 arguments, -EFAULT if memory cannot be accessed).
5730 ``length`` must not be bigger than 2^31 - PAGE_SIZE bytes. The ``addr``
5747 --------------------
5753 :Returns: 0 on success, -1 on error
5780 --------------------
5786 :Returns: 0 on success, -1 on error
5793 ----------------------
5812 +-------------+
5814 +-------------+
5816 +-------------+
5818 +-------------+
5820 +-------------+
5910 Bits 0-3 of ``flags`` encode the type:
5932 is [``hist_param``*(N-1), ``hist_param``*N), while the range of the last
5933 bucket is [``hist_param``*(``size``-1), +INF). (+INF means positive infinity
5938 [0, 1), while the range of the last bucket is [pow(2, ``size``-2), +INF).
5940 [pow(2, N-2), pow(2, N-1)).
5942 Bits 4-7 of ``flags`` encode the unit:
5965 Bits 8-11 of ``flags``, together with ``exponent``, encode the scale of the
5970 CPU clock cycles. For example, an exponent of -9 can be used with
5986 bucket in the unit expressed by bits 4-11 of ``flags`` together with ``exponent``.
5992 The Stats Data block contains an array of 64-bit values in the same order
5996 --------------------
6002 :Returns: 0 on success, -1 on error
6023 -----------------------------
6043 -----------------------------
6052 for vcpus. It re-uses the kvm_s390_pv_dmp struct and hence also shares
6068 ----------------------
6076 Used to manage hardware-assisted virtualization features for zPCI devices.
6115 --------------------------------
6123 This capability indicates that userspace is able to apply a single VM-wide
6144 (-EINVAL) being returned. This ioctl can also return -EBUSY if any vcpu
6155 -------------------------------------------
6194 op0==3, op1=={0, 1, 3}, CRn==0, CRm=={0-7}, op2=={0-7}.
6203 ---------------------------------
6209 :Returns: 0 on success, -1 on error
6239 on-demand.
6248 -------------------------------
6284 ----------------------------
6320 most one mapping per page, i.e. binding multiple memory regions to a single
6321 guest_memfd range is not allowed (any number of memory regions can be bound to
6348 This field is polled once when KVM_RUN starts; if non-zero, KVM_RUN
6349 exits immediately, returning -EINTR. In the common scenario where a
6353 a signal handler that sets run->immediate_exit to a non-zero value.
6379 The value of the current interrupt flag. Only valid if in-kernel
6386 More architecture-specific flags detailing state of the VCPU that may
6401 The value of the cr8 register. Only valid if in-kernel local APIC is
6408 The value of the APIC BASE msr. Only valid if in-kernel local
6420 reasons. Further architecture-specific information is available in
6432 to unknown reasons. Further architecture-specific information is
6485 executed a memory-mapped I/O instruction which could not be satisfied
6498 has re-entered the kernel with KVM_RUN. The kernel side will first finish
6503 completed before performing a live migration. Userspace can re-enter the
6526 ----------
6537 - ``KVM_HYPERCALL_EXIT_SMC``: Indicates that the guest used the SMC
6541 - ``KVM_HYPERCALL_EXIT_16BIT``: Indicates that the guest used a 16bit
6610 Deprecated - was used for 440 KVM.
6636 This is used on 64-bit PowerPC when emulating a pSeries partition,
6640 the arguments (from the guest R4 - R12). Userspace should put the
6701 a system-level event using some architecture specific mechanism (hypercall
6705 The 'type' field describes the system-level event type.
6708 - KVM_SYSTEM_EVENT_SHUTDOWN -- the guest has requested a shutdown of the
6712 - KVM_SYSTEM_EVENT_RESET -- the guest has requested a reset of the VM.
6715 - KVM_SYSTEM_EVENT_CRASH -- the guest crash occurred and the guest
6719 - KVM_SYSTEM_EVENT_SEV_TERM -- an AMD SEV guest requested termination.
6721 - KVM_SYSTEM_EVENT_WAKEUP -- the exiting vCPU is in a suspended state and
6724 - KVM_SYSTEM_EVENT_SUSPEND -- the guest has requested a suspension of
6728 architecture specific information for the system-level event. Only
6731 - for arm64, data[0] is set to KVM_SYSTEM_EVENT_RESET_FLAG_PSCI_RESET2 if
6735 - for RISC-V, data[0] is set to the value of the second argument of the
6743 --------------
6753 the call parameters are left in-place in the vCPU registers.
6758 - Honor the guest request to suspend the VM. Userspace can request
6759 in-kernel emulation of suspension by setting the calling vCPU's
6765 - Deny the guest request to suspend the VM. See ARM DEN0022D.b 5.19.2
6775 Indicates that the VCPU's in-kernel local APIC received an EOI for a
6776 level-triggered IOAPIC interrupt. This exit only triggers when the
6818 related to Hyper-V emulation.
6822 - KVM_EXIT_HYPERV_SYNIC -- synchronously notify user-space about
6824 Hyper-V SynIC state change. Notification is used to remap SynIC
6828 - KVM_EXIT_HYPERV_SYNDBG -- synchronously notify user-space about
6830 Hyper-V Synthetic debugger state change. Notification is used to either update
6849 the VM. KVM assumed that if the guest accessed non-memslot memory, it was
6872 __u8 error; /* user -> kernel */
6874 __u32 reason; /* kernel -> user */
6875 __u32 index; /* kernel -> user */
6876 __u64 data; /* kernel <-> user */
6934 - KVM_EXIT_XEN_HCALL -- synchronously notify user-space about Xen hypercall.
6949 done a SBI call which is not handled by KVM RISC-V kernel module. The details
6955 values of SBI call before resuming the VCPU. For more details on RISC-V SBI
6956 spec refer, https://github.com/riscv/riscv-sbi-doc.
6973 - KVM_MEMORY_EXIT_FLAG_PRIVATE - When set, indicates the memory fault occurred
6978 accompanies a return code of '-1', not '0'! errno will always be set to EFAULT
6991 enabled, a VM exit generated if no event window occurs in VM non-root mode
6999 - KVM_NOTIFY_CONTEXT_INVALID -- the VM context is corrupted and not valid
7050 whether this is a per-vcpu or per-vm capability.
7061 -------------------
7066 :Returns: 0 on success; -1 on error
7070 were invented by Mac-on-Linux to have a standardized communication mechanism
7077 --------------------
7082 :Returns: 0 on success; -1 on error
7098 ------------------
7103 :Returns: 0 on success; -1 on error
7116 addresses of mmu-type-specific data structures. The "array_len" field is an
7132 - The "params" field is of type "struct kvm_book3e_206_tlb_params".
7133 - The "array" field points to an array of type "struct
7135 - The array consists of all entries in the first TLB, followed by all
7137 - Within a TLB, entries are ordered first by increasing set number. Within a
7139 - The hash for determining set number in TLB0 is: (MAS2 >> 12) & (num_sets - 1)
7141 - The tsize field of mas1 shall be set to 4K on TLB0, even though the
7145 ----------------------------
7150 :Returns: 0 on success; -1 on error
7155 handled in-kernel, while the other I/O instructions are passed to userspace.
7160 Note that even though this capability is enabled per-vcpu, the complete
7164 -------------------
7169 :Returns: 0 on success; -1 on error
7183 --------------------
7189 This capability connects the vcpu to an in-kernel MPIC device.
7192 --------------------
7199 This capability connects the vcpu to an in-kernel XICS device.
7202 ------------------------
7208 This capability enables the in-kernel irqchip for s390. Please refer to
7212 --------------------
7226 ---------------------
7239 ----------------------
7244 :Returns: x86: KVM_CHECK_EXTENSION returns a bit-array indicating which register
7260 - the register sets to be copied out to kvm_run are selectable
7262 - vcpu_events are available in addition to regs and sregs.
7265 function as an input bit-array field set by userspace to indicate the
7285 -------------------------
7292 This capability connects the vcpu to an in-kernel XIVE device.
7317 ----------------------------
7321 args[1] is 0 to disable, 1 to enable in-kernel handling
7324 get handled by the kernel or not. Enabling or disabling in-kernel
7326 initial set of hcalls are enabled for in-kernel handling, which
7327 consists of those hcalls for which in-kernel handlers were implemented
7334 If the hcall number specified is not one that has an in-kernel
7339 --------------------------
7348 - SENSE
7349 - SENSE RUNNING
7350 - EXTERNAL CALL
7351 - EMERGENCY SIGNAL
7352 - CONDITIONAL EMERGENCY SIGNAL
7361 ---------------------------------
7369 return -EINVAL if the machine does not support vectors.
7372 --------------------------
7377 This capability allows post-handlers for the STSI instruction. After
7382 vcpu->run::
7393 @addr - guest address of STSI SYSIB
7394 @fc - function code
7395 @sel1 - selector 1
7396 @sel2 - selector 2
7397 @ar - access register number
7399 KVM handlers should exit to userspace with rc = -EREMOTE.
7402 -------------------------
7405 :Parameters: args[0] - number of routes reserved for userspace IOAPICs
7406 :Returns: 0 on success, -1 on error
7423 -------------------
7428 Allows use of runtime-instrumentation introduced with zEC12 processor.
7429 Will return -EINVAL if the machine does not support runtime-instrumentation.
7430 Will return -EBUSY if a VCPU has already been created.
7433 ----------------------
7436 :Parameters: args[0] - features that should be enabled
7437 :Returns: 0 on success, -EINVAL when args[0] contains invalid features
7446 allowing the use of 32-bit APIC IDs. See KVM_CAP_X2APIC_API in their
7453 where 0xff represents CPUs 0-7 in cluster 0.
7456 ----------------------------
7463 mechanism e.g. to realize 2-byte software breakpoints. The kernel will
7471 -------------------
7475 :Returns: 0 on success; -EINVAL if the machine does not support
7476 guarded storage; -EBUSY if a VCPU has already been created.
7481 ---------------------
7486 Allow use of adapter-interruption suppression.
7487 :Returns: 0 on success; -EBUSY if a VCPU has already been created.
7490 --------------------
7508 ----------------------
7520 ------------------------------
7524 :Returns: 0 on success, -EINVAL when args[0] contains invalid exits
7543 --------------------------
7547 :Returns: 0 on success, -EINVAL if hpage module parameter was not set
7555 hpage module parameter is not set to 1, -EINVAL is returned.
7561 ------------------------------
7571 --------------------------
7575 :Returns: 0 on success, -EINVAL when the implementation doesn't support
7576 nested-HV virtualization.
7578 HV-KVM on POWER9 and later systems allows for "nested-HV"
7580 can run using the CPU's supervisor mode (privileged non-hypervisor
7583 kvm-hv module parameter.
7586 ------------------------------
7592 emulated VM-exit when L1 intercepts a #PF exception that occurs in
7593 L2. Similarly, for kvm-intel only, DR6 will not be modified prior to
7594 the emulated VM-exit when L1 intercepts a #DB exception that occurs in
7600 exception.has_payload and to put the faulting address - or the new DR6
7601 bits\ [#]_ - in the exception_payload field.
7612 --------------------------------------
7623 automatically clear and write-protect all pages that are returned as dirty.
7629 KVM_CLEAR_DIRTY_LOG ioctl can operate on a 64-page granularity rather
7654 ------------------------------
7671 ----------------------
7676 :Returns: 0 on success; -1 on error
7679 maximum halt-polling time for all vCPUs in the target VM. This capability can
7681 maximum halt-polling time.
7683 See Documentation/virt/kvm/halt-polling.rst for more information on halt
7687 -------------------------------
7692 :Returns: 0 on success; -1 on error
7719 -------------------------------
7724 :Returns: 0 on success, -EINVAL when args[0] contains invalid bits
7750 KVM_RUN_BUS_LOCK flag in vcpu-run->flags field and exit to userspace. Concerning
7756 ----------------------
7760 :Returns: 0 on success, -EINVAL when CPU doesn't support 2nd DAWR
7767 -------------------------------------
7777 This is intended to support in-guest workloads scheduled by the host. This
7778 allows the in-guest workload to maintain its own NPTs and keeps the two vms
7783 --------------------------
7788 :Returns: 0 on success, -EINVAL if the file handle is invalid or if a requested
7806 -------------------------------
7817 IBM pSeries (sPAPR) guest starts using it if "hcall-rpt-invalidate" is
7818 present in the "ibm,hypertas-functions" device-tree property.
7824 --------------------------------------
7842 --------------------
7859 ``MAP_ANONYMOUS`` or with a RAM-based file mapping (``tmpfs``, ``memfd``),
7861 -EINVAL return.
7867 -------------------------------------
7877 This is intended to support intra-host migration of VMs between userspace VMMs,
7881 -------------------------------
7891 This capability allows a guest kernel to use a better-performance mode for
7895 ----------------------------
7898 :Parameters: args[0] - set of KVM quirks to disable
7930 KVM_X86_QUIRK_OUT_7E_INC_RIP By default, KVM pre-increments %rip before
7933 KVM does not pre-increment %rip before
7967 ------------------------
7971 :Parameters: args[0] - maximum APIC ID value set for current VM
7972 :Returns: 0 on success, -EINVAL if args[0] is beyond KVM_MAX_VCPU_IDS
7988 ------------------------------
7993 :Returns: 0 on success, -EINVAL if args[0] contains invalid flags or notify
8003 in per-VM scope during VM creation. Notify VM exit is disabled by default.
8006 a VM exit if no event window occurs in VM non-root mode for a specified of
8017 ------------------------------
8020 :Returns: Informational only, -EINVAL on direct KVM_ENABLE_CAP.
8023 kvm_run.memory_fault if KVM cannot resolve a guest page fault VM-Exit, e.g. if
8044 ---------------------
8050 H_RANDOM hypercall backed by a hardware random-number generator.
8055 ------------------------
8061 Hyper-V Synthetic interrupt controller(SynIC). Hyper-V SynIC is
8062 used to support Windows Hyper-V based guest paravirt drivers(VMBus).
8067 by the CPU, as it's incompatible with SynIC auto-EOI behavior.
8070 -------------------------
8080 ---------------------------
8087 the POWER9 processor), including in-memory segment tables.
8090 -------------------
8120 -------------------
8134 ----------------------
8148 Both registers and addresses are 32-bits wide.
8149 It will only be possible to run 32-bit guest code.
8151 1 MIPS64 or microMIPS64 with access only to 32-bit compatibility segments.
8152 Registers are 64-bits wide, but addresses are 32-bits wide.
8153 64-bit guest code may run but cannot access MIPS64 memory segments.
8154 It will also be possible to run 32-bit guest code.
8157 Both registers and addresses are 64-bits wide.
8158 It will be possible to run 64-bit or 32-bit guest code.
8162 ------------------------
8167 that if userspace creates a VM without an in-kernel interrupt controller, it
8168 will be notified of changes to the output level of in-kernel emulated devices,
8171 updates the vcpu's run->s.regs.device_irq_level field to represent the actual
8177 userspace can always sample the device output level and re-compute the state of
8179 of run->s.regs.device_irq_level on every kvm exit.
8180 The value in run->s.regs.device_irq_level can represent both level and edge
8182 signals will exit to userspace with the bit in run->s.regs.device_irq_level
8185 The field run->s.regs.device_irq_level is available independent of
8186 run->kvm_valid_regs or run->kvm_dirty_regs bits.
8190 and thereby which bits in run->s.regs.device_irq_level can signal values.
8196 KVM_ARM_DEV_EL1_VTIMER - EL1 virtual timer
8197 KVM_ARM_DEV_EL1_PTIMER - EL1 physical timer
8198 KVM_ARM_DEV_PMU - ARM PMU overflow interrupt signal
8205 -----------------------------
8215 --------------------------
8219 This capability enables a newer version of Hyper-V Synthetic interrupt
8225 ----------------------------
8235 -------------------------------
8245 ---------------------
8252 ----------------------
8261 ---------------------
8266 use copy-on-write semantics as well as dirty pages tracking via read-only page
8270 ---------------------
8279 ----------------------------
8283 This capability indicates that KVM supports paravirtualized Hyper-V TLB Flush
8289 ----------------------------------
8304 ----------------------------
8308 This capability indicates that KVM supports paravirtualized Hyper-V IPI send
8313 -----------------------------------
8317 This capability indicates that KVM running on top of Hyper-V hypervisor
8319 hypercalls are handled by Level 0 hypervisor (Hyper-V) bypassing KVM.
8320 Due to the different ABI for hypercall parameters between Hyper-V and
8323 flush hypercalls by Hyper-V) so userspace should disable KVM identification
8324 in CPUID and only exposes Hyper-V identification. In this case, guest
8325 thinks it's running on Hyper-V and only use Hyper-V hypercalls.
8328 -----------------------------
8336 ---------------------------
8347 -----------------------
8353 architecture-specific interfaces. This capability and the architecture-
8360 -------------------------
8370 an 8-byte value consisting of a one-byte Control Program Name Code (CPNC) and
8371 a 7-byte Control Program Version Code (CPVC). The CPNC determines what
8380 -------------------------------
8391 ---------------------------
8405 -------------------------------------
8415 ----------------------------------------------------------
8418 :Parameters: args[0] - size of the dirty log ring
8448 all user memory regions for which the KVM_MEM_LOG_DIRTY_PAGES flag was
8458 00 -----------> 01 -------------> 1X -------+
8461 +------------------------------------------+
8475 using load-acquire/store-release accessors when available, or any
8503 Architecture with TSO-like ordering (such as x86) are allowed to
8509 ring structures can be backed by per-slot bitmaps. With this capability
8519 context. Otherwise, the stand-alone per-slot bitmap mechanism needs to
8532 KVM device "kvm-arm-vgic-its". (2) restore vgic/its tables through
8534 "kvm-arm-vgic-its". VGICv3 LPI pending status is restored. (3) save
8536 command on KVM device "kvm-arm-vgic-v3".
8539 --------------------
8569 The KVM_XEN_HVM_CONFIG_RUNSTATE flag indicates that the runstate-related
8603 -------------------------
8618 IBM pSeries (sPAPR) guest starts using them if "hcall-multi-tce" is
8619 present in the "ibm,hypertas-functions" device-tree property.
8629 --------------------
8638 ---------------------------------
8642 When enabled, KVM will disable emulated Hyper-V features provided to the
8643 guest according to the bits Hyper-V CPUID feature leaves. Otherwise, all
8644 currently implemented Hyper-V features are provided unconditionally when
8645 Hyper-V identification is set in the HYPERV_CPUID_INTERFACE (0x40000001)
8649 ---------------------------
8668 ---------------------------
8674 :Returns: 0 on success, -EINVAL when arg[0] contains invalid bits
8690 -------------------------------
8700 --------------------------------
8713 -------------------------------------
8719 :Returns: 0 on success, -EPERM if the userspace process does not
8720 have CAP_SYS_BOOT, -EINVAL if args[0] is not 0 or any vCPUs have been
8730 ------------------------------
8751 When getting the Modified Change Topology Report value, the attr->addr
8755 ---------------------------------------
8761 :Returns: 0 on success, -EINVAL if any memslot was already created.
8765 Eager Page Splitting improves the performance of dirty-logging (used
8766 in live migrations) when guest memory is backed by huge-pages. It
8767 avoids splitting huge-pages (into PAGE_SIZE pages) on fault, by doing
8778 64-bit bitmap (each bit describing a block size). The default value is
8782 ---------------------
8788 This capability returns a bitmap of support VM types. The 1-setting of bit @n
8796 production. The behavior and effective ABI for software-protected VMs is
8810 --------
8824 ``KVM_ENABLE_CAP(KVM_CAP_IRQCHIP_SPLIT)`` are used to enable in-kernel emulation of
8831 has enabled in-kernel emulation of the local APIC.