Lines Matching +full:vm +full:- +full:active +full:- +full:channels
1 .. SPDX-License-Identifier: GPL-2.0
4 The Definitive KVM (Kernel-based Virtual Machine) API Documentation
14 handle will create a VM file descriptor which can be used to issue VM
15 ioctls. A KVM_CREATE_VCPU or KVM_CREATE_DEVICE ioctl on a VM fd will
24 - System ioctls: These query and set global attributes which affect the
28 - VM ioctls: These query and set attributes that affect an entire virtual
29 machine, for example memory layout. In addition a VM ioctl is used to
32 VM ioctls must be issued from the same process (address space) that was
33 used to create the VM.
35 - vcpu ioctls: These query and set attributes that control the operation
43 - device ioctls: These query and set attributes that control the operation
47 was used to create the VM.
70 It is important to note that although VM ioctls may only be issued from
71 the process that created the VM, a VM's lifecycle is associated with its
72 file descriptor, not its creator (process). In other words, the VM and
74 until the last reference to the VM's file descriptor has been released.
75 For example, if fork() is issued after ioctl(KVM_CREATE_VM), the VM will
77 put their references to the VM's file descriptor.
79 Because a VM's resources are not freed until the last reference to its
80 file descriptor is released, creating additional references to a VM
83 by and on behalf of the VM's process may not be freed/unaccounted when
84 the VM is shut down.
92 facility that allows backward-compatible extensions to the API to be
120 system, vm, or vcpu.
133 -----------------------
150 -----------------
156 :Returns: a VM fd that can be used to control the new virtual machine.
158 The new VM has no virtual cpus and no memory.
164 Supported X86 VM types can be queried via KVM_CAP_VM_TYPES.
184 On arm64, the physical address size for a VM (IPA Size limit) is limited
189 address used by the VM. The IPA_Bits is encoded in bits[7-0] of the
207 ioctl() at run-time.
209 Creation of the VM will fail if the requested IPA size (whether it is
219 ----------------------------------------------------------
225 :Returns: 0 on success; -1 on error
263 -----------------------
265 :Capability: basic, KVM_CAP_CHECK_EXTENSION_VM for vm ioctl
267 :Type: system ioctl, vm ioctl
278 It is thus encouraged to use the vm ioctl to query for capabilities (available
279 with KVM_CAP_CHECK_EXTENSION_VM on the vm fd)
282 --------------------------
295 the VCPU file descriptor can be mmap-ed, including:
297 - if KVM_CAP_COALESCED_MMIO is available, a page at
302 - if KVM_CAP_DIRTY_LOG_RING is available, a number of pages at
308 -------------------
312 :Type: vm ioctl
314 :Returns: vcpu fd on success, -1 on error
320 the KVM_CHECK_EXTENSION ioctl() at run-time.
322 KVM_CAP_MAX_VCPUS of the KVM_CHECK_EXTENSION ioctl() at run-time.
330 KVM_CAP_MAX_VCPU_ID of the KVM_CHECK_EXTENSION ioctl() at run-time.
345 single-threaded guest vcpus, it should make all vcpu ids be a multiple
355 ---------------------
359 :Type: vm ioctl
361 :Returns: 0 on success, -1 on error
380 If KVM_CAP_MULTI_ADDRESS_SPACE is available, bits 16-31 of slot field specifies
393 ------------
399 :Returns: 0 on success, -1 on error
420 -----------------
426 :Returns: 0 on success, -1 on error
460 -----------------
466 :Returns: 0 on success, -1 on error
474 ------------------
480 :Returns: 0 on success, -1 on error
497 /* ppc -- see arch/powerpc/include/uapi/asm/kvm.h */
505 ------------------
511 :Returns: 0 on success, -1 on error
518 ------------------
524 :Returns: 0 on success, -1 on error
545 ------------------
570 -EEXIST if an interrupt is already enqueued
571 -EINVAL the irq number is invalid
572 -ENXIO if the PIC is in the kernel
573 -EFAULT if the pointer is invalid
577 ioctl is useful if the in-kernel PIC is not used.
617 RISC-V:
644 -----------------
651 -1 on error
654 Reads the values of MSR-based features that are available for the VM. This
656 The list of msr-based features can be obtained using KVM_GET_MSR_FEATURE_INDEX_LIST
660 Reads model-specific registers from the vcpu. Supported msr indices can
684 -----------------
690 :Returns: number of msrs successfully set (see below), -1 on error
692 Writes model-specific registers to the vcpu. See KVM_GET_MSRS for the
706 ------------------
712 :Returns: 0 on success, -1 on error
718 - If this IOCTL fails, KVM gives no guarantees that previous valid CPUID
721 - Using KVM_SET_CPUID{,2} after KVM_RUN, i.e. changing the guest vCPU model
723 - Using heterogeneous CPUID configurations, modulo APIC IDs, topology, etc...
746 ------------------------
752 :Returns: 0 on success, -1 on error
757 their traditional behaviour) will cause KVM_RUN to return with -EINTR.
772 ----------------
778 :Returns: 0 on success, -1 on error
810 ----------------
816 :Returns: 0 on success, -1 on error
848 -----------------------
852 :Type: vm ioctl
854 :Returns: 0 on success, -1 on error
858 future vcpus to have a local APIC. IRQ routing for GSIs 0-15 is set to both
859 PIC and IOAPIC; GSI 16-23 only go to the IOAPIC.
865 Note that on s390 the KVM_CAP_S390_IRQCHIP vm capability needs to be enabled
870 -----------------
874 :Type: vm ioctl
876 :Returns: 0 on success, -1 on error
880 been previously created with KVM_CREATE_IRQCHIP. Note that edge-triggered
883 On real hardware, interrupt pins can be active-low or active-high. This
885 means active (asserted), 0 means inactive (deasserted).
888 (active-low/active-high) for level-triggered interrupts, and KVM used
890 active-low interrupts, the above convention is now valid on x86 too.
892 should not present interrupts to the guest as active-low unless this
893 capability is present (or unless it is not using the in-kernel irqchip,
898 in-kernel irqchip (GIC), and for in-kernel irqchip can tell the GIC to
907 - KVM_ARM_IRQ_TYPE_CPU:
908 out-of-kernel GIC: irq_id 0 is IRQ, irq_id 1 is FIQ
909 - KVM_ARM_IRQ_TYPE_SPI:
910 in-kernel GIC: SPI, irq_id between 32 and 1019 (incl.)
912 - KVM_ARM_IRQ_TYPE_PPI:
913 in-kernel GIC: PPI, irq_id between 16 and 31 (incl.)
924 injection of interrupts for the in-kernel irqchip. KVM_IRQ_LINE can always
939 --------------------
943 :Type: vm ioctl
945 :Returns: 0 on success, -1 on error
964 --------------------
968 :Type: vm ioctl
970 :Returns: 0 on success, -1 on error
989 -----------------------
993 :Type: vm ioctl
995 :Returns: 0 on success, -1 on error
1000 page of a blob (32- or 64-bit, depending on the vcpu mode) to guest
1035 ------------------
1039 :Type: vm ioctl
1041 :Returns: 0 on success, -1 on error
1085 ------------------
1089 :Type: vm ioctl
1091 :Returns: 0 on success, -1 on error
1120 ------------------------
1127 :Returns: 0 on success, -1 on error
1172 - KVM_VCPUEVENT_VALID_SHADOW may be set to signal that
1175 - KVM_VCPUEVENT_VALID_SMM may be set to signal that smi contains a
1178 - KVM_VCPUEVENT_VALID_PAYLOAD may be set to signal that the
1183 - KVM_VCPUEVENT_VALID_TRIPLE_FAULT may be set to signal that the
1202 guest-visible registers. It is not possible to 'cancel' an SError that has been
1205 A device being emulated in user-space may also wish to generate an SError. To do
1206 this the events structure can be populated by user-space. The current state
1215 always have a non-zero value when read, and the agent making an SError pending
1217 the system supports KVM_CAP_ARM_INJECT_SERROR_ESR, but user-space sets the events
1221 -EINVAL. Setting anything other than the lower 24bits of exception.serror_esr
1222 will return -EINVAL.
1243 ------------------------
1250 :Returns: 0 on success, -1 on error
1263 suppress overwriting the current in-kernel state. The bits are:
1268 KVM_VCPUEVENT_VALID_SMM transfer the smi sub-struct.
1310 ----------------------
1316 :Returns: 0 on success, -1 on error
1332 ----------------------
1338 :Returns: 0 on success, -1 on error
1347 -------------------------------
1351 :Type: vm ioctl
1353 :Returns: 0 on success, -1 on error
1370 memory slot. Bits 0-15 of "slot" specify the slot id and this value
1372 VM. The maximum allowed slots can be queried using KVM_CAP_NR_MEMSLOTS.
1375 If KVM_CAP_MULTI_ADDRESS_SPACE is available, bits 16-31 of "slot"
1402 to make a new slot read-only. In this case, writes to this memory will be
1410 Note: On arm64, a write generated by the page-table walker (to update
1414 page-table walker, making it impossible to emulate the access.
1415 Instead, an abort (data abort if the cause of the page-table update
1422 Returns -EINVAL or -EEXIST if the VM has the KVM_VM_S390_UCONTROL flag set.
1423 Returns -EINVAL if called on a protected VM.
1426 ---------------------
1430 :Type: vm ioctl
1432 :Returns: 0 on success, -1 on error
1434 This ioctl defines the physical address of a three-page region in the guest
1440 This ioctl is required on Intel-based hosts. This is needed on Intel hardware
1448 -------------------
1454 :Returns: 0 on success; -1 on error
1458 :Type: vm ioctl
1460 :Returns: 0 on success; -1 on error
1499 The vcpu ioctl should be used for vcpu-specific capabilities, the vm ioctl
1500 for vm-wide capabilities.
1503 ---------------------
1509 :Returns: 0 on success; -1 on error
1544 in-kernel irqchip, the multiprocessing state must be maintained by userspace on
1584 ---------------------
1590 :Returns: 0 on success; -1 on error
1596 in-kernel irqchip, the multiprocessing state must be maintained by userspace on
1609 ------------------------------
1613 :Type: vm ioctl
1615 :Returns: 0 on success, -1 on error
1617 This ioctl defines the physical address of a one-page region in the guest
1626 This ioctl is required on Intel-based hosts. This is needed on Intel hardware
1633 ------------------------
1637 :Type: vm ioctl
1639 :Returns: 0 on success, -1 on error
1648 ------------------
1654 :Returns: 0 on success, -1 on error
1668 ------------------
1674 :Returns: 0 on success, -1 on error
1686 when invoked on the vm file descriptor. The size value returned by
1696 -----------------
1702 :Returns: 0 on success, -1 on error
1723 -----------------
1729 :Returns: 0 on success, -1 on error
1750 ----------------------------
1756 :Returns: 0 on success, -1 on error
1789 Dynamically-enabled feature bits need to be requested with
1799 with the 'nent' field indicating the number of entries in the variable-size
1829 may be returned as true, but they depend on KVM_CREATE_IRQCHIP for in-kernel
1842 -----------------------
1846 :Type: vm ioctl
1859 using the device tree or other means from vm context.
1872 ------------------------
1876 :Type: vm ioctl
1878 :Returns: 0 on success, -1 on error
1884 - GSI routing does not apply to KVM_IRQ_LINE but only to KVM_IRQFD.
1921 error -EINVAL.
1925 - KVM_MSI_VALID_DEVID: used along with KVM_IRQ_ROUTING_MSI routing entry
1926 type, specifies that the devid field contains a valid value. The per-VM
1930 - zero otherwise
1955 address_hi bits 31-8 provide bits 31-8 of the destination id. Bits 7-0 of
1981 in its indication of supported features, routing to Xen event channels
1984 2 level event channels. FIFO event channel support may be added in
1989 --------------------
1993 :Type: vcpu ioctl / vm ioctl
1995 :Returns: 0 on success, -1 on error
2001 be used as a vm ioctl to set the initial tsc frequency of subsequently
2005 --------------------
2009 :Type: vcpu ioctl / vm ioctl
2011 :Returns: virtual tsc-khz on success, negative value on error
2014 KHz. If the host has unstable tsc this ioctl returns -EIO instead as an
2019 ------------------
2025 :Returns: 0 on success, -1 on error
2040 the APIC_ID register (bytes 32-35). xAPIC only allows an 8-bit APIC ID
2041 which is stored in bits 31-24 of the APIC register, or equivalently in
2050 ------------------
2056 :Returns: 0 on success, -1 on error
2068 The format of the APIC ID register (bytes 32-35 of struct kvm_lapic_state's
2074 ------------------
2078 :Type: vm ioctl
2097 For the special case of virtio-ccw devices on s390, the ioevent is matched
2111 For virtio-ccw devices, addr contains the subchannel id and datamatch the
2120 ------------------
2126 :Returns: 0 on success, -1 on error
2146 The array is little-endian: the bit 0 is the least significant bit of the
2156 -------------------------
2160 :Type: vm ioctl
2165 is an IOMMU for PAPR-style virtual I/O. It is used to translate
2179 which this TCE table will translate - the table will contain one 64
2185 liobns will cause a vm exit and must be handled by userspace.
2189 the entries written by kernel-handled H_PUT_TCE calls, and also lets
2195 ------------
2201 :Returns: 0 on success, -1 on error
2211 - pause the vcpu
2212 - read the local APIC's state (KVM_GET_LAPIC)
2213 - check whether changing LINT1 will queue an NMI (see the LVT entry for LINT1)
2214 - if so, issue KVM_NMI
2215 - resume the vcpu
2222 ----------------------
2244 ------------------------
2266 ------------------------
2284 --------------------
2527 ARM 32-bit CP15 registers have the following id bit patterns::
2531 ARM 64-bit CP15 registers have the following id bit patterns::
2539 ARM 32-bit VFP control registers have the following id bit patterns::
2543 ARM 64-bit FP registers have the following id bit patterns::
2547 ARM firmware pseudo-registers have the following bit pattern::
2555 arm64 core/FP-SIMD registers have the following id bit patterns. Note
2589 .. [1] These encodings are not accepted for SVE-enabled vcpus. See
2614 arm64 firmware pseudo-registers have the following bit pattern::
2623 0x6060 0000 0015 ffff KVM_REG_ARM64_SVE_VLS pseudo-register
2626 ENOENT. max_vq is the vcpu's maximum supported vector length in 128-bit
2637 KVM_REG_ARM64_SVE_VLS is a pseudo-register that allows the set of vector
2647 ((vector_lengths[(vq - KVM_ARM64_SVE_VQ_MIN) / 64] >>
2648 ((vq - KVM_ARM64_SVE_VQ_MIN) % 64)) & 1))
2670 is hardware-dependent and may not be available. Attempting to configure
2677 arm64 bitmap feature firmware pseudo-registers have the following bit pattern::
2684 sets all the supported bits during VM initialization. The userspace can
2689 Note: These registers are immutable once any of the vCPUs of the VM has
2691 a -EBUSY to userspace.
2704 patterns depending on whether they're 32-bit or 64-bit registers::
2706 0x7020 0000 0001 00 <reg:5> <sel:3> (32-bit)
2707 0x7030 0000 0001 00 <reg:5> <sel:3> (64-bit)
2732 0x7020 0000 0003 00 <0:3> <reg:5> (32-bit FPU registers)
2733 0x7030 0000 0003 00 <0:3> <reg:5> (64-bit FPU registers)
2734 0x7040 0000 0003 00 <0:3> <reg:5> (128-bit MSA vector registers)
2746 RISC-V registers are mapped using the lower 32 bits. The upper 8 bits of
2749 RISC-V config registers are meant for configuring a Guest VCPU and it has
2755 Following are the RISC-V config registers:
2767 RISC-V core registers represent the general execution state of a Guest VCPU
2773 Following are the RISC-V core registers:
2810 0x80x0 0000 0200 0020 mode Privilege mode (1 = S-mode or 0 = U-mode)
2813 RISC-V csr registers represent the supervisor mode control/status registers
2819 Following are the RISC-V csr registers:
2835 RISC-V timer registers represent the timer state of a Guest VCPU and it has
2840 Following are the RISC-V timer registers:
2845 0x8030 0000 0400 0000 frequency Time base frequency (read-only)
2851 RISC-V F-extension registers represent the single precision floating point
2856 Following are the RISC-V F-extension registers:
2867 RISC-V D-extension registers represent the double precision floating point
2871 0x8030 0000 06 <index into the __riscv_d_ext_state struct:24> (non-fcsr)
2873 Following are the RISC-V D-extension registers:
2890 0x9030 0000 0001 00 <reg:5> <sel:3> (64-bit)
2899 --------------------
2929 ----------------------
2935 :Returns: 0 on success, -1 on error
2946 load-link/store-conditional, or equivalent must be used. There are two cases
2953 -------------------
2957 :Type: vm ioctl
2959 :Returns: >0 on delivery, 0 if guest blocked the MSI, and -1 on error
2961 Directly inject a MSI message. Only valid with in-kernel irqchip that handles
2976 KVM_MSI_VALID_DEVID: devid contains a valid value. The per-VM
2987 address_hi bits 31-8 provide bits 31-8 of the destination id. Bits 7-0 of
2992 --------------------
2996 :Type: vm ioctl
2998 :Returns: 0 on success, -1 on error
3000 Creates an in-kernel device model for the i8254 PIT. This call is only valid
3001 after enabling in-kernel irqchip support via KVM_CREATE_IRQCHIP. The following
3013 PIT timer interrupts may use a per-VM kernel thread for injection. If it
3016 kvm-pit/<owner-process-pid>
3025 -----------------
3029 :Type: vm ioctl
3031 :Returns: 0 on success, -1 on error
3033 Retrieves the state of the in-kernel PIT model. Only valid after
3037 struct kvm_pit_channel_state channels[3];
3053 -----------------
3057 :Type: vm ioctl
3059 :Returns: 0 on success, -1 on error
3061 Sets the state of the in-kernel PIT model. Only valid after KVM_CREATE_PIT2.
3068 --------------------------
3072 :Type: vm ioctl
3074 :Returns: 0 on success, -1 on error
3079 device-tree properties for the guest operating system.
3093 - KVM_PPC_PAGE_SIZES_REAL:
3098 - KVM_PPC_1T_SEGMENTS
3102 - KVM_PPC_NO_HASH
3143 --------------
3147 :Type: vm ioctl
3149 :Returns: 0 on success, -1 on error
3159 With KVM_CAP_IRQFD_RESAMPLE, KVM_IRQFD supports a de-assert and notify
3160 mechanism allowing emulation of level-triggered, irqfd-based
3165 as from an EOI, the gsi is de-asserted and the user is notified via
3166 kvm_irqfd.resamplefd. It is the user's responsibility to re-queue
3174 - in case no routing entry is associated to this gsi, injection fails
3175 - in case the gsi is associated to an irqchip routing entry,
3177 - in case the gsi is associated to an MSI routing entry, the MSI
3179 to GICv3 ITS in-kernel emulation).
3182 --------------------------
3186 :Type: vm ioctl
3188 :Returns: 0 on success, -1 on error
3200 The parameter is a pointer to a 32-bit unsigned integer variable
3207 default-sized hash table (16 MB).
3215 real-mode area (VRMA) facility, the kernel will re-create the VMRA
3219 -----------------------
3223 :Type: vm ioctl, vcpu ioctl
3225 :Returns: 0 on success, -1 on error
3228 (vm ioctl) or per cpu (vcpu ioctl), depending on the interrupt type.
3241 - sigp stop; optional flags in parm
3243 - program check; code in parm
3245 - sigp set prefix; prefix address in parm
3247 - restart
3249 - clock comparator interrupt
3251 - CPU timer interrupt
3252 KVM_S390_INT_VIRTIO (vm)
3253 - virtio external interrupt; external interrupt
3255 KVM_S390_INT_SERVICE (vm)
3256 - sclp external interrupt; sclp parameter in parm
3258 - sigp emergency; source cpu in parm
3260 - sigp external call; source cpu in parm
3261 KVM_S390_INT_IO(ai,cssid,ssid,schid) (vm)
3262 - compound value to indicate an
3263 I/O interrupt (ai - adapter interrupt; cssid,ssid,schid - subchannel);
3266 KVM_S390_MCHK (vm, vcpu)
3267 - machine check interrupt; cr 14 bits in parm, machine check interrupt
3274 ------------------------
3278 :Type: vm ioctl
3280 :Returns: file descriptor number (>= 0) on success, -1 on error
3329 ----------------------
3333 :Type: vm ioctl
3335 :Returns: 0 on success, -1 on error
3353 in the current vm).
3368 --------------------------------------------
3370 :Capability: KVM_CAP_DEVICE_CTRL, KVM_CAP_VM_ATTRIBUTES for vm device,
3374 :Type: device ioctl, vm ioctl, vcpu ioctl
3376 :Returns: 0 on success, -1 on error
3384 (e.g. read-only attribute, or attribute that only makes
3391 semantics are device-specific. See individual device documentation in
3399 __u32 group; /* device-defined */
3400 __u64 attr; /* group-defined */
3405 ------------------------
3407 :Capability: KVM_CAP_DEVICE_CTRL, KVM_CAP_VM_ATTRIBUTES for vm device,
3410 :Type: device ioctl, vm ioctl, vcpu ioctl
3412 :Returns: 0 on success, -1 on error
3429 ----------------------
3435 :Returns: 0 on success; -1 on error
3450 - Processor state:
3455 - General Purpose registers, including PC and SP: set to 0
3456 - FPSIMD/NEON registers: set to 0
3457 - SVE registers: set to 0
3458 - System registers: Reset to their architecturally defined
3471 - KVM_ARM_VCPU_POWER_OFF: Starts the CPU in a power-off state.
3474 - KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode.
3476 - KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 (or a future revision
3479 - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU.
3482 - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication
3490 - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication
3498 - KVM_ARM_VCPU_SVE: Enables SVE for the CPU (arm64 only).
3504 - KVM_REG_ARM64_SVE_VLS may be read using KVM_GET_ONE_REG: the
3505 initial value of this pseudo-register indicates the best set of
3510 - KVM_RUN and KVM_GET_REG_LIST are not available;
3512 - KVM_GET_ONE_REG and KVM_SET_ONE_REG cannot be used to access
3517 - KVM_REG_ARM64_SVE_VLS may optionally be written using
3523 - the KVM_REG_ARM64_SVE_VLS pseudo-register is immutable, and can
3527 -----------------------------
3531 :Type: vm ioctl
3533 :Returns: 0 on success; -1 on error
3546 kvm_vcpu_init->features bitmap returned will have feature bits set if
3556 ---------------------
3562 :Returns: 0 on success; -1 on error
3584 - KVM_REG_S390_TODPR
3586 - KVM_REG_S390_EPOCHDIFF
3588 - KVM_REG_S390_CPU_TIMER
3590 - KVM_REG_S390_CLOCK_COMP
3592 - KVM_REG_S390_PFTOKEN
3594 - KVM_REG_S390_PFCOMPARE
3596 - KVM_REG_S390_PFSELECT
3598 - KVM_REG_S390_PP
3600 - KVM_REG_S390_GBEA
3604 -----------------------------------------
3608 :Type: vm ioctl
3610 :Returns: 0 on success, -1 on error
3640 arm64 currently only require this when using the in-kernel GIC
3646 base addresses will return -EEXIST.
3653 ------------------------------
3657 :Type: vm ioctl
3659 :Returns: 0 on success, -1 on error
3664 of a service that has a kernel-side implementation. If the token
3665 value is non-zero, it will be associated with that service, and
3673 ------------------------
3679 :Returns: 0 on success; -1 on error
3694 - KVM_GUESTDBG_ENABLE: guest debugging is enabled
3695 - KVM_GUESTDBG_SINGLESTEP: the next run should single-step
3700 - KVM_GUESTDBG_USE_SW_BP: using software breakpoints [x86, arm64]
3701 - KVM_GUESTDBG_USE_HW_BP: using hardware breakpoints [x86, s390]
3702 - KVM_GUESTDBG_USE_HW: using hardware debug events [arm64]
3703 - KVM_GUESTDBG_INJECT_DB: inject DB type exception [x86]
3704 - KVM_GUESTDBG_INJECT_BP: inject BP type exception [x86]
3705 - KVM_GUESTDBG_EXIT_PENDING: trigger an immediate guest exit [s390]
3706 - KVM_GUESTDBG_BLOCKIRQ: avoid injecting interrupts/NMI/SMI [x86]
3724 the single-step debug event (KVM_GUESTDBG_SINGLESTEP) is supported.
3734 ---------------------------
3740 :Returns: 0 on success, -1 on error
3775 the variable-size array 'entries'. If the number of entries is too low
3809 --------------------
3813 :Type: vm ioctl, vcpu ioctl
3816 < 0 on generic error (e.g. -EFAULT or -ENOMEM),
3819 Read or write data from/to the VM's memory.
3874 Logical accesses are permitted for non-protected guests only.
3892 translation-exception identifier (TEID) indicates suppression.
3912 Absolute accesses are permitted for the VM ioctl if KVM_CAP_S390_MEM_OP_EXTENSION
3915 Absolute accesses are permitted for non-protected guests only.
3936 occurred. The cmpxchg op is permitted for the VM ioctl if
3954 -----------------------
3958 :Type: vm ioctl
3980 will cause the ioctl to return -EINVAL.
3986 -----------------------
3990 :Type: vm ioctl
4004 will cause the ioctl to return -EINVAL.
4011 the ioctl will return -EINVAL.
4014 -----------------
4020 :Returns: 0 on success, -1 on error
4061 - KVM_S390_SIGP_STOP - sigp stop; parameter in .stop
4062 - KVM_S390_PROGRAM_INT - program check; parameters in .pgm
4063 - KVM_S390_SIGP_SET_PREFIX - sigp set prefix; parameters in .prefix
4064 - KVM_S390_RESTART - restart; no parameters
4065 - KVM_S390_INT_CLOCK_COMP - clock comparator interrupt; no parameters
4066 - KVM_S390_INT_CPU_TIMER - CPU timer interrupt; no parameters
4067 - KVM_S390_INT_EMERGENCY - sigp emergency; parameters in .emerg
4068 - KVM_S390_INT_EXTERNAL_CALL - sigp external call; parameters in .extcall
4069 - KVM_S390_MCHK - machine check interrupt; parameters in .mchk
4074 ---------------------------
4081 -EINVAL if buffer size is 0,
4082 -ENOBUFS if buffer size is too small to fit all pending interrupts,
4083 -EFAULT if the buffer address was invalid
4101 the kernel never checked for flags == 0 and QEMU never pre-zeroed flags and
4105 If -ENOBUFS is returned the buffer provided was too small and userspace
4109 ---------------------------
4116 -EFAULT if the buffer address was invalid,
4117 -EINVAL for an invalid buffer length (see below),
4118 -EBUSY if there were already interrupts pending,
4122 This ioctl allows userspace to set the complete state of all cpu-local
4144 which is the maximum number of possibly pending cpu-local interrupts.
4147 ------------
4153 :Returns: 0 on success, -1 on error
4158 ----------------------------
4162 :Type: vm ioctl
4247 part of VM-Enter/VM-Exit emulation.
4250 of VM-Enter/VM-Exit emulation. If an MSR access is denied on VM-Enter, KVM
4251 synthesizes a consistency check VM-Exit(EXIT_REASON_MSR_LOAD_FAIL). If an
4252 MSR access is denied on VM-Exit, KVM synthesizes a VM-Abort. In short, KVM
4254 the VM-Enter/VM-Exit MSR list. It is platform owner's responsibility to
4271 ----------------------------
4275 :Type: vm ioctl
4304 -------------------------
4308 :Type: vm ioctl
4311 -EFAULT if struct kvm_reinject_control cannot be read,
4312 -ENXIO if KVM_CREATE_PIT or KVM_CREATE_PIT2 didn't succeed earlier.
4331 ------------------------------
4335 :Type: vm ioctl
4338 -EFAULT if struct kvm_ppc_mmuv3_cfg cannot be read,
4339 -EINVAL if the configuration is invalid
4365 ---------------------------
4369 :Type: vm ioctl
4372 -EFAULT if struct kvm_ppc_rmmu_info cannot be written,
4373 -EINVAL if no useful information can be returned
4402 --------------------------------
4406 :Type: vm ioctl
4411 -EFAULT if struct kvm_reinject_control cannot be read,
4412 -EINVAL if the supplied shift or flags are invalid,
4413 -ENOMEM if unable to allocate the new HPT,
4446 returns 0 (i.e. cancels any in-progress preparation).
4449 flags will result in an -EINVAL.
4456 -------------------------------
4460 :Type: vm ioctl
4463 -EFAULT if struct kvm_reinject_control cannot be read,
4464 -EINVAL if the supplied shift or flags are invalid,
4465 -ENXIO is there is no pending HPT, or the pending HPT doesn't
4467 -EBUSY if the pending HPT is not fully prepared,
4468 -ENOSPC if there was a hash collision when moving existing
4470 -EIO on other error conditions
4487 KVM_PPC_RESIZE_HPT_COMMIT will return an error (usually -ENXIO or
4488 -EBUSY, though others may be possible if the preparation was started,
4495 On successful completion, the pending HPT will become the guest's active
4501 -----------------------------------
4507 :Returns: 0 on success, -1 on error
4514 -----------------------
4521 -EFAULT if u64 mcg_cap cannot be read,
4522 -EINVAL if the requested number of banks is invalid,
4523 -EINVAL if requested MCE capability is not supported.
4528 supported number of error-reporting banks can be retrieved when
4533 ---------------------
4540 -EFAULT if struct kvm_x86_mce cannot be read,
4541 -EINVAL if the bank number is invalid,
4542 -EINVAL if VAL bit is not set in status field.
4567 ----------------------------
4571 :Type: vm ioctl
4590 - During live migration to save the CMMA values. Live migration needs
4591 to be enabled via the KVM_REQ_START_MIGRATION VM property.
4592 - To non-destructively peek at the CMMA values, with the flag
4623 KVM_S390_SKEYS_MAX. KVM_S390_SKEYS_MAX is re-used for consistency with
4668 ----------------------------
4672 :Type: vm ioctl
4707 This ioctl can fail with -ENOMEM if not enough memory can be allocated to
4708 complete the task, with -ENXIO if CMMA is not enabled, with -EINVAL if
4710 if the flags field was not 0, with -EFAULT if the userspace address is
4716 --------------------------
4720 :Type: vm ioctl
4723 -EFAULT if struct kvm_ppc_cpu_char cannot be written
4728 CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). The information is
4745 with preventing inadvertent information disclosure - specifically,
4746 whether there is an instruction to flash-invalidate the L1 data cache
4763 ---------------------------
4767 :Type: vm
4769 :Returns: 0 on success; -1 on error
4772 for issuing platform-specific memory encryption commands to manage those
4777 Documentation/virt/kvm/x86/amd-memory-encryption.rst.
4780 -----------------------------------
4786 :Returns: 0 on success; -1 on error
4791 It is used in the SEV-enabled guest. When encryption is enabled, a guest
4804 -------------------------------------
4810 :Returns: 0 on success; -1 on error
4816 ------------------------
4820 :Type: vm ioctl
4824 the specified Hyper-V connection id through the SIGNAL_EVENT hypercall, without
4825 causing a user exit. SIGNAL_EVENT hypercall with non-zero event flag number
4826 (bits 24-31) still triggers a KVM_EXIT_HYPERV_HCALL user exit.
4846 -EINVAL if conn_id or flags is outside the allowed range,
4847 -ENOENT on deassign if the conn_id isn't registered,
4848 -EEXIST on assign if the conn_id is already registered
4851 --------------------------
4857 :Returns: 0 on success, -1 on error
4925 --------------------------
4931 :Returns: 0 on success, -1 on error
4937 -------------------------------------
4942 :Type: vm ioctl
4966 -------------------------
4970 :Type: vm ioctl
4972 :Returns: 0 on success, -1 on error
4994 in KVM's dirty bitmap, and dirty tracking is re-enabled for that page
4995 (for example via write-protection, or by clearing the dirty bit in
4998 If KVM_CAP_MULTI_ADDRESS_SPACE is available, bits 16-31 of slot field specifies
5008 --------------------------------
5014 :Returns: 0 on success, -1 on error
5035 This ioctl returns x86 cpuid features leaves related to Hyper-V emulation in
5037 cpuid information presented to guests consuming Hyper-V enlightenments (e.g.
5038 Windows or Hyper-V guests).
5040 CPUID feature leaves returned by this ioctl are defined by Hyper-V Top Level
5047 - HYPERV_CPUID_VENDOR_AND_MAX_FUNCTIONS
5048 - HYPERV_CPUID_INTERFACE
5049 - HYPERV_CPUID_VERSION
5050 - HYPERV_CPUID_FEATURES
5051 - HYPERV_CPUID_ENLIGHTMENT_INFO
5052 - HYPERV_CPUID_IMPLEMENT_LIMITS
5053 - HYPERV_CPUID_NESTED_FEATURES
5054 - HYPERV_CPUID_SYNDBG_VENDOR_AND_MAX_FUNCTIONS
5055 - HYPERV_CPUID_SYNDBG_INTERFACE
5056 - HYPERV_CPUID_SYNDBG_PLATFORM_CAPABILITIES
5059 with the 'nent' field indicating the number of entries in the variable-size
5060 array 'entries'. If the number of entries is too low to describe all Hyper-V
5062 to the number of Hyper-V feature leaves, the 'nent' field is adjusted to the
5072 - HYPERV_CPUID_NESTED_FEATURES leaf and HV_X64_ENLIGHTENED_VMCS_RECOMMENDED
5075 - HV_STIMER_DIRECT_MODE_AVAILABLE bit is only exposed with in-kernel LAPIC.
5079 ---------------------------
5084 :Returns: 0 on success, -1 on error
5110 that should be performed and how to do it are feature-dependent.
5114 -EPERM unless the feature has already been finalized by means of a
5121 ------------------------------
5125 :Type: vm ioctl
5127 :Returns: 0 on success, -1 on error
5180 ---- -----------
5209 When setting a new pmu event filter, -EINVAL will be returned if any of the
5218 Via this API, KVM userspace can also control the behavior of the VM's fixed
5221 Specifically, KVM follows the following pseudo-code when determining whether to
5222 allow the guest FixCtr[i] to count its pre-defined fixed event::
5237 ---------------------
5241 :Type: vm ioctl
5261 ---------------------------
5273 ----------------------------
5286 --------------------------
5300 -------------------------
5304 :Type: vm ioctl
5330 Allocate memory and register the VM with the Ultravisor, thereby
5343 Deregister the VM from the Ultravisor and reclaim the memory that had
5345 All registered VCPUs are converted back to non-protected ones. If a
5346 previous protected VM had been prepared for asynchronous teardown with
5349 together with the current protected VM.
5352 Pass the image header from VM memory to the Ultravisor in
5388 struct kvm_s390_pv_info_vm vm;
5431 protected VM.
5445 Initializes the dump process of a protected VM. If this call does
5446 not succeed all other subcommands will fail with -EINVAL. This
5447 subcommand will return -EINVAL if a dump process has not yet been
5475 Prepare the current protected VM for asynchronous teardown. Most
5476 resources used by the current protected VM will be set aside for a
5477 subsequent asynchronous teardown. The current protected VM will then
5478 resume execution immediately as non-protected. There can be at most
5479 one protected VM prepared for asynchronous teardown at any time. If
5480 a protected VM had already been prepared for teardown without
5492 Tear down the protected VM previously prepared for teardown with
5503 --------------------------
5507 :Type: vm ioctl
5549 Sets the ABI mode of the VM to 32-bit or 64-bit (long mode). This
5550 determines the layout of the shared_info page exposed to the VM.
5583 re-mapped in guest physical address space.
5589 This is the HVM-wide vector injected directly by the hypervisor
5605 outbound event channels. The values of the flags field are mutually
5611 the 32-bit version code returned to the guest when it invokes the
5626 --------------------------
5630 :Type: vm ioctl
5634 Allows Xen VM attributes to be read. For the structure and types,
5639 ---------------------------
5677 As with the shared_info page for the VM, the corresponding page may be
5724 other four times. The state field must be set to -1, or to a valid
5732 vCPU ID of the given vCPU, to allow timer-related VCPU operations to
5745 per-vCPU local APIC upcall vector, configured by a Xen guest with
5747 used by Windows guests, and is distinct from the HVM-wide upcall
5753 ---------------------------
5768 ---------------------------
5772 :Type: vm ioctl
5774 :Returns: number of bytes copied, < 0 on error (-EINVAL for incorrect
5775 arguments, -EFAULT if memory cannot be accessed).
5789 ``length`` must not be bigger than 2^31 - PAGE_SIZE bytes. The ``addr``
5806 --------------------
5812 :Returns: 0 on success, -1 on error
5839 --------------------
5845 :Returns: 0 on success, -1 on error
5852 ----------------------
5856 :Type: vm ioctl, vcpu ioctl
5867 The returned file descriptor can be used to read VM/vCPU statistics data in
5871 +-------------+
5873 +-------------+
5875 +-------------+
5877 +-------------+
5879 +-------------+
5969 Bits 0-3 of ``flags`` encode the type:
5991 is [``hist_param``*(N-1), ``hist_param``*N), while the range of the last
5992 bucket is [``hist_param``*(``size``-1), +INF). (+INF means positive infinity
5997 [0, 1), while the range of the last bucket is [pow(2, ``size``-2), +INF).
5999 [pow(2, N-2), pow(2, N-1)).
6001 Bits 4-7 of ``flags`` encode the unit:
6024 Bits 8-11 of ``flags``, together with ``exponent``, encode the scale of the
6029 CPU clock cycles. For example, an exponent of -9 can be used with
6045 bucket in the unit expressed by bits 4-11 of ``flags`` together with ``exponent``.
6051 The Stats Data block contains an array of 64-bit values in the same order
6055 --------------------
6061 :Returns: 0 on success, -1 on error
6073 when invoked on the vm file descriptor. The size value returned by
6082 -----------------------------
6086 :Type: vm ioctl
6102 -----------------------------
6111 for vcpus. It re-uses the kvm_s390_pv_dmp struct and hence also shares
6118 of a protected VM.
6127 ----------------------
6131 :Type: vm ioctl
6135 Used to manage hardware-assisted virtualization features for zPCI devices.
6160 KVM_S390_ZPCIOP_REG_AEN is used to register the VM for adapter event
6162 events directly to the vm, with KVM providing a backup delivery mechanism;
6174 --------------------------------
6178 :Type: vm ioctl
6182 This capability indicates that userspace is able to apply a single VM-wide
6197 for this VM.
6203 (-EINVAL) being returned. This ioctl can also return -EBUSY if any vcpu
6214 ------------------------------------
6218 :Type: vm ioctl
6253 op0==3, op1=={0, 1, 3}, CRn==0, CRm=={0-7}, op2=={0-7}.
6262 ---------------------------------
6266 :Type: vm ioctl
6268 :Returns: 0 on success, -1 on error
6275 must point at a file created via KVM_CREATE_GUEST_MEMFD on the current VM, and
6298 on-demand.
6302 state. At VM creation time, all memory is shared, i.e. the PRIVATE attribute
6309 Returns -EINVAL if the VM has the KVM_VM_S390_UCONTROL flag set.
6310 Returns -EINVAL if called on a protected VM.
6313 -------------------------------
6317 :Type: vm ioctl
6337 executed on a VM, KVM_CAP_MEMORY_ATTRIBUTES precisely returns the attributes
6338 supported by that VM. If executed at system scope, KVM_CAP_MEMORY_ATTRIBUTES
6349 ----------------------------
6353 :Type: vm ioctl
6392 ---------------------------
6424 KVM_PRE_FAULT_MEMORY populates KVM's stage-2 page tables used to map memory
6426 stage-2 read page fault, e.g. faults in memory as needed, but doesn't break
6427 CoW. However, KVM does not mark any newly created stage-2 PTE as Accessed.
6429 In the case of confidential VM types where there is an initial set up of
6476 This field is polled once when KVM_RUN starts; if non-zero, KVM_RUN
6477 exits immediately, returning -EINTR. In the common scenario where a
6481 a signal handler that sets run->immediate_exit to a non-zero value.
6507 The value of the current interrupt flag. Only valid if in-kernel
6514 More architecture-specific flags detailing state of the VCPU that may
6519 /* x86, set if bus lock detected in VM */
6532 The value of the cr8 register. Only valid if in-kernel local APIC is
6539 The value of the APIC BASE msr. Only valid if in-kernel local
6551 reasons. Further architecture-specific information is available in
6563 to unknown reasons. Further architecture-specific information is
6616 executed a memory-mapped I/O instruction which could not be satisfied
6629 has re-entered the kernel with KVM_RUN. The kernel side will first finish
6634 completed before performing a live migration. Userspace can re-enter the
6657 ----------
6660 filter. See the Documentation/virt/kvm/devices/vm.rst
6668 - ``KVM_HYPERCALL_EXIT_SMC``: Indicates that the guest used the SMC
6672 - ``KVM_HYPERCALL_EXIT_16BIT``: Indicates that the guest used a 16bit
6741 Deprecated - was used for 440 KVM.
6767 This is used on 64-bit PowerPC when emulating a pSeries partition,
6771 the arguments (from the guest R4 - R12). Userspace should put the
6832 a system-level event using some architecture specific mechanism (hypercall
6836 The 'type' field describes the system-level event type.
6839 - KVM_SYSTEM_EVENT_SHUTDOWN -- the guest has requested a shutdown of the
6840 VM. Userspace is not obliged to honour this, and if it does honour
6841 this does not need to destroy the VM synchronously (ie it may call
6843 - KVM_SYSTEM_EVENT_RESET -- the guest has requested a reset of the VM.
6846 - KVM_SYSTEM_EVENT_CRASH -- the guest crash occurred and the guest
6848 to ignore the request, or to gather VM memory core dump and/or
6849 reset/shutdown of the VM.
6850 - KVM_SYSTEM_EVENT_SEV_TERM -- an AMD SEV guest requested termination.
6852 - KVM_SYSTEM_EVENT_WAKEUP -- the exiting vCPU is in a suspended state and
6855 - KVM_SYSTEM_EVENT_SUSPEND -- the guest has requested a suspension of
6856 the VM.
6859 architecture specific information for the system-level event. Only
6862 - for arm64, data[0] is set to KVM_SYSTEM_EVENT_RESET_FLAG_PSCI_RESET2 if
6866 - for arm64, data[0] is set to KVM_SYSTEM_EVENT_SHUTDOWN_FLAG_PSCI_OFF2
6870 - for RISC-V, data[0] is set to the value of the second argument of the
6878 --------------
6881 KVM_CAP_ARM_SYSTEM_SUSPEND VM capability. If a guest invokes the PSCI
6888 the call parameters are left in-place in the vCPU registers.
6893 - Honor the guest request to suspend the VM. Userspace can request
6894 in-kernel emulation of suspension by setting the calling vCPU's
6900 - Deny the guest request to suspend the VM. See ARM DEN0022D.b 5.19.2
6916 Indicates that the VCPU's in-kernel local APIC received an EOI for a
6917 level-triggered IOAPIC interrupt. This exit only triggers when the
6959 related to Hyper-V emulation.
6963 - KVM_EXIT_HYPERV_SYNIC -- synchronously notify user-space about
6965 Hyper-V SynIC state change. Notification is used to remap SynIC
6969 - KVM_EXIT_HYPERV_SYNDBG -- synchronously notify user-space about
6971 Hyper-V Synthetic debugger state change. Notification is used to either update
6987 the instruction from the VM is overly complicated to live in the kernel.
6990 the VM. KVM assumed that if the guest accessed non-memslot memory, it was
6998 this capability at VM creation. Once this is done, these types of errors will
7013 queried outside of a protected VM context, the feature will not be
7014 exposed if queried on a protected VM file descriptor.
7020 __u8 error; /* user -> kernel */
7022 __u32 reason; /* kernel -> user */
7023 __u32 index; /* kernel -> user */
7024 __u64 data; /* kernel <-> user */
7027 Used on x86 systems. When the VM capability KVM_CAP_X86_USER_SPACE_MSR is
7082 - KVM_EXIT_XEN_HCALL -- synchronously notify user-space about Xen hypercall.
7097 done a SBI call which is not handled by KVM RISC-V kernel module. The details
7103 values of SBI call before resuming the VCPU. For more details on RISC-V SBI
7104 spec refer, https://github.com/riscv/riscv-sbi-doc.
7121 - KVM_MEMORY_EXIT_FLAG_PRIVATE - When set, indicates the memory fault occurred
7126 accompanies a return code of '-1', not '0'! errno will always be set to EFAULT
7138 Used on x86 systems. When the VM capability KVM_CAP_X86_NOTIFY_VMEXIT is
7139 enabled, a VM exit generated if no event window occurs in VM non-root mode
7147 - KVM_NOTIFY_CONTEXT_INVALID -- the VM context is corrupted and not valid
7148 in VMCS. It would run into unknown result if resume the target VM.
7202 whether this is a per-vcpu or per-vm capability.
7213 -------------------
7218 :Returns: 0 on success; -1 on error
7222 were invented by Mac-on-Linux to have a standardized communication mechanism
7229 --------------------
7234 :Returns: 0 on success; -1 on error
7250 ------------------
7255 :Returns: 0 on success; -1 on error
7268 addresses of mmu-type-specific data structures. The "array_len" field is an
7273 While KVM_RUN is active, the shared region is under control of KVM. Its
7284 - The "params" field is of type "struct kvm_book3e_206_tlb_params".
7285 - The "array" field points to an array of type "struct
7287 - The array consists of all entries in the first TLB, followed by all
7289 - Within a TLB, entries are ordered first by increasing set number. Within a
7291 - The hash for determining set number in TLB0 is: (MAS2 >> 12) & (num_sets - 1)
7293 - The tsize field of mas1 shall be set to 4K on TLB0, even though the
7297 ----------------------------
7302 :Returns: 0 on success; -1 on error
7307 handled in-kernel, while the other I/O instructions are passed to userspace.
7312 Note that even though this capability is enabled per-vcpu, the complete
7316 -------------------
7320 :Parameters: args[0] defines whether the proxy facility is active
7321 :Returns: 0 on success; -1 on error
7335 --------------------
7341 This capability connects the vcpu to an in-kernel MPIC device.
7344 --------------------
7351 This capability connects the vcpu to an in-kernel XICS device.
7354 ------------------------
7357 :Target: vm
7360 This capability enables the in-kernel irqchip for s390. Please refer to
7364 --------------------
7378 ---------------------
7391 ----------------------
7396 :Returns: x86: KVM_CHECK_EXTENSION returns a bit-array indicating which register
7412 - the register sets to be copied out to kvm_run are selectable
7414 - vcpu_events are available in addition to regs and sregs.
7417 function as an input bit-array field set by userspace to indicate the
7437 -------------------------
7444 This capability connects the vcpu to an in-kernel XIVE device.
7454 what their effect on the VM is when enabling them.
7471 ----------------------------
7475 args[1] is 0 to disable, 1 to enable in-kernel handling
7478 get handled by the kernel or not. Enabling or disabling in-kernel
7479 handling of an hcall is effective across the VM. On creation, an
7480 initial set of hcalls are enabled for in-kernel handling, which
7481 consists of those hcalls for which in-kernel handlers were implemented
7488 If the hcall number specified is not one that has an in-kernel
7493 --------------------------
7502 - SENSE
7503 - SENSE RUNNING
7504 - EXTERNAL CALL
7505 - EMERGENCY SIGNAL
7506 - CONDITIONAL EMERGENCY SIGNAL
7515 ---------------------------------
7523 return -EINVAL if the machine does not support vectors.
7526 --------------------------
7531 This capability allows post-handlers for the STSI instruction. After
7536 vcpu->run::
7547 @addr - guest address of STSI SYSIB
7548 @fc - function code
7549 @sel1 - selector 1
7550 @sel2 - selector 2
7551 @ar - access register number
7553 KVM handlers should exit to userspace with rc = -EREMOTE.
7556 -------------------------
7559 :Parameters: args[0] - number of routes reserved for userspace IOAPICs
7560 :Returns: 0 on success, -1 on error
7577 -------------------
7582 Allows use of runtime-instrumentation introduced with zEC12 processor.
7583 Will return -EINVAL if the machine does not support runtime-instrumentation.
7584 Will return -EBUSY if a VCPU has already been created.
7587 ----------------------
7590 :Parameters: args[0] - features that should be enabled
7591 :Returns: 0 on success, -EINVAL when args[0] contains invalid features
7600 allowing the use of 32-bit APIC IDs. See KVM_CAP_X2APIC_API in their
7607 where 0xff represents CPUs 0-7 in cluster 0.
7610 ----------------------------
7617 mechanism e.g. to realize 2-byte software breakpoints. The kernel will
7625 -------------------
7629 :Returns: 0 on success; -EINVAL if the machine does not support
7630 guarded storage; -EBUSY if a VCPU has already been created.
7635 ---------------------
7640 Allow use of adapter-interruption suppression.
7641 :Returns: 0 on success; -EBUSY if a VCPU has already been created.
7644 --------------------
7649 Enabling this capability on a VM provides userspace with a way to set
7656 subsequently queried for the VM. This capability is only supported by
7662 ----------------------
7674 ------------------------------
7678 :Returns: 0 on success, -EINVAL when args[0] contains invalid exits
7688 Enabling this capability on a VM provides userspace with a way to no
7698 --------------------------
7702 :Returns: 0 on success, -EINVAL if hpage module parameter was not set
7703 or cmma is enabled, or the VM has the KVM_VM_S390_UCONTROL
7707 through hugetlbfs can be enabled for a VM. After the capability is
7710 hpage module parameter is not set to 1, -EINVAL is returned.
7712 While it is generally possible to create a huge page backed VM without
7713 this capability, the VM will not be able to run.
7716 ------------------------------
7726 --------------------------
7730 :Returns: 0 on success, -EINVAL when the implementation doesn't support
7731 nested-HV virtualization.
7733 HV-KVM on POWER9 and later systems allows for "nested-HV"
7734 virtualization, which provides a way for a guest VM to run guests that
7735 can run using the CPU's supervisor mode (privileged non-hypervisor
7736 state). Enabling this capability on a VM depends on the CPU having
7738 kvm-hv module parameter.
7741 ------------------------------
7747 emulated VM-exit when L1 intercepts a #PF exception that occurs in
7748 L2. Similarly, for kvm-intel only, DR6 will not be modified prior to
7749 the emulated VM-exit when L1 intercepts a #DB exception that occurs in
7755 exception.has_payload and to put the faulting address - or the new DR6
7756 bits\ [#]_ - in the exception_payload field.
7767 --------------------------------------
7778 automatically clear and write-protect all pages that are returned as dirty.
7784 KVM_CLEAR_DIRTY_LOG ioctl can operate on a 64-page granularity rather
7809 ------------------------------
7821 If present, this capability can be enabled for a VM, meaning that KVM
7826 ----------------------
7829 :Target: VM
7831 :Returns: 0 on success; -1 on error
7834 maximum halt-polling time for all vCPUs in the target VM. This capability can
7836 maximum halt-polling time.
7838 See Documentation/virt/kvm/halt-polling.rst for more information on halt
7842 -------------------------------
7845 :Target: VM
7847 :Returns: 0 on success; -1 on error
7874 -------------------------------
7877 :Target: VM
7879 :Returns: 0 on success, -EINVAL when args[0] contains invalid bits
7886 Enabling this capability on a VM provides userspace with a way to select a
7889 the KVM_ENABLE_CAP. The supported modes are mutually-exclusive.
7891 This capability allows userspace to force VM exits on bus locks detected in the
7892 guest, irrespective whether or not the host has enabled split-lock detection
7897 If KVM_BUS_LOCK_DETECTION_OFF is set, KVM doesn't force guest bus locks to VM
7898 exit, although the host kernel's split-lock #AC detection still applies, if
7902 bus locks in the guest trigger a VM exit, and KVM exits to userspace for all
7903 such VM exits, e.g. to allow userspace to throttle the offending guest and/or
7904 apply some other policy-based mitigation. When exiting to userspace, KVM sets
7905 KVM_RUN_X86_BUS_LOCK in vcpu-run->flags, and conditionally sets the exit_reason
7913 ----------------------
7917 :Returns: 0 on success, -EINVAL when CPU doesn't support 2nd DAWR
7924 -------------------------------------
7927 Type: vm
7928 Parameters: args[0] is the fd of the source vm
7931 This capability enables userspace to copy encryption context from the vm
7932 indicated by the fd to the vm this is called on.
7934 This is intended to support in-guest workloads scheduled by the host. This
7935 allows the in-guest workload to maintain its own NPTs and keeps the two vms
7940 --------------------------
7943 :Target: VM
7945 :Returns: 0 on success, -EINVAL if the file handle is invalid or if a requested
7948 KVM_CAP_SGX_ATTRIBUTE enables a userspace VMM to grant a VM access to one or
7957 by running an enclave in a VM, KVM prevents access to privileged attributes by
7963 -------------------------------
7967 :Type: vm
7974 IBM pSeries (sPAPR) guest starts using it if "hcall-rpt-invalidate" is
7975 present in the "ibm,hypertas-functions" device-tree property.
7981 --------------------------------------
7999 --------------------
8013 tags as appropriate if the VM is migrated.
8016 ``MAP_ANONYMOUS`` or with a RAM-based file mapping (``tmpfs``, ``memfd``),
8018 -EINVAL return.
8024 -------------------------------------
8027 :Type: vm
8028 :Parameters: args[0] is the fd of the source vm
8031 This capability enables userspace to migrate the encryption context from the VM
8032 indicated by the fd to the VM this is called on.
8034 This is intended to support intra-host migration of VMs between userspace VMMs,
8038 -------------------------------
8042 :Type: vm
8048 This capability allows a guest kernel to use a better-performance mode for
8052 ----------------------------
8055 :Parameters: args[0] - set of KVM quirks to disable
8057 :Type: vm
8091 KVM_X86_QUIRK_OUT_7E_INC_RIP By default, KVM pre-increments %rip before
8094 KVM does not pre-increment %rip before
8130 VM type isn't KVM_X86_DEFAULT_VM), KVM only
8160 ------------------------
8163 :Target: VM
8164 :Parameters: args[0] - maximum APIC ID value set for current VM
8165 :Returns: 0 on success, -EINVAL if args[0] is beyond KVM_MAX_VCPU_IDS
8169 assigned for current VM session prior to the creation of vCPUs, saving
8181 ------------------------------
8184 :Target: VM
8186 :Returns: 0 on success, -EINVAL if args[0] contains invalid flags or notify
8187 VM exit is unsupported.
8195 This capability allows userspace to configure the notify VM exit on/off
8196 in per-VM scope during VM creation. Notify VM exit is disabled by default.
8199 a VM exit if no event window occurs in VM non-root mode for a specified of
8202 If KVM_X86_NOTIFY_VMEXIT_USER is set in args[0], upon notify VM exits happen,
8210 ------------------------------
8213 :Returns: Informational only, -EINVAL on direct KVM_ENABLE_CAP.
8216 kvm_run.memory_fault if KVM cannot resolve a guest page fault VM-Exit, e.g. if
8231 -----------------------------------
8234 :Target: VM
8236 :Returns: 0 on success, -EINVAL if args[0] contains an invalid value for the
8237 frequency or if any vCPUs have been created, -ENXIO if a virtual
8240 This capability sets the VM's APIC bus clock frequency, used by KVM's in-kernel
8245 core crystal clock frequency, if a non-zero CPUID 0x15 is exposed to the guest.
8248 ------------------------------
8251 :Returns: Informational only, -EINVAL on direct KVM_ENABLE_CAP.
8268 ---------------------
8274 H_RANDOM hypercall backed by a hardware random-number generator.
8279 ------------------------
8285 Hyper-V Synthetic interrupt controller(SynIC). Hyper-V SynIC is
8286 used to support Windows Hyper-V based guest paravirt drivers(VMBus).
8291 by the CPU, as it's incompatible with SynIC auto-EOI behavior.
8294 -------------------------
8304 ---------------------------
8311 the POWER9 processor), including in-memory segment tables.
8314 -------------------
8321 KVM_VM_MIPS_* type must be passed to KVM_CREATE_VM to create a VM which
8324 If KVM_CHECK_EXTENSION on a kvm VM handle indicates that this capability is
8325 available, it means that the VM is using full hardware assisted virtualization
8326 capabilities of the hardware. This is useful to check after creating a VM with
8344 -------------------
8352 to KVM_CREATE_VM to create a VM which utilises it.
8354 If KVM_CHECK_EXTENSION on a kvm VM handle indicates that this capability is
8355 available, it means that the VM is using trap & emulate.
8358 ----------------------
8366 kvm VM handle correspond roughly to the CP0_Config.AT register field, and should
8372 Both registers and addresses are 32-bits wide.
8373 It will only be possible to run 32-bit guest code.
8375 1 MIPS64 or microMIPS64 with access only to 32-bit compatibility segments.
8376 Registers are 64-bits wide, but addresses are 32-bits wide.
8377 64-bit guest code may run but cannot access MIPS64 memory segments.
8378 It will also be possible to run 32-bit guest code.
8381 Both registers and addresses are 64-bits wide.
8382 It will be possible to run 64-bit or 32-bit guest code.
8386 ------------------------
8391 that if userspace creates a VM without an in-kernel interrupt controller, it
8392 will be notified of changes to the output level of in-kernel emulated devices,
8393 which can generate virtual interrupts, presented to the VM.
8395 updates the vcpu's run->s.regs.device_irq_level field to represent the actual
8399 least one return to userspace before running the VM. This exit could either
8401 userspace can always sample the device output level and re-compute the state of
8403 of run->s.regs.device_irq_level on every kvm exit.
8404 The value in run->s.regs.device_irq_level can represent both level and edge
8406 signals will exit to userspace with the bit in run->s.regs.device_irq_level
8409 The field run->s.regs.device_irq_level is available independent of
8410 run->kvm_valid_regs or run->kvm_dirty_regs bits.
8414 and thereby which bits in run->s.regs.device_irq_level can signal values.
8420 KVM_ARM_DEV_EL1_VTIMER - EL1 virtual timer
8421 KVM_ARM_DEV_EL1_PTIMER - EL1 physical timer
8422 KVM_ARM_DEV_PMU - ARM PMU overflow interrupt signal
8429 -----------------------------
8439 --------------------------
8443 This capability enables a newer version of Hyper-V Synthetic interrupt
8449 ----------------------------
8459 -------------------------------
8469 ---------------------
8476 ----------------------
8485 ---------------------
8490 use copy-on-write semantics as well as dirty pages tracking via read-only page
8494 ---------------------
8503 ----------------------------
8507 This capability indicates that KVM supports paravirtualized Hyper-V TLB Flush
8513 ----------------------------------
8528 ----------------------------
8532 This capability indicates that KVM supports paravirtualized Hyper-V IPI send
8537 -----------------------------------
8541 This capability indicates that KVM running on top of Hyper-V hypervisor
8543 hypercalls are handled by Level 0 hypervisor (Hyper-V) bypassing KVM.
8544 Due to the different ABI for hypercall parameters between Hyper-V and
8547 flush hypercalls by Hyper-V) so userspace should disable KVM identification
8548 in CPUID and only exposes Hyper-V identification. In this case, guest
8549 thinks it's running on Hyper-V and only use Hyper-V hypercalls.
8552 -----------------------------
8560 ---------------------------
8571 -----------------------
8577 architecture-specific interfaces. This capability and the architecture-
8584 -------------------------
8594 an 8-byte value consisting of a one-byte Control Program Name Code (CPNC) and
8595 a 7-byte Control Program Version Code (CPVC). The CPNC determines what
8596 environment the control program is running in (e.g. Linux, z/VM...), and the
8604 -------------------------------
8609 writes to user space. It can be enabled on a VM level. If enabled, MSR
8615 ---------------------------
8620 may be rejected. With this capability exposed, KVM exports new VM ioctl
8629 -------------------------------------
8641 ----------------------------------------------------------
8644 :Parameters: args[0] - size of the dirty log ring
8669 ring buffer, the less likely the ring is full and the VM is forced to
8684 00 -----------> 01 -------------> 1X -------+
8687 +------------------------------------------+
8701 using load-acquire/store-release accessors when available, or any
8709 calls the VM ioctl KVM_RESET_DIRTY_RINGS to notify the kernel about
8729 Architecture with TSO-like ordering (such as x86) are allowed to
8735 ring structures can be backed by per-slot bitmaps. With this capability
8745 context. Otherwise, the stand-alone per-slot bitmap mechanism needs to
8758 KVM device "kvm-arm-vgic-its". (2) restore vgic/its tables through
8760 "kvm-arm-vgic-its". VGICv3 LPI pending status is restored. (3) save
8762 command on KVM device "kvm-arm-vgic-v3".
8765 --------------------
8795 The KVM_XEN_HVM_CONFIG_RUNSTATE flag indicates that the runstate-related
8829 -------------------------
8833 :Type: vm
8844 IBM pSeries (sPAPR) guest starts using them if "hcall-multi-tce" is
8845 present in the "ibm,hypertas-functions" device-tree property.
8855 --------------------
8864 ---------------------------------
8868 When enabled, KVM will disable emulated Hyper-V features provided to the
8869 guest according to the bits Hyper-V CPUID feature leaves. Otherwise, all
8870 currently implemented Hyper-V features are provided unconditionally when
8871 Hyper-V identification is set in the HYPERV_CPUID_INTERFACE (0x40000001)
8875 ---------------------------
8879 :Type: vm
8894 ---------------------------
8898 :Type: vm
8900 :Returns: 0 on success, -EINVAL when arg[0] contains invalid bits
8905 PMU virtualization capabilities that can be adjusted on a VM.
8908 PMU virtualization capabilities to be applied to the VM. This can
8909 only be invoked on a VM prior to the creation of VCPUs.
8912 this capability will disable PMU virtualization for that VM. Usermode
8916 -------------------------------
8920 :Type: vm
8926 --------------------------------
8930 :Type: vm
8939 -------------------------------------
8943 :Type: vm
8945 :Returns: 0 on success, -EPERM if the userspace process does not
8946 have CAP_SYS_BOOT, -EINVAL if args[0] is not 0 or any vCPUs have been
8956 ------------------------------
8960 :Type: vm
8972 on vm fd, KVM_S390_VM_CPU_TOPOLOGY.
8977 When getting the Modified Change Topology Report value, the attr->addr
8981 ---------------------------------------
8985 :Type: vm
8987 :Returns: 0 on success, -EINVAL if any memslot was already created.
8991 Eager Page Splitting improves the performance of dirty-logging (used
8992 in live migrations) when guest memory is backed by huge-pages. It
8993 avoids splitting huge-pages (into PAGE_SIZE pages) on fault, by doing
9004 64-bit bitmap (each bit describing a block size). The default value is
9008 ---------------------
9014 This capability returns a bitmap of support VM types. The 1-setting of bit @n
9015 means the VM type with value @n is supported. Possible values of @n are::
9024 production. The behavior and effective ABI for software-protected VMs is
9038 --------
9052 ``KVM_ENABLE_CAP(KVM_CAP_IRQCHIP_SPLIT)`` are used to enable in-kernel emulation of
9059 has enabled in-kernel emulation of the local APIC.