set efer in guest to get past vmrun exit code -1

[freebsd-src/fkvm-freebsd.git] / sys / kern / kern_fkvm.c

/*-
 * Copyright (c) 2008 The FreeBSD Project
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/cdefs.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_extern.h>
#include <vm/vm_map.h>
#include <vm/vm_object.h>
#include <vm/vm_param.h>
#include <machine/_inttypes.h>
#include <machine/specialreg.h>
#include <machine/segments.h>
#include <machine/vmcb.h>

#define IOPM_SIZE       (8*1024 + 1) /* TODO: ensure that this need not be 12Kbtes, not just 8Kb+1 */
#define MSRPM_SIZE      (8*1024)

/* fkvm data */
static void *iopm = NULL; /* Should I allocate a vm_object_t instead? */
static void * msrpm = NULL; /* Should I allocate a vm_object_t instead? */

/* per-guest data */

/* VCPU data */
static void *hsave_area = NULL;
static struct vmcb *vmcb = NULL;

enum {
        VCPU_REGS_RAX = 0,
        VCPU_REGS_RCX = 1,
        VCPU_REGS_RDX = 2,
        VCPU_REGS_RBX = 3,
        VCPU_REGS_RSP = 4,
        VCPU_REGS_RBP = 5,
        VCPU_REGS_RSI = 6,
        VCPU_REGS_RDI = 7,
        VCPU_REGS_R8 = 8,
        VCPU_REGS_R9 = 9,
        VCPU_REGS_R10 = 10,
        VCPU_REGS_R11 = 11,
        VCPU_REGS_R12 = 12,
        VCPU_REGS_R13 = 13,
        VCPU_REGS_R14 = 14,
        VCPU_REGS_R15 = 15,
        VCPU_REGS_RIP,
        NR_VCPU_REGS
};

static struct vcpu {
        unsigned long vmcb_pa;
        unsigned long regs[NR_VCPU_REGS];
        u_int64_t host_gs_base;
        u_int64_t cr2;
        u_int64_t cr3;
} vcpu;

#define SVM_VMLOAD ".byte 0x0f, 0x01, 0xda"
#define SVM_VMRUN  ".byte 0x0f, 0x01, 0xd8"
#define SVM_VMSAVE ".byte 0x0f, 0x01, 0xdb"
#define SVM_CLGI   ".byte 0x0f, 0x01, 0xdd"
#define SVM_STGI   ".byte 0x0f, 0x01, 0xdc"
#define SVM_INVLPGA ".byte 0x0f, 0x01, 0xdf"

static void
print_tss_desc(struct system_segment_descriptor *tss_desc)
{
        printf("TSS desc @ %p:\n", tss_desc);
        printf("sd_lolimit: 0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_lolimit);
        printf("sd_lobase:  0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_lobase);
        printf("sd_type:    0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_type);
        printf("sd_dpl:     0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_dpl);
        printf("sd_p:       0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_p);
        printf("sd_hilimit: 0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_hilimit);
        printf("sd_xx0:     0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_xx0);
        printf("sd_gran:    0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_gran);
        printf("sd_hibase:  0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_hibase);
        printf("sd_xx1:     0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_xx1);
        printf("sd_mbz:     0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_mbz);
        printf("sd_xx2:     0x%" PRIx64 "\n", (u_int64_t) tss_desc->sd_xx2);
        printf("\n\n");
}

static void
print_tss(struct system_segment_descriptor *tss_desc)
{
        u_int32_t *base;
        int limit;
        int i;

        base  = (u_int32_t*) ((((u_int64_t) tss_desc->sd_hibase)  << 24) | ((u_int64_t) tss_desc->sd_lobase));
        limit = ((tss_desc->sd_hilimit << 16) | tss_desc->sd_lolimit) / 4;

        printf("TSS: @ %p\n", base);
        for (i = 0; i <= limit; i++)
                printf("%x: 0x%" PRIx32 "\n", i, base[i]);
        printf("\n\n");
}

static int
vmrun_assert(struct vmcb *vmcb)
{
#define A(cond) do { if ((cond)) { printf("Error: assertion not met on line %d\n", __LINE__); bad = 1; } } while (0)

        int bad;

        bad = 0;

        // The following are illegal:

        //EFER.SVME is zero.
        A((vmcb->save.efer   & 0x0000000000001000) == 0);

        // CR0.CD is zero and CR0.NW is set
        A( ((vmcb->save.cr0  & 0x0000000040000000) == 0) &&
           ((vmcb->save.cr0  & 0x0000000020000000) != 0));

        // CR0[63:32] are not zero.
        A((vmcb->save.cr0  & 0xFFFFFFFF00000000) == 0xFFFFFFFF00000000);

        // Any MBZ bit of CR3 is set.
        A((vmcb->save.cr3  & 0xFFF0000000000000) != 0);

        // CR4[63:11] are not zero.
        A((vmcb->save.cr4  & 0xFFFFFFFFFFFFF800) == 0xFFFFFFFFFFFFF800);

        // DR6[63:32] are not zero.
        A((vmcb->save.dr6  & 0xFFFFFFFF00000000) == 0xFFFFFFFF00000000);

        // DR7[63:32] are not zero.
        A((vmcb->save.dr7  & 0xFFFFFFFF00000000) == 0xFFFFFFFF00000000);

        // EFER[63:15] are not zero.
        A((vmcb->save.efer & 0xFFFFFFFFFFFF8000) == 0xFFFFFFFFFFF8000);

        // EFER.LMA or EFER.LME is non-zero and this processor does not support long mode.
        //// A((vmcb->save.efer & 0x0000000000000500) != 0);

        // EFER.LME and CR0.PG are both set and CR4.PAE is zero.
        A( ((vmcb->save.efer & 0x0000000000000100) != 0) &&
           ((vmcb->save.cr0  & 0x0000000080000000) != 0) &&
           ((vmcb->save.cr4  & 0x0000000000000020) != 0));

        // EFER.LME and CR0.PG are both non-zero and CR0.PE is zero.
        A( ((vmcb->save.efer & 0x0000000000000100) != 0)  &&
           ((vmcb->save.cr0  & 0x0000000080000000) != 0) &&
           ((vmcb->save.cr0  & 0x0000000000000001) == 0));

        // EFER.LME, CR0.PG, CR4.PAE, CS.L, and CS.D are all non-zero.
        // cs.attrib = concat 55-52 and 47-40 (p372 v2)
        A( ((vmcb->save.efer & 0x0000000000000100) != 0)  &&
           ((vmcb->save.cr0  & 0x0000000080000000) != 0) &&
           ((vmcb->save.cr4  & 0x0000000000000020) != 0) &&
           ((vmcb->save.cs.attrib & 0x0200) != 0)        &&
           ((vmcb->save.cs.attrib & 0x0400) != 0));

        // The VMRUN intercept bit is clear.
        A((vmcb->control.intercepts & 0x0000000100000000) == 0);

        // The MSR or IOIO intercept tables extend to a physical address that is
        // greater than or equal to the maximum supported physical address.

        // Illegal event injection (see Section 15.19 on page 391).

        // ASID is equal to zero.
        A(vmcb->control.guest_asid == 0);

        // VMRUN can load a guest value of CR0 with PE = 0 but PG = 1, a
        // combination that is otherwise illegal (see Section 15.18).

        // In addition to consistency checks, VMRUN and #VMEXIT canonicalize (i.e.,
        // sign-extend to 63 bits) all base addresses in the segment registers
        // that have been loaded.

        return bad;

#undef A
}

static void
fkvm_vcpu_run(struct vcpu *vcpu, struct vmcb *vmcb)
{
        u_int64_t lstar;
        u_int64_t cstar;
        u_int64_t star;
        u_int64_t sfmask;

        u_short fs_selector;
        u_short gs_selector;
        u_short ldt_selector;

        unsigned long host_cr2;
        unsigned long host_dr6;
        unsigned long host_dr7;

        struct system_segment_descriptor *tss_desc;
        u_int64_t sel;

        printf("begin fkvm_vcpu_run\n");

        if (vmrun_assert(vmcb))
                return;


        tss_desc = (struct system_segment_descriptor*) (&gdt[GPROC0_SEL]);
        sel = GSEL(GPROC0_SEL, SEL_KPL);

        printf("GSEL(GPROC0_SEL, SEL_KPL)=0x%" PRIx64 "\n", sel);
        print_tss_desc(tss_desc);
        print_tss(tss_desc);

        printf("VMCB save area:\n");
        printf("fs:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.fs.selector,
                vmcb->save.fs.attrib,
                vmcb->save.fs.limit,
                vmcb->save.fs.base);
        printf("gs:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.gs.selector,
                vmcb->save.gs.attrib,
                vmcb->save.gs.limit,
                vmcb->save.gs.base);
        printf("tr:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.tr.selector,
                vmcb->save.tr.attrib,
                vmcb->save.tr.limit,
                vmcb->save.tr.base);
        printf("ldtr:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.ldtr.selector,
                vmcb->save.ldtr.attrib,
                vmcb->save.ldtr.limit,
                vmcb->save.ldtr.base);
        printf("kernel_gs_base: %" PRIx64 "\n", vmcb->save.kernel_gs_base);
        printf("star:   %" PRIx64 "\n", vmcb->save.star);
        printf("lstar:  %" PRIx64 "\n", vmcb->save.lstar);
        printf("cstar:  %" PRIx64 "\n", vmcb->save.cstar);
        printf("sfmask: %" PRIx64 "\n", vmcb->save.sfmask);
        printf("sysenter_cs:  %" PRIx64 "\n", vmcb->save.sysenter_cs);
        printf("sysenter_esp: %" PRIx64 "\n", vmcb->save.sysenter_esp);
        printf("sysenter_eip: %" PRIx64 "\n", vmcb->save.sysenter_eip);
        printf("\n\n");

//      disable_intr();

        vcpu->vmcb_pa = vtophys(vmcb);
        printf("vmcb = 0x%p\n", vmcb);
        printf("vcpu->vmcb_pa = 0x%lx\n", vcpu->vmcb_pa);

        vmcb->save.rax = vcpu->regs[VCPU_REGS_RAX];
        vmcb->save.rsp = vcpu->regs[VCPU_REGS_RSP];
        vmcb->save.rip = vcpu->regs[VCPU_REGS_RIP];

        /* meh: kvm has pre_svm_run(svm); */

        vcpu->host_gs_base = rdmsr(MSR_GSBASE);
        printf("host_gs_base: 0x%" PRIx64 "\n", vcpu->host_gs_base);

        fs_selector = rfs();
        gs_selector = rgs();
        ldt_selector = rldt();
        printf("fs selector: %hx\n", fs_selector);
        printf("gs selector: %hx\n", gs_selector);
        printf("ldt selector: %hx\n", ldt_selector);

        host_cr2 = rcr2();

        host_dr6 = rdr6();
        host_dr7 = rdr7();

        vmcb->save.cr2 = vcpu->cr2;
        /* meh: cr3? */

        /* meh: dr7? db_regs? */

        printf("MSR_STAR:   %" PRIx64 "\n", rdmsr(MSR_STAR));
        printf("MSR_LSTAR:  %" PRIx64 "\n", rdmsr(MSR_LSTAR));
        printf("MSR_CSTAR:  %" PRIx64 "\n", rdmsr(MSR_CSTAR));
        printf("MSR_SF_MASK:  %" PRIx64 "\n", rdmsr(MSR_SF_MASK));

        star = rdmsr(MSR_STAR);
        lstar = rdmsr(MSR_LSTAR);
        cstar = rdmsr(MSR_CSTAR);
        sfmask = rdmsr(MSR_SF_MASK);

        printf("CLGI...\n");

        __asm __volatile (SVM_CLGI);


//      enable_intr();

#define R "r"
        __asm __volatile (
                "push %%"R"bp; \n\t"
                "mov %c[rbx](%[svm]), %%"R"bx \n\t"
                "mov %c[rcx](%[svm]), %%"R"cx \n\t"
                "mov %c[rdx](%[svm]), %%"R"dx \n\t"
                "mov %c[rsi](%[svm]), %%"R"si \n\t"
                "mov %c[rdi](%[svm]), %%"R"di \n\t"
                "mov %c[rbp](%[svm]), %%"R"bp \n\t"
                "mov %c[r8](%[svm]),  %%r8  \n\t"
                "mov %c[r9](%[svm]),  %%r9  \n\t"
                "mov %c[r10](%[svm]), %%r10 \n\t"
                "mov %c[r11](%[svm]), %%r11 \n\t"
                "mov %c[r12](%[svm]), %%r12 \n\t"
                "mov %c[r13](%[svm]), %%r13 \n\t"
                "mov %c[r14](%[svm]), %%r14 \n\t"
                "mov %c[r15](%[svm]), %%r15 \n\t"

                /* Enter guest mode */
                "push %%"R"ax \n\t"
                "mov %c[vmcb](%[svm]), %%"R"ax \n\t"
                SVM_VMLOAD "\n\t"
                SVM_VMRUN "\n\t"
                SVM_VMSAVE "\n\t"
                "pop %%"R"ax \n\t"

                /* Save guest registers, load host registers */
                "mov %%"R"bx, %c[rbx](%[svm]) \n\t"
                "mov %%"R"cx, %c[rcx](%[svm]) \n\t"
                "mov %%"R"dx, %c[rdx](%[svm]) \n\t"
                "mov %%"R"si, %c[rsi](%[svm]) \n\t"
                "mov %%"R"di, %c[rdi](%[svm]) \n\t"
                "mov %%"R"bp, %c[rbp](%[svm]) \n\t"
                "mov %%r8,  %c[r8](%[svm]) \n\t"
                "mov %%r9,  %c[r9](%[svm]) \n\t"
                "mov %%r10, %c[r10](%[svm]) \n\t"
                "mov %%r11, %c[r11](%[svm]) \n\t"
                "mov %%r12, %c[r12](%[svm]) \n\t"
                "mov %%r13, %c[r13](%[svm]) \n\t"
                "mov %%r14, %c[r14](%[svm]) \n\t"
                "mov %%r15, %c[r15](%[svm]) \n\t"
                "pop %%"R"bp"
                :
                : [svm]"a"(vcpu),
                  [vmcb]"i"(offsetof(struct vcpu, vmcb_pa)),
                  [rbx]"i"(offsetof(struct vcpu, regs[VCPU_REGS_RBX])),
                  [rcx]"i"(offsetof(struct vcpu, regs[VCPU_REGS_RCX])),
                  [rdx]"i"(offsetof(struct vcpu, regs[VCPU_REGS_RDX])),
                  [rsi]"i"(offsetof(struct vcpu, regs[VCPU_REGS_RSI])),
                  [rdi]"i"(offsetof(struct vcpu, regs[VCPU_REGS_RDI])),
                  [rbp]"i"(offsetof(struct vcpu, regs[VCPU_REGS_RBP])),
                  [r8 ]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R8 ])),
                  [r9 ]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R9 ])),
                  [r10]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R10])),
                  [r11]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R11])),
                  [r12]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R12])),
                  [r13]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R13])),
                  [r14]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R14])),
                  [r15]"i"(offsetof(struct vcpu, regs[VCPU_REGS_R15]))
                : "cc", "memory",
                R"bx", R"cx", R"dx", R"si", R"di",
                "r8", "r9", "r10", "r11" , "r12", "r13", "r14", "r15"
                );


        /* meh: dr7? db_regs? */

        vcpu->cr2 = vmcb->save.cr2;

        vcpu->regs[VCPU_REGS_RAX] = vmcb->save.rax;
        vcpu->regs[VCPU_REGS_RSP] = vmcb->save.rsp;
        vcpu->regs[VCPU_REGS_RIP] = vmcb->save.rip;

        load_dr6(host_dr6);
        load_dr7(host_dr7);

        load_cr2(host_cr2);

        load_fs(fs_selector);
        load_gs(gs_selector);
        lldt(ldt_selector);

        wrmsr(MSR_GSBASE, vcpu->host_gs_base);

        tss_desc->sd_type = SDT_SYSTSS;
        ltr(sel);

        wrmsr(MSR_STAR, star);
        wrmsr(MSR_LSTAR, lstar);
        wrmsr(MSR_CSTAR, cstar);
        wrmsr(MSR_SF_MASK, sfmask);

//      disable_intr();

        __asm __volatile (SVM_STGI);

        printf("STGI\n");
        
        printf("exit_code: %" PRIx64 "\n", vmcb->control.exit_code);

        printf("MSR_STAR:     %" PRIx64 "\n", rdmsr(MSR_STAR));
        printf("MSR_LSTAR:    %" PRIx64 "\n", rdmsr(MSR_LSTAR));
        printf("MSR_CSTAR:    %" PRIx64 "\n", rdmsr(MSR_CSTAR));
        printf("MSR_SF_MASK:  %" PRIx64 "\n", rdmsr(MSR_SF_MASK));

        fs_selector = rfs();
        gs_selector = rgs();
        ldt_selector = rldt();
        printf("fs selector: %hx\n", fs_selector);
        printf("gs selector: %hx\n", gs_selector);
        printf("ldt selector: %hx\n", ldt_selector);

        vcpu->host_gs_base = rdmsr(MSR_GSBASE);
        printf("host_gs_base: 0x%" PRIx64 "\n", vcpu->host_gs_base);

        print_tss_desc(tss_desc);
        print_tss(tss_desc);

        printf("VMCB save area:\n");
        printf("fs:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.fs.selector,
                vmcb->save.fs.attrib,
                vmcb->save.fs.limit,
                vmcb->save.fs.base);
        printf("gs:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.gs.selector,
                vmcb->save.gs.attrib,
                vmcb->save.gs.limit,
                vmcb->save.gs.base);
        printf("tr:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.tr.selector,
                vmcb->save.tr.attrib,
                vmcb->save.tr.limit,
                vmcb->save.tr.base);
        printf("ldtr:   [selector %" PRIx16 ", attrib %" PRIx16 ", limit %" PRIx32 ", base %" PRIx64 "]\n",
                vmcb->save.ldtr.selector,
                vmcb->save.ldtr.attrib,
                vmcb->save.ldtr.limit,
                vmcb->save.ldtr.base);
        printf("kernel_gs_base: %" PRIx64 "\n", vmcb->save.kernel_gs_base);
        printf("star:   %" PRIx64 "\n", vmcb->save.star);
        printf("lstar:  %" PRIx64 "\n", vmcb->save.lstar);
        printf("cstar:  %" PRIx64 "\n", vmcb->save.cstar);
        printf("sfmask: %" PRIx64 "\n", vmcb->save.sfmask);
        printf("sysenter_cs:  %" PRIx64 "\n", vmcb->save.sysenter_cs);
        printf("sysenter_esp: %" PRIx64 "\n", vmcb->save.sysenter_esp);
        printf("sysenter_eip: %" PRIx64 "\n", vmcb->save.sysenter_eip);
        printf("\n\n");

//      enable_intr();

        /* meh: next_rip */
}

static void
_fkvm_init_seg(struct vmcb_seg *seg, uint16_t attrib)
{
        seg->selector = 0;
        seg->attrib = VMCB_SELECTOR_P_MASK | attrib;
        seg->limit = 0xffff;
        seg->base = 0;
}

static inline void
fkvm_init_seg(struct vmcb_seg *seg)
{
        _fkvm_init_seg(seg, VMCB_SELECTOR_S_MASK | VMCB_SELECTOR_WRITE_MASK);
}

static inline void
fkvm_init_sys_seg(struct vmcb_seg *seg, uint16_t attrib)
{
        _fkvm_init_seg(seg, attrib);
}

static void
fkvm_iopm_init(void *iopm)
{
        memset(iopm, 0xff, IOPM_SIZE); /* TODO: we may want to allow access to PC debug port */
}

static void
fkvm_msrpm_init(void *msrpm)
{
        memset(msrpm, 0xff, MSRPM_SIZE); /* TODO: we may want to allow some MSR accesses */
}

static u_int64_t
fkvm_make_vm_map(void)
{
        int rc;
        struct vmspace *sp = NULL;
        vm_object_t obj = NULL;

        sp = vmspace_alloc(0, 0xffffffffffffffff);
        if (sp == NULL) {
                printf("vmspace_alloc failed\n");
                goto fail;
        }

        obj = vm_object_allocate(OBJT_DEFAULT, 0xffffffffffffffff >> PAGE_SHIFT);

        vm_object_reference(obj);
        rc = vm_map_insert(&sp->vm_map,
                           obj,
                           0, 0, 0xffffffffffffffff >> PAGE_SHIFT,
                           VM_PROT_ALL, VM_PROT_ALL,
                           0);
        if (rc != KERN_SUCCESS) {
                printf("vm_map_insert failed: %d\n", rc);
                vm_object_deallocate(obj);
                goto fail;
        }

        return vtophys(vmspace_pmap(sp)->pm_pml4);

fail:
        if (obj != NULL) {
                vm_object_deallocate(obj);
                obj = NULL;
        }
        if (sp != NULL) {
                vmspace_free(sp);
                sp = NULL;
        }
        return 0;
}



static void
fkvm_vmcb_init(struct vmcb *vmcb)
{
        struct vmcb_control_area *control = &vmcb->control;
        struct vmcb_save_area *save = &vmcb->save;

        control->intercept_cr_reads =   INTERCEPT_CR4_MASK;

        control->intercept_cr_writes =  INTERCEPT_CR4_MASK |
                                        INTERCEPT_CR8_MASK;

        control->intercept_dr_reads =   INTERCEPT_DR0_MASK |
                                        INTERCEPT_DR1_MASK |
                                        INTERCEPT_DR2_MASK |
                                        INTERCEPT_DR3_MASK;

        control->intercept_dr_writes =  INTERCEPT_DR0_MASK |
                                        INTERCEPT_DR1_MASK |
                                        INTERCEPT_DR2_MASK |
                                        INTERCEPT_DR3_MASK |
                                        INTERCEPT_DR5_MASK |
                                        INTERCEPT_DR7_MASK;

        control->intercept_exceptions = (1 << IDT_UD) | // Invalid Opcode
                                        (1 << IDT_MC);  // Machine Check

        control->intercepts =   INTERCEPT_INTR |
                                INTERCEPT_NMI |
                                INTERCEPT_SMI |
                                INTERCEPT_CPUID |
                                INTERCEPT_INVD |
                                INTERCEPT_HLT |
                                INTERCEPT_INVLPGA |
                                INTERCEPT_IOIO_PROT |
                                INTERCEPT_MSR_PROT |
                                INTERCEPT_SHUTDOWN |
                                INTERCEPT_VMRUN |
                                INTERCEPT_VMMCALL |
                                INTERCEPT_VMLOAD |
                                INTERCEPT_VMSAVE |
                                INTERCEPT_STGI |
                                INTERCEPT_CLGI |
                                INTERCEPT_SKINIT |
                                INTERCEPT_WBINVD |
                                INTERCEPT_MONITOR |
                                INTERCEPT_MWAIT_UNCOND;

        control->iopm_base_pa = vtophys(iopm);
        control->msrpm_base_pa = vtophys(msrpm);
        control->tsc_offset = 0;

        /* TODO: remove this once we assign asid's to distinct VM's */
        control->guest_asid = 1;
        control->tlb_control = VMCB_TLB_CONTROL_FLUSH_ALL;

        /* let v_tpr default to 0 */
        /* let v_irq default to 0 */
        /* let v_intr default to 0 */

        control->v_intr_masking = 1;

        /* let v_intr_vector default to 0 */
        /* let intr_shadow default to 0 */
        /* let exit_code, exit_info_1, exit_info_2, exit_int_info,
           exit_int_info_err_code default to 0 */

        control->nested_ctl = 1;

        /* let event_inj default to 0 */

        // (nested_cr3 is later)

        /* let lbr_virt_enable default to 0 */


        fkvm_init_seg(&save->es);
        fkvm_init_seg(&save->ss);
        fkvm_init_seg(&save->ds);
        fkvm_init_seg(&save->fs);
        fkvm_init_seg(&save->gs);

        _fkvm_init_seg(&save->cs, VMCB_SELECTOR_READ_MASK | VMCB_SELECTOR_S_MASK |
                                  VMCB_SELECTOR_CODE_MASK);
        save->cs.selector = 0xf000;
        save->cs.base = 0xffff0000;

        save->gdtr.limit = 0xffff;
        save->idtr.limit = 0xffff;

        fkvm_init_sys_seg(&save->ldtr, SDT_SYSLDT);
        fkvm_init_sys_seg(&save->tr, SDT_SYS286BSY);

        save->g_pat = PAT_VALUE(PAT_WRITE_BACK, 0) | PAT_VALUE(PAT_WRITE_THROUGH, 1) |
                      PAT_VALUE(PAT_UNCACHED, 2) | PAT_VALUE(PAT_UNCACHEABLE, 3) |
                      PAT_VALUE(PAT_WRITE_BACK, 4) | PAT_VALUE(PAT_WRITE_THROUGH, 5) |
                      PAT_VALUE(PAT_UNCACHED, 6) | PAT_VALUE(PAT_UNCACHEABLE, 7);

        /* CR0_ET is forced to 1 by processor */
        save->cr0 = CR0_ET;
        save->dr6 = 0xffff0ff0;
        save->dr7 = 0x400;
        //save->rflags = 2; /* It seems like bit 1 is reserved.  This line makes no sense. */
        save->rip = 0x0000fff0;

        save->efer = 0x0000000000001000;

        control->nested_cr3 = fkvm_make_vm_map();
        printf("ncr3: %" PRIx64 "\n", control->nested_cr3);

}

struct vmspace *sp = NULL;
vm_object_t obj = NULL;

int fkvm_userpoke(void *data);

int
fkvm_userpoke(void *data)
{
        printf("fkvm_userpoke\n");

        /* VMRUN */
        fkvm_vcpu_run(&vcpu, vmcb);

        return 1;
}

static void
fkvm_load(void *unused)
{
        u_int64_t       efer;

        printf("fkvm_load\n");
        printf("sizeof(struct vmcb) = %" PRIx64 "\n", sizeof(struct vmcb));

        /* TODO: check for the presense of extensions */

        hsave_area = contigmalloc(PAGE_SIZE, M_DEVBUF, 0, 0, -1UL, PAGE_SIZE, 0);
        if(hsave_area == NULL)
                return;

        vmcb = (struct vmcb *)contigmalloc(PAGE_SIZE, M_DEVBUF, M_ZERO, 0, -1UL, PAGE_SIZE, 0);
        if(vmcb == NULL)
                goto errout0;

        iopm = contigmalloc(IOPM_SIZE, M_DEVBUF, 0, 0, -1UL, PAGE_SIZE, 0);
        if(iopm == NULL)
                goto errout1;

        msrpm = contigmalloc(MSRPM_SIZE, M_DEVBUF, 0, 0, -1UL, PAGE_SIZE, 0);
        if(msrpm == NULL)
                goto errout2;

        /* Initialize iopm and msrpm */
        fkvm_iopm_init(iopm);
        fkvm_msrpm_init(msrpm);

        /* Initialize VMCB */
        fkvm_vmcb_init(vmcb);

        /* Enable SVM in EFER */
        efer = rdmsr(MSR_EFER);
        printf("EFER = %" PRIx64 "\n", efer);
        wrmsr(MSR_EFER, efer | EFER_SVME);
        efer = rdmsr(MSR_EFER);
        printf("new EFER = %" PRIx64 "\n", efer);

        /* Write Host save address in MSR_VM_HSAVE_PA */
        wrmsr(MSR_VM_HSAVE_PA, vtophys(hsave_area));

        return;

errout2:
        contigfree(iopm, IOPM_SIZE, M_DEVBUF);
        iopm = NULL;
errout1:
        contigfree(vmcb, PAGE_SIZE, M_DEVBUF);
        vmcb = NULL;
errout0:
        contigfree(hsave_area, PAGE_SIZE, M_DEVBUF);
        hsave_area = NULL;
}
SYSINIT(fkvm, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, fkvm_load, NULL);

static void
fkvm_unload(void *unused)
{
        printf("fkvm_unload\n");
        /* TODO */

        if(msrpm != NULL)
                contigfree(msrpm, MSRPM_SIZE, M_DEVBUF);

        if(iopm != NULL)
                contigfree(iopm, IOPM_SIZE, M_DEVBUF);

        if(vmcb != NULL)
                contigfree(vmcb, PAGE_SIZE, M_DEVBUF);

        if(hsave_area != NULL)
                contigfree(hsave_area, PAGE_SIZE, M_DEVBUF);
}
SYSUNINIT(fkvm, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, fkvm_unload, NULL);