///////////////////////////////////////////////////////////////////////// // $Id$ ///////////////////////////////////////////////////////////////////////// // // Copyright (c) 2011-2018 Stanislav Shwartsman // Written by Stanislav Shwartsman [sshwarts at sourceforge net] // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 2 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA // ///////////////////////////////////////////////////////////////////////// #define NEED_CPU_REG_SHORTCUTS 1 #include "bochs.h" #include "cpu.h" #define LOG_THIS BX_CPU_THIS_PTR #if BX_SUPPORT_SVM #include "decoder/ia_opcodes.h" extern const char *segname[]; // When loading segment bases from the VMCB or the host save area // (on VMRUN or #VMEXIT), segment bases are canonicalized (i.e. // sign-extended from the highest implemented address bit to bit 63) BX_CPP_INLINE Bit64u CanonicalizeAddress(Bit64u laddr) { if (laddr & BX_CONST64(0x0000800000000000)) { return laddr | BX_CONST64(0xffff000000000000); } else { return laddr & BX_CONST64(0x0000ffffffffffff); } } BX_CPP_INLINE Bit8u BX_CPU_C::vmcb_read8(unsigned offset) { Bit8u val_8; bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit8u *hostAddr = (Bit8u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); val_8 = *hostAddr; } else { access_read_physical(pAddr, 1, (Bit8u*)(&val_8)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 1, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_READ, BX_VMCS_ACCESS, (Bit8u*)(&val_8)); return val_8; } BX_CPP_INLINE Bit16u BX_CPU_C::vmcb_read16(unsigned offset) { Bit16u val_16; bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit16u *hostAddr = (Bit16u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); val_16 = ReadHostWordFromLittleEndian(hostAddr); } else { access_read_physical(pAddr, 2, (Bit8u*)(&val_16)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 2, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_READ, BX_VMCS_ACCESS, (Bit8u*)(&val_16)); return val_16; } BX_CPP_INLINE Bit32u BX_CPU_C::vmcb_read32(unsigned offset) { Bit32u val_32; bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit32u *hostAddr = (Bit32u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); val_32 = ReadHostDWordFromLittleEndian(hostAddr); } else { access_read_physical(pAddr, 4, (Bit8u*)(&val_32)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 4, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_READ, BX_VMCS_ACCESS, (Bit8u*)(&val_32)); return val_32; } BX_CPP_INLINE Bit64u BX_CPU_C::vmcb_read64(unsigned offset) { Bit64u val_64; bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit64u *hostAddr = (Bit64u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); val_64 = ReadHostQWordFromLittleEndian(hostAddr); } else { access_read_physical(pAddr, 8, (Bit8u*)(&val_64)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 8, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_READ, BX_VMCS_ACCESS, (Bit8u*)(&val_64)); return val_64; } BX_CPP_INLINE void BX_CPU_C::vmcb_write8(unsigned offset, Bit8u val_8) { bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit8u *hostAddr = (Bit8u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); pageWriteStampTable.decWriteStamp(pAddr, 1); *hostAddr = val_8; } else { access_write_physical(pAddr, 1, (Bit8u*)(&val_8)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 1, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_WRITE, BX_VMCS_ACCESS, (Bit8u*)(&val_8)); } BX_CPP_INLINE void BX_CPU_C::vmcb_write16(unsigned offset, Bit16u val_16) { bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit16u *hostAddr = (Bit16u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); pageWriteStampTable.decWriteStamp(pAddr, 2); WriteHostWordToLittleEndian(hostAddr, val_16); } else { access_write_physical(pAddr, 2, (Bit8u*)(&val_16)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 2, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_WRITE, BX_VMCS_ACCESS, (Bit8u*)(&val_16)); } BX_CPP_INLINE void BX_CPU_C::vmcb_write32(unsigned offset, Bit32u val_32) { bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit32u *hostAddr = (Bit32u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); pageWriteStampTable.decWriteStamp(pAddr, 4); WriteHostDWordToLittleEndian(hostAddr, val_32); } else { access_write_physical(pAddr, 4, (Bit8u*)(&val_32)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 4, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_WRITE, BX_VMCS_ACCESS, (Bit8u*)(&val_32)); } BX_CPP_INLINE void BX_CPU_C::vmcb_write64(unsigned offset, Bit64u val_64) { bx_phy_address pAddr = BX_CPU_THIS_PTR vmcbptr + offset; if (BX_CPU_THIS_PTR vmcbhostptr) { Bit64u *hostAddr = (Bit64u*) (BX_CPU_THIS_PTR vmcbhostptr | offset); pageWriteStampTable.decWriteStamp(pAddr, 8); WriteHostQWordToLittleEndian(hostAddr, val_64); } else { access_write_physical(pAddr, 8, (Bit8u*)(&val_64)); } BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 8, MEMTYPE(BX_CPU_THIS_PTR vmcb_memtype), BX_WRITE, BX_VMCS_ACCESS, (Bit8u*)(&val_64)); } BX_CPP_INLINE void BX_CPU_C::svm_segment_read(bx_segment_reg_t *seg, unsigned offset) { Bit16u selector = vmcb_read16(offset); Bit16u attr = vmcb_read16(offset + 2); Bit32u limit = vmcb_read32(offset + 4); bx_address base = CanonicalizeAddress(vmcb_read64(offset + 8)); bx_bool valid = (attr >> 7) & 1; set_segment_ar_data(seg, valid, selector, base, limit, (attr & 0xff) | ((attr & 0xf00) << 4)); } BX_CPP_INLINE void BX_CPU_C::svm_segment_write(bx_segment_reg_t *seg, unsigned offset) { Bit32u selector = seg->selector.value; bx_address base = seg->cache.u.segment.base; Bit32u limit = seg->cache.u.segment.limit_scaled; Bit32u attr = (seg->cache.valid) ? (get_descriptor_h(&seg->cache) & 0x00f0ff00) : 0; vmcb_write16(offset, selector); vmcb_write16(offset + 2, ((attr >> 8) & 0xff) | ((attr >> 12) & 0xf00)); vmcb_write32(offset + 4, limit); vmcb_write64(offset + 8, base); } void BX_CPU_C::SvmEnterSaveHostState(SVM_HOST_STATE *host) { for (int n=0;n < 4; n++) host->sregs[n] = BX_CPU_THIS_PTR sregs[n]; host->gdtr = BX_CPU_THIS_PTR gdtr; host->idtr = BX_CPU_THIS_PTR idtr; host->efer = BX_CPU_THIS_PTR efer; host->cr0 = BX_CPU_THIS_PTR cr0; host->cr3 = BX_CPU_THIS_PTR cr3; host->cr4 = BX_CPU_THIS_PTR cr4; host->eflags = read_eflags(); host->rip = RIP; host->rsp = RSP; host->rax = RAX; } void BX_CPU_C::SvmExitLoadHostState(SVM_HOST_STATE *host) { BX_CPU_THIS_PTR tsc_offset = 0; for (unsigned n=0;n < 4; n++) { BX_CPU_THIS_PTR sregs[n] = host->sregs[n]; // we don't save selector details so parse selector again after loading parse_selector(BX_CPU_THIS_PTR sregs[n].selector.value, &BX_CPU_THIS_PTR sregs[n].selector); } BX_CPU_THIS_PTR gdtr = host->gdtr; BX_CPU_THIS_PTR idtr = host->idtr; BX_CPU_THIS_PTR efer = host->efer; BX_CPU_THIS_PTR cr0.set32(host->cr0.get32() | BX_CR0_PE_MASK); // always set the CR0.PE BX_CPU_THIS_PTR cr3 = host->cr3; BX_CPU_THIS_PTR cr4 = host->cr4; if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE() && !long_mode()) { if (! CheckPDPTR(BX_CPU_THIS_PTR cr3)) { BX_ERROR(("SvmExitLoadHostState(): PDPTR check failed !")); shutdown(); } } BX_CPU_THIS_PTR dr7.set32(0x00000400); setEFlags(host->eflags & ~EFlagsVMMask); // ignore saved copy of EFLAGS.VM RIP = BX_CPU_THIS_PTR prev_rip = host->rip; RSP = host->rsp; RAX = host->rax; CPL = 0; handleCpuContextChange(); #if BX_SUPPORT_MONITOR_MWAIT BX_CPU_THIS_PTR monitor.reset_monitor(); #endif BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_CONTEXT_SWITCH, 0); } void BX_CPU_C::SvmExitSaveGuestState(void) { for (unsigned n=0;n < 4; n++) { svm_segment_write(&BX_CPU_THIS_PTR sregs[n], SVM_GUEST_ES_SELECTOR + n * 0x10); } vmcb_write64(SVM_GUEST_GDTR_BASE, BX_CPU_THIS_PTR gdtr.base); vmcb_write16(SVM_GUEST_GDTR_LIMIT, BX_CPU_THIS_PTR gdtr.limit); vmcb_write64(SVM_GUEST_IDTR_BASE, BX_CPU_THIS_PTR idtr.base); vmcb_write16(SVM_GUEST_IDTR_LIMIT, BX_CPU_THIS_PTR idtr.limit); vmcb_write64(SVM_GUEST_EFER_MSR, BX_CPU_THIS_PTR efer.get32()); vmcb_write64(SVM_GUEST_CR0, BX_CPU_THIS_PTR cr0.get32()); vmcb_write64(SVM_GUEST_CR2, BX_CPU_THIS_PTR cr2); vmcb_write64(SVM_GUEST_CR3, BX_CPU_THIS_PTR cr3); vmcb_write64(SVM_GUEST_CR4, BX_CPU_THIS_PTR cr4.get32()); vmcb_write64(SVM_GUEST_DR6, BX_CPU_THIS_PTR dr6.get32()); vmcb_write64(SVM_GUEST_DR7, BX_CPU_THIS_PTR dr7.get32()); vmcb_write64(SVM_GUEST_RFLAGS, read_eflags()); vmcb_write64(SVM_GUEST_RAX, RAX); vmcb_write64(SVM_GUEST_RSP, RSP); vmcb_write64(SVM_GUEST_RIP, RIP); vmcb_write8(SVM_GUEST_CPL, CPL); vmcb_write8(SVM_CONTROL_INTERRUPT_SHADOW, interrupts_inhibited(BX_INHIBIT_INTERRUPTS)); SVM_CONTROLS *ctrls = &BX_CPU_THIS_PTR vmcb.ctrls; vmcb_write8(SVM_CONTROL_VTPR, ctrls->v_tpr); vmcb_write8(SVM_CONTROL_VIRQ, is_pending(BX_EVENT_SVM_VIRQ_PENDING)); clear_event(BX_EVENT_SVM_VIRQ_PENDING); } extern bx_bool isValidMSR_PAT(Bit64u pat_msr); bx_bool BX_CPU_C::SvmEnterLoadCheckControls(SVM_CONTROLS *ctrls) { ctrls->cr_rd_ctrl = vmcb_read16(SVM_CONTROL16_INTERCEPT_CR_READ); ctrls->cr_wr_ctrl = vmcb_read16(SVM_CONTROL16_INTERCEPT_CR_WRITE); ctrls->dr_rd_ctrl = vmcb_read16(SVM_CONTROL16_INTERCEPT_DR_READ); ctrls->dr_wr_ctrl = vmcb_read16(SVM_CONTROL16_INTERCEPT_DR_WRITE); ctrls->intercept_vector[0] = vmcb_read32(SVM_CONTROL32_INTERCEPT1); ctrls->intercept_vector[1] = vmcb_read32(SVM_CONTROL32_INTERCEPT2); if (! SVM_INTERCEPT(SVM_INTERCEPT1_VMRUN)) { BX_ERROR(("VMRUN: VMRUN intercept bit is not set!")); return 0; } ctrls->exceptions_intercept = vmcb_read32(SVM_CONTROL32_INTERCEPT_EXCEPTIONS); // force 4K page alignment ctrls->iopm_base = PPFOf(vmcb_read64(SVM_CONTROL64_IOPM_BASE_PHY_ADDR)); if (! IsValidPhyAddr(ctrls->iopm_base)) { BX_ERROR(("VMRUN: invalid IOPM Base Address !")); return 0; } // force 4K page alignment ctrls->msrpm_base = PPFOf(vmcb_read64(SVM_CONTROL64_MSRPM_BASE_PHY_ADDR)); if (! IsValidPhyAddr(ctrls->msrpm_base)) { BX_ERROR(("VMRUN: invalid MSRPM Base Address !")); return 0; } Bit32u guest_asid = vmcb_read32(SVM_CONTROL32_GUEST_ASID); if (guest_asid == 0) { BX_ERROR(("VMRUN: attempt to run guest with host ASID !")); return 0; } ctrls->v_tpr = vmcb_read8(SVM_CONTROL_VTPR); ctrls->v_intr_masking = vmcb_read8(SVM_CONTROL_VINTR_MASKING) & 0x1; ctrls->v_intr_vector = vmcb_read8(SVM_CONTROL_VINTR_VECTOR); Bit8u vintr_control = vmcb_read8(SVM_CONTROL_VINTR_PRIO_IGN_TPR); ctrls->v_intr_prio = vintr_control & 0xf; ctrls->v_ignore_tpr = (vintr_control >> 4) & 0x1; if (BX_SUPPORT_SVM_EXTENSION(BX_CPUID_SVM_PAUSE_FILTER)) ctrls->pause_filter_count = vmcb_read16(SVM_CONTROL16_PAUSE_FILTER_COUNT); else ctrls->pause_filter_count = 0; ctrls->nested_paging = vmcb_read8(SVM_CONTROL_NESTED_PAGING_ENABLE); if (! BX_SUPPORT_SVM_EXTENSION(BX_CPUID_SVM_NESTED_PAGING)) { if (ctrls->nested_paging) { BX_ERROR(("VMRUN: Nesting paging is not supported in this SVM configuration !")); ctrls->nested_paging = 0; } } if (ctrls->nested_paging) { if (! BX_CPU_THIS_PTR cr0.get_PG()) { BX_ERROR(("VMRUN: attempt to enter nested paging mode when host paging is disabled !")); return 0; } Bit64u guest_pat = vmcb_read32(SVM_GUEST_PAT); if (! isValidMSR_PAT(guest_pat)) { BX_ERROR(("VMRUN: invalid memory type in guest PAT_MSR !")); return 0; } ctrls->ncr3 = vmcb_read64(SVM_CONTROL64_NESTED_PAGING_HOST_CR3); if (long_mode()) { if (! IsValidPhyAddr(ctrls->ncr3)) { BX_ERROR(("VMRUN(): NCR3 reserved bits set !")); return 0; } } BX_DEBUG(("VMRUN: Starting Nested Paging Mode !")); } return 1; } bx_bool BX_CPU_C::SvmEnterLoadCheckGuestState(void) { SVM_GUEST_STATE guest; Bit32u tmp; unsigned n; bx_bool paged_real_mode = 0; guest.eflags = vmcb_read32(SVM_GUEST_RFLAGS); guest.rip = vmcb_read64(SVM_GUEST_RIP); guest.rsp = vmcb_read64(SVM_GUEST_RSP); guest.rax = vmcb_read64(SVM_GUEST_RAX); guest.efer.val32 = vmcb_read32(SVM_GUEST_EFER_MSR); tmp = vmcb_read32(SVM_GUEST_EFER_MSR_HI); if (tmp) { BX_ERROR(("VMRUN: Guest EFER[63:32] is not zero")); return 0; } if (guest.efer.val32 & ~BX_CPU_THIS_PTR efer_suppmask) { BX_ERROR(("VMRUN: Guest EFER reserved bits set")); return 0; } if (! guest.efer.get_SVME()) { BX_ERROR(("VMRUN: Guest EFER.SVME = 0")); return 0; } guest.cr0.val32 = vmcb_read32(SVM_GUEST_CR0); tmp = vmcb_read32(SVM_GUEST_CR0_HI); if (tmp) { BX_ERROR(("VMRUN: Guest CR0[63:32] is not zero")); return 0; } // always assign EFER.LMA := EFER.LME & CR0.PG guest.efer.set_LMA(guest.cr0.get_PG() && guest.efer.get_LME()); guest.cr2 = vmcb_read64(SVM_GUEST_CR2); guest.cr3 = vmcb_read64(SVM_GUEST_CR3); guest.cr4.val32 = vmcb_read32(SVM_GUEST_CR4); tmp = vmcb_read32(SVM_GUEST_CR4_HI); if (tmp) { BX_ERROR(("VMRUN: Guest CR4[63:32] is not zero")); return 0; } if (guest.cr4.val32 & ~BX_CPU_THIS_PTR cr4_suppmask) { BX_ERROR(("VMRUN: Guest CR4 reserved bits set")); return 0; } guest.dr6 = vmcb_read32(SVM_GUEST_DR6); tmp = vmcb_read32(SVM_GUEST_DR6_HI); if (tmp) { BX_ERROR(("VMRUN: Guest DR6[63:32] is not zero")); return 0; } guest.dr7 = vmcb_read32(SVM_GUEST_DR7); tmp = vmcb_read32(SVM_GUEST_DR7_HI); if (tmp) { BX_ERROR(("VMRUN: Guest DR7[63:32] is not zero")); return 0; } for (n=0;n < 4; n++) { svm_segment_read(&guest.sregs[n], SVM_GUEST_ES_SELECTOR + n * 0x10); } if (guest.sregs[BX_SEG_REG_CS].cache.u.segment.d_b && guest.sregs[BX_SEG_REG_CS].cache.u.segment.l) { BX_ERROR(("VMRUN: VMCB CS.D_B/L mismatch")); return 0; } if (! guest.cr0.get_PE() || (guest.eflags & EFlagsVMMask) != 0) { // real or vm8086 mode: make all segments valid for (n=0;n < 4; n++) { guest.sregs[n].cache.valid = SegValidCache; } if (! guest.cr0.get_PE() && guest.cr0.get_PG()) { // special case : entering paged real mode BX_DEBUG(("VMRUN: entering paged real mode")); paged_real_mode = 1; guest.cr0.val32 &= ~BX_CR0_PG_MASK; } } guest.cpl = vmcb_read8(SVM_GUEST_CPL); // // FIXME: patch segment attributes // // CS: only D, L, and R are observed // DS/ES/FS/GS: only D, P, DPL, E, W, and Code/Data are observed // SS: only B, P, E, W, and Code/Data are observed guest.sregs[BX_SEG_REG_SS].cache.dpl = guest.cpl; guest.gdtr.base = CanonicalizeAddress(vmcb_read64(SVM_GUEST_GDTR_BASE)); guest.gdtr.limit = vmcb_read16(SVM_GUEST_GDTR_LIMIT); guest.idtr.base = CanonicalizeAddress(vmcb_read64(SVM_GUEST_IDTR_BASE)); guest.idtr.limit = vmcb_read16(SVM_GUEST_IDTR_LIMIT); guest.inhibit_interrupts = vmcb_read8(SVM_CONTROL_INTERRUPT_SHADOW) & 0x1; // // Load guest state // BX_CPU_THIS_PTR tsc_offset = vmcb_read64(SVM_CONTROL64_TSC_OFFSET); BX_CPU_THIS_PTR efer.set32(guest.efer.get32()); if (! check_CR0(guest.cr0.get32())) { BX_ERROR(("SVM: VMRUN CR0 is broken !")); return 0; } if (! check_CR4(guest.cr4.get32())) { BX_ERROR(("SVM: VMRUN CR4 is broken !")); return 0; } BX_CPU_THIS_PTR cr0.set32(guest.cr0.get32()); BX_CPU_THIS_PTR cr4.set32(guest.cr4.get32()); BX_CPU_THIS_PTR cr3 = guest.cr3; if (paged_real_mode) BX_CPU_THIS_PTR cr0.val32 |= BX_CR0_PG_MASK; SVM_CONTROLS *ctrls = &BX_CPU_THIS_PTR vmcb.ctrls; if (! ctrls->nested_paging) { if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE() && !long_mode()) { if (! CheckPDPTR(BX_CPU_THIS_PTR cr3)) { BX_ERROR(("SVM: VMRUN PDPTR check failed !")); return 0; } } } BX_CPU_THIS_PTR dr6.set32(guest.dr6); BX_CPU_THIS_PTR dr7.set32(guest.dr7 | 0x400); for (n=0;n < 4; n++) { BX_CPU_THIS_PTR sregs[n] = guest.sregs[n]; } BX_CPU_THIS_PTR gdtr = guest.gdtr; BX_CPU_THIS_PTR idtr = guest.idtr; RIP = BX_CPU_THIS_PTR prev_rip = guest.rip; RSP = guest.rsp; RAX = guest.rax; CPL = guest.cpl; if (guest.inhibit_interrupts) { inhibit_interrupts(BX_INHIBIT_INTERRUPTS); } BX_CPU_THIS_PTR async_event = 0; setEFlags((Bit32u) guest.eflags); // injecting virtual interrupt Bit8u v_irq = vmcb_read8(SVM_CONTROL_VIRQ) & 0x1; if (v_irq) signal_event(BX_EVENT_SVM_VIRQ_PENDING); handleCpuContextChange(); #if BX_SUPPORT_MONITOR_MWAIT BX_CPU_THIS_PTR monitor.reset_monitor(); #endif BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_CONTEXT_SWITCH, 0); return 1; } void BX_CPU_C::Svm_Vmexit(int reason, Bit64u exitinfo1, Bit64u exitinfo2) { BX_DEBUG(("SVM VMEXIT reason=%d exitinfo1=%08x%08x exitinfo2=%08x%08x", reason, GET32H(exitinfo1), GET32L(exitinfo1), GET32H(exitinfo2), GET32L(exitinfo2))); if (! BX_CPU_THIS_PTR in_svm_guest) { if (reason != SVM_VMEXIT_INVALID) BX_PANIC(("PANIC: VMEXIT %d not in SVM guest mode !", reason)); } if (BX_SUPPORT_SVM_EXTENSION(BX_CPUID_SVM_NRIP_SAVE)) vmcb_write64(SVM_CONTROL64_NRIP, RIP); // VMEXITs are FAULT-like: restore RIP/RSP to value before VMEXIT occurred RIP = BX_CPU_THIS_PTR prev_rip; if (BX_CPU_THIS_PTR speculative_rsp) RSP = BX_CPU_THIS_PTR prev_rsp; BX_CPU_THIS_PTR speculative_rsp = 0; if (BX_SUPPORT_SVM_EXTENSION(BX_CPUID_SVM_DECODE_ASSIST)) { // // In the case of a Nested #PF or intercepted #PF, guest instruction bytes at // guest CS:RIP are stored into the 16-byte wide field Guest Instruction Bytes. // Up to 15 bytes are recorded, read from guest CS:RIP. The number of bytes // fetched is put into the first byte of this field. Zero indicates that no // bytes were fetched. // // This field is filled in only during data page faults. Instruction-fetch // page faults provide no additional information. All other intercepts clear // bits 0:7 in this field to zero. // if ((reason == SVM_VMEXIT_PF_EXCEPTION || reason == SVM_VMEXIT_NPF) && !(exitinfo1 & 0x10)) { // TODO } else { vmcb_write8(SVM_CONTROL64_GUEST_INSTR_BYTES, 0); } } mask_event(BX_EVENT_SVM_VIRQ_PENDING); BX_CPU_THIS_PTR in_svm_guest = 0; BX_CPU_THIS_PTR svm_gif = 0; // // STEP 0: Update exit reason // SVM_CONTROLS *ctrls = &BX_CPU_THIS_PTR vmcb.ctrls; vmcb_write64(SVM_CONTROL64_EXITCODE, (Bit64u) ((Bit64s) reason)); vmcb_write64(SVM_CONTROL64_EXITINFO1, exitinfo1); vmcb_write64(SVM_CONTROL64_EXITINFO2, exitinfo2); // clean interrupt injection field vmcb_write32(SVM_CONTROL32_EVENT_INJECTION, ctrls->eventinj & ~0x80000000); if (BX_CPU_THIS_PTR in_event) { vmcb_write32(SVM_CONTROL32_EXITINTINFO, ctrls->exitintinfo | 0x80000000); vmcb_write32(SVM_CONTROL32_EXITINTINFO_ERROR_CODE, ctrls->exitintinfo_error_code); BX_CPU_THIS_PTR in_event = 0; } else { vmcb_write32(SVM_CONTROL32_EXITINTINFO, 0); } // // Step 1: Save guest state in the VMCB // SvmExitSaveGuestState(); // // Step 2: // SvmExitLoadHostState(&BX_CPU_THIS_PTR vmcb.host_state); // // STEP 3: Go back to SVM host // BX_CPU_THIS_PTR EXT = 0; BX_CPU_THIS_PTR last_exception_type = 0; #if BX_DEBUGGER if (BX_CPU_THIS_PTR vmexit_break) { BX_CPU_THIS_PTR stop_reason = STOP_VMEXIT_BREAK_POINT; bx_debug_break(); // trap into debugger } #endif longjmp(BX_CPU_THIS_PTR jmp_buf_env, 1); // go back to main decode loop } extern struct BxExceptionInfo exceptions_info[]; bx_bool BX_CPU_C::SvmInjectEvents(void) { SVM_CONTROLS *ctrls = &BX_CPU_THIS_PTR vmcb.ctrls; ctrls->eventinj = vmcb_read32(SVM_CONTROL32_EVENT_INJECTION); if ((ctrls->eventinj & 0x80000000) == 0) return 1; /* the VMENTRY injecting event to the guest */ unsigned vector = ctrls->eventinj & 0xff; unsigned type = (ctrls->eventinj >> 8) & 7; unsigned push_error = ctrls->eventinj & (1 << 11); unsigned error_code = push_error ? vmcb_read32(SVM_CONTROL32_EVENT_INJECTION_ERRORCODE) : 0; switch(type) { case BX_NMI: mask_event(BX_EVENT_NMI); BX_CPU_THIS_PTR EXT = 1; vector = 2; break; case BX_EXTERNAL_INTERRUPT: BX_CPU_THIS_PTR EXT = 1; break; case BX_HARDWARE_EXCEPTION: if (vector == 2 || vector > 31) { BX_ERROR(("SvmInjectEvents: invalid vector %d for HW exception", vector)); return 0; } if (vector == BX_BP_EXCEPTION || vector == BX_OF_EXCEPTION) { type = BX_SOFTWARE_EXCEPTION; } BX_CPU_THIS_PTR EXT = 1; break; case BX_SOFTWARE_INTERRUPT: break; default: BX_ERROR(("SvmInjectEvents: unsupported event injection type %d !", type)); return 0; } BX_DEBUG(("SvmInjectEvents: Injecting vector 0x%02x (error_code 0x%04x)", vector, error_code)); if (type == BX_HARDWARE_EXCEPTION) { // record exception the same way as BX_CPU_C::exception does BX_ASSERT(vector < BX_CPU_HANDLED_EXCEPTIONS); BX_CPU_THIS_PTR last_exception_type = exceptions_info[vector].exception_type; } ctrls->exitintinfo = ctrls->eventinj & ~0x80000000; ctrls->exitintinfo_error_code = error_code; interrupt(vector, type, push_error, error_code); BX_CPU_THIS_PTR last_exception_type = 0; // error resolved return 1; } void BX_CPU_C::SvmInterceptException(unsigned type, unsigned vector, Bit16u errcode, bx_bool errcode_valid, Bit64u qualification) { if (! BX_CPU_THIS_PTR in_svm_guest) return; BX_ASSERT(vector < 32); SVM_CONTROLS *ctrls = &BX_CPU_THIS_PTR vmcb.ctrls; BX_ASSERT(type == BX_HARDWARE_EXCEPTION || type == BX_SOFTWARE_EXCEPTION); if (! SVM_EXCEPTION_INTERCEPTED(vector)) { // ----------------------------------------- // EXITINTINFO // ----------------------------------------- // [07:00] | Interrupt/Exception vector // [10:08] | Interrupt/Exception type // [11:11] | error code pushed to the stack // [30:12] | reserved // [31:31] | interruption info valid // // record IDT vectoring information ctrls->exitintinfo_error_code = errcode; ctrls->exitintinfo = vector | (BX_HARDWARE_EXCEPTION << 8); if (errcode_valid) BX_CPU_THIS_PTR vmcb.ctrls.exitintinfo |= (1 << 11); // error code delivered return; } BX_ERROR(("SVM VMEXIT: event vector 0x%02x type %d error code=0x%04x", vector, type, errcode)); // VMEXIT is not considered to occur during event delivery if it results // in a double fault exception that causes VMEXIT directly if (vector == BX_DF_EXCEPTION) BX_CPU_THIS_PTR in_event = 0; // clear in_event indication on #DF BX_CPU_THIS_PTR debug_trap = 0; // clear debug_trap field BX_CPU_THIS_PTR inhibit_mask = 0; Svm_Vmexit(SVM_VMEXIT_EXCEPTION + vector, (errcode_valid ? errcode : 0), qualification); } #define SVM_VMEXIT_IO_PORTIN (1 << 0) #define SVM_VMEXIT_IO_INSTR_STRING (1 << 2) #define SVM_VMEXIT_IO_INSTR_REP (1 << 3) #define SVM_VMEXIT_IO_INSTR_LEN8 (1 << 4) #define SVM_VMEXIT_IO_INSTR_LEN16 (1 << 5) #define SVM_VMEXIT_IO_INSTR_LEN32 (1 << 6) #define SVM_VMEXIT_IO_INSTR_ASIZE16 (1 << 7) #define SVM_VMEXIT_IO_INSTR_ASIZE32 (1 << 8) #define SVM_VMEXIT_IO_INSTR_ASIZE64 (1 << 9) void BX_CPU_C::SvmInterceptIO(bxInstruction_c *i, unsigned port, unsigned len) { if (! BX_CPU_THIS_PTR in_svm_guest) return; if (! SVM_INTERCEPT(SVM_INTERCEPT0_IO)) return; Bit8u bitmap[2]; bx_phy_address pAddr; // access_read_physical cannot read 2 bytes cross 4K boundary :( pAddr = BX_CPU_THIS_PTR vmcb.ctrls.iopm_base + (port / 8); access_read_physical(pAddr, 1, &bitmap[0]); BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 1, MEMTYPE(resolve_memtype(pAddr)), BX_READ, BX_IO_BITMAP_ACCESS, &bitmap[0]); pAddr++; access_read_physical(pAddr, 1, &bitmap[1]); BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 1, MEMTYPE(resolve_memtype(pAddr)), BX_READ, BX_IO_BITMAP_ACCESS, &bitmap[1]); Bit16u combined_bitmap = bitmap[1]; combined_bitmap = (combined_bitmap << 8) | bitmap[0]; unsigned mask = ((1 << len) - 1) << (port & 7); if (combined_bitmap & mask) { BX_ERROR(("SVM VMEXIT: I/O port 0x%04x", port)); Bit32u qualification = 0; switch(i->getIaOpcode()) { case BX_IA_IN_ALIb: case BX_IA_IN_AXIb: case BX_IA_IN_EAXIb: case BX_IA_IN_ALDX: case BX_IA_IN_AXDX: case BX_IA_IN_EAXDX: qualification = SVM_VMEXIT_IO_PORTIN; break; case BX_IA_OUT_IbAL: case BX_IA_OUT_IbAX: case BX_IA_OUT_IbEAX: case BX_IA_OUT_DXAL: case BX_IA_OUT_DXAX: case BX_IA_OUT_DXEAX: qualification = 0; // PORTOUT break; case BX_IA_REP_INSB_YbDX: case BX_IA_REP_INSW_YwDX: case BX_IA_REP_INSD_YdDX: qualification = SVM_VMEXIT_IO_PORTIN | SVM_VMEXIT_IO_INSTR_STRING; if (i->repUsedL()) qualification |= SVM_VMEXIT_IO_INSTR_REP; break; case BX_IA_REP_OUTSB_DXXb: case BX_IA_REP_OUTSW_DXXw: case BX_IA_REP_OUTSD_DXXd: qualification = SVM_VMEXIT_IO_INSTR_STRING; // PORTOUT if (i->repUsedL()) qualification |= SVM_VMEXIT_IO_INSTR_REP; break; default: BX_PANIC(("VMexit_IO: I/O instruction %s unknown", i->getIaOpcodeNameShort())); } qualification |= (port << 16); if (len == 1) qualification |= SVM_VMEXIT_IO_INSTR_LEN8; else if (len == 2) qualification |= SVM_VMEXIT_IO_INSTR_LEN16; else if (len == 4) qualification |= SVM_VMEXIT_IO_INSTR_LEN32; if (i->as64L()) qualification |= SVM_VMEXIT_IO_INSTR_ASIZE64; else if (i->as32L()) qualification |= SVM_VMEXIT_IO_INSTR_ASIZE32; else qualification |= SVM_VMEXIT_IO_INSTR_ASIZE16; Svm_Vmexit(SVM_VMEXIT_IO, qualification, RIP); } } void BX_CPU_C::SvmInterceptMSR(unsigned op, Bit32u msr) { if (! BX_CPU_THIS_PTR in_svm_guest) return; if (! SVM_INTERCEPT(SVM_INTERCEPT0_MSR)) return; BX_ASSERT(op == BX_READ || op == BX_WRITE); bx_bool vmexit = 1; int msr_map_offset = -1; if (msr <= 0x1fff) msr_map_offset = 0; else if (msr >= 0xc0000000 && msr <= 0xc0001fff) msr_map_offset = 2048; else if (msr >= 0xc0010000 && msr <= 0xc0011fff) msr_map_offset = 4096; if (msr_map_offset >= 0) { bx_phy_address msr_bitmap_addr = BX_CPU_THIS_PTR vmcb.ctrls.msrpm_base + msr_map_offset; Bit32u msr_offset = (msr & 0x1fff) * 2 + op; Bit8u msr_bitmap; bx_phy_address pAddr = msr_bitmap_addr + (msr_offset / 8); access_read_physical(pAddr, 1, (Bit8u*)(&msr_bitmap)); BX_NOTIFY_PHY_MEMORY_ACCESS(pAddr, 1, MEMTYPE(resolve_memtype(pAddr)), BX_READ, BX_MSR_BITMAP_ACCESS, &msr_bitmap); vmexit = (msr_bitmap >> (msr_offset & 7)) & 0x1; } if (vmexit) { Svm_Vmexit(SVM_VMEXIT_MSR, op); // 0 - RDMSR, 1 - WRMSR } } void BX_CPU_C::SvmInterceptTaskSwitch(Bit16u tss_selector, unsigned source, bx_bool push_error, Bit32u error_code) { BX_ASSERT(BX_CPU_THIS_PTR in_svm_guest); BX_DEBUG(("SVM VMEXIT: task switch")); // // SVM VMexit EXITINFO2: // -------------------- // EXITINFO2[31-0] - error code to push into new stack (if applicable) // EXITINFO2[36] - task switch caused by IRET // EXITINFO2[38] - task switch caused by JUMP FAR // EXITINFO2[44] - task switch has error code to push // EXITINFO2[48] - value of EFLAGS.RF that would be saved in outgoing TSS // Bit64u qualification = error_code; if (source == BX_TASK_FROM_IRET) qualification |= BX_CONST64(1) << 36; if (source == BX_TASK_FROM_JUMP) qualification |= BX_CONST64(1) << 38; if (push_error) qualification |= BX_CONST64(1) << 44; Bit32u flags = read_eflags(); if (flags & EFlagsRFMask) qualification |= BX_CONST64(1) << 48; Svm_Vmexit(SVM_VMEXIT_TASK_SWITCH, tss_selector, qualification); } void BX_CPU_C::SvmInterceptPAUSE(void) { if (BX_SUPPORT_SVM_EXTENSION(BX_CPUID_SVM_PAUSE_FILTER)) { SVM_CONTROLS *ctrls = &BX_CPU_THIS_PTR vmcb.ctrls; if (ctrls->pause_filter_count) { ctrls->pause_filter_count--; return; } } Svm_Vmexit(SVM_VMEXIT_PAUSE); } #endif void BX_CPP_AttrRegparmN(1) BX_CPU_C::VMRUN(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_VMRUN)) Svm_Vmexit(SVM_VMEXIT_VMRUN); } bx_address pAddr = RAX & i->asize_mask(); if (! IsValidPageAlignedPhyAddr(pAddr)) { BX_ERROR(("VMRUN: invalid or not page aligned VMCB physical address !")); exception(BX_GP_EXCEPTION, 0); } BX_CPU_THIS_PTR vmcbptr = pAddr; BX_CPU_THIS_PTR vmcbhostptr = BX_CPU_THIS_PTR getHostMemAddr(pAddr, BX_WRITE); #if BX_SUPPORT_MEMTYPE BX_CPU_THIS_PTR vmcb_memtype = resolve_memtype(BX_CPU_THIS_PTR vmcbptr); #endif BX_DEBUG(("VMRUN VMCB ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcbptr)); // // Step 1: Save host state to physical memory indicated in SVM_HSAVE_PHY_ADDR_MSR // SvmEnterSaveHostState(&BX_CPU_THIS_PTR vmcb.host_state); // // Step 2: Load control information from the VMCB // if (!SvmEnterLoadCheckControls(&BX_CPU_THIS_PTR vmcb.ctrls)) Svm_Vmexit(SVM_VMEXIT_INVALID); // // Step 3: Load guest state from the VMCB and enter SVM // if (!SvmEnterLoadCheckGuestState()) Svm_Vmexit(SVM_VMEXIT_INVALID); BX_CPU_THIS_PTR in_svm_guest = 1; BX_CPU_THIS_PTR svm_gif = 1; BX_CPU_THIS_PTR async_event = 1; // // Step 4: Inject events to the guest // if (!SvmInjectEvents()) Svm_Vmexit(SVM_VMEXIT_INVALID); #endif BX_NEXT_TRACE(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::VMMCALL(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (BX_CPU_THIS_PTR efer.get_SVME()) { if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_VMMCALL)) Svm_Vmexit(SVM_VMEXIT_VMMCALL); } } exception(BX_UD_EXCEPTION, 0); #endif BX_NEXT_TRACE(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::VMLOAD(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_VMLOAD)) Svm_Vmexit(SVM_VMEXIT_VMLOAD); } bx_address pAddr = RAX & i->asize_mask(); if (! IsValidPageAlignedPhyAddr(pAddr)) { BX_ERROR(("VMLOAD: invalid or not page aligned VMCB physical address !")); exception(BX_GP_EXCEPTION, 0); } BX_CPU_THIS_PTR vmcbptr = pAddr; BX_CPU_THIS_PTR vmcbhostptr = BX_CPU_THIS_PTR getHostMemAddr(pAddr, BX_WRITE); BX_DEBUG(("VMLOAD VMCB ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcbptr)); bx_segment_reg_t fs, gs, guest_tr, guest_ldtr; svm_segment_read(&fs, SVM_GUEST_FS_SELECTOR); svm_segment_read(&gs, SVM_GUEST_GS_SELECTOR); svm_segment_read(&guest_tr, SVM_GUEST_TR_SELECTOR); svm_segment_read(&guest_ldtr, SVM_GUEST_LDTR_SELECTOR); BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS] = fs; BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS] = gs; BX_CPU_THIS_PTR tr = guest_tr; BX_CPU_THIS_PTR ldtr = guest_ldtr; BX_CPU_THIS_PTR msr.kernelgsbase = CanonicalizeAddress(vmcb_read64(SVM_GUEST_KERNEL_GSBASE_MSR)); BX_CPU_THIS_PTR msr.star = vmcb_read64(SVM_GUEST_STAR_MSR); BX_CPU_THIS_PTR msr.lstar = CanonicalizeAddress(vmcb_read64(SVM_GUEST_LSTAR_MSR)); BX_CPU_THIS_PTR msr.cstar = CanonicalizeAddress(vmcb_read64(SVM_GUEST_CSTAR_MSR)); BX_CPU_THIS_PTR msr.fmask = vmcb_read64(SVM_GUEST_FMASK_MSR); BX_CPU_THIS_PTR msr.sysenter_cs_msr = vmcb_read64(SVM_GUEST_SYSENTER_CS_MSR); BX_CPU_THIS_PTR msr.sysenter_eip_msr = CanonicalizeAddress(vmcb_read64(SVM_GUEST_SYSENTER_EIP_MSR)); BX_CPU_THIS_PTR msr.sysenter_esp_msr = CanonicalizeAddress(vmcb_read64(SVM_GUEST_SYSENTER_ESP_MSR)); #endif BX_NEXT_INSTR(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::VMSAVE(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_VMSAVE)) Svm_Vmexit(SVM_VMEXIT_VMSAVE); } bx_address pAddr = RAX & i->asize_mask(); if (! IsValidPageAlignedPhyAddr(pAddr)) { BX_ERROR(("VMSAVE: invalid or not page aligned VMCB physical address !")); exception(BX_GP_EXCEPTION, 0); } BX_CPU_THIS_PTR vmcbptr = pAddr; BX_CPU_THIS_PTR vmcbhostptr = BX_CPU_THIS_PTR getHostMemAddr(pAddr, BX_WRITE); BX_DEBUG(("VMSAVE VMCB ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcbptr)); svm_segment_write(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS], SVM_GUEST_FS_SELECTOR); svm_segment_write(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS], SVM_GUEST_GS_SELECTOR); svm_segment_write(&BX_CPU_THIS_PTR tr, SVM_GUEST_TR_SELECTOR); svm_segment_write(&BX_CPU_THIS_PTR ldtr, SVM_GUEST_LDTR_SELECTOR); vmcb_write64(SVM_GUEST_KERNEL_GSBASE_MSR, BX_CPU_THIS_PTR msr.kernelgsbase); vmcb_write64(SVM_GUEST_STAR_MSR, BX_CPU_THIS_PTR msr.star); vmcb_write64(SVM_GUEST_LSTAR_MSR, BX_CPU_THIS_PTR msr.lstar); vmcb_write64(SVM_GUEST_CSTAR_MSR, BX_CPU_THIS_PTR msr.cstar); vmcb_write64(SVM_GUEST_FMASK_MSR, BX_CPU_THIS_PTR msr.fmask); vmcb_write64(SVM_GUEST_SYSENTER_CS_MSR, BX_CPU_THIS_PTR msr.sysenter_cs_msr); vmcb_write64(SVM_GUEST_SYSENTER_ESP_MSR, BX_CPU_THIS_PTR msr.sysenter_esp_msr); vmcb_write64(SVM_GUEST_SYSENTER_EIP_MSR, BX_CPU_THIS_PTR msr.sysenter_eip_msr); #endif BX_NEXT_INSTR(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::SKINIT(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_SKINIT)) Svm_Vmexit(SVM_VMEXIT_SKINIT); } BX_PANIC(("SVM: SKINIT is not implemented yet")); #endif BX_NEXT_TRACE(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::CLGI(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_CLGI)) Svm_Vmexit(SVM_VMEXIT_CLGI); } BX_CPU_THIS_PTR svm_gif = 0; #endif BX_NEXT_TRACE(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::STGI(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT1_STGI)) Svm_Vmexit(SVM_VMEXIT_STGI); } BX_CPU_THIS_PTR svm_gif = 1; BX_CPU_THIS_PTR async_event = 1; #endif BX_NEXT_TRACE(i); } void BX_CPP_AttrRegparmN(1) BX_CPU_C::INVLPGA(bxInstruction_c *i) { #if BX_SUPPORT_SVM if (! protected_mode() || ! BX_CPU_THIS_PTR efer.get_SVME()) exception(BX_UD_EXCEPTION, 0); if (CPL != 0) { BX_ERROR(("%s: with CPL!=0 cause #GP(0)", i->getIaOpcodeNameShort())); exception(BX_GP_EXCEPTION, 0); } if (BX_CPU_THIS_PTR in_svm_guest) { if (SVM_INTERCEPT(SVM_INTERCEPT0_INVLPGA)) Svm_Vmexit(SVM_VMEXIT_INVLPGA); } TLB_flush(); // FIXME: flush all entries for now #endif BX_NEXT_TRACE(i); } #if BX_SUPPORT_SVM void BX_CPU_C::register_svm_state(bx_param_c *parent) { if (! is_cpu_extension_supported(BX_ISA_SVM)) return; // register SVM state for save/restore param tree bx_list_c *svm = new bx_list_c(parent, "SVM"); BXRS_PARAM_BOOL(svm, in_svm_guest, BX_CPU_THIS_PTR in_svm_guest); BXRS_PARAM_BOOL(svm, gif, BX_CPU_THIS_PTR svm_gif); // // VMCB Control Fields // bx_list_c *vmcb_ctrls = new bx_list_c(svm, "VMCB_CTRLS"); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, cr_rd_ctrl, BX_CPU_THIS_PTR vmcb.ctrls.cr_rd_ctrl); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, cr_wr_ctrl, BX_CPU_THIS_PTR vmcb.ctrls.cr_wr_ctrl); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, dr_rd_ctrl, BX_CPU_THIS_PTR vmcb.ctrls.dr_rd_ctrl); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, dr_wr_ctrl, BX_CPU_THIS_PTR vmcb.ctrls.dr_wr_ctrl); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, exceptions_intercept, BX_CPU_THIS_PTR vmcb.ctrls.exceptions_intercept); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, intercept_vector0, BX_CPU_THIS_PTR vmcb.ctrls.intercept_vector[0]); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, intercept_vector1, BX_CPU_THIS_PTR vmcb.ctrls.intercept_vector[1]); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, iopm_base, BX_CPU_THIS_PTR vmcb.ctrls.iopm_base); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, msrpm_base, BX_CPU_THIS_PTR vmcb.ctrls.msrpm_base); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, exitintinfo, BX_CPU_THIS_PTR vmcb.ctrls.exitintinfo); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, exitintinfo_errcode, BX_CPU_THIS_PTR vmcb.ctrls.exitintinfo_error_code); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, eventinj, BX_CPU_THIS_PTR vmcb.ctrls.eventinj); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, v_tpr, BX_CPU_THIS_PTR vmcb.ctrls.v_tpr); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, v_intr_prio, BX_CPU_THIS_PTR vmcb.ctrls.v_intr_prio); BXRS_PARAM_BOOL(vmcb_ctrls, v_ignore_tpr, BX_CPU_THIS_PTR vmcb.ctrls.v_ignore_tpr); BXRS_PARAM_BOOL(vmcb_ctrls, v_intr_masking, BX_CPU_THIS_PTR vmcb.ctrls.v_intr_masking); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, v_intr_vector, BX_CPU_THIS_PTR vmcb.ctrls.v_intr_vector); BXRS_PARAM_BOOL(vmcb_ctrls, nested_paging, BX_CPU_THIS_PTR vmcb.ctrls.nested_paging); BXRS_HEX_PARAM_FIELD(vmcb_ctrls, ncr3, BX_CPU_THIS_PTR vmcb.ctrls.ncr3); // // VMCB Host State // bx_list_c *host = new bx_list_c(svm, "VMCB_HOST_STATE"); for(unsigned n=0; n<4; n++) { bx_segment_reg_t *segment = &BX_CPU_THIS_PTR vmcb.host_state.sregs[n]; bx_list_c *sreg = new bx_list_c(host, segname[n]); BXRS_HEX_PARAM_FIELD(sreg, selector, segment->selector.value); BXRS_HEX_PARAM_FIELD(sreg, valid, segment->cache.valid); BXRS_PARAM_BOOL(sreg, p, segment->cache.p); BXRS_HEX_PARAM_FIELD(sreg, dpl, segment->cache.dpl); BXRS_PARAM_BOOL(sreg, segment, segment->cache.segment); BXRS_HEX_PARAM_FIELD(sreg, type, segment->cache.type); BXRS_HEX_PARAM_FIELD(sreg, base, segment->cache.u.segment.base); BXRS_HEX_PARAM_FIELD(sreg, limit_scaled, segment->cache.u.segment.limit_scaled); BXRS_PARAM_BOOL(sreg, granularity, segment->cache.u.segment.g); BXRS_PARAM_BOOL(sreg, d_b, segment->cache.u.segment.d_b); #if BX_SUPPORT_X86_64 BXRS_PARAM_BOOL(sreg, l, segment->cache.u.segment.l); #endif BXRS_PARAM_BOOL(sreg, avl, segment->cache.u.segment.avl); } bx_list_c *GDTR = new bx_list_c(host, "GDTR"); BXRS_HEX_PARAM_FIELD(GDTR, base, BX_CPU_THIS_PTR vmcb.host_state.gdtr.base); BXRS_HEX_PARAM_FIELD(GDTR, limit, BX_CPU_THIS_PTR vmcb.host_state.gdtr.limit); bx_list_c *IDTR = new bx_list_c(host, "IDTR"); BXRS_HEX_PARAM_FIELD(IDTR, base, BX_CPU_THIS_PTR vmcb.host_state.idtr.base); BXRS_HEX_PARAM_FIELD(IDTR, limit, BX_CPU_THIS_PTR vmcb.host_state.idtr.limit); BXRS_HEX_PARAM_FIELD(host, efer, BX_CPU_THIS_PTR vmcb.host_state.efer.val32); BXRS_HEX_PARAM_FIELD(host, cr0, BX_CPU_THIS_PTR vmcb.host_state.cr0.val32); BXRS_HEX_PARAM_FIELD(host, cr3, BX_CPU_THIS_PTR vmcb.host_state.cr3); BXRS_HEX_PARAM_FIELD(host, cr4, BX_CPU_THIS_PTR vmcb.host_state.cr4.val32); BXRS_HEX_PARAM_FIELD(host, eflags, BX_CPU_THIS_PTR vmcb.host_state.eflags); BXRS_HEX_PARAM_FIELD(host, rip, BX_CPU_THIS_PTR vmcb.host_state.rip); BXRS_HEX_PARAM_FIELD(host, rsp, BX_CPU_THIS_PTR vmcb.host_state.rsp); BXRS_HEX_PARAM_FIELD(host, rax, BX_CPU_THIS_PTR vmcb.host_state.rax); } #endif