3291 lines
114 KiB
C++
3291 lines
114 KiB
C++
/////////////////////////////////////////////////////////////////////////
|
||
// $Id$
|
||
/////////////////////////////////////////////////////////////////////////
|
||
//
|
||
// Copyright (c) 2009-2011 Stanislav Shwartsman
|
||
// Written by Stanislav Shwartsman [sshwarts at sourceforge net]
|
||
//
|
||
// This library is free software; you can redistribute it and/or
|
||
// modify it under the terms of the GNU Lesser General Public
|
||
// License as published by the Free Software Foundation; either
|
||
// version 2 of the License, or (at your option) any later version.
|
||
//
|
||
// This library is distributed in the hope that it will be useful,
|
||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
// Lesser General Public License for more details.
|
||
//
|
||
// You should have received a copy of the GNU Lesser General Public
|
||
// License along with this library; if not, write to the Free Software
|
||
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA
|
||
//
|
||
/////////////////////////////////////////////////////////////////////////
|
||
|
||
#define NEED_CPU_REG_SHORTCUTS 1
|
||
#include "bochs.h"
|
||
#include "cpu.h"
|
||
#define LOG_THIS BX_CPU_THIS_PTR
|
||
|
||
#include "iodev/iodev.h"
|
||
|
||
#if BX_SUPPORT_VMX
|
||
|
||
#define VMCSPTR_VALID() (BX_CPU_THIS_PTR vmcsptr != BX_INVALID_VMCSPTR)
|
||
|
||
extern unsigned vmcs_field_offset(Bit32u encoding);
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
extern bx_bool isValidMSR_PAT(Bit64u pat_msr);
|
||
#endif
|
||
|
||
////////////////////////////////////////////////////////////
|
||
// VMCS access
|
||
////////////////////////////////////////////////////////////
|
||
|
||
void BX_CPU_C::set_VMCSPTR(Bit64u vmxptr)
|
||
{
|
||
BX_CPU_THIS_PTR vmcsptr = vmxptr;
|
||
|
||
if (vmxptr != BX_INVALID_VMCSPTR)
|
||
BX_CPU_THIS_PTR vmcshostptr = BX_CPU_THIS_PTR getHostMemAddr(vmxptr, BX_WRITE);
|
||
else
|
||
BX_CPU_THIS_PTR vmcshostptr = 0;
|
||
}
|
||
|
||
Bit16u BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread16(unsigned encoding)
|
||
{
|
||
Bit16u field;
|
||
|
||
unsigned offset = vmcs_field_offset(encoding);
|
||
if(offset >= VMX_VMCS_AREA_SIZE)
|
||
BX_PANIC(("VMread16: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
|
||
|
||
BX_ASSERT(VMCS_FIELD_WIDTH(encoding) == VMCS_FIELD_WIDTH_16BIT);
|
||
|
||
if (BX_CPU_THIS_PTR vmcshostptr) {
|
||
Bit16u *hostAddr = (Bit16u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
|
||
ReadHostWordFromLittleEndian(hostAddr, field);
|
||
}
|
||
else {
|
||
access_read_physical(pAddr, 2, (Bit8u*)(&field));
|
||
}
|
||
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 2, BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&field));
|
||
|
||
return field;
|
||
}
|
||
|
||
// write 16-bit value into VMCS 16-bit field
|
||
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite16(unsigned encoding, Bit16u val_16)
|
||
{
|
||
unsigned offset = vmcs_field_offset(encoding);
|
||
if(offset >= VMX_VMCS_AREA_SIZE)
|
||
BX_PANIC(("VMwrite16: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
|
||
|
||
BX_ASSERT(VMCS_FIELD_WIDTH(encoding) == VMCS_FIELD_WIDTH_16BIT);
|
||
|
||
if (BX_CPU_THIS_PTR vmcshostptr) {
|
||
Bit16u *hostAddr = (Bit16u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
|
||
pageWriteStampTable.decWriteStamp(pAddr, 2);
|
||
WriteHostWordToLittleEndian(hostAddr, val_16);
|
||
}
|
||
else {
|
||
access_write_physical(pAddr, 2, (Bit8u*)(&val_16));
|
||
}
|
||
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 2, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&val_16));
|
||
}
|
||
|
||
Bit32u BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread32(unsigned encoding)
|
||
{
|
||
Bit32u field;
|
||
|
||
unsigned offset = vmcs_field_offset(encoding);
|
||
if(offset >= VMX_VMCS_AREA_SIZE)
|
||
BX_PANIC(("VMread32: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
|
||
|
||
if (BX_CPU_THIS_PTR vmcshostptr) {
|
||
Bit32u *hostAddr = (Bit32u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
|
||
ReadHostDWordFromLittleEndian(hostAddr, field);
|
||
}
|
||
else {
|
||
access_read_physical(pAddr, 4, (Bit8u*)(&field));
|
||
}
|
||
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&field));
|
||
|
||
return field;
|
||
}
|
||
|
||
// write 32-bit value into VMCS field
|
||
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite32(unsigned encoding, Bit32u val_32)
|
||
{
|
||
unsigned offset = vmcs_field_offset(encoding);
|
||
if(offset >= VMX_VMCS_AREA_SIZE)
|
||
BX_PANIC(("VMwrite32: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
|
||
|
||
if (BX_CPU_THIS_PTR vmcshostptr) {
|
||
Bit32u *hostAddr = (Bit32u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
|
||
pageWriteStampTable.decWriteStamp(pAddr, 4);
|
||
WriteHostDWordToLittleEndian(hostAddr, val_32);
|
||
}
|
||
else {
|
||
access_write_physical(pAddr, 4, (Bit8u*)(&val_32));
|
||
}
|
||
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&val_32));
|
||
}
|
||
|
||
Bit64u BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread64(unsigned encoding)
|
||
{
|
||
BX_ASSERT(!IS_VMCS_FIELD_HI(encoding));
|
||
|
||
Bit64u field;
|
||
|
||
unsigned offset = vmcs_field_offset(encoding);
|
||
if(offset >= VMX_VMCS_AREA_SIZE)
|
||
BX_PANIC(("VMread64: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
|
||
|
||
if (BX_CPU_THIS_PTR vmcshostptr) {
|
||
Bit64u *hostAddr = (Bit64u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
|
||
ReadHostQWordFromLittleEndian(hostAddr, field);
|
||
}
|
||
else {
|
||
access_read_physical(pAddr, 8, (Bit8u*)(&field));
|
||
}
|
||
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&field));
|
||
|
||
return field;
|
||
}
|
||
|
||
// write 64-bit value into VMCS field
|
||
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite64(unsigned encoding, Bit64u val_64)
|
||
{
|
||
BX_ASSERT(!IS_VMCS_FIELD_HI(encoding));
|
||
|
||
unsigned offset = vmcs_field_offset(encoding);
|
||
if(offset >= VMX_VMCS_AREA_SIZE)
|
||
BX_PANIC(("VMwrite64: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
|
||
|
||
if (BX_CPU_THIS_PTR vmcshostptr) {
|
||
Bit64u *hostAddr = (Bit64u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
|
||
pageWriteStampTable.decWriteStamp(pAddr, 8);
|
||
WriteHostQWordToLittleEndian(hostAddr, val_64);
|
||
}
|
||
else {
|
||
access_write_physical(pAddr, 8, (Bit8u*)(&val_64));
|
||
}
|
||
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&val_64));
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
BX_CPP_INLINE bx_address BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread_natural(unsigned encoding)
|
||
{
|
||
return VMread64(encoding);
|
||
}
|
||
|
||
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite_natural(unsigned encoding, bx_address val)
|
||
{
|
||
VMwrite64(encoding, val);
|
||
}
|
||
#else
|
||
BX_CPP_INLINE bx_address BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread_natural(unsigned encoding)
|
||
{
|
||
return VMread32(encoding);
|
||
}
|
||
|
||
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite_natural(unsigned encoding, bx_address val)
|
||
{
|
||
VMwrite32(encoding, val);
|
||
}
|
||
#endif
|
||
|
||
////////////////////////////////////////////////////////////
|
||
// VMfail/VMsucceed
|
||
////////////////////////////////////////////////////////////
|
||
|
||
BX_CPP_INLINE void BX_CPU_C::VMsucceed(void)
|
||
{
|
||
setEFlagsOSZAPC(0);
|
||
}
|
||
|
||
BX_CPP_INLINE void BX_CPU_C::VMfailInvalid(void)
|
||
{
|
||
setEFlagsOSZAPC(EFlagsCFMask);
|
||
}
|
||
|
||
BX_CPP_INLINE void BX_CPU_C::VMfail(Bit32u error_code)
|
||
{
|
||
if (VMCSPTR_VALID()) { // executed only if there is a current VMCS
|
||
setEFlagsOSZAPC(EFlagsZFMask);
|
||
VMwrite32(VMCS_32BIT_INSTRUCTION_ERROR, error_code);
|
||
}
|
||
else {
|
||
setEFlagsOSZAPC(EFlagsCFMask);
|
||
}
|
||
}
|
||
|
||
void BX_CPU_C::VMabort(VMX_vmabort_code error_code)
|
||
{
|
||
Bit32u abort = error_code;
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + VMCS_VMX_ABORT_FIELD_ADDR;
|
||
access_write_physical(pAddr, 4, &abort);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&abort));
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
// Deactivate VMX preemtion timer
|
||
BX_CPU_THIS_PTR lapic.deactivate_vmx_preemption_timer();
|
||
#endif
|
||
|
||
shutdown();
|
||
}
|
||
|
||
unsigned BX_CPU_C::VMXReadRevisionID(bx_phy_address pAddr)
|
||
{
|
||
Bit32u revision;
|
||
access_read_physical(pAddr + VMCS_REVISION_ID_FIELD_ADDR, 4, &revision);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + VMCS_REVISION_ID_FIELD_ADDR, 4,
|
||
BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&revision));
|
||
|
||
return revision;
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
bx_bool is_eptptr_valid(Bit64u eptptr)
|
||
{
|
||
// [2:0] EPT paging-structure memory type
|
||
// 0 = Uncacheable (UC)
|
||
// 6 = Write-back (WB)
|
||
Bit32u memtype = eptptr & 7;
|
||
if (memtype != BX_MEMTYPE_UC && memtype != BX_MEMTYPE_WB) return 0;
|
||
|
||
// [5:3] This value is 1 less than the EPT page-walk length
|
||
Bit32u walk_length = (eptptr >> 3) & 7;
|
||
if (walk_length != 3) return 0;
|
||
|
||
#define BX_EPTPTR_RESERVED_BITS 0xfc0 /* bits 11:6 are reserved */
|
||
if (eptptr & BX_EPTPTR_RESERVED_BITS) return 0;
|
||
|
||
if (! IsValidPhyAddr(eptptr)) return 0;
|
||
return 1;
|
||
}
|
||
#endif
|
||
|
||
////////////////////////////////////////////////////////////
|
||
// VMenter
|
||
////////////////////////////////////////////////////////////
|
||
|
||
extern struct BxExceptionInfo exceptions_info[];
|
||
|
||
#define VMENTRY_INJECTING_EVENT(vmentry_interr_info) (vmentry_interr_info & 0x80000000)
|
||
|
||
#define VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_LO \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PINBASED_CTRLS_LO : VMX_MSR_VMX_PINBASED_CTRLS_LO)
|
||
#define VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PINBASED_CTRLS_HI : VMX_MSR_VMX_PINBASED_CTRLS_HI)
|
||
|
||
#define VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_LO \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PROCBASED_CTRLS_LO : VMX_MSR_VMX_PROCBASED_CTRLS_LO)
|
||
#define VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PROCBASED_CTRLS_HI : VMX_MSR_VMX_PROCBASED_CTRLS_HI)
|
||
|
||
#define VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_LO \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMEXIT_CTRLS_LO : VMX_MSR_VMX_VMEXIT_CTRLS_LO)
|
||
#define VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_HI \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMEXIT_CTRLS_HI : VMX_MSR_VMX_VMEXIT_CTRLS_HI)
|
||
|
||
#define VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_LO \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMENTRY_CTRLS_LO : VMX_MSR_VMX_VMENTRY_CTRLS_LO)
|
||
#define VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_HI \
|
||
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMENTRY_CTRLS_HI : VMX_MSR_VMX_VMENTRY_CTRLS_HI)
|
||
|
||
VMX_error_code BX_CPU_C::VMenterLoadCheckVmControls(void)
|
||
{
|
||
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
|
||
|
||
//
|
||
// Load VM-execution control fields to VMCS Cache
|
||
//
|
||
|
||
vm->vmexec_ctrls1 = VMread32(VMCS_32BIT_CONTROL_PIN_BASED_EXEC_CONTROLS);
|
||
vm->vmexec_ctrls2 = VMread32(VMCS_32BIT_CONTROL_PROCESSOR_BASED_VMEXEC_CONTROLS);
|
||
if (VMEXIT(VMX_VM_EXEC_CTRL2_SECONDARY_CONTROLS))
|
||
vm->vmexec_ctrls3 = VMread32(VMCS_32BIT_CONTROL_SECONDARY_VMEXEC_CONTROLS);
|
||
else
|
||
vm->vmexec_ctrls3 = 0;
|
||
vm->vm_exceptions_bitmap = VMread32(VMCS_32BIT_CONTROL_EXECUTION_BITMAP);
|
||
vm->vm_pf_mask = VMread32(VMCS_32BIT_CONTROL_PAGE_FAULT_ERR_CODE_MASK);
|
||
vm->vm_pf_match = VMread32(VMCS_32BIT_CONTROL_PAGE_FAULT_ERR_CODE_MATCH);
|
||
vm->vm_cr0_mask = VMread_natural(VMCS_CONTROL_CR0_GUEST_HOST_MASK);
|
||
vm->vm_cr4_mask = VMread_natural(VMCS_CONTROL_CR4_GUEST_HOST_MASK);
|
||
vm->vm_cr0_read_shadow = VMread_natural(VMCS_CONTROL_CR0_READ_SHADOW);
|
||
vm->vm_cr4_read_shadow = VMread_natural(VMCS_CONTROL_CR4_READ_SHADOW);
|
||
|
||
vm->vm_cr3_target_cnt = VMread32(VMCS_32BIT_CONTROL_CR3_TARGET_COUNT);
|
||
for (int n=0; n<VMX_CR3_TARGET_MAX_CNT; n++)
|
||
vm->vm_cr3_target_value[n] = VMread_natural(VMCS_CR3_TARGET0 + 2*n);
|
||
|
||
vm->executive_vmcsptr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_EXECUTIVE_VMCS_PTR);
|
||
|
||
//
|
||
// Check VM-execution control fields
|
||
//
|
||
|
||
if (~vm->vmexec_ctrls1 & VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_LO) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 0-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
if (vm->vmexec_ctrls1 & ~VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 1-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (~vm->vmexec_ctrls2 & VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_LO) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 0-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
if (vm->vmexec_ctrls2 & ~VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 1-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (~vm->vmexec_ctrls3 & VMX_MSR_VMX_PROCBASED_CTRLS2_LO) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary proc-based controls allowed 0-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
if (vm->vmexec_ctrls3 & ~VMX_MSR_VMX_PROCBASED_CTRLS2_HI) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary proc-based controls allowed 1-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (vm->vm_cr3_target_cnt > VMX_CR3_TARGET_MAX_CNT) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: too may CR3 targets %d", vm->vm_cr3_target_cnt));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_IO_BITMAPS) {
|
||
vm->io_bitmap_addr[0] = VMread64(VMCS_64BIT_CONTROL_IO_BITMAP_A);
|
||
vm->io_bitmap_addr[1] = VMread64(VMCS_64BIT_CONTROL_IO_BITMAP_B);
|
||
// I/O bitmaps control enabled
|
||
for (int bitmap=0; bitmap < 2; bitmap++) {
|
||
if (vm->io_bitmap_addr[bitmap] & 0xfff) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: I/O bitmap %c must be 4K aligned", 'A' + bitmap));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
if (! IsValidPhyAddr(vm->io_bitmap_addr[bitmap])) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: I/O bitmap %c phy addr malformed", 'A' + bitmap));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
}
|
||
|
||
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_MSR_BITMAPS) {
|
||
// MSR bitmaps control enabled
|
||
vm->msr_bitmap_addr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_MSR_BITMAPS);
|
||
if ((vm->msr_bitmap_addr & 0xfff) != 0 || ! IsValidPhyAddr(vm->msr_bitmap_addr)) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: MSR bitmap phy addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (! (vm->vmexec_ctrls1 & VMX_VM_EXEC_CTRL1_VIRTUAL_NMI)) {
|
||
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_NMI_WINDOW_VMEXIT) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: misconfigured virtual NMI control"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_TPR_SHADOW) {
|
||
vm->virtual_apic_page_addr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_VIRTUAL_APIC_PAGE_ADDR);
|
||
vm->vm_tpr_threshold = VMread32(VMCS_32BIT_CONTROL_TPR_THRESHOLD);
|
||
|
||
if ((vm->virtual_apic_page_addr & 0xfff) != 0 || ! IsValidPhyAddr(vm->virtual_apic_page_addr)) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: virtual apic phy addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (vm->vm_tpr_threshold & 0xfffffff0) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: TPR threshold too big"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_APIC_ACCESSES)) {
|
||
Bit8u tpr_shadow = (VMX_Read_VTPR() >> 4) & 0xf;
|
||
if (vm->vm_tpr_threshold > tpr_shadow) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: TPR threshold > TPR shadow"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
}
|
||
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_APIC_ACCESSES) {
|
||
vm->apic_access_page = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_APIC_ACCESS_ADDR);
|
||
if ((vm->apic_access_page & 0xfff) != 0 || ! IsValidPhyAddr(vm->apic_access_page)) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: apic access page phy addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_X2APIC_MODE) {
|
||
// 'use TPR shadow' must be set and "virtualize APIC accesses" must be clear
|
||
if (!(vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_TPR_SHADOW) ||
|
||
(vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_APIC_ACCESSES)) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: virtualize X2APIC mode misconfigured"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
|
||
vm->eptptr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_EPTPTR);
|
||
if (! is_eptptr_valid(vm->eptptr)) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: invalid EPTPTR value"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
else {
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: unrestricted guest without EPT"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VPID_ENABLE) {
|
||
vm->vpid = VMread16(VMCS_16BIT_CONTROL_VPID);
|
||
if (vm->vpid == 0) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: guest VPID == 0"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_PAUSE_LOOP_VMEXIT) {
|
||
vm->pause_loop_exiting_gap = VMread32(VMCS_32BIT_CONTROL_PAUSE_LOOP_EXITING_GAP);
|
||
vm->pause_loop_exiting_window = VMread32(VMCS_32BIT_CONTROL_PAUSE_LOOP_EXITING_WINDOW);
|
||
}
|
||
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VMFUNC_ENABLE)
|
||
vm->vmfunc_ctrls = VMread64(VMCS_64BIT_CONTROL_VMFUNC_CTRLS);
|
||
else
|
||
vm->vmfunc_ctrls = 0;
|
||
|
||
if (vm->vmfunc_ctrls & ~VMX_VMFUNC_CTRL1_SUPPORTED_BITS) {
|
||
BX_ERROR(("VMFAIL: VMCS VM Functions control reserved bits set"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (vm->vmfunc_ctrls & VMX_VMFUNC_EPTP_SWITCHING_MASK) {
|
||
|
||
if ((vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) == 0) {
|
||
BX_ERROR(("VMFAIL: VMFUNC EPTP-SWITCHING: EPT disabled"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
vm->eptp_list_address = VMread64(VMCS_64BIT_CONTROL_EPTP_LIST_ADDRESS);
|
||
if ((vm->eptp_list_address & 0xfff) != 0 || ! IsValidPhyAddr(vm->eptp_list_address)) {
|
||
BX_ERROR(("VMFAIL: VMFUNC EPTP-SWITCHING: eptp list phy addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
//
|
||
// Load VM-exit control fields to VMCS Cache
|
||
//
|
||
|
||
vm->vmexit_ctrls = VMread32(VMCS_32BIT_CONTROL_VMEXIT_CONTROLS);
|
||
vm->vmexit_msr_store_cnt = VMread32(VMCS_32BIT_CONTROL_VMEXIT_MSR_STORE_COUNT);
|
||
vm->vmexit_msr_load_cnt = VMread32(VMCS_32BIT_CONTROL_VMEXIT_MSR_LOAD_COUNT);
|
||
|
||
//
|
||
// Check VM-exit control fields
|
||
//
|
||
|
||
if (~vm->vmexit_ctrls & VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_LO) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmexit controls allowed 0-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
if (vm->vmexit_ctrls & ~VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_HI) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmexit controls allowed 1-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if ((~vm->vmexec_ctrls1 & VMX_VM_EXEC_CTRL1_VMX_PREEMPTION_TIMER_VMEXIT) && (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_VMX_PREEMPTION_TIMER)) {
|
||
BX_ERROR(("VMFAIL: save_VMX_preemption_timer VMEXIT control is set but VMX_preemption_timer VMEXEC control is clear"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
#endif
|
||
|
||
if (vm->vmexit_msr_store_cnt > 0) {
|
||
vm->vmexit_msr_store_addr = VMread64(VMCS_64BIT_CONTROL_VMEXIT_MSR_STORE_ADDR);
|
||
if ((vm->vmexit_msr_store_addr & 0xf) != 0 || ! IsValidPhyAddr(vm->vmexit_msr_store_addr)) {
|
||
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr store addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
Bit64u last_byte = vm->vmexit_msr_store_addr + (vm->vmexit_msr_store_cnt * 16) - 1;
|
||
if (! IsValidPhyAddr(last_byte)) {
|
||
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr store addr too high"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (vm->vmexit_msr_load_cnt > 0) {
|
||
vm->vmexit_msr_load_addr = VMread64(VMCS_64BIT_CONTROL_VMEXIT_MSR_LOAD_ADDR);
|
||
if ((vm->vmexit_msr_load_addr & 0xf) != 0 || ! IsValidPhyAddr(vm->vmexit_msr_load_addr)) {
|
||
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr load addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
Bit64u last_byte = (Bit64u) vm->vmexit_msr_load_addr + (vm->vmexit_msr_load_cnt * 16) - 1;
|
||
if (! IsValidPhyAddr(last_byte)) {
|
||
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr load addr too high"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
//
|
||
// Load VM-entry control fields to VMCS Cache
|
||
//
|
||
|
||
vm->vmentry_ctrls = VMread32(VMCS_32BIT_CONTROL_VMENTRY_CONTROLS);
|
||
vm->vmentry_msr_load_cnt = VMread32(VMCS_32BIT_CONTROL_VMENTRY_MSR_LOAD_COUNT);
|
||
|
||
//
|
||
// Check VM-entry control fields
|
||
//
|
||
|
||
if (~vm->vmentry_ctrls & VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_LO) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmentry controls allowed 0-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
if (vm->vmentry_ctrls & ~VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_HI) {
|
||
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmentry controls allowed 1-settings"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (vm->vmentry_ctrls & VMX_VMENTRY_CTRL1_DEACTIVATE_DUAL_MONITOR_TREATMENT) {
|
||
if (! BX_CPU_THIS_PTR in_smm) {
|
||
BX_ERROR(("VMFAIL: VMENTRY from outside SMM with dual-monitor treatment enabled"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (vm->vmentry_msr_load_cnt > 0) {
|
||
vm->vmentry_msr_load_addr = VMread64(VMCS_64BIT_CONTROL_VMENTRY_MSR_LOAD_ADDR);
|
||
if ((vm->vmentry_msr_load_addr & 0xf) != 0 || ! IsValidPhyAddr(vm->vmentry_msr_load_addr)) {
|
||
BX_ERROR(("VMFAIL: VMCS VMENTRY CTRL: msr load addr malformed"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
Bit64u last_byte = vm->vmentry_msr_load_addr + (vm->vmentry_msr_load_cnt * 16) - 1;
|
||
if (! IsValidPhyAddr(last_byte)) {
|
||
BX_ERROR(("VMFAIL: VMCS VMENTRY CTRL: msr load addr too high"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
//
|
||
// Check VM-entry event injection info
|
||
//
|
||
|
||
vm->vmentry_interr_info = VMread32(VMCS_32BIT_CONTROL_VMENTRY_INTERRUPTION_INFO);
|
||
vm->vmentry_excep_err_code = VMread32(VMCS_32BIT_CONTROL_VMENTRY_EXCEPTION_ERR_CODE);
|
||
vm->vmentry_instr_length = VMread32(VMCS_32BIT_CONTROL_VMENTRY_INSTRUCTION_LENGTH);
|
||
|
||
if (VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info)) {
|
||
|
||
/* the VMENTRY injecting event to the guest */
|
||
unsigned vector = vm->vmentry_interr_info & 0xff;
|
||
unsigned event_type = (vm->vmentry_interr_info >> 8) & 7;
|
||
unsigned push_error = (vm->vmentry_interr_info >> 11) & 1;
|
||
unsigned error_code = push_error ? vm->vmentry_excep_err_code : 0;
|
||
|
||
unsigned push_error_reference = 0;
|
||
if (event_type == BX_HARDWARE_EXCEPTION && vector < BX_CPU_HANDLED_EXCEPTIONS &&
|
||
exceptions_info[vector].push_error) push_error_reference = 1;
|
||
|
||
if (vm->vmentry_interr_info & 0x7ffff000) {
|
||
BX_ERROR(("VMFAIL: VMENTRY broken interruption info field"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
switch (event_type) {
|
||
case BX_EXTERNAL_INTERRUPT:
|
||
break;
|
||
|
||
case BX_NMI:
|
||
if (vector != 2) {
|
||
BX_ERROR(("VMFAIL: VMENTRY bad injected event vector %d", vector));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
break;
|
||
|
||
case BX_HARDWARE_EXCEPTION:
|
||
if (vector > 31) {
|
||
BX_ERROR(("VMFAIL: VMENTRY bad injected event vector %d", vector));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
break;
|
||
|
||
case BX_SOFTWARE_INTERRUPT:
|
||
case BX_PRIVILEGED_SOFTWARE_INTERRUPT:
|
||
case BX_SOFTWARE_EXCEPTION:
|
||
if (vm->vmentry_instr_length == 0 || vm->vmentry_instr_length > 15) {
|
||
BX_ERROR(("VMFAIL: VMENTRY bad injected event instr length"));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
break;
|
||
|
||
default:
|
||
BX_ERROR(("VMFAIL: VMENTRY bad injected event type %d", event_type));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
|
||
if (push_error != push_error_reference) {
|
||
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST)) {
|
||
BX_ERROR(("VMFAIL: VMENTRY injected event vector %d should push error", vector));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
if (error_code & 0x7fff0000) {
|
||
BX_ERROR(("VMFAIL: VMENTRY bad error code 0x%08x for injected event %d", error_code, vector));
|
||
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
|
||
}
|
||
}
|
||
|
||
return VMXERR_NO_ERROR;
|
||
}
|
||
|
||
VMX_error_code BX_CPU_C::VMenterLoadCheckHostState(void)
|
||
{
|
||
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
|
||
VMCS_HOST_STATE *host_state = &vm->host_state;
|
||
bx_bool x86_64_host = 0, x86_64_guest = 0;
|
||
|
||
//
|
||
// VM Host State Checks Related to Address-Space Size
|
||
//
|
||
|
||
Bit32u vmexit_ctrls = vm->vmexit_ctrls;
|
||
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_HOST_ADDR_SPACE_SIZE) {
|
||
x86_64_host = 1;
|
||
}
|
||
Bit32u vmentry_ctrls = vm->vmentry_ctrls;
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_X86_64_GUEST) {
|
||
x86_64_guest = 1;
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (long_mode()) {
|
||
if (! x86_64_host) {
|
||
BX_ERROR(("VMFAIL: VMCS x86-64 host control invalid on VMENTRY"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
if (x86_64_host || x86_64_guest) {
|
||
BX_ERROR(("VMFAIL: VMCS x86-64 guest(%d)/host(%d) controls invalid on VMENTRY", x86_64_guest, x86_64_host));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
|
||
//
|
||
// Load and Check VM Host State to VMCS Cache
|
||
//
|
||
|
||
host_state->cr0 = (bx_address) VMread_natural(VMCS_HOST_CR0);
|
||
if (~host_state->cr0 & VMX_MSR_CR0_FIXED0) {
|
||
BX_ERROR(("VMFAIL: VMCS host state invalid CR0 0x%08x", (Bit32u) host_state->cr0));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
if (host_state->cr0 & ~VMX_MSR_CR0_FIXED1) {
|
||
BX_ERROR(("VMFAIL: VMCS host state invalid CR0 0x%08x", (Bit32u) host_state->cr0));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
host_state->cr3 = (bx_address) VMread_natural(VMCS_HOST_CR3);
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsValidPhyAddr(host_state->cr3)) {
|
||
BX_ERROR(("VMFAIL: VMCS host state invalid CR3"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
#endif
|
||
|
||
host_state->cr4 = (bx_address) VMread_natural(VMCS_HOST_CR4);
|
||
if (~host_state->cr4 & VMX_MSR_CR4_FIXED0) {
|
||
BX_ERROR(("VMFAIL: VMCS host state invalid CR4 0x" FMT_ADDRX, host_state->cr4));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
if (host_state->cr4 & ~VMX_MSR_CR4_FIXED1) {
|
||
BX_ERROR(("VMFAIL: VMCS host state invalid CR4 0x" FMT_ADDRX, host_state->cr4));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
for(int n=0; n<6; n++) {
|
||
host_state->segreg_selector[n] = VMread16(VMCS_16BIT_HOST_ES_SELECTOR + 2*n);
|
||
if (host_state->segreg_selector[n] & 7) {
|
||
BX_ERROR(("VMFAIL: VMCS host segreg %d TI/RPL != 0", n));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
|
||
if (host_state->segreg_selector[BX_SEG_REG_CS] == 0) {
|
||
BX_ERROR(("VMFAIL: VMCS host CS selector 0"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
if (! x86_64_host && host_state->segreg_selector[BX_SEG_REG_SS] == 0) {
|
||
BX_ERROR(("VMFAIL: VMCS host SS selector 0"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
host_state->tr_selector = VMread16(VMCS_16BIT_HOST_TR_SELECTOR);
|
||
if (! host_state->tr_selector || (host_state->tr_selector & 7) != 0) {
|
||
BX_ERROR(("VMFAIL: VMCS invalid host TR selector"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
host_state->tr_base = (bx_address) VMread_natural(VMCS_HOST_TR_BASE);
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(host_state->tr_base)) {
|
||
BX_ERROR(("VMFAIL: VMCS host TR BASE non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
#endif
|
||
|
||
host_state->fs_base = (bx_address) VMread_natural(VMCS_HOST_FS_BASE);
|
||
host_state->gs_base = (bx_address) VMread_natural(VMCS_HOST_GS_BASE);
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(host_state->fs_base)) {
|
||
BX_ERROR(("VMFAIL: VMCS host FS BASE non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
if (! IsCanonical(host_state->gs_base)) {
|
||
BX_ERROR(("VMFAIL: VMCS host GS BASE non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
#endif
|
||
|
||
host_state->gdtr_base = (bx_address) VMread_natural(VMCS_HOST_GDTR_BASE);
|
||
host_state->idtr_base = (bx_address) VMread_natural(VMCS_HOST_IDTR_BASE);
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(host_state->gdtr_base)) {
|
||
BX_ERROR(("VMFAIL: VMCS host GDTR BASE non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
if (! IsCanonical(host_state->idtr_base)) {
|
||
BX_ERROR(("VMFAIL: VMCS host IDTR BASE non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
#endif
|
||
|
||
host_state->sysenter_esp_msr = (bx_address) VMread_natural(VMCS_HOST_IA32_SYSENTER_ESP_MSR);
|
||
host_state->sysenter_eip_msr = (bx_address) VMread_natural(VMCS_HOST_IA32_SYSENTER_EIP_MSR);
|
||
host_state->sysenter_cs_msr = (Bit16u) VMread32(VMCS_32BIT_HOST_IA32_SYSENTER_CS_MSR);
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(host_state->sysenter_esp_msr)) {
|
||
BX_ERROR(("VMFAIL: VMCS host SYSENTER_ESP_MSR non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
if (! IsCanonical(host_state->sysenter_eip_msr)) {
|
||
BX_ERROR(("VMFAIL: VMCS host SYSENTER_EIP_MSR non canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
#endif
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_PAT_MSR) {
|
||
host_state->pat_msr = VMread64(VMCS_64BIT_HOST_IA32_PAT);
|
||
if (! isValidMSR_PAT(host_state->pat_msr)) {
|
||
BX_ERROR(("VMFAIL: invalid Memory Type in host MSR_PAT"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
host_state->rsp = (bx_address) VMread_natural(VMCS_HOST_RSP);
|
||
host_state->rip = (bx_address) VMread_natural(VMCS_HOST_RIP);
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_EFER_MSR) {
|
||
host_state->efer_msr = VMread64(VMCS_64BIT_HOST_IA32_EFER);
|
||
if (host_state->efer_msr & ~((Bit64u) BX_CPU_THIS_PTR efer_suppmask)) {
|
||
BX_ERROR(("VMFAIL: VMCS host EFER reserved bits set !"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
bx_bool lme = (host_state->efer_msr >> 8) & 0x1;
|
||
bx_bool lma = (host_state->efer_msr >> 10) & 0x1;
|
||
if (lma != lme || lma != x86_64_host) {
|
||
BX_ERROR(("VMFAIL: VMCS host EFER (0x%08x) inconsistent value !", (Bit32u) host_state->efer_msr));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
if (x86_64_host) {
|
||
if ((host_state->cr4 & BX_CR4_PAE_MASK) == 0) {
|
||
BX_ERROR(("VMFAIL: VMCS host CR4.PAE=0 with x86-64 host"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
if (! IsCanonical(host_state->rip)) {
|
||
BX_ERROR(("VMFAIL: VMCS host RIP non-canonical"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
else {
|
||
if (GET32H(host_state->rip) != 0) {
|
||
BX_ERROR(("VMFAIL: VMCS host RIP > 32 bit"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
if (host_state->cr4 & BX_CR4_PCIDE_MASK) {
|
||
BX_ERROR(("VMFAIL: VMCS host CR4.PCIDE set"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
return VMXERR_NO_ERROR;
|
||
}
|
||
|
||
BX_CPP_INLINE bx_bool IsLimitAccessRightsConsistent(Bit32u limit, Bit32u ar)
|
||
{
|
||
bx_bool g = (ar >> 15) & 1;
|
||
|
||
// access rights reserved bits set
|
||
if (ar & 0xfffe0f00) return 0;
|
||
|
||
if (g) {
|
||
// if any of the bits in limit[11:00] are '0 <=> G must be '0
|
||
if ((limit & 0xfff) != 0xfff)
|
||
return 0;
|
||
}
|
||
else {
|
||
// if any of the bits in limit[31:20] are '1 <=> G must be '1
|
||
if ((limit & 0xfff00000) != 0)
|
||
return 0;
|
||
}
|
||
|
||
return 1;
|
||
}
|
||
|
||
Bit32u BX_CPU_C::VMenterLoadCheckGuestState(Bit64u *qualification)
|
||
{
|
||
static const char *segname[] = { "ES", "CS", "SS", "DS", "FS", "GS" };
|
||
int n;
|
||
|
||
VMCS_GUEST_STATE guest;
|
||
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
|
||
|
||
*qualification = VMENTER_ERR_NO_ERROR;
|
||
|
||
//
|
||
// Load and Check Guest State from VMCS
|
||
//
|
||
|
||
guest.rflags = VMread_natural(VMCS_GUEST_RFLAGS);
|
||
// RFLAGS reserved bits [63:22], bit 15, bit 5, bit 3 must be zero
|
||
if (guest.rflags & BX_CONST64(0xFFFFFFFFFFC08028)) {
|
||
BX_ERROR(("VMENTER FAIL: RFLAGS reserved bits are set"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
// RFLAGS[1] must be always set
|
||
if ((guest.rflags & 0x2) == 0) {
|
||
BX_ERROR(("VMENTER FAIL: RFLAGS[1] cleared"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
bx_bool v8086_guest = 0;
|
||
if (guest.rflags & EFlagsVMMask)
|
||
v8086_guest = 1;
|
||
|
||
bx_bool x86_64_guest = 0; // can't be 1 if X86_64 is not supported (checked before)
|
||
Bit32u vmentry_ctrls = vm->vmentry_ctrls;
|
||
#if BX_SUPPORT_X86_64
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_X86_64_GUEST) {
|
||
BX_DEBUG(("VMENTER to x86-64 guest"));
|
||
x86_64_guest = 1;
|
||
}
|
||
#endif
|
||
|
||
if (x86_64_guest && v8086_guest) {
|
||
BX_ERROR(("VMENTER FAIL: Enter to x86-64 guest with RFLAGS.VM"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
guest.cr0 = VMread_natural(VMCS_GUEST_CR0);
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST) {
|
||
if (~guest.cr0 & (VMX_MSR_CR0_FIXED0 & ~(BX_CR0_PE_MASK | BX_CR0_PG_MASK))) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR0"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
bx_bool pe = (guest.cr0 & BX_CR0_PE_MASK) != 0;
|
||
bx_bool pg = (guest.cr0 & BX_CR0_PG_MASK) != 0;
|
||
if (pg && !pe) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS unrestricted guest CR0.PG without CR0.PE"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
if (~guest.cr0 & VMX_MSR_CR0_FIXED0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR0"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
if (guest.cr0 & ~VMX_MSR_CR0_FIXED1) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR0"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
bx_bool real_mode_guest = 0;
|
||
if (! (guest.cr0 & BX_CR0_PE_MASK))
|
||
real_mode_guest = 1;
|
||
#endif
|
||
|
||
guest.cr3 = VMread_natural(VMCS_GUEST_CR3);
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsValidPhyAddr(guest.cr3)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR3"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
#endif
|
||
|
||
guest.cr4 = VMread_natural(VMCS_GUEST_CR4);
|
||
if (~guest.cr4 & VMX_MSR_CR4_FIXED0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR4"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
if (guest.cr4 & ~VMX_MSR_CR4_FIXED1) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR4"));
|
||
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (x86_64_guest) {
|
||
if ((guest.cr4 & BX_CR4_PAE_MASK) == 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest CR4.PAE=0 in x86-64 mode"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
else {
|
||
if (guest.cr4 & BX_CR4_PCIDE_MASK) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS CR4.PCIDE set in 32-bit guest"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_DBG_CTRLS) {
|
||
guest.dr7 = VMread_natural(VMCS_GUEST_DR7);
|
||
if (GET32H(guest.dr7)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest invalid DR7"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
//
|
||
// Load and Check Guest State from VMCS - Segment Registers
|
||
//
|
||
|
||
for (n=0; n<6; n++) {
|
||
Bit16u selector = VMread16(VMCS_16BIT_GUEST_ES_SELECTOR + 2*n);
|
||
bx_address base = (bx_address) VMread_natural(VMCS_GUEST_ES_BASE + 2*n);
|
||
Bit32u limit = VMread32(VMCS_32BIT_GUEST_ES_LIMIT + 2*n);
|
||
Bit32u ar = VMread32(VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS + 2*n) >> 8;
|
||
bx_bool invalid = (ar >> 16) & 1;
|
||
|
||
set_segment_ar_data(&guest.sregs[n], !invalid,
|
||
(Bit16u) selector, base, limit, (Bit16u) ar);
|
||
|
||
if (v8086_guest) {
|
||
// guest in V8086 mode
|
||
if (base != ((bx_address)(selector << 4))) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS v8086 guest bad %s.BASE", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (limit != 0xffff) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS v8086 guest %s.LIMIT != 0xFFFF", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
// present, expand-up read/write accessed, segment, DPL=3
|
||
if (ar != 0xF3) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS v8086 guest %s.AR != 0xF3", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
continue; // go to next segment register
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (n >= BX_SEG_REG_FS) {
|
||
if (! IsCanonical(base)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest %s.BASE non canonical", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
if (n != BX_SEG_REG_CS && invalid)
|
||
continue;
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (n == BX_SEG_REG_SS && (selector & BX_SELECTOR_RPL_MASK) == 0) {
|
||
// SS is allowed to be NULL selector if going to 64-bit guest
|
||
if (x86_64_guest && guest.sregs[BX_SEG_REG_CS].cache.u.segment.l)
|
||
continue;
|
||
}
|
||
|
||
if (n < BX_SEG_REG_FS) {
|
||
if (GET32H(base) != 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest %s.BASE > 32 bit", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
if (! guest.sregs[n].cache.segment) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest %s not segment", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if (! guest.sregs[n].cache.p) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest %s not present", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if (! IsLimitAccessRightsConsistent(limit, ar)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest %s.AR/LIMIT malformed", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if (n == BX_SEG_REG_CS) {
|
||
// CS checks
|
||
switch (guest.sregs[BX_SEG_REG_CS].cache.type) {
|
||
case BX_CODE_EXEC_ONLY_ACCESSED:
|
||
case BX_CODE_EXEC_READ_ACCESSED:
|
||
// non-conforming segment
|
||
if (guest.sregs[BX_SEG_REG_CS].selector.rpl != guest.sregs[BX_SEG_REG_CS].cache.dpl) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest non-conforming CS.RPL <> CS.DPL"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
break;
|
||
case BX_CODE_EXEC_ONLY_CONFORMING_ACCESSED:
|
||
case BX_CODE_EXEC_READ_CONFORMING_ACCESSED:
|
||
// conforming segment
|
||
if (guest.sregs[BX_SEG_REG_CS].selector.rpl < guest.sregs[BX_SEG_REG_CS].cache.dpl) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest non-conforming CS.RPL < CS.DPL"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
break;
|
||
#if BX_SUPPORT_VMX >= 2
|
||
case BX_DATA_READ_WRITE_ACCESSED:
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST) {
|
||
if (guest.sregs[BX_SEG_REG_CS].cache.dpl != 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS unrestricted guest CS.DPL != 0"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
break;
|
||
}
|
||
// fall through
|
||
#endif
|
||
default:
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest CS.TYPE"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (x86_64_guest) {
|
||
if (guest.sregs[BX_SEG_REG_CS].cache.u.segment.d_b && guest.sregs[BX_SEG_REG_CS].cache.u.segment.l) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS x86_64 guest wrong CS.D_B/L"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
}
|
||
else if (n == BX_SEG_REG_SS) {
|
||
// SS checks
|
||
switch (guest.sregs[BX_SEG_REG_SS].cache.type) {
|
||
case BX_DATA_READ_WRITE_ACCESSED:
|
||
case BX_DATA_READ_WRITE_EXPAND_DOWN_ACCESSED:
|
||
break;
|
||
default:
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest SS.TYPE"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
else {
|
||
// DS, ES, FS, GS
|
||
if ((guest.sregs[n].cache.type & 0x1) == 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest %s not ACCESSED", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if (guest.sregs[n].cache.type & 0x8) {
|
||
if ((guest.sregs[n].cache.type & 0x2) == 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest CODE segment %s not READABLE", segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST)) {
|
||
if (guest.sregs[n].cache.type < 11) {
|
||
// data segment or non-conforming code segment
|
||
if (guest.sregs[n].selector.rpl > guest.sregs[n].cache.dpl) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest non-conforming %s.RPL < %s.DPL", segname[n], segname[n]));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
if (! v8086_guest) {
|
||
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST)) {
|
||
if (guest.sregs[BX_SEG_REG_SS].selector.rpl != guest.sregs[BX_SEG_REG_CS].selector.rpl) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest CS.RPL != SS.RPL"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (guest.sregs[BX_SEG_REG_SS].selector.rpl != guest.sregs[BX_SEG_REG_SS].cache.dpl) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest SS.RPL <> SS.DPL"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#if BX_SUPPORT_VMX >= 2
|
||
else { // unrestricted guest
|
||
if (real_mode_guest || guest.sregs[BX_SEG_REG_CS].cache.type == BX_DATA_READ_WRITE_ACCESSED) {
|
||
if (guest.sregs[BX_SEG_REG_SS].cache.dpl != 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS unrestricted guest SS.DPL != 0"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
}
|
||
#endif
|
||
}
|
||
|
||
//
|
||
// Load and Check Guest State from VMCS - GDTR/IDTR
|
||
//
|
||
|
||
Bit64u gdtr_base = VMread_natural(VMCS_GUEST_GDTR_BASE);
|
||
Bit32u gdtr_limit = VMread32(VMCS_32BIT_GUEST_GDTR_LIMIT);
|
||
Bit64u idtr_base = VMread_natural(VMCS_GUEST_IDTR_BASE);
|
||
Bit32u idtr_limit = VMread32(VMCS_32BIT_GUEST_IDTR_LIMIT);
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(gdtr_base) || ! IsCanonical(idtr_base)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest IDTR/IDTR.BASE non canonical"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
#endif
|
||
if (gdtr_limit > 0xffff || idtr_limit > 0xffff) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest GDTR/IDTR limit > 0xFFFF"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
//
|
||
// Load and Check Guest State from VMCS - LDTR
|
||
//
|
||
|
||
Bit16u ldtr_selector = VMread16(VMCS_16BIT_GUEST_LDTR_SELECTOR);
|
||
Bit64u ldtr_base = VMread_natural(VMCS_GUEST_LDTR_BASE);
|
||
Bit32u ldtr_limit = VMread32(VMCS_32BIT_GUEST_LDTR_LIMIT);
|
||
Bit32u ldtr_ar = VMread32(VMCS_32BIT_GUEST_LDTR_ACCESS_RIGHTS) >> 8;
|
||
bx_bool ldtr_invalid = (ldtr_ar >> 16) & 1;
|
||
if (set_segment_ar_data(&guest.ldtr, !ldtr_invalid,
|
||
(Bit16u) ldtr_selector, ldtr_base, ldtr_limit, (Bit16u)(ldtr_ar)))
|
||
{
|
||
// ldtr is valid
|
||
if (guest.ldtr.selector.ti) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR.TI set"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (guest.ldtr.cache.type != BX_SYS_SEGMENT_LDT) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest incorrect LDTR type"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (guest.ldtr.cache.segment) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR is not system segment"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (! guest.ldtr.cache.p) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR not present"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (! IsLimitAccessRightsConsistent(ldtr_limit, ldtr_ar)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR.AR/LIMIT malformed"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(ldtr_base)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR.BASE non canonical"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
#endif
|
||
}
|
||
|
||
//
|
||
// Load and Check Guest State from VMCS - TR
|
||
//
|
||
|
||
Bit16u tr_selector = VMread16(VMCS_16BIT_GUEST_TR_SELECTOR);
|
||
Bit64u tr_base = VMread_natural(VMCS_GUEST_TR_BASE);
|
||
Bit32u tr_limit = VMread32(VMCS_32BIT_GUEST_TR_LIMIT);
|
||
Bit32u tr_ar = VMread32(VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS) >> 8;
|
||
bx_bool tr_invalid = (tr_ar >> 16) & 1;
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(tr_base)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest TR.BASE non canonical"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
#endif
|
||
|
||
set_segment_ar_data(&guest.tr, !tr_invalid,
|
||
(Bit16u) tr_selector, tr_base, tr_limit, (Bit16u)(tr_ar));
|
||
|
||
if (tr_invalid) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest TR invalid"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (guest.tr.selector.ti) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest TR.TI set"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (guest.tr.cache.segment) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest TR is not system segment"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (! guest.tr.cache.p) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest TR not present"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (! IsLimitAccessRightsConsistent(tr_limit, tr_ar)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest TR.AR/LIMIT malformed"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
switch(guest.tr.cache.type) {
|
||
case BX_SYS_SEGMENT_BUSY_386_TSS:
|
||
break;
|
||
case BX_SYS_SEGMENT_BUSY_286_TSS:
|
||
if (! x86_64_guest) break;
|
||
// fall through
|
||
default:
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest incorrect TR type"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
//
|
||
// Load and Check Guest State from VMCS - MSRS
|
||
//
|
||
|
||
guest.ia32_debugctl_msr = VMread64(VMCS_64BIT_GUEST_IA32_DEBUGCTL);
|
||
guest.smbase = VMread32(VMCS_32BIT_GUEST_SMBASE);
|
||
|
||
guest.sysenter_esp_msr = VMread_natural(VMCS_GUEST_IA32_SYSENTER_ESP_MSR);
|
||
guest.sysenter_eip_msr = VMread_natural(VMCS_GUEST_IA32_SYSENTER_EIP_MSR);
|
||
guest.sysenter_cs_msr = VMread32(VMCS_32BIT_GUEST_IA32_SYSENTER_CS_MSR);
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(guest.sysenter_esp_msr)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest SYSENTER_ESP_MSR non canonical"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
if (! IsCanonical(guest.sysenter_eip_msr)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest SYSENTER_EIP_MSR non canonical"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
#endif
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_PAT_MSR) {
|
||
guest.pat_msr = VMread64(VMCS_64BIT_GUEST_IA32_PAT);
|
||
if (! isValidMSR_PAT(guest.pat_msr)) {
|
||
BX_ERROR(("VMENTER FAIL: invalid Memory Type in guest MSR_PAT"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
guest.rip = VMread_natural(VMCS_GUEST_RIP);
|
||
guest.rsp = VMread_natural(VMCS_GUEST_RSP);
|
||
|
||
#if BX_SUPPORT_VMX >= 2 && BX_SUPPORT_X86_64
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_EFER_MSR) {
|
||
guest.efer_msr = VMread64(VMCS_64BIT_GUEST_IA32_EFER);
|
||
if (guest.efer_msr & ~((Bit64u) BX_CPU_THIS_PTR efer_suppmask)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest EFER reserved bits set !"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
bx_bool lme = (guest.efer_msr >> 8) & 0x1;
|
||
bx_bool lma = (guest.efer_msr >> 10) & 0x1;
|
||
if (lma != lme || lma != x86_64_guest) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest EFER (0x%08x) inconsistent value !", (Bit32u) guest.efer_msr));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
if (! x86_64_guest || !guest.sregs[BX_SEG_REG_CS].cache.u.segment.l) {
|
||
if (GET32H(guest.rip) != 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest RIP > 32 bit"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
//
|
||
// Load and Check Guest Non-Registers State from VMCS
|
||
//
|
||
|
||
guest.link_pointer = VMread64(VMCS_64BIT_GUEST_LINK_POINTER);
|
||
if (guest.link_pointer != BX_INVALID_VMCSPTR) {
|
||
if ((guest.link_pointer & 0xfff) != 0 || ! IsValidPhyAddr(guest.link_pointer)) {
|
||
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
|
||
BX_ERROR(("VMFAIL: VMCS link pointer malformed"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
Bit32u revision = VMXReadRevisionID((bx_phy_address) guest.link_pointer);
|
||
if (revision != VMX_VMCS_REVISION_ID) {
|
||
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
|
||
BX_ERROR(("VMFAIL: VMCS link pointer incorrect revision ID %d != %d", revision, VMX_VMCS_REVISION_ID));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if (! BX_CPU_THIS_PTR in_smm || (vmentry_ctrls & VMX_VMENTRY_CTRL1_SMM_ENTER) != 0) {
|
||
if (guest.link_pointer == BX_CPU_THIS_PTR vmcsptr) {
|
||
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
|
||
BX_ERROR(("VMFAIL: VMCS link pointer equal to current VMCS pointer"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
else {
|
||
if (guest.link_pointer == BX_CPU_THIS_PTR vmxonptr) {
|
||
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
|
||
BX_ERROR(("VMFAIL: VMCS link pointer equal to VMXON pointer"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
}
|
||
|
||
guest.tmpDR6 = (Bit32u) VMread_natural(VMCS_GUEST_PENDING_DBG_EXCEPTIONS);
|
||
if (guest.tmpDR6 & BX_CONST64(0xFFFFFFFFFFFFAFF0)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest tmpDR6 reserved bits"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
guest.activity_state = VMread32(VMCS_32BIT_GUEST_ACTIVITY_STATE);
|
||
if (guest.activity_state >= BX_VMX_LAST_ACTIVITY_STATE) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest activity state %d", guest.activity_state));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if (guest.activity_state == BX_VMX_STATE_HLT) {
|
||
if (guest.sregs[BX_SEG_REG_SS].cache.dpl != 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest HLT state with SS.DPL=%d", guest.sregs[BX_SEG_REG_SS].cache.dpl));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
guest.interruptibility_state = VMread32(VMCS_32BIT_GUEST_INTERRUPTIBILITY_STATE);
|
||
if (guest.interruptibility_state & ~BX_VMX_INTERRUPTIBILITY_STATE_MASK) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest interruptibility state broken"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if ((guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_STI) &&
|
||
(guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_MOV_SS))
|
||
{
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest interruptibility state broken"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
|
||
if ((guest.rflags & EFlagsIFMask) == 0) {
|
||
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_STI) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest interrupts can't be blocked by STI when EFLAGS.IF = 0"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
if (VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info)) {
|
||
unsigned event_type = (vm->vmentry_interr_info >> 8) & 7;
|
||
if (event_type == BX_EXTERNAL_INTERRUPT) {
|
||
if ((guest.interruptibility_state & 3) != 0 || (guest.rflags & EFlagsIFMask) == 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest interrupts blocked when injecting external interrupt"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
if (event_type == BX_NMI) {
|
||
if ((guest.interruptibility_state & 3) != 0) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS guest interrupts blocked when injecting NMI"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
}
|
||
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_SMM_ENTER) {
|
||
if (! (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_SMI_BLOCKED)) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS SMM guest should block SMI"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_SMI_BLOCKED) {
|
||
if (! BX_CPU_THIS_PTR in_smm) {
|
||
BX_ERROR(("VMENTER FAIL: VMCS SMI blocked when not in SMM mode"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
|
||
if (! x86_64_guest && (guest.cr4 & BX_CR4_PAE_MASK) != 0 && (guest.cr0 & BX_CR0_PG_MASK) != 0) {
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
|
||
for (n=0;n<4;n++)
|
||
guest.pdptr[n] = VMread64(VMCS_64BIT_GUEST_IA32_PDPTE0 + 2*n);
|
||
|
||
if (! CheckPDPTR(guest.pdptr)) {
|
||
*qualification = VMENTER_ERR_GUEST_STATE_PDPTR_LOADING;
|
||
BX_ERROR(("VMENTER: Guest State PDPTRs Checks Failed"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
if (! CheckPDPTR(guest.cr3)) {
|
||
*qualification = VMENTER_ERR_GUEST_STATE_PDPTR_LOADING;
|
||
BX_ERROR(("VMENTER: Guest State PDPTRs Checks Failed"));
|
||
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
|
||
}
|
||
}
|
||
}
|
||
|
||
//
|
||
// Load Guest State -> VMENTER
|
||
//
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_EFER_MSR) {
|
||
BX_CPU_THIS_PTR efer.set32((Bit32u) guest.efer_msr);
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
// set EFER.LMA and EFER.LME before write to CR4
|
||
if (x86_64_guest)
|
||
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() | (BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
|
||
else
|
||
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() & ~(BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
|
||
}
|
||
#endif
|
||
|
||
// keep bits ET(4), reserved bits 15:6, 17, 28:19, NW(29), CD(30)
|
||
#define VMX_KEEP_CR0_BITS 0x7FFAFFD0
|
||
|
||
guest.cr0 = (BX_CPU_THIS_PTR cr0.get32() & VMX_KEEP_CR0_BITS) | (guest.cr0 & ~VMX_KEEP_CR0_BITS);
|
||
|
||
if (! check_CR0(guest.cr0)) {
|
||
BX_PANIC(("VMENTER CR0 is broken !"));
|
||
}
|
||
if (! check_CR4(guest.cr4)) {
|
||
BX_PANIC(("VMENTER CR4 is broken !"));
|
||
}
|
||
|
||
BX_CPU_THIS_PTR cr0.set32((Bit32u) guest.cr0);
|
||
BX_CPU_THIS_PTR cr4.set32((Bit32u) guest.cr4);
|
||
BX_CPU_THIS_PTR cr3 = guest.cr3;
|
||
|
||
// flush TLB is always needed to invalidate possible
|
||
// APIC ACCESS PAGE caching by host
|
||
TLB_flush();
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
|
||
// load PDPTR only in PAE legacy mode
|
||
if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE() && !x86_64_guest) {
|
||
BX_CPU_THIS_PTR PDPTR_CACHE.valid = 1;
|
||
for (n = 0; n < 4; n++)
|
||
BX_CPU_THIS_PTR PDPTR_CACHE.entry[n] = guest.pdptr[n];
|
||
}
|
||
}
|
||
#endif
|
||
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_DBG_CTRLS) {
|
||
// always clear bits 15:14 and set bit 10
|
||
BX_CPU_THIS_PTR dr7.set32((guest.dr7 & ~0xc000) | 0x400);
|
||
}
|
||
|
||
RIP = BX_CPU_THIS_PTR prev_rip = guest.rip;
|
||
RSP = guest.rsp;
|
||
|
||
// set flags directly, avoid setEFlags side effects
|
||
BX_CPU_THIS_PTR eflags = (Bit32u) guest.rflags;
|
||
// Update lazy flags state
|
||
setEFlagsOSZAPC((Bit32u) guest.rflags);
|
||
|
||
#ifdef BX_SUPPORT_CS_LIMIT_DEMOTION
|
||
// Handle special case of CS.LIMIT demotion (new descriptor limit is
|
||
// smaller than current one)
|
||
if (BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled > guest.sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled)
|
||
BX_CPU_THIS_PTR iCache.flushICacheEntries();
|
||
#endif
|
||
|
||
for(unsigned segreg=0; segreg<6; segreg++)
|
||
BX_CPU_THIS_PTR sregs[segreg] = guest.sregs[segreg];
|
||
|
||
if (v8086_guest) CPL = 3;
|
||
#if BX_SUPPORT_VMX >= 2
|
||
else {
|
||
if (real_mode_guest) CPL = 0;
|
||
}
|
||
#endif
|
||
|
||
BX_CPU_THIS_PTR gdtr.base = gdtr_base;
|
||
BX_CPU_THIS_PTR gdtr.limit = gdtr_limit;
|
||
BX_CPU_THIS_PTR idtr.base = idtr_base;
|
||
BX_CPU_THIS_PTR idtr.limit = idtr_limit;
|
||
|
||
BX_CPU_THIS_PTR ldtr = guest.ldtr;
|
||
BX_CPU_THIS_PTR tr = guest.tr;
|
||
|
||
BX_CPU_THIS_PTR msr.sysenter_esp_msr = guest.sysenter_esp_msr;
|
||
BX_CPU_THIS_PTR msr.sysenter_eip_msr = guest.sysenter_eip_msr;
|
||
BX_CPU_THIS_PTR msr.sysenter_cs_msr = guest.sysenter_cs_msr;
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_PAT_MSR) {
|
||
BX_CPU_THIS_PTR msr.pat = guest.pat_msr;
|
||
}
|
||
vm->last_pause_time = vm->first_pause_time = 0;
|
||
#endif
|
||
|
||
//
|
||
// Load Guest Non-Registers State -> VMENTER
|
||
//
|
||
|
||
BX_CPU_THIS_PTR async_event = 0;
|
||
if (guest.rflags & EFlagsTFMask)
|
||
BX_CPU_THIS_PTR async_event = 1;
|
||
|
||
if (vm->vmentry_ctrls & VMX_VMENTRY_CTRL1_SMM_ENTER)
|
||
BX_PANIC(("VMENTER: entry to SMM is not implemented yet !"));
|
||
|
||
if (VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info)) {
|
||
// the VMENTRY injecting event to the guest
|
||
BX_CPU_THIS_PTR inhibit_mask = 0; // do not block interrupts
|
||
BX_CPU_THIS_PTR debug_trap = 0;
|
||
}
|
||
else {
|
||
if (guest.tmpDR6 & (1 << 12))
|
||
BX_CPU_THIS_PTR debug_trap = guest.tmpDR6 & 0x0000400F;
|
||
else
|
||
BX_CPU_THIS_PTR debug_trap = guest.tmpDR6 & 0x00004000;
|
||
if (BX_CPU_THIS_PTR debug_trap)
|
||
BX_CPU_THIS_PTR async_event = 1;
|
||
|
||
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_STI)
|
||
inhibit_interrupts(BX_INHIBIT_INTERRUPTS);
|
||
else if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_MOV_SS)
|
||
inhibit_interrupts(BX_INHIBIT_INTERRUPTS_BY_MOVSS);
|
||
else
|
||
BX_CPU_THIS_PTR inhibit_mask = 0;
|
||
}
|
||
|
||
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_NMI_BLOCKED) {
|
||
BX_CPU_THIS_PTR disable_NMI = 1;
|
||
}
|
||
else {
|
||
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_NMI_WINDOW_VMEXIT)
|
||
BX_CPU_THIS_PTR async_event = 1;
|
||
}
|
||
|
||
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_INTERRUPT_WINDOW_VMEXIT) {
|
||
BX_CPU_THIS_PTR async_event = 1;
|
||
BX_CPU_THIS_PTR vmx_interrupt_window = 1; // set up interrupt window exiting
|
||
}
|
||
|
||
#if BX_SUPPORT_MONITOR_MWAIT
|
||
BX_CPU_THIS_PTR monitor.reset_monitor();
|
||
#endif
|
||
|
||
invalidate_prefetch_q();
|
||
#if BX_SUPPORT_ALIGNMENT_CHECK
|
||
handleAlignmentCheck();
|
||
#endif
|
||
handleCpuModeChange();
|
||
handleSseModeChange();
|
||
#if BX_SUPPORT_AVX
|
||
handleAvxModeChange();
|
||
#endif
|
||
|
||
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_CONTEXT_SWITCH, 0);
|
||
|
||
return VMXERR_NO_ERROR;
|
||
}
|
||
|
||
void BX_CPU_C::VMenterInjectEvents(void)
|
||
{
|
||
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
|
||
|
||
if (! VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info))
|
||
return;
|
||
|
||
/* the VMENTRY injecting event to the guest */
|
||
unsigned vector = vm->vmentry_interr_info & 0xff;
|
||
unsigned type = (vm->vmentry_interr_info >> 8) & 7;
|
||
unsigned push_error = vm->vmentry_interr_info & (1 << 11);
|
||
unsigned error_code = push_error ? vm->vmentry_excep_err_code : 0;
|
||
|
||
bx_bool is_INT = 0;
|
||
switch(type) {
|
||
case BX_EXTERNAL_INTERRUPT:
|
||
case BX_NMI:
|
||
case BX_HARDWARE_EXCEPTION:
|
||
BX_CPU_THIS_PTR EXT = 1;
|
||
break;
|
||
|
||
case BX_PRIVILEGED_SOFTWARE_INTERRUPT:
|
||
BX_CPU_THIS_PTR EXT = 1;
|
||
is_INT = 1;
|
||
break;
|
||
|
||
case BX_SOFTWARE_INTERRUPT:
|
||
case BX_SOFTWARE_EXCEPTION:
|
||
is_INT = 1;
|
||
break;
|
||
|
||
default:
|
||
BX_PANIC(("VMENTER: unsupported event injection type %d !", type));
|
||
}
|
||
|
||
// keep prev_rip value/unwind in case of event delivery failure
|
||
if (is_INT)
|
||
RIP += vm->vmentry_instr_length;
|
||
|
||
BX_ERROR(("VMENTER: Injecting vector 0x%02x (error_code 0x%04x)", vector, error_code));
|
||
|
||
if (type == BX_HARDWARE_EXCEPTION) {
|
||
// record exception the same way as BX_CPU_C::exception does
|
||
if (vector < BX_CPU_HANDLED_EXCEPTIONS)
|
||
BX_CPU_THIS_PTR curr_exception = exceptions_info[vector].exception_type;
|
||
else // else take default value
|
||
BX_CPU_THIS_PTR curr_exception = exceptions_info[BX_CPU_HANDLED_EXCEPTIONS].exception_type;
|
||
|
||
BX_CPU_THIS_PTR errorno = 1;
|
||
}
|
||
|
||
vm->idt_vector_info = vm->vmentry_interr_info & ~0x80000000;
|
||
vm->idt_vector_error_code = error_code;
|
||
|
||
RSP_SPECULATIVE;
|
||
|
||
if (type == BX_SOFTWARE_INTERRUPT) {
|
||
if (v8086_mode()) {
|
||
// redirect interrupt through virtual-mode idt
|
||
if (v86_redirect_interrupt(vector)) goto done;
|
||
}
|
||
}
|
||
|
||
interrupt(vector, type, push_error, error_code);
|
||
|
||
done:
|
||
|
||
RSP_COMMIT;
|
||
|
||
BX_CPU_THIS_PTR errorno = 0; // injection success
|
||
BX_CPU_THIS_PTR EXT = 0;
|
||
}
|
||
|
||
Bit32u BX_CPU_C::LoadMSRs(Bit32u msr_cnt, bx_phy_address pAddr)
|
||
{
|
||
Bit64u msr_lo, msr_hi;
|
||
|
||
for (Bit32u msr = 1; msr <= msr_cnt; msr++) {
|
||
access_read_physical(pAddr, 8, &msr_lo);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMX_LOAD_MSR_ACCESS | BX_READ, (Bit8u*)(&msr_lo));
|
||
access_read_physical(pAddr + 8, 8, &msr_hi);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + 8, 8, BX_VMX_LOAD_MSR_ACCESS | BX_READ, (Bit8u*)(&msr_hi));
|
||
|
||
if (GET32H(msr_lo))
|
||
return msr;
|
||
|
||
Bit32u index = GET32L(msr_lo);
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (index == BX_MSR_FSBASE || index == BX_MSR_GSBASE)
|
||
return msr;
|
||
#endif
|
||
|
||
if (bx_cpuid_support_x2apic()) {
|
||
if ((index & 0xfffff800) == 0x800) // X2APIC range
|
||
return msr;
|
||
}
|
||
|
||
if (! wrmsr(index, msr_hi))
|
||
return msr;
|
||
|
||
pAddr += 16; // to next MSR
|
||
}
|
||
|
||
return 0;
|
||
}
|
||
|
||
Bit32u BX_CPU_C::StoreMSRs(Bit32u msr_cnt, bx_phy_address pAddr)
|
||
{
|
||
Bit64u msr_lo, msr_hi;
|
||
|
||
for (Bit32u msr = 1; msr <= msr_cnt; msr++) {
|
||
access_read_physical(pAddr, 8, &msr_lo);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMX_STORE_MSR_ACCESS | BX_READ, (Bit8u*)(&msr_lo));
|
||
|
||
if (GET32H(msr_lo))
|
||
return msr;
|
||
|
||
Bit32u index = GET32L(msr_lo);
|
||
|
||
if (bx_cpuid_support_x2apic()) {
|
||
if ((index & 0xfffff800) == 0x800) // X2APIC range
|
||
return msr;
|
||
}
|
||
|
||
if (! rdmsr(index, &msr_hi))
|
||
return msr;
|
||
|
||
access_write_physical(pAddr + 8, 8, &msr_hi);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + 8, 8, BX_VMX_STORE_MSR_ACCESS | BX_WRITE, (Bit8u*)(&msr_hi));
|
||
|
||
pAddr += 16; // to next MSR
|
||
}
|
||
|
||
return 0;
|
||
}
|
||
|
||
////////////////////////////////////////////////////////////
|
||
// VMexit
|
||
////////////////////////////////////////////////////////////
|
||
|
||
void BX_CPU_C::VMexitSaveGuestState(void)
|
||
{
|
||
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
|
||
int n;
|
||
|
||
VMwrite_natural(VMCS_GUEST_CR0, BX_CPU_THIS_PTR cr0.get32());
|
||
VMwrite_natural(VMCS_GUEST_CR3, BX_CPU_THIS_PTR cr3);
|
||
VMwrite_natural(VMCS_GUEST_CR4, BX_CPU_THIS_PTR cr4.get32());
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
|
||
// save only if guest running in legacy PAE mode
|
||
if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE() && !long_mode()) {
|
||
if (! BX_CPU_THIS_PTR PDPTR_CACHE.valid) {
|
||
if (! CheckPDPTR(BX_CPU_THIS_PTR cr3))
|
||
BX_PANIC(("VMEXIT: PDPTR cache is not valid !"));
|
||
}
|
||
for(n=0; n<4; n++) {
|
||
VMwrite64(VMCS_64BIT_GUEST_IA32_PDPTE0 + 2*n, BX_CPU_THIS_PTR PDPTR_CACHE.entry[n]);
|
||
}
|
||
}
|
||
}
|
||
#endif
|
||
|
||
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_SAVE_DBG_CTRLS)
|
||
VMwrite_natural(VMCS_GUEST_DR7, BX_CPU_THIS_PTR dr7.get32());
|
||
|
||
VMwrite_natural(VMCS_GUEST_RIP, RIP);
|
||
VMwrite_natural(VMCS_GUEST_RSP, RSP);
|
||
VMwrite_natural(VMCS_GUEST_RFLAGS, BX_CPU_THIS_PTR read_eflags());
|
||
|
||
for (n=0; n<6; n++) {
|
||
Bit32u selector = BX_CPU_THIS_PTR sregs[n].selector.value;
|
||
bx_bool invalid = !BX_CPU_THIS_PTR sregs[n].cache.valid;
|
||
bx_address base = BX_CPU_THIS_PTR sregs[n].cache.u.segment.base;
|
||
Bit32u limit = BX_CPU_THIS_PTR sregs[n].cache.u.segment.limit_scaled;
|
||
Bit32u ar = get_descriptor_h(&BX_CPU_THIS_PTR sregs[n].cache) & 0x00f0ff00;
|
||
|
||
VMwrite16(VMCS_16BIT_GUEST_ES_SELECTOR + 2*n, selector);
|
||
VMwrite_natural(VMCS_GUEST_ES_BASE + 2*n, base);
|
||
VMwrite32(VMCS_32BIT_GUEST_ES_LIMIT + 2*n, limit);
|
||
VMwrite32(VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS + 2*n, ar | (invalid << 24));
|
||
}
|
||
|
||
// save guest LDTR
|
||
Bit32u ldtr_selector = BX_CPU_THIS_PTR ldtr.selector.value;
|
||
bx_bool ldtr_invalid = !BX_CPU_THIS_PTR ldtr.cache.valid;
|
||
bx_address ldtr_base = BX_CPU_THIS_PTR ldtr.cache.u.segment.base;
|
||
Bit32u ldtr_limit = BX_CPU_THIS_PTR ldtr.cache.u.segment.limit_scaled;
|
||
Bit32u ldtr_ar = get_descriptor_h(&BX_CPU_THIS_PTR ldtr.cache) & 0x00f0ff00;
|
||
|
||
VMwrite16(VMCS_16BIT_GUEST_LDTR_SELECTOR, ldtr_selector);
|
||
VMwrite_natural(VMCS_GUEST_LDTR_BASE, ldtr_base);
|
||
VMwrite32(VMCS_32BIT_GUEST_LDTR_LIMIT, ldtr_limit);
|
||
VMwrite32(VMCS_32BIT_GUEST_LDTR_ACCESS_RIGHTS, ldtr_ar | (ldtr_invalid << 24));
|
||
|
||
// save guest TR
|
||
Bit32u tr_selector = BX_CPU_THIS_PTR tr.selector.value;
|
||
bx_bool tr_invalid = !BX_CPU_THIS_PTR tr.cache.valid;
|
||
bx_address tr_base = BX_CPU_THIS_PTR tr.cache.u.segment.base;
|
||
Bit32u tr_limit = BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled;
|
||
Bit32u tr_ar = get_descriptor_h(&BX_CPU_THIS_PTR tr.cache) & 0x00f0ff00;
|
||
|
||
VMwrite16(VMCS_16BIT_GUEST_TR_SELECTOR, tr_selector);
|
||
VMwrite_natural(VMCS_GUEST_TR_BASE, tr_base);
|
||
VMwrite32(VMCS_32BIT_GUEST_TR_LIMIT, tr_limit);
|
||
VMwrite32(VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS, tr_ar | (tr_invalid << 24));
|
||
|
||
VMwrite_natural(VMCS_GUEST_GDTR_BASE, BX_CPU_THIS_PTR gdtr.base);
|
||
VMwrite32(VMCS_32BIT_GUEST_GDTR_LIMIT, BX_CPU_THIS_PTR gdtr.limit);
|
||
VMwrite_natural(VMCS_GUEST_IDTR_BASE, BX_CPU_THIS_PTR idtr.base);
|
||
VMwrite32(VMCS_32BIT_GUEST_IDTR_LIMIT, BX_CPU_THIS_PTR idtr.limit);
|
||
|
||
VMwrite_natural(VMCS_GUEST_IA32_SYSENTER_ESP_MSR, BX_CPU_THIS_PTR msr.sysenter_esp_msr);
|
||
VMwrite_natural(VMCS_GUEST_IA32_SYSENTER_EIP_MSR, BX_CPU_THIS_PTR msr.sysenter_eip_msr);
|
||
VMwrite32(VMCS_32BIT_GUEST_IA32_SYSENTER_CS_MSR, BX_CPU_THIS_PTR msr.sysenter_cs_msr);
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_PAT_MSR)
|
||
VMwrite64(VMCS_64BIT_GUEST_IA32_PAT, BX_CPU_THIS_PTR msr.pat);
|
||
#if BX_SUPPORT_X86_64
|
||
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_EFER_MSR)
|
||
VMwrite64(VMCS_64BIT_GUEST_IA32_EFER, BX_CPU_THIS_PTR efer.get32());
|
||
#endif
|
||
#endif
|
||
|
||
Bit32u tmpDR6 = BX_CPU_THIS_PTR debug_trap;
|
||
if (tmpDR6 & 0xf) tmpDR6 |= (1 << 12);
|
||
VMwrite_natural(VMCS_GUEST_PENDING_DBG_EXCEPTIONS, tmpDR6 & 0x0000500f);
|
||
|
||
Bit32u interruptibility_state = 0;
|
||
if (interrupts_inhibited(BX_INHIBIT_INTERRUPTS)) {
|
||
if (interrupts_inhibited(BX_INHIBIT_DEBUG))
|
||
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_BY_MOV_SS;
|
||
else
|
||
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_BY_STI;
|
||
}
|
||
if (BX_CPU_THIS_PTR disable_SMI)
|
||
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_SMI_BLOCKED;
|
||
if (BX_CPU_THIS_PTR disable_NMI)
|
||
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_NMI_BLOCKED;
|
||
VMwrite32(VMCS_32BIT_GUEST_INTERRUPTIBILITY_STATE, interruptibility_state);
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (VMX_MSR_MISC & VMX_MISC_STORE_LMA_TO_X86_64_GUEST_VMENTRY_CONTROL) {
|
||
// VMEXITs store the value of EFER.LMA into the <20>x86-64 guest" VMENTRY control
|
||
// must be set if unrestricted guest is supported
|
||
if (long_mode())
|
||
vm->vmentry_ctrls |= VMX_VMENTRY_CTRL1_X86_64_GUEST;
|
||
else
|
||
vm->vmentry_ctrls &= ~VMX_VMENTRY_CTRL1_X86_64_GUEST;
|
||
|
||
VMwrite32(VMCS_32BIT_CONTROL_VMENTRY_CONTROLS, vm->vmentry_ctrls);
|
||
}
|
||
|
||
// Deactivate VMX preemtion timer
|
||
BX_CPU_THIS_PTR lapic.deactivate_vmx_preemption_timer();
|
||
BX_CPU_THIS_PTR pending_vmx_timer_expired = 0;
|
||
// Store back to VMCS
|
||
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_VMX_PREEMPTION_TIMER)
|
||
VMwrite32(VMCS_32BIT_GUEST_PREEMPTION_TIMER_VALUE, BX_CPU_THIS_PTR lapic.read_vmx_preemption_timer());
|
||
#endif
|
||
}
|
||
|
||
void BX_CPU_C::VMexitLoadHostState(void)
|
||
{
|
||
VMCS_HOST_STATE *host_state = &BX_CPU_THIS_PTR vmcs.host_state;
|
||
bx_bool x86_64_host = 0;
|
||
Bit32u vmexit_ctrls = BX_CPU_THIS_PTR vmcs.vmexit_ctrls;
|
||
|
||
BX_CPU_THIS_PTR tsc_offset = 0;
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_HOST_ADDR_SPACE_SIZE) {
|
||
BX_DEBUG(("VMEXIT to x86-64 host"));
|
||
x86_64_host = 1;
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_EFER_MSR) {
|
||
BX_CPU_THIS_PTR efer.set32((Bit32u) host_state->efer_msr);
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
// set EFER.LMA and EFER.LME before write to CR4
|
||
if (x86_64_host)
|
||
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() | (BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
|
||
else
|
||
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() & ~(BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
|
||
}
|
||
#endif
|
||
|
||
// ET, CD, NW, 28:19, 17, 15:6, and VMX fixed bits not modified Section 19.8
|
||
host_state->cr0 = (BX_CPU_THIS_PTR cr0.get32() & VMX_KEEP_CR0_BITS) | (host_state->cr0 & ~VMX_KEEP_CR0_BITS);
|
||
|
||
if (! check_CR0(host_state->cr0)) {
|
||
BX_PANIC(("VMEXIT CR0 is broken !"));
|
||
}
|
||
if (! check_CR4(host_state->cr4)) {
|
||
BX_PANIC(("VMEXIT CR4 is broken !"));
|
||
}
|
||
|
||
BX_CPU_THIS_PTR cr0.set32((Bit32u) host_state->cr0);
|
||
BX_CPU_THIS_PTR cr4.set32((Bit32u) host_state->cr4);
|
||
BX_CPU_THIS_PTR cr3 = host_state->cr3;
|
||
|
||
TLB_flush(); // CR0/CR4 updated
|
||
|
||
if (! x86_64_host && BX_CPU_THIS_PTR cr4.get_PAE()) {
|
||
if (! CheckPDPTR(host_state->cr3)) {
|
||
BX_ERROR(("VMABORT: host PDPTRs are corrupted !"));
|
||
VMabort(VMABORT_HOST_PDPTR_CORRUPTED);
|
||
}
|
||
}
|
||
|
||
BX_CPU_THIS_PTR dr7.set32(0x00000400);
|
||
|
||
BX_CPU_THIS_PTR msr.sysenter_cs_msr = host_state->sysenter_cs_msr;
|
||
BX_CPU_THIS_PTR msr.sysenter_esp_msr = host_state->sysenter_esp_msr;
|
||
BX_CPU_THIS_PTR msr.sysenter_eip_msr = host_state->sysenter_eip_msr;
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_PAT_MSR) {
|
||
BX_CPU_THIS_PTR msr.pat = host_state->pat_msr;
|
||
}
|
||
#endif
|
||
|
||
// CS selector loaded from VMCS
|
||
// valid <= 1
|
||
// base <= 0
|
||
// limit <= 0xffffffff, g <= 1
|
||
// present <= 1
|
||
// dpl <= 0
|
||
// type <= segment, BX_CODE_EXEC_READ_ACCESSED
|
||
// d_b <= loaded from 'host-address space size' VMEXIT control
|
||
// l <= loaded from 'host-address space size' VMEXIT control
|
||
|
||
parse_selector(host_state->segreg_selector[BX_SEG_REG_CS],
|
||
&BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector);
|
||
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.valid = SegValidCache | SegAccessROK | SegAccessWOK;
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.p = 1;
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.dpl = 0;
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.segment = 1; /* data/code segment */
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.type = BX_CODE_EXEC_READ_ACCESSED;
|
||
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.base = 0;
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled = 0xffffffff;
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.avl = 0;
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.g = 1; /* page granular */
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.d_b = !x86_64_host;
|
||
#if BX_SUPPORT_X86_64
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.l = x86_64_host;
|
||
#endif
|
||
|
||
// DATA selector loaded from VMCS
|
||
// valid <= if selector is not all-zero
|
||
// base <= 0
|
||
// limit <= 0xffffffff, g <= 1
|
||
// present <= 1
|
||
// dpl <= 0
|
||
// type <= segment, BX_DATA_READ_WRITE_ACCESSED
|
||
// d_b <= 1
|
||
// l <= 0
|
||
|
||
for (unsigned segreg = 0; segreg < 6; segreg++)
|
||
{
|
||
if (segreg == BX_SEG_REG_CS) continue;
|
||
|
||
parse_selector(host_state->segreg_selector[segreg],
|
||
&BX_CPU_THIS_PTR sregs[segreg].selector);
|
||
|
||
if (! host_state->segreg_selector[segreg]) {
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.valid = 0;
|
||
}
|
||
else {
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.valid = SegValidCache;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.p = 1;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.dpl = 0;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.segment = 1; /* data/code segment */
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.type = BX_DATA_READ_WRITE_ACCESSED;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.base = 0;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.limit_scaled = 0xffffffff;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.avl = 0;
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.g = 1; /* page granular */
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.d_b = 1;
|
||
#if BX_SUPPORT_X86_64
|
||
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.l = 0;
|
||
#endif
|
||
}
|
||
}
|
||
|
||
// SS.DPL always clear
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache.dpl = 0;
|
||
|
||
if (x86_64_host || BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.valid)
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.u.segment.base = host_state->fs_base;
|
||
|
||
if (x86_64_host || BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.valid)
|
||
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.u.segment.base = host_state->gs_base;
|
||
|
||
// TR selector loaded from VMCS
|
||
parse_selector(host_state->tr_selector, &BX_CPU_THIS_PTR tr.selector);
|
||
|
||
BX_CPU_THIS_PTR tr.cache.valid = 1; /* valid */
|
||
BX_CPU_THIS_PTR tr.cache.p = 1; /* present */
|
||
BX_CPU_THIS_PTR tr.cache.dpl = 0; /* field not used */
|
||
BX_CPU_THIS_PTR tr.cache.segment = 0; /* system segment */
|
||
BX_CPU_THIS_PTR tr.cache.type = BX_SYS_SEGMENT_BUSY_386_TSS;
|
||
BX_CPU_THIS_PTR tr.cache.u.segment.base = host_state->tr_base;
|
||
BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled = 0x67;
|
||
BX_CPU_THIS_PTR tr.cache.u.segment.avl = 0;
|
||
BX_CPU_THIS_PTR tr.cache.u.segment.g = 0; /* byte granular */
|
||
|
||
// unusable LDTR
|
||
BX_CPU_THIS_PTR ldtr.selector.value = 0x0000;
|
||
BX_CPU_THIS_PTR ldtr.selector.index = 0x0000;
|
||
BX_CPU_THIS_PTR ldtr.selector.ti = 0;
|
||
BX_CPU_THIS_PTR ldtr.selector.rpl = 0;
|
||
BX_CPU_THIS_PTR ldtr.cache.valid = 0; /* invalid */
|
||
|
||
BX_CPU_THIS_PTR gdtr.base = host_state->gdtr_base;
|
||
BX_CPU_THIS_PTR gdtr.limit = 0xFFFF;
|
||
|
||
BX_CPU_THIS_PTR idtr.base = host_state->idtr_base;
|
||
BX_CPU_THIS_PTR idtr.limit = 0xFFFF;
|
||
|
||
RIP = host_state->rip;
|
||
RSP = host_state->rsp;
|
||
|
||
BX_CPU_THIS_PTR inhibit_mask = 0;
|
||
BX_CPU_THIS_PTR debug_trap = 0;
|
||
|
||
// set flags directly, avoid setEFlags side effects
|
||
BX_CPU_THIS_PTR eflags = 0x2; // Bit1 is always set
|
||
// Update lazy flags state
|
||
setEFlagsOSZAPC(0);
|
||
|
||
#if BX_SUPPORT_MONITOR_MWAIT
|
||
BX_CPU_THIS_PTR monitor.reset_monitor();
|
||
#endif
|
||
|
||
invalidate_prefetch_q();
|
||
#if BX_SUPPORT_ALIGNMENT_CHECK
|
||
handleAlignmentCheck();
|
||
#endif
|
||
handleCpuModeChange();
|
||
handleSseModeChange();
|
||
#if BX_SUPPORT_AVX
|
||
handleAvxModeChange();
|
||
#endif
|
||
|
||
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_CONTEXT_SWITCH, 0);
|
||
}
|
||
|
||
void BX_CPU_C::VMexit(bxInstruction_c *i, Bit32u reason, Bit64u qualification)
|
||
{
|
||
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
|
||
|
||
if (!BX_CPU_THIS_PTR in_vmx || !BX_CPU_THIS_PTR in_vmx_guest) {
|
||
if ((reason & 0x80000000) == 0)
|
||
BX_PANIC(("PANIC: VMEXIT not in VMX guest mode !"));
|
||
}
|
||
|
||
// VMEXITs are FAULT-like: restore RIP/RSP to value before VMEXIT occurred
|
||
RIP = BX_CPU_THIS_PTR prev_rip;
|
||
if (BX_CPU_THIS_PTR speculative_rsp)
|
||
RSP = BX_CPU_THIS_PTR prev_rsp;
|
||
|
||
//
|
||
// STEP 0: Update VMEXIT reason
|
||
//
|
||
|
||
VMwrite32(VMCS_32BIT_VMEXIT_REASON, reason);
|
||
VMwrite_natural(VMCS_VMEXIT_QUALIFICATION, qualification);
|
||
|
||
if (i != 0)
|
||
VMwrite32(VMCS_32BIT_VMEXIT_INSTRUCTION_LENGTH, i->ilen());
|
||
|
||
reason &= 0xffff; /* keep only basic VMEXIT reason */
|
||
|
||
if (reason != VMX_VMEXIT_EXCEPTION_NMI && reason != VMX_VMEXIT_EXTERNAL_INTERRUPT) {
|
||
VMwrite32(VMCS_32BIT_VMEXIT_INTERRUPTION_INFO, 0);
|
||
}
|
||
|
||
if (BX_CPU_THIS_PTR in_event) {
|
||
VMwrite32(VMCS_32BIT_IDT_VECTORING_INFO, vm->idt_vector_info | 0x80000000);
|
||
VMwrite32(VMCS_32BIT_IDT_VECTORING_ERR_CODE, vm->idt_vector_error_code);
|
||
BX_CPU_THIS_PTR in_event = 0;
|
||
}
|
||
else {
|
||
VMwrite32(VMCS_32BIT_IDT_VECTORING_INFO, 0);
|
||
}
|
||
|
||
//
|
||
// STEP 1: Saving Guest State to VMCS
|
||
//
|
||
if (reason != VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE && reason != VMX_VMEXIT_VMENTRY_FAILURE_MSR) {
|
||
// clear VMENTRY interruption info field
|
||
VMwrite32(VMCS_32BIT_CONTROL_VMENTRY_INTERRUPTION_INFO, vm->vmentry_interr_info & ~0x80000000);
|
||
|
||
VMexitSaveGuestState();
|
||
|
||
Bit32u msr = StoreMSRs(vm->vmexit_msr_store_cnt, vm->vmexit_msr_store_addr);
|
||
if (msr) {
|
||
BX_ERROR(("VMABORT: Error when saving guest MSR number %d", msr));
|
||
VMabort(VMABORT_SAVING_GUEST_MSRS_FAILURE);
|
||
}
|
||
}
|
||
|
||
BX_CPU_THIS_PTR in_vmx_guest = 0;
|
||
|
||
//
|
||
// STEP 2: Load Host State
|
||
//
|
||
VMexitLoadHostState();
|
||
|
||
//
|
||
// STEP 3: Load Host MSR registers
|
||
//
|
||
|
||
Bit32u msr = LoadMSRs(vm->vmexit_msr_load_cnt, vm->vmexit_msr_load_addr);
|
||
if (msr) {
|
||
BX_ERROR(("VMABORT: Error when loading host MSR number %d", msr));
|
||
VMabort(VMABORT_LOADING_HOST_MSRS);
|
||
}
|
||
|
||
//
|
||
// STEP 4: Go back to VMX host
|
||
//
|
||
|
||
BX_CPU_THIS_PTR disable_INIT = 1; // INIT is disabled in VMX root mode
|
||
BX_CPU_THIS_PTR vmx_interrupt_window = 0;
|
||
BX_CPU_THIS_PTR errorno = 0;
|
||
BX_CPU_THIS_PTR EXT = 0;
|
||
|
||
#if BX_DEBUGGER
|
||
if (BX_CPU_THIS_PTR vmexit_break) {
|
||
BX_CPU_THIS_PTR stop_reason = STOP_VMEXIT_BREAK_POINT;
|
||
bx_debug_break(); // trap into debugger
|
||
}
|
||
#endif
|
||
|
||
longjmp(BX_CPU_THIS_PTR jmp_buf_env, 1); // go back to main decode loop
|
||
}
|
||
|
||
#endif // BX_SUPPORT_VMX
|
||
|
||
////////////////////////////////////////////////////////////
|
||
// VMX instructions
|
||
////////////////////////////////////////////////////////////
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMXON(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR cr4.get_VMXE() || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (! BX_CPU_THIS_PTR in_vmx) {
|
||
if (CPL != 0 || ! BX_CPU_THIS_PTR cr0.get_NE() ||
|
||
! (BX_CPU_THIS_PTR cr0.get_PE()) || BX_GET_ENABLE_A20() == 0 ||
|
||
! (BX_CPU_THIS_PTR msr.ia32_feature_ctrl & BX_IA32_FEATURE_CONTROL_LOCK_BIT) ||
|
||
! (BX_CPU_THIS_PTR msr.ia32_feature_ctrl & BX_IA32_FEATURE_CONTROL_VMX_ENABLE_BIT))
|
||
{
|
||
BX_ERROR(("#GP: VMXON is not allowed !"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
Bit64u pAddr = read_virtual_qword(i->seg(), eaddr); // keep 64-bit
|
||
if ((pAddr & 0xfff) != 0 || ! IsValidPhyAddr(pAddr)) {
|
||
BX_ERROR(("VMXON: invalid or not page aligned physical address !"));
|
||
VMfailInvalid();
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
Bit32u revision = VMXReadRevisionID((bx_phy_address) pAddr);
|
||
if (revision != VMX_VMCS_REVISION_ID) {
|
||
BX_ERROR(("VMXON: not expected (%d != %d) VMCS revision id !", revision, VMX_VMCS_REVISION_ID));
|
||
VMfailInvalid();
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_CPU_THIS_PTR vmcsptr = BX_INVALID_VMCSPTR;
|
||
BX_CPU_THIS_PTR vmcshostptr = 0;
|
||
BX_CPU_THIS_PTR vmxonptr = pAddr;
|
||
BX_CPU_THIS_PTR in_vmx = 1;
|
||
BX_CPU_THIS_PTR disable_INIT = 1; // INIT is disabled in VMX root mode
|
||
// block and disable A20M;
|
||
|
||
#if BX_SUPPORT_MONITOR_MWAIT
|
||
BX_CPU_THIS_PTR monitor.reset_monitor();
|
||
#endif
|
||
|
||
VMsucceed();
|
||
}
|
||
else if (BX_CPU_THIS_PTR in_vmx_guest) { // in VMX non-root operation
|
||
BX_ERROR(("VMEXIT: VMXON in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMXON);
|
||
}
|
||
else {
|
||
// in VMX root operation mode
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMXON with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
VMfail(VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
|
||
}
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMXOFF(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMXOFF in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMXOFF);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMXOFF with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
/*
|
||
if dual-monitor treatment of SMIs and SMM is active
|
||
THEN VMfail(VMXERR_VMXOFF_WITH_CONFIGURED_SMM_MONITOR);
|
||
else
|
||
*/
|
||
{
|
||
BX_CPU_THIS_PTR vmxonptr = BX_INVALID_VMCSPTR;
|
||
BX_CPU_THIS_PTR in_vmx = 0; // leave VMX operation mode
|
||
BX_CPU_THIS_PTR disable_INIT = 0;
|
||
// unblock and enable A20M;
|
||
#if BX_SUPPORT_MONITOR_MWAIT
|
||
BX_CPU_THIS_PTR monitor.reset_monitor();
|
||
#endif
|
||
VMsucceed();
|
||
}
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMCALL(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMCALL in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMCALL);
|
||
}
|
||
|
||
if (BX_CPU_THIS_PTR get_VM() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMCALL with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
if (BX_CPU_THIS_PTR in_smm /*||
|
||
(the logical processor does not support the dual-monitor treatment of SMIs and SMM) ||
|
||
(the valid bit in the IA32_SMM_MONITOR_CTL MSR is clear)*/)
|
||
{
|
||
VMfail(VMXERR_VMCALL_IN_VMX_ROOT_OPERATION);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
/*
|
||
if dual-monitor treatment of SMIs and BX_CPU_THIS_PTR in_smm
|
||
THEN perform an SMM VMexit (see Section 24.16.2
|
||
of the IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
|
||
*/
|
||
if (! VMCSPTR_VALID()) {
|
||
BX_ERROR(("VMFAIL: VMCALL with invalid VMCS ptr"));
|
||
VMfailInvalid();
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
Bit32u launch_state;
|
||
access_read_physical(BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4, &launch_state);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4,
|
||
BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&launch_state));
|
||
|
||
if (launch_state != VMCS_STATE_CLEAR) {
|
||
BX_ERROR(("VMFAIL: VMCALL with launched VMCS"));
|
||
VMfail(VMXERR_VMCALL_NON_CLEAR_VMCS);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_PANIC(("VMCALL: not implemented yet"));
|
||
/*
|
||
if VM-exit control fields are not valid (see Section 24.16.6.1 of the IntelR 64 and IA-32 Architectures
|
||
Software Developer's Manual, Volume 3B)
|
||
THEN VMfail(VMXERR_VMCALL_INVALID_VMEXIT_FIELD);
|
||
else
|
||
enter SMM;
|
||
read revision identifier in MSEG;
|
||
if revision identifier does not match that supported by processor
|
||
THEN
|
||
leave SMM;
|
||
VMfailValid(VMXERR_VMCALL_INVALID_MSEG_REVISION_ID);
|
||
else
|
||
read SMM-monitor features field in MSEG (see Section 24.16.6.2,
|
||
in the IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
|
||
if features field is invalid
|
||
THEN
|
||
leave SMM;
|
||
VMfailValid(VMXERR_VMCALL_WITH_INVALID_SMM_MONITOR_FEATURES);
|
||
else activate dual-monitor treatment of SMIs and SMM (see Section 24.16.6
|
||
in the IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
|
||
FI;
|
||
FI;
|
||
FI;
|
||
*/
|
||
#endif
|
||
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMLAUNCH(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
unsigned vmlaunch = 0;
|
||
if ((i->getIaOpcode() == BX_IA_VMLAUNCH)) {
|
||
BX_INFO(("VMLAUNCH VMCS ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcsptr));
|
||
vmlaunch = 1;
|
||
}
|
||
else {
|
||
BX_INFO(("VMRESUME VMCS ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcsptr));
|
||
}
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMLAUNCH in VMX non-root operation"));
|
||
VMexit_Instruction(i, vmlaunch ? VMX_VMEXIT_VMLAUNCH : VMX_VMEXIT_VMRESUME);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMLAUNCH/VMRESUME with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
if (! VMCSPTR_VALID()) {
|
||
BX_ERROR(("VMFAIL: VMLAUNCH with invalid VMCS ptr !"));
|
||
VMfailInvalid();
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
if (interrupts_inhibited(BX_INHIBIT_INTERRUPTS_BY_MOVSS)) {
|
||
BX_ERROR(("VMFAIL: VMLAUNCH with interrupts blocked by MOV_SS !"));
|
||
VMfail(VMXERR_VMENTRY_MOV_SS_BLOCKING);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
Bit32u launch_state;
|
||
access_read_physical(BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4, &launch_state);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4,
|
||
BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&launch_state));
|
||
|
||
if (vmlaunch) {
|
||
if (launch_state != VMCS_STATE_CLEAR) {
|
||
BX_ERROR(("VMFAIL: VMLAUNCH with non-clear VMCS!"));
|
||
VMfail(VMXERR_VMLAUNCH_NON_CLEAR_VMCS);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
}
|
||
else {
|
||
if (launch_state != VMCS_STATE_LAUNCHED) {
|
||
BX_ERROR(("VMFAIL: VMRESUME with non-launched VMCS!"));
|
||
VMfail(VMXERR_VMRESUME_NON_LAUNCHED_VMCS);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
}
|
||
|
||
///////////////////////////////////////////////////////
|
||
// STEP 1: Load and Check VM-Execution Control Fields
|
||
// STEP 2: Load and Check VM-Exit Control Fields
|
||
// STEP 3: Load and Check VM-Entry Control Fields
|
||
///////////////////////////////////////////////////////
|
||
|
||
VMX_error_code error = VMenterLoadCheckVmControls();
|
||
if (error != VMXERR_NO_ERROR) {
|
||
VMfail(error);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
///////////////////////////////////////////////////////
|
||
// STEP 4: Load and Check Host State
|
||
///////////////////////////////////////////////////////
|
||
|
||
error = VMenterLoadCheckHostState();
|
||
if (error != VMXERR_NO_ERROR) {
|
||
VMfail(error);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
///////////////////////////////////////////////////////
|
||
// STEP 5: Load and Check Guest State
|
||
///////////////////////////////////////////////////////
|
||
|
||
Bit64u qualification = VMENTER_ERR_NO_ERROR;
|
||
Bit32u state_load_error = VMenterLoadCheckGuestState(&qualification);
|
||
if (state_load_error) {
|
||
BX_ERROR(("VMEXIT: Guest State Checks Failed"));
|
||
VMexit(0, VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE | (1 << 31), qualification);
|
||
}
|
||
|
||
Bit32u msr = LoadMSRs(BX_CPU_THIS_PTR vmcs.vmentry_msr_load_cnt, BX_CPU_THIS_PTR vmcs.vmentry_msr_load_addr);
|
||
if (msr) {
|
||
BX_ERROR(("VMEXIT: Error when loading guest MSR 0x%08x", msr));
|
||
VMexit(0, VMX_VMEXIT_VMENTRY_FAILURE_MSR | (1 << 31), msr);
|
||
}
|
||
|
||
///////////////////////////////////////////////////////
|
||
// STEP 6: Update VMCS 'launched' state
|
||
///////////////////////////////////////////////////////
|
||
|
||
if (vmlaunch) {
|
||
launch_state = VMCS_STATE_LAUNCHED;
|
||
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR;
|
||
access_write_physical(pAddr, 4, &launch_state);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&launch_state));
|
||
}
|
||
|
||
/*
|
||
Check settings of VMX controls and host-state area;
|
||
if invalid settings
|
||
THEN VMfailValid(VM entry with invalid VMX-control field(s)) or
|
||
VMfailValid(VM entry with invalid host-state field(s)) or
|
||
VMfailValid(VM entry with invalid executive-VMCS pointer)) or
|
||
VMfailValid(VM entry with non-launched executive VMCS) or
|
||
VMfailValid(VM entry with executive-VMCS pointer not VMXON pointer)
|
||
VMfailValid(VM entry with invalid VM-execution control fields in executive VMCS)
|
||
(as appropriate);
|
||
else
|
||
Attempt to load guest state and PDPTRs as appropriate;
|
||
clear address-range monitoring;
|
||
if failure in checking guest state or PDPTRs
|
||
THEN VM entry fails (see Section 22.7, in the
|
||
IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
|
||
else
|
||
Attempt to load MSRs from VM-entry MSR-load area;
|
||
if failure
|
||
THEN VM entry fails (see Section 22.7, in the IntelR 64 and IA-32
|
||
Architectures Software Developer's Manual, Volume 3B);
|
||
else {
|
||
if VMLAUNCH
|
||
THEN launch state of VMCS <== "launched";
|
||
if in SMM and "entry to SMM" VM-entry control is 0
|
||
THEN
|
||
if "deactivate dual-monitor treatment" VM-entry control is 0
|
||
THEN SMM-transfer VMCS pointer <== current-VMCS pointer;
|
||
FI;
|
||
if executive-VMCS pointer is VMX pointer
|
||
THEN current-VMCS pointer <== VMCS-link pointer;
|
||
else current-VMCS pointer <== executive-VMCS pointer;
|
||
FI;
|
||
leave SMM;
|
||
FI;
|
||
VMsucceed();
|
||
}
|
||
FI;
|
||
FI;
|
||
*/
|
||
|
||
BX_CPU_THIS_PTR in_vmx_guest = 1;
|
||
BX_CPU_THIS_PTR disable_INIT = 0;
|
||
|
||
if (VMEXIT(VMX_VM_EXEC_CTRL2_TSC_OFFSET))
|
||
BX_CPU_THIS_PTR tsc_offset = VMread64(VMCS_64BIT_CONTROL_TSC_OFFSET);
|
||
else
|
||
BX_CPU_THIS_PTR tsc_offset = 0;
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (PIN_VMEXIT(VMX_VM_EXEC_CTRL1_VMX_PREEMPTION_TIMER_VMEXIT)) {
|
||
Bit32u timer_value = VMread32(VMCS_32BIT_GUEST_PREEMPTION_TIMER_VALUE);
|
||
if (timer_value == 0) {
|
||
BX_CPU_THIS_PTR pending_vmx_timer_expired = 1;
|
||
BX_CPU_THIS_PTR async_event = 1;
|
||
}
|
||
else {
|
||
// activate VMX preemption timer
|
||
BX_DEBUG(("VMX preemption timer active"));
|
||
BX_CPU_THIS_PTR pending_vmx_timer_expired = 0;
|
||
BX_CPU_THIS_PTR lapic.set_vmx_preemption_timer(timer_value);
|
||
}
|
||
}
|
||
#endif
|
||
|
||
///////////////////////////////////////////////////////
|
||
// STEP 7: Inject events to the guest
|
||
///////////////////////////////////////////////////////
|
||
|
||
VMenterInjectEvents();
|
||
#endif
|
||
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMPTRLD(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMPTRLD in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMPTRLD);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMPTRLD with CPL!=0 willcause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
Bit64u pAddr = read_virtual_qword(i->seg(), eaddr); // keep 64-bit
|
||
if ((pAddr & 0xfff) != 0 || ! IsValidPhyAddr(pAddr)) {
|
||
BX_ERROR(("VMFAIL: invalid or not page aligned physical address !"));
|
||
VMfail(VMXERR_VMPTRLD_INVALID_PHYSICAL_ADDRESS);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
if (pAddr == BX_CPU_THIS_PTR vmxonptr) {
|
||
BX_ERROR(("VMFAIL: VMPTRLD with VMXON ptr !"));
|
||
VMfail(VMXERR_VMPTRLD_WITH_VMXON_PTR);
|
||
}
|
||
else {
|
||
Bit32u revision = VMXReadRevisionID((bx_phy_address) pAddr);
|
||
if (revision != VMX_VMCS_REVISION_ID) {
|
||
BX_ERROR(("VMPTRLD: not expected (%d != %d) VMCS revision id !", revision, VMX_VMCS_REVISION_ID));
|
||
VMfail(VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID);
|
||
}
|
||
else {
|
||
set_VMCSPTR(pAddr);
|
||
VMsucceed();
|
||
}
|
||
}
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMPTRST(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMPTRST in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMPTRST);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMPTRST with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
write_virtual_qword(i->seg(), eaddr, BX_CPU_THIS_PTR vmcsptr);
|
||
VMsucceed();
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_CPP_INLINE Bit32u rotate_r(Bit32u val_32)
|
||
{
|
||
return (val_32 >> 8) | (val_32 << 24);
|
||
}
|
||
|
||
BX_CPP_INLINE Bit32u rotate_l(Bit32u val_32)
|
||
{
|
||
return (val_32 << 8) | (val_32 >> 24);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMREAD(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMREAD in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMREAD);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMREAD with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
if (! VMCSPTR_VALID()) {
|
||
BX_ERROR(("VMFAIL: VMREAD with invalid VMCS ptr !"));
|
||
VMfailInvalid();
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
|
||
if (BX_READ_64BIT_REG_HIGH(i->nnn())) {
|
||
BX_ERROR(("VMREAD: not supported field (upper 32-bit not zero)"));
|
||
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
}
|
||
#endif
|
||
unsigned encoding = BX_READ_32BIT_REG(i->nnn());
|
||
|
||
if (vmcs_field_offset(encoding) == 0xffffffff) {
|
||
BX_ERROR(("VMREAD: not supported field 0x%08x", encoding));
|
||
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
unsigned width = VMCS_FIELD_WIDTH(encoding);
|
||
Bit64u field_64;
|
||
|
||
if(width == VMCS_FIELD_WIDTH_16BIT) {
|
||
field_64 = VMread16(encoding);
|
||
}
|
||
else if(width == VMCS_FIELD_WIDTH_32BIT) {
|
||
// the real hardware write access rights rotated
|
||
if (encoding >= VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS && encoding <= VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS)
|
||
field_64 = rotate_r(VMread32(encoding));
|
||
else
|
||
field_64 = VMread32(encoding);
|
||
}
|
||
else if(width == VMCS_FIELD_WIDTH_64BIT) {
|
||
if (IS_VMCS_FIELD_HI(encoding))
|
||
field_64 = VMread32(encoding);
|
||
else
|
||
field_64 = VMread64(encoding);
|
||
}
|
||
else {
|
||
field_64 = VMread_natural(encoding);
|
||
}
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
|
||
if (i->modC0()) {
|
||
BX_WRITE_64BIT_REG(i->rm(), field_64);
|
||
}
|
||
else {
|
||
Bit64u eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
write_virtual_qword_64(i->seg(), eaddr, field_64);
|
||
}
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
Bit32u field_32 = GET32L(field_64);
|
||
|
||
if (i->modC0()) {
|
||
BX_WRITE_32BIT_REGZ(i->rm(), field_32);
|
||
}
|
||
else {
|
||
Bit32u eaddr = (Bit32u) BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
write_virtual_dword_32(i->seg(), eaddr, field_32);
|
||
}
|
||
}
|
||
|
||
VMsucceed();
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMWRITE(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMWRITE in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMWRITE);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMWRITE with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
if (! VMCSPTR_VALID()) {
|
||
BX_ERROR(("VMFAIL: VMWRITE with invalid VMCS ptr !"));
|
||
VMfailInvalid();
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
Bit64u val_64;
|
||
Bit32u val_32;
|
||
|
||
#if BX_SUPPORT_X86_64
|
||
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
|
||
if (i->modC0()) {
|
||
val_64 = BX_READ_64BIT_REG(i->rm());
|
||
}
|
||
else {
|
||
Bit64u eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
val_64 = read_virtual_qword_64(i->seg(), eaddr);
|
||
}
|
||
|
||
if (BX_READ_64BIT_REG_HIGH(i->nnn())) {
|
||
BX_ERROR(("VMWRITE: not supported field (upper 32-bit not zero)"));
|
||
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
val_32 = GET32L(val_64);
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
if (i->modC0()) {
|
||
val_32 = BX_READ_32BIT_REG(i->rm());
|
||
}
|
||
else {
|
||
Bit32u eaddr = (Bit32u) BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
val_32 = read_virtual_dword_32(i->seg(), eaddr);
|
||
}
|
||
|
||
val_64 = (Bit64u) val_32;
|
||
}
|
||
|
||
Bit32u encoding = BX_READ_32BIT_REG(i->nnn());
|
||
|
||
if (vmcs_field_offset(encoding) == 0xffffffff) {
|
||
BX_ERROR(("VMWRITE: not supported field 0x%08x", encoding));
|
||
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
if (VMCS_FIELD_TYPE(encoding) == VMCS_FIELD_TYPE_READ_ONLY)
|
||
{
|
||
BX_ERROR(("VMWRITE: write to read only field 0x%08x", encoding));
|
||
VMfail(VMXERR_VMWRITE_READ_ONLY_VMCS_COMPONENT);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
unsigned width = VMCS_FIELD_WIDTH(encoding);
|
||
|
||
if(width == VMCS_FIELD_WIDTH_16BIT) {
|
||
VMwrite16(encoding, val_32 & 0xffff);
|
||
}
|
||
else if(width == VMCS_FIELD_WIDTH_32BIT) {
|
||
// the real hardware write access rights rotated
|
||
if (encoding >= VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS && encoding <= VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS)
|
||
VMwrite32(encoding, rotate_l(val_32));
|
||
else
|
||
VMwrite32(encoding, val_32);
|
||
}
|
||
else if(width == VMCS_FIELD_WIDTH_64BIT) {
|
||
if (IS_VMCS_FIELD_HI(encoding))
|
||
VMwrite32(encoding, val_32);
|
||
else
|
||
VMwrite64(encoding, val_64);
|
||
}
|
||
else {
|
||
VMwrite_natural(encoding, (bx_address) val_64);
|
||
}
|
||
|
||
VMsucceed();
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMCLEAR(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: VMCLEAR in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_VMCLEAR);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("VMCLEAR with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
Bit64u pAddr = read_virtual_qword(i->seg(), eaddr); // keep 64-bit
|
||
if ((pAddr & 0xfff) != 0 || ! IsValidPhyAddr(pAddr)) {
|
||
BX_ERROR(("VMFAIL: VMCLEAR with invalid physical address!"));
|
||
VMfail(VMXERR_VMCLEAR_WITH_INVALID_ADDR);
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
if (pAddr == BX_CPU_THIS_PTR vmxonptr) {
|
||
BX_ERROR(("VMFAIL: VMLEAR with VMXON ptr !"));
|
||
VMfail(VMXERR_VMCLEAR_WITH_VMXON_VMCS_PTR);
|
||
}
|
||
else {
|
||
// ensure that data for VMCS referenced by the operand is in memory
|
||
// initialize implementation-specific data in VMCS region
|
||
|
||
// clear VMCS launch state
|
||
Bit32u launch_state = VMCS_STATE_CLEAR;
|
||
access_write_physical(pAddr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4, &launch_state);
|
||
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4,
|
||
BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&launch_state));
|
||
|
||
if (pAddr == BX_CPU_THIS_PTR vmcsptr) {
|
||
BX_CPU_THIS_PTR vmcsptr = BX_INVALID_VMCSPTR;
|
||
BX_CPU_THIS_PTR vmcshostptr = 0;
|
||
}
|
||
|
||
VMsucceed();
|
||
}
|
||
#endif
|
||
|
||
BX_NEXT_INSTR(i);
|
||
}
|
||
|
||
#if BX_CPU_LEVEL >= 6
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::INVEPT(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: INVEPT in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_INVEPT);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("INVEPT with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address type;
|
||
if (i->os64L()) {
|
||
type = BX_READ_64BIT_REG(i->nnn());
|
||
}
|
||
else {
|
||
type = BX_READ_32BIT_REG(i->nnn());
|
||
}
|
||
|
||
BxPackedXmmRegister inv_eptp;
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
read_virtual_dqword(i->seg(), eaddr, (Bit8u *) &inv_eptp);
|
||
|
||
switch(type) {
|
||
case BX_INVEPT_INVVPID_SINGLE_CONTEXT_INVALIDATION:
|
||
if (! is_eptptr_valid(inv_eptp.xmm64u(0))) {
|
||
BX_ERROR(("INVEPT: invalid EPTPTR value !"));
|
||
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
TLB_flush(); // Invalidate mappings associated with EPTP[51:12]
|
||
break;
|
||
|
||
case BX_INVEPT_INVVPID_ALL_CONTEXT_INVALIDATION:
|
||
TLB_flush(); // Invalidate mappings associated with all EPTPs
|
||
break;
|
||
|
||
default:
|
||
BX_ERROR(("INVEPT: not supported type !"));
|
||
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_INVEPT, type);
|
||
|
||
VMsucceed();
|
||
#else
|
||
BX_INFO(("INVEPT: required VMXx2 support, use --enable-vmx=2 option"));
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
#endif
|
||
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::INVVPID(bxInstruction_c *i)
|
||
{
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: INVVPID in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_INVVPID);
|
||
}
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("INVVPID with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address type;
|
||
if (i->os64L()) {
|
||
type = BX_READ_64BIT_REG(i->nnn());
|
||
}
|
||
else {
|
||
type = BX_READ_32BIT_REG(i->nnn());
|
||
}
|
||
|
||
BxPackedXmmRegister invvpid_desc;
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
read_virtual_dqword(i->seg(), eaddr, (Bit8u *) &invvpid_desc);
|
||
|
||
if (invvpid_desc.xmm64u(0) > 0xffff) {
|
||
BX_ERROR(("INVVPID: INVVPID_DESC reserved bits set"));
|
||
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
Bit16u vpid = invvpid_desc.xmm16u(0);
|
||
if (vpid == 0 && type != BX_INVEPT_INVVPID_ALL_CONTEXT_INVALIDATION) {
|
||
BX_ERROR(("INVVPID with VPID=0"));
|
||
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
switch(type) {
|
||
case BX_INVEPT_INVVPID_INDIVIDUAL_ADDRESS_INVALIDATION:
|
||
if (! IsCanonical(invvpid_desc.xmm64u(1))) {
|
||
BX_ERROR(("INVVPID: non canonical LADDR single context invalidation"));
|
||
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
TLB_flush(); // invalidate all mappings for address LADDR tagged with VPID
|
||
break;
|
||
|
||
case BX_INVEPT_INVVPID_SINGLE_CONTEXT_INVALIDATION:
|
||
TLB_flush(); // invalidate all mappings tagged with VPID
|
||
break;
|
||
|
||
case BX_INVEPT_INVVPID_ALL_CONTEXT_INVALIDATION:
|
||
TLB_flush(); // invalidate all mappings tagged with VPID <> 0
|
||
break;
|
||
|
||
case BX_INVEPT_INVVPID_SINGLE_CONTEXT_NON_GLOBAL_INVALIDATION:
|
||
TLB_flushNonGlobal(); // invalidate all mappings tagged with VPID except globals
|
||
break;
|
||
|
||
default:
|
||
BX_ERROR(("INVVPID: not supported type !"));
|
||
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_INVVPID, type);
|
||
|
||
VMsucceed();
|
||
#else
|
||
BX_INFO(("INVVPID: required VMXx2 support, use --enable-vmx=2 option"));
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
#endif
|
||
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::INVPCID(bxInstruction_c *i)
|
||
{
|
||
if (v8086_mode()) {
|
||
BX_ERROR(("INVPCID: not recognized in v8086 mode"));
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX
|
||
// INVPCID will always #UD in legacy VMX mode
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
if (! SECONDARY_VMEXEC_CONTROL(VMX_VM_EXEC_CTRL3_INVPCID)) {
|
||
BX_ERROR(("INVPCID in VMX guest: not allowed to use instruction !"));
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX >= 2
|
||
if (VMEXIT(VMX_VM_EXEC_CTRL2_INVLPG_VMEXIT)) {
|
||
BX_ERROR(("VMEXIT: INVPCID in VMX non-root operation"));
|
||
VMexit_Instruction(i, VMX_VMEXIT_INVPCID);
|
||
}
|
||
#endif
|
||
|
||
}
|
||
#endif
|
||
|
||
if (CPL != 0) {
|
||
BX_ERROR(("INVPCID with CPL!=0 cause #GP(0)"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
bx_address type;
|
||
#if BX_SUPPORT_X86_64
|
||
if (i->os64L()) {
|
||
type = BX_READ_64BIT_REG(i->nnn());
|
||
}
|
||
else
|
||
#endif
|
||
{
|
||
type = BX_READ_32BIT_REG(i->nnn());
|
||
}
|
||
|
||
BxPackedXmmRegister invpcid_desc;
|
||
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
|
||
read_virtual_dqword(i->seg(), eaddr, (Bit8u *) &invpcid_desc);
|
||
|
||
if (invpcid_desc.xmm64u(0) > 0xfff) {
|
||
BX_ERROR(("INVPCID: INVPCID_DESC reserved bits set"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
Bit16u pcid = invpcid_desc.xmm16u(0) & 0xfff;
|
||
|
||
switch(type) {
|
||
case BX_INVPCID_INDIVIDUAL_ADDRESS_NON_GLOBAL_INVALIDATION:
|
||
#if BX_SUPPORT_X86_64
|
||
if (! IsCanonical(invpcid_desc.xmm64u(1))) {
|
||
BX_ERROR(("INVPCID: non canonical LADDR single context invalidation"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
#endif
|
||
if (! BX_CPU_THIS_PTR cr4.get_PCIDE() && pcid != 0) {
|
||
BX_ERROR(("INVPCID: invalid PCID"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
TLB_flushNonGlobal(); // Invalidate all mappings for LADDR tagged with PCID except globals
|
||
break;
|
||
|
||
case BX_INVPCID_SINGLE_CONTEXT_NON_GLOBAL_INVALIDATION:
|
||
if (! BX_CPU_THIS_PTR cr4.get_PCIDE() && pcid != 0) {
|
||
BX_ERROR(("INVPCID: invalid PCID"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
TLB_flushNonGlobal(); // Invalidate all mappings tagged with PCID except globals
|
||
break;
|
||
|
||
case BX_INVPCID_ALL_CONTEXT_INVALIDATION:
|
||
TLB_flush(); // Invalidate all mappings tagged with any PCID
|
||
break;
|
||
|
||
case BX_INVPCID_ALL_CONTEXT_NON_GLOBAL_INVALIDATION:
|
||
TLB_flushNonGlobal(); // Invalidate all mappings tagged with any PCID except globals
|
||
break;
|
||
|
||
default:
|
||
BX_ERROR(("INVPCID: not supported type !"));
|
||
exception(BX_GP_EXCEPTION, 0);
|
||
}
|
||
|
||
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_INVPCID, type);
|
||
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
#endif
|
||
|
||
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::GETSEC(bxInstruction_c *i)
|
||
{
|
||
#if BX_CPU_LEVEL >= 6
|
||
if (! BX_CPU_THIS_PTR cr4.get_SMXE())
|
||
exception(BX_UD_EXCEPTION, 0);
|
||
|
||
#if BX_SUPPORT_VMX
|
||
if (BX_CPU_THIS_PTR in_vmx_guest) {
|
||
BX_ERROR(("VMEXIT: GETSEC in VMX non-root operation"));
|
||
VMexit(i, VMX_VMEXIT_GETSEC, 0);
|
||
}
|
||
#endif
|
||
|
||
BX_PANIC(("GETSEC: SMX is not implemented yet !"));
|
||
#endif
|
||
|
||
BX_NEXT_TRACE(i);
|
||
}
|
||
|
||
#if BX_SUPPORT_VMX
|
||
void BX_CPU_C::register_vmx_state(bx_param_c *parent)
|
||
{
|
||
if (! bx_cpuid_support_vmx()) return;
|
||
|
||
// register VMX state for save/restore param tree
|
||
bx_list_c *vmx = new bx_list_c(parent, "VMX", 9);
|
||
|
||
BXRS_HEX_PARAM_FIELD(vmx, vmcsptr, BX_CPU_THIS_PTR vmcsptr);
|
||
BXRS_HEX_PARAM_FIELD(vmx, vmxonptr, BX_CPU_THIS_PTR vmxonptr);
|
||
BXRS_PARAM_BOOL(vmx, in_vmx, BX_CPU_THIS_PTR in_vmx);
|
||
BXRS_PARAM_BOOL(vmx, in_vmx_guest, BX_CPU_THIS_PTR in_vmx_guest);
|
||
BXRS_PARAM_BOOL(vmx, in_smm_vmx, BX_CPU_THIS_PTR in_smm_vmx);
|
||
BXRS_PARAM_BOOL(vmx, in_smm_vmx_guest, BX_CPU_THIS_PTR in_smm_vmx_guest);
|
||
BXRS_PARAM_BOOL(vmx, vmx_interrupt_window, BX_CPU_THIS_PTR vmx_interrupt_window);
|
||
#if BX_SUPPORT_VMX >= 2
|
||
BXRS_PARAM_BOOL(vmx, pending_vmx_timer_expired, BX_CPU_THIS_PTR pending_vmx_timer_expired);
|
||
#endif
|
||
|
||
bx_list_c *vmcache = new bx_list_c(vmx, "VMCS_CACHE", 5);
|
||
|
||
//
|
||
// VM-Execution Control Fields
|
||
//
|
||
|
||
bx_list_c *vmexec_ctrls = new bx_list_c(vmcache, "VMEXEC_CTRLS", 29);
|
||
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vmexec_ctrls1, BX_CPU_THIS_PTR vmcs.vmexec_ctrls1);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vmexec_ctrls2, BX_CPU_THIS_PTR vmcs.vmexec_ctrls2);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vmexec_ctrls3, BX_CPU_THIS_PTR vmcs.vmexec_ctrls3);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_exceptions_bitmap, BX_CPU_THIS_PTR vmcs.vm_exceptions_bitmap);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_pf_mask, BX_CPU_THIS_PTR vmcs.vm_pf_mask);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_pf_match, BX_CPU_THIS_PTR vmcs.vm_pf_match);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, io_bitmap_addr1, BX_CPU_THIS_PTR vmcs.io_bitmap_addr[0]);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, io_bitmap_addr2, BX_CPU_THIS_PTR vmcs.io_bitmap_addr[1]);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, msr_bitmap_addr, BX_CPU_THIS_PTR vmcs.msr_bitmap_addr);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr0_mask, BX_CPU_THIS_PTR vmcs.vm_cr0_mask);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr0_read_shadow, BX_CPU_THIS_PTR vmcs.vm_cr0_read_shadow);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr4_mask, BX_CPU_THIS_PTR vmcs.vm_cr4_mask);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr4_read_shadow, BX_CPU_THIS_PTR vmcs.vm_cr4_read_shadow);
|
||
BXRS_DEC_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_cnt, BX_CPU_THIS_PTR vmcs.vm_cr3_target_cnt);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value1, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[0]);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value2, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[1]);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value3, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[2]);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value4, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[3]);
|
||
#if BX_SUPPORT_X86_64
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, virtual_apic_page_addr, BX_CPU_THIS_PTR vmcs.virtual_apic_page_addr);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_tpr_threshold, BX_CPU_THIS_PTR vmcs.vm_tpr_threshold);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, apic_access_page, BX_CPU_THIS_PTR vmcs.apic_access_page);
|
||
#endif
|
||
#if BX_SUPPORT_VMX >= 2
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, eptptr, BX_CPU_THIS_PTR vmcs.eptptr);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vpid, BX_CPU_THIS_PTR vmcs.vpid);
|
||
#endif
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, executive_vmcsptr, BX_CPU_THIS_PTR vmcs.executive_vmcsptr);
|
||
#if BX_SUPPORT_VMX >= 2
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, pause_loop_exiting_gap, BX_CPU_THIS_PTR vmcs.pause_loop_exiting_gap);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, pause_loop_exiting_window, BX_CPU_THIS_PTR vmcs.pause_loop_exiting_window);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, first_pause_time, BX_CPU_THIS_PTR vmcs.first_pause_time);
|
||
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, last_pause_time, BX_CPU_THIS_PTR vmcs.last_pause_time);
|
||
#endif
|
||
|
||
//
|
||
// VM-Exit Control Fields
|
||
//
|
||
|
||
bx_list_c *vmexit_ctrls = new bx_list_c(vmcache, "VMEXIT_CTRLS", 5);
|
||
|
||
BXRS_HEX_PARAM_FIELD(vmexit_ctrls, vmexit_ctrls, BX_CPU_THIS_PTR vmcs.vmexit_ctrls);
|
||
BXRS_DEC_PARAM_FIELD(vmexit_ctrls, vmexit_msr_store_cnt, BX_CPU_THIS_PTR vmcs.vmexit_msr_store_cnt);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_ctrls, vmexit_msr_store_addr, BX_CPU_THIS_PTR vmcs.vmexit_msr_store_addr);
|
||
BXRS_DEC_PARAM_FIELD(vmexit_ctrls, vmexit_msr_load_cnt, BX_CPU_THIS_PTR vmcs.vmexit_msr_load_cnt);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_ctrls, vmexit_msr_load_addr, BX_CPU_THIS_PTR vmcs.vmexit_msr_load_addr);
|
||
|
||
//
|
||
// VM-Entry Control Fields
|
||
//
|
||
|
||
bx_list_c *vmentry_ctrls = new bx_list_c(vmcache, "VMENTRY_CTRLS", 6);
|
||
|
||
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_ctrls, BX_CPU_THIS_PTR vmcs.vmentry_ctrls);
|
||
BXRS_DEC_PARAM_FIELD(vmentry_ctrls, vmentry_msr_load_cnt, BX_CPU_THIS_PTR vmcs.vmentry_msr_load_cnt);
|
||
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_msr_load_addr, BX_CPU_THIS_PTR vmcs.vmentry_msr_load_addr);
|
||
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_interr_info, BX_CPU_THIS_PTR vmcs.vmentry_interr_info);
|
||
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_excep_err_code, BX_CPU_THIS_PTR vmcs.vmentry_excep_err_code);
|
||
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_instr_length, BX_CPU_THIS_PTR vmcs.vmentry_instr_length);
|
||
|
||
//
|
||
// VM-Exit Information Fields
|
||
//
|
||
/*
|
||
bx_list_c *vmexit_info = new bx_list_c(vmcache, "VMEXIT_INFO", 15);
|
||
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_reason, BX_CPU_THIS_PTR vmcs.vmexit_reason);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_qualification, BX_CPU_THIS_PTR vmcs.vmexit_qualification);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_excep_info, BX_CPU_THIS_PTR vmcs.vmexit_excep_info);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_excep_error_code, BX_CPU_THIS_PTR vmcs.vmexit_excep_error_code);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_idt_vector_info, BX_CPU_THIS_PTR vmcs.vmexit_idt_vector_info);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_idt_vector_error_code, BX_CPU_THIS_PTR vmcs.vmexit_idt_vector_error_code);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_instr_info, BX_CPU_THIS_PTR vmcs.vmexit_instr_info);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_instr_length, BX_CPU_THIS_PTR vmcs.vmexit_instr_length);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_guest_laddr, BX_CPU_THIS_PTR vmcs.vmexit_guest_laddr);
|
||
#if BX_SUPPORT_VMX >= 2
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_guest_paddr, BX_CPU_THIS_PTR vmcs.vmexit_guest_paddr);
|
||
#endif
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rcx, BX_CPU_THIS_PTR vmcs.vmexit_io_rcx);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rsi, BX_CPU_THIS_PTR vmcs.vmexit_io_rsi);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rdi, BX_CPU_THIS_PTR vmcs.vmexit_io_rdi);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rip, BX_CPU_THIS_PTR vmcs.vmexit_io_rip);
|
||
BXRS_HEX_PARAM_FIELD(vmexit_info, vm_instr_error, BX_CPU_THIS_PTR vmcs.vm_instr_error);
|
||
*/
|
||
//
|
||
// VMCS Host State
|
||
//
|
||
|
||
bx_list_c *host = new bx_list_c(vmcache, "HOST_STATE", 22);
|
||
|
||
#undef NEED_CPU_REG_SHORTCUTS
|
||
|
||
BXRS_HEX_PARAM_FIELD(host, CR0, BX_CPU_THIS_PTR vmcs.host_state.cr0);
|
||
BXRS_HEX_PARAM_FIELD(host, CR3, BX_CPU_THIS_PTR vmcs.host_state.cr3);
|
||
BXRS_HEX_PARAM_FIELD(host, CR4, BX_CPU_THIS_PTR vmcs.host_state.cr4);
|
||
BXRS_HEX_PARAM_FIELD(host, ES, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_ES]);
|
||
BXRS_HEX_PARAM_FIELD(host, CS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_CS]);
|
||
BXRS_HEX_PARAM_FIELD(host, SS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_SS]);
|
||
BXRS_HEX_PARAM_FIELD(host, DS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_DS]);
|
||
BXRS_HEX_PARAM_FIELD(host, FS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_FS]);
|
||
BXRS_HEX_PARAM_FIELD(host, FS_BASE, BX_CPU_THIS_PTR vmcs.host_state.fs_base);
|
||
BXRS_HEX_PARAM_FIELD(host, GS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_GS]);
|
||
BXRS_HEX_PARAM_FIELD(host, GS_BASE, BX_CPU_THIS_PTR vmcs.host_state.gs_base);
|
||
BXRS_HEX_PARAM_FIELD(host, GDTR_BASE, BX_CPU_THIS_PTR vmcs.host_state.gdtr_base);
|
||
BXRS_HEX_PARAM_FIELD(host, IDTR_BASE, BX_CPU_THIS_PTR vmcs.host_state.idtr_base);
|
||
BXRS_HEX_PARAM_FIELD(host, TR, BX_CPU_THIS_PTR vmcs.host_state.tr_selector);
|
||
BXRS_HEX_PARAM_FIELD(host, TR_BASE, BX_CPU_THIS_PTR vmcs.host_state.tr_base);
|
||
BXRS_HEX_PARAM_FIELD(host, RSP, BX_CPU_THIS_PTR vmcs.host_state.rsp);
|
||
BXRS_HEX_PARAM_FIELD(host, RIP, BX_CPU_THIS_PTR vmcs.host_state.rip);
|
||
BXRS_HEX_PARAM_FIELD(host, sysenter_esp_msr, BX_CPU_THIS_PTR vmcs.host_state.sysenter_esp_msr);
|
||
BXRS_HEX_PARAM_FIELD(host, sysenter_eip_msr, BX_CPU_THIS_PTR vmcs.host_state.sysenter_eip_msr);
|
||
BXRS_HEX_PARAM_FIELD(host, sysenter_cs_msr, BX_CPU_THIS_PTR vmcs.host_state.sysenter_cs_msr);
|
||
#if BX_SUPPORT_VMX >= 2
|
||
BXRS_HEX_PARAM_FIELD(host, pat_msr, BX_CPU_THIS_PTR vmcs.host_state.pat_msr);
|
||
#if BX_SUPPORT_X86_64
|
||
BXRS_HEX_PARAM_FIELD(host, efer_msr, BX_CPU_THIS_PTR vmcs.host_state.efer_msr);
|
||
#endif
|
||
#endif
|
||
}
|
||
|
||
#endif // BX_SUPPORT_VMX
|