Bochs/bochs/cpu/vmx.cc
2011-12-27 19:42:11 +00:00

3291 lines
114 KiB
C++
Raw Blame History

/////////////////////////////////////////////////////////////////////////
// $Id$
/////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2009-2011 Stanislav Shwartsman
// Written by Stanislav Shwartsman [sshwarts at sourceforge net]
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA
//
/////////////////////////////////////////////////////////////////////////
#define NEED_CPU_REG_SHORTCUTS 1
#include "bochs.h"
#include "cpu.h"
#define LOG_THIS BX_CPU_THIS_PTR
#include "iodev/iodev.h"
#if BX_SUPPORT_VMX
#define VMCSPTR_VALID() (BX_CPU_THIS_PTR vmcsptr != BX_INVALID_VMCSPTR)
extern unsigned vmcs_field_offset(Bit32u encoding);
#if BX_SUPPORT_VMX >= 2
extern bx_bool isValidMSR_PAT(Bit64u pat_msr);
#endif
////////////////////////////////////////////////////////////
// VMCS access
////////////////////////////////////////////////////////////
void BX_CPU_C::set_VMCSPTR(Bit64u vmxptr)
{
BX_CPU_THIS_PTR vmcsptr = vmxptr;
if (vmxptr != BX_INVALID_VMCSPTR)
BX_CPU_THIS_PTR vmcshostptr = BX_CPU_THIS_PTR getHostMemAddr(vmxptr, BX_WRITE);
else
BX_CPU_THIS_PTR vmcshostptr = 0;
}
Bit16u BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread16(unsigned encoding)
{
Bit16u field;
unsigned offset = vmcs_field_offset(encoding);
if(offset >= VMX_VMCS_AREA_SIZE)
BX_PANIC(("VMread16: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
BX_ASSERT(VMCS_FIELD_WIDTH(encoding) == VMCS_FIELD_WIDTH_16BIT);
if (BX_CPU_THIS_PTR vmcshostptr) {
Bit16u *hostAddr = (Bit16u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
ReadHostWordFromLittleEndian(hostAddr, field);
}
else {
access_read_physical(pAddr, 2, (Bit8u*)(&field));
}
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 2, BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&field));
return field;
}
// write 16-bit value into VMCS 16-bit field
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite16(unsigned encoding, Bit16u val_16)
{
unsigned offset = vmcs_field_offset(encoding);
if(offset >= VMX_VMCS_AREA_SIZE)
BX_PANIC(("VMwrite16: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
BX_ASSERT(VMCS_FIELD_WIDTH(encoding) == VMCS_FIELD_WIDTH_16BIT);
if (BX_CPU_THIS_PTR vmcshostptr) {
Bit16u *hostAddr = (Bit16u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
pageWriteStampTable.decWriteStamp(pAddr, 2);
WriteHostWordToLittleEndian(hostAddr, val_16);
}
else {
access_write_physical(pAddr, 2, (Bit8u*)(&val_16));
}
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 2, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&val_16));
}
Bit32u BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread32(unsigned encoding)
{
Bit32u field;
unsigned offset = vmcs_field_offset(encoding);
if(offset >= VMX_VMCS_AREA_SIZE)
BX_PANIC(("VMread32: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
if (BX_CPU_THIS_PTR vmcshostptr) {
Bit32u *hostAddr = (Bit32u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
ReadHostDWordFromLittleEndian(hostAddr, field);
}
else {
access_read_physical(pAddr, 4, (Bit8u*)(&field));
}
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&field));
return field;
}
// write 32-bit value into VMCS field
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite32(unsigned encoding, Bit32u val_32)
{
unsigned offset = vmcs_field_offset(encoding);
if(offset >= VMX_VMCS_AREA_SIZE)
BX_PANIC(("VMwrite32: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
if (BX_CPU_THIS_PTR vmcshostptr) {
Bit32u *hostAddr = (Bit32u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
pageWriteStampTable.decWriteStamp(pAddr, 4);
WriteHostDWordToLittleEndian(hostAddr, val_32);
}
else {
access_write_physical(pAddr, 4, (Bit8u*)(&val_32));
}
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&val_32));
}
Bit64u BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread64(unsigned encoding)
{
BX_ASSERT(!IS_VMCS_FIELD_HI(encoding));
Bit64u field;
unsigned offset = vmcs_field_offset(encoding);
if(offset >= VMX_VMCS_AREA_SIZE)
BX_PANIC(("VMread64: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
if (BX_CPU_THIS_PTR vmcshostptr) {
Bit64u *hostAddr = (Bit64u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
ReadHostQWordFromLittleEndian(hostAddr, field);
}
else {
access_read_physical(pAddr, 8, (Bit8u*)(&field));
}
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&field));
return field;
}
// write 64-bit value into VMCS field
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite64(unsigned encoding, Bit64u val_64)
{
BX_ASSERT(!IS_VMCS_FIELD_HI(encoding));
unsigned offset = vmcs_field_offset(encoding);
if(offset >= VMX_VMCS_AREA_SIZE)
BX_PANIC(("VMwrite64: can't access encoding 0x%08x, offset=0x%x", encoding, offset));
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + offset;
if (BX_CPU_THIS_PTR vmcshostptr) {
Bit64u *hostAddr = (Bit64u*) (BX_CPU_THIS_PTR vmcshostptr | offset);
pageWriteStampTable.decWriteStamp(pAddr, 8);
WriteHostQWordToLittleEndian(hostAddr, val_64);
}
else {
access_write_physical(pAddr, 8, (Bit8u*)(&val_64));
}
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&val_64));
}
#if BX_SUPPORT_X86_64
BX_CPP_INLINE bx_address BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread_natural(unsigned encoding)
{
return VMread64(encoding);
}
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite_natural(unsigned encoding, bx_address val)
{
VMwrite64(encoding, val);
}
#else
BX_CPP_INLINE bx_address BX_CPP_AttrRegparmN(1) BX_CPU_C::VMread_natural(unsigned encoding)
{
return VMread32(encoding);
}
void BX_CPP_AttrRegparmN(2) BX_CPU_C::VMwrite_natural(unsigned encoding, bx_address val)
{
VMwrite32(encoding, val);
}
#endif
////////////////////////////////////////////////////////////
// VMfail/VMsucceed
////////////////////////////////////////////////////////////
BX_CPP_INLINE void BX_CPU_C::VMsucceed(void)
{
setEFlagsOSZAPC(0);
}
BX_CPP_INLINE void BX_CPU_C::VMfailInvalid(void)
{
setEFlagsOSZAPC(EFlagsCFMask);
}
BX_CPP_INLINE void BX_CPU_C::VMfail(Bit32u error_code)
{
if (VMCSPTR_VALID()) { // executed only if there is a current VMCS
setEFlagsOSZAPC(EFlagsZFMask);
VMwrite32(VMCS_32BIT_INSTRUCTION_ERROR, error_code);
}
else {
setEFlagsOSZAPC(EFlagsCFMask);
}
}
void BX_CPU_C::VMabort(VMX_vmabort_code error_code)
{
Bit32u abort = error_code;
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + VMCS_VMX_ABORT_FIELD_ADDR;
access_write_physical(pAddr, 4, &abort);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&abort));
#if BX_SUPPORT_VMX >= 2
// Deactivate VMX preemtion timer
BX_CPU_THIS_PTR lapic.deactivate_vmx_preemption_timer();
#endif
shutdown();
}
unsigned BX_CPU_C::VMXReadRevisionID(bx_phy_address pAddr)
{
Bit32u revision;
access_read_physical(pAddr + VMCS_REVISION_ID_FIELD_ADDR, 4, &revision);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + VMCS_REVISION_ID_FIELD_ADDR, 4,
BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&revision));
return revision;
}
#if BX_SUPPORT_VMX >= 2
bx_bool is_eptptr_valid(Bit64u eptptr)
{
// [2:0] EPT paging-structure memory type
// 0 = Uncacheable (UC)
// 6 = Write-back (WB)
Bit32u memtype = eptptr & 7;
if (memtype != BX_MEMTYPE_UC && memtype != BX_MEMTYPE_WB) return 0;
// [5:3] This value is 1 less than the EPT page-walk length
Bit32u walk_length = (eptptr >> 3) & 7;
if (walk_length != 3) return 0;
#define BX_EPTPTR_RESERVED_BITS 0xfc0 /* bits 11:6 are reserved */
if (eptptr & BX_EPTPTR_RESERVED_BITS) return 0;
if (! IsValidPhyAddr(eptptr)) return 0;
return 1;
}
#endif
////////////////////////////////////////////////////////////
// VMenter
////////////////////////////////////////////////////////////
extern struct BxExceptionInfo exceptions_info[];
#define VMENTRY_INJECTING_EVENT(vmentry_interr_info) (vmentry_interr_info & 0x80000000)
#define VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_LO \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PINBASED_CTRLS_LO : VMX_MSR_VMX_PINBASED_CTRLS_LO)
#define VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PINBASED_CTRLS_HI : VMX_MSR_VMX_PINBASED_CTRLS_HI)
#define VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_LO \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PROCBASED_CTRLS_LO : VMX_MSR_VMX_PROCBASED_CTRLS_LO)
#define VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_PROCBASED_CTRLS_HI : VMX_MSR_VMX_PROCBASED_CTRLS_HI)
#define VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_LO \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMEXIT_CTRLS_LO : VMX_MSR_VMX_VMEXIT_CTRLS_LO)
#define VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_HI \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMEXIT_CTRLS_HI : VMX_MSR_VMX_VMEXIT_CTRLS_HI)
#define VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_LO \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMENTRY_CTRLS_LO : VMX_MSR_VMX_VMENTRY_CTRLS_LO)
#define VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_HI \
((BX_SUPPORT_VMX >= 2) ? VMX_MSR_VMX_TRUE_VMENTRY_CTRLS_HI : VMX_MSR_VMX_VMENTRY_CTRLS_HI)
VMX_error_code BX_CPU_C::VMenterLoadCheckVmControls(void)
{
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
//
// Load VM-execution control fields to VMCS Cache
//
vm->vmexec_ctrls1 = VMread32(VMCS_32BIT_CONTROL_PIN_BASED_EXEC_CONTROLS);
vm->vmexec_ctrls2 = VMread32(VMCS_32BIT_CONTROL_PROCESSOR_BASED_VMEXEC_CONTROLS);
if (VMEXIT(VMX_VM_EXEC_CTRL2_SECONDARY_CONTROLS))
vm->vmexec_ctrls3 = VMread32(VMCS_32BIT_CONTROL_SECONDARY_VMEXEC_CONTROLS);
else
vm->vmexec_ctrls3 = 0;
vm->vm_exceptions_bitmap = VMread32(VMCS_32BIT_CONTROL_EXECUTION_BITMAP);
vm->vm_pf_mask = VMread32(VMCS_32BIT_CONTROL_PAGE_FAULT_ERR_CODE_MASK);
vm->vm_pf_match = VMread32(VMCS_32BIT_CONTROL_PAGE_FAULT_ERR_CODE_MATCH);
vm->vm_cr0_mask = VMread_natural(VMCS_CONTROL_CR0_GUEST_HOST_MASK);
vm->vm_cr4_mask = VMread_natural(VMCS_CONTROL_CR4_GUEST_HOST_MASK);
vm->vm_cr0_read_shadow = VMread_natural(VMCS_CONTROL_CR0_READ_SHADOW);
vm->vm_cr4_read_shadow = VMread_natural(VMCS_CONTROL_CR4_READ_SHADOW);
vm->vm_cr3_target_cnt = VMread32(VMCS_32BIT_CONTROL_CR3_TARGET_COUNT);
for (int n=0; n<VMX_CR3_TARGET_MAX_CNT; n++)
vm->vm_cr3_target_value[n] = VMread_natural(VMCS_CR3_TARGET0 + 2*n);
vm->executive_vmcsptr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_EXECUTIVE_VMCS_PTR);
//
// Check VM-execution control fields
//
if (~vm->vmexec_ctrls1 & VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls1 & ~VMX_CHECKS_USE_MSR_VMX_PINBASED_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX pin-based controls allowed 1-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (~vm->vmexec_ctrls2 & VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls2 & ~VMX_CHECKS_USE_MSR_VMX_PROCBASED_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX proc-based controls allowed 1-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (~vm->vmexec_ctrls3 & VMX_MSR_VMX_PROCBASED_CTRLS2_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary proc-based controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls3 & ~VMX_MSR_VMX_PROCBASED_CTRLS2_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX secondary proc-based controls allowed 1-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vm_cr3_target_cnt > VMX_CR3_TARGET_MAX_CNT) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: too may CR3 targets %d", vm->vm_cr3_target_cnt));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_IO_BITMAPS) {
vm->io_bitmap_addr[0] = VMread64(VMCS_64BIT_CONTROL_IO_BITMAP_A);
vm->io_bitmap_addr[1] = VMread64(VMCS_64BIT_CONTROL_IO_BITMAP_B);
// I/O bitmaps control enabled
for (int bitmap=0; bitmap < 2; bitmap++) {
if (vm->io_bitmap_addr[bitmap] & 0xfff) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: I/O bitmap %c must be 4K aligned", 'A' + bitmap));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (! IsValidPhyAddr(vm->io_bitmap_addr[bitmap])) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: I/O bitmap %c phy addr malformed", 'A' + bitmap));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
}
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_MSR_BITMAPS) {
// MSR bitmaps control enabled
vm->msr_bitmap_addr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_MSR_BITMAPS);
if ((vm->msr_bitmap_addr & 0xfff) != 0 || ! IsValidPhyAddr(vm->msr_bitmap_addr)) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: MSR bitmap phy addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (! (vm->vmexec_ctrls1 & VMX_VM_EXEC_CTRL1_VIRTUAL_NMI)) {
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_NMI_WINDOW_VMEXIT) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: misconfigured virtual NMI control"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
#if BX_SUPPORT_X86_64
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_TPR_SHADOW) {
vm->virtual_apic_page_addr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_VIRTUAL_APIC_PAGE_ADDR);
vm->vm_tpr_threshold = VMread32(VMCS_32BIT_CONTROL_TPR_THRESHOLD);
if ((vm->virtual_apic_page_addr & 0xfff) != 0 || ! IsValidPhyAddr(vm->virtual_apic_page_addr)) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: virtual apic phy addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vm_tpr_threshold & 0xfffffff0) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: TPR threshold too big"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_APIC_ACCESSES)) {
Bit8u tpr_shadow = (VMX_Read_VTPR() >> 4) & 0xf;
if (vm->vm_tpr_threshold > tpr_shadow) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: TPR threshold > TPR shadow"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
}
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_APIC_ACCESSES) {
vm->apic_access_page = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_APIC_ACCESS_ADDR);
if ((vm->apic_access_page & 0xfff) != 0 || ! IsValidPhyAddr(vm->apic_access_page)) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: apic access page phy addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
#endif
#if BX_SUPPORT_VMX >= 2
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_X2APIC_MODE) {
// 'use TPR shadow' must be set and "virtualize APIC accesses" must be clear
if (!(vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_TPR_SHADOW) ||
(vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VIRTUALIZE_APIC_ACCESSES)) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: virtualize X2APIC mode misconfigured"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
vm->eptptr = (bx_phy_address) VMread64(VMCS_64BIT_CONTROL_EPTPTR);
if (! is_eptptr_valid(vm->eptptr)) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: invalid EPTPTR value"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
else {
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: unrestricted guest without EPT"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VPID_ENABLE) {
vm->vpid = VMread16(VMCS_16BIT_CONTROL_VPID);
if (vm->vpid == 0) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: guest VPID == 0"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_PAUSE_LOOP_VMEXIT) {
vm->pause_loop_exiting_gap = VMread32(VMCS_32BIT_CONTROL_PAUSE_LOOP_EXITING_GAP);
vm->pause_loop_exiting_window = VMread32(VMCS_32BIT_CONTROL_PAUSE_LOOP_EXITING_WINDOW);
}
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_VMFUNC_ENABLE)
vm->vmfunc_ctrls = VMread64(VMCS_64BIT_CONTROL_VMFUNC_CTRLS);
else
vm->vmfunc_ctrls = 0;
if (vm->vmfunc_ctrls & ~VMX_VMFUNC_CTRL1_SUPPORTED_BITS) {
BX_ERROR(("VMFAIL: VMCS VM Functions control reserved bits set"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmfunc_ctrls & VMX_VMFUNC_EPTP_SWITCHING_MASK) {
if ((vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) == 0) {
BX_ERROR(("VMFAIL: VMFUNC EPTP-SWITCHING: EPT disabled"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
vm->eptp_list_address = VMread64(VMCS_64BIT_CONTROL_EPTP_LIST_ADDRESS);
if ((vm->eptp_list_address & 0xfff) != 0 || ! IsValidPhyAddr(vm->eptp_list_address)) {
BX_ERROR(("VMFAIL: VMFUNC EPTP-SWITCHING: eptp list phy addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
#endif
//
// Load VM-exit control fields to VMCS Cache
//
vm->vmexit_ctrls = VMread32(VMCS_32BIT_CONTROL_VMEXIT_CONTROLS);
vm->vmexit_msr_store_cnt = VMread32(VMCS_32BIT_CONTROL_VMEXIT_MSR_STORE_COUNT);
vm->vmexit_msr_load_cnt = VMread32(VMCS_32BIT_CONTROL_VMEXIT_MSR_LOAD_COUNT);
//
// Check VM-exit control fields
//
if (~vm->vmexit_ctrls & VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmexit controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmexit_ctrls & ~VMX_CHECKS_USE_MSR_VMX_VMEXIT_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmexit controls allowed 1-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
#if BX_SUPPORT_VMX >= 2
if ((~vm->vmexec_ctrls1 & VMX_VM_EXEC_CTRL1_VMX_PREEMPTION_TIMER_VMEXIT) && (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_VMX_PREEMPTION_TIMER)) {
BX_ERROR(("VMFAIL: save_VMX_preemption_timer VMEXIT control is set but VMX_preemption_timer VMEXEC control is clear"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
#endif
if (vm->vmexit_msr_store_cnt > 0) {
vm->vmexit_msr_store_addr = VMread64(VMCS_64BIT_CONTROL_VMEXIT_MSR_STORE_ADDR);
if ((vm->vmexit_msr_store_addr & 0xf) != 0 || ! IsValidPhyAddr(vm->vmexit_msr_store_addr)) {
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr store addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
Bit64u last_byte = vm->vmexit_msr_store_addr + (vm->vmexit_msr_store_cnt * 16) - 1;
if (! IsValidPhyAddr(last_byte)) {
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr store addr too high"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (vm->vmexit_msr_load_cnt > 0) {
vm->vmexit_msr_load_addr = VMread64(VMCS_64BIT_CONTROL_VMEXIT_MSR_LOAD_ADDR);
if ((vm->vmexit_msr_load_addr & 0xf) != 0 || ! IsValidPhyAddr(vm->vmexit_msr_load_addr)) {
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr load addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
Bit64u last_byte = (Bit64u) vm->vmexit_msr_load_addr + (vm->vmexit_msr_load_cnt * 16) - 1;
if (! IsValidPhyAddr(last_byte)) {
BX_ERROR(("VMFAIL: VMCS VMEXIT CTRL: msr load addr too high"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
//
// Load VM-entry control fields to VMCS Cache
//
vm->vmentry_ctrls = VMread32(VMCS_32BIT_CONTROL_VMENTRY_CONTROLS);
vm->vmentry_msr_load_cnt = VMread32(VMCS_32BIT_CONTROL_VMENTRY_MSR_LOAD_COUNT);
//
// Check VM-entry control fields
//
if (~vm->vmentry_ctrls & VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_LO) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmentry controls allowed 0-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmentry_ctrls & ~VMX_CHECKS_USE_MSR_VMX_VMENTRY_CTRLS_HI) {
BX_ERROR(("VMFAIL: VMCS EXEC CTRL: VMX vmentry controls allowed 1-settings"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (vm->vmentry_ctrls & VMX_VMENTRY_CTRL1_DEACTIVATE_DUAL_MONITOR_TREATMENT) {
if (! BX_CPU_THIS_PTR in_smm) {
BX_ERROR(("VMFAIL: VMENTRY from outside SMM with dual-monitor treatment enabled"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (vm->vmentry_msr_load_cnt > 0) {
vm->vmentry_msr_load_addr = VMread64(VMCS_64BIT_CONTROL_VMENTRY_MSR_LOAD_ADDR);
if ((vm->vmentry_msr_load_addr & 0xf) != 0 || ! IsValidPhyAddr(vm->vmentry_msr_load_addr)) {
BX_ERROR(("VMFAIL: VMCS VMENTRY CTRL: msr load addr malformed"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
Bit64u last_byte = vm->vmentry_msr_load_addr + (vm->vmentry_msr_load_cnt * 16) - 1;
if (! IsValidPhyAddr(last_byte)) {
BX_ERROR(("VMFAIL: VMCS VMENTRY CTRL: msr load addr too high"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
//
// Check VM-entry event injection info
//
vm->vmentry_interr_info = VMread32(VMCS_32BIT_CONTROL_VMENTRY_INTERRUPTION_INFO);
vm->vmentry_excep_err_code = VMread32(VMCS_32BIT_CONTROL_VMENTRY_EXCEPTION_ERR_CODE);
vm->vmentry_instr_length = VMread32(VMCS_32BIT_CONTROL_VMENTRY_INSTRUCTION_LENGTH);
if (VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info)) {
/* the VMENTRY injecting event to the guest */
unsigned vector = vm->vmentry_interr_info & 0xff;
unsigned event_type = (vm->vmentry_interr_info >> 8) & 7;
unsigned push_error = (vm->vmentry_interr_info >> 11) & 1;
unsigned error_code = push_error ? vm->vmentry_excep_err_code : 0;
unsigned push_error_reference = 0;
if (event_type == BX_HARDWARE_EXCEPTION && vector < BX_CPU_HANDLED_EXCEPTIONS &&
exceptions_info[vector].push_error) push_error_reference = 1;
if (vm->vmentry_interr_info & 0x7ffff000) {
BX_ERROR(("VMFAIL: VMENTRY broken interruption info field"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
switch (event_type) {
case BX_EXTERNAL_INTERRUPT:
break;
case BX_NMI:
if (vector != 2) {
BX_ERROR(("VMFAIL: VMENTRY bad injected event vector %d", vector));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
break;
case BX_HARDWARE_EXCEPTION:
if (vector > 31) {
BX_ERROR(("VMFAIL: VMENTRY bad injected event vector %d", vector));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
break;
case BX_SOFTWARE_INTERRUPT:
case BX_PRIVILEGED_SOFTWARE_INTERRUPT:
case BX_SOFTWARE_EXCEPTION:
if (vm->vmentry_instr_length == 0 || vm->vmentry_instr_length > 15) {
BX_ERROR(("VMFAIL: VMENTRY bad injected event instr length"));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
break;
default:
BX_ERROR(("VMFAIL: VMENTRY bad injected event type %d", event_type));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
if (push_error != push_error_reference) {
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST)) {
BX_ERROR(("VMFAIL: VMENTRY injected event vector %d should push error", vector));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
if (error_code & 0x7fff0000) {
BX_ERROR(("VMFAIL: VMENTRY bad error code 0x%08x for injected event %d", error_code, vector));
return VMXERR_VMENTRY_INVALID_VM_CONTROL_FIELD;
}
}
return VMXERR_NO_ERROR;
}
VMX_error_code BX_CPU_C::VMenterLoadCheckHostState(void)
{
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
VMCS_HOST_STATE *host_state = &vm->host_state;
bx_bool x86_64_host = 0, x86_64_guest = 0;
//
// VM Host State Checks Related to Address-Space Size
//
Bit32u vmexit_ctrls = vm->vmexit_ctrls;
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_HOST_ADDR_SPACE_SIZE) {
x86_64_host = 1;
}
Bit32u vmentry_ctrls = vm->vmentry_ctrls;
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_X86_64_GUEST) {
x86_64_guest = 1;
}
#if BX_SUPPORT_X86_64
if (long_mode()) {
if (! x86_64_host) {
BX_ERROR(("VMFAIL: VMCS x86-64 host control invalid on VMENTRY"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
else
#endif
{
if (x86_64_host || x86_64_guest) {
BX_ERROR(("VMFAIL: VMCS x86-64 guest(%d)/host(%d) controls invalid on VMENTRY", x86_64_guest, x86_64_host));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
//
// Load and Check VM Host State to VMCS Cache
//
host_state->cr0 = (bx_address) VMread_natural(VMCS_HOST_CR0);
if (~host_state->cr0 & VMX_MSR_CR0_FIXED0) {
BX_ERROR(("VMFAIL: VMCS host state invalid CR0 0x%08x", (Bit32u) host_state->cr0));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (host_state->cr0 & ~VMX_MSR_CR0_FIXED1) {
BX_ERROR(("VMFAIL: VMCS host state invalid CR0 0x%08x", (Bit32u) host_state->cr0));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
host_state->cr3 = (bx_address) VMread_natural(VMCS_HOST_CR3);
#if BX_SUPPORT_X86_64
if (! IsValidPhyAddr(host_state->cr3)) {
BX_ERROR(("VMFAIL: VMCS host state invalid CR3"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
#endif
host_state->cr4 = (bx_address) VMread_natural(VMCS_HOST_CR4);
if (~host_state->cr4 & VMX_MSR_CR4_FIXED0) {
BX_ERROR(("VMFAIL: VMCS host state invalid CR4 0x" FMT_ADDRX, host_state->cr4));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (host_state->cr4 & ~VMX_MSR_CR4_FIXED1) {
BX_ERROR(("VMFAIL: VMCS host state invalid CR4 0x" FMT_ADDRX, host_state->cr4));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
for(int n=0; n<6; n++) {
host_state->segreg_selector[n] = VMread16(VMCS_16BIT_HOST_ES_SELECTOR + 2*n);
if (host_state->segreg_selector[n] & 7) {
BX_ERROR(("VMFAIL: VMCS host segreg %d TI/RPL != 0", n));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
if (host_state->segreg_selector[BX_SEG_REG_CS] == 0) {
BX_ERROR(("VMFAIL: VMCS host CS selector 0"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (! x86_64_host && host_state->segreg_selector[BX_SEG_REG_SS] == 0) {
BX_ERROR(("VMFAIL: VMCS host SS selector 0"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
host_state->tr_selector = VMread16(VMCS_16BIT_HOST_TR_SELECTOR);
if (! host_state->tr_selector || (host_state->tr_selector & 7) != 0) {
BX_ERROR(("VMFAIL: VMCS invalid host TR selector"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
host_state->tr_base = (bx_address) VMread_natural(VMCS_HOST_TR_BASE);
#if BX_SUPPORT_X86_64
if (! IsCanonical(host_state->tr_base)) {
BX_ERROR(("VMFAIL: VMCS host TR BASE non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
#endif
host_state->fs_base = (bx_address) VMread_natural(VMCS_HOST_FS_BASE);
host_state->gs_base = (bx_address) VMread_natural(VMCS_HOST_GS_BASE);
#if BX_SUPPORT_X86_64
if (! IsCanonical(host_state->fs_base)) {
BX_ERROR(("VMFAIL: VMCS host FS BASE non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (! IsCanonical(host_state->gs_base)) {
BX_ERROR(("VMFAIL: VMCS host GS BASE non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
#endif
host_state->gdtr_base = (bx_address) VMread_natural(VMCS_HOST_GDTR_BASE);
host_state->idtr_base = (bx_address) VMread_natural(VMCS_HOST_IDTR_BASE);
#if BX_SUPPORT_X86_64
if (! IsCanonical(host_state->gdtr_base)) {
BX_ERROR(("VMFAIL: VMCS host GDTR BASE non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (! IsCanonical(host_state->idtr_base)) {
BX_ERROR(("VMFAIL: VMCS host IDTR BASE non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
#endif
host_state->sysenter_esp_msr = (bx_address) VMread_natural(VMCS_HOST_IA32_SYSENTER_ESP_MSR);
host_state->sysenter_eip_msr = (bx_address) VMread_natural(VMCS_HOST_IA32_SYSENTER_EIP_MSR);
host_state->sysenter_cs_msr = (Bit16u) VMread32(VMCS_32BIT_HOST_IA32_SYSENTER_CS_MSR);
#if BX_SUPPORT_X86_64
if (! IsCanonical(host_state->sysenter_esp_msr)) {
BX_ERROR(("VMFAIL: VMCS host SYSENTER_ESP_MSR non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (! IsCanonical(host_state->sysenter_eip_msr)) {
BX_ERROR(("VMFAIL: VMCS host SYSENTER_EIP_MSR non canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
#endif
#if BX_SUPPORT_VMX >= 2
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_PAT_MSR) {
host_state->pat_msr = VMread64(VMCS_64BIT_HOST_IA32_PAT);
if (! isValidMSR_PAT(host_state->pat_msr)) {
BX_ERROR(("VMFAIL: invalid Memory Type in host MSR_PAT"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
#endif
host_state->rsp = (bx_address) VMread_natural(VMCS_HOST_RSP);
host_state->rip = (bx_address) VMread_natural(VMCS_HOST_RIP);
#if BX_SUPPORT_X86_64
#if BX_SUPPORT_VMX >= 2
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_EFER_MSR) {
host_state->efer_msr = VMread64(VMCS_64BIT_HOST_IA32_EFER);
if (host_state->efer_msr & ~((Bit64u) BX_CPU_THIS_PTR efer_suppmask)) {
BX_ERROR(("VMFAIL: VMCS host EFER reserved bits set !"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
bx_bool lme = (host_state->efer_msr >> 8) & 0x1;
bx_bool lma = (host_state->efer_msr >> 10) & 0x1;
if (lma != lme || lma != x86_64_host) {
BX_ERROR(("VMFAIL: VMCS host EFER (0x%08x) inconsistent value !", (Bit32u) host_state->efer_msr));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
#endif
if (x86_64_host) {
if ((host_state->cr4 & BX_CR4_PAE_MASK) == 0) {
BX_ERROR(("VMFAIL: VMCS host CR4.PAE=0 with x86-64 host"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (! IsCanonical(host_state->rip)) {
BX_ERROR(("VMFAIL: VMCS host RIP non-canonical"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
else {
if (GET32H(host_state->rip) != 0) {
BX_ERROR(("VMFAIL: VMCS host RIP > 32 bit"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (host_state->cr4 & BX_CR4_PCIDE_MASK) {
BX_ERROR(("VMFAIL: VMCS host CR4.PCIDE set"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
}
#endif
return VMXERR_NO_ERROR;
}
BX_CPP_INLINE bx_bool IsLimitAccessRightsConsistent(Bit32u limit, Bit32u ar)
{
bx_bool g = (ar >> 15) & 1;
// access rights reserved bits set
if (ar & 0xfffe0f00) return 0;
if (g) {
// if any of the bits in limit[11:00] are '0 <=> G must be '0
if ((limit & 0xfff) != 0xfff)
return 0;
}
else {
// if any of the bits in limit[31:20] are '1 <=> G must be '1
if ((limit & 0xfff00000) != 0)
return 0;
}
return 1;
}
Bit32u BX_CPU_C::VMenterLoadCheckGuestState(Bit64u *qualification)
{
static const char *segname[] = { "ES", "CS", "SS", "DS", "FS", "GS" };
int n;
VMCS_GUEST_STATE guest;
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
*qualification = VMENTER_ERR_NO_ERROR;
//
// Load and Check Guest State from VMCS
//
guest.rflags = VMread_natural(VMCS_GUEST_RFLAGS);
// RFLAGS reserved bits [63:22], bit 15, bit 5, bit 3 must be zero
if (guest.rflags & BX_CONST64(0xFFFFFFFFFFC08028)) {
BX_ERROR(("VMENTER FAIL: RFLAGS reserved bits are set"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
// RFLAGS[1] must be always set
if ((guest.rflags & 0x2) == 0) {
BX_ERROR(("VMENTER FAIL: RFLAGS[1] cleared"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
bx_bool v8086_guest = 0;
if (guest.rflags & EFlagsVMMask)
v8086_guest = 1;
bx_bool x86_64_guest = 0; // can't be 1 if X86_64 is not supported (checked before)
Bit32u vmentry_ctrls = vm->vmentry_ctrls;
#if BX_SUPPORT_X86_64
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_X86_64_GUEST) {
BX_DEBUG(("VMENTER to x86-64 guest"));
x86_64_guest = 1;
}
#endif
if (x86_64_guest && v8086_guest) {
BX_ERROR(("VMENTER FAIL: Enter to x86-64 guest with RFLAGS.VM"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
guest.cr0 = VMread_natural(VMCS_GUEST_CR0);
#if BX_SUPPORT_VMX >= 2
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST) {
if (~guest.cr0 & (VMX_MSR_CR0_FIXED0 & ~(BX_CR0_PE_MASK | BX_CR0_PG_MASK))) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR0"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
bx_bool pe = (guest.cr0 & BX_CR0_PE_MASK) != 0;
bx_bool pg = (guest.cr0 & BX_CR0_PG_MASK) != 0;
if (pg && !pe) {
BX_ERROR(("VMENTER FAIL: VMCS unrestricted guest CR0.PG without CR0.PE"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
else
#endif
{
if (~guest.cr0 & VMX_MSR_CR0_FIXED0) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR0"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (guest.cr0 & ~VMX_MSR_CR0_FIXED1) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR0"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#if BX_SUPPORT_VMX >= 2
bx_bool real_mode_guest = 0;
if (! (guest.cr0 & BX_CR0_PE_MASK))
real_mode_guest = 1;
#endif
guest.cr3 = VMread_natural(VMCS_GUEST_CR3);
#if BX_SUPPORT_X86_64
if (! IsValidPhyAddr(guest.cr3)) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR3"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#endif
guest.cr4 = VMread_natural(VMCS_GUEST_CR4);
if (~guest.cr4 & VMX_MSR_CR4_FIXED0) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR4"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
if (guest.cr4 & ~VMX_MSR_CR4_FIXED1) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid CR4"));
return VMXERR_VMENTRY_INVALID_VM_HOST_STATE_FIELD;
}
#if BX_SUPPORT_X86_64
if (x86_64_guest) {
if ((guest.cr4 & BX_CR4_PAE_MASK) == 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest CR4.PAE=0 in x86-64 mode"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
else {
if (guest.cr4 & BX_CR4_PCIDE_MASK) {
BX_ERROR(("VMENTER FAIL: VMCS CR4.PCIDE set in 32-bit guest"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
#if BX_SUPPORT_X86_64
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_DBG_CTRLS) {
guest.dr7 = VMread_natural(VMCS_GUEST_DR7);
if (GET32H(guest.dr7)) {
BX_ERROR(("VMENTER FAIL: VMCS guest invalid DR7"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
//
// Load and Check Guest State from VMCS - Segment Registers
//
for (n=0; n<6; n++) {
Bit16u selector = VMread16(VMCS_16BIT_GUEST_ES_SELECTOR + 2*n);
bx_address base = (bx_address) VMread_natural(VMCS_GUEST_ES_BASE + 2*n);
Bit32u limit = VMread32(VMCS_32BIT_GUEST_ES_LIMIT + 2*n);
Bit32u ar = VMread32(VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS + 2*n) >> 8;
bx_bool invalid = (ar >> 16) & 1;
set_segment_ar_data(&guest.sregs[n], !invalid,
(Bit16u) selector, base, limit, (Bit16u) ar);
if (v8086_guest) {
// guest in V8086 mode
if (base != ((bx_address)(selector << 4))) {
BX_ERROR(("VMENTER FAIL: VMCS v8086 guest bad %s.BASE", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (limit != 0xffff) {
BX_ERROR(("VMENTER FAIL: VMCS v8086 guest %s.LIMIT != 0xFFFF", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
// present, expand-up read/write accessed, segment, DPL=3
if (ar != 0xF3) {
BX_ERROR(("VMENTER FAIL: VMCS v8086 guest %s.AR != 0xF3", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
continue; // go to next segment register
}
#if BX_SUPPORT_X86_64
if (n >= BX_SEG_REG_FS) {
if (! IsCanonical(base)) {
BX_ERROR(("VMENTER FAIL: VMCS guest %s.BASE non canonical", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
if (n != BX_SEG_REG_CS && invalid)
continue;
#if BX_SUPPORT_X86_64
if (n == BX_SEG_REG_SS && (selector & BX_SELECTOR_RPL_MASK) == 0) {
// SS is allowed to be NULL selector if going to 64-bit guest
if (x86_64_guest && guest.sregs[BX_SEG_REG_CS].cache.u.segment.l)
continue;
}
if (n < BX_SEG_REG_FS) {
if (GET32H(base) != 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest %s.BASE > 32 bit", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
if (! guest.sregs[n].cache.segment) {
BX_ERROR(("VMENTER FAIL: VMCS guest %s not segment", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! guest.sregs[n].cache.p) {
BX_ERROR(("VMENTER FAIL: VMCS guest %s not present", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! IsLimitAccessRightsConsistent(limit, ar)) {
BX_ERROR(("VMENTER FAIL: VMCS guest %s.AR/LIMIT malformed", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (n == BX_SEG_REG_CS) {
// CS checks
switch (guest.sregs[BX_SEG_REG_CS].cache.type) {
case BX_CODE_EXEC_ONLY_ACCESSED:
case BX_CODE_EXEC_READ_ACCESSED:
// non-conforming segment
if (guest.sregs[BX_SEG_REG_CS].selector.rpl != guest.sregs[BX_SEG_REG_CS].cache.dpl) {
BX_ERROR(("VMENTER FAIL: VMCS guest non-conforming CS.RPL <> CS.DPL"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
break;
case BX_CODE_EXEC_ONLY_CONFORMING_ACCESSED:
case BX_CODE_EXEC_READ_CONFORMING_ACCESSED:
// conforming segment
if (guest.sregs[BX_SEG_REG_CS].selector.rpl < guest.sregs[BX_SEG_REG_CS].cache.dpl) {
BX_ERROR(("VMENTER FAIL: VMCS guest non-conforming CS.RPL < CS.DPL"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
break;
#if BX_SUPPORT_VMX >= 2
case BX_DATA_READ_WRITE_ACCESSED:
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST) {
if (guest.sregs[BX_SEG_REG_CS].cache.dpl != 0) {
BX_ERROR(("VMENTER FAIL: VMCS unrestricted guest CS.DPL != 0"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
break;
}
// fall through
#endif
default:
BX_ERROR(("VMENTER FAIL: VMCS guest CS.TYPE"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#if BX_SUPPORT_X86_64
if (x86_64_guest) {
if (guest.sregs[BX_SEG_REG_CS].cache.u.segment.d_b && guest.sregs[BX_SEG_REG_CS].cache.u.segment.l) {
BX_ERROR(("VMENTER FAIL: VMCS x86_64 guest wrong CS.D_B/L"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
}
else if (n == BX_SEG_REG_SS) {
// SS checks
switch (guest.sregs[BX_SEG_REG_SS].cache.type) {
case BX_DATA_READ_WRITE_ACCESSED:
case BX_DATA_READ_WRITE_EXPAND_DOWN_ACCESSED:
break;
default:
BX_ERROR(("VMENTER FAIL: VMCS guest SS.TYPE"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
else {
// DS, ES, FS, GS
if ((guest.sregs[n].cache.type & 0x1) == 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest %s not ACCESSED", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.sregs[n].cache.type & 0x8) {
if ((guest.sregs[n].cache.type & 0x2) == 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest CODE segment %s not READABLE", segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST)) {
if (guest.sregs[n].cache.type < 11) {
// data segment or non-conforming code segment
if (guest.sregs[n].selector.rpl > guest.sregs[n].cache.dpl) {
BX_ERROR(("VMENTER FAIL: VMCS guest non-conforming %s.RPL < %s.DPL", segname[n], segname[n]));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
}
}
}
if (! v8086_guest) {
if (! (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_UNRESTRICTED_GUEST)) {
if (guest.sregs[BX_SEG_REG_SS].selector.rpl != guest.sregs[BX_SEG_REG_CS].selector.rpl) {
BX_ERROR(("VMENTER FAIL: VMCS guest CS.RPL != SS.RPL"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.sregs[BX_SEG_REG_SS].selector.rpl != guest.sregs[BX_SEG_REG_SS].cache.dpl) {
BX_ERROR(("VMENTER FAIL: VMCS guest SS.RPL <> SS.DPL"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#if BX_SUPPORT_VMX >= 2
else { // unrestricted guest
if (real_mode_guest || guest.sregs[BX_SEG_REG_CS].cache.type == BX_DATA_READ_WRITE_ACCESSED) {
if (guest.sregs[BX_SEG_REG_SS].cache.dpl != 0) {
BX_ERROR(("VMENTER FAIL: VMCS unrestricted guest SS.DPL != 0"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
}
#endif
}
//
// Load and Check Guest State from VMCS - GDTR/IDTR
//
Bit64u gdtr_base = VMread_natural(VMCS_GUEST_GDTR_BASE);
Bit32u gdtr_limit = VMread32(VMCS_32BIT_GUEST_GDTR_LIMIT);
Bit64u idtr_base = VMread_natural(VMCS_GUEST_IDTR_BASE);
Bit32u idtr_limit = VMread32(VMCS_32BIT_GUEST_IDTR_LIMIT);
#if BX_SUPPORT_X86_64
if (! IsCanonical(gdtr_base) || ! IsCanonical(idtr_base)) {
BX_ERROR(("VMENTER FAIL: VMCS guest IDTR/IDTR.BASE non canonical"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#endif
if (gdtr_limit > 0xffff || idtr_limit > 0xffff) {
BX_ERROR(("VMENTER FAIL: VMCS guest GDTR/IDTR limit > 0xFFFF"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
//
// Load and Check Guest State from VMCS - LDTR
//
Bit16u ldtr_selector = VMread16(VMCS_16BIT_GUEST_LDTR_SELECTOR);
Bit64u ldtr_base = VMread_natural(VMCS_GUEST_LDTR_BASE);
Bit32u ldtr_limit = VMread32(VMCS_32BIT_GUEST_LDTR_LIMIT);
Bit32u ldtr_ar = VMread32(VMCS_32BIT_GUEST_LDTR_ACCESS_RIGHTS) >> 8;
bx_bool ldtr_invalid = (ldtr_ar >> 16) & 1;
if (set_segment_ar_data(&guest.ldtr, !ldtr_invalid,
(Bit16u) ldtr_selector, ldtr_base, ldtr_limit, (Bit16u)(ldtr_ar)))
{
// ldtr is valid
if (guest.ldtr.selector.ti) {
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR.TI set"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.ldtr.cache.type != BX_SYS_SEGMENT_LDT) {
BX_ERROR(("VMENTER FAIL: VMCS guest incorrect LDTR type"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.ldtr.cache.segment) {
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR is not system segment"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! guest.ldtr.cache.p) {
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR not present"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! IsLimitAccessRightsConsistent(ldtr_limit, ldtr_ar)) {
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR.AR/LIMIT malformed"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#if BX_SUPPORT_X86_64
if (! IsCanonical(ldtr_base)) {
BX_ERROR(("VMENTER FAIL: VMCS guest LDTR.BASE non canonical"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#endif
}
//
// Load and Check Guest State from VMCS - TR
//
Bit16u tr_selector = VMread16(VMCS_16BIT_GUEST_TR_SELECTOR);
Bit64u tr_base = VMread_natural(VMCS_GUEST_TR_BASE);
Bit32u tr_limit = VMread32(VMCS_32BIT_GUEST_TR_LIMIT);
Bit32u tr_ar = VMread32(VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS) >> 8;
bx_bool tr_invalid = (tr_ar >> 16) & 1;
#if BX_SUPPORT_X86_64
if (! IsCanonical(tr_base)) {
BX_ERROR(("VMENTER FAIL: VMCS guest TR.BASE non canonical"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#endif
set_segment_ar_data(&guest.tr, !tr_invalid,
(Bit16u) tr_selector, tr_base, tr_limit, (Bit16u)(tr_ar));
if (tr_invalid) {
BX_ERROR(("VMENTER FAIL: VMCS guest TR invalid"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.tr.selector.ti) {
BX_ERROR(("VMENTER FAIL: VMCS guest TR.TI set"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.tr.cache.segment) {
BX_ERROR(("VMENTER FAIL: VMCS guest TR is not system segment"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! guest.tr.cache.p) {
BX_ERROR(("VMENTER FAIL: VMCS guest TR not present"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! IsLimitAccessRightsConsistent(tr_limit, tr_ar)) {
BX_ERROR(("VMENTER FAIL: VMCS guest TR.AR/LIMIT malformed"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
switch(guest.tr.cache.type) {
case BX_SYS_SEGMENT_BUSY_386_TSS:
break;
case BX_SYS_SEGMENT_BUSY_286_TSS:
if (! x86_64_guest) break;
// fall through
default:
BX_ERROR(("VMENTER FAIL: VMCS guest incorrect TR type"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
//
// Load and Check Guest State from VMCS - MSRS
//
guest.ia32_debugctl_msr = VMread64(VMCS_64BIT_GUEST_IA32_DEBUGCTL);
guest.smbase = VMread32(VMCS_32BIT_GUEST_SMBASE);
guest.sysenter_esp_msr = VMread_natural(VMCS_GUEST_IA32_SYSENTER_ESP_MSR);
guest.sysenter_eip_msr = VMread_natural(VMCS_GUEST_IA32_SYSENTER_EIP_MSR);
guest.sysenter_cs_msr = VMread32(VMCS_32BIT_GUEST_IA32_SYSENTER_CS_MSR);
#if BX_SUPPORT_X86_64
if (! IsCanonical(guest.sysenter_esp_msr)) {
BX_ERROR(("VMENTER FAIL: VMCS guest SYSENTER_ESP_MSR non canonical"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! IsCanonical(guest.sysenter_eip_msr)) {
BX_ERROR(("VMENTER FAIL: VMCS guest SYSENTER_EIP_MSR non canonical"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
#endif
#if BX_SUPPORT_VMX >= 2
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_PAT_MSR) {
guest.pat_msr = VMread64(VMCS_64BIT_GUEST_IA32_PAT);
if (! isValidMSR_PAT(guest.pat_msr)) {
BX_ERROR(("VMENTER FAIL: invalid Memory Type in guest MSR_PAT"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
guest.rip = VMread_natural(VMCS_GUEST_RIP);
guest.rsp = VMread_natural(VMCS_GUEST_RSP);
#if BX_SUPPORT_VMX >= 2 && BX_SUPPORT_X86_64
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_EFER_MSR) {
guest.efer_msr = VMread64(VMCS_64BIT_GUEST_IA32_EFER);
if (guest.efer_msr & ~((Bit64u) BX_CPU_THIS_PTR efer_suppmask)) {
BX_ERROR(("VMENTER FAIL: VMCS guest EFER reserved bits set !"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
bx_bool lme = (guest.efer_msr >> 8) & 0x1;
bx_bool lma = (guest.efer_msr >> 10) & 0x1;
if (lma != lme || lma != x86_64_guest) {
BX_ERROR(("VMENTER FAIL: VMCS guest EFER (0x%08x) inconsistent value !", (Bit32u) guest.efer_msr));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (! x86_64_guest || !guest.sregs[BX_SEG_REG_CS].cache.u.segment.l) {
if (GET32H(guest.rip) != 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest RIP > 32 bit"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
#endif
//
// Load and Check Guest Non-Registers State from VMCS
//
guest.link_pointer = VMread64(VMCS_64BIT_GUEST_LINK_POINTER);
if (guest.link_pointer != BX_INVALID_VMCSPTR) {
if ((guest.link_pointer & 0xfff) != 0 || ! IsValidPhyAddr(guest.link_pointer)) {
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
BX_ERROR(("VMFAIL: VMCS link pointer malformed"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
Bit32u revision = VMXReadRevisionID((bx_phy_address) guest.link_pointer);
if (revision != VMX_VMCS_REVISION_ID) {
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
BX_ERROR(("VMFAIL: VMCS link pointer incorrect revision ID %d != %d", revision, VMX_VMCS_REVISION_ID));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (! BX_CPU_THIS_PTR in_smm || (vmentry_ctrls & VMX_VMENTRY_CTRL1_SMM_ENTER) != 0) {
if (guest.link_pointer == BX_CPU_THIS_PTR vmcsptr) {
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
BX_ERROR(("VMFAIL: VMCS link pointer equal to current VMCS pointer"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
else {
if (guest.link_pointer == BX_CPU_THIS_PTR vmxonptr) {
*qualification = (Bit64u) VMENTER_ERR_GUEST_STATE_LINK_POINTER;
BX_ERROR(("VMFAIL: VMCS link pointer equal to VMXON pointer"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
}
guest.tmpDR6 = (Bit32u) VMread_natural(VMCS_GUEST_PENDING_DBG_EXCEPTIONS);
if (guest.tmpDR6 & BX_CONST64(0xFFFFFFFFFFFFAFF0)) {
BX_ERROR(("VMENTER FAIL: VMCS guest tmpDR6 reserved bits"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
guest.activity_state = VMread32(VMCS_32BIT_GUEST_ACTIVITY_STATE);
if (guest.activity_state >= BX_VMX_LAST_ACTIVITY_STATE) {
BX_ERROR(("VMENTER FAIL: VMCS guest activity state %d", guest.activity_state));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if (guest.activity_state == BX_VMX_STATE_HLT) {
if (guest.sregs[BX_SEG_REG_SS].cache.dpl != 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest HLT state with SS.DPL=%d", guest.sregs[BX_SEG_REG_SS].cache.dpl));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
guest.interruptibility_state = VMread32(VMCS_32BIT_GUEST_INTERRUPTIBILITY_STATE);
if (guest.interruptibility_state & ~BX_VMX_INTERRUPTIBILITY_STATE_MASK) {
BX_ERROR(("VMENTER FAIL: VMCS guest interruptibility state broken"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if ((guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_STI) &&
(guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_MOV_SS))
{
BX_ERROR(("VMENTER FAIL: VMCS guest interruptibility state broken"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
if ((guest.rflags & EFlagsIFMask) == 0) {
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_STI) {
BX_ERROR(("VMENTER FAIL: VMCS guest interrupts can't be blocked by STI when EFLAGS.IF = 0"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info)) {
unsigned event_type = (vm->vmentry_interr_info >> 8) & 7;
if (event_type == BX_EXTERNAL_INTERRUPT) {
if ((guest.interruptibility_state & 3) != 0 || (guest.rflags & EFlagsIFMask) == 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest interrupts blocked when injecting external interrupt"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (event_type == BX_NMI) {
if ((guest.interruptibility_state & 3) != 0) {
BX_ERROR(("VMENTER FAIL: VMCS guest interrupts blocked when injecting NMI"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
}
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_SMM_ENTER) {
if (! (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_SMI_BLOCKED)) {
BX_ERROR(("VMENTER FAIL: VMCS SMM guest should block SMI"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_SMI_BLOCKED) {
if (! BX_CPU_THIS_PTR in_smm) {
BX_ERROR(("VMENTER FAIL: VMCS SMI blocked when not in SMM mode"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
if (! x86_64_guest && (guest.cr4 & BX_CR4_PAE_MASK) != 0 && (guest.cr0 & BX_CR0_PG_MASK) != 0) {
#if BX_SUPPORT_VMX >= 2
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
for (n=0;n<4;n++)
guest.pdptr[n] = VMread64(VMCS_64BIT_GUEST_IA32_PDPTE0 + 2*n);
if (! CheckPDPTR(guest.pdptr)) {
*qualification = VMENTER_ERR_GUEST_STATE_PDPTR_LOADING;
BX_ERROR(("VMENTER: Guest State PDPTRs Checks Failed"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
else
#endif
{
if (! CheckPDPTR(guest.cr3)) {
*qualification = VMENTER_ERR_GUEST_STATE_PDPTR_LOADING;
BX_ERROR(("VMENTER: Guest State PDPTRs Checks Failed"));
return VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE;
}
}
}
//
// Load Guest State -> VMENTER
//
#if BX_SUPPORT_X86_64
#if BX_SUPPORT_VMX >= 2
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_EFER_MSR) {
BX_CPU_THIS_PTR efer.set32((Bit32u) guest.efer_msr);
}
else
#endif
{
// set EFER.LMA and EFER.LME before write to CR4
if (x86_64_guest)
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() | (BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
else
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() & ~(BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
}
#endif
// keep bits ET(4), reserved bits 15:6, 17, 28:19, NW(29), CD(30)
#define VMX_KEEP_CR0_BITS 0x7FFAFFD0
guest.cr0 = (BX_CPU_THIS_PTR cr0.get32() & VMX_KEEP_CR0_BITS) | (guest.cr0 & ~VMX_KEEP_CR0_BITS);
if (! check_CR0(guest.cr0)) {
BX_PANIC(("VMENTER CR0 is broken !"));
}
if (! check_CR4(guest.cr4)) {
BX_PANIC(("VMENTER CR4 is broken !"));
}
BX_CPU_THIS_PTR cr0.set32((Bit32u) guest.cr0);
BX_CPU_THIS_PTR cr4.set32((Bit32u) guest.cr4);
BX_CPU_THIS_PTR cr3 = guest.cr3;
// flush TLB is always needed to invalidate possible
// APIC ACCESS PAGE caching by host
TLB_flush();
#if BX_SUPPORT_VMX >= 2
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
// load PDPTR only in PAE legacy mode
if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE() && !x86_64_guest) {
BX_CPU_THIS_PTR PDPTR_CACHE.valid = 1;
for (n = 0; n < 4; n++)
BX_CPU_THIS_PTR PDPTR_CACHE.entry[n] = guest.pdptr[n];
}
}
#endif
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_DBG_CTRLS) {
// always clear bits 15:14 and set bit 10
BX_CPU_THIS_PTR dr7.set32((guest.dr7 & ~0xc000) | 0x400);
}
RIP = BX_CPU_THIS_PTR prev_rip = guest.rip;
RSP = guest.rsp;
// set flags directly, avoid setEFlags side effects
BX_CPU_THIS_PTR eflags = (Bit32u) guest.rflags;
// Update lazy flags state
setEFlagsOSZAPC((Bit32u) guest.rflags);
#ifdef BX_SUPPORT_CS_LIMIT_DEMOTION
// Handle special case of CS.LIMIT demotion (new descriptor limit is
// smaller than current one)
if (BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled > guest.sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled)
BX_CPU_THIS_PTR iCache.flushICacheEntries();
#endif
for(unsigned segreg=0; segreg<6; segreg++)
BX_CPU_THIS_PTR sregs[segreg] = guest.sregs[segreg];
if (v8086_guest) CPL = 3;
#if BX_SUPPORT_VMX >= 2
else {
if (real_mode_guest) CPL = 0;
}
#endif
BX_CPU_THIS_PTR gdtr.base = gdtr_base;
BX_CPU_THIS_PTR gdtr.limit = gdtr_limit;
BX_CPU_THIS_PTR idtr.base = idtr_base;
BX_CPU_THIS_PTR idtr.limit = idtr_limit;
BX_CPU_THIS_PTR ldtr = guest.ldtr;
BX_CPU_THIS_PTR tr = guest.tr;
BX_CPU_THIS_PTR msr.sysenter_esp_msr = guest.sysenter_esp_msr;
BX_CPU_THIS_PTR msr.sysenter_eip_msr = guest.sysenter_eip_msr;
BX_CPU_THIS_PTR msr.sysenter_cs_msr = guest.sysenter_cs_msr;
#if BX_SUPPORT_VMX >= 2
if (vmentry_ctrls & VMX_VMENTRY_CTRL1_LOAD_PAT_MSR) {
BX_CPU_THIS_PTR msr.pat = guest.pat_msr;
}
vm->last_pause_time = vm->first_pause_time = 0;
#endif
//
// Load Guest Non-Registers State -> VMENTER
//
BX_CPU_THIS_PTR async_event = 0;
if (guest.rflags & EFlagsTFMask)
BX_CPU_THIS_PTR async_event = 1;
if (vm->vmentry_ctrls & VMX_VMENTRY_CTRL1_SMM_ENTER)
BX_PANIC(("VMENTER: entry to SMM is not implemented yet !"));
if (VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info)) {
// the VMENTRY injecting event to the guest
BX_CPU_THIS_PTR inhibit_mask = 0; // do not block interrupts
BX_CPU_THIS_PTR debug_trap = 0;
}
else {
if (guest.tmpDR6 & (1 << 12))
BX_CPU_THIS_PTR debug_trap = guest.tmpDR6 & 0x0000400F;
else
BX_CPU_THIS_PTR debug_trap = guest.tmpDR6 & 0x00004000;
if (BX_CPU_THIS_PTR debug_trap)
BX_CPU_THIS_PTR async_event = 1;
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_STI)
inhibit_interrupts(BX_INHIBIT_INTERRUPTS);
else if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_BY_MOV_SS)
inhibit_interrupts(BX_INHIBIT_INTERRUPTS_BY_MOVSS);
else
BX_CPU_THIS_PTR inhibit_mask = 0;
}
if (guest.interruptibility_state & BX_VMX_INTERRUPTS_BLOCKED_NMI_BLOCKED) {
BX_CPU_THIS_PTR disable_NMI = 1;
}
else {
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_NMI_WINDOW_VMEXIT)
BX_CPU_THIS_PTR async_event = 1;
}
if (vm->vmexec_ctrls2 & VMX_VM_EXEC_CTRL2_INTERRUPT_WINDOW_VMEXIT) {
BX_CPU_THIS_PTR async_event = 1;
BX_CPU_THIS_PTR vmx_interrupt_window = 1; // set up interrupt window exiting
}
#if BX_SUPPORT_MONITOR_MWAIT
BX_CPU_THIS_PTR monitor.reset_monitor();
#endif
invalidate_prefetch_q();
#if BX_SUPPORT_ALIGNMENT_CHECK
handleAlignmentCheck();
#endif
handleCpuModeChange();
handleSseModeChange();
#if BX_SUPPORT_AVX
handleAvxModeChange();
#endif
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_CONTEXT_SWITCH, 0);
return VMXERR_NO_ERROR;
}
void BX_CPU_C::VMenterInjectEvents(void)
{
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
if (! VMENTRY_INJECTING_EVENT(vm->vmentry_interr_info))
return;
/* the VMENTRY injecting event to the guest */
unsigned vector = vm->vmentry_interr_info & 0xff;
unsigned type = (vm->vmentry_interr_info >> 8) & 7;
unsigned push_error = vm->vmentry_interr_info & (1 << 11);
unsigned error_code = push_error ? vm->vmentry_excep_err_code : 0;
bx_bool is_INT = 0;
switch(type) {
case BX_EXTERNAL_INTERRUPT:
case BX_NMI:
case BX_HARDWARE_EXCEPTION:
BX_CPU_THIS_PTR EXT = 1;
break;
case BX_PRIVILEGED_SOFTWARE_INTERRUPT:
BX_CPU_THIS_PTR EXT = 1;
is_INT = 1;
break;
case BX_SOFTWARE_INTERRUPT:
case BX_SOFTWARE_EXCEPTION:
is_INT = 1;
break;
default:
BX_PANIC(("VMENTER: unsupported event injection type %d !", type));
}
// keep prev_rip value/unwind in case of event delivery failure
if (is_INT)
RIP += vm->vmentry_instr_length;
BX_ERROR(("VMENTER: Injecting vector 0x%02x (error_code 0x%04x)", vector, error_code));
if (type == BX_HARDWARE_EXCEPTION) {
// record exception the same way as BX_CPU_C::exception does
if (vector < BX_CPU_HANDLED_EXCEPTIONS)
BX_CPU_THIS_PTR curr_exception = exceptions_info[vector].exception_type;
else // else take default value
BX_CPU_THIS_PTR curr_exception = exceptions_info[BX_CPU_HANDLED_EXCEPTIONS].exception_type;
BX_CPU_THIS_PTR errorno = 1;
}
vm->idt_vector_info = vm->vmentry_interr_info & ~0x80000000;
vm->idt_vector_error_code = error_code;
RSP_SPECULATIVE;
if (type == BX_SOFTWARE_INTERRUPT) {
if (v8086_mode()) {
// redirect interrupt through virtual-mode idt
if (v86_redirect_interrupt(vector)) goto done;
}
}
interrupt(vector, type, push_error, error_code);
done:
RSP_COMMIT;
BX_CPU_THIS_PTR errorno = 0; // injection success
BX_CPU_THIS_PTR EXT = 0;
}
Bit32u BX_CPU_C::LoadMSRs(Bit32u msr_cnt, bx_phy_address pAddr)
{
Bit64u msr_lo, msr_hi;
for (Bit32u msr = 1; msr <= msr_cnt; msr++) {
access_read_physical(pAddr, 8, &msr_lo);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMX_LOAD_MSR_ACCESS | BX_READ, (Bit8u*)(&msr_lo));
access_read_physical(pAddr + 8, 8, &msr_hi);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + 8, 8, BX_VMX_LOAD_MSR_ACCESS | BX_READ, (Bit8u*)(&msr_hi));
if (GET32H(msr_lo))
return msr;
Bit32u index = GET32L(msr_lo);
#if BX_SUPPORT_X86_64
if (index == BX_MSR_FSBASE || index == BX_MSR_GSBASE)
return msr;
#endif
if (bx_cpuid_support_x2apic()) {
if ((index & 0xfffff800) == 0x800) // X2APIC range
return msr;
}
if (! wrmsr(index, msr_hi))
return msr;
pAddr += 16; // to next MSR
}
return 0;
}
Bit32u BX_CPU_C::StoreMSRs(Bit32u msr_cnt, bx_phy_address pAddr)
{
Bit64u msr_lo, msr_hi;
for (Bit32u msr = 1; msr <= msr_cnt; msr++) {
access_read_physical(pAddr, 8, &msr_lo);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 8, BX_VMX_STORE_MSR_ACCESS | BX_READ, (Bit8u*)(&msr_lo));
if (GET32H(msr_lo))
return msr;
Bit32u index = GET32L(msr_lo);
if (bx_cpuid_support_x2apic()) {
if ((index & 0xfffff800) == 0x800) // X2APIC range
return msr;
}
if (! rdmsr(index, &msr_hi))
return msr;
access_write_physical(pAddr + 8, 8, &msr_hi);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + 8, 8, BX_VMX_STORE_MSR_ACCESS | BX_WRITE, (Bit8u*)(&msr_hi));
pAddr += 16; // to next MSR
}
return 0;
}
////////////////////////////////////////////////////////////
// VMexit
////////////////////////////////////////////////////////////
void BX_CPU_C::VMexitSaveGuestState(void)
{
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
int n;
VMwrite_natural(VMCS_GUEST_CR0, BX_CPU_THIS_PTR cr0.get32());
VMwrite_natural(VMCS_GUEST_CR3, BX_CPU_THIS_PTR cr3);
VMwrite_natural(VMCS_GUEST_CR4, BX_CPU_THIS_PTR cr4.get32());
#if BX_SUPPORT_VMX >= 2
if (vm->vmexec_ctrls3 & VMX_VM_EXEC_CTRL3_EPT_ENABLE) {
// save only if guest running in legacy PAE mode
if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE() && !long_mode()) {
if (! BX_CPU_THIS_PTR PDPTR_CACHE.valid) {
if (! CheckPDPTR(BX_CPU_THIS_PTR cr3))
BX_PANIC(("VMEXIT: PDPTR cache is not valid !"));
}
for(n=0; n<4; n++) {
VMwrite64(VMCS_64BIT_GUEST_IA32_PDPTE0 + 2*n, BX_CPU_THIS_PTR PDPTR_CACHE.entry[n]);
}
}
}
#endif
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_SAVE_DBG_CTRLS)
VMwrite_natural(VMCS_GUEST_DR7, BX_CPU_THIS_PTR dr7.get32());
VMwrite_natural(VMCS_GUEST_RIP, RIP);
VMwrite_natural(VMCS_GUEST_RSP, RSP);
VMwrite_natural(VMCS_GUEST_RFLAGS, BX_CPU_THIS_PTR read_eflags());
for (n=0; n<6; n++) {
Bit32u selector = BX_CPU_THIS_PTR sregs[n].selector.value;
bx_bool invalid = !BX_CPU_THIS_PTR sregs[n].cache.valid;
bx_address base = BX_CPU_THIS_PTR sregs[n].cache.u.segment.base;
Bit32u limit = BX_CPU_THIS_PTR sregs[n].cache.u.segment.limit_scaled;
Bit32u ar = get_descriptor_h(&BX_CPU_THIS_PTR sregs[n].cache) & 0x00f0ff00;
VMwrite16(VMCS_16BIT_GUEST_ES_SELECTOR + 2*n, selector);
VMwrite_natural(VMCS_GUEST_ES_BASE + 2*n, base);
VMwrite32(VMCS_32BIT_GUEST_ES_LIMIT + 2*n, limit);
VMwrite32(VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS + 2*n, ar | (invalid << 24));
}
// save guest LDTR
Bit32u ldtr_selector = BX_CPU_THIS_PTR ldtr.selector.value;
bx_bool ldtr_invalid = !BX_CPU_THIS_PTR ldtr.cache.valid;
bx_address ldtr_base = BX_CPU_THIS_PTR ldtr.cache.u.segment.base;
Bit32u ldtr_limit = BX_CPU_THIS_PTR ldtr.cache.u.segment.limit_scaled;
Bit32u ldtr_ar = get_descriptor_h(&BX_CPU_THIS_PTR ldtr.cache) & 0x00f0ff00;
VMwrite16(VMCS_16BIT_GUEST_LDTR_SELECTOR, ldtr_selector);
VMwrite_natural(VMCS_GUEST_LDTR_BASE, ldtr_base);
VMwrite32(VMCS_32BIT_GUEST_LDTR_LIMIT, ldtr_limit);
VMwrite32(VMCS_32BIT_GUEST_LDTR_ACCESS_RIGHTS, ldtr_ar | (ldtr_invalid << 24));
// save guest TR
Bit32u tr_selector = BX_CPU_THIS_PTR tr.selector.value;
bx_bool tr_invalid = !BX_CPU_THIS_PTR tr.cache.valid;
bx_address tr_base = BX_CPU_THIS_PTR tr.cache.u.segment.base;
Bit32u tr_limit = BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled;
Bit32u tr_ar = get_descriptor_h(&BX_CPU_THIS_PTR tr.cache) & 0x00f0ff00;
VMwrite16(VMCS_16BIT_GUEST_TR_SELECTOR, tr_selector);
VMwrite_natural(VMCS_GUEST_TR_BASE, tr_base);
VMwrite32(VMCS_32BIT_GUEST_TR_LIMIT, tr_limit);
VMwrite32(VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS, tr_ar | (tr_invalid << 24));
VMwrite_natural(VMCS_GUEST_GDTR_BASE, BX_CPU_THIS_PTR gdtr.base);
VMwrite32(VMCS_32BIT_GUEST_GDTR_LIMIT, BX_CPU_THIS_PTR gdtr.limit);
VMwrite_natural(VMCS_GUEST_IDTR_BASE, BX_CPU_THIS_PTR idtr.base);
VMwrite32(VMCS_32BIT_GUEST_IDTR_LIMIT, BX_CPU_THIS_PTR idtr.limit);
VMwrite_natural(VMCS_GUEST_IA32_SYSENTER_ESP_MSR, BX_CPU_THIS_PTR msr.sysenter_esp_msr);
VMwrite_natural(VMCS_GUEST_IA32_SYSENTER_EIP_MSR, BX_CPU_THIS_PTR msr.sysenter_eip_msr);
VMwrite32(VMCS_32BIT_GUEST_IA32_SYSENTER_CS_MSR, BX_CPU_THIS_PTR msr.sysenter_cs_msr);
#if BX_SUPPORT_VMX >= 2
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_PAT_MSR)
VMwrite64(VMCS_64BIT_GUEST_IA32_PAT, BX_CPU_THIS_PTR msr.pat);
#if BX_SUPPORT_X86_64
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_EFER_MSR)
VMwrite64(VMCS_64BIT_GUEST_IA32_EFER, BX_CPU_THIS_PTR efer.get32());
#endif
#endif
Bit32u tmpDR6 = BX_CPU_THIS_PTR debug_trap;
if (tmpDR6 & 0xf) tmpDR6 |= (1 << 12);
VMwrite_natural(VMCS_GUEST_PENDING_DBG_EXCEPTIONS, tmpDR6 & 0x0000500f);
Bit32u interruptibility_state = 0;
if (interrupts_inhibited(BX_INHIBIT_INTERRUPTS)) {
if (interrupts_inhibited(BX_INHIBIT_DEBUG))
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_BY_MOV_SS;
else
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_BY_STI;
}
if (BX_CPU_THIS_PTR disable_SMI)
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_SMI_BLOCKED;
if (BX_CPU_THIS_PTR disable_NMI)
interruptibility_state |= BX_VMX_INTERRUPTS_BLOCKED_NMI_BLOCKED;
VMwrite32(VMCS_32BIT_GUEST_INTERRUPTIBILITY_STATE, interruptibility_state);
#if BX_SUPPORT_VMX >= 2
if (VMX_MSR_MISC & VMX_MISC_STORE_LMA_TO_X86_64_GUEST_VMENTRY_CONTROL) {
// VMEXITs store the value of EFER.LMA into the <20>x86-64 guest" VMENTRY control
// must be set if unrestricted guest is supported
if (long_mode())
vm->vmentry_ctrls |= VMX_VMENTRY_CTRL1_X86_64_GUEST;
else
vm->vmentry_ctrls &= ~VMX_VMENTRY_CTRL1_X86_64_GUEST;
VMwrite32(VMCS_32BIT_CONTROL_VMENTRY_CONTROLS, vm->vmentry_ctrls);
}
// Deactivate VMX preemtion timer
BX_CPU_THIS_PTR lapic.deactivate_vmx_preemption_timer();
BX_CPU_THIS_PTR pending_vmx_timer_expired = 0;
// Store back to VMCS
if (vm->vmexit_ctrls & VMX_VMEXIT_CTRL1_STORE_VMX_PREEMPTION_TIMER)
VMwrite32(VMCS_32BIT_GUEST_PREEMPTION_TIMER_VALUE, BX_CPU_THIS_PTR lapic.read_vmx_preemption_timer());
#endif
}
void BX_CPU_C::VMexitLoadHostState(void)
{
VMCS_HOST_STATE *host_state = &BX_CPU_THIS_PTR vmcs.host_state;
bx_bool x86_64_host = 0;
Bit32u vmexit_ctrls = BX_CPU_THIS_PTR vmcs.vmexit_ctrls;
BX_CPU_THIS_PTR tsc_offset = 0;
#if BX_SUPPORT_X86_64
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_HOST_ADDR_SPACE_SIZE) {
BX_DEBUG(("VMEXIT to x86-64 host"));
x86_64_host = 1;
}
#if BX_SUPPORT_VMX >= 2
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_EFER_MSR) {
BX_CPU_THIS_PTR efer.set32((Bit32u) host_state->efer_msr);
}
else
#endif
{
// set EFER.LMA and EFER.LME before write to CR4
if (x86_64_host)
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() | (BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
else
BX_CPU_THIS_PTR efer.set32(BX_CPU_THIS_PTR efer.get32() & ~(BX_EFER_LME_MASK | BX_EFER_LMA_MASK));
}
#endif
// ET, CD, NW, 28:19, 17, 15:6, and VMX fixed bits not modified Section 19.8
host_state->cr0 = (BX_CPU_THIS_PTR cr0.get32() & VMX_KEEP_CR0_BITS) | (host_state->cr0 & ~VMX_KEEP_CR0_BITS);
if (! check_CR0(host_state->cr0)) {
BX_PANIC(("VMEXIT CR0 is broken !"));
}
if (! check_CR4(host_state->cr4)) {
BX_PANIC(("VMEXIT CR4 is broken !"));
}
BX_CPU_THIS_PTR cr0.set32((Bit32u) host_state->cr0);
BX_CPU_THIS_PTR cr4.set32((Bit32u) host_state->cr4);
BX_CPU_THIS_PTR cr3 = host_state->cr3;
TLB_flush(); // CR0/CR4 updated
if (! x86_64_host && BX_CPU_THIS_PTR cr4.get_PAE()) {
if (! CheckPDPTR(host_state->cr3)) {
BX_ERROR(("VMABORT: host PDPTRs are corrupted !"));
VMabort(VMABORT_HOST_PDPTR_CORRUPTED);
}
}
BX_CPU_THIS_PTR dr7.set32(0x00000400);
BX_CPU_THIS_PTR msr.sysenter_cs_msr = host_state->sysenter_cs_msr;
BX_CPU_THIS_PTR msr.sysenter_esp_msr = host_state->sysenter_esp_msr;
BX_CPU_THIS_PTR msr.sysenter_eip_msr = host_state->sysenter_eip_msr;
#if BX_SUPPORT_VMX >= 2
if (vmexit_ctrls & VMX_VMEXIT_CTRL1_LOAD_PAT_MSR) {
BX_CPU_THIS_PTR msr.pat = host_state->pat_msr;
}
#endif
// CS selector loaded from VMCS
// valid <= 1
// base <= 0
// limit <= 0xffffffff, g <= 1
// present <= 1
// dpl <= 0
// type <= segment, BX_CODE_EXEC_READ_ACCESSED
// d_b <= loaded from 'host-address space size' VMEXIT control
// l <= loaded from 'host-address space size' VMEXIT control
parse_selector(host_state->segreg_selector[BX_SEG_REG_CS],
&BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector);
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.valid = SegValidCache | SegAccessROK | SegAccessWOK;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.p = 1;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.dpl = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.segment = 1; /* data/code segment */
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.type = BX_CODE_EXEC_READ_ACCESSED;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.base = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled = 0xffffffff;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.avl = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.g = 1; /* page granular */
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.d_b = !x86_64_host;
#if BX_SUPPORT_X86_64
BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.l = x86_64_host;
#endif
// DATA selector loaded from VMCS
// valid <= if selector is not all-zero
// base <= 0
// limit <= 0xffffffff, g <= 1
// present <= 1
// dpl <= 0
// type <= segment, BX_DATA_READ_WRITE_ACCESSED
// d_b <= 1
// l <= 0
for (unsigned segreg = 0; segreg < 6; segreg++)
{
if (segreg == BX_SEG_REG_CS) continue;
parse_selector(host_state->segreg_selector[segreg],
&BX_CPU_THIS_PTR sregs[segreg].selector);
if (! host_state->segreg_selector[segreg]) {
BX_CPU_THIS_PTR sregs[segreg].cache.valid = 0;
}
else {
BX_CPU_THIS_PTR sregs[segreg].cache.valid = SegValidCache;
BX_CPU_THIS_PTR sregs[segreg].cache.p = 1;
BX_CPU_THIS_PTR sregs[segreg].cache.dpl = 0;
BX_CPU_THIS_PTR sregs[segreg].cache.segment = 1; /* data/code segment */
BX_CPU_THIS_PTR sregs[segreg].cache.type = BX_DATA_READ_WRITE_ACCESSED;
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.base = 0;
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.limit_scaled = 0xffffffff;
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.avl = 0;
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.g = 1; /* page granular */
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.d_b = 1;
#if BX_SUPPORT_X86_64
BX_CPU_THIS_PTR sregs[segreg].cache.u.segment.l = 0;
#endif
}
}
// SS.DPL always clear
BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache.dpl = 0;
if (x86_64_host || BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.valid)
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.u.segment.base = host_state->fs_base;
if (x86_64_host || BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.valid)
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.u.segment.base = host_state->gs_base;
// TR selector loaded from VMCS
parse_selector(host_state->tr_selector, &BX_CPU_THIS_PTR tr.selector);
BX_CPU_THIS_PTR tr.cache.valid = 1; /* valid */
BX_CPU_THIS_PTR tr.cache.p = 1; /* present */
BX_CPU_THIS_PTR tr.cache.dpl = 0; /* field not used */
BX_CPU_THIS_PTR tr.cache.segment = 0; /* system segment */
BX_CPU_THIS_PTR tr.cache.type = BX_SYS_SEGMENT_BUSY_386_TSS;
BX_CPU_THIS_PTR tr.cache.u.segment.base = host_state->tr_base;
BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled = 0x67;
BX_CPU_THIS_PTR tr.cache.u.segment.avl = 0;
BX_CPU_THIS_PTR tr.cache.u.segment.g = 0; /* byte granular */
// unusable LDTR
BX_CPU_THIS_PTR ldtr.selector.value = 0x0000;
BX_CPU_THIS_PTR ldtr.selector.index = 0x0000;
BX_CPU_THIS_PTR ldtr.selector.ti = 0;
BX_CPU_THIS_PTR ldtr.selector.rpl = 0;
BX_CPU_THIS_PTR ldtr.cache.valid = 0; /* invalid */
BX_CPU_THIS_PTR gdtr.base = host_state->gdtr_base;
BX_CPU_THIS_PTR gdtr.limit = 0xFFFF;
BX_CPU_THIS_PTR idtr.base = host_state->idtr_base;
BX_CPU_THIS_PTR idtr.limit = 0xFFFF;
RIP = host_state->rip;
RSP = host_state->rsp;
BX_CPU_THIS_PTR inhibit_mask = 0;
BX_CPU_THIS_PTR debug_trap = 0;
// set flags directly, avoid setEFlags side effects
BX_CPU_THIS_PTR eflags = 0x2; // Bit1 is always set
// Update lazy flags state
setEFlagsOSZAPC(0);
#if BX_SUPPORT_MONITOR_MWAIT
BX_CPU_THIS_PTR monitor.reset_monitor();
#endif
invalidate_prefetch_q();
#if BX_SUPPORT_ALIGNMENT_CHECK
handleAlignmentCheck();
#endif
handleCpuModeChange();
handleSseModeChange();
#if BX_SUPPORT_AVX
handleAvxModeChange();
#endif
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_CONTEXT_SWITCH, 0);
}
void BX_CPU_C::VMexit(bxInstruction_c *i, Bit32u reason, Bit64u qualification)
{
VMCS_CACHE *vm = &BX_CPU_THIS_PTR vmcs;
if (!BX_CPU_THIS_PTR in_vmx || !BX_CPU_THIS_PTR in_vmx_guest) {
if ((reason & 0x80000000) == 0)
BX_PANIC(("PANIC: VMEXIT not in VMX guest mode !"));
}
// VMEXITs are FAULT-like: restore RIP/RSP to value before VMEXIT occurred
RIP = BX_CPU_THIS_PTR prev_rip;
if (BX_CPU_THIS_PTR speculative_rsp)
RSP = BX_CPU_THIS_PTR prev_rsp;
//
// STEP 0: Update VMEXIT reason
//
VMwrite32(VMCS_32BIT_VMEXIT_REASON, reason);
VMwrite_natural(VMCS_VMEXIT_QUALIFICATION, qualification);
if (i != 0)
VMwrite32(VMCS_32BIT_VMEXIT_INSTRUCTION_LENGTH, i->ilen());
reason &= 0xffff; /* keep only basic VMEXIT reason */
if (reason != VMX_VMEXIT_EXCEPTION_NMI && reason != VMX_VMEXIT_EXTERNAL_INTERRUPT) {
VMwrite32(VMCS_32BIT_VMEXIT_INTERRUPTION_INFO, 0);
}
if (BX_CPU_THIS_PTR in_event) {
VMwrite32(VMCS_32BIT_IDT_VECTORING_INFO, vm->idt_vector_info | 0x80000000);
VMwrite32(VMCS_32BIT_IDT_VECTORING_ERR_CODE, vm->idt_vector_error_code);
BX_CPU_THIS_PTR in_event = 0;
}
else {
VMwrite32(VMCS_32BIT_IDT_VECTORING_INFO, 0);
}
//
// STEP 1: Saving Guest State to VMCS
//
if (reason != VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE && reason != VMX_VMEXIT_VMENTRY_FAILURE_MSR) {
// clear VMENTRY interruption info field
VMwrite32(VMCS_32BIT_CONTROL_VMENTRY_INTERRUPTION_INFO, vm->vmentry_interr_info & ~0x80000000);
VMexitSaveGuestState();
Bit32u msr = StoreMSRs(vm->vmexit_msr_store_cnt, vm->vmexit_msr_store_addr);
if (msr) {
BX_ERROR(("VMABORT: Error when saving guest MSR number %d", msr));
VMabort(VMABORT_SAVING_GUEST_MSRS_FAILURE);
}
}
BX_CPU_THIS_PTR in_vmx_guest = 0;
//
// STEP 2: Load Host State
//
VMexitLoadHostState();
//
// STEP 3: Load Host MSR registers
//
Bit32u msr = LoadMSRs(vm->vmexit_msr_load_cnt, vm->vmexit_msr_load_addr);
if (msr) {
BX_ERROR(("VMABORT: Error when loading host MSR number %d", msr));
VMabort(VMABORT_LOADING_HOST_MSRS);
}
//
// STEP 4: Go back to VMX host
//
BX_CPU_THIS_PTR disable_INIT = 1; // INIT is disabled in VMX root mode
BX_CPU_THIS_PTR vmx_interrupt_window = 0;
BX_CPU_THIS_PTR errorno = 0;
BX_CPU_THIS_PTR EXT = 0;
#if BX_DEBUGGER
if (BX_CPU_THIS_PTR vmexit_break) {
BX_CPU_THIS_PTR stop_reason = STOP_VMEXIT_BREAK_POINT;
bx_debug_break(); // trap into debugger
}
#endif
longjmp(BX_CPU_THIS_PTR jmp_buf_env, 1); // go back to main decode loop
}
#endif // BX_SUPPORT_VMX
////////////////////////////////////////////////////////////
// VMX instructions
////////////////////////////////////////////////////////////
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMXON(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR cr4.get_VMXE() || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (! BX_CPU_THIS_PTR in_vmx) {
if (CPL != 0 || ! BX_CPU_THIS_PTR cr0.get_NE() ||
! (BX_CPU_THIS_PTR cr0.get_PE()) || BX_GET_ENABLE_A20() == 0 ||
! (BX_CPU_THIS_PTR msr.ia32_feature_ctrl & BX_IA32_FEATURE_CONTROL_LOCK_BIT) ||
! (BX_CPU_THIS_PTR msr.ia32_feature_ctrl & BX_IA32_FEATURE_CONTROL_VMX_ENABLE_BIT))
{
BX_ERROR(("#GP: VMXON is not allowed !"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
Bit64u pAddr = read_virtual_qword(i->seg(), eaddr); // keep 64-bit
if ((pAddr & 0xfff) != 0 || ! IsValidPhyAddr(pAddr)) {
BX_ERROR(("VMXON: invalid or not page aligned physical address !"));
VMfailInvalid();
BX_NEXT_INSTR(i);
}
Bit32u revision = VMXReadRevisionID((bx_phy_address) pAddr);
if (revision != VMX_VMCS_REVISION_ID) {
BX_ERROR(("VMXON: not expected (%d != %d) VMCS revision id !", revision, VMX_VMCS_REVISION_ID));
VMfailInvalid();
BX_NEXT_INSTR(i);
}
BX_CPU_THIS_PTR vmcsptr = BX_INVALID_VMCSPTR;
BX_CPU_THIS_PTR vmcshostptr = 0;
BX_CPU_THIS_PTR vmxonptr = pAddr;
BX_CPU_THIS_PTR in_vmx = 1;
BX_CPU_THIS_PTR disable_INIT = 1; // INIT is disabled in VMX root mode
// block and disable A20M;
#if BX_SUPPORT_MONITOR_MWAIT
BX_CPU_THIS_PTR monitor.reset_monitor();
#endif
VMsucceed();
}
else if (BX_CPU_THIS_PTR in_vmx_guest) { // in VMX non-root operation
BX_ERROR(("VMEXIT: VMXON in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMXON);
}
else {
// in VMX root operation mode
if (CPL != 0) {
BX_ERROR(("VMXON with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
VMfail(VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
}
#endif
BX_NEXT_INSTR(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMXOFF(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMXOFF in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMXOFF);
}
if (CPL != 0) {
BX_ERROR(("VMXOFF with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
/*
if dual-monitor treatment of SMIs and SMM is active
THEN VMfail(VMXERR_VMXOFF_WITH_CONFIGURED_SMM_MONITOR);
else
*/
{
BX_CPU_THIS_PTR vmxonptr = BX_INVALID_VMCSPTR;
BX_CPU_THIS_PTR in_vmx = 0; // leave VMX operation mode
BX_CPU_THIS_PTR disable_INIT = 0;
// unblock and enable A20M;
#if BX_SUPPORT_MONITOR_MWAIT
BX_CPU_THIS_PTR monitor.reset_monitor();
#endif
VMsucceed();
}
#endif
BX_NEXT_INSTR(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMCALL(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMCALL in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMCALL);
}
if (BX_CPU_THIS_PTR get_VM() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (CPL != 0) {
BX_ERROR(("VMCALL with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
if (BX_CPU_THIS_PTR in_smm /*||
(the logical processor does not support the dual-monitor treatment of SMIs and SMM) ||
(the valid bit in the IA32_SMM_MONITOR_CTL MSR is clear)*/)
{
VMfail(VMXERR_VMCALL_IN_VMX_ROOT_OPERATION);
BX_NEXT_TRACE(i);
}
/*
if dual-monitor treatment of SMIs and BX_CPU_THIS_PTR in_smm
THEN perform an SMM VMexit (see Section 24.16.2
of the IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
*/
if (! VMCSPTR_VALID()) {
BX_ERROR(("VMFAIL: VMCALL with invalid VMCS ptr"));
VMfailInvalid();
BX_NEXT_TRACE(i);
}
Bit32u launch_state;
access_read_physical(BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4, &launch_state);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4,
BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&launch_state));
if (launch_state != VMCS_STATE_CLEAR) {
BX_ERROR(("VMFAIL: VMCALL with launched VMCS"));
VMfail(VMXERR_VMCALL_NON_CLEAR_VMCS);
BX_NEXT_TRACE(i);
}
BX_PANIC(("VMCALL: not implemented yet"));
/*
if VM-exit control fields are not valid (see Section 24.16.6.1 of the IntelR 64 and IA-32 Architectures
Software Developer's Manual, Volume 3B)
THEN VMfail(VMXERR_VMCALL_INVALID_VMEXIT_FIELD);
else
enter SMM;
read revision identifier in MSEG;
if revision identifier does not match that supported by processor
THEN
leave SMM;
VMfailValid(VMXERR_VMCALL_INVALID_MSEG_REVISION_ID);
else
read SMM-monitor features field in MSEG (see Section 24.16.6.2,
in the IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
if features field is invalid
THEN
leave SMM;
VMfailValid(VMXERR_VMCALL_WITH_INVALID_SMM_MONITOR_FEATURES);
else activate dual-monitor treatment of SMIs and SMM (see Section 24.16.6
in the IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
FI;
FI;
FI;
*/
#endif
BX_NEXT_TRACE(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMLAUNCH(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
unsigned vmlaunch = 0;
if ((i->getIaOpcode() == BX_IA_VMLAUNCH)) {
BX_INFO(("VMLAUNCH VMCS ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcsptr));
vmlaunch = 1;
}
else {
BX_INFO(("VMRESUME VMCS ptr: 0x" FMT_ADDRX64, BX_CPU_THIS_PTR vmcsptr));
}
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMLAUNCH in VMX non-root operation"));
VMexit_Instruction(i, vmlaunch ? VMX_VMEXIT_VMLAUNCH : VMX_VMEXIT_VMRESUME);
}
if (CPL != 0) {
BX_ERROR(("VMLAUNCH/VMRESUME with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
if (! VMCSPTR_VALID()) {
BX_ERROR(("VMFAIL: VMLAUNCH with invalid VMCS ptr !"));
VMfailInvalid();
BX_NEXT_TRACE(i);
}
if (interrupts_inhibited(BX_INHIBIT_INTERRUPTS_BY_MOVSS)) {
BX_ERROR(("VMFAIL: VMLAUNCH with interrupts blocked by MOV_SS !"));
VMfail(VMXERR_VMENTRY_MOV_SS_BLOCKING);
BX_NEXT_TRACE(i);
}
Bit32u launch_state;
access_read_physical(BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4, &launch_state);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4,
BX_VMCS_ACCESS | BX_READ, (Bit8u*)(&launch_state));
if (vmlaunch) {
if (launch_state != VMCS_STATE_CLEAR) {
BX_ERROR(("VMFAIL: VMLAUNCH with non-clear VMCS!"));
VMfail(VMXERR_VMLAUNCH_NON_CLEAR_VMCS);
BX_NEXT_TRACE(i);
}
}
else {
if (launch_state != VMCS_STATE_LAUNCHED) {
BX_ERROR(("VMFAIL: VMRESUME with non-launched VMCS!"));
VMfail(VMXERR_VMRESUME_NON_LAUNCHED_VMCS);
BX_NEXT_TRACE(i);
}
}
///////////////////////////////////////////////////////
// STEP 1: Load and Check VM-Execution Control Fields
// STEP 2: Load and Check VM-Exit Control Fields
// STEP 3: Load and Check VM-Entry Control Fields
///////////////////////////////////////////////////////
VMX_error_code error = VMenterLoadCheckVmControls();
if (error != VMXERR_NO_ERROR) {
VMfail(error);
BX_NEXT_TRACE(i);
}
///////////////////////////////////////////////////////
// STEP 4: Load and Check Host State
///////////////////////////////////////////////////////
error = VMenterLoadCheckHostState();
if (error != VMXERR_NO_ERROR) {
VMfail(error);
BX_NEXT_TRACE(i);
}
///////////////////////////////////////////////////////
// STEP 5: Load and Check Guest State
///////////////////////////////////////////////////////
Bit64u qualification = VMENTER_ERR_NO_ERROR;
Bit32u state_load_error = VMenterLoadCheckGuestState(&qualification);
if (state_load_error) {
BX_ERROR(("VMEXIT: Guest State Checks Failed"));
VMexit(0, VMX_VMEXIT_VMENTRY_FAILURE_GUEST_STATE | (1 << 31), qualification);
}
Bit32u msr = LoadMSRs(BX_CPU_THIS_PTR vmcs.vmentry_msr_load_cnt, BX_CPU_THIS_PTR vmcs.vmentry_msr_load_addr);
if (msr) {
BX_ERROR(("VMEXIT: Error when loading guest MSR 0x%08x", msr));
VMexit(0, VMX_VMEXIT_VMENTRY_FAILURE_MSR | (1 << 31), msr);
}
///////////////////////////////////////////////////////
// STEP 6: Update VMCS 'launched' state
///////////////////////////////////////////////////////
if (vmlaunch) {
launch_state = VMCS_STATE_LAUNCHED;
bx_phy_address pAddr = BX_CPU_THIS_PTR vmcsptr + VMCS_LAUNCH_STATE_FIELD_ADDR;
access_write_physical(pAddr, 4, &launch_state);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr, 4, BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&launch_state));
}
/*
Check settings of VMX controls and host-state area;
if invalid settings
THEN VMfailValid(VM entry with invalid VMX-control field(s)) or
VMfailValid(VM entry with invalid host-state field(s)) or
VMfailValid(VM entry with invalid executive-VMCS pointer)) or
VMfailValid(VM entry with non-launched executive VMCS) or
VMfailValid(VM entry with executive-VMCS pointer not VMXON pointer)
VMfailValid(VM entry with invalid VM-execution control fields in executive VMCS)
(as appropriate);
else
Attempt to load guest state and PDPTRs as appropriate;
clear address-range monitoring;
if failure in checking guest state or PDPTRs
THEN VM entry fails (see Section 22.7, in the
IntelR 64 and IA-32 Architectures Software Developer's Manual, Volume 3B);
else
Attempt to load MSRs from VM-entry MSR-load area;
if failure
THEN VM entry fails (see Section 22.7, in the IntelR 64 and IA-32
Architectures Software Developer's Manual, Volume 3B);
else {
if VMLAUNCH
THEN launch state of VMCS <== "launched";
if in SMM and "entry to SMM" VM-entry control is 0
THEN
if "deactivate dual-monitor treatment" VM-entry control is 0
THEN SMM-transfer VMCS pointer <== current-VMCS pointer;
FI;
if executive-VMCS pointer is VMX pointer
THEN current-VMCS pointer <== VMCS-link pointer;
else current-VMCS pointer <== executive-VMCS pointer;
FI;
leave SMM;
FI;
VMsucceed();
}
FI;
FI;
*/
BX_CPU_THIS_PTR in_vmx_guest = 1;
BX_CPU_THIS_PTR disable_INIT = 0;
if (VMEXIT(VMX_VM_EXEC_CTRL2_TSC_OFFSET))
BX_CPU_THIS_PTR tsc_offset = VMread64(VMCS_64BIT_CONTROL_TSC_OFFSET);
else
BX_CPU_THIS_PTR tsc_offset = 0;
#if BX_SUPPORT_VMX >= 2
if (PIN_VMEXIT(VMX_VM_EXEC_CTRL1_VMX_PREEMPTION_TIMER_VMEXIT)) {
Bit32u timer_value = VMread32(VMCS_32BIT_GUEST_PREEMPTION_TIMER_VALUE);
if (timer_value == 0) {
BX_CPU_THIS_PTR pending_vmx_timer_expired = 1;
BX_CPU_THIS_PTR async_event = 1;
}
else {
// activate VMX preemption timer
BX_DEBUG(("VMX preemption timer active"));
BX_CPU_THIS_PTR pending_vmx_timer_expired = 0;
BX_CPU_THIS_PTR lapic.set_vmx_preemption_timer(timer_value);
}
}
#endif
///////////////////////////////////////////////////////
// STEP 7: Inject events to the guest
///////////////////////////////////////////////////////
VMenterInjectEvents();
#endif
BX_NEXT_TRACE(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMPTRLD(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMPTRLD in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMPTRLD);
}
if (CPL != 0) {
BX_ERROR(("VMPTRLD with CPL!=0 willcause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
Bit64u pAddr = read_virtual_qword(i->seg(), eaddr); // keep 64-bit
if ((pAddr & 0xfff) != 0 || ! IsValidPhyAddr(pAddr)) {
BX_ERROR(("VMFAIL: invalid or not page aligned physical address !"));
VMfail(VMXERR_VMPTRLD_INVALID_PHYSICAL_ADDRESS);
BX_NEXT_INSTR(i);
}
if (pAddr == BX_CPU_THIS_PTR vmxonptr) {
BX_ERROR(("VMFAIL: VMPTRLD with VMXON ptr !"));
VMfail(VMXERR_VMPTRLD_WITH_VMXON_PTR);
}
else {
Bit32u revision = VMXReadRevisionID((bx_phy_address) pAddr);
if (revision != VMX_VMCS_REVISION_ID) {
BX_ERROR(("VMPTRLD: not expected (%d != %d) VMCS revision id !", revision, VMX_VMCS_REVISION_ID));
VMfail(VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID);
}
else {
set_VMCSPTR(pAddr);
VMsucceed();
}
}
#endif
BX_NEXT_INSTR(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMPTRST(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMPTRST in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMPTRST);
}
if (CPL != 0) {
BX_ERROR(("VMPTRST with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
write_virtual_qword(i->seg(), eaddr, BX_CPU_THIS_PTR vmcsptr);
VMsucceed();
#endif
BX_NEXT_INSTR(i);
}
BX_CPP_INLINE Bit32u rotate_r(Bit32u val_32)
{
return (val_32 >> 8) | (val_32 << 24);
}
BX_CPP_INLINE Bit32u rotate_l(Bit32u val_32)
{
return (val_32 << 8) | (val_32 >> 24);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMREAD(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMREAD in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMREAD);
}
if (CPL != 0) {
BX_ERROR(("VMREAD with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
if (! VMCSPTR_VALID()) {
BX_ERROR(("VMFAIL: VMREAD with invalid VMCS ptr !"));
VMfailInvalid();
BX_NEXT_INSTR(i);
}
#if BX_SUPPORT_X86_64
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
if (BX_READ_64BIT_REG_HIGH(i->nnn())) {
BX_ERROR(("VMREAD: not supported field (upper 32-bit not zero)"));
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
BX_NEXT_INSTR(i);
}
}
#endif
unsigned encoding = BX_READ_32BIT_REG(i->nnn());
if (vmcs_field_offset(encoding) == 0xffffffff) {
BX_ERROR(("VMREAD: not supported field 0x%08x", encoding));
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
BX_NEXT_INSTR(i);
}
unsigned width = VMCS_FIELD_WIDTH(encoding);
Bit64u field_64;
if(width == VMCS_FIELD_WIDTH_16BIT) {
field_64 = VMread16(encoding);
}
else if(width == VMCS_FIELD_WIDTH_32BIT) {
// the real hardware write access rights rotated
if (encoding >= VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS && encoding <= VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS)
field_64 = rotate_r(VMread32(encoding));
else
field_64 = VMread32(encoding);
}
else if(width == VMCS_FIELD_WIDTH_64BIT) {
if (IS_VMCS_FIELD_HI(encoding))
field_64 = VMread32(encoding);
else
field_64 = VMread64(encoding);
}
else {
field_64 = VMread_natural(encoding);
}
#if BX_SUPPORT_X86_64
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
if (i->modC0()) {
BX_WRITE_64BIT_REG(i->rm(), field_64);
}
else {
Bit64u eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
write_virtual_qword_64(i->seg(), eaddr, field_64);
}
}
else
#endif
{
Bit32u field_32 = GET32L(field_64);
if (i->modC0()) {
BX_WRITE_32BIT_REGZ(i->rm(), field_32);
}
else {
Bit32u eaddr = (Bit32u) BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
write_virtual_dword_32(i->seg(), eaddr, field_32);
}
}
VMsucceed();
#endif
BX_NEXT_INSTR(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMWRITE(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMWRITE in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMWRITE);
}
if (CPL != 0) {
BX_ERROR(("VMWRITE with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
if (! VMCSPTR_VALID()) {
BX_ERROR(("VMFAIL: VMWRITE with invalid VMCS ptr !"));
VMfailInvalid();
BX_NEXT_INSTR(i);
}
Bit64u val_64;
Bit32u val_32;
#if BX_SUPPORT_X86_64
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
if (i->modC0()) {
val_64 = BX_READ_64BIT_REG(i->rm());
}
else {
Bit64u eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
val_64 = read_virtual_qword_64(i->seg(), eaddr);
}
if (BX_READ_64BIT_REG_HIGH(i->nnn())) {
BX_ERROR(("VMWRITE: not supported field (upper 32-bit not zero)"));
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
BX_NEXT_INSTR(i);
}
val_32 = GET32L(val_64);
}
else
#endif
{
if (i->modC0()) {
val_32 = BX_READ_32BIT_REG(i->rm());
}
else {
Bit32u eaddr = (Bit32u) BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
val_32 = read_virtual_dword_32(i->seg(), eaddr);
}
val_64 = (Bit64u) val_32;
}
Bit32u encoding = BX_READ_32BIT_REG(i->nnn());
if (vmcs_field_offset(encoding) == 0xffffffff) {
BX_ERROR(("VMWRITE: not supported field 0x%08x", encoding));
VMfail(VMXERR_UNSUPPORTED_VMCS_COMPONENT_ACCESS);
BX_NEXT_INSTR(i);
}
if (VMCS_FIELD_TYPE(encoding) == VMCS_FIELD_TYPE_READ_ONLY)
{
BX_ERROR(("VMWRITE: write to read only field 0x%08x", encoding));
VMfail(VMXERR_VMWRITE_READ_ONLY_VMCS_COMPONENT);
BX_NEXT_INSTR(i);
}
unsigned width = VMCS_FIELD_WIDTH(encoding);
if(width == VMCS_FIELD_WIDTH_16BIT) {
VMwrite16(encoding, val_32 & 0xffff);
}
else if(width == VMCS_FIELD_WIDTH_32BIT) {
// the real hardware write access rights rotated
if (encoding >= VMCS_32BIT_GUEST_ES_ACCESS_RIGHTS && encoding <= VMCS_32BIT_GUEST_TR_ACCESS_RIGHTS)
VMwrite32(encoding, rotate_l(val_32));
else
VMwrite32(encoding, val_32);
}
else if(width == VMCS_FIELD_WIDTH_64BIT) {
if (IS_VMCS_FIELD_HI(encoding))
VMwrite32(encoding, val_32);
else
VMwrite64(encoding, val_64);
}
else {
VMwrite_natural(encoding, (bx_address) val_64);
}
VMsucceed();
#endif
BX_NEXT_INSTR(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::VMCLEAR(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: VMCLEAR in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_VMCLEAR);
}
if (CPL != 0) {
BX_ERROR(("VMCLEAR with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
Bit64u pAddr = read_virtual_qword(i->seg(), eaddr); // keep 64-bit
if ((pAddr & 0xfff) != 0 || ! IsValidPhyAddr(pAddr)) {
BX_ERROR(("VMFAIL: VMCLEAR with invalid physical address!"));
VMfail(VMXERR_VMCLEAR_WITH_INVALID_ADDR);
BX_NEXT_INSTR(i);
}
if (pAddr == BX_CPU_THIS_PTR vmxonptr) {
BX_ERROR(("VMFAIL: VMLEAR with VMXON ptr !"));
VMfail(VMXERR_VMCLEAR_WITH_VMXON_VMCS_PTR);
}
else {
// ensure that data for VMCS referenced by the operand is in memory
// initialize implementation-specific data in VMCS region
// clear VMCS launch state
Bit32u launch_state = VMCS_STATE_CLEAR;
access_write_physical(pAddr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4, &launch_state);
BX_DBG_PHY_MEMORY_ACCESS(BX_CPU_ID, pAddr + VMCS_LAUNCH_STATE_FIELD_ADDR, 4,
BX_VMCS_ACCESS | BX_WRITE, (Bit8u*)(&launch_state));
if (pAddr == BX_CPU_THIS_PTR vmcsptr) {
BX_CPU_THIS_PTR vmcsptr = BX_INVALID_VMCSPTR;
BX_CPU_THIS_PTR vmcshostptr = 0;
}
VMsucceed();
}
#endif
BX_NEXT_INSTR(i);
}
#if BX_CPU_LEVEL >= 6
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::INVEPT(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX >= 2
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: INVEPT in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_INVEPT);
}
if (CPL != 0) {
BX_ERROR(("INVEPT with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address type;
if (i->os64L()) {
type = BX_READ_64BIT_REG(i->nnn());
}
else {
type = BX_READ_32BIT_REG(i->nnn());
}
BxPackedXmmRegister inv_eptp;
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
read_virtual_dqword(i->seg(), eaddr, (Bit8u *) &inv_eptp);
switch(type) {
case BX_INVEPT_INVVPID_SINGLE_CONTEXT_INVALIDATION:
if (! is_eptptr_valid(inv_eptp.xmm64u(0))) {
BX_ERROR(("INVEPT: invalid EPTPTR value !"));
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
BX_NEXT_TRACE(i);
}
TLB_flush(); // Invalidate mappings associated with EPTP[51:12]
break;
case BX_INVEPT_INVVPID_ALL_CONTEXT_INVALIDATION:
TLB_flush(); // Invalidate mappings associated with all EPTPs
break;
default:
BX_ERROR(("INVEPT: not supported type !"));
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
BX_NEXT_TRACE(i);
}
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_INVEPT, type);
VMsucceed();
#else
BX_INFO(("INVEPT: required VMXx2 support, use --enable-vmx=2 option"));
exception(BX_UD_EXCEPTION, 0);
#endif
BX_NEXT_TRACE(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::INVVPID(bxInstruction_c *i)
{
#if BX_SUPPORT_VMX >= 2
if (! BX_CPU_THIS_PTR in_vmx || ! protected_mode() || BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_COMPAT)
exception(BX_UD_EXCEPTION, 0);
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: INVVPID in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_INVVPID);
}
if (CPL != 0) {
BX_ERROR(("INVVPID with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address type;
if (i->os64L()) {
type = BX_READ_64BIT_REG(i->nnn());
}
else {
type = BX_READ_32BIT_REG(i->nnn());
}
BxPackedXmmRegister invvpid_desc;
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
read_virtual_dqword(i->seg(), eaddr, (Bit8u *) &invvpid_desc);
if (invvpid_desc.xmm64u(0) > 0xffff) {
BX_ERROR(("INVVPID: INVVPID_DESC reserved bits set"));
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
BX_NEXT_TRACE(i);
}
Bit16u vpid = invvpid_desc.xmm16u(0);
if (vpid == 0 && type != BX_INVEPT_INVVPID_ALL_CONTEXT_INVALIDATION) {
BX_ERROR(("INVVPID with VPID=0"));
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
BX_NEXT_TRACE(i);
}
switch(type) {
case BX_INVEPT_INVVPID_INDIVIDUAL_ADDRESS_INVALIDATION:
if (! IsCanonical(invvpid_desc.xmm64u(1))) {
BX_ERROR(("INVVPID: non canonical LADDR single context invalidation"));
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
BX_NEXT_TRACE(i);
}
TLB_flush(); // invalidate all mappings for address LADDR tagged with VPID
break;
case BX_INVEPT_INVVPID_SINGLE_CONTEXT_INVALIDATION:
TLB_flush(); // invalidate all mappings tagged with VPID
break;
case BX_INVEPT_INVVPID_ALL_CONTEXT_INVALIDATION:
TLB_flush(); // invalidate all mappings tagged with VPID <> 0
break;
case BX_INVEPT_INVVPID_SINGLE_CONTEXT_NON_GLOBAL_INVALIDATION:
TLB_flushNonGlobal(); // invalidate all mappings tagged with VPID except globals
break;
default:
BX_ERROR(("INVVPID: not supported type !"));
VMfail(VMXERR_INVALID_INVEPT_INVVPID);
BX_NEXT_TRACE(i);
}
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_INVVPID, type);
VMsucceed();
#else
BX_INFO(("INVVPID: required VMXx2 support, use --enable-vmx=2 option"));
exception(BX_UD_EXCEPTION, 0);
#endif
BX_NEXT_TRACE(i);
}
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::INVPCID(bxInstruction_c *i)
{
if (v8086_mode()) {
BX_ERROR(("INVPCID: not recognized in v8086 mode"));
exception(BX_UD_EXCEPTION, 0);
}
#if BX_SUPPORT_VMX
// INVPCID will always #UD in legacy VMX mode
if (BX_CPU_THIS_PTR in_vmx_guest) {
if (! SECONDARY_VMEXEC_CONTROL(VMX_VM_EXEC_CTRL3_INVPCID)) {
BX_ERROR(("INVPCID in VMX guest: not allowed to use instruction !"));
exception(BX_UD_EXCEPTION, 0);
}
#if BX_SUPPORT_VMX >= 2
if (VMEXIT(VMX_VM_EXEC_CTRL2_INVLPG_VMEXIT)) {
BX_ERROR(("VMEXIT: INVPCID in VMX non-root operation"));
VMexit_Instruction(i, VMX_VMEXIT_INVPCID);
}
#endif
}
#endif
if (CPL != 0) {
BX_ERROR(("INVPCID with CPL!=0 cause #GP(0)"));
exception(BX_GP_EXCEPTION, 0);
}
bx_address type;
#if BX_SUPPORT_X86_64
if (i->os64L()) {
type = BX_READ_64BIT_REG(i->nnn());
}
else
#endif
{
type = BX_READ_32BIT_REG(i->nnn());
}
BxPackedXmmRegister invpcid_desc;
bx_address eaddr = BX_CPU_CALL_METHODR(i->ResolveModrm, (i));
read_virtual_dqword(i->seg(), eaddr, (Bit8u *) &invpcid_desc);
if (invpcid_desc.xmm64u(0) > 0xfff) {
BX_ERROR(("INVPCID: INVPCID_DESC reserved bits set"));
exception(BX_GP_EXCEPTION, 0);
}
Bit16u pcid = invpcid_desc.xmm16u(0) & 0xfff;
switch(type) {
case BX_INVPCID_INDIVIDUAL_ADDRESS_NON_GLOBAL_INVALIDATION:
#if BX_SUPPORT_X86_64
if (! IsCanonical(invpcid_desc.xmm64u(1))) {
BX_ERROR(("INVPCID: non canonical LADDR single context invalidation"));
exception(BX_GP_EXCEPTION, 0);
}
#endif
if (! BX_CPU_THIS_PTR cr4.get_PCIDE() && pcid != 0) {
BX_ERROR(("INVPCID: invalid PCID"));
exception(BX_GP_EXCEPTION, 0);
}
TLB_flushNonGlobal(); // Invalidate all mappings for LADDR tagged with PCID except globals
break;
case BX_INVPCID_SINGLE_CONTEXT_NON_GLOBAL_INVALIDATION:
if (! BX_CPU_THIS_PTR cr4.get_PCIDE() && pcid != 0) {
BX_ERROR(("INVPCID: invalid PCID"));
exception(BX_GP_EXCEPTION, 0);
}
TLB_flushNonGlobal(); // Invalidate all mappings tagged with PCID except globals
break;
case BX_INVPCID_ALL_CONTEXT_INVALIDATION:
TLB_flush(); // Invalidate all mappings tagged with any PCID
break;
case BX_INVPCID_ALL_CONTEXT_NON_GLOBAL_INVALIDATION:
TLB_flushNonGlobal(); // Invalidate all mappings tagged with any PCID except globals
break;
default:
BX_ERROR(("INVPCID: not supported type !"));
exception(BX_GP_EXCEPTION, 0);
}
BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_INVPCID, type);
BX_NEXT_TRACE(i);
}
#endif
BX_INSF_TYPE BX_CPP_AttrRegparmN(1) BX_CPU_C::GETSEC(bxInstruction_c *i)
{
#if BX_CPU_LEVEL >= 6
if (! BX_CPU_THIS_PTR cr4.get_SMXE())
exception(BX_UD_EXCEPTION, 0);
#if BX_SUPPORT_VMX
if (BX_CPU_THIS_PTR in_vmx_guest) {
BX_ERROR(("VMEXIT: GETSEC in VMX non-root operation"));
VMexit(i, VMX_VMEXIT_GETSEC, 0);
}
#endif
BX_PANIC(("GETSEC: SMX is not implemented yet !"));
#endif
BX_NEXT_TRACE(i);
}
#if BX_SUPPORT_VMX
void BX_CPU_C::register_vmx_state(bx_param_c *parent)
{
if (! bx_cpuid_support_vmx()) return;
// register VMX state for save/restore param tree
bx_list_c *vmx = new bx_list_c(parent, "VMX", 9);
BXRS_HEX_PARAM_FIELD(vmx, vmcsptr, BX_CPU_THIS_PTR vmcsptr);
BXRS_HEX_PARAM_FIELD(vmx, vmxonptr, BX_CPU_THIS_PTR vmxonptr);
BXRS_PARAM_BOOL(vmx, in_vmx, BX_CPU_THIS_PTR in_vmx);
BXRS_PARAM_BOOL(vmx, in_vmx_guest, BX_CPU_THIS_PTR in_vmx_guest);
BXRS_PARAM_BOOL(vmx, in_smm_vmx, BX_CPU_THIS_PTR in_smm_vmx);
BXRS_PARAM_BOOL(vmx, in_smm_vmx_guest, BX_CPU_THIS_PTR in_smm_vmx_guest);
BXRS_PARAM_BOOL(vmx, vmx_interrupt_window, BX_CPU_THIS_PTR vmx_interrupt_window);
#if BX_SUPPORT_VMX >= 2
BXRS_PARAM_BOOL(vmx, pending_vmx_timer_expired, BX_CPU_THIS_PTR pending_vmx_timer_expired);
#endif
bx_list_c *vmcache = new bx_list_c(vmx, "VMCS_CACHE", 5);
//
// VM-Execution Control Fields
//
bx_list_c *vmexec_ctrls = new bx_list_c(vmcache, "VMEXEC_CTRLS", 29);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vmexec_ctrls1, BX_CPU_THIS_PTR vmcs.vmexec_ctrls1);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vmexec_ctrls2, BX_CPU_THIS_PTR vmcs.vmexec_ctrls2);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vmexec_ctrls3, BX_CPU_THIS_PTR vmcs.vmexec_ctrls3);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_exceptions_bitmap, BX_CPU_THIS_PTR vmcs.vm_exceptions_bitmap);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_pf_mask, BX_CPU_THIS_PTR vmcs.vm_pf_mask);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_pf_match, BX_CPU_THIS_PTR vmcs.vm_pf_match);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, io_bitmap_addr1, BX_CPU_THIS_PTR vmcs.io_bitmap_addr[0]);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, io_bitmap_addr2, BX_CPU_THIS_PTR vmcs.io_bitmap_addr[1]);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, msr_bitmap_addr, BX_CPU_THIS_PTR vmcs.msr_bitmap_addr);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr0_mask, BX_CPU_THIS_PTR vmcs.vm_cr0_mask);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr0_read_shadow, BX_CPU_THIS_PTR vmcs.vm_cr0_read_shadow);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr4_mask, BX_CPU_THIS_PTR vmcs.vm_cr4_mask);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr4_read_shadow, BX_CPU_THIS_PTR vmcs.vm_cr4_read_shadow);
BXRS_DEC_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_cnt, BX_CPU_THIS_PTR vmcs.vm_cr3_target_cnt);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value1, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[0]);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value2, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[1]);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value3, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[2]);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_cr3_target_value4, BX_CPU_THIS_PTR vmcs.vm_cr3_target_value[3]);
#if BX_SUPPORT_X86_64
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, virtual_apic_page_addr, BX_CPU_THIS_PTR vmcs.virtual_apic_page_addr);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vm_tpr_threshold, BX_CPU_THIS_PTR vmcs.vm_tpr_threshold);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, apic_access_page, BX_CPU_THIS_PTR vmcs.apic_access_page);
#endif
#if BX_SUPPORT_VMX >= 2
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, eptptr, BX_CPU_THIS_PTR vmcs.eptptr);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, vpid, BX_CPU_THIS_PTR vmcs.vpid);
#endif
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, executive_vmcsptr, BX_CPU_THIS_PTR vmcs.executive_vmcsptr);
#if BX_SUPPORT_VMX >= 2
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, pause_loop_exiting_gap, BX_CPU_THIS_PTR vmcs.pause_loop_exiting_gap);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, pause_loop_exiting_window, BX_CPU_THIS_PTR vmcs.pause_loop_exiting_window);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, first_pause_time, BX_CPU_THIS_PTR vmcs.first_pause_time);
BXRS_HEX_PARAM_FIELD(vmexec_ctrls, last_pause_time, BX_CPU_THIS_PTR vmcs.last_pause_time);
#endif
//
// VM-Exit Control Fields
//
bx_list_c *vmexit_ctrls = new bx_list_c(vmcache, "VMEXIT_CTRLS", 5);
BXRS_HEX_PARAM_FIELD(vmexit_ctrls, vmexit_ctrls, BX_CPU_THIS_PTR vmcs.vmexit_ctrls);
BXRS_DEC_PARAM_FIELD(vmexit_ctrls, vmexit_msr_store_cnt, BX_CPU_THIS_PTR vmcs.vmexit_msr_store_cnt);
BXRS_HEX_PARAM_FIELD(vmexit_ctrls, vmexit_msr_store_addr, BX_CPU_THIS_PTR vmcs.vmexit_msr_store_addr);
BXRS_DEC_PARAM_FIELD(vmexit_ctrls, vmexit_msr_load_cnt, BX_CPU_THIS_PTR vmcs.vmexit_msr_load_cnt);
BXRS_HEX_PARAM_FIELD(vmexit_ctrls, vmexit_msr_load_addr, BX_CPU_THIS_PTR vmcs.vmexit_msr_load_addr);
//
// VM-Entry Control Fields
//
bx_list_c *vmentry_ctrls = new bx_list_c(vmcache, "VMENTRY_CTRLS", 6);
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_ctrls, BX_CPU_THIS_PTR vmcs.vmentry_ctrls);
BXRS_DEC_PARAM_FIELD(vmentry_ctrls, vmentry_msr_load_cnt, BX_CPU_THIS_PTR vmcs.vmentry_msr_load_cnt);
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_msr_load_addr, BX_CPU_THIS_PTR vmcs.vmentry_msr_load_addr);
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_interr_info, BX_CPU_THIS_PTR vmcs.vmentry_interr_info);
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_excep_err_code, BX_CPU_THIS_PTR vmcs.vmentry_excep_err_code);
BXRS_HEX_PARAM_FIELD(vmentry_ctrls, vmentry_instr_length, BX_CPU_THIS_PTR vmcs.vmentry_instr_length);
//
// VM-Exit Information Fields
//
/*
bx_list_c *vmexit_info = new bx_list_c(vmcache, "VMEXIT_INFO", 15);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_reason, BX_CPU_THIS_PTR vmcs.vmexit_reason);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_qualification, BX_CPU_THIS_PTR vmcs.vmexit_qualification);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_excep_info, BX_CPU_THIS_PTR vmcs.vmexit_excep_info);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_excep_error_code, BX_CPU_THIS_PTR vmcs.vmexit_excep_error_code);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_idt_vector_info, BX_CPU_THIS_PTR vmcs.vmexit_idt_vector_info);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_idt_vector_error_code, BX_CPU_THIS_PTR vmcs.vmexit_idt_vector_error_code);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_instr_info, BX_CPU_THIS_PTR vmcs.vmexit_instr_info);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_instr_length, BX_CPU_THIS_PTR vmcs.vmexit_instr_length);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_guest_laddr, BX_CPU_THIS_PTR vmcs.vmexit_guest_laddr);
#if BX_SUPPORT_VMX >= 2
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_guest_paddr, BX_CPU_THIS_PTR vmcs.vmexit_guest_paddr);
#endif
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rcx, BX_CPU_THIS_PTR vmcs.vmexit_io_rcx);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rsi, BX_CPU_THIS_PTR vmcs.vmexit_io_rsi);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rdi, BX_CPU_THIS_PTR vmcs.vmexit_io_rdi);
BXRS_HEX_PARAM_FIELD(vmexit_info, vmexit_io_rip, BX_CPU_THIS_PTR vmcs.vmexit_io_rip);
BXRS_HEX_PARAM_FIELD(vmexit_info, vm_instr_error, BX_CPU_THIS_PTR vmcs.vm_instr_error);
*/
//
// VMCS Host State
//
bx_list_c *host = new bx_list_c(vmcache, "HOST_STATE", 22);
#undef NEED_CPU_REG_SHORTCUTS
BXRS_HEX_PARAM_FIELD(host, CR0, BX_CPU_THIS_PTR vmcs.host_state.cr0);
BXRS_HEX_PARAM_FIELD(host, CR3, BX_CPU_THIS_PTR vmcs.host_state.cr3);
BXRS_HEX_PARAM_FIELD(host, CR4, BX_CPU_THIS_PTR vmcs.host_state.cr4);
BXRS_HEX_PARAM_FIELD(host, ES, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_ES]);
BXRS_HEX_PARAM_FIELD(host, CS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_CS]);
BXRS_HEX_PARAM_FIELD(host, SS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_SS]);
BXRS_HEX_PARAM_FIELD(host, DS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_DS]);
BXRS_HEX_PARAM_FIELD(host, FS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_FS]);
BXRS_HEX_PARAM_FIELD(host, FS_BASE, BX_CPU_THIS_PTR vmcs.host_state.fs_base);
BXRS_HEX_PARAM_FIELD(host, GS, BX_CPU_THIS_PTR vmcs.host_state.segreg_selector[BX_SEG_REG_GS]);
BXRS_HEX_PARAM_FIELD(host, GS_BASE, BX_CPU_THIS_PTR vmcs.host_state.gs_base);
BXRS_HEX_PARAM_FIELD(host, GDTR_BASE, BX_CPU_THIS_PTR vmcs.host_state.gdtr_base);
BXRS_HEX_PARAM_FIELD(host, IDTR_BASE, BX_CPU_THIS_PTR vmcs.host_state.idtr_base);
BXRS_HEX_PARAM_FIELD(host, TR, BX_CPU_THIS_PTR vmcs.host_state.tr_selector);
BXRS_HEX_PARAM_FIELD(host, TR_BASE, BX_CPU_THIS_PTR vmcs.host_state.tr_base);
BXRS_HEX_PARAM_FIELD(host, RSP, BX_CPU_THIS_PTR vmcs.host_state.rsp);
BXRS_HEX_PARAM_FIELD(host, RIP, BX_CPU_THIS_PTR vmcs.host_state.rip);
BXRS_HEX_PARAM_FIELD(host, sysenter_esp_msr, BX_CPU_THIS_PTR vmcs.host_state.sysenter_esp_msr);
BXRS_HEX_PARAM_FIELD(host, sysenter_eip_msr, BX_CPU_THIS_PTR vmcs.host_state.sysenter_eip_msr);
BXRS_HEX_PARAM_FIELD(host, sysenter_cs_msr, BX_CPU_THIS_PTR vmcs.host_state.sysenter_cs_msr);
#if BX_SUPPORT_VMX >= 2
BXRS_HEX_PARAM_FIELD(host, pat_msr, BX_CPU_THIS_PTR vmcs.host_state.pat_msr);
#if BX_SUPPORT_X86_64
BXRS_HEX_PARAM_FIELD(host, efer_msr, BX_CPU_THIS_PTR vmcs.host_state.efer_msr);
#endif
#endif
}
#endif // BX_SUPPORT_VMX