VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/VMXAllTemplate.cpp.h@ 99228

Last change on this file since 99228 was 99117, checked in by vboxsync, 22 months ago

VMM: Nested VMX: bugref:10318 Reschedule from HM when there's a pending MMIO write while handling nested-EPT violations.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 520.2 KB
Line 
1/* $Id: VMXAllTemplate.cpp.h 99117 2023-03-22 13:23:14Z vboxsync $ */
2/** @file
3 * HM VMX (Intel VT-x) - Code template for our own hypervisor and the NEM darwin backend using Apple's Hypervisor.framework.
4 */
5
6/*
7 * Copyright (C) 2012-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * SPDX-License-Identifier: GPL-3.0-only
26 */
27
28
29/*********************************************************************************************************************************
30* Defined Constants And Macros *
31*********************************************************************************************************************************/
32#if !defined(VMX_VMCS_WRITE_16) || !defined(VMX_VMCS_WRITE_32) || !defined(VMX_VMCS_WRITE_64) || !defined(VMX_VMCS_WRITE_64)
33# error "At least one of the VMX_VMCS_WRITE_16, VMX_VMCS_WRITE_32, VMX_VMCS_WRITE_64 or VMX_VMCS_WRITE_64 is missing"
34#endif
35
36
37#if !defined(VMX_VMCS_READ_16) || !defined(VMX_VMCS_READ_32) || !defined(VMX_VMCS_READ_64) || !defined(VMX_VMCS_READ_64)
38# error "At least one of the VMX_VMCS_READ_16, VMX_VMCS_READ_32, VMX_VMCS_READ_64 or VMX_VMCS_READ_64 is missing"
39#endif
40
41/** Enables condensing of VMREAD instructions, see vmxHCReadToTransient(). */
42#define HMVMX_WITH_CONDENSED_VMREADS
43
44/** Use the function table. */
45#define HMVMX_USE_FUNCTION_TABLE
46
47/** Determine which tagged-TLB flush handler to use. */
48#define HMVMX_FLUSH_TAGGED_TLB_EPT_VPID 0
49#define HMVMX_FLUSH_TAGGED_TLB_EPT 1
50#define HMVMX_FLUSH_TAGGED_TLB_VPID 2
51#define HMVMX_FLUSH_TAGGED_TLB_NONE 3
52
53/** Assert that all the given fields have been read from the VMCS. */
54#ifdef VBOX_STRICT
55# define HMVMX_ASSERT_READ(a_pVmxTransient, a_fReadFields) \
56 do { \
57 uint32_t const fVmcsFieldRead = ASMAtomicUoReadU32(&pVmxTransient->fVmcsFieldsRead); \
58 Assert((fVmcsFieldRead & (a_fReadFields)) == (a_fReadFields)); \
59 } while (0)
60#else
61# define HMVMX_ASSERT_READ(a_pVmxTransient, a_fReadFields) do { } while (0)
62#endif
63
64/**
65 * Subset of the guest-CPU state that is kept by VMX R0 code while executing the
66 * guest using hardware-assisted VMX.
67 *
68 * This excludes state like GPRs (other than RSP) which are always are
69 * swapped and restored across the world-switch and also registers like EFER,
70 * MSR which cannot be modified by the guest without causing a VM-exit.
71 */
72#define HMVMX_CPUMCTX_EXTRN_ALL ( CPUMCTX_EXTRN_RIP \
73 | CPUMCTX_EXTRN_RFLAGS \
74 | CPUMCTX_EXTRN_RSP \
75 | CPUMCTX_EXTRN_SREG_MASK \
76 | CPUMCTX_EXTRN_TABLE_MASK \
77 | CPUMCTX_EXTRN_KERNEL_GS_BASE \
78 | CPUMCTX_EXTRN_SYSCALL_MSRS \
79 | CPUMCTX_EXTRN_SYSENTER_MSRS \
80 | CPUMCTX_EXTRN_TSC_AUX \
81 | CPUMCTX_EXTRN_OTHER_MSRS \
82 | CPUMCTX_EXTRN_CR0 \
83 | CPUMCTX_EXTRN_CR3 \
84 | CPUMCTX_EXTRN_CR4 \
85 | CPUMCTX_EXTRN_DR7 \
86 | CPUMCTX_EXTRN_HWVIRT \
87 | CPUMCTX_EXTRN_INHIBIT_INT \
88 | CPUMCTX_EXTRN_INHIBIT_NMI)
89
90/**
91 * Exception bitmap mask for real-mode guests (real-on-v86).
92 *
93 * We need to intercept all exceptions manually except:
94 * - \#AC and \#DB are always intercepted to prevent the CPU from deadlocking
95 * due to bugs in Intel CPUs.
96 * - \#PF need not be intercepted even in real-mode if we have nested paging
97 * support.
98 */
99#define HMVMX_REAL_MODE_XCPT_MASK ( RT_BIT(X86_XCPT_DE) /* always: | RT_BIT(X86_XCPT_DB) */ | RT_BIT(X86_XCPT_NMI) \
100 | RT_BIT(X86_XCPT_BP) | RT_BIT(X86_XCPT_OF) | RT_BIT(X86_XCPT_BR) \
101 | RT_BIT(X86_XCPT_UD) | RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_DF) \
102 | RT_BIT(X86_XCPT_CO_SEG_OVERRUN) | RT_BIT(X86_XCPT_TS) | RT_BIT(X86_XCPT_NP) \
103 | RT_BIT(X86_XCPT_SS) | RT_BIT(X86_XCPT_GP) /* RT_BIT(X86_XCPT_PF) */ \
104 | RT_BIT(X86_XCPT_MF) /* always: | RT_BIT(X86_XCPT_AC) */ | RT_BIT(X86_XCPT_MC) \
105 | RT_BIT(X86_XCPT_XF))
106
107/** Maximum VM-instruction error number. */
108#define HMVMX_INSTR_ERROR_MAX 28
109
110/** Profiling macro. */
111#ifdef HM_PROFILE_EXIT_DISPATCH
112# define HMVMX_START_EXIT_DISPATCH_PROF() STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatExitDispatch, ed)
113# define HMVMX_STOP_EXIT_DISPATCH_PROF() STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatExitDispatch, ed)
114#else
115# define HMVMX_START_EXIT_DISPATCH_PROF() do { } while (0)
116# define HMVMX_STOP_EXIT_DISPATCH_PROF() do { } while (0)
117#endif
118
119#ifndef IN_NEM_DARWIN
120/** Assert that preemption is disabled or covered by thread-context hooks. */
121# define HMVMX_ASSERT_PREEMPT_SAFE(a_pVCpu) Assert( VMMR0ThreadCtxHookIsEnabled((a_pVCpu)) \
122 || !RTThreadPreemptIsEnabled(NIL_RTTHREAD))
123
124/** Assert that we haven't migrated CPUs when thread-context hooks are not
125 * used. */
126# define HMVMX_ASSERT_CPU_SAFE(a_pVCpu) AssertMsg( VMMR0ThreadCtxHookIsEnabled((a_pVCpu)) \
127 || (a_pVCpu)->hmr0.s.idEnteredCpu == RTMpCpuId(), \
128 ("Illegal migration! Entered on CPU %u Current %u\n", \
129 (a_pVCpu)->hmr0.s.idEnteredCpu, RTMpCpuId()))
130#else
131# define HMVMX_ASSERT_PREEMPT_SAFE(a_pVCpu) do { } while (0)
132# define HMVMX_ASSERT_CPU_SAFE(a_pVCpu) do { } while (0)
133#endif
134
135/** Asserts that the given CPUMCTX_EXTRN_XXX bits are present in the guest-CPU
136 * context. */
137#define HMVMX_CPUMCTX_ASSERT(a_pVCpu, a_fExtrnMbz) AssertMsg(!((a_pVCpu)->cpum.GstCtx.fExtrn & (a_fExtrnMbz)), \
138 ("fExtrn=%#RX64 fExtrnMbz=%#RX64\n", \
139 (a_pVCpu)->cpum.GstCtx.fExtrn, (a_fExtrnMbz)))
140
141/** Log the VM-exit reason with an easily visible marker to identify it in a
142 * potential sea of logging data. */
143#define HMVMX_LOG_EXIT(a_pVCpu, a_uExitReason) \
144 do { \
145 Log4(("VM-exit: vcpu[%RU32] %85s -v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-\n", (a_pVCpu)->idCpu, \
146 HMGetVmxExitName(a_uExitReason))); \
147 } while (0) \
148
149
150/*********************************************************************************************************************************
151* Structures and Typedefs *
152*********************************************************************************************************************************/
153/**
154 * Memory operand read or write access.
155 */
156typedef enum VMXMEMACCESS
157{
158 VMXMEMACCESS_READ = 0,
159 VMXMEMACCESS_WRITE = 1
160} VMXMEMACCESS;
161
162
163/**
164 * VMX VM-exit handler.
165 *
166 * @returns Strict VBox status code (i.e. informational status codes too).
167 * @param pVCpu The cross context virtual CPU structure.
168 * @param pVmxTransient The VMX-transient structure.
169 */
170#ifndef HMVMX_USE_FUNCTION_TABLE
171typedef VBOXSTRICTRC FNVMXEXITHANDLER(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient);
172#else
173typedef DECLCALLBACKTYPE(VBOXSTRICTRC, FNVMXEXITHANDLER,(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient));
174/** Pointer to VM-exit handler. */
175typedef FNVMXEXITHANDLER *PFNVMXEXITHANDLER;
176#endif
177
178/**
179 * VMX VM-exit handler, non-strict status code.
180 *
181 * This is generally the same as FNVMXEXITHANDLER, the NSRC bit is just FYI.
182 *
183 * @returns VBox status code, no informational status code returned.
184 * @param pVCpu The cross context virtual CPU structure.
185 * @param pVmxTransient The VMX-transient structure.
186 *
187 * @remarks This is not used on anything returning VERR_EM_INTERPRETER as the
188 * use of that status code will be replaced with VINF_EM_SOMETHING
189 * later when switching over to IEM.
190 */
191#ifndef HMVMX_USE_FUNCTION_TABLE
192typedef int FNVMXEXITHANDLERNSRC(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient);
193#else
194typedef FNVMXEXITHANDLER FNVMXEXITHANDLERNSRC;
195#endif
196
197
198/*********************************************************************************************************************************
199* Internal Functions *
200*********************************************************************************************************************************/
201#ifndef HMVMX_USE_FUNCTION_TABLE
202DECLINLINE(VBOXSTRICTRC) vmxHCHandleExit(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient);
203# define HMVMX_EXIT_DECL DECLINLINE(VBOXSTRICTRC)
204# define HMVMX_EXIT_NSRC_DECL DECLINLINE(int)
205#else
206# define HMVMX_EXIT_DECL static DECLCALLBACK(VBOXSTRICTRC)
207# define HMVMX_EXIT_NSRC_DECL HMVMX_EXIT_DECL
208#endif
209#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
210DECLINLINE(VBOXSTRICTRC) vmxHCHandleExitNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient);
211#endif
212
213static int vmxHCImportGuestStateEx(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint64_t fWhat);
214
215/** @name VM-exit handler prototypes.
216 * @{
217 */
218static FNVMXEXITHANDLER vmxHCExitXcptOrNmi;
219static FNVMXEXITHANDLER vmxHCExitExtInt;
220static FNVMXEXITHANDLER vmxHCExitTripleFault;
221static FNVMXEXITHANDLERNSRC vmxHCExitIntWindow;
222static FNVMXEXITHANDLERNSRC vmxHCExitNmiWindow;
223static FNVMXEXITHANDLER vmxHCExitTaskSwitch;
224static FNVMXEXITHANDLER vmxHCExitCpuid;
225static FNVMXEXITHANDLER vmxHCExitGetsec;
226static FNVMXEXITHANDLER vmxHCExitHlt;
227static FNVMXEXITHANDLERNSRC vmxHCExitInvd;
228static FNVMXEXITHANDLER vmxHCExitInvlpg;
229static FNVMXEXITHANDLER vmxHCExitRdpmc;
230static FNVMXEXITHANDLER vmxHCExitVmcall;
231#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
232static FNVMXEXITHANDLER vmxHCExitVmclear;
233static FNVMXEXITHANDLER vmxHCExitVmlaunch;
234static FNVMXEXITHANDLER vmxHCExitVmptrld;
235static FNVMXEXITHANDLER vmxHCExitVmptrst;
236static FNVMXEXITHANDLER vmxHCExitVmread;
237static FNVMXEXITHANDLER vmxHCExitVmresume;
238static FNVMXEXITHANDLER vmxHCExitVmwrite;
239static FNVMXEXITHANDLER vmxHCExitVmxoff;
240static FNVMXEXITHANDLER vmxHCExitVmxon;
241static FNVMXEXITHANDLER vmxHCExitInvvpid;
242# ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
243static FNVMXEXITHANDLER vmxHCExitInvept;
244# endif
245#endif
246static FNVMXEXITHANDLER vmxHCExitRdtsc;
247static FNVMXEXITHANDLER vmxHCExitMovCRx;
248static FNVMXEXITHANDLER vmxHCExitMovDRx;
249static FNVMXEXITHANDLER vmxHCExitIoInstr;
250static FNVMXEXITHANDLER vmxHCExitRdmsr;
251static FNVMXEXITHANDLER vmxHCExitWrmsr;
252static FNVMXEXITHANDLER vmxHCExitMwait;
253static FNVMXEXITHANDLER vmxHCExitMtf;
254static FNVMXEXITHANDLER vmxHCExitMonitor;
255static FNVMXEXITHANDLER vmxHCExitPause;
256static FNVMXEXITHANDLERNSRC vmxHCExitTprBelowThreshold;
257static FNVMXEXITHANDLER vmxHCExitApicAccess;
258static FNVMXEXITHANDLER vmxHCExitEptViolation;
259static FNVMXEXITHANDLER vmxHCExitEptMisconfig;
260static FNVMXEXITHANDLER vmxHCExitRdtscp;
261static FNVMXEXITHANDLER vmxHCExitPreemptTimer;
262static FNVMXEXITHANDLERNSRC vmxHCExitWbinvd;
263static FNVMXEXITHANDLER vmxHCExitXsetbv;
264static FNVMXEXITHANDLER vmxHCExitInvpcid;
265#ifndef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
266static FNVMXEXITHANDLERNSRC vmxHCExitSetPendingXcptUD;
267#endif
268static FNVMXEXITHANDLERNSRC vmxHCExitErrInvalidGuestState;
269static FNVMXEXITHANDLERNSRC vmxHCExitErrUnexpected;
270/** @} */
271
272#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
273/** @name Nested-guest VM-exit handler prototypes.
274 * @{
275 */
276static FNVMXEXITHANDLER vmxHCExitXcptOrNmiNested;
277static FNVMXEXITHANDLER vmxHCExitTripleFaultNested;
278static FNVMXEXITHANDLERNSRC vmxHCExitIntWindowNested;
279static FNVMXEXITHANDLERNSRC vmxHCExitNmiWindowNested;
280static FNVMXEXITHANDLER vmxHCExitTaskSwitchNested;
281static FNVMXEXITHANDLER vmxHCExitHltNested;
282static FNVMXEXITHANDLER vmxHCExitInvlpgNested;
283static FNVMXEXITHANDLER vmxHCExitRdpmcNested;
284static FNVMXEXITHANDLER vmxHCExitVmreadVmwriteNested;
285static FNVMXEXITHANDLER vmxHCExitRdtscNested;
286static FNVMXEXITHANDLER vmxHCExitMovCRxNested;
287static FNVMXEXITHANDLER vmxHCExitMovDRxNested;
288static FNVMXEXITHANDLER vmxHCExitIoInstrNested;
289static FNVMXEXITHANDLER vmxHCExitRdmsrNested;
290static FNVMXEXITHANDLER vmxHCExitWrmsrNested;
291static FNVMXEXITHANDLER vmxHCExitMwaitNested;
292static FNVMXEXITHANDLER vmxHCExitMtfNested;
293static FNVMXEXITHANDLER vmxHCExitMonitorNested;
294static FNVMXEXITHANDLER vmxHCExitPauseNested;
295static FNVMXEXITHANDLERNSRC vmxHCExitTprBelowThresholdNested;
296static FNVMXEXITHANDLER vmxHCExitApicAccessNested;
297static FNVMXEXITHANDLER vmxHCExitApicWriteNested;
298static FNVMXEXITHANDLER vmxHCExitVirtEoiNested;
299static FNVMXEXITHANDLER vmxHCExitRdtscpNested;
300static FNVMXEXITHANDLERNSRC vmxHCExitWbinvdNested;
301static FNVMXEXITHANDLER vmxHCExitInvpcidNested;
302static FNVMXEXITHANDLERNSRC vmxHCExitErrInvalidGuestStateNested;
303static FNVMXEXITHANDLER vmxHCExitInstrNested;
304static FNVMXEXITHANDLER vmxHCExitInstrWithInfoNested;
305# ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
306static FNVMXEXITHANDLER vmxHCExitEptViolationNested;
307static FNVMXEXITHANDLER vmxHCExitEptMisconfigNested;
308# endif
309/** @} */
310#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
311
312
313/*********************************************************************************************************************************
314* Global Variables *
315*********************************************************************************************************************************/
316#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
317/**
318 * Array of all VMCS fields.
319 * Any fields added to the VT-x spec. should be added here.
320 *
321 * Currently only used to derive shadow VMCS fields for hardware-assisted execution
322 * of nested-guests.
323 */
324static const uint32_t g_aVmcsFields[] =
325{
326 /* 16-bit control fields. */
327 VMX_VMCS16_VPID,
328 VMX_VMCS16_POSTED_INT_NOTIFY_VECTOR,
329 VMX_VMCS16_EPTP_INDEX,
330 VMX_VMCS16_HLAT_PREFIX_SIZE,
331
332 /* 16-bit guest-state fields. */
333 VMX_VMCS16_GUEST_ES_SEL,
334 VMX_VMCS16_GUEST_CS_SEL,
335 VMX_VMCS16_GUEST_SS_SEL,
336 VMX_VMCS16_GUEST_DS_SEL,
337 VMX_VMCS16_GUEST_FS_SEL,
338 VMX_VMCS16_GUEST_GS_SEL,
339 VMX_VMCS16_GUEST_LDTR_SEL,
340 VMX_VMCS16_GUEST_TR_SEL,
341 VMX_VMCS16_GUEST_INTR_STATUS,
342 VMX_VMCS16_GUEST_PML_INDEX,
343
344 /* 16-bits host-state fields. */
345 VMX_VMCS16_HOST_ES_SEL,
346 VMX_VMCS16_HOST_CS_SEL,
347 VMX_VMCS16_HOST_SS_SEL,
348 VMX_VMCS16_HOST_DS_SEL,
349 VMX_VMCS16_HOST_FS_SEL,
350 VMX_VMCS16_HOST_GS_SEL,
351 VMX_VMCS16_HOST_TR_SEL,
352
353 /* 64-bit control fields. */
354 VMX_VMCS64_CTRL_IO_BITMAP_A_FULL,
355 VMX_VMCS64_CTRL_IO_BITMAP_A_HIGH,
356 VMX_VMCS64_CTRL_IO_BITMAP_B_FULL,
357 VMX_VMCS64_CTRL_IO_BITMAP_B_HIGH,
358 VMX_VMCS64_CTRL_MSR_BITMAP_FULL,
359 VMX_VMCS64_CTRL_MSR_BITMAP_HIGH,
360 VMX_VMCS64_CTRL_EXIT_MSR_STORE_FULL,
361 VMX_VMCS64_CTRL_EXIT_MSR_STORE_HIGH,
362 VMX_VMCS64_CTRL_EXIT_MSR_LOAD_FULL,
363 VMX_VMCS64_CTRL_EXIT_MSR_LOAD_HIGH,
364 VMX_VMCS64_CTRL_ENTRY_MSR_LOAD_FULL,
365 VMX_VMCS64_CTRL_ENTRY_MSR_LOAD_HIGH,
366 VMX_VMCS64_CTRL_EXEC_VMCS_PTR_FULL,
367 VMX_VMCS64_CTRL_EXEC_VMCS_PTR_HIGH,
368 VMX_VMCS64_CTRL_EXEC_PML_ADDR_FULL,
369 VMX_VMCS64_CTRL_EXEC_PML_ADDR_HIGH,
370 VMX_VMCS64_CTRL_TSC_OFFSET_FULL,
371 VMX_VMCS64_CTRL_TSC_OFFSET_HIGH,
372 VMX_VMCS64_CTRL_VIRT_APIC_PAGEADDR_FULL,
373 VMX_VMCS64_CTRL_VIRT_APIC_PAGEADDR_HIGH,
374 VMX_VMCS64_CTRL_APIC_ACCESSADDR_FULL,
375 VMX_VMCS64_CTRL_APIC_ACCESSADDR_HIGH,
376 VMX_VMCS64_CTRL_POSTED_INTR_DESC_FULL,
377 VMX_VMCS64_CTRL_POSTED_INTR_DESC_HIGH,
378 VMX_VMCS64_CTRL_VMFUNC_CTRLS_FULL,
379 VMX_VMCS64_CTRL_VMFUNC_CTRLS_HIGH,
380 VMX_VMCS64_CTRL_EPTP_FULL,
381 VMX_VMCS64_CTRL_EPTP_HIGH,
382 VMX_VMCS64_CTRL_EOI_BITMAP_0_FULL,
383 VMX_VMCS64_CTRL_EOI_BITMAP_0_HIGH,
384 VMX_VMCS64_CTRL_EOI_BITMAP_1_FULL,
385 VMX_VMCS64_CTRL_EOI_BITMAP_1_HIGH,
386 VMX_VMCS64_CTRL_EOI_BITMAP_2_FULL,
387 VMX_VMCS64_CTRL_EOI_BITMAP_2_HIGH,
388 VMX_VMCS64_CTRL_EOI_BITMAP_3_FULL,
389 VMX_VMCS64_CTRL_EOI_BITMAP_3_HIGH,
390 VMX_VMCS64_CTRL_EPTP_LIST_FULL,
391 VMX_VMCS64_CTRL_EPTP_LIST_HIGH,
392 VMX_VMCS64_CTRL_VMREAD_BITMAP_FULL,
393 VMX_VMCS64_CTRL_VMREAD_BITMAP_HIGH,
394 VMX_VMCS64_CTRL_VMWRITE_BITMAP_FULL,
395 VMX_VMCS64_CTRL_VMWRITE_BITMAP_HIGH,
396 VMX_VMCS64_CTRL_VE_XCPT_INFO_ADDR_FULL,
397 VMX_VMCS64_CTRL_VE_XCPT_INFO_ADDR_HIGH,
398 VMX_VMCS64_CTRL_XSS_EXITING_BITMAP_FULL,
399 VMX_VMCS64_CTRL_XSS_EXITING_BITMAP_HIGH,
400 VMX_VMCS64_CTRL_ENCLS_EXITING_BITMAP_FULL,
401 VMX_VMCS64_CTRL_ENCLS_EXITING_BITMAP_HIGH,
402 VMX_VMCS64_CTRL_SPPTP_FULL,
403 VMX_VMCS64_CTRL_SPPTP_HIGH,
404 VMX_VMCS64_CTRL_TSC_MULTIPLIER_FULL,
405 VMX_VMCS64_CTRL_TSC_MULTIPLIER_HIGH,
406 VMX_VMCS64_CTRL_PROC_EXEC3_FULL,
407 VMX_VMCS64_CTRL_PROC_EXEC3_HIGH,
408 VMX_VMCS64_CTRL_ENCLV_EXITING_BITMAP_FULL,
409 VMX_VMCS64_CTRL_ENCLV_EXITING_BITMAP_HIGH,
410 VMX_VMCS64_CTRL_PCONFIG_EXITING_BITMAP_FULL,
411 VMX_VMCS64_CTRL_PCONFIG_EXITING_BITMAP_HIGH,
412 VMX_VMCS64_CTRL_HLAT_PTR_FULL,
413 VMX_VMCS64_CTRL_HLAT_PTR_HIGH,
414 VMX_VMCS64_CTRL_EXIT2_FULL,
415 VMX_VMCS64_CTRL_EXIT2_HIGH,
416
417 /* 64-bit read-only data fields. */
418 VMX_VMCS64_RO_GUEST_PHYS_ADDR_FULL,
419 VMX_VMCS64_RO_GUEST_PHYS_ADDR_HIGH,
420
421 /* 64-bit guest-state fields. */
422 VMX_VMCS64_GUEST_VMCS_LINK_PTR_FULL,
423 VMX_VMCS64_GUEST_VMCS_LINK_PTR_HIGH,
424 VMX_VMCS64_GUEST_DEBUGCTL_FULL,
425 VMX_VMCS64_GUEST_DEBUGCTL_HIGH,
426 VMX_VMCS64_GUEST_PAT_FULL,
427 VMX_VMCS64_GUEST_PAT_HIGH,
428 VMX_VMCS64_GUEST_EFER_FULL,
429 VMX_VMCS64_GUEST_EFER_HIGH,
430 VMX_VMCS64_GUEST_PERF_GLOBAL_CTRL_FULL,
431 VMX_VMCS64_GUEST_PERF_GLOBAL_CTRL_HIGH,
432 VMX_VMCS64_GUEST_PDPTE0_FULL,
433 VMX_VMCS64_GUEST_PDPTE0_HIGH,
434 VMX_VMCS64_GUEST_PDPTE1_FULL,
435 VMX_VMCS64_GUEST_PDPTE1_HIGH,
436 VMX_VMCS64_GUEST_PDPTE2_FULL,
437 VMX_VMCS64_GUEST_PDPTE2_HIGH,
438 VMX_VMCS64_GUEST_PDPTE3_FULL,
439 VMX_VMCS64_GUEST_PDPTE3_HIGH,
440 VMX_VMCS64_GUEST_BNDCFGS_FULL,
441 VMX_VMCS64_GUEST_BNDCFGS_HIGH,
442 VMX_VMCS64_GUEST_RTIT_CTL_FULL,
443 VMX_VMCS64_GUEST_RTIT_CTL_HIGH,
444 VMX_VMCS64_GUEST_PKRS_FULL,
445 VMX_VMCS64_GUEST_PKRS_HIGH,
446
447 /* 64-bit host-state fields. */
448 VMX_VMCS64_HOST_PAT_FULL,
449 VMX_VMCS64_HOST_PAT_HIGH,
450 VMX_VMCS64_HOST_EFER_FULL,
451 VMX_VMCS64_HOST_EFER_HIGH,
452 VMX_VMCS64_HOST_PERF_GLOBAL_CTRL_FULL,
453 VMX_VMCS64_HOST_PERF_GLOBAL_CTRL_HIGH,
454 VMX_VMCS64_HOST_PKRS_FULL,
455 VMX_VMCS64_HOST_PKRS_HIGH,
456
457 /* 32-bit control fields. */
458 VMX_VMCS32_CTRL_PIN_EXEC,
459 VMX_VMCS32_CTRL_PROC_EXEC,
460 VMX_VMCS32_CTRL_EXCEPTION_BITMAP,
461 VMX_VMCS32_CTRL_PAGEFAULT_ERROR_MASK,
462 VMX_VMCS32_CTRL_PAGEFAULT_ERROR_MATCH,
463 VMX_VMCS32_CTRL_CR3_TARGET_COUNT,
464 VMX_VMCS32_CTRL_EXIT,
465 VMX_VMCS32_CTRL_EXIT_MSR_STORE_COUNT,
466 VMX_VMCS32_CTRL_EXIT_MSR_LOAD_COUNT,
467 VMX_VMCS32_CTRL_ENTRY,
468 VMX_VMCS32_CTRL_ENTRY_MSR_LOAD_COUNT,
469 VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO,
470 VMX_VMCS32_CTRL_ENTRY_EXCEPTION_ERRCODE,
471 VMX_VMCS32_CTRL_ENTRY_INSTR_LENGTH,
472 VMX_VMCS32_CTRL_TPR_THRESHOLD,
473 VMX_VMCS32_CTRL_PROC_EXEC2,
474 VMX_VMCS32_CTRL_PLE_GAP,
475 VMX_VMCS32_CTRL_PLE_WINDOW,
476
477 /* 32-bits read-only fields. */
478 VMX_VMCS32_RO_VM_INSTR_ERROR,
479 VMX_VMCS32_RO_EXIT_REASON,
480 VMX_VMCS32_RO_EXIT_INTERRUPTION_INFO,
481 VMX_VMCS32_RO_EXIT_INTERRUPTION_ERROR_CODE,
482 VMX_VMCS32_RO_IDT_VECTORING_INFO,
483 VMX_VMCS32_RO_IDT_VECTORING_ERROR_CODE,
484 VMX_VMCS32_RO_EXIT_INSTR_LENGTH,
485 VMX_VMCS32_RO_EXIT_INSTR_INFO,
486
487 /* 32-bit guest-state fields. */
488 VMX_VMCS32_GUEST_ES_LIMIT,
489 VMX_VMCS32_GUEST_CS_LIMIT,
490 VMX_VMCS32_GUEST_SS_LIMIT,
491 VMX_VMCS32_GUEST_DS_LIMIT,
492 VMX_VMCS32_GUEST_FS_LIMIT,
493 VMX_VMCS32_GUEST_GS_LIMIT,
494 VMX_VMCS32_GUEST_LDTR_LIMIT,
495 VMX_VMCS32_GUEST_TR_LIMIT,
496 VMX_VMCS32_GUEST_GDTR_LIMIT,
497 VMX_VMCS32_GUEST_IDTR_LIMIT,
498 VMX_VMCS32_GUEST_ES_ACCESS_RIGHTS,
499 VMX_VMCS32_GUEST_CS_ACCESS_RIGHTS,
500 VMX_VMCS32_GUEST_SS_ACCESS_RIGHTS,
501 VMX_VMCS32_GUEST_DS_ACCESS_RIGHTS,
502 VMX_VMCS32_GUEST_FS_ACCESS_RIGHTS,
503 VMX_VMCS32_GUEST_GS_ACCESS_RIGHTS,
504 VMX_VMCS32_GUEST_LDTR_ACCESS_RIGHTS,
505 VMX_VMCS32_GUEST_TR_ACCESS_RIGHTS,
506 VMX_VMCS32_GUEST_INT_STATE,
507 VMX_VMCS32_GUEST_ACTIVITY_STATE,
508 VMX_VMCS32_GUEST_SMBASE,
509 VMX_VMCS32_GUEST_SYSENTER_CS,
510 VMX_VMCS32_PREEMPT_TIMER_VALUE,
511
512 /* 32-bit host-state fields. */
513 VMX_VMCS32_HOST_SYSENTER_CS,
514
515 /* Natural-width control fields. */
516 VMX_VMCS_CTRL_CR0_MASK,
517 VMX_VMCS_CTRL_CR4_MASK,
518 VMX_VMCS_CTRL_CR0_READ_SHADOW,
519 VMX_VMCS_CTRL_CR4_READ_SHADOW,
520 VMX_VMCS_CTRL_CR3_TARGET_VAL0,
521 VMX_VMCS_CTRL_CR3_TARGET_VAL1,
522 VMX_VMCS_CTRL_CR3_TARGET_VAL2,
523 VMX_VMCS_CTRL_CR3_TARGET_VAL3,
524
525 /* Natural-width read-only data fields. */
526 VMX_VMCS_RO_EXIT_QUALIFICATION,
527 VMX_VMCS_RO_IO_RCX,
528 VMX_VMCS_RO_IO_RSI,
529 VMX_VMCS_RO_IO_RDI,
530 VMX_VMCS_RO_IO_RIP,
531 VMX_VMCS_RO_GUEST_LINEAR_ADDR,
532
533 /* Natural-width guest-state field */
534 VMX_VMCS_GUEST_CR0,
535 VMX_VMCS_GUEST_CR3,
536 VMX_VMCS_GUEST_CR4,
537 VMX_VMCS_GUEST_ES_BASE,
538 VMX_VMCS_GUEST_CS_BASE,
539 VMX_VMCS_GUEST_SS_BASE,
540 VMX_VMCS_GUEST_DS_BASE,
541 VMX_VMCS_GUEST_FS_BASE,
542 VMX_VMCS_GUEST_GS_BASE,
543 VMX_VMCS_GUEST_LDTR_BASE,
544 VMX_VMCS_GUEST_TR_BASE,
545 VMX_VMCS_GUEST_GDTR_BASE,
546 VMX_VMCS_GUEST_IDTR_BASE,
547 VMX_VMCS_GUEST_DR7,
548 VMX_VMCS_GUEST_RSP,
549 VMX_VMCS_GUEST_RIP,
550 VMX_VMCS_GUEST_RFLAGS,
551 VMX_VMCS_GUEST_PENDING_DEBUG_XCPTS,
552 VMX_VMCS_GUEST_SYSENTER_ESP,
553 VMX_VMCS_GUEST_SYSENTER_EIP,
554 VMX_VMCS_GUEST_S_CET,
555 VMX_VMCS_GUEST_SSP,
556 VMX_VMCS_GUEST_INTR_SSP_TABLE_ADDR,
557
558 /* Natural-width host-state fields */
559 VMX_VMCS_HOST_CR0,
560 VMX_VMCS_HOST_CR3,
561 VMX_VMCS_HOST_CR4,
562 VMX_VMCS_HOST_FS_BASE,
563 VMX_VMCS_HOST_GS_BASE,
564 VMX_VMCS_HOST_TR_BASE,
565 VMX_VMCS_HOST_GDTR_BASE,
566 VMX_VMCS_HOST_IDTR_BASE,
567 VMX_VMCS_HOST_SYSENTER_ESP,
568 VMX_VMCS_HOST_SYSENTER_EIP,
569 VMX_VMCS_HOST_RSP,
570 VMX_VMCS_HOST_RIP,
571 VMX_VMCS_HOST_S_CET,
572 VMX_VMCS_HOST_SSP,
573 VMX_VMCS_HOST_INTR_SSP_TABLE_ADDR
574};
575#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
576
577#ifdef HMVMX_USE_FUNCTION_TABLE
578/**
579 * VMX_EXIT dispatch table.
580 */
581static const struct CLANG11NOTHROWWEIRDNESS { PFNVMXEXITHANDLER pfn; } g_aVMExitHandlers[VMX_EXIT_MAX + 1] =
582{
583 /* 0 VMX_EXIT_XCPT_OR_NMI */ { vmxHCExitXcptOrNmi },
584 /* 1 VMX_EXIT_EXT_INT */ { vmxHCExitExtInt },
585 /* 2 VMX_EXIT_TRIPLE_FAULT */ { vmxHCExitTripleFault },
586 /* 3 VMX_EXIT_INIT_SIGNAL */ { vmxHCExitErrUnexpected },
587 /* 4 VMX_EXIT_SIPI */ { vmxHCExitErrUnexpected },
588 /* 5 VMX_EXIT_IO_SMI */ { vmxHCExitErrUnexpected },
589 /* 6 VMX_EXIT_SMI */ { vmxHCExitErrUnexpected },
590 /* 7 VMX_EXIT_INT_WINDOW */ { vmxHCExitIntWindow },
591 /* 8 VMX_EXIT_NMI_WINDOW */ { vmxHCExitNmiWindow },
592 /* 9 VMX_EXIT_TASK_SWITCH */ { vmxHCExitTaskSwitch },
593 /* 10 VMX_EXIT_CPUID */ { vmxHCExitCpuid },
594 /* 11 VMX_EXIT_GETSEC */ { vmxHCExitGetsec },
595 /* 12 VMX_EXIT_HLT */ { vmxHCExitHlt },
596 /* 13 VMX_EXIT_INVD */ { vmxHCExitInvd },
597 /* 14 VMX_EXIT_INVLPG */ { vmxHCExitInvlpg },
598 /* 15 VMX_EXIT_RDPMC */ { vmxHCExitRdpmc },
599 /* 16 VMX_EXIT_RDTSC */ { vmxHCExitRdtsc },
600 /* 17 VMX_EXIT_RSM */ { vmxHCExitErrUnexpected },
601 /* 18 VMX_EXIT_VMCALL */ { vmxHCExitVmcall },
602#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
603 /* 19 VMX_EXIT_VMCLEAR */ { vmxHCExitVmclear },
604 /* 20 VMX_EXIT_VMLAUNCH */ { vmxHCExitVmlaunch },
605 /* 21 VMX_EXIT_VMPTRLD */ { vmxHCExitVmptrld },
606 /* 22 VMX_EXIT_VMPTRST */ { vmxHCExitVmptrst },
607 /* 23 VMX_EXIT_VMREAD */ { vmxHCExitVmread },
608 /* 24 VMX_EXIT_VMRESUME */ { vmxHCExitVmresume },
609 /* 25 VMX_EXIT_VMWRITE */ { vmxHCExitVmwrite },
610 /* 26 VMX_EXIT_VMXOFF */ { vmxHCExitVmxoff },
611 /* 27 VMX_EXIT_VMXON */ { vmxHCExitVmxon },
612#else
613 /* 19 VMX_EXIT_VMCLEAR */ { vmxHCExitSetPendingXcptUD },
614 /* 20 VMX_EXIT_VMLAUNCH */ { vmxHCExitSetPendingXcptUD },
615 /* 21 VMX_EXIT_VMPTRLD */ { vmxHCExitSetPendingXcptUD },
616 /* 22 VMX_EXIT_VMPTRST */ { vmxHCExitSetPendingXcptUD },
617 /* 23 VMX_EXIT_VMREAD */ { vmxHCExitSetPendingXcptUD },
618 /* 24 VMX_EXIT_VMRESUME */ { vmxHCExitSetPendingXcptUD },
619 /* 25 VMX_EXIT_VMWRITE */ { vmxHCExitSetPendingXcptUD },
620 /* 26 VMX_EXIT_VMXOFF */ { vmxHCExitSetPendingXcptUD },
621 /* 27 VMX_EXIT_VMXON */ { vmxHCExitSetPendingXcptUD },
622#endif
623 /* 28 VMX_EXIT_MOV_CRX */ { vmxHCExitMovCRx },
624 /* 29 VMX_EXIT_MOV_DRX */ { vmxHCExitMovDRx },
625 /* 30 VMX_EXIT_IO_INSTR */ { vmxHCExitIoInstr },
626 /* 31 VMX_EXIT_RDMSR */ { vmxHCExitRdmsr },
627 /* 32 VMX_EXIT_WRMSR */ { vmxHCExitWrmsr },
628 /* 33 VMX_EXIT_ERR_INVALID_GUEST_STATE */ { vmxHCExitErrInvalidGuestState },
629 /* 34 VMX_EXIT_ERR_MSR_LOAD */ { vmxHCExitErrUnexpected },
630 /* 35 UNDEFINED */ { vmxHCExitErrUnexpected },
631 /* 36 VMX_EXIT_MWAIT */ { vmxHCExitMwait },
632 /* 37 VMX_EXIT_MTF */ { vmxHCExitMtf },
633 /* 38 UNDEFINED */ { vmxHCExitErrUnexpected },
634 /* 39 VMX_EXIT_MONITOR */ { vmxHCExitMonitor },
635 /* 40 VMX_EXIT_PAUSE */ { vmxHCExitPause },
636 /* 41 VMX_EXIT_ERR_MACHINE_CHECK */ { vmxHCExitErrUnexpected },
637 /* 42 UNDEFINED */ { vmxHCExitErrUnexpected },
638 /* 43 VMX_EXIT_TPR_BELOW_THRESHOLD */ { vmxHCExitTprBelowThreshold },
639 /* 44 VMX_EXIT_APIC_ACCESS */ { vmxHCExitApicAccess },
640 /* 45 VMX_EXIT_VIRTUALIZED_EOI */ { vmxHCExitErrUnexpected },
641 /* 46 VMX_EXIT_GDTR_IDTR_ACCESS */ { vmxHCExitErrUnexpected },
642 /* 47 VMX_EXIT_LDTR_TR_ACCESS */ { vmxHCExitErrUnexpected },
643 /* 48 VMX_EXIT_EPT_VIOLATION */ { vmxHCExitEptViolation },
644 /* 49 VMX_EXIT_EPT_MISCONFIG */ { vmxHCExitEptMisconfig },
645#ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
646 /* 50 VMX_EXIT_INVEPT */ { vmxHCExitInvept },
647#else
648 /* 50 VMX_EXIT_INVEPT */ { vmxHCExitSetPendingXcptUD },
649#endif
650 /* 51 VMX_EXIT_RDTSCP */ { vmxHCExitRdtscp },
651 /* 52 VMX_EXIT_PREEMPT_TIMER */ { vmxHCExitPreemptTimer },
652#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
653 /* 53 VMX_EXIT_INVVPID */ { vmxHCExitInvvpid },
654#else
655 /* 53 VMX_EXIT_INVVPID */ { vmxHCExitSetPendingXcptUD },
656#endif
657 /* 54 VMX_EXIT_WBINVD */ { vmxHCExitWbinvd },
658 /* 55 VMX_EXIT_XSETBV */ { vmxHCExitXsetbv },
659 /* 56 VMX_EXIT_APIC_WRITE */ { vmxHCExitErrUnexpected },
660 /* 57 VMX_EXIT_RDRAND */ { vmxHCExitErrUnexpected },
661 /* 58 VMX_EXIT_INVPCID */ { vmxHCExitInvpcid },
662 /* 59 VMX_EXIT_VMFUNC */ { vmxHCExitErrUnexpected },
663 /* 60 VMX_EXIT_ENCLS */ { vmxHCExitErrUnexpected },
664 /* 61 VMX_EXIT_RDSEED */ { vmxHCExitErrUnexpected },
665 /* 62 VMX_EXIT_PML_FULL */ { vmxHCExitErrUnexpected },
666 /* 63 VMX_EXIT_XSAVES */ { vmxHCExitErrUnexpected },
667 /* 64 VMX_EXIT_XRSTORS */ { vmxHCExitErrUnexpected },
668 /* 65 UNDEFINED */ { vmxHCExitErrUnexpected },
669 /* 66 VMX_EXIT_SPP_EVENT */ { vmxHCExitErrUnexpected },
670 /* 67 VMX_EXIT_UMWAIT */ { vmxHCExitErrUnexpected },
671 /* 68 VMX_EXIT_TPAUSE */ { vmxHCExitErrUnexpected },
672 /* 69 VMX_EXIT_LOADIWKEY */ { vmxHCExitErrUnexpected },
673};
674#endif /* HMVMX_USE_FUNCTION_TABLE */
675
676#if defined(VBOX_STRICT) && defined(LOG_ENABLED)
677static const char * const g_apszVmxInstrErrors[HMVMX_INSTR_ERROR_MAX + 1] =
678{
679 /* 0 */ "(Not Used)",
680 /* 1 */ "VMCALL executed in VMX root operation.",
681 /* 2 */ "VMCLEAR with invalid physical address.",
682 /* 3 */ "VMCLEAR with VMXON pointer.",
683 /* 4 */ "VMLAUNCH with non-clear VMCS.",
684 /* 5 */ "VMRESUME with non-launched VMCS.",
685 /* 6 */ "VMRESUME after VMXOFF",
686 /* 7 */ "VM-entry with invalid control fields.",
687 /* 8 */ "VM-entry with invalid host state fields.",
688 /* 9 */ "VMPTRLD with invalid physical address.",
689 /* 10 */ "VMPTRLD with VMXON pointer.",
690 /* 11 */ "VMPTRLD with incorrect revision identifier.",
691 /* 12 */ "VMREAD/VMWRITE from/to unsupported VMCS component.",
692 /* 13 */ "VMWRITE to read-only VMCS component.",
693 /* 14 */ "(Not Used)",
694 /* 15 */ "VMXON executed in VMX root operation.",
695 /* 16 */ "VM-entry with invalid executive-VMCS pointer.",
696 /* 17 */ "VM-entry with non-launched executing VMCS.",
697 /* 18 */ "VM-entry with executive-VMCS pointer not VMXON pointer.",
698 /* 19 */ "VMCALL with non-clear VMCS.",
699 /* 20 */ "VMCALL with invalid VM-exit control fields.",
700 /* 21 */ "(Not Used)",
701 /* 22 */ "VMCALL with incorrect MSEG revision identifier.",
702 /* 23 */ "VMXOFF under dual monitor treatment of SMIs and SMM.",
703 /* 24 */ "VMCALL with invalid SMM-monitor features.",
704 /* 25 */ "VM-entry with invalid VM-execution control fields in executive VMCS.",
705 /* 26 */ "VM-entry with events blocked by MOV SS.",
706 /* 27 */ "(Not Used)",
707 /* 28 */ "Invalid operand to INVEPT/INVVPID."
708};
709#endif /* VBOX_STRICT && LOG_ENABLED */
710
711
712/**
713 * Gets the CR0 guest/host mask.
714 *
715 * These bits typically does not change through the lifetime of a VM. Any bit set in
716 * this mask is owned by the host/hypervisor and would cause a VM-exit when modified
717 * by the guest.
718 *
719 * @returns The CR0 guest/host mask.
720 * @param pVCpu The cross context virtual CPU structure.
721 */
722static uint64_t vmxHCGetFixedCr0Mask(PCVMCPUCC pVCpu)
723{
724 /*
725 * Modifications to CR0 bits that VT-x ignores saving/restoring (CD, ET, NW) and
726 * to CR0 bits that we require for shadow paging (PG) by the guest must cause VM-exits.
727 *
728 * Furthermore, modifications to any bits that are reserved/unspecified currently
729 * by the Intel spec. must also cause a VM-exit. This prevents unpredictable behavior
730 * when future CPUs specify and use currently reserved/unspecified bits.
731 */
732 /** @todo Avoid intercepting CR0.PE with unrestricted guest execution. Fix PGM
733 * enmGuestMode to be in-sync with the current mode. See @bugref{6398}
734 * and @bugref{6944}. */
735 PCVMCC pVM = pVCpu->CTX_SUFF(pVM);
736 AssertCompile(RT_HI_U32(VMX_EXIT_HOST_CR0_IGNORE_MASK) == UINT32_C(0xffffffff)); /* Paranoia. */
737 return ( X86_CR0_PE
738 | X86_CR0_NE
739 | (VM_IS_VMX_NESTED_PAGING(pVM) ? 0 : X86_CR0_WP)
740 | X86_CR0_PG
741 | VMX_EXIT_HOST_CR0_IGNORE_MASK);
742}
743
744
745/**
746 * Gets the CR4 guest/host mask.
747 *
748 * These bits typically does not change through the lifetime of a VM. Any bit set in
749 * this mask is owned by the host/hypervisor and would cause a VM-exit when modified
750 * by the guest.
751 *
752 * @returns The CR4 guest/host mask.
753 * @param pVCpu The cross context virtual CPU structure.
754 */
755static uint64_t vmxHCGetFixedCr4Mask(PCVMCPUCC pVCpu)
756{
757 /*
758 * We construct a mask of all CR4 bits that the guest can modify without causing
759 * a VM-exit. Then invert this mask to obtain all CR4 bits that should cause
760 * a VM-exit when the guest attempts to modify them when executing using
761 * hardware-assisted VMX.
762 *
763 * When a feature is not exposed to the guest (and may be present on the host),
764 * we want to intercept guest modifications to the bit so we can emulate proper
765 * behavior (e.g., #GP).
766 *
767 * Furthermore, only modifications to those bits that don't require immediate
768 * emulation is allowed. For e.g., PCIDE is excluded because the behavior
769 * depends on CR3 which might not always be the guest value while executing
770 * using hardware-assisted VMX.
771 */
772 PCVMCC pVM = pVCpu->CTX_SUFF(pVM);
773 bool fFsGsBase = pVM->cpum.ro.GuestFeatures.fFsGsBase;
774#ifdef IN_NEM_DARWIN
775 bool fXSaveRstor = pVM->cpum.ro.GuestFeatures.fXSaveRstor;
776#endif
777 bool fFxSaveRstor = pVM->cpum.ro.GuestFeatures.fFxSaveRstor;
778
779 /*
780 * Paranoia.
781 * Ensure features exposed to the guest are present on the host.
782 */
783 AssertStmt(!fFsGsBase || g_CpumHostFeatures.s.fFsGsBase, fFsGsBase = 0);
784#ifdef IN_NEM_DARWIN
785 AssertStmt(!fXSaveRstor || g_CpumHostFeatures.s.fXSaveRstor, fXSaveRstor = 0);
786#endif
787 AssertStmt(!fFxSaveRstor || g_CpumHostFeatures.s.fFxSaveRstor, fFxSaveRstor = 0);
788
789 uint64_t const fGstMask = X86_CR4_PVI
790 | X86_CR4_TSD
791 | X86_CR4_DE
792 | X86_CR4_MCE
793 | X86_CR4_PCE
794 | X86_CR4_OSXMMEEXCPT
795 | (fFsGsBase ? X86_CR4_FSGSBASE : 0)
796#ifdef IN_NEM_DARWIN /* On native VT-x setting OSXSAVE must exit as we need to load guest XCR0 (see
797 fLoadSaveGuestXcr0). These exits are not needed on Darwin as that's not our problem. */
798 | (fXSaveRstor ? X86_CR4_OSXSAVE : 0)
799#endif
800 | (fFxSaveRstor ? X86_CR4_OSFXSR : 0);
801 return ~fGstMask;
802}
803
804
805/**
806 * Adds one or more exceptions to the exception bitmap and commits it to the current
807 * VMCS.
808 *
809 * @param pVCpu The cross context virtual CPU structure.
810 * @param pVmxTransient The VMX-transient structure.
811 * @param uXcptMask The exception(s) to add.
812 */
813static void vmxHCAddXcptInterceptMask(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient, uint32_t uXcptMask)
814{
815 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
816 uint32_t uXcptBitmap = pVmcsInfo->u32XcptBitmap;
817 if ((uXcptBitmap & uXcptMask) != uXcptMask)
818 {
819 uXcptBitmap |= uXcptMask;
820 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_EXCEPTION_BITMAP, uXcptBitmap);
821 AssertRC(rc);
822 pVmcsInfo->u32XcptBitmap = uXcptBitmap;
823 }
824}
825
826
827/**
828 * Adds an exception to the exception bitmap and commits it to the current VMCS.
829 *
830 * @param pVCpu The cross context virtual CPU structure.
831 * @param pVmxTransient The VMX-transient structure.
832 * @param uXcpt The exception to add.
833 */
834static void vmxHCAddXcptIntercept(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient, uint8_t uXcpt)
835{
836 Assert(uXcpt <= X86_XCPT_LAST);
837 vmxHCAddXcptInterceptMask(pVCpu, pVmxTransient, RT_BIT_32(uXcpt));
838}
839
840
841/**
842 * Remove one or more exceptions from the exception bitmap and commits it to the
843 * current VMCS.
844 *
845 * This takes care of not removing the exception intercept if a nested-guest
846 * requires the exception to be intercepted.
847 *
848 * @returns VBox status code.
849 * @param pVCpu The cross context virtual CPU structure.
850 * @param pVmxTransient The VMX-transient structure.
851 * @param uXcptMask The exception(s) to remove.
852 */
853static int vmxHCRemoveXcptInterceptMask(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient, uint32_t uXcptMask)
854{
855 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
856 uint32_t uXcptBitmap = pVmcsInfo->u32XcptBitmap;
857 if (uXcptBitmap & uXcptMask)
858 {
859#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
860 if (!pVmxTransient->fIsNestedGuest)
861 { /* likely */ }
862 else
863 uXcptMask &= ~pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs.u32XcptBitmap;
864#endif
865#ifdef HMVMX_ALWAYS_TRAP_ALL_XCPTS
866 uXcptMask &= ~( RT_BIT(X86_XCPT_BP)
867 | RT_BIT(X86_XCPT_DE)
868 | RT_BIT(X86_XCPT_NM)
869 | RT_BIT(X86_XCPT_TS)
870 | RT_BIT(X86_XCPT_UD)
871 | RT_BIT(X86_XCPT_NP)
872 | RT_BIT(X86_XCPT_SS)
873 | RT_BIT(X86_XCPT_GP)
874 | RT_BIT(X86_XCPT_PF)
875 | RT_BIT(X86_XCPT_MF));
876#elif defined(HMVMX_ALWAYS_TRAP_PF)
877 uXcptMask &= ~RT_BIT(X86_XCPT_PF);
878#endif
879 if (uXcptMask)
880 {
881 /* Validate we are not removing any essential exception intercepts. */
882#ifndef IN_NEM_DARWIN
883 Assert(pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging || !(uXcptMask & RT_BIT(X86_XCPT_PF)));
884#else
885 Assert(!(uXcptMask & RT_BIT(X86_XCPT_PF)));
886#endif
887 NOREF(pVCpu);
888 Assert(!(uXcptMask & RT_BIT(X86_XCPT_DB)));
889 Assert(!(uXcptMask & RT_BIT(X86_XCPT_AC)));
890
891 /* Remove it from the exception bitmap. */
892 uXcptBitmap &= ~uXcptMask;
893
894 /* Commit and update the cache if necessary. */
895 if (pVmcsInfo->u32XcptBitmap != uXcptBitmap)
896 {
897 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_EXCEPTION_BITMAP, uXcptBitmap);
898 AssertRC(rc);
899 pVmcsInfo->u32XcptBitmap = uXcptBitmap;
900 }
901 }
902 }
903 return VINF_SUCCESS;
904}
905
906
907/**
908 * Remove an exceptions from the exception bitmap and commits it to the current
909 * VMCS.
910 *
911 * @returns VBox status code.
912 * @param pVCpu The cross context virtual CPU structure.
913 * @param pVmxTransient The VMX-transient structure.
914 * @param uXcpt The exception to remove.
915 */
916static int vmxHCRemoveXcptIntercept(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient, uint8_t uXcpt)
917{
918 return vmxHCRemoveXcptInterceptMask(pVCpu, pVmxTransient, RT_BIT(uXcpt));
919}
920
921#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
922
923/**
924 * Loads the shadow VMCS specified by the VMCS info. object.
925 *
926 * @returns VBox status code.
927 * @param pVmcsInfo The VMCS info. object.
928 *
929 * @remarks Can be called with interrupts disabled.
930 */
931static int vmxHCLoadShadowVmcs(PVMXVMCSINFO pVmcsInfo)
932{
933 Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
934 Assert(pVmcsInfo->HCPhysShadowVmcs != 0 && pVmcsInfo->HCPhysShadowVmcs != NIL_RTHCPHYS);
935
936 int rc = VMXLoadVmcs(pVmcsInfo->HCPhysShadowVmcs);
937 if (RT_SUCCESS(rc))
938 pVmcsInfo->fShadowVmcsState |= VMX_V_VMCS_LAUNCH_STATE_CURRENT;
939 return rc;
940}
941
942
943/**
944 * Clears the shadow VMCS specified by the VMCS info. object.
945 *
946 * @returns VBox status code.
947 * @param pVmcsInfo The VMCS info. object.
948 *
949 * @remarks Can be called with interrupts disabled.
950 */
951static int vmxHCClearShadowVmcs(PVMXVMCSINFO pVmcsInfo)
952{
953 Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
954 Assert(pVmcsInfo->HCPhysShadowVmcs != 0 && pVmcsInfo->HCPhysShadowVmcs != NIL_RTHCPHYS);
955
956 int rc = VMXClearVmcs(pVmcsInfo->HCPhysShadowVmcs);
957 if (RT_SUCCESS(rc))
958 pVmcsInfo->fShadowVmcsState = VMX_V_VMCS_LAUNCH_STATE_CLEAR;
959 return rc;
960}
961
962
963/**
964 * Switches from and to the specified VMCSes.
965 *
966 * @returns VBox status code.
967 * @param pVmcsInfoFrom The VMCS info. object we are switching from.
968 * @param pVmcsInfoTo The VMCS info. object we are switching to.
969 *
970 * @remarks Called with interrupts disabled.
971 */
972static int vmxHCSwitchVmcs(PVMXVMCSINFO pVmcsInfoFrom, PVMXVMCSINFO pVmcsInfoTo)
973{
974 /*
975 * Clear the VMCS we are switching out if it has not already been cleared.
976 * This will sync any CPU internal data back to the VMCS.
977 */
978 if (pVmcsInfoFrom->fVmcsState != VMX_V_VMCS_LAUNCH_STATE_CLEAR)
979 {
980 int rc = hmR0VmxClearVmcs(pVmcsInfoFrom);
981 if (RT_SUCCESS(rc))
982 {
983 /*
984 * The shadow VMCS, if any, would not be active at this point since we
985 * would have cleared it while importing the virtual hardware-virtualization
986 * state as part the VMLAUNCH/VMRESUME VM-exit. Hence, there's no need to
987 * clear the shadow VMCS here, just assert for safety.
988 */
989 Assert(!pVmcsInfoFrom->pvShadowVmcs || pVmcsInfoFrom->fShadowVmcsState == VMX_V_VMCS_LAUNCH_STATE_CLEAR);
990 }
991 else
992 return rc;
993 }
994
995 /*
996 * Clear the VMCS we are switching to if it has not already been cleared.
997 * This will initialize the VMCS launch state to "clear" required for loading it.
998 *
999 * See Intel spec. 31.6 "Preparation And Launching A Virtual Machine".
1000 */
1001 if (pVmcsInfoTo->fVmcsState != VMX_V_VMCS_LAUNCH_STATE_CLEAR)
1002 {
1003 int rc = hmR0VmxClearVmcs(pVmcsInfoTo);
1004 if (RT_SUCCESS(rc))
1005 { /* likely */ }
1006 else
1007 return rc;
1008 }
1009
1010 /*
1011 * Finally, load the VMCS we are switching to.
1012 */
1013 return hmR0VmxLoadVmcs(pVmcsInfoTo);
1014}
1015
1016
1017/**
1018 * Switches between the guest VMCS and the nested-guest VMCS as specified by the
1019 * caller.
1020 *
1021 * @returns VBox status code.
1022 * @param pVCpu The cross context virtual CPU structure.
1023 * @param fSwitchToNstGstVmcs Whether to switch to the nested-guest VMCS (pass
1024 * true) or guest VMCS (pass false).
1025 */
1026static int vmxHCSwitchToGstOrNstGstVmcs(PVMCPUCC pVCpu, bool fSwitchToNstGstVmcs)
1027{
1028 /* Ensure we have synced everything from the guest-CPU context to the VMCS before switching. */
1029 HMVMX_CPUMCTX_ASSERT(pVCpu, HMVMX_CPUMCTX_EXTRN_ALL);
1030
1031 PVMXVMCSINFO pVmcsInfoFrom;
1032 PVMXVMCSINFO pVmcsInfoTo;
1033 if (fSwitchToNstGstVmcs)
1034 {
1035 pVmcsInfoFrom = &pVCpu->hmr0.s.vmx.VmcsInfo;
1036 pVmcsInfoTo = &pVCpu->hmr0.s.vmx.VmcsInfoNstGst;
1037 }
1038 else
1039 {
1040 pVmcsInfoFrom = &pVCpu->hmr0.s.vmx.VmcsInfoNstGst;
1041 pVmcsInfoTo = &pVCpu->hmr0.s.vmx.VmcsInfo;
1042 }
1043
1044 /*
1045 * Disable interrupts to prevent being preempted while we switch the current VMCS as the
1046 * preemption hook code path acquires the current VMCS.
1047 */
1048 RTCCUINTREG const fEFlags = ASMIntDisableFlags();
1049
1050 int rc = vmxHCSwitchVmcs(pVmcsInfoFrom, pVmcsInfoTo);
1051 if (RT_SUCCESS(rc))
1052 {
1053 pVCpu->hmr0.s.vmx.fSwitchedToNstGstVmcs = fSwitchToNstGstVmcs;
1054 pVCpu->hm.s.vmx.fSwitchedToNstGstVmcsCopyForRing3 = fSwitchToNstGstVmcs;
1055
1056 /*
1057 * If we are switching to a VMCS that was executed on a different host CPU or was
1058 * never executed before, flag that we need to export the host state before executing
1059 * guest/nested-guest code using hardware-assisted VMX.
1060 *
1061 * This could probably be done in a preemptible context since the preemption hook
1062 * will flag the necessary change in host context. However, since preemption is
1063 * already disabled and to avoid making assumptions about host specific code in
1064 * RTMpCpuId when called with preemption enabled, we'll do this while preemption is
1065 * disabled.
1066 */
1067 if (pVmcsInfoTo->idHostCpuState == RTMpCpuId())
1068 { /* likely */ }
1069 else
1070 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_HOST_CONTEXT | HM_CHANGED_VMX_HOST_GUEST_SHARED_STATE);
1071
1072 ASMSetFlags(fEFlags);
1073
1074 /*
1075 * We use a different VM-exit MSR-store areas for the guest and nested-guest. Hence,
1076 * flag that we need to update the host MSR values there. Even if we decide in the
1077 * future to share the VM-exit MSR-store area page between the guest and nested-guest,
1078 * if its content differs, we would have to update the host MSRs anyway.
1079 */
1080 pVCpu->hmr0.s.vmx.fUpdatedHostAutoMsrs = false;
1081 }
1082 else
1083 ASMSetFlags(fEFlags);
1084 return rc;
1085}
1086
1087#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
1088#ifdef VBOX_STRICT
1089
1090/**
1091 * Reads the VM-entry interruption-information field from the VMCS into the VMX
1092 * transient structure.
1093 *
1094 * @param pVCpu The cross context virtual CPU structure.
1095 * @param pVmxTransient The VMX-transient structure.
1096 */
1097DECLINLINE(void) vmxHCReadEntryIntInfoVmcs(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
1098{
1099 int rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, &pVmxTransient->uEntryIntInfo);
1100 AssertRC(rc);
1101}
1102
1103
1104/**
1105 * Reads the VM-entry exception error code field from the VMCS into
1106 * the VMX transient structure.
1107 *
1108 * @param pVCpu The cross context virtual CPU structure.
1109 * @param pVmxTransient The VMX-transient structure.
1110 */
1111DECLINLINE(void) vmxHCReadEntryXcptErrorCodeVmcs(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
1112{
1113 int rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_EXCEPTION_ERRCODE, &pVmxTransient->uEntryXcptErrorCode);
1114 AssertRC(rc);
1115}
1116
1117
1118/**
1119 * Reads the VM-entry exception error code field from the VMCS into
1120 * the VMX transient structure.
1121 *
1122 * @param pVCpu The cross context virtual CPU structure.
1123 * @param pVmxTransient The VMX-transient structure.
1124 */
1125DECLINLINE(void) vmxHCReadEntryInstrLenVmcs(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
1126{
1127 int rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_INSTR_LENGTH, &pVmxTransient->cbEntryInstr);
1128 AssertRC(rc);
1129}
1130
1131#endif /* VBOX_STRICT */
1132
1133
1134/**
1135 * Reads VMCS fields into the VMXTRANSIENT structure, slow path version.
1136 *
1137 * Don't call directly unless the it's likely that some or all of the fields
1138 * given in @a a_fReadMask have already been read.
1139 *
1140 * @tparam a_fReadMask The fields to read.
1141 * @param pVCpu The cross context virtual CPU structure.
1142 * @param pVmxTransient The VMX-transient structure.
1143 */
1144template<uint32_t const a_fReadMask>
1145static void vmxHCReadToTransientSlow(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
1146{
1147 AssertCompile((a_fReadMask & ~( HMVMX_READ_EXIT_QUALIFICATION
1148 | HMVMX_READ_EXIT_INSTR_LEN
1149 | HMVMX_READ_EXIT_INSTR_INFO
1150 | HMVMX_READ_IDT_VECTORING_INFO
1151 | HMVMX_READ_IDT_VECTORING_ERROR_CODE
1152 | HMVMX_READ_EXIT_INTERRUPTION_INFO
1153 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
1154 | HMVMX_READ_GUEST_LINEAR_ADDR
1155 | HMVMX_READ_GUEST_PHYSICAL_ADDR
1156 | HMVMX_READ_GUEST_PENDING_DBG_XCPTS
1157 )) == 0);
1158
1159 if ((pVmxTransient->fVmcsFieldsRead & a_fReadMask) != a_fReadMask)
1160 {
1161 uint32_t const fVmcsFieldsRead = pVmxTransient->fVmcsFieldsRead;
1162
1163 if ( (a_fReadMask & HMVMX_READ_EXIT_QUALIFICATION)
1164 && !(fVmcsFieldsRead & HMVMX_READ_EXIT_QUALIFICATION))
1165 {
1166 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_RO_EXIT_QUALIFICATION, &pVmxTransient->uExitQual);
1167 AssertRC(rc);
1168 }
1169 if ( (a_fReadMask & HMVMX_READ_EXIT_INSTR_LEN)
1170 && !(fVmcsFieldsRead & HMVMX_READ_EXIT_INSTR_LEN))
1171 {
1172 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INSTR_LENGTH, &pVmxTransient->cbExitInstr);
1173 AssertRC(rc);
1174 }
1175 if ( (a_fReadMask & HMVMX_READ_EXIT_INSTR_INFO)
1176 && !(fVmcsFieldsRead & HMVMX_READ_EXIT_INSTR_INFO))
1177 {
1178 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INSTR_INFO, &pVmxTransient->ExitInstrInfo.u);
1179 AssertRC(rc);
1180 }
1181 if ( (a_fReadMask & HMVMX_READ_IDT_VECTORING_INFO)
1182 && !(fVmcsFieldsRead & HMVMX_READ_IDT_VECTORING_INFO))
1183 {
1184 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_IDT_VECTORING_INFO, &pVmxTransient->uIdtVectoringInfo);
1185 AssertRC(rc);
1186 }
1187 if ( (a_fReadMask & HMVMX_READ_IDT_VECTORING_ERROR_CODE)
1188 && !(fVmcsFieldsRead & HMVMX_READ_IDT_VECTORING_ERROR_CODE))
1189 {
1190 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_IDT_VECTORING_ERROR_CODE, &pVmxTransient->uIdtVectoringErrorCode);
1191 AssertRC(rc);
1192 }
1193 if ( (a_fReadMask & HMVMX_READ_EXIT_INTERRUPTION_INFO)
1194 && !(fVmcsFieldsRead & HMVMX_READ_EXIT_INTERRUPTION_INFO))
1195 {
1196 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INTERRUPTION_INFO, &pVmxTransient->uExitIntInfo);
1197 AssertRC(rc);
1198 }
1199 if ( (a_fReadMask & HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE)
1200 && !(fVmcsFieldsRead & HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE))
1201 {
1202 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INTERRUPTION_ERROR_CODE, &pVmxTransient->uExitIntErrorCode);
1203 AssertRC(rc);
1204 }
1205 if ( (a_fReadMask & HMVMX_READ_GUEST_LINEAR_ADDR)
1206 && !(fVmcsFieldsRead & HMVMX_READ_GUEST_LINEAR_ADDR))
1207 {
1208 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_RO_GUEST_LINEAR_ADDR, &pVmxTransient->uGuestLinearAddr);
1209 AssertRC(rc);
1210 }
1211 if ( (a_fReadMask & HMVMX_READ_GUEST_PHYSICAL_ADDR)
1212 && !(fVmcsFieldsRead & HMVMX_READ_GUEST_PHYSICAL_ADDR))
1213 {
1214 int const rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_RO_GUEST_PHYS_ADDR_FULL, &pVmxTransient->uGuestPhysicalAddr);
1215 AssertRC(rc);
1216 }
1217 if ( (a_fReadMask & HMVMX_READ_GUEST_PENDING_DBG_XCPTS)
1218 && !(fVmcsFieldsRead & HMVMX_READ_GUEST_PENDING_DBG_XCPTS))
1219 {
1220 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_PENDING_DEBUG_XCPTS, &pVmxTransient->uGuestPendingDbgXcpts);
1221 AssertRC(rc);
1222 }
1223
1224 pVmxTransient->fVmcsFieldsRead |= a_fReadMask;
1225 }
1226}
1227
1228
1229/**
1230 * Reads VMCS fields into the VMXTRANSIENT structure.
1231 *
1232 * This optimizes for the case where none of @a a_fReadMask has been read yet,
1233 * generating an optimized read sequences w/o any conditionals between in
1234 * non-strict builds.
1235 *
1236 * @tparam a_fReadMask The fields to read. One or more of the
1237 * HMVMX_READ_XXX fields ORed together.
1238 * @param pVCpu The cross context virtual CPU structure.
1239 * @param pVmxTransient The VMX-transient structure.
1240 */
1241template<uint32_t const a_fReadMask>
1242DECLINLINE(void) vmxHCReadToTransient(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
1243{
1244 AssertCompile((a_fReadMask & ~( HMVMX_READ_EXIT_QUALIFICATION
1245 | HMVMX_READ_EXIT_INSTR_LEN
1246 | HMVMX_READ_EXIT_INSTR_INFO
1247 | HMVMX_READ_IDT_VECTORING_INFO
1248 | HMVMX_READ_IDT_VECTORING_ERROR_CODE
1249 | HMVMX_READ_EXIT_INTERRUPTION_INFO
1250 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
1251 | HMVMX_READ_GUEST_LINEAR_ADDR
1252 | HMVMX_READ_GUEST_PHYSICAL_ADDR
1253 | HMVMX_READ_GUEST_PENDING_DBG_XCPTS
1254 )) == 0);
1255
1256 if (RT_LIKELY(!(pVmxTransient->fVmcsFieldsRead & a_fReadMask)))
1257 {
1258 if (a_fReadMask & HMVMX_READ_EXIT_QUALIFICATION)
1259 {
1260 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_RO_EXIT_QUALIFICATION, &pVmxTransient->uExitQual);
1261 AssertRC(rc);
1262 }
1263 if (a_fReadMask & HMVMX_READ_EXIT_INSTR_LEN)
1264 {
1265 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INSTR_LENGTH, &pVmxTransient->cbExitInstr);
1266 AssertRC(rc);
1267 }
1268 if (a_fReadMask & HMVMX_READ_EXIT_INSTR_INFO)
1269 {
1270 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INSTR_INFO, &pVmxTransient->ExitInstrInfo.u);
1271 AssertRC(rc);
1272 }
1273 if (a_fReadMask & HMVMX_READ_IDT_VECTORING_INFO)
1274 {
1275 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_IDT_VECTORING_INFO, &pVmxTransient->uIdtVectoringInfo);
1276 AssertRC(rc);
1277 }
1278 if (a_fReadMask & HMVMX_READ_IDT_VECTORING_ERROR_CODE)
1279 {
1280 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_IDT_VECTORING_ERROR_CODE, &pVmxTransient->uIdtVectoringErrorCode);
1281 AssertRC(rc);
1282 }
1283 if (a_fReadMask & HMVMX_READ_EXIT_INTERRUPTION_INFO)
1284 {
1285 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INTERRUPTION_INFO, &pVmxTransient->uExitIntInfo);
1286 AssertRC(rc);
1287 }
1288 if (a_fReadMask & HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE)
1289 {
1290 int const rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INTERRUPTION_ERROR_CODE, &pVmxTransient->uExitIntErrorCode);
1291 AssertRC(rc);
1292 }
1293 if (a_fReadMask & HMVMX_READ_GUEST_LINEAR_ADDR)
1294 {
1295 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_RO_GUEST_LINEAR_ADDR, &pVmxTransient->uGuestLinearAddr);
1296 AssertRC(rc);
1297 }
1298 if (a_fReadMask & HMVMX_READ_GUEST_PHYSICAL_ADDR)
1299 {
1300 int const rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_RO_GUEST_PHYS_ADDR_FULL, &pVmxTransient->uGuestPhysicalAddr);
1301 AssertRC(rc);
1302 }
1303 if (a_fReadMask & HMVMX_READ_GUEST_PENDING_DBG_XCPTS)
1304 {
1305 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_PENDING_DEBUG_XCPTS, &pVmxTransient->uGuestPendingDbgXcpts);
1306 AssertRC(rc);
1307 }
1308
1309 pVmxTransient->fVmcsFieldsRead |= a_fReadMask;
1310 }
1311 else
1312 {
1313 STAM_REL_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatReadToTransientFallback);
1314 Log11Func(("a_fReadMask=%#x fVmcsFieldsRead=%#x => %#x - Taking inefficient code path!\n",
1315 a_fReadMask, pVmxTransient->fVmcsFieldsRead, a_fReadMask & pVmxTransient->fVmcsFieldsRead));
1316 vmxHCReadToTransientSlow<a_fReadMask>(pVCpu, pVmxTransient);
1317 }
1318}
1319
1320
1321#ifdef HMVMX_ALWAYS_SAVE_RO_GUEST_STATE
1322/**
1323 * Reads all relevant read-only VMCS fields into the VMX transient structure.
1324 *
1325 * @param pVCpu The cross context virtual CPU structure.
1326 * @param pVmxTransient The VMX-transient structure.
1327 */
1328static void vmxHCReadAllRoFieldsVmcs(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
1329{
1330 int rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_RO_EXIT_QUALIFICATION, &pVmxTransient->uExitQual);
1331 rc |= VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INSTR_LENGTH, &pVmxTransient->cbExitInstr);
1332 rc |= VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INSTR_INFO, &pVmxTransient->ExitInstrInfo.u);
1333 rc |= VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_IDT_VECTORING_INFO, &pVmxTransient->uIdtVectoringInfo);
1334 rc |= VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_IDT_VECTORING_ERROR_CODE, &pVmxTransient->uIdtVectoringErrorCode);
1335 rc |= VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INTERRUPTION_INFO, &pVmxTransient->uExitIntInfo);
1336 rc |= VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_RO_EXIT_INTERRUPTION_ERROR_CODE, &pVmxTransient->uExitIntErrorCode);
1337 rc |= VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_RO_GUEST_LINEAR_ADDR, &pVmxTransient->uGuestLinearAddr);
1338 rc |= VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_RO_GUEST_PHYS_ADDR_FULL, &pVmxTransient->uGuestPhysicalAddr);
1339 AssertRC(rc);
1340 pVmxTransient->fVmcsFieldsRead |= HMVMX_READ_EXIT_QUALIFICATION
1341 | HMVMX_READ_EXIT_INSTR_LEN
1342 | HMVMX_READ_EXIT_INSTR_INFO
1343 | HMVMX_READ_IDT_VECTORING_INFO
1344 | HMVMX_READ_IDT_VECTORING_ERROR_CODE
1345 | HMVMX_READ_EXIT_INTERRUPTION_INFO
1346 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
1347 | HMVMX_READ_GUEST_LINEAR_ADDR
1348 | HMVMX_READ_GUEST_PHYSICAL_ADDR;
1349}
1350#endif
1351
1352/**
1353 * Verifies that our cached values of the VMCS fields are all consistent with
1354 * what's actually present in the VMCS.
1355 *
1356 * @returns VBox status code.
1357 * @retval VINF_SUCCESS if all our caches match their respective VMCS fields.
1358 * @retval VERR_VMX_VMCS_FIELD_CACHE_INVALID if a cache field doesn't match the
1359 * VMCS content. HMCPU error-field is
1360 * updated, see VMX_VCI_XXX.
1361 * @param pVCpu The cross context virtual CPU structure.
1362 * @param pVmcsInfo The VMCS info. object.
1363 * @param fIsNstGstVmcs Whether this is a nested-guest VMCS.
1364 */
1365static int vmxHCCheckCachedVmcsCtls(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo, bool fIsNstGstVmcs)
1366{
1367 const char * const pcszVmcs = fIsNstGstVmcs ? "Nested-guest VMCS" : "VMCS";
1368
1369 uint32_t u32Val;
1370 int rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_ENTRY, &u32Val);
1371 AssertRC(rc);
1372 AssertMsgReturnStmt(pVmcsInfo->u32EntryCtls == u32Val,
1373 ("%s entry controls mismatch: Cache=%#RX32 VMCS=%#RX32\n", pcszVmcs, pVmcsInfo->u32EntryCtls, u32Val),
1374 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_ENTRY,
1375 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1376
1377 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_EXIT, &u32Val);
1378 AssertRC(rc);
1379 AssertMsgReturnStmt(pVmcsInfo->u32ExitCtls == u32Val,
1380 ("%s exit controls mismatch: Cache=%#RX32 VMCS=%#RX32\n", pcszVmcs, pVmcsInfo->u32ExitCtls, u32Val),
1381 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_EXIT,
1382 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1383
1384 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_PIN_EXEC, &u32Val);
1385 AssertRC(rc);
1386 AssertMsgReturnStmt(pVmcsInfo->u32PinCtls == u32Val,
1387 ("%s pin controls mismatch: Cache=%#RX32 VMCS=%#RX32\n", pcszVmcs, pVmcsInfo->u32PinCtls, u32Val),
1388 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_PIN_EXEC,
1389 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1390
1391 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, &u32Val);
1392 AssertRC(rc);
1393 AssertMsgReturnStmt(pVmcsInfo->u32ProcCtls == u32Val,
1394 ("%s proc controls mismatch: Cache=%#RX32 VMCS=%#RX32\n", pcszVmcs, pVmcsInfo->u32ProcCtls, u32Val),
1395 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_PROC_EXEC,
1396 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1397
1398 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_SECONDARY_CTLS)
1399 {
1400 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC2, &u32Val);
1401 AssertRC(rc);
1402 AssertMsgReturnStmt(pVmcsInfo->u32ProcCtls2 == u32Val,
1403 ("%s proc2 controls mismatch: Cache=%#RX32 VMCS=%#RX32\n", pcszVmcs, pVmcsInfo->u32ProcCtls2, u32Val),
1404 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_PROC_EXEC2,
1405 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1406 }
1407
1408 uint64_t u64Val;
1409 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TERTIARY_CTLS)
1410 {
1411 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_CTRL_PROC_EXEC3_FULL, &u64Val);
1412 AssertRC(rc);
1413 AssertMsgReturnStmt(pVmcsInfo->u64ProcCtls3 == u64Val,
1414 ("%s proc3 controls mismatch: Cache=%#RX32 VMCS=%#RX64\n", pcszVmcs, pVmcsInfo->u64ProcCtls3, u64Val),
1415 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_PROC_EXEC3,
1416 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1417 }
1418
1419 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_EXCEPTION_BITMAP, &u32Val);
1420 AssertRC(rc);
1421 AssertMsgReturnStmt(pVmcsInfo->u32XcptBitmap == u32Val,
1422 ("%s exception bitmap mismatch: Cache=%#RX32 VMCS=%#RX32\n", pcszVmcs, pVmcsInfo->u32XcptBitmap, u32Val),
1423 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_XCPT_BITMAP,
1424 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1425
1426 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_CTRL_TSC_OFFSET_FULL, &u64Val);
1427 AssertRC(rc);
1428 AssertMsgReturnStmt(pVmcsInfo->u64TscOffset == u64Val,
1429 ("%s TSC offset mismatch: Cache=%#RX64 VMCS=%#RX64\n", pcszVmcs, pVmcsInfo->u64TscOffset, u64Val),
1430 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_VCI_CTRL_TSC_OFFSET,
1431 VERR_VMX_VMCS_FIELD_CACHE_INVALID);
1432
1433 NOREF(pcszVmcs);
1434 return VINF_SUCCESS;
1435}
1436
1437
1438/**
1439 * Exports the guest state with appropriate VM-entry and VM-exit controls in the
1440 * VMCS.
1441 *
1442 * This is typically required when the guest changes paging mode.
1443 *
1444 * @returns VBox status code.
1445 * @param pVCpu The cross context virtual CPU structure.
1446 * @param pVmxTransient The VMX-transient structure.
1447 *
1448 * @remarks Requires EFER.
1449 * @remarks No-long-jump zone!!!
1450 */
1451static int vmxHCExportGuestEntryExitCtls(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
1452{
1453 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_VMX_ENTRY_EXIT_CTLS)
1454 {
1455 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
1456 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
1457
1458 /*
1459 * VM-entry controls.
1460 */
1461 {
1462 uint32_t fVal = g_HmMsrs.u.vmx.EntryCtls.n.allowed0; /* Bits set here must be set in the VMCS. */
1463 uint32_t const fZap = g_HmMsrs.u.vmx.EntryCtls.n.allowed1; /* Bits cleared here must be cleared in the VMCS. */
1464
1465 /*
1466 * Load the guest debug controls (DR7 and IA32_DEBUGCTL MSR) on VM-entry.
1467 * The first VT-x capable CPUs only supported the 1-setting of this bit.
1468 *
1469 * For nested-guests, this is a mandatory VM-entry control. It's also
1470 * required because we do not want to leak host bits to the nested-guest.
1471 */
1472 fVal |= VMX_ENTRY_CTLS_LOAD_DEBUG;
1473
1474 /*
1475 * Set if the guest is in long mode. This will set/clear the EFER.LMA bit on VM-entry.
1476 *
1477 * For nested-guests, the "IA-32e mode guest" control we initialize with what is
1478 * required to get the nested-guest working with hardware-assisted VMX execution.
1479 * It depends on the nested-guest's IA32_EFER.LMA bit. Remember, a nested hypervisor
1480 * can skip intercepting changes to the EFER MSR. This is why it needs to be done
1481 * here rather than while merging the guest VMCS controls.
1482 */
1483 if (CPUMIsGuestInLongModeEx(&pVCpu->cpum.GstCtx))
1484 {
1485 Assert(pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_LME);
1486 fVal |= VMX_ENTRY_CTLS_IA32E_MODE_GUEST;
1487 }
1488 else
1489 Assert(!(fVal & VMX_ENTRY_CTLS_IA32E_MODE_GUEST));
1490
1491 /*
1492 * If the CPU supports the newer VMCS controls for managing guest/host EFER, use it.
1493 *
1494 * For nested-guests, we use the "load IA32_EFER" if the hardware supports it,
1495 * regardless of whether the nested-guest VMCS specifies it because we are free to
1496 * load whatever MSRs we require and we do not need to modify the guest visible copy
1497 * of the VM-entry MSR load area.
1498 */
1499 if ( g_fHmVmxSupportsVmcsEfer
1500#ifndef IN_NEM_DARWIN
1501 && hmR0VmxShouldSwapEferMsr(pVCpu, pVmxTransient)
1502#endif
1503 )
1504 fVal |= VMX_ENTRY_CTLS_LOAD_EFER_MSR;
1505 else
1506 Assert(!(fVal & VMX_ENTRY_CTLS_LOAD_EFER_MSR));
1507
1508 /*
1509 * The following should -not- be set (since we're not in SMM mode):
1510 * - VMX_ENTRY_CTLS_ENTRY_TO_SMM
1511 * - VMX_ENTRY_CTLS_DEACTIVATE_DUAL_MON
1512 */
1513
1514 /** @todo VMX_ENTRY_CTLS_LOAD_PERF_MSR,
1515 * VMX_ENTRY_CTLS_LOAD_PAT_MSR. */
1516
1517 if ((fVal & fZap) == fVal)
1518 { /* likely */ }
1519 else
1520 {
1521 Log4Func(("Invalid VM-entry controls combo! Cpu=%#RX32 fVal=%#RX32 fZap=%#RX32\n",
1522 g_HmMsrs.u.vmx.EntryCtls.n.allowed0, fVal, fZap));
1523 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_UFC_CTRL_ENTRY;
1524 return VERR_HM_UNSUPPORTED_CPU_FEATURE_COMBO;
1525 }
1526
1527 /* Commit it to the VMCS. */
1528 if (pVmcsInfo->u32EntryCtls != fVal)
1529 {
1530 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_ENTRY, fVal);
1531 AssertRC(rc);
1532 pVmcsInfo->u32EntryCtls = fVal;
1533 }
1534 }
1535
1536 /*
1537 * VM-exit controls.
1538 */
1539 {
1540 uint32_t fVal = g_HmMsrs.u.vmx.ExitCtls.n.allowed0; /* Bits set here must be set in the VMCS. */
1541 uint32_t const fZap = g_HmMsrs.u.vmx.ExitCtls.n.allowed1; /* Bits cleared here must be cleared in the VMCS. */
1542
1543 /*
1544 * Save debug controls (DR7 & IA32_DEBUGCTL_MSR). The first VT-x CPUs only
1545 * supported the 1-setting of this bit.
1546 *
1547 * For nested-guests, we set the "save debug controls" as the converse
1548 * "load debug controls" is mandatory for nested-guests anyway.
1549 */
1550 fVal |= VMX_EXIT_CTLS_SAVE_DEBUG;
1551
1552 /*
1553 * Set the host long mode active (EFER.LMA) bit (which Intel calls
1554 * "Host address-space size") if necessary. On VM-exit, VT-x sets both the
1555 * host EFER.LMA and EFER.LME bit to this value. See assertion in
1556 * vmxHCExportHostMsrs().
1557 *
1558 * For nested-guests, we always set this bit as we do not support 32-bit
1559 * hosts.
1560 */
1561 fVal |= VMX_EXIT_CTLS_HOST_ADDR_SPACE_SIZE;
1562
1563#ifndef IN_NEM_DARWIN
1564 /*
1565 * If the VMCS EFER MSR fields are supported by the hardware, we use it.
1566 *
1567 * For nested-guests, we should use the "save IA32_EFER" control if we also
1568 * used the "load IA32_EFER" control while exporting VM-entry controls.
1569 */
1570 if ( g_fHmVmxSupportsVmcsEfer
1571 && hmR0VmxShouldSwapEferMsr(pVCpu, pVmxTransient))
1572 {
1573 fVal |= VMX_EXIT_CTLS_SAVE_EFER_MSR
1574 | VMX_EXIT_CTLS_LOAD_EFER_MSR;
1575 }
1576#endif
1577
1578 /*
1579 * Enable saving of the VMX-preemption timer value on VM-exit.
1580 * For nested-guests, currently not exposed/used.
1581 */
1582 /** @todo r=bird: Measure performance hit because of this vs. always rewriting
1583 * the timer value. */
1584 if (VM_IS_VMX_PREEMPT_TIMER_USED(pVM))
1585 {
1586 Assert(g_HmMsrs.u.vmx.ExitCtls.n.allowed1 & VMX_EXIT_CTLS_SAVE_PREEMPT_TIMER);
1587 fVal |= VMX_EXIT_CTLS_SAVE_PREEMPT_TIMER;
1588 }
1589
1590 /* Don't acknowledge external interrupts on VM-exit. We want to let the host do that. */
1591 Assert(!(fVal & VMX_EXIT_CTLS_ACK_EXT_INT));
1592
1593 /** @todo VMX_EXIT_CTLS_LOAD_PERF_MSR,
1594 * VMX_EXIT_CTLS_SAVE_PAT_MSR,
1595 * VMX_EXIT_CTLS_LOAD_PAT_MSR. */
1596
1597 if ((fVal & fZap) == fVal)
1598 { /* likely */ }
1599 else
1600 {
1601 Log4Func(("Invalid VM-exit controls combo! cpu=%#RX32 fVal=%#RX32 fZap=%#RX32\n",
1602 g_HmMsrs.u.vmx.ExitCtls.n.allowed0, fVal, fZap));
1603 VCPU_2_VMXSTATE(pVCpu).u32HMError = VMX_UFC_CTRL_EXIT;
1604 return VERR_HM_UNSUPPORTED_CPU_FEATURE_COMBO;
1605 }
1606
1607 /* Commit it to the VMCS. */
1608 if (pVmcsInfo->u32ExitCtls != fVal)
1609 {
1610 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_EXIT, fVal);
1611 AssertRC(rc);
1612 pVmcsInfo->u32ExitCtls = fVal;
1613 }
1614 }
1615
1616 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_VMX_ENTRY_EXIT_CTLS);
1617 }
1618 return VINF_SUCCESS;
1619}
1620
1621
1622/**
1623 * Sets the TPR threshold in the VMCS.
1624 *
1625 * @param pVCpu The cross context virtual CPU structure.
1626 * @param pVmcsInfo The VMCS info. object.
1627 * @param u32TprThreshold The TPR threshold (task-priority class only).
1628 */
1629DECLINLINE(void) vmxHCApicSetTprThreshold(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint32_t u32TprThreshold)
1630{
1631 Assert(!(u32TprThreshold & ~VMX_TPR_THRESHOLD_MASK)); /* Bits 31:4 MBZ. */
1632 Assert(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW);
1633 RT_NOREF(pVmcsInfo);
1634 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_TPR_THRESHOLD, u32TprThreshold);
1635 AssertRC(rc);
1636}
1637
1638
1639/**
1640 * Exports the guest APIC TPR state into the VMCS.
1641 *
1642 * @param pVCpu The cross context virtual CPU structure.
1643 * @param pVmxTransient The VMX-transient structure.
1644 *
1645 * @remarks No-long-jump zone!!!
1646 */
1647static void vmxHCExportGuestApicTpr(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
1648{
1649 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_APIC_TPR)
1650 {
1651 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_APIC_TPR);
1652
1653 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
1654 if (!pVmxTransient->fIsNestedGuest)
1655 {
1656 if ( PDMHasApic(pVCpu->CTX_SUFF(pVM))
1657 && APICIsEnabled(pVCpu))
1658 {
1659 /*
1660 * Setup TPR shadowing.
1661 */
1662 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW)
1663 {
1664 bool fPendingIntr = false;
1665 uint8_t u8Tpr = 0;
1666 uint8_t u8PendingIntr = 0;
1667 int rc = APICGetTpr(pVCpu, &u8Tpr, &fPendingIntr, &u8PendingIntr);
1668 AssertRC(rc);
1669
1670 /*
1671 * If there are interrupts pending but masked by the TPR, instruct VT-x to
1672 * cause a TPR-below-threshold VM-exit when the guest lowers its TPR below the
1673 * priority of the pending interrupt so we can deliver the interrupt. If there
1674 * are no interrupts pending, set threshold to 0 to not cause any
1675 * TPR-below-threshold VM-exits.
1676 */
1677 uint32_t u32TprThreshold = 0;
1678 if (fPendingIntr)
1679 {
1680 /* Bits 3:0 of the TPR threshold field correspond to bits 7:4 of the TPR
1681 (which is the Task-Priority Class). */
1682 const uint8_t u8PendingPriority = u8PendingIntr >> 4;
1683 const uint8_t u8TprPriority = u8Tpr >> 4;
1684 if (u8PendingPriority <= u8TprPriority)
1685 u32TprThreshold = u8PendingPriority;
1686 }
1687
1688 vmxHCApicSetTprThreshold(pVCpu, pVmcsInfo, u32TprThreshold);
1689 }
1690 }
1691 }
1692 /* else: the TPR threshold has already been updated while merging the nested-guest VMCS. */
1693 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_APIC_TPR);
1694 }
1695}
1696
1697
1698/**
1699 * Gets the guest interruptibility-state and updates related force-flags.
1700 *
1701 * @returns Guest's interruptibility-state.
1702 * @param pVCpu The cross context virtual CPU structure.
1703 *
1704 * @remarks No-long-jump zone!!!
1705 */
1706static uint32_t vmxHCGetGuestIntrStateAndUpdateFFs(PVMCPUCC pVCpu)
1707{
1708 uint32_t fIntrState;
1709
1710 /*
1711 * Check if we should inhibit interrupt delivery due to instructions like STI and MOV SS.
1712 */
1713 if (!CPUMIsInInterruptShadowWithUpdate(&pVCpu->cpum.GstCtx))
1714 fIntrState = 0;
1715 else
1716 {
1717 /* If inhibition is active, RIP should've been imported from the VMCS already. */
1718 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RIP);
1719
1720 if (CPUMIsInInterruptShadowAfterSs(&pVCpu->cpum.GstCtx))
1721 fIntrState = VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS;
1722 else
1723 {
1724 fIntrState = VMX_VMCS_GUEST_INT_STATE_BLOCK_STI;
1725
1726 /* Block-by-STI must not be set when interrupts are disabled. */
1727 AssertStmt(pVCpu->cpum.GstCtx.eflags.Bits.u1IF, fIntrState = VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS);
1728 }
1729 }
1730
1731 /*
1732 * Check if we should inhibit NMI delivery.
1733 */
1734 if (!CPUMAreInterruptsInhibitedByNmiEx(&pVCpu->cpum.GstCtx))
1735 { /* likely */ }
1736 else
1737 fIntrState |= VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI;
1738
1739 /*
1740 * Validate.
1741 */
1742 /* We don't support block-by-SMI yet.*/
1743 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_SMI));
1744
1745 return fIntrState;
1746}
1747
1748
1749/**
1750 * Exports the exception intercepts required for guest execution in the VMCS.
1751 *
1752 * @param pVCpu The cross context virtual CPU structure.
1753 * @param pVmxTransient The VMX-transient structure.
1754 *
1755 * @remarks No-long-jump zone!!!
1756 */
1757static void vmxHCExportGuestXcptIntercepts(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
1758{
1759 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_VMX_XCPT_INTERCEPTS)
1760 {
1761 /* When executing a nested-guest, we do not need to trap GIM hypercalls by intercepting #UD. */
1762 if ( !pVmxTransient->fIsNestedGuest
1763 && VCPU_2_VMXSTATE(pVCpu).fGIMTrapXcptUD)
1764 vmxHCAddXcptIntercept(pVCpu, pVmxTransient, X86_XCPT_UD);
1765 else
1766 vmxHCRemoveXcptIntercept(pVCpu, pVmxTransient, X86_XCPT_UD);
1767
1768 /* Other exception intercepts are handled elsewhere, e.g. while exporting guest CR0. */
1769 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_VMX_XCPT_INTERCEPTS);
1770 }
1771}
1772
1773
1774/**
1775 * Exports the guest's RIP into the guest-state area in the VMCS.
1776 *
1777 * @param pVCpu The cross context virtual CPU structure.
1778 *
1779 * @remarks No-long-jump zone!!!
1780 */
1781static void vmxHCExportGuestRip(PVMCPUCC pVCpu)
1782{
1783 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_RIP)
1784 {
1785 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RIP);
1786
1787 int rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_RIP, pVCpu->cpum.GstCtx.rip);
1788 AssertRC(rc);
1789
1790 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_RIP);
1791 Log4Func(("rip=%#RX64\n", pVCpu->cpum.GstCtx.rip));
1792 }
1793}
1794
1795
1796/**
1797 * Exports the guest's RFLAGS into the guest-state area in the VMCS.
1798 *
1799 * @param pVCpu The cross context virtual CPU structure.
1800 * @param pVmxTransient The VMX-transient structure.
1801 *
1802 * @remarks No-long-jump zone!!!
1803 */
1804static void vmxHCExportGuestRflags(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
1805{
1806 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_RFLAGS)
1807 {
1808 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RFLAGS);
1809
1810 /* Intel spec. 2.3.1 "System Flags and Fields in IA-32e Mode" claims the upper 32-bits
1811 of RFLAGS are reserved (MBZ). We use bits 63:24 for internal purposes, so no need
1812 to assert this, the CPUMX86EFLAGS/CPUMX86RFLAGS union masks these off for us.
1813 Use 32-bit VMWRITE. */
1814 uint32_t fEFlags = pVCpu->cpum.GstCtx.eflags.u;
1815 Assert((fEFlags & X86_EFL_RA1_MASK) == X86_EFL_RA1_MASK);
1816 AssertMsg(!(fEFlags & ~(X86_EFL_LIVE_MASK | X86_EFL_RA1_MASK)), ("%#x\n", fEFlags));
1817
1818#ifndef IN_NEM_DARWIN
1819 /*
1820 * If we're emulating real-mode using Virtual 8086 mode, save the real-mode eflags so
1821 * we can restore them on VM-exit. Modify the real-mode guest's eflags so that VT-x
1822 * can run the real-mode guest code under Virtual 8086 mode.
1823 */
1824 PVMXVMCSINFOSHARED pVmcsInfo = pVmxTransient->pVmcsInfo->pShared;
1825 if (pVmcsInfo->RealMode.fRealOnV86Active)
1826 {
1827 Assert(pVCpu->CTX_SUFF(pVM)->hm.s.vmx.pRealModeTSS);
1828 Assert(PDMVmmDevHeapIsEnabled(pVCpu->CTX_SUFF(pVM)));
1829 Assert(!pVmxTransient->fIsNestedGuest);
1830 pVmcsInfo->RealMode.Eflags.u32 = fEFlags; /* Save the original eflags of the real-mode guest. */
1831 fEFlags |= X86_EFL_VM; /* Set the Virtual 8086 mode bit. */
1832 fEFlags &= ~X86_EFL_IOPL; /* Change IOPL to 0, otherwise certain instructions won't fault. */
1833 }
1834#else
1835 RT_NOREF(pVmxTransient);
1836#endif
1837
1838 int rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_RFLAGS, fEFlags);
1839 AssertRC(rc);
1840
1841 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_RFLAGS);
1842 Log4Func(("eflags=%#RX32\n", fEFlags));
1843 }
1844}
1845
1846
1847#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
1848/**
1849 * Copies the nested-guest VMCS to the shadow VMCS.
1850 *
1851 * @returns VBox status code.
1852 * @param pVCpu The cross context virtual CPU structure.
1853 * @param pVmcsInfo The VMCS info. object.
1854 *
1855 * @remarks No-long-jump zone!!!
1856 */
1857static int vmxHCCopyNstGstToShadowVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
1858{
1859 PVMCC const pVM = pVCpu->CTX_SUFF(pVM);
1860 PCVMXVVMCS const pVmcsNstGst = &pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs;
1861
1862 /*
1863 * Disable interrupts so we don't get preempted while the shadow VMCS is the
1864 * current VMCS, as we may try saving guest lazy MSRs.
1865 *
1866 * Strictly speaking the lazy MSRs are not in the VMCS, but I'd rather not risk
1867 * calling the import VMCS code which is currently performing the guest MSR reads
1868 * (on 64-bit hosts) and accessing the auto-load/store MSR area on 32-bit hosts
1869 * and the rest of the VMX leave session machinery.
1870 */
1871 RTCCUINTREG const fEFlags = ASMIntDisableFlags();
1872
1873 int rc = vmxHCLoadShadowVmcs(pVmcsInfo);
1874 if (RT_SUCCESS(rc))
1875 {
1876 /*
1877 * Copy all guest read/write VMCS fields.
1878 *
1879 * We don't check for VMWRITE failures here for performance reasons and
1880 * because they are not expected to fail, barring irrecoverable conditions
1881 * like hardware errors.
1882 */
1883 uint32_t const cShadowVmcsFields = pVM->hmr0.s.vmx.cShadowVmcsFields;
1884 for (uint32_t i = 0; i < cShadowVmcsFields; i++)
1885 {
1886 uint64_t u64Val;
1887 uint32_t const uVmcsField = pVM->hmr0.s.vmx.paShadowVmcsFields[i];
1888 IEMReadVmxVmcsField(pVmcsNstGst, uVmcsField, &u64Val);
1889 VMX_VMCS_WRITE_64(pVCpu, uVmcsField, u64Val);
1890 }
1891
1892 /*
1893 * If the host CPU supports writing all VMCS fields, copy the guest read-only
1894 * VMCS fields, so the guest can VMREAD them without causing a VM-exit.
1895 */
1896 if (g_HmMsrs.u.vmx.u64Misc & VMX_MISC_VMWRITE_ALL)
1897 {
1898 uint32_t const cShadowVmcsRoFields = pVM->hmr0.s.vmx.cShadowVmcsRoFields;
1899 for (uint32_t i = 0; i < cShadowVmcsRoFields; i++)
1900 {
1901 uint64_t u64Val;
1902 uint32_t const uVmcsField = pVM->hmr0.s.vmx.paShadowVmcsRoFields[i];
1903 IEMReadVmxVmcsField(pVmcsNstGst, uVmcsField, &u64Val);
1904 VMX_VMCS_WRITE_64(pVCpu, uVmcsField, u64Val);
1905 }
1906 }
1907
1908 rc = vmxHCClearShadowVmcs(pVmcsInfo);
1909 rc |= hmR0VmxLoadVmcs(pVmcsInfo);
1910 }
1911
1912 ASMSetFlags(fEFlags);
1913 return rc;
1914}
1915
1916
1917/**
1918 * Copies the shadow VMCS to the nested-guest VMCS.
1919 *
1920 * @returns VBox status code.
1921 * @param pVCpu The cross context virtual CPU structure.
1922 * @param pVmcsInfo The VMCS info. object.
1923 *
1924 * @remarks Called with interrupts disabled.
1925 */
1926static int vmxHCCopyShadowToNstGstVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
1927{
1928 Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
1929 PVMCC const pVM = pVCpu->CTX_SUFF(pVM);
1930 PVMXVVMCS const pVmcsNstGst = &pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs;
1931
1932 int rc = vmxHCLoadShadowVmcs(pVmcsInfo);
1933 if (RT_SUCCESS(rc))
1934 {
1935 /*
1936 * Copy guest read/write fields from the shadow VMCS.
1937 * Guest read-only fields cannot be modified, so no need to copy them.
1938 *
1939 * We don't check for VMREAD failures here for performance reasons and
1940 * because they are not expected to fail, barring irrecoverable conditions
1941 * like hardware errors.
1942 */
1943 uint32_t const cShadowVmcsFields = pVM->hmr0.s.vmx.cShadowVmcsFields;
1944 for (uint32_t i = 0; i < cShadowVmcsFields; i++)
1945 {
1946 uint64_t u64Val;
1947 uint32_t const uVmcsField = pVM->hmr0.s.vmx.paShadowVmcsFields[i];
1948 VMX_VMCS_READ_64(pVCpu, uVmcsField, &u64Val);
1949 IEMWriteVmxVmcsField(pVmcsNstGst, uVmcsField, u64Val);
1950 }
1951
1952 rc = vmxHCClearShadowVmcs(pVmcsInfo);
1953 rc |= hmR0VmxLoadVmcs(pVmcsInfo);
1954 }
1955 return rc;
1956}
1957
1958
1959/**
1960 * Enables VMCS shadowing for the given VMCS info. object.
1961 *
1962 * @param pVCpu The cross context virtual CPU structure.
1963 * @param pVmcsInfo The VMCS info. object.
1964 *
1965 * @remarks No-long-jump zone!!!
1966 */
1967static void vmxHCEnableVmcsShadowing(PCVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
1968{
1969 uint32_t uProcCtls2 = pVmcsInfo->u32ProcCtls2;
1970 if (!(uProcCtls2 & VMX_PROC_CTLS2_VMCS_SHADOWING))
1971 {
1972 Assert(pVmcsInfo->HCPhysShadowVmcs != 0 && pVmcsInfo->HCPhysShadowVmcs != NIL_RTHCPHYS);
1973 uProcCtls2 |= VMX_PROC_CTLS2_VMCS_SHADOWING;
1974 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC2, uProcCtls2); AssertRC(rc);
1975 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_GUEST_VMCS_LINK_PTR_FULL, pVmcsInfo->HCPhysShadowVmcs); AssertRC(rc);
1976 pVmcsInfo->u32ProcCtls2 = uProcCtls2;
1977 pVmcsInfo->u64VmcsLinkPtr = pVmcsInfo->HCPhysShadowVmcs;
1978 Log4Func(("Enabled\n"));
1979 }
1980}
1981
1982
1983/**
1984 * Disables VMCS shadowing for the given VMCS info. object.
1985 *
1986 * @param pVCpu The cross context virtual CPU structure.
1987 * @param pVmcsInfo The VMCS info. object.
1988 *
1989 * @remarks No-long-jump zone!!!
1990 */
1991static void vmxHCDisableVmcsShadowing(PCVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
1992{
1993 /*
1994 * We want all VMREAD and VMWRITE instructions to cause VM-exits, so we clear the
1995 * VMCS shadowing control. However, VM-entry requires the shadow VMCS indicator bit
1996 * to match the VMCS shadowing control if the VMCS link pointer is not NIL_RTHCPHYS.
1997 * Hence, we must also reset the VMCS link pointer to ensure VM-entry does not fail.
1998 *
1999 * See Intel spec. 26.2.1.1 "VM-Execution Control Fields".
2000 * See Intel spec. 26.3.1.5 "Checks on Guest Non-Register State".
2001 */
2002 uint32_t uProcCtls2 = pVmcsInfo->u32ProcCtls2;
2003 if (uProcCtls2 & VMX_PROC_CTLS2_VMCS_SHADOWING)
2004 {
2005 uProcCtls2 &= ~VMX_PROC_CTLS2_VMCS_SHADOWING;
2006 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC2, uProcCtls2); AssertRC(rc);
2007 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_GUEST_VMCS_LINK_PTR_FULL, NIL_RTHCPHYS); AssertRC(rc);
2008 pVmcsInfo->u32ProcCtls2 = uProcCtls2;
2009 pVmcsInfo->u64VmcsLinkPtr = NIL_RTHCPHYS;
2010 Log4Func(("Disabled\n"));
2011 }
2012}
2013#endif
2014
2015
2016/**
2017 * Exports the guest CR0 control register into the guest-state area in the VMCS.
2018 *
2019 * The guest FPU state is always pre-loaded hence we don't need to bother about
2020 * sharing FPU related CR0 bits between the guest and host.
2021 *
2022 * @returns VBox status code.
2023 * @param pVCpu The cross context virtual CPU structure.
2024 * @param pVmxTransient The VMX-transient structure.
2025 *
2026 * @remarks No-long-jump zone!!!
2027 */
2028static int vmxHCExportGuestCR0(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
2029{
2030 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_CR0)
2031 {
2032 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
2033 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
2034
2035 uint64_t fSetCr0 = g_HmMsrs.u.vmx.u64Cr0Fixed0;
2036 uint64_t const fZapCr0 = g_HmMsrs.u.vmx.u64Cr0Fixed1;
2037 if (VM_IS_VMX_UNRESTRICTED_GUEST(pVM))
2038 fSetCr0 &= ~(uint64_t)(X86_CR0_PE | X86_CR0_PG);
2039 else
2040 Assert((fSetCr0 & (X86_CR0_PE | X86_CR0_PG)) == (X86_CR0_PE | X86_CR0_PG));
2041
2042 if (!pVmxTransient->fIsNestedGuest)
2043 {
2044 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR0);
2045 uint64_t u64GuestCr0 = pVCpu->cpum.GstCtx.cr0;
2046 uint64_t const u64ShadowCr0 = u64GuestCr0;
2047 Assert(!RT_HI_U32(u64GuestCr0));
2048
2049 /*
2050 * Setup VT-x's view of the guest CR0.
2051 */
2052 uint32_t uProcCtls = pVmcsInfo->u32ProcCtls;
2053 if (VM_IS_VMX_NESTED_PAGING(pVM))
2054 {
2055#ifndef HMVMX_ALWAYS_INTERCEPT_CR3_ACCESS
2056 if (CPUMIsGuestPagingEnabled(pVCpu))
2057 {
2058 /* The guest has paging enabled, let it access CR3 without causing a VM-exit if supported. */
2059 uProcCtls &= ~( VMX_PROC_CTLS_CR3_LOAD_EXIT
2060 | VMX_PROC_CTLS_CR3_STORE_EXIT);
2061 }
2062 else
2063 {
2064 /* The guest doesn't have paging enabled, make CR3 access cause a VM-exit to update our shadow. */
2065 uProcCtls |= VMX_PROC_CTLS_CR3_LOAD_EXIT
2066 | VMX_PROC_CTLS_CR3_STORE_EXIT;
2067 }
2068
2069 /* If we have unrestricted guest execution, we never have to intercept CR3 reads. */
2070 if (VM_IS_VMX_UNRESTRICTED_GUEST(pVM))
2071 uProcCtls &= ~VMX_PROC_CTLS_CR3_STORE_EXIT;
2072#endif
2073 }
2074 else
2075 {
2076 /* Guest CPL 0 writes to its read-only pages should cause a #PF VM-exit. */
2077 u64GuestCr0 |= X86_CR0_WP;
2078 }
2079
2080 /*
2081 * Guest FPU bits.
2082 *
2083 * Since we pre-load the guest FPU always before VM-entry there is no need to track lazy state
2084 * using CR0.TS.
2085 *
2086 * Intel spec. 23.8 "Restrictions on VMX operation" mentions that CR0.NE bit must always be
2087 * set on the first CPUs to support VT-x and no mention of with regards to UX in VM-entry checks.
2088 */
2089 u64GuestCr0 |= X86_CR0_NE;
2090
2091 /* If CR0.NE isn't set, we need to intercept #MF exceptions and report them to the guest differently. */
2092 bool const fInterceptMF = !(u64ShadowCr0 & X86_CR0_NE);
2093
2094 /*
2095 * Update exception intercepts.
2096 */
2097 uint32_t uXcptBitmap = pVmcsInfo->u32XcptBitmap;
2098#ifndef IN_NEM_DARWIN
2099 if (pVmcsInfo->pShared->RealMode.fRealOnV86Active)
2100 {
2101 Assert(PDMVmmDevHeapIsEnabled(pVM));
2102 Assert(pVM->hm.s.vmx.pRealModeTSS);
2103 uXcptBitmap |= HMVMX_REAL_MODE_XCPT_MASK;
2104 }
2105 else
2106#endif
2107 {
2108 /* For now, cleared here as mode-switches can happen outside HM/VT-x. See @bugref{7626#c11}. */
2109 uXcptBitmap &= ~HMVMX_REAL_MODE_XCPT_MASK;
2110 if (fInterceptMF)
2111 uXcptBitmap |= RT_BIT(X86_XCPT_MF);
2112 }
2113
2114 /* Additional intercepts for debugging, define these yourself explicitly. */
2115#ifdef HMVMX_ALWAYS_TRAP_ALL_XCPTS
2116 uXcptBitmap |= 0
2117 | RT_BIT(X86_XCPT_BP)
2118 | RT_BIT(X86_XCPT_DE)
2119 | RT_BIT(X86_XCPT_NM)
2120 | RT_BIT(X86_XCPT_TS)
2121 | RT_BIT(X86_XCPT_UD)
2122 | RT_BIT(X86_XCPT_NP)
2123 | RT_BIT(X86_XCPT_SS)
2124 | RT_BIT(X86_XCPT_GP)
2125 | RT_BIT(X86_XCPT_PF)
2126 | RT_BIT(X86_XCPT_MF)
2127 ;
2128#elif defined(HMVMX_ALWAYS_TRAP_PF)
2129 uXcptBitmap |= RT_BIT(X86_XCPT_PF);
2130#endif
2131 if (VCPU_2_VMXSTATE(pVCpu).fTrapXcptGpForLovelyMesaDrv)
2132 uXcptBitmap |= RT_BIT(X86_XCPT_GP);
2133 if (VCPU_2_VMXSTATE(pVCpu).fGCMTrapXcptDE)
2134 uXcptBitmap |= RT_BIT(X86_XCPT_DE);
2135 Assert(VM_IS_VMX_NESTED_PAGING(pVM) || (uXcptBitmap & RT_BIT(X86_XCPT_PF)));
2136
2137 /* Apply the hardware specified CR0 fixed bits and enable caching. */
2138 u64GuestCr0 |= fSetCr0;
2139 u64GuestCr0 &= fZapCr0;
2140 u64GuestCr0 &= ~(uint64_t)(X86_CR0_CD | X86_CR0_NW);
2141
2142 Assert(!RT_HI_U32(u64GuestCr0));
2143 Assert(u64GuestCr0 & X86_CR0_NE);
2144
2145 /* Commit the CR0 and related fields to the guest VMCS. */
2146 int rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_CR0, u64GuestCr0); AssertRC(rc);
2147 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_CTRL_CR0_READ_SHADOW, u64ShadowCr0); AssertRC(rc);
2148 if (uProcCtls != pVmcsInfo->u32ProcCtls)
2149 {
2150 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, uProcCtls);
2151 AssertRC(rc);
2152 }
2153 if (uXcptBitmap != pVmcsInfo->u32XcptBitmap)
2154 {
2155 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_EXCEPTION_BITMAP, uXcptBitmap);
2156 AssertRC(rc);
2157 }
2158
2159 /* Update our caches. */
2160 pVmcsInfo->u32ProcCtls = uProcCtls;
2161 pVmcsInfo->u32XcptBitmap = uXcptBitmap;
2162
2163 Log4Func(("cr0=%#RX64 shadow=%#RX64 set=%#RX64 zap=%#RX64\n", u64GuestCr0, u64ShadowCr0, fSetCr0, fZapCr0));
2164 }
2165 else
2166 {
2167 /*
2168 * With nested-guests, we may have extended the guest/host mask here since we
2169 * merged in the outer guest's mask. Thus, the merged mask can include more bits
2170 * (to read from the nested-guest CR0 read-shadow) than the nested hypervisor
2171 * originally supplied. We must copy those bits from the nested-guest CR0 into
2172 * the nested-guest CR0 read-shadow.
2173 */
2174 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR0);
2175 uint64_t u64GuestCr0 = pVCpu->cpum.GstCtx.cr0;
2176 uint64_t const u64ShadowCr0 = CPUMGetGuestVmxMaskedCr0(&pVCpu->cpum.GstCtx, pVmcsInfo->u64Cr0Mask);
2177
2178 /* Apply the hardware specified CR0 fixed bits and enable caching. */
2179 u64GuestCr0 |= fSetCr0;
2180 u64GuestCr0 &= fZapCr0;
2181 u64GuestCr0 &= ~(uint64_t)(X86_CR0_CD | X86_CR0_NW);
2182
2183 Assert(!RT_HI_U32(u64GuestCr0));
2184 Assert(u64GuestCr0 & X86_CR0_NE);
2185
2186 /* Commit the CR0 and CR0 read-shadow to the nested-guest VMCS. */
2187 int rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_CR0, u64GuestCr0); AssertRC(rc);
2188 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_CTRL_CR0_READ_SHADOW, u64ShadowCr0); AssertRC(rc);
2189
2190 Log4Func(("cr0=%#RX64 shadow=%#RX64 vmcs_read_shw=%#RX64 (set=%#RX64 zap=%#RX64)\n", u64GuestCr0, u64ShadowCr0,
2191 pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs.u64Cr0ReadShadow.u, fSetCr0, fZapCr0));
2192 }
2193
2194 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_CR0);
2195 }
2196
2197 return VINF_SUCCESS;
2198}
2199
2200
2201/**
2202 * Exports the guest control registers (CR3, CR4) into the guest-state area
2203 * in the VMCS.
2204 *
2205 * @returns VBox strict status code.
2206 * @retval VINF_EM_RESCHEDULE_REM if we try to emulate non-paged guest code
2207 * without unrestricted guest access and the VMMDev is not presently
2208 * mapped (e.g. EFI32).
2209 *
2210 * @param pVCpu The cross context virtual CPU structure.
2211 * @param pVmxTransient The VMX-transient structure.
2212 *
2213 * @remarks No-long-jump zone!!!
2214 */
2215static VBOXSTRICTRC vmxHCExportGuestCR3AndCR4(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
2216{
2217 int rc = VINF_SUCCESS;
2218 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
2219
2220 /*
2221 * Guest CR2.
2222 * It's always loaded in the assembler code. Nothing to do here.
2223 */
2224
2225 /*
2226 * Guest CR3.
2227 */
2228 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_CR3)
2229 {
2230 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR3);
2231
2232 if (VM_IS_VMX_NESTED_PAGING(pVM))
2233 {
2234#ifndef IN_NEM_DARWIN
2235 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
2236 pVmcsInfo->HCPhysEPTP = PGMGetHyperCR3(pVCpu);
2237
2238 /* Validate. See Intel spec. 28.2.2 "EPT Translation Mechanism" and 24.6.11 "Extended-Page-Table Pointer (EPTP)" */
2239 Assert(pVmcsInfo->HCPhysEPTP != NIL_RTHCPHYS);
2240 Assert(!(pVmcsInfo->HCPhysEPTP & UINT64_C(0xfff0000000000000)));
2241 Assert(!(pVmcsInfo->HCPhysEPTP & 0xfff));
2242
2243 /* VMX_EPT_MEMTYPE_WB support is already checked in vmxHCSetupTaggedTlb(). */
2244 pVmcsInfo->HCPhysEPTP |= RT_BF_MAKE(VMX_BF_EPTP_MEMTYPE, VMX_EPTP_MEMTYPE_WB)
2245 | RT_BF_MAKE(VMX_BF_EPTP_PAGE_WALK_LENGTH, VMX_EPTP_PAGE_WALK_LENGTH_4);
2246
2247 /* Validate. See Intel spec. 26.2.1 "Checks on VMX Controls" */
2248 AssertMsg( ((pVmcsInfo->HCPhysEPTP >> 3) & 0x07) == 3 /* Bits 3:5 (EPT page walk length - 1) must be 3. */
2249 && ((pVmcsInfo->HCPhysEPTP >> 7) & 0x1f) == 0, /* Bits 7:11 MBZ. */
2250 ("EPTP %#RX64\n", pVmcsInfo->HCPhysEPTP));
2251 AssertMsg( !((pVmcsInfo->HCPhysEPTP >> 6) & 0x01) /* Bit 6 (EPT accessed & dirty bit). */
2252 || (g_HmMsrs.u.vmx.u64EptVpidCaps & MSR_IA32_VMX_EPT_VPID_CAP_ACCESS_DIRTY),
2253 ("EPTP accessed/dirty bit not supported by CPU but set %#RX64\n", pVmcsInfo->HCPhysEPTP));
2254
2255 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_CTRL_EPTP_FULL, pVmcsInfo->HCPhysEPTP);
2256 AssertRC(rc);
2257#endif
2258
2259 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
2260 uint64_t u64GuestCr3 = pCtx->cr3;
2261 if ( VM_IS_VMX_UNRESTRICTED_GUEST(pVM)
2262 || CPUMIsGuestPagingEnabledEx(pCtx))
2263 {
2264 /* If the guest is in PAE mode, pass the PDPEs to VT-x using the VMCS fields. */
2265 if (CPUMIsGuestInPAEModeEx(pCtx))
2266 {
2267 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_GUEST_PDPTE0_FULL, pCtx->aPaePdpes[0].u); AssertRC(rc);
2268 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_GUEST_PDPTE1_FULL, pCtx->aPaePdpes[1].u); AssertRC(rc);
2269 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_GUEST_PDPTE2_FULL, pCtx->aPaePdpes[2].u); AssertRC(rc);
2270 rc = VMX_VMCS_WRITE_64(pVCpu, VMX_VMCS64_GUEST_PDPTE3_FULL, pCtx->aPaePdpes[3].u); AssertRC(rc);
2271 }
2272
2273 /*
2274 * The guest's view of its CR3 is unblemished with nested paging when the
2275 * guest is using paging or we have unrestricted guest execution to handle
2276 * the guest when it's not using paging.
2277 */
2278 }
2279#ifndef IN_NEM_DARWIN
2280 else
2281 {
2282 /*
2283 * The guest is not using paging, but the CPU (VT-x) has to. While the guest
2284 * thinks it accesses physical memory directly, we use our identity-mapped
2285 * page table to map guest-linear to guest-physical addresses. EPT takes care
2286 * of translating it to host-physical addresses.
2287 */
2288 RTGCPHYS GCPhys;
2289 Assert(pVM->hm.s.vmx.pNonPagingModeEPTPageTable);
2290
2291 /* We obtain it here every time as the guest could have relocated this PCI region. */
2292 rc = PDMVmmDevHeapR3ToGCPhys(pVM, pVM->hm.s.vmx.pNonPagingModeEPTPageTable, &GCPhys);
2293 if (RT_SUCCESS(rc))
2294 { /* likely */ }
2295 else if (rc == VERR_PDM_DEV_HEAP_R3_TO_GCPHYS)
2296 {
2297 Log4Func(("VERR_PDM_DEV_HEAP_R3_TO_GCPHYS -> VINF_EM_RESCHEDULE_REM\n"));
2298 return VINF_EM_RESCHEDULE_REM; /* We cannot execute now, switch to REM/IEM till the guest maps in VMMDev. */
2299 }
2300 else
2301 AssertMsgFailedReturn(("%Rrc\n", rc), rc);
2302
2303 u64GuestCr3 = GCPhys;
2304 }
2305#endif
2306
2307 Log4Func(("guest_cr3=%#RX64 (GstN)\n", u64GuestCr3));
2308 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_CR3, u64GuestCr3);
2309 AssertRC(rc);
2310 }
2311 else
2312 {
2313 Assert(!pVmxTransient->fIsNestedGuest);
2314 /* Non-nested paging case, just use the hypervisor's CR3. */
2315 RTHCPHYS const HCPhysGuestCr3 = PGMGetHyperCR3(pVCpu);
2316
2317 Log4Func(("guest_cr3=%#RX64 (HstN)\n", HCPhysGuestCr3));
2318 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_CR3, HCPhysGuestCr3);
2319 AssertRC(rc);
2320 }
2321
2322 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_CR3);
2323 }
2324
2325 /*
2326 * Guest CR4.
2327 * ASSUMES this is done everytime we get in from ring-3! (XCR0)
2328 */
2329 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_CR4)
2330 {
2331 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
2332 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
2333
2334 uint64_t const fSetCr4 = g_HmMsrs.u.vmx.u64Cr4Fixed0;
2335 uint64_t const fZapCr4 = g_HmMsrs.u.vmx.u64Cr4Fixed1;
2336
2337 /*
2338 * With nested-guests, we may have extended the guest/host mask here (since we
2339 * merged in the outer guest's mask, see hmR0VmxMergeVmcsNested). This means, the
2340 * mask can include more bits (to read from the nested-guest CR4 read-shadow) than
2341 * the nested hypervisor originally supplied. Thus, we should, in essence, copy
2342 * those bits from the nested-guest CR4 into the nested-guest CR4 read-shadow.
2343 */
2344 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR4);
2345 uint64_t u64GuestCr4 = pCtx->cr4;
2346 uint64_t const u64ShadowCr4 = !pVmxTransient->fIsNestedGuest
2347 ? pCtx->cr4
2348 : CPUMGetGuestVmxMaskedCr4(pCtx, pVmcsInfo->u64Cr4Mask);
2349 Assert(!RT_HI_U32(u64GuestCr4));
2350
2351#ifndef IN_NEM_DARWIN
2352 /*
2353 * Setup VT-x's view of the guest CR4.
2354 *
2355 * If we're emulating real-mode using virtual-8086 mode, we want to redirect software
2356 * interrupts to the 8086 program interrupt handler. Clear the VME bit (the interrupt
2357 * redirection bitmap is already all 0, see hmR3InitFinalizeR0())
2358 *
2359 * See Intel spec. 20.2 "Software Interrupt Handling Methods While in Virtual-8086 Mode".
2360 */
2361 if (pVmcsInfo->pShared->RealMode.fRealOnV86Active)
2362 {
2363 Assert(pVM->hm.s.vmx.pRealModeTSS);
2364 Assert(PDMVmmDevHeapIsEnabled(pVM));
2365 u64GuestCr4 &= ~(uint64_t)X86_CR4_VME;
2366 }
2367#endif
2368
2369 if (VM_IS_VMX_NESTED_PAGING(pVM))
2370 {
2371 if ( !CPUMIsGuestPagingEnabledEx(pCtx)
2372 && !VM_IS_VMX_UNRESTRICTED_GUEST(pVM))
2373 {
2374 /* We use 4 MB pages in our identity mapping page table when the guest doesn't have paging. */
2375 u64GuestCr4 |= X86_CR4_PSE;
2376 /* Our identity mapping is a 32-bit page directory. */
2377 u64GuestCr4 &= ~(uint64_t)X86_CR4_PAE;
2378 }
2379 /* else use guest CR4.*/
2380 }
2381 else
2382 {
2383 Assert(!pVmxTransient->fIsNestedGuest);
2384
2385 /*
2386 * The shadow paging modes and guest paging modes are different, the shadow is in accordance with the host
2387 * paging mode and thus we need to adjust VT-x's view of CR4 depending on our shadow page tables.
2388 */
2389 switch (VCPU_2_VMXSTATE(pVCpu).enmShadowMode)
2390 {
2391 case PGMMODE_REAL: /* Real-mode. */
2392 case PGMMODE_PROTECTED: /* Protected mode without paging. */
2393 case PGMMODE_32_BIT: /* 32-bit paging. */
2394 {
2395 u64GuestCr4 &= ~(uint64_t)X86_CR4_PAE;
2396 break;
2397 }
2398
2399 case PGMMODE_PAE: /* PAE paging. */
2400 case PGMMODE_PAE_NX: /* PAE paging with NX. */
2401 {
2402 u64GuestCr4 |= X86_CR4_PAE;
2403 break;
2404 }
2405
2406 case PGMMODE_AMD64: /* 64-bit AMD paging (long mode). */
2407 case PGMMODE_AMD64_NX: /* 64-bit AMD paging (long mode) with NX enabled. */
2408 {
2409#ifdef VBOX_WITH_64_BITS_GUESTS
2410 /* For our assumption in vmxHCShouldSwapEferMsr. */
2411 Assert(u64GuestCr4 & X86_CR4_PAE);
2412 break;
2413#endif
2414 }
2415 default:
2416 AssertFailed();
2417 return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
2418 }
2419 }
2420
2421 /* Apply the hardware specified CR4 fixed bits (mainly CR4.VMXE). */
2422 u64GuestCr4 |= fSetCr4;
2423 u64GuestCr4 &= fZapCr4;
2424
2425 Assert(!RT_HI_U32(u64GuestCr4));
2426 Assert(u64GuestCr4 & X86_CR4_VMXE);
2427
2428 /* Commit the CR4 and CR4 read-shadow to the guest VMCS. */
2429 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_CR4, u64GuestCr4); AssertRC(rc);
2430 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_CTRL_CR4_READ_SHADOW, u64ShadowCr4); AssertRC(rc);
2431
2432#ifndef IN_NEM_DARWIN
2433 /* Whether to save/load/restore XCR0 during world switch depends on CR4.OSXSAVE and host+guest XCR0. */
2434 bool const fLoadSaveGuestXcr0 = (pCtx->cr4 & X86_CR4_OSXSAVE) && pCtx->aXcr[0] != ASMGetXcr0();
2435 if (fLoadSaveGuestXcr0 != pVCpu->hmr0.s.fLoadSaveGuestXcr0)
2436 {
2437 pVCpu->hmr0.s.fLoadSaveGuestXcr0 = fLoadSaveGuestXcr0;
2438 hmR0VmxUpdateStartVmFunction(pVCpu);
2439 }
2440#endif
2441
2442 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_CR4);
2443
2444 Log4Func(("cr4=%#RX64 shadow=%#RX64 (set=%#RX64 zap=%#RX64)\n", u64GuestCr4, u64ShadowCr4, fSetCr4, fZapCr4));
2445 }
2446 return rc;
2447}
2448
2449
2450#ifdef VBOX_STRICT
2451/**
2452 * Strict function to validate segment registers.
2453 *
2454 * @param pVCpu The cross context virtual CPU structure.
2455 * @param pVmcsInfo The VMCS info. object.
2456 *
2457 * @remarks Will import guest CR0 on strict builds during validation of
2458 * segments.
2459 */
2460static void vmxHCValidateSegmentRegs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
2461{
2462 /*
2463 * Validate segment registers. See Intel spec. 26.3.1.2 "Checks on Guest Segment Registers".
2464 *
2465 * The reason we check for attribute value 0 in this function and not just the unusable bit is
2466 * because vmxHCExportGuestSegReg() only updates the VMCS' copy of the value with the
2467 * unusable bit and doesn't change the guest-context value.
2468 */
2469 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
2470 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
2471 vmxHCImportGuestStateEx(pVCpu, pVmcsInfo, CPUMCTX_EXTRN_CR0);
2472 if ( !VM_IS_VMX_UNRESTRICTED_GUEST(pVM)
2473 && ( !CPUMIsGuestInRealModeEx(pCtx)
2474 && !CPUMIsGuestInV86ModeEx(pCtx)))
2475 {
2476 /* Protected mode checks */
2477 /* CS */
2478 Assert(pCtx->cs.Attr.n.u1Present);
2479 Assert(!(pCtx->cs.Attr.u & 0xf00));
2480 Assert(!(pCtx->cs.Attr.u & 0xfffe0000));
2481 Assert( (pCtx->cs.u32Limit & 0xfff) == 0xfff
2482 || !(pCtx->cs.Attr.n.u1Granularity));
2483 Assert( !(pCtx->cs.u32Limit & 0xfff00000)
2484 || (pCtx->cs.Attr.n.u1Granularity));
2485 /* CS cannot be loaded with NULL in protected mode. */
2486 Assert(pCtx->cs.Attr.u && !(pCtx->cs.Attr.u & X86DESCATTR_UNUSABLE)); /** @todo is this really true even for 64-bit CS? */
2487 if (pCtx->cs.Attr.n.u4Type == 9 || pCtx->cs.Attr.n.u4Type == 11)
2488 Assert(pCtx->cs.Attr.n.u2Dpl == pCtx->ss.Attr.n.u2Dpl);
2489 else if (pCtx->cs.Attr.n.u4Type == 13 || pCtx->cs.Attr.n.u4Type == 15)
2490 Assert(pCtx->cs.Attr.n.u2Dpl <= pCtx->ss.Attr.n.u2Dpl);
2491 else
2492 AssertMsgFailed(("Invalid CS Type %#x\n", pCtx->cs.Attr.n.u2Dpl));
2493 /* SS */
2494 Assert((pCtx->ss.Sel & X86_SEL_RPL) == (pCtx->cs.Sel & X86_SEL_RPL));
2495 Assert(pCtx->ss.Attr.n.u2Dpl == (pCtx->ss.Sel & X86_SEL_RPL));
2496 if ( !(pCtx->cr0 & X86_CR0_PE)
2497 || pCtx->cs.Attr.n.u4Type == 3)
2498 {
2499 Assert(!pCtx->ss.Attr.n.u2Dpl);
2500 }
2501 if (pCtx->ss.Attr.u && !(pCtx->ss.Attr.u & X86DESCATTR_UNUSABLE))
2502 {
2503 Assert((pCtx->ss.Sel & X86_SEL_RPL) == (pCtx->cs.Sel & X86_SEL_RPL));
2504 Assert(pCtx->ss.Attr.n.u4Type == 3 || pCtx->ss.Attr.n.u4Type == 7);
2505 Assert(pCtx->ss.Attr.n.u1Present);
2506 Assert(!(pCtx->ss.Attr.u & 0xf00));
2507 Assert(!(pCtx->ss.Attr.u & 0xfffe0000));
2508 Assert( (pCtx->ss.u32Limit & 0xfff) == 0xfff
2509 || !(pCtx->ss.Attr.n.u1Granularity));
2510 Assert( !(pCtx->ss.u32Limit & 0xfff00000)
2511 || (pCtx->ss.Attr.n.u1Granularity));
2512 }
2513 /* DS, ES, FS, GS - only check for usable selectors, see vmxHCExportGuestSegReg(). */
2514 if (pCtx->ds.Attr.u && !(pCtx->ds.Attr.u & X86DESCATTR_UNUSABLE))
2515 {
2516 Assert(pCtx->ds.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED);
2517 Assert(pCtx->ds.Attr.n.u1Present);
2518 Assert(pCtx->ds.Attr.n.u4Type > 11 || pCtx->ds.Attr.n.u2Dpl >= (pCtx->ds.Sel & X86_SEL_RPL));
2519 Assert(!(pCtx->ds.Attr.u & 0xf00));
2520 Assert(!(pCtx->ds.Attr.u & 0xfffe0000));
2521 Assert( (pCtx->ds.u32Limit & 0xfff) == 0xfff
2522 || !(pCtx->ds.Attr.n.u1Granularity));
2523 Assert( !(pCtx->ds.u32Limit & 0xfff00000)
2524 || (pCtx->ds.Attr.n.u1Granularity));
2525 Assert( !(pCtx->ds.Attr.n.u4Type & X86_SEL_TYPE_CODE)
2526 || (pCtx->ds.Attr.n.u4Type & X86_SEL_TYPE_READ));
2527 }
2528 if (pCtx->es.Attr.u && !(pCtx->es.Attr.u & X86DESCATTR_UNUSABLE))
2529 {
2530 Assert(pCtx->es.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED);
2531 Assert(pCtx->es.Attr.n.u1Present);
2532 Assert(pCtx->es.Attr.n.u4Type > 11 || pCtx->es.Attr.n.u2Dpl >= (pCtx->es.Sel & X86_SEL_RPL));
2533 Assert(!(pCtx->es.Attr.u & 0xf00));
2534 Assert(!(pCtx->es.Attr.u & 0xfffe0000));
2535 Assert( (pCtx->es.u32Limit & 0xfff) == 0xfff
2536 || !(pCtx->es.Attr.n.u1Granularity));
2537 Assert( !(pCtx->es.u32Limit & 0xfff00000)
2538 || (pCtx->es.Attr.n.u1Granularity));
2539 Assert( !(pCtx->es.Attr.n.u4Type & X86_SEL_TYPE_CODE)
2540 || (pCtx->es.Attr.n.u4Type & X86_SEL_TYPE_READ));
2541 }
2542 if (pCtx->fs.Attr.u && !(pCtx->fs.Attr.u & X86DESCATTR_UNUSABLE))
2543 {
2544 Assert(pCtx->fs.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED);
2545 Assert(pCtx->fs.Attr.n.u1Present);
2546 Assert(pCtx->fs.Attr.n.u4Type > 11 || pCtx->fs.Attr.n.u2Dpl >= (pCtx->fs.Sel & X86_SEL_RPL));
2547 Assert(!(pCtx->fs.Attr.u & 0xf00));
2548 Assert(!(pCtx->fs.Attr.u & 0xfffe0000));
2549 Assert( (pCtx->fs.u32Limit & 0xfff) == 0xfff
2550 || !(pCtx->fs.Attr.n.u1Granularity));
2551 Assert( !(pCtx->fs.u32Limit & 0xfff00000)
2552 || (pCtx->fs.Attr.n.u1Granularity));
2553 Assert( !(pCtx->fs.Attr.n.u4Type & X86_SEL_TYPE_CODE)
2554 || (pCtx->fs.Attr.n.u4Type & X86_SEL_TYPE_READ));
2555 }
2556 if (pCtx->gs.Attr.u && !(pCtx->gs.Attr.u & X86DESCATTR_UNUSABLE))
2557 {
2558 Assert(pCtx->gs.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED);
2559 Assert(pCtx->gs.Attr.n.u1Present);
2560 Assert(pCtx->gs.Attr.n.u4Type > 11 || pCtx->gs.Attr.n.u2Dpl >= (pCtx->gs.Sel & X86_SEL_RPL));
2561 Assert(!(pCtx->gs.Attr.u & 0xf00));
2562 Assert(!(pCtx->gs.Attr.u & 0xfffe0000));
2563 Assert( (pCtx->gs.u32Limit & 0xfff) == 0xfff
2564 || !(pCtx->gs.Attr.n.u1Granularity));
2565 Assert( !(pCtx->gs.u32Limit & 0xfff00000)
2566 || (pCtx->gs.Attr.n.u1Granularity));
2567 Assert( !(pCtx->gs.Attr.n.u4Type & X86_SEL_TYPE_CODE)
2568 || (pCtx->gs.Attr.n.u4Type & X86_SEL_TYPE_READ));
2569 }
2570 /* 64-bit capable CPUs. */
2571 Assert(!RT_HI_U32(pCtx->cs.u64Base));
2572 Assert(!pCtx->ss.Attr.u || !RT_HI_U32(pCtx->ss.u64Base));
2573 Assert(!pCtx->ds.Attr.u || !RT_HI_U32(pCtx->ds.u64Base));
2574 Assert(!pCtx->es.Attr.u || !RT_HI_U32(pCtx->es.u64Base));
2575 }
2576 else if ( CPUMIsGuestInV86ModeEx(pCtx)
2577 || ( CPUMIsGuestInRealModeEx(pCtx)
2578 && !VM_IS_VMX_UNRESTRICTED_GUEST(pVM)))
2579 {
2580 /* Real and v86 mode checks. */
2581 /* vmxHCExportGuestSegReg() writes the modified in VMCS. We want what we're feeding to VT-x. */
2582 uint32_t u32CSAttr, u32SSAttr, u32DSAttr, u32ESAttr, u32FSAttr, u32GSAttr;
2583#ifndef IN_NEM_DARWIN
2584 if (pVmcsInfo->pShared->RealMode.fRealOnV86Active)
2585 {
2586 u32CSAttr = 0xf3; u32SSAttr = 0xf3; u32DSAttr = 0xf3;
2587 u32ESAttr = 0xf3; u32FSAttr = 0xf3; u32GSAttr = 0xf3;
2588 }
2589 else
2590#endif
2591 {
2592 u32CSAttr = pCtx->cs.Attr.u; u32SSAttr = pCtx->ss.Attr.u; u32DSAttr = pCtx->ds.Attr.u;
2593 u32ESAttr = pCtx->es.Attr.u; u32FSAttr = pCtx->fs.Attr.u; u32GSAttr = pCtx->gs.Attr.u;
2594 }
2595
2596 /* CS */
2597 AssertMsg((pCtx->cs.u64Base == (uint64_t)pCtx->cs.Sel << 4), ("CS base %#x %#x\n", pCtx->cs.u64Base, pCtx->cs.Sel));
2598 Assert(pCtx->cs.u32Limit == 0xffff);
2599 AssertMsg(u32CSAttr == 0xf3, ("cs=%#x %#x ", pCtx->cs.Sel, u32CSAttr));
2600 /* SS */
2601 Assert(pCtx->ss.u64Base == (uint64_t)pCtx->ss.Sel << 4);
2602 Assert(pCtx->ss.u32Limit == 0xffff);
2603 Assert(u32SSAttr == 0xf3);
2604 /* DS */
2605 Assert(pCtx->ds.u64Base == (uint64_t)pCtx->ds.Sel << 4);
2606 Assert(pCtx->ds.u32Limit == 0xffff);
2607 Assert(u32DSAttr == 0xf3);
2608 /* ES */
2609 Assert(pCtx->es.u64Base == (uint64_t)pCtx->es.Sel << 4);
2610 Assert(pCtx->es.u32Limit == 0xffff);
2611 Assert(u32ESAttr == 0xf3);
2612 /* FS */
2613 Assert(pCtx->fs.u64Base == (uint64_t)pCtx->fs.Sel << 4);
2614 Assert(pCtx->fs.u32Limit == 0xffff);
2615 Assert(u32FSAttr == 0xf3);
2616 /* GS */
2617 Assert(pCtx->gs.u64Base == (uint64_t)pCtx->gs.Sel << 4);
2618 Assert(pCtx->gs.u32Limit == 0xffff);
2619 Assert(u32GSAttr == 0xf3);
2620 /* 64-bit capable CPUs. */
2621 Assert(!RT_HI_U32(pCtx->cs.u64Base));
2622 Assert(!u32SSAttr || !RT_HI_U32(pCtx->ss.u64Base));
2623 Assert(!u32DSAttr || !RT_HI_U32(pCtx->ds.u64Base));
2624 Assert(!u32ESAttr || !RT_HI_U32(pCtx->es.u64Base));
2625 }
2626}
2627#endif /* VBOX_STRICT */
2628
2629
2630/**
2631 * Exports a guest segment register into the guest-state area in the VMCS.
2632 *
2633 * @returns VBox status code.
2634 * @param pVCpu The cross context virtual CPU structure.
2635 * @param pVmcsInfo The VMCS info. object.
2636 * @param iSegReg The segment register number (X86_SREG_XXX).
2637 * @param pSelReg Pointer to the segment selector.
2638 *
2639 * @remarks No-long-jump zone!!!
2640 */
2641static int vmxHCExportGuestSegReg(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo, uint32_t iSegReg, PCCPUMSELREG pSelReg)
2642{
2643 Assert(iSegReg < X86_SREG_COUNT);
2644
2645 uint32_t u32Access = pSelReg->Attr.u;
2646#ifndef IN_NEM_DARWIN
2647 if (!pVmcsInfo->pShared->RealMode.fRealOnV86Active)
2648#endif
2649 {
2650 /*
2651 * The way to differentiate between whether this is really a null selector or was just
2652 * a selector loaded with 0 in real-mode is using the segment attributes. A selector
2653 * loaded in real-mode with the value 0 is valid and usable in protected-mode and we
2654 * should -not- mark it as an unusable segment. Both the recompiler & VT-x ensures
2655 * NULL selectors loaded in protected-mode have their attribute as 0.
2656 */
2657 if (u32Access)
2658 { }
2659 else
2660 u32Access = X86DESCATTR_UNUSABLE;
2661 }
2662#ifndef IN_NEM_DARWIN
2663 else
2664 {
2665 /* VT-x requires our real-using-v86 mode hack to override the segment access-right bits. */
2666 u32Access = 0xf3;
2667 Assert(pVCpu->CTX_SUFF(pVM)->hm.s.vmx.pRealModeTSS);
2668 Assert(PDMVmmDevHeapIsEnabled(pVCpu->CTX_SUFF(pVM)));
2669 RT_NOREF_PV(pVCpu);
2670 }
2671#else
2672 RT_NOREF(pVmcsInfo);
2673#endif
2674
2675 /* Validate segment access rights. Refer to Intel spec. "26.3.1.2 Checks on Guest Segment Registers". */
2676 AssertMsg((u32Access & X86DESCATTR_UNUSABLE) || (u32Access & X86_SEL_TYPE_ACCESSED),
2677 ("Access bit not set for usable segment. %.2s sel=%#x attr %#x\n", "ESCSSSDSFSGS" + iSegReg * 2, pSelReg, pSelReg->Attr.u));
2678
2679 /*
2680 * Commit it to the VMCS.
2681 */
2682 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS16_GUEST_SEG_SEL(iSegReg), pSelReg->Sel); AssertRC(rc);
2683 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_SEG_LIMIT(iSegReg), pSelReg->u32Limit); AssertRC(rc);
2684 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_SEG_BASE(iSegReg), pSelReg->u64Base); AssertRC(rc);
2685 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_SEG_ACCESS_RIGHTS(iSegReg), u32Access); AssertRC(rc);
2686 return VINF_SUCCESS;
2687}
2688
2689
2690/**
2691 * Exports the guest segment registers, GDTR, IDTR, LDTR, TR into the guest-state
2692 * area in the VMCS.
2693 *
2694 * @returns VBox status code.
2695 * @param pVCpu The cross context virtual CPU structure.
2696 * @param pVmxTransient The VMX-transient structure.
2697 *
2698 * @remarks Will import guest CR0 on strict builds during validation of
2699 * segments.
2700 * @remarks No-long-jump zone!!!
2701 */
2702static int vmxHCExportGuestSegRegsXdtr(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient)
2703{
2704 int rc = VERR_INTERNAL_ERROR_5;
2705#ifndef IN_NEM_DARWIN
2706 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
2707#endif
2708 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
2709 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
2710#ifndef IN_NEM_DARWIN
2711 PVMXVMCSINFOSHARED pVmcsInfoShared = pVmcsInfo->pShared;
2712#endif
2713
2714 /*
2715 * Guest Segment registers: CS, SS, DS, ES, FS, GS.
2716 */
2717 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_SREG_MASK)
2718 {
2719 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_CS)
2720 {
2721 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CS);
2722#ifndef IN_NEM_DARWIN
2723 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
2724 pVmcsInfoShared->RealMode.AttrCS.u = pCtx->cs.Attr.u;
2725#endif
2726 rc = vmxHCExportGuestSegReg(pVCpu, pVmcsInfo, X86_SREG_CS, &pCtx->cs);
2727 AssertRC(rc);
2728 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_CS);
2729 }
2730
2731 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_SS)
2732 {
2733 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SS);
2734#ifndef IN_NEM_DARWIN
2735 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
2736 pVmcsInfoShared->RealMode.AttrSS.u = pCtx->ss.Attr.u;
2737#endif
2738 rc = vmxHCExportGuestSegReg(pVCpu, pVmcsInfo, X86_SREG_SS, &pCtx->ss);
2739 AssertRC(rc);
2740 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_SS);
2741 }
2742
2743 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_DS)
2744 {
2745 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_DS);
2746#ifndef IN_NEM_DARWIN
2747 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
2748 pVmcsInfoShared->RealMode.AttrDS.u = pCtx->ds.Attr.u;
2749#endif
2750 rc = vmxHCExportGuestSegReg(pVCpu, pVmcsInfo, X86_SREG_DS, &pCtx->ds);
2751 AssertRC(rc);
2752 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_DS);
2753 }
2754
2755 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_ES)
2756 {
2757 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_ES);
2758#ifndef IN_NEM_DARWIN
2759 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
2760 pVmcsInfoShared->RealMode.AttrES.u = pCtx->es.Attr.u;
2761#endif
2762 rc = vmxHCExportGuestSegReg(pVCpu, pVmcsInfo, X86_SREG_ES, &pCtx->es);
2763 AssertRC(rc);
2764 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_ES);
2765 }
2766
2767 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_FS)
2768 {
2769 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_FS);
2770#ifndef IN_NEM_DARWIN
2771 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
2772 pVmcsInfoShared->RealMode.AttrFS.u = pCtx->fs.Attr.u;
2773#endif
2774 rc = vmxHCExportGuestSegReg(pVCpu, pVmcsInfo, X86_SREG_FS, &pCtx->fs);
2775 AssertRC(rc);
2776 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_FS);
2777 }
2778
2779 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_GS)
2780 {
2781 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_GS);
2782#ifndef IN_NEM_DARWIN
2783 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
2784 pVmcsInfoShared->RealMode.AttrGS.u = pCtx->gs.Attr.u;
2785#endif
2786 rc = vmxHCExportGuestSegReg(pVCpu, pVmcsInfo, X86_SREG_GS, &pCtx->gs);
2787 AssertRC(rc);
2788 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_GS);
2789 }
2790
2791#ifdef VBOX_STRICT
2792 vmxHCValidateSegmentRegs(pVCpu, pVmcsInfo);
2793#endif
2794 Log4Func(("cs={%#04x base=%#RX64 limit=%#RX32 attr=%#RX32}\n", pCtx->cs.Sel, pCtx->cs.u64Base, pCtx->cs.u32Limit,
2795 pCtx->cs.Attr.u));
2796 }
2797
2798 /*
2799 * Guest TR.
2800 */
2801 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_TR)
2802 {
2803 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_TR);
2804
2805 /*
2806 * Real-mode emulation using virtual-8086 mode with CR4.VME. Interrupt redirection is
2807 * achieved using the interrupt redirection bitmap (all bits cleared to let the guest
2808 * handle INT-n's) in the TSS. See hmR3InitFinalizeR0() to see how pRealModeTSS is setup.
2809 */
2810 uint16_t u16Sel;
2811 uint32_t u32Limit;
2812 uint64_t u64Base;
2813 uint32_t u32AccessRights;
2814#ifndef IN_NEM_DARWIN
2815 if (!pVmcsInfoShared->RealMode.fRealOnV86Active)
2816#endif
2817 {
2818 u16Sel = pCtx->tr.Sel;
2819 u32Limit = pCtx->tr.u32Limit;
2820 u64Base = pCtx->tr.u64Base;
2821 u32AccessRights = pCtx->tr.Attr.u;
2822 }
2823#ifndef IN_NEM_DARWIN
2824 else
2825 {
2826 Assert(!pVmxTransient->fIsNestedGuest);
2827 Assert(pVM->hm.s.vmx.pRealModeTSS);
2828 Assert(PDMVmmDevHeapIsEnabled(pVM)); /* Guaranteed by HMCanExecuteGuest() -XXX- what about inner loop changes? */
2829
2830 /* We obtain it here every time as PCI regions could be reconfigured in the guest, changing the VMMDev base. */
2831 RTGCPHYS GCPhys;
2832 rc = PDMVmmDevHeapR3ToGCPhys(pVM, pVM->hm.s.vmx.pRealModeTSS, &GCPhys);
2833 AssertRCReturn(rc, rc);
2834
2835 X86DESCATTR DescAttr;
2836 DescAttr.u = 0;
2837 DescAttr.n.u1Present = 1;
2838 DescAttr.n.u4Type = X86_SEL_TYPE_SYS_386_TSS_BUSY;
2839
2840 u16Sel = 0;
2841 u32Limit = HM_VTX_TSS_SIZE;
2842 u64Base = GCPhys;
2843 u32AccessRights = DescAttr.u;
2844 }
2845#endif
2846
2847 /* Validate. */
2848 Assert(!(u16Sel & RT_BIT(2)));
2849 AssertMsg( (u32AccessRights & 0xf) == X86_SEL_TYPE_SYS_386_TSS_BUSY
2850 || (u32AccessRights & 0xf) == X86_SEL_TYPE_SYS_286_TSS_BUSY, ("TSS is not busy!? %#x\n", u32AccessRights));
2851 AssertMsg(!(u32AccessRights & X86DESCATTR_UNUSABLE), ("TR unusable bit is not clear!? %#x\n", u32AccessRights));
2852 Assert(!(u32AccessRights & RT_BIT(4))); /* System MBZ.*/
2853 Assert(u32AccessRights & RT_BIT(7)); /* Present MB1.*/
2854 Assert(!(u32AccessRights & 0xf00)); /* 11:8 MBZ. */
2855 Assert(!(u32AccessRights & 0xfffe0000)); /* 31:17 MBZ. */
2856 Assert( (u32Limit & 0xfff) == 0xfff
2857 || !(u32AccessRights & RT_BIT(15))); /* Granularity MBZ. */
2858 Assert( !(pCtx->tr.u32Limit & 0xfff00000)
2859 || (u32AccessRights & RT_BIT(15))); /* Granularity MB1. */
2860
2861 rc = VMX_VMCS_WRITE_16(pVCpu, VMX_VMCS16_GUEST_TR_SEL, u16Sel); AssertRC(rc);
2862 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_TR_LIMIT, u32Limit); AssertRC(rc);
2863 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_TR_ACCESS_RIGHTS, u32AccessRights); AssertRC(rc);
2864 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_TR_BASE, u64Base); AssertRC(rc);
2865
2866 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_TR);
2867 Log4Func(("tr base=%#RX64 limit=%#RX32\n", pCtx->tr.u64Base, pCtx->tr.u32Limit));
2868 }
2869
2870 /*
2871 * Guest GDTR.
2872 */
2873 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_GDTR)
2874 {
2875 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_GDTR);
2876
2877 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_GDTR_LIMIT, pCtx->gdtr.cbGdt); AssertRC(rc);
2878 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_GDTR_BASE, pCtx->gdtr.pGdt); AssertRC(rc);
2879
2880 /* Validate. */
2881 Assert(!(pCtx->gdtr.cbGdt & 0xffff0000)); /* Bits 31:16 MBZ. */
2882
2883 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_GDTR);
2884 Log4Func(("gdtr base=%#RX64 limit=%#RX32\n", pCtx->gdtr.pGdt, pCtx->gdtr.cbGdt));
2885 }
2886
2887 /*
2888 * Guest LDTR.
2889 */
2890 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_LDTR)
2891 {
2892 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_LDTR);
2893
2894 /* The unusable bit is specific to VT-x, if it's a null selector mark it as an unusable segment. */
2895 uint32_t u32Access;
2896 if ( !pVmxTransient->fIsNestedGuest
2897 && !pCtx->ldtr.Attr.u)
2898 u32Access = X86DESCATTR_UNUSABLE;
2899 else
2900 u32Access = pCtx->ldtr.Attr.u;
2901
2902 rc = VMX_VMCS_WRITE_16(pVCpu, VMX_VMCS16_GUEST_LDTR_SEL, pCtx->ldtr.Sel); AssertRC(rc);
2903 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_LDTR_LIMIT, pCtx->ldtr.u32Limit); AssertRC(rc);
2904 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_LDTR_ACCESS_RIGHTS, u32Access); AssertRC(rc);
2905 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_LDTR_BASE, pCtx->ldtr.u64Base); AssertRC(rc);
2906
2907 /* Validate. */
2908 if (!(u32Access & X86DESCATTR_UNUSABLE))
2909 {
2910 Assert(!(pCtx->ldtr.Sel & RT_BIT(2))); /* TI MBZ. */
2911 Assert(pCtx->ldtr.Attr.n.u4Type == 2); /* Type MB2 (LDT). */
2912 Assert(!pCtx->ldtr.Attr.n.u1DescType); /* System MBZ. */
2913 Assert(pCtx->ldtr.Attr.n.u1Present == 1); /* Present MB1. */
2914 Assert(!pCtx->ldtr.Attr.n.u4LimitHigh); /* 11:8 MBZ. */
2915 Assert(!(pCtx->ldtr.Attr.u & 0xfffe0000)); /* 31:17 MBZ. */
2916 Assert( (pCtx->ldtr.u32Limit & 0xfff) == 0xfff
2917 || !pCtx->ldtr.Attr.n.u1Granularity); /* Granularity MBZ. */
2918 Assert( !(pCtx->ldtr.u32Limit & 0xfff00000)
2919 || pCtx->ldtr.Attr.n.u1Granularity); /* Granularity MB1. */
2920 }
2921
2922 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_LDTR);
2923 Log4Func(("ldtr base=%#RX64 limit=%#RX32\n", pCtx->ldtr.u64Base, pCtx->ldtr.u32Limit));
2924 }
2925
2926 /*
2927 * Guest IDTR.
2928 */
2929 if (ASMAtomicUoReadU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged) & HM_CHANGED_GUEST_IDTR)
2930 {
2931 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_IDTR);
2932
2933 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_IDTR_LIMIT, pCtx->idtr.cbIdt); AssertRC(rc);
2934 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_IDTR_BASE, pCtx->idtr.pIdt); AssertRC(rc);
2935
2936 /* Validate. */
2937 Assert(!(pCtx->idtr.cbIdt & 0xffff0000)); /* Bits 31:16 MBZ. */
2938
2939 ASMAtomicUoAndU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, ~HM_CHANGED_GUEST_IDTR);
2940 Log4Func(("idtr base=%#RX64 limit=%#RX32\n", pCtx->idtr.pIdt, pCtx->idtr.cbIdt));
2941 }
2942
2943 return VINF_SUCCESS;
2944}
2945
2946
2947/**
2948 * Gets the IEM exception flags for the specified vector and IDT vectoring /
2949 * VM-exit interruption info type.
2950 *
2951 * @returns The IEM exception flags.
2952 * @param uVector The event vector.
2953 * @param uVmxEventType The VMX event type.
2954 *
2955 * @remarks This function currently only constructs flags required for
2956 * IEMEvaluateRecursiveXcpt and not the complete flags (e.g, error-code
2957 * and CR2 aspects of an exception are not included).
2958 */
2959static uint32_t vmxHCGetIemXcptFlags(uint8_t uVector, uint32_t uVmxEventType)
2960{
2961 uint32_t fIemXcptFlags;
2962 switch (uVmxEventType)
2963 {
2964 case VMX_IDT_VECTORING_INFO_TYPE_HW_XCPT:
2965 case VMX_IDT_VECTORING_INFO_TYPE_NMI:
2966 fIemXcptFlags = IEM_XCPT_FLAGS_T_CPU_XCPT;
2967 break;
2968
2969 case VMX_IDT_VECTORING_INFO_TYPE_EXT_INT:
2970 fIemXcptFlags = IEM_XCPT_FLAGS_T_EXT_INT;
2971 break;
2972
2973 case VMX_IDT_VECTORING_INFO_TYPE_PRIV_SW_XCPT:
2974 fIemXcptFlags = IEM_XCPT_FLAGS_T_SOFT_INT | IEM_XCPT_FLAGS_ICEBP_INSTR;
2975 break;
2976
2977 case VMX_IDT_VECTORING_INFO_TYPE_SW_XCPT:
2978 {
2979 fIemXcptFlags = IEM_XCPT_FLAGS_T_SOFT_INT;
2980 if (uVector == X86_XCPT_BP)
2981 fIemXcptFlags |= IEM_XCPT_FLAGS_BP_INSTR;
2982 else if (uVector == X86_XCPT_OF)
2983 fIemXcptFlags |= IEM_XCPT_FLAGS_OF_INSTR;
2984 else
2985 {
2986 fIemXcptFlags = 0;
2987 AssertMsgFailed(("Unexpected vector for software exception. uVector=%#x", uVector));
2988 }
2989 break;
2990 }
2991
2992 case VMX_IDT_VECTORING_INFO_TYPE_SW_INT:
2993 fIemXcptFlags = IEM_XCPT_FLAGS_T_SOFT_INT;
2994 break;
2995
2996 default:
2997 fIemXcptFlags = 0;
2998 AssertMsgFailed(("Unexpected vector type! uVmxEventType=%#x uVector=%#x", uVmxEventType, uVector));
2999 break;
3000 }
3001 return fIemXcptFlags;
3002}
3003
3004
3005/**
3006 * Sets an event as a pending event to be injected into the guest.
3007 *
3008 * @param pVCpu The cross context virtual CPU structure.
3009 * @param u32IntInfo The VM-entry interruption-information field.
3010 * @param cbInstr The VM-entry instruction length in bytes (for
3011 * software interrupts, exceptions and privileged
3012 * software exceptions).
3013 * @param u32ErrCode The VM-entry exception error code.
3014 * @param GCPtrFaultAddress The fault-address (CR2) in case it's a
3015 * page-fault.
3016 */
3017DECLINLINE(void) vmxHCSetPendingEvent(PVMCPUCC pVCpu, uint32_t u32IntInfo, uint32_t cbInstr, uint32_t u32ErrCode,
3018 RTGCUINTPTR GCPtrFaultAddress)
3019{
3020 Assert(!VCPU_2_VMXSTATE(pVCpu).Event.fPending);
3021 VCPU_2_VMXSTATE(pVCpu).Event.fPending = true;
3022 VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo = u32IntInfo;
3023 VCPU_2_VMXSTATE(pVCpu).Event.u32ErrCode = u32ErrCode;
3024 VCPU_2_VMXSTATE(pVCpu).Event.cbInstr = cbInstr;
3025 VCPU_2_VMXSTATE(pVCpu).Event.GCPtrFaultAddress = GCPtrFaultAddress;
3026}
3027
3028
3029/**
3030 * Sets an external interrupt as pending-for-injection into the VM.
3031 *
3032 * @param pVCpu The cross context virtual CPU structure.
3033 * @param u8Interrupt The external interrupt vector.
3034 */
3035DECLINLINE(void) vmxHCSetPendingExtInt(PVMCPUCC pVCpu, uint8_t u8Interrupt)
3036{
3037 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_VECTOR, u8Interrupt)
3038 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_ENTRY_INT_INFO_TYPE_EXT_INT)
3039 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 0)
3040 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3041 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, 0 /* u32ErrCode */, 0 /* GCPtrFaultAddress */);
3042}
3043
3044
3045/**
3046 * Sets an NMI (\#NMI) exception as pending-for-injection into the VM.
3047 *
3048 * @param pVCpu The cross context virtual CPU structure.
3049 */
3050DECLINLINE(void) vmxHCSetPendingXcptNmi(PVMCPUCC pVCpu)
3051{
3052 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_NMI)
3053 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_ENTRY_INT_INFO_TYPE_NMI)
3054 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 0)
3055 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3056 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, 0 /* u32ErrCode */, 0 /* GCPtrFaultAddress */);
3057}
3058
3059
3060/**
3061 * Sets a double-fault (\#DF) exception as pending-for-injection into the VM.
3062 *
3063 * @param pVCpu The cross context virtual CPU structure.
3064 */
3065DECLINLINE(void) vmxHCSetPendingXcptDF(PVMCPUCC pVCpu)
3066{
3067 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_DF)
3068 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
3069 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 1)
3070 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3071 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, 0 /* u32ErrCode */, 0 /* GCPtrFaultAddress */);
3072}
3073
3074
3075/**
3076 * Sets an invalid-opcode (\#UD) exception as pending-for-injection into the VM.
3077 *
3078 * @param pVCpu The cross context virtual CPU structure.
3079 */
3080DECLINLINE(void) vmxHCSetPendingXcptUD(PVMCPUCC pVCpu)
3081{
3082 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_UD)
3083 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
3084 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 0)
3085 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3086 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, 0 /* u32ErrCode */, 0 /* GCPtrFaultAddress */);
3087}
3088
3089
3090/**
3091 * Sets a debug (\#DB) exception as pending-for-injection into the VM.
3092 *
3093 * @param pVCpu The cross context virtual CPU structure.
3094 */
3095DECLINLINE(void) vmxHCSetPendingXcptDB(PVMCPUCC pVCpu)
3096{
3097 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_DB)
3098 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
3099 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 0)
3100 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3101 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, 0 /* u32ErrCode */, 0 /* GCPtrFaultAddress */);
3102}
3103
3104
3105#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
3106/**
3107 * Sets a general-protection (\#GP) exception as pending-for-injection into the VM.
3108 *
3109 * @param pVCpu The cross context virtual CPU structure.
3110 * @param u32ErrCode The error code for the general-protection exception.
3111 */
3112DECLINLINE(void) vmxHCSetPendingXcptGP(PVMCPUCC pVCpu, uint32_t u32ErrCode)
3113{
3114 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_GP)
3115 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
3116 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 1)
3117 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3118 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, u32ErrCode, 0 /* GCPtrFaultAddress */);
3119}
3120
3121
3122/**
3123 * Sets a stack (\#SS) exception as pending-for-injection into the VM.
3124 *
3125 * @param pVCpu The cross context virtual CPU structure.
3126 * @param u32ErrCode The error code for the stack exception.
3127 */
3128DECLINLINE(void) vmxHCSetPendingXcptSS(PVMCPUCC pVCpu, uint32_t u32ErrCode)
3129{
3130 uint32_t const u32IntInfo = RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_SS)
3131 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
3132 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 1)
3133 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1);
3134 vmxHCSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, u32ErrCode, 0 /* GCPtrFaultAddress */);
3135}
3136#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
3137
3138
3139/**
3140 * Fixes up attributes for the specified segment register.
3141 *
3142 * @param pVCpu The cross context virtual CPU structure.
3143 * @param pSelReg The segment register that needs fixing.
3144 * @param pszRegName The register name (for logging and assertions).
3145 */
3146static void vmxHCFixUnusableSegRegAttr(PVMCPUCC pVCpu, PCPUMSELREG pSelReg, const char *pszRegName)
3147{
3148 Assert(pSelReg->Attr.u & X86DESCATTR_UNUSABLE);
3149
3150 /*
3151 * If VT-x marks the segment as unusable, most other bits remain undefined:
3152 * - For CS the L, D and G bits have meaning.
3153 * - For SS the DPL has meaning (it -is- the CPL for Intel and VBox).
3154 * - For the remaining data segments no bits are defined.
3155 *
3156 * The present bit and the unusable bit has been observed to be set at the
3157 * same time (the selector was supposed to be invalid as we started executing
3158 * a V8086 interrupt in ring-0).
3159 *
3160 * What should be important for the rest of the VBox code, is that the P bit is
3161 * cleared. Some of the other VBox code recognizes the unusable bit, but
3162 * AMD-V certainly don't, and REM doesn't really either. So, to be on the
3163 * safe side here, we'll strip off P and other bits we don't care about. If
3164 * any code breaks because Attr.u != 0 when Sel < 4, it should be fixed.
3165 *
3166 * See Intel spec. 27.3.2 "Saving Segment Registers and Descriptor-Table Registers".
3167 */
3168#ifdef VBOX_STRICT
3169 uint32_t const uAttr = pSelReg->Attr.u;
3170#endif
3171
3172 /* Masking off: X86DESCATTR_P, X86DESCATTR_LIMIT_HIGH, and X86DESCATTR_AVL. The latter two are really irrelevant. */
3173 pSelReg->Attr.u &= X86DESCATTR_UNUSABLE | X86DESCATTR_L | X86DESCATTR_D | X86DESCATTR_G
3174 | X86DESCATTR_DPL | X86DESCATTR_TYPE | X86DESCATTR_DT;
3175
3176#ifdef VBOX_STRICT
3177# ifndef IN_NEM_DARWIN
3178 VMMRZCallRing3Disable(pVCpu);
3179# endif
3180 Log4Func(("Unusable %s: sel=%#x attr=%#x -> %#x\n", pszRegName, pSelReg->Sel, uAttr, pSelReg->Attr.u));
3181# ifdef DEBUG_bird
3182 AssertMsg((uAttr & ~X86DESCATTR_P) == pSelReg->Attr.u,
3183 ("%s: %#x != %#x (sel=%#x base=%#llx limit=%#x)\n",
3184 pszRegName, uAttr, pSelReg->Attr.u, pSelReg->Sel, pSelReg->u64Base, pSelReg->u32Limit));
3185# endif
3186# ifndef IN_NEM_DARWIN
3187 VMMRZCallRing3Enable(pVCpu);
3188# endif
3189 NOREF(uAttr);
3190#endif
3191 RT_NOREF2(pVCpu, pszRegName);
3192}
3193
3194
3195/**
3196 * Imports a guest segment register from the current VMCS into the guest-CPU
3197 * context.
3198 *
3199 * @param pVCpu The cross context virtual CPU structure.
3200 * @tparam a_iSegReg The segment register number (X86_SREG_XXX).
3201 *
3202 * @remarks Called with interrupts and/or preemption disabled.
3203 */
3204template<uint32_t const a_iSegReg>
3205DECLINLINE(void) vmxHCImportGuestSegReg(PVMCPUCC pVCpu)
3206{
3207 AssertCompile(a_iSegReg < X86_SREG_COUNT);
3208 /* Check that the macros we depend upon here and in the export parenter function works: */
3209#define MY_SEG_VMCS_FIELD(a_FieldPrefix, a_FieldSuff) \
3210 ( a_iSegReg == X86_SREG_ES ? a_FieldPrefix ## ES ## a_FieldSuff \
3211 : a_iSegReg == X86_SREG_CS ? a_FieldPrefix ## CS ## a_FieldSuff \
3212 : a_iSegReg == X86_SREG_SS ? a_FieldPrefix ## SS ## a_FieldSuff \
3213 : a_iSegReg == X86_SREG_DS ? a_FieldPrefix ## DS ## a_FieldSuff \
3214 : a_iSegReg == X86_SREG_FS ? a_FieldPrefix ## FS ## a_FieldSuff \
3215 : a_iSegReg == X86_SREG_GS ? a_FieldPrefix ## GS ## a_FieldSuff : 0)
3216 AssertCompile(VMX_VMCS_GUEST_SEG_BASE(a_iSegReg) == MY_SEG_VMCS_FIELD(VMX_VMCS_GUEST_,_BASE));
3217 AssertCompile(VMX_VMCS16_GUEST_SEG_SEL(a_iSegReg) == MY_SEG_VMCS_FIELD(VMX_VMCS16_GUEST_,_SEL));
3218 AssertCompile(VMX_VMCS32_GUEST_SEG_LIMIT(a_iSegReg) == MY_SEG_VMCS_FIELD(VMX_VMCS32_GUEST_,_LIMIT));
3219 AssertCompile(VMX_VMCS32_GUEST_SEG_ACCESS_RIGHTS(a_iSegReg) == MY_SEG_VMCS_FIELD(VMX_VMCS32_GUEST_,_ACCESS_RIGHTS));
3220
3221 PCPUMSELREG pSelReg = &pVCpu->cpum.GstCtx.aSRegs[a_iSegReg];
3222
3223 uint16_t u16Sel;
3224 int rc = VMX_VMCS_READ_16(pVCpu, VMX_VMCS16_GUEST_SEG_SEL(a_iSegReg), &u16Sel); AssertRC(rc);
3225 pSelReg->Sel = u16Sel;
3226 pSelReg->ValidSel = u16Sel;
3227
3228 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_SEG_LIMIT(a_iSegReg), &pSelReg->u32Limit); AssertRC(rc);
3229 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_SEG_BASE(a_iSegReg), &pSelReg->u64Base); AssertRC(rc);
3230
3231 uint32_t u32Attr;
3232 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_SEG_ACCESS_RIGHTS(a_iSegReg), &u32Attr); AssertRC(rc);
3233 pSelReg->Attr.u = u32Attr;
3234 if (u32Attr & X86DESCATTR_UNUSABLE)
3235 vmxHCFixUnusableSegRegAttr(pVCpu, pSelReg, "ES\0CS\0SS\0DS\0FS\0GS" + a_iSegReg * 3);
3236
3237 pSelReg->fFlags = CPUMSELREG_FLAGS_VALID;
3238}
3239
3240
3241/**
3242 * Imports the guest LDTR from the VMCS into the guest-CPU context.
3243 *
3244 * @param pVCpu The cross context virtual CPU structure.
3245 *
3246 * @remarks Called with interrupts and/or preemption disabled.
3247 */
3248DECL_FORCE_INLINE(void) vmxHCImportGuestLdtr(PVMCPUCC pVCpu)
3249{
3250 uint16_t u16Sel;
3251 uint64_t u64Base;
3252 uint32_t u32Limit, u32Attr;
3253 int rc = VMX_VMCS_READ_16(pVCpu, VMX_VMCS16_GUEST_LDTR_SEL, &u16Sel); AssertRC(rc);
3254 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_LDTR_LIMIT, &u32Limit); AssertRC(rc);
3255 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_LDTR_ACCESS_RIGHTS, &u32Attr); AssertRC(rc);
3256 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_LDTR_BASE, &u64Base); AssertRC(rc);
3257
3258 pVCpu->cpum.GstCtx.ldtr.Sel = u16Sel;
3259 pVCpu->cpum.GstCtx.ldtr.ValidSel = u16Sel;
3260 pVCpu->cpum.GstCtx.ldtr.fFlags = CPUMSELREG_FLAGS_VALID;
3261 pVCpu->cpum.GstCtx.ldtr.u32Limit = u32Limit;
3262 pVCpu->cpum.GstCtx.ldtr.u64Base = u64Base;
3263 pVCpu->cpum.GstCtx.ldtr.Attr.u = u32Attr;
3264 if (u32Attr & X86DESCATTR_UNUSABLE)
3265 vmxHCFixUnusableSegRegAttr(pVCpu, &pVCpu->cpum.GstCtx.ldtr, "LDTR");
3266}
3267
3268
3269/**
3270 * Imports the guest TR from the VMCS into the guest-CPU context.
3271 *
3272 * @param pVCpu The cross context virtual CPU structure.
3273 *
3274 * @remarks Called with interrupts and/or preemption disabled.
3275 */
3276DECL_FORCE_INLINE(void) vmxHCImportGuestTr(PVMCPUCC pVCpu)
3277{
3278 uint16_t u16Sel;
3279 uint64_t u64Base;
3280 uint32_t u32Limit, u32Attr;
3281 int rc = VMX_VMCS_READ_16(pVCpu, VMX_VMCS16_GUEST_TR_SEL, &u16Sel); AssertRC(rc);
3282 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_TR_LIMIT, &u32Limit); AssertRC(rc);
3283 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_TR_ACCESS_RIGHTS, &u32Attr); AssertRC(rc);
3284 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_TR_BASE, &u64Base); AssertRC(rc);
3285
3286 pVCpu->cpum.GstCtx.tr.Sel = u16Sel;
3287 pVCpu->cpum.GstCtx.tr.ValidSel = u16Sel;
3288 pVCpu->cpum.GstCtx.tr.fFlags = CPUMSELREG_FLAGS_VALID;
3289 pVCpu->cpum.GstCtx.tr.u32Limit = u32Limit;
3290 pVCpu->cpum.GstCtx.tr.u64Base = u64Base;
3291 pVCpu->cpum.GstCtx.tr.Attr.u = u32Attr;
3292 /* TR is the only selector that can never be unusable. */
3293 Assert(!(u32Attr & X86DESCATTR_UNUSABLE));
3294}
3295
3296
3297/**
3298 * Core: Imports the guest RIP from the VMCS into the guest-CPU context.
3299 *
3300 * @returns The RIP value.
3301 * @param pVCpu The cross context virtual CPU structure.
3302 *
3303 * @remarks Called with interrupts and/or preemption disabled, should not assert!
3304 * @remarks Do -not- call this function directly!
3305 */
3306DECL_FORCE_INLINE(uint64_t) vmxHCImportGuestCoreRip(PVMCPUCC pVCpu)
3307{
3308 uint64_t u64Val;
3309 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_RIP, &u64Val);
3310 AssertRC(rc);
3311
3312 pVCpu->cpum.GstCtx.rip = u64Val;
3313
3314 return u64Val;
3315}
3316
3317
3318/**
3319 * Imports the guest RIP from the VMCS into the guest-CPU context.
3320 *
3321 * @param pVCpu The cross context virtual CPU structure.
3322 *
3323 * @remarks Called with interrupts and/or preemption disabled, should not assert!
3324 * @remarks Do -not- call this function directly, use vmxHCImportGuestState()
3325 * instead!!!
3326 */
3327DECL_FORCE_INLINE(void) vmxHCImportGuestRip(PVMCPUCC pVCpu)
3328{
3329 if (pVCpu->cpum.GstCtx.fExtrn & CPUMCTX_EXTRN_RIP)
3330 {
3331 EMHistoryUpdatePC(pVCpu, vmxHCImportGuestCoreRip(pVCpu), false);
3332 pVCpu->cpum.GstCtx.fExtrn &= ~CPUMCTX_EXTRN_RIP;
3333 }
3334}
3335
3336
3337/**
3338 * Core: Imports the guest RFLAGS from the VMCS into the guest-CPU context.
3339 *
3340 * @param pVCpu The cross context virtual CPU structure.
3341 * @param pVmcsInfo The VMCS info. object.
3342 *
3343 * @remarks Called with interrupts and/or preemption disabled, should not assert!
3344 * @remarks Do -not- call this function directly!
3345 */
3346DECL_FORCE_INLINE(void) vmxHCImportGuestCoreRFlags(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo)
3347{
3348 uint64_t fRFlags;
3349 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_RFLAGS, &fRFlags);
3350 AssertRC(rc);
3351
3352 Assert((fRFlags & X86_EFL_RA1_MASK) == X86_EFL_RA1_MASK);
3353 Assert((fRFlags & ~(uint64_t)(X86_EFL_1 | X86_EFL_LIVE_MASK)) == 0);
3354
3355 pVCpu->cpum.GstCtx.rflags.u = fRFlags;
3356#ifndef IN_NEM_DARWIN
3357 PCVMXVMCSINFOSHARED pVmcsInfoShared = pVmcsInfo->pShared;
3358 if (!pVmcsInfoShared->RealMode.fRealOnV86Active)
3359 { /* mostly likely */ }
3360 else
3361 {
3362 pVCpu->cpum.GstCtx.eflags.Bits.u1VM = 0;
3363 pVCpu->cpum.GstCtx.eflags.Bits.u2IOPL = pVmcsInfoShared->RealMode.Eflags.Bits.u2IOPL;
3364 }
3365#else
3366 RT_NOREF(pVmcsInfo);
3367#endif
3368}
3369
3370
3371/**
3372 * Imports the guest RFLAGS from the VMCS into the guest-CPU context.
3373 *
3374 * @param pVCpu The cross context virtual CPU structure.
3375 * @param pVmcsInfo The VMCS info. object.
3376 *
3377 * @remarks Called with interrupts and/or preemption disabled, should not assert!
3378 * @remarks Do -not- call this function directly, use vmxHCImportGuestState()
3379 * instead!!!
3380 */
3381DECL_FORCE_INLINE(void) vmxHCImportGuestRFlags(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo)
3382{
3383 if (pVCpu->cpum.GstCtx.fExtrn & CPUMCTX_EXTRN_RFLAGS)
3384 {
3385 vmxHCImportGuestCoreRFlags(pVCpu, pVmcsInfo);
3386 pVCpu->cpum.GstCtx.fExtrn &= ~CPUMCTX_EXTRN_RFLAGS;
3387 }
3388}
3389
3390
3391#ifndef IN_NEM_DARWIN
3392/**
3393 * Imports the guest TSX AUX and certain other MSRs from the VMCS into the guest-CPU
3394 * context.
3395 *
3396 * The other MSRs are in the VM-exit MSR-store.
3397 *
3398 * @returns VBox status code.
3399 * @param pVCpu The cross context virtual CPU structure.
3400 * @param pVmcsInfo The VMCS info. object.
3401 * @param fEFlags Saved EFLAGS for restoring the interrupt flag (in case of
3402 * unexpected errors). Ignored in NEM/darwin context.
3403 */
3404DECL_FORCE_INLINE(int) vmxHCImportGuestTscAuxAndOtherMsrs(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo, uint32_t fEFlags)
3405{
3406 PVMXVMCSINFOSHARED pVmcsInfoShared = pVmcsInfo->pShared;
3407 PCVMXAUTOMSR pMsrs = (PCVMXAUTOMSR)pVmcsInfo->pvGuestMsrStore;
3408 uint32_t const cMsrs = pVmcsInfo->cExitMsrStore;
3409 Assert(pMsrs);
3410 Assert(cMsrs <= VMX_MISC_MAX_MSRS(g_HmMsrs.u.vmx.u64Misc));
3411 Assert(sizeof(*pMsrs) * cMsrs <= X86_PAGE_4K_SIZE);
3412 for (uint32_t i = 0; i < cMsrs; i++)
3413 {
3414 uint32_t const idMsr = pMsrs[i].u32Msr;
3415 switch (idMsr)
3416 {
3417 case MSR_K8_TSC_AUX: CPUMSetGuestTscAux(pVCpu, pMsrs[i].u64Value); break;
3418 case MSR_IA32_SPEC_CTRL: CPUMSetGuestSpecCtrl(pVCpu, pMsrs[i].u64Value); break;
3419 case MSR_K6_EFER: /* Can't be changed without causing a VM-exit */ break;
3420 default:
3421 {
3422 uint32_t idxLbrMsr;
3423 PVMCC const pVM = pVCpu->CTX_SUFF(pVM);
3424 if (VM_IS_VMX_LBR(pVM))
3425 {
3426 if (hmR0VmxIsLbrBranchFromMsr(pVM, idMsr, &idxLbrMsr))
3427 {
3428 Assert(idxLbrMsr < RT_ELEMENTS(pVmcsInfoShared->au64LbrFromIpMsr));
3429 pVmcsInfoShared->au64LbrFromIpMsr[idxLbrMsr] = pMsrs[i].u64Value;
3430 break;
3431 }
3432 if (hmR0VmxIsLbrBranchToMsr(pVM, idMsr, &idxLbrMsr))
3433 {
3434 Assert(idxLbrMsr < RT_ELEMENTS(pVmcsInfoShared->au64LbrFromIpMsr));
3435 pVmcsInfoShared->au64LbrToIpMsr[idxLbrMsr] = pMsrs[i].u64Value;
3436 break;
3437 }
3438 if (idMsr == pVM->hmr0.s.vmx.idLbrTosMsr)
3439 {
3440 pVmcsInfoShared->u64LbrTosMsr = pMsrs[i].u64Value;
3441 break;
3442 }
3443 /* Fallthru (no break) */
3444 }
3445 pVCpu->cpum.GstCtx.fExtrn = 0;
3446 VCPU_2_VMXSTATE(pVCpu).u32HMError = pMsrs->u32Msr;
3447 ASMSetFlags(fEFlags);
3448 AssertMsgFailed(("Unexpected MSR in auto-load/store area. idMsr=%#RX32 cMsrs=%u\n", idMsr, cMsrs));
3449 return VERR_HM_UNEXPECTED_LD_ST_MSR;
3450 }
3451 }
3452 }
3453 return VINF_SUCCESS;
3454}
3455#endif /* !IN_NEM_DARWIN */
3456
3457
3458/**
3459 * Imports the guest CR0 from the VMCS into the guest-CPU context.
3460 *
3461 * @param pVCpu The cross context virtual CPU structure.
3462 * @param pVmcsInfo The VMCS info. object.
3463 */
3464DECL_FORCE_INLINE(void) vmxHCImportGuestCr0(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo)
3465{
3466 uint64_t u64Cr0;
3467 uint64_t u64Shadow;
3468 int rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_CR0, &u64Cr0); AssertRC(rc);
3469 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_CTRL_CR0_READ_SHADOW, &u64Shadow); AssertRC(rc);
3470#ifndef VBOX_WITH_NESTED_HWVIRT_VMX
3471 u64Cr0 = (u64Cr0 & ~pVmcsInfo->u64Cr0Mask)
3472 | (u64Shadow & pVmcsInfo->u64Cr0Mask);
3473#else
3474 if (!CPUMIsGuestInVmxNonRootMode(&pVCpu->cpum.GstCtx))
3475 {
3476 u64Cr0 = (u64Cr0 & ~pVmcsInfo->u64Cr0Mask)
3477 | (u64Shadow & pVmcsInfo->u64Cr0Mask);
3478 }
3479 else
3480 {
3481 /*
3482 * We've merged the guest and nested-guest's CR0 guest/host mask while executing
3483 * the nested-guest using hardware-assisted VMX. Accordingly we need to
3484 * re-construct CR0. See @bugref{9180#c95} for details.
3485 */
3486 PCVMXVMCSINFO const pVmcsInfoGst = &pVCpu->hmr0.s.vmx.VmcsInfo;
3487 PVMXVVMCS const pVmcsNstGst = &pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs;
3488 u64Cr0 = (u64Cr0 & ~(pVmcsInfoGst->u64Cr0Mask & pVmcsNstGst->u64Cr0Mask.u))
3489 | (pVmcsNstGst->u64GuestCr0.u & pVmcsNstGst->u64Cr0Mask.u)
3490 | (u64Shadow & (pVmcsInfoGst->u64Cr0Mask & ~pVmcsNstGst->u64Cr0Mask.u));
3491 Assert(u64Cr0 & X86_CR0_NE);
3492 }
3493#endif
3494
3495#ifndef IN_NEM_DARWIN
3496 VMMRZCallRing3Disable(pVCpu); /* May call into PGM which has Log statements. */
3497#endif
3498 CPUMSetGuestCR0(pVCpu, u64Cr0);
3499#ifndef IN_NEM_DARWIN
3500 VMMRZCallRing3Enable(pVCpu);
3501#endif
3502}
3503
3504
3505/**
3506 * Imports the guest CR3 from the VMCS into the guest-CPU context.
3507 *
3508 * @param pVCpu The cross context virtual CPU structure.
3509 */
3510DECL_FORCE_INLINE(void) vmxHCImportGuestCr3(PVMCPUCC pVCpu)
3511{
3512 PVMCC const pVM = pVCpu->CTX_SUFF(pVM);
3513 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
3514
3515 /* CR0.PG bit changes are always intercepted, so it's up to date. */
3516 if ( VM_IS_VMX_UNRESTRICTED_GUEST(pVM)
3517 || ( VM_IS_VMX_NESTED_PAGING(pVM)
3518 && CPUMIsGuestPagingEnabledEx(pCtx)))
3519 {
3520 uint64_t u64Cr3;
3521 int rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_CR3, &u64Cr3); AssertRC(rc);
3522 if (pCtx->cr3 != u64Cr3)
3523 {
3524 pCtx->cr3 = u64Cr3;
3525 VMCPU_FF_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3);
3526 }
3527
3528 /*
3529 * If the guest is in PAE mode, sync back the PDPE's into the guest state.
3530 * CR4.PAE, CR0.PG, EFER MSR changes are always intercepted, so they're up to date.
3531 */
3532 if (CPUMIsGuestInPAEModeEx(pCtx))
3533 {
3534 X86PDPE aPaePdpes[4];
3535 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE0_FULL, &aPaePdpes[0].u); AssertRC(rc);
3536 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE1_FULL, &aPaePdpes[1].u); AssertRC(rc);
3537 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE2_FULL, &aPaePdpes[2].u); AssertRC(rc);
3538 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE3_FULL, &aPaePdpes[3].u); AssertRC(rc);
3539 if (memcmp(&aPaePdpes[0], &pCtx->aPaePdpes[0], sizeof(aPaePdpes)))
3540 {
3541 memcpy(&pCtx->aPaePdpes[0], &aPaePdpes[0], sizeof(aPaePdpes));
3542 /* PGM now updates PAE PDPTEs while updating CR3. */
3543 VMCPU_FF_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3);
3544 }
3545 }
3546 }
3547}
3548
3549
3550/**
3551 * Imports the guest CR4 from the VMCS into the guest-CPU context.
3552 *
3553 * @param pVCpu The cross context virtual CPU structure.
3554 * @param pVmcsInfo The VMCS info. object.
3555 */
3556DECL_FORCE_INLINE(void) vmxHCImportGuestCr4(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo)
3557{
3558 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
3559 uint64_t u64Cr4;
3560 uint64_t u64Shadow;
3561 int rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_CR4, &u64Cr4); AssertRC(rc);
3562 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_CTRL_CR4_READ_SHADOW, &u64Shadow); AssertRC(rc);
3563#ifndef VBOX_WITH_NESTED_HWVIRT_VMX
3564 u64Cr4 = (u64Cr4 & ~pVmcsInfo->u64Cr4Mask)
3565 | (u64Shadow & pVmcsInfo->u64Cr4Mask);
3566#else
3567 if (!CPUMIsGuestInVmxNonRootMode(pCtx))
3568 {
3569 u64Cr4 = (u64Cr4 & ~pVmcsInfo->u64Cr4Mask)
3570 | (u64Shadow & pVmcsInfo->u64Cr4Mask);
3571 }
3572 else
3573 {
3574 /*
3575 * We've merged the guest and nested-guest's CR4 guest/host mask while executing
3576 * the nested-guest using hardware-assisted VMX. Accordingly we need to
3577 * re-construct CR4. See @bugref{9180#c95} for details.
3578 */
3579 PCVMXVMCSINFO const pVmcsInfoGst = &pVCpu->hmr0.s.vmx.VmcsInfo;
3580 PVMXVVMCS const pVmcsNstGst = &pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs;
3581 u64Cr4 = (u64Cr4 & ~(pVmcsInfo->u64Cr4Mask & pVmcsNstGst->u64Cr4Mask.u))
3582 | (pVmcsNstGst->u64GuestCr4.u & pVmcsNstGst->u64Cr4Mask.u)
3583 | (u64Shadow & (pVmcsInfoGst->u64Cr4Mask & ~pVmcsNstGst->u64Cr4Mask.u));
3584 Assert(u64Cr4 & X86_CR4_VMXE);
3585 }
3586#endif
3587 pCtx->cr4 = u64Cr4;
3588}
3589
3590
3591/**
3592 * Worker for vmxHCImportGuestIntrState that handles the case where any of the
3593 * relevant VMX_VMCS32_GUEST_INT_STATE bits are set.
3594 */
3595DECL_NO_INLINE(static,void) vmxHCImportGuestIntrStateSlow(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo, uint32_t fGstIntState)
3596{
3597 /*
3598 * We must import RIP here to set our EM interrupt-inhibited state.
3599 * We also import RFLAGS as our code that evaluates pending interrupts
3600 * before VM-entry requires it.
3601 */
3602 vmxHCImportGuestRip(pVCpu);
3603 vmxHCImportGuestRFlags(pVCpu, pVmcsInfo);
3604
3605 CPUMUpdateInterruptShadowSsStiEx(&pVCpu->cpum.GstCtx,
3606 RT_BOOL(fGstIntState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS),
3607 RT_BOOL(fGstIntState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI),
3608 pVCpu->cpum.GstCtx.rip);
3609 CPUMUpdateInterruptInhibitingByNmiEx(&pVCpu->cpum.GstCtx, RT_BOOL(fGstIntState & VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI));
3610}
3611
3612
3613/**
3614 * Imports the guest interruptibility-state from the VMCS into the guest-CPU
3615 * context.
3616 *
3617 * @note May import RIP and RFLAGS if interrupt or NMI are blocked.
3618 *
3619 * @param pVCpu The cross context virtual CPU structure.
3620 * @param pVmcsInfo The VMCS info. object.
3621 *
3622 * @remarks Called with interrupts and/or preemption disabled, try not to assert and
3623 * do not log!
3624 * @remarks Do -not- call this function directly, use vmxHCImportGuestState()
3625 * instead!!!
3626 */
3627DECLINLINE(void) vmxHCImportGuestIntrState(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo)
3628{
3629 uint32_t u32Val;
3630 int rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_INT_STATE, &u32Val); AssertRC(rc);
3631 if (!u32Val)
3632 {
3633 CPUMClearInterruptShadow(&pVCpu->cpum.GstCtx);
3634 CPUMClearInterruptInhibitingByNmiEx(&pVCpu->cpum.GstCtx);
3635 }
3636 else
3637 vmxHCImportGuestIntrStateSlow(pVCpu, pVmcsInfo, u32Val);
3638}
3639
3640
3641/**
3642 * Worker for VMXR0ImportStateOnDemand.
3643 *
3644 * @returns VBox status code.
3645 * @param pVCpu The cross context virtual CPU structure.
3646 * @param pVmcsInfo The VMCS info. object.
3647 * @param fWhat What to import, CPUMCTX_EXTRN_XXX.
3648 */
3649static int vmxHCImportGuestStateEx(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint64_t fWhat)
3650{
3651 int rc = VINF_SUCCESS;
3652 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
3653 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
3654 uint32_t u32Val;
3655
3656 /*
3657 * Note! This is hack to workaround a mysterious BSOD observed with release builds
3658 * on Windows 10 64-bit hosts. Profile and debug builds are not affected and
3659 * neither are other host platforms.
3660 *
3661 * Committing this temporarily as it prevents BSOD.
3662 *
3663 * Update: This is very likely a compiler optimization bug, see @bugref{9180}.
3664 */
3665#ifdef RT_OS_WINDOWS
3666 if (pVM == 0 || pVM == (void *)(uintptr_t)-1)
3667 return VERR_HM_IPE_1;
3668#endif
3669
3670 STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatImportGuestState, x);
3671
3672#ifndef IN_NEM_DARWIN
3673 /*
3674 * We disable interrupts to make the updating of the state and in particular
3675 * the fExtrn modification atomic wrt to preemption hooks.
3676 */
3677 RTCCUINTREG const fEFlags = ASMIntDisableFlags();
3678#endif
3679
3680 fWhat &= pCtx->fExtrn;
3681 if (fWhat)
3682 {
3683 do
3684 {
3685 if (fWhat & CPUMCTX_EXTRN_RIP)
3686 vmxHCImportGuestRip(pVCpu);
3687
3688 if (fWhat & CPUMCTX_EXTRN_RFLAGS)
3689 vmxHCImportGuestRFlags(pVCpu, pVmcsInfo);
3690
3691 /* Note! vmxHCImportGuestIntrState may also include RIP and RFLAGS and update fExtrn. */
3692 if (fWhat & (CPUMCTX_EXTRN_INHIBIT_INT | CPUMCTX_EXTRN_INHIBIT_NMI))
3693 vmxHCImportGuestIntrState(pVCpu, pVmcsInfo);
3694
3695 if (fWhat & CPUMCTX_EXTRN_RSP)
3696 {
3697 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_RSP, &pCtx->rsp);
3698 AssertRC(rc);
3699 }
3700
3701 if (fWhat & CPUMCTX_EXTRN_SREG_MASK)
3702 {
3703 PVMXVMCSINFOSHARED pVmcsInfoShared = pVmcsInfo->pShared;
3704#ifndef IN_NEM_DARWIN
3705 bool const fRealOnV86Active = pVmcsInfoShared->RealMode.fRealOnV86Active;
3706#else
3707 bool const fRealOnV86Active = false; /* HV supports only unrestricted guest execution. */
3708#endif
3709 if (fWhat & CPUMCTX_EXTRN_CS)
3710 {
3711 vmxHCImportGuestSegReg<X86_SREG_CS>(pVCpu);
3712 vmxHCImportGuestRip(pVCpu); /** @todo WTF? */
3713 if (fRealOnV86Active)
3714 pCtx->cs.Attr.u = pVmcsInfoShared->RealMode.AttrCS.u;
3715 EMHistoryUpdatePC(pVCpu, pCtx->cs.u64Base + pCtx->rip, true /* fFlattened */);
3716 }
3717 if (fWhat & CPUMCTX_EXTRN_SS)
3718 {
3719 vmxHCImportGuestSegReg<X86_SREG_SS>(pVCpu);
3720 if (fRealOnV86Active)
3721 pCtx->ss.Attr.u = pVmcsInfoShared->RealMode.AttrSS.u;
3722 }
3723 if (fWhat & CPUMCTX_EXTRN_DS)
3724 {
3725 vmxHCImportGuestSegReg<X86_SREG_DS>(pVCpu);
3726 if (fRealOnV86Active)
3727 pCtx->ds.Attr.u = pVmcsInfoShared->RealMode.AttrDS.u;
3728 }
3729 if (fWhat & CPUMCTX_EXTRN_ES)
3730 {
3731 vmxHCImportGuestSegReg<X86_SREG_ES>(pVCpu);
3732 if (fRealOnV86Active)
3733 pCtx->es.Attr.u = pVmcsInfoShared->RealMode.AttrES.u;
3734 }
3735 if (fWhat & CPUMCTX_EXTRN_FS)
3736 {
3737 vmxHCImportGuestSegReg<X86_SREG_FS>(pVCpu);
3738 if (fRealOnV86Active)
3739 pCtx->fs.Attr.u = pVmcsInfoShared->RealMode.AttrFS.u;
3740 }
3741 if (fWhat & CPUMCTX_EXTRN_GS)
3742 {
3743 vmxHCImportGuestSegReg<X86_SREG_GS>(pVCpu);
3744 if (fRealOnV86Active)
3745 pCtx->gs.Attr.u = pVmcsInfoShared->RealMode.AttrGS.u;
3746 }
3747 }
3748
3749 if (fWhat & CPUMCTX_EXTRN_TABLE_MASK)
3750 {
3751 if (fWhat & CPUMCTX_EXTRN_LDTR)
3752 vmxHCImportGuestLdtr(pVCpu);
3753
3754 if (fWhat & CPUMCTX_EXTRN_GDTR)
3755 {
3756 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_GDTR_BASE, &pCtx->gdtr.pGdt); AssertRC(rc);
3757 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_GDTR_LIMIT, &u32Val); AssertRC(rc);
3758 pCtx->gdtr.cbGdt = u32Val;
3759 }
3760
3761 /* Guest IDTR. */
3762 if (fWhat & CPUMCTX_EXTRN_IDTR)
3763 {
3764 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_IDTR_BASE, &pCtx->idtr.pIdt); AssertRC(rc);
3765 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_IDTR_LIMIT, &u32Val); AssertRC(rc);
3766 pCtx->idtr.cbIdt = u32Val;
3767 }
3768
3769 /* Guest TR. */
3770 if (fWhat & CPUMCTX_EXTRN_TR)
3771 {
3772#ifndef IN_NEM_DARWIN
3773 /* Real-mode emulation using virtual-8086 mode has the fake TSS (pRealModeTSS) in TR,
3774 don't need to import that one. */
3775 if (!pVmcsInfo->pShared->RealMode.fRealOnV86Active)
3776#endif
3777 vmxHCImportGuestTr(pVCpu);
3778 }
3779 }
3780
3781 if (fWhat & CPUMCTX_EXTRN_DR7)
3782 {
3783#ifndef IN_NEM_DARWIN
3784 if (!pVCpu->hmr0.s.fUsingHyperDR7)
3785#endif
3786 {
3787 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_DR7, &pCtx->dr[7]);
3788 AssertRC(rc);
3789 }
3790 }
3791
3792 if (fWhat & CPUMCTX_EXTRN_SYSENTER_MSRS)
3793 {
3794 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_SYSENTER_EIP, &pCtx->SysEnter.eip); AssertRC(rc);
3795 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_SYSENTER_ESP, &pCtx->SysEnter.esp); AssertRC(rc);
3796 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_SYSENTER_CS, &u32Val); AssertRC(rc);
3797 pCtx->SysEnter.cs = u32Val;
3798 }
3799
3800#ifndef IN_NEM_DARWIN
3801 if (fWhat & CPUMCTX_EXTRN_KERNEL_GS_BASE)
3802 {
3803 if ( pVM->hmr0.s.fAllow64BitGuests
3804 && (pVCpu->hmr0.s.vmx.fLazyMsrs & VMX_LAZY_MSRS_LOADED_GUEST))
3805 pCtx->msrKERNELGSBASE = ASMRdMsr(MSR_K8_KERNEL_GS_BASE);
3806 }
3807
3808 if (fWhat & CPUMCTX_EXTRN_SYSCALL_MSRS)
3809 {
3810 if ( pVM->hmr0.s.fAllow64BitGuests
3811 && (pVCpu->hmr0.s.vmx.fLazyMsrs & VMX_LAZY_MSRS_LOADED_GUEST))
3812 {
3813 pCtx->msrLSTAR = ASMRdMsr(MSR_K8_LSTAR);
3814 pCtx->msrSTAR = ASMRdMsr(MSR_K6_STAR);
3815 pCtx->msrSFMASK = ASMRdMsr(MSR_K8_SF_MASK);
3816 }
3817 }
3818
3819 if (fWhat & (CPUMCTX_EXTRN_TSC_AUX | CPUMCTX_EXTRN_OTHER_MSRS))
3820 {
3821 rc = vmxHCImportGuestTscAuxAndOtherMsrs(pVCpu, pVmcsInfo, fEFlags);
3822 AssertRCReturn(rc, rc);
3823 }
3824#else
3825 NOREF(pVM);
3826#endif
3827
3828 if (fWhat & CPUMCTX_EXTRN_CR_MASK)
3829 {
3830 if (fWhat & CPUMCTX_EXTRN_CR0)
3831 vmxHCImportGuestCr0(pVCpu, pVmcsInfo);
3832
3833 if (fWhat & CPUMCTX_EXTRN_CR4)
3834 vmxHCImportGuestCr4(pVCpu, pVmcsInfo);
3835
3836 if (fWhat & CPUMCTX_EXTRN_CR3)
3837 vmxHCImportGuestCr3(pVCpu);
3838 }
3839
3840#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
3841 if (fWhat & CPUMCTX_EXTRN_HWVIRT)
3842 {
3843 if ( (pVmcsInfo->u32ProcCtls2 & VMX_PROC_CTLS2_VMCS_SHADOWING)
3844 && !CPUMIsGuestInVmxNonRootMode(pCtx))
3845 {
3846 Assert(CPUMIsGuestInVmxRootMode(pCtx));
3847 rc = vmxHCCopyShadowToNstGstVmcs(pVCpu, pVmcsInfo);
3848 if (RT_SUCCESS(rc))
3849 { /* likely */ }
3850 else
3851 break;
3852 }
3853 }
3854#endif
3855 } while (0);
3856
3857 if (RT_SUCCESS(rc))
3858 {
3859 /* Update fExtrn. */
3860 pCtx->fExtrn &= ~fWhat;
3861
3862 /* If everything has been imported, clear the HM keeper bit. */
3863 if (!(pCtx->fExtrn & HMVMX_CPUMCTX_EXTRN_ALL))
3864 {
3865#ifndef IN_NEM_DARWIN
3866 pCtx->fExtrn &= ~CPUMCTX_EXTRN_KEEPER_HM;
3867#else
3868 pCtx->fExtrn &= ~CPUMCTX_EXTRN_KEEPER_NEM;
3869#endif
3870 Assert(!pCtx->fExtrn);
3871 }
3872 }
3873 }
3874#ifndef IN_NEM_DARWIN
3875 else
3876 AssertMsg(!pCtx->fExtrn || (pCtx->fExtrn & HMVMX_CPUMCTX_EXTRN_ALL), ("%#RX64\n", pCtx->fExtrn));
3877
3878 /*
3879 * Restore interrupts.
3880 */
3881 ASMSetFlags(fEFlags);
3882#endif
3883
3884 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatImportGuestState, x);
3885
3886 if (RT_SUCCESS(rc))
3887 { /* likely */ }
3888 else
3889 return rc;
3890
3891 /*
3892 * Honor any pending CR3 updates.
3893 *
3894 * Consider this scenario: VM-exit -> VMMRZCallRing3Enable() -> do stuff that causes a longjmp -> VMXR0CallRing3Callback()
3895 * -> VMMRZCallRing3Disable() -> vmxHCImportGuestState() -> Sets VMCPU_FF_HM_UPDATE_CR3 pending -> return from the longjmp
3896 * -> continue with VM-exit handling -> vmxHCImportGuestState() and here we are.
3897 *
3898 * The reason for such complicated handling is because VM-exits that call into PGM expect CR3 to be up-to-date and thus
3899 * if any CR3-saves -before- the VM-exit (longjmp) postponed the CR3 update via the force-flag, any VM-exit handler that
3900 * calls into PGM when it re-saves CR3 will end up here and we call PGMUpdateCR3(). This is why the code below should
3901 * -NOT- check if CPUMCTX_EXTRN_CR3 is set!
3902 *
3903 * The longjmp exit path can't check these CR3 force-flags and call code that takes a lock again. We cover for it here.
3904 *
3905 * The force-flag is checked first as it's cheaper for potential superfluous calls to this function.
3906 */
3907 if ( VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3)
3908#ifndef IN_NEM_DARWIN
3909 && VMMRZCallRing3IsEnabled(pVCpu)
3910#endif
3911 )
3912 {
3913 Assert(!(ASMAtomicUoReadU64(&pCtx->fExtrn) & CPUMCTX_EXTRN_CR3));
3914 PGMUpdateCR3(pVCpu, CPUMGetGuestCR3(pVCpu));
3915 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3));
3916 }
3917
3918 return VINF_SUCCESS;
3919}
3920
3921
3922/**
3923 * Internal state fetcher, inner version where we fetch all of a_fWhat.
3924 *
3925 * @returns VBox status code.
3926 * @param pVCpu The cross context virtual CPU structure.
3927 * @param pVmcsInfo The VMCS info. object.
3928 * @param fEFlags Saved EFLAGS for restoring the interrupt flag. Ignored
3929 * in NEM/darwin context.
3930 * @tparam a_fWhat What to import, zero or more bits from
3931 * HMVMX_CPUMCTX_EXTRN_ALL.
3932 */
3933template<uint64_t const a_fWhat>
3934static int vmxHCImportGuestStateInner(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint32_t fEFlags)
3935{
3936 Assert(a_fWhat != 0); /* No AssertCompile as the assertion probably kicks in before the compiler (clang) discards it. */
3937 AssertCompile(!(a_fWhat & ~HMVMX_CPUMCTX_EXTRN_ALL));
3938 Assert( (pVCpu->cpum.GstCtx.fExtrn & a_fWhat) == a_fWhat
3939 || (pVCpu->cpum.GstCtx.fExtrn & a_fWhat) == (a_fWhat & ~(CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS)));
3940
3941 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatImportGuestState, x);
3942
3943 PVMCC const pVM = pVCpu->CTX_SUFF(pVM);
3944
3945 /* RIP and RFLAGS may have been imported already by the post exit code
3946 together with the CPUMCTX_EXTRN_INHIBIT_INT/NMI state, so this part
3947 of the code is skipping this part of the code. */
3948 if ( (a_fWhat & (CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS))
3949 && pVCpu->cpum.GstCtx.fExtrn & (CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS))
3950 {
3951 if (a_fWhat & CPUMCTX_EXTRN_RFLAGS)
3952 vmxHCImportGuestCoreRFlags(pVCpu, pVmcsInfo);
3953
3954 if (a_fWhat & CPUMCTX_EXTRN_RIP)
3955 {
3956 if (!(a_fWhat & CPUMCTX_EXTRN_CS))
3957 EMHistoryUpdatePC(pVCpu, vmxHCImportGuestCoreRip(pVCpu), false);
3958 else
3959 vmxHCImportGuestCoreRip(pVCpu);
3960 }
3961 }
3962
3963 /* Note! vmxHCImportGuestIntrState may also include RIP and RFLAGS and update fExtrn. */
3964 if (a_fWhat & (CPUMCTX_EXTRN_INHIBIT_INT | CPUMCTX_EXTRN_INHIBIT_NMI))
3965 vmxHCImportGuestIntrState(pVCpu, pVmcsInfo);
3966
3967 if (a_fWhat & (CPUMCTX_EXTRN_SREG_MASK | CPUMCTX_EXTRN_TR))
3968 {
3969 if (a_fWhat & CPUMCTX_EXTRN_CS)
3970 {
3971 vmxHCImportGuestSegReg<X86_SREG_CS>(pVCpu);
3972 /** @todo try get rid of this carp, it smells and is probably never ever
3973 * used: */
3974 if ( !(a_fWhat & CPUMCTX_EXTRN_RIP)
3975 && (pVCpu->cpum.GstCtx.fExtrn & CPUMCTX_EXTRN_RIP))
3976 {
3977 vmxHCImportGuestCoreRip(pVCpu);
3978 pVCpu->cpum.GstCtx.fExtrn &= ~CPUMCTX_EXTRN_RIP;
3979 }
3980 EMHistoryUpdatePC(pVCpu, pVCpu->cpum.GstCtx.cs.u64Base + pVCpu->cpum.GstCtx.rip, true /* fFlattened */);
3981 }
3982 if (a_fWhat & CPUMCTX_EXTRN_SS)
3983 vmxHCImportGuestSegReg<X86_SREG_SS>(pVCpu);
3984 if (a_fWhat & CPUMCTX_EXTRN_DS)
3985 vmxHCImportGuestSegReg<X86_SREG_DS>(pVCpu);
3986 if (a_fWhat & CPUMCTX_EXTRN_ES)
3987 vmxHCImportGuestSegReg<X86_SREG_ES>(pVCpu);
3988 if (a_fWhat & CPUMCTX_EXTRN_FS)
3989 vmxHCImportGuestSegReg<X86_SREG_FS>(pVCpu);
3990 if (a_fWhat & CPUMCTX_EXTRN_GS)
3991 vmxHCImportGuestSegReg<X86_SREG_GS>(pVCpu);
3992
3993 /* Guest TR.
3994 Real-mode emulation using virtual-8086 mode has the fake TSS
3995 (pRealModeTSS) in TR, don't need to import that one. */
3996#ifndef IN_NEM_DARWIN
3997 PVMXVMCSINFOSHARED const pVmcsInfoShared = pVmcsInfo->pShared;
3998 bool const fRealOnV86Active = pVmcsInfoShared->RealMode.fRealOnV86Active;
3999 if ((a_fWhat & CPUMCTX_EXTRN_TR) && !fRealOnV86Active)
4000#else
4001 if (a_fWhat & CPUMCTX_EXTRN_TR)
4002#endif
4003 vmxHCImportGuestTr(pVCpu);
4004
4005#ifndef IN_NEM_DARWIN /* NEM/Darwin: HV supports only unrestricted guest execution. */
4006 if (fRealOnV86Active)
4007 {
4008 if (a_fWhat & CPUMCTX_EXTRN_CS)
4009 pVCpu->cpum.GstCtx.cs.Attr.u = pVmcsInfoShared->RealMode.AttrCS.u;
4010 if (a_fWhat & CPUMCTX_EXTRN_SS)
4011 pVCpu->cpum.GstCtx.ss.Attr.u = pVmcsInfoShared->RealMode.AttrSS.u;
4012 if (a_fWhat & CPUMCTX_EXTRN_DS)
4013 pVCpu->cpum.GstCtx.ds.Attr.u = pVmcsInfoShared->RealMode.AttrDS.u;
4014 if (a_fWhat & CPUMCTX_EXTRN_ES)
4015 pVCpu->cpum.GstCtx.es.Attr.u = pVmcsInfoShared->RealMode.AttrES.u;
4016 if (a_fWhat & CPUMCTX_EXTRN_FS)
4017 pVCpu->cpum.GstCtx.fs.Attr.u = pVmcsInfoShared->RealMode.AttrFS.u;
4018 if (a_fWhat & CPUMCTX_EXTRN_GS)
4019 pVCpu->cpum.GstCtx.gs.Attr.u = pVmcsInfoShared->RealMode.AttrGS.u;
4020 }
4021#endif
4022 }
4023
4024 if (a_fWhat & CPUMCTX_EXTRN_RSP)
4025 {
4026 int const rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_RSP, &pVCpu->cpum.GstCtx.rsp);
4027 AssertRC(rc);
4028 }
4029
4030 if (a_fWhat & CPUMCTX_EXTRN_LDTR)
4031 vmxHCImportGuestLdtr(pVCpu);
4032
4033 if (a_fWhat & CPUMCTX_EXTRN_GDTR)
4034 {
4035 int const rc1 = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_GDTR_BASE, &pVCpu->cpum.GstCtx.gdtr.pGdt); AssertRC(rc1);
4036 uint32_t u32Val;
4037 int const rc2 = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_GDTR_LIMIT, &u32Val); AssertRC(rc2);
4038 pVCpu->cpum.GstCtx.gdtr.cbGdt = (uint16_t)u32Val;
4039 }
4040
4041 /* Guest IDTR. */
4042 if (a_fWhat & CPUMCTX_EXTRN_IDTR)
4043 {
4044 int const rc1 = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_IDTR_BASE, &pVCpu->cpum.GstCtx.idtr.pIdt); AssertRC(rc1);
4045 uint32_t u32Val;
4046 int const rc2 = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_IDTR_LIMIT, &u32Val); AssertRC(rc2);
4047 pVCpu->cpum.GstCtx.idtr.cbIdt = (uint64_t)u32Val;
4048 }
4049
4050 if (a_fWhat & CPUMCTX_EXTRN_DR7)
4051 {
4052#ifndef IN_NEM_DARWIN
4053 if (!pVCpu->hmr0.s.fUsingHyperDR7)
4054#endif
4055 {
4056 int rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_DR7, &pVCpu->cpum.GstCtx.dr[7]);
4057 AssertRC(rc);
4058 }
4059 }
4060
4061 if (a_fWhat & CPUMCTX_EXTRN_SYSENTER_MSRS)
4062 {
4063 int const rc1 = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_SYSENTER_EIP, &pVCpu->cpum.GstCtx.SysEnter.eip); AssertRC(rc1);
4064 int const rc2 = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_SYSENTER_ESP, &pVCpu->cpum.GstCtx.SysEnter.esp); AssertRC(rc2);
4065 uint32_t u32Val;
4066 int const rc3 = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_SYSENTER_CS, &u32Val); AssertRC(rc3);
4067 pVCpu->cpum.GstCtx.SysEnter.cs = u32Val;
4068 }
4069
4070#ifndef IN_NEM_DARWIN
4071 if (a_fWhat & CPUMCTX_EXTRN_KERNEL_GS_BASE)
4072 {
4073 if ( (pVCpu->hmr0.s.vmx.fLazyMsrs & VMX_LAZY_MSRS_LOADED_GUEST)
4074 && pVM->hmr0.s.fAllow64BitGuests)
4075 pVCpu->cpum.GstCtx.msrKERNELGSBASE = ASMRdMsr(MSR_K8_KERNEL_GS_BASE);
4076 }
4077
4078 if (a_fWhat & CPUMCTX_EXTRN_SYSCALL_MSRS)
4079 {
4080 if ( (pVCpu->hmr0.s.vmx.fLazyMsrs & VMX_LAZY_MSRS_LOADED_GUEST)
4081 && pVM->hmr0.s.fAllow64BitGuests)
4082 {
4083 pVCpu->cpum.GstCtx.msrLSTAR = ASMRdMsr(MSR_K8_LSTAR);
4084 pVCpu->cpum.GstCtx.msrSTAR = ASMRdMsr(MSR_K6_STAR);
4085 pVCpu->cpum.GstCtx.msrSFMASK = ASMRdMsr(MSR_K8_SF_MASK);
4086 }
4087 }
4088
4089 if (a_fWhat & (CPUMCTX_EXTRN_TSC_AUX | CPUMCTX_EXTRN_OTHER_MSRS))
4090 {
4091 int const rc1 = vmxHCImportGuestTscAuxAndOtherMsrs(pVCpu, pVmcsInfo, fEFlags);
4092 AssertRCReturn(rc1, rc1);
4093 }
4094#else
4095 NOREF(pVM);
4096#endif
4097
4098 if (a_fWhat & CPUMCTX_EXTRN_CR0)
4099 vmxHCImportGuestCr0(pVCpu, pVmcsInfo);
4100
4101 if (a_fWhat & CPUMCTX_EXTRN_CR4)
4102 vmxHCImportGuestCr4(pVCpu, pVmcsInfo);
4103
4104 if (a_fWhat & CPUMCTX_EXTRN_CR3)
4105 vmxHCImportGuestCr3(pVCpu);
4106
4107#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
4108 if (a_fWhat & CPUMCTX_EXTRN_HWVIRT)
4109 {
4110 if ( (pVmcsInfo->u32ProcCtls2 & VMX_PROC_CTLS2_VMCS_SHADOWING)
4111 && !CPUMIsGuestInVmxNonRootMode(&pVCpu->cpum.GstCtx))
4112 {
4113 Assert(CPUMIsGuestInVmxRootMode(&pVCpu->cpum.GstCtx));
4114 int const rc = vmxHCCopyShadowToNstGstVmcs(pVCpu, pVmcsInfo);
4115 AssertRCReturn(rc, rc);
4116 }
4117 }
4118#endif
4119
4120 /* Update fExtrn. */
4121 pVCpu->cpum.GstCtx.fExtrn &= ~a_fWhat;
4122
4123 /* If everything has been imported, clear the HM keeper bit. */
4124 if (!(pVCpu->cpum.GstCtx.fExtrn & HMVMX_CPUMCTX_EXTRN_ALL))
4125 {
4126#ifndef IN_NEM_DARWIN
4127 pVCpu->cpum.GstCtx.fExtrn &= ~CPUMCTX_EXTRN_KEEPER_HM;
4128#else
4129 pVCpu->cpum.GstCtx.fExtrn &= ~CPUMCTX_EXTRN_KEEPER_NEM;
4130#endif
4131 Assert(!pVCpu->cpum.GstCtx.fExtrn);
4132 }
4133
4134 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatImportGuestState, x);
4135
4136 /*
4137 * Honor any pending CR3 updates.
4138 *
4139 * Consider this scenario: VM-exit -> VMMRZCallRing3Enable() -> do stuff that causes a longjmp -> VMXR0CallRing3Callback()
4140 * -> VMMRZCallRing3Disable() -> vmxHCImportGuestState() -> Sets VMCPU_FF_HM_UPDATE_CR3 pending -> return from the longjmp
4141 * -> continue with VM-exit handling -> vmxHCImportGuestState() and here we are.
4142 *
4143 * The reason for such complicated handling is because VM-exits that call into PGM expect CR3 to be up-to-date and thus
4144 * if any CR3-saves -before- the VM-exit (longjmp) postponed the CR3 update via the force-flag, any VM-exit handler that
4145 * calls into PGM when it re-saves CR3 will end up here and we call PGMUpdateCR3(). This is why the code below should
4146 * -NOT- check if CPUMCTX_EXTRN_CR3 is set!
4147 *
4148 * The longjmp exit path can't check these CR3 force-flags and call code that takes a lock again. We cover for it here.
4149 *
4150 * The force-flag is checked first as it's cheaper for potential superfluous calls to this function.
4151 */
4152#ifndef IN_NEM_DARWIN
4153 if (!(a_fWhat & CPUMCTX_EXTRN_CR3)
4154 ? RT_LIKELY(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3) || !VMMRZCallRing3IsEnabled(pVCpu))
4155 : !VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3) || !VMMRZCallRing3IsEnabled(pVCpu) )
4156 return VINF_SUCCESS;
4157 ASMSetFlags(fEFlags);
4158#else
4159 if (!(a_fWhat & CPUMCTX_EXTRN_CR3)
4160 ? RT_LIKELY(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3))
4161 : !VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3) )
4162 return VINF_SUCCESS;
4163 RT_NOREF_PV(fEFlags);
4164#endif
4165
4166 Assert(!(ASMAtomicUoReadU64(&pVCpu->cpum.GstCtx.fExtrn) & CPUMCTX_EXTRN_CR3));
4167 PGMUpdateCR3(pVCpu, CPUMGetGuestCR3(pVCpu));
4168 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_HM_UPDATE_CR3));
4169 return VINF_SUCCESS;
4170}
4171
4172
4173/**
4174 * Internal state fetcher.
4175 *
4176 * @returns VBox status code.
4177 * @param pVCpu The cross context virtual CPU structure.
4178 * @param pVmcsInfo The VMCS info. object.
4179 * @param pszCaller For logging.
4180 * @tparam a_fWhat What needs to be imported, CPUMCTX_EXTRN_XXX.
4181 * @tparam a_fDoneLocal What's ASSUMED to have been retrieved locally
4182 * already. This is ORed together with @a a_fWhat when
4183 * calculating what needs fetching (just for safety).
4184 * @tparam a_fDonePostExit What's ASSUMED to been been retrieved by
4185 * hmR0VmxPostRunGuest()/nemR3DarwinHandleExitCommon()
4186 * already. This is ORed together with @a a_fWhat when
4187 * calculating what needs fetching (just for safety).
4188 */
4189template<uint64_t const a_fWhat,
4190 uint64_t const a_fDoneLocal = 0,
4191 uint64_t const a_fDonePostExit = 0
4192#ifndef IN_NEM_DARWIN
4193 | CPUMCTX_EXTRN_INHIBIT_INT
4194 | CPUMCTX_EXTRN_INHIBIT_NMI
4195# if defined(HMVMX_ALWAYS_SYNC_FULL_GUEST_STATE) || defined(HMVMX_ALWAYS_SAVE_FULL_GUEST_STATE)
4196 | HMVMX_CPUMCTX_EXTRN_ALL
4197# elif defined(HMVMX_ALWAYS_SAVE_GUEST_RFLAGS)
4198 | CPUMCTX_EXTRN_RFLAGS
4199# endif
4200#else /* IN_NEM_DARWIN */
4201 | CPUMCTX_EXTRN_ALL /** @todo optimize */
4202#endif /* IN_NEM_DARWIN */
4203>
4204DECLINLINE(int) vmxHCImportGuestState(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, const char *pszCaller)
4205{
4206 RT_NOREF_PV(pszCaller);
4207 if ((a_fWhat | a_fDoneLocal | a_fDonePostExit) & HMVMX_CPUMCTX_EXTRN_ALL)
4208 {
4209#ifndef IN_NEM_DARWIN
4210 /*
4211 * We disable interrupts to make the updating of the state and in particular
4212 * the fExtrn modification atomic wrt to preemption hooks.
4213 */
4214 RTCCUINTREG const fEFlags = ASMIntDisableFlags();
4215#else
4216 RTCCUINTREG const fEFlags = 0;
4217#endif
4218
4219 /*
4220 * We combine all three parameters and take the (probably) inlined optimized
4221 * code path for the new things specified in a_fWhat.
4222 *
4223 * As a tweak to deal with exits that have INHIBIT_INT/NMI active, causing
4224 * vmxHCImportGuestIntrState to automatically fetch both RIP & RFLAGS, we
4225 * also take the streamlined path when both of these are cleared in fExtrn
4226 * already. vmxHCImportGuestStateInner checks fExtrn before fetching. This
4227 * helps with MWAIT and HLT exits that always inhibit IRQs on many platforms.
4228 */
4229 uint64_t const fWhatToDo = pVCpu->cpum.GstCtx.fExtrn
4230 & ((a_fWhat | a_fDoneLocal | a_fDonePostExit) & HMVMX_CPUMCTX_EXTRN_ALL);
4231 if (RT_LIKELY( ( fWhatToDo == (a_fWhat & HMVMX_CPUMCTX_EXTRN_ALL & ~(a_fDoneLocal | a_fDonePostExit))
4232 || fWhatToDo == ( a_fWhat & HMVMX_CPUMCTX_EXTRN_ALL & ~(a_fDoneLocal | a_fDonePostExit)
4233 & ~(CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS)) /* fetch with INHIBIT_INT/NMI */))
4234 && (a_fWhat & HMVMX_CPUMCTX_EXTRN_ALL & ~(a_fDoneLocal | a_fDonePostExit)) != 0 /* just in case */)
4235 {
4236 int const rc = vmxHCImportGuestStateInner< a_fWhat
4237 & HMVMX_CPUMCTX_EXTRN_ALL
4238 & ~(a_fDoneLocal | a_fDonePostExit)>(pVCpu, pVmcsInfo, fEFlags);
4239#ifndef IN_NEM_DARWIN
4240 ASMSetFlags(fEFlags);
4241#endif
4242 return rc;
4243 }
4244
4245#ifndef IN_NEM_DARWIN
4246 ASMSetFlags(fEFlags);
4247#endif
4248
4249 /*
4250 * We shouldn't normally get here, but it may happen when executing
4251 * in the debug run-loops. Typically, everything should already have
4252 * been fetched then. Otherwise call the fallback state import function.
4253 */
4254 if (fWhatToDo == 0)
4255 { /* hope the cause was the debug loop or something similar */ }
4256 else
4257 {
4258 STAM_REL_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatImportGuestStateFallback);
4259 Log11Func(("a_fWhat=%#RX64/%#RX64/%#RX64 fExtrn=%#RX64 => %#RX64 - Taking inefficient code path from %s!\n",
4260 a_fWhat & HMVMX_CPUMCTX_EXTRN_ALL, a_fDoneLocal & HMVMX_CPUMCTX_EXTRN_ALL,
4261 a_fDonePostExit & HMVMX_CPUMCTX_EXTRN_ALL, pVCpu->cpum.GstCtx.fExtrn, fWhatToDo, pszCaller));
4262 return vmxHCImportGuestStateEx(pVCpu, pVmcsInfo, a_fWhat | a_fDoneLocal | a_fDonePostExit);
4263 }
4264 }
4265 return VINF_SUCCESS;
4266}
4267
4268
4269/**
4270 * Check per-VM and per-VCPU force flag actions that require us to go back to
4271 * ring-3 for one reason or another.
4272 *
4273 * @returns Strict VBox status code (i.e. informational status codes too)
4274 * @retval VINF_SUCCESS if we don't have any actions that require going back to
4275 * ring-3.
4276 * @retval VINF_PGM_SYNC_CR3 if we have pending PGM CR3 sync.
4277 * @retval VINF_EM_PENDING_REQUEST if we have pending requests (like hardware
4278 * interrupts)
4279 * @retval VINF_PGM_POOL_FLUSH_PENDING if PGM is doing a pool flush and requires
4280 * all EMTs to be in ring-3.
4281 * @retval VINF_EM_RAW_TO_R3 if there is pending DMA requests.
4282 * @retval VINF_EM_NO_MEMORY PGM is out of memory, we need to return
4283 * to the EM loop.
4284 *
4285 * @param pVCpu The cross context virtual CPU structure.
4286 * @param fIsNestedGuest Flag whether this is for a for a pending nested guest event.
4287 * @param fStepping Whether we are single-stepping the guest using the
4288 * hypervisor debugger.
4289 *
4290 * @remarks This might cause nested-guest VM-exits, caller must check if the guest
4291 * is no longer in VMX non-root mode.
4292 */
4293static VBOXSTRICTRC vmxHCCheckForceFlags(PVMCPUCC pVCpu, bool fIsNestedGuest, bool fStepping)
4294{
4295#ifndef IN_NEM_DARWIN
4296 Assert(VMMRZCallRing3IsEnabled(pVCpu));
4297#endif
4298
4299 /*
4300 * Update pending interrupts into the APIC's IRR.
4301 */
4302 if (VMCPU_FF_TEST_AND_CLEAR(pVCpu, VMCPU_FF_UPDATE_APIC))
4303 APICUpdatePendingInterrupts(pVCpu);
4304
4305 /*
4306 * Anything pending? Should be more likely than not if we're doing a good job.
4307 */
4308 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
4309 if ( !fStepping
4310 ? !VM_FF_IS_ANY_SET(pVM, VM_FF_HP_R0_PRE_HM_MASK)
4311 && !VMCPU_FF_IS_ANY_SET(pVCpu, VMCPU_FF_HP_R0_PRE_HM_MASK)
4312 : !VM_FF_IS_ANY_SET(pVM, VM_FF_HP_R0_PRE_HM_STEP_MASK)
4313 && !VMCPU_FF_IS_ANY_SET(pVCpu, VMCPU_FF_HP_R0_PRE_HM_STEP_MASK) )
4314 return VINF_SUCCESS;
4315
4316 /* Pending PGM C3 sync. */
4317 if (VMCPU_FF_IS_ANY_SET(pVCpu,VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
4318 {
4319 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
4320 Assert(!(ASMAtomicUoReadU64(&pCtx->fExtrn) & (CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_CR3 | CPUMCTX_EXTRN_CR4)));
4321 VBOXSTRICTRC rcStrict = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4,
4322 VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
4323 if (rcStrict != VINF_SUCCESS)
4324 {
4325 AssertRC(VBOXSTRICTRC_VAL(rcStrict));
4326 Log4Func(("PGMSyncCR3 forcing us back to ring-3. rc2=%d\n", VBOXSTRICTRC_VAL(rcStrict)));
4327 return rcStrict;
4328 }
4329 }
4330
4331 /* Pending HM-to-R3 operations (critsects, timers, EMT rendezvous etc.) */
4332 if ( VM_FF_IS_ANY_SET(pVM, VM_FF_HM_TO_R3_MASK)
4333 || VMCPU_FF_IS_ANY_SET(pVCpu, VMCPU_FF_HM_TO_R3_MASK))
4334 {
4335 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchHmToR3FF);
4336 int rc = RT_LIKELY(!VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY)) ? VINF_EM_RAW_TO_R3 : VINF_EM_NO_MEMORY;
4337 Log4Func(("HM_TO_R3 forcing us back to ring-3. rc=%d (fVM=%#RX64 fCpu=%#RX64)\n",
4338 rc, pVM->fGlobalForcedActions, pVCpu->fLocalForcedActions));
4339 return rc;
4340 }
4341
4342 /* Pending VM request packets, such as hardware interrupts. */
4343 if ( VM_FF_IS_SET(pVM, VM_FF_REQUEST)
4344 || VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_REQUEST))
4345 {
4346 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchVmReq);
4347 Log4Func(("Pending VM request forcing us back to ring-3\n"));
4348 return VINF_EM_PENDING_REQUEST;
4349 }
4350
4351 /* Pending PGM pool flushes. */
4352 if (VM_FF_IS_SET(pVM, VM_FF_PGM_POOL_FLUSH_PENDING))
4353 {
4354 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchPgmPoolFlush);
4355 Log4Func(("PGM pool flush pending forcing us back to ring-3\n"));
4356 return VINF_PGM_POOL_FLUSH_PENDING;
4357 }
4358
4359 /* Pending DMA requests. */
4360 if (VM_FF_IS_SET(pVM, VM_FF_PDM_DMA))
4361 {
4362 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchDma);
4363 Log4Func(("Pending DMA request forcing us back to ring-3\n"));
4364 return VINF_EM_RAW_TO_R3;
4365 }
4366
4367#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
4368 /*
4369 * Pending nested-guest events.
4370 *
4371 * Please note the priority of these events are specified and important.
4372 * See Intel spec. 29.4.3.2 "APIC-Write Emulation".
4373 * See Intel spec. 6.9 "Priority Among Simultaneous Exceptions And Interrupts".
4374 */
4375 if (fIsNestedGuest)
4376 {
4377 /* Pending nested-guest APIC-write. */
4378 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_APIC_WRITE))
4379 {
4380 Log4Func(("Pending nested-guest APIC-write\n"));
4381 VBOXSTRICTRC rcStrict = IEMExecVmxVmexitApicWrite(pVCpu);
4382 Assert(rcStrict != VINF_VMX_INTERCEPT_NOT_ACTIVE);
4383 return rcStrict;
4384 }
4385
4386 /* Pending nested-guest monitor-trap flag (MTF). */
4387 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_MTF))
4388 {
4389 Log4Func(("Pending nested-guest MTF\n"));
4390 VBOXSTRICTRC rcStrict = IEMExecVmxVmexit(pVCpu, VMX_EXIT_MTF, 0 /* uExitQual */);
4391 Assert(rcStrict != VINF_VMX_INTERCEPT_NOT_ACTIVE);
4392 return rcStrict;
4393 }
4394
4395 /* Pending nested-guest VMX-preemption timer expired. */
4396 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_PREEMPT_TIMER))
4397 {
4398 Log4Func(("Pending nested-guest preempt timer\n"));
4399 VBOXSTRICTRC rcStrict = IEMExecVmxVmexitPreemptTimer(pVCpu);
4400 Assert(rcStrict != VINF_VMX_INTERCEPT_NOT_ACTIVE);
4401 return rcStrict;
4402 }
4403 }
4404#else
4405 NOREF(fIsNestedGuest);
4406#endif
4407
4408 return VINF_SUCCESS;
4409}
4410
4411
4412/**
4413 * Converts any TRPM trap into a pending HM event. This is typically used when
4414 * entering from ring-3 (not longjmp returns).
4415 *
4416 * @param pVCpu The cross context virtual CPU structure.
4417 */
4418static void vmxHCTrpmTrapToPendingEvent(PVMCPUCC pVCpu)
4419{
4420 Assert(TRPMHasTrap(pVCpu));
4421 Assert(!VCPU_2_VMXSTATE(pVCpu).Event.fPending);
4422
4423 uint8_t uVector;
4424 TRPMEVENT enmTrpmEvent;
4425 uint32_t uErrCode;
4426 RTGCUINTPTR GCPtrFaultAddress;
4427 uint8_t cbInstr;
4428 bool fIcebp;
4429
4430 int rc = TRPMQueryTrapAll(pVCpu, &uVector, &enmTrpmEvent, &uErrCode, &GCPtrFaultAddress, &cbInstr, &fIcebp);
4431 AssertRC(rc);
4432
4433 uint32_t u32IntInfo;
4434 u32IntInfo = uVector | VMX_IDT_VECTORING_INFO_VALID;
4435 u32IntInfo |= HMTrpmEventTypeToVmxEventType(uVector, enmTrpmEvent, fIcebp);
4436
4437 rc = TRPMResetTrap(pVCpu);
4438 AssertRC(rc);
4439 Log4(("TRPM->HM event: u32IntInfo=%#RX32 enmTrpmEvent=%d cbInstr=%u uErrCode=%#RX32 GCPtrFaultAddress=%#RGv\n",
4440 u32IntInfo, enmTrpmEvent, cbInstr, uErrCode, GCPtrFaultAddress));
4441
4442 vmxHCSetPendingEvent(pVCpu, u32IntInfo, cbInstr, uErrCode, GCPtrFaultAddress);
4443}
4444
4445
4446/**
4447 * Converts the pending HM event into a TRPM trap.
4448 *
4449 * @param pVCpu The cross context virtual CPU structure.
4450 */
4451static void vmxHCPendingEventToTrpmTrap(PVMCPUCC pVCpu)
4452{
4453 Assert(VCPU_2_VMXSTATE(pVCpu).Event.fPending);
4454
4455 /* If a trap was already pending, we did something wrong! */
4456 Assert(TRPMQueryTrap(pVCpu, NULL /* pu8TrapNo */, NULL /* pEnmType */) == VERR_TRPM_NO_ACTIVE_TRAP);
4457
4458 uint32_t const u32IntInfo = VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo;
4459 uint32_t const uVector = VMX_IDT_VECTORING_INFO_VECTOR(u32IntInfo);
4460 TRPMEVENT const enmTrapType = HMVmxEventTypeToTrpmEventType(u32IntInfo);
4461
4462 Log4(("HM event->TRPM: uVector=%#x enmTrapType=%d\n", uVector, enmTrapType));
4463
4464 int rc = TRPMAssertTrap(pVCpu, uVector, enmTrapType);
4465 AssertRC(rc);
4466
4467 if (VMX_IDT_VECTORING_INFO_IS_ERROR_CODE_VALID(u32IntInfo))
4468 TRPMSetErrorCode(pVCpu, VCPU_2_VMXSTATE(pVCpu).Event.u32ErrCode);
4469
4470 if (VMX_IDT_VECTORING_INFO_IS_XCPT_PF(u32IntInfo))
4471 TRPMSetFaultAddress(pVCpu, VCPU_2_VMXSTATE(pVCpu).Event.GCPtrFaultAddress);
4472 else
4473 {
4474 uint8_t const uVectorType = VMX_IDT_VECTORING_INFO_TYPE(u32IntInfo);
4475 switch (uVectorType)
4476 {
4477 case VMX_IDT_VECTORING_INFO_TYPE_PRIV_SW_XCPT:
4478 TRPMSetTrapDueToIcebp(pVCpu);
4479 RT_FALL_THRU();
4480 case VMX_IDT_VECTORING_INFO_TYPE_SW_INT:
4481 case VMX_IDT_VECTORING_INFO_TYPE_SW_XCPT:
4482 {
4483 AssertMsg( uVectorType == VMX_IDT_VECTORING_INFO_TYPE_SW_INT
4484 || ( uVector == X86_XCPT_BP /* INT3 */
4485 || uVector == X86_XCPT_OF /* INTO */
4486 || uVector == X86_XCPT_DB /* INT1 (ICEBP) */),
4487 ("Invalid vector: uVector=%#x uVectorType=%#x\n", uVector, uVectorType));
4488 TRPMSetInstrLength(pVCpu, VCPU_2_VMXSTATE(pVCpu).Event.cbInstr);
4489 break;
4490 }
4491 }
4492 }
4493
4494 /* We're now done converting the pending event. */
4495 VCPU_2_VMXSTATE(pVCpu).Event.fPending = false;
4496}
4497
4498
4499/**
4500 * Sets the interrupt-window exiting control in the VMCS which instructs VT-x to
4501 * cause a VM-exit as soon as the guest is in a state to receive interrupts.
4502 *
4503 * @param pVCpu The cross context virtual CPU structure.
4504 * @param pVmcsInfo The VMCS info. object.
4505 */
4506static void vmxHCSetIntWindowExitVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
4507{
4508 if (g_HmMsrs.u.vmx.ProcCtls.n.allowed1 & VMX_PROC_CTLS_INT_WINDOW_EXIT)
4509 {
4510 if (!(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_INT_WINDOW_EXIT))
4511 {
4512 pVmcsInfo->u32ProcCtls |= VMX_PROC_CTLS_INT_WINDOW_EXIT;
4513 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
4514 AssertRC(rc);
4515 }
4516 } /* else we will deliver interrupts whenever the guest Vm-exits next and is in a state to receive the interrupt. */
4517}
4518
4519
4520/**
4521 * Clears the interrupt-window exiting control in the VMCS.
4522 *
4523 * @param pVCpu The cross context virtual CPU structure.
4524 * @param pVmcsInfo The VMCS info. object.
4525 */
4526DECLINLINE(void) vmxHCClearIntWindowExitVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
4527{
4528 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_INT_WINDOW_EXIT)
4529 {
4530 pVmcsInfo->u32ProcCtls &= ~VMX_PROC_CTLS_INT_WINDOW_EXIT;
4531 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
4532 AssertRC(rc);
4533 }
4534}
4535
4536
4537/**
4538 * Sets the NMI-window exiting control in the VMCS which instructs VT-x to
4539 * cause a VM-exit as soon as the guest is in a state to receive NMIs.
4540 *
4541 * @param pVCpu The cross context virtual CPU structure.
4542 * @param pVmcsInfo The VMCS info. object.
4543 */
4544static void vmxHCSetNmiWindowExitVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
4545{
4546 if (g_HmMsrs.u.vmx.ProcCtls.n.allowed1 & VMX_PROC_CTLS_NMI_WINDOW_EXIT)
4547 {
4548 if (!(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_NMI_WINDOW_EXIT))
4549 {
4550 pVmcsInfo->u32ProcCtls |= VMX_PROC_CTLS_NMI_WINDOW_EXIT;
4551 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
4552 AssertRC(rc);
4553 Log4Func(("Setup NMI-window exiting\n"));
4554 }
4555 } /* else we will deliver NMIs whenever we VM-exit next, even possibly nesting NMIs. Can't be helped on ancient CPUs. */
4556}
4557
4558
4559/**
4560 * Clears the NMI-window exiting control in the VMCS.
4561 *
4562 * @param pVCpu The cross context virtual CPU structure.
4563 * @param pVmcsInfo The VMCS info. object.
4564 */
4565DECLINLINE(void) vmxHCClearNmiWindowExitVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo)
4566{
4567 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_NMI_WINDOW_EXIT)
4568 {
4569 pVmcsInfo->u32ProcCtls &= ~VMX_PROC_CTLS_NMI_WINDOW_EXIT;
4570 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
4571 AssertRC(rc);
4572 }
4573}
4574
4575
4576/**
4577 * Injects an event into the guest upon VM-entry by updating the relevant fields
4578 * in the VM-entry area in the VMCS.
4579 *
4580 * @returns Strict VBox status code (i.e. informational status codes too).
4581 * @retval VINF_SUCCESS if the event is successfully injected into the VMCS.
4582 * @retval VINF_EM_RESET if event injection resulted in a triple-fault.
4583 *
4584 * @param pVCpu The cross context virtual CPU structure.
4585 * @param pVmcsInfo The VMCS info object.
4586 * @param fIsNestedGuest Flag whether this is for a for a pending nested guest event.
4587 * @param pEvent The event being injected.
4588 * @param pfIntrState Pointer to the VT-x guest-interruptibility-state. This
4589 * will be updated if necessary. This cannot not be NULL.
4590 * @param fStepping Whether we're single-stepping guest execution and should
4591 * return VINF_EM_DBG_STEPPED if the event is injected
4592 * directly (registers modified by us, not by hardware on
4593 * VM-entry).
4594 */
4595static VBOXSTRICTRC vmxHCInjectEventVmcs(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, bool fIsNestedGuest, PCHMEVENT pEvent,
4596 bool fStepping, uint32_t *pfIntrState)
4597{
4598 /* Intel spec. 24.8.3 "VM-Entry Controls for Event Injection" specifies the interruption-information field to be 32-bits. */
4599 AssertMsg(!RT_HI_U32(pEvent->u64IntInfo), ("%#RX64\n", pEvent->u64IntInfo));
4600 Assert(pfIntrState);
4601
4602#ifdef IN_NEM_DARWIN
4603 RT_NOREF(fIsNestedGuest, fStepping, pfIntrState);
4604#endif
4605
4606 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
4607 uint32_t u32IntInfo = pEvent->u64IntInfo;
4608 uint32_t const u32ErrCode = pEvent->u32ErrCode;
4609 uint32_t const cbInstr = pEvent->cbInstr;
4610 RTGCUINTPTR const GCPtrFault = pEvent->GCPtrFaultAddress;
4611 uint8_t const uVector = VMX_ENTRY_INT_INFO_VECTOR(u32IntInfo);
4612 uint32_t const uIntType = VMX_ENTRY_INT_INFO_TYPE(u32IntInfo);
4613
4614#ifdef VBOX_STRICT
4615 /*
4616 * Validate the error-code-valid bit for hardware exceptions.
4617 * No error codes for exceptions in real-mode.
4618 *
4619 * See Intel spec. 20.1.4 "Interrupt and Exception Handling"
4620 */
4621 if ( uIntType == VMX_EXIT_INT_INFO_TYPE_HW_XCPT
4622 && !CPUMIsGuestInRealModeEx(pCtx))
4623 {
4624 switch (uVector)
4625 {
4626 case X86_XCPT_PF:
4627 case X86_XCPT_DF:
4628 case X86_XCPT_TS:
4629 case X86_XCPT_NP:
4630 case X86_XCPT_SS:
4631 case X86_XCPT_GP:
4632 case X86_XCPT_AC:
4633 AssertMsg(VMX_ENTRY_INT_INFO_IS_ERROR_CODE_VALID(u32IntInfo),
4634 ("Error-code-valid bit not set for exception that has an error code uVector=%#x\n", uVector));
4635 RT_FALL_THRU();
4636 default:
4637 break;
4638 }
4639 }
4640
4641 /* Cannot inject an NMI when block-by-MOV SS is in effect. */
4642 Assert( uIntType != VMX_EXIT_INT_INFO_TYPE_NMI
4643 || !(*pfIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS));
4644#endif
4645
4646 RT_NOREF(uVector);
4647 if ( uIntType == VMX_EXIT_INT_INFO_TYPE_HW_XCPT
4648 || uIntType == VMX_EXIT_INT_INFO_TYPE_NMI
4649 || uIntType == VMX_EXIT_INT_INFO_TYPE_PRIV_SW_XCPT
4650 || uIntType == VMX_EXIT_INT_INFO_TYPE_SW_XCPT)
4651 {
4652 Assert(uVector <= X86_XCPT_LAST);
4653 Assert(uIntType != VMX_EXIT_INT_INFO_TYPE_NMI || uVector == X86_XCPT_NMI);
4654 Assert(uIntType != VMX_EXIT_INT_INFO_TYPE_PRIV_SW_XCPT || uVector == X86_XCPT_DB);
4655 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).aStatInjectedXcpts[uVector]);
4656 }
4657 else
4658 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).aStatInjectedIrqs[uVector & MASK_INJECT_IRQ_STAT]);
4659
4660 /*
4661 * Hardware interrupts & exceptions cannot be delivered through the software interrupt
4662 * redirection bitmap to the real mode task in virtual-8086 mode. We must jump to the
4663 * interrupt handler in the (real-mode) guest.
4664 *
4665 * See Intel spec. 20.3 "Interrupt and Exception handling in Virtual-8086 Mode".
4666 * See Intel spec. 20.1.4 "Interrupt and Exception Handling" for real-mode interrupt handling.
4667 */
4668 if (CPUMIsGuestInRealModeEx(pCtx)) /* CR0.PE bit changes are always intercepted, so it's up to date. */
4669 {
4670#ifndef IN_NEM_DARWIN
4671 if (pVCpu->CTX_SUFF(pVM)->hmr0.s.vmx.fUnrestrictedGuest)
4672#endif
4673 {
4674 /*
4675 * For CPUs with unrestricted guest execution enabled and with the guest
4676 * in real-mode, we must not set the deliver-error-code bit.
4677 *
4678 * See Intel spec. 26.2.1.3 "VM-Entry Control Fields".
4679 */
4680 u32IntInfo &= ~VMX_ENTRY_INT_INFO_ERROR_CODE_VALID;
4681 }
4682#ifndef IN_NEM_DARWIN
4683 else
4684 {
4685 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
4686 Assert(PDMVmmDevHeapIsEnabled(pVM));
4687 Assert(pVM->hm.s.vmx.pRealModeTSS);
4688 Assert(!CPUMIsGuestInVmxNonRootMode(&pVCpu->cpum.GstCtx));
4689
4690 /* We require RIP, RSP, RFLAGS, CS, IDTR, import them. */
4691 int rc2 = vmxHCImportGuestStateEx(pVCpu, pVmcsInfo, CPUMCTX_EXTRN_SREG_MASK | CPUMCTX_EXTRN_TABLE_MASK
4692 | CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RSP | CPUMCTX_EXTRN_RFLAGS);
4693 AssertRCReturn(rc2, rc2);
4694
4695 /* Check if the interrupt handler is present in the IVT (real-mode IDT). IDT limit is (4N - 1). */
4696 size_t const cbIdtEntry = sizeof(X86IDTR16);
4697 if (uVector * cbIdtEntry + (cbIdtEntry - 1) > pCtx->idtr.cbIdt)
4698 {
4699 /* If we are trying to inject a #DF with no valid IDT entry, return a triple-fault. */
4700 if (uVector == X86_XCPT_DF)
4701 return VINF_EM_RESET;
4702
4703 /* If we're injecting a #GP with no valid IDT entry, inject a double-fault.
4704 No error codes for exceptions in real-mode. */
4705 if (uVector == X86_XCPT_GP)
4706 {
4707 static HMEVENT const s_EventXcptDf
4708 = HMEVENT_INIT_ONLY_INT_INFO( RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_DF)
4709 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_ENTRY_INT_INFO_TYPE_HW_XCPT)
4710 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 0)
4711 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1));
4712 return vmxHCInjectEventVmcs(pVCpu, pVmcsInfo, fIsNestedGuest, &s_EventXcptDf, fStepping, pfIntrState);
4713 }
4714
4715 /*
4716 * If we're injecting an event with no valid IDT entry, inject a #GP.
4717 * No error codes for exceptions in real-mode.
4718 *
4719 * See Intel spec. 20.1.4 "Interrupt and Exception Handling"
4720 */
4721 static HMEVENT const s_EventXcptGp
4722 = HMEVENT_INIT_ONLY_INT_INFO( RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VECTOR, X86_XCPT_GP)
4723 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_TYPE, VMX_ENTRY_INT_INFO_TYPE_HW_XCPT)
4724 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_ERR_CODE_VALID, 0)
4725 | RT_BF_MAKE(VMX_BF_ENTRY_INT_INFO_VALID, 1));
4726 return vmxHCInjectEventVmcs(pVCpu, pVmcsInfo, fIsNestedGuest, &s_EventXcptGp, fStepping, pfIntrState);
4727 }
4728
4729 /* Software exceptions (#BP and #OF exceptions thrown as a result of INT3 or INTO) */
4730 uint16_t uGuestIp = pCtx->ip;
4731 if (uIntType == VMX_ENTRY_INT_INFO_TYPE_SW_XCPT)
4732 {
4733 Assert(uVector == X86_XCPT_BP || uVector == X86_XCPT_OF);
4734 /* #BP and #OF are both benign traps, we need to resume the next instruction. */
4735 uGuestIp = pCtx->ip + (uint16_t)cbInstr;
4736 }
4737 else if (uIntType == VMX_ENTRY_INT_INFO_TYPE_SW_INT)
4738 uGuestIp = pCtx->ip + (uint16_t)cbInstr;
4739
4740 /* Get the code segment selector and offset from the IDT entry for the interrupt handler. */
4741 X86IDTR16 IdtEntry;
4742 RTGCPHYS const GCPhysIdtEntry = (RTGCPHYS)pCtx->idtr.pIdt + uVector * cbIdtEntry;
4743 rc2 = PGMPhysSimpleReadGCPhys(pVM, &IdtEntry, GCPhysIdtEntry, cbIdtEntry);
4744 AssertRCReturn(rc2, rc2);
4745
4746 /* Construct the stack frame for the interrupt/exception handler. */
4747 VBOXSTRICTRC rcStrict;
4748 rcStrict = hmR0VmxRealModeGuestStackPush(pVCpu, (uint16_t)pCtx->eflags.u);
4749 if (rcStrict == VINF_SUCCESS)
4750 {
4751 rcStrict = hmR0VmxRealModeGuestStackPush(pVCpu, pCtx->cs.Sel);
4752 if (rcStrict == VINF_SUCCESS)
4753 rcStrict = hmR0VmxRealModeGuestStackPush(pVCpu, uGuestIp);
4754 }
4755
4756 /* Clear the required eflag bits and jump to the interrupt/exception handler. */
4757 if (rcStrict == VINF_SUCCESS)
4758 {
4759 pCtx->eflags.u &= ~(X86_EFL_IF | X86_EFL_TF | X86_EFL_RF | X86_EFL_AC);
4760 pCtx->rip = IdtEntry.offSel;
4761 pCtx->cs.Sel = IdtEntry.uSel;
4762 pCtx->cs.ValidSel = IdtEntry.uSel;
4763 pCtx->cs.u64Base = IdtEntry.uSel << cbIdtEntry;
4764 if ( uIntType == VMX_ENTRY_INT_INFO_TYPE_HW_XCPT
4765 && uVector == X86_XCPT_PF)
4766 pCtx->cr2 = GCPtrFault;
4767
4768 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_CS | HM_CHANGED_GUEST_CR2
4769 | HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS
4770 | HM_CHANGED_GUEST_RSP);
4771
4772 /*
4773 * If we delivered a hardware exception (other than an NMI) and if there was
4774 * block-by-STI in effect, we should clear it.
4775 */
4776 if (*pfIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI)
4777 {
4778 Assert( uIntType != VMX_ENTRY_INT_INFO_TYPE_NMI
4779 && uIntType != VMX_ENTRY_INT_INFO_TYPE_EXT_INT);
4780 Log4Func(("Clearing inhibition due to STI\n"));
4781 *pfIntrState &= ~VMX_VMCS_GUEST_INT_STATE_BLOCK_STI;
4782 }
4783
4784 Log4(("Injected real-mode: u32IntInfo=%#x u32ErrCode=%#x cbInstr=%#x Eflags=%#x CS:EIP=%04x:%04x\n",
4785 u32IntInfo, u32ErrCode, cbInstr, pCtx->eflags.u, pCtx->cs.Sel, pCtx->eip));
4786
4787 /*
4788 * The event has been truly dispatched to the guest. Mark it as no longer pending so
4789 * we don't attempt to undo it if we are returning to ring-3 before executing guest code.
4790 */
4791 VCPU_2_VMXSTATE(pVCpu).Event.fPending = false;
4792
4793 /*
4794 * If we eventually support nested-guest execution without unrestricted guest execution,
4795 * we should set fInterceptEvents here.
4796 */
4797 Assert(!fIsNestedGuest);
4798
4799 /* If we're stepping and we've changed cs:rip above, bail out of the VMX R0 execution loop. */
4800 if (fStepping)
4801 rcStrict = VINF_EM_DBG_STEPPED;
4802 }
4803 AssertMsg(rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_RESET || (rcStrict == VINF_EM_DBG_STEPPED && fStepping),
4804 ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
4805 return rcStrict;
4806 }
4807#else
4808 RT_NOREF(pVmcsInfo);
4809#endif
4810 }
4811
4812 /*
4813 * Validate.
4814 */
4815 Assert(VMX_ENTRY_INT_INFO_IS_VALID(u32IntInfo)); /* Bit 31 (Valid bit) must be set by caller. */
4816 Assert(!(u32IntInfo & VMX_BF_ENTRY_INT_INFO_RSVD_12_30_MASK)); /* Bits 30:12 MBZ. */
4817
4818 /*
4819 * Inject the event into the VMCS.
4820 */
4821 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, u32IntInfo);
4822 if (VMX_ENTRY_INT_INFO_IS_ERROR_CODE_VALID(u32IntInfo))
4823 rc |= VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_EXCEPTION_ERRCODE, u32ErrCode);
4824 rc |= VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_INSTR_LENGTH, cbInstr);
4825 AssertRC(rc);
4826
4827 /*
4828 * Update guest CR2 if this is a page-fault.
4829 */
4830 if (VMX_ENTRY_INT_INFO_IS_XCPT_PF(u32IntInfo))
4831 pCtx->cr2 = GCPtrFault;
4832
4833 Log4(("Injecting u32IntInfo=%#x u32ErrCode=%#x cbInstr=%#x CR2=%#RX64\n", u32IntInfo, u32ErrCode, cbInstr, pCtx->cr2));
4834 return VINF_SUCCESS;
4835}
4836
4837
4838/**
4839 * Evaluates the event to be delivered to the guest and sets it as the pending
4840 * event.
4841 *
4842 * Toggling of interrupt force-flags here is safe since we update TRPM on premature
4843 * exits to ring-3 before executing guest code, see vmxHCExitToRing3(). We must
4844 * NOT restore these force-flags.
4845 *
4846 * @returns Strict VBox status code (i.e. informational status codes too).
4847 * @param pVCpu The cross context virtual CPU structure.
4848 * @param pVmcsInfo The VMCS information structure.
4849 * @param fIsNestedGuest Flag whether the evaluation happens for a nested guest.
4850 * @param pfIntrState Where to store the VT-x guest-interruptibility state.
4851 */
4852static VBOXSTRICTRC vmxHCEvaluatePendingEvent(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, bool fIsNestedGuest, uint32_t *pfIntrState)
4853{
4854 Assert(pfIntrState);
4855 Assert(!TRPMHasTrap(pVCpu));
4856
4857 /*
4858 * Compute/update guest-interruptibility state related FFs.
4859 * The FFs will be used below while evaluating events to be injected.
4860 */
4861 *pfIntrState = vmxHCGetGuestIntrStateAndUpdateFFs(pVCpu);
4862
4863 /*
4864 * Evaluate if a new event needs to be injected.
4865 * An event that's already pending has already performed all necessary checks.
4866 */
4867 if ( !VCPU_2_VMXSTATE(pVCpu).Event.fPending
4868 && !CPUMIsInInterruptShadowWithUpdate(&pVCpu->cpum.GstCtx))
4869 {
4870 /** @todo SMI. SMIs take priority over NMIs. */
4871
4872 /*
4873 * NMIs.
4874 * NMIs take priority over external interrupts.
4875 */
4876#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
4877 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
4878#endif
4879 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INTERRUPT_NMI))
4880 {
4881 /*
4882 * For a guest, the FF always indicates the guest's ability to receive an NMI.
4883 *
4884 * For a nested-guest, the FF always indicates the outer guest's ability to
4885 * receive an NMI while the guest-interruptibility state bit depends on whether
4886 * the nested-hypervisor is using virtual-NMIs.
4887 */
4888 if (!CPUMAreInterruptsInhibitedByNmi(&pVCpu->cpum.GstCtx))
4889 {
4890#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
4891 if ( fIsNestedGuest
4892 && CPUMIsGuestVmxPinCtlsSet(pCtx, VMX_PIN_CTLS_NMI_EXIT))
4893 return IEMExecVmxVmexitXcptNmi(pVCpu);
4894#endif
4895 vmxHCSetPendingXcptNmi(pVCpu);
4896 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NMI);
4897 Log4Func(("NMI pending injection\n"));
4898
4899 /* We've injected the NMI, bail. */
4900 return VINF_SUCCESS;
4901 }
4902 if (!fIsNestedGuest)
4903 vmxHCSetNmiWindowExitVmcs(pVCpu, pVmcsInfo);
4904 }
4905
4906 /*
4907 * External interrupts (PIC/APIC).
4908 * Once PDMGetInterrupt() returns a valid interrupt we -must- deliver it.
4909 * We cannot re-request the interrupt from the controller again.
4910 */
4911 if ( VMCPU_FF_IS_ANY_SET(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
4912 && !VCPU_2_VMXSTATE(pVCpu).fSingleInstruction)
4913 {
4914 Assert(!DBGFIsStepping(pVCpu));
4915 int rc = vmxHCImportGuestStateEx(pVCpu, pVmcsInfo, CPUMCTX_EXTRN_RFLAGS);
4916 AssertRC(rc);
4917
4918 /*
4919 * We must not check EFLAGS directly when executing a nested-guest, use
4920 * CPUMIsGuestPhysIntrEnabled() instead as EFLAGS.IF does not control the blocking of
4921 * external interrupts when "External interrupt exiting" is set. This fixes a nasty
4922 * SMP hang while executing nested-guest VCPUs on spinlocks which aren't rescued by
4923 * other VM-exits (like a preemption timer), see @bugref{9562#c18}.
4924 *
4925 * See Intel spec. 25.4.1 "Event Blocking".
4926 */
4927 if (CPUMIsGuestPhysIntrEnabled(pVCpu))
4928 {
4929#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
4930 if ( fIsNestedGuest
4931 && CPUMIsGuestVmxPinCtlsSet(pCtx, VMX_PIN_CTLS_EXT_INT_EXIT))
4932 {
4933 VBOXSTRICTRC rcStrict = IEMExecVmxVmexitExtInt(pVCpu, 0 /* uVector */, true /* fIntPending */);
4934 if (rcStrict != VINF_VMX_INTERCEPT_NOT_ACTIVE)
4935 return rcStrict;
4936 }
4937#endif
4938 uint8_t u8Interrupt;
4939 rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
4940 if (RT_SUCCESS(rc))
4941 {
4942#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
4943 if ( fIsNestedGuest
4944 && CPUMIsGuestVmxPinCtlsSet(pCtx, VMX_PIN_CTLS_EXT_INT_EXIT))
4945 {
4946 VBOXSTRICTRC rcStrict = IEMExecVmxVmexitExtInt(pVCpu, u8Interrupt, false /* fIntPending */);
4947 Assert(rcStrict != VINF_VMX_INTERCEPT_NOT_ACTIVE);
4948 return rcStrict;
4949 }
4950#endif
4951 vmxHCSetPendingExtInt(pVCpu, u8Interrupt);
4952 Log4Func(("External interrupt (%#x) pending injection\n", u8Interrupt));
4953 }
4954 else if (rc == VERR_APIC_INTR_MASKED_BY_TPR)
4955 {
4956 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchTprMaskedIrq);
4957
4958 if ( !fIsNestedGuest
4959 && (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW))
4960 vmxHCApicSetTprThreshold(pVCpu, pVmcsInfo, u8Interrupt >> 4);
4961 /* else: for nested-guests, TPR threshold is picked up while merging VMCS controls. */
4962
4963 /*
4964 * If the CPU doesn't have TPR shadowing, we will always get a VM-exit on TPR changes and
4965 * APICSetTpr() will end up setting the VMCPU_FF_INTERRUPT_APIC if required, so there is no
4966 * need to re-set this force-flag here.
4967 */
4968 }
4969 else
4970 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchGuestIrq);
4971
4972 /* We've injected the interrupt or taken necessary action, bail. */
4973 return VINF_SUCCESS;
4974 }
4975 if (!fIsNestedGuest)
4976 vmxHCSetIntWindowExitVmcs(pVCpu, pVmcsInfo);
4977 }
4978 }
4979 else if (!fIsNestedGuest)
4980 {
4981 /*
4982 * An event is being injected or we are in an interrupt shadow. Check if another event is
4983 * pending. If so, instruct VT-x to cause a VM-exit as soon as the guest is ready to accept
4984 * the pending event.
4985 */
4986 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INTERRUPT_NMI))
4987 vmxHCSetNmiWindowExitVmcs(pVCpu, pVmcsInfo);
4988 else if ( VMCPU_FF_IS_ANY_SET(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
4989 && !VCPU_2_VMXSTATE(pVCpu).fSingleInstruction)
4990 vmxHCSetIntWindowExitVmcs(pVCpu, pVmcsInfo);
4991 }
4992 /* else: for nested-guests, NMI/interrupt-window exiting will be picked up when merging VMCS controls. */
4993
4994 return VINF_SUCCESS;
4995}
4996
4997
4998/**
4999 * Injects any pending events into the guest if the guest is in a state to
5000 * receive them.
5001 *
5002 * @returns Strict VBox status code (i.e. informational status codes too).
5003 * @param pVCpu The cross context virtual CPU structure.
5004 * @param pVmcsInfo The VMCS information structure.
5005 * @param fIsNestedGuest Flag whether the event injection happens for a nested guest.
5006 * @param fIntrState The VT-x guest-interruptibility state.
5007 * @param fStepping Whether we are single-stepping the guest using the
5008 * hypervisor debugger and should return
5009 * VINF_EM_DBG_STEPPED if the event was dispatched
5010 * directly.
5011 */
5012static VBOXSTRICTRC vmxHCInjectPendingEvent(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, bool fIsNestedGuest,
5013 uint32_t fIntrState, bool fStepping)
5014{
5015 HMVMX_ASSERT_PREEMPT_SAFE(pVCpu);
5016#ifndef IN_NEM_DARWIN
5017 Assert(VMMRZCallRing3IsEnabled(pVCpu));
5018#endif
5019
5020#ifdef VBOX_STRICT
5021 /*
5022 * Verify guest-interruptibility state.
5023 *
5024 * We put this in a scoped block so we do not accidentally use fBlockSti or fBlockMovSS,
5025 * since injecting an event may modify the interruptibility state and we must thus always
5026 * use fIntrState.
5027 */
5028 {
5029 bool const fBlockMovSS = RT_BOOL(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS);
5030 bool const fBlockSti = RT_BOOL(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI);
5031 Assert(!fBlockSti || !(ASMAtomicUoReadU64(&pVCpu->cpum.GstCtx.fExtrn) & CPUMCTX_EXTRN_RFLAGS));
5032 Assert(!fBlockSti || pVCpu->cpum.GstCtx.eflags.Bits.u1IF); /* Cannot set block-by-STI when interrupts are disabled. */
5033 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_SMI)); /* We don't support block-by-SMI yet.*/
5034 Assert(!TRPMHasTrap(pVCpu));
5035 NOREF(fBlockMovSS); NOREF(fBlockSti);
5036 }
5037#endif
5038
5039 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
5040 if (VCPU_2_VMXSTATE(pVCpu).Event.fPending)
5041 {
5042 /*
5043 * Do -not- clear any interrupt-window exiting control here. We might have an interrupt
5044 * pending even while injecting an event and in this case, we want a VM-exit as soon as
5045 * the guest is ready for the next interrupt, see @bugref{6208#c45}.
5046 *
5047 * See Intel spec. 26.6.5 "Interrupt-Window Exiting and Virtual-Interrupt Delivery".
5048 */
5049 uint32_t const uIntType = VMX_ENTRY_INT_INFO_TYPE(VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo);
5050#ifdef VBOX_STRICT
5051 if (uIntType == VMX_ENTRY_INT_INFO_TYPE_EXT_INT)
5052 {
5053 Assert(pVCpu->cpum.GstCtx.eflags.u & X86_EFL_IF);
5054 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI));
5055 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS));
5056 }
5057 else if (uIntType == VMX_ENTRY_INT_INFO_TYPE_NMI)
5058 {
5059 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI));
5060 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI));
5061 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS));
5062 }
5063#endif
5064 Log4(("Injecting pending event vcpu[%RU32] u64IntInfo=%#RX64 Type=%#RX32\n", pVCpu->idCpu, VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo,
5065 uIntType));
5066
5067 /*
5068 * Inject the event and get any changes to the guest-interruptibility state.
5069 *
5070 * The guest-interruptibility state may need to be updated if we inject the event
5071 * into the guest IDT ourselves (for real-on-v86 guest injecting software interrupts).
5072 */
5073 rcStrict = vmxHCInjectEventVmcs(pVCpu, pVmcsInfo, fIsNestedGuest, &VCPU_2_VMXSTATE(pVCpu).Event, fStepping, &fIntrState);
5074 AssertRCReturn(VBOXSTRICTRC_VAL(rcStrict), rcStrict);
5075
5076 if (uIntType == VMX_ENTRY_INT_INFO_TYPE_EXT_INT)
5077 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectInterrupt);
5078 else
5079 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectXcpt);
5080 }
5081
5082 /*
5083 * Deliver any pending debug exceptions if the guest is single-stepping using EFLAGS.TF and
5084 * is an interrupt shadow (block-by-STI or block-by-MOV SS).
5085 */
5086 if ( (fIntrState & (VMX_VMCS_GUEST_INT_STATE_BLOCK_STI | VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS))
5087 && !fIsNestedGuest)
5088 {
5089 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RFLAGS);
5090
5091 if (!VCPU_2_VMXSTATE(pVCpu).fSingleInstruction)
5092 {
5093 /*
5094 * Set or clear the BS bit depending on whether the trap flag is active or not. We need
5095 * to do both since we clear the BS bit from the VMCS while exiting to ring-3.
5096 */
5097 Assert(!DBGFIsStepping(pVCpu));
5098 uint8_t const fTrapFlag = !!(pVCpu->cpum.GstCtx.eflags.u & X86_EFL_TF);
5099 int rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_PENDING_DEBUG_XCPTS,
5100 fTrapFlag << VMX_BF_VMCS_PENDING_DBG_XCPT_BS_SHIFT);
5101 AssertRC(rc);
5102 }
5103 else
5104 {
5105 /*
5106 * We must not deliver a debug exception when single-stepping over STI/Mov-SS in the
5107 * hypervisor debugger using EFLAGS.TF but rather clear interrupt inhibition. However,
5108 * we take care of this case in vmxHCExportSharedDebugState and also the case if
5109 * we use MTF, so just make sure it's called before executing guest-code.
5110 */
5111 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_DR_MASK);
5112 }
5113 }
5114 /* else: for nested-guest currently handling while merging controls. */
5115
5116 /*
5117 * Finally, update the guest-interruptibility state.
5118 *
5119 * This is required for the real-on-v86 software interrupt injection, for
5120 * pending debug exceptions as well as updates to the guest state from ring-3 (IEM).
5121 */
5122 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_INT_STATE, fIntrState);
5123 AssertRC(rc);
5124
5125 /*
5126 * There's no need to clear the VM-entry interruption-information field here if we're not
5127 * injecting anything. VT-x clears the valid bit on every VM-exit.
5128 *
5129 * See Intel spec. 24.8.3 "VM-Entry Controls for Event Injection".
5130 */
5131
5132 Assert(rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_RESET || (rcStrict == VINF_EM_DBG_STEPPED && fStepping));
5133 return rcStrict;
5134}
5135
5136
5137/**
5138 * Tries to determine what part of the guest-state VT-x has deemed as invalid
5139 * and update error record fields accordingly.
5140 *
5141 * @returns VMX_IGS_* error codes.
5142 * @retval VMX_IGS_REASON_NOT_FOUND if this function could not find anything
5143 * wrong with the guest state.
5144 *
5145 * @param pVCpu The cross context virtual CPU structure.
5146 * @param pVmcsInfo The VMCS info. object.
5147 *
5148 * @remarks This function assumes our cache of the VMCS controls
5149 * are valid, i.e. vmxHCCheckCachedVmcsCtls() succeeded.
5150 */
5151static uint32_t vmxHCCheckGuestState(PVMCPUCC pVCpu, PCVMXVMCSINFO pVmcsInfo)
5152{
5153#define HMVMX_ERROR_BREAK(err) { uError = (err); break; }
5154#define HMVMX_CHECK_BREAK(expr, err) if (!(expr)) { uError = (err); break; } else do { } while (0)
5155
5156 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
5157 uint32_t uError = VMX_IGS_ERROR;
5158 uint32_t u32IntrState = 0;
5159#ifndef IN_NEM_DARWIN
5160 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
5161 bool const fUnrestrictedGuest = VM_IS_VMX_UNRESTRICTED_GUEST(pVM);
5162#else
5163 bool const fUnrestrictedGuest = true;
5164#endif
5165 do
5166 {
5167 int rc;
5168
5169 /*
5170 * Guest-interruptibility state.
5171 *
5172 * Read this first so that any check that fails prior to those that actually
5173 * require the guest-interruptibility state would still reflect the correct
5174 * VMCS value and avoids causing further confusion.
5175 */
5176 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_INT_STATE, &u32IntrState);
5177 AssertRC(rc);
5178
5179 uint32_t u32Val;
5180 uint64_t u64Val;
5181
5182 /*
5183 * CR0.
5184 */
5185 /** @todo Why do we need to OR and AND the fixed-0 and fixed-1 bits below? */
5186 uint64_t fSetCr0 = (g_HmMsrs.u.vmx.u64Cr0Fixed0 & g_HmMsrs.u.vmx.u64Cr0Fixed1);
5187 uint64_t const fZapCr0 = (g_HmMsrs.u.vmx.u64Cr0Fixed0 | g_HmMsrs.u.vmx.u64Cr0Fixed1);
5188 /* Exceptions for unrestricted guest execution for CR0 fixed bits (PE, PG).
5189 See Intel spec. 26.3.1 "Checks on Guest Control Registers, Debug Registers and MSRs." */
5190 if (fUnrestrictedGuest)
5191 fSetCr0 &= ~(uint64_t)(X86_CR0_PE | X86_CR0_PG);
5192
5193 uint64_t u64GuestCr0;
5194 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_CR0, &u64GuestCr0);
5195 AssertRC(rc);
5196 HMVMX_CHECK_BREAK((u64GuestCr0 & fSetCr0) == fSetCr0, VMX_IGS_CR0_FIXED1);
5197 HMVMX_CHECK_BREAK(!(u64GuestCr0 & ~fZapCr0), VMX_IGS_CR0_FIXED0);
5198 if ( !fUnrestrictedGuest
5199 && (u64GuestCr0 & X86_CR0_PG)
5200 && !(u64GuestCr0 & X86_CR0_PE))
5201 HMVMX_ERROR_BREAK(VMX_IGS_CR0_PG_PE_COMBO);
5202
5203 /*
5204 * CR4.
5205 */
5206 /** @todo Why do we need to OR and AND the fixed-0 and fixed-1 bits below? */
5207 uint64_t const fSetCr4 = (g_HmMsrs.u.vmx.u64Cr4Fixed0 & g_HmMsrs.u.vmx.u64Cr4Fixed1);
5208 uint64_t const fZapCr4 = (g_HmMsrs.u.vmx.u64Cr4Fixed0 | g_HmMsrs.u.vmx.u64Cr4Fixed1);
5209
5210 uint64_t u64GuestCr4;
5211 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_CR4, &u64GuestCr4);
5212 AssertRC(rc);
5213 HMVMX_CHECK_BREAK((u64GuestCr4 & fSetCr4) == fSetCr4, VMX_IGS_CR4_FIXED1);
5214 HMVMX_CHECK_BREAK(!(u64GuestCr4 & ~fZapCr4), VMX_IGS_CR4_FIXED0);
5215
5216 /*
5217 * IA32_DEBUGCTL MSR.
5218 */
5219 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_DEBUGCTL_FULL, &u64Val);
5220 AssertRC(rc);
5221 if ( (pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_LOAD_DEBUG)
5222 && (u64Val & 0xfffffe3c)) /* Bits 31:9, bits 5:2 MBZ. */
5223 {
5224 HMVMX_ERROR_BREAK(VMX_IGS_DEBUGCTL_MSR_RESERVED);
5225 }
5226 uint64_t u64DebugCtlMsr = u64Val;
5227
5228#ifdef VBOX_STRICT
5229 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_ENTRY, &u32Val);
5230 AssertRC(rc);
5231 Assert(u32Val == pVmcsInfo->u32EntryCtls);
5232#endif
5233 bool const fLongModeGuest = RT_BOOL(pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_IA32E_MODE_GUEST);
5234
5235 /*
5236 * RIP and RFLAGS.
5237 */
5238 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_RIP, &u64Val);
5239 AssertRC(rc);
5240 /* pCtx->rip can be different than the one in the VMCS (e.g. run guest code and VM-exits that don't update it). */
5241 if ( !fLongModeGuest
5242 || !pCtx->cs.Attr.n.u1Long)
5243 {
5244 HMVMX_CHECK_BREAK(!(u64Val & UINT64_C(0xffffffff00000000)), VMX_IGS_LONGMODE_RIP_INVALID);
5245 }
5246 /** @todo If the processor supports N < 64 linear-address bits, bits 63:N
5247 * must be identical if the "IA-32e mode guest" VM-entry
5248 * control is 1 and CS.L is 1. No check applies if the
5249 * CPU supports 64 linear-address bits. */
5250
5251 /* Flags in pCtx can be different (real-on-v86 for instance). We are only concerned about the VMCS contents here. */
5252 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_RFLAGS, &u64Val);
5253 AssertRC(rc);
5254 HMVMX_CHECK_BREAK(!(u64Val & UINT64_C(0xffffffffffc08028)), /* Bit 63:22, Bit 15, 5, 3 MBZ. */
5255 VMX_IGS_RFLAGS_RESERVED);
5256 HMVMX_CHECK_BREAK((u64Val & X86_EFL_RA1_MASK), VMX_IGS_RFLAGS_RESERVED1); /* Bit 1 MB1. */
5257 uint32_t const u32Eflags = u64Val;
5258
5259 if ( fLongModeGuest
5260 || ( fUnrestrictedGuest
5261 && !(u64GuestCr0 & X86_CR0_PE)))
5262 {
5263 HMVMX_CHECK_BREAK(!(u32Eflags & X86_EFL_VM), VMX_IGS_RFLAGS_VM_INVALID);
5264 }
5265
5266 uint32_t u32EntryInfo;
5267 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, &u32EntryInfo);
5268 AssertRC(rc);
5269 if (VMX_ENTRY_INT_INFO_IS_EXT_INT(u32EntryInfo))
5270 {
5271 HMVMX_CHECK_BREAK(u32Eflags & X86_EFL_IF, VMX_IGS_RFLAGS_IF_INVALID);
5272 }
5273
5274 /*
5275 * 64-bit checks.
5276 */
5277 if (fLongModeGuest)
5278 {
5279 HMVMX_CHECK_BREAK(u64GuestCr0 & X86_CR0_PG, VMX_IGS_CR0_PG_LONGMODE);
5280 HMVMX_CHECK_BREAK(u64GuestCr4 & X86_CR4_PAE, VMX_IGS_CR4_PAE_LONGMODE);
5281 }
5282
5283 if ( !fLongModeGuest
5284 && (u64GuestCr4 & X86_CR4_PCIDE))
5285 HMVMX_ERROR_BREAK(VMX_IGS_CR4_PCIDE);
5286
5287 /** @todo CR3 field must be such that bits 63:52 and bits in the range
5288 * 51:32 beyond the processor's physical-address width are 0. */
5289
5290 if ( (pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_LOAD_DEBUG)
5291 && (pCtx->dr[7] & X86_DR7_MBZ_MASK))
5292 HMVMX_ERROR_BREAK(VMX_IGS_DR7_RESERVED);
5293
5294#ifndef IN_NEM_DARWIN
5295 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_HOST_SYSENTER_ESP, &u64Val);
5296 AssertRC(rc);
5297 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(u64Val), VMX_IGS_SYSENTER_ESP_NOT_CANONICAL);
5298
5299 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_HOST_SYSENTER_EIP, &u64Val);
5300 AssertRC(rc);
5301 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(u64Val), VMX_IGS_SYSENTER_EIP_NOT_CANONICAL);
5302#endif
5303
5304 /*
5305 * PERF_GLOBAL MSR.
5306 */
5307 if (pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_LOAD_PERF_MSR)
5308 {
5309 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PERF_GLOBAL_CTRL_FULL, &u64Val);
5310 AssertRC(rc);
5311 HMVMX_CHECK_BREAK(!(u64Val & UINT64_C(0xfffffff8fffffffc)),
5312 VMX_IGS_PERF_GLOBAL_MSR_RESERVED); /* Bits 63:35, bits 31:2 MBZ. */
5313 }
5314
5315 /*
5316 * PAT MSR.
5317 */
5318 if (pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_LOAD_PAT_MSR)
5319 {
5320 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PAT_FULL, &u64Val);
5321 AssertRC(rc);
5322 HMVMX_CHECK_BREAK(!(u64Val & UINT64_C(0x707070707070707)), VMX_IGS_PAT_MSR_RESERVED);
5323 for (unsigned i = 0; i < 8; i++)
5324 {
5325 uint8_t u8Val = (u64Val & 0xff);
5326 if ( u8Val != 0 /* UC */
5327 && u8Val != 1 /* WC */
5328 && u8Val != 4 /* WT */
5329 && u8Val != 5 /* WP */
5330 && u8Val != 6 /* WB */
5331 && u8Val != 7 /* UC- */)
5332 HMVMX_ERROR_BREAK(VMX_IGS_PAT_MSR_INVALID);
5333 u64Val >>= 8;
5334 }
5335 }
5336
5337 /*
5338 * EFER MSR.
5339 */
5340 if (pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_LOAD_EFER_MSR)
5341 {
5342 Assert(g_fHmVmxSupportsVmcsEfer);
5343 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_EFER_FULL, &u64Val);
5344 AssertRC(rc);
5345 HMVMX_CHECK_BREAK(!(u64Val & UINT64_C(0xfffffffffffff2fe)),
5346 VMX_IGS_EFER_MSR_RESERVED); /* Bits 63:12, bit 9, bits 7:1 MBZ. */
5347 HMVMX_CHECK_BREAK(RT_BOOL(u64Val & MSR_K6_EFER_LMA) == RT_BOOL( pVmcsInfo->u32EntryCtls
5348 & VMX_ENTRY_CTLS_IA32E_MODE_GUEST),
5349 VMX_IGS_EFER_LMA_GUEST_MODE_MISMATCH);
5350 /** @todo r=ramshankar: Unrestricted check here is probably wrong, see
5351 * iemVmxVmentryCheckGuestState(). */
5352 HMVMX_CHECK_BREAK( fUnrestrictedGuest
5353 || !(u64GuestCr0 & X86_CR0_PG)
5354 || RT_BOOL(u64Val & MSR_K6_EFER_LMA) == RT_BOOL(u64Val & MSR_K6_EFER_LME),
5355 VMX_IGS_EFER_LMA_LME_MISMATCH);
5356 }
5357
5358 /*
5359 * Segment registers.
5360 */
5361 HMVMX_CHECK_BREAK( (pCtx->ldtr.Attr.u & X86DESCATTR_UNUSABLE)
5362 || !(pCtx->ldtr.Sel & X86_SEL_LDT), VMX_IGS_LDTR_TI_INVALID);
5363 if (!(u32Eflags & X86_EFL_VM))
5364 {
5365 /* CS */
5366 HMVMX_CHECK_BREAK(pCtx->cs.Attr.n.u1Present, VMX_IGS_CS_ATTR_P_INVALID);
5367 HMVMX_CHECK_BREAK(!(pCtx->cs.Attr.u & 0xf00), VMX_IGS_CS_ATTR_RESERVED);
5368 HMVMX_CHECK_BREAK(!(pCtx->cs.Attr.u & 0xfffe0000), VMX_IGS_CS_ATTR_RESERVED);
5369 HMVMX_CHECK_BREAK( (pCtx->cs.u32Limit & 0xfff) == 0xfff
5370 || !(pCtx->cs.Attr.n.u1Granularity), VMX_IGS_CS_ATTR_G_INVALID);
5371 HMVMX_CHECK_BREAK( !(pCtx->cs.u32Limit & 0xfff00000)
5372 || (pCtx->cs.Attr.n.u1Granularity), VMX_IGS_CS_ATTR_G_INVALID);
5373 /* CS cannot be loaded with NULL in protected mode. */
5374 HMVMX_CHECK_BREAK(pCtx->cs.Attr.u && !(pCtx->cs.Attr.u & X86DESCATTR_UNUSABLE), VMX_IGS_CS_ATTR_UNUSABLE);
5375 HMVMX_CHECK_BREAK(pCtx->cs.Attr.n.u1DescType, VMX_IGS_CS_ATTR_S_INVALID);
5376 if (pCtx->cs.Attr.n.u4Type == 9 || pCtx->cs.Attr.n.u4Type == 11)
5377 HMVMX_CHECK_BREAK(pCtx->cs.Attr.n.u2Dpl == pCtx->ss.Attr.n.u2Dpl, VMX_IGS_CS_SS_ATTR_DPL_UNEQUAL);
5378 else if (pCtx->cs.Attr.n.u4Type == 13 || pCtx->cs.Attr.n.u4Type == 15)
5379 HMVMX_CHECK_BREAK(pCtx->cs.Attr.n.u2Dpl <= pCtx->ss.Attr.n.u2Dpl, VMX_IGS_CS_SS_ATTR_DPL_MISMATCH);
5380 else if (fUnrestrictedGuest && pCtx->cs.Attr.n.u4Type == 3)
5381 HMVMX_CHECK_BREAK(pCtx->cs.Attr.n.u2Dpl == 0, VMX_IGS_CS_ATTR_DPL_INVALID);
5382 else
5383 HMVMX_ERROR_BREAK(VMX_IGS_CS_ATTR_TYPE_INVALID);
5384
5385 /* SS */
5386 HMVMX_CHECK_BREAK( fUnrestrictedGuest
5387 || (pCtx->ss.Sel & X86_SEL_RPL) == (pCtx->cs.Sel & X86_SEL_RPL), VMX_IGS_SS_CS_RPL_UNEQUAL);
5388 HMVMX_CHECK_BREAK(pCtx->ss.Attr.n.u2Dpl == (pCtx->ss.Sel & X86_SEL_RPL), VMX_IGS_SS_ATTR_DPL_RPL_UNEQUAL);
5389 if ( !(pCtx->cr0 & X86_CR0_PE)
5390 || pCtx->cs.Attr.n.u4Type == 3)
5391 {
5392 HMVMX_CHECK_BREAK(!pCtx->ss.Attr.n.u2Dpl, VMX_IGS_SS_ATTR_DPL_INVALID);
5393 }
5394
5395 if (!(pCtx->ss.Attr.u & X86DESCATTR_UNUSABLE))
5396 {
5397 HMVMX_CHECK_BREAK(pCtx->ss.Attr.n.u4Type == 3 || pCtx->ss.Attr.n.u4Type == 7, VMX_IGS_SS_ATTR_TYPE_INVALID);
5398 HMVMX_CHECK_BREAK(pCtx->ss.Attr.n.u1Present, VMX_IGS_SS_ATTR_P_INVALID);
5399 HMVMX_CHECK_BREAK(!(pCtx->ss.Attr.u & 0xf00), VMX_IGS_SS_ATTR_RESERVED);
5400 HMVMX_CHECK_BREAK(!(pCtx->ss.Attr.u & 0xfffe0000), VMX_IGS_SS_ATTR_RESERVED);
5401 HMVMX_CHECK_BREAK( (pCtx->ss.u32Limit & 0xfff) == 0xfff
5402 || !(pCtx->ss.Attr.n.u1Granularity), VMX_IGS_SS_ATTR_G_INVALID);
5403 HMVMX_CHECK_BREAK( !(pCtx->ss.u32Limit & 0xfff00000)
5404 || (pCtx->ss.Attr.n.u1Granularity), VMX_IGS_SS_ATTR_G_INVALID);
5405 }
5406
5407 /* DS, ES, FS, GS - only check for usable selectors, see vmxHCExportGuestSReg(). */
5408 if (!(pCtx->ds.Attr.u & X86DESCATTR_UNUSABLE))
5409 {
5410 HMVMX_CHECK_BREAK(pCtx->ds.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED, VMX_IGS_DS_ATTR_A_INVALID);
5411 HMVMX_CHECK_BREAK(pCtx->ds.Attr.n.u1Present, VMX_IGS_DS_ATTR_P_INVALID);
5412 HMVMX_CHECK_BREAK( fUnrestrictedGuest
5413 || pCtx->ds.Attr.n.u4Type > 11
5414 || pCtx->ds.Attr.n.u2Dpl >= (pCtx->ds.Sel & X86_SEL_RPL), VMX_IGS_DS_ATTR_DPL_RPL_UNEQUAL);
5415 HMVMX_CHECK_BREAK(!(pCtx->ds.Attr.u & 0xf00), VMX_IGS_DS_ATTR_RESERVED);
5416 HMVMX_CHECK_BREAK(!(pCtx->ds.Attr.u & 0xfffe0000), VMX_IGS_DS_ATTR_RESERVED);
5417 HMVMX_CHECK_BREAK( (pCtx->ds.u32Limit & 0xfff) == 0xfff
5418 || !(pCtx->ds.Attr.n.u1Granularity), VMX_IGS_DS_ATTR_G_INVALID);
5419 HMVMX_CHECK_BREAK( !(pCtx->ds.u32Limit & 0xfff00000)
5420 || (pCtx->ds.Attr.n.u1Granularity), VMX_IGS_DS_ATTR_G_INVALID);
5421 HMVMX_CHECK_BREAK( !(pCtx->ds.Attr.n.u4Type & X86_SEL_TYPE_CODE)
5422 || (pCtx->ds.Attr.n.u4Type & X86_SEL_TYPE_READ), VMX_IGS_DS_ATTR_TYPE_INVALID);
5423 }
5424 if (!(pCtx->es.Attr.u & X86DESCATTR_UNUSABLE))
5425 {
5426 HMVMX_CHECK_BREAK(pCtx->es.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED, VMX_IGS_ES_ATTR_A_INVALID);
5427 HMVMX_CHECK_BREAK(pCtx->es.Attr.n.u1Present, VMX_IGS_ES_ATTR_P_INVALID);
5428 HMVMX_CHECK_BREAK( fUnrestrictedGuest
5429 || pCtx->es.Attr.n.u4Type > 11
5430 || pCtx->es.Attr.n.u2Dpl >= (pCtx->es.Sel & X86_SEL_RPL), VMX_IGS_DS_ATTR_DPL_RPL_UNEQUAL);
5431 HMVMX_CHECK_BREAK(!(pCtx->es.Attr.u & 0xf00), VMX_IGS_ES_ATTR_RESERVED);
5432 HMVMX_CHECK_BREAK(!(pCtx->es.Attr.u & 0xfffe0000), VMX_IGS_ES_ATTR_RESERVED);
5433 HMVMX_CHECK_BREAK( (pCtx->es.u32Limit & 0xfff) == 0xfff
5434 || !(pCtx->es.Attr.n.u1Granularity), VMX_IGS_ES_ATTR_G_INVALID);
5435 HMVMX_CHECK_BREAK( !(pCtx->es.u32Limit & 0xfff00000)
5436 || (pCtx->es.Attr.n.u1Granularity), VMX_IGS_ES_ATTR_G_INVALID);
5437 HMVMX_CHECK_BREAK( !(pCtx->es.Attr.n.u4Type & X86_SEL_TYPE_CODE)
5438 || (pCtx->es.Attr.n.u4Type & X86_SEL_TYPE_READ), VMX_IGS_ES_ATTR_TYPE_INVALID);
5439 }
5440 if (!(pCtx->fs.Attr.u & X86DESCATTR_UNUSABLE))
5441 {
5442 HMVMX_CHECK_BREAK(pCtx->fs.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED, VMX_IGS_FS_ATTR_A_INVALID);
5443 HMVMX_CHECK_BREAK(pCtx->fs.Attr.n.u1Present, VMX_IGS_FS_ATTR_P_INVALID);
5444 HMVMX_CHECK_BREAK( fUnrestrictedGuest
5445 || pCtx->fs.Attr.n.u4Type > 11
5446 || pCtx->fs.Attr.n.u2Dpl >= (pCtx->fs.Sel & X86_SEL_RPL), VMX_IGS_FS_ATTR_DPL_RPL_UNEQUAL);
5447 HMVMX_CHECK_BREAK(!(pCtx->fs.Attr.u & 0xf00), VMX_IGS_FS_ATTR_RESERVED);
5448 HMVMX_CHECK_BREAK(!(pCtx->fs.Attr.u & 0xfffe0000), VMX_IGS_FS_ATTR_RESERVED);
5449 HMVMX_CHECK_BREAK( (pCtx->fs.u32Limit & 0xfff) == 0xfff
5450 || !(pCtx->fs.Attr.n.u1Granularity), VMX_IGS_FS_ATTR_G_INVALID);
5451 HMVMX_CHECK_BREAK( !(pCtx->fs.u32Limit & 0xfff00000)
5452 || (pCtx->fs.Attr.n.u1Granularity), VMX_IGS_FS_ATTR_G_INVALID);
5453 HMVMX_CHECK_BREAK( !(pCtx->fs.Attr.n.u4Type & X86_SEL_TYPE_CODE)
5454 || (pCtx->fs.Attr.n.u4Type & X86_SEL_TYPE_READ), VMX_IGS_FS_ATTR_TYPE_INVALID);
5455 }
5456 if (!(pCtx->gs.Attr.u & X86DESCATTR_UNUSABLE))
5457 {
5458 HMVMX_CHECK_BREAK(pCtx->gs.Attr.n.u4Type & X86_SEL_TYPE_ACCESSED, VMX_IGS_GS_ATTR_A_INVALID);
5459 HMVMX_CHECK_BREAK(pCtx->gs.Attr.n.u1Present, VMX_IGS_GS_ATTR_P_INVALID);
5460 HMVMX_CHECK_BREAK( fUnrestrictedGuest
5461 || pCtx->gs.Attr.n.u4Type > 11
5462 || pCtx->gs.Attr.n.u2Dpl >= (pCtx->gs.Sel & X86_SEL_RPL), VMX_IGS_GS_ATTR_DPL_RPL_UNEQUAL);
5463 HMVMX_CHECK_BREAK(!(pCtx->gs.Attr.u & 0xf00), VMX_IGS_GS_ATTR_RESERVED);
5464 HMVMX_CHECK_BREAK(!(pCtx->gs.Attr.u & 0xfffe0000), VMX_IGS_GS_ATTR_RESERVED);
5465 HMVMX_CHECK_BREAK( (pCtx->gs.u32Limit & 0xfff) == 0xfff
5466 || !(pCtx->gs.Attr.n.u1Granularity), VMX_IGS_GS_ATTR_G_INVALID);
5467 HMVMX_CHECK_BREAK( !(pCtx->gs.u32Limit & 0xfff00000)
5468 || (pCtx->gs.Attr.n.u1Granularity), VMX_IGS_GS_ATTR_G_INVALID);
5469 HMVMX_CHECK_BREAK( !(pCtx->gs.Attr.n.u4Type & X86_SEL_TYPE_CODE)
5470 || (pCtx->gs.Attr.n.u4Type & X86_SEL_TYPE_READ), VMX_IGS_GS_ATTR_TYPE_INVALID);
5471 }
5472 /* 64-bit capable CPUs. */
5473 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(pCtx->fs.u64Base), VMX_IGS_FS_BASE_NOT_CANONICAL);
5474 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(pCtx->gs.u64Base), VMX_IGS_GS_BASE_NOT_CANONICAL);
5475 HMVMX_CHECK_BREAK( (pCtx->ldtr.Attr.u & X86DESCATTR_UNUSABLE)
5476 || X86_IS_CANONICAL(pCtx->ldtr.u64Base), VMX_IGS_LDTR_BASE_NOT_CANONICAL);
5477 HMVMX_CHECK_BREAK(!RT_HI_U32(pCtx->cs.u64Base), VMX_IGS_LONGMODE_CS_BASE_INVALID);
5478 HMVMX_CHECK_BREAK((pCtx->ss.Attr.u & X86DESCATTR_UNUSABLE) || !RT_HI_U32(pCtx->ss.u64Base),
5479 VMX_IGS_LONGMODE_SS_BASE_INVALID);
5480 HMVMX_CHECK_BREAK((pCtx->ds.Attr.u & X86DESCATTR_UNUSABLE) || !RT_HI_U32(pCtx->ds.u64Base),
5481 VMX_IGS_LONGMODE_DS_BASE_INVALID);
5482 HMVMX_CHECK_BREAK((pCtx->es.Attr.u & X86DESCATTR_UNUSABLE) || !RT_HI_U32(pCtx->es.u64Base),
5483 VMX_IGS_LONGMODE_ES_BASE_INVALID);
5484 }
5485 else
5486 {
5487 /* V86 mode checks. */
5488 uint32_t u32CSAttr, u32SSAttr, u32DSAttr, u32ESAttr, u32FSAttr, u32GSAttr;
5489 if (pVmcsInfo->pShared->RealMode.fRealOnV86Active)
5490 {
5491 u32CSAttr = 0xf3; u32SSAttr = 0xf3;
5492 u32DSAttr = 0xf3; u32ESAttr = 0xf3;
5493 u32FSAttr = 0xf3; u32GSAttr = 0xf3;
5494 }
5495 else
5496 {
5497 u32CSAttr = pCtx->cs.Attr.u; u32SSAttr = pCtx->ss.Attr.u;
5498 u32DSAttr = pCtx->ds.Attr.u; u32ESAttr = pCtx->es.Attr.u;
5499 u32FSAttr = pCtx->fs.Attr.u; u32GSAttr = pCtx->gs.Attr.u;
5500 }
5501
5502 /* CS */
5503 HMVMX_CHECK_BREAK((pCtx->cs.u64Base == (uint64_t)pCtx->cs.Sel << 4), VMX_IGS_V86_CS_BASE_INVALID);
5504 HMVMX_CHECK_BREAK(pCtx->cs.u32Limit == 0xffff, VMX_IGS_V86_CS_LIMIT_INVALID);
5505 HMVMX_CHECK_BREAK(u32CSAttr == 0xf3, VMX_IGS_V86_CS_ATTR_INVALID);
5506 /* SS */
5507 HMVMX_CHECK_BREAK((pCtx->ss.u64Base == (uint64_t)pCtx->ss.Sel << 4), VMX_IGS_V86_SS_BASE_INVALID);
5508 HMVMX_CHECK_BREAK(pCtx->ss.u32Limit == 0xffff, VMX_IGS_V86_SS_LIMIT_INVALID);
5509 HMVMX_CHECK_BREAK(u32SSAttr == 0xf3, VMX_IGS_V86_SS_ATTR_INVALID);
5510 /* DS */
5511 HMVMX_CHECK_BREAK((pCtx->ds.u64Base == (uint64_t)pCtx->ds.Sel << 4), VMX_IGS_V86_DS_BASE_INVALID);
5512 HMVMX_CHECK_BREAK(pCtx->ds.u32Limit == 0xffff, VMX_IGS_V86_DS_LIMIT_INVALID);
5513 HMVMX_CHECK_BREAK(u32DSAttr == 0xf3, VMX_IGS_V86_DS_ATTR_INVALID);
5514 /* ES */
5515 HMVMX_CHECK_BREAK((pCtx->es.u64Base == (uint64_t)pCtx->es.Sel << 4), VMX_IGS_V86_ES_BASE_INVALID);
5516 HMVMX_CHECK_BREAK(pCtx->es.u32Limit == 0xffff, VMX_IGS_V86_ES_LIMIT_INVALID);
5517 HMVMX_CHECK_BREAK(u32ESAttr == 0xf3, VMX_IGS_V86_ES_ATTR_INVALID);
5518 /* FS */
5519 HMVMX_CHECK_BREAK((pCtx->fs.u64Base == (uint64_t)pCtx->fs.Sel << 4), VMX_IGS_V86_FS_BASE_INVALID);
5520 HMVMX_CHECK_BREAK(pCtx->fs.u32Limit == 0xffff, VMX_IGS_V86_FS_LIMIT_INVALID);
5521 HMVMX_CHECK_BREAK(u32FSAttr == 0xf3, VMX_IGS_V86_FS_ATTR_INVALID);
5522 /* GS */
5523 HMVMX_CHECK_BREAK((pCtx->gs.u64Base == (uint64_t)pCtx->gs.Sel << 4), VMX_IGS_V86_GS_BASE_INVALID);
5524 HMVMX_CHECK_BREAK(pCtx->gs.u32Limit == 0xffff, VMX_IGS_V86_GS_LIMIT_INVALID);
5525 HMVMX_CHECK_BREAK(u32GSAttr == 0xf3, VMX_IGS_V86_GS_ATTR_INVALID);
5526 /* 64-bit capable CPUs. */
5527 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(pCtx->fs.u64Base), VMX_IGS_FS_BASE_NOT_CANONICAL);
5528 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(pCtx->gs.u64Base), VMX_IGS_GS_BASE_NOT_CANONICAL);
5529 HMVMX_CHECK_BREAK( (pCtx->ldtr.Attr.u & X86DESCATTR_UNUSABLE)
5530 || X86_IS_CANONICAL(pCtx->ldtr.u64Base), VMX_IGS_LDTR_BASE_NOT_CANONICAL);
5531 HMVMX_CHECK_BREAK(!RT_HI_U32(pCtx->cs.u64Base), VMX_IGS_LONGMODE_CS_BASE_INVALID);
5532 HMVMX_CHECK_BREAK((pCtx->ss.Attr.u & X86DESCATTR_UNUSABLE) || !RT_HI_U32(pCtx->ss.u64Base),
5533 VMX_IGS_LONGMODE_SS_BASE_INVALID);
5534 HMVMX_CHECK_BREAK((pCtx->ds.Attr.u & X86DESCATTR_UNUSABLE) || !RT_HI_U32(pCtx->ds.u64Base),
5535 VMX_IGS_LONGMODE_DS_BASE_INVALID);
5536 HMVMX_CHECK_BREAK((pCtx->es.Attr.u & X86DESCATTR_UNUSABLE) || !RT_HI_U32(pCtx->es.u64Base),
5537 VMX_IGS_LONGMODE_ES_BASE_INVALID);
5538 }
5539
5540 /*
5541 * TR.
5542 */
5543 HMVMX_CHECK_BREAK(!(pCtx->tr.Sel & X86_SEL_LDT), VMX_IGS_TR_TI_INVALID);
5544 /* 64-bit capable CPUs. */
5545 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(pCtx->tr.u64Base), VMX_IGS_TR_BASE_NOT_CANONICAL);
5546 if (fLongModeGuest)
5547 HMVMX_CHECK_BREAK(pCtx->tr.Attr.n.u4Type == 11, /* 64-bit busy TSS. */
5548 VMX_IGS_LONGMODE_TR_ATTR_TYPE_INVALID);
5549 else
5550 HMVMX_CHECK_BREAK( pCtx->tr.Attr.n.u4Type == 3 /* 16-bit busy TSS. */
5551 || pCtx->tr.Attr.n.u4Type == 11, /* 32-bit busy TSS.*/
5552 VMX_IGS_TR_ATTR_TYPE_INVALID);
5553 HMVMX_CHECK_BREAK(!pCtx->tr.Attr.n.u1DescType, VMX_IGS_TR_ATTR_S_INVALID);
5554 HMVMX_CHECK_BREAK(pCtx->tr.Attr.n.u1Present, VMX_IGS_TR_ATTR_P_INVALID);
5555 HMVMX_CHECK_BREAK(!(pCtx->tr.Attr.u & 0xf00), VMX_IGS_TR_ATTR_RESERVED); /* Bits 11:8 MBZ. */
5556 HMVMX_CHECK_BREAK( (pCtx->tr.u32Limit & 0xfff) == 0xfff
5557 || !(pCtx->tr.Attr.n.u1Granularity), VMX_IGS_TR_ATTR_G_INVALID);
5558 HMVMX_CHECK_BREAK( !(pCtx->tr.u32Limit & 0xfff00000)
5559 || (pCtx->tr.Attr.n.u1Granularity), VMX_IGS_TR_ATTR_G_INVALID);
5560 HMVMX_CHECK_BREAK(!(pCtx->tr.Attr.u & X86DESCATTR_UNUSABLE), VMX_IGS_TR_ATTR_UNUSABLE);
5561
5562 /*
5563 * GDTR and IDTR (64-bit capable checks).
5564 */
5565 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_GDTR_BASE, &u64Val);
5566 AssertRC(rc);
5567 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(u64Val), VMX_IGS_GDTR_BASE_NOT_CANONICAL);
5568
5569 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_IDTR_BASE, &u64Val);
5570 AssertRC(rc);
5571 HMVMX_CHECK_BREAK(X86_IS_CANONICAL(u64Val), VMX_IGS_IDTR_BASE_NOT_CANONICAL);
5572
5573 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_GDTR_LIMIT, &u32Val);
5574 AssertRC(rc);
5575 HMVMX_CHECK_BREAK(!(u32Val & 0xffff0000), VMX_IGS_GDTR_LIMIT_INVALID); /* Bits 31:16 MBZ. */
5576
5577 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_IDTR_LIMIT, &u32Val);
5578 AssertRC(rc);
5579 HMVMX_CHECK_BREAK(!(u32Val & 0xffff0000), VMX_IGS_IDTR_LIMIT_INVALID); /* Bits 31:16 MBZ. */
5580
5581 /*
5582 * Guest Non-Register State.
5583 */
5584 /* Activity State. */
5585 uint32_t u32ActivityState;
5586 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_ACTIVITY_STATE, &u32ActivityState);
5587 AssertRC(rc);
5588 HMVMX_CHECK_BREAK( !u32ActivityState
5589 || (u32ActivityState & RT_BF_GET(g_HmMsrs.u.vmx.u64Misc, VMX_BF_MISC_ACTIVITY_STATES)),
5590 VMX_IGS_ACTIVITY_STATE_INVALID);
5591 HMVMX_CHECK_BREAK( !(pCtx->ss.Attr.n.u2Dpl)
5592 || u32ActivityState != VMX_VMCS_GUEST_ACTIVITY_HLT, VMX_IGS_ACTIVITY_STATE_HLT_INVALID);
5593
5594 if ( u32IntrState == VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS
5595 || u32IntrState == VMX_VMCS_GUEST_INT_STATE_BLOCK_STI)
5596 {
5597 HMVMX_CHECK_BREAK(u32ActivityState == VMX_VMCS_GUEST_ACTIVITY_ACTIVE, VMX_IGS_ACTIVITY_STATE_ACTIVE_INVALID);
5598 }
5599
5600 /** @todo Activity state and injecting interrupts. Left as a todo since we
5601 * currently don't use activity states but ACTIVE. */
5602
5603 HMVMX_CHECK_BREAK( !(pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_ENTRY_TO_SMM)
5604 || u32ActivityState != VMX_VMCS_GUEST_ACTIVITY_SIPI_WAIT, VMX_IGS_ACTIVITY_STATE_SIPI_WAIT_INVALID);
5605
5606 /* Guest interruptibility-state. */
5607 HMVMX_CHECK_BREAK(!(u32IntrState & 0xffffffe0), VMX_IGS_INTERRUPTIBILITY_STATE_RESERVED);
5608 HMVMX_CHECK_BREAK((u32IntrState & (VMX_VMCS_GUEST_INT_STATE_BLOCK_STI | VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS))
5609 != (VMX_VMCS_GUEST_INT_STATE_BLOCK_STI | VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS),
5610 VMX_IGS_INTERRUPTIBILITY_STATE_STI_MOVSS_INVALID);
5611 HMVMX_CHECK_BREAK( (u32Eflags & X86_EFL_IF)
5612 || !(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI),
5613 VMX_IGS_INTERRUPTIBILITY_STATE_STI_EFL_INVALID);
5614 if (VMX_ENTRY_INT_INFO_IS_EXT_INT(u32EntryInfo))
5615 {
5616 HMVMX_CHECK_BREAK( !(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI)
5617 && !(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS),
5618 VMX_IGS_INTERRUPTIBILITY_STATE_EXT_INT_INVALID);
5619 }
5620 else if (VMX_ENTRY_INT_INFO_IS_XCPT_NMI(u32EntryInfo))
5621 {
5622 HMVMX_CHECK_BREAK(!(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS),
5623 VMX_IGS_INTERRUPTIBILITY_STATE_MOVSS_INVALID);
5624 HMVMX_CHECK_BREAK(!(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI),
5625 VMX_IGS_INTERRUPTIBILITY_STATE_STI_INVALID);
5626 }
5627 /** @todo Assumes the processor is not in SMM. */
5628 HMVMX_CHECK_BREAK(!(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_SMI),
5629 VMX_IGS_INTERRUPTIBILITY_STATE_SMI_INVALID);
5630 HMVMX_CHECK_BREAK( !(pVmcsInfo->u32EntryCtls & VMX_ENTRY_CTLS_ENTRY_TO_SMM)
5631 || (u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_SMI),
5632 VMX_IGS_INTERRUPTIBILITY_STATE_SMI_SMM_INVALID);
5633 if ( (pVmcsInfo->u32PinCtls & VMX_PIN_CTLS_VIRT_NMI)
5634 && VMX_ENTRY_INT_INFO_IS_XCPT_NMI(u32EntryInfo))
5635 {
5636 HMVMX_CHECK_BREAK(!(u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI), VMX_IGS_INTERRUPTIBILITY_STATE_NMI_INVALID);
5637 }
5638
5639 /* Pending debug exceptions. */
5640 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_PENDING_DEBUG_XCPTS, &u64Val);
5641 AssertRC(rc);
5642 /* Bits 63:15, Bit 13, Bits 11:4 MBZ. */
5643 HMVMX_CHECK_BREAK(!(u64Val & UINT64_C(0xffffffffffffaff0)), VMX_IGS_LONGMODE_PENDING_DEBUG_RESERVED);
5644 u32Val = u64Val; /* For pending debug exceptions checks below. */
5645
5646 if ( (u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI)
5647 || (u32IntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS)
5648 || u32ActivityState == VMX_VMCS_GUEST_ACTIVITY_HLT)
5649 {
5650 if ( (u32Eflags & X86_EFL_TF)
5651 && !(u64DebugCtlMsr & RT_BIT_64(1))) /* Bit 1 is IA32_DEBUGCTL.BTF. */
5652 {
5653 /* Bit 14 is PendingDebug.BS. */
5654 HMVMX_CHECK_BREAK(u32Val & RT_BIT(14), VMX_IGS_PENDING_DEBUG_XCPT_BS_NOT_SET);
5655 }
5656 if ( !(u32Eflags & X86_EFL_TF)
5657 || (u64DebugCtlMsr & RT_BIT_64(1))) /* Bit 1 is IA32_DEBUGCTL.BTF. */
5658 {
5659 /* Bit 14 is PendingDebug.BS. */
5660 HMVMX_CHECK_BREAK(!(u32Val & RT_BIT(14)), VMX_IGS_PENDING_DEBUG_XCPT_BS_NOT_CLEAR);
5661 }
5662 }
5663
5664#ifndef IN_NEM_DARWIN
5665 /* VMCS link pointer. */
5666 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_VMCS_LINK_PTR_FULL, &u64Val);
5667 AssertRC(rc);
5668 if (u64Val != UINT64_C(0xffffffffffffffff))
5669 {
5670 HMVMX_CHECK_BREAK(!(u64Val & 0xfff), VMX_IGS_VMCS_LINK_PTR_RESERVED);
5671 /** @todo Bits beyond the processor's physical-address width MBZ. */
5672 /** @todo SMM checks. */
5673 Assert(pVmcsInfo->HCPhysShadowVmcs == u64Val);
5674 Assert(pVmcsInfo->pvShadowVmcs);
5675 VMXVMCSREVID VmcsRevId;
5676 VmcsRevId.u = *(uint32_t *)pVmcsInfo->pvShadowVmcs;
5677 HMVMX_CHECK_BREAK(VmcsRevId.n.u31RevisionId == RT_BF_GET(g_HmMsrs.u.vmx.u64Basic, VMX_BF_BASIC_VMCS_ID),
5678 VMX_IGS_VMCS_LINK_PTR_SHADOW_VMCS_ID_INVALID);
5679 HMVMX_CHECK_BREAK(VmcsRevId.n.fIsShadowVmcs == (uint32_t)!!(pVmcsInfo->u32ProcCtls2 & VMX_PROC_CTLS2_VMCS_SHADOWING),
5680 VMX_IGS_VMCS_LINK_PTR_NOT_SHADOW);
5681 }
5682
5683 /** @todo Checks on Guest Page-Directory-Pointer-Table Entries when guest is
5684 * not using nested paging? */
5685 if ( VM_IS_VMX_NESTED_PAGING(pVM)
5686 && !fLongModeGuest
5687 && CPUMIsGuestInPAEModeEx(pCtx))
5688 {
5689 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE0_FULL, &u64Val);
5690 AssertRC(rc);
5691 HMVMX_CHECK_BREAK(!(u64Val & X86_PDPE_PAE_MBZ_MASK), VMX_IGS_PAE_PDPTE_RESERVED);
5692
5693 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE1_FULL, &u64Val);
5694 AssertRC(rc);
5695 HMVMX_CHECK_BREAK(!(u64Val & X86_PDPE_PAE_MBZ_MASK), VMX_IGS_PAE_PDPTE_RESERVED);
5696
5697 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE2_FULL, &u64Val);
5698 AssertRC(rc);
5699 HMVMX_CHECK_BREAK(!(u64Val & X86_PDPE_PAE_MBZ_MASK), VMX_IGS_PAE_PDPTE_RESERVED);
5700
5701 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_GUEST_PDPTE3_FULL, &u64Val);
5702 AssertRC(rc);
5703 HMVMX_CHECK_BREAK(!(u64Val & X86_PDPE_PAE_MBZ_MASK), VMX_IGS_PAE_PDPTE_RESERVED);
5704 }
5705#endif
5706
5707 /* Shouldn't happen but distinguish it from AssertRCBreak() errors. */
5708 if (uError == VMX_IGS_ERROR)
5709 uError = VMX_IGS_REASON_NOT_FOUND;
5710 } while (0);
5711
5712 VCPU_2_VMXSTATE(pVCpu).u32HMError = uError;
5713 VCPU_2_VMXSTATE(pVCpu).vmx.LastError.u32GuestIntrState = u32IntrState;
5714 return uError;
5715
5716#undef HMVMX_ERROR_BREAK
5717#undef HMVMX_CHECK_BREAK
5718}
5719
5720
5721#ifndef HMVMX_USE_FUNCTION_TABLE
5722/**
5723 * Handles a guest VM-exit from hardware-assisted VMX execution.
5724 *
5725 * @returns Strict VBox status code (i.e. informational status codes too).
5726 * @param pVCpu The cross context virtual CPU structure.
5727 * @param pVmxTransient The VMX-transient structure.
5728 */
5729DECLINLINE(VBOXSTRICTRC) vmxHCHandleExit(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
5730{
5731#ifdef DEBUG_ramshankar
5732# define VMEXIT_CALL_RET(a_fSave, a_CallExpr) \
5733 do { \
5734 if (a_fSave != 0) \
5735 vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__); \
5736 VBOXSTRICTRC rcStrict = a_CallExpr; \
5737 if (a_fSave != 0) \
5738 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST); \
5739 return rcStrict; \
5740 } while (0)
5741#else
5742# define VMEXIT_CALL_RET(a_fSave, a_CallExpr) return a_CallExpr
5743#endif
5744 uint32_t const uExitReason = pVmxTransient->uExitReason;
5745 switch (uExitReason)
5746 {
5747 case VMX_EXIT_EPT_MISCONFIG: VMEXIT_CALL_RET(0, vmxHCExitEptMisconfig(pVCpu, pVmxTransient));
5748 case VMX_EXIT_EPT_VIOLATION: VMEXIT_CALL_RET(0, vmxHCExitEptViolation(pVCpu, pVmxTransient));
5749 case VMX_EXIT_IO_INSTR: VMEXIT_CALL_RET(0, vmxHCExitIoInstr(pVCpu, pVmxTransient));
5750 case VMX_EXIT_CPUID: VMEXIT_CALL_RET(0, vmxHCExitCpuid(pVCpu, pVmxTransient));
5751 case VMX_EXIT_RDTSC: VMEXIT_CALL_RET(0, vmxHCExitRdtsc(pVCpu, pVmxTransient));
5752 case VMX_EXIT_RDTSCP: VMEXIT_CALL_RET(0, vmxHCExitRdtscp(pVCpu, pVmxTransient));
5753 case VMX_EXIT_APIC_ACCESS: VMEXIT_CALL_RET(0, vmxHCExitApicAccess(pVCpu, pVmxTransient));
5754 case VMX_EXIT_XCPT_OR_NMI: VMEXIT_CALL_RET(0, vmxHCExitXcptOrNmi(pVCpu, pVmxTransient));
5755 case VMX_EXIT_MOV_CRX: VMEXIT_CALL_RET(0, vmxHCExitMovCRx(pVCpu, pVmxTransient));
5756 case VMX_EXIT_EXT_INT: VMEXIT_CALL_RET(0, vmxHCExitExtInt(pVCpu, pVmxTransient));
5757 case VMX_EXIT_INT_WINDOW: VMEXIT_CALL_RET(0, vmxHCExitIntWindow(pVCpu, pVmxTransient));
5758 case VMX_EXIT_TPR_BELOW_THRESHOLD: VMEXIT_CALL_RET(0, vmxHCExitTprBelowThreshold(pVCpu, pVmxTransient));
5759 case VMX_EXIT_MWAIT: VMEXIT_CALL_RET(0, vmxHCExitMwait(pVCpu, pVmxTransient));
5760 case VMX_EXIT_MONITOR: VMEXIT_CALL_RET(0, vmxHCExitMonitor(pVCpu, pVmxTransient));
5761 case VMX_EXIT_TASK_SWITCH: VMEXIT_CALL_RET(0, vmxHCExitTaskSwitch(pVCpu, pVmxTransient));
5762 case VMX_EXIT_PREEMPT_TIMER: VMEXIT_CALL_RET(0, vmxHCExitPreemptTimer(pVCpu, pVmxTransient));
5763 case VMX_EXIT_RDMSR: VMEXIT_CALL_RET(0, vmxHCExitRdmsr(pVCpu, pVmxTransient));
5764 case VMX_EXIT_WRMSR: VMEXIT_CALL_RET(0, vmxHCExitWrmsr(pVCpu, pVmxTransient));
5765 case VMX_EXIT_VMCALL: VMEXIT_CALL_RET(0, vmxHCExitVmcall(pVCpu, pVmxTransient));
5766 case VMX_EXIT_MOV_DRX: VMEXIT_CALL_RET(0, vmxHCExitMovDRx(pVCpu, pVmxTransient));
5767 case VMX_EXIT_HLT: VMEXIT_CALL_RET(0, vmxHCExitHlt(pVCpu, pVmxTransient));
5768 case VMX_EXIT_INVD: VMEXIT_CALL_RET(0, vmxHCExitInvd(pVCpu, pVmxTransient));
5769 case VMX_EXIT_INVLPG: VMEXIT_CALL_RET(0, vmxHCExitInvlpg(pVCpu, pVmxTransient));
5770 case VMX_EXIT_MTF: VMEXIT_CALL_RET(0, vmxHCExitMtf(pVCpu, pVmxTransient));
5771 case VMX_EXIT_PAUSE: VMEXIT_CALL_RET(0, vmxHCExitPause(pVCpu, pVmxTransient));
5772 case VMX_EXIT_WBINVD: VMEXIT_CALL_RET(0, vmxHCExitWbinvd(pVCpu, pVmxTransient));
5773 case VMX_EXIT_XSETBV: VMEXIT_CALL_RET(0, vmxHCExitXsetbv(pVCpu, pVmxTransient));
5774 case VMX_EXIT_INVPCID: VMEXIT_CALL_RET(0, vmxHCExitInvpcid(pVCpu, pVmxTransient));
5775 case VMX_EXIT_GETSEC: VMEXIT_CALL_RET(0, vmxHCExitGetsec(pVCpu, pVmxTransient));
5776 case VMX_EXIT_RDPMC: VMEXIT_CALL_RET(0, vmxHCExitRdpmc(pVCpu, pVmxTransient));
5777#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
5778 case VMX_EXIT_VMCLEAR: VMEXIT_CALL_RET(0, vmxHCExitVmclear(pVCpu, pVmxTransient));
5779 case VMX_EXIT_VMLAUNCH: VMEXIT_CALL_RET(0, vmxHCExitVmlaunch(pVCpu, pVmxTransient));
5780 case VMX_EXIT_VMPTRLD: VMEXIT_CALL_RET(0, vmxHCExitVmptrld(pVCpu, pVmxTransient));
5781 case VMX_EXIT_VMPTRST: VMEXIT_CALL_RET(0, vmxHCExitVmptrst(pVCpu, pVmxTransient));
5782 case VMX_EXIT_VMREAD: VMEXIT_CALL_RET(0, vmxHCExitVmread(pVCpu, pVmxTransient));
5783 case VMX_EXIT_VMRESUME: VMEXIT_CALL_RET(0, vmxHCExitVmwrite(pVCpu, pVmxTransient));
5784 case VMX_EXIT_VMWRITE: VMEXIT_CALL_RET(0, vmxHCExitVmresume(pVCpu, pVmxTransient));
5785 case VMX_EXIT_VMXOFF: VMEXIT_CALL_RET(0, vmxHCExitVmxoff(pVCpu, pVmxTransient));
5786 case VMX_EXIT_VMXON: VMEXIT_CALL_RET(0, vmxHCExitVmxon(pVCpu, pVmxTransient));
5787 case VMX_EXIT_INVVPID: VMEXIT_CALL_RET(0, vmxHCExitInvvpid(pVCpu, pVmxTransient));
5788#else
5789 case VMX_EXIT_VMCLEAR:
5790 case VMX_EXIT_VMLAUNCH:
5791 case VMX_EXIT_VMPTRLD:
5792 case VMX_EXIT_VMPTRST:
5793 case VMX_EXIT_VMREAD:
5794 case VMX_EXIT_VMRESUME:
5795 case VMX_EXIT_VMWRITE:
5796 case VMX_EXIT_VMXOFF:
5797 case VMX_EXIT_VMXON:
5798 case VMX_EXIT_INVVPID:
5799 return vmxHCExitSetPendingXcptUD(pVCpu, pVmxTransient);
5800#endif
5801#ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
5802 case VMX_EXIT_INVEPT: VMEXIT_CALL_RET(0, vmxHCExitInvept(pVCpu, pVmxTransient));
5803#else
5804 case VMX_EXIT_INVEPT: return vmxHCExitSetPendingXcptUD(pVCpu, pVmxTransient);
5805#endif
5806
5807 case VMX_EXIT_TRIPLE_FAULT: return vmxHCExitTripleFault(pVCpu, pVmxTransient);
5808 case VMX_EXIT_NMI_WINDOW: return vmxHCExitNmiWindow(pVCpu, pVmxTransient);
5809 case VMX_EXIT_ERR_INVALID_GUEST_STATE: return vmxHCExitErrInvalidGuestState(pVCpu, pVmxTransient);
5810
5811 case VMX_EXIT_INIT_SIGNAL:
5812 case VMX_EXIT_SIPI:
5813 case VMX_EXIT_IO_SMI:
5814 case VMX_EXIT_SMI:
5815 case VMX_EXIT_ERR_MSR_LOAD:
5816 case VMX_EXIT_ERR_MACHINE_CHECK:
5817 case VMX_EXIT_PML_FULL:
5818 case VMX_EXIT_VIRTUALIZED_EOI:
5819 case VMX_EXIT_GDTR_IDTR_ACCESS:
5820 case VMX_EXIT_LDTR_TR_ACCESS:
5821 case VMX_EXIT_APIC_WRITE:
5822 case VMX_EXIT_RDRAND:
5823 case VMX_EXIT_RSM:
5824 case VMX_EXIT_VMFUNC:
5825 case VMX_EXIT_ENCLS:
5826 case VMX_EXIT_RDSEED:
5827 case VMX_EXIT_XSAVES:
5828 case VMX_EXIT_XRSTORS:
5829 case VMX_EXIT_UMWAIT:
5830 case VMX_EXIT_TPAUSE:
5831 case VMX_EXIT_LOADIWKEY:
5832 default:
5833 return vmxHCExitErrUnexpected(pVCpu, pVmxTransient);
5834 }
5835#undef VMEXIT_CALL_RET
5836}
5837#endif /* !HMVMX_USE_FUNCTION_TABLE */
5838
5839
5840#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
5841/**
5842 * Handles a nested-guest VM-exit from hardware-assisted VMX execution.
5843 *
5844 * @returns Strict VBox status code (i.e. informational status codes too).
5845 * @param pVCpu The cross context virtual CPU structure.
5846 * @param pVmxTransient The VMX-transient structure.
5847 */
5848DECLINLINE(VBOXSTRICTRC) vmxHCHandleExitNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
5849{
5850#ifdef DEBUG_ramshankar
5851# define VMEXIT_CALL_RET(a_fSave, a_CallExpr) \
5852 do { \
5853 if (a_fSave != 0) \
5854 vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__); \
5855 VBOXSTRICTRC rcStrict = a_CallExpr; \
5856 return rcStrict; \
5857 } while (0)
5858#else
5859# define VMEXIT_CALL_RET(a_fSave, a_CallExpr) return a_CallExpr
5860#endif
5861
5862 uint32_t const uExitReason = pVmxTransient->uExitReason;
5863 switch (uExitReason)
5864 {
5865# ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
5866 case VMX_EXIT_EPT_MISCONFIG: VMEXIT_CALL_RET(0, vmxHCExitEptMisconfigNested(pVCpu, pVmxTransient));
5867 case VMX_EXIT_EPT_VIOLATION: VMEXIT_CALL_RET(0, vmxHCExitEptViolationNested(pVCpu, pVmxTransient));
5868# else
5869 case VMX_EXIT_EPT_MISCONFIG: VMEXIT_CALL_RET(0, vmxHCExitEptMisconfig(pVCpu, pVmxTransient));
5870 case VMX_EXIT_EPT_VIOLATION: VMEXIT_CALL_RET(0, vmxHCExitEptViolation(pVCpu, pVmxTransient));
5871# endif
5872 case VMX_EXIT_XCPT_OR_NMI: VMEXIT_CALL_RET(0, vmxHCExitXcptOrNmiNested(pVCpu, pVmxTransient));
5873 case VMX_EXIT_IO_INSTR: VMEXIT_CALL_RET(0, vmxHCExitIoInstrNested(pVCpu, pVmxTransient));
5874 case VMX_EXIT_HLT: VMEXIT_CALL_RET(0, vmxHCExitHltNested(pVCpu, pVmxTransient));
5875
5876 /*
5877 * We shouldn't direct host physical interrupts to the nested-guest.
5878 */
5879 case VMX_EXIT_EXT_INT: VMEXIT_CALL_RET(0, vmxHCExitExtInt(pVCpu, pVmxTransient));
5880
5881 /*
5882 * Instructions that cause VM-exits unconditionally or the condition is
5883 * always taken solely from the nested hypervisor (meaning if the VM-exit
5884 * happens, it's guaranteed to be a nested-guest VM-exit).
5885 *
5886 * - Provides VM-exit instruction length ONLY.
5887 */
5888 case VMX_EXIT_CPUID: /* Unconditional. */
5889 case VMX_EXIT_VMCALL:
5890 case VMX_EXIT_GETSEC:
5891 case VMX_EXIT_INVD:
5892 case VMX_EXIT_XSETBV:
5893 case VMX_EXIT_VMLAUNCH:
5894 case VMX_EXIT_VMRESUME:
5895 case VMX_EXIT_VMXOFF:
5896 case VMX_EXIT_ENCLS: /* Condition specified solely by nested hypervisor. */
5897 case VMX_EXIT_VMFUNC:
5898 VMEXIT_CALL_RET(0, vmxHCExitInstrNested(pVCpu, pVmxTransient));
5899
5900 /*
5901 * Instructions that cause VM-exits unconditionally or the condition is
5902 * always taken solely from the nested hypervisor (meaning if the VM-exit
5903 * happens, it's guaranteed to be a nested-guest VM-exit).
5904 *
5905 * - Provides VM-exit instruction length.
5906 * - Provides VM-exit information.
5907 * - Optionally provides Exit qualification.
5908 *
5909 * Since Exit qualification is 0 for all VM-exits where it is not
5910 * applicable, reading and passing it to the guest should produce
5911 * defined behavior.
5912 *
5913 * See Intel spec. 27.2.1 "Basic VM-Exit Information".
5914 */
5915 case VMX_EXIT_INVEPT: /* Unconditional. */
5916 case VMX_EXIT_INVVPID:
5917 case VMX_EXIT_VMCLEAR:
5918 case VMX_EXIT_VMPTRLD:
5919 case VMX_EXIT_VMPTRST:
5920 case VMX_EXIT_VMXON:
5921 case VMX_EXIT_GDTR_IDTR_ACCESS: /* Condition specified solely by nested hypervisor. */
5922 case VMX_EXIT_LDTR_TR_ACCESS:
5923 case VMX_EXIT_RDRAND:
5924 case VMX_EXIT_RDSEED:
5925 case VMX_EXIT_XSAVES:
5926 case VMX_EXIT_XRSTORS:
5927 case VMX_EXIT_UMWAIT:
5928 case VMX_EXIT_TPAUSE:
5929 VMEXIT_CALL_RET(0, vmxHCExitInstrWithInfoNested(pVCpu, pVmxTransient));
5930
5931 case VMX_EXIT_RDTSC: VMEXIT_CALL_RET(0, vmxHCExitRdtscNested(pVCpu, pVmxTransient));
5932 case VMX_EXIT_RDTSCP: VMEXIT_CALL_RET(0, vmxHCExitRdtscpNested(pVCpu, pVmxTransient));
5933 case VMX_EXIT_RDMSR: VMEXIT_CALL_RET(0, vmxHCExitRdmsrNested(pVCpu, pVmxTransient));
5934 case VMX_EXIT_WRMSR: VMEXIT_CALL_RET(0, vmxHCExitWrmsrNested(pVCpu, pVmxTransient));
5935 case VMX_EXIT_INVLPG: VMEXIT_CALL_RET(0, vmxHCExitInvlpgNested(pVCpu, pVmxTransient));
5936 case VMX_EXIT_INVPCID: VMEXIT_CALL_RET(0, vmxHCExitInvpcidNested(pVCpu, pVmxTransient));
5937 case VMX_EXIT_TASK_SWITCH: VMEXIT_CALL_RET(0, vmxHCExitTaskSwitchNested(pVCpu, pVmxTransient));
5938 case VMX_EXIT_WBINVD: VMEXIT_CALL_RET(0, vmxHCExitWbinvdNested(pVCpu, pVmxTransient));
5939 case VMX_EXIT_MTF: VMEXIT_CALL_RET(0, vmxHCExitMtfNested(pVCpu, pVmxTransient));
5940 case VMX_EXIT_APIC_ACCESS: VMEXIT_CALL_RET(0, vmxHCExitApicAccessNested(pVCpu, pVmxTransient));
5941 case VMX_EXIT_APIC_WRITE: VMEXIT_CALL_RET(0, vmxHCExitApicWriteNested(pVCpu, pVmxTransient));
5942 case VMX_EXIT_VIRTUALIZED_EOI: VMEXIT_CALL_RET(0, vmxHCExitVirtEoiNested(pVCpu, pVmxTransient));
5943 case VMX_EXIT_MOV_CRX: VMEXIT_CALL_RET(0, vmxHCExitMovCRxNested(pVCpu, pVmxTransient));
5944 case VMX_EXIT_INT_WINDOW: VMEXIT_CALL_RET(0, vmxHCExitIntWindowNested(pVCpu, pVmxTransient));
5945 case VMX_EXIT_NMI_WINDOW: VMEXIT_CALL_RET(0, vmxHCExitNmiWindowNested(pVCpu, pVmxTransient));
5946 case VMX_EXIT_TPR_BELOW_THRESHOLD: VMEXIT_CALL_RET(0, vmxHCExitTprBelowThresholdNested(pVCpu, pVmxTransient));
5947 case VMX_EXIT_MWAIT: VMEXIT_CALL_RET(0, vmxHCExitMwaitNested(pVCpu, pVmxTransient));
5948 case VMX_EXIT_MONITOR: VMEXIT_CALL_RET(0, vmxHCExitMonitorNested(pVCpu, pVmxTransient));
5949 case VMX_EXIT_PAUSE: VMEXIT_CALL_RET(0, vmxHCExitPauseNested(pVCpu, pVmxTransient));
5950
5951 case VMX_EXIT_PREEMPT_TIMER:
5952 {
5953 /** @todo NSTVMX: Preempt timer. */
5954 VMEXIT_CALL_RET(0, vmxHCExitPreemptTimer(pVCpu, pVmxTransient));
5955 }
5956
5957 case VMX_EXIT_MOV_DRX: VMEXIT_CALL_RET(0, vmxHCExitMovDRxNested(pVCpu, pVmxTransient));
5958 case VMX_EXIT_RDPMC: VMEXIT_CALL_RET(0, vmxHCExitRdpmcNested(pVCpu, pVmxTransient));
5959
5960 case VMX_EXIT_VMREAD:
5961 case VMX_EXIT_VMWRITE: VMEXIT_CALL_RET(0, vmxHCExitVmreadVmwriteNested(pVCpu, pVmxTransient));
5962
5963 case VMX_EXIT_TRIPLE_FAULT: VMEXIT_CALL_RET(0, vmxHCExitTripleFaultNested(pVCpu, pVmxTransient));
5964 case VMX_EXIT_ERR_INVALID_GUEST_STATE: VMEXIT_CALL_RET(0, vmxHCExitErrInvalidGuestStateNested(pVCpu, pVmxTransient));
5965
5966 case VMX_EXIT_INIT_SIGNAL:
5967 case VMX_EXIT_SIPI:
5968 case VMX_EXIT_IO_SMI:
5969 case VMX_EXIT_SMI:
5970 case VMX_EXIT_ERR_MSR_LOAD:
5971 case VMX_EXIT_ERR_MACHINE_CHECK:
5972 case VMX_EXIT_PML_FULL:
5973 case VMX_EXIT_RSM:
5974 default:
5975 return vmxHCExitErrUnexpected(pVCpu, pVmxTransient);
5976 }
5977#undef VMEXIT_CALL_RET
5978}
5979#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
5980
5981
5982/** @name VM-exit helpers.
5983 * @{
5984 */
5985/* -=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
5986/* -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= VM-exit helpers -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- */
5987/* -=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
5988
5989/** Macro for VM-exits called unexpectedly. */
5990#define HMVMX_UNEXPECTED_EXIT_RET(a_pVCpu, a_HmError) \
5991 do { \
5992 VCPU_2_VMXSTATE((a_pVCpu)).u32HMError = (a_HmError); \
5993 return VERR_VMX_UNEXPECTED_EXIT; \
5994 } while (0)
5995
5996#ifdef VBOX_STRICT
5997# ifndef IN_NEM_DARWIN
5998/* Is there some generic IPRT define for this that are not in Runtime/internal/\* ?? */
5999# define HMVMX_ASSERT_PREEMPT_CPUID_VAR() \
6000 RTCPUID const idAssertCpu = RTThreadPreemptIsEnabled(NIL_RTTHREAD) ? NIL_RTCPUID : RTMpCpuId()
6001
6002# define HMVMX_ASSERT_PREEMPT_CPUID() \
6003 do { \
6004 RTCPUID const idAssertCpuNow = RTThreadPreemptIsEnabled(NIL_RTTHREAD) ? NIL_RTCPUID : RTMpCpuId(); \
6005 AssertMsg(idAssertCpu == idAssertCpuNow, ("VMX %#x, %#x\n", idAssertCpu, idAssertCpuNow)); \
6006 } while (0)
6007
6008# define HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) \
6009 do { \
6010 AssertPtr((a_pVCpu)); \
6011 AssertPtr((a_pVmxTransient)); \
6012 Assert( (a_pVmxTransient)->fVMEntryFailed == false \
6013 || (a_pVmxTransient)->uExitReason == VMX_EXIT_ERR_INVALID_GUEST_STATE \
6014 || (a_pVmxTransient)->uExitReason == VMX_EXIT_ERR_MSR_LOAD \
6015 || (a_pVmxTransient)->uExitReason == VMX_EXIT_ERR_MACHINE_CHECK); \
6016 Assert((a_pVmxTransient)->pVmcsInfo); \
6017 Assert(ASMIntAreEnabled()); \
6018 HMVMX_ASSERT_PREEMPT_SAFE(a_pVCpu); \
6019 HMVMX_ASSERT_PREEMPT_CPUID_VAR(); \
6020 Log4Func(("vcpu[%RU32]\n", (a_pVCpu)->idCpu)); \
6021 HMVMX_ASSERT_PREEMPT_SAFE(a_pVCpu); \
6022 if (!VMMRZCallRing3IsEnabled((a_pVCpu))) \
6023 HMVMX_ASSERT_PREEMPT_CPUID(); \
6024 HMVMX_STOP_EXIT_DISPATCH_PROF(); \
6025 } while (0)
6026# else
6027# define HMVMX_ASSERT_PREEMPT_CPUID_VAR() do { } while(0)
6028# define HMVMX_ASSERT_PREEMPT_CPUID() do { } while(0)
6029# define HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) \
6030 do { \
6031 AssertPtr((a_pVCpu)); \
6032 AssertPtr((a_pVmxTransient)); \
6033 Assert( (a_pVmxTransient)->fVMEntryFailed == false \
6034 || (a_pVmxTransient)->uExitReason == VMX_EXIT_ERR_INVALID_GUEST_STATE \
6035 || (a_pVmxTransient)->uExitReason == VMX_EXIT_ERR_MSR_LOAD \
6036 || (a_pVmxTransient)->uExitReason == VMX_EXIT_ERR_MACHINE_CHECK); \
6037 Assert((a_pVmxTransient)->pVmcsInfo); \
6038 Log4Func(("vcpu[%RU32]\n", (a_pVCpu)->idCpu)); \
6039 HMVMX_STOP_EXIT_DISPATCH_PROF(); \
6040 } while (0)
6041# endif
6042
6043# define HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) \
6044 do { \
6045 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient); \
6046 Assert((a_pVmxTransient)->fIsNestedGuest); \
6047 } while (0)
6048
6049# define HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) \
6050 do { \
6051 Log4Func(("\n")); \
6052 } while (0)
6053#else
6054# define HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) \
6055 do { \
6056 HMVMX_STOP_EXIT_DISPATCH_PROF(); \
6057 NOREF((a_pVCpu)); NOREF((a_pVmxTransient)); \
6058 } while (0)
6059
6060# define HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) \
6061 do { HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient); } while (0)
6062
6063# define HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(a_pVCpu, a_pVmxTransient) do { } while (0)
6064#endif
6065
6066#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
6067/** Macro that does the necessary privilege checks and intercepted VM-exits for
6068 * guests that attempted to execute a VMX instruction. */
6069# define HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(a_pVCpu, a_uExitReason) \
6070 do \
6071 { \
6072 VBOXSTRICTRC rcStrictTmp = vmxHCCheckExitDueToVmxInstr((a_pVCpu), (a_uExitReason)); \
6073 if (rcStrictTmp == VINF_SUCCESS) \
6074 { /* likely */ } \
6075 else if (rcStrictTmp == VINF_HM_PENDING_XCPT) \
6076 { \
6077 Assert((a_pVCpu)->hm.s.Event.fPending); \
6078 Log4Func(("Privilege checks failed -> %#x\n", VMX_ENTRY_INT_INFO_VECTOR((a_pVCpu)->hm.s.Event.u64IntInfo))); \
6079 return VINF_SUCCESS; \
6080 } \
6081 else \
6082 { \
6083 int rcTmp = VBOXSTRICTRC_VAL(rcStrictTmp); \
6084 AssertMsgFailedReturn(("Unexpected failure. rc=%Rrc", rcTmp), rcTmp); \
6085 } \
6086 } while (0)
6087
6088/** Macro that decodes a memory operand for an VM-exit caused by an instruction. */
6089# define HMVMX_DECODE_MEM_OPERAND(a_pVCpu, a_uExitInstrInfo, a_uExitQual, a_enmMemAccess, a_pGCPtrEffAddr) \
6090 do \
6091 { \
6092 VBOXSTRICTRC rcStrictTmp = vmxHCDecodeMemOperand((a_pVCpu), (a_uExitInstrInfo), (a_uExitQual), (a_enmMemAccess), \
6093 (a_pGCPtrEffAddr)); \
6094 if (rcStrictTmp == VINF_SUCCESS) \
6095 { /* likely */ } \
6096 else if (rcStrictTmp == VINF_HM_PENDING_XCPT) \
6097 { \
6098 uint8_t const uXcptTmp = VMX_ENTRY_INT_INFO_VECTOR((a_pVCpu)->hm.s.Event.u64IntInfo); \
6099 Log4Func(("Memory operand decoding failed, raising xcpt %#x\n", uXcptTmp)); \
6100 NOREF(uXcptTmp); \
6101 return VINF_SUCCESS; \
6102 } \
6103 else \
6104 { \
6105 Log4Func(("vmxHCDecodeMemOperand failed. rc=%Rrc\n", VBOXSTRICTRC_VAL(rcStrictTmp))); \
6106 return rcStrictTmp; \
6107 } \
6108 } while (0)
6109#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
6110
6111
6112/**
6113 * Advances the guest RIP by the specified number of bytes.
6114 *
6115 * @param pVCpu The cross context virtual CPU structure.
6116 * @param cbInstr Number of bytes to advance the RIP by.
6117 *
6118 * @remarks No-long-jump zone!!!
6119 */
6120DECLINLINE(void) vmxHCAdvanceGuestRipBy(PVMCPUCC pVCpu, uint32_t cbInstr)
6121{
6122 CPUM_ASSERT_NOT_EXTRN(pVCpu, CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS | CPUMCTX_EXTRN_INHIBIT_INT | CPUMCTX_EXTRN_INHIBIT_NMI);
6123
6124 /*
6125 * Advance RIP.
6126 *
6127 * The upper 32 bits are only set when in 64-bit mode, so we have to detect
6128 * when the addition causes a "carry" into the upper half and check whether
6129 * we're in 64-bit and can go on with it or wether we should zap the top
6130 * half. (Note! The 8086, 80186 and 80286 emulation is done exclusively in
6131 * IEM, so we don't need to bother with pre-386 16-bit wraparound.)
6132 *
6133 * See PC wrap around tests in bs3-cpu-weird-1.
6134 */
6135 uint64_t const uRipPrev = pVCpu->cpum.GstCtx.rip;
6136 uint64_t const uRipNext = uRipPrev + cbInstr;
6137 if (RT_LIKELY( !((uRipNext ^ uRipPrev) & RT_BIT_64(32))
6138 || CPUMIsGuestIn64BitCodeEx(&pVCpu->cpum.GstCtx)))
6139 pVCpu->cpum.GstCtx.rip = uRipNext;
6140 else
6141 pVCpu->cpum.GstCtx.rip = (uint32_t)uRipNext;
6142
6143 /*
6144 * Clear RF and interrupt shadowing.
6145 */
6146 if (RT_LIKELY(!(pVCpu->cpum.GstCtx.eflags.uBoth & (X86_EFL_RF | X86_EFL_TF))))
6147 pVCpu->cpum.GstCtx.eflags.uBoth &= ~CPUMCTX_INHIBIT_SHADOW;
6148 else
6149 {
6150 if ((pVCpu->cpum.GstCtx.eflags.uBoth & (X86_EFL_RF | X86_EFL_TF)) == X86_EFL_TF)
6151 {
6152 /** @todo \#DB - single step. */
6153 }
6154 pVCpu->cpum.GstCtx.eflags.uBoth &= ~(X86_EFL_RF | CPUMCTX_INHIBIT_SHADOW);
6155 }
6156 AssertCompile(CPUMCTX_INHIBIT_SHADOW < UINT32_MAX);
6157
6158 /* Mark both RIP and RFLAGS as updated. */
6159 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
6160}
6161
6162
6163/**
6164 * Advances the guest RIP after reading it from the VMCS.
6165 *
6166 * @returns VBox status code, no informational status codes.
6167 * @param pVCpu The cross context virtual CPU structure.
6168 * @param pVmxTransient The VMX-transient structure.
6169 *
6170 * @remarks No-long-jump zone!!!
6171 */
6172static int vmxHCAdvanceGuestRip(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
6173{
6174 vmxHCReadToTransientSlow<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
6175 /** @todo consider template here after checking callers. */
6176 int rc = vmxHCImportGuestStateEx(pVCpu, pVmxTransient->pVmcsInfo, CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RFLAGS);
6177 AssertRCReturn(rc, rc);
6178
6179 vmxHCAdvanceGuestRipBy(pVCpu, pVmxTransient->cbExitInstr);
6180 return VINF_SUCCESS;
6181}
6182
6183
6184/**
6185 * Handle a condition that occurred while delivering an event through the guest or
6186 * nested-guest IDT.
6187 *
6188 * @returns Strict VBox status code (i.e. informational status codes too).
6189 * @retval VINF_SUCCESS if we should continue handling the VM-exit.
6190 * @retval VINF_HM_DOUBLE_FAULT if a \#DF condition was detected and we ought
6191 * to continue execution of the guest which will delivery the \#DF.
6192 * @retval VINF_EM_RESET if we detected a triple-fault condition.
6193 * @retval VERR_EM_GUEST_CPU_HANG if we detected a guest CPU hang.
6194 *
6195 * @param pVCpu The cross context virtual CPU structure.
6196 * @param pVmxTransient The VMX-transient structure.
6197 *
6198 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
6199 * Additionally, HMVMX_READ_EXIT_QUALIFICATION is required if the VM-exit
6200 * is due to an EPT violation, PML full or SPP-related event.
6201 *
6202 * @remarks No-long-jump zone!!!
6203 */
6204static VBOXSTRICTRC vmxHCCheckExitDueToEventDelivery(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
6205{
6206 Assert(!VCPU_2_VMXSTATE(pVCpu).Event.fPending);
6207 HMVMX_ASSERT_READ(pVmxTransient, HMVMX_READ_XCPT_INFO);
6208 if ( pVmxTransient->uExitReason == VMX_EXIT_EPT_VIOLATION
6209 || pVmxTransient->uExitReason == VMX_EXIT_PML_FULL
6210 || pVmxTransient->uExitReason == VMX_EXIT_SPP_EVENT)
6211 HMVMX_ASSERT_READ(pVmxTransient, HMVMX_READ_EXIT_QUALIFICATION);
6212
6213 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
6214 PCVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
6215 uint32_t const uIdtVectorInfo = pVmxTransient->uIdtVectoringInfo;
6216 uint32_t const uExitIntInfo = pVmxTransient->uExitIntInfo;
6217 if (VMX_IDT_VECTORING_INFO_IS_VALID(uIdtVectorInfo))
6218 {
6219 uint32_t const uIdtVector = VMX_IDT_VECTORING_INFO_VECTOR(uIdtVectorInfo);
6220 uint32_t const uIdtVectorType = VMX_IDT_VECTORING_INFO_TYPE(uIdtVectorInfo);
6221
6222 /*
6223 * If the event was a software interrupt (generated with INT n) or a software exception
6224 * (generated by INT3/INTO) or a privileged software exception (generated by INT1), we
6225 * can handle the VM-exit and continue guest execution which will re-execute the
6226 * instruction rather than re-injecting the exception, as that can cause premature
6227 * trips to ring-3 before injection and involve TRPM which currently has no way of
6228 * storing that these exceptions were caused by these instructions (ICEBP's #DB poses
6229 * the problem).
6230 */
6231 IEMXCPTRAISE enmRaise;
6232 IEMXCPTRAISEINFO fRaiseInfo;
6233 if ( uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_SW_INT
6234 || uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_SW_XCPT
6235 || uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_PRIV_SW_XCPT)
6236 {
6237 enmRaise = IEMXCPTRAISE_REEXEC_INSTR;
6238 fRaiseInfo = IEMXCPTRAISEINFO_NONE;
6239 }
6240 else if (VMX_EXIT_INT_INFO_IS_VALID(uExitIntInfo))
6241 {
6242 uint32_t const uExitVectorType = VMX_EXIT_INT_INFO_TYPE(uExitIntInfo);
6243 uint8_t const uExitVector = VMX_EXIT_INT_INFO_VECTOR(uExitIntInfo);
6244 Assert(uExitVectorType == VMX_EXIT_INT_INFO_TYPE_HW_XCPT);
6245
6246 uint32_t const fIdtVectorFlags = vmxHCGetIemXcptFlags(uIdtVector, uIdtVectorType);
6247 uint32_t const fExitVectorFlags = vmxHCGetIemXcptFlags(uExitVector, uExitVectorType);
6248
6249 enmRaise = IEMEvaluateRecursiveXcpt(pVCpu, fIdtVectorFlags, uIdtVector, fExitVectorFlags, uExitVector, &fRaiseInfo);
6250
6251 /* Determine a vectoring #PF condition, see comment in vmxHCExitXcptPF(). */
6252 if (fRaiseInfo & (IEMXCPTRAISEINFO_EXT_INT_PF | IEMXCPTRAISEINFO_NMI_PF))
6253 {
6254 pVmxTransient->fVectoringPF = true;
6255 enmRaise = IEMXCPTRAISE_PREV_EVENT;
6256 }
6257 }
6258 else
6259 {
6260 /*
6261 * If an exception or hardware interrupt delivery caused an EPT violation/misconfig or APIC access
6262 * VM-exit, then the VM-exit interruption-information will not be valid and we end up here.
6263 * It is sufficient to reflect the original event to the guest after handling the VM-exit.
6264 */
6265 Assert( uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_HW_XCPT
6266 || uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_NMI
6267 || uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_EXT_INT);
6268 enmRaise = IEMXCPTRAISE_PREV_EVENT;
6269 fRaiseInfo = IEMXCPTRAISEINFO_NONE;
6270 }
6271
6272 /*
6273 * On CPUs that support Virtual NMIs, if this VM-exit (be it an exception or EPT violation/misconfig
6274 * etc.) occurred while delivering the NMI, we need to clear the block-by-NMI field in the guest
6275 * interruptibility-state before re-delivering the NMI after handling the VM-exit. Otherwise the
6276 * subsequent VM-entry would fail, see @bugref{7445}.
6277 *
6278 * See Intel spec. 30.7.1.2 "Resuming Guest Software after Handling an Exception".
6279 */
6280 if ( uIdtVectorType == VMX_IDT_VECTORING_INFO_TYPE_NMI
6281 && enmRaise == IEMXCPTRAISE_PREV_EVENT
6282 && (pVmcsInfo->u32PinCtls & VMX_PIN_CTLS_VIRT_NMI)
6283 && CPUMAreInterruptsInhibitedByNmiEx(&pVCpu->cpum.GstCtx))
6284 CPUMClearInterruptInhibitingByNmiEx(&pVCpu->cpum.GstCtx);
6285
6286 switch (enmRaise)
6287 {
6288 case IEMXCPTRAISE_CURRENT_XCPT:
6289 {
6290 Log4Func(("IDT: Pending secondary Xcpt: idtinfo=%#RX64 exitinfo=%#RX64\n", uIdtVectorInfo, uExitIntInfo));
6291 Assert(rcStrict == VINF_SUCCESS);
6292 break;
6293 }
6294
6295 case IEMXCPTRAISE_PREV_EVENT:
6296 {
6297 uint32_t u32ErrCode;
6298 if (VMX_IDT_VECTORING_INFO_IS_ERROR_CODE_VALID(uIdtVectorInfo))
6299 u32ErrCode = pVmxTransient->uIdtVectoringErrorCode;
6300 else
6301 u32ErrCode = 0;
6302
6303 /* If uExitVector is #PF, CR2 value will be updated from the VMCS if it's a guest #PF, see vmxHCExitXcptPF(). */
6304 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectReflect);
6305 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_IDT_INFO(uIdtVectorInfo), 0 /* cbInstr */, u32ErrCode,
6306 pVCpu->cpum.GstCtx.cr2);
6307
6308 Log4Func(("IDT: Pending vectoring event %#RX64 Err=%#RX32\n", VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo,
6309 VCPU_2_VMXSTATE(pVCpu).Event.u32ErrCode));
6310 Assert(rcStrict == VINF_SUCCESS);
6311 break;
6312 }
6313
6314 case IEMXCPTRAISE_REEXEC_INSTR:
6315 Assert(rcStrict == VINF_SUCCESS);
6316 break;
6317
6318 case IEMXCPTRAISE_DOUBLE_FAULT:
6319 {
6320 /*
6321 * Determine a vectoring double #PF condition. Used later, when PGM evaluates the
6322 * second #PF as a guest #PF (and not a shadow #PF) and needs to be converted into a #DF.
6323 */
6324 if (fRaiseInfo & IEMXCPTRAISEINFO_PF_PF)
6325 {
6326 pVmxTransient->fVectoringDoublePF = true;
6327 Log4Func(("IDT: Vectoring double #PF %#RX64 cr2=%#RX64\n", VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo,
6328 pVCpu->cpum.GstCtx.cr2));
6329 rcStrict = VINF_SUCCESS;
6330 }
6331 else
6332 {
6333 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectConvertDF);
6334 vmxHCSetPendingXcptDF(pVCpu);
6335 Log4Func(("IDT: Pending vectoring #DF %#RX64 uIdtVector=%#x uExitVector=%#x\n", VCPU_2_VMXSTATE(pVCpu).Event.u64IntInfo,
6336 uIdtVector, VMX_EXIT_INT_INFO_VECTOR(uExitIntInfo)));
6337 rcStrict = VINF_HM_DOUBLE_FAULT;
6338 }
6339 break;
6340 }
6341
6342 case IEMXCPTRAISE_TRIPLE_FAULT:
6343 {
6344 Log4Func(("IDT: Pending vectoring triple-fault uIdt=%#x uExit=%#x\n", uIdtVector,
6345 VMX_EXIT_INT_INFO_VECTOR(uExitIntInfo)));
6346 rcStrict = VINF_EM_RESET;
6347 break;
6348 }
6349
6350 case IEMXCPTRAISE_CPU_HANG:
6351 {
6352 Log4Func(("IDT: Bad guest! Entering CPU hang. fRaiseInfo=%#x\n", fRaiseInfo));
6353 rcStrict = VERR_EM_GUEST_CPU_HANG;
6354 break;
6355 }
6356
6357 default:
6358 {
6359 AssertMsgFailed(("IDT: vcpu[%RU32] Unexpected/invalid value! enmRaise=%#x\n", pVCpu->idCpu, enmRaise));
6360 rcStrict = VERR_VMX_IPE_2;
6361 break;
6362 }
6363 }
6364 }
6365 else if ( (pVmcsInfo->u32PinCtls & VMX_PIN_CTLS_VIRT_NMI)
6366 && !CPUMAreInterruptsInhibitedByNmiEx(&pVCpu->cpum.GstCtx))
6367 {
6368 if ( VMX_EXIT_INT_INFO_IS_VALID(uExitIntInfo)
6369 && VMX_EXIT_INT_INFO_VECTOR(uExitIntInfo) != X86_XCPT_DF
6370 && VMX_EXIT_INT_INFO_IS_NMI_UNBLOCK_IRET(uExitIntInfo))
6371 {
6372 /*
6373 * Execution of IRET caused a fault when NMI blocking was in effect (i.e we're in
6374 * the guest or nested-guest NMI handler). We need to set the block-by-NMI field so
6375 * that virtual NMIs remain blocked until the IRET execution is completed.
6376 *
6377 * See Intel spec. 31.7.1.2 "Resuming Guest Software After Handling An Exception".
6378 */
6379 CPUMSetInterruptInhibitingByNmiEx(&pVCpu->cpum.GstCtx);
6380 Log4Func(("Set NMI blocking. uExitReason=%u\n", pVmxTransient->uExitReason));
6381 }
6382 else if ( pVmxTransient->uExitReason == VMX_EXIT_EPT_VIOLATION
6383 || pVmxTransient->uExitReason == VMX_EXIT_PML_FULL
6384 || pVmxTransient->uExitReason == VMX_EXIT_SPP_EVENT)
6385 {
6386 /*
6387 * Execution of IRET caused an EPT violation, page-modification log-full event or
6388 * SPP-related event VM-exit when NMI blocking was in effect (i.e. we're in the
6389 * guest or nested-guest NMI handler). We need to set the block-by-NMI field so
6390 * that virtual NMIs remain blocked until the IRET execution is completed.
6391 *
6392 * See Intel spec. 27.2.3 "Information about NMI unblocking due to IRET"
6393 */
6394 if (VMX_EXIT_QUAL_EPT_IS_NMI_UNBLOCK_IRET(pVmxTransient->uExitQual))
6395 {
6396 CPUMSetInterruptInhibitingByNmiEx(&pVCpu->cpum.GstCtx);
6397 Log4Func(("Set NMI blocking. uExitReason=%u\n", pVmxTransient->uExitReason));
6398 }
6399 }
6400 }
6401
6402 Assert( rcStrict == VINF_SUCCESS || rcStrict == VINF_HM_DOUBLE_FAULT
6403 || rcStrict == VINF_EM_RESET || rcStrict == VERR_EM_GUEST_CPU_HANG);
6404 return rcStrict;
6405}
6406
6407
6408#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
6409/**
6410 * Perform the relevant VMX instruction checks for VM-exits that occurred due to the
6411 * guest attempting to execute a VMX instruction.
6412 *
6413 * @returns Strict VBox status code (i.e. informational status codes too).
6414 * @retval VINF_SUCCESS if we should continue handling the VM-exit.
6415 * @retval VINF_HM_PENDING_XCPT if an exception was raised.
6416 *
6417 * @param pVCpu The cross context virtual CPU structure.
6418 * @param uExitReason The VM-exit reason.
6419 *
6420 * @todo NSTVMX: Document other error codes when VM-exit is implemented.
6421 * @remarks No-long-jump zone!!!
6422 */
6423static VBOXSTRICTRC vmxHCCheckExitDueToVmxInstr(PVMCPUCC pVCpu, uint32_t uExitReason)
6424{
6425 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_RFLAGS | CPUMCTX_EXTRN_SS
6426 | CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_EFER);
6427
6428 /*
6429 * The physical CPU would have already checked the CPU mode/code segment.
6430 * We shall just assert here for paranoia.
6431 * See Intel spec. 25.1.1 "Relative Priority of Faults and VM Exits".
6432 */
6433 Assert(!CPUMIsGuestInRealOrV86ModeEx(&pVCpu->cpum.GstCtx));
6434 Assert( !CPUMIsGuestInLongModeEx(&pVCpu->cpum.GstCtx)
6435 || CPUMIsGuestIn64BitCodeEx(&pVCpu->cpum.GstCtx));
6436
6437 if (uExitReason == VMX_EXIT_VMXON)
6438 {
6439 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR4);
6440
6441 /*
6442 * We check CR4.VMXE because it is required to be always set while in VMX operation
6443 * by physical CPUs and our CR4 read-shadow is only consulted when executing specific
6444 * instructions (CLTS, LMSW, MOV CR, and SMSW) and thus doesn't affect CPU operation
6445 * otherwise (i.e. physical CPU won't automatically #UD if Cr4Shadow.VMXE is 0).
6446 */
6447 if (!CPUMIsGuestVmxEnabled(&pVCpu->cpum.GstCtx))
6448 {
6449 Log4Func(("CR4.VMXE is not set -> #UD\n"));
6450 vmxHCSetPendingXcptUD(pVCpu);
6451 return VINF_HM_PENDING_XCPT;
6452 }
6453 }
6454 else if (!CPUMIsGuestInVmxRootMode(&pVCpu->cpum.GstCtx))
6455 {
6456 /*
6457 * The guest has not entered VMX operation but attempted to execute a VMX instruction
6458 * (other than VMXON), we need to raise a #UD.
6459 */
6460 Log4Func(("Not in VMX root mode -> #UD\n"));
6461 vmxHCSetPendingXcptUD(pVCpu);
6462 return VINF_HM_PENDING_XCPT;
6463 }
6464
6465 /* All other checks (including VM-exit intercepts) are handled by IEM instruction emulation. */
6466 return VINF_SUCCESS;
6467}
6468
6469
6470/**
6471 * Decodes the memory operand of an instruction that caused a VM-exit.
6472 *
6473 * The Exit qualification field provides the displacement field for memory
6474 * operand instructions, if any.
6475 *
6476 * @returns Strict VBox status code (i.e. informational status codes too).
6477 * @retval VINF_SUCCESS if the operand was successfully decoded.
6478 * @retval VINF_HM_PENDING_XCPT if an exception was raised while decoding the
6479 * operand.
6480 * @param pVCpu The cross context virtual CPU structure.
6481 * @param uExitInstrInfo The VM-exit instruction information field.
6482 * @param enmMemAccess The memory operand's access type (read or write).
6483 * @param GCPtrDisp The instruction displacement field, if any. For
6484 * RIP-relative addressing pass RIP + displacement here.
6485 * @param pGCPtrMem Where to store the effective destination memory address.
6486 *
6487 * @remarks Warning! This function ASSUMES the instruction cannot be used in real or
6488 * virtual-8086 mode hence skips those checks while verifying if the
6489 * segment is valid.
6490 */
6491static VBOXSTRICTRC vmxHCDecodeMemOperand(PVMCPUCC pVCpu, uint32_t uExitInstrInfo, RTGCPTR GCPtrDisp, VMXMEMACCESS enmMemAccess,
6492 PRTGCPTR pGCPtrMem)
6493{
6494 Assert(pGCPtrMem);
6495 Assert(!CPUMIsGuestInRealOrV86Mode(pVCpu));
6496 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RIP | CPUMCTX_EXTRN_RSP | CPUMCTX_EXTRN_SREG_MASK | CPUMCTX_EXTRN_EFER
6497 | CPUMCTX_EXTRN_CR0);
6498
6499 static uint64_t const s_auAddrSizeMasks[] = { UINT64_C(0xffff), UINT64_C(0xffffffff), UINT64_C(0xffffffffffffffff) };
6500 static uint64_t const s_auAccessSizeMasks[] = { sizeof(uint16_t), sizeof(uint32_t), sizeof(uint64_t) };
6501 AssertCompile(RT_ELEMENTS(s_auAccessSizeMasks) == RT_ELEMENTS(s_auAddrSizeMasks));
6502
6503 VMXEXITINSTRINFO ExitInstrInfo;
6504 ExitInstrInfo.u = uExitInstrInfo;
6505 uint8_t const uAddrSize = ExitInstrInfo.All.u3AddrSize;
6506 uint8_t const iSegReg = ExitInstrInfo.All.iSegReg;
6507 bool const fIdxRegValid = !ExitInstrInfo.All.fIdxRegInvalid;
6508 uint8_t const iIdxReg = ExitInstrInfo.All.iIdxReg;
6509 uint8_t const uScale = ExitInstrInfo.All.u2Scaling;
6510 bool const fBaseRegValid = !ExitInstrInfo.All.fBaseRegInvalid;
6511 uint8_t const iBaseReg = ExitInstrInfo.All.iBaseReg;
6512 bool const fIsMemOperand = !ExitInstrInfo.All.fIsRegOperand;
6513 bool const fIsLongMode = CPUMIsGuestInLongModeEx(&pVCpu->cpum.GstCtx);
6514
6515 /*
6516 * Validate instruction information.
6517 * This shouldn't happen on real hardware but useful while testing our nested hardware-virtualization code.
6518 */
6519 AssertLogRelMsgReturn(uAddrSize < RT_ELEMENTS(s_auAddrSizeMasks),
6520 ("Invalid address size. ExitInstrInfo=%#RX32\n", ExitInstrInfo.u), VERR_VMX_IPE_1);
6521 AssertLogRelMsgReturn(iSegReg < X86_SREG_COUNT,
6522 ("Invalid segment register. ExitInstrInfo=%#RX32\n", ExitInstrInfo.u), VERR_VMX_IPE_2);
6523 AssertLogRelMsgReturn(fIsMemOperand,
6524 ("Expected memory operand. ExitInstrInfo=%#RX32\n", ExitInstrInfo.u), VERR_VMX_IPE_3);
6525
6526 /*
6527 * Compute the complete effective address.
6528 *
6529 * See AMD instruction spec. 1.4.2 "SIB Byte Format"
6530 * See AMD spec. 4.5.2 "Segment Registers".
6531 */
6532 RTGCPTR GCPtrMem = GCPtrDisp;
6533 if (fBaseRegValid)
6534 GCPtrMem += pVCpu->cpum.GstCtx.aGRegs[iBaseReg].u64;
6535 if (fIdxRegValid)
6536 GCPtrMem += pVCpu->cpum.GstCtx.aGRegs[iIdxReg].u64 << uScale;
6537
6538 RTGCPTR const GCPtrOff = GCPtrMem;
6539 if ( !fIsLongMode
6540 || iSegReg >= X86_SREG_FS)
6541 GCPtrMem += pVCpu->cpum.GstCtx.aSRegs[iSegReg].u64Base;
6542 GCPtrMem &= s_auAddrSizeMasks[uAddrSize];
6543
6544 /*
6545 * Validate effective address.
6546 * See AMD spec. 4.5.3 "Segment Registers in 64-Bit Mode".
6547 */
6548 uint8_t const cbAccess = s_auAccessSizeMasks[uAddrSize];
6549 Assert(cbAccess > 0);
6550 if (fIsLongMode)
6551 {
6552 if (X86_IS_CANONICAL(GCPtrMem))
6553 {
6554 *pGCPtrMem = GCPtrMem;
6555 return VINF_SUCCESS;
6556 }
6557
6558 /** @todo r=ramshankar: We should probably raise \#SS or \#GP. See AMD spec. 4.12.2
6559 * "Data Limit Checks in 64-bit Mode". */
6560 Log4Func(("Long mode effective address is not canonical GCPtrMem=%#RX64\n", GCPtrMem));
6561 vmxHCSetPendingXcptGP(pVCpu, 0);
6562 return VINF_HM_PENDING_XCPT;
6563 }
6564
6565 /*
6566 * This is a watered down version of iemMemApplySegment().
6567 * Parts that are not applicable for VMX instructions like real-or-v8086 mode
6568 * and segment CPL/DPL checks are skipped.
6569 */
6570 RTGCPTR32 const GCPtrFirst32 = (RTGCPTR32)GCPtrOff;
6571 RTGCPTR32 const GCPtrLast32 = GCPtrFirst32 + cbAccess - 1;
6572 PCCPUMSELREG pSel = &pVCpu->cpum.GstCtx.aSRegs[iSegReg];
6573
6574 /* Check if the segment is present and usable. */
6575 if ( pSel->Attr.n.u1Present
6576 && !pSel->Attr.n.u1Unusable)
6577 {
6578 Assert(pSel->Attr.n.u1DescType);
6579 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_CODE))
6580 {
6581 /* Check permissions for the data segment. */
6582 if ( enmMemAccess == VMXMEMACCESS_WRITE
6583 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_WRITE))
6584 {
6585 Log4Func(("Data segment access invalid. iSegReg=%#x Attr=%#RX32\n", iSegReg, pSel->Attr.u));
6586 vmxHCSetPendingXcptGP(pVCpu, iSegReg);
6587 return VINF_HM_PENDING_XCPT;
6588 }
6589
6590 /* Check limits if it's a normal data segment. */
6591 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_DOWN))
6592 {
6593 if ( GCPtrFirst32 > pSel->u32Limit
6594 || GCPtrLast32 > pSel->u32Limit)
6595 {
6596 Log4Func(("Data segment limit exceeded. "
6597 "iSegReg=%#x GCPtrFirst32=%#RX32 GCPtrLast32=%#RX32 u32Limit=%#RX32\n", iSegReg, GCPtrFirst32,
6598 GCPtrLast32, pSel->u32Limit));
6599 if (iSegReg == X86_SREG_SS)
6600 vmxHCSetPendingXcptSS(pVCpu, 0);
6601 else
6602 vmxHCSetPendingXcptGP(pVCpu, 0);
6603 return VINF_HM_PENDING_XCPT;
6604 }
6605 }
6606 else
6607 {
6608 /* Check limits if it's an expand-down data segment.
6609 Note! The upper boundary is defined by the B bit, not the G bit! */
6610 if ( GCPtrFirst32 < pSel->u32Limit + UINT32_C(1)
6611 || GCPtrLast32 > (pSel->Attr.n.u1DefBig ? UINT32_MAX : UINT32_C(0xffff)))
6612 {
6613 Log4Func(("Expand-down data segment limit exceeded. "
6614 "iSegReg=%#x GCPtrFirst32=%#RX32 GCPtrLast32=%#RX32 u32Limit=%#RX32\n", iSegReg, GCPtrFirst32,
6615 GCPtrLast32, pSel->u32Limit));
6616 if (iSegReg == X86_SREG_SS)
6617 vmxHCSetPendingXcptSS(pVCpu, 0);
6618 else
6619 vmxHCSetPendingXcptGP(pVCpu, 0);
6620 return VINF_HM_PENDING_XCPT;
6621 }
6622 }
6623 }
6624 else
6625 {
6626 /* Check permissions for the code segment. */
6627 if ( enmMemAccess == VMXMEMACCESS_WRITE
6628 || ( enmMemAccess == VMXMEMACCESS_READ
6629 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_READ)))
6630 {
6631 Log4Func(("Code segment access invalid. Attr=%#RX32\n", pSel->Attr.u));
6632 Assert(!CPUMIsGuestInRealOrV86ModeEx(&pVCpu->cpum.GstCtx));
6633 vmxHCSetPendingXcptGP(pVCpu, 0);
6634 return VINF_HM_PENDING_XCPT;
6635 }
6636
6637 /* Check limits for the code segment (normal/expand-down not applicable for code segments). */
6638 if ( GCPtrFirst32 > pSel->u32Limit
6639 || GCPtrLast32 > pSel->u32Limit)
6640 {
6641 Log4Func(("Code segment limit exceeded. GCPtrFirst32=%#RX32 GCPtrLast32=%#RX32 u32Limit=%#RX32\n",
6642 GCPtrFirst32, GCPtrLast32, pSel->u32Limit));
6643 if (iSegReg == X86_SREG_SS)
6644 vmxHCSetPendingXcptSS(pVCpu, 0);
6645 else
6646 vmxHCSetPendingXcptGP(pVCpu, 0);
6647 return VINF_HM_PENDING_XCPT;
6648 }
6649 }
6650 }
6651 else
6652 {
6653 Log4Func(("Not present or unusable segment. iSegReg=%#x Attr=%#RX32\n", iSegReg, pSel->Attr.u));
6654 vmxHCSetPendingXcptGP(pVCpu, 0);
6655 return VINF_HM_PENDING_XCPT;
6656 }
6657
6658 *pGCPtrMem = GCPtrMem;
6659 return VINF_SUCCESS;
6660}
6661#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
6662
6663
6664/**
6665 * VM-exit helper for LMSW.
6666 */
6667static VBOXSTRICTRC vmxHCExitLmsw(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint8_t cbInstr, uint16_t uMsw, RTGCPTR GCPtrEffDst)
6668{
6669 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
6670 AssertRCReturn(rc, rc);
6671
6672 VBOXSTRICTRC rcStrict = IEMExecDecodedLmsw(pVCpu, cbInstr, uMsw, GCPtrEffDst);
6673 AssertMsg( rcStrict == VINF_SUCCESS
6674 || rcStrict == VINF_IEM_RAISED_XCPT, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
6675
6676 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_CR0);
6677 if (rcStrict == VINF_IEM_RAISED_XCPT)
6678 {
6679 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
6680 rcStrict = VINF_SUCCESS;
6681 }
6682
6683 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitLmsw);
6684 Log4Func(("rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
6685 return rcStrict;
6686}
6687
6688
6689/**
6690 * VM-exit helper for CLTS.
6691 */
6692static VBOXSTRICTRC vmxHCExitClts(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint8_t cbInstr)
6693{
6694 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
6695 AssertRCReturn(rc, rc);
6696
6697 VBOXSTRICTRC rcStrict = IEMExecDecodedClts(pVCpu, cbInstr);
6698 AssertMsg( rcStrict == VINF_SUCCESS
6699 || rcStrict == VINF_IEM_RAISED_XCPT, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
6700
6701 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_CR0);
6702 if (rcStrict == VINF_IEM_RAISED_XCPT)
6703 {
6704 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
6705 rcStrict = VINF_SUCCESS;
6706 }
6707
6708 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitClts);
6709 Log4Func(("rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
6710 return rcStrict;
6711}
6712
6713
6714/**
6715 * VM-exit helper for MOV from CRx (CRx read).
6716 */
6717static VBOXSTRICTRC vmxHCExitMovFromCrX(PVMCPUCC pVCpu, PVMXVMCSINFO pVmcsInfo, uint8_t cbInstr, uint8_t iGReg, uint8_t iCrReg)
6718{
6719 Assert(iCrReg < 16);
6720 Assert(iGReg < RT_ELEMENTS(pVCpu->cpum.GstCtx.aGRegs));
6721
6722 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
6723 AssertRCReturn(rc, rc);
6724
6725 VBOXSTRICTRC rcStrict = IEMExecDecodedMovCRxRead(pVCpu, cbInstr, iGReg, iCrReg);
6726 AssertMsg( rcStrict == VINF_SUCCESS
6727 || rcStrict == VINF_IEM_RAISED_XCPT, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
6728
6729 if (iGReg == X86_GREG_xSP)
6730 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_RSP);
6731 else
6732 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
6733#ifdef VBOX_WITH_STATISTICS
6734 switch (iCrReg)
6735 {
6736 case 0: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR0Read); break;
6737 case 2: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR2Read); break;
6738 case 3: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR3Read); break;
6739 case 4: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR4Read); break;
6740 case 8: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR8Read); break;
6741 }
6742#endif
6743 Log4Func(("CR%d Read access rcStrict=%Rrc\n", iCrReg, VBOXSTRICTRC_VAL(rcStrict)));
6744 return rcStrict;
6745}
6746
6747
6748/**
6749 * VM-exit helper for MOV to CRx (CRx write).
6750 */
6751static VBOXSTRICTRC vmxHCExitMovToCrX(PVMCPUCC pVCpu, uint8_t cbInstr, uint8_t iGReg, uint8_t iCrReg)
6752{
6753 HMVMX_CPUMCTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_MUST_MASK);
6754
6755 VBOXSTRICTRC rcStrict = IEMExecDecodedMovCRxWrite(pVCpu, cbInstr, iCrReg, iGReg);
6756 AssertMsg( rcStrict == VINF_SUCCESS
6757 || rcStrict == VINF_IEM_RAISED_XCPT
6758 || rcStrict == VINF_PGM_SYNC_CR3, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
6759
6760 switch (iCrReg)
6761 {
6762 case 0:
6763 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_CR0
6764 | HM_CHANGED_GUEST_EFER_MSR | HM_CHANGED_VMX_ENTRY_EXIT_CTLS);
6765 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR0Write);
6766 Log4Func(("CR0 write. rcStrict=%Rrc CR0=%#RX64\n", VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cr0));
6767 break;
6768
6769 case 2:
6770 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR2Write);
6771 /* Nothing to do here, CR2 it's not part of the VMCS. */
6772 break;
6773
6774 case 3:
6775 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_CR3);
6776 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR3Write);
6777 Log4Func(("CR3 write. rcStrict=%Rrc CR3=%#RX64\n", VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cr3));
6778 break;
6779
6780 case 4:
6781 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_CR4);
6782 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR4Write);
6783#ifndef IN_NEM_DARWIN
6784 Log4Func(("CR4 write. rc=%Rrc CR4=%#RX64 fLoadSaveGuestXcr0=%u\n", VBOXSTRICTRC_VAL(rcStrict),
6785 pVCpu->cpum.GstCtx.cr4, pVCpu->hmr0.s.fLoadSaveGuestXcr0));
6786#else
6787 Log4Func(("CR4 write. rc=%Rrc CR4=%#RX64\n", VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cr4));
6788#endif
6789 break;
6790
6791 case 8:
6792 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged,
6793 HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_APIC_TPR);
6794 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitCR8Write);
6795 break;
6796
6797 default:
6798 AssertMsgFailed(("Invalid CRx register %#x\n", iCrReg));
6799 break;
6800 }
6801
6802 if (rcStrict == VINF_IEM_RAISED_XCPT)
6803 {
6804 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
6805 rcStrict = VINF_SUCCESS;
6806 }
6807 return rcStrict;
6808}
6809
6810
6811/**
6812 * VM-exit exception handler for \#PF (Page-fault exception).
6813 *
6814 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
6815 */
6816static VBOXSTRICTRC vmxHCExitXcptPF(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
6817{
6818 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
6819 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
6820
6821#ifndef IN_NEM_DARWIN
6822 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
6823 if (!VM_IS_VMX_NESTED_PAGING(pVM))
6824 { /* likely */ }
6825 else
6826#endif
6827 {
6828#if !defined(HMVMX_ALWAYS_TRAP_ALL_XCPTS) && !defined(HMVMX_ALWAYS_TRAP_PF) && !defined(IN_NEM_DARWIN)
6829 Assert(pVmxTransient->fIsNestedGuest || pVCpu->hmr0.s.fUsingDebugLoop);
6830#endif
6831 VCPU_2_VMXSTATE(pVCpu).Event.fPending = false; /* In case it's a contributory or vectoring #PF. */
6832 if (!pVmxTransient->fVectoringDoublePF)
6833 {
6834 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo), 0 /* cbInstr */,
6835 pVmxTransient->uExitIntErrorCode, pVmxTransient->uExitQual);
6836 }
6837 else
6838 {
6839 /* A guest page-fault occurred during delivery of a page-fault. Inject #DF. */
6840 Assert(!pVmxTransient->fIsNestedGuest);
6841 vmxHCSetPendingXcptDF(pVCpu);
6842 Log4Func(("Pending #DF due to vectoring #PF w/ NestedPaging\n"));
6843 }
6844 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestPF);
6845 return VINF_SUCCESS;
6846 }
6847
6848 Assert(!pVmxTransient->fIsNestedGuest);
6849
6850 /* If it's a vectoring #PF, emulate injecting the original event injection as PGMTrap0eHandler() is incapable
6851 of differentiating between instruction emulation and event injection that caused a #PF. See @bugref{6607}. */
6852 if (pVmxTransient->fVectoringPF)
6853 {
6854 Assert(VCPU_2_VMXSTATE(pVCpu).Event.fPending);
6855 return VINF_EM_RAW_INJECT_TRPM_EVENT;
6856 }
6857
6858 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
6859 AssertRCReturn(rc, rc);
6860
6861 Log4Func(("#PF: cs:rip=%#04x:%08RX64 err_code=%#RX32 exit_qual=%#RX64 cr3=%#RX64\n", pVCpu->cpum.GstCtx.cs.Sel,
6862 pVCpu->cpum.GstCtx.rip, pVmxTransient->uExitIntErrorCode, pVmxTransient->uExitQual, pVCpu->cpum.GstCtx.cr3));
6863
6864 TRPMAssertXcptPF(pVCpu, pVmxTransient->uExitQual, (RTGCUINT)pVmxTransient->uExitIntErrorCode);
6865 rc = PGMTrap0eHandler(pVCpu, pVmxTransient->uExitIntErrorCode, &pVCpu->cpum.GstCtx, (RTGCPTR)pVmxTransient->uExitQual);
6866
6867 Log4Func(("#PF: rc=%Rrc\n", rc));
6868 if (rc == VINF_SUCCESS)
6869 {
6870 /*
6871 * This is typically a shadow page table sync or a MMIO instruction. But we may have
6872 * emulated something like LTR or a far jump. Any part of the CPU context may have changed.
6873 */
6874 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
6875 TRPMResetTrap(pVCpu);
6876 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitShadowPF);
6877 return rc;
6878 }
6879
6880 if (rc == VINF_EM_RAW_GUEST_TRAP)
6881 {
6882 if (!pVmxTransient->fVectoringDoublePF)
6883 {
6884 /* It's a guest page fault and needs to be reflected to the guest. */
6885 uint32_t const uGstErrorCode = TRPMGetErrorCode(pVCpu);
6886 TRPMResetTrap(pVCpu);
6887 VCPU_2_VMXSTATE(pVCpu).Event.fPending = false; /* In case it's a contributory #PF. */
6888 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo), 0 /* cbInstr */,
6889 uGstErrorCode, pVmxTransient->uExitQual);
6890 }
6891 else
6892 {
6893 /* A guest page-fault occurred during delivery of a page-fault. Inject #DF. */
6894 TRPMResetTrap(pVCpu);
6895 VCPU_2_VMXSTATE(pVCpu).Event.fPending = false; /* Clear pending #PF to replace it with #DF. */
6896 vmxHCSetPendingXcptDF(pVCpu);
6897 Log4Func(("#PF: Pending #DF due to vectoring #PF\n"));
6898 }
6899
6900 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestPF);
6901 return VINF_SUCCESS;
6902 }
6903
6904 TRPMResetTrap(pVCpu);
6905 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitShadowPFEM);
6906 return rc;
6907}
6908
6909
6910/**
6911 * VM-exit exception handler for \#MF (Math Fault: floating point exception).
6912 *
6913 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
6914 */
6915static VBOXSTRICTRC vmxHCExitXcptMF(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
6916{
6917 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
6918 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestMF);
6919
6920 int rc = vmxHCImportGuestState<CPUMCTX_EXTRN_CR0>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
6921 AssertRCReturn(rc, rc);
6922
6923 if (!(pVCpu->cpum.GstCtx.cr0 & X86_CR0_NE))
6924 {
6925 /* Convert a #MF into a FERR -> IRQ 13. See @bugref{6117}. */
6926 rc = PDMIsaSetIrq(pVCpu->CTX_SUFF(pVM), 13, 1, 0 /* uTagSrc */);
6927
6928 /** @todo r=ramshankar: The Intel spec. does -not- specify that this VM-exit
6929 * provides VM-exit instruction length. If this causes problem later,
6930 * disassemble the instruction like it's done on AMD-V. */
6931 int rc2 = vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
6932 AssertRCReturn(rc2, rc2);
6933 return rc;
6934 }
6935
6936 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo), pVmxTransient->cbExitInstr,
6937 pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
6938 return VINF_SUCCESS;
6939}
6940
6941
6942/**
6943 * VM-exit exception handler for \#BP (Breakpoint exception).
6944 *
6945 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
6946 */
6947static VBOXSTRICTRC vmxHCExitXcptBP(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
6948{
6949 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
6950 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestBP);
6951
6952 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
6953 AssertRCReturn(rc, rc);
6954
6955 VBOXSTRICTRC rcStrict;
6956 if (!pVmxTransient->fIsNestedGuest)
6957 rcStrict = DBGFTrap03Handler(pVCpu->CTX_SUFF(pVM), pVCpu, &pVCpu->cpum.GstCtx);
6958 else
6959 rcStrict = VINF_EM_RAW_GUEST_TRAP;
6960
6961 if (rcStrict == VINF_EM_RAW_GUEST_TRAP)
6962 {
6963 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo),
6964 pVmxTransient->cbExitInstr, pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
6965 rcStrict = VINF_SUCCESS;
6966 }
6967
6968 Assert(rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_DBG_BREAKPOINT);
6969 return rcStrict;
6970}
6971
6972
6973/**
6974 * VM-exit exception handler for \#AC (Alignment-check exception).
6975 *
6976 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
6977 */
6978static VBOXSTRICTRC vmxHCExitXcptAC(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
6979{
6980 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
6981
6982 /*
6983 * Detect #ACs caused by host having enabled split-lock detection.
6984 * Emulate such instructions.
6985 */
6986#define VMX_HC_EXIT_XCPT_AC_INITIAL_REGS (CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_RFLAGS | CPUMCTX_EXTRN_SS | CPUMCTX_EXTRN_CS)
6987 int rc = vmxHCImportGuestState<VMX_HC_EXIT_XCPT_AC_INITIAL_REGS>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
6988 AssertRCReturn(rc, rc);
6989 /** @todo detect split lock in cpu feature? */
6990 if ( /* 1. If 486-style alignment checks aren't enabled, then this must be a split-lock exception */
6991 !(pVCpu->cpum.GstCtx.cr0 & X86_CR0_AM)
6992 /* 2. #AC cannot happen in rings 0-2 except for split-lock detection. */
6993 || CPUMGetGuestCPL(pVCpu) != 3
6994 /* 3. When the EFLAGS.AC != 0 this can only be a split-lock case. */
6995 || !(pVCpu->cpum.GstCtx.eflags.u & X86_EFL_AC) )
6996 {
6997 /*
6998 * Check for debug/trace events and import state accordingly.
6999 */
7000 STAM_REL_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestACSplitLock);
7001 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
7002 if ( !DBGF_IS_EVENT_ENABLED(pVM, DBGFEVENT_VMX_SPLIT_LOCK)
7003#ifndef IN_NEM_DARWIN
7004 && !VBOXVMM_VMX_SPLIT_LOCK_ENABLED()
7005#endif
7006 )
7007 {
7008 if (pVM->cCpus == 1)
7009 {
7010#if 0 /** @todo r=bird: This is potentially wrong. Might have to just do a whole state sync above and mark everything changed to be safe... */
7011 rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK,
7012 VMX_HC_EXIT_XCPT_AC_INITIAL_REGS>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
7013#else
7014 rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL,
7015 VMX_HC_EXIT_XCPT_AC_INITIAL_REGS>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
7016#endif
7017 AssertRCReturn(rc, rc);
7018 }
7019 }
7020 else
7021 {
7022 rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL,
7023 VMX_HC_EXIT_XCPT_AC_INITIAL_REGS>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
7024 AssertRCReturn(rc, rc);
7025
7026 VBOXVMM_XCPT_DF(pVCpu, &pVCpu->cpum.GstCtx);
7027
7028 if (DBGF_IS_EVENT_ENABLED(pVM, DBGFEVENT_VMX_SPLIT_LOCK))
7029 {
7030 VBOXSTRICTRC rcStrict = DBGFEventGenericWithArgs(pVM, pVCpu, DBGFEVENT_VMX_SPLIT_LOCK, DBGFEVENTCTX_HM, 0);
7031 if (rcStrict != VINF_SUCCESS)
7032 return rcStrict;
7033 }
7034 }
7035
7036 /*
7037 * Emulate the instruction.
7038 *
7039 * We have to ignore the LOCK prefix here as we must not retrigger the
7040 * detection on the host. This isn't all that satisfactory, though...
7041 */
7042 if (pVM->cCpus == 1)
7043 {
7044 Log8Func(("cs:rip=%#04x:%08RX64 rflags=%#RX64 cr0=%#RX64 split-lock #AC\n", pVCpu->cpum.GstCtx.cs.Sel,
7045 pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.rflags, pVCpu->cpum.GstCtx.cr0));
7046
7047 /** @todo For SMP configs we should do a rendezvous here. */
7048 VBOXSTRICTRC rcStrict = IEMExecOneIgnoreLock(pVCpu);
7049 if (rcStrict == VINF_SUCCESS)
7050#if 0 /** @todo r=bird: This is potentially wrong. Might have to just do a whole state sync above and mark everything changed to be safe... */
7051 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged,
7052 HM_CHANGED_GUEST_RIP
7053 | HM_CHANGED_GUEST_RFLAGS
7054 | HM_CHANGED_GUEST_GPRS_MASK
7055 | HM_CHANGED_GUEST_CS
7056 | HM_CHANGED_GUEST_SS);
7057#else
7058 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
7059#endif
7060 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7061 {
7062 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7063 rcStrict = VINF_SUCCESS;
7064 }
7065 return rcStrict;
7066 }
7067 Log8Func(("cs:rip=%#04x:%08RX64 rflags=%#RX64 cr0=%#RX64 split-lock #AC -> VINF_EM_EMULATE_SPLIT_LOCK\n",
7068 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.rflags, pVCpu->cpum.GstCtx.cr0));
7069 return VINF_EM_EMULATE_SPLIT_LOCK;
7070 }
7071
7072 STAM_REL_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestAC);
7073 Log8Func(("cs:rip=%#04x:%08RX64 rflags=%#RX64 cr0=%#RX64 cpl=%d -> #AC\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
7074 pVCpu->cpum.GstCtx.rflags, pVCpu->cpum.GstCtx.cr0, CPUMGetGuestCPL(pVCpu) ));
7075
7076 /* Re-inject it. We'll detect any nesting before getting here. */
7077 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo),
7078 pVmxTransient->cbExitInstr, pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
7079 return VINF_SUCCESS;
7080}
7081
7082
7083/**
7084 * VM-exit exception handler for \#DB (Debug exception).
7085 *
7086 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
7087 */
7088static VBOXSTRICTRC vmxHCExitXcptDB(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7089{
7090 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7091 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestDB);
7092
7093 /*
7094 * Get the DR6-like values from the Exit qualification and pass it to DBGF for processing.
7095 */
7096 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
7097
7098 /* Refer Intel spec. Table 27-1. "Exit Qualifications for debug exceptions" for the format. */
7099 uint64_t const uDR6 = X86_DR6_INIT_VAL
7100 | (pVmxTransient->uExitQual & ( X86_DR6_B0 | X86_DR6_B1 | X86_DR6_B2 | X86_DR6_B3
7101 | X86_DR6_BD | X86_DR6_BS));
7102 Log6Func(("uDR6=%#RX64 uExitQual=%#RX64\n", uDR6, pVmxTransient->uExitQual));
7103
7104 int rc;
7105 if (!pVmxTransient->fIsNestedGuest)
7106 {
7107 rc = DBGFTrap01Handler(pVCpu->CTX_SUFF(pVM), pVCpu, &pVCpu->cpum.GstCtx, uDR6, VCPU_2_VMXSTATE(pVCpu).fSingleInstruction);
7108
7109 /*
7110 * Prevents stepping twice over the same instruction when the guest is stepping using
7111 * EFLAGS.TF and the hypervisor debugger is stepping using MTF.
7112 * Testcase: DOSQEMM, break (using "ba x 1") at cs:rip 0x70:0x774 and step (using "t").
7113 */
7114 if ( rc == VINF_EM_DBG_STEPPED
7115 && (pVmxTransient->pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_MONITOR_TRAP_FLAG))
7116 {
7117 Assert(VCPU_2_VMXSTATE(pVCpu).fSingleInstruction);
7118 rc = VINF_EM_RAW_GUEST_TRAP;
7119 }
7120 }
7121 else
7122 rc = VINF_EM_RAW_GUEST_TRAP;
7123 Log6Func(("rc=%Rrc\n", rc));
7124 if (rc == VINF_EM_RAW_GUEST_TRAP)
7125 {
7126 /*
7127 * The exception was for the guest. Update DR6, DR7.GD and
7128 * IA32_DEBUGCTL.LBR before forwarding it.
7129 * See Intel spec. 27.1 "Architectural State before a VM-Exit"
7130 * and @sdmv3{077,622,17.2.3,Debug Status Register (DR6)}.
7131 */
7132#ifndef IN_NEM_DARWIN
7133 VMMRZCallRing3Disable(pVCpu);
7134 HM_DISABLE_PREEMPT(pVCpu);
7135
7136 pVCpu->cpum.GstCtx.dr[6] &= ~X86_DR6_B_MASK;
7137 pVCpu->cpum.GstCtx.dr[6] |= uDR6;
7138 if (CPUMIsGuestDebugStateActive(pVCpu))
7139 ASMSetDR6(pVCpu->cpum.GstCtx.dr[6]);
7140
7141 HM_RESTORE_PREEMPT();
7142 VMMRZCallRing3Enable(pVCpu);
7143#else
7144 /** @todo */
7145#endif
7146
7147 rc = vmxHCImportGuestState<CPUMCTX_EXTRN_DR7>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
7148 AssertRCReturn(rc, rc);
7149
7150 /* X86_DR7_GD will be cleared if DRx accesses should be trapped inside the guest. */
7151 pVCpu->cpum.GstCtx.dr[7] &= ~(uint64_t)X86_DR7_GD;
7152
7153 /* Paranoia. */
7154 pVCpu->cpum.GstCtx.dr[7] &= ~(uint64_t)X86_DR7_RAZ_MASK;
7155 pVCpu->cpum.GstCtx.dr[7] |= X86_DR7_RA1_MASK;
7156
7157 rc = VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_GUEST_DR7, pVCpu->cpum.GstCtx.dr[7]);
7158 AssertRC(rc);
7159
7160 /*
7161 * Raise #DB in the guest.
7162 *
7163 * It is important to reflect exactly what the VM-exit gave us (preserving the
7164 * interruption-type) rather than use vmxHCSetPendingXcptDB() as the #DB could've
7165 * been raised while executing ICEBP (INT1) and not the regular #DB. Thus it may
7166 * trigger different handling in the CPU (like skipping DPL checks), see @bugref{6398}.
7167 *
7168 * Intel re-documented ICEBP/INT1 on May 2018 previously documented as part of
7169 * Intel 386, see Intel spec. 24.8.3 "VM-Entry Controls for Event Injection".
7170 */
7171 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo),
7172 pVmxTransient->cbExitInstr, pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
7173 return VINF_SUCCESS;
7174 }
7175
7176 /*
7177 * Not a guest trap, must be a hypervisor related debug event then.
7178 * Update DR6 in case someone is interested in it.
7179 */
7180 AssertMsg(rc == VINF_EM_DBG_STEPPED || rc == VINF_EM_DBG_BREAKPOINT, ("%Rrc\n", rc));
7181 AssertReturn(pVmxTransient->fWasHyperDebugStateActive, VERR_HM_IPE_5);
7182 CPUMSetHyperDR6(pVCpu, uDR6);
7183
7184 return rc;
7185}
7186
7187
7188/**
7189 * Hacks its way around the lovely mesa driver's backdoor accesses.
7190 *
7191 * @sa hmR0SvmHandleMesaDrvGp.
7192 */
7193static int vmxHCHandleMesaDrvGp(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, PCPUMCTX pCtx)
7194{
7195 LogFunc(("cs:rip=%#04x:%08RX64 rcx=%#RX64 rbx=%#RX64\n", pCtx->cs.Sel, pCtx->rip, pCtx->rcx, pCtx->rbx));
7196 RT_NOREF(pCtx);
7197
7198 /* For now we'll just skip the instruction. */
7199 return vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
7200}
7201
7202
7203/**
7204 * Checks if the \#GP'ing instruction is the mesa driver doing it's lovely
7205 * backdoor logging w/o checking what it is running inside.
7206 *
7207 * This recognizes an "IN EAX,DX" instruction executed in flat ring-3, with the
7208 * backdoor port and magic numbers loaded in registers.
7209 *
7210 * @returns true if it is, false if it isn't.
7211 * @sa hmR0SvmIsMesaDrvGp.
7212 */
7213DECLINLINE(bool) vmxHCIsMesaDrvGp(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, PCPUMCTX pCtx)
7214{
7215 /* 0xed: IN eAX,dx */
7216 uint8_t abInstr[1];
7217 if (pVmxTransient->cbExitInstr != sizeof(abInstr))
7218 return false;
7219
7220 /* Check that it is #GP(0). */
7221 if (pVmxTransient->uExitIntErrorCode != 0)
7222 return false;
7223
7224 /* Check magic and port. */
7225 Assert(!(pCtx->fExtrn & (CPUMCTX_EXTRN_RAX | CPUMCTX_EXTRN_RDX | CPUMCTX_EXTRN_RCX)));
7226 /*Log(("vmxHCIsMesaDrvGp: rax=%RX64 rdx=%RX64\n", pCtx->rax, pCtx->rdx));*/
7227 if (pCtx->rax != UINT32_C(0x564d5868))
7228 return false;
7229 if (pCtx->dx != UINT32_C(0x5658))
7230 return false;
7231
7232 /* Flat ring-3 CS. */
7233 AssertCompile(HMVMX_CPUMCTX_EXTRN_ALL & CPUMCTX_EXTRN_CS);
7234 Assert(!(pCtx->fExtrn & CPUMCTX_EXTRN_CS));
7235 /*Log(("vmxHCIsMesaDrvGp: cs.Attr.n.u2Dpl=%d base=%Rx64\n", pCtx->cs.Attr.n.u2Dpl, pCtx->cs.u64Base));*/
7236 if (pCtx->cs.Attr.n.u2Dpl != 3)
7237 return false;
7238 if (pCtx->cs.u64Base != 0)
7239 return false;
7240
7241 /* Check opcode. */
7242 AssertCompile(HMVMX_CPUMCTX_EXTRN_ALL & CPUMCTX_EXTRN_RIP);
7243 Assert(!(pCtx->fExtrn & CPUMCTX_EXTRN_RIP));
7244 int rc = PGMPhysSimpleReadGCPtr(pVCpu, abInstr, pCtx->rip, sizeof(abInstr));
7245 /*Log(("vmxHCIsMesaDrvGp: PGMPhysSimpleReadGCPtr -> %Rrc %#x\n", rc, abInstr[0]));*/
7246 if (RT_FAILURE(rc))
7247 return false;
7248 if (abInstr[0] != 0xed)
7249 return false;
7250
7251 return true;
7252}
7253
7254
7255/**
7256 * VM-exit exception handler for \#GP (General-protection exception).
7257 *
7258 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
7259 */
7260static VBOXSTRICTRC vmxHCExitXcptGP(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7261{
7262 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7263 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestGP);
7264
7265 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
7266 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7267#ifndef IN_NEM_DARWIN
7268 PVMXVMCSINFOSHARED pVmcsInfoShared = pVmcsInfo->pShared;
7269 if (pVmcsInfoShared->RealMode.fRealOnV86Active)
7270 { /* likely */ }
7271 else
7272#endif
7273 {
7274#ifndef HMVMX_ALWAYS_TRAP_ALL_XCPTS
7275# ifndef IN_NEM_DARWIN
7276 Assert(pVCpu->hmr0.s.fUsingDebugLoop || VCPU_2_VMXSTATE(pVCpu).fTrapXcptGpForLovelyMesaDrv || pVmxTransient->fIsNestedGuest);
7277# else
7278 Assert(/*pVCpu->hmr0.s.fUsingDebugLoop ||*/ VCPU_2_VMXSTATE(pVCpu).fTrapXcptGpForLovelyMesaDrv || pVmxTransient->fIsNestedGuest);
7279# endif
7280#endif
7281 /*
7282 * If the guest is not in real-mode or we have unrestricted guest execution support, or if we are
7283 * executing a nested-guest, reflect #GP to the guest or nested-guest.
7284 */
7285 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmcsInfo, __FUNCTION__);
7286 AssertRCReturn(rc, rc);
7287 Log4Func(("Gst: cs:rip=%#04x:%08RX64 ErrorCode=%#x cr0=%#RX64 cpl=%u tr=%#04x\n", pCtx->cs.Sel, pCtx->rip,
7288 pVmxTransient->uExitIntErrorCode, pCtx->cr0, CPUMGetGuestCPL(pVCpu), pCtx->tr.Sel));
7289
7290 if ( pVmxTransient->fIsNestedGuest
7291 || !VCPU_2_VMXSTATE(pVCpu).fTrapXcptGpForLovelyMesaDrv
7292 || !vmxHCIsMesaDrvGp(pVCpu, pVmxTransient, pCtx))
7293 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo),
7294 pVmxTransient->cbExitInstr, pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
7295 else
7296 rc = vmxHCHandleMesaDrvGp(pVCpu, pVmxTransient, pCtx);
7297 return rc;
7298 }
7299
7300#ifndef IN_NEM_DARWIN
7301 Assert(CPUMIsGuestInRealModeEx(pCtx));
7302 Assert(!pVCpu->CTX_SUFF(pVM)->hmr0.s.vmx.fUnrestrictedGuest);
7303 Assert(!pVmxTransient->fIsNestedGuest);
7304
7305 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmcsInfo, __FUNCTION__);
7306 AssertRCReturn(rc, rc);
7307
7308 VBOXSTRICTRC rcStrict = IEMExecOne(pVCpu);
7309 if (rcStrict == VINF_SUCCESS)
7310 {
7311 if (!CPUMIsGuestInRealModeEx(pCtx))
7312 {
7313 /*
7314 * The guest is no longer in real-mode, check if we can continue executing the
7315 * guest using hardware-assisted VMX. Otherwise, fall back to emulation.
7316 */
7317 pVmcsInfoShared->RealMode.fRealOnV86Active = false;
7318 if (HMCanExecuteVmxGuest(pVCpu->CTX_SUFF(pVM), pVCpu, pCtx))
7319 {
7320 Log4Func(("Mode changed but guest still suitable for executing using hardware-assisted VMX\n"));
7321 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
7322 }
7323 else
7324 {
7325 Log4Func(("Mode changed -> VINF_EM_RESCHEDULE\n"));
7326 rcStrict = VINF_EM_RESCHEDULE;
7327 }
7328 }
7329 else
7330 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
7331 }
7332 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7333 {
7334 rcStrict = VINF_SUCCESS;
7335 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7336 }
7337 return VBOXSTRICTRC_VAL(rcStrict);
7338#endif
7339}
7340
7341
7342/**
7343 * VM-exit exception handler for \#DE (Divide Error).
7344 *
7345 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
7346 */
7347static VBOXSTRICTRC vmxHCExitXcptDE(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7348{
7349 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7350 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestDE);
7351
7352 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
7353 AssertRCReturn(rc, rc);
7354
7355 VBOXSTRICTRC rcStrict = VERR_VMX_UNEXPECTED_INTERRUPTION_EXIT_TYPE;
7356 if (VCPU_2_VMXSTATE(pVCpu).fGCMTrapXcptDE)
7357 {
7358 uint8_t cbInstr = 0;
7359 VBOXSTRICTRC rc2 = GCMXcptDE(pVCpu, &pVCpu->cpum.GstCtx, NULL /* pDis */, &cbInstr);
7360 if (rc2 == VINF_SUCCESS)
7361 rcStrict = VINF_SUCCESS; /* Restart instruction with modified guest register context. */
7362 else if (rc2 == VERR_NOT_FOUND)
7363 rcStrict = VERR_NOT_FOUND; /* Deliver the exception. */
7364 else
7365 Assert(RT_FAILURE(VBOXSTRICTRC_VAL(rcStrict)));
7366 }
7367 else
7368 rcStrict = VINF_SUCCESS; /* Do nothing. */
7369
7370 /* If the GCM #DE exception handler didn't succeed or wasn't needed, raise #DE. */
7371 if (RT_FAILURE(rcStrict))
7372 {
7373 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo),
7374 pVmxTransient->cbExitInstr, pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
7375 rcStrict = VINF_SUCCESS;
7376 }
7377
7378 Assert(rcStrict == VINF_SUCCESS || rcStrict == VERR_VMX_UNEXPECTED_INTERRUPTION_EXIT_TYPE);
7379 return VBOXSTRICTRC_VAL(rcStrict);
7380}
7381
7382
7383/**
7384 * VM-exit exception handler wrapper for all other exceptions that are not handled
7385 * by a specific handler.
7386 *
7387 * This simply re-injects the exception back into the VM without any special
7388 * processing.
7389 *
7390 * @remarks Requires all fields in HMVMX_READ_XCPT_INFO to be read from the VMCS.
7391 */
7392static VBOXSTRICTRC vmxHCExitXcptOthers(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7393{
7394 HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7395
7396#ifndef HMVMX_ALWAYS_TRAP_ALL_XCPTS
7397# ifndef IN_NEM_DARWIN
7398 PCVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7399 AssertMsg(pVCpu->hmr0.s.fUsingDebugLoop || pVmcsInfo->pShared->RealMode.fRealOnV86Active || pVmxTransient->fIsNestedGuest,
7400 ("uVector=%#x u32XcptBitmap=%#X32\n",
7401 VMX_EXIT_INT_INFO_VECTOR(pVmxTransient->uExitIntInfo), pVmcsInfo->u32XcptBitmap));
7402 NOREF(pVmcsInfo);
7403# endif
7404#endif
7405
7406 /*
7407 * Re-inject the exception into the guest. This cannot be a double-fault condition which
7408 * would have been handled while checking exits due to event delivery.
7409 */
7410 uint8_t const uVector = VMX_EXIT_INT_INFO_VECTOR(pVmxTransient->uExitIntInfo);
7411
7412#ifdef HMVMX_ALWAYS_TRAP_ALL_XCPTS
7413 int rc = vmxHCImportGuestState<CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_RIP>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
7414 AssertRCReturn(rc, rc);
7415 Log4Func(("Reinjecting Xcpt. uVector=%#x cs:rip=%#04x:%08RX64\n", uVector, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
7416#endif
7417
7418#ifdef VBOX_WITH_STATISTICS
7419 switch (uVector)
7420 {
7421 case X86_XCPT_DE: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestDE); break;
7422 case X86_XCPT_DB: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestDB); break;
7423 case X86_XCPT_BP: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestBP); break;
7424 case X86_XCPT_OF: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestOF); break;
7425 case X86_XCPT_BR: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestBR); break;
7426 case X86_XCPT_UD: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestUD); break;
7427 case X86_XCPT_NM: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestOF); break;
7428 case X86_XCPT_DF: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestDF); break;
7429 case X86_XCPT_TS: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestTS); break;
7430 case X86_XCPT_NP: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestNP); break;
7431 case X86_XCPT_SS: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestSS); break;
7432 case X86_XCPT_GP: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestGP); break;
7433 case X86_XCPT_PF: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestPF); break;
7434 case X86_XCPT_MF: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestMF); break;
7435 case X86_XCPT_AC: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestAC); break;
7436 case X86_XCPT_XF: STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestXF); break;
7437 default:
7438 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitGuestXcpUnk);
7439 break;
7440 }
7441#endif
7442
7443 /* We should never call this function for a page-fault, we'd need to pass on the fault address below otherwise. */
7444 Assert(!VMX_EXIT_INT_INFO_IS_XCPT_PF(pVmxTransient->uExitIntInfo));
7445 NOREF(uVector);
7446
7447 /* Re-inject the original exception into the guest. */
7448 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntInfo),
7449 pVmxTransient->cbExitInstr, pVmxTransient->uExitIntErrorCode, 0 /* GCPtrFaultAddress */);
7450 return VINF_SUCCESS;
7451}
7452
7453
7454/**
7455 * VM-exit exception handler for all exceptions (except NMIs!).
7456 *
7457 * @remarks This may be called for both guests and nested-guests. Take care to not
7458 * make assumptions and avoid doing anything that is not relevant when
7459 * executing a nested-guest (e.g., Mesa driver hacks).
7460 */
7461static VBOXSTRICTRC vmxHCExitXcpt(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7462{
7463 HMVMX_ASSERT_READ(pVmxTransient, HMVMX_READ_XCPT_INFO);
7464
7465 /*
7466 * If this VM-exit occurred while delivering an event through the guest IDT, take
7467 * action based on the return code and additional hints (e.g. for page-faults)
7468 * that will be updated in the VMX transient structure.
7469 */
7470 VBOXSTRICTRC rcStrict = vmxHCCheckExitDueToEventDelivery(pVCpu, pVmxTransient);
7471 if (rcStrict == VINF_SUCCESS)
7472 {
7473 /*
7474 * If an exception caused a VM-exit due to delivery of an event, the original
7475 * event may have to be re-injected into the guest. We shall reinject it and
7476 * continue guest execution. However, page-fault is a complicated case and
7477 * needs additional processing done in vmxHCExitXcptPF().
7478 */
7479 Assert(VMX_EXIT_INT_INFO_IS_VALID(pVmxTransient->uExitIntInfo));
7480 uint8_t const uVector = VMX_EXIT_INT_INFO_VECTOR(pVmxTransient->uExitIntInfo);
7481 if ( !VCPU_2_VMXSTATE(pVCpu).Event.fPending
7482 || uVector == X86_XCPT_PF)
7483 {
7484 switch (uVector)
7485 {
7486 case X86_XCPT_PF: return vmxHCExitXcptPF(pVCpu, pVmxTransient);
7487 case X86_XCPT_GP: return vmxHCExitXcptGP(pVCpu, pVmxTransient);
7488 case X86_XCPT_MF: return vmxHCExitXcptMF(pVCpu, pVmxTransient);
7489 case X86_XCPT_DB: return vmxHCExitXcptDB(pVCpu, pVmxTransient);
7490 case X86_XCPT_BP: return vmxHCExitXcptBP(pVCpu, pVmxTransient);
7491 case X86_XCPT_AC: return vmxHCExitXcptAC(pVCpu, pVmxTransient);
7492 case X86_XCPT_DE: return vmxHCExitXcptDE(pVCpu, pVmxTransient);
7493 default:
7494 return vmxHCExitXcptOthers(pVCpu, pVmxTransient);
7495 }
7496 }
7497 /* else: inject pending event before resuming guest execution. */
7498 }
7499 else if (rcStrict == VINF_HM_DOUBLE_FAULT)
7500 {
7501 Assert(VCPU_2_VMXSTATE(pVCpu).Event.fPending);
7502 rcStrict = VINF_SUCCESS;
7503 }
7504
7505 return rcStrict;
7506}
7507/** @} */
7508
7509
7510/** @name VM-exit handlers.
7511 * @{
7512 */
7513/* -=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
7514/* -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- VM-exit handlers -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- */
7515/* -=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
7516
7517/**
7518 * VM-exit handler for external interrupts (VMX_EXIT_EXT_INT).
7519 */
7520HMVMX_EXIT_DECL vmxHCExitExtInt(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7521{
7522 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7523 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitExtInt);
7524
7525#ifndef IN_NEM_DARWIN
7526 /* Windows hosts (32-bit and 64-bit) have DPC latency issues. See @bugref{6853}. */
7527 if (VMMR0ThreadCtxHookIsEnabled(pVCpu))
7528 return VINF_SUCCESS;
7529 return VINF_EM_RAW_INTERRUPT;
7530#else
7531 return VINF_SUCCESS;
7532#endif
7533}
7534
7535
7536/**
7537 * VM-exit handler for exceptions or NMIs (VMX_EXIT_XCPT_OR_NMI). Conditional
7538 * VM-exit.
7539 */
7540HMVMX_EXIT_DECL vmxHCExitXcptOrNmi(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7541{
7542 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7543 STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatExitXcptNmi, y3);
7544
7545 vmxHCReadToTransient<HMVMX_READ_EXIT_INTERRUPTION_INFO>(pVCpu, pVmxTransient);
7546
7547 uint32_t const uExitIntType = VMX_EXIT_INT_INFO_TYPE(pVmxTransient->uExitIntInfo);
7548 uint8_t const uVector = VMX_EXIT_INT_INFO_VECTOR(pVmxTransient->uExitIntInfo);
7549 Assert(VMX_EXIT_INT_INFO_IS_VALID(pVmxTransient->uExitIntInfo));
7550
7551 PCVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7552 Assert( !(pVmcsInfo->u32ExitCtls & VMX_EXIT_CTLS_ACK_EXT_INT)
7553 && uExitIntType != VMX_EXIT_INT_INFO_TYPE_EXT_INT);
7554 NOREF(pVmcsInfo);
7555
7556 VBOXSTRICTRC rcStrict;
7557 switch (uExitIntType)
7558 {
7559#ifndef IN_NEM_DARWIN /* NMIs should never reach R3. */
7560 /*
7561 * Host physical NMIs:
7562 * This cannot be a guest NMI as the only way for the guest to receive an NMI is if we
7563 * injected it ourselves and anything we inject is not going to cause a VM-exit directly
7564 * for the event being injected[1]. Go ahead and dispatch the NMI to the host[2].
7565 *
7566 * See Intel spec. 27.2.3 "Information for VM Exits During Event Delivery".
7567 * See Intel spec. 27.5.5 "Updating Non-Register State".
7568 */
7569 case VMX_EXIT_INT_INFO_TYPE_NMI:
7570 {
7571 rcStrict = hmR0VmxExitHostNmi(pVCpu, pVmcsInfo);
7572 break;
7573 }
7574#endif
7575
7576 /*
7577 * Privileged software exceptions (#DB from ICEBP),
7578 * Software exceptions (#BP and #OF),
7579 * Hardware exceptions:
7580 * Process the required exceptions and resume guest execution if possible.
7581 */
7582 case VMX_EXIT_INT_INFO_TYPE_PRIV_SW_XCPT:
7583 Assert(uVector == X86_XCPT_DB);
7584 RT_FALL_THRU();
7585 case VMX_EXIT_INT_INFO_TYPE_SW_XCPT:
7586 Assert(uVector == X86_XCPT_BP || uVector == X86_XCPT_OF || uExitIntType == VMX_EXIT_INT_INFO_TYPE_PRIV_SW_XCPT);
7587 RT_FALL_THRU();
7588 case VMX_EXIT_INT_INFO_TYPE_HW_XCPT:
7589 {
7590 NOREF(uVector);
7591 vmxHCReadToTransient< HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
7592 | HMVMX_READ_EXIT_INSTR_LEN
7593 | HMVMX_READ_IDT_VECTORING_INFO
7594 | HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
7595 rcStrict = vmxHCExitXcpt(pVCpu, pVmxTransient);
7596 break;
7597 }
7598
7599 default:
7600 {
7601 VCPU_2_VMXSTATE(pVCpu).u32HMError = pVmxTransient->uExitIntInfo;
7602 rcStrict = VERR_VMX_UNEXPECTED_INTERRUPTION_EXIT_TYPE;
7603 AssertMsgFailed(("Invalid/unexpected VM-exit interruption info %#x\n", pVmxTransient->uExitIntInfo));
7604 break;
7605 }
7606 }
7607
7608 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatExitXcptNmi, y3);
7609 return rcStrict;
7610}
7611
7612
7613/**
7614 * VM-exit handler for interrupt-window exiting (VMX_EXIT_INT_WINDOW).
7615 */
7616HMVMX_EXIT_NSRC_DECL vmxHCExitIntWindow(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7617{
7618 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7619
7620 /* Indicate that we no longer need to VM-exit when the guest is ready to receive interrupts, it is now ready. */
7621 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7622 vmxHCClearIntWindowExitVmcs(pVCpu, pVmcsInfo);
7623
7624 /* Evaluate and deliver pending events and resume guest execution. */
7625 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitIntWindow);
7626 return VINF_SUCCESS;
7627}
7628
7629
7630/**
7631 * VM-exit handler for NMI-window exiting (VMX_EXIT_NMI_WINDOW).
7632 */
7633HMVMX_EXIT_NSRC_DECL vmxHCExitNmiWindow(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7634{
7635 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7636
7637 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7638 if (RT_UNLIKELY(!(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_NMI_WINDOW_EXIT))) /** @todo NSTVMX: Turn this into an assertion. */
7639 {
7640 AssertMsgFailed(("Unexpected NMI-window exit.\n"));
7641 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, pVmxTransient->uExitReason);
7642 }
7643
7644 Assert(!CPUMAreInterruptsInhibitedByNmiEx(&pVCpu->cpum.GstCtx));
7645
7646 /*
7647 * If block-by-STI is set when we get this VM-exit, it means the CPU doesn't block NMIs following STI.
7648 * It is therefore safe to unblock STI and deliver the NMI ourselves. See @bugref{7445}.
7649 */
7650 uint32_t fIntrState;
7651 int rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_INT_STATE, &fIntrState);
7652 AssertRC(rc);
7653 Assert(!(fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS));
7654 if (fIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_STI)
7655 {
7656 CPUMClearInterruptShadow(&pVCpu->cpum.GstCtx);
7657
7658 fIntrState &= ~VMX_VMCS_GUEST_INT_STATE_BLOCK_STI;
7659 rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_GUEST_INT_STATE, fIntrState);
7660 AssertRC(rc);
7661 }
7662
7663 /* Indicate that we no longer need to VM-exit when the guest is ready to receive NMIs, it is now ready */
7664 vmxHCClearNmiWindowExitVmcs(pVCpu, pVmcsInfo);
7665
7666 /* Evaluate and deliver pending events and resume guest execution. */
7667 return VINF_SUCCESS;
7668}
7669
7670
7671/**
7672 * VM-exit handler for WBINVD (VMX_EXIT_WBINVD). Conditional VM-exit.
7673 */
7674HMVMX_EXIT_NSRC_DECL vmxHCExitWbinvd(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7675{
7676 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7677 return vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
7678}
7679
7680
7681/**
7682 * VM-exit handler for INVD (VMX_EXIT_INVD). Unconditional VM-exit.
7683 */
7684HMVMX_EXIT_NSRC_DECL vmxHCExitInvd(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7685{
7686 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7687 return vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
7688}
7689
7690
7691/**
7692 * VM-exit handler for CPUID (VMX_EXIT_CPUID). Unconditional VM-exit.
7693 */
7694HMVMX_EXIT_DECL vmxHCExitCpuid(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7695{
7696 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7697
7698 /*
7699 * Get the state we need and update the exit history entry.
7700 */
7701 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7702 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7703 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
7704 AssertRCReturn(rc, rc);
7705
7706 VBOXSTRICTRC rcStrict;
7707 PCEMEXITREC pExitRec = EMHistoryUpdateFlagsAndTypeAndPC(pVCpu,
7708 EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM | EMEXIT_F_HM, EMEXITTYPE_CPUID),
7709 pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base);
7710 if (!pExitRec)
7711 {
7712 /*
7713 * Regular CPUID instruction execution.
7714 */
7715 rcStrict = IEMExecDecodedCpuid(pVCpu, pVmxTransient->cbExitInstr);
7716 if (rcStrict == VINF_SUCCESS)
7717 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7718 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7719 {
7720 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7721 rcStrict = VINF_SUCCESS;
7722 }
7723 }
7724 else
7725 {
7726 /*
7727 * Frequent exit or something needing probing. Get state and call EMHistoryExec.
7728 */
7729 int rc2 = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL,
7730 IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
7731 AssertRCReturn(rc2, rc2);
7732
7733 Log4(("CpuIdExit/%u: %04x:%08RX64: %#x/%#x -> EMHistoryExec\n",
7734 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.eax, pVCpu->cpum.GstCtx.ecx));
7735
7736 rcStrict = EMHistoryExec(pVCpu, pExitRec, 0);
7737 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
7738
7739 Log4(("CpuIdExit/%u: %04x:%08RX64: EMHistoryExec -> %Rrc + %04x:%08RX64\n",
7740 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
7741 VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
7742 }
7743 return rcStrict;
7744}
7745
7746
7747/**
7748 * VM-exit handler for GETSEC (VMX_EXIT_GETSEC). Unconditional VM-exit.
7749 */
7750HMVMX_EXIT_DECL vmxHCExitGetsec(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7751{
7752 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7753
7754 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7755 int rc = vmxHCImportGuestState<CPUMCTX_EXTRN_CR4>(pVCpu, pVmcsInfo, __FUNCTION__);
7756 AssertRCReturn(rc, rc);
7757
7758 if (pVCpu->cpum.GstCtx.cr4 & X86_CR4_SMXE)
7759 return VINF_EM_RAW_EMULATE_INSTR;
7760
7761 AssertMsgFailed(("vmxHCExitGetsec: Unexpected VM-exit when CR4.SMXE is 0.\n"));
7762 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, pVmxTransient->uExitReason);
7763}
7764
7765
7766/**
7767 * VM-exit handler for RDTSC (VMX_EXIT_RDTSC). Conditional VM-exit.
7768 */
7769HMVMX_EXIT_DECL vmxHCExitRdtsc(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7770{
7771 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7772
7773 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7774 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7775 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
7776 AssertRCReturn(rc, rc);
7777
7778 VBOXSTRICTRC rcStrict = IEMExecDecodedRdtsc(pVCpu, pVmxTransient->cbExitInstr);
7779 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
7780 {
7781 /* If we get a spurious VM-exit when TSC offsetting is enabled,
7782 we must reset offsetting on VM-entry. See @bugref{6634}. */
7783 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TSC_OFFSETTING)
7784 pVmxTransient->fUpdatedTscOffsettingAndPreemptTimer = false;
7785 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7786 }
7787 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7788 {
7789 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7790 rcStrict = VINF_SUCCESS;
7791 }
7792 return rcStrict;
7793}
7794
7795
7796/**
7797 * VM-exit handler for RDTSCP (VMX_EXIT_RDTSCP). Conditional VM-exit.
7798 */
7799HMVMX_EXIT_DECL vmxHCExitRdtscp(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7800{
7801 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7802
7803 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7804 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7805 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK | CPUMCTX_EXTRN_TSC_AUX>(pVCpu, pVmcsInfo, __FUNCTION__);
7806 AssertRCReturn(rc, rc);
7807
7808 VBOXSTRICTRC rcStrict = IEMExecDecodedRdtscp(pVCpu, pVmxTransient->cbExitInstr);
7809 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
7810 {
7811 /* If we get a spurious VM-exit when TSC offsetting is enabled,
7812 we must reset offsetting on VM-reentry. See @bugref{6634}. */
7813 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TSC_OFFSETTING)
7814 pVmxTransient->fUpdatedTscOffsettingAndPreemptTimer = false;
7815 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7816 }
7817 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7818 {
7819 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7820 rcStrict = VINF_SUCCESS;
7821 }
7822 return rcStrict;
7823}
7824
7825
7826/**
7827 * VM-exit handler for RDPMC (VMX_EXIT_RDPMC). Conditional VM-exit.
7828 */
7829HMVMX_EXIT_DECL vmxHCExitRdpmc(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7830{
7831 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7832
7833 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7834 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7835 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_CR4>(pVCpu, pVmcsInfo, __FUNCTION__);
7836 AssertRCReturn(rc, rc);
7837
7838 VBOXSTRICTRC rcStrict = IEMExecDecodedRdpmc(pVCpu, pVmxTransient->cbExitInstr);
7839 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
7840 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7841 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7842 {
7843 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7844 rcStrict = VINF_SUCCESS;
7845 }
7846 return rcStrict;
7847}
7848
7849
7850/**
7851 * VM-exit handler for VMCALL (VMX_EXIT_VMCALL). Unconditional VM-exit.
7852 */
7853HMVMX_EXIT_DECL vmxHCExitVmcall(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7854{
7855 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7856
7857 VBOXSTRICTRC rcStrict = VERR_VMX_IPE_3;
7858 if (EMAreHypercallInstructionsEnabled(pVCpu))
7859 {
7860 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7861 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RIP
7862 | CPUMCTX_EXTRN_RFLAGS
7863 | CPUMCTX_EXTRN_CR0
7864 | CPUMCTX_EXTRN_SS
7865 | CPUMCTX_EXTRN_CS
7866 | CPUMCTX_EXTRN_EFER>(pVCpu, pVmcsInfo, __FUNCTION__);
7867 AssertRCReturn(rc, rc);
7868
7869 /* Perform the hypercall. */
7870 rcStrict = GIMHypercall(pVCpu, &pVCpu->cpum.GstCtx);
7871 if (rcStrict == VINF_SUCCESS)
7872 {
7873 rc = vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
7874 AssertRCReturn(rc, rc);
7875 }
7876 else
7877 Assert( rcStrict == VINF_GIM_R3_HYPERCALL
7878 || rcStrict == VINF_GIM_HYPERCALL_CONTINUING
7879 || RT_FAILURE(rcStrict));
7880
7881 /* If the hypercall changes anything other than guest's general-purpose registers,
7882 we would need to reload the guest changed bits here before VM-entry. */
7883 }
7884 else
7885 Log4Func(("Hypercalls not enabled\n"));
7886
7887 /* If hypercalls are disabled or the hypercall failed for some reason, raise #UD and continue. */
7888 if (RT_FAILURE(rcStrict))
7889 {
7890 vmxHCSetPendingXcptUD(pVCpu);
7891 rcStrict = VINF_SUCCESS;
7892 }
7893
7894 return rcStrict;
7895}
7896
7897
7898/**
7899 * VM-exit handler for INVLPG (VMX_EXIT_INVLPG). Conditional VM-exit.
7900 */
7901HMVMX_EXIT_DECL vmxHCExitInvlpg(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7902{
7903 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7904#ifndef IN_NEM_DARWIN
7905 Assert(!pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging || pVCpu->hmr0.s.fUsingDebugLoop);
7906#endif
7907
7908 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7909 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
7910 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7911 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
7912 AssertRCReturn(rc, rc);
7913
7914 VBOXSTRICTRC rcStrict = IEMExecDecodedInvlpg(pVCpu, pVmxTransient->cbExitInstr, pVmxTransient->uExitQual);
7915
7916 if (rcStrict == VINF_SUCCESS || rcStrict == VINF_PGM_SYNC_CR3)
7917 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7918 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7919 {
7920 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7921 rcStrict = VINF_SUCCESS;
7922 }
7923 else
7924 AssertMsgFailed(("Unexpected IEMExecDecodedInvlpg(%#RX64) status: %Rrc\n", pVmxTransient->uExitQual,
7925 VBOXSTRICTRC_VAL(rcStrict)));
7926 return rcStrict;
7927}
7928
7929
7930/**
7931 * VM-exit handler for MONITOR (VMX_EXIT_MONITOR). Conditional VM-exit.
7932 */
7933HMVMX_EXIT_DECL vmxHCExitMonitor(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7934{
7935 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7936
7937 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7938 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7939 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_DS>(pVCpu, pVmcsInfo, __FUNCTION__);
7940 AssertRCReturn(rc, rc);
7941
7942 VBOXSTRICTRC rcStrict = IEMExecDecodedMonitor(pVCpu, pVmxTransient->cbExitInstr);
7943 if (rcStrict == VINF_SUCCESS)
7944 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7945 else if (rcStrict == VINF_IEM_RAISED_XCPT)
7946 {
7947 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
7948 rcStrict = VINF_SUCCESS;
7949 }
7950
7951 return rcStrict;
7952}
7953
7954
7955/**
7956 * VM-exit handler for MWAIT (VMX_EXIT_MWAIT). Conditional VM-exit.
7957 */
7958HMVMX_EXIT_DECL vmxHCExitMwait(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7959{
7960 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7961
7962 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
7963 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
7964 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
7965 AssertRCReturn(rc, rc);
7966
7967 VBOXSTRICTRC rcStrict = IEMExecDecodedMwait(pVCpu, pVmxTransient->cbExitInstr);
7968 if (RT_SUCCESS(rcStrict))
7969 {
7970 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
7971 if (EMMonitorWaitShouldContinue(pVCpu, &pVCpu->cpum.GstCtx))
7972 rcStrict = VINF_SUCCESS;
7973 }
7974
7975 return rcStrict;
7976}
7977
7978
7979/**
7980 * VM-exit handler for triple faults (VMX_EXIT_TRIPLE_FAULT). Unconditional
7981 * VM-exit.
7982 */
7983HMVMX_EXIT_DECL vmxHCExitTripleFault(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7984{
7985 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7986 return VINF_EM_RESET;
7987}
7988
7989
7990/**
7991 * VM-exit handler for HLT (VMX_EXIT_HLT). Conditional VM-exit.
7992 */
7993HMVMX_EXIT_DECL vmxHCExitHlt(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
7994{
7995 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
7996
7997 int rc = vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
7998 AssertRCReturn(rc, rc);
7999
8000 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_RFLAGS); /* Advancing the RIP above should've imported eflags. */
8001 if (EMShouldContinueAfterHalt(pVCpu, &pVCpu->cpum.GstCtx)) /* Requires eflags. */
8002 rc = VINF_SUCCESS;
8003 else
8004 rc = VINF_EM_HALT;
8005
8006 if (rc != VINF_SUCCESS)
8007 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchHltToR3);
8008 return rc;
8009}
8010
8011
8012#ifndef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
8013/**
8014 * VM-exit handler for instructions that result in a \#UD exception delivered to
8015 * the guest.
8016 */
8017HMVMX_EXIT_NSRC_DECL vmxHCExitSetPendingXcptUD(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8018{
8019 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8020 vmxHCSetPendingXcptUD(pVCpu);
8021 return VINF_SUCCESS;
8022}
8023#endif
8024
8025
8026/**
8027 * VM-exit handler for expiry of the VMX-preemption timer.
8028 */
8029HMVMX_EXIT_DECL vmxHCExitPreemptTimer(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8030{
8031 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8032
8033 /* If the VMX-preemption timer has expired, reinitialize the preemption timer on next VM-entry. */
8034 pVmxTransient->fUpdatedTscOffsettingAndPreemptTimer = false;
8035Log12(("vmxHCExitPreemptTimer:\n"));
8036
8037 /* If there are any timer events pending, fall back to ring-3, otherwise resume guest execution. */
8038 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
8039 bool fTimersPending = TMTimerPollBool(pVM, pVCpu);
8040 STAM_REL_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitPreemptTimer);
8041 return fTimersPending ? VINF_EM_RAW_TIMER_PENDING : VINF_SUCCESS;
8042}
8043
8044
8045/**
8046 * VM-exit handler for XSETBV (VMX_EXIT_XSETBV). Unconditional VM-exit.
8047 */
8048HMVMX_EXIT_DECL vmxHCExitXsetbv(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8049{
8050 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8051
8052 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
8053 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8054 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK | CPUMCTX_EXTRN_CR4>(pVCpu, pVmcsInfo, __FUNCTION__);
8055 AssertRCReturn(rc, rc);
8056
8057 VBOXSTRICTRC rcStrict = IEMExecDecodedXsetbv(pVCpu, pVmxTransient->cbExitInstr);
8058 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, rcStrict != VINF_IEM_RAISED_XCPT ? HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS
8059 : HM_CHANGED_RAISED_XCPT_MASK);
8060
8061#ifndef IN_NEM_DARWIN
8062 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
8063 bool const fLoadSaveGuestXcr0 = (pCtx->cr4 & X86_CR4_OSXSAVE) && pCtx->aXcr[0] != ASMGetXcr0();
8064 if (fLoadSaveGuestXcr0 != pVCpu->hmr0.s.fLoadSaveGuestXcr0)
8065 {
8066 pVCpu->hmr0.s.fLoadSaveGuestXcr0 = fLoadSaveGuestXcr0;
8067 hmR0VmxUpdateStartVmFunction(pVCpu);
8068 }
8069#endif
8070
8071 return rcStrict;
8072}
8073
8074
8075/**
8076 * VM-exit handler for INVPCID (VMX_EXIT_INVPCID). Conditional VM-exit.
8077 */
8078HMVMX_EXIT_DECL vmxHCExitInvpcid(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8079{
8080 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8081
8082 /** @todo Enable the new code after finding a reliably guest test-case. */
8083#if 1
8084 return VERR_EM_INTERPRETER;
8085#else
8086 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
8087 | HMVMX_READ_EXIT_INSTR_INFO
8088 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8089 int rc = vmxHCImportGuestState(pVCpu, pVmxTransient->pVmcsInfo, CPUMCTX_EXTRN_RSP | CPUMCTX_EXTRN_SREG_MASK
8090 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK);
8091 AssertRCReturn(rc, rc);
8092
8093 /* Paranoia. Ensure this has a memory operand. */
8094 Assert(!pVmxTransient->ExitInstrInfo.Inv.u1Cleared0);
8095
8096 uint8_t const iGReg = pVmxTransient->ExitInstrInfo.VmreadVmwrite.iReg2;
8097 Assert(iGReg < RT_ELEMENTS(pVCpu->cpum.GstCtx.aGRegs));
8098 uint64_t const uType = CPUMIsGuestIn64BitCode(pVCpu) ? pVCpu->cpum.GstCtx.aGRegs[iGReg].u64
8099 : pVCpu->cpum.GstCtx.aGRegs[iGReg].u32;
8100
8101 RTGCPTR GCPtrDesc;
8102 HMVMX_DECODE_MEM_OPERAND(pVCpu, pVmxTransient->ExitInstrInfo.u, pVmxTransient->uExitQual, VMXMEMACCESS_READ, &GCPtrDesc);
8103
8104 VBOXSTRICTRC rcStrict = IEMExecDecodedInvpcid(pVCpu, pVmxTransient->cbExitInstr, pVmxTransient->ExitInstrInfo.Inv.iSegReg,
8105 GCPtrDesc, uType);
8106 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
8107 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
8108 else if (rcStrict == VINF_IEM_RAISED_XCPT)
8109 {
8110 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
8111 rcStrict = VINF_SUCCESS;
8112 }
8113 return rcStrict;
8114#endif
8115}
8116
8117
8118/**
8119 * VM-exit handler for invalid-guest-state (VMX_EXIT_ERR_INVALID_GUEST_STATE). Error
8120 * VM-exit.
8121 */
8122HMVMX_EXIT_NSRC_DECL vmxHCExitErrInvalidGuestState(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8123{
8124 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
8125 int rc = vmxHCImportGuestStateEx(pVCpu, pVmcsInfo, HMVMX_CPUMCTX_EXTRN_ALL);
8126 AssertRCReturn(rc, rc);
8127
8128 rc = vmxHCCheckCachedVmcsCtls(pVCpu, pVmcsInfo, pVmxTransient->fIsNestedGuest);
8129 if (RT_FAILURE(rc))
8130 return rc;
8131
8132 uint32_t const uInvalidReason = vmxHCCheckGuestState(pVCpu, pVmcsInfo);
8133 NOREF(uInvalidReason);
8134
8135#ifdef VBOX_STRICT
8136 uint32_t fIntrState;
8137 uint64_t u64Val;
8138 vmxHCReadToTransient< HMVMX_READ_EXIT_INSTR_INFO
8139 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8140 vmxHCReadEntryXcptErrorCodeVmcs(pVCpu, pVmxTransient);
8141
8142 Log4(("uInvalidReason %u\n", uInvalidReason));
8143 Log4(("VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO %#RX32\n", pVmxTransient->uEntryIntInfo));
8144 Log4(("VMX_VMCS32_CTRL_ENTRY_EXCEPTION_ERRCODE %#RX32\n", pVmxTransient->uEntryXcptErrorCode));
8145 Log4(("VMX_VMCS32_CTRL_ENTRY_INSTR_LENGTH %#RX32\n", pVmxTransient->cbEntryInstr));
8146
8147 rc = VMX_VMCS_READ_32(pVCpu, VMX_VMCS32_GUEST_INT_STATE, &fIntrState); AssertRC(rc);
8148 Log4(("VMX_VMCS32_GUEST_INT_STATE %#RX32\n", fIntrState));
8149 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_GUEST_CR0, &u64Val); AssertRC(rc);
8150 Log4(("VMX_VMCS_GUEST_CR0 %#RX64\n", u64Val));
8151 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_CTRL_CR0_MASK, &u64Val); AssertRC(rc);
8152 Log4(("VMX_VMCS_CTRL_CR0_MASK %#RX64\n", u64Val));
8153 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_CTRL_CR0_READ_SHADOW, &u64Val); AssertRC(rc);
8154 Log4(("VMX_VMCS_CTRL_CR4_READ_SHADOW %#RX64\n", u64Val));
8155 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_CTRL_CR4_MASK, &u64Val); AssertRC(rc);
8156 Log4(("VMX_VMCS_CTRL_CR4_MASK %#RX64\n", u64Val));
8157 rc = VMX_VMCS_READ_NW(pVCpu, VMX_VMCS_CTRL_CR4_READ_SHADOW, &u64Val); AssertRC(rc);
8158 Log4(("VMX_VMCS_CTRL_CR4_READ_SHADOW %#RX64\n", u64Val));
8159# ifndef IN_NEM_DARWIN
8160 if (pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging)
8161 {
8162 rc = VMX_VMCS_READ_64(pVCpu, VMX_VMCS64_CTRL_EPTP_FULL, &u64Val); AssertRC(rc);
8163 Log4(("VMX_VMCS64_CTRL_EPTP_FULL %#RX64\n", u64Val));
8164 }
8165
8166 hmR0DumpRegs(pVCpu, HM_DUMP_REG_FLAGS_ALL);
8167# endif
8168#endif
8169
8170 return VERR_VMX_INVALID_GUEST_STATE;
8171}
8172
8173/**
8174 * VM-exit handler for all undefined/unexpected reasons. Should never happen.
8175 */
8176HMVMX_EXIT_NSRC_DECL vmxHCExitErrUnexpected(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8177{
8178 /*
8179 * Cumulative notes of all recognized but unexpected VM-exits.
8180 *
8181 * 1. This does -not- cover scenarios like a page-fault VM-exit occurring when
8182 * nested-paging is used.
8183 *
8184 * 2. Any instruction that causes a VM-exit unconditionally (for e.g. VMXON) must be
8185 * emulated or a #UD must be raised in the guest. Therefore, we should -not- be using
8186 * this function (and thereby stop VM execution) for handling such instructions.
8187 *
8188 *
8189 * VMX_EXIT_INIT_SIGNAL:
8190 * INIT signals are blocked in VMX root operation by VMXON and by SMI in SMM.
8191 * It is -NOT- blocked in VMX non-root operation so we can, in theory, still get these
8192 * VM-exits. However, we should not receive INIT signals VM-exit while executing a VM.
8193 *
8194 * See Intel spec. 33.14.1 Default Treatment of SMI Delivery"
8195 * See Intel spec. 29.3 "VMX Instructions" for "VMXON".
8196 * See Intel spec. "23.8 Restrictions on VMX operation".
8197 *
8198 * VMX_EXIT_SIPI:
8199 * SIPI exits can only occur in VMX non-root operation when the "wait-for-SIPI" guest
8200 * activity state is used. We don't make use of it as our guests don't have direct
8201 * access to the host local APIC.
8202 *
8203 * See Intel spec. 25.3 "Other Causes of VM-exits".
8204 *
8205 * VMX_EXIT_IO_SMI:
8206 * VMX_EXIT_SMI:
8207 * This can only happen if we support dual-monitor treatment of SMI, which can be
8208 * activated by executing VMCALL in VMX root operation. Only an STM (SMM transfer
8209 * monitor) would get this VM-exit when we (the executive monitor) execute a VMCALL in
8210 * VMX root mode or receive an SMI. If we get here, something funny is going on.
8211 *
8212 * See Intel spec. 33.15.6 "Activating the Dual-Monitor Treatment"
8213 * See Intel spec. 25.3 "Other Causes of VM-Exits"
8214 *
8215 * VMX_EXIT_ERR_MSR_LOAD:
8216 * Failures while loading MSRs are part of the VM-entry MSR-load area are unexpected
8217 * and typically indicates a bug in the hypervisor code. We thus cannot not resume
8218 * execution.
8219 *
8220 * See Intel spec. 26.7 "VM-Entry Failures During Or After Loading Guest State".
8221 *
8222 * VMX_EXIT_ERR_MACHINE_CHECK:
8223 * Machine check exceptions indicates a fatal/unrecoverable hardware condition
8224 * including but not limited to system bus, ECC, parity, cache and TLB errors. A
8225 * #MC exception abort class exception is raised. We thus cannot assume a
8226 * reasonable chance of continuing any sort of execution and we bail.
8227 *
8228 * See Intel spec. 15.1 "Machine-check Architecture".
8229 * See Intel spec. 27.1 "Architectural State Before A VM Exit".
8230 *
8231 * VMX_EXIT_PML_FULL:
8232 * VMX_EXIT_VIRTUALIZED_EOI:
8233 * VMX_EXIT_APIC_WRITE:
8234 * We do not currently support any of these features and thus they are all unexpected
8235 * VM-exits.
8236 *
8237 * VMX_EXIT_GDTR_IDTR_ACCESS:
8238 * VMX_EXIT_LDTR_TR_ACCESS:
8239 * VMX_EXIT_RDRAND:
8240 * VMX_EXIT_RSM:
8241 * VMX_EXIT_VMFUNC:
8242 * VMX_EXIT_ENCLS:
8243 * VMX_EXIT_RDSEED:
8244 * VMX_EXIT_XSAVES:
8245 * VMX_EXIT_XRSTORS:
8246 * VMX_EXIT_UMWAIT:
8247 * VMX_EXIT_TPAUSE:
8248 * VMX_EXIT_LOADIWKEY:
8249 * These VM-exits are -not- caused unconditionally by execution of the corresponding
8250 * instruction. Any VM-exit for these instructions indicate a hardware problem,
8251 * unsupported CPU modes (like SMM) or potentially corrupt VMCS controls.
8252 *
8253 * See Intel spec. 25.1.3 "Instructions That Cause VM Exits Conditionally".
8254 */
8255 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8256 AssertMsgFailed(("Unexpected VM-exit %u\n", pVmxTransient->uExitReason));
8257 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, pVmxTransient->uExitReason);
8258}
8259
8260
8261/**
8262 * VM-exit handler for RDMSR (VMX_EXIT_RDMSR).
8263 */
8264HMVMX_EXIT_DECL vmxHCExitRdmsr(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8265{
8266 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8267
8268 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8269
8270 /** @todo Optimize this: We currently drag in the whole MSR state
8271 * (CPUMCTX_EXTRN_ALL_MSRS) here. We should optimize this to only get
8272 * MSRs required. That would require changes to IEM and possibly CPUM too.
8273 * (Should probably do it lazy fashion from CPUMAllMsrs.cpp). */
8274 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
8275 uint32_t const idMsr = pVCpu->cpum.GstCtx.ecx;
8276 int rc;
8277 switch (idMsr)
8278 {
8279 default:
8280 rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_ALL_MSRS>(pVCpu, pVmcsInfo,
8281 __FUNCTION__);
8282 AssertRCReturn(rc, rc);
8283 break;
8284 case MSR_K8_FS_BASE:
8285 rc = vmxHCImportGuestState< IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_ALL_MSRS
8286 | CPUMCTX_EXTRN_FS>(pVCpu, pVmcsInfo, __FUNCTION__);
8287 AssertRCReturn(rc, rc);
8288 break;
8289 case MSR_K8_GS_BASE:
8290 rc = vmxHCImportGuestState< IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_ALL_MSRS
8291 | CPUMCTX_EXTRN_GS>(pVCpu, pVmcsInfo, __FUNCTION__);
8292 AssertRCReturn(rc, rc);
8293 break;
8294 }
8295
8296 Log4Func(("ecx=%#RX32\n", idMsr));
8297
8298#if defined(VBOX_STRICT) && !defined(IN_NEM_DARWIN)
8299 Assert(!pVmxTransient->fIsNestedGuest);
8300 if (pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_MSR_BITMAPS)
8301 {
8302 if ( hmR0VmxIsAutoLoadGuestMsr(pVmcsInfo, idMsr)
8303 && idMsr != MSR_K6_EFER)
8304 {
8305 AssertMsgFailed(("Unexpected RDMSR for an MSR in the auto-load/store area in the VMCS. ecx=%#RX32\n", idMsr));
8306 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, idMsr);
8307 }
8308 if (hmR0VmxIsLazyGuestMsr(pVCpu, idMsr))
8309 {
8310 Assert(pVmcsInfo->pvMsrBitmap);
8311 uint32_t fMsrpm = CPUMGetVmxMsrPermission(pVmcsInfo->pvMsrBitmap, idMsr);
8312 if (fMsrpm & VMXMSRPM_ALLOW_RD)
8313 {
8314 AssertMsgFailed(("Unexpected RDMSR for a passthru lazy-restore MSR. ecx=%#RX32\n", idMsr));
8315 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, idMsr);
8316 }
8317 }
8318 }
8319#endif
8320
8321 VBOXSTRICTRC rcStrict = IEMExecDecodedRdmsr(pVCpu, pVmxTransient->cbExitInstr);
8322 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitRdmsr);
8323 if (rcStrict == VINF_SUCCESS)
8324 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
8325 else if (rcStrict == VINF_IEM_RAISED_XCPT)
8326 {
8327 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
8328 rcStrict = VINF_SUCCESS;
8329 }
8330 else
8331 AssertMsg(rcStrict == VINF_CPUM_R3_MSR_READ || rcStrict == VINF_EM_TRIPLE_FAULT,
8332 ("Unexpected IEMExecDecodedRdmsr rc (%Rrc)\n", VBOXSTRICTRC_VAL(rcStrict)));
8333
8334 return rcStrict;
8335}
8336
8337
8338/**
8339 * VM-exit handler for WRMSR (VMX_EXIT_WRMSR).
8340 */
8341HMVMX_EXIT_DECL vmxHCExitWrmsr(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8342{
8343 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8344
8345 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8346
8347 /*
8348 * The FS and GS base MSRs are not part of the above all-MSRs mask.
8349 * Although we don't need to fetch the base as it will be overwritten shortly, while
8350 * loading guest-state we would also load the entire segment register including limit
8351 * and attributes and thus we need to load them here.
8352 */
8353 /** @todo Optimize this: We currently drag in the whole MSR state
8354 * (CPUMCTX_EXTRN_ALL_MSRS) here. We should optimize this to only get
8355 * MSRs required. That would require changes to IEM and possibly CPUM too.
8356 * (Should probably do it lazy fashion from CPUMAllMsrs.cpp). */
8357 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
8358 uint32_t const idMsr = pVCpu->cpum.GstCtx.ecx;
8359 int rc;
8360 switch (idMsr)
8361 {
8362 default:
8363 rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_ALL_MSRS>(pVCpu, pVmcsInfo,
8364 __FUNCTION__);
8365 AssertRCReturn(rc, rc);
8366 break;
8367
8368 case MSR_K8_FS_BASE:
8369 rc = vmxHCImportGuestState< IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_ALL_MSRS
8370 | CPUMCTX_EXTRN_FS>(pVCpu, pVmcsInfo, __FUNCTION__);
8371 AssertRCReturn(rc, rc);
8372 break;
8373 case MSR_K8_GS_BASE:
8374 rc = vmxHCImportGuestState< IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_ALL_MSRS
8375 | CPUMCTX_EXTRN_GS>(pVCpu, pVmcsInfo, __FUNCTION__);
8376 AssertRCReturn(rc, rc);
8377 break;
8378 }
8379 Log4Func(("ecx=%#RX32 edx:eax=%#RX32:%#RX32\n", idMsr, pVCpu->cpum.GstCtx.edx, pVCpu->cpum.GstCtx.eax));
8380
8381 VBOXSTRICTRC rcStrict = IEMExecDecodedWrmsr(pVCpu, pVmxTransient->cbExitInstr);
8382 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitWrmsr);
8383
8384 if (rcStrict == VINF_SUCCESS)
8385 {
8386 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
8387
8388 /* If this is an X2APIC WRMSR access, update the APIC state as well. */
8389 if ( idMsr == MSR_IA32_APICBASE
8390 || ( idMsr >= MSR_IA32_X2APIC_START
8391 && idMsr <= MSR_IA32_X2APIC_END))
8392 {
8393 /*
8394 * We've already saved the APIC related guest-state (TPR) in post-run phase.
8395 * When full APIC register virtualization is implemented we'll have to make
8396 * sure APIC state is saved from the VMCS before IEM changes it.
8397 */
8398 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_APIC_TPR);
8399 }
8400 else if (idMsr == MSR_IA32_TSC) /* Windows 7 does this during bootup. See @bugref{6398}. */
8401 pVmxTransient->fUpdatedTscOffsettingAndPreemptTimer = false;
8402 else if (idMsr == MSR_K6_EFER)
8403 {
8404 /*
8405 * If the guest touches the EFER MSR we need to update the VM-Entry and VM-Exit controls
8406 * as well, even if it is -not- touching bits that cause paging mode changes (LMA/LME).
8407 * We care about the other bits as well, SCE and NXE. See @bugref{7368}.
8408 */
8409 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_EFER_MSR | HM_CHANGED_VMX_ENTRY_EXIT_CTLS);
8410 }
8411
8412 /* Update MSRs that are part of the VMCS and auto-load/store area when MSR-bitmaps are not used. */
8413 if (!(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_MSR_BITMAPS))
8414 {
8415 switch (idMsr)
8416 {
8417 case MSR_IA32_SYSENTER_CS: ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_SYSENTER_CS_MSR); break;
8418 case MSR_IA32_SYSENTER_EIP: ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_SYSENTER_EIP_MSR); break;
8419 case MSR_IA32_SYSENTER_ESP: ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_SYSENTER_ESP_MSR); break;
8420 case MSR_K8_FS_BASE: ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_FS); break;
8421 case MSR_K8_GS_BASE: ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_GS); break;
8422 case MSR_K6_EFER: /* Nothing to do, already handled above. */ break;
8423 default:
8424 {
8425#ifndef IN_NEM_DARWIN
8426 if (hmR0VmxIsLazyGuestMsr(pVCpu, idMsr))
8427 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_VMX_GUEST_LAZY_MSRS);
8428 else if (hmR0VmxIsAutoLoadGuestMsr(pVmcsInfo, idMsr))
8429 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_VMX_GUEST_AUTO_MSRS);
8430#else
8431 AssertMsgFailed(("TODO\n"));
8432#endif
8433 break;
8434 }
8435 }
8436 }
8437#if defined(VBOX_STRICT) && !defined(IN_NEM_DARWIN)
8438 else
8439 {
8440 /* Paranoia. Validate that MSRs in the MSR-bitmaps with write-passthru are not intercepted. */
8441 switch (idMsr)
8442 {
8443 case MSR_IA32_SYSENTER_CS:
8444 case MSR_IA32_SYSENTER_EIP:
8445 case MSR_IA32_SYSENTER_ESP:
8446 case MSR_K8_FS_BASE:
8447 case MSR_K8_GS_BASE:
8448 {
8449 AssertMsgFailed(("Unexpected WRMSR for an MSR in the VMCS. ecx=%#RX32\n", idMsr));
8450 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, idMsr);
8451 }
8452
8453 /* Writes to MSRs in auto-load/store area/swapped MSRs, shouldn't cause VM-exits with MSR-bitmaps. */
8454 default:
8455 {
8456 if (hmR0VmxIsAutoLoadGuestMsr(pVmcsInfo, idMsr))
8457 {
8458 /* EFER MSR writes are always intercepted. */
8459 if (idMsr != MSR_K6_EFER)
8460 {
8461 AssertMsgFailed(("Unexpected WRMSR for an MSR in the auto-load/store area in the VMCS. ecx=%#RX32\n",
8462 idMsr));
8463 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, idMsr);
8464 }
8465 }
8466
8467 if (hmR0VmxIsLazyGuestMsr(pVCpu, idMsr))
8468 {
8469 Assert(pVmcsInfo->pvMsrBitmap);
8470 uint32_t fMsrpm = CPUMGetVmxMsrPermission(pVmcsInfo->pvMsrBitmap, idMsr);
8471 if (fMsrpm & VMXMSRPM_ALLOW_WR)
8472 {
8473 AssertMsgFailed(("Unexpected WRMSR for passthru, lazy-restore MSR. ecx=%#RX32\n", idMsr));
8474 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, idMsr);
8475 }
8476 }
8477 break;
8478 }
8479 }
8480 }
8481#endif /* VBOX_STRICT */
8482 }
8483 else if (rcStrict == VINF_IEM_RAISED_XCPT)
8484 {
8485 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
8486 rcStrict = VINF_SUCCESS;
8487 }
8488 else
8489 AssertMsg(rcStrict == VINF_CPUM_R3_MSR_WRITE || rcStrict == VINF_EM_TRIPLE_FAULT,
8490 ("Unexpected IEMExecDecodedWrmsr rc (%Rrc)\n", VBOXSTRICTRC_VAL(rcStrict)));
8491
8492 return rcStrict;
8493}
8494
8495
8496/**
8497 * VM-exit handler for PAUSE (VMX_EXIT_PAUSE). Conditional VM-exit.
8498 */
8499HMVMX_EXIT_DECL vmxHCExitPause(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8500{
8501 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8502
8503 /** @todo The guest has likely hit a contended spinlock. We might want to
8504 * poke a schedule different guest VCPU. */
8505 int rc = vmxHCAdvanceGuestRip(pVCpu, pVmxTransient);
8506 if (RT_SUCCESS(rc))
8507 return VINF_EM_RAW_INTERRUPT;
8508
8509 AssertMsgFailed(("vmxHCExitPause: Failed to increment RIP. rc=%Rrc\n", rc));
8510 return rc;
8511}
8512
8513
8514/**
8515 * VM-exit handler for when the TPR value is lowered below the specified
8516 * threshold (VMX_EXIT_TPR_BELOW_THRESHOLD). Conditional VM-exit.
8517 */
8518HMVMX_EXIT_NSRC_DECL vmxHCExitTprBelowThreshold(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8519{
8520 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8521 Assert(pVmxTransient->pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW);
8522
8523 /*
8524 * The TPR shadow would've been synced with the APIC TPR in the post-run phase.
8525 * We'll re-evaluate pending interrupts and inject them before the next VM
8526 * entry so we can just continue execution here.
8527 */
8528 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitTprBelowThreshold);
8529 return VINF_SUCCESS;
8530}
8531
8532
8533/**
8534 * VM-exit handler for control-register accesses (VMX_EXIT_MOV_CRX). Conditional
8535 * VM-exit.
8536 *
8537 * @retval VINF_SUCCESS when guest execution can continue.
8538 * @retval VINF_PGM_SYNC_CR3 CR3 sync is required, back to ring-3.
8539 * @retval VERR_EM_RESCHEDULE_REM when we need to return to ring-3 due to
8540 * incompatible guest state for VMX execution (real-on-v86 case).
8541 */
8542HMVMX_EXIT_DECL vmxHCExitMovCRx(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8543{
8544 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8545 STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatExitMovCRx, y2);
8546
8547 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
8548 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
8549 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8550
8551 VBOXSTRICTRC rcStrict;
8552 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
8553 uint64_t const uExitQual = pVmxTransient->uExitQual;
8554 uint32_t const uAccessType = VMX_EXIT_QUAL_CRX_ACCESS(uExitQual);
8555 switch (uAccessType)
8556 {
8557 /*
8558 * MOV to CRx.
8559 */
8560 case VMX_EXIT_QUAL_CRX_ACCESS_WRITE:
8561 {
8562 /*
8563 * When PAE paging is used, the CPU will reload PAE PDPTEs from CR3 when the guest
8564 * changes certain bits even in CR0, CR4 (and not just CR3). We are currently fine
8565 * since IEM_CPUMCTX_EXTRN_MUST_MASK (used below) includes CR3 which will import
8566 * PAE PDPTEs as well.
8567 */
8568 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
8569 AssertRCReturn(rc, rc);
8570
8571 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_CR0);
8572#ifndef IN_NEM_DARWIN
8573 uint32_t const uOldCr0 = pVCpu->cpum.GstCtx.cr0;
8574#endif
8575 uint8_t const iGReg = VMX_EXIT_QUAL_CRX_GENREG(uExitQual);
8576 uint8_t const iCrReg = VMX_EXIT_QUAL_CRX_REGISTER(uExitQual);
8577
8578 /*
8579 * MOV to CR3 only cause a VM-exit when one or more of the following are true:
8580 * - When nested paging isn't used.
8581 * - If the guest doesn't have paging enabled (intercept CR3 to update shadow page tables).
8582 * - We are executing in the VM debug loop.
8583 */
8584#ifndef HMVMX_ALWAYS_INTERCEPT_CR3_ACCESS
8585# ifndef IN_NEM_DARWIN
8586 Assert( iCrReg != 3
8587 || !VM_IS_VMX_NESTED_PAGING(pVM)
8588 || !CPUMIsGuestPagingEnabledEx(&pVCpu->cpum.GstCtx)
8589 || pVCpu->hmr0.s.fUsingDebugLoop);
8590# else
8591 Assert( iCrReg != 3
8592 || !CPUMIsGuestPagingEnabledEx(&pVCpu->cpum.GstCtx));
8593# endif
8594#endif
8595
8596 /* MOV to CR8 writes only cause VM-exits when TPR shadow is not used. */
8597 Assert( iCrReg != 8
8598 || !(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW));
8599
8600 rcStrict = vmxHCExitMovToCrX(pVCpu, pVmxTransient->cbExitInstr, iGReg, iCrReg);
8601 AssertMsg( rcStrict == VINF_SUCCESS
8602 || rcStrict == VINF_PGM_SYNC_CR3, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
8603
8604#ifndef IN_NEM_DARWIN
8605 /*
8606 * This is a kludge for handling switches back to real mode when we try to use
8607 * V86 mode to run real mode code directly. Problem is that V86 mode cannot
8608 * deal with special selector values, so we have to return to ring-3 and run
8609 * there till the selector values are V86 mode compatible.
8610 *
8611 * Note! Using VINF_EM_RESCHEDULE_REM here rather than VINF_EM_RESCHEDULE since the
8612 * latter is an alias for VINF_IEM_RAISED_XCPT which is asserted at the end of
8613 * this function.
8614 */
8615 if ( iCrReg == 0
8616 && rcStrict == VINF_SUCCESS
8617 && !VM_IS_VMX_UNRESTRICTED_GUEST(pVM)
8618 && CPUMIsGuestInRealModeEx(&pVCpu->cpum.GstCtx)
8619 && (uOldCr0 & X86_CR0_PE)
8620 && !(pVCpu->cpum.GstCtx.cr0 & X86_CR0_PE))
8621 {
8622 /** @todo Check selectors rather than returning all the time. */
8623 Assert(!pVmxTransient->fIsNestedGuest);
8624 Log4Func(("CR0 write, back to real mode -> VINF_EM_RESCHEDULE_REM\n"));
8625 rcStrict = VINF_EM_RESCHEDULE_REM;
8626 }
8627#endif
8628
8629 break;
8630 }
8631
8632 /*
8633 * MOV from CRx.
8634 */
8635 case VMX_EXIT_QUAL_CRX_ACCESS_READ:
8636 {
8637 uint8_t const iGReg = VMX_EXIT_QUAL_CRX_GENREG(uExitQual);
8638 uint8_t const iCrReg = VMX_EXIT_QUAL_CRX_REGISTER(uExitQual);
8639
8640 /*
8641 * MOV from CR3 only cause a VM-exit when one or more of the following are true:
8642 * - When nested paging isn't used.
8643 * - If the guest doesn't have paging enabled (pass guest's CR3 rather than our identity mapped CR3).
8644 * - We are executing in the VM debug loop.
8645 */
8646#ifndef HMVMX_ALWAYS_INTERCEPT_CR3_ACCESS
8647# ifndef IN_NEM_DARWIN
8648 Assert( iCrReg != 3
8649 || !VM_IS_VMX_NESTED_PAGING(pVM)
8650 || !CPUMIsGuestPagingEnabledEx(&pVCpu->cpum.GstCtx)
8651 || pVCpu->hmr0.s.fLeaveDone);
8652# else
8653 Assert( iCrReg != 3
8654 || !CPUMIsGuestPagingEnabledEx(&pVCpu->cpum.GstCtx));
8655# endif
8656#endif
8657
8658 /* MOV from CR8 reads only cause a VM-exit when the TPR shadow feature isn't enabled. */
8659 Assert( iCrReg != 8
8660 || !(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW));
8661
8662 rcStrict = vmxHCExitMovFromCrX(pVCpu, pVmcsInfo, pVmxTransient->cbExitInstr, iGReg, iCrReg);
8663 break;
8664 }
8665
8666 /*
8667 * CLTS (Clear Task-Switch Flag in CR0).
8668 */
8669 case VMX_EXIT_QUAL_CRX_ACCESS_CLTS:
8670 {
8671 rcStrict = vmxHCExitClts(pVCpu, pVmcsInfo, pVmxTransient->cbExitInstr);
8672 break;
8673 }
8674
8675 /*
8676 * LMSW (Load Machine-Status Word into CR0).
8677 * LMSW cannot clear CR0.PE, so no fRealOnV86Active kludge needed here.
8678 */
8679 case VMX_EXIT_QUAL_CRX_ACCESS_LMSW:
8680 {
8681 RTGCPTR GCPtrEffDst;
8682 uint8_t const cbInstr = pVmxTransient->cbExitInstr;
8683 uint16_t const uMsw = VMX_EXIT_QUAL_CRX_LMSW_DATA(uExitQual);
8684 bool const fMemOperand = VMX_EXIT_QUAL_CRX_LMSW_OP_MEM(uExitQual);
8685 if (fMemOperand)
8686 {
8687 vmxHCReadToTransient<HMVMX_READ_GUEST_LINEAR_ADDR>(pVCpu, pVmxTransient);
8688 GCPtrEffDst = pVmxTransient->uGuestLinearAddr;
8689 }
8690 else
8691 GCPtrEffDst = NIL_RTGCPTR;
8692 rcStrict = vmxHCExitLmsw(pVCpu, pVmcsInfo, cbInstr, uMsw, GCPtrEffDst);
8693 break;
8694 }
8695
8696 default:
8697 {
8698 AssertMsgFailed(("Unrecognized Mov CRX access type %#x\n", uAccessType));
8699 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, uAccessType);
8700 }
8701 }
8702
8703 Assert((VCPU_2_VMXSTATE(pVCpu).fCtxChanged & (HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS))
8704 == (HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS));
8705 Assert(rcStrict != VINF_IEM_RAISED_XCPT);
8706
8707 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatExitMovCRx, y2);
8708 NOREF(pVM);
8709 return rcStrict;
8710}
8711
8712
8713/**
8714 * VM-exit handler for I/O instructions (VMX_EXIT_IO_INSTR). Conditional
8715 * VM-exit.
8716 */
8717HMVMX_EXIT_DECL vmxHCExitIoInstr(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8718{
8719 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8720 STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatExitIO, y1);
8721
8722 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
8723 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
8724 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
8725 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8726#define VMX_HC_EXIT_IO_INSTR_INITIAL_REGS (IEM_CPUMCTX_EXTRN_MUST_MASK | CPUMCTX_EXTRN_SREG_MASK | CPUMCTX_EXTRN_EFER)
8727 /* EFER MSR also required for longmode checks in EMInterpretDisasCurrent(), but it's always up-to-date. */
8728 int rc = vmxHCImportGuestState<VMX_HC_EXIT_IO_INSTR_INITIAL_REGS>(pVCpu, pVmcsInfo, __FUNCTION__);
8729 AssertRCReturn(rc, rc);
8730
8731 /* Refer Intel spec. 27-5. "Exit Qualifications for I/O Instructions" for the format. */
8732 uint32_t const uIOPort = VMX_EXIT_QUAL_IO_PORT(pVmxTransient->uExitQual);
8733 uint8_t const uIOSize = VMX_EXIT_QUAL_IO_SIZE(pVmxTransient->uExitQual);
8734 bool const fIOWrite = (VMX_EXIT_QUAL_IO_DIRECTION(pVmxTransient->uExitQual) == VMX_EXIT_QUAL_IO_DIRECTION_OUT);
8735 bool const fIOString = VMX_EXIT_QUAL_IO_IS_STRING(pVmxTransient->uExitQual);
8736 bool const fGstStepping = RT_BOOL(pCtx->eflags.Bits.u1TF);
8737 bool const fDbgStepping = VCPU_2_VMXSTATE(pVCpu).fSingleInstruction;
8738 AssertReturn(uIOSize <= 3 && uIOSize != 2, VERR_VMX_IPE_1);
8739
8740 /*
8741 * Update exit history to see if this exit can be optimized.
8742 */
8743 VBOXSTRICTRC rcStrict;
8744 PCEMEXITREC pExitRec = NULL;
8745 if ( !fGstStepping
8746 && !fDbgStepping)
8747 pExitRec = EMHistoryUpdateFlagsAndTypeAndPC(pVCpu,
8748 !fIOString
8749 ? !fIOWrite
8750 ? EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM | EMEXIT_F_HM, EMEXITTYPE_IO_PORT_READ)
8751 : EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM | EMEXIT_F_HM, EMEXITTYPE_IO_PORT_WRITE)
8752 : !fIOWrite
8753 ? EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM | EMEXIT_F_HM, EMEXITTYPE_IO_PORT_STR_READ)
8754 : EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM | EMEXIT_F_HM, EMEXITTYPE_IO_PORT_STR_WRITE),
8755 pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base);
8756 if (!pExitRec)
8757 {
8758 static uint32_t const s_aIOSizes[4] = { 1, 2, 0, 4 }; /* Size of the I/O accesses in bytes. */
8759 static uint32_t const s_aIOOpAnd[4] = { 0xff, 0xffff, 0, 0xffffffff }; /* AND masks for saving result in AL/AX/EAX. */
8760
8761 uint32_t const cbValue = s_aIOSizes[uIOSize];
8762 uint32_t const cbInstr = pVmxTransient->cbExitInstr;
8763 bool fUpdateRipAlready = false; /* ugly hack, should be temporary. */
8764 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
8765 if (fIOString)
8766 {
8767 /*
8768 * INS/OUTS - I/O String instruction.
8769 *
8770 * Use instruction-information if available, otherwise fall back on
8771 * interpreting the instruction.
8772 */
8773 Log4Func(("cs:rip=%#04x:%08RX64 %#06x/%u %c str\n", pCtx->cs.Sel, pCtx->rip, uIOPort, cbValue, fIOWrite ? 'w' : 'r'));
8774 AssertReturn(pCtx->dx == uIOPort, VERR_VMX_IPE_2);
8775 bool const fInsOutsInfo = RT_BF_GET(g_HmMsrs.u.vmx.u64Basic, VMX_BF_BASIC_VMCS_INS_OUTS);
8776 if (fInsOutsInfo)
8777 {
8778 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_INFO>(pVCpu, pVmxTransient);
8779 AssertReturn(pVmxTransient->ExitInstrInfo.StrIo.u3AddrSize <= 2, VERR_VMX_IPE_3);
8780 AssertCompile(IEMMODE_16BIT == 0 && IEMMODE_32BIT == 1 && IEMMODE_64BIT == 2);
8781 IEMMODE const enmAddrMode = (IEMMODE)pVmxTransient->ExitInstrInfo.StrIo.u3AddrSize;
8782 bool const fRep = VMX_EXIT_QUAL_IO_IS_REP(pVmxTransient->uExitQual);
8783 if (fIOWrite)
8784 rcStrict = IEMExecStringIoWrite(pVCpu, cbValue, enmAddrMode, fRep, cbInstr,
8785 pVmxTransient->ExitInstrInfo.StrIo.iSegReg, true /*fIoChecked*/);
8786 else
8787 {
8788 /*
8789 * The segment prefix for INS cannot be overridden and is always ES. We can safely assume X86_SREG_ES.
8790 * Hence "iSegReg" field is undefined in the instruction-information field in VT-x for INS.
8791 * See Intel Instruction spec. for "INS".
8792 * See Intel spec. Table 27-8 "Format of the VM-Exit Instruction-Information Field as Used for INS and OUTS".
8793 */
8794 rcStrict = IEMExecStringIoRead(pVCpu, cbValue, enmAddrMode, fRep, cbInstr, true /*fIoChecked*/);
8795 }
8796 }
8797 else
8798 rcStrict = IEMExecOne(pVCpu);
8799
8800 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP);
8801 fUpdateRipAlready = true;
8802 }
8803 else
8804 {
8805 /*
8806 * IN/OUT - I/O instruction.
8807 */
8808 Log4Func(("cs:rip=%04x:%08RX64 %#06x/%u %c\n", pCtx->cs.Sel, pCtx->rip, uIOPort, cbValue, fIOWrite ? 'w' : 'r'));
8809 uint32_t const uAndVal = s_aIOOpAnd[uIOSize];
8810 Assert(!VMX_EXIT_QUAL_IO_IS_REP(pVmxTransient->uExitQual));
8811 if (fIOWrite)
8812 {
8813 rcStrict = IOMIOPortWrite(pVM, pVCpu, uIOPort, pCtx->eax & uAndVal, cbValue);
8814 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitIOWrite);
8815#ifndef IN_NEM_DARWIN
8816 if ( rcStrict == VINF_IOM_R3_IOPORT_WRITE
8817 && !pCtx->eflags.Bits.u1TF)
8818 rcStrict = EMRZSetPendingIoPortWrite(pVCpu, uIOPort, cbInstr, cbValue, pCtx->eax & uAndVal);
8819#endif
8820 }
8821 else
8822 {
8823 uint32_t u32Result = 0;
8824 rcStrict = IOMIOPortRead(pVM, pVCpu, uIOPort, &u32Result, cbValue);
8825 if (IOM_SUCCESS(rcStrict))
8826 {
8827 /* Save result of I/O IN instr. in AL/AX/EAX. */
8828 pCtx->eax = (pCtx->eax & ~uAndVal) | (u32Result & uAndVal);
8829 }
8830#ifndef IN_NEM_DARWIN
8831 if ( rcStrict == VINF_IOM_R3_IOPORT_READ
8832 && !pCtx->eflags.Bits.u1TF)
8833 rcStrict = EMRZSetPendingIoPortRead(pVCpu, uIOPort, cbInstr, cbValue);
8834#endif
8835 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitIORead);
8836 }
8837 }
8838
8839 if (IOM_SUCCESS(rcStrict))
8840 {
8841 if (!fUpdateRipAlready)
8842 {
8843 vmxHCAdvanceGuestRipBy(pVCpu, cbInstr);
8844 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP);
8845 }
8846
8847 /*
8848 * INS/OUTS with REP prefix updates RFLAGS, can be observed with triple-fault guru
8849 * while booting Fedora 17 64-bit guest.
8850 *
8851 * See Intel Instruction reference for REP/REPE/REPZ/REPNE/REPNZ.
8852 */
8853 if (fIOString)
8854 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RFLAGS);
8855
8856 /*
8857 * If any I/O breakpoints are armed, we need to check if one triggered
8858 * and take appropriate action.
8859 * Note that the I/O breakpoint type is undefined if CR4.DE is 0.
8860 */
8861#if 1
8862 AssertCompile(VMX_HC_EXIT_IO_INSTR_INITIAL_REGS & CPUMCTX_EXTRN_DR7);
8863#else
8864 AssertCompile(!(VMX_HC_EXIT_IO_INSTR_INITIAL_REGS & CPUMCTX_EXTRN_DR7));
8865 rc = vmxHCImportGuestState<CPUMCTX_EXTRN_DR7>(pVCpu, pVmcsInfo);
8866 AssertRCReturn(rc, rc);
8867#endif
8868
8869 /** @todo Optimize away the DBGFBpIsHwIoArmed call by having DBGF tell the
8870 * execution engines about whether hyper BPs and such are pending. */
8871 uint32_t const uDr7 = pCtx->dr[7];
8872 if (RT_UNLIKELY( ( (uDr7 & X86_DR7_ENABLED_MASK)
8873 && X86_DR7_ANY_RW_IO(uDr7)
8874 && (pCtx->cr4 & X86_CR4_DE))
8875 || DBGFBpIsHwIoArmed(pVM)))
8876 {
8877 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatDRxIoCheck);
8878
8879#ifndef IN_NEM_DARWIN
8880 /* We're playing with the host CPU state here, make sure we don't preempt or longjmp. */
8881 VMMRZCallRing3Disable(pVCpu);
8882 HM_DISABLE_PREEMPT(pVCpu);
8883
8884 bool fIsGuestDbgActive = CPUMR0DebugStateMaybeSaveGuest(pVCpu, true /* fDr6 */);
8885
8886 VBOXSTRICTRC rcStrict2 = DBGFBpCheckIo(pVM, pVCpu, pCtx, uIOPort, cbValue);
8887 if (rcStrict2 == VINF_EM_RAW_GUEST_TRAP)
8888 {
8889 /* Raise #DB. */
8890 if (fIsGuestDbgActive)
8891 ASMSetDR6(pCtx->dr[6]);
8892 if (pCtx->dr[7] != uDr7)
8893 VCPU_2_VMXSTATE(pVCpu).fCtxChanged |= HM_CHANGED_GUEST_DR7;
8894
8895 vmxHCSetPendingXcptDB(pVCpu);
8896 }
8897 /* rcStrict is VINF_SUCCESS, VINF_IOM_R3_IOPORT_COMMIT_WRITE, or in [VINF_EM_FIRST..VINF_EM_LAST],
8898 however we can ditch VINF_IOM_R3_IOPORT_COMMIT_WRITE as it has VMCPU_FF_IOM as backup. */
8899 else if ( rcStrict2 != VINF_SUCCESS
8900 && (rcStrict == VINF_SUCCESS || rcStrict2 < rcStrict))
8901 rcStrict = rcStrict2;
8902 AssertCompile(VINF_EM_LAST < VINF_IOM_R3_IOPORT_COMMIT_WRITE);
8903
8904 HM_RESTORE_PREEMPT();
8905 VMMRZCallRing3Enable(pVCpu);
8906#else
8907 /** @todo */
8908#endif
8909 }
8910 }
8911
8912#ifdef VBOX_STRICT
8913 if ( rcStrict == VINF_IOM_R3_IOPORT_READ
8914 || rcStrict == VINF_EM_PENDING_R3_IOPORT_READ)
8915 Assert(!fIOWrite);
8916 else if ( rcStrict == VINF_IOM_R3_IOPORT_WRITE
8917 || rcStrict == VINF_IOM_R3_IOPORT_COMMIT_WRITE
8918 || rcStrict == VINF_EM_PENDING_R3_IOPORT_WRITE)
8919 Assert(fIOWrite);
8920 else
8921 {
8922# if 0 /** @todo r=bird: This is missing a bunch of VINF_EM_FIRST..VINF_EM_LAST
8923 * statuses, that the VMM device and some others may return. See
8924 * IOM_SUCCESS() for guidance. */
8925 AssertMsg( RT_FAILURE(rcStrict)
8926 || rcStrict == VINF_SUCCESS
8927 || rcStrict == VINF_EM_RAW_EMULATE_INSTR
8928 || rcStrict == VINF_EM_DBG_BREAKPOINT
8929 || rcStrict == VINF_EM_RAW_GUEST_TRAP
8930 || rcStrict == VINF_EM_RAW_TO_R3, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
8931# endif
8932 }
8933#endif
8934 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatExitIO, y1);
8935 }
8936 else
8937 {
8938 /*
8939 * Frequent exit or something needing probing. Get state and call EMHistoryExec.
8940 */
8941 int rc2 = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL,
8942 VMX_HC_EXIT_IO_INSTR_INITIAL_REGS>(pVCpu, pVmcsInfo, __FUNCTION__);
8943 AssertRCReturn(rc2, rc2);
8944 STAM_COUNTER_INC(!fIOString ? fIOWrite ? &VCPU_2_VMXSTATS(pVCpu).StatExitIOWrite : &VCPU_2_VMXSTATS(pVCpu).StatExitIORead
8945 : fIOWrite ? &VCPU_2_VMXSTATS(pVCpu).StatExitIOStringWrite : &VCPU_2_VMXSTATS(pVCpu).StatExitIOStringRead);
8946 Log4(("IOExit/%u: %04x:%08RX64: %s%s%s %#x LB %u -> EMHistoryExec\n",
8947 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
8948 VMX_EXIT_QUAL_IO_IS_REP(pVmxTransient->uExitQual) ? "REP " : "",
8949 fIOWrite ? "OUT" : "IN", fIOString ? "S" : "", uIOPort, uIOSize));
8950
8951 rcStrict = EMHistoryExec(pVCpu, pExitRec, 0);
8952 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
8953
8954 Log4(("IOExit/%u: %04x:%08RX64: EMHistoryExec -> %Rrc + %04x:%08RX64\n",
8955 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
8956 VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
8957 }
8958 return rcStrict;
8959}
8960
8961
8962/**
8963 * VM-exit handler for task switches (VMX_EXIT_TASK_SWITCH). Unconditional
8964 * VM-exit.
8965 */
8966HMVMX_EXIT_DECL vmxHCExitTaskSwitch(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
8967{
8968 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
8969
8970 /* Check if this task-switch occurred while delivery an event through the guest IDT. */
8971 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
8972 if (VMX_EXIT_QUAL_TASK_SWITCH_TYPE(pVmxTransient->uExitQual) == VMX_EXIT_QUAL_TASK_SWITCH_TYPE_IDT)
8973 {
8974 vmxHCReadToTransient<HMVMX_READ_IDT_VECTORING_INFO>(pVCpu, pVmxTransient);
8975 if (VMX_IDT_VECTORING_INFO_IS_VALID(pVmxTransient->uIdtVectoringInfo))
8976 {
8977 uint32_t uErrCode;
8978 if (VMX_IDT_VECTORING_INFO_IS_ERROR_CODE_VALID(pVmxTransient->uIdtVectoringInfo))
8979 {
8980 vmxHCReadToTransient<HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
8981 uErrCode = pVmxTransient->uIdtVectoringErrorCode;
8982 }
8983 else
8984 uErrCode = 0;
8985
8986 RTGCUINTPTR GCPtrFaultAddress;
8987 if (VMX_IDT_VECTORING_INFO_IS_XCPT_PF(pVmxTransient->uIdtVectoringInfo))
8988 GCPtrFaultAddress = pVCpu->cpum.GstCtx.cr2;
8989 else
8990 GCPtrFaultAddress = 0;
8991
8992 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
8993
8994 vmxHCSetPendingEvent(pVCpu, VMX_ENTRY_INT_INFO_FROM_EXIT_IDT_INFO(pVmxTransient->uIdtVectoringInfo),
8995 pVmxTransient->cbExitInstr, uErrCode, GCPtrFaultAddress);
8996
8997 Log4Func(("Pending event. uIntType=%#x uVector=%#x\n", VMX_IDT_VECTORING_INFO_TYPE(pVmxTransient->uIdtVectoringInfo),
8998 VMX_IDT_VECTORING_INFO_VECTOR(pVmxTransient->uIdtVectoringInfo)));
8999 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitTaskSwitch);
9000 return VINF_EM_RAW_INJECT_TRPM_EVENT;
9001 }
9002 }
9003
9004 /* Fall back to the interpreter to emulate the task-switch. */
9005 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitTaskSwitch);
9006 return VERR_EM_INTERPRETER;
9007}
9008
9009
9010/**
9011 * VM-exit handler for monitor-trap-flag (VMX_EXIT_MTF). Conditional VM-exit.
9012 */
9013HMVMX_EXIT_DECL vmxHCExitMtf(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9014{
9015 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9016
9017 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
9018 pVmcsInfo->u32ProcCtls &= ~VMX_PROC_CTLS_MONITOR_TRAP_FLAG;
9019 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
9020 AssertRC(rc);
9021 return VINF_EM_DBG_STEPPED;
9022}
9023
9024
9025/**
9026 * VM-exit handler for APIC access (VMX_EXIT_APIC_ACCESS). Conditional VM-exit.
9027 */
9028HMVMX_EXIT_DECL vmxHCExitApicAccess(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9029{
9030 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9031 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitApicAccess);
9032
9033 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9034 | HMVMX_READ_EXIT_INSTR_LEN
9035 | HMVMX_READ_EXIT_INTERRUPTION_INFO
9036 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
9037 | HMVMX_READ_IDT_VECTORING_INFO
9038 | HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
9039
9040 /*
9041 * If this VM-exit occurred while delivering an event through the guest IDT, handle it accordingly.
9042 */
9043 VBOXSTRICTRC rcStrict = vmxHCCheckExitDueToEventDelivery(pVCpu, pVmxTransient);
9044 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9045 {
9046 /* For some crazy guest, if an event delivery causes an APIC-access VM-exit, go to instruction emulation. */
9047 if (RT_UNLIKELY(VCPU_2_VMXSTATE(pVCpu).Event.fPending))
9048 {
9049 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectInterpret);
9050 return VINF_EM_RAW_INJECT_TRPM_EVENT;
9051 }
9052 }
9053 else
9054 {
9055 Assert(rcStrict != VINF_HM_DOUBLE_FAULT);
9056 return rcStrict;
9057 }
9058
9059 /* IOMMIOPhysHandler() below may call into IEM, save the necessary state. */
9060 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
9061 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
9062 AssertRCReturn(rc, rc);
9063
9064 /* See Intel spec. 27-6 "Exit Qualifications for APIC-access VM-exits from Linear Accesses & Guest-Phyiscal Addresses" */
9065 uint32_t const uAccessType = VMX_EXIT_QUAL_APIC_ACCESS_TYPE(pVmxTransient->uExitQual);
9066 switch (uAccessType)
9067 {
9068#ifndef IN_NEM_DARWIN
9069 case VMX_APIC_ACCESS_TYPE_LINEAR_WRITE:
9070 case VMX_APIC_ACCESS_TYPE_LINEAR_READ:
9071 {
9072 AssertMsg( !(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW)
9073 || VMX_EXIT_QUAL_APIC_ACCESS_OFFSET(pVmxTransient->uExitQual) != XAPIC_OFF_TPR,
9074 ("vmxHCExitApicAccess: can't access TPR offset while using TPR shadowing.\n"));
9075
9076 RTGCPHYS GCPhys = VCPU_2_VMXSTATE(pVCpu).vmx.u64GstMsrApicBase; /* Always up-to-date, as it is not part of the VMCS. */
9077 GCPhys &= ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
9078 GCPhys += VMX_EXIT_QUAL_APIC_ACCESS_OFFSET(pVmxTransient->uExitQual);
9079 Log4Func(("Linear access uAccessType=%#x GCPhys=%#RGp Off=%#x\n", uAccessType, GCPhys,
9080 VMX_EXIT_QUAL_APIC_ACCESS_OFFSET(pVmxTransient->uExitQual)));
9081
9082 rcStrict = IOMR0MmioPhysHandler(pVCpu->CTX_SUFF(pVM), pVCpu,
9083 uAccessType == VMX_APIC_ACCESS_TYPE_LINEAR_READ ? 0 : X86_TRAP_PF_RW, GCPhys);
9084 Log4Func(("IOMR0MmioPhysHandler returned %Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
9085 if ( rcStrict == VINF_SUCCESS
9086 || rcStrict == VERR_PAGE_TABLE_NOT_PRESENT
9087 || rcStrict == VERR_PAGE_NOT_PRESENT)
9088 {
9089 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RSP | HM_CHANGED_GUEST_RFLAGS
9090 | HM_CHANGED_GUEST_APIC_TPR);
9091 rcStrict = VINF_SUCCESS;
9092 }
9093 break;
9094 }
9095#else
9096 /** @todo */
9097#endif
9098
9099 default:
9100 {
9101 Log4Func(("uAccessType=%#x\n", uAccessType));
9102 rcStrict = VINF_EM_RAW_EMULATE_INSTR;
9103 break;
9104 }
9105 }
9106
9107 if (rcStrict != VINF_SUCCESS)
9108 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatSwitchApicAccessToR3);
9109 return rcStrict;
9110}
9111
9112
9113/**
9114 * VM-exit handler for debug-register accesses (VMX_EXIT_MOV_DRX). Conditional
9115 * VM-exit.
9116 */
9117HMVMX_EXIT_DECL vmxHCExitMovDRx(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9118{
9119 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9120 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
9121
9122 /*
9123 * We might also get this VM-exit if the nested-guest isn't intercepting MOV DRx accesses.
9124 * In such a case, rather than disabling MOV DRx intercepts and resuming execution, we
9125 * must emulate the MOV DRx access.
9126 */
9127 if (!pVmxTransient->fIsNestedGuest)
9128 {
9129 /* We should -not- get this VM-exit if the guest's debug registers were active. */
9130 if ( pVmxTransient->fWasGuestDebugStateActive
9131#ifdef VMX_WITH_MAYBE_ALWAYS_INTERCEPT_MOV_DRX
9132 && !pVCpu->CTX_SUFF(pVM)->hmr0.s.vmx.fAlwaysInterceptMovDRx
9133#endif
9134 )
9135 {
9136 AssertMsgFailed(("Unexpected MOV DRx exit\n"));
9137 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, pVmxTransient->uExitReason);
9138 }
9139
9140 if ( !VCPU_2_VMXSTATE(pVCpu).fSingleInstruction
9141 && !pVmxTransient->fWasHyperDebugStateActive)
9142 {
9143 Assert(!DBGFIsStepping(pVCpu));
9144 Assert(pVmcsInfo->u32XcptBitmap & RT_BIT(X86_XCPT_DB));
9145
9146 /* Whether we disable intercepting MOV DRx instructions and resume
9147 the current one, or emulate it and keep intercepting them is
9148 configurable. Though it usually comes down to whether there are
9149 any new DR6 & DR7 bits (RTM) we want to hide from the guest. */
9150#ifdef VMX_WITH_MAYBE_ALWAYS_INTERCEPT_MOV_DRX
9151 bool const fResumeInstruction = !pVCpu->CTX_SUFF(pVM)->hmr0.s.vmx.fAlwaysInterceptMovDRx;
9152#else
9153 bool const fResumeInstruction = true;
9154#endif
9155 if (fResumeInstruction)
9156 {
9157 pVmcsInfo->u32ProcCtls &= ~VMX_PROC_CTLS_MOV_DR_EXIT;
9158 int rc = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
9159 AssertRC(rc);
9160 }
9161
9162#ifndef IN_NEM_DARWIN
9163 /* We're playing with the host CPU state here, make sure we can't preempt or longjmp. */
9164 VMMRZCallRing3Disable(pVCpu);
9165 HM_DISABLE_PREEMPT(pVCpu);
9166
9167 /* Save the host & load the guest debug state, restart execution of the MOV DRx instruction. */
9168 CPUMR0LoadGuestDebugState(pVCpu, true /* include DR6 */);
9169 Assert(CPUMIsGuestDebugStateActive(pVCpu));
9170
9171 HM_RESTORE_PREEMPT();
9172 VMMRZCallRing3Enable(pVCpu);
9173#else
9174 CPUMR3NemActivateGuestDebugState(pVCpu);
9175 Assert(CPUMIsGuestDebugStateActive(pVCpu));
9176 Assert(!CPUMIsHyperDebugStateActive(pVCpu));
9177#endif
9178
9179 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatDRxContextSwitch);
9180 if (fResumeInstruction)
9181 {
9182#ifdef VBOX_WITH_STATISTICS
9183 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
9184 if (VMX_EXIT_QUAL_DRX_DIRECTION(pVmxTransient->uExitQual) == VMX_EXIT_QUAL_DRX_DIRECTION_WRITE)
9185 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitDRxWrite);
9186 else
9187 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitDRxRead);
9188#endif
9189 return VINF_SUCCESS;
9190 }
9191 }
9192 }
9193
9194 /*
9195 * Import state. We must have DR7 loaded here as it's always consulted,
9196 * both for reading and writing. The other debug registers are never
9197 * exported as such.
9198 */
9199 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9200 int rc = vmxHCImportGuestState< IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK
9201 | CPUMCTX_EXTRN_GPRS_MASK
9202 | CPUMCTX_EXTRN_DR7>(pVCpu, pVmcsInfo, __FUNCTION__);
9203 AssertRCReturn(rc, rc);
9204
9205 uint8_t const iGReg = VMX_EXIT_QUAL_DRX_GENREG(pVmxTransient->uExitQual);
9206 uint8_t const iDrReg = VMX_EXIT_QUAL_DRX_REGISTER(pVmxTransient->uExitQual);
9207 Log4Func(("cs:rip=%#04x:%08RX64 r%d %s dr%d\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, iGReg,
9208 VMX_EXIT_QUAL_DRX_DIRECTION(pVmxTransient->uExitQual) == VMX_EXIT_QUAL_DRX_DIRECTION_WRITE ? "->" : "<-", iDrReg));
9209
9210 VBOXSTRICTRC rcStrict;
9211 if (VMX_EXIT_QUAL_DRX_DIRECTION(pVmxTransient->uExitQual) == VMX_EXIT_QUAL_DRX_DIRECTION_WRITE)
9212 {
9213 /*
9214 * Write DRx register.
9215 */
9216 rcStrict = IEMExecDecodedMovDRxWrite(pVCpu, pVmxTransient->cbExitInstr, iDrReg, iGReg);
9217 AssertMsg( rcStrict == VINF_SUCCESS
9218 || rcStrict == VINF_IEM_RAISED_XCPT, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
9219
9220 if (rcStrict == VINF_SUCCESS)
9221 {
9222 /** @todo r=bird: Not sure why we always flag DR7 as modified here, but I've
9223 * kept it for now to avoid breaking something non-obvious. */
9224 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS
9225 | HM_CHANGED_GUEST_DR7);
9226 /* Update the DR6 register if guest debug state is active, otherwise we'll
9227 trash it when calling CPUMR0DebugStateMaybeSaveGuestAndRestoreHost. */
9228 if (iDrReg == 6 && CPUMIsGuestDebugStateActive(pVCpu))
9229 ASMSetDR6(pVCpu->cpum.GstCtx.dr[6]);
9230 Log4Func(("r%d=%#RX64 => dr%d=%#RX64\n", iGReg, pVCpu->cpum.GstCtx.aGRegs[iGReg].u,
9231 iDrReg, pVCpu->cpum.GstCtx.dr[iDrReg]));
9232 }
9233 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9234 {
9235 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9236 rcStrict = VINF_SUCCESS;
9237 }
9238
9239 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitDRxWrite);
9240 }
9241 else
9242 {
9243 /*
9244 * Read DRx register into a general purpose register.
9245 */
9246 rcStrict = IEMExecDecodedMovDRxRead(pVCpu, pVmxTransient->cbExitInstr, iGReg, iDrReg);
9247 AssertMsg( rcStrict == VINF_SUCCESS
9248 || rcStrict == VINF_IEM_RAISED_XCPT, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
9249
9250 if (rcStrict == VINF_SUCCESS)
9251 {
9252 if (iGReg == X86_GREG_xSP)
9253 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS
9254 | HM_CHANGED_GUEST_RSP);
9255 else
9256 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
9257 }
9258 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9259 {
9260 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9261 rcStrict = VINF_SUCCESS;
9262 }
9263
9264 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitDRxRead);
9265 }
9266
9267 return rcStrict;
9268}
9269
9270
9271/**
9272 * VM-exit handler for EPT misconfiguration (VMX_EXIT_EPT_MISCONFIG).
9273 * Conditional VM-exit.
9274 */
9275HMVMX_EXIT_DECL vmxHCExitEptMisconfig(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9276{
9277 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9278
9279#ifndef IN_NEM_DARWIN
9280 Assert(pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging);
9281
9282 vmxHCReadToTransient< HMVMX_READ_EXIT_INSTR_LEN
9283 | HMVMX_READ_EXIT_INTERRUPTION_INFO
9284 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
9285 | HMVMX_READ_IDT_VECTORING_INFO
9286 | HMVMX_READ_IDT_VECTORING_ERROR_CODE
9287 | HMVMX_READ_GUEST_PHYSICAL_ADDR>(pVCpu, pVmxTransient);
9288
9289 /*
9290 * If this VM-exit occurred while delivering an event through the guest IDT, handle it accordingly.
9291 */
9292 VBOXSTRICTRC rcStrict = vmxHCCheckExitDueToEventDelivery(pVCpu, pVmxTransient);
9293 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9294 {
9295 /*
9296 * In the unlikely case where delivering an event causes an EPT misconfig (MMIO), go back to
9297 * instruction emulation to inject the original event. Otherwise, injecting the original event
9298 * using hardware-assisted VMX would trigger the same EPT misconfig VM-exit again.
9299 */
9300 if (!VCPU_2_VMXSTATE(pVCpu).Event.fPending)
9301 { /* likely */ }
9302 else
9303 {
9304 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectInterpret);
9305# ifdef VBOX_WITH_NESTED_HWVIRT_VMX
9306 /** @todo NSTVMX: Think about how this should be handled. */
9307 if (pVmxTransient->fIsNestedGuest)
9308 return VERR_VMX_IPE_3;
9309# endif
9310 return VINF_EM_RAW_INJECT_TRPM_EVENT;
9311 }
9312 }
9313 else
9314 {
9315 Assert(rcStrict != VINF_HM_DOUBLE_FAULT);
9316 return rcStrict;
9317 }
9318
9319 /*
9320 * Get sufficient state and update the exit history entry.
9321 */
9322 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
9323 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
9324 AssertRCReturn(rc, rc);
9325
9326 RTGCPHYS const GCPhys = pVmxTransient->uGuestPhysicalAddr;
9327 PCEMEXITREC pExitRec = EMHistoryUpdateFlagsAndTypeAndPC(pVCpu,
9328 EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM | EMEXIT_F_HM, EMEXITTYPE_MMIO),
9329 pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base);
9330 if (!pExitRec)
9331 {
9332 /*
9333 * If we succeed, resume guest execution.
9334 * If we fail in interpreting the instruction because we couldn't get the guest physical address
9335 * of the page containing the instruction via the guest's page tables (we would invalidate the guest page
9336 * in the host TLB), resume execution which would cause a guest page fault to let the guest handle this
9337 * weird case. See @bugref{6043}.
9338 */
9339 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
9340/** @todo bird: We can probably just go straight to IOM here and assume that
9341 * it's MMIO, then fall back on PGM if that hunch didn't work out so
9342 * well. However, we need to address that aliasing workarounds that
9343 * PGMR0Trap0eHandlerNPMisconfig implements. So, some care is needed.
9344 *
9345 * Might also be interesting to see if we can get this done more or
9346 * less locklessly inside IOM. Need to consider the lookup table
9347 * updating and use a bit more carefully first (or do all updates via
9348 * rendezvous) */
9349 rcStrict = PGMR0Trap0eHandlerNPMisconfig(pVM, pVCpu, PGMMODE_EPT, &pVCpu->cpum.GstCtx, GCPhys, UINT32_MAX);
9350 Log4Func(("At %#RGp RIP=%#RX64 rc=%Rrc\n", GCPhys, pVCpu->cpum.GstCtx.rip, VBOXSTRICTRC_VAL(rcStrict)));
9351 if ( rcStrict == VINF_SUCCESS
9352 || rcStrict == VERR_PAGE_TABLE_NOT_PRESENT
9353 || rcStrict == VERR_PAGE_NOT_PRESENT)
9354 {
9355 /* Successfully handled MMIO operation. */
9356 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RSP | HM_CHANGED_GUEST_RFLAGS
9357 | HM_CHANGED_GUEST_APIC_TPR);
9358 rcStrict = VINF_SUCCESS;
9359 }
9360 }
9361 else
9362 {
9363 /*
9364 * Frequent exit or something needing probing. Call EMHistoryExec.
9365 */
9366 Log4(("EptMisscfgExit/%u: %04x:%08RX64: %RGp -> EMHistoryExec\n",
9367 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, GCPhys));
9368
9369 rcStrict = EMHistoryExec(pVCpu, pExitRec, 0);
9370 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
9371
9372 Log4(("EptMisscfgExit/%u: %04x:%08RX64: EMHistoryExec -> %Rrc + %04x:%08RX64\n",
9373 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
9374 VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
9375 }
9376 return rcStrict;
9377#else
9378 AssertFailed();
9379 return VERR_VMX_IPE_3; /* Should never happen with Apple HV in R3. */
9380#endif
9381}
9382
9383
9384/**
9385 * VM-exit handler for EPT violation (VMX_EXIT_EPT_VIOLATION). Conditional
9386 * VM-exit.
9387 */
9388HMVMX_EXIT_DECL vmxHCExitEptViolation(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9389{
9390 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9391#ifndef IN_NEM_DARWIN
9392 Assert(pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging);
9393
9394 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9395 | HMVMX_READ_EXIT_INSTR_LEN
9396 | HMVMX_READ_EXIT_INTERRUPTION_INFO
9397 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
9398 | HMVMX_READ_IDT_VECTORING_INFO
9399 | HMVMX_READ_IDT_VECTORING_ERROR_CODE
9400 | HMVMX_READ_GUEST_PHYSICAL_ADDR>(pVCpu, pVmxTransient);
9401
9402 /*
9403 * If this VM-exit occurred while delivering an event through the guest IDT, handle it accordingly.
9404 */
9405 VBOXSTRICTRC rcStrict = vmxHCCheckExitDueToEventDelivery(pVCpu, pVmxTransient);
9406 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9407 {
9408 /*
9409 * If delivery of an event causes an EPT violation (true nested #PF and not MMIO),
9410 * we shall resolve the nested #PF and re-inject the original event.
9411 */
9412 if (VCPU_2_VMXSTATE(pVCpu).Event.fPending)
9413 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatInjectReflectNPF);
9414 }
9415 else
9416 {
9417 Assert(rcStrict != VINF_HM_DOUBLE_FAULT);
9418 return rcStrict;
9419 }
9420
9421 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
9422 int rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmcsInfo, __FUNCTION__);
9423 AssertRCReturn(rc, rc);
9424
9425 RTGCPHYS const GCPhys = pVmxTransient->uGuestPhysicalAddr;
9426 uint64_t const uExitQual = pVmxTransient->uExitQual;
9427 AssertMsg(((pVmxTransient->uExitQual >> 7) & 3) != 2, ("%#RX64", uExitQual));
9428
9429 RTGCUINT uErrorCode = 0;
9430 if (uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_INSTR_FETCH)
9431 uErrorCode |= X86_TRAP_PF_ID;
9432 if (uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_WRITE)
9433 uErrorCode |= X86_TRAP_PF_RW;
9434 if (uExitQual & (VMX_EXIT_QUAL_EPT_ENTRY_READ | VMX_EXIT_QUAL_EPT_ENTRY_WRITE | VMX_EXIT_QUAL_EPT_ENTRY_EXECUTE))
9435 uErrorCode |= X86_TRAP_PF_P;
9436
9437 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
9438 Log4Func(("at %#RX64 (%#RX64 errcode=%#x) cs:rip=%#04x:%08RX64\n", GCPhys, uExitQual, uErrorCode, pCtx->cs.Sel, pCtx->rip));
9439
9440 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
9441
9442 /*
9443 * Handle the pagefault trap for the nested shadow table.
9444 */
9445 TRPMAssertXcptPF(pVCpu, GCPhys, uErrorCode);
9446 rcStrict = PGMR0Trap0eHandlerNestedPaging(pVM, pVCpu, PGMMODE_EPT, uErrorCode, pCtx, GCPhys);
9447 TRPMResetTrap(pVCpu);
9448
9449 /* Same case as PGMR0Trap0eHandlerNPMisconfig(). See comment above, @bugref{6043}. */
9450 if ( rcStrict == VINF_SUCCESS
9451 || rcStrict == VERR_PAGE_TABLE_NOT_PRESENT
9452 || rcStrict == VERR_PAGE_NOT_PRESENT)
9453 {
9454 /* Successfully synced our nested page tables. */
9455 STAM_COUNTER_INC(&VCPU_2_VMXSTATS(pVCpu).StatExitReasonNpf);
9456 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RSP | HM_CHANGED_GUEST_RFLAGS);
9457 return VINF_SUCCESS;
9458 }
9459 Log4Func(("EPT return to ring-3 rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
9460 return rcStrict;
9461
9462#else /* IN_NEM_DARWIN */
9463 PVM pVM = pVCpu->CTX_SUFF(pVM);
9464 uint64_t const uHostTsc = ASMReadTSC(); RT_NOREF(uHostTsc);
9465 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9466 | HMVMX_READ_GUEST_PHYSICAL_ADDR>(pVCpu, pVmxTransient);
9467 vmxHCImportGuestRip(pVCpu);
9468 vmxHCImportGuestSegReg<X86_SREG_CS>(pVCpu);
9469
9470 /*
9471 * Ask PGM for information about the given GCPhys. We need to check if we're
9472 * out of sync first.
9473 */
9474 NEMHCDARWINHMACPCCSTATE State = { RT_BOOL(pVmxTransient->uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_WRITE),
9475 false,
9476 false };
9477 PGMPHYSNEMPAGEINFO Info;
9478 int rc = PGMPhysNemPageInfoChecker(pVM, pVCpu, pVmxTransient->uGuestPhysicalAddr, State.fWriteAccess, &Info,
9479 nemR3DarwinHandleMemoryAccessPageCheckerCallback, &State);
9480 if (RT_SUCCESS(rc))
9481 {
9482 if (Info.fNemProt & ( RT_BOOL(pVmxTransient->uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_WRITE)
9483 ? NEM_PAGE_PROT_WRITE : NEM_PAGE_PROT_READ))
9484 {
9485 if (State.fCanResume)
9486 {
9487 Log4(("MemExit/%u: %04x:%08RX64: %RGp (=>%RHp) %s fProt=%u%s%s%s; restarting\n",
9488 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
9489 pVmxTransient->uGuestPhysicalAddr, Info.HCPhys, g_apszPageStates[Info.u2NemState], Info.fNemProt,
9490 Info.fHasHandlers ? " handlers" : "", Info.fZeroPage ? " zero-pg" : "",
9491 State.fDidSomething ? "" : " no-change"));
9492 EMHistoryAddExit(pVCpu, EMEXIT_MAKE_FT(EMEXIT_F_KIND_NEM, NEMEXITTYPE_MEMORY_ACCESS),
9493 pVCpu->cpum.GstCtx.cs.u64Base + pVCpu->cpum.GstCtx.rip, uHostTsc);
9494 return VINF_SUCCESS;
9495 }
9496 }
9497
9498 Log4(("MemExit/%u: %04x:%08RX64: %RGp (=>%RHp) %s fProt=%u%s%s%s; emulating\n",
9499 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
9500 pVmxTransient->uGuestPhysicalAddr, Info.HCPhys, g_apszPageStates[Info.u2NemState], Info.fNemProt,
9501 Info.fHasHandlers ? " handlers" : "", Info.fZeroPage ? " zero-pg" : "",
9502 State.fDidSomething ? "" : " no-change"));
9503 }
9504 else
9505 Log4(("MemExit/%u: %04x:%08RX64: %RGp rc=%Rrc%s; emulating\n",
9506 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
9507 pVmxTransient->uGuestPhysicalAddr, rc, State.fDidSomething ? " modified-backing" : ""));
9508
9509 /*
9510 * Emulate the memory access, either access handler or special memory.
9511 */
9512 PCEMEXITREC pExitRec = EMHistoryAddExit(pVCpu,
9513 RT_BOOL(pVmxTransient->uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_WRITE)
9514 ? EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM, EMEXITTYPE_MMIO_WRITE)
9515 : EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM, EMEXITTYPE_MMIO_READ),
9516 pVCpu->cpum.GstCtx.cs.u64Base + pVCpu->cpum.GstCtx.rip, uHostTsc);
9517
9518 rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9519 AssertRCReturn(rc, rc);
9520
9521 VBOXSTRICTRC rcStrict;
9522 if (!pExitRec)
9523 rcStrict = IEMExecOne(pVCpu);
9524 else
9525 {
9526 /* Frequent access or probing. */
9527 rcStrict = EMHistoryExec(pVCpu, pExitRec, 0);
9528 Log4(("MemExit/%u: %04x:%08RX64: EMHistoryExec -> %Rrc + %04x:%08RX64\n",
9529 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
9530 VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
9531 }
9532
9533 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
9534
9535 Log4Func(("EPT return rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
9536 return rcStrict;
9537#endif /* IN_NEM_DARWIN */
9538}
9539
9540#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
9541
9542/**
9543 * VM-exit handler for VMCLEAR (VMX_EXIT_VMCLEAR). Unconditional VM-exit.
9544 */
9545HMVMX_EXIT_DECL vmxHCExitVmclear(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9546{
9547 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9548
9549 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9550 | HMVMX_READ_EXIT_INSTR_INFO
9551 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9552 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9553 | CPUMCTX_EXTRN_SREG_MASK
9554 | CPUMCTX_EXTRN_HWVIRT
9555 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9556 AssertRCReturn(rc, rc);
9557
9558 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9559
9560 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9561 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_READ, &ExitInfo.GCPtrEffAddr);
9562
9563 VBOXSTRICTRC rcStrict = IEMExecDecodedVmclear(pVCpu, &ExitInfo);
9564 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9565 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_HWVIRT);
9566 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9567 {
9568 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9569 rcStrict = VINF_SUCCESS;
9570 }
9571 return rcStrict;
9572}
9573
9574
9575/**
9576 * VM-exit handler for VMLAUNCH (VMX_EXIT_VMLAUNCH). Unconditional VM-exit.
9577 */
9578HMVMX_EXIT_DECL vmxHCExitVmlaunch(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9579{
9580 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9581
9582 /* Import the entire VMCS state for now as we would be switching VMCS on successful VMLAUNCH,
9583 otherwise we could import just IEM_CPUMCTX_EXTRN_VMX_VMENTRY_MASK. */
9584 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9585 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9586 AssertRCReturn(rc, rc);
9587
9588 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9589
9590 STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatExitVmentry, z);
9591 VBOXSTRICTRC rcStrict = IEMExecDecodedVmlaunchVmresume(pVCpu, pVmxTransient->cbExitInstr, VMXINSTRID_VMLAUNCH);
9592 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatExitVmentry, z);
9593 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9594 {
9595 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
9596 if (CPUMIsGuestInVmxNonRootMode(&pVCpu->cpum.GstCtx))
9597 rcStrict = VINF_VMX_VMLAUNCH_VMRESUME;
9598 }
9599 Assert(rcStrict != VINF_IEM_RAISED_XCPT);
9600 return rcStrict;
9601}
9602
9603
9604/**
9605 * VM-exit handler for VMPTRLD (VMX_EXIT_VMPTRLD). Unconditional VM-exit.
9606 */
9607HMVMX_EXIT_DECL vmxHCExitVmptrld(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9608{
9609 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9610
9611 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9612 | HMVMX_READ_EXIT_INSTR_INFO
9613 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9614 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9615 | CPUMCTX_EXTRN_SREG_MASK
9616 | CPUMCTX_EXTRN_HWVIRT
9617 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9618 AssertRCReturn(rc, rc);
9619
9620 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9621
9622 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9623 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_READ, &ExitInfo.GCPtrEffAddr);
9624
9625 VBOXSTRICTRC rcStrict = IEMExecDecodedVmptrld(pVCpu, &ExitInfo);
9626 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9627 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_HWVIRT);
9628 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9629 {
9630 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9631 rcStrict = VINF_SUCCESS;
9632 }
9633 return rcStrict;
9634}
9635
9636
9637/**
9638 * VM-exit handler for VMPTRST (VMX_EXIT_VMPTRST). Unconditional VM-exit.
9639 */
9640HMVMX_EXIT_DECL vmxHCExitVmptrst(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9641{
9642 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9643
9644 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9645 | HMVMX_READ_EXIT_INSTR_INFO
9646 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9647 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9648 | CPUMCTX_EXTRN_SREG_MASK
9649 | CPUMCTX_EXTRN_HWVIRT
9650 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9651 AssertRCReturn(rc, rc);
9652
9653 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9654
9655 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9656 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_WRITE, &ExitInfo.GCPtrEffAddr);
9657
9658 VBOXSTRICTRC rcStrict = IEMExecDecodedVmptrst(pVCpu, &ExitInfo);
9659 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9660 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
9661 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9662 {
9663 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9664 rcStrict = VINF_SUCCESS;
9665 }
9666 return rcStrict;
9667}
9668
9669
9670/**
9671 * VM-exit handler for VMREAD (VMX_EXIT_VMREAD). Conditional VM-exit.
9672 */
9673HMVMX_EXIT_DECL vmxHCExitVmread(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9674{
9675 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9676
9677 /*
9678 * Strictly speaking we should not get VMREAD VM-exits for shadow VMCS fields and
9679 * thus might not need to import the shadow VMCS state, it's safer just in case
9680 * code elsewhere dares look at unsynced VMCS fields.
9681 */
9682 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9683 | HMVMX_READ_EXIT_INSTR_INFO
9684 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9685 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9686 | CPUMCTX_EXTRN_SREG_MASK
9687 | CPUMCTX_EXTRN_HWVIRT
9688 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9689 AssertRCReturn(rc, rc);
9690
9691 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9692
9693 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9694 if (!ExitInfo.InstrInfo.VmreadVmwrite.fIsRegOperand)
9695 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_WRITE, &ExitInfo.GCPtrEffAddr);
9696
9697 VBOXSTRICTRC rcStrict = IEMExecDecodedVmread(pVCpu, &ExitInfo);
9698 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9699 {
9700 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
9701
9702# if 0 //ndef IN_NEM_DARWIN /** @todo this needs serious tuning still, slows down things enormously. */
9703 /* Try for exit optimization. This is on the following instruction
9704 because it would be a waste of time to have to reinterpret the
9705 already decoded vmwrite instruction. */
9706 PCEMEXITREC pExitRec = EMHistoryUpdateFlagsAndType(pVCpu, EMEXIT_MAKE_FT(EMEXIT_F_KIND_EM, EMEXITTYPE_VMREAD));
9707 if (pExitRec)
9708 {
9709 /* Frequent access or probing. */
9710 rc = vmxHCImportGuestState(pVCpu, pVmxTransient->pVmcsInfo, HMVMX_CPUMCTX_EXTRN_ALL);
9711 AssertRCReturn(rc, rc);
9712
9713 rcStrict = EMHistoryExec(pVCpu, pExitRec, 0);
9714 Log4(("vmread/%u: %04x:%08RX64: EMHistoryExec -> %Rrc + %04x:%08RX64\n",
9715 pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
9716 VBOXSTRICTRC_VAL(rcStrict), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
9717 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
9718 }
9719# endif
9720 }
9721 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9722 {
9723 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9724 rcStrict = VINF_SUCCESS;
9725 }
9726 return rcStrict;
9727}
9728
9729
9730/**
9731 * VM-exit handler for VMRESUME (VMX_EXIT_VMRESUME). Unconditional VM-exit.
9732 */
9733HMVMX_EXIT_DECL vmxHCExitVmresume(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9734{
9735 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9736
9737 /* Import the entire VMCS state for now as we would be switching VMCS on successful VMRESUME,
9738 otherwise we could import just IEM_CPUMCTX_EXTRN_VMX_VMENTRY_MASK. */
9739 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9740 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9741 AssertRCReturn(rc, rc);
9742
9743 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9744
9745 STAM_PROFILE_ADV_START(&VCPU_2_VMXSTATS(pVCpu).StatExitVmentry, z);
9746 VBOXSTRICTRC rcStrict = IEMExecDecodedVmlaunchVmresume(pVCpu, pVmxTransient->cbExitInstr, VMXINSTRID_VMRESUME);
9747 STAM_PROFILE_ADV_STOP(&VCPU_2_VMXSTATS(pVCpu).StatExitVmentry, z);
9748 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9749 {
9750 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
9751 if (CPUMIsGuestInVmxNonRootMode(&pVCpu->cpum.GstCtx))
9752 rcStrict = VINF_VMX_VMLAUNCH_VMRESUME;
9753 }
9754 Assert(rcStrict != VINF_IEM_RAISED_XCPT);
9755 return rcStrict;
9756}
9757
9758
9759/**
9760 * VM-exit handler for VMWRITE (VMX_EXIT_VMWRITE). Conditional VM-exit.
9761 */
9762HMVMX_EXIT_DECL vmxHCExitVmwrite(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9763{
9764 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9765
9766 /*
9767 * Although we should not get VMWRITE VM-exits for shadow VMCS fields, since our HM hook
9768 * gets invoked when IEM's VMWRITE instruction emulation modifies the current VMCS and it
9769 * flags re-loading the entire shadow VMCS, we should save the entire shadow VMCS here.
9770 */
9771 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9772 | HMVMX_READ_EXIT_INSTR_INFO
9773 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9774 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9775 | CPUMCTX_EXTRN_SREG_MASK
9776 | CPUMCTX_EXTRN_HWVIRT
9777 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9778 AssertRCReturn(rc, rc);
9779
9780 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9781
9782 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9783 if (!ExitInfo.InstrInfo.VmreadVmwrite.fIsRegOperand)
9784 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_READ, &ExitInfo.GCPtrEffAddr);
9785
9786 VBOXSTRICTRC rcStrict = IEMExecDecodedVmwrite(pVCpu, &ExitInfo);
9787 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9788 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_HWVIRT);
9789 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9790 {
9791 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9792 rcStrict = VINF_SUCCESS;
9793 }
9794 return rcStrict;
9795}
9796
9797
9798/**
9799 * VM-exit handler for VMXOFF (VMX_EXIT_VMXOFF). Unconditional VM-exit.
9800 */
9801HMVMX_EXIT_DECL vmxHCExitVmxoff(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9802{
9803 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9804
9805 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9806 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_CR4
9807 | CPUMCTX_EXTRN_HWVIRT
9808 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9809 AssertRCReturn(rc, rc);
9810
9811 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9812
9813 VBOXSTRICTRC rcStrict = IEMExecDecodedVmxoff(pVCpu, pVmxTransient->cbExitInstr);
9814 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9815 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_HWVIRT);
9816 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9817 {
9818 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9819 rcStrict = VINF_SUCCESS;
9820 }
9821 return rcStrict;
9822}
9823
9824
9825/**
9826 * VM-exit handler for VMXON (VMX_EXIT_VMXON). Unconditional VM-exit.
9827 */
9828HMVMX_EXIT_DECL vmxHCExitVmxon(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9829{
9830 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9831
9832 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9833 | HMVMX_READ_EXIT_INSTR_INFO
9834 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9835 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9836 | CPUMCTX_EXTRN_SREG_MASK
9837 | CPUMCTX_EXTRN_HWVIRT
9838 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9839 AssertRCReturn(rc, rc);
9840
9841 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9842
9843 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9844 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_READ, &ExitInfo.GCPtrEffAddr);
9845
9846 VBOXSTRICTRC rcStrict = IEMExecDecodedVmxon(pVCpu, &ExitInfo);
9847 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9848 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS | HM_CHANGED_GUEST_HWVIRT);
9849 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9850 {
9851 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9852 rcStrict = VINF_SUCCESS;
9853 }
9854 return rcStrict;
9855}
9856
9857
9858/**
9859 * VM-exit handler for INVVPID (VMX_EXIT_INVVPID). Unconditional VM-exit.
9860 */
9861HMVMX_EXIT_DECL vmxHCExitInvvpid(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9862{
9863 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9864
9865 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9866 | HMVMX_READ_EXIT_INSTR_INFO
9867 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9868 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9869 | CPUMCTX_EXTRN_SREG_MASK
9870 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9871 AssertRCReturn(rc, rc);
9872
9873 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9874
9875 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9876 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_READ, &ExitInfo.GCPtrEffAddr);
9877
9878 VBOXSTRICTRC rcStrict = IEMExecDecodedInvvpid(pVCpu, &ExitInfo);
9879 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9880 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
9881 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9882 {
9883 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9884 rcStrict = VINF_SUCCESS;
9885 }
9886 return rcStrict;
9887}
9888
9889
9890# ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
9891/**
9892 * VM-exit handler for INVEPT (VMX_EXIT_INVEPT). Unconditional VM-exit.
9893 */
9894HMVMX_EXIT_DECL vmxHCExitInvept(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9895{
9896 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9897
9898 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
9899 | HMVMX_READ_EXIT_INSTR_INFO
9900 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
9901 int rc = vmxHCImportGuestState< CPUMCTX_EXTRN_RSP
9902 | CPUMCTX_EXTRN_SREG_MASK
9903 | IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
9904 AssertRCReturn(rc, rc);
9905
9906 HMVMX_CHECK_EXIT_DUE_TO_VMX_INSTR(pVCpu, pVmxTransient->uExitReason);
9907
9908 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
9909 HMVMX_DECODE_MEM_OPERAND(pVCpu, ExitInfo.InstrInfo.u, ExitInfo.u64Qual, VMXMEMACCESS_READ, &ExitInfo.GCPtrEffAddr);
9910
9911 VBOXSTRICTRC rcStrict = IEMExecDecodedInvept(pVCpu, &ExitInfo);
9912 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
9913 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_RIP | HM_CHANGED_GUEST_RFLAGS);
9914 else if (rcStrict == VINF_IEM_RAISED_XCPT)
9915 {
9916 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
9917 rcStrict = VINF_SUCCESS;
9918 }
9919 return rcStrict;
9920}
9921# endif /* VBOX_WITH_NESTED_HWVIRT_VMX_EPT */
9922#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
9923/** @} */
9924
9925
9926#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
9927/** @name Nested-guest VM-exit handlers.
9928 * @{
9929 */
9930/* -=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
9931/* -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nested-guest VM-exit handlers -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
9932/* -=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
9933
9934/**
9935 * Nested-guest VM-exit handler for exceptions or NMIs (VMX_EXIT_XCPT_OR_NMI).
9936 * Conditional VM-exit.
9937 */
9938HMVMX_EXIT_DECL vmxHCExitXcptOrNmiNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
9939{
9940 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
9941
9942 vmxHCReadToTransient<HMVMX_READ_EXIT_INTERRUPTION_INFO>(pVCpu, pVmxTransient);
9943
9944 uint64_t const uExitIntInfo = pVmxTransient->uExitIntInfo;
9945 uint32_t const uExitIntType = VMX_EXIT_INT_INFO_TYPE(uExitIntInfo);
9946 Assert(VMX_EXIT_INT_INFO_IS_VALID(uExitIntInfo));
9947
9948 switch (uExitIntType)
9949 {
9950# ifndef IN_NEM_DARWIN
9951 /*
9952 * Physical NMIs:
9953 * We shouldn't direct host physical NMIs to the nested-guest. Dispatch it to the host.
9954 */
9955 case VMX_EXIT_INT_INFO_TYPE_NMI:
9956 return hmR0VmxExitHostNmi(pVCpu, pVmxTransient->pVmcsInfo);
9957# endif
9958
9959 /*
9960 * Hardware exceptions,
9961 * Software exceptions,
9962 * Privileged software exceptions:
9963 * Figure out if the exception must be delivered to the guest or the nested-guest.
9964 */
9965 case VMX_EXIT_INT_INFO_TYPE_SW_XCPT:
9966 case VMX_EXIT_INT_INFO_TYPE_PRIV_SW_XCPT:
9967 case VMX_EXIT_INT_INFO_TYPE_HW_XCPT:
9968 {
9969 vmxHCReadToTransient< HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
9970 | HMVMX_READ_EXIT_INSTR_LEN
9971 | HMVMX_READ_IDT_VECTORING_INFO
9972 | HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
9973
9974 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
9975 if (CPUMIsGuestVmxXcptInterceptSet(pCtx, VMX_EXIT_INT_INFO_VECTOR(uExitIntInfo), pVmxTransient->uExitIntErrorCode))
9976 {
9977 /* Exit qualification is required for debug and page-fault exceptions. */
9978 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
9979
9980 /*
9981 * For VM-exits due to software exceptions (those generated by INT3 or INTO) and privileged
9982 * software exceptions (those generated by INT1/ICEBP) we need to supply the VM-exit instruction
9983 * length. However, if delivery of a software interrupt, software exception or privileged
9984 * software exception causes a VM-exit, that too provides the VM-exit instruction length.
9985 */
9986 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
9987 VMXVEXITEVENTINFO const ExitEventInfo = VMXVEXITEVENTINFO_INIT(pVmxTransient->uExitIntInfo,
9988 pVmxTransient->uExitIntErrorCode,
9989 pVmxTransient->uIdtVectoringInfo,
9990 pVmxTransient->uIdtVectoringErrorCode);
9991#ifdef DEBUG_ramshankar
9992 vmxHCImportGuestStateEx(pVCpu, pVmxTransient->pVmcsInfo, HMVMX_CPUMCTX_EXTRN_ALL);
9993 Log4Func(("exit_int_info=%#RX32 err_code=%#RX32 exit_qual=%#RX64\n",
9994 pVmxTransient->uExitIntInfo, pVmxTransient->uExitIntErrorCode, pVmxTransient->uExitQual));
9995 if (VMX_IDT_VECTORING_INFO_IS_VALID(pVmxTransient->uIdtVectoringInfo))
9996 Log4Func(("idt_info=%#RX32 idt_errcode=%#RX32 cr2=%#RX64\n",
9997 pVmxTransient->uIdtVectoringInfo, pVmxTransient->uIdtVectoringErrorCode, pCtx->cr2));
9998#endif
9999 return IEMExecVmxVmexitXcpt(pVCpu, &ExitInfo, &ExitEventInfo);
10000 }
10001
10002 /* Nested paging is currently a requirement, otherwise we would need to handle shadow #PFs in vmxHCExitXcptPF. */
10003 Assert(pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging);
10004 return vmxHCExitXcpt(pVCpu, pVmxTransient);
10005 }
10006
10007 /*
10008 * Software interrupts:
10009 * VM-exits cannot be caused by software interrupts.
10010 *
10011 * External interrupts:
10012 * This should only happen when "acknowledge external interrupts on VM-exit"
10013 * control is set. However, we never set this when executing a guest or
10014 * nested-guest. For nested-guests it is emulated while injecting interrupts into
10015 * the guest.
10016 */
10017 case VMX_EXIT_INT_INFO_TYPE_SW_INT:
10018 case VMX_EXIT_INT_INFO_TYPE_EXT_INT:
10019 default:
10020 {
10021 VCPU_2_VMXSTATE(pVCpu).u32HMError = pVmxTransient->uExitIntInfo;
10022 return VERR_VMX_UNEXPECTED_INTERRUPTION_EXIT_TYPE;
10023 }
10024 }
10025}
10026
10027
10028/**
10029 * Nested-guest VM-exit handler for triple faults (VMX_EXIT_TRIPLE_FAULT).
10030 * Unconditional VM-exit.
10031 */
10032HMVMX_EXIT_DECL vmxHCExitTripleFaultNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10033{
10034 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10035 return IEMExecVmxVmexitTripleFault(pVCpu);
10036}
10037
10038
10039/**
10040 * Nested-guest VM-exit handler for interrupt-window exiting (VMX_EXIT_INT_WINDOW).
10041 */
10042HMVMX_EXIT_NSRC_DECL vmxHCExitIntWindowNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10043{
10044 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10045
10046 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_INT_WINDOW_EXIT))
10047 return IEMExecVmxVmexit(pVCpu, pVmxTransient->uExitReason, 0 /* uExitQual */);
10048 return vmxHCExitIntWindow(pVCpu, pVmxTransient);
10049}
10050
10051
10052/**
10053 * Nested-guest VM-exit handler for NMI-window exiting (VMX_EXIT_NMI_WINDOW).
10054 */
10055HMVMX_EXIT_NSRC_DECL vmxHCExitNmiWindowNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10056{
10057 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10058
10059 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_NMI_WINDOW_EXIT))
10060 return IEMExecVmxVmexit(pVCpu, pVmxTransient->uExitReason, 0 /* uExitQual */);
10061 return vmxHCExitIntWindow(pVCpu, pVmxTransient);
10062}
10063
10064
10065/**
10066 * Nested-guest VM-exit handler for task switches (VMX_EXIT_TASK_SWITCH).
10067 * Unconditional VM-exit.
10068 */
10069HMVMX_EXIT_DECL vmxHCExitTaskSwitchNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10070{
10071 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10072
10073 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10074 | HMVMX_READ_EXIT_INSTR_LEN
10075 | HMVMX_READ_IDT_VECTORING_INFO
10076 | HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
10077
10078 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10079 VMXVEXITEVENTINFO const ExitEventInfo = VMXVEXITEVENTINFO_INIT_ONLY_IDT(pVmxTransient->uIdtVectoringInfo,
10080 pVmxTransient->uIdtVectoringErrorCode);
10081 return IEMExecVmxVmexitTaskSwitch(pVCpu, &ExitInfo, &ExitEventInfo);
10082}
10083
10084
10085/**
10086 * Nested-guest VM-exit handler for HLT (VMX_EXIT_HLT). Conditional VM-exit.
10087 */
10088HMVMX_EXIT_DECL vmxHCExitHltNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10089{
10090 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10091
10092 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_HLT_EXIT))
10093 {
10094 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10095 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10096 }
10097 return vmxHCExitHlt(pVCpu, pVmxTransient);
10098}
10099
10100
10101/**
10102 * Nested-guest VM-exit handler for INVLPG (VMX_EXIT_INVLPG). Conditional VM-exit.
10103 */
10104HMVMX_EXIT_DECL vmxHCExitInvlpgNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10105{
10106 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10107
10108 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_INVLPG_EXIT))
10109 {
10110 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10111 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10112 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10113 return IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10114 }
10115 return vmxHCExitInvlpg(pVCpu, pVmxTransient);
10116}
10117
10118
10119/**
10120 * Nested-guest VM-exit handler for RDPMC (VMX_EXIT_RDPMC). Conditional VM-exit.
10121 */
10122HMVMX_EXIT_DECL vmxHCExitRdpmcNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10123{
10124 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10125
10126 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_RDPMC_EXIT))
10127 {
10128 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10129 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10130 }
10131 return vmxHCExitRdpmc(pVCpu, pVmxTransient);
10132}
10133
10134
10135/**
10136 * Nested-guest VM-exit handler for VMREAD (VMX_EXIT_VMREAD) and VMWRITE
10137 * (VMX_EXIT_VMWRITE). Conditional VM-exit.
10138 */
10139HMVMX_EXIT_DECL vmxHCExitVmreadVmwriteNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10140{
10141 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10142
10143 Assert( pVmxTransient->uExitReason == VMX_EXIT_VMREAD
10144 || pVmxTransient->uExitReason == VMX_EXIT_VMWRITE);
10145
10146 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_INFO>(pVCpu, pVmxTransient);
10147
10148 uint8_t const iGReg = pVmxTransient->ExitInstrInfo.VmreadVmwrite.iReg2;
10149 Assert(iGReg < RT_ELEMENTS(pVCpu->cpum.GstCtx.aGRegs));
10150 uint64_t u64VmcsField = pVCpu->cpum.GstCtx.aGRegs[iGReg].u64;
10151
10152 HMVMX_CPUMCTX_ASSERT(pVCpu, CPUMCTX_EXTRN_EFER);
10153 if (!CPUMIsGuestInLongModeEx(&pVCpu->cpum.GstCtx))
10154 u64VmcsField &= UINT64_C(0xffffffff);
10155
10156 if (CPUMIsGuestVmxVmreadVmwriteInterceptSet(pVCpu, pVmxTransient->uExitReason, u64VmcsField))
10157 {
10158 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10159 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10160 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
10161 return IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10162 }
10163
10164 if (pVmxTransient->uExitReason == VMX_EXIT_VMREAD)
10165 return vmxHCExitVmread(pVCpu, pVmxTransient);
10166 return vmxHCExitVmwrite(pVCpu, pVmxTransient);
10167}
10168
10169
10170/**
10171 * Nested-guest VM-exit handler for RDTSC (VMX_EXIT_RDTSC). Conditional VM-exit.
10172 */
10173HMVMX_EXIT_DECL vmxHCExitRdtscNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10174{
10175 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10176
10177 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_RDTSC_EXIT))
10178 {
10179 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10180 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10181 }
10182
10183 return vmxHCExitRdtsc(pVCpu, pVmxTransient);
10184}
10185
10186
10187/**
10188 * Nested-guest VM-exit handler for control-register accesses (VMX_EXIT_MOV_CRX).
10189 * Conditional VM-exit.
10190 */
10191HMVMX_EXIT_DECL vmxHCExitMovCRxNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10192{
10193 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10194
10195 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10196 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10197
10198 VBOXSTRICTRC rcStrict;
10199 uint32_t const uAccessType = VMX_EXIT_QUAL_CRX_ACCESS(pVmxTransient->uExitQual);
10200 switch (uAccessType)
10201 {
10202 case VMX_EXIT_QUAL_CRX_ACCESS_WRITE:
10203 {
10204 uint8_t const iCrReg = VMX_EXIT_QUAL_CRX_REGISTER(pVmxTransient->uExitQual);
10205 uint8_t const iGReg = VMX_EXIT_QUAL_CRX_GENREG(pVmxTransient->uExitQual);
10206 Assert(iGReg < RT_ELEMENTS(pVCpu->cpum.GstCtx.aGRegs));
10207 uint64_t const uNewCrX = pVCpu->cpum.GstCtx.aGRegs[iGReg].u64;
10208
10209 bool fIntercept;
10210 switch (iCrReg)
10211 {
10212 case 0:
10213 case 4:
10214 fIntercept = CPUMIsGuestVmxMovToCr0Cr4InterceptSet(&pVCpu->cpum.GstCtx, iCrReg, uNewCrX);
10215 break;
10216
10217 case 3:
10218 fIntercept = CPUMIsGuestVmxMovToCr3InterceptSet(pVCpu, uNewCrX);
10219 break;
10220
10221 case 8:
10222 fIntercept = CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_CR8_LOAD_EXIT);
10223 break;
10224
10225 default:
10226 fIntercept = false;
10227 break;
10228 }
10229 if (fIntercept)
10230 {
10231 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10232 rcStrict = IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10233 }
10234 else
10235 {
10236 int const rc = vmxHCImportGuestState<IEM_CPUMCTX_EXTRN_MUST_MASK>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
10237 AssertRCReturn(rc, rc);
10238 rcStrict = vmxHCExitMovToCrX(pVCpu, pVmxTransient->cbExitInstr, iGReg, iCrReg);
10239 }
10240 break;
10241 }
10242
10243 case VMX_EXIT_QUAL_CRX_ACCESS_READ:
10244 {
10245 /*
10246 * CR0/CR4 reads do not cause VM-exits, the read-shadow is used (subject to masking).
10247 * CR2 reads do not cause a VM-exit.
10248 * CR3 reads cause a VM-exit depending on the "CR3 store exiting" control.
10249 * CR8 reads cause a VM-exit depending on the "CR8 store exiting" control.
10250 */
10251 uint8_t const iCrReg = VMX_EXIT_QUAL_CRX_REGISTER(pVmxTransient->uExitQual);
10252 if ( iCrReg == 3
10253 || iCrReg == 8)
10254 {
10255 static const uint32_t s_auCrXReadIntercepts[] = { 0, 0, 0, VMX_PROC_CTLS_CR3_STORE_EXIT, 0,
10256 0, 0, 0, VMX_PROC_CTLS_CR8_STORE_EXIT };
10257 uint32_t const uIntercept = s_auCrXReadIntercepts[iCrReg];
10258 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, uIntercept))
10259 {
10260 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10261 rcStrict = IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10262 }
10263 else
10264 {
10265 uint8_t const iGReg = VMX_EXIT_QUAL_CRX_GENREG(pVmxTransient->uExitQual);
10266 rcStrict = vmxHCExitMovFromCrX(pVCpu, pVmxTransient->pVmcsInfo, pVmxTransient->cbExitInstr, iGReg, iCrReg);
10267 }
10268 }
10269 else
10270 {
10271 AssertMsgFailed(("MOV from CR%d VM-exit must not happen\n", iCrReg));
10272 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, iCrReg);
10273 }
10274 break;
10275 }
10276
10277 case VMX_EXIT_QUAL_CRX_ACCESS_CLTS:
10278 {
10279 PCVMXVVMCS const pVmcsNstGst = &pVCpu->cpum.GstCtx.hwvirt.vmx.Vmcs;
10280 uint64_t const uGstHostMask = pVmcsNstGst->u64Cr0Mask.u;
10281 uint64_t const uReadShadow = pVmcsNstGst->u64Cr0ReadShadow.u;
10282 if ( (uGstHostMask & X86_CR0_TS)
10283 && (uReadShadow & X86_CR0_TS))
10284 {
10285 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10286 rcStrict = IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10287 }
10288 else
10289 rcStrict = vmxHCExitClts(pVCpu, pVmxTransient->pVmcsInfo, pVmxTransient->cbExitInstr);
10290 break;
10291 }
10292
10293 case VMX_EXIT_QUAL_CRX_ACCESS_LMSW: /* LMSW (Load Machine-Status Word into CR0) */
10294 {
10295 RTGCPTR GCPtrEffDst;
10296 uint16_t const uNewMsw = VMX_EXIT_QUAL_CRX_LMSW_DATA(pVmxTransient->uExitQual);
10297 bool const fMemOperand = VMX_EXIT_QUAL_CRX_LMSW_OP_MEM(pVmxTransient->uExitQual);
10298 if (fMemOperand)
10299 {
10300 vmxHCReadToTransient<HMVMX_READ_GUEST_LINEAR_ADDR>(pVCpu, pVmxTransient);
10301 GCPtrEffDst = pVmxTransient->uGuestLinearAddr;
10302 }
10303 else
10304 GCPtrEffDst = NIL_RTGCPTR;
10305
10306 if (CPUMIsGuestVmxLmswInterceptSet(&pVCpu->cpum.GstCtx, uNewMsw))
10307 {
10308 VMXVEXITINFO ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10309 ExitInfo.u64GuestLinearAddr = GCPtrEffDst;
10310 rcStrict = IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10311 }
10312 else
10313 rcStrict = vmxHCExitLmsw(pVCpu, pVmxTransient->pVmcsInfo, pVmxTransient->cbExitInstr, uNewMsw, GCPtrEffDst);
10314 break;
10315 }
10316
10317 default:
10318 {
10319 AssertMsgFailed(("Unrecognized Mov CRX access type %#x\n", uAccessType));
10320 HMVMX_UNEXPECTED_EXIT_RET(pVCpu, uAccessType);
10321 }
10322 }
10323
10324 if (rcStrict == VINF_IEM_RAISED_XCPT)
10325 {
10326 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
10327 rcStrict = VINF_SUCCESS;
10328 }
10329 return rcStrict;
10330}
10331
10332
10333/**
10334 * Nested-guest VM-exit handler for debug-register accesses (VMX_EXIT_MOV_DRX).
10335 * Conditional VM-exit.
10336 */
10337HMVMX_EXIT_DECL vmxHCExitMovDRxNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10338{
10339 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10340
10341 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_MOV_DR_EXIT))
10342 {
10343 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10344 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10345 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10346 return IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10347 }
10348 return vmxHCExitMovDRx(pVCpu, pVmxTransient);
10349}
10350
10351
10352/**
10353 * Nested-guest VM-exit handler for I/O instructions (VMX_EXIT_IO_INSTR).
10354 * Conditional VM-exit.
10355 */
10356HMVMX_EXIT_DECL vmxHCExitIoInstrNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10357{
10358 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10359
10360 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
10361
10362 uint32_t const uIOPort = VMX_EXIT_QUAL_IO_PORT(pVmxTransient->uExitQual);
10363 uint8_t const uIOSize = VMX_EXIT_QUAL_IO_SIZE(pVmxTransient->uExitQual);
10364 AssertReturn(uIOSize <= 3 && uIOSize != 2, VERR_VMX_IPE_1);
10365
10366 static uint32_t const s_aIOSizes[4] = { 1, 2, 0, 4 }; /* Size of the I/O accesses in bytes. */
10367 uint8_t const cbAccess = s_aIOSizes[uIOSize];
10368 if (CPUMIsGuestVmxIoInterceptSet(pVCpu, uIOPort, cbAccess))
10369 {
10370 /*
10371 * IN/OUT instruction:
10372 * - Provides VM-exit instruction length.
10373 *
10374 * INS/OUTS instruction:
10375 * - Provides VM-exit instruction length.
10376 * - Provides Guest-linear address.
10377 * - Optionally provides VM-exit instruction info (depends on CPU feature).
10378 */
10379 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
10380 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10381
10382 /* Make sure we don't use stale/uninitialized VMX-transient info. below. */
10383 pVmxTransient->ExitInstrInfo.u = 0;
10384 pVmxTransient->uGuestLinearAddr = 0;
10385
10386 bool const fVmxInsOutsInfo = pVM->cpum.ro.GuestFeatures.fVmxInsOutInfo;
10387 bool const fIOString = VMX_EXIT_QUAL_IO_IS_STRING(pVmxTransient->uExitQual);
10388 if (fIOString)
10389 {
10390 vmxHCReadToTransient<HMVMX_READ_GUEST_LINEAR_ADDR>(pVCpu, pVmxTransient);
10391 if (fVmxInsOutsInfo)
10392 {
10393 Assert(RT_BF_GET(g_HmMsrs.u.vmx.u64Basic, VMX_BF_BASIC_VMCS_INS_OUTS)); /* Paranoia. */
10394 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_INFO>(pVCpu, pVmxTransient);
10395 }
10396 }
10397
10398 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_AND_LIN_ADDR_FROM_TRANSIENT(pVmxTransient);
10399 return IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10400 }
10401 return vmxHCExitIoInstr(pVCpu, pVmxTransient);
10402}
10403
10404
10405/**
10406 * Nested-guest VM-exit handler for RDMSR (VMX_EXIT_RDMSR).
10407 */
10408HMVMX_EXIT_DECL vmxHCExitRdmsrNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10409{
10410 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10411
10412 uint32_t fMsrpm;
10413 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_USE_MSR_BITMAPS))
10414 fMsrpm = CPUMGetVmxMsrPermission(pVCpu->cpum.GstCtx.hwvirt.vmx.abMsrBitmap, pVCpu->cpum.GstCtx.ecx);
10415 else
10416 fMsrpm = VMXMSRPM_EXIT_RD;
10417
10418 if (fMsrpm & VMXMSRPM_EXIT_RD)
10419 {
10420 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10421 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10422 }
10423 return vmxHCExitRdmsr(pVCpu, pVmxTransient);
10424}
10425
10426
10427/**
10428 * Nested-guest VM-exit handler for WRMSR (VMX_EXIT_WRMSR).
10429 */
10430HMVMX_EXIT_DECL vmxHCExitWrmsrNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10431{
10432 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10433
10434 uint32_t fMsrpm;
10435 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_USE_MSR_BITMAPS))
10436 fMsrpm = CPUMGetVmxMsrPermission(pVCpu->cpum.GstCtx.hwvirt.vmx.abMsrBitmap, pVCpu->cpum.GstCtx.ecx);
10437 else
10438 fMsrpm = VMXMSRPM_EXIT_WR;
10439
10440 if (fMsrpm & VMXMSRPM_EXIT_WR)
10441 {
10442 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10443 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10444 }
10445 return vmxHCExitWrmsr(pVCpu, pVmxTransient);
10446}
10447
10448
10449/**
10450 * Nested-guest VM-exit handler for MWAIT (VMX_EXIT_MWAIT). Conditional VM-exit.
10451 */
10452HMVMX_EXIT_DECL vmxHCExitMwaitNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10453{
10454 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10455
10456 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_MWAIT_EXIT))
10457 {
10458 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10459 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10460 }
10461 return vmxHCExitMwait(pVCpu, pVmxTransient);
10462}
10463
10464
10465/**
10466 * Nested-guest VM-exit handler for monitor-trap-flag (VMX_EXIT_MTF). Conditional
10467 * VM-exit.
10468 */
10469HMVMX_EXIT_DECL vmxHCExitMtfNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10470{
10471 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10472
10473 /** @todo NSTVMX: Should consider debugging nested-guests using VM debugger. */
10474 vmxHCReadToTransient<HMVMX_READ_GUEST_PENDING_DBG_XCPTS>(pVCpu, pVmxTransient);
10475 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_DBG_XCPTS_FROM_TRANSIENT(pVmxTransient);
10476 return IEMExecVmxVmexitTrapLike(pVCpu, &ExitInfo);
10477}
10478
10479
10480/**
10481 * Nested-guest VM-exit handler for MONITOR (VMX_EXIT_MONITOR). Conditional VM-exit.
10482 */
10483HMVMX_EXIT_DECL vmxHCExitMonitorNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10484{
10485 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10486
10487 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_MONITOR_EXIT))
10488 {
10489 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10490 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10491 }
10492 return vmxHCExitMonitor(pVCpu, pVmxTransient);
10493}
10494
10495
10496/**
10497 * Nested-guest VM-exit handler for PAUSE (VMX_EXIT_PAUSE). Conditional VM-exit.
10498 */
10499HMVMX_EXIT_DECL vmxHCExitPauseNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10500{
10501 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10502
10503 /** @todo NSTVMX: Think about this more. Does the outer guest need to intercept
10504 * PAUSE when executing a nested-guest? If it does not, we would not need
10505 * to check for the intercepts here. Just call VM-exit... */
10506
10507 /* The CPU would have already performed the necessary CPL checks for PAUSE-loop exiting. */
10508 if ( CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_PAUSE_EXIT)
10509 || CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_PAUSE_LOOP_EXIT))
10510 {
10511 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10512 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10513 }
10514 return vmxHCExitPause(pVCpu, pVmxTransient);
10515}
10516
10517
10518/**
10519 * Nested-guest VM-exit handler for when the TPR value is lowered below the
10520 * specified threshold (VMX_EXIT_TPR_BELOW_THRESHOLD). Conditional VM-exit.
10521 */
10522HMVMX_EXIT_NSRC_DECL vmxHCExitTprBelowThresholdNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10523{
10524 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10525
10526 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_USE_TPR_SHADOW))
10527 {
10528 vmxHCReadToTransient<HMVMX_READ_GUEST_PENDING_DBG_XCPTS>(pVCpu, pVmxTransient);
10529 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_DBG_XCPTS_FROM_TRANSIENT(pVmxTransient);
10530 return IEMExecVmxVmexitTrapLike(pVCpu, &ExitInfo);
10531 }
10532 return vmxHCExitTprBelowThreshold(pVCpu, pVmxTransient);
10533}
10534
10535
10536/**
10537 * Nested-guest VM-exit handler for APIC access (VMX_EXIT_APIC_ACCESS). Conditional
10538 * VM-exit.
10539 */
10540HMVMX_EXIT_DECL vmxHCExitApicAccessNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10541{
10542 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10543
10544 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10545 | HMVMX_READ_EXIT_INSTR_LEN
10546 | HMVMX_READ_IDT_VECTORING_INFO
10547 | HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
10548
10549 Assert(CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_VIRT_APIC_ACCESS));
10550
10551 Log4Func(("at offset %#x type=%u\n", VMX_EXIT_QUAL_APIC_ACCESS_OFFSET(pVmxTransient->uExitQual),
10552 VMX_EXIT_QUAL_APIC_ACCESS_TYPE(pVmxTransient->uExitQual)));
10553
10554 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_FROM_TRANSIENT(pVmxTransient);
10555 VMXVEXITEVENTINFO const ExitEventInfo = VMXVEXITEVENTINFO_INIT_ONLY_IDT(pVmxTransient->uIdtVectoringInfo,
10556 pVmxTransient->uIdtVectoringErrorCode);
10557 return IEMExecVmxVmexitApicAccess(pVCpu, &ExitInfo, &ExitEventInfo);
10558}
10559
10560
10561/**
10562 * Nested-guest VM-exit handler for APIC write emulation (VMX_EXIT_APIC_WRITE).
10563 * Conditional VM-exit.
10564 */
10565HMVMX_EXIT_DECL vmxHCExitApicWriteNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10566{
10567 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10568
10569 Assert(CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_APIC_REG_VIRT));
10570 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
10571 return IEMExecVmxVmexit(pVCpu, pVmxTransient->uExitReason, pVmxTransient->uExitQual);
10572}
10573
10574
10575/**
10576 * Nested-guest VM-exit handler for virtualized EOI (VMX_EXIT_VIRTUALIZED_EOI).
10577 * Conditional VM-exit.
10578 */
10579HMVMX_EXIT_DECL vmxHCExitVirtEoiNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10580{
10581 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10582
10583 Assert(CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_VIRT_INT_DELIVERY));
10584 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
10585 return IEMExecVmxVmexit(pVCpu, pVmxTransient->uExitReason, pVmxTransient->uExitQual);
10586}
10587
10588
10589/**
10590 * Nested-guest VM-exit handler for RDTSCP (VMX_EXIT_RDTSCP). Conditional VM-exit.
10591 */
10592HMVMX_EXIT_DECL vmxHCExitRdtscpNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10593{
10594 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10595
10596 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_RDTSC_EXIT))
10597 {
10598 Assert(CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_RDTSCP));
10599 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10600 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10601 }
10602 return vmxHCExitRdtscp(pVCpu, pVmxTransient);
10603}
10604
10605
10606/**
10607 * Nested-guest VM-exit handler for WBINVD (VMX_EXIT_WBINVD). Conditional VM-exit.
10608 */
10609HMVMX_EXIT_NSRC_DECL vmxHCExitWbinvdNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10610{
10611 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10612
10613 if (CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_WBINVD_EXIT))
10614 {
10615 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10616 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10617 }
10618 return vmxHCExitWbinvd(pVCpu, pVmxTransient);
10619}
10620
10621
10622/**
10623 * Nested-guest VM-exit handler for INVPCID (VMX_EXIT_INVPCID). Conditional VM-exit.
10624 */
10625HMVMX_EXIT_DECL vmxHCExitInvpcidNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10626{
10627 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10628
10629 if (CPUMIsGuestVmxProcCtlsSet(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS_INVLPG_EXIT))
10630 {
10631 Assert(CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_INVPCID));
10632 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10633 | HMVMX_READ_EXIT_INSTR_INFO
10634 | HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10635 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
10636 return IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10637 }
10638 return vmxHCExitInvpcid(pVCpu, pVmxTransient);
10639}
10640
10641
10642/**
10643 * Nested-guest VM-exit handler for invalid-guest state
10644 * (VMX_EXIT_ERR_INVALID_GUEST_STATE). Error VM-exit.
10645 */
10646HMVMX_EXIT_DECL vmxHCExitErrInvalidGuestStateNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10647{
10648 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10649
10650 /*
10651 * Currently this should never happen because we fully emulate VMLAUNCH/VMRESUME in IEM.
10652 * So if it does happen, it indicates a bug possibly in the hardware-assisted VMX code.
10653 * Handle it like it's in an invalid guest state of the outer guest.
10654 *
10655 * When the fast path is implemented, this should be changed to cause the corresponding
10656 * nested-guest VM-exit.
10657 */
10658 return vmxHCExitErrInvalidGuestState(pVCpu, pVmxTransient);
10659}
10660
10661
10662/**
10663 * Nested-guest VM-exit handler for instructions that cause VM-exits unconditionally
10664 * and only provide the instruction length.
10665 *
10666 * Unconditional VM-exit.
10667 */
10668HMVMX_EXIT_DECL vmxHCExitInstrNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10669{
10670 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10671
10672#ifdef VBOX_STRICT
10673 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
10674 switch (pVmxTransient->uExitReason)
10675 {
10676 case VMX_EXIT_ENCLS:
10677 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_ENCLS_EXIT));
10678 break;
10679
10680 case VMX_EXIT_VMFUNC:
10681 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_VMFUNC));
10682 break;
10683 }
10684#endif
10685
10686 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_LEN>(pVCpu, pVmxTransient);
10687 return IEMExecVmxVmexitInstr(pVCpu, pVmxTransient->uExitReason, pVmxTransient->cbExitInstr);
10688}
10689
10690
10691/**
10692 * Nested-guest VM-exit handler for instructions that provide instruction length as
10693 * well as more information.
10694 *
10695 * Unconditional VM-exit.
10696 */
10697HMVMX_EXIT_DECL vmxHCExitInstrWithInfoNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10698{
10699 HMVMX_VALIDATE_NESTED_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10700
10701# ifdef VBOX_STRICT
10702 PCCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
10703 switch (pVmxTransient->uExitReason)
10704 {
10705 case VMX_EXIT_GDTR_IDTR_ACCESS:
10706 case VMX_EXIT_LDTR_TR_ACCESS:
10707 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_DESC_TABLE_EXIT));
10708 break;
10709
10710 case VMX_EXIT_RDRAND:
10711 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_RDRAND_EXIT));
10712 break;
10713
10714 case VMX_EXIT_RDSEED:
10715 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_RDSEED_EXIT));
10716 break;
10717
10718 case VMX_EXIT_XSAVES:
10719 case VMX_EXIT_XRSTORS:
10720 /** @todo NSTVMX: Verify XSS-bitmap. */
10721 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_XSAVES_XRSTORS));
10722 break;
10723
10724 case VMX_EXIT_UMWAIT:
10725 case VMX_EXIT_TPAUSE:
10726 Assert(CPUMIsGuestVmxProcCtlsSet(pCtx, VMX_PROC_CTLS_RDTSC_EXIT));
10727 Assert(CPUMIsGuestVmxProcCtls2Set(pCtx, VMX_PROC_CTLS2_USER_WAIT_PAUSE));
10728 break;
10729
10730 case VMX_EXIT_LOADIWKEY:
10731 Assert(CPUMIsGuestVmxProcCtls3Set(pCtx, VMX_PROC_CTLS3_LOADIWKEY_EXIT));
10732 break;
10733 }
10734# endif
10735
10736 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10737 | HMVMX_READ_EXIT_INSTR_LEN
10738 | HMVMX_READ_EXIT_INSTR_INFO>(pVCpu, pVmxTransient);
10739 VMXVEXITINFO const ExitInfo = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_INFO_FROM_TRANSIENT(pVmxTransient);
10740 return IEMExecVmxVmexitInstrWithInfo(pVCpu, &ExitInfo);
10741}
10742
10743# ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
10744
10745/**
10746 * Nested-guest VM-exit handler for EPT violation (VMX_EXIT_EPT_VIOLATION).
10747 * Conditional VM-exit.
10748 */
10749HMVMX_EXIT_DECL vmxHCExitEptViolationNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10750{
10751 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10752 Assert(pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging);
10753
10754 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
10755 if (CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_EPT))
10756 {
10757 vmxHCReadToTransient< HMVMX_READ_EXIT_QUALIFICATION
10758 | HMVMX_READ_EXIT_INSTR_LEN
10759 | HMVMX_READ_EXIT_INTERRUPTION_INFO
10760 | HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE
10761 | HMVMX_READ_IDT_VECTORING_INFO
10762 | HMVMX_READ_IDT_VECTORING_ERROR_CODE
10763 | HMVMX_READ_GUEST_PHYSICAL_ADDR>(pVCpu, pVmxTransient);
10764 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmcsInfo, __FUNCTION__);
10765 AssertRCReturn(rc, rc);
10766
10767 /*
10768 * If it's our VMEXIT, we're responsible for re-injecting any event which delivery
10769 * might have triggered this VMEXIT. If we forward the problem to the inner VMM,
10770 * it's its problem to deal with that issue and we'll clear the recovered event.
10771 */
10772 VBOXSTRICTRC rcStrict = vmxHCCheckExitDueToEventDelivery(pVCpu, pVmxTransient);
10773 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
10774 { /*likely*/ }
10775 else
10776 {
10777 Assert(rcStrict != VINF_HM_DOUBLE_FAULT);
10778 return rcStrict;
10779 }
10780 uint32_t const fClearEventOnForward = VCPU_2_VMXSTATE(pVCpu).Event.fPending; /* paranoia. should not inject events below. */
10781
10782 RTGCPHYS const GCPhysNestedFault = pVmxTransient->uGuestPhysicalAddr;
10783 uint64_t const uExitQual = pVmxTransient->uExitQual;
10784
10785 RTGCPTR GCPtrNestedFault;
10786 bool const fIsLinearAddrValid = RT_BOOL(uExitQual & VMX_EXIT_QUAL_EPT_LINEAR_ADDR_VALID);
10787 if (fIsLinearAddrValid)
10788 {
10789 vmxHCReadToTransient<HMVMX_READ_GUEST_LINEAR_ADDR>(pVCpu, pVmxTransient);
10790 GCPtrNestedFault = pVmxTransient->uGuestLinearAddr;
10791 }
10792 else
10793 GCPtrNestedFault = 0;
10794
10795 RTGCUINT const uErr = ((uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_INSTR_FETCH) ? X86_TRAP_PF_ID : 0)
10796 | ((uExitQual & VMX_EXIT_QUAL_EPT_ACCESS_WRITE) ? X86_TRAP_PF_RW : 0)
10797 | ((uExitQual & ( VMX_EXIT_QUAL_EPT_ENTRY_READ
10798 | VMX_EXIT_QUAL_EPT_ENTRY_WRITE
10799 | VMX_EXIT_QUAL_EPT_ENTRY_EXECUTE)) ? X86_TRAP_PF_P : 0);
10800
10801 PGMPTWALK Walk;
10802 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
10803 rcStrict = PGMR0NestedTrap0eHandlerNestedPaging(pVCpu, PGMMODE_EPT, uErr, pCtx, GCPhysNestedFault,
10804 fIsLinearAddrValid, GCPtrNestedFault, &Walk);
10805 Log7Func(("PGM (uExitQual=%#RX64, %RGp, %RGv) -> %Rrc (fFailed=%d)\n",
10806 uExitQual, GCPhysNestedFault, GCPtrNestedFault, VBOXSTRICTRC_VAL(rcStrict), Walk.fFailed));
10807 if (RT_SUCCESS(rcStrict))
10808 {
10809 if (rcStrict == VINF_IOM_R3_MMIO_COMMIT_WRITE)
10810 {
10811 Assert(!fClearEventOnForward);
10812 Assert(VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IOM));
10813 rcStrict = VINF_EM_RESCHEDULE_REM;
10814 }
10815 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_ALL_GUEST);
10816 return rcStrict;
10817 }
10818
10819 if (fClearEventOnForward)
10820 VCPU_2_VMXSTATE(pVCpu).Event.fPending = false;
10821
10822 VMXVEXITEVENTINFO const ExitEventInfo = VMXVEXITEVENTINFO_INIT_ONLY_IDT(pVmxTransient->uIdtVectoringInfo,
10823 pVmxTransient->uIdtVectoringErrorCode);
10824 if (Walk.fFailed & PGM_WALKFAIL_EPT_VIOLATION)
10825 {
10826 VMXVEXITINFO const ExitInfo
10827 = VMXVEXITINFO_INIT_WITH_QUAL_AND_INSTR_LEN_AND_GST_ADDRESSES(VMX_EXIT_EPT_VIOLATION,
10828 pVmxTransient->uExitQual,
10829 pVmxTransient->cbExitInstr,
10830 pVmxTransient->uGuestLinearAddr,
10831 pVmxTransient->uGuestPhysicalAddr);
10832 return IEMExecVmxVmexitEptViolation(pVCpu, &ExitInfo, &ExitEventInfo);
10833 }
10834
10835 Assert(Walk.fFailed & PGM_WALKFAIL_EPT_MISCONFIG);
10836 return IEMExecVmxVmexitEptMisconfig(pVCpu, pVmxTransient->uGuestPhysicalAddr, &ExitEventInfo);
10837 }
10838
10839 return vmxHCExitEptViolation(pVCpu, pVmxTransient);
10840}
10841
10842
10843/**
10844 * Nested-guest VM-exit handler for EPT misconfiguration (VMX_EXIT_EPT_MISCONFIG).
10845 * Conditional VM-exit.
10846 */
10847HMVMX_EXIT_DECL vmxHCExitEptMisconfigNested(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient)
10848{
10849 HMVMX_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pVmxTransient);
10850 Assert(pVCpu->CTX_SUFF(pVM)->hmr0.s.fNestedPaging);
10851
10852 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
10853 if (CPUMIsGuestVmxProcCtls2Set(&pVCpu->cpum.GstCtx, VMX_PROC_CTLS2_EPT))
10854 {
10855 vmxHCReadToTransient<HMVMX_READ_GUEST_PHYSICAL_ADDR>(pVCpu, pVmxTransient);
10856 int rc = vmxHCImportGuestState<CPUMCTX_EXTRN_ALL>(pVCpu, pVmcsInfo, __FUNCTION__);
10857 AssertRCReturn(rc, rc);
10858
10859 PGMPTWALK Walk;
10860 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
10861 RTGCPHYS const GCPhysNestedFault = pVmxTransient->uGuestPhysicalAddr;
10862 VBOXSTRICTRC rcStrict = PGMR0NestedTrap0eHandlerNestedPaging(pVCpu, PGMMODE_EPT, X86_TRAP_PF_RSVD, pCtx,
10863 GCPhysNestedFault, false /* fIsLinearAddrValid */,
10864 0 /* GCPtrNestedFault */, &Walk);
10865 if (RT_SUCCESS(rcStrict))
10866 {
10867 AssertMsgFailed(("Shouldn't happen with the way we have programmed the EPT shadow tables\n"));
10868 return rcStrict;
10869 }
10870
10871 AssertMsg(Walk.fFailed & PGM_WALKFAIL_EPT_MISCONFIG, ("GCPhysNestedFault=%#RGp\n", GCPhysNestedFault));
10872 vmxHCReadToTransient< HMVMX_READ_IDT_VECTORING_INFO
10873 | HMVMX_READ_IDT_VECTORING_ERROR_CODE>(pVCpu, pVmxTransient);
10874
10875 VMXVEXITEVENTINFO const ExitEventInfo = VMXVEXITEVENTINFO_INIT_ONLY_IDT(pVmxTransient->uIdtVectoringInfo,
10876 pVmxTransient->uIdtVectoringErrorCode);
10877 return IEMExecVmxVmexitEptMisconfig(pVCpu, pVmxTransient->uGuestPhysicalAddr, &ExitEventInfo);
10878 }
10879
10880 return vmxHCExitEptMisconfig(pVCpu, pVmxTransient);
10881}
10882
10883# endif /* VBOX_WITH_NESTED_HWVIRT_VMX_EPT */
10884
10885/** @} */
10886#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
10887
10888
10889/** @name Execution loop for single stepping, DBGF events and expensive Dtrace
10890 * probes.
10891 *
10892 * The following few functions and associated structure contains the bloat
10893 * necessary for providing detailed debug events and dtrace probes as well as
10894 * reliable host side single stepping. This works on the principle of
10895 * "subclassing" the normal execution loop and workers. We replace the loop
10896 * method completely and override selected helpers to add necessary adjustments
10897 * to their core operation.
10898 *
10899 * The goal is to keep the "parent" code lean and mean, so as not to sacrifice
10900 * any performance for debug and analysis features.
10901 *
10902 * @{
10903 */
10904
10905/**
10906 * Transient per-VCPU debug state of VMCS and related info. we save/restore in
10907 * the debug run loop.
10908 */
10909typedef struct VMXRUNDBGSTATE
10910{
10911 /** The RIP we started executing at. This is for detecting that we stepped. */
10912 uint64_t uRipStart;
10913 /** The CS we started executing with. */
10914 uint16_t uCsStart;
10915
10916 /** Whether we've actually modified the 1st execution control field. */
10917 bool fModifiedProcCtls : 1;
10918 /** Whether we've actually modified the 2nd execution control field. */
10919 bool fModifiedProcCtls2 : 1;
10920 /** Whether we've actually modified the exception bitmap. */
10921 bool fModifiedXcptBitmap : 1;
10922
10923 /** We desire the modified the CR0 mask to be cleared. */
10924 bool fClearCr0Mask : 1;
10925 /** We desire the modified the CR4 mask to be cleared. */
10926 bool fClearCr4Mask : 1;
10927 /** Stuff we need in VMX_VMCS32_CTRL_PROC_EXEC. */
10928 uint32_t fCpe1Extra;
10929 /** Stuff we do not want in VMX_VMCS32_CTRL_PROC_EXEC. */
10930 uint32_t fCpe1Unwanted;
10931 /** Stuff we need in VMX_VMCS32_CTRL_PROC_EXEC2. */
10932 uint32_t fCpe2Extra;
10933 /** Extra stuff we need in VMX_VMCS32_CTRL_EXCEPTION_BITMAP. */
10934 uint32_t bmXcptExtra;
10935 /** The sequence number of the Dtrace provider settings the state was
10936 * configured against. */
10937 uint32_t uDtraceSettingsSeqNo;
10938 /** VM-exits to check (one bit per VM-exit). */
10939 uint32_t bmExitsToCheck[3];
10940
10941 /** The initial VMX_VMCS32_CTRL_PROC_EXEC value (helps with restore). */
10942 uint32_t fProcCtlsInitial;
10943 /** The initial VMX_VMCS32_CTRL_PROC_EXEC2 value (helps with restore). */
10944 uint32_t fProcCtls2Initial;
10945 /** The initial VMX_VMCS32_CTRL_EXCEPTION_BITMAP value (helps with restore). */
10946 uint32_t bmXcptInitial;
10947} VMXRUNDBGSTATE;
10948AssertCompileMemberSize(VMXRUNDBGSTATE, bmExitsToCheck, (VMX_EXIT_MAX + 1 + 31) / 32 * 4);
10949typedef VMXRUNDBGSTATE *PVMXRUNDBGSTATE;
10950
10951
10952/**
10953 * Initializes the VMXRUNDBGSTATE structure.
10954 *
10955 * @param pVCpu The cross context virtual CPU structure of the
10956 * calling EMT.
10957 * @param pVmxTransient The VMX-transient structure.
10958 * @param pDbgState The debug state to initialize.
10959 */
10960static void vmxHCRunDebugStateInit(PVMCPUCC pVCpu, PCVMXTRANSIENT pVmxTransient, PVMXRUNDBGSTATE pDbgState)
10961{
10962 pDbgState->uRipStart = pVCpu->cpum.GstCtx.rip;
10963 pDbgState->uCsStart = pVCpu->cpum.GstCtx.cs.Sel;
10964
10965 pDbgState->fModifiedProcCtls = false;
10966 pDbgState->fModifiedProcCtls2 = false;
10967 pDbgState->fModifiedXcptBitmap = false;
10968 pDbgState->fClearCr0Mask = false;
10969 pDbgState->fClearCr4Mask = false;
10970 pDbgState->fCpe1Extra = 0;
10971 pDbgState->fCpe1Unwanted = 0;
10972 pDbgState->fCpe2Extra = 0;
10973 pDbgState->bmXcptExtra = 0;
10974 pDbgState->fProcCtlsInitial = pVmxTransient->pVmcsInfo->u32ProcCtls;
10975 pDbgState->fProcCtls2Initial = pVmxTransient->pVmcsInfo->u32ProcCtls2;
10976 pDbgState->bmXcptInitial = pVmxTransient->pVmcsInfo->u32XcptBitmap;
10977}
10978
10979
10980/**
10981 * Updates the VMSC fields with changes requested by @a pDbgState.
10982 *
10983 * This is performed after hmR0VmxPreRunGuestDebugStateUpdate as well
10984 * immediately before executing guest code, i.e. when interrupts are disabled.
10985 * We don't check status codes here as we cannot easily assert or return in the
10986 * latter case.
10987 *
10988 * @param pVCpu The cross context virtual CPU structure.
10989 * @param pVmxTransient The VMX-transient structure.
10990 * @param pDbgState The debug state.
10991 */
10992static void vmxHCPreRunGuestDebugStateApply(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, PVMXRUNDBGSTATE pDbgState)
10993{
10994 /*
10995 * Ensure desired flags in VMCS control fields are set.
10996 * (Ignoring write failure here, as we're committed and it's just debug extras.)
10997 *
10998 * Note! We load the shadow CR0 & CR4 bits when we flag the clearing, so
10999 * there should be no stale data in pCtx at this point.
11000 */
11001 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
11002 if ( (pVmcsInfo->u32ProcCtls & pDbgState->fCpe1Extra) != pDbgState->fCpe1Extra
11003 || (pVmcsInfo->u32ProcCtls & pDbgState->fCpe1Unwanted))
11004 {
11005 pVmcsInfo->u32ProcCtls |= pDbgState->fCpe1Extra;
11006 pVmcsInfo->u32ProcCtls &= ~pDbgState->fCpe1Unwanted;
11007 VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
11008 Log6Func(("VMX_VMCS32_CTRL_PROC_EXEC: %#RX32\n", pVmcsInfo->u32ProcCtls));
11009 pDbgState->fModifiedProcCtls = true;
11010 }
11011
11012 if ((pVmcsInfo->u32ProcCtls2 & pDbgState->fCpe2Extra) != pDbgState->fCpe2Extra)
11013 {
11014 pVmcsInfo->u32ProcCtls2 |= pDbgState->fCpe2Extra;
11015 VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC2, pVmcsInfo->u32ProcCtls2);
11016 Log6Func(("VMX_VMCS32_CTRL_PROC_EXEC2: %#RX32\n", pVmcsInfo->u32ProcCtls2));
11017 pDbgState->fModifiedProcCtls2 = true;
11018 }
11019
11020 if ((pVmcsInfo->u32XcptBitmap & pDbgState->bmXcptExtra) != pDbgState->bmXcptExtra)
11021 {
11022 pVmcsInfo->u32XcptBitmap |= pDbgState->bmXcptExtra;
11023 VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_EXCEPTION_BITMAP, pVmcsInfo->u32XcptBitmap);
11024 Log6Func(("VMX_VMCS32_CTRL_EXCEPTION_BITMAP: %#RX32\n", pVmcsInfo->u32XcptBitmap));
11025 pDbgState->fModifiedXcptBitmap = true;
11026 }
11027
11028 if (pDbgState->fClearCr0Mask && pVmcsInfo->u64Cr0Mask != 0)
11029 {
11030 pVmcsInfo->u64Cr0Mask = 0;
11031 VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_CTRL_CR0_MASK, 0);
11032 Log6Func(("VMX_VMCS_CTRL_CR0_MASK: 0\n"));
11033 }
11034
11035 if (pDbgState->fClearCr4Mask && pVmcsInfo->u64Cr4Mask != 0)
11036 {
11037 pVmcsInfo->u64Cr4Mask = 0;
11038 VMX_VMCS_WRITE_NW(pVCpu, VMX_VMCS_CTRL_CR4_MASK, 0);
11039 Log6Func(("VMX_VMCS_CTRL_CR4_MASK: 0\n"));
11040 }
11041
11042 NOREF(pVCpu);
11043}
11044
11045
11046/**
11047 * Restores VMCS fields that were changed by hmR0VmxPreRunGuestDebugStateApply for
11048 * re-entry next time around.
11049 *
11050 * @returns Strict VBox status code (i.e. informational status codes too).
11051 * @param pVCpu The cross context virtual CPU structure.
11052 * @param pVmxTransient The VMX-transient structure.
11053 * @param pDbgState The debug state.
11054 * @param rcStrict The return code from executing the guest using single
11055 * stepping.
11056 */
11057static VBOXSTRICTRC vmxHCRunDebugStateRevert(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, PVMXRUNDBGSTATE pDbgState,
11058 VBOXSTRICTRC rcStrict)
11059{
11060 /*
11061 * Restore VM-exit control settings as we may not reenter this function the
11062 * next time around.
11063 */
11064 PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
11065
11066 /* We reload the initial value, trigger what we can of recalculations the
11067 next time around. From the looks of things, that's all that's required atm. */
11068 if (pDbgState->fModifiedProcCtls)
11069 {
11070 if (!(pDbgState->fProcCtlsInitial & VMX_PROC_CTLS_MOV_DR_EXIT) && CPUMIsHyperDebugStateActive(pVCpu))
11071 pDbgState->fProcCtlsInitial |= VMX_PROC_CTLS_MOV_DR_EXIT; /* Avoid assertion in hmR0VmxLeave */
11072 int rc2 = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC, pDbgState->fProcCtlsInitial);
11073 AssertRC(rc2);
11074 pVmcsInfo->u32ProcCtls = pDbgState->fProcCtlsInitial;
11075 }
11076
11077 /* We're currently the only ones messing with this one, so just restore the
11078 cached value and reload the field. */
11079 if ( pDbgState->fModifiedProcCtls2
11080 && pVmcsInfo->u32ProcCtls2 != pDbgState->fProcCtls2Initial)
11081 {
11082 int rc2 = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_PROC_EXEC2, pDbgState->fProcCtls2Initial);
11083 AssertRC(rc2);
11084 pVmcsInfo->u32ProcCtls2 = pDbgState->fProcCtls2Initial;
11085 }
11086
11087 /* If we've modified the exception bitmap, we restore it and trigger
11088 reloading and partial recalculation the next time around. */
11089 if (pDbgState->fModifiedXcptBitmap)
11090 {
11091 int rc2 = VMX_VMCS_WRITE_32(pVCpu, VMX_VMCS32_CTRL_EXCEPTION_BITMAP, pDbgState->bmXcptInitial);
11092 AssertRC(rc2);
11093 pVmcsInfo->u32XcptBitmap = pDbgState->bmXcptInitial;
11094 }
11095
11096 return rcStrict;
11097}
11098
11099
11100/**
11101 * Configures VM-exit controls for current DBGF and DTrace settings.
11102 *
11103 * This updates @a pDbgState and the VMCS execution control fields to reflect
11104 * the necessary VM-exits demanded by DBGF and DTrace.
11105 *
11106 * @param pVCpu The cross context virtual CPU structure.
11107 * @param pVmxTransient The VMX-transient structure. May update
11108 * fUpdatedTscOffsettingAndPreemptTimer.
11109 * @param pDbgState The debug state.
11110 */
11111static void vmxHCPreRunGuestDebugStateUpdate(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, PVMXRUNDBGSTATE pDbgState)
11112{
11113#ifndef IN_NEM_DARWIN
11114 /*
11115 * Take down the dtrace serial number so we can spot changes.
11116 */
11117 pDbgState->uDtraceSettingsSeqNo = VBOXVMM_GET_SETTINGS_SEQ_NO();
11118 ASMCompilerBarrier();
11119#endif
11120
11121 /*
11122 * We'll rebuild most of the middle block of data members (holding the
11123 * current settings) as we go along here, so start by clearing it all.
11124 */
11125 pDbgState->bmXcptExtra = 0;
11126 pDbgState->fCpe1Extra = 0;
11127 pDbgState->fCpe1Unwanted = 0;
11128 pDbgState->fCpe2Extra = 0;
11129 for (unsigned i = 0; i < RT_ELEMENTS(pDbgState->bmExitsToCheck); i++)
11130 pDbgState->bmExitsToCheck[i] = 0;
11131
11132 /*
11133 * Software interrupts (INT XXh) - no idea how to trigger these...
11134 */
11135 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
11136 if ( DBGF_IS_EVENT_ENABLED(pVM, DBGFEVENT_INTERRUPT_SOFTWARE)
11137 || VBOXVMM_INT_SOFTWARE_ENABLED())
11138 {
11139 ASMBitSet(pDbgState->bmExitsToCheck, VMX_EXIT_XCPT_OR_NMI);
11140 }
11141
11142 /*
11143 * INT3 breakpoints - triggered by #BP exceptions.
11144 */
11145 if (pVM->dbgf.ro.cEnabledInt3Breakpoints > 0)
11146 pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_BP);
11147
11148 /*
11149 * Exception bitmap and XCPT events+probes.
11150 */
11151 for (int iXcpt = 0; iXcpt < (DBGFEVENT_XCPT_LAST - DBGFEVENT_XCPT_FIRST + 1); iXcpt++)
11152 if (DBGF_IS_EVENT_ENABLED(pVM, (DBGFEVENTTYPE)(DBGFEVENT_XCPT_FIRST + iXcpt)))
11153 pDbgState->bmXcptExtra |= RT_BIT_32(iXcpt);
11154
11155 if (VBOXVMM_XCPT_DE_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_DE);
11156 if (VBOXVMM_XCPT_DB_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_DB);
11157 if (VBOXVMM_XCPT_BP_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_BP);
11158 if (VBOXVMM_XCPT_OF_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_OF);
11159 if (VBOXVMM_XCPT_BR_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_BR);
11160 if (VBOXVMM_XCPT_UD_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_UD);
11161 if (VBOXVMM_XCPT_NM_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_NM);
11162 if (VBOXVMM_XCPT_DF_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_DF);
11163 if (VBOXVMM_XCPT_TS_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_TS);
11164 if (VBOXVMM_XCPT_NP_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_NP);
11165 if (VBOXVMM_XCPT_SS_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_SS);
11166 if (VBOXVMM_XCPT_GP_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_GP);
11167 if (VBOXVMM_XCPT_PF_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_PF);
11168 if (VBOXVMM_XCPT_MF_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_MF);
11169 if (VBOXVMM_XCPT_AC_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_AC);
11170 if (VBOXVMM_XCPT_XF_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_XF);
11171 if (VBOXVMM_XCPT_VE_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_VE);
11172 if (VBOXVMM_XCPT_SX_ENABLED()) pDbgState->bmXcptExtra |= RT_BIT_32(X86_XCPT_SX);
11173
11174 if (pDbgState->bmXcptExtra)
11175 ASMBitSet(pDbgState->bmExitsToCheck, VMX_EXIT_XCPT_OR_NMI);
11176
11177 /*
11178 * Process events and probes for VM-exits, making sure we get the wanted VM-exits.
11179 *
11180 * Note! This is the reverse of what hmR0VmxHandleExitDtraceEvents does.
11181 * So, when adding/changing/removing please don't forget to update it.
11182 *
11183 * Some of the macros are picking up local variables to save horizontal space,
11184 * (being able to see it in a table is the lesser evil here).
11185 */
11186#define IS_EITHER_ENABLED(a_pVM, a_EventSubName) \
11187 ( DBGF_IS_EVENT_ENABLED(a_pVM, RT_CONCAT(DBGFEVENT_, a_EventSubName)) \
11188 || RT_CONCAT3(VBOXVMM_, a_EventSubName, _ENABLED)() )
11189#define SET_ONLY_XBM_IF_EITHER_EN(a_EventSubName, a_uExit) \
11190 if (IS_EITHER_ENABLED(pVM, a_EventSubName)) \
11191 { AssertCompile((unsigned)(a_uExit) < sizeof(pDbgState->bmExitsToCheck) * 8); \
11192 ASMBitSet((pDbgState)->bmExitsToCheck, a_uExit); \
11193 } else do { } while (0)
11194#define SET_CPE1_XBM_IF_EITHER_EN(a_EventSubName, a_uExit, a_fCtrlProcExec) \
11195 if (IS_EITHER_ENABLED(pVM, a_EventSubName)) \
11196 { \
11197 (pDbgState)->fCpe1Extra |= (a_fCtrlProcExec); \
11198 AssertCompile((unsigned)(a_uExit) < sizeof(pDbgState->bmExitsToCheck) * 8); \
11199 ASMBitSet((pDbgState)->bmExitsToCheck, a_uExit); \
11200 } else do { } while (0)
11201#define SET_CPEU_XBM_IF_EITHER_EN(a_EventSubName, a_uExit, a_fUnwantedCtrlProcExec) \
11202 if (IS_EITHER_ENABLED(pVM, a_EventSubName)) \
11203 { \
11204 (pDbgState)->fCpe1Unwanted |= (a_fUnwantedCtrlProcExec); \
11205 AssertCompile((unsigned)(a_uExit) < sizeof(pDbgState->bmExitsToCheck) * 8); \
11206 ASMBitSet((pDbgState)->bmExitsToCheck, a_uExit); \
11207 } else do { } while (0)
11208#define SET_CPE2_XBM_IF_EITHER_EN(a_EventSubName, a_uExit, a_fCtrlProcExec2) \
11209 if (IS_EITHER_ENABLED(pVM, a_EventSubName)) \
11210 { \
11211 (pDbgState)->fCpe2Extra |= (a_fCtrlProcExec2); \
11212 AssertCompile((unsigned)(a_uExit) < sizeof(pDbgState->bmExitsToCheck) * 8); \
11213 ASMBitSet((pDbgState)->bmExitsToCheck, a_uExit); \
11214 } else do { } while (0)
11215
11216 SET_ONLY_XBM_IF_EITHER_EN(EXIT_TASK_SWITCH, VMX_EXIT_TASK_SWITCH); /* unconditional */
11217 SET_ONLY_XBM_IF_EITHER_EN(EXIT_VMX_EPT_VIOLATION, VMX_EXIT_EPT_VIOLATION); /* unconditional */
11218 SET_ONLY_XBM_IF_EITHER_EN(EXIT_VMX_EPT_MISCONFIG, VMX_EXIT_EPT_MISCONFIG); /* unconditional (unless #VE) */
11219 SET_ONLY_XBM_IF_EITHER_EN(EXIT_VMX_VAPIC_ACCESS, VMX_EXIT_APIC_ACCESS); /* feature dependent, nothing to enable here */
11220 SET_ONLY_XBM_IF_EITHER_EN(EXIT_VMX_VAPIC_WRITE, VMX_EXIT_APIC_WRITE); /* feature dependent, nothing to enable here */
11221
11222 SET_ONLY_XBM_IF_EITHER_EN(INSTR_CPUID, VMX_EXIT_CPUID); /* unconditional */
11223 SET_ONLY_XBM_IF_EITHER_EN( EXIT_CPUID, VMX_EXIT_CPUID);
11224 SET_ONLY_XBM_IF_EITHER_EN(INSTR_GETSEC, VMX_EXIT_GETSEC); /* unconditional */
11225 SET_ONLY_XBM_IF_EITHER_EN( EXIT_GETSEC, VMX_EXIT_GETSEC);
11226 SET_CPE1_XBM_IF_EITHER_EN(INSTR_HALT, VMX_EXIT_HLT, VMX_PROC_CTLS_HLT_EXIT); /* paranoia */
11227 SET_ONLY_XBM_IF_EITHER_EN( EXIT_HALT, VMX_EXIT_HLT);
11228 SET_ONLY_XBM_IF_EITHER_EN(INSTR_INVD, VMX_EXIT_INVD); /* unconditional */
11229 SET_ONLY_XBM_IF_EITHER_EN( EXIT_INVD, VMX_EXIT_INVD);
11230 SET_CPE1_XBM_IF_EITHER_EN(INSTR_INVLPG, VMX_EXIT_INVLPG, VMX_PROC_CTLS_INVLPG_EXIT);
11231 SET_ONLY_XBM_IF_EITHER_EN( EXIT_INVLPG, VMX_EXIT_INVLPG);
11232 SET_CPE1_XBM_IF_EITHER_EN(INSTR_RDPMC, VMX_EXIT_RDPMC, VMX_PROC_CTLS_RDPMC_EXIT);
11233 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RDPMC, VMX_EXIT_RDPMC);
11234 SET_CPE1_XBM_IF_EITHER_EN(INSTR_RDTSC, VMX_EXIT_RDTSC, VMX_PROC_CTLS_RDTSC_EXIT);
11235 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RDTSC, VMX_EXIT_RDTSC);
11236 SET_ONLY_XBM_IF_EITHER_EN(INSTR_RSM, VMX_EXIT_RSM); /* unconditional */
11237 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RSM, VMX_EXIT_RSM);
11238 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMM_CALL, VMX_EXIT_VMCALL); /* unconditional */
11239 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMM_CALL, VMX_EXIT_VMCALL);
11240 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMCLEAR, VMX_EXIT_VMCLEAR); /* unconditional */
11241 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMCLEAR, VMX_EXIT_VMCLEAR);
11242 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMLAUNCH, VMX_EXIT_VMLAUNCH); /* unconditional */
11243 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMLAUNCH, VMX_EXIT_VMLAUNCH);
11244 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMPTRLD, VMX_EXIT_VMPTRLD); /* unconditional */
11245 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMPTRLD, VMX_EXIT_VMPTRLD);
11246 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMPTRST, VMX_EXIT_VMPTRST); /* unconditional */
11247 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMPTRST, VMX_EXIT_VMPTRST);
11248 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMREAD, VMX_EXIT_VMREAD); /* unconditional */
11249 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMREAD, VMX_EXIT_VMREAD);
11250 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMRESUME, VMX_EXIT_VMRESUME); /* unconditional */
11251 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMRESUME, VMX_EXIT_VMRESUME);
11252 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMWRITE, VMX_EXIT_VMWRITE); /* unconditional */
11253 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMWRITE, VMX_EXIT_VMWRITE);
11254 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMXOFF, VMX_EXIT_VMXOFF); /* unconditional */
11255 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMXOFF, VMX_EXIT_VMXOFF);
11256 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMXON, VMX_EXIT_VMXON); /* unconditional */
11257 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMXON, VMX_EXIT_VMXON);
11258
11259 if ( IS_EITHER_ENABLED(pVM, INSTR_CRX_READ)
11260 || IS_EITHER_ENABLED(pVM, INSTR_CRX_WRITE))
11261 {
11262 int rc = vmxHCImportGuestStateEx(pVCpu, pVmxTransient->pVmcsInfo,
11263 CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_CR4 | CPUMCTX_EXTRN_APIC_TPR);
11264 AssertRC(rc);
11265
11266#if 0 /** @todo fix me */
11267 pDbgState->fClearCr0Mask = true;
11268 pDbgState->fClearCr4Mask = true;
11269#endif
11270 if (IS_EITHER_ENABLED(pVM, INSTR_CRX_READ))
11271 pDbgState->fCpe1Extra |= VMX_PROC_CTLS_CR3_STORE_EXIT | VMX_PROC_CTLS_CR8_STORE_EXIT;
11272 if (IS_EITHER_ENABLED(pVM, INSTR_CRX_WRITE))
11273 pDbgState->fCpe1Extra |= VMX_PROC_CTLS_CR3_LOAD_EXIT | VMX_PROC_CTLS_CR8_LOAD_EXIT;
11274 pDbgState->fCpe1Unwanted |= VMX_PROC_CTLS_USE_TPR_SHADOW; /* risky? */
11275 /* Note! We currently don't use VMX_VMCS32_CTRL_CR3_TARGET_COUNT. It would
11276 require clearing here and in the loop if we start using it. */
11277 ASMBitSet(pDbgState->bmExitsToCheck, VMX_EXIT_MOV_CRX);
11278 }
11279 else
11280 {
11281 if (pDbgState->fClearCr0Mask)
11282 {
11283 pDbgState->fClearCr0Mask = false;
11284 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_CR0);
11285 }
11286 if (pDbgState->fClearCr4Mask)
11287 {
11288 pDbgState->fClearCr4Mask = false;
11289 ASMAtomicUoOrU64(&VCPU_2_VMXSTATE(pVCpu).fCtxChanged, HM_CHANGED_GUEST_CR4);
11290 }
11291 }
11292 SET_ONLY_XBM_IF_EITHER_EN( EXIT_CRX_READ, VMX_EXIT_MOV_CRX);
11293 SET_ONLY_XBM_IF_EITHER_EN( EXIT_CRX_WRITE, VMX_EXIT_MOV_CRX);
11294
11295 if ( IS_EITHER_ENABLED(pVM, INSTR_DRX_READ)
11296 || IS_EITHER_ENABLED(pVM, INSTR_DRX_WRITE))
11297 {
11298 /** @todo later, need to fix handler as it assumes this won't usually happen. */
11299 ASMBitSet(pDbgState->bmExitsToCheck, VMX_EXIT_MOV_DRX);
11300 }
11301 SET_ONLY_XBM_IF_EITHER_EN( EXIT_DRX_READ, VMX_EXIT_MOV_DRX);
11302 SET_ONLY_XBM_IF_EITHER_EN( EXIT_DRX_WRITE, VMX_EXIT_MOV_DRX);
11303
11304 SET_CPEU_XBM_IF_EITHER_EN(INSTR_RDMSR, VMX_EXIT_RDMSR, VMX_PROC_CTLS_USE_MSR_BITMAPS); /* risky clearing this? */
11305 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RDMSR, VMX_EXIT_RDMSR);
11306 SET_CPEU_XBM_IF_EITHER_EN(INSTR_WRMSR, VMX_EXIT_WRMSR, VMX_PROC_CTLS_USE_MSR_BITMAPS);
11307 SET_ONLY_XBM_IF_EITHER_EN( EXIT_WRMSR, VMX_EXIT_WRMSR);
11308 SET_CPE1_XBM_IF_EITHER_EN(INSTR_MWAIT, VMX_EXIT_MWAIT, VMX_PROC_CTLS_MWAIT_EXIT); /* paranoia */
11309 SET_ONLY_XBM_IF_EITHER_EN( EXIT_MWAIT, VMX_EXIT_MWAIT);
11310 SET_CPE1_XBM_IF_EITHER_EN(INSTR_MONITOR, VMX_EXIT_MONITOR, VMX_PROC_CTLS_MONITOR_EXIT); /* paranoia */
11311 SET_ONLY_XBM_IF_EITHER_EN( EXIT_MONITOR, VMX_EXIT_MONITOR);
11312#if 0 /** @todo too slow, fix handler. */
11313 SET_CPE1_XBM_IF_EITHER_EN(INSTR_PAUSE, VMX_EXIT_PAUSE, VMX_PROC_CTLS_PAUSE_EXIT);
11314#endif
11315 SET_ONLY_XBM_IF_EITHER_EN( EXIT_PAUSE, VMX_EXIT_PAUSE);
11316
11317 if ( IS_EITHER_ENABLED(pVM, INSTR_SGDT)
11318 || IS_EITHER_ENABLED(pVM, INSTR_SIDT)
11319 || IS_EITHER_ENABLED(pVM, INSTR_LGDT)
11320 || IS_EITHER_ENABLED(pVM, INSTR_LIDT))
11321 {
11322 pDbgState->fCpe2Extra |= VMX_PROC_CTLS2_DESC_TABLE_EXIT;
11323 ASMBitSet(pDbgState->bmExitsToCheck, VMX_EXIT_GDTR_IDTR_ACCESS);
11324 }
11325 SET_ONLY_XBM_IF_EITHER_EN( EXIT_SGDT, VMX_EXIT_GDTR_IDTR_ACCESS);
11326 SET_ONLY_XBM_IF_EITHER_EN( EXIT_SIDT, VMX_EXIT_GDTR_IDTR_ACCESS);
11327 SET_ONLY_XBM_IF_EITHER_EN( EXIT_LGDT, VMX_EXIT_GDTR_IDTR_ACCESS);
11328 SET_ONLY_XBM_IF_EITHER_EN( EXIT_LIDT, VMX_EXIT_GDTR_IDTR_ACCESS);
11329
11330 if ( IS_EITHER_ENABLED(pVM, INSTR_SLDT)
11331 || IS_EITHER_ENABLED(pVM, INSTR_STR)
11332 || IS_EITHER_ENABLED(pVM, INSTR_LLDT)
11333 || IS_EITHER_ENABLED(pVM, INSTR_LTR))
11334 {
11335 pDbgState->fCpe2Extra |= VMX_PROC_CTLS2_DESC_TABLE_EXIT;
11336 ASMBitSet(pDbgState->bmExitsToCheck, VMX_EXIT_LDTR_TR_ACCESS);
11337 }
11338 SET_ONLY_XBM_IF_EITHER_EN( EXIT_SLDT, VMX_EXIT_LDTR_TR_ACCESS);
11339 SET_ONLY_XBM_IF_EITHER_EN( EXIT_STR, VMX_EXIT_LDTR_TR_ACCESS);
11340 SET_ONLY_XBM_IF_EITHER_EN( EXIT_LLDT, VMX_EXIT_LDTR_TR_ACCESS);
11341 SET_ONLY_XBM_IF_EITHER_EN( EXIT_LTR, VMX_EXIT_LDTR_TR_ACCESS);
11342
11343 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_INVEPT, VMX_EXIT_INVEPT); /* unconditional */
11344 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_INVEPT, VMX_EXIT_INVEPT);
11345 SET_CPE1_XBM_IF_EITHER_EN(INSTR_RDTSCP, VMX_EXIT_RDTSCP, VMX_PROC_CTLS_RDTSC_EXIT);
11346 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RDTSCP, VMX_EXIT_RDTSCP);
11347 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_INVVPID, VMX_EXIT_INVVPID); /* unconditional */
11348 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_INVVPID, VMX_EXIT_INVVPID);
11349 SET_CPE2_XBM_IF_EITHER_EN(INSTR_WBINVD, VMX_EXIT_WBINVD, VMX_PROC_CTLS2_WBINVD_EXIT);
11350 SET_ONLY_XBM_IF_EITHER_EN( EXIT_WBINVD, VMX_EXIT_WBINVD);
11351 SET_ONLY_XBM_IF_EITHER_EN(INSTR_XSETBV, VMX_EXIT_XSETBV); /* unconditional */
11352 SET_ONLY_XBM_IF_EITHER_EN( EXIT_XSETBV, VMX_EXIT_XSETBV);
11353 SET_CPE2_XBM_IF_EITHER_EN(INSTR_RDRAND, VMX_EXIT_RDRAND, VMX_PROC_CTLS2_RDRAND_EXIT);
11354 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RDRAND, VMX_EXIT_RDRAND);
11355 SET_CPE1_XBM_IF_EITHER_EN(INSTR_VMX_INVPCID, VMX_EXIT_INVPCID, VMX_PROC_CTLS_INVLPG_EXIT);
11356 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_INVPCID, VMX_EXIT_INVPCID);
11357 SET_ONLY_XBM_IF_EITHER_EN(INSTR_VMX_VMFUNC, VMX_EXIT_VMFUNC); /* unconditional for the current setup */
11358 SET_ONLY_XBM_IF_EITHER_EN( EXIT_VMX_VMFUNC, VMX_EXIT_VMFUNC);
11359 SET_CPE2_XBM_IF_EITHER_EN(INSTR_RDSEED, VMX_EXIT_RDSEED, VMX_PROC_CTLS2_RDSEED_EXIT);
11360 SET_ONLY_XBM_IF_EITHER_EN( EXIT_RDSEED, VMX_EXIT_RDSEED);
11361 SET_ONLY_XBM_IF_EITHER_EN(INSTR_XSAVES, VMX_EXIT_XSAVES); /* unconditional (enabled by host, guest cfg) */
11362 SET_ONLY_XBM_IF_EITHER_EN(EXIT_XSAVES, VMX_EXIT_XSAVES);
11363 SET_ONLY_XBM_IF_EITHER_EN(INSTR_XRSTORS, VMX_EXIT_XRSTORS); /* unconditional (enabled by host, guest cfg) */
11364 SET_ONLY_XBM_IF_EITHER_EN( EXIT_XRSTORS, VMX_EXIT_XRSTORS);
11365
11366#undef IS_EITHER_ENABLED
11367#undef SET_ONLY_XBM_IF_EITHER_EN
11368#undef SET_CPE1_XBM_IF_EITHER_EN
11369#undef SET_CPEU_XBM_IF_EITHER_EN
11370#undef SET_CPE2_XBM_IF_EITHER_EN
11371
11372 /*
11373 * Sanitize the control stuff.
11374 */
11375 pDbgState->fCpe2Extra &= g_HmMsrs.u.vmx.ProcCtls2.n.allowed1;
11376 if (pDbgState->fCpe2Extra)
11377 pDbgState->fCpe1Extra |= VMX_PROC_CTLS_USE_SECONDARY_CTLS;
11378 pDbgState->fCpe1Extra &= g_HmMsrs.u.vmx.ProcCtls.n.allowed1;
11379 pDbgState->fCpe1Unwanted &= ~g_HmMsrs.u.vmx.ProcCtls.n.allowed0;
11380#ifndef IN_NEM_DARWIN
11381 if (pVCpu->hmr0.s.fDebugWantRdTscExit != RT_BOOL(pDbgState->fCpe1Extra & VMX_PROC_CTLS_RDTSC_EXIT))
11382 {
11383 pVCpu->hmr0.s.fDebugWantRdTscExit ^= true;
11384 pVmxTransient->fUpdatedTscOffsettingAndPreemptTimer = false;
11385 }
11386#else
11387 if (pVCpu->nem.s.fDebugWantRdTscExit != RT_BOOL(pDbgState->fCpe1Extra & VMX_PROC_CTLS_RDTSC_EXIT))
11388 {
11389 pVCpu->nem.s.fDebugWantRdTscExit ^= true;
11390 pVmxTransient->fUpdatedTscOffsettingAndPreemptTimer = false;
11391 }
11392#endif
11393
11394 Log6(("HM: debug state: cpe1=%#RX32 cpeu=%#RX32 cpe2=%#RX32%s%s\n",
11395 pDbgState->fCpe1Extra, pDbgState->fCpe1Unwanted, pDbgState->fCpe2Extra,
11396 pDbgState->fClearCr0Mask ? " clr-cr0" : "",
11397 pDbgState->fClearCr4Mask ? " clr-cr4" : ""));
11398}
11399
11400
11401/**
11402 * Fires off DBGF events and dtrace probes for a VM-exit, when it's
11403 * appropriate.
11404 *
11405 * The caller has checked the VM-exit against the
11406 * VMXRUNDBGSTATE::bmExitsToCheck bitmap. The caller has checked for NMIs
11407 * already, so we don't have to do that either.
11408 *
11409 * @returns Strict VBox status code (i.e. informational status codes too).
11410 * @param pVCpu The cross context virtual CPU structure.
11411 * @param pVmxTransient The VMX-transient structure.
11412 * @param uExitReason The VM-exit reason.
11413 *
11414 * @remarks The name of this function is displayed by dtrace, so keep it short
11415 * and to the point. No longer than 33 chars long, please.
11416 */
11417static VBOXSTRICTRC vmxHCHandleExitDtraceEvents(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, uint32_t uExitReason)
11418{
11419 /*
11420 * Translate the event into a DBGF event (enmEvent + uEventArg) and at the
11421 * same time check whether any corresponding Dtrace event is enabled (fDtrace).
11422 *
11423 * Note! This is the reverse operation of what hmR0VmxPreRunGuestDebugStateUpdate
11424 * does. Must add/change/remove both places. Same ordering, please.
11425 *
11426 * Added/removed events must also be reflected in the next section
11427 * where we dispatch dtrace events.
11428 */
11429 bool fDtrace1 = false;
11430 bool fDtrace2 = false;
11431 DBGFEVENTTYPE enmEvent1 = DBGFEVENT_END;
11432 DBGFEVENTTYPE enmEvent2 = DBGFEVENT_END;
11433 uint32_t uEventArg = 0;
11434#define SET_EXIT(a_EventSubName) \
11435 do { \
11436 enmEvent2 = RT_CONCAT(DBGFEVENT_EXIT_, a_EventSubName); \
11437 fDtrace2 = RT_CONCAT3(VBOXVMM_EXIT_, a_EventSubName, _ENABLED)(); \
11438 } while (0)
11439#define SET_BOTH(a_EventSubName) \
11440 do { \
11441 enmEvent1 = RT_CONCAT(DBGFEVENT_INSTR_, a_EventSubName); \
11442 enmEvent2 = RT_CONCAT(DBGFEVENT_EXIT_, a_EventSubName); \
11443 fDtrace1 = RT_CONCAT3(VBOXVMM_INSTR_, a_EventSubName, _ENABLED)(); \
11444 fDtrace2 = RT_CONCAT3(VBOXVMM_EXIT_, a_EventSubName, _ENABLED)(); \
11445 } while (0)
11446 switch (uExitReason)
11447 {
11448 case VMX_EXIT_MTF:
11449 return vmxHCExitMtf(pVCpu, pVmxTransient);
11450
11451 case VMX_EXIT_XCPT_OR_NMI:
11452 {
11453 uint8_t const idxVector = VMX_EXIT_INT_INFO_VECTOR(pVmxTransient->uExitIntInfo);
11454 switch (VMX_EXIT_INT_INFO_TYPE(pVmxTransient->uExitIntInfo))
11455 {
11456 case VMX_EXIT_INT_INFO_TYPE_HW_XCPT:
11457 case VMX_EXIT_INT_INFO_TYPE_SW_XCPT:
11458 case VMX_EXIT_INT_INFO_TYPE_PRIV_SW_XCPT:
11459 if (idxVector <= (unsigned)(DBGFEVENT_XCPT_LAST - DBGFEVENT_XCPT_FIRST))
11460 {
11461 if (VMX_EXIT_INT_INFO_IS_ERROR_CODE_VALID(pVmxTransient->uExitIntInfo))
11462 {
11463 vmxHCReadToTransient<HMVMX_READ_EXIT_INTERRUPTION_ERROR_CODE>(pVCpu, pVmxTransient);
11464 uEventArg = pVmxTransient->uExitIntErrorCode;
11465 }
11466 enmEvent1 = (DBGFEVENTTYPE)(DBGFEVENT_XCPT_FIRST + idxVector);
11467 switch (enmEvent1)
11468 {
11469 case DBGFEVENT_XCPT_DE: fDtrace1 = VBOXVMM_XCPT_DE_ENABLED(); break;
11470 case DBGFEVENT_XCPT_DB: fDtrace1 = VBOXVMM_XCPT_DB_ENABLED(); break;
11471 case DBGFEVENT_XCPT_BP: fDtrace1 = VBOXVMM_XCPT_BP_ENABLED(); break;
11472 case DBGFEVENT_XCPT_OF: fDtrace1 = VBOXVMM_XCPT_OF_ENABLED(); break;
11473 case DBGFEVENT_XCPT_BR: fDtrace1 = VBOXVMM_XCPT_BR_ENABLED(); break;
11474 case DBGFEVENT_XCPT_UD: fDtrace1 = VBOXVMM_XCPT_UD_ENABLED(); break;
11475 case DBGFEVENT_XCPT_NM: fDtrace1 = VBOXVMM_XCPT_NM_ENABLED(); break;
11476 case DBGFEVENT_XCPT_DF: fDtrace1 = VBOXVMM_XCPT_DF_ENABLED(); break;
11477 case DBGFEVENT_XCPT_TS: fDtrace1 = VBOXVMM_XCPT_TS_ENABLED(); break;
11478 case DBGFEVENT_XCPT_NP: fDtrace1 = VBOXVMM_XCPT_NP_ENABLED(); break;
11479 case DBGFEVENT_XCPT_SS: fDtrace1 = VBOXVMM_XCPT_SS_ENABLED(); break;
11480 case DBGFEVENT_XCPT_GP: fDtrace1 = VBOXVMM_XCPT_GP_ENABLED(); break;
11481 case DBGFEVENT_XCPT_PF: fDtrace1 = VBOXVMM_XCPT_PF_ENABLED(); break;
11482 case DBGFEVENT_XCPT_MF: fDtrace1 = VBOXVMM_XCPT_MF_ENABLED(); break;
11483 case DBGFEVENT_XCPT_AC: fDtrace1 = VBOXVMM_XCPT_AC_ENABLED(); break;
11484 case DBGFEVENT_XCPT_XF: fDtrace1 = VBOXVMM_XCPT_XF_ENABLED(); break;
11485 case DBGFEVENT_XCPT_VE: fDtrace1 = VBOXVMM_XCPT_VE_ENABLED(); break;
11486 case DBGFEVENT_XCPT_SX: fDtrace1 = VBOXVMM_XCPT_SX_ENABLED(); break;
11487 default: break;
11488 }
11489 }
11490 else
11491 AssertFailed();
11492 break;
11493
11494 case VMX_EXIT_INT_INFO_TYPE_SW_INT:
11495 uEventArg = idxVector;
11496 enmEvent1 = DBGFEVENT_INTERRUPT_SOFTWARE;
11497 fDtrace1 = VBOXVMM_INT_SOFTWARE_ENABLED();
11498 break;
11499 }
11500 break;
11501 }
11502
11503 case VMX_EXIT_TRIPLE_FAULT:
11504 enmEvent1 = DBGFEVENT_TRIPLE_FAULT;
11505 //fDtrace1 = VBOXVMM_EXIT_TRIPLE_FAULT_ENABLED();
11506 break;
11507 case VMX_EXIT_TASK_SWITCH: SET_EXIT(TASK_SWITCH); break;
11508 case VMX_EXIT_EPT_VIOLATION: SET_EXIT(VMX_EPT_VIOLATION); break;
11509 case VMX_EXIT_EPT_MISCONFIG: SET_EXIT(VMX_EPT_MISCONFIG); break;
11510 case VMX_EXIT_APIC_ACCESS: SET_EXIT(VMX_VAPIC_ACCESS); break;
11511 case VMX_EXIT_APIC_WRITE: SET_EXIT(VMX_VAPIC_WRITE); break;
11512
11513 /* Instruction specific VM-exits: */
11514 case VMX_EXIT_CPUID: SET_BOTH(CPUID); break;
11515 case VMX_EXIT_GETSEC: SET_BOTH(GETSEC); break;
11516 case VMX_EXIT_HLT: SET_BOTH(HALT); break;
11517 case VMX_EXIT_INVD: SET_BOTH(INVD); break;
11518 case VMX_EXIT_INVLPG: SET_BOTH(INVLPG); break;
11519 case VMX_EXIT_RDPMC: SET_BOTH(RDPMC); break;
11520 case VMX_EXIT_RDTSC: SET_BOTH(RDTSC); break;
11521 case VMX_EXIT_RSM: SET_BOTH(RSM); break;
11522 case VMX_EXIT_VMCALL: SET_BOTH(VMM_CALL); break;
11523 case VMX_EXIT_VMCLEAR: SET_BOTH(VMX_VMCLEAR); break;
11524 case VMX_EXIT_VMLAUNCH: SET_BOTH(VMX_VMLAUNCH); break;
11525 case VMX_EXIT_VMPTRLD: SET_BOTH(VMX_VMPTRLD); break;
11526 case VMX_EXIT_VMPTRST: SET_BOTH(VMX_VMPTRST); break;
11527 case VMX_EXIT_VMREAD: SET_BOTH(VMX_VMREAD); break;
11528 case VMX_EXIT_VMRESUME: SET_BOTH(VMX_VMRESUME); break;
11529 case VMX_EXIT_VMWRITE: SET_BOTH(VMX_VMWRITE); break;
11530 case VMX_EXIT_VMXOFF: SET_BOTH(VMX_VMXOFF); break;
11531 case VMX_EXIT_VMXON: SET_BOTH(VMX_VMXON); break;
11532 case VMX_EXIT_MOV_CRX:
11533 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
11534 if (VMX_EXIT_QUAL_CRX_ACCESS(pVmxTransient->uExitQual) == VMX_EXIT_QUAL_CRX_ACCESS_READ)
11535 SET_BOTH(CRX_READ);
11536 else
11537 SET_BOTH(CRX_WRITE);
11538 uEventArg = VMX_EXIT_QUAL_CRX_REGISTER(pVmxTransient->uExitQual);
11539 break;
11540 case VMX_EXIT_MOV_DRX:
11541 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
11542 if ( VMX_EXIT_QUAL_DRX_DIRECTION(pVmxTransient->uExitQual)
11543 == VMX_EXIT_QUAL_DRX_DIRECTION_READ)
11544 SET_BOTH(DRX_READ);
11545 else
11546 SET_BOTH(DRX_WRITE);
11547 uEventArg = VMX_EXIT_QUAL_DRX_REGISTER(pVmxTransient->uExitQual);
11548 break;
11549 case VMX_EXIT_RDMSR: SET_BOTH(RDMSR); break;
11550 case VMX_EXIT_WRMSR: SET_BOTH(WRMSR); break;
11551 case VMX_EXIT_MWAIT: SET_BOTH(MWAIT); break;
11552 case VMX_EXIT_MONITOR: SET_BOTH(MONITOR); break;
11553 case VMX_EXIT_PAUSE: SET_BOTH(PAUSE); break;
11554 case VMX_EXIT_GDTR_IDTR_ACCESS:
11555 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_INFO>(pVCpu, pVmxTransient);
11556 switch (RT_BF_GET(pVmxTransient->ExitInstrInfo.u, VMX_BF_XDTR_INSINFO_INSTR_ID))
11557 {
11558 case VMX_XDTR_INSINFO_II_SGDT: SET_BOTH(SGDT); break;
11559 case VMX_XDTR_INSINFO_II_SIDT: SET_BOTH(SIDT); break;
11560 case VMX_XDTR_INSINFO_II_LGDT: SET_BOTH(LGDT); break;
11561 case VMX_XDTR_INSINFO_II_LIDT: SET_BOTH(LIDT); break;
11562 }
11563 break;
11564
11565 case VMX_EXIT_LDTR_TR_ACCESS:
11566 vmxHCReadToTransient<HMVMX_READ_EXIT_INSTR_INFO>(pVCpu, pVmxTransient);
11567 switch (RT_BF_GET(pVmxTransient->ExitInstrInfo.u, VMX_BF_YYTR_INSINFO_INSTR_ID))
11568 {
11569 case VMX_YYTR_INSINFO_II_SLDT: SET_BOTH(SLDT); break;
11570 case VMX_YYTR_INSINFO_II_STR: SET_BOTH(STR); break;
11571 case VMX_YYTR_INSINFO_II_LLDT: SET_BOTH(LLDT); break;
11572 case VMX_YYTR_INSINFO_II_LTR: SET_BOTH(LTR); break;
11573 }
11574 break;
11575
11576 case VMX_EXIT_INVEPT: SET_BOTH(VMX_INVEPT); break;
11577 case VMX_EXIT_RDTSCP: SET_BOTH(RDTSCP); break;
11578 case VMX_EXIT_INVVPID: SET_BOTH(VMX_INVVPID); break;
11579 case VMX_EXIT_WBINVD: SET_BOTH(WBINVD); break;
11580 case VMX_EXIT_XSETBV: SET_BOTH(XSETBV); break;
11581 case VMX_EXIT_RDRAND: SET_BOTH(RDRAND); break;
11582 case VMX_EXIT_INVPCID: SET_BOTH(VMX_INVPCID); break;
11583 case VMX_EXIT_VMFUNC: SET_BOTH(VMX_VMFUNC); break;
11584 case VMX_EXIT_RDSEED: SET_BOTH(RDSEED); break;
11585 case VMX_EXIT_XSAVES: SET_BOTH(XSAVES); break;
11586 case VMX_EXIT_XRSTORS: SET_BOTH(XRSTORS); break;
11587
11588 /* Events that aren't relevant at this point. */
11589 case VMX_EXIT_EXT_INT:
11590 case VMX_EXIT_INT_WINDOW:
11591 case VMX_EXIT_NMI_WINDOW:
11592 case VMX_EXIT_TPR_BELOW_THRESHOLD:
11593 case VMX_EXIT_PREEMPT_TIMER:
11594 case VMX_EXIT_IO_INSTR:
11595 break;
11596
11597 /* Errors and unexpected events. */
11598 case VMX_EXIT_INIT_SIGNAL:
11599 case VMX_EXIT_SIPI:
11600 case VMX_EXIT_IO_SMI:
11601 case VMX_EXIT_SMI:
11602 case VMX_EXIT_ERR_INVALID_GUEST_STATE:
11603 case VMX_EXIT_ERR_MSR_LOAD:
11604 case VMX_EXIT_ERR_MACHINE_CHECK:
11605 case VMX_EXIT_PML_FULL:
11606 case VMX_EXIT_VIRTUALIZED_EOI:
11607 break;
11608
11609 default:
11610 AssertMsgFailed(("Unexpected VM-exit=%#x\n", uExitReason));
11611 break;
11612 }
11613#undef SET_BOTH
11614#undef SET_EXIT
11615
11616 /*
11617 * Dtrace tracepoints go first. We do them here at once so we don't
11618 * have to copy the guest state saving and stuff a few dozen times.
11619 * Down side is that we've got to repeat the switch, though this time
11620 * we use enmEvent since the probes are a subset of what DBGF does.
11621 */
11622 if (fDtrace1 || fDtrace2)
11623 {
11624 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
11625 vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
11626 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
11627 switch (enmEvent1)
11628 {
11629 /** @todo consider which extra parameters would be helpful for each probe. */
11630 case DBGFEVENT_END: break;
11631 case DBGFEVENT_XCPT_DE: VBOXVMM_XCPT_DE(pVCpu, pCtx); break;
11632 case DBGFEVENT_XCPT_DB: VBOXVMM_XCPT_DB(pVCpu, pCtx, pCtx->dr[6]); break;
11633 case DBGFEVENT_XCPT_BP: VBOXVMM_XCPT_BP(pVCpu, pCtx); break;
11634 case DBGFEVENT_XCPT_OF: VBOXVMM_XCPT_OF(pVCpu, pCtx); break;
11635 case DBGFEVENT_XCPT_BR: VBOXVMM_XCPT_BR(pVCpu, pCtx); break;
11636 case DBGFEVENT_XCPT_UD: VBOXVMM_XCPT_UD(pVCpu, pCtx); break;
11637 case DBGFEVENT_XCPT_NM: VBOXVMM_XCPT_NM(pVCpu, pCtx); break;
11638 case DBGFEVENT_XCPT_DF: VBOXVMM_XCPT_DF(pVCpu, pCtx); break;
11639 case DBGFEVENT_XCPT_TS: VBOXVMM_XCPT_TS(pVCpu, pCtx, uEventArg); break;
11640 case DBGFEVENT_XCPT_NP: VBOXVMM_XCPT_NP(pVCpu, pCtx, uEventArg); break;
11641 case DBGFEVENT_XCPT_SS: VBOXVMM_XCPT_SS(pVCpu, pCtx, uEventArg); break;
11642 case DBGFEVENT_XCPT_GP: VBOXVMM_XCPT_GP(pVCpu, pCtx, uEventArg); break;
11643 case DBGFEVENT_XCPT_PF: VBOXVMM_XCPT_PF(pVCpu, pCtx, uEventArg, pCtx->cr2); break;
11644 case DBGFEVENT_XCPT_MF: VBOXVMM_XCPT_MF(pVCpu, pCtx); break;
11645 case DBGFEVENT_XCPT_AC: VBOXVMM_XCPT_AC(pVCpu, pCtx); break;
11646 case DBGFEVENT_XCPT_XF: VBOXVMM_XCPT_XF(pVCpu, pCtx); break;
11647 case DBGFEVENT_XCPT_VE: VBOXVMM_XCPT_VE(pVCpu, pCtx); break;
11648 case DBGFEVENT_XCPT_SX: VBOXVMM_XCPT_SX(pVCpu, pCtx, uEventArg); break;
11649 case DBGFEVENT_INTERRUPT_SOFTWARE: VBOXVMM_INT_SOFTWARE(pVCpu, pCtx, (uint8_t)uEventArg); break;
11650 case DBGFEVENT_INSTR_CPUID: VBOXVMM_INSTR_CPUID(pVCpu, pCtx, pCtx->eax, pCtx->ecx); break;
11651 case DBGFEVENT_INSTR_GETSEC: VBOXVMM_INSTR_GETSEC(pVCpu, pCtx); break;
11652 case DBGFEVENT_INSTR_HALT: VBOXVMM_INSTR_HALT(pVCpu, pCtx); break;
11653 case DBGFEVENT_INSTR_INVD: VBOXVMM_INSTR_INVD(pVCpu, pCtx); break;
11654 case DBGFEVENT_INSTR_INVLPG: VBOXVMM_INSTR_INVLPG(pVCpu, pCtx); break;
11655 case DBGFEVENT_INSTR_RDPMC: VBOXVMM_INSTR_RDPMC(pVCpu, pCtx); break;
11656 case DBGFEVENT_INSTR_RDTSC: VBOXVMM_INSTR_RDTSC(pVCpu, pCtx); break;
11657 case DBGFEVENT_INSTR_RSM: VBOXVMM_INSTR_RSM(pVCpu, pCtx); break;
11658 case DBGFEVENT_INSTR_CRX_READ: VBOXVMM_INSTR_CRX_READ(pVCpu, pCtx, (uint8_t)uEventArg); break;
11659 case DBGFEVENT_INSTR_CRX_WRITE: VBOXVMM_INSTR_CRX_WRITE(pVCpu, pCtx, (uint8_t)uEventArg); break;
11660 case DBGFEVENT_INSTR_DRX_READ: VBOXVMM_INSTR_DRX_READ(pVCpu, pCtx, (uint8_t)uEventArg); break;
11661 case DBGFEVENT_INSTR_DRX_WRITE: VBOXVMM_INSTR_DRX_WRITE(pVCpu, pCtx, (uint8_t)uEventArg); break;
11662 case DBGFEVENT_INSTR_RDMSR: VBOXVMM_INSTR_RDMSR(pVCpu, pCtx, pCtx->ecx); break;
11663 case DBGFEVENT_INSTR_WRMSR: VBOXVMM_INSTR_WRMSR(pVCpu, pCtx, pCtx->ecx,
11664 RT_MAKE_U64(pCtx->eax, pCtx->edx)); break;
11665 case DBGFEVENT_INSTR_MWAIT: VBOXVMM_INSTR_MWAIT(pVCpu, pCtx); break;
11666 case DBGFEVENT_INSTR_MONITOR: VBOXVMM_INSTR_MONITOR(pVCpu, pCtx); break;
11667 case DBGFEVENT_INSTR_PAUSE: VBOXVMM_INSTR_PAUSE(pVCpu, pCtx); break;
11668 case DBGFEVENT_INSTR_SGDT: VBOXVMM_INSTR_SGDT(pVCpu, pCtx); break;
11669 case DBGFEVENT_INSTR_SIDT: VBOXVMM_INSTR_SIDT(pVCpu, pCtx); break;
11670 case DBGFEVENT_INSTR_LGDT: VBOXVMM_INSTR_LGDT(pVCpu, pCtx); break;
11671 case DBGFEVENT_INSTR_LIDT: VBOXVMM_INSTR_LIDT(pVCpu, pCtx); break;
11672 case DBGFEVENT_INSTR_SLDT: VBOXVMM_INSTR_SLDT(pVCpu, pCtx); break;
11673 case DBGFEVENT_INSTR_STR: VBOXVMM_INSTR_STR(pVCpu, pCtx); break;
11674 case DBGFEVENT_INSTR_LLDT: VBOXVMM_INSTR_LLDT(pVCpu, pCtx); break;
11675 case DBGFEVENT_INSTR_LTR: VBOXVMM_INSTR_LTR(pVCpu, pCtx); break;
11676 case DBGFEVENT_INSTR_RDTSCP: VBOXVMM_INSTR_RDTSCP(pVCpu, pCtx); break;
11677 case DBGFEVENT_INSTR_WBINVD: VBOXVMM_INSTR_WBINVD(pVCpu, pCtx); break;
11678 case DBGFEVENT_INSTR_XSETBV: VBOXVMM_INSTR_XSETBV(pVCpu, pCtx); break;
11679 case DBGFEVENT_INSTR_RDRAND: VBOXVMM_INSTR_RDRAND(pVCpu, pCtx); break;
11680 case DBGFEVENT_INSTR_RDSEED: VBOXVMM_INSTR_RDSEED(pVCpu, pCtx); break;
11681 case DBGFEVENT_INSTR_XSAVES: VBOXVMM_INSTR_XSAVES(pVCpu, pCtx); break;
11682 case DBGFEVENT_INSTR_XRSTORS: VBOXVMM_INSTR_XRSTORS(pVCpu, pCtx); break;
11683 case DBGFEVENT_INSTR_VMM_CALL: VBOXVMM_INSTR_VMM_CALL(pVCpu, pCtx); break;
11684 case DBGFEVENT_INSTR_VMX_VMCLEAR: VBOXVMM_INSTR_VMX_VMCLEAR(pVCpu, pCtx); break;
11685 case DBGFEVENT_INSTR_VMX_VMLAUNCH: VBOXVMM_INSTR_VMX_VMLAUNCH(pVCpu, pCtx); break;
11686 case DBGFEVENT_INSTR_VMX_VMPTRLD: VBOXVMM_INSTR_VMX_VMPTRLD(pVCpu, pCtx); break;
11687 case DBGFEVENT_INSTR_VMX_VMPTRST: VBOXVMM_INSTR_VMX_VMPTRST(pVCpu, pCtx); break;
11688 case DBGFEVENT_INSTR_VMX_VMREAD: VBOXVMM_INSTR_VMX_VMREAD(pVCpu, pCtx); break;
11689 case DBGFEVENT_INSTR_VMX_VMRESUME: VBOXVMM_INSTR_VMX_VMRESUME(pVCpu, pCtx); break;
11690 case DBGFEVENT_INSTR_VMX_VMWRITE: VBOXVMM_INSTR_VMX_VMWRITE(pVCpu, pCtx); break;
11691 case DBGFEVENT_INSTR_VMX_VMXOFF: VBOXVMM_INSTR_VMX_VMXOFF(pVCpu, pCtx); break;
11692 case DBGFEVENT_INSTR_VMX_VMXON: VBOXVMM_INSTR_VMX_VMXON(pVCpu, pCtx); break;
11693 case DBGFEVENT_INSTR_VMX_INVEPT: VBOXVMM_INSTR_VMX_INVEPT(pVCpu, pCtx); break;
11694 case DBGFEVENT_INSTR_VMX_INVVPID: VBOXVMM_INSTR_VMX_INVVPID(pVCpu, pCtx); break;
11695 case DBGFEVENT_INSTR_VMX_INVPCID: VBOXVMM_INSTR_VMX_INVPCID(pVCpu, pCtx); break;
11696 case DBGFEVENT_INSTR_VMX_VMFUNC: VBOXVMM_INSTR_VMX_VMFUNC(pVCpu, pCtx); break;
11697 default: AssertMsgFailed(("enmEvent1=%d uExitReason=%d\n", enmEvent1, uExitReason)); break;
11698 }
11699 switch (enmEvent2)
11700 {
11701 /** @todo consider which extra parameters would be helpful for each probe. */
11702 case DBGFEVENT_END: break;
11703 case DBGFEVENT_EXIT_TASK_SWITCH: VBOXVMM_EXIT_TASK_SWITCH(pVCpu, pCtx); break;
11704 case DBGFEVENT_EXIT_CPUID: VBOXVMM_EXIT_CPUID(pVCpu, pCtx, pCtx->eax, pCtx->ecx); break;
11705 case DBGFEVENT_EXIT_GETSEC: VBOXVMM_EXIT_GETSEC(pVCpu, pCtx); break;
11706 case DBGFEVENT_EXIT_HALT: VBOXVMM_EXIT_HALT(pVCpu, pCtx); break;
11707 case DBGFEVENT_EXIT_INVD: VBOXVMM_EXIT_INVD(pVCpu, pCtx); break;
11708 case DBGFEVENT_EXIT_INVLPG: VBOXVMM_EXIT_INVLPG(pVCpu, pCtx); break;
11709 case DBGFEVENT_EXIT_RDPMC: VBOXVMM_EXIT_RDPMC(pVCpu, pCtx); break;
11710 case DBGFEVENT_EXIT_RDTSC: VBOXVMM_EXIT_RDTSC(pVCpu, pCtx); break;
11711 case DBGFEVENT_EXIT_RSM: VBOXVMM_EXIT_RSM(pVCpu, pCtx); break;
11712 case DBGFEVENT_EXIT_CRX_READ: VBOXVMM_EXIT_CRX_READ(pVCpu, pCtx, (uint8_t)uEventArg); break;
11713 case DBGFEVENT_EXIT_CRX_WRITE: VBOXVMM_EXIT_CRX_WRITE(pVCpu, pCtx, (uint8_t)uEventArg); break;
11714 case DBGFEVENT_EXIT_DRX_READ: VBOXVMM_EXIT_DRX_READ(pVCpu, pCtx, (uint8_t)uEventArg); break;
11715 case DBGFEVENT_EXIT_DRX_WRITE: VBOXVMM_EXIT_DRX_WRITE(pVCpu, pCtx, (uint8_t)uEventArg); break;
11716 case DBGFEVENT_EXIT_RDMSR: VBOXVMM_EXIT_RDMSR(pVCpu, pCtx, pCtx->ecx); break;
11717 case DBGFEVENT_EXIT_WRMSR: VBOXVMM_EXIT_WRMSR(pVCpu, pCtx, pCtx->ecx,
11718 RT_MAKE_U64(pCtx->eax, pCtx->edx)); break;
11719 case DBGFEVENT_EXIT_MWAIT: VBOXVMM_EXIT_MWAIT(pVCpu, pCtx); break;
11720 case DBGFEVENT_EXIT_MONITOR: VBOXVMM_EXIT_MONITOR(pVCpu, pCtx); break;
11721 case DBGFEVENT_EXIT_PAUSE: VBOXVMM_EXIT_PAUSE(pVCpu, pCtx); break;
11722 case DBGFEVENT_EXIT_SGDT: VBOXVMM_EXIT_SGDT(pVCpu, pCtx); break;
11723 case DBGFEVENT_EXIT_SIDT: VBOXVMM_EXIT_SIDT(pVCpu, pCtx); break;
11724 case DBGFEVENT_EXIT_LGDT: VBOXVMM_EXIT_LGDT(pVCpu, pCtx); break;
11725 case DBGFEVENT_EXIT_LIDT: VBOXVMM_EXIT_LIDT(pVCpu, pCtx); break;
11726 case DBGFEVENT_EXIT_SLDT: VBOXVMM_EXIT_SLDT(pVCpu, pCtx); break;
11727 case DBGFEVENT_EXIT_STR: VBOXVMM_EXIT_STR(pVCpu, pCtx); break;
11728 case DBGFEVENT_EXIT_LLDT: VBOXVMM_EXIT_LLDT(pVCpu, pCtx); break;
11729 case DBGFEVENT_EXIT_LTR: VBOXVMM_EXIT_LTR(pVCpu, pCtx); break;
11730 case DBGFEVENT_EXIT_RDTSCP: VBOXVMM_EXIT_RDTSCP(pVCpu, pCtx); break;
11731 case DBGFEVENT_EXIT_WBINVD: VBOXVMM_EXIT_WBINVD(pVCpu, pCtx); break;
11732 case DBGFEVENT_EXIT_XSETBV: VBOXVMM_EXIT_XSETBV(pVCpu, pCtx); break;
11733 case DBGFEVENT_EXIT_RDRAND: VBOXVMM_EXIT_RDRAND(pVCpu, pCtx); break;
11734 case DBGFEVENT_EXIT_RDSEED: VBOXVMM_EXIT_RDSEED(pVCpu, pCtx); break;
11735 case DBGFEVENT_EXIT_XSAVES: VBOXVMM_EXIT_XSAVES(pVCpu, pCtx); break;
11736 case DBGFEVENT_EXIT_XRSTORS: VBOXVMM_EXIT_XRSTORS(pVCpu, pCtx); break;
11737 case DBGFEVENT_EXIT_VMM_CALL: VBOXVMM_EXIT_VMM_CALL(pVCpu, pCtx); break;
11738 case DBGFEVENT_EXIT_VMX_VMCLEAR: VBOXVMM_EXIT_VMX_VMCLEAR(pVCpu, pCtx); break;
11739 case DBGFEVENT_EXIT_VMX_VMLAUNCH: VBOXVMM_EXIT_VMX_VMLAUNCH(pVCpu, pCtx); break;
11740 case DBGFEVENT_EXIT_VMX_VMPTRLD: VBOXVMM_EXIT_VMX_VMPTRLD(pVCpu, pCtx); break;
11741 case DBGFEVENT_EXIT_VMX_VMPTRST: VBOXVMM_EXIT_VMX_VMPTRST(pVCpu, pCtx); break;
11742 case DBGFEVENT_EXIT_VMX_VMREAD: VBOXVMM_EXIT_VMX_VMREAD(pVCpu, pCtx); break;
11743 case DBGFEVENT_EXIT_VMX_VMRESUME: VBOXVMM_EXIT_VMX_VMRESUME(pVCpu, pCtx); break;
11744 case DBGFEVENT_EXIT_VMX_VMWRITE: VBOXVMM_EXIT_VMX_VMWRITE(pVCpu, pCtx); break;
11745 case DBGFEVENT_EXIT_VMX_VMXOFF: VBOXVMM_EXIT_VMX_VMXOFF(pVCpu, pCtx); break;
11746 case DBGFEVENT_EXIT_VMX_VMXON: VBOXVMM_EXIT_VMX_VMXON(pVCpu, pCtx); break;
11747 case DBGFEVENT_EXIT_VMX_INVEPT: VBOXVMM_EXIT_VMX_INVEPT(pVCpu, pCtx); break;
11748 case DBGFEVENT_EXIT_VMX_INVVPID: VBOXVMM_EXIT_VMX_INVVPID(pVCpu, pCtx); break;
11749 case DBGFEVENT_EXIT_VMX_INVPCID: VBOXVMM_EXIT_VMX_INVPCID(pVCpu, pCtx); break;
11750 case DBGFEVENT_EXIT_VMX_VMFUNC: VBOXVMM_EXIT_VMX_VMFUNC(pVCpu, pCtx); break;
11751 case DBGFEVENT_EXIT_VMX_EPT_MISCONFIG: VBOXVMM_EXIT_VMX_EPT_MISCONFIG(pVCpu, pCtx); break;
11752 case DBGFEVENT_EXIT_VMX_EPT_VIOLATION: VBOXVMM_EXIT_VMX_EPT_VIOLATION(pVCpu, pCtx); break;
11753 case DBGFEVENT_EXIT_VMX_VAPIC_ACCESS: VBOXVMM_EXIT_VMX_VAPIC_ACCESS(pVCpu, pCtx); break;
11754 case DBGFEVENT_EXIT_VMX_VAPIC_WRITE: VBOXVMM_EXIT_VMX_VAPIC_WRITE(pVCpu, pCtx); break;
11755 default: AssertMsgFailed(("enmEvent2=%d uExitReason=%d\n", enmEvent2, uExitReason)); break;
11756 }
11757 }
11758
11759 /*
11760 * Fire of the DBGF event, if enabled (our check here is just a quick one,
11761 * the DBGF call will do a full check).
11762 *
11763 * Note! DBGF sets DBGFEVENT_INTERRUPT_SOFTWARE in the bitmap.
11764 * Note! If we have to events, we prioritize the first, i.e. the instruction
11765 * one, in order to avoid event nesting.
11766 */
11767 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
11768 if ( enmEvent1 != DBGFEVENT_END
11769 && DBGF_IS_EVENT_ENABLED(pVM, enmEvent1))
11770 {
11771 vmxHCImportGuestState<CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_RIP>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
11772 VBOXSTRICTRC rcStrict = DBGFEventGenericWithArgs(pVM, pVCpu, enmEvent1, DBGFEVENTCTX_HM, 1, uEventArg);
11773 if (rcStrict != VINF_SUCCESS)
11774 return rcStrict;
11775 }
11776 else if ( enmEvent2 != DBGFEVENT_END
11777 && DBGF_IS_EVENT_ENABLED(pVM, enmEvent2))
11778 {
11779 vmxHCImportGuestState<CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_RIP>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
11780 VBOXSTRICTRC rcStrict = DBGFEventGenericWithArgs(pVM, pVCpu, enmEvent2, DBGFEVENTCTX_HM, 1, uEventArg);
11781 if (rcStrict != VINF_SUCCESS)
11782 return rcStrict;
11783 }
11784
11785 return VINF_SUCCESS;
11786}
11787
11788
11789/**
11790 * Single-stepping VM-exit filtering.
11791 *
11792 * This is preprocessing the VM-exits and deciding whether we've gotten far
11793 * enough to return VINF_EM_DBG_STEPPED already. If not, normal VM-exit
11794 * handling is performed.
11795 *
11796 * @returns Strict VBox status code (i.e. informational status codes too).
11797 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11798 * @param pVmxTransient The VMX-transient structure.
11799 * @param pDbgState The debug state.
11800 */
11801DECLINLINE(VBOXSTRICTRC) vmxHCRunDebugHandleExit(PVMCPUCC pVCpu, PVMXTRANSIENT pVmxTransient, PVMXRUNDBGSTATE pDbgState)
11802{
11803 /*
11804 * Expensive (saves context) generic dtrace VM-exit probe.
11805 */
11806 uint32_t const uExitReason = pVmxTransient->uExitReason;
11807 if (!VBOXVMM_R0_HMVMX_VMEXIT_ENABLED())
11808 { /* more likely */ }
11809 else
11810 {
11811 vmxHCReadToTransient<HMVMX_READ_EXIT_QUALIFICATION>(pVCpu, pVmxTransient);
11812 int rc = vmxHCImportGuestState<HMVMX_CPUMCTX_EXTRN_ALL>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
11813 AssertRC(rc);
11814 VBOXVMM_R0_HMVMX_VMEXIT(pVCpu, &pVCpu->cpum.GstCtx, pVmxTransient->uExitReason, pVmxTransient->uExitQual);
11815 }
11816
11817#ifndef IN_NEM_DARWIN
11818 /*
11819 * Check for host NMI, just to get that out of the way.
11820 */
11821 if (uExitReason != VMX_EXIT_XCPT_OR_NMI)
11822 { /* normally likely */ }
11823 else
11824 {
11825 vmxHCReadToTransient<HMVMX_READ_EXIT_INTERRUPTION_INFO>(pVCpu, pVmxTransient);
11826 uint32_t const uIntType = VMX_EXIT_INT_INFO_TYPE(pVmxTransient->uExitIntInfo);
11827 if (uIntType == VMX_EXIT_INT_INFO_TYPE_NMI)
11828 return hmR0VmxExitHostNmi(pVCpu, pVmxTransient->pVmcsInfo);
11829 }
11830#endif
11831
11832 /*
11833 * Check for single stepping event if we're stepping.
11834 */
11835 if (VCPU_2_VMXSTATE(pVCpu).fSingleInstruction)
11836 {
11837 switch (uExitReason)
11838 {
11839 case VMX_EXIT_MTF:
11840 return vmxHCExitMtf(pVCpu, pVmxTransient);
11841
11842 /* Various events: */
11843 case VMX_EXIT_XCPT_OR_NMI:
11844 case VMX_EXIT_EXT_INT:
11845 case VMX_EXIT_TRIPLE_FAULT:
11846 case VMX_EXIT_INT_WINDOW:
11847 case VMX_EXIT_NMI_WINDOW:
11848 case VMX_EXIT_TASK_SWITCH:
11849 case VMX_EXIT_TPR_BELOW_THRESHOLD:
11850 case VMX_EXIT_APIC_ACCESS:
11851 case VMX_EXIT_EPT_VIOLATION:
11852 case VMX_EXIT_EPT_MISCONFIG:
11853 case VMX_EXIT_PREEMPT_TIMER:
11854
11855 /* Instruction specific VM-exits: */
11856 case VMX_EXIT_CPUID:
11857 case VMX_EXIT_GETSEC:
11858 case VMX_EXIT_HLT:
11859 case VMX_EXIT_INVD:
11860 case VMX_EXIT_INVLPG:
11861 case VMX_EXIT_RDPMC:
11862 case VMX_EXIT_RDTSC:
11863 case VMX_EXIT_RSM:
11864 case VMX_EXIT_VMCALL:
11865 case VMX_EXIT_VMCLEAR:
11866 case VMX_EXIT_VMLAUNCH:
11867 case VMX_EXIT_VMPTRLD:
11868 case VMX_EXIT_VMPTRST:
11869 case VMX_EXIT_VMREAD:
11870 case VMX_EXIT_VMRESUME:
11871 case VMX_EXIT_VMWRITE:
11872 case VMX_EXIT_VMXOFF:
11873 case VMX_EXIT_VMXON:
11874 case VMX_EXIT_MOV_CRX:
11875 case VMX_EXIT_MOV_DRX:
11876 case VMX_EXIT_IO_INSTR:
11877 case VMX_EXIT_RDMSR:
11878 case VMX_EXIT_WRMSR:
11879 case VMX_EXIT_MWAIT:
11880 case VMX_EXIT_MONITOR:
11881 case VMX_EXIT_PAUSE:
11882 case VMX_EXIT_GDTR_IDTR_ACCESS:
11883 case VMX_EXIT_LDTR_TR_ACCESS:
11884 case VMX_EXIT_INVEPT:
11885 case VMX_EXIT_RDTSCP:
11886 case VMX_EXIT_INVVPID:
11887 case VMX_EXIT_WBINVD:
11888 case VMX_EXIT_XSETBV:
11889 case VMX_EXIT_RDRAND:
11890 case VMX_EXIT_INVPCID:
11891 case VMX_EXIT_VMFUNC:
11892 case VMX_EXIT_RDSEED:
11893 case VMX_EXIT_XSAVES:
11894 case VMX_EXIT_XRSTORS:
11895 {
11896 int rc = vmxHCImportGuestState<CPUMCTX_EXTRN_CS | CPUMCTX_EXTRN_RIP>(pVCpu, pVmxTransient->pVmcsInfo, __FUNCTION__);
11897 AssertRCReturn(rc, rc);
11898 if ( pVCpu->cpum.GstCtx.rip != pDbgState->uRipStart
11899 || pVCpu->cpum.GstCtx.cs.Sel != pDbgState->uCsStart)
11900 return VINF_EM_DBG_STEPPED;
11901 break;
11902 }
11903
11904 /* Errors and unexpected events: */
11905 case VMX_EXIT_INIT_SIGNAL:
11906 case VMX_EXIT_SIPI:
11907 case VMX_EXIT_IO_SMI:
11908 case VMX_EXIT_SMI:
11909 case VMX_EXIT_ERR_INVALID_GUEST_STATE:
11910 case VMX_EXIT_ERR_MSR_LOAD:
11911 case VMX_EXIT_ERR_MACHINE_CHECK:
11912 case VMX_EXIT_PML_FULL:
11913 case VMX_EXIT_VIRTUALIZED_EOI:
11914 case VMX_EXIT_APIC_WRITE: /* Some talk about this being fault like, so I guess we must process it? */
11915 break;
11916
11917 default:
11918 AssertMsgFailed(("Unexpected VM-exit=%#x\n", uExitReason));
11919 break;
11920 }
11921 }
11922
11923 /*
11924 * Check for debugger event breakpoints and dtrace probes.
11925 */
11926 if ( uExitReason < RT_ELEMENTS(pDbgState->bmExitsToCheck) * 32U
11927 && ASMBitTest(pDbgState->bmExitsToCheck, uExitReason) )
11928 {
11929 VBOXSTRICTRC rcStrict = vmxHCHandleExitDtraceEvents(pVCpu, pVmxTransient, uExitReason);
11930 if (rcStrict != VINF_SUCCESS)
11931 return rcStrict;
11932 }
11933
11934 /*
11935 * Normal processing.
11936 */
11937#ifdef HMVMX_USE_FUNCTION_TABLE
11938 return g_aVMExitHandlers[uExitReason].pfn(pVCpu, pVmxTransient);
11939#else
11940 return vmxHCHandleExit(pVCpu, pVmxTransient, uExitReason);
11941#endif
11942}
11943
11944/** @} */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette