VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMR0/HWSVMR0.cpp@ 13796

Last change on this file since 13796 was 13541, checked in by vboxsync, 16 years ago

Paranoid assertions
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 88.4 KB
Line 
1/* $Id: HWSVMR0.cpp 13541 2008-10-23 15:31:20Z vboxsync $ */
2/** @file
3 * HWACCM SVM - Host Context Ring 0.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22
23/*******************************************************************************
24* Header Files *
25*******************************************************************************/
26#define LOG_GROUP LOG_GROUP_HWACCM
27#include <VBox/hwaccm.h>
28#include "HWACCMInternal.h"
29#include <VBox/vm.h>
30#include <VBox/x86.h>
31#include <VBox/hwacc_svm.h>
32#include <VBox/pgm.h>
33#include <VBox/pdm.h>
34#include <VBox/err.h>
35#include <VBox/log.h>
36#include <VBox/selm.h>
37#include <VBox/iom.h>
38#include <VBox/dis.h>
39#include <VBox/dbgf.h>
40#include <VBox/disopcode.h>
41#include <iprt/param.h>
42#include <iprt/assert.h>
43#include <iprt/asm.h>
44#include <iprt/cpuset.h>
45#include <iprt/mp.h>
46#include "HWSVMR0.h"
47
48/*******************************************************************************
49* Internal Functions *
50*******************************************************************************/
51static int SVMR0InterpretInvpg(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t uASID);
52
53/*******************************************************************************
54* Global Variables *
55*******************************************************************************/
56/* IO operation lookup arrays. */
57static uint32_t const g_aIOSize[4] = {1, 2, 0, 4};
58
59/**
60 * Sets up and activates AMD-V on the current CPU
61 *
62 * @returns VBox status code.
63 * @param pCpu CPU info struct
64 * @param pVM The VM to operate on. (can be NULL after a resume!!)
65 * @param pvPageCpu Pointer to the global cpu page
66 * @param pPageCpuPhys Physical address of the global cpu page
67 */
68VMMR0DECL(int) SVMR0EnableCpu(PHWACCM_CPUINFO pCpu, PVM pVM, void *pvPageCpu, RTHCPHYS pPageCpuPhys)
69{
70 AssertReturn(pPageCpuPhys, VERR_INVALID_PARAMETER);
71 AssertReturn(pvPageCpu, VERR_INVALID_PARAMETER);
72
73 /* We must turn on AMD-V and setup the host state physical address, as those MSRs are per-cpu/core. */
74
75#ifdef LOG_ENABLED
76 SUPR0Printf("SVMR0EnableCpu cpu %d page (%x) %x\n", pCpu->idCpu, pvPageCpu, (uint32_t)pPageCpuPhys);
77#endif
78
79 /* Turn on AMD-V in the EFER MSR. */
80 uint64_t val = ASMRdMsr(MSR_K6_EFER);
81 if (!(val & MSR_K6_EFER_SVME))
82 ASMWrMsr(MSR_K6_EFER, val | MSR_K6_EFER_SVME);
83
84 /* Write the physical page address where the CPU will store the host state while executing the VM. */
85 ASMWrMsr(MSR_K8_VM_HSAVE_PA, pPageCpuPhys);
86
87 return VINF_SUCCESS;
88}
89
90/**
91 * Deactivates AMD-V on the current CPU
92 *
93 * @returns VBox status code.
94 * @param pCpu CPU info struct
95 * @param pvPageCpu Pointer to the global cpu page
96 * @param pPageCpuPhys Physical address of the global cpu page
97 */
98VMMR0DECL(int) SVMR0DisableCpu(PHWACCM_CPUINFO pCpu, void *pvPageCpu, RTHCPHYS pPageCpuPhys)
99{
100 AssertReturn(pPageCpuPhys, VERR_INVALID_PARAMETER);
101 AssertReturn(pvPageCpu, VERR_INVALID_PARAMETER);
102
103#ifdef LOG_ENABLED
104 SUPR0Printf("SVMR0DisableCpu cpu %d\n", pCpu->idCpu);
105#endif
106
107 /* Turn off AMD-V in the EFER MSR. */
108 uint64_t val = ASMRdMsr(MSR_K6_EFER);
109 ASMWrMsr(MSR_K6_EFER, val & ~MSR_K6_EFER_SVME);
110
111 /* Invalidate host state physical address. */
112 ASMWrMsr(MSR_K8_VM_HSAVE_PA, 0);
113
114 return VINF_SUCCESS;
115}
116
117/**
118 * Does Ring-0 per VM AMD-V init.
119 *
120 * @returns VBox status code.
121 * @param pVM The VM to operate on.
122 */
123VMMR0DECL(int) SVMR0InitVM(PVM pVM)
124{
125 int rc;
126
127 pVM->hwaccm.s.svm.pMemObjVMCB = NIL_RTR0MEMOBJ;
128 pVM->hwaccm.s.svm.pMemObjVMCBHost = NIL_RTR0MEMOBJ;
129 pVM->hwaccm.s.svm.pMemObjIOBitmap = NIL_RTR0MEMOBJ;
130 pVM->hwaccm.s.svm.pMemObjMSRBitmap = NIL_RTR0MEMOBJ;
131
132
133 /* Allocate one page for the VM control block (VMCB). */
134 rc = RTR0MemObjAllocCont(&pVM->hwaccm.s.svm.pMemObjVMCB, 1 << PAGE_SHIFT, true /* executable R0 mapping */);
135 if (RT_FAILURE(rc))
136 return rc;
137
138 pVM->hwaccm.s.svm.pVMCB = RTR0MemObjAddress(pVM->hwaccm.s.svm.pMemObjVMCB);
139 pVM->hwaccm.s.svm.pVMCBPhys = RTR0MemObjGetPagePhysAddr(pVM->hwaccm.s.svm.pMemObjVMCB, 0);
140 ASMMemZeroPage(pVM->hwaccm.s.svm.pVMCB);
141
142 /* Allocate one page for the host context */
143 rc = RTR0MemObjAllocCont(&pVM->hwaccm.s.svm.pMemObjVMCBHost, 1 << PAGE_SHIFT, true /* executable R0 mapping */);
144 if (RT_FAILURE(rc))
145 return rc;
146
147 pVM->hwaccm.s.svm.pVMCBHost = RTR0MemObjAddress(pVM->hwaccm.s.svm.pMemObjVMCBHost);
148 pVM->hwaccm.s.svm.pVMCBHostPhys = RTR0MemObjGetPagePhysAddr(pVM->hwaccm.s.svm.pMemObjVMCBHost, 0);
149 ASMMemZeroPage(pVM->hwaccm.s.svm.pVMCBHost);
150
151 /* Allocate 12 KB for the IO bitmap (doesn't seem to be a way to convince SVM not to use it) */
152 rc = RTR0MemObjAllocCont(&pVM->hwaccm.s.svm.pMemObjIOBitmap, 3 << PAGE_SHIFT, true /* executable R0 mapping */);
153 if (RT_FAILURE(rc))
154 return rc;
155
156 pVM->hwaccm.s.svm.pIOBitmap = RTR0MemObjAddress(pVM->hwaccm.s.svm.pMemObjIOBitmap);
157 pVM->hwaccm.s.svm.pIOBitmapPhys = RTR0MemObjGetPagePhysAddr(pVM->hwaccm.s.svm.pMemObjIOBitmap, 0);
158 /* Set all bits to intercept all IO accesses. */
159 ASMMemFill32(pVM->hwaccm.s.svm.pIOBitmap, PAGE_SIZE*3, 0xffffffff);
160
161 /* Allocate 8 KB for the MSR bitmap (doesn't seem to be a way to convince SVM not to use it) */
162 rc = RTR0MemObjAllocCont(&pVM->hwaccm.s.svm.pMemObjMSRBitmap, 2 << PAGE_SHIFT, true /* executable R0 mapping */);
163 if (RT_FAILURE(rc))
164 return rc;
165
166 pVM->hwaccm.s.svm.pMSRBitmap = RTR0MemObjAddress(pVM->hwaccm.s.svm.pMemObjMSRBitmap);
167 pVM->hwaccm.s.svm.pMSRBitmapPhys = RTR0MemObjGetPagePhysAddr(pVM->hwaccm.s.svm.pMemObjMSRBitmap, 0);
168 /* Set all bits to intercept all MSR accesses. */
169 ASMMemFill32(pVM->hwaccm.s.svm.pMSRBitmap, PAGE_SIZE*2, 0xffffffff);
170
171 /* Erratum 170 which requires a forced TLB flush for each world switch:
172 * See http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/33610.pdf
173 *
174 * All BH-G1/2 and DH-G1/2 models include a fix:
175 * Athlon X2: 0x6b 1/2
176 * 0x68 1/2
177 * Athlon 64: 0x7f 1
178 * 0x6f 2
179 * Sempron: 0x7f 1/2
180 * 0x6f 2
181 * 0x6c 2
182 * 0x7c 2
183 * Turion 64: 0x68 2
184 *
185 */
186 uint32_t u32Dummy;
187 uint32_t u32Version, u32Family, u32Model, u32Stepping, u32BaseFamily;
188 ASMCpuId(1, &u32Version, &u32Dummy, &u32Dummy, &u32Dummy);
189 u32BaseFamily= (u32Version >> 8) & 0xf;
190 u32Family = u32BaseFamily + (u32BaseFamily == 0xf ? ((u32Version >> 20) & 0x7f) : 0);
191 u32Model = ((u32Version >> 4) & 0xf);
192 u32Model = u32Model | ((u32BaseFamily == 0xf ? (u32Version >> 16) & 0x0f : 0) << 4);
193 u32Stepping = u32Version & 0xf;
194 if ( u32Family == 0xf
195 && !((u32Model == 0x68 || u32Model == 0x6b || u32Model == 0x7f) && u32Stepping >= 1)
196 && !((u32Model == 0x6f || u32Model == 0x6c || u32Model == 0x7c) && u32Stepping >= 2))
197 {
198 Log(("SVMR0InitVM: AMD cpu with erratum 170 family %x model %x stepping %x\n", u32Family, u32Model, u32Stepping));
199 pVM->hwaccm.s.svm.fAlwaysFlushTLB = true;
200 }
201 return VINF_SUCCESS;
202}
203
204/**
205 * Does Ring-0 per VM AMD-V termination.
206 *
207 * @returns VBox status code.
208 * @param pVM The VM to operate on.
209 */
210VMMR0DECL(int) SVMR0TermVM(PVM pVM)
211{
212 if (pVM->hwaccm.s.svm.pMemObjVMCB != NIL_RTR0MEMOBJ)
213 {
214 RTR0MemObjFree(pVM->hwaccm.s.svm.pMemObjVMCB, false);
215 pVM->hwaccm.s.svm.pVMCB = 0;
216 pVM->hwaccm.s.svm.pVMCBPhys = 0;
217 pVM->hwaccm.s.svm.pMemObjVMCB = NIL_RTR0MEMOBJ;
218 }
219 if (pVM->hwaccm.s.svm.pMemObjVMCBHost != NIL_RTR0MEMOBJ)
220 {
221 RTR0MemObjFree(pVM->hwaccm.s.svm.pMemObjVMCBHost, false);
222 pVM->hwaccm.s.svm.pVMCBHost = 0;
223 pVM->hwaccm.s.svm.pVMCBHostPhys = 0;
224 pVM->hwaccm.s.svm.pMemObjVMCBHost = NIL_RTR0MEMOBJ;
225 }
226 if (pVM->hwaccm.s.svm.pMemObjIOBitmap != NIL_RTR0MEMOBJ)
227 {
228 RTR0MemObjFree(pVM->hwaccm.s.svm.pMemObjIOBitmap, false);
229 pVM->hwaccm.s.svm.pIOBitmap = 0;
230 pVM->hwaccm.s.svm.pIOBitmapPhys = 0;
231 pVM->hwaccm.s.svm.pMemObjIOBitmap = NIL_RTR0MEMOBJ;
232 }
233 if (pVM->hwaccm.s.svm.pMemObjMSRBitmap != NIL_RTR0MEMOBJ)
234 {
235 RTR0MemObjFree(pVM->hwaccm.s.svm.pMemObjMSRBitmap, false);
236 pVM->hwaccm.s.svm.pMSRBitmap = 0;
237 pVM->hwaccm.s.svm.pMSRBitmapPhys = 0;
238 pVM->hwaccm.s.svm.pMemObjMSRBitmap = NIL_RTR0MEMOBJ;
239 }
240 return VINF_SUCCESS;
241}
242
243/**
244 * Sets up AMD-V for the specified VM
245 *
246 * @returns VBox status code.
247 * @param pVM The VM to operate on.
248 */
249VMMR0DECL(int) SVMR0SetupVM(PVM pVM)
250{
251 int rc = VINF_SUCCESS;
252 SVM_VMCB *pVMCB;
253
254 AssertReturn(pVM, VERR_INVALID_PARAMETER);
255
256 Assert(pVM->hwaccm.s.svm.fSupported);
257
258 pVMCB = (SVM_VMCB *)pVM->hwaccm.s.svm.pVMCB;
259 AssertMsgReturn(pVMCB, ("Invalid pVMCB\n"), VERR_EM_INTERNAL_ERROR);
260
261 /* Program the control fields. Most of them never have to be changed again. */
262 /* CR0/3/4 reads must be intercepted, our shadow values are not necessarily the same as the guest's. */
263 /* Note: CR0 & CR4 can be safely read when guest and shadow copies are identical. */
264 if (!pVM->hwaccm.s.fNestedPaging)
265 pVMCB->ctrl.u16InterceptRdCRx = RT_BIT(0) | RT_BIT(3) | RT_BIT(4);
266 else
267 pVMCB->ctrl.u16InterceptRdCRx = RT_BIT(0) | RT_BIT(4);
268
269 /*
270 * CR0/3/4 writes must be intercepted for obvious reasons.
271 */
272 if (!pVM->hwaccm.s.fNestedPaging)
273 pVMCB->ctrl.u16InterceptWrCRx = RT_BIT(0) | RT_BIT(3) | RT_BIT(4);
274 else
275 pVMCB->ctrl.u16InterceptWrCRx = RT_BIT(0) | RT_BIT(4) | RT_BIT(8);
276
277 /* Intercept all DRx reads and writes by default. Changed later on. */
278 pVMCB->ctrl.u16InterceptRdDRx = 0xFFFF;
279 pVMCB->ctrl.u16InterceptWrDRx = 0xFFFF;
280
281 /* Currently we don't care about DRx reads or writes. DRx registers are trashed.
282 * All breakpoints are automatically cleared when the VM exits.
283 */
284
285 pVMCB->ctrl.u32InterceptException = HWACCM_SVM_TRAP_MASK;
286#ifndef DEBUG
287 if (pVM->hwaccm.s.fNestedPaging)
288 pVMCB->ctrl.u32InterceptException &= ~RT_BIT(X86_XCPT_PF); /* no longer need to intercept #PF. */
289#endif
290
291 pVMCB->ctrl.u32InterceptCtrl1 = SVM_CTRL1_INTERCEPT_INTR
292 | SVM_CTRL1_INTERCEPT_VINTR
293 | SVM_CTRL1_INTERCEPT_NMI
294 | SVM_CTRL1_INTERCEPT_SMI
295 | SVM_CTRL1_INTERCEPT_INIT
296 | SVM_CTRL1_INTERCEPT_RDPMC
297 | SVM_CTRL1_INTERCEPT_CPUID
298 | SVM_CTRL1_INTERCEPT_RSM
299 | SVM_CTRL1_INTERCEPT_HLT
300 | SVM_CTRL1_INTERCEPT_INOUT_BITMAP
301 | SVM_CTRL1_INTERCEPT_MSR_SHADOW
302 | SVM_CTRL1_INTERCEPT_INVLPG
303 | SVM_CTRL1_INTERCEPT_INVLPGA /* AMD only */
304 | SVM_CTRL1_INTERCEPT_TASK_SWITCH
305 | SVM_CTRL1_INTERCEPT_SHUTDOWN /* fatal */
306 | SVM_CTRL1_INTERCEPT_FERR_FREEZE; /* Legacy FPU FERR handling. */
307 ;
308 /* With nested paging we don't care about invlpg anymore. */
309 if (pVM->hwaccm.s.fNestedPaging)
310 pVMCB->ctrl.u32InterceptCtrl1 &= ~SVM_CTRL1_INTERCEPT_INVLPG;
311
312 pVMCB->ctrl.u32InterceptCtrl2 = SVM_CTRL2_INTERCEPT_VMRUN /* required */
313 | SVM_CTRL2_INTERCEPT_VMMCALL
314 | SVM_CTRL2_INTERCEPT_VMLOAD
315 | SVM_CTRL2_INTERCEPT_VMSAVE
316 | SVM_CTRL2_INTERCEPT_STGI
317 | SVM_CTRL2_INTERCEPT_CLGI
318 | SVM_CTRL2_INTERCEPT_SKINIT
319 | SVM_CTRL2_INTERCEPT_RDTSCP /* AMD only; we don't support this one */
320 | SVM_CTRL2_INTERCEPT_WBINVD
321 | SVM_CTRL2_INTERCEPT_MWAIT_UNCOND; /* don't execute mwait or else we'll idle inside the guest (host thinks the cpu load is high) */
322 ;
323 Log(("pVMCB->ctrl.u32InterceptException = %x\n", pVMCB->ctrl.u32InterceptException));
324 Log(("pVMCB->ctrl.u32InterceptCtrl1 = %x\n", pVMCB->ctrl.u32InterceptCtrl1));
325 Log(("pVMCB->ctrl.u32InterceptCtrl2 = %x\n", pVMCB->ctrl.u32InterceptCtrl2));
326
327 /* Virtualize masking of INTR interrupts. (reads/writes from/to CR8 go to the V_TPR register) */
328 pVMCB->ctrl.IntCtrl.n.u1VIrqMasking = 1;
329 /* Ignore the priority in the TPR; just deliver it when we tell it to. */
330 pVMCB->ctrl.IntCtrl.n.u1IgnoreTPR = 1;
331
332 /* Set IO and MSR bitmap addresses. */
333 pVMCB->ctrl.u64IOPMPhysAddr = pVM->hwaccm.s.svm.pIOBitmapPhys;
334 pVMCB->ctrl.u64MSRPMPhysAddr = pVM->hwaccm.s.svm.pMSRBitmapPhys;
335
336 /* No LBR virtualization. */
337 pVMCB->ctrl.u64LBRVirt = 0;
338
339 /** The ASID must start at 1; the host uses 0. */
340 pVMCB->ctrl.TLBCtrl.n.u32ASID = 1;
341
342 /** Setup the PAT msr (nested paging only) */
343 pVMCB->guest.u64GPAT = 0x0007040600070406ULL;
344 return rc;
345}
346
347
348/**
349 * Injects an event (trap or external interrupt)
350 *
351 * @param pVM The VM to operate on.
352 * @param pVMCB SVM control block
353 * @param pCtx CPU Context
354 * @param pIntInfo SVM interrupt info
355 */
356inline void SVMR0InjectEvent(PVM pVM, SVM_VMCB *pVMCB, CPUMCTX *pCtx, SVM_EVENT* pEvent)
357{
358#ifdef VBOX_STRICT
359 if (pEvent->n.u8Vector == 0xE)
360 Log(("SVM: Inject int %d at %VGv error code=%02x CR2=%VGv intInfo=%08x\n", pEvent->n.u8Vector, pCtx->rip, pEvent->n.u32ErrorCode, pCtx->cr2, pEvent->au64[0]));
361 else
362 if (pEvent->n.u8Vector < 0x20)
363 Log(("SVM: Inject int %d at %VGv error code=%08x\n", pEvent->n.u8Vector, pCtx->rip, pEvent->n.u32ErrorCode));
364 else
365 {
366 Log(("INJ-EI: %x at %VGv\n", pEvent->n.u8Vector, pCtx->rip));
367 Assert(!VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS));
368 Assert(pCtx->eflags.u32 & X86_EFL_IF);
369 }
370#endif
371
372 /* Set event injection state. */
373 pVMCB->ctrl.EventInject.au64[0] = pEvent->au64[0];
374}
375
376
377/**
378 * Checks for pending guest interrupts and injects them
379 *
380 * @returns VBox status code.
381 * @param pVM The VM to operate on.
382 * @param pVMCB SVM control block
383 * @param pCtx CPU Context
384 */
385static int SVMR0CheckPendingInterrupt(PVM pVM, SVM_VMCB *pVMCB, CPUMCTX *pCtx)
386{
387 int rc;
388
389 /* Dispatch any pending interrupts. (injected before, but a VM exit occurred prematurely) */
390 if (pVM->hwaccm.s.Event.fPending)
391 {
392 SVM_EVENT Event;
393
394 Log(("Reinjecting event %08x %08x at %VGv\n", pVM->hwaccm.s.Event.intInfo, pVM->hwaccm.s.Event.errCode, pCtx->rip));
395 STAM_COUNTER_INC(&pVM->hwaccm.s.StatIntReinject);
396 Event.au64[0] = pVM->hwaccm.s.Event.intInfo;
397 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
398
399 pVM->hwaccm.s.Event.fPending = false;
400 return VINF_SUCCESS;
401 }
402
403 /* When external interrupts are pending, we should exit the VM when IF is set. */
404 if ( !TRPMHasTrap(pVM)
405 && VM_FF_ISPENDING(pVM, (VM_FF_INTERRUPT_APIC|VM_FF_INTERRUPT_PIC)))
406 {
407 if ( !(pCtx->eflags.u32 & X86_EFL_IF)
408 || VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS))
409 {
410 if (!pVMCB->ctrl.IntCtrl.n.u1VIrqValid)
411 {
412 if (!VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS))
413 LogFlow(("Enable irq window exit!\n"));
414 else
415 Log(("Pending interrupt blocked at %VGv by VM_FF_INHIBIT_INTERRUPTS -> irq window exit\n", pCtx->rip));
416
417 /** @todo use virtual interrupt method to inject a pending irq; dispatched as soon as guest.IF is set. */
418 pVMCB->ctrl.u32InterceptCtrl1 |= SVM_CTRL1_INTERCEPT_VINTR;
419 pVMCB->ctrl.IntCtrl.n.u1VIrqValid = 1;
420 pVMCB->ctrl.IntCtrl.n.u8VIrqVector = 0; /* don't care */
421 }
422 }
423 else
424 {
425 uint8_t u8Interrupt;
426
427 rc = PDMGetInterrupt(pVM, &u8Interrupt);
428 Log(("Dispatch interrupt: u8Interrupt=%x (%d) rc=%Vrc\n", u8Interrupt, u8Interrupt, rc));
429 if (VBOX_SUCCESS(rc))
430 {
431 rc = TRPMAssertTrap(pVM, u8Interrupt, TRPM_HARDWARE_INT);
432 AssertRC(rc);
433 }
434 else
435 {
436 /* Can only happen in rare cases where a pending interrupt is cleared behind our back */
437 Assert(!VM_FF_ISPENDING(pVM, (VM_FF_INTERRUPT_APIC|VM_FF_INTERRUPT_PIC)));
438 STAM_COUNTER_INC(&pVM->hwaccm.s.StatSwitchGuestIrq);
439 /* Just continue */
440 }
441 }
442 }
443
444#ifdef VBOX_STRICT
445 if (TRPMHasTrap(pVM))
446 {
447 uint8_t u8Vector;
448 rc = TRPMQueryTrapAll(pVM, &u8Vector, 0, 0, 0);
449 AssertRC(rc);
450 }
451#endif
452
453 if ( pCtx->eflags.u32 & X86_EFL_IF
454 && (!VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS))
455 && TRPMHasTrap(pVM)
456 )
457 {
458 uint8_t u8Vector;
459 int rc;
460 TRPMEVENT enmType;
461 SVM_EVENT Event;
462 RTGCUINT u32ErrorCode;
463
464 Event.au64[0] = 0;
465
466 /* If a new event is pending, then dispatch it now. */
467 rc = TRPMQueryTrapAll(pVM, &u8Vector, &enmType, &u32ErrorCode, 0);
468 AssertRC(rc);
469 Assert(pCtx->eflags.Bits.u1IF == 1 || enmType == TRPM_TRAP);
470 Assert(enmType != TRPM_SOFTWARE_INT);
471
472 /* Clear the pending trap. */
473 rc = TRPMResetTrap(pVM);
474 AssertRC(rc);
475
476 Event.n.u8Vector = u8Vector;
477 Event.n.u1Valid = 1;
478 Event.n.u32ErrorCode = u32ErrorCode;
479
480 if (enmType == TRPM_TRAP)
481 {
482 switch (u8Vector) {
483 case 8:
484 case 10:
485 case 11:
486 case 12:
487 case 13:
488 case 14:
489 case 17:
490 /* Valid error codes. */
491 Event.n.u1ErrorCodeValid = 1;
492 break;
493 default:
494 break;
495 }
496 if (u8Vector == X86_XCPT_NMI)
497 Event.n.u3Type = SVM_EVENT_NMI;
498 else
499 Event.n.u3Type = SVM_EVENT_EXCEPTION;
500 }
501 else
502 Event.n.u3Type = SVM_EVENT_EXTERNAL_IRQ;
503
504 STAM_COUNTER_INC(&pVM->hwaccm.s.StatIntInject);
505 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
506 } /* if (interrupts can be dispatched) */
507
508 return VINF_SUCCESS;
509}
510
511/**
512 * Save the host state
513 *
514 * @returns VBox status code.
515 * @param pVM The VM to operate on.
516 */
517VMMR0DECL(int) SVMR0SaveHostState(PVM pVM)
518{
519 /* Nothing to do here. */
520 return VINF_SUCCESS;
521}
522
523/**
524 * Loads the guest state
525 *
526 * NOTE: Don't do anything here that can cause a jump back to ring 3!!!!!
527 *
528 * @returns VBox status code.
529 * @param pVM The VM to operate on.
530 * @param pCtx Guest context
531 */
532VMMR0DECL(int) SVMR0LoadGuestState(PVM pVM, CPUMCTX *pCtx)
533{
534 RTGCUINTPTR val;
535 SVM_VMCB *pVMCB;
536
537 if (pVM == NULL)
538 return VERR_INVALID_PARAMETER;
539
540 /* Setup AMD SVM. */
541 Assert(pVM->hwaccm.s.svm.fSupported);
542
543 pVMCB = (SVM_VMCB *)pVM->hwaccm.s.svm.pVMCB;
544 AssertMsgReturn(pVMCB, ("Invalid pVMCB\n"), VERR_EM_INTERNAL_ERROR);
545
546 /* Guest CPU context: ES, CS, SS, DS, FS, GS. */
547 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_SEGMENT_REGS)
548 {
549 SVM_WRITE_SELREG(CS, cs);
550 SVM_WRITE_SELREG(SS, ss);
551 SVM_WRITE_SELREG(DS, ds);
552 SVM_WRITE_SELREG(ES, es);
553 SVM_WRITE_SELREG(FS, fs);
554 SVM_WRITE_SELREG(GS, gs);
555 }
556
557 /* Guest CPU context: LDTR. */
558 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_LDTR)
559 {
560 SVM_WRITE_SELREG(LDTR, ldtr);
561 }
562
563 /* Guest CPU context: TR. */
564 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_TR)
565 {
566 SVM_WRITE_SELREG(TR, tr);
567 }
568
569 /* Guest CPU context: GDTR. */
570 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_GDTR)
571 {
572 pVMCB->guest.GDTR.u32Limit = pCtx->gdtr.cbGdt;
573 pVMCB->guest.GDTR.u64Base = pCtx->gdtr.pGdt;
574 }
575
576 /* Guest CPU context: IDTR. */
577 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_IDTR)
578 {
579 pVMCB->guest.IDTR.u32Limit = pCtx->idtr.cbIdt;
580 pVMCB->guest.IDTR.u64Base = pCtx->idtr.pIdt;
581 }
582
583 /*
584 * Sysenter MSRs (unconditional)
585 */
586 pVMCB->guest.u64SysEnterCS = pCtx->SysEnter.cs;
587 pVMCB->guest.u64SysEnterEIP = pCtx->SysEnter.eip;
588 pVMCB->guest.u64SysEnterESP = pCtx->SysEnter.esp;
589
590 /* Control registers */
591 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_CR0)
592 {
593 val = pCtx->cr0;
594 if (!CPUMIsGuestFPUStateActive(pVM))
595 {
596 /* Always use #NM exceptions to load the FPU/XMM state on demand. */
597 val |= X86_CR0_TS | X86_CR0_ET | X86_CR0_NE | X86_CR0_MP;
598 }
599 else
600 {
601 /** @todo check if we support the old style mess correctly. */
602 if (!(val & X86_CR0_NE))
603 {
604 Log(("Forcing X86_CR0_NE!!!\n"));
605
606 /* Also catch floating point exceptions as we need to report them to the guest in a different way. */
607 if (!pVM->hwaccm.s.fFPUOldStyleOverride)
608 {
609 pVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_MF);
610 pVM->hwaccm.s.fFPUOldStyleOverride = true;
611 }
612 }
613 val |= X86_CR0_NE; /* always turn on the native mechanism to report FPU errors (old style uses interrupts) */
614 }
615 /* Always enable caching. */
616 val &= ~(X86_CR0_CD|X86_CR0_NW);
617
618 /* Note: WP is not relevant in nested paging mode as we catch accesses on the (guest) physical level. */
619 /* Note: In nested paging mode the guest is allowed to run with paging disabled; the guest physical to host physical translation will remain active. */
620 if (!pVM->hwaccm.s.fNestedPaging)
621 {
622 val |= X86_CR0_PG; /* Paging is always enabled; even when the guest is running in real mode or PE without paging. */
623 val |= X86_CR0_WP; /* Must set this as we rely on protect various pages and supervisor writes must be caught. */
624 }
625 pVMCB->guest.u64CR0 = val;
626 }
627 /* CR2 as well */
628 pVMCB->guest.u64CR2 = pCtx->cr2;
629
630 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_CR3)
631 {
632 /* Save our shadow CR3 register. */
633 if (pVM->hwaccm.s.fNestedPaging)
634 {
635 pVMCB->ctrl.u64NestedPagingCR3 = PGMGetNestedCR3(pVM, PGMGetHostMode(pVM));
636 Assert(pVMCB->ctrl.u64NestedPagingCR3);
637 pVMCB->guest.u64CR3 = pCtx->cr3;
638 }
639 else
640 {
641 pVMCB->guest.u64CR3 = PGMGetHyperCR3(pVM);
642 Assert(pVMCB->guest.u64CR3);
643 }
644 }
645
646 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_CR4)
647 {
648 val = pCtx->cr4;
649 if (!pVM->hwaccm.s.fNestedPaging)
650 {
651 switch(pVM->hwaccm.s.enmShadowMode)
652 {
653 case PGMMODE_REAL:
654 case PGMMODE_PROTECTED: /* Protected mode, no paging. */
655 AssertFailed();
656 return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
657
658 case PGMMODE_32_BIT: /* 32-bit paging. */
659 break;
660
661 case PGMMODE_PAE: /* PAE paging. */
662 case PGMMODE_PAE_NX: /* PAE paging with NX enabled. */
663 /** @todo use normal 32 bits paging */
664 val |= X86_CR4_PAE;
665 break;
666
667 case PGMMODE_AMD64: /* 64-bit AMD paging (long mode). */
668 case PGMMODE_AMD64_NX: /* 64-bit AMD paging (long mode) with NX enabled. */
669#ifdef VBOX_ENABLE_64_BITS_GUESTS
670 break;
671#else
672 AssertFailed();
673 return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
674#endif
675
676 default: /* shut up gcc */
677 AssertFailed();
678 return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
679 }
680 }
681 pVMCB->guest.u64CR4 = val;
682 }
683
684 /* Debug registers. */
685 if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_DEBUG)
686 {
687 pCtx->dr[6] |= X86_DR6_INIT_VAL; /* set all reserved bits to 1. */
688 pCtx->dr[6] &= ~RT_BIT(12); /* must be zero. */
689
690 pCtx->dr[7] &= 0xffffffff; /* upper 32 bits reserved */
691 pCtx->dr[7] &= ~(RT_BIT(11) | RT_BIT(12) | RT_BIT(14) | RT_BIT(15)); /* must be zero */
692 pCtx->dr[7] |= 0x400; /* must be one */
693
694 pVMCB->guest.u64DR7 = pCtx->dr[7];
695 pVMCB->guest.u64DR6 = pCtx->dr[6];
696
697 /* Sync the debug state now if any breakpoint is armed. */
698 if ( (pCtx->dr[7] & (X86_DR7_ENABLED_MASK|X86_DR7_GD))
699 && !CPUMIsGuestDebugStateActive(pVM)
700 && !DBGFIsStepping(pVM))
701 {
702 STAM_COUNTER_INC(&pVM->hwaccm.s.StatDRxArmed);
703
704 /* Disable drx move intercepts. */
705 pVMCB->ctrl.u16InterceptRdDRx = 0;
706 pVMCB->ctrl.u16InterceptWrDRx = 0;
707
708 /* Save the host and load the guest debug state. */
709 int rc = CPUMR0LoadGuestDebugState(pVM, pCtx, false /* exclude DR6 */);
710 AssertRC(rc);
711 }
712 }
713
714 /* EIP, ESP and EFLAGS */
715 pVMCB->guest.u64RIP = pCtx->rip;
716 pVMCB->guest.u64RSP = pCtx->rsp;
717 pVMCB->guest.u64RFlags = pCtx->eflags.u32;
718
719 /* Set CPL */
720 pVMCB->guest.u8CPL = pCtx->csHid.Attr.n.u2Dpl;
721
722 /* RAX/EAX too, as VMRUN uses RAX as an implicit parameter. */
723 pVMCB->guest.u64RAX = pCtx->rax;
724
725 /* vmrun will fail without MSR_K6_EFER_SVME. */
726 pVMCB->guest.u64EFER = pCtx->msrEFER | MSR_K6_EFER_SVME;
727
728 /* 64 bits guest mode? */
729 if (pCtx->msrEFER & MSR_K6_EFER_LMA)
730 {
731#if !defined(VBOX_WITH_64_BITS_GUESTS) || HC_ARCH_BITS != 64
732 return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
733#else
734 pVM->hwaccm.s.svm.pfnVMRun = SVMVMRun64;
735#endif
736 /* Unconditionally update these as wrmsr might have changed them. (HWACCM_CHANGED_GUEST_SEGMENT_REGS will not be set) */
737 pVMCB->guest.FS.u64Base = pCtx->fsHid.u64Base;
738 pVMCB->guest.GS.u64Base = pCtx->gsHid.u64Base;
739 }
740 else
741 {
742 /* Filter out the MSR_K6_LME bit or else AMD-V expects amd64 shadow paging. */
743 pVMCB->guest.u64EFER &= ~MSR_K6_EFER_LME;
744
745 pVM->hwaccm.s.svm.pfnVMRun = SVMVMRun;
746 }
747
748 /* TSC offset. */
749 if (TMCpuTickCanUseRealTSC(pVM, &pVMCB->ctrl.u64TSCOffset))
750 {
751 pVMCB->ctrl.u32InterceptCtrl1 &= ~SVM_CTRL1_INTERCEPT_RDTSC;
752 STAM_COUNTER_INC(&pVM->hwaccm.s.StatTSCOffset);
753 }
754 else
755 {
756 pVMCB->ctrl.u32InterceptCtrl1 |= SVM_CTRL1_INTERCEPT_RDTSC;
757 STAM_COUNTER_INC(&pVM->hwaccm.s.StatTSCIntercept);
758 }
759
760 /* Sync the various msrs for 64 bits mode. */
761 pVMCB->guest.u64STAR = pCtx->msrSTAR; /* legacy syscall eip, cs & ss */
762 pVMCB->guest.u64LSTAR = pCtx->msrLSTAR; /* 64 bits mode syscall rip */
763 pVMCB->guest.u64CSTAR = pCtx->msrCSTAR; /* compatibility mode syscall rip */
764 pVMCB->guest.u64SFMASK = pCtx->msrSFMASK; /* syscall flag mask */
765 pVMCB->guest.u64KernelGSBase = pCtx->msrKERNELGSBASE; /* swapgs exchange value */
766
767#ifdef DEBUG
768 /* Intercept X86_XCPT_DB if stepping is enabled */
769 if (DBGFIsStepping(pVM))
770 pVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_DB);
771 else
772 pVMCB->ctrl.u32InterceptException &= ~RT_BIT(X86_XCPT_DB);
773#endif
774
775 /* Done. */
776 pVM->hwaccm.s.fContextUseFlags &= ~HWACCM_CHANGED_ALL_GUEST;
777
778 return VINF_SUCCESS;
779}
780
781
782/**
783 * Runs guest code in an SVM VM.
784 *
785 * @todo This can be much more efficient, when we only sync that which has actually changed. (this is the first attempt only)
786 *
787 * @returns VBox status code.
788 * @param pVM The VM to operate on.
789 * @param pCtx Guest context
790 */
791VMMR0DECL(int) SVMR0RunGuestCode(PVM pVM, CPUMCTX *pCtx)
792{
793 int rc = VINF_SUCCESS;
794 uint64_t exitCode = (uint64_t)SVM_EXIT_INVALID;
795 SVM_VMCB *pVMCB;
796 bool fSyncTPR = false;
797 unsigned cResume = 0;
798 uint8_t u8LastVTPR;
799 PHWACCM_CPUINFO pCpu = 0;
800#ifdef VBOX_STRICT
801 RTCPUID idCpuCheck;
802#endif
803
804 STAM_PROFILE_ADV_START(&pVM->hwaccm.s.StatEntry, x);
805
806 pVMCB = (SVM_VMCB *)pVM->hwaccm.s.svm.pVMCB;
807 AssertMsgReturn(pVMCB, ("Invalid pVMCB\n"), VERR_EM_INTERNAL_ERROR);
808
809 /* We can jump to this point to resume execution after determining that a VM-exit is innocent.
810 */
811ResumeExecution:
812 Assert(!HWACCMR0SuspendPending());
813
814 /* Safety precaution; looping for too long here can have a very bad effect on the host */
815 if (++cResume > HWACCM_MAX_RESUME_LOOPS)
816 {
817 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitMaxResume);
818 rc = VINF_EM_RAW_INTERRUPT;
819 goto end;
820 }
821
822 /* Check for irq inhibition due to instruction fusing (sti, mov ss). */
823 if (VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS))
824 {
825 Log(("VM_FF_INHIBIT_INTERRUPTS at %VGv successor %VGv\n", pCtx->rip, EMGetInhibitInterruptsPC(pVM)));
826 if (pCtx->rip != EMGetInhibitInterruptsPC(pVM))
827 {
828 /* Note: we intentionally don't clear VM_FF_INHIBIT_INTERRUPTS here.
829 * Before we are able to execute this instruction in raw mode (iret to guest code) an external interrupt might
830 * force a world switch again. Possibly allowing a guest interrupt to be dispatched in the process. This could
831 * break the guest. Sounds very unlikely, but such timing sensitive problem are not as rare as you might think.
832 */
833 VM_FF_CLEAR(pVM, VM_FF_INHIBIT_INTERRUPTS);
834 /* Irq inhibition is no longer active; clear the corresponding SVM state. */
835 pVMCB->ctrl.u64IntShadow = 0;
836 }
837 }
838 else
839 {
840 /* Irq inhibition is no longer active; clear the corresponding SVM state. */
841 pVMCB->ctrl.u64IntShadow = 0;
842 }
843
844 /* Check for pending actions that force us to go back to ring 3. */
845#ifdef DEBUG
846 /* Intercept X86_XCPT_DB if stepping is enabled */
847 if (!DBGFIsStepping(pVM))
848#endif
849 {
850 if (VM_FF_ISPENDING(pVM, VM_FF_TO_R3 | VM_FF_TIMER))
851 {
852 VM_FF_CLEAR(pVM, VM_FF_TO_R3);
853 STAM_COUNTER_INC(&pVM->hwaccm.s.StatSwitchToR3);
854 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatEntry, x);
855 rc = VINF_EM_RAW_TO_R3;
856 goto end;
857 }
858 }
859
860 /* Pending request packets might contain actions that need immediate attention, such as pending hardware interrupts. */
861 if (VM_FF_ISPENDING(pVM, VM_FF_REQUEST))
862 {
863 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatEntry, x);
864 rc = VINF_EM_PENDING_REQUEST;
865 goto end;
866 }
867
868 /* When external interrupts are pending, we should exit the VM when IF is set. */
869 /* Note! *After* VM_FF_INHIBIT_INTERRUPTS check!!! */
870 rc = SVMR0CheckPendingInterrupt(pVM, pVMCB, pCtx);
871 if (VBOX_FAILURE(rc))
872 {
873 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatEntry, x);
874 goto end;
875 }
876
877 /* TPR caching using CR8 is only available in 64 bits mode */
878 /* Note the 32 bits exception for AMD (X86_CPUID_AMD_FEATURE_ECX_CR8L), but that appears missing in Intel CPUs */
879 /* Note: we can't do this in LoadGuestState as PDMApicGetTPR can jump back to ring 3 (lock)!!!!!!!! */
880 if (pCtx->msrEFER & MSR_K6_EFER_LMA)
881 {
882 bool fPending;
883
884 /* TPR caching in CR8 */
885 int rc = PDMApicGetTPR(pVM, &u8LastVTPR, &fPending);
886 AssertRC(rc);
887 pVMCB->ctrl.IntCtrl.n.u8VTPR = u8LastVTPR;
888
889 if (fPending)
890 {
891 /* A TPR change could activate a pending interrupt, so catch cr8 writes. */
892 pVMCB->ctrl.u16InterceptWrCRx |= RT_BIT(8);
893 }
894 else
895 /* No interrupts are pending, so we don't need to be explicitely notified.
896 * There are enough world switches for detecting pending interrupts.
897 */
898 pVMCB->ctrl.u16InterceptWrCRx &= ~RT_BIT(8);
899
900 fSyncTPR = !fPending;
901 }
902
903 /* All done! Let's start VM execution. */
904 STAM_PROFILE_ADV_START(&pVM->hwaccm.s.StatInGC, x);
905
906 /* Enable nested paging if necessary (disabled each time after #VMEXIT). */
907 pVMCB->ctrl.NestedPaging.n.u1NestedPaging = pVM->hwaccm.s.fNestedPaging;
908
909#ifdef LOG_ENABLED
910 pCpu = HWACCMR0GetCurrentCpu();
911 if ( pVM->hwaccm.s.idLastCpu != pCpu->idCpu
912 || pVM->hwaccm.s.cTLBFlushes != pCpu->cTLBFlushes)
913 {
914 if (pVM->hwaccm.s.idLastCpu != pCpu->idCpu)
915 Log(("Force TLB flush due to rescheduling to a different cpu (%d vs %d)\n", pVM->hwaccm.s.idLastCpu, pCpu->idCpu));
916 else
917 Log(("Force TLB flush due to changed TLB flush count (%x vs %x)\n", pVM->hwaccm.s.cTLBFlushes, pCpu->cTLBFlushes));
918 }
919 if (pCpu->fFlushTLB)
920 Log(("Force TLB flush: first time cpu %d is used -> flush\n", pCpu->idCpu));
921#endif
922
923 /*
924 * NOTE: DO NOT DO ANYTHING AFTER THIS POINT THAT MIGHT JUMP BACK TO RING 3!
925 * (until the actual world switch)
926 */
927
928#ifdef VBOX_STRICT
929 idCpuCheck = RTMpCpuId();
930#endif
931
932 /* Load the guest state; *must* be here as it sets up the shadow cr0 for lazy fpu syncing! */
933 rc = SVMR0LoadGuestState(pVM, pCtx);
934 if (rc != VINF_SUCCESS)
935 {
936 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatEntry, x);
937 goto end;
938 }
939
940 pCpu = HWACCMR0GetCurrentCpu();
941 /* Force a TLB flush for the first world switch if the current cpu differs from the one we ran on last. */
942 /* Note that this can happen both for start and resume due to long jumps back to ring 3. */
943 if ( pVM->hwaccm.s.idLastCpu != pCpu->idCpu
944 /* if the tlb flush count has changed, another VM has flushed the TLB of this cpu, so we can't use our current ASID anymore. */
945 || pVM->hwaccm.s.cTLBFlushes != pCpu->cTLBFlushes)
946 {
947 /* Force a TLB flush on VM entry. */
948 pVM->hwaccm.s.fForceTLBFlush = true;
949 }
950 else
951 Assert(!pCpu->fFlushTLB || pVM->hwaccm.s.svm.fAlwaysFlushTLB);
952
953 pVM->hwaccm.s.idLastCpu = pCpu->idCpu;
954
955 /* Make sure we flush the TLB when required. Switch ASID to achieve the same thing, but without actually flushing the whole TLB (which is expensive). */
956 if ( pVM->hwaccm.s.fForceTLBFlush
957 && !pVM->hwaccm.s.svm.fAlwaysFlushTLB)
958 {
959 if ( ++pCpu->uCurrentASID >= pVM->hwaccm.s.uMaxASID
960 || pCpu->fFlushTLB)
961 {
962 pCpu->fFlushTLB = false;
963 pCpu->uCurrentASID = 1; /* start at 1; host uses 0 */
964 pVMCB->ctrl.TLBCtrl.n.u1TLBFlush = 1; /* wrap around; flush TLB */
965 pCpu->cTLBFlushes++;
966 }
967 else
968 STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushASID);
969
970 pVM->hwaccm.s.cTLBFlushes = pCpu->cTLBFlushes;
971 pVM->hwaccm.s.uCurrentASID = pCpu->uCurrentASID;
972 }
973 else
974 {
975 Assert(!pCpu->fFlushTLB || pVM->hwaccm.s.svm.fAlwaysFlushTLB);
976
977 /* We never increase uCurrentASID in the fAlwaysFlushTLB (erratum 170) case. */
978 if (!pCpu->uCurrentASID || !pVM->hwaccm.s.uCurrentASID)
979 pVM->hwaccm.s.uCurrentASID = pCpu->uCurrentASID = 1;
980
981 Assert(!pVM->hwaccm.s.svm.fAlwaysFlushTLB || pVM->hwaccm.s.fForceTLBFlush);
982 pVMCB->ctrl.TLBCtrl.n.u1TLBFlush = pVM->hwaccm.s.fForceTLBFlush;
983 }
984 AssertMsg(pVM->hwaccm.s.cTLBFlushes == pCpu->cTLBFlushes, ("Flush count mismatch for cpu %d (%x vs %x)\n", pCpu->idCpu, pVM->hwaccm.s.cTLBFlushes, pCpu->cTLBFlushes));
985 AssertMsg(pCpu->uCurrentASID >= 1 && pCpu->uCurrentASID < pVM->hwaccm.s.uMaxASID, ("cpu%d uCurrentASID = %x\n", pCpu->idCpu, pCpu->uCurrentASID));
986 AssertMsg(pVM->hwaccm.s.uCurrentASID >= 1 && pVM->hwaccm.s.uCurrentASID < pVM->hwaccm.s.uMaxASID, ("cpu%d VM uCurrentASID = %x\n", pCpu->idCpu, pVM->hwaccm.s.uCurrentASID));
987 pVMCB->ctrl.TLBCtrl.n.u32ASID = pVM->hwaccm.s.uCurrentASID;
988
989#ifdef VBOX_WITH_STATISTICS
990 if (pVMCB->ctrl.TLBCtrl.n.u1TLBFlush)
991 STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushTLBWorldSwitch);
992 else
993 STAM_COUNTER_INC(&pVM->hwaccm.s.StatNoFlushTLBWorldSwitch);
994#endif
995
996 /* In case we execute a goto ResumeExecution later on. */
997 pVM->hwaccm.s.svm.fResumeVM = true;
998 pVM->hwaccm.s.fForceTLBFlush = pVM->hwaccm.s.svm.fAlwaysFlushTLB;
999
1000 Assert(sizeof(pVM->hwaccm.s.svm.pVMCBPhys) == 8);
1001 Assert(pVMCB->ctrl.u32InterceptCtrl2 == ( SVM_CTRL2_INTERCEPT_VMRUN /* required */
1002 | SVM_CTRL2_INTERCEPT_VMMCALL
1003 | SVM_CTRL2_INTERCEPT_VMLOAD
1004 | SVM_CTRL2_INTERCEPT_VMSAVE
1005 | SVM_CTRL2_INTERCEPT_STGI
1006 | SVM_CTRL2_INTERCEPT_CLGI
1007 | SVM_CTRL2_INTERCEPT_SKINIT
1008 | SVM_CTRL2_INTERCEPT_RDTSCP /* AMD only; we don't support this one */
1009 | SVM_CTRL2_INTERCEPT_WBINVD
1010 | SVM_CTRL2_INTERCEPT_MWAIT_UNCOND /* don't execute mwait or else we'll idle inside the guest (host thinks the cpu load is high) */
1011 ));
1012 Assert(pVMCB->ctrl.IntCtrl.n.u1VIrqMasking);
1013 Assert(pVMCB->ctrl.u64IOPMPhysAddr == pVM->hwaccm.s.svm.pIOBitmapPhys);
1014 Assert(pVMCB->ctrl.u64MSRPMPhysAddr == pVM->hwaccm.s.svm.pMSRBitmapPhys);
1015 Assert(pVMCB->ctrl.u64LBRVirt == 0);
1016
1017#ifdef VBOX_STRICT
1018 Assert(idCpuCheck == RTMpCpuId());
1019#endif
1020 TMNotifyStartOfExecution(pVM);
1021 pVM->hwaccm.s.svm.pfnVMRun(pVM->hwaccm.s.svm.pVMCBHostPhys, pVM->hwaccm.s.svm.pVMCBPhys, pCtx);
1022 TMNotifyEndOfExecution(pVM);
1023 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatInGC, x);
1024
1025 /*
1026 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1027 * IMPORTANT: WE CAN'T DO ANY LOGGING OR OPERATIONS THAT CAN DO A LONGJMP BACK TO RING 3 *BEFORE* WE'VE SYNCED BACK (MOST OF) THE GUEST STATE
1028 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1029 */
1030
1031 STAM_PROFILE_ADV_START(&pVM->hwaccm.s.StatExit, x);
1032
1033 /* Reason for the VM exit */
1034 exitCode = pVMCB->ctrl.u64ExitCode;
1035
1036 if (exitCode == (uint64_t)SVM_EXIT_INVALID) /* Invalid guest state. */
1037 {
1038 HWACCMDumpRegs(pVM, pCtx);
1039#ifdef DEBUG
1040 Log(("ctrl.u16InterceptRdCRx %x\n", pVMCB->ctrl.u16InterceptRdCRx));
1041 Log(("ctrl.u16InterceptWrCRx %x\n", pVMCB->ctrl.u16InterceptWrCRx));
1042 Log(("ctrl.u16InterceptRdDRx %x\n", pVMCB->ctrl.u16InterceptRdDRx));
1043 Log(("ctrl.u16InterceptWrDRx %x\n", pVMCB->ctrl.u16InterceptWrDRx));
1044 Log(("ctrl.u32InterceptException %x\n", pVMCB->ctrl.u32InterceptException));
1045 Log(("ctrl.u32InterceptCtrl1 %x\n", pVMCB->ctrl.u32InterceptCtrl1));
1046 Log(("ctrl.u32InterceptCtrl2 %x\n", pVMCB->ctrl.u32InterceptCtrl2));
1047 Log(("ctrl.u64IOPMPhysAddr %VX64\n", pVMCB->ctrl.u64IOPMPhysAddr));
1048 Log(("ctrl.u64MSRPMPhysAddr %VX64\n", pVMCB->ctrl.u64MSRPMPhysAddr));
1049 Log(("ctrl.u64TSCOffset %VX64\n", pVMCB->ctrl.u64TSCOffset));
1050
1051 Log(("ctrl.TLBCtrl.u32ASID %x\n", pVMCB->ctrl.TLBCtrl.n.u32ASID));
1052 Log(("ctrl.TLBCtrl.u1TLBFlush %x\n", pVMCB->ctrl.TLBCtrl.n.u1TLBFlush));
1053 Log(("ctrl.TLBCtrl.u7Reserved %x\n", pVMCB->ctrl.TLBCtrl.n.u7Reserved));
1054 Log(("ctrl.TLBCtrl.u24Reserved %x\n", pVMCB->ctrl.TLBCtrl.n.u24Reserved));
1055
1056 Log(("ctrl.IntCtrl.u8VTPR %x\n", pVMCB->ctrl.IntCtrl.n.u8VTPR));
1057 Log(("ctrl.IntCtrl.u1VIrqValid %x\n", pVMCB->ctrl.IntCtrl.n.u1VIrqValid));
1058 Log(("ctrl.IntCtrl.u7Reserved %x\n", pVMCB->ctrl.IntCtrl.n.u7Reserved));
1059 Log(("ctrl.IntCtrl.u4VIrqPriority %x\n", pVMCB->ctrl.IntCtrl.n.u4VIrqPriority));
1060 Log(("ctrl.IntCtrl.u1IgnoreTPR %x\n", pVMCB->ctrl.IntCtrl.n.u1IgnoreTPR));
1061 Log(("ctrl.IntCtrl.u3Reserved %x\n", pVMCB->ctrl.IntCtrl.n.u3Reserved));
1062 Log(("ctrl.IntCtrl.u1VIrqMasking %x\n", pVMCB->ctrl.IntCtrl.n.u1VIrqMasking));
1063 Log(("ctrl.IntCtrl.u7Reserved2 %x\n", pVMCB->ctrl.IntCtrl.n.u7Reserved2));
1064 Log(("ctrl.IntCtrl.u8VIrqVector %x\n", pVMCB->ctrl.IntCtrl.n.u8VIrqVector));
1065 Log(("ctrl.IntCtrl.u24Reserved %x\n", pVMCB->ctrl.IntCtrl.n.u24Reserved));
1066
1067 Log(("ctrl.u64IntShadow %VX64\n", pVMCB->ctrl.u64IntShadow));
1068 Log(("ctrl.u64ExitCode %VX64\n", pVMCB->ctrl.u64ExitCode));
1069 Log(("ctrl.u64ExitInfo1 %VX64\n", pVMCB->ctrl.u64ExitInfo1));
1070 Log(("ctrl.u64ExitInfo2 %VX64\n", pVMCB->ctrl.u64ExitInfo2));
1071 Log(("ctrl.ExitIntInfo.u8Vector %x\n", pVMCB->ctrl.ExitIntInfo.n.u8Vector));
1072 Log(("ctrl.ExitIntInfo.u3Type %x\n", pVMCB->ctrl.ExitIntInfo.n.u3Type));
1073 Log(("ctrl.ExitIntInfo.u1ErrorCodeValid %x\n", pVMCB->ctrl.ExitIntInfo.n.u1ErrorCodeValid));
1074 Log(("ctrl.ExitIntInfo.u19Reserved %x\n", pVMCB->ctrl.ExitIntInfo.n.u19Reserved));
1075 Log(("ctrl.ExitIntInfo.u1Valid %x\n", pVMCB->ctrl.ExitIntInfo.n.u1Valid));
1076 Log(("ctrl.ExitIntInfo.u32ErrorCode %x\n", pVMCB->ctrl.ExitIntInfo.n.u32ErrorCode));
1077 Log(("ctrl.NestedPaging %VX64\n", pVMCB->ctrl.NestedPaging.au64));
1078 Log(("ctrl.EventInject.u8Vector %x\n", pVMCB->ctrl.EventInject.n.u8Vector));
1079 Log(("ctrl.EventInject.u3Type %x\n", pVMCB->ctrl.EventInject.n.u3Type));
1080 Log(("ctrl.EventInject.u1ErrorCodeValid %x\n", pVMCB->ctrl.EventInject.n.u1ErrorCodeValid));
1081 Log(("ctrl.EventInject.u19Reserved %x\n", pVMCB->ctrl.EventInject.n.u19Reserved));
1082 Log(("ctrl.EventInject.u1Valid %x\n", pVMCB->ctrl.EventInject.n.u1Valid));
1083 Log(("ctrl.EventInject.u32ErrorCode %x\n", pVMCB->ctrl.EventInject.n.u32ErrorCode));
1084
1085 Log(("ctrl.u64NestedPagingCR3 %VX64\n", pVMCB->ctrl.u64NestedPagingCR3));
1086 Log(("ctrl.u64LBRVirt %VX64\n", pVMCB->ctrl.u64LBRVirt));
1087
1088 Log(("guest.CS.u16Sel %04X\n", pVMCB->guest.CS.u16Sel));
1089 Log(("guest.CS.u16Attr %04X\n", pVMCB->guest.CS.u16Attr));
1090 Log(("guest.CS.u32Limit %X\n", pVMCB->guest.CS.u32Limit));
1091 Log(("guest.CS.u64Base %VX64\n", pVMCB->guest.CS.u64Base));
1092 Log(("guest.DS.u16Sel %04X\n", pVMCB->guest.DS.u16Sel));
1093 Log(("guest.DS.u16Attr %04X\n", pVMCB->guest.DS.u16Attr));
1094 Log(("guest.DS.u32Limit %X\n", pVMCB->guest.DS.u32Limit));
1095 Log(("guest.DS.u64Base %VX64\n", pVMCB->guest.DS.u64Base));
1096 Log(("guest.ES.u16Sel %04X\n", pVMCB->guest.ES.u16Sel));
1097 Log(("guest.ES.u16Attr %04X\n", pVMCB->guest.ES.u16Attr));
1098 Log(("guest.ES.u32Limit %X\n", pVMCB->guest.ES.u32Limit));
1099 Log(("guest.ES.u64Base %VX64\n", pVMCB->guest.ES.u64Base));
1100 Log(("guest.FS.u16Sel %04X\n", pVMCB->guest.FS.u16Sel));
1101 Log(("guest.FS.u16Attr %04X\n", pVMCB->guest.FS.u16Attr));
1102 Log(("guest.FS.u32Limit %X\n", pVMCB->guest.FS.u32Limit));
1103 Log(("guest.FS.u64Base %VX64\n", pVMCB->guest.FS.u64Base));
1104 Log(("guest.GS.u16Sel %04X\n", pVMCB->guest.GS.u16Sel));
1105 Log(("guest.GS.u16Attr %04X\n", pVMCB->guest.GS.u16Attr));
1106 Log(("guest.GS.u32Limit %X\n", pVMCB->guest.GS.u32Limit));
1107 Log(("guest.GS.u64Base %VX64\n", pVMCB->guest.GS.u64Base));
1108
1109 Log(("guest.GDTR.u32Limit %X\n", pVMCB->guest.GDTR.u32Limit));
1110 Log(("guest.GDTR.u64Base %VX64\n", pVMCB->guest.GDTR.u64Base));
1111
1112 Log(("guest.LDTR.u16Sel %04X\n", pVMCB->guest.LDTR.u16Sel));
1113 Log(("guest.LDTR.u16Attr %04X\n", pVMCB->guest.LDTR.u16Attr));
1114 Log(("guest.LDTR.u32Limit %X\n", pVMCB->guest.LDTR.u32Limit));
1115 Log(("guest.LDTR.u64Base %VX64\n", pVMCB->guest.LDTR.u64Base));
1116
1117 Log(("guest.IDTR.u32Limit %X\n", pVMCB->guest.IDTR.u32Limit));
1118 Log(("guest.IDTR.u64Base %VX64\n", pVMCB->guest.IDTR.u64Base));
1119
1120 Log(("guest.TR.u16Sel %04X\n", pVMCB->guest.TR.u16Sel));
1121 Log(("guest.TR.u16Attr %04X\n", pVMCB->guest.TR.u16Attr));
1122 Log(("guest.TR.u32Limit %X\n", pVMCB->guest.TR.u32Limit));
1123 Log(("guest.TR.u64Base %VX64\n", pVMCB->guest.TR.u64Base));
1124
1125 Log(("guest.u8CPL %X\n", pVMCB->guest.u8CPL));
1126 Log(("guest.u64CR0 %VX64\n", pVMCB->guest.u64CR0));
1127 Log(("guest.u64CR2 %VX64\n", pVMCB->guest.u64CR2));
1128 Log(("guest.u64CR3 %VX64\n", pVMCB->guest.u64CR3));
1129 Log(("guest.u64CR4 %VX64\n", pVMCB->guest.u64CR4));
1130 Log(("guest.u64DR6 %VX64\n", pVMCB->guest.u64DR6));
1131 Log(("guest.u64DR7 %VX64\n", pVMCB->guest.u64DR7));
1132
1133 Log(("guest.u64RIP %VX64\n", pVMCB->guest.u64RIP));
1134 Log(("guest.u64RSP %VX64\n", pVMCB->guest.u64RSP));
1135 Log(("guest.u64RAX %VX64\n", pVMCB->guest.u64RAX));
1136 Log(("guest.u64RFlags %VX64\n", pVMCB->guest.u64RFlags));
1137
1138 Log(("guest.u64SysEnterCS %VX64\n", pVMCB->guest.u64SysEnterCS));
1139 Log(("guest.u64SysEnterEIP %VX64\n", pVMCB->guest.u64SysEnterEIP));
1140 Log(("guest.u64SysEnterESP %VX64\n", pVMCB->guest.u64SysEnterESP));
1141
1142 Log(("guest.u64EFER %VX64\n", pVMCB->guest.u64EFER));
1143 Log(("guest.u64STAR %VX64\n", pVMCB->guest.u64STAR));
1144 Log(("guest.u64LSTAR %VX64\n", pVMCB->guest.u64LSTAR));
1145 Log(("guest.u64CSTAR %VX64\n", pVMCB->guest.u64CSTAR));
1146 Log(("guest.u64SFMASK %VX64\n", pVMCB->guest.u64SFMASK));
1147 Log(("guest.u64KernelGSBase %VX64\n", pVMCB->guest.u64KernelGSBase));
1148 Log(("guest.u64GPAT %VX64\n", pVMCB->guest.u64GPAT));
1149 Log(("guest.u64DBGCTL %VX64\n", pVMCB->guest.u64DBGCTL));
1150 Log(("guest.u64BR_FROM %VX64\n", pVMCB->guest.u64BR_FROM));
1151 Log(("guest.u64BR_TO %VX64\n", pVMCB->guest.u64BR_TO));
1152 Log(("guest.u64LASTEXCPFROM %VX64\n", pVMCB->guest.u64LASTEXCPFROM));
1153 Log(("guest.u64LASTEXCPTO %VX64\n", pVMCB->guest.u64LASTEXCPTO));
1154
1155#endif
1156 rc = VERR_SVM_UNABLE_TO_START_VM;
1157 goto end;
1158 }
1159
1160 /* Let's first sync back eip, esp, and eflags. */
1161 pCtx->rip = pVMCB->guest.u64RIP;
1162 pCtx->rsp = pVMCB->guest.u64RSP;
1163 pCtx->eflags.u32 = pVMCB->guest.u64RFlags;
1164 /* eax is saved/restore across the vmrun instruction */
1165 pCtx->rax = pVMCB->guest.u64RAX;
1166
1167 pCtx->msrKERNELGSBASE = pVMCB->guest.u64KernelGSBase; /* swapgs exchange value */
1168
1169 /* Can be updated behind our back in the nested paging case. */
1170 pCtx->cr2 = pVMCB->guest.u64CR2;
1171
1172 /* Guest CPU context: ES, CS, SS, DS, FS, GS. */
1173 SVM_READ_SELREG(SS, ss);
1174 SVM_READ_SELREG(CS, cs);
1175 SVM_READ_SELREG(DS, ds);
1176 SVM_READ_SELREG(ES, es);
1177 SVM_READ_SELREG(FS, fs);
1178 SVM_READ_SELREG(GS, gs);
1179
1180 /*
1181 * System MSRs
1182 */
1183 pCtx->SysEnter.cs = pVMCB->guest.u64SysEnterCS;
1184 pCtx->SysEnter.eip = pVMCB->guest.u64SysEnterEIP;
1185 pCtx->SysEnter.esp = pVMCB->guest.u64SysEnterESP;
1186
1187 /* Remaining guest CPU context: TR, IDTR, GDTR, LDTR; must sync everything otherwise we can get out of sync when jumping to ring 3. */
1188 SVM_READ_SELREG(LDTR, ldtr);
1189 SVM_READ_SELREG(TR, tr);
1190
1191 pCtx->gdtr.cbGdt = pVMCB->guest.GDTR.u32Limit;
1192 pCtx->gdtr.pGdt = pVMCB->guest.GDTR.u64Base;
1193
1194 pCtx->idtr.cbIdt = pVMCB->guest.IDTR.u32Limit;
1195 pCtx->idtr.pIdt = pVMCB->guest.IDTR.u64Base;
1196
1197 /* Note: no reason to sync back the CRx and DRx registers. They can't be changed by the guest. */
1198 /* Note: only in the nested paging case can CR3 & CR4 be changed by the guest. */
1199 if ( pVM->hwaccm.s.fNestedPaging
1200 && pCtx->cr3 != pVMCB->guest.u64CR3)
1201 {
1202 CPUMSetGuestCR3(pVM, pVMCB->guest.u64CR3);
1203 PGMUpdateCR3(pVM, pVMCB->guest.u64CR3);
1204 }
1205
1206 /* Note! NOW IT'S SAFE FOR LOGGING! */
1207
1208 /* Take care of instruction fusing (sti, mov ss) (see 15.20.5 Interrupt Shadows) */
1209 if (pVMCB->ctrl.u64IntShadow & SVM_INTERRUPT_SHADOW_ACTIVE)
1210 {
1211 Log(("uInterruptState %x eip=%VGv\n", pVMCB->ctrl.u64IntShadow, pCtx->rip));
1212 EMSetInhibitInterruptsPC(pVM, pCtx->rip);
1213 }
1214 else
1215 VM_FF_CLEAR(pVM, VM_FF_INHIBIT_INTERRUPTS);
1216
1217 Log2(("exitCode = %x\n", exitCode));
1218
1219 /* Sync back DR6 as it could have been changed by hitting breakpoints. */
1220 pCtx->dr[6] = pVMCB->guest.u64DR6;
1221 /* DR7.GD can be cleared by debug exceptions, so sync it back as well. */
1222 pCtx->dr[7] = pVMCB->guest.u64DR7;
1223
1224 /* Check if an injected event was interrupted prematurely. */
1225 pVM->hwaccm.s.Event.intInfo = pVMCB->ctrl.ExitIntInfo.au64[0];
1226 if ( pVMCB->ctrl.ExitIntInfo.n.u1Valid
1227 && pVMCB->ctrl.ExitIntInfo.n.u3Type != SVM_EVENT_SOFTWARE_INT /* we don't care about 'int xx' as the instruction will be restarted. */)
1228 {
1229 Log(("Pending inject %VX64 at %VGv exit=%08x\n", pVM->hwaccm.s.Event.intInfo, pCtx->rip, exitCode));
1230
1231#ifdef LOG_ENABLED
1232 SVM_EVENT Event;
1233 Event.au64[0] = pVM->hwaccm.s.Event.intInfo;
1234
1235 if ( exitCode == SVM_EXIT_EXCEPTION_E
1236 && Event.n.u8Vector == 0xE)
1237 {
1238 Log(("Double fault!\n"));
1239 }
1240#endif
1241
1242 pVM->hwaccm.s.Event.fPending = true;
1243 /* Error code present? (redundant) */
1244 if (pVMCB->ctrl.ExitIntInfo.n.u1ErrorCodeValid)
1245 {
1246 pVM->hwaccm.s.Event.errCode = pVMCB->ctrl.ExitIntInfo.n.u32ErrorCode;
1247 }
1248 else
1249 pVM->hwaccm.s.Event.errCode = 0;
1250 }
1251#ifdef VBOX_WITH_STATISTICS
1252 if (exitCode == SVM_EXIT_NPF)
1253 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitReasonNPF);
1254 else
1255 STAM_COUNTER_INC(&pVM->hwaccm.s.paStatExitReasonR0[exitCode & MASK_EXITREASON_STAT]);
1256#endif
1257
1258 if (fSyncTPR)
1259 {
1260 rc = PDMApicSetTPR(pVM, pVMCB->ctrl.IntCtrl.n.u8VTPR);
1261 AssertRC(rc);
1262 }
1263
1264 /* Deal with the reason of the VM-exit. */
1265 switch (exitCode)
1266 {
1267 case SVM_EXIT_EXCEPTION_0: case SVM_EXIT_EXCEPTION_1: case SVM_EXIT_EXCEPTION_2: case SVM_EXIT_EXCEPTION_3:
1268 case SVM_EXIT_EXCEPTION_4: case SVM_EXIT_EXCEPTION_5: case SVM_EXIT_EXCEPTION_6: case SVM_EXIT_EXCEPTION_7:
1269 case SVM_EXIT_EXCEPTION_8: case SVM_EXIT_EXCEPTION_9: case SVM_EXIT_EXCEPTION_A: case SVM_EXIT_EXCEPTION_B:
1270 case SVM_EXIT_EXCEPTION_C: case SVM_EXIT_EXCEPTION_D: case SVM_EXIT_EXCEPTION_E: case SVM_EXIT_EXCEPTION_F:
1271 case SVM_EXIT_EXCEPTION_10: case SVM_EXIT_EXCEPTION_11: case SVM_EXIT_EXCEPTION_12: case SVM_EXIT_EXCEPTION_13:
1272 case SVM_EXIT_EXCEPTION_14: case SVM_EXIT_EXCEPTION_15: case SVM_EXIT_EXCEPTION_16: case SVM_EXIT_EXCEPTION_17:
1273 case SVM_EXIT_EXCEPTION_18: case SVM_EXIT_EXCEPTION_19: case SVM_EXIT_EXCEPTION_1A: case SVM_EXIT_EXCEPTION_1B:
1274 case SVM_EXIT_EXCEPTION_1C: case SVM_EXIT_EXCEPTION_1D: case SVM_EXIT_EXCEPTION_1E: case SVM_EXIT_EXCEPTION_1F:
1275 {
1276 /* Pending trap. */
1277 SVM_EVENT Event;
1278 uint32_t vector = exitCode - SVM_EXIT_EXCEPTION_0;
1279
1280 Log2(("Hardware/software interrupt %d\n", vector));
1281 switch (vector)
1282 {
1283 case X86_XCPT_DB:
1284 {
1285 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestDB);
1286
1287 /* Note that we don't support guest and host-initiated debugging at the same time. */
1288 Assert(DBGFIsStepping(pVM));
1289
1290 rc = DBGFR0Trap01Handler(pVM, CPUMCTX2CORE(pCtx), pCtx->dr[6]);
1291 if (rc == VINF_EM_RAW_GUEST_TRAP)
1292 {
1293 Log(("Trap %x (debug) at %VGv\n", vector, pCtx->rip));
1294
1295 /* Reinject the exception. */
1296 Event.au64[0] = 0;
1297 Event.n.u3Type = SVM_EVENT_EXCEPTION; /* trap or fault */
1298 Event.n.u1Valid = 1;
1299 Event.n.u8Vector = X86_XCPT_DB;
1300
1301 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1302
1303 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1304 goto ResumeExecution;
1305 }
1306 /* Return to ring 3 to deal with the debug exit code. */
1307 break;
1308 }
1309
1310 case X86_XCPT_NM:
1311 {
1312 Log(("#NM fault at %VGv\n", pCtx->rip));
1313
1314 /** @todo don't intercept #NM exceptions anymore when we've activated the guest FPU state. */
1315 /* If we sync the FPU/XMM state on-demand, then we can continue execution as if nothing has happened. */
1316 rc = CPUMR0LoadGuestFPU(pVM, pCtx);
1317 if (rc == VINF_SUCCESS)
1318 {
1319 Assert(CPUMIsGuestFPUStateActive(pVM));
1320 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitShadowNM);
1321
1322 /* Continue execution. */
1323 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1324 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_CR0;
1325
1326 goto ResumeExecution;
1327 }
1328
1329 Log(("Forward #NM fault to the guest\n"));
1330 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestNM);
1331
1332 Event.au64[0] = 0;
1333 Event.n.u3Type = SVM_EVENT_EXCEPTION;
1334 Event.n.u1Valid = 1;
1335 Event.n.u8Vector = X86_XCPT_NM;
1336
1337 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1338 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1339 goto ResumeExecution;
1340 }
1341
1342 case X86_XCPT_PF: /* Page fault */
1343 {
1344 uint32_t errCode = pVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
1345 RTGCUINTPTR uFaultAddress = pVMCB->ctrl.u64ExitInfo2; /* EXITINFO2 = fault address */
1346
1347#ifdef DEBUG
1348 if (pVM->hwaccm.s.fNestedPaging)
1349 { /* A genuine pagefault.
1350 * Forward the trap to the guest by injecting the exception and resuming execution.
1351 */
1352 Log(("Guest page fault at %VGv cr2=%VGv error code %x rsp=%VGv\n", (RTGCPTR)pCtx->rip, uFaultAddress, errCode, (RTGCPTR)pCtx->rsp));
1353 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestPF);
1354
1355 /* Now we must update CR2. */
1356 pCtx->cr2 = uFaultAddress;
1357
1358 Event.au64[0] = 0;
1359 Event.n.u3Type = SVM_EVENT_EXCEPTION;
1360 Event.n.u1Valid = 1;
1361 Event.n.u8Vector = X86_XCPT_PF;
1362 Event.n.u1ErrorCodeValid = 1;
1363 Event.n.u32ErrorCode = errCode;
1364
1365 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1366
1367 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1368 goto ResumeExecution;
1369 }
1370#endif
1371 Assert(!pVM->hwaccm.s.fNestedPaging);
1372
1373 Log2(("Page fault at %VGv cr2=%VGv error code %x\n", pCtx->rip, uFaultAddress, errCode));
1374 /* Exit qualification contains the linear address of the page fault. */
1375 TRPMAssertTrap(pVM, X86_XCPT_PF, TRPM_TRAP);
1376 TRPMSetErrorCode(pVM, errCode);
1377 TRPMSetFaultAddress(pVM, uFaultAddress);
1378
1379 /* Forward it to our trap handler first, in case our shadow pages are out of sync. */
1380 rc = PGMTrap0eHandler(pVM, errCode, CPUMCTX2CORE(pCtx), (RTGCPTR)uFaultAddress);
1381 Log2(("PGMTrap0eHandler %VGv returned %Vrc\n", pCtx->rip, rc));
1382 if (rc == VINF_SUCCESS)
1383 { /* We've successfully synced our shadow pages, so let's just continue execution. */
1384 Log2(("Shadow page fault at %VGv cr2=%VGv error code %x\n", pCtx->rip, uFaultAddress, errCode));
1385 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitShadowPF);
1386
1387 TRPMResetTrap(pVM);
1388
1389 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1390 goto ResumeExecution;
1391 }
1392 else
1393 if (rc == VINF_EM_RAW_GUEST_TRAP)
1394 { /* A genuine pagefault.
1395 * Forward the trap to the guest by injecting the exception and resuming execution.
1396 */
1397 Log2(("Forward page fault to the guest\n"));
1398 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestPF);
1399 /* The error code might have been changed. */
1400 errCode = TRPMGetErrorCode(pVM);
1401
1402 TRPMResetTrap(pVM);
1403
1404 /* Now we must update CR2. */
1405 pCtx->cr2 = uFaultAddress;
1406
1407 Event.au64[0] = 0;
1408 Event.n.u3Type = SVM_EVENT_EXCEPTION;
1409 Event.n.u1Valid = 1;
1410 Event.n.u8Vector = X86_XCPT_PF;
1411 Event.n.u1ErrorCodeValid = 1;
1412 Event.n.u32ErrorCode = errCode;
1413
1414 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1415
1416 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1417 goto ResumeExecution;
1418 }
1419#ifdef VBOX_STRICT
1420 if (rc != VINF_EM_RAW_EMULATE_INSTR)
1421 LogFlow(("PGMTrap0eHandler failed with %d\n", rc));
1422#endif
1423 /* Need to go back to the recompiler to emulate the instruction. */
1424 TRPMResetTrap(pVM);
1425 break;
1426 }
1427
1428 case X86_XCPT_MF: /* Floating point exception. */
1429 {
1430 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestMF);
1431 if (!(pCtx->cr0 & X86_CR0_NE))
1432 {
1433 /* old style FPU error reporting needs some extra work. */
1434 /** @todo don't fall back to the recompiler, but do it manually. */
1435 rc = VINF_EM_RAW_EMULATE_INSTR;
1436 break;
1437 }
1438 Log(("Trap %x at %VGv\n", vector, pCtx->rip));
1439
1440 Event.au64[0] = 0;
1441 Event.n.u3Type = SVM_EVENT_EXCEPTION;
1442 Event.n.u1Valid = 1;
1443 Event.n.u8Vector = X86_XCPT_MF;
1444
1445 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1446
1447 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1448 goto ResumeExecution;
1449 }
1450
1451#ifdef VBOX_STRICT
1452 case X86_XCPT_GP: /* General protection failure exception.*/
1453 case X86_XCPT_UD: /* Unknown opcode exception. */
1454 case X86_XCPT_DE: /* Divide error. */
1455 case X86_XCPT_SS: /* Stack segment exception. */
1456 case X86_XCPT_NP: /* Segment not present exception. */
1457 {
1458 Event.au64[0] = 0;
1459 Event.n.u3Type = SVM_EVENT_EXCEPTION;
1460 Event.n.u1Valid = 1;
1461 Event.n.u8Vector = vector;
1462
1463 switch(vector)
1464 {
1465 case X86_XCPT_GP:
1466 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestGP);
1467 Event.n.u1ErrorCodeValid = 1;
1468 Event.n.u32ErrorCode = pVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
1469 break;
1470 case X86_XCPT_DE:
1471 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestDE);
1472 break;
1473 case X86_XCPT_UD:
1474 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestUD);
1475 break;
1476 case X86_XCPT_SS:
1477 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestSS);
1478 Event.n.u1ErrorCodeValid = 1;
1479 Event.n.u32ErrorCode = pVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
1480 break;
1481 case X86_XCPT_NP:
1482 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestNP);
1483 Event.n.u1ErrorCodeValid = 1;
1484 Event.n.u32ErrorCode = pVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
1485 break;
1486 }
1487 Log(("Trap %x at %VGv esi=%x\n", vector, pCtx->rip, pCtx->esi));
1488 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1489
1490 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1491 goto ResumeExecution;
1492 }
1493#endif
1494 default:
1495 AssertMsgFailed(("Unexpected vm-exit caused by exception %x\n", vector));
1496 rc = VERR_EM_INTERNAL_ERROR;
1497 break;
1498
1499 } /* switch (vector) */
1500 break;
1501 }
1502
1503 case SVM_EXIT_NPF:
1504 {
1505 /* EXITINFO1 contains fault errorcode; EXITINFO2 contains the guest physical address causing the fault. */
1506 uint32_t errCode = pVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
1507 RTGCPHYS uFaultAddress = pVMCB->ctrl.u64ExitInfo2; /* EXITINFO2 = fault address */
1508
1509 Assert(pVM->hwaccm.s.fNestedPaging);
1510 Log(("Nested page fault at %VGv cr2=%VGp error code %x\n", pCtx->rip, uFaultAddress, errCode));
1511 /* Exit qualification contains the linear address of the page fault. */
1512 TRPMAssertTrap(pVM, X86_XCPT_PF, TRPM_TRAP);
1513 TRPMSetErrorCode(pVM, errCode);
1514 TRPMSetFaultAddress(pVM, uFaultAddress);
1515
1516 /* Handle the pagefault trap for the nested shadow table. */
1517 rc = PGMR0Trap0eHandlerNestedPaging(pVM, PGMGetHostMode(pVM), errCode, CPUMCTX2CORE(pCtx), uFaultAddress);
1518 Log2(("PGMR0Trap0eHandlerNestedPaging %VGv returned %Vrc\n", pCtx->rip, rc));
1519 if (rc == VINF_SUCCESS)
1520 { /* We've successfully synced our shadow pages, so let's just continue execution. */
1521 Log2(("Shadow page fault at %VGv cr2=%VGp error code %x\n", pCtx->rip, uFaultAddress, errCode));
1522 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitShadowPF);
1523
1524 TRPMResetTrap(pVM);
1525
1526 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1527 goto ResumeExecution;
1528 }
1529
1530#ifdef VBOX_STRICT
1531 if (rc != VINF_EM_RAW_EMULATE_INSTR)
1532 LogFlow(("PGMTrap0eHandlerNestedPaging failed with %d\n", rc));
1533#endif
1534 /* Need to go back to the recompiler to emulate the instruction. */
1535 TRPMResetTrap(pVM);
1536 break;
1537 }
1538
1539 case SVM_EXIT_VINTR:
1540 /* A virtual interrupt is about to be delivered, which means IF=1. */
1541 Log(("SVM_EXIT_VINTR IF=%d\n", pCtx->eflags.Bits.u1IF));
1542 pVMCB->ctrl.IntCtrl.n.u1VIrqValid = 0;
1543 pVMCB->ctrl.IntCtrl.n.u8VIrqVector = 0;
1544 goto ResumeExecution;
1545
1546 case SVM_EXIT_FERR_FREEZE:
1547 case SVM_EXIT_INTR:
1548 case SVM_EXIT_NMI:
1549 case SVM_EXIT_SMI:
1550 case SVM_EXIT_INIT:
1551 /* External interrupt; leave to allow it to be dispatched again. */
1552 rc = VINF_EM_RAW_INTERRUPT;
1553 break;
1554
1555 case SVM_EXIT_WBINVD:
1556 case SVM_EXIT_INVD: /* Guest software attempted to execute INVD. */
1557 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitInvd);
1558 /* Skip instruction and continue directly. */
1559 pCtx->rip += 2; /* Note! hardcoded opcode size! */
1560 /* Continue execution.*/
1561 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1562 goto ResumeExecution;
1563
1564 case SVM_EXIT_CPUID: /* Guest software attempted to execute CPUID. */
1565 {
1566 Log2(("SVM: Cpuid at %VGv for %x\n", pCtx->rip, pCtx->eax));
1567 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitCpuid);
1568 rc = EMInterpretCpuId(pVM, CPUMCTX2CORE(pCtx));
1569 if (rc == VINF_SUCCESS)
1570 {
1571 /* Update EIP and continue execution. */
1572 pCtx->rip += 2; /* Note! hardcoded opcode size! */
1573 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1574 goto ResumeExecution;
1575 }
1576 AssertMsgFailed(("EMU: cpuid failed with %Vrc\n", rc));
1577 rc = VINF_EM_RAW_EMULATE_INSTR;
1578 break;
1579 }
1580
1581 case SVM_EXIT_RDTSC: /* Guest software attempted to execute RDTSC. */
1582 {
1583 Log2(("SVM: Rdtsc\n"));
1584 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitRdtsc);
1585 rc = EMInterpretRdtsc(pVM, CPUMCTX2CORE(pCtx));
1586 if (rc == VINF_SUCCESS)
1587 {
1588 /* Update EIP and continue execution. */
1589 pCtx->rip += 2; /* Note! hardcoded opcode size! */
1590 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1591 goto ResumeExecution;
1592 }
1593 AssertMsgFailed(("EMU: rdtsc failed with %Vrc\n", rc));
1594 rc = VINF_EM_RAW_EMULATE_INSTR;
1595 break;
1596 }
1597
1598 case SVM_EXIT_INVLPG: /* Guest software attempted to execute INVPG. */
1599 {
1600 Log2(("SVM: invlpg\n"));
1601 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitInvpg);
1602
1603 Assert(!pVM->hwaccm.s.fNestedPaging);
1604
1605 /* Truly a pita. Why can't SVM give the same information as VT-x? */
1606 rc = SVMR0InterpretInvpg(pVM, CPUMCTX2CORE(pCtx), pVMCB->ctrl.TLBCtrl.n.u32ASID);
1607 if (rc == VINF_SUCCESS)
1608 {
1609 STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushPageInvlpg);
1610 goto ResumeExecution; /* eip already updated */
1611 }
1612 break;
1613 }
1614
1615 case SVM_EXIT_WRITE_CR0: case SVM_EXIT_WRITE_CR1: case SVM_EXIT_WRITE_CR2: case SVM_EXIT_WRITE_CR3:
1616 case SVM_EXIT_WRITE_CR4: case SVM_EXIT_WRITE_CR5: case SVM_EXIT_WRITE_CR6: case SVM_EXIT_WRITE_CR7:
1617 case SVM_EXIT_WRITE_CR8: case SVM_EXIT_WRITE_CR9: case SVM_EXIT_WRITE_CR10: case SVM_EXIT_WRITE_CR11:
1618 case SVM_EXIT_WRITE_CR12: case SVM_EXIT_WRITE_CR13: case SVM_EXIT_WRITE_CR14: case SVM_EXIT_WRITE_CR15:
1619 {
1620 uint32_t cbSize;
1621
1622 Log2(("SVM: %VGv mov cr%d, \n", pCtx->rip, exitCode - SVM_EXIT_WRITE_CR0));
1623 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitCRxWrite);
1624 rc = EMInterpretInstruction(pVM, CPUMCTX2CORE(pCtx), 0, &cbSize);
1625
1626 switch (exitCode - SVM_EXIT_WRITE_CR0)
1627 {
1628 case 0:
1629 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_CR0;
1630 break;
1631 case 2:
1632 break;
1633 case 3:
1634 Assert(!pVM->hwaccm.s.fNestedPaging);
1635 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_CR3;
1636 break;
1637 case 4:
1638 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_CR4;
1639 break;
1640 case 8:
1641 break;
1642 default:
1643 AssertFailed();
1644 }
1645 /* Check if a sync operation is pending. */
1646 if ( rc == VINF_SUCCESS /* don't bother if we are going to ring 3 anyway */
1647 && VM_FF_ISPENDING(pVM, VM_FF_PGM_SYNC_CR3 | VM_FF_PGM_SYNC_CR3_NON_GLOBAL))
1648 {
1649 rc = PGMSyncCR3(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR3(pVM), CPUMGetGuestCR4(pVM), VM_FF_ISSET(pVM, VM_FF_PGM_SYNC_CR3));
1650 AssertRC(rc);
1651
1652 STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushTLBCRxChange);
1653
1654 /* Must be set by PGMSyncCR3 */
1655 Assert(PGMGetGuestMode(pVM) <= PGMMODE_PROTECTED || pVM->hwaccm.s.fForceTLBFlush);
1656 }
1657 if (rc == VINF_SUCCESS)
1658 {
1659 /* EIP has been updated already. */
1660
1661 /* Only resume if successful. */
1662 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1663 goto ResumeExecution;
1664 }
1665 Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
1666 break;
1667 }
1668
1669 case SVM_EXIT_READ_CR0: case SVM_EXIT_READ_CR1: case SVM_EXIT_READ_CR2: case SVM_EXIT_READ_CR3:
1670 case SVM_EXIT_READ_CR4: case SVM_EXIT_READ_CR5: case SVM_EXIT_READ_CR6: case SVM_EXIT_READ_CR7:
1671 case SVM_EXIT_READ_CR8: case SVM_EXIT_READ_CR9: case SVM_EXIT_READ_CR10: case SVM_EXIT_READ_CR11:
1672 case SVM_EXIT_READ_CR12: case SVM_EXIT_READ_CR13: case SVM_EXIT_READ_CR14: case SVM_EXIT_READ_CR15:
1673 {
1674 uint32_t cbSize;
1675
1676 Log2(("SVM: %VGv mov x, cr%d\n", pCtx->rip, exitCode - SVM_EXIT_READ_CR0));
1677 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitCRxRead);
1678 rc = EMInterpretInstruction(pVM, CPUMCTX2CORE(pCtx), 0, &cbSize);
1679 if (rc == VINF_SUCCESS)
1680 {
1681 /* EIP has been updated already. */
1682
1683 /* Only resume if successful. */
1684 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1685 goto ResumeExecution;
1686 }
1687 Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
1688 break;
1689 }
1690
1691 case SVM_EXIT_WRITE_DR0: case SVM_EXIT_WRITE_DR1: case SVM_EXIT_WRITE_DR2: case SVM_EXIT_WRITE_DR3:
1692 case SVM_EXIT_WRITE_DR4: case SVM_EXIT_WRITE_DR5: case SVM_EXIT_WRITE_DR6: case SVM_EXIT_WRITE_DR7:
1693 case SVM_EXIT_WRITE_DR8: case SVM_EXIT_WRITE_DR9: case SVM_EXIT_WRITE_DR10: case SVM_EXIT_WRITE_DR11:
1694 case SVM_EXIT_WRITE_DR12: case SVM_EXIT_WRITE_DR13: case SVM_EXIT_WRITE_DR14: case SVM_EXIT_WRITE_DR15:
1695 {
1696 uint32_t cbSize;
1697
1698 Log2(("SVM: %VGv mov dr%d, x\n", pCtx->rip, exitCode - SVM_EXIT_WRITE_DR0));
1699 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitDRxRead);
1700
1701 if (!DBGFIsStepping(pVM))
1702 {
1703 STAM_COUNTER_INC(&pVM->hwaccm.s.StatDRxContextSwitch);
1704
1705 /* Disable drx move intercepts. */
1706 pVMCB->ctrl.u16InterceptRdDRx = 0;
1707 pVMCB->ctrl.u16InterceptWrDRx = 0;
1708
1709 /* Save the host and load the guest debug state. */
1710 rc = CPUMR0LoadGuestDebugState(pVM, pCtx, false /* exclude DR6 */);
1711 AssertRC(rc);
1712
1713 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1714 goto ResumeExecution;
1715 }
1716
1717 rc = EMInterpretInstruction(pVM, CPUMCTX2CORE(pCtx), 0, &cbSize);
1718 if (rc == VINF_SUCCESS)
1719 {
1720 /* EIP has been updated already. */
1721 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_DEBUG;
1722
1723 /* Only resume if successful. */
1724 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1725 goto ResumeExecution;
1726 }
1727 Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
1728 break;
1729 }
1730
1731 case SVM_EXIT_READ_DR0: case SVM_EXIT_READ_DR1: case SVM_EXIT_READ_DR2: case SVM_EXIT_READ_DR3:
1732 case SVM_EXIT_READ_DR4: case SVM_EXIT_READ_DR5: case SVM_EXIT_READ_DR6: case SVM_EXIT_READ_DR7:
1733 case SVM_EXIT_READ_DR8: case SVM_EXIT_READ_DR9: case SVM_EXIT_READ_DR10: case SVM_EXIT_READ_DR11:
1734 case SVM_EXIT_READ_DR12: case SVM_EXIT_READ_DR13: case SVM_EXIT_READ_DR14: case SVM_EXIT_READ_DR15:
1735 {
1736 uint32_t cbSize;
1737
1738 Log2(("SVM: %VGv mov dr%d, x\n", pCtx->rip, exitCode - SVM_EXIT_READ_DR0));
1739 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitDRxRead);
1740
1741 if (!DBGFIsStepping(pVM))
1742 {
1743 STAM_COUNTER_INC(&pVM->hwaccm.s.StatDRxContextSwitch);
1744
1745 /* Disable drx move intercepts. */
1746 pVMCB->ctrl.u16InterceptRdDRx = 0;
1747 pVMCB->ctrl.u16InterceptWrDRx = 0;
1748
1749 /* Save the host and load the guest debug state. */
1750 rc = CPUMR0LoadGuestDebugState(pVM, pCtx, false /* exclude DR6 */);
1751 AssertRC(rc);
1752
1753 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1754 goto ResumeExecution;
1755 }
1756
1757 rc = EMInterpretInstruction(pVM, CPUMCTX2CORE(pCtx), 0, &cbSize);
1758 if (rc == VINF_SUCCESS)
1759 {
1760 /* EIP has been updated already. */
1761
1762 /* Only resume if successful. */
1763 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1764 goto ResumeExecution;
1765 }
1766 Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
1767 break;
1768 }
1769
1770 /* Note: We'll get a #GP if the IO instruction isn't allowed (IOPL or TSS bitmap); no need to double check. */
1771 case SVM_EXIT_IOIO: /* I/O instruction. */
1772 {
1773 SVM_IOIO_EXIT IoExitInfo;
1774 uint32_t uIOSize, uAndVal;
1775
1776 IoExitInfo.au32[0] = pVMCB->ctrl.u64ExitInfo1;
1777
1778 /** @todo could use a lookup table here */
1779 if (IoExitInfo.n.u1OP8)
1780 {
1781 uIOSize = 1;
1782 uAndVal = 0xff;
1783 }
1784 else
1785 if (IoExitInfo.n.u1OP16)
1786 {
1787 uIOSize = 2;
1788 uAndVal = 0xffff;
1789 }
1790 else
1791 if (IoExitInfo.n.u1OP32)
1792 {
1793 uIOSize = 4;
1794 uAndVal = 0xffffffff;
1795 }
1796 else
1797 {
1798 AssertFailed(); /* should be fatal. */
1799 rc = VINF_EM_RAW_EMULATE_INSTR;
1800 break;
1801 }
1802
1803 if (IoExitInfo.n.u1STR)
1804 {
1805 /* ins/outs */
1806 uint32_t prefix = 0;
1807 if (IoExitInfo.n.u1REP)
1808 prefix |= PREFIX_REP;
1809
1810 if (IoExitInfo.n.u1Type == 0)
1811 {
1812 Log2(("IOMInterpretOUTSEx %VGv %x size=%d\n", pCtx->rip, IoExitInfo.n.u16Port, uIOSize));
1813 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitIOStringWrite);
1814 rc = IOMInterpretOUTSEx(pVM, CPUMCTX2CORE(pCtx), IoExitInfo.n.u16Port, prefix, uIOSize);
1815 }
1816 else
1817 {
1818 Log2(("IOMInterpretINSEx %VGv %x size=%d\n", pCtx->rip, IoExitInfo.n.u16Port, uIOSize));
1819 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitIOStringRead);
1820 rc = IOMInterpretINSEx(pVM, CPUMCTX2CORE(pCtx), IoExitInfo.n.u16Port, prefix, uIOSize);
1821 }
1822 }
1823 else
1824 {
1825 /* normal in/out */
1826 Assert(!IoExitInfo.n.u1REP);
1827
1828 if (IoExitInfo.n.u1Type == 0)
1829 {
1830 Log2(("IOMIOPortWrite %VGv %x %x size=%d\n", pCtx->rip, IoExitInfo.n.u16Port, pCtx->eax & uAndVal, uIOSize));
1831 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitIOWrite);
1832 rc = IOMIOPortWrite(pVM, IoExitInfo.n.u16Port, pCtx->eax & uAndVal, uIOSize);
1833 }
1834 else
1835 {
1836 uint32_t u32Val = 0;
1837
1838 STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitIORead);
1839 rc = IOMIOPortRead(pVM, IoExitInfo.n.u16Port, &u32Val, uIOSize);
1840 if (IOM_SUCCESS(rc))
1841 {
1842 /* Write back to the EAX register. */
1843 pCtx->eax = (pCtx->eax & ~uAndVal) | (u32Val & uAndVal);
1844 Log2(("IOMIOPortRead %VGv %x %x size=%d\n", pCtx->rip, IoExitInfo.n.u16Port, u32Val & uAndVal, uIOSize));
1845 }
1846 }
1847 }
1848 /*
1849 * Handled the I/O return codes.
1850 * (The unhandled cases end up with rc == VINF_EM_RAW_EMULATE_INSTR.)
1851 */
1852 if (IOM_SUCCESS(rc))
1853 {
1854 /* Update EIP and continue execution. */
1855 pCtx->rip = pVMCB->ctrl.u64ExitInfo2; /* RIP/EIP of the next instruction is saved in EXITINFO2. */
1856 if (RT_LIKELY(rc == VINF_SUCCESS))
1857 {
1858 /* If any IO breakpoints are armed, then we should check if a debug trap needs to be generated. */
1859 if (pCtx->dr[7] & X86_DR7_ENABLED_MASK)
1860 {
1861 STAM_COUNTER_INC(&pVM->hwaccm.s.StatDRxIOCheck);
1862 for (unsigned i=0;i<4;i++)
1863 {
1864 unsigned uBPLen = g_aIOSize[X86_DR7_GET_LEN(pCtx->dr[7], i)];
1865
1866 if ( (IoExitInfo.n.u16Port >= pCtx->dr[i] && IoExitInfo.n.u16Port < pCtx->dr[i] + uBPLen)
1867 && (pCtx->dr[7] & (X86_DR7_L(i) | X86_DR7_G(i)))
1868 && (pCtx->dr[7] & X86_DR7_RW(i, X86_DR7_RW_IO)) == X86_DR7_RW(i, X86_DR7_RW_IO))
1869 {
1870 SVM_EVENT Event;
1871
1872 Assert(CPUMIsGuestDebugStateActive(pVM));
1873
1874 /* Clear all breakpoint status flags and set the one we just hit. */
1875 pCtx->dr[6] &= ~(X86_DR6_B0|X86_DR6_B1|X86_DR6_B2|X86_DR6_B3);
1876 pCtx->dr[6] |= (uint64_t)RT_BIT(i);
1877
1878 /* Note: AMD64 Architecture Programmer's Manual 13.1:
1879 * Bits 15:13 of the DR6 register is never cleared by the processor and must be cleared by software after
1880 * the contents have been read.
1881 */
1882 pVMCB->guest.u64DR6 = pCtx->dr[6];
1883
1884 /* X86_DR7_GD will be cleared if drx accesses should be trapped inside the guest. */
1885 pCtx->dr[7] &= ~X86_DR7_GD;
1886
1887 /* Paranoia. */
1888 pCtx->dr[7] &= 0xffffffff; /* upper 32 bits reserved */
1889 pCtx->dr[7] &= ~(RT_BIT(11) | RT_BIT(12) | RT_BIT(14) | RT_BIT(15)); /* must be zero */
1890 pCtx->dr[7] |= 0x400; /* must be one */
1891
1892 pVMCB->guest.u64DR7 = pCtx->dr[7];
1893
1894 /* Inject the exception. */
1895 Log(("Inject IO debug trap at %VGv\n", pCtx->rip));
1896
1897 Event.au64[0] = 0;
1898 Event.n.u3Type = SVM_EVENT_EXCEPTION; /* trap or fault */
1899 Event.n.u1Valid = 1;
1900 Event.n.u8Vector = X86_XCPT_DB;
1901
1902 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1903
1904 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1905 goto ResumeExecution;
1906 }
1907 }
1908 }
1909
1910 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1911 goto ResumeExecution;
1912 }
1913 Log2(("EM status from IO at %VGv %x size %d: %Vrc\n", pCtx->rip, IoExitInfo.n.u16Port, uIOSize, rc));
1914 break;
1915 }
1916
1917#ifdef VBOX_STRICT
1918 if (rc == VINF_IOM_HC_IOPORT_READ)
1919 Assert(IoExitInfo.n.u1Type != 0);
1920 else if (rc == VINF_IOM_HC_IOPORT_WRITE)
1921 Assert(IoExitInfo.n.u1Type == 0);
1922 else
1923 AssertMsg(VBOX_FAILURE(rc) || rc == VINF_EM_RAW_EMULATE_INSTR || rc == VINF_EM_RAW_GUEST_TRAP || rc == VINF_TRPM_XCPT_DISPATCHED, ("%Vrc\n", rc));
1924#endif
1925 Log2(("Failed IO at %VGv %x size %d\n", pCtx->rip, IoExitInfo.n.u16Port, uIOSize));
1926 break;
1927 }
1928
1929 case SVM_EXIT_HLT:
1930 /** Check if external interrupts are pending; if so, don't switch back. */
1931 pCtx->rip++; /* skip hlt */
1932 if ( pCtx->eflags.Bits.u1IF
1933 && VM_FF_ISPENDING(pVM, (VM_FF_INTERRUPT_APIC|VM_FF_INTERRUPT_PIC)))
1934 goto ResumeExecution;
1935
1936 rc = VINF_EM_HALT;
1937 break;
1938
1939 case SVM_EXIT_RSM:
1940 case SVM_EXIT_INVLPGA:
1941 case SVM_EXIT_VMRUN:
1942 case SVM_EXIT_VMMCALL:
1943 case SVM_EXIT_VMLOAD:
1944 case SVM_EXIT_VMSAVE:
1945 case SVM_EXIT_STGI:
1946 case SVM_EXIT_CLGI:
1947 case SVM_EXIT_SKINIT:
1948 case SVM_EXIT_RDTSCP:
1949 {
1950 /* Unsupported instructions. */
1951 SVM_EVENT Event;
1952
1953 Event.au64[0] = 0;
1954 Event.n.u3Type = SVM_EVENT_EXCEPTION;
1955 Event.n.u1Valid = 1;
1956 Event.n.u8Vector = X86_XCPT_UD;
1957
1958 Log(("Forced #UD trap at %VGv\n", pCtx->rip));
1959 SVMR0InjectEvent(pVM, pVMCB, pCtx, &Event);
1960
1961 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1962 goto ResumeExecution;
1963 }
1964
1965 /* Emulate in ring 3. */
1966 case SVM_EXIT_MSR:
1967 {
1968 uint32_t cbSize;
1969
1970 /* Note: the intel manual claims there's a REX version of RDMSR that's slightly different, so we play safe by completely disassembling the instruction. */
1971 Log(("SVM: %s\n", (pVMCB->ctrl.u64ExitInfo1 == 0) ? "rdmsr" : "wrmsr"));
1972 rc = EMInterpretInstruction(pVM, CPUMCTX2CORE(pCtx), 0, &cbSize);
1973 if (rc == VINF_SUCCESS)
1974 {
1975 /* EIP has been updated already. */
1976
1977 /* Only resume if successful. */
1978 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
1979 goto ResumeExecution;
1980 }
1981 AssertMsg(rc == VERR_EM_INTERPRETER, ("EMU: %s failed with %Vrc\n", (pVMCB->ctrl.u64ExitInfo1 == 0) ? "rdmsr" : "wrmsr", rc));
1982 break;
1983 }
1984
1985 case SVM_EXIT_MONITOR:
1986 case SVM_EXIT_RDPMC:
1987 case SVM_EXIT_PAUSE:
1988 case SVM_EXIT_MWAIT_UNCOND:
1989 case SVM_EXIT_MWAIT_ARMED:
1990 case SVM_EXIT_TASK_SWITCH: /* can change CR3; emulate */
1991 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
1992 break;
1993
1994 case SVM_EXIT_SHUTDOWN:
1995 rc = VINF_EM_RESET; /* Triple fault equals a reset. */
1996 break;
1997
1998 case SVM_EXIT_IDTR_READ:
1999 case SVM_EXIT_GDTR_READ:
2000 case SVM_EXIT_LDTR_READ:
2001 case SVM_EXIT_TR_READ:
2002 case SVM_EXIT_IDTR_WRITE:
2003 case SVM_EXIT_GDTR_WRITE:
2004 case SVM_EXIT_LDTR_WRITE:
2005 case SVM_EXIT_TR_WRITE:
2006 case SVM_EXIT_CR0_SEL_WRITE:
2007 default:
2008 /* Unexpected exit codes. */
2009 rc = VERR_EM_INTERNAL_ERROR;
2010 AssertMsgFailed(("Unexpected exit code %x\n", exitCode)); /* Can't happen. */
2011 break;
2012 }
2013
2014end:
2015
2016 /* Signal changes for the recompiler. */
2017 CPUMSetChangedFlags(pVM, CPUM_CHANGED_SYSENTER_MSR | CPUM_CHANGED_LDTR | CPUM_CHANGED_GDTR | CPUM_CHANGED_IDTR | CPUM_CHANGED_TR | CPUM_CHANGED_HIDDEN_SEL_REGS);
2018
2019 /* If we executed vmrun and an external irq was pending, then we don't have to do a full sync the next time. */
2020 if (exitCode == SVM_EXIT_INTR)
2021 {
2022 STAM_COUNTER_INC(&pVM->hwaccm.s.StatPendingHostIrq);
2023 /* On the next entry we'll only sync the host context. */
2024 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_HOST_CONTEXT;
2025 }
2026 else
2027 {
2028 /* On the next entry we'll sync everything. */
2029 /** @todo we can do better than this */
2030 /* Not in the VINF_PGM_CHANGE_MODE though! */
2031 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_ALL;
2032 }
2033
2034 /* translate into a less severe return code */
2035 if (rc == VERR_EM_INTERPRETER)
2036 rc = VINF_EM_RAW_EMULATE_INSTR;
2037
2038 STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
2039 return rc;
2040}
2041
2042/**
2043 * Enters the AMD-V session
2044 *
2045 * @returns VBox status code.
2046 * @param pVM The VM to operate on.
2047 * @param pCpu CPU info struct
2048 */
2049VMMR0DECL(int) SVMR0Enter(PVM pVM, PHWACCM_CPUINFO pCpu)
2050{
2051 Assert(pVM->hwaccm.s.svm.fSupported);
2052
2053 LogFlow(("SVMR0Enter cpu%d last=%d asid=%d\n", pCpu->idCpu, pVM->hwaccm.s.idLastCpu, pVM->hwaccm.s.uCurrentASID));
2054 pVM->hwaccm.s.svm.fResumeVM = false;
2055
2056 /* Force to reload LDTR, so we'll execute VMLoad to load additional guest state. */
2057 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_LDTR;
2058
2059 return VINF_SUCCESS;
2060}
2061
2062
2063/**
2064 * Leaves the AMD-V session
2065 *
2066 * @returns VBox status code.
2067 * @param pVM The VM to operate on.
2068 * @param pCtx CPU context
2069 */
2070VMMR0DECL(int) SVMR0Leave(PVM pVM, PCPUMCTX pCtx)
2071{
2072 SVM_VMCB *pVMCB = (SVM_VMCB *)pVM->hwaccm.s.svm.pVMCB;
2073
2074 Assert(pVM->hwaccm.s.svm.fSupported);
2075
2076 /* Save the guest debug state if necessary. */
2077 if (CPUMIsGuestDebugStateActive(pVM))
2078 {
2079 CPUMR0SaveGuestDebugState(pVM, pCtx, false /* skip DR6 */);
2080
2081 /* Intercept all DRx reads and writes again. Changed later on. */
2082 pVMCB->ctrl.u16InterceptRdDRx = 0xFFFF;
2083 pVMCB->ctrl.u16InterceptWrDRx = 0xFFFF;
2084
2085 /* Resync the debug registers the next time. */
2086 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_DEBUG;
2087 }
2088 else
2089 Assert(pVMCB->ctrl.u16InterceptRdDRx == 0xFFFF && pVMCB->ctrl.u16InterceptWrDRx == 0xFFFF);
2090
2091 return VINF_SUCCESS;
2092}
2093
2094
2095static int svmR0InterpretInvlPg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, uint32_t uASID)
2096{
2097 OP_PARAMVAL param1;
2098 RTGCPTR addr;
2099
2100 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2101 if(VBOX_FAILURE(rc))
2102 return VERR_EM_INTERPRETER;
2103
2104 switch(param1.type)
2105 {
2106 case PARMTYPE_IMMEDIATE:
2107 case PARMTYPE_ADDRESS:
2108 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
2109 return VERR_EM_INTERPRETER;
2110 addr = param1.val.val64;
2111 break;
2112
2113 default:
2114 return VERR_EM_INTERPRETER;
2115 }
2116
2117 /** @todo is addr always a flat linear address or ds based
2118 * (in absence of segment override prefixes)????
2119 */
2120 rc = PGMInvalidatePage(pVM, addr);
2121 if (VBOX_SUCCESS(rc))
2122 {
2123 /* Manually invalidate the page for the VM's TLB. */
2124 Log(("SVMInvlpgA %VGv ASID=%d\n", addr, uASID));
2125 SVMInvlpgA(addr, uASID);
2126 return VINF_SUCCESS;
2127 }
2128 Assert(rc == VERR_REM_FLUSHED_PAGES_OVERFLOW);
2129 return rc;
2130}
2131
2132/**
2133 * Interprets INVLPG
2134 *
2135 * @returns VBox status code.
2136 * @retval VINF_* Scheduling instructions.
2137 * @retval VERR_EM_INTERPRETER Something we can't cope with.
2138 * @retval VERR_* Fatal errors.
2139 *
2140 * @param pVM The VM handle.
2141 * @param pRegFrame The register frame.
2142 * @param ASID Tagged TLB id for the guest
2143 *
2144 * Updates the EIP if an instruction was executed successfully.
2145 */
2146static int SVMR0InterpretInvpg(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t uASID)
2147{
2148 /*
2149 * Only allow 32 & 64 bits code.
2150 */
2151 DISCPUMODE enmMode = SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid);
2152 if (enmMode != CPUMODE_16BIT)
2153 {
2154 RTGCPTR pbCode;
2155 int rc = SELMValidateAndConvertCSAddr(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->rip, &pbCode);
2156 if (VBOX_SUCCESS(rc))
2157 {
2158 uint32_t cbOp;
2159 DISCPUSTATE Cpu;
2160
2161 Cpu.mode = enmMode;
2162 rc = EMInterpretDisasOneEx(pVM, pbCode, pRegFrame, &Cpu, &cbOp);
2163 Assert(VBOX_FAILURE(rc) || Cpu.pCurInstr->opcode == OP_INVLPG);
2164 if (VBOX_SUCCESS(rc) && Cpu.pCurInstr->opcode == OP_INVLPG)
2165 {
2166 Assert(cbOp == Cpu.opsize);
2167 rc = svmR0InterpretInvlPg(pVM, &Cpu, pRegFrame, uASID);
2168 if (VBOX_SUCCESS(rc))
2169 {
2170 pRegFrame->rip += cbOp; /* Move on to the next instruction. */
2171 }
2172 return rc;
2173 }
2174 }
2175 }
2176 return VERR_EM_INTERPRETER;
2177}
2178
2179
2180/**
2181 * Invalidates a guest page
2182 *
2183 * @returns VBox status code.
2184 * @param pVM The VM to operate on.
2185 * @param GCVirt Page to invalidate
2186 */
2187VMMR0DECL(int) SVMR0InvalidatePage(PVM pVM, RTGCPTR GCVirt)
2188{
2189 bool fFlushPending = pVM->hwaccm.s.svm.fAlwaysFlushTLB | pVM->hwaccm.s.fForceTLBFlush;
2190
2191 /* Skip it if a TLB flush is already pending. */
2192 if (!fFlushPending)
2193 {
2194 SVM_VMCB *pVMCB;
2195
2196 Log2(("SVMR0InvalidatePage %VGv\n", GCVirt));
2197 AssertReturn(pVM, VERR_INVALID_PARAMETER);
2198 Assert(pVM->hwaccm.s.svm.fSupported);
2199
2200 pVMCB = (SVM_VMCB *)pVM->hwaccm.s.svm.pVMCB;
2201 AssertMsgReturn(pVMCB, ("Invalid pVMCB\n"), VERR_EM_INTERNAL_ERROR);
2202
2203 STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushPageManual);
2204 SVMInvlpgA(GCVirt, pVMCB->ctrl.TLBCtrl.n.u32ASID);
2205 }
2206 return VINF_SUCCESS;
2207}
2208
2209
2210/**
2211 * Invalidates a guest page by physical address
2212 *
2213 * @returns VBox status code.
2214 * @param pVM The VM to operate on.
2215 * @param GCPhys Page to invalidate
2216 */
2217VMMR0DECL(int) SVMR0InvalidatePhysPage(PVM pVM, RTGCPHYS GCPhys)
2218{
2219 Assert(pVM->hwaccm.s.fNestedPaging);
2220 /* invlpga only invalidates TLB entries for guest virtual addresses; we have no choice but to force a TLB flush here. */
2221 pVM->hwaccm.s.fForceTLBFlush = true;
2222 STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushTLBInvlpga);
2223 return VINF_SUCCESS;
2224}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette