VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMR3/HM.cpp@ 81613

Last change on this file since 81613 was 81247, checked in by vboxsync, 5 years ago

VMM/HM: hmR3Save better rc handling.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 147.5 KB
Line 
1/* $Id: HM.cpp 81247 2019-10-14 10:18:54Z vboxsync $ */
2/** @file
3 * HM - Intel/AMD VM Hardware Support Manager.
4 */
5
6/*
7 * Copyright (C) 2006-2019 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/** @page pg_hm HM - Hardware Assisted Virtualization Manager
19 *
20 * The HM manages guest execution using the VT-x and AMD-V CPU hardware
21 * extensions.
22 *
23 * {summary of what HM does}
24 *
25 * Hardware assisted virtualization manager was originally abbreviated HWACCM,
26 * however that was cumbersome to write and parse for such a central component,
27 * so it was shortened to HM when refactoring the code in the 4.3 development
28 * cycle.
29 *
30 * {add sections with more details}
31 *
32 * @sa @ref grp_hm
33 */
34
35
36/*********************************************************************************************************************************
37* Header Files *
38*********************************************************************************************************************************/
39#define LOG_GROUP LOG_GROUP_HM
40#define VMCPU_INCL_CPUM_GST_CTX
41#include <VBox/vmm/cpum.h>
42#include <VBox/vmm/stam.h>
43#include <VBox/vmm/mm.h>
44#include <VBox/vmm/em.h>
45#include <VBox/vmm/pdmapi.h>
46#include <VBox/vmm/pgm.h>
47#include <VBox/vmm/ssm.h>
48#include <VBox/vmm/gim.h>
49#include <VBox/vmm/trpm.h>
50#include <VBox/vmm/dbgf.h>
51#include <VBox/vmm/iom.h>
52#include <VBox/vmm/iem.h>
53#include <VBox/vmm/selm.h>
54#include <VBox/vmm/nem.h>
55#include <VBox/vmm/hm_vmx.h>
56#include <VBox/vmm/hm_svm.h>
57#include "HMInternal.h"
58#include <VBox/vmm/vmcc.h>
59#include <VBox/err.h>
60#include <VBox/param.h>
61
62#include <iprt/assert.h>
63#include <VBox/log.h>
64#include <iprt/asm.h>
65#include <iprt/asm-amd64-x86.h>
66#include <iprt/env.h>
67#include <iprt/thread.h>
68
69
70/*********************************************************************************************************************************
71* Defined Constants And Macros *
72*********************************************************************************************************************************/
73/** @def HMVMX_REPORT_FEAT
74 * Reports VT-x feature to the release log.
75 *
76 * @param a_uAllowed1 Mask of allowed-1 feature bits.
77 * @param a_uAllowed0 Mask of allowed-0 feature bits.
78 * @param a_StrDesc The description string to report.
79 * @param a_Featflag Mask of the feature to report.
80 */
81#define HMVMX_REPORT_FEAT(a_uAllowed1, a_uAllowed0, a_StrDesc, a_Featflag) \
82 do { \
83 if ((a_uAllowed1) & (a_Featflag)) \
84 { \
85 if ((a_uAllowed0) & (a_Featflag)) \
86 LogRel(("HM: " a_StrDesc " (must be set)\n")); \
87 else \
88 LogRel(("HM: " a_StrDesc "\n")); \
89 } \
90 else \
91 LogRel(("HM: " a_StrDesc " (must be cleared)\n")); \
92 } while (0)
93
94/** @def HMVMX_REPORT_ALLOWED_FEAT
95 * Reports an allowed VT-x feature to the release log.
96 *
97 * @param a_uAllowed1 Mask of allowed-1 feature bits.
98 * @param a_StrDesc The description string to report.
99 * @param a_FeatFlag Mask of the feature to report.
100 */
101#define HMVMX_REPORT_ALLOWED_FEAT(a_uAllowed1, a_StrDesc, a_FeatFlag) \
102 do { \
103 if ((a_uAllowed1) & (a_FeatFlag)) \
104 LogRel(("HM: " a_StrDesc "\n")); \
105 else \
106 LogRel(("HM: " a_StrDesc " not supported\n")); \
107 } while (0)
108
109/** @def HMVMX_REPORT_MSR_CAP
110 * Reports MSR feature capability.
111 *
112 * @param a_MsrCaps Mask of MSR feature bits.
113 * @param a_StrDesc The description string to report.
114 * @param a_fCap Mask of the feature to report.
115 */
116#define HMVMX_REPORT_MSR_CAP(a_MsrCaps, a_StrDesc, a_fCap) \
117 do { \
118 if ((a_MsrCaps) & (a_fCap)) \
119 LogRel(("HM: " a_StrDesc "\n")); \
120 } while (0)
121
122/** @def HMVMX_LOGREL_FEAT
123 * Dumps a feature flag from a bitmap of features to the release log.
124 *
125 * @param a_fVal The value of all the features.
126 * @param a_fMask The specific bitmask of the feature.
127 */
128#define HMVMX_LOGREL_FEAT(a_fVal, a_fMask) \
129 do { \
130 if ((a_fVal) & (a_fMask)) \
131 LogRel(("HM: %s\n", #a_fMask)); \
132 } while (0)
133
134
135/*********************************************************************************************************************************
136* Internal Functions *
137*********************************************************************************************************************************/
138static DECLCALLBACK(int) hmR3Save(PVM pVM, PSSMHANDLE pSSM);
139static DECLCALLBACK(int) hmR3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass);
140static DECLCALLBACK(void) hmR3InfoSvmNstGstVmcbCache(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
141static DECLCALLBACK(void) hmR3Info(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
142static DECLCALLBACK(void) hmR3InfoEventPending(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
143static int hmR3InitFinalizeR3(PVM pVM);
144static int hmR3InitFinalizeR0(PVM pVM);
145static int hmR3InitFinalizeR0Intel(PVM pVM);
146static int hmR3InitFinalizeR0Amd(PVM pVM);
147static int hmR3TermCPU(PVM pVM);
148
149
150
151/**
152 * Initializes the HM.
153 *
154 * This is the very first component to really do init after CFGM so that we can
155 * establish the predominant execution engine for the VM prior to initializing
156 * other modules. It takes care of NEM initialization if needed (HM disabled or
157 * not available in HW).
158 *
159 * If VT-x or AMD-V hardware isn't available, HM will try fall back on a native
160 * hypervisor API via NEM, and then back on raw-mode if that isn't available
161 * either. The fallback to raw-mode will not happen if /HM/HMForced is set
162 * (like for guest using SMP or 64-bit as well as for complicated guest like OS
163 * X, OS/2 and others).
164 *
165 * Note that a lot of the set up work is done in ring-0 and thus postponed till
166 * the ring-3 and ring-0 callback to HMR3InitCompleted.
167 *
168 * @returns VBox status code.
169 * @param pVM The cross context VM structure.
170 *
171 * @remarks Be careful with what we call here, since most of the VMM components
172 * are uninitialized.
173 */
174VMMR3_INT_DECL(int) HMR3Init(PVM pVM)
175{
176 LogFlowFunc(("\n"));
177
178 /*
179 * Assert alignment and sizes.
180 */
181 AssertCompileMemberAlignment(VM, hm.s, 32);
182 AssertCompile(sizeof(pVM->hm.s) <= sizeof(pVM->hm.padding));
183
184 /*
185 * Register the saved state data unit.
186 */
187 int rc = SSMR3RegisterInternal(pVM, "HWACCM", 0, HM_SAVED_STATE_VERSION, sizeof(HM),
188 NULL, NULL, NULL,
189 NULL, hmR3Save, NULL,
190 NULL, hmR3Load, NULL);
191 if (RT_FAILURE(rc))
192 return rc;
193
194 /*
195 * Register info handlers.
196 */
197 rc = DBGFR3InfoRegisterInternalEx(pVM, "hm", "Dumps HM info.", hmR3Info, DBGFINFO_FLAGS_ALL_EMTS);
198 AssertRCReturn(rc, rc);
199
200 rc = DBGFR3InfoRegisterInternalEx(pVM, "hmeventpending", "Dumps the pending HM event.", hmR3InfoEventPending,
201 DBGFINFO_FLAGS_ALL_EMTS);
202 AssertRCReturn(rc, rc);
203
204 rc = DBGFR3InfoRegisterInternalEx(pVM, "svmvmcbcache", "Dumps the HM SVM nested-guest VMCB cache.",
205 hmR3InfoSvmNstGstVmcbCache, DBGFINFO_FLAGS_ALL_EMTS);
206 AssertRCReturn(rc, rc);
207
208 /*
209 * Read configuration.
210 */
211 PCFGMNODE pCfgHm = CFGMR3GetChild(CFGMR3GetRoot(pVM), "HM/");
212
213 /*
214 * Validate the HM settings.
215 */
216 rc = CFGMR3ValidateConfig(pCfgHm, "/HM/",
217 "HMForced" /* implied 'true' these days */
218 "|UseNEMInstead"
219 "|FallbackToNEM"
220 "|EnableNestedPaging"
221 "|EnableUX"
222 "|EnableLargePages"
223 "|EnableVPID"
224 "|IBPBOnVMExit"
225 "|IBPBOnVMEntry"
226 "|SpecCtrlByHost"
227 "|L1DFlushOnSched"
228 "|L1DFlushOnVMEntry"
229 "|MDSClearOnSched"
230 "|MDSClearOnVMEntry"
231 "|TPRPatchingEnabled"
232 "|64bitEnabled"
233 "|Exclusive"
234 "|MaxResumeLoops"
235 "|VmxPleGap"
236 "|VmxPleWindow"
237 "|UseVmxPreemptTimer"
238 "|SvmPauseFilter"
239 "|SvmPauseFilterThreshold"
240 "|SvmVirtVmsaveVmload"
241 "|SvmVGif"
242 "|LovelyMesaDrvWorkaround",
243 "" /* pszValidNodes */, "HM" /* pszWho */, 0 /* uInstance */);
244 if (RT_FAILURE(rc))
245 return rc;
246
247 /** @cfgm{/HM/HMForced, bool, false}
248 * Forces hardware virtualization, no falling back on raw-mode. HM must be
249 * enabled, i.e. /HMEnabled must be true. */
250 bool fHMForced;
251 AssertRelease(pVM->fHMEnabled);
252 fHMForced = true;
253
254 /** @cfgm{/HM/UseNEMInstead, bool, true}
255 * Don't use HM, use NEM instead. */
256 bool fUseNEMInstead = false;
257 rc = CFGMR3QueryBoolDef(pCfgHm, "UseNEMInstead", &fUseNEMInstead, false);
258 AssertRCReturn(rc, rc);
259 if (fUseNEMInstead && pVM->fHMEnabled)
260 {
261 LogRel(("HM: Setting fHMEnabled to false because fUseNEMInstead is set.\n"));
262 pVM->fHMEnabled = false;
263 }
264
265 /** @cfgm{/HM/FallbackToNEM, bool, true}
266 * Enables fallback on NEM. */
267 bool fFallbackToNEM = true;
268 rc = CFGMR3QueryBoolDef(pCfgHm, "FallbackToNEM", &fFallbackToNEM, true);
269 AssertRCReturn(rc, rc);
270
271 /** @cfgm{/HM/EnableNestedPaging, bool, false}
272 * Enables nested paging (aka extended page tables). */
273 rc = CFGMR3QueryBoolDef(pCfgHm, "EnableNestedPaging", &pVM->hm.s.fAllowNestedPaging, false);
274 AssertRCReturn(rc, rc);
275
276 /** @cfgm{/HM/EnableUX, bool, true}
277 * Enables the VT-x unrestricted execution feature. */
278 rc = CFGMR3QueryBoolDef(pCfgHm, "EnableUX", &pVM->hm.s.vmx.fAllowUnrestricted, true);
279 AssertRCReturn(rc, rc);
280
281 /** @cfgm{/HM/EnableLargePages, bool, false}
282 * Enables using large pages (2 MB) for guest memory, thus saving on (nested)
283 * page table walking and maybe better TLB hit rate in some cases. */
284 rc = CFGMR3QueryBoolDef(pCfgHm, "EnableLargePages", &pVM->hm.s.fLargePages, false);
285 AssertRCReturn(rc, rc);
286
287 /** @cfgm{/HM/EnableVPID, bool, false}
288 * Enables the VT-x VPID feature. */
289 rc = CFGMR3QueryBoolDef(pCfgHm, "EnableVPID", &pVM->hm.s.vmx.fAllowVpid, false);
290 AssertRCReturn(rc, rc);
291
292 /** @cfgm{/HM/TPRPatchingEnabled, bool, false}
293 * Enables TPR patching for 32-bit windows guests with IO-APIC. */
294 rc = CFGMR3QueryBoolDef(pCfgHm, "TPRPatchingEnabled", &pVM->hm.s.fTprPatchingAllowed, false);
295 AssertRCReturn(rc, rc);
296
297 /** @cfgm{/HM/64bitEnabled, bool, 32-bit:false, 64-bit:true}
298 * Enables AMD64 cpu features.
299 * On 32-bit hosts this isn't default and require host CPU support. 64-bit hosts
300 * already have the support. */
301#ifdef VBOX_WITH_64_BITS_GUESTS
302 rc = CFGMR3QueryBoolDef(pCfgHm, "64bitEnabled", &pVM->hm.s.fAllow64BitGuests, HC_ARCH_BITS == 64);
303 AssertLogRelRCReturn(rc, rc);
304#else
305 pVM->hm.s.fAllow64BitGuests = false;
306#endif
307
308 /** @cfgm{/HM/VmxPleGap, uint32_t, 0}
309 * The pause-filter exiting gap in TSC ticks. When the number of ticks between
310 * two successive PAUSE instructions exceeds VmxPleGap, the CPU considers the
311 * latest PAUSE instruction to be start of a new PAUSE loop.
312 */
313 rc = CFGMR3QueryU32Def(pCfgHm, "VmxPleGap", &pVM->hm.s.vmx.cPleGapTicks, 0);
314 AssertRCReturn(rc, rc);
315
316 /** @cfgm{/HM/VmxPleWindow, uint32_t, 0}
317 * The pause-filter exiting window in TSC ticks. When the number of ticks
318 * between the current PAUSE instruction and first PAUSE of a loop exceeds
319 * VmxPleWindow, a VM-exit is triggered.
320 *
321 * Setting VmxPleGap and VmxPleGap to 0 disables pause-filter exiting.
322 */
323 rc = CFGMR3QueryU32Def(pCfgHm, "VmxPleWindow", &pVM->hm.s.vmx.cPleWindowTicks, 0);
324 AssertRCReturn(rc, rc);
325
326 /** @cfgm{/HM/SvmPauseFilterCount, uint16_t, 0}
327 * A counter that is decrement each time a PAUSE instruction is executed by the
328 * guest. When the counter is 0, a \#VMEXIT is triggered.
329 *
330 * Setting SvmPauseFilterCount to 0 disables pause-filter exiting.
331 */
332 rc = CFGMR3QueryU16Def(pCfgHm, "SvmPauseFilter", &pVM->hm.s.svm.cPauseFilter, 0);
333 AssertRCReturn(rc, rc);
334
335 /** @cfgm{/HM/SvmPauseFilterThreshold, uint16_t, 0}
336 * The pause filter threshold in ticks. When the elapsed time (in ticks) between
337 * two successive PAUSE instructions exceeds SvmPauseFilterThreshold, the
338 * PauseFilter count is reset to its initial value. However, if PAUSE is
339 * executed PauseFilter times within PauseFilterThreshold ticks, a VM-exit will
340 * be triggered.
341 *
342 * Requires SvmPauseFilterCount to be non-zero for pause-filter threshold to be
343 * activated.
344 */
345 rc = CFGMR3QueryU16Def(pCfgHm, "SvmPauseFilterThreshold", &pVM->hm.s.svm.cPauseFilterThresholdTicks, 0);
346 AssertRCReturn(rc, rc);
347
348 /** @cfgm{/HM/SvmVirtVmsaveVmload, bool, true}
349 * Whether to make use of virtualized VMSAVE/VMLOAD feature of the CPU if it's
350 * available. */
351 rc = CFGMR3QueryBoolDef(pCfgHm, "SvmVirtVmsaveVmload", &pVM->hm.s.svm.fVirtVmsaveVmload, true);
352 AssertRCReturn(rc, rc);
353
354 /** @cfgm{/HM/SvmVGif, bool, true}
355 * Whether to make use of Virtual GIF (Global Interrupt Flag) feature of the CPU
356 * if it's available. */
357 rc = CFGMR3QueryBoolDef(pCfgHm, "SvmVGif", &pVM->hm.s.svm.fVGif, true);
358 AssertRCReturn(rc, rc);
359
360 /** @cfgm{/HM/Exclusive, bool}
361 * Determines the init method for AMD-V and VT-x. If set to true, HM will do a
362 * global init for each host CPU. If false, we do local init each time we wish
363 * to execute guest code.
364 *
365 * On Windows, default is false due to the higher risk of conflicts with other
366 * hypervisors.
367 *
368 * On Mac OS X, this setting is ignored since the code does not handle local
369 * init when it utilizes the OS provided VT-x function, SUPR0EnableVTx().
370 */
371#if defined(RT_OS_DARWIN)
372 pVM->hm.s.fGlobalInit = true;
373#else
374 rc = CFGMR3QueryBoolDef(pCfgHm, "Exclusive", &pVM->hm.s.fGlobalInit,
375# if defined(RT_OS_WINDOWS)
376 false
377# else
378 true
379# endif
380 );
381 AssertLogRelRCReturn(rc, rc);
382#endif
383
384 /** @cfgm{/HM/MaxResumeLoops, uint32_t}
385 * The number of times to resume guest execution before we forcibly return to
386 * ring-3. The return value of RTThreadPreemptIsPendingTrusty in ring-0
387 * determines the default value. */
388 rc = CFGMR3QueryU32Def(pCfgHm, "MaxResumeLoops", &pVM->hm.s.cMaxResumeLoops, 0 /* set by R0 later */);
389 AssertLogRelRCReturn(rc, rc);
390
391 /** @cfgm{/HM/UseVmxPreemptTimer, bool}
392 * Whether to make use of the VMX-preemption timer feature of the CPU if it's
393 * available. */
394 rc = CFGMR3QueryBoolDef(pCfgHm, "UseVmxPreemptTimer", &pVM->hm.s.vmx.fUsePreemptTimer, true);
395 AssertLogRelRCReturn(rc, rc);
396
397 /** @cfgm{/HM/IBPBOnVMExit, bool}
398 * Costly paranoia setting. */
399 rc = CFGMR3QueryBoolDef(pCfgHm, "IBPBOnVMExit", &pVM->hm.s.fIbpbOnVmExit, false);
400 AssertLogRelRCReturn(rc, rc);
401
402 /** @cfgm{/HM/IBPBOnVMEntry, bool}
403 * Costly paranoia setting. */
404 rc = CFGMR3QueryBoolDef(pCfgHm, "IBPBOnVMEntry", &pVM->hm.s.fIbpbOnVmEntry, false);
405 AssertLogRelRCReturn(rc, rc);
406
407 /** @cfgm{/HM/L1DFlushOnSched, bool, true}
408 * CVE-2018-3646 workaround, ignored on CPUs that aren't affected. */
409 rc = CFGMR3QueryBoolDef(pCfgHm, "L1DFlushOnSched", &pVM->hm.s.fL1dFlushOnSched, true);
410 AssertLogRelRCReturn(rc, rc);
411
412 /** @cfgm{/HM/L1DFlushOnVMEntry, bool}
413 * CVE-2018-3646 workaround, ignored on CPUs that aren't affected. */
414 rc = CFGMR3QueryBoolDef(pCfgHm, "L1DFlushOnVMEntry", &pVM->hm.s.fL1dFlushOnVmEntry, false);
415 AssertLogRelRCReturn(rc, rc);
416
417 /* Disable L1DFlushOnSched if L1DFlushOnVMEntry is enabled. */
418 if (pVM->hm.s.fL1dFlushOnVmEntry)
419 pVM->hm.s.fL1dFlushOnSched = false;
420
421 /** @cfgm{/HM/SpecCtrlByHost, bool}
422 * Another expensive paranoia setting. */
423 rc = CFGMR3QueryBoolDef(pCfgHm, "SpecCtrlByHost", &pVM->hm.s.fSpecCtrlByHost, false);
424 AssertLogRelRCReturn(rc, rc);
425
426 /** @cfgm{/HM/MDSClearOnSched, bool, true}
427 * CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 workaround,
428 * ignored on CPUs that aren't affected. */
429 rc = CFGMR3QueryBoolDef(pCfgHm, "MDSClearOnSched", &pVM->hm.s.fMdsClearOnSched, true);
430 AssertLogRelRCReturn(rc, rc);
431
432 /** @cfgm{/HM/MDSClearOnVmEntry, bool, false}
433 * CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 workaround,
434 * ignored on CPUs that aren't affected. */
435 rc = CFGMR3QueryBoolDef(pCfgHm, "MDSClearOnVmEntry", &pVM->hm.s.fMdsClearOnVmEntry, false);
436 AssertLogRelRCReturn(rc, rc);
437
438 /* Disable MDSClearOnSched if MDSClearOnVmEntry is enabled. */
439 if (pVM->hm.s.fMdsClearOnVmEntry)
440 pVM->hm.s.fMdsClearOnSched = false;
441
442 /** @cfgm{/HM/LovelyMesaDrvWorkaround,bool}
443 * Workaround for mesa vmsvga 3d driver making incorrect assumptions about
444 * the hypervisor it is running under. */
445 bool f;
446 rc = CFGMR3QueryBoolDef(pCfgHm, "LovelyMesaDrvWorkaround", &f, false);
447 AssertLogRelRCReturn(rc, rc);
448 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
449 {
450 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
451 pVCpu->hm.s.fTrapXcptGpForLovelyMesaDrv = f;
452 }
453
454 /*
455 * Check if VT-x or AMD-v support according to the users wishes.
456 */
457 /** @todo SUPR3QueryVTCaps won't catch VERR_VMX_IN_VMX_ROOT_MODE or
458 * VERR_SVM_IN_USE. */
459 if (pVM->fHMEnabled)
460 {
461 uint32_t fCaps;
462 rc = SUPR3QueryVTCaps(&fCaps);
463 if (RT_SUCCESS(rc))
464 {
465 if (fCaps & SUPVTCAPS_AMD_V)
466 {
467 pVM->hm.s.svm.fSupported = true;
468 LogRel(("HM: HMR3Init: AMD-V%s\n", fCaps & SUPVTCAPS_NESTED_PAGING ? " w/ nested paging" : ""));
469 VM_SET_MAIN_EXECUTION_ENGINE(pVM, VM_EXEC_ENGINE_HW_VIRT);
470 }
471 else if (fCaps & SUPVTCAPS_VT_X)
472 {
473 const char *pszWhy;
474 rc = SUPR3QueryVTxSupported(&pszWhy);
475 if (RT_SUCCESS(rc))
476 {
477 pVM->hm.s.vmx.fSupported = true;
478 LogRel(("HM: HMR3Init: VT-x%s%s%s\n",
479 fCaps & SUPVTCAPS_NESTED_PAGING ? " w/ nested paging" : "",
480 fCaps & SUPVTCAPS_VTX_UNRESTRICTED_GUEST ? " and unrestricted guest execution" : "",
481 (fCaps & (SUPVTCAPS_NESTED_PAGING | SUPVTCAPS_VTX_UNRESTRICTED_GUEST)) ? " hw support" : ""));
482 VM_SET_MAIN_EXECUTION_ENGINE(pVM, VM_EXEC_ENGINE_HW_VIRT);
483 }
484 else
485 {
486 /*
487 * Before failing, try fallback to NEM if we're allowed to do that.
488 */
489 pVM->fHMEnabled = false;
490 Assert(pVM->bMainExecutionEngine == VM_EXEC_ENGINE_NOT_SET);
491 if (fFallbackToNEM)
492 {
493 LogRel(("HM: HMR3Init: Attempting fall back to NEM: The host kernel does not support VT-x - %s\n", pszWhy));
494 int rc2 = NEMR3Init(pVM, true /*fFallback*/, fHMForced);
495
496 ASMCompilerBarrier(); /* NEMR3Init may have changed bMainExecutionEngine. */
497 if ( RT_SUCCESS(rc2)
498 && pVM->bMainExecutionEngine != VM_EXEC_ENGINE_NOT_SET)
499 rc = VINF_SUCCESS;
500 }
501 if (RT_FAILURE(rc))
502 return VMSetError(pVM, rc, RT_SRC_POS, "The host kernel does not support VT-x: %s\n", pszWhy);
503 }
504 }
505 else
506 AssertLogRelMsgFailedReturn(("SUPR3QueryVTCaps didn't return either AMD-V or VT-x flag set (%#x)!\n", fCaps),
507 VERR_INTERNAL_ERROR_5);
508
509 /*
510 * Disable nested paging and unrestricted guest execution now if they're
511 * configured so that CPUM can make decisions based on our configuration.
512 */
513 Assert(!pVM->hm.s.fNestedPaging);
514 if (pVM->hm.s.fAllowNestedPaging)
515 {
516 if (fCaps & SUPVTCAPS_NESTED_PAGING)
517 pVM->hm.s.fNestedPaging = true;
518 else
519 pVM->hm.s.fAllowNestedPaging = false;
520 }
521
522 if (fCaps & SUPVTCAPS_VT_X)
523 {
524 Assert(!pVM->hm.s.vmx.fUnrestrictedGuest);
525 if (pVM->hm.s.vmx.fAllowUnrestricted)
526 {
527 if ( (fCaps & SUPVTCAPS_VTX_UNRESTRICTED_GUEST)
528 && pVM->hm.s.fNestedPaging)
529 pVM->hm.s.vmx.fUnrestrictedGuest = true;
530 else
531 pVM->hm.s.vmx.fAllowUnrestricted = false;
532 }
533 }
534 }
535 else
536 {
537 const char *pszMsg;
538 switch (rc)
539 {
540 case VERR_UNSUPPORTED_CPU: pszMsg = "Unknown CPU, VT-x or AMD-v features cannot be ascertained"; break;
541 case VERR_VMX_NO_VMX: pszMsg = "VT-x is not available"; break;
542 case VERR_VMX_MSR_VMX_DISABLED: pszMsg = "VT-x is disabled in the BIOS"; break;
543 case VERR_VMX_MSR_ALL_VMX_DISABLED: pszMsg = "VT-x is disabled in the BIOS for all CPU modes"; break;
544 case VERR_VMX_MSR_LOCKING_FAILED: pszMsg = "Failed to enable and lock VT-x features"; break;
545 case VERR_SVM_NO_SVM: pszMsg = "AMD-V is not available"; break;
546 case VERR_SVM_DISABLED: pszMsg = "AMD-V is disabled in the BIOS (or by the host OS)"; break;
547 default:
548 return VMSetError(pVM, rc, RT_SRC_POS, "SUPR3QueryVTCaps failed with %Rrc", rc);
549 }
550
551 /*
552 * Before failing, try fallback to NEM if we're allowed to do that.
553 */
554 pVM->fHMEnabled = false;
555 if (fFallbackToNEM)
556 {
557 LogRel(("HM: HMR3Init: Attempting fall back to NEM: %s\n", pszMsg));
558 int rc2 = NEMR3Init(pVM, true /*fFallback*/, fHMForced);
559 ASMCompilerBarrier(); /* NEMR3Init may have changed bMainExecutionEngine. */
560 if ( RT_SUCCESS(rc2)
561 && pVM->bMainExecutionEngine != VM_EXEC_ENGINE_NOT_SET)
562 rc = VINF_SUCCESS;
563 }
564 if (RT_FAILURE(rc))
565 return VM_SET_ERROR(pVM, rc, pszMsg);
566 }
567 }
568 else
569 {
570 /*
571 * Disabled HM mean raw-mode, unless NEM is supposed to be used.
572 */
573 if (fUseNEMInstead)
574 {
575 rc = NEMR3Init(pVM, false /*fFallback*/, true);
576 ASMCompilerBarrier(); /* NEMR3Init may have changed bMainExecutionEngine. */
577 if (RT_FAILURE(rc))
578 return rc;
579 }
580 if ( pVM->bMainExecutionEngine == VM_EXEC_ENGINE_NOT_SET
581 || pVM->bMainExecutionEngine == VM_EXEC_ENGINE_RAW_MODE
582 || pVM->bMainExecutionEngine == VM_EXEC_ENGINE_HW_VIRT /* paranoia */)
583 return VM_SET_ERROR(pVM, rc, "Misconfigured VM: No guest execution engine available!");
584 }
585
586 Assert(pVM->bMainExecutionEngine != VM_EXEC_ENGINE_NOT_SET);
587 Assert(pVM->bMainExecutionEngine != VM_EXEC_ENGINE_RAW_MODE);
588 return VINF_SUCCESS;
589}
590
591
592/**
593 * Initializes HM components after ring-3 phase has been fully initialized.
594 *
595 * @returns VBox status code.
596 * @param pVM The cross context VM structure.
597 */
598static int hmR3InitFinalizeR3(PVM pVM)
599{
600 LogFlowFunc(("\n"));
601
602 if (!HMIsEnabled(pVM))
603 return VINF_SUCCESS;
604
605 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
606 {
607 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
608 pVCpu->hm.s.fActive = false;
609 pVCpu->hm.s.fGIMTrapXcptUD = GIMShouldTrapXcptUD(pVCpu); /* Is safe to call now since GIMR3Init() has completed. */
610 }
611
612#ifdef VBOX_WITH_STATISTICS
613 STAM_REG(pVM, &pVM->hm.s.StatTprPatchSuccess, STAMTYPE_COUNTER, "/HM/TPR/Patch/Success", STAMUNIT_OCCURENCES, "Number of times an instruction was successfully patched.");
614 STAM_REG(pVM, &pVM->hm.s.StatTprPatchFailure, STAMTYPE_COUNTER, "/HM/TPR/Patch/Failed", STAMUNIT_OCCURENCES, "Number of unsuccessful patch attempts.");
615 STAM_REG(pVM, &pVM->hm.s.StatTprReplaceSuccessCr8, STAMTYPE_COUNTER, "/HM/TPR/Replace/SuccessCR8", STAMUNIT_OCCURENCES, "Number of instruction replacements by MOV CR8.");
616 STAM_REG(pVM, &pVM->hm.s.StatTprReplaceSuccessVmc, STAMTYPE_COUNTER, "/HM/TPR/Replace/SuccessVMC", STAMUNIT_OCCURENCES, "Number of instruction replacements by VMMCALL.");
617 STAM_REG(pVM, &pVM->hm.s.StatTprReplaceFailure, STAMTYPE_COUNTER, "/HM/TPR/Replace/Failed", STAMUNIT_OCCURENCES, "Number of unsuccessful replace attempts.");
618#endif
619
620 /*
621 * Statistics.
622 */
623 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
624 {
625 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
626 PHMCPU pHmCpu = &pVCpu->hm.s;
627 int rc;
628
629# define HM_REG_STAT(a_pVar, a_enmType, s_enmVisibility, a_enmUnit, a_szNmFmt, a_szDesc) do { \
630 rc = STAMR3RegisterF(pVM, a_pVar, a_enmType, s_enmVisibility, a_enmUnit, a_szDesc, a_szNmFmt, idCpu); \
631 AssertRC(rc); \
632 } while (0)
633# define HM_REG_PROFILE(a_pVar, a_szNmFmt, a_szDesc) \
634 HM_REG_STAT(a_pVar, STAMTYPE_PROFILE, STAMVISIBILITY_USED, STAMUNIT_TICKS_PER_CALL, a_szNmFmt, a_szDesc)
635
636#ifdef VBOX_WITH_STATISTICS
637
638 HM_REG_PROFILE(&pHmCpu->StatPoke, "/PROF/CPU%u/HM/Poke", "Profiling of RTMpPokeCpu.");
639 HM_REG_PROFILE(&pHmCpu->StatSpinPoke, "/PROF/CPU%u/HM/PokeWait", "Profiling of poke wait.");
640 HM_REG_PROFILE(&pHmCpu->StatSpinPokeFailed, "/PROF/CPU%u/HM/PokeWaitFailed", "Profiling of poke wait when RTMpPokeCpu fails.");
641 HM_REG_PROFILE(&pHmCpu->StatEntry, "/PROF/CPU%u/HM/Entry", "Profiling of entry until entering GC.");
642 HM_REG_PROFILE(&pHmCpu->StatPreExit, "/PROF/CPU%u/HM/SwitchFromGC_1", "Profiling of pre-exit processing after returning from GC.");
643 HM_REG_PROFILE(&pHmCpu->StatExitHandling, "/PROF/CPU%u/HM/SwitchFromGC_2", "Profiling of exit handling (longjmps not included!)");
644 HM_REG_PROFILE(&pHmCpu->StatExitIO, "/PROF/CPU%u/HM/SwitchFromGC_2/IO", "I/O.");
645 HM_REG_PROFILE(&pHmCpu->StatExitMovCRx, "/PROF/CPU%u/HM/SwitchFromGC_2/MovCRx", "MOV CRx.");
646 HM_REG_PROFILE(&pHmCpu->StatExitXcptNmi, "/PROF/CPU%u/HM/SwitchFromGC_2/XcptNmi", "Exceptions, NMIs.");
647 HM_REG_PROFILE(&pHmCpu->StatExitVmentry, "/PROF/CPU%u/HM/SwitchFromGC_2/Vmentry", "VMLAUNCH/VMRESUME on Intel or VMRUN on AMD.");
648 HM_REG_PROFILE(&pHmCpu->StatImportGuestState, "/PROF/CPU%u/HM/ImportGuestState", "Profiling of importing guest state from hardware after VM-exit.");
649 HM_REG_PROFILE(&pHmCpu->StatExportGuestState, "/PROF/CPU%u/HM/ExportGuestState", "Profiling of exporting guest state to hardware before VM-entry.");
650 HM_REG_PROFILE(&pHmCpu->StatLoadGuestFpuState, "/PROF/CPU%u/HM/LoadGuestFpuState", "Profiling of CPUMR0LoadGuestFPU.");
651 HM_REG_PROFILE(&pHmCpu->StatInGC, "/PROF/CPU%u/HM/InGC", "Profiling of execution of guest-code in hardware.");
652# ifdef HM_PROFILE_EXIT_DISPATCH
653 HM_REG_STAT(&pHmCpu->StatExitDispatch, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_USED, STAMUNIT_TICKS_PER_CALL,
654 "/PROF/CPU%u/HM/ExitDispatch", "Profiling the dispatching of exit handlers.");
655# endif
656#endif
657# define HM_REG_COUNTER(a, b, desc) HM_REG_STAT(a, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, b, desc)
658
659#ifdef VBOX_WITH_STATISTICS
660 HM_REG_COUNTER(&pHmCpu->StatExitAll, "/HM/CPU%u/Exit/All", "Total exits (including nested-guest exits).");
661 HM_REG_COUNTER(&pHmCpu->StatNestedExitAll, "/HM/CPU%u/Exit/NestedGuest/All", "Total nested-guest exits.");
662 HM_REG_COUNTER(&pHmCpu->StatExitShadowNM, "/HM/CPU%u/Exit/Trap/Shw/#NM", "Shadow #NM (device not available, no math co-processor) exception.");
663 HM_REG_COUNTER(&pHmCpu->StatExitGuestNM, "/HM/CPU%u/Exit/Trap/Gst/#NM", "Guest #NM (device not available, no math co-processor) exception.");
664 HM_REG_COUNTER(&pHmCpu->StatExitShadowPF, "/HM/CPU%u/Exit/Trap/Shw/#PF", "Shadow #PF (page fault) exception.");
665 HM_REG_COUNTER(&pHmCpu->StatExitShadowPFEM, "/HM/CPU%u/Exit/Trap/Shw/#PF-EM", "#PF (page fault) exception going back to ring-3 for emulating the instruction.");
666 HM_REG_COUNTER(&pHmCpu->StatExitGuestPF, "/HM/CPU%u/Exit/Trap/Gst/#PF", "Guest #PF (page fault) exception.");
667 HM_REG_COUNTER(&pHmCpu->StatExitGuestUD, "/HM/CPU%u/Exit/Trap/Gst/#UD", "Guest #UD (undefined opcode) exception.");
668 HM_REG_COUNTER(&pHmCpu->StatExitGuestSS, "/HM/CPU%u/Exit/Trap/Gst/#SS", "Guest #SS (stack-segment fault) exception.");
669 HM_REG_COUNTER(&pHmCpu->StatExitGuestNP, "/HM/CPU%u/Exit/Trap/Gst/#NP", "Guest #NP (segment not present) exception.");
670 HM_REG_COUNTER(&pHmCpu->StatExitGuestTS, "/HM/CPU%u/Exit/Trap/Gst/#TS", "Guest #TS (task switch) exception.");
671 HM_REG_COUNTER(&pHmCpu->StatExitGuestOF, "/HM/CPU%u/Exit/Trap/Gst/#OF", "Guest #OF (overflow) exception.");
672 HM_REG_COUNTER(&pHmCpu->StatExitGuestGP, "/HM/CPU%u/Exit/Trap/Gst/#GP", "Guest #GP (general protection) exception.");
673 HM_REG_COUNTER(&pHmCpu->StatExitGuestDE, "/HM/CPU%u/Exit/Trap/Gst/#DE", "Guest #DE (divide error) exception.");
674 HM_REG_COUNTER(&pHmCpu->StatExitGuestDF, "/HM/CPU%u/Exit/Trap/Gst/#DF", "Guest #DF (double fault) exception.");
675 HM_REG_COUNTER(&pHmCpu->StatExitGuestBR, "/HM/CPU%u/Exit/Trap/Gst/#BR", "Guest #BR (boundary range exceeded) exception.");
676 HM_REG_COUNTER(&pHmCpu->StatExitGuestAC, "/HM/CPU%u/Exit/Trap/Gst/#AC", "Guest #AC (alignment check) exception.");
677 HM_REG_COUNTER(&pHmCpu->StatExitGuestDB, "/HM/CPU%u/Exit/Trap/Gst/#DB", "Guest #DB (debug) exception.");
678 HM_REG_COUNTER(&pHmCpu->StatExitGuestMF, "/HM/CPU%u/Exit/Trap/Gst/#MF", "Guest #MF (x87 FPU error, math fault) exception.");
679 HM_REG_COUNTER(&pHmCpu->StatExitGuestBP, "/HM/CPU%u/Exit/Trap/Gst/#BP", "Guest #BP (breakpoint) exception.");
680 HM_REG_COUNTER(&pHmCpu->StatExitGuestXF, "/HM/CPU%u/Exit/Trap/Gst/#XF", "Guest #XF (extended math fault, SIMD FPU) exception.");
681 HM_REG_COUNTER(&pHmCpu->StatExitGuestXcpUnk, "/HM/CPU%u/Exit/Trap/Gst/Other", "Other guest exceptions.");
682 HM_REG_COUNTER(&pHmCpu->StatExitRdmsr, "/HM/CPU%u/Exit/Instr/Rdmsr", "MSR read.");
683 HM_REG_COUNTER(&pHmCpu->StatExitWrmsr, "/HM/CPU%u/Exit/Instr/Wrmsr", "MSR write.");
684 HM_REG_COUNTER(&pHmCpu->StatExitDRxWrite, "/HM/CPU%u/Exit/Instr/DR-Write", "Debug register write.");
685 HM_REG_COUNTER(&pHmCpu->StatExitDRxRead, "/HM/CPU%u/Exit/Instr/DR-Read", "Debug register read.");
686 HM_REG_COUNTER(&pHmCpu->StatExitCR0Read, "/HM/CPU%u/Exit/Instr/CR-Read/CR0", "CR0 read.");
687 HM_REG_COUNTER(&pHmCpu->StatExitCR2Read, "/HM/CPU%u/Exit/Instr/CR-Read/CR2", "CR2 read.");
688 HM_REG_COUNTER(&pHmCpu->StatExitCR3Read, "/HM/CPU%u/Exit/Instr/CR-Read/CR3", "CR3 read.");
689 HM_REG_COUNTER(&pHmCpu->StatExitCR4Read, "/HM/CPU%u/Exit/Instr/CR-Read/CR4", "CR4 read.");
690 HM_REG_COUNTER(&pHmCpu->StatExitCR8Read, "/HM/CPU%u/Exit/Instr/CR-Read/CR8", "CR8 read.");
691 HM_REG_COUNTER(&pHmCpu->StatExitCR0Write, "/HM/CPU%u/Exit/Instr/CR-Write/CR0", "CR0 write.");
692 HM_REG_COUNTER(&pHmCpu->StatExitCR2Write, "/HM/CPU%u/Exit/Instr/CR-Write/CR2", "CR2 write.");
693 HM_REG_COUNTER(&pHmCpu->StatExitCR3Write, "/HM/CPU%u/Exit/Instr/CR-Write/CR3", "CR3 write.");
694 HM_REG_COUNTER(&pHmCpu->StatExitCR4Write, "/HM/CPU%u/Exit/Instr/CR-Write/CR4", "CR4 write.");
695 HM_REG_COUNTER(&pHmCpu->StatExitCR8Write, "/HM/CPU%u/Exit/Instr/CR-Write/CR8", "CR8 write.");
696 HM_REG_COUNTER(&pHmCpu->StatExitClts, "/HM/CPU%u/Exit/Instr/CLTS", "CLTS instruction.");
697 HM_REG_COUNTER(&pHmCpu->StatExitLmsw, "/HM/CPU%u/Exit/Instr/LMSW", "LMSW instruction.");
698 HM_REG_COUNTER(&pHmCpu->StatExitXdtrAccess, "/HM/CPU%u/Exit/Instr/XdtrAccess", "GDTR, IDTR, LDTR access.");
699 HM_REG_COUNTER(&pHmCpu->StatExitIOWrite, "/HM/CPU%u/Exit/Instr/IO/Write", "I/O write.");
700 HM_REG_COUNTER(&pHmCpu->StatExitIORead, "/HM/CPU%u/Exit/Instr/IO/Read", "I/O read.");
701 HM_REG_COUNTER(&pHmCpu->StatExitIOStringWrite, "/HM/CPU%u/Exit/Instr/IO/WriteString", "String I/O write.");
702 HM_REG_COUNTER(&pHmCpu->StatExitIOStringRead, "/HM/CPU%u/Exit/Instr/IO/ReadString", "String I/O read.");
703 HM_REG_COUNTER(&pHmCpu->StatExitIntWindow, "/HM/CPU%u/Exit/IntWindow", "Interrupt-window exit. Guest is ready to receive interrupts.");
704 HM_REG_COUNTER(&pHmCpu->StatExitExtInt, "/HM/CPU%u/Exit/ExtInt", "Physical maskable interrupt (host).");
705#endif
706 HM_REG_COUNTER(&pHmCpu->StatExitHostNmiInGC, "/HM/CPU%u/Exit/HostNmiInGC", "Host NMI received while in guest context.");
707 HM_REG_COUNTER(&pHmCpu->StatExitHostNmiInGCIpi, "/HM/CPU%u/Exit/HostNmiInGCIpi", "Host NMI received while in guest context dispatched using IPIs.");
708#ifdef VBOX_WITH_STATISTICS
709 HM_REG_COUNTER(&pHmCpu->StatExitPreemptTimer, "/HM/CPU%u/Exit/PreemptTimer", "VMX-preemption timer expired.");
710 HM_REG_COUNTER(&pHmCpu->StatExitTprBelowThreshold, "/HM/CPU%u/Exit/TprBelowThreshold", "TPR lowered below threshold by the guest.");
711 HM_REG_COUNTER(&pHmCpu->StatExitTaskSwitch, "/HM/CPU%u/Exit/TaskSwitch", "Task switch caused through task gate in IDT.");
712 HM_REG_COUNTER(&pHmCpu->StatExitApicAccess, "/HM/CPU%u/Exit/ApicAccess", "APIC access. Guest attempted to access memory at a physical address on the APIC-access page.");
713
714 HM_REG_COUNTER(&pHmCpu->StatSwitchTprMaskedIrq, "/HM/CPU%u/Switch/TprMaskedIrq", "PDMGetInterrupt() signals TPR masks pending Irq.");
715 HM_REG_COUNTER(&pHmCpu->StatSwitchGuestIrq, "/HM/CPU%u/Switch/IrqPending", "PDMGetInterrupt() cleared behind our back!?!.");
716 HM_REG_COUNTER(&pHmCpu->StatSwitchPendingHostIrq, "/HM/CPU%u/Switch/PendingHostIrq", "Exit to ring-3 due to pending host interrupt before executing guest code.");
717 HM_REG_COUNTER(&pHmCpu->StatSwitchHmToR3FF, "/HM/CPU%u/Switch/HmToR3FF", "Exit to ring-3 due to pending timers, EMT rendezvous, critical section etc.");
718 HM_REG_COUNTER(&pHmCpu->StatSwitchVmReq, "/HM/CPU%u/Switch/VmReq", "Exit to ring-3 due to pending VM requests.");
719 HM_REG_COUNTER(&pHmCpu->StatSwitchPgmPoolFlush, "/HM/CPU%u/Switch/PgmPoolFlush", "Exit to ring-3 due to pending PGM pool flush.");
720 HM_REG_COUNTER(&pHmCpu->StatSwitchDma, "/HM/CPU%u/Switch/PendingDma", "Exit to ring-3 due to pending DMA requests.");
721 HM_REG_COUNTER(&pHmCpu->StatSwitchExitToR3, "/HM/CPU%u/Switch/ExitToR3", "Exit to ring-3 (total).");
722 HM_REG_COUNTER(&pHmCpu->StatSwitchLongJmpToR3, "/HM/CPU%u/Switch/LongJmpToR3", "Longjump to ring-3.");
723 HM_REG_COUNTER(&pHmCpu->StatSwitchMaxResumeLoops, "/HM/CPU%u/Switch/MaxResumeLoops", "Maximum VMRESUME inner-loop counter reached.");
724 HM_REG_COUNTER(&pHmCpu->StatSwitchHltToR3, "/HM/CPU%u/Switch/HltToR3", "HLT causing us to go to ring-3.");
725 HM_REG_COUNTER(&pHmCpu->StatSwitchApicAccessToR3, "/HM/CPU%u/Switch/ApicAccessToR3", "APIC access causing us to go to ring-3.");
726#endif
727 HM_REG_COUNTER(&pHmCpu->StatSwitchPreempt, "/HM/CPU%u/Switch/Preempting", "EMT has been preempted while in HM context.");
728#ifdef VBOX_WITH_STATISTICS
729 HM_REG_COUNTER(&pHmCpu->StatSwitchNstGstVmexit, "/HM/CPU%u/Switch/NstGstVmexit", "Nested-guest VM-exit occurred.");
730
731 HM_REG_COUNTER(&pHmCpu->StatInjectInterrupt, "/HM/CPU%u/EventInject/Interrupt", "Injected an external interrupt into the guest.");
732 HM_REG_COUNTER(&pHmCpu->StatInjectXcpt, "/HM/CPU%u/EventInject/Trap", "Injected an exception into the guest.");
733 HM_REG_COUNTER(&pHmCpu->StatInjectReflect, "/HM/CPU%u/EventInject/Reflect", "Reflecting an exception caused due to event injection.");
734 HM_REG_COUNTER(&pHmCpu->StatInjectConvertDF, "/HM/CPU%u/EventInject/ReflectDF", "Injected a converted #DF caused due to event injection.");
735 HM_REG_COUNTER(&pHmCpu->StatInjectInterpret, "/HM/CPU%u/EventInject/Interpret", "Falling back to interpreter for handling exception caused due to event injection.");
736 HM_REG_COUNTER(&pHmCpu->StatInjectReflectNPF, "/HM/CPU%u/EventInject/ReflectNPF", "Reflecting event that caused an EPT violation / nested #PF.");
737
738 HM_REG_COUNTER(&pHmCpu->StatFlushPage, "/HM/CPU%u/Flush/Page", "Invalidating a guest page on all guest CPUs.");
739 HM_REG_COUNTER(&pHmCpu->StatFlushPageManual, "/HM/CPU%u/Flush/Page/Virt", "Invalidating a guest page using guest-virtual address.");
740 HM_REG_COUNTER(&pHmCpu->StatFlushPhysPageManual, "/HM/CPU%u/Flush/Page/Phys", "Invalidating a guest page using guest-physical address.");
741 HM_REG_COUNTER(&pHmCpu->StatFlushTlb, "/HM/CPU%u/Flush/TLB", "Forcing a full guest-TLB flush (ring-0).");
742 HM_REG_COUNTER(&pHmCpu->StatFlushTlbManual, "/HM/CPU%u/Flush/TLB/Manual", "Request a full guest-TLB flush.");
743 HM_REG_COUNTER(&pHmCpu->StatFlushTlbNstGst, "/HM/CPU%u/Flush/TLB/NestedGuest", "Request a nested-guest-TLB flush.");
744 HM_REG_COUNTER(&pHmCpu->StatFlushTlbWorldSwitch, "/HM/CPU%u/Flush/TLB/CpuSwitch", "Forcing a full guest-TLB flush due to host-CPU reschedule or ASID-limit hit by another guest-VCPU.");
745 HM_REG_COUNTER(&pHmCpu->StatNoFlushTlbWorldSwitch, "/HM/CPU%u/Flush/TLB/Skipped", "No TLB flushing required.");
746 HM_REG_COUNTER(&pHmCpu->StatFlushEntire, "/HM/CPU%u/Flush/TLB/Entire", "Flush the entire TLB (host + guest).");
747 HM_REG_COUNTER(&pHmCpu->StatFlushAsid, "/HM/CPU%u/Flush/TLB/ASID", "Flushed guest-TLB entries for the current VPID.");
748 HM_REG_COUNTER(&pHmCpu->StatFlushNestedPaging, "/HM/CPU%u/Flush/TLB/NestedPaging", "Flushed guest-TLB entries for the current EPT.");
749 HM_REG_COUNTER(&pHmCpu->StatFlushTlbInvlpgVirt, "/HM/CPU%u/Flush/TLB/InvlpgVirt", "Invalidated a guest-TLB entry for a guest-virtual address.");
750 HM_REG_COUNTER(&pHmCpu->StatFlushTlbInvlpgPhys, "/HM/CPU%u/Flush/TLB/InvlpgPhys", "Currently not possible, flushes entire guest-TLB.");
751 HM_REG_COUNTER(&pHmCpu->StatTlbShootdown, "/HM/CPU%u/Flush/Shootdown/Page", "Inter-VCPU request to flush queued guest page.");
752 HM_REG_COUNTER(&pHmCpu->StatTlbShootdownFlush, "/HM/CPU%u/Flush/Shootdown/TLB", "Inter-VCPU request to flush entire guest-TLB.");
753
754 HM_REG_COUNTER(&pHmCpu->StatTscParavirt, "/HM/CPU%u/TSC/Paravirt", "Paravirtualized TSC in effect.");
755 HM_REG_COUNTER(&pHmCpu->StatTscOffset, "/HM/CPU%u/TSC/Offset", "TSC offsetting is in effect.");
756 HM_REG_COUNTER(&pHmCpu->StatTscIntercept, "/HM/CPU%u/TSC/Intercept", "Intercept TSC accesses.");
757
758 HM_REG_COUNTER(&pHmCpu->StatDRxArmed, "/HM/CPU%u/Debug/Armed", "Loaded guest-debug state while loading guest-state.");
759 HM_REG_COUNTER(&pHmCpu->StatDRxContextSwitch, "/HM/CPU%u/Debug/ContextSwitch", "Loaded guest-debug state on MOV DRx.");
760 HM_REG_COUNTER(&pHmCpu->StatDRxIoCheck, "/HM/CPU%u/Debug/IOCheck", "Checking for I/O breakpoint.");
761
762 HM_REG_COUNTER(&pHmCpu->StatExportMinimal, "/HM/CPU%u/Export/Minimal", "VM-entry exporting minimal guest-state.");
763 HM_REG_COUNTER(&pHmCpu->StatExportFull, "/HM/CPU%u/Export/Full", "VM-entry exporting the full guest-state.");
764 HM_REG_COUNTER(&pHmCpu->StatLoadGuestFpu, "/HM/CPU%u/Export/GuestFpu", "VM-entry loading the guest-FPU state.");
765 HM_REG_COUNTER(&pHmCpu->StatExportHostState, "/HM/CPU%u/Export/HostState", "VM-entry exporting host-state.");
766
767 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadRmSelBase, "/HM/CPU%u/VMXCheck/RMSelBase", "Could not use VMX due to unsuitable real-mode selector base.");
768 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadRmSelLimit, "/HM/CPU%u/VMXCheck/RMSelLimit", "Could not use VMX due to unsuitable real-mode selector limit.");
769 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadRmSelAttr, "/HM/CPU%u/VMXCheck/RMSelAttrs", "Could not use VMX due to unsuitable real-mode selector attributes.");
770
771 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadV86SelBase, "/HM/CPU%u/VMXCheck/V86SelBase", "Could not use VMX due to unsuitable v8086-mode selector base.");
772 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadV86SelLimit, "/HM/CPU%u/VMXCheck/V86SelLimit", "Could not use VMX due to unsuitable v8086-mode selector limit.");
773 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadV86SelAttr, "/HM/CPU%u/VMXCheck/V86SelAttrs", "Could not use VMX due to unsuitable v8086-mode selector attributes.");
774
775 HM_REG_COUNTER(&pHmCpu->StatVmxCheckRmOk, "/HM/CPU%u/VMXCheck/VMX_RM", "VMX execution in real (V86) mode OK.");
776 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadSel, "/HM/CPU%u/VMXCheck/Selector", "Could not use VMX due to unsuitable selector.");
777 HM_REG_COUNTER(&pHmCpu->StatVmxCheckBadRpl, "/HM/CPU%u/VMXCheck/RPL", "Could not use VMX due to unsuitable RPL.");
778 HM_REG_COUNTER(&pHmCpu->StatVmxCheckPmOk, "/HM/CPU%u/VMXCheck/VMX_PM", "VMX execution in protected mode OK.");
779
780 bool const fCpuSupportsVmx = ASMIsIntelCpu() || ASMIsViaCentaurCpu() || ASMIsShanghaiCpu();
781
782 /*
783 * Guest Exit reason stats.
784 */
785 pHmCpu->paStatExitReason = NULL;
786 rc = MMHyperAlloc(pVM, MAX_EXITREASON_STAT * sizeof(*pHmCpu->paStatExitReason), 0 /* uAlignment */, MM_TAG_HM,
787 (void **)&pHmCpu->paStatExitReason);
788 AssertRCReturn(rc, rc);
789
790 if (fCpuSupportsVmx)
791 {
792 for (int j = 0; j < MAX_EXITREASON_STAT; j++)
793 {
794 const char *pszExitName = HMGetVmxExitName(j);
795 if (pszExitName)
796 {
797 rc = STAMR3RegisterF(pVM, &pHmCpu->paStatExitReason[j], STAMTYPE_COUNTER, STAMVISIBILITY_USED,
798 STAMUNIT_OCCURENCES, pszExitName, "/HM/CPU%u/Exit/Reason/%02x", idCpu, j);
799 AssertRCReturn(rc, rc);
800 }
801 }
802 }
803 else
804 {
805 for (int j = 0; j < MAX_EXITREASON_STAT; j++)
806 {
807 const char *pszExitName = HMGetSvmExitName(j);
808 if (pszExitName)
809 {
810 rc = STAMR3RegisterF(pVM, &pHmCpu->paStatExitReason[j], STAMTYPE_COUNTER, STAMVISIBILITY_USED,
811 STAMUNIT_OCCURENCES, pszExitName, "/HM/CPU%u/Exit/Reason/%02x", idCpu, j);
812 AssertRC(rc);
813 }
814 }
815 }
816 HM_REG_COUNTER(&pHmCpu->StatExitReasonNpf, "/HM/CPU%u/Exit/Reason/#NPF", "Nested page faults");
817
818 pHmCpu->paStatExitReasonR0 = MMHyperR3ToR0(pVM, pHmCpu->paStatExitReason);
819 Assert(pHmCpu->paStatExitReasonR0 != NIL_RTR0PTR);
820
821#if defined(VBOX_WITH_NESTED_HWVIRT_SVM) || defined(VBOX_WITH_NESTED_HWVIRT_VMX)
822 /*
823 * Nested-guest VM-exit reason stats.
824 */
825 pHmCpu->paStatNestedExitReason = NULL;
826 rc = MMHyperAlloc(pVM, MAX_EXITREASON_STAT * sizeof(*pHmCpu->paStatNestedExitReason), 0 /* uAlignment */, MM_TAG_HM,
827 (void **)&pHmCpu->paStatNestedExitReason);
828 AssertRCReturn(rc, rc);
829 if (fCpuSupportsVmx)
830 {
831 for (int j = 0; j < MAX_EXITREASON_STAT; j++)
832 {
833 const char *pszExitName = HMGetVmxExitName(j);
834 if (pszExitName)
835 {
836 rc = STAMR3RegisterF(pVM, &pHmCpu->paStatNestedExitReason[j], STAMTYPE_COUNTER, STAMVISIBILITY_USED,
837 STAMUNIT_OCCURENCES, pszExitName, "/HM/CPU%u/Exit/NestedGuest/Reason/%02x", idCpu, j);
838 AssertRC(rc);
839 }
840 }
841 }
842 else
843 {
844 for (int j = 0; j < MAX_EXITREASON_STAT; j++)
845 {
846 const char *pszExitName = HMGetSvmExitName(j);
847 if (pszExitName)
848 {
849 rc = STAMR3RegisterF(pVM, &pHmCpu->paStatNestedExitReason[j], STAMTYPE_COUNTER, STAMVISIBILITY_USED,
850 STAMUNIT_OCCURENCES, pszExitName, "/HM/CPU%u/Exit/NestedGuest/Reason/%02x", idCpu, j);
851 AssertRC(rc);
852 }
853 }
854 }
855 HM_REG_COUNTER(&pHmCpu->StatNestedExitReasonNpf, "/HM/CPU%u/Exit/NestedGuest/Reason/#NPF", "Nested page faults");
856 pHmCpu->paStatNestedExitReasonR0 = MMHyperR3ToR0(pVM, pHmCpu->paStatNestedExitReason);
857 Assert(pHmCpu->paStatNestedExitReasonR0 != NIL_RTR0PTR);
858#endif
859
860 /*
861 * Injected events stats.
862 */
863 rc = MMHyperAlloc(pVM, sizeof(STAMCOUNTER) * 256, 8, MM_TAG_HM, (void **)&pHmCpu->paStatInjectedIrqs);
864 AssertRCReturn(rc, rc);
865 pHmCpu->paStatInjectedIrqsR0 = MMHyperR3ToR0(pVM, pHmCpu->paStatInjectedIrqs);
866 Assert(pHmCpu->paStatInjectedIrqsR0 != NIL_RTR0PTR);
867 for (unsigned j = 0; j < 255; j++)
868 {
869 rc = STAMR3RegisterF(pVM, &pHmCpu->paStatInjectedIrqs[j], STAMTYPE_COUNTER, STAMVISIBILITY_USED,
870 STAMUNIT_OCCURENCES, "Injected events.",
871 j < 0x20 ? "/HM/CPU%u/EventInject/InjectTrap/%02X" : "/HM/CPU%u/EventInject/InjectIRQ/%02X",
872 idCpu, j);
873 AssertRC(rc);
874 }
875
876#endif /* VBOX_WITH_STATISTICS */
877#undef HM_REG_COUNTER
878#undef HM_REG_PROFILE
879#undef HM_REG_STAT
880 }
881
882 return VINF_SUCCESS;
883}
884
885
886/**
887 * Called when a init phase has completed.
888 *
889 * @returns VBox status code.
890 * @param pVM The cross context VM structure.
891 * @param enmWhat The phase that completed.
892 */
893VMMR3_INT_DECL(int) HMR3InitCompleted(PVM pVM, VMINITCOMPLETED enmWhat)
894{
895 switch (enmWhat)
896 {
897 case VMINITCOMPLETED_RING3:
898 return hmR3InitFinalizeR3(pVM);
899 case VMINITCOMPLETED_RING0:
900 return hmR3InitFinalizeR0(pVM);
901 default:
902 return VINF_SUCCESS;
903 }
904}
905
906
907/**
908 * Turns off normal raw mode features.
909 *
910 * @param pVM The cross context VM structure.
911 */
912static void hmR3DisableRawMode(PVM pVM)
913{
914/** @todo r=bird: HM shouldn't be doing this crap. */
915 /* Reinit the paging mode to force the new shadow mode. */
916 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
917 {
918 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
919 PGMHCChangeMode(pVM, pVCpu, PGMMODE_REAL);
920 }
921}
922
923
924/**
925 * Initialize VT-x or AMD-V.
926 *
927 * @returns VBox status code.
928 * @param pVM The cross context VM structure.
929 */
930static int hmR3InitFinalizeR0(PVM pVM)
931{
932 int rc;
933
934 if (!HMIsEnabled(pVM))
935 return VINF_SUCCESS;
936
937 /*
938 * Hack to allow users to work around broken BIOSes that incorrectly set
939 * EFER.SVME, which makes us believe somebody else is already using AMD-V.
940 */
941 if ( !pVM->hm.s.vmx.fSupported
942 && !pVM->hm.s.svm.fSupported
943 && pVM->hm.s.rcInit == VERR_SVM_IN_USE /* implies functional AMD-V */
944 && RTEnvExist("VBOX_HWVIRTEX_IGNORE_SVM_IN_USE"))
945 {
946 LogRel(("HM: VBOX_HWVIRTEX_IGNORE_SVM_IN_USE active!\n"));
947 pVM->hm.s.svm.fSupported = true;
948 pVM->hm.s.svm.fIgnoreInUseError = true;
949 pVM->hm.s.rcInit = VINF_SUCCESS;
950 }
951
952 /*
953 * Report ring-0 init errors.
954 */
955 if ( !pVM->hm.s.vmx.fSupported
956 && !pVM->hm.s.svm.fSupported)
957 {
958 LogRel(("HM: Failed to initialize VT-x / AMD-V: %Rrc\n", pVM->hm.s.rcInit));
959 LogRel(("HM: VMX MSR_IA32_FEATURE_CONTROL=%RX64\n", pVM->hm.s.vmx.Msrs.u64FeatCtrl));
960 switch (pVM->hm.s.rcInit)
961 {
962 case VERR_VMX_IN_VMX_ROOT_MODE:
963 return VM_SET_ERROR(pVM, VERR_VMX_IN_VMX_ROOT_MODE, "VT-x is being used by another hypervisor");
964 case VERR_VMX_NO_VMX:
965 return VM_SET_ERROR(pVM, VERR_VMX_NO_VMX, "VT-x is not available");
966 case VERR_VMX_MSR_VMX_DISABLED:
967 return VM_SET_ERROR(pVM, VERR_VMX_MSR_VMX_DISABLED, "VT-x is disabled in the BIOS");
968 case VERR_VMX_MSR_ALL_VMX_DISABLED:
969 return VM_SET_ERROR(pVM, VERR_VMX_MSR_ALL_VMX_DISABLED, "VT-x is disabled in the BIOS for all CPU modes");
970 case VERR_VMX_MSR_LOCKING_FAILED:
971 return VM_SET_ERROR(pVM, VERR_VMX_MSR_LOCKING_FAILED, "Failed to lock VT-x features while trying to enable VT-x");
972 case VERR_VMX_MSR_VMX_ENABLE_FAILED:
973 return VM_SET_ERROR(pVM, VERR_VMX_MSR_VMX_ENABLE_FAILED, "Failed to enable VT-x features");
974 case VERR_VMX_MSR_SMX_VMX_ENABLE_FAILED:
975 return VM_SET_ERROR(pVM, VERR_VMX_MSR_SMX_VMX_ENABLE_FAILED, "Failed to enable VT-x features in SMX mode");
976
977 case VERR_SVM_IN_USE:
978 return VM_SET_ERROR(pVM, VERR_SVM_IN_USE, "AMD-V is being used by another hypervisor");
979 case VERR_SVM_NO_SVM:
980 return VM_SET_ERROR(pVM, VERR_SVM_NO_SVM, "AMD-V is not available");
981 case VERR_SVM_DISABLED:
982 return VM_SET_ERROR(pVM, VERR_SVM_DISABLED, "AMD-V is disabled in the BIOS");
983 }
984 return VMSetError(pVM, pVM->hm.s.rcInit, RT_SRC_POS, "HM ring-0 init failed: %Rrc", pVM->hm.s.rcInit);
985 }
986
987 /*
988 * Enable VT-x or AMD-V on all host CPUs.
989 */
990 rc = SUPR3CallVMMR0Ex(VMCC_GET_VMR0_FOR_CALL(pVM), 0 /*idCpu*/, VMMR0_DO_HM_ENABLE, 0, NULL);
991 if (RT_FAILURE(rc))
992 {
993 LogRel(("HM: Failed to enable, error %Rrc\n", rc));
994 HMR3CheckError(pVM, rc);
995 return rc;
996 }
997
998 /*
999 * No TPR patching is required when the IO-APIC is not enabled for this VM.
1000 * (Main should have taken care of this already)
1001 */
1002 if (!PDMHasIoApic(pVM))
1003 {
1004 Assert(!pVM->hm.s.fTprPatchingAllowed); /* paranoia */
1005 pVM->hm.s.fTprPatchingAllowed = false;
1006 }
1007
1008 /*
1009 * Check if L1D flush is needed/possible.
1010 */
1011 if ( !pVM->cpum.ro.HostFeatures.fFlushCmd
1012 || pVM->cpum.ro.HostFeatures.enmMicroarch < kCpumMicroarch_Intel_Core7_Nehalem
1013 || pVM->cpum.ro.HostFeatures.enmMicroarch >= kCpumMicroarch_Intel_Core7_End
1014 || pVM->cpum.ro.HostFeatures.fArchVmmNeedNotFlushL1d
1015 || pVM->cpum.ro.HostFeatures.fArchRdclNo)
1016 pVM->hm.s.fL1dFlushOnSched = pVM->hm.s.fL1dFlushOnVmEntry = false;
1017
1018 /*
1019 * Check if MDS flush is needed/possible.
1020 * On atoms and knight family CPUs, we will only allow clearing on scheduling.
1021 */
1022 if ( !pVM->cpum.ro.HostFeatures.fMdsClear
1023 || pVM->cpum.ro.HostFeatures.fArchMdsNo)
1024 pVM->hm.s.fMdsClearOnSched = pVM->hm.s.fMdsClearOnVmEntry = false;
1025 else if ( ( pVM->cpum.ro.HostFeatures.enmMicroarch >= kCpumMicroarch_Intel_Atom_Airmount
1026 && pVM->cpum.ro.HostFeatures.enmMicroarch < kCpumMicroarch_Intel_Atom_End)
1027 || ( pVM->cpum.ro.HostFeatures.enmMicroarch >= kCpumMicroarch_Intel_Phi_KnightsLanding
1028 && pVM->cpum.ro.HostFeatures.enmMicroarch < kCpumMicroarch_Intel_Phi_End))
1029 {
1030 if (!pVM->hm.s.fMdsClearOnSched)
1031 pVM->hm.s.fMdsClearOnSched = pVM->hm.s.fMdsClearOnVmEntry;
1032 pVM->hm.s.fMdsClearOnVmEntry = false;
1033 }
1034 else if ( pVM->cpum.ro.HostFeatures.enmMicroarch < kCpumMicroarch_Intel_Core7_Nehalem
1035 || pVM->cpum.ro.HostFeatures.enmMicroarch >= kCpumMicroarch_Intel_Core7_End)
1036 pVM->hm.s.fMdsClearOnSched = pVM->hm.s.fMdsClearOnVmEntry = false;
1037
1038 /*
1039 * Sync options.
1040 */
1041 /** @todo Move this out of of CPUMCTX and into some ring-0 only HM structure.
1042 * That will require a little bit of work, of course. */
1043 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1044 {
1045 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
1046 PCPUMCTX pCpuCtx = &pVCpu->cpum.GstCtx;
1047 pCpuCtx->fWorldSwitcher &= ~(CPUMCTX_WSF_IBPB_EXIT | CPUMCTX_WSF_IBPB_ENTRY);
1048 if (pVM->cpum.ro.HostFeatures.fIbpb)
1049 {
1050 if (pVM->hm.s.fIbpbOnVmExit)
1051 pCpuCtx->fWorldSwitcher |= CPUMCTX_WSF_IBPB_EXIT;
1052 if (pVM->hm.s.fIbpbOnVmEntry)
1053 pCpuCtx->fWorldSwitcher |= CPUMCTX_WSF_IBPB_ENTRY;
1054 }
1055 if (pVM->cpum.ro.HostFeatures.fFlushCmd && pVM->hm.s.fL1dFlushOnVmEntry)
1056 pCpuCtx->fWorldSwitcher |= CPUMCTX_WSF_L1D_ENTRY;
1057 if (pVM->cpum.ro.HostFeatures.fMdsClear && pVM->hm.s.fMdsClearOnVmEntry)
1058 pCpuCtx->fWorldSwitcher |= CPUMCTX_WSF_MDS_ENTRY;
1059 if (idCpu == 0)
1060 LogRel(("HM: fWorldSwitcher=%#x (fIbpbOnVmExit=%RTbool fIbpbOnVmEntry=%RTbool fL1dFlushOnVmEntry=%RTbool); fL1dFlushOnSched=%RTbool fMdsClearOnVmEntry=%RTbool\n",
1061 pCpuCtx->fWorldSwitcher, pVM->hm.s.fIbpbOnVmExit, pVM->hm.s.fIbpbOnVmEntry, pVM->hm.s.fL1dFlushOnVmEntry,
1062 pVM->hm.s.fL1dFlushOnSched, pVM->hm.s.fMdsClearOnVmEntry));
1063 }
1064
1065 /*
1066 * Do the vendor specific initialization
1067 *
1068 * Note! We disable release log buffering here since we're doing relatively
1069 * lot of logging and doesn't want to hit the disk with each LogRel
1070 * statement.
1071 */
1072 AssertLogRelReturn(!pVM->hm.s.fInitialized, VERR_HM_IPE_5);
1073 bool fOldBuffered = RTLogRelSetBuffering(true /*fBuffered*/);
1074 if (pVM->hm.s.vmx.fSupported)
1075 rc = hmR3InitFinalizeR0Intel(pVM);
1076 else
1077 rc = hmR3InitFinalizeR0Amd(pVM);
1078 LogRel((pVM->hm.s.fGlobalInit ? "HM: VT-x/AMD-V init method: Global\n"
1079 : "HM: VT-x/AMD-V init method: Local\n"));
1080 RTLogRelSetBuffering(fOldBuffered);
1081 pVM->hm.s.fInitialized = true;
1082
1083 return rc;
1084}
1085
1086
1087/**
1088 * @callback_method_impl{FNPDMVMMDEVHEAPNOTIFY}
1089 */
1090static DECLCALLBACK(void) hmR3VmmDevHeapNotify(PVM pVM, void *pvAllocation, RTGCPHYS GCPhysAllocation)
1091{
1092 NOREF(pVM);
1093 NOREF(pvAllocation);
1094 NOREF(GCPhysAllocation);
1095}
1096
1097
1098/**
1099 * Returns a description of the VMCS (and associated regions') memory type given the
1100 * IA32_VMX_BASIC MSR.
1101 *
1102 * @returns The descriptive memory type.
1103 * @param uMsrVmxBasic IA32_VMX_BASIC MSR value.
1104 */
1105static const char *hmR3VmxGetMemTypeDesc(uint64_t uMsrVmxBasic)
1106{
1107 uint8_t const uMemType = RT_BF_GET(uMsrVmxBasic, VMX_BF_BASIC_VMCS_MEM_TYPE);
1108 switch (uMemType)
1109 {
1110 case VMX_BASIC_MEM_TYPE_WB: return "Write Back (WB)";
1111 case VMX_BASIC_MEM_TYPE_UC: return "Uncacheable (UC)";
1112 }
1113 return "Unknown";
1114}
1115
1116
1117/**
1118 * Returns a single-line description of all the activity-states supported by the CPU
1119 * given the IA32_VMX_MISC MSR.
1120 *
1121 * @returns All supported activity states.
1122 * @param uMsrMisc IA32_VMX_MISC MSR value.
1123 */
1124static const char *hmR3VmxGetActivityStateAllDesc(uint64_t uMsrMisc)
1125{
1126 static const char * const s_apszActStates[] =
1127 {
1128 "",
1129 " ( HLT )",
1130 " ( SHUTDOWN )",
1131 " ( HLT SHUTDOWN )",
1132 " ( SIPI_WAIT )",
1133 " ( HLT SIPI_WAIT )",
1134 " ( SHUTDOWN SIPI_WAIT )",
1135 " ( HLT SHUTDOWN SIPI_WAIT )"
1136 };
1137 uint8_t const idxActStates = RT_BF_GET(uMsrMisc, VMX_BF_MISC_ACTIVITY_STATES);
1138 Assert(idxActStates < RT_ELEMENTS(s_apszActStates));
1139 return s_apszActStates[idxActStates];
1140}
1141
1142
1143/**
1144 * Reports MSR_IA32_FEATURE_CONTROL MSR to the log.
1145 *
1146 * @param fFeatMsr The feature control MSR value.
1147 */
1148static void hmR3VmxReportFeatCtlMsr(uint64_t fFeatMsr)
1149{
1150 uint64_t const val = fFeatMsr;
1151 LogRel(("HM: MSR_IA32_FEATURE_CONTROL = %#RX64\n", val));
1152 HMVMX_REPORT_MSR_CAP(val, "LOCK", MSR_IA32_FEATURE_CONTROL_LOCK);
1153 HMVMX_REPORT_MSR_CAP(val, "SMX_VMXON", MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
1154 HMVMX_REPORT_MSR_CAP(val, "VMXON", MSR_IA32_FEATURE_CONTROL_VMXON);
1155 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN0", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_0);
1156 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN1", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_1);
1157 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN2", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_2);
1158 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN3", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_3);
1159 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN4", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_4);
1160 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN5", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_5);
1161 HMVMX_REPORT_MSR_CAP(val, "SENTER_LOCAL_FN6", MSR_IA32_FEATURE_CONTROL_SENTER_LOCAL_FN_6);
1162 HMVMX_REPORT_MSR_CAP(val, "SENTER_GLOBAL_EN", MSR_IA32_FEATURE_CONTROL_SENTER_GLOBAL_EN);
1163 HMVMX_REPORT_MSR_CAP(val, "SGX_LAUNCH_EN", MSR_IA32_FEATURE_CONTROL_SGX_LAUNCH_EN);
1164 HMVMX_REPORT_MSR_CAP(val, "SGX_GLOBAL_EN", MSR_IA32_FEATURE_CONTROL_SGX_GLOBAL_EN);
1165 HMVMX_REPORT_MSR_CAP(val, "LMCE", MSR_IA32_FEATURE_CONTROL_LMCE);
1166 if (!(val & MSR_IA32_FEATURE_CONTROL_LOCK))
1167 LogRel(("HM: MSR_IA32_FEATURE_CONTROL lock bit not set, possibly bad hardware!\n"));
1168}
1169
1170
1171/**
1172 * Reports MSR_IA32_VMX_BASIC MSR to the log.
1173 *
1174 * @param uBasicMsr The VMX basic MSR value.
1175 */
1176static void hmR3VmxReportBasicMsr(uint64_t uBasicMsr)
1177{
1178 LogRel(("HM: MSR_IA32_VMX_BASIC = %#RX64\n", uBasicMsr));
1179 LogRel(("HM: VMCS id = %#x\n", RT_BF_GET(uBasicMsr, VMX_BF_BASIC_VMCS_ID)));
1180 LogRel(("HM: VMCS size = %u bytes\n", RT_BF_GET(uBasicMsr, VMX_BF_BASIC_VMCS_SIZE)));
1181 LogRel(("HM: VMCS physical address limit = %s\n", RT_BF_GET(uBasicMsr, VMX_BF_BASIC_PHYSADDR_WIDTH) ?
1182 "< 4 GB" : "None"));
1183 LogRel(("HM: VMCS memory type = %s\n", hmR3VmxGetMemTypeDesc(uBasicMsr)));
1184 LogRel(("HM: Dual-monitor treatment support = %RTbool\n", RT_BF_GET(uBasicMsr, VMX_BF_BASIC_DUAL_MON)));
1185 LogRel(("HM: OUTS & INS instruction-info = %RTbool\n", RT_BF_GET(uBasicMsr, VMX_BF_BASIC_VMCS_INS_OUTS)));
1186 LogRel(("HM: Supports true-capability MSRs = %RTbool\n", RT_BF_GET(uBasicMsr, VMX_BF_BASIC_TRUE_CTLS)));
1187}
1188
1189
1190/**
1191 * Reports MSR_IA32_PINBASED_CTLS to the log.
1192 *
1193 * @param pVmxMsr Pointer to the VMX MSR.
1194 */
1195static void hmR3VmxReportPinBasedCtlsMsr(PCVMXCTLSMSR pVmxMsr)
1196{
1197 uint64_t const fAllowed1 = pVmxMsr->n.allowed1;
1198 uint64_t const fAllowed0 = pVmxMsr->n.allowed0;
1199 LogRel(("HM: MSR_IA32_VMX_PINBASED_CTLS = %#RX64\n", pVmxMsr->u));
1200 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "EXT_INT_EXIT", VMX_PIN_CTLS_EXT_INT_EXIT);
1201 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "NMI_EXIT", VMX_PIN_CTLS_NMI_EXIT);
1202 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VIRTUAL_NMI", VMX_PIN_CTLS_VIRT_NMI);
1203 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "PREEMPT_TIMER", VMX_PIN_CTLS_PREEMPT_TIMER);
1204 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "POSTED_INT", VMX_PIN_CTLS_POSTED_INT);
1205}
1206
1207
1208/**
1209 * Reports MSR_IA32_VMX_PROCBASED_CTLS MSR to the log.
1210 *
1211 * @param pVmxMsr Pointer to the VMX MSR.
1212 */
1213static void hmR3VmxReportProcBasedCtlsMsr(PCVMXCTLSMSR pVmxMsr)
1214{
1215 uint64_t const fAllowed1 = pVmxMsr->n.allowed1;
1216 uint64_t const fAllowed0 = pVmxMsr->n.allowed0;
1217 LogRel(("HM: MSR_IA32_VMX_PROCBASED_CTLS = %#RX64\n", pVmxMsr->u));
1218 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "INT_WINDOW_EXIT", VMX_PROC_CTLS_INT_WINDOW_EXIT);
1219 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "USE_TSC_OFFSETTING", VMX_PROC_CTLS_USE_TSC_OFFSETTING);
1220 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "HLT_EXIT", VMX_PROC_CTLS_HLT_EXIT);
1221 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "INVLPG_EXIT", VMX_PROC_CTLS_INVLPG_EXIT);
1222 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "MWAIT_EXIT", VMX_PROC_CTLS_MWAIT_EXIT);
1223 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "RDPMC_EXIT", VMX_PROC_CTLS_RDPMC_EXIT);
1224 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "RDTSC_EXIT", VMX_PROC_CTLS_RDTSC_EXIT);
1225 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CR3_LOAD_EXIT", VMX_PROC_CTLS_CR3_LOAD_EXIT);
1226 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CR3_STORE_EXIT", VMX_PROC_CTLS_CR3_STORE_EXIT);
1227 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CR8_LOAD_EXIT", VMX_PROC_CTLS_CR8_LOAD_EXIT);
1228 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CR8_STORE_EXIT", VMX_PROC_CTLS_CR8_STORE_EXIT);
1229 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "USE_TPR_SHADOW", VMX_PROC_CTLS_USE_TPR_SHADOW);
1230 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "NMI_WINDOW_EXIT", VMX_PROC_CTLS_NMI_WINDOW_EXIT);
1231 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "MOV_DR_EXIT", VMX_PROC_CTLS_MOV_DR_EXIT);
1232 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "UNCOND_IO_EXIT", VMX_PROC_CTLS_UNCOND_IO_EXIT);
1233 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "USE_IO_BITMAPS", VMX_PROC_CTLS_USE_IO_BITMAPS);
1234 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "MONITOR_TRAP_FLAG", VMX_PROC_CTLS_MONITOR_TRAP_FLAG);
1235 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "USE_MSR_BITMAPS", VMX_PROC_CTLS_USE_MSR_BITMAPS);
1236 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "MONITOR_EXIT", VMX_PROC_CTLS_MONITOR_EXIT);
1237 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "PAUSE_EXIT", VMX_PROC_CTLS_PAUSE_EXIT);
1238 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "USE_SECONDARY_CTLS", VMX_PROC_CTLS_USE_SECONDARY_CTLS);
1239}
1240
1241
1242/**
1243 * Reports MSR_IA32_VMX_PROCBASED_CTLS2 MSR to the log.
1244 *
1245 * @param pVmxMsr Pointer to the VMX MSR.
1246 */
1247static void hmR3VmxReportProcBasedCtls2Msr(PCVMXCTLSMSR pVmxMsr)
1248{
1249 uint64_t const fAllowed1 = pVmxMsr->n.allowed1;
1250 uint64_t const fAllowed0 = pVmxMsr->n.allowed0;
1251 LogRel(("HM: MSR_IA32_VMX_PROCBASED_CTLS2 = %#RX64\n", pVmxMsr->u));
1252 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VIRT_APIC_ACCESS", VMX_PROC_CTLS2_VIRT_APIC_ACCESS);
1253 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "EPT", VMX_PROC_CTLS2_EPT);
1254 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "DESC_TABLE_EXIT", VMX_PROC_CTLS2_DESC_TABLE_EXIT);
1255 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "RDTSCP", VMX_PROC_CTLS2_RDTSCP);
1256 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VIRT_X2APIC_MODE", VMX_PROC_CTLS2_VIRT_X2APIC_MODE);
1257 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VPID", VMX_PROC_CTLS2_VPID);
1258 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "WBINVD_EXIT", VMX_PROC_CTLS2_WBINVD_EXIT);
1259 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "UNRESTRICTED_GUEST", VMX_PROC_CTLS2_UNRESTRICTED_GUEST);
1260 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "APIC_REG_VIRT", VMX_PROC_CTLS2_APIC_REG_VIRT);
1261 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VIRT_INT_DELIVERY", VMX_PROC_CTLS2_VIRT_INT_DELIVERY);
1262 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "PAUSE_LOOP_EXIT", VMX_PROC_CTLS2_PAUSE_LOOP_EXIT);
1263 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "RDRAND_EXIT", VMX_PROC_CTLS2_RDRAND_EXIT);
1264 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "INVPCID", VMX_PROC_CTLS2_INVPCID);
1265 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VMFUNC", VMX_PROC_CTLS2_VMFUNC);
1266 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "VMCS_SHADOWING", VMX_PROC_CTLS2_VMCS_SHADOWING);
1267 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "ENCLS_EXIT", VMX_PROC_CTLS2_ENCLS_EXIT);
1268 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "RDSEED_EXIT", VMX_PROC_CTLS2_RDSEED_EXIT);
1269 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "PML", VMX_PROC_CTLS2_PML);
1270 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "EPT_VE", VMX_PROC_CTLS2_EPT_VE);
1271 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CONCEAL_VMX_FROM_PT", VMX_PROC_CTLS2_CONCEAL_VMX_FROM_PT);
1272 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "XSAVES_XRSTORS", VMX_PROC_CTLS2_XSAVES_XRSTORS);
1273 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "MODE_BASED_EPT_PERM", VMX_PROC_CTLS2_MODE_BASED_EPT_PERM);
1274 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "SPPTP_EPT", VMX_PROC_CTLS2_SPPTP_EPT);
1275 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "PT_EPT", VMX_PROC_CTLS2_PT_EPT);
1276 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "TSC_SCALING", VMX_PROC_CTLS2_TSC_SCALING);
1277 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "USER_WAIT_PAUSE", VMX_PROC_CTLS2_USER_WAIT_PAUSE);
1278 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "ENCLV_EXIT", VMX_PROC_CTLS2_ENCLV_EXIT);
1279}
1280
1281
1282/**
1283 * Reports MSR_IA32_VMX_ENTRY_CTLS to the log.
1284 *
1285 * @param pVmxMsr Pointer to the VMX MSR.
1286 */
1287static void hmR3VmxReportEntryCtlsMsr(PCVMXCTLSMSR pVmxMsr)
1288{
1289 uint64_t const fAllowed1 = pVmxMsr->n.allowed1;
1290 uint64_t const fAllowed0 = pVmxMsr->n.allowed0;
1291 LogRel(("HM: MSR_IA32_VMX_ENTRY_CTLS = %#RX64\n", pVmxMsr->u));
1292 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_DEBUG", VMX_ENTRY_CTLS_LOAD_DEBUG);
1293 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "IA32E_MODE_GUEST", VMX_ENTRY_CTLS_IA32E_MODE_GUEST);
1294 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "ENTRY_TO_SMM", VMX_ENTRY_CTLS_ENTRY_TO_SMM);
1295 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "DEACTIVATE_DUAL_MON", VMX_ENTRY_CTLS_DEACTIVATE_DUAL_MON);
1296 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_PERF_MSR", VMX_ENTRY_CTLS_LOAD_PERF_MSR);
1297 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_PAT_MSR", VMX_ENTRY_CTLS_LOAD_PAT_MSR);
1298 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_EFER_MSR", VMX_ENTRY_CTLS_LOAD_EFER_MSR);
1299 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_BNDCFGS_MSR", VMX_ENTRY_CTLS_LOAD_BNDCFGS_MSR);
1300 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CONCEAL_VMX_FROM_PT", VMX_ENTRY_CTLS_CONCEAL_VMX_FROM_PT);
1301 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_RTIT_CTL_MSR", VMX_ENTRY_CTLS_LOAD_RTIT_CTL_MSR);
1302}
1303
1304
1305/**
1306 * Reports MSR_IA32_VMX_EXIT_CTLS to the log.
1307 *
1308 * @param pVmxMsr Pointer to the VMX MSR.
1309 */
1310static void hmR3VmxReportExitCtlsMsr(PCVMXCTLSMSR pVmxMsr)
1311{
1312 uint64_t const fAllowed1 = pVmxMsr->n.allowed1;
1313 uint64_t const fAllowed0 = pVmxMsr->n.allowed0;
1314 LogRel(("HM: MSR_IA32_VMX_EXIT_CTLS = %#RX64\n", pVmxMsr->u));
1315 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "SAVE_DEBUG", VMX_EXIT_CTLS_SAVE_DEBUG);
1316 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "HOST_ADDR_SPACE_SIZE", VMX_EXIT_CTLS_HOST_ADDR_SPACE_SIZE);
1317 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_PERF_MSR", VMX_EXIT_CTLS_LOAD_PERF_MSR);
1318 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "ACK_EXT_INT", VMX_EXIT_CTLS_ACK_EXT_INT);
1319 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "SAVE_PAT_MSR", VMX_EXIT_CTLS_SAVE_PAT_MSR);
1320 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_PAT_MSR", VMX_EXIT_CTLS_LOAD_PAT_MSR);
1321 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "SAVE_EFER_MSR", VMX_EXIT_CTLS_SAVE_EFER_MSR);
1322 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "LOAD_EFER_MSR", VMX_EXIT_CTLS_LOAD_EFER_MSR);
1323 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "SAVE_PREEMPT_TIMER", VMX_EXIT_CTLS_SAVE_PREEMPT_TIMER);
1324 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CLEAR_BNDCFGS_MSR", VMX_EXIT_CTLS_CLEAR_BNDCFGS_MSR);
1325 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CONCEAL_VMX_FROM_PT", VMX_EXIT_CTLS_CONCEAL_VMX_FROM_PT);
1326 HMVMX_REPORT_FEAT(fAllowed1, fAllowed0, "CLEAR_RTIT_CTL_MSR", VMX_EXIT_CTLS_CLEAR_RTIT_CTL_MSR);
1327}
1328
1329
1330/**
1331 * Reports MSR_IA32_VMX_EPT_VPID_CAP MSR to the log.
1332 *
1333 * @param fCaps The VMX EPT/VPID capability MSR value.
1334 */
1335static void hmR3VmxReportEptVpidCapsMsr(uint64_t fCaps)
1336{
1337 LogRel(("HM: MSR_IA32_VMX_EPT_VPID_CAP = %#RX64\n", fCaps));
1338 HMVMX_REPORT_MSR_CAP(fCaps, "RWX_X_ONLY", MSR_IA32_VMX_EPT_VPID_CAP_RWX_X_ONLY);
1339 HMVMX_REPORT_MSR_CAP(fCaps, "PAGE_WALK_LENGTH_4", MSR_IA32_VMX_EPT_VPID_CAP_PAGE_WALK_LENGTH_4);
1340 HMVMX_REPORT_MSR_CAP(fCaps, "PAGE_WALK_LENGTH_5", MSR_IA32_VMX_EPT_VPID_CAP_PAGE_WALK_LENGTH_5);
1341 HMVMX_REPORT_MSR_CAP(fCaps, "EMT_UC", MSR_IA32_VMX_EPT_VPID_CAP_EMT_UC);
1342 HMVMX_REPORT_MSR_CAP(fCaps, "EMT_WB", MSR_IA32_VMX_EPT_VPID_CAP_EMT_WB);
1343 HMVMX_REPORT_MSR_CAP(fCaps, "PDE_2M", MSR_IA32_VMX_EPT_VPID_CAP_PDE_2M);
1344 HMVMX_REPORT_MSR_CAP(fCaps, "PDPTE_1G", MSR_IA32_VMX_EPT_VPID_CAP_PDPTE_1G);
1345 HMVMX_REPORT_MSR_CAP(fCaps, "INVEPT", MSR_IA32_VMX_EPT_VPID_CAP_INVEPT);
1346 HMVMX_REPORT_MSR_CAP(fCaps, "EPT_ACCESS_DIRTY", MSR_IA32_VMX_EPT_VPID_CAP_EPT_ACCESS_DIRTY);
1347 HMVMX_REPORT_MSR_CAP(fCaps, "INVEPT_SINGLE_CONTEXT", MSR_IA32_VMX_EPT_VPID_CAP_INVEPT_SINGLE_CONTEXT);
1348 HMVMX_REPORT_MSR_CAP(fCaps, "INVEPT_ALL_CONTEXTS", MSR_IA32_VMX_EPT_VPID_CAP_INVEPT_ALL_CONTEXTS);
1349 HMVMX_REPORT_MSR_CAP(fCaps, "INVVPID", MSR_IA32_VMX_EPT_VPID_CAP_INVVPID);
1350 HMVMX_REPORT_MSR_CAP(fCaps, "INVVPID_INDIV_ADDR", MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_INDIV_ADDR);
1351 HMVMX_REPORT_MSR_CAP(fCaps, "INVVPID_SINGLE_CONTEXT", MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_SINGLE_CONTEXT);
1352 HMVMX_REPORT_MSR_CAP(fCaps, "INVVPID_ALL_CONTEXTS", MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_ALL_CONTEXTS);
1353 HMVMX_REPORT_MSR_CAP(fCaps, "INVVPID_SINGLE_CONTEXT_RETAIN_GLOBALS", MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_SINGLE_CONTEXT_RETAIN_GLOBALS);
1354}
1355
1356
1357/**
1358 * Reports MSR_IA32_VMX_MISC MSR to the log.
1359 *
1360 * @param pVM Pointer to the VM.
1361 * @param fMisc The VMX misc. MSR value.
1362 */
1363static void hmR3VmxReportMiscMsr(PVM pVM, uint64_t fMisc)
1364{
1365 LogRel(("HM: MSR_IA32_VMX_MISC = %#RX64\n", fMisc));
1366 uint8_t const cPreemptTimerShift = RT_BF_GET(fMisc, VMX_BF_MISC_PREEMPT_TIMER_TSC);
1367 if (cPreemptTimerShift == pVM->hm.s.vmx.cPreemptTimerShift)
1368 LogRel(("HM: PREEMPT_TIMER_TSC = %#x\n", cPreemptTimerShift));
1369 else
1370 {
1371 LogRel(("HM: PREEMPT_TIMER_TSC = %#x - erratum detected, using %#x instead\n", cPreemptTimerShift,
1372 pVM->hm.s.vmx.cPreemptTimerShift));
1373 }
1374 LogRel(("HM: EXIT_SAVE_EFER_LMA = %RTbool\n", RT_BF_GET(fMisc, VMX_BF_MISC_EXIT_SAVE_EFER_LMA)));
1375 LogRel(("HM: ACTIVITY_STATES = %#x%s\n", RT_BF_GET(fMisc, VMX_BF_MISC_ACTIVITY_STATES),
1376 hmR3VmxGetActivityStateAllDesc(fMisc)));
1377 LogRel(("HM: INTEL_PT = %RTbool\n", RT_BF_GET(fMisc, VMX_BF_MISC_INTEL_PT)));
1378 LogRel(("HM: SMM_READ_SMBASE_MSR = %RTbool\n", RT_BF_GET(fMisc, VMX_BF_MISC_SMM_READ_SMBASE_MSR)));
1379 LogRel(("HM: CR3_TARGET = %#x\n", RT_BF_GET(fMisc, VMX_BF_MISC_CR3_TARGET)));
1380 LogRel(("HM: MAX_MSR = %#x ( %u )\n", RT_BF_GET(fMisc, VMX_BF_MISC_MAX_MSRS),
1381 VMX_MISC_MAX_MSRS(fMisc)));
1382 LogRel(("HM: VMXOFF_BLOCK_SMI = %RTbool\n", RT_BF_GET(fMisc, VMX_BF_MISC_VMXOFF_BLOCK_SMI)));
1383 LogRel(("HM: VMWRITE_ALL = %RTbool\n", RT_BF_GET(fMisc, VMX_BF_MISC_VMWRITE_ALL)));
1384 LogRel(("HM: ENTRY_INJECT_SOFT_INT = %#x\n", RT_BF_GET(fMisc, VMX_BF_MISC_ENTRY_INJECT_SOFT_INT)));
1385 LogRel(("HM: MSEG_ID = %#x\n", RT_BF_GET(fMisc, VMX_BF_MISC_MSEG_ID)));
1386}
1387
1388
1389/**
1390 * Reports MSR_IA32_VMX_VMCS_ENUM MSR to the log.
1391 *
1392 * @param uVmcsEnum The VMX VMCS enum MSR value.
1393 */
1394static void hmR3VmxReportVmcsEnumMsr(uint64_t uVmcsEnum)
1395{
1396 LogRel(("HM: MSR_IA32_VMX_VMCS_ENUM = %#RX64\n", uVmcsEnum));
1397 LogRel(("HM: HIGHEST_IDX = %#x\n", RT_BF_GET(uVmcsEnum, VMX_BF_VMCS_ENUM_HIGHEST_IDX)));
1398}
1399
1400
1401/**
1402 * Reports MSR_IA32_VMX_VMFUNC MSR to the log.
1403 *
1404 * @param uVmFunc The VMX VMFUNC MSR value.
1405 */
1406static void hmR3VmxReportVmFuncMsr(uint64_t uVmFunc)
1407{
1408 LogRel(("HM: MSR_IA32_VMX_VMFUNC = %#RX64\n", uVmFunc));
1409 HMVMX_REPORT_ALLOWED_FEAT(uVmFunc, "EPTP_SWITCHING", RT_BF_GET(uVmFunc, VMX_BF_VMFUNC_EPTP_SWITCHING));
1410}
1411
1412
1413/**
1414 * Reports VMX CR0, CR4 fixed MSRs.
1415 *
1416 * @param pMsrs Pointer to the VMX MSRs.
1417 */
1418static void hmR3VmxReportCrFixedMsrs(PVMXMSRS pMsrs)
1419{
1420 LogRel(("HM: MSR_IA32_VMX_CR0_FIXED0 = %#RX64\n", pMsrs->u64Cr0Fixed0));
1421 LogRel(("HM: MSR_IA32_VMX_CR0_FIXED1 = %#RX64\n", pMsrs->u64Cr0Fixed1));
1422 LogRel(("HM: MSR_IA32_VMX_CR4_FIXED0 = %#RX64\n", pMsrs->u64Cr4Fixed0));
1423 LogRel(("HM: MSR_IA32_VMX_CR4_FIXED1 = %#RX64\n", pMsrs->u64Cr4Fixed1));
1424}
1425
1426
1427/**
1428 * Finish VT-x initialization (after ring-0 init).
1429 *
1430 * @returns VBox status code.
1431 * @param pVM The cross context VM structure.
1432 */
1433static int hmR3InitFinalizeR0Intel(PVM pVM)
1434{
1435 int rc;
1436
1437 LogFunc(("pVM->hm.s.vmx.fSupported = %d\n", pVM->hm.s.vmx.fSupported));
1438 AssertLogRelReturn(pVM->hm.s.vmx.Msrs.u64FeatCtrl != 0, VERR_HM_IPE_4);
1439
1440 LogRel(("HM: Using VT-x implementation 3.0\n"));
1441 LogRel(("HM: Max resume loops = %u\n", pVM->hm.s.cMaxResumeLoops));
1442 LogRel(("HM: Host CR4 = %#RX64\n", pVM->hm.s.vmx.u64HostCr4));
1443 LogRel(("HM: Host EFER = %#RX64\n", pVM->hm.s.vmx.u64HostMsrEfer));
1444 LogRel(("HM: MSR_IA32_SMM_MONITOR_CTL = %#RX64\n", pVM->hm.s.vmx.u64HostSmmMonitorCtl));
1445
1446 hmR3VmxReportFeatCtlMsr(pVM->hm.s.vmx.Msrs.u64FeatCtrl);
1447 hmR3VmxReportBasicMsr(pVM->hm.s.vmx.Msrs.u64Basic);
1448
1449 hmR3VmxReportPinBasedCtlsMsr(&pVM->hm.s.vmx.Msrs.PinCtls);
1450 hmR3VmxReportProcBasedCtlsMsr(&pVM->hm.s.vmx.Msrs.ProcCtls);
1451 if (pVM->hm.s.vmx.Msrs.ProcCtls.n.allowed1 & VMX_PROC_CTLS_USE_SECONDARY_CTLS)
1452 hmR3VmxReportProcBasedCtls2Msr(&pVM->hm.s.vmx.Msrs.ProcCtls2);
1453
1454 hmR3VmxReportEntryCtlsMsr(&pVM->hm.s.vmx.Msrs.EntryCtls);
1455 hmR3VmxReportExitCtlsMsr(&pVM->hm.s.vmx.Msrs.ExitCtls);
1456
1457 if (RT_BF_GET(pVM->hm.s.vmx.Msrs.u64Basic, VMX_BF_BASIC_TRUE_CTLS))
1458 {
1459 /* We don't extensively dump the true capability MSRs as we don't use them, see @bugref{9180#c5}. */
1460 LogRel(("HM: MSR_IA32_VMX_TRUE_PINBASED_CTLS = %#RX64\n", pVM->hm.s.vmx.Msrs.TruePinCtls));
1461 LogRel(("HM: MSR_IA32_VMX_TRUE_PROCBASED_CTLS = %#RX64\n", pVM->hm.s.vmx.Msrs.TrueProcCtls));
1462 LogRel(("HM: MSR_IA32_VMX_TRUE_ENTRY_CTLS = %#RX64\n", pVM->hm.s.vmx.Msrs.TrueEntryCtls));
1463 LogRel(("HM: MSR_IA32_VMX_TRUE_EXIT_CTLS = %#RX64\n", pVM->hm.s.vmx.Msrs.TrueExitCtls));
1464 }
1465
1466 hmR3VmxReportMiscMsr(pVM, pVM->hm.s.vmx.Msrs.u64Misc);
1467 hmR3VmxReportVmcsEnumMsr(pVM->hm.s.vmx.Msrs.u64VmcsEnum);
1468 if (pVM->hm.s.vmx.Msrs.u64EptVpidCaps)
1469 hmR3VmxReportEptVpidCapsMsr(pVM->hm.s.vmx.Msrs.u64EptVpidCaps);
1470 if (pVM->hm.s.vmx.Msrs.u64VmFunc)
1471 hmR3VmxReportVmFuncMsr(pVM->hm.s.vmx.Msrs.u64VmFunc);
1472 hmR3VmxReportCrFixedMsrs(&pVM->hm.s.vmx.Msrs);
1473
1474 LogRel(("HM: APIC-access page physaddr = %#RHp\n", pVM->hm.s.vmx.HCPhysApicAccess));
1475 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1476 {
1477 PCVMXVMCSINFO pVmcsInfo = &pVM->apCpusR3[idCpu]->hm.s.vmx.VmcsInfo;
1478 LogRel(("HM: VCPU%3d: MSR bitmap physaddr = %#RHp\n", idCpu, pVmcsInfo->HCPhysMsrBitmap));
1479 LogRel(("HM: VCPU%3d: VMCS physaddr = %#RHp\n", idCpu, pVmcsInfo->HCPhysVmcs));
1480 }
1481#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
1482 if (pVM->cpum.ro.GuestFeatures.fVmx)
1483 {
1484 LogRel(("HM: Nested-guest:\n"));
1485 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1486 {
1487 PCVMXVMCSINFO pVmcsInfoNstGst = &pVM->apCpusR3[idCpu]->hm.s.vmx.VmcsInfoNstGst;
1488 LogRel(("HM: VCPU%3d: MSR bitmap physaddr = %#RHp\n", idCpu, pVmcsInfoNstGst->HCPhysMsrBitmap));
1489 LogRel(("HM: VCPU%3d: VMCS physaddr = %#RHp\n", idCpu, pVmcsInfoNstGst->HCPhysVmcs));
1490 }
1491 }
1492#endif
1493
1494 /*
1495 * EPT and unrestricted guest execution are determined in HMR3Init, verify the sanity of that.
1496 */
1497 AssertLogRelReturn( !pVM->hm.s.fNestedPaging
1498 || (pVM->hm.s.vmx.Msrs.ProcCtls2.n.allowed1 & VMX_PROC_CTLS2_EPT),
1499 VERR_HM_IPE_1);
1500 AssertLogRelReturn( !pVM->hm.s.vmx.fUnrestrictedGuest
1501 || ( (pVM->hm.s.vmx.Msrs.ProcCtls2.n.allowed1 & VMX_PROC_CTLS2_UNRESTRICTED_GUEST)
1502 && pVM->hm.s.fNestedPaging),
1503 VERR_HM_IPE_1);
1504
1505 /*
1506 * Disallow RDTSCP in the guest if there is no secondary process-based VM execution controls as otherwise
1507 * RDTSCP would cause a #UD. There might be no CPUs out there where this happens, as RDTSCP was introduced
1508 * in Nehalems and secondary VM exec. controls should be supported in all of them, but nonetheless it's Intel...
1509 */
1510 if ( !(pVM->hm.s.vmx.Msrs.ProcCtls.n.allowed1 & VMX_PROC_CTLS_USE_SECONDARY_CTLS)
1511 && CPUMR3GetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_RDTSCP))
1512 {
1513 CPUMR3ClearGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_RDTSCP);
1514 LogRel(("HM: Disabled RDTSCP\n"));
1515 }
1516
1517 if (!pVM->hm.s.vmx.fUnrestrictedGuest)
1518 {
1519 /* Allocate three pages for the TSS we need for real mode emulation. (2 pages for the IO bitmap) */
1520 rc = PDMR3VmmDevHeapAlloc(pVM, HM_VTX_TOTAL_DEVHEAP_MEM, hmR3VmmDevHeapNotify, (RTR3PTR *)&pVM->hm.s.vmx.pRealModeTSS);
1521 if (RT_SUCCESS(rc))
1522 {
1523 /* The IO bitmap starts right after the virtual interrupt redirection bitmap.
1524 Refer Intel spec. 20.3.3 "Software Interrupt Handling in Virtual-8086 mode"
1525 esp. Figure 20-5.*/
1526 ASMMemZero32(pVM->hm.s.vmx.pRealModeTSS, sizeof(*pVM->hm.s.vmx.pRealModeTSS));
1527 pVM->hm.s.vmx.pRealModeTSS->offIoBitmap = sizeof(*pVM->hm.s.vmx.pRealModeTSS);
1528
1529 /* Bit set to 0 means software interrupts are redirected to the
1530 8086 program interrupt handler rather than switching to
1531 protected-mode handler. */
1532 memset(pVM->hm.s.vmx.pRealModeTSS->IntRedirBitmap, 0, sizeof(pVM->hm.s.vmx.pRealModeTSS->IntRedirBitmap));
1533
1534 /* Allow all port IO, so that port IO instructions do not cause
1535 exceptions and would instead cause a VM-exit (based on VT-x's
1536 IO bitmap which we currently configure to always cause an exit). */
1537 memset(pVM->hm.s.vmx.pRealModeTSS + 1, 0, PAGE_SIZE * 2);
1538 *((unsigned char *)pVM->hm.s.vmx.pRealModeTSS + HM_VTX_TSS_SIZE - 2) = 0xff;
1539
1540 /*
1541 * Construct a 1024 element page directory with 4 MB pages for the identity mapped
1542 * page table used in real and protected mode without paging with EPT.
1543 */
1544 pVM->hm.s.vmx.pNonPagingModeEPTPageTable = (PX86PD)((char *)pVM->hm.s.vmx.pRealModeTSS + PAGE_SIZE * 3);
1545 for (uint32_t i = 0; i < X86_PG_ENTRIES; i++)
1546 {
1547 pVM->hm.s.vmx.pNonPagingModeEPTPageTable->a[i].u = _4M * i;
1548 pVM->hm.s.vmx.pNonPagingModeEPTPageTable->a[i].u |= X86_PDE4M_P | X86_PDE4M_RW | X86_PDE4M_US
1549 | X86_PDE4M_A | X86_PDE4M_D | X86_PDE4M_PS
1550 | X86_PDE4M_G;
1551 }
1552
1553 /* We convert it here every time as PCI regions could be reconfigured. */
1554 if (PDMVmmDevHeapIsEnabled(pVM))
1555 {
1556 RTGCPHYS GCPhys;
1557 rc = PDMVmmDevHeapR3ToGCPhys(pVM, pVM->hm.s.vmx.pRealModeTSS, &GCPhys);
1558 AssertRCReturn(rc, rc);
1559 LogRel(("HM: Real Mode TSS guest physaddr = %#RGp\n", GCPhys));
1560
1561 rc = PDMVmmDevHeapR3ToGCPhys(pVM, pVM->hm.s.vmx.pNonPagingModeEPTPageTable, &GCPhys);
1562 AssertRCReturn(rc, rc);
1563 LogRel(("HM: Non-Paging Mode EPT CR3 = %#RGp\n", GCPhys));
1564 }
1565 }
1566 else
1567 {
1568 LogRel(("HM: No real mode VT-x support (PDMR3VMMDevHeapAlloc returned %Rrc)\n", rc));
1569 pVM->hm.s.vmx.pRealModeTSS = NULL;
1570 pVM->hm.s.vmx.pNonPagingModeEPTPageTable = NULL;
1571 return VMSetError(pVM, rc, RT_SRC_POS,
1572 "HM failure: No real mode VT-x support (PDMR3VMMDevHeapAlloc returned %Rrc)", rc);
1573 }
1574 }
1575
1576 LogRel((pVM->hm.s.fAllow64BitGuests ? "HM: Guest support: 32-bit and 64-bit\n"
1577 : "HM: Guest support: 32-bit only\n"));
1578
1579 /*
1580 * Call ring-0 to set up the VM.
1581 */
1582 rc = SUPR3CallVMMR0Ex(VMCC_GET_VMR0_FOR_CALL(pVM), 0 /* idCpu */, VMMR0_DO_HM_SETUP_VM, 0 /* u64Arg */, NULL /* pReqHdr */);
1583 if (rc != VINF_SUCCESS)
1584 {
1585 LogRel(("HM: VMX setup failed with rc=%Rrc!\n", rc));
1586 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1587 {
1588 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
1589 LogRel(("HM: CPU[%u] Last instruction error %#x\n", idCpu, pVCpu->hm.s.vmx.LastError.u32InstrError));
1590 LogRel(("HM: CPU[%u] HM error %#x (%u)\n", idCpu, pVCpu->hm.s.u32HMError, pVCpu->hm.s.u32HMError));
1591 }
1592 HMR3CheckError(pVM, rc);
1593 return VMSetError(pVM, rc, RT_SRC_POS, "VT-x setup failed: %Rrc", rc);
1594 }
1595
1596 LogRel(("HM: Supports VMCS EFER fields = %RTbool\n", pVM->hm.s.vmx.fSupportsVmcsEfer));
1597 LogRel(("HM: Enabled VMX\n"));
1598 pVM->hm.s.vmx.fEnabled = true;
1599
1600 hmR3DisableRawMode(pVM); /** @todo make this go away! */
1601
1602 /*
1603 * Change the CPU features.
1604 */
1605 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_SEP);
1606 if (pVM->hm.s.fAllow64BitGuests)
1607 {
1608 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_PAE);
1609 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_LONG_MODE);
1610 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_SYSCALL); /* 64 bits only on Intel CPUs */
1611 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_LAHF);
1612 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_NX);
1613 }
1614 /* Turn on NXE if PAE has been enabled *and* the host has turned on NXE
1615 (we reuse the host EFER in the switcher). */
1616 /** @todo this needs to be fixed properly!! */
1617 else if (CPUMR3GetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_PAE))
1618 {
1619 if (pVM->hm.s.vmx.u64HostMsrEfer & MSR_K6_EFER_NXE)
1620 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_NX);
1621 else
1622 LogRel(("HM: NX not enabled on the host, unavailable to PAE guest\n"));
1623 }
1624
1625 /*
1626 * Log configuration details.
1627 */
1628 if (pVM->hm.s.fNestedPaging)
1629 {
1630 LogRel(("HM: Enabled nested paging\n"));
1631 if (pVM->hm.s.vmx.enmTlbFlushEpt == VMXTLBFLUSHEPT_SINGLE_CONTEXT)
1632 LogRel(("HM: EPT flush type = Single context\n"));
1633 else if (pVM->hm.s.vmx.enmTlbFlushEpt == VMXTLBFLUSHEPT_ALL_CONTEXTS)
1634 LogRel(("HM: EPT flush type = All contexts\n"));
1635 else if (pVM->hm.s.vmx.enmTlbFlushEpt == VMXTLBFLUSHEPT_NOT_SUPPORTED)
1636 LogRel(("HM: EPT flush type = Not supported\n"));
1637 else
1638 LogRel(("HM: EPT flush type = %#x\n", pVM->hm.s.vmx.enmTlbFlushEpt));
1639
1640 if (pVM->hm.s.vmx.fUnrestrictedGuest)
1641 LogRel(("HM: Enabled unrestricted guest execution\n"));
1642
1643 if (pVM->hm.s.fLargePages)
1644 {
1645 /* Use large (2 MB) pages for our EPT PDEs where possible. */
1646 PGMSetLargePageUsage(pVM, true);
1647 LogRel(("HM: Enabled large page support\n"));
1648 }
1649 }
1650 else
1651 Assert(!pVM->hm.s.vmx.fUnrestrictedGuest);
1652
1653 if (pVM->hm.s.vmx.fVpid)
1654 {
1655 LogRel(("HM: Enabled VPID\n"));
1656 if (pVM->hm.s.vmx.enmTlbFlushVpid == VMXTLBFLUSHVPID_INDIV_ADDR)
1657 LogRel(("HM: VPID flush type = Individual addresses\n"));
1658 else if (pVM->hm.s.vmx.enmTlbFlushVpid == VMXTLBFLUSHVPID_SINGLE_CONTEXT)
1659 LogRel(("HM: VPID flush type = Single context\n"));
1660 else if (pVM->hm.s.vmx.enmTlbFlushVpid == VMXTLBFLUSHVPID_ALL_CONTEXTS)
1661 LogRel(("HM: VPID flush type = All contexts\n"));
1662 else if (pVM->hm.s.vmx.enmTlbFlushVpid == VMXTLBFLUSHVPID_SINGLE_CONTEXT_RETAIN_GLOBALS)
1663 LogRel(("HM: VPID flush type = Single context retain globals\n"));
1664 else
1665 LogRel(("HM: VPID flush type = %#x\n", pVM->hm.s.vmx.enmTlbFlushVpid));
1666 }
1667 else if (pVM->hm.s.vmx.enmTlbFlushVpid == VMXTLBFLUSHVPID_NOT_SUPPORTED)
1668 LogRel(("HM: Ignoring VPID capabilities of CPU\n"));
1669
1670 if (pVM->hm.s.vmx.fUsePreemptTimer)
1671 LogRel(("HM: Enabled VMX-preemption timer (cPreemptTimerShift=%u)\n", pVM->hm.s.vmx.cPreemptTimerShift));
1672 else
1673 LogRel(("HM: Disabled VMX-preemption timer\n"));
1674
1675 if (pVM->hm.s.fVirtApicRegs)
1676 LogRel(("HM: Enabled APIC-register virtualization support\n"));
1677
1678 if (pVM->hm.s.fPostedIntrs)
1679 LogRel(("HM: Enabled posted-interrupt processing support\n"));
1680
1681 if (pVM->hm.s.vmx.fUseVmcsShadowing)
1682 {
1683 bool const fFullVmcsShadow = RT_BOOL(pVM->hm.s.vmx.Msrs.u64Misc & VMX_MISC_VMWRITE_ALL);
1684 LogRel(("HM: Enabled %s VMCS shadowing\n", fFullVmcsShadow ? "full" : "partial"));
1685 }
1686
1687 return VINF_SUCCESS;
1688}
1689
1690
1691/**
1692 * Finish AMD-V initialization (after ring-0 init).
1693 *
1694 * @returns VBox status code.
1695 * @param pVM The cross context VM structure.
1696 */
1697static int hmR3InitFinalizeR0Amd(PVM pVM)
1698{
1699 LogFunc(("pVM->hm.s.svm.fSupported = %d\n", pVM->hm.s.svm.fSupported));
1700
1701 LogRel(("HM: Using AMD-V implementation 2.0\n"));
1702
1703 uint32_t u32Family;
1704 uint32_t u32Model;
1705 uint32_t u32Stepping;
1706 if (HMIsSubjectToSvmErratum170(&u32Family, &u32Model, &u32Stepping))
1707 LogRel(("HM: AMD Cpu with erratum 170 family %#x model %#x stepping %#x\n", u32Family, u32Model, u32Stepping));
1708 LogRel(("HM: Max resume loops = %u\n", pVM->hm.s.cMaxResumeLoops));
1709 LogRel(("HM: AMD HWCR MSR = %#RX64\n", pVM->hm.s.svm.u64MsrHwcr));
1710 LogRel(("HM: AMD-V revision = %#x\n", pVM->hm.s.svm.u32Rev));
1711 LogRel(("HM: AMD-V max ASID = %RU32\n", pVM->hm.s.uMaxAsid));
1712 LogRel(("HM: AMD-V features = %#x\n", pVM->hm.s.svm.u32Features));
1713
1714 /*
1715 * Enumerate AMD-V features.
1716 */
1717 static const struct { uint32_t fFlag; const char *pszName; } s_aSvmFeatures[] =
1718 {
1719#define HMSVM_REPORT_FEATURE(a_StrDesc, a_Define) { a_Define, a_StrDesc }
1720 HMSVM_REPORT_FEATURE("NESTED_PAGING", X86_CPUID_SVM_FEATURE_EDX_NESTED_PAGING),
1721 HMSVM_REPORT_FEATURE("LBR_VIRT", X86_CPUID_SVM_FEATURE_EDX_LBR_VIRT),
1722 HMSVM_REPORT_FEATURE("SVM_LOCK", X86_CPUID_SVM_FEATURE_EDX_SVM_LOCK),
1723 HMSVM_REPORT_FEATURE("NRIP_SAVE", X86_CPUID_SVM_FEATURE_EDX_NRIP_SAVE),
1724 HMSVM_REPORT_FEATURE("TSC_RATE_MSR", X86_CPUID_SVM_FEATURE_EDX_TSC_RATE_MSR),
1725 HMSVM_REPORT_FEATURE("VMCB_CLEAN", X86_CPUID_SVM_FEATURE_EDX_VMCB_CLEAN),
1726 HMSVM_REPORT_FEATURE("FLUSH_BY_ASID", X86_CPUID_SVM_FEATURE_EDX_FLUSH_BY_ASID),
1727 HMSVM_REPORT_FEATURE("DECODE_ASSISTS", X86_CPUID_SVM_FEATURE_EDX_DECODE_ASSISTS),
1728 HMSVM_REPORT_FEATURE("PAUSE_FILTER", X86_CPUID_SVM_FEATURE_EDX_PAUSE_FILTER),
1729 HMSVM_REPORT_FEATURE("PAUSE_FILTER_THRESHOLD", X86_CPUID_SVM_FEATURE_EDX_PAUSE_FILTER_THRESHOLD),
1730 HMSVM_REPORT_FEATURE("AVIC", X86_CPUID_SVM_FEATURE_EDX_AVIC),
1731 HMSVM_REPORT_FEATURE("VIRT_VMSAVE_VMLOAD", X86_CPUID_SVM_FEATURE_EDX_VIRT_VMSAVE_VMLOAD),
1732 HMSVM_REPORT_FEATURE("VGIF", X86_CPUID_SVM_FEATURE_EDX_VGIF),
1733 HMSVM_REPORT_FEATURE("GMET", X86_CPUID_SVM_FEATURE_EDX_GMET),
1734#undef HMSVM_REPORT_FEATURE
1735 };
1736
1737 uint32_t fSvmFeatures = pVM->hm.s.svm.u32Features;
1738 for (unsigned i = 0; i < RT_ELEMENTS(s_aSvmFeatures); i++)
1739 if (fSvmFeatures & s_aSvmFeatures[i].fFlag)
1740 {
1741 LogRel(("HM: %s\n", s_aSvmFeatures[i].pszName));
1742 fSvmFeatures &= ~s_aSvmFeatures[i].fFlag;
1743 }
1744 if (fSvmFeatures)
1745 for (unsigned iBit = 0; iBit < 32; iBit++)
1746 if (RT_BIT_32(iBit) & fSvmFeatures)
1747 LogRel(("HM: Reserved bit %u\n", iBit));
1748
1749 /*
1750 * Nested paging is determined in HMR3Init, verify the sanity of that.
1751 */
1752 AssertLogRelReturn( !pVM->hm.s.fNestedPaging
1753 || (pVM->hm.s.svm.u32Features & X86_CPUID_SVM_FEATURE_EDX_NESTED_PAGING),
1754 VERR_HM_IPE_1);
1755
1756#if 0
1757 /** @todo Add and query IPRT API for host OS support for posted-interrupt IPI
1758 * here. */
1759 if (RTR0IsPostIpiSupport())
1760 pVM->hm.s.fPostedIntrs = true;
1761#endif
1762
1763 /*
1764 * Call ring-0 to set up the VM.
1765 */
1766 int rc = SUPR3CallVMMR0Ex(VMCC_GET_VMR0_FOR_CALL(pVM), 0 /*idCpu*/, VMMR0_DO_HM_SETUP_VM, 0, NULL);
1767 if (rc != VINF_SUCCESS)
1768 {
1769 AssertMsgFailed(("%Rrc\n", rc));
1770 LogRel(("HM: AMD-V setup failed with rc=%Rrc!\n", rc));
1771 return VMSetError(pVM, rc, RT_SRC_POS, "AMD-V setup failed: %Rrc", rc);
1772 }
1773
1774 LogRel(("HM: Enabled SVM\n"));
1775 pVM->hm.s.svm.fEnabled = true;
1776
1777 if (pVM->hm.s.fNestedPaging)
1778 {
1779 LogRel(("HM: Enabled nested paging\n"));
1780
1781 /*
1782 * Enable large pages (2 MB) if applicable.
1783 */
1784 if (pVM->hm.s.fLargePages)
1785 {
1786 PGMSetLargePageUsage(pVM, true);
1787 LogRel(("HM: Enabled large page support\n"));
1788 }
1789 }
1790
1791 if (pVM->hm.s.fVirtApicRegs)
1792 LogRel(("HM: Enabled APIC-register virtualization support\n"));
1793
1794 if (pVM->hm.s.fPostedIntrs)
1795 LogRel(("HM: Enabled posted-interrupt processing support\n"));
1796
1797 hmR3DisableRawMode(pVM);
1798
1799 /*
1800 * Change the CPU features.
1801 */
1802 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_SEP);
1803 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_SYSCALL);
1804 if (pVM->hm.s.fAllow64BitGuests)
1805 {
1806 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_PAE);
1807 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_LONG_MODE);
1808 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_NX);
1809 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_LAHF);
1810 }
1811 /* Turn on NXE if PAE has been enabled. */
1812 else if (CPUMR3GetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_PAE))
1813 CPUMR3SetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_NX);
1814
1815 LogRel((pVM->hm.s.fTprPatchingAllowed ? "HM: Enabled TPR patching\n"
1816 : "HM: Disabled TPR patching\n"));
1817
1818 LogRel((pVM->hm.s.fAllow64BitGuests ? "HM: Guest support: 32-bit and 64-bit\n"
1819 : "HM: Guest support: 32-bit only\n"));
1820 return VINF_SUCCESS;
1821}
1822
1823
1824/**
1825 * Applies relocations to data and code managed by this
1826 * component. This function will be called at init and
1827 * whenever the VMM need to relocate it self inside the GC.
1828 *
1829 * @param pVM The cross context VM structure.
1830 */
1831VMMR3_INT_DECL(void) HMR3Relocate(PVM pVM)
1832{
1833 Log(("HMR3Relocate to %RGv\n", MMHyperGetArea(pVM, 0)));
1834
1835 /* Fetch the current paging mode during the relocate callback during state loading. */
1836 if (VMR3GetState(pVM) == VMSTATE_LOADING)
1837 {
1838 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1839 {
1840 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
1841 pVCpu->hm.s.enmShadowMode = PGMGetShadowMode(pVCpu);
1842 }
1843 }
1844}
1845
1846
1847/**
1848 * Terminates the HM.
1849 *
1850 * Termination means cleaning up and freeing all resources,
1851 * the VM itself is, at this point, powered off or suspended.
1852 *
1853 * @returns VBox status code.
1854 * @param pVM The cross context VM structure.
1855 */
1856VMMR3_INT_DECL(int) HMR3Term(PVM pVM)
1857{
1858 if (pVM->hm.s.vmx.pRealModeTSS)
1859 {
1860 PDMR3VmmDevHeapFree(pVM, pVM->hm.s.vmx.pRealModeTSS);
1861 pVM->hm.s.vmx.pRealModeTSS = 0;
1862 }
1863 hmR3TermCPU(pVM);
1864 return 0;
1865}
1866
1867
1868/**
1869 * Terminates the per-VCPU HM.
1870 *
1871 * @returns VBox status code.
1872 * @param pVM The cross context VM structure.
1873 */
1874static int hmR3TermCPU(PVM pVM)
1875{
1876#ifdef VBOX_WITH_STATISTICS
1877 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1878 {
1879 PVMCPU pVCpu = pVM->apCpusR3[idCpu]; NOREF(pVCpu);
1880 if (pVCpu->hm.s.paStatExitReason)
1881 {
1882 MMHyperFree(pVM, pVCpu->hm.s.paStatExitReason);
1883 pVCpu->hm.s.paStatExitReason = NULL;
1884 pVCpu->hm.s.paStatExitReasonR0 = NIL_RTR0PTR;
1885 }
1886 if (pVCpu->hm.s.paStatInjectedIrqs)
1887 {
1888 MMHyperFree(pVM, pVCpu->hm.s.paStatInjectedIrqs);
1889 pVCpu->hm.s.paStatInjectedIrqs = NULL;
1890 pVCpu->hm.s.paStatInjectedIrqsR0 = NIL_RTR0PTR;
1891 }
1892# if defined(VBOX_WITH_NESTED_HWVIRT_SVM) || defined(VBOX_WITH_NESTED_HWVIRT_VMX)
1893 if (pVCpu->hm.s.paStatNestedExitReason)
1894 {
1895 MMHyperFree(pVM, pVCpu->hm.s.paStatNestedExitReason);
1896 pVCpu->hm.s.paStatNestedExitReason = NULL;
1897 pVCpu->hm.s.paStatNestedExitReasonR0 = NIL_RTR0PTR;
1898 }
1899# endif
1900 }
1901#else
1902 RT_NOREF(pVM);
1903#endif
1904 return VINF_SUCCESS;
1905}
1906
1907
1908/**
1909 * Resets a virtual CPU.
1910 *
1911 * Used by HMR3Reset and CPU hot plugging.
1912 *
1913 * @param pVCpu The cross context virtual CPU structure to reset.
1914 */
1915VMMR3_INT_DECL(void) HMR3ResetCpu(PVMCPU pVCpu)
1916{
1917 /* Sync. entire state on VM reset ring-0 re-entry. It's safe to reset
1918 the HM flags here, all other EMTs are in ring-3. See VMR3Reset(). */
1919 pVCpu->hm.s.fCtxChanged |= HM_CHANGED_HOST_CONTEXT | HM_CHANGED_ALL_GUEST;
1920
1921 pVCpu->hm.s.fActive = false;
1922 pVCpu->hm.s.Event.fPending = false;
1923 pVCpu->hm.s.vmx.u64GstMsrApicBase = 0;
1924 pVCpu->hm.s.vmx.VmcsInfo.fSwitchedTo64on32Obsolete = false;
1925 pVCpu->hm.s.vmx.VmcsInfo.fWasInRealMode = true;
1926#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
1927 if (pVCpu->CTX_SUFF(pVM)->cpum.ro.GuestFeatures.fVmx)
1928 {
1929 pVCpu->hm.s.vmx.VmcsInfoNstGst.fSwitchedTo64on32Obsolete = false;
1930 pVCpu->hm.s.vmx.VmcsInfoNstGst.fWasInRealMode = true;
1931 }
1932#endif
1933}
1934
1935
1936/**
1937 * The VM is being reset.
1938 *
1939 * For the HM component this means that any GDT/LDT/TSS monitors
1940 * needs to be removed.
1941 *
1942 * @param pVM The cross context VM structure.
1943 */
1944VMMR3_INT_DECL(void) HMR3Reset(PVM pVM)
1945{
1946 LogFlow(("HMR3Reset:\n"));
1947
1948 if (HMIsEnabled(pVM))
1949 hmR3DisableRawMode(pVM);
1950
1951 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1952 HMR3ResetCpu(pVM->apCpusR3[idCpu]);
1953
1954 /* Clear all patch information. */
1955 pVM->hm.s.pGuestPatchMem = 0;
1956 pVM->hm.s.pFreeGuestPatchMem = 0;
1957 pVM->hm.s.cbGuestPatchMem = 0;
1958 pVM->hm.s.cPatches = 0;
1959 pVM->hm.s.PatchTree = 0;
1960 pVM->hm.s.fTPRPatchingActive = false;
1961 ASMMemZero32(pVM->hm.s.aPatches, sizeof(pVM->hm.s.aPatches));
1962}
1963
1964
1965/**
1966 * Callback to patch a TPR instruction (vmmcall or mov cr8).
1967 *
1968 * @returns VBox strict status code.
1969 * @param pVM The cross context VM structure.
1970 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
1971 * @param pvUser Unused.
1972 */
1973static DECLCALLBACK(VBOXSTRICTRC) hmR3RemovePatches(PVM pVM, PVMCPU pVCpu, void *pvUser)
1974{
1975 VMCPUID idCpu = (VMCPUID)(uintptr_t)pvUser;
1976
1977 /* Only execute the handler on the VCPU the original patch request was issued. */
1978 if (pVCpu->idCpu != idCpu)
1979 return VINF_SUCCESS;
1980
1981 Log(("hmR3RemovePatches\n"));
1982 for (unsigned i = 0; i < pVM->hm.s.cPatches; i++)
1983 {
1984 uint8_t abInstr[15];
1985 PHMTPRPATCH pPatch = &pVM->hm.s.aPatches[i];
1986 RTGCPTR pInstrGC = (RTGCPTR)pPatch->Core.Key;
1987 int rc;
1988
1989#ifdef LOG_ENABLED
1990 char szOutput[256];
1991 rc = DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, CPUMGetGuestCS(pVCpu), pInstrGC, DBGF_DISAS_FLAGS_DEFAULT_MODE,
1992 szOutput, sizeof(szOutput), NULL);
1993 if (RT_SUCCESS(rc))
1994 Log(("Patched instr: %s\n", szOutput));
1995#endif
1996
1997 /* Check if the instruction is still the same. */
1998 rc = PGMPhysSimpleReadGCPtr(pVCpu, abInstr, pInstrGC, pPatch->cbNewOp);
1999 if (rc != VINF_SUCCESS)
2000 {
2001 Log(("Patched code removed? (rc=%Rrc0\n", rc));
2002 continue; /* swapped out or otherwise removed; skip it. */
2003 }
2004
2005 if (memcmp(abInstr, pPatch->aNewOpcode, pPatch->cbNewOp))
2006 {
2007 Log(("Patched instruction was changed! (rc=%Rrc0\n", rc));
2008 continue; /* skip it. */
2009 }
2010
2011 rc = PGMPhysSimpleWriteGCPtr(pVCpu, pInstrGC, pPatch->aOpcode, pPatch->cbOp);
2012 AssertRC(rc);
2013
2014#ifdef LOG_ENABLED
2015 rc = DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, CPUMGetGuestCS(pVCpu), pInstrGC, DBGF_DISAS_FLAGS_DEFAULT_MODE,
2016 szOutput, sizeof(szOutput), NULL);
2017 if (RT_SUCCESS(rc))
2018 Log(("Original instr: %s\n", szOutput));
2019#endif
2020 }
2021 pVM->hm.s.cPatches = 0;
2022 pVM->hm.s.PatchTree = 0;
2023 pVM->hm.s.pFreeGuestPatchMem = pVM->hm.s.pGuestPatchMem;
2024 pVM->hm.s.fTPRPatchingActive = false;
2025 return VINF_SUCCESS;
2026}
2027
2028
2029/**
2030 * Worker for enabling patching in a VT-x/AMD-V guest.
2031 *
2032 * @returns VBox status code.
2033 * @param pVM The cross context VM structure.
2034 * @param idCpu VCPU to execute hmR3RemovePatches on.
2035 * @param pPatchMem Patch memory range.
2036 * @param cbPatchMem Size of the memory range.
2037 */
2038static int hmR3EnablePatching(PVM pVM, VMCPUID idCpu, RTRCPTR pPatchMem, unsigned cbPatchMem)
2039{
2040 int rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONE_BY_ONE, hmR3RemovePatches, (void *)(uintptr_t)idCpu);
2041 AssertRC(rc);
2042
2043 pVM->hm.s.pGuestPatchMem = pPatchMem;
2044 pVM->hm.s.pFreeGuestPatchMem = pPatchMem;
2045 pVM->hm.s.cbGuestPatchMem = cbPatchMem;
2046 return VINF_SUCCESS;
2047}
2048
2049
2050/**
2051 * Enable patching in a VT-x/AMD-V guest
2052 *
2053 * @returns VBox status code.
2054 * @param pVM The cross context VM structure.
2055 * @param pPatchMem Patch memory range.
2056 * @param cbPatchMem Size of the memory range.
2057 */
2058VMMR3_INT_DECL(int) HMR3EnablePatching(PVM pVM, RTGCPTR pPatchMem, unsigned cbPatchMem)
2059{
2060 VM_ASSERT_EMT(pVM);
2061 Log(("HMR3EnablePatching %RGv size %x\n", pPatchMem, cbPatchMem));
2062 if (pVM->cCpus > 1)
2063 {
2064 /* We own the IOM lock here and could cause a deadlock by waiting for a VCPU that is blocking on the IOM lock. */
2065 int rc = VMR3ReqCallNoWait(pVM, VMCPUID_ANY_QUEUE,
2066 (PFNRT)hmR3EnablePatching, 4, pVM, VMMGetCpuId(pVM), (RTRCPTR)pPatchMem, cbPatchMem);
2067 AssertRC(rc);
2068 return rc;
2069 }
2070 return hmR3EnablePatching(pVM, VMMGetCpuId(pVM), (RTRCPTR)pPatchMem, cbPatchMem);
2071}
2072
2073
2074/**
2075 * Disable patching in a VT-x/AMD-V guest.
2076 *
2077 * @returns VBox status code.
2078 * @param pVM The cross context VM structure.
2079 * @param pPatchMem Patch memory range.
2080 * @param cbPatchMem Size of the memory range.
2081 */
2082VMMR3_INT_DECL(int) HMR3DisablePatching(PVM pVM, RTGCPTR pPatchMem, unsigned cbPatchMem)
2083{
2084 Log(("HMR3DisablePatching %RGv size %x\n", pPatchMem, cbPatchMem));
2085 RT_NOREF2(pPatchMem, cbPatchMem);
2086
2087 Assert(pVM->hm.s.pGuestPatchMem == pPatchMem);
2088 Assert(pVM->hm.s.cbGuestPatchMem == cbPatchMem);
2089
2090 /** @todo Potential deadlock when other VCPUs are waiting on the IOM lock (we own it)!! */
2091 int rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONE_BY_ONE, hmR3RemovePatches,
2092 (void *)(uintptr_t)VMMGetCpuId(pVM));
2093 AssertRC(rc);
2094
2095 pVM->hm.s.pGuestPatchMem = 0;
2096 pVM->hm.s.pFreeGuestPatchMem = 0;
2097 pVM->hm.s.cbGuestPatchMem = 0;
2098 pVM->hm.s.fTPRPatchingActive = false;
2099 return VINF_SUCCESS;
2100}
2101
2102
2103/**
2104 * Callback to patch a TPR instruction (vmmcall or mov cr8).
2105 *
2106 * @returns VBox strict status code.
2107 * @param pVM The cross context VM structure.
2108 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
2109 * @param pvUser User specified CPU context.
2110 *
2111 */
2112static DECLCALLBACK(VBOXSTRICTRC) hmR3ReplaceTprInstr(PVM pVM, PVMCPU pVCpu, void *pvUser)
2113{
2114 /*
2115 * Only execute the handler on the VCPU the original patch request was
2116 * issued. (The other CPU(s) might not yet have switched to protected
2117 * mode, nor have the correct memory context.)
2118 */
2119 VMCPUID idCpu = (VMCPUID)(uintptr_t)pvUser;
2120 if (pVCpu->idCpu != idCpu)
2121 return VINF_SUCCESS;
2122
2123 /*
2124 * We're racing other VCPUs here, so don't try patch the instruction twice
2125 * and make sure there is still room for our patch record.
2126 */
2127 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
2128 PHMTPRPATCH pPatch = (PHMTPRPATCH)RTAvloU32Get(&pVM->hm.s.PatchTree, (AVLOU32KEY)pCtx->eip);
2129 if (pPatch)
2130 {
2131 Log(("hmR3ReplaceTprInstr: already patched %RGv\n", pCtx->rip));
2132 return VINF_SUCCESS;
2133 }
2134 uint32_t const idx = pVM->hm.s.cPatches;
2135 if (idx >= RT_ELEMENTS(pVM->hm.s.aPatches))
2136 {
2137 Log(("hmR3ReplaceTprInstr: no available patch slots (%RGv)\n", pCtx->rip));
2138 return VINF_SUCCESS;
2139 }
2140 pPatch = &pVM->hm.s.aPatches[idx];
2141
2142 Log(("hmR3ReplaceTprInstr: rip=%RGv idxPatch=%u\n", pCtx->rip, idx));
2143
2144 /*
2145 * Disassembler the instruction and get cracking.
2146 */
2147 DBGFR3_DISAS_INSTR_CUR_LOG(pVCpu, "hmR3ReplaceTprInstr");
2148 PDISCPUSTATE pDis = &pVCpu->hm.s.DisState;
2149 uint32_t cbOp;
2150 int rc = EMInterpretDisasCurrent(pVM, pVCpu, pDis, &cbOp);
2151 AssertRC(rc);
2152 if ( rc == VINF_SUCCESS
2153 && pDis->pCurInstr->uOpcode == OP_MOV
2154 && cbOp >= 3)
2155 {
2156 static uint8_t const s_abVMMCall[3] = { 0x0f, 0x01, 0xd9 };
2157
2158 rc = PGMPhysSimpleReadGCPtr(pVCpu, pPatch->aOpcode, pCtx->rip, cbOp);
2159 AssertRC(rc);
2160
2161 pPatch->cbOp = cbOp;
2162
2163 if (pDis->Param1.fUse == DISUSE_DISPLACEMENT32)
2164 {
2165 /* write. */
2166 if (pDis->Param2.fUse == DISUSE_REG_GEN32)
2167 {
2168 pPatch->enmType = HMTPRINSTR_WRITE_REG;
2169 pPatch->uSrcOperand = pDis->Param2.Base.idxGenReg;
2170 Log(("hmR3ReplaceTprInstr: HMTPRINSTR_WRITE_REG %u\n", pDis->Param2.Base.idxGenReg));
2171 }
2172 else
2173 {
2174 Assert(pDis->Param2.fUse == DISUSE_IMMEDIATE32);
2175 pPatch->enmType = HMTPRINSTR_WRITE_IMM;
2176 pPatch->uSrcOperand = pDis->Param2.uValue;
2177 Log(("hmR3ReplaceTprInstr: HMTPRINSTR_WRITE_IMM %#llx\n", pDis->Param2.uValue));
2178 }
2179 rc = PGMPhysSimpleWriteGCPtr(pVCpu, pCtx->rip, s_abVMMCall, sizeof(s_abVMMCall));
2180 AssertRC(rc);
2181
2182 memcpy(pPatch->aNewOpcode, s_abVMMCall, sizeof(s_abVMMCall));
2183 pPatch->cbNewOp = sizeof(s_abVMMCall);
2184 STAM_COUNTER_INC(&pVM->hm.s.StatTprReplaceSuccessVmc);
2185 }
2186 else
2187 {
2188 /*
2189 * TPR Read.
2190 *
2191 * Found:
2192 * mov eax, dword [fffe0080] (5 bytes)
2193 * Check if next instruction is:
2194 * shr eax, 4
2195 */
2196 Assert(pDis->Param1.fUse == DISUSE_REG_GEN32);
2197
2198 uint8_t const idxMmioReg = pDis->Param1.Base.idxGenReg;
2199 uint8_t const cbOpMmio = cbOp;
2200 uint64_t const uSavedRip = pCtx->rip;
2201
2202 pCtx->rip += cbOp;
2203 rc = EMInterpretDisasCurrent(pVM, pVCpu, pDis, &cbOp);
2204 DBGFR3_DISAS_INSTR_CUR_LOG(pVCpu, "Following read");
2205 pCtx->rip = uSavedRip;
2206
2207 if ( rc == VINF_SUCCESS
2208 && pDis->pCurInstr->uOpcode == OP_SHR
2209 && pDis->Param1.fUse == DISUSE_REG_GEN32
2210 && pDis->Param1.Base.idxGenReg == idxMmioReg
2211 && pDis->Param2.fUse == DISUSE_IMMEDIATE8
2212 && pDis->Param2.uValue == 4
2213 && cbOpMmio + cbOp < sizeof(pVM->hm.s.aPatches[idx].aOpcode))
2214 {
2215 uint8_t abInstr[15];
2216
2217 /* Replacing the two instructions above with an AMD-V specific lock-prefixed 32-bit MOV CR8 instruction so as to
2218 access CR8 in 32-bit mode and not cause a #VMEXIT. */
2219 rc = PGMPhysSimpleReadGCPtr(pVCpu, &pPatch->aOpcode, pCtx->rip, cbOpMmio + cbOp);
2220 AssertRC(rc);
2221
2222 pPatch->cbOp = cbOpMmio + cbOp;
2223
2224 /* 0xf0, 0x0f, 0x20, 0xc0 = mov eax, cr8 */
2225 abInstr[0] = 0xf0;
2226 abInstr[1] = 0x0f;
2227 abInstr[2] = 0x20;
2228 abInstr[3] = 0xc0 | pDis->Param1.Base.idxGenReg;
2229 for (unsigned i = 4; i < pPatch->cbOp; i++)
2230 abInstr[i] = 0x90; /* nop */
2231
2232 rc = PGMPhysSimpleWriteGCPtr(pVCpu, pCtx->rip, abInstr, pPatch->cbOp);
2233 AssertRC(rc);
2234
2235 memcpy(pPatch->aNewOpcode, abInstr, pPatch->cbOp);
2236 pPatch->cbNewOp = pPatch->cbOp;
2237 STAM_COUNTER_INC(&pVM->hm.s.StatTprReplaceSuccessCr8);
2238
2239 Log(("Acceptable read/shr candidate!\n"));
2240 pPatch->enmType = HMTPRINSTR_READ_SHR4;
2241 }
2242 else
2243 {
2244 pPatch->enmType = HMTPRINSTR_READ;
2245 pPatch->uDstOperand = idxMmioReg;
2246
2247 rc = PGMPhysSimpleWriteGCPtr(pVCpu, pCtx->rip, s_abVMMCall, sizeof(s_abVMMCall));
2248 AssertRC(rc);
2249
2250 memcpy(pPatch->aNewOpcode, s_abVMMCall, sizeof(s_abVMMCall));
2251 pPatch->cbNewOp = sizeof(s_abVMMCall);
2252 STAM_COUNTER_INC(&pVM->hm.s.StatTprReplaceSuccessVmc);
2253 Log(("hmR3ReplaceTprInstr: HMTPRINSTR_READ %u\n", pPatch->uDstOperand));
2254 }
2255 }
2256
2257 pPatch->Core.Key = pCtx->eip;
2258 rc = RTAvloU32Insert(&pVM->hm.s.PatchTree, &pPatch->Core);
2259 AssertRC(rc);
2260
2261 pVM->hm.s.cPatches++;
2262 return VINF_SUCCESS;
2263 }
2264
2265 /*
2266 * Save invalid patch, so we will not try again.
2267 */
2268 Log(("hmR3ReplaceTprInstr: Failed to patch instr!\n"));
2269 pPatch->Core.Key = pCtx->eip;
2270 pPatch->enmType = HMTPRINSTR_INVALID;
2271 rc = RTAvloU32Insert(&pVM->hm.s.PatchTree, &pPatch->Core);
2272 AssertRC(rc);
2273 pVM->hm.s.cPatches++;
2274 STAM_COUNTER_INC(&pVM->hm.s.StatTprReplaceFailure);
2275 return VINF_SUCCESS;
2276}
2277
2278
2279/**
2280 * Callback to patch a TPR instruction (jump to generated code).
2281 *
2282 * @returns VBox strict status code.
2283 * @param pVM The cross context VM structure.
2284 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
2285 * @param pvUser User specified CPU context.
2286 *
2287 */
2288static DECLCALLBACK(VBOXSTRICTRC) hmR3PatchTprInstr(PVM pVM, PVMCPU pVCpu, void *pvUser)
2289{
2290 /*
2291 * Only execute the handler on the VCPU the original patch request was
2292 * issued. (The other CPU(s) might not yet have switched to protected
2293 * mode, nor have the correct memory context.)
2294 */
2295 VMCPUID idCpu = (VMCPUID)(uintptr_t)pvUser;
2296 if (pVCpu->idCpu != idCpu)
2297 return VINF_SUCCESS;
2298
2299 /*
2300 * We're racing other VCPUs here, so don't try patch the instruction twice
2301 * and make sure there is still room for our patch record.
2302 */
2303 PCPUMCTX pCtx = &pVCpu->cpum.GstCtx;
2304 PHMTPRPATCH pPatch = (PHMTPRPATCH)RTAvloU32Get(&pVM->hm.s.PatchTree, (AVLOU32KEY)pCtx->eip);
2305 if (pPatch)
2306 {
2307 Log(("hmR3PatchTprInstr: already patched %RGv\n", pCtx->rip));
2308 return VINF_SUCCESS;
2309 }
2310 uint32_t const idx = pVM->hm.s.cPatches;
2311 if (idx >= RT_ELEMENTS(pVM->hm.s.aPatches))
2312 {
2313 Log(("hmR3PatchTprInstr: no available patch slots (%RGv)\n", pCtx->rip));
2314 return VINF_SUCCESS;
2315 }
2316 pPatch = &pVM->hm.s.aPatches[idx];
2317
2318 Log(("hmR3PatchTprInstr: rip=%RGv idxPatch=%u\n", pCtx->rip, idx));
2319 DBGFR3_DISAS_INSTR_CUR_LOG(pVCpu, "hmR3PatchTprInstr");
2320
2321 /*
2322 * Disassemble the instruction and get cracking.
2323 */
2324 PDISCPUSTATE pDis = &pVCpu->hm.s.DisState;
2325 uint32_t cbOp;
2326 int rc = EMInterpretDisasCurrent(pVM, pVCpu, pDis, &cbOp);
2327 AssertRC(rc);
2328 if ( rc == VINF_SUCCESS
2329 && pDis->pCurInstr->uOpcode == OP_MOV
2330 && cbOp >= 5)
2331 {
2332 uint8_t aPatch[64];
2333 uint32_t off = 0;
2334
2335 rc = PGMPhysSimpleReadGCPtr(pVCpu, pPatch->aOpcode, pCtx->rip, cbOp);
2336 AssertRC(rc);
2337
2338 pPatch->cbOp = cbOp;
2339 pPatch->enmType = HMTPRINSTR_JUMP_REPLACEMENT;
2340
2341 if (pDis->Param1.fUse == DISUSE_DISPLACEMENT32)
2342 {
2343 /*
2344 * TPR write:
2345 *
2346 * push ECX [51]
2347 * push EDX [52]
2348 * push EAX [50]
2349 * xor EDX,EDX [31 D2]
2350 * mov EAX,EAX [89 C0]
2351 * or
2352 * mov EAX,0000000CCh [B8 CC 00 00 00]
2353 * mov ECX,0C0000082h [B9 82 00 00 C0]
2354 * wrmsr [0F 30]
2355 * pop EAX [58]
2356 * pop EDX [5A]
2357 * pop ECX [59]
2358 * jmp return_address [E9 return_address]
2359 */
2360 bool fUsesEax = (pDis->Param2.fUse == DISUSE_REG_GEN32 && pDis->Param2.Base.idxGenReg == DISGREG_EAX);
2361
2362 aPatch[off++] = 0x51; /* push ecx */
2363 aPatch[off++] = 0x52; /* push edx */
2364 if (!fUsesEax)
2365 aPatch[off++] = 0x50; /* push eax */
2366 aPatch[off++] = 0x31; /* xor edx, edx */
2367 aPatch[off++] = 0xd2;
2368 if (pDis->Param2.fUse == DISUSE_REG_GEN32)
2369 {
2370 if (!fUsesEax)
2371 {
2372 aPatch[off++] = 0x89; /* mov eax, src_reg */
2373 aPatch[off++] = MAKE_MODRM(3, pDis->Param2.Base.idxGenReg, DISGREG_EAX);
2374 }
2375 }
2376 else
2377 {
2378 Assert(pDis->Param2.fUse == DISUSE_IMMEDIATE32);
2379 aPatch[off++] = 0xb8; /* mov eax, immediate */
2380 *(uint32_t *)&aPatch[off] = pDis->Param2.uValue;
2381 off += sizeof(uint32_t);
2382 }
2383 aPatch[off++] = 0xb9; /* mov ecx, 0xc0000082 */
2384 *(uint32_t *)&aPatch[off] = MSR_K8_LSTAR;
2385 off += sizeof(uint32_t);
2386
2387 aPatch[off++] = 0x0f; /* wrmsr */
2388 aPatch[off++] = 0x30;
2389 if (!fUsesEax)
2390 aPatch[off++] = 0x58; /* pop eax */
2391 aPatch[off++] = 0x5a; /* pop edx */
2392 aPatch[off++] = 0x59; /* pop ecx */
2393 }
2394 else
2395 {
2396 /*
2397 * TPR read:
2398 *
2399 * push ECX [51]
2400 * push EDX [52]
2401 * push EAX [50]
2402 * mov ECX,0C0000082h [B9 82 00 00 C0]
2403 * rdmsr [0F 32]
2404 * mov EAX,EAX [89 C0]
2405 * pop EAX [58]
2406 * pop EDX [5A]
2407 * pop ECX [59]
2408 * jmp return_address [E9 return_address]
2409 */
2410 Assert(pDis->Param1.fUse == DISUSE_REG_GEN32);
2411
2412 if (pDis->Param1.Base.idxGenReg != DISGREG_ECX)
2413 aPatch[off++] = 0x51; /* push ecx */
2414 if (pDis->Param1.Base.idxGenReg != DISGREG_EDX )
2415 aPatch[off++] = 0x52; /* push edx */
2416 if (pDis->Param1.Base.idxGenReg != DISGREG_EAX)
2417 aPatch[off++] = 0x50; /* push eax */
2418
2419 aPatch[off++] = 0x31; /* xor edx, edx */
2420 aPatch[off++] = 0xd2;
2421
2422 aPatch[off++] = 0xb9; /* mov ecx, 0xc0000082 */
2423 *(uint32_t *)&aPatch[off] = MSR_K8_LSTAR;
2424 off += sizeof(uint32_t);
2425
2426 aPatch[off++] = 0x0f; /* rdmsr */
2427 aPatch[off++] = 0x32;
2428
2429 if (pDis->Param1.Base.idxGenReg != DISGREG_EAX)
2430 {
2431 aPatch[off++] = 0x89; /* mov dst_reg, eax */
2432 aPatch[off++] = MAKE_MODRM(3, DISGREG_EAX, pDis->Param1.Base.idxGenReg);
2433 }
2434
2435 if (pDis->Param1.Base.idxGenReg != DISGREG_EAX)
2436 aPatch[off++] = 0x58; /* pop eax */
2437 if (pDis->Param1.Base.idxGenReg != DISGREG_EDX )
2438 aPatch[off++] = 0x5a; /* pop edx */
2439 if (pDis->Param1.Base.idxGenReg != DISGREG_ECX)
2440 aPatch[off++] = 0x59; /* pop ecx */
2441 }
2442 aPatch[off++] = 0xe9; /* jmp return_address */
2443 *(RTRCUINTPTR *)&aPatch[off] = ((RTRCUINTPTR)pCtx->eip + cbOp) - ((RTRCUINTPTR)pVM->hm.s.pFreeGuestPatchMem + off + 4);
2444 off += sizeof(RTRCUINTPTR);
2445
2446 if (pVM->hm.s.pFreeGuestPatchMem + off <= pVM->hm.s.pGuestPatchMem + pVM->hm.s.cbGuestPatchMem)
2447 {
2448 /* Write new code to the patch buffer. */
2449 rc = PGMPhysSimpleWriteGCPtr(pVCpu, pVM->hm.s.pFreeGuestPatchMem, aPatch, off);
2450 AssertRC(rc);
2451
2452#ifdef LOG_ENABLED
2453 uint32_t cbCurInstr;
2454 for (RTGCPTR GCPtrInstr = pVM->hm.s.pFreeGuestPatchMem;
2455 GCPtrInstr < pVM->hm.s.pFreeGuestPatchMem + off;
2456 GCPtrInstr += RT_MAX(cbCurInstr, 1))
2457 {
2458 char szOutput[256];
2459 rc = DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, pCtx->cs.Sel, GCPtrInstr, DBGF_DISAS_FLAGS_DEFAULT_MODE,
2460 szOutput, sizeof(szOutput), &cbCurInstr);
2461 if (RT_SUCCESS(rc))
2462 Log(("Patch instr %s\n", szOutput));
2463 else
2464 Log(("%RGv: rc=%Rrc\n", GCPtrInstr, rc));
2465 }
2466#endif
2467
2468 pPatch->aNewOpcode[0] = 0xE9;
2469 *(RTRCUINTPTR *)&pPatch->aNewOpcode[1] = ((RTRCUINTPTR)pVM->hm.s.pFreeGuestPatchMem) - ((RTRCUINTPTR)pCtx->eip + 5);
2470
2471 /* Overwrite the TPR instruction with a jump. */
2472 rc = PGMPhysSimpleWriteGCPtr(pVCpu, pCtx->eip, pPatch->aNewOpcode, 5);
2473 AssertRC(rc);
2474
2475 DBGFR3_DISAS_INSTR_CUR_LOG(pVCpu, "Jump");
2476
2477 pVM->hm.s.pFreeGuestPatchMem += off;
2478 pPatch->cbNewOp = 5;
2479
2480 pPatch->Core.Key = pCtx->eip;
2481 rc = RTAvloU32Insert(&pVM->hm.s.PatchTree, &pPatch->Core);
2482 AssertRC(rc);
2483
2484 pVM->hm.s.cPatches++;
2485 pVM->hm.s.fTPRPatchingActive = true;
2486 STAM_COUNTER_INC(&pVM->hm.s.StatTprPatchSuccess);
2487 return VINF_SUCCESS;
2488 }
2489
2490 Log(("Ran out of space in our patch buffer!\n"));
2491 }
2492 else
2493 Log(("hmR3PatchTprInstr: Failed to patch instr!\n"));
2494
2495
2496 /*
2497 * Save invalid patch, so we will not try again.
2498 */
2499 pPatch = &pVM->hm.s.aPatches[idx];
2500 pPatch->Core.Key = pCtx->eip;
2501 pPatch->enmType = HMTPRINSTR_INVALID;
2502 rc = RTAvloU32Insert(&pVM->hm.s.PatchTree, &pPatch->Core);
2503 AssertRC(rc);
2504 pVM->hm.s.cPatches++;
2505 STAM_COUNTER_INC(&pVM->hm.s.StatTprPatchFailure);
2506 return VINF_SUCCESS;
2507}
2508
2509
2510/**
2511 * Attempt to patch TPR mmio instructions.
2512 *
2513 * @returns VBox status code.
2514 * @param pVM The cross context VM structure.
2515 * @param pVCpu The cross context virtual CPU structure.
2516 */
2517VMMR3_INT_DECL(int) HMR3PatchTprInstr(PVM pVM, PVMCPU pVCpu)
2518{
2519 int rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONE_BY_ONE,
2520 pVM->hm.s.pGuestPatchMem ? hmR3PatchTprInstr : hmR3ReplaceTprInstr,
2521 (void *)(uintptr_t)pVCpu->idCpu);
2522 AssertRC(rc);
2523 return rc;
2524}
2525
2526
2527/**
2528 * Checks if we need to reschedule due to VMM device heap changes.
2529 *
2530 * @returns true if a reschedule is required, otherwise false.
2531 * @param pVM The cross context VM structure.
2532 * @param pCtx VM execution context.
2533 */
2534VMMR3_INT_DECL(bool) HMR3IsRescheduleRequired(PVM pVM, PCCPUMCTX pCtx)
2535{
2536 /*
2537 * The VMM device heap is a requirement for emulating real-mode or protected-mode without paging
2538 * when the unrestricted guest execution feature is missing (VT-x only).
2539 */
2540 if ( pVM->hm.s.vmx.fEnabled
2541 && !pVM->hm.s.vmx.fUnrestrictedGuest
2542 && CPUMIsGuestInRealModeEx(pCtx)
2543 && !PDMVmmDevHeapIsEnabled(pVM))
2544 return true;
2545
2546 return false;
2547}
2548
2549
2550/**
2551 * Noticiation callback from DBGF when interrupt breakpoints or generic debug
2552 * event settings changes.
2553 *
2554 * DBGF will call HMR3NotifyDebugEventChangedPerCpu on each CPU afterwards, this
2555 * function is just updating the VM globals.
2556 *
2557 * @param pVM The VM cross context VM structure.
2558 * @thread EMT(0)
2559 */
2560VMMR3_INT_DECL(void) HMR3NotifyDebugEventChanged(PVM pVM)
2561{
2562 /* Interrupts. */
2563 bool fUseDebugLoop = pVM->dbgf.ro.cSoftIntBreakpoints > 0
2564 || pVM->dbgf.ro.cHardIntBreakpoints > 0;
2565
2566 /* CPU Exceptions. */
2567 for (DBGFEVENTTYPE enmEvent = DBGFEVENT_XCPT_FIRST;
2568 !fUseDebugLoop && enmEvent <= DBGFEVENT_XCPT_LAST;
2569 enmEvent = (DBGFEVENTTYPE)(enmEvent + 1))
2570 fUseDebugLoop = DBGF_IS_EVENT_ENABLED(pVM, enmEvent);
2571
2572 /* Common VM exits. */
2573 for (DBGFEVENTTYPE enmEvent = DBGFEVENT_EXIT_FIRST;
2574 !fUseDebugLoop && enmEvent <= DBGFEVENT_EXIT_LAST_COMMON;
2575 enmEvent = (DBGFEVENTTYPE)(enmEvent + 1))
2576 fUseDebugLoop = DBGF_IS_EVENT_ENABLED(pVM, enmEvent);
2577
2578 /* Vendor specific VM exits. */
2579 if (HMR3IsVmxEnabled(pVM->pUVM))
2580 for (DBGFEVENTTYPE enmEvent = DBGFEVENT_EXIT_VMX_FIRST;
2581 !fUseDebugLoop && enmEvent <= DBGFEVENT_EXIT_VMX_LAST;
2582 enmEvent = (DBGFEVENTTYPE)(enmEvent + 1))
2583 fUseDebugLoop = DBGF_IS_EVENT_ENABLED(pVM, enmEvent);
2584 else
2585 for (DBGFEVENTTYPE enmEvent = DBGFEVENT_EXIT_SVM_FIRST;
2586 !fUseDebugLoop && enmEvent <= DBGFEVENT_EXIT_SVM_LAST;
2587 enmEvent = (DBGFEVENTTYPE)(enmEvent + 1))
2588 fUseDebugLoop = DBGF_IS_EVENT_ENABLED(pVM, enmEvent);
2589
2590 /* Done. */
2591 pVM->hm.s.fUseDebugLoop = fUseDebugLoop;
2592}
2593
2594
2595/**
2596 * Follow up notification callback to HMR3NotifyDebugEventChanged for each CPU.
2597 *
2598 * HM uses this to combine the decision made by HMR3NotifyDebugEventChanged with
2599 * per CPU settings.
2600 *
2601 * @param pVM The VM cross context VM structure.
2602 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
2603 */
2604VMMR3_INT_DECL(void) HMR3NotifyDebugEventChangedPerCpu(PVM pVM, PVMCPU pVCpu)
2605{
2606 pVCpu->hm.s.fUseDebugLoop = pVCpu->hm.s.fSingleInstruction | pVM->hm.s.fUseDebugLoop;
2607}
2608
2609
2610/**
2611 * Checks if we are currently using hardware acceleration.
2612 *
2613 * @returns true if hardware acceleration is being used, otherwise false.
2614 * @param pVCpu The cross context virtual CPU structure.
2615 */
2616VMMR3_INT_DECL(bool) HMR3IsActive(PCVMCPU pVCpu)
2617{
2618 return pVCpu->hm.s.fActive;
2619}
2620
2621
2622/**
2623 * External interface for querying whether hardware acceleration is enabled.
2624 *
2625 * @returns true if VT-x or AMD-V is being used, otherwise false.
2626 * @param pUVM The user mode VM handle.
2627 * @sa HMIsEnabled, HMIsEnabledNotMacro.
2628 */
2629VMMR3DECL(bool) HMR3IsEnabled(PUVM pUVM)
2630{
2631 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2632 PVM pVM = pUVM->pVM;
2633 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2634 return pVM->fHMEnabled; /* Don't use the macro as the GUI may query us very very early. */
2635}
2636
2637
2638/**
2639 * External interface for querying whether VT-x is being used.
2640 *
2641 * @returns true if VT-x is being used, otherwise false.
2642 * @param pUVM The user mode VM handle.
2643 * @sa HMR3IsSvmEnabled, HMIsEnabled
2644 */
2645VMMR3DECL(bool) HMR3IsVmxEnabled(PUVM pUVM)
2646{
2647 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2648 PVM pVM = pUVM->pVM;
2649 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2650 return pVM->hm.s.vmx.fEnabled
2651 && pVM->hm.s.vmx.fSupported
2652 && pVM->fHMEnabled;
2653}
2654
2655
2656/**
2657 * External interface for querying whether AMD-V is being used.
2658 *
2659 * @returns true if VT-x is being used, otherwise false.
2660 * @param pUVM The user mode VM handle.
2661 * @sa HMR3IsVmxEnabled, HMIsEnabled
2662 */
2663VMMR3DECL(bool) HMR3IsSvmEnabled(PUVM pUVM)
2664{
2665 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2666 PVM pVM = pUVM->pVM;
2667 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2668 return pVM->hm.s.svm.fEnabled
2669 && pVM->hm.s.svm.fSupported
2670 && pVM->fHMEnabled;
2671}
2672
2673
2674/**
2675 * Checks if we are currently using nested paging.
2676 *
2677 * @returns true if nested paging is being used, otherwise false.
2678 * @param pUVM The user mode VM handle.
2679 */
2680VMMR3DECL(bool) HMR3IsNestedPagingActive(PUVM pUVM)
2681{
2682 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2683 PVM pVM = pUVM->pVM;
2684 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2685 return pVM->hm.s.fNestedPaging;
2686}
2687
2688
2689/**
2690 * Checks if virtualized APIC registers is enabled.
2691 *
2692 * When enabled this feature allows the hardware to access most of the
2693 * APIC registers in the virtual-APIC page without causing VM-exits. See
2694 * Intel spec. 29.1.1 "Virtualized APIC Registers".
2695 *
2696 * @returns true if virtualized APIC registers is enabled, otherwise
2697 * false.
2698 * @param pUVM The user mode VM handle.
2699 */
2700VMMR3DECL(bool) HMR3IsVirtApicRegsEnabled(PUVM pUVM)
2701{
2702 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2703 PVM pVM = pUVM->pVM;
2704 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2705 return pVM->hm.s.fVirtApicRegs;
2706}
2707
2708
2709/**
2710 * Checks if APIC posted-interrupt processing is enabled.
2711 *
2712 * This returns whether we can deliver interrupts to the guest without
2713 * leaving guest-context by updating APIC state from host-context.
2714 *
2715 * @returns true if APIC posted-interrupt processing is enabled,
2716 * otherwise false.
2717 * @param pUVM The user mode VM handle.
2718 */
2719VMMR3DECL(bool) HMR3IsPostedIntrsEnabled(PUVM pUVM)
2720{
2721 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2722 PVM pVM = pUVM->pVM;
2723 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2724 return pVM->hm.s.fPostedIntrs;
2725}
2726
2727
2728/**
2729 * Checks if we are currently using VPID in VT-x mode.
2730 *
2731 * @returns true if VPID is being used, otherwise false.
2732 * @param pUVM The user mode VM handle.
2733 */
2734VMMR3DECL(bool) HMR3IsVpidActive(PUVM pUVM)
2735{
2736 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2737 PVM pVM = pUVM->pVM;
2738 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2739 return pVM->hm.s.vmx.fVpid;
2740}
2741
2742
2743/**
2744 * Checks if we are currently using VT-x unrestricted execution,
2745 * aka UX.
2746 *
2747 * @returns true if UX is being used, otherwise false.
2748 * @param pUVM The user mode VM handle.
2749 */
2750VMMR3DECL(bool) HMR3IsUXActive(PUVM pUVM)
2751{
2752 UVM_ASSERT_VALID_EXT_RETURN(pUVM, false);
2753 PVM pVM = pUVM->pVM;
2754 VM_ASSERT_VALID_EXT_RETURN(pVM, false);
2755 return pVM->hm.s.vmx.fUnrestrictedGuest
2756 || pVM->hm.s.svm.fSupported;
2757}
2758
2759
2760/**
2761 * Checks if the VMX-preemption timer is being used.
2762 *
2763 * @returns true if the VMX-preemption timer is being used, otherwise false.
2764 * @param pVM The cross context VM structure.
2765 */
2766VMMR3_INT_DECL(bool) HMR3IsVmxPreemptionTimerUsed(PVM pVM)
2767{
2768 return HMIsEnabled(pVM)
2769 && pVM->hm.s.vmx.fEnabled
2770 && pVM->hm.s.vmx.fUsePreemptTimer;
2771}
2772
2773
2774/**
2775 * Helper for HMR3CheckError to log VMCS controls to the release log.
2776 *
2777 * @param idCpu The Virtual CPU ID.
2778 * @param pVmcsInfo The VMCS info. object.
2779 */
2780static void hmR3CheckErrorLogVmcsCtls(VMCPUID idCpu, PCVMXVMCSINFO pVmcsInfo)
2781{
2782 LogRel(("HM: CPU[%u] PinCtls %#RX32\n", idCpu, pVmcsInfo->u32PinCtls));
2783 {
2784 uint32_t const u32Val = pVmcsInfo->u32PinCtls;
2785 HMVMX_LOGREL_FEAT(u32Val, VMX_PIN_CTLS_EXT_INT_EXIT );
2786 HMVMX_LOGREL_FEAT(u32Val, VMX_PIN_CTLS_NMI_EXIT );
2787 HMVMX_LOGREL_FEAT(u32Val, VMX_PIN_CTLS_VIRT_NMI );
2788 HMVMX_LOGREL_FEAT(u32Val, VMX_PIN_CTLS_PREEMPT_TIMER);
2789 HMVMX_LOGREL_FEAT(u32Val, VMX_PIN_CTLS_POSTED_INT );
2790 }
2791 LogRel(("HM: CPU[%u] ProcCtls %#RX32\n", idCpu, pVmcsInfo->u32ProcCtls));
2792 {
2793 uint32_t const u32Val = pVmcsInfo->u32ProcCtls;
2794 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_INT_WINDOW_EXIT );
2795 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_USE_TSC_OFFSETTING);
2796 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_HLT_EXIT );
2797 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_INVLPG_EXIT );
2798 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_MWAIT_EXIT );
2799 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_RDPMC_EXIT );
2800 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_RDTSC_EXIT );
2801 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_CR3_LOAD_EXIT );
2802 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_CR3_STORE_EXIT );
2803 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_CR8_LOAD_EXIT );
2804 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_CR8_STORE_EXIT );
2805 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_USE_TPR_SHADOW );
2806 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_NMI_WINDOW_EXIT );
2807 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_MOV_DR_EXIT );
2808 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_UNCOND_IO_EXIT );
2809 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_USE_IO_BITMAPS );
2810 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_MONITOR_TRAP_FLAG );
2811 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_USE_MSR_BITMAPS );
2812 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_MONITOR_EXIT );
2813 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_PAUSE_EXIT );
2814 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS_USE_SECONDARY_CTLS);
2815 }
2816 LogRel(("HM: CPU[%u] ProcCtls2 %#RX32\n", idCpu, pVmcsInfo->u32ProcCtls2));
2817 {
2818 uint32_t const u32Val = pVmcsInfo->u32ProcCtls2;
2819 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_VIRT_APIC_ACCESS );
2820 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_EPT );
2821 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_DESC_TABLE_EXIT );
2822 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_RDTSCP );
2823 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_VIRT_X2APIC_MODE );
2824 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_VPID );
2825 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_WBINVD_EXIT );
2826 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_UNRESTRICTED_GUEST );
2827 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_APIC_REG_VIRT );
2828 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_VIRT_INT_DELIVERY );
2829 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_PAUSE_LOOP_EXIT );
2830 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_RDRAND_EXIT );
2831 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_INVPCID );
2832 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_VMFUNC );
2833 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_VMCS_SHADOWING );
2834 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_ENCLS_EXIT );
2835 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_RDSEED_EXIT );
2836 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_PML );
2837 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_EPT_VE );
2838 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_CONCEAL_VMX_FROM_PT);
2839 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_XSAVES_XRSTORS );
2840 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_MODE_BASED_EPT_PERM);
2841 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_SPPTP_EPT );
2842 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_PT_EPT );
2843 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_TSC_SCALING );
2844 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_USER_WAIT_PAUSE );
2845 HMVMX_LOGREL_FEAT(u32Val, VMX_PROC_CTLS2_ENCLV_EXIT );
2846 }
2847 LogRel(("HM: CPU[%u] EntryCtls %#RX32\n", idCpu, pVmcsInfo->u32EntryCtls));
2848 {
2849 uint32_t const u32Val = pVmcsInfo->u32EntryCtls;
2850 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_LOAD_DEBUG );
2851 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_IA32E_MODE_GUEST );
2852 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_ENTRY_TO_SMM );
2853 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_DEACTIVATE_DUAL_MON);
2854 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_LOAD_PERF_MSR );
2855 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_LOAD_PAT_MSR );
2856 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_LOAD_EFER_MSR );
2857 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_LOAD_BNDCFGS_MSR );
2858 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_CONCEAL_VMX_FROM_PT);
2859 HMVMX_LOGREL_FEAT(u32Val, VMX_ENTRY_CTLS_LOAD_RTIT_CTL_MSR );
2860 }
2861 LogRel(("HM: CPU[%u] ExitCtls %#RX32\n", idCpu, pVmcsInfo->u32ExitCtls));
2862 {
2863 uint32_t const u32Val = pVmcsInfo->u32ExitCtls;
2864 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_SAVE_DEBUG );
2865 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_HOST_ADDR_SPACE_SIZE );
2866 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_LOAD_PERF_MSR );
2867 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_ACK_EXT_INT );
2868 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_SAVE_PAT_MSR );
2869 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_LOAD_PAT_MSR );
2870 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_SAVE_EFER_MSR );
2871 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_LOAD_EFER_MSR );
2872 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_SAVE_PREEMPT_TIMER );
2873 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_CLEAR_BNDCFGS_MSR );
2874 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_CONCEAL_VMX_FROM_PT );
2875 HMVMX_LOGREL_FEAT(u32Val, VMX_EXIT_CTLS_CLEAR_RTIT_CTL_MSR );
2876 }
2877}
2878
2879
2880/**
2881 * Check fatal VT-x/AMD-V error and produce some meaningful
2882 * log release message.
2883 *
2884 * @param pVM The cross context VM structure.
2885 * @param iStatusCode VBox status code.
2886 */
2887VMMR3_INT_DECL(void) HMR3CheckError(PVM pVM, int iStatusCode)
2888{
2889 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2890 {
2891 /** @todo r=ramshankar: Are all EMTs out of ring-0 at this point!? If not, we
2892 * might be getting inaccurate values for non-guru'ing EMTs. */
2893 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
2894 PCVMXVMCSINFO pVmcsInfo = hmGetVmxActiveVmcsInfo(pVCpu);
2895 bool const fNstGstVmcsActive = pVCpu->hm.s.vmx.fSwitchedToNstGstVmcs;
2896 switch (iStatusCode)
2897 {
2898 case VERR_VMX_INVALID_VMCS_PTR:
2899 {
2900 LogRel(("HM: VERR_VMX_INVALID_VMCS_PTR:\n"));
2901 LogRel(("HM: CPU[%u] %s VMCS active\n", idCpu, fNstGstVmcsActive ? "Nested-guest" : "Guest"));
2902 LogRel(("HM: CPU[%u] Current pointer %#RHp vs %#RHp\n", idCpu, pVCpu->hm.s.vmx.LastError.HCPhysCurrentVmcs,
2903 pVmcsInfo->HCPhysVmcs));
2904 LogRel(("HM: CPU[%u] Current VMCS version %#x\n", idCpu, pVCpu->hm.s.vmx.LastError.u32VmcsRev));
2905 LogRel(("HM: CPU[%u] Entered Host Cpu %u\n", idCpu, pVCpu->hm.s.vmx.LastError.idEnteredCpu));
2906 LogRel(("HM: CPU[%u] Current Host Cpu %u\n", idCpu, pVCpu->hm.s.vmx.LastError.idCurrentCpu));
2907 break;
2908 }
2909
2910 case VERR_VMX_UNABLE_TO_START_VM:
2911 {
2912 LogRel(("HM: VERR_VMX_UNABLE_TO_START_VM:\n"));
2913 LogRel(("HM: CPU[%u] %s VMCS active\n", idCpu, fNstGstVmcsActive ? "Nested-guest" : "Guest"));
2914 LogRel(("HM: CPU[%u] Instruction error %#x\n", idCpu, pVCpu->hm.s.vmx.LastError.u32InstrError));
2915 LogRel(("HM: CPU[%u] Exit reason %#x\n", idCpu, pVCpu->hm.s.vmx.LastError.u32ExitReason));
2916
2917 if ( pVCpu->hm.s.vmx.LastError.u32InstrError == VMXINSTRERR_VMLAUNCH_NON_CLEAR_VMCS
2918 || pVCpu->hm.s.vmx.LastError.u32InstrError == VMXINSTRERR_VMRESUME_NON_LAUNCHED_VMCS)
2919 {
2920 LogRel(("HM: CPU[%u] Entered Host Cpu %u\n", idCpu, pVCpu->hm.s.vmx.LastError.idEnteredCpu));
2921 LogRel(("HM: CPU[%u] Current Host Cpu %u\n", idCpu, pVCpu->hm.s.vmx.LastError.idCurrentCpu));
2922 }
2923 else if (pVCpu->hm.s.vmx.LastError.u32InstrError == VMXINSTRERR_VMENTRY_INVALID_CTLS)
2924 {
2925 hmR3CheckErrorLogVmcsCtls(idCpu, pVmcsInfo);
2926 LogRel(("HM: CPU[%u] HCPhysMsrBitmap %#RHp\n", idCpu, pVmcsInfo->HCPhysMsrBitmap));
2927 LogRel(("HM: CPU[%u] HCPhysGuestMsrLoad %#RHp\n", idCpu, pVmcsInfo->HCPhysGuestMsrLoad));
2928 LogRel(("HM: CPU[%u] HCPhysGuestMsrStore %#RHp\n", idCpu, pVmcsInfo->HCPhysGuestMsrStore));
2929 LogRel(("HM: CPU[%u] HCPhysHostMsrLoad %#RHp\n", idCpu, pVmcsInfo->HCPhysHostMsrLoad));
2930 LogRel(("HM: CPU[%u] cEntryMsrLoad %u\n", idCpu, pVmcsInfo->cEntryMsrLoad));
2931 LogRel(("HM: CPU[%u] cExitMsrStore %u\n", idCpu, pVmcsInfo->cExitMsrStore));
2932 LogRel(("HM: CPU[%u] cExitMsrLoad %u\n", idCpu, pVmcsInfo->cExitMsrLoad));
2933 }
2934 /** @todo Log VM-entry event injection control fields
2935 * VMX_VMCS_CTRL_ENTRY_IRQ_INFO, VMX_VMCS_CTRL_ENTRY_EXCEPTION_ERRCODE
2936 * and VMX_VMCS_CTRL_ENTRY_INSTR_LENGTH from the VMCS. */
2937 break;
2938 }
2939
2940 case VERR_VMX_INVALID_GUEST_STATE:
2941 {
2942 LogRel(("HM: VERR_VMX_INVALID_GUEST_STATE:\n"));
2943 hmR3CheckErrorLogVmcsCtls(idCpu, pVmcsInfo);
2944 break;
2945 }
2946
2947 /* The guru will dump the HM error and exit history. Nothing extra to report for these errors. */
2948 case VERR_HM_UNSUPPORTED_CPU_FEATURE_COMBO:
2949 case VERR_VMX_INVALID_VMXON_PTR:
2950 case VERR_VMX_UNEXPECTED_EXIT:
2951 case VERR_VMX_INVALID_VMCS_FIELD:
2952 case VERR_SVM_UNKNOWN_EXIT:
2953 case VERR_SVM_UNEXPECTED_EXIT:
2954 case VERR_SVM_UNEXPECTED_PATCH_TYPE:
2955 case VERR_SVM_UNEXPECTED_XCPT_EXIT:
2956 case VERR_VMX_UNEXPECTED_INTERRUPTION_EXIT_TYPE:
2957 break;
2958 }
2959 }
2960
2961 if (iStatusCode == VERR_VMX_UNABLE_TO_START_VM)
2962 {
2963 LogRel(("HM: VERR_VMX_UNABLE_TO_START_VM: VM-entry allowed-1 %#RX32\n", pVM->hm.s.vmx.Msrs.EntryCtls.n.allowed1));
2964 LogRel(("HM: VERR_VMX_UNABLE_TO_START_VM: VM-entry allowed-0 %#RX32\n", pVM->hm.s.vmx.Msrs.EntryCtls.n.allowed0));
2965 }
2966 else if (iStatusCode == VERR_VMX_INVALID_VMXON_PTR)
2967 LogRel(("HM: HCPhysVmxEnableError = %#RHp\n", pVM->hm.s.vmx.HCPhysVmxEnableError));
2968}
2969
2970
2971/**
2972 * Execute state save operation.
2973 *
2974 * Save only data that cannot be re-loaded while entering HM ring-0 code. This
2975 * is because we always save the VM state from ring-3 and thus most HM state
2976 * will be re-synced dynamically at runtime and don't need to be part of the VM
2977 * saved state.
2978 *
2979 * @returns VBox status code.
2980 * @param pVM The cross context VM structure.
2981 * @param pSSM SSM operation handle.
2982 */
2983static DECLCALLBACK(int) hmR3Save(PVM pVM, PSSMHANDLE pSSM)
2984{
2985 Log(("hmR3Save:\n"));
2986
2987 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2988 {
2989 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
2990 Assert(!pVCpu->hm.s.Event.fPending);
2991 if (pVM->cpum.ro.GuestFeatures.fSvm)
2992 {
2993 PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
2994 SSMR3PutBool(pSSM, pVmcbNstGstCache->fCacheValid);
2995 SSMR3PutU16(pSSM, pVmcbNstGstCache->u16InterceptRdCRx);
2996 SSMR3PutU16(pSSM, pVmcbNstGstCache->u16InterceptWrCRx);
2997 SSMR3PutU16(pSSM, pVmcbNstGstCache->u16InterceptRdDRx);
2998 SSMR3PutU16(pSSM, pVmcbNstGstCache->u16InterceptWrDRx);
2999 SSMR3PutU16(pSSM, pVmcbNstGstCache->u16PauseFilterThreshold);
3000 SSMR3PutU16(pSSM, pVmcbNstGstCache->u16PauseFilterCount);
3001 SSMR3PutU32(pSSM, pVmcbNstGstCache->u32InterceptXcpt);
3002 SSMR3PutU64(pSSM, pVmcbNstGstCache->u64InterceptCtrl);
3003 SSMR3PutU64(pSSM, pVmcbNstGstCache->u64TSCOffset);
3004 SSMR3PutBool(pSSM, pVmcbNstGstCache->fVIntrMasking);
3005 SSMR3PutBool(pSSM, pVmcbNstGstCache->fNestedPaging);
3006 SSMR3PutBool(pSSM, pVmcbNstGstCache->fLbrVirt);
3007 }
3008 }
3009
3010 /* Save the guest patch data. */
3011 SSMR3PutGCPtr(pSSM, pVM->hm.s.pGuestPatchMem);
3012 SSMR3PutGCPtr(pSSM, pVM->hm.s.pFreeGuestPatchMem);
3013 SSMR3PutU32(pSSM, pVM->hm.s.cbGuestPatchMem);
3014
3015 /* Store all the guest patch records too. */
3016 int rc = SSMR3PutU32(pSSM, pVM->hm.s.cPatches);
3017 if (RT_FAILURE(rc))
3018 return rc;
3019
3020 for (uint32_t i = 0; i < pVM->hm.s.cPatches; i++)
3021 {
3022 AssertCompileSize(HMTPRINSTR, 4);
3023 PCHMTPRPATCH pPatch = &pVM->hm.s.aPatches[i];
3024 SSMR3PutU32(pSSM, pPatch->Core.Key);
3025 SSMR3PutMem(pSSM, pPatch->aOpcode, sizeof(pPatch->aOpcode));
3026 SSMR3PutU32(pSSM, pPatch->cbOp);
3027 SSMR3PutMem(pSSM, pPatch->aNewOpcode, sizeof(pPatch->aNewOpcode));
3028 SSMR3PutU32(pSSM, pPatch->cbNewOp);
3029 SSMR3PutU32(pSSM, (uint32_t)pPatch->enmType);
3030 SSMR3PutU32(pSSM, pPatch->uSrcOperand);
3031 SSMR3PutU32(pSSM, pPatch->uDstOperand);
3032 SSMR3PutU32(pSSM, pPatch->pJumpTarget);
3033 rc = SSMR3PutU32(pSSM, pPatch->cFaults);
3034 if (RT_FAILURE(rc))
3035 return rc;
3036 }
3037
3038 return VINF_SUCCESS;
3039}
3040
3041
3042/**
3043 * Execute state load operation.
3044 *
3045 * @returns VBox status code.
3046 * @param pVM The cross context VM structure.
3047 * @param pSSM SSM operation handle.
3048 * @param uVersion Data layout version.
3049 * @param uPass The data pass.
3050 */
3051static DECLCALLBACK(int) hmR3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
3052{
3053 int rc;
3054
3055 LogFlowFunc(("uVersion=%u\n", uVersion));
3056 Assert(uPass == SSM_PASS_FINAL); NOREF(uPass);
3057
3058 /*
3059 * Validate version.
3060 */
3061 if ( uVersion != HM_SAVED_STATE_VERSION_SVM_NESTED_HWVIRT
3062 && uVersion != HM_SAVED_STATE_VERSION_TPR_PATCHING
3063 && uVersion != HM_SAVED_STATE_VERSION_NO_TPR_PATCHING
3064 && uVersion != HM_SAVED_STATE_VERSION_2_0_X)
3065 {
3066 AssertMsgFailed(("hmR3Load: Invalid version uVersion=%d!\n", uVersion));
3067 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
3068 }
3069
3070 /*
3071 * Load per-VCPU state.
3072 */
3073 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
3074 {
3075 PVMCPU pVCpu = pVM->apCpusR3[idCpu];
3076 if (uVersion >= HM_SAVED_STATE_VERSION_SVM_NESTED_HWVIRT)
3077 {
3078 /* Load the SVM nested hw.virt state if the VM is configured for it. */
3079 if (pVM->cpum.ro.GuestFeatures.fSvm)
3080 {
3081 PSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
3082 rc = SSMR3GetBool(pSSM, &pVmcbNstGstCache->fCacheValid);
3083 rc |= SSMR3GetU16(pSSM, &pVmcbNstGstCache->u16InterceptRdCRx);
3084 rc |= SSMR3GetU16(pSSM, &pVmcbNstGstCache->u16InterceptWrCRx);
3085 rc |= SSMR3GetU16(pSSM, &pVmcbNstGstCache->u16InterceptRdDRx);
3086 rc |= SSMR3GetU16(pSSM, &pVmcbNstGstCache->u16InterceptWrDRx);
3087 rc |= SSMR3GetU16(pSSM, &pVmcbNstGstCache->u16PauseFilterThreshold);
3088 rc |= SSMR3GetU16(pSSM, &pVmcbNstGstCache->u16PauseFilterCount);
3089 rc |= SSMR3GetU32(pSSM, &pVmcbNstGstCache->u32InterceptXcpt);
3090 rc |= SSMR3GetU64(pSSM, &pVmcbNstGstCache->u64InterceptCtrl);
3091 rc |= SSMR3GetU64(pSSM, &pVmcbNstGstCache->u64TSCOffset);
3092 rc |= SSMR3GetBool(pSSM, &pVmcbNstGstCache->fVIntrMasking);
3093 rc |= SSMR3GetBool(pSSM, &pVmcbNstGstCache->fNestedPaging);
3094 rc |= SSMR3GetBool(pSSM, &pVmcbNstGstCache->fLbrVirt);
3095 AssertRCReturn(rc, rc);
3096 }
3097 }
3098 else
3099 {
3100 /* Pending HM event (obsolete for a long time since TPRM holds the info.) */
3101 rc = SSMR3GetU32(pSSM, &pVCpu->hm.s.Event.fPending);
3102 rc |= SSMR3GetU32(pSSM, &pVCpu->hm.s.Event.u32ErrCode);
3103 rc |= SSMR3GetU64(pSSM, &pVCpu->hm.s.Event.u64IntInfo);
3104
3105 /* VMX fWasInRealMode related data. */
3106 uint32_t uDummy;
3107 rc |= SSMR3GetU32(pSSM, &uDummy); AssertRCReturn(rc, rc);
3108 rc |= SSMR3GetU32(pSSM, &uDummy); AssertRCReturn(rc, rc);
3109 rc |= SSMR3GetU32(pSSM, &uDummy); AssertRCReturn(rc, rc);
3110 AssertRCReturn(rc, rc);
3111 }
3112 }
3113
3114 /*
3115 * Load TPR patching data.
3116 */
3117 if (uVersion >= HM_SAVED_STATE_VERSION_TPR_PATCHING)
3118 {
3119 rc = SSMR3GetGCPtr(pSSM, &pVM->hm.s.pGuestPatchMem);
3120 rc |= SSMR3GetGCPtr(pSSM, &pVM->hm.s.pFreeGuestPatchMem);
3121 rc |= SSMR3GetU32(pSSM, &pVM->hm.s.cbGuestPatchMem);
3122
3123 /* Fetch all TPR patch records. */
3124 rc |= SSMR3GetU32(pSSM, &pVM->hm.s.cPatches);
3125 AssertRCReturn(rc, rc);
3126 for (uint32_t i = 0; i < pVM->hm.s.cPatches; i++)
3127 {
3128 PHMTPRPATCH pPatch = &pVM->hm.s.aPatches[i];
3129 rc = SSMR3GetU32(pSSM, &pPatch->Core.Key);
3130 rc |= SSMR3GetMem(pSSM, pPatch->aOpcode, sizeof(pPatch->aOpcode));
3131 rc |= SSMR3GetU32(pSSM, &pPatch->cbOp);
3132 rc |= SSMR3GetMem(pSSM, pPatch->aNewOpcode, sizeof(pPatch->aNewOpcode));
3133 rc |= SSMR3GetU32(pSSM, &pPatch->cbNewOp);
3134 rc |= SSMR3GetU32(pSSM, (uint32_t *)&pPatch->enmType);
3135
3136 if (pPatch->enmType == HMTPRINSTR_JUMP_REPLACEMENT)
3137 pVM->hm.s.fTPRPatchingActive = true;
3138 Assert(pPatch->enmType == HMTPRINSTR_JUMP_REPLACEMENT || pVM->hm.s.fTPRPatchingActive == false);
3139
3140 rc |= SSMR3GetU32(pSSM, &pPatch->uSrcOperand);
3141 rc |= SSMR3GetU32(pSSM, &pPatch->uDstOperand);
3142 rc |= SSMR3GetU32(pSSM, &pPatch->cFaults);
3143 rc |= SSMR3GetU32(pSSM, &pPatch->pJumpTarget);
3144 AssertRCReturn(rc, rc);
3145
3146 LogFlow(("hmR3Load: patch %d\n", i));
3147 LogFlow(("Key = %x\n", pPatch->Core.Key));
3148 LogFlow(("cbOp = %d\n", pPatch->cbOp));
3149 LogFlow(("cbNewOp = %d\n", pPatch->cbNewOp));
3150 LogFlow(("type = %d\n", pPatch->enmType));
3151 LogFlow(("srcop = %d\n", pPatch->uSrcOperand));
3152 LogFlow(("dstop = %d\n", pPatch->uDstOperand));
3153 LogFlow(("cFaults = %d\n", pPatch->cFaults));
3154 LogFlow(("target = %x\n", pPatch->pJumpTarget));
3155
3156 rc = RTAvloU32Insert(&pVM->hm.s.PatchTree, &pPatch->Core);
3157 AssertRCReturn(rc, rc);
3158 }
3159 }
3160
3161 return VINF_SUCCESS;
3162}
3163
3164
3165/**
3166 * Displays HM info.
3167 *
3168 * @param pVM The cross context VM structure.
3169 * @param pHlp The info helper functions.
3170 * @param pszArgs Arguments, ignored.
3171 */
3172static DECLCALLBACK(void) hmR3Info(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
3173{
3174 NOREF(pszArgs);
3175 PVMCPU pVCpu = VMMGetCpu(pVM);
3176 if (!pVCpu)
3177 pVCpu = pVM->apCpusR3[0];
3178
3179 if (HMIsEnabled(pVM))
3180 {
3181 if (pVM->hm.s.vmx.fSupported)
3182 pHlp->pfnPrintf(pHlp, "CPU[%u]: VT-x info:\n", pVCpu->idCpu);
3183 else
3184 pHlp->pfnPrintf(pHlp, "CPU[%u]: AMD-V info:\n", pVCpu->idCpu);
3185 pHlp->pfnPrintf(pHlp, " HM error = %#x (%u)\n", pVCpu->hm.s.u32HMError, pVCpu->hm.s.u32HMError);
3186 pHlp->pfnPrintf(pHlp, " rcLastExitToR3 = %Rrc\n", pVCpu->hm.s.rcLastExitToR3);
3187 if (pVM->hm.s.vmx.fSupported)
3188 {
3189 PCVMXVMCSINFO pVmcsInfo = hmGetVmxActiveVmcsInfo(pVCpu);
3190 bool const fRealOnV86Active = pVmcsInfo->RealMode.fRealOnV86Active;
3191 bool const fNstGstVmcsActive = pVCpu->hm.s.vmx.fSwitchedToNstGstVmcs;
3192
3193 pHlp->pfnPrintf(pHlp, " %s VMCS active\n", fNstGstVmcsActive ? "Nested-guest" : "Guest");
3194 pHlp->pfnPrintf(pHlp, " Real-on-v86 active = %RTbool\n", fRealOnV86Active);
3195 if (fRealOnV86Active)
3196 {
3197 pHlp->pfnPrintf(pHlp, " EFlags = %#x\n", pVmcsInfo->RealMode.Eflags.u32);
3198 pHlp->pfnPrintf(pHlp, " Attr CS = %#x\n", pVmcsInfo->RealMode.AttrCS.u);
3199 pHlp->pfnPrintf(pHlp, " Attr SS = %#x\n", pVmcsInfo->RealMode.AttrSS.u);
3200 pHlp->pfnPrintf(pHlp, " Attr DS = %#x\n", pVmcsInfo->RealMode.AttrDS.u);
3201 pHlp->pfnPrintf(pHlp, " Attr ES = %#x\n", pVmcsInfo->RealMode.AttrES.u);
3202 pHlp->pfnPrintf(pHlp, " Attr FS = %#x\n", pVmcsInfo->RealMode.AttrFS.u);
3203 pHlp->pfnPrintf(pHlp, " Attr GS = %#x\n", pVmcsInfo->RealMode.AttrGS.u);
3204 }
3205 }
3206 }
3207 else
3208 pHlp->pfnPrintf(pHlp, "HM is not enabled for this VM!\n");
3209}
3210
3211
3212/**
3213 * Displays the HM pending event.
3214 *
3215 * @param pVM The cross context VM structure.
3216 * @param pHlp The info helper functions.
3217 * @param pszArgs Arguments, ignored.
3218 */
3219static DECLCALLBACK(void) hmR3InfoEventPending(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
3220{
3221 NOREF(pszArgs);
3222 PVMCPU pVCpu = VMMGetCpu(pVM);
3223 if (!pVCpu)
3224 pVCpu = pVM->apCpusR3[0];
3225
3226 if (HMIsEnabled(pVM))
3227 {
3228 pHlp->pfnPrintf(pHlp, "CPU[%u]: HM event (fPending=%RTbool)\n", pVCpu->idCpu, pVCpu->hm.s.Event.fPending);
3229 if (pVCpu->hm.s.Event.fPending)
3230 {
3231 pHlp->pfnPrintf(pHlp, " u64IntInfo = %#RX64\n", pVCpu->hm.s.Event.u64IntInfo);
3232 pHlp->pfnPrintf(pHlp, " u32ErrCode = %#RX64\n", pVCpu->hm.s.Event.u32ErrCode);
3233 pHlp->pfnPrintf(pHlp, " cbInstr = %u bytes\n", pVCpu->hm.s.Event.cbInstr);
3234 pHlp->pfnPrintf(pHlp, " GCPtrFaultAddress = %#RGp\n", pVCpu->hm.s.Event.GCPtrFaultAddress);
3235 }
3236 }
3237 else
3238 pHlp->pfnPrintf(pHlp, "HM is not enabled for this VM!\n");
3239}
3240
3241
3242/**
3243 * Displays the SVM nested-guest VMCB cache.
3244 *
3245 * @param pVM The cross context VM structure.
3246 * @param pHlp The info helper functions.
3247 * @param pszArgs Arguments, ignored.
3248 */
3249static DECLCALLBACK(void) hmR3InfoSvmNstGstVmcbCache(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
3250{
3251 NOREF(pszArgs);
3252 PVMCPU pVCpu = VMMGetCpu(pVM);
3253 if (!pVCpu)
3254 pVCpu = pVM->apCpusR3[0];
3255
3256 bool const fSvmEnabled = HMR3IsSvmEnabled(pVM->pUVM);
3257 if ( fSvmEnabled
3258 && pVM->cpum.ro.GuestFeatures.fSvm)
3259 {
3260 PCSVMNESTEDVMCBCACHE pVmcbNstGstCache = &pVCpu->hm.s.svm.NstGstVmcbCache;
3261 pHlp->pfnPrintf(pHlp, "CPU[%u]: HM SVM nested-guest VMCB cache\n", pVCpu->idCpu);
3262 pHlp->pfnPrintf(pHlp, " fCacheValid = %#RTbool\n", pVmcbNstGstCache->fCacheValid);
3263 pHlp->pfnPrintf(pHlp, " u16InterceptRdCRx = %#RX16\n", pVmcbNstGstCache->u16InterceptRdCRx);
3264 pHlp->pfnPrintf(pHlp, " u16InterceptWrCRx = %#RX16\n", pVmcbNstGstCache->u16InterceptWrCRx);
3265 pHlp->pfnPrintf(pHlp, " u16InterceptRdDRx = %#RX16\n", pVmcbNstGstCache->u16InterceptRdDRx);
3266 pHlp->pfnPrintf(pHlp, " u16InterceptWrDRx = %#RX16\n", pVmcbNstGstCache->u16InterceptWrDRx);
3267 pHlp->pfnPrintf(pHlp, " u16PauseFilterThreshold = %#RX16\n", pVmcbNstGstCache->u16PauseFilterThreshold);
3268 pHlp->pfnPrintf(pHlp, " u16PauseFilterCount = %#RX16\n", pVmcbNstGstCache->u16PauseFilterCount);
3269 pHlp->pfnPrintf(pHlp, " u32InterceptXcpt = %#RX32\n", pVmcbNstGstCache->u32InterceptXcpt);
3270 pHlp->pfnPrintf(pHlp, " u64InterceptCtrl = %#RX64\n", pVmcbNstGstCache->u64InterceptCtrl);
3271 pHlp->pfnPrintf(pHlp, " u64TSCOffset = %#RX64\n", pVmcbNstGstCache->u64TSCOffset);
3272 pHlp->pfnPrintf(pHlp, " fVIntrMasking = %RTbool\n", pVmcbNstGstCache->fVIntrMasking);
3273 pHlp->pfnPrintf(pHlp, " fNestedPaging = %RTbool\n", pVmcbNstGstCache->fNestedPaging);
3274 pHlp->pfnPrintf(pHlp, " fLbrVirt = %RTbool\n", pVmcbNstGstCache->fLbrVirt);
3275 }
3276 else
3277 {
3278 if (!fSvmEnabled)
3279 pHlp->pfnPrintf(pHlp, "HM SVM is not enabled for this VM!\n");
3280 else
3281 pHlp->pfnPrintf(pHlp, "SVM feature is not exposed to the guest!\n");
3282 }
3283}
3284
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette