Changeset 48221 in vbox

Timestamp:

Sep 1, 2013 11:27:56 PM (11 years ago)

Author:

vboxsync

Message:

VMM: Adding a debugging aid for 64-on-32 that tries to catch exceptions on the otherwordly context. Set VBOX_WITH_64ON32_IDT in LocalConfig.kmk to enable.

Location:

trunk/src/VBox/VMM

Files:

• Makefile.kmk (modified) (1 diff)
• VMMR3/VMMSwitcher.cpp (modified) (4 diffs)
• VMMSwitcher/LegacyandAMD64.mac (modified) (10 diffs)
• include/CPUMInternal.mac (modified) (2 diffs)

trunk/src/VBox/VMM/Makefile.kmk

@@ -62 +62 @@
 ifdef VBOX_WITH_RAW_RING1
  VMM_COMMON_DEFS += VBOX_WITH_RAW_RING1
+endif
+ifdef VBOX_WITH_64ON32_IDT
+ VMM_COMMON_DEFS += VBOX_WITH_64ON32_IDT
 endif
 

trunk/src/VBox/VMM/VMMR3/VMMSwitcher.cpp

@@ -134 +134 @@
 
 
+# ifdef VBOX_WITH_64ON32_IDT
+/**
+ * Initializes the 64-bit IDT for 64-bit guest on 32-bit host switchers.
+ *
+ * This is only used as a debugging aid when we cannot find out why something
+ * goes haywire in the intermediate context.
+ *
+ * @param   pVM         The cross context VM structure.
+ * @param   pSwitcher   The switcher descriptor.
+ * @param   pbDst       Where the switcher code was just copied.
+ * @param   HCPhysDst   The host physical address corresponding to @a pbDst.
+ */
+static void vmmR3Switcher32On64IdtInit(PVM pVM, PVMMSWITCHERDEF pSwitcher, uint8_t *pbDst, RTHCPHYS HCPhysDst)
+{
+    AssertRelease(pSwitcher->offGCCode > 0 && pSwitcher->offGCCode < pSwitcher->cbCode);
+    AssertRelease(pSwitcher->cbCode < _64K);
+    RTSEL uCs64 = SELMGetHyperCS64(pVM);
+
+    PX86DESC64GATE paIdt = (PX86DESC64GATE)(pbDst + pSwitcher->offGCCode);
+    for (uint32_t i = 0 ; i < 256; i++)
+    {
+        AssertRelease(((uint64_t *)&paIdt[i])[0] < pSwitcher->cbCode);
+        AssertRelease(((uint64_t *)&paIdt[i])[1] == 0);
+        uint64_t uHandler = HCPhysDst + paIdt[i].u16OffsetLow;
+        paIdt[i].u16OffsetLow   = (uint16_t)uHandler;
+        paIdt[i].u16Sel         = uCs64;
+        paIdt[i].u3IST          = 0;
+        paIdt[i].u5Reserved     = 0;
+        paIdt[i].u4Type         = AMD64_SEL_TYPE_SYS_INT_GATE;
+        paIdt[i].u1DescType     = 0 /* system */;
+        paIdt[i].u2Dpl          = 3;
+        paIdt[i].u1Present      = 1;
+        paIdt[i].u16OffsetHigh  = (uint16_t)(uHandler >> 16);
+        paIdt[i].u32Reserved    = (uint32_t)(uHandler >> 32);
+    }
+
+    for (VMCPUID iCpu = 0; iCpu < pVM->cCpus; iCpu++)
+    {
+        uint64_t uIdtr = HCPhysDst + pSwitcher->offGCCode; AssertRelease(uIdtr < UINT32_MAX);
+        CPUMSetHyperIDTR(&pVM->aCpus[iCpu], uIdtr, 16*256 + iCpu);
+    }
+}
+
+
+/**
+ * Relocates the 64-bit IDT for 64-bit guest on 32-bit host switchers.
+ *
+ * @param   pVM         The cross context VM structure.
+ * @param   pSwitcher   The switcher descriptor.
+ * @param   pbDst       Where the switcher code was just copied.
+ * @param   HCPhysDst   The host physical address corresponding to @a pbDst.
+ */
+static void vmmR3Switcher32On64IdtRelocate(PVM pVM, PVMMSWITCHERDEF pSwitcher, uint8_t *pbDst, RTHCPHYS HCPhysDst)
+{
+    AssertRelease(pSwitcher->offGCCode > 0 && pSwitcher->offGCCode < pSwitcher->cbCode && pSwitcher->cbCode < _64K);
+
+    /* The intermediate context doesn't move, but the CS may. */
+    RTSEL uCs64 = SELMGetHyperCS64(pVM);
+    PX86DESC64GATE paIdt = (PX86DESC64GATE)(pbDst + pSwitcher->offGCCode);
+    for (uint32_t i = 0 ; i < 256; i++)
+        paIdt[i].u16Sel = uCs64;
+
+    /* Just in case... */
+    for (VMCPUID iCpu = 0; iCpu < pVM->cCpus; iCpu++)
+    {
+        uint64_t uIdtr = HCPhysDst + pSwitcher->offGCCode; AssertRelease(uIdtr < UINT32_MAX);
+        CPUMSetHyperIDTR(&pVM->aCpus[iCpu], uIdtr, 16*256 + iCpu);
+    }
+}
+# endif /* VBOX_WITH_64ON32_IDT */
+
+
 /**
  * VMMR3Init worker that initiates the switcher code (aka core code).
@@ -225 +297 @@
     {
         /*
-         * copy the code.
+         * Copy the code.
          */
         for (unsigned iSwitcher = 0; iSwitcher < VMMSWITCHER_MAX; iSwitcher++)
@@ -231 +303 @@
             PVMMSWITCHERDEF pSwitcher = papSwitchers[iSwitcher];
             if (pSwitcher)
-                memcpy((uint8_t *)pVM->vmm.s.pvCoreCodeR3 + pVM->vmm.s.aoffSwitchers[iSwitcher],
-                       pSwitcher->pvCode, pSwitcher->cbCode);
+            {
+                uint8_t *pbDst = (uint8_t *)pVM->vmm.s.pvCoreCodeR3 + pVM->vmm.s.aoffSwitchers[iSwitcher];
+                memcpy(pbDst, pSwitcher->pvCode, pSwitcher->cbCode);
+# ifdef VBOX_WITH_64ON32_IDT
+                if (   pSwitcher->enmType == VMMSWITCHER_32_TO_AMD64
+                    || pSwitcher->enmType == VMMSWITCHER_PAE_TO_AMD64)
+                    vmmR3Switcher32On64IdtInit(pVM, pSwitcher, pbDst,
+                                               pVM->vmm.s.HCPhysCoreCode + pVM->vmm.s.aoffSwitchers[iSwitcher]);
+# endif
+            }
         }
 
@@ -299 +379 @@
                                    pVM->vmm.s.pvCoreCodeRC + off,
                                    pVM->vmm.s.HCPhysCoreCode + off);
+# ifdef VBOX_WITH_64ON32_IDT
+            if (   pSwitcher->enmType == VMMSWITCHER_32_TO_AMD64
+                || pSwitcher->enmType == VMMSWITCHER_PAE_TO_AMD64)
+                vmmR3Switcher32On64IdtRelocate(pVM, pSwitcher,
+                                               (uint8_t *)pVM->vmm.s.pvCoreCodeR3 + off,
+                                               pVM->vmm.s.HCPhysCoreCode + off);
+# endif
         }
     }

trunk/src/VBox/VMM/VMMSwitcher/LegacyandAMD64.mac

@@ -537 +537 @@
 %endif
 
+%ifdef VBOX_WITH_64ON32_IDT
+    ; Set up emergency trap handlers.
+    lidt    [rdx + CPUMCPU.Hyper.idtr]
+%endif
 
     ; load the hypervisor function address
@@ -812 +816 @@
     vmwrite rax, rdx
 
-    sub     rsp, 8*2
-    sgdt    [rsp]
+    sub     rsp, 16
+    sgdt    [rsp + 6]                   ; (The 64-bit base should be aligned, not the word.)
     mov     eax, VMX_VMCS_HOST_GDTR_BASE
-    vmwrite rax, [rsp+2]
-    add     rsp, 8*2
+    vmwrite rax, [rsp + 6 + 2]
+    add     rsp, 16
+
+%ifdef VBOX_WITH_64ON32_IDT
+    sub     rsp, 16
+    sidt    [rsp + 6]
+    mov     eax, VMX_VMCS_HOST_IDTR_BASE
+    vmwrite rax, [rsp + 6 + 2] ; [rsi + CPUMCPU.Hyper.idtr + 2] - why doesn't this work?
+    add     rsp, 16
+    ;call NAME(vmm64On32PrintIdtr)
+%endif
 
 %ifdef VBOX_WITH_CRASHDUMP_MAGIC
@@ -892 +905 @@
 ALIGNCODE(16)
 .vmlaunch64_done:
+%if 0 ;fixme later - def VBOX_WITH_64ON32_IDT
+    push    rdx
+    mov     rdx, [rsp + 8]         ; pCtx
+    lidt    [rdx + CPUMCPU.Hyper.idtr]
+    pop     rdx
+%endif
     jc      near .vmstart64_invalid_vmcs_ptr
     jz      near .vmstart64_start_failed
@@ -1201 +1220 @@
 
 
+%ifdef VBOX_WITH_64ON32_IDT
+;
+; Trap handling.
+;
+
+;; Here follows an array of trap handler entry points, 8 byte in size.
+BEGINPROC vmm64On32TrapHandlers
+%macro vmm64On32TrapEntry 1
+GLOBALNAME vmm64On32Trap %+ i
+    db 06ah, i                          ; push imm8 - note that this is a signextended value.
+    jmp   NAME(%1)
+    ALIGNCODE(8)
+%assign i i+1
+%endmacro
+%assign i 0                                 ; start counter.
+    vmm64On32TrapEntry vmm64On32Trap        ; 0
+    vmm64On32TrapEntry vmm64On32Trap        ; 1
+    vmm64On32TrapEntry vmm64On32Trap        ; 2
+    vmm64On32TrapEntry vmm64On32Trap        ; 3
+    vmm64On32TrapEntry vmm64On32Trap        ; 4
+    vmm64On32TrapEntry vmm64On32Trap        ; 5
+    vmm64On32TrapEntry vmm64On32Trap        ; 6
+    vmm64On32TrapEntry vmm64On32Trap        ; 7
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; 8
+    vmm64On32TrapEntry vmm64On32Trap        ; 9
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; a
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; b
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; c
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; d
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; e
+    vmm64On32TrapEntry vmm64On32Trap        ; f  (reserved)
+    vmm64On32TrapEntry vmm64On32Trap        ; 10
+    vmm64On32TrapEntry vmm64On32TrapErrCode ; 11
+    vmm64On32TrapEntry vmm64On32Trap        ; 12
+    vmm64On32TrapEntry vmm64On32Trap        ; 13
+%rep (0x100 - 0x14)
+    vmm64On32TrapEntry vmm64On32Trap
+%endrep
+ENDPROC vmm64On32TrapHandlers
+
+;; Fake an error code and jump to the real thing.
+BEGINPROC vmm64On32Trap
+    push    qword [rsp]
+    jmp     NAME(vmm64On32TrapErrCode)
+ENDPROC vmm64On32Trap
+
+
+;;
+; Trap frame:
+;   [rbp + 38h] = ss
+;   [rbp + 30h] = rsp
+;   [rbp + 28h] = eflags
+;   [rbp + 20h] = cs
+;   [rbp + 18h] = rip
+;   [rbp + 10h] = error code (or trap number)
+;   [rbp + 08h] = trap number
+;   [rbp + 00h] = rbp
+;   [rbp - 08h] = rax
+;   [rbp - 10h] = rbx
+;   [rbp - 18h] = ds
+;
+BEGINPROC vmm64On32TrapErrCode
+    push    rbp
+    mov     rbp, rsp
+    push    rax
+    push    rbx
+    mov     ax, ds
+    push    rax
+    sub     rsp, 20h
+
+    mov     ax, cs
+    mov     ds, ax
+
+%if 1
+    COM64_S_NEWLINE
+    COM64_S_CHAR '!'
+    COM64_S_CHAR 't'
+    COM64_S_CHAR 'r'
+    COM64_S_CHAR 'a'
+    COM64_S_CHAR 'p'
+    movzx   eax, byte [rbp + 08h]
+    COM64_S_DWORD_REG eax
+    COM64_S_CHAR '!'
+%endif
+
+%if 0 ;; @todo Figure the offset of the CPUMCPU relative to CPUM
+    sidt    [rsp]
+    movsx   eax, word [rsp]
+    shr     eax, 12                     ; div by  16 * 256 (0x1000).
+%else
+    ; hardcoded VCPU(0) for now...
+    mov     rbx, [NAME(pCpumIC) wrt rip]
+    mov     eax, [rbx + CPUM.offCPUMCPU0]
+%endif
+    push    rax                         ; Save the offset for rbp later.
+
+    add     rbx, rax                    ; rbx = CPUMCPU
+
+    ;
+    ; Deal with recursive traps due to vmxoff (lazy bird).
+    ;
+    lea     rax, [.vmxoff_trap_location wrt rip]
+    cmp     rax, [rbp + 18h]
+    je      .not_vmx_root
+
+    ;
+    ; Save the context.
+    ;
+    mov     rax, [rbp - 8]
+    mov     [rbx + CPUMCPU.Hyper.eax], rax
+    mov     [rbx + CPUMCPU.Hyper.ecx], rcx
+    mov     [rbx + CPUMCPU.Hyper.edx], rdx
+    mov     rax, [rbp - 10h]
+    mov     [rbx + CPUMCPU.Hyper.ebx], rax
+    mov     rax, [rbp]
+    mov     [rbx + CPUMCPU.Hyper.ebp], rax
+    mov     rax, [rbp + 30h]
+    mov     [rbx + CPUMCPU.Hyper.esp], rax
+    mov     [rbx + CPUMCPU.Hyper.edi], rdi
+    mov     [rbx + CPUMCPU.Hyper.esi], rsi
+    mov     [rbx + CPUMCPU.Hyper.r8], r8
+    mov     [rbx + CPUMCPU.Hyper.r9], r9
+    mov     [rbx + CPUMCPU.Hyper.r10], r10
+    mov     [rbx + CPUMCPU.Hyper.r11], r11
+    mov     [rbx + CPUMCPU.Hyper.r12], r12
+    mov     [rbx + CPUMCPU.Hyper.r13], r13
+    mov     [rbx + CPUMCPU.Hyper.r14], r14
+    mov     [rbx + CPUMCPU.Hyper.r15], r15
+
+    mov     rax, [rbp + 18h]
+    mov     [rbx + CPUMCPU.Hyper.eip], rax
+    movzx   ax, [rbp + 20h]
+    mov     [rbx + CPUMCPU.Hyper.cs.Sel], ax
+    mov     ax, [rbp + 38h]
+    mov     [rbx + CPUMCPU.Hyper.ss.Sel], ax
+    mov     ax, [rbp - 18h]
+    mov     [rbx + CPUMCPU.Hyper.ds.Sel], ax
+
+    mov     rax, [rbp + 28h]
+    mov     [rbx + CPUMCPU.Hyper.eflags], rax
+
+    mov     rax, cr2
+    mov     [rbx + CPUMCPU.Hyper.cr2], rax
+
+    mov     rax, [rbp + 10h]
+    mov     [rbx + CPUMCPU.Hyper.r14], rax ; r14 = error code
+    movzx   eax, byte [rbp + 08h]
+    mov     [rbx + CPUMCPU.Hyper.r15], rax ; r15 = trap number
+
+    ;
+    ; Finally, leave VMX root operation before trying to return to the host.
+    ;
+    mov     rax, cr4
+    test    rax, X86_CR4_VMXE
+    jz      .not_vmx_root
+.vmxoff_trap_location:
+    vmxoff
+.not_vmx_root:
+
+    ;
+    ; Go back to the host.
+    ;
+    pop     rbp
+    mov     dword [rbx + CPUMCPU.u32RetCode], VERR_TRPM_DONT_PANIC
+    jmp     NAME(vmmRCToHostAsm)
+ENDPROC vmm64On32TrapErrCode
+
+;; We allocate the IDT here to avoid having to allocate memory separately somewhere.
+ALIGNCODE(16)
+GLOBALNAME vmm64On32Idt
+%assign i 0
+%rep 256
+    dq NAME(vmm64On32Trap %+ i) - NAME(Start) ; Relative trap handler offsets.
+    dq 0
+%assign i (i + 1)
+%endrep
+
+
+ %if 0
+;; For debugging purposes.
+BEGINPROC vmm64On32PrintIdtr
+    push    rax
+    push    rsi                         ; paranoia
+    push    rdi                         ; ditto
+    sub rsp, 16
+
+    COM64_S_CHAR ';'
+    COM64_S_CHAR 'i'
+    COM64_S_CHAR 'd'
+    COM64_S_CHAR 't'
+    COM64_S_CHAR 'r'
+    COM64_S_CHAR '='
+    sidt [rsp + 6]
+    mov eax, [rsp + 8 + 4]
+    COM64_S_DWORD_REG eax
+    mov eax, [rsp + 8]
+    COM64_S_DWORD_REG eax
+    COM64_S_CHAR ':'
+    movzx eax, word [rsp + 6]
+    COM64_S_DWORD_REG eax
+    COM64_S_CHAR '!'
+
+    add rsp, 16
+    pop     rdi
+    pop     rsi
+    pop     rax
+    ret
+ENDPROC   vmm64On32PrintIdtr
+ %endif
+
+%endif ; VBOX_WITH_64ON32_IDT
+
 
 
@@ -1261 +1492 @@
 ; been messing with the guest at all.
 ;
-; @param    eax     Return code.
-; @uses     eax, edx, ecx (or it may use them in the future)
+; @param    rbp     The virtual cpu number.
+; @param
 ;
 BITS 64
@@ -1330 +1561 @@
 
     ;;
-    ;; When we arrive at this label we're at the
-    ;; intermediate mapping of the switching code.
+    ;; When we arrive at this label we're at the host mapping of the
+    ;; switcher code, but with intermediate page tables.
     ;;
 BITS 32
 ALIGNCODE(16)
 GLOBALNAME ICExitTarget
-    DEBUG32_CHAR('8')
+    DEBUG32_CHAR('9')
 
     ; load the hypervisor data selector into ds & es
@@ -1343 +1574 @@
     mov     ds, eax
     mov     es, eax
+    DEBUG32_CHAR('a')
 
     FIXUP FIX_GC_CPUM_OFF, 1, 0
     mov     edx, 0ffffffffh
     CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp
+
+    DEBUG32_CHAR('b')
     mov     esi, [edx + CPUMCPU.Host.cr3]
     mov     cr3, esi
+    DEBUG32_CHAR('c')
 
     ;; now we're in host memory context, let's restore regs
@@ -1354 +1589 @@
     mov     edx, 0ffffffffh
     CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp
+    DEBUG32_CHAR('e')
 
     ; restore the host EFER
@@ -1360 +1596 @@
     mov     eax, [ebx + CPUMCPU.Host.efer]
     mov     edx, [ebx + CPUMCPU.Host.efer + 4]
+    DEBUG32_CHAR('f')
     wrmsr
     mov     edx, ebx
+    DEBUG32_CHAR('g')
 
     ; activate host gdt and idt
@@ -1455 +1693 @@
         at VMMSWITCHERDEF.offIDCode1,                   dd NAME(IDExitTarget)               - NAME(Start)
         at VMMSWITCHERDEF.cbIDCode1,                    dd NAME(ICExitTarget)               - NAME(Start)
+%ifdef VBOX_WITH_64ON32_IDT ; Hack! Use offGCCode to find the IDT.
+        at VMMSWITCHERDEF.offGCCode,                    dd NAME(vmm64On32Idt)               - NAME(Start)
+%else
         at VMMSWITCHERDEF.offGCCode,                    dd 0
+%endif
         at VMMSWITCHERDEF.cbGCCode,                     dd 0
 

trunk/src/VBox/VMM/include/CPUMInternal.mac

@@ -456 +456 @@
 ;;
 ; Converts the CPUM pointer to CPUMCPU
-; @param   %1   register name (PVM)
+; @param   %1   register name (CPUM)
 ; @param   %2   register name (CPUMCPU offset)
 %macro CPUMCPU_FROM_CPUM_WITH_OFFSET 2
@@ -471 +471 @@
 ;;
 ; Converts the CPUMCPU pointer to CPUM
-; @param   %1   register name (PVM)
+; @param   %1   register name (CPUM)
 ; @param   %2   register name (CPUMCPU offset)
 %macro CPUM_FROM_CPUMCPU_WITH_OFFSET 2