Changeset 61317 in vbox for trunk/src/VBox/VMM

Timestamp:

May 31, 2016 4:55:10 AM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

107611

Message:

CPUM,HM: CPUM must tell VT-x that it modified the host CR0 because it caches the value in the VMCS and state corruption may ensue if it restores it because we'll take a #NM when saving the guest state, probably ending up with the FPU state of the EMT instead.

Location:

trunk/src/VBox/VMM

Files:

• VMMR0/CPUMR0.cpp (modified) (8 diffs)
• VMMR0/CPUMR0A.asm (modified) (3 diffs)
• VMMR0/HMR0.cpp (modified) (1 diff)
• VMMR0/HMSVMR0.cpp (modified) (3 diffs)
• VMMR0/HMVMXR0.cpp (modified) (4 diffs)
• VMMRZ/CPUMRZ.cpp (modified) (1 diff)
• VMMRZ/CPUMRZA.asm (modified) (5 diffs)
• include/CPUMInternal.h (modified) (2 diffs)
• include/CPUMInternal.mac (modified) (2 diffs)

trunk/src/VBox/VMM/VMMR0/CPUMR0.cpp

@@ -327 +327 @@
  * @retval VINF_SUCCESS           if the guest FPU state is loaded.
  * @retval VINF_EM_RAW_GUEST_TRAP if it is a guest trap.
+ * @retval VINF_CPUM_HOST_CR0_MODIFIED if we modified the host CR0.
  *
  * @param   pVM         The cross context VM structure.
@@ -386 +387 @@
  * state into the CPU.
  *
- * @returns VINF_SUCCESS (for CPUMR0Trap07Handler).
+ * @returns VINF_SUCCESS on success, host CR0 unmodified.
+ * @returns VINF_CPUM_HOST_CR0_MODIFIED on success when the host CR0 was
+ *          modified and VT-x needs to update the value in the VMCS.
  *
  * @param   pVM     The cross context VM structure.
@@ -393 +396 @@
 VMMR0_INT_DECL(int) CPUMR0LoadGuestFPU(PVM pVM, PVMCPU pVCpu)
 {
+    int rc = VINF_SUCCESS;
     Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
     Assert(!(pVCpu->cpum.s.fUseFlags & CPUM_USED_FPU_GUEST));
@@ -404 +408 @@
         /* Save the host state if necessary. */
         if (!(pVCpu->cpum.s.fUseFlags & CPUM_USED_FPU_HOST))
-            cpumRZSaveHostFPUState(&pVCpu->cpum.s);
+            rc = cpumRZSaveHostFPUState(&pVCpu->cpum.s);
 
         /* Restore the state on entry as we need to be in 64-bit mode to access the full state. */
@@ -418 +422 @@
         {
             Assert(!(pVCpu->cpum.s.fUseFlags & CPUM_USED_MANUAL_XMM_RESTORE));
-            cpumR0SaveHostRestoreGuestFPUState(&pVCpu->cpum.s);
+            rc = cpumR0SaveHostRestoreGuestFPUState(&pVCpu->cpum.s);
         }
         else
@@ -428 +432 @@
             uint64_t uHostEfer = ASMRdMsr(MSR_K6_EFER);
             if (!(uHostEfer & MSR_K6_EFER_FFXSR))
-                cpumR0SaveHostRestoreGuestFPUState(&pVCpu->cpum.s);
+                rc = cpumR0SaveHostRestoreGuestFPUState(&pVCpu->cpum.s);
             else
             {
@@ -434 +438 @@
                 pVCpu->cpum.s.fUseFlags |= CPUM_USED_MANUAL_XMM_RESTORE;
                 ASMWrMsr(MSR_K6_EFER, uHostEfer & ~MSR_K6_EFER_FFXSR);
-                cpumR0SaveHostRestoreGuestFPUState(&pVCpu->cpum.s);
+                rc = cpumR0SaveHostRestoreGuestFPUState(&pVCpu->cpum.s);
                 ASMWrMsr(MSR_K6_EFER, uHostEfer | MSR_K6_EFER_FFXSR);
                 ASMSetFlags(uSavedFlags);
@@ -442 +446 @@
                ==                            (CPUM_USED_FPU_GUEST | CPUM_USED_FPU_HOST | CPUM_USED_FPU_SINCE_REM));
     }
-    return VINF_SUCCESS;
+    return rc;
 }
 

trunk/src/VBox/VMM/VMMR0/CPUMR0A.asm

@@ -63 +63 @@
 ; Saves the host FPU/SSE/AVX state and restores the guest FPU/SSE/AVX state.
 ;
+; @returns  VINF_SUCCESS (0) or VINF_CPUM_HOST_CR0_MODIFIED. (EAX)
 ; @param    pCpumCpu  x86:[ebp+8] gcc:rdi msc:rcx     CPUMCPU pointer
 ;
@@ -156 +157 @@
         popf
 
+%ifndef CPUM_CAN_USE_FPU_IN_R0
+        test    ecx, ecx
+        jnz     .modified_cr0
+%endif
+        xor     eax, eax
+.return:
 %ifdef RT_ARCH_X86
         pop     esi
@@ -162 +169 @@
         leave
         ret
+
+%ifndef CPUM_CAN_USE_FPU_IN_R0
+.modified_cr0:
+        mov     eax, VINF_CPUM_HOST_CR0_MODIFIED
+        jmp     .return
+%endif
 ENDPROC   cpumR0SaveHostRestoreGuestFPUState
 

trunk/src/VBox/VMM/VMMR0/HMR0.cpp

@@ -1516 +1516 @@
 {
     HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0);
+}
+
+
+/**
+ * Notification from CPUM that it has modified the host CR0 (because of FPU).
+ *
+ * @param   pVCpu   The cross context virtual CPU structure of the calling EMT.
+ */
+VMMR0_INT_DECL(void) HMR0NotifyCpumModifiedHostCr0(PVMCPU pVCpu)
+{
+    HMCPU_CF_SET(pVCpu, HM_CHANGED_HOST_CONTEXT);
 }
 

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

@@ -3120 +3120 @@
         && !CPUMIsGuestFPUStateActive(pVCpu))
     {
-        CPUMR0LoadGuestFPU(pVM, pVCpu);
+        CPUMR0LoadGuestFPU(pVM, pVCpu); /* (Ignore rc, no need to set HM_CHANGED_HOST_CONTEXT for SVM.) */
         HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0);
     }
@@ -5388 +5388 @@
         Assert(!pSvmTransient->fWasGuestFPUStateActive);
 #endif
-        rc = CPUMR0Trap07Handler(pVCpu->CTX_SUFF(pVM), pVCpu);
-        Assert(rc == VINF_EM_RAW_GUEST_TRAP || (rc == VINF_SUCCESS && CPUMIsGuestFPUStateActive(pVCpu)));
+        rc = CPUMR0Trap07Handler(pVCpu->CTX_SUFF(pVM), pVCpu); /* (No need to set HM_CHANGED_HOST_CONTEXT for SVM.) */
+        Assert(   rc == VINF_EM_RAW_GUEST_TRAP
+               || ((rc == VINF_SUCCESS || rc == VINF_CPUM_HOST_CR0_MODIFIED) && CPUMIsGuestFPUStateActive(pVCpu)));
     }
 
@@ -5395 +5396 @@
     VMMRZCallRing3Enable(pVCpu);
 
-    if (rc == VINF_SUCCESS)
+    if (rc == VINF_SUCCESS || rc == VINF_CPUM_HOST_CR0_MODIFIED)
     {
         /* Guest FPU state was activated, we'll want to change CR0 FPU intercepts before the next VM-reentry. */

trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp

@@ -8626 +8626 @@
 #ifdef HMVMX_ALWAYS_SWAP_FPU_STATE
     if (!CPUMIsGuestFPUStateActive(pVCpu))
-        CPUMR0LoadGuestFPU(pVM, pVCpu);
+        if (CPUMR0LoadGuestFPU(pVM, pVCpu) == VINF_CPUM_HOST_CR0_MODIFIED)
+            HMCPU_CF_SET(pVCpu, HM_CHANGED_HOST_CONTEXT);
     HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0);
 #endif
@@ -8633 +8634 @@
         && !CPUMIsGuestFPUStateActive(pVCpu))
     {
-        CPUMR0LoadGuestFPU(pVM, pVCpu);
+        if (CPUMR0LoadGuestFPU(pVM, pVCpu) == VINF_CPUM_HOST_CR0_MODIFIED)
+            HMCPU_CF_SET(pVCpu, HM_CHANGED_HOST_CONTEXT);
         Assert(HMVMXCPU_GST_IS_UPDATED(pVCpu, HMVMX_UPDATED_GUEST_CR0));
         HMCPU_CF_SET(pVCpu, HM_CHANGED_GUEST_CR0);
@@ -12988 +12990 @@
 #endif
         rc = CPUMR0Trap07Handler(pVCpu->CTX_SUFF(pVM), pVCpu);
-        Assert(rc == VINF_EM_RAW_GUEST_TRAP || (rc == VINF_SUCCESS && CPUMIsGuestFPUStateActive(pVCpu)));
+        Assert(   rc == VINF_EM_RAW_GUEST_TRAP
+               || ((rc == VINF_SUCCESS || rc == VINF_CPUM_HOST_CR0_MODIFIED) && CPUMIsGuestFPUStateActive(pVCpu)));
+        if (rc == VINF_CPUM_HOST_CR0_MODIFIED)
+            HMCPU_CF_SET(pVCpu, HM_CHANGED_HOST_CONTEXT);
     }
 
@@ -12994 +12999 @@
     VMMRZCallRing3Enable(pVCpu);
 
-    if (rc == VINF_SUCCESS)
+    if (rc == VINF_SUCCESS || rc == VINF_CPUM_HOST_CR0_MODIFIED)
     {
         /* Guest FPU state was activated, we'll want to change CR0 FPU intercepts before the next VM-reentry. */

trunk/src/VBox/VMM/VMMRZ/CPUMRZ.cpp

@@ -49 +49 @@
     {
         case 0:
+#ifdef IN_RC
             cpumRZSaveHostFPUState(&pVCpu->cpum.s);
-#ifdef IN_RC
             VMCPU_FF_SET(pVCpu, VMCPU_FF_CPUM); /* Must recalc CR0 before executing more code! */
+#else
+            if (cpumRZSaveHostFPUState(&pVCpu->cpum.s) == VINF_CPUM_HOST_CR0_MODIFIED)
+                HMR0NotifyCpumModifiedHostCr0(pVCpu);
 #endif
             break;

trunk/src/VBox/VMM/VMMRZ/CPUMRZA.asm

@@ -25 +25 @@
 %include "iprt/x86.mac"
 %include "VBox/vmm/cpum.mac"
+%include "VBox/err.mac"
 
 
@@ -38 +39 @@
 ; re-evaluate the situation before executing more guest code.
 ;
-; @returns  VINF_SUCCESS (0) in EAX
+; @returns  VINF_SUCCESS (0) or VINF_CPUM_HOST_CR0_MODIFIED. (EAX)
 ; @param    pCpumCpu  x86:[ebp+8] gcc:rdi msc:rcx     CPUMCPU pointer
 ;
@@ -78 +79 @@
         ; leave it like that so IEM can use the FPU/SSE/AVX host CPU features directly.
         ;
-        SAVE_CR0_CLEAR_FPU_TRAPS xCX, xAX
+        SAVE_CR0_CLEAR_FPU_TRAPS xCX, xAX               ; xCX must be preserved!
         ;; @todo What about XCR0?
  %ifdef IN_RING0
@@ -93 +94 @@
         popf
 
+%ifndef CPUM_CAN_USE_FPU_IN_R0
+        ; Figure the return code.
+        test    ecx, ecx
+        jnz     .modified_cr0
+%endif
+        xor     eax, eax
+.return:
+
 %ifdef RT_ARCH_X86
         pop     esi
@@ -99 +108 @@
         leave
         ret
+
+%ifndef CPUM_CAN_USE_FPU_IN_R0
+.modified_cr0:
+        mov     eax, VINF_CPUM_HOST_CR0_MODIFIED
+        jmp     .return
+%endif
 %undef pCpumCpu
 %undef pXState

trunk/src/VBox/VMM/include/CPUMInternal.h

@@ -540 +540 @@
 
 # ifdef IN_RING0
-DECLASM(void)       cpumR0SaveHostRestoreGuestFPUState(PCPUMCPU pCPUM);
+DECLASM(int)        cpumR0SaveHostRestoreGuestFPUState(PCPUMCPU pCPUM);
 DECLASM(void)       cpumR0SaveGuestRestoreHostFPUState(PCPUMCPU pCPUM);
 #  if ARCH_BITS == 32 && defined(VBOX_WITH_64_BITS_GUESTS)
@@ -548 +548 @@
 
 # if defined(IN_RC) || defined(IN_RING0)
-DECLASM(void)       cpumRZSaveHostFPUState(PCPUMCPU pCPUM);
+DECLASM(int)        cpumRZSaveHostFPUState(PCPUMCPU pCPUM);
 DECLASM(void)       cpumRZSaveGuestFpuState(PCPUMCPU pCPUM, bool fLeaveFpuAccessible);
 DECLASM(void)       cpumRZSaveGuestSseRegisters(PCPUMCPU pCPUM);

trunk/src/VBox/VMM/include/CPUMInternal.mac

@@ -48 +48 @@
 %ifdef RT_OS_DARWIN
  ; Intel Darwin kernels will load the FPU context of the current thread (user land).
- %define CPUM_CAN_USE_FPU_IN_R0 1
+ ;; @todo we still need to check CR0 and tell HMVMX when CR0 changes!
+ ;%define CPUM_CAN_USE_FPU_IN_R0 1
 %endif
 %ifdef RT_OS_LINUX
@@ -54 +55 @@
  ; at least that what my LXR research on 2.6.18+ indicates.  It's possible this was
  ; done differently at some point, I seems to recall issues with it ages and ages ago.
-; %define CPUM_CAN_USE_FPU_IN_R0 1 - test me first
+ ;; @todo We still need to check CR0 and tell HMVMX when CR0 changes!
+ ;%define CPUM_CAN_USE_FPU_IN_R0 1
 %endif
 %ifndef IN_RING0