VMMR0

Timestamp:

Apr 30, 2018 6:27:34 AM (7 years ago)

Author:

vboxsync

Message:

VMM/SVM: Interrupt injection fixes.

File:

: 1 edited

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp (modified) (35 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

-              r71970
+              r72065
 /** TRP: V_TPR, V_IRQ, V_INTR_PRIO, V_IGN_TPR, V_INTR_MASKING,
 V_INTR_VECTOR. */
 #define HMSVM_VMCB_CLEAN_TPR                    RT_BIT(3)
+#define HMSVM_VMCB_CLEAN_INT_CTRL               RT_BIT(3)
 /** Nested Paging: Nested CR3 (nCR3), PAT. */
 #define HMSVM_VMCB_CLEAN_NP                     RT_BIT(4)
 …
                                                  | HMSVM_VMCB_CLEAN_IOPM_MSRPM  \
                                                  | HMSVM_VMCB_CLEAN_ASID        \
                                                  | HMSVM_VMCB_CLEAN_TPR         \
+                                                 | HMSVM_VMCB_CLEAN_INT_CTRL    \
                                                  | HMSVM_VMCB_CLEAN_NP          \
                                                  | HMSVM_VMCB_CLEAN_CRX_EFER    \
 …
     /* Ignore the priority in the virtual TPR. This is necessary for delivering PIC style (ExtInt) interrupts
        and we currently deliver both PIC and APIC interrupts alike. See hmR0SvmInjectPendingEvent() */
+       and we currently deliver both PIC and APIC interrupts alike, see hmR0SvmEvaluatePendingEvent() */
     pVmcbCtrl->IntCtrl.n.u1IgnoreTPR = 1;
 …
         Assert(pVmcbCtrlCur->u32VmcbCleanBits == 0);
         /* Verify our assumption that GIM providers trap #UD uniformly across VCPUs. */
+        /* Verify our assumption that GIM providers trap #UD uniformly across VCPUs initially. */
         Assert(pVCpuCur->hm.s.fGIMTrapXcptUD == pVCpu->hm.s.fGIMTrapXcptUD);
+    }
 …
          * since SVM doesn't have a preemption timer.
+         *
          * We do this here rather than in hmR0SvmVmRunSetupVmcb() as we may have been executing the
+         * We do this here rather than in hmR0SvmSetupVmcbNested() as we may have been executing the
          * nested-guest in IEM incl. PAUSE instructions which would update the pause-filter counters
          * and may continue execution in SVM R0 without a nested-guest #VMEXIT in between.
 …
+            }
             pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS | HMSVM_VMCB_CLEAN_TPR);
+            pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS | HMSVM_VMCB_CLEAN_INT_CTRL);
+        }
+    }
 …
 #ifdef VBOX_WITH_NESTED_HWVIRT
     if (pVmcb->ctrl.IntCtrl.n.u1VGifEnable == 1)
+    if (pVmcb->ctrl.IntCtrl.n.u1VGifEnable)
+    {
         Assert(pVM->hm.s.svm.u32Features & X86_CPUID_SVM_FEATURE_EDX_VGIF);
 …
  * @sa      HMSvmNstGstVmExitNotify.
  */
 static bool hmR0SvmVmRunCacheVmcb(PVMCPU pVCpu, PCPUMCTX pCtx)
+static bool hmR0SvmCacheVmcbNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+{
     /*
 …
         pVmcbNstGstCache->fLbrVirt                = pVmcbNstGstCtrl->LbrVirt.n.u1LbrVirt;
         pCtx->hwvirt.svm.fHMCachedVmcb            = true;
         Log4(("hmR0SvmVmRunCacheVmcb: Cached VMCB fields\n"));
+        Log4(("hmR0SvmCacheVmcbNested: Cached VMCB fields\n"));
+    }
 …
  * This is done the first time we enter nested-guest execution using SVM R0
  * until the nested-guest \#VMEXIT (not to be confused with physical CPU
  * \#VMEXITs which may or may not cause the nested-guest \#VMEXIT).
+ * \#VMEXITs which may or may not cause a corresponding nested-guest \#VMEXIT).
+ *
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   pCtx            Pointer to the nested-guest-CPU context.
  */
 static void hmR0SvmVmRunSetupVmcb(PVMCPU pVCpu, PCPUMCTX pCtx)
+static void hmR0SvmSetupVmcbNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+{
     PSVMVMCB     pVmcbNstGst     = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
 …
      * First cache the nested-guest VMCB fields we may potentially modify.
      */
     bool const fVmcbCached = hmR0SvmVmRunCacheVmcb(pVCpu, pCtx);
+    bool const fVmcbCached = hmR0SvmCacheVmcbNested(pVCpu, pCtx);
     if (!fVmcbCached)
+    {
 …
     STAM_PROFILE_ADV_START(&pVCpu->hm.s.StatLoadGuestState, x);
+    PSVMVMCB     pVmcbNstGst     = pCtx->hwvirt.svm.CTX_SUFF(pVmcb); Assert(pVmcbNstGst);
+    PSVMVMCB pVmcbNstGst = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
+    Assert(pVmcbNstGst);
+    hmR0SvmSetupVmcbNested(pVCpu, pCtx);
     int rc = hmR0SvmLoadGuestControlRegs(pVCpu, pVmcbNstGst, pCtx);
 …
 #ifdef VBOX_WITH_NESTED_HWVIRT
     Assert(pVmcbNstGst->ctrl.IntCtrl.n.u1VGifEnable == 0);        /* Nested VGIF not supported yet. */
+    Assert(!pVmcbNstGst->ctrl.IntCtrl.n.u1VGifEnable);            /* Nested VGIF not supported yet. */
 #endif
 …
         /*
          * Nested-guest interrupt pending.
          * Sync/verify nested-guest's V_IRQ and its force-flag.
+         * Sync nested-guest's V_IRQ and its force-flag.
          */
+        if (!pVmcbCtrl->IntCtrl.n.u1VIrqPending)
+        {
+            if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST))
+                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST);
+        }
+        else
+            Assert(VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST));
+        if (  !pVmcbCtrl->IntCtrl.n.u1VIrqPending
+            && VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST))
+            VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST);
+    }
 #endif
 …
  * Sets the virtual interrupt intercept control in the VMCB.
+ *
+ * @param   pVmcb       Pointer to the VM control block.
+ */
+DECLINLINE(void) hmR0SvmSetVirtIntrIntercept(PSVMVMCB pVmcb)
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pVmcb   Pointer to the VM control block.
+ * @param   pCtx    Pointer to the guest-CPU context.
+ */
+DECLINLINE(void) hmR0SvmSetIntWindowExiting(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+{
     /*
+     * When AVIC isn't supported, indicate that a virtual interrupt is pending and to
+     * cause a #VMEXIT when the guest is ready to accept interrupts. At #VMEXIT, we
+     * then get the interrupt from the APIC (updating ISR at the right time) and
+     * inject the interrupt.
+     * When AVIC isn't supported, set up an interrupt window to cause a #VMEXIT when
+     * the guest is ready to accept interrupts. At #VMEXIT, we then get the interrupt
+     * from the APIC (updating ISR at the right time) and inject the interrupt.
+     *
      * With AVIC is supported, we could make use of the asynchronously delivery without
      * #VMEXIT and we would be passing the AVIC page to SVM.
+     *
+     * In AMD-V, an interrupt window is achieved using a combination of
+     * V_IRQ (an interrupt is pending), V_IGN_TPR (ignore TPR priorities) and the
+     * VINTR intercept all being set.
      */
+    if (!(pVmcb->ctrl.u64InterceptCtrl & SVM_CTRL_INTERCEPT_VINTR))
+    {
+        Assert(pVmcb->ctrl.IntCtrl.n.u1VIrqPending == 0);
+#ifdef VBOX_WITH_NESTED_HWVIRT
+    /*
+     * Currently we don't overlay interupt windows and if there's any V_IRQ pending
+     * in the nested-guest VMCB, we avoid setting up any interrupt window on behalf
+     * of the outer guest.
+     */
+    /** @todo Does this mean we end up prioritizing virtual interrupt
+     *        delivery/window over a physical interrupt (from the outer guest)
+     *        might be pending? */
+    bool const fEnableIntWindow = !VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST);
+    if (!fEnableIntWindow)
+    {
+        Assert(CPUMIsGuestInSvmNestedHwVirtMode(pCtx));
+        Log4(("Nested-guest V_IRQ already pending\n"));
+    }
+#else
+    RT_NOREF2(pVCpu, pCtx);
+    bool const fEnableIntWindow = true;
+#endif
+    if (fEnableIntWindow)
+    {
+        Assert(pVmcb->ctrl.IntCtrl.n.u1IgnoreTPR);
         pVmcb->ctrl.IntCtrl.n.u1VIrqPending = 1;
         pVmcb->ctrl.u64InterceptCtrl |= SVM_CTRL_INTERCEPT_VINTR;
         pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS | HMSVM_VMCB_CLEAN_TPR);
+        pVmcb->ctrl.u32VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_INT_CTRL;
+        hmR0SvmSetCtrlIntercept(pVmcb, SVM_CTRL_INTERCEPT_VINTR);
         Log4(("Set VINTR intercept\n"));
+    }
 …
  * at this point of time.
+ *
+ * @param   pVmcb       Pointer to the VM control block.
+ */
+DECLINLINE(void) hmR0SvmClearVirtIntrIntercept(PSVMVMCB pVmcb)
+{
+    if (pVmcb->ctrl.u64InterceptCtrl & SVM_CTRL_INTERCEPT_VINTR)
+    {
+        Assert(pVmcb->ctrl.IntCtrl.n.u1VIrqPending == 1);
+        pVmcb->ctrl.IntCtrl.n.u1VIrqPending = 0;
+        pVmcb->ctrl.u64InterceptCtrl &= ~SVM_CTRL_INTERCEPT_VINTR;
+        pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS | HMSVM_VMCB_CLEAN_TPR);
+ * @param   pVCpu   The cross context virtual CPU structure.
+ * @param   pVmcb   Pointer to the VM control block.
+ * @param   pCtx    Pointer to the guest-CPU context.
+ */
+DECLINLINE(void) hmR0SvmClearIntWindowExiting(PVMCPU pVCpu, PSVMVMCB pVmcb, PCPUMCTX pCtx)
+{
+    PSVMVMCBCTRL pVmcbCtrl = &pVmcb->ctrl;
+    if (    pVmcbCtrl->IntCtrl.n.u1VIrqPending
+        || (pVmcbCtrl->u64InterceptCtrl & SVM_CTRL_INTERCEPT_VINTR))
+    {
+        pVmcbCtrl->IntCtrl.n.u1VIrqPending = 0;
+        pVmcbCtrl->u32VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_INT_CTRL;
+        hmR0SvmClearCtrlIntercept(pVCpu, pCtx, pVmcb, SVM_CTRL_INTERCEPT_VINTR);
         Log4(("Cleared VINTR intercept\n"));
+    }
+}
-/**
- * Sets the IRET intercept control in the VMCB which instructs AMD-V to cause a
- * \#VMEXIT as soon as a guest starts executing an IRET. This is used to unblock
- * virtual NMIs.
+ *
- * @param   pVmcb       Pointer to the VM control block.
- */
-DECLINLINE(void) hmR0SvmSetIretIntercept(PSVMVMCB pVmcb)
+{
-    if (!(pVmcb->ctrl.u64InterceptCtrl & SVM_CTRL_INTERCEPT_IRET))
+    {
-        pVmcb->ctrl.u64InterceptCtrl |= SVM_CTRL_INTERCEPT_IRET;
-        pVmcb->ctrl.u32VmcbCleanBits &= ~HMSVM_VMCB_CLEAN_INTERCEPTS;
-        Log4(("Setting IRET intercept\n"));
+    }
+}
-/**
- * Clears the IRET intercept control in the VMCB.
+ *
- * @param   pVmcb       Pointer to the VM control block.
- */
-DECLINLINE(void) hmR0SvmClearIretIntercept(PSVMVMCB pVmcb)
+{
-    if (pVmcb->ctrl.u64InterceptCtrl & SVM_CTRL_INTERCEPT_IRET)
+    {
-        pVmcb->ctrl.u64InterceptCtrl &= ~SVM_CTRL_INTERCEPT_IRET;
-        pVmcb->ctrl.u32VmcbCleanBits &= ~(HMSVM_VMCB_CLEAN_INTERCEPTS);
-        Log4(("Clearing IRET intercept\n"));
+    }
+}
 #ifdef VBOX_WITH_NESTED_HWVIRT
 /**
  * Evaluates the event to be delivered to the nested-guest and sets it as the
 …
 static VBOXSTRICTRC hmR0SvmEvaluatePendingEventNested(PVMCPU pVCpu, PCPUMCTX pCtx)
+{
     Log4Func(("\n"));
+    HMSVM_ASSERT_IN_NESTED_GUEST(pCtx);
     Assert(!pVCpu->hm.s.Event.fPending);
+    bool const fGif = pCtx->hwvirt.fGif;
+    if (fGif)
+    {
+        PSVMVMCB pVmcbNstGst = pCtx->hwvirt.svm.CTX_SUFF(pVmcb);
+        bool const fIntShadow = hmR0SvmIsIntrShadowActive(pVCpu, pCtx);
+        /*
+         * Check if the nested-guest can receive NMIs.
+         * NMIs are higher priority than regular interrupts.
+         */
+        /** @todo SMI. SMIs take priority over NMIs. */
+        if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI))
+        {
+            bool const fBlockNmi = VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS);
+            if (fBlockNmi)
+                hmR0SvmSetIretIntercept(pVmcbNstGst);
+            else if (fIntShadow)
+    Assert(pCtx->hwvirt.fGif);
+    PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    Assert(pVmcb);
+    bool const fVirtualGif = CPUMGetSvmNstGstVGif(pCtx);
+    bool const fIntShadow  = hmR0SvmIsIntrShadowActive(pVCpu, pCtx);
+    bool const fBlockNmi   = VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS);
+    Log4Func(("fVirtualGif=%RTbool fBlockNmi=%RTbool fIntShadow=%RTbool Intr. pending=%RTbool NMI pending=%RTbool\n",
+              fVirtualGif, fBlockNmi, fIntShadow, VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC),
+              VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI)));
+    /** @todo SMI. SMIs take priority over NMIs. */
+    /*
+     * Check if the guest can receive NMIs.
+     * Nested NMIs are not allowed, see AMD spec. 8.1.4 "Masking External Interrupts".
+     * NMIs take priority over maskable interrupts, see AMD spec. 8.5 "Priorities".
+     */
+    if (    VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI)
+        && !fBlockNmi)
+    {
+        if (    fVirtualGif
+            && !fIntShadow)
+        {
+            if (CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_NMI))
+            {
+                /** @todo Figure this out, how we shall manage virt. intercept if the
+                 *        nested-guest already has one set and/or if we really need it? */
+                //hmR0SvmSetVirtIntrIntercept(pVmcbNstGst);
+                Log4(("Intercepting NMI -> #VMEXIT\n"));
+                return IEMExecSvmVmexit(pVCpu, SVM_EXIT_NMI, 0, 0);
+            }
+            else
+            Log4(("Setting NMI pending for injection\n"));
+            SVMEVENT Event;
+            Event.u = 0;
+            Event.n.u1Valid  = 1;
+            Event.n.u8Vector = X86_XCPT_NMI;
+            Event.n.u3Type   = SVM_EVENT_NMI;
+            hmR0SvmSetPendingEvent(pVCpu, &Event, 0 /* GCPtrFaultAddress */);
+            VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NMI);
+        }
+        else if (!fVirtualGif)
+            hmR0SvmSetCtrlIntercept(pVmcb, SVM_CTRL_INTERCEPT_STGI);
+        else
+            hmR0SvmSetIntWindowExiting(pVCpu, pVmcb, pCtx);
+    }
+    /*
+     * Check if the nested-guest can receive external interrupts (generated by
+     * the guest's PIC/APIC).
+     *
+     * External intercepts, NMI, SMI etc. from the physical CPU are -always- intercepted
+     * when executing using hardware-assisted SVM, see HMSVM_MANDATORY_GUEST_CTRL_INTERCEPTS.
+     *
+     * External interrupts that are generated for the outer guest may be intercepted
+     * depending on how the nested-guest VMCB was programmed by guest software.
+     *
+     * Physical interrupts always take priority over virtual interrupts,
+     * see AMD spec. 15.21.4 "Injecting Virtual (INTR) Interrupts".
+     */
+    else if (   VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
+             && !pVCpu->hm.s.fSingleInstruction)
+    {
+        if (    fVirtualGif
+            && !fIntShadow
+            &&  CPUMCanSvmNstGstTakePhysIntr(pVCpu, pCtx))
+        {
+            if (CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_INTR))
+            {
+                if (CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_NMI))
+                {
+                    Log4(("Intercepting NMI -> #VMEXIT\n"));
+                    return IEMExecSvmVmexit(pVCpu, SVM_EXIT_NMI, 0, 0);
+                }
+                Log4(("Pending NMI\n"));
+                Log4(("Intercepting INTR -> #VMEXIT\n"));
+                return IEMExecSvmVmexit(pVCpu, SVM_EXIT_INTR, 0, 0);
+            }
+            uint8_t u8Interrupt;
+            int rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
+            if (RT_SUCCESS(rc))
+            {
+                Log4(("Setting external interrupt %#x pending for injection\n", u8Interrupt));
                 SVMEVENT Event;
                 Event.u = 0;
                 Event.n.u1Valid  = 1;
                 Event.n.u8Vector = X86_XCPT_NMI;
                 Event.n.u3Type   = SVM_EVENT_NMI;
+                Event.n.u8Vector = u8Interrupt;
+                Event.n.u3Type   = SVM_EVENT_EXTERNAL_IRQ;
                 hmR0SvmSetPendingEvent(pVCpu, &Event, 0 /* GCPtrFaultAddress */);
-                hmR0SvmSetIretIntercept(pVmcbNstGst);
-                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NMI);
-                return VINF_SUCCESS;
+            }
+        }
+        /*
+         * Check if the nested-guest can receive external interrupts (generated by
+         * the guest's PIC/APIC).
+         *
+         * External intercepts, NMI, SMI etc. from the physical CPU are -always- intercepted
+         * when executing using hardware-assisted SVM, see HMSVM_MANDATORY_GUEST_CTRL_INTERCEPTS.
+         *
+         * External interrupts that are generated for the outer guest may be intercepted
+         * depending on how the nested-guest VMCB was programmed by guest software.
+         *
+         * Physical interrupts always take priority over virtual interrupts,
+         * see AMD spec. 15.21.4 "Injecting Virtual (INTR) Interrupts".
+         */
+        if (!fIntShadow)
+        {
+            if (   VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
+                && !pVCpu->hm.s.fSingleInstruction
+                && CPUMCanSvmNstGstTakePhysIntr(pVCpu, pCtx))
+            else if (rc == VERR_APIC_INTR_MASKED_BY_TPR)
+            {
+                if (CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_INTR))
+                {
+                    Log4(("Intercepting external interrupt -> #VMEXIT\n"));
+                    return IEMExecSvmVmexit(pVCpu, SVM_EXIT_INTR, 0, 0);
+                }
+                uint8_t u8Interrupt;
+                int rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
+                if (RT_SUCCESS(rc))
+                {
+                    Log4(("Injecting external interrupt u8Interrupt=%#x\n", u8Interrupt));
+                    SVMEVENT Event;
+                    Event.u = 0;
+                    Event.n.u1Valid  = 1;
+                    Event.n.u8Vector = u8Interrupt;
+                    Event.n.u3Type   = SVM_EVENT_EXTERNAL_IRQ;
+                    hmR0SvmSetPendingEvent(pVCpu, &Event, 0 /* GCPtrFaultAddress */);
+                }
+                else if (rc == VERR_APIC_INTR_MASKED_BY_TPR)
+                {
+                    /*
+                     * AMD-V has no TPR thresholding feature. TPR and the force-flag will be
+                     * updated eventually when the TPR is written by the guest.
+                     */
+                    STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchTprMaskedIrq);
+                }
+                else
+                    STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchGuestIrq);
+                /*
+                 * AMD-V has no TPR thresholding feature. TPR and the force-flag will be
+                 * updated eventually when the TPR is written by the guest.
+                 */
+                STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchTprMaskedIrq);
+            }
+            /*
+             * Check if the nested-guest is intercepting virtual (using V_IRQ and related fields)
+             * interrupt injection. The virtual interrupt injection itself, if any, will be done
+             * by the physical CPU.
+             */
+            /** @todo later explore this for performance reasons. Right now the hardware
+             *        takes care of virtual interrupt injection for nested-guest. */
+#if 0
+            if (   VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NESTED_GUEST)
+                && CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_VINTR)
+                && CPUMCanSvmNstGstTakeVirtIntr(pVCpu, pCtx))
+            {
+                Log4(("Intercepting virtual interrupt -> #VMEXIT\n"));
+                return IEMExecSvmVmexit(pVCpu, SVM_EXIT_VINTR, 0, 0);
+            }
+            else
+                STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchGuestIrq);
+        }
+        else if (!fVirtualGif)
+            hmR0SvmSetCtrlIntercept(pVmcb, SVM_CTRL_INTERCEPT_STGI);
+        else
+            hmR0SvmSetIntWindowExiting(pVCpu, pVmcb, pCtx);
+    }
+    return VINF_SUCCESS;
+}
 #endif
+        }
+    }
-    return VINF_SUCCESS;
+}
-#endif
 /**
 …
  * @param   pVCpu       The cross context virtual CPU structure.
  * @param   pCtx        Pointer to the guest-CPU context.
+ *
- * @remarks Don't use this function when we are actively executing a
- *          nested-guest, use hmR0SvmEvaluatePendingEventNested instead.
  */
 static void hmR0SvmEvaluatePendingEvent(PVMCPU pVCpu, PCPUMCTX pCtx)
 …
     HMSVM_ASSERT_NOT_IN_NESTED_GUEST(pCtx);
     Assert(!pVCpu->hm.s.Event.fPending);
+    PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    Assert(pVmcb);
 #ifdef VBOX_WITH_NESTED_HWVIRT
     bool const fGif = pCtx->hwvirt.fGif;
+    bool const fGif       = pCtx->hwvirt.fGif;
 #else
     bool const fGif = true;
+    bool const fGif       = true;
 #endif
+    Log4Func(("fGif=%RTbool\n", fGif));
+    bool const fIntShadow = hmR0SvmIsIntrShadowActive(pVCpu, pCtx);
+    bool const fBlockInt  = !(pCtx->eflags.u32 & X86_EFL_IF);
+    bool const fBlockNmi  = VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS);
+    Log4Func(("fGif=%RTbool fBlockNmi=%RTbool fBlockInt=%RTbool fIntShadow=%RTbool Intr. pending=%RTbool NMI pending=%RTbool\n",
+              fGif, fBlockNmi, fBlockInt, fIntShadow,
+              VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC),
+              VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI)));
+    /** @todo SMI. SMIs take priority over NMIs. */
     /*
+     * If the global interrupt flag (GIF) isn't set, even NMIs and other events are blocked.
+     * See AMD spec. Table 15-10. "Effect of the GIF on Interrupt Handling".
+     * Check if the guest can receive NMIs.
+     * Nested NMIs are not allowed, see AMD spec. 8.1.4 "Masking External Interrupts".
+     * NMIs take priority over maskable interrupts, see AMD spec. 8.5 "Priorities".
      */
+    if (fGif)
+    {
+        bool const fIntShadow = hmR0SvmIsIntrShadowActive(pVCpu, pCtx);
+        bool const fBlockInt  = !(pCtx->eflags.u32 & X86_EFL_IF);
+        bool const fBlockNmi  = VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS);
+        PSVMVMCB pVmcb        = pVCpu->hm.s.svm.pVmcb;
+        Log4Func(("fBlockInt=%RTbool fIntShadow=%RTbool APIC/PIC_Pending=%RTbool\n", fBlockInt, fIntShadow,
+                  VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)));
+        /** @todo SMI. SMIs take priority over NMIs. */
+        if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI))   /* NMI. NMIs take priority over regular interrupts. */
+        {
+            if (fBlockNmi)
+                hmR0SvmSetIretIntercept(pVmcb);
+            else if (fIntShadow)
+                hmR0SvmSetVirtIntrIntercept(pVmcb);
+            else
+    if (    VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_NMI)
+        && !fBlockNmi)
+    {
+        if (    fGif
+            && !fIntShadow)
+        {
+            Log4(("Setting NMI pending for injection\n"));
+            SVMEVENT Event;
+            Event.u = 0;
+            Event.n.u1Valid  = 1;
+            Event.n.u8Vector = X86_XCPT_NMI;
+            Event.n.u3Type   = SVM_EVENT_NMI;
+            hmR0SvmSetPendingEvent(pVCpu, &Event, 0 /* GCPtrFaultAddress */);
+            VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NMI);
+        }
+        else if (!fGif)
+            hmR0SvmSetCtrlIntercept(pVmcb, SVM_CTRL_INTERCEPT_STGI);
+        else
+            hmR0SvmSetIntWindowExiting(pVCpu, pVmcb, pCtx);
+    }
+    /*
+     * Check if the guest can receive external interrupts (PIC/APIC). Once PDMGetInterrupt() returns
+     * a valid interrupt we -must- deliver the interrupt. We can no longer re-request it from the APIC.
+     */
+    else if (   VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
+             && !pVCpu->hm.s.fSingleInstruction)
+    {
+        if (    fGif
+            && !fBlockInt
+            && !fIntShadow)
+        {
+            uint8_t u8Interrupt;
+            int rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
+            if (RT_SUCCESS(rc))
+            {
+                Log4(("Pending NMI\n"));
+                Log4(("Setting external interrupt %#x pending for injection\n", u8Interrupt));
                 SVMEVENT Event;
                 Event.u = 0;
                 Event.n.u1Valid  = 1;
+                Event.n.u8Vector = X86_XCPT_NMI;
+                Event.n.u3Type   = SVM_EVENT_NMI;
+                Event.n.u8Vector = u8Interrupt;
+                Event.n.u3Type   = SVM_EVENT_EXTERNAL_IRQ;
                 hmR0SvmSetPendingEvent(pVCpu, &Event, 0 /* GCPtrFaultAddress */);
-                hmR0SvmSetIretIntercept(pVmcb);
-                VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INTERRUPT_NMI);
-                return;
+            }
+        }
+        else if (   VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
+                 && !pVCpu->hm.s.fSingleInstruction)
+        {
+            /*
+             * Check if the guest can receive external interrupts (PIC/APIC). Once PDMGetInterrupt() returns
+             * a valid interrupt we -must- deliver the interrupt. We can no longer re-request it from the APIC.
+             */
+            if (   !fBlockInt
+                && !fIntShadow)
+            else if (rc == VERR_APIC_INTR_MASKED_BY_TPR)
+            {
+                uint8_t u8Interrupt;
+                int rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
+                if (RT_SUCCESS(rc))
+                {
+                    Log4(("Injecting external interrupt u8Interrupt=%#x\n", u8Interrupt));
+                    SVMEVENT Event;
+                    Event.u = 0;
+                    Event.n.u1Valid  = 1;
+                    Event.n.u8Vector = u8Interrupt;
+                    Event.n.u3Type   = SVM_EVENT_EXTERNAL_IRQ;
+                    hmR0SvmSetPendingEvent(pVCpu, &Event, 0 /* GCPtrFaultAddress */);
+                }
+                else if (rc == VERR_APIC_INTR_MASKED_BY_TPR)
+                {
+                    /*
+                     * AMD-V has no TPR thresholding feature. TPR and the force-flag will be
+                     * updated eventually when the TPR is written by the guest.
+                     */
+                    STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchTprMaskedIrq);
+                }
+                else
+                    STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchGuestIrq);
+                /*
+                 * AMD-V has no TPR thresholding feature. TPR and the force-flag will be
+                 * updated eventually when the TPR is written by the guest.
+                 */
+                STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchTprMaskedIrq);
+            }
             else
+                hmR0SvmSetVirtIntrIntercept(pVmcb);
+        }
+                STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchGuestIrq);
+        }
+        else if (!fGif)
+            hmR0SvmSetCtrlIntercept(pVmcb, SVM_CTRL_INTERCEPT_STGI);
+        else
+            hmR0SvmSetIntWindowExiting(pVCpu, pVmcb, pCtx);
+    }
+}
 …
  * @param   pCtx        Pointer to the guest-CPU context.
  * @param   pVmcb       Pointer to the VM control block.
+ *
+ * @remarks Must only be called when we are guaranteed to enter
+ *          hardware-assisted SVM execution and not return to ring-3
+ *          prematurely.
  */
 static void hmR0SvmInjectPendingEvent(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMVMCB pVmcb)
 …
         /*
+         * Before injecting an NMI we must set VMCPU_FF_BLOCK_NMIS to prevent nested NMIs. We do this only
+         * when we are surely going to inject the NMI as otherwise if we return to ring-3 prematurely we
+         * could leave NMIs blocked indefinitely upon re-entry into SVM R0.
+         *
+         * With VT-x, this is handled by the Guest interruptibility information VMCS field which will set
+         * the VMCS field after actually delivering the NMI which we read on VM-exit to determine the state.
+         */
+        if (    Event.n.u3Type   == SVM_EVENT_NMI
+            &&  Event.n.u8Vector == X86_XCPT_NMI
+            && !VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+        {
+            VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
+        }
+        /*
          * Inject it (update VMCB for injection by the hardware).
          */
 …
     else
         Assert(pVmcb->ctrl.EventInject.n.u1Valid == 0);
+    /*
+     * We could have injected an NMI through IEM and continue guest execution using
+     * hardware-assisted SVM. In which case, we would not have any events pending (above)
+     * but we still need to intercept IRET in order to eventually clear NMI inhibition.
+     */
+    if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+        hmR0SvmSetCtrlIntercept(pVmcb, SVM_CTRL_INTERCEPT_IRET);
     /*
 …
     /*
-     * Set up the nested-guest VMCB for execution using hardware-assisted SVM.
-     */
-    hmR0SvmVmRunSetupVmcb(pVCpu, pCtx);
-    /*
      * Load the nested-guest state.
      */
 …
         return VINF_EM_RAW_INTERRUPT;
+    }
-    /*
-     * If we are injecting an NMI, we must set VMCPU_FF_BLOCK_NMIS only when we are going to execute
-     * guest code for certain (no exits to ring-3). Otherwise, we could re-read the flag on re-entry into
-     * AMD-V and conclude that NMI inhibition is active when we have not even delivered the NMI.
+     *
-     * With VT-x, this is handled by the Guest interruptibility information VMCS field which will set the
-     * VMCS field after actually delivering the NMI which we read on VM-exit to determine the state.
-     */
-    if (pVCpu->hm.s.Event.fPending)
+    {
-        SVMEVENT Event;
-        Event.u = pVCpu->hm.s.Event.u64IntInfo;
-        if (    Event.n.u1Valid
-            &&  Event.n.u3Type == SVM_EVENT_NMI
-            &&  Event.n.u8Vector == X86_XCPT_NMI
-            && !VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+        {
-            VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
+        }
+    }
     return VINF_SUCCESS;
+}
 …
+    }
-    /*
-     * If we are injecting an NMI, we must set VMCPU_FF_BLOCK_NMIS only when we are going to execute
-     * guest code for certain (no exits to ring-3). Otherwise, we could re-read the flag on re-entry into
-     * AMD-V and conclude that NMI inhibition is active when we have not even delivered the NMI.
+     *
-     * With VT-x, this is handled by the Guest interruptibility information VMCS field which will set the
-     * VMCS field after actually delivering the NMI which we read on VM-exit to determine the state.
-     */
-    if (pVCpu->hm.s.Event.fPending)
+    {
-        SVMEVENT Event;
-        Event.u = pVCpu->hm.s.Event.u64IntInfo;
-        if (    Event.n.u1Valid
-            &&  Event.n.u3Type == SVM_EVENT_NMI
-            &&  Event.n.u8Vector == X86_XCPT_NMI
-            && !VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+        {
-            VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
+        }
+    }
     return VINF_SUCCESS;
+}
 …
     VMCPU_SET_STATE(pVCpu, VMCPUSTATE_STARTED_EXEC);            /* Indicate the start of guest execution. */
     PVM      pVM = pVCpu->CTX_SUFF(pVM);
+    PVM      pVM   = pVCpu->CTX_SUFF(pVM);
     PSVMVMCB pVmcb = pSvmTransient->pVmcb;
     hmR0SvmInjectPendingEvent(pVCpu, pCtx, pVmcb);
 …
+    {
         PCSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+        Assert(pVmcb);
         Assert(pVmcb->ctrl.u64NextRIP);
         AssertRelease(pVmcb->ctrl.u64NextRIP - pCtx->rip == cb);    /* temporary, remove later */
 …
     /* Indicate that we no longer need to #VMEXIT when the guest is ready to receive NMIs, it is now ready. */
     PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
     hmR0SvmClearVirtIntrIntercept(pVmcb);
+    hmR0SvmClearIntWindowExiting(pVCpu, pVmcb, pCtx);
     /* Deliver the pending interrupt via hmR0SvmEvaluatePendingEvent() and resume guest execution. */
 …
     /* Clear NMI blocking. */
+    VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
+    if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_BLOCK_NMIS))
+        VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
     /* Indicate that we no longer need to #VMEXIT when the guest is ready to receive NMIs, it is now ready. */
     PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
     hmR0SvmClearIretIntercept(pVmcb);
+    hmR0SvmClearCtrlIntercept(pVCpu, pCtx, pVmcb, SVM_CTRL_INTERCEPT_IRET);
     /* Deliver the pending NMI via hmR0SvmEvaluatePendingEvent() and resume guest execution. */
 …
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-    /** @todo if triple-fault is returned in nested-guest scenario convert to a
-     *        shutdown VMEXIT. */
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 …
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
+#ifdef VBOX_STRICT
+    PCSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    Assert(pVmcb);
+    Assert(!pVmcb->ctrl.IntCtrl.n.u1VGifEnable);
+    RT_NOREF(pVmcb);
+#endif
+    /** @todo Stat. */
+    /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitStgi); */
+    /*
+     * When VGIF is not used we always intercept STGI instructions. When VGIF is used,
+     * we only intercept STGI when events are pending for GIF to become 1.
+     */
+    PSVMVMCB pVmcb = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    if (pVmcb->ctrl.IntCtrl.n.u1VGifEnable)
+        hmR0SvmClearCtrlIntercept(pVCpu, pCtx, pVmcb, SVM_CTRL_INTERCEPT_STGI);
     uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
     VBOXSTRICTRC rcStrict = IEMExecDecodedStgi(pVCpu, cbInstr);
 …
 #endif
-    /** @todo Stat. */
-    /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitVmload); */
     uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
     VBOXSTRICTRC rcStrict = IEMExecDecodedVmload(pVCpu, cbInstr);
 …
 #endif
-    /** @todo Stat. */
-    /* STAM_COUNTER_INC(&pVCpu->hm.s.StatExitVmsave); */
     uint8_t const cbInstr = hmR0SvmGetInstrLengthHwAssist(pVCpu, pCtx, 3);
     VBOXSTRICTRC rcStrict = IEMExecDecodedVmsave(pVCpu, cbInstr);
 …
     /* If this #DB is the result of delivering an event, go back to the interpreter. */
-    /** @todo if triple-fault is returned in nested-guest scenario convert to a
-     *        shutdown VMEXIT. */
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
     if (RT_UNLIKELY(pVCpu->hm.s.Event.fPending))
+    if (pVCpu->hm.s.Event.fPending)
+    {
         STAM_COUNTER_INC(&pVCpu->hm.s.StatInjectPendingInterpret);
 …
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-    /** @todo if triple-fault is returned in nested-guest scenario convert to a
-     *        shutdown VMEXIT. */
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();

Note: See TracChangeset for help on using the changeset viewer.

Changeset 72065 in vbox for trunk/src/VBox/VMM/VMMR0

Legend:

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

Download in other formats: