Changeset 72440 in vbox

Timestamp:

Jun 5, 2018 5:45:11 AM (6 years ago)

Author:

vboxsync

Message:

VMM: Nested hw.virt: Fixes when nested-paging isn't enabled in the outer guest.

Location:

trunk/src/VBox/VMM

Files:

• VMMR0/HMSVMR0.cpp (modified) (12 diffs)
• VMMR3/EM.cpp (modified) (4 diffs)

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

@@ -91 +91 @@
         else if (     rc == VINF_HM_DOUBLE_FAULT) { return VINF_SUCCESS;            } \
         else if (     rc == VINF_EM_RESET \
-                 &&   HMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_SHUTDOWN)) \
+                 &&   CPUMIsGuestSvmCtrlInterceptSet(pVCpu, pCtx, SVM_CTRL_INTERCEPT_SHUTDOWN)) \
             return VBOXSTRICTRC_TODO(IEMExecSvmVmexit(pVCpu, SVM_EXIT_SHUTDOWN, 0, 0)); \
         else \
@@ -374 +374 @@
 #endif
 #ifdef VBOX_WITH_NESTED_HWVIRT_SVM
-static FNSVMEXITHANDLER hmR0SvmExitXcptPFNested;
 static FNSVMEXITHANDLER hmR0SvmExitClgi;
 static FNSVMEXITHANDLER hmR0SvmExitStgi;
@@ -5099 +5098 @@
                     return HM_SVM_VMEXIT_NESTED(pVCpu, uExitCode, u32ErrCode, uFaultAddress);
 
-                /* If the nested-guest is not intercepting #PFs, forward the #PF to the nested-guest. */
+                /* If the nested-guest is not intercepting #PFs, forward the #PF to the guest. */
                 hmR0SvmSetPendingXcptPF(pVCpu, pCtx, u32ErrCode, uFaultAddress);
                 return VINF_SUCCESS;
             }
-            return hmR0SvmExitXcptPFNested(pVCpu, pCtx,pSvmTransient);
+            return hmR0SvmExitXcptPF(pVCpu, pCtx,pSvmTransient);
         }
 
@@ -5883 +5882 @@
                     /* Determine a vectoring #PF condition, see comment in hmR0SvmExitXcptPF(). */
                     if (fRaiseInfo & (IEMXCPTRAISEINFO_EXT_INT_PF | IEMXCPTRAISEINFO_NMI_PF))
+                    {
                         pSvmTransient->fVectoringPF = true;
+                        Log4(("IDT: Pending vectoring #PF due to delivery of Ext-Int/NMI. uCR2=%#RX64\n", pCtx->cr2));
+                    }
                     else if (   pVmcb->ctrl.ExitIntInfo.n.u3Type == SVM_EVENT_EXCEPTION
                              && uIdtVector == X86_XCPT_PF)
@@ -5923 +5925 @@
                 if (fRaiseInfo & IEMXCPTRAISEINFO_PF_PF)
                 {
+                    Log4(("IDT: Pending vectoring double #PF uCR2=%#RX64\n", pCtx->cr2));
                     pSvmTransient->fVectoringDoublePF = true;
                     Assert(rc == VINF_SUCCESS);
@@ -7252 +7255 @@
 {
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-    HMSVM_ASSERT_NOT_IN_NESTED_GUEST(pCtx);
 
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
 
     /* See AMD spec. 15.12.15 "#PF (Page Fault)". */
-    PSVMVMCB    pVmcb         = pVCpu->hm.s.svm.pVmcb;
-    uint32_t    u32ErrCode    = pVmcb->ctrl.u64ExitInfo1;
-    RTGCUINTPTR uFaultAddress = pVmcb->ctrl.u64ExitInfo2;
-    PVM         pVM           = pVCpu->CTX_SUFF(pVM);
+    PVM             pVM           = pVCpu->CTX_SUFF(pVM);
+    PSVMVMCB        pVmcb         = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
+    uint32_t        uErrCode      = pVmcb->ctrl.u64ExitInfo1;
+    uint64_t const  uFaultAddress = pVmcb->ctrl.u64ExitInfo2;
 
 #if defined(HMSVM_ALWAYS_TRAP_ALL_XCPTS) || defined(HMSVM_ALWAYS_TRAP_PF)
@@ -7266 +7268 @@
     {
         pVCpu->hm.s.Event.fPending = false;     /* In case it's a contributory or vectoring #PF. */
-        if (!pSvmTransient->fVectoringDoublePF)
+        if (   !pSvmTransient->fVectoringDoublePF
+            || CPUMIsGuestInSvmNestedHwVirtMode(pCtx))
         {
             /* A genuine guest #PF, reflect it to the guest. */
-            hmR0SvmSetPendingXcptPF(pVCpu, pCtx, u32ErrCode, uFaultAddress);
-            Log4(("#PF: Guest page fault at %04X:%RGv FaultAddr=%RGv ErrCode=%#x\n", pCtx->cs.Sel, (RTGCPTR)pCtx->rip,
-                  uFaultAddress, u32ErrCode));
+            hmR0SvmSetPendingXcptPF(pVCpu, pCtx, uErrCode, uFaultAddress);
+            Log4(("#PF: Guest page fault at %04X:%RGv FaultAddr=%RX64 ErrCode=%#x\n", pCtx->cs.Sel, (RTGCPTR)pCtx->rip,
+                  uFaultAddress, uErrCode));
         }
         else
@@ -7291 +7294 @@
     if (   pVM->hm.s.fTprPatchingAllowed
         && (uFaultAddress & 0xfff) == XAPIC_OFF_TPR
-        && !(u32ErrCode & X86_TRAP_PF_P)              /* Not present. */
+        && !(uErrCode & X86_TRAP_PF_P)                /* Not present. */
+        && !CPUMIsGuestInSvmNestedHwVirtMode(pCtx)
         && !CPUMIsGuestInLongModeEx(pCtx)
         && !CPUMGetGuestCPL(pVCpu)
@@ -7313 +7317 @@
     }
 
-    Log4(("#PF: uFaultAddress=%#RX64 CS:RIP=%#04x:%#RX64 u32ErrCode %#RX32 cr3=%#RX64\n", uFaultAddress, pCtx->cs.Sel,
-          pCtx->rip, u32ErrCode, pCtx->cr3));
+    Log4(("#PF: uFaultAddress=%#RX64 CS:RIP=%#04x:%#RX64 uErrCode %#RX32 cr3=%#RX64\n", uFaultAddress, pCtx->cs.Sel,
+          pCtx->rip, uErrCode, pCtx->cr3));
 
     /* If it's a vectoring #PF, emulate injecting the original event injection as PGMTrap0eHandler() is incapable
@@ -7324 +7328 @@
     }
 
-    TRPMAssertXcptPF(pVCpu, uFaultAddress, u32ErrCode);
-    int rc = PGMTrap0eHandler(pVCpu, u32ErrCode, CPUMCTX2CORE(pCtx), (RTGCPTR)uFaultAddress);
-
-    Log4(("#PF rc=%Rrc\n", rc));
+    TRPMAssertXcptPF(pVCpu, uFaultAddress, uErrCode);
+    int rc = PGMTrap0eHandler(pVCpu, uErrCode, CPUMCTX2CORE(pCtx), (RTGCPTR)uFaultAddress);
+
+    Log4(("#PF: rc=%Rrc\n", rc));
 
     if (rc == VINF_SUCCESS)
@@ -7337 +7341 @@
         return rc;
     }
-    else if (rc == VINF_EM_RAW_GUEST_TRAP)
+
+    if (rc == VINF_EM_RAW_GUEST_TRAP)
     {
         pVCpu->hm.s.Event.fPending = false;     /* In case it's a contributory or vectoring #PF. */
 
-        if (!pSvmTransient->fVectoringDoublePF)
-        {
-            /* It's a guest page fault and needs to be reflected to the guest. */
-            u32ErrCode = TRPMGetErrorCode(pVCpu);        /* The error code might have been changed. */
+        /*
+         * If a nested-guest delivers a #PF and that causes a #PF which is -not- a shadow #PF,
+         * we should simply forward the #PF to the guest and is up to the nested-hypervisor to
+         * determine whether it is a nested-shadow #PF or a #DF, see @bugref{7243#c121}.
+         */
+        if (  !pSvmTransient->fVectoringDoublePF
+            || CPUMIsGuestInSvmNestedHwVirtMode(pCtx))
+        {
+            /* It's a guest (or nested-guest) page fault and needs to be reflected. */
+            uErrCode = TRPMGetErrorCode(pVCpu);        /* The error code might have been changed. */
             TRPMResetTrap(pVCpu);
-            hmR0SvmSetPendingXcptPF(pVCpu, pCtx, u32ErrCode, uFaultAddress);
+
+#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
+            /* If the nested-guest is intercepting #PFs, cause a #PF #VMEXIT. */
+            if (   CPUMIsGuestInSvmNestedHwVirtMode(pCtx)
+                && HMIsGuestSvmXcptInterceptSet(pVCpu, pCtx, X86_XCPT_PF))
+                return VBOXSTRICTRC_TODO(IEMExecSvmVmexit(pVCpu, SVM_EXIT_XCPT_PF, uErrCode, uFaultAddress));
+#endif
+
+            hmR0SvmSetPendingXcptPF(pVCpu, pCtx, uErrCode, uFaultAddress);
         }
         else
@@ -7594 +7613 @@
 #ifdef VBOX_WITH_NESTED_HWVIRT_SVM
 /**
- * \#VMEXIT handler for #PF occuring while in nested-guest execution
- * (SVM_EXIT_XCPT_14). Conditional \#VMEXIT.
- */
-HMSVM_EXIT_DECL hmR0SvmExitXcptPFNested(PVMCPU pVCpu, PCPUMCTX pCtx, PSVMTRANSIENT pSvmTransient)
-{
-    HMSVM_VALIDATE_EXIT_HANDLER_PARAMS();
-
-    HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY();
-
-    /* See AMD spec. 15.12.15 "#PF (Page Fault)". */
-    PSVMVMCB       pVmcb         = hmR0SvmGetCurrentVmcb(pVCpu, pCtx);
-    uint32_t       u32ErrCode    = pVmcb->ctrl.u64ExitInfo1;
-    uint64_t const uFaultAddress = pVmcb->ctrl.u64ExitInfo2;
-
-    Log4(("#PFNested: uFaultAddress=%#RX64 CS:RIP=%#04x:%#RX64 u32ErrCode=%#RX32 CR3=%#RX64\n", uFaultAddress, pCtx->cs.Sel,
-          pCtx->rip, u32ErrCode, pCtx->cr3));
-
-    /* If it's a vectoring #PF, emulate injecting the original event injection as PGMTrap0eHandler() is incapable
-       of differentiating between instruction emulation and event injection that caused a #PF. See @bugref{6607}. */
-    if (pSvmTransient->fVectoringPF)
-    {
-        Assert(pVCpu->hm.s.Event.fPending);
-        return VINF_EM_RAW_INJECT_TRPM_EVENT;
-    }
-
-    Assert(!pVCpu->CTX_SUFF(pVM)->hm.s.fNestedPaging);
-
-    TRPMAssertXcptPF(pVCpu, uFaultAddress, u32ErrCode);
-    int rc = PGMTrap0eHandler(pVCpu, u32ErrCode, CPUMCTX2CORE(pCtx), (RTGCPTR)uFaultAddress);
-
-    Log4(("#PFNested: rc=%Rrc\n", rc));
-
-    if (rc == VINF_SUCCESS)
-    {
-        /* Successfully synced shadow pages tables or emulated an MMIO instruction. */
-        TRPMResetTrap(pVCpu);
-        STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowPF);
-        HMCPU_CF_SET(pVCpu, HM_CHANGED_ALL_GUEST);
-        return rc;
-    }
-
-    if (rc == VINF_EM_RAW_GUEST_TRAP)
-    {
-        pVCpu->hm.s.Event.fPending = false;     /* In case it's a contributory or vectoring #PF. */
-
-        if (!pSvmTransient->fVectoringDoublePF)
-        {
-            /* It's a nested-guest page fault and needs to be reflected to the nested-guest. */
-            u32ErrCode = TRPMGetErrorCode(pVCpu);        /* The error code might have been changed. */
-            TRPMResetTrap(pVCpu);
-            hmR0SvmSetPendingXcptPF(pVCpu, pCtx, u32ErrCode, uFaultAddress);
-        }
-        else
-        {
-            /* A nested-guest page-fault occurred during delivery of a page-fault. Inject #DF. */
-            TRPMResetTrap(pVCpu);
-            hmR0SvmSetPendingXcptDF(pVCpu);
-            Log4(("#PF: Pending #DF due to vectoring #PF\n"));
-        }
-
-        STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestPF);
-        return VINF_SUCCESS;
-    }
-
-    TRPMResetTrap(pVCpu);
-    STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowPFEM);
-    return rc;
-}
-
-
-/**
  * \#VMEXIT handler for CLGI (SVM_EXIT_CLGI). Conditional \#VMEXIT.
  */

trunk/src/VBox/VMM/VMMR3/EM.cpp

@@ -1716 +1716 @@
                              *        doesn't intercept HLT but intercepts INTR? */
                             *pfResched = true;
-                            return VINF_EM_RESCHEDULE;
+                            if (rcStrict == VINF_SVM_VMEXIT)
+                                return VINF_SUCCESS;
+                            if (rcStrict == VINF_PGM_CHANGE_MODE)
+                                return PGMChangeMode(pVCpu, pCtx->cr0, pCtx->cr4, pCtx->msrEFER);
+                            return VBOXSTRICTRC_VAL(rcStrict);
                         }
 
@@ -1726 +1730 @@
                     /** @todo this really isn't nice, should properly handle this */
                     int rc = TRPMR3InjectEvent(pVM, pVCpu, TRPM_HARDWARE_INT);
+                    if (rc == VINF_SVM_VMEXIT)
+                        rc = VINF_SUCCESS;
+                    else if (rc == VINF_PGM_CHANGE_MODE)
+                        rc = PGMChangeMode(pVCpu, pCtx->cr0, pCtx->cr4, pCtx->msrEFER);
                     if (pVM->em.s.fIemExecutesAll && (   rc == VINF_EM_RESCHEDULE_REM
                                                       || rc == VINF_EM_RESCHEDULE_HM
@@ -1750 +1758 @@
                          *        doesn't intercept HLT but intercepts VINTR? */
                         *pfResched = true;
-                        return VINF_EM_RESCHEDULE;
+                        if (rcStrict == VINF_SVM_VMEXIT)
+                            return VINF_SUCCESS;
+                        if (rcStrict == VINF_PGM_CHANGE_MODE)
+                            return PGMChangeMode(pVCpu, pCtx->cr0, pCtx->cr4, pCtx->msrEFER);
+                        return VBOXSTRICTRC_VAL(rcStrict);
                     }
 
@@ -2129 +2141 @@
                         /** @todo this really isn't nice, should properly handle this */
                         rc2 = TRPMR3InjectEvent(pVM, pVCpu, TRPM_HARDWARE_INT);
-Log(("EM: TRPMR3InjectEvent -> %d\n", rc2));
+                        Log(("EM: TRPMR3InjectEvent -> %d\n", rc2));
                         if (pVM->em.s.fIemExecutesAll && (   rc2 == VINF_EM_RESCHEDULE_REM
                                                           || rc2 == VINF_EM_RESCHEDULE_HM