Changeset 74183 in vbox

Timestamp:

Sep 10, 2018 4:29:32 PM (7 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

124958

Message:

VMM/IEM: Nested VMX: bugref:9180 vmlaunch/vmresume bits.

Location:

trunk

Files:

• include/VBox/vmm/hm_vmx.h (modified) (5 diffs)
• src/VBox/VMM/VMMAll/HMVMXAll.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h (modified) (6 diffs)

trunk/include/VBox/vmm/hm_vmx.h

@@ -1035 +1035 @@
 typedef const VMXEXITINSTRINFO *PCVMXEXITINSTRINFO;
 
+
+/** @name VM-entry failure reported in VM-exit qualification.
+ * See Intel spec. 26.7 "VM-entry failures during or after loading guest-state".
+ */
+/** No errors during VM-entry. */
+#define VMX_ENTRY_FAIL_QUAL_NO_ERROR                            (0)
+/** Not used. */
+#define VMX_ENTRY_FAIL_QUAL_NOT_USED                            (1)
+/** Error while loading PDPTEs. */
+#define VMX_ENTRY_FAIL_QUAL_PDPTE                               (2)
+/** NMI injection when blocking-by-STI is set. */
+#define VMX_ENTRY_FAIL_QUAL_NMI_INJECT                          (3)
+/** Invalid VMCS link pointer. */
+#define VMX_ENTRY_FAIL_QUAL_VMCS_LINK_PTR                       (4)
+/** @} */
+
+
 /**
  * VMX MSR autoload/store element.
@@ -2724 +2741 @@
  */
 /** Hardware breakpoint 0 was met. */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP0                   RT_BIT(0)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP0                   RT_BIT_64(0)
 /** Hardware breakpoint 1 was met. */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP1                   RT_BIT(1)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP1                   RT_BIT_64(1)
 /** Hardware breakpoint 2 was met. */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP2                   RT_BIT(2)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP2                   RT_BIT_64(2)
 /** Hardware breakpoint 3 was met. */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP3                   RT_BIT(3)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP3                   RT_BIT_64(3)
 /** At least one data or IO breakpoint was hit. */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_EN_BP                 RT_BIT(12)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_EN_BP                 RT_BIT_64(12)
 /** A debug exception would have been triggered by single-step execution mode. */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BS                    RT_BIT(14)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BS                    RT_BIT_64(14)
 /** A debug exception occurred inside an RTM region.   */
-#define VMX_VMCS_GUEST_PENDING_DEBUG_RTM                        RT_BIT(16)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_RTM                        RT_BIT_64(16)
+/** Mask of valid bits. */
+#define VMX_VMCS_GUEST_PENDING_DEBUG_VALID_MASK                 (  VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP0 \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP1 \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP2 \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BP3 \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_EN_BP \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BS \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_RTM)
+#define VMX_VMCS_GUEST_PENDING_DEBUG_RTM_MASK                   (  VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_EN_BP \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BS \
+                                                                 | VMX_VMCS_GUEST_PENDING_DEBUG_RTM)
+/** Bit fields for Pending debug exceptions. */
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP0_SHIFT                  0
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP0_MASK                   UINT64_C(0x0000000000000001)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP1_SHIFT                  1
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP1_MASK                   UINT64_C(0x0000000000000002)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP2_SHIFT                  2
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP2_MASK                   UINT64_C(0x0000000000000004)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP3_SHIFT                  3
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BP3_MASK                   UINT64_C(0x0000000000000008)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_4_11_SHIFT            4
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_4_11_MASK             UINT64_C(0x0000000000000ff0)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_EN_BP_SHIFT                12
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_EN_BP_MASK                 UINT64_C(0x0000000000001000)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_13_SHIFT              13
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_13_MASK               UINT64_C(0x0000000000002000)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BS_SHIFT                   14
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_BS_MASK                    UINT64_C(0x0000000000004000)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_15_SHIFT              15
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_15_MASK               UINT64_C(0x0000000000008000)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RTM_SHIFT                  16
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RTM_MASK                   UINT64_C(0x0000000000010000)
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_17_63_SHIFT           17
+#define VMX_BF_VMCS_PENDING_DBG_XCPT_RSVD_17_63_MASK            UINT64_C(0xfffffffffffe0000)
+RT_BF_ASSERT_COMPILE_CHECKS(VMX_BF_VMCS_PENDING_DBG_XCPT_, UINT64_C(0), UINT64_MAX,
+                            (BP0, BP1, BP2, BP3, RSVD_4_11, EN_BP, RSVD_13, BS, RSVD_15, RTM, RSVD_17_63));
 /** @} */
 
@@ -3479 +3532 @@
     kVmxVDiag_Vmentry_AddrMsrBitmap,
     kVmxVDiag_Vmentry_AddrVirtApicPage,
+    kVmxVDiag_Vmentry_AddrVmcsLinkPtr,
     kVmxVDiag_Vmentry_AddrVmreadBitmap,
     kVmxVDiag_Vmentry_AddrVmwriteBitmap,
@@ -3525 +3579 @@
     kVmxVDiag_Vmentry_GuestPatMsr,
     kVmxVDiag_Vmentry_GuestPcide,
+    kVmxVDiag_Vmentry_GuestPndDbgXcptBsNoTf,
+    kVmxVDiag_Vmentry_GuestPndDbgXcptBsTf,
+    kVmxVDiag_Vmentry_GuestPndDbgXcptRsvd,
+    kVmxVDiag_Vmentry_GuestPndDbgXcptRtm,
     kVmxVDiag_Vmentry_GuestRip,
     kVmxVDiag_Vmentry_GuestRipRsvd,
@@ -3616 +3674 @@
     kVmxVDiag_Vmentry_GuestSegSelTr,
     kVmxVDiag_Vmentry_GuestSysenterEspEip,
+    kVmxVDiag_Vmentry_VmcsLinkPtrCurVmcs,
+    kVmxVDiag_Vmentry_VmcsLinkPtrReadPhys,
+    kVmxVDiag_Vmentry_VmcsLinkPtrRevId,
+    kVmxVDiag_Vmentry_VmcsLinkPtrShadow,
     kVmxVDiag_Vmentry_HostCr0Fixed0,
     kVmxVDiag_Vmentry_HostCr0Fixed1,

trunk/src/VBox/VMM/VMMAll/HMVMXAll.cpp

@@ -134 +134 @@
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_AddrMsrBitmap            , "AddrMsrBitmap"             ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_AddrVirtApicPage         , "AddrVirtApicPage"          ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_AddrVmcsLinkPtr          , "AddrVmcsLinkPtr"           ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_AddrVmreadBitmap         , "AddrVmreadBitmap"          ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_AddrVmwriteBitmap        , "AddrVmwriteBitmap"         ),
@@ -180 +181 @@
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestPatMsr              , "GuestPatMsr"               ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestPcide               , "GuestPcide"                ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestPndDbgXcptBsNoTf    , "GuestPndDbgXcptBsNoTf"     ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestPndDbgXcptBsTf      , "GuestPndDbgXcptBsTf"       ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestPndDbgXcptRsvd      , "GuestPndDbgXcptRsvd"       ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestPndDbgXcptRtm       , "GuestPndDbgXcptRtm"        ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestRip                 , "GuestRip"                  ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestRipRsvd             , "GuestRipRsvd"              ),
@@ -271 +276 @@
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestSegSelTr            , "GuestSegSelTr"             ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_GuestSysenterEspEip      , "GuestSysenterEspEip"       ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_VmcsLinkPtrCurVmcs       , "VmcsLinkPtrCurVmcs"        ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_VmcsLinkPtrReadPhys      , "VmcsLinkPtrReadPhys"       ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_VmcsLinkPtrRevId         , "VmcsLinkPtrRevId"          ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmentry_VmcsLinkPtrShadow        , "VmcsLinkPtrShadow"         ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_HostCr0Fixed0            , "HostCr0Fixed0"             ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmentry_HostCr0Fixed1            , "HostCr0Fixed1"             ),

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -364 +364 @@
 #define IEM_VMX_HAS_SHADOW_VMCS(a_pVCpu)            RT_BOOL(IEM_VMX_GET_SHADOW_VMCS(a_pVCpu) != NIL_RTGCPHYS)
 
-
 /** Gets the guest-physical address of the shadows VMCS for the given VCPU. */
 #define IEM_VMX_GET_SHADOW_VMCS(a_pVCpu)            ((a_pVCpu)->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs)->u64VmcsLinkPtr.u)
+
+/** Gets the VMXON region pointer. */
+#define IEM_VMX_GET_VMXON_PTR(a_pVCpu)              ((a_pVCpu)->cpum.GstCtx.hwvirt.vmx.GCPhysVmxon)
 
 /** Whether a current VMCS is present for the given VCPU. */
@@ -2867 +2869 @@
 
     /* RFLAGS (bits 63:22 (or 31:22), bits 15, 5, 3 are reserved, bit 1 MB1). */
-    uint64_t const fMbzMask = IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fLongMode ? UINT64_C(0xffffffffffc08028) : UINT32_C(0xffc08028);
-    uint64_t const fMb1Mask = X86_EFL_RA1_MASK;
-    if (   !(pVmcs->u64GuestRFlags.u & fMbzMask)
-        &&  (pVmcs->u64GuestRFlags.u & fMb1Mask) == fMb1Mask)
+    uint64_t const uGuestRFlags = IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fLongMode ? pVmcs->u64GuestRFlags.u
+                                : pVmcs->u64GuestRFlags.s.Lo;
+    uint64_t const fMbzMask = ~X86_EFL_LIVE_MASK;
+    uint64_t const fMb1Mask =  X86_EFL_RA1_MASK;
+    if (   !(uGuestRFlags & fMbzMask)
+        &&  (uGuestRFlags & fMb1Mask) == fMb1Mask)
     { /* likely */ }
     else
@@ -2878 +2882 @@
         || !(pVmcs->u64GuestCr0.u & X86_CR0_PE))
     {
-        if (!(pVmcs->u64GuestRFlags.u & X86_EFL_VM))
+        if (!(uGuestRFlags & X86_EFL_VM))
         { /* likely */ }
         else
@@ -2887 +2891 @@
         && VMX_ENTRY_INT_INFO_TYPE(pVmcs->u32EntryIntInfo) == VMX_ENTRY_INT_INFO_TYPE_EXT_INT)
     {
-        if (pVmcs->u64GuestRFlags.u & X86_EFL_IF)
+        if (uGuestRFlags & X86_EFL_IF)
         { /* likely */ }
         else
@@ -2911 +2915 @@
      * See Intel spec. 26.3.1.5 "Checks on Guest Non-Register State".
      */
-    PCVMXVVMCS pVmcs = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs);
+    PVMXVVMCS pVmcs = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs);
     const char *const pszFailure = "VM-exit";
 
@@ -3037 +3041 @@
         IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestIntStateEnclave);
 
-    /** @todo NSTVMX: Pending debug exceptions, VMCS link pointer. */
+    /*
+     * Pending debug exceptions.
+     */
+    uint64_t const uPendingDbgXcpt = IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fLongMode
+                                   ? pVmcs->u64GuestPendingDbgXcpt.u
+                                   : pVmcs->u64GuestPendingDbgXcpt.s.Lo;
+    if (!(uPendingDbgXcpt & ~VMX_VMCS_GUEST_PENDING_DEBUG_VALID_MASK))
+    { /* likely */ }
+    else
+        IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestPndDbgXcptRsvd);
+
+    if (   (pVmcs->u32GuestIntrState & (VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS | VMX_VMCS_GUEST_INT_STATE_BLOCK_STI))
+        || pVmcs->u32GuestActivityState == VMX_VMCS_GUEST_ACTIVITY_HLT)
+    {
+        if (   (pVmcs->u64GuestRFlags.u & X86_EFL_TF)
+            && !(pVmcs->u64GuestDebugCtlMsr.u & MSR_IA32_DEBUGCTL_BTF)
+            && !(uPendingDbgXcpt & VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BS))
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestPndDbgXcptBsTf);
+
+        if (   (   !(pVmcs->u64GuestRFlags.u & X86_EFL_TF)
+                ||  (pVmcs->u64GuestDebugCtlMsr.u & MSR_IA32_DEBUGCTL_BTF))
+            && (uPendingDbgXcpt & VMX_VMCS_GUEST_PENDING_DEBUG_XCPT_BS))
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestPndDbgXcptBsNoTf);
+    }
+
+    /* We don't support RTM (Real-time Transactional Memory) yet. */
+    if (uPendingDbgXcpt & VMX_VMCS_GUEST_PENDING_DEBUG_RTM)
+        IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestPndDbgXcptRtm);
+
+    /*
+     * VMCS link pointer.
+     */
+    if (pVmcs->u64VmcsLinkPtr.u != UINT64_C(0xffffffffffffffff))
+    {
+        /* We don't support SMM yet (so VMCS link pointer cannot be the current VMCS). */
+        if (pVmcs->u64VmcsLinkPtr.u != IEM_VMX_GET_CURRENT_VMCS(pVCpu))
+        { /* likely */ }
+        else
+        {
+            pVmcs->u64ExitQual.u = VMX_ENTRY_FAIL_QUAL_VMCS_LINK_PTR;
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_VmcsLinkPtrCurVmcs);
+        }
+
+        /* Validate the address. */
+        if (   (pVmcs->u64VmcsLinkPtr.u & X86_PAGE_4K_OFFSET_MASK)
+            || (pVmcs->u64VmcsLinkPtr.u >> IEM_GET_GUEST_CPU_FEATURES(pVCpu)->cVmxMaxPhysAddrWidth)
+            || !PGMPhysIsGCPhysNormal(pVCpu->CTX_SUFF(pVM), pVmcs->u64VmcsLinkPtr.u))
+        {
+            pVmcs->u64ExitQual.u = VMX_ENTRY_FAIL_QUAL_VMCS_LINK_PTR;
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_AddrVmcsLinkPtr);
+        }
+
+        /* Read the VMCS-link pointer from guest memory. */
+        Assert(pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pShadowVmcs));
+        int rc = PGMPhysSimpleReadGCPhys(pVCpu->CTX_SUFF(pVM), pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pShadowVmcs),
+                                         pVmcs->u64VmcsLinkPtr.u, VMX_V_VMCS_SIZE);
+        if (RT_FAILURE(rc))
+        {
+            pVmcs->u64ExitQual.u = VMX_ENTRY_FAIL_QUAL_VMCS_LINK_PTR;
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_VmcsLinkPtrReadPhys);
+        }
+
+        /* Verify the VMCS revision specified by the guest matches what we reported to the guest. */
+        if (pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pShadowVmcs)->u32VmcsRevId.n.u31RevisionId == VMX_V_VMCS_REVISION_ID)
+        { /* likely */ }
+        else
+        {
+            pVmcs->u64ExitQual.u = VMX_ENTRY_FAIL_QUAL_VMCS_LINK_PTR;
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_VmcsLinkPtrRevId);
+        }
+
+        /* Verify the shadow bit is set if VMCS shadowing is enabled . */
+        if (   !(pVmcs->u32ProcCtls2 & VMX_PROC_CTLS2_VMCS_SHADOWING)
+            || pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pShadowVmcs)->u32VmcsRevId.n.fIsShadowVmcs)
+        { /* likely */ }
+        else
+        {
+            pVmcs->u64ExitQual.u = VMX_ENTRY_FAIL_QUAL_VMCS_LINK_PTR;
+            IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_VmcsLinkPtrShadow);
+        }
+    }
 
     NOREF(pszInstr);