Changeset 74429 in vbox for trunk/src/VBox/VMM/VMMAll

Timestamp:

Sep 24, 2018 5:08:48 AM (6 years ago)

Author:

vboxsync

Message:

VMM/IEM: Nested VMX: bugref:9180 VM-exit bits.

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• HMVMXAll.cpp (modified) (1 diff)
• IEMAllCImplVmxInstr.cpp.h (modified) (21 diffs)

trunk/src/VBox/VMM/VMMAll/HMVMXAll.cpp

@@ -342 +342 @@
     VMXV_DIAG_DESC(kVmxVDiag_Vmexit_HostPdpte2Rsvd            , "HostPdpte2Rsvd"            ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmexit_HostPdpte3Rsvd            , "HostPdpte3Rsvd"            ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrLoad                   , "MsrLoad"                   ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrLoadCount              , "MsrLoadCount"              ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrLoadPtrReadPhys        , "MsrLoadPtrReadPhys"        ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrLoadRing3              , "MsrLoadRing3"              ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrLoadRsvd               , "MsrLoadRsvd"               ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrStore                  , "MsrStore"                  ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrStoreCount             , "MsrStoreCount"             ),
-    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrStorePtrReadPhys       , "MsrStorePtrReadPhys"       ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrStorePtrWritePhys      , "MsrStorePtrWritePhys"      ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrStoreRing3             , "MsrStoreRing3"             ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmexit_MsrStoreRsvd              , "MsrStoreRsvd"              )

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -1284 +1284 @@
 
 /**
+ * Checks if the given auto-load/store MSR area count is valid for the
+ * implementation.
+ *
+ * @returns @c true if it's within the valid limit, @c false otherwise.
+ * @param   pVCpu           The cross context virtual CPU structure.
+ * @param   uMsrCount       The MSR area count to check.
+ */
+DECL_FORCE_INLINE(bool) iemVmxIsAutoMsrCountValid(PVMCPU pVCpu, uint32_t uMsrCount)
+{
+    uint64_t const u64VmxMiscMsr      = CPUMGetGuestIa32VmxMisc(pVCpu);
+    uint32_t const cMaxSupportedMsrs  = VMX_MISC_MAX_MSRS(u64VmxMiscMsr);
+    Assert(cMaxSupportedMsrs <= VMX_V_AUTOMSR_AREA_SIZE / sizeof(VMXAUTOMSR));
+    if (uMsrCount <= cMaxSupportedMsrs)
+        return true;
+    return false;
+}
+
+
+/**
  * Flushes the current VMCS contents back to guest memory.
  *
@@ -1314 +1333 @@
  * VMREAD common (memory/register) instruction execution worker
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1417 +1437 @@
  * VMREAD (64-bit register) instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1442 +1463 @@
  * VMREAD (32-bit register) instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1469 +1491 @@
  * VMREAD (memory) instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1521 +1544 @@
  * VMWRITE instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1668 +1692 @@
  * VMCLEAR instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1778 +1803 @@
  * VMPTRST instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1826 +1852 @@
  * VMPTRLD instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -1957 +1984 @@
  * VMXON instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -4108 +4136 @@
 
 /**
- * Loads the guest auto-load MSRs area as part of VM-entry.
+ * Loads the guest MSRs from the VM-entry auto-load MSRs as part of VM-entry.
  *
  * @returns VBox status code.
@@ -4124 +4152 @@
 
     /*
+     * The VM-entry MSR-load area address need not be a valid guest-physical address if the
+     * VM-entry MSR load count is 0. If this is the case, bail early without reading it.
+     * See Intel spec. 24.8.2 "VM-Entry Controls for MSRs".
+     */
+    uint32_t const cMsrs = pVmcs->u32EntryMsrLoadCount;
+    if (!cMsrs)
+        return VINF_SUCCESS;
+
+    /*
      * Verify the MSR auto-load count. Physical CPUs can behave unpredictably if the count is
      * exceeded including possibly raising #MC exceptions during VMX transition. Our
      * implementation shall fail VM-entry with an VMX_EXIT_ERR_MSR_LOAD VM-exit.
      */
-    uint64_t const u64GuestVmxMiscMsr = CPUMGetGuestIa32VmxMisc(pVCpu);
-    uint32_t const cMaxSupportedMsrs  = VMX_MISC_MAX_MSRS(u64GuestVmxMiscMsr);
-    uint32_t const cMsrs              = pVmcs->u32EntryMsrLoadCount;
-    Assert(cMaxSupportedMsrs <= VMX_V_AUTOMSR_AREA_SIZE / sizeof(VMXAUTOMSR));
-    if (cMsrs <= cMaxSupportedMsrs)
+    bool const fIsMsrCountValid = iemVmxIsAutoMsrCountValid(pVCpu, cMsrs);
+    if (fIsMsrCountValid)
     { /* likely */ }
     else
@@ -4139 +4173 @@
         IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_MsrLoadCount);
     }
-
-    /*
-     * The VM-entry MSR-load area address need not be a valid guest-physical address if the
-     * VM-entry MSR load count is 0. If this is the case, bail early without reading it.
-     * See Intel spec. 24.8.2 "VM-Entry Controls for MSRs".
-     */
-    if (cMsrs == 0)
-        return VINF_SUCCESS;
 
     RTGCPHYS const GCPhysAutoMsrArea = pVmcs->u64AddrEntryMsrLoad.u;
@@ -4160 +4186 @@
                 &&  pMsr->u32Msr != MSR_K8_FS_BASE
                 &&  pMsr->u32Msr != MSR_K8_GS_BASE
+                &&  pMsr->u32Msr != MSR_K6_EFER
                 &&  pMsr->u32Msr >> 8 != MSR_IA32_X2APIC_START >> 8
                 &&  pMsr->u32Msr != MSR_IA32_SMM_MONITOR_CTL)
@@ -4416 +4443 @@
  * VMLAUNCH/VMRESUME instruction execution worker.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   cbInstr         The instruction length.
@@ -4860 +4888 @@
 
     /*
+     * The VM-exit MSR-store area address need not be a valid guest-physical address if the
+     * VM-exit MSR-store count is 0. If this is the case, bail early without reading it.
+     * See Intel spec. 24.7.2 "VM-Exit Controls for MSRs".
+     */
+    uint32_t const cMsrs = pVmcs->u32ExitMsrStoreCount;
+    if (!cMsrs)
+        return VINF_SUCCESS;
+
+    /*
      * Verify the MSR auto-store count. Physical CPUs can behave unpredictably if the count
      * is exceeded including possibly raising #MC exceptions during VMX transition. Our
      * implementation causes a VMX-abort followed by a triple-fault.
      */
-    uint64_t const u64GuestVmxMiscMsr = CPUMGetGuestIa32VmxMisc(pVCpu);
-    uint32_t const cMaxSupportedMsrs  = VMX_MISC_MAX_MSRS(u64GuestVmxMiscMsr);
-    uint32_t const cMsrs              = pVmcs->u32ExitMsrStoreCount;
-    Assert(cMaxSupportedMsrs <= VMX_V_AUTOMSR_AREA_SIZE / sizeof(VMXAUTOMSR));
-    if (cMsrs <= cMaxSupportedMsrs)
+    bool const fIsMsrCountValid = iemVmxIsAutoMsrCountValid(pVCpu, cMsrs);
+    if (fIsMsrCountValid)
     { /* likely */ }
     else
         IEM_VMX_VMEXIT_FAILED_RET(pVCpu, uExitReason, pszFailure, kVmxVDiag_Vmexit_MsrStoreCount);
 
-    /*
-     * The VM-exit MSR-store area address need not be a valid guest-physical address if the
-     * VM-exit MSR-store count is 0. If this is the case, bail early without reading it.
-     * See Intel spec. 24.7.2 "VM-Exit Controls for MSRs".
-     */
-    if (cMsrs == 0)
-        return VINF_SUCCESS;
-
     PVMXAUTOMSR pMsr = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pAutoMsrArea);
     Assert(pMsr);
@@ -4896 +4922 @@
              * If we're in ring-0, we cannot handle returns to ring-3 at this point and continue VM-exit.
              * If any guest hypervisor loads MSRs that require ring-3 handling, we cause a VMX-abort
-             * recording the MSR index in a VirtualBox specific VMCS field and indicated further by our
+             * recording the MSR index in the auxiliary info. field and indicated further by our
              * own, specific diagnostic code. Later, we can try implement handling of the MSR in ring-0
              * if possible, or come up with a better, generic solution.
@@ -4921 +4947 @@
     {
         AssertMsgFailed(("VM-exit: Failed to write MSR auto-store area at %#RGp, rc=%Rrc\n", GCPhysAutoMsrArea, rc));
-        IEM_VMX_VMEXIT_FAILED_RET(pVCpu, uExitReason, pszFailure, kVmxVDiag_Vmexit_MsrStorePtrReadPhys);
+        IEM_VMX_VMEXIT_FAILED_RET(pVCpu, uExitReason, pszFailure, kVmxVDiag_Vmexit_MsrStorePtrWritePhys);
     }
 
@@ -5209 +5235 @@
 
 /**
+ * Loads the host MSRs from the VM-exit auto-load MSRs area as part of VM-exit.
+ *
+ * @returns VBox status code.
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   pszInstr    The VMX instruction name (for logging purposes).
+ */
+IEM_STATIC int iemVmxVmexitLoadHostAutoMsrs(PVMCPU pVCpu, uint32_t uExitReason)
+{
+    /*
+     * Load host MSRs.
+     * See Intel spec. 27.6 "Loading MSRs".
+     */
+    PCVMXVVMCS pVmcs = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs);
+    const char *const pszFailure = "VMX-abort";
+
+    /*
+     * The VM-exit MSR-load area address need not be a valid guest-physical address if the
+     * VM-exit MSR load count is 0. If this is the case, bail early without reading it.
+     * See Intel spec. 24.7.2 "VM-Exit Controls for MSRs".
+     */
+    uint32_t const cMsrs = pVmcs->u32ExitMsrLoadCount;
+    if (!cMsrs)
+        return VINF_SUCCESS;
+
+    /*
+     * Verify the MSR auto-load count. Physical CPUs can behave unpredictably if the count
+     * is exceeded including possibly raising #MC exceptions during VMX transition. Our
+     * implementation causes a VMX-abort followed by a triple-fault.
+     */
+    bool const fIsMsrCountValid = iemVmxIsAutoMsrCountValid(pVCpu, cMsrs);
+    if (fIsMsrCountValid)
+    { /* likely */ }
+    else
+        IEM_VMX_VMEXIT_FAILED_RET(pVCpu, uExitReason, pszFailure, kVmxVDiag_Vmexit_MsrLoadCount);
+
+    RTGCPHYS const GCPhysAutoMsrArea = pVmcs->u64AddrExitMsrLoad.u;
+    int rc = PGMPhysSimpleReadGCPhys(pVCpu->CTX_SUFF(pVM), (void *)&pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pAutoMsrArea),
+                                     GCPhysAutoMsrArea, VMX_V_AUTOMSR_AREA_SIZE);
+    if (RT_SUCCESS(rc))
+    {
+        PCVMXAUTOMSR pMsr = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pAutoMsrArea);
+        Assert(pMsr);
+        for (uint32_t idxMsr = 0; idxMsr < cMsrs; idxMsr++, pMsr++)
+        {
+            if (   !pMsr->u32Reserved
+                &&  pMsr->u32Msr != MSR_K8_FS_BASE
+                &&  pMsr->u32Msr != MSR_K8_GS_BASE
+                &&  pMsr->u32Msr != MSR_K6_EFER
+                &&  pMsr->u32Msr >> 8 != MSR_IA32_X2APIC_START >> 8
+                &&  pMsr->u32Msr != MSR_IA32_SMM_MONITOR_CTL)
+            {
+                VBOXSTRICTRC rcStrict = CPUMSetGuestMsr(pVCpu, pMsr->u32Msr, pMsr->u64Value);
+                if (rcStrict == VINF_SUCCESS)
+                    continue;
+
+                /*
+                 * If we're in ring-0, we cannot handle returns to ring-3 at this point and continue VM-exit.
+                 * If any guest hypervisor loads MSRs that require ring-3 handling, we cause a VMX-abort
+                 * recording the MSR index in the auxiliary info. field and indicated further by our
+                 * own, specific diagnostic code. Later, we can try implement handling of the MSR in ring-0
+                 * if possible, or come up with a better, generic solution.
+                 */
+                pVCpu->cpum.GstCtx.hwvirt.vmx.uAbortAux = pMsr->u32Msr;
+                VMXVDIAG const enmDiag = rcStrict == VINF_CPUM_R3_MSR_WRITE
+                                       ? kVmxVDiag_Vmexit_MsrLoadRing3
+                                       : kVmxVDiag_Vmexit_MsrLoad;
+                IEM_VMX_VMEXIT_FAILED_RET(pVCpu, uExitReason, pszFailure, enmDiag);
+            }
+            else
+                IEM_VMX_VMENTRY_FAILED_RET(pVCpu, uExitReason, pszFailure, kVmxVDiag_Vmexit_MsrLoadRsvd);
+        }
+    }
+    else
+    {
+        AssertMsgFailed(("VM-exit: Failed to read MSR auto-load area at %#RGp, rc=%Rrc\n", GCPhysAutoMsrArea, rc));
+        IEM_VMX_VMEXIT_FAILED_RET(pVCpu, uExitReason, pszFailure, kVmxVDiag_Vmexit_MsrLoadPtrReadPhys);
+    }
+
+    NOREF(uExitReason);
+    NOREF(pszFailure);
+    return VINF_SUCCESS;
+}
+
+
+/**
  * Loads the host state as part of VM-exit.
  *
+ * @returns VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   uExitReason     The VM-exit reason (for logging purposes).
@@ -5276 +5388 @@
     }
 
-    /** @todo NSTVMX: rest of host state loading (loading MSRs). */
+    Assert(rcStrict == VINF_SUCCESS);
+
+    /* Load MSRs from the VM-exit auto-load MSR area. */
+    int rc = iemVmxVmexitLoadHostAutoMsrs(pVCpu, uExitReason);
+    if (RT_FAILURE(rc))
+    {
+        Log(("VM-exit failed while loading host MSRs -> VMX-Abort\n"));
+        return iemVmxAbort(pVCpu, VMXABORT_LOAD_HOST_MSR);
+    }
 
     return VINF_SUCCESS;
@@ -5285 +5405 @@
  * VMX VM-exit handler.
  *
+ * @returns Strict VBox status code.
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   uExitReason     The VM-exit reason.