Changeset 74523 in vbox for trunk/src/VBox/VMM/VMMAll

Timestamp:

Sep 28, 2018 12:43:19 PM (6 years ago)

Author:

vboxsync

Message:

VMM/IEM: Nested VMX: bugref:9180 More robust check for CR0/CR4 fixed0 bits (allows the fixed0 bits to be 0).
Also added missing checks for VMXON for checking fixed1 bits in CR0 and CR4 as well.

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• HMVMXAll.cpp (modified) (1 diff)
• IEMAllCImplVmxInstr.cpp.h (modified) (5 diffs)

trunk/src/VBox/VMM/VMMAll/HMVMXAll.cpp

@@ -56 +56 @@
     VMXV_DIAG_DESC(kVmxVDiag_Vmxon_Cpl                        , "Cpl"                       ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmxon_Cr0Fixed0                  , "Cr0Fixed0"                 ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmxon_Cr0Fixed1                  , "Cr0Fixed1"                 ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmxon_Cr4Fixed0                  , "Cr4Fixed0"                 ),
+    VMXV_DIAG_DESC(kVmxVDiag_Vmxon_Cr4Fixed1                  , "Cr4Fixed1"                 ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmxon_Intercept                  , "Intercept"                 ),
     VMXV_DIAG_DESC(kVmxVDiag_Vmxon_LongModeCS                 , "LongModeCS"                ),

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -2747 +2747 @@
         if (fUnrestrictedGuest)
             u64Cr0Fixed0 &= ~(X86_CR0_PE | X86_CR0_PG);
-        if (~pVmcs->u64GuestCr0.u & u64Cr0Fixed0)
+        if ((pVmcs->u64GuestCr0.u & u64Cr0Fixed0) != u64Cr0Fixed0)
             IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestCr0Fixed0);
 
@@ -2766 +2766 @@
         /* CR4 MB1 bits. */
         uint64_t const u64Cr4Fixed0 = CPUMGetGuestIa32VmxCr4Fixed0(pVCpu);
-        if (~pVmcs->u64GuestCr4.u & u64Cr4Fixed0)
+        if ((pVmcs->u64GuestCr4.u & u64Cr4Fixed0) != u64Cr4Fixed0)
             IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_GuestCr4Fixed0);
 
@@ -3733 +3733 @@
         /* CR0 MB1 bits. */
         uint64_t const u64Cr0Fixed0 = CPUMGetGuestIa32VmxCr0Fixed0(pVCpu);
-        if (~pVmcs->u64HostCr0.u & u64Cr0Fixed0)
+        if ((pVmcs->u64HostCr0.u & u64Cr0Fixed0) != u64Cr0Fixed0)
             IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_HostCr0Fixed0);
 
@@ -3746 +3746 @@
         /* CR4 MB1 bits. */
         uint64_t const u64Cr4Fixed0 = CPUMGetGuestIa32VmxCr4Fixed0(pVCpu);
-        if (~pVmcs->u64HostCr4.u & u64Cr4Fixed0)
+        if ((pVmcs->u64HostCr4.u & u64Cr4Fixed0) != u64Cr4Fixed0)
             IEM_VMX_VMENTRY_FAILED_RET(pVCpu, pszInstr, pszFailure, kVmxVDiag_Vmentry_HostCr4Fixed0);
 
@@ -5592 +5592 @@
         }
 
-        /* CR0 MB1 bits. */
-        uint64_t const uCr0Fixed0 = CPUMGetGuestIa32VmxCr0Fixed0(pVCpu);
-        if (~pVCpu->cpum.GstCtx.cr0 & uCr0Fixed0)
-        {
-            Log(("vmxon: CR0 fixed0 bits cleared -> #GP(0)\n"));
-            pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = kVmxVDiag_Vmxon_Cr0Fixed0;
-            return iemRaiseGeneralProtectionFault0(pVCpu);
-        }
-
-        /* CR4 MB1 bits. */
-        uint64_t const uCr4Fixed0 = CPUMGetGuestIa32VmxCr4Fixed0(pVCpu);
-        if (~pVCpu->cpum.GstCtx.cr4 & uCr4Fixed0)
-        {
-            Log(("vmxon: CR4 fixed0 bits cleared -> #GP(0)\n"));
-            pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = kVmxVDiag_Vmxon_Cr4Fixed0;
-            return iemRaiseGeneralProtectionFault0(pVCpu);
+        /* CR0. */
+        {
+            /* CR0 MB1 bits. */
+            uint64_t const uCr0Fixed0 = CPUMGetGuestIa32VmxCr0Fixed0(pVCpu);
+            if ((pVCpu->cpum.GstCtx.cr0 & uCr0Fixed0) != uCr0Fixed0)
+            {
+                Log(("vmxon: CR0 fixed0 bits cleared -> #GP(0)\n"));
+                pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = kVmxVDiag_Vmxon_Cr0Fixed0;
+                return iemRaiseGeneralProtectionFault0(pVCpu);
+            }
+
+            /* CR0 MBZ bits. */
+            uint64_t const uCr0Fixed1 = CPUMGetGuestIa32VmxCr0Fixed1(pVCpu);
+            if (pVCpu->cpum.GstCtx.cr0 & ~uCr0Fixed1)
+            {
+                Log(("vmxon: CR0 fixed1 bits set -> #GP(0)\n"));
+                pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = kVmxVDiag_Vmxon_Cr0Fixed1;
+                return iemRaiseGeneralProtectionFault0(pVCpu);
+            }
+        }
+
+        /* CR4. */
+        {
+            /* CR4 MB1 bits. */
+            uint64_t const uCr4Fixed0 = CPUMGetGuestIa32VmxCr4Fixed0(pVCpu);
+            if ((pVCpu->cpum.GstCtx.cr4 & uCr4Fixed0) != uCr4Fixed0)
+            {
+                Log(("vmxon: CR4 fixed0 bits cleared -> #GP(0)\n"));
+                pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = kVmxVDiag_Vmxon_Cr4Fixed0;
+                return iemRaiseGeneralProtectionFault0(pVCpu);
+            }
+
+            /* CR4 MBZ bits. */
+            uint64_t const uCr4Fixed1 = CPUMGetGuestIa32VmxCr4Fixed1(pVCpu);
+            if (pVCpu->cpum.GstCtx.cr4 & ~uCr4Fixed1)
+            {
+                Log(("vmxon: CR4 fixed1 bits set -> #GP(0)\n"));
+                pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = kVmxVDiag_Vmxon_Cr4Fixed1;
+                return iemRaiseGeneralProtectionFault0(pVCpu);
+            }
         }