Changeset 75671 in vbox for trunk/src/VBox/VMM/VMMAll

Timestamp:

Nov 22, 2018 3:08:24 PM (6 years ago)

Author:

vboxsync

Message:

VMM: Nested VMX: bugref:9180 Implement NMI-unblocking due to IRET for VM-exits. Implemented restoring blocking of NMI when VM-entry fails while checking/loading guest-state. Fixed loading blocking by NMI during VM-entry.

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• IEMAllCImpl.cpp.h (modified) (1 diff)
• IEMAllCImplVmxInstr.cpp.h (modified) (10 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

@@ -3847 +3847 @@
      * See Intel spec. 6.7.1 "Handling Multiple NMIs".
      */
-    VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
+    bool const fBlockingNmi = VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
+    if (fBlockingNmi)
+        VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
+
+#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
+    /*
+     * Record whether NMIs (or virtual-NMIs) were unblocked by execution of this
+     * IRET instruction. We need to provide this information as part of some VM-exits.
+     *
+     * See Intel spec. 27.2.2 "Information for VM Exits Due to Vectored Events".
+     */
+    if (IEM_VMX_IS_NON_ROOT_MODE(pVCpu))
+        pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret = fBlockingNmi;
+#endif
 
     /*

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -1562 +1562 @@
      *     interrupts until the completion of the current VMLAUNCH/VMRESUME
      *     instruction. Interrupt inhibition for any nested-guest instruction
-     *     will be set later while loading the guest-interruptibility state.
+     *     is supplied by the guest-interruptibility state VMCS field and will
+     *     be set up as part of loading the guest state.
      *
      *   - VMCPU_FF_BLOCK_NMIS needs to be cached as VM-exits caused before
-     *     successful VM-entry needs to continue blocking NMIs if it was in effect
-     *     during VM-entry.
+     *     successful VM-entry (due to invalid guest-state) need to continue
+     *     blocking NMIs if it was in effect before VM-entry.
      *
      *   - MTF need not be preserved as it's used only in VMX non-root mode and
-     *     is supplied on VM-entry through the VM-execution controls.
+     *     is supplied through the VM-execution controls.
      *
-     * The remaining FFs (e.g. timers, APIC updates) must stay in place so that
+     * The remaining FFs (e.g. timers, APIC updates) can stay in place so that
      * we will be able to generate interrupts that may cause VM-exits for
      * the nested-guest.
      */
     pVCpu->cpum.GstCtx.hwvirt.fLocalForcedActions = pVCpu->fLocalForcedActions & VMCPU_FF_BLOCK_NMIS;
-
-    if (VMCPU_FF_IS_ANY_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS | VMCPU_FF_BLOCK_NMIS))
-        VMCPU_FF_CLEAR_MASK(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS | VMCPU_FF_BLOCK_NMIS);
 }
 
@@ -1754 +1752 @@
     /* Interruptibility-state. */
     pVmcs->u32GuestIntrState = 0;
-    if (pVmcs->u32PinCtls & VMX_PIN_CTLS_VIRT_NMI)
-    { /** @todo NSTVMX: Virtual-NMI blocking. */ }
-    else if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_BLOCK_NMIS))
+    if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_BLOCK_NMIS))
         pVmcs->u32GuestIntrState |= VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI;
 
@@ -1773 +1769 @@
         &&  uExitReason != VMX_EXIT_SMI
         &&  uExitReason != VMX_EXIT_ERR_MACHINE_CHECK
-        && !HMVmxIsTrapLikeVmexit(uExitReason))
+        && !HMVmxIsVmexitTrapLike(uExitReason))
     {
         /** @todo NSTVMX: also must exclude VM-exits caused by debug exceptions when
@@ -2367 +2363 @@
     pVCpu->cpum.GstCtx.rflags.u = X86_EFL_1;
 
-    /* Update non-register state. */
-    iemVmxVmexitRestoreForceFlags(pVCpu);
-
     /* Clear address range monitoring. */
     EMMonitorWaitClear(pVCpu);
@@ -2795 +2788 @@
             return iemVmxAbort(pVCpu, VMXABORT_SAVE_GUEST_MSRS);
     }
+    else
+    {
+        /* Restore force-flags that may or may not have been cleared as part of the failed VM-entry. */
+        iemVmxVmexitRestoreForceFlags(pVCpu);
+    }
 
     /*
@@ -3755 +3753 @@
         if (pVmcs->u32ExitCtls & VMX_EXIT_CTLS_ACK_EXT_INT)
         {
-            uint8_t  const fNmiUnblocking = 0;  /** @todo NSTVMX: Implement NMI-unblocking due to IRET. */
+            uint8_t  const fNmiUnblocking = pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret;
             uint32_t const uExitIntInfo   = RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_VECTOR,           uVector)
                                           | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_TYPE,             VMX_EXIT_INT_INFO_TYPE_EXT_INT)
@@ -3923 +3921 @@
         }
 
-        uint8_t  const fNmiUnblocking = 0;  /** @todo NSTVMX: Implement NMI-unblocking due to IRET. */
+        uint8_t  const fNmiUnblocking = pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret;
         uint8_t  const fErrCodeValid  = (fFlags & IEM_XCPT_FLAGS_ERR);
         uint8_t  const uIntInfoType   = iemVmxGetEventType(uVector, fFlags);
@@ -6787 +6785 @@
     PCVMXVVMCS pVmcs = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs);
     uint32_t const uEntryIntInfo = pVmcs->u32EntryIntInfo;
-    if (VMX_ENTRY_INT_INFO_IS_VALID(uEntryIntInfo))
-    {
-        /** @todo NSTVMX: Pending debug exceptions. */
-        Assert(!(pVmcs->u64GuestPendingDbgXcpt.u));
-
-        if (pVmcs->u32GuestIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI)
-        {
-            /** @todo NSTVMX: Virtual-NMIs doesn't affect NMI blocking in the normal sense.
-             *        We probably need a different force flag for virtual-NMI
-             *        pending/blocking. */
-            Assert(!(pVmcs->u32PinCtls & VMX_PIN_CTLS_VIRT_NMI));
-            VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
-        }
-        else
-            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_BLOCK_NMIS));
-
+    if (!HMVmxIsVmentryVectoring(uEntryIntInfo))
+    {
         if (pVmcs->u32GuestIntrState & (VMX_VMCS_GUEST_INT_STATE_BLOCK_STI | VMX_VMCS_GUEST_INT_STATE_BLOCK_MOVSS))
             EMSetInhibitInterruptsPC(pVCpu, pVCpu->cpum.GstCtx.rip);
@@ -6810 +6794 @@
         /* SMI blocking is irrelevant. We don't support SMIs yet. */
     }
+    else
+    {
+        /* When the VM-entry is not vectoring, there is no blocking by STI or Mov-SS. */
+        if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
+            VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
+    }
+
+    /* NMI blocking. */
+    if (   (pVmcs->u32GuestIntrState & VMX_VMCS_GUEST_INT_STATE_BLOCK_NMI)
+        && !VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_BLOCK_NMIS))
+        VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
+
+    /** @todo NSTVMX: Pending debug exceptions. */
+    Assert(!(pVmcs->u64GuestPendingDbgXcpt.u));
 
     /* Loading PDPTEs will be taken care when we switch modes. We don't support EPT yet. */
@@ -7048 +7046 @@
                 if (RT_SUCCESS(rc))
                 {
-                    /* Save the guest force-flags as VM-exits can occur from this point on. */
-                    iemVmxVmentrySaveForceFlags(pVCpu);
-
                     /* Initialize the VM-exit qualification field as it MBZ for VM-exits where it isn't specified. */
                     iemVmxVmcsSetExitQual(pVCpu, 0);
+
+                    /*
+                     * Blocking of NMIs need to be restored if VM-entry fails due to invalid-guest state.
+                     * So we save the required force flags here (currently only VMCPU_FF_BLOCK_NMI) so we
+                     * can restore it on VM-exit when required.
+                     */
+                    iemVmxVmentrySaveForceFlags(pVCpu);
 
                     rc = iemVmxVmentryCheckGuestState(pVCpu, pszInstr);