Changeset 77169 in vbox for trunk/src/VBox/VMM

Timestamp:

Feb 6, 2019 4:52:01 AM (6 years ago)

Author:

vboxsync

Message:

VMM/IEM: Nested VMX: bugref:9180 Clear IDT-vectoring info fields for double-fault intercepted (using the exception bitmap) during delivery of an event.

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• IEMAll.cpp (modified) (2 diffs)
• IEMAllCImplVmxInstr.cpp.h (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -980 +980 @@
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitTaskSwitch(PVMCPU pVCpu, IEMTASKSWITCH enmTaskSwitch, RTSEL SelNewTss, uint8_t cbInstr);
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitEvent(PVMCPU pVCpu, uint8_t uVector, uint32_t fFlags, uint32_t uErrCode, uint64_t uCr2, uint8_t cbInstr);
+IEM_STATIC VBOXSTRICTRC     iemVmxVmexitEventDoubleFault(PVMCPU pVCpu);
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitTripleFault(PVMCPU pVCpu);
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitPreemptTimer(PVMCPU pVCpu);
@@ -5604 +5605 @@
             u8Vector = X86_XCPT_DF;
             uErr     = 0;
-            /** @todo NSTVMX: Do we need to do something here for VMX? */
+#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
+            /* VMX nested-guest #DF intercept needs to be checked here. */
+            if (IEM_VMX_IS_NON_ROOT_MODE(pVCpu))
+            {
+                VBOXSTRICTRC rcStrict0 = iemVmxVmexitEventDoubleFault(pVCpu);
+                if (rcStrict0 != VINF_VMX_INTERCEPT_NOT_ACTIVE)
+                    return rcStrict0;
+            }
+#endif
             /* SVM nested-guest #DF intercepts need to be checked now. See AMD spec. 15.12 "Exception Intercepts". */
             if (IEM_SVM_IS_XCPT_INTERCEPT_SET(pVCpu, X86_XCPT_DF))

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -3926 +3926 @@
 
 /**
+ * VMX VM-exit handler for VM-exits due to a double fault caused during delivery of
+ * an event.
+ *
+ * @returns VBox strict status code.
+ * @param   pVCpu       The cross context virtual CPU structure.
+ */
+IEM_STATIC VBOXSTRICTRC iemVmxVmexitEventDoubleFault(PVMCPU pVCpu)
+{
+    PCVMXVVMCS pVmcs = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs);
+    Assert(pVmcs);
+
+    uint32_t const fXcptBitmap = pVmcs->u32XcptBitmap;
+    if (fXcptBitmap & RT_BIT(X86_XCPT_DF))
+    {
+        uint8_t  const fNmiUnblocking = pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret;
+        uint32_t const uExitIntInfo   = RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_VECTOR,           X86_XCPT_DF)
+                                      | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_TYPE,             VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
+                                      | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_ERR_CODE_VALID,   1)
+                                      | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_NMI_UNBLOCK_IRET, fNmiUnblocking)
+                                      | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_VALID,            1);
+        iemVmxVmcsSetExitIntInfo(pVCpu, uExitIntInfo);
+        iemVmxVmcsSetExitIntErrCode(pVCpu, 0);
+        iemVmxVmcsSetExitQual(pVCpu, 0);
+        iemVmxVmcsSetExitInstrLen(pVCpu, 0);
+
+        /*
+         * A VM-exit is not considered to occur during event delivery when the original
+         * event results in a double-fault that causes a VM-exit directly (i.e. intercepted
+         * using the exception bitmap).
+         *
+         * Therefore, we must clear the original event from the IDT-vectoring fields which
+         * would've been recorded before causing the VM-exit.
+         *
+         * 27.2.3 "Information for VM Exits During Event Delivery"
+         */
+        iemVmxVmcsSetIdtVectoringInfo(pVCpu, 0);
+        iemVmxVmcsSetIdtVectoringErrCode(pVCpu, 0);
+
+        return iemVmxVmexit(pVCpu, VMX_EXIT_XCPT_OR_NMI);
+    }
+
+    return VINF_VMX_INTERCEPT_NOT_ACTIVE;
+}
+
+
+/**
  * VMX VM-exit handler for VM-exits due to delivery of an event.
  *