Changeset 79756 in vbox for trunk/src/VBox

Timestamp:

Jul 13, 2019 4:06:20 PM (6 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

132121

Message:

VMM/IEM: Nested VMX: bugref:9180 Double fault and triple fault VM-exit fixes.

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• IEMAll.cpp (modified) (5 diffs)
• IEMAllCImplVmxInstr.cpp.h (modified) (3 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -445 +445 @@
 
 /**
- * Invokes the VMX VM-exit handle for triple faults.
- */
-# define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu) \
-    do { return iemVmxVmexitTripleFault(a_pVCpu); } while (0)
+ * Invokes the VMX VM-exit handler.
+ */
+# define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu, a_uExitReason, a_uExitQual) \
+    do { return iemVmxVmexit((a_pVCpu), (a_uExitReason), (a_uExitQual)); } while (0)
 
 #else
@@ -460 +460 @@
 # define IEM_VMX_VMEXIT_TASK_SWITCH_RET(a_pVCpu, a_enmTaskSwitch, a_SelNewTss, a_cbInstr)    do { return VERR_VMX_IPE_1; } while (0)
 # define IEM_VMX_VMEXIT_MWAIT_RET(a_pVCpu, a_fMonitorArmed, a_cbInstr)          do { return VERR_VMX_IPE_1; } while (0)
-# define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu)                               do { return VERR_VMX_IPE_1; } while (0)
+# define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu, a_uExitReason, a_uExitQual)   do { return VERR_VMX_IPE_1; } while (0)
 
 #endif
@@ -978 +978 @@
 
 #ifdef VBOX_WITH_NESTED_HWVIRT_VMX
+IEM_STATIC VBOXSTRICTRC     iemVmxVmexit(PVMCPU pVCpu, uint32_t uExitReason, uint64_t u64ExitQual);
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitTaskSwitch(PVMCPU pVCpu, IEMTASKSWITCH enmTaskSwitch, RTSEL SelNewTss, uint8_t cbInstr);
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitEvent(PVMCPU pVCpu, uint8_t uVector, uint32_t fFlags, uint32_t uErrCode, uint64_t uCr2, uint8_t cbInstr);
 IEM_STATIC VBOXSTRICTRC     iemVmxVmexitEventDoubleFault(PVMCPU pVCpu);
-IEM_STATIC VBOXSTRICTRC     iemVmxVmexitTripleFault(PVMCPU pVCpu);
 IEM_STATIC VBOXSTRICTRC     iemVmxVirtApicAccessMem(PVMCPU pVCpu, uint16_t offAccess, size_t cbAccess, void *pvData, uint32_t fAccess);
-IEM_STATIC VBOXSTRICTRC     iemVmxVmexitApicAccess(PVMCPU pVCpu, uint16_t offAccess, uint32_t fAccess);
 IEM_STATIC VBOXSTRICTRC     iemVmxVirtApicAccessMsrRead(PVMCPU pVCpu, uint32_t idMsr, uint64_t *pu64Value);
 IEM_STATIC VBOXSTRICTRC     iemVmxVirtApicAccessMsrWrite(PVMCPU pVCpu, uint32_t idMsr, uint64_t u64Value);
@@ -3482 +3481 @@
 {
     if (IEM_VMX_IS_NON_ROOT_MODE(pVCpu))
-        IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(pVCpu);
+        IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(pVCpu, VMX_EXIT_TRIPLE_FAULT, 0 /* u64ExitQual */);
 
     if (IEM_SVM_IS_CTRL_INTERCEPT_SET(pVCpu, SVM_CTRL_INTERCEPT_SHUTDOWN))
@@ -15986 +15985 @@
 VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitTripleFault(PVMCPU pVCpu)
 {
-    VBOXSTRICTRC rcStrict = iemVmxVmexitTripleFault(pVCpu);
+    VBOXSTRICTRC rcStrict = iemVmxVmexit(pVCpu, VMX_EXIT_TRIPLE_FAULT, 0 /* u64ExitQual */);
     Assert(!pVCpu->iem.s.cActiveMappings);
     return iemExecStatusCodeFiddling(pVCpu, rcStrict);

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -2495 +2495 @@
         if (fInEventDelivery)
         {
-            uint8_t  const uIdtVectoringType = iemVmxGetEventType(uVector, fFlags);
-            uint8_t  const fErrCodeValid     = RT_BOOL(fFlags & IEM_XCPT_FLAGS_ERR);
-            uint32_t const uIdtVectoringInfo = RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_VECTOR,         uVector)
-                                             | RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_TYPE,           uIdtVectoringType)
-                                             | RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_ERR_CODE_VALID, fErrCodeValid)
-                                             | RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_VALID,          1);
-            iemVmxVmcsSetIdtVectoringInfo(pVCpu, uIdtVectoringInfo);
-            iemVmxVmcsSetIdtVectoringErrCode(pVCpu, uErrCode);
+            /*
+             * A VM-exit is not considered to occur during event delivery when the VM-exit is
+             * caused by a triple-fault or the original event results in a double-fault that
+             * causes the VM exit directly (exception bitmap). Therefore, we must not set the
+             * original event information into the IDT-vectoring information fields.
+             *
+             * See Intel spec. 27.2.4 Information for VM Exits During Event Delivery
+             */
+            if (   uExitReason != VMX_EXIT_TRIPLE_FAULT
+                && (   uExitReason != VMX_EXIT_XCPT_OR_NMI
+                    || !VMX_EXIT_INT_INFO_IS_XCPT_DF(pVmcs->u32RoExitIntInfo)))
+            {
+                uint8_t  const uIdtVectoringType = iemVmxGetEventType(uVector, fFlags);
+                uint8_t  const fErrCodeValid     = RT_BOOL(fFlags & IEM_XCPT_FLAGS_ERR);
+                uint32_t const uIdtVectoringInfo = RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_VECTOR,         uVector)
+                                                 | RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_TYPE,           uIdtVectoringType)
+                                                 | RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_ERR_CODE_VALID, fErrCodeValid)
+                                                 | RT_BF_MAKE(VMX_BF_IDT_VECTORING_INFO_VALID,          1);
+                iemVmxVmcsSetIdtVectoringInfo(pVCpu, uIdtVectoringInfo);
+                iemVmxVmcsSetIdtVectoringErrCode(pVCpu, uErrCode);
+            }
         }
     }
@@ -3561 +3574 @@
     if (fXcptBitmap & RT_BIT(X86_XCPT_DF))
     {
-        uint8_t  const fNmiUnblocking = pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret;
+        /*
+         * The NMI-unblocking due to IRET field need not be set for double faults.
+         * See Intel spec. 31.7.1.2 "Resuming Guest Software After Handling An Exception".
+         */
         uint32_t const uExitIntInfo   = RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_VECTOR,           X86_XCPT_DF)
                                       | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_TYPE,             VMX_EXIT_INT_INFO_TYPE_HW_XCPT)
                                       | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_ERR_CODE_VALID,   1)
-                                      | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_NMI_UNBLOCK_IRET, fNmiUnblocking)
+                                      | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_NMI_UNBLOCK_IRET, 0)
                                       | RT_BF_MAKE(VMX_BF_EXIT_INT_INFO_VALID,            1);
         iemVmxVmcsSetExitIntInfo(pVCpu, uExitIntInfo);
-        iemVmxVmcsSetExitIntErrCode(pVCpu, 0);
-        iemVmxVmcsSetExitInstrLen(pVCpu, 0);
-
-        /*
-         * A VM-exit is not considered to occur during event delivery when the original
-         * event results in a double-fault that causes a VM-exit directly (i.e. intercepted
-         * using the exception bitmap).
-         *
-         * Therefore, we must clear the original event from the IDT-vectoring fields which
-         * would've been recorded before causing the VM-exit.
-         *
-         * 27.2.3 "Information for VM Exits During Event Delivery"
-         */
-        iemVmxVmcsSetIdtVectoringInfo(pVCpu, 0);
-        iemVmxVmcsSetIdtVectoringErrCode(pVCpu, 0);
         return iemVmxVmexit(pVCpu, VMX_EXIT_XCPT_OR_NMI, 0 /* u64ExitQual */);
     }
@@ -3738 +3739 @@
 
     return VINF_VMX_INTERCEPT_NOT_ACTIVE;
-}
-
-
-/**
- * VMX VM-exit handler for VM-exits due to a triple fault.
- *
- * @returns VBox strict status code.
- * @param   pVCpu   The cross context virtual CPU structure.
- */
-IEM_STATIC VBOXSTRICTRC iemVmxVmexitTripleFault(PVMCPU pVCpu)
-{
-    /*
-     * A VM-exit is not considered to occur during event delivery when the original
-     * event results in a triple-fault.
-     *
-     * Therefore, we must clear the original event from the IDT-vectoring fields which
-     * would've been recorded before causing the VM-exit.
-     *
-     * 27.2.3 "Information for VM Exits During Event Delivery"
-     */
-    iemVmxVmcsSetIdtVectoringInfo(pVCpu, 0);
-    iemVmxVmcsSetIdtVectoringErrCode(pVCpu, 0);
-
-    return iemVmxVmexit(pVCpu, VMX_EXIT_TRIPLE_FAULT, 0 /* u64ExitQual */);
 }