Changeset 89976 in vbox for trunk/src/VBox/VMM/VMMR0

Timestamp:

Jun 30, 2021 11:03:22 AM (4 years ago)

Author:

vboxsync

Message:

VMM/HMVMX: Deal with #ACs triggered by split-lock detection on the host. bugref:10052

Location:

trunk/src/VBox/VMM/VMMR0

Files:

• HMSVMR0.cpp (modified) (1 diff)
• HMVMXR0.cpp (modified) (2 diffs)

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

@@ -7507 +7507 @@
     HMSVM_VALIDATE_EXIT_HANDLER_PARAMS(pVCpu, pSvmTransient);
     HMSVM_CHECK_EXIT_DUE_TO_EVENT_DELIVERY(pVCpu, pSvmTransient);
-    STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestAC);
+    STAM_REL_COUNTER_INC(&pVCpu->hm.s.StatExitGuestAC);
 
     SVMEVENT Event;

trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp

@@ -4106 +4106 @@
      * The following exceptions are always intercepted:
      *
-     * #AC - To prevent the guest from hanging the CPU.
+     * #AC - To prevent the guest from hanging the CPU and for dealing with
+     *       split-lock detecting host configs.
      * #DB - To maintain the DR6 state even when intercepting DRx reads/writes and
      *       recursive #DBs can cause a CPU hang.
@@ -14136 +14137 @@
 {
     HMVMX_VALIDATE_EXIT_XCPT_HANDLER_PARAMS(pVCpu, pVmxTransient);
-    STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestAC);
+
+    /*
+     * Detect #ACs caused by host having enabled split-lock detection.
+     * Emulate such instructions.
+     */
+    int rc = hmR0VmxImportGuestState(pVCpu, pVmxTransient->pVmcsInfo,
+                                     CPUMCTX_EXTRN_CR0 | CPUMCTX_EXTRN_RFLAGS | CPUMCTX_EXTRN_SS | CPUMCTX_EXTRN_CS);
+    AssertRCReturn(rc, rc);
+    /** @todo detect split lock in cpu feature?   */
+    if (   /* 1. If 486-style alignment checks aren't enabled, then this must be a split-lock exception */
+           !(pVCpu->cpum.GstCtx.cr0 & X86_CR0_AM)
+           /* 2. #AC cannot happen in rings 0-2 except for split-lock detection. */
+        || CPUMGetGuestCPL(pVCpu) != 3
+           /* 3. When the EFLAGS.AC != 0 this can only be a split-lock case. */
+        || !(pVCpu->cpum.GstCtx.eflags.u & X86_EFL_AC) )
+    {
+        STAM_REL_COUNTER_INC(&pVCpu->hm.s.StatExitGuestACSplitLock);
+#if 0
+        rc = hmR0VmxImportGuestState(pVCpu, pVmxTransient->pVmcsInfo, IEM_CPUMCTX_EXTRN_MUST_MASK);
+#else
+        rc = hmR0VmxImportGuestState(pVCpu, pVmxTransient->pVmcsInfo, HMVMX_CPUMCTX_EXTRN_ALL);
+#endif
+        AssertRCReturn(rc, rc);
+        Log8Func(("cs:rip=%#04x:%#RX64 rflags=%#RX64 cr0=%#RX64 split-lock #AC?\n", pVCpu->cpum.GstCtx.cs.Sel,
+                  pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.rflags, pVCpu->cpum.GstCtx.cr0));
+
+        /** @todo For SMP configs we should do a rendezvous here. */
+        VBOXSTRICTRC rcStrict = IEMExecOneIgnoreLock(pVCpu);
+        if (rcStrict == VINF_SUCCESS)
+#if 0       /** @todo r=bird: This is potentially wrong.  Might have to just do a whole
+             *        state sync above and mark everything changed to be safe... */
+            ASMAtomicUoOrU64(&pVCpu->hm.s.fCtxChanged,
+                               HM_CHANGED_GUEST_RIP
+                             | HM_CHANGED_GUEST_RFLAGS
+                             | HM_CHANGED_GUEST_GPRS_MASK
+                             | HM_CHANGED_GUEST_CS
+                             | HM_CHANGED_GUEST_SS);
+#else
+        ASMAtomicUoOrU64(&pVCpu->hm.s.fCtxChanged, HM_CHANGED_ALL_GUEST);
+#endif
+        else if (rcStrict == VINF_IEM_RAISED_XCPT)
+        {
+            ASMAtomicUoOrU64(&pVCpu->hm.s.fCtxChanged, HM_CHANGED_RAISED_XCPT_MASK);
+            rcStrict = VINF_SUCCESS;
+        }
+        return VBOXSTRICTRC_VAL(rcStrict);
+    }
+
+    STAM_REL_COUNTER_INC(&pVCpu->hm.s.StatExitGuestAC);
+    Log8Func(("cs:rip=%#04x:%#RX64 rflags=%#RX64 cr0=%#RX64 cpl=%d -> #AC\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
+              pVCpu->cpum.GstCtx.rflags, pVCpu->cpum.GstCtx.cr0, CPUMGetGuestCPL(pVCpu) ));
 
     /* Re-inject it. We'll detect any nesting before getting here. */