Changeset 90593 in vbox

Timestamp:

Aug 10, 2021 10:37:27 AM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

146204

Message:

VMM/HMVMXR0: Fix guru meditation while reading debug registers by the nested-guest.

File:

• trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp (modified) (5 diffs)

trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp

@@ -6080 +6080 @@
         AssertRC(rc);
 
-        /* Always intercept Mov DRx accesses for the nested-guest for now. */
-        pVmcsInfo->u32ProcCtls |= VMX_PROC_CTLS_MOV_DR_EXIT;
-        rc = VMXWriteVmcs32(VMX_VMCS32_CTRL_PROC_EXEC, pVmcsInfo->u32ProcCtls);
-        AssertRC(rc);
+        /*
+         * We don't want to always intercept MOV DRx for nested-guests as it causes
+         * problems when the nested hypervisor isn't intercepting them, see @bugref{10080}.
+         * Instead, they are strictly only requested when the nested hypervisor intercepts
+         * them -- handled while merging VMCS controls.
+         *
+         * If neither the outer nor the nested-hypervisor is intercepting MOV DRx,
+         * then the guest debug state should be actively loaded on the host so that
+         * nested-guest reads its own debug registers without causing VM-exits.
+         */
+        if (   !(pVmcsInfo->u32ProcCtls & VMX_PROC_CTLS_MOV_DR_EXIT)
+            && !CPUMIsGuestDebugStateActive(pVCpu))
+            CPUMR0LoadGuestDebugState(pVCpu, true /* include DR6 */);
         return VINF_SUCCESS;
     }
@@ -10452 +10461 @@
                                | (pVmcsInfoGst->u32ProcCtls & ~(  VMX_PROC_CTLS_INT_WINDOW_EXIT
                                                                 | VMX_PROC_CTLS_NMI_WINDOW_EXIT
+                                                                | VMX_PROC_CTLS_MOV_DR_EXIT
                                                                 | VMX_PROC_CTLS_USE_TPR_SHADOW
                                                                 | VMX_PROC_CTLS_MONITOR_TRAP_FLAG));
@@ -10820 +10830 @@
      * guest to cause a VM-exit the next time they are ready to receive the event.
      *
-     * With nested-guests, evaluating pending events may cause VM-exits. Also, verify
-     * that the event in TRPM that we will inject using hardware-assisted VMX is -not-
-     * subject to interecption. Otherwise, we should have checked and injected them
-     * manually elsewhere (IEM).
+     * For nested-guests, verify that the TRPM event that we're about to inject using
+     * hardware-assisted VMX is -not- subject to nested-hypervisor interception.
+     * Otherwise, we should have checked and injected them manually elsewhere (IEM).
      */
     if (TRPMHasTrap(pVCpu))
@@ -11303 +11312 @@
 
             Assert(VMMRZCallRing3IsEnabled(pVCpu));
+            Assert(   pVmxTransient->fWasGuestDebugStateActive == false
+                   || pVmxTransient->fWasHyperDebugStateActive == false);
             return;
         }
@@ -16135 +16146 @@
     PVMXVMCSINFO pVmcsInfo = pVmxTransient->pVmcsInfo;
 
-    /* We might get this VM-exit if the nested-guest is not intercepting MOV DRx accesses. */
+    /*
+     * We might also get this VM-exit if the nested-guest isn't intercepting MOV DRx accesses.
+     * In such a case, rather than disabling MOV DRx intercepts and resuming execution, we
+     * must emulate the MOV DRx access.
+     */
     if (!pVmxTransient->fIsNestedGuest)
     {