Changeset 92685 in vbox for trunk/src/VBox

Timestamp:

Dec 2, 2021 5:59:39 AM (3 years ago)

Author:

vboxsync

Message:

VMM: Nested VMX: bugref:10092 Started with constructing EPT-violation VM-exit for iemInitDecoderAndPrefetchOpcodes.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAll.cpp (modified) (4 diffs)
• VMMAll/IEMAllCImplVmxInstr.cpp.h (modified) (4 diffs)
• VMMAll/PGMAllGstSlatEpt.cpp.h (modified) (7 diffs)
• include/IEMInternal.h (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -439 +439 @@
 
 /**
+ * Invokes the VMX VM-exit handler for EPT faults.
+ */
+# define IEM_VMX_VMEXIT_EPT_RET(a_pVCpu, a_pPtWalk, a_fAccess, a_fSlatFail, a_cbInstr) \
+    do { return iemVmxVmexitEpt(a_pVCpu, a_pPtWalk, a_fAccess, a_fSlatFail, a_cbInstr); } while (0)
+
+/**
  * Invokes the VMX VM-exit handler.
  */
@@ -454 +460 @@
 # define IEM_VMX_VMEXIT_TASK_SWITCH_RET(a_pVCpu, a_enmTaskSwitch, a_SelNewTss, a_cbInstr)    do { return VERR_VMX_IPE_1; } while (0)
 # define IEM_VMX_VMEXIT_MWAIT_RET(a_pVCpu, a_fMonitorArmed, a_cbInstr)          do { return VERR_VMX_IPE_1; } while (0)
+# define IEM_VMX_VMEXIT_EPT_RET(a_pVCpu, a_pPtWalk, a_fAccess, a_fSlatFail, a_cbInstr)       do { return VERR_VMX_IPE_1; } while (0)
 # define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu, a_uExitReason, a_uExitQual)   do { return VERR_VMX_IPE_1; } while (0)
 
@@ -980 +987 @@
 IEM_STATIC VBOXSTRICTRC     iemVmxVirtApicAccessMsrRead(PVMCPUCC pVCpu, uint32_t idMsr, uint64_t *pu64Value);
 IEM_STATIC VBOXSTRICTRC     iemVmxVirtApicAccessMsrWrite(PVMCPUCC pVCpu, uint32_t idMsr, uint64_t u64Value);
+IEM_STATIC VBOXSTRICTRC     iemVmxVmexitEpt(PVMCPUCC pVCpu, PPGMPTWALK pWalk, uint32_t fAccess, uint32_t fSlatFail, uint8_t cbInstr);
 #endif
 
@@ -1433 +1441 @@
     {
         Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - rc=%Rrc\n", GCPtrPC, rc));
+#ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
+        if (Walk.fFailed & PGM_WALKFAIL_EPT)
+        {
+            Assert(IEM_VMX_IS_NON_ROOT_MODE(pVCpu));
+            IEM_VMX_VMEXIT_EPT_RET(pVCpu, &Walk, IEM_ACCESS_INSTRUCTION, IEM_SLAT_FAIL_LINEAR_TO_PHYS_ADDR, 0 /* cbInstr */);
+        }
+#endif
         return iemRaisePageFault(pVCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, rc);
     }

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -3685 +3685 @@
 
 
-#ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
 /**
  * VMX VM-exit handler for EPT violation.
  *
- * @param   pVCpu       The cross context virtual CPU structure.
- * @param   fAccess     The access causing the EPT violation, IEM_ACCESS_XXX.
- * @param   fEptAccess  The EPT paging structure bits.
- * @param   GCPhysAddr  The physical address causing the EPT violation.
- * @param   GCPtrAddr   The linear address causing the EPT violation.
- * @param   cbInstr     The VM-exit instruction length.
- */
-IEM_STATIC VBOXSTRICTRC iemVmxVmexitEptViolation(PVMCPUCC pVCpu, uint32_t fAccess, uint64_t fEptAccess, RTGCPHYS GCPhysAddr,
-                                                 uint64_t GCPtrAddr, bool fLinearAddrValid, uint8_t cbInstr)
+ * @param   pVCpu               The cross context virtual CPU structure.
+ * @param   fAccess             The access causing the EPT violation, IEM_ACCESS_XXX.
+ * @param   fSlatFail           The SLAT failure info, IEM_SLAT_FAIL_XXX.
+ * @param   fEptAccess          The EPT paging structure bits.
+ * @param   GCPhysAddr          The physical address causing the EPT violation.
+ * @param   fIsLinearAddrValid  Whether translation of a linear address caused this
+ *                              EPT violation. If @c false, GCPtrAddr must be 0.
+ * @param   GCPtrAddr           The linear address causing the EPT violation.
+ * @param   cbInstr             The VM-exit instruction length.
+ */
+IEM_STATIC VBOXSTRICTRC iemVmxVmexitEptViolation(PVMCPUCC pVCpu, uint32_t fAccess, uint32_t fSlatFail, uint64_t fEptAccess,
+                                                 RTGCPHYS GCPhysAddr, bool fLinearAddrValid, uint64_t GCPtrAddr, uint8_t cbInstr)
 {
     /*
@@ -3709 +3711 @@
     uint8_t const fSupportsAccessDirty = fCaps & MSR_IA32_VMX_EPT_VPID_CAP_ACCESS_DIRTY;
 
-    uint8_t const fDataRead    = ((fAccess & IEM_ACCESS_DATA_R)  == IEM_ACCESS_DATA_R)  | fSupportsAccessDirty;
-    uint8_t const fDataWrite   = ((fAccess & IEM_ACCESS_DATA_RW) == IEM_ACCESS_DATA_RW) | fSupportsAccessDirty;
-    uint8_t const fInstrFetch  = (fAccess & IEM_ACCESS_INSTRUCTION) == IEM_ACCESS_INSTRUCTION;
-    bool const fEptRead        = RT_BOOL(fEptAccess & EPT_E_READ);
-    bool const fEptWrite       = RT_BOOL(fEptAccess & EPT_E_WRITE);
-    bool const fEptExec        = RT_BOOL(fEptAccess & EPT_E_EXECUTE);
-    bool const fNmiUnblocking  = pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret;
-
-    uint64_t const u64ExitQual = RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ACCESS_READ,        fDataRead)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ACCESS_WRITE,       fDataWrite)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ACCESS_INSTR_FETCH, fInstrFetch)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ENTRY_READ,         fEptRead)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ENTRY_WRITE,        fEptWrite)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ENTRY_EXECUTE,      fEptExec)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_LINEAR_ADDR_VALID,  fLinearAddrValid)
-                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_NMI_UNBLOCK_IRET,   fNmiUnblocking);
-
-    /** @todo bit 8 of Exit Qualification!
-     *  If the access causing the EPT violation is to a guest-physical address that is
-     *  the translation of a linear address.
-     *   - OR -
-     *  if the access causing the EPT violation is to a paging-structure entry as part
-     *  of a page walk or the update of an accessed or dirty bit.
-     *
-     *  Caller needs to be able to distinguish this... */
+    uint8_t const fDataRead      = ((fAccess & IEM_ACCESS_DATA_R)  == IEM_ACCESS_DATA_R)  | fSupportsAccessDirty;
+    uint8_t const fDataWrite     = ((fAccess & IEM_ACCESS_DATA_RW) == IEM_ACCESS_DATA_RW) | fSupportsAccessDirty;
+    uint8_t const fInstrFetch    = (fAccess & IEM_ACCESS_INSTRUCTION) == IEM_ACCESS_INSTRUCTION;
+    bool const fEptRead          = RT_BOOL(fEptAccess & EPT_E_READ);
+    bool const fEptWrite         = RT_BOOL(fEptAccess & EPT_E_WRITE);
+    bool const fEptExec          = RT_BOOL(fEptAccess & EPT_E_EXECUTE);
+    bool const fNmiUnblocking    = pVCpu->cpum.GstCtx.hwvirt.vmx.fNmiUnblockingIret;
+    bool const fLinearToPhysAddr = fLinearAddrValid & RT_BOOL(fSlatFail & IEM_SLAT_FAIL_LINEAR_TO_PHYS_ADDR);
+
+    uint64_t const u64ExitQual = RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ACCESS_READ,         fDataRead)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ACCESS_WRITE,        fDataWrite)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ACCESS_INSTR_FETCH,  fInstrFetch)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ENTRY_READ,          fEptRead)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ENTRY_WRITE,         fEptWrite)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_ENTRY_EXECUTE,       fEptExec)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_LINEAR_ADDR_VALID,   fLinearAddrValid)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_LINEAR_TO_PHYS_ADDR, fLinearToPhysAddr)
+                               | RT_BF_MAKE(VMX_BF_EXIT_QUAL_EPT_NMI_UNBLOCK_IRET,    fNmiUnblocking);
 
 #ifdef VBOX_STRICT
@@ -3741 +3736 @@
     Assert(!(fCaps & MSR_IA32_VMX_EPT_VPID_CAP_SUPER_SHW_STACK));             /* Supervisor shadow stack control not supported. */
     Assert(!(RT_BF_GET(fMiscCaps, VMX_BF_MISC_INTEL_PT)));                    /* Intel PT not supported. */
-    Assert(!(RT_BF_GET(fMiscCaps, VMX_BF_MISC_INTEL_PT)));                    /* Intel PT not supported. */
     Assert(!(fProcCtls2 & VMX_PROC_CTLS2_MODE_BASED_EPT_PERM));               /* Mode-based execute control not supported. */
 #endif
@@ -3751 +3745 @@
     return iemVmxVmexit(pVCpu, VMX_EXIT_EPT_VIOLATION, u64ExitQual);
 }
-#endif
+
+
+/**
+ * VMX VM-exit handler for EPT-induced VM-exits.
+ *
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   pWalk       The page walk info.
+ * @param   fAccess     The access causing the EPT event, IEM_ACCESS_XXX.
+ * @param   fSlatFail   Additional SLAT info, IEM_SLAT_FAIL_XXX.
+ * @param   cbInstr     The VM-exit instruction length if applicable. Pass 0 if not
+ *                      applicable.
+ */
+IEM_STATIC VBOXSTRICTRC iemVmxVmexitEpt(PVMCPUCC pVCpu, PPGMPTWALK pWalk, uint32_t fAccess, uint32_t fSlatFail,
+                                        uint8_t cbInstr)
+{
+    Assert(pWalk->fIsSlat);
+    Assert(pWalk->fFailed & PGM_WALKFAIL_EPT);
+    Assert(!IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fVmxEptXcptVe);          /* #VE exceptions not supported. */
+    Assert(!(pWalk->fFailed & PGM_WALKFAIL_EPT_VIOLATION_CONVERTIBLE)); /* Without #VE, convertible violations not possible. */
+
+    if (pWalk->fFailed & PGM_WALKFAIL_EPT_VIOLATION)
+    {
+        uint64_t const fEptAccess = (pWalk->fEffective & PGM_PTATTRS_EPT_MASK) >> PGM_PTATTRS_EPT_SHIFT;
+        return iemVmxVmexitEptViolation(pVCpu, fAccess, fSlatFail, fEptAccess, pWalk->GCPhysNested, pWalk->fIsLinearAddrValid,
+                                        pWalk->GCPtr, cbInstr);
+    }
+    else
+    {
+        Assert(pWalk->fFailed & PGM_WALKFAIL_EPT_MISCONFIG);
+        /** @todo Do EPT misconfig. */
+        return VERR_NOT_IMPLEMENTED;
+    }
+}
 
 

trunk/src/VBox/VMM/VMMAll/PGMAllGstSlatEpt.cpp.h

@@ -47 +47 @@
 DECLINLINE(int) PGM_GST_SLAT_NAME_EPT(WalkReturnNotPresent)(PCVMCPUCC pVCpu, PPGMPTWALK pWalk, uint64_t uEntry, uint8_t uLevel)
 {
-    static PGMSLATFAIL const s_aEptViolation[] = { PGMSLATFAIL_EPT_VIOLATION, PGMSLATFAIL_EPT_VIOLATION_CONVERTIBLE };
+    static PGMWALKFAIL const s_afEptViolations[] = { PGM_WALKFAIL_EPT_VIOLATION, PGM_WALKFAIL_EPT_VIOLATION_CONVERTIBLE };
     uint8_t const fEptVeSupported  = pVCpu->CTX_SUFF(pVM)->cpum.ro.GuestFeatures.fVmxEptXcptVe;
     uint8_t const idxViolationType = fEptVeSupported & !RT_BF_GET(uEntry, VMX_BF_EPT_PT_SUPPRESS_VE);
@@ -53 +53 @@
     pWalk->fNotPresent = true;
     pWalk->uLevel      = uLevel;
-    pWalk->enmSlatFail = s_aEptViolation[idxViolationType];
+    pWalk->fFailed    |= s_afEptViolations[idxViolationType];
     return VERR_PAGE_TABLE_NOT_PRESENT;
 }
@@ -63 +63 @@
     pWalk->fBadPhysAddr = true;
     pWalk->uLevel       = uLevel;
-    pWalk->enmSlatFail  = PGMSLATFAIL_EPT_VIOLATION;
+    pWalk->fFailed     |= PGM_WALKFAIL_EPT_VIOLATION;
     return VERR_PAGE_TABLE_NOT_PRESENT;
 }
 
 
-DECLINLINE(int) PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(PVMCPUCC pVCpu, PPGMPTWALK pWalk, uint8_t uLevel)
-{
-    NOREF(pVCpu);
+DECLINLINE(int) PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(PVMCPUCC pVCpu, PPGMPTWALK pWalk, uint64_t uEntry, uint8_t uLevel)
+{
+    static PGMWALKFAIL const s_afEptViolations[] = { PGM_WALKFAIL_EPT_VIOLATION, PGM_WALKFAIL_EPT_VIOLATION_CONVERTIBLE };
+    uint8_t const fEptVeSupported  = pVCpu->CTX_SUFF(pVM)->cpum.ro.GuestFeatures.fVmxEptXcptVe;
+    uint8_t const fConvertible     = RT_BOOL(uLevel == 1 || (uEntry & EPT_E_BIT_LEAF));
+    uint8_t const idxViolationType = fEptVeSupported & fConvertible & !RT_BF_GET(uEntry, VMX_BF_EPT_PT_SUPPRESS_VE);
+
     pWalk->fRsvdError  = true;
     pWalk->uLevel      = uLevel;
-    pWalk->enmSlatFail = PGMSLATFAIL_EPT_MISCONFIG;
+    pWalk->fFailed    |= s_afEptViolations[idxViolationType];
     return VERR_PAGE_TABLE_NOT_PRESENT;
 }
 
 
+/**
+ * Performs an EPT walk (second-level address translation).
+ *
+ * @returns VBox status code.
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_PAGE_TABLE_NOT_PRESENT on failure. Check pWalk for details.
+ *
+ * @param   pVCpu               The cross context virtual CPU structure of the calling EMT.
+ * @param   GCPhysNested        The nested-guest physical address to walk.
+ * @param   fIsLinearAddrValid  Whether the linear-address in @c GCPtrNested caused
+ *                              this page walk. If this is false, @c GCPtrNested
+ *                              must be 0.
+ * @param   GCPtrNested         The nested-guest linear address that caused this
+ *                              page walk.
+ * @param   pWalk               The page walk info.
+ * @param   pGstWalk            The guest mode specific page walk info.
+ */
 DECLINLINE(int) PGM_GST_SLAT_NAME_EPT(Walk)(PVMCPUCC pVCpu, RTGCPHYS GCPhysNested, bool fIsLinearAddrValid, RTGCPTR GCPtrNested,
                                             PPGMPTWALK pWalk, PGSTPTWALK pGstWalk)
 {
+    Assert(fIsLinearAddrValid || GCPtrNested == 0);
+
     /*
      * Init walk structures.
@@ -143 +166 @@
 
         if (RT_LIKELY(GST_IS_PML4E_VALID(pVCpu, Pml4e))) { /* likely */ }
-        else return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, 4);
+        else return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, Pml4e.u, 4);
 
         Assert(!pVCpu->CTX_SUFF(pVM)->cpum.ro.GuestFeatures.fVmxModeBasedExecuteEpt);
@@ -212 +235 @@
             return VINF_SUCCESS;
         }
-        else return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, 3);
+        else return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, Pdpte.u, 3);
 
         int const rc = PGM_GCPHYS_2_PTR_BY_VMCPU(pVCpu, Pdpte.u & EPT_PDPTE_PG_MASK, &pGstWalk->pPd);
@@ -270 +293 @@
             return VINF_SUCCESS;
         }
-        else return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, 2);
+        else return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, Pde.u, 2);
 
         int const rc = PGM_GCPHYS_2_PTR_BY_VMCPU(pVCpu, GST_GET_PDE_GCPHYS(Pde), &pGstWalk->pPt);
@@ -292 +315 @@
         { /* likely*/  }
         else
-            return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, 1);
+            return PGM_GST_SLAT_NAME_EPT(WalkReturnRsvdError)(pVCpu, pWalk, Pte.u, 1);
 
         uint64_t const fEptAttrs     = Pte.u & EPT_PTE_ATTR_MASK;

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -921 +921 @@
 } IEMACCESSCRX;
 
-# ifdef VBOX_WITH_NESTED_HWVIRT_VMX
+#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
+/** @name IEM_SLAT_FAIL_XXX - Second-level address translation failure information.
+ *
+ * These flags provide further context to SLAT page-walk failures that could not be
+ * determined by PGM (e.g, PGM is not privy to memory access permissions).
+ *
+ * @{
+ */
+/** Translating a nested-guest linear address failed accessing a nested-guest
+ *  physical address. */
+# define IEM_SLAT_FAIL_LINEAR_TO_PHYS_ADDR          RT_BIT_32(0)
+/** Translating a nested-guest linear address failed accessing a
+ *  paging-structure entry. */
+# define IEM_SLAT_FAIL_LINEAR_TO_PAGE_TABLE         RT_BIT_32(1)
+/** @} */
+
 PGM_ALL_CB2_PROTO(FNPGMPHYSHANDLER) iemVmxApicAccessPageHandler;
-# endif
+#endif
 
 /**