HWSVMR0.cpp revision 7f62f04e2a04748a89d153bfbde59762a3ac33ce
dccbafa70b5a9a6f933c5566e4542caf9f379b97vboxsync/* $Id$ */
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync/** @file
5b281ba489ca18f0380d7efc7a5108b606cce449vboxsync * HM SVM (AMD-V) - Host Context Ring-0.
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync */
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync/*
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync * Copyright (C) 2006-2012 Oracle Corporation
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync *
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * available from http://www.virtualbox.org. This file is free software;
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * you can redistribute it and/or modify it under the terms of the GNU
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * General Public License (GPL) as published by the Free Software
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync */
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync/*******************************************************************************
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync* Header Files *
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync*******************************************************************************/
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync#define LOG_GROUP LOG_GROUP_HM
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync#include <VBox/vmm/hm.h>
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync#include <VBox/vmm/pgm.h>
bd8e360cd1db83dcb2694ea9122ce3bc5bae678avboxsync#include <VBox/vmm/selm.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <VBox/vmm/iom.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <VBox/vmm/dbgf.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <VBox/vmm/dbgftrace.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <VBox/vmm/tm.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <VBox/vmm/pdmapi.h>
aa4bcf0a4b2db3ac352b56a291d49cb8d4b66d32vboxsync#include "HMInternal.h"
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <VBox/vmm/vm.h>
aa4bcf0a4b2db3ac352b56a291d49cb8d4b66d32vboxsync#include <VBox/vmm/hm_svm.h>
aa4bcf0a4b2db3ac352b56a291d49cb8d4b66d32vboxsync#include <VBox/err.h>
dccbafa70b5a9a6f933c5566e4542caf9f379b97vboxsync#include <VBox/log.h>
d618bed3882cd227cf8f5d0d2824f8db42fad415vboxsync#include <VBox/dis.h>
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync#include <VBox/disopcode.h>
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync#include <iprt/param.h>
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync#include <iprt/assert.h>
5ef92c0006229b3fc7bc7eb4ad80ed65fb0dd98bvboxsync#include <iprt/asm.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <iprt/asm-amd64-x86.h>
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync#include <iprt/cpuset.h>
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#include <iprt/mp.h>
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#include <iprt/time.h>
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#ifdef VBOX_WITH_VMMR0_DISABLE_PREEMPTION
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync# include <iprt/thread.h>
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#endif
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#include <iprt/x86.h>
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#include "HWSVMR0.h"
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#include "dtrace/VBoxVMM.h"
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync/*******************************************************************************
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync* Internal Functions *
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync*******************************************************************************/
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsyncstatic int hmR0SvmInterpretInvlpg(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsyncstatic int hmR0SvmEmulateTprVMMCall(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsyncstatic void hmR0SvmSetMSRPermission(PVMCPU pVCpu, unsigned ulMSR, bool fRead, bool fWrite);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
dccbafa70b5a9a6f933c5566e4542caf9f379b97vboxsync/*******************************************************************************
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync* Defined Constants And Macros *
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync*******************************************************************************/
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync/** Convert hidden selector attribute word between VMX and SVM formats. */
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync#define SVM_HIDSEGATTR_VMX2SVM(a) (a & 0xFF) | ((a & 0xF000) >> 4)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#define SVM_HIDSEGATTR_SVM2VMX(a) (a & 0xFF) | ((a & 0x0F00) << 4)
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync#define SVM_WRITE_SELREG(REG, reg) \
81587231c9c584851518872e197f6f02dffe68cavboxsync do \
81587231c9c584851518872e197f6f02dffe68cavboxsync { \
81587231c9c584851518872e197f6f02dffe68cavboxsync Assert(pCtx->reg.fFlags & CPUMSELREG_FLAGS_VALID); \
81587231c9c584851518872e197f6f02dffe68cavboxsync Assert(pCtx->reg.ValidSel == pCtx->reg.Sel); \
81587231c9c584851518872e197f6f02dffe68cavboxsync pvVMCB->guest.REG.u16Sel = pCtx->reg.Sel; \
7be2140da7230ed5736528554a4dc34b2ac482acvboxsync pvVMCB->guest.REG.u32Limit = pCtx->reg.u32Limit; \
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pvVMCB->guest.REG.u64Base = pCtx->reg.u64Base; \
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pvVMCB->guest.REG.u16Attr = SVM_HIDSEGATTR_VMX2SVM(pCtx->reg.Attr.u); \
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync } while (0)
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync#define SVM_READ_SELREG(REG, reg) \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync do \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync { \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pCtx->reg.Sel = pvVMCB->guest.REG.u16Sel; \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pCtx->reg.ValidSel = pvVMCB->guest.REG.u16Sel; \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pCtx->reg.fFlags = CPUMSELREG_FLAGS_VALID; \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pCtx->reg.u32Limit = pvVMCB->guest.REG.u32Limit; \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pCtx->reg.u64Base = pvVMCB->guest.REG.u64Base; \
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pCtx->reg.Attr.u = SVM_HIDSEGATTR_SVM2VMX(pvVMCB->guest.REG.u16Attr); \
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync } while (0)
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync
aa4bcf0a4b2db3ac352b56a291d49cb8d4b66d32vboxsync/*******************************************************************************
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync* Global Variables *
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync*******************************************************************************/
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync/* IO operation lookup arrays. */
c882ddf98a60a4aab1218108b334083f98b7d66avboxsyncstatic uint32_t const g_aIOSize[8] = {0, 1, 2, 0, 4, 0, 0, 0};
c882ddf98a60a4aab1218108b334083f98b7d66avboxsyncstatic uint32_t const g_aIOOpAnd[8] = {0, 0xff, 0xffff, 0, 0xffffffff, 0, 0, 0};
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync/**
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * Sets up and activates AMD-V on the current CPU.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync *
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * @returns VBox status code.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * @param pCpu Pointer to the CPU info struct.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * @param pVM Pointer to the VM (can be NULL after a resume!).
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * @param pvCpuPage Pointer to the global CPU page.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * @param HCPhysCpuPage Physical address of the global CPU page.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync */
c882ddf98a60a4aab1218108b334083f98b7d66avboxsyncVMMR0DECL(int) SVMR0EnableCpu(PHMGLOBLCPUINFO pCpu, PVM pVM, void *pvCpuPage, RTHCPHYS HCPhysCpuPage, bool fEnabledByHost)
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync{
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync AssertReturn(!fEnabledByHost, VERR_INVALID_PARAMETER);
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync AssertReturn(HCPhysCpuPage != 0 && HCPhysCpuPage != NIL_RTHCPHYS, VERR_INVALID_PARAMETER);
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync AssertReturn(pvCpuPage, VERR_INVALID_PARAMETER);
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync /*
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * We must turn on AMD-V and setup the host state physical address, as those MSRs are per cpu/core.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync */
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync uint64_t fEfer = ASMRdMsr(MSR_K6_EFER);
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync if (fEfer & MSR_K6_EFER_SVME)
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync {
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync /*
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync * If the VBOX_HWVIRTEX_IGNORE_SVM_IN_USE is active, then we blindly use AMD-V.
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync */
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync if ( pVM
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync && pVM->hm.s.svm.fIgnoreInUseError)
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync {
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync pCpu->fIgnoreAMDVInUseError = true;
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync }
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync if (!pCpu->fIgnoreAMDVInUseError)
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync return VERR_SVM_IN_USE;
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync }
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync /* Turn on AMD-V in the EFER MSR. */
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync ASMWrMsr(MSR_K6_EFER, fEfer | MSR_K6_EFER_SVME);
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync
c882ddf98a60a4aab1218108b334083f98b7d66avboxsync /* Write the physical page address where the CPU will store the host state while executing the VM. */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync ASMWrMsr(MSR_K8_VM_HSAVE_PA, HCPhysCpuPage);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync /*
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * Theoretically, other hypervisors may have used ASIDs, ideally we should flush all non-zero ASIDs
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * when enabling SVM. AMD doesn't have an SVM instruction to flush all ASIDs (flushing is done
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * upon VMRUN). Therefore, just set the fFlushAsidBeforeUse flag which instructs hmR0SvmSetupTLB()
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * to flush the TLB with before using a new ASID.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync pCpu->fFlushAsidBeforeUse = true;
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync /*
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * Ensure each VCPU scheduled on this CPU gets a new VPID on resume. See @bugref{6255}.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync ++pCpu->cTlbFlushes;
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync return VINF_SUCCESS;
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync}
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync/**
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * Deactivates AMD-V on the current CPU.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync *
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * @returns VBox status code.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * @param pCpu Pointer to the CPU info struct.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * @param pvCpuPage Pointer to the global CPU page.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * @param HCPhysCpuPage Physical address of the global CPU page.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsyncVMMR0DECL(int) SVMR0DisableCpu(PHMGLOBLCPUINFO pCpu, void *pvCpuPage, RTHCPHYS HCPhysCpuPage)
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync{
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync AssertReturn(HCPhysCpuPage != 0 && HCPhysCpuPage != NIL_RTHCPHYS, VERR_INVALID_PARAMETER);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync AssertReturn(pvCpuPage, VERR_INVALID_PARAMETER);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync NOREF(pCpu);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync /* Turn off AMD-V in the EFER MSR. */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync uint64_t fEfer = ASMRdMsr(MSR_K6_EFER);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync ASMWrMsr(MSR_K6_EFER, fEfer & ~MSR_K6_EFER_SVME);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync /* Invalidate host state physical address. */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync ASMWrMsr(MSR_K8_VM_HSAVE_PA, 0);
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync return VINF_SUCCESS;
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync}
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync/**
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * Does Ring-0 per VM AMD-V init.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync *
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * @returns VBox status code.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync * @param pVM Pointer to the VM.
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync */
b6097213cd07c5383c49168bfb61f915dbd4587avboxsyncVMMR0DECL(int) SVMR0InitVM(PVM pVM)
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync{
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync int rc;
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync
b6097213cd07c5383c49168bfb61f915dbd4587avboxsync pVM->hm.s.svm.hMemObjIOBitmap = NIL_RTR0MEMOBJ;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync /* Allocate 12 KB for the IO bitmap (doesn't seem to be a way to convince SVM not to use it) */
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync rc = RTR0MemObjAllocCont(&pVM->hm.s.svm.hMemObjIOBitmap, 3 << PAGE_SHIFT, false /* fExecutable */);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync if (RT_FAILURE(rc))
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync return rc;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pVM->hm.s.svm.pvIOBitmap = RTR0MemObjAddress(pVM->hm.s.svm.hMemObjIOBitmap);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVM->hm.s.svm.HCPhysIOBitmap = RTR0MemObjGetPagePhysAddr(pVM->hm.s.svm.hMemObjIOBitmap, 0);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync /* Set all bits to intercept all IO accesses. */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync ASMMemFill32(pVM->hm.s.svm.pvIOBitmap, 3 << PAGE_SHIFT, 0xffffffff);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync /*
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * Erratum 170 which requires a forced TLB flush for each world switch:
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * See http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/33610.pdf
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync *
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * All BH-G1/2 and DH-G1/2 models include a fix:
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * Athlon X2: 0x6b 1/2
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * 0x68 1/2
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * Athlon 64: 0x7f 1
7868f7238f92c22fcfede63182607629da7a8eadvboxsync * 0x6f 2
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * Sempron: 0x7f 1/2
fd546afe09073de92e5422c1334f1c27b4108687vboxsync * 0x6f 2
fd546afe09073de92e5422c1334f1c27b4108687vboxsync * 0x6c 2
fd546afe09073de92e5422c1334f1c27b4108687vboxsync * 0x7c 2
fd546afe09073de92e5422c1334f1c27b4108687vboxsync * Turion 64: 0x68 2
fd546afe09073de92e5422c1334f1c27b4108687vboxsync */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync uint32_t u32Dummy;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync uint32_t u32Version, u32Family, u32Model, u32Stepping, u32BaseFamily;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync ASMCpuId(1, &u32Version, &u32Dummy, &u32Dummy, &u32Dummy);
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync u32BaseFamily = (u32Version >> 8) & 0xf;
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync u32Family = u32BaseFamily + (u32BaseFamily == 0xf ? ((u32Version >> 20) & 0x7f) : 0);
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync u32Model = ((u32Version >> 4) & 0xf);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync u32Model = u32Model | ((u32BaseFamily == 0xf ? (u32Version >> 16) & 0x0f : 0) << 4);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync u32Stepping = u32Version & 0xf;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync if ( u32Family == 0xf
fd546afe09073de92e5422c1334f1c27b4108687vboxsync && !((u32Model == 0x68 || u32Model == 0x6b || u32Model == 0x7f) && u32Stepping >= 1)
fd546afe09073de92e5422c1334f1c27b4108687vboxsync && !((u32Model == 0x6f || u32Model == 0x6c || u32Model == 0x7c) && u32Stepping >= 2))
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync {
fd546afe09073de92e5422c1334f1c27b4108687vboxsync Log(("SVMR0InitVM: AMD cpu with erratum 170 family %x model %x stepping %x\n", u32Family, u32Model, u32Stepping));
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pVM->hm.s.svm.fAlwaysFlushTLB = true;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync
fd546afe09073de92e5422c1334f1c27b4108687vboxsync /* Allocate VMCBs for all guest CPUs. */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync for (VMCPUID i = 0; i < pVM->cCpus; i++)
fd546afe09073de92e5422c1334f1c27b4108687vboxsync {
fd546afe09073de92e5422c1334f1c27b4108687vboxsync PVMCPU pVCpu = &pVM->aCpus[i];
fd546afe09073de92e5422c1334f1c27b4108687vboxsync
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pVCpu->hm.s.svm.hMemObjVMCBHost = NIL_RTR0MEMOBJ;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pVCpu->hm.s.svm.hMemObjVMCB = NIL_RTR0MEMOBJ;
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync pVCpu->hm.s.svm.hMemObjMsrBitmap = NIL_RTR0MEMOBJ;
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync /* Allocate one page for the host context */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync rc = RTR0MemObjAllocCont(&pVCpu->hm.s.svm.hMemObjVMCBHost, 1 << PAGE_SHIFT, false /* fExecutable */);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync if (RT_FAILURE(rc))
fd546afe09073de92e5422c1334f1c27b4108687vboxsync return rc;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pVCpu->hm.s.svm.pvVMCBHost = RTR0MemObjAddress(pVCpu->hm.s.svm.hMemObjVMCBHost);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pVCpu->hm.s.svm.HCPhysVMCBHost = RTR0MemObjGetPagePhysAddr(pVCpu->hm.s.svm.hMemObjVMCBHost, 0);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync Assert(pVCpu->hm.s.svm.HCPhysVMCBHost < _4G);
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync ASMMemZeroPage(pVCpu->hm.s.svm.pvVMCBHost);
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync /* Allocate one page for the VM control block (VMCB). */
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync rc = RTR0MemObjAllocCont(&pVCpu->hm.s.svm.hMemObjVMCB, 1 << PAGE_SHIFT, false /* fExecutable */);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync if (RT_FAILURE(rc))
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync return rc;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.svm.pvVMCB = RTR0MemObjAddress(pVCpu->hm.s.svm.hMemObjVMCB);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.svm.HCPhysVMCB = RTR0MemObjGetPagePhysAddr(pVCpu->hm.s.svm.hMemObjVMCB, 0);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Assert(pVCpu->hm.s.svm.HCPhysVMCB < _4G);
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync ASMMemZeroPage(pVCpu->hm.s.svm.pvVMCB);
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync
8e3f7f941e446e203bd8f3d0782d761aeb5af6c9vboxsync /* Allocate 8 KB for the MSR bitmap (doesn't seem to be a way to convince SVM not to use it) */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync rc = RTR0MemObjAllocCont(&pVCpu->hm.s.svm.hMemObjMsrBitmap, 2 << PAGE_SHIFT, false /* fExecutable */);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync if (RT_FAILURE(rc))
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync return rc;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pVCpu->hm.s.svm.pvMsrBitmap = RTR0MemObjAddress(pVCpu->hm.s.svm.hMemObjMsrBitmap);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync pVCpu->hm.s.svm.HCPhysMsrBitmap = RTR0MemObjGetPagePhysAddr(pVCpu->hm.s.svm.hMemObjMsrBitmap, 0);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync /* Set all bits to intercept all MSR accesses. */
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync ASMMemFill32(pVCpu->hm.s.svm.pvMsrBitmap, 2 << PAGE_SHIFT, 0xffffffff);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync }
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync return VINF_SUCCESS;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync}
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync/**
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * Does Ring-0 per VM AMD-V termination.
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync *
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * @returns VBox status code.
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * @param pVM Pointer to the VM.
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync */
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsyncVMMR0DECL(int) SVMR0TermVM(PVM pVM)
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync{
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync for (VMCPUID i = 0; i < pVM->cCpus; i++)
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync PVMCPU pVCpu = &pVM->aCpus[i];
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync if (pVCpu->hm.s.svm.hMemObjVMCBHost != NIL_RTR0MEMOBJ)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync RTR0MemObjFree(pVCpu->hm.s.svm.hMemObjVMCBHost, false);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.svm.pvVMCBHost = 0;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.svm.HCPhysVMCBHost = 0;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.svm.hMemObjVMCBHost = NIL_RTR0MEMOBJ;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync }
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync if (pVCpu->hm.s.svm.hMemObjVMCB != NIL_RTR0MEMOBJ)
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync {
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync RTR0MemObjFree(pVCpu->hm.s.svm.hMemObjVMCB, false);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVCpu->hm.s.svm.pvVMCB = 0;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVCpu->hm.s.svm.HCPhysVMCB = 0;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVCpu->hm.s.svm.hMemObjVMCB = NIL_RTR0MEMOBJ;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync }
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync if (pVCpu->hm.s.svm.hMemObjMsrBitmap != NIL_RTR0MEMOBJ)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync {
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync RTR0MemObjFree(pVCpu->hm.s.svm.hMemObjMsrBitmap, false);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVCpu->hm.s.svm.pvMsrBitmap = 0;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVCpu->hm.s.svm.HCPhysMsrBitmap = 0;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVCpu->hm.s.svm.hMemObjMsrBitmap = NIL_RTR0MEMOBJ;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync }
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync }
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync if (pVM->hm.s.svm.hMemObjIOBitmap != NIL_RTR0MEMOBJ)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync {
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync RTR0MemObjFree(pVM->hm.s.svm.hMemObjIOBitmap, false);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVM->hm.s.svm.pvIOBitmap = 0;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVM->hm.s.svm.HCPhysIOBitmap = 0;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pVM->hm.s.svm.hMemObjIOBitmap = NIL_RTR0MEMOBJ;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync }
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync return VINF_SUCCESS;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync}
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync/**
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * Sets up AMD-V for the specified VM.
8f78050183f7368c70cfc93edd1180326edc1208vboxsync *
8f78050183f7368c70cfc93edd1180326edc1208vboxsync * @returns VBox status code.
8f78050183f7368c70cfc93edd1180326edc1208vboxsync * @param pVM Pointer to the VM.
8f78050183f7368c70cfc93edd1180326edc1208vboxsync */
8f78050183f7368c70cfc93edd1180326edc1208vboxsyncVMMR0DECL(int) SVMR0SetupVM(PVM pVM)
8f78050183f7368c70cfc93edd1180326edc1208vboxsync{
8f78050183f7368c70cfc93edd1180326edc1208vboxsync int rc = VINF_SUCCESS;
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
8f78050183f7368c70cfc93edd1180326edc1208vboxsync AssertReturn(pVM, VERR_INVALID_PARAMETER);
8f78050183f7368c70cfc93edd1180326edc1208vboxsync Assert(pVM->hm.s.svm.fSupported);
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
8f78050183f7368c70cfc93edd1180326edc1208vboxsync for (VMCPUID i = 0; i < pVM->cCpus; i++)
8f78050183f7368c70cfc93edd1180326edc1208vboxsync {
8f78050183f7368c70cfc93edd1180326edc1208vboxsync PVMCPU pVCpu = &pVM->aCpus[i];
8f78050183f7368c70cfc93edd1180326edc1208vboxsync SVM_VMCB *pvVMCB = (SVM_VMCB *)pVM->aCpus[i].hm.s.svm.pvVMCB;
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
8f78050183f7368c70cfc93edd1180326edc1208vboxsync AssertMsgReturn(pvVMCB, ("Invalid pvVMCB\n"), VERR_SVM_INVALID_PVMCB);
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
8f78050183f7368c70cfc93edd1180326edc1208vboxsync /*
8f78050183f7368c70cfc93edd1180326edc1208vboxsync * Program the control fields. Most of them never have to be changed again.
8f78050183f7368c70cfc93edd1180326edc1208vboxsync * CR0/4 reads must be intercepted, our shadow values are not necessarily the same as the guest's.
8f78050183f7368c70cfc93edd1180326edc1208vboxsync * Note: CR0 & CR4 can be safely read when guest and shadow copies are identical.
8f78050183f7368c70cfc93edd1180326edc1208vboxsync */
8f78050183f7368c70cfc93edd1180326edc1208vboxsync pvVMCB->ctrl.u16InterceptRdCRx = RT_BIT(0) | RT_BIT(4);
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
8f78050183f7368c70cfc93edd1180326edc1208vboxsync /* CR0/4 writes must be intercepted for obvious reasons. */
8f78050183f7368c70cfc93edd1180326edc1208vboxsync pvVMCB->ctrl.u16InterceptWrCRx = RT_BIT(0) | RT_BIT(4);
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
8f78050183f7368c70cfc93edd1180326edc1208vboxsync /* Intercept all DRx reads and writes by default. Changed later on. */
8f78050183f7368c70cfc93edd1180326edc1208vboxsync pvVMCB->ctrl.u16InterceptRdDRx = 0xFFFF;
8f78050183f7368c70cfc93edd1180326edc1208vboxsync pvVMCB->ctrl.u16InterceptWrDRx = 0xFFFF;
8f78050183f7368c70cfc93edd1180326edc1208vboxsync
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync /* Intercept traps; only #NM is always intercepted. */
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync pvVMCB->ctrl.u32InterceptException = RT_BIT(X86_XCPT_NM);
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync#ifdef VBOX_ALWAYS_TRAP_PF
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync pvVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_PF);
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync#endif
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync#ifdef VBOX_STRICT
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync pvVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_BP)
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync | RT_BIT(X86_XCPT_DB)
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync | RT_BIT(X86_XCPT_DE)
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync | RT_BIT(X86_XCPT_UD)
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync | RT_BIT(X86_XCPT_NP)
4fa08e9052161e65bfe8d2e3bb38fa227af628c0vboxsync | RT_BIT(X86_XCPT_SS)
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | RT_BIT(X86_XCPT_GP)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | RT_BIT(X86_XCPT_MF)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync ;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync#endif
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /* Set up instruction and miscellaneous intercepts. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->ctrl.u32InterceptCtrl1 = SVM_CTRL1_INTERCEPT_INTR
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_VINTR
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_NMI
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_SMI
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_INIT
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_RDPMC
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_CPUID
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL1_INTERCEPT_RSM
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_HLT
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_INOUT_BITMAP
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_MSR_SHADOW
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_INVLPGA /* AMD only */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_SHUTDOWN /* fatal */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_FERR_FREEZE; /* Legacy FPU FERR handling. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync ;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->ctrl.u32InterceptCtrl2 = SVM_CTRL2_INTERCEPT_VMRUN /* required */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL2_INTERCEPT_VMMCALL
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_VMLOAD
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_VMSAVE
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_STGI
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_CLGI
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_SKINIT
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_WBINVD
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_MONITOR
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync | SVM_CTRL2_INTERCEPT_MWAIT_UNCOND; /* don't execute mwait or else we'll idle inside the
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync guest (host thinks the cpu load is high) */
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync Log(("pvVMCB->ctrl.u32InterceptException = %x\n", pvVMCB->ctrl.u32InterceptException));
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync Log(("pvVMCB->ctrl.u32InterceptCtrl1 = %x\n", pvVMCB->ctrl.u32InterceptCtrl1));
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync Log(("pvVMCB->ctrl.u32InterceptCtrl2 = %x\n", pvVMCB->ctrl.u32InterceptCtrl2));
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync /* Virtualize masking of INTR interrupts. (reads/writes from/to CR8 go to the V_TPR register) */
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync pvVMCB->ctrl.IntCtrl.n.u1VIrqMasking = 1;
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync /* Ignore the priority in the TPR; just deliver it when we tell it to. */
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync pvVMCB->ctrl.IntCtrl.n.u1IgnoreTPR = 1;
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync /* Set IO and MSR bitmap addresses. */
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync pvVMCB->ctrl.u64IOPMPhysAddr = pVM->hm.s.svm.HCPhysIOBitmap;
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync pvVMCB->ctrl.u64MSRPMPhysAddr = pVCpu->hm.s.svm.HCPhysMsrBitmap;
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync /* No LBR virtualization. */
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync pvVMCB->ctrl.u64LBRVirt = 0;
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync /* The ASID must start at 1; the host uses 0. */
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync pvVMCB->ctrl.TLBCtrl.n.u32ASID = 1;
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync /*
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync * Setup the PAT MSR (nested paging only)
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync * The default value should be 0x0007040600070406ULL, but we want to treat all guest memory as WB,
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync * so choose type 6 for all PAT slots.
1a05eb58618c8f646bd1304d10c73792e0034f20vboxsync */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->guest.u64GPAT = 0x0006060606060606ULL;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /* If nested paging is not in use, additional intercepts have to be set up. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync if (!pVM->hm.s.fNestedPaging)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync {
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /* CR3 reads/writes must be intercepted; our shadow values are different from guest's. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->ctrl.u16InterceptRdCRx |= RT_BIT(3);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->ctrl.u16InterceptWrCRx |= RT_BIT(3);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /*
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * We must also intercept:
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * - INVLPG (must go through shadow paging)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * - task switches (may change CR3/EFLAGS/LDT)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->ctrl.u32InterceptCtrl1 |= SVM_CTRL1_INTERCEPT_INVLPG
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync | SVM_CTRL1_INTERCEPT_TASK_SWITCH;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /* Page faults must be intercepted to implement shadow paging. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync pvVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_PF);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync }
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /*
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * The following MSRs are saved automatically by vmload/vmsave, so we allow the guest
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * to modify them directly.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K8_LSTAR, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K8_CSTAR, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K6_STAR, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K8_SF_MASK, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K8_FS_BASE, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K8_GS_BASE, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_K8_KERNEL_GS_BASE, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_IA32_SYSENTER_CS, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_IA32_SYSENTER_ESP, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync hmR0SvmSetMSRPermission(pVCpu, MSR_IA32_SYSENTER_EIP, true, true);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync }
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync return rc;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync}
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync/**
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * Sets the permission bits for the specified MSR.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync *
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pVCpu Pointer to the VMCPU.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param ulMSR MSR value.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param fRead Whether reading is allowed.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param fWrite Whether writing is allowed.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsyncstatic void hmR0SvmSetMSRPermission(PVMCPU pVCpu, unsigned ulMSR, bool fRead, bool fWrite)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync{
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync unsigned ulBit;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync uint8_t *pvMsrBitmap = (uint8_t *)pVCpu->hm.s.svm.pvMsrBitmap;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync if (ulMSR <= 0x00001FFF)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync /* Pentium-compatible MSRs */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync ulBit = ulMSR * 2;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync }
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync else if ( ulMSR >= 0xC0000000
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync && ulMSR <= 0xC0001FFF)
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync {
fd546afe09073de92e5422c1334f1c27b4108687vboxsync /* AMD Sixth Generation x86 Processor MSRs and SYSCALL */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync ulBit = (ulMSR - 0xC0000000) * 2;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pvMsrBitmap += 0x800;
7be2140da7230ed5736528554a4dc34b2ac482acvboxsync }
7e0c3d180b978b8f4b5b33f8e924520248ee3ab3vboxsync else if ( ulMSR >= 0xC0010000
fd546afe09073de92e5422c1334f1c27b4108687vboxsync && ulMSR <= 0xC0011FFF)
81587231c9c584851518872e197f6f02dffe68cavboxsync {
81587231c9c584851518872e197f6f02dffe68cavboxsync /* AMD Seventh and Eighth Generation Processor MSRs */
81587231c9c584851518872e197f6f02dffe68cavboxsync ulBit = (ulMSR - 0xC0001000) * 2;
dc88ff18a0306635c385b14211765e618351b253vboxsync pvMsrBitmap += 0x1000;
dccbafa70b5a9a6f933c5566e4542caf9f379b97vboxsync }
dccbafa70b5a9a6f933c5566e4542caf9f379b97vboxsync else
81587231c9c584851518872e197f6f02dffe68cavboxsync {
81587231c9c584851518872e197f6f02dffe68cavboxsync AssertFailed();
81587231c9c584851518872e197f6f02dffe68cavboxsync return;
81587231c9c584851518872e197f6f02dffe68cavboxsync }
81587231c9c584851518872e197f6f02dffe68cavboxsync Assert(ulBit < 16 * 1024 - 1);
81587231c9c584851518872e197f6f02dffe68cavboxsync if (fRead)
81587231c9c584851518872e197f6f02dffe68cavboxsync ASMBitClear(pvMsrBitmap, ulBit);
81587231c9c584851518872e197f6f02dffe68cavboxsync else
81587231c9c584851518872e197f6f02dffe68cavboxsync ASMBitSet(pvMsrBitmap, ulBit);
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync if (fWrite)
81587231c9c584851518872e197f6f02dffe68cavboxsync ASMBitClear(pvMsrBitmap, ulBit + 1);
81587231c9c584851518872e197f6f02dffe68cavboxsync else
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync ASMBitSet(pvMsrBitmap, ulBit + 1);
81587231c9c584851518872e197f6f02dffe68cavboxsync}
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync/**
81587231c9c584851518872e197f6f02dffe68cavboxsync * Posts a pending event (trap or external interrupt). An injected event should only
81587231c9c584851518872e197f6f02dffe68cavboxsync * be written to the VMCB immediately before VMRUN, otherwise we might have stale events
81587231c9c584851518872e197f6f02dffe68cavboxsync * injected across VM resets and suchlike. See @bugref{6220}.
81587231c9c584851518872e197f6f02dffe68cavboxsync *
81587231c9c584851518872e197f6f02dffe68cavboxsync * @param pVCpu Pointer to the VMCPU.
81587231c9c584851518872e197f6f02dffe68cavboxsync * @param pCtx Pointer to the guest CPU context.
81587231c9c584851518872e197f6f02dffe68cavboxsync * @param pIntInfo Pointer to the SVM interrupt info.
81587231c9c584851518872e197f6f02dffe68cavboxsync */
81587231c9c584851518872e197f6f02dffe68cavboxsyncDECLINLINE(void) hmR0SvmSetPendingEvent(PVMCPU pVCpu, SVM_EVENT *pEvent)
81587231c9c584851518872e197f6f02dffe68cavboxsync{
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#ifdef VBOX_STRICT
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Log(("SVM: Set pending event: intInfo=%016llx\n", pEvent->au64[0]));
81587231c9c584851518872e197f6f02dffe68cavboxsync#endif
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync /* If there's an event pending already, we're in trouble... */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Assert(!pVCpu->hm.s.Event.fPending);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync /* Set pending event state. */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.Event.u64IntrInfo = pEvent->au64[0];
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.Event.fPending = true;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync}
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync/**
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * Injects an event (trap or external interrupt).
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync *
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pVCpu Pointer to the VMCPU.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pvVMCB Pointer to the VMCB.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pCtx Pointer to the guest CPU context.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pIntInfo Pointer to the SVM interrupt info.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsyncDECLINLINE(void) hmR0SvmInjectEvent(PVMCPU pVCpu, SVM_VMCB *pvVMCB, CPUMCTX *pCtx, SVM_EVENT *pEvent)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync{
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#ifdef VBOX_WITH_STATISTICS
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync STAM_COUNTER_INC(&pVCpu->hm.s.paStatInjectedIrqsR0[pEvent->n.u8Vector & MASK_INJECT_IRQ_STAT]);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#endif
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#ifdef VBOX_STRICT
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync if (pEvent->n.u8Vector == 0xE)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Log(("SVM: Inject int %d at %RGv error code=%02x CR2=%RGv intInfo=%08x\n", pEvent->n.u8Vector,
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync (RTGCPTR)pCtx->rip, pEvent->n.u32ErrorCode, (RTGCPTR)pCtx->cr2, pEvent->au64[0]));
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync }
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync else if (pEvent->n.u8Vector < 0x20)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Log(("SVM: Inject int %d at %RGv error code=%08x\n", pEvent->n.u8Vector, (RTGCPTR)pCtx->rip, pEvent->n.u32ErrorCode));
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync else
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Log(("INJ-EI: %x at %RGv\n", pEvent->n.u8Vector, (RTGCPTR)pCtx->rip));
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Assert(!VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Assert(pCtx->eflags.u32 & X86_EFL_IF);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync }
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync#endif
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync /* Set event injection state. */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pvVMCB->ctrl.EventInject.au64[0] = pEvent->au64[0];
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync}
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync/**
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * Checks for pending guest interrupts and injects them.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync *
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @returns VBox status code.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pVM Pointer to the VM.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pVCpu Pointer to the VMCPU.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pvVMCB Pointer to the VMCB.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * @param pCtx Pointer to the guest CPU Context.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsyncstatic int hmR0SvmCheckPendingInterrupt(PVM pVM, PVMCPU pVCpu, SVM_VMCB *pvVMCB, CPUMCTX *pCtx)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync{
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync int rc;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync NOREF(pVM);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync /*
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * Dispatch any pending interrupts (injected before, but a VM-exit occurred prematurely).
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync if (pVCpu->hm.s.Event.fPending)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync SVM_EVENT Event;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Log(("Reinjecting event %08x %08x at %RGv\n", pVCpu->hm.s.Event.u64IntrInfo, pVCpu->hm.s.Event.u32ErrCode,
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync (RTGCPTR)pCtx->rip));
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync STAM_COUNTER_INC(&pVCpu->hm.s.StatIntReinject);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Event.au64[0] = pVCpu->hm.s.Event.u64IntrInfo;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync hmR0SvmInjectEvent(pVCpu, pvVMCB, pCtx, &Event);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync pVCpu->hm.s.Event.fPending = false;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync return VINF_SUCCESS;
81587231c9c584851518872e197f6f02dffe68cavboxsync }
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync /*
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync * If an active trap is already pending, we must forward it first!
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync */
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync if (!TRPMHasTrap(pVCpu))
dccbafa70b5a9a6f933c5566e4542caf9f379b97vboxsync {
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync if (VMCPU_FF_TESTANDCLEAR(pVCpu, VMCPU_FF_INTERRUPT_NMI))
da97b7ac000d0f02e86c31a4f2767a00d83c6167vboxsync {
da97b7ac000d0f02e86c31a4f2767a00d83c6167vboxsync SVM_EVENT Event;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync Log(("CPU%d: injecting #NMI\n", pVCpu->idCpu));
7868f7238f92c22fcfede63182607629da7a8eadvboxsync Event.n.u8Vector = X86_XCPT_NMI;
14e0667f834cd0e2a8c365084cd2ad0a893109e8vboxsync Event.n.u1Valid = 1;
7868f7238f92c22fcfede63182607629da7a8eadvboxsync Event.n.u32ErrorCode = 0;
14e0667f834cd0e2a8c365084cd2ad0a893109e8vboxsync Event.n.u3Type = SVM_EVENT_NMI;
14e0667f834cd0e2a8c365084cd2ad0a893109e8vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync hmR0SvmInjectEvent(pVCpu, pvVMCB, pCtx, &Event);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync return VINF_SUCCESS;
d618bed3882cd227cf8f5d0d2824f8db42fad415vboxsync }
7868f7238f92c22fcfede63182607629da7a8eadvboxsync
da97b7ac000d0f02e86c31a4f2767a00d83c6167vboxsync /** @todo SMI interrupts. */
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync
da97b7ac000d0f02e86c31a4f2767a00d83c6167vboxsync /*
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync * When external interrupts are pending, we should exit the VM when IF is set.
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync */
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync if (VMCPU_FF_ISPENDING(pVCpu, (VMCPU_FF_INTERRUPT_APIC|VMCPU_FF_INTERRUPT_PIC)))
da97b7ac000d0f02e86c31a4f2767a00d83c6167vboxsync {
da97b7ac000d0f02e86c31a4f2767a00d83c6167vboxsync if ( !(pCtx->eflags.u32 & X86_EFL_IF)
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync || VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
81587231c9c584851518872e197f6f02dffe68cavboxsync {
81587231c9c584851518872e197f6f02dffe68cavboxsync if (!pvVMCB->ctrl.IntCtrl.n.u1VIrqValid)
81587231c9c584851518872e197f6f02dffe68cavboxsync {
81587231c9c584851518872e197f6f02dffe68cavboxsync if (!VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
81587231c9c584851518872e197f6f02dffe68cavboxsync LogFlow(("Enable irq window exit!\n"));
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync else
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync {
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync Log(("Pending interrupt blocked at %RGv by VM_FF_INHIBIT_INTERRUPTS -> irq window exit\n",
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync (RTGCPTR)pCtx->rip));
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync
fd546afe09073de92e5422c1334f1c27b4108687vboxsync /** @todo Use virtual interrupt method to inject a pending IRQ; dispatched as
fd546afe09073de92e5422c1334f1c27b4108687vboxsync * soon as guest.IF is set. */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pvVMCB->ctrl.u32InterceptCtrl1 |= SVM_CTRL1_INTERCEPT_VINTR;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync pvVMCB->ctrl.IntCtrl.n.u1VIrqValid = 1;
7e0c3d180b978b8f4b5b33f8e924520248ee3ab3vboxsync pvVMCB->ctrl.IntCtrl.n.u8VIrqVector = 0; /* don't care */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
7e0c3d180b978b8f4b5b33f8e924520248ee3ab3vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync else
fd546afe09073de92e5422c1334f1c27b4108687vboxsync {
fd546afe09073de92e5422c1334f1c27b4108687vboxsync uint8_t u8Interrupt;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync
fd546afe09073de92e5422c1334f1c27b4108687vboxsync rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync Log(("Dispatch interrupt: u8Interrupt=%x (%d) rc=%Rrc\n", u8Interrupt, u8Interrupt, rc));
fd546afe09073de92e5422c1334f1c27b4108687vboxsync if (RT_SUCCESS(rc))
fd546afe09073de92e5422c1334f1c27b4108687vboxsync {
fd546afe09073de92e5422c1334f1c27b4108687vboxsync rc = TRPMAssertTrap(pVCpu, u8Interrupt, TRPM_HARDWARE_INT);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync AssertRC(rc);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync else
fd546afe09073de92e5422c1334f1c27b4108687vboxsync {
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync /* Can only happen in rare cases where a pending interrupt is cleared behind our back */
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync Assert(!VMCPU_FF_ISPENDING(pVCpu, (VMCPU_FF_INTERRUPT_APIC|VMCPU_FF_INTERRUPT_PIC)));
fd546afe09073de92e5422c1334f1c27b4108687vboxsync STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchGuestIrq);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync /* Just continue */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync
7868f7238f92c22fcfede63182607629da7a8eadvboxsync#ifdef VBOX_STRICT
fd546afe09073de92e5422c1334f1c27b4108687vboxsync if (TRPMHasTrap(pVCpu))
fd546afe09073de92e5422c1334f1c27b4108687vboxsync {
fd546afe09073de92e5422c1334f1c27b4108687vboxsync uint8_t u8Vector;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync rc = TRPMQueryTrapAll(pVCpu, &u8Vector, 0, 0, 0);
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync AssertRC(rc);
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync#endif
fd546afe09073de92e5422c1334f1c27b4108687vboxsync
fd546afe09073de92e5422c1334f1c27b4108687vboxsync if ( (pCtx->eflags.u32 & X86_EFL_IF)
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync && (!VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync && TRPMHasTrap(pVCpu)
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync )
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync {
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync uint8_t u8Vector;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync TRPMEVENT enmType;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync SVM_EVENT Event;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync RTGCUINT u32ErrorCode;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync Event.au64[0] = 0;
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync /* If a new event is pending, then dispatch it now. */
81587231c9c584851518872e197f6f02dffe68cavboxsync rc = TRPMQueryTrapAll(pVCpu, &u8Vector, &enmType, &u32ErrorCode, 0);
81587231c9c584851518872e197f6f02dffe68cavboxsync AssertRC(rc);
81587231c9c584851518872e197f6f02dffe68cavboxsync Assert(pCtx->eflags.Bits.u1IF == 1 || enmType == TRPM_TRAP);
81587231c9c584851518872e197f6f02dffe68cavboxsync Assert(enmType != TRPM_SOFTWARE_INT);
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync /* Clear the pending trap. */
81587231c9c584851518872e197f6f02dffe68cavboxsync rc = TRPMResetTrap(pVCpu);
81587231c9c584851518872e197f6f02dffe68cavboxsync AssertRC(rc);
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync Event.n.u8Vector = u8Vector;
81587231c9c584851518872e197f6f02dffe68cavboxsync Event.n.u1Valid = 1;
81587231c9c584851518872e197f6f02dffe68cavboxsync Event.n.u32ErrorCode = u32ErrorCode;
81587231c9c584851518872e197f6f02dffe68cavboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync if (enmType == TRPM_TRAP)
81587231c9c584851518872e197f6f02dffe68cavboxsync {
81587231c9c584851518872e197f6f02dffe68cavboxsync switch (u8Vector)
81587231c9c584851518872e197f6f02dffe68cavboxsync {
81587231c9c584851518872e197f6f02dffe68cavboxsync case X86_XCPT_DF:
81587231c9c584851518872e197f6f02dffe68cavboxsync case X86_XCPT_TS:
81587231c9c584851518872e197f6f02dffe68cavboxsync case X86_XCPT_NP:
fd546afe09073de92e5422c1334f1c27b4108687vboxsync case X86_XCPT_SS:
fd546afe09073de92e5422c1334f1c27b4108687vboxsync case X86_XCPT_GP:
fd546afe09073de92e5422c1334f1c27b4108687vboxsync case X86_XCPT_PF:
fd546afe09073de92e5422c1334f1c27b4108687vboxsync case X86_XCPT_AC:
fd546afe09073de92e5422c1334f1c27b4108687vboxsync /* Valid error codes. */
fd546afe09073de92e5422c1334f1c27b4108687vboxsync Event.n.u1ErrorCodeValid = 1;
7e0c3d180b978b8f4b5b33f8e924520248ee3ab3vboxsync break;
7e0c3d180b978b8f4b5b33f8e924520248ee3ab3vboxsync default:
fd546afe09073de92e5422c1334f1c27b4108687vboxsync break;
fd546afe09073de92e5422c1334f1c27b4108687vboxsync }
fd546afe09073de92e5422c1334f1c27b4108687vboxsync if (u8Vector == X86_XCPT_NMI)
fd546afe09073de92e5422c1334f1c27b4108687vboxsync Event.n.u3Type = SVM_EVENT_NMI;
81587231c9c584851518872e197f6f02dffe68cavboxsync else
7be2140da7230ed5736528554a4dc34b2ac482acvboxsync Event.n.u3Type = SVM_EVENT_EXCEPTION;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync }
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync else
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync Event.n.u3Type = SVM_EVENT_EXTERNAL_IRQ;
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync STAM_COUNTER_INC(&pVCpu->hm.s.StatIntInject);
ad27e1d5e48ca41245120c331cc88b50464813cevboxsync hmR0SvmInjectEvent(pVCpu, pvVMCB, pCtx, &Event);
45e9c1c72518aeba6673332bdd4d70b59e1c11a4vboxsync } /* if (interrupts can be dispatched) */
14e0667f834cd0e2a8c365084cd2ad0a893109e8vboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync return VINF_SUCCESS;
81587231c9c584851518872e197f6f02dffe68cavboxsync}
14e0667f834cd0e2a8c365084cd2ad0a893109e8vboxsync
81587231c9c584851518872e197f6f02dffe68cavboxsync
14e0667f834cd0e2a8c365084cd2ad0a893109e8vboxsync/**
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync * Save the host state.
ea6c70405e39fa563a55780ef25e0933d8c73a1avboxsync *
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync * @returns VBox status code.
aa4bcf0a4b2db3ac352b56a291d49cb8d4b66d32vboxsync * @param pVM Pointer to the VM.
4d6dcfe00aab559241d9ed05b89f803ab5ddf611vboxsync * @param pVCpu Pointer to the VMCPU.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsyncVMMR0DECL(int) SVMR0SaveHostState(PVM pVM, PVMCPU pVCpu)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync{
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync NOREF(pVM);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync NOREF(pVCpu);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /* Nothing to do here. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync return VINF_SUCCESS;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync}
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync/**
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * Loads the guest state.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync *
dc88ff18a0306635c385b14211765e618351b253vboxsync * NOTE: Don't do anything here that can cause a jump back to ring-3!!!
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync *
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * @returns VBox status code.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * @param pVM Pointer to the VM.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * @param pVCpu Pointer to the VMCPU.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync * @param pCtx Pointer to the guest CPU context.
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsyncVMMR0DECL(int) SVMR0LoadGuestState(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync{
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync RTGCUINTPTR val;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync SVM_VMCB *pvVMCB;
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync if (pVM == NULL)
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync return VERR_INVALID_PARAMETER;
b1cf57acefb5d1ce6ae2466f43e225a81083ff34vboxsync
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync /* Setup AMD SVM. */
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync Assert(pVM->hm.s.svm.fSupported);
f6f8bfbbbc6a59ba94b01886ed5a8d6e5813073bvboxsync
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync pvVMCB = (SVM_VMCB *)pVCpu->hm.s.svm.pvVMCB;
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync AssertMsgReturn(pvVMCB, ("Invalid pvVMCB\n"), VERR_SVM_INVALID_PVMCB);
f181d21bd7f14d7ee3709246500c9353bb33c922vboxsync
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync /* Guest CPU context: ES, CS, SS, DS, FS, GS. */
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_SEGMENT_REGS)
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync {
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync SVM_WRITE_SELREG(CS, cs);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync SVM_WRITE_SELREG(SS, ss);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync SVM_WRITE_SELREG(DS, ds);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync SVM_WRITE_SELREG(ES, es);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync SVM_WRITE_SELREG(FS, fs);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync SVM_WRITE_SELREG(GS, gs);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync }
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync /* Guest CPU context: LDTR. */
01b2e367e947049139a5d5813ccc1fa162b11f76vboxsync if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_LDTR)
01b2e367e947049139a5d5813ccc1fa162b11f76vboxsync {
01b2e367e947049139a5d5813ccc1fa162b11f76vboxsync SVM_WRITE_SELREG(LDTR, ldtr);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync }
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync /* Guest CPU context: TR. */
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_TR)
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync {
f181d21bd7f14d7ee3709246500c9353bb33c922vboxsync SVM_WRITE_SELREG(TR, tr);
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync }
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync
03c2683d4e59cc500217b1d5d76fdf9b8cdfefa5vboxsync /* Guest CPU context: GDTR. */
if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_GDTR)
{
pvVMCB->guest.GDTR.u32Limit = pCtx->gdtr.cbGdt;
pvVMCB->guest.GDTR.u64Base = pCtx->gdtr.pGdt;
}
/* Guest CPU context: IDTR. */
if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_IDTR)
{
pvVMCB->guest.IDTR.u32Limit = pCtx->idtr.cbIdt;
pvVMCB->guest.IDTR.u64Base = pCtx->idtr.pIdt;
}
/*
* Sysenter MSRs (unconditional)
*/
pvVMCB->guest.u64SysEnterCS = pCtx->SysEnter.cs;
pvVMCB->guest.u64SysEnterEIP = pCtx->SysEnter.eip;
pvVMCB->guest.u64SysEnterESP = pCtx->SysEnter.esp;
/* Control registers */
if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_CR0)
{
val = pCtx->cr0;
if (!CPUMIsGuestFPUStateActive(pVCpu))
{
/* Always use #NM exceptions to load the FPU/XMM state on demand. */
val |= X86_CR0_TS | X86_CR0_ET | X86_CR0_NE | X86_CR0_MP;
}
else
{
/** @todo check if we support the old style mess correctly. */
if (!(val & X86_CR0_NE))
{
Log(("Forcing X86_CR0_NE!!!\n"));
/* Also catch floating point exceptions as we need to report them to the guest in a different way. */
if (!pVCpu->hm.s.fFPUOldStyleOverride)
{
pvVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_MF);
pVCpu->hm.s.fFPUOldStyleOverride = true;
}
}
val |= X86_CR0_NE; /* always turn on the native mechanism to report FPU errors (old style uses interrupts) */
}
/* Always enable caching. */
val &= ~(X86_CR0_CD|X86_CR0_NW);
/*
* Note: WP is not relevant in nested paging mode as we catch accesses on the (guest) physical level.
* Note: In nested paging mode, the guest is allowed to run with paging disabled; the guest-physical to host-physical
* translation will remain active.
*/
if (!pVM->hm.s.fNestedPaging)
{
val |= X86_CR0_PG; /* Paging is always enabled; even when the guest is running in real mode or PE without paging. */
val |= X86_CR0_WP; /* Must set this as we rely on protecting various pages and supervisor writes must be caught. */
}
pvVMCB->guest.u64CR0 = val;
}
/* CR2 as well */
pvVMCB->guest.u64CR2 = pCtx->cr2;
if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_CR3)
{
/* Save our shadow CR3 register. */
if (pVM->hm.s.fNestedPaging)
{
PGMMODE enmShwPagingMode;
#if HC_ARCH_BITS == 32
if (CPUMIsGuestInLongModeEx(pCtx))
enmShwPagingMode = PGMMODE_AMD64_NX;
else
#endif
enmShwPagingMode = PGMGetHostMode(pVM);
pvVMCB->ctrl.u64NestedPagingCR3 = PGMGetNestedCR3(pVCpu, enmShwPagingMode);
Assert(pvVMCB->ctrl.u64NestedPagingCR3);
pvVMCB->guest.u64CR3 = pCtx->cr3;
}
else
{
pvVMCB->guest.u64CR3 = PGMGetHyperCR3(pVCpu);
Assert(pvVMCB->guest.u64CR3 || VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL));
}
}
if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_CR4)
{
val = pCtx->cr4;
if (!pVM->hm.s.fNestedPaging)
{
switch (pVCpu->hm.s.enmShadowMode)
{
case PGMMODE_REAL:
case PGMMODE_PROTECTED: /* Protected mode, no paging. */
AssertFailed();
return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
case PGMMODE_32_BIT: /* 32-bit paging. */
val &= ~X86_CR4_PAE;
break;
case PGMMODE_PAE: /* PAE paging. */
case PGMMODE_PAE_NX: /* PAE paging with NX enabled. */
/** Must use PAE paging as we could use physical memory > 4 GB */
val |= X86_CR4_PAE;
break;
case PGMMODE_AMD64: /* 64-bit AMD paging (long mode). */
case PGMMODE_AMD64_NX: /* 64-bit AMD paging (long mode) with NX enabled. */
#ifdef VBOX_ENABLE_64_BITS_GUESTS
break;
#else
AssertFailed();
return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
#endif
default: /* shut up gcc */
AssertFailed();
return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
}
}
pvVMCB->guest.u64CR4 = val;
}
/* Debug registers. */
if (pVCpu->hm.s.fContextUseFlags & HM_CHANGED_GUEST_DEBUG)
{
pCtx->dr[6] |= X86_DR6_INIT_VAL; /* set all reserved bits to 1. */
pCtx->dr[6] &= ~RT_BIT(12); /* must be zero. */
pCtx->dr[7] &= 0xffffffff; /* upper 32 bits reserved */
pCtx->dr[7] &= ~(RT_BIT(11) | RT_BIT(12) | RT_BIT(14) | RT_BIT(15)); /* must be zero */
pCtx->dr[7] |= 0x400; /* must be one */
pvVMCB->guest.u64DR7 = pCtx->dr[7];
pvVMCB->guest.u64DR6 = pCtx->dr[6];
#ifdef DEBUG
/* Sync the hypervisor debug state now if any breakpoint is armed. */
if ( CPUMGetHyperDR7(pVCpu) & (X86_DR7_ENABLED_MASK|X86_DR7_GD)
&& !CPUMIsHyperDebugStateActive(pVCpu)
&& !DBGFIsStepping(pVCpu))
{
/* Save the host and load the hypervisor debug state. */
int rc = CPUMR0LoadHyperDebugState(pVM, pVCpu, pCtx, false /* exclude DR6 */);
AssertRC(rc);
/* DRx intercepts remain enabled. */
/* Override dr6 & dr7 with the hypervisor values. */
pvVMCB->guest.u64DR7 = CPUMGetHyperDR7(pVCpu);
pvVMCB->guest.u64DR6 = CPUMGetHyperDR6(pVCpu);
}
else
#endif
/* Sync the debug state now if any breakpoint is armed. */
if ( (pCtx->dr[7] & (X86_DR7_ENABLED_MASK|X86_DR7_GD))
&& !CPUMIsGuestDebugStateActive(pVCpu)
&& !DBGFIsStepping(pVCpu))
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxArmed);
/* Disable drx move intercepts. */
pvVMCB->ctrl.u16InterceptRdDRx = 0;
pvVMCB->ctrl.u16InterceptWrDRx = 0;
/* Save the host and load the guest debug state. */
int rc = CPUMR0LoadGuestDebugState(pVM, pVCpu, pCtx, false /* exclude DR6 */);
AssertRC(rc);
}
}
/* EIP, ESP and EFLAGS */
pvVMCB->guest.u64RIP = pCtx->rip;
pvVMCB->guest.u64RSP = pCtx->rsp;
pvVMCB->guest.u64RFlags = pCtx->eflags.u32;
/* Set CPL */
pvVMCB->guest.u8CPL = pCtx->ss.Attr.n.u2Dpl;
/* RAX/EAX too, as VMRUN uses RAX as an implicit parameter. */
pvVMCB->guest.u64RAX = pCtx->rax;
/* vmrun will fail without MSR_K6_EFER_SVME. */
pvVMCB->guest.u64EFER = pCtx->msrEFER | MSR_K6_EFER_SVME;
/* 64 bits guest mode? */
if (CPUMIsGuestInLongModeEx(pCtx))
{
#if !defined(VBOX_ENABLE_64_BITS_GUESTS)
return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
#elif HC_ARCH_BITS == 32 && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
pVCpu->hm.s.svm.pfnVMRun = SVMR0VMSwitcherRun64;
#else
# ifdef VBOX_WITH_HYBRID_32BIT_KERNEL
if (!pVM->hm.s.fAllow64BitGuests)
return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
# endif
pVCpu->hm.s.svm.pfnVMRun = SVMR0VMRun64;
#endif
/* Unconditionally update these as wrmsr might have changed them. (HM_CHANGED_GUEST_SEGMENT_REGS will not be set) */
pvVMCB->guest.FS.u64Base = pCtx->fs.u64Base;
pvVMCB->guest.GS.u64Base = pCtx->gs.u64Base;
}
else
{
/* Filter out the MSR_K6_LME bit or else AMD-V expects amd64 shadow paging. */
pvVMCB->guest.u64EFER &= ~MSR_K6_EFER_LME;
pVCpu->hm.s.svm.pfnVMRun = SVMR0VMRun;
}
/* TSC offset. */
if (TMCpuTickCanUseRealTSC(pVCpu, &pvVMCB->ctrl.u64TSCOffset))
{
uint64_t u64CurTSC = ASMReadTSC();
if (u64CurTSC + pvVMCB->ctrl.u64TSCOffset > TMCpuTickGetLastSeen(pVCpu))
{
pvVMCB->ctrl.u32InterceptCtrl1 &= ~SVM_CTRL1_INTERCEPT_RDTSC;
pvVMCB->ctrl.u32InterceptCtrl2 &= ~SVM_CTRL2_INTERCEPT_RDTSCP;
STAM_COUNTER_INC(&pVCpu->hm.s.StatTscOffset);
}
else
{
/* Fall back to rdtsc emulation as we would otherwise pass decreasing tsc values to the guest. */
LogFlow(("TSC %RX64 offset %RX64 time=%RX64 last=%RX64 (diff=%RX64, virt_tsc=%RX64)\n", u64CurTSC,
pvVMCB->ctrl.u64TSCOffset, u64CurTSC + pvVMCB->ctrl.u64TSCOffset, TMCpuTickGetLastSeen(pVCpu),
TMCpuTickGetLastSeen(pVCpu) - u64CurTSC - pvVMCB->ctrl.u64TSCOffset, TMCpuTickGet(pVCpu)));
pvVMCB->ctrl.u32InterceptCtrl1 |= SVM_CTRL1_INTERCEPT_RDTSC;
pvVMCB->ctrl.u32InterceptCtrl2 |= SVM_CTRL2_INTERCEPT_RDTSCP;
STAM_COUNTER_INC(&pVCpu->hm.s.StatTscInterceptOverFlow);
}
}
else
{
pvVMCB->ctrl.u32InterceptCtrl1 |= SVM_CTRL1_INTERCEPT_RDTSC;
pvVMCB->ctrl.u32InterceptCtrl2 |= SVM_CTRL2_INTERCEPT_RDTSCP;
STAM_COUNTER_INC(&pVCpu->hm.s.StatTscIntercept);
}
/* Sync the various MSRs for 64-bit mode. */
pvVMCB->guest.u64STAR = pCtx->msrSTAR; /* legacy syscall eip, cs & ss */
pvVMCB->guest.u64LSTAR = pCtx->msrLSTAR; /* 64-bit mode syscall rip */
pvVMCB->guest.u64CSTAR = pCtx->msrCSTAR; /* compatibility mode syscall rip */
pvVMCB->guest.u64SFMASK = pCtx->msrSFMASK; /* syscall flag mask */
pvVMCB->guest.u64KernelGSBase = pCtx->msrKERNELGSBASE; /* SWAPGS exchange value */
#ifdef DEBUG
/* Intercept X86_XCPT_DB if stepping is enabled */
if ( DBGFIsStepping(pVCpu)
|| CPUMIsHyperDebugStateActive(pVCpu))
pvVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_DB);
else
pvVMCB->ctrl.u32InterceptException &= ~RT_BIT(X86_XCPT_DB);
#endif
/* Done. */
pVCpu->hm.s.fContextUseFlags &= ~HM_CHANGED_ALL_GUEST;
return VINF_SUCCESS;
}
/**
* Setup TLB for ASID.
*
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
*/
static void hmR0SvmSetupTLB(PVM pVM, PVMCPU pVCpu)
{
PHMGLOBLCPUINFO pCpu;
AssertPtr(pVM);
AssertPtr(pVCpu);
SVM_VMCB *pvVMCB = (SVM_VMCB *)pVCpu->hm.s.svm.pvVMCB;
pCpu = HMR0GetCurrentCpu();
/*
* Force a TLB flush for the first world switch if the current CPU differs from the one we ran on last.
* This can happen both for start & resume due to long jumps back to ring-3.
* If the TLB flush count changed, another VM (VCPU rather) has hit the ASID limit while flushing the TLB,
* so we cannot reuse the ASIDs without flushing.
*/
bool fNewAsid = false;
if ( pVCpu->hm.s.idLastCpu != pCpu->idCpu
|| pVCpu->hm.s.cTlbFlushes != pCpu->cTlbFlushes)
{
pVCpu->hm.s.fForceTLBFlush = true;
fNewAsid = true;
}
/*
* Set TLB flush state as checked until we return from the world switch.
*/
ASMAtomicWriteBool(&pVCpu->hm.s.fCheckedTLBFlush, true);
/*
* Check for TLB shootdown flushes.
*/
if (VMCPU_FF_TESTANDCLEAR(pVCpu, VMCPU_FF_TLB_FLUSH))
pVCpu->hm.s.fForceTLBFlush = true;
pVCpu->hm.s.idLastCpu = pCpu->idCpu;
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_NOTHING;
if (RT_UNLIKELY(pVM->hm.s.svm.fAlwaysFlushTLB))
{
/*
* This is the AMD erratum 170. We need to flush the entire TLB for each world switch. Sad.
*/
pCpu->uCurrentAsid = 1;
pVCpu->hm.s.uCurrentAsid = 1;
pVCpu->hm.s.cTlbFlushes = pCpu->cTlbFlushes;
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_ENTIRE;
}
else if (pVCpu->hm.s.fForceTLBFlush)
{
if (fNewAsid)
{
++pCpu->uCurrentAsid;
bool fHitASIDLimit = false;
if (pCpu->uCurrentAsid >= pVM->hm.s.uMaxAsid)
{
pCpu->uCurrentAsid = 1; /* start at 1; host uses 0 */
pCpu->cTlbFlushes++;
fHitASIDLimit = true;
if (pVM->hm.s.svm.u32Features & AMD_CPUID_SVM_FEATURE_EDX_FLUSH_BY_ASID)
{
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_SINGLE_CONTEXT;
pCpu->fFlushAsidBeforeUse = true;
}
else
{
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_ENTIRE;
pCpu->fFlushAsidBeforeUse = false;
}
}
if ( !fHitASIDLimit
&& pCpu->fFlushAsidBeforeUse)
{
if (pVM->hm.s.svm.u32Features & AMD_CPUID_SVM_FEATURE_EDX_FLUSH_BY_ASID)
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_SINGLE_CONTEXT;
else
{
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_ENTIRE;
pCpu->fFlushAsidBeforeUse = false;
}
}
pVCpu->hm.s.uCurrentAsid = pCpu->uCurrentAsid;
pVCpu->hm.s.cTlbFlushes = pCpu->cTlbFlushes;
}
else
{
if (pVM->hm.s.svm.u32Features & AMD_CPUID_SVM_FEATURE_EDX_FLUSH_BY_ASID)
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_SINGLE_CONTEXT;
else
pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush = SVM_TLB_FLUSH_ENTIRE;
}
pVCpu->hm.s.fForceTLBFlush = false;
}
else
{
/** @todo We never set VMCPU_FF_TLB_SHOOTDOWN anywhere so this path should
* not be executed. See hmQueueInvlPage() where it is commented
* out. Support individual entry flushing someday. */
if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TLB_SHOOTDOWN))
{
/* Deal with pending TLB shootdown actions which were queued when we were not executing code. */
STAM_COUNTER_INC(&pVCpu->hm.s.StatTlbShootdown);
for (unsigned i = 0; i < pVCpu->hm.s.TlbShootdown.cPages; i++)
SVMR0InvlpgA(pVCpu->hm.s.TlbShootdown.aPages[i], pvVMCB->ctrl.TLBCtrl.n.u32ASID);
}
}
pVCpu->hm.s.TlbShootdown.cPages = 0;
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TLB_SHOOTDOWN);
/* Update VMCB with the ASID. */
pvVMCB->ctrl.TLBCtrl.n.u32ASID = pVCpu->hm.s.uCurrentAsid;
AssertMsg(pVCpu->hm.s.cTlbFlushes == pCpu->cTlbFlushes,
("Flush count mismatch for cpu %d (%x vs %x)\n", pCpu->idCpu, pVCpu->hm.s.cTlbFlushes, pCpu->cTlbFlushes));
AssertMsg(pCpu->uCurrentAsid >= 1 && pCpu->uCurrentAsid < pVM->hm.s.uMaxAsid,
("cpu%d uCurrentAsid = %x\n", pCpu->idCpu, pCpu->uCurrentAsid));
AssertMsg(pVCpu->hm.s.uCurrentAsid >= 1 && pVCpu->hm.s.uCurrentAsid < pVM->hm.s.uMaxAsid,
("cpu%d VM uCurrentAsid = %x\n", pCpu->idCpu, pVCpu->hm.s.uCurrentAsid));
#ifdef VBOX_WITH_STATISTICS
if (pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush == SVM_TLB_FLUSH_NOTHING)
STAM_COUNTER_INC(&pVCpu->hm.s.StatNoFlushTlbWorldSwitch);
else if ( pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush == SVM_TLB_FLUSH_SINGLE_CONTEXT
|| pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush == SVM_TLB_FLUSH_SINGLE_CONTEXT_RETAIN_GLOBALS)
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushAsid);
}
else
STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushTlbWorldSwitch);
#endif
}
/**
* Runs guest code in an AMD-V VM.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param pCtx Pointer to the guest CPU context.
*/
VMMR0DECL(int) SVMR0RunGuestCode(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
{
STAM_PROFILE_ADV_START(&pVCpu->hm.s.StatEntry, x);
STAM_PROFILE_ADV_SET_STOPPED(&pVCpu->hm.s.StatExit1);
STAM_PROFILE_ADV_SET_STOPPED(&pVCpu->hm.s.StatExit2);
VBOXSTRICTRC rc = VINF_SUCCESS;
int rc2;
uint64_t exitCode = (uint64_t)SVM_EXIT_INVALID;
SVM_VMCB *pvVMCB = NULL;
bool fSyncTPR = false;
unsigned cResume = 0;
uint8_t u8LastTPR = 0; /* Initialized for potentially stupid compilers. */
uint32_t u32HostExtFeatures = 0;
PHMGLOBLCPUINFO pCpu = 0;
RTCCUINTREG uOldEFlags = ~(RTCCUINTREG)0;
#ifdef VBOX_STRICT
RTCPUID idCpuCheck;
#endif
#ifdef VBOX_HIGH_RES_TIMERS_HACK_IN_RING0
uint64_t u64LastTime = RTTimeMilliTS();
#endif
pvVMCB = (SVM_VMCB *)pVCpu->hm.s.svm.pvVMCB;
AssertMsgReturn(pvVMCB, ("Invalid pvVMCB\n"), VERR_SVM_INVALID_PVMCB);
/*
* We can jump to this point to resume execution after determining that a VM-exit is innocent.
*/
ResumeExecution:
if (!STAM_PROFILE_ADV_IS_RUNNING(&pVCpu->hm.s.StatEntry))
STAM_PROFILE_ADV_STOP_START(&pVCpu->hm.s.StatExit2, &pVCpu->hm.s.StatEntry, x);
Assert(!HMR0SuspendPending());
/*
* Safety precaution; looping for too long here can have a very bad effect on the host.
*/
if (RT_UNLIKELY(++cResume > pVM->hm.s.cMaxResumeLoops))
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitMaxResume);
rc = VINF_EM_RAW_INTERRUPT;
goto end;
}
/*
* Check for IRQ inhibition due to instruction fusing (sti, mov ss).
*/
if (VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
{
Log(("VM_FF_INHIBIT_INTERRUPTS at %RGv successor %RGv\n", (RTGCPTR)pCtx->rip, EMGetInhibitInterruptsPC(pVCpu)));
if (pCtx->rip != EMGetInhibitInterruptsPC(pVCpu))
{
/*
* Note: we intentionally don't clear VM_FF_INHIBIT_INTERRUPTS here.
* Before we are able to execute this instruction in raw mode (iret to guest code) an external interrupt might
* force a world switch again. Possibly allowing a guest interrupt to be dispatched in the process. This could
* break the guest. Sounds very unlikely, but such timing sensitive problems are not as rare as you might think.
*/
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
/* Irq inhibition is no longer active; clear the corresponding SVM state. */
pvVMCB->ctrl.u64IntShadow = 0;
}
}
else
{
/* Irq inhibition is no longer active; clear the corresponding SVM state. */
pvVMCB->ctrl.u64IntShadow = 0;
}
#ifdef VBOX_HIGH_RES_TIMERS_HACK_IN_RING0
if (RT_UNLIKELY((cResume & 0xf) == 0))
{
uint64_t u64CurTime = RTTimeMilliTS();
if (RT_UNLIKELY(u64CurTime > u64LastTime))
{
u64LastTime = u64CurTime;
TMTimerPollVoid(pVM, pVCpu);
}
}
#endif
/*
* Check for pending actions that force us to go back to ring-3.
*/
if ( VM_FF_ISPENDING(pVM, VM_FF_HM_TO_R3_MASK | VM_FF_REQUEST | VM_FF_PGM_POOL_FLUSH_PENDING | VM_FF_PDM_DMA)
|| VMCPU_FF_ISPENDING(pVCpu,
VMCPU_FF_HM_TO_R3_MASK
| VMCPU_FF_PGM_SYNC_CR3
| VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
| VMCPU_FF_REQUEST))
{
/* Check if a sync operation is pending. */
if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
{
rc = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4, VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
AssertRC(VBOXSTRICTRC_VAL(rc));
if (rc != VINF_SUCCESS)
{
Log(("Pending pool sync is forcing us back to ring 3; rc=%d\n", VBOXSTRICTRC_VAL(rc)));
goto end;
}
}
#ifdef DEBUG
/* Intercept X86_XCPT_DB if stepping is enabled */
if (!DBGFIsStepping(pVCpu))
#endif
{
if ( VM_FF_ISPENDING(pVM, VM_FF_HM_TO_R3_MASK)
|| VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HM_TO_R3_MASK))
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatSwitchHmToR3FF);
rc = RT_UNLIKELY(VM_FF_ISPENDING(pVM, VM_FF_PGM_NO_MEMORY)) ? VINF_EM_NO_MEMORY : VINF_EM_RAW_TO_R3;
goto end;
}
}
/* Pending request packets might contain actions that need immediate attention, such as pending hardware interrupts. */
if ( VM_FF_ISPENDING(pVM, VM_FF_REQUEST)
|| VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_REQUEST))
{
rc = VINF_EM_PENDING_REQUEST;
goto end;
}
/* Check if a pgm pool flush is in progress. */
if (VM_FF_ISPENDING(pVM, VM_FF_PGM_POOL_FLUSH_PENDING))
{
rc = VINF_PGM_POOL_FLUSH_PENDING;
goto end;
}
/* Check if DMA work is pending (2nd+ run). */
if (VM_FF_ISPENDING(pVM, VM_FF_PDM_DMA) && cResume > 1)
{
rc = VINF_EM_RAW_TO_R3;
goto end;
}
}
#ifdef VBOX_WITH_VMMR0_DISABLE_PREEMPTION
/*
* Exit to ring-3 preemption/work is pending.
*
* Interrupts are disabled before the call to make sure we don't miss any interrupt
* that would flag preemption (IPI, timer tick, ++). (Would've been nice to do this
* further down, but hmR0SvmCheckPendingInterrupt makes that impossible.)
*
* Note! Interrupts must be disabled done *before* we check for TLB flushes; TLB
* shootdowns rely on this.
*/
uOldEFlags = ASMIntDisableFlags();
if (RTThreadPreemptIsPending(NIL_RTTHREAD))
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitPreemptPending);
rc = VINF_EM_RAW_INTERRUPT;
goto end;
}
VMCPU_SET_STATE(pVCpu, VMCPUSTATE_STARTED_EXEC);
#endif
/*
* When external interrupts are pending, we should exit the VM when IF is set.
* Note: *After* VM_FF_INHIBIT_INTERRUPTS check!!
*/
rc = hmR0SvmCheckPendingInterrupt(pVM, pVCpu, pvVMCB, pCtx);
if (RT_FAILURE(rc))
goto end;
/*
* TPR caching using CR8 is only available in 64-bit mode or with 32-bit guests when X86_CPUID_AMD_FEATURE_ECX_CR8L is
* supported.
* Note: we can't do this in LoddGuestState as PDMApicGetTPR can jump back to ring 3 (lock)! (no longer true)
*/
/** @todo query and update the TPR only when it could have been changed (mmio access)
*/
if (pVM->hm.s.fHasIoApic)
{
/* TPR caching in CR8 */
bool fPending;
rc2 = PDMApicGetTPR(pVCpu, &u8LastTPR, &fPending);
AssertRC(rc2);
if (pVM->hm.s.fTPRPatchingActive)
{
/* Our patch code uses LSTAR for TPR caching. */
pCtx->msrLSTAR = u8LastTPR;
if (fPending)
{
/* A TPR change could activate a pending interrupt, so catch lstar writes. */
hmR0SvmSetMSRPermission(pVCpu, MSR_K8_LSTAR, true, false);
}
else
{
/*
* No interrupts are pending, so we don't need to be explicitely notified.
* There are enough world switches for detecting pending interrupts.
*/
hmR0SvmSetMSRPermission(pVCpu, MSR_K8_LSTAR, true, true);
}
}
else
{
/* cr8 bits 3-0 correspond to bits 7-4 of the task priority mmio register. */
pvVMCB->ctrl.IntCtrl.n.u8VTPR = (u8LastTPR >> 4);
if (fPending)
{
/* A TPR change could activate a pending interrupt, so catch cr8 writes. */
pvVMCB->ctrl.u16InterceptWrCRx |= RT_BIT(8);
}
else
{
/*
* No interrupts are pending, so we don't need to be explicitly notified.
* There are enough world switches for detecting pending interrupts.
*/
pvVMCB->ctrl.u16InterceptWrCRx &= ~RT_BIT(8);
}
}
fSyncTPR = !fPending;
}
/* All done! Let's start VM execution. */
/* Enable nested paging if necessary (disabled each time after #VMEXIT). */
pvVMCB->ctrl.NestedPaging.n.u1NestedPaging = pVM->hm.s.fNestedPaging;
#ifdef LOG_ENABLED
pCpu = HMR0GetCurrentCpu();
if (pVCpu->hm.s.idLastCpu != pCpu->idCpu)
LogFlow(("Force TLB flush due to rescheduling to a different cpu (%d vs %d)\n", pVCpu->hm.s.idLastCpu, pCpu->idCpu));
else if (pVCpu->hm.s.cTlbFlushes != pCpu->cTlbFlushes)
LogFlow(("Force TLB flush due to changed TLB flush count (%x vs %x)\n", pVCpu->hm.s.cTlbFlushes, pCpu->cTlbFlushes));
else if (VMCPU_FF_ISSET(pVCpu, VMCPU_FF_TLB_FLUSH))
LogFlow(("Manual TLB flush\n"));
#endif
/*
* NOTE: DO NOT DO ANYTHING AFTER THIS POINT THAT MIGHT JUMP BACK TO RING 3!
* (until the actual world switch)
*/
#ifdef VBOX_STRICT
idCpuCheck = RTMpCpuId();
#endif
VMMR0LogFlushDisable(pVCpu);
/*
* Load the guest state; *must* be here as it sets up the shadow CR0 for lazy FPU syncing!
*/
rc = SVMR0LoadGuestState(pVM, pVCpu, pCtx);
if (RT_UNLIKELY(rc != VINF_SUCCESS))
{
VMMR0LogFlushEnable(pVCpu);
goto end;
}
#ifndef VBOX_WITH_VMMR0_DISABLE_PREEMPTION
/*
* Disable interrupts to make sure a poke will interrupt execution.
* This must be done *before* we check for TLB flushes; TLB shootdowns rely on this.
*/
uOldEFlags = ASMIntDisableFlags();
VMCPU_SET_STATE(pVCpu, VMCPUSTATE_STARTED_EXEC);
#endif
STAM_PROFILE_ADV_STOP_START(&pVCpu->hm.s.StatEntry, &pVCpu->hm.s.StatInGC, x);
/* Setup TLB control and ASID in the VMCB. */
hmR0SvmSetupTLB(pVM, pVCpu);
/* In case we execute a goto ResumeExecution later on. */
pVCpu->hm.s.fResumeVM = true;
pVCpu->hm.s.fForceTLBFlush = pVM->hm.s.svm.fAlwaysFlushTLB;
Assert(sizeof(pVCpu->hm.s.svm.HCPhysVMCB) == 8);
Assert(pvVMCB->ctrl.IntCtrl.n.u1VIrqMasking);
Assert(pvVMCB->ctrl.u64IOPMPhysAddr == pVM->hm.s.svm.HCPhysIOBitmap);
Assert(pvVMCB->ctrl.u64MSRPMPhysAddr == pVCpu->hm.s.svm.HCPhysMsrBitmap);
Assert(pvVMCB->ctrl.u64LBRVirt == 0);
#ifdef VBOX_STRICT
Assert(idCpuCheck == RTMpCpuId());
#endif
TMNotifyStartOfExecution(pVCpu);
/*
* Save the current Host TSC_AUX and write the guest TSC_AUX to the host, so that
* RDTSCPs (that don't cause exits) reads the guest MSR. See @bugref{3324}.
*/
u32HostExtFeatures = pVM->hm.s.cpuid.u32AMDFeatureEDX;
if ( (u32HostExtFeatures & X86_CPUID_EXT_FEATURE_EDX_RDTSCP)
&& !(pvVMCB->ctrl.u32InterceptCtrl2 & SVM_CTRL2_INTERCEPT_RDTSCP))
{
pVCpu->hm.s.u64HostTscAux = ASMRdMsr(MSR_K8_TSC_AUX);
uint64_t u64GuestTscAux = 0;
rc2 = CPUMQueryGuestMsr(pVCpu, MSR_K8_TSC_AUX, &u64GuestTscAux);
AssertRC(rc2);
ASMWrMsr(MSR_K8_TSC_AUX, u64GuestTscAux);
}
#ifdef VBOX_WITH_KERNEL_USING_XMM
hmR0SVMRunWrapXMM(pVCpu->hm.s.svm.HCPhysVMCBHost, pVCpu->hm.s.svm.HCPhysVMCB, pCtx, pVM, pVCpu,
pVCpu->hm.s.svm.pfnVMRun);
#else
pVCpu->hm.s.svm.pfnVMRun(pVCpu->hm.s.svm.HCPhysVMCBHost, pVCpu->hm.s.svm.HCPhysVMCB, pCtx, pVM, pVCpu);
#endif
ASMAtomicWriteBool(&pVCpu->hm.s.fCheckedTLBFlush, false);
ASMAtomicIncU32(&pVCpu->hm.s.cWorldSwitchExits);
/* Possibly the last TSC value seen by the guest (too high) (only when we're in TSC offset mode). */
if (!(pvVMCB->ctrl.u32InterceptCtrl1 & SVM_CTRL1_INTERCEPT_RDTSC))
{
/* Restore host's TSC_AUX. */
if (u32HostExtFeatures & X86_CPUID_EXT_FEATURE_EDX_RDTSCP)
ASMWrMsr(MSR_K8_TSC_AUX, pVCpu->hm.s.u64HostTscAux);
TMCpuTickSetLastSeen(pVCpu, ASMReadTSC() +
pvVMCB->ctrl.u64TSCOffset - 0x400 /* guestimate of world switch overhead in clock ticks */);
}
TMNotifyEndOfExecution(pVCpu);
VMCPU_SET_STATE(pVCpu, VMCPUSTATE_STARTED);
STAM_PROFILE_ADV_STOP_START(&pVCpu->hm.s.StatInGC, &pVCpu->hm.s.StatExit1, x);
ASMSetFlags(uOldEFlags);
#ifdef VBOX_WITH_VMMR0_DISABLE_PREEMPTION
uOldEFlags = ~(RTCCUINTREG)0;
#endif
/*
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* IMPORTANT: WE CAN'T DO ANY LOGGING OR OPERATIONS THAT CAN DO A LONGJMP BACK TO RING-3 *BEFORE* WE'VE SYNCED BACK (MOST OF) THE GUEST STATE
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
/* Reason for the VM exit */
exitCode = pvVMCB->ctrl.u64ExitCode;
if (RT_UNLIKELY(exitCode == (uint64_t)SVM_EXIT_INVALID)) /* Invalid guest state. */
{
HMDumpRegs(pVM, pVCpu, pCtx);
#ifdef DEBUG
Log(("ctrl.u16InterceptRdCRx %x\n", pvVMCB->ctrl.u16InterceptRdCRx));
Log(("ctrl.u16InterceptWrCRx %x\n", pvVMCB->ctrl.u16InterceptWrCRx));
Log(("ctrl.u16InterceptRdDRx %x\n", pvVMCB->ctrl.u16InterceptRdDRx));
Log(("ctrl.u16InterceptWrDRx %x\n", pvVMCB->ctrl.u16InterceptWrDRx));
Log(("ctrl.u32InterceptException %x\n", pvVMCB->ctrl.u32InterceptException));
Log(("ctrl.u32InterceptCtrl1 %x\n", pvVMCB->ctrl.u32InterceptCtrl1));
Log(("ctrl.u32InterceptCtrl2 %x\n", pvVMCB->ctrl.u32InterceptCtrl2));
Log(("ctrl.u64IOPMPhysAddr %RX64\n", pvVMCB->ctrl.u64IOPMPhysAddr));
Log(("ctrl.u64MSRPMPhysAddr %RX64\n", pvVMCB->ctrl.u64MSRPMPhysAddr));
Log(("ctrl.u64TSCOffset %RX64\n", pvVMCB->ctrl.u64TSCOffset));
Log(("ctrl.TLBCtrl.u32ASID %x\n", pvVMCB->ctrl.TLBCtrl.n.u32ASID));
Log(("ctrl.TLBCtrl.u8TLBFlush %x\n", pvVMCB->ctrl.TLBCtrl.n.u8TLBFlush));
Log(("ctrl.TLBCtrl.u24Reserved %x\n", pvVMCB->ctrl.TLBCtrl.n.u24Reserved));
Log(("ctrl.IntCtrl.u8VTPR %x\n", pvVMCB->ctrl.IntCtrl.n.u8VTPR));
Log(("ctrl.IntCtrl.u1VIrqValid %x\n", pvVMCB->ctrl.IntCtrl.n.u1VIrqValid));
Log(("ctrl.IntCtrl.u7Reserved %x\n", pvVMCB->ctrl.IntCtrl.n.u7Reserved));
Log(("ctrl.IntCtrl.u4VIrqPriority %x\n", pvVMCB->ctrl.IntCtrl.n.u4VIrqPriority));
Log(("ctrl.IntCtrl.u1IgnoreTPR %x\n", pvVMCB->ctrl.IntCtrl.n.u1IgnoreTPR));
Log(("ctrl.IntCtrl.u3Reserved %x\n", pvVMCB->ctrl.IntCtrl.n.u3Reserved));
Log(("ctrl.IntCtrl.u1VIrqMasking %x\n", pvVMCB->ctrl.IntCtrl.n.u1VIrqMasking));
Log(("ctrl.IntCtrl.u7Reserved2 %x\n", pvVMCB->ctrl.IntCtrl.n.u7Reserved2));
Log(("ctrl.IntCtrl.u8VIrqVector %x\n", pvVMCB->ctrl.IntCtrl.n.u8VIrqVector));
Log(("ctrl.IntCtrl.u24Reserved %x\n", pvVMCB->ctrl.IntCtrl.n.u24Reserved));
Log(("ctrl.u64IntShadow %RX64\n", pvVMCB->ctrl.u64IntShadow));
Log(("ctrl.u64ExitCode %RX64\n", pvVMCB->ctrl.u64ExitCode));
Log(("ctrl.u64ExitInfo1 %RX64\n", pvVMCB->ctrl.u64ExitInfo1));
Log(("ctrl.u64ExitInfo2 %RX64\n", pvVMCB->ctrl.u64ExitInfo2));
Log(("ctrl.ExitIntInfo.u8Vector %x\n", pvVMCB->ctrl.ExitIntInfo.n.u8Vector));
Log(("ctrl.ExitIntInfo.u3Type %x\n", pvVMCB->ctrl.ExitIntInfo.n.u3Type));
Log(("ctrl.ExitIntInfo.u1ErrorCodeValid %x\n", pvVMCB->ctrl.ExitIntInfo.n.u1ErrorCodeValid));
Log(("ctrl.ExitIntInfo.u19Reserved %x\n", pvVMCB->ctrl.ExitIntInfo.n.u19Reserved));
Log(("ctrl.ExitIntInfo.u1Valid %x\n", pvVMCB->ctrl.ExitIntInfo.n.u1Valid));
Log(("ctrl.ExitIntInfo.u32ErrorCode %x\n", pvVMCB->ctrl.ExitIntInfo.n.u32ErrorCode));
Log(("ctrl.NestedPaging %RX64\n", pvVMCB->ctrl.NestedPaging.au64));
Log(("ctrl.EventInject.u8Vector %x\n", pvVMCB->ctrl.EventInject.n.u8Vector));
Log(("ctrl.EventInject.u3Type %x\n", pvVMCB->ctrl.EventInject.n.u3Type));
Log(("ctrl.EventInject.u1ErrorCodeValid %x\n", pvVMCB->ctrl.EventInject.n.u1ErrorCodeValid));
Log(("ctrl.EventInject.u19Reserved %x\n", pvVMCB->ctrl.EventInject.n.u19Reserved));
Log(("ctrl.EventInject.u1Valid %x\n", pvVMCB->ctrl.EventInject.n.u1Valid));
Log(("ctrl.EventInject.u32ErrorCode %x\n", pvVMCB->ctrl.EventInject.n.u32ErrorCode));
Log(("ctrl.u64NestedPagingCR3 %RX64\n", pvVMCB->ctrl.u64NestedPagingCR3));
Log(("ctrl.u64LBRVirt %RX64\n", pvVMCB->ctrl.u64LBRVirt));
Log(("guest.CS.u16Sel %04X\n", pvVMCB->guest.CS.u16Sel));
Log(("guest.CS.u16Attr %04X\n", pvVMCB->guest.CS.u16Attr));
Log(("guest.CS.u32Limit %X\n", pvVMCB->guest.CS.u32Limit));
Log(("guest.CS.u64Base %RX64\n", pvVMCB->guest.CS.u64Base));
Log(("guest.DS.u16Sel %04X\n", pvVMCB->guest.DS.u16Sel));
Log(("guest.DS.u16Attr %04X\n", pvVMCB->guest.DS.u16Attr));
Log(("guest.DS.u32Limit %X\n", pvVMCB->guest.DS.u32Limit));
Log(("guest.DS.u64Base %RX64\n", pvVMCB->guest.DS.u64Base));
Log(("guest.ES.u16Sel %04X\n", pvVMCB->guest.ES.u16Sel));
Log(("guest.ES.u16Attr %04X\n", pvVMCB->guest.ES.u16Attr));
Log(("guest.ES.u32Limit %X\n", pvVMCB->guest.ES.u32Limit));
Log(("guest.ES.u64Base %RX64\n", pvVMCB->guest.ES.u64Base));
Log(("guest.FS.u16Sel %04X\n", pvVMCB->guest.FS.u16Sel));
Log(("guest.FS.u16Attr %04X\n", pvVMCB->guest.FS.u16Attr));
Log(("guest.FS.u32Limit %X\n", pvVMCB->guest.FS.u32Limit));
Log(("guest.FS.u64Base %RX64\n", pvVMCB->guest.FS.u64Base));
Log(("guest.GS.u16Sel %04X\n", pvVMCB->guest.GS.u16Sel));
Log(("guest.GS.u16Attr %04X\n", pvVMCB->guest.GS.u16Attr));
Log(("guest.GS.u32Limit %X\n", pvVMCB->guest.GS.u32Limit));
Log(("guest.GS.u64Base %RX64\n", pvVMCB->guest.GS.u64Base));
Log(("guest.GDTR.u32Limit %X\n", pvVMCB->guest.GDTR.u32Limit));
Log(("guest.GDTR.u64Base %RX64\n", pvVMCB->guest.GDTR.u64Base));
Log(("guest.LDTR.u16Sel %04X\n", pvVMCB->guest.LDTR.u16Sel));
Log(("guest.LDTR.u16Attr %04X\n", pvVMCB->guest.LDTR.u16Attr));
Log(("guest.LDTR.u32Limit %X\n", pvVMCB->guest.LDTR.u32Limit));
Log(("guest.LDTR.u64Base %RX64\n", pvVMCB->guest.LDTR.u64Base));
Log(("guest.IDTR.u32Limit %X\n", pvVMCB->guest.IDTR.u32Limit));
Log(("guest.IDTR.u64Base %RX64\n", pvVMCB->guest.IDTR.u64Base));
Log(("guest.TR.u16Sel %04X\n", pvVMCB->guest.TR.u16Sel));
Log(("guest.TR.u16Attr %04X\n", pvVMCB->guest.TR.u16Attr));
Log(("guest.TR.u32Limit %X\n", pvVMCB->guest.TR.u32Limit));
Log(("guest.TR.u64Base %RX64\n", pvVMCB->guest.TR.u64Base));
Log(("guest.u8CPL %X\n", pvVMCB->guest.u8CPL));
Log(("guest.u64CR0 %RX64\n", pvVMCB->guest.u64CR0));
Log(("guest.u64CR2 %RX64\n", pvVMCB->guest.u64CR2));
Log(("guest.u64CR3 %RX64\n", pvVMCB->guest.u64CR3));
Log(("guest.u64CR4 %RX64\n", pvVMCB->guest.u64CR4));
Log(("guest.u64DR6 %RX64\n", pvVMCB->guest.u64DR6));
Log(("guest.u64DR7 %RX64\n", pvVMCB->guest.u64DR7));
Log(("guest.u64RIP %RX64\n", pvVMCB->guest.u64RIP));
Log(("guest.u64RSP %RX64\n", pvVMCB->guest.u64RSP));
Log(("guest.u64RAX %RX64\n", pvVMCB->guest.u64RAX));
Log(("guest.u64RFlags %RX64\n", pvVMCB->guest.u64RFlags));
Log(("guest.u64SysEnterCS %RX64\n", pvVMCB->guest.u64SysEnterCS));
Log(("guest.u64SysEnterEIP %RX64\n", pvVMCB->guest.u64SysEnterEIP));
Log(("guest.u64SysEnterESP %RX64\n", pvVMCB->guest.u64SysEnterESP));
Log(("guest.u64EFER %RX64\n", pvVMCB->guest.u64EFER));
Log(("guest.u64STAR %RX64\n", pvVMCB->guest.u64STAR));
Log(("guest.u64LSTAR %RX64\n", pvVMCB->guest.u64LSTAR));
Log(("guest.u64CSTAR %RX64\n", pvVMCB->guest.u64CSTAR));
Log(("guest.u64SFMASK %RX64\n", pvVMCB->guest.u64SFMASK));
Log(("guest.u64KernelGSBase %RX64\n", pvVMCB->guest.u64KernelGSBase));
Log(("guest.u64GPAT %RX64\n", pvVMCB->guest.u64GPAT));
Log(("guest.u64DBGCTL %RX64\n", pvVMCB->guest.u64DBGCTL));
Log(("guest.u64BR_FROM %RX64\n", pvVMCB->guest.u64BR_FROM));
Log(("guest.u64BR_TO %RX64\n", pvVMCB->guest.u64BR_TO));
Log(("guest.u64LASTEXCPFROM %RX64\n", pvVMCB->guest.u64LASTEXCPFROM));
Log(("guest.u64LASTEXCPTO %RX64\n", pvVMCB->guest.u64LASTEXCPTO));
#endif
rc = VERR_SVM_UNABLE_TO_START_VM;
VMMR0LogFlushEnable(pVCpu);
goto end;
}
/* Let's first sync back EIP, ESP, and EFLAGS. */
pCtx->rip = pvVMCB->guest.u64RIP;
pCtx->rsp = pvVMCB->guest.u64RSP;
pCtx->eflags.u32 = pvVMCB->guest.u64RFlags;
/* eax is saved/restore across the vmrun instruction */
pCtx->rax = pvVMCB->guest.u64RAX;
/*
* Save all the MSRs that can be changed by the guest without causing a world switch.
* FS & GS base are saved with SVM_READ_SELREG.
*/
pCtx->msrSTAR = pvVMCB->guest.u64STAR; /* legacy syscall eip, cs & ss */
pCtx->msrLSTAR = pvVMCB->guest.u64LSTAR; /* 64-bit mode syscall rip */
pCtx->msrCSTAR = pvVMCB->guest.u64CSTAR; /* compatibility mode syscall rip */
pCtx->msrSFMASK = pvVMCB->guest.u64SFMASK; /* syscall flag mask */
pCtx->msrKERNELGSBASE = pvVMCB->guest.u64KernelGSBase; /* swapgs exchange value */
pCtx->SysEnter.cs = pvVMCB->guest.u64SysEnterCS;
pCtx->SysEnter.eip = pvVMCB->guest.u64SysEnterEIP;
pCtx->SysEnter.esp = pvVMCB->guest.u64SysEnterESP;
/* Can be updated behind our back in the nested paging case. */
pCtx->cr2 = pvVMCB->guest.u64CR2;
/* Guest CPU context: ES, CS, SS, DS, FS, GS. */
SVM_READ_SELREG(SS, ss);
SVM_READ_SELREG(CS, cs);
SVM_READ_SELREG(DS, ds);
SVM_READ_SELREG(ES, es);
SVM_READ_SELREG(FS, fs);
SVM_READ_SELREG(GS, gs);
/*
* Correct the hidden CS granularity flag. Haven't seen it being wrong in any other
* register (yet).
*/
if ( !pCtx->cs.Attr.n.u1Granularity
&& pCtx->cs.Attr.n.u1Present
&& pCtx->cs.u32Limit > UINT32_C(0xfffff))
{
Assert((pCtx->cs.u32Limit & 0xfff) == 0xfff);
pCtx->cs.Attr.n.u1Granularity = 1;
}
#define SVM_ASSERT_SEL_GRANULARITY(reg) \
AssertMsg( !pCtx->reg.Attr.n.u1Present \
|| ( pCtx->reg.Attr.n.u1Granularity \
? (pCtx->reg.u32Limit & 0xfff) == 0xfff \
: pCtx->reg.u32Limit <= 0xfffff), \
("%#x %#x %#llx\n", pCtx->reg.u32Limit, pCtx->reg.Attr.u, pCtx->reg.u64Base))
SVM_ASSERT_SEL_GRANULARITY(ss);
SVM_ASSERT_SEL_GRANULARITY(cs);
SVM_ASSERT_SEL_GRANULARITY(ds);
SVM_ASSERT_SEL_GRANULARITY(es);
SVM_ASSERT_SEL_GRANULARITY(fs);
SVM_ASSERT_SEL_GRANULARITY(gs);
#undef SVM_ASSERT_SEL_GRANULARITY
/*
* Correct the hidden SS DPL field. It can be wrong on certain CPUs
* sometimes (seen it on AMD Fusion CPUs with 64-bit guests). The CPU
* always uses the CPL field in the VMCB instead of the DPL in the hidden
* SS (chapter AMD spec. 15.5.1 Basic operation).
*/
Assert(!(pvVMCB->guest.u8CPL & ~0x3));
pCtx->ss.Attr.n.u2Dpl = pvVMCB->guest.u8CPL & 0x3;
/*
* Remaining guest CPU context: TR, IDTR, GDTR, LDTR;
* must sync everything otherwise we can get out of sync when jumping back to ring-3.
*/
SVM_READ_SELREG(LDTR, ldtr);
SVM_READ_SELREG(TR, tr);
pCtx->gdtr.cbGdt = pvVMCB->guest.GDTR.u32Limit;
pCtx->gdtr.pGdt = pvVMCB->guest.GDTR.u64Base;
pCtx->idtr.cbIdt = pvVMCB->guest.IDTR.u32Limit;
pCtx->idtr.pIdt = pvVMCB->guest.IDTR.u64Base;
/*
* No reason to sync back the CRx and DRx registers as they cannot be changed by the guest
* unless in the nested paging case where CR3 can be changed by the guest.
*/
if ( pVM->hm.s.fNestedPaging
&& pCtx->cr3 != pvVMCB->guest.u64CR3)
{
CPUMSetGuestCR3(pVCpu, pvVMCB->guest.u64CR3);
PGMUpdateCR3(pVCpu, pvVMCB->guest.u64CR3);
}
/* Note! NOW IT'S SAFE FOR LOGGING! */
VMMR0LogFlushEnable(pVCpu);
/* Take care of instruction fusing (sti, mov ss) (see AMD spec. 15.20.5 Interrupt Shadows) */
if (pvVMCB->ctrl.u64IntShadow & SVM_INTERRUPT_SHADOW_ACTIVE)
{
Log(("uInterruptState %x rip=%RGv\n", pvVMCB->ctrl.u64IntShadow, (RTGCPTR)pCtx->rip));
EMSetInhibitInterruptsPC(pVCpu, pCtx->rip);
}
else
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
Log2(("exitCode = %x\n", exitCode));
/* Sync back DR6 as it could have been changed by hitting breakpoints. */
pCtx->dr[6] = pvVMCB->guest.u64DR6;
/* DR7.GD can be cleared by debug exceptions, so sync it back as well. */
pCtx->dr[7] = pvVMCB->guest.u64DR7;
/* Check if an injected event was interrupted prematurely. */
pVCpu->hm.s.Event.u64IntrInfo = pvVMCB->ctrl.ExitIntInfo.au64[0];
if ( pvVMCB->ctrl.ExitIntInfo.n.u1Valid
/* we don't care about 'int xx' as the instruction will be restarted. */
&& pvVMCB->ctrl.ExitIntInfo.n.u3Type != SVM_EVENT_SOFTWARE_INT)
{
Log(("Pending inject %RX64 at %RGv exit=%08x\n", pVCpu->hm.s.Event.u64IntrInfo, (RTGCPTR)pCtx->rip, exitCode));
#ifdef LOG_ENABLED
SVM_EVENT Event;
Event.au64[0] = pVCpu->hm.s.Event.u64IntrInfo;
if ( exitCode == SVM_EXIT_EXCEPTION_E
&& Event.n.u8Vector == 0xE)
{
Log(("Double fault!\n"));
}
#endif
pVCpu->hm.s.Event.fPending = true;
/* Error code present? (redundant) */
if (pvVMCB->ctrl.ExitIntInfo.n.u1ErrorCodeValid)
pVCpu->hm.s.Event.u32ErrCode = pvVMCB->ctrl.ExitIntInfo.n.u32ErrorCode;
else
pVCpu->hm.s.Event.u32ErrCode = 0;
}
#ifdef VBOX_WITH_STATISTICS
if (exitCode == SVM_EXIT_NPF)
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitReasonNpf);
else
STAM_COUNTER_INC(&pVCpu->hm.s.paStatExitReasonR0[exitCode & MASK_EXITREASON_STAT]);
#endif
/* Sync back the TPR if it was changed. */
if (fSyncTPR)
{
if (pVM->hm.s.fTPRPatchingActive)
{
if ((pCtx->msrLSTAR & 0xff) != u8LastTPR)
{
/* Our patch code uses LSTAR for TPR caching. */
rc2 = PDMApicSetTPR(pVCpu, pCtx->msrLSTAR & 0xff);
AssertRC(rc2);
}
}
else
{
if ((uint8_t)(u8LastTPR >> 4) != pvVMCB->ctrl.IntCtrl.n.u8VTPR)
{
/* cr8 bits 3-0 correspond to bits 7-4 of the task priority mmio register. */
rc2 = PDMApicSetTPR(pVCpu, pvVMCB->ctrl.IntCtrl.n.u8VTPR << 4);
AssertRC(rc2);
}
}
}
#ifdef DBGFTRACE_ENABLED /** @todo DTrace */
RTTraceBufAddMsgF(pVM->CTX_SUFF(hTraceBuf), "vmexit %08x at %04:%08RX64 %RX64 %RX64 %RX64",
exitCode, pCtx->cs.Sel, pCtx->rip,
pvVMCB->ctrl.u64ExitInfo1, pvVMCB->ctrl.u64ExitInfo2, pvVMCB->ctrl.ExitIntInfo.au64[0]);
#endif
#if ARCH_BITS == 64 /* for the time being */
VBOXVMM_R0_HMSVM_VMEXIT(pVCpu, pCtx, exitCode, pvVMCB->ctrl.u64ExitInfo1, pvVMCB->ctrl.u64ExitInfo2,
pvVMCB->ctrl.ExitIntInfo.au64[0], UINT64_MAX);
#endif
STAM_PROFILE_ADV_STOP_START(&pVCpu->hm.s.StatExit1, &pVCpu->hm.s.StatExit2, x);
/* Deal with the reason of the VM-exit. */
switch (exitCode)
{
case SVM_EXIT_EXCEPTION_0: case SVM_EXIT_EXCEPTION_1: case SVM_EXIT_EXCEPTION_2: case SVM_EXIT_EXCEPTION_3:
case SVM_EXIT_EXCEPTION_4: case SVM_EXIT_EXCEPTION_5: case SVM_EXIT_EXCEPTION_6: case SVM_EXIT_EXCEPTION_7:
case SVM_EXIT_EXCEPTION_8: case SVM_EXIT_EXCEPTION_9: case SVM_EXIT_EXCEPTION_A: case SVM_EXIT_EXCEPTION_B:
case SVM_EXIT_EXCEPTION_C: case SVM_EXIT_EXCEPTION_D: case SVM_EXIT_EXCEPTION_E: case SVM_EXIT_EXCEPTION_F:
case SVM_EXIT_EXCEPTION_10: case SVM_EXIT_EXCEPTION_11: case SVM_EXIT_EXCEPTION_12: case SVM_EXIT_EXCEPTION_13:
case SVM_EXIT_EXCEPTION_14: case SVM_EXIT_EXCEPTION_15: case SVM_EXIT_EXCEPTION_16: case SVM_EXIT_EXCEPTION_17:
case SVM_EXIT_EXCEPTION_18: case SVM_EXIT_EXCEPTION_19: case SVM_EXIT_EXCEPTION_1A: case SVM_EXIT_EXCEPTION_1B:
case SVM_EXIT_EXCEPTION_1C: case SVM_EXIT_EXCEPTION_1D: case SVM_EXIT_EXCEPTION_1E: case SVM_EXIT_EXCEPTION_1F:
{
/* Pending trap. */
SVM_EVENT Event;
uint32_t vector = exitCode - SVM_EXIT_EXCEPTION_0;
Log2(("Hardware/software interrupt %d\n", vector));
switch (vector)
{
case X86_XCPT_DB:
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestDB);
/* Note that we don't support guest and host-initiated debugging at the same time. */
Assert(DBGFIsStepping(pVCpu) || CPUMIsHyperDebugStateActive(pVCpu));
rc = DBGFRZTrap01Handler(pVM, pVCpu, CPUMCTX2CORE(pCtx), pCtx->dr[6]);
if (rc == VINF_EM_RAW_GUEST_TRAP)
{
Log(("Trap %x (debug) at %016RX64\n", vector, pCtx->rip));
/* Reinject the exception. */
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION; /* trap or fault */
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_DB;
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
/* Return to ring 3 to deal with the debug exit code. */
Log(("Debugger hardware BP at %04x:%RGv (rc=%Rrc)\n", pCtx->cs.Sel, pCtx->rip, VBOXSTRICTRC_VAL(rc)));
break;
}
case X86_XCPT_NM:
{
Log(("#NM fault at %RGv\n", (RTGCPTR)pCtx->rip));
/** @todo don't intercept #NM exceptions anymore when we've activated the guest FPU state. */
/* If we sync the FPU/XMM state on-demand, then we can continue execution as if nothing has happened. */
rc = CPUMR0LoadGuestFPU(pVM, pVCpu, pCtx);
if (rc == VINF_SUCCESS)
{
Assert(CPUMIsGuestFPUStateActive(pVCpu));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowNM);
/* Continue execution. */
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
goto ResumeExecution;
}
Log(("Forward #NM fault to the guest\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestNM);
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION;
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_NM;
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
case X86_XCPT_PF: /* Page fault */
{
uint32_t errCode = pvVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
RTGCUINTPTR uFaultAddress = pvVMCB->ctrl.u64ExitInfo2; /* EXITINFO2 = fault address */
#ifdef VBOX_ALWAYS_TRAP_PF
if (pVM->hm.s.fNestedPaging)
{
/*
* A genuine pagefault. Forward the trap to the guest by injecting the exception and resuming execution.
*/
Log(("Guest page fault at %04X:%RGv cr2=%RGv error code %x rsp=%RGv\n", pCtx->cs, (RTGCPTR)pCtx->rip,
uFaultAddress, errCode, (RTGCPTR)pCtx->rsp));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestPF);
/* Now we must update CR2. */
pCtx->cr2 = uFaultAddress;
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION;
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_PF;
Event.n.u1ErrorCodeValid = 1;
Event.n.u32ErrorCode = errCode;
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
#endif
Assert(!pVM->hm.s.fNestedPaging);
#ifdef VBOX_HM_WITH_GUEST_PATCHING
/* Shortcut for APIC TPR reads and writes; 32 bits guests only */
if ( pVM->hm.s.fTRPPatchingAllowed
&& (uFaultAddress & 0xfff) == 0x080
&& !(errCode & X86_TRAP_PF_P) /* not present */
&& CPUMGetGuestCPL(pVCpu) == 0
&& !CPUMIsGuestInLongModeEx(pCtx)
&& pVM->hm.s.cPatches < RT_ELEMENTS(pVM->hm.s.aPatches))
{
RTGCPHYS GCPhysApicBase, GCPhys;
GCPhysApicBase = pCtx->msrApicBase;
GCPhysApicBase &= PAGE_BASE_GC_MASK;
rc = PGMGstGetPage(pVCpu, (RTGCPTR)uFaultAddress, NULL, &GCPhys);
if ( rc == VINF_SUCCESS
&& GCPhys == GCPhysApicBase)
{
/* Only attempt to patch the instruction once. */
PHMTPRPATCH pPatch = (PHMTPRPATCH)RTAvloU32Get(&pVM->hm.s.PatchTree, (AVLOU32KEY)pCtx->eip);
if (!pPatch)
{
rc = VINF_EM_HM_PATCH_TPR_INSTR;
break;
}
}
}
#endif
Log2(("Page fault at %RGv cr2=%RGv error code %x\n", (RTGCPTR)pCtx->rip, uFaultAddress, errCode));
/* Exit qualification contains the linear address of the page fault. */
TRPMAssertTrap(pVCpu, X86_XCPT_PF, TRPM_TRAP);
TRPMSetErrorCode(pVCpu, errCode);
TRPMSetFaultAddress(pVCpu, uFaultAddress);
/* Forward it to our trap handler first, in case our shadow pages are out of sync. */
rc = PGMTrap0eHandler(pVCpu, errCode, CPUMCTX2CORE(pCtx), (RTGCPTR)uFaultAddress);
Log2(("PGMTrap0eHandler %RGv returned %Rrc\n", (RTGCPTR)pCtx->rip, VBOXSTRICTRC_VAL(rc)));
if (rc == VINF_SUCCESS)
{
/* We've successfully synced our shadow pages, so let's just continue execution. */
Log2(("Shadow page fault at %RGv cr2=%RGv error code %x\n", (RTGCPTR)pCtx->rip, uFaultAddress, errCode));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowPF);
TRPMResetTrap(pVCpu);
goto ResumeExecution;
}
else if (rc == VINF_EM_RAW_GUEST_TRAP)
{
/*
* A genuine pagefault. Forward the trap to the guest by injecting the exception and resuming execution.
*/
Log2(("Forward page fault to the guest\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestPF);
/* The error code might have been changed. */
errCode = TRPMGetErrorCode(pVCpu);
TRPMResetTrap(pVCpu);
/* Now we must update CR2. */
pCtx->cr2 = uFaultAddress;
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION;
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_PF;
Event.n.u1ErrorCodeValid = 1;
Event.n.u32ErrorCode = errCode;
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
#ifdef VBOX_STRICT
if (rc != VINF_EM_RAW_EMULATE_INSTR && rc != VINF_EM_RAW_EMULATE_IO_BLOCK)
LogFlow(("PGMTrap0eHandler failed with %d\n", VBOXSTRICTRC_VAL(rc)));
#endif
/* Need to go back to the recompiler to emulate the instruction. */
TRPMResetTrap(pVCpu);
break;
}
case X86_XCPT_MF: /* Floating point exception. */
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestMF);
if (!(pCtx->cr0 & X86_CR0_NE))
{
/* old style FPU error reporting needs some extra work. */
/** @todo don't fall back to the recompiler, but do it manually. */
rc = VINF_EM_RAW_EMULATE_INSTR;
break;
}
Log(("Trap %x at %RGv\n", vector, (RTGCPTR)pCtx->rip));
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION;
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_MF;
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
#ifdef VBOX_STRICT
case X86_XCPT_BP: /* Breakpoint. */
case X86_XCPT_GP: /* General protection failure exception.*/
case X86_XCPT_UD: /* Unknown opcode exception. */
case X86_XCPT_DE: /* Divide error. */
case X86_XCPT_SS: /* Stack segment exception. */
case X86_XCPT_NP: /* Segment not present exception. */
{
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION;
Event.n.u1Valid = 1;
Event.n.u8Vector = vector;
switch (vector)
{
case X86_XCPT_GP:
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestGP);
Event.n.u1ErrorCodeValid = 1;
Event.n.u32ErrorCode = pvVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
break;
case X86_XCPT_BP:
/** Saves the wrong EIP on the stack (pointing to the int3 instead of the next instruction. */
break;
case X86_XCPT_DE:
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestDE);
break;
case X86_XCPT_UD:
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestUD);
break;
case X86_XCPT_SS:
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestSS);
Event.n.u1ErrorCodeValid = 1;
Event.n.u32ErrorCode = pvVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
break;
case X86_XCPT_NP:
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitGuestNP);
Event.n.u1ErrorCodeValid = 1;
Event.n.u32ErrorCode = pvVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
break;
}
Log(("Trap %x at %04x:%RGv esi=%x\n", vector, pCtx->cs.Sel, (RTGCPTR)pCtx->rip, pCtx->esi));
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
#endif
default:
AssertMsgFailed(("Unexpected vm-exit caused by exception %x\n", vector));
rc = VERR_SVM_UNEXPECTED_XCPT_EXIT;
break;
} /* switch (vector) */
break;
}
case SVM_EXIT_NPF:
{
/* EXITINFO1 contains fault errorcode; EXITINFO2 contains the guest physical address causing the fault. */
uint32_t errCode = pvVMCB->ctrl.u64ExitInfo1; /* EXITINFO1 = error code */
RTGCPHYS GCPhysFault = pvVMCB->ctrl.u64ExitInfo2; /* EXITINFO2 = fault address */
PGMMODE enmShwPagingMode;
Assert(pVM->hm.s.fNestedPaging);
LogFlow(("Nested page fault at %RGv cr2=%RGp error code %x\n", (RTGCPTR)pCtx->rip, GCPhysFault, errCode));
#ifdef VBOX_HM_WITH_GUEST_PATCHING
/* Shortcut for APIC TPR reads and writes; 32 bits guests only */
if ( pVM->hm.s.fTRPPatchingAllowed
&& (GCPhysFault & PAGE_OFFSET_MASK) == 0x080
&& ( !(errCode & X86_TRAP_PF_P) /* not present */
|| (errCode & (X86_TRAP_PF_P | X86_TRAP_PF_RSVD)) == (X86_TRAP_PF_P | X86_TRAP_PF_RSVD) /* mmio optimization */)
&& CPUMGetGuestCPL(pVCpu) == 0
&& !CPUMIsGuestInLongModeEx(pCtx)
&& pVM->hm.s.cPatches < RT_ELEMENTS(pVM->hm.s.aPatches))
{
RTGCPHYS GCPhysApicBase = pCtx->msrApicBase;
GCPhysApicBase &= PAGE_BASE_GC_MASK;
if (GCPhysFault == GCPhysApicBase + 0x80)
{
/* Only attempt to patch the instruction once. */
PHMTPRPATCH pPatch = (PHMTPRPATCH)RTAvloU32Get(&pVM->hm.s.PatchTree, (AVLOU32KEY)pCtx->eip);
if (!pPatch)
{
rc = VINF_EM_HM_PATCH_TPR_INSTR;
break;
}
}
}
#endif
/* Handle the pagefault trap for the nested shadow table. */
#if HC_ARCH_BITS == 32 /** @todo shadow this in a variable. */
if (CPUMIsGuestInLongModeEx(pCtx))
enmShwPagingMode = PGMMODE_AMD64_NX;
else
#endif
enmShwPagingMode = PGMGetHostMode(pVM);
/* MMIO optimization */
Assert((errCode & (X86_TRAP_PF_RSVD | X86_TRAP_PF_P)) != X86_TRAP_PF_RSVD);
if ((errCode & (X86_TRAP_PF_RSVD | X86_TRAP_PF_P)) == (X86_TRAP_PF_RSVD | X86_TRAP_PF_P))
{
rc = PGMR0Trap0eHandlerNPMisconfig(pVM, pVCpu, enmShwPagingMode, CPUMCTX2CORE(pCtx), GCPhysFault, errCode);
/*
* If we succeed, resume execution.
* Or, if fail in interpreting the instruction because we couldn't get the guest physical address
* of the page containing the instruction via the guest's page tables (we would invalidate the guest page
* in the host TLB), resume execution which would cause a guest page fault to let the guest handle this
* weird case. See @bugref{6043}.
*/
if ( rc == VINF_SUCCESS
|| rc == VERR_PAGE_TABLE_NOT_PRESENT
|| rc == VERR_PAGE_NOT_PRESENT)
{
Log2(("PGMR0Trap0eHandlerNPMisconfig(,,,%RGp) at %RGv -> resume\n", GCPhysFault, (RTGCPTR)pCtx->rip));
goto ResumeExecution;
}
Log2(("PGMR0Trap0eHandlerNPMisconfig(,,,%RGp) at %RGv -> resume\n", GCPhysFault, (RTGCPTR)pCtx->rip));
break;
}
/* Exit qualification contains the linear address of the page fault. */
TRPMAssertTrap(pVCpu, X86_XCPT_PF, TRPM_TRAP);
TRPMSetErrorCode(pVCpu, errCode);
TRPMSetFaultAddress(pVCpu, GCPhysFault);
rc = PGMR0Trap0eHandlerNestedPaging(pVM, pVCpu, enmShwPagingMode, errCode, CPUMCTX2CORE(pCtx), GCPhysFault);
Log2(("PGMR0Trap0eHandlerNestedPaging %RGv returned %Rrc\n", (RTGCPTR)pCtx->rip, VBOXSTRICTRC_VAL(rc)));
/*
* Same case as PGMR0Trap0eHandlerNPMisconfig(). See comment above, @bugref{6043}.
*/
if ( rc == VINF_SUCCESS
|| rc == VERR_PAGE_TABLE_NOT_PRESENT
|| rc == VERR_PAGE_NOT_PRESENT)
{
/* We've successfully synced our shadow pages, so let's just continue execution. */
Log2(("Shadow page fault at %RGv cr2=%RGp error code %x\n", (RTGCPTR)pCtx->rip, GCPhysFault, errCode));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitShadowPF);
TRPMResetTrap(pVCpu);
goto ResumeExecution;
}
#ifdef VBOX_STRICT
if (rc != VINF_EM_RAW_EMULATE_INSTR)
LogFlow(("PGMTrap0eHandlerNestedPaging failed with %d\n", VBOXSTRICTRC_VAL(rc)));
#endif
/* Need to go back to the recompiler to emulate the instruction. */
TRPMResetTrap(pVCpu);
break;
}
case SVM_EXIT_VINTR:
/* A virtual interrupt is about to be delivered, which means IF=1. */
Log(("SVM_EXIT_VINTR IF=%d\n", pCtx->eflags.Bits.u1IF));
pvVMCB->ctrl.IntCtrl.n.u1VIrqValid = 0;
pvVMCB->ctrl.IntCtrl.n.u8VIrqVector = 0;
goto ResumeExecution;
case SVM_EXIT_FERR_FREEZE:
case SVM_EXIT_INTR:
case SVM_EXIT_NMI:
case SVM_EXIT_SMI:
case SVM_EXIT_INIT:
/* External interrupt; leave to allow it to be dispatched again. */
rc = VINF_EM_RAW_INTERRUPT;
break;
case SVM_EXIT_WBINVD:
case SVM_EXIT_INVD: /* Guest software attempted to execute INVD. */
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitInvd);
/* Skip instruction and continue directly. */
pCtx->rip += 2; /* Note! hardcoded opcode size! */
/* Continue execution.*/
goto ResumeExecution;
case SVM_EXIT_CPUID: /* Guest software attempted to execute CPUID. */
{
Log2(("SVM: Cpuid at %RGv for %x\n", (RTGCPTR)pCtx->rip, pCtx->eax));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitCpuid);
rc = EMInterpretCpuId(pVM, pVCpu, CPUMCTX2CORE(pCtx));
if (rc == VINF_SUCCESS)
{
/* Update EIP and continue execution. */
pCtx->rip += 2; /* Note! hardcoded opcode size! */
goto ResumeExecution;
}
AssertMsgFailed(("EMU: cpuid failed with %Rrc\n", VBOXSTRICTRC_VAL(rc)));
rc = VINF_EM_RAW_EMULATE_INSTR;
break;
}
case SVM_EXIT_RDTSC: /* Guest software attempted to execute RDTSC. */
{
Log2(("SVM: Rdtsc\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitRdtsc);
rc = EMInterpretRdtsc(pVM, pVCpu, CPUMCTX2CORE(pCtx));
if (rc == VINF_SUCCESS)
{
/* Update EIP and continue execution. */
pCtx->rip += 2; /* Note! hardcoded opcode size! */
goto ResumeExecution;
}
rc = VINF_EM_RAW_EMULATE_INSTR;
break;
}
case SVM_EXIT_RDPMC: /* Guest software attempted to execute RDPMC. */
{
Log2(("SVM: Rdpmc %x\n", pCtx->ecx));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitRdpmc);
rc = EMInterpretRdpmc(pVM, pVCpu, CPUMCTX2CORE(pCtx));
if (rc == VINF_SUCCESS)
{
/* Update EIP and continue execution. */
pCtx->rip += 2; /* Note! hardcoded opcode size! */
goto ResumeExecution;
}
rc = VINF_EM_RAW_EMULATE_INSTR;
break;
}
case SVM_EXIT_RDTSCP: /* Guest software attempted to execute RDTSCP. */
{
Log2(("SVM: Rdtscp\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitRdtscp);
rc = EMInterpretRdtscp(pVM, pVCpu, pCtx);
if (rc == VINF_SUCCESS)
{
/* Update EIP and continue execution. */
pCtx->rip += 3; /* Note! hardcoded opcode size! */
goto ResumeExecution;
}
AssertMsgFailed(("EMU: rdtscp failed with %Rrc\n", VBOXSTRICTRC_VAL(rc)));
rc = VINF_EM_RAW_EMULATE_INSTR;
break;
}
case SVM_EXIT_INVLPG: /* Guest software attempted to execute INVLPG. */
{
Log2(("SVM: invlpg\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitInvlpg);
Assert(!pVM->hm.s.fNestedPaging);
/* Truly a pita. Why can't SVM give the same information as VT-x? */
rc = hmR0SvmInterpretInvlpg(pVM, pVCpu, CPUMCTX2CORE(pCtx));
if (rc == VINF_SUCCESS)
{
goto ResumeExecution; /* eip already updated */
}
break;
}
case SVM_EXIT_WRITE_CR0: case SVM_EXIT_WRITE_CR1: case SVM_EXIT_WRITE_CR2: case SVM_EXIT_WRITE_CR3:
case SVM_EXIT_WRITE_CR4: case SVM_EXIT_WRITE_CR5: case SVM_EXIT_WRITE_CR6: case SVM_EXIT_WRITE_CR7:
case SVM_EXIT_WRITE_CR8: case SVM_EXIT_WRITE_CR9: case SVM_EXIT_WRITE_CR10: case SVM_EXIT_WRITE_CR11:
case SVM_EXIT_WRITE_CR12: case SVM_EXIT_WRITE_CR13: case SVM_EXIT_WRITE_CR14: case SVM_EXIT_WRITE_CR15:
{
Log2(("SVM: %RGv mov cr%d, \n", (RTGCPTR)pCtx->rip, exitCode - SVM_EXIT_WRITE_CR0));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitCRxWrite[exitCode - SVM_EXIT_WRITE_CR0]);
rc = EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0);
switch (exitCode - SVM_EXIT_WRITE_CR0)
{
case 0:
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
break;
case 2:
break;
case 3:
Assert(!pVM->hm.s.fNestedPaging);
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR3;
break;
case 4:
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR4;
break;
case 8:
break;
default:
AssertFailed();
}
if (rc == VINF_SUCCESS)
{
/* EIP has been updated already. */
/* Only resume if successful. */
goto ResumeExecution;
}
Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
break;
}
case SVM_EXIT_READ_CR0: case SVM_EXIT_READ_CR1: case SVM_EXIT_READ_CR2: case SVM_EXIT_READ_CR3:
case SVM_EXIT_READ_CR4: case SVM_EXIT_READ_CR5: case SVM_EXIT_READ_CR6: case SVM_EXIT_READ_CR7:
case SVM_EXIT_READ_CR8: case SVM_EXIT_READ_CR9: case SVM_EXIT_READ_CR10: case SVM_EXIT_READ_CR11:
case SVM_EXIT_READ_CR12: case SVM_EXIT_READ_CR13: case SVM_EXIT_READ_CR14: case SVM_EXIT_READ_CR15:
{
Log2(("SVM: %RGv mov x, cr%d\n", (RTGCPTR)pCtx->rip, exitCode - SVM_EXIT_READ_CR0));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitCRxRead[exitCode - SVM_EXIT_READ_CR0]);
rc = EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0);
if (rc == VINF_SUCCESS)
{
/* EIP has been updated already. */
/* Only resume if successful. */
goto ResumeExecution;
}
Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
break;
}
case SVM_EXIT_WRITE_DR0: case SVM_EXIT_WRITE_DR1: case SVM_EXIT_WRITE_DR2: case SVM_EXIT_WRITE_DR3:
case SVM_EXIT_WRITE_DR4: case SVM_EXIT_WRITE_DR5: case SVM_EXIT_WRITE_DR6: case SVM_EXIT_WRITE_DR7:
case SVM_EXIT_WRITE_DR8: case SVM_EXIT_WRITE_DR9: case SVM_EXIT_WRITE_DR10: case SVM_EXIT_WRITE_DR11:
case SVM_EXIT_WRITE_DR12: case SVM_EXIT_WRITE_DR13: case SVM_EXIT_WRITE_DR14: case SVM_EXIT_WRITE_DR15:
{
Log2(("SVM: %RGv mov dr%d, x\n", (RTGCPTR)pCtx->rip, exitCode - SVM_EXIT_WRITE_DR0));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitDRxWrite);
if ( !DBGFIsStepping(pVCpu)
&& !CPUMIsHyperDebugStateActive(pVCpu))
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxContextSwitch);
/* Disable drx move intercepts. */
pvVMCB->ctrl.u16InterceptRdDRx = 0;
pvVMCB->ctrl.u16InterceptWrDRx = 0;
/* Save the host and load the guest debug state. */
rc2 = CPUMR0LoadGuestDebugState(pVM, pVCpu, pCtx, false /* exclude DR6 */);
AssertRC(rc2);
goto ResumeExecution;
}
rc = EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0);
if (rc == VINF_SUCCESS)
{
/* EIP has been updated already. */
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_DEBUG;
/* Only resume if successful. */
goto ResumeExecution;
}
Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
break;
}
case SVM_EXIT_READ_DR0: case SVM_EXIT_READ_DR1: case SVM_EXIT_READ_DR2: case SVM_EXIT_READ_DR3:
case SVM_EXIT_READ_DR4: case SVM_EXIT_READ_DR5: case SVM_EXIT_READ_DR6: case SVM_EXIT_READ_DR7:
case SVM_EXIT_READ_DR8: case SVM_EXIT_READ_DR9: case SVM_EXIT_READ_DR10: case SVM_EXIT_READ_DR11:
case SVM_EXIT_READ_DR12: case SVM_EXIT_READ_DR13: case SVM_EXIT_READ_DR14: case SVM_EXIT_READ_DR15:
{
Log2(("SVM: %RGv mov x, dr%d\n", (RTGCPTR)pCtx->rip, exitCode - SVM_EXIT_READ_DR0));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitDRxRead);
if (!DBGFIsStepping(pVCpu))
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxContextSwitch);
/* Disable DRx move intercepts. */
pvVMCB->ctrl.u16InterceptRdDRx = 0;
pvVMCB->ctrl.u16InterceptWrDRx = 0;
/* Save the host and load the guest debug state. */
rc2 = CPUMR0LoadGuestDebugState(pVM, pVCpu, pCtx, false /* exclude DR6 */);
AssertRC(rc2);
goto ResumeExecution;
}
rc = EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0);
if (rc == VINF_SUCCESS)
{
/* EIP has been updated already. */
/* Only resume if successful. */
goto ResumeExecution;
}
Assert(rc == VERR_EM_INTERPRETER || rc == VINF_PGM_CHANGE_MODE || rc == VINF_PGM_SYNC_CR3);
break;
}
/* Note: We'll get a #GP if the IO instruction isn't allowed (IOPL or TSS bitmap); no need to double check. */
case SVM_EXIT_IOIO: /* I/O instruction. */
{
SVM_IOIO_EXIT IoExitInfo;
IoExitInfo.au32[0] = pvVMCB->ctrl.u64ExitInfo1;
unsigned uIdx = (IoExitInfo.au32[0] >> 4) & 0x7;
uint32_t uIOSize = g_aIOSize[uIdx];
uint32_t uAndVal = g_aIOOpAnd[uIdx];
if (RT_UNLIKELY(!uIOSize))
{
AssertFailed(); /* should be fatal. */
rc = VINF_EM_RAW_EMULATE_INSTR; /** @todo r=ramshankar: would this really fall back to the recompiler and work? */
break;
}
if (IoExitInfo.n.u1STR)
{
/* ins/outs */
PDISCPUSTATE pDis = &pVCpu->hm.s.DisState;
/* Disassemble manually to deal with segment prefixes. */
rc = EMInterpretDisasCurrent(pVM, pVCpu, pDis, NULL);
if (rc == VINF_SUCCESS)
{
if (IoExitInfo.n.u1Type == 0)
{
Log2(("IOMInterpretOUTSEx %RGv %x size=%d\n", (RTGCPTR)pCtx->rip, IoExitInfo.n.u16Port, uIOSize));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitIOStringWrite);
rc = IOMInterpretOUTSEx(pVM, CPUMCTX2CORE(pCtx), IoExitInfo.n.u16Port, pDis->fPrefix,
(DISCPUMODE)pDis->uAddrMode, uIOSize);
}
else
{
Log2(("IOMInterpretINSEx %RGv %x size=%d\n", (RTGCPTR)pCtx->rip, IoExitInfo.n.u16Port, uIOSize));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitIOStringRead);
rc = IOMInterpretINSEx(pVM, CPUMCTX2CORE(pCtx), IoExitInfo.n.u16Port, pDis->fPrefix,
(DISCPUMODE)pDis->uAddrMode, uIOSize);
}
}
else
rc = VINF_EM_RAW_EMULATE_INSTR;
}
else
{
/* Normal in/out */
Assert(!IoExitInfo.n.u1REP);
if (IoExitInfo.n.u1Type == 0)
{
Log2(("IOMIOPortWrite %RGv %x %x size=%d\n", (RTGCPTR)pCtx->rip, IoExitInfo.n.u16Port, pCtx->eax & uAndVal,
uIOSize));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitIOWrite);
rc = IOMIOPortWrite(pVM, IoExitInfo.n.u16Port, pCtx->eax & uAndVal, uIOSize);
if (rc == VINF_IOM_R3_IOPORT_WRITE)
{
HMR0SavePendingIOPortWrite(pVCpu, pCtx->rip, pvVMCB->ctrl.u64ExitInfo2, IoExitInfo.n.u16Port,
uAndVal, uIOSize);
}
}
else
{
uint32_t u32Val = 0;
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitIORead);
rc = IOMIOPortRead(pVM, IoExitInfo.n.u16Port, &u32Val, uIOSize);
if (IOM_SUCCESS(rc))
{
/* Write back to the EAX register. */
pCtx->eax = (pCtx->eax & ~uAndVal) | (u32Val & uAndVal);
Log2(("IOMIOPortRead %RGv %x %x size=%d\n", (RTGCPTR)pCtx->rip, IoExitInfo.n.u16Port, u32Val & uAndVal,
uIOSize));
}
else if (rc == VINF_IOM_R3_IOPORT_READ)
{
HMR0SavePendingIOPortRead(pVCpu, pCtx->rip, pvVMCB->ctrl.u64ExitInfo2, IoExitInfo.n.u16Port,
uAndVal, uIOSize);
}
}
}
/*
* Handled the I/O return codes.
* (The unhandled cases end up with rc == VINF_EM_RAW_EMULATE_INSTR.)
*/
if (IOM_SUCCESS(rc))
{
/* Update EIP and continue execution. */
pCtx->rip = pvVMCB->ctrl.u64ExitInfo2; /* RIP/EIP of the next instruction is saved in EXITINFO2. */
if (RT_LIKELY(rc == VINF_SUCCESS))
{
/* If any IO breakpoints are armed, then we should check if a debug trap needs to be generated. */
if (pCtx->dr[7] & X86_DR7_ENABLED_MASK)
{
/* IO operation lookup arrays. */
static uint32_t const aIOSize[4] = { 1, 2, 0, 4 };
STAM_COUNTER_INC(&pVCpu->hm.s.StatDRxIoCheck);
for (unsigned i = 0; i < 4; i++)
{
unsigned uBPLen = aIOSize[X86_DR7_GET_LEN(pCtx->dr[7], i)];
if ( (IoExitInfo.n.u16Port >= pCtx->dr[i] && IoExitInfo.n.u16Port < pCtx->dr[i] + uBPLen)
&& (pCtx->dr[7] & (X86_DR7_L(i) | X86_DR7_G(i)))
&& (pCtx->dr[7] & X86_DR7_RW(i, X86_DR7_RW_IO)) == X86_DR7_RW(i, X86_DR7_RW_IO))
{
SVM_EVENT Event;
Assert(CPUMIsGuestDebugStateActive(pVCpu));
/* Clear all breakpoint status flags and set the one we just hit. */
pCtx->dr[6] &= ~(X86_DR6_B0|X86_DR6_B1|X86_DR6_B2|X86_DR6_B3);
pCtx->dr[6] |= (uint64_t)RT_BIT(i);
/*
* Note: AMD64 Architecture Programmer's Manual 13.1:
* Bits 15:13 of the DR6 register is never cleared by the processor and must be cleared
* by software after the contents have been read.
*/
pvVMCB->guest.u64DR6 = pCtx->dr[6];
/* X86_DR7_GD will be cleared if drx accesses should be trapped inside the guest. */
pCtx->dr[7] &= ~X86_DR7_GD;
/* Paranoia. */
pCtx->dr[7] &= 0xffffffff; /* upper 32 bits reserved */
pCtx->dr[7] &= ~(RT_BIT(11) | RT_BIT(12) | RT_BIT(14) | RT_BIT(15)); /* must be zero */
pCtx->dr[7] |= 0x400; /* must be one */
pvVMCB->guest.u64DR7 = pCtx->dr[7];
/* Inject the exception. */
Log(("Inject IO debug trap at %RGv\n", (RTGCPTR)pCtx->rip));
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION; /* trap or fault */
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_DB;
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
}
}
goto ResumeExecution;
}
Log2(("EM status from IO at %RGv %x size %d: %Rrc\n", (RTGCPTR)pCtx->rip, IoExitInfo.n.u16Port, uIOSize,
VBOXSTRICTRC_VAL(rc)));
break;
}
#ifdef VBOX_STRICT
if (rc == VINF_IOM_R3_IOPORT_READ)
Assert(IoExitInfo.n.u1Type != 0);
else if (rc == VINF_IOM_R3_IOPORT_WRITE)
Assert(IoExitInfo.n.u1Type == 0);
else
{
AssertMsg( RT_FAILURE(rc)
|| rc == VINF_EM_RAW_EMULATE_INSTR
|| rc == VINF_EM_RAW_GUEST_TRAP
|| rc == VINF_TRPM_XCPT_DISPATCHED, ("%Rrc\n", VBOXSTRICTRC_VAL(rc)));
}
#endif
Log2(("Failed IO at %RGv %x size %d\n", (RTGCPTR)pCtx->rip, IoExitInfo.n.u16Port, uIOSize));
break;
}
case SVM_EXIT_HLT:
/* Check if external interrupts are pending; if so, don't switch back. */
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitHlt);
pCtx->rip++; /* skip hlt */
if (EMShouldContinueAfterHalt(pVCpu, pCtx))
goto ResumeExecution;
rc = VINF_EM_HALT;
break;
case SVM_EXIT_MWAIT_UNCOND:
Log2(("SVM: mwait\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitMwait);
rc = EMInterpretMWait(pVM, pVCpu, CPUMCTX2CORE(pCtx));
if ( rc == VINF_EM_HALT
|| rc == VINF_SUCCESS)
{
/* Update EIP and continue execution. */
pCtx->rip += 3; /* Note: hardcoded opcode size assumption! */
/* Check if external interrupts are pending; if so, don't switch back. */
if ( rc == VINF_SUCCESS
|| ( rc == VINF_EM_HALT
&& EMShouldContinueAfterHalt(pVCpu, pCtx))
)
goto ResumeExecution;
}
AssertMsg(rc == VERR_EM_INTERPRETER || rc == VINF_EM_HALT, ("EMU: mwait failed with %Rrc\n", VBOXSTRICTRC_VAL(rc)));
break;
case SVM_EXIT_MONITOR:
{
Log2(("SVM: monitor\n"));
STAM_COUNTER_INC(&pVCpu->hm.s.StatExitMonitor);
rc = EMInterpretMonitor(pVM, pVCpu, CPUMCTX2CORE(pCtx));
if (rc == VINF_SUCCESS)
{
/* Update EIP and continue execution. */
pCtx->rip += 3; /* Note: hardcoded opcode size assumption! */
goto ResumeExecution;
}
AssertMsg(rc == VERR_EM_INTERPRETER, ("EMU: monitor failed with %Rrc\n", VBOXSTRICTRC_VAL(rc)));
break;
}
case SVM_EXIT_VMMCALL:
rc = hmR0SvmEmulateTprVMMCall(pVM, pVCpu, pCtx);
if (rc == VINF_SUCCESS)
{
goto ResumeExecution; /* rip already updated. */
}
/* no break */
case SVM_EXIT_RSM:
case SVM_EXIT_INVLPGA:
case SVM_EXIT_VMRUN:
case SVM_EXIT_VMLOAD:
case SVM_EXIT_VMSAVE:
case SVM_EXIT_STGI:
case SVM_EXIT_CLGI:
case SVM_EXIT_SKINIT:
{
/* Unsupported instructions. */
SVM_EVENT Event;
Event.au64[0] = 0;
Event.n.u3Type = SVM_EVENT_EXCEPTION;
Event.n.u1Valid = 1;
Event.n.u8Vector = X86_XCPT_UD;
Log(("Forced #UD trap at %RGv\n", (RTGCPTR)pCtx->rip));
hmR0SvmSetPendingEvent(pVCpu, &Event);
goto ResumeExecution;
}
/* Emulate in ring-3. */
case SVM_EXIT_MSR:
{
/* When an interrupt is pending, we'll let MSR_K8_LSTAR writes fault in our TPR patch code. */
if ( pVM->hm.s.fTPRPatchingActive
&& pCtx->ecx == MSR_K8_LSTAR
&& pvVMCB->ctrl.u64ExitInfo1 == 1 /* wrmsr */)
{
if ((pCtx->eax & 0xff) != u8LastTPR)
{
Log(("SVM: Faulting MSR_K8_LSTAR write with new TPR value %x\n", pCtx->eax & 0xff));
/* Our patch code uses LSTAR for TPR caching. */
rc2 = PDMApicSetTPR(pVCpu, pCtx->eax & 0xff);
AssertRC(rc2);
}
/* Skip the instruction and continue. */
pCtx->rip += 2; /* wrmsr = [0F 30] */
/* Only resume if successful. */
goto ResumeExecution;
}
/*
* The Intel spec. claims there's an REX version of RDMSR that's slightly different,
* so we play safe by completely disassembling the instruction.
*/
STAM_COUNTER_INC((pvVMCB->ctrl.u64ExitInfo1 == 0) ? &pVCpu->hm.s.StatExitRdmsr : &pVCpu->hm.s.StatExitWrmsr);
Log(("SVM: %s\n", (pvVMCB->ctrl.u64ExitInfo1 == 0) ? "rdmsr" : "wrmsr"));
rc = EMInterpretInstruction(pVCpu, CPUMCTX2CORE(pCtx), 0);
if (rc == VINF_SUCCESS)
{
/* EIP has been updated already. */
/* Only resume if successful. */
goto ResumeExecution;
}
AssertMsg(rc == VERR_EM_INTERPRETER, ("EMU: %s failed with %Rrc\n", (pvVMCB->ctrl.u64ExitInfo1 == 0) ? "rdmsr" : "wrmsr",
VBOXSTRICTRC_VAL(rc)));
break;
}
case SVM_EXIT_TASK_SWITCH: /* too complicated to emulate, so fall back to the recompiler */
Log(("SVM_EXIT_TASK_SWITCH: exit2=%RX64\n", pvVMCB->ctrl.u64ExitInfo2));
if ( !(pvVMCB->ctrl.u64ExitInfo2 & (SVM_EXIT2_TASK_SWITCH_IRET | SVM_EXIT2_TASK_SWITCH_JMP))
&& pVCpu->hm.s.Event.fPending)
{
SVM_EVENT Event;
Event.au64[0] = pVCpu->hm.s.Event.u64IntrInfo;
/* Caused by an injected interrupt. */
pVCpu->hm.s.Event.fPending = false;
switch (Event.n.u3Type)
{
case SVM_EVENT_EXTERNAL_IRQ:
case SVM_EVENT_NMI:
Log(("SVM_EXIT_TASK_SWITCH: reassert trap %d\n", Event.n.u8Vector));
Assert(!Event.n.u1ErrorCodeValid);
rc2 = TRPMAssertTrap(pVCpu, Event.n.u8Vector, TRPM_HARDWARE_INT);
AssertRC(rc2);
break;
default:
/* Exceptions and software interrupts can just be restarted. */
break;
}
}
rc = VERR_EM_INTERPRETER;
break;
case SVM_EXIT_PAUSE:
case SVM_EXIT_MWAIT_ARMED:
rc = VERR_EM_INTERPRETER;
break;
case SVM_EXIT_SHUTDOWN:
rc = VINF_EM_RESET; /* Triple fault equals a reset. */
break;
case SVM_EXIT_IDTR_READ:
case SVM_EXIT_GDTR_READ:
case SVM_EXIT_LDTR_READ:
case SVM_EXIT_TR_READ:
case SVM_EXIT_IDTR_WRITE:
case SVM_EXIT_GDTR_WRITE:
case SVM_EXIT_LDTR_WRITE:
case SVM_EXIT_TR_WRITE:
case SVM_EXIT_CR0_SEL_WRITE:
default:
/* Unexpected exit codes. */
rc = VERR_SVM_UNEXPECTED_EXIT;
AssertMsgFailed(("Unexpected exit code %x\n", exitCode)); /* Can't happen. */
break;
}
end:
/*
* We are now going back to ring-3, so clear the forced action flag.
*/
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TO_R3);
/*
* Signal changes to the recompiler.
*/
CPUMSetChangedFlags(pVCpu,
CPUM_CHANGED_SYSENTER_MSR
| CPUM_CHANGED_LDTR
| CPUM_CHANGED_GDTR
| CPUM_CHANGED_IDTR
| CPUM_CHANGED_TR
| CPUM_CHANGED_HIDDEN_SEL_REGS);
/*
* If we executed vmrun and an external IRQ was pending, then we don't have to do a full sync the next time.
*/
if (exitCode == SVM_EXIT_INTR)
{
STAM_COUNTER_INC(&pVCpu->hm.s.StatPendingHostIrq);
/* On the next entry we'll only sync the host context. */
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_HOST_CONTEXT;
}
else
{
/* On the next entry we'll sync everything. */
/** @todo we can do better than this */
/* Not in the VINF_PGM_CHANGE_MODE though! */
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_ALL;
}
/* Translate into a less severe return code */
if (rc == VERR_EM_INTERPRETER)
rc = VINF_EM_RAW_EMULATE_INSTR;
/* Just set the correct state here instead of trying to catch every goto above. */
VMCPU_CMPXCHG_STATE(pVCpu, VMCPUSTATE_STARTED, VMCPUSTATE_STARTED_EXEC);
#ifdef VBOX_WITH_VMMR0_DISABLE_PREEMPTION
/* Restore interrupts if we exitted after disabling them. */
if (uOldEFlags != ~(RTCCUINTREG)0)
ASMSetFlags(uOldEFlags);
#endif
STAM_PROFILE_ADV_STOP(&pVCpu->hm.s.StatExit2, x);
STAM_PROFILE_ADV_STOP(&pVCpu->hm.s.StatExit1, x);
STAM_PROFILE_ADV_STOP(&pVCpu->hm.s.StatEntry, x);
return VBOXSTRICTRC_TODO(rc);
}
/**
* Emulate simple mov tpr instruction.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param pCtx Pointer to the guest CPU context.
*/
static int hmR0SvmEmulateTprVMMCall(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
{
int rc;
LogFlow(("Emulated VMMCall TPR access replacement at %RGv\n", pCtx->rip));
for (;;)
{
bool fPending;
uint8_t u8Tpr;
PHMTPRPATCH pPatch = (PHMTPRPATCH)RTAvloU32Get(&pVM->hm.s.PatchTree, (AVLOU32KEY)pCtx->eip);
if (!pPatch)
break;
switch (pPatch->enmType)
{
case HMTPRINSTR_READ:
/* TPR caching in CR8 */
rc = PDMApicGetTPR(pVCpu, &u8Tpr, &fPending);
AssertRC(rc);
rc = DISWriteReg32(CPUMCTX2CORE(pCtx), pPatch->uDstOperand, u8Tpr);
AssertRC(rc);
LogFlow(("Emulated read successfully\n"));
pCtx->rip += pPatch->cbOp;
break;
case HMTPRINSTR_WRITE_REG:
case HMTPRINSTR_WRITE_IMM:
/* Fetch the new TPR value */
if (pPatch->enmType == HMTPRINSTR_WRITE_REG)
{
uint32_t val;
rc = DISFetchReg32(CPUMCTX2CORE(pCtx), pPatch->uSrcOperand, &val);
AssertRC(rc);
u8Tpr = val;
}
else
u8Tpr = (uint8_t)pPatch->uSrcOperand;
rc = PDMApicSetTPR(pVCpu, u8Tpr);
AssertRC(rc);
LogFlow(("Emulated write successfully\n"));
pCtx->rip += pPatch->cbOp;
break;
default:
AssertMsgFailedReturn(("Unexpected type %d\n", pPatch->enmType), VERR_SVM_UNEXPECTED_PATCH_TYPE);
}
}
return VINF_SUCCESS;
}
/**
* Enters the AMD-V session.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param pCpu Pointer to the CPU info struct.
*/
VMMR0DECL(int) SVMR0Enter(PVM pVM, PVMCPU pVCpu, PHMGLOBLCPUINFO pCpu)
{
Assert(pVM->hm.s.svm.fSupported);
LogFlow(("SVMR0Enter cpu%d last=%d asid=%d\n", pCpu->idCpu, pVCpu->hm.s.idLastCpu, pVCpu->hm.s.uCurrentAsid));
pVCpu->hm.s.fResumeVM = false;
/* Force to reload LDTR, so we'll execute VMLoad to load additional guest state. */
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_LDTR;
return VINF_SUCCESS;
}
/**
* Leaves the AMD-V session.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param pCtx Pointer to the guest CPU context.
*/
VMMR0DECL(int) SVMR0Leave(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
{
SVM_VMCB *pvVMCB = (SVM_VMCB *)pVCpu->hm.s.svm.pvVMCB;
Assert(pVM->hm.s.svm.fSupported);
#ifdef DEBUG
if (CPUMIsHyperDebugStateActive(pVCpu))
{
CPUMR0LoadHostDebugState(pVM, pVCpu);
}
else
#endif
/* Save the guest debug state if necessary. */
if (CPUMIsGuestDebugStateActive(pVCpu))
{
CPUMR0SaveGuestDebugState(pVM, pVCpu, pCtx, false /* skip DR6 */);
/* Intercept all DRx reads and writes again. Changed later on. */
pvVMCB->ctrl.u16InterceptRdDRx = 0xFFFF;
pvVMCB->ctrl.u16InterceptWrDRx = 0xFFFF;
/* Resync the debug registers the next time. */
pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_DEBUG;
}
else
Assert(pvVMCB->ctrl.u16InterceptRdDRx == 0xFFFF && pvVMCB->ctrl.u16InterceptWrDRx == 0xFFFF);
return VINF_SUCCESS;
}
/**
* Worker for Interprets INVLPG.
*
* @return VBox status code.
* @param pVCpu Pointer to the VMCPU.
* @param pCpu Pointer to the CPU info struct.
* @param pRegFrame Pointer to the register frame.
*/
static int hmR0svmInterpretInvlPgEx(PVMCPU pVCpu, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame)
{
DISQPVPARAMVAL param1;
RTGCPTR addr;
int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->Param1, &param1, DISQPVWHICH_SRC);
if (RT_FAILURE(rc))
return VERR_EM_INTERPRETER;
switch (param1.type)
{
case DISQPV_TYPE_IMMEDIATE:
case DISQPV_TYPE_ADDRESS:
if (!(param1.flags & (DISQPV_FLAG_32 | DISQPV_FLAG_64)))
return VERR_EM_INTERPRETER;
addr = param1.val.val64;
break;
default:
return VERR_EM_INTERPRETER;
}
/** @todo is addr always a flat linear address or ds based
* (in absence of segment override prefixes)????
*/
rc = PGMInvalidatePage(pVCpu, addr);
if (RT_SUCCESS(rc))
return VINF_SUCCESS;
AssertRC(rc);
return rc;
}
/**
* Interprets INVLPG.
*
* @returns VBox status code.
* @retval VINF_* Scheduling instructions.
* @retval VERR_EM_INTERPRETER Something we can't cope with.
* @retval VERR_* Fatal errors.
*
* @param pVM Pointer to the VM.
* @param pRegFrame Pointer to the register frame.
*
* @remarks Updates the EIP if an instruction was executed successfully.
*/
static int hmR0SvmInterpretInvlpg(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
{
/*
* Only allow 32 & 64 bit code.
*/
if (CPUMGetGuestCodeBits(pVCpu) != 16)
{
PDISSTATE pDis = &pVCpu->hm.s.DisState;
int rc = EMInterpretDisasCurrent(pVM, pVCpu, pDis, NULL);
if (RT_SUCCESS(rc) && pDis->pCurInstr->uOpcode == OP_INVLPG)
{
rc = hmR0svmInterpretInvlPgEx(pVCpu, pDis, pRegFrame);
if (RT_SUCCESS(rc))
pRegFrame->rip += pDis->cbInstr; /* Move on to the next instruction. */
return rc;
}
}
return VERR_EM_INTERPRETER;
}
/**
* Invalidates a guest page by guest virtual address.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param GCVirt Guest virtual address of the page to invalidate.
*/
VMMR0DECL(int) SVMR0InvalidatePage(PVM pVM, PVMCPU pVCpu, RTGCPTR GCVirt)
{
bool fFlushPending = pVM->hm.s.svm.fAlwaysFlushTLB | VMCPU_FF_ISSET(pVCpu, VMCPU_FF_TLB_FLUSH);
/* Skip it if a TLB flush is already pending. */
if (!fFlushPending)
{
SVM_VMCB *pvVMCB;
Log2(("SVMR0InvalidatePage %RGv\n", GCVirt));
AssertReturn(pVM, VERR_INVALID_PARAMETER);
Assert(pVM->hm.s.svm.fSupported);
pvVMCB = (SVM_VMCB *)pVCpu->hm.s.svm.pvVMCB;
AssertMsgReturn(pvVMCB, ("Invalid pvVMCB\n"), VERR_SVM_INVALID_PVMCB);
#if HC_ARCH_BITS == 32
/* If we get a flush in 64 bits guest mode, then force a full TLB flush. Invlpga takes only 32 bits addresses. */
if (CPUMIsGuestInLongMode(pVCpu))
VMCPU_FF_SET(pVCpu, VMCPU_FF_TLB_FLUSH);
else
#endif
{
SVMR0InvlpgA(GCVirt, pvVMCB->ctrl.TLBCtrl.n.u32ASID);
STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushTlbInvlpgVirt);
}
}
return VINF_SUCCESS;
}
#if 0 /* obsolete, but left here for clarification. */
/**
* Invalidates a guest page by physical address.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param GCPhys Guest physical address of the page to invalidate.
*/
VMMR0DECL(int) SVMR0InvalidatePhysPage(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys)
{
Assert(pVM->hm.s.fNestedPaging);
/* invlpga only invalidates TLB entries for guest virtual addresses; we have no choice but to force a TLB flush here. */
VMCPU_FF_SET(pVCpu, VMCPU_FF_TLB_FLUSH);
STAM_COUNTER_INC(&pVCpu->hm.s.StatFlushTlbInvlpgPhys);
return VINF_SUCCESS;
}
#endif
#if HC_ARCH_BITS == 32 && defined(VBOX_ENABLE_64_BITS_GUESTS) && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL)
/**
* Prepares for and executes VMRUN (64-bit guests from a 32-bit host).
*
* @returns VBox status code.
* @param HCPhysVMCBHost Physical address of host VMCB.
* @param HCPhysVMCB Physical address of the VMCB.
* @param pCtx Pointer to the guest CPU context.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
*/
DECLASM(int) SVMR0VMSwitcherRun64(RTHCPHYS HCPhysVMCBHost, RTHCPHYS HCPhysVMCB, PCPUMCTX pCtx, PVM pVM, PVMCPU pVCpu)
{
uint32_t aParam[4];
aParam[0] = (uint32_t)(HCPhysVMCBHost); /* Param 1: HCPhysVMCBHost - Lo. */
aParam[1] = (uint32_t)(HCPhysVMCBHost >> 32); /* Param 1: HCPhysVMCBHost - Hi. */
aParam[2] = (uint32_t)(HCPhysVMCB); /* Param 2: HCPhysVMCB - Lo. */
aParam[3] = (uint32_t)(HCPhysVMCB >> 32); /* Param 2: HCPhysVMCB - Hi. */
return SVMR0Execute64BitsHandler(pVM, pVCpu, pCtx, pVM->hm.s.pfnSVMGCVMRun64, 4, &aParam[0]);
}
/**
* Executes the specified handler in 64-bit mode.
*
* @returns VBox status code.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param pCtx Pointer to the guest CPU context.
* @param pfnHandler Pointer to the RC handler function.
* @param cbParam Number of parameters.
* @param paParam Array of 32-bit parameters.
*/
VMMR0DECL(int) SVMR0Execute64BitsHandler(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, RTRCPTR pfnHandler, uint32_t cbParam,
uint32_t *paParam)
{
int rc;
RTHCUINTREG uOldEFlags;
Assert(pfnHandler);
/* Disable interrupts. */
uOldEFlags = ASMIntDisableFlags();
#ifdef VBOX_WITH_VMMR0_DISABLE_LAPIC_NMI
RTCPUID idHostCpu = RTMpCpuId();
CPUMR0SetLApic(pVM, idHostCpu);
#endif
CPUMSetHyperESP(pVCpu, VMMGetStackRC(pVCpu));
CPUMSetHyperEIP(pVCpu, pfnHandler);
for (int i = (int)cbParam - 1; i >= 0; i--)
CPUMPushHyper(pVCpu, paParam[i]);
STAM_PROFILE_ADV_START(&pVCpu->hm.s.StatWorldSwitch3264, z);
/* Call switcher. */
rc = pVM->hm.s.pfnHost32ToGuest64R0(pVM, RT_OFFSETOF(VM, aCpus[pVCpu->idCpu].cpum) - RT_OFFSETOF(VM, cpum));
STAM_PROFILE_ADV_STOP(&pVCpu->hm.s.StatWorldSwitch3264, z);
ASMSetFlags(uOldEFlags);
return rc;
}
#endif /* HC_ARCH_BITS == 32 && defined(VBOX_ENABLE_64_BITS_GUESTS) */