2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2008, Jack Lange <jarusl@cs.northwestern.edu>
11 * Copyright (c) 2008, The V3VEE Project <http://www.v3vee.org>
12 * All rights reserved.
14 * Author: Jack Lange <jarusl@cs.northwestern.edu>
16 * This is free software. You are permitted to use,
17 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
21 #include <palacios/svm_handler.h>
22 #include <palacios/vmm.h>
23 #include <palacios/vm_guest_mem.h>
24 #include <palacios/vmm_decoder.h>
25 #include <palacios/vmm_ctrl_regs.h>
26 #include <palacios/svm_io.h>
27 #include <palacios/svm_halt.h>
28 #include <palacios/svm_pause.h>
29 #include <palacios/svm_wbinvd.h>
30 #include <palacios/vmm_intr.h>
31 #include <palacios/vmm_emulator.h>
33 int handle_svm_exit(struct guest_info * info) {
34 vmcb_ctrl_t * guest_ctrl = 0;
35 vmcb_saved_state_t * guest_state = 0;
36 ulong_t exit_code = 0;
38 guest_ctrl = GET_VMCB_CTRL_AREA((vmcb_t*)(info->vmm_data));
39 guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data));
42 // Update the high level state
43 info->rip = guest_state->rip;
44 info->vm_regs.rsp = guest_state->rsp;
45 info->vm_regs.rax = guest_state->rax;
47 info->cpl = guest_state->cpl;
50 info->ctrl_regs.cr0 = guest_state->cr0;
51 info->ctrl_regs.cr2 = guest_state->cr2;
52 info->ctrl_regs.cr3 = guest_state->cr3;
53 info->ctrl_regs.cr4 = guest_state->cr4;
54 info->dbg_regs.dr6 = guest_state->dr6;
55 info->dbg_regs.dr7 = guest_state->dr7;
56 info->ctrl_regs.cr8 = guest_ctrl->guest_ctrl.V_TPR;
57 info->ctrl_regs.rflags = guest_state->rflags;
58 info->ctrl_regs.efer = guest_state->efer;
60 get_vmcb_segments((vmcb_t*)(info->vmm_data), &(info->segments));
61 info->cpu_mode = get_cpu_mode(info);
62 info->mem_mode = get_mem_mode(info);
65 exit_code = guest_ctrl->exit_code;
68 // Disable printing io exits due to bochs debug messages
69 //if (!((exit_code == VMEXIT_IOIO) && ((ushort_t)(guest_ctrl->exit_info1 >> 16) == 0x402))) {
72 // PrintDebug("SVM Returned: Exit Code: 0x%x \t\t(tsc=%ul)\n",exit_code, (uint_t)info->time_state.guest_tsc);
74 if ((0) && (exit_code < 0x4f)) {
77 // Dump out the instr stream
79 //PrintDebug("RIP: %x\n", guest_state->rip);
80 PrintDebug("RIP Linear: %x\n", get_addr_linear(info, info->rip, &(info->segments.cs)));
82 // OK, now we will read the instruction
83 // The only difference between PROTECTED and PROTECTED_PG is whether we read
84 // from guest_pa or guest_va
85 if (info->mem_mode == PHYSICAL_MEM) {
86 // The real rip address is actually a combination of the rip + CS base
87 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 32, instr);
89 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 32, instr);
93 // I think we should inject a GPF into the guest
94 PrintDebug("Could not read instruction (ret=%d)\n", ret);
97 PrintDebug("Instr Stream:\n");
98 PrintTraceMemDump(instr, 32);
104 // PrintDebugVMCB((vmcb_t*)(info->vmm_data));
107 // PrintDebug("SVM Returned:(VMCB=%x)\n", info->vmm_data);
108 //PrintDebug("RIP: %x\n", guest_state->rip);
111 //PrintDebug("SVM Returned: Exit Code: %x\n",exit_code);
116 struct svm_io_info * io_info = (struct svm_io_info *)&(guest_ctrl->exit_info1);
118 if (io_info->type == 0) {
120 if (handle_svm_io_outs(info) == -1 ) {
124 if (handle_svm_io_out(info) == -1) {
130 if (handle_svm_io_ins(info) == -1) {
134 if (handle_svm_io_in(info) == -1) {
143 case VMEXIT_CR0_WRITE: {
144 #ifdef DEBUG_CTRL_REGS
145 PrintDebug("CR0 Write\n");
147 if (handle_cr0_write(info) == -1) {
153 case VMEXIT_CR0_READ: {
154 #ifdef DEBUG_CTRL_REGS
155 PrintDebug("CR0 Read\n");
157 if (handle_cr0_read(info) == -1) {
163 case VMEXIT_CR3_WRITE: {
164 #ifdef DEBUG_CTRL_REGS
165 PrintDebug("CR3 Write\n");
167 if (handle_cr3_write(info) == -1) {
173 case VMEXIT_CR3_READ: {
174 #ifdef DEBUG_CTRL_REGS
175 PrintDebug("CR3 Read\n");
177 if (handle_cr3_read(info) == -1) {
183 case VMEXIT_EXCP14: {
184 addr_t fault_addr = guest_ctrl->exit_info2;
185 pf_error_t * error_code = (pf_error_t *)&(guest_ctrl->exit_info1);
186 #ifdef DEBUG_SHADOW_PAGING
187 PrintDebug("PageFault at %x (error=%d)\n", fault_addr, *error_code);
189 if (info->shdw_pg_mode == SHADOW_PAGING) {
190 if (handle_shadow_pagefault(info, fault_addr, *error_code) == -1) {
194 PrintError("Page fault in un implemented paging mode\n");
201 PrintError("Currently unhandled Nested Page Fault\n");
207 case VMEXIT_INVLPG: {
208 if (info->shdw_pg_mode == SHADOW_PAGING) {
209 #ifdef DEBUG_SHADOW_PAGING
210 PrintDebug("Invlpg\n");
212 if (handle_shadow_invlpg(info) == -1) {
218 (exit_code == VMEXIT_INVLPGA) ||
226 // handle_svm_intr(info); // handled by interrupt dispatch earlier
233 // handle_svm_smi(info); // ignored for now
239 PrintDebug("Guest halted\n");
240 if (handle_svm_halt(info) == -1) {
247 PrintDebug("Guest paused\n");
248 if (handle_svm_pause(info) == -1) {
256 #ifdef DEBUG_EMULATOR
257 PrintDebug("DEBUG EXCEPTION\n");
259 if (info->run_state == VM_EMULATING) {
260 if (v3_emulation_exit_handler(info) == -1) {
264 PrintError("VMMCALL with not emulator...\n");
273 #ifdef DEBUG_EMULATOR
274 PrintDebug("VMMCALL\n");
276 if (info->run_state == VM_EMULATING) {
277 if (v3_emulation_exit_handler(info) == -1) {
282 ulong_t tsc_spread = 0;
283 ullong_t exit_tsc = 0;
285 ulong_t rax = (ulong_t)info->vm_regs.rbx;
286 ulong_t rdx = (ulong_t)info->vm_regs.rcx;
288 *(ulong_t *)(&exit_tsc) = rax;
289 *(((ulong_t *)(&exit_tsc)) + 1) = rdx;
291 tsc_spread = info->exit_tsc - exit_tsc;
293 PrintError("VMMCALL tsc diff = %lu\n",tsc_spread);
296 PrintError("VMMCALL with not emulator...\n");
306 #ifdef DEBUG_EMULATOR
307 PrintDebug("WBINVD\n");
309 if (!handle_svm_wbinvd(info)) {
318 /* Exits Following this line are NOT HANDLED */
319 /*=======================================================================*/
327 PrintDebug("Unhandled SVM Exit: %s\n", vmexit_code_to_str(exit_code));
329 rip_addr = get_addr_linear(info, guest_state->rip, &(info->segments.cs));
332 PrintError("SVM Returned:(VMCB=%x)\n", info->vmm_data);
333 PrintError("RIP: %x\n", guest_state->rip);
334 PrintError("RIP Linear: %x\n", rip_addr);
336 PrintError("SVM Returned: Exit Code: %x\n", exit_code);
338 PrintError("io_info1 low = 0x%.8x\n", *(uint_t*)&(guest_ctrl->exit_info1));
339 PrintError("io_info1 high = 0x%.8x\n", *(uint_t *)(((uchar_t *)&(guest_ctrl->exit_info1)) + 4));
341 PrintError("io_info2 low = 0x%.8x\n", *(uint_t*)&(guest_ctrl->exit_info2));
342 PrintError("io_info2 high = 0x%.8x\n", *(uint_t *)(((uchar_t *)&(guest_ctrl->exit_info2)) + 4));
346 if (info->mem_mode == PHYSICAL_MEM) {
347 if (guest_pa_to_host_pa(info, guest_state->rip, &host_addr) == -1) {
348 PrintError("Could not translate guest_state->rip to host address\n");
351 } else if (info->mem_mode == VIRTUAL_MEM) {
352 if (guest_va_to_host_pa(info, guest_state->rip, &host_addr) == -1) {
353 PrintError("Could not translate guest_state->rip to host address\n");
357 PrintError("Invalid memory mode\n");
361 PrintError("Host Address of rip = 0x%x\n", host_addr);
365 PrintError("Reading instruction stream in guest\n", rip_addr);
367 if (info->mem_mode == PHYSICAL_MEM) {
368 read_guest_pa_memory(info, rip_addr-16, 32, buf);
370 read_guest_va_memory(info, rip_addr-16, 32, buf);
373 PrintDebug("16 bytes before Rip\n");
374 PrintTraceMemDump(buf, 16);
375 PrintDebug("Rip onward\n");
376 PrintTraceMemDump(buf+16, 16);
384 // END OF SWITCH (EXIT_CODE)
387 // Update the low level state
389 if (intr_pending(info)) {
391 switch (get_intr_type(info)) {
394 uint_t irq = get_intr_number(info);
396 // check to see if ==-1 (non exists)
399 guest_ctrl->EVENTINJ.vector = irq;
400 guest_ctrl->EVENTINJ.valid = 1;
401 guest_ctrl->EVENTINJ.type = SVM_INJECTION_EXTERNAL_INTR;
404 guest_ctrl->guest_ctrl.V_IRQ = 1;
405 guest_ctrl->guest_ctrl.V_INTR_VECTOR = irq;
406 guest_ctrl->guest_ctrl.V_IGN_TPR = 1;
407 guest_ctrl->guest_ctrl.V_INTR_PRIO = 0xf;
408 #ifdef DEBUG_INTERRUPTS
409 PrintDebug("Injecting Interrupt %d (EIP=%x)\n", guest_ctrl->guest_ctrl.V_INTR_VECTOR, info->rip);
411 injecting_intr(info, irq, EXTERNAL_IRQ);
416 guest_ctrl->EVENTINJ.type = SVM_INJECTION_NMI;
420 uint_t excp = get_intr_number(info);
422 guest_ctrl->EVENTINJ.type = SVM_INJECTION_EXCEPTION;
424 if (info->intr_state.excp_error_code_valid) { //PAD
425 guest_ctrl->EVENTINJ.error_code = info->intr_state.excp_error_code;
426 guest_ctrl->EVENTINJ.ev = 1;
427 #ifdef DEBUG_INTERRUPTS
428 PrintDebug("Injecting error code %x\n", guest_ctrl->EVENTINJ.error_code);
432 guest_ctrl->EVENTINJ.vector = excp;
434 guest_ctrl->EVENTINJ.valid = 1;
435 #ifdef DEBUG_INTERRUPTS
436 PrintDebug("Injecting Interrupt %d (EIP=%x)\n", guest_ctrl->EVENTINJ.vector, info->rip);
438 injecting_intr(info, excp, EXCEPTION);
442 guest_ctrl->EVENTINJ.type = SVM_INJECTION_SOFT_INTR;
445 guest_ctrl->EVENTINJ.type = SVM_INJECTION_VIRTUAL_INTR;
450 PrintError("Attempted to issue an invalid interrupt\n");
455 #ifdef DEBUG_INTERRUPTS
456 PrintDebug("No interrupts/exceptions pending\n");
460 guest_state->cr0 = info->ctrl_regs.cr0;
461 guest_state->cr2 = info->ctrl_regs.cr2;
462 guest_state->cr3 = info->ctrl_regs.cr3;
463 guest_state->cr4 = info->ctrl_regs.cr4;
464 guest_state->dr6 = info->dbg_regs.dr6;
465 guest_state->dr7 = info->dbg_regs.dr7;
466 guest_ctrl->guest_ctrl.V_TPR = info->ctrl_regs.cr8 & 0xff;
467 guest_state->rflags = info->ctrl_regs.rflags;
468 guest_state->efer = info->ctrl_regs.efer;
470 guest_state->cpl = info->cpl;
472 guest_state->rax = info->vm_regs.rax;
473 guest_state->rip = info->rip;
474 guest_state->rsp = info->vm_regs.rsp;
477 set_vmcb_segments((vmcb_t*)(info->vmm_data), &(info->segments));
479 if (exit_code == VMEXIT_INTR) {
480 //PrintDebug("INTR ret IP = %x\n", guest_state->rip);
489 const uchar_t * vmexit_code_to_str(uint_t exit_code) {
491 case VMEXIT_CR0_READ:
492 return VMEXIT_CR0_READ_STR;
493 case VMEXIT_CR1_READ:
494 return VMEXIT_CR1_READ_STR;
495 case VMEXIT_CR2_READ:
496 return VMEXIT_CR2_READ_STR;
497 case VMEXIT_CR3_READ:
498 return VMEXIT_CR3_READ_STR;
499 case VMEXIT_CR4_READ:
500 return VMEXIT_CR4_READ_STR;
501 case VMEXIT_CR5_READ:
502 return VMEXIT_CR5_READ_STR;
503 case VMEXIT_CR6_READ:
504 return VMEXIT_CR6_READ_STR;
505 case VMEXIT_CR7_READ:
506 return VMEXIT_CR7_READ_STR;
507 case VMEXIT_CR8_READ:
508 return VMEXIT_CR8_READ_STR;
509 case VMEXIT_CR9_READ:
510 return VMEXIT_CR9_READ_STR;
511 case VMEXIT_CR10_READ:
512 return VMEXIT_CR10_READ_STR;
513 case VMEXIT_CR11_READ:
514 return VMEXIT_CR11_READ_STR;
515 case VMEXIT_CR12_READ:
516 return VMEXIT_CR12_READ_STR;
517 case VMEXIT_CR13_READ:
518 return VMEXIT_CR13_READ_STR;
519 case VMEXIT_CR14_READ:
520 return VMEXIT_CR14_READ_STR;
521 case VMEXIT_CR15_READ:
522 return VMEXIT_CR15_READ_STR;
523 case VMEXIT_CR0_WRITE:
524 return VMEXIT_CR0_WRITE_STR;
525 case VMEXIT_CR1_WRITE:
526 return VMEXIT_CR1_WRITE_STR;
527 case VMEXIT_CR2_WRITE:
528 return VMEXIT_CR2_WRITE_STR;
529 case VMEXIT_CR3_WRITE:
530 return VMEXIT_CR3_WRITE_STR;
531 case VMEXIT_CR4_WRITE:
532 return VMEXIT_CR4_WRITE_STR;
533 case VMEXIT_CR5_WRITE:
534 return VMEXIT_CR5_WRITE_STR;
535 case VMEXIT_CR6_WRITE:
536 return VMEXIT_CR6_WRITE_STR;
537 case VMEXIT_CR7_WRITE:
538 return VMEXIT_CR7_WRITE_STR;
539 case VMEXIT_CR8_WRITE:
540 return VMEXIT_CR8_WRITE_STR;
541 case VMEXIT_CR9_WRITE:
542 return VMEXIT_CR9_WRITE_STR;
543 case VMEXIT_CR10_WRITE:
544 return VMEXIT_CR10_WRITE_STR;
545 case VMEXIT_CR11_WRITE:
546 return VMEXIT_CR11_WRITE_STR;
547 case VMEXIT_CR12_WRITE:
548 return VMEXIT_CR12_WRITE_STR;
549 case VMEXIT_CR13_WRITE:
550 return VMEXIT_CR13_WRITE_STR;
551 case VMEXIT_CR14_WRITE:
552 return VMEXIT_CR14_WRITE_STR;
553 case VMEXIT_CR15_WRITE:
554 return VMEXIT_CR15_WRITE_STR;
555 case VMEXIT_DR0_READ:
556 return VMEXIT_DR0_READ_STR;
557 case VMEXIT_DR1_READ:
558 return VMEXIT_DR1_READ_STR;
559 case VMEXIT_DR2_READ:
560 return VMEXIT_DR2_READ_STR;
561 case VMEXIT_DR3_READ:
562 return VMEXIT_DR3_READ_STR;
563 case VMEXIT_DR4_READ:
564 return VMEXIT_DR4_READ_STR;
565 case VMEXIT_DR5_READ:
566 return VMEXIT_DR5_READ_STR;
567 case VMEXIT_DR6_READ:
568 return VMEXIT_DR6_READ_STR;
569 case VMEXIT_DR7_READ:
570 return VMEXIT_DR7_READ_STR;
571 case VMEXIT_DR8_READ:
572 return VMEXIT_DR8_READ_STR;
573 case VMEXIT_DR9_READ:
574 return VMEXIT_DR9_READ_STR;
575 case VMEXIT_DR10_READ:
576 return VMEXIT_DR10_READ_STR;
577 case VMEXIT_DR11_READ:
578 return VMEXIT_DR11_READ_STR;
579 case VMEXIT_DR12_READ:
580 return VMEXIT_DR12_READ_STR;
581 case VMEXIT_DR13_READ:
582 return VMEXIT_DR13_READ_STR;
583 case VMEXIT_DR14_READ:
584 return VMEXIT_DR14_READ_STR;
585 case VMEXIT_DR15_READ:
586 return VMEXIT_DR15_READ_STR;
587 case VMEXIT_DR0_WRITE:
588 return VMEXIT_DR0_WRITE_STR;
589 case VMEXIT_DR1_WRITE:
590 return VMEXIT_DR1_WRITE_STR;
591 case VMEXIT_DR2_WRITE:
592 return VMEXIT_DR2_WRITE_STR;
593 case VMEXIT_DR3_WRITE:
594 return VMEXIT_DR3_WRITE_STR;
595 case VMEXIT_DR4_WRITE:
596 return VMEXIT_DR4_WRITE_STR;
597 case VMEXIT_DR5_WRITE:
598 return VMEXIT_DR5_WRITE_STR;
599 case VMEXIT_DR6_WRITE:
600 return VMEXIT_DR6_WRITE_STR;
601 case VMEXIT_DR7_WRITE:
602 return VMEXIT_DR7_WRITE_STR;
603 case VMEXIT_DR8_WRITE:
604 return VMEXIT_DR8_WRITE_STR;
605 case VMEXIT_DR9_WRITE:
606 return VMEXIT_DR9_WRITE_STR;
607 case VMEXIT_DR10_WRITE:
608 return VMEXIT_DR10_WRITE_STR;
609 case VMEXIT_DR11_WRITE:
610 return VMEXIT_DR11_WRITE_STR;
611 case VMEXIT_DR12_WRITE:
612 return VMEXIT_DR12_WRITE_STR;
613 case VMEXIT_DR13_WRITE:
614 return VMEXIT_DR13_WRITE_STR;
615 case VMEXIT_DR14_WRITE:
616 return VMEXIT_DR14_WRITE_STR;
617 case VMEXIT_DR15_WRITE:
618 return VMEXIT_DR15_WRITE_STR;
620 return VMEXIT_EXCP0_STR;
622 return VMEXIT_EXCP1_STR;
624 return VMEXIT_EXCP2_STR;
626 return VMEXIT_EXCP3_STR;
628 return VMEXIT_EXCP4_STR;
630 return VMEXIT_EXCP5_STR;
632 return VMEXIT_EXCP6_STR;
634 return VMEXIT_EXCP7_STR;
636 return VMEXIT_EXCP8_STR;
638 return VMEXIT_EXCP9_STR;
640 return VMEXIT_EXCP10_STR;
642 return VMEXIT_EXCP11_STR;
644 return VMEXIT_EXCP12_STR;
646 return VMEXIT_EXCP13_STR;
648 return VMEXIT_EXCP14_STR;
650 return VMEXIT_EXCP15_STR;
652 return VMEXIT_EXCP16_STR;
654 return VMEXIT_EXCP17_STR;
656 return VMEXIT_EXCP18_STR;
658 return VMEXIT_EXCP19_STR;
660 return VMEXIT_EXCP20_STR;
662 return VMEXIT_EXCP21_STR;
664 return VMEXIT_EXCP22_STR;
666 return VMEXIT_EXCP23_STR;
668 return VMEXIT_EXCP24_STR;
670 return VMEXIT_EXCP25_STR;
672 return VMEXIT_EXCP26_STR;
674 return VMEXIT_EXCP27_STR;
676 return VMEXIT_EXCP28_STR;
678 return VMEXIT_EXCP29_STR;
680 return VMEXIT_EXCP30_STR;
682 return VMEXIT_EXCP31_STR;
684 return VMEXIT_INTR_STR;
686 return VMEXIT_NMI_STR;
688 return VMEXIT_SMI_STR;
690 return VMEXIT_INIT_STR;
692 return VMEXIT_VINITR_STR;
693 case VMEXIT_CR0_SEL_WRITE:
694 return VMEXIT_CR0_SEL_WRITE_STR;
695 case VMEXIT_IDTR_READ:
696 return VMEXIT_IDTR_READ_STR;
697 case VMEXIT_GDTR_READ:
698 return VMEXIT_GDTR_READ_STR;
699 case VMEXIT_LDTR_READ:
700 return VMEXIT_LDTR_READ_STR;
702 return VMEXIT_TR_READ_STR;
703 case VMEXIT_IDTR_WRITE:
704 return VMEXIT_IDTR_WRITE_STR;
705 case VMEXIT_GDTR_WRITE:
706 return VMEXIT_GDTR_WRITE_STR;
707 case VMEXIT_LDTR_WRITE:
708 return VMEXIT_LDTR_WRITE_STR;
709 case VMEXIT_TR_WRITE:
710 return VMEXIT_TR_WRITE_STR;
712 return VMEXIT_RDTSC_STR;
714 return VMEXIT_RDPMC_STR;
716 return VMEXIT_PUSHF_STR;
718 return VMEXIT_POPF_STR;
720 return VMEXIT_CPUID_STR;
722 return VMEXIT_RSM_STR;
724 return VMEXIT_IRET_STR;
726 return VMEXIT_SWINT_STR;
728 return VMEXIT_INVD_STR;
730 return VMEXIT_PAUSE_STR;
732 return VMEXIT_HLT_STR;
734 return VMEXIT_INVLPG_STR;
736 return VMEXIT_INVLPGA_STR;
738 return VMEXIT_IOIO_STR;
740 return VMEXIT_MSR_STR;
741 case VMEXIT_TASK_SWITCH:
742 return VMEXIT_TASK_SWITCH_STR;
743 case VMEXIT_FERR_FREEZE:
744 return VMEXIT_FERR_FREEZE_STR;
745 case VMEXIT_SHUTDOWN:
746 return VMEXIT_SHUTDOWN_STR;
748 return VMEXIT_VMRUN_STR;
750 return VMEXIT_VMMCALL_STR;
752 return VMEXIT_VMLOAD_STR;
754 return VMEXIT_VMSAVE_STR;
756 return VMEXIT_STGI_STR;
758 return VMEXIT_CLGI_STR;
760 return VMEXIT_SKINIT_STR;
762 return VMEXIT_RDTSCP_STR;
764 return VMEXIT_ICEBP_STR;
766 return VMEXIT_WBINVD_STR;
768 return VMEXIT_MONITOR_STR;
770 return VMEXIT_MWAIT_STR;
771 case VMEXIT_MWAIT_CONDITIONAL:
772 return VMEXIT_MWAIT_CONDITIONAL_STR;
774 return VMEXIT_NPF_STR;
775 case VMEXIT_INVALID_VMCB:
776 return VMEXIT_INVALID_VMCB_STR;