1 /* (c) 2008, Jack Lange <jarusl@cs.northwestern.edu> */
2 /* (c) 2008, The V3VEE Project <http://www.v3vee.org> */
4 #include <palacios/svm_handler.h>
5 #include <palacios/vmm.h>
6 #include <palacios/vm_guest_mem.h>
7 #include <palacios/vmm_decoder.h>
8 #include <palacios/vmm_ctrl_regs.h>
9 #include <palacios/svm_io.h>
10 #include <palacios/svm_halt.h>
11 #include <palacios/svm_pause.h>
12 #include <palacios/svm_wbinvd.h>
13 #include <palacios/vmm_intr.h>
14 #include <palacios/vmm_emulator.h>
16 int handle_svm_exit(struct guest_info * info) {
17 vmcb_ctrl_t * guest_ctrl = 0;
18 vmcb_saved_state_t * guest_state = 0;
19 ulong_t exit_code = 0;
21 guest_ctrl = GET_VMCB_CTRL_AREA((vmcb_t*)(info->vmm_data));
22 guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data));
25 // Update the high level state
26 info->rip = guest_state->rip;
27 info->vm_regs.rsp = guest_state->rsp;
28 info->vm_regs.rax = guest_state->rax;
30 info->cpl = guest_state->cpl;
33 info->ctrl_regs.cr0 = guest_state->cr0;
34 info->ctrl_regs.cr2 = guest_state->cr2;
35 info->ctrl_regs.cr3 = guest_state->cr3;
36 info->ctrl_regs.cr4 = guest_state->cr4;
37 info->dbg_regs.dr6 = guest_state->dr6;
38 info->dbg_regs.dr7 = guest_state->dr7;
39 info->ctrl_regs.cr8 = guest_ctrl->guest_ctrl.V_TPR;
40 info->ctrl_regs.rflags = guest_state->rflags;
41 info->ctrl_regs.efer = guest_state->efer;
43 get_vmcb_segments((vmcb_t*)(info->vmm_data), &(info->segments));
44 info->cpu_mode = get_cpu_mode(info);
45 info->mem_mode = get_mem_mode(info);
48 exit_code = guest_ctrl->exit_code;
51 // Disable printing io exits due to bochs debug messages
52 //if (!((exit_code == VMEXIT_IOIO) && ((ushort_t)(guest_ctrl->exit_info1 >> 16) == 0x402))) {
55 // PrintDebug("SVM Returned: Exit Code: 0x%x \t\t(tsc=%ul)\n",exit_code, (uint_t)info->time_state.guest_tsc);
57 if ((0) && (exit_code < 0x4f)) {
60 // Dump out the instr stream
62 //PrintDebug("RIP: %x\n", guest_state->rip);
63 PrintDebug("RIP Linear: %x\n", get_addr_linear(info, info->rip, &(info->segments.cs)));
65 // OK, now we will read the instruction
66 // The only difference between PROTECTED and PROTECTED_PG is whether we read
67 // from guest_pa or guest_va
68 if (info->mem_mode == PHYSICAL_MEM) {
69 // The real rip address is actually a combination of the rip + CS base
70 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 32, instr);
72 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 32, instr);
76 // I think we should inject a GPF into the guest
77 PrintDebug("Could not read instruction (ret=%d)\n", ret);
80 PrintDebug("Instr Stream:\n");
81 PrintTraceMemDump(instr, 32);
87 // PrintDebugVMCB((vmcb_t*)(info->vmm_data));
90 // PrintDebug("SVM Returned:(VMCB=%x)\n", info->vmm_data);
91 //PrintDebug("RIP: %x\n", guest_state->rip);
94 //PrintDebug("SVM Returned: Exit Code: %x\n",exit_code);
99 struct svm_io_info * io_info = (struct svm_io_info *)&(guest_ctrl->exit_info1);
101 if (io_info->type == 0) {
103 if (handle_svm_io_outs(info) == -1 ) {
107 if (handle_svm_io_out(info) == -1) {
113 if (handle_svm_io_ins(info) == -1) {
117 if (handle_svm_io_in(info) == -1) {
126 case VMEXIT_CR0_WRITE: {
127 #ifdef DEBUG_CTRL_REGS
128 PrintDebug("CR0 Write\n");
130 if (handle_cr0_write(info) == -1) {
136 case VMEXIT_CR0_READ: {
137 #ifdef DEBUG_CTRL_REGS
138 PrintDebug("CR0 Read\n");
140 if (handle_cr0_read(info) == -1) {
146 case VMEXIT_CR3_WRITE: {
147 #ifdef DEBUG_CTRL_REGS
148 PrintDebug("CR3 Write\n");
150 if (handle_cr3_write(info) == -1) {
156 case VMEXIT_CR3_READ: {
157 #ifdef DEBUG_CTRL_REGS
158 PrintDebug("CR3 Read\n");
160 if (handle_cr3_read(info) == -1) {
166 case VMEXIT_EXCP14: {
167 addr_t fault_addr = guest_ctrl->exit_info2;
168 pf_error_t * error_code = (pf_error_t *)&(guest_ctrl->exit_info1);
169 #ifdef DEBUG_SHADOW_PAGING
170 PrintDebug("PageFault at %x (error=%d)\n", fault_addr, *error_code);
172 if (info->shdw_pg_mode == SHADOW_PAGING) {
173 if (handle_shadow_pagefault(info, fault_addr, *error_code) == -1) {
177 PrintError("Page fault in un implemented paging mode\n");
184 PrintError("Currently unhandled Nested Page Fault\n");
190 case VMEXIT_INVLPG: {
191 if (info->shdw_pg_mode == SHADOW_PAGING) {
192 #ifdef DEBUG_SHADOW_PAGING
193 PrintDebug("Invlpg\n");
195 if (handle_shadow_invlpg(info) == -1) {
201 (exit_code == VMEXIT_INVLPGA) ||
209 // handle_svm_intr(info); // handled by interrupt dispatch earlier
216 // handle_svm_smi(info); // ignored for now
222 PrintDebug("Guest halted\n");
223 if (handle_svm_halt(info) == -1) {
230 PrintDebug("Guest paused\n");
231 if (handle_svm_pause(info) == -1) {
239 #ifdef DEBUG_EMULATOR
240 PrintDebug("DEBUG EXCEPTION\n");
242 if (info->run_state == VM_EMULATING) {
243 if (v3_emulation_exit_handler(info) == -1) {
247 PrintError("VMMCALL with not emulator...\n");
256 #ifdef DEBUG_EMULATOR
257 PrintDebug("VMMCALL\n");
259 if (info->run_state == VM_EMULATING) {
260 if (v3_emulation_exit_handler(info) == -1) {
265 ulong_t tsc_spread = 0;
266 ullong_t exit_tsc = 0;
268 ulong_t rax = (ulong_t)info->vm_regs.rbx;
269 ulong_t rdx = (ulong_t)info->vm_regs.rcx;
271 *(ulong_t *)(&exit_tsc) = rax;
272 *(((ulong_t *)(&exit_tsc)) + 1) = rdx;
274 tsc_spread = info->exit_tsc - exit_tsc;
276 PrintError("VMMCALL tsc diff = %lu\n",tsc_spread);
279 PrintError("VMMCALL with not emulator...\n");
289 #ifdef DEBUG_EMULATOR
290 PrintDebug("WBINVD\n");
292 if (!handle_svm_wbinvd(info)) {
301 /* Exits Following this line are NOT HANDLED */
302 /*=======================================================================*/
310 PrintDebug("Unhandled SVM Exit: %s\n", vmexit_code_to_str(exit_code));
312 rip_addr = get_addr_linear(info, guest_state->rip, &(info->segments.cs));
315 PrintError("SVM Returned:(VMCB=%x)\n", info->vmm_data);
316 PrintError("RIP: %x\n", guest_state->rip);
317 PrintError("RIP Linear: %x\n", rip_addr);
319 PrintError("SVM Returned: Exit Code: %x\n", exit_code);
321 PrintError("io_info1 low = 0x%.8x\n", *(uint_t*)&(guest_ctrl->exit_info1));
322 PrintError("io_info1 high = 0x%.8x\n", *(uint_t *)(((uchar_t *)&(guest_ctrl->exit_info1)) + 4));
324 PrintError("io_info2 low = 0x%.8x\n", *(uint_t*)&(guest_ctrl->exit_info2));
325 PrintError("io_info2 high = 0x%.8x\n", *(uint_t *)(((uchar_t *)&(guest_ctrl->exit_info2)) + 4));
329 if (info->mem_mode == PHYSICAL_MEM) {
330 if (guest_pa_to_host_pa(info, guest_state->rip, &host_addr) == -1) {
331 PrintError("Could not translate guest_state->rip to host address\n");
334 } else if (info->mem_mode == VIRTUAL_MEM) {
335 if (guest_va_to_host_pa(info, guest_state->rip, &host_addr) == -1) {
336 PrintError("Could not translate guest_state->rip to host address\n");
340 PrintError("Invalid memory mode\n");
344 PrintError("Host Address of rip = 0x%x\n", host_addr);
348 PrintError("Reading instruction stream in guest\n", rip_addr);
350 if (info->mem_mode == PHYSICAL_MEM) {
351 read_guest_pa_memory(info, rip_addr-16, 32, buf);
353 read_guest_va_memory(info, rip_addr-16, 32, buf);
356 PrintDebug("16 bytes before Rip\n");
357 PrintTraceMemDump(buf, 16);
358 PrintDebug("Rip onward\n");
359 PrintTraceMemDump(buf+16, 16);
367 // END OF SWITCH (EXIT_CODE)
370 // Update the low level state
372 if (intr_pending(info)) {
374 switch (get_intr_type(info)) {
377 uint_t irq = get_intr_number(info);
379 // check to see if ==-1 (non exists)
382 guest_ctrl->EVENTINJ.vector = irq;
383 guest_ctrl->EVENTINJ.valid = 1;
384 guest_ctrl->EVENTINJ.type = SVM_INJECTION_EXTERNAL_INTR;
387 guest_ctrl->guest_ctrl.V_IRQ = 1;
388 guest_ctrl->guest_ctrl.V_INTR_VECTOR = irq;
389 guest_ctrl->guest_ctrl.V_IGN_TPR = 1;
390 guest_ctrl->guest_ctrl.V_INTR_PRIO = 0xf;
391 #ifdef DEBUG_INTERRUPTS
392 PrintDebug("Injecting Interrupt %d (EIP=%x)\n", guest_ctrl->guest_ctrl.V_INTR_VECTOR, info->rip);
394 injecting_intr(info, irq, EXTERNAL_IRQ);
399 guest_ctrl->EVENTINJ.type = SVM_INJECTION_NMI;
403 uint_t excp = get_intr_number(info);
405 guest_ctrl->EVENTINJ.type = SVM_INJECTION_EXCEPTION;
407 if (info->intr_state.excp_error_code_valid) { //PAD
408 guest_ctrl->EVENTINJ.error_code = info->intr_state.excp_error_code;
409 guest_ctrl->EVENTINJ.ev = 1;
410 #ifdef DEBUG_INTERRUPTS
411 PrintDebug("Injecting error code %x\n", guest_ctrl->EVENTINJ.error_code);
415 guest_ctrl->EVENTINJ.vector = excp;
417 guest_ctrl->EVENTINJ.valid = 1;
418 #ifdef DEBUG_INTERRUPTS
419 PrintDebug("Injecting Interrupt %d (EIP=%x)\n", guest_ctrl->EVENTINJ.vector, info->rip);
421 injecting_intr(info, excp, EXCEPTION);
425 guest_ctrl->EVENTINJ.type = SVM_INJECTION_SOFT_INTR;
428 guest_ctrl->EVENTINJ.type = SVM_INJECTION_VIRTUAL_INTR;
433 PrintError("Attempted to issue an invalid interrupt\n");
438 #ifdef DEBUG_INTERRUPTS
439 PrintDebug("No interrupts/exceptions pending\n");
443 guest_state->cr0 = info->ctrl_regs.cr0;
444 guest_state->cr2 = info->ctrl_regs.cr2;
445 guest_state->cr3 = info->ctrl_regs.cr3;
446 guest_state->cr4 = info->ctrl_regs.cr4;
447 guest_state->dr6 = info->dbg_regs.dr6;
448 guest_state->dr7 = info->dbg_regs.dr7;
449 guest_ctrl->guest_ctrl.V_TPR = info->ctrl_regs.cr8 & 0xff;
450 guest_state->rflags = info->ctrl_regs.rflags;
451 guest_state->efer = info->ctrl_regs.efer;
453 guest_state->cpl = info->cpl;
455 guest_state->rax = info->vm_regs.rax;
456 guest_state->rip = info->rip;
457 guest_state->rsp = info->vm_regs.rsp;
460 set_vmcb_segments((vmcb_t*)(info->vmm_data), &(info->segments));
462 if (exit_code == VMEXIT_INTR) {
463 //PrintDebug("INTR ret IP = %x\n", guest_state->rip);
472 const uchar_t * vmexit_code_to_str(uint_t exit_code) {
474 case VMEXIT_CR0_READ:
475 return VMEXIT_CR0_READ_STR;
476 case VMEXIT_CR1_READ:
477 return VMEXIT_CR1_READ_STR;
478 case VMEXIT_CR2_READ:
479 return VMEXIT_CR2_READ_STR;
480 case VMEXIT_CR3_READ:
481 return VMEXIT_CR3_READ_STR;
482 case VMEXIT_CR4_READ:
483 return VMEXIT_CR4_READ_STR;
484 case VMEXIT_CR5_READ:
485 return VMEXIT_CR5_READ_STR;
486 case VMEXIT_CR6_READ:
487 return VMEXIT_CR6_READ_STR;
488 case VMEXIT_CR7_READ:
489 return VMEXIT_CR7_READ_STR;
490 case VMEXIT_CR8_READ:
491 return VMEXIT_CR8_READ_STR;
492 case VMEXIT_CR9_READ:
493 return VMEXIT_CR9_READ_STR;
494 case VMEXIT_CR10_READ:
495 return VMEXIT_CR10_READ_STR;
496 case VMEXIT_CR11_READ:
497 return VMEXIT_CR11_READ_STR;
498 case VMEXIT_CR12_READ:
499 return VMEXIT_CR12_READ_STR;
500 case VMEXIT_CR13_READ:
501 return VMEXIT_CR13_READ_STR;
502 case VMEXIT_CR14_READ:
503 return VMEXIT_CR14_READ_STR;
504 case VMEXIT_CR15_READ:
505 return VMEXIT_CR15_READ_STR;
506 case VMEXIT_CR0_WRITE:
507 return VMEXIT_CR0_WRITE_STR;
508 case VMEXIT_CR1_WRITE:
509 return VMEXIT_CR1_WRITE_STR;
510 case VMEXIT_CR2_WRITE:
511 return VMEXIT_CR2_WRITE_STR;
512 case VMEXIT_CR3_WRITE:
513 return VMEXIT_CR3_WRITE_STR;
514 case VMEXIT_CR4_WRITE:
515 return VMEXIT_CR4_WRITE_STR;
516 case VMEXIT_CR5_WRITE:
517 return VMEXIT_CR5_WRITE_STR;
518 case VMEXIT_CR6_WRITE:
519 return VMEXIT_CR6_WRITE_STR;
520 case VMEXIT_CR7_WRITE:
521 return VMEXIT_CR7_WRITE_STR;
522 case VMEXIT_CR8_WRITE:
523 return VMEXIT_CR8_WRITE_STR;
524 case VMEXIT_CR9_WRITE:
525 return VMEXIT_CR9_WRITE_STR;
526 case VMEXIT_CR10_WRITE:
527 return VMEXIT_CR10_WRITE_STR;
528 case VMEXIT_CR11_WRITE:
529 return VMEXIT_CR11_WRITE_STR;
530 case VMEXIT_CR12_WRITE:
531 return VMEXIT_CR12_WRITE_STR;
532 case VMEXIT_CR13_WRITE:
533 return VMEXIT_CR13_WRITE_STR;
534 case VMEXIT_CR14_WRITE:
535 return VMEXIT_CR14_WRITE_STR;
536 case VMEXIT_CR15_WRITE:
537 return VMEXIT_CR15_WRITE_STR;
538 case VMEXIT_DR0_READ:
539 return VMEXIT_DR0_READ_STR;
540 case VMEXIT_DR1_READ:
541 return VMEXIT_DR1_READ_STR;
542 case VMEXIT_DR2_READ:
543 return VMEXIT_DR2_READ_STR;
544 case VMEXIT_DR3_READ:
545 return VMEXIT_DR3_READ_STR;
546 case VMEXIT_DR4_READ:
547 return VMEXIT_DR4_READ_STR;
548 case VMEXIT_DR5_READ:
549 return VMEXIT_DR5_READ_STR;
550 case VMEXIT_DR6_READ:
551 return VMEXIT_DR6_READ_STR;
552 case VMEXIT_DR7_READ:
553 return VMEXIT_DR7_READ_STR;
554 case VMEXIT_DR8_READ:
555 return VMEXIT_DR8_READ_STR;
556 case VMEXIT_DR9_READ:
557 return VMEXIT_DR9_READ_STR;
558 case VMEXIT_DR10_READ:
559 return VMEXIT_DR10_READ_STR;
560 case VMEXIT_DR11_READ:
561 return VMEXIT_DR11_READ_STR;
562 case VMEXIT_DR12_READ:
563 return VMEXIT_DR12_READ_STR;
564 case VMEXIT_DR13_READ:
565 return VMEXIT_DR13_READ_STR;
566 case VMEXIT_DR14_READ:
567 return VMEXIT_DR14_READ_STR;
568 case VMEXIT_DR15_READ:
569 return VMEXIT_DR15_READ_STR;
570 case VMEXIT_DR0_WRITE:
571 return VMEXIT_DR0_WRITE_STR;
572 case VMEXIT_DR1_WRITE:
573 return VMEXIT_DR1_WRITE_STR;
574 case VMEXIT_DR2_WRITE:
575 return VMEXIT_DR2_WRITE_STR;
576 case VMEXIT_DR3_WRITE:
577 return VMEXIT_DR3_WRITE_STR;
578 case VMEXIT_DR4_WRITE:
579 return VMEXIT_DR4_WRITE_STR;
580 case VMEXIT_DR5_WRITE:
581 return VMEXIT_DR5_WRITE_STR;
582 case VMEXIT_DR6_WRITE:
583 return VMEXIT_DR6_WRITE_STR;
584 case VMEXIT_DR7_WRITE:
585 return VMEXIT_DR7_WRITE_STR;
586 case VMEXIT_DR8_WRITE:
587 return VMEXIT_DR8_WRITE_STR;
588 case VMEXIT_DR9_WRITE:
589 return VMEXIT_DR9_WRITE_STR;
590 case VMEXIT_DR10_WRITE:
591 return VMEXIT_DR10_WRITE_STR;
592 case VMEXIT_DR11_WRITE:
593 return VMEXIT_DR11_WRITE_STR;
594 case VMEXIT_DR12_WRITE:
595 return VMEXIT_DR12_WRITE_STR;
596 case VMEXIT_DR13_WRITE:
597 return VMEXIT_DR13_WRITE_STR;
598 case VMEXIT_DR14_WRITE:
599 return VMEXIT_DR14_WRITE_STR;
600 case VMEXIT_DR15_WRITE:
601 return VMEXIT_DR15_WRITE_STR;
603 return VMEXIT_EXCP0_STR;
605 return VMEXIT_EXCP1_STR;
607 return VMEXIT_EXCP2_STR;
609 return VMEXIT_EXCP3_STR;
611 return VMEXIT_EXCP4_STR;
613 return VMEXIT_EXCP5_STR;
615 return VMEXIT_EXCP6_STR;
617 return VMEXIT_EXCP7_STR;
619 return VMEXIT_EXCP8_STR;
621 return VMEXIT_EXCP9_STR;
623 return VMEXIT_EXCP10_STR;
625 return VMEXIT_EXCP11_STR;
627 return VMEXIT_EXCP12_STR;
629 return VMEXIT_EXCP13_STR;
631 return VMEXIT_EXCP14_STR;
633 return VMEXIT_EXCP15_STR;
635 return VMEXIT_EXCP16_STR;
637 return VMEXIT_EXCP17_STR;
639 return VMEXIT_EXCP18_STR;
641 return VMEXIT_EXCP19_STR;
643 return VMEXIT_EXCP20_STR;
645 return VMEXIT_EXCP21_STR;
647 return VMEXIT_EXCP22_STR;
649 return VMEXIT_EXCP23_STR;
651 return VMEXIT_EXCP24_STR;
653 return VMEXIT_EXCP25_STR;
655 return VMEXIT_EXCP26_STR;
657 return VMEXIT_EXCP27_STR;
659 return VMEXIT_EXCP28_STR;
661 return VMEXIT_EXCP29_STR;
663 return VMEXIT_EXCP30_STR;
665 return VMEXIT_EXCP31_STR;
667 return VMEXIT_INTR_STR;
669 return VMEXIT_NMI_STR;
671 return VMEXIT_SMI_STR;
673 return VMEXIT_INIT_STR;
675 return VMEXIT_VINITR_STR;
676 case VMEXIT_CR0_SEL_WRITE:
677 return VMEXIT_CR0_SEL_WRITE_STR;
678 case VMEXIT_IDTR_READ:
679 return VMEXIT_IDTR_READ_STR;
680 case VMEXIT_GDTR_READ:
681 return VMEXIT_GDTR_READ_STR;
682 case VMEXIT_LDTR_READ:
683 return VMEXIT_LDTR_READ_STR;
685 return VMEXIT_TR_READ_STR;
686 case VMEXIT_IDTR_WRITE:
687 return VMEXIT_IDTR_WRITE_STR;
688 case VMEXIT_GDTR_WRITE:
689 return VMEXIT_GDTR_WRITE_STR;
690 case VMEXIT_LDTR_WRITE:
691 return VMEXIT_LDTR_WRITE_STR;
692 case VMEXIT_TR_WRITE:
693 return VMEXIT_TR_WRITE_STR;
695 return VMEXIT_RDTSC_STR;
697 return VMEXIT_RDPMC_STR;
699 return VMEXIT_PUSHF_STR;
701 return VMEXIT_POPF_STR;
703 return VMEXIT_CPUID_STR;
705 return VMEXIT_RSM_STR;
707 return VMEXIT_IRET_STR;
709 return VMEXIT_SWINT_STR;
711 return VMEXIT_INVD_STR;
713 return VMEXIT_PAUSE_STR;
715 return VMEXIT_HLT_STR;
717 return VMEXIT_INVLPG_STR;
719 return VMEXIT_INVLPGA_STR;
721 return VMEXIT_IOIO_STR;
723 return VMEXIT_MSR_STR;
724 case VMEXIT_TASK_SWITCH:
725 return VMEXIT_TASK_SWITCH_STR;
726 case VMEXIT_FERR_FREEZE:
727 return VMEXIT_FERR_FREEZE_STR;
728 case VMEXIT_SHUTDOWN:
729 return VMEXIT_SHUTDOWN_STR;
731 return VMEXIT_VMRUN_STR;
733 return VMEXIT_VMMCALL_STR;
735 return VMEXIT_VMLOAD_STR;
737 return VMEXIT_VMSAVE_STR;
739 return VMEXIT_STGI_STR;
741 return VMEXIT_CLGI_STR;
743 return VMEXIT_SKINIT_STR;
745 return VMEXIT_RDTSCP_STR;
747 return VMEXIT_ICEBP_STR;
749 return VMEXIT_WBINVD_STR;
751 return VMEXIT_MONITOR_STR;
753 return VMEXIT_MWAIT_STR;
754 case VMEXIT_MWAIT_CONDITIONAL:
755 return VMEXIT_MWAIT_CONDITIONAL_STR;
757 return VMEXIT_NPF_STR;
758 case VMEXIT_INVALID_VMCB:
759 return VMEXIT_INVALID_VMCB_STR;