2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2008, Jack Lange <jarusl@cs.northwestern.edu>
11 * Copyright (c) 2008, The V3VEE Project <http://www.v3vee.org>
12 * All rights reserved.
14 * Author: Jack Lange <jarusl@cs.northwestern.edu>
16 * This is free software. You are permitted to use,
17 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
23 #include <palacios/vm_guest.h>
24 #include <palacios/vmm_ctrl_regs.h>
25 #include <palacios/vmm.h>
26 #include <palacios/vmm_decoder.h>
27 #include <palacios/vmcb.h>
28 #include <palacios/vm_guest_mem.h>
29 #include <palacios/vmm_lowlevel.h>
30 #include <palacios/vmm_sprintf.h>
31 #include <palacios/vmm_xed.h>
32 #include <palacios/vmm_direct_paging.h>
34 #ifdef CONFIG_SYSCALL_HIJACK
35 #include <palacios/vmm_syscall_hijack.h>
36 #include <palacios/vmm_mpi_accel.h>
41 v3_cpu_mode_t v3_get_vm_cpu_mode(struct guest_info * info) {
43 struct efer_64 * efer;
44 struct cr4_32 * cr4 = (struct cr4_32 *)&(info->ctrl_regs.cr4);
45 struct v3_segment * cs = &(info->segments.cs);
46 vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data));
48 if (info->shdw_pg_mode == SHADOW_PAGING) {
49 cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
50 efer = (struct efer_64 *)&(info->shdw_pg_state.guest_efer);
51 } else if (info->shdw_pg_mode == NESTED_PAGING) {
52 cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
53 efer = (struct efer_64 *)&(guest_state->efer);
55 PrintError("Invalid Paging Mode...\n");
62 } else if ((cr4->pae == 0) && (efer->lme == 0)) {
64 } else if (efer->lme == 0) {
66 } else if ((efer->lme == 1) && (cs->long_mode == 1)) {
69 // What about LONG_16_COMPAT???
70 return LONG_32_COMPAT;
74 // Get address width in bytes
75 uint_t v3_get_addr_width(struct guest_info * info) {
77 struct cr4_32 * cr4 = (struct cr4_32 *)&(info->ctrl_regs.cr4);
78 struct efer_64 * efer;
79 struct v3_segment * cs = &(info->segments.cs);
80 vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data));
82 if (info->shdw_pg_mode == SHADOW_PAGING) {
83 cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
84 efer = (struct efer_64 *)&(info->shdw_pg_state.guest_efer);
85 } else if (info->shdw_pg_mode == NESTED_PAGING) {
86 cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
87 efer = (struct efer_64 *)&(guest_state->efer);
89 PrintError("Invalid Paging Mode...\n");
96 } else if ((cr4->pae == 0) && (efer->lme == 0)) {
98 } else if (efer->lme == 0) {
100 } else if ((efer->lme == 1) && (cs->long_mode == 1)) {
103 // What about LONG_16_COMPAT???
109 static const uchar_t REAL_STR[] = "Real";
110 static const uchar_t PROTECTED_STR[] = "Protected";
111 static const uchar_t PROTECTED_PAE_STR[] = "Protected+PAE";
112 static const uchar_t LONG_STR[] = "Long";
113 static const uchar_t LONG_32_COMPAT_STR[] = "32bit Compat";
114 static const uchar_t LONG_16_COMPAT_STR[] = "16bit Compat";
116 const uchar_t * v3_cpu_mode_to_str(v3_cpu_mode_t mode) {
121 return PROTECTED_STR;
123 return PROTECTED_PAE_STR;
127 return LONG_32_COMPAT_STR;
129 return LONG_16_COMPAT_STR;
135 v3_mem_mode_t v3_get_vm_mem_mode(struct guest_info * info) {
138 if (info->shdw_pg_mode == SHADOW_PAGING) {
139 cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
140 } else if (info->shdw_pg_mode == NESTED_PAGING) {
141 cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
143 PrintError("Invalid Paging Mode...\n");
155 static const uchar_t PHYS_MEM_STR[] = "Physical Memory";
156 static const uchar_t VIRT_MEM_STR[] = "Virtual Memory";
158 const uchar_t * v3_mem_mode_to_str(v3_mem_mode_t mode) {
170 void v3_print_segments(struct v3_segments * segs) {
172 struct v3_segment * seg_ptr;
174 seg_ptr=(struct v3_segment *)segs;
176 char *seg_names[] = {"CS", "DS" , "ES", "FS", "GS", "SS" , "LDTR", "GDTR", "IDTR", "TR", NULL};
177 V3_Print("Segments\n");
179 for (i = 0; seg_names[i] != NULL; i++) {
181 V3_Print("\t%s: Sel=%x, base=%p, limit=%x (long_mode=%d, db=%d)\n", seg_names[i], seg_ptr[i].selector,
182 (void *)(addr_t)seg_ptr[i].base, seg_ptr[i].limit,
183 seg_ptr[i].long_mode, seg_ptr[i].db);
189 // We don't handle those fancy 64 bit system segments...
191 int v3_translate_segment(struct guest_info * info, uint16_t selector, struct v3_segment * seg) {
192 struct v3_segment * gdt = &(info->segments.gdtr);
194 uint16_t seg_offset = (selector & ~0x7);
196 struct gen_segment * gen_seg = NULL;
197 struct seg_selector sel;
199 memset(seg, 0, sizeof(struct v3_segment));
201 sel.value = selector;
204 PrintError("LDT translations not supported\n");
208 if (v3_gva_to_hva(info, gdt->base, &gdt_addr) == -1) {
209 PrintError("Unable to translate GDT address\n");
213 seg_addr = gdt_addr + seg_offset;
214 gen_seg = (struct gen_segment *)seg_addr;
217 seg->selector = selector;
219 seg->limit = gen_seg->limit_hi;
221 seg->limit += gen_seg->limit_lo;
223 seg->base = gen_seg->base_hi;
225 seg->base += gen_seg->base_lo;
227 if (gen_seg->granularity == 1) {
232 seg->type = gen_seg->type;
233 seg->system = gen_seg->system;
234 seg->dpl = gen_seg->dpl;
235 seg->present = gen_seg->present;
236 seg->avail = gen_seg->avail;
237 seg->long_mode = gen_seg->long_mode;
238 seg->db = gen_seg->db;
239 seg->granularity = gen_seg->granularity;
247 void v3_print_ctrl_regs(struct guest_info * info) {
248 struct v3_ctrl_regs * regs = &(info->ctrl_regs);
251 char * reg_names[] = {"CR0", "CR2", "CR3", "CR4", "CR8", "FLAGS", NULL};
252 vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA(info->vmm_data);
254 reg_ptr = (v3_reg_t *)regs;
256 V3_Print("32 bit Ctrl Regs:\n");
258 for (i = 0; reg_names[i] != NULL; i++) {
259 V3_Print("\t%s=0x%p (at %p)\n", reg_names[i], (void *)(addr_t)reg_ptr[i], &(reg_ptr[i]));
262 V3_Print("\tEFER=0x%p\n", (void*)(addr_t)(guest_state->efer));
267 static int safe_gva_to_hva(struct guest_info * info, addr_t linear_addr, addr_t * host_addr) {
268 /* select the proper translation based on guest mode */
269 if (info->mem_mode == PHYSICAL_MEM) {
270 if (v3_gpa_to_hva(info, linear_addr, host_addr) == -1) return -1;
271 } else if (info->mem_mode == VIRTUAL_MEM) {
272 if (v3_gva_to_hva(info, linear_addr, host_addr) == -1) return -1;
277 static int v3_print_disassembly(struct guest_info * info) {
279 addr_t rip, rip_linear, rip_host;
281 /* we don't know where the instructions preceding RIP start, so we just take
282 * a guess and hope the instruction stream synced up with our disassembly
283 * some time before RIP; if it has not we correct RIP at that point
286 /* start disassembly 64 bytes before current RIP, continue 32 bytes after */
287 rip = (addr_t) info->rip - 64;
288 while ((int) (rip - info->rip) < 32) {
289 V3_Print("disassembly step\n");
291 /* always print RIP, even if the instructions before were bad */
292 if (!passed_rip && rip >= info->rip) {
293 if (rip != info->rip) {
294 V3_Print("***** bad disassembly up to this point *****\n");
300 /* look up host virtual address for this instruction */
301 rip_linear = get_addr_linear(info, rip, &(info->segments.cs));
302 if (safe_gva_to_hva(info, rip_linear, &rip_host) < 0) {
307 /* print disassembled instrcution (updates rip) */
308 if (v3_disasm(info, (void *) rip_host, &rip, rip == info->rip) < 0) {
320 void v3_print_guest_state(struct guest_info * info) {
321 addr_t linear_addr = 0;
323 V3_Print("RIP: %p\n", (void *)(addr_t)(info->rip));
324 linear_addr = get_addr_linear(info, info->rip, &(info->segments.cs));
325 V3_Print("RIP Linear: %p\n", (void *)linear_addr);
327 V3_Print("NumExits: %u\n", (uint32_t)info->num_exits);
329 v3_print_segments(&(info->segments));
330 v3_print_ctrl_regs(info);
332 if (info->shdw_pg_mode == SHADOW_PAGING) {
333 V3_Print("Shadow Paging Guest Registers:\n");
334 V3_Print("\tGuest CR0=%p\n", (void *)(addr_t)(info->shdw_pg_state.guest_cr0));
335 V3_Print("\tGuest CR3=%p\n", (void *)(addr_t)(info->shdw_pg_state.guest_cr3));
336 V3_Print("\tGuest EFER=%p\n", (void *)(addr_t)(info->shdw_pg_state.guest_efer.value));
341 v3_print_mem_map(info->vm_info);
343 v3_print_stack(info);
345 // v3_print_disassembly(info);
348 void v3_print_guest_state_all(struct v3_vm_info * vm) {
351 V3_Print("VM Core states for %s\n", vm->name);
353 for (i = 0; i < 80; i++) {
357 for (i = 0; i < vm->num_cores; i++) {
358 v3_print_guest_state(&vm->cores[i]);
361 for (i = 0; i < 80; i++) {
368 static void print_real_mode_stack(struct guest_info *info)
377 ss = info->segments.ss.selector & 0xffff;
378 sp = info->vm_regs.rsp & 0xffff;
379 addr = (((uint32_t)ss)<<4) + sp;
382 V3_Print("Real Mode Stack starting at 0x%x:0x%x (0x%p):\n",ss,sp,(void*)addr);
384 if (info->mem_mode!=PHYSICAL_MEM) {
385 PrintError("Cannot print real mode stack when virtual memory active\n");
389 for (i=0;i<=24;i++,sp+=2) {
390 // note that it's correct for this to wrap around
391 addr = (((uint32_t)ss)<<4) + sp;
392 if (v3_gpa_to_hva(info,addr,&host_addr)) {
393 PrintError("Could not translate physical stack address 0x%p\n",(void*)addr);
396 V3_Print("\t0x%.4x\n",*((uint16_t*)host_addr));
403 void v3_print_stack(struct guest_info * info) {
404 addr_t linear_addr = 0;
405 addr_t host_addr = 0;
407 v3_cpu_mode_t cpu_mode = v3_get_vm_cpu_mode(info);
410 if (cpu_mode==REAL) {
411 print_real_mode_stack(info);
415 // protected mode, 32 or 64 bit
417 linear_addr = get_addr_linear(info, info->vm_regs.rsp, &(info->segments.ss));
419 V3_Print("Stack at %p:\n", (void *)linear_addr);
421 if (info->mem_mode == PHYSICAL_MEM) {
422 if (v3_gpa_to_hva(info, linear_addr, &host_addr) == -1) {
423 PrintError("Could not translate Stack address\n");
426 } else if (info->mem_mode == VIRTUAL_MEM) {
427 if (v3_gva_to_hva(info, linear_addr, &host_addr) == -1) {
428 PrintError("Could not translate Virtual Stack address\n");
433 V3_Print("Host Address of rsp = 0x%p\n", (void *)host_addr);
435 // We start i at one because the current stack pointer points to an unused stack element
436 for (i = 0; i <= 24; i++) {
437 if (cpu_mode == LONG) {
438 V3_Print("\t%p\n", (void *)*(addr_t *)(host_addr + (i * 8)));
441 V3_Print("\t%.8x\n", *(uint32_t *)(host_addr + (i * 4)));
449 void v3_print_GPRs(struct guest_info * info) {
450 struct v3_gprs * regs = &(info->vm_regs);
453 char * reg_names[] = { "RDI", "RSI", "RBP", "RSP", "RBX", "RDX", "RCX", "RAX", NULL};
455 reg_ptr = (v3_reg_t *)regs;
457 V3_Print("32 bit GPRs:\n");
459 for (i = 0; reg_names[i] != NULL; i++) {
460 V3_Print("\t%s=0x%p (at %p)\n", reg_names[i], (void *)(addr_t)reg_ptr[i], &(reg_ptr[i]));
466 void v3_print_GPRs(struct guest_info * info) {
467 struct v3_gprs * regs = &(info->vm_regs);
470 char * reg_names[] = { "RDI", "RSI", "RBP", "RSP", "RBX", "RDX", "RCX", "RAX", \
471 "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15", NULL};
473 reg_ptr = (v3_reg_t *)regs;
475 V3_Print("64 bit GPRs:\n");
477 for (i = 0; reg_names[i] != NULL; i++) {
478 V3_Print("\t%s=0x%p (at %p)\n", reg_names[i], (void *)(addr_t)reg_ptr[i], &(reg_ptr[i]));
485 #include <palacios/vmcs.h>
486 #include <palacios/vmcb.h>
487 static int info_hcall(struct guest_info * core, uint_t hcall_id, void * priv_data) {
488 v3_cpu_arch_t cpu_type = v3_get_cpu_type(V3_Get_CPU());
491 V3_Print("************** Guest State ************\n");
492 v3_print_guest_state(core);
496 if ((cpu_type == V3_SVM_CPU) || (cpu_type == V3_SVM_REV3_CPU)) {
498 PrintDebugVMCB((vmcb_t *)(core->vmm_data));
502 if ((cpu_type == V3_VMX_CPU) || (cpu_type == V3_VMX_EPT_CPU)) {
508 PrintError("Invalid CPU Type 0x%x\n", cpu_type);
518 #include <palacios/svm.h>
519 #include <palacios/svm_io.h>
520 #include <palacios/svm_msr.h>
524 #include <palacios/vmx.h>
525 #include <palacios/vmx_io.h>
526 #include <palacios/vmx_msr.h>
530 int v3_init_vm(struct v3_vm_info * vm) {
531 v3_cpu_arch_t cpu_type = v3_get_cpu_type(V3_Get_CPU());
535 #ifdef CONFIG_TELEMETRY
536 v3_init_telemetry(vm);
539 v3_init_hypercall_map(vm);
542 v3_init_cpuid_map(vm);
543 v3_init_host_events(vm);
544 v3_init_intr_routers(vm);
545 v3_init_ext_manager(vm);
547 // Initialize the memory map
548 if (v3_init_mem_map(vm) == -1) {
549 PrintError("Could not initialize shadow map\n");
553 v3_init_mem_hooks(vm);
555 if (v3_init_shdw_impl(vm) == -1) {
556 PrintError("VM initialization error in shadow implementaion\n");
564 #ifdef CONFIG_SYMBIOTIC
565 v3_init_symbiotic_vm(vm);
575 case V3_SVM_REV3_CPU:
576 v3_init_svm_io_map(vm);
577 v3_init_svm_msr_map(vm);
583 v3_init_vmx_io_map(vm);
584 v3_init_vmx_msr_map(vm);
588 PrintError("Invalid CPU Type 0x%x\n", cpu_type);
592 v3_register_hypercall(vm, GUEST_INFO_HCALL, info_hcall, NULL);
594 V3_Print("GUEST_INFO_HCALL=%x\n", GUEST_INFO_HCALL);
600 int v3_free_vm_internal(struct v3_vm_info * vm) {
601 v3_cpu_arch_t cpu_type = v3_get_cpu_type(V3_Get_CPU());
603 v3_remove_hypercall(vm, GUEST_INFO_HCALL);
607 #ifdef CONFIG_SYMBIOTIC
608 v3_deinit_symbiotic_vm(vm);
615 case V3_SVM_REV3_CPU:
616 v3_deinit_svm_io_map(vm);
617 v3_deinit_svm_msr_map(vm);
623 v3_deinit_vmx_io_map(vm);
624 v3_deinit_vmx_msr_map(vm);
628 PrintError("Invalid CPU Type 0x%x\n", cpu_type);
632 v3_deinit_dev_mgr(vm);
634 v3_deinit_time_vm(vm);
636 v3_deinit_mem_hooks(vm);
637 v3_delete_mem_map(vm);
638 v3_deinit_shdw_impl(vm);
640 v3_deinit_intr_routers(vm);
641 v3_deinit_host_events(vm);
643 v3_deinit_cpuid_map(vm);
644 v3_deinit_msr_map(vm);
645 v3_deinit_io_map(vm);
646 v3_deinit_hypercall_map(vm);
648 #ifdef CONFIG_TELEMETRY
649 v3_deinit_telemetry(vm);
658 int v3_init_core(struct guest_info * core) {
659 v3_cpu_arch_t cpu_type = v3_get_cpu_type(V3_Get_CPU());
660 struct v3_vm_info * vm = core->vm_info;
665 * Initialize the subsystem data strutures
667 #ifdef CONFIG_TELEMETRY
668 v3_init_core_telemetry(core);
671 if (core->shdw_pg_mode == SHADOW_PAGING) {
672 v3_init_shdw_pg_state(core);
675 v3_init_time_core(core);
676 v3_init_intr_controllers(core);
677 v3_init_exception_state(core);
679 v3_init_decoder(core);
682 #ifdef CONFIG_SYMBIOTIC
683 v3_init_symbiotic_core(core);
687 #ifdef CONFIG_SYSCALL_HIJACK
688 v3_init_exec_hooks(core);
689 v3_init_mpi_accel(core);
690 //v3_hook_swintr(core, 0x80, v3_syscall_handler, NULL);
691 /* hook a poll syscall */
692 //v3_hook_syscall(core, 5, v3_sysopen_handler, NULL);
693 //v3_hook_syscall(core, 21, v3_sysmount_handler, NULL);
695 //args[0] = "./envtest";
696 //args[1] = "LD_PRELOAD=./libcwrap.so";
697 //v3_hook_syscall(core, 11, v3_sysexecve_handler, (void*)args);
706 case V3_SVM_REV3_CPU:
707 if (v3_init_svm_vmcb(core, vm->vm_class) == -1) {
708 PrintError("Error in SVM initialization\n");
716 if (v3_init_vmx_vmcs(core, vm->vm_class) == -1) {
717 PrintError("Error in VMX initialization\n");
723 PrintError("Invalid CPU Type 0x%x\n", cpu_type);
732 int v3_free_core(struct guest_info * core) {
733 v3_cpu_arch_t cpu_type = v3_get_cpu_type(V3_Get_CPU());
736 #ifdef CONFIG_SYMBIOTIC
737 v3_deinit_symbiotic_core(core);
740 v3_deinit_decoder(core);
742 v3_deinit_intr_controllers(core);
743 v3_deinit_time_core(core);
745 if (core->shdw_pg_mode == SHADOW_PAGING) {
746 v3_deinit_shdw_pg_state(core);
749 v3_free_passthrough_pts(core);
751 #ifdef CONFIG_TELEMETRY
752 v3_deinit_core_telemetry(core);
758 case V3_SVM_REV3_CPU:
759 if (v3_deinit_svm_vmcb(core) == -1) {
760 PrintError("Error in SVM initialization\n");
768 if (v3_deinit_vmx_vmcs(core) == -1) {
769 PrintError("Error in VMX initialization\n");
775 PrintError("Invalid CPU Type 0x%x\n", cpu_type);
