1 #include <palacios/vmm_mem.h>
2 #include <palacios/vmm.h>
3 #include <palacios/vmcb.h>
4 #include <palacios/vmm_decoder.h>
5 #include <palacios/vm_guest_mem.h>
6 #include <palacios/vmm_ctrl_regs.h>
10 extern void SerialMemDump(unsigned char *start, int n);
12 /* Segmentation is a problem here...
14 * When we get a memory operand, presumably we use the default segment (which is?)
15 * unless an alternate segment was specfied in the prefix...
19 int handle_cr0_write(struct guest_info * info) {
23 switch (info->cpu_mode) {
29 PrintDebug("Real Mode write to CR0 at linear guest pa 0x%x\n",get_addr_linear(info,info->rip,&(info->segments.cs)));
31 // The real rip address is actually a combination of the rip + CS base
32 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
34 // I think we should inject a GPF into the guest
35 PrintDebug("Could not read instruction (ret=%d)\n", ret);
39 while (is_prefix_byte(instr[index])) {
43 if ((instr[index] == cr_access_byte) &&
44 (instr[index + 1] == lmsw_byte) &&
45 (MODRM_REG(instr[index + 2]) == lmsw_reg_byte)) {
48 addr_t second_operand;
49 struct cr0_real *real_cr0;
50 struct cr0_real *new_cr0;
51 operand_type_t addr_type;
57 real_cr0 = (struct cr0_real*)&(info->ctrl_regs.cr0);
59 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG16);
62 if (addr_type == REG_OPERAND) {
63 new_cr0 = (struct cr0_real *)first_operand;
64 } else if (addr_type == MEM_OPERAND) {
67 if (guest_pa_to_host_va(info, first_operand + (info->segments.ds.base << 4), &host_addr) == -1) {
72 new_cr0 = (struct cr0_real *)host_addr;
74 PrintDebug("Memory operand in real mode write to CR0 is UNIMPLEMENTED\n");
75 // error... don't know what to do
79 if ((new_cr0->pe == 1) && (real_cr0->pe == 0)) {
80 info->cpu_mode = PROTECTED;
81 } else if ((new_cr0->pe == 0) && (real_cr0->pe == 1)) {
82 info->cpu_mode = REAL;
85 new_cr0_val = *(char*)(new_cr0) & 0x0f;
88 if (info->shdw_pg_mode == SHADOW_PAGING) {
89 struct cr0_real * shadow_cr0 = (struct cr0_real*)&(info->shdw_pg_state.guest_cr0);
91 PrintDebug("Old CR0=%x, Old Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
92 /* struct cr0_real is only 4 bits wide,
93 * so we can overwrite the real_cr0 without worrying about the shadow fields
95 *(char*)real_cr0 &= 0xf0;
96 *(char*)real_cr0 |= new_cr0_val;
98 *(char*)shadow_cr0 &= 0xf0;
99 *(char*)shadow_cr0 |= new_cr0_val;
101 PrintDebug("New CR0=%x, New Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
103 PrintDebug("Old CR0=%x\n", *real_cr0);
104 // for now we just pass through....
105 *(char*)real_cr0 &= 0xf0;
106 *(char*)real_cr0 |= new_cr0_val;
108 PrintDebug("New CR0=%x\n", *real_cr0);
114 } else if ((instr[index] == cr_access_byte) &&
115 (instr[index + 1] == clts_byte)) {
117 PrintDebug("CLTS unhandled in CR0 write\n");
120 } else if ((instr[index] == cr_access_byte) &&
121 (instr[index + 1] = mov_to_cr_byte)) {
122 addr_t first_operand;
123 addr_t second_operand;
124 struct cr0_32 *real_cr0;
125 struct cr0_32 *new_cr0;
126 operand_type_t addr_type;
131 real_cr0 = (struct cr0_32*)&(info->ctrl_regs.cr0);
133 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
135 if (addr_type != REG_OPERAND) {
136 PrintDebug("Moving to CR0 from non-register operand in CR0 write\n");
137 /* Mov to CR0 Can only be a 32 bit register */
142 new_cr0 = (struct cr0_32 *)first_operand;
144 if (new_cr0->pe == 1) {
145 PrintDebug("Entering Protected Mode\n");
146 info->cpu_mode = PROTECTED;
149 if (new_cr0->pe == 0) {
150 PrintDebug("Entering Real Mode\n");
151 info->cpu_mode = REAL;
155 if (new_cr0->pg == 1) {
156 PrintDebug("Paging is already turned on in switch to protected mode in CR0 write\n");
162 if (info->shdw_pg_mode == SHADOW_PAGING) {
163 struct cr0_32 * shadow_cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
165 PrintDebug("Old CR0=%x, Old Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
166 *real_cr0 = *new_cr0;
169 *shadow_cr0 = *new_cr0;
171 PrintDebug("New CR0=%x, New Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
173 PrintDebug("Old CR0=%x\n", *real_cr0);
174 *real_cr0 = *new_cr0;
175 PrintDebug("New CR0=%x\n", *real_cr0);
181 PrintDebug("Unsupported Instruction\n");
182 // unsupported instruction, UD the guest
195 PrintDebug("Protected %s Mode write to CR0 at guest %s linear rip 0x%x\n",
196 info->mem_mode == VIRTUAL_MEM ? "Paged" : "",
197 info->mem_mode == VIRTUAL_MEM ? "virtual" : "",
198 get_addr_linear(info, info->rip, &(info->segments.cs)));
200 // OK, now we will read the instruction
201 // The only difference between PROTECTED and PROTECTED_PG is whether we read
202 // from guest_pa or guest_va
203 if (info->mem_mode == PHYSICAL_MEM) {
204 // The real rip address is actually a combination of the rip + CS base
205 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
207 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
211 // I think we should inject a GPF into the guest
212 PrintDebug("Could not read instruction (ret=%d)\n", ret);
216 while (is_prefix_byte(instr[index])) {
220 struct cr0_32 * shadow_cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
222 struct cr0_32 * real_cr0 = (struct cr0_32*)&(info->ctrl_regs.cr0);
224 if ((instr[index] == cr_access_byte) &&
225 (instr[index + 1] == mov_to_cr_byte)) {
229 addr_t first_operand;
230 addr_t second_operand;
231 struct cr0_32 *new_cr0;
232 operand_type_t addr_type;
237 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
239 if (addr_type != REG_OPERAND) {
240 PrintDebug("Non-register operand in write to CR0\n");
244 new_cr0 = (struct cr0_32 *)first_operand;
248 if (info->shdw_pg_mode == SHADOW_PAGING) {
249 struct cr0_32 * shadow_cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
251 if (new_cr0->pg == 1){
252 // This should be new_cr0->pg && !(old_cr->pg), right?
253 // and then a case for turning paging off?
255 struct cr3_32 * shadow_cr3 = (struct cr3_32 *)&(info->shdw_pg_state.shadow_cr3);
257 info->mem_mode = VIRTUAL_MEM;
259 *shadow_cr0 = *new_cr0;
260 *real_cr0 = *new_cr0;
263 // Activate Shadow Paging
265 PrintDebug("Turning on paging in the guest\n");
267 info->ctrl_regs.cr3 = *(addr_t*)shadow_cr3;
270 } else if (new_cr0->pe == 0) {
271 info->cpu_mode = REAL;
273 *shadow_cr0 = *new_cr0;
274 *real_cr0 = *new_cr0;
280 *real_cr0 = *new_cr0;
285 } else if ((instr[index] == 0x0f) &&
286 (instr[index + 1] == 0x06)) {
288 PrintDebug("CLTS instruction - clearing TS flag of real and shadow CR0\n");
297 PrintDebug("Unkown instruction: \n");
298 SerialMemDump(instr,15);
305 PrintDebug("Protected PAE Mode write to CR0 is UNIMPLEMENTED\n");
309 PrintDebug("Protected Long Mode write to CR0 is UNIMPLEMENTED\n");
314 PrintDebug("Unknown Mode write to CR0 (info->cpu_mode=0x%x\n)",info->cpu_mode);
325 int handle_cr0_read(struct guest_info * info) {
328 switch (info->cpu_mode) {
336 PrintDebug("Real Mode read from CR0 at linear guest pa 0x%x\n",get_addr_linear(info,info->rip,&(info->segments.cs)));
338 // The real rip address is actually a combination of the rip + CS base
339 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
341 // I think we should inject a GPF into the guest
342 PrintDebug("Could not read Real Mode instruction (ret=%d)\n", ret);
347 while (is_prefix_byte(instr[index])) {
351 if ((instr[index] == cr_access_byte) &&
352 (instr[index + 1] == smsw_byte) &&
353 (MODRM_REG(instr[index + 2]) == smsw_reg_byte)) {
355 // SMSW (store machine status word)
357 addr_t first_operand;
358 addr_t second_operand;
359 struct cr0_real *cr0;
360 operand_type_t addr_type;
365 cr0 = (struct cr0_real*)&(info->ctrl_regs.cr0);
368 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG16);
370 if (addr_type == MEM_OPERAND) {
373 if (guest_pa_to_host_va(info, first_operand + (info->segments.ds.base << 4), &host_addr) == -1) {
375 PrintDebug("Could not convert guest physical address to host virtual address\n");
379 first_operand = host_addr;
385 cr0_val = *(char*)cr0 & 0x0f;
387 *(char *)first_operand &= 0xf0;
388 *(char *)first_operand |= cr0_val;
390 PrintDebug("index = %d, rip = %x\n", index, (ulong_t)(info->rip));
392 PrintDebug("new_rip = %x\n", (ulong_t)(info->rip));
395 } else if ((instr[index] == cr_access_byte) &&
396 (instr[index+1] == mov_from_cr_byte)) {
398 * This can only take a 32 bit register argument in anything less than 64 bit mode.
400 addr_t first_operand;
401 addr_t second_operand;
402 operand_type_t addr_type;
404 struct cr0_32 * real_cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
408 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
410 struct cr0_32 * virt_cr0 = (struct cr0_32 *)first_operand;
412 if (addr_type != REG_OPERAND) {
413 // invalid opcode to guest
414 PrintDebug("Invalid operand type in mov from CR0\n");
418 if (info->shdw_pg_mode == SHADOW_PAGING) {
419 *virt_cr0 = *(struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
421 *virt_cr0 = *real_cr0;
427 PrintDebug("Unknown read instr from CR0\n");
441 PrintDebug("Protected %s Mode read from CR0 at guest %s linear rip 0x%x\n",
442 info->mem_mode == VIRTUAL_MEM ? "Paged" : "",
443 info->mem_mode == VIRTUAL_MEM ? "virtual" : "",
444 get_addr_linear(info, info->rip, &(info->segments.cs)));
446 // We need to read the instruction, which is at CS:IP, but that
447 // linear address is guest physical without PG and guest virtual with PG
448 if (info->cpu_mode == PHYSICAL_MEM) {
449 // The real rip address is actually a combination of the rip + CS base
450 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
452 // The real rip address is actually a combination of the rip + CS base
453 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
457 // I think we should inject a GPF into the guest
458 PrintDebug("Could not read Protected %s mode instruction (ret=%d)\n",
459 info->cpu_mode == VIRTUAL_MEM ? "Paged" : "", ret);
463 while (is_prefix_byte(instr[index])) {
468 if ((instr[index] == cr_access_byte) &&
469 (instr[index+1] == mov_from_cr_byte)) {
471 // MOV from CR0 to register
473 addr_t first_operand;
474 addr_t second_operand;
475 operand_type_t addr_type;
476 struct cr0_32 * virt_cr0;
477 struct cr0_32 * real_cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
481 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
483 if (addr_type != REG_OPERAND) {
484 PrintDebug("Invalid operand type in mov from CR0\n");
488 virt_cr0 = (struct cr0_32 *)first_operand;
490 if (info->shdw_pg_mode == SHADOW_PAGING) {
491 *virt_cr0 = *(struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
492 if (info->cpu_mode==PROTECTED) {
493 virt_cr0->pg=0; // clear the pg bit because guest doesn't think it's on
496 *virt_cr0 = *real_cr0;
502 PrintDebug("Unknown read instruction from CR0\n");
509 PrintDebug("Protected PAE Mode read to CR0 is UNIMPLEMENTED\n");
513 PrintDebug("Protected Long Mode read to CR0 is UNIMPLEMENTED\n");
519 PrintDebug("Unknown Mode read from CR0 (info->cpu_mode=0x%x)\n",info->cpu_mode);
532 int handle_cr3_write(struct guest_info * info) {
533 if (info->cpu_mode == PROTECTED) {
538 PrintDebug("Protected %s mode write to CR3 at %s 0x%x\n",
539 info->cpu_mode==PROTECTED ? "" : "Paged",
540 info->cpu_mode==PROTECTED ? "guest physical" : "guest virtual",
541 get_addr_linear(info,info->rip,&(info->segments.cs)));
543 // We need to read the instruction, which is at CS:IP, but that
544 // linear address is guest physical without PG and guest virtual with PG
545 if (info->mem_mode == PHYSICAL_MEM) {
546 // The real rip address is actually a combination of the rip + CS base
547 PrintDebug("Writing Guest CR3 Write (Physical Address)\n");
548 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
550 PrintDebug("Writing Guest CR3 Write (Virtual Address)\n");
551 // The real rip address is actually a combination of the rip + CS base
552 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
556 PrintDebug("Could not read instruction (ret=%d)\n", ret);
560 while (is_prefix_byte(instr[index])) {
564 if ((instr[index] == cr_access_byte) &&
565 (instr[index + 1] == mov_to_cr_byte)) {
567 addr_t first_operand;
568 addr_t second_operand;
569 struct cr3_32 * new_cr3;
570 // struct cr3_32 * real_cr3;
571 operand_type_t addr_type;
575 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
577 if (addr_type != REG_OPERAND) {
578 /* Mov to CR3 can only be a 32 bit register */
582 new_cr3 = (struct cr3_32 *)first_operand;
584 if (info->shdw_pg_mode == SHADOW_PAGING) {
586 struct cr3_32 * shadow_cr3 = (struct cr3_32 *)&(info->shdw_pg_state.shadow_cr3);
587 struct cr3_32 * guest_cr3 = (struct cr3_32 *)&(info->shdw_pg_state.guest_cr3);
590 /* Delete the current Page Tables */
591 delete_page_tables_pde32((pde32_t *)CR3_TO_PDE32(*(uint_t*)shadow_cr3));
593 PrintDebug("Old Shadow CR3=%x; Old Guest CR3=%x\n",
594 *(uint_t*)shadow_cr3, *(uint_t*)guest_cr3);
597 *guest_cr3 = *new_cr3;
601 // Something like this
602 shadow_pt = create_new_shadow_pt32(info);
603 //shadow_pt = setup_shadow_pt32(info, CR3_TO_PDE32(*(addr_t *)new_cr3));
605 /* Copy Various flags */
606 *shadow_cr3 = *new_cr3;
610 shadow_cr3->pdt_base_addr = PD32_BASE_ADDR(shadow_pt);
612 PrintDebug("New Shadow CR3=%x; New Guest CR3=%x\n",
613 *(uint_t*)shadow_cr3, *(uint_t*)guest_cr3);
617 if (info->mem_mode == VIRTUAL_MEM) {
618 // If we aren't in paged mode then we have to preserve the identity mapped CR3
619 info->ctrl_regs.cr3 = *(addr_t*)shadow_cr3;
626 PrintDebug("Unknown Instruction\n");
627 SerialMemDump(instr,15);
631 PrintDebug("Invalid operating Mode (0x%x)\n", info->cpu_mode);
641 int handle_cr3_read(struct guest_info * info) {
642 if (info->cpu_mode == PROTECTED) {
648 // We need to read the instruction, which is at CS:IP, but that
649 // linear address is guest physical without PG and guest virtual with PG
650 if (info->cpu_mode == PHYSICAL_MEM) {
651 // The real rip address is actually a combination of the rip + CS base
652 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
654 // The real rip address is actually a combination of the rip + CS base
655 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
659 PrintDebug("Could not read instruction (ret=%d)\n", ret);
663 while (is_prefix_byte(instr[index])) {
667 if ((instr[index] == cr_access_byte) &&
668 (instr[index + 1] == mov_from_cr_byte)) {
669 addr_t first_operand;
670 addr_t second_operand;
671 struct cr3_32 * virt_cr3;
672 struct cr3_32 * real_cr3 = (struct cr3_32 *)&(info->ctrl_regs.cr3);
673 operand_type_t addr_type;
677 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
679 if (addr_type != REG_OPERAND) {
680 /* Mov to CR3 can only be a 32 bit register */
684 virt_cr3 = (struct cr3_32 *)first_operand;
686 if (info->shdw_pg_mode == SHADOW_PAGING) {
687 *virt_cr3 = *(struct cr3_32 *)&(info->shdw_pg_state.guest_cr3);
689 *virt_cr3 = *real_cr3;
694 PrintDebug("Unknown Instruction\n");
695 SerialMemDump(instr,15);
699 PrintDebug("Invalid operating Mode (0x%x)\n", info->cpu_mode);
