2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2008, Peter Dinda <pdinda@northwestern.edu>
11 * Copyright (c) 2008, Jack Lange <jarusl@cs.northwestern.edu>
12 * Copyright (c) 2008, The V3VEE Project <http://www.v3vee.org>
13 * All rights reserved.
15 * Author: Peter Dinda <pdinda@northwestern.edu>
16 * Jack Lange <jarusl@cs.northwestern.edu>
18 * This is free software. You are permitted to use,
19 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
23 #include <palacios/vmx.h>
24 #include <palacios/vmcs.h>
25 #include <palacios/vmm.h>
26 #include <palacios/vmx_lowlevel.h>
27 #include <palacios/vmm_lowlevel.h>
28 #include <palacios/vmm_config.h>
29 #include <palacios/vmm_ctrl_regs.h>
40 #include <palacios/vmm_util.h>
41 #include <palacios/vmm_string.h>
42 #include <palacios/vmm_ctrl_regs.h>
46 extern int Launch_VM(ullong_t vmcsPtr, uint_t eip);
48 #define NUMPORTS 65536
51 #define VMXASSIST_INFO_PORT 0x0e9
52 #define ROMBIOS_PANIC_PORT 0x400
53 #define ROMBIOS_PANIC_PORT2 0x401
54 #define ROMBIOS_INFO_PORT 0x402
55 #define ROMBIOS_DEBUG_PORT 0x403
59 static uint_t GetLinearIP(struct VM * vm) {
60 if (vm->state == VM_VMXASSIST_V8086_BIOS || vm->state == VM_VMXASSIST_V8086) {
61 return vm->vmcs.guestStateArea.cs.baseAddr + vm->vmcs.guestStateArea.rip;
63 return vm->vmcs.guestStateArea.rip;
71 #define INSTR_OFFSET_START 17
72 #define NOP_SEQ_LEN 10
73 #define INSTR_OFFSET_END (INSTR_OFFSET_START + NOP_SEQ_LEN - 1)
74 #define TEMPLATE_CODE_LEN 35
83 extern uint_t VMCS_LAUNCH();
84 extern uint_t Init_VMCS_HostState();
85 extern uint_t Init_VMCS_GuestState();
97 void DecodeCurrentInstruction(struct VM *vm, struct Instruction *inst)
99 // this is a gruesome hack
100 uint_t address = GetLinearIP(vm);
101 uint_t length = vm->vmcs.exitInfoFields.instrLength;
102 unsigned char *t = (unsigned char *) address;
106 PrintTrace("DecodeCurrentInstruction: instruction is\n");
107 PrintTraceMemDump(t,length);
109 if (length==3 && t[0]==0x0f && t[1]==0x22 && t[2]==0xc0) {
110 // mov from eax to cr0
111 // usually used to signal
112 inst->type=VM_MOV_TO_CR0;
113 inst->address=address;
115 inst->input1=vm->registers.eax;
116 inst->input2=vm->vmcs.guestStateArea.cr0;
117 inst->output=vm->registers.eax;
118 PrintTrace("MOV FROM EAX TO CR0\n");
120 inst->type=VM_UNKNOWN_INST;
126 static void ConfigureExits(struct VM *vm)
128 CopyOutVMCSExecCtrlFields(&(vm->vmcs.execCtrlFields));
130 vm->vmcs.execCtrlFields.pinCtrls |= 0
131 // EXTERNAL_INTERRUPT_EXITING
133 vm->vmcs.execCtrlFields.procCtrls |= 0
134 // INTERRUPT_WINDOWS_EXIT
142 | UNCONDITION_IO_EXITING
146 CopyInVMCSExecCtrlFields(&(vm->vmcs.execCtrlFields));
148 CopyOutVMCSExitCtrlFields(&(vm->vmcs.exitCtrlFields));
150 vm->vmcs.exitCtrlFields.exitCtrls |= ACK_IRQ_ON_EXIT;
152 CopyInVMCSExitCtrlFields(&(vm->vmcs.exitCtrlFields));
155 /* VMCS_READ(VM_EXIT_CTRLS, &flags); */
156 /* flags |= ACK_IRQ_ON_EXIT; */
157 /* VMCS_WRITE(VM_EXIT_CTRLS, &flags); */
162 extern int SAFE_VM_LAUNCH();
164 int MyLaunch(struct VM *vm)
166 ullong_t vmcs = (ullong_t)((uint_t) (vm->vmcsregion));
167 uint_t entry_eip = vm->descriptor.entry_ip;
168 uint_t exit_eip = vm->descriptor.exit_eip;
169 uint_t guest_esp = vm->descriptor.guest_esp;
170 uint_t f = 0xffffffff;
175 PrintTrace("Guest ESP: 0x%x (%u)\n", guest_esp, guest_esp);
177 exit_eip = (uint_t)RunVMM;
179 PrintTrace("Clear\n");
181 PrintTrace("Load\n");
185 PrintTrace("VMCS_LINK_PTR\n");
186 VMCS_WRITE(VMCS_LINK_PTR, &f);
187 PrintTrace("VMCS_LINK_PTR_HIGH\n");
188 VMCS_WRITE(VMCS_LINK_PTR_HIGH, &f);
191 SetCtrlBitsCorrectly(IA32_VMX_PINBASED_CTLS_MSR, PIN_VM_EXEC_CTRLS);
192 SetCtrlBitsCorrectly(IA32_VMX_PROCBASED_CTLS_MSR, PROC_VM_EXEC_CTRLS);
193 SetCtrlBitsCorrectly(IA32_VMX_EXIT_CTLS_MSR, VM_EXIT_CTRLS);
194 SetCtrlBitsCorrectly(IA32_VMX_ENTRY_CTLS_MSR, VM_ENTRY_CTRLS);
198 //SetCtrlBitsCorrectly(IA32_something,GUEST_IA32_DEBUGCTL);
199 //SetCtrlBitsCorrectly(IA32_something,GUEST_IA32_DEBUGCTL_HIGH);
203 PrintTrace("Setting up host state\n");
204 SetCRBitsCorrectly(IA32_VMX_CR0_FIXED0_MSR, IA32_VMX_CR0_FIXED1_MSR, HOST_CR0);
205 SetCRBitsCorrectly(IA32_VMX_CR4_FIXED0_MSR, IA32_VMX_CR4_FIXED1_MSR, HOST_CR4);
206 ret = Init_VMCS_HostState();
208 if (ret != VMX_SUCCESS) {
209 if (ret == VMX_FAIL_VALID) {
210 PrintTrace("Init Host state: VMCS FAILED WITH ERROR\n");
212 PrintTrace("Init Host state: Invalid VMCS\n");
217 // PrintTrace("HOST_RIP: %x (%u)\n", exit_eip, exit_eip);
218 VMCS_WRITE(HOST_RIP, &exit_eip);
221 PrintTrace("Setting up guest state\n");
222 PrintTrace("GUEST_RIP: %x (%u)\n", entry_eip, entry_eip);
223 VMCS_WRITE(GUEST_RIP, &entry_eip);
225 SetCRBitsCorrectly(IA32_VMX_CR0_FIXED0_MSR, IA32_VMX_CR0_FIXED1_MSR, GUEST_CR0);
226 SetCRBitsCorrectly(IA32_VMX_CR4_FIXED0_MSR, IA32_VMX_CR4_FIXED1_MSR, GUEST_CR4);
227 ret = Init_VMCS_GuestState();
229 PrintTrace("InitGuestState returned\n");
231 if (ret != VMX_SUCCESS) {
232 if (ret == VMX_FAIL_VALID) {
233 PrintTrace("Init Guest state: VMCS FAILED WITH ERROR\n");
235 PrintTrace("Init Guest state: Invalid VMCS\n");
239 PrintTrace("GUEST_RSP: %x (%u)\n", guest_esp, (uint_t)guest_esp);
240 VMCS_WRITE(GUEST_RSP, &guest_esp);
244 if (VMCS_WRITE(EXCEPTION_BITMAP, &tmpReg) != VMX_SUCCESS) {
245 PrintInfo("Bitmap error\n");
250 PrintTrace("VMCS_LAUNCH\n");
252 vm->state=VM_VMXASSIST_STARTUP;
254 vmm_ret = SAFE_VM_LAUNCH();
256 PrintTrace("VMM error %d\n", vmm_ret);
264 int VMLaunch(struct VMDescriptor *vm)
266 VMCS * vmcs = CreateVMCS();
269 ullong_t vmcs_ptr = (ullong_t)((uint_t)vmcs);
270 uint_t top = (vmcs_ptr >> 32) & 0xffffffff;
271 uint_t bottom = (vmcs_ptr) & 0xffffffff;
273 theVM.vmcsregion = vmcs;
274 theVM.descriptor = *vm;
276 PrintTrace("vmcs_ptr_top=%x vmcs_ptr_bottom=%x, eip=%x\n", top, bottom, vm->entry_ip);
277 rc = MyLaunch(&theVM); // vmcs_ptr, vm->entry_ip, vm->exit_eip, vm->guest_esp);
278 PrintTrace("Returned from MyLaunch();\n");
293 static int update_vmcs_host_state(struct guest_info * info) {
299 } __attribute__((packed)) tmp_seg;
302 struct v3_msr tmp_msr;
304 __asm__ __volatile__ ( "movq %%cr0, %0; "
308 vmcs_write(VMCS_HOST_CR0, tmp);
311 __asm__ __volatile__ ( "movq %%cr3, %0; "
315 vmcs_write(VMCS_HOST_CR3, tmp);
318 __asm__ __volatile__ ( "movq %%cr4, %0; "
322 vmcs_write(VMCS_HOST_CR4, tmp);
327 __asm__ __volatile__ ("sgdt (%0); "
332 vmcs_write(VMCS_HOST_GDTR_BASE, tmp_seg.base);
335 __asm__ __volatile__ ("sidt (%0); "
340 vmcs_write(VMCS_HOST_IDTR_BASE, tmp_seg.base);
342 /* How do we handle this...?
343 __asm__ __volatile__ ("str (%0); "
348 vmcs_write(VMCS_HOST_TR_BASE, tmp_seg.base);
351 #define FS_BASE_MSR 0xc0000100
352 #define GS_BASE_MSR 0xc0000101
355 v3_get_msr(FS_BASE_MSR, &(tmp_msr.hi), &(tmp_msr.lo));
356 vmcs_write(VMCS_HOST_FS_BASE, tmp_msr.value);
359 v3_get_msr(GS_BASE_MSR, &(tmp_msr.hi), &(tmp_msr.lo));
360 vmcs_write(VMCS_HOST_GS_BASE, tmp_msr.value);
364 __asm__ __volatile__ ( "movq %%cs, %0; "
368 vmcs_write(VMCS_HOST_CS_SELECTOR, tmp);
370 __asm__ __volatile__ ( "movq %%ss, %0; "
374 vmcs_write(VMCS_HOST_SS_SELECTOR, tmp);
376 __asm__ __volatile__ ( "movq %%ds, %0; "
380 vmcs_write(VMCS_HOST_DS_SELECTOR, tmp);
382 __asm__ __volatile__ ( "movq %%es, %0; "
386 vmcs_write(VMCS_HOST_ES_SELECTOR, tmp);
388 __asm__ __volatile__ ( "movq %%fs, %0; "
392 vmcs_write(VMCS_HOST_FS_SELECTOR, tmp);
394 __asm__ __volatile__ ( "movq %%gs, %0; "
398 vmcs_write(VMCS_HOST_GS_SELECTOR, tmp);
400 __asm__ __volatile__ ( "str %0; "
404 vmcs_write(VMCS_HOST_TR_SELECTOR, tmp);
407 #define SYSENTER_CS_MSR 0x00000174
408 #define SYSENTER_ESP_MSR 0x00000175
409 #define SYSENTER_EIP_MSR 0x00000176
412 v3_get_msr(SYSENTER_CS_MSR, &(tmp_msr.hi), &(tmp_msr.lo));
413 vmcs_write(VMCS_HOST_SYSENTER_CS, tmp_msr.value);
416 v3_get_msr(SYSENTER_ESP_MSR, &(tmp_msr.hi), &(tmp_msr.lo));
417 vmcs_write(VMCS_HOST_SYSENTER_ESP, tmp_msr.value);
420 v3_get_msr(SYSENTER_EIP_MSR, &(tmp_msr.hi), &(tmp_msr.lo));
421 vmcs_write(VMCS_HOST_SYSENTER_EIP, tmp_msr.value);
434 static struct vmcs_data* vmxon_ptr;
438 // For the 32 bit reserved bit fields
439 // MB1s are in the low 32 bits, MBZs are in the high 32 bits of the MSR
440 static uint32_t sanitize_bits1(uint32_t msr_num, uint32_t val) {
443 PrintDebug("sanitize_bits1 (MSR:%x)\n", msr_num);
445 v3_get_msr(msr_num, &mask_msr.hi, &mask_msr.lo);
447 PrintDebug("MSR %x = %x : %x \n", msr_num, mask_msr.hi, mask_msr.lo);
457 static addr_t sanitize_bits2(uint32_t msr_num0, uint32_t msr_num1, addr_t val) {
459 addr_t msr0_val, msr1_val;
461 PrintDebug("sanitize_bits2 (MSR0=%x, MSR1=%x)\n", msr_num0, msr_num1);
463 v3_get_msr(msr_num0, &msr0.hi, &msr0.lo);
464 v3_get_msr(msr_num1, &msr1.hi, &msr1.lo);
466 // This generates a mask that is the natural bit width of the CPU
467 msr0_val = msr0.value;
468 msr1_val = msr1.value;
470 PrintDebug("MSR %x = %p, %x = %p \n", msr_num0, (void*)msr0_val, msr_num1, (void*)msr1_val);
478 static int setup_base_host_state() {
482 // vmwrite(HOST_IDTR_BASE,
489 static void setup_v8086_mode_for_boot(struct guest_info* vm_info)
492 ((struct vmx_data*)vm_info->vmm_data)->state = VMXASSIST_V8086_BIOS;
493 ((struct rflags*)&(vm_info->ctrl_regs.rflags))->vm = 1;
494 ((struct rflags*)&(vm_info->ctrl_regs.rflags))->iopl = 3;
497 vm_info->rip = 0xfff0;
499 vm_info->segments.cs.selector = 0xf000;
500 vm_info->segments.cs.base = 0xf000<<4;
501 vm_info->segments.cs.limit = 0xffff;
502 vm_info->segments.cs.type = 3;
503 vm_info->segments.cs.system = 1;
504 vm_info->segments.cs.dpl = 3;
505 vm_info->segments.cs.present = 1;
506 vm_info->segments.cs.granularity = 0;
508 vm_info->segments.ss.selector = 0x0000;
509 vm_info->segments.ss.base = 0x0000<<4;
510 vm_info->segments.ss.limit = 0xffff;
511 vm_info->segments.ss.type = 3;
512 vm_info->segments.ss.system = 1;
513 vm_info->segments.ss.dpl = 3;
514 vm_info->segments.ss.present = 1;
515 vm_info->segments.ss.granularity = 0;
517 vm_info->segments.es.selector = 0x0000;
518 vm_info->segments.es.base = 0x0000<<4;
519 vm_info->segments.es.limit = 0xffff;
520 vm_info->segments.es.type = 3;
521 vm_info->segments.es.system = 1;
522 vm_info->segments.es.dpl = 3;
523 vm_info->segments.es.present = 1;
524 vm_info->segments.es.granularity = 0;
526 vm_info->segments.fs.selector = 0x0000;
527 vm_info->segments.fs.base = 0x0000<<4;
528 vm_info->segments.fs.limit = 0xffff;
529 vm_info->segments.fs.type = 3;
530 vm_info->segments.fs.system = 1;
531 vm_info->segments.fs.dpl = 3;
532 vm_info->segments.fs.present = 1;
533 vm_info->segments.fs.granularity = 0;
535 vm_info->segments.gs.selector = 0x0000;
536 vm_info->segments.gs.base = 0x0000<<4;
537 vm_info->segments.gs.limit = 0xffff;
538 vm_info->segments.gs.type = 3;
539 vm_info->segments.gs.system = 1;
540 vm_info->segments.gs.dpl = 3;
541 vm_info->segments.gs.present = 1;
542 vm_info->segments.gs.granularity = 0;
547 static struct vmcs_data* allocate_vmcs()
550 PrintDebug("Allocating page\n");
551 struct vmcs_data* vmcs_page = (struct vmcs_data*)V3_VAddr(V3_AllocPages(1));
553 memset(vmcs_page, 0, 4096);
555 v3_get_msr(VMX_BASIC_MSR, &(msr.e_reg.high), &(msr.e_reg.low));
557 vmcs_page->revision = ((struct vmx_basic_msr*)&msr)->revision;
558 PrintDebug("VMX Revision: 0x%x\n",vmcs_page->revision);
560 return (struct vmcs_data*)V3_PAddr((void*)vmcs_page);
565 static void init_vmcs_bios(struct guest_info * vm_info)
573 static int init_vmx_guest(struct guest_info * info, struct v3_vm_config * config_ptr) {
574 PrintDebug("Entering init_vmx_guest\n");
575 v3_pre_config_guest(info, config_ptr);
577 struct vmx_data* data;
579 PrintDebug("Allocating vmx_data\n");
580 data = (struct vmx_data*)V3_Malloc(sizeof(struct vmx_data));
581 PrintDebug("Allocating VMCS\n");
582 data->vmcs = allocate_vmcs();
584 info->vmm_data = (void*)data;
586 PrintDebug("Initializing VMCS (addr=%p)\n", info->vmm_data);
587 init_vmcs_bios(info);
589 v3_post_config_guest(info, config_ptr);
597 static int start_vmx_guest(struct guest_info *info) {
598 struct vmx_data* vmx_data = (struct vmx_data*)info->vmm_data;
601 // Have to do a whole lot of flag setting here
602 PrintDebug("Clearing VMCS\n");
603 vmx_ret = vmcs_clear(vmx_data->vmcs);
604 if(vmx_ret != VMX_SUCCESS) {
605 PrintDebug("VMCLEAR failed\n");
608 PrintDebug("Loading VMCS\n");
609 vmx_ret = vmcs_load(vmx_data->vmcs);
610 if(vmx_ret != VMX_SUCCESS) {
611 PrintDebug("VMPTRLD failed\n");
616 update_vmcs_host_state(info);
627 int v3_is_vmx_capable() {
628 v3_msr_t feature_msr;
629 addr_t eax = 0, ebx = 0, ecx = 0, edx = 0;
631 v3_cpuid(0x1, &eax, &ebx, &ecx, &edx);
633 PrintDebug("ECX: %p\n", (void*)ecx);
635 if (ecx & CPUID_1_ECX_VTXFLAG) {
636 v3_get_msr(VMX_FEATURE_CONTROL_MSR, &(feature_msr.hi), &(feature_msr.lo));
638 PrintTrace("MSRREGlow: 0x%.8x\n", feature_msr.lo);
640 if ((feature_msr.lo & FEATURE_CONTROL_VALID) != FEATURE_CONTROL_VALID) {
641 PrintDebug("VMX is locked -- enable in the BIOS\n");
646 PrintDebug("VMX not supported on this cpu\n");
653 static int has_vmx_nested_paging() {
659 // We set up the global host state that is unlikely to change across processes here
660 // Segment Descriptors mainly
662 struct seg_descriptor {
669 void v3_init_vmx(struct v3_ctrl_ops * vm_ops) {
670 extern v3_cpu_arch_t v3_cpu_type;
673 __asm__ __volatile__ (
674 "movq %%cr4, %%rbx; "
675 "orq $0x00002000,%%rbx; "
684 // Should check and return Error here....
685 __asm__ __volatile__ (
686 "movq %%cr0, %%rbx; "
687 "orq $0x00000020,%%rbx; "
694 // Setup VMXON Region
695 vmxon_ptr = allocate_vmcs();
696 PrintDebug("VMXON pointer: 0x%p\n", (void*)vmxon_ptr);
698 if (v3_enable_vmx(vmxon_ptr) == VMX_SUCCESS) {
699 PrintDebug("VMX Enabled\n");
701 PrintError("VMX initialization failure\n");
706 if (has_vmx_nested_paging() == 1) {
707 v3_cpu_type = V3_VMX_EPT_CPU;
709 v3_cpu_type = V3_VMX_CPU;
712 // Setup the VMX specific vmm operations
713 vm_ops->init_guest = &init_vmx_guest;
714 vm_ops->start_guest = &start_vmx_guest;
715 vm_ops->has_nested_paging = &has_vmx_nested_paging;
