Skip to content
This repository was archived by the owner on Jan 28, 2023. It is now read-only.

Generate #UD exception for unsupported instructions which cause vm-exits #247

Merged
merged 1 commit into from
Dec 9, 2019
Merged

Generate #UD exception for unsupported instructions which cause vm-exits #247

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions core/include/vmx.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,16 +58,16 @@ enum {
VMX_EXIT_RDPMC = 15, // Guest executed RDPMC instruction
VMX_EXIT_RDTSC = 16, // Guest executed RDTSC instruction
VMX_EXIT_RSM = 17, // Guest executed RSM instruction in SMM
VMX_EXIT_VMCALL = 18,
VMX_EXIT_VMCLEAR = 19,
VMX_EXIT_VMLAUNCH = 20,
VMX_EXIT_VMPTRLD = 21,
VMX_EXIT_VMPTRST = 22,
VMX_EXIT_VMREAD = 23,
VMX_EXIT_VMRESUME = 24,
VMX_EXIT_VMWRITE = 25,
VMX_EXIT_VMXOFF = 26,
VMX_EXIT_VMXON = 27,
VMX_EXIT_VMCALL = 18, // Guest executed VMCALL instruction
VMX_EXIT_VMCLEAR = 19, // Guest executed VMCLEAR instruction
VMX_EXIT_VMLAUNCH = 20, // Guest executed VMLAUNCH instruction
VMX_EXIT_VMPTRLD = 21, // Guest executed VMPTRLD instruction
VMX_EXIT_VMPTRST = 22, // Guest executed VMPTRST instruction
VMX_EXIT_VMREAD = 23, // Guest executed VMREAD instruction
VMX_EXIT_VMRESUME = 24, // Guest executed VMRESUME instruction
VMX_EXIT_VMWRITE = 25, // Guest executed VMWRITE instruction
VMX_EXIT_VMXOFF = 26, // Guest executed VMXON instruction
VMX_EXIT_VMXON = 27, // Guest executed VMXOFF instruction
VMX_EXIT_CR_ACCESS = 28, // Guest accessed a control register
VMX_EXIT_DR_ACCESS = 29, // Guest attempted access to debug register
VMX_EXIT_IO = 30, // Guest attempted I/O
Expand All @@ -91,7 +91,7 @@ enum {
VMX_EXIT_VMX_TIMER_EXIT = 52,
VMX_EXIT_INVVPID = 53,
VMX_EXIT_WBINVD = 54,
VMX_EXIT_XSETBV = 55,
VMX_EXIT_XSETBV = 55, // Guest executed XSETBV instruction
VMX_EXIT_APIC_WRITE = 56,
VMX_EXIT_RDRAND = 57,
VMX_EXIT_INVPCID = 58,
Expand Down
25 changes: 25 additions & 0 deletions core/vcpu.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@ static int exit_invalid_guest_state(struct vcpu_t *vcpu,
static int exit_ept_misconfiguration(struct vcpu_t *vcpu,
struct hax_tunnel *htun);
static int exit_ept_violation(struct vcpu_t *vcpu, struct hax_tunnel *htun);
static int exit_unsupported_instruction(struct vcpu_t *vcpu,
struct hax_tunnel *htun);
static int null_handler(struct vcpu_t *vcpu, struct hax_tunnel *hun);

static void advance_rip(struct vcpu_t *vcpu);
Expand Down Expand Up @@ -388,6 +390,22 @@ static int (*handler_funcs[])(struct vcpu_t *vcpu, struct hax_tunnel *htun) = {
[VMX_EXIT_FAILED_VMENTER_GS] = exit_invalid_guest_state,
[VMX_EXIT_EPT_VIOLATION] = exit_ept_violation,
[VMX_EXIT_EPT_MISCONFIG] = exit_ept_misconfiguration,
[VMX_EXIT_GETSEC] = exit_unsupported_instruction,
[VMX_EXIT_INVD] = exit_unsupported_instruction,
[VMX_EXIT_VMCALL] = exit_unsupported_instruction,
[VMX_EXIT_VMCLEAR] = exit_unsupported_instruction,
[VMX_EXIT_VMLAUNCH] = exit_unsupported_instruction,
[VMX_EXIT_VMPTRLD] = exit_unsupported_instruction,
[VMX_EXIT_VMPTRST] = exit_unsupported_instruction,
//VMREAD and VMWRITE vm-exits are conditional. When "VMCS shadowing" bit
//in secondary CPU VM-execution control is 0, these exit. This condition
//holds in haxm.
[VMX_EXIT_VMREAD] = exit_unsupported_instruction,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why VMREAD/WMWRITE registered to unconditional exit handler?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cpuid handling in hax tells the guest that it does not support VT. So execution of any instruction in this subset should generate an #UD. Intel SDM says that exits of these instructions are conditionally, the conditions in hax lead to exits. I tested these instructions and they exited.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it makes the code more clear by adding comments after each of these vmx_exit_* item, like already did in the enum, tells that some are due to unconditional exit while other are conditional according to the SDM 3C 25.1.2.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added comments.

[VMX_EXIT_VMWRITE] = exit_unsupported_instruction,
[VMX_EXIT_VMRESUME] = exit_unsupported_instruction,
[VMX_EXIT_VMXOFF] = exit_unsupported_instruction,
[VMX_EXIT_VMXON] = exit_unsupported_instruction,
[VMX_EXIT_XSETBV] = exit_unsupported_instruction,
};

static int nr_handlers = ARRAY_ELEMENTS(handler_funcs);
Expand Down Expand Up @@ -3882,6 +3900,13 @@ static int exit_ept_violation(struct vcpu_t *vcpu, struct hax_tunnel *htun)
return vcpu_emulate_insn(vcpu);
}

static int exit_unsupported_instruction(struct vcpu_t *vcpu,
struct hax_tunnel *htun)
{
hax_inject_exception(vcpu, VECTOR_UD, NO_ERROR_CODE);
return HAX_RESUME;
}

static void handle_mem_fault(struct vcpu_t *vcpu, struct hax_tunnel *htun)
{
hax_log(HAX_LOGW,
Expand Down