diff --git a/src/x86/executor/include/vmx_config.h b/src/x86/executor/include/vmx_config.h index e8b76b9..e029ac0 100644 --- a/src/x86/executor/include/vmx_config.h +++ b/src/x86/executor/include/vmx_config.h @@ -48,30 +48,29 @@ // Table 25-5. Definitions of Pin-Based VM-Execution Controls // IMPORTANT: never combine setting of PIN_BASED_EXT_INTR_MASK and VM_EXIT_ACK_INTR_ON_EXIT // (i.e., at least one must be disabled); otherwise, interrupts lead to system crash -#define DEFAULT_PIN_BASED_VM_EXEC_CONTROL \ +#define MUST_SET_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_NMI_EXITING | PIN_BASED_VIRTUAL_NMIS | PIN_BASED_VMX_PREEMPTION_TIMER) -#define NOT_SUPPORTED_PIN_BASED_VM_EXEC_CONTROL (PIN_BASED_EXT_INTR_MASK | PIN_BASED_POSTED_INTR) +#define MUST_CLEAR_PIN_BASED_VM_EXEC_CONTROL (PIN_BASED_EXT_INTR_MASK | PIN_BASED_POSTED_INTR) // Table 25-6. Definitions of Primary Processor-Based VM-Execution Controls // DO NOT add CPU_BASED_RDPMC_EXITING because we may need it if guest primes or probes -#define DEFAULT_PRIMARY_VM_EXEC_CONTROL \ +#define MUST_SET_PRIMARY_VM_EXEC_CONTROL \ (CPU_BASED_INTR_WINDOW_EXITING | CPU_BASED_HLT_EXITING | CPU_BASED_INVLPG_EXITING | \ CPU_BASED_MWAIT_EXITING | CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING | \ CPU_BASED_CR8_LOAD_EXITING | CPU_BASED_CR8_STORE_EXITING | CPU_BASED_MOV_DR_EXITING | \ CPU_BASED_UNCOND_IO_EXITING | CPU_BASED_MONITOR_EXITING | CPU_BASED_PAUSE_EXITING | \ CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | CPU_BASED_NMI_WINDOW_EXITING) -#define NOT_SUPPORTED_PRIMARY_VM_EXEC_CONTROL \ +#define MUST_CLEAR_PRIMARY_VM_EXEC_CONTROL \ (CPU_BASED_USE_TSC_OFFSETTING | CPU_BASED_RDPMC_EXITING | CPU_BASED_RDTSC_EXITING | \ CPU_BASED_ACTIVATE_TERTIARY_CONTROLS | CPU_BASED_TPR_SHADOW | CPU_BASED_USE_IO_BITMAPS | \ CPU_BASED_MONITOR_TRAP_FLAG | CPU_BASED_USE_MSR_BITMAPS) // Table 25-7. Definitions of Secondary Processor-Based VM-Execution Controls -#define DEFAULT_SECONDARY_VM_EXEC_CONTROL \ +#define MUST_SET_SECONDARY_VM_EXEC_CONTROL \ (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_DESC | SECONDARY_EXEC_WBINVD_EXITING | \ SECONDARY_EXEC_ENCLS_EXITING | SECONDARY_EXEC_ENABLE_INVPCID | \ SECONDARY_EXEC_RDRAND_EXITING | SECONDARY_EXEC_RDSEED_EXITING) -#define OPTIONAL_SECONDARY_VM_EXEC_CONTROL (SECONDARY_EXEC_PAUSE_LOOP_EXITING) -#define NOT_SUPPORTED_SECONDARY_VM_EXEC_CONTROL \ +#define MUST_CLEAR_SECONDARY_VM_EXEC_CONTROL \ (SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_RDTSCP | \ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_ENABLE_VPID | \ SECONDARY_EXEC_UNRESTRICTED_GUEST | SECONDARY_EXEC_APIC_REGISTER_VIRT | \ @@ -87,15 +86,15 @@ #define DEFAULT_EXCEPTION_BITMAP 0xFFFFFFFF // all exceptions are redirected to host // Exit/entry controls -#define DEFAULT_EXIT_CTRL (VM_EXIT_SAVE_DEBUG_CONTROLS | VM_EXIT_HOST_ADDR_SPACE_SIZE) -#define NOT_SUPPORTED_EXIT_CTRL \ +#define MUST_SET_EXIT_CTRL (VM_EXIT_SAVE_DEBUG_CONTROLS | VM_EXIT_HOST_ADDR_SPACE_SIZE) +#define MUST_CLEAR_EXIT_CTRL \ (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | VM_EXIT_SAVE_IA32_PAT | VM_EXIT_LOAD_IA32_PAT | \ VM_EXIT_SAVE_IA32_EFER | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_VMX_PREEMPTION_TIMER | \ VM_EXIT_CLEAR_BNDCFGS | VM_EXIT_PT_CONCEAL_PIP | VM_EXIT_CLEAR_IA32_RTIT_CTL | \ VM_EXIT_ACK_INTR_ON_EXIT) -#define DEFAULT_ENTRY_CTRL (VM_ENTRY_LOAD_DEBUG_CONTROLS | VM_ENTRY_IA32E_MODE) -#define NOT_SUPPORTED_ENTRY_CTRL \ +#define MUST_SET_ENTRY_CTRL (VM_ENTRY_LOAD_DEBUG_CONTROLS | VM_ENTRY_IA32E_MODE) +#define MUST_CLEAR_ENTRY_CTRL \ (VM_ENTRY_SMM | VM_ENTRY_DEACT_DUAL_MONITOR | VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \ VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_IA32_EFER | VM_ENTRY_LOAD_BNDCFGS | \ VM_ENTRY_PT_CONCEAL_PIP | VM_ENTRY_LOAD_IA32_RTIT_CTL | VM_EXIT_UINV | VM_ENTRY_CET | \ diff --git a/src/x86/executor/macro_loader.c b/src/x86/executor/macro_loader.c index 9bf9ece..de6822b 100644 --- a/src/x86/executor/macro_loader.c +++ b/src/x86/executor/macro_loader.c @@ -5,12 +5,12 @@ #include "macro_loader.h" #include "asm_snippets.h" -#include "memory_guest.h" -#include "vmx.h" #include "main.h" +#include "memory_guest.h" #include "sandbox_manager.h" #include "shortcuts.h" #include "test_case_parser.h" +#include "vmx.h" // Max sizes for sanity checks #define MAX_MACRO_START_OFFSET 0x100 diff --git a/src/x86/executor/vmx.c b/src/x86/executor/vmx.c index 9f0dda3..6d87d36 100644 --- a/src/x86/executor/vmx.c +++ b/src/x86/executor/vmx.c @@ -225,23 +225,21 @@ int vmx_check_cpu_compatibility(void) // Pin-based controls msr_value = rdmsr64(MSR_IA32_VMX_TRUE_PINBASED_CTLS); - ASSERT((msr_value & NOT_SUPPORTED_PIN_BASED_VM_EXEC_CONTROL) == 0, - "vmx_check_cpu_compatibility"); + ASSERT((msr_value & MUST_CLEAR_PIN_BASED_VM_EXEC_CONTROL) == 0, "vmx_check_cpu_compatibility"); // Primary processor-based controls msr_value = rdmsr64(MSR_IA32_VMX_TRUE_PROCBASED_CTLS); - ASSERT((msr_value & NOT_SUPPORTED_PRIMARY_VM_EXEC_CONTROL) == 0, "vmx_check_cpu_compatibility"); + ASSERT((msr_value & MUST_CLEAR_PRIMARY_VM_EXEC_CONTROL) == 0, "vmx_check_cpu_compatibility"); // Secondary msr_value = rdmsr64(MSR_IA32_VMX_PROCBASED_CTLS2); - ASSERT((msr_value & NOT_SUPPORTED_SECONDARY_VM_EXEC_CONTROL) == 0, - "vmx_check_cpu_compatibility"); + ASSERT((msr_value & MUST_CLEAR_SECONDARY_VM_EXEC_CONTROL) == 0, "vmx_check_cpu_compatibility"); // Exit/entry msr_value = rdmsr64(MSR_IA32_VMX_TRUE_EXIT_CTLS); - ASSERT((msr_value & NOT_SUPPORTED_EXIT_CTRL) == 0, "vmx_check_cpu_compatibility"); + ASSERT((msr_value & MUST_CLEAR_EXIT_CTRL) == 0, "vmx_check_cpu_compatibility"); msr_value = rdmsr64(MSR_IA32_VMX_TRUE_ENTRY_CTLS); - ASSERT((msr_value & NOT_SUPPORTED_ENTRY_CTRL) == 0, "vmx_check_cpu_compatibility"); + ASSERT((msr_value & MUST_CLEAR_ENTRY_CTRL) == 0, "vmx_check_cpu_compatibility"); return 0; } @@ -459,10 +457,10 @@ static int set_vmcs_guest_state(void) (uint64_t)&guest_v_memory->data.main_area[LOCAL_RSP_OFFSET]); CHECKED_VMWRITE(GUEST_SYSENTER_EIP, (uint64_t)&guest_v_memory->code.section[0]); - ASSERT((VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL & NOT_SUPPORTED_ENTRY_CTRL) != 0, + ASSERT((VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL & MUST_CLEAR_ENTRY_CTRL) != 0, "set_vmcs_guest_state"); - ASSERT((VM_ENTRY_LOAD_IA32_PAT & NOT_SUPPORTED_ENTRY_CTRL) != 0, "set_vmcs_guest_state"); - ASSERT((VM_ENTRY_LOAD_IA32_EFER & NOT_SUPPORTED_ENTRY_CTRL) != 0, "set_vmcs_guest_state"); + ASSERT((VM_ENTRY_LOAD_IA32_PAT & MUST_CLEAR_ENTRY_CTRL) != 0, "set_vmcs_guest_state"); + ASSERT((VM_ENTRY_LOAD_IA32_EFER & MUST_CLEAR_ENTRY_CTRL) != 0, "set_vmcs_guest_state"); // SDM 25.4.2 Guest Non-Register State CHECKED_VMWRITE(GUEST_ACTIVITY_STATE, 0); @@ -523,9 +521,8 @@ static int set_vmcs_host_state(void) CHECKED_VMWRITE(HOST_IA32_SYSENTER_EIP, rdmsr64(MSR_IA32_SYSENTER_EIP)); CHECKED_VMWRITE(HOST_IA32_EFER, rdmsr64(MSR_EFER)); - ASSERT((VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL & NOT_SUPPORTED_EXIT_CTRL) != 0, - "set_vmcs_host_state"); - ASSERT((VM_EXIT_LOAD_IA32_PAT & NOT_SUPPORTED_EXIT_CTRL) != 0, "set_vmcs_host_state"); + ASSERT((VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL & MUST_CLEAR_EXIT_CTRL) != 0, "set_vmcs_host_state"); + ASSERT((VM_EXIT_LOAD_IA32_PAT & MUST_CLEAR_EXIT_CTRL) != 0, "set_vmcs_host_state"); return 0; } @@ -535,7 +532,7 @@ static int set_vmcs_exec_control(int actor_id) uint8_t err_inv, err_val = 0; // SDM 25.6.1 Pin-Based VM-Execution Controls - uint32_t pin_based_vm_exec_control = DEFAULT_PIN_BASED_VM_EXEC_CONTROL | + uint32_t pin_based_vm_exec_control = MUST_SET_PIN_BASED_VM_EXEC_CONTROL | (rdmsr64(MSR_IA32_VMX_TRUE_PINBASED_CTLS) & 0xFFFFFFFFULL); if (check_vmx_controls(pin_based_vm_exec_control, MSR_IA32_VMX_TRUE_PINBASED_CTLS)) return -1; @@ -543,15 +540,15 @@ static int set_vmcs_exec_control(int actor_id) // SDM 25.6.2 Processor-Based VM-Execution Controls // - primary - uint32_t primary_vm_exec_control = DEFAULT_PRIMARY_VM_EXEC_CONTROL | + uint32_t primary_vm_exec_control = MUST_SET_PRIMARY_VM_EXEC_CONTROL | (rdmsr64(MSR_IA32_VMX_TRUE_PROCBASED_CTLS) & 0xFFFFFFFFULL); if (check_vmx_controls(primary_vm_exec_control, MSR_IA32_VMX_TRUE_PROCBASED_CTLS)) return -1; CHECKED_VMWRITE(CPU_BASED_VM_EXEC_CONTROL, primary_vm_exec_control); // - secondary - uint32_t secondary_vm_exec_control = - DEFAULT_SECONDARY_VM_EXEC_CONTROL | (rdmsr64(MSR_IA32_VMX_PROCBASED_CTLS2) & 0xFFFFFFFFULL); + uint32_t secondary_vm_exec_control = MUST_SET_SECONDARY_VM_EXEC_CONTROL | + (rdmsr64(MSR_IA32_VMX_PROCBASED_CTLS2) & 0xFFFFFFFFULL); if (check_vmx_controls(secondary_vm_exec_control, MSR_IA32_VMX_PROCBASED_CTLS2)) return -1; CHECKED_VMWRITE(SECONDARY_VM_EXEC_CONTROL, secondary_vm_exec_control); @@ -615,7 +612,8 @@ static int set_vmcs_exit_control(void) { uint8_t err_inv, err_val = 0; - uint64_t exit_ctls = DEFAULT_EXIT_CTRL | (rdmsr64(MSR_IA32_VMX_TRUE_EXIT_CTLS) & 0xFFFFFFFFULL); + uint64_t exit_ctls = + MUST_SET_EXIT_CTRL | (rdmsr64(MSR_IA32_VMX_TRUE_EXIT_CTLS) & 0xFFFFFFFFULL); if (check_vmx_controls(exit_ctls, MSR_IA32_VMX_TRUE_EXIT_CTLS)) return -1; CHECKED_VMWRITE(VM_EXIT_CONTROLS, exit_ctls); @@ -631,7 +629,7 @@ static int set_vmcs_entry_control(void) uint8_t err_inv, err_val = 0; uint64_t entry_ctls = - DEFAULT_ENTRY_CTRL | (rdmsr64(MSR_IA32_VMX_TRUE_ENTRY_CTLS) & 0xFFFFFFFFULL); + MUST_SET_ENTRY_CTRL | (rdmsr64(MSR_IA32_VMX_TRUE_ENTRY_CTLS) & 0xFFFFFFFFULL); if (check_vmx_controls(entry_ctls, MSR_IA32_VMX_TRUE_ENTRY_CTLS)) return -1; CHECKED_VMWRITE(VM_ENTRY_CONTROLS, entry_ctls); @@ -656,20 +654,20 @@ static int make_vmcs_launched(int actor_id) // launch VM asm volatile("" - "lea (1f), %%rax\n" - "mov $0x00006c16, %%rcx\n" - "vmwrite %%rax, %%rcx\n" - "mov %%rsp, %%rax\n" - "mov $0x00006c14, %%rcx\n" - "vmwrite %%rax, %%rcx\n" - "vmlaunch; setc %[inval]; setz %[val]\n" - "1:\n" - : [val] "=rm"(err_val), [inval] "=rm"(err_inv) - : - : "cc", "memory", "rax", "rcx"); + "lea (1f), %%rax\n" + "mov $0x00006c16, %%rcx\n" + "vmwrite %%rax, %%rcx\n" + "mov %%rsp, %%rax\n" + "mov $0x00006c14, %%rcx\n" + "vmwrite %%rax, %%rcx\n" + "vmlaunch; setc %[inval]; setz %[val]\n" + "1:\n" + : [val] "=rm"(err_val), [inval] "=rm"(err_inv) + : + : "cc", "memory", "rax", "rcx"); // PRINT_ERR("make_vmcs_launched: exited with VMfailInvalid=%d, VMfailValid=%d\n", err_inv, - // err_val); + // err_val); // print_vmx_exit_info(); // finalize VMCS fields