hv: nested: check prerequisites to enter VMX operation

According to VMXON Instruction Reference, do the following checks in the virtual hardware environment: vCPU CPL, guest CR0, CR4, revision ID in VMXON region, etc. Currently ACRN doesn't support 32-bit L1 hypervisor, and injects an #UD exception if L1 hypervisor is not running in 64-bit mode. Tracked-On: #5923 Signed-off-by: Zide Chen <zide.chen@intel.com> Acked-by: Eddie Dong <eddie.dong@Intel.com>
2025-09-22 17:27:53 +00:00 · 2021-05-10 19:30:29 -07:00
parent fc8f07e740
commit 3fdad3c6d1
3 changed files with 207 additions and 4 deletions
--- a/hypervisor/include/arch/x86/asm/cpu.h
+++ b/hypervisor/include/arch/x86/asm/cpu.h
@@ -138,6 +138,7 @@
 #define RFLAGS_Z (1U<<6U)
 #define RFLAGS_S (1U<<7U)
 #define RFLAGS_O (1U<<11U)
+#define RFLAGS_VM (1U<<17U)
 #define RFLAGS_AC (1U<<18U)

 /* CPU clock frequencies (FSB) */
--- a/hypervisor/include/arch/x86/asm/guest/nested.h
+++ b/hypervisor/include/arch/x86/asm/guest/nested.h
@@ -45,6 +45,30 @@ union value_64 {
 	MSR_IA32_VMX_VMFUNC,			\
 	MSR_IA32_VMX_PROCBASED_CTLS3

+/*
+ * VM-Exit Instruction-Information Field
+ *
+ * ISDM Vol 3C Table 27-9: INVEPT, INVPCID, INVVPID
+ * ISDM Vol 3C Table 27-13: VMCLEAR, VMPTRLD, VMPTRST, VMXON, XRSTORS, and XSAVES.
+ * ISDM Vol 3C Table 27-14: VMREAD and VMWRITE
+ *
+ * Either Table 27-9 or Table 27-13 is a subset of Table 27-14, so we are able to
+ * define the following macros to be used for the above mentioned instructions.
+ */
+#define VMX_II_SCALING(v)			(((v) >> 0U) & 0x3U)
+#define VMX_II_REG1(v)				(((v) >> 3U) & 0xfU)
+#define VMX_II_ADDR_SIZE(v)			(((v) >> 7U) & 0x7U)
+#define VMX_II_IS_REG(v)			(((v) >> 10U) & 0x1U)
+#define VMX_II_SEG_REG(v)			(((v) >> 15U) & 0x7U)
+#define VMX_II_IDX_REG(v)			(((v) >> 18U) & 0xfU)
+#define VMX_II_IDX_REG_VALID(v)			((((v) >> 22U) & 0x1U) == 0U)
+#define VMX_II_BASE_REG(v)			(((v) >> 23U) & 0xfU)
+#define VMX_II_BASE_REG_VALID(v)		((((v) >> 27U) & 0x1U) == 0U)
+#define VMX_II_REG2(v)				(((v) >> 28U) & 0xfU)
+
+/* refer to ISDM: Table 30-1. VM-Instruction Error Numbers */
+#define VMXERR_VMXON_IN_VMX_ROOT_OPERATION	(15)
+
 /*
 * This VMCS12 revision id is chosen arbitrarily.
 * The emulated MSR_IA32_VMX_BASIC returns this ID in bits 30:0.
@@ -61,6 +85,7 @@ int32_t vmxon_vmexit_handler(struct acrn_vcpu *vcpu);

 #ifdef CONFIG_NVMX_ENABLED
 struct acrn_nested {
+	uint64_t vmxon_ptr;		/* GPA */
 	bool vmxon;		/* To indicate if vCPU entered VMX operation */
 } __aligned(PAGE_SIZE);