x86

Author: luodeb

src/vmx/vcpu.rs

@@ -1,4 +1,5 @@
 use alloc::collections::VecDeque;
+use axaddrspace::device::AccessWidth;
 use bit_field::BitField;
 use core::fmt::{Debug, Formatter, Result};
 use core::{arch::naked_asm, mem::size_of};
@@ -11,7 +12,7 @@ use x86_64::registers::control::{Cr0, Cr0Flags, Cr3, Cr4, Cr4Flags, EferFlags};
 
 use axaddrspace::{GuestPhysAddr, GuestVirtAddr, HostPhysAddr, NestedPageFaultInfo};
 use axerrno::{AxResult, ax_err, ax_err_type};
-use axvcpu::{AccessWidth, AxArchVCpu, AxVCpuExitReason, AxVCpuHal};
+use axvcpu::{AxArchVCpu, AxVCpuExitReason, AxVCpuHal};
 
 use super::VmxExitInfo;
 use super::as_axerr;
@@ -21,6 +22,7 @@ use super::vmcs::{
     self, VmcsControl32, VmcsControl64, VmcsControlNW, VmcsGuest16, VmcsGuest32, VmcsGuest64,
     VmcsGuestNW, VmcsHost16, VmcsHost32, VmcsHost64, VmcsHostNW,
 };
+use crate::vmx::vmcs::VmcsReadOnly64;
 use crate::{ept::GuestPageWalkInfo, msr::Msr, regs::GeneralRegisters};
 
 const VMX_PREEMPTION_TIMER_SET_VALUE: u32 = 1_000_000;
@@ -866,6 +868,10 @@ impl<H: AxVCpuHal> VmxVcpu<H> {
         rflags as u64 & x86_64::registers::rflags::RFlags::INTERRUPT_FLAG.bits() != 0
             && block_state == 0
     }
+    /// MMIO access information.
+    pub fn mmio_access_info(&self) -> AxResult<vmcs::MmioAccessInfo> {
+        vmcs::mmio_access_info()
+    }
 
     /// Try to inject a pending event before next VM entry.
     fn inject_pending_events(&mut self) -> AxResult {
@@ -1229,6 +1235,31 @@ impl<H: AxVCpuHal> AxArchVCpu for VmxVcpu<H> {
                             }
                         }
                     }
+                    VmxExitReason::EPT_VIOLATION => {
+                        self.advance_rip(exit_info.exit_instruction_length as _)?;
+                        self.advance_rip(exit_info.exit_instruction_length as _)?;
+                        let mmio_info = self.mmio_access_info();
+                        error!("VMX EPT Violation: {:#x?} of {:#x?}", mmio_info, exit_info);
+                        if let Ok(mmio_info) = mmio_info {
+                            if mmio_info.is_read {
+                                self.set_gpr(0, 0x74726976);
+                            } else {
+                                if let Some(data) = mmio_info.data {
+                                    error!("Data write {:#x}", data);
+                                } else {
+                                    error!("Data write None");
+                                }
+                            }
+                        };
+
+                        AxVCpuExitReason::Nothing
+                        // AxVCpuExitReason::MmioRead {
+                        //             addr: mmio_info.addr,
+                        //             width: mmio_info.access_width,
+                        //             reg: mmio_info.register as usize,
+                        //             reg_width: mmio_info.access_width,
+                        // }
+                    }
                     _ => {
                         warn!("VMX unsupported VM-Exit: {:#x?}", exit_info);
                         warn!("VCpu {:#x?}", self);

src/vmx/vmcs.rs

@@ -3,6 +3,7 @@
 #![allow(non_camel_case_types)]
 #![allow(clippy::upper_case_acronyms)]
 
+use axaddrspace::device::AccessWidth;
 use bit_field::BitField;
 use x86::bits64::vmx;
 
@@ -512,6 +513,17 @@ pub struct VmxInterruptInfo {
     pub valid: bool,
 }
 
+ /// MMIO Access Information extracted from EPT violation.
+#[derive(Debug)]
+pub struct MmioAccessInfo {
+    pub addr: GuestPhysAddr,
+    pub access_width: AccessWidth,
+    pub is_read: bool,
+    pub is_write: bool,
+    pub register: u8,
+    pub data: Option<u64>,
+}
+
 impl VmxInterruptInfo {
     /// Convert from the interrupt vector and the error code.
     pub fn from(vector: u8, err_code: Option<u32>) -> Self {
@@ -772,3 +784,52 @@ pub fn cr_access_info() -> AxResult<CrAccessInfo> {
         lmsw_source_data: qualification.get_bits(16..32) as u8,
     })
 }
+
+/// Extract detailed MMIO access information from EPT violation.
+/// 
+/// This function provides comprehensive information about MMIO device access
+/// that triggered an EPT violation, including the access address, width,
+/// read/write direction, and instruction details.
+/// 
+/// # Returns
+/// * `Ok(MmioAccessInfo)` - Detailed MMIO access information
+/// * `Err(AxError)` - If VMCS read operations fail
+pub fn mmio_access_info() -> AxResult<MmioAccessInfo> {
+    let qualification = VmcsReadOnlyNW::EXIT_QUALIFICATION.read()?;
+    let instruction_info = VmcsReadOnly32::VMEXIT_INSTRUCTION_INFO.read()?;
+    let fault_guest_paddr = VmcsReadOnly64::GUEST_PHYSICAL_ADDR.read()? as usize;
+    // VmcsGuestNW::CR0.write(guest_rax).unwrap(); // Example write to CR0, replace with actual logic
+    // Extract access type from qualification
+    error!("qualification: {:#x}", qualification);
+    let is_read = qualification.get_bit(0);
+    // Access type is determined by the second bit in the qualification
+    let is_write = qualification.get_bit(1);
+    // Decode instruction information to get access width and register
+
+    let operand_size = instruction_info.get_bits(0..3);
+    let access_width = match operand_size + 1 {
+        0 => AccessWidth::Word, // 16-bit
+        1 => AccessWidth::Dword, // 32-bit
+        2 => AccessWidth::Qword, // 64-bit
+        3 => AccessWidth::Byte, // 8-bit
+        _ => AccessWidth::Dword, // Default to 32-bit for unknown encodings
+    };
+
+    let addr = GuestPhysAddr::from(fault_guest_paddr);
+    let reg_index: u8 = instruction_info.get_bits(7..10) as u8;
+
+    let data = if is_write {
+        Some(0 as u64)
+    } else {
+        None
+    };
+
+    Ok(MmioAccessInfo {
+        addr,
+        access_width,
+        is_read,
+        is_write,
+        register: reg_index,
+        data,
+    })
+}