feat(vmx): enhance MMIO access information with guest register data

luodeb · luodeb · commit ae9550b16457 · 2025-06-27T21:29:30.000+08:00
- Add new function `mmio_access_info_with_regs` to retrieve detailed MMIO access information
- Include actual data for write operations by using guest general-purpose registers
- Improve `mmio_access_info` function to provide more accurate information
- Update `VmxVcpu` to use the new function for better handling of MMIO accesses
diff --git a/src/vmx/vcpu.rs b/src/vmx/vcpu.rs
@@ -873,6 +873,11 @@ impl<H: AxVCpuHal> VmxVcpu<H> {
         vmcs::mmio_access_info()
     }
 
+    /// MMIO access information with guest register data.
+    pub fn mmio_access_info_with_regs(&self) -> AxResult<vmcs::MmioAccessInfo> {
+        vmcs::mmio_access_info_with_regs(&self.guest_regs)
+    }
+
     /// Try to inject a pending event before next VM entry.
     fn inject_pending_events(&mut self) -> AxResult {
         if let Some(event) = self.pending_events.front() {
@@ -1238,7 +1243,7 @@ impl<H: AxVCpuHal> AxArchVCpu for VmxVcpu<H> {
                     VmxExitReason::EPT_VIOLATION => {
                         self.advance_rip(exit_info.exit_instruction_length as _)?;
                         self.advance_rip(exit_info.exit_instruction_length as _)?;
-                        let mmio_info = self.mmio_access_info();
+                        let mmio_info = self.mmio_access_info_with_regs();
                         error!("VMX EPT Violation: {:#x?} of {:#x?}", mmio_info, exit_info);
                         if let Ok(mmio_info) = mmio_info {
                             if mmio_info.is_read {
diff --git a/src/vmx/vmcs.rs b/src/vmx/vmcs.rs
@@ -786,19 +786,73 @@ pub fn cr_access_info() -> AxResult<CrAccessInfo> {
 }
 
 /// Extract detailed MMIO access information from EPT violation.
-/// 
+///
 /// This function provides comprehensive information about MMIO device access
 /// that triggered an EPT violation, including the access address, width,
 /// read/write direction, and instruction details.
-/// 
+///
 /// # Returns
 /// * `Ok(MmioAccessInfo)` - Detailed MMIO access information
 /// * `Err(AxError)` - If VMCS read operations fail
 pub fn mmio_access_info() -> AxResult<MmioAccessInfo> {
     let qualification = VmcsReadOnlyNW::EXIT_QUALIFICATION.read()?;
     let instruction_info = VmcsReadOnly32::VMEXIT_INSTRUCTION_INFO.read()?;
     let fault_guest_paddr = VmcsReadOnly64::GUEST_PHYSICAL_ADDR.read()? as usize;
-    // VmcsGuestNW::CR0.write(guest_rax).unwrap(); // Example write to CR0, replace with actual logic
+
+    // Extract access type from qualification
+    error!("qualification: {:#x}", qualification);
+    let is_read = qualification.get_bit(0);
+    // Access type is determined by the second bit in the qualification
+    let is_write = qualification.get_bit(1);
+    // Decode instruction information to get access width and register
+
+    let operand_size = instruction_info.get_bits(0..3);
+    let access_width = match operand_size + 1 {
+        0 => AccessWidth::Word, // 16-bit
+        1 => AccessWidth::Dword, // 32-bit
+        2 => AccessWidth::Qword, // 64-bit
+        3 => AccessWidth::Byte, // 8-bit
+        _ => AccessWidth::Dword, // Default to 32-bit for unknown encodings
+    };
+
+    let addr = GuestPhysAddr::from(fault_guest_paddr);
+    let reg_index: u8 = instruction_info.get_bits(7..10) as u8;
+
+    // For write operations, we need to get the data from guest registers
+    // This will be set by the caller who has access to guest registers
+    let data = if is_write {
+        Some(0 as u64) // Placeholder - will be filled by caller
+    } else {
+        None
+    };
+
+    Ok(MmioAccessInfo {
+        addr,
+        access_width,
+        is_read,
+        is_write,
+        register: reg_index,
+        data,
+    })
+}
+
+/// Extract detailed MMIO access information from EPT violation with guest register data.
+///
+/// This function provides comprehensive information about MMIO device access
+/// that triggered an EPT violation, including the access address, width,
+/// read/write direction, instruction details, and actual data for write operations.
+///
+/// # Arguments
+/// * `guest_regs` - Reference to guest general-purpose registers
+///
+/// # Returns
+/// * `Ok(MmioAccessInfo)` - Detailed MMIO access information with actual data
+/// * `Err(AxError)` - If VMCS read operations fail
+pub fn mmio_access_info_with_regs(guest_regs: &crate::regs::GeneralRegisters) -> AxResult<MmioAccessInfo> {
+    let qualification = VmcsReadOnlyNW::EXIT_QUALIFICATION.read()?;
+    let instruction_info = VmcsReadOnly32::VMEXIT_INSTRUCTION_INFO.read()?;
+    let fault_guest_paddr = VmcsReadOnly64::GUEST_PHYSICAL_ADDR.read()? as usize;
+
     // Extract access type from qualification
     error!("qualification: {:#x}", qualification);
     let is_read = qualification.get_bit(0);
@@ -818,8 +872,20 @@ pub fn mmio_access_info() -> AxResult<MmioAccessInfo> {
     let addr = GuestPhysAddr::from(fault_guest_paddr);
     let reg_index: u8 = instruction_info.get_bits(7..10) as u8;
 
+    // For write operations, get the actual data from the guest register
     let data = if is_write {
-        Some(0 as u64)
+        // Get the full register value
+        let reg_value = guest_regs.get_reg_of_index(reg_index);
+
+        // Mask the value based on access width to get only the relevant bits
+        let masked_value = match access_width {
+            AccessWidth::Byte => reg_value & 0xFF,
+            AccessWidth::Word => reg_value & 0xFFFF,
+            AccessWidth::Dword => reg_value & 0xFFFFFFFF,
+            AccessWidth::Qword => reg_value,
+        };
+
+        Some(masked_value)
     } else {
         None
     };
