新增 MMIO 访问信息结构体及相关函数以处理 EPT 违规

Author: luodeb

src/vmx/vcpu.rs

@@ -1,26 +1,27 @@
 use alloc::collections::VecDeque;
+use axaddrspace::device::AccessWidth;
 use bit_field::BitField;
 use core::fmt::{Debug, Formatter, Result};
 use core::{arch::naked_asm, mem::size_of};
 use raw_cpuid::CpuId;
 use x86::bits64::vmx;
-use x86::controlregs::{Xcr0, xcr0 as xcr0_read, xcr0_write};
+use x86::controlregs::{xcr0 as xcr0_read, xcr0_write, Xcr0};
 use x86::dtables::{self, DescriptorTablePointer};
 use x86::segmentation::SegmentSelector;
 use x86_64::registers::control::{Cr0, Cr0Flags, Cr3, Cr4, Cr4Flags, EferFlags};
 
 use axaddrspace::{GuestPhysAddr, GuestVirtAddr, HostPhysAddr, NestedPageFaultInfo};
-use axerrno::{AxResult, ax_err, ax_err_type};
-use axvcpu::{AccessWidth, AxArchVCpu, AxVCpuExitReason, AxVCpuHal};
+use axerrno::{ax_err, ax_err_type, AxResult};
+use axvcpu::{AxArchVCpu, AxVCpuExitReason, AxVCpuHal};
 
-use super::VmxExitInfo;
 use super::as_axerr;
 use super::definitions::VmxExitReason;
 use super::structs::{IOBitmap, MsrBitmap, VmxRegion};
 use super::vmcs::{
     self, VmcsControl32, VmcsControl64, VmcsControlNW, VmcsGuest16, VmcsGuest32, VmcsGuest64,
     VmcsGuestNW, VmcsHost16, VmcsHost32, VmcsHost64, VmcsHostNW,
 };
+use super::VmxExitInfo;
 use crate::{ept::GuestPageWalkInfo, msr::Msr, regs::GeneralRegisters};
 
 const VMX_PREEMPTION_TIMER_SET_VALUE: u32 = 1_000_000;
@@ -284,6 +285,11 @@ impl<H: AxVCpuHal> VmxVcpu<H> {
         vmcs::exit_info()
     }
 
+    /// MMIO access information.
+    pub fn mmio_access_info(&self) -> AxResult<vmcs::MmioAccessInfo> {
+        vmcs::mmio_access_info()
+    }
+
     /// Raw information for VM Exits Due to Vectored Events, See SDM 25.9.2
     pub fn raw_interrupt_exit_info(&self) -> AxResult<u32> {
         vmcs::raw_interrupt_exit_info()
@@ -953,7 +959,7 @@ impl<H: AxVCpuHal> VmxVcpu<H> {
     }
 
     fn handle_cpuid(&mut self) -> AxResult {
-        use raw_cpuid::{CpuIdResult, cpuid};
+        use raw_cpuid::{cpuid, CpuIdResult};
 
         const VM_EXIT_INSTR_LEN_CPUID: u8 = 2;
         const LEAF_FEATURE_INFO: u32 = 0x1;
@@ -984,7 +990,7 @@ impl<H: AxVCpuHal> VmxVcpu<H> {
                 if regs_clone.rcx == 0 {
                     // Bit 05: WAITPKG.
                     res.ecx.set_bit(5, false); // clear waitpkg
-                    // Bit 16: LA57. Supports 57-bit linear addresses and five-level paging if 1.
+                                               // Bit 16: LA57. Supports 57-bit linear addresses and five-level paging if 1.
                     res.ecx.set_bit(16, false); // clear LA57
                 }
 
@@ -1028,7 +1034,9 @@ impl<H: AxVCpuHal> VmxVcpu<H> {
 
         trace!(
             "VM exit: CPUID({:#x}, {:#x}): {:?}",
-            regs_clone.rax, regs_clone.rcx, res
+            regs_clone.rax,
+            regs_clone.rcx,
+            res
         );
 
         let regs = self.regs_mut();
@@ -1229,6 +1237,50 @@ impl<H: AxVCpuHal> AxArchVCpu for VmxVcpu<H> {
                             }
                         }
                     }
+                    VmxExitReason::EPT_VIOLATION => {
+                        // SDM Vol. 3C, Section 27.2.1, Table 27-7
+                        if let Ok(mmio_info) = self.mmio_access_info() {
+                            if mmio_info.is_read && !mmio_info.is_write {
+                                // MMIO access
+                                self.advance_rip(exit_info.exit_instruction_length as _)?;
+                                error!(
+                                    "VMX unsupported MMIO-Exit: {:#x?} of {:#x?}",
+                                    mmio_info, exit_info
+                                );
+                                error!("VCpu {:#x?}", self);
+                                self.set_gpr(0, 0x1234);
+                                AxVCpuExitReason::Nothing
+                                // AxVCpuExitReason::MmioRead {
+                                //     addr: mmio_info.addr,
+                                //     width: mmio_info.access_width,
+                                //     reg: mmio_info.register.unwrap_or(0) as usize,
+                                //     reg_width: mmio_info.access_width,
+                                // }
+                            } else if mmio_info.is_write && !mmio_info.is_read {
+                                // MMIO access
+                                self.advance_rip(exit_info.exit_instruction_length as _)?;
+                                AxVCpuExitReason::MmioWrite {
+                                    addr: mmio_info.addr,
+                                    width: mmio_info.access_width,
+                                    data: self.regs().get_reg_of_index(
+                                        mmio_info.register.unwrap_or(0) as u8,
+                                    ),
+                                }
+                            }
+                            else {
+                                warn!(
+                                    "VMX unsupported EPT-Exit: {:#x?} of {:#x?}",
+                                    mmio_info, exit_info
+                                );
+                                warn!("VCpu {:#x?}", self);
+                                AxVCpuExitReason::Halt
+                            }
+                        } else {
+                            warn!("VMX unsupported EPT-Exit: {:#x?}", exit_info);
+                            warn!("VCpu {:#x?}", self);
+                            AxVCpuExitReason::Halt
+                        }
+                    }
                     _ => {
                         warn!("VMX unsupported VM-Exit: {:#x?}", exit_info);
                         warn!("VCpu {:#x?}", self);

src/vmx/vmcs.rs

@@ -3,6 +3,9 @@
 #![allow(non_camel_case_types)]
 #![allow(clippy::upper_case_acronyms)]
 
+use core::error;
+
+use axaddrspace::device::AccessWidth;
 use bit_field::BitField;
 use x86::bits64::vmx;
 
@@ -499,6 +502,16 @@ pub struct VmxExitInfo {
     pub guest_rip: usize,
 }
 
+/// MMIO Access Information extracted from EPT violation.
+#[derive(Debug)]
+pub struct MmioAccessInfo {
+    pub addr: GuestPhysAddr,
+    pub access_width: AccessWidth,
+    pub is_read: bool,
+    pub is_write: bool,
+    pub register: Option<u8>,
+}
+
 /// VM-Entry/VM-Exit Interruption-Information Field. (SDM Vol. 3C, Section 24.8.3, 24.9.2)
 #[derive(Debug)]
 pub struct VmxInterruptInfo {
@@ -581,6 +594,71 @@ pub struct CrAccessInfo {
     pub lmsw_source_data: u8,
 }
 
+
+
+/// Decode VM-Exit instruction information to extract access width and register information.
+///
+/// * Optional register number (if applicable)
+pub fn decode_mmio_instruction_info(instruction_info: u32) -> (AccessWidth, Option<u8>) {
+    // SDM Vol. 3C, Section 27.2.1, Table 27-13
+    // Bits 2:0 - Operand size encoding
+    let operand_size = instruction_info.get_bits(0..3);
+    let access_width = match operand_size + 1 {
+        0 => AccessWidth::Word, // 16-bit
+        1 => AccessWidth::Dword, // 32-bit
+        2 => AccessWidth::Qword, // 64-bit
+        3 => AccessWidth::Byte, // 8-bit
+        _ => AccessWidth::Dword, // Default to 32-bit for unknown encodings
+    };
+    
+    // Bits 10:7 
+    error!("Decoding register index from instruction info: {:#x}", instruction_info);
+    let reg_index: u8 = instruction_info.get_bits(7..10) as u8;
+
+    (access_width, Some(reg_index))
+}
+
+/// Extract detailed MMIO access information from EPT violation.
+/// 
+/// This function provides comprehensive information about MMIO device access
+/// that triggered an EPT violation, including the access address, width,
+/// read/write direction, and instruction details.
+/// 
+/// # Returns
+/// * `Ok(MmioAccessInfo)` - Detailed MMIO access information
+/// * `Err(AxError)` - If VMCS read operations fail
+pub fn mmio_access_info() -> AxResult<MmioAccessInfo> {
+    let qualification = VmcsReadOnlyNW::EXIT_QUALIFICATION.read()?;
+    let instruction_info = VmcsReadOnly32::VMEXIT_INSTRUCTION_INFO.read()?;
+    let fault_guest_paddr = VmcsReadOnly64::GUEST_PHYSICAL_ADDR.read()? as usize;
+    let cr0_val = VmcsGuestNW::RIP.read().unwrap();
+    error!("MMIO access info: cr0_val={:#x}", cr0_val);
+    let guest_rax = (cr0_val & 0xffffffff00000000) | 0x1234;
+    // VmcsGuestNW::CR0.write(guest_rax).unwrap(); // Example write to CR0, replace with actual logic
+    // Extract access type from qualification
+    let is_read = true;
+    let is_write = false;
+    // Decode instruction information to get access width and register
+
+    let operand_size = instruction_info.get_bits(0..3);
+    let access_width = match operand_size + 1 {
+        0 => AccessWidth::Word, // 16-bit
+        1 => AccessWidth::Dword, // 32-bit
+        2 => AccessWidth::Qword, // 64-bit
+        3 => AccessWidth::Byte, // 8-bit
+        _ => AccessWidth::Dword, // Default to 32-bit for unknown encodings
+    };
+
+    let addr = GuestPhysAddr::from(fault_guest_paddr);
+
+    Ok(MmioAccessInfo {
+        addr,
+        access_width,
+        is_read,
+        is_write,
+        register: None,
+    })
+}
 pub mod controls {
     pub use x86::vmx::vmcs::control::{EntryControls, ExitControls};
     pub use x86::vmx::vmcs::control::{PinbasedControls, PrimaryControls, SecondaryControls};