iori-yja · October 19, 2019 16:22
diff --git a/bypass_mmio.diff b/bypass_mmio.diff
 ? diff
 Index: sys/arch/amd64/amd64/vmm.c
 ===================================================================
 RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
 retrieving revision 1.254
 diff -u -p -r1.254 vmm.c
 --- sys/arch/amd64/amd64/vmm.c	22 Sep 2019 08:47:54 -0000	1.254
 +++ sys/arch/amd64/amd64/vmm.c	19 Oct 2019 15:38:42 -0000
 @@ -168,6 +168,7 @@ int vmx_handle_cr4_write(struct vcpu *, 
 int vmx_handle_cr(struct vcpu *);
 int svm_handle_inout(struct vcpu *);
 int vmx_handle_inout(struct vcpu *);
 +int vmx_handle_mmio(struct vcpu *);
 int svm_handle_hlt(struct vcpu *);
 int vmx_handle_hlt(struct vcpu *);
 int vmm_inject_ud(struct vcpu *);
 @@ -4885,6 +4886,9 @@ vmx_handle_exit(struct vcpu *vcpu)
 		break;
 	case VMX_EXIT_EPT_VIOLATION:
 		ret = vmx_handle_np_fault(vcpu);
 +		if (ret == EAGAIN) { /* XXX: mmio */
 +			update_rip = 1;
 +		}
 		break;
 	case VMX_EXIT_CPUID:
 		ret = vmm_handle_cpuid(vcpu);
 @@ -5065,7 +5069,7 @@ vmm_get_guest_memtype(struct vm *vm, pad
 
 	if (gpa >= VMM_PCI_MMIO_BAR_BASE && gpa <= VMM_PCI_MMIO_BAR_END) {
 		DPRINTF("guest mmio access @ 0x%llx\n", (uint64_t)gpa);
 -		return (VMM_MEM_TYPE_REGULAR);
 +		return (VMM_MEM_TYPE_MMIO);
 	}
 
 	/* XXX Use binary search? */
 @@ -5263,6 +5267,11 @@ vmx_handle_np_fault(struct vcpu *vcpu)
 	case VMM_MEM_TYPE_REGULAR:
 		ret = vmx_fault_page(vcpu, gpa);
 		break;
 +	case VMM_MEM_TYPE_MMIO: /* XXX: wip */
 +		printf("mmio %d for GPA 0x%llx\n",
 +		    gpa_memtype, gpa);
 +		ret = vmx_handle_mmio(vcpu);
 +		break;
 	default:
 		printf("unknown memory type %d for GPA 0x%llx\n",
 		    gpa_memtype, gpa);
 @@ -5564,6 +5573,52 @@ vmx_handle_inout(struct vcpu *vcpu)
 	}
 
 	return (ret);
 +}
 +
 +/*
 + * vmx_handle_mmio
 + *
 + * Exit handler for memory accesses to PCI MMIO region.
 + *
 + * Currently, this simply ignore and skip the instruction.
 + */
 +int
 +vmx_handle_mmio(struct vcpu *vcpu)
 +{
 +	uint64_t insn_length, exit_qual;
 +	// paddr_t insn_hpa, insn_gpa;
 +
 +	/* skip this mmio access */
 +	if (vmread(VMCS_INSTRUCTION_LENGTH, &insn_length)) {
 +		printf("%s: can't obtain instruction length\n", __func__);
 +		return (EINVAL);
 +	}
 +
 +	if (vmx_get_exit_qualification(&exit_qual)) {
 +		printf("%s: can't get exit qual\n", __func__);
 +		return (EINVAL);
 +	}
 +
 +	// insn_gpa = vcpu->vc_gueststate.vg_rip;
 +
 +	/* XXX
 +	if (!pmap_extract(vcpu->vc_parent->vm_map->pmap, insn_gpa, &insn_hpa)) {
 +		DPRINTF("%s: nonmapped guest rip %lx\n", __func__, insn_gpa);
 +		return (EINVAL);
 +	}
 +
 +
 +	printf("mmio hello:\n\tinstn: %4x %4x %4x %4x\n\tlength: %lld\n",
 +			*(((uint16_t*) insn_gpa)),
 +			*(((uint16_t*) insn_gpa) + 1),
 +			*(((uint16_t*) insn_gpa) + 2),
 +			*(((uint16_t*) insn_gpa) + 3),
 +			insn_length);
 +	*/
 +
 +	vcpu->vc_gueststate.vg_rip += insn_length;
 +
 +	return (EAGAIN);
 }
 
 /*
	? diff
	Index: sys/arch/amd64/amd64/vmm.c
	===================================================================
	RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
	retrieving revision 1.254
	diff -u -p -r1.254 vmm.c
	--- sys/arch/amd64/amd64/vmm.c 22 Sep 2019 08:47:54 -0000 1.254
	+++ sys/arch/amd64/amd64/vmm.c 19 Oct 2019 15:38:42 -0000
	@@ -168,6 +168,7 @@ int vmx_handle_cr4_write(struct vcpu *,
	int vmx_handle_cr(struct vcpu *);
	int svm_handle_inout(struct vcpu *);
	int vmx_handle_inout(struct vcpu *);
	+int vmx_handle_mmio(struct vcpu *);
	int svm_handle_hlt(struct vcpu *);
	int vmx_handle_hlt(struct vcpu *);
	int vmm_inject_ud(struct vcpu *);
	@@ -4885,6 +4886,9 @@ vmx_handle_exit(struct vcpu *vcpu)
	break;
	case VMX_EXIT_EPT_VIOLATION:
	ret = vmx_handle_np_fault(vcpu);
	+ if (ret == EAGAIN) { /* XXX: mmio */
	+ update_rip = 1;
	+ }
	break;
	case VMX_EXIT_CPUID:
	ret = vmm_handle_cpuid(vcpu);
	@@ -5065,7 +5069,7 @@ vmm_get_guest_memtype(struct vm *vm, pad

	if (gpa >= VMM_PCI_MMIO_BAR_BASE && gpa <= VMM_PCI_MMIO_BAR_END) {
	DPRINTF("guest mmio access @ 0x%llx\n", (uint64_t)gpa);
	- return (VMM_MEM_TYPE_REGULAR);
	+ return (VMM_MEM_TYPE_MMIO);
	}

	/* XXX Use binary search? */
	@@ -5263,6 +5267,11 @@ vmx_handle_np_fault(struct vcpu *vcpu)
	case VMM_MEM_TYPE_REGULAR:
	ret = vmx_fault_page(vcpu, gpa);
	break;
	+ case VMM_MEM_TYPE_MMIO: /* XXX: wip */
	+ printf("mmio %d for GPA 0x%llx\n",
	+ gpa_memtype, gpa);
	+ ret = vmx_handle_mmio(vcpu);
	+ break;
	default:
	printf("unknown memory type %d for GPA 0x%llx\n",
	gpa_memtype, gpa);
	@@ -5564,6 +5573,52 @@ vmx_handle_inout(struct vcpu *vcpu)
	}

	return (ret);
	+}
	+
	+/*
	+ * vmx_handle_mmio
	+ *
	+ * Exit handler for memory accesses to PCI MMIO region.
	+ *
	+ * Currently, this simply ignore and skip the instruction.
	+ */
	+int
	+vmx_handle_mmio(struct vcpu *vcpu)
	+{
	+ uint64_t insn_length, exit_qual;
	+ // paddr_t insn_hpa, insn_gpa;
	+
	+ /* skip this mmio access */
	+ if (vmread(VMCS_INSTRUCTION_LENGTH, &insn_length)) {
	+ printf("%s: can't obtain instruction length\n", __func__);
	+ return (EINVAL);
	+ }
	+
	+ if (vmx_get_exit_qualification(&exit_qual)) {
	+ printf("%s: can't get exit qual\n", __func__);
	+ return (EINVAL);
	+ }
	+
	+ // insn_gpa = vcpu->vc_gueststate.vg_rip;
	+
	+ /* XXX
	+ if (!pmap_extract(vcpu->vc_parent->vm_map->pmap, insn_gpa, &insn_hpa)) {
	+ DPRINTF("%s: nonmapped guest rip %lx\n", __func__, insn_gpa);
	+ return (EINVAL);
	+ }
	+
	+
	+ printf("mmio hello:\n\tinstn: %4x %4x %4x %4x\n\tlength: %lld\n",
	+ (((uint16_t) insn_gpa)),
	+ (((uint16_t) insn_gpa) + 1),
	+ (((uint16_t) insn_gpa) + 2),
	+ (((uint16_t) insn_gpa) + 3),
	+ insn_length);
	+ */
	+
	+ vcpu->vc_gueststate.vg_rip += insn_length;
	+
	+ return (EAGAIN);
	}

	/*