iori-yja/bypass_mmio.diff

## bypass_mmio.diff
? diff
Index: sys/arch/amd64/amd64/vmm.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
retrieving revision 1.254
diff -u -p -r1.254 vmm.c
--- sys/arch/amd64/amd64/vmm.c	22 Sep 2019 08:47:54 -0000	1.254
+++ sys/arch/amd64/amd64/vmm.c	19 Oct 2019 15:38:42 -0000
@@ -168,6 +168,7 @@ int vmx_handle_cr4_write(struct vcpu *,
 int vmx_handle_cr(struct vcpu *);
 int svm_handle_inout(struct vcpu *);
 int vmx_handle_inout(struct vcpu *);
+int vmx_handle_mmio(struct vcpu *);
 int svm_handle_hlt(struct vcpu *);
 int vmx_handle_hlt(struct vcpu *);
 int vmm_inject_ud(struct vcpu *);
@@ -4885,6 +4886,9 @@ vmx_handle_exit(struct vcpu *vcpu)
 		break;
 	case VMX_EXIT_EPT_VIOLATION:
 		ret = vmx_handle_np_fault(vcpu);
+		if (ret == EAGAIN) { /* XXX: mmio */
+			update_rip = 1;
+		}
 		break;
 	case VMX_EXIT_CPUID:
 		ret = vmm_handle_cpuid(vcpu);
@@ -5065,7 +5069,7 @@ vmm_get_guest_memtype(struct vm *vm, pad

 	if (gpa >= VMM_PCI_MMIO_BAR_BASE && gpa <= VMM_PCI_MMIO_BAR_END) {
 		DPRINTF("guest mmio access @ 0x%llx\n", (uint64_t)gpa);
-		return (VMM_MEM_TYPE_REGULAR);
+		return (VMM_MEM_TYPE_MMIO);
 	}

 	/* XXX Use binary search? */
@@ -5263,6 +5267,11 @@ vmx_handle_np_fault(struct vcpu *vcpu)
 	case VMM_MEM_TYPE_REGULAR:
 		ret = vmx_fault_page(vcpu, gpa);
 		break;
+	case VMM_MEM_TYPE_MMIO: /* XXX: wip */
+		printf("mmio %d for GPA 0x%llx\n",
+		    gpa_memtype, gpa);
+		ret = vmx_handle_mmio(vcpu);
+		break;
 	default:
 		printf("unknown memory type %d for GPA 0x%llx\n",
 		    gpa_memtype, gpa);
@@ -5564,6 +5573,52 @@ vmx_handle_inout(struct vcpu *vcpu)
 	}

 	return (ret);
+}
+
+/*
+ * vmx_handle_mmio
+ *
+ * Exit handler for memory accesses to PCI MMIO region.
+ *
+ * Currently, this simply ignore and skip the instruction.
+ */
+int
+vmx_handle_mmio(struct vcpu *vcpu)
+{
+	uint64_t insn_length, exit_qual;
+	// paddr_t insn_hpa, insn_gpa;
+
+	/* skip this mmio access */
+	if (vmread(VMCS_INSTRUCTION_LENGTH, &insn_length)) {
+		printf("%s: can't obtain instruction length\n", __func__);
+		return (EINVAL);
+	}
+
+	if (vmx_get_exit_qualification(&exit_qual)) {
+		printf("%s: can't get exit qual\n", __func__);
+		return (EINVAL);
+	}
+
+	// insn_gpa = vcpu->vc_gueststate.vg_rip;
+
+	/* XXX
+	if (!pmap_extract(vcpu->vc_parent->vm_map->pmap, insn_gpa, &insn_hpa)) {
+		DPRINTF("%s: nonmapped guest rip %lx\n", __func__, insn_gpa);
+		return (EINVAL);
+	}
+
+
+	printf("mmio hello:\n\tinstn: %4x %4x %4x %4x\n\tlength: %lld\n",
+			*(((uint16_t*) insn_gpa)),
+			*(((uint16_t*) insn_gpa) + 1),
+			*(((uint16_t*) insn_gpa) + 2),
+			*(((uint16_t*) insn_gpa) + 3),
+			insn_length);
+	*/
+
+	vcpu->vc_gueststate.vg_rip += insn_length;
+
+	return (EAGAIN);
 }

 /*
	? diff
	Index: sys/arch/amd64/amd64/vmm.c
	===================================================================
	RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
	retrieving revision 1.254
	diff -u -p -r1.254 vmm.c
	--- sys/arch/amd64/amd64/vmm.c 22 Sep 2019 08:47:54 -0000 1.254
	+++ sys/arch/amd64/amd64/vmm.c 19 Oct 2019 15:38:42 -0000
	@@ -168,6 +168,7 @@ int vmx_handle_cr4_write(struct vcpu *,
	int vmx_handle_cr(struct vcpu *);
	int svm_handle_inout(struct vcpu *);
	int vmx_handle_inout(struct vcpu *);
	+int vmx_handle_mmio(struct vcpu *);
	int svm_handle_hlt(struct vcpu *);
	int vmx_handle_hlt(struct vcpu *);
	int vmm_inject_ud(struct vcpu *);
	@@ -4885,6 +4886,9 @@ vmx_handle_exit(struct vcpu *vcpu)
	break;
	case VMX_EXIT_EPT_VIOLATION:
	ret = vmx_handle_np_fault(vcpu);
	+ if (ret == EAGAIN) { /* XXX: mmio */
	+ update_rip = 1;
	+ }
	break;
	case VMX_EXIT_CPUID:
	ret = vmm_handle_cpuid(vcpu);
	@@ -5065,7 +5069,7 @@ vmm_get_guest_memtype(struct vm *vm, pad

	if (gpa >= VMM_PCI_MMIO_BAR_BASE && gpa <= VMM_PCI_MMIO_BAR_END) {
	DPRINTF("guest mmio access @ 0x%llx\n", (uint64_t)gpa);
	- return (VMM_MEM_TYPE_REGULAR);
	+ return (VMM_MEM_TYPE_MMIO);
	}

	/* XXX Use binary search? */
	@@ -5263,6 +5267,11 @@ vmx_handle_np_fault(struct vcpu *vcpu)
	case VMM_MEM_TYPE_REGULAR:
	ret = vmx_fault_page(vcpu, gpa);
	break;
	+ case VMM_MEM_TYPE_MMIO: /* XXX: wip */
	+ printf("mmio %d for GPA 0x%llx\n",
	+ gpa_memtype, gpa);
	+ ret = vmx_handle_mmio(vcpu);
	+ break;
	default:
	printf("unknown memory type %d for GPA 0x%llx\n",
	gpa_memtype, gpa);
	@@ -5564,6 +5573,52 @@ vmx_handle_inout(struct vcpu *vcpu)
	}

	return (ret);
	+}
	+
	+/*
	+ * vmx_handle_mmio
	+ *
	+ * Exit handler for memory accesses to PCI MMIO region.
	+ *
	+ * Currently, this simply ignore and skip the instruction.
	+ */
	+int
	+vmx_handle_mmio(struct vcpu *vcpu)
	+{
	+ uint64_t insn_length, exit_qual;
	+ // paddr_t insn_hpa, insn_gpa;
	+
	+ /* skip this mmio access */
	+ if (vmread(VMCS_INSTRUCTION_LENGTH, &insn_length)) {
	+ printf("%s: can't obtain instruction length\n", __func__);
	+ return (EINVAL);
	+ }
	+
	+ if (vmx_get_exit_qualification(&exit_qual)) {
	+ printf("%s: can't get exit qual\n", __func__);
	+ return (EINVAL);
	+ }
	+
	+ // insn_gpa = vcpu->vc_gueststate.vg_rip;
	+
	+ /* XXX
	+ if (!pmap_extract(vcpu->vc_parent->vm_map->pmap, insn_gpa, &insn_hpa)) {
	+ DPRINTF("%s: nonmapped guest rip %lx\n", __func__, insn_gpa);
	+ return (EINVAL);
	+ }
	+
	+
	+ printf("mmio hello:\n\tinstn: %4x %4x %4x %4x\n\tlength: %lld\n",
	+ (((uint16_t) insn_gpa)),
	+ (((uint16_t) insn_gpa) + 1),
	+ (((uint16_t) insn_gpa) + 2),
	+ (((uint16_t) insn_gpa) + 3),
	+ insn_length);
	+ */
	+
	+ vcpu->vc_gueststate.vg_rip += insn_length;
	+
	+ return (EAGAIN);
	}

	/*